Forum Discussion
How to set Environment Variables
Tim Mangan I tried to set a environment variable using HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Environment, but that is not being picked up by the package. The configured ...
Thanks for the note on case sensitivity. Yes, the json is case sensitive and apparently the readme is incorrect; in that case I'll update the readme.
As to the other question, the package environment variables are not implemented in a list form (we have no intercept for that), but if you were to try to use the variable in a command inside that cmd window you should find that it works. As I don't see apps trying to list the variables before using them I don't think we need to fix that. But let me know if I'm wrong about that.
As to the other question, the package environment variables are not implemented in a list form (we have no intercept for that), but if you were to try to use the variable in a command inside that cmd window you should find that it works. As I don't see apps trying to list the variables before using them I don't think we need to fix that. But let me know if I'm wrong about that.
So in a cmd, the SET command wont’t list the configured variable, but an ECHO %TESTVAR% does or should display it?
- As long as the cmd is running in the container with EnVarFixup, yes. At least that is the plan...
- You should check the config.json file. I'm not sure if PsfTooling covers this case, but TMEditX should.
PsfTooling tries to be more surgical and not apply things where they aren't needed by default, whereas TMEdit by default tries to cover everything.
So with PsfTooling the Processes section tries to set a process match based on the individual shortcut target and it probably does not handle the shell launch cases (cmd, txt, pdf, etc files). You might need to manually change the process to ".*" which is what TMEditX does.TIMOTHY_MANGAN Thanks for your support in all these questions. I updated my JSON and package and did another test. Below my CONFIG.JSON which basically contains 3 shortcuts to a BAT, CMD and PS1 file to start in the bubble.
{ "applications": [{ "id": "PSFLAUNCHER2", "executable": "c:\\program files\\Test\\Test.cmd", "arguments": "", "workingDirectory": "VFS\\ProgramFilesX64\\Test" }, { "id": "PSFLAUNCHER1", "executable": "c:\\program files\\Test\\Test.bat", "arguments": "", "workingDirectory": "VFS\\ProgramFilesX64\\Test" }, { "id": "PSFLAUNCHER3", "executable": "c:\\windows\\system32\\WindowsPowerShell\\v1.0\\powershell.exe", "arguments": "-ExecutionPolicy Bypass -file Test.ps1", "workingDirectory": "VFS\\ProgramFilesX64\\Test" } ], "processes": [{ "executable": ".*", "fixups": [{ "dll": "TraceFixup.dll", "config": { "traceMethod": "outputDebugString", "traceLevels": { "default": "allFailures" } } }, { "dll": "EnvVarFixup.dll", "config": { "envVars": [{ "name": "APPHOME", "value": "APP-HOME Test", "useregistry": "false" }, { "name": "JAVAHOME", "value": "JAVA-HOME Test", "useregistry": "false" }, { "name": "VARTEST1", "value": "VAR Test One", "useregistry": "false" } ] } } ] }] }The CMD files contained a piece of code like:
echo "APPHOME %APPHOME%" echo "JAVAHOME %JAVAHOME%" echo "VARTEST1 %VARTEST1%"The outcome of my CMD is:
The Debug logs show:
00000001 0.00000000 [3116] g_PackageFullName=test_1.0.23.0_x64__fg0t8wag126gc 00000002 0.00004560 [3116] g_PackageFamilyName=test_fg0t8wag126gc 00000003 0.00010110 [3116] g_ApplicationUserModelId=test_fg0t8wag126gc!PSFLAUNCHER2 00000004 0.00014800 [3116] g_ApplicationId=PSFLAUNCHER2 00000005 0.00019480 [3116] g_PackageRootPath=C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc 00000006 0.00024190 [3116] g_FinalPackageRootPath=\\?\C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc 00000007 0.00029260 [3116] g_CurrentExecutable=C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\PsfLauncher2.exe 00000008 0.00053690 [3116] Config.json not found in root of package C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc, look elsewhere. 00000009 0.00074920 [3116] Config.json found in executable folder of package C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc 00000010 0.00254990 [3116] Processes config match=.* 00000011 0.00334180 [3116] PsfRuntime is ready. 00000012 0.00378480 [3116] fixup not found at root of package, look elsewhere TraceFixup32.dll. 00000013 0.00984140 [3116] config traceMethod is default 00000014 0.01008900 [3116] fixup found at . C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\TraceFixup32.dll 00000015 0.01059720 [3116] Inject into current process: C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\TraceFixup32.dll 00000016 0.01171350 [3116] LoadLibrary: 00000017 0.01178380 [3116] File Name=C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\EnvVarFixup.dll 00000018 0.01237080 [3116] Result=Expected Failure 00000019 0.01246850 [3116] Last Error=126 (The specified module could not be found) 00000020 0.01271630 [3116] Calling Module=C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\PsfRuntime32.dll 00000021 0.01279940 [3116] LoadLibrary: 00000022 0.01286590 [3116] File Name=C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\EnvVarFixup32.dll 00000023 0.01314120 [3116] Result=Expected Failure 00000024 0.01322660 [3116] Last Error=126 (The specified module could not be found) 00000025 0.01331330 [3116] Calling Module=C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\PsfRuntime32.dll 00000026 0.01352820 [3116] fixup not found at root of package, look elsewhere EnvVarFixup32.dll. 00000027 0.01683790 [3116] NtQueryValueKey: 00000028 0.01694030 [3116] Value Name= 00000029 0.01701370 [3116] PreferExternalManifest 00000030 0.01707890 [3116] 00000031 0.01741750 [3116] Result=Expected Failure 00000032 0.01750540 [3116] Status=C0000034 (Object Name not found) 00000033 0.01837390 [3116] Calling Module=C:\Windows\System32\KERNEL32.DLL 00000034 0.01849100 [3116] Attaching EnvVarFixup 00000035 0.01863870 [3116] Initializing EnvVarFixup 00000036 0.01879930 [3116] EnvVarFixup InitializeConfiguration() 00000037 0.01886130 [3116] [0] GetEnvFixup Config: name=APPHOME 00000038 0.01892110 [3116] [0] GetEnvFixup Config: value=APP-HOME Test 00000039 0.01915770 [3116] [0] GetEnvFixup Config: useregistry=false 00000040 0.01922140 [3116] [0] GetEnvFixup Config: name=JAVAHOME 00000041 0.01928080 [3116] [0] GetEnvFixup Config: value=JAVA-HOME Test 00000042 0.01938060 [3116] [0] GetEnvFixup Config: useregistry=false 00000043 0.01944040 [3116] [0] GetEnvFixup Config: name=VARTEST1 00000044 0.01949940 [3116] [0] GetEnvFixup Config: value=VAR Test One 00000045 0.01958590 [3116] [0] GetEnvFixup Config: useregistry=false 00000046 0.01966940 [3116] EnvVarFixup: 3 config items read. 00000047 0.01993030 [3116] fixup found at . C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\EnvVarFixup32.dll 00000048 0.02029310 [3116] Inject into current process: C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test\EnvVarFixup32.dll 00000049 0.02039270 [3116] In Launcher_main() 00000050 0.02289420 [3116] Json Application match against id=PSFLAUNCHER2 00000051 0.02299730 [3116] NtQueryValueKey: 00000052 0.02308230 [3116] Value Name= 00000053 0.02315720 [3116] ParentFolder 00000054 0.02321850 [3116] 00000055 0.02330060 [3116] Result=Expected Failure 00000056 0.02337280 [3116] Status=C0000034 (Object Name not found) 00000057 0.02656720 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000058 0.02668540 [3116] NtQueryValueKey: 00000059 0.02675330 [3116] Value Name= 00000060 0.02681540 [3116] Description 00000061 0.02687360 [3116] 00000062 0.02693300 [3116] Result=Expected Failure 00000063 0.02701090 [3116] Status=C0000034 (Object Name not found) 00000064 0.02708410 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000065 0.02722250 [3116] NtQueryValueKey: 00000066 0.02729720 [3116] Value Name= 00000067 0.02735990 [3116] ParsingName 00000068 0.02741800 [3116] 00000069 0.02747890 [3116] Result=Expected Failure 00000070 0.02755710 [3116] Status=C0000034 (Object Name not found) 00000071 0.02762990 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000072 0.02770830 [3116] NtQueryValueKey: 00000073 0.02776710 [3116] Value Name= 00000074 0.02782500 [3116] InfoTip 00000075 0.02788240 [3116] 00000076 0.02794050 [3116] Result=Expected Failure 00000077 0.02801340 [3116] Status=C0000034 (Object Name not found) 00000078 0.02808370 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000079 0.02815910 [3116] NtQueryValueKey: 00000080 0.02821750 [3116] Value Name= 00000081 0.02827620 [3116] LocalizedName 00000082 0.02833450 [3116] 00000083 0.02839230 [3116] Result=Expected Failure 00000084 0.02846330 [3116] Status=C0000034 (Object Name not found) 00000085 0.02853380 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000086 0.02860960 [3116] NtQueryValueKey: 00000087 0.02866850 [3116] Value Name= 00000088 0.02872930 [3116] Icon 00000089 0.02878640 [3116] 00000090 0.02884530 [3116] Result=Expected Failure 00000091 0.02891580 [3116] Status=C0000034 (Object Name not found) 00000092 0.02898500 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000093 0.02906050 [3116] NtQueryValueKey: 00000094 0.02911870 [3116] Value Name= 00000095 0.02917670 [3116] Security 00000096 0.02923500 [3116] 00000097 0.02929300 [3116] Result=Expected Failure 00000098 0.02936450 [3116] Status=C0000034 (Object Name not found) 00000099 0.02943540 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000100 0.02951060 [3116] NtQueryValueKey: 00000101 0.02956840 [3116] Value Name= 00000102 0.02962720 [3116] StreamResource 00000103 0.02968310 [3116] 00000104 0.02974050 [3116] Result=Expected Failure 00000105 0.02981080 [3116] Status=C0000034 (Object Name not found) 00000106 0.02989300 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000107 0.02997100 [3116] NtQueryValueKey: 00000108 0.03002890 [3116] Value Name= 00000109 0.03008800 [3116] StreamResourceType 00000110 0.03014450 [3116] 00000111 0.03020370 [3116] Result=Expected Failure 00000112 0.03027440 [3116] Status=C0000034 (Object Name not found) 00000113 0.03034320 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000114 0.03042770 [3116] NtQueryValueKey: 00000115 0.03048640 [3116] Value Name= 00000116 0.03054460 [3116] Roamable 00000117 0.03060220 [3116] 00000118 0.03066080 [3116] Result=Expected Failure 00000119 0.03073140 [3116] Status=C0000034 (Object Name not found) 00000120 0.03080270 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000121 0.03088150 [3116] NtQueryValueKey: 00000122 0.03094060 [3116] Value Name= 00000123 0.03100140 [3116] PreCreate 00000124 0.03108280 [3116] 00000125 0.03114510 [3116] Result=Expected Failure 00000126 0.03121980 [3116] Status=C0000034 (Object Name not found) 00000127 0.03129160 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000128 0.03136850 [3116] NtQueryValueKey: 00000129 0.03142700 [3116] Value Name= 00000130 0.03148540 [3116] Stream 00000131 0.03154230 [3116] 00000132 0.03160050 [3116] Result=Expected Failure 00000133 0.03167240 [3116] Status=C0000034 (Object Name not found) 00000134 0.03174200 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000135 0.03182630 [3116] NtQueryValueKey: 00000136 0.03188520 [3116] Value Name= 00000137 0.03194370 [3116] DefinitionFlags 00000138 0.03200150 [3116] 00000139 0.03205990 [3116] Result=Expected Failure 00000140 0.03213090 [3116] Status=C0000034 (Object Name not found) 00000141 0.03220330 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000142 0.03227770 [3116] NtQueryValueKey: 00000143 0.03233640 [3116] Value Name= 00000144 0.03240620 [3116] Attributes 00000145 0.03246380 [3116] 00000146 0.03252190 [3116] Result=Expected Failure 00000147 0.03259300 [3116] Status=C0000034 (Object Name not found) 00000148 0.03266330 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000149 0.03273900 [3116] NtQueryValueKey: 00000150 0.03279750 [3116] Value Name= 00000151 0.03285660 [3116] FolderTypeID 00000152 0.03291310 [3116] 00000153 0.03297220 [3116] Result=Expected Failure 00000154 0.03304200 [3116] Status=C0000034 (Object Name not found) 00000155 0.03311510 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000156 0.03319060 [3116] NtQueryValueKey: 00000157 0.03324900 [3116] Value Name= 00000158 0.03330820 [3116] InitFolderHandler 00000159 0.03336530 [3116] 00000160 0.03342350 [3116] Result=Expected Failure 00000161 0.03349380 [3116] Status=C0000034 (Object Name not found) 00000162 0.03356360 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000163 0.03403190 [3116] NtOpenKey: 00000164 0.03414450 [3116] Path= 00000165 0.03420810 [3116] PropertyBag 00000166 0.03426580 [3116] 00000167 0.03433000 [3116] Root=\REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{F1B32785-6FBA-4FCF-9D55-7B8E7F157091} 00000168 0.03439310 [3116] Object Attributes=00000040 00000169 0.03445040 [3116] ( 00000170 0.03451150 [3116] OBJ_CASE_INSENSITIVE 00000171 0.03456850 [3116] ) 00000172 0.03462510 [3116] 00000173 0.03469040 [3116] Access=00020019 00000174 0.03474780 [3116] ( 00000175 0.03480790 [3116] KEY_QUERY_VALUE 00000176 0.03489620 [3116] | KEY_ENUMERATE_SUB_KEYS 00000177 0.03574550 [3116] | KEY_NOTIFY 00000178 0.03582660 [3116] | READ_CONTROL 00000179 0.03588980 [3116] ) 00000180 0.03594830 [3116] 00000181 0.03607760 [3116] Options=00000000 00000182 0.03614270 [3116] (REG_OPTION_NON_VOLATILE) 00000183 0.03620070 [3116] 00000184 0.03626030 [3116] Result=Expected Failure 00000185 0.03633770 [3116] Status=C0000034 (Object Name not found) 00000186 0.03641020 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000187 0.03668250 [3116] NtOpenKey: 00000188 0.03677800 [3116] Path= 00000189 0.03683950 [3116] KnownFolders 00000190 0.03689710 [3116] 00000191 0.03701170 [3116] Root=\REGISTRY\USER\S-1-5-21-2396449878-2845259392-2342097501-10863\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\3 00000192 0.03707520 [3116] Object Attributes=00000040 00000193 0.03713260 [3116] ( 00000194 0.03719100 [3116] OBJ_CASE_INSENSITIVE 00000195 0.03724890 [3116] ) 00000196 0.03730940 [3116] 00000197 0.03737190 [3116] Access=00000001 00000198 0.03742890 [3116] ( 00000199 0.03748600 [3116] KEY_QUERY_VALUE 00000200 0.03754390 [3116] ) 00000201 0.03760020 [3116] 00000202 0.03765930 [3116] Options=00000000 00000203 0.03771870 [3116] (REG_OPTION_NON_VOLATILE) 00000204 0.03777480 [3116] 00000205 0.03783370 [3116] Result=Expected Failure 00000206 0.03790690 [3116] Status=C0000034 (Object Name not found) 00000207 0.03797830 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000208 0.03831000 [3116] NtQueryValueKey: 00000209 0.03837420 [3116] Value Name= 00000210 0.03843200 [3116] en-US 00000211 0.03849070 [3116] 00000212 0.03856540 [3116] Result=Expected Failure 00000213 0.03863830 [3116] Status=C0000034 (Object Name not found) 00000214 0.03875290 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000215 0.03881350 [3116] NtQueryValueKey: 00000216 0.03887390 [3116] Value Name= 00000217 0.03893190 [3116] en-US 00000218 0.03899050 [3116] 00000219 0.03906140 [3116] Result=Expected Failure 00000220 0.03913270 [3116] Status=C0000034 (Object Name not found) 00000221 0.03943260 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000222 0.03950170 [3116] NtQueryValueKey: 00000223 0.03956140 [3116] Value Name= 00000224 0.03962050 [3116] en-US 00000225 0.03967910 [3116] 00000226 0.03975260 [3116] Result=Expected Failure 00000227 0.03982420 [3116] Status=C0000034 (Object Name not found) 00000228 0.04017470 [3116] Calling Module=C:\Windows\System32\KERNEL32.DLL 00000229 0.04038520 [3116] NtQueryValueKey: 00000230 0.04045030 [3116] Value Name= 00000231 0.04054990 [3116] en 00000232 0.04062430 [3116] 00000233 0.04070350 [3116] Result=Expected Failure 00000234 0.04077800 [3116] Status=C0000034 (Object Name not found) 00000235 0.04102450 [3116] Calling Module=C:\Windows\System32\KERNEL32.DLL 00000236 0.04111930 [3116] NtOpenKey: 00000237 0.04118390 [3116] Path= 00000238 0.04124240 [3116] Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings 00000239 0.04130320 [3116] 00000240 0.04136590 [3116] Root=\REGISTRY\MACHINE 00000241 0.04142450 [3116] Object Attributes=00000040 00000242 0.04148300 [3116] ( 00000243 0.04154070 [3116] OBJ_CASE_INSENSITIVE 00000244 0.04159860 [3116] ) 00000245 0.04166060 [3116] 00000246 0.04171850 [3116] Access=00000001 00000247 0.04177730 [3116] ( 00000248 0.04183600 [3116] KEY_QUERY_VALUE 00000249 0.04189330 [3116] ) 00000250 0.04195390 [3116] 00000251 0.04201250 [3116] Options=00000000 00000252 0.04206990 [3116] (REG_OPTION_NON_VOLATILE) 00000253 0.04212890 [3116] 00000254 0.04220350 [3116] Result=Expected Failure 00000255 0.04227690 [3116] Status=C0000034 (Object Name not found) 00000256 0.04238670 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000257 0.04242470 [3116] NtOpenKey: 00000258 0.04252870 [3116] Path= 00000259 0.04258550 [3116] Software\Microsoft\Windows\CurrentVersion\Explorer\KnownFolderSettings 00000260 0.04262960 [3116] 00000261 0.04267680 [3116] Root=\REGISTRY\MACHINE 00000262 0.04272560 [3116] Object Attributes=00000040 00000263 0.04277330 [3116] ( 00000264 0.04281320 [3116] OBJ_CASE_INSENSITIVE 00000265 0.04286010 [3116] ) 00000266 0.04289940 [3116] 00000267 0.04294750 [3116] Access=00000001 00000268 0.04299020 [3116] ( 00000269 0.04303420 [3116] KEY_QUERY_VALUE 00000270 0.04307800 [3116] ) 00000271 0.04312130 [3116] 00000272 0.04316640 [3116] Options=00000000 00000273 0.04321160 [3116] (REG_OPTION_NON_VOLATILE) 00000274 0.04325400 [3116] 00000275 0.04329790 [3116] Result=Expected Failure 00000276 0.04335610 [3116] Status=C0000034 (Object Name not found) 00000277 0.04341280 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000278 0.04355460 [3116] StartingScript commandString= 00000279 0.04359150 [3116] StartingScript currentDirectory= 00000280 0.04362850 [3116] StartingScript waitForScriptToFinish=true 00000281 0.04371060 [3116] Shell Launch=c:\program files\Test\Test.cmd 00000282 0.04374740 [3116] Arguments= 00000283 0.04378500 [3116] Working Directory: =C:\Program Files\WindowsApps\test_1.0.23.0_x64__fg0t8wag126gc\VFS\ProgramFilesX64\Test 00000284 0.04410870 [3116] NtQueryValueKey: 00000285 0.04417780 [3116] Value Name= 00000286 0.04422410 [3116] PackageRootFolder 00000287 0.04426650 [3116] 00000288 0.04431120 [3116] Result=Expected Failure 00000289 0.04437940 [3116] Status=80000005 (Buffer Overflow) 00000290 0.04441810 [3116] Required Length=136 00000291 0.04447420 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000292 0.04455200 [3116] NtQueryValueKey: 00000293 0.04459670 [3116] Value Name= 00000294 0.04464090 [3116] PackageStatus 00000295 0.04468240 [3116] 00000296 0.04478860 [3116] Result=Expected Failure 00000297 0.04486820 [3116] Status=C0000034 (Object Name not found) 00000298 0.04495220 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000299 0.04501210 [3116] NtQueryValueKey: 00000300 0.04507140 [3116] Value Name= 00000301 0.04512890 [3116] PackageSid 00000302 0.04518770 [3116] 00000303 0.04526360 [3116] Result=Expected Failure 00000304 0.04532640 [3116] Status=80000005 (Buffer Overflow) 00000305 0.04537140 [3116] Required Length=52 00000306 0.04541110 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000307 0.04549300 [3116] NtQueryValueKey: 00000308 0.04554210 [3116] Value Name= 00000309 0.04558070 [3116] CapabilitySids 00000310 0.04562270 [3116] 00000311 0.04566660 [3116] Result=Expected Failure 00000312 0.04577090 [3116] Status=80000005 (Buffer Overflow) 00000313 0.04583780 [3116] Required Length=56 00000314 0.04590110 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000315 0.04607180 [3116] NtQueryValueKey: 00000316 0.04611830 [3116] Value Name= 00000317 0.04616400 [3116] DevelopmentMode 00000318 0.04620690 [3116] 00000319 0.04625170 [3116] Result=Expected Failure 00000320 0.04631100 [3116] Status=C0000034 (Object Name not found) 00000321 0.04636710 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000322 0.04724710 [3116] NtOpenKey: 00000323 0.04732410 [3116] Path= 00000324 0.04737470 [3116] SOFTWARE\Microsoft\OLEAUT 00000325 0.04741730 [3116] 00000326 0.04746380 [3116] Root=\REGISTRY\MACHINE 00000327 0.04751000 [3116] Object Attributes=00000040 00000328 0.04755320 [3116] ( 00000329 0.04760230 [3116] OBJ_CASE_INSENSITIVE 00000330 0.04764010 [3116] ) 00000331 0.04768300 [3116] 00000332 0.04772820 [3116] Access=00000001 00000333 0.04777110 [3116] ( 00000334 0.04782520 [3116] KEY_QUERY_VALUE 00000335 0.04785560 [3116] ) 00000336 0.04789790 [3116] 00000337 0.04794220 [3116] Options=00000000 00000338 0.04798700 [3116] (REG_OPTION_NON_VOLATILE) 00000339 0.04803320 [3116] 00000340 0.04807730 [3116] Result=Expected Failure 00000341 0.04813510 [3116] Status=C0000034 (Object Name not found) 00000342 0.04819560 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000343 0.04917650 [3116] NtOpenKey: 00000344 0.04930140 [3116] Path= 00000345 0.04935100 [3116] SOFTWARE\Microsoft\Windows NT\CurrentVersion\msasn1 00000346 0.04938060 [3116] 00000347 0.04942140 [3116] Root=\REGISTRY\MACHINE 00000348 0.04946860 [3116] Object Attributes=00000040 00000349 0.04951200 [3116] ( 00000350 0.04955610 [3116] OBJ_CASE_INSENSITIVE 00000351 0.04959920 [3116] ) 00000352 0.04964050 [3116] 00000353 0.04968740 [3116] Access=00020019 00000354 0.04973060 [3116] ( 00000355 0.04978000 [3116] KEY_QUERY_VALUE 00000356 0.04981840 [3116] | KEY_ENUMERATE_SUB_KEYS 00000357 0.04986270 [3116] | KEY_NOTIFY 00000358 0.04992780 [3116] | READ_CONTROL 00000359 0.04997520 [3116] ) 00000360 0.05001680 [3116] 00000361 0.05005910 [3116] Options=00000000 00000362 0.05011150 [3116] (REG_OPTION_NON_VOLATILE) 00000363 0.05014490 [3116] 00000364 0.05018920 [3116] Result=Expected Failure 00000365 0.05025400 [3116] Status=C0000034 (Object Name not found) 00000366 0.05030550 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000367 0.05063890 [3116] NtCreateKey: 00000368 0.05070630 [3116] Path= 00000369 0.05075200 [3116] Software\Microsoft\SecurityManager\CapAuthz\HasRepaired 00000370 0.05079520 [3116] 00000371 0.05084590 [3116] Root=\REGISTRY\MACHINE 00000372 0.05088670 [3116] Object Attributes=00000040 00000373 0.05092930 [3116] ( 00000374 0.05097330 [3116] OBJ_CASE_INSENSITIVE 00000375 0.05101590 [3116] ) 00000376 0.05105840 [3116] 00000377 0.05110540 [3116] Access=0000000E 00000378 0.05114820 [3116] ( 00000379 0.05119170 [3116] KEY_SET_VALUE 00000380 0.05123520 [3116] | KEY_CREATE_SUB_KEY 00000381 0.05127880 [3116] | KEY_ENUMERATE_SUB_KEYS 00000382 0.05132220 [3116] ) 00000383 0.05136460 [3116] 00000384 0.05140800 [3116] Class= 00000385 0.05145130 [3116] 00000386 0.05149710 [3116] Options=00000001 00000387 0.05154010 [3116] ( 00000388 0.05158340 [3116] REG_OPTION_VOLATILE 00000389 0.05162650 [3116] ) 00000390 0.05167300 [3116] 00000391 0.05171240 [3116] Result=Failure 00000392 0.05177470 [3116] Status=C0000022 (Access Denied) 00000393 0.05182690 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000394 0.05216220 [3116] NtCreateKey: 00000395 0.05224260 [3116] Path= 00000396 0.05228780 [3116] HasRepaired 00000397 0.05233100 [3116] 00000398 0.05237860 [3116] Root=\REGISTRY\MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz 00000399 0.05242620 [3116] Object Attributes=00000040 00000400 0.05246930 [3116] ( 00000401 0.05251320 [3116] OBJ_CASE_INSENSITIVE 00000402 0.05255620 [3116] ) 00000403 0.05259910 [3116] 00000404 0.05264640 [3116] Access=0000000E 00000405 0.05268910 [3116] ( 00000406 0.05273330 [3116] KEY_SET_VALUE 00000407 0.05277690 [3116] | KEY_CREATE_SUB_KEY 00000408 0.05282070 [3116] | KEY_ENUMERATE_SUB_KEYS 00000409 0.05286390 [3116] ) 00000410 0.05290620 [3116] 00000411 0.05295050 [3116] Class= 00000412 0.05299310 [3116] 00000413 0.05303800 [3116] Options=00000001 00000414 0.05308050 [3116] ( 00000415 0.05312410 [3116] REG_OPTION_VOLATILE 00000416 0.05316720 [3116] ) 00000417 0.05321030 [3116] 00000418 0.05325360 [3116] Result=Failure 00000419 0.05331140 [3116] Status=C0000022 (Access Denied) 00000420 0.05336670 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000421 0.05354460 [3116] NtQueryValueKey: 00000422 0.05359220 [3116] Value Name= 00000423 0.05363750 [3116] MaxRpcSize 00000424 0.05368100 [3116] 00000425 0.05372610 [3116] Result=Expected Failure 00000426 0.05378940 [3116] Status=C0000034 (Object Name not found) 00000427 0.05384350 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000428 0.05396070 [3116] NtOpenKey: 00000429 0.05400910 [3116] Path= 00000430 0.05405710 [3116] \Registry\Machine\System\CurrentControlSet\Services\CCG 00000431 0.05410080 [3116] 00000432 0.05414810 [3116] Object Attributes=00000040 00000433 0.05419190 [3116] ( 00000434 0.05423590 [3116] OBJ_CASE_INSENSITIVE 00000435 0.05427940 [3116] ) 00000436 0.05432320 [3116] 00000437 0.05436910 [3116] Access=00020019 00000438 0.05441410 [3116] ( 00000439 0.05445980 [3116] KEY_QUERY_VALUE 00000440 0.05450480 [3116] | KEY_ENUMERATE_SUB_KEYS 00000441 0.05454860 [3116] | KEY_NOTIFY 00000442 0.05459310 [3116] | READ_CONTROL 00000443 0.05463680 [3116] ) 00000444 0.05467960 [3116] 00000445 0.05472390 [3116] Result=Expected Failure 00000446 0.05478090 [3116] Status=C0000034 (Object Name not found) 00000447 0.05483800 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000448 0.05493700 [3116] NtOpenKey: 00000449 0.05499280 [3116] Path= 00000450 0.05503250 [3116] \Registry\Machine\System\CurrentControlSet\Services\CCG 00000451 0.05507630 [3116] 00000452 0.05512300 [3116] Object Attributes=00000040 00000453 0.05516620 [3116] ( 00000454 0.05521060 [3116] OBJ_CASE_INSENSITIVE 00000455 0.05525450 [3116] ) 00000456 0.05529690 [3116] 00000457 0.05534470 [3116] Access=00020019 00000458 0.05538810 [3116] ( 00000459 0.05543210 [3116] KEY_QUERY_VALUE 00000460 0.05547590 [3116] | KEY_ENUMERATE_SUB_KEYS 00000461 0.05552330 [3116] | KEY_NOTIFY 00000462 0.05556750 [3116] | READ_CONTROL 00000463 0.05561570 [3116] ) 00000464 0.05565820 [3116] 00000465 0.05570280 [3116] Result=Expected Failure 00000466 0.05576020 [3116] Status=C0000034 (Object Name not found) 00000467 0.05581610 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000468 0.05599950 [3116] NtOpenKey: 00000469 0.05607140 [3116] Path= 00000470 0.05611800 [3116] PsfLauncher2.exe 00000471 0.05616120 [3116] 00000472 0.05620870 [3116] Root=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options 00000473 0.05625520 [3116] Object Attributes=00000240 00000474 0.05629840 [3116] ( 00000475 0.05634340 [3116] OBJ_CASE_INSENSITIVE 00000476 0.05638720 [3116] | OBJ_KERNEL_HANDLE 00000477 0.05643020 [3116] ) 00000478 0.05647330 [3116] 00000479 0.05652100 [3116] Access=00000009 00000480 0.05656370 [3116] ( 00000481 0.05660830 [3116] KEY_QUERY_VALUE 00000482 0.05665230 [3116] | KEY_ENUMERATE_SUB_KEYS 00000483 0.05669650 [3116] ) 00000484 0.05674060 [3116] 00000485 0.05678690 [3116] Result=Expected Failure 00000486 0.05684340 [3116] Status=C0000034 (Object Name not found) 00000487 0.05689980 [3116] Calling Module=C:\Windows\SYSTEM32\ntdll.dll 00000488 0.05707230 [3116] NtOpenKey: 00000489 0.05714440 [3116] Path= 00000490 0.05719340 [3116] Software\Policies\Microsoft\Windows NT\Rpc 00000491 0.05723570 [3116] 00000492 0.05728180 [3116] Root=\REGISTRY\MACHINE 00000493 0.05732910 [3116] Object Attributes=00000040 00000494 0.05737290 [3116] ( 00000495 0.05741710 [3116] OBJ_CASE_INSENSITIVE 00000496 0.05746030 [3116] ) 00000497 0.05750310 [3116] 00000498 0.05755050 [3116] Access=00020019 00000499 0.05759400 [3116] ( 00000500 0.05763780 [3116] KEY_QUERY_VALUE 00000501 0.05768420 [3116] | KEY_ENUMERATE_SUB_KEYS 00000502 0.05772930 [3116] | KEY_NOTIFY 00000503 0.05777430 [3116] | READ_CONTROL 00000504 0.05781760 [3116] ) 00000505 0.05786060 [3116] 00000506 0.05790590 [3116] Options=00000000 00000507 0.05795040 [3116] (REG_OPTION_NON_VOLATILE) 00000508 0.05799300 [3116] 00000509 0.05803730 [3116] Result=Expected Failure 00000510 0.05809450 [3116] Status=C0000034 (Object Name not found) 00000511 0.05815210 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000512 0.05831390 [3116] NtQueryValueKey: 00000513 0.05836130 [3116] Value Name= 00000514 0.05840690 [3116] IdleTimerWindow 00000515 0.05844970 [3116] 00000516 0.05849460 [3116] Result=Expected Failure 00000517 0.05855180 [3116] Status=C0000034 (Object Name not found) 00000518 0.05860820 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000519 0.05949630 [3116] NtOpenKey: 00000520 0.05957360 [3116] Path= 00000521 0.05962350 [3116] SOFTWARE\Microsoft\SecurityManager\CapAuthz 00000522 0.05966760 [3116] 00000523 0.05971330 [3116] Root=\REGISTRY\MACHINE 00000524 0.05976110 [3116] Object Attributes=00000040 00000525 0.05980500 [3116] ( 00000526 0.05984930 [3116] OBJ_CASE_INSENSITIVE 00000527 0.05990190 [3116] ) 00000528 0.05994540 [3116] 00000529 0.05999430 [3116] Access=00060009 00000530 0.06003900 [3116] ( 00000531 0.06008340 [3116] KEY_QUERY_VALUE 00000532 0.06012750 [3116] | KEY_ENUMERATE_SUB_KEYS 00000533 0.06017230 [3116] | READ_CONTROL 00000534 0.06021590 [3116] | WRITE_DAC 00000535 0.06026160 [3116] ) 00000536 0.06030200 [3116] 00000537 0.06034810 [3116] Options=00000000 00000538 0.06039490 [3116] (REG_OPTION_NON_VOLATILE) 00000539 0.06043790 [3116] 00000540 0.06048220 [3116] Result=Failure 00000541 0.06054220 [3116] Status=C0000022 (Access Denied) 00000542 0.06059980 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000543 0.06072080 [3116] NtOpenKey: 00000544 0.06079280 [3116] Path= 00000545 0.06084030 [3116] SOFTWARE\Microsoft\SecurityManager\CapAuthz 00000546 0.06088390 [3116] 00000547 0.06093040 [3116] Root=\REGISTRY\MACHINE 00000548 0.06097740 [3116] Object Attributes=00000040 00000549 0.06102040 [3116] ( 00000550 0.06106500 [3116] OBJ_CASE_INSENSITIVE 00000551 0.06110800 [3116] ) 00000552 0.06115100 [3116] 00000553 0.06119780 [3116] Access=00060000 00000554 0.06124150 [3116] ( 00000555 0.06128610 [3116] READ_CONTROL 00000556 0.06133140 [3116] | WRITE_DAC 00000557 0.06137480 [3116] ) 00000558 0.06141790 [3116] 00000559 0.06146270 [3116] Options=00000000 00000560 0.06150760 [3116] (REG_OPTION_NON_VOLATILE) 00000561 0.06155040 [3116] 00000562 0.06159480 [3116] Result=Failure 00000563 0.06165240 [3116] Status=C0000022 (Access Denied) 00000564 0.06170860 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000565 0.06188930 [3116] NtOpenKey: 00000566 0.06196790 [3116] Path= 00000567 0.06201580 [3116] Software\Microsoft\SecurityManager\CapAuthz\HasRepaired 00000568 0.06205920 [3116] 00000569 0.06210440 [3116] Root=\REGISTRY\MACHINE 00000570 0.06215100 [3116] Object Attributes=00000040 00000571 0.06219410 [3116] ( 00000572 0.06223790 [3116] OBJ_CASE_INSENSITIVE 00000573 0.06228130 [3116] ) 00000574 0.06232630 [3116] 00000575 0.06237470 [3116] Access=00010000 00000576 0.06241900 [3116] ( 00000577 0.06246340 [3116] DELETE 00000578 0.06250700 [3116] ) 00000579 0.06254990 [3116] 00000580 0.06259370 [3116] Result=Failure 00000581 0.06265210 [3116] Status=C0000022 (Access Denied) 00000582 0.06270890 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000583 0.06301840 [3116] NtOpenKey: 00000584 0.06309570 [3116] Path= 00000585 0.06314370 [3116] Software\Microsoft\SecurityManager\CapDBRedirect 00000586 0.06318760 [3116] 00000587 0.06323380 [3116] Root=\REGISTRY\MACHINE 00000588 0.06328090 [3116] Object Attributes=00000040 00000589 0.06332460 [3116] ( 00000590 0.06336990 [3116] OBJ_CASE_INSENSITIVE 00000591 0.06341260 [3116] ) 00000592 0.06345650 [3116] 00000593 0.06350370 [3116] Access=00020019 00000594 0.06354780 [3116] ( 00000595 0.06359180 [3116] KEY_QUERY_VALUE 00000596 0.06363600 [3116] | KEY_ENUMERATE_SUB_KEYS 00000597 0.06368030 [3116] | KEY_NOTIFY 00000598 0.06372490 [3116] | READ_CONTROL 00000599 0.06376830 [3116] ) 00000600 0.06381120 [3116] 00000601 0.06385770 [3116] Options=00000000 00000602 0.06390300 [3116] (REG_OPTION_NON_VOLATILE) 00000603 0.06394640 [3116] 00000604 0.06399090 [3116] Result=Expected Failure 00000605 0.06404870 [3116] Status=C0000034 (Object Name not found) 00000606 0.06410510 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000607 0.06425590 [3116] NtQueryValueKey: 00000608 0.06430350 [3116] Value Name= 00000609 0.06434890 [3116] AppPackageType 00000610 0.06439340 [3116] 00000611 0.06443800 [3116] Result=Expected Failure 00000612 0.06449630 [3116] Status=80000005 (Buffer Overflow) 00000613 0.06454320 [3116] Required Length=16 00000614 0.06459990 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000615 0.06467450 [3116] NtQueryValueKey: 00000616 0.06472000 [3116] Value Name= 00000617 0.06476460 [3116] PackageSid 00000618 0.06480780 [3116] 00000619 0.06485320 [3116] Result=Expected Failure 00000620 0.06498810 [3116] Status=80000005 (Buffer Overflow) 00000621 0.06507240 [3116] Required Length=182 00000622 0.06510120 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000623 0.06519040 [3116] NtQueryValueKey: 00000624 0.06523700 [3116] Value Name= 00000625 0.06528130 [3116] PackageSid 00000626 0.06532440 [3116] 00000627 0.06536910 [3116] Result=Expected Failure 00000628 0.06542860 [3116] Status=80000005 (Buffer Overflow) 00000629 0.06547510 [3116] Required Length=182 00000630 0.06553480 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000631 0.06561180 [3116] NtQueryValueKey: 00000632 0.06565700 [3116] Value Name= 00000633 0.06570160 [3116] CapSids 00000634 0.06574490 [3116] 00000635 0.06578880 [3116] Result=Expected Failure 00000636 0.06584570 [3116] Status=80000005 (Buffer Overflow) 00000637 0.06589290 [3116] Required Length=192 00000638 0.06594850 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000639 0.06601250 [3116] NtQueryValueKey: 00000640 0.06605790 [3116] Value Name= 00000641 0.06610190 [3116] CapSids 00000642 0.06614460 [3116] 00000643 0.06618860 [3116] Result=Expected Failure 00000644 0.06624460 [3116] Status=80000005 (Buffer Overflow) 00000645 0.06629060 [3116] Required Length=192 00000646 0.06634650 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000647 0.06642620 [3116] NtQueryValueKey: 00000648 0.06647230 [3116] Value Name= 00000649 0.06651700 [3116] DeviceCapSids 00000650 0.06656030 [3116] 00000651 0.06660460 [3116] Result=Expected Failure 00000652 0.06666220 [3116] Status=C0000034 (Object Name not found) 00000653 0.06671760 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000654 0.06678210 [3116] NtQueryValueKey: 00000655 0.06682770 [3116] Value Name= 00000656 0.06687240 [3116] CustomCapSids 00000657 0.06691530 [3116] 00000658 0.06695920 [3116] Result=Expected Failure 00000659 0.06701740 [3116] Status=C0000034 (Object Name not found) 00000660 0.06707270 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000661 0.06713690 [3116] NtQueryValueKey: 00000662 0.06718260 [3116] Value Name= 00000663 0.06722790 [3116] ApplicationFlags 00000664 0.06727170 [3116] 00000665 0.06731560 [3116] Result=Expected Failure 00000666 0.06737130 [3116] Status=80000005 (Buffer Overflow) 00000667 0.06741720 [3116] Required Length=16 00000668 0.06747210 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000669 0.06764080 [3116] NtOpenKey: 00000670 0.06771570 [3116] Path= 00000671 0.06776570 [3116] Software\Microsoft\Windows\CurrentVersion\AppModel\StateChange\PackageList\test_1.0.23.0_x64__fg0t8wag126gc 00000672 0.06780990 [3116] 00000673 0.06785640 [3116] Root=\REGISTRY\MACHINE 00000674 0.06790330 [3116] Object Attributes=00000040 00000675 0.06794680 [3116] ( 00000676 0.06799060 [3116] OBJ_CASE_INSENSITIVE 00000677 0.06803350 [3116] ) 00000678 0.06807670 [3116] 00000679 0.06812350 [3116] Access=00020119 00000680 0.06816680 [3116] ( 00000681 0.06821080 [3116] KEY_QUERY_VALUE 00000682 0.06825650 [3116] | KEY_ENUMERATE_SUB_KEYS 00000683 0.06830000 [3116] | KEY_NOTIFY 00000684 0.06834440 [3116] | READ_CONTROL 00000685 0.06838760 [3116] ) 00000686 0.06843060 [3116] 00000687 0.06847570 [3116] Options=00000000 00000688 0.06852080 [3116] (REG_OPTION_NON_VOLATILE) 00000689 0.06856590 [3116] 00000690 0.06860820 [3116] Result=Expected Failure 00000691 0.06866630 [3116] Status=C0000034 (Object Name not found) 00000692 0.06872240 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000693 0.06886050 [3116] NtQueryValueKey: 00000694 0.06890740 [3116] Value Name= 00000695 0.06895270 [3116] PackageRepositoryRoot 00000696 0.06899560 [3116] 00000697 0.06904070 [3116] Result=Expected Failure 00000698 0.06909780 [3116] Status=80000005 (Buffer Overflow) 00000699 0.06914480 [3116] Required Length=106 00000700 0.06920240 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000701 0.06931720 [3116] NtQueryValueKey: 00000702 0.06936660 [3116] Value Name= 00000703 0.06941230 [3116] PackageRepositoryRoot 00000704 0.06945550 [3116] 00000705 0.06950000 [3116] Result=Expected Failure 00000706 0.06955680 [3116] Status=80000005 (Buffer Overflow) 00000707 0.06960270 [3116] Required Length=106 00000708 0.06965830 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000709 0.07010510 [3116] NtOpenKey: 00000710 0.07017160 [3116] Path= 00000711 0.07022970 [3116] cmd.exe 00000712 0.07026020 [3116] 00000713 0.07031820 [3116] Root=\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options 00000714 0.07035990 [3116] Object Attributes=00000240 00000715 0.07040180 [3116] ( 00000716 0.07044500 [3116] OBJ_CASE_INSENSITIVE 00000717 0.07048830 [3116] | OBJ_KERNEL_HANDLE 00000718 0.07053100 [3116] ) 00000719 0.07057290 [3116] 00000720 0.07061920 [3116] Access=00000009 00000721 0.07066270 [3116] ( 00000722 0.07071130 [3116] KEY_QUERY_VALUE 00000723 0.07074930 [3116] | KEY_ENUMERATE_SUB_KEYS 00000724 0.07079300 [3116] ) 00000725 0.07083460 [3116] 00000726 0.07088310 [3116] Result=Expected Failure 00000727 0.07094030 [3116] Status=C0000034 (Object Name not found) 00000728 0.07099630 [3116] Calling Module=C:\Windows\SYSTEM32\ntdll.dll 00000729 0.07108200 [3116] NtOpenKey: 00000730 0.07112970 [3116] Path= 00000731 0.07117560 [3116] \Registry\Machine\Software\Microsoft\Wow64\x86\xtajit 00000732 0.07121860 [3116] 00000733 0.07126430 [3116] Object Attributes=00000640 00000734 0.07130760 [3116] ( 00000735 0.07135290 [3116] OBJ_CASE_INSENSITIVE 00000736 0.07139770 [3116] | OBJ_KERNEL_HANDLE 00000737 0.07144130 [3116] | OBJ_FORCE_ACCESS_CHECK 00000738 0.07148440 [3116] ) 00000739 0.07152710 [3116] 00000740 0.07157360 [3116] Access=00000101 00000741 0.07161640 [3116] ( 00000742 0.07166070 [3116] KEY_QUERY_VALUE 00000743 0.07170400 [3116] ) 00000744 0.07174760 [3116] 00000745 0.07179180 [3116] Result=Expected Failure 00000746 0.07184850 [3116] Status=C0000034 (Object Name not found) 00000747 0.07190470 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000748 0.09038900 [3116] NtOpenKey: 00000749 0.09046750 [3116] Path= 00000750 0.09053490 [3116] \Registry\MACHINE\System\CurrentControlSet\Control\Session Manager\AppCertDlls 00000751 0.09059430 [3116] 00000752 0.09065670 [3116] Object Attributes=00000040 00000753 0.09071520 [3116] ( 00000754 0.09077350 [3116] OBJ_CASE_INSENSITIVE 00000755 0.09082990 [3116] ) 00000756 0.09088600 [3116] 00000757 0.09094980 [3116] Access=00000001 00000758 0.09100690 [3116] ( 00000759 0.09106410 [3116] KEY_QUERY_VALUE 00000760 0.09112200 [3116] ) 00000761 0.09117820 [3116] 00000762 0.09123630 [3116] Result=Expected Failure 00000763 0.09131000 [3116] Status=C0000034 (Object Name not found) 00000764 0.09138100 [3116] Calling Module=C:\Windows\System32\KERNEL32.DLL 00000765 0.09149520 [3116] NtOpenKey: 00000766 0.09155750 [3116] Path= 00000767 0.09161800 [3116] \Registry\MACHINE\System\CurrentControlSet\Control\SafeBoot\Option 00000768 0.09167430 [3116] 00000769 0.09173420 [3116] Object Attributes=00000040 00000770 0.09179100 [3116] ( 00000771 0.09184800 [3116] OBJ_CASE_INSENSITIVE 00000772 0.09190480 [3116] ) 00000773 0.09196080 [3116] 00000774 0.09202160 [3116] Access=00000003 00000775 0.09207850 [3116] ( 00000776 0.09213580 [3116] KEY_QUERY_VALUE 00000777 0.09219610 [3116] | KEY_SET_VALUE 00000778 0.09226830 [3116] ) 00000779 0.09230030 [3116] 00000780 0.09236820 [3116] Result=Expected Failure 00000781 0.09242290 [3116] Status=C0000034 (Object Name not found) 00000782 0.09247960 [3116] Calling Module=C:\Windows\System32\KERNEL32.DLL 00000783 0.09260190 [3116] NtQueryValueKey: 00000784 0.09264830 [3116] Value Name= 00000785 0.09269320 [3116] TransparentEnabled 00000786 0.09273590 [3116] 00000787 0.09278030 [3116] Result=Expected Failure 00000788 0.09283590 [3116] Status=C0000034 (Object Name not found) 00000789 0.09289130 [3116] Calling Module=C:\Windows\System32\KERNEL32.DLL 00000790 0.09299190 [3116] NtOpenKey: 00000791 0.09303840 [3116] Path= 00000792 0.09308710 [3116] \REGISTRY\USER\S-1-5-21-2396449878-2845259392-2342097501-10863\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers 00000793 0.09312960 [3116] 00000794 0.09317640 [3116] Object Attributes=00000040 00000795 0.09322040 [3116] ( 00000796 0.09326790 [3116] OBJ_CASE_INSENSITIVE 00000797 0.09331190 [3116] ) 00000798 0.09335910 [3116] 00000799 0.09340460 [3116] Access=00000001 00000800 0.09344790 [3116] ( 00000801 0.09349170 [3116] KEY_QUERY_VALUE 00000802 0.09353540 [3116] ) 00000803 0.09357800 [3116] 00000804 0.09362220 [3116] Result=Expected Failure 00000805 0.09367940 [3116] Status=C0000034 (Object Name not found) 00000806 0.09373550 [3116] Calling Module=C:\Windows\System32\KERNEL32.DLL 00000807 0.09446210 [3116] NtQueryValueKey: 00000808 0.09450920 [3116] Value Name= 00000809 0.09455710 [3116] PackageRepositoryRoot 00000810 0.09460180 [3116] 00000811 0.09464700 [3116] Result=Expected Failure 00000812 0.09470650 [3116] Status=80000005 (Buffer Overflow) 00000813 0.09475310 [3116] Required Length=106 00000814 0.09481040 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000815 0.09494300 [3116] NtQueryValueKey: 00000816 0.09499060 [3116] Value Name= 00000817 0.09503690 [3116] PackageRepositoryRoot 00000818 0.09508010 [3116] 00000819 0.09512490 [3116] Result=Expected Failure 00000820 0.09518300 [3116] Status=80000005 (Buffer Overflow) 00000821 0.09522930 [3116] Required Length=106 00000822 0.09528450 [3116] Calling Module=C:\Windows\System32\KERNELBASE.dll 00000823 0.09564110 [3116] NtQueryValueKey: 00000824 0.09569150 [3116] Value Name= 00000825 0.09573740 [3116] PreferExternalManifest 00000826 0.09578030 [3116] 00000827 0.09582500 [3116] Result=Expected Failure 00000828 0.09588420 [3116] Status=C0000034 (Object Name not found) 00000829 0.09594130 [3116] Calling Module=C:\Windows\System32\KERNEL32.DLL 00000830 0.09645590 [3116] Possible injection to process C:\Windows\SysWOW64\cmd.exe 9864. 00000831 5.21323824 [3116] Process Launch Ready to run any end scripts. 00000832 5.21331358 [3116] EndingScript commandString= 00000833 5.21336651 [3116] EndingScript currentDirectory= 00000834 5.21341705 [3116] Process Launch complete.Maybe above makes sense to you and could point me to the mistake i made or the fix that is required.
Thanks.