.On offset 0xBF8 in TIB there is some UNCODE_STRING buffer. It seems to be used permanently in ReactOS by ASCII Winapi functions but I cannot find where it is used by original Windows. I have tried to put hardware breakpoint on it (Win 7 x64) but it seems it has never been used. Could you please tell by which API could it be used?
![[+] expand](/imagery/files/soysauce_blueprint.gif){kind=link}