kntlist kernel object auditing utility, 1, 0, 0, 1700
knTlist kernel object auditing utility, 1, 0, 0, 1700
Copyright (C) 2004-2005 GMG Systems, Inc.

Command Line: kntlist.exe -v -a -o kntlist-dfrws2005-physical-memory2 --kernel ntoskrnl.exe dfrws2005-physical-memory2.dmp --log --cryptsum sha1 --localwrt
beta 1 Interim release.  Licensed to Eoghan Casey.
Microsoft Windows Microsoft Windows  5.1 (Build 2600.Personal Service Pack 2)

28/08/2005  18:51:17 (UTC)
28/08/2005  14:51:17 (local time)

Current User: Computer\Eoghan Casey

BETA EVALUATION VERSION!  NOT FOR COMMERCIAL USE.
Physical memory modules installed on the system: 0xf800000
Physical memory visible to the operating system: 0xf75c000
Highest physical page plus 4096 bytes: 0xf7d0000
MmPagingFile is not at expected offset from MmNumberOfPagingFiles:
	MmPagingFile expected at 0x80480C6C
	MmPagingFile found at 0x80480C40
Processing loaded system module list.
124 system modules found.
Processing unloaded system module table.
6 unloaded system modules found.
Processing service descriptor table.
Processing shadow service descriptor table.
Processing active process list.
The kernel stack could not be determined for one or more threads.
There are 32 processes in the active process list.
Processing cid table.
Processing handle table list head.
Processing object directory.
Looking for cloaked system modules.
Processing IDT Table 0x80036400
WARNING: Unable to find module for IDT entry 0x31: 0xfcd9ddc4
WARNING: Unable to find module for IDT entry 0x34: 0xfcdb1324
WARNING: Unable to find module for IDT entry 0x39: 0xfcd30044
WARNING: Unable to find module for IDT entry 0x3b: 0xfcdb1944
WARNING: Unable to find module for IDT entry 0x3c: 0xfcd9db44
WARNING: Unable to find module for IDT entry 0x3e: 0xfcd29ce4
Processing GDT (callgates only) Table 0x80036000
Processing unloaded system module list.

28/08/2005  18:51:42 (UTC)
28/08/2005  14:51:42 (local time)