Skip to content

Instantly share code, notes, and snippets.

@neitsa

neitsa/loader_snaps.txt

Created June 9, 2020 14:41
Show Gist options
  • Save neitsa/952429adc03b4b8b840d8dbe5488a93d to your computer and use it in GitHub Desktop.
Save neitsa/952429adc03b4b8b840d8dbe5488a93d to your computer and use it in GitHub Desktop.
Download ZIP
loader snaps
Raw
loader_snaps.txt
Microsoft (R) Windows Debugger Version 10.0.18362.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
CommandLine: G:\Appdata\CPP\Test\x64\Release\Test.exe
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*g:\Symbols*https://msdl.microsoft.com/download/symbols
Symbol search path is: srv*g:\Symbols*https://msdl.microsoft.com/download/symbols
Executable search path is:
ModLoad: 00007ff6`f57c0000 00007ff6`f57c7000 Test.exe
ModLoad: 00007ffa`d1e20000 00007ffa`d2010000 ntdll.dll
5f34:12f4 @ 2096065156 - LdrpInitializeProcess - INFO: Beginning execution of Test.exe (G:\Appdata\CPP\Test\x64\Release\Test.exe)
Current directory: C:\Program Files (x86)\Windows Kits\10\Debuggers\
Package directories: (null)
5f34:12f4 @ 2096065156 - LdrLoadDll - ENTER: DLL name: KERNEL32.DLL
5f34:12f4 @ 2096065156 - LdrpLoadDllInternal - ENTER: DLL name: KERNEL32.DLL
5f34:12f4 @ 2096065156 - LdrpFindKnownDll - ENTER: DLL name: KERNEL32.DLL
5f34:12f4 @ 2096065156 - LdrpFindKnownDll - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065156 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\KERNEL32.DLL
ModLoad: 00007ffa`d0050000 00007ffa`d0102000 C:\WINDOWS\System32\KERNEL32.DLL
5f34:12f4 @ 2096065156 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-rtlsupport-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
5f34:12f4 @ 2096065156 - LdrpFindKnownDll - ENTER: DLL name: KERNELBASE.dll
5f34:12f4 @ 2096065156 - LdrpFindKnownDll - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065156 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\KERNELBASE.dll
ModLoad: 00007ffa`cfae0000 00007ffa`cfd84000 C:\WINDOWS\System32\KERNELBASE.dll
5f34:12f4 @ 2096065156 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-apiquery-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-3.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-2-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-delayload-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-io-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-io-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-job-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-legacy-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-threadpool-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-largeinteger-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-namedpipe-l1-2-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-namedpipe-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-namedpipe-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-datetime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-datetime-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-datetime-l1-1-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-2-3.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-timezone-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processsnapshot-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065156 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-3.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-fibers-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-util-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-base-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-security-appcontainer-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-comm-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-realtime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-wow64-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-wow64-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-systemtopology-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-systemtopology-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processtopology-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-namespace-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l2-1-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l2-1-3.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l2-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-xstate-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-xstate-l2-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-normalization-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-fibers-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-fibers-l2-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-private-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sidebyside-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-appcompat-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-windowserrorreporting-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-windowserrorreporting-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-windowserrorreporting-l1-1-2.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-console-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-console-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-console-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-console-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-console-l2-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-console-l3-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-psapi-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-psapi-ansi-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-appcompat-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReAllocateHeap" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeCriticalSection" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteBarrier" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceFrequency" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryUnbiasedInterruptTime" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventActivityIdControl" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
5f34:12f4 @ 2096065171 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
5f34:12f4 @ 2096065171 - LdrpInitializeNode - INFO: Calling init routine 00007FFACFAEAA50 for DLL "C:\WINDOWS\System32\KERNELBASE.dll"
5f34:12f4 @ 2096065296 - LdrpInitializeNode - INFO: Calling init routine 00007FFAD0067C70 for DLL "C:\WINDOWS\System32\KERNEL32.DLL"
5f34:12f4 @ 2096065296 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065296 - LdrLoadDll - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseThreadInitThunk" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvGetWindowsDirectoryW" by name
5f34:12f4 @ 2096065296 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernel32-appcompat-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
5f34:12f4 @ 2096065296 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
5f34:12f4 @ 2096065296 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseDumpAppcompatCacheWorker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseCheckAppcompatCacheWorker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseFlushAppcompatCacheWorker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseInitAppcompatCacheSupportWorker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseUpdateAppcompatCacheWorker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseFreeAppCompatDataForProcessWorker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseCheckAppcompatCacheExWorker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseIsAppcompatInfrastructureDisabledWorker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseReadAppCompatDataForProcessWorker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseCleanupAppcompatCacheSupportWorker" by name
5f34:12f4 @ 2096065296 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernel32-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
5f34:12f4 @ 2096065296 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
5f34:12f4 @ 2096065296 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepGetComputerNameFromNtPath" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepSetFileEncryptionCompression" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "SetVolumeMountPointWStub" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepCopyEncryption" by name
5f34:12f4 @ 2096065296 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernel32-datetime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
5f34:12f4 @ 2096065296 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
5f34:12f4 @ 2096065296 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "GetTimeFormatWWorker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "GetTimeFormatAWorker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "GetDateFormatAWorker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "GetDateFormatWWorker" by name
5f34:12f4 @ 2096065296 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernel32-quirks-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
5f34:12f4 @ 2096065296 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
5f34:12f4 @ 2096065296 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkIsEnabled2Worker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkIsEnabledWorker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkIsEnabledForPackageWorker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkIsEnabledForProcessWorker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkGetDataWorker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkGetData2Worker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkIsEnabled3Worker" by name
5f34:12f4 @ 2096065296 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkIsEnabledForPackage2Worker" by name
5f34:12f4 @ 2096065296 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernel32-quirks-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
5f34:12f4 @ 2096065296 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
5f34:12f4 @ 2096065296 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkIsEnabledForPackage3Worker" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "QuirkIsEnabledForPackage4Worker" by name
5f34:12f4 @ 2096065312 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernel32-sidebyside-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
5f34:12f4 @ 2096065312 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
5f34:12f4 @ 2096065312 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "CreateActCtxWWorker" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "AddRefActCtxWorker" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "GetCurrentActCtxWorker" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "FindActCtxSectionStringWWorker" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "QueryActCtxSettingsWWorker" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "DeactivateActCtxWorker" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "QueryActCtxWWorker" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "FindActCtxSectionGuidWorker" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "ActivateActCtxWorker" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "ReleaseActCtxWorker" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "ZombifyActCtxWorker" by name
5f34:12f4 @ 2096065312 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernel32-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
5f34:12f4 @ 2096065312 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
5f34:12f4 @ 2096065312 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "CheckForReadOnlyResourceFilter" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepReportFault" by name
5f34:12f4 @ 2096065312 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernel32-registry-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
5f34:12f4 @ 2096065312 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
5f34:12f4 @ 2096065312 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvDeleteValue" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepNotifyLoadStringResource" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvGetWindowsDirectoryA" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvGetWindowsDirectoryW" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvOpenUserClasses" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvCreateRegEntry" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvOpenRegEntry" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvDeleteKey" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvSetKeySecurity" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvRestoreKey" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvGetPreSetValue" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "TermsrvSetValueKey" by name
5f34:12f4 @ 2096065312 - LdrpPreprocessDllName - INFO: DLL ext-ms-win-kernelbase-processthread-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
5f34:12f4 @ 2096065312 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\kernel32.dll
5f34:12f4 @ 2096065312 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepProcessInvalidImage" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseDestroyVDMEnvironment" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepFreeAppCompatData" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepReleaseSxsCreateProcessUtilityStruct" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepPostSuccessAppXExtension" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseElevationPostProcessing" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepInitAppCompatData" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepGetAppCompatData" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseWriteErrorElevationRequiredEvent" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseCheckElevation" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepReleaseAppXContext" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepConstructSxsCreateProcessMessage" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepQueryAppCompat" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepAppContainerEnvironmentExtension" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepQueryModuleChpeSettings" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseIsDosApplication" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepCheckWinSaferRestrictions" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "NtVdm64CreateProcessInternalW" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "RaiseInvalid16BitExeError" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepAppXExtension" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepCheckWebBladeHashes" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BasepIsProcessAllowed" by name
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "BaseUpdateVDMEntry" by name
5f34:12f4 @ 2096065312 - LdrpFindLoadedDllInternal - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065312 - LdrpGetProcedureAddress - INFO: Locating procedure "KernelbasePostInit" by name
5f34:12f4 @ 2096065328 - LdrpLoadDllInternal - ENTER: DLL name: C:\WINDOWS\SYSTEM32\apphelp.dll
5f34:12f4 @ 2096065328 - LdrpFindKnownDll - ENTER: DLL name: apphelp.dll
5f34:12f4 @ 2096065328 - LdrpFindKnownDll - RETURN: Status: 0xc0000135
5f34:12f4 @ 2096065328 - LdrpResolveDllName - ENTER: DLL name: C:\WINDOWS\SYSTEM32\apphelp.dll
5f34:12f4 @ 2096065328 - LdrpResolveDllName - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065328 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\SYSTEM32\apphelp.dll
ModLoad: 00007ffa`cce00000 00007ffa`cce8f000 C:\WINDOWS\SYSTEM32\apphelp.dll
5f34:12f4 @ 2096065328 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065328 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\SYSTEM32\apphelp.dll" failed with status 0xc000008a
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-appcompat-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-appcompat-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-eventing-provider-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-2-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-obsolete-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065328 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventWriteTransfer" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventSetInformation" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventUnregister" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "EtwEventRegister" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "PackageIdFromFullName" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "GetPackageFullName" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeCriticalSection" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
5f34:12f4 @ 2096065328 - LdrpInitializeNode - INFO: Calling init routine 00007FFACCE132B0 for DLL "C:\WINDOWS\SYSTEM32\apphelp.dll"
5f34:12f4 @ 2096065328 - LdrLoadDll - ENTER: DLL name: ntdll.dll
5f34:12f4 @ 2096065328 - LdrpLoadDllInternal - ENTER: DLL name: ntdll.dll
5f34:12f4 @ 2096065328 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065328 - LdrLoadDll - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlGetNtSystemRoot" by name
5f34:12f4 @ 2096065328 - LdrpLoadDllInternal - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "SE_InitializeEngine" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "SE_ShimDllLoaded" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "SE_InstallBeforeInit" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "SE_InstallAfterInit" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "SE_DllLoaded" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "SE_DllUnloaded" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "SE_LdrEntryRemoved" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "SE_ProcessDying" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "SE_LdrResolveDllName" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "SE_GetProcAddressForCaller" by name
5f34:12f4 @ 2096065328 - LdrpGetProcedureAddress - INFO: Locating procedure "ApphelpCheckModule" by name
5f34:12f4 @ 2096065343 - LdrpFindKnownDll - ENTER: DLL name: VCRUNTIME140.dll
5f34:12f4 @ 2096065343 - LdrpFindKnownDll - RETURN: Status: 0xc0000135
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-runtime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpFindKnownDll - ENTER: DLL name: ucrtbase.dll
5f34:12f4 @ 2096065343 - LdrpFindKnownDll - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065343 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\System32\ucrtbase.dll
5f34:9574 @ 2096065343 - LdrpSearchPath - ENTER: DLL name: VCRUNTIME140.dll
ModLoad: 00007ffa`cef80000 00007ffa`cf07a000 C:\WINDOWS\System32\ucrtbase.dll
5f34:12f4 @ 2096065343 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
5f34:9574 @ 2096065343 - LdrpComputeLazyDllPath - INFO: DLL search path computed: G:\Appdata\CPP\Test\x64\Release;C:\WINDOWS\SYSTEM32;C:\WINDOWS\system;C:\WINDOWS;.;C:\Program Files (x86)\Windows Kits\10\Debuggers\x64;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\System32;C:\Windows;C:\Windows\System32\wbem;C:\Windows\System32\OpenSSH\;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\Intel\iCLS Client\;C:\Program Files\Intel\iCLS Client\;C:\Program Files (x86)\NVIDI
5f34:9574 @ 2096065343 - LdrpResolveDllName - ENTER: DLL name: G:\Appdata\CPP\Test\x64\Release\VCRUNTIME140.dll
5f34:12f4 @ 2096065343 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\System32\ucrtbase.dll" failed with status 0xc000008a
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-errorhandling-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
5f34:9574 @ 2096065343 - LdrpResolveDllName - RETURN: Status: 0xc0000135
5f34:9574 @ 2096065343 - LdrpResolveDllName - ENTER: DLL name: C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-libraryloader-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-debug-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processenvironment-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-localization-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-datetime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:9574 @ 2096065343 - LdrpResolveDllName - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-sysinfo-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-rtlsupport-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ntdll.dll by API set
5f34:9574 @ 2096065343 - LdrpSearchPath - RETURN: Status: 0x00000000
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-1.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-console-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-handle-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-namedpipe-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-timezone-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-file-l2-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-synch-l1-2-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-profile-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-memory-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-util-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernel32.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-interlocked-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:9574 @ 2096065343 - LdrpMinimalMapModule - ENTER: DLL name: C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-math-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
5f34:58c0 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSetLastWin32Error" by name
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-stdio-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
5f34:58c0 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlReAllocateHeap" by name
5f34:58c0 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlFreeHeap" by name
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-locale-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
5f34:12f4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
5f34:58c0 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlSizeHeap" by name
5f34:58c0 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlAllocateHeap" by name
5f34:58c0 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlExitUserThread" by name
5f34:58c0 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
5f34:58c0 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
ModLoad: 00007ffa`bffc0000 00007ffa`bffd9000 C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll
5f34:58c0 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
5f34:9574 @ 2096065343 - LdrpMinimalMapModule - RETURN: Status: 0x00000000
5f34:58c0 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceFrequency" by name
5f34:58c0 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlQueryPerformanceCounter" by name
5f34:58c0 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEncodePointer" by name
5f34:58c0 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInterlockedFlushSList" by name
5f34:58c0 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInterlockedPushEntrySList" by name
5f34:85e4 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-core-processthreads-l1-1-2 was redirected to C:\WINDOWS\SYSTEM32\kernelbase.dll by API set
5f34:9574 @ 2096065343 - LdrpFindDllActivationContext - INFO: Probing for the manifest of DLL "C:\WINDOWS\SYSTEM32\VCRUNTIME140.dll" failed with status 0xc000008a
5f34:85e4 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "IsProcessCritical" by name
5f34:85e4 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInitializeSListHead" by name
5f34:9574 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-runtime-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
5f34:9574 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-heap-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
5f34:9574 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-string-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
5f34:9574 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-stdio-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
5f34:9574 @ 2096065343 - LdrpPreprocessDllName - INFO: DLL api-ms-win-crt-convert-l1-1-0.dll was redirected to C:\WINDOWS\SYSTEM32\ucrtbase.dll by API set
5f34:58c0 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEncodePointer" by name
5f34:58c0 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInterlockedPushEntrySList" by name
5f34:58c0 @ 2096065343 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlInterlockedFlushSList" by name
5f34:58c0 @ 2096065359 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlEnterCriticalSection" by name
5f34:58c0 @ 2096065359 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlLeaveCriticalSection" by name
5f34:58c0 @ 2096065359 - LdrpGetProcedureAddress - INFO: Locating procedure "RtlDeleteCriticalSection" by name
(5f34.12f4): Break instruction exception - code 80000003 (first chance)
ntdll!LdrpDoDebuggerBreak+0x30:
00007ffa`d1ef119c cc int 3
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment