0:011> uf ntdll!RtlSetProcessIsCritical ntdll!RtlSetProcessIsCritical: 77c641c1 8bff mov edi,edi 77c641c3 55 push ebp 77c641c4 8bec mov ebp,esp 77c641c6 56 push esi 77c641c7 8b750c mov esi,dword ptr [ebp+0Ch] 77c641ca 33c0 xor eax,eax 77c641cc 3bf0 cmp esi,eax 77c641ce 7402 je ntdll!RtlSetProcessIsCritical+0x11 (77c641d2) ntdll!RtlSetProcessIsCritical+0xf: 77c641d0 8806 mov byte ptr [esi],al ntdll!RtlSetProcessIsCritical+0x11: 77c641d2 384510 cmp byte ptr [ebp+10h],al 77c641d5 741a je ntdll!RtlSetProcessIsCritical+0x30 (77c641f1) ntdll!RtlSetProcessIsCritical+0x16: 77c641d7 648b0d18000000 mov ecx,dword ptr fs:[18h] 77c641de 8b4930 mov ecx,dword ptr [ecx+30h] 77c641e1 f7416800001000 test dword ptr [ecx+68h],100000h 77c641e8 7507 jne ntdll!RtlSetProcessIsCritical+0x30 (77c641f1) ntdll!RtlSetProcessIsCritical+0x29: 77c641ea b8010000c0 mov eax,0C0000001h 77c641ef eb2f jmp ntdll!RtlSetProcessIsCritical+0x5f (77c64220) ntdll!RtlSetProcessIsCritical+0x30: 77c641f1 3bf0 cmp esi,eax 77c641f3 7415 je ntdll!RtlSetProcessIsCritical+0x49 (77c6420a) ntdll!RtlSetProcessIsCritical+0x34: 77c641f5 50 push eax 77c641f6 6a04 push 4 77c641f8 8d4510 lea eax,[ebp+10h] 77c641fb 50 push eax 77c641fc 6a1d push 1Dh 77c641fe 6aff push 0FFFFFFFFh 77c64200 e873b8f5ff call ntdll!ZwQueryInformationProcess (77bbfa78) 77c64205 8a4510 mov al,byte ptr [ebp+10h] 77c64208 8806 mov byte ptr [esi],al ntdll!RtlSetProcessIsCritical+0x49: 77c6420a 0fb64508 movzx eax,byte ptr [ebp+8] 77c6420e 6a04 push 4 77c64210 894510 mov dword ptr [ebp+10h],eax 77c64213 8d4510 lea eax,[ebp+10h] 77c64216 50 push eax 77c64217 6a1d push 1Dh 77c64219 6aff push 0FFFFFFFFh 77c6421b e8a8b8f5ff call ntdll!ZwSetInformationProcess (77bbfac8) ntdll!RtlSetProcessIsCritical+0x5f: 77c64220 5e pop esi 77c64221 5d pop ebp 77c64222 c3 ret