viewer9 documentation | Index Home |
Lock/UnlockFile PML Operations
LockFile
UnlockFileAll
UnlockFileSingle
These operations belong to opcode=3,37 (see note about Op vs opcode in PML Operations). Offset and Length are 64-bit integers. FailImmed ("Fail Immediately" in Procmon) and Exclusive are booleans. Address (not shown in Procmon) is one of the memory addresses observed in the data that might reflect something about the way the API was called and it is displayed in hex.
Example of LockFile from 64-bit PML
Hover over field values like Time, ResultCode, and bytes of evdata in this example to see tooltips as they appear in viewer9. The tooltip of the first byte of a color patch tells the field name.
LockFile opcode=3,37
ev=35194 advop=FASTIO_LOCK
Time: | 2022-05-17 16:06:22.5924818 |
Duration: | 0.0000030 |
ResultCode: | SUCCESS |
Tid: | 3448 |
Path: | C:\Users\johnk\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat |
Offset: | 0 |
Length: | 4294967295 |
FailImmed: | False |
Exclusive: | True |
Address: | 0xfffff880053c8b48 |
evdata[0-151] file offset 20280693
0 | 01 f7 0a 00 63 00 65 00 | ....c.e. |
8 | 00 00 00 00 02 00 00 00 | ........ |
16 | 48 8b 3c 05 80 f8 ff ff | H.<..... |
24 | 00 00 00 00 00 00 00 00 | ........ |
32 | 00 00 00 00 00 00 00 00 | ........ |
40 | 60 70 ff 07 80 fa ff ff | `p...... |
48 | 00 01 00 00 00 00 00 00 | ........ |
56 | 00 00 00 00 00 00 00 00 | ........ |
64 | 4a 80 8c 94 43 3a 5c 55 | J...C:\U |
72 | 73 65 72 73 5c 6a 6f 68 | sers\joh |
80 | 6e 6b 5c 41 70 70 44 61 | nk\AppDa |
88 | 74 61 5c 4c 6f 63 61 6c | ta\Local |
96 | 5c 47 6f 6f 67 6c 65 5c | \Google\ |
104 | 43 68 72 6f 6d 65 5c 55 | Chrome\U |
112 | 73 65 72 20 44 61 74 61 | ser Data |
120 | 5c 43 72 61 73 68 70 61 | \Crashpa |
128 | 64 5c 73 65 74 74 69 6e | d\settin |
136 | 67 73 2e 64 61 74 ff ff | gs.dat.. |
144 | ff ff ff ff ff ff a1 77 | .......w |
Call Stack stacksize=41
StackAddress | mod | ModName | ModPath |
---|---|---|---|
0xfffff880011730f7 | 194 | fltmgr.sys + 0x20f7 | C:\Windows\system32\drivers\fltmgr.sys |
0xfffff8800117588d | 194 | fltmgr.sys + 0x488d | C:\Windows\system32\drivers\fltmgr.sys |
0xfffff88001194d8a | 194 | fltmgr.sys + 0x23d8a | C:\Windows\system32\drivers\fltmgr.sys |
0xfffff80002b0adac | 161 | ntoskrnl.exe + 0x2bcdac | C:\Windows\system32\ntoskrnl.exe |
0xfffff800028eff53 | 161 | ntoskrnl.exe + 0xa1f53 | C:\Windows\system32\ntoskrnl.exe |
0x77c8a5da | 2 | ntdll.dll + 0x6a5da | C:\Windows\SYSTEM32\ntdll.dll |
0x7fefd801722 | 43 | KERNELBASE.dll + 0x31722 | C:\Windows\system32\KERNELBASE.dll |
0x77a4c04b | 0 | kernel32.dll + 0x4c04b | C:\Windows\system32\kernel32.dll |
0x7fef2a54f95 | 687 | chrome_elf.dll + 0x44f95 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome_elf.dll |
0x7fef2a4ab61 | 687 | chrome_elf.dll + 0x3ab61 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome_elf.dll |
0x7fef2a4abec | 687 | chrome_elf.dll + 0x3abec | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome_elf.dll |
0x7fef2ada4f3 | 687 | chrome_elf.dll + 0xca4f3 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome_elf.dll |
0x7fee6b23019 | 683 | chrome.dll + 0x1403019 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7fee6b0944b | 683 | chrome.dll + 0x13e944b | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7fee6b04d63 | 683 | chrome.dll + 0x13e4d63 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7fee8202224 | 683 | chrome.dll + 0x2ae2224 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7feeacca802 | 683 | chrome.dll + 0x55aa802 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7feeaccd032 | 683 | chrome.dll + 0x55ad032 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7feeaccca0d | 683 | chrome.dll + 0x55aca0d | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7feeacc9c58 | 683 | chrome.dll + 0x55a9c58 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7feea640709 | 683 | chrome.dll + 0x4f20709 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7feeacc9eca | 683 | chrome.dll + 0x55a9eca | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7fee90903e6 | 683 | chrome.dll + 0x39703e6 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7fee8d2788a | 683 | chrome.dll + 0x360788a | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7fee97e1e71 | 683 | chrome.dll + 0x40c1e71 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7fee8bd8f60 | 683 | chrome.dll + 0x34b8f60 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7fee8bd7d35 | 683 | chrome.dll + 0x34b7d35 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7fee932e35d | 683 | chrome.dll + 0x3c0e35d | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7fee5a41049 | 683 | chrome.dll + 0x321049 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7fee60f5b0a | 683 | chrome.dll + 0x9d5b0a | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7fee63785b1 | 683 | chrome.dll + 0xc585b1 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7fee66fff62 | 683 | chrome.dll + 0xfdff62 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7fee66ffc4f | 683 | chrome.dll + 0xfdfc4f | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7fee7ca5f92 | 683 | chrome.dll + 0x2585f92 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7fee6148a21 | 683 | chrome.dll + 0xa28a21 | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x7fee6146bcd | 683 | chrome.dll + 0xa26bcd | C:\Program Files\Google\Chrome\Application\101.0.4951.67\chrome.dll |
0x13ffccae6 | 681 | chrome.exe + 0x9cae6 | C:\Program Files\Google\Chrome\Application\chrome.exe |
0x13ffcc648 | 681 | chrome.exe + 0x9c648 | C:\Program Files\Google\Chrome\Application\chrome.exe |
0x14004b062 | 681 | chrome.exe + 0x11b062 | C:\Program Files\Google\Chrome\Application\chrome.exe |
0x77a1556d | 0 | kernel32.dll + 0x1556d | C:\Windows\system32\kernel32.dll |
0x77c7372d | 2 | ntdll.dll + 0x5372d | C:\Windows\SYSTEM32\ntdll.dll |
Advanced names
These events can also be queried with advop:
- LockFile: FASTIO_LOCK
- UnlockFileSingle: FASTIO_UNLOCK_SINGLE
- UnlockFileAll: FASTIO_UNLOCK_ALL
See also
Posted 4 Jul 2022 last updated 15 Nov 2022 As viewer9 is just starting out, discussion is invited via email. Please send questions and comments to forum@viewer9.com directly. Threads that might be valuable to other users will be posted as part of the documentation. Posted messages will not include your address or your full name, and might be shortened for brevity.
Copyright 2022, bryantlite, Inc.