Summary:


NtCallbackReturn(>)  1 
NtUserCallHwndParam(>)  1 
NtGdiSetupPublicCFONT(>)  3 
NtGdiCreateCompatibleDC(>)  7 

NtConnectPort(>)  1 
NtUserDrawIconEx(>)  1 
NtOpenProcessToken(>)  3 
NtGdiSelectBitmap(>)  7 

NtContinue(>)  1 
NtUserGetCursorFrameInfo(>)  1 
NtQueryDefaultLocale(>)  3 
NtRequestWaitReplyPort(>)  7 

NtCreateEvent(>)  1 
NtUserGetGUIThreadInfo(>)  1 
NtQuerySection(>)  3 
NtUserInternalGetWindowText(>)  7 

NtDuplicateObject(>)  1 
NtUserGetIconSize(>)  1 
NtUserEndPaint(>)  3 
NtGdiDeleteObjectApp(>)  8 

NtFreeVirtualMemory(>)  1 
NtUserGetProcessWindowStation(>)  1 
NtUserGetControlBrush(>)  3 
NtQuerySystemInformation(>)  8 

NtFsControlFile(>)  1 
NtUserModifyUserStartupInfoFlags(>)  1 
NtUserGetObjectInformation(>)  3 
NtUserCreateWindowEx(>)  8 

NtGdiCreateBitmap(>)  1 
NtUserRemoveProp(>)  1 
NtUserSetWindowPos(>)  3 
NtUserWaitMessage(>)  8 

NtGdiExtCreateRegion(>)  1 
NtUserSystemParametersInfo(>)  1 
NtUserThunkedMenuItemInfo(>)  3 
NtQueryInformationToken(>)  9 

NtGdiExtGetObjectW(>)  1 
NtGdiCreatePatternBrushInternal(>)  2 
NtUserCalcMenuBar(>)  4 
NtUserCallMsgFilter(>)  9 

NtGdiGetDCDword(>)  1 
NtGdiCreateSolidBrush(>)  2 
NtUserCallHwndLock(>)  4 
NtUserCallNoParam(>)  9 

NtGdiGetTextExtent(>)  1 
NtGdiGetWidthTable(>)  2 
NtUserFillWindow(>)  4 
NtGdiExtSelectClipRgn(>)  12 

NtGdiInit(>)  1 
NtQueryDefaultUILanguage(>)  2 
NtUserGetAtomName(>)  4 
NtGdiGetRandomRgn(>)  12 

NtGdiOffsetRgn(>)  1 
NtQueryVirtualMemory(>)  2 
NtUserGetClassName(>)  4 
NtQueryAttributesFile(>)  12 

NtGdiQueryFontAssocInfo(>)  1 
NtSetInformationObject(>)  2 
NtUserGetDCEx(>)  4 
NtOpenSection(>)  13 

NtOpenDirectoryObject(>)  1 
NtUnmapViewOfSection(>)  2 
NtUserGetTitleBarInfo(>)  4 
NtQueryValueKey(>)  13 

NtOpenKeyedEvent(>)  1 
NtUserGetForegroundWindow(>)  2 
NtUserQueryWindow(>)  4 
NtUserFindExistingCursorIcon(>)  14 

NtOpenMutant(>)  1 
NtUserGetThreadDesktop(>)  2 
NtUserSetProp(>)  4 
NtUserRegisterClassExWOW(>)  15 

NtOpenSymbolicLinkObject(>)  1 
NtUserSetCursor(>)  2 
NtUserSetWindowFNID(>)  4 
NtGdiIntersectClipRect(>)  16 

NtQueryInstallUILanguage(>)  1 
NtUserSetFocus(>)  2 
NtCreateSection(>)  5 
NtMapViewOfSection(>)  17 

NtQueryObject(>)  1 
NtUserSetWindowRgn(>)  2 
NtGdiGetStockObject(>)  5 
NtGdiDrawStream(>)  18 

NtQueryPerformanceCounter(>)  1 
NtUserShowWindow(>)  2 
NtOpenFile(>)  5 
NtOpenKey(>)  22 

NtQuerySymbolicLinkObject(>)  1 
NtFlushInstructionCache(>)  3 
NtOpenProcessTokenEx(>)  5 
NtUserGetWindowDC(>)  24 

NtQueryVolumeInformationFile(>)  1 
NtGdiBitBlt(>)  3 
NtOpenThreadTokenEx(>)  5 
NtAllocateVirtualMemory(>)  25 

NtRegisterThreadTerminatePort(>)  1 
NtGdiCreateCompatibleBitmap(>)  3 
NtUserGetAncestor(>)  5 
NtUserPeekMessage(>)  26 

NtSecureConnectPort(>)  1 
NtGdiExcludeClipRect(>)  3 
NtUserSetWindowLong(>)  5 
NtUserCallOneParam(>)  29 

NtSetInformationThread(>)  1 
NtGdiGetCharSet(>)  3 
NtGdiCombineRgn(>)  6 
NtClose(>)  44 

NtTestAlert(>)  1 
NtGdiGetTextCharsetInfo(>)  3 
NtGdiCreateRectRgn(>)  6 
NtUserMessageCall(>)  69 

NtUserBuildHwndList(>)  1 
NtGdiGetTextMetricsW(>)  3 
NtProtectVirtualMemory(>)  6 

NtUserCallHwnd(>)  1 
NtGdiHfontCreate(>)  3 

Trace:
 00001   404   NtOpenKey  (0x80000000, {24, 0, 0x40, 0, 0,  (0x80000000, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\packed.exe"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00002   404   NtOpenKeyedEvent  (0x2000000, {24, 0, 0x0, 0, 0,  (0x2000000, {24, 0, 0x0, 0, 0, "\KernelObjects\CritSecOutOfMemoryEvent"}, ... 4, ) }, ... 4, ) == 0x0
 00003   404   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00004   404   NtAllocateVirtualMemory  (-1, 0, 0, 1048576, 8192, 4, ... 1310720, 1048576, ) == 0x0
 00005   404   NtAllocateVirtualMemory  (-1, 1310720, 0, 4096, 4096, 4, ... 1310720, 4096, ) == 0x0
 00006   404   NtAllocateVirtualMemory  (-1, 1314816, 0, 8192, 4096, 4, ... 1314816, 8192, ) == 0x0
 00007   404   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00008   404   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 2359296, 65536, ) == 0x0
 00009   404   NtAllocateVirtualMemory  (-1, 2359296, 0, 24576, 4096, 4, ... 2359296, 24576, ) == 0x0
 00010   404   NtOpenDirectoryObject  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\KnownDlls"}, ... 8, ) }, ... 8, ) == 0x0
 00011   404   NtOpenSymbolicLinkObject  (0x1, {24, 8, 0x40, 0, 0,  (0x1, {24, 8, 0x40, 0, 0, "KnownDllPath"}, ... 12, ) }, ... 12, ) == 0x0
 00012   404   NtQuerySymbolicLinkObject  (12, ...  (12, ... "C:\WINDOWS\system32", 0x0, ) , 0x0, ) == 0x0
 00013   404   NtClose  (12, ... ) == 0x0
 00014   404   NtOpenFile  (0x100020, {24, 0, 0x42, 0, 0,  (0x100020, {24, 0, 0x42, 0, 0, "\??\U:\startupscripts\"}, 3, 33, ... 12, {status=0x0, info=1}, ) }, 3, 33, ... 12, {status=0x0, info=1}, ) == 0x0
 00015   404   NtQueryVolumeInformationFile  (12, 1243848, 8, Device, ... {status=0x0, info=8}, ) == 0x0
 00016   404   NtFsControlFile  (12, 0, 0x0, 0x0, 0x90028, 0x0, 0, 0, ... ) == STATUS_INVALID_PARAMETER
 00017   404   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\packed.exe.Local"}, 1243832, ... ) }, 1243832, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00018   404   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "kernel32.dll"}, ... 16, ) }, ... 16, ) == 0x0
 00019   404   NtMapViewOfSection  (16, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77e60000), 0x0, 937984, ) == 0x0
 00020   404   NtClose  (16, ... ) == 0x0
 00021   404   NtQuerySystemInformation  (RangeStart, 4, ... {system info, class 50, size 4}, 0x0, ) == 0x0
 00022   404   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00023   404   NtCreateSection  (0xf001f, 0x0, {65536, 0}, 4, 67108864, 0, ... 16, ) == 0x0
 00024   404   NtSecureConnectPort  ( ("\Windows\ApiPort", {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1242016, 44, ... 24, {24, 16, 0, 65536, 2424832, 18415616}, {0, 0, 0}, 200, 44, ) , {0, 2, 1, 1}, {24, 16, 0, 65536, 0, 0}, 1319736, {12, 0, 0}, 1242016, 44, ... 24, {24, 16, 0, 65536, 2424832, 18415616}, {0, 0, 0}, 200, 44, ) == 0x0
 00025   404   NtClose  (16, ... ) == 0x0
 00026   404   NtQueryObject  (24, Handle, 2, ... {Inherit=0,ProtectFromClose=0,}, -1, ) == 0x0
 00027   404   NtSetInformationObject  (24, Handle, {Inherit=0,ProtectFromClose=1,}, 256, ... ) == 0x0
 00028   404   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00029   404   NtQueryVirtualMemory  (-1, 0x250000, Basic, 28, ... {BaseAddress=0x250000,AllocationBase=0x250000,AllocationProtect=0x4,RegionSize=0x10000,State=0x2000,Protect=0x0,Type=0x40000,}, 0x0, ) == 0x0
 00030   404   NtAllocateVirtualMemory  (-1, 2424832, 0, 4096, 4096, 4, ... 2424832, 4096, ) == 0x0
 00031   404   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 0, 0, 0, 0}  (24, {28, 56, new_msg, 0, 0, 0, 0, 0} "\210\6\31\1\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\31\1\4\0\0\0" ... {28, 56, reply, 0, 400, 404, 1476, 0} "`\323\26\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\31\1\4\0\0\0" )  ... {28, 56, reply, 0, 400, 404, 1476, 0}  (24, {28, 56, new_msg, 0, 0, 0, 0, 0} "\210\6\31\1\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\31\1\4\0\0\0" ... {28, 56, reply, 0, 400, 404, 1476, 0} "`\323\26\0\0\0\0\0\0\0\0\0\0\0\0\0\1\0\0\0\234\6\31\1\4\0\0\0" )  ) == 0x0
 00032   404   NtRegisterThreadTerminatePort  (24, ... ) == 0x0
 00033   404   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 16, ) }, ... 16, ) == 0x0
 00034   404   NtQueryValueKey  (16,  (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (16, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00035   404   NtClose  (16, ... ) == 0x0
 00036   404   NtAllocateVirtualMemory  (-1, 1232896, 0, 4096, 4096, 260, ... 1232896, 4096, ) == 0x0
 00037   404   NtOpenMutant  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\NlsCacheMutant"}, ... 16, ) }, ... 16, ) == 0x0
 00038   404   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionUnicode"}, ... 28, ) }, ... 28, ) == 0x0
 00039   404   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x260000), 0x0, 90112, ) == 0x0
 00040   404   NtClose  (28, ... ) == 0x0
 00041   404   NtQueryDefaultLocale  (0, 2012046252, ... ) == 0x0
 00042   404   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionLocale"}, ... 28, ) }, ... 28, ) == 0x0
 00043   404   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x280000), 0x0, 212992, ) == 0x0
 00044   404   NtClose  (28, ... ) == 0x0
 00045   404   NtOpenSection  (0x5, {24, 0, 0x40, 0, 0,  (0x5, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey"}, ... 28, ) }, ... 28, ) == 0x0
 00046   404   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x2c0000), 0x0, 266240, ) == 0x0
 00047   404   NtQuerySection  (28, Basic, 16, ... {BaseAddress=0x0,Attributes=0x800000,Size={0x40004, 0x0},}, 0x0, ) == 0x0
 00048   404   NtClose  (28, ... ) == 0x0
 00049   404   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortTbls"}, ... 28, ) }, ... 28, ) == 0x0
 00050   404   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x310000), 0x0, 24576, ) == 0x0
 00051   404   NtClose  (28, ... ) == 0x0
 00052   404   NtQueryVirtualMemory  (-1, 0x7ffd2000, Basic, 28, ... {BaseAddress=0x7ffd2000,AllocationBase=0x7ffb0000,AllocationProtect=0x2,RegionSize=0x2000,State=0x1000,Protect=0x2,Type=0x40000,}, 0x0, ) == 0x0
 00053   404   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00054   404   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionSortkey00000409"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00055   404   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0}  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0} "\210\6\31\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\31\18\6\0\0" ... {28, 56, reply, 0, 400, 404, 1482, 0} "\370\323\26\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\31\18\6\0\0" )  ... {28, 56, reply, 0, 400, 404, 1482, 0}  (24, {28, 56, new_msg, 0, 2012558373, 2012047104, 2013025280, 0} "\210\6\31\1\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\31\18\6\0\0" ... {28, 56, reply, 0, 400, 404, 1482, 0} "\370\323\26\0\0\0\0\0\0\0\0\0\0\0\0\0\2\0\0\0\234\6\31\18\6\0\0" )  ) == 0x0
 00056   404   NtProtectVirtualMemory  (-1, (0x40d000), 40960, 4, ... (0x40d000), 40960, 8, ) == 0x0
 00057   404   NtProtectVirtualMemory  (-1, (0x40d000), 40960, 8, ... (0x40d000), 40960, 8, ) == 0x0
 00058   404   NtFlushInstructionCache  (-1, 4247552, 40960, ... ) == 0x0
 00059   404   NtOpenProcessToken  (-1, 0x8, ... 28, ) == 0x0
 00060   404   NtQueryInformationToken  (28, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00061   404   NtClose  (28, ... ) == 0x0
 00062   404   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 28, ) }, ... 28, ) == 0x0
 00063   404   NtQueryValueKey  (28,  (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00064   404   NtClose  (28, ... ) == 0x0
 00065   404   NtTestAlert  (... ) == 0x0
 00066   404   NtContinue  (1244464, 1, ...
 00067   404   NtSetInformationThread  (-2, Win32StartAddress(LpcReceivedMessageId), {StartAddress(LpcReceivedMsgId)=0x416c5d,}, 4, ... ) == 0x0
 00068   404   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\Session Manager"}, ... 28, ) }, ... 28, ) == 0x0
 00069   404   NtQueryValueKey  (28,  (28, "SafeDllSearchMode", Partial, 16, ... ) , Partial, 16, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00070   404   NtClose  (28, ... ) == 0x0
 00071   404   NtAllocateVirtualMemory  (-1, 1323008, 0, 4096, 4096, 4, ... 1323008, 4096, ) == 0x0
 00072   404   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "USER32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00073   404   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77d40000), 0x0, 577536, ) == 0x0
 00074   404   NtClose  (28, ... ) == 0x0
 00075   404   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "GDI32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00076   404   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77c70000), 0x0, 262144, ) == 0x0
 00077   404   NtClose  (28, ... ) == 0x0
 00078   404   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "ADVAPI32.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00079   404   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77dd0000), 0x0, 569344, ) == 0x0
 00080   404   NtClose  (28, ... ) == 0x0
 00081   404   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "RPCRT4.dll"}, ... 28, ) }, ... 28, ) == 0x0
 00082   404   NtMapViewOfSection  (28, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77cc0000), 0x0, 479232, ) == 0x0
 00083   404   NtClose  (28, ... ) == 0x0
 00084   404   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Terminal Server"}, ... 28, ) }, ... 28, ) == 0x0
 00085   404   NtQueryValueKey  (28,  (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (28, "TSAppCompat", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00086   404   NtQueryValueKey  (28,  (28, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) , Partial, 548, ... TitleIdx=0, Type=4, Data= (28, "TSUserEnabled", Partial, 548, ... TitleIdx=0, Type=4, Data="\0\0\0\0"}, 16, ) }, 16, ) == 0x0
 00087   404   NtClose  (28, ... ) == 0x0
 00088   404   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon"}, ... 28, ) }, ... 28, ) == 0x0
 00089   404   NtQueryValueKey  (28,  (28, "LeakTrack", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00090   404   NtClose  (28, ... ) == 0x0
 00091   404   NtOpenKey  (0x2000000, {24, 0, 0x40, 0, 0,  (0x2000000, {24, 0, 0x40, 0, 0, "\REGISTRY\MACHINE"}, ... 28, ) }, ... 28, ) == 0x0
 00092   404   NtSetInformationObject  (28, Handle, {Inherit=0,ProtectFromClose=1,}, 2011365632, ... ) == 0x0
 00093   404   NtOpenKey  (0x20019, {24, 28, 0x40, 0, 0,  (0x20019, {24, 28, 0x40, 0, 0, "Software\Microsoft\Windows NT\CurrentVersion\Diagnostics"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00094   404   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00095   404   NtRequestWaitReplyPort  (24, {28, 56, new_msg, 0, 2, 2147347448, 1246412, 0}  (24, {28, 56, new_msg, 0, 2, 2147347448, 1246412, 0} "\210\6\31\1\0\0\0\0\314\4\23\0\374\207\16\366\3\0\0\0\234\6\31\1$\1\0\0" ... {28, 56, reply, 0, 400, 404, 1484, 0} "XQ\26\0\0\0\0\0\0\0\0\0\374\207\16\366\3\0\0\0\234\6\31\1$\1\0\0" )  ... {28, 56, reply, 0, 400, 404, 1484, 0}  (24, {28, 56, new_msg, 0, 2, 2147347448, 1246412, 0} "\210\6\31\1\0\0\0\0\314\4\23\0\374\207\16\366\3\0\0\0\234\6\31\1$\1\0\0" ... {28, 56, reply, 0, 400, 404, 1484, 0} "XQ\26\0\0\0\0\0\0\0\0\0\374\207\16\366\3\0\0\0\234\6\31\1$\1\0\0" )  ) == 0x0
 00096   404   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Error Message Instrument\"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00097   404   NtMapViewOfSection  (32, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x420000), 0x0, 1060864, ) == 0x0
 00098   404   NtCreateEvent  (0x1f0003, 0x0, 1, 0, ... 36, ) == 0x0
 00099   404   NtOpenThreadTokenEx  (-2, 0x8, 1, 512, ... ) == STATUS_NO_TOKEN
 00100   404   NtOpenProcessTokenEx  (-1, 0x8, 512, ... -2147482020, ) == 0x0
 00101   404   NtQueryInformationToken  (-2147482020, Statistics, 0, ... ) == STATUS_BUFFER_TOO_SMALL
 00102   404   NtQueryInformationToken  (-2147482020, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00103   404   NtClose  (-2147482020, ... ) == 0x0
 00104   404   NtAllocateVirtualMemory  (-1, 0, 0, 32, 4096, 4, ... 4128768, 4096, ) == 0x0
 00105   404   NtFreeVirtualMemory  (-1, (0x3f0000), 4096, 32768, ... (0x3f0000), 4096, ) == 0x0
 00106   404   NtDuplicateObject  (-1, 40, -1, 0x0, 0, 2, ... 48, ) == 0x0
 00107   404   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Compatibility32"}, ... -2147482020, ) }, ... -2147482020, ) == 0x0
 00108   404   NtQueryValueKey  (-2147482020,  (-2147482020, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00109   404   NtClose  (-2147482020, ... ) == 0x0
 00110   404   NtOpenKey  (0x20019, {24, 0, 0x240, 0, 0,  (0x20019, {24, 0, 0x240, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\IME Compatibility"}, ... -2147482020, ) }, ... -2147482020, ) == 0x0
 00111   404   NtQueryValueKey  (-2147482020,  (-2147482020, "packed", Partial, 172, ... ) , Partial, 172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00112   404   NtClose  (-2147482020, ... ) == 0x0
 00113   404   NtQueryDefaultLocale  (0, -128865780, ... ) == 0x0
 00114   404   NtGdiQueryFontAssocInfo  (0, ... ) == 0x0
 00115   404   NtUserCallNoParam  (24, ... ) == 0x0
 00116   404   NtGdiCreateCompatibleDC  (0, ...
 00117   404   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 4128768, 4096, ) == 0x0
 00116   404   NtGdiCreateCompatibleDC  ... ) == 0x14010317
 00118   404   NtGdiGetStockObject  (0, ... ) == 0x1900010
 00119   404   NtGdiGetStockObject  (4, ... ) == 0x1900011
 00120   404   NtGdiCreateBitmap  (8, 8, 1, 1, 2010393708, ... ) == 0xc0503e1
 00121   404   NtGdiCreateSolidBrush  (0, 0, ...
 00122   404   NtAllocateVirtualMemory  (-1, 0, 0, 4096, 12288, 4, ... 8585216, 4096, ) == 0x0
 00121   404   NtGdiCreateSolidBrush  ... ) == 0xb1003e0
 00123   404   NtGdiGetStockObject  (13, ... ) == 0x18a0021
 00124   404   NtGdiCreateCompatibleDC  (0, ... ) == 0x6f0103e5
 00125   404   NtGdiSelectBitmap  (1862337509, 201655265, ... ) == 0x185000f
 00126   404   NtUserGetThreadDesktop  (404, 0, ... ) == 0x2c
 00127   404   NtOpenKey  (0x20019, {24, 0, 0x40, 0, 0,  (0x20019, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Windows"}, ... 52, ) }, ... 52, ) == 0x0
 00128   404   NtQueryValueKey  (52,  (52, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) , Partial, 64, ... TitleIdx=0, Type=1, Data= (52, "AppInit_DLLs", Partial, 64, ... TitleIdx=0, Type=1, Data="\0\0"}, 14, ) }, 14, ) == 0x0
 00129   404   NtClose  (52, ... ) == 0x0
 00130   404   NtUserFindExistingCursorIcon  (1240900, 1240916, 1241484, ... ) == 0x10011
 00131   404   NtUserRegisterClassExWOW  (1241420, 1241500, 1241484, 1241516, 673, 128, 0, ... ) == 0x810dc017
 00132   404   NtUserFindExistingCursorIcon  (1240900, 1240916, 1241484, ... ) == 0x10011
 00133   404   NtUserRegisterClassExWOW  (1241420, 1241500, 1241484, 1241516, 674, 128, 0, ... ) == 0x810dc01c
 00134   404   NtUserFindExistingCursorIcon  (1240900, 1240916, 1241484, ... ) == 0x10011
 00135   404   NtUserRegisterClassExWOW  (1241420, 1241500, 1241484, 1241516, 675, 128, 0, ... ) == 0x810dc01e
 00136   404   NtUserFindExistingCursorIcon  (1240900, 1240916, 1241484, ... ) == 0x10011
 00137   404   NtUserRegisterClassExWOW  (1241420, 1241500, 1241484, 1241516, 676, 128, 0, ... ) == 0x810d8002
 00138   404   NtUserFindExistingCursorIcon  (1240900, 1240916, 1241484, ... ) == 0x10013
 00139   404   NtUserRegisterClassExWOW  (1241420, 1241500, 1241484, 1241516, 677, 128, 0, ... ) == 0x810dc018
 00140   404   NtUserFindExistingCursorIcon  (1240900, 1240916, 1241484, ... ) == 0x10011
 00141   404   NtUserRegisterClassExWOW  (1241420, 1241500, 1241484, 1241516, 678, 128, 0, ... ) == 0x810dc01a
 00142   404   NtUserFindExistingCursorIcon  (1240900, 1240916, 1241484, ... ) == 0x10011
 00143   404   NtUserRegisterClassExWOW  (1241420, 1241500, 1241484, 1241516, 679, 128, 0, ... ) == 0x810dc01d
 00144   404   NtUserFindExistingCursorIcon  (1240900, 1240916, 1241484, ... ) == 0x10011
 00145   404   NtUserRegisterClassExWOW  (1241420, 1241500, 1241484, 1241516, 681, 128, 0, ...
 00146   404   NtAllocateVirtualMemory  (-1, 5533696, 0, 4096, 4096, 32, ... 5533696, 4096, ) == 0x0
 00145   404   NtUserRegisterClassExWOW  ... ) == 0x810dc026
 00147   404   NtUserFindExistingCursorIcon  (1240900, 1240916, 1241484, ... ) == 0x10011
 00148   404   NtUserRegisterClassExWOW  (1241420, 1241500, 1241484, 1241516, 680, 128, 0, ... ) == 0x810dc019
 00149   404   NtUserRegisterClassExWOW  (1241372, 1241452, 1241436, 1241468, 0, 128, 0, ... ) == 0x810dc020
 00150   404   NtUserRegisterClassExWOW  (1241372, 1241448, 1241464, 1241436, 0, 130, 0, ... ) == 0x810dc022
 00151   404   NtUserRegisterClassExWOW  (1241372, 1241452, 1241436, 1241468, 0, 128, 0, ... ) == 0x810dc023
 00152   404   NtUserRegisterClassExWOW  (1241372, 1241448, 1241464, 1241436, 0, 130, 0, ... ) == 0x810dc024
 00153   404   NtUserRegisterClassExWOW  (1241372, 1241452, 1241436, 1241468, 0, 128, 0, ... ) == 0x810dc025
 00154   404   NtCallbackReturn  (0, 0, 0, ...
 00155   404   NtGdiInit  (... ) == 0x1
 00156   404   NtGdiGetStockObject  (18, ... ) == 0x290001c
 00157   404   NtGdiGetStockObject  (19, ... ) == 0x1b00019
 00158   404   NtOpenSection  (0xe, {24, 8, 0x40, 0, 0,  (0xe, {24, 8, 0x40, 0, 0, "MSVCRT.dll"}, ... 52, ) }, ... 52, ) == 0x0
 00159   404   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x77c10000), 0x0, 339968, ) == 0x0
 00160   404   NtClose  (52, ... ) == 0x0
 00161   404   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00162   404   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 8650752, 65536, ) == 0x0
 00163   404   NtAllocateVirtualMemory  (-1, 8650752, 0, 4096, 4096, 4, ... 8650752, 4096, ) == 0x0
 00164   404   NtAllocateVirtualMemory  (-1, 8654848, 0, 8192, 4096, 4, ... 8654848, 8192, ) == 0x0
 00165   404   NtOpenSection  (0x4, {24, 0, 0x40, 0, 0,  (0x4, {24, 0, 0x40, 0, 0, "\NLS\NlsSectionCType"}, ... 52, ) }, ... 52, ) == 0x0
 00166   404   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 2, 0, 2, ... (0x850000), 0x0, 12288, ) == 0x0
 00167   404   NtClose  (52, ... ) == 0x0
 00168   404   NtAllocateVirtualMemory  (-1, 8663040, 0, 4096, 4096, 4, ... 8663040, 4096, ) == 0x0
 00169   404   NtUserModifyUserStartupInfoFlags  (1, 0, ... ) == 0x810d5640
 00170   404   NtUserGetDCEx  (0, 0, 3, ... ) == 0x1010054
 00171   404   NtGdiSetupPublicCFONT  (16842836, 0, 0, ... ) == 0x100
 00172   404   NtGdiGetTextExtent  (16842836, 1325928, 5, 1242888, 1, ... ) == 0x1
 00173   404   NtUserGetForegroundWindow  (... ) == 0x2005c
 00174   404   NtUserQueryWindow  (131164, 0, ... ) == 0x78
 00175   404   NtUserQueryWindow  (131164, 1, ... ) == 0x7c
 00176   404   NtGdiSetupPublicCFONT  (16842836, 0, 0, ... ) == 0x100
 00177   404   NtGdiGetTextMetricsW  (16842836, 1241808, 68, ... ) == 0x1
 00178   404   NtGdiGetTextCharsetInfo  (16842836, 0, 0, ... ) == 0x0
 00179   404   NtGdiCreateRectRgn  (0, 0, 1, 1, ... ) == 0x140403e6
 00180   404   NtGdiGetRandomRgn  (16842836, 335807462, 1, ... ) == 0x0
 00181   404   NtGdiIntersectClipRect  (16842836, 0, 0, 565, 738, ... ) == 0x3
 00182   404   NtGdiExtSelectClipRgn  (16842836, 0, 5, ... ) == 0x2
 00183   404   NtGdiSetupPublicCFONT  (0, 50987263, 6, ... ) == 0x3
 00184   404   NtGdiGetTextCharsetInfo  (16842836, 0, 0, ... ) == 0x0
 00185   404   NtGdiGetRandomRgn  (16842836, 352584678, 1, ... ) == 0x0
 00186   404   NtGdiIntersectClipRect  (16842836, 0, 0, 147, 738, ... ) == 0x3
 00187   404   NtGdiExtSelectClipRgn  (16842836, 0, 5, ... ) == 0x2
 00188   404   NtUserCallOneParam  (16842836, 56, ... ) == 0x1
 00189   404   NtAllocateVirtualMemory  (-1, 1327104, 0, 4096, 4096, 4, ... 1327104, 4096, ) == 0x0
 00190   404   NtUserFindExistingCursorIcon  (1241676, 1241692, 1242260, ... ) == 0x10011
 00191   404   NtUserSetCursor  (65553, ... ) == 0x10015
 00192   404   NtUserCallOneParam  (1, 49, ... ) == 0x1
 00193   404   NtUserFindExistingCursorIcon  (1241628, 1241644, 1242212, ... ) == 0x10015
 00194   404   NtUserSetCursor  (65557, ... ) == 0x10011
 00195   404   NtGdiCreateCompatibleDC  (0, ... ) == 0x60103e4
 00196   404   NtGdiExtGetObjectW  (50987263, 92, 1241956, ... ) == 0x5c
 00197   404   NtGdiHfontCreate  (1241392, 356, 0, 0, 1327248, ... ) == 0x50a03df
 00198   404   NtGdiGetTextMetricsW  (100729828, 1241896, 68, ... ) == 0x1
 00199   404   NtGdiGetWidthTable  (100729828, 52, 1327952, 308, 1328568, 1327320, 1327336, ... ) == 0x1
 00200   404   NtGdiDeleteObjectApp  (100729828, ... ) == 0x1
 00201   404   NtUserGetForegroundWindow  (... ) == 0x2005c
 00202   404   NtUserQueryWindow  (131164, 0, ... ) == 0x78
 00203   404   NtUserQueryWindow  (131164, 1, ... ) == 0x7c
 00204   404   NtUserGetAtomName  (32770, 1240832, ... ) == 0x6
 00205   404   NtUserCreateWindowEx  (65793, 32770, 32770,  (65793, 32770, 32770, "Error", -2134375995, 404, 335, 222, 126, 0, 0, 2010382336, 0, 1073742848, 0, ... , -2134375995, 404, 335, 222, 126, 0, 0, 2010382336, 0, 1073742848, 0, ...
 00206   404   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\uxtheme.dll"}, 1238356, ... ) }, 1238356, ... ) == 0x0
 00207   404   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\uxtheme.dll"}, 5, 96, ... 52, {status=0x0, info=1}, ) }, 5, 96, ... 52, {status=0x0, info=1}, ) == 0x0
 00208   404   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 52, ... 56, ) == 0x0
 00209   404   NtClose  (52, ... ) == 0x0
 00210   404   NtMapViewOfSection  (56, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0x860000), 0x0, 204800, ) == 0x0
 00211   404   NtClose  (56, ... ) == 0x0
 00212   404   NtUnmapViewOfSection  (-1, 0x860000, ... ) == 0x0
 00213   404   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\uxtheme.dll"}, 1238672, ... ) }, 1238672, ... ) == 0x0
 00214   404   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\uxtheme.dll"}, 5, 96, ... 56, {status=0x0, info=1}, ) }, 5, 96, ... 56, {status=0x0, info=1}, ) == 0x0
 00215   404   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 56, ... 52, ) == 0x0
 00216   404   NtQuerySection  (52, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00217   404   NtOpenProcessToken  (-1, 0x8, ... 60, ) == 0x0
 00218   404   NtQueryInformationToken  (60, User, 136, ... {token info, class 1, size 36}, 36, ) == 0x0
 00219   404   NtOpenKey  (0x3, {24, 0, 0x40, 0, 0,  (0x3, {24, 0, 0x40, 0, 0, "\Registry\MACHINE\System\CurrentControlSet\Control\SafeBoot\Option"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00220   404   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\Registry\Machine\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... 64, ) }, ... 64, ) == 0x0
 00221   404   NtQueryValueKey  (64,  (64, "TransparentEnabled", Partial, 80, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) , Partial, 80, ... TitleIdx=0, Type=4, Data= (64, "TransparentEnabled", Partial, 80, ... TitleIdx=0, Type=4, Data="\1\0\0\0"}, 16, ) }, 16, ) == 0x0
 00222   404   NtClose  (64, ... ) == 0x0
 00223   404   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00224   404   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... 64, ) == 0x0
 00225   404   NtQueryInformationToken  (64, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00226   404   NtClose  (64, ... ) == 0x0
 00227   404   NtOpenKey  (0x1, {24, 0, 0x40, 0, 0,  (0x1, {24, 0, 0x40, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00228   404   NtClose  (60, ... ) == 0x0
 00229   404   NtClose  (56, ... ) == 0x0
 00230   404   NtMapViewOfSection  (52, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x5ad70000), 0x0, 212992, ) == 0x0
 00231   404   NtClose  (52, ... ) == 0x0
 00232   404   NtAllocateVirtualMemory  (-1, 1228800, 0, 4096, 4096, 260, ... 1228800, 4096, ) == 0x0
 00233   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00234   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00235   404   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00236   404   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... 52, ) == 0x0
 00237   404   NtQueryInformationToken  (52, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00238   404   NtClose  (52, ... ) == 0x0
 00239   404   NtOpenKey  (0x2001f, {24, 0, 0x640, 0, 0,  (0x2001f, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... 52, ) }, ... 52, ) == 0x0
 00240   404   NtOpenKey  (0x1, {24, 52, 0x40, 0, 0,  (0x1, {24, 52, 0x40, 0, 0, "Software\Microsoft\Windows\CurrentVersion\ThemeManager"}, ... 56, ) }, ... 56, ) == 0x0
 00241   404   NtQueryValueKey  (56,  (56, "Compositing", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00242   404   NtClose  (56, ... ) == 0x0
 00243   404   NtClose  (52, ... ) == 0x0
 00244   404   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00245   404   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... 52, ) == 0x0
 00246   404   NtQueryInformationToken  (52, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00247   404   NtClose  (52, ... ) == 0x0
 00248   404   NtOpenKey  (0x20019, {24, 0, 0x640, 0, 0,  (0x20019, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... 52, ) }, ... 52, ) == 0x0
 00249   404   NtOpenKey  (0x1, {24, 52, 0x40, 0, 0,  (0x1, {24, 52, 0x40, 0, 0, "Control Panel\Desktop"}, ... 56, ) }, ... 56, ) == 0x0
 00250   404   NtQueryValueKey  (56,  (56, "LameButtonText", Partial, 144, ... ) , Partial, 144, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00251   404   NtClose  (56, ... ) == 0x0
 00252   404   NtClose  (52, ... ) == 0x0
 00253   404   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\u:\work\UxTheme.dll"}, 1238172, ... ) }, 1238172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00254   404   NtQueryAttributesFile  ({24, 12, 0x40, 0, 0,  ({24, 12, 0x40, 0, 0, "UxTheme.dll"}, 1238172, ... ) }, 1238172, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00255   404   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\System32\UxTheme.dll"}, 1238172, ... ) }, 1238172, ... ) == 0x0
 00256   404   NtUserGetProcessWindowStation  (... ) == 0x28
 00257   404   NtUserGetObjectInformation  (40, 2, 0, 0, 1240468, ... ) == 0x0
 00258   404   NtUserGetObjectInformation  (40, 2, 1329760, 16, 1240468, ... ) == 0x1
 00259   404   NtUserGetGUIThreadInfo  (404, 1240424, ... ) == 0x1
 00260   404   NtConnectPort  ( ("\ThemeApiPort", {12, 2, 1, 1}, 0x0, 0x0, 1240244, 64, ... 52, 0x0, 0x0, 0x0, 64, ) , {12, 2, 1, 1}, 0x0, 0x0, 1240244, 64, ... 52, 0x0, 0x0, 0x0, 64, ) == 0x0
 00261   404   NtRequestWaitReplyPort  (52, {32, 56, new_msg, 0, 0, 0, 0, 0}  (52, {32, 56, new_msg, 0, 0, 0, 0, 0} "\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" ... {32, 56, reply, 0, 400, 404, 1499, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" )  ... {32, 56, reply, 0, 400, 404, 1499, 0}  (52, {32, 56, new_msg, 0, 0, 0, 0, 0} "\4\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" ... {32, 56, reply, 0, 400, 404, 1499, 0} "\0\0\0\0\1\0\1\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" )  ) == 0x0
 00262   404   NtRequestWaitReplyPort  (52, {32, 56, new_msg, 0, 0, 0, 0, 0}  (52, {32, 56, new_msg, 0, 0, 0, 0, 0} "\355\3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" ... {32, 56, reply, 0, 400, 404, 1500, 0} "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" )  ... {32, 56, reply, 0, 400, 404, 1500, 0}  (52, {32, 56, new_msg, 0, 0, 0, 0, 0} "\355\3\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" ... {32, 56, reply, 0, 400, 404, 1500, 0} "\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" )  ) == 0x0
 00263   404   NtUserCallNoParam  (29, ...
 00264   404   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\uxtheme.dll"}, 1237716, ... ) }, 1237716, ... ) == 0x0
 00263   404   NtUserCallNoParam  ... ) == 0x0
 00265   404   NtUserSystemParametersInfo  (41, 0, 1524225160, 0, ... ) == 0x1
 00266   404   NtGdiHfontCreate  (1239796, 356, 0, 0, 1327240, ... ) == 0x80a03e4
 00267   404   NtGdiHfontCreate  (1239796, 356, 0, 0, 1327232, ... ) == 0x350a03d4
 00268   404   NtRequestWaitReplyPort  (52, {32, 56, new_msg, 0, 0, 0, 0, 0}  (52, {32, 56, new_msg, 0, 0, 0, 0, 0} "\7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" ... {32, 56, reply, 0, 400, 404, 1501, 0} "\0\0\0\0\0\0\0\08\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" )  ... {32, 56, reply, 0, 400, 404, 1501, 0}  (52, {32, 56, new_msg, 0, 0, 0, 0, 0} "\7\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" ... {32, 56, reply, 0, 400, 404, 1501, 0} "\0\0\0\0\0\0\0\08\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0\0" )  ) == 0x0
 00269   404   NtMapViewOfSection  (56, -1, (0x0), 0, 0, {0, 0}, 0, 1, 0, 2, ... (0x860000), {0, 0}, 331776, ) == 0x0
 00270   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00271   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00272   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00273   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00274   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00275   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00276   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00277   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00278   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00279   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00280   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00281   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00282   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00283   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00284   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00285   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00286   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00287   404   NtGdiCreatePatternBrushInternal  (59048369, 0, 0, ... ) == 0x541003bf
 00288   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00289   404   NtUserCallNoParam  (29, ...
 00290   404   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\uxtheme.dll"}, 1237160, ... ) }, 1237160, ... ) == 0x0
 00289   404   NtUserCallNoParam  ... ) == 0x0
 00291   404   NtUserCallNoParam  (29, ...
 00292   404   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\WINDOWS\system32\uxtheme.dll"}, 1237156, ... ) }, 1237156, ... ) == 0x0
 00291   404   NtUserCallNoParam  ... ) == 0x0
 00293   404   NtUserSetWindowFNID  (131248, 676, ... ) == 0x1
 00294   404   NtUserCallHwndParam  (131248, 1329828, 78, ... ) == 0x144aa4
 00295   404   NtUserMessageCall  (0x200b0, WM_NCCREATE, 0x0, 0x12eeac, 0, 670, 0, ... ) == 0x1
 00296   404   NtUserMessageCall  (0x200b0, WM_NCCALCSIZE, 0x0, 0x12eed4, 0, 670, 0, ... ) == 0x0
 00297   404   NtUserGetClassName  (131248, 0, 1239968, ... ) == 0x6
 00298   404   NtUserRemoveProp  (131248, 43282, ... ) == 0x0
 00299   404   NtRequestWaitReplyPort  (24, {24, 52, new_msg, 0, 5701724, 5111881, 5177412, 5439575}  (24, {24, 52, new_msg, 0, 5701724, 5111881, 5177412, 5439575} "\0\0\0\0\5\4\3\0t\0e\0m\03\0\224\1\0\0\0\0\0\0" ... {24, 52, reply, 0, 400, 404, 1502, 0} "\0\0\0\0\5\4\3\0\0\0\0\0m\03\0\224\1\0\0\0\0\0\0" )  ... {24, 52, reply, 0, 400, 404, 1502, 0}  (24, {24, 52, new_msg, 0, 5701724, 5111881, 5177412, 5439575} "\0\0\0\0\5\4\3\0t\0e\0m\03\0\224\1\0\0\0\0\0\0" ... {24, 52, reply, 0, 400, 404, 1502, 0} "\0\0\0\0\5\4\3\0\0\0\0\0m\03\0\224\1\0\0\0\0\0\0" )  ) == 0x0
 00300   404   NtUserGetThreadDesktop  (404, 0, ... ) == 0x2c
 00301   404   NtUserGetObjectInformation  (44, 2, 1239644, 520, 0, ... ) == 0x1
 00302   404   NtGdiDeleteObjectApp  (1410335679, ... ) == 0x1
 00303   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00304   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00305   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00306   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00307   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00308   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00309   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00310   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00311   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00312   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00313   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00314   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00315   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00316   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00317   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00318   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00319   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00320   404   NtGdiCreatePatternBrushInternal  (59048369, 0, 0, ... ) == 0x551003bf
 00321   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00322   404   NtAllocateVirtualMemory  (-1, 8667136, 0, 4096, 4096, 4, ... 8667136, 4096, ) == 0x0
 00323   404   NtUserSetProp  (131248, 43288, 8666496, ... ) == 0x1
 00205   404   NtUserCreateWindowEx  ... ) == 0x200b0
 00324   404   NtUserCallHwndLock  (131248, 89, ...
 00325   404   NtQueryDefaultUILanguage  (2013024600, ...
 00326   404   NtOpenThreadTokenEx  (-2, 0x20008, 1, 512, ... ) == STATUS_NO_TOKEN
 00327   404   NtOpenProcessTokenEx  (-1, 0x20008, 512, ... -2147482020, ) == 0x0
 00328   404   NtQueryInformationToken  (-2147482020, User, 80, ... {token info, class 1, size 36}, 36, ) == 0x0
 00329   404   NtClose  (-2147482020, ... ) == 0x0
 00330   404   NtOpenKey  (0x2000000, {24, 0, 0x640, 0, 0,  (0x2000000, {24, 0, 0x640, 0, 0, "\REGISTRY\USER\S-1-5-21-1078081533-484763869-839522115-1003"}, ... -2147482020, ) }, ... -2147482020, ) == 0x0
 00331   404   NtOpenKey  (0x80000000, {24, 0, 0x240, 0, 0,  (0x80000000, {24, 0, 0x240, 0, 0, "\Registry\Machine\System\CurrentControlSet\Control\Nls\MUILanguages"}, ... ) }, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00332   404   NtOpenKey  (0x80000000, {24, -2147482020, 0x640, 0, 0,  (0x80000000, {24, -2147482020, 0x640, 0, 0, "Control Panel\Desktop"}, ... -2147482032, ) }, ... -2147482032, ) == 0x0
 00333   404   NtQueryValueKey  (-2147482032,  (-2147482032, "MultiUILanguageId", Partial, 256, ... ) , Partial, 256, ... ) == STATUS_OBJECT_NAME_NOT_FOUND
 00334   404   NtClose  (-2147482032, ... ) == 0x0
 00335   404   NtClose  (-2147482020, ... ) == 0x0
 00325   404   NtQueryDefaultUILanguage  ... ) == 0x0
 00336   404   NtQueryInstallUILanguage  (2013024602, ... ) == 0x0
 00337   404   NtQueryDefaultLocale  (1, 1241732, ... ) == 0x0
 00338   404   NtUserCallNoParam  (0, ... ) == 0x30071
 00339   404   NtUserCallNoParam  (0, ... ) == 0x2006b
 00340   404   NtUserThunkedMenuItemInfo  (131179, -1, 1, 1, 1241772, 1241820, ... ) == 0x1
 00341   404   NtUserThunkedMenuItemInfo  (131179, -1, 1, 1, 1241772, 1241820, ... ) == 0x1
 00342   404   NtUserThunkedMenuItemInfo  (196721, -1, 1, 1, 1241868, 1241916, ... ) == 0x1
 00324   404   NtUserCallHwndLock  ... ) == 0x1
 00343   404   NtUserGetAtomName  (49175, 1240832, ... ) == 0x6
 00344   404   NtUserCreateWindowEx  (4, 49175, 49175,  (4, 49175, 49175, "OK", 1342373889, 71, 60, 75, 23, 131248, 1, 2010382336, 0, 1073742848, 0, ... , 1342373889, 71, 60, 75, 23, 131248, 1, 2010382336, 0, 1073742848, 0, ...
 00345   404   NtUserSetWindowFNID  (65734, 673, ... ) == 0x1
 00346   404   NtUserSetWindowLong  (65734, 0, 1330060, 0, ... ) == 0x0
 00347   404   NtUserMessageCall  (0x100c6, WM_NCCREATE, 0x0, 0x12eeac, 0, 670, 0, ... ) == 0x1
 00348   404   NtUserMessageCall  (0x100c6, WM_NCCALCSIZE, 0x0, 0x12eed4, 0, 670, 0, ... ) == 0x0
 00349   404   NtUserSetProp  (65734, 43288, -1, ... ) == 0x1
 00344   404   NtUserCreateWindowEx  ... ) == 0x100c6
 00350   404   NtUserGetAtomName  (49177, 1240832, ... ) == 0x6
 00351   404   NtUserCreateWindowEx  (4, 49177, 49177, "1342308355, 11, 11, 0, 0, 131248, 20, 2010382336, 0, 1073742848, 0, ...
 00352   404   NtUserSetWindowFNID  (65736, 680, ... ) == 0x1
 00353   404   NtUserSetWindowLong  (65736, 0, 1330264, 0, ... ) == 0x0
 00354   404   NtUserMessageCall  (0x100c8, WM_NCCREATE, 0x0, 0x12eeac, 0, 670, 0, ... ) == 0x1
 00355   404   NtUserMessageCall  (0x100c8, WM_NCCALCSIZE, 0x0, 0x12eed4, 0, 670, 0, ... ) == 0x0
 00356   404   NtUserSetProp  (65736, 43288, -1, ... ) == 0x1
 00357   404   NtUserFindExistingCursorIcon  (1239620, 1239636, 1240204, ... ) == 0x0
 00358   404   NtUserFindExistingCursorIcon  (1239620, 1239636, 1240204, ... ) == 0x0
 00359   404   NtUserFindExistingCursorIcon  (1239620, 1239636, 1240204, ... ) == 0x10009
 00360   404   NtUserGetIconSize  (65545, 0, 1240224, 1240228, ... ) == 0x1
 00361   404   NtUserGetCursorFrameInfo  (65545, 0, 1240260, 1240236, ... ) == 0x10009
 00362   404   NtUserSetWindowPos  (65736, 0, 0, 0, 32, 32, 22, ...
 00363   404   NtUserMessageCall  (0x100c8, WM_WINDOWPOSCHANGING, 0x0, 0x12ec1c, 0, 670, 0, ... ) == 0x0
 00364   404   NtUserMessageCall  (0x100c8, WM_NCCALCSIZE, 0x1, 0x12ebf0, 0, 670, 0, ... ) == 0x0
 00362   404   NtUserSetWindowPos  ... ) == 0x1
 00351   404   NtUserCreateWindowEx  ... ) == 0x100c8
 00365   404   NtUserGetAtomName  (49177, 1240832, ... ) == 0x6
 00366   404   NtUserCreateWindowEx  (4, 49177, 49177,  (4, 49177, 49177, "Pack method not implemented.", 1342316672, 62, 20, 149, 15, 131248, 65535, 2010382336, 0, 1073742848, 0, ... , 1342316672, 62, 20, 149, 15, 131248, 65535, 2010382336, 0, 1073742848, 0, ...
 00367   404   NtUserSetWindowFNID  (65738, 680, ... ) == 0x1
 00368   404   NtUserSetWindowLong  (65738, 0, 1330240, 0, ... ) == 0x0
 00369   404   NtUserMessageCall  (0x100ca, WM_NCCREATE, 0x0, 0x12eeac, 0, 670, 0, ... ) == 0x1
 00370   404   NtUserMessageCall  (0x100ca, WM_NCCALCSIZE, 0x0, 0x12eed4, 0, 670, 0, ... ) == 0x0
 00371   404   NtUserSetProp  (65738, 43288, -1, ... ) == 0x1
 00366   404   NtUserCreateWindowEx  ... ) == 0x100ca
 00372   404   NtUserSetWindowLong  (131248, -21, 1243332, 0, ... ) == 0x0
 00373   404   NtUserCallHwnd  (131248, 72, ... ) == 0xbc645cf8
 00374   404   NtAllocateVirtualMemory  (-1, 0, 0, 131064, 8192, 4, ... 9175040, 131072, ) == 0x0
 00375   404   NtAllocateVirtualMemory  (-1, 9175040, 0, 4096, 4096, 4, ... 9175040, 4096, ) == 0x0
 00376   404   NtUserSetFocus  (65734, ...
 00377   404   NtUserMessageCall  (0x200b0, WM_NCACTIVATE, 0x1, 0xffffffff, 0, 670, 0, ... ) == 0x1
 00378   404   NtUserInternalGetWindowText  (0x200b0, 260, ...  (0x200b0, 260, ... "Error", ) , ) == 0x5
 00379   404   NtUserGetWindowDC  (131248, ... ) == 0x1010050
 00380   404   NtAllocateVirtualMemory  (-1, 1331200, 0, 4096, 4096, 4, ... 1331200, 4096, ) == 0x0
 00381   404   NtGdiGetTextMetricsW  (16842832, 1239892, 68, ... ) == 0x1
 00382   404   NtGdiGetRandomRgn  (16842832, 369361894, 1, ... ) == 0x0
 00383   404   NtGdiIntersectClipRect  (16842832, 0, 0, 0, 0, ... ) == 0x3
 00384   404   NtGdiGetWidthTable  (16842832, 5, 1331712, 261, 1332234, 1331080, 1331096, ... ) == 0x1
 00385   404   NtGdiExtSelectClipRgn  (16842832, 0, 5, ... ) == 0x1
 00386   404   NtUserCallOneParam  (16842832, 56, ... ) == 0x1
 00387   404   NtUserCalcMenuBar  (131248, 3, 3, 29, 8666680, ... ) == 0x0
 00388   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x2, 0x0, 1239860, 690, 0, ...
 00389   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x2, 0x0, 0, 670, 0, ... ) == 0x0
 00388   404   NtUserMessageCall  ... ) == 0x0
 00390   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x0, 0x0, 1239860, 690, 0, ...
 00391   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x0, 0x0, 0, 670, 0, ... ) == 0x0
 00390   404   NtUserMessageCall  ... ) == 0x0
 00392   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x1, 0x0, 1239860, 690, 0, ...
 00393   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x1, 0x0, 0, 670, 0, ... ) == 0x0
 00392   404   NtUserMessageCall  ... ) == 0x0
 00394   404   NtUserGetTitleBarInfo  (131248, 1240488, ... ) == 0x1
 00395   404   NtUserGetDCEx  (131248, 0, 66561, ... ) == 0x1010053
 00396   404   NtGdiExcludeClipRect  (16842835, 3, 29, 219, 123, ... ) == 0x3
 00397   404   NtGdiDrawStream  (16842835, 96, 1239892, ... ) == 0x1
 00398   404   NtGdiDrawStream  (16842835, 96, 1239892, ... ) == 0x1
 00399   404   NtGdiDrawStream  (16842835, 96, 1239892, ... ) == 0x1
 00400   404   NtGdiCreateCompatibleBitmap  (16842835, 222, 29, ... ) == 0x80503e7
 00401   404   NtGdiCreateCompatibleDC  (16842835, ... ) == 0xb0103e2
 00402   404   NtGdiSelectBitmap  (184615906, 134546407, ... ) == 0x185000f
 00403   404   NtGdiDrawStream  (184615906, 96, 1239784, ... ) == 0x1
 00404   404   NtGdiDrawStream  (184615906, 96, 1239740, ... ) == 0x1
 00405   404   NtGdiDrawStream  (184615906, 96, 1239740, ... ) == 0x1
 00406   404   NtUserInternalGetWindowText  (0x200b0, 260, ...  (0x200b0, 260, ... "Error", ) , ) == 0x5
 00407   404   NtGdiGetRandomRgn  (184615906, 386139110, 1, ... ) == 0x0
 00408   404   NtGdiIntersectClipRect  (184615906, 8, 8, 194, 25, ... ) == 0x3
 00409   404   NtGdiExtSelectClipRgn  (184615906, 0, 5, ... ) == 0x2
 00410   404   NtGdiGetRandomRgn  (184615906, 402916326, 1, ... ) == 0x0
 00411   404   NtGdiIntersectClipRect  (184615906, 7, 7, 193, 25, ... ) == 0x3
 00412   404   NtGdiExtSelectClipRgn  (184615906, 0, 5, ... ) == 0x2
 00413   404   NtGdiBitBlt  (16842835, 0, 0, 222, 29, 184615906, 0, 0, 13369376, -1, 0, ... ) == 0x1
 00414   404   NtGdiSelectBitmap  (184615906, 25493519, ... ) == 0x80503e7
 00415   404   NtGdiDeleteObjectApp  (184615906, ... ) == 0x1
 00416   404   NtGdiDeleteObjectApp  (134546407, ... ) == 0x1
 00417   404   NtUserCallOneParam  (16842835, 56, ... ) == 0x1
 00376   404   NtUserSetFocus  ... ) == 0x0
 00418   404   NtUserSetWindowLong  (65734, -12, 2, 0, ... ) == 0x1
 00419   404   NtUserGetClassName  (65734, 0, 1241376, ... ) == 0x6
 00420   404   NtUserGetClassName  (65736, 0, 1241376, ... ) == 0x6
 00421   404   NtUserGetClassName  (65738, 0, 1241376, ... ) == 0x6
 00422   404   NtUserGetAncestor  (131248, 1, ... ) == 0x10014
 00423   404   NtUserSetWindowPos  (131248, 0, 404, 335, 222, 126, 1047, ... ) == 0x1
 00424   404   NtUserMessageCall  (0x200b0, 0x128, 0x30001, 0x0, 0, 670, 0, ...
 00425   404   NtUserMessageCall  (0x100c6, 0x128, 0x30001, 0x0, 0, 670, 0, ... ) == 0x0
 00426   404   NtUserMessageCall  (0x100c8, 0x128, 0x30001, 0x0, 0, 670, 0, ... ) == 0x0
 00427   404   NtUserMessageCall  (0x100ca, 0x128, 0x30001, 0x0, 0, 670, 0, ... ) == 0x0
 00424   404   NtUserMessageCall  ... ) == 0x0
 00428   404   NtUserShowWindow  (131248, 1, ...
 00429   404   NtUserInternalGetWindowText  (0x200b0, 260, ...  (0x200b0, 260, ... "Error", ) , ) == 0x5
 00430   404   NtUserGetWindowDC  (131248, ... ) == 0x1010053
 00431   404   NtGdiGetRandomRgn  (16842835, 419693542, 1, ... ) == 0x0
 00432   404   NtGdiIntersectClipRect  (16842835, 0, 0, 0, 0, ... ) == 0x3
 00433   404   NtGdiGetCharSet  (16842835, ... ) == 0x4e4
 00434   404   NtGdiExtSelectClipRgn  (16842835, 0, 5, ... ) == 0x2
 00435   404   NtUserCallOneParam  (16842835, 56, ... ) == 0x1
 00436   404   NtUserCalcMenuBar  (131248, 3, 3, 29, 8666680, ... ) == 0x0
 00437   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x2, 0x0, 1240476, 690, 0, ...
 00438   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x2, 0x0, 0, 670, 0, ... ) == 0x0
 00437   404   NtUserMessageCall  ... ) == 0x0
 00439   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x0, 0x0, 1240476, 690, 0, ...
 00440   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x0, 0x0, 0, 670, 0, ... ) == 0x0
 00439   404   NtUserMessageCall  ... ) == 0x0
 00441   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x1, 0x0, 1240476, 690, 0, ...
 00442   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x1, 0x0, 0, 670, 0, ... ) == 0x0
 00441   404   NtUserMessageCall  ... ) == 0x0
 00443   404   NtUserGetTitleBarInfo  (131248, 1241104, ... ) == 0x1
 00444   404   NtUserGetDCEx  (131248, 0, 66561, ... ) == 0x1010050
 00445   404   NtGdiExcludeClipRect  (16842832, 3, 29, 219, 123, ... ) == 0x3
 00446   404   NtGdiDrawStream  (16842832, 96, 1240508, ... ) == 0x1
 00447   404   NtGdiDrawStream  (16842832, 96, 1240508, ... ) == 0x1
 00448   404   NtGdiDrawStream  (16842832, 96, 1240508, ... ) == 0x1
 00449   404   NtGdiCreateCompatibleBitmap  (16842832, 222, 29, ... ) == 0xc0503e7
 00450   404   NtGdiCreateCompatibleDC  (16842832, ... ) == 0x20103e9
 00451   404   NtGdiSelectBitmap  (33620969, 201655271, ... ) == 0x185000f
 00452   404   NtGdiDrawStream  (33620969, 96, 1240400, ... ) == 0x1
 00453   404   NtGdiDrawStream  (33620969, 96, 1240356, ... ) == 0x1
 00454   404   NtGdiDrawStream  (33620969, 96, 1240356, ... ) == 0x1
 00455   404   NtUserInternalGetWindowText  (0x200b0, 260, ...  (0x200b0, 260, ... "Error", ) , ) == 0x5
 00456   404   NtGdiGetRandomRgn  (33620969, 436470758, 1, ... ) == 0x0
 00457   404   NtGdiIntersectClipRect  (33620969, 8, 8, 194, 25, ... ) == 0x3
 00458   404   NtGdiExtSelectClipRgn  (33620969, 0, 5, ... ) == 0x2
 00459   404   NtGdiGetRandomRgn  (33620969, 453247974, 1, ... ) == 0x0
 00460   404   NtGdiIntersectClipRect  (33620969, 7, 7, 193, 25, ... ) == 0x3
 00461   404   NtGdiExtSelectClipRgn  (33620969, 0, 5, ... ) == 0x2
 00462   404   NtGdiBitBlt  (16842832, 0, 0, 222, 29, 33620969, 0, 0, 13369376, -1, 0, ... ) == 0x1
 00463   404   NtGdiSelectBitmap  (33620969, 25493519, ... ) == 0xc0503e7
 00464   404   NtGdiDeleteObjectApp  (33620969, ... ) == 0x1
 00465   404   NtGdiDeleteObjectApp  (201655271, ... ) == 0x1
 00466   404   NtUserCallOneParam  (16842832, 56, ... ) == 0x1
 00467   404   NtUserFillWindow  (131248, 131248, 16842834, 4, ...
 00468   404   NtUserGetAncestor  (131248, 1, ... ) == 0x10014
 00469   404   NtUserGetAncestor  (65556, 1, ... ) == 0x0
 00467   404   NtUserFillWindow  ... ) == 0x1
 00470   404   NtUserInternalGetWindowText  (0x200b0, 260, ...  (0x200b0, 260, ... "Error", ) , ) == 0x5
 00471   404   NtUserGetWindowDC  (131248, ... ) == 0x1010053
 00472   404   NtGdiGetRandomRgn  (16842835, 470025190, 1, ... ) == 0x0
 00473   404   NtGdiIntersectClipRect  (16842835, 0, 0, 0, 0, ... ) == 0x3
 00474   404   NtGdiGetCharSet  (16842835, ... ) == 0x4e4
 00475   404   NtGdiExtSelectClipRgn  (16842835, 0, 5, ... ) == 0x2
 00476   404   NtUserCallOneParam  (16842835, 56, ... ) == 0x1
 00477   404   NtUserCalcMenuBar  (131248, 3, 3, 29, 8666680, ... ) == 0x0
 00478   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x2, 0x0, 1240760, 690, 0, ...
 00479   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x2, 0x0, 0, 670, 0, ... ) == 0x0
 00478   404   NtUserMessageCall  ... ) == 0x0
 00480   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x0, 0x0, 1240760, 690, 0, ...
 00481   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x0, 0x0, 0, 670, 0, ... ) == 0x0
 00480   404   NtUserMessageCall  ... ) == 0x0
 00482   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x1, 0x0, 1240760, 690, 0, ...
 00483   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x1, 0x0, 0, 670, 0, ... ) == 0x0
 00482   404   NtUserMessageCall  ... ) == 0x0
 00484   404   NtUserGetTitleBarInfo  (131248, 1241388, ... ) == 0x1
 00485   404   NtUserBuildHwndList  (0, 131248, 1, 0, 64, ... (0x100c6, 0x100c8, 0x100ca, 0x1, ), 4, ) == 0x0
 00486   404   NtUserGetWindowDC  (0, ... ) == 0x1010051
 00487   404   NtUserCallOneParam  (16842833, 56, ... ) == 0x1
 00488   404   NtGdiExtCreateRegion  (0, 112, 8668176, ... ) == 0xe0403e7
 00489   404   NtGdiOffsetRgn  (235144167, 0, 0, ... ) == 0x3
 00490   404   NtGdiCombineRgn  (486802406, 235144167, 486802406, 5, ... ) == 0x3
 00491   404   NtGdiCreateRectRgn  (0, 0, 1, 1, ... ) == 0x30403e9
 00492   404   NtGdiCombineRgn  (486802406, 50594793, 486802406, 2, ... ) == 0x3
 00493   404   NtGdiCreateRectRgn  (0, 0, 1, 1, ... ) == 0x10403ea
 00494   404   NtGdiCombineRgn  (486802406, 17040362, 486802406, 2, ... ) == 0x3
 00495   404   NtGdiCreateRectRgn  (0, 0, 1, 1, ... ) == 0x10403eb
 00496   404   NtGdiCombineRgn  (486802406, 17040363, 486802406, 2, ... ) == 0x3
 00497   404   NtGdiCreateRectRgn  (0, 0, 1, 1, ... ) == 0x10403ec
 00498   404   NtGdiCombineRgn  (486802406, 17040364, 486802406, 2, ... ) == 0x3
 00499   404   NtGdiCreateRectRgn  (0, 0, 1, 1, ... ) == 0x10403ed
 00500   404   NtGdiCombineRgn  (17040365, 486802406, 0, 5, ... ) == 0x3
 00501   404   NtUserSetWindowRgn  (131248, 486802406, 1, ...
 00502   404   NtUserMessageCall  (0x200b0, WM_NCCALCSIZE, 0x1, 0x12f070, 0, 670, 0, ... ) == 0x0
 00503   404   NtUserInternalGetWindowText  (0x200b0, 260, ...  (0x200b0, 260, ... "Error", ) , ) == 0x5
 00504   404   NtUserGetWindowDC  (131248, ... ) == 0x1010053
 00505   404   NtGdiGetRandomRgn  (16842835, 33817580, 1, ... ) == 0x0
 00506   404   NtGdiIntersectClipRect  (16842835, 0, 0, 0, 0, ... ) == 0x3
 00507   404   NtGdiGetCharSet  (16842835, ... ) == 0x4e4
 00508   404   NtGdiExtSelectClipRgn  (16842835, 0, 5, ... ) == 0x3
 00509   404   NtUserCallOneParam  (16842835, 56, ... ) == 0x1
 00510   404   NtUserCalcMenuBar  (131248, 3, 3, 29, 8666680, ... ) == 0x0
 00511   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x2, 0x0, 1239560, 690, 0, ...
 00512   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x2, 0x0, 0, 670, 0, ... ) == 0x0
 00511   404   NtUserMessageCall  ... ) == 0x0
 00513   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x0, 0x0, 1239560, 690, 0, ...
 00514   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x0, 0x0, 0, 670, 0, ... ) == 0x0
 00513   404   NtUserMessageCall  ... ) == 0x0
 00515   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x1, 0x0, 1239560, 690, 0, ...
 00516   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x1, 0x0, 0, 670, 0, ... ) == 0x0
 00515   404   NtUserMessageCall  ... ) == 0x0
 00517   404   NtUserGetTitleBarInfo  (131248, 1240188, ... ) == 0x1
 00518   404   NtUserGetDCEx  (131248, 0, 66561, ... ) == 0x1010052
 00519   404   NtGdiExcludeClipRect  (16842834, 3, 29, 219, 123, ... ) == 0x3
 00520   404   NtGdiDrawStream  (16842834, 96, 1239592, ... ) == 0x1
 00521   404   NtGdiDrawStream  (16842834, 96, 1239592, ... ) == 0x1
 00522   404   NtGdiDrawStream  (16842834, 96, 1239592, ... ) == 0x1
 00523   404   NtGdiCreateCompatibleBitmap  (16842834, 222, 29, ... ) == 0x40503ef
 00524   404   NtGdiCreateCompatibleDC  (16842834, ... ) == 0x20103f0
 00525   404   NtGdiSelectBitmap  (33620976, 67437551, ... ) == 0x185000f
 00526   404   NtGdiDrawStream  (33620976, 96, 1239484, ... ) == 0x1
 00527   404   NtGdiDrawStream  (33620976, 96, 1239440, ... ) == 0x1
 00528   404   NtGdiDrawStream  (33620976, 96, 1239440, ... ) == 0x1
 00529   404   NtUserInternalGetWindowText  (0x200b0, 260, ...  (0x200b0, 260, ... "Error", ) , ) == 0x5
 00530   404   NtGdiGetRandomRgn  (33620976, 50594796, 1, ... ) == 0x0
 00531   404   NtGdiIntersectClipRect  (33620976, 8, 8, 194, 25, ... ) == 0x3
 00532   404   NtGdiExtSelectClipRgn  (33620976, 0, 5, ... ) == 0x2
 00533   404   NtGdiGetRandomRgn  (33620976, 67372012, 1, ... ) == 0x0
 00534   404   NtGdiIntersectClipRect  (33620976, 7, 7, 193, 25, ... ) == 0x3
 00535   404   NtGdiExtSelectClipRgn  (33620976, 0, 5, ... ) == 0x2
 00536   404   NtGdiBitBlt  (16842834, 0, 0, 222, 29, 33620976, 0, 0, 13369376, -1, 0, ... ) == 0x1
 00537   404   NtGdiSelectBitmap  (33620976, 25493519, ... ) == 0x40503ef
 00538   404   NtGdiDeleteObjectApp  (33620976, ... ) == 0x1
 00539   404   NtGdiDeleteObjectApp  (67437551, ... ) == 0x1
 00540   404   NtUserCallOneParam  (16842834, 56, ... ) == 0x1
 00541   404   NtUserFillWindow  (131248, 131248, 16842832, 4, ...
 00542   404   NtUserGetAncestor  (131248, 1, ... ) == 0x10014
 00543   404   NtUserGetAncestor  (65556, 1, ... ) == 0x0
 00541   404   NtUserFillWindow  ... ) == 0x1
 00501   404   NtUserSetWindowRgn  ... ) == 0x1
 00428   404   NtUserShowWindow  ... ) == 0x0
 00544   404   NtUserCallHwndLock  (131248, 93, ...
 00545   404   NtUserMessageCall  (0x200b0, WM_PAINT, 0x0, 0x0, 0, 670, 0, ... ) == 0x0
 00546   404   NtUserBeginPaint  (0x100c6, 1241760, ...
 00547   404   NtUserMessageCall  (0x100c6, WM_NCPAINT, 0x1, 0x0, 0, 670, 0, ... ) == 0x0
 00546   404   NtUserBeginPaint  ... ) == 0x1010050
 00548   404   NtUserGetControlBrush  (0x100c6, 16842832, 309, ... ) == 0x1100056
 00549   404   NtGdiIntersectClipRect  (16842832, 0, 0, 75, 23, ... ) == 0x3
 00550   404   NtGdiIntersectClipRect  (16842832, 3, 3, 72, 20, ... ) == 0x3
 00551   404   NtUserEndPaint  (0x100c6, 1241760, ... ) == 0x1
 00552   404   NtUserBeginPaint  (0x100c8, 1241772, ...
 00553   404   NtUserMessageCall  (0x100c8, WM_NCPAINT, 0x1, 0x0, 0, 670, 0, ... ) == 0x0
 00552   404   NtUserBeginPaint  ... ) == 0x1010050
 00554   404   NtGdiIntersectClipRect  (16842832, 0, 0, 32, 32, ... ) == 0x3
 00555   404   NtUserGetControlBrush  (0x100c8, 16842832, 312, ... ) == 0x1100056
 00556   404   NtGdiGetDCDword  (16842832, 7, 1241492, ... ) == 0x1
 00557   404   NtUserDrawIconEx  (16842832, 0, 0, 65545, 32, 32, 0, 17825878, 3, 0, 1241536, ... ) == 0x1
 00558   404   NtUserEndPaint  (0x100c8, 1241772, ... ) == 0x1
 00559   404   NtUserBeginPaint  (0x100ca, 1241772, ...
 00560   404   NtUserMessageCall  (0x100ca, WM_NCPAINT, 0x1, 0x0, 0, 670, 0, ... ) == 0x0
 00559   404   NtUserBeginPaint  ... ) == 0x1010050
 00561   404   NtGdiIntersectClipRect  (16842832, 0, 0, 149, 15, ... ) == 0x3
 00562   404   NtUserGetControlBrush  (0x100ca, 16842832, 312, ... ) == 0x1100056
 00563   404   NtGdiGetTextCharsetInfo  (16842832, 0, 0, ... ) == 0x0
 00564   404   NtUserEndPaint  (0x100ca, 1241772, ... ) == 0x1
 00544   404   NtUserCallHwndLock  ... ) == 0x1
 00565   404   NtUserPeekMessage  (0, 0, 0, 1, ...
 00566   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x2, 0x0, 0, 670, 0, ... ) == 0x0
 00567   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x0, 0x0, 0, 670, 0, ... ) == 0x0
 00568   404   NtUserMessageCall  (0x200b0, WM_GETICON, 0x1, 0x0, 0, 670, 0, ... ) == 0x0
 00569   404   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Program Files\VMware\VMware Tools\hook.dll"}, 1239624, ... ) }, 1239624, ... ) == 0x0
 00570   404   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\Program Files\VMware\VMware Tools\hook.dll"}, 5, 96, ... 60, {status=0x0, info=1}, ) }, 5, 96, ... 60, {status=0x0, info=1}, ) == 0x0
 00571   404   NtCreateSection  (0xe, 0x0, 0x0, 16, 134217728, 60, ... 64, ) == 0x0
 00572   404   NtClose  (60, ... ) == 0x0
 00573   404   NtMapViewOfSection  (64, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 16, ... (0x8e0000), 0x0, 45056, ) == 0x0
 00574   404   NtClose  (64, ... ) == 0x0
 00575   404   NtUnmapViewOfSection  (-1, 0x8e0000, ... ) == 0x0
 00576   404   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Program Files\VMware\VMware Tools\hook.dll"}, 1239940, ... ) }, 1239940, ... ) == 0x0
 00577   404   NtQueryAttributesFile  ({24, 0, 0x40, 0, 0,  ({24, 0, 0x40, 0, 0, "\??\C:\Program Files\VMware\VMware Tools\hook.dll"}, 1239940, ... ) }, 1239940, ... ) == 0x0
 00578   404   NtOpenFile  (0x100020, {24, 0, 0x40, 0, 0,  (0x100020, {24, 0, 0x40, 0, 0, "\??\C:\Program Files\VMware\VMware Tools\hook.dll"}, 5, 96, ... 64, {status=0x0, info=1}, ) }, 5, 96, ... 64, {status=0x0, info=1}, ) == 0x0
 00579   404   NtCreateSection  (0xf, 0x0, 0x0, 16, 16777216, 64, ... 60, ) == 0x0
 00580   404   NtQuerySection  (60, Image, 48, ... {section info, class 1, size 48}, 0x0, ) == 0x0
 00581   404   NtClose  (64, ... ) == 0x0
 00582   404   NtMapViewOfSection  (60, -1, (0x0), 0, 0, 0x0, 0, 1, 0, 4, ... (0x10000000), 0x0, 49152, ) == 0x0
 00583   404   NtClose  (60, ... ) == 0x0
 00584   404   NtProtectVirtualMemory  (-1, (0x10006000), 256, 4, ... (0x10006000), 4096, 2, ) == 0x0
 00585   404   NtProtectVirtualMemory  (-1, (0x10006000), 4096, 2, ... (0x10006000), 4096, 4, ) == 0x0
 00586   404   NtFlushInstructionCache  (-1, 268460032, 256, ... ) == 0x0
 00587   404   NtProtectVirtualMemory  (-1, (0x10006000), 256, 4, ... (0x10006000), 4096, 2, ) == 0x0
 00588   404   NtProtectVirtualMemory  (-1, (0x10006000), 4096, 2, ... (0x10006000), 4096, 4, ) == 0x0
 00589   404   NtFlushInstructionCache  (-1, 268460032, 256, ... ) == 0x0
 00590   404   NtQuerySystemInformation  (Basic, 44, ... {Unknown=0,MaximumIncrement=156250,PhysicalPageSize=0x1000,NumberOfPhysicalPages=0xff7c,LowestPhysicalPage=0x1,HighestPhysicalPage=0xffff,AllocationGranularity=0x10000,LowestUserAddress=0x10000,HighestUserAddress=0x7ffeffff,ActiveProcessors=1,NumberProcessors=1,}, 0x0, ) == 0x0
 00591   404   NtAllocateVirtualMemory  (-1, 0, 0, 65536, 8192, 4, ... 9306112, 65536, ) == 0x0
 00592   404   NtAllocateVirtualMemory  (-1, 9306112, 0, 4096, 4096, 4, ... 9306112, 4096, ) == 0x0
 00593   404   NtAllocateVirtualMemory  (-1, 9310208, 0, 8192, 4096, 4, ... 9310208, 8192, ) == 0x0
 00594   404   NtQueryPerformanceCounter  (... {94708650, 0}, {3579545, 0}, ) == 0x0
 00595   404   NtUserMessageCall  (0x200b0, WM_SETCURSOR, 0x200b0, 0x2000001, 0, 670, 0, ... ) == 0x0
 00565   404   NtUserPeekMessage  ... {0x200b0, WM_MOUSEFIRST, 0x0, 0x140069, 0x6774, {512, 384}}, ) == 0x1
 00596   404   NtOpenProcessToken  (-1, 0x8, ... 60, ) == 0x0
 00597   404   NtQueryInformationToken  (60, Statistics, 56, ... {token info, class 10, size 56}, 56, ) == 0x0
 00598   404   NtClose  (60, ... ) == 0x0
 00599   404   NtUserCallMsgFilter  (1242128, 0, ... ) == 0x0
 00600   404   NtUserPeekMessage  (0, 0, 0, 1, ... {0x200b0, WM_MOUSEFIRST, 0x0, 0x140069, 0x6774, {512, 384}}, ) == 0x0
 00601   404   NtUserWaitMessage  (... ) == 0x1
 00602   404   NtUserPeekMessage  (0, 0, 0, 1, ...
 00603   404   NtUserMessageCall  (0x200b0, WM_SETCURSOR, 0x200b0, 0x2000001, 0, 670, 0, ... ) == 0x0
 00602   404   NtUserPeekMessage  ... {0x200b0, WM_MOUSEFIRST, 0x0, 0x140069, 0x7290, {512, 384}}, ) == 0x1
 00604   404   NtUserCallMsgFilter  (1242128, 0, ... ) == 0x0
 00605   404   NtUserPeekMessage  (0, 0, 0, 1, ... {0x200b0, WM_MOUSEFIRST, 0x0, 0x140069, 0x7290, {512, 384}}, ) == 0x0
 00606   404   NtUserWaitMessage  (... ) == 0x1
 00607   404   NtUserPeekMessage  (0, 0, 0, 1, ...
 00608   404   NtUserMessageCall  (0x200b0, WM_SETCURSOR, 0x200b0, 0x2000001, 0, 670, 0, ... ) == 0x0
 00607   404   NtUserPeekMessage  ... {0x200b0, WM_MOUSEFIRST, 0x0, 0x140069, 0x7290, {512, 384}}, ) == 0x1
 00609   404   NtUserCallMsgFilter  (1242128, 0, ... ) == 0x0
 00610   404   NtUserPeekMessage  (0, 0, 0, 1, ...
 00611   404   NtUserMessageCall  (0x200b0, WM_SETCURSOR, 0x200b0, 0x2000001, 0, 670, 0, ... ) == 0x0
 00610   404   NtUserPeekMessage  ... {0x200b0, WM_MOUSEFIRST, 0x0, 0x140069, 0x7290, {512, 384}}, ) == 0x1
 00612   404   NtUserCallMsgFilter  (1242128, 0, ... ) == 0x0
 00613   404   NtUserPeekMessage  (0, 0, 0, 1, ... {0x200b0, WM_MOUSEFIRST, 0x0, 0x140069, 0x7290, {512, 384}}, ) == 0x0
 00614   404   NtUserWaitMessage  (... ) == 0x1
 00615   404   NtUserPeekMessage  (0, 0, 0, 1, ...
 00616   404   NtUserMessageCall  (0x200b0, WM_SETCURSOR, 0x200b0, 0x2000001, 0, 670, 0, ... ) == 0x0
 00615   404   NtUserPeekMessage  ... {0x200b0, WM_MOUSEFIRST, 0x0, 0x140069, 0x729f, {512, 384}}, ) == 0x1
 00617   404   NtUserCallMsgFilter  (1242128, 0, ... ) == 0x0
 00618   404   NtUserPeekMessage  (0, 0, 0, 1, ... {0x200b0, WM_MOUSEFIRST, 0x0, 0x140069, 0x729f, {512, 384}}, ) == 0x0
 00619   404   NtUserWaitMessage  (... ) == 0x1
 00620   404   NtUserPeekMessage  (0, 0, 0, 1, ...
 00621   404   NtUserMessageCall  (0x200b0, WM_SETCURSOR, 0x200b0, 0x2000001, 0, 670, 0, ... ) == 0x0
 00620   404   NtUserPeekMessage  ... {0x200b0, WM_MOUSEFIRST, 0x0, 0x140069, 0x729f, {512, 384}}, ) == 0x1
 00622   404   NtUserCallMsgFilter  (1242128, 0, ... ) == 0x0
 00623   404   NtUserPeekMessage  (0, 0, 0, 1, ... {0x200b0, WM_MOUSEFIRST, 0x0, 0x140069, 0x729f, {512, 384}}, ) == 0x0
 00624   404   NtUserWaitMessage  (... ) == 0x1
 00625   404   NtUserPeekMessage  (0, 0, 0, 1, ...
 00626   404   NtUserMessageCall  (0x200b0, WM_SETCURSOR, 0x200b0, 0x2000001, 0, 670, 0, ... ) == 0x0
 00625   404   NtUserPeekMessage  ... {0x200b0, WM_MOUSEFIRST, 0x0, 0x140069, 0x72af, {512, 384}}, ) == 0x1
 00627   404   NtUserCallMsgFilter  (1242128, 0, ... ) == 0x0
 00628   404   NtUserPeekMessage  (0, 0, 0, 1, ... {0x200b0, WM_MOUSEFIRST, 0x0, 0x140069, 0x72af, {512, 384}}, ) == 0x0
 00629   404   NtUserWaitMessage  (... ) == 0x1
 00630   404   NtUserPeekMessage  (0, 0, 0, 1, ...
 00631   404   NtUserMessageCall  (0x200b0, WM_SETCURSOR, 0x200b0, 0x2000001, 0, 670, 0, ... ) == 0x0
 00630   404   NtUserPeekMessage  ... {0x200b0, WM_MOUSEFIRST, 0x0, 0x140069, 0x72af, {512, 384}}, ) == 0x1
 00632   404   NtUserCallMsgFilter  (1242128, 0, ... ) == 0x0
 00633   404   NtUserPeekMessage  (0, 0, 0, 1, ... {0x200b0, WM_MOUSEFIRST, 0x0, 0x140069, 0x72af, {512, 384}}, ) == 0x0
 00634   404   NtUserWaitMessage  (... ) == 0x1
 00635   404   NtUserPeekMessage  (0, 0, 0, 1, ...
 00636   404   NtUserMessageCall  (0x200b0, WM_SETCURSOR, 0x200b0, 0x2000001, 0, 670, 0, ... ) == 0x0
 00635   404   NtUserPeekMessage  ... {0x200b0, WM_MOUSEFIRST, 0x0, 0x140069, 0x72bf, {512, 384}}, ) == 0x1
 00637   404   NtUserCallMsgFilter  (1242128, 0, ... ) == 0x0
 00638   404   NtUserPeekMessage  (0, 0, 0, 1, ... {0x200b0, WM_MOUSEFIRST, 0x0, 0x140069, 0x72bf, {512, 384}}, ) == 0x0
 00639   404   NtUserWaitMessage  (...
NtCallbackReturn(>)	1	NtUserCallHwndParam(>)	1	NtGdiSetupPublicCFONT(>)	3	NtGdiCreateCompatibleDC(>)	7
NtConnectPort(>)	1	NtUserDrawIconEx(>)	1	NtOpenProcessToken(>)	3	NtGdiSelectBitmap(>)	7
NtContinue(>)	1	NtUserGetCursorFrameInfo(>)	1	NtQueryDefaultLocale(>)	3	NtRequestWaitReplyPort(>)	7
NtCreateEvent(>)	1	NtUserGetGUIThreadInfo(>)	1	NtQuerySection(>)	3	NtUserInternalGetWindowText(>)	7
NtDuplicateObject(>)	1	NtUserGetIconSize(>)	1	NtUserEndPaint(>)	3	NtGdiDeleteObjectApp(>)	8
NtFreeVirtualMemory(>)	1	NtUserGetProcessWindowStation(>)	1	NtUserGetControlBrush(>)	3	NtQuerySystemInformation(>)	8
NtFsControlFile(>)	1	NtUserModifyUserStartupInfoFlags(>)	1	NtUserGetObjectInformation(>)	3	NtUserCreateWindowEx(>)	8
NtGdiCreateBitmap(>)	1	NtUserRemoveProp(>)	1	NtUserSetWindowPos(>)	3	NtUserWaitMessage(>)	8
NtGdiExtCreateRegion(>)	1	NtUserSystemParametersInfo(>)	1	NtUserThunkedMenuItemInfo(>)	3	NtQueryInformationToken(>)	9
NtGdiExtGetObjectW(>)	1	NtGdiCreatePatternBrushInternal(>)	2	NtUserCalcMenuBar(>)	4	NtUserCallMsgFilter(>)	9
NtGdiGetDCDword(>)	1	NtGdiCreateSolidBrush(>)	2	NtUserCallHwndLock(>)	4	NtUserCallNoParam(>)	9
NtGdiGetTextExtent(>)	1	NtGdiGetWidthTable(>)	2	NtUserFillWindow(>)	4	NtGdiExtSelectClipRgn(>)	12
NtGdiInit(>)	1	NtQueryDefaultUILanguage(>)	2	NtUserGetAtomName(>)	4	NtGdiGetRandomRgn(>)	12
NtGdiOffsetRgn(>)	1	NtQueryVirtualMemory(>)	2	NtUserGetClassName(>)	4	NtQueryAttributesFile(>)	12
NtGdiQueryFontAssocInfo(>)	1	NtSetInformationObject(>)	2	NtUserGetDCEx(>)	4	NtOpenSection(>)	13
NtOpenDirectoryObject(>)	1	NtUnmapViewOfSection(>)	2	NtUserGetTitleBarInfo(>)	4	NtQueryValueKey(>)	13
NtOpenKeyedEvent(>)	1	NtUserGetForegroundWindow(>)	2	NtUserQueryWindow(>)	4	NtUserFindExistingCursorIcon(>)	14
NtOpenMutant(>)	1	NtUserGetThreadDesktop(>)	2	NtUserSetProp(>)	4	NtUserRegisterClassExWOW(>)	15
NtOpenSymbolicLinkObject(>)	1	NtUserSetCursor(>)	2	NtUserSetWindowFNID(>)	4	NtGdiIntersectClipRect(>)	16
NtQueryInstallUILanguage(>)	1	NtUserSetFocus(>)	2	NtCreateSection(>)	5	NtMapViewOfSection(>)	17
NtQueryObject(>)	1	NtUserSetWindowRgn(>)	2	NtGdiGetStockObject(>)	5	NtGdiDrawStream(>)	18
NtQueryPerformanceCounter(>)	1	NtUserShowWindow(>)	2	NtOpenFile(>)	5	NtOpenKey(>)	22
NtQuerySymbolicLinkObject(>)	1	NtFlushInstructionCache(>)	3	NtOpenProcessTokenEx(>)	5	NtUserGetWindowDC(>)	24
NtQueryVolumeInformationFile(>)	1	NtGdiBitBlt(>)	3	NtOpenThreadTokenEx(>)	5	NtAllocateVirtualMemory(>)	25
NtRegisterThreadTerminatePort(>)	1	NtGdiCreateCompatibleBitmap(>)	3	NtUserGetAncestor(>)	5	NtUserPeekMessage(>)	26
NtSecureConnectPort(>)	1	NtGdiExcludeClipRect(>)	3	NtUserSetWindowLong(>)	5	NtUserCallOneParam(>)	29
NtSetInformationThread(>)	1	NtGdiGetCharSet(>)	3	NtGdiCombineRgn(>)	6	NtClose(>)	44
NtTestAlert(>)	1	NtGdiGetTextCharsetInfo(>)	3	NtGdiCreateRectRgn(>)	6	NtUserMessageCall(>)	69
NtUserBuildHwndList(>)	1	NtGdiGetTextMetricsW(>)	3	NtProtectVirtualMemory(>)	6
NtUserCallHwnd(>)	1	NtGdiHfontCreate(>)	3