00:14:39 [INFO] scanning "C:\\Users\\vc\\Documents\\memflow" for libraries 00:14:39 [INFO] adding plugin 'Connector/gdrv3': "C:\\Users\\vc\\Documents\\memflow\\memflow_gdrv3_33265f9.dll" 00:14:39 [INFO] adding plugin 'OS/win32': "C:\\Users\\vc\\Documents\\memflow\\memflow_win32_331014c.dll" 00:14:39 [INFO] adding plugin 'Connector/winio': "C:\\Users\\vc\\Documents\\memflow\\memflow_winio_9695aae.dll" 00:14:39 [INFO] scanning "C:\\Users\\vc\\Desktop\\cs2-dumper" for libraries 00:14:39 [INFO] attempting to load `Connector` type plugin `winio` from `C:\Users\vc\Documents\memflow\memflow_winio_9695aae.dll` 00:14:41 [INFO] Inserting `CachedPhysicalMemory` middleware with size=0, validity_time=0, page_size=4096 00:14:41 [INFO] attempting to load `OS` type plugin `win32` from `C:\Users\vc\Documents\memflow\memflow_win32_331014c.dll` 00:14:41 [INFO] Building kernel of type memflow_win32::win32::kernel_builder::Win32KernelBuilder, cglue::arc::CArc>, memflow::plugins::connector::cglue_connectorinstance::cglue_internal::ConnectorInstance, cglue::arc::CArc>, memflow::mem::virt_translate::cache::CachedVirtualTranslate> 00:14:41 [INFO] arch=X86(64, false) kernel_hint=fffff8058ae9f520 dtb=1ae000 00:14:41 [INFO] base=fffff8058a800000 size=21299200 00:14:41 [INFO] kernel_guid=Some(Win32Guid { file_name: "ntkrnlmp.pdb", guid: "91F95759B8A1C35A0A9773FCA2A8A67E1" }) 00:14:41 [INFO] trying to find NtBuildNumber export 00:14:41 [INFO] NtBuildNumber found at 0xe0a5ac 00:14:41 [INFO] trying to find RtlGetVersion export 00:14:41 [INFO] RtlGetVersion found at 0xa1b260 00:14:41 [INFO] nt_build_number: 4026557940 00:14:41 [INFO] kernel version: 10.0.26100 00:14:41 [INFO] kernel_winver=Win32Version { nt_major_version: 10, nt_minor_version: 0, nt_build_number: 4026557940 } 00:14:41 [INFO] PsInitialSystemProcess found at 0xfffff8058b7c5aa8 00:14:41 [INFO] eprocess_base=ffffbc0a99796040 00:14:41 [INFO] start_block.dtb=1ae000 00:14:41 [INFO] reading pdb from local cache: C:\Users\vc\AppData\Local\memflow\ntkrnlmp.pdb\91F95759B8A1C35A0A9773FCA2A8A67E1 00:14:41 [INFO] updating connector mem_map=MemoryMapping: base=1000 size=9f000 real_base=1000 MemoryMapping: base=100000 size=99ff000 real_base=100000 MemoryMapping: base=a000000 size=200000 real_base=a000000 MemoryMapping: base=a210000 size=df0000 real_base=a210000 MemoryMapping: base=b021000 size=7a25e000 real_base=b021000 MemoryMapping: base=973ff000 size=2bfb000 real_base=973ff000 MemoryMapping: base=99ffd000 size=3000 real_base=99ffd000 MemoryMapping: base=100000000 size=73df00000 real_base=100000000 00:14:41 [INFO] updating sysproc_dtb=1ae000 00:14:41 [INFO] found 16 buttons 00:14:42 [INFO] found 131 interfaces across 33 modules 00:14:42 [INFO] found 32 offsets across 5 modules 00:14:42 [INFO] found 2693 classes and 405 enums across 18 modules 00:14:42 [INFO] analysis completed in 968.89ms