Microsoft (R) Windows Debugger Version 10.0.15063.137 X86
Copyright (c) Microsoft Corporation. All rights reserved.
Opened \\.\pipe\com_1
Waiting to reconnect...
Connected to Windows XP 2600 x86 compatible target at (Tue Dec 26 17:16:04.644 2017 (UTC - 5:00)), ptr64 FALSE
Kernel Debugger connection established.
Symbol search path is: srv*
Executable search path is:
Windows XP Kernel Version 2600 MP (1 procs) Free x86 compatible
Built by: 2600.xpsp.080413-2111
Machine Name:
Kernel base = 0x804d7000 PsLoadedModuleList = 0x8055d720
System Uptime: not available
************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*
Deferred srv*c:\symbols*https://msdl.microsoft.com/download/symbols
OK C:\Projects\hookidt\test\Debug
************* Symbol Path validation summary **************
Response Time (ms) Location
OK C:\Projects\hookidt\test\Src
nt!DebugService2+0x10:
80531eb2 cc int 3
kd> g
ERROR: DavReadRegistryValues/RegQueryValueExW(4). WStatus = 5
ERROR: DavReadRegistryValues/RegQueryValueExW(5). WStatus = 5
ERROR: DavReadRegistryValues/RegQueryValueExW(6). WStatus = 5
watchdog!WdUpdateRecoveryState: Recovery enabled.
Start hooking...
[HookCPU]
IDT: 0x8003F400, originalIDT2eISR: 0x805444A8
Processor[1] is hooked, dwProcAddress: 0xEE6FA690
IDT: 0xF7881590, originalIDT2eISR: 0x805444A8
Processor[2] is hooked, dwProcAddress: 0xEE6FA690
Hook is done.
HookKiSystemCallExit2
testxxxintersendmsgex_test.exe, 0x6d40340
testxxxintersendmsgex_sleep100.exe, 0x6d40360
KeQueryActiveProcessors: 3
CPU 0
In DoStartVMX, Processor 0
VMXON Region Size 0x0
VMXON Access Width Bit 0x0
[ 1] --> 32-bit
[ 0] --> 64-bit
VMXON Memory Type 0x6
[ 0] --> Strong Uncacheable
[ 1-5] --> Unused
[ 6] --> Write Back
[7-15] --> Unused
SUCCESS: VMXON operation completed.
VMM is now running on processor 0.
GUEST_ES_SELECTOR 0x20
GUEST_CS_SELECTOR 0x8
GUEST_SS_SELECTOR 0x10
GUEST_DS_SELECTOR 0x20
GUEST_FS_SELECTOR 0x30
GUEST_GS_SELECTOR 0x0
GUEST_LDTR_SELECTOR 0x0
GUEST_TR_SELECTOR 0x28
HOST_ES_SELECTOR 0x20
HOST_CS_SELECTOR 0x8
HOST_SS_SELECTOR 0x10
HOST_DS_SELECTOR 0x20
HOST_FS_SELECTOR 0x30
HOST_GS_SELECTOR 0x0
HOST_TR_SELECTOR 0x28
CPU_BASED_VM_EXEC_CONTROL 0x401e372
PIN_BASED_VM_EXEC_CONTROL 0x16
VM_EXIT_CONTROLS 0x3edff
GUEST_ES_LIMIT 0xffffffff
GUEST_CS_LIMIT 0xffffffff
GUEST_SS_LIMIT 0xffffffff
GUEST_DS_LIMIT 0xffffffff
GUEST_FS_LIMIT 0x1fff
GUEST_GS_LIMIT 0x0
GUEST_LDTR_LIMIT 0x0
GUEST_TR_LIMIT 0x20ab
GUEST_GDTR_LIMIT 0x3ff
GUEST_IDTR_LIMIT 0x7ff
GUEST_ES_AR_BYTES 0xc0f3
GUEST_CS_AR_BYTES 0xc09b
GUEST_SS_AR_BYTES 0xc093
GUEST_DS_AR_BYTES 0xc0f3
GUEST_FS_AR_BYTES 0xc093
GUEST_GS_AR_BYTES 0x10000
GUEST_TR_AR_BYTES 0x8b
GUEST_LDTR_AR_BYTES 0x10000
GUEST_CR0 0x8001003b
GUEST_CR3 0x6d40020
GUEST_CR4 0x26f9
GUEST_CS_BASE 0x0
GUEST_SS_BASE 0x0
GUEST_DS_BASE 0x0
GUEST_ES_BASE 0x0
GUEST_FS_BASE 0xffdff000
GUEST_GS_BASE 0x0
GUEST_LDTR_BASE 0x0
GUEST_TR_BASE 0x80042000
GUEST_GDTR_BASE 0x8003f000
GUEST_IDTR_BASE 0x8003f400
GUEST_RSP 0xf7a40c20
GUEST_RIP 0xf79d8b0d
GUEST_RFLAGS 0x200202
GUEST_SYSENTER_ESP 0xf7a15000
GUEST_SYSENTER_EIP 0x80541520
GUEST_SYSENTER_CS 0x8
HOST_CR0 0x8001003b
HOST_CR3 0x6d40020
HOST_CR4 0x26f9
HOST_FS_BASE 0xffdff000
HOST_GS_BASE 0x0
HOST_TR_BASE 0x80042000, selector 0x28
HOST_GDTR_BASE 0x8003f000
HOST_IDTR_BASE 0x8003f400
CPU 1
In DoStartVMX, Processor 1
VMXON Region Size 0x0
VMXON Access Width Bit 0x0
[ 1] --> 32-bit
[ 0] --> 64-bit
VMXON Memory Type 0x6
[ 0] --> Strong Uncacheable
[ 1-5] --> Unused
[ 6] --> Write Back
[7-15] --> Unused
SUCCESS: VMXON operation completed.
VMM is now running on processor 1.
GUEST_ES_SELECTOR 0x20
GUEST_CS_SELECTOR 0x8
GUEST_SS_SELECTOR 0x10
GUEST_DS_SELECTOR 0x20
GUEST_FS_SELECTOR 0x30
GUEST_GS_SELECTOR 0x0
GUEST_LDTR_SELECTOR 0x0
GUEST_TR_SELECTOR 0x28
HOST_ES_SELECTOR 0x20
HOST_CS_SELECTOR 0x8
HOST_SS_SELECTOR 0x10
HOST_DS_SELECTOR 0x20
HOST_FS_SELECTOR 0x30
HOST_GS_SELECTOR 0x0
HOST_TR_SELECTOR 0x28
CPU_BASED_VM_EXEC_CONTROL 0x401e372
PIN_BASED_VM_EXEC_CONTROL 0x16
VM_EXIT_CONTROLS 0x3edff
GUEST_ES_LIMIT 0xffffffff
GUEST_CS_LIMIT 0xffffffff
GUEST_SS_LIMIT 0xffffffff
GUEST_DS_LIMIT 0xffffffff
GUEST_FS_LIMIT 0x1fff
GUEST_GS_LIMIT 0x0
GUEST_LDTR_LIMIT 0x0
GUEST_TR_LIMIT 0x20ab
GUEST_GDTR_LIMIT 0x3ff
GUEST_IDTR_LIMIT 0x7ff
GUEST_ES_AR_BYTES 0xc0f3
GUEST_CS_AR_BYTES 0xc09b
GUEST_SS_AR_BYTES 0xc093
GUEST_DS_AR_BYTES 0xc0f3
GUEST_FS_AR_BYTES 0xc093
GUEST_GS_AR_BYTES 0x10000
GUEST_TR_AR_BYTES 0x8b
GUEST_LDTR_AR_BYTES 0x10000
GUEST_CR0 0x8001003b
GUEST_CR3 0x6d40020
GUEST_CR4 0x26f9
GUEST_CS_BASE 0x0
GUEST_SS_BASE 0x0
GUEST_DS_BASE 0x0
GUEST_ES_BASE 0x0
GUEST_FS_BASE 0xf787d000
GUEST_GS_BASE 0x0
GUEST_LDTR_BASE 0x0
GUEST_TR_BASE 0xf787dd70
GUEST_GDTR_BASE 0xf7881190
GUEST_IDTR_BASE 0xf7881590
GUEST_RSP 0xf7a40c20
GUEST_RIP 0xf79d8b0d
GUEST_RFLAGS 0x200202
GUEST_SYSENTER_ESP 0xf7a25000
GUEST_SYSENTER_EIP 0x80541520
GUEST_SYSENTER_CS 0x8
HOST_CR0 0x8001003b
HOST_CR3 0x6d40020
HOST_CR4 0x26f9
HOST_FS_BASE 0xf787d000
HOST_GS_BASE 0x0
HOST_TR_BASE 0xf787dd70, selector 0x28
HOST_GDTR_BASE 0xf7881190
HOST_IDTR_BASE 0xf7881590
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xffdff120
SetMember 0x1
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
Break instruction exception - code 80000003 (first chance)
*******************************************************************************
* *
* You are seeing this message because you pressed either *
* CTRL+C (if you run console kernel debugger) or, *
* CTRL+BREAK (if you run GUI kernel debugger), *
* on your debugger machine's keyboard. *
* *
* THIS IS NOT A BUG OR A SYSTEM CRASH *
* *
* If you did not intend to break into the debugger, press the "g" key, then *
* press the "Enter" key now. This message might immediately reappear. If it *
* does, press "g" and "Enter" again. *
* *
*******************************************************************************
current kprcb: 0xf787d120
SetMember 0x2
current kprcb: 0xf787d120
SetMember 0x2
nt!RtlpBreakWithStatusInstruction:
8052b5dc cc int 3
current kprcb: 0xf787d120
SetMember 0x2
没有评论:
发表评论