📄 minispy.map
字号:
minispy
Timestamp is 4859f274 (Thu Jun 19 13:45:24 2008)
Preferred load address is 00010000
Start Length Name Class
0001:00000000 0000104eH .text CODE
0001:00001050 000001ebH .text$s CODE
0002:00000000 0000009cH .idata$5 DATA
0002:000000a0 00000068H .rdata DATA
0002:00000108 00000073H .rdata$debug DATA
0002:00000180 00000008H .rdata$sxdata DATA
0002:00000188 00000064H .xdata$x DATA
0003:00000000 00000008H .data DATA
0003:00000020 000002a8H .bss DATA
0004:00000000 0000033fH PAGE CODE
0004:00000340 00000095H PAGE$s CODE
0005:00000000 00000381H INIT CODE
0005:00000388 0000036cH INIT CODE
0005:00000700 000000d6H INIT$s CODE
0005:000007d8 0000003cH .idata$2 CODE
0005:00000814 00000014H .idata$3 CODE
0005:00000828 0000009cH .idata$4 CODE
0005:000008c4 00000328H .idata$6 CODE
0006:00000000 00000058H .rsrc$01 DATA
0006:00000060 000003b8H .rsrc$02 DATA
Address Publics by Value Rva+Base Lib:Object
0000:00000002 ___safe_se_handler_count 00000002 <absolute>
0001:00000010 _InitializeListHead@4 00010490 f i minispy.obj
0001:00000030 _KeInitializeSpinLock@4 000104b0 f i minispy.obj
0001:00000050 _SpyPreOperationCallback@12 000104d0 f minispy.obj
0001:000002f0 _SpyPostOperationCallback@16 00010770 f minispy.obj
0001:00000410 _SpyEnlistInTransaction@4 00010890 f minispy.obj
0001:00000420 _SpyAllocateBuffer@4 000108a0 f mspylib.obj
0001:000004a0 _ExAllocateFromNPagedLookasideList@4 00010920 f i mspylib.obj
0001:00000510 _SpyFreeBuffer@4 00010990 f mspylib.obj
0001:00000540 _ExFreeToNPagedLookasideList@8 000109c0 f i mspylib.obj
0001:000005a0 _SpyNewRecord@0 00010a20 f mspylib.obj
0001:00000630 _SpyFreeRecord@4 00010ab0 f mspylib.obj
0001:000006a0 _SpySetRecordName@8 00010b20 f mspylib.obj
0001:00000760 _SpyLogPreOperationData@12 00010be0 f mspylib.obj
0001:00000890 _SpyLogPostOperationData@8 00010d10 f mspylib.obj
0001:000008d0 _SpyLog@4 00010d50 f mspylib.obj
0001:00000910 _InsertTailList@8 00010d90 f i mspylib.obj
0001:00000950 _SpyGetLog@12 00010dd0 f mspylib.obj
0001:00000b80 _IsListEmpty@4 00011000 f i mspylib.obj
0001:00000ba0 _RemoveHeadList@4 00011020 f i mspylib.obj
0001:00000be0 _InsertHeadList@8 00011060 f i mspylib.obj
0001:00000c20 _SpyEmptyOutputBufferList@0 000110a0 f mspylib.obj
0001:00000c98 @__security_check_cookie@4 00011118 f BufferOverflowK:secchk.obj
0001:00000cac ___report_gsfailure 0001112c f BufferOverflowK:gs_report.obj
0001:00000cd8 _DbgPrint 00011158 f ntoskrnl:ntoskrnl.exe
0001:00000ce4 _DbgBreakPoint@0 00011164 f ntoskrnl:ntoskrnl.exe
0001:00000cf0 _memcpy 00011170 f ntoskrnl:ntoskrnl.exe
0001:00000cfc _memset 0001117c f ntoskrnl:ntoskrnl.exe
0001:00000d08 _FltUnregisterFilter@4 00011188 f fltMgr:FLTMGR.SYS
0001:00000d14 _FltCloseCommunicationPort@4 00011194 f fltMgr:FLTMGR.SYS
0001:00000d20 _FltStartFiltering@4 000111a0 f fltMgr:FLTMGR.SYS
0001:00000d2c _FltFreeSecurityDescriptor@4 000111ac f fltMgr:FLTMGR.SYS
0001:00000d38 _FltCreateCommunicationPort@32 000111b8 f fltMgr:FLTMGR.SYS
0001:00000d44 _FltBuildDefaultSecurityDescriptor@8 000111c4 f fltMgr:FLTMGR.SYS
0001:00000d50 _FltRegisterFilter@12 000111d0 f fltMgr:FLTMGR.SYS
0001:00000d5c _FltCloseClientPort@8 000111dc f fltMgr:FLTMGR.SYS
0001:00000d68 _FltReleaseFileNameInformation@4 000111e8 f fltMgr:FLTMGR.SYS
0001:00000d74 _FltParseFileNameInformation@4 000111f4 f fltMgr:FLTMGR.SYS
0001:00000d80 _FltGetFileNameInformation@12 00011200 f fltMgr:FLTMGR.SYS
0001:00000d8c _FltGetDeviceObject@8 0001120c f fltMgr:FLTMGR.SYS
0001:00000da0 __except_handler4 00011220 f sehupd:chandler4.obj
0001:00000efc __local_unwind4 0001137c f sehupd:exsup4.obj
0001:00000fc5 __seh_longjmp_unwind4@4 00011445 f sehupd:exsup4.obj
0001:00000fe1 @_EH4_CallFilterFunc@8 00011461 f sehupd:exsup4.obj
0001:00000ff8 @_EH4_TransferToHandler@8 00011478 f sehupd:exsup4.obj
0001:0000100a @_EH4_GlobalUnwind@4 0001148a f sehupd:exsup4.obj
0001:00001024 @_EH4_LocalUnwind@16 000114a4 f sehupd:exsup4.obj
0001:00001040 __NLG_Call 000114c0 f sehupd:_nlgsupp.obj
0001:00001048 _RtlUnwind@16 000114c8 f ntoskrnl:ntoskrnl.exe
0001:00001050 ??_C@_1BE@ECKFOCEH@?$AA?$DM?$AAN?$AAO?$AA?5?$AAN?$AAA?$AAM?$AAE?$AA?$DO?$AA?$AA@FNODOBFM@ 000114d0 minispy.obj
0001:00001070 ??_C@_1GE@GOOEDKNI@?$AA?$DM?$AAN?$AAO?$AA?5?$AAN?$AAA?$AAM?$AAE?$AA?3?$AA?5?$AAN?$AAo?$AAr?$AAm?$AAa?$AAl?$AAi?$AAz?$AAe?$AAS?$AAt?$AAa?$AAt?$AAu?$AAs?$AA?$DN?$AA?$CF?$AA0?$AA8?$AAx?$AA?5?$AAO@FNODOBFM@ 000114f0 minispy.obj
0001:000010e0 ??_C@_1BG@DLLGGIDJ@?$AA?$DM?$AA?$CF?$AA0?$AA8?$AAx?$AA?$DO?$AA?5?$AA?$CF?$AAw?$AAZ?$AA?$AA@FNODOBFM@ 00011560 minispy.obj
0001:00001100 ??_C@_0BD@BHAFHGKO@NT_SUCCESS?$CIstatus?$CJ?$AA@FNODOBFM@ 00011580 minispy.obj
0001:00001120 ??_C@_0EF@DNNBAMGK@d?3?2winddk?26001?418001?2src?2filesys@FNODOBFM@ 000115a0 minispy.obj
0001:00001170 ??_C@_0EF@BCLIOOHB@d?3?2winddk?26001?418001?2src?2filesys@FNODOBFM@ 000115f0 mspylib.obj
0001:000011c0 ??_C@_0BO@CLLEJOCO@MiniSpyData?4StaticBufferInUse?$AA@FNODOBFM@ 00011640 mspylib.obj
0001:000011e0 ??_C@_0CL@EANDNHJB@LogRecord?9?$DOLength?5?$DM?$DN?5MAX_LOG_REC@FNODOBFM@ 00011660 mspylib.obj
0001:00001210 ??_C@_0CL@EJJIBMCG@?$CIpLogRecord?$CJ?9?$DOLength?5?$DO?$DN?5sizeof?$CIL@FNODOBFM@ 00011690 mspylib.obj
0002:00000000 __imp__FltGetFileNameInformation@12 00011700 fltMgr:FLTMGR.SYS
0002:00000004 __imp__FltParseFileNameInformation@4 00011704 fltMgr:FLTMGR.SYS
0002:00000008 __imp__FltReleaseFileNameInformation@4 00011708 fltMgr:FLTMGR.SYS
0002:0000000c __imp__FltCloseClientPort@8 0001170c fltMgr:FLTMGR.SYS
0002:00000010 __imp__FltRegisterFilter@12 00011710 fltMgr:FLTMGR.SYS
0002:00000014 __imp__FltBuildDefaultSecurityDescriptor@8 00011714 fltMgr:FLTMGR.SYS
0002:00000018 __imp__FltCreateCommunicationPort@32 00011718 fltMgr:FLTMGR.SYS
0002:0000001c __imp__FltFreeSecurityDescriptor@4 0001171c fltMgr:FLTMGR.SYS
0002:00000020 __imp__FltStartFiltering@4 00011720 fltMgr:FLTMGR.SYS
0002:00000024 __imp__FltCloseCommunicationPort@4 00011724 fltMgr:FLTMGR.SYS
0002:00000028 __imp__FltUnregisterFilter@4 00011728 fltMgr:FLTMGR.SYS
0002:0000002c __imp__FltGetDeviceObject@8 0001172c fltMgr:FLTMGR.SYS
0002:00000030 \177FLTMGR_NULL_THUNK_DATA 00011730 fltMgr:FLTMGR.SYS
0002:00000034 __imp_@KfReleaseSpinLock@8 00011734 hal:HAL.dll
0002:00000038 __imp__KeGetCurrentIrql@0 00011738 hal:HAL.dll
0002:0000003c __imp_@KfAcquireSpinLock@4 0001173c hal:HAL.dll
0002:00000040 \177HAL_NULL_THUNK_DATA 00011740 hal:HAL.dll
0002:00000044 __imp__ZwQueryValueKey@24 00011744 ntoskrnl:ntoskrnl.exe
0002:00000048 __imp__KeBugCheckEx@20 00011748 ntoskrnl:ntoskrnl.exe
0002:0000004c __imp__ZwClose@4 0001174c ntoskrnl:ntoskrnl.exe
0002:00000050 __imp_@ObfDereferenceObject@4 00011750 ntoskrnl:ntoskrnl.exe
0002:00000054 __imp__PsGetCurrentThreadId@0 00011754 ntoskrnl:ntoskrnl.exe
0002:00000058 __imp__ZwOpenKey@12 00011758 ntoskrnl:ntoskrnl.exe
0002:0000005c __imp__PsGetCurrentProcessId@0 0001175c ntoskrnl:ntoskrnl.exe
0002:00000060 __imp__KeQuerySystemTime@4 00011760 ntoskrnl:ntoskrnl.exe
0002:00000064 __imp__memset 00011764 ntoskrnl:ntoskrnl.exe
0002:00000068 __imp_@ExInterlockedPushEntrySList@12 00011768 ntoskrnl:ntoskrnl.exe
0002:0000006c __imp_@ExInterlockedPopEntrySList@8 0001176c ntoskrnl:ntoskrnl.exe
0002:00000070 __imp__memcpy 00011770 ntoskrnl:ntoskrnl.exe
0002:00000074 __imp___snwprintf 00011774 ntoskrnl:ntoskrnl.exe
0002:00000078 __imp__DbgBreakPoint@0 00011778 ntoskrnl:ntoskrnl.exe
0002:0000007c __imp__DbgPrint 0001177c ntoskrnl:ntoskrnl.exe
0002:00000080 __imp__RtlAssert@16 00011780 ntoskrnl:ntoskrnl.exe
0002:00000084 __imp__ExInitializeNPagedLookasideList@28 00011784 ntoskrnl:ntoskrnl.exe
0002:00000088 __imp__RtlInitUnicodeString@8 00011788 ntoskrnl:ntoskrnl.exe
0002:0000008c __imp__KeTickCount 0001178c ntoskrnl:ntoskrnl.exe
0002:0000008c _KeTickCount 0001178c ntoskrnl:ntoskrnl.exe
0002:00000090 __imp__ExDeleteNPagedLookasideList@4 00011790 ntoskrnl:ntoskrnl.exe
0002:00000094 __imp__RtlUnwind@16 00011794 ntoskrnl:ntoskrnl.exe
0002:00000098 \177ntoskrnl_NULL_THUNK_DATA 00011798 ntoskrnl:ntoskrnl.exe
0002:000000c0 __load_config_used 000117c0 ntoskrnl:loadcfg.obj
0002:00000180 ___safe_se_handler_table 00011880 <linker-defined>
0003:00000000 ___security_cookie 00011900 BufferOverflowK:gs_support.obj
0003:00000004 ___security_cookie_complement 00011904 BufferOverflowK:gs_support.obj
0003:00000020 _StatusToBreakOn 00011920 minispy.obj
0003:00000040 _MiniSpyData 00011940 <common>
0004:00000010 _SpyConnect@20 00011c10 f minispy.obj
0004:00000090 _SpyDisconnect@4 00011c90 f minispy.obj
0004:000000e0 _SpyFilterUnload@4 00011ce0 f minispy.obj
0004:00000140 _SpyQueryTeardown@8 00011d40 f minispy.obj
0004:00000180 _SpyMessage@24 00011d80 f minispy.obj
0004:00000340 ??_C@_0BP@HPJINLMC@MiniSpyData?4ClientPort?5?$DN?$DN?5NULL?$AA@NNGAKEGL@ 00011f40 minispy.obj
0004:00000360 ??_C@_0EF@DNNBAMGK@d?3?2winddk?26001?418001?2src?2filesys@NNGAKEGL@ 00011f60 minispy.obj
0004:000003b0 ??_C@_0CF@FOPNHIJF@EX?3?5Pageable?5code?5called?5at?5IRQL@NNGAKEGL@ 00011fb0 minispy.obj
0005:00000010 _DriverEntry@8 00012010 f minispy.obj
0005:000001e0 _SpyReadDriverParameters@4 000121e0 f mspylib.obj
0005:00000343 _GsDriverEntry@8 00012343 f BufferOverflowK:gs_support.obj
0005:00000388 _Callbacks 00012388 registrationdata.obj
0005:000006a8 _Contexts 000126a8 registrationdata.obj
0005:000006c4 _FilterRegistration 000126c4 registrationdata.obj
0005:00000700 ??_C@_1BK@DICPLIGM@?$AA?2?$AAM?$AAi?$AAn?$AAi?$AAS?$AAp?$AAy?$AAP?$AAo?$AAr?$AAt?$AA?$AA@PBOPGDP@ 00012700 minispy.obj
0005:00000720 ??_C@_1CA@GONDOMMD@?$AAN?$AAa?$AAm?$AAe?$AAQ?$AAu?$AAe?$AAr?$AAy?$AAM?$AAe?$AAt?$AAh?$AAo?$AAd?$AA?$AA@PBOPGDP@ 00012720 mspylib.obj
0005:00000740 ??_C@_0CF@PCIMOHIH@pValuePartialInfo?9?$DOType?5?$DN?$DN?5REG_D@PBOPGDP@ 00012740 mspylib.obj
0005:00000770 ??_C@_0EF@BCLIOOHB@d?3?2winddk?26001?418001?2src?2filesys@PBOPGDP@ 00012770 mspylib.obj
0005:000007c0 ??_C@_1BG@MHDFHEJC@?$AAM?$AAa?$AAx?$AAR?$AAe?$AAc?$AAo?$AAr?$AAd?$AAs?$AA?$AA@PBOPGDP@ 000127c0 mspylib.obj
0005:000007d8 __IMPORT_DESCRIPTOR_ntoskrnl 000127d8 ntoskrnl:ntoskrnl.exe
0005:000007ec __IMPORT_DESCRIPTOR_HAL 000127ec hal:HAL.dll
0005:00000800 __IMPORT_DESCRIPTOR_FLTMGR 00012800 fltMgr:FLTMGR.SYS
0005:00000814 __NULL_IMPORT_DESCRIPTOR 00012814 ntoskrnl:ntoskrnl.exe
entry point at 0005:00000343
Static symbols
0001:00000f7f __unwind_handler4 000113ff f sehupd:exsup4.obj
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -