1. windbg 를 열어서 실행 중인 프로세스에 attach 함
2. !peb 명령을 통해 msedge.exe 프로세스의 컨텍스트로 맞춰짐을 확인
!peb 명령 원본 접기
0:020> !peb PEB at 000000d361c70000 InheritedAddressSpace: No ReadImageFileExecOptions: No BeingDebugged: Yes ImageBaseAddress: 00007ff65f7c0000 NtGlobalFlag: 0 NtGlobalFlag2: 0 Ldr 00007ffa7bebc4c0 Ldr.Initialized: Yes Ldr.InInitializationOrderModuleList: 000002bd70003d00 . 000002bd700314e0 Ldr.InLoadOrderModuleList: 000002bd70003e70 . 000002bd700314c0 Ldr.InMemoryOrderModuleList: 000002bd70003e80 . 000002bd700314d0 Base TimeStamp Module 7ff65f7c0000 6424ce40 Mar 30 08:48:16 2023 C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe 7ffa7bd50000 b5ced1c6 Aug 28 23:10:14 2066 C:\WINDOWS\SYSTEM32\ntdll.dll 7ffa7baa0000 e35abded Nov 15 05:34:53 2090 C:\WINDOWS\System32\KERNEL32.DLL 7ffa79990000 e7e53a4e Apr 14 23:59:26 2093 C:\WINDOWS\System32\KERNELBASE.dll 7ffa3deb0000 6424ce40 Mar 30 08:48:16 2023 C:\Program Files (x86)\Microsoft\Edge\Application\111.0.1661.62\msedge_elf.dll 7ffa7aa10000 f9911b39 Sep 07 10:41:13 2102 C:\WINDOWS\System32\advapi32.dll 7ffa7b7c0000 564f9f39 Nov 21 07:31:21 2015 C:\WINDOWS\System32\msvcrt.dll 7ffa7b8c0000 40d0f379 Jun 17 10:27:21 2004 C:\WINDOWS\System32\sechost.dll 7ffa7aac0000 a71cfb7a Nov 05 13:00:58 2058 C:\WINDOWS\System32\RPCRT4.dll 7ffa78e20000 28e89a43 Oct 02 00:54:43 1991 C:\WINDOWS\SYSTEM32\CRYPTBASE.DLL 7ffa79d10000 856685b0 Dec 03 04:17:04 2040 C:\WINDOWS\System32\bcryptPrimitives.dll 7ffa261e0000 6424ce40 Mar 30 08:48:16 2023 C:\Program Files (x86)\Microsoft\Edge\Application\111.0.1661.62\msedge.dll 7ffa7b9c0000 61567b6b Oct 01 12:07:23 2021 C:\WINDOWS\System32\OLEAUT32.dll 7ffa795d0000 39255ccf May 20 00:25:03 2000 C:\WINDOWS\System32\msvcp_win.dll 7ffa794d0000 2bd748bf Apr 23 10:39:11 1993 C:\WINDOWS\System32\ucrtbase.dll 7ffa79da0000 f4ecbc84 Mar 20 01:04:20 2100 C:\WINDOWS\System32\combase.dll 7ffa6f190000 b8ca2d77 Mar 29 23:40:55 2068 C:\WINDOWS\SYSTEM32\WINMM.dll 7ffa794a0000 87ca24c8 Mar 12 02:30:48 2042 C:\WINDOWS\System32\bcrypt.dll 7ffa79670000 ce95420b Oct 30 19:44:27 2079 C:\WINDOWS\System32\crypt32.dll 7ffa70850000 7c197411 Dec 24 02:14:57 2035 C:\WINDOWS\SYSTEM32\dbghelp.dll 7ffa73e50000 5b7a74e4 Aug 20 16:59:32 2018 C:\WINDOWS\SYSTEM32\dhcpcsvc.dll 7ffa3d8d0000 6424ce40 Mar 30 08:48:16 2023 C:\Program Files (x86)\Microsoft\Edge\Application\111.0.1661.62\ffmpeg.dll 7ffa788b0000 bcfc4371 Jun 22 16:49:05 2070 C:\WINDOWS\SYSTEM32\iphlpapi.dll 7ffa78f20000 b127427f Mar 08 03:29:19 2064 C:\WINDOWS\SYSTEM32\ncrypt.dll 7ffa78ee0000 1a7045f2 Jan 22 05:39:14 1984 C:\WINDOWS\SYSTEM32\NTASN1.dll 7ffa6ea90000 7aec0e44 May 09 11:28:20 2035 C:\WINDOWS\SYSTEM32\secur32.dll 7ffa49500000 d9e68c91 Nov 05 11:18:57 2085 C:\WINDOWS\SYSTEM32\uiautomationcore.dll 7ffa73350000 3a69740d Jan 20 20:18:37 2001 C:\WINDOWS\SYSTEM32\PROPSYS.dll 7ffa79310000 fa786637 Mar 01 21:14:47 2103 C:\WINDOWS\SYSTEM32\userenv.dll 7ffa73d40000 14531102 Oct 21 23:56:02 1980 C:\WINDOWS\SYSTEM32\version.dll 7ffa73950000 1883c6c8 Jan 13 16:01:28 1983 C:\WINDOWS\SYSTEM32\winhttp.dll 7ffa64830000 e1088af6 Aug 21 12:31:02 2089 C:\WINDOWS\SYSTEM32\winspool.drv 7ffa79c70000 ce6df005 Sep 30 23:56:05 2079 C:\WINDOWS\System32\wintrust.dll 7ffa79040000 065c6e40 May 20 13:40:32 1973 C:\WINDOWS\SYSTEM32\MSASN1.dll 7ffa7a990000 aff3315b Jul 18 11:18:03 2063 C:\WINDOWS\System32\ws2_32.dll 7ffa68b20000 29a9e8ad Feb 25 15:56:45 1992 C:\WINDOWS\system32\dwrite.dll SubSystemData: 0000000000000000 ProcessHeap: 000002bd6ff20000 ProcessParameters: 000002bd700030b0 CurrentDirectory: 'C:\Program Files (x86)\Microsoft\Edge\Application\111.0.1661.62\' WindowTitle: 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe' ImageFile: 'C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe' CommandLine: '"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --lang=ko --js-flags=--ms-user-locale=ko_KR --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=65 --time-ticks-at-unix-epoch=-1680681028510649 --launch-time-ticks=62746376945 --mojo-platform-channel-handle=9596 --field-trial-handle=1944,i,3789062115407176725,14247285865967555308,131072 /prefetch:1' DllPath: '< Name not readable >' Environment: 000002bd700027f0 CHROME_CRASHPAD_PIPE_NAME=\\.\pipe\crashpad_8048_VCEJDEIOERONYQBX LOCALAPPDATA=C:\Users\afirst.mihee\AppData\Local Path=C:\Program Files (x86)\Microsoft\Edge\Application;C:\Program Files\Common Files\Oracle\Java\javapath;C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\;C:\WINDOWS\System32\OpenSSH\;C:\Program Files\Git\cmd;C:\Program Files\Tesseract-OCR;C:\Users\afirst.mihee\AppData\Local\Programs\Python\Python311\Scripts\;C:\Users\afirst.mihee\AppData\Local\Programs\Python\Python311\;C:\Users\afirst.mihee\AppData\Local\Programs\Python\Python310\Scripts\;C:\Users\afirst.mihee\AppData\Local\Programs\Python\Python310\;C:\Users\afirst.mihee\AppData\Local\Microsoft\WindowsApps;C:\Users\afirst.mihee\AppData\Local\Programs\Microsoft VS Code\bin;C:\FFmpeg\bin;C:\Users\afirst.mihee\AppData\Local\GitHubDesktop\bin;C:\Users\afirst.mihee\AppData\Local\bin\NASM;C:\Python27; SystemDrive=C: SystemRoot=C:\WINDOWS TEMP=C:\Users\AFIRST~1.MIH\AppData\Local\Temp TMP=C:\Users\AFIRST~1.MIH\AppData\Local\Temp |
3. !dh msedge.exe 로 프로세스 메모리 덤프를 출력
!dh msedge.exe
원본 접기
원본 접기
0:020> !dh msedge.exe File Type: EXECUTABLE IMAGE FILE HEADER VALUES 8664 machine (X64) E number of sections 6424CE40 time date stamp Thu Mar 30 08:48:16 2023 0 file pointer to symbol table 0 number of symbols F0 size of optional header 22 characteristics Executable App can handle >2gb addresses OPTIONAL HEADER VALUES 20B magic # 14.00 linker version 2B3000 size of code 127200 size of initialized data 0 size of uninitialized data 15EED0 address of entry point 1000 base of code ----- new ----- 00007ff65f7c0000 image base 1000 section alignment 200 file alignment 2 subsystem (Windows GUI) 5.02 operating system version 0.00 image version 5.02 subsystem version 3F3000 size of image 400 size of headers 3E810C checksum 0000000000800000 size of stack reserve 0000000000001000 size of stack commit 0000000000100000 size of heap reserve 0000000000001000 size of heap commit C160 DLL characteristics High entropy VA supported Dynamic base NX compatible Guard Terminal server aware 30EDD4 [ 87] address [size] of Export Directory 30EE5B [ 50] address [size] of Import Directory 360000 [ 8F288] address [size] of Resource Directory 33F000 [ 14AFC] address [size] of Exception Directory 3DBC00 [ 27D0] address [size] of Security Directory 3F0000 [ 2FD8] address [size] of Base Relocation Directory 30B5C0 [ 54] address [size] of Debug Directory 0 [ 0] address [size] of Description Directory 0 [ 0] address [size] of Special Directory 30B2F8 [ 28] address [size] of Thread Storage Directory 2B4170 [ 138] address [size] of Load Configuration Directory 0 [ 0] address [size] of Bound Import Directory 30F690 [ 7E0] address [size] of Import Address Table Directory 30DA18 [ 1E0] address [size] of Delay Import Directory 0 [ 0] address [size] of COR20 Header Directory 0 [ 0] address [size] of Reserved Directory SECTION HEADER #1 .text name 2B2EB4 virtual size 1000 virtual address 2B3000 size of raw data 400 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 60000020 flags Code (no align specified) Execute Read SECTION HEADER #2 .rdata name 6B6CC virtual size 2B4000 virtual address 6B800 size of raw data 2B3400 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 40000040 flags Initialized Data (no align specified) Read Only Debug Directories(3) Type Size Address Pointer cv 53 30b614 30aa14 Format: RSDS, guid, 1, D:\a\_work\e\src\out\Release_x64\initialexe\msedge.exe.pdb ( 13) 598 30b668 30aa68 ( 20) 4 30bc00 30b000 SECTION HEADER #3 .data name 1E43C virtual size 320000 virtual address 10E00 size of raw data 31EC00 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers C0000040 flags Initialized Data (no align specified) Read Write SECTION HEADER #4 .pdata name 14AFC virtual size 33F000 virtual address 14C00 size of raw data 32FA00 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 40000040 flags Initialized Data (no align specified) Read Only SECTION HEADER #5 .00cfg name 28 virtual size 354000 virtual address 200 size of raw data 344600 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 40000040 flags Initialized Data (no align specified) Read Only SECTION HEADER #6 .gxfg name 32C0 virtual size 355000 virtual address 3400 size of raw data 344800 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 40000040 flags Initialized Data (no align specified) Read Only SECTION HEADER #7 .retplne name 94 virtual size 359000 virtual address 200 size of raw data 347C00 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 0 flags (no align specified) SECTION HEADER #8 .tls name 181 virtual size 35A000 virtual address 200 size of raw data 347E00 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers C0000040 flags Initialized Data (no align specified) Read Write SECTION HEADER #9 .voltbl name 42 virtual size 35B000 virtual address 200 size of raw data 348000 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 0 flags (no align specified) SECTION HEADER #A CPADinfo name 38 virtual size 35C000 virtual address 200 size of raw data 348200 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers C0000040 flags Initialized Data (no align specified) Read Write SECTION HEADER #B LZMADEC name 11F1 virtual size 35D000 virtual address 1200 size of raw data 348400 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 60000020 flags Code (no align specified) Execute Read SECTION HEADER #C _RDATA name F4 virtual size 35F000 virtual address 200 size of raw data 349600 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 40000040 flags Initialized Data (no align specified) Read Only SECTION HEADER #D .rsrc name 8F288 virtual size 360000 virtual address 8F400 size of raw data 349800 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 40000040 flags Initialized Data (no align specified) Read Only SECTION HEADER #E .reloc name 2FD8 virtual size 3F0000 virtual address 3000 size of raw data 3D8C00 file pointer to raw data 0 file pointer to relocation table 0 file pointer to line numbers 0 number of relocations 0 number of line numbers 42000040 flags Initialized Data Discardable (no align specified) Read Only |
4. dps image base address + IAT Offset IAT Size/8
dps 7ff65f7c0000+30F690 L7E0/8
원본 접기0:020> dps 7ff65f7c0000+30F690 L7E0/8 00007ff6`5facf690 00007ffa`3dfa4ee0 msedge_elf!GetInstallDetailsPayload 00007ff6`5facf698 00007ffa`3dfa3100 msedge_elf!IsBrowserProcess 00007ff6`5facf6a0 00007ffa`3dfa3110 msedge_elf!IsExtensionPointDisableSet 00007ff6`5facf6a8 00007ffa`3dfa2f80 msedge_elf!SignalChromeElf 00007ff6`5facf6b0 00007ffa`3dfa2f70 msedge_elf!SignalInitializeCrashReporting 00007ff6`5facf6b8 00000000`00000000 00007ff6`5facf6c0 00007ffa`7bd790a0 ntdll!RtlAcquireSRWLockExclusive 00007ff6`5facf6c8 00007ffa`7bac06c0 KERNEL32!AssignProcessToJobObject 00007ff6`5facf6d0 00007ffa`7bac1430 KERNEL32!CancelIoStub 00007ff6`5facf6d8 00007ffa`7bac50a0 KERNEL32!CloseHandle 00007ff6`5facf6e0 00007ffa`7babce60 KERNEL32!CompareStringWStub 00007ff6`5facf6e8 00007ffa`7bac1790 KERNEL32!ConnectNamedPipeStub 00007ff6`5facf6f0 00007ffa`7bac5990 KERNEL32!CopyFileW 00007ff6`5facf6f8 00007ffa`7bac52f0 KERNEL32!CreateDirectoryW 00007ff6`5facf700 00007ffa`7bac5120 KERNEL32!CreateEventW 00007ff6`5facf708 00007ffa`7bac5310 KERNEL32!CreateFileA 00007ff6`5facf710 00007ffa`7babd0a0 KERNEL32!CreateFileMappingWStub 00007ff6`5facf718 00007ffa`7bac5320 KERNEL32!CreateFileW 00007ff6`5facf720 00007ffa`7badb040 KERNEL32!CreateHardLinkWStub 00007ff6`5facf728 00007ffa`7babe110 KERNEL32!CreateIoCompletionPortStub 00007ff6`5facf730 00007ffa`7babe9b0 KERNEL32!CreateJobObjectW 00007ff6`5facf738 00007ffa`7bac5160 KERNEL32!CreateMutexW 00007ff6`5facf740 00007ffa`7bac0a30 KERNEL32!CreateNamedPipeWStub 00007ff6`5facf748 00007ffa`7babd320 KERNEL32!CreateProcessWStub 00007ff6`5facf750 00007ffa`7badb1e0 KERNEL32!CreateRemoteThreadStub 00007ff6`5facf758 00007ffa`7bac5180 KERNEL32!CreateSemaphoreW 00007ff6`5facf760 00007ffa`7babbd70 KERNEL32!CreateThreadStub 00007ff6`5facf768 00007ffa`7bac8260 KERNEL32!CreateToolhelp32Snapshot 00007ff6`5facf770 00007ffa`7badb290 KERNEL32!DebugBreakStub 00007ff6`5facf778 00007ffa`7bd60fc0 ntdll!RtlDeleteCriticalSection 00007ff6`5facf780 00007ffa`7bac5350 KERNEL32!DeleteFileW 00007ff6`5facf788 00007ffa`79a0d950 KERNELBASE!AfpAdminDisconnect 00007ff6`5facf790 00007ffa`7bac2720 KERNEL32!DisconnectNamedPipeStub 00007ff6`5facf798 00007ffa`7bac50b0 KERNEL32!DuplicateHandle 00007ff6`5facf7a0 00007ffa`7bdc1f40 ntdll!RtlEncodePointer 00007ff6`5facf7a8 00007ffa`7bd7faa0 ntdll!RtlEnterCriticalSection 00007ff6`5facf7b0 00007ffa`7badb4f0 KERNEL32!EnumSystemLocalesExStub 00007ff6`5facf7b8 00007ffa`7badb510 KERNEL32!EnumSystemLocalesWStub 00007ff6`5facf7c0 00007ffa`7babe860 KERNEL32!ExitProcessImplementation 00007ff6`5facf7c8 00007ffa`7bda4640 ntdll!RtlExitUserThread 00007ff6`5facf7d0 00007ffa`7babbf60 KERNEL32!ExpandEnvironmentStringsWStub 00007ff6`5facf7d8 00007ffa`7bac5810 KERNEL32!FileTimeToSystemTime 00007ff6`5facf7e0 00007ffa`7bac5380 KERNEL32!FindClose 00007ff6`5facf7e8 00007ffa`7bac53e0 KERNEL32!FindFirstFileExW 00007ff6`5facf7f0 00007ffa`7bac5450 KERNEL32!FindNextFileW 00007ff6`5facf7f8 00007ffa`7bac09f0 KERNEL32!FindResourceWStub 00007ff6`5facf800 00007ffa`7bac0990 KERNEL32!FlsAllocStub 00007ff6`5facf808 00007ffa`7bac12d0 KERNEL32!FlsFreeStub 00007ff6`5facf810 00007ffa`7bab8cb0 KERNEL32!FlsGetValueStub 00007ff6`5facf818 00007ffa`7babca90 KERNEL32!FlsSetValueStub 00007ff6`5facf820 00007ffa`7bac5480 KERNEL32!FlushFileBuffers 00007ff6`5facf828 00007ffa`7badb5f0 KERNEL32!FlushViewOfFileStub 00007ff6`5facf830 00007ffa`7bac2840 KERNEL32!FormatMessageAStub 00007ff6`5facf838 00007ffa`7babfe70 KERNEL32!FreeEnvironmentStringsWStub 00007ff6`5facf840 00007ffa`7babcf90 KERNEL32!FreeLibraryStub 00007ff6`5facf848 00007ffa`7bac17f0 KERNEL32!FreeLibraryAndExitThreadStub 00007ff6`5facf850 00007ffa`7babe820 KERNEL32!GetACPStub 00007ff6`5facf858 00007ffa`7babeaa0 KERNEL32!GetCPInfoStub 00007ff6`5facf860 00007ffa`7bac0600 KERNEL32!GetCommandLineAStub 00007ff6`5facf868 00007ffa`7babfb80 KERNEL32!GetCommandLineWStub 00007ff6`5facf870 00007ffa`7bac09b0 KERNEL32!GetComputerNameExWStub 00007ff6`5facf878 00007ffa`7bac5ab0 KERNEL32!GetConsoleMode 00007ff6`5facf880 00007ffa`7bac5ac0 KERNEL32!GetConsoleOutputCP 00007ff6`5facf888 00007ffa`7bac06f0 KERNEL32!GetCurrentDirectoryWStub 00007ff6`5facf890 00007ffa`7bac5040 KERNEL32!GetCurrentProcess 00007ff6`5facf898 00007ffa`7bac5050 KERNEL32!GetCurrentProcessId 00007ff6`5facf8a0 00007ffa`7bdf1d00 ntdll!RtlGetCurrentProcessorNumber 00007ff6`5facf8a8 00007ffa`7bab5e80 KERNEL32!GetCurrentThread 00007ff6`5facf8b0 00007ffa`7bab5b30 KERNEL32!GetCurrentThreadId 00007ff6`5facf8b8 00007ffa`7bac0e60 KERNEL32!GetDateFormatWStub 00007ff6`5facf8c0 00007ffa`7bac54e0 KERNEL32!GetDriveTypeW 00007ff6`5facf8c8 00007ffa`7babfe50 KERNEL32!GetEnvironmentStringsWStub 00007ff6`5facf8d0 00007ffa`7babbdf0 KERNEL32!GetEnvironmentVariableWStub 00007ff6`5facf8d8 00007ffa`7babd820 KERNEL32!GetExitCodeProcessImplementation 00007ff6`5facf8e0 00007ffa`7bac5510 KERNEL32!GetFileAttributesExW 00007ff6`5facf8e8 00007ffa`7bac5520 KERNEL32!GetFileAttributesW 00007ff6`5facf8f0 00007ffa`7bac5530 KERNEL32!GetFileInformationByHandle 00007ff6`5facf8f8 00007ffa`7babfe10 KERNEL32!GetFileInformationByHandleExStub 00007ff6`5facf900 00007ffa`7bac5550 KERNEL32!GetFileSizeEx 00007ff6`5facf908 00007ffa`7bac5560 KERNEL32!GetFileTime 00007ff6`5facf910 00007ffa`7bac5570 KERNEL32!GetFileType 00007ff6`5facf918 00007ffa`7bac55b0 KERNEL32!GetFullPathNameW 00007ff6`5facf920 00007ffa`7bab61d0 KERNEL32!GetLastErrorStub 00007ff6`5facf928 00007ffa`7babe7e0 KERNEL32!GetLocalTimeStub 00007ff6`5facf930 00007ffa`7bac05e0 KERNEL32!GetLocaleInfoWStub 00007ff6`5facf938 00007ffa`7bac1830 KERNEL32!GetLogicalProcessorInformationStub 00007ff6`5facf940 00007ffa`7baa68c0 KERNEL32!GetLongPathNameW 00007ff6`5facf948 00007ffa`7babe6e0 KERNEL32!GetModuleFileNameWStub 00007ff6`5facf950 00007ffa`7babf870 KERNEL32!GetModuleHandleAStub 00007ff6`5facf958 00007ffa`7babfdf0 KERNEL32!GetModuleHandleExWStub 00007ff6`5facf960 00007ffa`7babd8f0 KERNEL32!GetModuleHandleWStub 00007ff6`5facf968 00007ffa`7bb01fd0 KERNEL32!GetNamedPipeClientProcessId 00007ff6`5facf970 00007ffa`7bac0e40 KERNEL32!GetNativeSystemInfoStub 00007ff6`5facf978 00007ffa`7bac1a80 KERNEL32!GetOEMCPStub 00007ff6`5facf980 00007ffa`7babb690 KERNEL32!GetProcAddressStub 00007ff6`5facf988 00007ffa`7badb960 KERNEL32!GetProcessHandleCountStub 00007ff6`5facf990 00007ffa`7bab6190 KERNEL32!GetProcessHeapStub 00007ff6`5facf998 00007ffa`7badb980 KERNEL32!GetProcessHeapsStub 00007ff6`5facf9a0 00007ffa`7babd790 KERNEL32!GetProcessIdStub 00007ff6`5facf9a8 00007ffa`799f8a80 KERNELBASE!GetProcessMitigationPolicy 00007ff6`5facf9b0 00007ffa`7babb2a0 KERNEL32!GetProcessTimesStub 00007ff6`5facf9b8 00007ffa`7bac1910 KERNEL32!GetProductInfoStub 00007ff6`5facf9c0 00007ffa`7bab63b0 KERNEL32!GetQueuedCompletionStatusStub 00007ff6`5facf9c8 00007ffa`7babdff0 KERNEL32!GetStartupInfoWStub 00007ff6`5facf9d0 00007ffa`7babdc50 KERNEL32!GetStdHandleStub 00007ff6`5facf9d8 00007ffa`7babeaf0 KERNEL32!GetStringTypeWStub 00007ff6`5facf9e0 00007ffa`7bac1470 KERNEL32!GetSystemDefaultLCIDStub 00007ff6`5facf9e8 00007ffa`7babb5d0 KERNEL32!GetSystemDirectoryWStub 00007ff6`5facf9f0 00007ffa`7babe370 KERNEL32!GetSystemInfoStub 00007ff6`5facf9f8 00007ffa`7bab8350 KERNEL32!GetSystemTimeAsFileTimeStub 00007ff6`5facfa00 00007ffa`7bac5980 KERNEL32!GetSystemWow64DirectoryW 00007ff6`5facfa08 00007ffa`7bac5600 KERNEL32!GetTempPathW 00007ff6`5facfa10 00007ffa`7bac0d30 KERNEL32!GetThreadContextStub 00007ff6`5facfa18 00007ffa`7bac13d0 KERNEL32!GetThreadIdStub 00007ff6`5facfa20 00007ffa`7baba8c0 KERNEL32!GetThreadLocaleStub 00007ff6`5facfa28 00007ffa`7babc040 KERNEL32!GetThreadPriorityStub 00007ff6`5facfa30 00007ffa`7bab5c20 KERNEL32!GetTickCountKernel32 00007ff6`5facfa38 00007ffa`7bab6310 KERNEL32!GetTickCount64Kernel32 00007ff6`5facfa40 00007ffa`7babf980 KERNEL32!GetTimeFormatWStub 00007ff6`5facfa48 00007ffa`7bac10c0 KERNEL32!GetTimeZoneInformationStub 00007ff6`5facfa50 00007ffa`7bac0360 KERNEL32!GetUserDefaultLCIDStub 00007ff6`5facfa58 00007ffa`7badbb90 KERNEL32!GetUserDefaultLangIDStub 00007ff6`5facfa60 00007ffa`7babeb30 KERNEL32!GetUserDefaultLocaleNameStub 00007ff6`5facfa68 00007ffa`7bac12f0 KERNEL32!GetUserDefaultUILanguageStub 00007ff6`5facfa70 00007ffa`7babf9a0 KERNEL32!GetUserGeoID 00007ff6`5facfa78 00007ffa`7bac0140 KERNEL32!GetVersionExWStub 00007ff6`5facfa80 00007ffa`7bac3080 KERNEL32!GetWindowsDirectoryWStub 00007ff6`5facfa88 00007ffa`7bac1a60 KERNEL32!HeapDestroyStub 00007ff6`5facfa90 00007ffa`7bac0ba0 KERNEL32!HeapSetInformationStub 00007ff6`5facfa98 00007ffa`799ee0d0 KERNELBASE!InitOnceExecuteOnce 00007ff6`5facfaa0 00007ffa`7bdb1570 ntdll!RtlInitializeCriticalSection 00007ff6`5facfaa8 00007ffa`7bac51a0 KERNEL32!InitializeCriticalSectionAndSpinCount 00007ff6`5facfab0 00007ffa`79a07cd0 KERNELBASE!InitializeProcThreadAttributeList 00007ff6`5facfab8 00007ffa`7bdbeba0 ntdll!RtlInitializeSListHead 00007ff6`5facfac0 00007ffa`7bac0970 KERNEL32!IsDebuggerPresentStub 00007ff6`5facfac8 00007ffa`7babe300 KERNEL32!IsProcessorFeaturePresentStub 00007ff6`5facfad0 00007ffa`7bac0430 KERNEL32!IsValidCodePageStub 00007ff6`5facfad8 00007ffa`7bac0660 KERNEL32!IsValidLocaleStub 00007ff6`5facfae0 00007ffa`7babfe30 KERNEL32!IsWow64ProcessStub 00007ff6`5facfae8 00007ffa`7babf890 KERNEL32!K32GetModuleInformationStub 00007ff6`5facfaf0 00007ffa`7badbfd0 KERNEL32!K32GetPerformanceInfoStub 00007ff6`5facfaf8 00007ffa`7badc010 KERNEL32!K32GetProcessMemoryInfoStub 00007ff6`5facfb00 00007ffa`7badc090 KERNEL32!K32QueryWorkingSetExStub 00007ff6`5facfb08 00007ffa`7bab8c70 KERNEL32!LCMapStringWStub 00007ff6`5facfb10 00007ffa`7bd7f230 ntdll!RtlLeaveCriticalSection 00007ff6`5facfb18 00007ffa`7bac0380 KERNEL32!LoadLibraryExAStub 00007ff6`5facfb20 00007ffa`7babb590 KERNEL32!LoadLibraryExWStub 00007ff6`5facfb28 00007ffa`7bac06a0 KERNEL32!LoadLibraryWStub 00007ff6`5facfb30 00007ffa`7babbb30 KERNEL32!LoadResourceStub 00007ff6`5facfb38 00007ffa`7bab8330 KERNEL32!LocalFreeStub 00007ff6`5facfb40 00007ffa`7bac5680 KERNEL32!LockFileEx 00007ff6`5facfb48 00007ffa`7babbb90 KERNEL32!LockResourceStub 00007ff6`5facfb50 00007ffa`7babdfb0 KERNEL32!MapViewOfFileStub 00007ff6`5facfb58 00007ffa`7bac1450 KERNEL32!MoveFileExWStub 00007ff6`5facfb60 00007ffa`7bac3050 KERNEL32!MoveFileW 00007ff6`5facfb68 00007ffa`7bab5df0 KERNEL32!MultiByteToWideCharStub 00007ff6`5facfb70 00007ffa`7babb5b0 KERNEL32!OpenProcessStub 00007ff6`5facfb78 00007ffa`7bac4a90 KERNEL32!OutputDebugStringAStub 00007ff6`5facfb80 00007ffa`7badc280 KERNEL32!PeekNamedPipeStub 00007ff6`5facfb88 00007ffa`7babbb70 KERNEL32!PostQueuedCompletionStatusStub 00007ff6`5facfb90 00007ffa`79a0ea80 KERNELBASE!PrefetchVirtualMemory 00007ff6`5facfb98 00007ffa`7bac2e50 KERNEL32!Process32FirstW 00007ff6`5facfba0 00007ffa`7bac2bf0 KERNEL32!Process32NextW 00007ff6`5facfba8 00007ffa`7bac5690 KERNEL32!QueryDosDeviceW 00007ff6`5facfbb0 00007ffa`7babe010 KERNEL32!QueryInformationJobObject 00007ff6`5facfbb8 00007ffa`7bab61f0 KERNEL32!QueryPerformanceCounterStub 00007ff6`5facfbc0 00007ffa`7babb670 KERNEL32!QueryPerformanceFrequencyStub 00007ff6`5facfbc8 00007ffa`7baa10e0 KERNEL32!QueryThreadCycleTimeStub 00007ff6`5facfbd0 00007ffa`7bac0470 KERNEL32!RaiseExceptionStub 00007ff6`5facfbd8 00007ffa`7bac5b30 KERNEL32!ReadConsoleW 00007ff6`5facfbe0 00007ffa`7bac56a0 KERNEL32!ReadFile 00007ff6`5facfbe8 00007ffa`7babccb0 KERNEL32!ReadProcessMemoryStub 00007ff6`5facfbf0 00007ffa`7bab5ab0 KERNEL32!RegisterWaitForSingleObject 00007ff6`5facfbf8 00007ffa`7bd62c70 ntdll!RtlReleaseSRWLockExclusive 00007ff6`5facfc00 00007ffa`7bac5220 KERNEL32!ReleaseSemaphore 00007ff6`5facfc08 00007ffa`7bac56e0 KERNEL32!RemoveDirectoryW 00007ff6`5facfc10 00007ffa`7badcb40 KERNEL32!ReplaceFileWStub 00007ff6`5facfc18 00007ffa`7bac5230 KERNEL32!ResetEvent 00007ff6`5facfc20 00007ffa`7babe880 KERNEL32!ResumeThreadStub 00007ff6`5facfc28 00007ffa`7bac4e80 KERNEL32!RtlCaptureContext 00007ff6`5facfc30 00007ffa`7bac25f0 KERNEL32!RtlCaptureStackBackTraceStub 00007ff6`5facfc38 00007ffa`7babdab0 KERNEL32!RtlLookupFunctionEntryStub 00007ff6`5facfc40 00007ffa`7babdb80 KERNEL32!RtlPcToFileHeaderStub 00007ff6`5facfc48 00007ffa`7badcc50 KERNEL32!RtlUnwindStub 00007ff6`5facfc50 00007ffa`7bac01b0 KERNEL32!RtlUnwindExStub 00007ff6`5facfc58 00007ffa`7baa1010 KERNEL32!RtlVirtualUnwindStub 00007ff6`5facfc60 00007ffa`7bac5b50 KERNEL32!SetConsoleCtrlHandler 00007ff6`5facfc68 00007ffa`7bac1b20 KERNEL32!SetCurrentDirectoryWStub 00007ff6`5facfc70 00007ffa`79a959f0 KERNELBASE!SetDefaultDllDirectories 00007ff6`5facfc78 00007ffa`7bac56f0 KERNEL32!SetEndOfFile 00007ff6`5facfc80 00007ffa`7bac1180 KERNEL32!SetEnvironmentVariableWStub 00007ff6`5facfc88 00007ffa`7bac5240 KERNEL32!SetEvent 00007ff6`5facfc90 00007ffa`7bac5710 KERNEL32!SetFileAttributesW 00007ff6`5facfc98 00007ffa`7bac5730 KERNEL32!SetFilePointer 00007ff6`5facfca0 00007ffa`7bac5740 KERNEL32!SetFilePointerEx 00007ff6`5facfca8 00007ffa`7bac50d0 KERNEL32!SetHandleInformation 00007ff6`5facfcb0 00007ffa`7babdec0 KERNEL32!SetInformationJobObject 00007ff6`5facfcb8 00007ffa`7bab6290 KERNEL32!SetLastErrorStub 00007ff6`5facfcc0 00007ffa`7bac2700 KERNEL32!SetNamedPipeHandleStateStub 00007ff6`5facfcc8 00007ffa`79a0c9e0 KERNELBASE!SetProcessMitigationPolicy 00007ff6`5facfcd0 00007ffa`7bac0ec0 KERNEL32!SetProcessShutdownParametersStub 00007ff6`5facfcd8 00007ffa`7bac09d0 KERNEL32!SetStdHandleStub 00007ff6`5facfce0 00007ffa`7babf8b0 KERNEL32!SetThreadAffinityMask 00007ff6`5facfce8 00007ffa`7bac5090 KERNEL32!SetThreadInformation 00007ff6`5facfcf0 00007ffa`7babbdc0 KERNEL32!SetThreadPriorityStub 00007ff6`5facfcf8 00007ffa`3e08c460 msedge_elf!crash_reporter::CrashReporterClient::AboutToRestart 00007ff6`5facfd00 00007ffa`7babbbb0 KERNEL32!SizeofResourceStub 00007ff6`5facfd08 00007ffa`7babb570 KERNEL32!SleepStub 00007ff6`5facfd10 00007ffa`799fdc40 KERNELBASE!SleepConditionVariableSRW 00007ff6`5facfd18 00007ffa`7bac5260 KERNEL32!SleepEx 00007ff6`5facfd20 00007ffa`7bac0f40 KERNEL32!SuspendThreadStub 00007ff6`5facfd28 00007ffa`7bac2970 KERNEL32!SystemTimeToTzSpecificLocalTimeStub 00007ff6`5facfd30 00007ffa`7bac1850 KERNEL32!TerminateJobObject 00007ff6`5facfd38 00007ffa`7bac0f20 KERNEL32!TerminateProcessStub 00007ff6`5facfd40 00007ffa`7babcff0 KERNEL32!TlsAllocStub 00007ff6`5facfd48 00007ffa`7babdb40 KERNEL32!TlsFreeStub 00007ff6`5facfd50 00007ffa`7bab5b20 KERNEL32!TlsGetValueStub 00007ff6`5facfd58 00007ffa`7bab6170 KERNEL32!TlsSetValueStub 00007ff6`5facfd60 00007ffa`7badd020 KERNEL32!TransactNamedPipeStub 00007ff6`5facfd68 00007ffa`7bdd1f60 ntdll!RtlTryAcquireSRWLockExclusive 00007ff6`5facfd70 00007ffa`7badd060 KERNEL32!UnhandledExceptionFilterStub 00007ff6`5facfd78 00007ffa`7bac5780 KERNEL32!UnlockFileEx 00007ff6`5facfd80 00007ffa`7babe7c0 KERNEL32!UnmapViewOfFileStub 00007ff6`5facfd88 00007ffa`7bab3770 KERNEL32!UnregisterWait 00007ff6`5facfd90 00007ffa`7bac1930 KERNEL32!UnregisterWaitExStub 00007ff6`5facfd98 00007ffa`79a04720 KERNELBASE!UpdateProcThreadAttribute 00007ff6`5facfda0 00007ffa`7bdc0650 ntdll!VerSetConditionMask 00007ff6`5facfda8 00007ffa`7bab8c20 KERNEL32!VerifyVersionInfoW 00007ff6`5facfdb0 00007ffa`7bab8cd0 KERNEL32!VirtualAllocStub 00007ff6`5facfdb8 00007ffa`7badd0e0 KERNEL32!VirtualAllocExStub 00007ff6`5facfdc0 00007ffa`7baba900 KERNEL32!VirtualFreeStub 00007ff6`5facfdc8 00007ffa`7badd100 KERNEL32!VirtualFreeExStub 00007ff6`5facfdd0 00007ffa`7babc430 KERNEL32!VirtualProtectStub 00007ff6`5facfdd8 00007ffa`7badd120 KERNEL32!VirtualProtectExStub 00007ff6`5facfde0 00007ffa`7babc960 KERNEL32!VirtualQueryStub 00007ff6`5facfde8 00007ffa`7babd7b0 KERNEL32!VirtualQueryExStub 00007ff6`5facfdf0 00007ffa`7bac5270 KERNEL32!WaitForMultipleObjects 00007ff6`5facfdf8 00007ffa`7bac5290 KERNEL32!WaitForSingleObject 00007ff6`5facfe00 00007ffa`7bac52a0 KERNEL32!WaitForSingleObjectEx 00007ff6`5facfe08 00007ffa`7badd160 KERNEL32!WaitNamedPipeWStub 00007ff6`5facfe10 00007ffa`7bda5420 ntdll!RtlWakeAllConditionVariable 00007ff6`5facfe18 00007ffa`7bda4ab0 ntdll!RtlWakeConditionVariable 00007ff6`5facfe20 00007ffa`7bab6110 KERNEL32!WideCharToMultiByteStub 00007ff6`5facfe28 00007ffa`7badd2c0 KERNEL32!Wow64GetThreadContextStub 00007ff6`5facfe30 00007ffa`7bac5b80 KERNEL32!WriteConsoleW 00007ff6`5facfe38 00007ffa`7bac5790 KERNEL32!WriteFile 00007ff6`5facfe40 00007ffa`7badd340 KERNEL32!WriteProcessMemoryStub 00007ff6`5facfe48 00007ffa`7bddc7e0 ntdll!_C_specific_handler 00007ff6`5facfe50 00007ffa`7babb280 KERNEL32!lstrlenAStub 00007ff6`5facfe58 00000000`00000000 00007ff6`5facfe60 00007ffa`7bd8ba40 ntdll!RtlInitUnicodeString 00007ff6`5facfe68 00000000`00000000 |
댓글 없음:
댓글 쓰기