Pro Tools MP3 Export v1.0x228 serial key or number

Pro Tools MP3 Export v1.0x228 serial key or number

Pro Tools MP3 Export v1.0x228 serial key or number

Pro Tools MP3 Export v1.0x228 serial key or number

fileweb view2 2.5 2. 3 2.5 1. 7 2.5 2. 9 2.5 10. 10 2.5 89. 14 2.5 19. 16 2.5 10. 17 2.5 3. 20 2.5...

classifiedidCLASSNAM/ARB SUBCLASSPATCH FOUNDREPAIRE LOCATIONREGRESSIONsummarystatusproductcomponenthardwareimportanceseverityprocessed severityprioritykernel version recordedkernel version integratedtreereported timereportermodified timeAssigned Toduplicatecomments numberdescription2NAMENVYESarchNONUMA-Q hangs during TSC initialization on boot.CLOSED CODE_FIXPlatform Specific/Hardwarei386IA-32 LinuxP2 normalnormalnormalP22.5Mainline2002-11-13 15:56 UTCMartin J. Bligh2003-01-05 11:28 UTCMartin J. BlighNone2Exact Kernel version: 2.5.46 Distribution: debian woody Harware Environment: 16-way NUMA-Q Problem Description: Hangs during TSC initialization on boot. There's a garbled panic during IO-APIC init, then hang during TSC sync3ARBMEMNONOEnabling shared pagetables causes KDE to wierd outCLOSED CODE_FIXMemory ManagementOtherIA-32 LinuxP2 normalnormalnormalP22.5Mainline2002-11-13 18:55 UTCMartin J. Bligh2003-01-05 11:29 UTCDave McCrackenNone1Exact Kernel version: 2.5.46-mm1 Distribution: Redhat 7.2 / 7.3 Hardware Environment: P4 PC Software Environment: KDE Problem Description: Enabling shared pagetables causes KDE to wierd out Steps to reproduce: Start KDE7NAMTIMNONOfile lock accounting brokenCLOSED CODE_FIXFile SystemVFSAll LinuxP2 normalnormalnormalP22.5Mainline2002-11-14 04:48 UTCMatthew Wilcox2003-04-03 06:18 UTCMatthew WilcoxNone2Problem Description: the file locking code accounting is done per-task and tasks can free each others locks causing the accounting to get broken. Steps to reproduce: someone sent me a test program... i'll attach it later.9BOHNONOEHCI not properly shut down on reboot, kills usb keyboard in bios/bootloaderCLOSED CODE_FIXDriversUSBIA-32 LinuxP2 normalnormalnormalP22.5Mainline2002-11-14 08:51 UTCNicolas Mailhot2003-03-06 15:25 UTCDavid BrownellNone10Exact Kernel version: 2.5.46-bk2 (and other from 2.5.44 to 2.5.47, don't remember all the verions tested) Distribution: Red Hat Rawhide Hardware Environment: Gigabyte GA -7VAX, latest bios, keyboard + mouse on external usb2 nec hub Problem Description: When I enable ehci, boot into 2.5 then reboot I loose the usb input. Since my input is 100% usb, this is real anoying in the bootloader and bios settings (i.e. I need usb input that can be handled by the bios) uhci works in 2.4 and 2.5 ehci works in w2k The workaround is to manually turn off the psu to reset the system10BOHYESdriversNOUSB HCs may have improper interrupt configuration with ACPI in IOAPIC modeCLOSED CODE_FIXACPIConfig-InterruptsIA-32 LinuxP2 highhighhighP22.5.46-bk2 to 2.6.0-test4-bk22.5Mainline2002-11-14 08:56 UTCNicolas Mailhot2004-03-03 14:40 UTCLen Brown70 955 96989Exact Kernel version: 2.5.46-bk2 Distribution: Red Hat Rawhide Hardware Environment: Gigabyte GA -7VAX, latest bios I'm trying to move from an pure usb hid + acpi + io-apic UP 2.4 system to a 2.5 one. Hardware is via kt400 based. The problem is : * 2.5 io-apic kills usb input device not accepting address", see http://linux-usb.sourceforge.net/FAQ.html#ts6 * without io-apic build-in rt8139too do not work with acpi : nov 5 20:50:30 rousalka ifup: nov 5 20:50:30 rousalka ifup: D14BOHYESdriversNONo dri : unsupported Via chipset (device id: 3189)CLOSED CODE_FIXDriversVideo(AGP)IA-32 LinuxP2 normalnormalnormalP22.5Mainline2002-11-14 12:11 UTCNicolas Mailhot2010-02-04 19:34 UTCDave JonesNone19Exact Kernel version: 2.5.47-ac1 Kernel command line: ro root=/dev/hdc1 agp_try_unsupported=1 video=matrox:vesa:0x11B,fh:96,fv:160 Distribution: Red Hat Rawhide Hardware Environment: Gigabyte GA -7VAX http://www.giga-byte.com/products/7vax.htm Northbridge : VIA KT400 Southbridge : VIA 8235 latest bios + mga G400 On boot : Linux agpgart interface v0.99 (c) Jeff Hartmann agpgart: Maximum main memory to use for agp memory: 439M agpgart: Unsupported Via chipset (device id: 3189), you might want to try agp_try_unsupported=1. agpgart: no supported devices found. [drm:drm_init] *ERROR* Cannot initialize the agpgart module. Uninitialised timer! This is just a warning. Your computer is OK function=0x00000000, data=0x0 Call Trace: [] check_timer_failed+0x64/0x70 [] del_timer+0x21/0x90 [] mga_takedown+0x60/0x380 [] mga_stub_unregister+0x32/0x11d [] init+0x3d/0x160 [] init+0x0/0x160 [] kernel_thread_helper+0x5/0x1016BOHYESfsNOreproduceable oops in lock_get_statusCLOSED CODE_FIXFile SystemVFSIA-32 LinuxP2 normalnormalnormalP22.5Mainline2002-11-14 12:28 UTCBurton Windle2003-03-07 20:13 UTCMatthew WilcoxNone10Please enter Exact Kernel version: 2.5.47, but many many older 2.5 kernels have same problem Distribution: Debian Testing Hardware Environment: single x86 CPU Software Environment: preempt enabled, non-SMP Problem Description: Reliable oops when reading /proc/locks. Unable to handle kernel NULL pointer dereference at virtual address 00000008 c014c08f *pde = 00000000 Oops: 0000 CPU: 0 EIP: 0060:[] Not tainted Using defaults from ksymoops -t elf32-i386 -a i386 EFLAGS: 00010286 eax: 00000000 ebx: c868f000 ecx: 00000001 edx: c8657f20 esi: c13c07ac edi: 00000000 ebp: 00000400 esp: c8657ee0 ds: 0068 es: 0068 ss: 0068 Stack: c8657f1c c13c07b0 c13c07ac c014c39c c868f000 c13c07ac 00000001 c0285593 c8656000 00000400 00000400 c868f000 c8657f1c c8657f20 00000001 c868f000 00000000 c015f65a c868f000 c8657f7c 00000000 00000400 00000000 00000400 Call Trace: [] [] [] [] [] [] Code: 8b 78 08 8b 44 24 1c 50 8b 44 24 1c 50 68 ac 54 28 c0 53 e8 >>EIP; c014c08f f_dentry) { inode = fl->fl_file->f_dentry->d_inode; } else { printk(KERN_EMERG "null dentry at %d\n", id); } } That will avoid the oops, and tell us who managed to set a file lock on a file without a dentry.17BOHNONOUSB plug/unplug causes device_shutdown to loop forever on rebootCLOSED CODE_FIXDriversUSBIA-32 LinuxP2 normalnormalnormalP22.5Mainline2002-11-14 12:49 UTCBurton Windle2003-01-05 11:31 UTCGreg Kroah-HartmanNone3Please enter Exact Kernel version: 2.5.47-bk2; problem started in 2.5.44, I think Distribution: Debian Testing Hardware Environment: 00:00.0 Host bridge: Intel Corp. 440LX/EX - 82443LX/EX Host bridge (rev 03) 00:01.0 PCI bridge: Intel Corp. 440LX/EX - 82443LX/EX AGP bridge (rev 03) 00:07.0 ISA bridge: Intel Corp. 82371AB/EB/MB PIIX4 ISA (rev 01) 00:07.1 IDE interface: Intel Corp. 82371AB/EB/MB PIIX4 IDE (rev 01) 00:07.2 USB Controller: Intel Corp. 82371AB/EB/MB PIIX4 USB (rev 01) 00:07.3 Bridge: Intel Corp. 82371AB/EB/MB PIIX4 ACPI (rev 01) 00:0f.0 PCI bridge: Digital Equipment Corporation DECchip 21152 (rev 03) 01:00.0 VGA compatible controller: ATI Technologies Inc 3D Rage Pro AGP 1X (rev c) 02:0a.0 Ethernet controller: 3Com Corporation 3c590 10BaseT [Vortex] 02:0b.0 Ethernet controller: Accton Technology Corporation SMC2-1211TX (rev 10) USB device: drivers/usb/core/hub.c: new USB device 00:07.2-1, assigned address 2 input: USB HID v1.00 Mouse [Logitech] on usb-00:07.2-1 Software Environment: Debian Testing. Problem Description: If I boot a 2.5.47-bk2 kernel, and do not remove/add USB devices, I can reboot fine. If I boot a 2.5.47-bk2 kernel, and remove and then replug in a USB device, a later reboot will hang in device_shutdown (as show by sysrq+p). I have added printks to this function, and it appears to be looping forever in the 'for_each_device'. Steps to reproduce: Boot 2.5.47, or 2.5.44. Unplug USB mouse, then replug it, and reboot. Kernel will hang after init prints 'Rebooting...'. Sysrq+p shows it is stuck in device_shutdown.20NAMSEQNONOKernel AGP support needs to be initialized soonerCLOSED CODE_FIXDriversVideo(AGP)IA-32 LinuxP2 lowlowlowP22.5Mainline2002-11-14 13:25 UTCJoseph Fannin2002-12-17 15:53 UTCDave JonesNone4The kernel AGP drivers need to be initialized earlier in the boot process -- before the framebuffer system. This is needed for Antonio Daplas's framebuffer driver for the i810 video chipset which has no video memory of its own and must use the AGP GART to get linear memory for the framebuffer driver. Issues like this are why this driver is not merged yet. :-)23UNKNONONo sound on TOSLINK output with CS4624 and alsaCLOSED CODE_FIXOtherOtherIA-32 LinuxP2 normalnormalnormalP22.5Mainline2002-11-14 14:01 UTCNicolas Mailhot2003-01-05 11:34 UTCAlanNone4Exact Kernel version: 2.5.47-ac3 Distribution: Red Hat Raw Hide Hardware Environment: Gigabyte GA -7VAX http://www.giga-byte.com/products/7vax.htm Hercules Fortissimo III 7.1 http://europe.hercules.com/supportf.php?pa=mor&drv=355&prd=56&ft=MANUALS&os=26 [root@rousalka root]# /sbin/lspci -vv 00:00.0 Host bridge: VIA Technologies, Inc. VT8377 [KT400] Host Bridge Subsystem: Giga-byte Technology: Unknown device 5000 Control: I/O- Mem+ BusMaster+ SpecCycle- MemWINV- VGASnoop- ParErr- Stepping- SERR- FastB2B- Status: Cap+ 66Mhz+ UDF- FastB2B- ParErr- DEVSEL=medium >TAbort- /sys/devices/sys/name the process appears to be hung. ^c won't return control to me. If I log in on another console though, I can't find it running in the process list. All I can do is kill the login process. No kernel errors when I do this, just the hung terminal. Steps to reproduce: mount -tsysfs none /sys echo 1> /sys/devices/sys/name94BOHNOYESfile remain locked after sapdb process exist.CLOSED CODE_FIXOtherOtherIA-32 LinuxP2 normalnormalnormalP22.5Mainline2002-11-18 15:22 UTCMingming Cao2003-03-07 20:13 UTCMatthew WilcoxNone7(Please check that the problem happens on Linus' tree if not then file under the Alternate Trees category.) Exact Kernel version:2.5.47 Distribution: Hardware Environment:Intel PIII 700MHz, 1G L1, 8 CPUs Software Environment:RedHat 7.2, glibc-2.2.4-13,sapdb 7.3.0.25-1, OSDL's dbt1 test suite Problem Description: sapdb failed to unlock the raw device it used after it quits the database. So next time it failed to re-load the sap database since it tries to re-lock the raw devices. This problem does not exist on 2.4 kernel. Steps to reproduce: Modify dbt1/scripts/sapdb/create_db.sh(if necessary), put the data on some raw devices(there is not problem with filesystem). Then reboot the machine(SMP box) a

Источник: [https://torrent-igruha.org/3551-portal.html]
, Pro Tools MP3 Export v1.0x228 serial key or number

save - Index of

Foreword by Ben Fathi Corporate Vice President, Windows Core Development, Microsoft Corporation 5 Windows Internals ® FIFTH EDITION Covering Windows Server 2008 and Windows Vista ® ® Mark E. Russinovich and David A. Solomon with Alex Ionescu PUBLISHED BY Microsoft Press A Division of Microsoft Corporation One Microsoft Way Redmond, Washington 98052-6399 Copyright © 2009 by David Solomon (all); Mark Russinovich (all) All rights reserved. No part of the contents of this book may be reproduced or transmitted in any form or by any means without the written permission of the publisher. Library of Congress Control Number: 2009927697 Printed and bound in the United States of America. 1 2 3 4 5 6 7 8 9 QWT 4 3 2 1 0 9 Distributed in Canada by H.B. Fenn and Company Ltd. A CIP catalogue record for this book is available from the British Library. Microsoft Press books are available through booksellers and distributors worldwide. For further infor mation about international editions, contact your local Microsoft Corporation office or contact Microsoft Press International directly at fax (425) 936-7329. Visit our Web site at www.microsoft.com/mspress. Send comments to [email protected] Microsoft, Microsoft Press, Access, Active Directory, ActiveSync, ActiveX, Aero, Authenticode, BitLocker, DirectX, Excel, Hyper-V, Internet Explorer, MS, MSDN, MS-DOS, Outlook, PowerPoint, ReadyBoost, ReadyDrive, SideShow, SQL Server, SuperFetch, Visual Basic, Visual C++, Visual Studio, Win32, Windows, Windows Media, Windows NT, Windows Server, Windows Vista, and Xbox are either registered trademarks or trademarks of the Microsoft group of companies. Other product and company names mentioned herein may be the trademarks of their respective owners. The example companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. This book expresses the author’s views and opinions. The information contained in this book is provided without any express, statutory, or implied warranties. Neither the authors, Microsoft Corporation, nor its resellers, or distributors will be held liable for any damages caused or alleged to be caused either directly or indirectly by this book. Acquisitions Editor: Ben Ryan Developmental Editor: Devon Musgrave Project Editor: John Pierce Editorial Production: Curtis Philips, Publishing.com Cover: Tom Draper Design Body Part No. X14-95072 To Jim Allchin, our OS and rock star Table of Contents Foreword . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xix Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxi Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .xxiii 1 Concepts and Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Windows Operating System Versions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1 Foundation Concepts and Terms. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Windows API. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2 Services, Functions, and Routines . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4 Processes, Threads, and Jobs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Virtual Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14 Kernel Mode vs. User Mode. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 Terminal Services and Multiple Sessions . . . . . . . . . . . . . . . . . . . . . . . . . . . 19 Objects and Handles . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Unicode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Digging into Windows Internals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24 Reliability and Performance Monitor . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 Kernel Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26 Windows Software Development Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Windows Driver Kit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31 Sysinternals Tools . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32 What do you think of this book? We want to hear from you! www.microsoft.com/learning/booksurvey/ v vi Table of Contents 2 System Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Requirements and Design Goals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33 Operating System Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34 Architecture Overview. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35 Portability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38 Symmetric Multiprocessing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39 Scalability . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 43 Differences Between Client and Server Versions . . . . . . . . . . . . . . . . . . . . 43 Checked Build. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47 Key System Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49 Environment Subsystems and Subsystem DLLs . . . . . . . . . . . . . . . . . . . . . 50 Ntdll.dll . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57 Executive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58 Kernel . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61 Hardware Abstraction Layer. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65 Device Drivers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68 System Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 74 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83 3 System Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Trap Dispatching. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85 Interrupt Dispatching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87 Exception Dispatching. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 114 System Service Dispatching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 125 Object Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 133 Executive Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 136 Object Structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138 Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 170 High-IRQL Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 172 Low-IRQL Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 177 System Worker Threads. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 198 Windows Global Flags . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 200 Advanced Local Procedure Calls (ALPCs) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 202 Kernel Event Tracing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 207 Wow64 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 211 Wow64 Process Address Space Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . 211 System Calls . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 Exception Dispatching. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 Table of Contents User Callbacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 File System Redirection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 212 Registry Redirection and Reflection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213 I/O Control Requests . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 214 16-Bit Installer Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215 Printing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215 Restrictions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 215 User-Mode Debugging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 Kernel Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 216 Native Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 217 Windows Subsystem Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 219 Image Loader . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 220 Early Process Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222 Loaded Module Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 223 Import Parsing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 226 Post Import Process Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 227 Hypervisor (Hyper-V) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 228 Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230 Root Partition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 230 Child Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 232 Hardware Emulation and Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 234 Kernel Transaction Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 240 Hotpatch Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 242 Kernel Patch Protection. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 244 Code Integrity. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 246 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 248 4 Management Mechanisms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 The Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 Viewing and Changing the Registry . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 249 Registry Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 250 Registry Data Types . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251 Registry Logical Structure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252 Transactional Registry (TxR) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 260 Monitoring Registry Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 262 Registry Internals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 266 Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 281 Service Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 282 The Service Control Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 300 vii viii Table of Contents Service Startup . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 303 Startup Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 307 Accepting the Boot and Last Known Good . . . . . . . . . . . . . . . . . . . . . . . . 308 Service Failures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 310 Service Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 311 Shared Service Processes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 313 Service Tags. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316 Service Control Programs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 317 Windows Management Instrumentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318 Providers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 319 The Common Information Model and the Managed Object Format Language. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 320 Class Association . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325 WMI Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 327 WMI Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329 Windows Diagnostic Infrastructure. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329 WDI Instrumentation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330 Diagnostic Policy Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330 Diagnostic Functionality . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 332 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 333 5 Processes, Threads, and Jobs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335 Process Internals. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335 Data Structures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335 Kernel Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 342 Performance Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 343 Relevant Functions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 344 Protected Processes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346 Flow of CreateProcess . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 348 Stage 1: Converting and Validating Parameters and Flags. . . . . . . . . . . 350 Stage 2: Opening the Image to Be Executed . . . . . . . . . . . . . . . . . . . . . . 351 Stage 3: Creating the Windows Executive Process Object (PspAllocateProcess). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 354 Stage 4: Creating the Initial Thread and Its Stack and Context . . . . . . . 359 Stage 5: Performing Windows Subsystem–Specific Post-Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 360 Stage 6: Starting Execution of the Initial Thread . . . . . . . . . . . . . . . . . . . 362 Stage 7: Performing Process Initialization in the Context of the New Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 363 Table of Contents Thread Internals . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370 Data Structures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 370 Kernel Variables . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 Performance Counters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 379 Relevant Functions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380 Birth of a Thread . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 380 Examining Thread Activity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 381 Limitations on Protected Process Threads. . . . . . . . . . . . . . . . . . . . . . . . . 384 Worker Factories (Thread Pools) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 386 Thread Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391 Overview of Windows Scheduling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 391 Priority Levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 393 Windows Scheduling APIs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 395 Relevant Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 396 Real-Time Priorities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 399 Thread States . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 400 Dispatcher Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 404 Quantum . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 406 Scheduling Scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 413 Context Switching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418 Idle Thread . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 418 Priority Boosts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 419 Multiprocessor Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 434 Multiprocessor Thread-Scheduling Algorithms . . . . . . . . . . . . . . . . . . . . 442 CPU Rate Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .444 Job Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 445 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 450 6 Security. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451 Security Ratings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 451 Trusted Computer System Evaluation Criteria. . . . . . . . . . . . . . . . . . . . . . 451 The Common Criteria . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 453 Security System Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 454 Protecting Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 458 Access Checks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 459 Security Descriptors and Access Control . . . . . . . . . . . . . . . . . . . . . . . . . . 484 Account Rights and Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 501 Account Rights . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 502 ix x Table of Contents Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 503 Super Privileges . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 509 Security Auditing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 511 Logon . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 513 Winlogon Initialization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 515 User Logon Steps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 516 User Account Control . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 520 Virtualization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 521 Elevation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 528 Software Restriction Policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 533 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 535 7 I/O System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537 I/O System Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 537 The I/O Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 539 Typical I/O Processing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 540 Device Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541 Types of Device Drivers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 541 Structure of a Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 547 Driver Objects and Device Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 550 Opening Devices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 555 I/O Processing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 562 Types of I/O. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 563 I/O Request to a Single-Layered Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . 572 I/O Requests to Layered Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 578 I/O Cancellation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 587 I/O Completion Ports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 592 I/O Prioritization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 598 Driver Verifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 604 Kernel-Mode Driver Framework (KMDF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 606 Structure and Operation of a KMDF Driver. . . . . . . . . . . . . . . . . . . . . . . . 607 KMDF Data Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 608 KMDF I/O Model . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 612 User-Mode Driver Framework (UMDF) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 616 The Plug and Play (PnP) Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 619 Level of Plug and Play Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 620 Driver Support for Plug and Play . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 621 Table of Contents Driver Loading, Initialization, and Installation . . . . . . . . . . . . . . . . . . . . . 623 Driver Installation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 632 The Power Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 636 Power Manager Operation. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 638 Driver Power Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 639 Driver and Application Control of Device Power . . . . . . . . . . . . . . . . . . . 643 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .644 8 Storage Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645 Storage Terminology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 645 Disk Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 646 Winload . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 646 Disk Class, Port, and Miniport Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . 647 Disk Device Objects . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 650 Partition Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 651 Volume Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 652 Basic Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 653 Dynamic Disks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 656 Multipartition Volume Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 661 The Volume Namespace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 667 Volume I/O Operations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 674 Virtual Disk Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 675 BitLocker Drive Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677 BitLocker Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 677 Encryption Keys . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 679 Trusted Platform Module (TPM) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 681 BitLocker Boot Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 683 BitLocker Key Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 684 Full Volume Encryption Driver . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 686 BitLocker Management. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 687 Volume Shadow Copy Service . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 688 Shadow Copies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 688 VSS Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 688 VSS Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 689 Uses in Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 692 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 698 xi xii Table of Contents 9 Memory Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 699 Introduction to the Memory Manager. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 699 Memory Manager Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 700 Internal Synchronization. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 701 Examining Memory Usage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 701 Services the Memory Manager Provides . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 704 Large and Small Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 705 Reserving and Committing Pages. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 706 Locking Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 707 Allocation Granularity . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 708 Shared Memory and Mapped Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 709 Protecting Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 711 No Execute Page Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 713 Copy-on-Write . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 718 Address Windowing Extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 719 Kernel-Mode Heaps (System Memory Pools) . . . . . . . . . . . . . . . . . . . . . . . . . . . 721 Pool Sizes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 722 Monitoring Pool Usage. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 724 Look-Aside Lists . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 728 Heap Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 729 Types of Heaps . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 730 Heap Manager Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 731 Heap Synchronization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 732 The Low Fragmentation Heap . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 732 Heap Security Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 733 Heap Debugging Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 734 Pageheap. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 735 Virtual Address Space Layouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 736 x86 Address Space Layouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 737 x86 System Address Space Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 740 x86 Session Space . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 740 System Page Table Entries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 744 64-Bit Address Space Layouts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 745 64-Bit Virtual Addressing Limitations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 749 Dynamic System Virtual Address Space Management . . . . . . . . . . . . . . 751 System Virtual Address Space Quotas . . . . . . . . . . . . . . . . . . . . . . . . . . . . 756 User Address Space Layout . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 757 Table of Contents Address Translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 761 x86 Virtual Address Translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 762 Translation Look-Aside Buffer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 768 Physical Address Extension (PAE) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 769 IA64 Virtual Address Translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 772 x64 Virtual Address Translation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 773 Page Fault Handling. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 774 Invalid PTEs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 775 Prototype PTEs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 776 In-Paging I/O . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 778 Collided Page Faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 779 Clustered Page Faults . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 779 Page Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 780 Stacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 784 User Stacks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 785 Kernel Stacks. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 786 DPC Stack . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 787 Virtual Address Descriptors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 787 Process VADs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 788 Rotate VADs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 790 NUMA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 791 Section Objects. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 792 Driver Verifier . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 799 Page Frame Number Database . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 803 Page List Dynamics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 807 Page Priority . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 809 Modified Page Writer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 812 PFN Data Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 814 Physical Memory Limits. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 818 Windows Client Memory Limits . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 819 Working Sets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 822 Demand Paging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 823 Logical Prefetcher . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 823 Placement Policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 827 Working Set Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 828 Balance Set Manager and Swapper . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 831 System Working Set. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 832 Memory Notification Events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 833 xiii xiv Table of Contents Proactive Memory Management (SuperFetch) . . . . . . . . . . . . . . . . . . . . . . . . . . 836 Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 836 Tracing and Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 838 Scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 840 Page Priority and Rebalancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 840 Robust Performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 843 ReadyBoost . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .844 ReadyDrive . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 845 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 847 10 Cache Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 849 Key Features of the Cache Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 849 Single, Centralized System Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 850 The Memory Manager . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 850 Cache Coherency . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 850 Virtual Block Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 852 Stream-Based Caching . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 852 Recoverable File System Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 853 Cache Virtual Memory Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 854 Cache Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 855 Cache Virtual Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 855 Cache Working Set Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 856 Cache Physical Size . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 858 Cache Data Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 859 Systemwide Cache Data Structures. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 860 Per-File Cache Data Structures . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 862 File System Interfaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 868 Copying to and from the Cache . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 869 Caching with the Mapping and Pinning Interfaces . . . . . . . . . . . . . . . . . 870 Caching with the Direct Memory Access Interfaces . . . . . . . . . . . . . . . . 872 Fast I/O. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 873 Read Ahead and Write Behind. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 875 Intelligent Read-Ahead . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 875 Write-Back Caching and Lazy Writing . . . . . . . . . . . . . . . . . . . . . . . . . . . . 877 Write Throttling . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 885 System Threads. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 886 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 887 Table of Contents 11 File Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 889 Windows File System Formats . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 890 CDFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 890 UDF. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 891 FAT12, FAT16, and FAT32 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 891 exFAT . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 894 NTFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 895 File System Driver Architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 895 Local FSDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 896 Remote FSDs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 897 File System Operation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 901 File System Filter Drivers. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 907 Troubleshooting File System Problems. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 908 Process Monitor Basic vs. Advanced Modes . . . . . . . . . . . . . . . . . . . . . . . 908 Process Monitor Troubleshooting Techniques . . . . . . . . . . . . . . . . . . . . . 909 Common Log File System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 910 NTFS Design Goals and Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 918 High-End File System Requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 918 Advanced Features of NTFS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 920 NTFS File System Driver. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 934 NTFS On-Disk Structure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 937 Volumes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 937 Clusters . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 937 Master File Table . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 938 File Reference Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 942 File Records . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 942 File Names. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 945 Resident and Nonresident Attributes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 948 Data Compression and Sparse Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 951 The Change Journal File . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 956 Indexing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 960 Object IDs . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 961 Quota Tracking. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 962 Consolidated Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 963 Reparse Points . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 965 Transaction Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 965 xv xvi Table of Contents NTFS Recovery Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 974 Design . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 975 Metadata Logging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 976 Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 981 NTFS Bad-Cluster Recovery . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 985 Self-Healing. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 989 Encrypting File System Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 990 Encrypting a File for the First Time . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 993 The Decryption Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 998 Backing Up Encrypted Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 999 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1000 12 Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1001 Windows Networking Architecture. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1001 The OSI Reference Model. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1001 Windows Networking Components . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1003 Networking APIs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1006 Windows Sockets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1006 Winsock Kernel (WSK). . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1012 Remote Procedure Call . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1014 Web Access APIs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1018 Named Pipes and Mailslots . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1021 NetBIOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1027 Other Networking APIs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1030 Multiple Redirector Support. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1033 Multiple Provider Router . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1034 Multiple UNC Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1037 Name Resolution . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1039 Domain Name System. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1039 Windows Internet Name Service. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1039 Peer Name Resolution Protocol . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1039 Location and Topology . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1042 Network Location Awareness (NLA) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1042 Link-Layer Topology Discovery (LLTD) . . . . . . . . . . . . . . . . . . . . . . . . . . . 1043 Protocol Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1044 Windows Filtering Platform (WFP) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1047 NDIS Drivers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1053 Variations on the NDIS Miniport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1057 Connection-Oriented NDIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1057 Table of Contents Remote NDIS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1060 QoS. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1062 Binding. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1064 Layered Network Services . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1066 Remote Access . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1066 Active Directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1066 Network Load Balancing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1068 Distributed File System and DFS Replication. . . . . . . . . . . . . . . . . . . . . . 1069 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1071 13 Startup and Shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1073 Boot Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1073 BIOS Preboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1073 The BIOS Boot Sector and Bootmgr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1077 The EFI Boot Process . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1086 Initializing the Kernel and Executive Subsystems . . . . . . . . . . . . . . . . . . 1088 Smss, Csrss, and Wininit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .1094 ReadyBoot. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1099 Images That Start Automatically . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1100 Troubleshooting Boot and Startup Problems . . . . . . . . . . . . . . . . . . . . . . . . . . 1101 Last Known Good. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1101 Safe Mode . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1101 Windows Recovery Environment (WinRE) . . . . . . . . . . . . . . . . . . . . . . . . 1106 Solving Common Boot Problems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1109 Shutdown. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1115 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1118 14 Crash Dump Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1119 Why Does Windows Crash? . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1119 The Blue Screen . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1120 Troubleshooting Crashes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1124 Crash Dump Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1125 Crash Dump Generation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1130 Windows Error Reporting . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1131 Online Crash Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1133 Basic Crash Dump Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1134 Notmyfault . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1134 Basic Crash Dump Analysis. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1135 Verbose Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1137 xvii xviii Table of Contents Using Crash Troubleshooting Tools. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1139 Buffer Overrun, Memory Corruptions, and Special Pool . . . . . . . . . . . 1140 Code Overwrite and System Code Write Protection . . . . . . . . . . . . . . . 1143 Advanced Crash Dump Analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1144 Stack Trashes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1145 Hung or Unresponsive Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1147 When There Is No Crash Dump. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1150 Conclusion . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1152 Glossary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1153 Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1185 What do you think of this book? We want to hear from you! www.microsoft.com/learning/booksurvey/ Foreword It’s both a pleasure and an honor for me to write the foreword for this latest edition of Windows Internals. Many significant changes have occurred in Windows since the last edition of the book, and David, Mark, and Alex have done an excellent job of updating the book to address them. Whether you are new to Windows internals or an old hand at kernel development, you will find lots of detailed analysis and examples to help improve your understanding of the core mechanisms of Windows as well as the general principles of operating system design. Today, Windows enjoys unprecedented breadth and depth in the computing world. Variants of the original Windows NT design run on everything from Xbox game consoles to desktop and laptop computers to clusters of servers with dozens of processors and petabytes of storage. Advances such as hypervisors, 64-bit computing, multicore and many-core processor designs, flash-based storage, and wireless and peer-to-peer networking continue to provide plenty of interesting and innovative areas for operating system design. One such area of innovation is security. Over the past decade, the entire computing industry—and Microsoft in particular—has been confronted with huge new threats, and security has become the top issue facing many of our customers. Attacks such as Blaster and Sasser threatened to bring the entire Internet to its knees, and Windows was at the eye of the hurricane. It was obvious to us that we could no longer afford to do business as usual, as many of the usability and simplicity features designed into Windows were being used to attack it for nefarious reasons. At first the hackers were teenagers trying to gain notoriety by breaking into systems or adding graffiti to a corporate Web site, but pretty soon the attacks intensified and went underground. The hackers became more sophisticated and evaded inspection. You rarely see headlines about viruses and worms these days, but make no mistake—botnets and identity theft are big business today, as are industrial and government espionage through targeted attacks. In January 2002, Bill Gates sent his now-famous “Trustworthy Computing” memorandum to all Microsoft employees. It was a call to action that resonated well and charted the course for how we would build software and conduct business over the coming years. Nearly the entire Windows engineering team was diverted to work on Windows XP SP2, a service pack dedicated almost entirely to improving the security of the operating system. The Security Development Lifecycle (SDL) was developed and applied to all Microsoft products, with particular emphasis on Windows Vista as the first version of the operating system designed from the ground up to be secure. SDL specifies strict guidelines and processes for secure software development. Sophisticated tools have been developed to scan everything from source code to system binaries to network protocols for common security vulnerabilities. Every time a new security vulnerability is discovered, it is analyzed, and mitigations are developed to address that potential attack vector. Windows Vista has now been in the market for xix xx Foreword two years, and it is by far the most secure version of Windows. Some industry analysts have pointed out that it is, in fact, the most secure general purpose operating system shipping today. The Windows team has continued to innovate over the past few years. Windows XP, Windows Server 2003, Windows Server 2003 R2, Windows XP SP2, Windows Vista, Windows Server 2008, and Hyper-V are all major accomplishments and great successes—as well as great additions to the Windows family of products. Frankly, I can’t think of a more exciting and challenging topic. Nor can I think of a more authoritative and well-written book. David, Mark, and Alex have done a thorough job of dissecting the Windows architecture and providing diagnostic tools for hands-on learning. I hope you enjoy reading and learning about Windows as much as we all enjoy working on it. Ben Fathi Corporate Vice President, Windows Core Development Microsoft Corporation Acknowledgments We dedicate this edition to Jim Allchin, our executive sponsor and champion before he retired from Microsoft. Jim supported our book work on this and earlier editions and was instrumental in bringing Mark Russinovich to Microsoft. In addition to shepherding Windows Vista out the door, Jim also oversaw the delivery of Windows 2000, Windows XP, and Windows Server 2003. Each edition of this book has to acknowledge Dave Cutler, Senior Technical Fellow and the original architect of Windows NT. Dave originally approved David Solomon’s source code access and has been supportive of his work to explain the internals of Windows through his training business as well as during the writing of the editions of this book. We also thank three developers at Microsoft for contributing content that was incorporated into this edition: N Christian Allred, who wrote detailed descriptions on transactional NTFS (TxF) internals, data structures, and behaviors N Stone Cong, who wrote content and created diagrams about the Common Log File System (CLFS) N Adrian Marinescu, who updated his heap manager section in the memory management chapter This book wouldn’t contain the depth of technical detail or the level of accuracy it has without the input, and support of key members of the Windows development team. We want to thank the following people, who provided technical review and input to the book: Dmitry Anipko Kwan Hyun Ravi Mumulla Jon Schwartz Eugene Bak Mehmet Iyigun Adi Oltean Valerie See Karlito Bonnevie Philippe Joubert Vince Orgovan Matt Setzer Jon Cargille Kwan Hyun Kim Bernard Ourghanlian Andrey Shedel Dean DeWhitt Kinshuman Kinshumann Alexey Pakhunov Neeraj Singh Apurva Doshi Alex Kirshenbaum Milos Petrbok Vikram Singh Joseph East Norbert Kusters Daniel Pravat Paul Sliwowicz Tahsin Erdogan Jeff Lambert Ravi Pudipeddi John Stephens Cenk Ergan Paul Leach Melur Raghuraman Deepu Thomas Osman Ertugay Scott Lee Ramu Ramanathan J. R. Tipton Tom Fout Mark Lloyd Vlad Sadovsky Davis Walker Nar Ganapathy Karan Mehra Dragos Sambotin Brad Waters Robin Giese Derek Moore Jamie Schwartz Bruce Worthington xxi xxii Acknowledgments Thanks also to Daniel Pearson (who teaches Windows internals for Dave Solomon) for his review and input. Others might have contributed by answering questions in the hallway or cafeteria or by providing technical material—if we missed you, please forgive us! The authors would like to thank Ilfak Guilfanov of Hex-Rays (www.hex-rays.com) for the IDA Pro Advanced and Hex-Rays licenses for Alex Ionescu for his use in speeding his reverse engineering of the Windows kernel. Alex chose not to have Windows source code access (as did Mark Russinovich before he joined Microsoft) to research the information for his work on this book, and these tools greatly facilitated his work. IDA’s features turn reverse engineering into a powerful tool for understanding Windows internals. Combined with the Hex-Rays Decompiler, this analysis becomes even faster and more refined, as C code is directly presented instead of assembler, including all the right types. Thanks also to Matt Ginzton of VMware, who arranged for Alex and David to receive VMware Workstation to use in their research for the book. VMware Workstation was used instead of Microsoft Virtual PC because of its support for 64-bit guests and multiple snapshots with nonpersisent disks. (These features are now supported by Hyper-V, Microsoft’s new server virtualization offering, but at the time of writing, this support was not available). Thanks to Mike Vance of AMD for providing Dave Solomon’s AMD64 laptop for use in his book research and live classes. Finally, we want to thank the team at Microsoft Press who helped turn this book from idea into reality: N Ben Ryan (acquisitions editor at Microsoft Press) for shepherding another edition of this great book N Kathleen Atkins (project editor) and Devon Musgrave (developmental editor) for launching and overseeing the project N Andrea Fox (proofreader), Curtis Philips (project and production manager), and John Pierce (project editor and copyeditor) for laboriously going through all our chapters to tighten up text, find inconsistencies, and keep the manuscript to the high standards of Microsoft Press Alex Ionescu, Mark Russinovich, and David Solomon May 2009 Introduction Windows Internals, Fifth Edition is intended for advanced computer professionals (both developers and system administrators) who want to understand how the core components of the Windows Vista and Windows Server 2008 operating systems work internally. With this knowledge, developers can better comprehend the rationale behind design choices when building applications specific to the Windows platform. Such knowledge can also help developers debug complex problems. System administrators can benefit from this information as well, because understanding how the operating system works “under the covers” facilitates understanding the performance behavior of the system and makes troubleshooting system problems much easier when things go wrong. After reading this book, you should have a better understanding of how Windows works and why it behaves as it does. Structure of the Book The first two chapters (“Concepts and Tools” and “System Architecture”) lay the foundation with definitions and explanations of terms and concepts used throughout the rest of the book. The next two chapters—“System Mechanisms” and “Management Mechanisms”— describe key underlying mechanisms in the system. The next eight chapters explain the core components of the operating system: processes, threads, and jobs; security; the I/O system; storage management; memory management; the cache manager; file systems; and networking. The last two chapters cover startup and shutdown process and crash dump analysis. History of the Book This is the fifth edition of a book that was originally called Inside Windows NT (Microsoft Press, 1992), written by Helen Custer (prior to the initial release of Microsoft Windows NT 3.1). Inside Windows NT was the first book ever published about Windows NT and provided key insights into the architecture and design of the system. Inside Windows NT, Second Edition (Microsoft Press, 1998) was written by David Solomon. It updated the original book to cover Windows NT 4.0 and had a greatly increased level of technical depth. Inside Windows 2000, Third Edition (Microsoft Press, 2000) was authored by David Solomon and Mark Russinovich. It added many new topics, such as startup and shutdown, service internals, registry internals, file system drivers, and networking. It also covered kernel changes in Windows 2000, such as the Windows Driver Model (WDM), Plug and Play, power management, Windows Management Instrumentation (WMI), encryption, the job object, and Terminal Services. Windows Internals, Fourth Edition was the Windows XP and Windows Server 2003 update xxiii xxiv Introduction and added more content focused on helping IT professionals make use of their knowledge of Windows internals, such as using key tools from Windows Sysinternals (www.microsoft.com/ technet/sysinternals) and analyzing crash dumps. Fifth Edition Changes This latest edition has been updated to cover the kernel changes made in Windows Vista and Windows Server 2008. Hands-on experiments have been updated to reflect changes in tools, and newly added experiments use tools not available when the fourth edition was written. Additionally, content has been added to cover mechanisms that were not previously described, such as the image loader and user-mode debugging facility, and information about previously covered subjects has been expanded as well. Hands-On Experiments Even without access to the Windows source code, you can glean much about Windows internals from tools such as the kernel debugger and tools from Sysinternals and Winsider Seminars & Solutions (www.winsiderss.com). When a tool can be used to expose or demonstrate some aspect of the internal behavior of Windows, the steps for trying the tool yourself are listed in “Experiment” boxes. These appear throughout the book, and we encourage you to try these as you’re reading—seeing visible proof of how Windows works internally will make much more of an impression on you than just reading about it will. Topics Not Covered Windows is a large and complex operating system. This book doesn’t cover everything relevant to Windows internals but instead focuses on the base system components. For example, this book doesn’t describe COM+, the Windows distributed object-oriented programming infrastructure, or the .NET Framework, the foundation of managed code applications. Because this is an internals book and not a user, programming, or system administration book, it doesn’t describe how to use, program, or configure Windows. A Warning and a Caveat Because this book describes undocumented behavior of the internal architecture and operation of the Windows operating system (such as internal kernel structures and functions), this Introduction xxv content is subject to change between releases. (External interfaces, such as the Windows API, are not subject to incompatible changes.) By “subject to change,” we don’t necessarily mean that details described in this book will change between releases, but you can’t count on them not changing. Any software that uses these undocumented interfaces might not work on future releases of Windows. Even worse, software that runs in kernel mode (such as device drivers) and uses these undocumented interfaces might experience a system crash when running on a newer release of Windows. Find Additional Content Online As new or updated material becomes available that complements this book, it will be posted online on the Microsoft Press Online Developer Tools Web site. The type of material you might find includes updates to book content, articles, links to companion content, errata, sample chapters, and more. This Web content is available at www.microsoft.com/learning/ books/online/developer and is updated periodically. Support Every effort has been made to ensure the accuracy of this book. Should you run into any problems or issues, please refer to the sources listed below. From the Authors This book isn’t perfect. No doubt it contains some inaccuracies, or possibly we’ve omitted some topics we should have covered. If you find anything you think is incorrect, or if you believe we should have included material that isn’t here, please feel free to send e-mail to [email protected] Updates and corrections will be posted on the Web site http://technet. microsoft.com/en-us/sysinternals/bb963901.aspx. From Microsoft Press Microsoft Press provides corrections for books through the World Wide Web at the following address: www.microsoft.com/mspress/support xxvi Introduction Questions and Comments In addition to sending feedback directly to the authors, if you have comments, questions, or ideas regarding the presentation or use of this book, you can send them to Microsoft using either of the following methods: Postal mail: Microsoft Press Attn: Windows Internals Editor One Microsoft Way Redmond, WA 98052-6399 E-mail: [email protected]
Источник: [https://torrent-igruha.org/3551-portal.html]
Pro Tools MP3 Export v1.0x228 serial key or number

SpyHolesList Version:13.1 Build:8.90.0.

0 ratings0% found this document useful (0 votes)
351 views161 pages

Date uploaded

Copyright

Available Formats

TXT, PDF, TXT or read online from Scribd

Share this document

Share or Embed Document

Did you find this document useful?

590-64b
02.06.2017 3:41:07 PM
WinDir=C:\WINDOWS
Startup=C:\Users\berna\AppData\Roaming\Microsoft\Windows\Start
Menu\Programs\Startup\
Common Startup=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Windows 10 Home (10.0.15063)
Internet Explorer 9.11.15063.0
DBS Version: 1.955
[CHROME:ChromeDefaultData:C:\Users\berna\AppData\Local\Google\Chrome\User
Data\ChromeDefaultData\]
[Chrome Protected Settings]
search_web_data.url=http://www.mystarting123.com/search/index.php?
z=16aace0bfd402683b7e91a9g8z2t5qbcegac9o6t3c&q={searchTerms}
[Chrome Protected Settings] search_web_data.created_by_policy=0
[Chrome Protected Settings] session.startup_urls=["","http:\/\/www.google.com\/"]
[Chrome Protected Settings]
default_search_provider_data.template_url_data.alternate_urls=[]
[Chrome Protected Settings]
default_search_provider_data.template_url_data.url=http://www.mystarting123.com/sea
rch/index.php?z=16aace0bfd402683b7e91a9g8z2t5qbcegac9o6t3c&q={searchTerms}
[Chrome Protected Settings]
default_search_provider_data.template_url_data.keyword=mystarting123
[Chrome Protected Settings]
default_search_provider_data.template_url_data.short_name=mystarting123
[Chrome Protected Settings] homepage=http://www.google.com/
[Google Chrome Addons]
felcaaldnbdncclmgdcncolpebgiejap=C:\Users\berna\AppData\Local\Google\Chrome\User
Data\ChromeDefaultData\Extensions\felcaaldnbdncclmgdcncolpebgiejap\1.1_0
### Google Sheets: Create and edit spreadsheets update_url:
https://clients2.google.com/service/update2/crx
[Google Chrome Addons] eemcgdkfndhakfknompkggombfjjjeno=C:\Program Files
(x86)\Google\Chrome\Application\56.0.2924.87\resources\bookmark_manager
### Bookmark Manager: Bookmark Manager
[Google Chrome Addons]
cfhdojbkjhnklbpkdaibdccddilifddb=C:\Users\berna\AppData\Local\Google\Chrome\User
Data\ChromeDefaultData\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.13.2_0
### Adblock Plus: Used on over 100 million devices, Adblock Plus is the world's
most popular ad blocker. update_url:
https://clients2.google.com/service/update2/crx
[Google Chrome Addons]
pjkljhegncpnkpknbcohdijeoejaedia=C:\Users\berna\AppData\Local\Google\Chrome\User
Data\ChromeDefaultData\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\8.1_0
### Gmail: Fast, searchable email with less spam. update_url:
http://clients2.google.com/service/update2/crx
[Google Chrome Addons] ahfgeienlihckogmohjhadlkjgocpleb=C:\Program Files
(x86)\Google\Chrome\Application\56.0.2924.87\resources\web_store
### Web Store: Discover great apps, games, extensions and themes for Google
Chrome.
[Google Chrome Addons]
aapocclcgogkmnckokdopfmhonfmgoek=C:\Users\berna\AppData\Local\Google\Chrome\User
Data\ChromeDefaultData\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.9_0
### Google Slides: Create and edit presentations update_url:
https://clients2.google.com/service/update2/crx
[Google Chrome Addons]
aohghmighlieiainnegkcijnfilokake=C:\Users\berna\AppData\Local\Google\Chrome\User
Data\ChromeDefaultData\Extensions\aohghmighlieiainnegkcijnfilokake\0.9_0
### Google Docs: Create and edit documents update_url:
https://clients2.google.com/service/update2/crx
[Google Chrome Addons] mfffpogegjflfpflabcdkioaeobkgjik=C:\Program Files
(x86)\Google\Chrome\Application\56.0.2924.87\resources\gaia_auth
### GaiaAuthExtension: GAIA Component Extension
[Google Chrome Addons] kmendfapggjehodndflmmgagdbamhnfd=C:\Program Files
(x86)\Google\Chrome\Application\56.0.2924.87\resources\cryptotoken
### CryptoTokenExtension: CryptoToken Component Extension
[Google Chrome Addons]
akpelnjfckgfiplcikojhomllgombffc=C:\Users\berna\AppData\Local\Google\Chrome\User
Data\ChromeDefaultData\Extensions\akpelnjfckgfiplcikojhomllgombffc\2.6_0
### Theme Creator: Chrome Theme Creator, create and share Chrome themes online.
update_url: https://clients2.google.com/service/update2/crx
[Google Chrome Addons]
aapbdbdomjkkjkaonfhkkikfgjllcleb=C:\Users\berna\AppData\Local\Google\Chrome\User
Data\ChromeDefaultData\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\2.0.6_0
### Google Translate: View translations easily as you browse the web. By the
Google Translate team. update_url: https://clients2.google.com/service/update2/crx
[Google Chrome Addons] mhjfbmdgcfjbbpaeojofohoefgiehjai=C:\Program Files
(x86)\Google\Chrome\Application\56.0.2924.87\resources\pdf
### Chrome PDF Viewer:
[Google Chrome Addons] kgejglhpjiefppelpmljglcjbhoiplfn=C:\Program Files
(x86)\Google\Chrome\Application\58.0.3029.110\resources\hangout_services
### Google Hangouts:
[Google Chrome Addons]
apdfllckaahabafndbhieahigkjlhalf=C:\Users\berna\AppData\Local\Google\Chrome\User
Data\ChromeDefaultData\Extensions\apdfllckaahabafndbhieahigkjlhalf\14.1_0
### Google Drive: Google Drive: create, share and keep all your stuff in one
place. update_url: https://clients2.google.com/service/update2/crx
[Google Chrome Addons] neajdppkdcdipfabeoofebfddakdcjhd=C:\Program Files
(x86)\Google\Chrome\Application\56.0.2924.87\resources\network_speech_synthesis
### Google Network Speech: Component extension providing speech via the Google
network text-to-speech service.
[Google Chrome Addons] nkeimhogjdpnpccoofpliimaahmaaome=C:\Program Files
(x86)\Google\Chrome\Application\56.0.2924.87\resources\hangout_services
### Google Hangouts:
[Google Chrome Addons]
ghbmnnjooekpmoecnnnilnnbdlolhkhi=C:\Users\berna\AppData\Local\Google\Chrome\User
Data\ChromeDefaultData\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi\1.4_1
### Google Docs Offline: Get things done offline with the Google Docs family of
products. update_url: https://clients2.google.com/service/update2/crx
[Google Chrome Addons]
aiimdkdngfcipjohbjenkahhlhccpdbc=C:\Users\berna\AppData\Local\Google\Chrome\User
Data\ChromeDefaultData\Extensions\aiimdkdngfcipjohbjenkahhlhccpdbc\28.1.1_0
### Flash Video Downloader: Popular Video Downloader. Downloads most popular
media formats like flash, videos, audios etc.. update_url:
https://clients2.google.com/service/update2/crx
[Google Chrome Addons] gfdkimpbcpahaombhbimeihdjnejgicl=C:\Program Files
(x86)\Google\Chrome\Application\56.0.2924.87\resources\feedback
### Feedback: User feedback extension
[Google Chrome Addons] mfehgcgbbipciphmccgaenjidiccnmng=C:\Program Files
(x86)\Google\Chrome\Application\56.0.2924.87\resources\cloud_print
### Cloud Print: Cloud Print
[Google Chrome Addons]
pkedcjkdefgpdelpbcmbmeomcjbeemfm=C:\Users\berna\AppData\Local\Google\Chrome\User
Data\ChromeDefaultData\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm\5817.313.0.5_0
### Chrome Media Router: Provider for discovery and services for mirroring of
Chrome Media Router update_url: https://clients2.google.com/service/update2/crx
[Google Chrome Addons]
nmmhkkegccagdldgiimedpiccmgmieda=C:\Users\berna\AppData\Local\Google\Chrome\User
Data\ChromeDefaultData\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.2_0
### Chrome Web Store Payments: Chrome Web Store Payments update_url:
https://clients2.google.com/service/update2/crx
[Google Chrome Addons]
blpcfgokakmgnkcojhhkbfbldkacnbeo=C:\Users\berna\AppData\Local\Google\Chrome\User
Data\ChromeDefaultData\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.8_0
### YouTube: update_url: http://clients2.google.com/service/update2/crx
[Google Chrome Addons]
fahmaaghhglfmonjliepjlchgpgfmobi=C:\Users\berna\AppData\Local\Google\Chrome\User
Data\ChromeDefaultData\Extensions\fahmaaghhglfmonjliepjlchgpgfmobi\1.367.0_0
### : Disabled
update_url: https://clients2.google.com/service/update2/crx
[Google Chrome Addons]
ifbmcpbgkhlpfcodhjhdbllhiaomkdej=C:\Users\berna\AppData\Local\Google\Chrome\User
Data\ChromeDefaultData\Extensions\ifbmcpbgkhlpfcodhjhdbllhiaomkdej\0.1.8.0_0
### : Disabled
update_url: https://clients2.google.com/service/update2/crx
[Internet Explorer]
[Default Home Page] :HKLM Default_Page_URL=www.google.com
[Current Home Page] :HKCU Start Page=www.google.com
[Current Home Page] :HKCU HOMEOldSP=""
[Current Home Page] :HKCU Default_Page_URL=www.google.com
[Current Home Page] :HKLM Start Page=www.google.com
[Current Home Page] :HKLM HOMEOldSP=""
[All Users Search] :HKLM Default_Search_URL=www.google.com
[All Users Search] :HKLM Search Page=www.google.com
[Current Home Page(x64)] :HKLM Start Page=www.google.com
[Current Home Page(x64)] :HKLM HOMEOldSP=""
[All Users Search(x64)] :HKLM Default_Search_URL=www.google.com
[All Users Search(x64)] :HKLM Search Page=www.google.com
[Current Users Search] :HKCU Default_Search_URL=""
[Current Users Search] :HKCU Search Page=http://go.microsoft.com/fwlink/?
LinkId=54896
[Current Users Search] :HKCU Search Bar=""
[IE Local Blank Page] :HKCU Local Page=%11%\blank.htm
[IE Local Blank Page] :HKLM Local Page=C:\Windows\SysWOW64\blank.htm
[Browser Helper Objects] {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}=C:\PROGRAM FILES
(X86)\MICROSOFT OFFICE\ROOT\OFFICE16\OCHELPER.DLL
### Skype for Business Microsoft Corporation Microsoft Office 2016 16.0.4266.1003

[Browser Helper Objects] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}=C:\PROGRAM FILES


(X86)\MICROSOFT OFFICE\ROOT\OFFICE16\GROOVEEX.DLL
### Microsoft OneDrive for Business Extensions Microsoft Corporation Microsoft
Office 2016 16.0.4266.1003
[Browser Helper Objects(x64)] {31D09BA0-12F5-4CCE-BE8A-2923E76605DA}=C:\PROGRAM
FILES (X86)\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX64\MICROSOFT
OFFICE\OFFICE16\OCHELPER.DLL
### Skype for Business Microsoft Corporation Microsoft Office 2016 16.0.4266.1003

[Browser Helper Objects(x64)] {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF}=C:\PROGRAM


FILES (X86)\MICROSOFT OFFICE\ROOT\VFS\PROGRAMFILESX64\MICROSOFT
OFFICE\OFFICE16\GROOVEEX.DLL
### Microsoft OneDrive for Business Extensions Microsoft Corporation Microsoft
Office 2016 16.0.4266.1003
[Auto Search URL] :HKCU provider=""
[Auto Search URL] :HKCU "Default Value"=""
[Search Assistant] :HKCU SearchAssistant=""
[Search Assistant] :HKLM SearchAssistant=""
[Search Assistant] :HKCU CustomizeSearch=""
[Search Assistant] :HKLM CustomizeSearch=""
[Search Provider for All Users] {0633EE93-D776-472f-A0FF-
E1416B8B2E3A}=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
### Bing
[Search Provider for All Users] DefaultScope={0633EE93-D776-472f-A0FF-
E1416B8B2E3A}
[Search Provider for All Users(x64)] {0633EE93-D776-472f-A0FF-
E1416B8B2E3A}=http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
### Bing
[Search Provider for All Users(x64)] DefaultScope={0633EE93-D776-472f-A0FF-
E1416B8B2E3A}
[CustomizeSearch] :HKLM CustomizeSearch=""
[URLSearchHook] :HKCU {CFBFAE00-17A6-11D0-99CB-
00C04FD64497}=C:\WINDOWS\SYSWOW64\IEFRAME.DLL
### Internet Browser Microsoft Corporation Internet Explorer 11.00.15063.0
[Search URL Template] :HKLM 1=""
[Search URL Template] :HKLM 2=""
[Search URL Template] :HKLM 3=""
[Search URL Template] :HKLM 4=""
[Default Prefix] :HKLM "Default Value"=http://
[URL Default Prefixes] :HKLM ftp=ftp://
[URL Default Prefixes] :HKLM home=http://
[URL Default Prefixes] :HKLM mosaic=http://
[URL Default Prefixes] :HKLM www=http://
[AboutURLs] :HKLM blank=res://mshtml.dll/blank.htm
[AboutURLs] :HKLM DesktopItemNavigationFailure=res://ieframe.dll/navcancl.htm
[AboutURLs] :HKLM Home=270
[AboutURLs] :HKLM InPrivate=res://ieframe.dll/inprivate.htm
[AboutURLs] :HKLM NavigationCanceled=res://ieframe.dll/navcancl.htm
[AboutURLs] :HKLM NavigationFailure=res://ieframe.dll/navcancl.htm
[AboutURLs] :HKLM NoAdd-ons=res://ieframe.dll/noaddon.htm
[AboutURLs] :HKLM NoAdd-onsInfo=res://ieframe.dll/noaddoninfo.htm
[AboutURLs] :HKLM PostNotCached=res://ieframe.dll/repost.htm
[AboutURLs] :HKLM SecurityRisk=res://ieframe.dll/securityatrisk.htm
[User Style Sheet] :HKCU User Stylesheet=""
[User Style Sheet] :HKCU Use My Stylesheet=0
[Execute unsigned ActiveX in My Computer Zone] :HKCU 1201=0
[Execute unsigned ActiveX in My Computer Zone] :HKLM 1201=1
[Execute unsigned ActiveX in Local Intranet Zone] :HKCU 1201=0
[Execute unsigned ActiveX in Local Intranet Zone] :HKLM 1201=3
[Execute unsigned ActiveX in Internet Zone] :HKCU 1201=3
[Execute unsigned ActiveX in Internet Zone] :HKLM 1201=3
[Links Toolbar] :HKCU LinksFolderName=""
[IE Extensions - All Users] :HKLM {2670000A-7350-4f3c-8081-5663EE0C6C49}
### File is missing.
[IE Extensions - All Users] :HKLM {31D09BA0-12F5-4CCE-BE8A-
2923E76605DA}=C:\PROGRAM FILES (X86)\MICROSOFT OFFICE\ROOT\OFFICE16\OCHELPER.DLL
### Skype for Business Microsoft Corporation Microsoft Office 2016 16.0.4266.1003

[IE Extensions - All Users] :HKLM {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA}


### File is missing.
[Context menu items] :HKCU E&xport to Microsoft Excel=res://C:\Program Files
(x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
### File is missing.
[Context menu items] :HKCU Se&nd to OneNote=res://C:\Program Files
(x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
### File is missing.
[AutoConfigURL] :HKCU AutoConfigURL=""
[Protocols Filter] :HKLM application/octet-stream=C:\WINDOWS\SYSWOW64\MSCOREE.DLL
### Microsoft .NET Runtime Execution Engine Microsoft Corporation Microsoft
Windows Operating System 10.0.15063.0
[Protocols Filter] :HKLM application/x-complus=C:\WINDOWS\SYSWOW64\MSCOREE.DLL
### Microsoft .NET Runtime Execution Engine Microsoft Corporation Microsoft
Windows Operating System 10.0.15063.0
[Protocols Filter] :HKLM application/x-msdownload=C:\WINDOWS\SYSWOW64\MSCOREE.DLL
### Microsoft .NET Runtime Execution Engine Microsoft Corporation Microsoft
Windows Operating System 10.0.15063.0
[Protocols Handler] :HKLM about=C:\WINDOWS\SYSWOW64\MSHTML.DLL
### Microsoft (R) HTML Viewer Microsoft Corporation Internet Explorer
11.00.15063.0
[Protocols Handler] :HKLM cdl=C:\WINDOWS\SYSWOW64\URLMON.DLL
### OLE32 Extensions for Win32 Microsoft Corporation Internet Explorer
11.00.15063.0
[Protocols Handler] :HKLM dvd=C:\WINDOWS\SYSWOW64\MSVIDCTL.DLL
### ActiveX control for streaming video Microsoft Corporation DirectShow
6.5.15063.0
[Protocols Handler] :HKLM file=C:\WINDOWS\SYSWOW64\URLMON.DLL
### OLE32 Extensions for Win32 Microsoft Corporation Internet Explorer
11.00.15063.0
[Protocols Handler] :HKLM ftp=C:\WINDOWS\SYSWOW64\URLMON.DLL
### OLE32 Extensions for Win32 Microsoft Corporation Internet Explorer
11.00.15063.0
[Protocols Handler] :HKLM http=C:\WINDOWS\SYSWOW64\URLMON.DLL
### OLE32 Extensions for Win32 Microsoft Corporation Internet Explorer
11.00.15063.0
[Protocols Handler] :HKLM https=C:\WINDOWS\SYSWOW64\URLMON.DLL
### OLE32 Extensions for Win32 Microsoft Corporation Internet Explorer
11.00.15063.0
[Protocols Handler] :HKLM its=C:\WINDOWS\SYSWOW64\ITSS.DLL
### Microsoft InfoTech Storage System Library Microsoft Corporation Microsoft
Windows Operating System 10.0.15063.0
[Protocols Handler] :HKLM javascript=C:\WINDOWS\SYSWOW64\MSHTML.DLL
### Microsoft (R) HTML Viewer Microsoft Corporation Internet Explorer
11.00.15063.0
[Protocols Handler] :HKLM local=C:\WINDOWS\SYSWOW64\URLMON.DLL
### OLE32 Extensions for Win32 Microsoft Corporation Internet Explorer
11.00.15063.0
[Protocols Handler] :HKLM mailto=C:\WINDOWS\SYSWOW64\MSHTML.DLL
### Microsoft (R) HTML Viewer Microsoft Corporation Internet Explorer
11.00.15063.0
[Protocols Handler] :HKLM mhtml=C:\WINDOWS\SYSWOW64\INETCOMM.DLL
### Microsoft Internet Messaging API Resources Microsoft Corporation Microsoft
Windows Operating System 10.0.15063.0
[Protocols Handler] :HKLM mk=C:\WINDOWS\SYSWOW64\URLMON.DLL
### OLE32 Extensions for Win32 Microsoft Corporation Internet Explorer
11.00.15063.0
[Protocols Handler] :HKLM ms-its=C:\WINDOWS\SYSWOW64\ITSS.DLL
### Microsoft InfoTech Storage System Library Microsoft Corporation Microsoft
Windows Operating System 10.0.15063.0
[Protocols Handler] :HKLM mso-minsb-roaming.16=C:\PROGRAM FILES (X86)\MICROSOFT
OFFICE\ROOT\OFFICE16\MSOSB.DLL
### Microsoft Office 2016 component Microsoft Corporation Microsoft Office 2016
16.0.4266.1003
[Protocols Handler] :HKLM mso-minsb.16=C:\PROGRAM FILES (X86)\MICROSOFT
OFFICE\ROOT\OFFICE16\MSOSB.DLL
### Microsoft Office 2016 component Microsoft Corporation Microsoft Office 2016
16.0.4266.1003
[Protocols Handler] :HKLM osf-roaming.16=C:\PROGRAM FILES (X86)\MICROSOFT
OFFICE\ROOT\OFFICE16\MSOSB.DLL
### Microsoft Office 2016 component Microsoft Corporation Microsoft Office 2016
16.0.4266.1003
[Protocols Handler] :HKLM osf.16=C:\PROGRAM FILES (X86)\MICROSOFT
OFFICE\ROOT\OFFICE16\MSOSB.DLL
### Microsoft Office 2016 component Microsoft Corporation Microsoft Office 2016
16.0.4266.1003
[Protocols Handler] :HKLM res=C:\WINDOWS\SYSWOW64\MSHTML.DLL
### Microsoft (R) HTML Viewer Microsoft Corporation Internet Explorer
11.00.15063.0
[Protocols Handler] :HKLM tbauth=C:\WINDOWS\SYSWOW64\TBAUTH.DLL
### TBAuth protocol handler Microsoft Corporation Microsoft Windows Operating
System 10.0.15063.0
[Protocols Handler] :HKLM tv=C:\WINDOWS\SYSWOW64\MSVIDCTL.DLL
### ActiveX control for streaming video Microsoft Corporation DirectShow
6.5.15063.0
[Protocols Handler] :HKLM vbscript=C:\WINDOWS\SYSWOW64\MSHTML.DLL
### Microsoft (R) HTML Viewer Microsoft Corporation Internet Explorer
11.00.15063.0
[Protocols Handler] :HKLM windows.tbauth=C:\WINDOWS\SYSWOW64\TBAUTH.DLL
### TBAuth protocol handler Microsoft Corporation Microsoft Windows Operating
System 10.0.15063.0
[Proxy] :HKCU ProxyServer=""
[Proxy] :HKCU ProxyEnable=0
[Network Settings]
[Hosts File Path] :HKLM DataBasePath=%SystemRoot%\System32\drivers\etc
[Browsers]
[Installed Browsers] Google Chrome=C:\PROGRAM FILES
(X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
### Google Chrome Google Inc. Google Chrome 58.0.3029.110
[Installed Browsers] IEXPLORE.EXE=IEXPLORE.EXE
### File is missing.
[Network Settings]
[Domain Name] :HKLM Domain=""
[Name Server] {cc727923-36d9-4912-bd36-d4e47c55a219}=192.168.1.1
### DHCPNameServer:192.168.1.1 DhcpDefaultGateway:192.168.1.1
DhcpServer:192.168.1.1
[WinSock2 Components] napinsp.dll=C:\WINDOWS\SYSWOW64\NAPINSP.DLL
### E-mail Naming Shim Provider Microsoft Corporation Microsoft Windows
Operating System 10.0.15063.0 !$*%SystemRoot%\SYSWOW64\napinsp.dll
[WinSock2 Components] pnrpnsp.dll=C:\WINDOWS\SYSWOW64\PNRPNSP.DLL
### PNRP Name Space Provider Microsoft Corporation Microsoft Windows Operating
System 10.0.15063.0 !$*%SystemRoot%\SYSWOW64\pnrpnsp.dll
[WinSock2 Components] NLAapi.dll=C:\WINDOWS\SYSWOW64\NLAAPI.DLL
### Network Location Awareness 2 Microsoft Corporation Microsoft Windows
Operating System 10.0.15063.0 !$*%SystemRoot%\SYSWOW64\NLAapi.dll
[WinSock2 Components] mswsock.dll=C:\WINDOWS\SYSWOW64\MSWSOCK.DLL
### Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation
Microsoft Windows Operating System 10.0.15063.0 !$*%SystemRoot
%\SYSWOW64\mswsock.dll
[WinSock2 Components] winrnr.dll=C:\WINDOWS\SYSWOW64\WINRNR.DLL
### LDAP RnR Provider DLL Microsoft Corporation Microsoft Windows Operating
System 10.0.15063.0 !$*%SystemRoot%\SYSWOW64\winrnr.dll
[WinSock2 Components] wshbth.dll=C:\WINDOWS\SYSWOW64\WSHBTH.DLL
### Windows Sockets Helper DLL Microsoft Corporation Microsoft Windows
Operating System 10.0.15063.0 !$*%SystemRoot%\SYSWOW64\wshbth.dll
[WinSock2 Components] mdnsNSP.dll=C:\PROGRAM FILES (X86)\BONJOUR\MDNSNSP.DLL
### Bonjour Namespace Provider Apple Inc. Bonjour 3,1,0,1
[WinSock2 Components (x64)] napinsp.dll=C:\WINDOWS\SYSNATIVE\NAPINSP.DLL
### E-mail Naming Shim Provider Microsoft Corporation Microsoft Windows
Operating System 10.0.15063.0 !$*%SystemRoot%\SYSNATIVE\napinsp.dll
[WinSock2 Components (x64)] pnrpnsp.dll=C:\WINDOWS\SYSNATIVE\PNRPNSP.DLL
### PNRP Name Space Provider Microsoft Corporation Microsoft Windows Operating
System 10.0.15063.0 !$*%SystemRoot%\SYSNATIVE\pnrpnsp.dll
[WinSock2 Components (x64)] NLAapi.dll=C:\WINDOWS\SYSNATIVE\NLAAPI.DLL
### Network Location Awareness 2 Microsoft Corporation Microsoft Windows
Operating System 10.0.15063.0 !$*%SystemRoot%\SYSNATIVE\NLAapi.dll
[WinSock2 Components (x64)] mswsock.dll=C:\WINDOWS\SYSNATIVE\MSWSOCK.DLL
### Microsoft Windows Sockets 2.0 Service Provider Microsoft Corporation
Microsoft Windows Operating System 10.0.15063.0 !$*%SystemRoot
%\SYSNATIVE\mswsock.dll
[WinSock2 Components (x64)] winrnr.dll=C:\WINDOWS\SYSNATIVE\WINRNR.DLL
### LDAP RnR Provider DLL Microsoft Corporation Microsoft Windows Operating
System 10.0.15063.0 !$*%SystemRoot%\SYSNATIVE\winrnr.dll
[WinSock2 Components (x64)] wshbth.dll=C:\WINDOWS\SYSNATIVE\WSHBTH.DLL
### Windows Sockets Helper DLL Microsoft Corporation Microsoft Windows
Operating System 10.0.15063.0 !$*%SystemRoot%\SYSNATIVE\wshbth.dll
[WinSock2 Components (x64)] mdnsNSP.dll=C:\PROGRAM FILES\BONJOUR\MDNSNSP.DLL
### Bonjour Namespace Provider Apple Inc. Bonjour 3,1,0,1
[Windows Shell]
[Display Scrap's Extensions] :HKLM NeverShowExt=""
[ScreenSaver] :HKCU SCRNSAVE.EXE=""
### File is missing.
[System.ini] shell=explorer.exe
[User Shell] :HKCU shell=""
[User Shortcuts] :HKLM C:\Users\berna\Desktop\Dead Rising 3 Apocalypse
Edition.lnk=C:\PROGRAM FILES (X86)\R.G. MECHANICS\DEAD RISING 3 APOCALYPSE
EDITION\DEADRISING3.EXE
### Dead Rising 3 CAPCOM CO., LTD. Dead Rising 3 1.0.0.5 !
$*C:\Users\berna\Desktop\DEADRI~1.LNK
[User Shortcuts] :HKLM C:\Users\berna\Desktop\UnHackMe.lnk=C:\PROGRAM FILES
(X86)\UNHACKME\UNHACKME.EXE
### Detects and removes rootkits Greatis Software UnHackMe 8.90 !
$*C:\Users\berna\Desktop\UnHackMe.lnk
[User Shortcuts] :HKLM C:\Users\Public\Desktop\Inside.lnk=C:\PROGRAM FILES
(X86)\INSIDE\INSIDE.EXE
### 5.0.4.13071451 !$*C:\Users\Public\Desktop\Inside.lnk
[User Shortcuts] :HKLM C:\Users\Public\Desktop\Steam.lnk=C:\PROGRAM FILES
(X86)\STEAM\STEAM.EXE
### Steam Client Bootstrapper Valve Corporation Steam Client Bootstrapper
01.00.00.01 !$*C:\Users\Public\Desktop\Steam.lnk
[User Shortcuts] :HKLM C:\Users\berna\AppData\Roaming\Microsoft\Internet
Explorer\Quick Launch\Google Chrome.lnk=C:\PROGRAM FILES
(X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
### Google Chrome Google Inc. Google Chrome 58.0.3029.110 !
$*C:\Users\berna\AppData\Roaming\MICROS~1\INTERN~1\QUICKL~1\GOOGLE~1.LNK
[User Shortcuts] :HKLM C:\Users\berna\AppData\Roaming\Microsoft\Internet
Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\360c22b137d62ce9\Google
Chrome.lnk=C:\Program Files (x86)\Bagsarah\Application\chrome.exe
### File is missing.!
$*C:\Users\berna\AppData\Roaming\MICROS~1\INTERN~1\QUICKL~1\USERPI~1\IMPLIC~1\360C2
2~1\GOOGLE~1.LNK
[User Shortcuts] :HKLM C:\Users\berna\AppData\Roaming\Microsoft\Internet
Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk=C:\PROGRAM FILES
(X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
### Google Chrome Google Inc. Google Chrome 58.0.3029.110 !
$*C:\Users\berna\AppData\Roaming\MICROS~1\INTERN~1\QUICKL~1\USERPI~1\TaskBar\GOOGLE
~1.LNK
[User Shortcuts] :HKLM C:\Users\berna\AppData\Roaming\Microsoft\Internet
Explorer\Quick Launch\User Pinned\TaskBar\iTunes.lnk=C:\PROGRAM
FILES\ITUNES\ITUNES.EXE
### iTunes Apple Inc. iTunes 12.5.5.5 !
$*C:\Users\berna\AppData\Roaming\MICROS~1\INTERN~1\QUICKL~1\USERPI~1\TaskBar\iTunes
.lnk
[User Shortcuts] :HKLM C:\ProgramData\Microsoft\Windows\Start
Menu\Programs\Google Chrome.lnk=C:\PROGRAM FILES
(X86)\GOOGLE\CHROME\APPLICATION\CHROME.EXE
### Google Chrome Google Inc. Google Chrome 58.0.3029.110 !
$*C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\GOOGLE~1.LNK
[Main File Extensions] :HKLM .exe=""
[Main File Extensions] :HKLM .com=""
[Main File Extensions] :HKLM .pif=""
[Main File Extensions] :HKLM .bat=""
[Main File Extensions] :HKLM .cmd=""
[Main File Extensions] :HKLM .scr=""
[Main File Extensions] :HKLM .txt=""
[Main File Extensions] :HKLM .reg=""
[Main File Extensions] :HKLM .inf=""
[Main File Extensions] :HKLM .ini=""
[Main File Extensions] :HKLM .js=""
[Main File Extensions] :HKLM .vbs=""
[Main File Extensions] :HKLM .vbe=""
[Main File Extensions] :HKLM .msc=""
[Main File Extensions] :HKLM .jpg=""
[Main File Extensions] :HKLM .jpeg=""
[Main File Extensions] :HKLM .gif=""
[Main File Extensions] :HKLM .png=""
[UserInit Value] UserInit=C:\WINDOWS\system32\userinit.exe,
### Userinit Logon Application Microsoft Corporation Microsoft Windows
Operating System 10.0.15063.0
[UserInit Value(x64)] UserInit=C:\Windows\system32\userinit.exe,
### Userinit Logon Application Microsoft Corporation Microsoft Windows
Operating System 10.0.15063.0
[Shell Services DelayLoad] :HKLM WebCheck={E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[System Shell Policies ] :HKCU shell=""
[System Shell Policies ] :HKLM shell=""
[System Shell Policies ] :HKCU run=""
[System Shell Policies ] :HKLM run=""
[Prevents Display in Control Panel from running.] :HKCU NoDispCpl=0
[Disable Registry Tools] :HKCU DisableRegistryTools =0
[Print Monitors] :HKLM Appmon=C:\WINDOWS\SYSTEM32\APPMON.DLL
### App Printer Microsoft Corporation Microsoft Windows Operating System
10.0.15063.0 !$*AppMon.dll
[Print Monitors] :HKLM Canon BJNP Port=C:\WINDOWS\SYSTEM32\CNMN6PPM.DLL
### Canon IJ Network 64bit comm Module CANON INC. Canon IJ Network 64bit comm
Module for Microsoft Windows 3.1.0.70 !$*CNMN6PPM.DLL
[Print Monitors] :HKLM IppMon=C:\WINDOWS\SYSTEM32\IPPMON.DLL
### IPP Printer Port Monitor Microsoft Corporation Microsoft Windows Operating
System 10.0.15063.0 !$*IPPMon.dll
[Print Monitors] :HKLM Local Port=C:\WINDOWS\SYSTEM32\LOCALSPL.DLL
### Local Spooler DLL Microsoft Corporation Microsoft Windows Operating System
10.0.15063.0 !$*localspl.dll
[Print Monitors] :HKLM Microsoft Shared Fax
Monitor=C:\WINDOWS\SYSTEM32\FXSMON.DLL
### Microsoft Fax Print Monitor Microsoft Corporation Microsoft Windows
Operating System 10.0.15063.0 !$*FXSMON.DLL
[Print Monitors] :HKLM Standard TCP/IP Port=C:\WINDOWS\SYSTEM32\TCPMON.DLL
### Standard TCP/IP Port Monitor DLL Microsoft Corporation Microsoft Windows
Operating System 10.0.15063.0 !$*tcpmon.dll
[Print Monitors] :HKLM USB Monitor=C:\WINDOWS\SYSTEM32\USBMON.DLL
### Standard Dynamic Printing Port Monitor DLL Microsoft Corporation Microsoft
Windows Operating System 10.0.15063.0 !$*usbmon.dll
[Print Monitors] :HKLM WSD Port=C:\WINDOWS\SYSTEM32\WSDMON.DLL
### WSD Printer Port Monitor Microsoft Corporation Microsoft Windows Operating
System 10.0.15063.0 !$*WSDMon.dll
[Shell Icon Overlay Handlers] :HKLM DropboxExt01=C:\PROGRAM FILES
(X86)\DROPBOX\CLIENT\DROPBOXEXT.16.0.DLL
### Dropbox Shell Extension Dropbox, Inc. Dropbox 1.0.0.1
[Shell Icon Overlay Handlers] :HKLM DropboxExt02=C:\PROGRAM FILES
(X86)\DROPBOX\CLIENT\DROPBOXEXT.16.0.DLL
### Dropbox Shell Extension Dropbox, Inc. Dropbox 1.0.0.1
[Shell Icon Overlay Handlers] :HKLM DropboxExt03=C:\PROGRAM FILES
(X86)\DROPBOX\CLIENT\DROPBOXEXT.16.0.DLL
### Dropbox Shell Extension Dropbox, Inc. Dropbox 1.0.0.1
[Shell Icon Overlay Handlers] :HKLM DropboxExt04=C:\PROGRAM FILES
(X86)\DROPBOX\CLIENT\DROPBOXEXT.16.0.DLL
### Dropbox Shell Extension Dropbox, Inc. Dropbox 1.0.0.1
[Shell Icon Overlay Handlers] :HKLM DropboxExt05=C:\PROGRAM FILES
(X86)\DROPBOX\CLIENT\DROPBOXEXT.16.0.DLL
### Dropbox Shell Extension Dropbox, Inc. Dropbox 1.0.0.1
[Shell Icon Overlay Handlers] :HKLM DropboxExt06=C:\PROGRAM FILES
(X86)\DROPBOX\CLIENT\DROPBOXEXT.16.0.DLL
### Dropbox Shell Extension Dropbox, Inc. Dropbox 1.0.0.1
[Shell Icon Overlay Handlers] :HKLM DropboxExt07=C:\PROGRAM FILES
(X86)\DROPBOX\CLIENT\DROPBOXEXT.16.0.DLL
### Dropbox Shell Extension Dropbox, Inc. Dropbox 1.0.0.1
[Shell Icon Overlay Handlers] :HKLM DropboxExt08=C:\PROGRAM FILES
(X86)\DROPBOX\CLIENT\DROPBOXEXT.16.0.DLL
### Dropbox Shell Extension Dropbox, Inc. Dropbox 1.0.0.1
[Shell Icon Overlay Handlers] :HKLM DropboxExt09=C:\PROGRAM FILES
(X86)\DROPBOX\CLIENT\DROPBOXEXT.16.0.DLL
### Dropbox Shell Extension Dropbox, Inc. Dropbox 1.0.0.1
[Shell Icon Overlay Handlers] :HKLM DropboxExt10=C:\PROGRAM FILES
(X86)\DROPBOX\CLIENT\DROPBOXEXT.16.0.DLL
### Dropbox Shell Extension Dropbox, Inc. Dropbox 1.0.0.1
[Shell Icon Overlay Handlers] :HKLM OneDrive1={BBACC218-34EA-4666-9D7A-
C78F2274A524}
[Shell Icon Overlay Handlers] :HKLM OneDrive2={5AB7172C-9C11-405C-8DD5-
AF20F3606282}
[Shell Icon Overlay Handlers] :HKLM OneDrive3={A78ED123-AB77-406B-9962-
2A5D9D2F7F30}
[Shell Icon Overlay Handlers] :HKLM OneDrive4={F241C880-6982-4CE5-8CF7-
7085BA96DA5A}
[Shell Icon Overlay Handlers] :HKLM OneDrive5={A0396A93-DC06-4AEF-BEE9-
95FFCCAEF20E}
[Shell Icon Overlay Handlers] :HKLM OneDrive6={9AA2F32D-362A-42D9-9328-
24A483E2CCC3}
[Shell Icon Overlay Handlers] :HKLM SkyDrivePro1 (ErrorConflict)=C:\PROGRAM
FILES (X86)\MICROSOFT OFFICE\ROOT\OFFICE16\GROOVEEX.DLL
### Microsoft OneDrive for Business Extensions Microsoft Corporation Microsoft
Office 2016 16.0.4266.1003
[Shell Icon Overlay Handlers] :HKLM SkyDrivePro2 (SyncInProgress)=C:\PROGRAM
FILES (X86)\MICROSOFT OFFICE\ROOT\OFFICE16\GROOVEEX.DLL
### Microsoft OneDrive for Business Extensions Microsoft Corporation Microsoft
Office 2016 16.0.4266.1003
[Shell Icon Overlay Handlers] :HKLM SkyDrivePro3 (InSync)=C:\PROGRAM FILES
(X86)\MICROSOFT OFFICE\ROOT\OFFICE16\GROOVEEX.DLL
### Microsoft OneDrive for Business Extensions Microsoft Corporation Microsoft
Office 2016 16.0.4266.1003
[Context Menu Handlers] :HKLM 7-Zip={23170F69-40C1-278A-1000-000100020000}
[Context Menu Handlers] :HKLM AccExt={2A118EB5-5797-4F5E-8B3D-F4ECBA3C98E4}
[Context Menu Handlers] :HKLM DropboxExt=C:\PROGRAM FILES
(X86)\DROPBOX\CLIENT\DROPBOXEXT.16.0.DLL
### Dropbox Shell Extension Dropbox, Inc. Dropbox 1.0.0.1
[Context Menu Handlers] :HKLM EPP={09A47860-11B0-4DA5-AFA5-26D86198A780}
[Context Menu Handlers] :HKLM ModernSharing=C:\WINDOWS\SYSTEM32\NTSHRUI.DLL
### Shell extensions for sharing Microsoft Corporation Microsoft Windows
Operating System 10.0.15063.0 !$*%SystemRoot%\system32\ntshrui.dll
[Context Menu Handlers] :HKLM Open With=C:\WINDOWS\SYSTEM32\SHELL32.DLL
### Windows Shell Common Dll Microsoft Corporation Microsoft Windows Operating
System 10.0.15063.0 !$*%SystemRoot%\system32\shell32.dll
[Context Menu Handlers] :HKLM Sharing=C:\WINDOWS\SYSTEM32\NTSHRUI.DLL
### Shell extensions for sharing Microsoft Corporation Microsoft Windows
Operating System 10.0.15063.0 !$*%SystemRoot%\system32\ntshrui.dll
[Context Menu Handlers] :HKLM WinRAR={B41DB860-64E4-11D2-9906-E49FADC173CA}
[Context Menu Handlers] :HKLM WinRAR32=C:\PROGRAM FILES\WINRAR\RAREXT32.DLL
### WinRAR shell extension Alexander Roshal WinRAR 5.40.0
[Context Menu Handlers] :HKLM WorkFolders={E61BF828-5E63-4287-BEF1-60B1A4FDE0E3}
[Context Menu Handlers] :HKLM {90AA3A4E-1CBA-4233-B8BB-
535773D48449}=C:\WINDOWS\SYSTEM32\SHELL32.DLL
### Windows Shell Common Dll Microsoft Corporation Microsoft Windows Operating
System 10.0.15063.0 !$*%SystemRoot%\system32\shell32.dll
[Context Menu Handlers] :HKLM {a2a9545d-a0c2-42b4-9708-
a0b2badd77c8}=C:\WINDOWS\SYSTEM32\SHELL32.DLL
### Windows Shell Common Dll Microsoft Corporation Microsoft Windows Operating
System 10.0.15063.0 !$*%SystemRoot%\system32\shell32.dll
[App Paths] :HKLM 7zFM.exe=C:\Program Files\7-Zip\7zFM.exe
### 7zFM.exe 7-Zip File Manager Igor Pavlov 7-Zip 9.20
[App Paths] :HKLM AcroRd32.exe=C:\Program Files (x86)\Adobe\Acrobat Reader
DC\Reader\AcroRd32.exe
### AcroRd32.exe Adobe Acrobat Reader DC Adobe Systems Incorporated Adobe
Acrobat Reader DC 17.9.20044.222436
[App Paths] :HKLM Adobe Media Encoder.exe="C:\Program Files\Adobe\Adobe Media
Encoder CC 2017\Adobe Media Encoder.exe"
### Adobe Media Encoder.exe Adobe Media Encoder CC 2017.1 Adobe Systems
Incorporated Adobe Media Encoder CC 2017 11.1.0
[App Paths] :HKLM Adobe Premiere Pro.exe="C:\Program Files\Adobe\Adobe Premiere
Pro CC 2017\Adobe Premiere Pro.exe"
### Adobe Premiere Pro.exe Adobe Premiere Pro CC 2017.1 Adobe Systems
Incorporated Adobe Premiere Pro CC 2017 11.1.0
[App Paths] :HKLM chrome.exe=C:\Program Files
(x86)\Google\Chrome\Application\chrome.exe
### chrome.exe Google Chrome Google Inc. Google Chrome 58.0.3029.110
[App Paths] :HKLM Chuletas.exe=C:\Program Files (x86)\Chuletas\Chuletas.exe
### Chuletas.exe Chuletas Xuletas.es Chuletas 6.1.3
[App Paths] :HKLM cmmgr32.exe
### cmmgr32.exe
[App Paths] :HKLM CNMNSST.exe=C:\Program Files (x86)\Canon\IJ Network Scanner
Selector EX\CNMNSST.exe
### CNMNSST.exe Canon IJ Network Scanner Selector EX CANON INC. Canon IJ Network
Scanner Selector EX for Microsoft Windows 1.3.0.12
[App Paths] :HKLM dfshim.dll
### dfshim.dll
[App Paths] :HKLM excel.exe=C:\Program Files (x86)\Microsoft
Office\Root\Office16\EXCEL.EXE
### excel.exe Microsoft Excel Microsoft Corporation Microsoft Office 2016
16.0.4266.1003
[App Paths] :HKLM fsquirt.exe
### fsquirt.exe
[App Paths] :HKLM GROOVE.EXE=C:\Program Files (x86)\Microsoft
Office\Root\Office16\GROOVE.EXE
### GROOVE.EXE Microsoft OneDrive for Business Microsoft Corporation Microsoft
Office 2016 16.0.4266.1003
[App Paths] :HKLM IEDIAG.EXE=C:\Program Files\Internet Explorer\IEDIAGCMD.EXE
### IEDIAG.EXE Diagnostics utility for Internet Explorer Microsoft Corporation
Internet Explorer 11.00.15063.0
[App Paths] :HKLM IEDIAGCMD.EXE=C:\Program Files\Internet Explorer\IEDIAGCMD.EXE
### IEDIAGCMD.EXE Diagnostics utility for Internet Explorer Microsoft Corporation
Internet Explorer 11.00.15063.0
[App Paths] :HKLM IEXPLORE.EXE=C:\Program Files\Internet Explorer\IEXPLORE.EXE
### IEXPLORE.EXE Internet Explorer Microsoft Corporation Internet Explorer
11.00.15063.0
[App Paths] :HKLM infopath.exe
### infopath.exe
[App Paths] :HKLM install.exe
### install.exe
[App Paths] :HKLM iTunes.exe=C:\Program Files\iTunes\iTunes.exe
### iTunes.exe iTunes Apple Inc. iTunes 12.5.5.5
[App Paths] :HKLM licensemanagershellext.exe=%SystemRoot
%\System32\licensemanagershellext.exe
### licensemanagershellext.exe
[App Paths] :HKLM Lync.exe=C:\Program Files (x86)\Microsoft
Office\Root\Office16\Lync.exe
### Lync.exe Skype for Business Microsoft Corporation Microsoft Office 2016
16.0.4266.1003
[App Paths] :HKLM mip.exe=%CommonProgramFiles%\Microsoft Shared\Ink\mip.exe
### mip.exe
[App Paths] :HKLM mplayer2.exe=%ProgramFiles(x86)%\Windows Media
Player\wmplayer.exe
### mplayer2.exe
[App Paths] :HKLM MSACCESS.EXE=C:\Program Files (x86)\Microsoft
Office\Root\Office16\MSACCESS.EXE
### MSACCESS.EXE Microsoft Access Microsoft Corporation Microsoft Office 2016
16.0.4266.1003
[App Paths] :HKLM MsoHtmEd.exe
### MsoHtmEd.exe
[App Paths] :HKLM msoxmled.exe=C:\Program Files (x86)\Microsoft
Office\Root\VFS\ProgramFilesCommonX64\Microsoft Shared\OFFICE16\MSOXMLED.EXE
### msoxmled.exe Office XML Handler Microsoft Corporation Microsoft Office
InfoPath 16.0.4266.1003
[App Paths] :HKLM MSPUB.EXE=C:\Program Files (x86)\Microsoft
Office\Root\Office16\MSPUB.EXE
### MSPUB.EXE Microsoft Publisher Microsoft Corporation Microsoft Office 2016
16.0.4266.1003
[App Paths] :HKLM OneNote.exe=C:\Program Files (x86)\Microsoft
Office\Root\Office16\ONENOTE.EXE
### OneNote.exe Microsoft OneNote Microsoft Corporation Microsoft OneNote
16.0.4266.1003
[App Paths] :HKLM OUTLOOK.EXE=C:\Program Files (x86)\Microsoft
Office\Root\Office16\OUTLOOK.EXE
### OUTLOOK.EXE Microsoft Outlook Microsoft Corporation Microsoft Outlook
16.0.4266.1003
[App Paths] :HKLM pbrush.exe=%SystemRoot%\System32\mspaint.exe
### pbrush.exe
[App Paths] :HKLM powerpnt.exe=C:\Program Files (x86)\Microsoft
Office\Root\Office16\POWERPNT.EXE
### powerpnt.exe Microsoft PowerPoint Microsoft Corporation Microsoft Office 2016
16.0.4266.1003
[App Paths] :HKLM PowerShell.exe=%SystemRoot
%\system32\WindowsPowerShell\v1.0\PowerShell.exe
### PowerShell.exe
[App Paths] :HKLM SCANUTILITY.exe=C:\Program Files (x86)\Canon\IJ Scan
Utility\SCANUTILITY.exe
### SCANUTILITY.exe Canon IJ Scan Utility CANON INC. Canon IJ Scan Utility
1.0.1.4956
[App Paths] :HKLM setup.exe
### setup.exe
[App Paths] :HKLM SnippingTool.exe=%SystemRoot%\system32\SnippingTool.exe
### SnippingTool.exe
[App Paths] :HKLM table30.exe
### table30.exe
[App Paths] :HKLM TabTip.exe=%CommonProgramFiles%\microsoft shared\ink\TabTip.exe
### TabTip.exe
[App Paths] :HKLM vstoee.dll
### vstoee.dll
[App Paths] :HKLM wab.exe=%ProgramFiles%\Windows Mail\wab.exe
### wab.exe
[App Paths] :HKLM wabmig.exe=%ProgramFiles%\Windows Mail\wabmig.exe
### wabmig.exe
[App Paths] :HKLM WinRAR.exe=C:\Program Files\WinRAR\WinRAR.exe
### WinRAR.exe WinRAR archiver Alexander Roshal WinRAR 5.40.0
[App Paths] :HKLM Winword.exe=C:\Program Files (x86)\Microsoft
Office\Root\Office16\WINWORD.EXE
### Winword.exe Microsoft Word Microsoft Corporation Microsoft Office 2016
16.0.4266.1003
[App Paths] :HKLM wmplayer.exe=%ProgramFiles(x86)%\Windows Media
Player\wmplayer.exe
### wmplayer.exe
[App Paths] :HKLM WORDPAD.EXE=C:\PROGRAM FILES\WINDOWS NT\ACCESSORIES\WORDPAD.EXE
### WORDPAD.EXE Windows Wordpad Application Microsoft Corporation Microsoft
Windows Operating System 10.0.15063.0 !$*"%ProgramFiles%\Windows
NT\Accessories\WORDPAD.EXE"
[App Paths] :HKLM WRITE.EXE="%ProgramFiles%\Windows NT\Accessories\WORDPAD.EXE"
### WRITE.EXE
[Kernel Auto Boot]
[ActiveSetup] >{22d6f312-b0f6-11d0-94ab-
0080c74c7e95}=C:\WINDOWS\SYSTEM32\UNREGMP2.EXE
### Microsoft Windows Media Player Setup Utility Microsoft Corporation Microsoft
Windows Operating System 12.0.15063.0 !$*%SystemRoot%\system32\unregmp2.exe
/ShowWMP
[Auto Services] :HKLM AdobeARMservice
### Service: Adobe Acrobat Update Service Status: Start Type: loaded
automatically by Server Manager Actual File: C:\PROGRAM FILES (X86)\COMMON
FILES\ADOBE\ARM\1.0\ARMSVC.EXE * Adobe Acrobat Updater keeps your Adobe software up
to date. Adobe Acrobat Update Service Adobe Systems Incorporated Adobe Acrobat
Update Service 1.824.22.5037 !$*"C:\PROGRAM FILES (X86)\COMMON
FILES\ADOBE\ARM\1.0\ARMSVC.EXE"
[Auto Services] :HKLM AdobeFlashPlayerUpdateSvc
### Service: Adobe Flash Player Update Service Status: Start Type: loaded
manually on demand Actual File:
C:\WINDOWS\SYSWOW64\MACROMED\FLASH\FLASHPLAYERUPDATESERVICE.EXE * This service
keeps your Adobe Flash Player installation up to date with the latest enhancements
and security fixes. Adobe Flash Player Update Service 25.0 r0 Adobe Systems
Incorporated Adobe Flash Player Update Service 25,0,0,171
[Auto Services] :HKLM AdobeUpdateService
### Service: Status: Start Type: loaded automatically by Server Manager Actual
File: C:\PROGRAM FILES (X86)\COMMON FILES\ADOBE\ADOBE DESKTOP
COMMON\ELEVATIONMANAGER\ADOBEUPDATESERVICE.EXE * Adobe Update Service Adobe
Systems Incorporated Adobe Update Service 4.0.0.185 !$*"C:\PROGRAM FILES
(X86)\COMMON FILES\ADOBE\ADOBE DESKTOP
COMMON\ELEVATIONMANAGER\ADOBEUPDATESERVICE.EXE"
[Auto Services] :HKLM AGSService
### Service: Adobe Genuine Software Integrity Service Status: Start Type: loaded
automatically by Server Manager Actual File: C:\PROGRAM FILES (X86)\COMMON
FILES\ADOBE\ADOBEGCCLIENT\AGSSERVICE.EXE * Adobe Genuine Software Integrity Service
Adobe Genuine Software Integrity Service Adobe Systems, Incorporated Adobe Genuine
Software Integrity Service 4.2.0.574 BuildVersion: 4.2; BuildDate: Thu May 18 2017
07:19:03 !$*"C:\PROGRAM FILES (X86)\COMMON
FILES\ADOBE\ADOBEGCCLIENT\AGSSERVICE.EXE"
[Auto Services] :HKLM AJRouter
### Service: AllJoyn Router Service Status: Start Type: loaded manually on demand
Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * Routes AllJoyn messages for the
local AllJoyn clients. If this service is stopped the AllJoyn clients that do not
have their own bundled routers will be unable to run. Host Process for Windows
Services Microsoft Corporation Microsoft Windows Operating System 10.0.15063.0 !
$*%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE -K LOCALSERVICENETWORKRESTRICTED
[Auto Services] :HKLM ALG
### Service: Application Layer Gateway Service Status: Start Type: loaded
manually on demand Actual File: C:\WINDOWS\SYSTEM32\ALG.EXE * Provides support for
3rd party protocol plug-ins for Internet Connection Sharing Application Layer
Gateway Service Microsoft Corporation Microsoft Windows Operating System
10.0.15063.0 !$*%SYSTEMROOT%\SYSTEM32\ALG.EXE
[Auto Services] :HKLM AppIDSvc
### Service: Application Identity Status: Start Type: loaded manually on demand
Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * Determines and verifies the identity
of an application. Disabling this service will prevent AppLocker from being
enforced. Host Process for Windows Services Microsoft Corporation Microsoft
Windows Operating System 10.0.15063.0 !$*%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE -K
LOCALSERVICENETWORKRESTRICTED
[Auto Services] :HKLM Appinfo
### Service: Application Information Status: Start Type: loaded manually on
demand Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * Facilitates the running of
interactive applications with additional administrative privileges. If this
service is stopped, users will be unable to launch applications with the additional
administrative privileges they may require to perform desired user tasks. Host
Process for Windows Services Microsoft Corporation Microsoft Windows Operating
System 10.0.15063.0 !$*%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE -K NETSVCS
[Auto Services] :HKLM Apple Mobile Device Service
### Service: Apple Mobile Device Service Status: Start Type: loaded automatically
by Server Manager Actual File: C:\PROGRAM FILES\COMMON FILES\APPLE\MOBILE DEVICE
SUPPORT\APPLEMOBILEDEVICESERVICE.EXE * Provides the interface to Apple mobile
devices. MobileDeviceService Apple Inc. 3.3.0.0 !$*"C:\PROGRAM FILES\COMMON
FILES\APPLE\MOBILE DEVICE SUPPORT\APPLEMOBILEDEVICESERVICE.EXE"
[Auto Services] :HKLM AppReadiness
### Service: App Readiness Status: Start Type: loaded manually on demand Actual
File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * Gets apps ready for use the first time a
user signs in to this PC and when adding new apps. Host Process for Windows
Services Microsoft Corporation Microsoft Windows Operating System 10.0.15063.0 !
$*%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE -K APPREADINESS
[Auto Services] :HKLM AppXSvc
### Service: AppX Deployment Service (AppXSVC) Status: Start Type: loaded
manually on demand Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * Provides
infrastructure support for deploying Store applications. This service is started on
demand and if disabled Store applications will not be deployed to the system, and
may not function properly. Host Process for Windows Services Microsoft Corporation
Microsoft Windows Operating System 10.0.15063.0 !$*%SYSTEMROOT
%\SYSTEM32\SVCHOST.EXE -K WSAPPX
[Auto Services] :HKLM AudioEndpointBuilder
### Service: Windows Audio Endpoint Builder Status: Start Type: loaded
automatically by Server Manager Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE *
Manages audio devices for the Windows Audio service. If this service is stopped,
audio devices and effects will not function properly. If this service is disabled,
any services that explicitly depend on it will fail to start Host Process for
Windows Services Microsoft Corporation Microsoft Windows Operating System
10.0.15063.0 !$*%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE -K LOCALSYSTEMNETWORKRESTRICTED
[Auto Services] :HKLM Audiosrv
### Service: Windows Audio Status: Start Type: loaded automatically by Server
Manager Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * Manages audio for Windows-
based programs. If this service is stopped, audio devices and effects will not
function properly. If this service is disabled, any services that explicitly
depend on it will fail to start Host Process for Windows Services Microsoft
Corporation Microsoft Windows Operating System 10.0.15063.0 !$*%SYSTEMROOT
%\SYSTEM32\SVCHOST.EXE -K LOCALSERVICENETWORKRESTRICTED
[Auto Services] :HKLM AxInstSV
### Service: ActiveX Installer (AxInstSV) Status: Start Type: loaded manually on
demand Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * Provides User Account Control
validation for the installation of ActiveX controls from the Internet and enables
management of ActiveX control installation based on Group Policy settings. This
service is started on demand and if disabled the installation of ActiveX controls
will behave according to default browser settings. Host Process for Windows
Services Microsoft Corporation Microsoft Windows Operating System 10.0.15063.0 !
$*%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE -K AXINSTSVGROUP
[Auto Services] :HKLM BDESVC
### Service: BitLocker Drive Encryption Service Status: Start Type: loaded
manually on demand Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * BDESVC hosts the
BitLocker Drive Encryption service. BitLocker Drive Encryption provides secure
startup for the operating system, as well as full volume encryption for OS, fixed
or removable volumes. This service allows BitLocker to prompt users for various
actions related to their volumes when mounted, and unlocks volumes automatically
without user interaction. Additionally, it stores recovery information to Active
Directory, if available, and, if necessary, ensures the most recent recovery
certificates are used. Stopping or disabling the service would prevent users from
leveraging this functionality. Host Process for Windows Services Microsoft
Corporation Microsoft Windows Operating System 10.0.15063.0 !$*%SYSTEMROOT
%\SYSTEM32\SVCHOST.EXE -K NETSVCS
[Auto Services] :HKLM BFE
### Service: Base Filtering Engine Status: Start Type: loaded automatically by
Server Manager Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * The Base Filtering
Engine (BFE) is a service that manages firewall and Internet Protocol security
(IPsec) policies and implements user mode filtering. Stopping or disabling the BFE
service will significantly reduce the security of the system. It will also result
in unpredictable behavior in IPsec management and firewall applications. Host
Process for Windows Services Microsoft Corporation Microsoft Windows Operating
System 10.0.15063.0 !$*%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE -K LOCALSERVICENONETWORK
[Auto Services] :HKLM BIT
### Service: Status: Start Type: loaded automatically by Server Manager Actual
File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * Host Process for Windows Services
Microsoft Corporation Microsoft Windows Operating System 10.0.15063.0 !
$*C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K BIT -S
[Auto Services] :HKLM BITS
### Service: Background Intelligent Transfer Service Status: Start Type: loaded
manually on demand Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * Transfers files
in the background using idle network bandwidth. If the service is disabled, then
any applications that depend on BITS, such as Windows Update or MSN Explorer, will
be unable to automatically download programs and other information. Host Process
for Windows Services Microsoft Corporation Microsoft Windows Operating System
10.0.15063.0 !$*%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE -K NETSVCS
[Auto Services] :HKLM Bonjour Service
### Service: Servicio Bonjour Status: Start Type: loaded automatically by Server
Manager Actual File: C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE * Permite que los
dispositivos de hardware y los servicios de software se configuren automticamente
en la red y anuncien su presencia. Bonjour Service Apple Inc. Bonjour 3,1,0,1 !
$*"C:\PROGRAM FILES\BONJOUR\MDNSRESPONDER.EXE"
[Auto Services] :HKLM BrokerInfrastructure
### Service: Background Tasks Infrastructure Service Status: Start Type: loaded
automatically by Server Manager Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE *
Windows infrastructure service that controls which background tasks can run on the
system. Host Process for Windows Services Microsoft Corporation Microsoft Windows
Operating System 10.0.15063.0 !$*%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE -K DCOMLAUNCH
[Auto Services] :HKLM Browser
### Service: Computer Browser Status: Start Type: loaded manually on demand
Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * Maintains an updated list of
computers on the network and supplies this list to computers designated as
browsers. If this service is stopped, this list will not be updated or maintained.
If this service is disabled, any services that explicitly depend on it will fail to
start. Host Process for Windows Services Microsoft Corporation Microsoft Windows
Operating System 10.0.15063.0 !$*%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE -K NETSVCS
[Auto Services] :HKLM BthHFSrv
### Service: Bluetooth Handsfree Service Status: Start Type: loaded manually on
demand Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * Enables wireless Bluetooth
headsets to run on this computer. If this service is stopped or disabled, then
Bluetooth headsets will not function properly with this machine. Host Process for
Windows Services Microsoft Corporation Microsoft Windows Operating System
10.0.15063.0 !$*%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE -K LOCALSERVICEANDNOIMPERSONATION
[Auto Services] :HKLM bthserv
### Service: Bluetooth Support Service Status: Start Type: loaded manually on
demand Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * The Bluetooth service
supports discovery and association of remote Bluetooth devices. Stopping or
disabling this service may cause already installed Bluetooth devices to fail to
operate properly and prevent new devices from being discovered or associated. Host
Process for Windows Services Microsoft Corporation Microsoft Windows Operating
System 10.0.15063.0 !$*%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
[Auto Services] :HKLM CDPSvc
### Service: Connected Devices Platform Service Status: Start Type: loaded
automatically by Server Manager Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * This
service is used for Connected Devices Platform scenarios Host Process for Windows
Services Microsoft Corporation Microsoft Windows Operating System 10.0.15063.0 !
$*%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE -K LOCALSERVICE
[Auto Services] :HKLM CDPUserSvc
### Service: Connected Devices Platform User Service Status: Start Type: loaded
automatically by Server Manager Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * This
user service is used for Connected Devices Platform scenarios Host Process for
Windows Services Microsoft Corporation Microsoft Windows Operating System
10.0.15063.0 !$*%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE -K UNISTACKSVCGROUP
[Auto Services] :HKLM CDPUserSvc_5a020
### Service: Servicio de usuario de plataforma de dispositivos conectados_5a020
Status: Start Type: loaded automatically by Server Manager Actual File:
C:\WINDOWS\SYSTEM32\SVCHOST.EXE * This user service is used for Connected Devices
Platform scenarios Host Process for Windows Services Microsoft Corporation
Microsoft Windows Operating System 10.0.15063.0 !
$*C:\WINDOWS\SYSTEM32\SVCHOST.EXE -K UNISTACKSVCGROUP
[Auto Services] :HKLM CertPropSvc
### Service: Certificate Propagation Status: Start Type: loaded manually on
demand Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * Copies user certificates and
root certificates from smart cards into the current user's certificate store,
detects when a smart card is inserted into a smart card reader, and, if needed,
installs the smart card Plug and Play minidriver. Host Process for Windows Services
Microsoft Corporation Microsoft Windows Operating System 10.0.15063.0 !$*
%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE -K NETSVCS
[Auto Services] :HKLM ClickToRunSvc
### Service: Servicio Hacer clic y ejecutar de Microsoft Office Status: Start
Type: loaded automatically by Server Manager Actual File: C:\PROGRAM FILES\COMMON
FILES\MICROSOFT SHARED\CLICKTORUN\OFFICECLICKTORUN.EXE * ?Administra la
coordinacin de recursos, la descarga en segundo plano y la integracin de los
productos de Microsoft Office y de las actualizaciones relacionadas. Este servicio
debe estar iniciado durante el uso de cualquier programa de Microsoft Office,
durante la instalacin inicial de la descarga y durante el resto de actualizaciones
subsiguientes.? Microsoft Office Click-to-Run Microsoft Corporation Microsoft
Office 16.0.4266.1003 !$*"C:\PROGRAM FILES\COMMON FILES\MICROSOFT
SHARED\CLICKTORUN\OFFICECLICKTORUN.EXE" /SERVICE
[Auto Services] :HKLM ClipSVC
### Service: Client License Service (ClipSVC) Status: Start Type: loaded manually
on demand Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * Provides infrastructure
support for the Microsoft Store. This service is started on demand and if disabled
applications bought using Windows Store will not behave correctly. Host Process for
Windows Services Microsoft Corporation Microsoft Windows Operating System
10.0.15063.0 !$*%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE -K WSAPPX
[Auto Services] :HKLM COMSysApp
### Service: COM+ System Application Status: Start Type: loaded manually on
demand Actual File: C:\WINDOWS\SYSTEM32\DLLHOST.EXE * Manages the configuration and
tracking of Component Object Model (COM)+-based components. If the service is
stopped, most COM+-based components will not function properly. If this service is
disabled, any services that explicitly depend on it will fail to start. COM
Surrogate Microsoft Corporation Microsoft Windows Operating System 10.0.15063.0 !
$*%SYSTEMROOT%\SYSTEM32\DLLHOST.EXE /PROCESSID:{02D4B3F1-FD88-11D1-960D-
00805FC79235}
[Auto Services] :HKLM CoreMessagingRegistrar
### Service: CoreMessaging Status: Start Type: loaded automatically by Server
Manager Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * Manages communication
between system components. Host Process for Windows Services Microsoft Corporation
Microsoft Windows Operating System 10.0.15063.0 !$*%SYSTEMROOT
%\SYSTEM32\SVCHOST.EXE -K LOCALSERVICENONETWORK
[Auto Services] :HKLM cphs
### Service: Intel(R) Content Protection HECI Service Status: Start Type: loaded
manually on demand Actual File:
C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\IGDLH64.INF_AMD64_463164D40C3D26CE\I
NTELCPHECISVC.EXE * Intel(R) Content Protection HECI Service - enables
communication with the Content Protection FW IntelCpHeciSvc Executable Intel
Corporation IntelCpHeciSvc Executable 9.0.31.9015 !$*%SYSTEMROOT
%\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\IGDLH64.INF_AMD64_463164D40C3D26CE\INTELCPHEC
ISVC.EXE
[Auto Services] :HKLM cplspcon
### Service: Intel(R) Content Protection HDCP Service Status: Start Type: loaded
manually on demand Actual File:
C:\WINDOWS\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\IGDLH64.INF_AMD64_463164D40C3D26CE\I
NTELCPHDCPSVC.EXE * Intel(R) Content Protection HDCP Service - enables
communication with Content Protection HDCP HW IntelCpHDCPSvc Executable Intel
Corporation IntelCpHDCPSvc Executable 1.0.0.1 !$*%SYSTEMROOT
%\SYSTEM32\DRIVERSTORE\FILEREPOSITORY\IGDLH64.INF_AMD64_463164D40C3D26CE\INTELCPHDC
PSVC.EXE
[Auto Services] :HKLM CryptSvc
### Service: Cryptographic Services Status: Start Type: loaded automatically by
Server Manager Actual File: C:\WINDOWS\SYSTEM32\SVCHOST.EXE * Provides three
management services: Catalog Database Service, which confirms the signatures of
Windows files and allows new programs to be installed; Protected Root Service,
which adds and removes Trusted Root Certification Authority certificates from this
computer; and Automatic Root Certificate Update Service, which retrieves root
certificates from Windows Update and enable scenarios such as SSL. If this service
is stopped, these management services will not function properly. If this service
is disabled, any services that explicitly depend on it will fail to start. Host
Process for Windows Services Microsoft Corporation Microsoft Windows Operating
System 10.0.15063.0 !$*%SYSTEMROOT%\SYSTEM32\SVCHOST.EXE -K NETWORKSERVICE
[Auto Services] :HKLM dbupdate
### Service: Servicio Actualizacin de Dropbox (dbupdate) Status: Start Type:
loaded automatically by Server Manager Actual File: C:\PROGRAM FILES
(X86)\DROPBOX\UPDATE\DROPBOXUPDATE.EXE * Mantn actualizado tu software de Dropbox.
Si se inhabilita o detiene este servicio, el software de Dropbox no se actualizar:
las vulnerabilidades de seguridad que podran surgir no se corregirn, y algunas
caractersticas podran no funcionar. Este servicio se desinstala cuando no hay
software de Dropbox que lo use. Dropbox Update Dropbox, Inc. Dropbox Update
1.3.27.73 !$*"C:\PROGRAM FILES (X86)\DROPBOX\UPDATE\DROPBOXUPDATE.EXE" /SVC
[Auto Services] :HKLM dbupdatem
### Service: Servicio Actualizacin de Dropbox (dbupdatem) Status: Start Type:
loaded manually on demand Actual File: C:\PROGRAM FILES
(X86)\DROPBOX\UPDATE\DROPBOXUPDATE.EXE * Mantn actualizado tu software de Dropbox.
Si se inhabilita o detiene este servicio, el software de Dropbox no se actualizar:
las vulnerabilidades de seguridad que podran surgir no se corregirn, y algunas
caractersticas podran no funcionar. Este servicio se desinstala cuando no hay
software de Dropbox que lo use. Dropbox Update Dropbox, Inc. Dropbox Update
1.3.27.73 !$*"C:\PROGRAM FILES (X86)\DROPBOX\UPDATE\DROPBOXUPDATE.EXE" /MEDSVC
[Auto Services] :HKLM DbxSvc
### Service: DbxSvc Status: Start Type: loaded automatically by Server Manager
Actual File: C:\WINDOWS\SYSTEM32\DBXSVC.EXE * Dropbox Service Dropbox Service
Dropbox, Inc. Dropbox !$*%SYSTEMROOT%\SYSTEM32\DBXSVC.EXE
[Auto Services] :HKLM DcomLaunch
### Service: DCOM Server Process Launcher Status: Start Type: loaded
Источник: [https://torrent-igruha.org/3551-portal.html]
.

What’s New in the Pro Tools MP3 Export v1.0x228 serial key or number?

Screen Shot

System Requirements for Pro Tools MP3 Export v1.0x228 serial key or number

Add a Comment

Your email address will not be published. Required fields are marked *