| viewer9 documentation |
Index Home |
FlushBuffersFile PML Operation
Example from 64-bit PML
Hover over field values like Time, ResultCode,
and bytes of evdata
in this example to see tooltips as they appear in viewer9.
The tooltip of the first byte of a color patch tells the field name.
FlushBuffersFile opcode=3,29
ev=38646 advop=IRP_MJ_FLUSH_BUFFERS
| Time: | 2022-05-17 16:06:22.7852722 |
| Duration: | 0.0041173 |
| ResultCode: | SUCCESS |
| Tid: | 3836 |
|
| Path: | C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat |
evdata[0-124] file offset 21895934
| 0 | 00 00 00 00 b6 00 00 00 | ........ |
| 8 | 00 00 06 00 01 00 00 00 | ........ |
| 16 | 00 00 00 00 00 00 00 00 | ........ |
| omit 4 rows of zeros |
| 56 | 00 00 00 00 00 00 00 00 | ........ |
| 64 | 35 80 cf 02 43 3a 5c 50 | 5...C:\P |
| 72 | 72 6f 67 72 61 6d 44 61 | rogramDa |
| 80 | 74 61 5c 4d 69 63 72 6f | ta\Micro |
| 88 | 73 6f 66 74 5c 4e 65 74 | soft\Net |
| 96 | 77 6f 72 6b 5c 44 6f 77 | work\Dow |
| 104 | 6e 6c 6f 61 64 65 72 5c | nloader\ |
| 112 | 71 6d 67 72 30 2e 64 61 | qmgr0.da |
| 120 | 74 3e 7c c5 77 | t>..w |
Call Stack stacksize=22
| StackAddress | mod | ModName | ModPath |
|---|
| 0xfffff880011730f7 | 194 | fltmgr.sys + 0x20f7 | C:\Windows\system32\drivers\fltmgr.sys |
| 0xfffff88001173fc7 | 194 | fltmgr.sys + 0x2fc7 | C:\Windows\system32\drivers\fltmgr.sys |
| 0xfffff880011726c7 | 194 | fltmgr.sys + 0x16c7 | C:\Windows\system32\drivers\fltmgr.sys |
| 0xfffff80002b491fa | 161 | ntoskrnl.exe + 0x2fb1fa | C:\Windows\system32\ntoskrnl.exe |
| 0xfffff80002b6900d | 161 | ntoskrnl.exe + 0x31b00d | C:\Windows\system32\ntoskrnl.exe |
| 0xfffff800028eff53 | 161 | ntoskrnl.exe + 0xa1f53 | C:\Windows\system32\ntoskrnl.exe |
| 0x77c89c5a | 2 | ntdll.dll + 0x69c5a | C:\Windows\SYSTEM32\ntdll.dll |
| 0x7fefd7eaf68 | 43 | KERNELBASE.dll + 0x1af68 | C:\Windows\system32\KERNELBASE.dll |
| 0x7fef711e796 | 434 | qmgr.dll + 0x2e796 | c:\windows\system32\qmgr.dll |
| 0x7fef7114056 | 434 | qmgr.dll + 0x24056 | c:\windows\system32\qmgr.dll |
| 0x7fef71186b4 | 434 | qmgr.dll + 0x286b4 | c:\windows\system32\qmgr.dll |
| 0x7fef7110a1e | 434 | qmgr.dll + 0x20a1e | c:\windows\system32\qmgr.dll |
| 0x77b39ac1 | 1 | USER32.dll + 0x19ac1 | C:\Windows\system32\USER32.dll |
| 0x77b397de | 1 | USER32.dll + 0x197de | C:\Windows\system32\USER32.dll |
| 0x7fef7111f6d | 434 | qmgr.dll + 0x21f6d | c:\windows\system32\qmgr.dll |
| 0x7fef711c987 | 434 | qmgr.dll + 0x2c987 | c:\windows\system32\qmgr.dll |
| 0x7fef7100160 | 434 | qmgr.dll + 0x10160 | c:\windows\system32\qmgr.dll |
| 0x7fef70ffaa9 | 434 | qmgr.dll + 0xfaa9 | c:\windows\system32\qmgr.dll |
| 0xff671344 | 367 | svchost.exe + 0x1344 | C:\Windows\system32\svchost.exe |
| 0x7fefdf0a82d | 50 | sechost.dll + 0xa82d | C:\Windows\SYSTEM32\sechost.dll |
| 0x77a1556d | 0 | kernel32.dll + 0x1556d | C:\Windows\system32\kernel32.dll |
| 0x77c7372d | 2 | ntdll.dll + 0x5372d | C:\Windows\SYSTEM32\ntdll.dll |
See also
Posted 4 Jul 2022 last updated 15 Nov 2022 As viewer9 is just starting out, discussion is invited via email.
Please send questions and comments to forum@viewer9.com directly.
Threads that might be valuable to other users will be posted as part of the documentation.
Posted messages will not include your address or your full name, and might be shortened for brevity.
Copyright 2022, bryantlite, Inc.