joshfinley · March 17, 2020 15:22
diff --git a/ntIoPLoadDriver.txt b/ntIoPLoadDriver.txt
 2: kd> uf nt!IopLoadDriver
 nt!IopLoadDriver:
 fffff800`3e510744 48895c2410      mov     qword ptr [rsp+10h],rbx
 fffff800`3e510749 55              push    rbp
 fffff800`3e51074a 56              push    rsi
 fffff800`3e51074b 57              push    rdi
 fffff800`3e51074c 4154            push    r12
 fffff800`3e51074e 4155            push    r13
 fffff800`3e510750 4156            push    r14
 fffff800`3e510752 4157            push    r15
 fffff800`3e510754 488dac2460ffffff lea     rbp,[rsp-0A0h]
 fffff800`3e51075c 4881eca0010000  sub     rsp,1A0h
 fffff800`3e510763 488b0526ccd1ff  mov     rax,qword ptr [nt!_security_cookie (fffff800`3e22d390)]
 fffff800`3e51076a 4833c4          xor     rax,rsp
 fffff800`3e51076d 48898590000000  mov     qword ptr [rbp+90h],rax
 fffff800`3e510774 33db            xor     ebx,ebx
 fffff800`3e510776 4c894df8        mov     qword ptr [rbp-8],r9
 fffff800`3e51077a 418919          mov     dword ptr [r9],ebx
 fffff800`3e51077d 488d442468      lea     rax,[rsp+68h]
 fffff800`3e510782 418af0          mov     sil,r8b
 fffff800`3e510785 88542450        mov     byte ptr [rsp+50h],dl
 fffff800`3e510789 4533c9          xor     r9d,r9d
 fffff800`3e51078c 895c2468        mov     dword ptr [rsp+68h],ebx
 fffff800`3e510790 4533c0          xor     r8d,r8d
 fffff800`3e510793 48895c2458      mov     qword ptr [rsp+58h],rbx
 fffff800`3e510798 33d2            xor     edx,edx
 fffff800`3e51079a 48895c2470      mov     qword ptr [rsp+70h],rbx
 fffff800`3e51079f 4c8be1          mov     r12,rcx
 fffff800`3e5107a2 48895c2478      mov     qword ptr [rsp+78h],rbx
 fffff800`3e5107a7 448bfb          mov     r15d,ebx
 fffff800`3e5107aa 895d0c          mov     dword ptr [rbp+0Ch],ebx
 fffff800`3e5107ad 448bf3          mov     r14d,ebx
 fffff800`3e5107b0 895d24          mov     dword ptr [rbp+24h],ebx
 fffff800`3e5107b3 48895d88        mov     qword ptr [rbp-78h],rbx
 fffff800`3e5107b7 895d80          mov     dword ptr [rbp-80h],ebx
 fffff800`3e5107ba 48895d90        mov     qword ptr [rbp-70h],rbx
 fffff800`3e5107be 48895c2460      mov     qword ptr [rsp+60h],rbx
 fffff800`3e5107c3 895d98          mov     dword ptr [rbp-68h],ebx
 fffff800`3e5107c6 4889442420      mov     qword ptr [rsp+20h],rax
 fffff800`3e5107cb e8d05beeff      call    nt!NtQueryKey (fffff800`3e3f63a0)
 fffff800`3e5107d0 3d230000c0      cmp     eax,0C0000023h
 fffff800`3e5107d5 0f8559f10e00    jne     nt!IopLoadDriver+0xef1f0 (fffff800`3e5ff934)  Branch

 nt!IopLoadDriver+0x97:
 fffff800`3e5107db 8b442468        mov     eax,dword ptr [rsp+68h]
 fffff800`3e5107df 8d4808          lea     ecx,[rax+8]
 fffff800`3e5107e2 3bc8            cmp     ecx,eax
 fffff800`3e5107e4 0f8250f30e00    jb      nt!IopLoadDriver+0xef3f6 (fffff800`3e5ffb3a)  Branch

 nt!IopLoadDriver+0xa6:
 fffff800`3e5107ea 8bd1            mov     edx,ecx
 fffff800`3e5107ec b900020000      mov     ecx,200h
 fffff800`3e5107f1 e8aecf98ff      call    nt!IopVerifierExAllocatePool (fffff800`3de9d7a4)
 fffff800`3e5107f6 488945a8        mov     qword ptr [rbp-58h],rax
 fffff800`3e5107fa 4c8bf8          mov     r15,rax
 fffff800`3e5107fd 4885c0          test    rax,rax
 fffff800`3e510800 0f8443f10e00    je      nt!IopLoadDriver+0xef205 (fffff800`3e5ff949)  Branch

 nt!IopLoadDriver+0xc2:
 fffff800`3e510806 448b4c2468      mov     r9d,dword ptr [rsp+68h]
 fffff800`3e51080b 488d442468      lea     rax,[rsp+68h]
 fffff800`3e510810 4d8bc7          mov     r8,r15
 fffff800`3e510813 4889442420      mov     qword ptr [rsp+20h],rax
 fffff800`3e510818 33d2            xor     edx,edx
 fffff800`3e51081a 498bcc          mov     rcx,r12
 fffff800`3e51081d e87e5beeff      call    nt!NtQueryKey (fffff800`3e3f63a0)
 fffff800`3e510822 8bf8            mov     edi,eax
 fffff800`3e510824 41bd02000000    mov     r13d,2
 fffff800`3e51082a 85c0            test    eax,eax
 fffff800`3e51082c 0f8827050000    js      nt!IopLoadDriver+0x615 (fffff800`3e510d59)  Branch

 nt!IopLoadDriver+0xee:
 fffff800`3e510832 410fb7570c      movzx   edx,word ptr [r15+0Ch]
 fffff800`3e510837 418d4dff        lea     ecx,[r13-1]
 fffff800`3e51083b 6689542458      mov     word ptr [rsp+58h],dx
 fffff800`3e510840 8d4208          lea     eax,[rdx+8]
 fffff800`3e510843 4903d5          add     rdx,r13
 fffff800`3e510846 668944245a      mov     word ptr [rsp+5Ah],ax
 fffff800`3e51084b 498d4710        lea     rax,[r15+10h]
 fffff800`3e51084f 4889442460      mov     qword ptr [rsp+60h],rax
 fffff800`3e510854 e84bcf98ff      call    nt!IopVerifierExAllocatePool (fffff800`3de9d7a4)
 fffff800`3e510859 4889442478      mov     qword ptr [rsp+78h],rax
 fffff800`3e51085e 4c8bf0          mov     r14,rax
 fffff800`3e510861 4885c0          test    rax,rax
 fffff800`3e510864 0f84c1f20e00    je      nt!IopLoadDriver+0xef3e7 (fffff800`3e5ffb2b)  Branch

 nt!IopLoadDriver+0x126:
 fffff800`3e51086a 0fb7542458      movzx   edx,word ptr [rsp+58h]
 fffff800`3e51086f 6689542470      mov     word ptr [rsp+70h],dx
 fffff800`3e510874 8bfa            mov     edi,edx
 fffff800`3e510876 448bc2          mov     r8d,edx
 fffff800`3e510879 428d0c2a        lea     ecx,[rdx+r13]
 fffff800`3e51087d 488b542460      mov     rdx,qword ptr [rsp+60h]
 fffff800`3e510882 66894c2472      mov     word ptr [rsp+72h],cx
 fffff800`3e510887 488bc8          mov     rcx,rax
 fffff800`3e51088a e8b13aacff      call    nt!memcpy (fffff800`3dfd4340)
 fffff800`3e51088f 48d1ef          shr     rdi,1
 fffff800`3e510892 488d1547890700  lea     rdx,[nt! ?? ::NNGAKEGL::`string' (fffff800`3e5891e0)]
 fffff800`3e510899 488d4c2458      lea     rcx,[rsp+58h]
 fffff800`3e51089e 6641891c7e      mov     word ptr [r14+rdi*2],bx
 fffff800`3e5108a3 e898268fff      call    nt!RtlAppendUnicodeToString (fffff800`3de02f40)
 fffff800`3e5108a8 488d542458      lea     rdx,[rsp+58h]
 fffff800`3e5108ad 418d4dff        lea     ecx,[r13-1]
 fffff800`3e5108b1 e8625ba4ff      call    nt!HeadlessKernelAddLogEntry (fffff800`3df56418)
 fffff800`3e5108b6 488d542470      lea     rdx,[rsp+70h]
 fffff800`3e5108bb 488d0d8e8ac6ff  lea     rcx,[nt!KMPnPEvt_DriverLoad_Start (fffff800`3e179350)]
 fffff800`3e5108c2 e87db6a2ff      call    nt!PnpDiagnosticTraceObject (fffff800`3df3bf44)
 fffff800`3e5108c7 391d5f55d5ff    cmp     dword ptr [nt!InitSafeBootMode (fffff800`3e265e2c)],ebx
 fffff800`3e5108cd 0f8577040000    jne     nt!IopLoadDriver+0x606 (fffff800`3e510d4a)  Branch

 nt!IopLoadDriver+0x18f:
 fffff800`3e5108d3 4c8d442458      lea     r8,[rsp+58h]
 fffff800`3e5108d8 498bd4          mov     rdx,r12
 fffff800`3e5108db 488d4c2470      lea     rcx,[rsp+70h]
 fffff800`3e5108e0 e8ef14ffff      call    nt!IopBuildFullDriverPath (fffff800`3e501dd4)
 fffff800`3e5108e5 8bf8            mov     edi,eax
 fffff800`3e5108e7 85c0            test    eax,eax
 fffff800`3e5108e9 0f8841f20e00    js      nt!IopLoadDriver+0xef3ec (fffff800`3e5ffb30)  Branch

 nt!IopLoadDriver+0x1ab:
 fffff800`3e5108ef 488d5588        lea     rdx,[rbp-78h]
 fffff800`3e5108f3 498bcc          mov     rcx,r12
 fffff800`3e5108f6 e89d050000      call    nt!IopGetDriverNameFromKeyNode (fffff800`3e510e98)
 fffff800`3e5108fb 8bf8            mov     edi,eax
 fffff800`3e5108fd 85c0            test    eax,eax
 fffff800`3e5108ff 0f8854040000    js      nt!IopLoadDriver+0x615 (fffff800`3e510d59)  Branch

 nt!IopLoadDriver+0x1c1:
 fffff800`3e510905 8b059dc8d1ff    mov     eax,dword ptr [nt!IopCaseInsensitive (fffff800`3e22d1a8)]
 fffff800`3e51090b 0f57c0          xorps   xmm0,xmm0
 fffff800`3e51090e f7d8            neg     eax
 fffff800`3e510910 c7450830000000  mov     dword ptr [rbp+8],30h
 fffff800`3e510917 488d4588        lea     rax,[rbp-78h]
 fffff800`3e51091b 48895d10        mov     qword ptr [rbp+10h],rbx
 fffff800`3e51091f 1bc9            sbb     ecx,ecx
 fffff800`3e510921 48894518        mov     qword ptr [rbp+18h],rax
 fffff800`3e510925 83e140          and     ecx,40h
 fffff800`3e510928 b201            mov     dl,1
 fffff800`3e51092a 81c110020000    add     ecx,210h
 fffff800`3e510930 894d20          mov     dword ptr [rbp+20h],ecx
 fffff800`3e510933 488d0d062dd5ff  lea     rcx,[nt!IopDriverLoadResource (fffff800`3e263640)]
 fffff800`3e51093a f30f7f4528      movdqu  xmmword ptr [rbp+28h],xmm0
 fffff800`3e51093f e8cc6792ff      call    nt!ExAcquireResourceExclusiveLite (fffff800`3de37110)
 fffff800`3e510944 488d45c8        lea     rax,[rbp-38h]
 fffff800`3e510948 4533c9          xor     r9d,r9d
 fffff800`3e51094b 4889442428      mov     qword ptr [rsp+28h],rax
 fffff800`3e510950 488d4c2458      lea     rcx,[rsp+58h]
 fffff800`3e510955 488d45d0        lea     rax,[rbp-30h]
 fffff800`3e510959 4533c0          xor     r8d,r8d
 fffff800`3e51095c 33d2            xor     edx,edx
 fffff800`3e51095e 4889442420      mov     qword ptr [rsp+20h],rax
 fffff800`3e510963 e8f8040000      call    nt!MmLoadSystemImage (fffff800`3e510e60)
 fffff800`3e510968 8bf8            mov     edi,eax
 fffff800`3e51096a 85c0            test    eax,eax
 fffff800`3e51096c 0f8832040000    js      nt!IopLoadDriver+0x660 (fffff800`3e510da4)  Branch

 nt!IopLoadDriver+0x22e:
 fffff800`3e510972 488b4dc8        mov     rcx,qword ptr [rbp-38h]
 fffff800`3e510976 e8651b9bff      call    nt!RtlImageNtHeader (fffff800`3dec24e0)
 fffff800`3e51097b 4c8b45c8        mov     r8,qword ptr [rbp-38h]
 fffff800`3e51097f 498bd4          mov     rdx,r12
 fffff800`3e510982 440fb6ce        movzx   r9d,sil
 fffff800`3e510986 0fb74844        movzx   ecx,word ptr [rax+44h]
 fffff800`3e51098a 0fb74046        movzx   eax,word ptr [rax+46h]
 fffff800`3e51098e c1e110          shl     ecx,10h
 fffff800`3e510991 0bc8            or      ecx,eax
 fffff800`3e510993 488d4598        lea     rax,[rbp-68h]
 fffff800`3e510997 894d80          mov     dword ptr [rbp-80h],ecx
 fffff800`3e51099a 488d4c2470      lea     rcx,[rsp+70h]
 fffff800`3e51099f 4889442420      mov     qword ptr [rsp+20h],rax
 fffff800`3e5109a4 e8db18ffff      call    nt!PnpPrepareDriverLoading (fffff800`3e502284)
 fffff800`3e5109a9 8bf8            mov     edi,eax
 fffff800`3e5109ab 85c0            test    eax,eax
 fffff800`3e5109ad 0f88d8f00e00    js      nt!IopLoadDriver+0xef347 (fffff800`3e5ffa8b)  Branch

 nt!IopLoadDriver+0x26f:
 fffff800`3e5109b3 65488b042588010000 mov   rax,qword ptr gs:[188h]
 fffff800`3e5109bc 4c8d4508        lea     r8,[rbp+8]
 fffff800`3e5109c0 488b15493be6ff  mov     rdx,qword ptr [nt!IoDriverObjectType (fffff800`3e374510)]
 fffff800`3e5109c7 bea0010000      mov     esi,1A0h
 fffff800`3e5109cc 4533c9          xor     r9d,r9d
 fffff800`3e5109cf 8a8832020000    mov     cl,byte ptr [rax+232h]
 fffff800`3e5109d5 488d45f0        lea     rax,[rbp-10h]
 fffff800`3e5109d9 4889442440      mov     qword ptr [rsp+40h],rax
 fffff800`3e5109de 895c2438        mov     dword ptr [rsp+38h],ebx
 fffff800`3e5109e2 895c2430        mov     dword ptr [rsp+30h],ebx
 fffff800`3e5109e6 89742428        mov     dword ptr [rsp+28h],esi
 fffff800`3e5109ea 48895c2420      mov     qword ptr [rsp+20h],rbx
 fffff800`3e5109ef e86c2af2ff      call    nt!ObCreateObject (fffff800`3e433460)
 fffff800`3e5109f4 8bf8            mov     edi,eax
 fffff800`3e5109f6 85c0            test    eax,eax
 fffff800`3e5109f8 0f888df00e00    js      nt!IopLoadDriver+0xef347 (fffff800`3e5ffa8b)  Branch

 nt!IopLoadDriver+0x2ba:
 fffff800`3e5109fe 448bc6          mov     r8d,esi
 fffff800`3e510a01 33d2            xor     edx,edx
 fffff800`3e510a03 488b75f0        mov     rsi,qword ptr [rbp-10h]
 fffff800`3e510a07 488bce          mov     rcx,rsi
 fffff800`3e510a0a e8713cacff      call    nt!memset (fffff800`3dfd4680)
 fffff800`3e510a0f 488d8650010000  lea     rax,[rsi+150h]
 fffff800`3e510a16 ba1c000000      mov     edx,1Ch
 fffff800`3e510a1b 48894630        mov     qword ptr [rsi+30h],rax
 fffff800`3e510a1f 488d7e70        lea     rdi,[rsi+70h]
 fffff800`3e510a23 488930          mov     qword ptr [rax],rsi
 fffff800`3e510a26 8bca            mov     ecx,edx
 fffff800`3e510a28 488d05a1dea0ff  lea     rax,[nt!IopInvalidDeviceRequest (fffff800`3df1e8d0)]
 fffff800`3e510a2f 8955c0          mov     dword ptr [rbp-40h],edx
 fffff800`3e510a32 f348ab          rep stos qword ptr [rdi]
 fffff800`3e510a35 488b7dc8        mov     rdi,qword ptr [rbp-38h]
 fffff800`3e510a39 488bcf          mov     rcx,rdi
 fffff800`3e510a3c c70604005001    mov     dword ptr [rsi],1500004h
 fffff800`3e510a42 e8991a9bff      call    nt!RtlImageNtHeader (fffff800`3dec24e0)
 fffff800`3e510a47 488bd0          mov     rdx,rax
 fffff800`3e510a4a 41b800200000    mov     r8d,2000h
 fffff800`3e510a50 0fb74044        movzx   eax,word ptr [rax+44h]
 fffff800`3e510a54 0fb74a46        movzx   ecx,word ptr [rdx+46h]
 fffff800`3e510a58 c1e010          shl     eax,10h
 fffff800`3e510a5b 0bc1            or      eax,ecx
 fffff800`3e510a5d 894580          mov     dword ptr [rbp-80h],eax
 fffff800`3e510a60 8b4228          mov     eax,dword ptr [rdx+28h]
 fffff800`3e510a63 4803c7          add     rax,rdi
 fffff800`3e510a66 664485425e      test    word ptr [rdx+5Eh],r8w
 fffff800`3e510a6b 7504            jne     nt!IopLoadDriver+0x32d (fffff800`3e510a71)  Branch

 nt!IopLoadDriver+0x329:
 fffff800`3e510a6d 44096e10        or      dword ptr [rsi+10h],r13d

 nt!IopLoadDriver+0x32d:
 fffff800`3e510a71 48894658        mov     qword ptr [rsi+58h],rax
 fffff800`3e510a75 4533c9          xor     r9d,r9d
 fffff800`3e510a78 488b45d0        mov     rax,qword ptr [rbp-30h]
 fffff800`3e510a7c 488bce          mov     rcx,rsi
 fffff800`3e510a7f 48894628        mov     qword ptr [rsi+28h],rax
 fffff800`3e510a83 48897e18        mov     qword ptr [rsi+18h],rdi
 fffff800`3e510a87 8b4250          mov     eax,dword ptr [rdx+50h]
 fffff800`3e510a8a 458d4101        lea     r8d,[r9+1]
 fffff800`3e510a8e 894620          mov     dword ptr [rsi+20h],eax
 fffff800`3e510a91 33d2            xor     edx,edx
 fffff800`3e510a93 488d45a0        lea     rax,[rbp-60h]
 fffff800`3e510a97 4889442428      mov     qword ptr [rsp+28h],rax
 fffff800`3e510a9c 48895c2420      mov     qword ptr [rsp+20h],rbx
 fffff800`3e510aa1 e89abbecff      call    nt!ObInsertObject (fffff800`3e3dc640)
 fffff800`3e510aa6 488d0d932bd5ff  lea     rcx,[nt!IopDriverLoadResource (fffff800`3e263640)]
 fffff800`3e510aad 8bf8            mov     edi,eax
 fffff800`3e510aaf e8dc5e92ff      call    nt!ExReleaseResourceLite (fffff800`3de36990)
 fffff800`3e510ab4 33d2            xor     edx,edx
 fffff800`3e510ab6 85ff            test    edi,edi
 fffff800`3e510ab8 0f88e4ef0e00    js      nt!IopLoadDriver+0xef35e (fffff800`3e5ffaa2)  Branch

 nt!IopLoadDriver+0x37a:
 fffff800`3e510abe 65488b042588010000 mov   rax,qword ptr gs:[188h]
 fffff800`3e510ac7 488b7da0        mov     rdi,qword ptr [rbp-60h]
 fffff800`3e510acb 4c8b053e3ae6ff  mov     r8,qword ptr [nt!IoDriverObjectType (fffff800`3e374510)]
 fffff800`3e510ad2 488bcf          mov     rcx,rdi
 fffff800`3e510ad5 48895c2428      mov     qword ptr [rsp+28h],rbx
 fffff800`3e510ada 448a8832020000  mov     r9b,byte ptr [rax+232h]
 fffff800`3e510ae1 488d45e0        lea     rax,[rbp-20h]
 fffff800`3e510ae5 4889442420      mov     qword ptr [rsp+20h],rax
 fffff800`3e510aea e86106eeff      call    nt!ObReferenceObjectByHandle (fffff800`3e3f1150)
 fffff800`3e510aef 85c0            test    eax,eax
 fffff800`3e510af1 0f85bfef0e00    jne     nt!IopLoadDriver+0xef372 (fffff800`3e5ffab6)  Branch

 nt!IopLoadDriver+0x3b3:
 fffff800`3e510af7 488bcf          mov     rcx,rdi
 fffff800`3e510afa e8a1d1aaff      call    nt!ZwClose (fffff800`3dfbdca0)
 fffff800`3e510aff 488b75e0        mov     rsi,qword ptr [rbp-20h]
 fffff800`3e510b03 488d05eeed2900  lea     rax,[nt!CmRegistryMachineHardwareDescriptionSystemName (fffff800`3e7af8f8)]
 fffff800`3e510b0a 41be00020000    mov     r14d,200h
 fffff800`3e510b10 418bce          mov     ecx,r14d
 fffff800`3e510b13 48894648        mov     qword ptr [rsi+48h],rax
 fffff800`3e510b17 0fb7558a        movzx   edx,word ptr [rbp-76h]
 fffff800`3e510b1b e884cc98ff      call    nt!IopVerifierExAllocatePool (fffff800`3de9d7a4)
 fffff800`3e510b20 48894640        mov     qword ptr [rsi+40h],rax
 fffff800`3e510b24 4885c0          test    rax,rax
 fffff800`3e510b27 7422            je      nt!IopLoadDriver+0x407 (fffff800`3e510b4b)  Branch

 nt!IopLoadDriver+0x3e5:
 fffff800`3e510b29 0fb7458a        movzx   eax,word ptr [rbp-76h]
 fffff800`3e510b2d 6689463a        mov     word ptr [rsi+3Ah],ax
 fffff800`3e510b31 0fb74588        movzx   eax,word ptr [rbp-78h]
 fffff800`3e510b35 66894638        mov     word ptr [rsi+38h],ax
 fffff800`3e510b39 440fb7458a      movzx   r8d,word ptr [rbp-76h]
 fffff800`3e510b3e 488b5590        mov     rdx,qword ptr [rbp-70h]
 fffff800`3e510b42 488b4e40        mov     rcx,qword ptr [rsi+40h]
 fffff800`3e510b46 e8f537acff      call    nt!memcpy (fffff800`3dfd4340)

 nt!IopLoadDriver+0x407:
 fffff800`3e510b4b bf00100000      mov     edi,1000h
 fffff800`3e510b50 418bce          mov     ecx,r14d
 fffff800`3e510b53 8bd7            mov     edx,edi
 fffff800`3e510b55 e84acc98ff      call    nt!IopVerifierExAllocatePool (fffff800`3de9d7a4)
 fffff800`3e510b5a 4c8bf8          mov     r15,rax
 fffff800`3e510b5d 4885c0          test    rax,rax
 fffff800`3e510b60 0f846aef0e00    je      nt!IopLoadDriver+0xef38c (fffff800`3e5ffad0)  Branch

 nt!IopLoadDriver+0x422:
 fffff800`3e510b66 488d45c0        lea     rax,[rbp-40h]
 fffff800`3e510b6a 448bcf          mov     r9d,edi
 fffff800`3e510b6d 4d8bc7          mov     r8,r15
 fffff800`3e510b70 4889442420      mov     qword ptr [rsp+20h],rax
 fffff800`3e510b75 ba01000000      mov     edx,1
 fffff800`3e510b7a 498bcc          mov     rcx,r12
 fffff800`3e510b7d e8be68f3ff      call    nt!NtQueryObject (fffff800`3e447440)
 fffff800`3e510b82 8bf8            mov     edi,eax
 fffff800`3e510b84 85c0            test    eax,eax
 fffff800`3e510b86 0f8867ef0e00    js      nt!IopLoadDriver+0xef3af (fffff800`3e5ffaf3)  Branch

 nt!IopLoadDriver+0x448:
 fffff800`3e510b8c 4c8b742478      mov     r14,qword ptr [rsp+78h]
 fffff800`3e510b91 4d85f6          test    r14,r14
 fffff800`3e510b94 7448            je      nt!IopLoadDriver+0x49a (fffff800`3e510bde)  Branch

 nt!IopLoadDriver+0x452:
 fffff800`3e510b96 0fb77c2472      movzx   edi,word ptr [rsp+72h]
 fffff800`3e510b9b b900020000      mov     ecx,200h
 fffff800`3e510ba0 8bd7            mov     edx,edi
 fffff800`3e510ba2 e8fdcb98ff      call    nt!IopVerifierExAllocatePool (fffff800`3de9d7a4)
 fffff800`3e510ba7 488b4e30        mov     rcx,qword ptr [rsi+30h]
 fffff800`3e510bab 48894120        mov     qword ptr [rcx+20h],rax
 fffff800`3e510baf 488b4630        mov     rax,qword ptr [rsi+30h]
 fffff800`3e510bb3 48395820        cmp     qword ptr [rax+20h],rbx
 fffff800`3e510bb7 7425            je      nt!IopLoadDriver+0x49a (fffff800`3e510bde)  Branch

 nt!IopLoadDriver+0x475:
 fffff800`3e510bb9 6689781a        mov     word ptr [rax+1Ah],di
 fffff800`3e510bbd 498bd6          mov     rdx,r14
 fffff800`3e510bc0 488b4e30        mov     rcx,qword ptr [rsi+30h]
 fffff800`3e510bc4 0fb7442470      movzx   eax,word ptr [rsp+70h]
 fffff800`3e510bc9 440fb7c7        movzx   r8d,di
 fffff800`3e510bcd 66894118        mov     word ptr [rcx+18h],ax
 fffff800`3e510bd1 488b4e30        mov     rcx,qword ptr [rsi+30h]
 fffff800`3e510bd5 488b4920        mov     rcx,qword ptr [rcx+20h]
 fffff800`3e510bd9 e86237acff      call    nt!memcpy (fffff800`3dfd4340)

 nt!IopLoadDriver+0x49a:
 fffff800`3e510bde f6459801        test    byte ptr [rbp-68h],1
 fffff800`3e510be2 0f852fef0e00    jne     nt!IopLoadDriver+0xef3d3 (fffff800`3e5ffb17)  Branch

 nt!IopLoadDriver+0x4a4:
 fffff800`3e510be8 498bd7          mov     rdx,r15
 fffff800`3e510beb 488d0d8e87c6ff  lea     rcx,[nt!KMPnPEvt_DriverInit_Start (fffff800`3e179380)]
 fffff800`3e510bf2 e84db3a2ff      call    nt!PnpDiagnosticTraceObject (fffff800`3df3bf44)
 fffff800`3e510bf7 488b4658        mov     rax,qword ptr [rsi+58h]
 fffff800`3e510bfb 498bd7          mov     rdx,r15
 fffff800`3e510bfe 488bce          mov     rcx,rsi
 fffff800`3e510c01 e81a94abff      call    nt!guard_dispatch_icall (fffff800`3dfca020)
 fffff800`3e510c06 8bf8            mov     edi,eax
 fffff800`3e510c08 85c0            test    eax,eax
 fffff800`3e510c0a 7815            js      nt!IopLoadDriver+0x4dd (fffff800`3e510c21)  Branch

 nt!IopLoadDriver+0x4c8:
 fffff800`3e510c0c 488bce          mov     rcx,rsi
 fffff800`3e510c0f e850072500      call    nt!VfXdvDriverCaptureIoCallbacks (fffff800`3e761364)
 fffff800`3e510c14 4c8d442458      lea     r8,[rsp+58h]
 fffff800`3e510c19 488bce          mov     rcx,rsi
 fffff800`3e510c1c e8ab17ffff      call    nt!KseShimDriverIoCallbacks (fffff800`3e5023cc)

 nt!IopLoadDriver+0x4dd:
 fffff800`3e510c21 448bc7          mov     r8d,edi
 fffff800`3e510c24 488d0d4587c6ff  lea     rcx,[nt!KMPnPEvt_DriverInit_Stop (fffff800`3e179370)]
 fffff800`3e510c2b 498bd7          mov     rdx,r15
 fffff800`3e510c2e e8f1b4a2ff      call    nt!PnpDiagnosticTraceObjectWithStatus (fffff800`3df3c124)
 fffff800`3e510c33 488b45f8        mov     rax,qword ptr [rbp-8]
 fffff800`3e510c37 488d1592dca0ff  lea     rdx,[nt!IopInvalidDeviceRequest (fffff800`3df1e8d0)]
 fffff800`3e510c3e 85ff            test    edi,edi
 fffff800`3e510c40 8938            mov     dword ptr [rax],edi
 fffff800`3e510c42 b8650300c0      mov     eax,0C0000365h
 fffff800`3e510c47 0f48f8          cmovs   edi,eax
 fffff800`3e510c4a 8bc3            mov     eax,ebx

 nt!IopLoadDriver+0x508:
 fffff800`3e510c4c 8bc8            mov     ecx,eax
 fffff800`3e510c4e 48395cce70      cmp     qword ptr [rsi+rcx*8+70h],rbx
 fffff800`3e510c53 0f84c8ee0e00    je      nt!IopLoadDriver+0xef3dd (fffff800`3e5ffb21)  Branch

 nt!IopLoadDriver+0x515:
 fffff800`3e510c59 ffc0            inc     eax
 fffff800`3e510c5b 83f81b          cmp     eax,1Bh
 fffff800`3e510c5e 76ec            jbe     nt!IopLoadDriver+0x508 (fffff800`3e510c4c)  Branch

 nt!IopLoadDriver+0x51c:
 fffff800`3e510c60 33d2            xor     edx,edx
 fffff800`3e510c62 498bcf          mov     rcx,r15
 fffff800`3e510c65 e836e4c5ff      call    nt!ExFreePool (fffff800`3e16f0a0)
 fffff800`3e510c6a 85ff            test    edi,edi
 fffff800`3e510c6c 0f88d2010000    js      nt!IopLoadDriver+0x700 (fffff800`3e510e44)  Branch

 nt!IopLoadDriver+0x52e:
 fffff800`3e510c72 b201            mov     dl,1
 fffff800`3e510c74 488d4c2458      lea     rcx,[rsp+58h]
 fffff800`3e510c79 e8b2030000      call    nt!IopBootLog (fffff800`3e511030)
 fffff800`3e510c7e 488b4e28        mov     rcx,qword ptr [rsi+28h]
 fffff800`3e510c82 e8b148ffff      call    nt!MiFreeDriverInitialization (fffff800`3e505538)
 fffff800`3e510c87 488bce          mov     rcx,rsi
 fffff800`3e510c8a e8dd040000      call    nt!IopReadyDeviceObjects (fffff800`3e51116c)
 fffff800`3e510c8f 488d4e38        lea     rcx,[rsi+38h]
 fffff800`3e510c93 e85c040000      call    nt!EtwTiLogDriverObjectLoad (fffff800`3e5110f4)

 nt!IopLoadDriver+0x554:
 fffff800`3e510c98 4c8b7da8        mov     r15,qword ptr [rbp-58h]

 nt!IopLoadDriver+0x558:
 fffff800`3e510c9c 85ff            test    edi,edi
 fffff800`3e510c9e 0f88b5000000    js      nt!IopLoadDriver+0x615 (fffff800`3e510d59)  Branch

 nt!IopLoadDriver+0x560:
 fffff800`3e510ca4 33d2            xor     edx,edx
 fffff800`3e510ca6 418bcd          mov     ecx,r13d
 fffff800`3e510ca9 e86a57a4ff      call    nt!HeadlessKernelAddLogEntry (fffff800`3df56418)
 fffff800`3e510cae 85ff            test    edi,edi
 fffff800`3e510cb0 0f88ba000000    js      nt!IopLoadDriver+0x62c (fffff800`3e510d70)  Branch

 nt!IopLoadDriver+0x572:
 fffff800`3e510cb6 4d85ff          test    r15,r15
 fffff800`3e510cb9 740a            je      nt!IopLoadDriver+0x581 (fffff800`3e510cc5)  Branch

 nt!IopLoadDriver+0x577:
 fffff800`3e510cbb 33d2            xor     edx,edx
 fffff800`3e510cbd 498bcf          mov     rcx,r15
 fffff800`3e510cc0 e8dbe3c5ff      call    nt!ExFreePool (fffff800`3e16f0a0)

 nt!IopLoadDriver+0x581:
 fffff800`3e510cc5 4d85f6          test    r14,r14
 fffff800`3e510cc8 7429            je      nt!IopLoadDriver+0x5af (fffff800`3e510cf3)  Branch

 nt!IopLoadDriver+0x586:
 fffff800`3e510cca 8b4580          mov     eax,dword ptr [rbp-80h]
 fffff800`3e510ccd 4c8d4d88        lea     r9,[rbp-78h]
 fffff800`3e510cd1 448bc7          mov     r8d,edi
 fffff800`3e510cd4 89442420        mov     dword ptr [rsp+20h],eax
 fffff800`3e510cd8 488d542470      lea     rdx,[rsp+70h]
 fffff800`3e510cdd 488d0d5c86c6ff  lea     rcx,[nt!KMPnPEvt_DriverLoad_Stop (fffff800`3e179340)]
 fffff800`3e510ce4 e84f57a4ff      call    nt!PnpDiagnosticTraceDriverFullInfo (fffff800`3df56438)
 fffff800`3e510ce9 33d2            xor     edx,edx
 fffff800`3e510ceb 498bce          mov     rcx,r14
 fffff800`3e510cee e8ade3c5ff      call    nt!ExFreePool (fffff800`3e16f0a0)

 nt!IopLoadDriver+0x5af:
 fffff800`3e510cf3 488b4d90        mov     rcx,qword ptr [rbp-70h]
 fffff800`3e510cf7 4885c9          test    rcx,rcx
 fffff800`3e510cfa 7407            je      nt!IopLoadDriver+0x5bf (fffff800`3e510d03)  Branch

 nt!IopLoadDriver+0x5b8:
 fffff800`3e510cfc 33d2            xor     edx,edx
 fffff800`3e510cfe e89de3c5ff      call    nt!ExFreePool (fffff800`3e16f0a0)

 nt!IopLoadDriver+0x5bf:
 fffff800`3e510d03 488b4c2460      mov     rcx,qword ptr [rsp+60h]
 fffff800`3e510d08 4885c9          test    rcx,rcx
 fffff800`3e510d0b 7407            je      nt!IopLoadDriver+0x5d0 (fffff800`3e510d14)  Branch

 nt!IopLoadDriver+0x5c9:
 fffff800`3e510d0d 33d2            xor     edx,edx
 fffff800`3e510d0f e88ce3c5ff      call    nt!ExFreePool (fffff800`3e16f0a0)

 nt!IopLoadDriver+0x5d0:
 fffff800`3e510d14 33d2            xor     edx,edx
 fffff800`3e510d16 498bcc          mov     rcx,r12
 fffff800`3e510d19 e8c2f9f4ff      call    nt!ObCloseHandle (fffff800`3e4606e0)
 fffff800`3e510d1e 8bc7            mov     eax,edi

 nt!IopLoadDriver+0x5dc:
 fffff800`3e510d20 488b8d90000000  mov     rcx,qword ptr [rbp+90h]
 fffff800`3e510d27 4833cc          xor     rcx,rsp
 fffff800`3e510d2a e861b7a8ff      call    nt!_security_check_cookie (fffff800`3df9c490)
 fffff800`3e510d2f 488b9c24e8010000 mov     rbx,qword ptr [rsp+1E8h]
 fffff800`3e510d37 4881c4a0010000  add     rsp,1A0h
 fffff800`3e510d3e 415f            pop     r15
 fffff800`3e510d40 415e            pop     r14
 fffff800`3e510d42 415d            pop     r13
 fffff800`3e510d44 415c            pop     r12
 fffff800`3e510d46 5f              pop     rdi
 fffff800`3e510d47 5e              pop     rsi
 fffff800`3e510d48 5d              pop     rbp
 fffff800`3e510d49 c3              ret

 nt!IopLoadDriver+0x606:
 fffff800`3e510d4a 385c2450        cmp     byte ptr [rsp+50h],bl
 fffff800`3e510d4e 0f847ffbffff    je      nt!IopLoadDriver+0x18f (fffff800`3e5108d3)  Branch

 nt!IopLoadDriver+0x610:
 fffff800`3e510d54 e9faeb0e00      jmp     nt!IopLoadDriver+0xef20f (fffff800`3e5ff953)  Branch

 nt!IopLoadDriver+0x615:
 fffff800`3e510d59 81ff0e0100c0    cmp     edi,0C000010Eh
 fffff800`3e510d5f 0f843fffffff    je      nt!IopLoadDriver+0x560 (fffff800`3e510ca4)  Branch

 nt!IopLoadDriver+0x621:
 fffff800`3e510d65 41bd03000000    mov     r13d,3
 fffff800`3e510d6b e934ffffff      jmp     nt!IopLoadDriver+0x560 (fffff800`3e510ca4)  Branch

 nt!IopLoadDriver+0x62c:
 fffff800`3e510d70 81ff0e0100c0    cmp     edi,0C000010Eh
 fffff800`3e510d76 0f843affffff    je      nt!IopLoadDriver+0x572 (fffff800`3e510cb6)  Branch

 nt!IopLoadDriver+0x638:
 fffff800`3e510d7c 81ff5e0200c0    cmp     edi,0C000025Eh
 fffff800`3e510d82 0f842effffff    je      nt!IopLoadDriver+0x572 (fffff800`3e510cb6)  Branch

 nt!IopLoadDriver+0x644:
 fffff800`3e510d88 33d2            xor     edx,edx
 fffff800`3e510d8a 498bcc          mov     rcx,r12
 fffff800`3e510d8d e842460700      call    nt!PnpDriverLoadingFailed (fffff800`3e5853d4)
 fffff800`3e510d92 b8650300c0      mov     eax,0C0000365h
 fffff800`3e510d97 3bf8            cmp     edi,eax
 fffff800`3e510d99 0f8417ffffff    je      nt!IopLoadDriver+0x572 (fffff800`3e510cb6)  Branch

 nt!IopLoadDriver+0x65b:
 fffff800`3e510d9f e9a0ed0e00      jmp     nt!IopLoadDriver+0xef400 (fffff800`3e5ffb44)  Branch

 nt!IopLoadDriver+0x660:
 fffff800`3e510da4 3d0e0100c0      cmp     eax,0C000010Eh
 fffff800`3e510da9 0f8573ec0e00    jne     nt!IopLoadDriver+0xef2de (fffff800`3e5ffa22)  Branch

 nt!IopLoadDriver+0x66b:
 fffff800`3e510daf 488b155a37e6ff  mov     rdx,qword ptr [nt!IoDriverObjectType (fffff800`3e374510)]
 fffff800`3e510db6 488d45a0        lea     rax,[rbp-60h]
 fffff800`3e510dba 4889442430      mov     qword ptr [rsp+30h],rax
 fffff800`3e510dbf 488d4d08        lea     rcx,[rbp+8]
 fffff800`3e510dc3 48895c2428      mov     qword ptr [rsp+28h],rbx
 fffff800`3e510dc8 4533c9          xor     r9d,r9d
 fffff800`3e510dcb 4533c0          xor     r8d,r8d
 fffff800`3e510dce 895c2420        mov     dword ptr [rsp+20h],ebx
 fffff800`3e510dd2 e8a93eeeff      call    nt!ObOpenObjectByName (fffff800`3e3f4c80)
 fffff800`3e510dd7 8bf8            mov     edi,eax
 fffff800`3e510dd9 85c0            test    eax,eax
 fffff800`3e510ddb 0f887cec0e00    js      nt!IopLoadDriver+0xef319 (fffff800`3e5ffa5d)  Branch

 nt!IopLoadDriver+0x69d:
 fffff800`3e510de1 4c8b052837e6ff  mov     r8,qword ptr [nt!IoDriverObjectType (fffff800`3e374510)]
 fffff800`3e510de8 488d45d8        lea     rax,[rbp-28h]
 fffff800`3e510dec 488b4da0        mov     rcx,qword ptr [rbp-60h]
 fffff800`3e510df0 4533c9          xor     r9d,r9d
 fffff800`3e510df3 48895c2428      mov     qword ptr [rsp+28h],rbx
 fffff800`3e510df8 33d2            xor     edx,edx
 fffff800`3e510dfa 4889442420      mov     qword ptr [rsp+20h],rax
 fffff800`3e510dff e84c03eeff      call    nt!ObReferenceObjectByHandle (fffff800`3e3f1150)
 fffff800`3e510e04 488b4da0        mov     rcx,qword ptr [rbp-60h]
 fffff800`3e510e08 8bf8            mov     edi,eax
 fffff800`3e510e0a e891ceaaff      call    nt!ZwClose (fffff800`3dfbdca0)
 fffff800`3e510e0f 85ff            test    edi,edi
 fffff800`3e510e11 7814            js      nt!IopLoadDriver+0x6e3 (fffff800`3e510e27)  Branch

 nt!IopLoadDriver+0x6cf:
 fffff800`3e510e13 488b4dd8        mov     rcx,qword ptr [rbp-28h]
 fffff800`3e510e17 e8e8eba6ff      call    nt!IopResurrectDriver (fffff800`3df7fa04)
 fffff800`3e510e1c 488b4dd8        mov     rcx,qword ptr [rbp-28h]
 fffff800`3e510e20 8bf8            mov     edi,eax
 fffff800`3e510e22 e8f98192ff      call    nt!ObfDereferenceObject (fffff800`3de39020)

 nt!IopLoadDriver+0x6e3:
 fffff800`3e510e27 488d0d1228d5ff  lea     rcx,[nt!IopDriverLoadResource (fffff800`3e263640)]
 fffff800`3e510e2e e85d5b92ff      call    nt!ExReleaseResourceLite (fffff800`3de36990)
 fffff800`3e510e33 33d2            xor     edx,edx
 fffff800`3e510e35 488d4c2458      lea     rcx,[rsp+58h]
 fffff800`3e510e3a e8f1010000      call    nt!IopBootLog (fffff800`3e511030)
 fffff800`3e510e3f e958feffff      jmp     nt!IopLoadDriver+0x558 (fffff800`3e510c9c)  Branch

 nt!IopLoadDriver+0x700:
 fffff800`3e510e44 488bce          mov     rcx,rsi
 fffff800`3e510e47 e8a431fdff      call    nt!ObMakeTemporaryObject (fffff800`3e4e3ff0)
 fffff800`3e510e4c 488bce          mov     rcx,rsi
 fffff800`3e510e4f e8cc8192ff      call    nt!ObfDereferenceObject (fffff800`3de39020)
 fffff800`3e510e54 e93ffeffff      jmp     nt!IopLoadDriver+0x554 (fffff800`3e510c98)  Branch

 nt!IopLoadDriver+0xef1f0:
 fffff800`3e5ff934 3d05000080      cmp     eax,80000005h
 fffff800`3e5ff939 0f849c0ef1ff    je      nt!IopLoadDriver+0x97 (fffff800`3e5107db)  Branch

 nt!IopLoadDriver+0xef1fb:
 fffff800`3e5ff93f bf600100c0      mov     edi,0C0000160h
 fffff800`3e5ff944 e91c14f1ff      jmp     nt!IopLoadDriver+0x621 (fffff800`3e510d65)  Branch

 nt!IopLoadDriver+0xef205:
 fffff800`3e5ff949 bf9a0000c0      mov     edi,0C000009Ah
 fffff800`3e5ff94e e91214f1ff      jmp     nt!IopLoadDriver+0x621 (fffff800`3e510d65)  Branch

 nt!IopLoadDriver+0xef20f:
 fffff800`3e5ff953 33c0            xor     eax,eax
 fffff800`3e5ff955 488d15e498f8ff  lea     rdx,[nt! ?? ::NNGAKEGL::`string' (fffff800`3e589240)]
 fffff800`3e5ff95c 488d4db0        lea     rcx,[rbp-50h]
 fffff800`3e5ff960 488945b0        mov     qword ptr [rbp-50h],rax
 fffff800`3e5ff964 488945b8        mov     qword ptr [rbp-48h],rax
 fffff800`3e5ff968 e823ed83ff      call    nt!RtlInitUnicodeString (fffff800`3de3e690)
 fffff800`3e5ff96d bf4c000000      mov     edi,4Ch
 fffff800`3e5ff972 488d4d40        lea     rcx,[rbp+40h]
 fffff800`3e5ff976 448bc7          mov     r8d,edi
 fffff800`3e5ff979 33d2            xor     edx,edx
 fffff800`3e5ff97b e8004d9dff      call    nt!memset (fffff800`3dfd4680)
 fffff800`3e5ff980 488d45e8        lea     rax,[rbp-18h]
 fffff800`3e5ff984 458bc5          mov     r8d,r13d
 fffff800`3e5ff987 4889442428      mov     qword ptr [rsp+28h],rax
 fffff800`3e5ff98c 4c8d4d40        lea     r9,[rbp+40h]
 fffff800`3e5ff990 488d55b0        lea     rdx,[rbp-50h]
 fffff800`3e5ff994 897c2420        mov     dword ptr [rsp+20h],edi
 fffff800`3e5ff998 498bcc          mov     rcx,r12
 fffff800`3e5ff99b e8f048dfff      call    nt!NtQueryValueKey (fffff800`3e3f4290)
 fffff800`3e5ff9a0 85c0            test    eax,eax
 fffff800`3e5ff9a2 782b            js      nt!IopLoadDriver+0xef28b (fffff800`3e5ff9cf)  Branch

 nt!IopLoadDriver+0xef260:
 fffff800`3e5ff9a4 0fb74548        movzx   eax,word ptr [rbp+48h]
 fffff800`3e5ff9a8 488d4db0        lea     rcx,[rbp-50h]
 fffff800`3e5ff9ac 66412bc5        sub     ax,r13w
 fffff800`3e5ff9b0 33d2            xor     edx,edx
 fffff800`3e5ff9b2 668945b0        mov     word ptr [rbp-50h],ax
 fffff800`3e5ff9b6 668945b2        mov     word ptr [rbp-4Eh],ax
 fffff800`3e5ff9ba 488d454c        lea     rax,[rbp+4Ch]
 fffff800`3e5ff9be 488945b8        mov     qword ptr [rbp-48h],rax
 fffff800`3e5ff9c2 e869640500      call    nt!IopSafebootDriverLoad (fffff800`3e655e30)
 fffff800`3e5ff9c7 84c0            test    al,al
 fffff800`3e5ff9c9 0f85040ff1ff    jne     nt!IopLoadDriver+0x18f (fffff800`3e5108d3)  Branch

 nt!IopLoadDriver+0xef28b:
 fffff800`3e5ff9cf 33d2            xor     edx,edx
 fffff800`3e5ff9d1 488d4c2458      lea     rcx,[rsp+58h]
 fffff800`3e5ff9d6 e855640500      call    nt!IopSafebootDriverLoad (fffff800`3e655e30)
 fffff800`3e5ff9db 84c0            test    al,al
 fffff800`3e5ff9dd 0f85f00ef1ff    jne     nt!IopLoadDriver+0x18f (fffff800`3e5108d3)  Branch

 nt!IopLoadDriver+0xef29f:
 fffff800`3e5ff9e3 33d2            xor     edx,edx
 fffff800`3e5ff9e5 488d4c2458      lea     rcx,[rsp+58h]
 fffff800`3e5ff9ea e84116f1ff      call    nt!IopBootLog (fffff800`3e511030)
 fffff800`3e5ff9ef 4c8d45b0        lea     r8,[rbp-50h]
 fffff800`3e5ff9f3 488d542458      lea     rdx,[rsp+58h]
 fffff800`3e5ff9f8 488d0d5198f8ff  lea     rcx,[nt! ?? ::NNGAKEGL::`string' (fffff800`3e589250)]
 fffff800`3e5ff9ff e8cce191ff      call    nt!DbgPrint (fffff800`3df1dbd0)
 fffff800`3e5ffa04 33d2            xor     edx,edx
 fffff800`3e5ffa06 418bcd          mov     ecx,r13d
 fffff800`3e5ffa09 e80a6a95ff      call    nt!HeadlessKernelAddLogEntry (fffff800`3df56418)
 fffff800`3e5ffa0e 33d2            xor     edx,edx
 fffff800`3e5ffa10 498bcc          mov     rcx,r12
 fffff800`3e5ffa13 e8c80ce6ff      call    nt!ObCloseHandle (fffff800`3e4606e0)
 fffff800`3e5ffa18 b85f0300c0      mov     eax,0C000035Fh
 fffff800`3e5ffa1d e9fe12f1ff      jmp     nt!IopLoadDriver+0x5dc (fffff800`3e510d20)  Branch

 nt!IopLoadDriver+0xef2de:
 fffff800`3e5ffa22 488d542458      lea     rdx,[rsp+58h]
 fffff800`3e5ffa27 8bc8            mov     ecx,eax
 fffff800`3e5ffa29 e85e570500      call    nt!IopCheckIfNotNativeDriver (fffff800`3e65518c)
 fffff800`3e5ffa2e 3c01            cmp     al,1
 fffff800`3e5ffa30 751a            jne     nt!IopLoadDriver+0xef308 (fffff800`3e5ffa4c)  Branch

 nt!IopLoadDriver+0xef2ee:
 fffff800`3e5ffa32 40f6de          neg     sil
 fffff800`3e5ffa35 488d4c2458      lea     rcx,[rsp+58h]
 fffff800`3e5ffa3a 1bff            sbb     edi,edi
 fffff800`3e5ffa3c f7df            neg     edi
 fffff800`3e5ffa3e 81c76b0300c0    add     edi,0C000036Bh
 fffff800`3e5ffa44 448bc7          mov     r8d,edi
 fffff800`3e5ffa47 e8f85f0500      call    nt!IopLogBlockedDriverEvent (fffff800`3e655a44)

 nt!IopLoadDriver+0xef308:
 fffff800`3e5ffa4c 81ff0e0100c0    cmp     edi,0C000010Eh
 fffff800`3e5ffa52 0f845713f1ff    je      nt!IopLoadDriver+0x66b (fffff800`3e510daf)  Branch

 nt!IopLoadDriver+0xef314:
 fffff800`3e5ffa58 e9ca13f1ff      jmp     nt!IopLoadDriver+0x6e3 (fffff800`3e510e27)  Branch

 nt!IopLoadDriver+0xef319:
 fffff800`3e5ffa5d 488d0ddc3bc6ff  lea     rcx,[nt!IopDriverLoadResource (fffff800`3e263640)]
 fffff800`3e5ffa64 e8276f83ff      call    nt!ExReleaseResourceLite (fffff800`3de36990)
 fffff800`3e5ffa69 33d2            xor     edx,edx
 fffff800`3e5ffa6b 488d4c2458      lea     rcx,[rsp+58h]
 fffff800`3e5ffa70 e8bb15f1ff      call    nt!IopBootLog (fffff800`3e511030)
 fffff800`3e5ffa75 81ff340000c0    cmp     edi,0C0000034h
 fffff800`3e5ffa7b 0f851b12f1ff    jne     nt!IopLoadDriver+0x558 (fffff800`3e510c9c)  Branch

 nt!IopLoadDriver+0xef33d:
 fffff800`3e5ffa81 bf8e0300c0      mov     edi,0C000038Eh
 fffff800`3e5ffa86 e91112f1ff      jmp     nt!IopLoadDriver+0x558 (fffff800`3e510c9c)  Branch

 nt!IopLoadDriver+0xef347:
 fffff800`3e5ffa8b 488b4dd0        mov     rcx,qword ptr [rbp-30h]
 fffff800`3e5ffa8f e8ac3ef4ff      call    nt!MmUnloadSystemImage (fffff800`3e543940)
 fffff800`3e5ffa94 488d0da53bc6ff  lea     rcx,[nt!IopDriverLoadResource (fffff800`3e263640)]
 fffff800`3e5ffa9b e8f06e83ff      call    nt!ExReleaseResourceLite (fffff800`3de36990)
 fffff800`3e5ffaa0 33d2            xor     edx,edx

 nt!IopLoadDriver+0xef35e:
 fffff800`3e5ffaa2 488d4c2458      lea     rcx,[rsp+58h]
 fffff800`3e5ffaa7 e88415f1ff      call    nt!IopBootLog (fffff800`3e511030)
 fffff800`3e5ffaac 4c8b742478      mov     r14,qword ptr [rsp+78h]
 fffff800`3e5ffab1 e9e611f1ff      jmp     nt!IopLoadDriver+0x558 (fffff800`3e510c9c)  Branch

 nt!IopLoadDriver+0xef372:
 fffff800`3e5ffab6 4c8b4de0        mov     r9,qword ptr [rbp-20h]
 fffff800`3e5ffaba 488bd7          mov     rdx,rdi
 fffff800`3e5ffabd 4c63c0          movsxd  r8,eax
 fffff800`3e5ffac0 b91f010000      mov     ecx,11Fh
 fffff800`3e5ffac5 48895c2420      mov     qword ptr [rsp+20h],rbx
 fffff800`3e5ffaca e8411a9cff      call    nt!KeBugCheckEx (fffff800`3dfc1510)
 fffff800`3e5ffacf cc              int     3

 nt!IopLoadDriver+0xef38c:
 fffff800`3e5ffad0 488bce          mov     rcx,rsi
 fffff800`3e5ffad3 e81845eeff      call    nt!ObMakeTemporaryObject (fffff800`3e4e3ff0)
 fffff800`3e5ffad8 488bce          mov     rcx,rsi
 fffff800`3e5ffadb e8409583ff      call    nt!ObfDereferenceObject (fffff800`3de39020)
 fffff800`3e5ffae0 4c8b742478      mov     r14,qword ptr [rsp+78h]
 fffff800`3e5ffae5 bf9a0000c0      mov     edi,0C000009Ah
 fffff800`3e5ffaea 4c8b7da8        mov     r15,qword ptr [rbp-58h]
 fffff800`3e5ffaee e97212f1ff      jmp     nt!IopLoadDriver+0x621 (fffff800`3e510d65)  Branch

 nt!IopLoadDriver+0xef3af:
 fffff800`3e5ffaf3 488bce          mov     rcx,rsi
 fffff800`3e5ffaf6 e8f544eeff      call    nt!ObMakeTemporaryObject (fffff800`3e4e3ff0)
 fffff800`3e5ffafb 488bce          mov     rcx,rsi
 fffff800`3e5ffafe e81d9583ff      call    nt!ObfDereferenceObject (fffff800`3de39020)
 fffff800`3e5ffb03 33d2            xor     edx,edx
 fffff800`3e5ffb05 498bcf          mov     rcx,r15
 fffff800`3e5ffb08 e893f5b6ff      call    nt!ExFreePool (fffff800`3e16f0a0)
 fffff800`3e5ffb0d 4c8b742478      mov     r14,qword ptr [rsp+78h]
 fffff800`3e5ffb12 e98111f1ff      jmp     nt!IopLoadDriver+0x554 (fffff800`3e510c98)  Branch

 nt!IopLoadDriver+0xef3d3:
 fffff800`3e5ffb17 0fba6e1008      bts     dword ptr [rsi+10h],8
 fffff800`3e5ffb1c e9c710f1ff      jmp     nt!IopLoadDriver+0x4a4 (fffff800`3e510be8)  Branch

 nt!IopLoadDriver+0xef3dd:
 fffff800`3e5ffb21 488954ce70      mov     qword ptr [rsi+rcx*8+70h],rdx
 fffff800`3e5ffb26 e92e11f1ff      jmp     nt!IopLoadDriver+0x515 (fffff800`3e510c59)  Branch

 nt!IopLoadDriver+0xef3e7:
 fffff800`3e5ffb2b bf9a0000c0      mov     edi,0C000009Ah

 nt!IopLoadDriver+0xef3ec:
 fffff800`3e5ffb30 48895c2460      mov     qword ptr [rsp+60h],rbx
 fffff800`3e5ffb35 e96211f1ff      jmp     nt!IopLoadDriver+0x558 (fffff800`3e510c9c)  Branch

 nt!IopLoadDriver+0xef3f6:
 fffff800`3e5ffb3a bf950000c0      mov     edi,0C0000095h
 fffff800`3e5ffb3f e92112f1ff      jmp     nt!IopLoadDriver+0x621 (fffff800`3e510d65)  Branch

 nt!IopLoadDriver+0xef400:
 fffff800`3e5ffb44 4c8d4d00        lea     r9,[rbp]
 fffff800`3e5ffb48 4533c0          xor     r8d,r8d
 fffff800`3e5ffb4b 488d152e97f8ff  lea     rdx,[nt! ?? ::NNGAKEGL::`string' (fffff800`3e589280)]
 fffff800`3e5ffb52 498bcc          mov     rcx,r12
 fffff800`3e5ffb55 e8aee6e8ff      call    nt!IopGetRegistryValue (fffff800`3e48e208)
 fffff800`3e5ffb5a 85c0            test    eax,eax
 fffff800`3e5ffb5c 0f885411f1ff    js      nt!IopLoadDriver+0x572 (fffff800`3e510cb6)  Branch

 nt!IopLoadDriver+0xef41e:
 fffff800`3e5ffb62 488b4d00        mov     rcx,qword ptr [rbp]
 fffff800`3e5ffb66 39590c          cmp     dword ptr [rcx+0Ch],ebx
 fffff800`3e5ffb69 746d            je      nt!IopLoadDriver+0xef494 (fffff800`3e5ffbd8)  Branch

 nt!IopLoadDriver+0xef427:
 fffff800`3e5ffb6b 488b442460      mov     rax,qword ptr [rsp+60h]
 fffff800`3e5ffb70 448b4908        mov     r9d,dword ptr [rcx+8]
 fffff800`3e5ffb74 48f7d8          neg     rax
 fffff800`3e5ffb77 488d442458      lea     rax,[rsp+58h]
 fffff800`3e5ffb7c 481bd2          sbb     rdx,rdx
 fffff800`3e5ffb7f 4823d0          and     rdx,rax
 fffff800`3e5ffb82 488b4590        mov     rax,qword ptr [rbp-70h]
 fffff800`3e5ffb86 48f7d8          neg     rax
 fffff800`3e5ffb89 488d4588        lea     rax,[rbp-78h]
 fffff800`3e5ffb8d 4d1bc0          sbb     r8,r8
 fffff800`3e5ffb90 4c23c0          and     r8,rax
 fffff800`3e5ffb93 803d6ee51a0001  cmp     byte ptr [nt!CmFirstTime (fffff800`3e7ae108)],1
 fffff800`3e5ffb9a 753c            jne     nt!IopLoadDriver+0xef494 (fffff800`3e5ffbd8)  Branch

 nt!IopLoadDriver+0xef458:
 fffff800`3e5ffb9c 418b0409        mov     eax,dword ptr [r9+rcx]
 fffff800`3e5ffba0 83c0fe          add     eax,0FFFFFFFEh
 fffff800`3e5ffba3 83f801          cmp     eax,1
 fffff800`3e5ffba6 7730            ja      nt!IopLoadDriver+0xef494 (fffff800`3e5ffbd8)  Branch

 nt!IopLoadDriver+0xef464:
 fffff800`3e5ffba8 4885d2          test    rdx,rdx
 fffff800`3e5ffbab 7406            je      nt!IopLoadDriver+0xef46f (fffff800`3e5ffbb3)  Branch

 nt!IopLoadDriver+0xef469:
 fffff800`3e5ffbad 4c8b4a08        mov     r9,qword ptr [rdx+8]
 fffff800`3e5ffbb1 eb03            jmp     nt!IopLoadDriver+0xef472 (fffff800`3e5ffbb6)  Branch

 nt!IopLoadDriver+0xef46f:
 fffff800`3e5ffbb3 4c8bcb          mov     r9,rbx

 nt!IopLoadDriver+0xef472:
 fffff800`3e5ffbb6 4d85c0          test    r8,r8
 fffff800`3e5ffbb9 7404            je      nt!IopLoadDriver+0xef47b (fffff800`3e5ffbbf)  Branch

 nt!IopLoadDriver+0xef477:
 fffff800`3e5ffbbb 498b5808        mov     rbx,qword ptr [r8+8]

 nt!IopLoadDriver+0xef47b:
 fffff800`3e5ffbbf ba01000000      mov     edx,1
 fffff800`3e5ffbc4 4863c7          movsxd  rax,edi
 fffff800`3e5ffbc7 4c8bc3          mov     r8,rbx
 fffff800`3e5ffbca 4889442420      mov     qword ptr [rsp+20h],rax
 fffff800`3e5ffbcf 8d4a59          lea     ecx,[rdx+59h]
 fffff800`3e5ffbd2 e839199cff      call    nt!KeBugCheckEx (fffff800`3dfc1510)
 fffff800`3e5ffbd7 cc              int     3

 nt!IopLoadDriver+0xef494:
 fffff800`3e5ffbd8 33d2            xor     edx,edx
 fffff800`3e5ffbda e8c1f4b6ff      call    nt!ExFreePool (fffff800`3e16f0a0)
 fffff800`3e5ffbdf 90              nop
 fffff800`3e5ffbe0 e9d110f1ff      jmp     nt!IopLoadDriver+0x572 (fffff800`3e510cb6)  Branch