API tools faq
paste
Advertisement
captmicro

notepad.exe load call chain

captmicro
Jan 4th, 2013
335
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.69 KB | None | 0 0
raw download clone embed print report
  1. CreateProcess called...
  2. Process: 0x84377d40
  3. ProcessId: 0xb94
  4. CreateInfo:
  5. Parent Process Id: 0x874
  6. Image File Name: '\??\C:\Windows\system32\notepad.exe'
  7. Command Line: '"C:\Windows\system32\notepad.exe" '
  8. Flags: 0x1
  9. Image loaded...
  10. Full Image Name: '\Windows\System32\notepad.exe'
  11. ProcessId: 0x874
  12. ImageInfo:
  13. Image Base: 0x3f00000
  14. Image Selector: 0x0
  15. Image Size: 0x30000
  16. Image Section Number: 0x0
  17. Properties:
  18. Image Addressing Mode: 0x3
  19. System Mode Image: 0x0
  20. Image Mapped To All Pids: 0x0
  21. Extended Info Present: 0x1
  22. Reserved: 0x0
  23. Image loaded...
  24. Full Image Name: '\Device\HarddiskVolume2\Windows\System32\notepad.exe'
  25. ProcessId: 0xb94
  26. ImageInfo:
  27. Image Base: 0x4a0000
  28. Image Selector: 0x0
  29. Image Size: 0x30000
  30. Image Section Number: 0x0
  31. Properties:
  32. Image Addressing Mode: 0x3
  33. System Mode Image: 0x0
  34. Image Mapped To All Pids: 0x0
  35. Extended Info Present: 0x1
  36. Reserved: 0x0
  37. Image loaded...
  38. Full Image Name: '\Windows\System32\notepad.exe'
  39. ProcessId: 0x874
  40. ImageInfo:
  41. Image Base: 0x3f00000
  42. Image Selector: 0x0
  43. Image Size: 0x30000
  44. Image Section Number: 0x0
  45. Properties:
  46. Image Addressing Mode: 0x3
  47. System Mode Image: 0x0
  48. Image Mapped To All Pids: 0x0
  49. Extended Info Present: 0x1
  50. Reserved: 0x0
  51. Image loaded...
  52. Full Image Name: '\Windows\System32\notepad.exe'
  53. ProcessId: 0x874
  54. ImageInfo:
  55. Image Base: 0x3f00000
  56. Image Selector: 0x0
  57. Image Size: 0x30000
  58. Image Section Number: 0x0
  59. Properties:
  60. Image Addressing Mode: 0x3
  61. System Mode Image: 0x0
  62. Image Mapped To All Pids: 0x0
  63. Extended Info Present: 0x1
  64. Reserved: 0x0
  65. Image loaded...
  66. Full Image Name: '\Windows\System32\notepad.exe'
  67. ProcessId: 0x874
  68. ImageInfo:
  69. Image Base: 0x3f00000
  70. Image Selector: 0x0
  71. Image Size: 0x30000
  72. Image Section Number: 0x0
  73. Properties:
  74. Image Addressing Mode: 0x3
  75. System Mode Image: 0x0
  76. Image Mapped To All Pids: 0x0
  77. Extended Info Present: 0x1
  78. Reserved: 0x0
  79. Image loaded...
  80. Full Image Name: '\Windows\System32\notepad.exe'
  81. ProcessId: 0x874
  82. ImageInfo:
  83. Image Base: 0x3f00000
  84. Image Selector: 0x0
  85. Image Size: 0x30000
  86. Image Section Number: 0x0
  87. Properties:
  88. Image Addressing Mode: 0x3
  89. System Mode Image: 0x0
  90. Image Mapped To All Pids: 0x0
  91. Extended Info Present: 0x1
  92. Reserved: 0x0
  93. Image loaded...
  94. Full Image Name: '\Windows\System32\notepad.exe'
  95. ProcessId: 0x874
  96. ImageInfo:
  97. Image Base: 0x3f00000
  98. Image Selector: 0x0
  99. Image Size: 0x30000
  100. Image Section Number: 0x0
  101. Properties:
  102. Image Addressing Mode: 0x3
  103. System Mode Image: 0x0
  104. Image Mapped To All Pids: 0x0
  105. Extended Info Present: 0x1
  106. Reserved: 0x0
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!