Disk Activity File Recorder Utility. - Scenyx Entertainment Community

Rules

2 Pages

1 2 >

Disk Activity File Recorder Utility., aka. APILogger!

Options

PedrosPad	Oct 31 2004, 09:50 PM Post #1
X-S Freak Group: Moderator Posts: 1859 Joined: 4-July 03 From: UK Member No.: 47221 Xbox Version: v1.1 360 version: v1 (xenon)	BOO! (scared ya ) Happy Halloween All Update 04/11/2005: APILoggerV2 is now out - see here. PEDRO's IoCreateFileLogger - Halloween Proof-of-concept (POC) release. ---------------------------------------------------------------------- This short little program is extracted from a larger suite of utility programs I'm currently working on, but is such good fun to play with (in a nerdy way) that I thought I'd release it to all as a Halloween treat. IoCreateFileLogger is a little program that logs the name of every file an XBE opens during its run, in the order they're opened. It's fascinating reading the logs after running an MS Dashboard, or the MS EE, Evox, etc. It can even log file usage from DVD based games. For example – did you know that C:\xboxdashdata.????\adoc_settings.xip (the MS Dev credits Easter Egg) actually loads in y:\Audio\AmbientAudio\AMB_12_HYDROTHUNDER_LR.wav? (it’s obvious here that y:\ must be mapped to c:\.) It was believed that it didn’t open any support files. To install, copy the two XBEs into E:\APILog (this path is hardcoded for ease of release). To use, use xcommander or boXplorer to navigate your way to this folder and launch the appropriate XBE. Run IoCreateFileLoggerPOCHDD.xbe to capture the disk activity of any HDD based program – simply copy the program’s default.xbe, along with any support files it needs into E:\APILog\ folder. Run IoCreateFileLoggerPOCDVD.xbe to capture the disk activity of D:\default.xbe (the DVD-Rom). When you think you've captured enough, simply powerdown and reboot to your favorate Dashboard. The log file is written to E:\APILog\APILogCF.txt, and can be FTPed off for reading. Note that it’s erased ahead of each run. Source included. All built with NASM (all good code 'borrowed' from rmenhal's releases, all bad code is my own ). Enjoy, Pedro 31/10/2004 (Halloween ) Code is UUE encoded, so cut/paste and save as APIIoCreateFileLoggerPOC.UUE and use WinZip (or other) to open it. CODE _=_ _=_ Part 001 of 001 of file APIIoCreateFileLoggerPOC.zip _=_ begin 666 APIIoCreateFileLoggerPOC.zip M4$L#!!0````(`-:@7S&X"#I8;P```/$````E````05!)26]#<F5A=&5&:6QE M3&]G9V5R4$]#+T)U:6QD06QL+F)A=,M++,XM5]`M4=!-4TCS%/0S5?PS'<N M2DTL277+S$EU22W)+RW2`\E@$0;JY>7@YB`JL\G/ST]M2C`WUFO(BD5BPQ( MQ<O$$8XN;J$^@;@T:R;D9B4F93)R^7BZH-;&2]7DN?@G]HB![01'S`%!+ M`P04````"`"D7%\Q,JY6F!`'```"%```+P```$%024EO0W)E871E1FEL94QO M9V=E<E!/0R]);T-R96%T949I;&5$971O=7(N87-MQ5=M;R(W$/Z\2/R':735 MD89$A`(!44]0DB.AH,(2$_M4)FU\#>+;M;VYMP57]\9VSOLA`@J7125TID M['F?\3SCJ\YH"&?58J%8:,`U5U$BN`<+KN:1=T%[T!L-1\W1PQ`7S?L.=6 MX$SQ&S_@)4T`</^QV;ONMH'V/K+0"WC9GC1;K?9P./[4'-ZA=.FC\;K<BE3 M@OO^U6_MUFC<'(T&G:N'47L(_<E7[JJF4L?)(JO2#O]L3%E?-7MM^[0E%B MI%70>1^RZBZS<%M>]SIC=JW[0$T`SQDRH_"H?]W9M9#M]^[U>:^5&/.AG,F M^+JIYL!X?^W+.)(^R=UVW(_I9(/S4^1QO7'8H'#C\O'?22WU;]N@_E^L&R2 MWO0\@<'@$J(IW'$1\@#X,HZ$DB#X7PFE]@0)CT_/X1+&8W\1C\<]M2J6#V?G M^KB:/_XL_/2T2J?U-=X@DOQ#C?9KSB5\318QJ"@]SQ?BAUJ%K(1(S.!=O8+? MM(([6"V#D:YB/Y1)[."BC!%G&`93[YC@=4;+A-;FD-.5)<[]0'I4AX?L@" M.#\_A-(Y"L,B@F<,R/RP6'#B1,XI%7P2XZ]%]`3V5QFXC!W\&M"+%`<UYYO M&S@5T676A<)D@6'&DC%W&]&[4_D(P\]<DRX(G-T+N\2)-#O-S(3U6HS6.> MXQA#)'OB)$]Q(G1<%@3.A$E.I\4"K2Z<.(H=--]R3'W2AO+2ZX5L7Q>Q(^<8 M`#)2^6'"K3(2^K,?ND'B<>>@&\W(F9`M^`F3BX-BP17!=B$XTW@7<4KXS_F MI:U!MT;B)DOBH5V_Z8_G4JN',?SH))2X#;Z3?MH:B<TX7)(6$;2#'#3HVSO M".NO,`W8[`1#Q(CATF/!7_BH<+2=A,A?0P/!<4/9R>'Y$W>P0N&+I.F8`O M&CS(IC"MUC69]4R!!WSC%GTTBD@J,0XQ9R)^2,]E0BPE%DKE>QH.MFCUR= M?#C5&>0#EYW\T#[B0X\T\7SPVET01EV`LX<SI9EK8:VI\B`Y6,4F0)VU@Z/ M:M8(9-.>:3UP-1P-8&K3JXNI@6Y)+DR!4<$R"K%4D<`J!5.B"#H2$#@`BRP) M=!DZMDC)+N?3Y9E?7<:NG7#7$.-5ICW&22?LK4Z>L:3_1MV.YRYJ^6HL-; MJ\RW#`I375XF0X#7L`R6'&<DIK[$GP9OE=PGK^UP.(84294P?<R^.J]A+-? M:M@`L47J<UUIC17^YIJI0=Y=N/LZKX9<]^"N&_`V]UHNP-K]R+M%IRE?0+5 M7&K.JW-]\[=2YU-X]I(NIW(/;<[JEI>F=N&L\WE=5F&;F_TLK3OA6[/R$9 MO9?1OY[IE,E#Y/PV$\)/<F/QGKI.'`,M^U>>]!IC3\/.J,V_`/#/WJMCX-^ MK_-G.],]6:8`\D7#+\X#CP1UN>U;>$+7ADXHJ5S6CVJ']404A%0UKM$UAV. M`:$E"1"TN<9`Q;`[QXAYV),AC#2N87MEX0POCA5[5H52(@W0&\"#T@KJ#O,( M>:@9T`2C7L;,Y9#R$H\'W\S0DX?55!'RD<NV@0/#64D+)'`/X9F_%X3P]$O# M"!=X]\4,83S$Z>GB$![7^A&%!6Q(CG`XQW\U^U=_I,1,DNF4"X(IW<9QW',R MO,1^Q%N&XR>7_(8@#T&6\Y"VA3H:M,C2-:S2:K@-->9Y@9D$^:+1^-@ADB M31RA9+3@A7PM_2UEIU-+F3W95'-4>]1Z4AVH80U43K3MF@7;+FR:MN8+J'R MP%\S15T<>Z2CN_4[O(;_!P=!6EBX"5QX.N(K#%"B0[M6E\3;-R(USA)/OMN MEMD@"F>4]5T.D76997K$TW[E`V&O#NAI(#<=$SN.39ES8-#5H<:'Q08,:(0J M%G!-BPM;3GKB3"'.#ED&X9Q<&3$SV>>#6EW5$UM$"=ZTM-9V69@.H&2-L66] ML:`)R\>-SE"WC8'BK^F1&9M=;.:E&M;_:=48(3BZ([=.$&DUO#HF5;0D-R## M_\NDM#Z446AQ2$E'9V,<F9;G_^/YX9,)N:!@>$S(\OK#P(]L?)T$5JW:'W MQ<[GA\?MZS6??C./='I@)Y+U;W,^V477UB-W_W[4Z?>:W8R64]YWQH/^@^C M3L\R-6-W$"4XA/,M#+_W.]<;LHFAA5,[7VYJ0DO@16_+</.+ME7^B9E-`;] M-[ZN[A\K.>O(;^5@4LT39XM3VZ3>\>\9I1Z!<CFA4EU&PN$NCLWNTJ875Y>5 M-PSF]$;!HA(VQH04P9YIW8"_F\['8&Z]>3)D[S;;>QH6GU;B\.%E7G#F"E"+ MLYW4#D#ILS,'"ADSL`EB7JH8O]7\\[)YI7.\)=A`TI7"5,+V`<M=[E_N[GFG M5=/T<HUSL_'5-WK>@F[VA^Q9RI?Q+M,\6A`$GN$;-DA\@GZ_R]02P,$%``` M``@`BZ%?,="^K<L)"P``7QT``"\```!!4$E);T-R96%T949I;&5,;V=G97)0 M3T,O26]#<F5A=&5&:6QE3&]G9V5R+F%S;:59;6_:R!;^;$OY#Z,H5Z3;$$%" M:`K:#TF`+;MID@OL;J66&PWV`-,8F[7'"?37[W-FQL80!ZWN4B7%<\Z<.2_/ M>1FGW6Z[[7:;W42+I0Q$BQX<)^3)XH55%:M.V42&K!JQ?G03"ZY$#UP=H:(T M/B5R3+V;DG9WGL;S68B/EU-1-FRW:M5^DW$H0B8KZ7<,:4\.:A_"L5C/M\ MJ83/IG&T8#<Q_[%F=US)$S8<'CUF:F8RQ#BM"SWZ_W@%U9;U6OXC-VOU_W1 MD)V?C5W7;;,OUUWVJ7O5Z0[8P]5@QK_XN.Z_H0Y%8C\5'&57(C$T:<R+->< M-HM%(N)GP6AILE8B8=,H9FHN&'DC$1[,5&N6R%G(51H+E[WQ:;/17"8L"H,U M6W"E1$P/>B.<`F&5A+W,I3=G?^41<)XJN91+!/L:[V#`3YSK<?-<$9_[ M,``'39E<$D`KV4MBAS'X)8YH+[(B:>[GVO>G3D.!M:MMWL@8P/EZ_(!0&U MU?FTWO3//0&F$=S.@`-&RJ^6)+&CB=B]6CXP7&#)SF5'O%<69V/ET%FD\3 MH6"E59T.O4L7$Q'3L?"_1A`1[?>-T"$68JQ8M9),\H[@C=Q^)7D@4PT+%DO MX#,M^5B$EX_+B,9KCEO77V._8_..+JLG=S\>'JVMD3LR[M9WH_._YR/V`O M4LT+>]_MV?L3?=@?`@+D8AG%BD-(%0@$F%YD$##`$+G&M(Y[Y)C3";S$[46^ M@!0#.$@B0$^V$;-'%DF8H@`0-T"H(KV?>RKE@2$8[YYJ[XYNA^3=T1R%PV=! MY($I45%,B/%EC"A%,,X>;,)1V(K4=Q[@L:+A50E9$1WF:7I6V2[V2W0[V,Y MDR%49I=1D]V,N`5@S<7WE.2+E[A/N>@NL)\`G>B$P",OIBDLR57<_!UZ#NC M!Q;RQ98R.9M&^`\B:R..GW2A?53S-'QZA<F+ZV:G4;MN.OM`:4NUR5PM)S_X M[4U_"D;XI7!'F7499"RHL\,+KKJ+PNI3=AQA>&_<-^D=R$G,P?.,[,W2W#+= M[I"H:O),F"AR6CMW9)6<^^7JH;^739\;S2T5[4`JK9H&Q\560@\>]QY%RDF M0R](8TX<F.ST[09I&8"ER&CQ(K3_WN$\=`W%2%1]#M.0QV2,49ZH1-\/\Z M2I$+:>"C7%`)V"<-.<4#-"LOBC4:/U(,9+#ETLTLC7#S4A5QLC6B@J9(>B M\'%$8C$)J/2FR+%#V]//+QKC0RH:+6SD/":T4QF>@R8G?Y$)E]J88"^AT MFE%.M`YSCM8,21#?8J/^Y^[0M;J\1&2XMU)5N#@.0E0;`2J.5=,(,AK.G=F MAA+M[@!#"%5$O:%,:L87&:#R`WW<&HW^O?7(WZ]W?_8@1QW==ZL\XUJR$& M_0K,TUZB@L5O$?A-G`A<0HDS-/>',#'B%@Y5&G[%=3C7E!2T&AA9:="MK MD[Y7KV;MHU4>57^"AU_DV0CJ0#F?B>?M2[R4<N0=`4,4P`8(]("!89FQD31 M,)GO:>1[K@)E]IDC+JD&UGH]30FB%VS]+'S)B]3:!U!_H5,&8F;UKNK^;Q9A M#([::-R1R9.M28556Q\(V.FTBTO6QUF`R+JT;ILT"1+P3Q->S>:%29(7?X M[P;<#%Y(NQUX#>5"!CS.^C<-M!1S.R^=O(+?'G@E\%D@LGG,2B#!9A`PQV=X MU1C<(XPPZ$=A167Y#3!N3W<9'A%+"D8^J65<]4<TVE@1[0\9Z[$D'RMCL1"V MP6C5@..L>9((&GUWQ6@IJ8(40G[)030L0PV:?/2<96R/^8NN;F^+S1IR)EQ M420`9GB8,H92[6>7)\MYTH[W$.FWZ&GMU[2#RVB,2/E2/6;<VY#--5EP& MNV0#T3.+3^+3O;E3"1ZF,J&DY;K:'96;VIVUTPJ6/9?6&55.:E,\./C1^#G MN7)2HW^N"_5:P`%N%35\/\N_NT4?Z-4)JYQBJ[(B5N:[%H)\J=S_/F`W]YUN M!0^C3]T\@?[LLDZWU[_K=OZ_'"+A^MIF1V0=-XH$3<!6R=/3$I+NV=A,318W M6M97V8VCV$U(+%<6?IL^@(=BIF[<88'3TC'3L\%<%W$D+K;I:QVD`]XT6+W, M18A.C'3QW<(%!D'YOE@ZH4#B:VFNZYA&W'"+0V7+<7\3`XY;9C_^QA%G:5W MBX894%`+Q;3&WK/ZV4?WM^DMRFU,O&4<S;I;?',`"QQS)Q!0%S.OD3`#//B M0/BG!Z^%-)L'[ITJ""GAJ7^L@>=/W,G?9#D[;Y8($K)5Q^`+DC`F%%E!UR MX7Y>4(.A1GP3A4K.TBA-/FO'PW$E]M..!^H9B?I'&SY<NI]X,!!H&>$HZLEX M\8()MXRU\=&]Y6GHS=%O^0/&M'(%&JY9);<+3(I43CC&+!+8PKD-MQ/9F.2 M7-60U4:C3#T:;"Z3B"X(_CJYL,IQ$MH2V/X<)%].SD:^\;XQ,PT3&>#A6[ M'HX&6@)E\X$^)WNK8JYV=`/S\RLAA8>=<I$3[3+:)D&$'-0<CX=ODR3N4-O M9EBC-L^>P;5%JN$IIR5+4N[A_OI75(G'J]%HT+_^?8348^Q^\AVI=J4P;J!% M08-C,Q<EU(R:F;KZ-1#&7P0DU.U,JDK"SG]JL)^1"X;^#L?AHAN@`D:QS[X6 M(35V$2$46E+E1.M7/S/Y$(.'KJ.VH.SZYH`VZHF$(L?LE2J9<S]Z88.KSVP9 M8P;7M6+[]-),'F^<A:!X@321)`][<:U`=!`'O8S)JM?%3V]N6,%V8G9O-IYG MI'--<EXF,GSV==0?;"BU>?8BJ#&8OU,SZ6_>3IBQWK'X,H$OIG^&/.?KD0;Z M%%6SWK3@<]KD,H%!8SH5\8Z,O#R4BCC[)R)T^2C;?OG&[JW]Q5)(0@@+FM)T M;&'$"O!FD%8E5R1/<LFB9V'\)$/D#PW&.7TH%.&>E&)1HT=C;ZGB_SJFFOE MRY-\A\TTH%-"U<%_Y\#A.%_T5ODBRDBU0(\%$@OBDHFUPHN6:V893`+2.S; ML"S06I>"_O@.6RVN"05%!5^Y35-X<')4$Q^-V\@=T5+$`"SHL#?7A1GCR7G; M3'E4<$3&29U\UT.3U<9#CBZ55![-F\(-KTZZ&QYX&NB_PCSBS1<HP;'EV43! MJNB7JUAZ@/;A0!C.??E_\(]R$L759'@QFZ&4S&C>:J>0;-K\&,H$NO'@XD`] M1Y]'F-EN1V-+001I0K&E@_SY%=R@`N-/^,'PTGXPSFE$>;)S4J0+[>5>+OW MCC?"<[/T?K1B(6JQ=90+YYBODU6N^>]T;G'[L8VO6L5Q09+V>&4+@UM-&6' MCC;V@,NQJZQ:0'5>J;N9&5[J&M;'F&?5B_'=H&<_.6Z^X#1>X@67#1GLWS; MO2L$D8[7N;EE_-FVH243Q]@]1;=MZ9D1TR82@YY==Q?C4/?G;O^!\2E=?H[$ M1W+(SYT-AHMEKD'(3R=.%BBG70![%6+>7VQEYF2ERXLZH'E\NI8T6+?8MXYX MEI[X]HG'OH]+>NW;`Q)7DHPS</@;CAL_CA8UK(F]N^HD?2]'$QRKO1SGX%CO MY6B`X\=>C@OSBLG&T7'H]K-MRC=?3'D:/J3'Y!5#P..ZWBZJ'[EH0RP[]= M/?1OHUF9V&ZKA%B4#IPYXJ^4'54W:Z[['_M:TSG$UIX=_NA/A8<(HNT)&+_! MA5KD');_I1\FU;3HNB_]0&J]=\?]:_N78?=]_2%T"QF-YQZTW6[]S<M=W0[ M;&WN6Y?ZFK6J$;'7<O\&4$L#!!0````(`'&A7S$R-OA@E@,``)@2```U```` M05!)26]#<F5A=&5&:6QE3&]G9V5R4$]#+TEO0W)E871E1FEL94QO9V=E<E!/ M0T161"YX8F6+<'+U</N[B[^'[>:<#>)F"R;E#1X"?SU3"IZW7S0:5"S\F. M+$:S.YM:`M)>3-^6[/MO:3+CM#"."9\WWC7V=UJ[_N76TS4U";H+=J^6SIQ1 MM571O""UJEOIO>4A@\9(&6N_K1Y%#KS"I][OM+98>FSE%76F&;97=+_FY=LI M]S,+_U,Y$-AW=;X;FU>E]X2N]OM<)R]8\R_)2A7_3Q[DL=FO<6K_NJ%LAQ M5W=FNNS@7AFS_#'?5%;!BRV[%`G;[T^2:']NO,+[^0]<KUS;E3GO'D8_R9M M[JL5(EQ[A"P2OC>S97S:O\&[>[_/5/:M%SX^S>JL?OWL<8N8WKGJ5-S>(V_ MOJS)V'(\>0V?P#,[!@9&!@8!!H890@P,%4#FN<MB]A6,C"!1AA!F"+W:_>^* M!B$0"SL`Z>D!J@7A.4"\+R`G&J=B(+@#M0>?FH$"_QD8&MB!^#\0$%8]"M`! M.X@08&28P<0`25=`>@LS).VL`=(;@#AAHT7/D<.O>,_5+O9:<'5SKL^A<^_0 MS:E@2&)(84AE$,3URM)K2A!5SP1L$H&`6C8!2,@E$P"D;!!@%!,!+8R`Q M8<$1F!_;R$0.P'Q/B!^`\2[@?@P$"\%XDU`;`C$2X`8I^7-4B0D6%Q.Y#H M96T&DED.`5D,(?]%%8`=G^8C//]%.8",@%_\"@<"5/____>?7^D`O\(-?J4; M_)P+18!2BS_P`6V4`+&^@%@R(-8/$$L`R&)E`]JQ^`^0NY^!GZ&AU[0;9!'O MZ#HYR7=MB`E&UZNZORQ&R3[(@4HO!IF>@30IM^1_T5Y@&JZ30V`Y'Y0)ZQ; MKO5V7?X?U$5H$CGX4ZV+,;PX/^B&B#>?<,#.QE8@$:O;N;^W^G,TEO-T6MJ M#O4=.3G)5E,_T5U@,I>_V,%JF'0/-QYXW",2VI99G)JC'-47ZN04Q:EIB M:4Z)7D52@-,RB.Q"4ELSC;("8@L:@DLR0S/\\PQC'`TR<_'4HYN^F5`#MR M!D`(`J&=3Q->@!BQKQW(-H27"TPUU#HQ\+=F`UG'7)T8>UV9.UTM`CH?!P1T M/NMU-0''5>?SK0LYBSF#%!\9C&$A6<`.ZL.P"`!14ROBXI'-T.W`TNW1>-S MT"@`D/E"$Q3OKC;[0=W:%S)`XK_Q?U%0E#4?D0!:PY#8^,8!)HBC?#DX'_ M2^U"P@/"`@,#00J_@!5R,-;:'9Z```PX``!02P,$%`````@`CZ%?,5"@-R21 M`P``J!(``#4```!!4$E);T-R96%T949I;&5,;V=G97)03T,O26]#<F5A=&5& M:6QE3&]G9V5R4$]#2$1$+GAB98MP<O6HUCHW8?-9P>.U-V//7&R8>&5JPS.Y M<QE+ZJPN\0A[]RR)NZ71=/U\4_7^9QX/K@BO\E.THPMV)EX9'N<]26QF-ZI M`JD/V";.U@L[D%3??:UNVZT3ZFE7:'J`6]6%6\\$E_`F-O4^?OV')\I8:?> M?,^2?;108%NCETNA>EO`5Y\I[)NF7OFX646OK?W'I1_;F6;:.?8W]!F(<WJT M3EYD7[7^"F_7W8E6YS3L13//Y9X-:EW)=[]L1U_)K;.E'U9-4.S_O+&P.W'B ME2G4SJ#-0^'L22&LGWN<9UB^[8Q,>;9C4]QY\L.WBU1$2M)VB&R^7;>\[<R M2Y+7UDQ=R[79044R.YE#@.WLJ>^!R_48&!@9&`08&%8(,3!4`)GG+HO95S`R M@D090I@A]&KWORLF"(%8V`%(3P]0+0C/`>)]`3G1.!4#P1VH/?C4#!3XS\#0 MP`[$_X&`L.I1@`[8080`(\,)@9(N@+26Y@A:6<-D-X`Q%;77YB?^?A1^7K8 MQ3=^?`YGO_WEWX!N3@5#$D,0RI#&9JX7DEJ10FZXE$P"D;!!@%HV`4C()1 M,`I&P2@@`%X:`XD)$R8T`OM["X'8"8CW`?$;(-X-Q(>!>"D0;P)B0R!>`L0@ M?;VLZ8,#(OG`(E>UAE`,LLA((LAY+^H`K#CTWR$Y[\H!Y`1\(M?X4"`ZO__ M__[SQW@5[C!KW2#GW.A"%!J\0<^H(T2(-87$$L&Q/H!8@D`6:QL0#L6_P%R M]S/P,S3TFBX`6<3["BCZ>4FW+4C)AI>K.G_L!LF^2`$KX:9'@&TZ7?D?U$> MH)IN4P,@N1_4">N6:[U=RAW^7U0%-)YN),MBS$\^+^H!HAWW_#`3@86H-&K MF[G_=SJS]%9S])J:@SQE$/EY21;3?U$=H++7_UB!:A@T#W?>.!SCDEJ6F9P: MXY%8E)269QM$!.06%22699GV<8XQC@Z9.?'I.2FI98FE.B5Y&4RD",>@CE M[97`NS=&0`A"(1V/DUX`6+$OG8@VQ!>+C#54.O$P-^:#60=<W5B['5E[G2U M".A\'!#0^:S7U00<@9W/LYRF+.8,T"1G,40%IX![,$Z`,,)%%N]+BH>W0S= M#BS=%HW/04,#0.8+35!B<+79#^KKOI`!$O^-_XN"XK'YB`30&H;$QC<.(%%5 M4&0:G@S\7VH7$AX0%A@8"%+X!:R0@['6[O`$,&#``0!02P,$%`````@`I%Q? M,6T=M@2.`````0$``"@```!!4$E);T-R96%T949I;&5,;V=G97)03T,O3&]G M1FEL96YA;64N87-ML\[,2\M/R\Q)+2XIXDQ)4E"/<4DMRTQ.C?%(+$I)R2S. M-H@)2"PJR2S)S,\SBG$,\/3)3W=VTRNI%'7,>#E(D&W(50WNB&<G-82JY6 MV&25$!9PII0KJ.@B6:=KJ(,NP,O%R<F9DJ)@H&"M4)"?F5>26J10DJ^`I$9! MHSBU1"&Q1&H-\D,S=5DY<+`%!+`P04````"`"YIE\QTVN)E,8#```+!P`` M(P```$%024EO0W)E871E1FEL94QO9V=E<E!/0R]R96%D;64N='ATK57!;N,V M$+T;\#_,S3'@>)-M3]Y#D8T<),`F&R39=@L8""B1DMA('(&D;.LW<MCO[1O M;HK=HNBAA@'1-&?XWILWH_MU]O!Y%NB&+[U1T5S9QGSBJC>3NE:-0WOC'%T M[YG+4WP+=H7I(IW<?[Z<DS>-4<$LIY/3_^4SG4PG3[4-%&KVD1H;8V.H\UQY MU1+VS3YZ542CJ?3<DJ)&><$:>AL-<4E]M(@:CC$@-FNIZ+TW+C8#[=B_6%<1 MNP7E?924H2]JJIB1LG<4F;I&X:"--9U8ARN<\1H;:IA3K%6D&SRXKVJL9OHH M`=DHL1",5$#0FW11=%W2A-R_R"SE>/?,4WW-%P%K`PYU29N9FO\0"5"23GZ M^G%-W!D72/=>.-D8R/<@!M02QEXC/5;#JS?IJ-%+HIOX&JA4H;!.18D#("U/ MB4EWJC(B$F<;..JVT?5AS5EXOD#<=Q>9ZO:#UEO<+,K%(J:G`<>!TDFF$ MV@=5F;%<V:\9Y1!+4P584D?YB+%3:O6H[G/Y&VFH:N<7Q[M1B,O59I_S M7@."5E$M?\%GHS07S\%$H1"6>]LA]``K,ULJO-$BR%H%(;.N02(/:HR`)K2 M`2I-)\-J<]%KRYN+-K=PR.''[<?G\_?/U[^C-9ZNO]QEZX?G3P_+G=K"$:(> MYUO+?:#:0-@$$8FH[4.DW%"KN@X4X89BM9F/LNQ@BMPT%M+H,0)^`5/W&E-E MH/(`)W:=V%YD"\O4"PR8(0+U@@KNAL0P[EB+PQPQQH4[F_@)3I)G=,I&!?/ M&K4J6$NGB+QB45CHX-9YROX%>_N"VU8Y."45-N>O7<->?,/PW=96,N4PTL# MR&:42TINQ%N(0P/V#@TDP,#;<^>MA`!@NN,!/?6CZ3$\KK-LN8=:(I/J8I^4 M--`DO$BE[%:Z&(A%&)P]^.;8(-\H6/AE>%/E\`^JHTVI^B9]@4:DN'AU,T_ M2"PU<,;H[Y7<'/C].P&8^3\1R%:;OR&B$SF$V-,';L<R_%:C_N)X2.M>9#7; MFF-.3<;)L%D<"7>8E[SSB7UO<F9T^1)-2K5EKW(_U>[PGY/8U^/W8CB[3R& MC4FC[HWR^+B\6L9]734TLG`>_5T#Q!<ELE'AUF!K'<<S=')$-WX5!]5XT": M50JFP`A)#!^!K<#=KFAZG8;0!>9DWMLFCJ6YNWB\Q?M&IF>:Q&)<FN7L/=CJ MV3@]?&M<K1J\K`XN#HL4D:M#0`N]H<LJHU'8M?N#AX6LIA.0\#R=_'3^[OSL MW?NSLY_IY&U$?Y@3!M&?4$L#!`H``````%FG7S$````````````````9```` M05!)26]#<F5A=&5&:6QE3&]G9V5R4$]#+U!+`0(4`!0````(`-:@7S&X"#I8 M;P```/$````E``````````$`(`#_@0````!!4$E);T-R96%T949I;&5,;V=G M97)03T,O0G5I;&1!;&PN8F%T4$L!`A0`%`````@`I%Q?,3N5I@0!P```A0` M`"\``````````0`@`+:!L@```$%024EO0W)E871E1FEL94QO9V=E<E!/0R]) M;T-R96%T949I;&5$971O=7(N87-M4$L!`A0`%`````@`BZ%?,="^K<L)"P`` M7QT``"\``````````0`@`+:!#P@``$%024EO0W)E871E1FEL94QO9V=E<E!/ M0R]);T-R96%T949I;&5,;V=G97(N87-M4$L!`A0`%`````@`<:%?,3(V^&"6 M`P``F!(``#4````````````@`+:!91,``$%024EO0W)E871E1FEL94QO9V=E M<E!/0R]);T-R96%T949I;&5,;V=G97)03T-$5D0N>&)E4$L!`A0`%`````@` MCZ%?,5"@-R21`P``J!(``#4````````````@`+:!3A<``$%024EO0W)E871E M1FEL94QO9V=E<E!/0R]);T-R96%T949I;&5,;V=G97)03T-(1$0N>&)E4$L! M`A0`%`````@`I%Q?,6T=M@2.`````0$``"@``````````0`@`+:!,AL``$%0 M24EO0W)E871E1FEL94QO9V=E<E!/0R],;V=&:6QE;F%M92YA<VU02P$"%``4 M````"`"YIE\QTVN)E,8#```+!P``(P`````````!`"``MH$&'```05!)26]# M<F5A=&5&:6QE3&]G9V5R4$]#+W)E861M92YT>'102P$"%````````!9IU\Q M````````````````&0```````````!``_T$-(```05!)26]#<F5A=&5&:6QE @3&]G9V5R4$]#+U!+!08`````"``(`,$"``!$(``````` ` end This post has been edited by PedrosPad*: Nov 10 2005, 11:25 AM

DaddyJ	Oct 31 2004, 10:46 PM Post #2
X-S Messiah Group: Dev/Contributor Posts: 3919 Joined: 8-July 04 Member No.: 129500 Xbox Version: unk 360 version: none	sounds interesting, Will be checking out. Thankx

Angerwound	Oct 31 2004, 11:06 PM Post #3
X-S Freak Group: Members Posts: 1718 Joined: 16-January 04 From: Hell Member No.: 92487 Xbox Version: v1.0 360 version: none	Yup, she's a fun little tool. Run 'xmtaxbox.xbe' through it as of yet pedros?

PedrosPad

Oct 31 2004, 11:52 PM

Post #4

X-S Freak

Group: Moderator
Posts: 1859
Joined: 4-July 03
From: UK
Member No.: 47221
Xbox Version: v1.1
360 version: v1 (xenon)

QUOTE (Angerwound @ Nov 1 2004, 12:09 AM)

Yup, she's a fun little tool. Run 'xmtaxbox.xbe' through it as of yet pedros?

Sure have

. But the only results I got were

QUOTE

\Device\Harddisk0\Partition3\X\\default.xbe
t:\$u\contentmeta.xbx
\Device\Harddisk0\partition0
T:

Not fantastically clear

.

I'm pretty sure T: is mapped to E:\tdata\[titleID]\ (and is only referenced due to a standard XDK startup check). I'm now adding the ability to log the symbolic link creation and deletion removal calls also in order verify this.

PS. fyi - The DVD-Video demo of Star Wars BattleFront looks like this:

QUOTE

\Device\Cdrom0\default.xbe - SWBF's demo d:\default.xbe being launched
\Device\Harddisk0\partition1\
\Device\Harddisk0\partition1\TDATA
\Device\Harddisk0\partition1\TDATA\4c410012
\Device\Harddisk0\partition1\TDATA\4c410012
\Device\Harddisk0\partition1\UDATA
\Device\Harddisk0\partition1\UDATA\4c410012
\Device\Harddisk0\partition1\UDATA\4c410012\TitleMeta.xbx
\Device\Harddisk0\partition1\UDATA\4c410012
\Device\Harddisk0\partition0
\Device\Harddisk0\Partition4\
t:\$u\contentmeta.xbx
d:\dashupdate.xbe - always launches d:\dashupdate.xbe!
y:\xboxdash.xbe - d:\dashupdate.xbe opens/checks this to see if an dash update is required?
y:\XODash\xonlinedash.xbe - d:\dashupdate.xbe opens/checks this to see if an dash update is required?
\Device\Cdrom0\default.xbe - after dash check, reload STBF Demo
\Device\Cdrom0\default.xbe
\Device\Cdrom0\default.xbe
\Device\Cdrom0\default.xbe
\Device\Cdrom0\default.xbe
\Device\Cdrom0\default.xbe
y:\fonts\ - SWBF Demo SFX XBE checks where the fonts are located
y:\fonts\XBox Book.xtf - SWBF Demo SFX XBE checks where the fonts are located
y:\fonts\Xbox.xtf - SWBF Demo SFX XBE loads in it's fonts
y:\fonts\XBox Book.xtf - SWBF Demo SFX XBE loads in it's fonts
\Device\Cdrom0\default.xbe - source archive to unpack from
\Device\Harddisk0\Partition0
Z:\ - unpack \Device\Cdrom0\default.xbe to here
Data - unpacked files being written, etc.
dsstdfx.bin - unpacked files being written, etc.
_LVL_XBOX - unpacked files being written, etc.
<snip />

This post has been edited by PedrosPad: Nov 1 2004, 08:28 AM

eh.	Nov 1 2004, 01:38 AM Post #5
X-S Genius Group: Members Posts: 1000 Joined: 16-February 04 From: exploit related treasure hunts; finds re. MAEEE, UDE2 + "UD-eh!" per UXE, UEEE, UDDEE, UDDAE & Ndure Member No.: 100273 Xbox Version: v1.0	Awesome work Pedro, this is really useful (and the symlink tracking will be a great addition for sure) eh! (Regarding "d:\dashupdate.xbe opens/checks this to see if an dash update is required?", it's peeking at their certificate Version values eh. ) This post has been edited by eh.: Nov 1 2004, 01:39 AM

crackh34d	Nov 15 2004, 03:18 PM Post #6
X-S Enthusiast Group: Members Posts: 11 Joined: 5-November 04 Member No.: 163774	i just stumbled onto this and its a great utility. i had been wondering when sysinternals style stuff was going to show up for the xbox. anyway, thanks for sharing!

PedrosPad

Nov 15 2004, 04:12 PM

Post #7

X-S Freak

Group: Moderator
Posts: 1859
Joined: 4-July 03
From: UK
Member No.: 47221
Xbox Version: v1.1
360 version: v1 (xenon)

QUOTE (crackh34d @ Nov 15 2004, 04:21 PM)

i just stumbled onto this and its a great utility. i had been wondering when sysinternals style stuff was going to show up for the xbox.

hehe - I'm a great fan of sysinternals, and I'm currently working on duplicating a few of their utilities for the XBOX

DaddyJ	Nov 15 2004, 05:38 PM Post #8
X-S Messiah Group: Dev/Contributor Posts: 3919 Joined: 8-July 04 Member No.: 129500 Xbox Version: unk 360 version: none	Yes, we use there software quite frequently.

PedrosPad	Oct 31 2005, 06:57 PM Post #9
X-S Freak Group: Moderator Posts: 1859 Joined: 4-July 03 From: UK Member No.: 47221 Xbox Version: v1.1 360 version: v1 (xenon)	BOO! (scared ya ) Happy Halloween All Hi all, QUOTE(devz3ro @ Oct 27 2005, 01:41 PM) He turns 1 on October 31st this year As was recently pointed out by devz3ro, it's APILogger's 1st birthday today. Angerwound has initiated a trend of releasing closed-group utils as the XBOX1 nears the end of its operational life, so given this occasion I thought I'd follow suit with the completed second version of my APILogger (well completed as far as I intended too anyway ). This was completed at the beginning of the year, but it's a little trickier to use, and less stable, than the version 1. Whereas the first version only logged calls to IoCreateFile(), and then only captured the filename and not the other arguments, this new version can capture any/all calls an XBOX application makes to kernel functions, along with all the arguments and details. I'll release the binaries/source as soon as I can, but to wet your appetite attached are both a detailed report and summary (contains only calls that take strings arguments) report captured for the XBOX!Live Arcade CD-Rom XBE. The sample detailed report is very likely OTT on detail, but what is logged, and what's reported is fully configurable in the release. The first column is simply the record number. The second column is the ID of the thread making the call. (Useful to undo the interweaving caused by multiple threads (Simply import into Excel, and sort on column ) The third column is the memory address the kernel call will return to when done - useful when you've the XBE disassembled in the next window! Summary report: QUOTE 0x00000000 0xD00082D8 0x00025A73 NtOpenFile({"\Device\Harddisk0\partition1\"}); 0x00000002 0xD00082D8 0x00025BE1 NtCreateFile({"\Device\Harddisk0\partition1\TDATA"}); 0x00000003 0xD00082D8 0x00025C9E NtCreateFile({"\Device\Harddisk0\partition1\TDATA\4d5300c8"}); 0x00000004 0xD00082D8 0x00025BE1 NtCreateFile({"\Device\Harddisk0\partition1\UDATA"}); 0x00000005 0xD00082D8 0x00025C9E NtCreateFile({"\Device\Harddisk0\partition1\UDATA\4d5300c8"}); 0x00000006 0xD00082D8 0x00025D87 NtCreateFile({"\Device\Harddisk0\partition1\UDATA\4d5300c8\TitleMeta.xbx"}); 0x00000008 0xD00082D8 0x00025B1E NtCreateFile({"\Device\Harddisk0\partition1\UDATA\4d5300c8\TitleImage.xbx"}); 0x0000000A 0xD00082D8 0x00024745 NtOpenFile({"\Device\Harddisk0\partition0"}); 0x0000000D 0xD00082D8 0x0002613D NtOpenFile({"\Device\Harddisk0\Partition5"}); 0x0000002E 0xD00082D8 0x00025A73 NtOpenFile({"\Device\Harddisk0\Partition5\"}); 0x00000030 0xD00082D8 0x000268FD NtOpenSymbolicLinkObject({"\??\D:"}); 0x00000031 0xD00082D8 0x0004D157 NtOpenSymbolicLinkObject({"\??\D:"}); 0x00000032 0xD00082D8 0x00024BCD NtCreateFile({"Z:\categoryvideos"}); 0x00000033 0xD00082D8 0x00024BCD NtCreateFile({"Z:\offeringvideos"}); <snip /> 0x000010BB 0xD012FEB8 0x00023120 NtOpenFile({"Z:\categoryvideos\7.xmv"}); 0x000010BC 0xD012FEB8 0x00022C04 NtCreateFile({"Z:\categoryvideos\7.xmv"}); 0x000010BE 0xD012FEB8 0x00023E3D NtOpenFile({"T:\$C\"}); 0x000010BF 0xD012FEB8 0x00023E67 NtQueryDirectoryFile({""}); 0x000010C0 0xD012FEB8 0x00022C04 NtCreateFile({"T:\$C\4D5300C800000001\ContentMeta.xbx"}); 0x000010C5 0xD012FEB8 0x00022C04 NtCreateFile({"T:\$C\4D5300C800000001\cache.xcd"}); 0x000010C6 0xD012FEB8 0x00022C04 NtCreateFile({"T:\$C\4D5300C800000001\gameinfo_EN.bin"}); 0x000010C7 0xD012FEB8 0x00022C04 NtCreateFile({"T:\$C\4D5300C800000001\gameinfo.bin"}); 0x000010CA 0xD012FEB8 0x00022C04 NtCreateFile({"T:\$C\4D5300C800000001\ContentMeta.xbx"}); 0x000010CE 0xD012FEB8 0x00023E3D NtOpenFile({"T:\$C\4D5300C800000001\"}); 0x000010CF 0xD012FEB8 0x00023E67 NtQueryDirectoryFile({""}); 0x000010D0 0xD012FEB8 0x00022C04 NtCreateFile({"T:\$C\4D5300C800000001\contentimage.xbx"}); 0x000010D6 0xD012FEB8 0x00022C04 NtCreateFile({"T:\$C\4D5300C800000001\gameinfo.bin"}); 0x000010DA 0xD012FEB8 0x00022C04 NtCreateFile({"T:\$C\4D5300C800000001\gameinfo.list"}); 0x000010DE 0xD012FEB8 0x00022C04 NtCreateFile({"T:\$C\4D5300C800000001\gameinfo_FR.bin"}); 0x000010E2 0xD012FEB8 0x00023043 NtQueryFullAttributesFile({"T:\$C\4D5300C800000001\default.xbe"}); 0x000010E3 0xD012FEB8 0x00023043 NtQueryFullAttributesFile({"T:\$C\4D5300C800000001\contentimage.xbx"}); 0x000010E4 0xD012FEB8 0x00023043 NtQueryFullAttributesFile({"T:\$C\4D5300C800000001\gameinfo.bin"}); <snip/> (Very) Detailed report: QUOTE 0x00000000 0xD00082D8 0x00025A73 NtOpenFile(pFileHandle=0xD0031CB8,DesiredAccess=0x00100001(SYNCHRONIZE\|FILE_SHAR E_READ),pObjectAttributes=0xD0031C9C{RootDirectory=0x00000000,ObjectName=0x00181 534{Length=0x001D,MaximumLength=0x001E,Buffer=0x0015A204{"\Device\Harddisk0\partition1\& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD0031CA8,S hareAccess=0x00000003(FILE_SHARE_READ\|FILE_SHARE_WRITE),OpenOptions=0x00800021(F ILE_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT\|FILE_OPEN_FOR_FREE_SPACE_QUERY)) ; 0x00000001 0xD00082D8 0x00025A8E NtQueryVolumeInformationFile(FileHandle=0x0000000C,pIoStatusBlock=0xD0031CA8,pFi leSystemInformation=0xD0031C84,Length=0x00000018,FileInformationClass=0x00000003 (FileBothDirectoryInformation)); 0x00000002 0xD00082D8 0x00025BE1 NtCreateFile(pFileHandle=0xD0031C88,DesiredAccess=0x00100001(SYNCHRONIZE\|FILE_SH ARE_READ),pObjectAttributes=0xD0031C7C{RootDirectory=0x00000000,ObjectName=0x001 81544{Length=0x0022,MaximumLength=0x0023,Buffer=0x0015A1D8{"\Device\Harddisk0\partition1\TDATA& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD0031C74,A llocationSize=0x00000000,FileAttributes=0x00000080,ShareAccess=0x00000003(FILE_S HARE_READ\|FILE_SHARE_WRITE),CreateDisposition=0x00000003(FILE_OPEN\|FILE_CREATE\|F ILE_OPEN_IF),CreateOptions=0x00004021(FILE_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NO NALERT\|FILE_OPEN_FOR_BACKUP_INTENT)); 0x00000003 0xD00082D8 0x00025C9E NtCreateFile(pFileHandle=0xD0031C88,DesiredAccess=0x00120117(READ_CONTROL\|SYNCHR ONIZE\|FILE_SHARE_READ\|FILE_SHARE_WRITE\|FILE_SHARE_DELETE),pObjectAttributes=0xD0 031C7C{RootDirectory=0x00000000,ObjectName=0xD0031C68{Length=0x002B,MaximumLengt h=0x002C,Buffer=0xD0031B24{"\Device\Harddisk0\partition1\TDATA\4d5300c8& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD0031C74,A llocationSize=0x00000000,FileAttributes=0x00000080,ShareAccess=0x00000003(FILE_S HARE_READ\|FILE_SHARE_WRITE),CreateDisposition=0x00000003(FILE_OPEN\|FILE_CREATE\|F ILE_OPEN_IF),CreateOptions=0x00004021(FILE_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NO NALERT\|FILE_OPEN_FOR_BACKUP_INTENT)); 0x00000004 0xD00082D8 0x00025BE1 NtCreateFile(pFileHandle=0xD0031C88,DesiredAccess=0x00100001(SYNCHRONIZE\|FILE_SH ARE_READ),pObjectAttributes=0xD0031C7C{RootDirectory=0x00000000,ObjectName=0x001 81554{Length=0x0022,MaximumLength=0x0023,Buffer=0x0015A1AC{"\Device\Harddisk0\partition1\UDATA& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD0031C74,A llocationSize=0x00000000,FileAttributes=0x00000080,ShareAccess=0x00000003(FILE_S HARE_READ\|FILE_SHARE_WRITE),CreateDisposition=0x00000003(FILE_OPEN\|FILE_CREATE\|F ILE_OPEN_IF),CreateOptions=0x00004021(FILE_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NO NALERT\|FILE_OPEN_FOR_BACKUP_INTENT)); 0x00000005 0xD00082D8 0x00025C9E NtCreateFile(pFileHandle=0xD0031C88,DesiredAccess=0x00120117(READ_CONTROL\|SYNCHR ONIZE\|FILE_SHARE_READ\|FILE_SHARE_WRITE\|FILE_SHARE_DELETE),pObjectAttributes=0xD0 031C7C{RootDirectory=0x00000000,ObjectName=0xD0031C68{Length=0x002B,MaximumLengt h=0x002C,Buffer=0xD0031B24{"\Device\Harddisk0\partition1\UDATA\4d5300c8& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD0031C74,A llocationSize=0x00000000,FileAttributes=0x00000080,ShareAccess=0x00000003(FILE_S HARE_READ\|FILE_SHARE_WRITE),CreateDisposition=0x00000003(FILE_OPEN\|FILE_CREATE\|F ILE_OPEN_IF),CreateOptions=0x00004021(FILE_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NO NALERT\|FILE_OPEN_FOR_BACKUP_INTENT)); 0x00000006 0xD00082D8 0x00025D87 NtCreateFile(pFileHandle=0xD0031CA0,DesiredAccess=0x40100000(SYNCHRONIZE\|GENERIC _WRITE),pObjectAttributes=0xD0031C7C{RootDirectory=0x00000000,ObjectName=0xD0031 C60{Length=0x0039,MaximumLength=0x003A,Buffer=0xD0031B24{"\Device\Harddisk0\partition1\UDATA\4d5300c8\TitleMeta.xbx& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD0031C74,A llocationSize=0x00000000,FileAttributes=0x00000004,ShareAccess=0x00000001(FILE_S HARE_READ),CreateDisposition=0x00000003(FILE_OPEN\|FILE_CREATE\|FILE_OPEN_IF),Crea teOptions=0x00000022(FILE_WRITE_THROUGH\|FILE_SYNCHRONOUS_IO_NONALERT)); 0x00000007 0xD00082D8 0x00025DA9 NtQueryInformationFile(FileHandle=0x00000010,pIoStatusBlock=0xD0031C74,pFileInfo rmation=0xD0031C28,Length=0x00000038,FileInformationClass=0x00000022(FileNetwork OpenInformation)); 0x00000008 0xD00082D8 0x00025B1E NtCreateFile(pFileHandle=0xD00319F0,DesiredAccess=0x40100000(SYNCHRONIZE\|GENERIC _WRITE),pObjectAttributes=0xD00319C8{RootDirectory=0x00000000,ObjectName=0xD0031 9D4{Length=0x003A,MaximumLength=0x003B,Buffer=0xD0031B24{"\Device\Harddisk0\partition1\UDATA\4d5300c8\TitleImage.xbx& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD00319DC,A llocationSize=0x00000000,FileAttributes=0x00000004,ShareAccess=0x00000001(FILE_S HARE_READ),CreateDisposition=0x00000003(FILE_OPEN\|FILE_CREATE\|FILE_OPEN_IF),Crea teOptions=0x00000022(FILE_WRITE_THROUGH\|FILE_SYNCHRONOUS_IO_NONALERT)); 0x00000009 0xD00082D8 0x00025B3B NtQueryInformationFile(FileHandle=0x00000010,pIoStatusBlock=0xD00319DC,pFileInfo rmation=0xD0031990,Length=0x00000038,FileInformationClass=0x00000022(FileNetwork OpenInformation)); 0x0000000A 0xD00082D8 0x00024745 NtOpenFile(pFileHandle=0xD0031B80,DesiredAccess=0xC0100000(SYNCHRONIZE\|GENERIC_W RITE\|GENERIC_READ),pObjectAttributes=0xD0031B5C{RootDirectory=0x00000000,ObjectN ame=0x0015A0EC{Length=0x001C,MaximumLength=0x001D,Buffer=0x0015A0F4{"\Device\Harddisk0\partition0& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD0031B68,S hareAccess=0x00000003(FILE_SHARE_READ\|FILE_SHARE_WRITE),OpenOptions=0x00000010(F ILE_SYNCHRONOUS_IO_ALERT)); 0x0000000B 0xD00082D8 0x0002477A NtReadFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCon text=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0xD003195C,Length=0x00000200,p ByteOffset=0xD0031B70); 0x0000000C 0xD00082D8 0x0002493A NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0xD003195C,Length=0x00000200, pByteOffset=0xD0031B70); 0x0000000D 0xD00082D8 0x0002613D NtOpenFile(pFileHandle=0xD0031B88,DesiredAccess=0x00100003(SYNCHRONIZE\|FILE_SHAR E_READ\|FILE_SHARE_WRITE),pObjectAttributes=0xD0031B54{RootDirectory=0x00000000,O bjectName=0xD0031CB4{Length=0x001C,MaximumLength=0x001E,Buffer=0xD0031BA8{"\Device\Harddisk0\Partition5& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD0031B68,S hareAccess=0x00000000(),OpenOptions=0x00000018(FILE_NO_INTERMEDIATE_BUFFERING\|FI LE_SYNCHRONOUS_IO_ALERT)); 0x0000000E 0xD00082D8 0x0002616F NtDeviceIoControlFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000 000,pApcContext=0x00000000,pIoStatusBlock=0xD0031B68,pIoControlCode=0x00070000,p InputBuffer=0x00000000,InputBufferLength=0x00000000,pOutputBuffer=0xD0031B3C,Out putBufferLength=0x00000018); 0x0000000F 0xD00082D8 0x000261AB NtDeviceIoControlFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000 000,pApcContext=0x00000000,pIoStatusBlock=0xD0031B68,pIoControlCode=0x00074004,p InputBuffer=0x00000000,InputBufferLength=0x00000000,pOutputBuffer=0xD0031B1C,Out putBufferLength=0x00000020); 0x00000010 0xD00082D8 0x000262ED NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000011 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000012 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000013 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000014 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000015 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000016 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000017 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000018 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000019 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x0000001A 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x0000001B 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x0000001C 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x0000001D 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x0000001E 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x0000001F 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000020 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000021 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000022 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000023 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000024 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000025 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000026 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000027 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000028 0xD00082D8 0x00026382 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x00000029 0xD00082D8 0x000263D0 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x0000002A 0xD00082D8 0x000263D0 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x0000002B 0xD00082D8 0x000263D0 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x0000002C 0xD00082D8 0x000263D0 NtWriteFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD0031B68,pBuffer=0x039B0690,Length=0x00001000, pByteOffset=0xD0031B70); 0x0000002D 0xD00082D8 0x0002640A NtFsControlFile(FileHandle=0x0000000C,Event=0x00000000,pApcRoutine=0x00000000,pA pcContext=0x00000000,pIoStatusBlock=0xD0031B68,FsControlCode=0x00090020,pInputBu ffer=0x00000000,InputBufferLength=0x00000000,pOutputBuffer=0x00000000,OutputBuff erLength=0x00000000); 0x0000002E 0xD00082D8 0x00025A73 NtOpenFile(pFileHandle=0xD0031B94,DesiredAccess=0x00100001(SYNCHRONIZE\|FILE_SHAR E_READ),pObjectAttributes=0xD0031B78{RootDirectory=0x00000000,ObjectName=0xD0031 CAC{Length=0x001D,MaximumLength=0x001E,Buffer=0xD0031BA8{"\Device\Harddisk0\Partition5\& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD0031B84,S hareAccess=0x00000003(FILE_SHARE_READ\|FILE_SHARE_WRITE),OpenOptions=0x00800021(F ILE_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT\|FILE_OPEN_FOR_FREE_SPACE_QUERY)) ; 0x0000002F 0xD00082D8 0x00025A8E NtQueryVolumeInformationFile(FileHandle=0x0000000C,pIoStatusBlock=0xD0031B84,pFi leSystemInformation=0xD0031B60,Length=0x00000018,FileInformationClass=0x00000003 (FileBothDirectoryInformation)); 0x00000030 0xD00082D8 0x000268FD NtOpenSymbolicLinkObject(pFileHandle=0xD0030C60,pObjectAttributes=0xD0030C44{Roo tDirectory=0x00000000,ObjectName=0x00181524{Length=0x0006,MaximumLength=0x0007,B uffer=0x0015A170{"\??\D:"}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)}); 0x00000031 0xD00082D8 0x0004D157 NtOpenSymbolicLinkObject(pFileHandle=0xD00310D4,pObjectAttributes=0xD00310AC{Roo tDirectory=0x00000000,ObjectName=0xD00310C0{Length=0x0006,MaximumLength=0x0007,B uffer=0x0015A170{"\??\D:"}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)}); 0x00000032 0xD00082D8 0x00024BCD NtCreateFile(pFileHandle=0xD0031C98,DesiredAccess=0x00100001(SYNCHRONIZE\|FILE_SH ARE_READ),pObjectAttributes=0xD0031C74{RootDirectory=0xFFFFFFFD,ObjectName=0xD00 31C88{Length=0x0011,MaximumLength=0x0012,Buffer=0x00159838{"Z:\categoryvideos& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD0031C80,A llocationSize=0x00000000,FileAttributes=0x00000080,ShareAccess=0x00000003(FILE_S HARE_READ\|FILE_SHARE_WRITE),CreateDisposition=0x00000002(FILE_CREATE),CreateOpti ons=0x00004021(FILE_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT\|FILE_OPEN_FOR_BA CKUP_INTENT)); 0x00000033 0xD00082D8 0x00024BCD NtCreateFile(pFileHandle=0xD0031C98,DesiredAccess=0x00100001(SYNCHRONIZE\|FILE_SH ARE_READ),pObjectAttributes=0xD0031C74{RootDirectory=0xFFFFFFFD,ObjectName=0xD00 31C88{Length=0x0011,MaximumLength=0x0012,Buffer=0x00159824{"Z:\offeringvideos& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD0031C80,A llocationSize=0x00000000,FileAttributes=0x00000080,ShareAccess=0x00000003(FILE_S HARE_READ\|FILE_SHARE_WRITE),CreateDisposition=0x00000002(FILE_CREATE),CreateOpti ons=0x00004021(FILE_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT\|FILE_OPEN_FOR_BA CKUP_INTENT)); <snip /> 0x000010BB 0xD012FEB8 0x00023120 NtOpenFile(pFileHandle=0xD01A2AB4,DesiredAccess=0x00010000(DELETE),pObjectAttrib utes=0xD01A2A98{RootDirectory=0xFFFFFFFD,ObjectName=0xD01A2AAC{Length=0x0017,Max imumLength=0x0018,Buffer=0xD01A2BE4{"Z:\categoryvideos\7.xmv& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD01A2AA4,S hareAccess=0x00000007(FILE_SHARE_READ\|FILE_SHARE_WRITE\|FILE_SHARE_DELETE),OpenOp tions=0x00004040(FILE_NON_DIRECTORY_FILE\|FILE_OPEN_FOR_BACKUP_INTENT)); 0x000010BC 0xD012FEB8 0x00022C04 NtCreateFile(pFileHandle=0xD01A2A9C,DesiredAccess=0x40100080(SYNCHRONIZE\|GENERIC _WRITE\|FILE_ATTRIBUTE_NORMAL),pObjectAttributes=0xD01A2A80{RootDirectory=0xFFFFF FFD,ObjectName=0xD01A2A94{Length=0x0017,MaximumLength=0x0018,Buffer=0xD01A2BE4{"Z:\categoryvideos\7.xmv& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD01A2A8C,A llocationSize=0x00000000,FileAttributes=0x00000000,ShareAccess=0x00000000(),Crea teDisposition=0x00000005(FILE_OPEN\|FILE_OVERWRITE\|FILE_OVERWRITE_IF\|FILE_MAXIMUM _DISPOSITION),CreateOptions=0x00000060(FILE_SYNCHRONOUS_IO_NONALERT\|FILE_NON_DIR ECTORY_FILE)); 0x000010BD 0xD012FEB8 0x00022748 NtWriteFile(FileHandle=0x00000020,Event=0x00000000,pApcRoutine=0x00000000,pApcCo ntext=0x00000000,pIoStatusBlock=0xD01A2AA0,pBuffer=0x02354BE0,Length=0x00079000, pByteOffset=0x00000000); 0x000010BE 0xD012FEB8 0x00023E3D NtOpenFile(pFileHandle=0xD01A27F4,DesiredAccess=0x00100001(SYNCHRONIZE\|FILE_SHAR E_READ),pObjectAttributes=0xD01A27D0{RootDirectory=0xFFFFFFFD,ObjectName=0xD01A2 7E4{Length=0x0006,MaximumLength=0x0006,Buffer=0xD01A2808{"T:\$C\& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD01A27C8,S hareAccess=0x00000003(FILE_SHARE_READ\|FILE_SHARE_WRITE),OpenOptions=0x00004021(F ILE_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT\|FILE_OPEN_FOR_BACKUP_INTENT)); 0x000010BF 0xD012FEB8 0x00023E67 NtQueryDirectoryFile(FileHandle=0x00000020,Event=0x00000000,pApcRoutine=0x000000 00,pApcContext=0x00000000,pIoStatusBlock=0xD01A27C8,pFileInformation=0xD01A2680, Length=0x00000148,FileInformationClass=0x00000001(FileDirectoryInformation),pFil eMask=0xD01A27DC{Length=0x0001,MaximumLength=0x0001,Buffer=0xD01A280E{""}},RestartScan=0x00000000); 0x000010C0 0xD012FEB8 0x00022C04 NtCreateFile(pFileHandle=0xD01A2728,DesiredAccess=0x80100080(SYNCHRONIZE\|GENERIC _READ\|FILE_ATTRIBUTE_NORMAL),pObjectAttributes=0xD01A270C{RootDirectory=0xFFFFFF FD,ObjectName=0xD01A2720{Length=0x0026,MaximumLength=0x0027,Buffer=0xD01A2B00{"T:\$C\4D5300C800000001\ContentMeta.xbx& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD01A2718,A llocationSize=0x00000000,FileAttributes=0x00000080,ShareAccess=0x00000001(FILE_S HARE_READ),CreateDisposition=0x00000001(FILE_OPEN),CreateOptions=0x00000060(FILE _SYNCHRONOUS_IO_NONALERT\|FILE_NON_DIRECTORY_FILE)); 0x000010C1 0xD012FEB8 0x00022667 NtReadFile(FileHandle=0x0000001C,Event=0x00000000,pApcRoutine=0x00000000,pApcCon text=0x00000000,pIoStatusBlock=0xD01A272C,pBuffer=0xD01A275C,Length=0x00000088,p ByteOffset=0x00000000); 0x000010C2 0xD012FEB8 0x000228D9 NtSetInformationFile(FileHandle=0x0000001C,pIoStatusBlock=0xD01A2728,FileInforma tion=0xD01A2730,Length=0x00000008,FileInformationClass=0x0000000E(FilePositionIn formation)); 0x000010C3 0xD012FEB8 0x00022667 NtReadFile(FileHandle=0x0000001C,Event=0x00000000,pApcRoutine=0x00000000,pApcCon text=0x00000000,pIoStatusBlock=0xD01A2714,pBuffer=0xD01A274E,Length=0x00000002,p ByteOffset=0x00000000); 0x000010C4 0xD012FEB8 0x00022667 NtReadFile(FileHandle=0x0000001C,Event=0x00000000,pApcRoutine=0x00000000,pApcCon text=0x00000000,pIoStatusBlock=0xD01A25B0,pBuffer=0xD01A25E0,Length=0x00000072,p ByteOffset=0x00000000); 0x000010C5 0xD012FEB8 0x00022C04 NtCreateFile(pFileHandle=0xD01A28E0,DesiredAccess=0x80100080(SYNCHRONIZE\|GENERIC _READ\|FILE_ATTRIBUTE_NORMAL),pObjectAttributes=0xD01A28C4{RootDirectory=0xFFFFFF FD,ObjectName=0xD01A28D8{Length=0x0020,MaximumLength=0x0021,Buffer=0xD01A2934{"T:\$C\4D5300C800000001\cache.xcd& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD01A28D0,A llocationSize=0x00000000,FileAttributes=0x00000080,ShareAccess=0x00000001(FILE_S HARE_READ),CreateDisposition=0x00000001(FILE_OPEN),CreateOptions=0x00000060(FILE _SYNCHRONOUS_IO_NONALERT\|FILE_NON_DIRECTORY_FILE)); 0x000010C6 0xD012FEB8 0x00022C04 NtCreateFile(pFileHandle=0xD01A28D8,DesiredAccess=0x80100080(SYNCHRONIZE\|GENERIC _READ\|FILE_ATTRIBUTE_NORMAL),pObjectAttributes=0xD01A28BC{RootDirectory=0xFFFFFF FD,ObjectName=0xD01A28D0{Length=0x0026,MaximumLength=0x0027,Buffer=0xD01A2934{"T:\$C\4D5300C800000001\gameinfo_EN.bin& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD01A28C8,A llocationSize=0x00000000,FileAttributes=0x00000000,ShareAccess=0x00000000(),Crea teDisposition=0x00000001(FILE_OPEN),CreateOptions=0x00000064(FILE_SEQUENTIAL_ONL Y\|FILE_SYNCHRONOUS_IO_NONALERT\|FILE_NON_DIRECTORY_FILE)); 0x000010C7 0xD012FEB8 0x00022C04 NtCreateFile(pFileHandle=0xD01A28D8,DesiredAccess=0x80100080(SYNCHRONIZE\|GENERIC _READ\|FILE_ATTRIBUTE_NORMAL),pObjectAttributes=0xD01A28BC{RootDirectory=0xFFFFFF FD,ObjectName=0xD01A28D0{Length=0x0023,MaximumLength=0x0024,Buffer=0xD01A2934{"T:\$C\4D5300C800000001\gameinfo.bin& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD01A28C8,A llocationSize=0x00000000,FileAttributes=0x00000000,ShareAccess=0x00000000(),Crea teDisposition=0x00000001(FILE_OPEN),CreateOptions=0x00000064(FILE_SEQUENTIAL_ONL Y\|FILE_SYNCHRONOUS_IO_NONALERT\|FILE_NON_DIRECTORY_FILE)); 0x000010C8 0xD012FEB8 0x00022A7E NtQueryInformationFile(FileHandle=0x0000001C,pIoStatusBlock=0xD01A28D0,pFileInfo rmation=0xD01A2898,Length=0x00000038,FileInformationClass=0x00000022(FileNetwork OpenInformation)); 0x000010C9 0xD012FEB8 0x00022667 NtReadFile(FileHandle=0x0000001C,Event=0x00000000,pApcRoutine=0x00000000,pApcCon text=0x00000000,pIoStatusBlock=0xD01A28DC,pBuffer=0x039D56C0,Length=0x0000E95C,p ByteOffset=0x00000000); 0x000010CA 0xD012FEB8 0x00022C04 NtCreateFile(pFileHandle=0xD01A1FC4,DesiredAccess=0x80100080(SYNCHRONIZE\|GENERIC _READ\|FILE_ATTRIBUTE_NORMAL),pObjectAttributes=0xD01A1FA8{RootDirectory=0xFFFFFF FD,ObjectName=0xD01A1FBC{Length=0x0026,MaximumLength=0x0027,Buffer=0xD01A212C{"T:\$C\4D5300C800000001\ContentMeta.xbx& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD01A1FB4,A llocationSize=0x00000000,FileAttributes=0x00000000,ShareAccess=0x00000001(FILE_S HARE_READ),CreateDisposition=0x00000001(FILE_OPEN),CreateOptions=0x00000060(FILE _SYNCHRONOUS_IO_NONALERT\|FILE_NON_DIRECTORY_FILE)); 0x000010CB 0xD012FEB8 0x00023468 NtReadFile(FileHandle=0x0000001C,Event=0x00000000,pApcRoutine=0x00000000,pApcCon text=0x00000000,pIoStatusBlock=0xD01A1FCC,pBuffer=0xD01A206C,Length=0x0000001C,p ByteOffset=0xD01A1FC4); 0x000010CC 0xD012FEB8 0x00023498 NtReadFile(FileHandle=0x0000001C,Event=0x00000000,pApcRoutine=0x00000000,pApcCon text=0x00000000,pIoStatusBlock=0xD01A1FCC,pBuffer=0xD01A2088,Length=0x0000006C,p ByteOffset=0x00000000); 0x000010CD 0xD012FEB8 0x00022622 NtReadFile(FileHandle=0x0000001C,Event=0x00000000,pApcRoutine=0x00000000,pApcCon text=0xD01A2108,pIoStatusBlock=0xD01A2108,pBuffer=0x03FD3AC8,Length=0x0000012C,p ByteOffset=0xD01A1FC0); 0x000010CE 0xD012FEB8 0x00023E3D NtOpenFile(pFileHandle=0xD01A2234,DesiredAccess=0x00100001(SYNCHRONIZE\|FILE_SHAR E_READ),pObjectAttributes=0xD01A2210{RootDirectory=0xFFFFFFFD,ObjectName=0xD01A2 224{Length=0x0017,MaximumLength=0x0017,Buffer=0x03FD3CD0{"T:\$C\4D5300C800000001\& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD01A2208,S hareAccess=0x00000003(FILE_SHARE_READ\|FILE_SHARE_WRITE),OpenOptions=0x00004021(F ILE_DIRECTORY_FILE\|FILE_SYNCHRONOUS_IO_NONALERT\|FILE_OPEN_FOR_BACKUP_INTENT)); 0x000010CF 0xD012FEB8 0x00023E67 NtQueryDirectoryFile(FileHandle=0x0000001C,Event=0x00000000,pApcRoutine=0x000000 00,pApcContext=0x00000000,pIoStatusBlock=0xD01A2208,pFileInformation=0xD01A20C0, Length=0x00000148,FileInformationClass=0x00000001(FileDirectoryInformation),pFil eMask=0xD01A221C{Length=0x0000,MaximumLength=0x0003,Buffer=0x03FD3CE7{""}},RestartScan=0x00000000); 0x000010D0 0xD012FEB8 0x00022C04 NtCreateFile(pFileHandle=0xD01A2214,DesiredAccess=0x80100080(SYNCHRONIZE\|GENERIC _READ\|FILE_ATTRIBUTE_NORMAL),pObjectAttributes=0xD01A21F8{RootDirectory=0xFFFFFF FD,ObjectName=0xD01A220C{Length=0x0027,MaximumLength=0x0028,Buffer=0x03FD3D40{"T:\$C\4D5300C800000001\contentimage.xbx& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD01A2204,A llocationSize=0x00000000,FileAttributes=0x00000000,ShareAccess=0x00000001(FILE_S HARE_READ),CreateDisposition=0x00000001(FILE_OPEN),CreateOptions=0x00000064(FILE _SEQUENTIAL_ONLY\|FILE_SYNCHRONOUS_IO_NONALERT\|FILE_NON_DIRECTORY_FILE)); 0x000010D1 0xD012FEB8 0x00022A7E NtQueryInformationFile(FileHandle=0x00000024,pIoStatusBlock=0xD01A220C,pFileInfo rmation=0xD01A21D4,Length=0x00000038,FileInformationClass=0x00000022(FileNetwork OpenInformation)); 0x000010D2 0xD012FEB8 0x00022667 NtReadFile(FileHandle=0x00000024,Event=0x00000000,pApcRoutine=0x00000000,pApcCon text=0x00000000,pIoStatusBlock=0xD01A2218,pBuffer=0x039E5000,Length=0x0000C036,p ByteOffset=0x00000000); 0x000010D3 0xD012FEB8 0x00023ECE NtQueryDirectoryFile(FileHandle=0x0000001C,Event=0x00000000,pApcRoutine=0x000000 00,pApcContext=0x00000000,pIoStatusBlock=0xD01A2224,pFileInformation=0xD01A20DC, Length=0x00000148,FileInformationClass=0x00000001(FileDirectoryInformation),pFil eMask=0x00000000,RestartScan=0x00000000); 0x000010D4 0xD012FEB8 0x00023ECE NtQueryDirectoryFile(FileHandle=0x0000001C,Event=0x00000000,pApcRoutine=0x000000 00,pApcContext=0x00000000,pIoStatusBlock=0xD01A2224,pFileInformation=0xD01A20DC, Length=0x00000148,FileInformationClass=0x00000001(FileDirectoryInformation),pFil eMask=0x00000000,RestartScan=0x00000000); 0x000010D5 0xD012FEB8 0x00023ECE NtQueryDirectoryFile(FileHandle=0x0000001C,Event=0x00000000,pApcRoutine=0x000000 00,pApcContext=0x00000000,pIoStatusBlock=0xD01A2224,pFileInformation=0xD01A20DC, Length=0x00000148,FileInformationClass=0x00000001(FileDirectoryInformation),pFil eMask=0x00000000,RestartScan=0x00000000); 0x000010D6 0xD012FEB8 0x00022C04 NtCreateFile(pFileHandle=0xD01A2214,DesiredAccess=0x80100080(SYNCHRONIZE\|GENERIC _READ\|FILE_ATTRIBUTE_NORMAL),pObjectAttributes=0xD01A21F8{RootDirectory=0xFFFFFF FD,ObjectName=0xD01A220C{Length=0x0023,MaximumLength=0x0024,Buffer=0x03FD3D10{"T:\$C\4D5300C800000001\gameinfo.bin& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD01A2204,A llocationSize=0x00000000,FileAttributes=0x00000000,ShareAccess=0x00000001(FILE_S HARE_READ),CreateDisposition=0x00000001(FILE_OPEN),CreateOptions=0x00000064(FILE _SEQUENTIAL_ONLY\|FILE_SYNCHRONOUS_IO_NONALERT\|FILE_NON_DIRECTORY_FILE)); 0x000010D7 0xD012FEB8 0x00022A7E NtQueryInformationFile(FileHandle=0x00000024,pIoStatusBlock=0xD01A220C,pFileInfo rmation=0xD01A21D4,Length=0x00000038,FileInformationClass=0x00000022(FileNetwork OpenInformation)); 0x000010D8 0xD012FEB8 0x00022667 NtReadFile(FileHandle=0x00000024,Event=0x00000000,pApcRoutine=0x00000000,pApcCon text=0x00000000,pIoStatusBlock=0xD01A2218,pBuffer=0x039E5000,Length=0x0000E95C,p ByteOffset=0x00000000); 0x000010D9 0xD012FEB8 0x00023ECE NtQueryDirectoryFile(FileHandle=0x0000001C,Event=0x00000000,pApcRoutine=0x000000 00,pApcContext=0x00000000,pIoStatusBlock=0xD01A2224,pFileInformation=0xD01A20DC, Length=0x00000148,FileInformationClass=0x00000001(FileDirectoryInformation),pFil eMask=0x00000000,RestartScan=0x00000000); 0x000010DA 0xD012FEB8 0x00022C04 NtCreateFile(pFileHandle=0xD01A2214,DesiredAccess=0x80100080(SYNCHRONIZE\|GENERIC _READ\|FILE_ATTRIBUTE_NORMAL),pObjectAttributes=0xD01A21F8{RootDirectory=0xFFFFFF FD,ObjectName=0xD01A220C{Length=0x0024,MaximumLength=0x0025,Buffer=0x03FD3D10{"T:\$C\4D5300C800000001\gameinfo.list& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD01A2204,A llocationSize=0x00000000,FileAttributes=0x00000000,ShareAccess=0x00000001(FILE_S HARE_READ),CreateDisposition=0x00000001(FILE_OPEN),CreateOptions=0x00000064(FILE _SEQUENTIAL_ONLY\|FILE_SYNCHRONOUS_IO_NONALERT\|FILE_NON_DIRECTORY_FILE)); 0x000010DB 0xD012FEB8 0x00022A7E NtQueryInformationFile(FileHandle=0x00000024,pIoStatusBlock=0xD01A220C,pFileInfo rmation=0xD01A21D4,Length=0x00000038,FileInformationClass=0x00000022(FileNetwork OpenInformation)); 0x000010DC 0xD012FEB8 0x00022667 NtReadFile(FileHandle=0x00000024,Event=0x00000000,pApcRoutine=0x00000000,pApcCon text=0x00000000,pIoStatusBlock=0xD01A2218,pBuffer=0x039E5000,Length=0x00000016,p ByteOffset=0x00000000); 0x000010DD 0xD012FEB8 0x00023ECE NtQueryDirectoryFile(FileHandle=0x0000001C,Event=0x00000000,pApcRoutine=0x000000 00,pApcContext=0x00000000,pIoStatusBlock=0xD01A2224,pFileInformation=0xD01A20DC, Length=0x00000148,FileInformationClass=0x00000001(FileDirectoryInformation),pFil eMask=0x00000000,RestartScan=0x00000000); 0x000010DE 0xD012FEB8 0x00022C04 NtCreateFile(pFileHandle=0xD01A2214,DesiredAccess=0x80100080(SYNCHRONIZE\|GENERIC _READ\|FILE_ATTRIBUTE_NORMAL),pObjectAttributes=0xD01A21F8{RootDirectory=0xFFFFFF FD,ObjectName=0xD01A220C{Length=0x0026,MaximumLength=0x0027,Buffer=0x03FD3CE0{"T:\$C\4D5300C800000001\gameinfo_FR.bin& quot;}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pIoStatusBlock=0xD01A2204,A llocationSize=0x00000000,FileAttributes=0x00000000,ShareAccess=0x00000001(FILE_S HARE_READ),CreateDisposition=0x00000001(FILE_OPEN),CreateOptions=0x00000064(FILE _SEQUENTIAL_ONLY\|FILE_SYNCHRONOUS_IO_NONALERT\|FILE_NON_DIRECTORY_FILE)); 0x000010DF 0xD012FEB8 0x00022A7E NtQueryInformationFile(FileHandle=0x00000024,pIoStatusBlock=0xD01A220C,pFileInfo rmation=0xD01A21D4,Length=0x00000038,FileInformationClass=0x00000022(FileNetwork OpenInformation)); 0x000010E0 0xD012FEB8 0x00022667 NtReadFile(FileHandle=0x00000024,Event=0x00000000,pApcRoutine=0x00000000,pApcCon text=0x00000000,pIoStatusBlock=0xD01A2218,pBuffer=0x039E5000,Length=0x0000E95C,p ByteOffset=0x00000000); 0x000010E1 0xD012FEB8 0x00023ECE NtQueryDirectoryFile(FileHandle=0x0000001C,Event=0x00000000,pApcRoutine=0x000000 00,pApcContext=0x00000000,pIoStatusBlock=0xD01A2224,pFileInformation=0xD01A20DC, Length=0x00000148,FileInformationClass=0x00000001(FileDirectoryInformation),pFil eMask=0x00000000,RestartScan=0x00000000); 0x000010E2 0xD012FEB8 0x00023043 NtQueryFullAttributesFile(pObjectAttributes=0xD01A25A4{RootDirectory=0xFFFFFFFD, ObjectName=0xD01A25B0{Length=0x0022,MaximumLength=0x0023,Buffer=0xD01A25CC{"T:\$C\4D5300C800000001\default.xbe"}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pAttributes=0xD01A256C); 0x000010E3 0xD012FEB8 0x00023043 NtQueryFullAttributesFile(pObjectAttributes=0xD01A25A4{RootDirectory=0xFFFFFFFD, ObjectName=0xD01A25B0{Length=0x0027,MaximumLength=0x0028,Buffer=0xD01A25CC{"T:\$C\4D5300C800000001\contentimage.xbx"}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pAttributes=0xD01A256C); 0x000010E4 0xD012FEB8 0x00023043 NtQueryFullAttributesFile(pObjectAttributes=0xD01A25A4{RootDirectory=0xFFFFFFFD, ObjectName=0xD01A25B0{Length=0x0023,MaximumLength=0x0024,Buffer=0xD01A25CC{"T:\$C\4D5300C800000001\gameinfo.bin"}},Attributes=0x00000040(OBJ_CASE_INSENSITIVE)},pAttributes=0xD01A256C); <snip /> Enjoy This post has been edited by PedrosPad: Nov 1 2005, 10:23 AM

xman954	Oct 31 2005, 07:43 PM Post #10
X-S Messiah Group: Dev/Contributor Posts: 3028 Joined: 10-April 04 From: the bottom of Tampa Bay Member No.: 113422 Xbox Version: v1.0 360 version: v1 (xenon)	this will help a great deal with the xonlinedash project run it untill the "XBL blocking patch" stops it then see whats up

Angerwound	Oct 31 2005, 08:09 PM Post #11
X-S Freak Group: Members Posts: 1718 Joined: 16-January 04 From: Hell Member No.: 92487 Xbox Version: v1.0 360 version: none	Haha couldn't resist the urge to drop something too huh?!? Well deserved compliments from me! Pedro's the man and always will be!

DaddyJ	Oct 31 2005, 08:50 PM Post #12
X-S Messiah Group: Dev/Contributor Posts: 3919 Joined: 8-July 04 Member No.: 129500 Xbox Version: unk 360 version: none	freakin awesome, WTG Pedro....

xman954	Nov 2 2005, 09:01 PM Post #13
X-S Messiah Group: Dev/Contributor Posts: 3028 Joined: 10-April 04 From: the bottom of Tampa Bay Member No.: 113422 Xbox Version: v1.0 360 version: v1 (xenon)	when

PedrosPad	Nov 3 2005, 12:55 AM Post #14
X-S Freak Group: Moderator Posts: 1859 Joined: 4-July 03 From: UK Member No.: 47221 Xbox Version: v1.1 360 version: v1 (xenon)	QUOTE(xman954 @ Nov 2 2005, 10:12 PM) when lol I'm just working on the readme when time allows. This version requires some instructions. I've got devz3ro on standby to throw it up on xbins as soon as I'm done. It'll be up at the weekend at the latest.

krayzie	Nov 3 2005, 07:18 AM Post #15
X-S Elysian Group: Head Moderator Posts: 9333 Joined: 3-January 04 Member No.: 88318 Xbox Version: unk 360 version: unknown	nice...

« Next Oldest · XBE Exploits · Next Newest »

2 Pages

1 2 >

Display Mode: Standard · Switch to: Linear+ · Switch to: Outline

Track this topic · Email this topic · Print this topic · Subscribe to this forum

Lo-Fi Version

Time is now: 21st May 2013 - 04:01 PM

Licensed to: Scenyx