| Server IP : 180.180.241.3 / Your IP : 216.73.216.252 Web Server : Microsoft-IIS/7.5 System : Windows NT NETWORK-NHRC 6.1 build 7601 (Windows Server 2008 R2 Standard Edition Service Pack 1) i586 User : IUSR ( 0) PHP Version : 5.3.28 Disable Function : NONE MySQL : ON | cURL : ON | WGET : OFF | Perl : OFF | Python : OFF | Sudo : OFF | Pkexec : OFF Directory : /Program Files/Malwarebytes/Anti-Malware/sdk/ |
Upload File : |
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
fccf1ee6-7d49-38ab-4f8a-1b9849700ff8 SelfProtectionKernel // SRC=watchdog-common.c MJ= MN=
#typev watchdog-common_c284 18 "%0AddQuarantinedProcess failed to allocate memory" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=AddQuarantinedProcess
{
}
#typev watchdog-common_c279 17 "%0AddQuarantinedProcess: %10!p!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_PROCESS FUNC=AddQuarantinedProcess
{
ProcessId, ItemPtr -- 10
}
#typev watchdog-common_c275 16 "%0AddQuarantinedProcess: %10!s!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_PROCESS FUNC=AddQuarantinedProcess
{
ProcessName, ItemPWString -- 10
}
#typev watchdog-common_c197 14 "%0CheckPendingRenames returns FALSE" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_PROCESS FUNC=CheckForPendingRenames
{
}
#typev watchdog-common_c191 13 "%0Turning off pending rename check after 3 minutes." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_PROCESS FUNC=CheckForPendingRenames
{
}
#typev watchdog-common_c183 12 "%0Turning off pending rename check - failed to open Session Manager key - 0x%10!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=CheckForPendingRenames
{
status, ItemLong -- 10
}
#typev watchdog-common_c4302 148 "%0CheckIfProcessIsSigned: Failed to get the process handle for %10!s!!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=CheckIfProcessIsSigned
{
GetPathForPid(ProcessId), ItemPWString -- 10
}
#typev watchdog-common_c4293 147 "%0CheckIfProcessIsSigned: Failed to get the process name for %10!s!!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=CheckIfProcessIsSigned
{
GetPathForPid(ProcessId), ItemPWString -- 10
}
#typev watchdog-common_c216 15 "%0Clear quarantined process list" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_PROCESS FUNC=ClearQuarantinedProcesses
{
}
#typev watchdog-common_c1968 81 "%0Closing (%10!p!)\%11!s!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_OTHER FUNC=DeleteDir
{
deldir->Root, ItemPtr -- 10
deldir->Name, ItemPWString -- 11
}
#typev watchdog-common_c1911 76 "%0Entering (%10!p!)\%11!s!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_OTHER FUNC=DeleteDir
{
deldir->Root, ItemPtr -- 10
deldir->Name, ItemPWString -- 11
}
#typev watchdog-common_c1949 80 "%0Error 0x%10!x! deleting file (%11!p!)\%12!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=DeleteDir
{
NtStatus, ItemLong -- 10
deldir->Root, ItemPtr -- 11
found.ObjectName, ItemPWString -- 12
}
#typev watchdog-common_c1945 79 "%0Deleting file (%10!p!)\%11!s!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_OTHER FUNC=DeleteDir
{
deldir->Root, ItemPtr -- 10
found.ObjectName, ItemPWString -- 11
}
#typev watchdog-common_c1942 78 "%0Error 0x%10!x! opening file (%11!p!)\%12!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=DeleteDir
{
NtStatus, ItemLong -- 10
deldir->Root, ItemPtr -- 11
found.ObjectName, ItemPWString -- 12
}
#typev watchdog-common_c1936 77 "%0Error 0x%10!x! removing RO on file (%11!p!)\%12!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=DeleteDir
{
NtStatus, ItemLong -- 10
deldir->Root, ItemPtr -- 11
found.ObjectName, ItemPWString -- 12
}
#typev watchdog-common_c1843 75 "%0Exiting (%10!p!)\%11!s! (%12!p!)" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_OTHER FUNC=DeleteDir
{
deldir->Root, ItemPtr -- 10
deldir->Name, ItemPWString -- 11
deldir->hObjectHandle, ItemPtr -- 12
}
#typev watchdog-common_c1810 74 "%0Opened (%10!p!)\%11!s! for handle %12!p!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_OTHER FUNC=DeleteDir
{
deldir->Root, ItemPtr -- 10
deldir->Name, ItemPWString -- 11
deldir->hObjectHandle, ItemPtr -- 12
}
#typev watchdog-common_c1803 73 "%0Attempt FileDelete of %10!s!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_OTHER FUNC=DeleteDir
{
deldir->Name, ItemPWString -- 10
}
#typev watchdog-common_c1768 72 "%0Removing path %10!s!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_OTHER FUNC=DeleteDir
{
szFileDirectoryName, ItemPWString -- 10
}
#typev watchdog-common_c3079 137 "%0Invalid buffer size - %10!u! bytes (need %11!u!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
uInSize, ItemLong -- 10
sizeof(WCHAR) * 3, ItemLong -- 11
}
#typev watchdog-common_c3101 138 "%0Invalid buffer size - %10!u! bytes (need %11!u!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
uInSize, ItemLong -- 10
sizeof(WCHAR) * 3, ItemLong -- 11
}
#typev watchdog-common_c2971 132 "%0Invalid buffer size - %10!u! bytes (need %11!u!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
uInSize, ItemLong -- 10
sizeof(BOOLEAN), ItemLong -- 11
}
#typev watchdog-common_c2966 131 "%0Allow Task Manager = %10!d!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
g_MbamWatchdogData.AllowTaskManager, ItemLong -- 10
}
#typev watchdog-common_c3021 134 "%0Unable to create notification event" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2981 133 "%0Get Volume Mount Event Name" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c3050 136 "%0Invalid buffer size - %10!u! bytes (need %11!u!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
uInSize, ItemLong -- 10
sizeof(BOOLEAN), ItemLong -- 11
}
#typev watchdog-common_c3044 135 "%0Already in correct volume mount block state %10!d!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
g_MbamWatchdogData.MonitorVolumeMount, ItemLong -- 10
}
#typev watchdog-common_c2376 85 "%0Initialized IG" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_OTHER FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2370 84 "%0Error 0x%10!x! Initializing IG" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=DispatchIoctl
{
status, ItemLong -- 10
}
#typev watchdog-common_c2737 113 "%0!ProtectEntry - driver not enabled yet!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2717 109 "%0!Protect entry wrong buffer size (need %10!u!) %11!u!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
sizeof(MB_PROTECTION_ENTRY), ItemLong -- 10
uInSize, ItemLong -- 11
}
#typev watchdog-common_c2710 108 "%0!Protect entry wrong structure length (Entry->Length + struct size > size of input buffer) %10!u! > %11!u! (proc = %12!s!) %13!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
pEnt->Length + sizeof(MB_PROTECTION_ENTRY), ItemLong -- 10
uInSize, ItemLong -- 11
GetPathForPid(pid), ItemPWString -- 12
pth, ItemWString -- 13
}
#typev watchdog-common_c2693 107 "%0!ProtectEntry remove hash" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_FS FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2688 106 "%0!ProtectEntry add Hash" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_FS FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2658 105 "%0!ProtectEntry remove %10!s!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_FS FUNC=DispatchIoctl
{
&ent, ItemPWString -- 10
}
#typev watchdog-common_c2647 104 "%0!ProtectEntry add %10!s!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_FS FUNC=DispatchIoctl
{
&ent, ItemPWString -- 10
}
#typev watchdog-common_c2642 103 "%0!ProtectEntry DOR add %10!s!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_FS FUNC=DispatchIoctl
{
&ent, ItemPWString -- 10
}
#typev watchdog-common_c2624 102 "%0!ProtectEntry remove %10!s!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_REGISTRY FUNC=DispatchIoctl
{
&ent, ItemPWString -- 10
}
#typev watchdog-common_c2611 101 "%0!ProtectEntry add %10!s!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_REGISTRY FUNC=DispatchIoctl
{
&ent, ItemPWString -- 10
}
#typev watchdog-common_c2731 112 "%0!ProtectEntry - %10!p! is not a trusted process" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
PsGetCurrentProcessId(), ItemPtr -- 10
}
#typev watchdog-common_c2727 111 "%0!ProtectEntry Kernel trusted list is not built yet." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2723 110 "%0!ProtectEntry Kernel mode request is denied" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2789 116 "%0!QueryProtectEntry - Driver is disabled" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2783 115 "%0!QueryProtectEntry - %10!p! is not a trusted process" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
PsGetCurrentProcessId(), ItemPtr -- 10
}
#typev watchdog-common_c2779 114 "%0!QueryProtectEntry- Kernel mode request is denied" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2915 127 "%0!QuarantineProcess - %10!p! is not a trusted process" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
PsGetCurrentProcessId(), ItemPtr -- 10
}
#typev watchdog-common_c2911 126 "%0!QuarantineProcess - Kernel mode request is denied" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2905 125 "%0!QuarantineProcess - Buffer not correct size- %10!u! - need %11!u!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
uInSize, ItemLong -- 10
sizeof(MB_QUARANTINE), ItemLong -- 11
}
#typev watchdog-common_c2888 124 "%0!QuarantineProcess adding %10!s!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
&prepName, ItemPWString -- 10
}
#typev watchdog-common_c2865 123 "%0!QuarantineProcess" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2847 122 "%0!TerminateProcess - %10!p! is not a trusted process" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
PsGetCurrentProcessId(), ItemPtr -- 10
}
#typev watchdog-common_c2843 121 "%0!TerminateProcess- Kernel mode request is denied" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2838 120 "%0!TerminateProcess - Buffer size incorrect (%10!u!)." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
uInSize, ItemLong -- 10
}
#typev watchdog-common_c2833 119 "%0!TerminateProcess - %10!p! was terminated." // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
pid, ItemPtr -- 10
}
#typev watchdog-common_c2828 118 "%0!TerminateProcess - %10!p! was terminated by threads." // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
pid, ItemPtr -- 10
}
#typev watchdog-common_c2805 117 "%0!TerminateProcess" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2956 130 "%0!SetProcessProtection - %10!p! is not a trusted process" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
PsGetCurrentProcessId(), ItemPtr -- 10
}
#typev watchdog-common_c2952 129 "%0!SetProcessProtection - Kernel mode request is denied" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2948 128 "%0!SetProcessProtection - Buffer size (%10!u!) is not correct" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
uInSize, ItemLong -- 10
}
#typev watchdog-common_c2534 97 "%0Deprecated IOCTL_RELOAD." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2392 86 "%0!Hello returns disabled" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2503 94 "%0DispatchIoctl: Disabling process is not signed! (mode = %10!u!) Proc = %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
pIrp->RequestorMode, ItemLong -- 10
GetPathForPid(PsGetCurrentProcessId()), ItemPWString -- 11
}
#typev watchdog-common_c2497 93 "%0Disable - Failing kernel mode request." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2485 92 "%0Failed to set enabled value in registry - %10!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=DispatchIoctl
{
status, ItemLong -- 10
}
#typev watchdog-common_c2459 91 "%0!Disable" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2451 90 "%0DispatchIoctl: Enabling process is not signed! (mode = %10!u!) Proc = %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
pIrp->RequestorMode, ItemLong -- 10
GetPathForPid(PsGetCurrentProcessId()), ItemPWString -- 11
}
#typev watchdog-common_c2445 89 "%0Enable - Failing kernel mode request." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2425 88 "%0Failed to set enabled value in registry - %10!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=DispatchIoctl
{
status, ItemLong -- 10
}
#typev watchdog-common_c2408 87 "%0!Enable" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2529 96 "%0!Unload - %10!p! is not a trusted process" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
PsGetCurrentProcessId(), ItemPtr -- 10
}
#typev watchdog-common_c2513 95 "%0!Unload" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c2572 100 "%0!IsTrusted - invalid buffer size - %10!u! bytes (need %11!u!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
uInSize, ItemLong -- 10
sizeof(LARGE_INTEGER), ItemLong -- 11
}
#typev watchdog-common_c2566 99 "%0!IsTrusted - %10!p! is not a trusted process" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
PsGetCurrentProcessId(), ItemPtr -- 10
}
#typev watchdog-common_c2538 98 "%0!IsTrusted" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IOCTL FUNC=DispatchIoctl
{
}
#typev watchdog-common_c825 33 "%0Failed to allocate memory to get DOR paths (line %10!u! %11!u! bytes)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=GetDorPaths
{
__LINE__, ItemLong -- 10
length, ItemLong -- 11
}
#typev watchdog-common_c818 32 "%0Failed to allocate memory to get DOR paths (line %10!u! %11!u! bytes)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=GetDorPaths
{
__LINE__, ItemLong -- 10
partialInfo->DataLength, ItemLong -- 11
}
#typev watchdog-common_c4424 150 "%0Could not read install path. ntStatus (%10!s!), key (%11!s!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=GetInstallPath
{
ntStatus, ItemNTSTATUS -- 10
&uninstallKey, ItemPWString -- 11
}
#typev watchdog-common_c1671 69 "%0Error opening registry to get installed value %10!s!, 0x%11!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=GetInstalledValue
{
&g_MbamWatchdogData.RegPath, ItemPWString -- 10
ntStatus, ItemLong -- 11
}
#typev watchdog-common_c1739 71 "%0Error allocating memory for registry path - %10!u! bytes" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=GetPathFromRegistry
{
length, ItemLong -- 10
}
#typev watchdog-common_c1732 70 "%0Error allocating memory for registry path - %10!u! bytes" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=GetPathFromRegistry
{
(ULONG)pathLen * (ULONG) sizeof(WCHAR), ItemLong -- 10
}
#typev watchdog-common_c716 31 "%0Failed to allocate memory to get protected items (line %10!u! %11!u! bytes)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=GetProtectedPaths
{
__LINE__, ItemLong -- 10
length, ItemLong -- 11
}
#typev watchdog-common_c708 30 "%0Failed to allocate memory to get protected hashes (line %10!u! %11!u! bytes)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=GetProtectedPaths
{
__LINE__, ItemLong -- 10
partialInfo->DataLength, ItemLong -- 11
}
#typev watchdog-common_c694 29 "%0Failed to allocate memory to get protected paths (line %10!u! %11!u! bytes)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=GetProtectedPaths
{
__LINE__, ItemLong -- 10
partialInfo->DataLength, ItemLong -- 11
}
#typev watchdog-common_c446 26 "%0GetProtectedProcess: Both TrustedListBuilt and TrustedProcessListRunning are TRUE! Process: %10!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_PROCESS FUNC=GetProtectedProcess
{
GetPathForPid(ProcessId), ItemPWString -- 10
}
#typev watchdog-common_c4252 146 "%0GetRunningProcessList: returning %10!d!." // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_PROCESS FUNC=GetRunningTrustedProcessList
{
res, ItemLong -- 10
}
#typev watchdog-common_c4170 145 "%0Error allocating memory for trusted process list - %10!u! bytes" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=GetRunningTrustedProcessList
{
processListLength, ItemLong -- 10
}
#typev watchdog-common_c4144 144 "%0Error getting path for taskmgr.exe! - %10!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=GetRunningTrustedProcessList
{
ntStatus, ItemLong -- 10
}
#typev watchdog-common_c4137 143 "%0Error getting path for lsass! - %10!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=GetRunningTrustedProcessList
{
ntStatus, ItemLong -- 10
}
#typev watchdog-common_c4127 142 "%0GetRunningProcessList: Starting work (%10!u!)" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_PROCESS FUNC=GetRunningTrustedProcessList
{
g_MbamWatchdogData.ThreadsRunning, ItemLong -- 10
}
#typev watchdog-common_c567 27 "%0Adding %10!s! to protected file list" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_FS FUNC=InitProtectedFileNames
{
&prepName, ItemPWString -- 10
}
#typev watchdog-common_c372 22 "%0UpdateTrustedProcessListProc synch call Complete (%10!u!)" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_PROCESS FUNC=InitRunningProcessList
{
g_MbamWatchdogData.ThreadsRunning, ItemLong -- 10
}
#typev watchdog-common_c359 21 "%0InitRunningProcessList: Starting UpdateTrustedProcessListProc!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_PROCESS FUNC=InitRunningProcessList
{
}
#typev watchdog-common_c3962 141 "%0Error allocating memory in MbAddHashList %10!u! bytes" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=MbAddHashList
{
sizeof(MBAM_HASH_ENTRY) + Size, ItemLong -- 10
}
#typev watchdog-common_c3658 140 "%0Error allocating memory in MbAddProtList %10!u! bytes" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=MbAddProtList
{
sizeof(MBAM_PROTECTED_ENTRY) + entry->Length, ItemLong -- 10
}
#typev watchdog-common_c598 28 "%0DOR failed to delete %10!s! (0x%11!x!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=ProcessDorList
{
&prepName, ItemPWString -- 10
status, ItemLong -- 11
}
#typev watchdog-common_c338 20 "%0RemoveQuarantinedProcess: %10!s!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_PROCESS FUNC=RemoveQuarantinedProcess
{
procName, ItemWString -- 10
}
#typev watchdog-common_c327 19 "%0RemoveQuarantinedProcess: %10!p!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_PROCESS FUNC=RemoveQuarantinedProcess
{
ProcessId, ItemPtr -- 10
}
#typev watchdog-common_c1002 42 "%0Failed to open user root key (%10!s!)" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_OTHER FUNC=ScrubCertificateRevocationListsWorker
{
ntStatus, ItemNTSTATUS -- 10
}
#typev watchdog-common_c977 40 "%0Memory allocation failure (%10!d!)" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_OTHER FUNC=ScrubCertificateRevocationListsWorker
{
keyInfoLength, ItemLong -- 10
}
#typev watchdog-common_c989 41 "%0User root key enumeration failed (%10!s!)" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_OTHER FUNC=ScrubCertificateRevocationListsWorker
{
ntStatus, ItemNTSTATUS -- 10
}
#typev watchdog-common_c965 39 "%0Failed to open user key (%10!s!) (%11!s!)" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_OTHER FUNC=ScrubCertificateRevocationListsWorker
{
ntStatus, ItemNTSTATUS -- 10
&nextUser, ItemPWString -- 11
}
#typev watchdog-common_c958 38 "%0Failed to open user revocation list (%10!s!) (%11!s!\%12!s!)" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_OTHER FUNC=ScrubCertificateRevocationListsWorker
{
ntStatus, ItemNTSTATUS -- 10
&nextUser, ItemPWString -- 11
&revocationListKey, ItemPWString -- 12
}
#typev watchdog-common_c949 37 "%0Failed to delete revoked certificate (%10!x!), (%11!s!\%12!s!\%13!s!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=ScrubCertificateRevocationListsWorker
{
ntStatus, ItemLong -- 10
&nextUser, ItemPWString -- 11
&revocationListKey, ItemPWString -- 12
&nextCert, ItemPWString -- 13
}
#typev watchdog-common_c910 36 "%0Memory allocation failure (%10!d!)" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_OTHER FUNC=ScrubCertificateRevocationListsWorker
{
keyInfoLength, ItemLong -- 10
}
#typev watchdog-common_c892 35 "%0Cannot open system certificate revocation list key (%10!s!) (%11!s!)" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_OTHER FUNC=ScrubCertificateRevocationListsWorker
{
ntStatus, ItemNTSTATUS -- 10
&revocationListKey, ItemPWString -- 11
}
#typev watchdog-common_c883 34 "%0Failed to delete revoked certificate (%10!s!), (%11!s!\%12!s!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=ScrubCertificateRevocationListsWorker
{
ntStatus, ItemNTSTATUS -- 10
&revocationListKey, ItemPWString -- 11
&nextCert, ItemPWString -- 12
}
#typev watchdog-common_c1612 68 "%0Error opening registry to set installed value %10!s!, 0x%11!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=SetInstalledValue
{
&g_MbamWatchdogData.RegPath, ItemPWString -- 10
ntStatus, ItemLong -- 11
}
#typev watchdog-common_c1385 60 "%0Error 0x%10!x! opening registry key %11!p!\%12!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=SpDeleteRegKeyRecursive
{
status, ItemLong -- 10
delreg, ItemPtr -- 11
obj.ObjectName, ItemPWString -- 12
}
#typev watchdog-common_c1378 59 "%0Failed to allocate memory delete registry keys (line %10!u! %11!u! bytes)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=SpDeleteRegKeyRecursive
{
__LINE__, ItemLong -- 10
sizeof(MB_DEL_REG), ItemLong -- 11
}
#typev watchdog-common_c1365 58 "%0Opened %10!p!\%11!s! to delete registry keys" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_OTHER FUNC=SpDeleteRegKeyRecursive
{
delreg, ItemPtr -- 10
&delreg->Name, ItemPWString -- 11
}
#typev watchdog-common_c1401 62 "%0Failed to delete %10!p! - 0x%11!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=SpDeleteRegKeyRecursive
{
delreg, ItemPtr -- 10
status, ItemLong -- 11
}
#typev watchdog-common_c1397 61 "%0Deleting %10!p!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_OTHER FUNC=SpDeleteRegKeyRecursive
{
delreg, ItemPtr -- 10
}
#typev watchdog-common_c1418 63 "%0Failed to allocate memory to delete registry keys (line %10!u! %11!u! bytes)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=SpDeleteRegKeyRecursive
{
__LINE__, ItemLong -- 10
delreg->Size, ItemLong -- 11
}
#typev watchdog-common_c1332 57 "%0Delete key start %10!p!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_OTHER FUNC=SpDeleteRegKeyRecursive
{
delreg, ItemPtr -- 10
}
#typev watchdog-common_c1324 56 "%0Failed to allocate memory to delete registry keys (line %10!u! %11!u! bytes)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=SpDeleteRegKeyRecursive
{
__LINE__, ItemLong -- 10
sizeof(MB_DEL_REG), ItemLong -- 11
}
#typev watchdog-common_c1109 48 "%0Enumerate and Delete IFEO key end" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_OTHER FUNC=SpScrubIeoKeys
{
}
#typev watchdog-common_c1106 47 "%0Failed to iterate IFEO registry keys (%10!x!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=SpScrubIeoKeys
{
status, ItemLong -- 10
}
#typev watchdog-common_c1095 46 "%0Failed to allocate memory to delete registry keys (line %10!u! %11!u! bytes)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=SpScrubIeoKeys
{
__LINE__, ItemLong -- 10
delreg.Size, ItemLong -- 11
}
#typev watchdog-common_c1076 45 "%0Error 0x%10!x! opening IFEO registry key \%11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=SpScrubIeoKeys
{
status, ItemLong -- 10
obj.ObjectName, ItemPWString -- 11
}
#typev watchdog-common_c1047 44 "%0Enumerate and Delete IFEO key start " // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_OTHER FUNC=SpScrubIeoKeys
{
}
#typev watchdog-common_c1039 43 "%0%!FUNC!(): ZwOpenKey failed %10!s!, key name - '%11!s!'" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=SpScrubIeoKeys
{
status, ItemNTSTATUS -- 10
KeyAttributes.ObjectName, ItemPWString -- 11
}
#typev watchdog-common_c1301 55 "%0Could not query key information (%10!s!) (%11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_REGISTRY FUNC=SpScrubSrpHashKeys
{
&subKey, ItemPWString -- 10
ntStatus, ItemNTSTATUS -- 11
}
#typev watchdog-common_c1291 54 "%0Remove Software Restriction Policy Hash key - %10!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_REGISTRY FUNC=SpScrubSrpHashKeys
{
&subKey, ItemPWString -- 10
}
#typev watchdog-common_c1250 53 "%0Delete Gpedit hash key start" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_OTHER FUNC=SpScrubSrpHashKeys
{
}
#typev watchdog-common_c1207 52 "%0Could not query key information (%10!s!) (%11!s!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_REGISTRY FUNC=SpScrubSrpPathKeys
{
&subKey, ItemPWString -- 10
ntStatus, ItemNTSTATUS -- 11
}
#typev watchdog-common_c1199 51 "%0Remove Software Restriction Policy Path %10!s! - %11!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_REGISTRY FUNC=SpScrubSrpPathKeys
{
&subKey, ItemPWString -- 10
&srpPath, ItemPWString -- 11
}
#typev watchdog-common_c1153 50 "%0Delete Software Restiction Poicy Path key start" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_OTHER FUNC=SpScrubSrpPathKeys
{
}
#typev watchdog-common_c1148 49 "%0Memory allocation failure (%10!d!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_REGISTRY FUNC=SpScrubSrpPathKeys
{
keyBasicInfoLength, ItemLong -- 10
}
#typev watchdog-common_c3248 139 "%0Exception caught in TerminateProcessByThreads()" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=TerminateProcessByThreads
{
}
#typev watchdog-common_c4348 149 "%0Failed to remove the driver - %10!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=UninstallDriverIfNotUsed
{
&prepName, ItemPWString -- 10
}
#typev watchdog-common_c113 11 "%0Unable to open process %10!p! (%11!s!) - %12!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=VerifyImage
{
ProcessId, ItemPtr -- 10
Name, ItemPWString -- 11
status, ItemLong -- 12
}
#typev watchdog-common_c105 10 "%0Found hollowed Process %10!p! (%11!s!)!!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_PROCESS FUNC=VerifyImage
{
ProcessId, ItemPtr -- 10
Name, ItemPWString -- 11
}
#typev watchdog-common_c2295 83 "%0WaitForTrustedList: finished (%10!u!), status - 0x%11!x!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_PROCESS FUNC=WaitForTrustedProcessList
{
g_MbamWatchdogData.ThreadsRunning, ItemLong -- 10
status, ItemLong -- 11
}
#typev watchdog-common_c2291 82 "%0WaitForTrustedList: Waiting for the list to get built (%10!u!)" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_PROCESS FUNC=WaitForTrustedProcessList
{
g_MbamWatchdogData.ThreadsRunning, ItemLong -- 10
}
#typev watchdog-common_c1571 67 "%0Error opening DOR file paths key - %10!s!, 0x%11!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=WriteDorPaths
{
&g_MbamWatchdogData.RegPath, ItemPWString -- 10
ntStatus, ItemLong -- 11
}
#typev watchdog-common_c1532 66 "%0Error opening protected paths key - %10!s!, 0x%11!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=WriteProtectedPaths
{
&g_MbamWatchdogData.RegPath, ItemPWString -- 10
ntStatus, ItemLong -- 11
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
9ef7e598-5f51-3548-9987-4e75090f4c56 SelfProtectionKernel // SRC=VolumeEvent.c MJ= MN=
#typev volumeevent_c376 24 "%0[DeviceControlEvent] %!FUNC!(): FltGetInstanceContext failed %10!s!, Instance - %11!p!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=AddEvent_Monitor
{
status, ItemNTSTATUS -- 10
Instance, ItemPtr -- 11
}
#typev volumeevent_c395 27 "%0[DeviceControlEvent] %!FUNC!() adding volume event %10!s!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=AddEvent_Monitor
{
&pContext->VolumeName, ItemPWString -- 10
}
#typev volumeevent_c391 26 "%0%!FUNC!(): AllocVolumeEvent failed %10!s!, %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=AddEvent_Monitor
{
STATUS_INSUFFICIENT_RESOURCES, ItemNTSTATUS -- 10
&pContext->VolumeName, ItemPWString -- 11
}
#typev volumeevent_c383 25 "%0%!FUNC!(): Event_Monitor failed %10!s!, %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=AddEvent_Monitor
{
STATUS_INSUFFICIENT_RESOURCES, ItemNTSTATUS -- 10
&pContext->VolumeName, ItemPWString -- 11
}
#typev volumeevent_c311 20 "%0[DeviceControlEvent] %!FUNC!(): FltGetInstanceContext failed %10!s!, Instance - %11!p!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=AddEvent_Rule
{
status, ItemNTSTATUS -- 10
Instance, ItemPtr -- 11
}
#typev volumeevent_c335 23 "%0[DeviceControlEvent] %!FUNC!() adding volume event %10!s!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=AddEvent_Rule
{
&pContext->VolumeName, ItemPWString -- 10
}
#typev volumeevent_c331 22 "%0%!FUNC!(): AllocVolumeEvent failed %10!s!, %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=AddEvent_Rule
{
STATUS_INSUFFICIENT_RESOURCES, ItemNTSTATUS -- 10
&pContext->VolumeName, ItemPWString -- 11
}
#typev volumeevent_c323 21 "%0%!FUNC!(): Event_Rule failed %10!s!, %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=AddEvent_Rule
{
STATUS_INSUFFICIENT_RESOURCES, ItemNTSTATUS -- 10
&pContext->VolumeName, ItemPWString -- 11
}
#typev volumeevent_c182 16 "%0[DeviceControlEvent] %!FUNC!(): FltGetInstanceContext failed %10!s!, Instance - %11!p!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=AddEvent_VolumeMountBlock
{
status, ItemNTSTATUS -- 10
Instance, ItemPtr -- 11
}
#typev volumeevent_c208 19 "%0[DeviceControlEvent] %!FUNC!() adding volume event %10!s!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=AddEvent_VolumeMountBlock
{
&pContext->VolumeName, ItemPWString -- 10
}
#typev volumeevent_c204 18 "%0%!FUNC!(): AllocVolumeEvent failed %10!s!, %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=AddEvent_VolumeMountBlock
{
STATUS_INSUFFICIENT_RESOURCES, ItemNTSTATUS -- 10
&pContext->VolumeName, ItemPWString -- 11
}
#typev volumeevent_c196 17 "%0%!FUNC!(): Event_VolumeMountBlock failed %10!s!, %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=AddEvent_VolumeMountBlock
{
STATUS_INSUFFICIENT_RESOURCES, ItemNTSTATUS -- 10
&pContext->VolumeName, ItemPWString -- 11
}
#typev volumeevent_c123 11 "%0[DeviceControlEvent] Failed to create notification event %10!p! %11!p!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_VOLUME FUNC=CreateVolumeNotificationEvent
{
g_MbamWatchdogData.NotificationEvent, ItemPtr -- 10
g_MbamWatchdogData.NotificationEventHandle, ItemPtr -- 11
}
#typev volumeevent_c96 10 "%0[DeviceControlEvent] CreateVolumeNotificationEvent" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=CreateVolumeNotificationEvent
{
}
#typev volumeevent_c133 12 "%0[DeviceControlEvent] DestroyVolumeNotificationEvent" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=DestroyVolumeNotificationEvent
{
}
#typev volumeevent_c161 15 "%0[DeviceControlEvent] Notification Event is NULL %10!p! %11!p!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_VOLUME FUNC=SetVolumeNotificationEventState
{
g_MbamWatchdogData.NotificationEvent, ItemPtr -- 10
g_MbamWatchdogData.NotificationEventHandle, ItemPtr -- 11
}
#typev volumeevent_c155 14 "%0[DeviceControlEvent] KeClearEvent" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=SetVolumeNotificationEventState
{
}
#typev volumeevent_c150 13 "%0[DeviceControlEvent] KeSetEvent" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=SetVolumeNotificationEventState
{
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
22f7ef89-e97d-3f26-7a62-f8b422cb9cc6 SelfProtectionKernel // SRC=VolumeAccess.c MJ= MN=
#typev volumeaccess_c1001 40 "%0[DeviceControl] %!FUNC!(): Skipping %10!s! (Removal Policy: %11!u!)" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=CheckAndSetInstanceContext
{
&VolumeName, ItemPWString -- 10
RemovalPolicy, ItemLong -- 11
}
#typev volumeaccess_c994 39 "%0[DeviceControl] %!FUNC!(): GetStorageDeviceProperties %10!s! (Status %11!u! BusType %12!u! Removable %13!u!)" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=CheckAndSetInstanceContext
{
&VolumeName, ItemPWString -- 10
status, ItemLong -- 11
BusType, ItemLong -- 12
IsRemovable, ItemLong -- 13
}
#typev volumeaccess_c1008 41 "%0[DeviceControl] %!FUNC!(): GetDeviceProperty failed %10!s!, %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=CheckAndSetInstanceContext
{
status, ItemNTSTATUS -- 10
&VolumeName, ItemPWString -- 11
}
#typev volumeaccess_c955 38 "%0[DeviceControl] %!FUNC!(): IoGetDeviceProperty failed %10!s!, %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=CheckAndSetInstanceContext
{
status, ItemNTSTATUS -- 10
&VolumeName, ItemPWString -- 11
}
#typev volumeaccess_c939 36 "%0[DeviceControl] %!FUNC!(): IoGetDeviceObjectPointer failed %10!s!, %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=CheckAndSetInstanceContext
{
status, ItemNTSTATUS -- 10
&VolumeName, ItemPWString -- 11
}
#typev volumeaccess_c926 35 "%0[DeviceControl] %!FUNC!(): GetVolumeInfo failed %10!s!, Volume - %11!p!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=CheckAndSetInstanceContext
{
status, ItemNTSTATUS -- 10
Volume, ItemPtr -- 11
}
#typev volumeaccess_c879 34 "%0%!FUNC!(): GetFriendlyNameWin7 PDO - 0x%10!p!, failed - %11!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_VOLUME FUNC=GetDeviceProperty
{
Pdo, ItemPtr -- 10
status, ItemNTSTATUS -- 11
}
#typev volumeaccess_c867 33 "%0%!FUNC!(): GetInstanceIdWin7 PDO - 0x%10!p!, failed - %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=GetDeviceProperty
{
Pdo, ItemPtr -- 10
status, ItemNTSTATUS -- 11
}
#typev volumeaccess_c858 32 "%0%!FUNC!(): GetInstanceId Pdo - %10!p!, failed - %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=GetDeviceProperty
{
Pdo, ItemPtr -- 10
status, ItemNTSTATUS -- 11
}
#typev volumeaccess_c689 28 "%0%!FUNC!(): (propType != DEVPROP_TYPE_STRING) PDO - 0x%10!p!, propType - 0x%11!08x!, failed - %12!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=GetDevicePropertyDataString
{
Pdo, ItemPtr -- 10
propType, ItemLong -- 11
status, ItemNTSTATUS -- 12
}
#typev volumeaccess_c682 27 "%0%!FUNC!(): IoGetDevicePropertyData(DEVPKEY_Device_Parent)2 PDO - 0x%10!p!, failed - %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=GetDevicePropertyDataString
{
Pdo, ItemPtr -- 10
status, ItemNTSTATUS -- 11
}
#typev volumeaccess_c667 26 "%0%!FUNC!(): ExAllocatePoolUninitialized PDO - 0x%10!p!, size - %11!d!, failed - %12!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=GetDevicePropertyDataString
{
Pdo, ItemPtr -- 10
requiredSize, ItemLong -- 11
status, ItemNTSTATUS -- 12
}
#typev volumeaccess_c659 25 "%0%!FUNC!(): !requiredSize PDO - 0x%10!p!, failed - %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=GetDevicePropertyDataString
{
Pdo, ItemPtr -- 10
status, ItemNTSTATUS -- 11
}
#typev volumeaccess_c650 24 "%0%!FUNC!(): IoGetDevicePropertyData(DEVPKEY_Device_Parent)1 PDO - 0x%10!p!, failed - %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=GetDevicePropertyDataString
{
Pdo, ItemPtr -- 10
status, ItemNTSTATUS -- 11
}
#typev volumeaccess_c811 31 "%0%!FUNC!(): IoGetDeviceProperty2 PDO - 0x%10!p!, failed - %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=GetDevicePropertyString
{
Pdo, ItemPtr -- 10
status, ItemNTSTATUS -- 11
}
#typev volumeaccess_c795 30 "%0%!FUNC!(): ExAllocatePoolUninitialized PDO - 0x%10!p!, size - %11!d!, failed - %12!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=GetDevicePropertyString
{
Pdo, ItemPtr -- 10
retSize + sizeof(WCHAR), ItemLong -- 11
status, ItemNTSTATUS -- 12
}
#typev volumeaccess_c787 29 "%0%!FUNC!(): IoGetDeviceProperty1 PDO - 0x%10!p!, failed - %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=GetDevicePropertyString
{
Pdo, ItemPtr -- 10
status, ItemNTSTATUS -- 11
}
#typev volumeaccess_c576 23 "%0%!FUNC!(): Invalid registry key for PDO - 0x%10!p!, usObjectName - %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=GetInstanceIdWin7
{
PhysicalDeviceObject, ItemPtr -- 10
usObjectName, ItemPWString -- 11
}
#typev volumeaccess_c567 22 "%0%!FUNC!(): Invalid registry key for PDO - 0x%10!p!, usObjectName - %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=GetInstanceIdWin7
{
PhysicalDeviceObject, ItemPtr -- 10
usObjectName, ItemPWString -- 11
}
#typev volumeaccess_c557 21 "%0%!FUNC!(): RtlUpcaseUnicodeString PDO - 0x%10!p!, usObjectName - %11!s!, failed - %12!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=GetInstanceIdWin7
{
PhysicalDeviceObject, ItemPtr -- 10
usObjectName, ItemPWString -- 11
status, ItemNTSTATUS -- 12
}
#typev volumeaccess_c548 20 "%0%!FUNC!(): DevSuppQueryObjectName PDO - 0x%10!p!, pRegObject - 0x%11!p!, failed - %12!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=GetInstanceIdWin7
{
PhysicalDeviceObject, ItemPtr -- 10
pRegObject, ItemPtr -- 11
status, ItemNTSTATUS -- 12
}
#typev volumeaccess_c537 19 "%0%!FUNC!(): ObReferenceObjectByHandle PDO - 0x%10!p!, DevInstRegKey - 0x%11!p!, failed - %12!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=GetInstanceIdWin7
{
PhysicalDeviceObject, ItemPtr -- 10
devInstRegKey, ItemPtr -- 11
status, ItemNTSTATUS -- 12
}
#typev volumeaccess_c522 18 "%0%!FUNC!(): IoOpenDeviceRegistryKey PDO - 0x%10!p!, failed - %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=GetInstanceIdWin7
{
PhysicalDeviceObject, ItemPtr -- 10
status, ItemNTSTATUS -- 11
}
#typev volumeaccess_c172 10 "%0[DeviceControl] Extents->NumberOfDiskExtents is ZERO, pVolumeDevice - '%10!p!'" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=GetPDO
{
pVolumeDevice, ItemPtr -- 10
}
#typev volumeaccess_c204 11 "%0[DeviceControl] IOCTL_VOLUME_GET_VOLUME_DISK_EXTENTS unexpected status - %10!s!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=GetPDO
{
status, ItemNTSTATUS -- 10
}
#typev volumeaccess_c455 16 "%0[DeviceControl] GetVolumeStatus %10!s! (%11!p! Flags: 0x%12!X!)" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=GetSetVolumeStatus
{
&pContext->VolumeName, ItemPWString -- 10
InstanceArray[Index], ItemPtr -- 11
pContext->BlockFlags, ItemLong -- 12
}
#typev volumeaccess_c450 15 "%0[DeviceControl] SetVolumeStatus %10!s! (%11!p! Old: 0x%12!X! New 0x%13!X!)" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=GetSetVolumeStatus
{
&pContext->VolumeName, ItemPWString -- 10
InstanceArray[Index], ItemPtr -- 11
pContext->BlockFlags, ItemLong -- 12
*pStatus, ItemLong -- 13
}
#typev volumeaccess_c488 17 "%0[DeviceControl] Skipping %10!s! volume %11!s! (Flags: 0X%12!X!)" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=IsSystemVolume
{
(Flags & DO_SYSTEM_BOOT_PARTITION) ? L'boot' : L'system', ItemWString -- 10
VolumeName, ItemPWString -- 11
Flags, ItemLong -- 12
}
#typev volumeaccess_c1175 45 "%0[DeviceControl] Monitoring %10!d! of %11!d! instances" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=MbamTraceVolumeSummary
{
InterlockedAdd(&g_MbamWatchdogData.VolumesMonitored. 0), ItemLong -- 10
InterlockedAdd(&g_MbamWatchdogData.VolumesAttached. 0), ItemLong -- 11
}
#typev volumeaccess_c1121 44 "%0[DeviceControl] Removing Monitored Instance %10!s! (%11!p!)" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=RemoveMonitoredInstance
{
&pContext->VolumeName, ItemPWString -- 10
Instance, ItemPtr -- 11
}
#typev volumeaccess_c1100 43 "%0[DeviceControl] Adding Monitored Instance %10!s! (%11!p!)" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=SetInstanceContext
{
&pContext->VolumeName, ItemPWString -- 10
Instance, ItemPtr -- 11
}
#typev volumeaccess_c1070 42 "%0[DeviceControl] Allocating instance context %10!p! (New count: %11!u!)" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=SetInstanceContext
{
pContext, ItemPtr -- 10
ContextCount, ItemLong -- 11
}
#typev volumeaccess_c395 14 "%0%!FUNC!(): skip for Instance - %10!p!, status - %11!s!, isMounted - %12!s!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_VOLUME FUNC=UpdateVolumeProtection
{
InstanceArray[Index], ItemPtr -- 10
status, ItemNTSTATUS -- 11
isMounted ? 'TRUE' : 'FALSE', ItemString -- 12
}
#typev volumeaccess_c371 13 "%0[DeviceControl] SetVolumeStatus %10!s! (%11!p! Old: 0x%12!X! New 0x%13!X!)" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=UpdateVolumeProtection
{
&pContext->VolumeName, ItemPWString -- 10
InstanceArray[Index], ItemPtr -- 11
pContext->BlockFlags, ItemLong -- 12
EnableProtection ? MB_VOLUME_BLOCK_ALL_ACCESS : MB_VOLUME_FULL_ACCESS, ItemLong -- 13
}
#typev volumeaccess_c360 12 "%0[DeviceControl] %10!s! Volume Protection" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_VOLUME FUNC=UpdateVolumeProtection
{
EnableProtection ? L'Enable' : L'Disable', ItemWString -- 10
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
6b4de28c-140f-3679-8893-f5707115386b SelfProtectionKernel // SRC=RegProt.c MJ= MN=
#typev regprot_c49 10 "%0Error 0x%10!x! registering for registry callbacks" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=InitializeRegistryProtection
{
ntStatus, ItemLong -- 10
}
#typev regprot_c594 19 "%0RegFilter: Deny access to %10!s! from %11!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_REGISTRY FUNC=IsProtectedSrpHash
{
FullName, ItemPWString -- 10
GetPathForPid(PsGetCurrentProcessId()), ItemPWString -- 11
}
#typev regprot_c589 18 "%0Unrecognized Hash Size %10!d!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_REGISTRY FUNC=IsProtectedSrpHash
{
ValueInfo->DataSize, ItemLong -- 10
}
#typev regprot_c474 17 "%0RegFilter: Blocking access to %10!s! from %11!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_REGISTRY FUNC=RegistryNotifyRoutine
{
FullName, ItemPWString -- 10
GetPathForPid(PsGetCurrentProcessId()), ItemPWString -- 11
}
#typev regprot_c469 16 "%0RegFilter: Blocking rename of %10!s! to %11!s! from %12!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_REGISTRY FUNC=RegistryNotifyRoutine
{
FullName, ItemPWString -- 10
&NewName, ItemPWString -- 11
GetPathForPid(PsGetCurrentProcessId()), ItemPWString -- 12
}
#typev regprot_c455 15 "%0RegFilter: Deny rename access to %10!s! from %11!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_REGISTRY FUNC=RegistryNotifyRoutine
{
&NewName, ItemPWString -- 10
GetPathForPid(PsGetCurrentProcessId()), ItemPWString -- 11
}
#typev regprot_c347 12 "%0RegFilter: Deny access to %10!s! from %11!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_REGISTRY FUNC=RegistryNotifyRoutine
{
FullName, ItemPWString -- 10
GetPathForPid(PsGetCurrentProcessId()), ItemPWString -- 11
}
#typev regprot_c398 14 "%0RegFilter: Deny RESTORE access to %10!s! from %11!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_REGISTRY FUNC=RegistryNotifyRoutine
{
FullName, ItemPWString -- 10
GetPathForPid(PsGetCurrentProcessId()), ItemPWString -- 11
}
#typev regprot_c368 13 "%0RegFilter: Deny access to %10!s! = %11!s! from %12!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_REGISTRY FUNC=RegistryNotifyRoutine
{
FullName, ItemPWString -- 10
&srpPath, ItemPWString -- 11
GetPathForPid(PsGetCurrentProcessId()), ItemPWString -- 12
}
#typev regprot_c141 11 "%0Registry: Blocking access from quarantined process %10!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_REGISTRY FUNC=RegistryNotifyRoutine
{
GetPathForPid(PsGetCurrentProcessId()), ItemPWString -- 10
}
#typev regprot_c770 27 "%0Memory allocation failure (%10!d!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_REGISTRY FUNC=SpExpandSrpItemDataPath
{
valueName.Length, ItemLong -- 10
}
#typev regprot_c752 26 "%0Memory allocation failure (%10!d!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_REGISTRY FUNC=SpExpandSrpItemDataPath
{
regKeyPath.MaximumLength, ItemLong -- 10
}
#typev regprot_c746 25 "%0Cannot open referenced SRP key (%10!s!), (%11!s!)" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_REGISTRY FUNC=SpExpandSrpItemDataPath
{
®KeyPath, ItemPWString -- 10
ntStatus, ItemNTSTATUS -- 11
}
#typev regprot_c734 23 "%0Memory allocation failure (%10!d!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_REGISTRY FUNC=SpExpandSrpItemDataPath
{
valueLength, ItemLong -- 10
}
#typev regprot_c728 22 "%0Cannot read referenced SRP key value (%10!s! | %11!s!), (%12!s!)" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_REGISTRY FUNC=SpExpandSrpItemDataPath
{
®KeyPath, ItemPWString -- 10
&valueName, ItemPWString -- 11
ntStatus, ItemNTSTATUS -- 12
}
#typev regprot_c722 21 "%0Memory allocation failure (%10!d!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_REGISTRY FUNC=SpExpandSrpItemDataPath
{
valueInfo->DataLength, ItemLong -- 10
}
#typev regprot_c653 20 "%0Memory allocation failure (%10!d!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_REGISTRY FUNC=SpExpandSrpItemDataPath
{
valueName.MaximumLength, ItemLong -- 10
}
#typev regprot_c740 24 "%0Cannot read referenced SRP key value (%10!s! | %11!s!), (%12!s!)" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_REGISTRY FUNC=SpExpandSrpItemDataPath
{
®KeyPath, ItemPWString -- 10
&valueName, ItemPWString -- 11
ntStatus, ItemNTSTATUS -- 12
}
#typev regprot_c855 31 "%0Failed to open CurrentVersion Key (%10!s!). (%11!s!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_REGISTRY FUNC=SpGetProgramFilesDir
{
&programFilesDirKey, ItemPWString -- 10
ntStatus, ItemNTSTATUS -- 11
}
#typev regprot_c842 29 "%0Could not read ProgramFilesDir from registry (%10!s!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_REGISTRY FUNC=SpGetProgramFilesDir
{
ntStatus, ItemNTSTATUS -- 10
}
#typev regprot_c831 28 "%0Memory allocation failure (%10!d!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_REGISTRY FUNC=SpGetProgramFilesDir
{
valueInfo->DataLength, ItemLong -- 10
}
#typev regprot_c849 30 "%0Could not read ProgramFilesDir from registry (%10!s!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_REGISTRY FUNC=SpGetProgramFilesDir
{
ntStatus, ItemNTSTATUS -- 10
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
59c7e57f-bed2-3ac7-320c-3f8ae045a427 SelfProtectionKernel // SRC=ProcProt.c MJ= MN=
#typev procprot_c1008 29 "%0Error allocating memory for trusted process list - %10!u! bytes" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=AddToTrustedProcessList
{
sizeof(MB_SECURE_PROCESS), ItemLong -- 10
}
#typev procprot_c964 28 "%0Secure process: (%10!p!) %11!s!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_PROCESS FUNC=AddToTrustedProcessList
{
ProcessId, ItemPtr -- 10
PFileName, ItemPWString -- 11
}
#typev procprot_c865 26 "%0ImageNotify: Failed to find hollowed Process %10!p! (%11!s!)!!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=ImageNotify
{
ProcessId, ItemPtr -- 10
FullImageName, ItemPWString -- 11
}
#typev procprot_c858 25 "%0ImageNotify: Process %10!p! (%11!s!) header mismatch - do not trust this process." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=ImageNotify
{
ProcessId, ItemPtr -- 10
FullImageName, ItemPWString -- 11
}
#typev procprot_c852 24 "%0ImageNotify: Image did not compare!! %10!p! %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=ImageNotify
{
ProcessId, ItemPtr -- 10
FullImageName, ItemPWString -- 11
}
#typev procprot_c62 12 "%0Error 0x%10!x! registering for image load notification callbacks" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=InitializeProcessProtection
{
ntStatus, ItemLong -- 10
}
#typev procprot_c51 11 "%0Error 0x%10!x! registering for thread notification callbacks" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=InitializeProcessProtection
{
ntStatus, ItemLong -- 10
}
#typev procprot_c41 10 "%0Error 0x%10!x! registering for process callbacks" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=InitializeProcessProtection
{
ntStatus, ItemLong -- 10
}
#typev procprot_c585 23 "%0Failed to get process handle for %10!p! - %11!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=IsElevated
{
Pid->UniqueProcess, ItemPtr -- 10
status, ItemLong -- 11
}
#typev procprot_c579 22 "%0Failed to get process token for %10!p! - %11!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=IsElevated
{
Pid->UniqueProcess, ItemPtr -- 10
status, ItemLong -- 11
}
#typev procprot_c573 21 "%0Failed to get elevation information information for %10!p! - %11!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=IsElevated
{
Pid->UniqueProcess, ItemPtr -- 10
status, ItemLong -- 11
}
#typev procprot_c525 20 "%0CreateProcess: Process %10!p! (%11!s!) is exiting" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_PROCESS FUNC=ProcessNotify
{
ProcessId, ItemPtr -- 10
GetPathForPid(ProcessId), ItemPWString -- 11
}
#typev procprot_c519 19 "%0Trusted process terminating. %10!p! (%11!s!)" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_PROCESS FUNC=ProcessNotify
{
ProcessId, ItemPtr -- 10
GetPathForPid(ProcessId), ItemPWString -- 11
}
#typev procprot_c494 18 "%0Error getting path for taskmgr.exe! - %10!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=ProcessNotify
{
sts, ItemLong -- 10
}
#typev procprot_c472 17 "%0Error allocating %10!u! bytes for trusted process list" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=ProcessNotify
{
sizeof(MB_SECURE_PROCESS), ItemLong -- 10
}
#typev procprot_c456 16 "%0Error allocating %10!u! bytes for protected process list" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=ProcessNotify
{
(CreateInfo->ImageFileName->Length * sizeof(WCHAR)) + sizeof(UNICODE_STRING), ItemLong -- 10
}
#typev procprot_c444 15 "%0First thread is elevated!!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_PROCESS FUNC=ProcessNotify
{
}
#typev procprot_c422 14 "%0Trusted process starting: Process (%10!p!) Name avail: %11!x! FO %12!p!, %13!s!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_PROCESS FUNC=ProcessNotify
{
ProcessId, ItemPtr -- 10
CreateInfo->FileOpenNameAvailable, ItemLong -- 11
CreateInfo->FileObject, ItemPtr -- 12
CreateInfo->ImageFileName, ItemPWString -- 13
}
#typev procprot_c1027 30 "%0Memory allocation failure = %10!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_PROCESS FUNC=SpAddToUntrustedProcessList
{
sizeof(SP_UNTRUSTED_PROCESS) + FileName->Length, ItemLong -- 10
}
#typev procprot_c932 27 "%0First thread started for process %10!s!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_PROCESS FUNC=ThreadNotify
{
GetPathForPid(ProcessId), ItemPWString -- 10
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
09d5902f-c8a5-353f-cac0-0cb89109f523 SelfProtectionKernel // SRC=ObjProt.c MJ= MN=
#typev objprot_c67 10 "%0Error registering process callbacks - 0x%10!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=InitializeObjectProtection
{
ntStatus, ItemLong -- 10
}
#typev objprot_c288 13 "%0ObjCallback: Process (%10!s!) thread access for protected process %11!s! with access %12!x!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_PROCESS FUNC=PreProcHandleOperationRoutine
{
GetPathForPid(currentPid), ItemPWString -- 10
GetPathForPid(targetPid), ItemPWString -- 11
OperationInformation->Parameters->DuplicateHandleInformation.DesiredAccess, ItemLong -- 12
}
#typev objprot_c207 11 "%0ObjCallback: Process (%10!s!) is attempting to access protected process %11!s! for access 0x%12!x! (handle type: %13!u!)" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_PROCESS FUNC=PreProcHandleOperationRoutine
{
GetPathForPid(PsGetCurrentProcessId()), ItemPWString -- 10
GetPathForPid(PsGetProcessId((PEPROCESS)OperationInformation->Object)), ItemPWString -- 11
OperationInformation->Parameters->CreateHandleInformation.DesiredAccess, ItemLong -- 12
OperationInformation->KernelHandle, ItemLong -- 13
}
#typev objprot_c230 12 "%0ObjCallback: Process %10!s! is duplicating a handle for protected process %11!s! with access 0x%12!x! (handle type %13!u!)" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_PROCESS FUNC=PreProcHandleOperationRoutine
{
GetPathForPid(PsGetCurrentProcessId()), ItemPWString -- 10
GetPathForPid(PsGetProcessId((PEPROCESS)OperationInformation->Object)), ItemPWString -- 11
OperationInformation->Parameters->DuplicateHandleInformation.DesiredAccess, ItemLong -- 12
OperationInformation->KernelHandle, ItemLong -- 13
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
68eb102c-2981-3c15-4414-950ef6c402f1 SelfProtectionKernel // SRC=mbamwatchdog.c MJ= MN=
#typev mbamwatchdog_c216 12 "%0MBamChameleon DriverEntry Status = %10!x!." // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_OTHER FUNC=DriverEntry
{
status, ItemLong -- 10
}
#typev mbamwatchdog_c182 11 "%0Error 0x%10!x! creating symbolic link" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=DriverEntry
{
status, ItemLong -- 10
}
#typev mbamwatchdog_c169 10 "%0Error 0x%10!x! creating device object" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=DriverEntry
{
status, ItemLong -- 10
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
68eb102c-2981-3c15-4414-950ef6c402f1 SelfProtectionKernel // SRC=mbamwatchdog.c MJ= MN=
#typev mbamwatchdog_c271 13 "%0Unloading chameleon driver!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_OTHER FUNC=DriverUnload
{
}
#typev mbamwatchdog_c492 17 "%0!Filter Version is not supported. status (%10!s!), filter version (%11!d!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=InitProcFilter
{
ntStatus, ItemNTSTATUS -- 10
ObGetFilterVersion(), ItemLong -- 11
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
37fafcf4-f209-32b8-1ae1-8ca444c6495b SelfProtectionKernel // SRC=FileProt.c MJ= MN=
#typev fileprot_c444 16 "%0FileFilter: Blocking access to %10!s! from mode %11!u! - process %12!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_FS FUNC=HandleFileCreate
{
&nameInformation->Name, ItemPWString -- 10
pArgs->Data->RequestorMode, ItemLong -- 11
GetPathForPid(pid), ItemPWString -- 12
}
#typev fileprot_c424 15 "%0FileFilter: Blocking access to restrained file %10!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_FS FUNC=HandleFileCreate
{
&nameInformation->Name, ItemPWString -- 10
}
#typev fileprot_c395 14 "%0FileFilter: Blocking access from quarantined process %10!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_FS FUNC=HandleFileCreate
{
GetPathForPid(PsGetCurrentProcessId()), ItemPWString -- 10
}
#typev fileprot_c539 19 "%0Error initiating filtering - 0x%10!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=InitializeFileProtection
{
ntStatus, ItemLong -- 10
}
#typev fileprot_c523 18 "%0%!FUNC!(): DcInit failed %10!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=InitializeFileProtection
{
ntStatus, ItemNTSTATUS -- 10
}
#typev fileprot_c514 17 "%0Error registering filter - 0x%10!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_OTHER FUNC=InitializeFileProtection
{
ntStatus, ItemLong -- 10
}
#typev fileprot_c313 12 "%0!MBpInstanceTeardownComplete: Entered" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_FS FUNC=MBpInstanceTeardownComplete
{
}
#typev fileprot_c289 11 "%0!MBpInstanceTeardownStart: Entered" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_FS FUNC=MBpInstanceTeardownStart
{
}
#typev fileprot_c886 23 "%0FileFilter: Blocking access to delete protected file from %10!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_FS FUNC=MBpPreOperationSetInformation
{
GetPathForPid((HANDLE)FltGetRequestorProcessId(Data)), ItemPWString -- 10
}
#typev fileprot_c850 22 "%0FileFilter: Blocking access to rename over from %10!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_FS FUNC=MBpPreOperationSetInformation
{
GetPathForPid((HANDLE)FltGetRequestorProcessId(Data)), ItemPWString -- 10
}
#typev fileprot_c808 21 "%0FileFilter: Blocking access to set information from %10!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_FS FUNC=MBpPreOperationSetInformation
{
GetPathForPid((HANDLE)FltGetRequestorProcessId(Data)), ItemPWString -- 10
}
#typev fileprot_c764 20 "%0FileFilter: Blocking access to set security from %10!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_FS FUNC=MBpPreOperationSetSecurity
{
GetPathForPid((HANDLE)FltGetRequestorProcessId(Data)), ItemPWString -- 10
}
#typev fileprot_c337 13 "%0!MBpUnload: Entered" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_FS FUNC=MBpUnload
{
}
#typev fileprot_c185 10 "%0[DeviceControl] Freeing instance context %10!p! (New count: %11!u!)" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_VOLUME FUNC=MbContextCleanup
{
ctx, ItemPtr -- 10
ContextCount, ItemLong -- 11
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
c1a14513-2eb2-3651-07e9-bb06622ded33 SelfProtectionKernel // SRC=dc.c MJ= MN=
#typev dc_c654 23 "%0%!FUNC!(): Add2Ptr(item '%10!p!', currenItemSize '0x%11!x!') > Add2Ptr(deviceList '%12!p!', OutputBufferSize '0x%13!x!')" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=DcGetRemovableDeviceList
{
item, ItemPtr -- 10
currenItemSize, ItemLong -- 11
deviceList, ItemPtr -- 12
OutputBufferSize, ItemLong -- 13
}
#typev dc_c635 22 "%0%!FUNC!(): skip for Instance - %10!p!, status - %11!s!, isMounted - %12!s!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_VOLUME FUNC=DcGetRemovableDeviceList
{
instanceArray[index], ItemPtr -- 10
status, ItemNTSTATUS -- 11
isMounted ? 'TRUE' : 'FALSE', ItemString -- 12
}
#typev dc_c618 21 "%0%!FUNC!(): DcRemovableDeviceListCalcSize failed %10!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=DcGetRemovableDeviceList
{
status, ItemNTSTATUS -- 10
}
#typev dc_c607 20 "%0%!FUNC!(): EnumerateInstances failed %10!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=DcGetRemovableDeviceList
{
status, ItemNTSTATUS -- 10
}
#typev dc_c589 19 "%0%!FUNC!(): DcRemovableDeviceListCalcSize failed %10!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=DcGetRemovableDeviceList
{
status, ItemNTSTATUS -- 10
}
#typev dc_c580 18 "%0%!FUNC!(): DcRemovableDeviceListCalcSize failed LengthRequired == NULL" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=DcGetRemovableDeviceList
{
}
#typev dc_c574 17 "%0%!FUNC!(): DcRemovableDeviceListCalcSize failed OutputBuffer == NULL && OutputBufferSize" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=DcGetRemovableDeviceList
{
}
#typev dc_c538 16 "%0%!FUNC!(): FltGetDiskDeviceObject for Instance - %10!p! and Volume - %11!p!, failed - %12!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=DcIsDiskDeviceMounted
{
Instance, ItemPtr -- 10
volume, ItemPtr -- 11
status, ItemNTSTATUS -- 12
}
#typev dc_c531 15 "%0%!FUNC!(): FltGetVolumeFromInstance for Instance - %10!p!, failed - %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=DcIsDiskDeviceMounted
{
Instance, ItemPtr -- 10
status, ItemNTSTATUS -- 11
}
#typev dc_c756 24 "%0%!FUNC!(): Unknown CommandId - %10!d!, status - %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=DcProcessCommand
{
header->CommandId, ItemLong -- 10
status, ItemNTSTATUS -- 11
}
#typev dc_c485 14 "%0%!FUNC!(): EnumerateInstances failed %10!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_VOLUME FUNC=DcRemovableDeviceListCalcSize
{
status, ItemNTSTATUS -- 10
}
#typev dc_c439 13 "%0[DeviceControlEvent] %!FUNC!(): IsVolumeBlocked - VolumeAccessFlags (blockedAccess) - '0x%10!x!'(0x%11!x!), desiredAccess - 0x%12!x!, Action - MbDeny" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_VOLUME FUNC=DcVerify
{
VolumeAccessFlags, ItemLong -- 10
blockedAccess, ItemLong -- 11
desiredAccess, ItemLong -- 12
}
#typev dc_c413 12 "%0[DeviceControlEvent] %!FUNC!(): rule found, Action - '%10!s!'" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_VOLUME FUNC=DcVerify
{
action == MbDeny ? 'MbDeny' : 'MbAllow', ItemString -- 10
}
#typev dc_c393 11 "%0[DeviceControlEvent] %!FUNC!(): Rule found for InstanceId - '%10!s!': Id - %11!d!, Mask - '%12!s!', AccessMask - 0x%13!x!, Action - '%14!s!'" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_VOLUME FUNC=DcVerify
{
&pContext->InstanceId, ItemPWString -- 10
item->RuleId, ItemLong -- 11
&item->InstanceIdMask, ItemPWString -- 12
item->AccessMask, ItemLong -- 13
item->Action == MbDeny ? 'MbDeny' : 'MbAllow', ItemString -- 14
}
#typev dc_c359 10 "%0[DeviceControlEvent] %!FUNC!():ExAcquireRundownProtection failed" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_VOLUME FUNC=DcVerify
{
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
6271bf7d-990c-35c5-84d5-f2ed218f8a24 SelfProtectionKernel // SRC=IgMain.c MJ= MN=
#typev igmain_c342 16 "%0IOCTL rejected!! Only IOCTLs from user mode are accepted. IOCtl Code:0x%10!x!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGIOCTL FUNC=IgDispatchIoctl
{
pIrpStack->Parameters.DeviceIoControl.IoControlCode, ItemLong -- 10
}
#typev igmain_c145 14 "%0Error(0x%10!x!)!! Initializating Object Manager Protection" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IgDriverEntry
{
ntRet, ItemLong -- 10
}
#typev igmain_c136 13 "%0Error(0x%10!x!)!! Initializating Network Protection" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IgDriverEntry
{
ntRet, ItemLong -- 10
}
#typev igmain_c127 12 "%0Error(0x%10!x!)!! Initializating File System Protection" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IgDriverEntry
{
ntRet, ItemLong -- 10
}
#typev igmain_c118 11 "%0Error(0x%10!x!)!! Initializating Registry Protection" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IgDriverEntry
{
ntRet, ItemLong -- 10
}
#typev igmain_c109 10 "%0Error(0x%10!x!)!! Initializating Process Protection" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IgDriverEntry
{
ntRet, ItemLong -- 10
}
#typev igmain_c145 14 "%0Error(0x%10!x!)!! Initializating Object Manager Protection" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IgDriverEntry$fin$0
{
ntRet, ItemLong -- 10
}
#typev igmain_c136 13 "%0Error(0x%10!x!)!! Initializating Network Protection" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IgDriverEntry$fin$0
{
ntRet, ItemLong -- 10
}
#typev igmain_c127 12 "%0Error(0x%10!x!)!! Initializating File System Protection" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IgDriverEntry$fin$0
{
ntRet, ItemLong -- 10
}
#typev igmain_c118 11 "%0Error(0x%10!x!)!! Initializating Registry Protection" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IgDriverEntry$fin$0
{
ntRet, ItemLong -- 10
}
#typev igmain_c109 10 "%0Error(0x%10!x!)!! Initializating Process Protection" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IgDriverEntry$fin$0
{
ntRet, ItemLong -- 10
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
efdf1c93-a6c0-35ee-e6a7-cbbeb5fcf674 SelfProtectionKernel // SRC=IG2ProtUtils.c MJ= MN=
#typev ig2protutils_c625 30 "%0Isolated Process Count < 0" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=DecrementIsolatedProcessCount
{
}
#typev ig2protutils_c443 26 "%0Error(0x%10!X!)!! Opening symbolic link for "%11!s!" path" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=InitializeDualPath
{
ntRet, ItemLong -- 10
_pcwstrUserPath, ItemWString -- 11
}
#typev ig2protutils_c417 25 "%0Allocating %10!d! bytes of NP memory." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=InitializeDualPath
{
sizeof(S_IG2PROT_KRN_DUAL_PATH), ItemLong -- 10
}
#typev ig2protutils_c411 24 "%0Error(0x%10!X!)!! Querying size for symbolic link of "%11!s!" path." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=InitializeDualPath
{
ntRet, ItemLong -- 10
_pcwstrUserPath, ItemWString -- 11
}
#typev ig2protutils_c405 23 "%0Allocating %10!d! bytes of NP memory." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=InitializeDualPath
{
ulTotalBytes, ItemLong -- 10
}
#typev ig2protutils_c399 22 "%0Error(0x%10!X!)!! Querying symbolic link for "%11!s!" path." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=InitializeDualPath
{
ntRet, ItemLong -- 10
_pcwstrUserPath, ItemWString -- 11
}
#typev ig2protutils_c393 21 "%0Error(0x%10!X!)!! Building device path. Drive:"%11!s!", Directory:"%12!s!"." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=InitializeDualPath
{
ntRet, ItemLong -- 10
&psRetVal->ustrKernelPath, ItemPWString -- 11
_pcwstrUserPath, ItemWString -- 12
}
#typev ig2protutils_c387 20 "%0Allocating %10!d! bytes of NP memory." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=InitializeDualPath
{
_uiLength * sizeof(WCHAR), ItemLong -- 10
}
#typev ig2protutils_c380 19 "%0Dual path succesfully initialized. Usr Path:"%10!s!", Krn Path:"%11!s!"" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGUTILS FUNC=InitializeDualPath
{
&psRetVal->ustrUserPath, ItemPWString -- 10
&psRetVal->ustrKernelPath, ItemPWString -- 11
}
#typev ig2protutils_c365 18 "%0Allocating %10!d! bytes of NP memory." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=InitializeDualPath
{
ulTotalBytes, ItemLong -- 10
}
#typev ig2protutils_c359 17 "%0Error(0x%10!X!)! Uppcasing the string "%11!s!"." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGUTILS FUNC=InitializeDualPath
{
ntTmp, ItemLong -- 10
&psRetVal->ustrKernelPath, ItemPWString -- 11
}
#typev ig2protutils_c300 16 "%0Error(0x%10!X!)! Preparing Dos path for "%11!s!"." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=InitializeDualPath
{
ntRet, ItemLong -- 10
&sDriveLetter, ItemPWString -- 11
}
#typev ig2protutils_c292 15 "%0Error! Allocating %10!d! bytes" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=InitializeDualPath
{
ulLenBytes, ItemLong -- 10
}
#typev ig2protutils_c276 13 "%0Bad string size" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=InitializeDualPath
{
}
#typev ig2protutils_c270 12 "%0The parameter "_pcwstrUserPath" can not be null." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=InitializeDualPath
{
}
#typev ig2protutils_c233 11 "%0Error!! Possible corruption of isolated process list" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=IsProcessInIsolationList
{
}
#typev ig2protutils_c468 29 "%0Releasing Kernel path part:0x%10!p!. Content: %11!s!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_IGUTILS FUNC=ReleaseDualPath
{
_psDualPath->pwstrKernelPathBuffer, ItemPtr -- 10
_psDualPath->pwstrKernelPathBuffer, ItemWString -- 11
}
#typev ig2protutils_c465 28 "%0Releasing User path part:0x%10!p!. Content: %11!s!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_IGUTILS FUNC=ReleaseDualPath
{
_psDualPath->pwstrUserPathBuffer, ItemPtr -- 10
_psDualPath->pwstrUserPathBuffer, ItemWString -- 11
}
#typev ig2protutils_c463 27 "%0Releasing Dual Path object: 0x%10!p!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_IGUTILS FUNC=ReleaseDualPath
{
_psDualPath, ItemPtr -- 10
}
#typev ig2protutils_c698 33 "%0Error!! Invalid string size %10!d!." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=_ConcatPath
{
_uiLen, ItemLong -- 10
}
#typev ig2protutils_c722 35 "%0The string "%10!s!" is not a valid path." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=_ConcatPath
{
_pcwstrDirectory, ItemWString -- 10
}
#typev ig2protutils_c707 34 "%0Error!! Destination buffer size insufficient. Size:%10!d!, Required:%11!d!." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=_ConcatPath
{
_psustrNativeVolume->MaximumLength, ItemLong -- 10
usDirSize +_psustrNativeVolume->Length, ItemLong -- 11
}
#typev ig2protutils_c692 32 "%0The parameter "_pcwstrDirectory" can not be null." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=_ConcatPath
{
}
#typev ig2protutils_c686 31 "%0The parameter "_psustrDrive" can not be null." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=_ConcatPath
{
}
#typev ig2protutils_c761 39 "%0The string "%10!s!" is not a valid path." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=_ExtractDriveLetter
{
_pcwstrPath, ItemWString -- 10
}
#typev ig2protutils_c749 38 "%0The parameter "_psustrDriveLetter" can not be null." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=_ExtractDriveLetter
{
}
#typev ig2protutils_c743 37 "%0Not valid string size: %10!d!." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=_ExtractDriveLetter
{
_uiLen, ItemLong -- 10
}
#typev ig2protutils_c737 36 "%0The parameter "_pcwstrPath" can not be null." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=_ExtractDriveLetter
{
}
#typev ig2protutils_c793 41 "%0The parameter "_pulSize" can not be null." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=_PrepareDosPath
{
}
#typev ig2protutils_c787 40 "%0The parameter "_psustrSourcePath" can not be null." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGUTILS FUNC=_PrepareDosPath
{
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
b7b53f50-6ad1-34f8-0cae-9ec456fa2952 SelfProtectionKernel // SRC=IG2ProtReg.c MJ= MN=
#typev ig2protreg_c125 14 "%0IG2 Registry Protection not previously initialized" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PREG_Finalize
{
}
#typev ig2protreg_c137 15 "%0IG2 Registry Protection finalized!!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PREG_Finalize
{
}
#typev ig2protreg_c190 18 "%0Error!! Registry Protection not previously initialized" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PREG_GetState
{
}
#typev ig2protreg_c185 17 "%0Retrieving Registry Filter status: %10!s!!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PREG_GetState
{
g_psRegProtData->sCfg.bEnabled, ItemListLong(false,true) -- 10
}
#typev ig2protreg_c177 16 "%0Error!! Parameter "_pbEnabled" can not be null." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PREG_GetState
{
}
#typev ig2protreg_c88 13 "%0Error!! This function must be called in PASSIVE level not in %10!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PREG_Initialize
{
KeGetCurrentIrql(), ItemLong -- 10
}
#typev ig2protreg_c82 12 "%0Error!! Registry Protection already initialized" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PREG_Initialize
{
}
#typev ig2protreg_c75 11 "%0Error!! Parameter 2(PS_IG2PROT_ISOLATED_PROCESS_LIST) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PREG_Initialize
{
}
#typev ig2protreg_c69 10 "%0Error!! Parameter 1(PS_IG2PREG_DATA) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PREG_Initialize
{
}
#typev ig2protreg_c255 20 "%0REGISTRY OPERATION BLOCKED!! Due to restricted COM access(%10!p!):(%11!s!) - (%12!s!)." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=IgRegistryNotifyRoutine
{
hPID, ItemPtr -- 10
pustrProcessPath, ItemPWString -- 11
keyInfo->CompleteName, ItemPWString -- 12
}
#typev ig2protreg_c261 21 "%0REGISTRY OPERATION BLOCKED!! Due to rule for a process(%10!p!):(%11!s!)." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=IgRegistryNotifyRoutine
{
hPID, ItemPtr -- 10
pustrProcessPath, ItemPWString -- 11
}
#typev ig2protreg_c240 19 "%0Error(0x%10!X!)! Can't obtain full path for process %11!p!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=IgRegistryNotifyRoutine
{
ntRet, ItemLong -- 10
hPID, ItemPtr -- 11
}
#typev ig2protreg_c296 23 "%0Error!! Registry Protection not previously initialized" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=RegSetState
{
}
#typev ig2protreg_c291 22 "%0Registry Protection status changed to: %10!s!!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=RegSetState
{
_bNewState, ItemListLong(false,true) -- 10
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
7a41a10b-68c7-3fac-2a1a-fb5b2859316a SelfProtectionKernel // SRC=IG2ProtProcs.c MJ= MN=
#typev ig2protprocs_c312 26 "%0Error!! The exclusion is already in Process Protection exclusion list: "%10!s!"." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PPROCS_AddExclusion
{
&usrtExclusionPath, ItemPWString -- 10
}
#typev ig2protprocs_c306 25 "%0Error!! Can not allocate %10!d! bytes" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PPROCS_AddExclusion
{
sizeof(S_IG2PPROCS_EXCLUSION), ItemLong -- 10
}
#typev ig2protprocs_c299 24 "%0New exclusion added to Process Protection exclusion list -> [Path:"%10!s!"][Max Hits:%11!d!]" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PPROCS_AddExclusion
{
&usrtExclusionPath, ItemPWString -- 10
_usMaxHits, ItemLong -- 11
}
#typev ig2protprocs_c287 23 "%0Error!! Initializing dual path for "%10!s!"" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PPROCS_AddExclusion
{
_psExclusionPath->Path, ItemWString -- 10
}
#typev ig2protprocs_c269 22 "%0Received path("%10!s!") and hit max counter(%11!d!) to add to Process Protection Exclusions list." // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PPROCS_AddExclusion
{
&usrtExclusionPath, ItemPWString -- 10
_usMaxHits, ItemLong -- 11
}
#typev ig2protprocs_c264 21 "%0Error!! Parameter 2(PS_IG2PPROCS_CFG) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PPROCS_AddExclusion
{
}
#typev ig2protprocs_c257 20 "%0Error!! Parameter 1(_psExclusionPath) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PPROCS_AddExclusion
{
}
#typev ig2protprocs_c140 14 "%0IG2 Process Protection not previously initialized" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PPROCS_Finalize
{
}
#typev ig2protprocs_c168 16 "%0IG2 Process Protection finalized!!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PPROCS_Finalize
{
}
#typev ig2protprocs_c146 15 "%0Error!! This function must be called in PASSIVE level not in %10!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PPROCS_Finalize
{
KeGetCurrentIrql(), ItemLong -- 10
}
#typev ig2protprocs_c221 19 "%0Error!! Process Protection not previously initialized" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PPROCS_GetState
{
}
#typev ig2protprocs_c216 18 "%0Retrieving Process Filter status: %10!s!!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PPROCS_GetState
{
g_psProcsData->sCfg.bEnabled, ItemListLong(false,true) -- 10
}
#typev ig2protprocs_c208 17 "%0Error!! Parameter "_pbEnabled" can not be null." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PPROCS_GetState
{
}
#typev ig2protprocs_c99 13 "%0Error!! This function must be called in PASSIVE level not in %10!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PPROCS_Initialize
{
KeGetCurrentIrql(), ItemLong -- 10
}
#typev ig2protprocs_c89 12 "%0Error!! Process Protection already initialized" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PPROCS_Initialize
{
}
#typev ig2protprocs_c82 11 "%0Error!! Parameter 2(PS_IG2PROT_ISOLATED_PROCESS_LIST) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PPROCS_Initialize
{
}
#typev ig2protprocs_c76 10 "%0Error!! Parameter 1(PS_IG2PPROCS_DATA) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PPROCS_Initialize
{
}
#typev ig2protprocs_c381 27 "%0Not supported matching type(%10!d!) search!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=IG2PPROCS_IsExcluded
{
_eMatchType, ItemLong -- 10
}
#typev ig2protprocs_c404 29 "%0Process Protection exclusion has reached the maximum hits, removing it. Path:"%10!s!", Hits:%11!d!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=IG2PPROCS_IsExcluded
{
&psExclusion->psPath->ustrUserPath, ItemPWString -- 10
psExclusion->usCurrentHits, ItemLong -- 11
}
#typev ig2protprocs_c462 33 "%0Error!! Entry %10!d! not found in Process Protection exclusions list." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PPROCS_RemoveEntryFromExclusionList
{
_ulEntryIndex, ItemLong -- 10
}
#typev ig2protprocs_c445 32 "%0Error!! Parameter 3(PERESOURCE) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PPROCS_RemoveEntryFromExclusionList
{
}
#typev ig2protprocs_c439 31 "%0Error!! Parameter 1(_ulEntryIndex) is out of range" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PPROCS_RemoveEntryFromExclusionList
{
}
#typev ig2protprocs_c432 30 "%0Error!! Parameter 2(PLIST_ENTRY) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PPROCS_RemoveEntryFromExclusionList
{
}
#typev ig2protprocs_c570 42 "%0Permited!! Process(%10!p!) has launched new process with pid %11!p!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGFILT FUNC=IgProcessCreateNotifyRoutineExUnload
{
_psCreateInfo->CreatingThreadId.UniqueProcess, ItemPtr -- 10
_hProcessId, ItemPtr -- 11
}
#typev ig2protprocs_c559 40 "%0PROCESS OPERATION BLOCKED!! New process(%10!p!) to be created. Launcher Process PID:%11!p!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=IgProcessCreateNotifyRoutineExUnload
{
_hProcessId, ItemPtr -- 10
_psCreateInfo->CreatingThreadId.UniqueProcess, ItemPtr -- 11
}
#typev ig2protprocs_c564 41 "%0PROCESS OPERATION PERMITED due to an EXCLUSION!! New process(%10!p!) to be created. Launcher Process PID:%11!p!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGFILT FUNC=IgProcessCreateNotifyRoutineExUnload
{
_hProcessId, ItemPtr -- 10
_psCreateInfo->CreatingThreadId.UniqueProcess, ItemPtr -- 11
}
#typev ig2protprocs_c550 39 "%0Error(0x%10!X!)! Obtaining path for process(%11!p!) to be launched. Impossible to check exclusions!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=IgProcessCreateNotifyRoutineExUnload
{
ntRet, ItemLong -- 10
_hProcessId, ItemPtr -- 11
}
#typev ig2protprocs_c527 38 "%0Warning!! We don't have image file name information, checking only by pid(%10!p!)" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=IgProcessCreateNotifyRoutineExUnload
{
_hProcessId, ItemPtr -- 10
}
#typev ig2protprocs_c521 37 "%0Process([%10!p!]"%11!s!") attempting to launch new process [%12!p!]." // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGFILT FUNC=IgProcessCreateNotifyRoutineExUnload
{
_psCreateInfo->CreatingThreadId.UniqueProcess, ItemPtr -- 10
pustrParentImagePath, ItemPWString -- 11
_hProcessId, ItemPtr -- 12
}
#typev ig2protprocs_c518 36 "%0Process([%10!p!]"%11!s!") attempting to launch new process [%12!p!]"%13!s!"." // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGFILT FUNC=IgProcessCreateNotifyRoutineExUnload
{
_psCreateInfo->CreatingThreadId.UniqueProcess, ItemPtr -- 10
pustrParentImagePath, ItemPWString -- 11
_hProcessId, ItemPtr -- 12
_psCreateInfo->ImageFileName, ItemPWString -- 13
}
#typev ig2protprocs_c511 35 "%0New process(%10!p!) attempted to launch" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGFILT FUNC=IgProcessCreateNotifyRoutineExUnload
{
_hProcessId, ItemPtr -- 10
}
#typev ig2protprocs_c506 34 "%0New process([%10!p!]"%11!s!") attempted to launch." // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGFILT FUNC=IgProcessCreateNotifyRoutineExUnload
{
_hProcessId, ItemPtr -- 10
_psCreateInfo->ImageFileName, ItemPWString -- 11
}
#typev ig2protprocs_c641 44 "%0Error!! Process Protection not previously initialized" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=ProcsSetState
{
}
#typev ig2protprocs_c636 43 "%0Process Protection status changed to: %10!s!!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=ProcsSetState
{
_bNewState, ItemListLong(false,true) -- 10
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
1b7d96e6-0ebc-3b3c-4eec-e1aee9d1d5ec SelfProtectionKernel // SRC=IG2ProtObj.c MJ= MN=
#typev ig2protobj_c121 14 "%0IG2 Object Manager Protection not previously initialized" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGINIT FUNC=IG2POBJ_Finalize
{
}
#typev ig2protobj_c133 15 "%0IG2 Object Manager Protection finalized!!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=IG2POBJ_Finalize
{
}
#typev ig2protobj_c186 18 "%0Error!! Object Manager Protection not previously initialized" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2POBJ_GetState
{
}
#typev ig2protobj_c181 17 "%0Retrieving Object Manager Filter status: %10!s!!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=IG2POBJ_GetState
{
g_psObjProtData->sCfg.bEnabled, ItemListLong(false,true) -- 10
}
#typev ig2protobj_c173 16 "%0Error!! Parameter "_pbEnabled" can not be null." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2POBJ_GetState
{
}
#typev ig2protobj_c91 13 "%0Error!! This function must be called in PASSIVE level not in %10!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2POBJ_Initialize
{
KeGetCurrentIrql(), ItemLong -- 10
}
#typev ig2protobj_c85 12 "%0Error!! Object Manager Protection already initialized" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2POBJ_Initialize
{
}
#typev ig2protobj_c78 11 "%0Error!! Parameter 2(PS_IG2PROT_ISOLATED_PROCESS_LIST) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2POBJ_Initialize
{
}
#typev ig2protobj_c72 10 "%0Error!! Parameter 1(PS_IG2POBJ_DATA) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2POBJ_Initialize
{
}
#typev ig2protobj_c297 24 "%0Unrecognized object type. process (%10!p!) (%11!s!)." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=IgObjectNotifyRoutine
{
originPID, ItemPtr -- 10
pustrProcessPath, ItemPWString -- 11
}
#typev ig2protobj_c287 23 "%0THREAD HANDLE DUPLICATE BLOCKED!! OriginalAccess (0x%10!x!), DesiredAccess (0x%11!x!) AllowedAccess (0x%12!x!), process (%13!p!) (%14!s!)." // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_IGFILT FUNC=IgObjectNotifyRoutine
{
_pOperationInformation->Parameters->DuplicateHandleInformation.OriginalDesiredAccess, ItemLong -- 10
desiredAccess, ItemLong -- 11
_pOperationInformation->Parameters->DuplicateHandleInformation.DesiredAccess, ItemLong -- 12
originPID, ItemPtr -- 13
pustrProcessPath, ItemPWString -- 14
}
#typev ig2protobj_c277 22 "%0THREAD HANDLE CREATE BLOCKED!! OriginalAccess (0x%10!x!), DesiredAccess (0x%11!x!) AllowedAccess (0x%12!x!), process (%13!p!) (%14!s!)." // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_IGFILT FUNC=IgObjectNotifyRoutine
{
_pOperationInformation->Parameters->CreateHandleInformation.OriginalDesiredAccess, ItemLong -- 10
desiredAccess, ItemLong -- 11
_pOperationInformation->Parameters->CreateHandleInformation.DesiredAccess, ItemLong -- 12
originPID, ItemPtr -- 13
pustrProcessPath, ItemPWString -- 14
}
#typev ig2protobj_c259 21 "%0PROCESS HANDLE DUPLICATE BLOCKED!! OriginalAccess (0x%10!x!), DesiredAccess (0x%11!x!) AllowedAccess (0x%12!x!), process (%13!p!) (%14!s!)." // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_IGFILT FUNC=IgObjectNotifyRoutine
{
_pOperationInformation->Parameters->DuplicateHandleInformation.OriginalDesiredAccess, ItemLong -- 10
desiredAccess, ItemLong -- 11
_pOperationInformation->Parameters->DuplicateHandleInformation.DesiredAccess, ItemLong -- 12
originPID, ItemPtr -- 13
pustrProcessPath, ItemPWString -- 14
}
#typev ig2protobj_c249 20 "%0PROCESS HANDLE CREATE BLOCKED!! OriginalAccess (0x%10!x!), DesiredAccess (0x%11!x!), AllowedAccess (0x%12!x!), process (%13!p!) (%14!s!)." // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_IGFILT FUNC=IgObjectNotifyRoutine
{
_pOperationInformation->Parameters->CreateHandleInformation.OriginalDesiredAccess, ItemLong -- 10
desiredAccess, ItemLong -- 11
_pOperationInformation->Parameters->CreateHandleInformation.DesiredAccess, ItemLong -- 12
originPID, ItemPtr -- 13
pustrProcessPath, ItemPWString -- 14
}
#typev ig2protobj_c230 19 "%0Error(0x%10!X!)! Can't obtain full path for process %11!p!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=IgObjectNotifyRoutine
{
ntRet, ItemLong -- 10
originPID, ItemPtr -- 11
}
#typev ig2protobj_c330 26 "%0Error!! Object Manager Protection not previously initialized" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=ObjSetState
{
}
#typev ig2protobj_c325 25 "%0Object Manager Protection status changed to: %10!s!!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=ObjSetState
{
_bNewState, ItemListLong(false,true) -- 10
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
3b4b52de-267d-30d7-03e3-0d7d7ac34b8d SelfProtectionKernel // SRC=IG2ProtNet.c MJ= MN=
#typev ig2protnet_c1135 47 "%0Error(0x%10!X!)!! Begining Filter Engine Transaction." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewFilterForRegisteredCallouts
{
ntStatus, ItemLong -- 10
}
#typev ig2protnet_c1103 45 "%0Error!! Invalid callout entry in list. Index: %10!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewFilterForRegisteredCallouts
{
i, ItemLong -- 10
}
#typev ig2protnet_c1127 46 "%0Error(0x%10!x!)!! Invalid Filter Engine handle." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewFilterForRegisteredCallouts
{
ntStatus, ItemLong -- 10
}
#typev ig2protnet_c1022 44 "%0Error(0x%10!X!)!! Begining Filter Engine Transaction." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewFilterForRegisteredCallouts
{
ntStatus, ItemLong -- 10
}
#typev ig2protnet_c1586 64 "%0Added! New ALE Resource Assignment Filter by PID(%10!p!) and Path("%11!s!") filter for callout %12!s!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewPIDAndPathFilter
{
_hPID, ItemPtr -- 10
_pustrPath, ItemPWString -- 11
_pguidCalloutKey, ItemGuid -- 12
}
#typev ig2protnet_c1579 63 "%0Error(0x%10!X!)! Adding ALE Resource Assignment Filter by PID(%11!p!) and Path("%12!s!") filter for callout %13!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewPIDAndPathFilter
{
ntStatus, ItemLong -- 10
_hPID, ItemPtr -- 11
_pustrPath, ItemPWString -- 12
_pguidCalloutKey, ItemGuid -- 13
}
#typev ig2protnet_c1564 62 "%0Error! Can not reserve memory for %10!d! bytes." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewPIDAndPathFilter
{
_pustrPath->MaximumLength, ItemLong -- 10
}
#typev ig2protnet_c1550 61 "%0Error! Can not reserve memory for %10!d! bytes." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewPIDAndPathFilter
{
sizeof(S_IG2PNET_ADDED_FILTER), ItemLong -- 10
}
#typev ig2protnet_c1541 60 "%0Error(0x%10!X!)! Can not generate UUID for filter. Rule Path: %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewPIDAndPathFilter
{
ntStatus, ItemLong -- 10
_pustrPath, ItemPWString -- 11
}
#typev ig2protnet_c1523 59 "%0Error(0x%10!X!)! Build AppId blob with path "%11!s!"." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewPIDAndPathFilter
{
ntStatus, ItemLong -- 10
_pustrPath, ItemPWString -- 11
}
#typev ig2protnet_c1490 58 "%0Error(0x%10!X!)! Building DisplayName string for App with PID %11!p! and Path "%12!s!"" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewPIDAndPathFilter
{
ntRet, ItemLong -- 10
_hPID, ItemPtr -- 11
_pustrPath, ItemPWString -- 12
}
#typev ig2protnet_c1244 51 "%0Added! New ALE Resource Assignment PID(%10!p!) filter for callout %11!s!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewPIDFilter
{
_hPID, ItemPtr -- 10
_pguidCalloutKey, ItemGuid -- 11
}
#typev ig2protnet_c1238 50 "%0Error(0x%10!X!)! Adding ALE Resource Assignment PID(%11!p!) filter for callout %12!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewPIDFilter
{
ntStatus, ItemLong -- 10
_hPID, ItemPtr -- 11
_pguidCalloutKey, ItemGuid -- 12
}
#typev ig2protnet_c1220 49 "%0Error! Can not reserve memory for %10!d! bytes." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewPIDFilter
{
sizeof(S_IG2PNET_ADDED_FILTER), ItemLong -- 10
}
#typev ig2protnet_c1212 48 "%0Error(0x%10!X!)! Can not generate UUID for filter. Rule PID:%11!p!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewPIDFilter
{
ntStatus, ItemLong -- 10
_hPID, ItemPtr -- 11
}
#typev ig2protnet_c1402 57 "%0Added! New ALE Resource Assignment Path("%10!s!") filter for callout %11!s!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewPathFilter
{
_pustrPath, ItemPWString -- 10
_pguidCalloutKey, ItemGuid -- 11
}
#typev ig2protnet_c1395 56 "%0Error(0x%10!X!)! Adding ALE Resource Assignment Path("%11!s!") filter for callout %12!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewPathFilter
{
ntStatus, ItemLong -- 10
_pustrPath, ItemPWString -- 11
_pguidCalloutKey, ItemGuid -- 12
}
#typev ig2protnet_c1380 55 "%0Error! Can not reserve memory for %10!d! bytes." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewPathFilter
{
_pustrPath->MaximumLength, ItemLong -- 10
}
#typev ig2protnet_c1366 54 "%0Error! Can not reserve memory for %10!d! bytes." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewPathFilter
{
sizeof(S_IG2PNET_ADDED_FILTER), ItemLong -- 10
}
#typev ig2protnet_c1357 53 "%0Error(0x%10!X!)! Can not generate UUID for filter. Rule Path: %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewPathFilter
{
ntStatus, ItemLong -- 10
_pustrPath, ItemPWString -- 11
}
#typev ig2protnet_c1339 52 "%0Error(0x%10!X!)! Build AppId blob with path "%11!s!"." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=AddNewPathFilter
{
ntStatus, ItemLong -- 10
_pustrPath, ItemPWString -- 11
}
#typev ig2protnet_c295 20 "%0IG2 Network Protection not previously initialized" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PNET_Finalize
{
}
#typev ig2protnet_c331 22 "%0IG2 Network Protection finalized!!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PNET_Finalize
{
}
#typev ig2protnet_c301 21 "%0Error!! This function must be called in PASSIVE level not in %10!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PNET_Finalize
{
KeGetCurrentIrql(), ItemLong -- 10
}
#typev ig2protnet_c386 25 "%0Error!! Network Protection not previously initialized" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PNET_GetState
{
}
#typev ig2protnet_c381 24 "%0Retrieving Network Filter status: %10!s!!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PNET_GetState
{
g_psNetProtData->sCfg.bEnabled, ItemListLong(false,true) -- 10
}
#typev ig2protnet_c373 23 "%0Error!! Parameter "_pbEnabled" can not be null." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PNET_GetState
{
}
#typev ig2protnet_c250 19 "%0Error(0x%10!X!)!! Commiting Filter Engine Transaction." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PNET_Initialize
{
ntStatus, ItemLong -- 10
}
#typev ig2protnet_c238 18 "%0Error(0x%10!X!)!! Installing ALE Resource Assignment callout." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PNET_Initialize
{
ntStatus, ItemLong -- 10
}
#typev ig2protnet_c230 17 "%0Error(0x%10!X!)!! Installing ALE Resource Assignment callout." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PNET_Initialize
{
ntStatus, ItemLong -- 10
}
#typev ig2protnet_c217 16 "%0Error(0x%10!X!)!! Adding ALE Resource Assignment Sublayer." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PNET_Initialize
{
ntStatus, ItemLong -- 10
}
#typev ig2protnet_c201 15 "%0Error(0x%10!X!)!! Begining Filter Engine Transaction." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PNET_Initialize
{
ntStatus, ItemLong -- 10
}
#typev ig2protnet_c193 14 "%0Error(0x%10!X!)!! Opening Filter Engine." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PNET_Initialize
{
ntStatus, ItemLong -- 10
}
#typev ig2protnet_c169 13 "%0Error!! This function must be called in PASSIVE level not in %10!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PNET_Initialize
{
KeGetCurrentIrql(), ItemLong -- 10
}
#typev ig2protnet_c163 12 "%0Error!! Network Protection already initialized" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PNET_Initialize
{
}
#typev ig2protnet_c156 11 "%0Error!! Parameter 2(PS_IG2PROT_ISOLATED_PROCESS_LIST) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PNET_Initialize
{
}
#typev ig2protnet_c150 10 "%0Error!! Parameter 1(PS_IG2PNET_DATA) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PNET_Initialize
{
}
#typev ig2protnet_c900 41 "%0NETWORK BIND OPERATION MUST BE BLOCKED!! Due to rule for a process PID(%10!p!)." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=IsFilteredByPID
{
hPID, ItemPtr -- 10
}
#typev ig2protnet_c974 43 "%0NETWORK BIND OPERATION MUST BE BLOCKED!! Due to rule for a process PID(%10!p!) and Path("%11!s!")." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=IsFilteredByPIDandPath
{
hPID, ItemPtr -- 10
&ustrPath, ItemPWString -- 11
}
#typev ig2protnet_c930 42 "%0NETWORK BIND OPERATION MUST BE BLOCKED!! Due to rule for a Path(%10!s!)." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=IsFilteredByPath
{
&ustrPath, ItemPWString -- 10
}
#typev ig2protnet_c1760 70 "%0Error!! Network Protection not previously initialized" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=NetSetState
{
}
#typev ig2protnet_c1755 69 "%0Network Protection status changed to: %10!s!!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=NetSetState
{
_bNewState, ItemListLong(false,true) -- 10
}
#typev ig2protnet_c1954 75 "%0Error!! Invalid Filter Engine Handle." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=PurgeAddedFilters
{
}
#typev ig2protnet_c1946 74 "%0Error(0x%10!X!)!! Begining Filter Engine Transaction." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=PurgeAddedFilters
{
ntStatus, ItemLong -- 10
}
#typev ig2protnet_c1941 73 "%0Error(0x%10!x!)!! Commiting Filter Engine transaction." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=PurgeAddedFilters
{
ntStatus, ItemLong -- 10
}
#typev ig2protnet_c1929 72 "%0Filter(0x%10!I64d!) purged succesfully from Engine Filter." // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGFILT FUNC=PurgeAddedFilters
{
pFilter->iu64FilterID, ItemLongLong -- 10
}
#typev ig2protnet_c1924 71 "%0Error(0x%10!X!)!! Deleting filter(0x%11!I64d!) from Engine Filter." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFILT FUNC=PurgeAddedFilters
{
ntRet, ItemLong -- 10
pFilter->iu64FilterID, ItemLongLong -- 11
}
#typev ig2protnet_c1721 68 "%0Error(0x%10!x!)!! Registering ALE Resource Assignment callout %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=RegisterALEResourceAssignmnentCallout
{
ntStatus, ItemLong -- 10
_pguidCalloutKey, ItemGuid -- 11
}
#typev ig2protnet_c1702 67 "%0Error! Can not reserve %10!d! bytes" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=RegisterALEResourceAssignmnentCallout
{
sizeof(S_IG2PNET_REGISTERED_CALLOUT), ItemLong -- 10
}
#typev ig2protnet_c1687 66 "%0Error(0x%10!X!)! Adding ALE Resource Assignment callout %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=RegisterALEResourceAssignmnentCallout
{
ntStatus, ItemLong -- 10
_pguidCalloutKey, ItemGuid -- 11
}
#typev ig2protnet_c1667 65 "%0ALE Resource Assignment callout(%10!s!) registered succesfully!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=RegisterALEResourceAssignmnentCallout
{
_pguidCalloutKey, ItemGuid -- 10
}
#typev ig2protnet_c703 33 "%0Error!! Invalid Filter Engine Handle." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=ReleaseCallouts
{
}
#typev ig2protnet_c652 29 "%0Error! Can no reserve memory for %10!d! bytes." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=ReleaseCallouts
{
usRegisteredCalloutsCount * sizeof(UINT32), ItemLong -- 10
}
#typev ig2protnet_c694 32 "%0Error(0x%10!x!)!! Commiting Filter Engine transaction." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=ReleaseCallouts
{
ntStatus, ItemLong -- 10
}
#typev ig2protnet_c682 31 "%0Error(0x%10!X!)!! Unregistering callout(0x%11!X!) from Engine Filter." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=ReleaseCallouts
{
ntRet, ItemLong -- 10
psRegisteredCallout->ui32ID, ItemLong -- 11
}
#typev ig2protnet_c668 30 "%0Error(0x%10!X!)!! Begining Filter Engine Transaction." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=ReleaseCallouts
{
ntStatus, ItemLong -- 10
}
#typev ig2protnet_c645 28 "%0Error! Filter entry with index %10!d! not found." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=ReleaseCallouts
{
i, ItemLong -- 10
}
#typev ig2protnet_c851 40 "%0Error!! Invalid Filter Engine Handle." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=ReleaseFilters
{
}
#typev ig2protnet_c801 36 "%0Error! Can no reserve memory for %10!d! bytes." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=ReleaseFilters
{
usAddedFilterCount * sizeof(UINT64), ItemLong -- 10
}
#typev ig2protnet_c842 39 "%0Error(0x%10!x!)!! Commiting Filter Engine transaction." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=ReleaseFilters
{
ntStatus, ItemLong -- 10
}
#typev ig2protnet_c831 38 "%0Error(0x%10!X!)!! Deleting filter(0x%11!I64d!) from Engine Filter." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=ReleaseFilters
{
ntRet, ItemLong -- 10
pui64FiltersToDel[j], ItemLongLong -- 11
}
#typev ig2protnet_c816 37 "%0Error(0x%10!X!)!! Begining Filter Engine Transaction." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=ReleaseFilters
{
ntStatus, ItemLong -- 10
}
#typev ig2protnet_c793 35 "%0Error! Filter entry with index %10!d! not found." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=ReleaseFilters
{
i, ItemLong -- 10
}
#typev ig2protnet_c528 26 "%0Error!! Not context accesible." // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGFILT FUNC=cfnIG2PNetALERAClassify
{
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
b4cdf210-5eda-3065-8c44-3eb892b7ad26 SelfProtectionKernel // SRC=IG2ProtFs.c MJ= MN=
#typev ig2protfs_c1246 59 "%0Could not copy exclusion path. Status (%10!s!), Path (%11!s!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFS FUNC=AddDefaultExcludedFile
{
ntStatus, ItemNTSTATUS -- 10
excludeIG2Path->Path, ItemWString -- 11
}
#typev ig2protfs_c1241 58 "%0Could not concatenate exclusion path. Status (%10!s!), Dest (%11!s!) Src (%12!s!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFS FUNC=AddDefaultExcludedFile
{
ntStatus, ItemNTSTATUS -- 10
excludeIG2Path->Path, ItemWString -- 11
_fileSpec, ItemWString -- 12
}
#typev ig2protfs_c1236 57 "%0Could not determine length of exclusion path. Status (%10!s!), Path (%11!s!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFS FUNC=AddDefaultExcludedFile
{
ntStatus, ItemNTSTATUS -- 10
excludeIG2Path->Path, ItemWString -- 11
}
#typev ig2protfs_c1231 56 "%0Could not add default excluded path. Status (%10!s!), Path (%11!s!)" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFS FUNC=AddDefaultExcludedFile
{
ntStatus, ItemNTSTATUS -- 10
excludeIG2Path->Path, ItemWString -- 11
}
#typev ig2protfs_c1203 55 "%0Memory allocation error (%10!d!)" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGFS FUNC=AddDefaultExcludedFile
{
sizeof(S_IG2PROT_PATH) + excludeIG2PathLength, ItemLong -- 10
}
#typev ig2protfs_c568 34 "%0Error!! File System Protection not previously initialized" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=FsSetState
{
}
#typev ig2protfs_c563 33 "%0File System Protection status changed to: %10!s!!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=FsSetState
{
_bNewState, ItemListLong(false,true) -- 10
}
#typev ig2protfs_c394 26 "%0Error!! The process is already in File System exclusion list: "%10!s!"." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PFS_AddExclusionPath
{
&usrtExclusionPath, ItemPWString -- 10
}
#typev ig2protfs_c388 25 "%0Error!! Can not allocate %10!d! bytes" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PFS_AddExclusionPath
{
sizeof(S_IG2PROT_EXCLUDED_PATH), ItemLong -- 10
}
#typev ig2protfs_c382 24 "%0New path added to File System list: %10!s!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PFS_AddExclusionPath
{
&usrtExclusionPath, ItemPWString -- 10
}
#typev ig2protfs_c371 23 "%0Error!! Initializing dual path for "%10!s!"" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PFS_AddExclusionPath
{
_psExclusionPath->Path, ItemWString -- 10
}
#typev ig2protfs_c351 22 "%0Received path to add to FS Exclusions list: "%10!s!"." // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PFS_AddExclusionPath
{
&usrtExclusionPath, ItemPWString -- 10
}
#typev ig2protfs_c346 21 "%0Error!! Parameter 2(PS_IG2PFS_CFG) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PFS_AddExclusionPath
{
}
#typev ig2protfs_c339 20 "%0Error!! Parameter 1(PS_IG2PROT_PATH) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PFS_AddExclusionPath
{
}
#typev ig2protfs_c219 14 "%0IG2 File System Protection not previously initialized" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PFS_Finalize
{
}
#typev ig2protfs_c247 16 "%0IG2 File System Protection finalized!!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PFS_Finalize
{
}
#typev ig2protfs_c225 15 "%0Error!! This function must be called in PASSIVE level not in %10!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PFS_Finalize
{
KeGetCurrentIrql(), ItemLong -- 10
}
#typev ig2protfs_c315 19 "%0Error!! File System Protection not previously initialized" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PFS_GetState
{
}
#typev ig2protfs_c310 18 "%0Retrieving File System Filter status: %10!s!!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PFS_GetState
{
g_psFSProtData->sCfg.bEnabled, ItemListLong(false,true) -- 10
}
#typev ig2protfs_c302 17 "%0Error!! Parameter "_pbEnabled" can not be null." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PFS_GetState
{
}
#typev ig2protfs_c181 13 "%0Error!! This function must be called in PASSIVE level not in %10!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PFS_Initialize
{
KeGetCurrentIrql(), ItemLong -- 10
}
#typev ig2protfs_c175 12 "%0Error!! File System Protection already initialized" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PFS_Initialize
{
}
#typev ig2protfs_c168 11 "%0Error!! Parameter 2(PS_IG2PROT_ISOLATED_PROCESS_LIST) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PFS_Initialize
{
}
#typev ig2protfs_c162 10 "%0Error!! Parameter 1(PS_IG2PFS_DATA) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGINIT FUNC=IG2PFS_Initialize
{
}
#typev ig2protfs_c462 27 "%0Not supported matching type(%10!d!) search!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGUTILS FUNC=IG2PFS_IsInExclusionList
{
_eMatchType, ItemLong -- 10
}
#typev ig2protfs_c525 32 "%0Error!! Entry %10!d! not found in FS Exclusions list." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PFS_RemoveEntryFromExclusionList
{
_ulEntryIndex, ItemLong -- 10
}
#typev ig2protfs_c508 31 "%0Error!! Parameter 3(PERESOURCE) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PFS_RemoveEntryFromExclusionList
{
}
#typev ig2protfs_c502 30 "%0Error!! Parameter 1(_ulEntryIndex) is out of range" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PFS_RemoveEntryFromExclusionList
{
}
#typev ig2protfs_c495 29 "%0Error!! Parameter 2(PLIST_ENTRY) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=IG2PFS_RemoveEntryFromExclusionList
{
}
#typev ig2protfs_c1007 52 "%0FILE SYSTEM OPERATION BLOCKED! Path not available (%10!s!), DesiredAccess (0x%11!08x!), Options (0x%12!08x!), Process (%13!p!)(%14!s!)" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=cbIG2PFsPreCreate
{
ntRet, ItemNTSTATUS -- 10
_psData->Iopb->Parameters.Create.SecurityContext->DesiredAccess, ItemLong -- 11
_psData->Iopb->Parameters.Create.Options, ItemLong -- 12
hPID, ItemPtr -- 13
pustrProcessPath, ItemPWString -- 14
}
#typev ig2protfs_c1002 51 "%0FILE SYSTEM OPERATION BLOCKED! Path (%10!s!), DesiredAccess (0x%11!08x!), Options (0x%12!08x!), Process (%13!p!)(%14!s!)" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=cbIG2PFsPreCreate
{
&pfltFileNameInfo->Name, ItemPWString -- 10
_psData->Iopb->Parameters.Create.SecurityContext->DesiredAccess, ItemLong -- 11
_psData->Iopb->Parameters.Create.Options, ItemLong -- 12
hPID, ItemPtr -- 13
pustrProcessPath, ItemPWString -- 14
}
#typev ig2protfs_c990 50 "%0Could not get file name information. status (%10!s!)" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=cbIG2PFsPreCreate
{
ntRet, ItemNTSTATUS -- 10
}
#typev ig2protfs_c984 49 "%0FS benign Create operation from %10!p! is allowed!! Matched path: %11!s!." // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_IGFILT FUNC=cbIG2PFsPreCreate
{
hPID, ItemPtr -- 10
&pfltFileNameInfo->Name, ItemPWString -- 11
}
#typev ig2protfs_c963 48 "%0FS Create operation from %10!p! is excluded!! Matched path: %11!s!." // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGFILT FUNC=cbIG2PFsPreCreate
{
hPID, ItemPtr -- 10
&pfltFileNameInfo->Name, ItemPWString -- 11
}
#typev ig2protfs_c941 47 "%0Error(0x%10!X!)! Can't obtain full path for process %11!p!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=cbIG2PFsPreCreate
{
ntRet, ItemLong -- 10
hPID, ItemPtr -- 11
}
#typev ig2protfs_c824 46 "%0FILE SYSTEM OPERATION BLOCKED(Set Information:"No path available->Error code:0x%10!X!")!! Due to rule for a process(%11!p!): "%12!s!"." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=cbIG2PFsPreSetInformation
{
ntRet, ItemLong -- 10
hPID, ItemPtr -- 11
pustrProcessPath, ItemPWString -- 12
}
#typev ig2protfs_c821 45 "%0FILE SYSTEM OPERATION BLOCKED(Set Information:"%10!s!")!! Due to rule for a process(%11!p!): "%12!s!"." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=cbIG2PFsPreSetInformation
{
&pfltFileNameInfo->Name, ItemPWString -- 10
hPID, ItemPtr -- 11
pustrProcessPath, ItemPWString -- 12
}
#typev ig2protfs_c815 44 "%0FILE SYSTEM OPERATION BLOCKED(Set Information:"No path available->Error code:0x%10!X!")!! Due to rule for a process(%11!p!)." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=cbIG2PFsPreSetInformation
{
ntRet, ItemLong -- 10
hPID, ItemPtr -- 11
}
#typev ig2protfs_c812 43 "%0FILE SYSTEM OPERATION BLOCKED(Set Information:"%10!s!")!! Due to rule for a process(%11!p!)." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=cbIG2PFsPreSetInformation
{
&pfltFileNameInfo->Name, ItemPWString -- 10
hPID, ItemPtr -- 11
}
#typev ig2protfs_c795 42 "%0FS SetInformation operation from %10!p! is excluded!! Matched path: %11!s!." // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGFILT FUNC=cbIG2PFsPreSetInformation
{
hPID, ItemPtr -- 10
&pfltFileNameInfo->Name, ItemPWString -- 11
}
#typev ig2protfs_c777 41 "%0Error(0x%10!X!)! Can't obtain full path for process %11!p!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=cbIG2PFsPreSetInformation
{
ntRet, ItemLong -- 10
hPID, ItemPtr -- 11
}
#typev ig2protfs_c710 40 "%0FILE SYSTEM OPERATION BLOCKED(Set Security:"No path available->Error code:0x%10!X!")!! Due to rule for a process(%11!p!): "%12!s!"." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=cbIG2PFsPreSetSecurity
{
ntRet, ItemLong -- 10
hPID, ItemPtr -- 11
pustrProcessPath, ItemPWString -- 12
}
#typev ig2protfs_c707 39 "%0FILE SYSTEM OPERATION BLOCKED(Set Security:"%10!s!")!! Due to rule for a process(%11!p!): "%12!s!"." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=cbIG2PFsPreSetSecurity
{
&pfltFileNameInfo->Name, ItemPWString -- 10
hPID, ItemPtr -- 11
pustrProcessPath, ItemPWString -- 12
}
#typev ig2protfs_c701 38 "%0FILE SYSTEM OPERATION BLOCKED(Set Security:"No path available->Error code:0x%10!X!")!! Due to rule for a process(%11!p!)." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=cbIG2PFsPreSetSecurity
{
ntRet, ItemLong -- 10
hPID, ItemPtr -- 11
}
#typev ig2protfs_c698 37 "%0FILE SYSTEM OPERATION BLOCKED(Set Security:"%10!s!")!! Due to rule for a process(%11!p!)." // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=cbIG2PFsPreSetSecurity
{
&pfltFileNameInfo->Name, ItemPWString -- 10
hPID, ItemPtr -- 11
}
#typev ig2protfs_c681 36 "%0FS SetSecurity operation from %10!p! is excluded!! Matched path: %11!s!." // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGFILT FUNC=cbIG2PFsPreSetSecurity
{
hPID, ItemPtr -- 10
&pfltFileNameInfo->Name, ItemPWString -- 11
}
#typev ig2protfs_c662 35 "%0Error(0x%10!X!)! Can't obtain full path for process %11!p!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_IGFILT FUNC=cbIG2PFsPreSetSecurity
{
ntRet, ItemLong -- 10
hPID, ItemPtr -- 11
}
#typev ig2protfs_c1056 54 "%0Refuse to unload the FS Mnifilter because is enable and is not mandatory." // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=cbIG2PFsUnload
{
}
#typev ig2protfs_c1051 53 "%0Entered in FS Minifilter unload." // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGINIT FUNC=cbIG2PFsUnload
{
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
2c864721-6a56-393c-64da-ff10b0374ae2 SelfProtectionKernel // SRC=DispatchIOCTL.c MJ= MN=
#typev dispatchioctl_c910 42 "%0Error!! The process is already in isolation list. PID:%10!p!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=AddProcessToIsolationList
{
_ulPID, ItemPtr -- 10
}
#typev dispatchioctl_c908 41 "%0Error!! The process is already in isolation list. PID:%10!p!, Path:%11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=AddProcessToIsolationList
{
_ulPID, ItemPtr -- 10
_psPath->Path, ItemWString -- 11
}
#typev dispatchioctl_c901 40 "%0Error!! Can not allocate %10!d! bytes" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=AddProcessToIsolationList
{
sizeof(S_IG2PROT_ISOLATED_PROCESS), ItemLong -- 10
}
#typev dispatchioctl_c895 39 "%0New process added to isolation list. PID:%10!p!n" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGIOCTL FUNC=AddProcessToIsolationList
{
_ulPID, ItemPtr -- 10
}
#typev dispatchioctl_c892 38 "%0New process added to isolation list. PID:%10!p!, Path:%11!s!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGIOCTL FUNC=AddProcessToIsolationList
{
_ulPID, ItemPtr -- 10
_psPath->Path, ItemWString -- 11
}
#typev dispatchioctl_c874 37 "%0Error!! Initializing dual path for "%10!s!"" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=AddProcessToIsolationList
{
_psPath->Path, ItemWString -- 10
}
#typev dispatchioctl_c844 36 "%0Error!! Passed process path string is corrupted. Passed Len:%10!d!, Transformed Len:%11!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=AddProcessToIsolationList
{
_psPath->ulLength, ItemLong -- 10
usrtFullPath.Length, ItemLong -- 11
}
#typev dispatchioctl_c834 35 "%0Error!! Parameter 3(PS_IG2PROT_ISOLATED_PROCESS_LIST) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=AddProcessToIsolationList
{
}
#typev dispatchioctl_c463 22 "%0Error!! IG2PROT_IOCTL_FS_COUNT_EXCLUDED_PATH-> Output buffer too small. Size:%10!d!, Required:%11!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
_psIOBuffer->ulOutSize, ItemLong -- 10
sizeof(S_IG2PROT_IOCTL_LIST_COUNT), ItemLong -- 11
}
#typev dispatchioctl_c508 24 "%0Error!! IG2PROT_IOCTL_FS_GET_EXCLUDED_PATH-> Can not get the entry %10!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
usIndex, ItemLong -- 10
}
#typev dispatchioctl_c494 23 "%0Error!! IG2PROT_IOCTL_FS_GET_EXCLUDED_PATH-> Output buffer too small. Size:%10!d!, Required:%11!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
_psIOBuffer->ulOutSize, ItemLong -- 10
sizeof(S_IG2PROT_IOCTL_REQ_FS_EXCLUDED_PATH), ItemLong -- 11
}
#typev dispatchioctl_c580 25 "%0Error!! IG2PROT_IOCTL_PROCS_COUNT_EXCLUSIONS-> Output buffer too small. Size:%10!d!, Required:%11!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
_psIOBuffer->ulOutSize, ItemLong -- 10
sizeof(S_IG2PROT_IOCTL_LIST_COUNT), ItemLong -- 11
}
#typev dispatchioctl_c625 27 "%0Error!! IG2PROT_IOCTL_PROCS_GET_EXCLUSION-> Can not get the entry %10!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
usIndex, ItemLong -- 10
}
#typev dispatchioctl_c611 26 "%0Error!! IG2PROT_IOCTL_PROCS_GET_EXCLUSION-> Output buffer too small. Size:%10!d!, Required:%11!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
_psIOBuffer->ulOutSize, ItemLong -- 10
sizeof(PS_IG2PROT_IOCTL_REQ_PROCS_EXCLUSION), ItemLong -- 11
}
#typev dispatchioctl_c680 28 "%0Error!! Invalid IOCTL Code received: %10!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
_ulIOCode, ItemLong -- 10
}
#typev dispatchioctl_c333 19 "%0Error!! IG2PROT_IOCTL_ISOLATE_PROCESS_LIST_GET_COUNT-> Output buffer too small. Size:%10!d!, Required:%11!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
_psIOBuffer->ulOutSize, ItemLong -- 10
sizeof(S_IG2PROT_IOCTL_LIST_COUNT), ItemLong -- 11
}
#typev dispatchioctl_c377 21 "%0Error!! IG2PROT_IOCTL_ISOLATE_PROCESS_LIST_GET_ENTRY-> Can not get the entry %10!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
usIndex, ItemLong -- 10
}
#typev dispatchioctl_c363 20 "%0Error!! IG2PROT_IOCTL_ISOLATE_PROCESS_LIST_GET_ENTRY-> Output buffer too small. Size:%10!d!, Required:%11!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
_psIOBuffer->ulOutSize, ItemLong -- 10
sizeof(S_IG2PROT_IOCTL_REQ_ISOLATE_PROCESS), ItemLong -- 11
}
#typev dispatchioctl_c269 18 "%0Error!! IG2PROT_IOCTL_STATE_GET_OBJ-> Output buffer too small. Size:%10!d!, Required:%11!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
_psIOBuffer->ulOutSize, ItemLong -- 10
sizeof(S_IG2PROT_STATE), ItemLong -- 11
}
#typev dispatchioctl_c172 13 "%0Error!! IG2PROT_IOCTL_STATE_GET_ALL-> Output buffer too small. Size:%10!d!, Required:%11!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
_psIOBuffer->ulOutSize, ItemLong -- 10
sizeof(S_IG2PROT_ALL_STATES), ItemLong -- 11
}
#typev dispatchioctl_c201 14 "%0Error!! IG2PROT_IOCTL_STATE_GET_PROC-> Output buffer too small. Size:%10!d!, Required:%11!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
_psIOBuffer->ulOutSize, ItemLong -- 10
sizeof(S_IG2PROT_STATE), ItemLong -- 11
}
#typev dispatchioctl_c218 15 "%0Error!! IG2PROT_IOCTL_STATE_GET_REG-> Output buffer too small. Size:%10!d!, Required:%11!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
_psIOBuffer->ulOutSize, ItemLong -- 10
sizeof(S_IG2PROT_STATE), ItemLong -- 11
}
#typev dispatchioctl_c235 16 "%0Error!! IG2PROT_IOCTL_STATE_GET_FS-> Output buffer too small. Size:%10!d!, Required:%11!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
_psIOBuffer->ulOutSize, ItemLong -- 10
sizeof(S_IG2PROT_STATE), ItemLong -- 11
}
#typev dispatchioctl_c252 17 "%0Error!! IG2PROT_IOCTL_STATE_GET_NET-> Output buffer too small. Size:%10!d!, Required:%11!d!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
_psIOBuffer->ulOutSize, ItemLong -- 10
sizeof(S_IG2PROT_STATE), ItemLong -- 11
}
#typev dispatchioctl_c74 12 "%0Error!! Parameter 4(_pulDataWritten) can not be null" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
}
#typev dispatchioctl_c68 11 "%0Error!! Parameter 3(PS_IG2PROT_DATA) can not be null" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
}
#typev dispatchioctl_c62 10 "%0Error!! Parameter 2(PS_IG2PROT_IO_BUFFER) can not be null" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_IGIOCTL FUNC=DIOCTL_Manage
{
}
#typev dispatchioctl_c808 34 "%0Error!! Entry %10!d! not found in isolation list." // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=RemoveEntryFromIsolationList
{
_ulEntryIndex, ItemLong -- 10
}
#typev dispatchioctl_c790 33 "%0Error!! Parameter 1(_ulEntryIndex) is out of range" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=RemoveEntryFromIsolationList
{
}
#typev dispatchioctl_c783 32 "%0Error!! Parameter 2(PS_IG2PROT_ISOLATED_PROCESS_LIST) can not be null" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=RemoveEntryFromIsolationList
{
}
#typev dispatchioctl_c763 31 "%0Validation Error!! Invalid IOCTL code. IOCTL code:0x%10!X!, Encapsulated IOCTL code:0x%11!X!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=ValidateComplexIOCTL
{
_ulIOCTLCode, ItemLong -- 10
_psMsg->IOCTLCode, ItemLong -- 11
}
#typev dispatchioctl_c756 30 "%0Validation Error!! IOCTL(0x%10!X!) has invalid checksum. Passed CRCR32 code:0x%11!X!, Computed CRC32: 0x%12!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_IGIOCTL FUNC=ValidateComplexIOCTL
{
_psMsg->IOCTLCode, ItemLong -- 10
_psMsg->ul32CRC, ItemLong -- 11
ulCRC, ItemLong -- 12
}
#typev dispatchioctl_c750 29 "%0Validation OK!! IOCTL Code:0x%10!X!, CRC32:0x%11!X!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_IGIOCTL FUNC=ValidateComplexIOCTL
{
_psMsg->IOCTLCode, ItemLong -- 10
_psMsg->ul32CRC, ItemLong -- 11
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
3e1d51bc-6e70-3287-f38b-cf85ef74c68c mbcommonkernel // SRC=FileVerify.cpp MJ= MN=
#typev fileverify_cpp2087 81 "%0Error getting memory at line %10!u!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=EnumerateCerts
{
__LINE__, ItemLong -- 10
}
#typev fileverify_cpp2037 79 "%0Failed to open registry certificate store %10!s! 0x%11!x!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=EnumerateStores
{
&name, ItemPWString -- 10
status, ItemLong -- 11
}
#typev fileverify_cpp2040 80 "%0Checking store: %10!s! %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_REGCERT FUNC=EnumerateStores
{
Path.ObjectName, ItemPWString -- 10
&name, ItemPWString -- 11
}
#typev fileverify_cpp2015 78 "%0Error opening registry path %10!s! - 0x%11!x!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=EnumerateStores
{
Path.ObjectName, ItemPWString -- 10
status, ItemLong -- 11
}
#typev fileverify_cpp2006 77 "%0Error getting memory at line %10!u!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=EnumerateStores
{
__LINE__, ItemLong -- 10
}
#typev fileverify_cpp4637 138 "%0Allocate return Certificate %10!p!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTMEM FUNC=FetchCertificateInfo
{
pNew, ItemPtr -- 10
}
#typev fileverify_cpp4576 137 "%0Certificate exception %10!u!, %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_SIGNATURE FUNC=FetchCertificateInfo
{
__LINE__, ItemLong -- 10
FileName == NULL ? L'??' : FileName, ItemWString -- 11
}
#typev fileverify_cpp4351 129 "%0Parameter Error - must pass trusted boolean- %10!x!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=FetchCertificateInfo
{
status, ItemLong -- 10
}
#typev fileverify_cpp4358 130 "%0Parameter Error - %10!x!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=FetchCertificateInfo
{
status, ItemLong -- 10
}
#typev fileverify_cpp4392 131 "%0Certificate did not start with sequence %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=FetchCertificateInfo
{
__LINE__, ItemLong -- 10
FileName == NULL ? L'??' : FileName, ItemWString -- 11
}
#typev fileverify_cpp4562 135 "%0Certificate is not ASN 7. %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=FetchCertificateInfo
{
__LINE__, ItemLong -- 10
parser.FileName == NULL ? L'??' : parser.FileName, ItemWString -- 11
}
#typev fileverify_cpp4456 132 "%0Certificate did not start with Optional. %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=FetchCertificateInfo
{
__LINE__, ItemLong -- 10
FileName == NULL ? L'??' : FileName, ItemWString -- 11
}
#typev fileverify_cpp4555 134 "%0Certificate parsing error%10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=FetchCertificateInfo
{
__LINE__, ItemLong -- 10
parser.FileName == NULL ? L'??' : parser.FileName, ItemWString -- 11
}
#typev fileverify_cpp4548 133 "%0Certificate parsing error %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=FetchCertificateInfo
{
__LINE__, ItemLong -- 10
parser.FileName == NULL ? L'??' : parser.FileName, ItemWString -- 11
}
#typev fileverify_cpp4323 128 "%0Allocate mbSigner Certificate %10!p!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTMEM FUNC=FetchCertificateInfo
{
mbSigner, ItemPtr -- 10
}
#typev fileverify_cpp4303 127 "%0Allocate Signer Certificate %10!p!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTMEM FUNC=FetchCertificateInfo
{
*SignerInfo, ItemPtr -- 10
}
#typev fileverify_cpp2361 93 "%0Checking %10!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_REGCERT FUNC=FindCert
{
&name, ItemPWString -- 10
}
#typev fileverify_cpp2346 92 "%0Failed to open %10!s! - %11!x!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=FindCert
{
CertPath, ItemWString -- 10
status, ItemLong -- 11
}
#typev fileverify_cpp2335 91 "%0Failed to allocate memory at line %10!u!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=FindCert
{
__LINE__, ItemLong -- 10
}
#typev fileverify_cpp2296 90 "%0Exception in VerifyCertData - %10!x!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_SIGNATURE FUNC=FindCertBy
{
status, ItemLong -- 10
}
#typev fileverify_cpp2259 89 "%0Found Cert by serial!!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_REGCERT FUNC=FindCertBy
{
}
#typev fileverify_cpp2246 88 "%0Found Intermediate Cert!!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_REGCERT FUNC=FindCertBy
{
}
#typev fileverify_cpp2194 84 "%0Parser error in registry certificate - %10!s!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_SIGNATURE FUNC=FindCertBy
{
KeyName, ItemPWString -- 10
}
#typev fileverify_cpp2234 87 "%0Found Cert!!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_REGCERT FUNC=FindCertBy
{
}
#typev fileverify_cpp2225 86 "%0Parser returns %10!x!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=FindCertBy
{
status, ItemLong -- 10
}
#typev fileverify_cpp2214 85 "%0Allocate search Certificate %10!p!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTMEM FUNC=FindCertBy
{
pSignerCert, ItemPtr -- 10
}
#typev fileverify_cpp2167 83 "%0Failed to open registry key %10!s! - 0x%11!x!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=FindCertBy
{
KeyName, ItemPWString -- 10
status, ItemLong -- 11
}
#typev fileverify_cpp2159 82 "%0Error getting memory at line %10!u!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=FindCertBy
{
__LINE__, ItemLong -- 10
}
#typev fileverify_cpp1910 76 "%0FindCertInStore: Certificate %10!p!, Store %11!u! Attribute %12!u!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_REGCERT FUNC=FindCertInStore
{
pCert, ItemPtr -- 10
Store, ItemLong -- 11
Attribute, ItemLong -- 12
}
#typev fileverify_cpp4196 126 "%0ConnectWise certificate is trusted!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_CERTIFICATE FUNC=FindSigner
{
}
#typev fileverify_cpp4190 125 "%0Kaseya certificate is trusted!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_CERTIFICATE FUNC=FindSigner
{
}
#typev fileverify_cpp1083 55 "%0Cert32 is beyond end of file" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetCertFromImageHeader32
{
}
#typev fileverify_cpp1071 54 "%0Header32 signature is incorrect" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetCertFromImageHeader32
{
}
#typev fileverify_cpp5413 156 "%0Certificate did not start with ASN_OPTIONAL %10!u!, %11!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseAsn
{
__LINE__, ItemLong -- 10
pParser->FileName == NULL ? L'??' : pParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp5385 154 "%0Certificate bad tag size %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseAsn
{
__LINE__, ItemLong -- 10
pParser->FileName == NULL ? L'??' : pParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp5344 153 "%0Certificate parsing error %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseAsn
{
__LINE__, ItemLong -- 10
pParser->FileName == NULL ? L'??' : pParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp5334 152 "%0Certificate recursion error %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseAsn
{
__LINE__, ItemLong -- 10
pParser->FileName == NULL ? L'??' : pParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp5294 151 "%0Certificate parsing error %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseAsn
{
__LINE__, ItemLong -- 10
pParser->FileName == NULL ? L'??' : pParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp5206 149 "%0Certificate stack overflow! %10!u!, %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseAsn
{
__LINE__, ItemLong -- 10
pParser->FileName == NULL ? L'??' : pParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp5199 148 "%0Not enough stack remaining - %10!u!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseAsn
{
(unsigned int) IoGetRemainingStackSize(), ItemLong -- 10
}
#typev fileverify_cpp6509 173 "%0Certificate certinfo parser error. %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForCertificateInfo
{
__LINE__, ItemLong -- 10
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp6490 172 "%0New Certificate %10!p!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTMEM FUNC=ParseForCertificateInfo
{
PParser->CurrentSignerCert->Next, ItemPtr -- 10
}
#typev fileverify_cpp6484 171 "%0Certificate certinfo memory error. %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForCertificateInfo
{
__LINE__, ItemLong -- 10
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp6618 174 "%0Certificate %10!p! Public Key Size = %11!u!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTIFICATE FUNC=ParseForCertificateInfo
{
PParser->CurrentSignerCert, ItemPtr -- 10
ObjSize - 1, ItemLong -- 11
}
#typev fileverify_cpp6803 183 "%0Certificate %10!p! Issuer Name: %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTIFICATE FUNC=ParseForCertificateInfo
{
PParser->CurrentSignerCert, ItemPtr -- 10
(char *)PParser->CurrentSignerCert->Issuer.Name, ItemString -- 11
}
#typev fileverify_cpp6797 182 "%0Certificate %10!p! Subject Name: %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTIFICATE FUNC=ParseForCertificateInfo
{
PParser->CurrentSignerCert, ItemPtr -- 10
(char *) PParser->CurrentSignerCert->Subject.Name, ItemString -- 11
}
#typev fileverify_cpp6755 181 "%0Certificate certinfo %10!p! ends. %11!u!, %12!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForCertificateInfo
{
PParser->CurrentSignerCert, ItemPtr -- 10
__LINE__, ItemLong -- 11
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 12
}
#typev fileverify_cpp6743 180 "%0Certificate certinfo %10!p! hash error. %11!u!, %12!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForCertificateInfo
{
PParser->CurrentSignerCert, ItemPtr -- 10
__LINE__, ItemLong -- 11
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 12
}
#typev fileverify_cpp6722 179 "%0Certificate %10!p! certinfo hash error. %11!u!, %12!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForCertificateInfo
{
PParser->CurrentSignerCert, ItemPtr -- 10
__LINE__, ItemLong -- 11
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 12
}
#typev fileverify_cpp6703 178 "%0Certificate %10!p! certinfo hash error. %11!u!, %12!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForCertificateInfo
{
PParser->CurrentSignerCert, ItemPtr -- 10
__LINE__, ItemLong -- 11
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 12
}
#typev fileverify_cpp6684 177 "%0Certificate %10!p! certinfo hash error. %11!u!, %12!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForCertificateInfo
{
PParser->CurrentSignerCert, ItemPtr -- 10
__LINE__, ItemLong -- 11
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 12
}
#typev fileverify_cpp6665 176 "%0Certificate %10!p! certinfo hash error. %11!u!, %12!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForCertificateInfo
{
PParser->CurrentSignerCert, ItemPtr -- 10
__LINE__, ItemLong -- 11
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 12
}
#typev fileverify_cpp6646 175 "%0Certificate %10!p! certinfo hash error. %11!u!, %12!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForCertificateInfo
{
PParser->CurrentSignerCert, ItemPtr -- 10
__LINE__, ItemLong -- 11
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 12
}
#typev fileverify_cpp6948 187 "%0Certificate %10!p! UTC time 2" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTIFICATE FUNC=ParseForCertificateInfo
{
PParser->CurrentSignerCert, ItemPtr -- 10
}
#typev fileverify_cpp6942 186 "%0Certificate %10!p! UTC time 1" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTIFICATE FUNC=ParseForCertificateInfo
{
PParser->CurrentSignerCert, ItemPtr -- 10
}
#typev fileverify_cpp6931 185 "%0Certificate %10!p! Generalized time 2" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTIFICATE FUNC=ParseForCertificateInfo
{
PParser->CurrentSignerCert, ItemPtr -- 10
}
#typev fileverify_cpp6925 184 "%0Certificate %10!p! Generalized time 1" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTIFICATE FUNC=ParseForCertificateInfo
{
PParser->CurrentSignerCert, ItemPtr -- 10
}
#typev fileverify_cpp6366 168 "%0Certificate counter signature error. %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForCounterSignature
{
__LINE__, ItemLong -- 10
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp6356 167 "%0Certificate counter signature hash error. %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForCounterSignature
{
__LINE__, ItemLong -- 10
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp6386 169 "%0Certificate counter signature parsing error. %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForCounterSignature
{
__LINE__, ItemLong -- 10
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp5463 157 "%0Certificate Indirect data version error %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForIndirectData
{
__LINE__, ItemLong -- 10
PParser->FileName = NULL ? L'??' : PParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp5657 161 "%0Certificate Indirect hash mismatch. %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForIndirectData
{
__LINE__, ItemLong -- 10
PParser->FileName== NULL ? L'??' : PParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp5638 160 "%0Certificate Indirect parsing error %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForIndirectData
{
__LINE__, ItemLong -- 10
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp5628 159 "%0Certificate Indirect data hash error %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForIndirectData
{
__LINE__, ItemLong -- 10
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp5586 158 "%0Certificate Indirect data hash error %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForIndirectData
{
__LINE__, ItemLong -- 10
PParser->FileName == NULL ?L'??' : PParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp6115 163 "%0Certificate Indirect data did not verify %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForSignerInfo
{
__LINE__, ItemLong -- 10
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp6120 164 "%0Unexpected SIGN_SIZE_ value %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForSignerInfo
{
__LINE__, ItemLong -- 10
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp6072 162 "%0Certificate Indirect Hash mismatch. %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForSignerInfo
{
__LINE__, ItemLong -- 10
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp6170 166 "%0Certificate Indirect memory error. %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForSignerInfo
{
__LINE__, ItemLong -- 10
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp6157 165 "%0Certificate Indirect data hash error %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=ParseForSignerInfo
{
__LINE__, ItemLong -- 10
PParser->FileName == NULL ? L'??' : PParser->FileName, ItemWString -- 11
}
#typev fileverify_cpp2550 101 "%0Found registry cert %10!p!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_REGCERT FUNC=SearchForCert
{
pSignerCert, ItemPtr -- 10
}
#typev fileverify_cpp2517 100 "%0Parser returns %10!x!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=SearchForCert
{
status, ItemLong -- 10
}
#typev fileverify_cpp2506 99 "%0Allocate search Certificate %10!p!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTMEM FUNC=SearchForCert
{
pSignerCert, ItemPtr -- 10
}
#typev fileverify_cpp2485 98 "%0Parser error in registry certificate %10!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=SearchForCert
{
KeyName, ItemPWString -- 10
}
#typev fileverify_cpp2460 97 "%0Failed to allocate memory at line %10!u!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=SearchForCert
{
__LINE__, ItemLong -- 10
}
#typev fileverify_cpp2446 96 "%0Failed to open %10!s! - %11!x!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=SearchForCert
{
KeyName, ItemPWString -- 10
status, ItemLong -- 11
}
#typev fileverify_cpp2438 95 "%0Error allocating memory" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=SearchForCert
{
}
#typev fileverify_cpp2862 103 "%0Issuer: %10!s! Subject: %11!s! Next = %12!p! Flags = %13!x! %14!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTIFICATE FUNC=VerifyAuthority
{
(char *)pSign->Issuer.Name, ItemString -- 10
(char *)pSign->Subject.Name, ItemString -- 11
pRet, ItemPtr -- 12
pSign->Flags, ItemLong -- 13
pSign->Signer ? 'Signer' : '', ItemString -- 14
}
#typev fileverify_cpp3659 124 "%0Allocate Return Certificate %10!p!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTMEM FUNC=VerifyCertData
{
pNew, ItemPtr -- 10
}
#typev fileverify_cpp3598 123 "%0Certificate exception %10!u!, %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyCertData
{
__LINE__, ItemLong -- 10
FileName == NULL ? L'??' : FileName, ItemWString -- 11
}
#typev fileverify_cpp3034 107 "%0Parameter Error - must pass trusted boolean- %10!x!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyCertData
{
status, ItemLong -- 10
}
#typev fileverify_cpp3041 108 "%0Parameter Error - %10!x!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyCertData
{
status, ItemLong -- 10
}
#typev fileverify_cpp3076 109 "%0Certificate did not start with sequence (%10!u! %11!s!)" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyCertData
{
__LINE__, ItemLong -- 10
FileName == NULL ? L'???' : FileName, ItemWString -- 11
}
#typev fileverify_cpp3584 121 "%0Certificate is not asn7. %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyCertData
{
__LINE__, ItemLong -- 10
parser.FileName == NULL ? L'??' : parser.FileName, ItemWString -- 11
}
#typev fileverify_cpp3139 110 "%0Certificate did not start with ASN_OPTIONAL %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyCertData
{
__LINE__, ItemLong -- 10
FileName == NULL ? L'??' : FileName, ItemWString -- 11
}
#typev fileverify_cpp3577 120 "%0Certificate parsing error %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyCertData
{
__LINE__, ItemLong -- 10
parser.FileName == NULL ? L'??' : parser.FileName, ItemWString -- 11
}
#typev fileverify_cpp3570 119 "%0Certificate indirect data error %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyCertData
{
__LINE__, ItemLong -- 10
parser.FileName == NULL ? L'??' : parser.FileName, ItemWString -- 11
}
#typev fileverify_cpp3563 118 "%0Certificate parsing error. %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyCertData
{
__LINE__, ItemLong -- 10
parser.FileName == NULL ? L'??' : parser.FileName, ItemWString -- 11
}
#typev fileverify_cpp3553 117 "%0Test sign cert is not trusted %10!u!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyCertData
{
nCerts, ItemLong -- 10
}
#typev fileverify_cpp3545 116 "%0Test sign check Cert %10!u! - %11!x! %12!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyCertData
{
nCerts, ItemLong -- 10
pCert->Flags, ItemLong -- 11
(char *) pCert->Subject.Name, ItemString -- 12
}
#typev fileverify_cpp3497 114 "%0Certificate is expired or not issued yet %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyCertData
{
__LINE__, ItemLong -- 10
parser.FileName == NULL ? L'??' : parser.FileName, ItemWString -- 11
}
#typev fileverify_cpp3513 115 "%0Certificate expired lifetime. %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyCertData
{
__LINE__, ItemLong -- 10
parser.FileName == NULL ? L'' : parser.FileName, ItemWString -- 11
}
#typev fileverify_cpp3483 113 "%0Certificate was not signed within valid certificate period. %10!u!, %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyCertData
{
__LINE__, ItemLong -- 10
parser.FileName == NULL ? L'??' : parser.FileName, ItemWString -- 11
}
#typev fileverify_cpp3343 112 "%0Certificate was on the untrusted list! (%10!u! %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyCertData
{
__LINE__, ItemLong -- 10
parser.FileName == NULL ? L'' : parser.FileName, ItemWString -- 11
}
#typev fileverify_cpp3314 111 "%0Certificate Has other EKU's with code signer EKU %10!u! %11!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyCertData
{
__LINE__, ItemLong -- 10
parser.FileName == NULL ? L'' : parser.FileName, ItemWString -- 11
}
#typev fileverify_cpp3006 106 "%0Allocate mbSigner Certificate %10!p!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTMEM FUNC=VerifyCertData
{
mbSigner, ItemPtr -- 10
}
#typev fileverify_cpp2987 105 "%0Allocate Signer Certificate %10!p!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTMEM FUNC=VerifyCertData
{
*SignerInfo, ItemPtr -- 10
}
#typev fileverify_cpp2393 94 "%0Checking trust for Certificate %10!p!" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyCertTrusted
{
pCert, ItemPtr -- 10
}
#typev fileverify_cpp4789 139 "%0Free Certificate %10!p!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTMEM FUNC=FreeCertificates
{
pCert, ItemPtr -- 10
}
#typev fileverify_cpp933 49 "%0 Exception in VerifyBuffer - %10!x! - %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyBuffer
{
status, ItemLong -- 10
Filename != NULL ? Filename : L'???', ItemWString -- 11
}
#typev fileverify_cpp887 47 "%0The Certificate is not there! - %10!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyBuffer
{
Filename != NULL ? Filename : L'???', ItemWString -- 10
}
#typev fileverify_cpp872 46 "%0No NT Header" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyBuffer
{
}
#typev fileverify_cpp863 45 "%0Not a 64 bit header" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyBuffer
{
}
#typev fileverify_cpp855 44 "%0Not A Valid Dos Stub - %10!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyBuffer
{
Filename != NULL ? Filename : L'???', ItemWString -- 10
}
#typev fileverify_cpp644 43 "%0Verified MBAM signature on %10!s!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyFile
{
fileName == NULL ? L'??' : fileName, ItemWString -- 10
}
#typev fileverify_cpp638 42 "%0FO %10!p! failed verification - %11!x!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyFile
{
pFileObj, ItemPtr -- 10
status, ItemLong -- 11
}
#typev fileverify_cpp634 41 "%0FO %10!p! failed verification - %11!x!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyFile
{
pFileObj, ItemPtr -- 10
status, ItemLong -- 11
}
#typev fileverify_cpp625 40 "%0%10!s! failed verification - %11!x!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyFile
{
fName, ItemPWString -- 10
status, ItemLong -- 11
}
#typev fileverify_cpp621 39 "%0%10!s! failed verification - %11!x!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyFile
{
fName, ItemPWString -- 10
status, ItemLong -- 11
}
#typev fileverify_cpp579 34 "%0**** Failed to map %10!x! %11!I64u! bytes of memory to read the file FO %12!p!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyFile
{
status, ItemLong -- 10
fInfo.EndOfFile.LowPart, ItemULongLong -- 11
pFileObj, ItemPtr -- 12
}
#typev fileverify_cpp575 33 "%0**** Failed to map %10!x! %11!I64u! bytes of memory to read %12!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyFile
{
status, ItemLong -- 10
fInfo.EndOfFile.LowPart, ItemULongLong -- 11
fName, ItemPWString -- 12
}
#typev fileverify_cpp545 32 "%0**** File is too large!! - %10!I64u! FO %11!p!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyFile
{
fInfo.EndOfFile.QuadPart, ItemULongLong -- 10
pFileObj, ItemPtr -- 11
}
#typev fileverify_cpp541 31 "%0**** File is too large!! - %10!I64u! %11!s!" // LEVEL=MBLogLevelError FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyFile
{
fInfo.EndOfFile.QuadPart, ItemULongLong -- 10
fName, ItemPWString -- 11
}
#typev fileverify_cpp532 30 "%0**** Error 0x%10!x! returned by ZwQueryInformationFile FO = %11!p!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyFile
{
status, ItemLong -- 10
pFileObj, ItemPtr -- 11
}
#typev fileverify_cpp528 29 "%0**** Error 0x%10!x! returned by ZwQueryInformationFile %11!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyFile
{
status, ItemLong -- 10
fName, ItemPWString -- 11
}
#typev fileverify_cpp518 28 "%0**** Error 0x%10!x! returned by ZwCreateFile FileObj %11!p!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyFile
{
status, ItemLong -- 10
pFileObj, ItemPtr -- 11
}
#typev fileverify_cpp514 27 "%0**** Error 0x%10!x! returned by ZwCreateFile %11!s!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyFile
{
status, ItemLong -- 10
fName, ItemPWString -- 11
}
#typev fileverify_cpp502 26 "%0VerifyFile attempting to open file object" // LEVEL=MBLogLevelInfo FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyFile
{
}
#typev fileverify_cpp495 25 "%0VerifyFile attempting to open %10!s!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyFile
{
fName, ItemPWString -- 10
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
226f22ed-d971-3079-721f-f5d0f00980db mbcommonkernel // SRC=SigCert.cpp MJ= MN=
#typev sigcert_cpp47 10 "%0%10!s! %11!s! %12!p!: %13!s!" // LEVEL=MBLogLevelTrace FLAGS=TRACE_FLAG_CERTIFICATE FUNC=DumpStrings
{
Type, ItemWString -- 10
Header, ItemString -- 11
PCERT, ItemPtr -- 12
(char *)ptr, ItemString -- 13
}
// PDB: d:\jenkins\workspace\N_SelfProtection_Kernel\src\..\bin\x64\Win7_Release\MbamChameleon.pdb
// PDB: Last Updated :2024-07-15:18:58:11:707 (UTC) [tracepdb]
b3fda36b-1cdd-3cd4-101e-0a32853aaf98 mbcommonkernel // SRC=CryptoKernel.cpp MJ= MN=
#typev cryptokernel_cpp814 43 "%0**** Error 0x%10!x! returned by BCryptFinishHash" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash32
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp796 41 "%0Error calculating rest of data!!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash32
{
}
#typev cryptokernel_cpp767 40 "%0**** Error 0x%10!x! returned by BCryptHashData" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash32
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp803 42 "%0**** Error 0x%10!x! returned by BCryptHashData" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash32
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp705 39 "%0**** Error getting memory" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash32
{
}
#typev cryptokernel_cpp683 38 "%0**** Error 0x%10!x! returned by BCryptHashData" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash32
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp657 37 "%0**** Error 0x%10!x! returned by BCryptHashData" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash32
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp641 36 "%0**** Error 0x%10!x! returned by BCryptHashData" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash32
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp623 35 "%0Not A Valid PE Executable" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash32
{
}
#typev cryptokernel_cpp616 34 "%0Not A Valid Dos Stub" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash32
{
}
#typev cryptokernel_cpp607 33 "%0**** Error 0x%10!x! returned by BCryptCreateHash" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash32
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp598 32 "%0**** Invalid hash buffer: %10!p!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash32
{
pbHash, ItemPtr -- 10
}
#typev cryptokernel_cpp591 31 "%0**** Invalid hash size: %10!u!, need %11!u!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash32
{
*cbHash, ItemLong -- 10
rcbHash, ItemLong -- 11
}
#typev cryptokernel_cpp583 30 "%0**** Error 0x%10!x! returned by BCryptGetProperty getting hash length" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash32
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp576 29 "%0**** memory allocation failed" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash32
{
}
#typev cryptokernel_cpp565 28 "%0**** Error 0x%10!x! returned by BCryptGetProperty getting object length" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash32
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp558 27 "%0**** Error 0x%10!x! returned by BCryptOpenAlgorithmProvider - Hash" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash32
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp1163 60 "%0**** Error 0x%10!x! returned by BCryptFinishHash" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash64
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp1145 58 "%0Error calculating rest of data!!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash64
{
}
#typev cryptokernel_cpp1117 57 "%0**** Error 0x%10!x! returned by BCryptHashData" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash64
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp1152 59 "%0**** Error 0x%10!x! returned by BCryptHashData" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash64
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp1055 56 "%0**** Error getting memory" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash64
{
}
#typev cryptokernel_cpp1033 55 "%0**** Error 0x%10!x! returned by BCryptHashData" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash64
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp1006 54 "%0**** Error 0x%10!x! returned by BCryptHashData" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash64
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp990 53 "%0**** Error 0x%10!x! returned by BCryptHashData" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash64
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp972 52 "%0Not A Valid PE Executable" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash64
{
}
#typev cryptokernel_cpp965 51 "%0Not A Valid Dos Stub" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash64
{
}
#typev cryptokernel_cpp956 50 "%0**** Error 0x%10!x! returned by BCryptCreateHash" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash64
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp947 49 "%0**** Invalid hash buffer: %10!p!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash64
{
pbHash, ItemPtr -- 10
}
#typev cryptokernel_cpp940 48 "%0**** Invalid hash size: %10!u!, need %11!u!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash64
{
*cbHash, ItemLong -- 10
rcbHash, ItemLong -- 11
}
#typev cryptokernel_cpp932 47 "%0**** Error 0x%10!x! returned by BCryptGetProperty getting hash length" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash64
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp925 46 "%0**** memory allocation failed" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash64
{
}
#typev cryptokernel_cpp914 45 "%0**** Error 0x%10!x! returned by BCryptGetProperty getting object length" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash64
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp907 44 "%0**** Error 0x%10!x! returned by BCryptOpenAlgorithmProvider - Hash" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=GetFileHash64
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp234 20 "%0Failed to import the public key - 0x%10!x!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_SIGNATURE FUNC=ImportRsaPublicKeyX
{
hr, ItemLong -- 10
}
#typev cryptokernel_cpp230 19 "%0Failed to import the public key - 0x%10!x!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=ImportRsaPublicKeyX
{
hr, ItemLong -- 10
}
#typev cryptokernel_cpp167 17 "%0**** Error 0x%10!x! returned by BCryptHashData" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=MbHashMemory
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp174 18 "%0**** Error 0x%10!x! returned by BCryptFinishHash" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=MbHashMemory
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp159 16 "%0**** Error 0x%10!x! returned by BCryptCreateHash" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=MbHashMemory
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp150 15 "%0**** Invalid hash buffer: %10!p!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=MbHashMemory
{
Hash, ItemPtr -- 10
}
#typev cryptokernel_cpp143 14 "%0**** Invalid hash size: %10!u!, need %11!u!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=MbHashMemory
{
*HashSize, ItemLong -- 10
rcbHash, ItemLong -- 11
}
#typev cryptokernel_cpp135 13 "%0**** Error 0x%10!x! returned by BCryptGetProperty getting hash length" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=MbHashMemory
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp128 12 "%0**** memory allocation failed" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=MbHashMemory
{
}
#typev cryptokernel_cpp118 11 "%0**** Error 0x%10!x! returned by BCryptGetProperty getting object length" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=MbHashMemory
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp111 10 "%0**** Error 0x%10!x! returned by BCryptOpenAlgorithmProvider - Hash" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=MbHashMemory
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp444 26 "%0**** Failed to import public key - 0x%10!x!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyData
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp428 25 "%0Verify signature returns 0x%10!x!" // LEVEL=MBLogLevelDebug FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyData
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp396 24 "%0**** Failed to import public key - 0x%10!x!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyData
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp385 23 "%0**** Error 0x%10!x! returned by BCryptOpenAlgorithmProvider" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyData
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp294 22 "%0****> Failed to import public key - 0x%10!x!" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyTrusted
{
status, ItemLong -- 10
}
#typev cryptokernel_cpp280 21 "%0**** Error 0x%10!x! returned by BCryptOpenAlgorithmProvider" // LEVEL=MBLogLevelWarning FLAGS=TRACE_FLAG_SIGNATURE FUNC=VerifyTrusted
{
status, ItemLong -- 10
}