Untitled

CONTEXT:  (.ecxr)
rax=0000000000000000 rbx=0000004141414141 rcx=00000000ffffffff
rdx=00007ffaffad59de rsi=0000000000000000 rdi=4141414141414141
rip=00007ffaff92d888 rsp=000000fa265fe9f8 rbp=000000fa265feb00
 r8=00007ffafafed2a0  r9=0000000000000000 r10=000002895760b630
r11=000000fa265fe9f0 r12=0000000000000001 r13=0000000000000000
r14=bfffffffffffffff r15=0000028960140900
iopl=0         nv up ei pl nz na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010206
kool_ade!FileMove+0x128:
00007ffa`ff92d888 c3              ret


0:000> r
rax=00000000000000f3 rbx=00000289559f0150 rcx=00000000000005e8
rdx=000000fa265fb5d0 rsi=00000289559f0108 rdi=00000289559f00f8
rip=00007ffb914cf3b4 rsp=000000fa265fb578 rbp=00000000000005e8
 r8=00000000000021f8  r9=0000000000000017 r10=0000000000000000
r11=0000000000000246 r12=00000289559f00f8 r13=0000028955830080
r14=00000289559f0108 r15=00000289559f0150
iopl=0         nv up ei pl zr na po nc
cs=0033  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00000246
ntdll!NtGetContextThread+0x14:
00007ffb`914cf3b4 c3              ret


0:000> k
 # Child-SP          RetAddr               Call Site
00 000000fa`265fb578 00000000`00000000     ntdll!NtGetContextThread+0x14

0:000> u @rip
ntdll!NtGetContextThread+0x14:
00007ffb`914cf3b4 c3              ret
00007ffb`914cf3b5 cd2e            int     2Eh
00007ffb`914cf3b7 c3              ret
00007ffb`914cf3b8 0f1f840000000000 nop     dword ptr [rax+rax]
ntdll!NtGetCurrentProcessorNumber:
00007ffb`914cf3c0 4c8bd1          mov     r10,rcx
00007ffb`914cf3c3 b8f4000000      mov     eax,0F4h
00007ffb`914cf3c8 f604250803fe7f01 test    byte ptr [SharedUserData+0x308 (00000000`7ffe0308)],1
00007ffb`914cf3d0 7503            jne     ntdll!NtGetCurrentProcessorNumber+0x15 (00007ffb`914cf3d5)

0:000> !exchain
1 stack frames, scanning for handlers...