C
Chris
An error occurs when windows explorer "previews" an html
file... something saying that the memory at "0x00000"
cannot be "read". (or something like that)
This is the content of my DR. WATSON txtfile:
Microsoft (R) Windows 2000 (TM) Version 5.00 DrWtsn32
Copyright (C) 1985-1999 Microsoft Corp. All rights
reserved.
Application exception occurred:
App: (pid=1324)
When: 8/6/2003 @ 14:42:04.171
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
532 rtvscan.exe
572 regsvc.exe
588 mstask.exe
636 WinMgmt.exe
688 mspmspsv.exe
700 svchost.exe
1092 explorer.exe
1000 igfxtray.exe
996 hkcmd.exe
1072 vptray.exe
1164 FINDFAST.exe
988 OSA.exe
1228 ipmsg2.02.exe
260 EXTRA.exe
388 aomdemon.exe
1324 SQLPLUSW.exe
1304 wmplayer.exe
1348 VB6.exe
1440 msaccess.exe
1428 notepad.exe
1368 notepad.exe
1548 msaccess.exe
1340 DRWTSN32.exe
0 _Total.exe
(00400000 - 00614000)
(77F80000 - 77FFB000)
(60400000 - 60506000)
(60600000 - 60686000)
(60800000 - 6084D000)
(77E80000 - 77F36000)
(78000000 - 78046000)
(77DB0000 - 77E0D000)
(77D30000 - 77DA1000)
(77570000 - 775A0000)
(77E10000 - 77E75000)
(77F40000 - 77F7C000)
(00230000 - 00236000)
(60200000 - 60265000)
(60000000 - 60122000)
(60A00000 - 60A2B000)
(60B00000 - 60BA9000)
(60E00000 - 60E0D000)
(61100000 - 61137000)
(75030000 - 75043000)
(75020000 - 75028000)
(00240000 - 002A1000)
(61500000 - 6150E000)
(61700000 - 61720000)
(75050000 - 75058000)
(77A50000 - 77B45000)
(779B0000 - 77A4B000)
(61900000 - 61906000)
(62100000 - 62106000)
(002B0000 - 002B6000)
(62300000 - 62306000)
(62500000 - 62508000)
(002C0000 - 002C7000)
(002D0000 - 002E1000)
(62700000 - 62740000)
(62900000 - 62B23000)
(63100000 - 63108000)
(60350000 - 60356000)
(63200000 - 63273000)
(76B30000 - 76B6D000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(782F0000 - 78536000)
(64700000 - 6470B000)
(74FD0000 - 74FED000)
(75010000 - 75017000)
State Dump for Thread Id 0x4f8
eax=00000002 ebx=c0000000 ecx=00000000 edx=00000000
esi=0012a52c edi=0012a524
eip=004746bc esp=00129e38 ebp=0012a0f8 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
00474689 0fafc8 imul ecx,eax
0047468c 894d88 mov
[ebp+0x88],ecx ss:00ba76ca=????????
0047468f
c785d8feffff00000000
ss:00129fd0=00000002
mov dword ptr
[ebp+0xfffffed8],0x0
00474699 8b15d45c4a00 mov edx,
[004a5cd4] ds:004a5cd4=01651ff0
0047469f 8915d05c4a00 mov
[004a5cd0],edx ds:004a5cd0=00000000
004746a5 eb1d jmp 0047d1c4
004746a7 8b85d8feffff mov eax,
[ebp+0xfffffed8] ss:00129fd0=00000002
004746ad 83c001 add eax,0x1
004746b0 8985d8feffff mov
[ebp+0xfffffed8],eax ss:00129fd0=00000002
004746b6 8b0dd05c4a00 mov ecx,
[004a5cd0] ds:004a5cd0=00000000
FAULT ->004746bc 8b11 mov edx,
[ecx] ds:00000000=????????
004746be 8915d05c4a00 mov
[004a5cd0],edx ds:004a5cd0=00000000
004746c4 8b85d8feffff mov eax,
[ebp+0xfffffed8] ss:00129fd0=00000002
004746ca 3b8540ffffff cmp eax,
[ebp+0xffffff40] ss:0012a038=000003e7
004746d0 7d02 jge 004831d4
004746d2 ebd3 jmp 0047caa7
004746d4 833dd05c4a0000 cmp dword ptr
[004a5cd0],0x0 ds:004a5cd0=00000000
004746db 0f8482000000 je 00474763
004746e1 833dcc5d4a0000 cmp dword ptr
[004a5dcc],0x0 ds:004a5dcc=00000000
004746e8 7440 jz 0047d22a
004746ea 8b0d185d4a00 mov ecx,
[004a5d18] ds:004a5d18=000003e7
004746f0 3b8d40ffffff cmp ecx,
[ebp+0xffffff40] ss:0012a038=000003e7
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0012A0F8 77E11D0A 000803DE 0000000F 00000000 00000000 !
<nosymbols>
0012A118 77E12BCC 00471975 000803DE 0000000F 00000000
user32!DispatchMessageW
0012A134 77E12B84 007B1070 0000000F 00000000 00000000
user32!MsgWaitForMultipleObjects
0012A15C 77FA02FF 0012A16C 00000018 007B1070 0000000F
user32!MsgWaitForMultipleObjects
0012A458 77E11D0A 000803DE 00000102 0000000D 001C0001
ntdll!KiUserCallbackDispatcher
0012A478 77E11BC8 00471975 000803DE 00000102 0000000D
user32!DispatchMessageW
0012A504 77E172B4 0012A524 00000001 0047AA4C 0012A524
user32!GetAppCompatFlags2
0012A540 0046FE2B 0012B6A8 00001D4C 00000017 003B4590
user32!DispatchMessageA
0012A560 0042EF02 003B4578 004A6A00 0012B6A8 00001D4C !
<nosymbols>
0012A594 0043B1CE 003B4590 004A6A00 0012B6A8 00001D4C !
<nosymbols>
0012A5C4 0043A3DD 003B4590 0012B6A8 00001D4C 00000000 !
<nosymbols>
0012DDF4 0040C6E5 003B4590 004A8040 0012DE48 000009C3 !
<nosymbols>
0012E834 0040BAC3 003B4590 0012FECC 0042BE57 003B4590 !
<nosymbols>
0012E840 0042BE57 003B4590 00000001 00136A28 00000000 !
<nosymbols>
0012FECC 0046F4AA 00000000 0012FF10 003B4578 00000001 !
<nosymbols>
0012FEE8 0047175C 00000002 0012FF08 003B4578 003B4590 !
<nosymbols>
0012FF24 0047D5A6 00400000 00000000 00134903 00000001 !
<nosymbols>
0012FFC0 77E9CA90 00000000 00000000 7FFDF000 C0000005 !
<nosymbols>
0012FFF0 00000000 0047D450 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
00129e38 2c a5 12 00 00 00 00 00 - 2c a5 12 00 47 00 00
00 ,.......,...G...
00129e48 03 00 00 00 00 00 00 00 - a4 c5 13 00 b0 2a 7a
00 .............*z.
00129e58 04 00 00 00 06 00 00 00 - ec 1d f4 77 51 00 01
01 ...........wQ...
00129e68 a4 c5 13 00 e7 03 00 00 - e8 03 00 00 e7 03 00
00 ................
00129e78 01 00 00 00 11 01 00 00 - be 03 09 00 68 43 7a
00 ............hCz.
00129e88 0a 1d e1 77 ce 03 0e 00 - 11 01 00 00 21 03 00
00 ...w........!...
00129e98 82 00 00 00 be 03 09 00 - cd ab ba dc e0 9e 12
00 ................
00129ea8 ae 30 e2 77 ce 03 0e 00 - 11 01 00 00 21 03 00
00 .0.w........!...
00129eb8 be 03 09 00 00 00 00 00 - 0e 00 00 00 11 01 00
00 ................
00129ec8 01 01 00 00 12 07 0a 08 - 04 9f 12 00 a0 39 e2
77 .............9.w
00129ed8 51 00 01 01 00 00 00 00 - 10 9f 12 00 c5 36 e1
77 Q............6.w
00129ee8 1c 9f 12 00 03 00 00 00 - 70 39 f8 77 00 00 13
00 ........p9.w....
00129ef8 18 07 13 00 03 00 00 00 - 58 c5 13 00 f4 9e 12
00 ........X.......
00129f08 00 02 00 00 b0 a0 12 00 - 95 2b f8 77 b8 39 f8
77 .........+.w.9.w
00129f18 ff ff ff ff c0 a0 12 00 - 27 b2 fc 77 18 07 13
00 ........'..w....
00129f28 01 00 00 00 14 a1 12 00 - 05 00 00 00 e3 b7 fc
77 ...............w
00129f38 20 f1 ed 77 08 00 a7 00 - 74 9f 12 00 12 00 00
00 ..w....t.......
00129f48 70 39 f8 77 00 00 13 00 - e8 09 13 00 12 00 00
00 p9.w............
00129f58 38 c6 13 00 4c 9f 12 00 - 00 02 00 00 08 a1 12
00 8...L...........
00129f68 95 2b f8 77 b8 39 f8 77 - ff ff ff ff 18 a1 12
00 .+.w.9.w........
Application exception occurred:
App: (pid=1600)
When: 8/11/2003 @ 15:42:42.562
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
572 regsvc.exe
588 mstask.exe
632 WinMgmt.exe
692 mspmspsv.exe
704 svchost.exe
724 explorer.exe
1148 igfxtray.exe
1016 hkcmd.exe
1044 vptray.exe
1088 FINDFAST.exe
1196 OSA.exe
532 ipmsg2.02.exe
1420 DLLHOST.exe
1400 msdtc.exe
1272 IEXPLORE.exe
1004 nlnotes.exe
1176 naldaemn.exe
1504 nhldaemn.exe
1416 IEXPLORE.exe
1532 AcroRd32.exe
1572 _BlackWidow.exe
1600 _BWDS.exe
1608 DRWTSN32.exe
0 _Total.exe
(00400000 - 0041B000)
(77F80000 - 77FFB000)
(762E0000 - 7642D000)
(77E80000 - 77F36000)
(77E10000 - 77E75000)
(77F40000 - 77F7C000)
(77DB0000 - 77E0D000)
(77D30000 - 77DA1000)
(77A50000 - 77B45000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(78000000 - 78046000)
(234C0000 - 234DE000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70BD0000 - 70C35000)
(202B0000 - 20346000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(71710000 - 71794000)
(76B30000 - 76B6D000)
(782F0000 - 78536000)
(01170000 - 01176000)
State Dump for Thread Id 0x28c
eax=0202bfda ebx=00000000 ecx=0012f49c edx=00139e70
esi=00000000 edi=763b8bce
eip=00400202 esp=0012f38c ebp=bfdaf4bc iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: <nosymbols>
004001e8 0000 add
[eax],al ds:0202bfda=??
004001ea 0000 add
[eax],al ds:0202bfda=??
004001ec 40 inc eax
004001ed 0000 add
[eax],al ds:0202bfda=??
004001ef 40 inc eax
004001f0 2e7273 jb 00407466
004001f3 7263 jb 00400258
004001f5 0000 add
[eax],al ds:0202bfda=??
004001f7 00840b00000080 add
[ebx+ecx+0x80000000],al ds:8012f49c=??
004001fe 0100 add
[eax],eax ds:0202bfda=????????
00400200 000c00 add
[eax+eax],cl ds:0202bfda=??
00400203 0000 add
[eax],al ds:0202bfda=??
00400205 52 push edx
00400206 0100 add
[eax],eax ds:0202bfda=????????
00400208 0000 add
[eax],al ds:0202bfda=??
0040020a 0000 add
[eax],al ds:0202bfda=??
0040020c 0000 add
[eax],al ds:0202bfda=??
0040020e 0000 add
[eax],al ds:0202bfda=??
00400210 0000 add
[eax],al ds:0202bfda=??
00400212 0000 add
[eax],al ds:0202bfda=??
00400214 40 inc eax
00400215 0000 add
[eax],al ds:0202bfda=??
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
BFDAF4BC 00000000 00000000 00000000 00000000 00000000 !
<nosymbols>
*----> Raw Stack Dump <----*
0012f38c ce 8b 3b 76 24 4b 2e 76 - 00 00 00 00 00 00 00
00 ..;v$K.v........
0012f39c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3bc 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3dc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3ec 00 00 00 00 00 00 00 00 - ff ff bc 00 00 00 00
00 ................
0012f3fc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f40c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f41c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f42c 00 00 00 00 02 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f43c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f44c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f45c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f46c 00 00 00 00 00 00 00 00 - 00 00 00 00 94 8f 14
00 ................
0012f47c ec db bc 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f48c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f49c ec fa 12 00 96 1c 40 00 - 8c f3 12 00 20 10 40
00 ......@..... .@.
0012f4ac 00 00 00 00 ff ff ff ff - 4c f9 12 00 15 00 00
00 ........L.......
0012f4bc 00 fb 12 00 bc 89 40 00 - 70 b6 13 00 0c fb 12
00 [email protected].......
Application exception occurred:
App: (pid=988)
When: 8/12/2003 @ 13:47:34.109
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
572 regsvc.exe
588 mstask.exe
632 WinMgmt.exe
692 mspmspsv.exe
704 svchost.exe
724 explorer.exe
1148 igfxtray.exe
1016 hkcmd.exe
1044 vptray.exe
1088 FINDFAST.exe
1196 OSA.exe
532 ipmsg2.02.exe
1420 DLLHOST.exe
1400 msdtc.exe
1272 IEXPLORE.exe
1416 IEXPLORE.exe
1644 _BlackWidow.exe
988 _BWDS.exe
1224 DRWTSN32.exe
0 _Total.exe
(00400000 - 0041B000)
(77F80000 - 77FFB000)
(762E0000 - 7642D000)
(77E80000 - 77F36000)
(77E10000 - 77E75000)
(77F40000 - 77F7C000)
(77DB0000 - 77E0D000)
(77D30000 - 77DA1000)
(77A50000 - 77B45000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(78000000 - 78046000)
(234C0000 - 234DE000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70BD0000 - 70C35000)
(202B0000 - 20346000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(71710000 - 71794000)
(76B30000 - 76B6D000)
(782F0000 - 78536000)
(01170000 - 01176000)
State Dump for Thread Id 0x608
eax=0202bfda ebx=00000000 ecx=0012f49c edx=00139e70
esi=00000000 edi=763b8bce
eip=00400202 esp=0012f38c ebp=bfdaf4bc iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: <nosymbols>
004001e8 0000 add
[eax],al ds:0202bfda=??
004001ea 0000 add
[eax],al ds:0202bfda=??
004001ec 40 inc eax
004001ed 0000 add
[eax],al ds:0202bfda=??
004001ef 40 inc eax
004001f0 2e7273 jb 00407466
004001f3 7263 jb 00400258
004001f5 0000 add
[eax],al ds:0202bfda=??
004001f7 00840b00000080 add
[ebx+ecx+0x80000000],al ds:8012f49c=??
004001fe 0100 add
[eax],eax ds:0202bfda=????????
00400200 000c00 add
[eax+eax],cl ds:0202bfda=??
00400203 0000 add
[eax],al ds:0202bfda=??
00400205 52 push edx
00400206 0100 add
[eax],eax ds:0202bfda=????????
00400208 0000 add
[eax],al ds:0202bfda=??
0040020a 0000 add
[eax],al ds:0202bfda=??
0040020c 0000 add
[eax],al ds:0202bfda=??
0040020e 0000 add
[eax],al ds:0202bfda=??
00400210 0000 add
[eax],al ds:0202bfda=??
00400212 0000 add
[eax],al ds:0202bfda=??
00400214 40 inc eax
00400215 0000 add
[eax],al ds:0202bfda=??
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
BFDAF4BC 00000000 00000000 00000000 00000000 00000000 !
<nosymbols>
*----> Raw Stack Dump <----*
0012f38c ce 8b 3b 76 24 4b 2e 76 - 00 00 00 00 00 00 00
00 ..;v$K.v........
0012f39c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3bc 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3dc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3ec 00 00 00 00 00 00 00 00 - ff ff bc 00 00 00 00
00 ................
0012f3fc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f40c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f41c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f42c 00 00 00 00 02 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f43c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f44c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f45c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f46c 00 00 00 00 00 00 00 00 - 00 00 00 00 94 8f 14
00 ................
0012f47c ec db bc 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f48c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f49c ec fa 12 00 96 1c 40 00 - 8c f3 12 00 20 10 40
00 ......@..... .@.
0012f4ac 00 00 00 00 ff ff ff ff - 4c f9 12 00 15 00 00
00 ........L.......
0012f4bc 00 fb 12 00 bc 89 40 00 - 70 b6 13 00 0c fb 12
00 [email protected].......
Application exception occurred:
App: (pid=1352)
When: 8/29/2003 @ 14:30:18.328
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
532 rtvscan.exe
572 regsvc.exe
588 mstask.exe
628 WinMgmt.exe
688 mspmspsv.exe
700 svchost.exe
1020 explorer.exe
1076 igfxtray.exe
1084 hkcmd.exe
1176 vptray.exe
1204 FINDFAST.exe
1224 OSA.exe
324 VB6.exe
1068 ipmsg2.02.exe
640 notepad.exe
1156 BlackWidow.exe
616 IEXPLORE.exe
1428 _BlackWidow.exe
1352 _BWDS.exe
1408 DRWTSN32.exe
0 _Total.exe
(00400000 - 0041B000)
(77F80000 - 77FFB000)
(762E0000 - 7642D000)
(77E80000 - 77F36000)
(77E10000 - 77E75000)
(77F40000 - 77F7C000)
(77DB0000 - 77E0D000)
(77D30000 - 77DA1000)
(77A50000 - 77B45000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(78000000 - 78046000)
(234C0000 - 234DE000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70BD0000 - 70C35000)
(202B0000 - 20346000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(71710000 - 71794000)
(76B30000 - 76B6D000)
(782F0000 - 78536000)
(01160000 - 01166000)
State Dump for Thread Id 0x520
eax=0202bfda ebx=00000000 ecx=0012f49c edx=00139e70
esi=00000000 edi=763b8bce
eip=00400202 esp=0012f38c ebp=bfdaf4bc iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: <nosymbols>
004001e8 0000 add
[eax],al ds:0202bfda=??
004001ea 0000 add
[eax],al ds:0202bfda=??
004001ec 40 inc eax
004001ed 0000 add
[eax],al ds:0202bfda=??
004001ef 40 inc eax
004001f0 2e7273 jb 00407466
004001f3 7263 jb 00400258
004001f5 0000 add
[eax],al ds:0202bfda=??
004001f7 00840b00000080 add
[ebx+ecx+0x80000000],al ds:8012f49c=??
004001fe 0100 add
[eax],eax ds:0202bfda=????????
00400200 000c00 add
[eax+eax],cl ds:0202bfda=??
00400203 0000 add
[eax],al ds:0202bfda=??
00400205 52 push edx
00400206 0100 add
[eax],eax ds:0202bfda=????????
00400208 0000 add
[eax],al ds:0202bfda=??
0040020a 0000 add
[eax],al ds:0202bfda=??
0040020c 0000 add
[eax],al ds:0202bfda=??
0040020e 0000 add
[eax],al ds:0202bfda=??
00400210 0000 add
[eax],al ds:0202bfda=??
00400212 0000 add
[eax],al ds:0202bfda=??
00400214 40 inc eax
00400215 0000 add
[eax],al ds:0202bfda=??
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
BFDAF4BC 00000000 00000000 00000000 00000000 00000000 !
<nosymbols>
*----> Raw Stack Dump <----*
0012f38c ce 8b 3b 76 24 4b 2e 76 - 00 00 00 00 00 00 00
00 ..;v$K.v........
0012f39c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3bc 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3dc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3ec 00 00 00 00 00 00 00 00 - ff ff bc 00 00 00 00
00 ................
0012f3fc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f40c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f41c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f42c 00 00 00 00 02 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f43c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f44c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f45c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f46c 00 00 00 00 00 00 00 00 - 00 00 00 00 94 8f 14
00 ................
0012f47c ec db bc 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f48c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f49c ec fa 12 00 96 1c 40 00 - 8c f3 12 00 20 10 40
00 ......@..... .@.
0012f4ac 00 00 00 00 ff ff ff ff - 4c f9 12 00 15 00 00
00 ........L.......
0012f4bc 00 fb 12 00 bc 89 40 00 - 70 b6 13 00 0c fb 12
00 [email protected].......
Application exception occurred:
App: (pid=1084)
When: 9/12/2003 @ 16:57:02.890
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
392 svchost.exe
424 spoolsv.exe
452 defwatch.exe
468 svchost.exe
496 nslsvice.exe
508 nsl.exe
528 rtvscan.exe
568 regsvc.exe
584 mstask.exe
632 WinMgmt.exe
684 mspmspsv.exe
696 svchost.exe
1124 explorer.exe
864 igfxtray.exe
1100 hkcmd.exe
980 vptray.exe
1004 FINDFAST.exe
1208 OSA.exe
1280 ipmsg2.02.exe
1412 DLLHOST.exe
1512 msdtc.exe
1444 nlnotes.exe
1240 naldaemn.exe
120 nhldaemn.exe
712 notepad.exe
1620 wmplayer.exe
516 VB6.exe
1084 YPager.exe
1704 DRWTSN32.exe
0 _Total.exe
(00400000 - 0057C000)
(77F80000 - 77FFB000)
(77820000 - 77827000)
(77E80000 - 77F36000)
(759B0000 - 759B6000)
(77E10000 - 77E75000)
(77F40000 - 77F7C000)
(71710000 - 71794000)
(77DB0000 - 77E0D000)
(77D30000 - 77DA1000)
(77570000 - 775A0000)
(75050000 - 75058000)
(75030000 - 75043000)
(78000000 - 78046000)
(75020000 - 75028000)
(10000000 - 10007000)
(00230000 - 00249000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(779B0000 - 77A4B000)
(77A50000 - 77B45000)
(70BD0000 - 70C35000)
(20000000 - 2000D000)
(00250000 - 00264000)
(65EC0000 - 65ECE000)
(00270000 - 00283000)
(76B30000 - 76B6D000)
(782F0000 - 78536000)
(702B0000 - 7032A000)
(732E0000 - 73305000)
(013D0000 - 01457000)
(775A0000 - 77625000)
(017A0000 - 017B0000)
(017F0000 - 0181C000)
(01820000 - 01830000)
(71000000 - 71149000)
(76B20000 - 76B25000)
(772B0000 - 7731C000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(77520000 - 77525000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(782C0000 - 782CC000)
(77340000 - 77353000)
(77320000 - 77337000)
(773B0000 - 773DE000)
(77380000 - 773A2000)
(77880000 - 7790D000)
(77360000 - 77379000)
(777E0000 - 777E8000)
(777F0000 - 777F5000)
(74FD0000 - 74FED000)
(75010000 - 75017000)
(02770000 - 0278E000)
(718C0000 - 71944000)
(70440000 - 704CF000)
(70C50000 - 70EFD000)
(75AC0000 - 75AE8000)
(75E60000 - 75E7A000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(6B700000 - 6B790000)
(6B600000 - 6B671000)
(037E0000 - 0396D000)
(77560000 - 77569000)
(77400000 - 77408000)
(77410000 - 77423000)
(727F0000 - 727F9000)
(72800000 - 72846000)
(728A0000 - 728A6000)
(70510000 - 7051A000)
(03F10000 - 03F41000)
(03F60000 - 03F9B000)
(74F90000 - 74F97000)
(75D40000 - 75D46000)
(74F70000 - 74F75000)
(74F40000 - 74F49000)
(74F30000 - 74F34000)
(66B00000 - 66B07000)
(70F30000 - 70F9E000)
State Dump for Thread Id 0x4fc
eax=00000000 ebx=027eb018 ecx=027ea100 edx=ffffffff
esi=027ea100 edi=013c4358
eip=0046d411 esp=0012e2a8 ebp=0012e2bc iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
0046d3f3 7471 jz 0047d366
0046d3f5 ff7604 push dword ptr
[esi+0x4] ds:032676d2=????????
0046d3f8 ff1524865300 call dword ptr
[00538624] ds:00538624=77e122f8
0046d3fe 85c0 test eax,eax
0046d400 7409 jz 0047d30b
0046d402 ff7604 push dword ptr
[esi+0x4] ds:032676d2=????????
0046d405 ff1520865300 call dword ptr
[00538620] ds:00538620=77e137c0
0046d40b 8b06 mov eax,
[esi] ds:027ea100=00000000
0046d40d 6a01 push 0x1
0046d40f 8bce mov ecx,esi
FAULT ->0046d411 ff5010 call dword ptr
[eax+0x10] ds:00a7d5d2=????????
0046d414 53 push ebx
0046d415 8d45fc lea eax,
[ebp+0xfc] ss:00bab88e=????????
0046d418 50 push eax
0046d419 8d4f04 lea ecx,
[edi+0x4] ds:01e4192a=666f7270
0046d41c e88d790200 call 00494dae
0046d421 5e pop esi
0046d422 5b pop ebx
0046d423 8d4774 lea eax,
[edi+0x74] ds:01e4192a=666f7270
0046d426 50 push eax
0046d427 ff153c815300 call dword ptr
[0053813c] ds:0053813c=77f8316d
0046d42d 837d0800 cmp dword ptr
[ebp+0x8],0x0 ss:00bab88e=????????
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0012E2BC 0048A0AF 00000001 013C405C 00000000 0048E6EC !
<nosymbols>
0012EC2C 004924B2 001A0110 00000111 00008001 00000001 !
<nosymbols>
0012EDF8 77E11D0A 001A0110 00000111 00008001 00000001 !
<nosymbols>
0012EE18 77E1350E 004920B9 001A0110 00000111 00008001
user32!DispatchMessageW
0012EE48 77E172F2 0071ADD8 00000111 00008001 00000001
user32!DefWindowProcW
0012EE68 00489D79 001A0110 00000111 00008001 00000001
user32!SendMessageA
0012EE98 004B567E 001A0110 0012F340 00000000 0000C10B !
<nosymbols>
0012F2E4 004B7261 001A0110 0000C10B 000001FA 0012F340 !
<nosymbols>
0012F398 0049214A 001A0110 0000C10B 000001FA 03B547E0 !
<nosymbols>
0012F564 77E11D0A 001A0110 0000C10B 000001FA 03B547E0 !
<nosymbols>
0012F584 77E11BC8 004920B9 001A0110 0000C10B 000001FA
user32!DispatchMessageW
0012F610 77E172B4 0012FE34 00000001 004C8B8D 0012FE34
user32!GetAppCompatFlags2
0012FE98 00526404 013D0000 00000000 00133F87 00000001
user32!DispatchMessageA
0012FFC0 77E9CA90 00000000 00000000 7FFDF000 C0000005 !
<nosymbols>
0012FFF0 00000000 00526283 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0012e2a8 01 00 00 00 90 3f 3c 01 - 02 00 00 00 c0 37 e1
77 .....?<......7.w
0012e2b8 58 43 3c 01 2c ec 12 00 - af a0 48 00 01 00 00
00 XC<.,.....H.....
0012e2c8 5c 40 3c 01 00 00 00 00 - ec e6 48 00 02 00 00
00 \@<.......H.....
0012e2d8 01 00 00 00 17 01 00 00 - 11 01 00 00 6c e4 12
00 ............l...
0012e2e8 01 00 00 00 0c e3 12 00 - f2 72 e1 77 18 bb 72
00 .........r.w..r.
0012e2f8 11 01 00 00 e1 00 00 04 - 7c 06 1b 00 01 00 00
00 ........|.......
0012e308 4a 05 45 00 3c e5 12 00 - da 40 2b 77 4a 05 45
00 J.E.<....@+wJ.E.
0012e318 11 01 00 00 e1 00 00 04 - 7c 06 1b 00 00 00 00
00 ........|.......
0012e328 e1 00 00 00 d4 ef 12 00 - 00 00 00 00 91 57 e1
77 .............W.w
0012e338 4a 05 45 00 00 00 00 00 - 00 00 00 00 01 00 00
00 J.E.............
0012e348 00 00 00 00 00 a1 7e 02 - 4e 00 00 00 ac e3 12
00 ......~.N.......
0012e358 f7 80 e1 77 4a 05 45 00 - 00 00 00 00 00 00 00
00 ...wJ.E.........
0012e368 00 00 00 00 01 00 00 00 - 02 00 00 00 00 00 00
00 ................
0012e378 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012e388 00 00 00 00 8c 3c 2b 77 - 01 00 00 00 b0 e3 12
00 .....<+w........
0012e398 e1 3c 2b 77 01 00 00 00 - b0 e3 12 00 0c e4 12
00 .<+w............
0012e3a8 e0 e3 12 00 c3 3c 2b 77 - 01 00 00 00 cf 33 2b
77 .....<+w.....3+w
0012e3b8 01 00 00 00 14 e4 12 00 - 01 00 00 00 6f 34 2b
77 ............o4+w
0012e3c8 ff 03 00 00 14 e4 12 00 - 02 00 00 00 12 35 2b
77 .............5+w
0012e3d8 dc e3 12 00 e0 10 16 00 - 78 3f 2c 77 66 1b f4
77 ........x?,wf..w
State Dump for Thread Id 0x5cc
eax=004c4e68 ebx=00000002 ecx=7ffde000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=0156fea8 ebp=0156fef4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:01fed47b=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0156FEF4 77E12A00 0156FECC 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0156FF50 77E12A77 0156FF1C 00570EE4 FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
0156FF6C 004C4722 00000001 00570EE4 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
77E12A5A 104539C0 50C0950F FF1875FF 75FF1475 0875FF0C !
<nosymbols>
33EC8B55 00000000 00000000 00000000 00000000 00000000
<nosymbols>
State Dump for Thread Id 0x548
eax=00000102 ebx=77f8316d ecx=80020000 edx=00000000
esi=00142bf8 edi=00141a48
eip=77f83197 esp=0166ff78 ebp=0166ffa8 iopl=0 nv
up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000286
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:020ed54b=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0166FFA8 77D424DA 00141AC0 0166FFEC 77E887DD 00143EE0
ntdll!NtDelayExecution
0166FFB4 77E887DD 00143EE0 00000000 40143890 00143EE0
rpcrt4!NdrConformantArrayMemorySize
0166FFEC 00000000 77D424C2 00143EE0 00000000 62646772
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0166ff78 99 25 d4 77 01 00 00 00 - 90 ff 66 01 00 00 00
00 .%.w......f.....
0166ff88 90 38 14 40 e0 3e 14 00 - 00 5d 1e ee ff ff ff
ff .8.@.>...]......
0166ff98 00 5d 1e ee ff ff ff ff - 30 75 00 00 e0 3e 14
00 .]......0u...>..
0166ffa8 b4 ff 66 01 da 24 d4 77 - c0 1a 14 00 ec ff 66
01 ..f..$.w......f.
0166ffb8 dd 87 e8 77 e0 3e 14 00 - 00 00 00 00 90 38 14
40 ...w.>.......8.@
0166ffc8 e0 3e 14 00 00 c0 fd 7f - 54 3d 14 00 c0 ff 66
01 .>......T=....f.
0166ffd8 54 3d 14 00 ff ff ff ff - 56 18 ea 77 88 ae e8
77 T=......V..w...w
0166ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 c2 24 d4
77 .............$.w
0166fff8 e0 3e 14 00 00 00 00 00 - 72 67 64 62 01 00 00
00 .>......rgdb....
01670008 01 00 00 00 46 6a f3 06 - ce 00 00 00 00 00 00
00 ....Fj..........
01670018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01670028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01670038 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01670048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01670058 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01670068 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01670078 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01670088 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01670098 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
016700a8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x66c
eax=0043e32d ebx=00000002 ecx=00000011 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=0178fe78 ebp=0178fec4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0220d44b=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0178FEC4 77E12A00 0178FE9C 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0178FF20 77E12A77 0178FEEC 0056A350 FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
0178FF3C 004432D5 00000001 0056A350 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
0178FF80 00523C79 00000000 77D93B53 0012F57C 013C3F00 !
<nosymbols>
0178FFB4 77E887DD 013C3F00 77D93B53 0012F57C 013C3F00 !
<nosymbols>
0178FFEC 00000000 00523C0D 013C3F00 00000000 22222222
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0178fe78 b7 7a e8 77 02 00 00 00 - 9c fe 78 01 01 00 00
00 .z.w......x.....
0178fe88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0178fe98 02 00 00 00 64 01 00 00 - 68 01 00 00 cc 2b e7
b6 ....d...h....+..
0178fea8 81 00 42 81 0a b0 46 80 - d0 5c 89 81 ec 1e 73
e3 ..B...F..\....s.
0178feb8 38 a0 e1 77 00 00 00 00 - 00 00 00 00 20 ff 78
01 8..w........ .x.
0178fec8 00 2a e1 77 9c fe 78 01 - 01 00 00 00 00 00 00
00 .*.w..x.........
0178fed8 00 00 00 00 00 00 00 00 - 45 27 e1 77 00 00 00
00 ........E'.w....
0178fee8 01 00 00 00 64 01 00 00 - 68 01 00 00 1b 55 45
80 ....d...h....UE.
0178fef8 00 00 00 82 00 00 00 02 - 44 2c e7 b6 04 22 49
80 ........D,..."I.
0178ff08 c8 d0 8b 81 90 13 02 e3 - 00 00 00 00 cc b6 fd
7f ................
0178ff18 00 00 00 00 68 01 00 00 - 3c ff 78 01 77 2a e1
77 ....h...<.x.w*.w
0178ff28 ec fe 78 01 50 a3 56 00 - ff ff ff ff ff 00 00
00 ..x.P.V.........
0178ff38 00 00 00 00 80 ff 78 01 - d5 32 44 00 01 00 00
00 ......x..2D.....
0178ff48 50 a3 56 00 00 00 00 00 - ff ff ff ff ff 00 00
00 P.V.............
0178ff58 53 3b d9 77 00 3f 3c 01 - 00 3f 3c 01 d4 4b 06
80 S;.w.?<..?<..K..
0178ff68 00 00 00 00 00 00 00 00 - 01 00 00 00 53 3b d9
77 ............S;.w
0178ff78 00 3f 3c 01 b4 ff 78 01 - b4 ff 78 01 79 3c 52
00 .?<...x...x.y<R.
0178ff88 00 00 00 00 53 3b d9 77 - 7c f5 12 00 00 3f 3c
01 ....S;.w|....?<.
0178ff98 40 0c 23 81 8c ff 78 01 - ff ff ff ff dc ff 78
01 @.#...x.......x.
0178ffa8 20 6b 52 00 c8 ca 54 00 - 00 00 00 00 ec ff 78
01 kR...T.......x.
State Dump for Thread Id 0x5c0
eax=00000000 ebx=00000004 ecx=00000001 edx=00000000
esi=77f837a7 edi=00000004
eip=77f837b2 esp=0210fd24 ebp=0210fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:02b8d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0210FD70 77E8A31D 0210FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0210FFB4 77E887DD 00000005 00156464 7FFDE000 0015C6A0
kernel32!WaitForMultipleObjects
0210FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x4ac
eax=01803637 ebx=01c44190 ecx=00000000 edx=00000000
esi=0220ff64 edi=77e17c12
eip=77e11d6b esp=0220fefc ebp=0220ff1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:02c8d4cf=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:02c8d4cf=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:02c8d4cf=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0220FF1C 017F4B49 0220FF64 00000000 00000000 00000000
user32!TranslateMessageEx
0220FF80 018036A3 01C43EA0 01C44100 00000000 01C44190 !
<nosymbols>
0220FFB4 77E887DD 01C44190 01C44100 00000000 01C44190 !
<nosymbols>
0220FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x5c8
eax=00000000 ebx=00000003 ecx=00000001 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=0230fe78 ebp=0230fec4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:02d8d44b=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0230FEC4 77E12A00 0230FE9C 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0230FF20 77E12A77 0230FEEC 01C43AFC FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
0230FF3C 017F3C81 00000002 01C43AFC 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
0230FF80 018036A3 00000001 01C40000 000001BD 01C44470 !
<nosymbols>
0230FFB4 77E887DD 01C44470 01C40000 000001BD 01C44470 !
<nosymbols>
0230FFEC 00000000 01803637 01C44470 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0230fe78 b7 7a e8 77 03 00 00 00 - 9c fe 30 02 01 00 00
00 .z.w......0.....
0230fe88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0230fe98 03 00 00 00 68 02 00 00 - 64 02 00 00 88 02 00
00 ....h...d.......
0230fea8 00 00 00 00 c0 29 80 01 - 58 44 c4 01 44 44 c4
01 .....)..XD..DD..
0230feb8 24 42 c4 01 68 5f c4 01 - b0 fe 30 02 20 ff 30
02 $B..h_....0. .0.
0230fec8 00 2a e1 77 9c fe 30 02 - 01 00 00 00 00 00 00
00 .*.w..0.........
0230fed8 00 00 00 00 00 00 00 00 - 45 27 e1 77 00 00 00
00 ........E'.w....
0230fee8 d8 39 c4 01 68 02 00 00 - 64 02 00 00 88 02 00
00 .9..h...d.......
0230fef8 d8 39 c4 01 08 f0 ba 03 - 00 00 00 00 08 f0 ba
03 .9..............
0230ff08 b4 37 7f 01 3c ff 30 02 - 00 00 00 00 cc 86 fd
7f .7..<.0.........
0230ff18 00 00 00 00 88 02 00 00 - 3c ff 30 02 77 2a e1
77 ........<.0.w*.w
0230ff28 ec fe 30 02 fc 3a c4 01 - ff ff ff ff ff 00 00
00 ..0..:..........
0230ff38 00 00 00 00 80 ff 30 02 - 81 3c 7f 01 02 00 00
00 ......0..<......
0230ff48 fc 3a c4 01 00 00 00 00 - ff ff ff ff ff 00 00
00 .:..............
0230ff58 00 00 c4 01 70 44 c4 01 - 70 44 c4 01 d4 4b 06
80 ....pD..pD...K..
0230ff68 00 00 00 00 00 00 00 00 - 01 00 00 00 00 00 c4
01 ................
0230ff78 70 44 c4 01 b4 ff 30 02 - b4 ff 30 02 a3 36 80
01 pD....0...0..6..
0230ff88 01 00 00 00 00 00 c4 01 - bd 01 00 00 70 44 c4
01 ............pD..
0230ff98 40 0c 23 81 8c ff 30 02 - ff ff ff ff dc ff 30
02 @.#...0.......0.
0230ffa8 f4 85 80 01 c0 f6 80 01 - 00 00 00 00 ec ff 30
02 ..............0.
State Dump for Thread Id 0x524
eax=00a24162 ebx=00000002 ecx=00000000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=0243fe4c ebp=0243fe98 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:02ebd41f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0243FE98 77E12A00 0243FE70 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0243FEF4 77E12A77 0243FEC0 01C4456C FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
0243FF10 017FC068 00000001 01C4456C 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
0243FF80 018036A3 00000001 00000000 77E888FC 01C45950 !
<nosymbols>
0243FFB4 77E887DD 01C45950 00000000 77E888FC 01C45950 !
<nosymbols>
0243FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x488
eax=02640014 ebx=00165820 ecx=001307d8 edx=00000000
esi=74fe93a0 edi=00000000
eip=77f837dc esp=0264ff84 ebp=0264ffb4 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: ZwRemoveIoCompletion
77f837d1 b8a8000000 mov eax,0xa8
77f837d6 8d542404 lea edx,
[esp+0x4] ss:030cd557=????????
77f837da cd2e int 2e
77f837dc c21400 ret 0x14
77f837df 53 push ebx
77f837e0 f7e1 mul ecx
77f837e2 8bd8 mov ebx,eax
77f837e4 8b442408 mov eax,
[esp+0x8] ss:030cd557=????????
77f837e8 f7642414 mul dword ptr
[esp+0x14] ss:030cd557=????????
77f837ec 03d8 add ebx,eax
77f837ee 8b442408 mov eax,
[esp+0x8] ss:030cd557=????????
77f837f2 f7e1 mul ecx
77f837f4 03d3 add edx,ebx
77f837f6 5b pop ebx
77f837f7 c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0264FFB4 77E887DD 74FD84C8 7FFD6000 00000000 00165820
ntdll!ZwRemoveIoCompletion
0264FFEC 00000000 74FD4766 00165820 00000000 00000000
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0264ff84 b8 47 fd 74 14 03 00 00 - bc ff 64 02 b0 ff 64
02 .G.t......d...d.
0264ff94 a4 ff 64 02 28 2c fd 74 - 00 60 fd 7f 00 00 00
00 ..d.(,.t.`......
0264ffa4 00 00 00 00 00 00 00 00 - 00 00 fd 74 40 05 15
00 ...........t@...
0264ffb4 ec ff 64 02 dd 87 e8 77 - c8 84 fd 74 00 60 fd
7f ..d....w...t.`..
0264ffc4 00 00 00 00 20 58 16 00 - 00 50 fd 7f 0a 00 00
00 .... X...P......
0264ffd4 c0 ff 64 02 0a 00 00 00 - ff ff ff ff 56 18 ea
77 ..d.........V..w
0264ffe4 88 ae e8 77 00 00 00 00 - 00 00 00 00 00 00 00
00 ...w............
0264fff4 66 47 fd 74 20 58 16 00 - 00 00 00 00 00 00 00
00 fG.t X..........
02650004 1e 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
02650014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
02650024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
02650034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
02650044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
02650054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
02650064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
02650074 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
02650084 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
02650094 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
026500a4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
026500b4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x534
eax=ffffffff ebx=ffffffff ecx=00158710 edx=00000000
esi=7fffffff edi=00000102
eip=77f83786 esp=029cfacc ebp=029cfb04 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:0344d09f=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
029CFB04 74FD7EE6 000003B0 000003B4 00000000 00000004
ntdll!NtWaitForSingleObject
029CFBF0 75031DA9 00000001 029CFE84 029CFC7C 029CFD80
msafd!WSPSetSockOpt
029CFC54 7021E1F5 00000001 029CFE84 029CFC7C 029CFD80
ws2_32!select
029CFFB0 7021E35B 77E887DD 0017F790 77B32860 0017F620 !
InternetGetConnectedStateExW
029CFFEC 00000000 00000000 00000000 00000000 00000000 !
InternetGetConnectedStateExW
*----> Raw Stack Dump <----*
029cfacc d2 bc fd 74 b0 03 00 00 - 01 00 00 00 f0 fa 9c
02 ...t............
029cfadc 84 fe 9c 02 78 fb 9c 02 - 68 fb 9c 02 de cf cf
d3 ....x...h.......
029cfaec 0b 79 c3 01 ff ff ff ff - ff ff ff 7f 00 02 18
00 .y..............
029cfafc 00 00 00 00 00 00 00 00 - f0 fb 9c 02 e6 7e fd
74 .............~.t
029cfb0c b0 03 00 00 b4 03 00 00 - 00 00 00 00 04 00 00
00 ................
029cfb1c 80 fd 9c 02 28 02 18 00 - 7c fc 9c 02 00 00 00
00 ....(...|.......
029cfb2c 00 00 00 00 80 0f 05 fd - ff ff ff ff ff ff ff
ff ................
029cfb3c dc fb 9c 02 40 b7 fc 77 - b8 0c 13 00 c0 3e 1a
00 [email protected].....>..
029cfb4c 5c 90 27 70 c0 3e 1a 00 - c0 3e 1a 00 f5 78 fd
74 \.'p.>...>...x.t
029cfb5c 18 4f 19 00 00 00 00 00 - 00 00 00 00 80 0f 05
fd .O..............
029cfb6c ff ff ff ff 01 00 00 00 - 00 fb 9c 02 b4 03 00
00 ................
029cfb7c 19 00 00 00 00 00 13 00 - 08 00 00 00 00 87 15
00 ................
029cfb8c f8 fb 9c 02 00 00 13 00 - 03 00 00 00 00 ff ff
ff ................
029cfb9c 24 fb 9c 02 a4 70 20 70 - 01 53 f8 77 00 00 13
00 $....p p.S.w....
029cfbac 00 02 18 00 00 3e 1a 00 - 00 00 00 00 68 fb 9c
02 .....>......h...
029cfbbc 2c 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ,...............
029cfbcc 14 fc 9c 02 95 2b f8 77 - 84 fb 9c 02 1c fb 9c
02 .....+.w........
029cfbdc 24 fc 9c 02 44 fc 9c 02 - 36 df fd 74 78 30 fd
74 $...D...6..tx0.t
029cfbec ff ff ff ff 54 fc 9c 02 - a9 1d 03 75 01 00 00
00 ....T......u....
029cfbfc 84 fe 9c 02 7c fc 9c 02 - 80 fd 9c 02 88 ff 9c
02 ....|...........
State Dump for Thread Id 0x67c
eax=00000102 ebx=00000002 ecx=01010101 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=02acfe5c ebp=02acfea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0354d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
02ACFEA8 77E12A00 02ACFE80 00000001 00000000 02ACFEA0
ntdll!NtWaitForMultipleObjects
02ACFF04 77E12A77 02ACFED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
02ACFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
02ACFF74 70C1AB1B 02ACFFA0 02ACFFA4 02ACFFA8 02ACFF9C !
Ordinal265
02ACFFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
02ACFFEC 00000000 70C1ACAF 00000000 00000000 02AD00E4 !
Ordinal293
*----> Raw Stack Dump <----*
02acfe5c b7 7a e8 77 02 00 00 00 - 80 fe ac 02 01 00 00
00 .z.w............
02acfe6c 00 00 00 00 a0 fe ac 02 - 00 00 00 00 00 00 00
00 ................
02acfe7c 02 00 00 00 a8 03 00 00 - bc 03 00 00 c8 76 1d
00 .............v..
02acfe8c c0 da 22 00 c8 76 1d 00 - 78 01 13 00 c0 76 1d
00 .."..v..x....v..
02acfe9c 18 36 f8 77 00 ba 3c dc - ff ff ff ff 04 ff ac
02 .6.w..<.........
02acfeac 00 2a e1 77 80 fe ac 02 - 01 00 00 00 00 00 00
00 .*.w............
02acfebc a0 fe ac 02 00 00 00 00 - 60 ea 00 00 18 bb c2
70 ........`......p
02acfecc 00 00 00 00 a8 03 00 00 - bc 03 00 00 20 ff ac
02 ............ ...
02acfedc 95 2b f8 77 18 36 f8 77 - ff ff ff ff 30 ff ac
02 .+.w.6.w....0...
02acfeec 82 73 e8 77 00 00 13 00 - 00 00 00 00 cc e6 fa
7f .s.w............
02acfefc 00 00 00 00 bc 03 00 00 - 20 ff ac 02 77 2a e1
77 ........ ...w*.w
02acff0c d0 fe ac 02 38 bb c2 70 - 60 ea 00 00 41 00 00
00 ....8..p`...A...
02acff1c 00 00 00 00 74 ff ac 02 - 93 a7 c1 70 01 00 00
00 ....t......p....
02acff2c 38 bb c2 70 00 00 00 00 - 60 ea 00 00 41 00 00
00 8..p....`...A...
02acff3c 20 bb c2 70 18 bb c2 70 - 00 00 00 00 ba 8c 20
70 ..p...p...... p
02acff4c 01 00 00 00 c8 05 18 00 - 00 00 00 00 86 8c 20
70 .............. p
02acff5c 00 00 00 00 41 04 21 70 - 48 4d f3 06 18 bb c2
70 ....A.!pHM.....p
02acff6c 60 ea 00 00 01 00 00 00 - ac ff ac 02 1b ab c1
70 `..............p
02acff7c a0 ff ac 02 a4 ff ac 02 - a8 ff ac 02 9c ff ac
02 ................
02acff8c 60 ea 00 00 00 00 00 00 - 00 00 bd 70 00 00 00
00 `..........p....
State Dump for Thread Id 0x6c4
eax=0017b944 ebx=0338ff74 ecx=702b4f00 edx=00000000
esi=77f8377b edi=00000434
eip=77f83786 esp=0338ff58 ebp=0338ff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:03e0d52b=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0338FF7C 77E87837 00000434 000927C0 00000000 70CFD855
ntdll!NtWaitForSingleObject
77F8316D 4AFFC033 E0850F08 89000005 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
*----> Raw Stack Dump <----*
0338ff58 0f 78 e8 77 34 04 00 00 - 00 00 00 00 74 ff 38
03 .x.w4.......t.8.
0338ff68 00 00 00 00 60 f5 ad 02 - 3c 31 f8 77 00 44 5f
9a ....`...<1.w.D_.
0338ff78 fe ff ff ff 6d 31 f8 77 - 37 78 e8 77 34 04 00
00 ....m1.w7x.w4...
0338ff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 34 04 00
00 .'......U..p4...
0338ff98 c0 27 09 00 08 cd 1a 00 - 60 f5 ad 02 ec ff 38
03 .'......`.....8.
0338ffa8 60 f5 ad 02 95 d7 cf 70 - 08 cd 1a 00 6f d7 cf
70 `......p....o..p
0338ffb8 dd 87 e8 77 60 f5 ad 02 - 08 cd 1a 00 08 cd 1a
00 ...w`...........
0338ffc8 60 f5 ad 02 00 d0 fa 7f - 08 36 f8 77 c0 ff 38
03 `........6.w..8.
0338ffd8 08 36 f8 77 ff ff ff ff - 56 18 ea 77 88 ae e8
77 .6.w....V..w...w
0338ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf
70 ............f..p
0338fff8 60 f5 ad 02 00 00 00 00 - c8 00 00 00 00 01 00
00 `...............
03390008 ff ee ff ee 02 00 00 00 - 00 00 00 00 00 fe 00
00 ................
03390018 00 00 10 00 00 20 00 00 - 00 02 00 00 00 20 00
00 ..... ....... ..
03390028 b5 01 00 00 ff ef fd 7f - 11 00 08 06 00 00 00
00 ................
03390038 00 00 00 00 00 00 00 00 - 00 00 00 00 98 05 39
03 ..............9.
03390048 0f 00 00 00 f8 ff ff ff - 50 00 39 03 50 00 39
03 ........P.9.P.9.
03390058 40 06 39 03 00 00 00 00 - 00 00 00 00 00 00 00
00 @.9.............
03390068 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
03390078 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
03390088 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x510
eax=00000102 ebx=000493e0 ecx=00000102 edx=00000000
esi=00142df8 edi=000493e0
eip=77f837dc esp=0358febc ebp=0358fee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: ZwRemoveIoCompletion
77f837d1 b8a8000000 mov eax,0xa8
77f837d6 8d542404 lea edx,
[esp+0x4] ss:0400d48f=????????
77f837da cd2e int 2e
77f837dc c21400 ret 0x14
77f837df 53 push ebx
77f837e0 f7e1 mul ecx
77f837e2 8bd8 mov ebx,eax
77f837e4 8b442408 mov eax,
[esp+0x8] ss:0400d48f=????????
77f837e8 f7642414 mul dword ptr
[esp+0x14] ss:0400d48f=????????
77f837ec 03d8 add ebx,eax
77f837ee 8b442408 mov eax,
[esp+0x8] ss:0400d48f=????????
77f837f2 f7e1 mul ecx
77f837f4 03d3 add edx,ebx
77f837f6 5b pop ebx
77f837f7 c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0358FEE4 77D40090 000000DC 0358FF1C 0358FF0C 0358FF14
ntdll!ZwRemoveIoCompletion
0358FF20 77D48565 000493E0 0358FF60 0358FF5C 0358FF70
rpcrt4!PerformRpcInitialization
0358FF74 77D48444 77D42528 00142DF8 00000008 0012DE30
rpcrt4!NdrClientContextUnmarshall
0358FFA8 77D424DA 001832F8 0358FFEC 77E887DD 001A5550
rpcrt4!NdrClientContextUnmarshall
0358FFB4 77E887DD 001A5550 00000008 0012DE30 001A5550
rpcrt4!NdrConformantArrayMemorySize
0358FFEC 00000000 77D424C2 001A5550 00000000 00000008
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0358febc 2e 79 e8 77 dc 00 00 00 - 0c ff 58 03 fc fe 58
03 .y.w......X...X.
0358fecc dc fe 58 03 d4 fe 58 03 - 00 a2 2f 4d ff ff ff
ff ..X...X.../M....
0358fedc 00 00 00 00 00 00 00 00 - 20 ff 58 03 90 00 d4
77 ........ .X....w
0358feec dc 00 00 00 1c ff 58 03 - 0c ff 58 03 14 ff 58
03 ......X...X...X.
0358fefc e0 93 04 00 e0 93 04 00 - f8 2d 14 00 b2 73 e8
77 .........-...s.w
0358ff0c 10 00 00 00 dc 00 00 00 - 00 00 00 00 64 1c 7f
b7 ............d...
0358ff1c 00 00 00 00 74 ff 58 03 - 65 85 d4 77 e0 93 04
00 ....t.X.e..w....
0358ff2c 60 ff 58 03 5c ff 58 03 - 70 ff 58 03 58 ff 58
03 `.X.\.X.p.X.X.X.
0358ff3c 64 ff 58 03 6c ff 58 03 - 48 1a 14 00 f8 32 18
00 d.X.l.X.H....2..
0358ff4c 50 55 1a 00 dc 00 00 00 - 00 00 00 00 00 00 00
00 PU..............
0358ff5c 00 7a 24 81 00 00 00 00 - 00 00 00 00 01 00 00
00 .z$.............
0358ff6c 00 00 00 00 dc 00 00 00 - a8 ff 58 03 44 84 d4
77 ..........X.D..w
0358ff7c 28 25 d4 77 f8 2d 14 00 - 08 00 00 00 30 de 12
00 (%.w.-......0...
0358ff8c 50 55 1a 00 00 00 00 00 - db 0d 43 80 40 0c 23
81 PU........C.@.#.
0358ff9c 20 c0 31 81 ff ff ff ff - 50 55 1a 00 b4 ff 58
03 .1.....PU....X.
0358ffac da 24 d4 77 f8 32 18 00 - ec ff 58 03 dd 87 e8
77 .$.w.2....X....w
0358ffbc 50 55 1a 00 08 00 00 00 - 30 de 12 00 50 55 1a
00 PU......0...PU..
0358ffcc 00 c0 fa 7f ce b1 f8 77 - c0 ff 58 03 ce b1 f8
77 .......w..X....w
0358ffdc ff ff ff ff 56 18 ea 77 - 88 ae e8 77 00 00 00
00 ....V..w...w....
0358ffec 00 00 00 00 00 00 00 00 - c2 24 d4 77 50 55 1a
00 .........$.wPU..
State Dump for Thread Id 0x2e8
eax=00000001 ebx=00000002 ecx=03afffb0 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=03afff24 ebp=03afff70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0457d4f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
03AFFF70 77E8A31D 03AFFF48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
03AFFFB4 77E887DD 00000000 7FFDEBF8 00000000 00000000
kernel32!WaitForMultipleObjects
03AFFFEC 00000000 77562BDA 00000000 00000000 877A0EE8
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
03afff24 b7 7a e8 77 02 00 00 00 - 48 ff af 03 01 00 00
00 .z.w....H.......
03afff34 00 00 00 00 00 00 00 00 - f8 eb fd 7f 00 00 00
00 ................
03afff44 00 00 00 00 94 04 00 00 - 90 04 00 00 b0 7f 1a
00 ................
03afff54 00 00 00 00 01 01 01 00 - 01 01 01 00 24 d1 e8
77 ............$..w
03afff64 37 78 e8 77 8c 04 00 00 - c4 7d e8 77 b4 ff af
03 7x.w.....}.w....
03afff74 1d a3 e8 77 48 ff af 03 - 01 00 00 00 00 00 00
00 ...wH...........
03afff84 00 00 00 00 00 00 00 00 - 1a 2c 56 77 02 00 00
00 .........,Vw....
03afff94 a4 ff af 03 00 00 00 00 - ff ff ff ff 00 00 00
00 ................
03afffa4 94 04 00 00 90 04 00 00 - 01 00 00 00 03 00 00
00 ................
03afffb4 ec ff af 03 dd 87 e8 77 - 00 00 00 00 f8 eb fd
7f .......w........
03afffc4 00 00 00 00 00 00 00 00 - 00 b0 fa 7f 45 00 00
00 ............E...
03afffd4 c0 ff af 03 45 00 00 00 - ff ff ff ff 56 18 ea
77 ....E.......V..w
03afffe4 88 ae e8 77 00 00 00 00 - 00 00 00 00 00 00 00
00 ...w............
03affff4 da 2b 56 77 00 00 00 00 - 00 00 00 00 e8 0e 7a
87 .+Vw..........z.
03b00004 84 ee a4 77 4a 48 a3 9a - 84 72 69 ae 84 c6 d3
f1 ...wJH...ri.....
03b00014 12 9a 44 27 49 68 32 fd - a8 84 a6 d0 bb 24 34
95 ..D'Ih2......$4.
03b00024 de 2d a1 69 f4 4f 24 34 - 9d de 23 a1 19 34 4f
42 .-.i.O$4..#..4OB
03b00034 f9 f4 5e 09 cd a4 f7 49 - 68 16 fd 98 84 3e 4e
3f ..^....Ih....>N?
03b00044 21 a1 d9 f4 93 12 9a 43 - e7 48 a8 80 16 48 e8
4f !......C.H...H.O
03b00054 e9 fd 12 7a 80 3e 28 a1 - b9 f4 21 f6 a3 9a 79
45 ...z.>(...!...yE
State Dump for Thread Id 0x69c
eax=70cfd766 ebx=00000000 ecx=0000000c edx=00000000
esi=77f8377b edi=000004dc
eip=77f83786 esp=03eaff54 ebp=03eaff78 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:0492d527=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
03EAFF78 77E87837 000004DC FFFFFFFF 00000000 70D1009A
ntdll!NtWaitForSingleObject
FFFFFFFF 00000000 00000000 00000000 00000000 00000000
kernel32!WaitForSingleObject
State Dump for Thread Id 0x11c
eax=042cf868 ebx=00000000 ecx=77d42e04 edx=00000000
esi=77f8377b edi=00000544
eip=77f83786 esp=042cff64 ebp=042cff88 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:04d4d537=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
042CFF88 77E87837 00000544 FFFFFFFF 00000000 75033650
ntdll!NtWaitForSingleObject
77F8313C 8B000000 83042454 0F00147A 016F3E85 42FF9000
kernel32!WaitForSingleObject
180D8B64 00000000 00000000 00000000 00000000 00000000
<nosymbols>
*----> Raw Stack Dump <----*
042cff64 0f 78 e8 77 44 05 00 00 - 00 00 00 00 00 00 00
00 .x.wD...........
042cff74 08 89 22 00 08 89 22 00 - d0 07 04 75 00 80 fa
7f .."..."....u....
042cff84 00 80 fa 7f 3c 31 f8 77 - 37 78 e8 77 44 05 00
00 ....<1.w7x.wD...
042cff94 ff ff ff ff 00 00 00 00 - 50 36 03 75 44 05 00
00 ........P6.uD...
042cffa4 ff ff ff ff 00 90 fa 7f - 00 00 00 00 ec ff 2c
04 ..............,.
042cffb4 08 89 22 00 dd 87 e8 77 - 44 05 00 00 00 90 fa
7f .."....wD.......
042cffc4 00 00 00 00 08 89 22 00 - 00 80 fa 7f 00 00 00
00 ......".........
042cffd4 c0 ff 2c 04 00 00 00 00 - ff ff ff ff 56 18 ea
77 ..,.........V..w
042cffe4 88 ae e8 77 00 00 00 00 - 00 00 00 00 00 00 00
00 ...w............
042cfff4 20 36 03 75 08 89 22 00 - 00 00 00 00 00 00 00
00 6.u..".........
042d0004 00 00 01 00 00 10 00 00 - 00 00 00 00 c8 05 13
00 ................
042d0014 00 80 19 00 00 10 00 00 - 00 00 00 00 d0 00 2d
04 ..............-.
042d0024 00 60 1f 00 00 10 00 00 - 00 00 00 00 50 00 2d
04 .`..........P.-.
042d0034 00 f0 1a 00 00 10 00 00 - 00 00 00 00 60 00 2d
04 ............`.-.
042d0044 00 00 00 00 00 00 00 00 - 00 00 00 00 90 00 2d
04 ..............-.
042d0054 00 c0 1c 00 00 10 00 00 - 00 00 00 00 c0 00 2d
04 ..............-.
042d0064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 01 2d
04 ..............-.
042d0074 00 a0 b7 03 00 40 00 00 - 00 00 00 00 20 01 2d
04 .....@...... .-.
042d0084 00 00 00 00 00 00 00 00 - 00 00 00 00 10 01 2d
04 ..............-.
042d0094 00 e0 1c 00 00 10 00 00 - 00 00 00 00 f0 00 2d
04 ..............-.
State Dump for Thread Id 0x4d4
eax=00000008 ebx=043fff74 ecx=02b45b90 edx=00000000
esi=77f8377b edi=000004fc
eip=77f83786 esp=043fff58 ebp=043fff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:04e7d52b=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
043FFF7C 77E87837 000004FC 000927C0 00000000 70CFD855
ntdll!NtWaitForSingleObject
77F8316D 4AFFC033 E0850F08 89000005 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
*----> Raw Stack Dump <----*
043fff58 0f 78 e8 77 fc 04 00 00 - 00 00 00 00 74 ff 3f
04 .x.w........t.?.
043fff68 00 00 00 00 b0 35 ad 02 - 3c 31 f8 77 00 44 5f
9a .....5..<1.w.D_.
043fff78 fe ff ff ff 6d 31 f8 77 - 37 78 e8 77 fc 04 00
00 ....m1.w7x.w....
043fff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 fc 04 00
00 .'......U..p....
043fff98 c0 27 09 00 00 00 00 00 - b0 35 ad 02 ec ff 3f
04 .'.......5....?.
043fffa8 b0 35 ad 02 95 d7 cf 70 - 00 00 00 00 6f d7 cf
70 .5.....p....o..p
043fffb8 dd 87 e8 77 b0 35 ad 02 - 00 00 00 00 00 00 00
00 ...w.5..........
043fffc8 b0 35 ad 02 00 70 fa 7f - 00 00 00 00 c0 ff 3f
04 .5...p........?.
043fffd8 00 00 00 00 ff ff ff ff - 56 18 ea 77 88 ae e8
77 ........V..w...w
043fffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf
70 ............f..p
043ffff8 b0 35 ad 02 00 00 00 00 - 17 ef c8 ca 01 00 00
00 .5..............
04400008 00 00 00 00 00 00 00 00 - 6d 1a 2c 14 2b 00 2b
00 ........m.,.+.+.
04400018 41 ca 86 a1 32 00 15 00 - 2e ab 86 17 18 00 18
00 A...2...........
04400028 4e 79 36 e1 10 00 10 00 - fb a0 a2 ac 14 00 14
00 Ny6.............
04400038 b9 00 6b a2 1c 00 12 00 - 30 eb 4c d8 14 00 16
00 ..k.....0.L.....
04400048 00 00 00 00 00 00 00 00 - 7f 09 e8 2a 5b 00 0e
00 ...........*[...
04400058 7a 62 a2 ce 4b 00 11 00 - 4a 26 9e 70 61 00 13
00 zb..K...J&.pa...
04400068 90 1e 99 e6 5e 00 1e 00 - 57 b3 a4 41 80 01 20
01 ....^...W..A.. .
04400078 08 19 09 78 10 00 10 00 - 38 b8 26 de 88 01 58
02 ...x....8.&...X.
04400088 02 97 7f a2 34 00 15 00 - 30 cf 34 54 09 00 09
00 ....4...0.4T....
State Dump for Thread Id 0x5ac
eax=00000102 ebx=8119a2c0 ecx=8119a2c0 edx=00000000
esi=00143d98 edi=00143dd8
eip=77f83bb8 esp=04edfe28 ebp=04edff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:0595d3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
04EDFF74 77D420D9 77D42528 00143D98 01460178 00000000
ntdll!NtReplyWaitReceivePortEx
04EDFFA8 77D424DA 001CB5C8 04EDFFEC 77E887DD 001D00E0
rpcrt4!NdrConformantArrayMemorySize
04EDFFB4 77E887DD 001D00E0 01460178 00000000 001D00E0
rpcrt4!NdrConformantArrayMemorySize
04EDFFEC 00000000 77D424C2 001D00E0 00000000 11111111
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
04edfe28 85 22 d4 77 d8 00 00 00 - 54 ff ed 04 00 00 00
00 .".w....T.......
04edfe38 e8 93 21 00 00 00 00 00 - 48 1a 14 00 c8 b5 1c
00 ..!.....H.......
04edfe48 e0 00 1d 00 0c 4b 29 81 - ac 9b d6 b6 65 f1 44
80 .....K).....e.D.
04edfe58 88 46 22 81 0c 4b 29 81 - d8 fd 9c 01 10 fe 9c
01 .F"..K).........
04edfe68 04 00 00 00 2c 9b d6 b6 - 40 6a 89 81 03 00 1f
00 ....,...@j......
04edfe78 08 4b 29 81 a4 46 22 81 - c0 9b d6 b6 54 1d 49
80 .K)..F".....T.I.
04edfe88 93 20 49 80 88 46 22 81 - 77 20 49 80 40 6a 89
81 . I..F".w I.@j..
04edfe98 03 00 1f 00 08 4b 29 81 - 38 9b d6 b6 00 4b 29
81 .....K).8....K).
04edfea8 58 dd 14 e2 ac 02 00 00 - 08 4b 29 81 08 4b 29
81 X........K)..K).
04edfeb8 38 9d d6 b6 8c 05 46 80 - 68 29 40 80 ff ff ff
ff 8.....F.h)@.....
04edfec8 08 9c d6 b6 55 54 4a 80 - 88 46 22 81 f4 9b d6
b6 ....UTJ..F".....
04edfed8 08 4b 29 81 68 1c 4b 81 - 00 00 00 00 00 00 00
00 .K).h.K.........
04edfee8 00 00 00 00 00 00 00 00 - 04 02 00 00 00 00 00
00 ................
04edfef8 48 dd 14 e2 00 00 00 00 - 38 7f bd 62 88 46 22
81 H.......8..b.F".
04edff08 48 dd 14 e2 d8 50 50 c0 - b9 01 00 00 00 20 50
c0 H....PP...... P.
04edff18 01 00 00 00 c8 be 19 00 - 8c 0a 00 00 d8 50 50
c0 .............PP.
04edff28 00 20 50 c0 40 0c 23 81 - c0 a2 19 81 00 00 00
00 . P.@.#.........
04edff38 c0 a2 19 81 50 a4 19 81 - 64 9c d6 b6 f3 da 42
80 ....P...d.....B.
04edff48 a4 da 42 80 d4 4b 06 80 - 20 a4 19 81 c0 a2 19
81 ..B..K.. .......
04edff58 00 a2 2f 4d ff ff ff ff - 50 fe ed 04 ff ff ff
ff ../M....P.......
State Dump for Thread Id 0x6f4
eax=0509f7f8 ebx=00000002 ecx=0015bf18 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=0509fd30 ebp=0509fd7c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:05b1d303=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0509FD7C 77E12A00 0509FD54 00000001 00000000 0509FD74
ntdll!NtWaitForMultipleObjects
0509FDD8 77E12A77 0509FDA4 0509FE28 0000EA60 000000FF
user32!MsgWaitForMultipleObjectsEx
0509FDF4 017F545C 00000001 0509FE28 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00000001 00000000 00000000 00000000 00000000 00000000 !
<nosymbols>
*----> Raw Stack Dump <----*
0509fd30 b7 7a e8 77 02 00 00 00 - 54 fd 09 05 01 00 00
00 .z.w....T.......
0509fd40 00 00 00 00 74 fd 09 05 - 00 00 00 00 00 00 00
00 ....t...........
0509fd50 02 00 00 00 18 02 00 00 - 74 02 00 00 80 3d c4
01 ........t....=..
0509fd60 f7 01 00 00 a2 7a e1 77 - 10 01 1a 00 0b c1 00
00 .....z.w........
0509fd70 f7 01 00 00 00 ba 3c dc - ff ff ff ff d8 fd 09
05 ......<.........
0509fd80 00 2a e1 77 54 fd 09 05 - 01 00 00 00 00 00 00
00 .*.wT...........
0509fd90 74 fd 09 05 00 00 00 00 - 00 00 00 00 a0 3e c4
01 t............>..
0509fda0 60 ea 00 00 18 02 00 00 - 74 02 00 00 00 00 00
00 `.......t.......
0509fdb0 00 00 00 00 a4 fd 09 05 - 20 fe 09 05 14 fe 09
05 ........ .......
0509fdc0 f4 85 80 01 b0 f6 80 01 - 00 00 00 00 cc 66 fd
7f .............f..
0509fdd0 00 00 00 00 74 02 00 00 - f4 fd 09 05 77 2a e1
77 ....t.......w*.w
0509fde0 a4 fd 09 05 28 fe 09 05 - 60 ea 00 00 ff 00 00
00 ....(...`.......
0509fdf0 00 00 00 00 01 00 00 00 - 5c 54 7f 01 01 00 00
00 ........\T......
0509fe00 28 fe 09 05 00 00 00 00 - 60 ea 00 00 ff 00 00
00 (.......`.......
0509fe10 a0 3e c4 01 18 de 80 01 - 80 ff 09 05 00 00 00
00 .>..............
0509fe20 01 00 00 00 01 00 00 00 - 18 02 00 00 15 c1 80
01 ................
0509fe30 ff ff ff ff 80 ff 09 05 - 6e 56 7f 01 00 00 00
00 ........nV......
0509fe40 f8 db 80 01 18 de 80 01 - 20 df 80 01 7d 56 7f
01 ........ ...}V..
0509fe50 a0 3e c4 01 01 80 00 00 - e0 59 c4 01 e0 59 c4
01 .>.......Y...Y..
0509fe60 00 80 fd 7f fc 07 30 c0 - 00 00 00 00 28 88 24
81 ......0.....(.$.
State Dump for Thread Id 0x550
eax=00000000 ebx=00000002 ecx=017f0000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=051afe50 ebp=051afe9c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:05c2d423=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
051AFE9C 77E12A00 051AFE74 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
051AFEF8 77E12A77 051AFEC4 0181440C FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
051AFF14 01800D9A 00000001 0181440C 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
051AFF80 018036A3 00000001 0000010B 77FCB650 01C45ED8 !
<nosymbols>
051AFFB4 77E887DD 01C45ED8 0000010B 77FCB650 01C45ED8 !
<nosymbols>
051AFFEC 00000000 01803637 01C45ED8 00000000 FFFFFFFF
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
051afe50 b7 7a e8 77 02 00 00 00 - 74 fe 1a 05 01 00 00
00 .z.w....t.......
051afe60 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
051afe70 02 00 00 00 90 01 00 00 - 0c 03 00 00 00 00 00
00 ................
051afe80 00 00 00 00 6c ff 1a 05 - cd ab ba dc 18 ff 1a
05 ....l...........
051afe90 c8 1b e1 77 85 0a 80 01 - 54 02 68 00 f8 fe 1a
05 ...w....T.h.....
051afea0 00 2a e1 77 74 fe 1a 05 - 01 00 00 00 00 00 00
00 .*.wt...........
051afeb0 00 00 00 00 00 00 00 00 - f4 43 81 01 00 00 00
00 .........C......
051afec0 45 27 e1 77 90 01 00 00 - 0c 03 00 00 e8 fe 1a
05 E'.w............
051afed0 2f 21 e1 77 cd c0 00 00 - 6c ff 1a 05 50 80 6b
00 /!.w....l...P.k.
051afee0 00 40 fd 7f 45 27 e1 77 - 00 00 00 00 cc 46 fd
7f [email protected]'.w.....F..
051afef0 00 00 00 00 0c 03 00 00 - 14 ff 1a 05 77 2a e1
77 ............w*.w
051aff00 c4 fe 1a 05 0c 44 81 01 - ff ff ff ff ff 00 00
00 .....D..........
051aff10 00 00 00 00 80 ff 1a 05 - 9a 0d 80 01 01 00 00
00 ................
051aff20 0c 44 81 01 00 00 00 00 - ff ff ff ff ff 00 00
00 .D..............
051aff30 d8 5e c4 01 0b 01 00 00 - d8 5e c4 01 03 00 00
00 .^.......^......
051aff40 85 0a 80 01 00 00 00 00 - 00 00 00 00 00 00 7f
01 ................
051aff50 00 00 00 00 11 00 01 00 - 00 00 00 00 00 00 00
00 ................
051aff60 ec f3 80 01 54 02 68 00 - cd c0 00 00 00 00 00
00 ....T.h.........
051aff70 00 00 00 00 6f 49 f3 06 - d7 02 00 00 b0 02 00
00 ....oI..........
051aff80 b4 ff 1a 05 a3 36 80 01 - 01 00 00 00 0b 01 00
00 .....6..........
Application exception occurred:
App: svchost.exe (pid=396)
When: 10/1/2003 @ 09:25:01.093
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: SYSTEM
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
532 rtvscan.exe
572 regsvc.exe
376 mstask.exe
652 stisvc.exe
696 WinMgmt.exe
712 mspmspsv.exe
724 svchost.exe
1036 explorer.exe
1104 igfxtray.exe
1112 hkcmd.exe
1136 vptray.exe
1172 FINDFAST.exe
1220 OSA.exe
1208 ipmsg.exe
1192 EXTRA.exe
1376 aomdemon.exe
1116 DRWTSN32.exe
0 _Total.exe
(01000000 - 01005000)
(77F80000 - 77FFB000)
(77DB0000 - 77E0D000)
(77E80000 - 77F36000)
(77D30000 - 77DA1000)
(77A50000 - 77B45000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(76190000 - 761CD000)
(78000000 - 78046000)
(77C10000 - 77C6E000)
(75030000 - 75043000)
(75020000 - 75028000)
(77BE0000 - 77BEF000)
(74FF0000 - 75002000)
(77980000 - 779A4000)
(75050000 - 75058000)
(74FD0000 - 74FED000)
(75010000 - 75017000)
(782C0000 - 782CC000)
(77340000 - 77353000)
(77520000 - 77525000)
(77320000 - 77337000)
(75150000 - 75160000)
(75170000 - 751BF000)
(751C0000 - 751C6000)
(77950000 - 7797A000)
(779B0000 - 77A4B000)
(773B0000 - 773DE000)
(77380000 - 773A2000)
(77830000 - 7783E000)
(77880000 - 7790D000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(71710000 - 71794000)
(70BD0000 - 70C35000)
(77360000 - 77379000)
(777E0000 - 777E8000)
(777F0000 - 777F5000)
(775A0000 - 77625000)
(782D0000 - 782EE000)
State Dump for Thread Id 0x188
eax=00000004 ebx=00000000 ecx=00000000 edx=00000000
esi=00000000 edi=00000048
eip=77f839eb esp=0006fc38 ebp=0006fca8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtReadFile
77f839e0 b8a1000000 mov eax,0xa1
77f839e5 8d542404 lea edx,
[esp+0x4] ss:00aed20b=????????
77f839e9 cd2e int 2e
77f839eb c22400 ret 0x24
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006FCA8 77DB2252 00000048 0006FD80 00000216 0006FCD0
ntdll!NtReadFile
0006FCD4 77DB20F2 00000048 0006FD80 00000216 0006FD0C
advapi32!StartServiceCtrlDispatcherW
0006FD50 77DB1E43 00000048 0006FD80 00000216 00074958
advapi32!StartServiceCtrlDispatcherW
0006FFB0 0100113D 00074958 00720065 004E0000 77E9CA90
advapi32!StartServiceCtrlDispatcherW
0006FFF0 00000000 010010B8 00000000 000000C8 00000100
svchost!<nosymbols>
*----> Raw Stack Dump <----*
0006fc38 07 7f e8 77 48 00 00 00 - 00 00 00 00 00 00 00
00 ...wH...........
0006fc48 00 00 00 00 80 fc 06 00 - 80 fd 06 00 16 02 00
00 ................
0006fc58 00 00 00 00 00 00 00 00 - 0c fd 06 00 7c 7e e8
77 ............|~.w
0006fc68 80 fd 06 00 00 00 00 00 - 01 00 00 00 c8 55 07
00 .............U..
0006fc78 94 fd 06 00 00 00 00 00 - 70 00 00 00 70 49 07
00 ........p...pI..
0006fc88 8c 01 00 00 00 00 00 00 - 60 fc 06 00 40 fd 06
00 ........`...@...
0006fc98 40 fd 06 00 56 18 ea 77 - 38 7f e8 77 ff ff ff
ff @...V..w8..w....
0006fca8 d4 fc 06 00 52 22 db 77 - 48 00 00 00 80 fd 06
00 ....R".wH.......
0006fcb8 16 02 00 00 d0 fc 06 00 - 00 00 00 00 c8 55 07
00 .............U..
0006fcc8 80 fd 06 00 00 00 00 00 - 00 00 00 00 50 fd 06
00 ............P...
0006fcd8 f2 20 db 77 48 00 00 00 - 80 fd 06 00 16 02 00
00 . .wH...........
0006fce8 0c fd 06 00 58 49 07 00 - 00 00 00 00 00 f0 fd
7f ....XI..........
0006fcf8 8b 96 d3 77 b0 49 07 00 - 94 fd 06 00 00 00 00
00 ...w.I..........
0006fd08 3c fd 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 <...............
0006fd18 78 4f 07 00 70 49 07 00 - 98 01 00 00 70 00 65
00 xO..pI......p.e.
0006fd28 32 00 00 00 01 00 00 00 - 30 24 db 77 00 00 00
00 2.......0$.w....
0006fd38 ec fc 06 00 b0 49 07 00 - a0 ff 06 00 fb 19 db
77 .....I.........w
0006fd48 40 56 db 77 ff ff ff ff - b0 ff 06 00 43 1e db
77 @V.w........C..w
0006fd58 48 00 00 00 80 fd 06 00 - 16 02 00 00 58 49 07
00 H...........XI..
0006fd68 c0 48 07 00 00 f0 fd 7f - 00 00 00 00 64 fd 06
00 .H..........d...
State Dump for Thread Id 0x198
eax=77b33930 ebx=00000000 ecx=77b32d78 edx=00000000
esi=77f8318c edi=0043fe88
eip=77f83197 esp=0043fe74 ebp=0043fe90 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:00ebd447=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0043FE90 7619F62A 0001D8A8 00000000 000006B3 00000002
ntdll!NtDelayExecution
0043FEB8 7619D8FC 00000000 00074F84 00000000 01003000
rpcss!<nosymbols>
0043FF84 0100157B 00000001 00074F80 00000000 00074F78
rpcss!<nosymbols>
7619D74E 0000B4EC 33565300 5D8957DB 019DE8FC 358B0000
svchost!<nosymbols>
*----> Raw Stack Dump <----*
0043fe74 17 76 e8 77 00 00 00 00 - 88 fe 43 00 00 00 00
00 .v.w......C.....
0043fe84 36 ac 12 00 80 dd e0 b7 - ff ff ff ff b8 fe 43
00 6.............C.
0043fe94 2a f6 19 76 a8 d8 01 00 - 00 00 00 00 b3 06 00
00 *..v............
0043fea4 02 00 00 00 00 00 00 00 - 18 05 00 00 76 d7 10
00 ............v...
0043feb4 1e 00 14 00 84 ff 43 00 - fc d8 19 76 00 00 00
00 ......C....v....
0043fec4 84 4f 07 00 00 00 00 00 - 00 30 00 01 72 4f 41
80 .O.......0..rOA.
0043fed4 50 88 89 81 e0 51 89 81 - c4 7c 97 b7 ca 08 45
80 P....Q...|....E.
0043fee4 04 00 00 00 68 8e 57 81 - 66 41 4a 80 80 f3 06
00 ....h.W.fAJ.....
0043fef4 02 00 00 00 84 4f 07 00 - 00 00 00 00 28 49 07
00 .....O......(I..
0043ff04 00 00 00 00 01 00 00 00 - 8c 28 50 c0 7c 00 00
00 .........(P.|...
0043ff14 00 20 50 c0 00 00 00 00 - 00 00 00 00 7c 00 00
00 . P.........|...
0043ff24 01 00 00 00 00 20 50 c0 - e0 67 57 81 40 4d 57
81 ..... P..gW.@MW.
0043ff34 00 00 00 00 40 4d 57 81 - 40 32 07 00 64 7c 97
b7 ....@[email protected]|..
0043ff44 f3 da 42 80 a4 da 42 80 - d4 4b 06 80 a0 4e 57
81 ..B...B..K...NW.
0043ff54 40 4d 57 81 01 10 f4 77 - 00 20 50 c0 00 00 00
00 @MW....w. P.....
0043ff64 c5 a0 e8 77 8e 4f 07 00 - 01 00 00 00 80 00 00
00 ...w.O..........
0043ff74 ff ff ff ff 28 49 07 00 - 32 49 07 00 00 00 00
00 ....(I..2I......
0043ff84 4e d7 19 76 7b 15 00 01 - 01 00 00 00 80 4f 07
00 N..v{........O..
0043ff94 00 00 00 00 78 4f 07 00 - ec ff 43 00 78 4f 07
00 ....xO....C.xO..
0043ffa4 00 00 00 00 3e 24 db 77 - 01 00 00 00 80 4f 07
00 ....>$.w.....O..
State Dump for Thread Id 0x19c
eax=778321fe ebx=00000004 ecx=77db0260 edx=00000000
esi=77f837a7 edi=00000004
eip=77f837b2 esp=0090fd24 ebp=0090fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0138d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0090FD70 77E8A31D 0090FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0090FFB4 77E887DD 00000005 00000000 000B000A 00096100
kernel32!WaitForMultipleObjects
0090FFEC 00000000 778321FE 00096100 00000000 000000C8
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0090fd24 b7 7a e8 77 04 00 00 00 - 48 fd 90 00 01 00 00
00 .z.w....H.......
0090fd34 00 00 00 00 00 00 00 00 - 01 00 00 00 00 61 09
00 .............a..
0090fd44 01 00 00 00 08 01 00 00 - 0c 01 00 00 1c 01 00
00 ................
0090fd54 70 01 00 00 00 00 00 00 - 00 6b 4a 80 00 00 00
00 p........kJ.....
0090fd64 d4 74 5f 81 20 30 88 81 - d8 85 36 e1 b4 ff 90
00 .t_. 0....6.....
0090fd74 1d a3 e8 77 48 fd 90 00 - 01 00 00 00 00 00 00
00 ...wH...........
0090fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 04 00 00
00 .........".w....
0090fd94 b0 fe 90 00 00 00 00 00 - ff ff ff ff 00 61 09
00 .............a..
0090fda4 0a 00 0b 00 00 00 00 00 - 08 df 32 e1 0c df 32
e1 ..........2...2.
0090fdb4 e0 51 89 81 00 00 00 00 - 01 00 00 00 38 00 00
00 .Q..........8...
0090fdc4 23 00 00 00 23 00 00 00 - 00 00 00 00 0a 00 0b
00 #...#...........
0090fdd4 00 61 09 00 00 6c f8 77 - 60 02 db 77 fe 21 83
77 .a...l.w`..w.!.w
0090fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
0090fdf4 fc ff 90 00 23 00 00 00 - 8c 4f 45 80 80 7b 97
b7 ....#....OE..{..
0090fe04 28 11 57 81 28 11 57 81 - 40 00 00 00 24 7b 97
b7 (.W.(.W.@...${..
0090fe14 d0 f8 44 80 00 67 57 81 - 00 00 00 00 00 00 00
00 ..D..gW.........
0090fe24 e8 77 57 81 a6 24 49 80 - e8 77 57 81 dc 00 00
00 .wW..$I..wW.....
0090fe34 40 6a 89 81 03 00 10 00 - 28 11 57 81 40 6a 89
81 @j......(.W.@j..
0090fe44 40 11 57 81 28 11 57 81 - 2c 11 57 81 e0 51 89
81 @.W.(.W.,.W..Q..
0090fe54 40 7d 97 b7 01 00 00 00 - e0 67 57 81 01 00 00
00 @}.......gW.....
State Dump for Thread Id 0x1a4
eax=00086858 ebx=0042b198 ecx=0095fd38 edx=00086858
esi=00074928 edi=0095f898
eip=e03c3a68 esp=0095f794 ebp=00580046 iopl=0 nv
up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000212
function: <nosymbols>
e03c3a5e ???
e03c3a5f ???
e03c3a60 ???
e03c3a61 ???
e03c3a62 ???
e03c3a63 ???
e03c3a64 ???
e03c3a65 ???
e03c3a66 ???
e03c3a67 ???
FAULT ->e03c3a68 ???
e03c3a69 ???
e03c3a6a ???
e03c3a6b ???
e03c3a6c ???
e03c3a6d ???
e03c3a6e ???
e03c3a6f ???
e03c3a70 ???
e03c3a71 ???
e03c3a72 ???
e03c3a73 ???
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0095F790 0095F8A0 010013C0 00074928 90909090 90909090
<nosymbols>
00580046 00000000 00000000 00000000 00000000 00000000
<nosymbols>
*----> Raw Stack Dump <----*
0095f794 a0 f8 95 00 c0 13 00 01 - 28 49 07 00 90 90 90
90 ........(I......
0095f7a4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7b4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7c4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7d4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7e4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7f4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f804 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f814 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f824 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f834 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f844 90 90 90 eb 19 5e 31 c9 - 81 e9 89 ff ff ff 81
36 .....^1........6
0095f854 80 bf 32 94 81 ee fc ff - ff ff e2 f2 eb 05 e8
e2 ..2.............
0095f864 ff ff ff 03 53 06 1f 74 - 57 75 95 80 bf bb 92
7f ....S..tWu......
0095f874 89 5a 1a ce b1 de 7c e1 - be 32 94 09 f9 3a 6b
b6 .Z....|..2...:k.
0095f884 d7 9f 4d 85 71 da c6 81 - bf 32 1d c6 b3 5a f8
ec ..M.q....2...Z..
0095f894 bf 32 fc b3 8d 1c f0 e8 - c8 41 a6 df eb cd c2
88 .2.......A......
0095f8a4 36 74 90 7f 89 5a e6 7e - 0c 24 7c ad be 32 94
09 6t...Z.~.$|..2..
0095f8b4 f9 22 6b b6 d7 4c 4c 62 - cc da 8a 81 bf 32 1d
c6 ."k..LLb.....2..
0095f8c4 ab cd e2 84 d7 f9 79 7c - 84 da 9a 81 bf 32 1d
c6 ......y|.....2..
State Dump for Thread Id 0x1dc
eax=00000000 ebx=00007530 ecx=7ffd9000 edx=00000000
esi=000750c8 edi=00007530
eip=77f837dc esp=009afebc ebp=009afee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: ZwRemoveIoCompletion
77f837d1 b8a8000000 mov eax,0xa8
77f837d6 8d542404 lea edx,
[esp+0x4] ss:0142d48f=????????
77f837da cd2e int 2e
77f837dc c21400 ret 0x14
77f837df 53 push ebx
77f837e0 f7e1 mul ecx
77f837e2 8bd8 mov ebx,eax
77f837e4 8b442408 mov eax,
[esp+0x8] ss:0142d48f=????????
77f837e8 f7642414 mul dword ptr
[esp+0x14] ss:0142d48f=????????
77f837ec 03d8 add ebx,eax
77f837ee 8b442408 mov eax,
[esp+0x8] ss:0142d48f=????????
77f837f2 f7e1 mul ecx
77f837f4 03d3 add edx,ebx
77f837f6 5b pop ebx
77f837f7 c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
009AFEE4 77D40090 0000005C 009AFF1C 009AFF0C 009AFF14
ntdll!ZwRemoveIoCompletion
009AFF20 77D48565 00007530 009AFF60 009AFF5C 009AFF70
rpcrt4!PerformRpcInitialization
009AFF74 77D48444 77D425B9 000750C8 00000000 00000000
rpcrt4!NdrClientContextUnmarshall
009AFFA8 77D424DA 00074D38 009AFFEC 77E887DD 000802C0
rpcrt4!NdrClientContextUnmarshall
009AFFB4 77E887DD 000802C0 00000000 00000000 000802C0
rpcrt4!NdrConformantArrayMemorySize
009AFFEC 00000000 77D424C2 000802C0 00000000 2B4D4F43
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
009afebc 2e 79 e8 77 5c 00 00 00 - 0c ff 9a 00 fc fe 9a
00 .y.w\...........
009afecc dc fe 9a 00 d4 fe 9a 00 - 00 5d 1e ee ff ff ff
ff .........]......
009afedc f0 47 08 00 00 00 00 00 - 20 ff 9a 00 90 00 d4
77 .G...... ......w
009afeec 5c 00 00 00 1c ff 9a 00 - 0c ff 9a 00 14 ff 9a
00 \...............
009afefc 30 75 00 00 30 75 00 00 - c8 50 07 00 b2 73 e8
77 0u..0u...P...s.w
009aff0c 00 00 00 00 5c 00 00 00 - b0 b9 d3 77 12 10 02
c0 ....\......w....
009aff1c 00 00 00 00 74 ff 9a 00 - 65 85 d4 77 30 75 00
00 ....t...e..w0u..
009aff2c 60 ff 9a 00 5c ff 9a 00 - 70 ff 9a 00 58 ff 9a
00 `...\...p...X...
009aff3c 64 ff 9a 00 6c ff 9a 00 - c0 4c 07 00 28 8e 09
00 d...l....L..(...
009aff4c 6d 31 f8 77 5c 00 00 00 - 04 00 00 00 00 a2 2f
4d m1.w\........./M
009aff5c 12 10 02 c0 00 00 00 00 - 00 00 00 00 01 00 00
00 ................
009aff6c 00 00 00 00 5c 00 00 00 - a8 ff 9a 00 44 84 d4
77 ....\.......D..w
009aff7c b9 25 d4 77 c8 50 07 00 - 00 00 00 00 00 00 00
00 .%.w.P..........
009aff8c c0 02 08 00 00 ba 3c dc - ff ff ff ff 00 ba 3c
dc ......<.......<.
009aff9c ff ff ff ff 60 ea 00 00 - c0 02 08 00 b4 ff 9a
00 ....`...........
009affac da 24 d4 77 38 4d 07 00 - ec ff 9a 00 dd 87 e8
77 .$.w8M.........w
009affbc c0 02 08 00 00 00 00 00 - 00 00 00 00 c0 02 08
00 ................
009affcc 00 90 fd 7f 00 00 00 00 - c0 ff 9a 00 00 00 00
00 ................
009affdc ff ff ff ff 56 18 ea 77 - 88 ae e8 77 00 00 00
00 ....V..w...w....
009affec 00 00 00 00 00 00 00 00 - c2 24 d4 77 c0 02 08
00 .........$.w....
State Dump for Thread Id 0x48c
eax=00070110 ebx=00320008 ecx=00000084 edx=00000000
esi=00079530 edi=00000100
eip=77f83bb8 esp=00a3fe28 ebp=00a3ff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:014bd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00A3FF74 77D420D9 77D42528 00079530 00000000 000D4740
ntdll!NtReplyWaitReceivePortEx
00A3FFA8 77D424DA 00099F30 00A3FFEC 77E887DD 00099F58
rpcrt4!NdrConformantArrayMemorySize
00A3FFB4 77E887DD 00099F58 00000000 000D4740 00099F58
rpcrt4!NdrConformantArrayMemorySize
00A3FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x400
eax=00abfec0 ebx=001407de ecx=000000fa edx=00000000
esi=77f8318c edi=00abff88
eip=77f83197 esp=00abff74 ebp=00abff90 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0153d547=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00ABFF90 761A5902 0001D8A8 00000000 77D37D12 00077ED0
ntdll!NtDelayExecution
00ABFFB4 77E887DD 00000000 77D37D12 00077ED0 00000000
rpcss!<nosymbols>
00ABFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x510
eax=000a9000 ebx=001407de ecx=00aff640 edx=00000000
esi=77f8318c edi=00afff88
eip=77f83197 esp=00afff74 ebp=00afff90 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0157d547=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00AFFF90 761A5902 0001D8A8 00000000 77D37D12 00077ED0
ntdll!NtDelayExecution
00AFFFB4 77E887DD 00000000 77D37D12 00077ED0 00000000
rpcss!<nosymbols>
00AFFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x410
eax=00b3f764 ebx=77f8316d ecx=00467a58 edx=00000000
esi=000a6980 edi=00074cc0
eip=77f83197 esp=00b3ff78 ebp=00b3ffa8 iopl=0 nv
up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000286
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:015bd54b=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00B3FFA8 77D424DA 00074D38 00B3FFEC 77E887DD 0008E010
ntdll!NtDelayExecution
00B3FFB4 77E887DD 0008E010 77D339FF 000A1368 0008E010
rpcrt4!NdrConformantArrayMemorySize
00B3FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
Application exception occurred:
App: svchost.exe (pid=396)
When: 10/1/2003 @ 12:17:02.984
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: SYSTEM
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
572 regsvc.exe
592 mstask.exe
608 stisvc.exe
684 WinMgmt.exe
704 mspmspsv.exe
716 svchost.exe
1032 explorer.exe
1128 igfxtray.exe
1152 hkcmd.exe
1212 vptray.exe
1256 FINDFAST.exe
1268 OSA.exe
1292 ipmsg2.02.exe
744 EXTRA.exe
1372 aomdemon.exe
1316 DLLHOST.exe
1008 msdtc.exe
1220 wmplayer.exe
1512 DRWTSN32.exe
0 _Total.exe
(01000000 - 01005000)
(77F80000 - 77FFB000)
(77DB0000 - 77E0D000)
(77E80000 - 77F36000)
(77D30000 - 77DA1000)
(77A50000 - 77B45000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(76190000 - 761CD000)
(78000000 - 78046000)
(77C10000 - 77C6E000)
(75030000 - 75043000)
(75020000 - 75028000)
(77BE0000 - 77BEF000)
(74FF0000 - 75002000)
(77980000 - 779A4000)
(75050000 - 75058000)
(74FD0000 - 74FED000)
(75010000 - 75017000)
(782C0000 - 782CC000)
(77340000 - 77353000)
(77520000 - 77525000)
(77320000 - 77337000)
(75150000 - 75160000)
(75170000 - 751BF000)
(751C0000 - 751C6000)
(77950000 - 7797A000)
(779B0000 - 77A4B000)
(773B0000 - 773DE000)
(77380000 - 773A2000)
(77830000 - 7783E000)
(77880000 - 7790D000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(71710000 - 71794000)
(70BD0000 - 70C35000)
(77360000 - 77379000)
(777E0000 - 777E8000)
(777F0000 - 777F5000)
(775A0000 - 77625000)
(782D0000 - 782EE000)
State Dump for Thread Id 0x188
eax=00000004 ebx=00000000 ecx=00000000 edx=00000000
esi=00000000 edi=00000048
eip=77f839eb esp=0006fc38 ebp=0006fca8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtReadFile
77f839e0 b8a1000000 mov eax,0xa1
77f839e5 8d542404 lea edx,
[esp+0x4] ss:00aed20b=????????
77f839e9 cd2e int 2e
77f839eb c22400 ret 0x24
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006FCA8 77DB2252 00000048 0006FD80 00000216 0006FCD0
ntdll!NtReadFile
0006FCD4 77DB20F2 00000048 0006FD80 00000216 0006FD0C
advapi32!StartServiceCtrlDispatcherW
0006FD50 77DB1E43 00000048 0006FD80 00000216 00074958
advapi32!StartServiceCtrlDispatcherW
0006FFB0 0100113D 00074958 00720065 004E0000 77E9CA90
advapi32!StartServiceCtrlDispatcherW
0006FFF0 00000000 010010B8 00000000 000000C8 00000100
svchost!<nosymbols>
*----> Raw Stack Dump <----*
0006fc38 07 7f e8 77 48 00 00 00 - 00 00 00 00 00 00 00
00 ...wH...........
0006fc48 00 00 00 00 80 fc 06 00 - 80 fd 06 00 16 02 00
00 ................
0006fc58 00 00 00 00 00 00 00 00 - 0c fd 06 00 7c 7e e8
77 ............|~.w
0006fc68 80 fd 06 00 00 00 00 00 - 01 00 00 00 c8 55 07
00 .............U..
0006fc78 94 fd 06 00 00 00 00 00 - 70 00 00 00 70 49 07
00 ........p...pI..
0006fc88 8c 01 00 00 00 00 00 00 - 60 fc 06 00 40 fd 06
00 ........`...@...
0006fc98 40 fd 06 00 56 18 ea 77 - 38 7f e8 77 ff ff ff
ff @...V..w8..w....
0006fca8 d4 fc 06 00 52 22 db 77 - 48 00 00 00 80 fd 06
00 ....R".wH.......
0006fcb8 16 02 00 00 d0 fc 06 00 - 00 00 00 00 c8 55 07
00 .............U..
0006fcc8 80 fd 06 00 00 00 00 00 - 00 00 00 00 50 fd 06
00 ............P...
0006fcd8 f2 20 db 77 48 00 00 00 - 80 fd 06 00 16 02 00
00 . .wH...........
0006fce8 0c fd 06 00 58 49 07 00 - 00 00 00 00 00 f0 fd
7f ....XI..........
0006fcf8 8b 96 d3 77 b0 49 07 00 - 94 fd 06 00 00 00 00
00 ...w.I..........
0006fd08 3c fd 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 <...............
0006fd18 78 4f 07 00 70 49 07 00 - 84 01 00 00 70 00 65
00 xO..pI......p.e.
0006fd28 32 00 00 00 01 00 00 00 - 30 24 db 77 00 00 00
00 2.......0$.w....
0006fd38 ec fc 06 00 b0 49 07 00 - a0 ff 06 00 fb 19 db
77 .....I.........w
0006fd48 40 56 db 77 ff ff ff ff - b0 ff 06 00 43 1e db
77 @V.w........C..w
0006fd58 48 00 00 00 80 fd 06 00 - 16 02 00 00 58 49 07
00 H...........XI..
0006fd68 c0 48 07 00 00 f0 fd 7f - 00 00 00 00 64 fd 06
00 .H..........d...
State Dump for Thread Id 0x184
eax=77b33930 ebx=00000000 ecx=77b32d78 edx=00000000
esi=77f8318c edi=0043fe88
eip=77f83197 esp=0043fe74 ebp=0043fe90 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:00ebd447=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0043FE90 7619F62A 0001D8A8 00000000 000006B3 00000002
ntdll!NtDelayExecution
0043FEB8 7619D8FC 00000000 00074F84 00000000 01003000
rpcss!<nosymbols>
0043FF84 0100157B 00000001 00074F80 00000000 00074F78
rpcss!<nosymbols>
7619D74E 0000B4EC 33565300 5D8957DB 019DE8FC 358B0000
svchost!<nosymbols>
*----> Raw Stack Dump <----*
0043fe74 17 76 e8 77 00 00 00 00 - 88 fe 43 00 00 00 00
00 .v.w......C.....
0043fe84 b7 1d 9b 00 80 dd e0 b7 - ff ff ff ff b8 fe 43
00 ..............C.
0043fe94 2a f6 19 76 a8 d8 01 00 - 00 00 00 00 b3 06 00
00 *..v............
0043fea4 02 00 00 00 00 00 00 00 - 94 05 00 00 f7 48 99
00 .............H..
0043feb4 d7 32 9e 00 84 ff 43 00 - fc d8 19 76 00 00 00
00 .2....C....v....
0043fec4 84 4f 07 00 00 00 00 00 - 00 30 00 01 72 4f 41
80 .O.......0..rOA.
0043fed4 50 88 89 81 e0 51 89 81 - c4 fc 97 b7 ca 08 45
80 P....Q........E.
0043fee4 04 00 00 00 08 a0 57 81 - 66 41 4a 80 80 f3 06
00 ......W.fAJ.....
0043fef4 02 00 00 00 84 4f 07 00 - 00 00 00 00 28 49 07
00 .....O......(I..
0043ff04 00 00 00 00 01 00 00 00 - 8c 28 50 c0 7c 00 00
00 .........(P.|...
0043ff14 00 20 50 c0 00 00 00 00 - 00 00 00 00 7c 00 00
00 . P.........|...
0043ff24 01 00 00 00 00 20 50 c0 - 60 8c 57 81 80 71 57
81 ..... P.`.W..qW.
0043ff34 00 00 00 00 80 71 57 81 - 40 32 07 00 64 fc 97
b7 [email protected]...
0043ff44 f3 da 42 80 a4 da 42 80 - d4 4b 06 80 e0 72 57
81 ..B...B..K...rW.
0043ff54 80 71 57 81 01 10 f4 77 - 00 20 50 c0 00 00 00
00 .qW....w. P.....
0043ff64 c5 a0 e8 77 8e 4f 07 00 - 01 00 00 00 80 00 00
00 ...w.O..........
0043ff74 ff ff ff ff 28 49 07 00 - 32 49 07 00 00 00 00
00 ....(I..2I......
0043ff84 4e d7 19 76 7b 15 00 01 - 01 00 00 00 80 4f 07
00 N..v{........O..
0043ff94 00 00 00 00 78 4f 07 00 - ec ff 43 00 78 4f 07
00 ....xO....C.xO..
0043ffa4 00 00 00 00 3e 24 db 77 - 01 00 00 00 80 4f 07
00 ....>$.w.....O..
State Dump for Thread Id 0x19c
eax=778321fe ebx=00000004 ecx=77db0260 edx=00000000
esi=77f837a7 edi=00000004
eip=77f837b2 esp=0090fd24 ebp=0090fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0138d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0090FD70 77E8A31D 0090FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0090FFB4 77E887DD 00000005 00000000 000B000A 00096100
kernel32!WaitForMultipleObjects
0090FFEC 00000000 778321FE 00096100 00000000 000000C8
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0090fd24 b7 7a e8 77 04 00 00 00 - 48 fd 90 00 01 00 00
00 .z.w....H.......
0090fd34 00 00 00 00 00 00 00 00 - 01 00 00 00 00 61 09
00 .............a..
0090fd44 01 00 00 00 08 01 00 00 - 0c 01 00 00 1c 01 00
00 ................
0090fd54 70 01 00 00 00 00 00 00 - 00 6b 4a 80 00 00 00
00 p........kJ.....
0090fd64 74 06 61 81 20 30 88 81 - d8 85 36 e1 b4 ff 90
00 t.a. 0....6.....
0090fd74 1d a3 e8 77 48 fd 90 00 - 01 00 00 00 00 00 00
00 ...wH...........
0090fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 04 00 00
00 .........".w....
0090fd94 b0 fe 90 00 00 00 00 00 - ff ff ff ff 00 61 09
00 .............a..
0090fda4 0a 00 0b 00 00 00 00 00 - 68 ca 32 e1 6c ca 32
e1 ........h.2.l.2.
0090fdb4 e0 51 89 81 00 00 00 00 - 01 00 00 00 38 00 00
00 .Q..........8...
0090fdc4 23 00 00 00 23 00 00 00 - 00 00 00 00 0a 00 0b
00 #...#...........
0090fdd4 00 61 09 00 00 6c f8 77 - 60 02 db 77 fe 21 83
77 .a...l.w`..w.!.w
0090fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
0090fdf4 fc ff 90 00 23 00 00 00 - 8c 4f 45 80 80 fb 97
b7 ....#....OE.....
0090fe04 08 37 57 81 08 37 57 81 - 40 00 00 00 24 fb 97
b7 .7W..7W.@...$...
0090fe14 d0 f8 44 80 00 8c 57 81 - 00 00 00 00 00 00 00
00 ..D...W.........
0090fe24 08 9c 57 81 a6 24 49 80 - 08 9c 57 81 dc 00 00
00 ..W..$I...W.....
0090fe34 40 6a 89 81 03 00 10 00 - 08 37 57 81 40 6a 89
81 @j.......7W.@j..
0090fe44 20 37 57 81 08 37 57 81 - 0c 37 57 81 e0 51 89
81 7W..7W..7W..Q..
0090fe54 40 fd 97 b7 01 00 00 00 - 60 8c 57 81 01 00 00
00 @.......`.W.....
State Dump for Thread Id 0x1a4
eax=000bb8b0 ebx=004601f0 ecx=0095fd38 edx=000bb8b0
esi=00074928 edi=0095f898
eip=e03c3a68 esp=0095f794 ebp=00580046 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
e03c3a5e ???
e03c3a5f ???
e03c3a60 ???
e03c3a61 ???
e03c3a62 ???
e03c3a63 ???
e03c3a64 ???
e03c3a65 ???
e03c3a66 ???
e03c3a67 ???
FAULT ->e03c3a68 ???
e03c3a69 ???
e03c3a6a ???
e03c3a6b ???
e03c3a6c ???
e03c3a6d ???
e03c3a6e ???
e03c3a6f ???
e03c3a70 ???
e03c3a71 ???
e03c3a72 ???
e03c3a73 ???
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0095F790 0095F8A0 010013C0 00074928 90909090 90909090
<nosymbols>
00580046 00000000 00000000 00000000 00000000 00000000
<nosymbols>
*----> Raw Stack Dump <----*
0095f794 a0 f8 95 00 c0 13 00 01 - 28 49 07 00 90 90 90
90 ........(I......
0095f7a4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7b4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7c4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7d4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7e4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7f4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f804 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f814 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f824 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f834 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f844 90 90 90 eb 19 5e 31 c9 - 81 e9 89 ff ff ff 81
36 .....^1........6
0095f854 80 bf 32 94 81 ee fc ff - ff ff e2 f2 eb 05 e8
e2 ..2.............
0095f864 ff ff ff 03 53 06 1f 74 - 57 75 95 80 bf bb 92
7f ....S..tWu......
0095f874 89 5a 1a ce b1 de 7c e1 - be 32 94 09 f9 3a 6b
b6 .Z....|..2...:k.
0095f884 d7 9f 4d 85 71 da c6 81 - bf 32 1d c6 b3 5a f8
ec ..M.q....2...Z..
0095f894 bf 32 fc b3 8d 1c f0 e8 - c8 41 a6 df eb cd c2
88 .2.......A......
0095f8a4 36 74 90 7f 89 5a e6 7e - 0c 24 7c ad be 32 94
09 6t...Z.~.$|..2..
0095f8b4 f9 22 6b b6 d7 4c 4c 62 - cc da 8a 81 bf 32 1d
c6 ."k..LLb.....2..
0095f8c4 ab cd e2 84 d7 f9 79 7c - 84 da 9a 81 bf 32 1d
c6 ......y|.....2..
State Dump for Thread Id 0x1dc
eax=00469c90 ebx=002d0003 ecx=009af8bc edx=00000000
esi=00079530 edi=00000100
eip=77f83bb8 esp=009afe28 ebp=009aff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:0142d3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
009AFF74 77D420D9 77D425B9 00079530 00000000 00000000
ntdll!NtReplyWaitReceivePortEx
009AFFA8 77D424DA 00074D38 009AFFEC 77E887DD 000802C0
rpcrt4!NdrConformantArrayMemorySize
009AFFB4 77E887DD 000802C0 00000000 00000000 000802C0
rpcrt4!NdrConformantArrayMemorySize
009AFFEC 00000000 77D424C2 000802C0 00000000 2B4D4F43
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
009afe28 85 22 d4 77 a0 00 00 00 - 54 ff 9a 00 00 00 00
00 .".w....T.......
009afe38 d0 60 0a 00 58 ff 9a 00 - c0 4c 07 00 28 8e 09
00 .`..X....L..(...
009afe48 6d 31 f8 77 b4 3b 95 b7 - 28 00 40 00 00 00 00
00 m1.w.;..(.@.....
009afe58 f8 05 00 00 e4 05 00 00 - bc 52 00 00 00 00 00
00 .........R......
009afe68 02 87 01 00 00 00 00 00 - 00 00 00 00 b4 3b 95
b7 .............;..
009afe78 77 14 45 80 01 00 00 00 - e0 51 89 81 7a 00 00
00 w.E......Q..z...
009afe88 00 00 00 00 00 00 00 00 - 14 00 00 00 38 00 00
00 ............8...
009afe98 54 0c 00 00 5f 9c ab 2c - 55 0c 00 00 5f 9c ab
2c T..._..,U..._..,
009afea8 56 0c 00 00 5f 9c ab 2c - 57 0c 00 00 5f 9c ab
2c V..._..,W..._..,
009afeb8 58 0c 00 00 5f 9c ab 2c - 59 0c 00 00 5f 9c ab
2c X..._..,Y..._..,
009afec8 5a 0c 00 00 5f 9c ab 2c - 5b 0c 00 00 5f 9c ab
2c Z..._..,[..._..,
009afed8 5c 0c 00 00 5f 9c ab 2c - 5d 0c 00 00 5f 9c ab
2c \..._..,]..._..,
009afee8 5e 0c 00 00 5f 9c ab 2c - 5f 0c 00 00 5f 9c ab
2c ^..._..,_..._..,
009afef8 60 0c 00 00 5f 9c ab 2c - 61 0c 00 00 5f 9c ab
2c `..._..,a..._..,
009aff08 62 0c 00 00 5f 9c ab 2c - 63 0c 00 00 5f 9c ab
2c b..._..,c..._..,
009aff18 64 0c 00 00 5f 9c ab 2c - 65 0c 00 00 5f 9c ab
2c d..._..,e..._..,
009aff28 66 0c 00 00 5f 9c ab 2c - 67 0c 00 00 5f 9c ab
2c f..._..,g..._..,
009aff38 14 00 00 00 00 00 00 00 - 64 3c 95 b7 f3 da 42
80 ........d<....B.
009aff48 a4 da 42 80 d4 4b 06 80 - c0 7e 56 81 03 00 2d
00 ..B..K...~V...-.
009aff58 00 a2 2f 4d ff ff ff ff - 50 fe 9a 00 ff ff ff
ff ../M....P.......
State Dump for Thread Id 0x418
eax=00000000 ebx=009a8957 ecx=00461edc edx=00000000
esi=77f8318c edi=00abff88
eip=77f83197 esp=00abff74 ebp=00abff90 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0153d547=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00ABFF90 761A5902 00018C1F 00000000 77D37D12 00077ED0
ntdll!NtDelayExecution
00ABFFB4 77E887DD 00000000 77D37D12 00077ED0 00000000
rpcss!<nosymbols>
00ABFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x54c
eax=761a5824 ebx=009a8957 ecx=00077ed0 edx=00000000
esi=77f8318c edi=00c4ff88
eip=77f83197 esp=00c4ff74 ebp=00c4ff90 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:016cd547=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF90 761A5902 00018C1F 00000000 77D37D12 00077ED0
ntdll!NtDelayExecution
00C4FFB4 77E887DD 00000000 77D37D12 00077ED0 00000000
rpcss!<nosymbols>
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x2a4
eax=00000000 ebx=000493e0 ecx=7ffd6000 edx=00000000
esi=000750c8 edi=000493e0
eip=77f837dc esp=00d0febc ebp=00d0fee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: ZwRemoveIoCompletion
77f837d1 b8a8000000 mov eax,0xa8
77f837d6 8d542404 lea edx,
[esp+0x4] ss:0178d48f=????????
77f837da cd2e int 2e
77f837dc c21400 ret 0x14
77f837df 53 push ebx
77f837e0 f7e1 mul ecx
77f837e2 8bd8 mov ebx,eax
77f837e4 8b442408 mov eax,
[esp+0x8] ss:0178d48f=????????
77f837e8 f7642414 mul dword ptr
[esp+0x14] ss:0178d48f=????????
77f837ec 03d8 add ebx,eax
77f837ee 8b442408 mov eax,
[esp+0x8] ss:0178d48f=????????
77f837f2 f7e1 mul ecx
77f837f4 03d3 add edx,ebx
77f837f6 5b pop ebx
77f837f7 c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D0FEE4 77D40090 0000005C 00D0FF1C 00D0FF0C 00D0FF14
ntdll!ZwRemoveIoCompletion
00D0FF20 77D48565 000493E0 00D0FF60 00D0FF5C 00D0FF70
rpcrt4!PerformRpcInitialization
00D0FF74 77D48444 77D42528 000750C8 0007A128 74FE9380
rpcrt4!NdrClientContextUnmarshall
00D0FFA8 77D424DA 00079708 00D0FFEC 77E887DD 00079730
rpcrt4!NdrClientContextUnmarshall
00D0FFB4 77E887DD 00079730 0007A128 74FE9380 00079730
rpcrt4!NdrConformantArrayMemorySize
00D0FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x10c
eax=77d424c2 ebx=00320008 ecx=761a2dca edx=00000000
esi=00079530 edi=00000100
eip=77f83bb8 esp=00d4fe28 ebp=00d4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:017cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D4FF74 77D420D9 77D42528 00079530 77D339FF 000B20B8
ntdll!NtReplyWaitReceivePortEx
00D4FFA8 77D424DA 000AA870 00D4FFEC 77E887DD 000BC1E0
rpcrt4!NdrConformantArrayMemorySize
00D4FFB4 77E887DD 000BC1E0 77D339FF 000B20B8 000BC1E0
rpcrt4!NdrConformantArrayMemorySize
00D4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x594
eax=77d424c2 ebx=000aa6f8 ecx=761a2dca edx=00000000
esi=00079530 edi=00000100
eip=77f83bb8 esp=00d8fe28 ebp=00d8ff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:0180d3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D8FF74 77D420D9 77D42528 00079530 77D339FF 000B20B8
ntdll!NtReplyWaitReceivePortEx
00D8FFA8 77D424DA 000A7800 00D8FFEC 77E887DD 000AA6F8
rpcrt4!NdrConformantArrayMemorySize
00D8FFB4 77E887DD 000AA6F8 77D339FF 000B20B8 000AA6F8
rpcrt4!NdrConformantArrayMemorySize
00D8FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
Application exception occurred:
App: rundll32.exe (pid=1108)
When: 10/14/2003 @ 14:39:03.984
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
576 regsvc.exe
600 mstask.exe
628 stisvc.exe
688 WinMgmt.exe
712 mspmspsv.exe
724 svchost.exe
1052 explorer.exe
1152 igfxtray.exe
1180 hkcmd.exe
1228 vptray.exe
1284 FINDFAST.exe
1304 OSA.exe
1376 ipmsg2.02.exe
1012 wmplayer.exe
1044 telnet.exe
1108 rundll32.exe
260 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77D9E000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B3C000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(66D20000 - 66D51000)
(773E0000 - 773F5000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(75030000 - 75043000)
(75020000 - 75028000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(10000000 - 10017000)
State Dump for Thread Id 0x4f8
eax=003bee30 ebx=01402020 ecx=a036eed8 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 00084520 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 0022011E 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 0022011E 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A3B0 0022011E 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 0022011E 01000000 0007A280 00000454
shell32!SHFileOperationA
0006FF18 010016EB 0022011E 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 10 4a 09 00 - dc e5 06 00 f8 b2 74
71 .....J........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 1c 4b 09 00 10 4a 09 00 - 90 f2 07 00 c2 00 16
00 .K...J..........
0006e5a0 0f 00 00 00 00 00 00 00 - 00 00 00 00 d8 81 41
01 ..............A.
0006e5b0 4a 02 00 00 b7 01 00 00 - fe 00 00 00 00 00 00
00 J...............
0006e5c0 00 00 00 00 ff ff ff ff - 44 01 27 00 38 a4 77
71 ........D.'.8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - 1e 01 22 00 f4 e5 06
00 ./wq......".....
0006e5e0 17 b5 74 71 20 45 08 00 - 00 00 00 00 00 00 00
00 ..tq E..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 80 a2 07 00 1e 01 22 00 - 20 a3 07 00 00 00 00
00 ......". .......
0006e620 87 03 01 a2 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 7c 06 01 28 20 00 00 00 - 40 00 00 00 78 01 07
00 |..( [email protected]...
0006e690 78 01 07 00 78 01 07 00 - 78 01 07 00 30 00 00
00 x...x...x...0...
State Dump for Thread Id 0x4b8
eax=00000120 ebx=0007f058 ecx=0007d268 edx=00000000
esi=0007d268 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D56D9E 77D39A00 0007D268 400847B0 00000070
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D41C6C 0007E378 00C4FFEC 77E887DD 0007F058
rpcrt4!TowerConstruct
00C4FFB4 77E887DD 0007F058 400847B0 00000070 0007F058
rpcrt4!I_RpcServerInqTransportType
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x334
eax=77ab4639 ebx=00000102 ecx=0007e8c8 edx=00000000
esi=77f8318c edi=00c8ff74
eip=77f83197 esp=00c8ff60 ebp=00c8ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0170d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C8FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
*----> Raw Stack Dump <----*
00c8ff60 17 76 e8 77 00 00 00 00 - 74 ff c8 00 b5 77 e8
77 .v.w....t....w.w
00c8ff70 f0 54 09 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 .T....<.....0u..
00c8ff80 eb 75 e8 77 60 ea 00 00 - 00 00 00 00 fc 85 ab
77 .u.w`..........w
00c8ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5
77 `....F.w.......w
00c8ffa0 f0 54 09 00 ec ff c8 00 - f0 54 09 00 53 46 ab
77 .T.......T..SF.w
00c8ffb0 d8 7a a6 77 c3 7a a6 77 - dd 87 e8 77 f0 54 09
00 .z.w.z.w...w.T..
00c8ffc0 d8 7a a6 77 c3 7a a6 77 - f0 54 09 00 00 c0 fd
7f .z.w.z.w.T......
00c8ffd0 c8 e8 07 00 c0 ff c8 00 - c8 e8 07 00 ff ff ff
ff ................
00c8ffe0 56 18 ea 77 88 ae e8 77 - 00 00 00 00 00 00 00
00 V..w...w........
00c8fff0 00 00 00 00 39 46 ab 77 - f0 54 09 00 00 00 00
00 ....9F.w.T......
00c90000 00 00 00 00 9f 00 13 00 - 10 00 90 01 17 00 b0
01 ................
00c90010 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90020 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90030 00 00 00 00 01 00 00 00 - 0d 02 01 01 00 00 00
00 ................
00c90040 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00
00 ................
00c90050 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90060 00 00 00 00 1f 00 89 01 - 00 00 00 00 ff ff ff
ff ................
00c90070 ff ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90080 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90090 21 00 8a 01 00 00 00 40 - 06 00 00 00 00 00 00
00 !......@........
State Dump for Thread Id 0x198
eax=00000000 ebx=00000002 ecx=7ffdb000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d3fe5c ebp=00d3fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017bd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3FEA8 77E12A00 00D3FE80 00000001 00000000 00D3FEA0
ntdll!NtWaitForMultipleObjects
00D3FF04 77E12A77 00D3FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D3FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D3FF74 70C1AB1B 00D3FFA0 00D3FFA4 00D3FFA8 00D3FF9C !
Ordinal265
00D3FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D3FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x558
eax=00d7f27c ebx=00d7f26c ecx=00000002 edx=000d4f48
esi=00000000 edi=000d4f48
eip=70dcf39f esp=00d7f214 ebp=00d7f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:017fc7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:017fc84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000d4f48=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:017fc7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000d4f48=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:017fc7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:00d7f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:017fc7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:017fc7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:017fc84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:017fc84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D7F224 702BE5B6 000B4C5C 0000000E 00D7F27C 000D4F48 !
DllGetClassObject
00D7F248 10001B67 00088BD8 0000000E 00D7F27C 00000001 !
RegisterFormatEnumerator
00D7F2C0 702B6223 00000000 000B9858 00088D78 00000000 !
<nosymbols>
00D7F2E8 702D1A5A 00088BD0 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
00D7F318 702BA988 00088BD0 00000016 000B9858 702BA95D !
DllGetClassObject
00D7F354 702C59C3 00000016 00D7F5C0 00000000 000D6A00 !
CoInternetQueryInfo
00D7F7D0 702BB3AF 00000000 000D6A00 000D6A10 702BB372 !
FindMediaTypeClass
00D7F7FC 702B8EF8 00000000 000D24D8 00088BD0 00088BD8 !
IsAsyncMoniker
00D7F824 702B7DA6 00088D78 000D24D8 00088BD0 00088BD8 !
FindMediaType
00D7F86C 70D495F1 00088BD0 000D24D8 000B4C7C 00000000 !
CreateAsyncBindCtxEx
00D7FAC0 70D4943E 000D24D8 873F0000 00D7FBE4 01051EE0 !
DllGetClassObject
00D7FADC 70D493A1 00D7FBE4 01051EF4 873F0000 01051EE0 !
DllGetClassObject
00D7FB00 70D4E77C 00D7FBE4 01051C40 00001FDD 873F0000 !
DllGetClassObject
00D7FB50 70D4AB9F 01051690 01051C40 00000000 00000000 !
DllGetClassObject
00D7FB74 70D4AAC1 01051DC0 00000001 00000000 00D7FBE4 !
DllGetClassObject
00D7FBCC 70D50AF3 01051DC0 00000000 10000000 000D7590 !
DllGetClassObject
00D7FCE4 00000000 00400000 01051360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
00d7f214 00 00 00 00 7c f2 d7 00 - 7c 8d 08 00 00 00 00
00 ....|...|.......
00d7f224 48 f2 d7 00 b6 e5 2b 70 - 5c 4c 0b 00 0e 00 00
00 H.....+p\L......
00d7f234 7c f2 d7 00 48 4f 0d 00 - 6c f2 d7 00 00 00 00
00 |...HO..l.......
00d7f244 4c 00 6f 01 c0 f2 d7 00 - 67 1b 00 10 d8 8b 08
00 L.o.....g.......
00d7f254 0e 00 00 00 7c f2 d7 00 - 01 00 00 00 6c f2 d7
00 ....|.......l...
00d7f264 d8 8b 08 00 0d 30 2c 70 - 00 00 00 00 58 98 0b
00 .....0,p....X...
00d7f274 7c 8d 08 00 d8 8b 08 00 - 06 00 00 00 90 f2 d7
00 |...............
00d7f284 7c 8d 08 00 00 00 00 00 - d0 8b 08 00 14 00 00
00 |...............
00d7f294 00 00 00 00 78 8d 08 00 - 00 00 00 00 00 00 00
00 ....x...........
00d7f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
00d7f2b4 50 00 6f 01 60 70 0d 00 - 4c 00 6f 01 e8 f2 d7
00 P.o.`p..L.o.....
00d7f2c4 23 62 2b 70 00 00 00 00 - 58 98 0b 00 78 8d 08
00 #b+p....X...x...
00d7f2d4 00 00 00 00 00 00 00 00 - d0 8b 08 00 00 00 00
00 ................
00d7f2e4 00 00 00 00 18 f3 d7 00 - 5a 1a 2d 70 d0 8b 08
00 ........Z.-p....
00d7f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00d7f304 58 98 0b 00 00 00 00 00 - 00 00 00 00 bc 6a 0d
00 X............j..
00d7f314 00 6a 0d 00 54 f3 d7 00 - 88 a9 2b 70 d0 8b 08
00 .j..T.....+p....
00d7f324 16 00 00 00 58 98 0b 00 - 5d a9 2b 70 b8 6f 0d
00 ....X...].+p.o..
00d7f334 16 00 00 00 58 98 0b 00 - 04 01 00 00 00 6a 0d
00 ....X........j..
00d7f344 00 00 00 00 01 00 00 00 - 05 40 00 80 58 98 0b
00 [email protected]...
State Dump for Thread Id 0x424
eax=778321fe ebx=00000003 ecx=7ffda000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=0168fd24 ebp=0168fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0210d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0168FD70 77E8A31D 0168FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0168FFB4 77E887DD 00000004 000D46EC 7FFDA000 000D46F8
kernel32!WaitForMultipleObjects
0168FFEC 00000000 778321FE 000D46F8 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0168fd24 b7 7a e8 77 03 00 00 00 - 48 fd 68 01 01 00 00
00 .z.w....H.h.....
0168fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 f8 46 0d
00 .............F..
0168fd44 01 00 00 00 04 02 00 00 - 08 02 00 00 18 02 00
00 ................
0168fd54 00 00 00 00 00 00 00 00 - 08 d0 3b 81 60 27 37
81 ..........;.`'7.
0168fd64 08 d0 3b 81 00 00 00 00 - 03 00 00 00 b4 ff 68
01 ..;...........h.
0168fd74 1d a3 e8 77 48 fd 68 01 - 01 00 00 00 00 00 00
00 ...wH.h.........
0168fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
0168fd94 b0 fe 68 01 00 00 00 00 - ff ff ff ff f8 46 0d
00 ..h..........F..
0168fda4 00 a0 fd 7f ec 46 0d 00 - 80 ce 4e 81 00 00 00
00 .....F....N.....
0168fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
0168fdc4 23 00 00 00 23 00 00 00 - ec 46 0d 00 00 a0 fd
7f #...#....F......
0168fdd4 f8 46 0d 00 00 a0 fd 7f - 00 a0 fd 7f fe 21 83
77 .F...........!.w
0168fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
0168fdf4 fc ff 68 01 23 00 00 00 - 8c 4f 45 80 80 bb 0c
b7 ..h.#....OE.....
0168fe04 a8 2b 63 81 a8 2b 63 81 - 40 00 00 00 24 bb 0c
b7 .+c..+c.@...$...
0168fe14 d0 f8 44 80 00 d0 50 81 - 00 00 00 00 00 00 00
00 ..D...P.........
0168fe24 28 fd 48 81 a6 24 49 80 - 28 fd 48 81 74 01 00
00 (.H..$I.(.H.t...
0168fe34 40 6a 89 81 03 00 10 00 - a8 2b 63 81 40 6a 89
81 @j.......+c.@j..
0168fe44 c0 2b 63 81 a8 2b 63 81 - ac 2b 63 81 00 00 00
00 .+c..+c..+c.....
0168fe54 00 00 00 00 00 00 00 00 - ac 2b 63 81 00 00 00
00 .........+c.....
Application exception occurred:
App: rundll32.exe (pid=1368)
When: 10/14/2003 @ 14:39:40.125
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
576 regsvc.exe
600 mstask.exe
628 stisvc.exe
688 WinMgmt.exe
712 mspmspsv.exe
724 svchost.exe
1052 explorer.exe
1152 igfxtray.exe
1180 hkcmd.exe
1228 vptray.exe
1284 FINDFAST.exe
1304 OSA.exe
1376 ipmsg2.02.exe
1012 wmplayer.exe
1044 telnet.exe
1368 rundll32.exe
260 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77D9E000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B3C000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(76B30000 - 76B6D000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(75030000 - 75043000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(71000000 - 71149000)
(71F00000 - 71F4D000)
(77570000 - 775A0000)
(6A8F0000 - 6A910000)
(74870000 - 74886000)
(77410000 - 77423000)
(70020000 - 70025000)
(66D20000 - 66D51000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(10000000 - 10017000)
State Dump for Thread Id 0x454
eax=00081684 ebx=01402020 ecx=7117cff8 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 00084520 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 002D0122 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 002D0122 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A3B0 002D0122 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 002D0122 01000000 0007A280 00000558
shell32!SHFileOperationA
0006FF18 010016EB 002D0122 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 10 4a 09 00 - dc e5 06 00 f8 b2 74
71 .....J........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 1c 4b 09 00 10 4a 09 00 - 90 f2 07 00 fc 00 15
00 .K...J..........
0006e5a0 00 02 00 00 00 00 00 00 - 87 00 8b 00 45 14 42
01 ............E.B.
0006e5b0 8d 01 00 00 63 01 00 00 - fe 00 00 00 00 00 00
00 ....c...........
0006e5c0 00 00 00 00 ff ff ff ff - 42 01 33 00 38 a4 77
71 ........B.3.8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - 22 01 2d 00 f4 e5 06
00 ./wq....".-.....
0006e5e0 17 b5 74 71 20 45 08 00 - 00 00 00 00 00 00 00
00 ..tq E..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 80 a2 07 00 22 01 2d 00 - 20 a3 07 00 00 00 00
00 ....".-. .......
0006e620 b3 03 01 b0 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 7c 06 01 28 20 00 00 00 - 40 00 00 00 78 01 07
00 |..( [email protected]...
0006e690 78 01 07 00 78 01 07 00 - 78 01 07 00 30 00 00
00 x...x...x...0...
State Dump for Thread Id 0x1b8
eax=00000120 ebx=0007f058 ecx=0007d268 edx=00000000
esi=0007d268 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D56D9E 77D39A00 0007D268 400847B0 00000070
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D41C6C 0007E378 00C4FFEC 77E887DD 0007F058
rpcrt4!TowerConstruct
00C4FFB4 77E887DD 0007F058 400847B0 00000070 0007F058
rpcrt4!I_RpcServerInqTransportType
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x378
eax=77ab4639 ebx=00000102 ecx=0007e8c8 edx=00000000
esi=77f8318c edi=00c8ff74
eip=77f83197 esp=00c8ff60 ebp=00c8ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0170d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C8FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
*----> Raw Stack Dump <----*
00c8ff60 17 76 e8 77 00 00 00 00 - 74 ff c8 00 b5 77 e8
77 .v.w....t....w.w
00c8ff70 f0 54 09 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 .T....<.....0u..
00c8ff80 eb 75 e8 77 60 ea 00 00 - 00 00 00 00 fc 85 ab
77 .u.w`..........w
00c8ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5
77 `....F.w.......w
00c8ffa0 f0 54 09 00 ec ff c8 00 - f0 54 09 00 53 46 ab
77 .T.......T..SF.w
00c8ffb0 d8 7a a6 77 c3 7a a6 77 - dd 87 e8 77 f0 54 09
00 .z.w.z.w...w.T..
00c8ffc0 d8 7a a6 77 c3 7a a6 77 - f0 54 09 00 00 c0 fd
7f .z.w.z.w.T......
00c8ffd0 c8 e8 07 00 c0 ff c8 00 - c8 e8 07 00 ff ff ff
ff ................
00c8ffe0 56 18 ea 77 88 ae e8 77 - 00 00 00 00 00 00 00
00 V..w...w........
00c8fff0 00 00 00 00 39 46 ab 77 - f0 54 09 00 00 00 00
00 ....9F.w.T......
00c90000 00 00 00 00 9f 00 13 00 - 10 00 90 01 17 00 b0
01 ................
00c90010 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90020 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90030 00 00 00 00 01 00 00 00 - 0d 02 01 01 00 00 00
00 ................
00c90040 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00
00 ................
00c90050 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90060 00 00 00 00 1f 00 89 01 - 00 00 00 00 ff ff ff
ff ................
00c90070 ff ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90080 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90090 21 00 8a 01 00 00 00 40 - 06 00 00 00 00 00 00
00 !......@........
State Dump for Thread Id 0x4b8
eax=00081720 ebx=00000002 ecx=77a52790 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d3fe5c ebp=00d3fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017bd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3FEA8 77E12A00 00D3FE80 00000001 00000000 00D3FEA0
ntdll!NtWaitForMultipleObjects
00D3FF04 77E12A77 00D3FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D3FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D3FF74 70C1AB1B 00D3FFA0 00D3FFA4 00D3FFA8 00D3FF9C !
Ordinal265
00D3FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D3FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x4f8
eax=000b3928 ebx=00000002 ecx=00000008 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d7fe5c ebp=00d7fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017fd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D7FEA8 77E12A00 00D7FE80 00000001 00000000 00D7FEA0
ntdll!NtWaitForMultipleObjects
00D7FF04 77E12A77 00D7FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D7FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D7FF74 70C1AB1B 00D7FFA0 00D7FFA4 00D7FFA8 00D7FF9C !
Ordinal265
00D7FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D7FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x424
eax=014cf27c ebx=014cf26c ecx=00000002 edx=00091f68
esi=00000000 edi=00091f68
eip=70dcf39f esp=014cf214 ebp=014cf224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:01f4c7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:01f4c84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:00091f68=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:01f4c7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:00091f68=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:01f4c7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:014cf27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:01f4c7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:01f4c7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:01f4c84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:01f4c84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
014CF224 702BE5B6 000CB024 0000000E 014CF27C 00091F68 !
DllGetClassObject
014CF248 10001B67 00088BD8 0000000E 014CF27C 00000001 !
RegisterFormatEnumerator
014CF2C0 702B6223 00000000 000C1A28 00088D78 00000000 !
<nosymbols>
014CF2E8 702D1A5A 00088BD0 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
014CF318 702BA988 00088BD0 00000016 000C1A28 702BA95D !
DllGetClassObject
014CF354 702C59C3 00000016 014CF5C0 00000000 000CF130 !
CoInternetQueryInfo
014CF7D0 702BB3AF 00000000 000CF130 000CF140 702BB372 !
FindMediaTypeClass
014CF7FC 702B8EF8 00000000 000B8558 00088BD0 00088BD8 !
IsAsyncMoniker
014CF824 702B7DA6 00088D78 000B8558 00088BD0 00088BD8 !
FindMediaType
014CF86C 70D495F1 00088BD0 000B8558 000CB044 00000000 !
CreateAsyncBindCtxEx
014CFAC0 70D4943E 000B8558 873F0000 014CFBE4 018E1EE0 !
DllGetClassObject
014CFADC 70D493A1 014CFBE4 018E1EF4 873F0000 018E1EE0 !
DllGetClassObject
014CFB00 70D4E77C 014CFBE4 018E1C40 00001FDD 873F0000 !
DllGetClassObject
014CFB50 70D4AB9F 018E1690 018E1C40 00000000 00000000 !
DllGetClassObject
014CFB74 70D4AAC1 018E1DC0 00000001 00000000 014CFBE4 !
DllGetClassObject
014CFBCC 70D50AF3 018E1DC0 00000000 10000000 000B6920 !
DllGetClassObject
014CFCE4 00000000 00400000 018E1360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
014cf214 00 00 00 00 7c f2 4c 01 - 7c 8d 08 00 00 00 00
00 ....|.L.|.......
014cf224 48 f2 4c 01 b6 e5 2b 70 - 24 b0 0c 00 0e 00 00
00 H.L...+p$.......
014cf234 7c f2 4c 01 68 1f 09 00 - 6c f2 4c 01 00 00 00
00 |.L.h...l.L.....
014cf244 4c 00 f6 01 c0 f2 4c 01 - 67 1b 00 10 d8 8b 08
00 L.....L.g.......
014cf254 0e 00 00 00 7c f2 4c 01 - 01 00 00 00 6c f2 4c
01 ....|.L.....l.L.
014cf264 d8 8b 08 00 0d 30 2c 70 - 00 00 00 00 28 1a 0c
00 .....0,p....(...
014cf274 7c 8d 08 00 d8 8b 08 00 - 06 00 00 00 90 f2 4c
01 |.............L.
014cf284 7c 8d 08 00 00 00 00 00 - d0 8b 08 00 14 00 00
00 |...............
014cf294 00 00 00 00 78 8d 08 00 - 00 00 00 00 00 00 00
00 ....x...........
014cf2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
014cf2b4 50 00 f6 01 98 58 0b 00 - 4c 00 f6 01 e8 f2 4c
01 P....X..L.....L.
014cf2c4 23 62 2b 70 00 00 00 00 - 28 1a 0c 00 78 8d 08
00 #b+p....(...x...
014cf2d4 00 00 00 00 00 00 00 00 - d0 8b 08 00 00 00 00
00 ................
014cf2e4 00 00 00 00 18 f3 4c 01 - 5a 1a 2d 70 d0 8b 08
00 ......L.Z.-p....
014cf2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
014cf304 28 1a 0c 00 00 00 00 00 - 00 00 00 00 ec f1 0c
00 (...............
014cf314 30 f1 0c 00 54 f3 4c 01 - 88 a9 2b 70 d0 8b 08
00 0...T.L...+p....
014cf324 16 00 00 00 28 1a 0c 00 - 5d a9 2b 70 00 1a 0c
00 ....(...].+p....
014cf334 16 00 00 00 28 1a 0c 00 - 04 01 00 00 30 f1 0c
00 ....(.......0...
014cf344 00 00 00 00 01 00 00 00 - 05 40 00 80 28 1a 0c
00 .........@..(...
State Dump for Thread Id 0x3ec
eax=778321fe ebx=00000003 ecx=7ffd9000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=01f1fd24 ebp=01f1fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0299d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01F1FD70 77E8A31D 01F1FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
01F1FFB4 77E887DD 00000004 000BB0FC 7FFD9000 000C0E58
kernel32!WaitForMultipleObjects
01F1FFEC 00000000 778321FE 000C0E58 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
01f1fd24 b7 7a e8 77 03 00 00 00 - 48 fd f1 01 01 00 00
00 .z.w....H.......
01f1fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 58 0e 0c
00 ............X...
01f1fd44 01 00 00 00 50 02 00 00 - 54 02 00 00 64 02 00
00 ....P...T...d...
01f1fd54 8c 4f 45 80 d8 fa 0f b7 - 38 df 61 e3 38 df 61
e3 .OE.....8.a.8.a.
01f1fd64 18 00 00 00 7c fa 0f b7 - d0 f8 44 80 b4 ff f1
01 ....|.....D.....
01f1fd74 1d a3 e8 77 48 fd f1 01 - 01 00 00 00 00 00 00
00 ...wH...........
01f1fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
01f1fd94 b0 fe f1 01 00 00 00 00 - ff ff ff ff 58 0e 0c
00 ............X...
01f1fda4 00 90 fd 7f fc b0 0b 00 - c0 fa 0f b7 d0 f8 44
80 ..............D.
01f1fdb4 3c df 61 e3 00 00 00 00 - 00 00 00 00 38 00 00
00 <.a.........8...
01f1fdc4 23 00 00 00 23 00 00 00 - fc b0 0b 00 00 90 fd
7f #...#...........
01f1fdd4 58 0e 0c 00 00 90 fd 7f - 00 90 fd 7f fe 21 83
77 X............!.w
01f1fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
01f1fdf4 fc ff f1 01 23 00 00 00 - 00 df 61 e3 a8 88 b3
e2 ....#.....a.....
01f1fe04 54 08 00 00 38 df 61 e3 - 38 df 61 e3 34 fd 0f
b7 T...8.a.8.a.4...
01f1fe14 8c 05 46 80 68 29 40 80 - ff ff ff ff 60 fb 0f
b7 ..F.h)@.....`...
01f1fe24 55 54 4a 80 68 02 5a 81 - 7c b1 00 00 a0 d3 9c
81 UTJ.h.Z.|.......
01f1fe34 00 07 00 00 ae cc 44 80 - 7c b1 00 00 a0 d3 9c
81 ......D.|.......
01f1fe44 7c b1 00 00 a0 d3 9c 81 - 01 c2 fd 7f 0b 01 00
00 |...............
01f1fe54 41 d6 44 80 0b 01 00 00 - f0 d0 59 81 00 c0 fd
7f A.D.......Y.....
Application exception occurred:
App: rundll32.exe (pid=884)
When: 10/14/2003 @ 14:59:33.656
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
576 regsvc.exe
600 mstask.exe
628 stisvc.exe
688 WinMgmt.exe
712 mspmspsv.exe
724 svchost.exe
1052 explorer.exe
1152 igfxtray.exe
1180 hkcmd.exe
1228 vptray.exe
1284 FINDFAST.exe
1304 OSA.exe
1376 ipmsg2.02.exe
1012 wmplayer.exe
1044 telnet.exe
408 nlnotes.exe
1108 naldaemn.exe
1272 nhldaemn.exe
884 rundll32.exe
924 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77D9E000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B3C000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(76B30000 - 76B6D000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(75030000 - 75043000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(71000000 - 71149000)
(66D20000 - 66D51000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(10000000 - 10017000)
State Dump for Thread Id 0x378
eax=000816d4 ebx=01402020 ecx=7117cff8 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 00084570 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 002A00F8 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 002A00F8 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A400 002A00F8 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 002A00F8 01000000 0007A2D0 00000374
shell32!SHFileOperationA
0006FF18 010016EB 002A00F8 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 60 4a 09 00 - dc e5 06 00 f8 b2 74
71 ....`J........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 6c 4b 09 00 60 4a 09 00 - e0 f8 07 00 04 02 0c
00 lK..`J..........
0006e5a0 0f 00 00 00 00 00 00 00 - 00 00 00 00 b7 46 54
01 .............FT.
0006e5b0 33 02 00 00 b5 01 00 00 - fe 00 00 00 00 00 00
00 3...............
0006e5c0 00 00 00 00 ff ff ff ff - 44 02 10 00 38 a4 77
71 ........D...8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - f8 00 2a 00 f4 e5 06
00 ./wq......*.....
0006e5e0 17 b5 74 71 70 45 08 00 - 00 00 00 00 00 00 00
00 ..tqpE..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 d0 a2 07 00 f8 00 2a 00 - 70 a3 07 00 00 00 00
00 ......*.p.......
0006e620 a4 02 01 43 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 52 00 01 01 20 00 00 00 - 40 00 00 00 78 01 07
00 R... [email protected]...
0006e690 78 01 07 00 78 01 07 00 - 78 01 07 00 30 00 00
00 x...x...x...0...
State Dump for Thread Id 0x52c
eax=00000120 ebx=0007f0a8 ecx=0007d2b8 edx=00000000
esi=0007d2b8 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D56D9E 77D39A00 0007D2B8 40084800 00000070
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D41C6C 0007E3C8 00C4FFEC 77E887DD 0007F0A8
rpcrt4!TowerConstruct
00C4FFB4 77E887DD 0007F0A8 40084800 00000070 0007F0A8
rpcrt4!I_RpcServerInqTransportType
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x420
eax=77ab4639 ebx=00000102 ecx=0007e918 edx=00000000
esi=77f8318c edi=00c8ff74
eip=77f83197 esp=00c8ff60 ebp=00c8ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0170d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C8FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
*----> Raw Stack Dump <----*
00c8ff60 17 76 e8 77 00 00 00 00 - 74 ff c8 00 b5 77 e8
77 .v.w....t....w.w
00c8ff70 00 f3 07 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 ......<.....0u..
00c8ff80 eb 75 e8 77 60 ea 00 00 - 00 00 00 00 fc 85 ab
77 .u.w`..........w
00c8ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5
77 `....F.w.......w
00c8ffa0 00 f3 07 00 ec ff c8 00 - 00 f3 07 00 53 46 ab
77 ............SF.w
00c8ffb0 d8 7a a6 77 c3 7a a6 77 - dd 87 e8 77 00 f3 07
00 .z.w.z.w...w....
00c8ffc0 d8 7a a6 77 c3 7a a6 77 - 00 f3 07 00 00 c0 fd
7f .z.w.z.w........
00c8ffd0 18 e9 07 00 c0 ff c8 00 - 18 e9 07 00 ff ff ff
ff ................
00c8ffe0 56 18 ea 77 88 ae e8 77 - 00 00 00 00 00 00 00
00 V..w...w........
00c8fff0 00 00 00 00 39 46 ab 77 - 00 f3 07 00 00 00 00
00 ....9F.w........
00c90000 00 00 00 00 9f 00 13 00 - 10 00 90 01 17 00 b0
01 ................
00c90010 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90020 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90030 00 00 00 00 01 00 00 00 - 0d 02 01 01 00 00 00
00 ................
00c90040 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00
00 ................
00c90050 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90060 00 00 00 00 1f 00 89 01 - 00 00 00 00 ff ff ff
ff ................
00c90070 ff ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90080 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90090 21 00 8a 01 00 00 00 40 - 06 00 00 00 00 00 00
00 !......@........
State Dump for Thread Id 0x48c
eax=00d3f27c ebx=00d3f26c ecx=00000002 edx=000c5078
esi=00000000 edi=000c5078
eip=70dcf39f esp=00d3f214 ebp=00d3f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:017bc7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:017bc84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000c5078=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:017bc7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000c5078=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:017bc7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:00d3f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:017bc7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:017bc7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:017bc84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:017bc84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3F224 702BE5B6 000C5174 0000000E 00D3F27C 000C5078 !
DllGetClassObject
00D3F248 10001B67 00088C28 0000000E 00D3F27C 00000001 !
RegisterFormatEnumerator
00D3F2C0 702B6223 00000000 000CA5E0 00088DC8 00000000 !
<nosymbols>
00D3F2E8 702D1A5A 00088C20 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
00D3F318 702BA988 00088C20 00000016 000CA5E0 702BA95D !
DllGetClassObject
00D3F354 702C59C3 00000016 00D3F5C0 00000000 000C9408 !
CoInternetQueryInfo
00D3F7D0 702BB3AF 00000000 000C9408 000C9418 702BB372 !
FindMediaTypeClass
00D3F7FC 702B8EF8 00000000 000923A8 00088C20 00088C28 !
IsAsyncMoniker
00D3F824 702B7DA6 00088DC8 000923A8 00088C20 00088C28 !
FindMediaType
00D3F86C 70D495F1 00088C20 000923A8 000C5194 00000000 !
CreateAsyncBindCtxEx
00D3FAC0 70D4943E 000923A8 873F0000 00D3FBE4 015E1EE0 !
DllGetClassObject
00D3FADC 70D493A1 00D3FBE4 015E1EF4 873F0000 015E1EE0 !
DllGetClassObject
00D3FB00 70D4E77C 00D3FBE4 015E1C40 00001FDD 873F0000 !
DllGetClassObject
00D3FB50 70D4AB9F 015E1690 015E1C40 00000000 00000000 !
DllGetClassObject
00D3FB74 70D4AAC1 015E1DC0 00000001 00000000 00D3FBE4 !
DllGetClassObject
00D3FBCC 70D50AF3 015E1DC0 00000000 10000000 000DB0F8 !
DllGetClassObject
00D3FCE4 00000000 00400000 015E1360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
00d3f214 00 00 00 00 7c f2 d3 00 - cc 8d 08 00 00 00 00
00 ....|...........
00d3f224 48 f2 d3 00 b6 e5 2b 70 - 74 51 0c 00 0e 00 00
00 H.....+ptQ......
00d3f234 7c f2 d3 00 78 50 0c 00 - 6c f2 d3 00 00 00 00
00 |...xP..l.......
00d3f244 4c 00 c6 01 c0 f2 d3 00 - 67 1b 00 10 28 8c 08
00 L.......g...(...
00d3f254 0e 00 00 00 7c f2 d3 00 - 01 00 00 00 6c f2 d3
00 ....|.......l...
00d3f264 28 8c 08 00 0d 30 2c 70 - 00 00 00 00 e0 a5 0c
00 (....0,p........
00d3f274 cc 8d 08 00 28 8c 08 00 - 06 00 00 00 90 f2 d3
00 ....(...........
00d3f284 cc 8d 08 00 00 00 00 00 - 20 8c 08 00 14 00 00
00 ........ .......
00d3f294 00 00 00 00 c8 8d 08 00 - 00 00 00 00 00 00 00
00 ................
00d3f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
00d3f2b4 50 00 c6 01 08 59 0b 00 - 4c 00 c6 01 e8 f2 d3
00 P....Y..L.......
00d3f2c4 23 62 2b 70 00 00 00 00 - e0 a5 0c 00 c8 8d 08
00 #b+p............
00d3f2d4 00 00 00 00 00 00 00 00 - 20 8c 08 00 00 00 00
00 ........ .......
00d3f2e4 00 00 00 00 18 f3 d3 00 - 5a 1a 2d 70 20 8c 08
00 ........Z.-p ...
00d3f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00d3f304 e0 a5 0c 00 00 00 00 00 - 00 00 00 00 c4 94 0c
00 ................
00d3f314 08 94 0c 00 54 f3 d3 00 - 88 a9 2b 70 20 8c 08
00 ....T.....+p ...
00d3f324 16 00 00 00 e0 a5 0c 00 - 5d a9 2b 70 c8 a1 0c
00 ........].+p....
00d3f334 16 00 00 00 e0 a5 0c 00 - 04 01 00 00 08 94 0c
00 ................
00d3f344 00 00 00 00 01 00 00 00 - 05 40 00 80 e0 a5 0c
00 .........@......
State Dump for Thread Id 0x424
eax=71160000 ebx=00000002 ecx=000010dc edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d7fe5c ebp=00d7fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017fd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D7FEA8 77E12A00 00D7FE80 00000001 00000000 00D7FEA0
ntdll!NtWaitForMultipleObjects
00D7FF04 77E12A77 00D7FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D7FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D7FF74 70C1AB1B 00D7FFA0 00D7FFA4 00D7FFA8 00D7FF9C !
Ordinal265
00D7FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D7FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x4d4
eax=70c1acaf ebx=00000002 ecx=00000000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=015dfe5c ebp=015dfea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0205d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
015DFEA8 77E12A00 015DFE80 00000001 00000000 015DFEA0
ntdll!NtWaitForMultipleObjects
015DFF04 77E12A77 015DFED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
015DFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
015DFF74 70C1AB1B 015DFFA0 015DFFA4 015DFFA8 015DFF9C !
Ordinal265
015DFFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
015DFFEC 00000000 70C1ACAF 00000000 00000000 015E00A1 !
Ordinal293
*----> Raw Stack Dump <----*
015dfe5c b7 7a e8 77 02 00 00 00 - 80 fe 5d 01 01 00 00
00 .z.w......].....
015dfe6c 00 00 00 00 a0 fe 5d 01 - 00 00 00 00 00 00 00
00 ......].........
015dfe7c 02 00 00 00 5c 01 00 00 - 7c 01 00 00 00 9c fd
7f ....\...|.......
015dfe8c 68 ff 5d 01 00 18 ea 77 - 7c fc 5d 01 00 00 00
00 h.]....w|.].....
015dfe9c 38 a0 e1 77 00 ba 3c dc - ff ff ff ff 04 ff 5d
01 8..w..<.......].
015dfeac 00 2a e1 77 80 fe 5d 01 - 01 00 00 00 00 00 00
00 .*.w..].........
015dfebc a0 fe 5d 01 00 00 00 00 - 60 ea 00 00 18 bb c2
70 ..].....`......p
015dfecc 00 00 00 00 5c 01 00 00 - 7c 01 00 00 68 ff 5d
01 ....\...|...h.].
015dfedc 68 ff 5d 01 95 2b f8 77 - 18 36 f8 77 ff ff ff
ff h.]..+.w.6.w....
015dfeec 78 ff 5d 01 0b 9f e8 77 - 00 00 00 00 cc 96 fd
7f x.]....w........
015dfefc 00 00 00 00 7c 01 00 00 - 20 ff 5d 01 77 2a e1
77 ....|... .].w*.w
015dff0c d0 fe 5d 01 38 bb c2 70 - 60 ea 00 00 41 00 00
00 ..].8..p`...A...
015dff1c 00 00 00 00 74 ff 5d 01 - 93 a7 c1 70 01 00 00
00 ....t.]....p....
015dff2c 38 bb c2 70 00 00 00 00 - 60 ea 00 00 41 00 00
00 8..p....`...A...
015dff3c 00 00 00 00 18 bb c2 70 - 00 00 00 00 00 00 00
00 .......p........
015dff4c 00 00 00 00 30 33 07 00 - 16 00 18 00 00 9c fd
7f ....03..........
015dff5c 00 00 00 00 00 ff 5d 01 - a0 35 54 01 18 bb c2
70 ......]..5T....p
015dff6c 60 ea 00 00 01 00 00 00 - ac ff 5d 01 1b ab c1
70 `.........]....p
015dff7c a0 ff 5d 01 a4 ff 5d 01 - a8 ff 5d 01 9c ff 5d
01 ..]...]...]...].
015dff8c 60 ea 00 00 00 00 00 00 - 00 00 bd 70 00 00 00
00 `..........p....
State Dump for Thread Id 0x4d0
eax=778321fe ebx=00000003 ecx=7ffdb000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=01c1fd24 ebp=01c1fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0269d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01C1FD70 77E8A31D 01C1FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
01C1FFB4 77E887DD 00000004 000821DC 7FFDB000 000DCCE8
kernel32!WaitForMultipleObjects
01C1FFEC 00000000 778321FE 000DCCE8 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
01c1fd24 b7 7a e8 77 03 00 00 00 - 48 fd c1 01 01 00 00
00 .z.w....H.......
01c1fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 e8 cc 0d
00 ................
01c1fd44 01 00 00 00 20 02 00 00 - 24 02 00 00 34 02 00
00 .... ...$...4...
01c1fd54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01c1fd64 00 00 00 00 00 00 00 00 - 00 00 00 00 b4 ff c1
01 ................
01c1fd74 1d a3 e8 77 48 fd c1 01 - 01 00 00 00 00 00 00
00 ...wH...........
01c1fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
01c1fd94 b0 fe c1 01 00 00 00 00 - ff ff ff ff e8 cc 0d
00 ................
01c1fda4 00 b0 fd 7f dc 21 08 00 - 00 00 00 00 38 00 00
00 .....!......8...
01c1fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
01c1fdc4 23 00 00 00 23 00 00 00 - dc 21 08 00 00 b0 fd
7f #...#....!......
01c1fdd4 e8 cc 0d 00 00 b0 fd 7f - 00 b0 fd 7f fe 21 83
77 .............!.w
01c1fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
01c1fdf4 fc ff c1 01 23 00 00 00 - 00 00 00 00 00 00 00
00 ....#...........
01c1fe04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01c1fe14 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01c1fe24 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01c1fe34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01c1fe44 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01c1fe54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
Application exception occurred:
App: rundll32.exe (pid=1420)
When: 10/14/2003 @ 14:59:49.265
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
576 regsvc.exe
600 mstask.exe
628 stisvc.exe
688 WinMgmt.exe
712 mspmspsv.exe
724 svchost.exe
1052 explorer.exe
1152 igfxtray.exe
1180 hkcmd.exe
1228 vptray.exe
1284 FINDFAST.exe
1304 OSA.exe
1376 ipmsg2.02.exe
1012 wmplayer.exe
1044 telnet.exe
408 nlnotes.exe
1108 naldaemn.exe
1272 nhldaemn.exe
1420 rundll32.exe
1100 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77D9E000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B3C000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(66D20000 - 66D51000)
(773E0000 - 773F5000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(75030000 - 75043000)
(75020000 - 75028000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(10000000 - 10017000)
State Dump for Thread Id 0x39c
eax=000021ff ebx=01402020 ecx=00000000 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 00084570 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 002C00F8 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 002C00F8 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A400 002C00F8 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 002C00F8 01000000 0007A2D0 0000058C
shell32!SHFileOperationA
0006FF18 010016EB 002C00F8 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 60 4a 09 00 - dc e5 06 00 f8 b2 74
71 ....`J........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 6c 4b 09 00 60 4a 09 00 - 30 f9 07 00 34 02 10
00 lK..`J..0...4...
0006e5a0 0f 00 00 00 00 00 00 00 - 00 00 00 00 51 86 54
01 ............Q.T.
0006e5b0 27 02 00 00 b8 01 00 00 - fe 00 00 00 00 00 00
00 '...............
0006e5c0 00 00 00 00 ff ff ff ff - 68 02 11 00 38 a4 77
71 ........h...8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - f8 00 2c 00 f4 e5 06
00 ./wq......,.....
0006e5e0 17 b5 74 71 70 45 08 00 - 00 00 00 00 00 00 00
00 ..tqpE..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 d0 a2 07 00 f8 00 2c 00 - 70 a3 07 00 00 00 00
00 ......,.p.......
0006e620 93 06 01 1b 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 53 00 01 01 20 00 00 00 - 40 00 00 00 78 01 07
00 S... [email protected]...
0006e690 78 01 07 00 78 01 07 00 - 78 01 07 00 30 00 00
00 x...x...x...0...
State Dump for Thread Id 0x374
eax=00000120 ebx=0007f0a8 ecx=0007d2b8 edx=00000000
esi=0007d2b8 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D56D9E 77D39A00 0007D2B8 40084800 00000070
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D41C6C 0007E3C8 00C4FFEC 77E887DD 0007F0A8
rpcrt4!TowerConstruct
00C4FFB4 77E887DD 0007F0A8 40084800 00000070 0007F0A8
rpcrt4!I_RpcServerInqTransportType
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x4d0
eax=77ab4639 ebx=00000102 ecx=0007e918 edx=00000000
esi=77f8318c edi=00c8ff74
eip=77f83197 esp=00c8ff60 ebp=00c8ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0170d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C8FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
*----> Raw Stack Dump <----*
00c8ff60 17 76 e8 77 00 00 00 00 - 74 ff c8 00 b5 77 e8
77 .v.w....t....w.w
00c8ff70 00 f3 07 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 ......<.....0u..
00c8ff80 eb 75 e8 77 60 ea 00 00 - 00 00 00 00 fc 85 ab
77 .u.w`..........w
00c8ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5
77 `....F.w.......w
00c8ffa0 00 f3 07 00 ec ff c8 00 - 00 f3 07 00 53 46 ab
77 ............SF.w
00c8ffb0 d8 7a a6 77 c3 7a a6 77 - dd 87 e8 77 00 f3 07
00 .z.w.z.w...w....
00c8ffc0 d8 7a a6 77 c3 7a a6 77 - 00 f3 07 00 00 c0 fd
7f .z.w.z.w........
00c8ffd0 18 e9 07 00 c0 ff c8 00 - 18 e9 07 00 ff ff ff
ff ................
00c8ffe0 56 18 ea 77 88 ae e8 77 - 00 00 00 00 00 00 00
00 V..w...w........
00c8fff0 00 00 00 00 39 46 ab 77 - 00 f3 07 00 00 00 00
00 ....9F.w........
00c90000 00 00 00 00 9f 00 13 00 - 10 00 90 01 17 00 b0
01 ................
00c90010 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90020 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90030 00 00 00 00 01 00 00 00 - 0d 02 01 01 00 00 00
00 ................
00c90040 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00
00 ................
00c90050 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90060 00 00 00 00 1f 00 89 01 - 00 00 00 00 ff ff ff
ff ................
00c90070 ff ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90080 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90090 21 00 8a 01 00 00 00 40 - 06 00 00 00 00 00 00
00 !......@........
State Dump for Thread Id 0x4d4
eax=00d3f27c ebx=00d3f26c ecx=00000002 edx=000d62a0
esi=00000000 edi=000d62a0
eip=70dcf39f esp=00d3f214 ebp=00d3f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:017bc7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:017bc84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000d62a0=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:017bc7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000d62a0=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:017bc7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:00d3f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:017bc7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:017bc7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:017bc84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:017bc84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3F224 702BE5B6 000B5D2C 0000000E 00D3F27C 000D62A0 !
DllGetClassObject
00D3F248 10001B67 00088C28 0000000E 00D3F27C 00000001 !
RegisterFormatEnumerator
00D3F2C0 702B6223 00000000 000BA868 00088DC8 00000000 !
<nosymbols>
00D3F2E8 702D1A5A 00088C20 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
00D3F318 702BA988 00088C20 00000016 000BA868 702BA95D !
DllGetClassObject
00D3F354 702C59C3 00000016 00D3F5C0 00000000 000D7368 !
CoInternetQueryInfo
00D3F7D0 702BB3AF 00000000 000D7368 000D7378 702BB372 !
FindMediaTypeClass
00D3F7FC 702B8EF8 00000000 000D3828 00088C20 00088C28 !
IsAsyncMoniker
00D3F824 702B7DA6 00088DC8 000D3828 00088C20 00088C28 !
FindMediaType
00D3F86C 70D495F1 00088C20 000D3828 000B5D4C 00000000 !
CreateAsyncBindCtxEx
00D3FAC0 70D4943E 000D3828 873F0000 00D3FBE4 01511EE0 !
DllGetClassObject
00D3FADC 70D493A1 00D3FBE4 01511EF4 873F0000 01511EE0 !
DllGetClassObject
00D3FB00 70D4E77C 00D3FBE4 01511C40 00001FDD 873F0000 !
DllGetClassObject
00D3FB50 70D4AB9F 01511690 01511C40 00000000 00000000 !
DllGetClassObject
00D3FB74 70D4AAC1 01511DC0 00000001 00000000 00D3FBE4 !
DllGetClassObject
00D3FBCC 70D50AF3 01511DC0 00000000 10000000 000D82E0 !
DllGetClassObject
00D3FCE4 00000000 00400000 01511360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
00d3f214 00 00 00 00 7c f2 d3 00 - cc 8d 08 00 00 00 00
00 ....|...........
00d3f224 48 f2 d3 00 b6 e5 2b 70 - 2c 5d 0b 00 0e 00 00
00 H.....+p,]......
00d3f234 7c f2 d3 00 a0 62 0d 00 - 6c f2 d3 00 00 00 00
00 |....b..l.......
00d3f244 4c 00 bb 01 c0 f2 d3 00 - 67 1b 00 10 28 8c 08
00 L.......g...(...
00d3f254 0e 00 00 00 7c f2 d3 00 - 01 00 00 00 6c f2 d3
00 ....|.......l...
00d3f264 28 8c 08 00 0d 30 2c 70 - 00 00 00 00 68 a8 0b
00 (....0,p....h...
00d3f274 cc 8d 08 00 28 8c 08 00 - 06 00 00 00 90 f2 d3
00 ....(...........
00d3f284 cc 8d 08 00 00 00 00 00 - 20 8c 08 00 14 00 00
00 ........ .......
00d3f294 00 00 00 00 c8 8d 08 00 - 00 00 00 00 00 00 00
00 ................
00d3f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
00d3f2b4 50 00 bb 01 30 81 0d 00 - 4c 00 bb 01 e8 f2 d3
00 P...0...L.......
00d3f2c4 23 62 2b 70 00 00 00 00 - 68 a8 0b 00 c8 8d 08
00 #b+p....h.......
00d3f2d4 00 00 00 00 00 00 00 00 - 20 8c 08 00 00 00 00
00 ........ .......
00d3f2e4 00 00 00 00 18 f3 d3 00 - 5a 1a 2d 70 20 8c 08
00 ........Z.-p ...
00d3f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00d3f304 68 a8 0b 00 00 00 00 00 - 00 00 00 00 24 74 0d
00 h...........$t..
00d3f314 68 73 0d 00 54 f3 d3 00 - 88 a9 2b 70 20 8c 08
00 hs..T.....+p ...
00d3f324 16 00 00 00 68 a8 0b 00 - 5d a9 2b 70 20 79 0d
00 ....h...].+p y..
00d3f334 16 00 00 00 68 a8 0b 00 - 04 01 00 00 68 73 0d
00 ....h.......hs..
00d3f344 00 00 00 00 01 00 00 00 - 05 40 00 80 68 a8 0b
00 [email protected]...
State Dump for Thread Id 0x424
eax=01960020 ebx=00000002 ecx=00000008 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d7fe5c ebp=00d7fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017fd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D7FEA8 77E12A00 00D7FE80 00000001 00000000 00D7FEA0
ntdll!NtWaitForMultipleObjects
00D7FF04 77E12A77 00D7FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D7FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D7FF74 70C1AB1B 00D7FFA0 00D7FFA4 00D7FFA8 00D7FF9C !
Ordinal265
00D7FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D7FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x52c
eax=778321fe ebx=00000003 ecx=7ffdb000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=01b4fd24 ebp=01b4fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:025cd2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01B4FD70 77E8A31D 01B4FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
01B4FFB4 77E887DD 00000004 000D5A44 7FFDB000 000D5A50
kernel32!WaitForMultipleObjects
01B4FFEC 00000000 778321FE 000D5A50 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
01b4fd24 b7 7a e8 77 03 00 00 00 - 48 fd b4 01 01 00 00
00 .z.w....H.......
01b4fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 50 5a 0d
00 ............PZ..
01b4fd44 01 00 00 00 04 02 00 00 - 08 02 00 00 18 02 00
00 ................
01b4fd54 80 ce 4e 81 08 ec 47 b7 - 01 f3 40 80 00 00 12
00 ..N...G...@.....
01b4fd64 00 00 00 00 00 47 87 81 - 02 00 00 00 b4 ff b4
01 .....G..........
01b4fd74 1d a3 e8 77 48 fd b4 01 - 01 00 00 00 00 00 00
00 ...wH...........
01b4fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
01b4fd94 b0 fe b4 01 00 00 00 00 - ff ff ff ff 50 5a 0d
00 ............PZ..
01b4fda4 00 b0 fd 7f 44 5a 0d 00 - 01 ec 47 b7 01 00 00
00 ....DZ....G.....
01b4fdb4 12 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
01b4fdc4 23 00 00 00 23 00 00 00 - 44 5a 0d 00 00 b0 fd
7f #...#...DZ......
01b4fdd4 50 5a 0d 00 00 b0 fd 7f - 00 b0 fd 7f fe 21 83
77 PZ...........!.w
01b4fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
01b4fdf4 fc ff b4 01 23 00 00 00 - 18 e9 47 b7 30 eb 47
b7 ....#.....G.0.G.
01b4fe04 98 eb 47 b7 3f 29 ef bf - a0 23 f0 bf ff ff ff
ff ..G.?)...#......
01b4fe14 a8 eb 47 b7 82 1c ef bf - e8 6e 4a 81 24 00 00
00 ..G......nJ.$...
01b4fe24 8f 1c ef bf 36 00 00 00 - 00 00 00 00 00 00 00
00 ....6...........
01b4fe34 00 00 00 00 24 00 00 00 - 80 29 2f 81 00 00 00
00 ....$....)/.....
01b4fe44 0e 00 00 00 12 00 00 00 - 00 00 00 00 58 36 3c
81 ............X6<.
01b4fe54 03 37 33 00 00 00 00 00 - 00 00 00 00 01 00 00
00 .73.............
Application exception occurred:
App: rundll32.exe (pid=1360)
When: 10/14/2003 @ 15:02:11.031
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
576 regsvc.exe
592 mstask.exe
616 stisvc.exe
684 WinMgmt.exe
708 mspmspsv.exe
720 svchost.exe
1048 explorer.exe
1204 igfxtray.exe
1232 hkcmd.exe
1160 vptray.exe
1064 FINDFAST.exe
1272 OSA.exe
1360 rundll32.exe
1120 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77D9E000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B3C000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(66D20000 - 66D51000)
(773E0000 - 773F5000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(75030000 - 75043000)
(75020000 - 75028000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(10000000 - 10017000)
State Dump for Thread Id 0x54c
eax=7f6f0824 ebx=01402020 ecx=00000200 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 00084490 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 000200C0 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 000200C0 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A218 000200C0 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 000200C0 01000000 0007A0E8 00000550
shell32!SHFileOperationA
0006FF18 010016EB 000200C0 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 28 47 09 00 - dc e5 06 00 f8 b2 74
71 ....(G........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 34 48 09 00 28 47 09 00 - 48 f7 07 00 d4 00 01
00 4H..(G..H.......
0006e5a0 00 02 00 00 00 00 00 00 - 29 01 38 01 a8 1f 01
00 ........).8.....
0006e5b0 d0 01 00 00 05 02 00 00 - fe 00 00 00 00 00 00
00 ................
0006e5c0 00 00 00 00 ff ff ff ff - c8 00 01 00 38 a4 77
71 ............8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - c0 00 02 00 f4 e5 06
00 ./wq............
0006e5e0 17 b5 74 71 90 44 08 00 - 00 00 00 00 00 00 00
00 ..tq.D..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 e8 a0 07 00 c0 00 02 00 - 78 01 07 00 78 01 07
00 ........x...x...
0006e620 b7 01 01 10 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 54 00 01 01 20 00 00 00 - 40 00 00 00 02 00 00
00 T... ...@.......
0006e690 00 00 66 00 80 92 e6 77 - 40 00 00 00 30 00 00
00 [email protected]...
State Dump for Thread Id 0x554
eax=00000120 ebx=0007eec0 ecx=0007d0d0 edx=00000000
esi=0007d0d0 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D56D9E 77D39A00 0007D0D0 40084720 00000070
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D41C6C 0007E1E0 00C4FFEC 77E887DD 0007EEC0
rpcrt4!TowerConstruct
00C4FFB4 77E887DD 0007EEC0 40084720 00000070 0007EEC0
rpcrt4!I_RpcServerInqTransportType
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x558
eax=77ab4639 ebx=00000102 ecx=0007e730 edx=00000000
esi=77f8318c edi=00c8ff74
eip=77f83197 esp=00c8ff60 ebp=00c8ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0170d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C8FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
*----> Raw Stack Dump <----*
00c8ff60 17 76 e8 77 00 00 00 00 - 74 ff c8 00 b5 77 e8
77 .v.w....t....w.w
00c8ff70 18 f1 07 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 ......<.....0u..
00c8ff80 eb 75 e8 77 60 ea 00 00 - 00 00 00 00 fc 85 ab
77 .u.w`..........w
00c8ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5
77 `....F.w.......w
00c8ffa0 18 f1 07 00 ec ff c8 00 - 18 f1 07 00 53 46 ab
77 ............SF.w
00c8ffb0 d8 7a a6 77 c3 7a a6 77 - dd 87 e8 77 18 f1 07
00 .z.w.z.w...w....
00c8ffc0 d8 7a a6 77 c3 7a a6 77 - 18 f1 07 00 00 c0 fd
7f .z.w.z.w........
00c8ffd0 30 e7 07 00 c0 ff c8 00 - 30 e7 07 00 ff ff ff
ff 0.......0.......
00c8ffe0 56 18 ea 77 88 ae e8 77 - 00 00 00 00 00 00 00
00 V..w...w........
00c8fff0 00 00 00 00 39 46 ab 77 - 18 f1 07 00 00 00 00
00 ....9F.w........
00c90000 00 00 00 00 9f 00 13 00 - 10 00 90 01 17 00 b0
01 ................
00c90010 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90020 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90030 00 00 00 00 01 00 00 00 - 0d 02 01 01 00 00 00
00 ................
00c90040 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00
00 ................
00c90050 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90060 00 00 00 00 1f 00 89 01 - 00 00 00 00 ff ff ff
ff ................
00c90070 ff ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90080 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90090 21 00 8a 01 00 00 00 40 - 06 00 00 00 00 00 00
00 !......@........
State Dump for Thread Id 0x578
eax=00d3f27c ebx=00d3f26c ecx=00000002 edx=000d4cb0
esi=00000000 edi=000d4cb0
eip=70dcf39f esp=00d3f214 ebp=00d3f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:017bc7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:017bc84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000d4cb0=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:017bc7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000d4cb0=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:017bc7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:00d3f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:017bc7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:017bc7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:017bc84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:017bc84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3F224 702BE5B6 000B49EC 0000000E 00D3F27C 000D4CB0 !
DllGetClassObject
00D3F248 10001B67 00088B48 0000000E 00D3F27C 00000001 !
RegisterFormatEnumerator
00D3F2C0 702B6223 00000000 000B9888 00088CE8 00000000 !
<nosymbols>
00D3F2E8 702D1A5A 00088B40 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
00D3F318 702BA988 00088B40 00000016 000B9888 702BA95D !
DllGetClassObject
00D3F354 702C59C3 00000016 00D3F5C0 00000000 000D6738 !
CoInternetQueryInfo
00D3F7D0 702BB3AF 00000000 000D6738 000D6748 702BB372 !
FindMediaTypeClass
00D3F7FC 702B8EF8 00000000 000D2228 00088B40 00088B48 !
IsAsyncMoniker
00D3F824 702B7DA6 00088CE8 000D2228 00088B40 00088B48 !
FindMediaType
00D3F86C 70D495F1 00088B40 000D2228 000B4A0C 00000000 !
CreateAsyncBindCtxEx
00D3FAC0 70D4943E 000D2228 873F0000 00D3FBE4 01051EE0 !
DllGetClassObject
00D3FADC 70D493A1 00D3FBE4 01051EF4 873F0000 01051EE0 !
DllGetClassObject
00D3FB00 70D4E77C 00D3FBE4 01051C40 00001FDD 873F0000 !
DllGetClassObject
00D3FB50 70D4AB9F 01051690 01051C40 00000000 00000000 !
DllGetClassObject
00D3FB74 70D4AAC1 01051DC0 00000001 00000000 00D3FBE4 !
DllGetClassObject
00D3FBCC 70D50AF3 01051DC0 00000000 10000000 000D6ED0 !
DllGetClassObject
00D3FCE4 00000000 00400000 01051360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
00d3f214 00 00 00 00 7c f2 d3 00 - ec 8c 08 00 00 00 00
00 ....|...........
00d3f224 48 f2 d3 00 b6 e5 2b 70 - ec 49 0b 00 0e 00 00
00 H.....+p.I......
00d3f234 7c f2 d3 00 b0 4c 0d 00 - 6c f2 d3 00 00 00 00
00 |....L..l.......
00d3f244 4c 00 6f 01 c0 f2 d3 00 - 67 1b 00 10 48 8b 08
00 L.o.....g...H...
00d3f254 0e 00 00 00 7c f2 d3 00 - 01 00 00 00 6c f2 d3
00 ....|.......l...
00d3f264 48 8b 08 00 0d 30 2c 70 - 00 00 00 00 88 98 0b
00 H....0,p........
00d3f274 ec 8c 08 00 48 8b 08 00 - 06 00 00 00 90 f2 d3
00 ....H...........
00d3f284 ec 8c 08 00 00 00 00 00 - 40 8b 08 00 14 00 00
00 ........@.......
00d3f294 00 00 00 00 e8 8c 08 00 - 00 00 00 00 00 00 00
00 ................
00d3f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
00d3f2b4 50 00 6f 01 f0 6d 0d 00 - 4c 00 6f 01 e8 f2 d3
00 P.o..m..L.o.....
00d3f2c4 23 62 2b 70 00 00 00 00 - 88 98 0b 00 e8 8c 08
00 #b+p............
00d3f2d4 00 00 00 00 00 00 00 00 - 40 8b 08 00 00 00 00
00 ........@.......
00d3f2e4 00 00 00 00 18 f3 d3 00 - 5a 1a 2d 70 40 8b 08
00 ........Z.-p@...
00d3f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00d3f304 88 98 0b 00 00 00 00 00 - 00 00 00 00 f4 67 0d
00 .............g..
00d3f314 38 67 0d 00 54 f3 d3 00 - 88 a9 2b 70 40 8b 08
00 8g..T.....+p@...
00d3f324 16 00 00 00 88 98 0b 00 - 5d a9 2b 70 f0 6c 0d
00 ........].+p.l..
00d3f334 16 00 00 00 88 98 0b 00 - 04 01 00 00 38 67 0d
00 ............8g..
00d3f344 00 00 00 00 01 00 00 00 - 05 40 00 80 88 98 0b
00 .........@......
State Dump for Thread Id 0x57c
eax=016e0020 ebx=00000002 ecx=00000008 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d7fe5c ebp=00d7fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017fd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D7FEA8 77E12A00 00D7FE80 00000001 00000000 00D7FEA0
ntdll!NtWaitForMultipleObjects
00D7FF04 77E12A77 00D7FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D7FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D7FF74 70C1AB1B 00D7FFA0 00D7FFA4 00D7FFA8 00D7FF9C !
Ordinal265
00D7FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D7FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x540
eax=778321fe ebx=00000003 ecx=7ffdb000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=0168fd24 ebp=0168fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0210d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0168FD70 77E8A31D 0168FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0168FFB4 77E887DD 00000004 000D4454 7FFDB000 000D4460
kernel32!WaitForMultipleObjects
0168FFEC 00000000 778321FE 000D4460 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0168fd24 b7 7a e8 77 03 00 00 00 - 48 fd 68 01 01 00 00
00 .z.w....H.h.....
0168fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 60 44 0d
00 ............`D..
0168fd44 01 00 00 00 08 02 00 00 - 0c 02 00 00 1c 02 00
00 ................
0168fd54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0168fd64 00 00 00 00 00 00 00 00 - 00 00 00 00 b4 ff 68
01 ..............h.
0168fd74 1d a3 e8 77 48 fd 68 01 - 01 00 00 00 00 00 00
00 ...wH.h.........
0168fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
0168fd94 b0 fe 68 01 00 00 00 00 - ff ff ff ff 60 44 0d
00 ..h.........`D..
0168fda4 00 b0 fd 7f 54 44 0d 00 - e9 ee 42 80 50 31 41
81 ....TD....B.P1A.
0168fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
0168fdc4 23 00 00 00 23 00 00 00 - 54 44 0d 00 00 b0 fd
7f #...#...TD......
0168fdd4 60 44 0d 00 00 b0 fd 7f - 00 b0 fd 7f fe 21 83
77 `D...........!.w
0168fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
0168fdf4 fc ff 68 01 23 00 00 00 - 14 55 42 01 68 bb 33
b7 ..h.#....UB.h.3.
0168fe04 c6 54 42 80 d4 4b 06 80 - 08 db 49 81 e0 2b 41
81 .TB..K....I..+A.
0168fe14 f1 e8 00 00 98 06 a2 81 - f1 e8 00 00 98 06 a2
81 ................
0168fe24 01 12 fa 7f 80 b0 41 81 - c1 99 00 00 18 9a 9a
81 ......A.........
0168fe34 00 07 00 00 ae cc 44 80 - c1 99 00 00 18 9a 9a
81 ......D.........
0168fe44 c1 99 00 00 18 9a 9a 81 - 01 92 f9 7f 33 05 00
00 ............3...
0168fe54 41 d6 44 80 33 05 00 00 - 30 6b 5b 81 00 90 f9
7f A.D.3...0k[.....
Application exception occurred:
App: rundll32.exe (pid=268)
When: 10/14/2003 @ 15:03:33.031
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
576 regsvc.exe
592 mstask.exe
616 stisvc.exe
684 WinMgmt.exe
708 mspmspsv.exe
720 svchost.exe
1048 explorer.exe
1204 igfxtray.exe
1232 hkcmd.exe
1160 vptray.exe
1064 FINDFAST.exe
1272 OSA.exe
268 rundll32.exe
1256 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77D9E000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B3C000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(66D20000 - 66D51000)
(773E0000 - 773F5000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(75030000 - 75043000)
(75020000 - 75028000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(10000000 - 10017000)
State Dump for Thread Id 0x2dc
eax=0008119c ebx=01402020 ecx=7117cff8 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 00084490 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 000700E6 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 000700E6 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A218 000700E6 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 000700E6 01000000 0007A0E8 0000010C
shell32!SHFileOperationA
0006FF18 010016EB 000700E6 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 28 47 09 00 - dc e5 06 00 f8 b2 74
71 ....(G........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 34 48 09 00 28 47 09 00 - f8 f6 07 00 f2 00 06
00 4H..(G..........
0006e5a0 0f 00 00 00 00 00 00 00 - 00 00 00 00 2d 5f 02
00 ............-_..
0006e5b0 2d 02 00 00 b8 01 00 00 - fe 00 00 00 00 00 00
00 -...............
0006e5c0 00 00 00 00 ff ff ff ff - f0 00 06 00 38 a4 77
71 ............8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - e6 00 07 00 f4 e5 06
00 ./wq............
0006e5e0 17 b5 74 71 90 44 08 00 - 00 00 00 00 00 00 00
00 ..tq.D..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 e8 a0 07 00 e6 00 07 00 - 78 01 07 00 78 01 07
00 ........x...x...
0006e620 8b 02 01 58 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 54 00 01 01 20 00 00 00 - 40 00 00 00 02 00 00
00 T... ...@.......
0006e690 00 00 66 00 80 92 e6 77 - 40 00 00 00 30 00 00
00 [email protected]...
State Dump for Thread Id 0x424
eax=00000120 ebx=0007eec0 ecx=0007d0d0 edx=00000000
esi=0007d0d0 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D56D9E 77D39A00 0007D0D0 40084720 00000070
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D41C6C 0007E1E0 00C4FFEC 77E887DD 0007EEC0
rpcrt4!TowerConstruct
00C4FFB4 77E887DD 0007EEC0 40084720 00000070 0007EEC0
rpcrt4!I_RpcServerInqTransportType
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x4f0
eax=77ab4639 ebx=00000102 ecx=0007e730 edx=00000000
esi=77f8318c edi=00c8ff74
eip=77f83197 esp=00c8ff60 ebp=00c8ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0170d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C8FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
*----> Raw Stack Dump <----*
00c8ff60 17 76 e8 77 00 00 00 00 - 74 ff c8 00 b5 77 e8
77 .v.w....t....w.w
00c8ff70 18 f1 07 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 ......<.....0u..
00c8ff80 eb 75 e8 77 60 ea 00 00 - 00 00 00 00 fc 85 ab
77 .u.w`..........w
00c8ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5
77 `....F.w.......w
00c8ffa0 18 f1 07 00 ec ff c8 00 - 18 f1 07 00 53 46 ab
77 ............SF.w
00c8ffb0 d8 7a a6 77 c3 7a a6 77 - dd 87 e8 77 18 f1 07
00 .z.w.z.w...w....
00c8ffc0 d8 7a a6 77 c3 7a a6 77 - 18 f1 07 00 00 c0 fd
7f .z.w.z.w........
00c8ffd0 30 e7 07 00 c0 ff c8 00 - 30 e7 07 00 ff ff ff
ff 0.......0.......
00c8ffe0 56 18 ea 77 88 ae e8 77 - 00 00 00 00 00 00 00
00 V..w...w........
00c8fff0 00 00 00 00 39 46 ab 77 - 18 f1 07 00 00 00 00
00 ....9F.w........
00c90000 00 00 00 00 9f 00 13 00 - 10 00 90 01 17 00 b0
01 ................
00c90010 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90020 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90030 00 00 00 00 01 00 00 00 - 0d 02 01 01 00 00 00
00 ................
00c90040 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00
00 ................
00c90050 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90060 00 00 00 00 1f 00 89 01 - 00 00 00 00 ff ff ff
ff ................
00c90070 ff ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90080 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90090 21 00 8a 01 00 00 00 40 - 06 00 00 00 00 00 00
00 !......@........
State Dump for Thread Id 0x45c
eax=000b5008 ebx=00000002 ecx=000000aa edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d3fe5c ebp=00d3fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017bd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3FEA8 77E12A00 00D3FE80 00000001 00000000 00D3FEA0
ntdll!NtWaitForMultipleObjects
00D3FF04 77E12A77 00D3FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D3FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D3FF74 70C1AB1B 00D3FFA0 00D3FFA4 00D3FFA8 00D3FF9C !
Ordinal265
00D3FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D3FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x460
eax=00d7f27c ebx=00d7f26c ecx=00000002 edx=000d95d0
esi=00000000 edi=000d95d0
eip=70dcf39f esp=00d7f214 ebp=00d7f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:017fc7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:017fc84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000d95d0=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:017fc7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000d95d0=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:017fc7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:00d7f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:017fc7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:017fc7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:017fc84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:017fc84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D7F224 702BE5B6 000B9634 0000000E 00D7F27C 000D95D0 !
DllGetClassObject
00D7F248 10001B67 00088B48 0000000E 00D7F27C 00000001 !
RegisterFormatEnumerator
00D7F2C0 702B6223 00000000 000BE880 00088CE8 00000000 !
<nosymbols>
00D7F2E8 702D1A5A 00088B40 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
00D7F318 702BA988 00088B40 00000016 000BE880 702BA95D !
DllGetClassObject
00D7F354 702C59C3 00000016 00D7F5C0 00000000 000DA7D8 !
CoInternetQueryInfo
00D7F7D0 702BB3AF 00000000 000DA7D8 000DA7E8 702BB372 !
FindMediaTypeClass
00D7F7FC 702B8EF8 00000000 000D69E0 00088B40 00088B48 !
IsAsyncMoniker
00D7F824 702B7DA6 00088CE8 000D69E0 00088B40 00088B48 !
FindMediaType
00D7F86C 70D495F1 00088B40 000D69E0 000B9654 00000000 !
CreateAsyncBindCtxEx
00D7FAC0 70D4943E 000D69E0 873F0000 00D7FBE4 01051EE0 !
DllGetClassObject
00D7FADC 70D493A1 00D7FBE4 01051EF4 873F0000 01051EE0 !
DllGetClassObject
00D7FB00 70D4E77C 00D7FBE4 01051C40 00001FDD 873F0000 !
DllGetClassObject
00D7FB50 70D4AB9F 01051690 01051C40 00000000 00000000 !
DllGetClassObject
00D7FB74 70D4AAC1 01051DC0 00000001 00000000 00D7FBE4 !
DllGetClassObject
00D7FBCC 70D50AF3 01051DC0 00000000 10000000 000DC468 !
DllGetClassObject
00D7FCE4 00000000 00400000 01051360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
00d7f214 00 00 00 00 7c f2 d7 00 - ec 8c 08 00 00 00 00
00 ....|...........
00d7f224 48 f2 d7 00 b6 e5 2b 70 - 34 96 0b 00 0e 00 00
00 H.....+p4.......
00d7f234 7c f2 d7 00 d0 95 0d 00 - 6c f2 d7 00 00 00 00
00 |.......l.......
00d7f244 4c 00 6f 01 c0 f2 d7 00 - 67 1b 00 10 48 8b 08
00 L.o.....g...H...
00d7f254 0e 00 00 00 7c f2 d7 00 - 01 00 00 00 6c f2 d7
00 ....|.......l...
00d7f264 48 8b 08 00 0d 30 2c 70 - 00 00 00 00 80 e8 0b
00 H....0,p........
00d7f274 ec 8c 08 00 48 8b 08 00 - 06 00 00 00 90 f2 d7
00 ....H...........
00d7f284 ec 8c 08 00 00 00 00 00 - 40 8b 08 00 14 00 00
00 ........@.......
00d7f294 00 00 00 00 e8 8c 08 00 - 00 00 00 00 00 00 00
00 ................
00d7f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
00d7f2b4 50 00 6f 01 e8 1c 0b 00 - 4c 00 6f 01 e8 f2 d7
00 P.o.....L.o.....
00d7f2c4 23 62 2b 70 00 00 00 00 - 80 e8 0b 00 e8 8c 08
00 #b+p............
00d7f2d4 00 00 00 00 00 00 00 00 - 40 8b 08 00 00 00 00
00 ........@.......
00d7f2e4 00 00 00 00 18 f3 d7 00 - 5a 1a 2d 70 40 8b 08
00 ........Z.-p@...
00d7f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00d7f304 80 e8 0b 00 00 00 00 00 - 00 00 00 00 94 a8 0d
00 ................
00d7f314 d8 a7 0d 00 54 f3 d7 00 - 88 a9 2b 70 40 8b 08
00 ....T.....+p@...
00d7f324 16 00 00 00 80 e8 0b 00 - 5d a9 2b 70 f8 b8 0d
00 ........].+p....
00d7f334 16 00 00 00 80 e8 0b 00 - 04 01 00 00 d8 a7 0d
00 ................
00d7f344 00 00 00 00 01 00 00 00 - 05 40 00 80 80 e8 0b
00 .........@......
State Dump for Thread Id 0x480
eax=778321fe ebx=00000003 ecx=7ffda000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=0168fd24 ebp=0168fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0210d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0168FD70 77E8A31D 0168FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0168FFB4 77E887DD 00000004 0008338C 7FFDA000 000D8D80
kernel32!WaitForMultipleObjects
0168FFEC 00000000 778321FE 000D8D80 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0168fd24 b7 7a e8 77 03 00 00 00 - 48 fd 68 01 01 00 00
00 .z.w....H.h.....
0168fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 80 8d 0d
00 ................
0168fd44 01 00 00 00 04 02 00 00 - 08 02 00 00 18 02 00
00 ................
0168fd54 e0 51 89 81 e0 51 89 81 - fc 6a 48 b7 94 4e 4a
80 .Q...Q...jH..NJ.
0168fd64 0f 4d 4a 80 40 00 00 00 - 94 6b 48 b7 b4 ff 68
01 [email protected].
0168fd74 1d a3 e8 77 48 fd 68 01 - 01 00 00 00 00 00 00
00 ...wH.h.........
0168fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
0168fd94 b0 fe 68 01 00 00 00 00 - ff ff ff ff 80 8d 0d
00 ..h.............
0168fda4 00 a0 fd 7f 8c 33 08 00 - 00 00 00 00 00 00 00
00 .....3..........
0168fdb4 20 00 4f 81 00 00 00 00 - 00 00 00 00 38 00 00
00 .O.........8...
0168fdc4 23 00 00 00 23 00 00 00 - 8c 33 08 00 00 a0 fd
7f #...#....3......
0168fdd4 80 8d 0d 00 00 a0 fd 7f - 00 a0 fd 7f fe 21 83
77 .............!.w
0168fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
0168fdf4 fc ff 68 01 23 00 00 00 - 28 6b 48 b7 8c 00 4f
81 ..h.#...(kH...O.
0168fe04 14 6b 48 b7 00 00 00 00 - e2 7b 41 80 00 00 00
00 .kH......{A.....
0168fe14 60 d9 46 80 48 eb 2b e3 - 3c 6b 48 b7 2b e7 49
80 `.F.H.+.<kH.+.I.
0168fe24 e0 d8 46 80 4a e7 49 80 - 91 ec 00 00 98 5d a2
81 ..F.J.I......]..
0168fe34 00 07 00 00 ae cc 44 80 - 91 ec 00 00 98 5d a2
81 ......D......]..
0168fe44 91 ec 00 00 98 5d a2 81 - 01 62 fd 7f 3a 05 00
00 .....]...b..:...
0168fe54 41 d6 44 80 3a 05 00 00 - 30 6b 5b 81 00 60 fd
7f A.D.:...0k[..`..
Application exception occurred:
App: rundll32.exe (pid=1152)
When: 10/14/2003 @ 15:05:44.203
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
576 regsvc.exe
592 mstask.exe
616 stisvc.exe
684 WinMgmt.exe
708 mspmspsv.exe
720 svchost.exe
1048 explorer.exe
1204 igfxtray.exe
1232 hkcmd.exe
1160 vptray.exe
1064 FINDFAST.exe
1272 OSA.exe
1152 rundll32.exe
1144 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77D9E000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B3C000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(76B30000 - 76B6D000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(75030000 - 75043000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(71000000 - 71149000)
(76DF0000 - 76E01000)
(75160000 - 7516C000)
(75210000 - 75225000)
(751D0000 - 75208000)
(71F00000 - 71F4D000)
(77570000 - 775A0000)
(6A8F0000 - 6A910000)
(74870000 - 74886000)
(77410000 - 77423000)
(70020000 - 70025000)
(66D20000 - 66D51000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(10000000 - 10017000)
State Dump for Thread Id 0x10c
eax=0008119c ebx=01402020 ecx=7117cff8 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 00084490 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 000C00F0 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 000C00F0 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A218 000C00F0 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 000C00F0 01000000 0007A0E8 00000480
shell32!SHFileOperationA
0006FF18 010016EB 000C00F0 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 28 47 09 00 - dc e5 06 00 f8 b2 74
71 ....(G........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 34 48 09 00 28 47 09 00 - 48 f7 07 00 4e 01 02
00 4H..(G..H...N...
0006e5a0 0f 00 00 00 00 00 00 00 - 00 00 00 00 b6 5e 04
00 .............^..
0006e5b0 38 02 00 00 b4 01 00 00 - fe 00 00 00 00 00 00
00 8...............
0006e5c0 00 00 00 00 ff ff ff ff - e6 00 0c 00 38 a4 77
71 ............8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - f0 00 0c 00 f4 e5 06
00 ./wq............
0006e5e0 17 b5 74 71 90 44 08 00 - 00 00 00 00 00 00 00
00 ..tq.D..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 e8 a0 07 00 f0 00 0c 00 - 78 01 07 00 78 01 07
00 ........x...x...
0006e620 71 02 01 5f 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 53 00 01 01 20 00 00 00 - 40 00 00 00 02 00 00
00 S... ...@.......
0006e690 00 00 66 00 80 92 e6 77 - 40 00 00 00 30 00 00
00 [email protected]...
State Dump for Thread Id 0x460
eax=00000120 ebx=0007eec0 ecx=0007d0d0 edx=00000000
esi=0007d0d0 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D56D9E 77D39A00 0007D0D0 40084720 00000070
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D41C6C 0007E1E0 00C4FFEC 77E887DD 0007EEC0
rpcrt4!TowerConstruct
00C4FFB4 77E887DD 0007EEC0 40084720 00000070 0007EEC0
rpcrt4!I_RpcServerInqTransportType
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x4f0
eax=016a0020 ebx=00000002 ecx=00000008 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d3fe5c ebp=00d3fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017bd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3FEA8 77E12A00 00D3FE80 00000001 00000000 00D3FEA0
ntdll!NtWaitForMultipleObjects
00D3FF04 77E12A77 00D3FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D3FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D3FF74 70C1AB1B 00D3FFA0 00D3FFA4 00D3FFA8 00D3FF9C !
Ordinal265
00D3FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D3FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x424
eax=016a0020 ebx=00000002 ecx=00000008 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d7fe5c ebp=00d7fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017fd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D7FEA8 77E12A00 00D7FE80 00000001 00000000 00D7FEA0
ntdll!NtWaitForMultipleObjects
00D7FF04 77E12A77 00D7FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D7FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D7FF74 70C1AB1B 00D7FFA0 00D7FFA4 00D7FFA8 00D7FF9C !
Ordinal265
00D7FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D7FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x3f8
eax=010bf27c ebx=010bf26c ecx=00000002 edx=000b5440
esi=00000000 edi=000b5440
eip=70dcf39f esp=010bf214 ebp=010bf224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:01b3c7f6=f00d0bad
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:01b3c84f=adf00d0b
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000b5440=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:01b3c7f6=f00d0bad
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000b5440=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:01b3c7f6=f00d0bad
70dcf3a4 8908 mov
[eax],ecx ds:010bf27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:01b3c7f6=f00d0bad
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:01b3c7f6=f00d0bad
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:01b3c84e=f00d0bad
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:01b3c84e=f00d0bad
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
010BF224 702BE5B6 000D275C 0000000E 010BF27C 000B5440 !
DllGetClassObject
010BF248 10001B67 00088B48 0000000E 010BF27C 00000001 !
RegisterFormatEnumerator
010BF2C0 702B6223 00000000 000B2D98 00088CE8 00000000 !
<nosymbols>
010BF2E8 702D1A5A 00088B40 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
010BF318 702BA988 00088B40 00000016 000B2D98 702BA95D !
DllGetClassObject
010BF354 702C59C3 00000016 010BF5C0 00000000 000C6318 !
CoInternetQueryInfo
010BF7D0 702BB3AF 00000000 000C6318 000C6328 702BB372 !
FindMediaTypeClass
010BF7FC 702B8EF8 00000000 000BCF40 00088B40 00088B48 !
IsAsyncMoniker
010BF824 702B7DA6 00088CE8 000BCF40 00088B40 00088B48 !
FindMediaType
010BF86C 70D495F1 00088B40 000BCF40 000D277C 00000000 !
CreateAsyncBindCtxEx
010BFAC0 70D4943E 000BCF40 873F0000 010BFBE4 01551EE0 !
DllGetClassObject
010BFADC 70D493A1 010BFBE4 01551EF4 873F0000 01551EE0 !
DllGetClassObject
010BFB00 70D4E77C 010BFBE4 01551C40 00001FDD 873F0000 !
DllGetClassObject
010BFB50 70D4AB9F 01551690 01551C40 00000000 00000000 !
DllGetClassObject
010BFB74 70D4AAC1 01551DC0 00000001 00000000 010BFBE4 !
DllGetClassObject
010BFBCC 70D50AF3 01551DC0 00000000 10000000 000B2538 !
DllGetClassObject
010BFCE4 00000000 00400000 01551360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
010bf214 00 00 00 00 7c f2 0b 01 - ec 8c 08 00 00 00 00
00 ....|...........
010bf224 48 f2 0b 01 b6 e5 2b 70 - 5c 27 0d 00 0e 00 00
00 H.....+p\'......
010bf234 7c f2 0b 01 40 54 0b 00 - 6c f2 0b 01 00 00 00
00 |[email protected].......
010bf244 4c 00 bd 01 c0 f2 0b 01 - 67 1b 00 10 48 8b 08
00 L.......g...H...
010bf254 0e 00 00 00 7c f2 0b 01 - 01 00 00 00 6c f2 0b
01 ....|.......l...
010bf264 48 8b 08 00 0d 30 2c 70 - 00 00 00 00 98 2d 0b
00 H....0,p.....-..
010bf274 ec 8c 08 00 48 8b 08 00 - 06 00 00 00 90 f2 0b
01 ....H...........
010bf284 ec 8c 08 00 00 00 00 00 - 40 8b 08 00 14 00 00
00 ........@.......
010bf294 00 00 00 00 e8 8c 08 00 - 00 00 00 00 00 00 00
00 ................
010bf2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
010bf2b4 50 00 bd 01 90 5b 0b 00 - 4c 00 bd 01 e8 f2 0b
01 P....[..L.......
010bf2c4 23 62 2b 70 00 00 00 00 - 98 2d 0b 00 e8 8c 08
00 #b+p.....-......
010bf2d4 00 00 00 00 00 00 00 00 - 40 8b 08 00 00 00 00
00 ........@.......
010bf2e4 00 00 00 00 18 f3 0b 01 - 5a 1a 2d 70 40 8b 08
00 ........Z.-p@...
010bf2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
010bf304 98 2d 0b 00 00 00 00 00 - 00 00 00 00 d4 63 0c
00 .-...........c..
010bf314 18 63 0c 00 54 f3 0b 01 - 88 a9 2b 70 40 8b 08
00 .c..T.....+p@...
010bf324 16 00 00 00 98 2d 0b 00 - 5d a9 2b 70 28 72 0b
00 .....-..].+p(r..
010bf334 16 00 00 00 98 2d 0b 00 - 04 01 00 00 18 63 0c
00 .....-.......c..
010bf344 00 00 00 00 01 00 00 00 - 05 40 00 80 98 2d 0b
00 [email protected]..
State Dump for Thread Id 0x128
eax=77ab4639 ebx=00000102 ecx=00070778 edx=00000000
esi=77f8318c edi=0154ff74
eip=77f83197 esp=0154ff60 ebp=0154ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:01fcd533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0154FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
*----> Raw Stack Dump <----*
0154ff60 17 76 e8 77 00 00 00 00 - 74 ff 54 01 b5 77 e8
77 .v.w....t.T..w.w
0154ff70 40 87 08 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 @.....<.....0u..
0154ff80 eb 75 e8 77 60 ea 00 00 - 00 00 00 00 fc 85 ab
77 .u.w`..........w
0154ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5
77 `....F.w.......w
0154ffa0 40 87 08 00 ec ff 54 01 - 40 87 08 00 53 46 ab
77 @[email protected]
0154ffb0 d8 7a a6 77 c3 7a a6 77 - dd 87 e8 77 40 87 08
00 .z.w.z.w...w@...
0154ffc0 d8 7a a6 77 c3 7a a6 77 - 40 87 08 00 00 c0 fd
7f .z.w.z.w@.......
0154ffd0 78 07 07 00 c0 ff 54 01 - 78 07 07 00 ff ff ff
ff x.....T.x.......
0154ffe0 56 18 ea 77 88 ae e8 77 - 00 00 00 00 00 00 00
00 V..w...w........
0154fff0 00 00 00 00 39 46 ab 77 - 40 87 08 00 00 00 00
00 ....9F.w@.......
01550000 a1 00 55 01 01 00 00 00 - 07 00 00 00 00 00 00
0a ..U.............
01550010 00 00 00 00 00 00 00 00 - 00 06 00 00 00 00 00
06 ................
01550020 00 00 00 00 00 1d 00 00 - 00 00 00 00 00 00 00
00 ................
01550030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01550040 00 00 01 01 0c 00 00 00 - 00 00 00 00 00 00 00
00 ................
01550050 01 0a 00 00 00 00 00 00 - 00 00 00 01 00 00 00
00 ................
01550060 01 02 00 01 02 00 0a 00 - 00 00 00 00 00 00 00
00 ................
01550070 03 00 00 13 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01550080 00 00 00 00 00 00 11 00 - 00 00 00 00 00 00 00
00 ................
01550090 00 00 00 00 00 00 00 05 - 00 00 00 00 05 00 00
00 ................
State Dump for Thread Id 0x46c
eax=778321fe ebx=00000003 ecx=7ffd9000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=01b8fd24 ebp=01b8fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0260d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01B8FD70 77E8A31D 01B8FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
01B8FFB4 77E887DD 00000004 000BD354 7FFD9000 000C15E8
kernel32!WaitForMultipleObjects
01B8FFEC 00000000 778321FE 000C15E8 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
01b8fd24 b7 7a e8 77 03 00 00 00 - 48 fd b8 01 01 00 00
00 .z.w....H.......
01b8fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 e8 15 0c
00 ................
01b8fd44 01 00 00 00 58 02 00 00 - 5c 02 00 00 6c 02 00
00 ....X...\...l...
01b8fd54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01b8fd64 00 00 00 00 00 00 00 00 - 00 00 00 00 b4 ff b8
01 ................
01b8fd74 1d a3 e8 77 48 fd b8 01 - 01 00 00 00 00 00 00
00 ...wH...........
01b8fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
01b8fd94 b0 fe b8 01 00 00 00 00 - ff ff ff ff e8 15 0c
00 ................
01b8fda4 00 90 fd 7f 54 d3 0b 00 - 00 00 00 00 00 00 00
00 ....T...........
01b8fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
01b8fdc4 23 00 00 00 23 00 00 00 - 54 d3 0b 00 00 90 fd
7f #...#...T.......
01b8fdd4 e8 15 0c 00 00 90 fd 7f - 00 90 fd 7f fe 21 83
77 .............!.w
01b8fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
01b8fdf4 fc ff b8 01 23 00 00 00 - 00 00 00 00 00 00 00
00 ....#...........
01b8fe04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01b8fe14 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01b8fe24 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01b8fe34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01b8fe44 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01b8fe54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
Application exception occurred:
App: rundll32.exe (pid=1416)
When: 10/14/2003 @ 17:22:58.406
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
392 svchost.exe
424 spoolsv.exe
452 defwatch.exe
468 svchost.exe
496 nslsvice.exe
508 nsl.exe
520 rtvscan.exe
572 regsvc.exe
592 mstask.exe
636 stisvc.exe
696 WinMgmt.exe
712 mspmspsv.exe
724 svchost.exe
1040 explorer.exe
1148 igfxtray.exe
1196 hkcmd.exe
1228 vptray.exe
1284 FINDFAST.exe
1292 OSA.exe
1388 ipmsg2.02.exe
316 YPager.exe
1096 VB6.exe
1044 IEXPLORE.exe
1416 rundll32.exe
1432 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77D9E000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B3C000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(10000000 - 10007000)
(66D20000 - 66D51000)
(773E0000 - 773F5000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(75030000 - 75043000)
(75020000 - 75028000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(016E0000 - 016F7000)
State Dump for Thread Id 0x374
eax=000021ff ebx=01402020 ecx=00000000 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 000846B8 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 00180290 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 00180290 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A548 00180290 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 00180290 01000000 0007A418 00000588
shell32!SHFileOperationA
0006FF18 010016EB 00180290 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 c8 40 09 00 - dc e5 06 00 f8 b2 74
71 [email protected]
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 d4 41 09 00 c8 40 09 00 - 78 fa 07 00 54 02 0a
00 [email protected]...
0006e5a0 0f 00 00 00 00 00 00 00 - 00 00 00 00 55 04 7d
00 ............U.}.
0006e5b0 32 02 00 00 b2 01 00 00 - fe 00 00 00 00 00 00
00 2...............
0006e5c0 00 00 00 00 ff ff ff ff - c4 01 1d 00 38 a4 77
71 ............8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - 90 02 18 00 f4 e5 06
00 ./wq............
0006e5e0 17 b5 74 71 b8 46 08 00 - 00 00 00 00 00 00 00
00 ..tq.F..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 18 a4 07 00 90 02 18 00 - b8 a4 07 00 00 00 00
00 ................
0006e620 9d 02 01 91 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 85 04 01 65 20 00 00 00 - 40 00 00 00 78 01 07
00 ...e [email protected]...
0006e690 78 01 07 00 78 01 07 00 - 78 01 07 00 30 00 00
00 x...x...x...0...
State Dump for Thread Id 0x220
eax=00000120 ebx=0007f1f0 ecx=0007d400 edx=00000000
esi=0007d400 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D56D9E 77D39A00 0007D400 40097C18 00000070
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D41C6C 0007E510 00C4FFEC 77E887DD 0007F1F0
rpcrt4!TowerConstruct
00C4FFB4 77E887DD 0007F1F0 40097C18 00000070 0007F1F0
rpcrt4!I_RpcServerInqTransportType
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x5a0
eax=77ab4639 ebx=00c8ff80 ecx=0007ea60 edx=00000000
esi=77f8377b edi=00000128
eip=77f83786 esp=00c8ff64 ebp=00c8ff88 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:0170d537=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C8FF88 77AB4719 00000128 00007530 00000000 77A50000
ntdll!NtWaitForSingleObject
00007530 00000000 00000000 00000000 00000000 00000000
ole32!UpdateDCOMSettings
*----> Raw Stack Dump <----*
00c8ff64 0f 78 e8 77 28 01 00 00 - 00 00 00 00 80 ff c8
00 .x.w(...........
00c8ff74 b5 77 e8 77 48 f4 07 00 - 02 01 00 00 00 5d 1e
ee .w.wH........]..
00c8ff84 ff ff ff ff 30 75 00 00 - 19 47 ab 77 28 01 00
00 ....0u...G.w(...
00c8ff94 30 75 00 00 00 00 00 00 - 00 00 a5 77 48 f4 07
00 0u.........wH...
00c8ffa4 ec ff c8 00 48 f4 07 00 - 53 46 ab 77 d8 7a a6
77 ....H...SF.w.z.w
00c8ffb4 c3 7a a6 77 dd 87 e8 77 - 48 f4 07 00 d8 7a a6
77 .z.w...wH....z.w
00c8ffc4 c3 7a a6 77 48 f4 07 00 - 00 c0 fd 7f 60 ea 07
00 .z.wH.......`...
00c8ffd4 c0 ff c8 00 60 ea 07 00 - ff ff ff ff 56 18 ea
77 ....`.......V..w
00c8ffe4 88 ae e8 77 00 00 00 00 - 00 00 00 00 00 00 00
00 ...w............
00c8fff4 39 46 ab 77 48 f4 07 00 - 00 00 00 00 00 00 00
00 9F.wH...........
00c90004 9f 00 13 00 10 00 90 01 - 17 00 b0 01 ff ff ff
00 ................
00c90014 ff ff ff 00 00 00 00 00 - 00 00 00 00 ff ff ff
00 ................
00c90024 ff ff ff 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90034 01 00 00 00 0d 02 01 01 - 00 00 00 00 00 00 00
00 ................
00c90044 00 00 00 00 00 00 00 00 - 02 00 00 00 01 00 00
00 ................
00c90054 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90064 1f 00 89 01 00 00 00 00 - ff ff ff ff ff ff ff
ff ................
00c90074 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90084 01 00 00 00 00 00 00 00 - 00 00 00 00 21 00 8a
01 ............!...
00c90094 00 00 00 40 06 00 00 00 - 00 00 00 00 00 00 00
00 ...@............
State Dump for Thread Id 0x58c
eax=00d3f27c ebx=00d3f26c ecx=00000002 edx=000d5450
esi=00000000 edi=000d5450
eip=70dcf39f esp=00d3f214 ebp=00d3f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:017bc7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:017bc84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000d5450=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:017bc7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000d5450=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:017bc7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:00d3f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:017bc7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:017bc7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:017bc84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:017bc84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3F224 702BE5B6 000B4F0C 0000000E 00D3F27C 000D5450 !
DllGetClassObject
00D3F248 016E1B67 00088D70 0000000E 00D3F27C 00000001 !
RegisterFormatEnumerator
00D3F2C0 702B6223 00000000 000D6DA8 00088F10 00000000 !
<nosymbols>
00D3F2E8 702D1A5A 00088D68 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
00D3F318 702BA988 00088D68 00000016 000D6DA8 702BA95D !
DllGetClassObject
00D3F354 702C59C3 00000016 00D3F5C0 00000000 000D5548 !
CoInternetQueryInfo
00D3F7D0 702BB3AF 00000000 000D5548 000D5558 702BB372 !
FindMediaTypeClass
00D3F7FC 702B8EF8 00000000 000D2A10 00088D68 00088D70 !
IsAsyncMoniker
00D3F824 702B7DA6 00088F10 000D2A10 00088D68 00088D70 !
FindMediaType
00D3F86C 70D495F1 00088D68 000D2A10 000B4F2C 00000000 !
CreateAsyncBindCtxEx
00D3FAC0 70D4943E 000D2A10 873F0000 00D3FBE4 01051EE0 !
DllGetClassObject
00D3FADC 70D493A1 00D3FBE4 01051EF4 873F0000 01051EE0 !
DllGetClassObject
00D3FB00 70D4E77C 00D3FBE4 01051C40 00001FDD 873F0000 !
DllGetClassObject
00D3FB50 70D4AB9F 01051690 01051C40 00000000 00000000 !
DllGetClassObject
00D3FB74 70D4AAC1 01051DC0 00000001 00000000 00D3FBE4 !
DllGetClassObject
00D3FBCC 70D50AF3 01051DC0 00000000 10000000 000D7840 !
DllGetClassObject
00D3FCE4 00000000 00400000 01051360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
00d3f214 00 00 00 00 7c f2 d3 00 - 14 8f 08 00 00 00 00
00 ....|...........
00d3f224 48 f2 d3 00 b6 e5 2b 70 - 0c 4f 0b 00 0e 00 00
00 H.....+p.O......
00d3f234 7c f2 d3 00 50 54 0d 00 - 6c f2 d3 00 00 00 00
00 |...PT..l.......
00d3f244 4c 00 71 01 c0 f2 d3 00 - 67 1b 6e 01 70 8d 08
00 L.q.....g.n.p...
00d3f254 0e 00 00 00 7c f2 d3 00 - 01 00 00 00 6c f2 d3
00 ....|.......l...
00d3f264 70 8d 08 00 0d 30 2c 70 - 00 00 00 00 a8 6d 0d
00 p....0,p.....m..
00d3f274 14 8f 08 00 70 8d 08 00 - 06 00 00 00 90 f2 d3
00 ....p...........
00d3f284 14 8f 08 00 00 00 00 00 - 68 8d 08 00 14 00 00
00 ........h.......
00d3f294 00 00 00 00 10 8f 08 00 - 00 00 00 00 00 00 00
00 ................
00d3f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
00d3f2b4 50 00 71 01 10 73 0d 00 - 4c 00 71 01 e8 f2 d3
00 P.q..s..L.q.....
00d3f2c4 23 62 2b 70 00 00 00 00 - a8 6d 0d 00 10 8f 08
00 #b+p.....m......
00d3f2d4 00 00 00 00 00 00 00 00 - 68 8d 08 00 00 00 00
00 ........h.......
00d3f2e4 00 00 00 00 18 f3 d3 00 - 5a 1a 2d 70 68 8d 08
00 ........Z.-ph...
00d3f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00d3f304 a8 6d 0d 00 00 00 00 00 - 00 00 00 00 04 56 0d
00 .m...........V..
00d3f314 48 55 0d 00 54 f3 d3 00 - 88 a9 2b 70 68 8d 08
00 HU..T.....+ph...
00d3f324 16 00 00 00 a8 6d 0d 00 - 5d a9 2b 70 40 71 0d
00 .....m..].+p@q..
00d3f334 16 00 00 00 a8 6d 0d 00 - 04 01 00 00 48 55 0d
00 .....m......HU..
00d3f344 00 00 00 00 01 00 00 00 - 05 40 00 80 a8 6d 0d
00 [email protected]..
State Dump for Thread Id 0x5a8
eax=00000000 ebx=00000002 ecx=7ffda000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d7fe5c ebp=00d7fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017fd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D7FEA8 77E12A00 00D7FE80 00000001 00000000 00D7FEA0
ntdll!NtWaitForMultipleObjects
00D7FF04 77E12A77 00D7FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D7FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D7FF74 70C1AB1B 00D7FFA0 00D7FFA4 00D7FFA8 00D7FF9C !
Ordinal265
00D7FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D7FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x5a4
eax=778321fe ebx=00000003 ecx=7ffdb000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=0168fd24 ebp=0168fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0210d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0168FD70 77E8A31D 0168FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0168FFB4 77E887DD 00000004 000D4BF4 7FFDB000 000D4C00
kernel32!WaitForMultipleObjects
0168FFEC 00000000 778321FE 000D4C00 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0168fd24 b7 7a e8 77 03 00 00 00 - 48 fd 68 01 01 00 00
00 .z.w....H.h.....
0168fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 4c 0d
00 .............L..
0168fd44 01 00 00 00 04 02 00 00 - 08 02 00 00 18 02 00
00 ................
0168fd54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0168fd64 00 00 00 00 00 00 00 00 - 00 00 00 00 b4 ff 68
01 ..............h.
0168fd74 1d a3 e8 77 48 fd 68 01 - 01 00 00 00 00 00 00
00 ...wH.h.........
0168fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
0168fd94 b0 fe 68 01 00 00 00 00 - ff ff ff ff 00 4c 0d
00 ..h..........L..
0168fda4 00 b0 fd 7f f4 4b 0d 00 - e0 bd 4e 81 00 00 00
00 .....K....N.....
0168fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
0168fdc4 23 00 00 00 23 00 00 00 - f4 4b 0d 00 00 b0 fd
7f #...#....K......
0168fdd4 00 4c 0d 00 00 b0 fd 7f - 00 b0 fd 7f fe 21 83
77 .L...........!.w
0168fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
0168fdf4 fc ff 68 01 23 00 00 00 - 8c 4f 45 80 80 3b 10
b7 ..h.#....OE..;..
0168fe04 08 50 47 81 08 50 47 81 - 40 00 00 00 24 3b 10
b7 .PG..PG.@...$;..
0168fe14 d0 f8 44 80 00 fb 3b 81 - 00 00 00 00 00 00 00
00 ..D...;.........
0168fe24 88 1f 37 81 a6 24 49 80 - 88 1f 37 81 70 01 00
00 ..7..$I...7.p...
0168fe34 40 6a 89 81 03 00 10 00 - 08 50 47 81 40 6a 89
81 @j.......PG.@j..
0168fe44 20 50 47 81 08 50 47 81 - 0c 50 47 81 00 00 00
00 PG..PG..PG.....
0168fe54 00 00 00 00 00 00 00 00 - 0c 50 47 81 00 00 00
00 .........PG.....
Application exception occurred:
App: explorer.exe (pid=872)
When: 10/17/2003 @ 10:45:26.593
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
392 svchost.exe
424 spoolsv.exe
452 defwatch.exe
468 svchost.exe
496 nslsvice.exe
508 nsl.exe
520 rtvscan.exe
572 regsvc.exe
588 mstask.exe
608 stisvc.exe
672 WinMgmt.exe
708 mspmspsv.exe
720 svchost.exe
872 explorer.exe
1056 igfxtray.exe
1060 hkcmd.exe
1044 vptray.exe
1216 FINDFAST.exe
1224 OSA.exe
1264 nlnotes.exe
1184 naldaemn.exe
1140 nhldaemn.exe
1240 VB6.exe
1292 ipmsg2.02.exe
1136 DRWTSN32.exe
0 _Total.exe
(00400000 - 0043E000)
(77F80000 - 77FFB000)
(77DB0000 - 77E0D000)
(77E80000 - 77F36000)
(77D30000 - 77D9E000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(70BD0000 - 70C35000)
(78000000 - 78046000)
(71710000 - 71794000)
(732E0000 - 73305000)
(23000000 - 23056000)
(782F0000 - 78536000)
(77A50000 - 77B3C000)
(775A0000 - 77625000)
(779B0000 - 77A4B000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(71000000 - 71149000)
(71160000 - 7125D000)
(77C10000 - 77C6E000)
(76DF0000 - 76E01000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(75030000 - 75043000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(76620000 - 76630000)
(75160000 - 7516C000)
(75210000 - 75225000)
(751D0000 - 75208000)
(76F20000 - 76F95000)
(70340000 - 70381000)
(766D0000 - 766E8000)
(76740000 - 76748000)
(77880000 - 7790D000)
(766F0000 - 766F7000)
(77570000 - 775A0000)
(770F0000 - 772ED000)
(77560000 - 77569000)
(77400000 - 77408000)
(77410000 - 77423000)
(76290000 - 762CB000)
(6DE80000 - 6DEE3000)
(770B0000 - 770B7000)
(717F0000 - 71819000)
(76B30000 - 76B6D000)
(717C0000 - 717DE000)
(77BF0000 - 77C01000)
(773B0000 - 773DE000)
(77380000 - 773A2000)
(77800000 - 7781E000)
(71960000 - 71972000)
(71F00000 - 71F4D000)
(6A8F0000 - 6A910000)
(74870000 - 74886000)
(70020000 - 70025000)
(76710000 - 76719000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(718C0000 - 71944000)
(702B0000 - 7032A000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(70440000 - 704CF000)
(70C50000 - 70EFD000)
(75AC0000 - 75AE8000)
(658F0000 - 65A04000)
(70510000 - 7051A000)
(70F30000 - 70F9E000)
(75E60000 - 75E7A000)
(66650000 - 666A4000)
(66D20000 - 66D51000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(10000000 - 10017000)
State Dump for Thread Id 0x104
eax=71001a78 ebx=00000001 ecx=00094f98 edx=00000000
esi=00094ad0 edi=00000000
eip=77e12268 esp=0006ff00 ebp=0006ff1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:00aed4d3=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006FF1C 7832B0E5 00000000 004018DF 00094AD0 00000000
user32!WaitMessage
0006FF60 00401621 00000060 00000000 00020656 00000001
shell32!Ordinal201
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
explorer!<nosymbols>
0006FFF0 00000000 004015A8 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006ff00 56 b1 32 78 8e 76 e8 77 - d0 4a 09 00 01 00 00
00 V.2x.v.w.J......
0006ff10 d0 4a 09 00 d0 4a 09 00 - 60 ff 06 00 60 ff 06
00 .J...J..`...`...
0006ff20 e5 b0 32 78 00 00 00 00 - df 18 40 00 d0 4a 09
00 [email protected]..
0006ff30 00 00 00 00 56 06 02 00 - 00 f0 fd 7f 30 7f 42
81 ....V.......0.B.
0006ff40 78 a1 e8 77 ff ff ff ff - 0c 00 00 00 56 06 02
00 x..w........V...
0006ff50 b3 a1 e8 77 02 00 00 00 - ab 81 05 00 e0 ff 06
00 ...w............
0006ff60 c0 ff 06 00 21 16 40 00 - 60 00 00 00 00 00 00
00 ....!.@.`.......
0006ff70 56 06 02 00 01 00 00 00 - 00 00 00 00 44 00 00
00 V...........D...
0006ff80 98 62 07 00 80 57 07 00 - b8 62 07 00 00 00 00
00 .b...W...b......
0006ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 98 e9 06
00 ................
0006ffa0 38 66 07 00 90 e9 06 00 - 01 00 00 00 01 00 00
00 8f..............
0006ffb0 00 00 00 00 ff ff ff ff - ff ff ff ff ff ff ff
ff ................
0006ffc0 f0 ff 06 00 90 ca e9 77 - 00 00 00 00 00 00 00
00 .......w........
0006ffd0 00 f0 fd 7f 00 00 00 00 - c8 ff 06 00 00 00 00
00 ................
0006ffe0 ff ff ff ff 56 18 ea 77 - 98 ca e9 77 00 00 00
00 ....V..w...w....
0006fff0 00 00 00 00 00 00 00 00 - a8 15 40 00 00 00 00
00 ..........@.....
00070000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 00 00
00 ................
00070010 00 00 00 00 00 fe 00 00 - 00 00 10 00 00 20 00
00 ............. ..
00070020 00 02 00 00 00 20 00 00 - f4 19 00 00 ff ef fd
7f ..... ..........
00070030 01 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x444
eax=fffffff0 ebx=00000000 ecx=002301f8 edx=00000000
esi=00000000 edi=00000000
eip=77e12268 esp=00e4ff2c ebp=00e4ff4c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:018cd4ff=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00E4FF4C 00403743 70C0C464 00400000 0035002D 0032002D
user32!WaitMessage
00E4FFB4 77E887DD 00000000 0035002D 0032002D 0006FEE0
explorer!<nosymbols>
00E4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x358
eax=00000000 ebx=00000008 ecx=78327290 edx=00000000
esi=77f837a7 edi=00000008
eip=77f837b2 esp=00e9fd98 ebp=00e9fde4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0191d36b=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00E9FDE4 77E12A00 00E9FDBC 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
00E9FE40 77E12A77 00E9FE0C 00E9FEB8 FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
00E9FE5C 7832A4D2 00000007 00E9FEB8 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
7840E540 FFFFFFFF 00000000 00000000 000001B0 00000000
shell32!Ordinal200
77FD0000 7840E540 77FD0028 77FCFFE8 00000025 00000025
<nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000
shell32!<nosymbols>
State Dump for Thread Id 0x2fc
eax=000000c0 ebx=00e4fccc ecx=77e8b119 edx=00000000
esi=ffffffff edi=00000557
eip=77f83197 esp=010fffa0 ebp=010fffb4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b
gs=0000 efl=00000246
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:01b7d573=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
010FFFB4 77E887DD 00E4FCCC 00000557 FFFFFFFF 00E4FCCC
ntdll!NtDelayExecution
010FFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x4b4
eax=0113fa34 ebx=00000000 ecx=000aa0b0 edx=00000000
esi=00000000 edi=0113fda4
eip=77f83c6a esp=0113f9f0 ebp=0113fa50 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: ZwDeviceIoControlFile
77f83c5f b838000000 mov eax,0x38
77f83c64 8d542404 lea edx,
[esp+0x4] ss:01bbcfc3=????????
77f83c68 cd2e int 2e
77f83c6a c22800 ret 0x28
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0113FA50 76F56601 000007A8 0017000E 76F5D658 00000038
ntdll!ZwDeviceIoControlFile
0113FD30 76F50AFA 000A1F64 0113FD4C 000A1EE0 000A1ED0
netshell!<nosymbols>
0113FDA8 76F51B8A 0113FDC4 0113FDEC 000BF498 000BE800
netshell!<nosymbols>
0113FDCC 76F4EF71 000A1EE0 0113FDEC 00000000 0113FED8
netshell!<nosymbols>
0113FDF4 76F4EEF9 00508A2A 000BF498 0113FE24 77E11D0A
netshell!<nosymbols>
0113FE04 77E11D0A 00000000 00000113 00007FE3 00508A2A
netshell!<nosymbols>
0113FE24 77E11C40 76F4EEC5 00000000 00000113 00007FE3
user32!DispatchMessageW
0113FEB0 77E11CEF 0113FED8 00000000 76F21AF1 0113FED8
user32!GetAppCompatFlags2
00000001 00000000 00000000 00000000 00000000 00000000
user32!DispatchMessageW
*----> Raw Stack Dump <----*
0113f9f0 b9 b7 e8 77 a8 07 00 00 - 00 00 00 00 00 00 00
00 ...w............
0113fa00 00 00 00 00 28 fa 13 01 - 0e 00 17 00 58 d6 f5
76 ....(.......X..v
0113fa10 38 00 00 00 84 fa 13 01 - a0 02 00 00 a4 fd 13
01 8...............
0113fa20 4c fd 13 01 a8 07 00 00 - 00 00 00 00 90 00 00
00 L...............
0113fa30 e6 68 f5 76 74 fa 13 01 - 1c fa 13 01 01 01 01
01 .h.vt...........
0113fa40 a0 fe 13 01 56 18 ea 77 - e8 b7 e8 77 ff ff ff
ff ....V..w...w....
0113fa50 30 fd 13 01 01 66 f5 76 - a8 07 00 00 0e 00 17
00 0....f.v........
0113fa60 58 d6 f5 76 38 00 00 00 - 84 fa 13 01 a0 02 00
00 X..v8...........
0113fa70 38 fd 13 01 00 00 00 00 - ec fd 13 01 a4 fd 13
01 8...............
0113fa80 d0 1e 0a 00 07 01 01 00 - 04 00 00 00 40 42 0f
00 ............@B..
0113fa90 04 01 01 80 04 00 00 00 - 00 00 00 00 14 01 01
80 ................
0113faa0 04 00 00 00 00 00 00 00 - 01 01 02 00 04 00 00
00 ................
0113fab0 e6 10 00 00 02 01 02 00 - 04 00 00 00 fb 36 00
00 .............6..
0113fac0 03 01 02 00 04 00 00 00 - 00 00 00 00 04 01 02
00 ................
0113fad0 04 00 00 00 00 00 00 00 - 08 02 02 80 04 00 00
00 ................
0113fae0 ff 16 00 00 ff ff ff 80 - 04 00 00 00 94 14 00
00 ................
0113faf0 13 02 02 80 04 00 00 00 - 4e 00 00 00 14 02 02
80 ........N.......
0113fb00 04 00 00 00 00 00 00 00 - 15 02 02 80 04 00 00
00 ................
0113fb10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0113fb20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x428
eax=00000000 ebx=77e1bfad ecx=0118fd0c edx=00000000
esi=0118fd70 edi=77e11dba
eip=77e11d6b esp=0118fd04 ebp=0118fd1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:01c0d2d7=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:01c0d2d7=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:01c0d2d7=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0118FD1C 766D193C 0118FD70 00000000 00000000 00000000
user32!TranslateMessageEx
0118FD90 766D182F 00010070 00000000 766D2A8C 00000001
stobject!DllGetClassObject
0118FFB4 77E887DD 00000000 00E4FAA0 77F82B95 00000000
stobject!DllGetClassObject
0118FFEC 00000000 766D17EA 00000000 00000000 00040000
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0118fd04 e1 1d e1 77 70 fd 18 01 - 00 00 00 00 00 00 00
00 ...wp...........
0118fd14 00 00 00 00 00 00 00 00 - 90 fd 18 01 3c 19 6d
76 ............<.mv
0118fd24 70 fd 18 01 00 00 00 00 - 00 00 00 00 00 00 00
00 p...............
0118fd34 a0 fa e4 00 00 00 6d 76 - 00 00 00 00 30 00 00
00 ......mv....0...
0118fd44 00 40 00 00 00 13 6d 76 - 00 00 00 00 1e 00 00
00 [email protected]........
0118fd54 00 00 6d 76 51 00 04 00 - 11 00 01 00 10 00 00
00 ..mvQ...........
0118fd64 00 00 00 00 b0 28 6d 76 - 00 00 00 00 7a 00 01
00 .....(mv....z...
0118fd74 2d 05 00 00 d1 04 00 00 - 00 00 00 00 da 9d 09
00 -...............
0118fd84 42 01 00 00 10 01 00 00 - 00 00 00 00 b4 ff 18
01 B...............
0118fd94 2f 18 6d 76 70 00 01 00 - 00 00 00 00 8c 2a 6d
76 /.mvp........*mv
0118fda4 01 00 00 00 95 2b f8 77 - 43 00 3a 00 5c 00 57
00 .....+.wC.:.\.W.
0118fdb4 49 00 4e 00 4e 00 54 00 - 5c 00 53 00 79 00 73
00 I.N.N.T.\.S.y.s.
0118fdc4 74 00 65 00 6d 00 33 00 - 32 00 5c 00 73 00 74
00 t.e.m.3.2.\.s.t.
0118fdd4 6f 00 62 00 6a 00 65 00 - 63 00 74 00 2e 00 64
00 o.b.j.e.c.t...d.
0118fde4 6c 00 6c 00 00 00 e8 77 - 1b 00 00 00 00 02 00
00 l.l....w........
0118fdf4 fc ff 18 01 23 00 00 00 - 00 00 00 00 00 00 00
00 ....#...........
0118fe04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0118fe14 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0118fe24 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0118fe34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x404
eax=77562bda ebx=00000002 ecx=00000000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=0121ff24 ebp=0121ff70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:01c9d4f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0121FF70 77E8A31D 0121FF48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0121FFB4 77E887DD 00000000 0118EC94 0118F520 00000000
kernel32!WaitForMultipleObjects
0121FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x3e8
eax=00000000 ebx=000493e0 ecx=000df464 edx=00000000
esi=00085718 edi=000493e0
eip=77f837dc esp=0136febc ebp=0136fee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: ZwRemoveIoCompletion
77f837d1 b8a8000000 mov eax,0xa8
77f837d6 8d542404 lea edx,
[esp+0x4] ss:01ded48f=????????
77f837da cd2e int 2e
77f837dc c21400 ret 0x14
77f837df 53 push ebx
77f837e0 f7e1 mul ecx
77f837e2 8bd8 mov ebx,eax
77f837e4 8b442408 mov eax,
[esp+0x8] ss:01ded48f=????????
77f837e8 f7642414 mul dword ptr
[esp+0x14] ss:01ded48f=????????
77f837ec 03d8 add ebx,eax
77f837ee 8b442408 mov eax,
[esp+0x8] ss:01ded48f=????????
77f837f2 f7e1 mul ecx
77f837f4 03d3 add edx,ebx
77f837f6 5b pop ebx
77f837f7 c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0136FEE4 77D809DA 0000012C 0136FF1C 0136FF0C 0136FF14
ntdll!ZwRemoveIoCompletion
0136FF20 77D50EDE 000493E0 0136FF60 0136FF5C 0136FF70
rpcrt4!I_RpcTransGetAddressList
0136FF74 77D50D17 77D39A00 00085718 00000008 0118F62C
rpcrt4!TowerConstruct
0136FFA8 77D41C6C 000B05B0 0136FFEC 77E887DD 000A93D0
rpcrt4!TowerConstruct
0136FFB4 77E887DD 000A93D0 00000008 0118F62C 000A93D0
rpcrt4!I_RpcServerInqTransportType
0136FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x27c
eax=01baf27c ebx=01baf26c ecx=00000002 edx=00120bc8
esi=00000000 edi=00120bc8
eip=70dcf39f esp=01baf214 ebp=01baf224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:0262c7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:0262c84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:00120bc8=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:0262c7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:00120bc8=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:0262c7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:01baf27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:0262c7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:0262c7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:0262c84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:0262c84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01BAF224 702BE5B6 0013A024 0000000E 01BAF27C 00120BC8 !
DllGetClassObject
01BAF248 10001B67 000E9080 0000000E 01BAF27C 00000001 !
RegisterFormatEnumerator
01BAF2C0 702B6223 00000000 00106BC8 000E9220 00000000 !
<nosymbols>
01BAF2E8 702D1A5A 000E9078 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
01BAF318 702BA988 000E9078 00000016 00106BC8 702BA95D !
DllGetClassObject
01BAF354 702C59C3 00000016 01BAF5C0 00000000 0010B4A8 !
CoInternetQueryInfo
01BAF7D0 702BB3AF 00000000 0010B4A8 0010B4B8 702BB372 !
FindMediaTypeClass
01BAF7FC 702B8EF8 00000000 0011D8C0 000E9078 000E9080 !
IsAsyncMoniker
01BAF824 702B7DA6 000E9220 0011D8C0 000E9078 000E9080 !
FindMediaType
01BAF86C 70D495F1 000E9078 0011D8C0 0013A044 00000000 !
CreateAsyncBindCtxEx
01BAFAC0 70D4943E 0011D8C0 873F0000 01BAFBE4 01E60EF0 !
DllGetClassObject
01BAFADC 70D493A1 01BAFBE4 01E60F04 873F0000 01E60EF0 !
DllGetClassObject
01BAFB00 70D4E77C 01BAFBE4 01E60BB0 00001FDD 873F0000 !
DllGetClassObject
01BAFB50 70D4AB9F 01E60150 01E60BB0 00000000 00000000 !
DllGetClassObject
01BAFB74 70D4AAC1 01E60CC0 00000001 00000000 01BAFBE4 !
DllGetClassObject
01BAFBCC 70D50AF3 01E60CC0 00000000 10000000 00127A68 !
DllGetClassObject
01BAFCE4 00000000 00400000 01E566A0 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
01baf214 00 00 00 00 7c f2 ba 01 - 24 92 0e 00 00 00 00
00 ....|...$.......
01baf224 48 f2 ba 01 b6 e5 2b 70 - 24 a0 13 00 0e 00 00
00 H.....+p$.......
01baf234 7c f2 ba 01 c8 0b 12 00 - 6c f2 ba 01 00 00 00
00 |.......l.......
01baf244 4c 00 91 02 c0 f2 ba 01 - 67 1b 00 10 80 90 0e
00 L.......g.......
01baf254 0e 00 00 00 7c f2 ba 01 - 01 00 00 00 6c f2 ba
01 ....|.......l...
01baf264 80 90 0e 00 0d 30 2c 70 - 00 00 00 00 c8 6b 10
00 .....0,p.....k..
01baf274 24 92 0e 00 80 90 0e 00 - 06 00 00 00 90 f2 ba
01 $...............
01baf284 24 92 0e 00 00 00 00 00 - 78 90 0e 00 14 00 00
00 $.......x.......
01baf294 00 00 00 00 20 92 0e 00 - 00 00 00 00 00 00 00
00 .... ...........
01baf2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
01baf2b4 50 00 91 02 e0 82 0b 00 - 4c 00 91 02 e8 f2 ba
01 P.......L.......
01baf2c4 23 62 2b 70 00 00 00 00 - c8 6b 10 00 20 92 0e
00 #b+p.....k.. ...
01baf2d4 00 00 00 00 00 00 00 00 - 78 90 0e 00 00 00 00
00 ........x.......
01baf2e4 00 00 00 00 18 f3 ba 01 - 5a 1a 2d 70 78 90 0e
00 ........Z.-px...
01baf2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01baf304 c8 6b 10 00 00 00 00 00 - 00 00 00 00 64 b5 10
00 .k..........d...
01baf314 a8 b4 10 00 54 f3 ba 01 - 88 a9 2b 70 78 90 0e
00 ....T.....+px...
01baf324 16 00 00 00 c8 6b 10 00 - 5d a9 2b 70 00 d9 11
00 .....k..].+p....
01baf334 16 00 00 00 c8 6b 10 00 - 04 01 00 00 a8 b4 10
00 .....k..........
01baf344 00 00 00 00 01 00 00 00 - 05 40 00 80 c8 6b 10
00 [email protected]..
State Dump for Thread Id 0x500
eax=77d41c54 ebx=80050002 ecx=00000000 edx=00000000
esi=000864e0 edi=00086520
eip=77f83bb8 esp=01cffe28 ebp=01cfff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:0277d3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01CFFF74 77D56D9E 77D39A00 000864E0 00000000 00000000
ntdll!NtReplyWaitReceivePortEx
01CFFFA8 77D41C6C 000A5DC0 01CFFFEC 77E887DD 000A2E58
rpcrt4!TowerConstruct
01CFFFB4 77E887DD 000A2E58 00000000 00000000 000A2E58
rpcrt4!I_RpcServerInqTransportType
01CFFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x284
eax=0008d308 ebx=00000002 ecx=7ffdd000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=01d3fe5c ebp=01d3fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:027bd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01D3FEA8 77E12A00 01D3FE80 00000001 00000000 01D3FEA0
ntdll!NtWaitForMultipleObjects
01D3FF04 77E12A77 01D3FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
01D3FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
01D3FF74 70C1AB1B 01D3FFA0 01D3FFA4 01D3FFA8 01D3FF9C !
Ordinal265
01D3FFAC 70C1ACDF 00000000 77E887DD 00000000 7FFDE000 !
Ordinal293
01D3FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x488
eax=00070110 ebx=00000000 ecx=00000403 edx=00000000
esi=000a55e8 edi=00000000
eip=77e12268 esp=01d9fcd8 ebp=01d9ff28 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:0281d2ab=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01D9FF28 71181ACF 00000000 00000230 0006EA1C 000C0498
user32!WaitMessage
01D9FFB4 77E887DD 000C0498 00000230 0006EA1C 000C0498 !
Ordinal123
01D9FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x4b8
eax=77ab4639 ebx=00000102 ecx=00070778 edx=00000000
esi=77f8318c edi=01ddff74
eip=77f83197 esp=01ddff60 ebp=01ddff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0285d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01DDFF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
State Dump for Thread Id 0x48c
eax=00070110 ebx=0228ff74 ecx=00000324 edx=00000000
esi=77f8377b edi=00000538
eip=77f83786 esp=0228ff58 ebp=0228ff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:02d0d52b=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0228FF7C 77E87837 00000538 000927C0 00000000 70CFD855
ntdll!NtWaitForSingleObject
77F8316D 4AFFC033 E0850F08 89000005 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
State Dump for Thread Id 0x408
eax=09000010 ebx=022cff74 ecx=00000000 edx=00000000
esi=77f8377b edi=00000544
eip=77f83786 esp=022cff58 ebp=022cff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:02d4d52b=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
022CFF7C 77E87837 00000544 000927C0 00000000 70CFD855
ntdll!NtWaitForSingleObject
77F8316D 4AFFC033 E0850F08 89000005 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
State Dump for Thread Id 0x2f0
eax=778321fe ebx=00000003 ecx=7ffd9000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=028efd24 ebp=028efd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0336d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
028EFD70 77E8A31D 028EFD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
028EFFB4 77E887DD 00000004 000DECE4 7FFD9000 00110DA8
kernel32!WaitForMultipleObjects
028EFFEC 00000000 778321FE 00110DA8 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
028efd24 b7 7a e8 77 03 00 00 00 - 48 fd 8e 02 01 00 00
00 .z.w....H.......
028efd34 00 00 00 00 00 00 00 00 - 00 00 00 00 a8 0d 11
00 ................
028efd44 01 00 00 00 fc 05 00 00 - 00 06 00 00 10 06 00
00 ................
028efd54 14 3a 38 b7 ff 03 1f 00 - 2c 3b 38 b7 01 00 00
00 .:8.....,;8.....
028efd64 24 c2 36 81 a8 3a 38 b7 - 54 1d 49 80 b4 ff 8e
02 $.6..:8.T.I.....
028efd74 1d a3 e8 77 48 fd 8e 02 - 01 00 00 00 00 00 00
00 ...wH...........
028efd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
028efd94 b0 fe 8e 02 00 00 00 00 - ff ff ff ff a8 0d 11
00 ................
028efda4 00 90 fd 7f e4 ec 0d 00 - ff ff ff ff f0 3a 38
b7 .............:8.
028efdb4 78 52 4a 80 00 00 00 00 - 00 00 00 00 38 00 00
00 xRJ.........8...
028efdc4 23 00 00 00 23 00 00 00 - e4 ec 0d 00 00 90 fd
7f #...#...........
028efdd4 a8 0d 11 00 00 90 fd 7f - 00 90 fd 7f fe 21 83
77 .............!.w
028efde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
028efdf4 fc ff 8e 02 23 00 00 00 - 09 00 00 00 0c 00 00
00 ....#...........
028efe04 d4 13 3d e3 00 00 00 00 - 00 00 00 00 00 00 00
02 ..=.............
028efe14 48 3b 38 b7 00 00 00 02 - 7c 3b 38 b7 86 f2 4a
80 H;8.....|;8...J.
028efe24 30 90 4c e3 30 90 4c e3 - 00 00 00 00 00 00 00
00 0.L.0.L.........
028efe34 01 00 00 00 48 3b 38 b7 - 8e f2 4a 80 30 90 4c
e3 ....H;8...J.0.L.
028efe44 00 00 00 02 80 3c 38 b7 - 00 00 00 00 00 00 00
00 .....<8.........
028efe54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
Application exception occurred:
App: explorer.exe (pid=644)
When: 10/17/2003 @ 10:48:45.640
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
392 svchost.exe
424 spoolsv.exe
452 defwatch.exe
468 svchost.exe
496 nslsvice.exe
508 nsl.exe
520 rtvscan.exe
572 regsvc.exe
588 mstask.exe
608 stisvc.exe
672 WinMgmt.exe
708 mspmspsv.exe
720 svchost.exe
1056 igfxtray.exe
1060 hkcmd.exe
1044 vptray.exe
1216 FINDFAST.exe
1224 OSA.exe
1264 nlnotes.exe
1184 naldaemn.exe
1140 nhldaemn.exe
1292 ipmsg2.02.exe
644 explorer.exe
892 DRWTSN32.exe
0 _Total.exe
(00400000 - 0043E000)
(77F80000 - 77FFB000)
(77DB0000 - 77E0D000)
(77E80000 - 77F36000)
(77D30000 - 77D9E000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(70BD0000 - 70C35000)
(78000000 - 78046000)
(71710000 - 71794000)
(732E0000 - 73305000)
(23000000 - 23056000)
(782F0000 - 78536000)
(77A50000 - 77B3C000)
(775A0000 - 77625000)
(779B0000 - 77A4B000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(71000000 - 71149000)
(71160000 - 7125D000)
(77C10000 - 77C6E000)
(76620000 - 76630000)
(75160000 - 7516C000)
(75210000 - 75225000)
(751D0000 - 75208000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(75030000 - 75043000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(76F20000 - 76F95000)
(70340000 - 70381000)
(766D0000 - 766E8000)
(76740000 - 76748000)
(77880000 - 7790D000)
(766F0000 - 766F7000)
(77570000 - 775A0000)
(770F0000 - 772ED000)
(77560000 - 77569000)
(77400000 - 77408000)
(77410000 - 77423000)
(76290000 - 762CB000)
(6DE80000 - 6DEE3000)
(76DF0000 - 76E01000)
(71960000 - 71972000)
(71F00000 - 71F4D000)
(6A8F0000 - 6A910000)
(74870000 - 74886000)
(70020000 - 70025000)
(702B0000 - 7032A000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(70440000 - 704CF000)
(70C50000 - 70EFD000)
(718C0000 - 71944000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(76710000 - 76719000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(75AC0000 - 75AE8000)
(658F0000 - 65A04000)
(70510000 - 7051A000)
(6B700000 - 6B790000)
(75E60000 - 75E7A000)
(70F30000 - 70F9E000)
(69B10000 - 69C25000)
(76B30000 - 76B6D000)
(6AC20000 - 6AC58000)
(6E0B0000 - 6E0E3000)
(770B0000 - 770B7000)
(66650000 - 666A4000)
(08830000 - 08868000)
(07680000 - 07AF2000)
(08110000 - 083DE000)
(68DC0000 - 68EB6000)
(72760000 - 7276F000)
(089C0000 - 089DC000)
(68ED0000 - 68F16000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(74FD0000 - 74FED000)
(75010000 - 75017000)
(782C0000 - 782CC000)
(77340000 - 77353000)
(77520000 - 77525000)
(77320000 - 77337000)
(773B0000 - 773DE000)
(77380000 - 773A2000)
(77360000 - 77379000)
(777E0000 - 777E8000)
(777F0000 - 777F5000)
(10000000 - 10017000)
(66D20000 - 66D51000)
(16200000 - 16206000)
(04530000 - 0453C000)
(04650000 - 0465A000)
(755A0000 - 755ED000)
(04A60000 - 04A70000)
(08530000 - 0872D000)
(07260000 - 07299000)
(074A0000 - 0752A000)
(083F0000 - 08408000)
State Dump for Thread Id 0x38c
eax=00094c30 ebx=00000001 ecx=7832d0d8 edx=00000000
esi=00094c10 edi=00000000
eip=77e12268 esp=0006ff00 ebp=0006ff1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:00aed4d3=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006FF1C 7832B0E5 00000000 004018DF 00094C10 0074006E
user32!WaitMessage
0006FF60 00401621 00000060 00000000 00020644 00000005
shell32!Ordinal201
0006FFC0 77E9CA90 0074006E 0041005C 7FFDF000 00000065
explorer!<nosymbols>
0006FFF0 00000000 004015A8 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006ff00 56 b1 32 78 8e 76 e8 77 - 10 4c 09 00 01 00 00
00 V.2x.v.w.L......
0006ff10 10 4c 09 00 10 4c 09 00 - 60 ff 06 00 60 ff 06
00 .L...L..`...`...
0006ff20 e5 b0 32 78 00 00 00 00 - df 18 40 00 10 4c 09
00 [email protected]..
0006ff30 6e 00 74 00 44 06 02 00 - 00 f0 fd 7f b0 e6 41
81 n.t.D.........A.
0006ff40 78 a1 e8 77 ff ff ff ff - 0c 00 00 00 44 06 02
00 x..w........D...
0006ff50 b3 a1 e8 77 02 00 00 00 - 3c 94 50 00 e0 ff 06
00 ...w....<.P.....
0006ff60 c0 ff 06 00 21 16 40 00 - 60 00 00 00 00 00 00
00 ....!.@.`.......
0006ff70 44 06 02 00 05 00 00 00 - 5c 00 41 00 44 00 00
00 D.......\.A.D...
0006ff80 78 57 07 00 90 62 07 00 - a8 62 07 00 00 00 00
00 xW...b...b......
0006ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 56 18 ea
77 ............V..w
0006ffa0 f0 7f e8 77 ff ff ff ff - 01 00 00 00 05 00 00
00 ...w............
0006ffb0 00 00 00 00 ff ff ff ff - ff ff ff ff ff ff ff
ff ................
0006ffc0 f0 ff 06 00 90 ca e9 77 - 6e 00 74 00 5c 00 41
00 .......wn.t.\.A.
0006ffd0 00 f0 fd 7f 65 00 00 00 - c8 ff 06 00 65 00 00
00 ....e.......e...
0006ffe0 ff ff ff ff 56 18 ea 77 - 98 ca e9 77 00 00 00
00 ....V..w...w....
0006fff0 00 00 00 00 00 00 00 00 - a8 15 40 00 00 00 00
00 ..........@.....
00070000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 00 00
00 ................
00070010 00 00 00 00 00 fe 00 00 - 00 00 40 00 00 20 00
00 ..........@.. ..
00070020 00 02 00 00 00 20 00 00 - a1 80 00 00 ff ef fd
7f ..... ..........
00070030 01 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x408
eax=000a614c ebx=00000102 ecx=77b2a0e8 edx=00000000
esi=77f8318c edi=00e0ff74
eip=77f83197 esp=00e0ff60 ebp=00e0ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0188d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00E0FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
State Dump for Thread Id 0x488
eax=00000000 ebx=00000000 ecx=000ea520 edx=00000000
esi=00000000 edi=00000000
eip=77e12268 esp=00e4ff2c ebp=00e4ff4c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:018cd4ff=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00E4FF4C 00403743 70C0C464 00400000 0035002D 0032002D
user32!WaitMessage
00E4FFB4 77E887DD 00000000 0035002D 0032002D 0006FEE0
explorer!<nosymbols>
00E4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x500
eax=00000000 ebx=00000008 ecx=ffffffff edx=00000000
esi=77f837a7 edi=00000008
eip=77f837b2 esp=00e9fd98 ebp=00e9fde4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0191d36b=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00E9FDE4 77E12A00 00E9FDBC 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
00E9FE40 77E12A77 00E9FE0C 00E9FEB8 FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
00E9FE5C 7832A4D2 00000007 00E9FEB8 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
7840E540 FFFFFFFF 00000000 00000000 00000224 00000000
shell32!Ordinal200
77FD0000 7840E540 77FD0028 77FCFFE8 0000000C 0000000C
<nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000
shell32!<nosymbols>
State Dump for Thread Id 0x3e8
eax=00edcff8 ebx=00000002 ecx=00000040 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00edfe5c ebp=00edfea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0195d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00EDFEA8 77E12A00 00EDFE80 00000001 00000000 00EDFEA0
ntdll!NtWaitForMultipleObjects
00EDFF04 77E12A77 00EDFED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00EDFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00EDFF74 70C1AB1B 00EDFFA0 00EDFFA4 00EDFFA8 00EDFF9C !
Ordinal265
00EDFFAC 70C1ACDF 00000000 77E887DD 00000000 7FFDE000 !
Ordinal293
00EDFFEC 00000000 70C1ACAF 00000000 00000000 000000C8 !
Ordinal293
*----> Raw Stack Dump <----*
00edfe5c b7 7a e8 77 02 00 00 00 - 80 fe ed 00 01 00 00
00 .z.w............
00edfe6c 00 00 00 00 a0 fe ed 00 - 00 00 00 00 00 00 00
00 ................
00edfe7c 02 00 00 00 d4 01 00 00 - 14 02 00 00 90 4f a5
77 .............O.w
00edfe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 a0 fe ed
00 ................
00edfe9c 00 00 00 00 00 ba 3c dc - ff ff ff ff 04 ff ed
00 ......<.........
00edfeac 00 2a e1 77 80 fe ed 00 - 01 00 00 00 00 00 00
00 .*.w............
00edfebc a0 fe ed 00 00 00 00 00 - 60 ea 00 00 18 bb c2
70 ........`......p
00edfecc 00 00 00 00 d4 01 00 00 - 14 02 00 00 84 ff ed
00 ................
00edfedc 4f 7a 2e 73 00 00 16 71 - 74 ff ed 00 00 e0 fd
7f Oz.s...qt.......
00edfeec 18 bb c2 70 00 00 00 00 - 00 00 00 00 cc 96 fd
7f ...p............
00edfefc 00 00 00 00 14 02 00 00 - 20 ff ed 00 77 2a e1
77 ........ ...w*.w
00edff0c d0 fe ed 00 38 bb c2 70 - 60 ea 00 00 41 00 00
00 ....8..p`...A...
00edff1c 00 00 00 00 74 ff ed 00 - 93 a7 c1 70 01 00 00
00 ....t......p....
00edff2c 38 bb c2 70 00 00 00 00 - 60 ea 00 00 41 00 00
00 8..p....`...A...
00edff3c 00 e0 fd 7f 18 bb c2 70 - 00 00 00 00 00 00 00
00 .......p........
00edff4c 00 00 00 00 80 85 09 00 - b0 b0 b2 77 60 eb a7
77 ...........w`..w
00edff5c 00 00 00 00 00 e0 fd 7f - 69 7d 53 00 18 bb c2
70 ........i}S....p
00edff6c 60 ea 00 00 01 00 00 00 - ac ff ed 00 1b ab c1
70 `..............p
00edff7c a0 ff ed 00 a4 ff ed 00 - a8 ff ed 00 9c ff ed
00 ................
00edff8c 60 ea 00 00 00 e0 fd 7f - 00 00 bd 70 00 00 00
00 `..........p....
State Dump for Thread Id 0x428
eax=000000c0 ebx=00e4fccc ecx=00000000 edx=00000000
esi=00000012 edi=00000557
eip=77f83197 esp=0108ffa0 ebp=0108ffb4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b
gs=0000 efl=00000246
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:01b0d573=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0108FFB4 77E887DD 00E4FCCC 00000557 00000012 00E4FCCC
ntdll!NtDelayExecution
0108FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x4b4
eax=010cfa34 ebx=00000000 ecx=000a19b8 edx=00000000
esi=00000000 edi=010cfda4
eip=77f83c6a esp=010cf9f0 ebp=010cfa50 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: ZwDeviceIoControlFile
77f83c5f b838000000 mov eax,0x38
77f83c64 8d542404 lea edx,
[esp+0x4] ss:01b4cfc3=????????
77f83c68 cd2e int 2e
77f83c6a c22800 ret 0x28
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
010CFA50 76F56601 000009E4 0017000E 76F5D658 00000038
ntdll!ZwDeviceIoControlFile
010CFD30 76F50AFA 0009FFE4 010CFD4C 0009FF60 0009FF50
netshell!<nosymbols>
010CFDA8 76F51B8A 010CFDC4 010CFDEC 000A8B50 000AB858
netshell!<nosymbols>
010CFDCC 76F4EF71 0009FF60 010CFDEC 00000000 010CFED8
netshell!<nosymbols>
010CFDF4 76F4EEF9 005393B0 000A8B50 010CFE24 77E11D0A
netshell!<nosymbols>
010CFE04 77E11D0A 00000000 00000113 00007BFF 005393B0
netshell!<nosymbols>
010CFE24 77E11C40 76F4EEC5 00000000 00000113 00007BFF
user32!DispatchMessageW
010CFEB0 77E11CEF 010CFED8 00000000 76F21AF1 010CFED8
user32!GetAppCompatFlags2
00000001 00000000 00000000 00000000 00000000 00000000
user32!DispatchMessageW
*----> Raw Stack Dump <----*
010cf9f0 b9 b7 e8 77 e4 09 00 00 - 00 00 00 00 00 00 00
00 ...w............
010cfa00 00 00 00 00 28 fa 0c 01 - 0e 00 17 00 58 d6 f5
76 ....(.......X..v
010cfa10 38 00 00 00 84 fa 0c 01 - a0 02 00 00 a4 fd 0c
01 8...............
010cfa20 4c fd 0c 01 e4 09 00 00 - 00 00 00 00 90 00 00
00 L...............
010cfa30 e6 68 f5 76 74 fa 0c 01 - 1c fa 0c 01 01 01 01
01 .h.vt...........
010cfa40 a0 fe 0c 01 56 18 ea 77 - e8 b7 e8 77 ff ff ff
ff ....V..w...w....
010cfa50 30 fd 0c 01 01 66 f5 76 - e4 09 00 00 0e 00 17
00 0....f.v........
010cfa60 58 d6 f5 76 38 00 00 00 - 84 fa 0c 01 a0 02 00
00 X..v8...........
010cfa70 38 fd 0c 01 00 00 00 00 - ec fd 0c 01 a4 fd 0c
01 8...............
010cfa80 50 ff 09 00 07 01 01 00 - 04 00 00 00 40 42 0f
00 P...........@B..
010cfa90 04 01 01 80 04 00 00 00 - 00 00 00 00 14 01 01
80 ................
010cfaa0 04 00 00 00 00 00 00 00 - 01 01 02 00 04 00 00
00 ................
010cfab0 02 11 00 00 02 01 02 00 - 04 00 00 00 eb 37 00
00 .............7..
010cfac0 03 01 02 00 04 00 00 00 - 00 00 00 00 04 01 02
00 ................
010cfad0 04 00 00 00 00 00 00 00 - 08 02 02 80 04 00 00
00 ................
010cfae0 13 17 00 00 ff ff ff 80 - 04 00 00 00 5c 15 00
00 ............\...
010cfaf0 13 02 02 80 04 00 00 00 - 4e 00 00 00 14 02 02
80 ........N.......
010cfb00 04 00 00 00 00 00 00 00 - 15 02 02 80 04 00 00
00 ................
010cfb10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
010cfb20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x358
eax=0000000c ebx=77e1bfad ecx=00000000 edx=00000000
esi=0110fd70 edi=77e11dba
eip=77e11d6b esp=0110fd04 ebp=0110fd1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:01b8d2d7=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:01b8d2d7=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:01b8d2d7=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0110FD1C 766D193C 0110FD70 00000000 00000000 00000000
user32!TranslateMessageEx
0110FD90 766D182F 0003004C 00000000 766D2A8C 00000001
stobject!DllGetClassObject
0110FFB4 77E887DD 00000000 00F00021 00E4FA1C 00000000
stobject!DllGetClassObject
0110FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x444
eax=00000000 ebx=00000000 ecx=000aa520 edx=00000000
esi=000864c0 edi=00000100
eip=77f83bb8 esp=0114fe28 ebp=0114ff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:01bcd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0114FF74 77D56D9E 77D39AD0 000864C0 00000000 00000000
ntdll!NtReplyWaitReceivePortEx
0114FFA8 77D41C6C 00079288 0114FFEC 77E887DD 0008F9E8
rpcrt4!TowerConstruct
0114FFB4 77E887DD 0008F9E8 00000000 00000000 0008F9E8
rpcrt4!I_RpcServerInqTransportType
0114FFEC 00000000 77D41C54 0008F9E8 00000000 000000C8
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0114fe28 d4 74 d5 77 2c 01 00 00 - 54 ff 14 01 00 00 00
00 .t.w,...T.......
0114fe38 08 b0 0a 00 58 ff 14 01 - 10 92 07 00 e8 40 0a
00 ....X........@..
0114fe48 6d 31 f8 77 00 00 00 00 - 01 71 49 81 74 bb 4a
ed m1.w.....qI.t.J.
0114fe58 78 b1 46 80 00 00 00 00 - 08 00 45 81 08 00 45
81 x.F.......E...E.
0114fe68 00 00 00 00 01 00 00 00 - 00 50 45 80 00 00 00
00 .........PE.....
0114fe78 01 71 49 01 98 bb 4a ed - e2 ac 46 80 00 00 00
00 .qI...J...F.....
0114fe88 00 00 00 00 a3 00 42 80 - 08 00 45 81 88 dc 48
81 ......B...E...H.
0114fe98 00 00 00 00 08 00 45 81 - 70 dc 48 81 00 00 00
00 ......E.p.H.....
0114fea8 08 00 45 81 0c bc 4a ed - c6 54 42 80 08 00 45
81 ..E...J..TB...E.
0114feb8 d4 4b 06 80 00 4b 06 80 - 00 00 00 00 70 7e 4e
81 .K...K......p~N.
0114fec8 73 35 66 b7 31 06 66 b7 - 0c bc 4a ed 00 00 00
00 s5f.1.f...J.....
0114fed8 ec bb 4a ed 00 4b 06 80 - 6b 00 66 b7 0c bc 4a
ed ..J..K..k.f...J.
0114fee8 f3 ff 65 b7 40 34 4c 81 - 08 00 45 81 08 00 45
81 [email protected].
0114fef8 88 dc 48 81 ac bb 4a ed - 3d 00 00 00 f0 bc 4a
ed ..H...J.=.....J.
0114ff08 8c 05 46 80 e8 56 40 80 - ff ff ff ff 34 bc 4a
ed [email protected].
0114ff18 3e 9e 49 80 48 00 45 81 - 54 bc 4a ed 48 bc 4a
ed >.I.H.E.T.J.H.J.
0114ff28 44 bc 4a ed c0 71 49 81 - 60 82 49 81 00 00 00
00 D.J..qI.`.I.....
0114ff38 60 82 49 81 f0 83 49 81 - 64 bc 4a ed f3 da 42
80 `.I...I.d.J...B.
0114ff48 a4 da 42 80 d4 4b 06 80 - c0 83 49 81 02 00 05
00 ..B..K....I.....
0114ff58 00 a2 2f 4d ff ff ff ff - 50 fe 14 01 00 00 02
80 ../M....P.......
State Dump for Thread Id 0x4b8
eax=77562bda ebx=00000002 ecx=00000000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=011eff24 ebp=011eff70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:01c6d4f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
011EFF70 77E8A31D 011EFF48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
011EFFB4 77E887DD 00000000 0110EC94 0110F520 00000000
kernel32!WaitForMultipleObjects
011EFFEC 00000000 77562BDA 00000000 00000000 000000C8
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
011eff24 b7 7a e8 77 02 00 00 00 - 48 ff 1e 01 01 00 00
00 .z.w....H.......
011eff34 00 00 00 00 00 00 00 00 - 94 ec 10 01 00 00 00
00 ................
011eff44 00 00 00 00 44 03 00 00 - 40 03 00 00 c0 a2 4c
81 [email protected].
011eff54 60 a1 4c 81 00 00 00 00 - 00 00 00 00 00 00 00
00 `.L.............
011eff64 00 00 00 00 00 00 00 00 - 00 00 00 00 b4 ff 1e
01 ................
011eff74 1d a3 e8 77 48 ff 1e 01 - 01 00 00 00 00 00 00
00 ...wH...........
011eff84 00 00 00 00 00 00 00 00 - 1a 2c 56 77 02 00 00
00 .........,Vw....
011eff94 a4 ff 1e 01 00 00 00 00 - ff ff ff ff 20 f5 10
01 ............ ...
011effa4 44 03 00 00 40 03 00 00 - 00 00 00 00 00 00 00
00 D...@...........
011effb4 ec ff 1e 01 dd 87 e8 77 - 00 00 00 00 94 ec 10
01 .......w........
011effc4 20 f5 10 01 00 00 00 00 - 00 40 fd 7f 00 00 00
00 ........@......
011effd4 c0 ff 1e 01 00 00 00 00 - ff ff ff ff 56 18 ea
77 ............V..w
011effe4 88 ae e8 77 00 00 00 00 - 00 00 00 00 00 00 00
00 ...w............
011efff4 da 2b 56 77 00 00 00 00 - 00 00 00 00 c8 00 00
00 .+Vw............
011f0004 00 01 00 00 ff ee ff ee - 02 00 00 00 00 00 00
00 ................
011f0014 00 fe 00 00 00 00 10 00 - 00 20 00 00 00 02 00
00 ......... ......
011f0024 00 20 00 00 dc 01 00 00 - ff ef fd 7f 09 00 08
06 . ..............
011f0034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
011f0044 98 05 1f 01 0f 00 00 00 - f8 ff ff ff 50 00 1f
01 ............P...
011f0054 50 00 1f 01 40 06 1f 01 - 00 00 00 00 00 00 00
00 P...@...........
State Dump for Thread Id 0x470
eax=c002100b ebx=000493e0 ecx=00000102 edx=00000000
esi=000856f8 edi=000493e0
eip=77f837dc esp=0132febc ebp=0132fee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: ZwRemoveIoCompletion
77f837d1 b8a8000000 mov eax,0xa8
77f837d6 8d542404 lea edx,
[esp+0x4] ss:01dad48f=adf00d0b
77f837da cd2e int 2e
77f837dc c21400 ret 0x14
77f837df 53 push ebx
77f837e0 f7e1 mul ecx
77f837e2 8bd8 mov ebx,eax
77f837e4 8b442408 mov eax,
[esp+0x8] ss:01dad48f=adf00d0b
77f837e8 f7642414 mul dword ptr
[esp+0x14] ss:01dad48f=adf00d0b
77f837ec 03d8 add ebx,eax
77f837ee 8b442408 mov eax,
[esp+0x8] ss:01dad48f=adf00d0b
77f837f2 f7e1 mul ecx
77f837f4 03d3 add edx,ebx
77f837f6 5b pop ebx
77f837f7 c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0132FEE4 77D809DA 00000128 0132FF1C 0132FF0C 0132FF14
ntdll!ZwRemoveIoCompletion
0132FF20 77D50EDE 000493E0 0132FF60 0132FF5C 0132FF70
rpcrt4!I_RpcTransGetAddressList
0132FF74 77D50D17 77D39A00 000856F8 00000008 0110F62C
rpcrt4!TowerConstruct
0132FFA8 77D41C6C 0008FCF0 0132FFEC 77E887DD 0008D200
rpcrt4!TowerConstruct
0132FFB4 77E887DD 0008D200 00000008 0110F62C 0008D200
rpcrt4!I_RpcServerInqTransportType
0132FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x524
eax=77d41c54 ebx=00000000 ecx=00000000 edx=00000000
esi=000864c0 edi=00000100
eip=77f83bb8 esp=0136fe28 ebp=0136ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:01ded3fb=adf00d0b
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0136FF74 77D56D9E 77D39A00 000864C0 00000000 00000000
ntdll!NtReplyWaitReceivePortEx
0136FFA8 77D41C6C 000A58B8 0136FFEC 77E887DD 000B2020
rpcrt4!TowerConstruct
0136FFB4 77E887DD 000B2020 00000000 00000000 000B2020
rpcrt4!I_RpcServerInqTransportType
0136FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x528
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000
esi=000a7690 edi=00000000
eip=77e12268 esp=013afcd8 ebp=013aff28 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:01e2d2ab=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
013AFF28 71181ACF 00000000 000001E8 0006EA1C 000B4D40
user32!WaitMessage
013AFFB4 77E887DD 000B4D40 000001E8 0006EA1C 000B4D40 !
Ordinal123
013AFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x52c
eax=00070110 ebx=01c8ff74 ecx=00000325 edx=00000000
esi=77f8377b edi=0000042c
eip=77f83786 esp=01c8ff58 ebp=01c8ff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:0270d52b=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01C8FF7C 77E87837 0000042C 000927C0 00000000 70CFD855
ntdll!NtWaitForSingleObject
77F8316D 4AFFC033 E0850F08 89000005 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
*----> Raw Stack Dump <----*
01c8ff58 0f 78 e8 77 2c 04 00 00 - 00 00 00 00 74 ff c8
01 .x.w,.......t...
01c8ff68 00 00 00 00 00 25 85 01 - 3c 31 f8 77 00 44 5f
9a .....%..<1.w.D_.
01c8ff78 fe ff ff ff 6d 31 f8 77 - 37 78 e8 77 2c 04 00
00 ....m1.w7x.w,...
01c8ff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 2c 04 00
00 .'......U..p,...
01c8ff98 c0 27 09 00 09 00 00 00 - 00 25 85 01 ec ff c8
01 .'.......%......
01c8ffa8 00 25 85 01 95 d7 cf 70 - 58 a2 0c 00 6f d7 cf
70 .%.....pX...o..p
01c8ffb8 dd 87 e8 77 00 25 85 01 - 09 00 00 00 58 a2 0c
00 ...w.%......X...
01c8ffc8 00 25 85 01 00 c0 fa 7f - 50 4b 0c 00 c0 ff c8
01 .%......PK......
01c8ffd8 50 4b 0c 00 ff ff ff ff - 56 18 ea 77 88 ae e8
77 PK......V..w...w
01c8ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf
70 ............f..p
01c8fff8 00 25 85 01 00 00 00 00 - 43 6c 69 65 6e 74 20
55 .%......Client U
01c90008 72 6c 43 61 63 68 65 20 - 4d 4d 46 20 56 65 72
20 rlCache MMF Ver
01c90018 35 2e 32 00 00 c0 18 00 - 00 50 00 00 00 31 00
00 5.2......P...1..
01c90028 a8 01 00 00 00 00 00 00 - 00 6c d0 1d 00 00 00
00 .........l......
01c90038 00 c0 d2 02 00 00 00 00 - 00 a0 3b 02 00 00 00
00 ..........;.....
01c90048 04 00 00 00 76 00 00 00 - 39 4e 38 39 41 48 4d
33 ....v...9N89AHM3
01c90058 7b 00 00 00 55 51 42 46 - 4b 38 45 52 73 00 00
00 {...UQBFK8ERs...
01c90068 4f 36 42 41 52 55 51 39 - 7e 00 00 00 43 41 59
4e O6BARUQ9~...CAYN
01c90078 5a 44 47 54 00 00 00 00 - 00 00 00 00 00 00 00
00 ZDGT............
01c90088 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x220
eax=01ebcff8 ebx=00000002 ecx=00000040 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=01ebfe5c ebp=01ebfea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0293d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01EBFEA8 77E12A00 01EBFE80 00000001 00000000 01EBFEA0
ntdll!NtWaitForMultipleObjects
01EBFF04 77E12A77 01EBFED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
01EBFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
01EBFF74 70C1AB1B 01EBFFA0 01EBFFA4 01EBFFA8 01EBFF9C !
Ordinal265
01EBFFAC 70C1ACDF 00000000 77E887DD 00000000 7FFAD000 !
Ordinal293
01EBFFEC 00000000 70C1ACAF 00000000 00000000 000000C8 !
Ordinal293
*----> Raw Stack Dump <----*
01ebfe5c b7 7a e8 77 02 00 00 00 - 80 fe eb 01 01 00 00
00 .z.w............
01ebfe6c 00 00 00 00 a0 fe eb 01 - 00 00 00 00 00 00 00
00 ................
01ebfe7c 02 00 00 00 d4 01 00 00 - 88 04 00 00 90 4f a5
77 .............O.w
01ebfe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 a0 fe eb
01 ................
01ebfe9c 00 00 00 00 00 ba 3c dc - ff ff ff ff 04 ff eb
01 ......<.........
01ebfeac 00 2a e1 77 80 fe eb 01 - 01 00 00 00 00 00 00
00 .*.w............
01ebfebc a0 fe eb 01 00 00 00 00 - 60 ea 00 00 18 bb c2
70 ........`......p
01ebfecc 00 00 00 00 d4 01 00 00 - 88 04 00 00 84 ff eb
01 ................
01ebfedc 4f 7a 2e 73 00 00 16 71 - 74 ff eb 01 00 d0 fa
7f Oz.s...qt.......
01ebfeec 18 bb c2 70 00 00 00 00 - 00 00 00 00 cc b6 fa
7f ...p............
01ebfefc 00 00 00 00 88 04 00 00 - 20 ff eb 01 77 2a e1
77 ........ ...w*.w
01ebff0c d0 fe eb 01 38 bb c2 70 - 60 ea 00 00 41 00 00
00 ....8..p`...A...
01ebff1c 00 00 00 00 74 ff eb 01 - 93 a7 c1 70 01 00 00
00 ....t......p....
01ebff2c 38 bb c2 70 00 00 00 00 - 60 ea 00 00 41 00 00
00 8..p....`...A...
01ebff3c 00 d0 fa 7f 18 bb c2 70 - 00 00 00 00 00 00 00
00 .......p........
01ebff4c 00 00 00 00 00 00 00 00 - 84 ff eb 01 f6 fe 20
70 .............. p
01ebff5c e5 03 00 00 8c ff eb 01 - 99 82 53 00 18 bb c2
70 ..........S....p
01ebff6c 60 ea 00 00 01 00 00 00 - ac ff eb 01 1b ab c1
70 `..............p
01ebff7c a0 ff eb 01 a4 ff eb 01 - a8 ff eb 01 9c ff eb
01 ................
01ebff8c 60 ea 00 00 00 d0 fa 7f - 00 00 bd 70 00 00 00
00 `..........p....
State Dump for Thread Id 0x530
eax=70d6aaf0 ebx=01f4ff74 ecx=01857100 edx=00000000
esi=77f8377b edi=00000490
eip=77f83786 esp=01f4ff58 ebp=01f4ff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:029cd52b=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01F4FF7C 77E87837 00000490 000927C0 00000000 70CFD855
ntdll!NtWaitForSingleObject
77F8316D 4AFFC033 E0850F08 89000005 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
State Dump for Thread Id 0x540
eax=037dcff8 ebx=00000002 ecx=00000040 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=037dfe5c ebp=037dfea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0425d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
037DFEA8 77E12A00 037DFE80 00000001 00000000 037DFEA0
ntdll!NtWaitForMultipleObjects
037DFF04 77E12A77 037DFED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
037DFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
037DFF74 70C1AB1B 037DFFA0 037DFFA4 037DFFA8 037DFF9C !
Ordinal265
037DFFAC 70C1ACDF 00000000 77E887DD 00000000 7FFDB000 !
Ordinal293
037DFFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x544
eax=0381cff8 ebx=00000002 ecx=00000040 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=0381fe5c ebp=0381fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0429d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0381FEA8 77E12A00 0381FE80 00000001 00000000 0381FEA0
ntdll!NtWaitForMultipleObjects
0381FF04 77E12A77 0381FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
0381FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
0381FF74 70C1AB1B 0381FFA0 0381FFA4 0381FFA8 0381FF9C !
Ordinal265
0381FFAC 70C1ACDF 00000000 77E887DD 00000000 00030002 !
Ordinal293
0381FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x548
eax=0386f27c ebx=0386f26c ecx=00000002 edx=0015a8c8
esi=00000000 edi=0015a8c8
eip=70dcf39f esp=0386f214 ebp=0386f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:042ec7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:042ec84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:0015a8c8=0015a660
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:042ec7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:0015a8c8=60
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:042ec7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:0386f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:042ec7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:042ec7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:042ec84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:042ec84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0386F224 702BE5B6 039086E4 0000000E 0386F27C 0015A8C8 !
DllGetClassObject
0386F248 10001B67 000FDCB0 0000000E 0386F27C 00000001 !
RegisterFormatEnumerator
0386F2C0 702B6223 00000000 00165F90 000FDE50 00000000 !
<nosymbols>
0386F2E8 702D1A5A 000FDCA8 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
0386F318 702BA988 000FDCA8 00000016 00165F90 702BA95D !
DllGetClassObject
0386F354 702C59C3 00000016 0386F5C0 00000000 038FEA58 !
CoInternetQueryInfo
0386F7D0 702BB3AF 00000000 038FEA58 038FEA68 702BB372 !
FindMediaTypeClass
0386F7FC 702B8EF8 00000000 0014E5F8 000FDCA8 000FDCB0 !
IsAsyncMoniker
0386F824 702B7DA6 000FDE50 0014E5F8 000FDCA8 000FDCB0 !
FindMediaType
0386F86C 70D495F1 000FDCA8 0014E5F8 03908704 00000000 !
CreateAsyncBindCtxEx
0386FAC0 70D4943E 0014E5F8 873F0000 0386FBE4 0186BBA0 !
DllGetClassObject
0386FADC 70D493A1 0386FBE4 0186BBB4 873F0000 0186BBA0 !
DllGetClassObject
0386FB00 70D4E77C 0386FBE4 0186B540 00001FDD 873F0000 !
DllGetClassObject
0386FB50 70D4AB9F 0186BF00 0186B540 00000000 00000000 !
DllGetClassObject
0386FB74 70D4AAC1 0186B6E0 00000001 00000000 0386FBE4 !
DllGetClassObject
0386FBCC 70D50AF3 0186B6E0 00000000 10000000 0016EA68 !
DllGetClassObject
0386FCE4 00000000 00400000 0186B9A0 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
0386f214 00 00 00 00 7c f2 86 03 - 54 de 0f 00 00 00 00
00 ....|...T.......
0386f224 48 f2 86 03 b6 e5 2b 70 - e4 86 90 03 0e 00 00
00 H.....+p........
0386f234 7c f2 86 03 c8 a8 15 00 - 6c f2 86 03 00 00 00
00 |.......l.......
0386f244 4c 00 0d 04 c0 f2 86 03 - 67 1b 00 10 b0 dc 0f
00 L.......g.......
0386f254 0e 00 00 00 7c f2 86 03 - 01 00 00 00 6c f2 86
03 ....|.......l...
0386f264 b0 dc 0f 00 0d 30 2c 70 - 00 00 00 00 90 5f 16
00 .....0,p....._..
0386f274 54 de 0f 00 b0 dc 0f 00 - 06 00 00 00 90 f2 86
03 T...............
0386f284 54 de 0f 00 00 00 00 00 - a8 dc 0f 00 14 00 00
00 T...............
0386f294 00 00 00 00 50 de 0f 00 - 00 00 00 00 00 00 00
00 ....P...........
0386f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
0386f2b4 50 00 0d 04 30 25 0b 00 - 4c 00 0d 04 e8 f2 86
03 P...0%..L.......
0386f2c4 23 62 2b 70 00 00 00 00 - 90 5f 16 00 50 de 0f
00 #b+p....._..P...
0386f2d4 00 00 00 00 00 00 00 00 - a8 dc 0f 00 00 00 00
00 ................
0386f2e4 00 00 00 00 18 f3 86 03 - 5a 1a 2d 70 a8 dc 0f
00 ........Z.-p....
0386f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0386f304 90 5f 16 00 00 00 00 00 - 00 00 00 00 14 eb 8f
03 ._..............
0386f314 58 ea 8f 03 54 f3 86 03 - 88 a9 2b 70 a8 dc 0f
00 X...T.....+p....
0386f324 16 00 00 00 90 5f 16 00 - 5d a9 2b 70 f0 2b 0b
00 ....._..].+p.+..
0386f334 16 00 00 00 90 5f 16 00 - 04 01 00 00 58 ea 8f
03 ....._......X...
0386f344 00 00 00 00 01 00 00 00 - 05 40 00 80 90 5f 16
00 .........@..._..
State Dump for Thread Id 0x550
eax=00000000 ebx=ffffffff ecx=000f7258 edx=00000000
esi=7fffffff edi=00000102
eip=77f83786 esp=0401facc ebp=0401fb04 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:04a9d09f=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0401FB04 74FD7EE6 00000788 00000778 00000000 00000004
ntdll!NtWaitForSingleObject
0401FBF0 75031DA9 00000001 0401FE84 0401FC7C 0401FD80
msafd!WSPSetSockOpt
0401FC54 7021E1F5 00000001 0401FE84 0401FC7C 0401FD80
ws2_32!select
0401FFB0 7021E35B 77E887DD 038E5910 00000000 7FFDF000 !
InternetGetConnectedStateExW
0401FFEC 00000000 00000000 00000000 00000000 00000000 !
InternetGetConnectedStateExW
*----> Raw Stack Dump <----*
0401facc d2 bc fd 74 88 07 00 00 - 01 00 00 00 f0 fa 01
04 ...t............
0401fadc 84 fe 01 04 78 fb 01 04 - 68 fb 01 04 90 95 b3
2d ....x...h......-
0401faec 59 94 c3 01 ff ff ff ff - ff ff ff 7f e8 56 8e
03 Y............V..
0401fafc 00 00 00 00 00 00 00 00 - f0 fb 01 04 e6 7e fd
74 .............~.t
0401fb0c 88 07 00 00 78 07 00 00 - 00 00 00 00 04 00 00
00 ....x...........
0401fb1c 80 fd 01 04 c0 0c 10 00 - 7c fc 01 04 00 00 00
00 ........|.......
0401fb2c 00 00 00 00 80 0f 05 fd - ff ff ff ff ff ff ff
ff ................
0401fb3c dc fb 01 04 40 b7 fc 77 - b8 0c 07 00 f8 a9 0f
00 [email protected]........
0401fb4c 5c 90 27 70 f8 a9 0f 00 - f8 a9 0f 00 00 00 00
00 \.'p............
0401fb5c 00 00 00 00 00 00 00 00 - 00 00 00 00 80 0f 05
fd ................
0401fb6c ff ff ff ff 01 00 00 00 - 00 56 8e 03 78 07 00
00 .........V..x...
0401fb7c 19 00 00 00 88 67 15 00 - 30 00 00 00 00 00 00
00 .....g..0.......
0401fb8c 18 bb c2 70 00 00 07 00 - 04 00 00 00 00 2b f8
77 ...p.........+.w
0401fb9c 08 36 f8 77 ff ff ff ff - 01 53 f8 77 00 00 07
00 .6.w.....S.w....
0401fbac e8 56 8e 03 00 aa 0f 00 - 00 00 00 00 68 fb 01
04 .V..........h...
0401fbbc 2c 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ,...............
0401fbcc 00 00 00 00 10 00 00 00 - 84 fb 01 04 1c fb 01
04 ................
0401fbdc 24 fc 01 04 44 fc 01 04 - 36 df fd 74 78 30 fd
74 $...D...6..tx0.t
0401fbec ff ff ff ff 54 fc 01 04 - a9 1d 03 75 01 00 00
00 ....T......u....
0401fbfc 84 fe 01 04 7c fc 01 04 - 80 fd 01 04 88 ff 01
04 ....|...........
State Dump for Thread Id 0x54c
eax=778321fe ebx=00000004 ecx=7ffa9000 edx=00000000
esi=77f837a7 edi=00000004
eip=77f837b2 esp=0405fd24 ebp=0405fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:04add2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0405FD70 77E8A31D 0405FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0405FFB4 77E887DD 00000005 038EFF5C 7FFA9000 000ECC90
kernel32!WaitForMultipleObjects
0405FFEC 00000000 778321FE 000ECC90 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0405fd24 b7 7a e8 77 04 00 00 00 - 48 fd 05 04 01 00 00
00 .z.w....H.......
0405fd34 00 00 00 00 00 00 00 00 - 01 00 00 00 90 cc 0e
00 ................
0405fd44 01 00 00 00 28 07 00 00 - 60 07 00 00 70 07 00
00 ....(...`...p...
0405fd54 c4 06 00 00 01 00 00 00 - 04 f2 59 81 a8 fa 26
b7 ..........Y...&.
0405fd64 54 1d 49 80 93 20 49 80 - e8 f1 59 81 b4 ff 05
04 T.I.. I...Y.....
0405fd74 1d a3 e8 77 48 fd 05 04 - 01 00 00 00 00 00 00
00 ...wH...........
0405fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 04 00 00
00 .........".w....
0405fd94 b0 fe 05 04 00 00 00 00 - ff ff ff ff 90 cc 0e
00 ................
0405fda4 00 90 fa 7f 5c ff 8e 03 - 78 52 4a 80 e8 f1 59
81 ....\...xRJ...Y.
0405fdb4 00 00 00 00 00 00 00 00 - 01 00 00 00 38 00 00
00 ............8...
0405fdc4 23 00 00 00 23 00 00 00 - 5c ff 8e 03 00 90 fa
7f #...#...\.......
0405fdd4 90 cc 0e 00 00 90 fa 7f - 00 90 fa 7f fe 21 83
77 .............!.w
0405fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
0405fdf4 fc ff 05 04 23 00 00 00 - 8c 4f 45 80 80 fb 26
b7 ....#....OE...&.
0405fe04 08 24 49 81 08 24 49 81 - 40 00 00 00 24 fb 26
b7 .$I..$I.@...$.&.
0405fe14 d0 f8 44 80 00 5b 57 81 - 00 00 00 00 00 00 00
00 ..D..[W.........
0405fe24 08 6a 57 81 a6 24 49 80 - 41 e8 00 00 18 f6 a1
81 .jW..$I.A.......
0405fe34 00 07 00 00 ae cc 44 80 - 41 e8 00 00 18 f6 a1
81 ......D.A.......
0405fe44 41 e8 00 00 18 f6 a1 81 - 01 42 fd 7f 6b 01 00
00 A........B..k...
0405fe54 41 d6 44 80 6b 01 00 00 - 30 5c 57 81 00 40 fd
7f A.D.k...0\W..@..
State Dump for Thread Id 0x404
eax=74fd4766 ebx=00101610 ecx=732f0ca0 edx=00000000
esi=74fe93a0 edi=00000000
eip=77f837dc esp=040bff84 ebp=040bffb4 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: ZwRemoveIoCompletion
77f837d1 b8a8000000 mov eax,0xa8
77f837d6 8d542404 lea edx,
[esp+0x4] ss:04b3d557=????????
77f837da cd2e int 2e
77f837dc c21400 ret 0x14
77f837df 53 push ebx
77f837e0 f7e1 mul ecx
77f837e2 8bd8 mov ebx,eax
77f837e4 8b442408 mov eax,
[esp+0x8] ss:04b3d557=????????
77f837e8 f7642414 mul dword ptr
[esp+0x14] ss:04b3d557=????????
77f837ec 03d8 add ebx,eax
77f837ee 8b442408 mov eax,
[esp+0x8] ss:04b3d557=????????
77f837f2 f7e1 mul ecx
77f837f4 03d3 add edx,ebx
77f837f6 5b pop ebx
77f837f7 c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
040BFFB4 77E887DD 74FD5F4B 7FFA9000 037DF7AC 00101610
ntdll!ZwRemoveIoCompletion
040BFFEC 00000000 74FD4766 00101610 00000000 000000C8
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
040bff84 b8 47 fd 74 b8 06 00 00 - bc ff 0b 04 b0 ff 0b
04 .G.t............
040bff94 a4 ff 0b 04 28 2c fd 74 - 00 90 fa 7f ac f7 7d
03 ....(,.t......}.
040bffa4 41 02 00 c0 00 00 00 00 - 00 00 fd 74 f8 2a 15
00 A..........t.*..
040bffb4 ec ff 0b 04 dd 87 e8 77 - 4b 5f fd 74 00 90 fa
7f .......wK_.t....
040bffc4 ac f7 7d 03 10 16 10 00 - 00 30 fa 7f a0 0c 2f
73 ..}......0..../s
040bffd4 c0 ff 0b 04 a0 0c 2f 73 - ff ff ff ff 56 18 ea
77 ....../s....V..w
040bffe4 88 ae e8 77 00 00 00 00 - 00 00 00 00 00 00 00
00 ...w............
040bfff4 66 47 fd 74 10 16 10 00 - 00 00 00 00 c8 00 00
00 fG.t............
040c0004 00 01 00 00 ff ee ff ee - 02 10 00 00 00 00 00
00 ................
040c0014 00 fe 00 00 00 00 20 00 - 00 20 00 00 00 02 00
00 ...... .. ......
040c0024 00 20 00 00 15 04 00 00 - ff ef fd 7f 19 00 08
06 . ..............
040c0034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
040c0044 a8 05 0c 04 0f 00 00 00 - f8 ff ff ff 50 00 0c
04 ............P...
040c0054 50 00 0c 04 40 06 0c 04 - 00 00 0d 04 00 00 00
00 P...@...........
040c0064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
040c0074 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
040c0084 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
040c0094 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
040c00a4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
040c00b4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
Application exception occurred:
App: explorer.exe (pid=1272)
When: 10/17/2003 @ 10:53:45.843
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
392 svchost.exe
424 spoolsv.exe
452 defwatch.exe
468 svchost.exe
496 nslsvice.exe
508 nsl.exe
520 rtvscan.exe
572 regsvc.exe
588 mstask.exe
608 stisvc.exe
672 WinMgmt.exe
708 mspmspsv.exe
720 svchost.exe
1056 igfxtray.exe
1060 hkcmd.exe
1044 vptray.exe
1216 FINDFAST.exe
1224 OSA.exe
1292 ipmsg2.02.exe
1272 explorer.exe
1184 DRWTSN32.exe
0 _Total.exe
(00400000 - 0043E000)
(77F80000 - 77FFB000)
(77DB0000 - 77E0D000)
(77E80000 - 77F36000)
(77D30000 - 77D9E000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(70BD0000 - 70C35000)
(78000000 - 78046000)
(71710000 - 71794000)
(732E0000 - 73305000)
(23000000 - 23056000)
(782F0000 - 78536000)
(77A50000 - 77B3C000)
(775A0000 - 77625000)
(779B0000 - 77A4B000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(71000000 - 71149000)
(71160000 - 7125D000)
(77C10000 - 77C6E000)
(76DF0000 - 76E01000)
(76620000 - 76630000)
(75160000 - 7516C000)
(75210000 - 75225000)
(751D0000 - 75208000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(75030000 - 75043000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(76F20000 - 76F95000)
(70340000 - 70381000)
(766D0000 - 766E8000)
(76740000 - 76748000)
(77880000 - 7790D000)
(766F0000 - 766F7000)
(77570000 - 775A0000)
(770F0000 - 772ED000)
(77560000 - 77569000)
(77400000 - 77408000)
(77410000 - 77423000)
(76290000 - 762CB000)
(6DE80000 - 6DEE3000)
(76710000 - 76719000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(71960000 - 71972000)
(71F00000 - 71F4D000)
(6A8F0000 - 6A910000)
(74870000 - 74886000)
(70020000 - 70025000)
(702B0000 - 7032A000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(70440000 - 704CF000)
(70C50000 - 70EFD000)
(718C0000 - 71944000)
(75AC0000 - 75AE8000)
(658F0000 - 65A04000)
(70510000 - 7051A000)
(6AC20000 - 6AC58000)
(76B30000 - 76B6D000)
(020C0000 - 020D8000)
(66650000 - 666A4000)
(6B700000 - 6B790000)
(75E60000 - 75E7A000)
(70F30000 - 70F9E000)
(69BF0000 - 69C0D000)
(77800000 - 7781E000)
(77BF0000 - 77C01000)
(16200000 - 16206000)
(10000000 - 1000C000)
(02C70000 - 02C7A000)
(76930000 - 7695B000)
(77920000 - 77943000)
(03810000 - 03846000)
(03850000 - 0386D000)
(703D0000 - 703EB000)
(66D20000 - 66D51000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(03E30000 - 03E47000)
State Dump for Thread Id 0x548
eax=000021ff ebx=00000001 ecx=00000000 edx=00000000
esi=00094b50 edi=00000000
eip=77e12268 esp=0006ff00 ebp=0006ff1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:00aed4d3=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006FF1C 7832B0E5 00000000 004018DF 00094B50 0074006E
user32!WaitMessage
0006FF60 00401621 00000060 00000000 00020644 00000005
shell32!Ordinal201
0006FFC0 77E9CA90 0074006E 0041005C 7FFDF000 00000065
explorer!<nosymbols>
0006FFF0 00000000 004015A8 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006ff00 56 b1 32 78 8e 76 e8 77 - 50 4b 09 00 01 00 00
00 V.2x.v.wPK......
0006ff10 50 4b 09 00 50 4b 09 00 - 60 ff 06 00 60 ff 06
00 PK..PK..`...`...
0006ff20 e5 b0 32 78 00 00 00 00 - df 18 40 00 50 4b 09
00 [email protected]..
0006ff30 6e 00 74 00 44 06 02 00 - 00 f0 fd 7f 90 26 36
81 n.t.D........&6.
0006ff40 78 a1 e8 77 ff ff ff ff - 0c 00 00 00 44 06 02
00 x..w........D...
0006ff50 b3 a1 e8 77 02 00 00 00 - 01 9e 53 00 e0 ff 06
00 ...w......S.....
0006ff60 c0 ff 06 00 21 16 40 00 - 60 00 00 00 00 00 00
00 ....!.@.`.......
0006ff70 44 06 02 00 05 00 00 00 - 5c 00 41 00 44 00 00
00 D.......\.A.D...
0006ff80 78 57 07 00 90 62 07 00 - a8 62 07 00 00 00 00
00 xW...b...b......
0006ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 56 18 ea
77 ............V..w
0006ffa0 f0 7f e8 77 ff ff ff ff - 01 00 00 00 05 00 00
00 ...w............
0006ffb0 00 00 00 00 ff ff ff ff - ff ff ff ff ff ff ff
ff ................
0006ffc0 f0 ff 06 00 90 ca e9 77 - 6e 00 74 00 5c 00 41
00 .......wn.t.\.A.
0006ffd0 00 f0 fd 7f 65 00 00 00 - c8 ff 06 00 65 00 00
00 ....e.......e...
0006ffe0 ff ff ff ff 56 18 ea 77 - 98 ca e9 77 00 00 00
00 ....V..w...w....
0006fff0 00 00 00 00 00 00 00 00 - a8 15 40 00 00 00 00
00 ..........@.....
00070000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 00 00
00 ................
00070010 00 00 00 00 00 fe 00 00 - 00 00 20 00 00 20 00
00 .......... .. ..
00070020 00 02 00 00 00 20 00 00 - 29 ad 00 00 ff ef fd
7f ..... ..).......
00070030 01 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x1bc
eax=77d32778 ebx=00000000 ecx=00083fe0 edx=00000000
esi=000864c0 edi=00000100
eip=77f83bb8 esp=00dcfe28 ebp=00dcff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:0184d3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00DCFF74 77D56D9E 77D39AD0 000864C0 40085FB8 00000070
ntdll!NtReplyWaitReceivePortEx
00DCFFA8 77D41C6C 00079288 00DCFFEC 77E887DD 000851A0
rpcrt4!TowerConstruct
00DCFFB4 77E887DD 000851A0 40085FB8 00000070 000851A0
rpcrt4!I_RpcServerInqTransportType
00DCFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x550
eax=77d34e00 ebx=00000102 ecx=0000001b edx=00000000
esi=77f8318c edi=00e0ff74
eip=77f83197 esp=00e0ff60 ebp=00e0ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0188d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00E0FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
State Dump for Thread Id 0x540
eax=fffffff0 ebx=00000000 ecx=002301f8 edx=00000000
esi=00000000 edi=00000000
eip=77e12268 esp=00e4ff2c ebp=00e4ff4c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:018cd4ff=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00E4FF4C 00403743 70C0C464 00400000 0035002D 0032002D
user32!WaitMessage
00E4FFB4 77E887DD 00000000 0035002D 0032002D 0006FEE0
explorer!<nosymbols>
00E4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x544
eax=00e9f91c ebx=00000009 ecx=00e9fb70 edx=00000000
esi=77f837a7 edi=00000009
eip=77f837b2 esp=00e9fd98 ebp=00e9fde4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0191d36b=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00E9FDE4 77E12A00 02190FD8 00000001 00000000 00E9FDDC
ntdll!NtWaitForMultipleObjects
00E9FE40 77E12A77 00E9FE0C 00E9FEB8 000007D0 000000FF
user32!MsgWaitForMultipleObjectsEx
00E9FE5C 7832A4D2 00000008 00E9FEB8 00000000 000007D0
user32!MsgWaitForMultipleObjects
7840E540 FFFFFFFF 00000000 00000000 00000204 00000000
shell32!Ordinal200
77FD0000 7840E540 77FD0028 77FCFFE8 00000032 00000032
<nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000
shell32!<nosymbols>
State Dump for Thread Id 0x220
eax=014cf000 ebx=00000002 ecx=000b8140 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00edfe5c ebp=00edfea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0195d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00EDFEA8 77E12A00 00EDFE80 00000001 00000000 00EDFEA0
ntdll!NtWaitForMultipleObjects
00EDFF04 77E12A77 00EDFED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00EDFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00EDFF74 70C1AB1B 00EDFFA0 00EDFFA4 00EDFFA8 00EDFF9C !
Ordinal265
00EDFFAC 70C1ACDF 00000000 77E887DD 00000000 7FFDE000 !
Ordinal293
00EDFFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x528
eax=00000066 ebx=00000002 ecx=00000040 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00f1fe5c ebp=00f1fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0199d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00F1FEA8 77E12A00 00F1FE80 00000001 00000000 00F1FEA0
ntdll!NtWaitForMultipleObjects
00F1FF04 77E12A77 00F1FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00F1FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00F1FF74 70C1AB1B 00F1FFA0 00F1FFA4 00F1FFA8 00F1FF9C !
Ordinal265
00F1FFAC 70C1ACDF 00000000 77E887DD 00000000 7FFDE000 !
Ordinal293
00F1FFEC 00000000 70C1ACAF 00000000 00000000 000000C8 !
Ordinal293
*----> Raw Stack Dump <----*
00f1fe5c b7 7a e8 77 02 00 00 00 - 80 fe f1 00 01 00 00
00 .z.w............
00f1fe6c 00 00 00 00 a0 fe f1 00 - 00 00 00 00 00 00 00
00 ................
00f1fe7c 02 00 00 00 c0 01 00 00 - 4c 02 00 00 90 4f a5
77 ........L....O.w
00f1fe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 a0 fe f1
00 ................
00f1fe9c 00 00 00 00 00 ba 3c dc - ff ff ff ff 04 ff f1
00 ......<.........
00f1feac 00 2a e1 77 80 fe f1 00 - 01 00 00 00 00 00 00
00 .*.w............
00f1febc a0 fe f1 00 00 00 00 00 - 60 ea 00 00 18 bb c2
70 ........`......p
00f1fecc 00 00 00 00 c0 01 00 00 - 4c 02 00 00 84 ff f1
00 ........L.......
00f1fedc 4f 7a 2e 73 00 00 16 71 - 74 ff f1 00 00 e0 fd
7f Oz.s...qt.......
00f1feec 18 bb c2 70 00 00 00 00 - 00 00 00 00 cc 86 fd
7f ...p............
00f1fefc 00 00 00 00 4c 02 00 00 - 20 ff f1 00 77 2a e1
77 ....L... ...w*.w
00f1ff0c d0 fe f1 00 38 bb c2 70 - 60 ea 00 00 41 00 00
00 ....8..p`...A...
00f1ff1c 00 00 00 00 74 ff f1 00 - 93 a7 c1 70 01 00 00
00 ....t......p....
00f1ff2c 38 bb c2 70 00 00 00 00 - 60 ea 00 00 41 00 00
00 8..p....`...A...
00f1ff3c 00 e0 fd 7f 18 bb c2 70 - 00 00 00 00 00 00 00
00 .......p........
00f1ff4c 00 00 00 00 48 b8 09 00 - b0 b0 b2 77 60 eb a7
77 ....H......w`..w
00f1ff5c 00 00 00 00 00 e0 fd 7f - e9 13 58 00 18 bb c2
70 ..........X....p
00f1ff6c 60 ea 00 00 01 00 00 00 - ac ff f1 00 1b ab c1
70 `..............p
00f1ff7c a0 ff f1 00 a4 ff f1 00 - a8 ff f1 00 9c ff f1
00 ................
00f1ff8c 60 ea 00 00 00 e0 fd 7f - 00 00 bd 70 00 00 00
00 `..........p....
State Dump for Thread Id 0x538
eax=000000c0 ebx=00e4fccc ecx=00000000 edx=00000000
esi=00000400 edi=00000000
eip=77f83197 esp=0110ffa0 ebp=0110ffb4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b
gs=0000 efl=00000246
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:01b8d573=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0110FFB4 77E887DD 00E4FCCC 00000000 00000400 00E4FCCC
ntdll!NtDelayExecution
0110FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x408
eax=0114fa34 ebx=00000000 ecx=000a2f50 edx=00000000
esi=0114fed8 edi=00000000
eip=77e11d6b esp=0114fe98 ebp=0114feb0 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:01bcd46b=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:01bcd46b=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:01bcd46b=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0114FEB0 76F21AFB 0114FED8 00000000 00000000 00000000
user32!TranslateMessageEx
00000001 00000000 00000000 00000000 00000000 00000000
netshell!DllGetClassObject
State Dump for Thread Id 0x530
eax=0118fd70 ebx=77e1bfad ecx=0047cf30 edx=00000000
esi=0118fd70 edi=77e11dba
eip=77e11d6b esp=0118fd04 ebp=0118fd1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:01c0d2d7=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:01c0d2d7=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:01c0d2d7=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0118FD1C 766D193C 0118FD70 00000000 00000000 00000000
user32!TranslateMessageEx
0118FD90 766D182F 0002011A 00000000 766D2A8C 00000001
stobject!DllGetClassObject
0118FFB4 77E887DD 00000000 00E4FAA0 77F82B95 00000000
stobject!DllGetClassObject
0118FFEC 00000000 766D17EA 00000000 00000000 00040000
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0118fd04 e1 1d e1 77 70 fd 18 01 - 00 00 00 00 00 00 00
00 ...wp...........
0118fd14 00 00 00 00 00 00 00 00 - 90 fd 18 01 3c 19 6d
76 ............<.mv
0118fd24 70 fd 18 01 00 00 00 00 - 00 00 00 00 00 00 00
00 p...............
0118fd34 a0 fa e4 00 00 00 6d 76 - 00 00 00 00 30 00 00
00 ......mv....0...
0118fd44 00 40 00 00 00 13 6d 76 - 00 00 00 00 1e 00 00
00 [email protected]........
0118fd54 00 00 6d 76 61 00 06 00 - 11 00 01 00 10 00 00
00 ..mva...........
0118fd64 00 00 00 00 b0 28 6d 76 - 00 00 00 00 1a 01 02
00 .....(mv........
0118fd74 1d 00 00 00 00 00 00 00 - 00 00 00 00 4f 22 55
00 ............O"U.
0118fd84 1d 02 00 00 4a 02 00 00 - 00 00 00 00 b4 ff 18
01 ....J...........
0118fd94 2f 18 6d 76 1a 01 02 00 - 00 00 00 00 8c 2a 6d
76 /.mv.........*mv
0118fda4 01 00 00 00 95 2b f8 77 - 43 00 3a 00 5c 00 57
00 .....+.wC.:.\.W.
0118fdb4 49 00 4e 00 4e 00 54 00 - 5c 00 73 00 79 00 73
00 I.N.N.T.\.s.y.s.
0118fdc4 74 00 65 00 6d 00 33 00 - 32 00 5c 00 73 00 74
00 t.e.m.3.2.\.s.t.
0118fdd4 6f 00 62 00 6a 00 65 00 - 63 00 74 00 2e 00 64
00 o.b.j.e.c.t...d.
0118fde4 6c 00 6c 00 00 00 e8 77 - 1b 00 00 00 00 02 00
00 l.l....w........
0118fdf4 fc ff 18 01 23 00 00 00 - 00 01 00 00 fc fc fc
fc ....#...........
0118fe04 fc fc fc fc 04 00 00 00 - 00 01 00 00 00 00 00
ec ................
0118fe14 ec ec ec ec 00 00 00 00 - 00 01 00 00 00 00 00
00 ................
0118fe24 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0118fe34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x52c
eax=00000000 ebx=00000000 ecx=000a64f8 edx=00000000
esi=000864c0 edi=00000100
eip=77f83bb8 esp=0121fe28 ebp=0121ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:01c9d3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0121FF74 77D56D9E 77D39AD0 000864C0 00000000 00000000
ntdll!NtReplyWaitReceivePortEx
0121FFA8 77D41C6C 00079288 0121FFEC 77E887DD 000A0380
rpcrt4!TowerConstruct
0121FFB4 77E887DD 000A0380 00000000 00000000 000A0380
rpcrt4!I_RpcServerInqTransportType
0121FFEC 00000000 77D41C54 000A0380 00000000 000000C8
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0121fe28 d4 74 d5 77 2c 01 00 00 - 54 ff 21 01 00 00 00
00 .t.w,...T.!.....
0121fe38 f0 c5 0a 00 58 ff 21 01 - 10 92 07 00 88 b2 09
00 ....X.!.........
0121fe48 6d 31 f8 77 00 00 00 00 - 01 99 44 81 74 ab 47
b7 m1.w......D.t.G.
0121fe58 78 b1 46 80 00 00 00 00 - a8 0c 46 81 a8 0c 46
81 x.F.......F...F.
0121fe68 00 00 00 00 01 00 00 00 - 00 50 45 80 00 00 00
00 .........PE.....
0121fe78 01 99 44 01 98 ab 47 b7 - e2 ac 46 80 00 00 00
00 ..D...G...F.....
0121fe88 00 00 00 00 a3 00 42 80 - a8 0c 46 81 08 76 47
81 ......B...F..vG.
0121fe98 00 00 00 00 a8 0c 46 81 - f0 75 47 81 00 00 00
00 ......F..uG.....
0121fea8 a8 0c 46 81 0c ac 47 b7 - c6 54 42 80 a8 0c 46
81 ..F...G..TB...F.
0121feb8 d4 4b 06 80 00 4b 06 80 - 00 00 00 00 70 7e 4e
81 .K...K......p~N.
0121fec8 73 35 66 b7 31 06 66 b7 - 0c ac 47 b7 00 00 00
00 s5f.1.f...G.....
0121fed8 ec ab 47 b7 00 4b 06 80 - 6b 00 66 b7 0c ac 47
b7 ..G..K..k.f...G.
0121fee8 f3 ff 65 b7 20 87 47 81 - a8 0c 46 81 a8 0c 46
81 ..e. .G...F...F.
0121fef8 08 76 47 81 ac ab 47 b7 - 3d 00 00 00 f0 ac 47
b7 .vG...G.=.....G.
0121ff08 8c 05 46 80 e8 56 40 80 - ff ff ff ff 34 ac 47
b7 [email protected].
0121ff18 3e 9e 49 80 e8 0c 46 81 - 54 ac 47 b7 48 ac 47
b7 >.I...F.T.G.H.G.
0121ff28 44 ac 47 b7 c0 99 44 81 - a0 e1 49 81 00 00 00
00 D.G...D...I.....
0121ff38 a0 e1 49 81 30 e3 49 81 - 64 ac 47 b7 f3 da 42
80 ..I.0.I.d.G...B.
0121ff48 a4 da 42 80 d4 4b 06 80 - 00 e3 49 81 02 00 05
00 ..B..K....I.....
0121ff58 00 a2 2f 4d ff ff ff ff - 50 fe 21 01 00 00 02
80 ../M....P.!.....
State Dump for Thread Id 0x524
eax=77562bda ebx=00000002 ecx=00000000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=0127ff24 ebp=0127ff70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:01cfd4f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0127FF70 77E8A31D 0127FF48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0127FFB4 77E887DD 00000000 0118EC94 0118F520 00000000
kernel32!WaitForMultipleObjects
0127FFEC 00000000 77562BDA 00000000 00000000 000000C8
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0127ff24 b7 7a e8 77 02 00 00 00 - 48 ff 27 01 01 00 00
00 .z.w....H.'.....
0127ff34 00 00 00 00 00 00 00 00 - 94 ec 18 01 00 00 00
00 ................
0127ff44 00 00 00 00 6c 03 00 00 - 68 03 00 00 00 1f 41
81 ....l...h.....A.
0127ff54 a0 1d 41 81 80 7c 95 b7 - 00 00 00 00 1f ac 46
80 ..A..|........F.
0127ff64 40 6a 89 81 00 00 00 00 - 00 00 00 00 b4 ff 27
01 @j............'.
0127ff74 1d a3 e8 77 48 ff 27 01 - 01 00 00 00 00 00 00
00 ...wH.'.........
0127ff84 00 00 00 00 00 00 00 00 - 1a 2c 56 77 02 00 00
00 .........,Vw....
0127ff94 a4 ff 27 01 00 00 00 00 - ff ff ff ff 20 f5 18
01 ..'......... ...
0127ffa4 6c 03 00 00 68 03 00 00 - 00 00 00 00 00 00 00
00 l...h...........
0127ffb4 ec ff 27 01 dd 87 e8 77 - 00 00 00 00 94 ec 18
01 ..'....w........
0127ffc4 20 f5 18 01 00 00 00 00 - 00 f0 fa 7f 00 00 00
00 ...............
0127ffd4 c0 ff 27 01 00 00 00 00 - ff ff ff ff 56 18 ea
77 ..'.........V..w
0127ffe4 88 ae e8 77 00 00 00 00 - 00 00 00 00 00 00 00
00 ...w............
0127fff4 da 2b 56 77 00 00 00 00 - 00 00 00 00 c8 00 00
00 .+Vw............
01280004 00 01 00 00 ff ee ff ee - 02 00 00 00 00 00 00
00 ................
01280014 00 fe 00 00 00 00 10 00 - 00 20 00 00 00 02 00
00 ......... ......
01280024 00 20 00 00 dc 01 00 00 - ff ef fd 7f 0a 00 08
06 . ..............
01280034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01280044 98 05 28 01 0f 00 00 00 - f8 ff ff ff 50 00 28
01 ..(.........P.(.
01280054 50 00 28 01 40 06 28 01 - 00 00 00 00 00 00 00
00 P.(.@.(.........
State Dump for Thread Id 0x470
eax=00000000 ebx=000493e0 ecx=00085900 edx=00000000
esi=000856f8 edi=000493e0
eip=77f837dc esp=013bfebc ebp=013bfee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: ZwRemoveIoCompletion
77f837d1 b8a8000000 mov eax,0xa8
77f837d6 8d542404 lea edx,
[esp+0x4] ss:01e3d48f=????????
77f837da cd2e int 2e
77f837dc c21400 ret 0x14
77f837df 53 push ebx
77f837e0 f7e1 mul ecx
77f837e2 8bd8 mov ebx,eax
77f837e4 8b442408 mov eax,
[esp+0x8] ss:01e3d48f=????????
77f837e8 f7642414 mul dword ptr
[esp+0x14] ss:01e3d48f=????????
77f837ec 03d8 add ebx,eax
77f837ee 8b442408 mov eax,
[esp+0x8] ss:01e3d48f=????????
77f837f2 f7e1 mul ecx
77f837f4 03d3 add edx,ebx
77f837f6 5b pop ebx
77f837f7 c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
013BFEE4 77D809DA 00000128 013BFF1C 013BFF0C 013BFF14
ntdll!ZwRemoveIoCompletion
013BFF20 77D50EDE 000493E0 013BFF60 013BFF5C 013BFF70
rpcrt4!I_RpcTransGetAddressList
013BFF74 77D50D17 77D39A00 000856F8 00000008 0118F62C
rpcrt4!TowerConstruct
013BFFA8 77D41C6C 000AF7E8 013BFFEC 77E887DD 000AF008
rpcrt4!TowerConstruct
013BFFB4 77E887DD 000AF008 00000008 0118F62C 000AF008
rpcrt4!I_RpcServerInqTransportType
013BFFEC 00000000 77D41C54 000AF008 00000000 00000000
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
013bfebc 2e 79 e8 77 28 01 00 00 - 0c ff 3b 01 fc fe 3b
01 .y.w(.....;...;.
013bfecc dc fe 3b 01 d4 fe 3b 01 - 00 a2 2f 4d ff ff ff
ff ..;...;.../M....
013bfedc 00 51 07 00 d4 50 07 00 - 20 ff 3b 01 da 09 d8
77 .Q...P.. .;....w
013bfeec 28 01 00 00 1c ff 3b 01 - 0c ff 3b 01 14 ff 3b
01 (.....;...;...;.
013bfefc e0 93 04 00 e0 93 04 00 - f8 56 08 00 b2 73 e8
77 .........V...s.w
013bff0c 01 00 00 00 28 01 00 00 - 00 00 00 00 00 00 00
00 ....(...........
013bff1c 00 00 00 00 74 ff 3b 01 - de 0e d5 77 e0 93 04
00 ....t.;....w....
013bff2c 60 ff 3b 01 5c ff 3b 01 - 70 ff 3b 01 58 ff 3b
01 `.;.\.;.p.;.X.;.
013bff3c 64 ff 3b 01 6c ff 3b 01 - 10 92 07 00 e8 f7 0a
00 d.;.l.;.........
013bff4c 08 f0 0a 00 28 01 00 00 - 02 00 00 00 a8 00 00
00 ....(...........
013bff5c 00 00 00 00 00 00 00 00 - 00 00 00 00 01 00 00
00 ................
013bff6c 00 00 00 00 28 01 00 00 - a8 ff 3b 01 17 0d d5
77 ....(.....;....w
013bff7c 00 9a d3 77 f8 56 08 00 - 08 00 00 00 2c f6 18
01 ...w.V......,...
013bff8c 08 f0 0a 00 00 00 00 00 - db 0d 43 80 c0 99 44
81 ..........C...D.
013bff9c 20 c0 42 81 ff ff ff ff - 08 f0 0a 00 b4 ff 3b
01 .B...........;.
013bffac 6c 1c d4 77 e8 f7 0a 00 - ec ff 3b 01 dd 87 e8
77 l..w......;....w
013bffbc 08 f0 0a 00 08 00 00 00 - 2c f6 18 01 08 f0 0a
00 ........,.......
013bffcc 00 e0 fa 7f ce b1 f8 77 - c0 ff 3b 01 ce b1 f8
77 .......w..;....w
013bffdc ff ff ff ff 56 18 ea 77 - 88 ae e8 77 00 00 00
00 ....V..w...w....
013bffec 00 00 00 00 00 00 00 00 - 54 1c d4 77 08 f0 0a
00 ........T..w....
State Dump for Thread Id 0x4f0
eax=00000032 ebx=00000000 ecx=0162f15c edx=00000000
esi=000ab850 edi=00000000
eip=77e12268 esp=0162fcd8 ebp=0162ff28 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:020ad2ab=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0162FF28 71181ACF 00000000 00000218 0006EA1C 000B5D88
user32!WaitMessage
0162FFB4 77E887DD 000B5D88 00000218 0006EA1C 000B5D88 !
Ordinal123
0162FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x4f4
eax=00000000 ebx=01f0ff74 ecx=00000446 edx=00000000
esi=77f8377b edi=00000498
eip=77f83786 esp=01f0ff58 ebp=01f0ff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:0298d52b=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01F0FF7C 77E87837 00000498 000927C0 00000000 70CFD855
ntdll!NtWaitForSingleObject
77F8316D 4AFFC033 E0850F08 89000005 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
State Dump for Thread Id 0x3f0
eax=000ff528 ebx=01f4ff74 ecx=00000008 edx=00000000
esi=77f8377b edi=000004bc
eip=77f83786 esp=01f4ff58 ebp=01f4ff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:029cd52b=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01F4FF7C 77E87837 000004BC 000927C0 00000000 70CFD855
ntdll!NtWaitForSingleObject
77F8316D 4AFFC033 E0850F08 89000005 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
State Dump for Thread Id 0x55c
eax=020bf27c ebx=020bf26c ecx=00000002 edx=0008ddb8
esi=00000000 edi=0008ddb8
eip=70dcf39f esp=020bf214 ebp=020bf224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:02b3c7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:02b3c84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:0008ddb8=0010e450
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:02b3c7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:0008ddb8=50
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:02b3c7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:020bf27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:02b3c7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:02b3c7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:02b3c84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:02b3c84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
020BF224 702BE5B6 021CE9C4 0000000E 020BF27C 0008DDB8 !
DllGetClassObject
020BF248 03E31B67 000CC3F0 0000000E 020BF27C 00000001 !
RegisterFormatEnumerator
020BF2C0 702B6223 00000000 00169E28 000CC590 00000000 !
<nosymbols>
020BF2E8 702D1A5A 000CC3E8 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
020BF318 702BA988 000CC3E8 00000016 00169E28 702BA95D !
DllGetClassObject
020BF354 702C59C3 00000016 020BF5C0 00000000 001477D0 !
CoInternetQueryInfo
020BF7D0 702BB3AF 00000000 001477D0 001477E0 702BB372 !
FindMediaTypeClass
020BF7FC 702B8EF8 00000000 02170BD8 000CC3E8 000CC3F0 !
IsAsyncMoniker
020BF824 702B7DA6 000CC590 02170BD8 000CC3E8 000CC3F0 !
FindMediaType
020BF86C 70D495F1 000CC3E8 02170BD8 021CE9E4 00000000 !
CreateAsyncBindCtxEx
020BFAC0 70D4943E 02170BD8 873F0000 020BFBE4 01B041F0 !
DllGetClassObject
020BFADC 70D493A1 020BFBE4 01B04204 873F0000 01B041F0 !
DllGetClassObject
020BFB00 70D4E77C 020BFBE4 01B02710 00001FDD 873F0000 !
DllGetClassObject
020BFB50 70D4AB9F 01AD0710 01B02710 00000000 00000000 !
DllGetClassObject
020BFB74 70D4AAC1 01B028A0 00000001 00000000 020BFBE4 !
DllGetClassObject
020BFBCC 70D50AF3 01B028A0 00000000 10000000 00121F00 !
DllGetClassObject
020BFCE4 00000000 00400000 01ADFAA0 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
020bf214 00 00 00 00 7c f2 0b 02 - 94 c5 0c 00 00 00 00
00 ....|...........
020bf224 48 f2 0b 02 b6 e5 2b 70 - c4 e9 1c 02 0e 00 00
00 H.....+p........
020bf234 7c f2 0b 02 b8 dd 08 00 - 6c f2 0b 02 00 00 00
00 |.......l.......
020bf244 4c 00 e6 03 c0 f2 0b 02 - 67 1b e3 03 f0 c3 0c
00 L.......g.......
020bf254 0e 00 00 00 7c f2 0b 02 - 01 00 00 00 6c f2 0b
02 ....|.......l...
020bf264 f0 c3 0c 00 0d 30 2c 70 - 00 00 00 00 28 9e 16
00 .....0,p....(...
020bf274 94 c5 0c 00 f0 c3 0c 00 - 06 00 00 00 90 f2 0b
02 ................
020bf284 94 c5 0c 00 00 00 00 00 - e8 c3 0c 00 14 00 00
00 ................
020bf294 00 00 00 00 90 c5 0c 00 - 00 00 00 00 00 00 00
00 ................
020bf2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
020bf2b4 50 00 e6 03 b8 66 0b 00 - 4c 00 e6 03 e8 f2 0b
02 P....f..L.......
020bf2c4 23 62 2b 70 00 00 00 00 - 28 9e 16 00 90 c5 0c
00 #b+p....(.......
020bf2d4 00 00 00 00 00 00 00 00 - e8 c3 0c 00 00 00 00
00 ................
020bf2e4 00 00 00 00 18 f3 0b 02 - 5a 1a 2d 70 e8 c3 0c
00 ........Z.-p....
020bf2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
020bf304 28 9e 16 00 00 00 00 00 - 00 00 00 00 8c 78 14
00 (............x..
020bf314 d0 77 14 00 54 f3 0b 02 - 88 a9 2b 70 e8 c3 0c
00 .w..T.....+p....
020bf324 16 00 00 00 28 9e 16 00 - 5d a9 2b 70 10 ce 13
02 ....(...].+p....
020bf334 16 00 00 00 28 9e 16 00 - 04 01 00 00 d0 77 14
00 ....(........w..
020bf344 00 00 00 00 01 00 00 00 - 05 40 00 80 28 9e 16
00 .........@..(...
State Dump for Thread Id 0x10c
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000
esi=000c9838 edi=00000000
eip=77e12268 esp=02f5fcd8 ebp=02f5ff28 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b
gs=0000 efl=00000202
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:039dd2ab=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
02F5FF28 71181ACF 00000000 00073400 02020EA4 0009A5C0
user32!WaitMessage
02F5FFB4 77E887DD 0009A5C0 00073400 02020EA4 0009A5C0 !
Ordinal123
02F5FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x474
eax=00000000 ebx=00000002 ecx=01010101 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=02fdfe5c ebp=02fdfea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:03a5d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
02FDFEA8 77E12A00 02FDFE80 00000001 00000000 02FDFEA0
ntdll!NtWaitForMultipleObjects
02FDFF04 77E12A77 02FDFED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
02FDFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
02FDFF74 70C1AB1B 02FDFFA0 02FDFFA4 02FDFFA8 02FDFF9C !
Ordinal265
02FDFFAC 70C1ACDF 00000000 77E887DD 00000000 7FFA8000 !
Ordinal293
02FDFFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x4e4
eax=778321fe ebx=00000003 ecx=7ffaa000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=03e1fd24 ebp=03e1fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0489d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
03E1FD70 77E8A31D 03E1FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
03E1FFB4 77E887DD 00000004 00105C7C 7FFAA000 02139448
kernel32!WaitForMultipleObjects
03E1FFEC 00000000 778321FE 02139448 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
03e1fd24 b7 7a e8 77 03 00 00 00 - 48 fd e1 03 01 00 00
00 .z.w....H.......
03e1fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 48 94 13
02 ............H...
03e1fd44 01 00 00 00 3c 06 00 00 - ec 06 00 00 dc 06 00
00 ....<...........
03e1fd54 d3 6a 43 80 3b 02 00 00 - 00 20 50 c0 b0 b5 59
81 .jC.;.... P...Y.
03e1fd64 00 00 00 00 00 00 00 00 - 70 c4 ae e2 b4 ff e1
03 ........p.......
03e1fd74 1d a3 e8 77 48 fd e1 03 - 01 00 00 00 00 00 00
00 ...wH...........
03e1fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
03e1fd94 b0 fe e1 03 00 00 00 00 - ff ff ff ff 48 94 13
02 ............H...
03e1fda4 00 a0 fa 7f 7c 5c 10 00 - 00 00 00 00 38 00 00
00 ....|\......8...
03e1fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
03e1fdc4 23 00 00 00 23 00 00 00 - 7c 5c 10 00 00 a0 fa
7f #...#...|\......
03e1fdd4 48 94 13 02 00 a0 fa 7f - 00 a0 fa 7f fe 21 83
77 H............!.w
03e1fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
03e1fdf4 fc ff e1 03 23 00 00 00 - 79 6d 43 80 00 00 00
00 ....#...ymC.....
03e1fe04 b0 b5 59 81 00 dd 46 80 - 3a 02 00 00 e0 b4 59
81 ..Y...F.:.....Y.
03e1fe14 cc a7 00 00 20 eb 9b 81 - d5 9e 00 00 f8 13 9b
81 .... ...........
03e1fe24 0d 85 00 00 38 a9 98 81 - 7f aa 00 00 e8 2b 9c
81 ....8........+..
03e1fe34 00 07 00 00 ae cc 44 80 - 7f aa 00 00 e8 2b 9c
81 ......D......+..
03e1fe44 7f aa 00 00 e8 2b 9c 81 - 01 62 fa 7f b1 0a 00
00 .....+...b......
03e1fe54 41 d6 44 80 b1 0a 00 00 - 90 9a 44 81 00 60 fa
7f A.D.......D..`..
Application exception occurred:
App: rundll32.exe (pid=1124)
When: 10/17/2003 @ 15:08:29.078
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
576 regsvc.exe
596 mstask.exe
624 stisvc.exe
684 WinMgmt.exe
712 mspmspsv.exe
724 svchost.exe
1192 igfxtray.exe
1224 hkcmd.exe
1240 vptray.exe
1300 FINDFAST.exe
1308 OSA.exe
744 ipmsg2.02.exe
1180 nlnotes.exe
1348 naldaemn.exe
320 nhldaemn.exe
288 explorer.exe
732 nero.exe
1124 rundll32.exe
1212 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77D9E000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B3C000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(66D20000 - 66D51000)
(773E0000 - 773F5000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(75030000 - 75043000)
(75020000 - 75028000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(10000000 - 10017000)
State Dump for Thread Id 0x524
eax=7f6f0824 ebx=01402020 ecx=00000200 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 000844F8 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 00160164 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 00160164 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A380 00160164 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 00160164 01000000 0007A250 00000464
shell32!SHFileOperationA
0006FF18 010016EB 00160164 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 e8 49 09 00 - dc e5 06 00 f8 b2 74
71 .....I........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 f4 4a 09 00 e8 49 09 00 - 60 f2 07 00 08 02 11
00 .J...I..`.......
0006e5a0 00 02 00 00 00 00 00 00 - 8a 00 67 00 c6 6f e2
00 ..........g..o..
0006e5b0 7a 01 00 00 29 01 00 00 - fe 00 00 00 00 00 00
00 z...)...........
0006e5c0 00 00 00 00 ff ff ff ff - 20 02 21 00 38 a4 77
71 ........ .!.8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - 64 01 16 00 f4 e5 06
00 ./wq....d.......
0006e5e0 17 b5 74 71 f8 44 08 00 - 00 00 00 00 00 00 00
00 ..tq.D..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 50 a2 07 00 64 01 16 00 - f0 a2 07 00 00 00 00
00 P...d...........
0006e620 f6 02 01 be 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 54 00 01 01 20 00 00 00 - 40 00 00 00 78 01 07
00 T... [email protected]...
0006e690 78 01 07 00 78 01 07 00 - 78 01 07 00 30 00 00
00 x...x...x...0...
State Dump for Thread Id 0x55c
eax=00000120 ebx=0007f028 ecx=0007d238 edx=00000000
esi=0007d238 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D56D9E 77D39A00 0007D238 40084788 00000070
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D41C6C 0007E348 00C4FFEC 77E887DD 0007F028
rpcrt4!TowerConstruct
00C4FFB4 77E887DD 0007F028 40084788 00000070 0007F028
rpcrt4!I_RpcServerInqTransportType
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x498
eax=77ab4639 ebx=00000102 ecx=0007e898 edx=00000000
esi=77f8318c edi=00c8ff74
eip=77f83197 esp=00c8ff60 ebp=00c8ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0170d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C8FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
*----> Raw Stack Dump <----*
00c8ff60 17 76 e8 77 00 00 00 00 - 74 ff c8 00 b5 77 e8
77 .v.w....t....w.w
00c8ff70 c8 54 09 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 .T....<.....0u..
00c8ff80 eb 75 e8 77 60 ea 00 00 - 00 00 00 00 fc 85 ab
77 .u.w`..........w
00c8ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5
77 `....F.w.......w
00c8ffa0 c8 54 09 00 ec ff c8 00 - c8 54 09 00 53 46 ab
77 .T.......T..SF.w
00c8ffb0 d8 7a a6 77 c3 7a a6 77 - dd 87 e8 77 c8 54 09
00 .z.w.z.w...w.T..
00c8ffc0 d8 7a a6 77 c3 7a a6 77 - c8 54 09 00 00 c0 fd
7f .z.w.z.w.T......
00c8ffd0 98 e8 07 00 c0 ff c8 00 - 98 e8 07 00 ff ff ff
ff ................
00c8ffe0 56 18 ea 77 88 ae e8 77 - 00 00 00 00 00 00 00
00 V..w...w........
00c8fff0 00 00 00 00 39 46 ab 77 - c8 54 09 00 00 00 00
00 ....9F.w.T......
00c90000 00 00 00 00 9f 00 13 00 - 10 00 90 01 17 00 b0
01 ................
00c90010 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90020 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90030 00 00 00 00 01 00 00 00 - 0d 02 01 01 00 00 00
00 ................
00c90040 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00
00 ................
00c90050 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90060 00 00 00 00 1f 00 89 01 - 00 00 00 00 ff ff ff
ff ................
00c90070 ff ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90080 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90090 21 00 8a 01 00 00 00 40 - 06 00 00 00 00 00 00
00 !......@........
State Dump for Thread Id 0x588
eax=00000000 ebx=00000002 ecx=7ffdb000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d3fe5c ebp=00d3fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017bd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3FEA8 77E12A00 00D3FE80 00000001 00000000 00D3FEA0
ntdll!NtWaitForMultipleObjects
00D3FF04 77E12A77 00D3FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D3FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D3FF74 70C1AB1B 00D3FFA0 00D3FFA4 00D3FFA8 00D3FF9C !
Ordinal265
00D3FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D3FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x53c
eax=00d7f27c ebx=00d7f26c ecx=00000002 edx=000d48b8
esi=00000000 edi=000d48b8
eip=70dcf39f esp=00d7f214 ebp=00d7f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:017fc7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:017fc84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000d48b8=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:017fc7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000d48b8=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:017fc7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:00d7f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:017fc7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:017fc7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:017fc84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:017fc84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D7F224 702BE5B6 000B45C4 0000000E 00D7F27C 000D48B8 !
DllGetClassObject
00D7F248 10001B67 00088BB0 0000000E 00D7F27C 00000001 !
RegisterFormatEnumerator
00D7F2C0 702B6223 00000000 000B93F0 00088D50 00000000 !
<nosymbols>
00D7F2E8 702D1A5A 00088BA8 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
00D7F318 702BA988 00088BA8 00000016 000B93F0 702BA95D !
DllGetClassObject
00D7F354 702C59C3 00000016 00D7F5C0 00000000 000D5B38 !
CoInternetQueryInfo
00D7F7D0 702BB3AF 00000000 000D5B38 000D5B48 702BB372 !
FindMediaTypeClass
00D7F7FC 702B8EF8 00000000 000D1FD0 00088BA8 00088BB0 !
IsAsyncMoniker
00D7F824 702B7DA6 00088D50 000D1FD0 00088BA8 00088BB0 !
FindMediaType
00D7F86C 70D495F1 00088BA8 000D1FD0 000B45E4 00000000 !
CreateAsyncBindCtxEx
00D7FAC0 70D4943E 000D1FD0 873F0000 00D7FBE4 01051DE0 !
DllGetClassObject
00D7FADC 70D493A1 00D7FBE4 01051DF4 873F0000 01051DE0 !
DllGetClassObject
00D7FB00 70D4E77C 00D7FBE4 01051A70 00001FDD 873F0000 !
DllGetClassObject
00D7FB50 70D4AB9F 01051F50 01051A70 00000000 00000000 !
DllGetClassObject
00D7FB74 70D4AAC1 01051B90 00000001 00000000 00D7FBE4 !
DllGetClassObject
00D7FBCC 70D50AF3 01051B90 00000000 10000000 000D7698 !
DllGetClassObject
00D7FCE4 00000000 00400000 01051360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
00d7f214 00 00 00 00 7c f2 d7 00 - 54 8d 08 00 00 00 00
00 ....|...T.......
00d7f224 48 f2 d7 00 b6 e5 2b 70 - c4 45 0b 00 0e 00 00
00 H.....+p.E......
00d7f234 7c f2 d7 00 b8 48 0d 00 - 6c f2 d7 00 00 00 00
00 |....H..l.......
00d7f244 4c 00 6f 01 c0 f2 d7 00 - 67 1b 00 10 b0 8b 08
00 L.o.....g.......
00d7f254 0e 00 00 00 7c f2 d7 00 - 01 00 00 00 6c f2 d7
00 ....|.......l...
00d7f264 b0 8b 08 00 0d 30 2c 70 - 00 00 00 00 f0 93 0b
00 .....0,p........
00d7f274 54 8d 08 00 b0 8b 08 00 - 06 00 00 00 90 f2 d7
00 T...............
00d7f284 54 8d 08 00 00 00 00 00 - a8 8b 08 00 14 00 00
00 T...............
00d7f294 00 00 00 00 50 8d 08 00 - 00 00 00 00 00 00 00
00 ....P...........
00d7f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
00d7f2b4 50 00 6f 01 d0 6d 0d 00 - 4c 00 6f 01 e8 f2 d7
00 P.o..m..L.o.....
00d7f2c4 23 62 2b 70 00 00 00 00 - f0 93 0b 00 50 8d 08
00 #b+p........P...
00d7f2d4 00 00 00 00 00 00 00 00 - a8 8b 08 00 00 00 00
00 ................
00d7f2e4 00 00 00 00 18 f3 d7 00 - 5a 1a 2d 70 a8 8b 08
00 ........Z.-p....
00d7f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00d7f304 f0 93 0b 00 00 00 00 00 - 00 00 00 00 f4 5b 0d
00 .............[..
00d7f314 38 5b 0d 00 54 f3 d7 00 - 88 a9 2b 70 a8 8b 08
00 8[..T.....+p....
00d7f324 16 00 00 00 f0 93 0b 00 - 5d a9 2b 70 40 60 0d
00 ........].+p@`..
00d7f334 16 00 00 00 f0 93 0b 00 - 04 01 00 00 38 5b 0d
00 ............8[..
00d7f344 00 00 00 00 01 00 00 00 - 05 40 00 80 f0 93 0b
00 .........@......
State Dump for Thread Id 0x410
eax=778321fe ebx=00000003 ecx=7ffda000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=0168fd24 ebp=0168fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0210d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0168FD70 77E8A31D 0168FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0168FFB4 77E887DD 00000004 000D4084 7FFDA000 000D4090
kernel32!WaitForMultipleObjects
0168FFEC 00000000 778321FE 000D4090 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0168fd24 b7 7a e8 77 03 00 00 00 - 48 fd 68 01 01 00 00
00 .z.w....H.h.....
0168fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 90 40 0d
00 .............@..
0168fd44 01 00 00 00 04 02 00 00 - 08 02 00 00 18 02 00
00 ................
0168fd54 00 00 00 00 00 00 00 00 - 28 b8 3a 81 40 93 3b
81 ........(.:.@.;.
0168fd64 28 b8 3a 81 00 00 00 00 - 03 00 00 00 b4 ff 68
01 (.:...........h.
0168fd74 1d a3 e8 77 48 fd 68 01 - 01 00 00 00 00 00 00
00 ...wH.h.........
0168fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
0168fd94 b0 fe 68 01 00 00 00 00 - ff ff ff ff 90 40 0d
00 ..h..........@..
0168fda4 00 a0 fd 7f 84 40 0d 00 - e0 ec 4e 81 00 00 00
00 [email protected].....
0168fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
0168fdc4 23 00 00 00 23 00 00 00 - 84 40 0d 00 00 a0 fd
7f #...#....@......
0168fdd4 90 40 0d 00 00 a0 fd 7f - 00 a0 fd 7f fe 21 83
77 .@...........!.w
0168fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
0168fdf4 fc ff 68 01 23 00 00 00 - 8c 4f 45 80 80 db b2
b7 ..h.#....OE.....
0168fe04 68 fc 35 81 68 fc 35 81 - 40 00 00 00 24 db b2
b7 h.5.h.5.@...$...
0168fe14 d0 f8 44 80 00 ab 36 81 - 00 00 00 00 00 00 00
00 ..D...6.........
0168fe24 68 ea 3b 81 a6 24 49 80 - 68 ea 3b 81 74 01 00
00 h.;..$I.h.;.t...
0168fe34 40 6a 89 81 03 00 10 00 - 68 fc 35 81 40 6a 89
81 @j......h.5.@j..
0168fe44 80 fc 35 81 68 fc 35 81 - 6c fc 35 81 00 00 00
00 ..5.h.5.l.5.....
0168fe54 00 00 00 00 00 00 00 00 - 6c fc 35 81 00 00 00
00 ........l.5.....
Application exception occurred:
App: explorer.exe (pid=860)
When: 10/17/2003 @ 17:47:44.687
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 4
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
408 svchost.exe
432 spoolsv.exe
460 defwatch.exe
476 svchost.exe
508 nslsvice.exe
524 nsl.exe
540 rtvscan.exe
584 regsvc.exe
612 mstask.exe
776 stisvc.exe
848 WinMgmt.exe
884 mspmspsv.exe
896 svchost.exe
860 explorer.exe
1120 igfxtray.exe
1132 hkcmd.exe
1080 vptray.exe
1316 FINDFAST.exe
1104 OSA.exe
1360 DRWTSN32.exe
0 _Total.exe
(00400000 - 0043E000)
(77F80000 - 77FFB000)
(7C2D0000 - 7C332000)
(7C4E0000 - 7C599000)
(77D30000 - 77D9E000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(70BD0000 - 70C35000)
(78000000 - 78045000)
(71710000 - 71794000)
(732E0000 - 73305000)
(23000000 - 23056000)
(782F0000 - 78538000)
(77A50000 - 77B3C000)
(775A0000 - 77626000)
(779B0000 - 77A4B000)
(77840000 - 7787E000)
(770C0000 - 770E3000)
(71000000 - 71149000)
(00D70000 - 00F74000)
(71160000 - 7125D000)
(76620000 - 76631000)
(7C0F0000 - 7C152000)
(75160000 - 7516C000)
(75210000 - 75225000)
(751D0000 - 75208000)
(75170000 - 751BF000)
(7C340000 - 7C34F000)
(751C0000 - 751C6000)
(75150000 - 7515F000)
(75030000 - 75044000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(76DF0000 - 76E01000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(76F20000 - 76F97000)
(70340000 - 70381000)
(766D0000 - 766E8000)
(76740000 - 76748000)
(77880000 - 7790E000)
(766F0000 - 766F7000)
(77570000 - 775A0000)
(77560000 - 77568000)
(77400000 - 77408000)
(77410000 - 77423000)
(76290000 - 762CB000)
(6DE80000 - 6DEE4000)
(71960000 - 71972000)
(71F00000 - 71F4D000)
(6A8F0000 - 6A910000)
(74870000 - 74886000)
(70020000 - 70025000)
(702B0000 - 7032A000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(70440000 - 704CF000)
(70C50000 - 70EFD000)
(718C0000 - 71944000)
(70200000 - 70295000)
(77440000 - 774B8000)
(77430000 - 77440000)
(76710000 - 76719000)
(75AC0000 - 75AE8000)
(658F0000 - 65A04000)
(70510000 - 7051A000)
(70F30000 - 70F9E000)
(66650000 - 666A4000)
(75E60000 - 75E7A000)
(66D20000 - 66D51000)
(774E0000 - 77513000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(10000000 - 10017000)
State Dump for Thread Id 0x3b8
eax=00000024 ebx=00000001 ecx=00000040 edx=00000000
esi=0008f930 edi=00000000
eip=77e13569 esp=0006ff00 ebp=0006ff1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1355e b836120000 mov eax,0x1236
77e13563 8d542404 lea edx,
[esp+0x4] ss:00ae9de7=????????
77e13567 cd2e int 2e
77e13569 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006FF1C 7831ADBB 00000000 004084C4 0008F930 00000000
user32!WaitMessage
0006FF60 00408201 0000005C 00000000 00020656 00000001
shell32!Ordinal201
0006FFC0 7C4E87F5 00000000 00000000 7FFDF000 00000000
explorer!<nosymbols>
0006FFF0 00000000 00408188 00000000 000000C8 00000100
kernel32!DosDateTimeToFileTime
*----> Raw Stack Dump <----*
0006ff00 41 ae 31 78 94 55 4f 7c - 30 f9 08 00 01 00 00
00 A.1x.UO|0.......
0006ff10 30 f9 08 00 30 f9 08 00 - 60 ff 06 00 60 ff 06
00 0...0...`...`...
0006ff20 bb ad 31 78 00 00 00 00 - c4 84 40 00 30 f9 08
00 [email protected]...
0006ff30 00 00 00 00 56 06 02 00 - 00 f0 fd 7f 30 cf 3b
81 ....V.......0.;.
0006ff40 92 ab 4f 7c ff ff ff ff - 0c 00 00 00 56 06 02
00 ..O|........V...
0006ff50 d5 ab 4f 7c 02 00 00 00 - 6b 8f 04 00 e0 ff 06
00 ..O|....k.......
0006ff60 c0 ff 06 00 01 82 40 00 - 5c 00 00 00 00 00 00
00 ......@.\.......
0006ff70 56 06 02 00 01 00 00 00 - 00 00 00 00 44 00 00
00 V...........D...
0006ff80 50 62 07 00 40 44 07 00 - 70 62 07 00 00 00 00
00 [email protected]......
0006ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 98 e9 06
00 ................
0006ffa0 60 9e 07 00 90 e9 06 00 - 01 00 00 00 01 00 00
00 `...............
0006ffb0 00 00 00 00 ff ff ff ff - ff ff ff ff ff ff ff
ff ................
0006ffc0 f0 ff 06 00 f5 87 4e 7c - 00 00 00 00 00 00 00
00 ......N|........
0006ffd0 00 f0 fd 7f 00 00 00 00 - c8 ff 06 00 00 00 00
00 ................
0006ffe0 ff ff ff ff b4 f0 4f 7c - c8 8e 4e 7c 00 00 00
00 ......O|..N|....
0006fff0 00 00 00 00 00 00 00 00 - 88 81 40 00 00 00 00
00 ..........@.....
00070000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 00 00
00 ................
00070010 00 00 00 00 00 fe 00 00 - 00 00 10 00 00 20 00
00 ............. ..
00070020 00 02 00 00 00 20 00 00 - 23 19 00 00 ff ef fd
7f ..... ..#.......
00070030 01 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x2dc
eax=0007fc84 ebx=00000000 ecx=00076e00 edx=00000000
esi=00080f90 edi=00000100
eip=77f839c7 esp=00d2fe28 ebp=00d2ff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,
[esp+0x4] ss:017a9d0f=????????
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839cd 8b483c mov ecx,
[eax+0x3c] ds:00af9b6a=????????
77f839d0 f6400801 test byte ptr
[eax+0x8],0x1 ds:00af9b6a=??
77f839d4 7502 jnz
RtlCreateProcessParameters+0xd (77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov
[ebp+0xe4],ecx ss:017a9e5a=????????
77f839db 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839de 668b4038 mov ax,
[eax+0x38] ds:00af9b6b=????
77f839e2 668945e0 mov
[ebp+0xe0],ax ss:017a9e5b=????
77f839e6 668945e2 mov
[ebp+0xe2],ax ss:017a9e5b=????
77f839ea 53 push ebx
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D2FF74 77D56D9E 77D39AD0 00080F90 40080A88 00000070
ntdll!NtReplyWaitReceivePortEx
00D2FFA8 77D41C6C 0007DA10 00D2FFEC 7C4E987C 0007FC70
rpcrt4!TowerConstruct
00D2FFB4 7C4E987C 0007FC70 40080A88 00000070 0007FC70
rpcrt4!I_RpcServerInqTransportType
00D2FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x110
eax=77ab4639 ebx=00000102 ecx=0007fff0 edx=00000000
esi=77f89153 edi=00d6ff74
eip=77f8915e esp=00d6ff60 ebp=00d6ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: ZwDelayExecution
77f89153 b832000000 mov eax,0x32
77f89158 8d542404 lea edx,
[esp+0x4] ss:017e9e47=????????
77f8915c cd2e int 2e
77f8915e c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D6FF7C 7C4FAC79 0000EA60 00000000 77AB85FC 0000EA60
ntdll!ZwDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
*----> Raw Stack Dump <----*
00d6ff60 a5 ac 4f 7c 00 00 00 00 - 74 ff d6 00 68 c4 4f
7c ..O|....t...h.O|
00d6ff70 a0 35 08 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 .5....<.....0u..
00d6ff80 79 ac 4f 7c 60 ea 00 00 - 00 00 00 00 fc 85 ab
77 y.O|`..........w
00d6ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5
77 `....F.w.......w
00d6ffa0 a0 35 08 00 ec ff d6 00 - a0 35 08 00 53 46 ab
77 .5.......5..SF.w
00d6ffb0 d8 7a a6 77 c3 7a a6 77 - 7c 98 4e 7c a0 35 08
00 .z.w.z.w|.N|.5..
00d6ffc0 d8 7a a6 77 c3 7a a6 77 - a0 35 08 00 00 c0 fd
7f .z.w.z.w.5......
00d6ffd0 f0 ff 07 00 c0 ff d6 00 - f0 ff 07 00 ff ff ff
ff ................
00d6ffe0 b4 f0 4f 7c 60 d3 4e 7c - 00 00 00 00 00 00 00
00 ..O|`.N|........
00d6fff0 00 00 00 00 39 46 ab 77 - a0 35 08 00 00 00 00
00 ....9F.w.5......
00d70000 4d 5a 90 00 03 00 00 00 - 04 00 00 00 ff ff 00
00 MZ..............
00d70010 b8 00 00 00 00 00 00 00 - 40 00 00 00 00 00 00
00 ........@.......
00d70020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00d70030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 01 00
00 ................
00d70040 0e 1f ba 0e 00 b4 09 cd - 21 b8 01 4c cd 21 54
68 ........!..L.!Th
00d70050 69 73 20 70 72 6f 67 72 - 61 6d 20 63 61 6e 6e
6f is program canno
00d70060 74 20 62 65 20 72 75 6e - 20 69 6e 20 44 4f 53
20 t be run in DOS
00d70070 6d 6f 64 65 2e 0d 0d 0a - 24 00 00 00 00 00 00
00 mode....$.......
00d70080 9b b6 e5 4f df d7 8b 1c - df d7 8b 1c df d7 8b
1c ...O............
00d70090 92 f4 97 1c de d7 8b 1c - 16 f5 a1 1c de d7 8b
1c ................
State Dump for Thread Id 0x230
eax=0008c44c ebx=00000000 ecx=0000001c edx=00000000
esi=00000000 edi=00000000
eip=77e13569 esp=00fcff2c ebp=00fcff4c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1355e b836120000 mov eax,0x1236
77e13563 8d542404 lea edx,
[esp+0x4] ss:01a49e13=????????
77e13567 cd2e int 2e
77e13569 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00FCFF4C 0040A389 70C0C464 00400000 0035002D 0032002D
user32!WaitMessage
00FCFFB4 7C4E987C 00000000 0035002D 0032002D 0006FEE0
explorer!<nosymbols>
00FCFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x140
eax=027d0010 ebx=00000008 ecx=00002000 edx=00000000
esi=77f93233 edi=00000008
eip=77f9323e esp=0101fd98 ebp=0101fde4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:01a99c7f=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0101FDE4 77E13990 0101FDBC 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0101FE40 77E13A5C 0101FE0C 0101FEB8 FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
0101FE5C 78319390 00000007 0101FEB8 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
784102B8 FFFFFFFF 00000000 00000000 000001E0 00000000
shell32!Ordinal200
77FCFE20 784102B8 77FCFE48 77FCFE08 00000017 00000017
<nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000
shell32!<nosymbols>
State Dump for Thread Id 0x3c0
eax=0105f1e8 ebx=00000002 ecx=02810238 edx=00000000
esi=77f93233 edi=00000002
eip=77f9323e esp=0105fe5c ebp=0105fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:01ad9d43=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0105FEA8 77E13990 0105FE80 00000001 00000000 0105FEA0
ntdll!NtWaitForMultipleObjects
0105FF04 77E13A5C 0105FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
0105FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
0105FF74 70C1AB1B 0105FFA0 0105FFA4 0105FFA8 0105FF9C !
Ordinal265
0105FFAC 70C1ACDF 00000012 7C4E987C 00000000 00000000 !
Ordinal293
0105FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x4f4
eax=0000001c ebx=00000002 ecx=7ffd8000 edx=00000000
esi=77f93233 edi=00000002
eip=77f9323e esp=010efe5c ebp=010efea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:01b69d43=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
010EFEA8 77E13990 010EFE80 00000001 00000000 010EFEA0
ntdll!NtWaitForMultipleObjects
010EFF04 77E13A5C 010EFED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
010EFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
010EFF74 70C1AB1B 010EFFA0 010EFFA4 010EFFA8 010EFF9C !
Ordinal265
010EFFAC 70C1ACDF 00000012 7C4E987C 00000000 00000000 !
Ordinal293
010EFFEC 00000000 70C1ACAF 00000000 00000000 000000C8 !
Ordinal293
*----> Raw Stack Dump <----*
010efe5c d7 bd 4e 7c 02 00 00 00 - 80 fe 0e 01 01 00 00
00 ..N|............
010efe6c 00 00 00 00 a0 fe 0e 01 - 00 00 00 00 00 00 00
00 ................
010efe7c 02 00 00 00 00 02 00 00 - 24 02 00 00 90 4f a5
77 ........$....O.w
010efe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 a0 fe 0e
01 ................
010efe9c 00 00 00 00 00 ba 3c dc - ff ff ff ff 04 ff 0e
01 ......<.........
010efeac 90 39 e1 77 80 fe 0e 01 - 01 00 00 00 00 00 00
00 .9.w............
010efebc a0 fe 0e 01 00 00 00 00 - 60 ea 00 00 18 bb c2
70 ........`......p
010efecc 00 00 00 00 00 02 00 00 - 24 02 00 00 84 ff 0e
01 ........$.......
010efedc 4f 7a 2e 73 00 00 16 71 - 74 ff 0e 01 00 00 00
00 Oz.s...qt.......
010efeec 18 bb c2 70 00 00 00 00 - 00 00 00 00 cc 86 fd
7f ...p............
010efefc 00 00 00 00 24 02 00 00 - 20 ff 0e 01 5c 3a e1
77 ....$... ...\:.w
010eff0c d0 fe 0e 01 38 bb c2 70 - 60 ea 00 00 41 00 00
00 ....8..p`...A...
010eff1c 00 00 00 00 74 ff 0e 01 - 93 a7 c1 70 01 00 00
00 ....t......p....
010eff2c 38 bb c2 70 00 00 00 00 - 60 ea 00 00 41 00 00
00 8..p....`...A...
010eff3c 00 00 00 00 18 bb c2 70 - 00 00 00 00 00 00 00
00 .......p........
010eff4c 00 00 00 00 00 00 00 00 - f0 fe 0e 01 00 8c fd
7f ................
010eff5c dc ff 0e 01 b4 f0 4f 7c - 0d 0c 05 00 18 bb c2
70 ......O|.......p
010eff6c 60 ea 00 00 01 00 00 00 - ac ff 0e 01 1b ab c1
70 `..............p
010eff7c a0 ff 0e 01 a4 ff 0e 01 - a8 ff 0e 01 9c ff 0e
01 ................
010eff8c 60 ea 00 00 00 00 00 00 - 00 00 bd 70 00 00 00
00 `..........p....
State Dump for Thread Id 0x78
eax=000000c0 ebx=00fcfccc ecx=7c4f3496 edx=00000000
esi=ffffffff edi=00000557
eip=77f8915e esp=012bffa0 ebp=012bffb4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b
gs=0000 efl=00000246
function: ZwDelayExecution
77f89153 b832000000 mov eax,0x32
77f89158 8d542404 lea edx,
[esp+0x4] ss:01d39e87=????????
77f8915c cd2e int 2e
77f8915e c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
012BFFB4 7C4E987C 00FCFCCC 00000557 FFFFFFFF 00FCFCCC
ntdll!ZwDelayExecution
012BFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x468
eax=00000000 ebx=00000000 ecx=00000405 edx=00000000
esi=00000000 edi=012ffda4
eip=77f950df esp=012ff9f0 ebp=012ffa50 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: ZwDeviceIoControlFile
77f950d4 b838000000 mov eax,0x38
77f950d9 8d542404 lea edx,
[esp+0x4] ss:01d798d7=????????
77f950dd cd2e int 2e
77f950df c22800 ret 0x28
77f950e2 8bca mov ecx,edx
77f950e4 894dcc mov
[ebp+0xcc],ecx ss:01d79936=????????
77f950e7 66832100 and word ptr
[ecx],0x0 ds:00000405=????
77f950eb e9eccaffff jmp
RtlDosPathNameToNtPathName_U+0x25a (77f91bdc)
77f950f0 8b4508 mov eax,
[ebp+0x8] ss:01d79936=????????
77f950f3 5e pop esi
77f950f4 5f pop edi
77f950f5 c9 leave
77f950f6 c3 ret
77f950f7 55 push ebp
77f950f8 8bec mov ebp,esp
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
012FFA50 76F585B4 00000708 0017000E 76F5F700 00000038
ntdll!ZwDeviceIoControlFile
012FFD30 76F52B06 000B5F04 012FFD4C 000B5E80 000B5E70
netshell!<nosymbols>
012FFDA8 76F53B99 012FFDC4 012FFDEC 000B4F78 000B4A58
netshell!NetSetupSetProgressCallback
012FFDCC 76F50F7D 000B5E80 012FFDEC 00000000 012FFED8
netshell!NetSetupSetProgressCallback
012FFDF4 76F50F05 00053187 000B4F78 012FFE24 77E12CA8
netshell!NetSetupSetProgressCallback
012FFE04 77E12CA8 00000000 00000113 00007FE3 00053187
netshell!NetSetupSetProgressCallback
012FFE24 77E12E4E 76F50ED1 00000000 00000113 00007FE3
user32!GetSysColor
012FFEB0 77E12F0F 012FFED8 00000000 76F21E2C 012FFED8
user32!GetSysColor
00000001 00000000 00000000 00000000 00000000 00000000
user32!DispatchMessageW
*----> Raw Stack Dump <----*
012ff9f0 91 d6 4f 7c 08 07 00 00 - 00 00 00 00 00 00 00
00 ..O|............
012ffa00 00 00 00 00 28 fa 2f 01 - 0e 00 17 00 00 f7 f5
76 ....(./........v
012ffa10 38 00 00 00 84 fa 2f 01 - a0 02 00 00 a4 fd 2f
01 8...../......./.
012ffa20 4c fd 2f 01 08 07 00 00 - 00 00 00 00 90 00 00
00 L./.............
012ffa30 98 88 f5 76 74 fa 2f 01 - 1c fa 2f 01 01 01 01
02 ...vt./.../.....
012ffa40 a0 fe 2f 01 b4 f0 4f 7c - c0 d6 4f 7c ff ff ff
ff ../...O|..O|....
012ffa50 30 fd 2f 01 b4 85 f5 76 - 08 07 00 00 0e 00 17
00 0./....v........
012ffa60 00 f7 f5 76 38 00 00 00 - 84 fa 2f 01 a0 02 00
00 ...v8...../.....
012ffa70 38 fd 2f 01 00 00 00 00 - ec fd 2f 01 a4 fd 2f
01 8./......./.../.
012ffa80 70 5e 0b 00 07 01 01 00 - 04 00 00 00 40 42 0f
00 p^..........@B..
012ffa90 04 01 01 80 04 00 00 00 - 00 00 00 00 14 01 01
80 ................
012ffaa0 04 00 00 00 00 00 00 00 - 01 01 02 00 04 00 00
00 ................
012ffab0 7b 00 00 00 02 01 02 00 - 04 00 00 00 79 03 00
00 {...........y...
012ffac0 03 01 02 00 04 00 00 00 - 00 00 00 00 04 01 02
00 ................
012ffad0 04 00 00 00 00 00 00 00 - 08 02 02 80 04 00 00
00 ................
012ffae0 50 00 00 00 ff ff ff 80 - 04 00 00 00 4a 01 00
00 P...........J...
012ffaf0 13 02 02 80 04 00 00 00 - 4e 00 00 00 14 02 02
80 ........N.......
012ffb00 04 00 00 00 00 00 00 00 - 15 02 02 80 04 00 00
00 ................
012ffb10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
012ffb20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x464
eax=77801aae ebx=77e339d4 ecx=7780314c edx=00000000
esi=0133fd70 edi=77e12f5f
eip=77e12f5c esp=0133fd04 ebp=0133fd1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e12f3a 0f8540d80200 jne
UnregisterHotKey+0xe89 (77e40780)
77e12f40 33c0 xor eax,eax
77e12f42 c20800 ret 0x8
77e12f45 ff742408 push dword ptr
[esp+0x8] ss:01db9beb=????????
77e12f49 51 push ecx
77e12f4a e8ce1e0000 call GetKeyState+0x9b
(77e14e1d)
77e12f4f ebf1 jmp DrawStateA+0x6e6
(77e1e842)
77e12f51 b89a110000 mov eax,0x119a
77e12f56 8d542404 lea edx,
[esp+0x4] ss:01db9beb=????????
77e12f5a cd2e int 2e
77e12f5c c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0133FD1C 766D1AD2 0133FD70 00000000 00000000 00000000
user32!TranslateMessageEx
0133FD90 766D198E 00010074 00000000 766D2848 00000001
stobject!DllGetClassObject
0133FFB4 7C4E987C 00000000 00FCFAA0 77F98191 00000000
stobject!DllGetClassObject
0133FFEC 00000000 766D1949 00000000 00000000 00040000
kernel32!SetThreadExecutionState
*----> Raw Stack Dump <----*
0133fd04 86 2f e1 77 70 fd 33 01 - 00 00 00 00 00 00 00
00 ./.wp.3.........
0133fd14 00 00 00 00 00 00 00 00 - 90 fd 33 01 d2 1a 6d
76 ..........3...mv
0133fd24 70 fd 33 01 00 00 00 00 - 00 00 00 00 00 00 00
00 p.3.............
0133fd34 a0 fa fc 00 00 00 6d 76 - 00 00 00 00 30 00 00
00 ......mv....0...
0133fd44 00 40 00 00 00 13 6d 76 - 00 00 00 00 1e 00 00
00 [email protected]........
0133fd54 00 00 6d 76 4f 00 05 00 - 11 00 01 00 10 00 00
00 ..mvO...........
0133fd64 00 00 00 00 50 28 6d 76 - 00 00 00 00 74 00 01
00 ....P(mv....t...
0133fd74 13 01 00 00 07 00 00 00 - 00 00 00 00 74 e6 04
00 ............t...
0133fd84 bc 01 00 00 87 00 00 00 - 00 00 00 00 b4 ff 33
01 ..............3.
0133fd94 8e 19 6d 76 74 00 01 00 - 00 00 00 00 48 28 6d
76 ..mvt.......H(mv
0133fda4 01 00 00 00 91 81 f9 77 - 43 00 3a 00 5c 00 57
00 .......wC.:.\.W.
0133fdb4 49 00 4e 00 4e 00 54 00 - 5c 00 73 00 79 00 73
00 I.N.N.T.\.s.y.s.
0133fdc4 74 00 65 00 6d 00 33 00 - 32 00 5c 00 73 00 74
00 t.e.m.3.2.\.s.t.
0133fdd4 6f 00 62 00 6a 00 65 00 - 63 00 74 00 2e 00 64
00 o.b.j.e.c.t...d.
0133fde4 6c 00 6c 00 00 00 4e 7c - 1b 00 00 00 00 02 00
00 l.l...N|........
0133fdf4 fc ff 33 01 23 00 00 00 - 00 00 00 00 00 00 00
00 ..3.#...........
0133fe04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0133fe14 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0133fe24 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0133fe34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x42c
eax=77562bda ebx=00000002 ecx=00000000 edx=00000000
esi=77f93233 edi=00000002
eip=77f9323e esp=013cff24 ebp=013cff70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:01e49e0b=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
013CFF70 7C4FABFB 013CFF48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
013CFFB4 7C4E987C 00000000 00000009 0133F520 00000000
kernel32!WaitForMultipleObjects
013CFFEC 00000000 77562BDA 00000000 00000000 00007077
kernel32!SetThreadExecutionState
*----> Raw Stack Dump <----*
013cff24 d7 bd 4e 7c 02 00 00 00 - 48 ff 3c 01 01 00 00
00 ..N|....H.<.....
013cff34 00 00 00 00 00 00 00 00 - 09 00 00 00 00 00 00
00 ................
013cff44 00 00 00 00 ac 02 00 00 - 84 02 00 00 e0 64 39
81 .............d9.
013cff54 80 63 39 81 00 00 00 00 - 00 00 00 00 00 00 00
00 .c9.............
013cff64 00 00 00 00 00 00 00 00 - 00 00 00 00 b4 ff 3c
01 ..............<.
013cff74 fb ab 4f 7c 48 ff 3c 01 - 01 00 00 00 00 00 00
00 ..O|H.<.........
013cff84 00 00 00 00 00 00 00 00 - 1a 2c 56 77 02 00 00
00 .........,Vw....
013cff94 a4 ff 3c 01 00 00 00 00 - ff ff ff ff 20 f5 33
01 ..<......... .3.
013cffa4 ac 02 00 00 84 02 00 00 - 00 00 00 00 00 00 00
00 ................
013cffb4 ec ff 3c 01 7c 98 4e 7c - 00 00 00 00 09 00 00
00 ..<.|.N|........
013cffc4 20 f5 33 01 00 00 00 00 - 00 f0 fa 7f 00 00 00
00 .3.............
013cffd4 c0 ff 3c 01 00 00 00 00 - ff ff ff ff b4 f0 4f
7c ..<...........O|
013cffe4 60 d3 4e 7c 00 00 00 00 - 00 00 00 00 00 00 00
00 `.N|............
013cfff4 da 2b 56 77 00 00 00 00 - 00 00 00 00 77 70 00
00 .+Vw........wp..
013d0004 00 00 00 07 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
013d0014 00 00 00 00 00 00 00 00 - 00 00 00 00 77 0f 77
77 ............w.ww
013d0024 77 77 77 00 00 00 00 00 - 00 00 00 00 00 00 00
00 www.............
013d0034 00 00 00 00 00 00 00 00 - 00 00 00 00 77 0f 77
78 ............w.wx
013d0044 88 00 77 80 00 00 00 00 - 00 00 00 00 00 00 00
00 ..w.............
013d0054 00 00 00 00 00 00 00 00 - 00 00 00 00 77 77 0f
77 ............ww.w
State Dump for Thread Id 0x424
eax=00000102 ebx=000493e0 ecx=00000102 edx=00000000
esi=000801c8 edi=000493e0
eip=77f8beb2 esp=0151febc ebp=0151fee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: NtRemoveIoCompletion
77f8bea7 b8a8000000 mov eax,0xa8
77f8beac 8d542404 lea edx,
[esp+0x4] ss:01f99da3=adf00d0b
77f8beb0 cd2e int 2e
77f8beb2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0151FEE4 77D809DA 00000124 0151FF1C 0151FF0C 0151FF14
ntdll!NtRemoveIoCompletion
0151FF20 77D50EDE 000493E0 0151FF60 0151FF5C 0151FF70
rpcrt4!I_RpcTransGetAddressList
0151FF74 77D50D17 77D39A00 000801C8 0133F3CA 77F8C277
rpcrt4!TowerConstruct
0151FFA8 77D41C6C 0009AA88 0151FFEC 7C4E987C 000A5150
rpcrt4!TowerConstruct
0151FFB4 7C4E987C 000A5150 0133F3CA 77F8C277 000A5150
rpcrt4!I_RpcServerInqTransportType
0151FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x44c
eax=000ad7ac ebx=00000000 ecx=00076e00 edx=00000000
esi=00080f90 edi=00000100
eip=77f839c7 esp=0155fe28 ebp=0155ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,
[esp+0x4] ss:01fd9d0f=adf00d0b
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839cd 8b483c mov ecx,
[eax+0x3c] ds:00b27692=????????
77f839d0 f6400801 test byte ptr
[eax+0x8],0x1 ds:00b27692=??
77f839d4 7502 jnz
RtlCreateProcessParameters+0xd (77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov
[ebp+0xe4],ecx ss:01fd9e5a=f00d0bad
77f839db 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839de 668b4038 mov ax,
[eax+0x38] ds:00b27693=????
77f839e2 668945e0 mov
[ebp+0xe0],ax ss:01fd9e5b=0d0b
77f839e6 668945e2 mov
[ebp+0xe2],ax ss:01fd9e5b=0d0b
77f839ea 53 push ebx
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0155FF74 77D56D9E 77D39AD0 00080F90 00000000 00000000
ntdll!NtReplyWaitReceivePortEx
0155FFA8 77D41C6C 0007DA10 0155FFEC 7C4E987C 000AD798
rpcrt4!TowerConstruct
0155FFB4 7C4E987C 000AD798 00000000 00000000 000AD798
rpcrt4!I_RpcServerInqTransportType
0155FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x544
eax=01b56000 ebx=00000000 ecx=00000006 edx=00000000
esi=000a4b00 edi=00000000
eip=77e13569 esp=016afcd8 ebp=016aff28 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: WaitMessage
77e1355e b836120000 mov eax,0x1236
77e13563 8d542404 lea edx,
[esp+0x4] ss:02129bbf=00000000
77e13567 cd2e int 2e
77e13569 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
016AFF28 71181ACF 00000000 00000250 0006EA1C 000B85C0
user32!WaitMessage
016AFFB4 7C4E987C 000B85C0 00000250 0006EA1C 000B85C0 !
Ordinal123
016AFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x540
eax=00070100 ebx=01f8ff74 ecx=00000403 edx=00000000
esi=77f94086 edi=00000438
eip=77f94091 esp=01f8ff58 ebp=01f8ff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: ZwWaitForSingleObject
77f94086 b8ea000000 mov eax,0xea
77f9408b 8d542404 lea edx,
[esp+0x4] ss:02a09e3f=????????
77f9408f cd2e int 2e
77f94091 c20c00 ret 0xc
77f94094 8a5001 mov dl,
[eax+0x1] ds:00ae9fe6=??
77f94097 3a5101 cmp dl,
[ecx+0x1] ds:00a7a2e9=??
77f9409a 0f8598c7ffff jne
RtlEqualPrefixSid+0x44 (77f90838)
77f940a0 84d2 test dl,dl
77f940a2 7410 jz
RtlQueryAtomInAtomTable+0x31 (77f94fb4)
77f940a4 0fb6d2 movzx edx,dl
77f940a7 33ff xor edi,edi
77f940a9 8d72ff lea esi,
[edx+0xff] ds:00a79ee6=????????
77f940ac 85f6 test esi,esi
77f940ae 0f8f04100100 jnle
RtlEraseUnicodeString+0x4e (77fa50b8)
77f940b4 b001 mov al,0x1
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01F8FF7C 7C4F1B1B 00000438 000927C0 00000000 70CFD855
ntdll!ZwWaitForSingleObject
77F89134 4AFFC033 58850F08 890000C1 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
*----> Raw Stack Dump <----*
01f8ff58 c2 c4 4f 7c 38 04 00 00 - 00 00 00 00 74 ff f8
01 ..O|8.......t...
01f8ff68 00 00 00 00 00 25 b5 01 - 03 91 f8 77 00 44 5f
9a .....%.....w.D_.
01f8ff78 fe ff ff ff 34 91 f8 77 - 1b 1b 4f 7c 38 04 00
00 ....4..w..O|8...
01f8ff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 38 04 00
00 .'......U..p8...
01f8ff98 c0 27 09 00 09 00 00 00 - 00 25 b5 01 ec ff f8
01 .'.......%......
01f8ffa8 00 25 b5 01 95 d7 cf 70 - 38 86 0c 00 6f d7 cf
70 .%.....p8...o..p
01f8ffb8 7c 98 4e 7c 00 25 b5 01 - 09 00 00 00 38 86 0c
00 |.N|.%......8...
01f8ffc8 00 25 b5 01 00 c0 fa 7f - d8 e9 08 00 c0 ff f8
01 .%..............
01f8ffd8 d8 e9 08 00 ff ff ff ff - b4 f0 4f 7c 60 d3 4e
7c ..........O|`.N|
01f8ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf
70 ............f..p
01f8fff8 00 25 b5 01 00 00 00 00 - 43 6c 69 65 6e 74 20
55 .%......Client U
01f90008 72 6c 43 61 63 68 65 20 - 4d 4d 46 20 56 65 72
20 rlCache MMF Ver
01f90018 35 2e 32 00 00 c0 18 00 - 00 50 00 00 00 31 00
00 5.2......P...1..
01f90028 c1 03 00 00 00 00 00 00 - 00 6c d0 1d 00 00 00
00 .........l......
01f90038 00 e0 f4 02 00 00 00 00 - 00 a0 3b 02 00 00 00
00 ..........;.....
01f90048 04 00 00 00 a4 00 00 00 - 39 4e 38 39 41 48 4d
33 ........9N89AHM3
01f90058 a4 00 00 00 55 51 42 46 - 4b 38 45 52 a3 00 00
00 ....UQBFK8ER....
01f90068 4f 36 42 41 52 55 51 39 - a3 00 00 00 43 41 59
4e O6BARUQ9....CAYN
01f90078 5a 44 47 54 00 00 00 00 - 00 00 00 00 00 00 00
00 ZDGT............
01f90088 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x53c
eax=09000010 ebx=021cff74 ecx=00000000 edx=00000000
esi=77f94086 edi=00000484
eip=77f94091 esp=021cff58 ebp=021cff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: ZwWaitForSingleObject
77f94086 b8ea000000 mov eax,0xea
77f9408b 8d542404 lea edx,
[esp+0x4] ss:02c49e3f=????????
77f9408f cd2e int 2e
77f94091 c20c00 ret 0xc
77f94094 8a5001 mov dl,
[eax+0x1] ds:09a79ef6=??
77f94097 3a5101 cmp dl,
[ecx+0x1] ds:00a79ee6=??
77f9409a 0f8598c7ffff jne
RtlEqualPrefixSid+0x44 (77f90838)
77f940a0 84d2 test dl,dl
77f940a2 7410 jz
RtlQueryAtomInAtomTable+0x31 (77f94fb4)
77f940a4 0fb6d2 movzx edx,dl
77f940a7 33ff xor edi,edi
77f940a9 8d72ff lea esi,
[edx+0xff] ds:00a79ee6=????????
77f940ac 85f6 test esi,esi
77f940ae 0f8f04100100 jnle
RtlEraseUnicodeString+0x4e (77fa50b8)
77f940b4 b001 mov al,0x1
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
021CFF7C 7C4F1B1B 00000484 000927C0 00000000 70CFD855
ntdll!ZwWaitForSingleObject
77F89134 4AFFC033 58850F08 890000C1 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
State Dump for Thread Id 0x548
eax=0276f27c ebx=0276f26c ecx=00000002 edx=000fc238
esi=00000000 edi=000fc238
eip=70dcf39f esp=0276f214 ebp=0276f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:031e910a=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:031e9163=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000fc238=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:031e910a=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000fc238=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:031e910a=????????
70dcf3a4 8908 mov
[eax],ecx ds:0276f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:031e910a=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:031e910a=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:031e9162=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:031e9162=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0276F224 702BE5B6 0012BFE4 0000000E 0276F27C 000FC238 !
DllGetClassObject
0276F248 10001B67 000CD4D0 0000000E 0276F27C 00000001 !
RegisterFormatEnumerator
0276F2C0 702B6223 00000000 000E5D58 000CD670 00000000 !
<nosymbols>
0276F2E8 702D1A5A 000CD4C8 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
0276F318 702BA988 000CD4C8 00000016 000E5D58 702BA95D !
DllGetClassObject
0276F354 702C59C3 00000016 0276F5C0 00000000 000CB1B0 !
CoInternetQueryInfo
0276F7D0 702BB3AF 00000000 000CB1B0 000CB1C0 702BB372 !
FindMediaTypeClass
0276F7FC 702B8EF8 00000000 000F1068 000CD4C8 000CD4D0 !
IsAsyncMoniker
0276F824 702B7DA6 000CD670 000F1068 000CD4C8 000CD4D0 !
FindMediaType
0276F86C 70D495F1 000CD4C8 000F1068 0012C004 00000000 !
CreateAsyncBindCtxEx
0276FAC0 70D4943E 000F1068 873F0000 0276FBE4 01B59DB0 !
DllGetClassObject
0276FADC 70D493A1 0276FBE4 01B59DC4 873F0000 01B59DB0 !
DllGetClassObject
0276FB00 70D4E77C 0276FBE4 01B59890 00001FDD 873F0000 !
DllGetClassObject
0276FB50 70D4AB9F 01B592E0 01B59890 00000000 00000000 !
DllGetClassObject
0276FB74 70D4AAC1 01B59A10 00000001 00000000 0276FBE4 !
DllGetClassObject
0276FBCC 70D50AF3 01B59A10 00000000 10000000 0011AA38 !
DllGetClassObject
0276FCE4 00000000 00400000 01B60B40 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
0276f214 00 00 00 00 7c f2 76 02 - 74 d6 0c 00 00 00 00
00 ....|.v.t.......
0276f224 48 f2 76 02 b6 e5 2b 70 - e4 bf 12 00 0e 00 00
00 H.v...+p........
0276f234 7c f2 76 02 38 c2 0f 00 - 6c f2 76 02 00 00 00
00 |.v.8...l.v.....
0276f244 4c 00 87 02 c0 f2 76 02 - 67 1b 00 10 d0 d4 0c
00 L.....v.g.......
0276f254 0e 00 00 00 7c f2 76 02 - 01 00 00 00 6c f2 76
02 ....|.v.....l.v.
0276f264 d0 d4 0c 00 0d 30 2c 70 - 00 00 00 00 58 5d 0e
00 .....0,p....X]..
0276f274 74 d6 0c 00 d0 d4 0c 00 - 06 00 00 00 90 f2 76
02 t.............v.
0276f284 74 d6 0c 00 00 00 00 00 - c8 d4 0c 00 14 00 00
00 t...............
0276f294 00 00 00 00 70 d6 0c 00 - 00 00 00 00 00 00 00
00 ....p...........
0276f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
0276f2b4 50 00 87 02 d8 4f 0b 00 - 4c 00 87 02 e8 f2 76
02 P....O..L.....v.
0276f2c4 23 62 2b 70 00 00 00 00 - 58 5d 0e 00 70 d6 0c
00 #b+p....X]..p...
0276f2d4 00 00 00 00 00 00 00 00 - c8 d4 0c 00 00 00 00
00 ................
0276f2e4 00 00 00 00 18 f3 76 02 - 5a 1a 2d 70 c8 d4 0c
00 ......v.Z.-p....
0276f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0276f304 58 5d 0e 00 00 00 00 00 - 00 00 00 00 6c b2 0c
00 X]..........l...
0276f314 b0 b1 0c 00 54 f3 76 02 - 88 a9 2b 70 c8 d4 0c
00 ....T.v...+p....
0276f324 16 00 00 00 58 5d 0e 00 - 5d a9 2b 70 f8 cf 0d
00 ....X]..].+p....
0276f334 16 00 00 00 58 5d 0e 00 - 04 01 00 00 b0 b1 0c
00 ....X]..........
0276f344 00 00 00 00 01 00 00 00 - 05 40 00 80 58 5d 0e
00 [email protected]]..
State Dump for Thread Id 0x12c
eax=778321fe ebx=00000003 ecx=0000004c edx=00000000
esi=77f93233 edi=00000003
eip=77f9323e esp=0284fd24 ebp=0284fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:032c9c0b=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0284FD70 7C4FABFB 0284FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0284FFB4 7C4E987C 00000004 7FFAA000 7C2D02A7 000D8C48
kernel32!WaitForMultipleObjects
0284FFEC 00000000 778321FE 000D8C48 00000000 00000001
kernel32!SetThreadExecutionState
*----> Raw Stack Dump <----*
0284fd24 d7 bd 4e 7c 03 00 00 00 - 48 fd 84 02 01 00 00
00 ..N|....H.......
0284fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 48 8c 0d
00 ............H...
0284fd44 01 00 00 00 70 05 00 00 - 74 05 00 00 84 05 00
00 ....p...t.......
0284fd54 68 0a c7 b7 80 fd 44 80 - 00 f3 59 81 e0 00 00
00 h.....D...Y.....
0284fd64 00 00 00 00 a8 03 5a 81 - b2 34 49 80 b4 ff 84
02 ......Z..4I.....
0284fd74 fb ab 4f 7c 48 fd 84 02 - 01 00 00 00 00 00 00
00 ..O|H...........
0284fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
0284fd94 b0 fe 84 02 00 00 00 00 - ff ff ff ff 48 8c 0d
00 ............H...
0284fda4 a7 02 2d 7c 00 a0 fa 7f - 90 fd b1 e2 70 0a c7
b7 ..-|........p...
0284fdb4 a0 0b 89 81 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
0284fdc4 23 00 00 00 23 00 00 00 - 00 a0 fa 7f a7 02 2d
7c #...#.........-|
0284fdd4 48 8c 0d 00 00 a0 fa 7f - 4c 00 00 00 fe 21 83
77 H.......L....!.w
0284fde4 f8 ab fa 7f 24 98 4e 7c - 1b 00 00 00 00 02 00
00 ....$.N|........
0284fdf4 fc ff 84 02 23 00 00 00 - 34 0d c7 b7 8c 0b 46
80 ....#...4.....F.
0284fe04 f0 29 40 80 ff ff ff ff - 4c 0b c7 b7 d6 60 4a
80 .)@.....L....`J.
0284fe14 a8 03 5a 81 38 0b c7 b7 - f8 e1 c5 e2 48 d1 8b
81 ..Z.8.......H...
0284fe24 00 00 00 00 0c 0c c7 b7 - 16 67 00 00 10 da 95
81 .........g......
0284fe34 00 07 00 00 4c d1 44 80 - 16 67 00 00 10 da 95
81 ....L.D..g......
0284fe44 16 67 00 00 10 da 95 81 - 01 c6 fd 7f 92 01 00
00 .g..............
0284fe54 f1 da 44 80 92 01 00 00 - 30 f4 59 81 00 c0 fd
7f ..D.....0.Y.....
Application exception occurred:
App: rundll32.exe (pid=852)
When: 10/17/2003 @ 18:03:40.203
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 4
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
424 spoolsv.exe
452 defwatch.exe
468 svchost.exe
500 nslsvice.exe
528 nsl.exe
536 rtvscan.exe
568 regsvc.exe
588 mstask.exe
620 stisvc.exe
688 WinMgmt.exe
700 mspmspsv.exe
712 svchost.exe
1108 explorer.exe
1172 igfxtray.exe
1196 hkcmd.exe
1240 vptray.exe
1012 FINDFAST.exe
1284 OSA.exe
852 rundll32.exe
1028 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(7C4E0000 - 7C599000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78045000)
(782F0000 - 78538000)
(7C2D0000 - 7C332000)
(77D30000 - 77DA1000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B45000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77626000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787E000)
(770C0000 - 770E3000)
(76620000 - 76631000)
(66D20000 - 66D51000)
(773E0000 - 773F5000)
(70200000 - 70295000)
(77440000 - 774B8000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77513000)
(774C0000 - 774D1000)
(75030000 - 75044000)
(75020000 - 75028000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(7C0F0000 - 7C152000)
(75170000 - 751BF000)
(7C340000 - 7C34F000)
(751C0000 - 751C6000)
(75150000 - 7515F000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(10000000 - 10017000)
State Dump for Thread Id 0x2b4
eax=0008110c ebx=01402020 ecx=7117cff8 edx=00000000
esi=0006e59c edi=000003ee
eip=77e12f5c esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e12f3a 0f8540d80200 jne
UnregisterHotKey+0xe89 (77e40780)
77e12f40 33c0 xor eax,eax
77e12f42 c20800 ret 0x8
77e12f45 ff742408 push dword ptr
[esp+0x8] ss:00ae8447=????????
77e12f49 51 push ecx
77e12f4a e8ce1e0000 call GetKeyState+0x9b
(77e14e1d)
77e12f4f ebf1 jmp DrawStateA+0x6e6
(77e1e842)
77e12f51 b89a110000 mov eax,0x119a
77e12f56 8d542404 lea edx,
[esp+0x4] ss:00ae8447=????????
77e12f5a cd2e int 2e
77e12f5c c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 000844A0 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C6 0006F758
comctl32!Ordinal164
0006F7A4 652676BB 00000000 000200B4 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78362E21 000200B4 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78369FB1 0007A220 000200B4 00000005 00000000
shell32!Ordinal652
0006FAE8 7836A237 000200B4 01000000 0007A0F0 00000354
shell32!SHFileOperation
0006FF18 010016EB 000200B4 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 7C4E87F5 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!DosDateTimeToFileTime
*----> Raw Stack Dump <----*
0006e560 86 2f e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ./.w............
0006e570 00 00 00 00 a0 60 09 00 - dc e5 06 00 f8 b2 74
71 .....`........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 ac 61 09 00 a0 60 09 00 - 28 ef 07 00 c4 00 01
00 .a...`..(.......
0006e5a0 00 02 00 00 00 00 00 00 - 21 01 28 01 83 20 01
00 ........!.(.. ..
0006e5b0 b2 01 00 00 df 01 00 00 - fe 00 00 00 00 00 00
00 ................
0006e5c0 00 00 00 00 ff ff ff ff - b8 00 04 00 38 a4 77
71 ............8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - b4 00 02 00 f4 e5 06
00 ./wq............
0006e5e0 17 b5 74 71 a0 44 08 00 - 00 00 00 00 00 00 00
00 ..tq.D..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c6 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 f0 a0 07 00 b4 00 02 00 - 78 01 07 00 78 01 07
00 ........x...x...
0006e620 45 00 00 00 54 2a f9 77 - 40 06 07 00 78 13 07
00 E...T*[email protected]...
0006e630 45 00 00 00 d8 21 07 00 - 28 e6 06 00 00 02 00
00 E....!..(.......
0006e640 e4 e7 06 00 91 81 f9 77 - 98 2a f9 77 ff ff ff
ff .......w.*.w....
0006e650 f4 e7 06 00 5c c3 fc 77 - 78 13 07 00 0a 02 00
00 ....\..wx.......
0006e660 1a 02 00 00 00 00 00 00 - 28 00 00 00 a0 e6 06
00 ........(.......
0006e670 9c e6 06 00 ff ff ff ff - d8 93 e6 77 17 71 f4
77 ...........w.q.w
0006e680 52 00 01 01 20 00 00 00 - 40 00 00 00 78 01 07
00 R... [email protected]...
0006e690 78 01 07 00 78 01 07 00 - 78 01 07 00 30 00 00
00 x...x...x...0...
State Dump for Thread Id 0x204
eax=77d424c2 ebx=0007d9a0 ecx=00084abc edx=00000000
esi=0007f468 edi=00000100
eip=77f839c7 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,
[esp+0x4] ss:016c9d0f=????????
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839cd 8b483c mov ecx,
[eax+0x3c] ds:787bc3a8=????????
77f839d0 f6400801 test byte ptr
[eax+0x8],0x1 ds:787bc3a8=??
77f839d4 7502 jnz
RtlCreateProcessParameters+0xd (77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov
[ebp+0xe4],ecx ss:016c9e5a=????????
77f839db 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839de 668b4038 mov ax,
[eax+0x38] ds:787bc3a9=????
77f839e2 668945e0 mov
[ebp+0xe0],ax ss:016c9e5b=????
77f839e6 668945e2 mov
[ebp+0xe2],ax ss:016c9e5b=????
77f839ea 53 push ebx
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D420D9 77D42528 0007F468 00000000 40084730
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D424DA 0007E1E8 00C4FFEC 7C4E987C 0007D9A0
rpcrt4!NdrConformantArrayMemorySize
00C4FFB4 7C4E987C 0007D9A0 00000000 40084730 0007D9A0
rpcrt4!NdrConformantArrayMemorySize
00C4FFEC 00000000 77D424C2 0007D9A0 00000000 00000000
kernel32!SetThreadExecutionState
*----> Raw Stack Dump <----*
00c4fe28 85 22 d4 77 00 01 00 00 - 54 ff c4 00 00 00 00
00 .".w....T.......
00c4fe38 00 7d 09 00 58 ff c4 00 - 00 09 08 00 e8 e1 07
00 .}..X...........
00c4fe48 a0 d9 07 00 50 87 89 81 - 50 87 89 81 00 00 00
00 ....P...P.......
00c4fe58 01 00 00 00 b0 eb 6a b7 - 00 00 00 00 38 0d 36
e3 ......j.....8.6.
00c4fe68 74 eb 6a b7 00 00 00 00 - 63 53 41 80 50 88 89
81 t.j.....cSA.P...
00c4fe78 e0 51 89 81 64 ec 6a b7 - 7a 0d 45 80 04 00 00
00 .Q..d.j.z.E.....
00c4fe88 88 95 45 81 24 4f 4a 80 - 80 f3 06 00 00 00 00
00 ..E.$OJ.........
00c4fe98 48 f3 06 00 7b 25 02 00 - 00 00 00 00 00 00 00
00 H...{%..........
00c4fea8 01 00 00 00 19 00 02 00 - 00 00 00 00 19 00 02
00 ................
00c4feb8 00 00 00 00 00 00 00 00 - 00 00 00 00 54 03 00
00 ............T...
00c4fec8 00 00 00 00 08 ec 6a b7 - 00 00 00 00 00 00 00
00 ......j.........
00c4fed8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c4fee8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c4fef8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c4ff08 87 00 00 00 86 00 00 00 - 00 20 50 c0 19 00 02
00 ......... P.....
00c4ff18 06 00 02 00 63 00 00 00 - 3f 00 0f 00 01 00 00
00 ....c...?.......
00c4ff28 00 20 50 c0 80 a3 40 81 - e0 89 40 81 00 00 00
00 . P...@...@.....
00c4ff38 e0 89 40 81 70 8b 40 81 - 64 ec 6a b7 41 df 42
80 [email protected][email protected].
00c4ff48 f2 de 42 80 d4 4b 06 80 - 40 8b 40 81 e0 89 40
81 ..B..K..@.@...@.
00c4ff58 00 a2 2f 4d ff ff ff ff - 50 fe c4 00 ff ff ff
ff ../M....P.......
State Dump for Thread Id 0x334
eax=00cff27c ebx=00cff26c ecx=00000002 edx=000d4b48
esi=00000000 edi=000d4b48
eip=70dcf39f esp=00cff214 ebp=00cff224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:0177910a=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:01779163=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000d4b48=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:0177910a=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000d4b48=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:0177910a=????????
70dcf3a4 8908 mov
[eax],ecx ds:00cff27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:0177910a=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:0177910a=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:01779162=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:01779162=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00CFF224 702BE5B6 000B4BCC 0000000E 00CFF27C 000D4B48 !
DllGetClassObject
00CFF248 10001B67 00088B58 0000000E 00CFF27C 00000001 !
RegisterFormatEnumerator
00CFF2C0 702B6223 00000000 000B9760 00088CF8 00000000 !
<nosymbols>
00CFF2E8 702D1A5A 00088B50 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
00CFF318 702BA988 00088B50 00000016 000B9760 702BA95D !
DllGetClassObject
00CFF354 702C59C3 00000016 00CFF5C0 00000000 000D5FB8 !
CoInternetQueryInfo
00CFF7D0 702BB3AF 00000000 000D5FB8 000D5FC8 702BB372 !
FindMediaTypeClass
00CFF7FC 702B8EF8 00000000 000D23B8 00088B50 00088B58 !
IsAsyncMoniker
00CFF824 702B7DA6 00088CF8 000D23B8 00088B50 00088B58 !
FindMediaType
00CFF86C 70D495F1 00088B50 000D23B8 000B4BEC 00000000 !
CreateAsyncBindCtxEx
00CFFAC0 70D4943E 000D23B8 873F0000 00CFFBE4 01051EE0 !
DllGetClassObject
00CFFADC 70D493A1 00CFFBE4 01051EF4 873F0000 01051EE0 !
DllGetClassObject
00CFFB00 70D4E77C 00CFFBE4 01051C40 00001FDD 873F0000 !
DllGetClassObject
00CFFB50 70D4AB9F 01051690 01051C40 00000000 00000000 !
DllGetClassObject
00CFFB74 70D4AAC1 01051DC0 00000001 00000000 00CFFBE4 !
DllGetClassObject
00CFFBCC 70D50AF3 01051DC0 00000000 10000000 000D70B0 !
DllGetClassObject
00CFFCE4 00000000 00400000 01051360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
00cff214 00 00 00 00 7c f2 cf 00 - fc 8c 08 00 00 00 00
00 ....|...........
00cff224 48 f2 cf 00 b6 e5 2b 70 - cc 4b 0b 00 0e 00 00
00 H.....+p.K......
00cff234 7c f2 cf 00 48 4b 0d 00 - 6c f2 cf 00 00 00 00
00 |...HK..l.......
00cff244 4c 00 6f 01 c0 f2 cf 00 - 67 1b 00 10 58 8b 08
00 L.o.....g...X...
00cff254 0e 00 00 00 7c f2 cf 00 - 01 00 00 00 6c f2 cf
00 ....|.......l...
00cff264 58 8b 08 00 0d 30 2c 70 - 00 00 00 00 60 97 0b
00 X....0,p....`...
00cff274 fc 8c 08 00 58 8b 08 00 - 06 00 00 00 90 f2 cf
00 ....X...........
00cff284 fc 8c 08 00 00 00 00 00 - 50 8b 08 00 14 00 00
00 ........P.......
00cff294 00 00 00 00 f8 8c 08 00 - 00 00 00 00 00 00 00
00 ................
00cff2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
00cff2b4 50 00 6f 01 d0 6f 0d 00 - 4c 00 6f 01 e8 f2 cf
00 P.o..o..L.o.....
00cff2c4 23 62 2b 70 00 00 00 00 - 60 97 0b 00 f8 8c 08
00 #b+p....`.......
00cff2d4 00 00 00 00 00 00 00 00 - 50 8b 08 00 00 00 00
00 ........P.......
00cff2e4 00 00 00 00 18 f3 cf 00 - 5a 1a 2d 70 50 8b 08
00 ........Z.-pP...
00cff2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00cff304 60 97 0b 00 00 00 00 00 - 00 00 00 00 74 60 0d
00 `...........t`..
00cff314 b8 5f 0d 00 54 f3 cf 00 - 88 a9 2b 70 50 8b 08
00 ._..T.....+pP...
00cff324 16 00 00 00 60 97 0b 00 - 5d a9 2b 70 78 65 0d
00 ....`...].+pxe..
00cff334 16 00 00 00 60 97 0b 00 - 04 01 00 00 b8 5f 0d
00 ....`........_..
00cff344 00 00 00 00 01 00 00 00 - 05 40 00 80 60 97 0b
00 .........@..`...
State Dump for Thread Id 0x2a0
eax=016e0020 ebx=00000002 ecx=00000008 edx=00000000
esi=77f93233 edi=00000002
eip=77f9323e esp=00d3fe5c ebp=00d3fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:017b9d43=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3FEA8 77E13990 00D3FE80 00000001 00000000 00D3FEA0
ntdll!NtWaitForMultipleObjects
00D3FF04 77E13A5C 00D3FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D3FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D3FF74 70C1AB1B 00D3FFA0 00D3FFA4 00D3FFA8 00D3FF9C !
Ordinal265
00D3FFAC 70C1ACDF 00000000 7C4E987C 00000000 00000000 !
Ordinal293
00D3FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x538
eax=778321fe ebx=00000003 ecx=0000004c edx=00000000
esi=77f93233 edi=00000003
eip=77f9323e esp=0168fd24 ebp=0168fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:02109c0b=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0168FD70 7C4FABFB 0168FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0168FFB4 7C4E987C 00000004 7FFDC000 7C2D02A7 000D4450
kernel32!WaitForMultipleObjects
0168FFEC 00000000 778321FE 000D4450 00000000 00000001
kernel32!SetThreadExecutionState
*----> Raw Stack Dump <----*
0168fd24 d7 bd 4e 7c 03 00 00 00 - 48 fd 68 01 01 00 00
00 ..N|....H.h.....
0168fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 50 44 0d
00 ............PD..
0168fd44 01 00 00 00 d4 01 00 00 - d8 01 00 00 e8 01 00
00 ................
0168fd54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0168fd64 00 00 00 00 00 00 00 00 - 00 00 00 00 b4 ff 68
01 ..............h.
0168fd74 fb ab 4f 7c 48 fd 68 01 - 01 00 00 00 00 00 00
00 ..O|H.h.........
0168fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
0168fd94 b0 fe 68 01 00 00 00 00 - ff ff ff ff 50 44 0d
00 ..h.........PD..
0168fda4 a7 02 2d 7c 00 c0 fd 7f - 00 00 00 00 00 00 00
00 ..-|............
0168fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
0168fdc4 23 00 00 00 23 00 00 00 - 00 c0 fd 7f a7 02 2d
7c #...#.........-|
0168fdd4 50 44 0d 00 00 c0 fd 7f - 4c 00 00 00 fe 21 83
77 PD......L....!.w
0168fde4 f8 cb fd 7f 24 98 4e 7c - 1b 00 00 00 00 02 00
00 ....$.N|........
0168fdf4 fc ff 68 01 23 00 00 00 - 00 00 00 00 00 00 00
00 ..h.#...........
0168fe04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0168fe14 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0168fe24 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0168fe34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0168fe44 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0168fe54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
Application exception occurred:
App: rundll32.exe (pid=544)
When: 10/20/2003 @ 07:30:10.546
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 smss.exe
172 csrss.exe
192 winlogon.exe
220 services.exe
232 lsass.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
572 regsvc.exe
592 mstask.exe
620 stisvc.exe
684 winmgmt.exe
712 mspmspsv.exe
724 svchost.exe
1040 explorer.exe
1148 igfxtray.exe
1176 hkcmd.exe
1224 vptray.exe
1264 FINDFAST.exe
1272 OSA.exe
544 rundll32.exe
100 drwtsn32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77DA1000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B45000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(66D20000 - 66D51000)
(773E0000 - 773F5000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(75030000 - 75043000)
(75020000 - 75028000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(10000000 - 10017000)
State Dump for Thread Id 0x330
eax=000021ff ebx=01402020 ecx=00000000 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 00084490 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 000300C8 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 000300C8 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A218 000300C8 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 000300C8 01000000 0007A0E8 00000220
shell32!SHFileOperationA
0006FF18 010016EB 000300C8 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 28 47 09 00 - dc e5 06 00 f8 b2 74
71 ....(G........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 34 48 09 00 28 47 09 00 - 20 ef 07 00 f2 00 02
00 4H..(G.. .......
0006e5a0 00 02 00 00 00 00 00 00 - fc 00 d2 00 f2 f0 01
00 ................
0006e5b0 4b 01 00 00 47 01 00 00 - fe 00 00 00 00 00 00
00 K...G...........
0006e5c0 00 00 00 00 ff ff ff ff - c6 00 05 00 38 a4 77
71 ............8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - c8 00 03 00 f4 e5 06
00 ./wq............
0006e5e0 17 b5 74 71 90 44 08 00 - 00 00 00 00 00 00 00
00 ..tq.D..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 e8 a0 07 00 c8 00 03 00 - 78 01 07 00 78 01 07
00 ........x...x...
0006e620 ea 01 01 39 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 52 00 01 01 20 00 00 00 - 40 00 00 00 02 00 00
00 R... ...@.......
0006e690 00 00 66 00 80 92 e6 77 - 40 00 00 00 30 00 00
00 [email protected]...
State Dump for Thread Id 0x78
eax=77d424c2 ebx=0007d998 ecx=00084aac edx=00000000
esi=0007f460 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D420D9 77D42528 0007F460 00000000 40084720
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D424DA 0007E1E0 00C4FFEC 77E887DD 0007D998
rpcrt4!NdrConformantArrayMemorySize
00C4FFB4 77E887DD 0007D998 00000000 40084720 0007D998
rpcrt4!NdrConformantArrayMemorySize
00C4FFEC 00000000 77D424C2 0007D998 00000000 00000000
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
00c4fe28 85 22 d4 77 04 01 00 00 - 54 ff c4 00 00 00 00
00 .".w....T.......
00c4fe38 c8 8d 09 00 58 ff c4 00 - f8 08 08 00 e0 e1 07
00 ....X...........
00c4fe48 98 d9 07 00 50 87 89 81 - 50 87 89 81 00 00 00
00 ....P...P.......
00c4fe58 01 00 00 00 b0 fb 36 b7 - 00 00 00 00 78 15 3c
e3 ......6.....x.<.
00c4fe68 74 fb 36 b7 00 00 00 00 - 72 4f 41 80 50 88 89
81 t.6.....rOA.P...
00c4fe78 e0 51 89 81 64 fc 36 b7 - ca 08 45 80 04 00 00
00 .Q..d.6...E.....
00c4fe88 08 e0 3e 81 66 41 4a 80 - 80 f3 06 00 00 00 00
00 ..>.fAJ.........
00c4fe98 48 f3 06 00 49 15 03 00 - 00 00 00 00 00 00 00
00 H...I...........
00c4fea8 01 00 00 00 19 00 02 00 - 00 00 00 00 19 00 02
00 ................
00c4feb8 00 00 00 00 00 00 00 00 - 00 00 00 00 20 02 00
00 ............ ...
00c4fec8 00 00 00 00 08 fc 36 b7 - 00 00 00 00 00 00 00
00 ......6.........
00c4fed8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c4fee8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c4fef8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c4ff08 00 00 00 00 5c 28 50 c0 - 7c 00 00 00 00 20 50
c0 ....\(P.|.... P.
00c4ff18 06 00 02 00 19 00 02 00 - 7c 00 00 00 01 00 00
00 ........|.......
00c4ff28 00 20 50 c0 e0 46 3d 81 - a0 4d 3d 81 00 00 00
00 . P..F=..M=.....
00c4ff38 a0 4d 3d 81 30 4f 3d 81 - 64 fc 36 b7 f3 da 42
80 .M=.0O=.d.6...B.
00c4ff48 a4 da 42 80 d4 4b 06 80 - 00 4f 3d 81 a0 4d 3d
81 ..B..K...O=..M=.
00c4ff58 00 a2 2f 4d ff ff ff ff - 50 fe c4 00 ff ff ff
ff ../M....P.......
State Dump for Thread Id 0x528
eax=014a0020 ebx=00000002 ecx=00000008 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00cffe5c ebp=00cffea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0177d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00CFFEA8 77E12A00 00CFFE80 00000001 00000000 00CFFEA0
ntdll!NtWaitForMultipleObjects
00CFFF04 77E12A77 00CFFED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00CFFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00CFFF74 70C1AB1B 00CFFFA0 00CFFFA4 00CFFFA8 00CFFF9C !
Ordinal265
00CFFFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00CFFFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x358
eax=00d3f27c ebx=00d3f26c ecx=00000002 edx=000d4b68
esi=00000000 edi=000d4b68
eip=70dcf39f esp=00d3f214 ebp=00d3f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:017bc7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:017bc84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000d4b68=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:017bc7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000d4b68=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:017bc7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:00d3f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:017bc7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:017bc7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:017bc84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:017bc84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3F224 702BE5B6 000B4B34 0000000E 00D3F27C 000D4B68 !
DllGetClassObject
00D3F248 10001B67 00088B48 0000000E 00D3F27C 00000001 !
RegisterFormatEnumerator
00D3F2C0 702B6223 00000000 000B9858 00088CE8 00000000 !
<nosymbols>
00D3F2E8 702D1A5A 00088B40 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
00D3F318 702BA988 00088B40 00000016 000B9858 702BA95D !
DllGetClassObject
00D3F354 702C59C3 00000016 00D3F5C0 00000000 000D5D48 !
CoInternetQueryInfo
00D3F7D0 702BB3AF 00000000 000D5D48 000D5D58 702BB372 !
FindMediaTypeClass
00D3F7FC 702B8EF8 00000000 000D22E0 00088B40 00088B48 !
IsAsyncMoniker
00D3F824 702B7DA6 00088CE8 000D22E0 00088B40 00088B48 !
FindMediaType
00D3F86C 70D495F1 00088B40 000D22E0 000B4B54 00000000 !
CreateAsyncBindCtxEx
00D3FAC0 70D4943E 000D22E0 873F0000 00D3FBE4 01051EE0 !
DllGetClassObject
00D3FADC 70D493A1 00D3FBE4 01051EF4 873F0000 01051EE0 !
DllGetClassObject
00D3FB00 70D4E77C 00D3FBE4 01051C40 00001FDD 873F0000 !
DllGetClassObject
00D3FB50 70D4AB9F 01051690 01051C40 00000000 00000000 !
DllGetClassObject
00D3FB74 70D4AAC1 01051DC0 00000001 00000000 00D3FBE4 !
DllGetClassObject
00D3FBCC 70D50AF3 01051DC0 00000000 10000000 000D7018 !
DllGetClassObject
00D3FCE4 00000000 00400000 01051360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
00d3f214 00 00 00 00 7c f2 d3 00 - ec 8c 08 00 00 00 00
00 ....|...........
00d3f224 48 f2 d3 00 b6 e5 2b 70 - 34 4b 0b 00 0e 00 00
00 H.....+p4K......
00d3f234 7c f2 d3 00 68 4b 0d 00 - 6c f2 d3 00 00 00 00
00 |...hK..l.......
00d3f244 4c 00 6f 01 c0 f2 d3 00 - 67 1b 00 10 48 8b 08
00 L.o.....g...H...
00d3f254 0e 00 00 00 7c f2 d3 00 - 01 00 00 00 6c f2 d3
00 ....|.......l...
00d3f264 48 8b 08 00 0d 30 2c 70 - 00 00 00 00 58 98 0b
00 H....0,p....X...
00d3f274 ec 8c 08 00 48 8b 08 00 - 06 00 00 00 90 f2 d3
00 ....H...........
00d3f284 ec 8c 08 00 00 00 00 00 - 40 8b 08 00 14 00 00
00 ........@.......
00d3f294 00 00 00 00 e8 8c 08 00 - 00 00 00 00 00 00 00
00 ................
00d3f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
00d3f2b4 50 00 6f 01 38 6f 0d 00 - 4c 00 6f 01 e8 f2 d3
00 P.o.8o..L.o.....
00d3f2c4 23 62 2b 70 00 00 00 00 - 58 98 0b 00 e8 8c 08
00 #b+p....X.......
00d3f2d4 00 00 00 00 00 00 00 00 - 40 8b 08 00 00 00 00
00 ........@.......
00d3f2e4 00 00 00 00 18 f3 d3 00 - 5a 1a 2d 70 40 8b 08
00 ........Z.-p@...
00d3f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00d3f304 58 98 0b 00 00 00 00 00 - 00 00 00 00 04 5e 0d
00 X............^..
00d3f314 48 5d 0d 00 54 f3 d3 00 - 88 a9 2b 70 40 8b 08
00 H]..T.....+p@...
00d3f324 16 00 00 00 58 98 0b 00 - 5d a9 2b 70 08 63 0d
00 ....X...].+p.c..
00d3f334 16 00 00 00 58 98 0b 00 - 04 01 00 00 48 5d 0d
00 ....X.......H]..
00d3f344 00 00 00 00 01 00 00 00 - 05 40 00 80 58 98 0b
00 [email protected]...
State Dump for Thread Id 0x2f0
eax=778321fe ebx=00000003 ecx=7ffdb000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=0168fd24 ebp=0168fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0210d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0168FD70 77E8A31D 0168FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0168FFB4 77E887DD 00000004 000D4364 7FFDB000 000D4370
kernel32!WaitForMultipleObjects
0168FFEC 00000000 778321FE 000D4370 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0168fd24 b7 7a e8 77 03 00 00 00 - 48 fd 68 01 01 00 00
00 .z.w....H.h.....
0168fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 70 43 0d
00 ............pC..
0168fd44 01 00 00 00 d0 01 00 00 - d4 01 00 00 e4 01 00
00 ................
0168fd54 00 00 00 00 a0 1d 3a 81 - 90 fa 41 80 e8 a3 3c
81 ......:...A...<.
0168fd64 48 22 3a 81 01 00 00 00 - 01 00 00 00 b4 ff 68
01 H":...........h.
0168fd74 1d a3 e8 77 48 fd 68 01 - 01 00 00 00 00 00 00
00 ...wH.h.........
0168fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
0168fd94 b0 fe 68 01 00 00 00 00 - ff ff ff ff 70 43 0d
00 ..h.........pC..
0168fda4 00 b0 fd 7f 64 43 0d 00 - 00 00 00 00 38 00 00
00 ....dC......8...
0168fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
0168fdc4 23 00 00 00 23 00 00 00 - 64 43 0d 00 00 b0 fd
7f #...#...dC......
0168fdd4 70 43 0d 00 00 b0 fd 7f - 00 b0 fd 7f fe 21 83
77 pC...........!.w
0168fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
0168fdf4 fc ff 68 01 23 00 00 00 - 28 2c 51 81 a6 24 49
80 ..h.#...(,Q..$I.
0168fe04 28 2c 51 81 2c 02 00 00 - 40 6a 89 81 03 00 1f
00 (,Q.,...@j......
0168fe14 88 16 3a 81 40 6a 89 81 - a0 16 3a 81 88 16 3a
81 ..:.@j....:...:.
0168fe24 31 5b 00 00 98 bc 94 81 - 00 07 00 00 ae cc 44
80 1[............D.
0168fe34 31 5b 00 00 98 bc 94 81 - 31 5b 00 00 98 bc 94
81 1[......1[......
0168fe44 01 72 fd 7f 79 0a 00 00 - 41 d6 44 80 79 0a 00
00 .r..y...A.D.y...
0168fe54 f0 0b 33 81 00 70 fd 7f - fc 07 30 c0 00 00 00
00 ..3..p....0.....
Application exception occurred:
App: taskmgr.exe (pid=1304)
When: 10/22/2003 @ 14:14:07.140
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 4
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
400 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
544 rtvscan.exe
576 regsvc.exe
596 mstask.exe
644 stisvc.exe
696 WinMgmt.exe
712 mspmspsv.exe
724 svchost.exe
1224 igfxtray.exe
1240 hkcmd.exe
1276 vptray.exe
1284 FINDFAST.exe
1316 OSA.exe
1068 ipmsg2.02.exe
1056 nlnotes.exe
1168 naldaemn.exe
700 nhldaemn.exe
1432 explorer.exe
1304 TASKMGR.exe
656 IEXPLORE.exe
1048 NTVDM.exe
1520 DRWTSN32.exe
0 _Total.exe
(01000000 - 01018000)
(77F80000 - 77FFB000)
(77F40000 - 77F7C000)
(7C4E0000 - 7C599000)
(77E10000 - 77E75000)
(7C2D0000 - 7C332000)
(77D30000 - 77DA1000)
(71710000 - 71794000)
(782F0000 - 78538000)
(63180000 - 631E5000)
(78000000 - 78045000)
(66390000 - 6639B000)
(65780000 - 6578D000)
(66640000 - 6664A000)
(77530000 - 77552000)
(77880000 - 7790E000)
(7C0F0000 - 7C152000)
(75170000 - 751BF000)
(7C340000 - 7C34F000)
(751C0000 - 751C6000)
(75150000 - 7515F000)
(75030000 - 75044000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
State Dump for Thread Id 0x540
eax=ffffffff ebx=00000000 ecx=00000002 edx=00120007
esi=00000001 edi=00081220
eip=7c4ee38e esp=0006f480 ebp=0006f4e8 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: CompareStringW
7c4ee370 8b7d18 mov edi,
[ebp+0x18] ss:00ae93ce=????????
7c4ee373 33db xor ebx,ebx
7c4ee375 895508 mov
[ebp+0x8],edx ss:00ae93ce=????????
7c4ee378 3bd3 cmp edx,ebx
7c4ee37a 897d1c mov
[ebp+0x1c],edi ss:00ae93ce=????????
7c4ee37d 0f84f54f0100 je
WriteProfileStringA+0x25 (7c503378)
7c4ee383 3bfb cmp edi,ebx
7c4ee385 0f84ed4f0100 je
WriteProfileStringA+0x25 (7c503378)
7c4ee38b 6a02 push 0x2
7c4ee38d 59 pop ecx
FAULT ->7c4ee38e 668b02 mov ax,
[edx] ds:00120007=????
7c4ee391 663b07 cmp ax,
[edi] ds:00081220=0043
7c4ee394 0f84edb4ffff je
SetThreadExecutionState+0x232 (7c4e9887)
7c4ee39a 668b02 mov ax,
[edx] ds:00120007=????
7c4ee39d 663b07 cmp ax,
[edi] ds:00081220=0043
7c4ee3a0 0f8417cdffff je
GetStdHandle+0x1b0 (7c4eb0bd)
7c4ee3a6 8b4ddc mov ecx,
[ebp+0xdc] ss:00ae93ce=????????
7c4ee3a9 895dc8 mov
[ebp+0xc8],ebx ss:00ae93ce=????????
7c4ee3ac f7de neg esi
7c4ee3ae 1bf6 sbb esi,esi
7c4ee3b0 33c0 xor eax,eax
7c4ee3b2 81e6000000e8 and esi,0xe8000000
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006F4E8 7C4FA1AA 00120007 00000001 00120007 FFFFFFFF
kernel32!CompareStringW
00000021 00000000 00000000 00000000 00000000 00000000
kernel32!lstrcmpiW
*----> Raw Stack Dump <----*
0006f480 07 00 12 00 78 11 08 00 - 20 12 08 00 00 00 07
00 ....x... .......
0006f490 00 00 07 00 00 00 07 00 - 07 00 00 00 01 00 00
00 ................
0006f4a0 00 00 00 00 08 00 00 00 - 04 00 1d 00 ff ff ff
e7 ................
0006f4b0 00 00 00 00 00 00 00 00 - 48 0e 02 02 00 00 00
00 ........H.......
0006f4c0 f8 17 08 00 f8 45 07 00 - 40 62 08 00 30 00 00
00 [email protected]...
0006f4d0 40 00 00 00 6c f3 06 00 - 0c 00 00 00 f4 fa 06
00 @...l...........
0006f4e0 91 81 f9 77 c0 21 f9 77 - 21 00 00 00 aa a1 4f
7c ...w.!.w!.....O|
0006f4f0 07 00 12 00 01 00 00 00 - 07 00 12 00 ff ff ff
ff ................
0006f500 20 12 08 00 20 12 08 00 - 10 2a 08 00 00 00 00
00 ... ....*......
0006f510 3e 63 00 01 07 00 12 00 - 20 12 08 00 00 00 00
00 >c...... .......
0006f520 e0 33 08 00 0d 00 00 00 - 6e 67 00 01 78 11 08
00 .3......ng..x...
0006f530 e0 33 08 00 dc 43 07 00 - 0d 00 00 00 56 68 00
01 .3...C......Vh..
0006f540 e0 33 08 00 70 7b 08 00 - 21 00 00 00 58 22 08
00 .3..p{..!...X"..
0006f550 94 f7 06 00 dc 43 07 00 - e0 33 08 00 48 79 00
01 .....C...3..Hy..
0006f560 dc 43 07 00 54 03 30 00 - d0 43 07 00 54 03 30
00 .C..T.0..C..T.0.
0006f570 02 af b2 5d 25 00 00 00 - 1e 9d 05 c3 00 00 00
00 ...]%...........
0006f580 41 93 32 a9 00 00 00 00 - 55 15 f1 44 01 00 00
00 A.2.....U..D....
0006f590 e5 94 0b 00 d2 ed 01 00 - 36 ec 18 00 00 8b 00
00 ........6.......
0006f5a0 51 9c 00 00 6c 68 02 00 - 54 d5 00 00 88 f5 2c
00 Q...lh..T.....,.
0006f5b0 fd 72 00 00 5b 37 0a 00 - 00 00 00 00 ef 4c 0c
00 .r..[7.......L..
State Dump for Thread Id 0x470
eax=00000000 ebx=77f89134 ecx=ffffffff edx=00000000
esi=006eff9c edi=0100dca8
eip=77e12f5c esp=006eff5c ebp=006eff74 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e12f3a 0f8540d80200 jne
UnregisterHotKey+0xe89 (77e40780)
77e12f40 33c0 xor eax,eax
77e12f42 c20800 ret 0x8
77e12f45 ff742408 push dword ptr
[esp+0x8] ss:01169e43=????????
77e12f49 51 push ecx
77e12f4a e8ce1e0000 call GetKeyState+0x9b
(77e14e1d)
77e12f4f ebf1 jmp DrawStateA+0x6e6
(77e1e842)
77e12f51 b89a110000 mov eax,0x119a
77e12f56 8d542404 lea edx,
[esp+0x4] ss:01169e43=????????
77e12f5a cd2e int 2e
77e12f5c c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
006EFF74 0100B070 006EFF9C 00000000 00000000 00000000
user32!TranslateMessageEx
00000000 00000000 00000000 00000000 00000000 00000000
taskmgr!<nosymbols>
State Dump for Thread Id 0x198
eax=00000001 ebx=00000000 ecx=01010101 edx=00000000
esi=77f94086 edi=00000094
eip=77f94091 esp=0075ff6c ebp=0075ff90 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: ZwWaitForSingleObject
77f94086 b8ea000000 mov eax,0xea
77f9408b 8d542404 lea edx,
[esp+0x4] ss:011d9e53=????????
77f9408f cd2e int 2e
77f94091 c20c00 ret 0xc
77f94094 8a5001 mov dl,
[eax+0x1] ds:00a79ee7=??
77f94097 3a5101 cmp dl,
[ecx+0x1] ds:01a89fe7=??
77f9409a 0f8598c7ffff jne
RtlEqualPrefixSid+0x44 (77f90838)
77f940a0 84d2 test dl,dl
77f940a2 7410 jz
RtlQueryAtomInAtomTable+0x31 (77f94fb4)
77f940a4 0fb6d2 movzx edx,dl
77f940a7 33ff xor edi,edi
77f940a9 8d72ff lea esi,
[edx+0xff] ds:00a79ee6=????????
77f940ac 85f6 test esi,esi
77f940ae 0f8f04100100 jnle
RtlEraseUnicodeString+0x4e (77fa50b8)
77f940b4 b001 mov al,0x1
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0075FF90 7C4F1B1B 00000094 FFFFFFFF 00000000 01009D29
ntdll!ZwWaitForSingleObject
0075FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!WaitForSingleObject
Application exception occurred:
App: explorer.exe (pid=548)
When: 10/27/2003 @ 09:27:15.640
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 4
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
400 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
544 rtvscan.exe
576 regsvc.exe
596 mstask.exe
648 stisvc.exe
700 WinMgmt.exe
712 mspmspsv.exe
724 svchost.exe
548 explorer.exe
1004 igfxtray.exe
1216 hkcmd.exe
1244 vptray.exe
1284 FINDFAST.exe
1232 OSA.exe
1264 VB6.exe
1048 ipmsg2.02.exe
1300 nlnotes.exe
1324 naldaemn.exe
1332 nhldaemn.exe
1360 DRWTSN32.exe
0 _Total.exe
(00400000 - 0043E000)
(77F80000 - 77FFB000)
(7C2D0000 - 7C332000)
(7C4E0000 - 7C599000)
(77D30000 - 77DA1000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(63180000 - 631E5000)
(78000000 - 78045000)
(71710000 - 71794000)
(732E0000 - 73305000)
(23000000 - 23056000)
(782F0000 - 78538000)
(77A50000 - 77B47000)
(775A0000 - 77626000)
(779B0000 - 77A4B000)
(77840000 - 7787E000)
(770C0000 - 770E3000)
(00E10000 - 00F59000)
(71160000 - 7125D000)
(7C0F0000 - 7C152000)
(76DF0000 - 76E01000)
(76620000 - 76631000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(75170000 - 751BF000)
(7C340000 - 7C34F000)
(751C0000 - 751C6000)
(75150000 - 7515F000)
(75030000 - 75044000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(75160000 - 7516C000)
(75210000 - 75225000)
(751D0000 - 75208000)
(76F20000 - 76F97000)
(70340000 - 70381000)
(766D0000 - 766E8000)
(76740000 - 76748000)
(77880000 - 7790E000)
(766F0000 - 766F7000)
(77570000 - 775A0000)
(01290000 - 01494000)
(77560000 - 77568000)
(77400000 - 77408000)
(77410000 - 77423000)
(76290000 - 762CB000)
(6DE80000 - 6DEE4000)
(770B0000 - 770B7000)
(76B30000 - 76B6E000)
(76710000 - 76719000)
(70200000 - 70295000)
(77440000 - 774B8000)
(77430000 - 77440000)
(71960000 - 71972000)
(71F00000 - 71F4D000)
(6A8F0000 - 6A910000)
(74870000 - 74886000)
(70020000 - 70025000)
(1A400000 - 1A47A000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(70440000 - 704CF000)
(63580000 - 63830000)
(718C0000 - 71944000)
(75AC0000 - 75AE8000)
(658F0000 - 65A04000)
(70510000 - 7051A000)
(70F30000 - 70F9E000)
(75E60000 - 75E7A000)
(66650000 - 666A4000)
(66D20000 - 66D51000)
(774E0000 - 77513000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(10000000 - 10017000)
State Dump for Thread Id 0x3f4
eax=000021ff ebx=00000001 ecx=00000000 edx=00000000
esi=00092a60 edi=00000000
eip=77e13569 esp=0006ff00 ebp=0006ff1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1355e b836120000 mov eax,0x1236
77e13563 8d542404 lea edx,
[esp+0x4] ss:00ae9de7=????????
77e13567 cd2e int 2e
77e13569 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006FF1C 7831ADBB 00000000 004084C4 00092A60 00000000
user32!WaitMessage
0006FF60 00408201 0000005C 00000000 00020656 00000001
shell32!Ordinal201
0006FFC0 7C4E87F5 00000000 00000000 7FFDF000 00000000
explorer!<nosymbols>
0006FFF0 00000000 00408188 00000000 000000C8 00000100
kernel32!DosDateTimeToFileTime
*----> Raw Stack Dump <----*
0006ff00 41 ae 31 78 94 55 4f 7c - 60 2a 09 00 01 00 00
00 A.1x.UO|`*......
0006ff10 60 2a 09 00 60 2a 09 00 - 60 ff 06 00 60 ff 06
00 `*..`*..`...`...
0006ff20 bb ad 31 78 00 00 00 00 - c4 84 40 00 60 2a 09
00 ..1x......@.`*..
0006ff30 00 00 00 00 56 06 02 00 - 00 f0 fd 7f 70 9c 3e
81 ....V.......p.>.
0006ff40 92 ab 4f 7c ff ff ff ff - 0c 00 00 00 56 06 02
00 ..O|........V...
0006ff50 d5 ab 4f 7c 02 00 00 00 - 93 eb 01 00 e0 ff 06
00 ..O|............
0006ff60 c0 ff 06 00 01 82 40 00 - 5c 00 00 00 00 00 00
00 ......@.\.......
0006ff70 56 06 02 00 01 00 00 00 - 00 00 00 00 44 00 00
00 V...........D...
0006ff80 50 62 07 00 40 44 07 00 - 70 62 07 00 00 00 00
00 [email protected]......
0006ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 98 e9 06
00 ................
0006ffa0 60 9e 07 00 90 e9 06 00 - 01 00 00 00 01 00 00
00 `...............
0006ffb0 00 00 00 00 ff ff ff ff - ff ff ff ff ff ff ff
ff ................
0006ffc0 f0 ff 06 00 f5 87 4e 7c - 00 00 00 00 00 00 00
00 ......N|........
0006ffd0 00 f0 fd 7f 00 00 00 00 - c8 ff 06 00 00 00 00
00 ................
0006ffe0 ff ff ff ff b4 f0 4f 7c - c8 8e 4e 7c 00 00 00
00 ......O|..N|....
0006fff0 00 00 00 00 00 00 00 00 - 88 81 40 00 00 00 00
00 ..........@.....
00070000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 00 00
00 ................
00070010 00 00 00 00 00 fe 00 00 - 00 00 10 00 00 20 00
00 ............. ..
00070020 00 02 00 00 00 20 00 00 - 49 10 00 00 ff ef fd
7f ..... ..I.......
00070030 01 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x488
eax=00dcfcfc ebx=80030001 ecx=000a3a00 edx=00000000
esi=00086580 edi=00000100
eip=77f839c7 esp=00dcfe28 ebp=00dcff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,
[esp+0x4] ss:01849d0f=????????
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839cd 8b483c mov ecx,
[eax+0x3c] ds:01849be2=????????
77f839d0 f6400801 test byte ptr
[eax+0x8],0x1 ds:01849be2=??
77f839d4 7502 jnz
RtlCreateProcessParameters+0xd (77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov
[ebp+0xe4],ecx ss:01849e5a=????????
77f839db 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839de 668b4038 mov ax,
[eax+0x38] ds:01849be3=????
77f839e2 668945e0 mov
[ebp+0xe0],ax ss:01849e5b=????
77f839e6 668945e2 mov
[ebp+0xe2],ax ss:01849e5b=????
77f839ea 53 push ebx
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00DCFF74 77D3D9DB 77D3DDED 00086580 40086078 00000070
ntdll!NtReplyWaitReceivePortEx
00DCFFA8 77D3DD0B 00079398 00DCFFEC 7C4E987C 000866B0
rpcrt4!RpcBindingSetOption
00DCFFB4 7C4E987C 000866B0 40086078 00000070 000866B0
rpcrt4!RpcBindingSetOption
00DCFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x420
eax=00486f70 ebx=00000000 ecx=00231f50 edx=00000000
esi=00000000 edi=00000000
eip=77e13569 esp=00f9ff2c ebp=00f9ff4c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1355e b836120000 mov eax,0x1236
77e13563 8d542404 lea edx,
[esp+0x4] ss:01a19e13=adf00d0b
77e13567 cd2e int 2e
77e13569 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00F9FF4C 0040A389 631BC487 00400000 0035002D 0032002D
user32!WaitMessage
00F9FFB4 7C4E987C 00000000 0035002D 0032002D 0006FEE0
explorer!<nosymbols>
00F9FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x41c
eax=00000000 ebx=00000008 ecx=78302228 edx=00000000
esi=77f93233 edi=00000008
eip=77f9323e esp=00fefd98 ebp=00fefde4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:01a69c7f=4c52550b
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00FEFDE4 77E13990 00FEFDBC 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
00FEFE40 77E13A5C 00FEFE0C 00FEFEB8 FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
00FEFE5C 78319390 00000007 00FEFEB8 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
784102B8 FFFFFFFF 00000000 00000000 000001C8 00000000
shell32!Ordinal200
77FCFE20 784102B8 77FCFE48 77FCFE08 00000023 00000023
<nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000
shell32!<nosymbols>
State Dump for Thread Id 0x428
eax=000a2e20 ebx=00000002 ecx=782f4cd0 edx=00000000
esi=77f93233 edi=00000002
eip=77f9323e esp=0106fe5c ebp=0106fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:01ae9d43=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0106FEA8 77E13990 0106FE80 00000001 00000000 0106FEA0
ntdll!NtWaitForMultipleObjects
0106FF04 77E13A5C 0106FED0 631DBB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
0106FF20 631CA7B6 00000001 631DBB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
0106FF74 631CAB3E 0106FFA0 0106FFA4 0106FFA8 0106FF9C !
Ordinal265
0106FFAC 631CAD02 00000012 7C4E987C 00000000 00000000 !
Ordinal293
0106FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x430
eax=000000c0 ebx=00f9fccc ecx=7c4f3496 edx=00000000
esi=ffffffff edi=00000557
eip=77f8915e esp=0128ffa0 ebp=0128ffb4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b
gs=0000 efl=00000246
function: ZwDelayExecution
77f89153 b832000000 mov eax,0x32
77f89158 8d542404 lea edx,
[esp+0x4] ss:01d09e87=????????
77f8915c cd2e int 2e
77f8915e c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0128FFB4 7C4E987C 00F9FCCC 00000557 FFFFFFFF 00F9FCCC
ntdll!ZwDelayExecution
0128FFEC 00000000 77F85C00 00F9FCCC 00000000 00905A4D
kernel32!SetThreadExecutionState
*----> Raw Stack Dump <----*
0128ffa0 42 5c f8 77 01 00 00 00 - ac ff 28 01 00 00 00
00 B\.w......(.....
0128ffb0 00 00 00 80 ec ff 28 01 - 7c 98 4e 7c cc fc f9
00 ......(.|.N|....
0128ffc0 57 05 00 00 ff ff ff ff - cc fc f9 00 00 50 fd
7f W............P..
0128ffd0 96 34 4f 7c c0 ff 28 01 - 96 34 4f 7c ff ff ff
ff .4O|..(..4O|....
0128ffe0 b4 f0 4f 7c 60 d3 4e 7c - 00 00 00 00 00 00 00
00 ..O|`.N|........
0128fff0 00 00 00 00 00 5c f8 77 - cc fc f9 00 00 00 00
00 .....\.w........
01290000 4d 5a 90 00 03 00 00 00 - 04 00 00 00 ff ff 00
00 MZ..............
01290010 b8 00 00 00 00 00 00 00 - 40 00 00 00 00 00 00
00 ........@.......
01290020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01290030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 01 00
00 ................
01290040 0e 1f ba 0e 00 b4 09 cd - 21 b8 01 4c cd 21 54
68 ........!..L.!Th
01290050 69 73 20 70 72 6f 67 72 - 61 6d 20 63 61 6e 6e
6f is program canno
01290060 74 20 62 65 20 72 75 6e - 20 69 6e 20 44 4f 53
20 t be run in DOS
01290070 6d 6f 64 65 2e 0d 0d 0a - 24 00 00 00 00 00 00
00 mode....$.......
01290080 9b b6 e5 4f df d7 8b 1c - df d7 8b 1c df d7 8b
1c ...O............
01290090 92 f4 97 1c de d7 8b 1c - 16 f5 a1 1c de d7 8b
1c ................
012900a0 df d7 8a 1c b6 d6 8b 1c - 25 f4 92 1c d2 d7 8b
1c ........%.......
012900b0 25 f4 cb 1c cf d7 8b 1c - 25 f4 b4 1c de d7 8b
1c %.......%.......
012900c0 05 f4 96 1c ef d7 8b 1c - 05 f4 97 1c 8f d7 8b
1c ................
012900d0 48 f4 ce 1c de d7 8b 1c - 25 f4 b6 1c de d7 8b
1c H.......%.......
State Dump for Thread Id 0x408
eax=000b70f0 ebx=00000000 ecx=00000000 edx=00000000
esi=00000000 edi=014efda4
eip=77f950df esp=014ef9f0 ebp=014efa50 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: ZwDeviceIoControlFile
77f950d4 b838000000 mov eax,0x38
77f950d9 8d542404 lea edx,
[esp+0x4] ss:01f698d7=????????
77f950dd cd2e int 2e
77f950df c22800 ret 0x28
77f950e2 8bca mov ecx,edx
77f950e4 894dcc mov
[ebp+0xcc],ecx ss:01f69936=????????
77f950e7 66832100 and word ptr
[ecx],0x0 ds:00000000=????
77f950eb e9eccaffff jmp
RtlDosPathNameToNtPathName_U+0x25a (77f91bdc)
77f950f0 8b4508 mov eax,
[ebp+0x8] ss:01f69936=????????
77f950f3 5e pop esi
77f950f4 5f pop edi
77f950f5 c9 leave
77f950f6 c3 ret
77f950f7 55 push ebp
77f950f8 8bec mov ebp,esp
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
014EFA50 76F585B4 0000075C 0017000E 76F5F700 00000038
ntdll!ZwDeviceIoControlFile
014EFD30 76F52B06 0009CFDC 014EFD4C 0009CF58 0009CF48
netshell!<nosymbols>
014EFDA8 76F53B99 014EFDC4 014EFDEC 000B70F0 000AA4C8
netshell!NetSetupSetProgressCallback
014EFDCC 76F50F7D 0009CF58 014EFDEC 00000000 014EFED8
netshell!NetSetupSetProgressCallback
014EFDF4 76F50F05 000C3240 000B70F0 014EFE24 77E12CA8
netshell!NetSetupSetProgressCallback
014EFE04 77E12CA8 00000000 00000113 00007FE3 000C3240
netshell!NetSetupSetProgressCallback
014EFE24 77E12E4E 76F50ED1 00000000 00000113 00007FE3
user32!GetSysColor
014EFEB0 77E12F0F 014EFED8 00000000 76F21E2C 014EFED8
user32!GetSysColor
00000001 00000000 00000000 00000000 00000000 00000000
user32!DispatchMessageW
*----> Raw Stack Dump <----*
014ef9f0 91 d6 4f 7c 5c 07 00 00 - 00 00 00 00 00 00 00
00 ..O|\...........
014efa00 00 00 00 00 28 fa 4e 01 - 0e 00 17 00 00 f7 f5
76 ....(.N........v
014efa10 38 00 00 00 84 fa 4e 01 - a0 02 00 00 a4 fd 4e
01 8.....N.......N.
014efa20 4c fd 4e 01 5c 07 00 00 - 00 00 00 00 90 00 00
00 L.N.\...........
014efa30 98 88 f5 76 74 fa 4e 01 - 1c fa 4e 01 01 01 01
01 ...vt.N...N.....
014efa40 a0 fe 4e 01 b4 f0 4f 7c - c0 d6 4f 7c ff ff ff
ff ..N...O|..O|....
014efa50 30 fd 4e 01 b4 85 f5 76 - 5c 07 00 00 0e 00 17
00 0.N....v\.......
014efa60 00 f7 f5 76 38 00 00 00 - 84 fa 4e 01 a0 02 00
00 ...v8.....N.....
014efa70 38 fd 4e 01 00 00 00 00 - ec fd 4e 01 a4 fd 4e
01 8.N.......N...N.
014efa80 48 cf 09 00 07 01 01 00 - 04 00 00 00 40 42 0f
00 H...........@B..
014efa90 04 01 01 80 04 00 00 00 - 00 00 00 00 14 01 01
80 ................
014efaa0 04 00 00 00 00 00 00 00 - 01 01 02 00 04 00 00
00 ................
014efab0 c2 00 00 00 02 01 02 00 - 04 00 00 00 da 06 00
00 ................
014efac0 03 01 02 00 04 00 00 00 - 00 00 00 00 04 01 02
00 ................
014efad0 04 00 00 00 00 00 00 00 - 08 02 02 80 04 00 00
00 ................
014efae0 9b 00 00 00 ff ff ff 80 - 04 00 00 00 16 03 00
00 ................
014efaf0 13 02 02 80 04 00 00 00 - 4e 00 00 00 14 02 02
80 ........N.......
014efb00 04 00 00 00 00 00 00 00 - 15 02 02 80 04 00 00
00 ................
014efb10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
014efb20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x40c
eax=00000000 ebx=77e339d4 ecx=0152fd0c edx=00000000
esi=0152fd70 edi=77e12f5f
eip=77e12f5c esp=0152fd04 ebp=0152fd1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e12f3a 0f8540d80200 jne
UnregisterHotKey+0xe89 (77e40780)
77e12f40 33c0 xor eax,eax
77e12f42 c20800 ret 0x8
77e12f45 ff742408 push dword ptr
[esp+0x8] ss:01fa9beb=????????
77e12f49 51 push ecx
77e12f4a e8ce1e0000 call GetKeyState+0x9b
(77e14e1d)
77e12f4f ebf1 jmp DrawStateA+0x6e6
(77e1e842)
77e12f51 b89a110000 mov eax,0x119a
77e12f56 8d542404 lea edx,
[esp+0x4] ss:01fa9beb=????????
77e12f5a cd2e int 2e
77e12f5c c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0152FD1C 766D1AD2 0152FD70 00000000 00000000 00000000
user32!TranslateMessageEx
0152FD90 766D198E 00010076 00000000 766D2848 00000001
stobject!DllGetClassObject
0152FFB4 7C4E987C 00000000 00F9FAA0 77F98191 00000000
stobject!DllGetClassObject
0152FFEC 00000000 766D1949 00000000 00000000 00040000
kernel32!SetThreadExecutionState
*----> Raw Stack Dump <----*
0152fd04 86 2f e1 77 70 fd 52 01 - 00 00 00 00 00 00 00
00 ./.wp.R.........
0152fd14 00 00 00 00 00 00 00 00 - 90 fd 52 01 d2 1a 6d
76 ..........R...mv
0152fd24 70 fd 52 01 00 00 00 00 - 00 00 00 00 00 00 00
00 p.R.............
0152fd34 a0 fa f9 00 00 00 6d 76 - 00 00 00 00 30 00 00
00 ......mv....0...
0152fd44 00 40 00 00 00 13 6d 76 - 00 00 00 00 1e 00 00
00 [email protected]........
0152fd54 00 00 6d 76 65 00 01 00 - 11 00 01 00 10 00 00
00 ..mve...........
0152fd64 00 00 00 00 50 28 6d 76 - 00 00 00 00 80 00 01
00 ....P(mv........
0152fd74 2d 05 00 00 d1 04 00 00 - 00 00 00 00 0f aa 09
00 -...............
0152fd84 dd 03 00 00 ab 02 00 00 - 00 00 00 00 b4 ff 52
01 ..............R.
0152fd94 8e 19 6d 76 76 00 01 00 - 00 00 00 00 48 28 6d
76 ..mvv.......H(mv
0152fda4 01 00 00 00 91 81 f9 77 - 43 00 3a 00 5c 00 57
00 .......wC.:.\.W.
0152fdb4 49 00 4e 00 4e 00 54 00 - 5c 00 73 00 79 00 73
00 I.N.N.T.\.s.y.s.
0152fdc4 74 00 65 00 6d 00 33 00 - 32 00 5c 00 73 00 74
00 t.e.m.3.2.\.s.t.
0152fdd4 6f 00 62 00 6a 00 65 00 - 63 00 74 00 2e 00 64
00 o.b.j.e.c.t...d.
0152fde4 6c 00 6c 00 00 00 4e 7c - 1b 00 00 00 00 02 00
00 l.l...N|........
0152fdf4 fc ff 52 01 23 00 00 00 - 00 00 00 00 00 00 00
00 ..R.#...........
0152fe04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0152fe14 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0152fe24 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0152fe34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x400
eax=77562bda ebx=00000002 ecx=00000000 edx=00000000
esi=77f93233 edi=00000002
eip=77f9323e esp=015bff24 ebp=015bff70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:02039e0b=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
015BFF70 7C4FABFB 015BFF48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
015BFFB4 7C4E987C 00000000 00000009 0152F520 00000000
kernel32!WaitForMultipleObjects
015BFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x4b8
eax=00000000 ebx=000493e0 ecx=000859c0 edx=00000000
esi=000857b8 edi=000493e0
eip=77f8beb2 esp=0170febc ebp=0170fee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: NtRemoveIoCompletion
77f8bea7 b8a8000000 mov eax,0xa8
77f8beac 8d542404 lea edx,
[esp+0x4] ss:02189da3=????????
77f8beb0 cd2e int 2e
77f8beb2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0170FEE4 77D357C0 00000124 0170FF1C 0170FF0C 0170FF14
ntdll!NtRemoveIoCompletion
0170FF20 77D52899 000493E0 0170FF60 0170FF5C 0170FF70
rpcrt4!UuidFromStringA
0170FF74 77D52778 77D3DD59 000857B8 0152F3CA 77F8C277
rpcrt4!I_RpcTransConnectionReallocPacket
0170FFA8 77D3DD0B 000A3288 0170FFEC 7C4E987C 000A3048
rpcrt4!I_RpcTransConnectionReallocPacket
0170FFB4 7C4E987C 000A3048 0152F3CA 77F8C277 000A3048
rpcrt4!RpcBindingSetOption
0170FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x4c4
eax=77d3dcf3 ebx=80030001 ecx=000b76e0 edx=00000000
esi=00086580 edi=00000100
eip=77f839c7 esp=01affe28 ebp=01afff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,
[esp+0x4] ss:02579d0f=????????
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839cd 8b483c mov ecx,
[eax+0x3c] ds:787b7bd9=????????
77f839d0 f6400801 test byte ptr
[eax+0x8],0x1 ds:787b7bd9=??
77f839d4 7502 jnz
RtlCreateProcessParameters+0xd (77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov
[ebp+0xe4],ecx ss:02579e5a=????????
77f839db 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839de 668b4038 mov ax,
[eax+0x38] ds:787b7bda=????
77f839e2 668945e0 mov
[ebp+0xe0],ax ss:02579e5b=????
77f839e6 668945e2 mov
[ebp+0xe2],ax ss:02579e5b=????
77f839ea 53 push ebx
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01AFFF74 77D3D9DB 77D3DD59 00086580 00000000 00DCFA74
ntdll!NtReplyWaitReceivePortEx
01AFFFA8 77D3DD0B 000AE510 01AFFFEC 7C4E987C 000B8DD0
rpcrt4!RpcBindingSetOption
01AFFFB4 7C4E987C 000B8DD0 00000000 00DCFA74 000B8DD0
rpcrt4!RpcBindingSetOption
01AFFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x2e8
eax=00007530 ebx=0000059c ecx=01b3e97c edx=00000000
esi=000003e0 edi=01b3e97c
eip=77e137e7 esp=01b3e8f4 ebp=01b3e92c iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: GetClientRect
77e137ce e177 loope
AttachThreadInput+0x56 (77e21447)
77e137d0 dc37 fdiv qword ptr [edi]
ds:01b3e97c=01b3e9a800000000
77e137d2 e177 loope
AttachThreadInput+0x5a (77e2144b)
77e137d4 dc37 fdiv qword ptr [edi]
ds:01b3e97c=01b3e9a800000000
77e137d6 e177 loope
AttachThreadInput+0x5e (77e2144f)
77e137d8 dc37 fdiv qword ptr [edi]
ds:01b3e97c=01b3e9a800000000
77e137da e177 loope DrawStateA+0xef7
(77e1f053)
77e137dc b8bc110000 mov eax,0x11bc
77e137e1 8d542404 lea edx,
[esp+0x4] ss:025b87db=????????
77e137e5 cd2e int 2e
77e137e7 c21c00 ret 0x1c
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01B3E92C 77E25DB4 FFFFFFFF 000003E0 0004027A C065C064
user32!GetClientRect
01B3E954 7833D051 FFFFFFFF 000003E0 0004027A C065C064
user32!SendMessageTimeoutW
01B3E980 78329109 0004027A 00000000 00129008 00000000
shell32!Ordinal3
01B3E9A8 7832A2AD 00000001 0003025A 00000001 00000000
shell32!ShellExecuteEx
00000000 00000000 00000000 00000000 00000000 00000000
shell32!Ordinal159
*----> Raw Stack Dump <----*
01b3e8f4 85 5b e2 77 0a 00 01 00 - e0 03 00 00 7a 02 04
00 .[.w........z...
01b3e904 64 c0 65 c0 1c e9 b3 01 - af 02 00 00 00 00 00
00 d.e.............
01b3e914 2c 00 1d 01 64 c0 65 c0 - 02 00 00 00 30 75 00
00 ,...d.e.....0u..
01b3e924 00 00 00 00 00 00 00 00 - 54 e9 b3 01 b4 5d e2
77 ........T....].w
01b3e934 ff ff ff ff e0 03 00 00 - 7a 02 04 00 64 c0 65
c0 ........z...d.e.
01b3e944 02 00 00 00 30 75 00 00 - 7c e9 b3 01 00 00 00
00 ....0u..|.......
01b3e954 80 e9 b3 01 51 d0 33 78 - ff ff ff ff e0 03 00
00 ....Q.3x........
01b3e964 7a 02 04 00 64 c0 65 c0 - 02 00 00 00 30 75 00
00 z...d.e.....0u..
01b3e974 7c e9 b3 01 08 90 12 00 - 00 00 00 00 a8 e9 b3
01 |...............
01b3e984 09 91 32 78 7a 02 04 00 - 00 00 00 00 08 90 12
00 ..2xz...........
01b3e994 00 00 00 00 9c 05 00 00 - 7a 02 04 00 01 00 00
00 ........z.......
01b3e9a4 0e 00 00 00 00 00 00 00 - ad a2 32 78 01 00 00
00 ..........2x....
01b3e9b4 5a 02 03 00 01 00 00 00 - 00 00 00 00 00 ed b3
01 Z...............
01b3e9c4 08 90 12 00 33 98 32 78 - 00 00 00 00 08 90 12
00 ....3.2x........
01b3e9d4 03 00 20 20 00 00 00 00 - 8e 97 32 78 00 ed b3
01 .. ......2x....
01b3e9e4 9f dd 4f 7c 00 ed b3 01 - 04 97 32 78 00 ed b3
01 ..O|......2x....
01b3e9f4 9f dd 4f 7c 00 00 00 00 - 50 ed b3 01 a8 ab 09
00 ..O|....P.......
01b3ea04 01 00 00 00 b3 53 31 78 - 00 ed b3 01 c0 e1 0d
00 .....S1x........
01b3ea14 40 f0 b3 01 d8 ef b3 01 - 13 00 00 00 68 a1 7e
63 @...........h.~c
01b3ea24 50 ea b3 01 b0 e3 58 63 - c9 30 02 02 77 00 00
00 P.....Xc.0..w...
State Dump for Thread Id 0x1a0
eax=77a8e915 ebx=00000102 ecx=00070778 edx=00000000
esi=77f89153 edi=01b7ff74
eip=77f8915e esp=01b7ff60 ebp=01b7ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: ZwDelayExecution
77f89153 b832000000 mov eax,0x32
77f89158 8d542404 lea edx,
[esp+0x4] ss:025f9e47=????????
77f8915c cd2e int 2e
77f8915e c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01B7FF7C 7C4FAC79 0000EA60 00000000 77A60216 0000EA60
ntdll!ZwDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
State Dump for Thread Id 0x424
eax=00115000 ebx=0244ff74 ecx=00117000 edx=00000000
esi=77f94086 edi=000004cc
eip=77f94091 esp=0244ff58 ebp=0244ff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: ZwWaitForSingleObject
77f94086 b8ea000000 mov eax,0xea
77f9408b 8d542404 lea edx,
[esp+0x4] ss:02ec9e3f=????????
77f9408f cd2e int 2e
77f94091 c20c00 ret 0xc
77f94094 8a5001 mov dl,
[eax+0x1] ds:00b8eee6=??
77f94097 3a5101 cmp dl,
[ecx+0x1] ds:00b90ee6=??
77f9409a 0f8598c7ffff jne
RtlEqualPrefixSid+0x44 (77f90838)
77f940a0 84d2 test dl,dl
77f940a2 7410 jz
RtlQueryAtomInAtomTable+0x31 (77f94fb4)
77f940a4 0fb6d2 movzx edx,dl
77f940a7 33ff xor edi,edi
77f940a9 8d72ff lea esi,
[edx+0xff] ds:00a79ee6=????????
77f940ac 85f6 test esi,esi
77f940ae 0f8f04100100 jnle
RtlEraseUnicodeString+0x4e (77fa50b8)
77f940b4 b001 mov al,0x1
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0244FF7C 7C4F1B1B 000004CC 000927C0 00000000 6369DC45
ntdll!ZwWaitForSingleObject
77F89134 4AFFC033 58850F08 890000C1 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
State Dump for Thread Id 0x4b4
eax=0248f27c ebx=0248f26c ecx=00000002 edx=00115950
esi=00000000 edi=00115950
eip=636ffeeb esp=0248f214 ebp=0248f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
636ffece 8bcf mov ecx,edi
636ffed0 e8c9cce9ff call 6359cb9e
636ffed5 8b7d14 mov edi,
[ebp+0x14] ss:02f0910a=????????
636ffed8 8d4c0002 lea ecx,
[eax+eax+0x2] ds:02f09163=????????
636ffedc 8bc1 mov eax,ecx
636ffede c1e902 shr ecx,0x2
636ffee1 f3a5 rep movsd
ds:00000000=???????? es:00115950=00000000
636ffee3 8bc8 mov ecx,eax
636ffee5 8b4510 mov eax,
[ebp+0x10] ss:02f0910a=????????
636ffee8 83e103 and ecx,0x3
FAULT ->636ffeeb f3a4 rep movsb
ds:00000000=?? es:00115950=00
636ffeed 8b4d14 mov ecx,
[ebp+0x14] ss:02f0910a=????????
636ffef0 8908 mov
[eax],ecx ds:0248f27c=00000006
636ffef2 eb51 jmp
MatchExactGetIDsOfNames+0x63a31 (63708245)
636ffef4 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:02f0910a=????????
636ffef8 0f826229f4ff jb 63642860
636ffefe 8b4508 mov eax,
[ebp+0x8] ss:02f0910a=????????
636fff01 8b400c mov eax,
[eax+0xc] ds:02f09162=????????
636fff04 85c0 test eax,eax
636fff06 0f845429f4ff je 63642860
636fff0c 8b7024 mov esi,
[eax+0x24] ds:02f09162=????????
636fff0f 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0248F224 1A40ED02 0012DFF4 0000000E 0248F27C 00115950 !
MatchExactGetIDsOfNames
0248F248 10001B67 000DB7C8 0000000E 0248F27C 00000001 !
FindMimeFromData
0248F2C0 1A406806 00000000 00120C30 000DB968 00000000 !
<nosymbols>
0248F2E8 1A421CC4 000DB7C0 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
0248F318 1A40AE34 000DB7C0 00000016 00120C30 1A40AE09 !
CompareSecurityIds
0248F354 1A415831 00000016 0248F5C0 00000000 00108B40 !
IsAsyncMoniker
0248F7D0 1A40B47D 00000000 00108B40 00108B50 1A40B440 !
FindMediaTypeClass
0248F7FC 1A408227 00000000 000C21F8 000DB7C0 000DB7C8 !
IsAsyncMoniker
0248F824 1A4077FD 000DB968 000C21F8 000DB7C0 000DB7C8 !
CreateAsyncBindCtxEx
0248F86C 635F1B8D 000DB7C0 000C21F8 0012E014 00000000 !
CreateAsyncBindCtxEx
0248FAC0 635F19DA 000C21F8 873F0000 0248FBE4 02026830 !
<nosymbols>
0248FADC 635F193D 0248FBE4 02026844 873F0000 02026830 !
<nosymbols>
0248FB00 63603F30 0248FBE4 02023EB0 00001FDD 873F0000 !
<nosymbols>
0248FB50 635F1254 0202A3E0 02023EB0 00000000 00000000 !
<nosymbols>
0248FB74 635F27A6 02023FA0 00000001 00000000 0248FBE4 !
<nosymbols>
0248FBCC 636055AF 02023FA0 00000000 10000000 00128008 !
<nosymbols>
0248FCE4 00000000 00400000 0201B160 C00007B0 00081800 !
<nosymbols>
*----> Raw Stack Dump <----*
0248f214 00 00 00 00 7c f2 48 02 - 6c b9 0d 00 00 00 00
00 ....|.H.l.......
0248f224 48 f2 48 02 02 ed 40 1a - f4 df 12 00 0e 00 00
00 H.H...@.........
0248f234 7c f2 48 02 50 59 11 00 - 6c f2 48 02 00 00 00
00 |.H.PY..l.H.....
0248f244 4c 00 b4 02 c0 f2 48 02 - 67 1b 00 10 c8 b7 0d
00 L.....H.g.......
0248f254 0e 00 00 00 7c f2 48 02 - 01 00 00 00 6c f2 48
02 ....|.H.....l.H.
0248f264 c8 b7 0d 00 da 18 41 1a - 00 00 00 00 30 0c 12
00 ......A.....0...
0248f274 6c b9 0d 00 c8 b7 0d 00 - 06 00 00 00 90 f2 48
02 l.............H.
0248f284 6c b9 0d 00 00 00 00 00 - c0 b7 0d 00 14 00 00
00 l...............
0248f294 00 00 00 00 68 b9 0d 00 - 00 00 00 00 00 00 00
00 ....h...........
0248f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
0248f2b4 50 00 b4 02 78 42 0b 00 - 4c 00 b4 02 e8 f2 48
02 P...xB..L.....H.
0248f2c4 06 68 40 1a 00 00 00 00 - 30 0c 12 00 68 b9 0d
00 [email protected]...
0248f2d4 00 00 00 00 00 00 00 00 - c0 b7 0d 00 00 00 00
00 ................
0248f2e4 00 00 00 00 18 f3 48 02 - c4 1c 42 1a c0 b7 0d
00 ......H...B.....
0248f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0248f304 30 0c 12 00 00 00 00 00 - 00 00 00 00 fc 8b 10
00 0...............
0248f314 40 8b 10 00 54 f3 48 02 - 34 ae 40 1a c0 b7 0d
00 @...T.H.4.@.....
0248f324 16 00 00 00 30 0c 12 00 - 09 ae 40 1a d8 9e 0f
00 ....0.....@.....
0248f334 16 00 00 00 30 0c 12 00 - 04 01 00 00 40 8b 10
00 ....0.......@...
0248f344 00 00 00 00 01 00 00 00 - 05 40 00 80 30 0c 12
00 [email protected]...
State Dump for Thread Id 0x450
eax=0250fd70 ebx=024cff74 ecx=00000000 edx=00000000
esi=77f94086 edi=000004e4
eip=77f94091 esp=024cff58 ebp=024cff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: ZwWaitForSingleObject
77f94086 b8ea000000 mov eax,0xea
77f9408b 8d542404 lea edx,
[esp+0x4] ss:02f49e3f=????????
77f9408f cd2e int 2e
77f94091 c20c00 ret 0xc
77f94094 8a5001 mov dl,
[eax+0x1] ds:02f89c56=??
77f94097 3a5101 cmp dl,
[ecx+0x1] ds:00a79ee6=??
77f9409a 0f8598c7ffff jne
RtlEqualPrefixSid+0x44 (77f90838)
77f940a0 84d2 test dl,dl
77f940a2 7410 jz
RtlQueryAtomInAtomTable+0x31 (77f94fb4)
77f940a4 0fb6d2 movzx edx,dl
77f940a7 33ff xor edi,edi
77f940a9 8d72ff lea esi,
[edx+0xff] ds:00a79ee6=????????
77f940ac 85f6 test esi,esi
77f940ae 0f8f04100100 jnle
RtlEraseUnicodeString+0x4e (77fa50b8)
77f940b4 b001 mov al,0x1
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
024CFF7C 7C4F1B1B 000004E4 000927C0 00000000 6369DC45
ntdll!ZwWaitForSingleObject
77F89134 4AFFC033 58850F08 890000C1 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
State Dump for Thread Id 0x51c
eax=7ffd2004 ebx=00000003 ecx=02b1f8d0 edx=00000000
esi=77f93233 edi=00000003
eip=77f9323e esp=02b1fd24 ebp=02b1fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:03599c0b=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
02B1FD70 7C4FABFB 02B1FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
02B1FFB4 7C4E987C 00000004 7FFAC000 7C2D02A7 000E0678
kernel32!WaitForMultipleObjects
02B1FFEC 00000000 778321FE 000E0678 00000000 00000001
kernel32!SetThreadExecutionState
*----> Raw Stack Dump <----*
02b1fd24 d7 bd 4e 7c 03 00 00 00 - 48 fd b1 02 01 00 00
00 ..N|....H.......
02b1fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 78 06 0e
00 ............x...
02b1fd44 01 00 00 00 c4 05 00 00 - c8 05 00 00 d8 05 00
00 ................
02b1fd54 88 02 00 00 5b cc cd 2c - 89 02 00 00 5b cc cd
2c ....[..,....[..,
02b1fd64 8a 02 00 00 5b cc cd 2c - 8b 02 00 00 b4 ff b1
02 ....[..,........
02b1fd74 fb ab 4f 7c 48 fd b1 02 - 01 00 00 00 00 00 00
00 ..O|H...........
02b1fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
02b1fd94 b0 fe b1 02 00 00 00 00 - ff ff ff ff 78 06 0e
00 ............x...
02b1fda4 a7 02 2d 7c 00 c0 fa 7f - 93 02 00 00 5b cc cd
2c ..-|........[..,
02b1fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
02b1fdc4 23 00 00 00 23 00 00 00 - 00 c0 fa 7f a7 02 2d
7c #...#.........-|
02b1fdd4 78 06 0e 00 00 c0 fa 7f - 4c 00 00 00 fe 21 83
77 x.......L....!.w
02b1fde4 f8 cb fa 7f 24 98 4e 7c - 1b 00 00 00 00 02 00
00 ....$.N|........
02b1fdf4 fc ff b1 02 23 00 00 00 - 48 f2 36 81 48 f2 36
81 ....#...H.6.H.6.
02b1fe04 40 00 00 00 24 8b 89 b7 - 80 fd 44 80 00 b6 3e
81 @...$.....D...>.
02b1fe14 00 00 00 00 00 00 00 00 - 88 35 38 81 b2 34 49
80 .........58..4I.
02b1fe24 88 35 38 81 28 03 00 00 - 1e bf 00 00 d0 1a 9e
81 .58.(...........
02b1fe34 00 07 00 00 4c d1 44 80 - 1e bf 00 00 d0 1a 9e
81 ....L.D.........
02b1fe44 1e bf 00 00 d0 1a 9e 81 - 01 c2 fd 7f b3 05 00
00 ................
02b1fe54 f1 da 44 80 b3 05 00 00 - 30 be 36 81 00 c0 fd
7f ..D.....0.6.....
file... something saying that the memory at "0x00000"
cannot be "read". (or something like that)
This is the content of my DR. WATSON txtfile:
Microsoft (R) Windows 2000 (TM) Version 5.00 DrWtsn32
Copyright (C) 1985-1999 Microsoft Corp. All rights
reserved.
Application exception occurred:
App: (pid=1324)
When: 8/6/2003 @ 14:42:04.171
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
532 rtvscan.exe
572 regsvc.exe
588 mstask.exe
636 WinMgmt.exe
688 mspmspsv.exe
700 svchost.exe
1092 explorer.exe
1000 igfxtray.exe
996 hkcmd.exe
1072 vptray.exe
1164 FINDFAST.exe
988 OSA.exe
1228 ipmsg2.02.exe
260 EXTRA.exe
388 aomdemon.exe
1324 SQLPLUSW.exe
1304 wmplayer.exe
1348 VB6.exe
1440 msaccess.exe
1428 notepad.exe
1368 notepad.exe
1548 msaccess.exe
1340 DRWTSN32.exe
0 _Total.exe
(00400000 - 00614000)
(77F80000 - 77FFB000)
(60400000 - 60506000)
(60600000 - 60686000)
(60800000 - 6084D000)
(77E80000 - 77F36000)
(78000000 - 78046000)
(77DB0000 - 77E0D000)
(77D30000 - 77DA1000)
(77570000 - 775A0000)
(77E10000 - 77E75000)
(77F40000 - 77F7C000)
(00230000 - 00236000)
(60200000 - 60265000)
(60000000 - 60122000)
(60A00000 - 60A2B000)
(60B00000 - 60BA9000)
(60E00000 - 60E0D000)
(61100000 - 61137000)
(75030000 - 75043000)
(75020000 - 75028000)
(00240000 - 002A1000)
(61500000 - 6150E000)
(61700000 - 61720000)
(75050000 - 75058000)
(77A50000 - 77B45000)
(779B0000 - 77A4B000)
(61900000 - 61906000)
(62100000 - 62106000)
(002B0000 - 002B6000)
(62300000 - 62306000)
(62500000 - 62508000)
(002C0000 - 002C7000)
(002D0000 - 002E1000)
(62700000 - 62740000)
(62900000 - 62B23000)
(63100000 - 63108000)
(60350000 - 60356000)
(63200000 - 63273000)
(76B30000 - 76B6D000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(782F0000 - 78536000)
(64700000 - 6470B000)
(74FD0000 - 74FED000)
(75010000 - 75017000)
State Dump for Thread Id 0x4f8
eax=00000002 ebx=c0000000 ecx=00000000 edx=00000000
esi=0012a52c edi=0012a524
eip=004746bc esp=00129e38 ebp=0012a0f8 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
00474689 0fafc8 imul ecx,eax
0047468c 894d88 mov
[ebp+0x88],ecx ss:00ba76ca=????????
0047468f
c785d8feffff00000000
ss:00129fd0=00000002
mov dword ptr
[ebp+0xfffffed8],0x0
00474699 8b15d45c4a00 mov edx,
[004a5cd4] ds:004a5cd4=01651ff0
0047469f 8915d05c4a00 mov
[004a5cd0],edx ds:004a5cd0=00000000
004746a5 eb1d jmp 0047d1c4
004746a7 8b85d8feffff mov eax,
[ebp+0xfffffed8] ss:00129fd0=00000002
004746ad 83c001 add eax,0x1
004746b0 8985d8feffff mov
[ebp+0xfffffed8],eax ss:00129fd0=00000002
004746b6 8b0dd05c4a00 mov ecx,
[004a5cd0] ds:004a5cd0=00000000
FAULT ->004746bc 8b11 mov edx,
[ecx] ds:00000000=????????
004746be 8915d05c4a00 mov
[004a5cd0],edx ds:004a5cd0=00000000
004746c4 8b85d8feffff mov eax,
[ebp+0xfffffed8] ss:00129fd0=00000002
004746ca 3b8540ffffff cmp eax,
[ebp+0xffffff40] ss:0012a038=000003e7
004746d0 7d02 jge 004831d4
004746d2 ebd3 jmp 0047caa7
004746d4 833dd05c4a0000 cmp dword ptr
[004a5cd0],0x0 ds:004a5cd0=00000000
004746db 0f8482000000 je 00474763
004746e1 833dcc5d4a0000 cmp dword ptr
[004a5dcc],0x0 ds:004a5dcc=00000000
004746e8 7440 jz 0047d22a
004746ea 8b0d185d4a00 mov ecx,
[004a5d18] ds:004a5d18=000003e7
004746f0 3b8d40ffffff cmp ecx,
[ebp+0xffffff40] ss:0012a038=000003e7
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0012A0F8 77E11D0A 000803DE 0000000F 00000000 00000000 !
<nosymbols>
0012A118 77E12BCC 00471975 000803DE 0000000F 00000000
user32!DispatchMessageW
0012A134 77E12B84 007B1070 0000000F 00000000 00000000
user32!MsgWaitForMultipleObjects
0012A15C 77FA02FF 0012A16C 00000018 007B1070 0000000F
user32!MsgWaitForMultipleObjects
0012A458 77E11D0A 000803DE 00000102 0000000D 001C0001
ntdll!KiUserCallbackDispatcher
0012A478 77E11BC8 00471975 000803DE 00000102 0000000D
user32!DispatchMessageW
0012A504 77E172B4 0012A524 00000001 0047AA4C 0012A524
user32!GetAppCompatFlags2
0012A540 0046FE2B 0012B6A8 00001D4C 00000017 003B4590
user32!DispatchMessageA
0012A560 0042EF02 003B4578 004A6A00 0012B6A8 00001D4C !
<nosymbols>
0012A594 0043B1CE 003B4590 004A6A00 0012B6A8 00001D4C !
<nosymbols>
0012A5C4 0043A3DD 003B4590 0012B6A8 00001D4C 00000000 !
<nosymbols>
0012DDF4 0040C6E5 003B4590 004A8040 0012DE48 000009C3 !
<nosymbols>
0012E834 0040BAC3 003B4590 0012FECC 0042BE57 003B4590 !
<nosymbols>
0012E840 0042BE57 003B4590 00000001 00136A28 00000000 !
<nosymbols>
0012FECC 0046F4AA 00000000 0012FF10 003B4578 00000001 !
<nosymbols>
0012FEE8 0047175C 00000002 0012FF08 003B4578 003B4590 !
<nosymbols>
0012FF24 0047D5A6 00400000 00000000 00134903 00000001 !
<nosymbols>
0012FFC0 77E9CA90 00000000 00000000 7FFDF000 C0000005 !
<nosymbols>
0012FFF0 00000000 0047D450 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
00129e38 2c a5 12 00 00 00 00 00 - 2c a5 12 00 47 00 00
00 ,.......,...G...
00129e48 03 00 00 00 00 00 00 00 - a4 c5 13 00 b0 2a 7a
00 .............*z.
00129e58 04 00 00 00 06 00 00 00 - ec 1d f4 77 51 00 01
01 ...........wQ...
00129e68 a4 c5 13 00 e7 03 00 00 - e8 03 00 00 e7 03 00
00 ................
00129e78 01 00 00 00 11 01 00 00 - be 03 09 00 68 43 7a
00 ............hCz.
00129e88 0a 1d e1 77 ce 03 0e 00 - 11 01 00 00 21 03 00
00 ...w........!...
00129e98 82 00 00 00 be 03 09 00 - cd ab ba dc e0 9e 12
00 ................
00129ea8 ae 30 e2 77 ce 03 0e 00 - 11 01 00 00 21 03 00
00 .0.w........!...
00129eb8 be 03 09 00 00 00 00 00 - 0e 00 00 00 11 01 00
00 ................
00129ec8 01 01 00 00 12 07 0a 08 - 04 9f 12 00 a0 39 e2
77 .............9.w
00129ed8 51 00 01 01 00 00 00 00 - 10 9f 12 00 c5 36 e1
77 Q............6.w
00129ee8 1c 9f 12 00 03 00 00 00 - 70 39 f8 77 00 00 13
00 ........p9.w....
00129ef8 18 07 13 00 03 00 00 00 - 58 c5 13 00 f4 9e 12
00 ........X.......
00129f08 00 02 00 00 b0 a0 12 00 - 95 2b f8 77 b8 39 f8
77 .........+.w.9.w
00129f18 ff ff ff ff c0 a0 12 00 - 27 b2 fc 77 18 07 13
00 ........'..w....
00129f28 01 00 00 00 14 a1 12 00 - 05 00 00 00 e3 b7 fc
77 ...............w
00129f38 20 f1 ed 77 08 00 a7 00 - 74 9f 12 00 12 00 00
00 ..w....t.......
00129f48 70 39 f8 77 00 00 13 00 - e8 09 13 00 12 00 00
00 p9.w............
00129f58 38 c6 13 00 4c 9f 12 00 - 00 02 00 00 08 a1 12
00 8...L...........
00129f68 95 2b f8 77 b8 39 f8 77 - ff ff ff ff 18 a1 12
00 .+.w.9.w........
Application exception occurred:
App: (pid=1600)
When: 8/11/2003 @ 15:42:42.562
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
572 regsvc.exe
588 mstask.exe
632 WinMgmt.exe
692 mspmspsv.exe
704 svchost.exe
724 explorer.exe
1148 igfxtray.exe
1016 hkcmd.exe
1044 vptray.exe
1088 FINDFAST.exe
1196 OSA.exe
532 ipmsg2.02.exe
1420 DLLHOST.exe
1400 msdtc.exe
1272 IEXPLORE.exe
1004 nlnotes.exe
1176 naldaemn.exe
1504 nhldaemn.exe
1416 IEXPLORE.exe
1532 AcroRd32.exe
1572 _BlackWidow.exe
1600 _BWDS.exe
1608 DRWTSN32.exe
0 _Total.exe
(00400000 - 0041B000)
(77F80000 - 77FFB000)
(762E0000 - 7642D000)
(77E80000 - 77F36000)
(77E10000 - 77E75000)
(77F40000 - 77F7C000)
(77DB0000 - 77E0D000)
(77D30000 - 77DA1000)
(77A50000 - 77B45000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(78000000 - 78046000)
(234C0000 - 234DE000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70BD0000 - 70C35000)
(202B0000 - 20346000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(71710000 - 71794000)
(76B30000 - 76B6D000)
(782F0000 - 78536000)
(01170000 - 01176000)
State Dump for Thread Id 0x28c
eax=0202bfda ebx=00000000 ecx=0012f49c edx=00139e70
esi=00000000 edi=763b8bce
eip=00400202 esp=0012f38c ebp=bfdaf4bc iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: <nosymbols>
004001e8 0000 add
[eax],al ds:0202bfda=??
004001ea 0000 add
[eax],al ds:0202bfda=??
004001ec 40 inc eax
004001ed 0000 add
[eax],al ds:0202bfda=??
004001ef 40 inc eax
004001f0 2e7273 jb 00407466
004001f3 7263 jb 00400258
004001f5 0000 add
[eax],al ds:0202bfda=??
004001f7 00840b00000080 add
[ebx+ecx+0x80000000],al ds:8012f49c=??
004001fe 0100 add
[eax],eax ds:0202bfda=????????
00400200 000c00 add
[eax+eax],cl ds:0202bfda=??
00400203 0000 add
[eax],al ds:0202bfda=??
00400205 52 push edx
00400206 0100 add
[eax],eax ds:0202bfda=????????
00400208 0000 add
[eax],al ds:0202bfda=??
0040020a 0000 add
[eax],al ds:0202bfda=??
0040020c 0000 add
[eax],al ds:0202bfda=??
0040020e 0000 add
[eax],al ds:0202bfda=??
00400210 0000 add
[eax],al ds:0202bfda=??
00400212 0000 add
[eax],al ds:0202bfda=??
00400214 40 inc eax
00400215 0000 add
[eax],al ds:0202bfda=??
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
BFDAF4BC 00000000 00000000 00000000 00000000 00000000 !
<nosymbols>
*----> Raw Stack Dump <----*
0012f38c ce 8b 3b 76 24 4b 2e 76 - 00 00 00 00 00 00 00
00 ..;v$K.v........
0012f39c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3bc 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3dc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3ec 00 00 00 00 00 00 00 00 - ff ff bc 00 00 00 00
00 ................
0012f3fc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f40c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f41c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f42c 00 00 00 00 02 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f43c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f44c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f45c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f46c 00 00 00 00 00 00 00 00 - 00 00 00 00 94 8f 14
00 ................
0012f47c ec db bc 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f48c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f49c ec fa 12 00 96 1c 40 00 - 8c f3 12 00 20 10 40
00 ......@..... .@.
0012f4ac 00 00 00 00 ff ff ff ff - 4c f9 12 00 15 00 00
00 ........L.......
0012f4bc 00 fb 12 00 bc 89 40 00 - 70 b6 13 00 0c fb 12
00 [email protected].......
Application exception occurred:
App: (pid=988)
When: 8/12/2003 @ 13:47:34.109
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
572 regsvc.exe
588 mstask.exe
632 WinMgmt.exe
692 mspmspsv.exe
704 svchost.exe
724 explorer.exe
1148 igfxtray.exe
1016 hkcmd.exe
1044 vptray.exe
1088 FINDFAST.exe
1196 OSA.exe
532 ipmsg2.02.exe
1420 DLLHOST.exe
1400 msdtc.exe
1272 IEXPLORE.exe
1416 IEXPLORE.exe
1644 _BlackWidow.exe
988 _BWDS.exe
1224 DRWTSN32.exe
0 _Total.exe
(00400000 - 0041B000)
(77F80000 - 77FFB000)
(762E0000 - 7642D000)
(77E80000 - 77F36000)
(77E10000 - 77E75000)
(77F40000 - 77F7C000)
(77DB0000 - 77E0D000)
(77D30000 - 77DA1000)
(77A50000 - 77B45000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(78000000 - 78046000)
(234C0000 - 234DE000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70BD0000 - 70C35000)
(202B0000 - 20346000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(71710000 - 71794000)
(76B30000 - 76B6D000)
(782F0000 - 78536000)
(01170000 - 01176000)
State Dump for Thread Id 0x608
eax=0202bfda ebx=00000000 ecx=0012f49c edx=00139e70
esi=00000000 edi=763b8bce
eip=00400202 esp=0012f38c ebp=bfdaf4bc iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: <nosymbols>
004001e8 0000 add
[eax],al ds:0202bfda=??
004001ea 0000 add
[eax],al ds:0202bfda=??
004001ec 40 inc eax
004001ed 0000 add
[eax],al ds:0202bfda=??
004001ef 40 inc eax
004001f0 2e7273 jb 00407466
004001f3 7263 jb 00400258
004001f5 0000 add
[eax],al ds:0202bfda=??
004001f7 00840b00000080 add
[ebx+ecx+0x80000000],al ds:8012f49c=??
004001fe 0100 add
[eax],eax ds:0202bfda=????????
00400200 000c00 add
[eax+eax],cl ds:0202bfda=??
00400203 0000 add
[eax],al ds:0202bfda=??
00400205 52 push edx
00400206 0100 add
[eax],eax ds:0202bfda=????????
00400208 0000 add
[eax],al ds:0202bfda=??
0040020a 0000 add
[eax],al ds:0202bfda=??
0040020c 0000 add
[eax],al ds:0202bfda=??
0040020e 0000 add
[eax],al ds:0202bfda=??
00400210 0000 add
[eax],al ds:0202bfda=??
00400212 0000 add
[eax],al ds:0202bfda=??
00400214 40 inc eax
00400215 0000 add
[eax],al ds:0202bfda=??
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
BFDAF4BC 00000000 00000000 00000000 00000000 00000000 !
<nosymbols>
*----> Raw Stack Dump <----*
0012f38c ce 8b 3b 76 24 4b 2e 76 - 00 00 00 00 00 00 00
00 ..;v$K.v........
0012f39c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3bc 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3dc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3ec 00 00 00 00 00 00 00 00 - ff ff bc 00 00 00 00
00 ................
0012f3fc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f40c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f41c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f42c 00 00 00 00 02 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f43c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f44c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f45c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f46c 00 00 00 00 00 00 00 00 - 00 00 00 00 94 8f 14
00 ................
0012f47c ec db bc 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f48c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f49c ec fa 12 00 96 1c 40 00 - 8c f3 12 00 20 10 40
00 ......@..... .@.
0012f4ac 00 00 00 00 ff ff ff ff - 4c f9 12 00 15 00 00
00 ........L.......
0012f4bc 00 fb 12 00 bc 89 40 00 - 70 b6 13 00 0c fb 12
00 [email protected].......
Application exception occurred:
App: (pid=1352)
When: 8/29/2003 @ 14:30:18.328
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
532 rtvscan.exe
572 regsvc.exe
588 mstask.exe
628 WinMgmt.exe
688 mspmspsv.exe
700 svchost.exe
1020 explorer.exe
1076 igfxtray.exe
1084 hkcmd.exe
1176 vptray.exe
1204 FINDFAST.exe
1224 OSA.exe
324 VB6.exe
1068 ipmsg2.02.exe
640 notepad.exe
1156 BlackWidow.exe
616 IEXPLORE.exe
1428 _BlackWidow.exe
1352 _BWDS.exe
1408 DRWTSN32.exe
0 _Total.exe
(00400000 - 0041B000)
(77F80000 - 77FFB000)
(762E0000 - 7642D000)
(77E80000 - 77F36000)
(77E10000 - 77E75000)
(77F40000 - 77F7C000)
(77DB0000 - 77E0D000)
(77D30000 - 77DA1000)
(77A50000 - 77B45000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(78000000 - 78046000)
(234C0000 - 234DE000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70BD0000 - 70C35000)
(202B0000 - 20346000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(71710000 - 71794000)
(76B30000 - 76B6D000)
(782F0000 - 78536000)
(01160000 - 01166000)
State Dump for Thread Id 0x520
eax=0202bfda ebx=00000000 ecx=0012f49c edx=00139e70
esi=00000000 edi=763b8bce
eip=00400202 esp=0012f38c ebp=bfdaf4bc iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: <nosymbols>
004001e8 0000 add
[eax],al ds:0202bfda=??
004001ea 0000 add
[eax],al ds:0202bfda=??
004001ec 40 inc eax
004001ed 0000 add
[eax],al ds:0202bfda=??
004001ef 40 inc eax
004001f0 2e7273 jb 00407466
004001f3 7263 jb 00400258
004001f5 0000 add
[eax],al ds:0202bfda=??
004001f7 00840b00000080 add
[ebx+ecx+0x80000000],al ds:8012f49c=??
004001fe 0100 add
[eax],eax ds:0202bfda=????????
00400200 000c00 add
[eax+eax],cl ds:0202bfda=??
00400203 0000 add
[eax],al ds:0202bfda=??
00400205 52 push edx
00400206 0100 add
[eax],eax ds:0202bfda=????????
00400208 0000 add
[eax],al ds:0202bfda=??
0040020a 0000 add
[eax],al ds:0202bfda=??
0040020c 0000 add
[eax],al ds:0202bfda=??
0040020e 0000 add
[eax],al ds:0202bfda=??
00400210 0000 add
[eax],al ds:0202bfda=??
00400212 0000 add
[eax],al ds:0202bfda=??
00400214 40 inc eax
00400215 0000 add
[eax],al ds:0202bfda=??
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
BFDAF4BC 00000000 00000000 00000000 00000000 00000000 !
<nosymbols>
*----> Raw Stack Dump <----*
0012f38c ce 8b 3b 76 24 4b 2e 76 - 00 00 00 00 00 00 00
00 ..;v$K.v........
0012f39c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3bc 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3dc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f3ec 00 00 00 00 00 00 00 00 - ff ff bc 00 00 00 00
00 ................
0012f3fc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f40c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f41c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f42c 00 00 00 00 02 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f43c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f44c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f45c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f46c 00 00 00 00 00 00 00 00 - 00 00 00 00 94 8f 14
00 ................
0012f47c ec db bc 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f48c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012f49c ec fa 12 00 96 1c 40 00 - 8c f3 12 00 20 10 40
00 ......@..... .@.
0012f4ac 00 00 00 00 ff ff ff ff - 4c f9 12 00 15 00 00
00 ........L.......
0012f4bc 00 fb 12 00 bc 89 40 00 - 70 b6 13 00 0c fb 12
00 [email protected].......
Application exception occurred:
App: (pid=1084)
When: 9/12/2003 @ 16:57:02.890
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
392 svchost.exe
424 spoolsv.exe
452 defwatch.exe
468 svchost.exe
496 nslsvice.exe
508 nsl.exe
528 rtvscan.exe
568 regsvc.exe
584 mstask.exe
632 WinMgmt.exe
684 mspmspsv.exe
696 svchost.exe
1124 explorer.exe
864 igfxtray.exe
1100 hkcmd.exe
980 vptray.exe
1004 FINDFAST.exe
1208 OSA.exe
1280 ipmsg2.02.exe
1412 DLLHOST.exe
1512 msdtc.exe
1444 nlnotes.exe
1240 naldaemn.exe
120 nhldaemn.exe
712 notepad.exe
1620 wmplayer.exe
516 VB6.exe
1084 YPager.exe
1704 DRWTSN32.exe
0 _Total.exe
(00400000 - 0057C000)
(77F80000 - 77FFB000)
(77820000 - 77827000)
(77E80000 - 77F36000)
(759B0000 - 759B6000)
(77E10000 - 77E75000)
(77F40000 - 77F7C000)
(71710000 - 71794000)
(77DB0000 - 77E0D000)
(77D30000 - 77DA1000)
(77570000 - 775A0000)
(75050000 - 75058000)
(75030000 - 75043000)
(78000000 - 78046000)
(75020000 - 75028000)
(10000000 - 10007000)
(00230000 - 00249000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(779B0000 - 77A4B000)
(77A50000 - 77B45000)
(70BD0000 - 70C35000)
(20000000 - 2000D000)
(00250000 - 00264000)
(65EC0000 - 65ECE000)
(00270000 - 00283000)
(76B30000 - 76B6D000)
(782F0000 - 78536000)
(702B0000 - 7032A000)
(732E0000 - 73305000)
(013D0000 - 01457000)
(775A0000 - 77625000)
(017A0000 - 017B0000)
(017F0000 - 0181C000)
(01820000 - 01830000)
(71000000 - 71149000)
(76B20000 - 76B25000)
(772B0000 - 7731C000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(77520000 - 77525000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(782C0000 - 782CC000)
(77340000 - 77353000)
(77320000 - 77337000)
(773B0000 - 773DE000)
(77380000 - 773A2000)
(77880000 - 7790D000)
(77360000 - 77379000)
(777E0000 - 777E8000)
(777F0000 - 777F5000)
(74FD0000 - 74FED000)
(75010000 - 75017000)
(02770000 - 0278E000)
(718C0000 - 71944000)
(70440000 - 704CF000)
(70C50000 - 70EFD000)
(75AC0000 - 75AE8000)
(75E60000 - 75E7A000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(6B700000 - 6B790000)
(6B600000 - 6B671000)
(037E0000 - 0396D000)
(77560000 - 77569000)
(77400000 - 77408000)
(77410000 - 77423000)
(727F0000 - 727F9000)
(72800000 - 72846000)
(728A0000 - 728A6000)
(70510000 - 7051A000)
(03F10000 - 03F41000)
(03F60000 - 03F9B000)
(74F90000 - 74F97000)
(75D40000 - 75D46000)
(74F70000 - 74F75000)
(74F40000 - 74F49000)
(74F30000 - 74F34000)
(66B00000 - 66B07000)
(70F30000 - 70F9E000)
State Dump for Thread Id 0x4fc
eax=00000000 ebx=027eb018 ecx=027ea100 edx=ffffffff
esi=027ea100 edi=013c4358
eip=0046d411 esp=0012e2a8 ebp=0012e2bc iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
0046d3f3 7471 jz 0047d366
0046d3f5 ff7604 push dword ptr
[esi+0x4] ds:032676d2=????????
0046d3f8 ff1524865300 call dword ptr
[00538624] ds:00538624=77e122f8
0046d3fe 85c0 test eax,eax
0046d400 7409 jz 0047d30b
0046d402 ff7604 push dword ptr
[esi+0x4] ds:032676d2=????????
0046d405 ff1520865300 call dword ptr
[00538620] ds:00538620=77e137c0
0046d40b 8b06 mov eax,
[esi] ds:027ea100=00000000
0046d40d 6a01 push 0x1
0046d40f 8bce mov ecx,esi
FAULT ->0046d411 ff5010 call dword ptr
[eax+0x10] ds:00a7d5d2=????????
0046d414 53 push ebx
0046d415 8d45fc lea eax,
[ebp+0xfc] ss:00bab88e=????????
0046d418 50 push eax
0046d419 8d4f04 lea ecx,
[edi+0x4] ds:01e4192a=666f7270
0046d41c e88d790200 call 00494dae
0046d421 5e pop esi
0046d422 5b pop ebx
0046d423 8d4774 lea eax,
[edi+0x74] ds:01e4192a=666f7270
0046d426 50 push eax
0046d427 ff153c815300 call dword ptr
[0053813c] ds:0053813c=77f8316d
0046d42d 837d0800 cmp dword ptr
[ebp+0x8],0x0 ss:00bab88e=????????
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0012E2BC 0048A0AF 00000001 013C405C 00000000 0048E6EC !
<nosymbols>
0012EC2C 004924B2 001A0110 00000111 00008001 00000001 !
<nosymbols>
0012EDF8 77E11D0A 001A0110 00000111 00008001 00000001 !
<nosymbols>
0012EE18 77E1350E 004920B9 001A0110 00000111 00008001
user32!DispatchMessageW
0012EE48 77E172F2 0071ADD8 00000111 00008001 00000001
user32!DefWindowProcW
0012EE68 00489D79 001A0110 00000111 00008001 00000001
user32!SendMessageA
0012EE98 004B567E 001A0110 0012F340 00000000 0000C10B !
<nosymbols>
0012F2E4 004B7261 001A0110 0000C10B 000001FA 0012F340 !
<nosymbols>
0012F398 0049214A 001A0110 0000C10B 000001FA 03B547E0 !
<nosymbols>
0012F564 77E11D0A 001A0110 0000C10B 000001FA 03B547E0 !
<nosymbols>
0012F584 77E11BC8 004920B9 001A0110 0000C10B 000001FA
user32!DispatchMessageW
0012F610 77E172B4 0012FE34 00000001 004C8B8D 0012FE34
user32!GetAppCompatFlags2
0012FE98 00526404 013D0000 00000000 00133F87 00000001
user32!DispatchMessageA
0012FFC0 77E9CA90 00000000 00000000 7FFDF000 C0000005 !
<nosymbols>
0012FFF0 00000000 00526283 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0012e2a8 01 00 00 00 90 3f 3c 01 - 02 00 00 00 c0 37 e1
77 .....?<......7.w
0012e2b8 58 43 3c 01 2c ec 12 00 - af a0 48 00 01 00 00
00 XC<.,.....H.....
0012e2c8 5c 40 3c 01 00 00 00 00 - ec e6 48 00 02 00 00
00 \@<.......H.....
0012e2d8 01 00 00 00 17 01 00 00 - 11 01 00 00 6c e4 12
00 ............l...
0012e2e8 01 00 00 00 0c e3 12 00 - f2 72 e1 77 18 bb 72
00 .........r.w..r.
0012e2f8 11 01 00 00 e1 00 00 04 - 7c 06 1b 00 01 00 00
00 ........|.......
0012e308 4a 05 45 00 3c e5 12 00 - da 40 2b 77 4a 05 45
00 J.E.<....@+wJ.E.
0012e318 11 01 00 00 e1 00 00 04 - 7c 06 1b 00 00 00 00
00 ........|.......
0012e328 e1 00 00 00 d4 ef 12 00 - 00 00 00 00 91 57 e1
77 .............W.w
0012e338 4a 05 45 00 00 00 00 00 - 00 00 00 00 01 00 00
00 J.E.............
0012e348 00 00 00 00 00 a1 7e 02 - 4e 00 00 00 ac e3 12
00 ......~.N.......
0012e358 f7 80 e1 77 4a 05 45 00 - 00 00 00 00 00 00 00
00 ...wJ.E.........
0012e368 00 00 00 00 01 00 00 00 - 02 00 00 00 00 00 00
00 ................
0012e378 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0012e388 00 00 00 00 8c 3c 2b 77 - 01 00 00 00 b0 e3 12
00 .....<+w........
0012e398 e1 3c 2b 77 01 00 00 00 - b0 e3 12 00 0c e4 12
00 .<+w............
0012e3a8 e0 e3 12 00 c3 3c 2b 77 - 01 00 00 00 cf 33 2b
77 .....<+w.....3+w
0012e3b8 01 00 00 00 14 e4 12 00 - 01 00 00 00 6f 34 2b
77 ............o4+w
0012e3c8 ff 03 00 00 14 e4 12 00 - 02 00 00 00 12 35 2b
77 .............5+w
0012e3d8 dc e3 12 00 e0 10 16 00 - 78 3f 2c 77 66 1b f4
77 ........x?,wf..w
State Dump for Thread Id 0x5cc
eax=004c4e68 ebx=00000002 ecx=7ffde000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=0156fea8 ebp=0156fef4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:01fed47b=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0156FEF4 77E12A00 0156FECC 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0156FF50 77E12A77 0156FF1C 00570EE4 FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
0156FF6C 004C4722 00000001 00570EE4 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
77E12A5A 104539C0 50C0950F FF1875FF 75FF1475 0875FF0C !
<nosymbols>
33EC8B55 00000000 00000000 00000000 00000000 00000000
<nosymbols>
State Dump for Thread Id 0x548
eax=00000102 ebx=77f8316d ecx=80020000 edx=00000000
esi=00142bf8 edi=00141a48
eip=77f83197 esp=0166ff78 ebp=0166ffa8 iopl=0 nv
up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000286
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:020ed54b=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0166FFA8 77D424DA 00141AC0 0166FFEC 77E887DD 00143EE0
ntdll!NtDelayExecution
0166FFB4 77E887DD 00143EE0 00000000 40143890 00143EE0
rpcrt4!NdrConformantArrayMemorySize
0166FFEC 00000000 77D424C2 00143EE0 00000000 62646772
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0166ff78 99 25 d4 77 01 00 00 00 - 90 ff 66 01 00 00 00
00 .%.w......f.....
0166ff88 90 38 14 40 e0 3e 14 00 - 00 5d 1e ee ff ff ff
ff .8.@.>...]......
0166ff98 00 5d 1e ee ff ff ff ff - 30 75 00 00 e0 3e 14
00 .]......0u...>..
0166ffa8 b4 ff 66 01 da 24 d4 77 - c0 1a 14 00 ec ff 66
01 ..f..$.w......f.
0166ffb8 dd 87 e8 77 e0 3e 14 00 - 00 00 00 00 90 38 14
40 ...w.>.......8.@
0166ffc8 e0 3e 14 00 00 c0 fd 7f - 54 3d 14 00 c0 ff 66
01 .>......T=....f.
0166ffd8 54 3d 14 00 ff ff ff ff - 56 18 ea 77 88 ae e8
77 T=......V..w...w
0166ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 c2 24 d4
77 .............$.w
0166fff8 e0 3e 14 00 00 00 00 00 - 72 67 64 62 01 00 00
00 .>......rgdb....
01670008 01 00 00 00 46 6a f3 06 - ce 00 00 00 00 00 00
00 ....Fj..........
01670018 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01670028 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01670038 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01670048 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01670058 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01670068 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01670078 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01670088 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01670098 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
016700a8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x66c
eax=0043e32d ebx=00000002 ecx=00000011 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=0178fe78 ebp=0178fec4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0220d44b=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0178FEC4 77E12A00 0178FE9C 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0178FF20 77E12A77 0178FEEC 0056A350 FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
0178FF3C 004432D5 00000001 0056A350 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
0178FF80 00523C79 00000000 77D93B53 0012F57C 013C3F00 !
<nosymbols>
0178FFB4 77E887DD 013C3F00 77D93B53 0012F57C 013C3F00 !
<nosymbols>
0178FFEC 00000000 00523C0D 013C3F00 00000000 22222222
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0178fe78 b7 7a e8 77 02 00 00 00 - 9c fe 78 01 01 00 00
00 .z.w......x.....
0178fe88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0178fe98 02 00 00 00 64 01 00 00 - 68 01 00 00 cc 2b e7
b6 ....d...h....+..
0178fea8 81 00 42 81 0a b0 46 80 - d0 5c 89 81 ec 1e 73
e3 ..B...F..\....s.
0178feb8 38 a0 e1 77 00 00 00 00 - 00 00 00 00 20 ff 78
01 8..w........ .x.
0178fec8 00 2a e1 77 9c fe 78 01 - 01 00 00 00 00 00 00
00 .*.w..x.........
0178fed8 00 00 00 00 00 00 00 00 - 45 27 e1 77 00 00 00
00 ........E'.w....
0178fee8 01 00 00 00 64 01 00 00 - 68 01 00 00 1b 55 45
80 ....d...h....UE.
0178fef8 00 00 00 82 00 00 00 02 - 44 2c e7 b6 04 22 49
80 ........D,..."I.
0178ff08 c8 d0 8b 81 90 13 02 e3 - 00 00 00 00 cc b6 fd
7f ................
0178ff18 00 00 00 00 68 01 00 00 - 3c ff 78 01 77 2a e1
77 ....h...<.x.w*.w
0178ff28 ec fe 78 01 50 a3 56 00 - ff ff ff ff ff 00 00
00 ..x.P.V.........
0178ff38 00 00 00 00 80 ff 78 01 - d5 32 44 00 01 00 00
00 ......x..2D.....
0178ff48 50 a3 56 00 00 00 00 00 - ff ff ff ff ff 00 00
00 P.V.............
0178ff58 53 3b d9 77 00 3f 3c 01 - 00 3f 3c 01 d4 4b 06
80 S;.w.?<..?<..K..
0178ff68 00 00 00 00 00 00 00 00 - 01 00 00 00 53 3b d9
77 ............S;.w
0178ff78 00 3f 3c 01 b4 ff 78 01 - b4 ff 78 01 79 3c 52
00 .?<...x...x.y<R.
0178ff88 00 00 00 00 53 3b d9 77 - 7c f5 12 00 00 3f 3c
01 ....S;.w|....?<.
0178ff98 40 0c 23 81 8c ff 78 01 - ff ff ff ff dc ff 78
01 @.#...x.......x.
0178ffa8 20 6b 52 00 c8 ca 54 00 - 00 00 00 00 ec ff 78
01 kR...T.......x.
State Dump for Thread Id 0x5c0
eax=00000000 ebx=00000004 ecx=00000001 edx=00000000
esi=77f837a7 edi=00000004
eip=77f837b2 esp=0210fd24 ebp=0210fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:02b8d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0210FD70 77E8A31D 0210FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0210FFB4 77E887DD 00000005 00156464 7FFDE000 0015C6A0
kernel32!WaitForMultipleObjects
0210FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x4ac
eax=01803637 ebx=01c44190 ecx=00000000 edx=00000000
esi=0220ff64 edi=77e17c12
eip=77e11d6b esp=0220fefc ebp=0220ff1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:02c8d4cf=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:02c8d4cf=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:02c8d4cf=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0220FF1C 017F4B49 0220FF64 00000000 00000000 00000000
user32!TranslateMessageEx
0220FF80 018036A3 01C43EA0 01C44100 00000000 01C44190 !
<nosymbols>
0220FFB4 77E887DD 01C44190 01C44100 00000000 01C44190 !
<nosymbols>
0220FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x5c8
eax=00000000 ebx=00000003 ecx=00000001 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=0230fe78 ebp=0230fec4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:02d8d44b=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0230FEC4 77E12A00 0230FE9C 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0230FF20 77E12A77 0230FEEC 01C43AFC FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
0230FF3C 017F3C81 00000002 01C43AFC 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
0230FF80 018036A3 00000001 01C40000 000001BD 01C44470 !
<nosymbols>
0230FFB4 77E887DD 01C44470 01C40000 000001BD 01C44470 !
<nosymbols>
0230FFEC 00000000 01803637 01C44470 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0230fe78 b7 7a e8 77 03 00 00 00 - 9c fe 30 02 01 00 00
00 .z.w......0.....
0230fe88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0230fe98 03 00 00 00 68 02 00 00 - 64 02 00 00 88 02 00
00 ....h...d.......
0230fea8 00 00 00 00 c0 29 80 01 - 58 44 c4 01 44 44 c4
01 .....)..XD..DD..
0230feb8 24 42 c4 01 68 5f c4 01 - b0 fe 30 02 20 ff 30
02 $B..h_....0. .0.
0230fec8 00 2a e1 77 9c fe 30 02 - 01 00 00 00 00 00 00
00 .*.w..0.........
0230fed8 00 00 00 00 00 00 00 00 - 45 27 e1 77 00 00 00
00 ........E'.w....
0230fee8 d8 39 c4 01 68 02 00 00 - 64 02 00 00 88 02 00
00 .9..h...d.......
0230fef8 d8 39 c4 01 08 f0 ba 03 - 00 00 00 00 08 f0 ba
03 .9..............
0230ff08 b4 37 7f 01 3c ff 30 02 - 00 00 00 00 cc 86 fd
7f .7..<.0.........
0230ff18 00 00 00 00 88 02 00 00 - 3c ff 30 02 77 2a e1
77 ........<.0.w*.w
0230ff28 ec fe 30 02 fc 3a c4 01 - ff ff ff ff ff 00 00
00 ..0..:..........
0230ff38 00 00 00 00 80 ff 30 02 - 81 3c 7f 01 02 00 00
00 ......0..<......
0230ff48 fc 3a c4 01 00 00 00 00 - ff ff ff ff ff 00 00
00 .:..............
0230ff58 00 00 c4 01 70 44 c4 01 - 70 44 c4 01 d4 4b 06
80 ....pD..pD...K..
0230ff68 00 00 00 00 00 00 00 00 - 01 00 00 00 00 00 c4
01 ................
0230ff78 70 44 c4 01 b4 ff 30 02 - b4 ff 30 02 a3 36 80
01 pD....0...0..6..
0230ff88 01 00 00 00 00 00 c4 01 - bd 01 00 00 70 44 c4
01 ............pD..
0230ff98 40 0c 23 81 8c ff 30 02 - ff ff ff ff dc ff 30
02 @.#...0.......0.
0230ffa8 f4 85 80 01 c0 f6 80 01 - 00 00 00 00 ec ff 30
02 ..............0.
State Dump for Thread Id 0x524
eax=00a24162 ebx=00000002 ecx=00000000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=0243fe4c ebp=0243fe98 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:02ebd41f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0243FE98 77E12A00 0243FE70 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0243FEF4 77E12A77 0243FEC0 01C4456C FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
0243FF10 017FC068 00000001 01C4456C 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
0243FF80 018036A3 00000001 00000000 77E888FC 01C45950 !
<nosymbols>
0243FFB4 77E887DD 01C45950 00000000 77E888FC 01C45950 !
<nosymbols>
0243FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x488
eax=02640014 ebx=00165820 ecx=001307d8 edx=00000000
esi=74fe93a0 edi=00000000
eip=77f837dc esp=0264ff84 ebp=0264ffb4 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: ZwRemoveIoCompletion
77f837d1 b8a8000000 mov eax,0xa8
77f837d6 8d542404 lea edx,
[esp+0x4] ss:030cd557=????????
77f837da cd2e int 2e
77f837dc c21400 ret 0x14
77f837df 53 push ebx
77f837e0 f7e1 mul ecx
77f837e2 8bd8 mov ebx,eax
77f837e4 8b442408 mov eax,
[esp+0x8] ss:030cd557=????????
77f837e8 f7642414 mul dword ptr
[esp+0x14] ss:030cd557=????????
77f837ec 03d8 add ebx,eax
77f837ee 8b442408 mov eax,
[esp+0x8] ss:030cd557=????????
77f837f2 f7e1 mul ecx
77f837f4 03d3 add edx,ebx
77f837f6 5b pop ebx
77f837f7 c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0264FFB4 77E887DD 74FD84C8 7FFD6000 00000000 00165820
ntdll!ZwRemoveIoCompletion
0264FFEC 00000000 74FD4766 00165820 00000000 00000000
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0264ff84 b8 47 fd 74 14 03 00 00 - bc ff 64 02 b0 ff 64
02 .G.t......d...d.
0264ff94 a4 ff 64 02 28 2c fd 74 - 00 60 fd 7f 00 00 00
00 ..d.(,.t.`......
0264ffa4 00 00 00 00 00 00 00 00 - 00 00 fd 74 40 05 15
00 ...........t@...
0264ffb4 ec ff 64 02 dd 87 e8 77 - c8 84 fd 74 00 60 fd
7f ..d....w...t.`..
0264ffc4 00 00 00 00 20 58 16 00 - 00 50 fd 7f 0a 00 00
00 .... X...P......
0264ffd4 c0 ff 64 02 0a 00 00 00 - ff ff ff ff 56 18 ea
77 ..d.........V..w
0264ffe4 88 ae e8 77 00 00 00 00 - 00 00 00 00 00 00 00
00 ...w............
0264fff4 66 47 fd 74 20 58 16 00 - 00 00 00 00 00 00 00
00 fG.t X..........
02650004 1e 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
02650014 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
02650024 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
02650034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
02650044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
02650054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
02650064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
02650074 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
02650084 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
02650094 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
026500a4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
026500b4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x534
eax=ffffffff ebx=ffffffff ecx=00158710 edx=00000000
esi=7fffffff edi=00000102
eip=77f83786 esp=029cfacc ebp=029cfb04 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:0344d09f=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
029CFB04 74FD7EE6 000003B0 000003B4 00000000 00000004
ntdll!NtWaitForSingleObject
029CFBF0 75031DA9 00000001 029CFE84 029CFC7C 029CFD80
msafd!WSPSetSockOpt
029CFC54 7021E1F5 00000001 029CFE84 029CFC7C 029CFD80
ws2_32!select
029CFFB0 7021E35B 77E887DD 0017F790 77B32860 0017F620 !
InternetGetConnectedStateExW
029CFFEC 00000000 00000000 00000000 00000000 00000000 !
InternetGetConnectedStateExW
*----> Raw Stack Dump <----*
029cfacc d2 bc fd 74 b0 03 00 00 - 01 00 00 00 f0 fa 9c
02 ...t............
029cfadc 84 fe 9c 02 78 fb 9c 02 - 68 fb 9c 02 de cf cf
d3 ....x...h.......
029cfaec 0b 79 c3 01 ff ff ff ff - ff ff ff 7f 00 02 18
00 .y..............
029cfafc 00 00 00 00 00 00 00 00 - f0 fb 9c 02 e6 7e fd
74 .............~.t
029cfb0c b0 03 00 00 b4 03 00 00 - 00 00 00 00 04 00 00
00 ................
029cfb1c 80 fd 9c 02 28 02 18 00 - 7c fc 9c 02 00 00 00
00 ....(...|.......
029cfb2c 00 00 00 00 80 0f 05 fd - ff ff ff ff ff ff ff
ff ................
029cfb3c dc fb 9c 02 40 b7 fc 77 - b8 0c 13 00 c0 3e 1a
00 [email protected].....>..
029cfb4c 5c 90 27 70 c0 3e 1a 00 - c0 3e 1a 00 f5 78 fd
74 \.'p.>...>...x.t
029cfb5c 18 4f 19 00 00 00 00 00 - 00 00 00 00 80 0f 05
fd .O..............
029cfb6c ff ff ff ff 01 00 00 00 - 00 fb 9c 02 b4 03 00
00 ................
029cfb7c 19 00 00 00 00 00 13 00 - 08 00 00 00 00 87 15
00 ................
029cfb8c f8 fb 9c 02 00 00 13 00 - 03 00 00 00 00 ff ff
ff ................
029cfb9c 24 fb 9c 02 a4 70 20 70 - 01 53 f8 77 00 00 13
00 $....p p.S.w....
029cfbac 00 02 18 00 00 3e 1a 00 - 00 00 00 00 68 fb 9c
02 .....>......h...
029cfbbc 2c 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ,...............
029cfbcc 14 fc 9c 02 95 2b f8 77 - 84 fb 9c 02 1c fb 9c
02 .....+.w........
029cfbdc 24 fc 9c 02 44 fc 9c 02 - 36 df fd 74 78 30 fd
74 $...D...6..tx0.t
029cfbec ff ff ff ff 54 fc 9c 02 - a9 1d 03 75 01 00 00
00 ....T......u....
029cfbfc 84 fe 9c 02 7c fc 9c 02 - 80 fd 9c 02 88 ff 9c
02 ....|...........
State Dump for Thread Id 0x67c
eax=00000102 ebx=00000002 ecx=01010101 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=02acfe5c ebp=02acfea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0354d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
02ACFEA8 77E12A00 02ACFE80 00000001 00000000 02ACFEA0
ntdll!NtWaitForMultipleObjects
02ACFF04 77E12A77 02ACFED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
02ACFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
02ACFF74 70C1AB1B 02ACFFA0 02ACFFA4 02ACFFA8 02ACFF9C !
Ordinal265
02ACFFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
02ACFFEC 00000000 70C1ACAF 00000000 00000000 02AD00E4 !
Ordinal293
*----> Raw Stack Dump <----*
02acfe5c b7 7a e8 77 02 00 00 00 - 80 fe ac 02 01 00 00
00 .z.w............
02acfe6c 00 00 00 00 a0 fe ac 02 - 00 00 00 00 00 00 00
00 ................
02acfe7c 02 00 00 00 a8 03 00 00 - bc 03 00 00 c8 76 1d
00 .............v..
02acfe8c c0 da 22 00 c8 76 1d 00 - 78 01 13 00 c0 76 1d
00 .."..v..x....v..
02acfe9c 18 36 f8 77 00 ba 3c dc - ff ff ff ff 04 ff ac
02 .6.w..<.........
02acfeac 00 2a e1 77 80 fe ac 02 - 01 00 00 00 00 00 00
00 .*.w............
02acfebc a0 fe ac 02 00 00 00 00 - 60 ea 00 00 18 bb c2
70 ........`......p
02acfecc 00 00 00 00 a8 03 00 00 - bc 03 00 00 20 ff ac
02 ............ ...
02acfedc 95 2b f8 77 18 36 f8 77 - ff ff ff ff 30 ff ac
02 .+.w.6.w....0...
02acfeec 82 73 e8 77 00 00 13 00 - 00 00 00 00 cc e6 fa
7f .s.w............
02acfefc 00 00 00 00 bc 03 00 00 - 20 ff ac 02 77 2a e1
77 ........ ...w*.w
02acff0c d0 fe ac 02 38 bb c2 70 - 60 ea 00 00 41 00 00
00 ....8..p`...A...
02acff1c 00 00 00 00 74 ff ac 02 - 93 a7 c1 70 01 00 00
00 ....t......p....
02acff2c 38 bb c2 70 00 00 00 00 - 60 ea 00 00 41 00 00
00 8..p....`...A...
02acff3c 20 bb c2 70 18 bb c2 70 - 00 00 00 00 ba 8c 20
70 ..p...p...... p
02acff4c 01 00 00 00 c8 05 18 00 - 00 00 00 00 86 8c 20
70 .............. p
02acff5c 00 00 00 00 41 04 21 70 - 48 4d f3 06 18 bb c2
70 ....A.!pHM.....p
02acff6c 60 ea 00 00 01 00 00 00 - ac ff ac 02 1b ab c1
70 `..............p
02acff7c a0 ff ac 02 a4 ff ac 02 - a8 ff ac 02 9c ff ac
02 ................
02acff8c 60 ea 00 00 00 00 00 00 - 00 00 bd 70 00 00 00
00 `..........p....
State Dump for Thread Id 0x6c4
eax=0017b944 ebx=0338ff74 ecx=702b4f00 edx=00000000
esi=77f8377b edi=00000434
eip=77f83786 esp=0338ff58 ebp=0338ff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:03e0d52b=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0338FF7C 77E87837 00000434 000927C0 00000000 70CFD855
ntdll!NtWaitForSingleObject
77F8316D 4AFFC033 E0850F08 89000005 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
*----> Raw Stack Dump <----*
0338ff58 0f 78 e8 77 34 04 00 00 - 00 00 00 00 74 ff 38
03 .x.w4.......t.8.
0338ff68 00 00 00 00 60 f5 ad 02 - 3c 31 f8 77 00 44 5f
9a ....`...<1.w.D_.
0338ff78 fe ff ff ff 6d 31 f8 77 - 37 78 e8 77 34 04 00
00 ....m1.w7x.w4...
0338ff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 34 04 00
00 .'......U..p4...
0338ff98 c0 27 09 00 08 cd 1a 00 - 60 f5 ad 02 ec ff 38
03 .'......`.....8.
0338ffa8 60 f5 ad 02 95 d7 cf 70 - 08 cd 1a 00 6f d7 cf
70 `......p....o..p
0338ffb8 dd 87 e8 77 60 f5 ad 02 - 08 cd 1a 00 08 cd 1a
00 ...w`...........
0338ffc8 60 f5 ad 02 00 d0 fa 7f - 08 36 f8 77 c0 ff 38
03 `........6.w..8.
0338ffd8 08 36 f8 77 ff ff ff ff - 56 18 ea 77 88 ae e8
77 .6.w....V..w...w
0338ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf
70 ............f..p
0338fff8 60 f5 ad 02 00 00 00 00 - c8 00 00 00 00 01 00
00 `...............
03390008 ff ee ff ee 02 00 00 00 - 00 00 00 00 00 fe 00
00 ................
03390018 00 00 10 00 00 20 00 00 - 00 02 00 00 00 20 00
00 ..... ....... ..
03390028 b5 01 00 00 ff ef fd 7f - 11 00 08 06 00 00 00
00 ................
03390038 00 00 00 00 00 00 00 00 - 00 00 00 00 98 05 39
03 ..............9.
03390048 0f 00 00 00 f8 ff ff ff - 50 00 39 03 50 00 39
03 ........P.9.P.9.
03390058 40 06 39 03 00 00 00 00 - 00 00 00 00 00 00 00
00 @.9.............
03390068 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
03390078 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
03390088 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x510
eax=00000102 ebx=000493e0 ecx=00000102 edx=00000000
esi=00142df8 edi=000493e0
eip=77f837dc esp=0358febc ebp=0358fee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: ZwRemoveIoCompletion
77f837d1 b8a8000000 mov eax,0xa8
77f837d6 8d542404 lea edx,
[esp+0x4] ss:0400d48f=????????
77f837da cd2e int 2e
77f837dc c21400 ret 0x14
77f837df 53 push ebx
77f837e0 f7e1 mul ecx
77f837e2 8bd8 mov ebx,eax
77f837e4 8b442408 mov eax,
[esp+0x8] ss:0400d48f=????????
77f837e8 f7642414 mul dword ptr
[esp+0x14] ss:0400d48f=????????
77f837ec 03d8 add ebx,eax
77f837ee 8b442408 mov eax,
[esp+0x8] ss:0400d48f=????????
77f837f2 f7e1 mul ecx
77f837f4 03d3 add edx,ebx
77f837f6 5b pop ebx
77f837f7 c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0358FEE4 77D40090 000000DC 0358FF1C 0358FF0C 0358FF14
ntdll!ZwRemoveIoCompletion
0358FF20 77D48565 000493E0 0358FF60 0358FF5C 0358FF70
rpcrt4!PerformRpcInitialization
0358FF74 77D48444 77D42528 00142DF8 00000008 0012DE30
rpcrt4!NdrClientContextUnmarshall
0358FFA8 77D424DA 001832F8 0358FFEC 77E887DD 001A5550
rpcrt4!NdrClientContextUnmarshall
0358FFB4 77E887DD 001A5550 00000008 0012DE30 001A5550
rpcrt4!NdrConformantArrayMemorySize
0358FFEC 00000000 77D424C2 001A5550 00000000 00000008
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0358febc 2e 79 e8 77 dc 00 00 00 - 0c ff 58 03 fc fe 58
03 .y.w......X...X.
0358fecc dc fe 58 03 d4 fe 58 03 - 00 a2 2f 4d ff ff ff
ff ..X...X.../M....
0358fedc 00 00 00 00 00 00 00 00 - 20 ff 58 03 90 00 d4
77 ........ .X....w
0358feec dc 00 00 00 1c ff 58 03 - 0c ff 58 03 14 ff 58
03 ......X...X...X.
0358fefc e0 93 04 00 e0 93 04 00 - f8 2d 14 00 b2 73 e8
77 .........-...s.w
0358ff0c 10 00 00 00 dc 00 00 00 - 00 00 00 00 64 1c 7f
b7 ............d...
0358ff1c 00 00 00 00 74 ff 58 03 - 65 85 d4 77 e0 93 04
00 ....t.X.e..w....
0358ff2c 60 ff 58 03 5c ff 58 03 - 70 ff 58 03 58 ff 58
03 `.X.\.X.p.X.X.X.
0358ff3c 64 ff 58 03 6c ff 58 03 - 48 1a 14 00 f8 32 18
00 d.X.l.X.H....2..
0358ff4c 50 55 1a 00 dc 00 00 00 - 00 00 00 00 00 00 00
00 PU..............
0358ff5c 00 7a 24 81 00 00 00 00 - 00 00 00 00 01 00 00
00 .z$.............
0358ff6c 00 00 00 00 dc 00 00 00 - a8 ff 58 03 44 84 d4
77 ..........X.D..w
0358ff7c 28 25 d4 77 f8 2d 14 00 - 08 00 00 00 30 de 12
00 (%.w.-......0...
0358ff8c 50 55 1a 00 00 00 00 00 - db 0d 43 80 40 0c 23
81 PU........C.@.#.
0358ff9c 20 c0 31 81 ff ff ff ff - 50 55 1a 00 b4 ff 58
03 .1.....PU....X.
0358ffac da 24 d4 77 f8 32 18 00 - ec ff 58 03 dd 87 e8
77 .$.w.2....X....w
0358ffbc 50 55 1a 00 08 00 00 00 - 30 de 12 00 50 55 1a
00 PU......0...PU..
0358ffcc 00 c0 fa 7f ce b1 f8 77 - c0 ff 58 03 ce b1 f8
77 .......w..X....w
0358ffdc ff ff ff ff 56 18 ea 77 - 88 ae e8 77 00 00 00
00 ....V..w...w....
0358ffec 00 00 00 00 00 00 00 00 - c2 24 d4 77 50 55 1a
00 .........$.wPU..
State Dump for Thread Id 0x2e8
eax=00000001 ebx=00000002 ecx=03afffb0 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=03afff24 ebp=03afff70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0457d4f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
03AFFF70 77E8A31D 03AFFF48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
03AFFFB4 77E887DD 00000000 7FFDEBF8 00000000 00000000
kernel32!WaitForMultipleObjects
03AFFFEC 00000000 77562BDA 00000000 00000000 877A0EE8
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
03afff24 b7 7a e8 77 02 00 00 00 - 48 ff af 03 01 00 00
00 .z.w....H.......
03afff34 00 00 00 00 00 00 00 00 - f8 eb fd 7f 00 00 00
00 ................
03afff44 00 00 00 00 94 04 00 00 - 90 04 00 00 b0 7f 1a
00 ................
03afff54 00 00 00 00 01 01 01 00 - 01 01 01 00 24 d1 e8
77 ............$..w
03afff64 37 78 e8 77 8c 04 00 00 - c4 7d e8 77 b4 ff af
03 7x.w.....}.w....
03afff74 1d a3 e8 77 48 ff af 03 - 01 00 00 00 00 00 00
00 ...wH...........
03afff84 00 00 00 00 00 00 00 00 - 1a 2c 56 77 02 00 00
00 .........,Vw....
03afff94 a4 ff af 03 00 00 00 00 - ff ff ff ff 00 00 00
00 ................
03afffa4 94 04 00 00 90 04 00 00 - 01 00 00 00 03 00 00
00 ................
03afffb4 ec ff af 03 dd 87 e8 77 - 00 00 00 00 f8 eb fd
7f .......w........
03afffc4 00 00 00 00 00 00 00 00 - 00 b0 fa 7f 45 00 00
00 ............E...
03afffd4 c0 ff af 03 45 00 00 00 - ff ff ff ff 56 18 ea
77 ....E.......V..w
03afffe4 88 ae e8 77 00 00 00 00 - 00 00 00 00 00 00 00
00 ...w............
03affff4 da 2b 56 77 00 00 00 00 - 00 00 00 00 e8 0e 7a
87 .+Vw..........z.
03b00004 84 ee a4 77 4a 48 a3 9a - 84 72 69 ae 84 c6 d3
f1 ...wJH...ri.....
03b00014 12 9a 44 27 49 68 32 fd - a8 84 a6 d0 bb 24 34
95 ..D'Ih2......$4.
03b00024 de 2d a1 69 f4 4f 24 34 - 9d de 23 a1 19 34 4f
42 .-.i.O$4..#..4OB
03b00034 f9 f4 5e 09 cd a4 f7 49 - 68 16 fd 98 84 3e 4e
3f ..^....Ih....>N?
03b00044 21 a1 d9 f4 93 12 9a 43 - e7 48 a8 80 16 48 e8
4f !......C.H...H.O
03b00054 e9 fd 12 7a 80 3e 28 a1 - b9 f4 21 f6 a3 9a 79
45 ...z.>(...!...yE
State Dump for Thread Id 0x69c
eax=70cfd766 ebx=00000000 ecx=0000000c edx=00000000
esi=77f8377b edi=000004dc
eip=77f83786 esp=03eaff54 ebp=03eaff78 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:0492d527=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
03EAFF78 77E87837 000004DC FFFFFFFF 00000000 70D1009A
ntdll!NtWaitForSingleObject
FFFFFFFF 00000000 00000000 00000000 00000000 00000000
kernel32!WaitForSingleObject
State Dump for Thread Id 0x11c
eax=042cf868 ebx=00000000 ecx=77d42e04 edx=00000000
esi=77f8377b edi=00000544
eip=77f83786 esp=042cff64 ebp=042cff88 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:04d4d537=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
042CFF88 77E87837 00000544 FFFFFFFF 00000000 75033650
ntdll!NtWaitForSingleObject
77F8313C 8B000000 83042454 0F00147A 016F3E85 42FF9000
kernel32!WaitForSingleObject
180D8B64 00000000 00000000 00000000 00000000 00000000
<nosymbols>
*----> Raw Stack Dump <----*
042cff64 0f 78 e8 77 44 05 00 00 - 00 00 00 00 00 00 00
00 .x.wD...........
042cff74 08 89 22 00 08 89 22 00 - d0 07 04 75 00 80 fa
7f .."..."....u....
042cff84 00 80 fa 7f 3c 31 f8 77 - 37 78 e8 77 44 05 00
00 ....<1.w7x.wD...
042cff94 ff ff ff ff 00 00 00 00 - 50 36 03 75 44 05 00
00 ........P6.uD...
042cffa4 ff ff ff ff 00 90 fa 7f - 00 00 00 00 ec ff 2c
04 ..............,.
042cffb4 08 89 22 00 dd 87 e8 77 - 44 05 00 00 00 90 fa
7f .."....wD.......
042cffc4 00 00 00 00 08 89 22 00 - 00 80 fa 7f 00 00 00
00 ......".........
042cffd4 c0 ff 2c 04 00 00 00 00 - ff ff ff ff 56 18 ea
77 ..,.........V..w
042cffe4 88 ae e8 77 00 00 00 00 - 00 00 00 00 00 00 00
00 ...w............
042cfff4 20 36 03 75 08 89 22 00 - 00 00 00 00 00 00 00
00 6.u..".........
042d0004 00 00 01 00 00 10 00 00 - 00 00 00 00 c8 05 13
00 ................
042d0014 00 80 19 00 00 10 00 00 - 00 00 00 00 d0 00 2d
04 ..............-.
042d0024 00 60 1f 00 00 10 00 00 - 00 00 00 00 50 00 2d
04 .`..........P.-.
042d0034 00 f0 1a 00 00 10 00 00 - 00 00 00 00 60 00 2d
04 ............`.-.
042d0044 00 00 00 00 00 00 00 00 - 00 00 00 00 90 00 2d
04 ..............-.
042d0054 00 c0 1c 00 00 10 00 00 - 00 00 00 00 c0 00 2d
04 ..............-.
042d0064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 01 2d
04 ..............-.
042d0074 00 a0 b7 03 00 40 00 00 - 00 00 00 00 20 01 2d
04 .....@...... .-.
042d0084 00 00 00 00 00 00 00 00 - 00 00 00 00 10 01 2d
04 ..............-.
042d0094 00 e0 1c 00 00 10 00 00 - 00 00 00 00 f0 00 2d
04 ..............-.
State Dump for Thread Id 0x4d4
eax=00000008 ebx=043fff74 ecx=02b45b90 edx=00000000
esi=77f8377b edi=000004fc
eip=77f83786 esp=043fff58 ebp=043fff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:04e7d52b=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
043FFF7C 77E87837 000004FC 000927C0 00000000 70CFD855
ntdll!NtWaitForSingleObject
77F8316D 4AFFC033 E0850F08 89000005 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
*----> Raw Stack Dump <----*
043fff58 0f 78 e8 77 fc 04 00 00 - 00 00 00 00 74 ff 3f
04 .x.w........t.?.
043fff68 00 00 00 00 b0 35 ad 02 - 3c 31 f8 77 00 44 5f
9a .....5..<1.w.D_.
043fff78 fe ff ff ff 6d 31 f8 77 - 37 78 e8 77 fc 04 00
00 ....m1.w7x.w....
043fff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 fc 04 00
00 .'......U..p....
043fff98 c0 27 09 00 00 00 00 00 - b0 35 ad 02 ec ff 3f
04 .'.......5....?.
043fffa8 b0 35 ad 02 95 d7 cf 70 - 00 00 00 00 6f d7 cf
70 .5.....p....o..p
043fffb8 dd 87 e8 77 b0 35 ad 02 - 00 00 00 00 00 00 00
00 ...w.5..........
043fffc8 b0 35 ad 02 00 70 fa 7f - 00 00 00 00 c0 ff 3f
04 .5...p........?.
043fffd8 00 00 00 00 ff ff ff ff - 56 18 ea 77 88 ae e8
77 ........V..w...w
043fffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf
70 ............f..p
043ffff8 b0 35 ad 02 00 00 00 00 - 17 ef c8 ca 01 00 00
00 .5..............
04400008 00 00 00 00 00 00 00 00 - 6d 1a 2c 14 2b 00 2b
00 ........m.,.+.+.
04400018 41 ca 86 a1 32 00 15 00 - 2e ab 86 17 18 00 18
00 A...2...........
04400028 4e 79 36 e1 10 00 10 00 - fb a0 a2 ac 14 00 14
00 Ny6.............
04400038 b9 00 6b a2 1c 00 12 00 - 30 eb 4c d8 14 00 16
00 ..k.....0.L.....
04400048 00 00 00 00 00 00 00 00 - 7f 09 e8 2a 5b 00 0e
00 ...........*[...
04400058 7a 62 a2 ce 4b 00 11 00 - 4a 26 9e 70 61 00 13
00 zb..K...J&.pa...
04400068 90 1e 99 e6 5e 00 1e 00 - 57 b3 a4 41 80 01 20
01 ....^...W..A.. .
04400078 08 19 09 78 10 00 10 00 - 38 b8 26 de 88 01 58
02 ...x....8.&...X.
04400088 02 97 7f a2 34 00 15 00 - 30 cf 34 54 09 00 09
00 ....4...0.4T....
State Dump for Thread Id 0x5ac
eax=00000102 ebx=8119a2c0 ecx=8119a2c0 edx=00000000
esi=00143d98 edi=00143dd8
eip=77f83bb8 esp=04edfe28 ebp=04edff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:0595d3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
04EDFF74 77D420D9 77D42528 00143D98 01460178 00000000
ntdll!NtReplyWaitReceivePortEx
04EDFFA8 77D424DA 001CB5C8 04EDFFEC 77E887DD 001D00E0
rpcrt4!NdrConformantArrayMemorySize
04EDFFB4 77E887DD 001D00E0 01460178 00000000 001D00E0
rpcrt4!NdrConformantArrayMemorySize
04EDFFEC 00000000 77D424C2 001D00E0 00000000 11111111
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
04edfe28 85 22 d4 77 d8 00 00 00 - 54 ff ed 04 00 00 00
00 .".w....T.......
04edfe38 e8 93 21 00 00 00 00 00 - 48 1a 14 00 c8 b5 1c
00 ..!.....H.......
04edfe48 e0 00 1d 00 0c 4b 29 81 - ac 9b d6 b6 65 f1 44
80 .....K).....e.D.
04edfe58 88 46 22 81 0c 4b 29 81 - d8 fd 9c 01 10 fe 9c
01 .F"..K).........
04edfe68 04 00 00 00 2c 9b d6 b6 - 40 6a 89 81 03 00 1f
00 ....,...@j......
04edfe78 08 4b 29 81 a4 46 22 81 - c0 9b d6 b6 54 1d 49
80 .K)..F".....T.I.
04edfe88 93 20 49 80 88 46 22 81 - 77 20 49 80 40 6a 89
81 . I..F".w I.@j..
04edfe98 03 00 1f 00 08 4b 29 81 - 38 9b d6 b6 00 4b 29
81 .....K).8....K).
04edfea8 58 dd 14 e2 ac 02 00 00 - 08 4b 29 81 08 4b 29
81 X........K)..K).
04edfeb8 38 9d d6 b6 8c 05 46 80 - 68 29 40 80 ff ff ff
ff 8.....F.h)@.....
04edfec8 08 9c d6 b6 55 54 4a 80 - 88 46 22 81 f4 9b d6
b6 ....UTJ..F".....
04edfed8 08 4b 29 81 68 1c 4b 81 - 00 00 00 00 00 00 00
00 .K).h.K.........
04edfee8 00 00 00 00 00 00 00 00 - 04 02 00 00 00 00 00
00 ................
04edfef8 48 dd 14 e2 00 00 00 00 - 38 7f bd 62 88 46 22
81 H.......8..b.F".
04edff08 48 dd 14 e2 d8 50 50 c0 - b9 01 00 00 00 20 50
c0 H....PP...... P.
04edff18 01 00 00 00 c8 be 19 00 - 8c 0a 00 00 d8 50 50
c0 .............PP.
04edff28 00 20 50 c0 40 0c 23 81 - c0 a2 19 81 00 00 00
00 . P.@.#.........
04edff38 c0 a2 19 81 50 a4 19 81 - 64 9c d6 b6 f3 da 42
80 ....P...d.....B.
04edff48 a4 da 42 80 d4 4b 06 80 - 20 a4 19 81 c0 a2 19
81 ..B..K.. .......
04edff58 00 a2 2f 4d ff ff ff ff - 50 fe ed 04 ff ff ff
ff ../M....P.......
State Dump for Thread Id 0x6f4
eax=0509f7f8 ebx=00000002 ecx=0015bf18 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=0509fd30 ebp=0509fd7c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:05b1d303=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0509FD7C 77E12A00 0509FD54 00000001 00000000 0509FD74
ntdll!NtWaitForMultipleObjects
0509FDD8 77E12A77 0509FDA4 0509FE28 0000EA60 000000FF
user32!MsgWaitForMultipleObjectsEx
0509FDF4 017F545C 00000001 0509FE28 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00000001 00000000 00000000 00000000 00000000 00000000 !
<nosymbols>
*----> Raw Stack Dump <----*
0509fd30 b7 7a e8 77 02 00 00 00 - 54 fd 09 05 01 00 00
00 .z.w....T.......
0509fd40 00 00 00 00 74 fd 09 05 - 00 00 00 00 00 00 00
00 ....t...........
0509fd50 02 00 00 00 18 02 00 00 - 74 02 00 00 80 3d c4
01 ........t....=..
0509fd60 f7 01 00 00 a2 7a e1 77 - 10 01 1a 00 0b c1 00
00 .....z.w........
0509fd70 f7 01 00 00 00 ba 3c dc - ff ff ff ff d8 fd 09
05 ......<.........
0509fd80 00 2a e1 77 54 fd 09 05 - 01 00 00 00 00 00 00
00 .*.wT...........
0509fd90 74 fd 09 05 00 00 00 00 - 00 00 00 00 a0 3e c4
01 t............>..
0509fda0 60 ea 00 00 18 02 00 00 - 74 02 00 00 00 00 00
00 `.......t.......
0509fdb0 00 00 00 00 a4 fd 09 05 - 20 fe 09 05 14 fe 09
05 ........ .......
0509fdc0 f4 85 80 01 b0 f6 80 01 - 00 00 00 00 cc 66 fd
7f .............f..
0509fdd0 00 00 00 00 74 02 00 00 - f4 fd 09 05 77 2a e1
77 ....t.......w*.w
0509fde0 a4 fd 09 05 28 fe 09 05 - 60 ea 00 00 ff 00 00
00 ....(...`.......
0509fdf0 00 00 00 00 01 00 00 00 - 5c 54 7f 01 01 00 00
00 ........\T......
0509fe00 28 fe 09 05 00 00 00 00 - 60 ea 00 00 ff 00 00
00 (.......`.......
0509fe10 a0 3e c4 01 18 de 80 01 - 80 ff 09 05 00 00 00
00 .>..............
0509fe20 01 00 00 00 01 00 00 00 - 18 02 00 00 15 c1 80
01 ................
0509fe30 ff ff ff ff 80 ff 09 05 - 6e 56 7f 01 00 00 00
00 ........nV......
0509fe40 f8 db 80 01 18 de 80 01 - 20 df 80 01 7d 56 7f
01 ........ ...}V..
0509fe50 a0 3e c4 01 01 80 00 00 - e0 59 c4 01 e0 59 c4
01 .>.......Y...Y..
0509fe60 00 80 fd 7f fc 07 30 c0 - 00 00 00 00 28 88 24
81 ......0.....(.$.
State Dump for Thread Id 0x550
eax=00000000 ebx=00000002 ecx=017f0000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=051afe50 ebp=051afe9c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:05c2d423=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
051AFE9C 77E12A00 051AFE74 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
051AFEF8 77E12A77 051AFEC4 0181440C FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
051AFF14 01800D9A 00000001 0181440C 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
051AFF80 018036A3 00000001 0000010B 77FCB650 01C45ED8 !
<nosymbols>
051AFFB4 77E887DD 01C45ED8 0000010B 77FCB650 01C45ED8 !
<nosymbols>
051AFFEC 00000000 01803637 01C45ED8 00000000 FFFFFFFF
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
051afe50 b7 7a e8 77 02 00 00 00 - 74 fe 1a 05 01 00 00
00 .z.w....t.......
051afe60 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
051afe70 02 00 00 00 90 01 00 00 - 0c 03 00 00 00 00 00
00 ................
051afe80 00 00 00 00 6c ff 1a 05 - cd ab ba dc 18 ff 1a
05 ....l...........
051afe90 c8 1b e1 77 85 0a 80 01 - 54 02 68 00 f8 fe 1a
05 ...w....T.h.....
051afea0 00 2a e1 77 74 fe 1a 05 - 01 00 00 00 00 00 00
00 .*.wt...........
051afeb0 00 00 00 00 00 00 00 00 - f4 43 81 01 00 00 00
00 .........C......
051afec0 45 27 e1 77 90 01 00 00 - 0c 03 00 00 e8 fe 1a
05 E'.w............
051afed0 2f 21 e1 77 cd c0 00 00 - 6c ff 1a 05 50 80 6b
00 /!.w....l...P.k.
051afee0 00 40 fd 7f 45 27 e1 77 - 00 00 00 00 cc 46 fd
7f [email protected]'.w.....F..
051afef0 00 00 00 00 0c 03 00 00 - 14 ff 1a 05 77 2a e1
77 ............w*.w
051aff00 c4 fe 1a 05 0c 44 81 01 - ff ff ff ff ff 00 00
00 .....D..........
051aff10 00 00 00 00 80 ff 1a 05 - 9a 0d 80 01 01 00 00
00 ................
051aff20 0c 44 81 01 00 00 00 00 - ff ff ff ff ff 00 00
00 .D..............
051aff30 d8 5e c4 01 0b 01 00 00 - d8 5e c4 01 03 00 00
00 .^.......^......
051aff40 85 0a 80 01 00 00 00 00 - 00 00 00 00 00 00 7f
01 ................
051aff50 00 00 00 00 11 00 01 00 - 00 00 00 00 00 00 00
00 ................
051aff60 ec f3 80 01 54 02 68 00 - cd c0 00 00 00 00 00
00 ....T.h.........
051aff70 00 00 00 00 6f 49 f3 06 - d7 02 00 00 b0 02 00
00 ....oI..........
051aff80 b4 ff 1a 05 a3 36 80 01 - 01 00 00 00 0b 01 00
00 .....6..........
Application exception occurred:
App: svchost.exe (pid=396)
When: 10/1/2003 @ 09:25:01.093
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: SYSTEM
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
532 rtvscan.exe
572 regsvc.exe
376 mstask.exe
652 stisvc.exe
696 WinMgmt.exe
712 mspmspsv.exe
724 svchost.exe
1036 explorer.exe
1104 igfxtray.exe
1112 hkcmd.exe
1136 vptray.exe
1172 FINDFAST.exe
1220 OSA.exe
1208 ipmsg.exe
1192 EXTRA.exe
1376 aomdemon.exe
1116 DRWTSN32.exe
0 _Total.exe
(01000000 - 01005000)
(77F80000 - 77FFB000)
(77DB0000 - 77E0D000)
(77E80000 - 77F36000)
(77D30000 - 77DA1000)
(77A50000 - 77B45000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(76190000 - 761CD000)
(78000000 - 78046000)
(77C10000 - 77C6E000)
(75030000 - 75043000)
(75020000 - 75028000)
(77BE0000 - 77BEF000)
(74FF0000 - 75002000)
(77980000 - 779A4000)
(75050000 - 75058000)
(74FD0000 - 74FED000)
(75010000 - 75017000)
(782C0000 - 782CC000)
(77340000 - 77353000)
(77520000 - 77525000)
(77320000 - 77337000)
(75150000 - 75160000)
(75170000 - 751BF000)
(751C0000 - 751C6000)
(77950000 - 7797A000)
(779B0000 - 77A4B000)
(773B0000 - 773DE000)
(77380000 - 773A2000)
(77830000 - 7783E000)
(77880000 - 7790D000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(71710000 - 71794000)
(70BD0000 - 70C35000)
(77360000 - 77379000)
(777E0000 - 777E8000)
(777F0000 - 777F5000)
(775A0000 - 77625000)
(782D0000 - 782EE000)
State Dump for Thread Id 0x188
eax=00000004 ebx=00000000 ecx=00000000 edx=00000000
esi=00000000 edi=00000048
eip=77f839eb esp=0006fc38 ebp=0006fca8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtReadFile
77f839e0 b8a1000000 mov eax,0xa1
77f839e5 8d542404 lea edx,
[esp+0x4] ss:00aed20b=????????
77f839e9 cd2e int 2e
77f839eb c22400 ret 0x24
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006FCA8 77DB2252 00000048 0006FD80 00000216 0006FCD0
ntdll!NtReadFile
0006FCD4 77DB20F2 00000048 0006FD80 00000216 0006FD0C
advapi32!StartServiceCtrlDispatcherW
0006FD50 77DB1E43 00000048 0006FD80 00000216 00074958
advapi32!StartServiceCtrlDispatcherW
0006FFB0 0100113D 00074958 00720065 004E0000 77E9CA90
advapi32!StartServiceCtrlDispatcherW
0006FFF0 00000000 010010B8 00000000 000000C8 00000100
svchost!<nosymbols>
*----> Raw Stack Dump <----*
0006fc38 07 7f e8 77 48 00 00 00 - 00 00 00 00 00 00 00
00 ...wH...........
0006fc48 00 00 00 00 80 fc 06 00 - 80 fd 06 00 16 02 00
00 ................
0006fc58 00 00 00 00 00 00 00 00 - 0c fd 06 00 7c 7e e8
77 ............|~.w
0006fc68 80 fd 06 00 00 00 00 00 - 01 00 00 00 c8 55 07
00 .............U..
0006fc78 94 fd 06 00 00 00 00 00 - 70 00 00 00 70 49 07
00 ........p...pI..
0006fc88 8c 01 00 00 00 00 00 00 - 60 fc 06 00 40 fd 06
00 ........`...@...
0006fc98 40 fd 06 00 56 18 ea 77 - 38 7f e8 77 ff ff ff
ff @...V..w8..w....
0006fca8 d4 fc 06 00 52 22 db 77 - 48 00 00 00 80 fd 06
00 ....R".wH.......
0006fcb8 16 02 00 00 d0 fc 06 00 - 00 00 00 00 c8 55 07
00 .............U..
0006fcc8 80 fd 06 00 00 00 00 00 - 00 00 00 00 50 fd 06
00 ............P...
0006fcd8 f2 20 db 77 48 00 00 00 - 80 fd 06 00 16 02 00
00 . .wH...........
0006fce8 0c fd 06 00 58 49 07 00 - 00 00 00 00 00 f0 fd
7f ....XI..........
0006fcf8 8b 96 d3 77 b0 49 07 00 - 94 fd 06 00 00 00 00
00 ...w.I..........
0006fd08 3c fd 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 <...............
0006fd18 78 4f 07 00 70 49 07 00 - 98 01 00 00 70 00 65
00 xO..pI......p.e.
0006fd28 32 00 00 00 01 00 00 00 - 30 24 db 77 00 00 00
00 2.......0$.w....
0006fd38 ec fc 06 00 b0 49 07 00 - a0 ff 06 00 fb 19 db
77 .....I.........w
0006fd48 40 56 db 77 ff ff ff ff - b0 ff 06 00 43 1e db
77 @V.w........C..w
0006fd58 48 00 00 00 80 fd 06 00 - 16 02 00 00 58 49 07
00 H...........XI..
0006fd68 c0 48 07 00 00 f0 fd 7f - 00 00 00 00 64 fd 06
00 .H..........d...
State Dump for Thread Id 0x198
eax=77b33930 ebx=00000000 ecx=77b32d78 edx=00000000
esi=77f8318c edi=0043fe88
eip=77f83197 esp=0043fe74 ebp=0043fe90 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:00ebd447=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0043FE90 7619F62A 0001D8A8 00000000 000006B3 00000002
ntdll!NtDelayExecution
0043FEB8 7619D8FC 00000000 00074F84 00000000 01003000
rpcss!<nosymbols>
0043FF84 0100157B 00000001 00074F80 00000000 00074F78
rpcss!<nosymbols>
7619D74E 0000B4EC 33565300 5D8957DB 019DE8FC 358B0000
svchost!<nosymbols>
*----> Raw Stack Dump <----*
0043fe74 17 76 e8 77 00 00 00 00 - 88 fe 43 00 00 00 00
00 .v.w......C.....
0043fe84 36 ac 12 00 80 dd e0 b7 - ff ff ff ff b8 fe 43
00 6.............C.
0043fe94 2a f6 19 76 a8 d8 01 00 - 00 00 00 00 b3 06 00
00 *..v............
0043fea4 02 00 00 00 00 00 00 00 - 18 05 00 00 76 d7 10
00 ............v...
0043feb4 1e 00 14 00 84 ff 43 00 - fc d8 19 76 00 00 00
00 ......C....v....
0043fec4 84 4f 07 00 00 00 00 00 - 00 30 00 01 72 4f 41
80 .O.......0..rOA.
0043fed4 50 88 89 81 e0 51 89 81 - c4 7c 97 b7 ca 08 45
80 P....Q...|....E.
0043fee4 04 00 00 00 68 8e 57 81 - 66 41 4a 80 80 f3 06
00 ....h.W.fAJ.....
0043fef4 02 00 00 00 84 4f 07 00 - 00 00 00 00 28 49 07
00 .....O......(I..
0043ff04 00 00 00 00 01 00 00 00 - 8c 28 50 c0 7c 00 00
00 .........(P.|...
0043ff14 00 20 50 c0 00 00 00 00 - 00 00 00 00 7c 00 00
00 . P.........|...
0043ff24 01 00 00 00 00 20 50 c0 - e0 67 57 81 40 4d 57
81 ..... P..gW.@MW.
0043ff34 00 00 00 00 40 4d 57 81 - 40 32 07 00 64 7c 97
b7 ....@[email protected]|..
0043ff44 f3 da 42 80 a4 da 42 80 - d4 4b 06 80 a0 4e 57
81 ..B...B..K...NW.
0043ff54 40 4d 57 81 01 10 f4 77 - 00 20 50 c0 00 00 00
00 @MW....w. P.....
0043ff64 c5 a0 e8 77 8e 4f 07 00 - 01 00 00 00 80 00 00
00 ...w.O..........
0043ff74 ff ff ff ff 28 49 07 00 - 32 49 07 00 00 00 00
00 ....(I..2I......
0043ff84 4e d7 19 76 7b 15 00 01 - 01 00 00 00 80 4f 07
00 N..v{........O..
0043ff94 00 00 00 00 78 4f 07 00 - ec ff 43 00 78 4f 07
00 ....xO....C.xO..
0043ffa4 00 00 00 00 3e 24 db 77 - 01 00 00 00 80 4f 07
00 ....>$.w.....O..
State Dump for Thread Id 0x19c
eax=778321fe ebx=00000004 ecx=77db0260 edx=00000000
esi=77f837a7 edi=00000004
eip=77f837b2 esp=0090fd24 ebp=0090fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0138d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0090FD70 77E8A31D 0090FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0090FFB4 77E887DD 00000005 00000000 000B000A 00096100
kernel32!WaitForMultipleObjects
0090FFEC 00000000 778321FE 00096100 00000000 000000C8
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0090fd24 b7 7a e8 77 04 00 00 00 - 48 fd 90 00 01 00 00
00 .z.w....H.......
0090fd34 00 00 00 00 00 00 00 00 - 01 00 00 00 00 61 09
00 .............a..
0090fd44 01 00 00 00 08 01 00 00 - 0c 01 00 00 1c 01 00
00 ................
0090fd54 70 01 00 00 00 00 00 00 - 00 6b 4a 80 00 00 00
00 p........kJ.....
0090fd64 d4 74 5f 81 20 30 88 81 - d8 85 36 e1 b4 ff 90
00 .t_. 0....6.....
0090fd74 1d a3 e8 77 48 fd 90 00 - 01 00 00 00 00 00 00
00 ...wH...........
0090fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 04 00 00
00 .........".w....
0090fd94 b0 fe 90 00 00 00 00 00 - ff ff ff ff 00 61 09
00 .............a..
0090fda4 0a 00 0b 00 00 00 00 00 - 08 df 32 e1 0c df 32
e1 ..........2...2.
0090fdb4 e0 51 89 81 00 00 00 00 - 01 00 00 00 38 00 00
00 .Q..........8...
0090fdc4 23 00 00 00 23 00 00 00 - 00 00 00 00 0a 00 0b
00 #...#...........
0090fdd4 00 61 09 00 00 6c f8 77 - 60 02 db 77 fe 21 83
77 .a...l.w`..w.!.w
0090fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
0090fdf4 fc ff 90 00 23 00 00 00 - 8c 4f 45 80 80 7b 97
b7 ....#....OE..{..
0090fe04 28 11 57 81 28 11 57 81 - 40 00 00 00 24 7b 97
b7 (.W.(.W.@...${..
0090fe14 d0 f8 44 80 00 67 57 81 - 00 00 00 00 00 00 00
00 ..D..gW.........
0090fe24 e8 77 57 81 a6 24 49 80 - e8 77 57 81 dc 00 00
00 .wW..$I..wW.....
0090fe34 40 6a 89 81 03 00 10 00 - 28 11 57 81 40 6a 89
81 @j......(.W.@j..
0090fe44 40 11 57 81 28 11 57 81 - 2c 11 57 81 e0 51 89
81 @.W.(.W.,.W..Q..
0090fe54 40 7d 97 b7 01 00 00 00 - e0 67 57 81 01 00 00
00 @}.......gW.....
State Dump for Thread Id 0x1a4
eax=00086858 ebx=0042b198 ecx=0095fd38 edx=00086858
esi=00074928 edi=0095f898
eip=e03c3a68 esp=0095f794 ebp=00580046 iopl=0 nv
up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000212
function: <nosymbols>
e03c3a5e ???
e03c3a5f ???
e03c3a60 ???
e03c3a61 ???
e03c3a62 ???
e03c3a63 ???
e03c3a64 ???
e03c3a65 ???
e03c3a66 ???
e03c3a67 ???
FAULT ->e03c3a68 ???
e03c3a69 ???
e03c3a6a ???
e03c3a6b ???
e03c3a6c ???
e03c3a6d ???
e03c3a6e ???
e03c3a6f ???
e03c3a70 ???
e03c3a71 ???
e03c3a72 ???
e03c3a73 ???
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0095F790 0095F8A0 010013C0 00074928 90909090 90909090
<nosymbols>
00580046 00000000 00000000 00000000 00000000 00000000
<nosymbols>
*----> Raw Stack Dump <----*
0095f794 a0 f8 95 00 c0 13 00 01 - 28 49 07 00 90 90 90
90 ........(I......
0095f7a4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7b4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7c4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7d4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7e4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7f4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f804 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f814 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f824 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f834 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f844 90 90 90 eb 19 5e 31 c9 - 81 e9 89 ff ff ff 81
36 .....^1........6
0095f854 80 bf 32 94 81 ee fc ff - ff ff e2 f2 eb 05 e8
e2 ..2.............
0095f864 ff ff ff 03 53 06 1f 74 - 57 75 95 80 bf bb 92
7f ....S..tWu......
0095f874 89 5a 1a ce b1 de 7c e1 - be 32 94 09 f9 3a 6b
b6 .Z....|..2...:k.
0095f884 d7 9f 4d 85 71 da c6 81 - bf 32 1d c6 b3 5a f8
ec ..M.q....2...Z..
0095f894 bf 32 fc b3 8d 1c f0 e8 - c8 41 a6 df eb cd c2
88 .2.......A......
0095f8a4 36 74 90 7f 89 5a e6 7e - 0c 24 7c ad be 32 94
09 6t...Z.~.$|..2..
0095f8b4 f9 22 6b b6 d7 4c 4c 62 - cc da 8a 81 bf 32 1d
c6 ."k..LLb.....2..
0095f8c4 ab cd e2 84 d7 f9 79 7c - 84 da 9a 81 bf 32 1d
c6 ......y|.....2..
State Dump for Thread Id 0x1dc
eax=00000000 ebx=00007530 ecx=7ffd9000 edx=00000000
esi=000750c8 edi=00007530
eip=77f837dc esp=009afebc ebp=009afee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: ZwRemoveIoCompletion
77f837d1 b8a8000000 mov eax,0xa8
77f837d6 8d542404 lea edx,
[esp+0x4] ss:0142d48f=????????
77f837da cd2e int 2e
77f837dc c21400 ret 0x14
77f837df 53 push ebx
77f837e0 f7e1 mul ecx
77f837e2 8bd8 mov ebx,eax
77f837e4 8b442408 mov eax,
[esp+0x8] ss:0142d48f=????????
77f837e8 f7642414 mul dword ptr
[esp+0x14] ss:0142d48f=????????
77f837ec 03d8 add ebx,eax
77f837ee 8b442408 mov eax,
[esp+0x8] ss:0142d48f=????????
77f837f2 f7e1 mul ecx
77f837f4 03d3 add edx,ebx
77f837f6 5b pop ebx
77f837f7 c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
009AFEE4 77D40090 0000005C 009AFF1C 009AFF0C 009AFF14
ntdll!ZwRemoveIoCompletion
009AFF20 77D48565 00007530 009AFF60 009AFF5C 009AFF70
rpcrt4!PerformRpcInitialization
009AFF74 77D48444 77D425B9 000750C8 00000000 00000000
rpcrt4!NdrClientContextUnmarshall
009AFFA8 77D424DA 00074D38 009AFFEC 77E887DD 000802C0
rpcrt4!NdrClientContextUnmarshall
009AFFB4 77E887DD 000802C0 00000000 00000000 000802C0
rpcrt4!NdrConformantArrayMemorySize
009AFFEC 00000000 77D424C2 000802C0 00000000 2B4D4F43
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
009afebc 2e 79 e8 77 5c 00 00 00 - 0c ff 9a 00 fc fe 9a
00 .y.w\...........
009afecc dc fe 9a 00 d4 fe 9a 00 - 00 5d 1e ee ff ff ff
ff .........]......
009afedc f0 47 08 00 00 00 00 00 - 20 ff 9a 00 90 00 d4
77 .G...... ......w
009afeec 5c 00 00 00 1c ff 9a 00 - 0c ff 9a 00 14 ff 9a
00 \...............
009afefc 30 75 00 00 30 75 00 00 - c8 50 07 00 b2 73 e8
77 0u..0u...P...s.w
009aff0c 00 00 00 00 5c 00 00 00 - b0 b9 d3 77 12 10 02
c0 ....\......w....
009aff1c 00 00 00 00 74 ff 9a 00 - 65 85 d4 77 30 75 00
00 ....t...e..w0u..
009aff2c 60 ff 9a 00 5c ff 9a 00 - 70 ff 9a 00 58 ff 9a
00 `...\...p...X...
009aff3c 64 ff 9a 00 6c ff 9a 00 - c0 4c 07 00 28 8e 09
00 d...l....L..(...
009aff4c 6d 31 f8 77 5c 00 00 00 - 04 00 00 00 00 a2 2f
4d m1.w\........./M
009aff5c 12 10 02 c0 00 00 00 00 - 00 00 00 00 01 00 00
00 ................
009aff6c 00 00 00 00 5c 00 00 00 - a8 ff 9a 00 44 84 d4
77 ....\.......D..w
009aff7c b9 25 d4 77 c8 50 07 00 - 00 00 00 00 00 00 00
00 .%.w.P..........
009aff8c c0 02 08 00 00 ba 3c dc - ff ff ff ff 00 ba 3c
dc ......<.......<.
009aff9c ff ff ff ff 60 ea 00 00 - c0 02 08 00 b4 ff 9a
00 ....`...........
009affac da 24 d4 77 38 4d 07 00 - ec ff 9a 00 dd 87 e8
77 .$.w8M.........w
009affbc c0 02 08 00 00 00 00 00 - 00 00 00 00 c0 02 08
00 ................
009affcc 00 90 fd 7f 00 00 00 00 - c0 ff 9a 00 00 00 00
00 ................
009affdc ff ff ff ff 56 18 ea 77 - 88 ae e8 77 00 00 00
00 ....V..w...w....
009affec 00 00 00 00 00 00 00 00 - c2 24 d4 77 c0 02 08
00 .........$.w....
State Dump for Thread Id 0x48c
eax=00070110 ebx=00320008 ecx=00000084 edx=00000000
esi=00079530 edi=00000100
eip=77f83bb8 esp=00a3fe28 ebp=00a3ff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:014bd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00A3FF74 77D420D9 77D42528 00079530 00000000 000D4740
ntdll!NtReplyWaitReceivePortEx
00A3FFA8 77D424DA 00099F30 00A3FFEC 77E887DD 00099F58
rpcrt4!NdrConformantArrayMemorySize
00A3FFB4 77E887DD 00099F58 00000000 000D4740 00099F58
rpcrt4!NdrConformantArrayMemorySize
00A3FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x400
eax=00abfec0 ebx=001407de ecx=000000fa edx=00000000
esi=77f8318c edi=00abff88
eip=77f83197 esp=00abff74 ebp=00abff90 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0153d547=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00ABFF90 761A5902 0001D8A8 00000000 77D37D12 00077ED0
ntdll!NtDelayExecution
00ABFFB4 77E887DD 00000000 77D37D12 00077ED0 00000000
rpcss!<nosymbols>
00ABFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x510
eax=000a9000 ebx=001407de ecx=00aff640 edx=00000000
esi=77f8318c edi=00afff88
eip=77f83197 esp=00afff74 ebp=00afff90 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0157d547=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00AFFF90 761A5902 0001D8A8 00000000 77D37D12 00077ED0
ntdll!NtDelayExecution
00AFFFB4 77E887DD 00000000 77D37D12 00077ED0 00000000
rpcss!<nosymbols>
00AFFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x410
eax=00b3f764 ebx=77f8316d ecx=00467a58 edx=00000000
esi=000a6980 edi=00074cc0
eip=77f83197 esp=00b3ff78 ebp=00b3ffa8 iopl=0 nv
up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000286
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:015bd54b=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00B3FFA8 77D424DA 00074D38 00B3FFEC 77E887DD 0008E010
ntdll!NtDelayExecution
00B3FFB4 77E887DD 0008E010 77D339FF 000A1368 0008E010
rpcrt4!NdrConformantArrayMemorySize
00B3FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
Application exception occurred:
App: svchost.exe (pid=396)
When: 10/1/2003 @ 12:17:02.984
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: SYSTEM
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
572 regsvc.exe
592 mstask.exe
608 stisvc.exe
684 WinMgmt.exe
704 mspmspsv.exe
716 svchost.exe
1032 explorer.exe
1128 igfxtray.exe
1152 hkcmd.exe
1212 vptray.exe
1256 FINDFAST.exe
1268 OSA.exe
1292 ipmsg2.02.exe
744 EXTRA.exe
1372 aomdemon.exe
1316 DLLHOST.exe
1008 msdtc.exe
1220 wmplayer.exe
1512 DRWTSN32.exe
0 _Total.exe
(01000000 - 01005000)
(77F80000 - 77FFB000)
(77DB0000 - 77E0D000)
(77E80000 - 77F36000)
(77D30000 - 77DA1000)
(77A50000 - 77B45000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(76190000 - 761CD000)
(78000000 - 78046000)
(77C10000 - 77C6E000)
(75030000 - 75043000)
(75020000 - 75028000)
(77BE0000 - 77BEF000)
(74FF0000 - 75002000)
(77980000 - 779A4000)
(75050000 - 75058000)
(74FD0000 - 74FED000)
(75010000 - 75017000)
(782C0000 - 782CC000)
(77340000 - 77353000)
(77520000 - 77525000)
(77320000 - 77337000)
(75150000 - 75160000)
(75170000 - 751BF000)
(751C0000 - 751C6000)
(77950000 - 7797A000)
(779B0000 - 77A4B000)
(773B0000 - 773DE000)
(77380000 - 773A2000)
(77830000 - 7783E000)
(77880000 - 7790D000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(71710000 - 71794000)
(70BD0000 - 70C35000)
(77360000 - 77379000)
(777E0000 - 777E8000)
(777F0000 - 777F5000)
(775A0000 - 77625000)
(782D0000 - 782EE000)
State Dump for Thread Id 0x188
eax=00000004 ebx=00000000 ecx=00000000 edx=00000000
esi=00000000 edi=00000048
eip=77f839eb esp=0006fc38 ebp=0006fca8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtReadFile
77f839e0 b8a1000000 mov eax,0xa1
77f839e5 8d542404 lea edx,
[esp+0x4] ss:00aed20b=????????
77f839e9 cd2e int 2e
77f839eb c22400 ret 0x24
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006FCA8 77DB2252 00000048 0006FD80 00000216 0006FCD0
ntdll!NtReadFile
0006FCD4 77DB20F2 00000048 0006FD80 00000216 0006FD0C
advapi32!StartServiceCtrlDispatcherW
0006FD50 77DB1E43 00000048 0006FD80 00000216 00074958
advapi32!StartServiceCtrlDispatcherW
0006FFB0 0100113D 00074958 00720065 004E0000 77E9CA90
advapi32!StartServiceCtrlDispatcherW
0006FFF0 00000000 010010B8 00000000 000000C8 00000100
svchost!<nosymbols>
*----> Raw Stack Dump <----*
0006fc38 07 7f e8 77 48 00 00 00 - 00 00 00 00 00 00 00
00 ...wH...........
0006fc48 00 00 00 00 80 fc 06 00 - 80 fd 06 00 16 02 00
00 ................
0006fc58 00 00 00 00 00 00 00 00 - 0c fd 06 00 7c 7e e8
77 ............|~.w
0006fc68 80 fd 06 00 00 00 00 00 - 01 00 00 00 c8 55 07
00 .............U..
0006fc78 94 fd 06 00 00 00 00 00 - 70 00 00 00 70 49 07
00 ........p...pI..
0006fc88 8c 01 00 00 00 00 00 00 - 60 fc 06 00 40 fd 06
00 ........`...@...
0006fc98 40 fd 06 00 56 18 ea 77 - 38 7f e8 77 ff ff ff
ff @...V..w8..w....
0006fca8 d4 fc 06 00 52 22 db 77 - 48 00 00 00 80 fd 06
00 ....R".wH.......
0006fcb8 16 02 00 00 d0 fc 06 00 - 00 00 00 00 c8 55 07
00 .............U..
0006fcc8 80 fd 06 00 00 00 00 00 - 00 00 00 00 50 fd 06
00 ............P...
0006fcd8 f2 20 db 77 48 00 00 00 - 80 fd 06 00 16 02 00
00 . .wH...........
0006fce8 0c fd 06 00 58 49 07 00 - 00 00 00 00 00 f0 fd
7f ....XI..........
0006fcf8 8b 96 d3 77 b0 49 07 00 - 94 fd 06 00 00 00 00
00 ...w.I..........
0006fd08 3c fd 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 <...............
0006fd18 78 4f 07 00 70 49 07 00 - 84 01 00 00 70 00 65
00 xO..pI......p.e.
0006fd28 32 00 00 00 01 00 00 00 - 30 24 db 77 00 00 00
00 2.......0$.w....
0006fd38 ec fc 06 00 b0 49 07 00 - a0 ff 06 00 fb 19 db
77 .....I.........w
0006fd48 40 56 db 77 ff ff ff ff - b0 ff 06 00 43 1e db
77 @V.w........C..w
0006fd58 48 00 00 00 80 fd 06 00 - 16 02 00 00 58 49 07
00 H...........XI..
0006fd68 c0 48 07 00 00 f0 fd 7f - 00 00 00 00 64 fd 06
00 .H..........d...
State Dump for Thread Id 0x184
eax=77b33930 ebx=00000000 ecx=77b32d78 edx=00000000
esi=77f8318c edi=0043fe88
eip=77f83197 esp=0043fe74 ebp=0043fe90 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:00ebd447=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0043FE90 7619F62A 0001D8A8 00000000 000006B3 00000002
ntdll!NtDelayExecution
0043FEB8 7619D8FC 00000000 00074F84 00000000 01003000
rpcss!<nosymbols>
0043FF84 0100157B 00000001 00074F80 00000000 00074F78
rpcss!<nosymbols>
7619D74E 0000B4EC 33565300 5D8957DB 019DE8FC 358B0000
svchost!<nosymbols>
*----> Raw Stack Dump <----*
0043fe74 17 76 e8 77 00 00 00 00 - 88 fe 43 00 00 00 00
00 .v.w......C.....
0043fe84 b7 1d 9b 00 80 dd e0 b7 - ff ff ff ff b8 fe 43
00 ..............C.
0043fe94 2a f6 19 76 a8 d8 01 00 - 00 00 00 00 b3 06 00
00 *..v............
0043fea4 02 00 00 00 00 00 00 00 - 94 05 00 00 f7 48 99
00 .............H..
0043feb4 d7 32 9e 00 84 ff 43 00 - fc d8 19 76 00 00 00
00 .2....C....v....
0043fec4 84 4f 07 00 00 00 00 00 - 00 30 00 01 72 4f 41
80 .O.......0..rOA.
0043fed4 50 88 89 81 e0 51 89 81 - c4 fc 97 b7 ca 08 45
80 P....Q........E.
0043fee4 04 00 00 00 08 a0 57 81 - 66 41 4a 80 80 f3 06
00 ......W.fAJ.....
0043fef4 02 00 00 00 84 4f 07 00 - 00 00 00 00 28 49 07
00 .....O......(I..
0043ff04 00 00 00 00 01 00 00 00 - 8c 28 50 c0 7c 00 00
00 .........(P.|...
0043ff14 00 20 50 c0 00 00 00 00 - 00 00 00 00 7c 00 00
00 . P.........|...
0043ff24 01 00 00 00 00 20 50 c0 - 60 8c 57 81 80 71 57
81 ..... P.`.W..qW.
0043ff34 00 00 00 00 80 71 57 81 - 40 32 07 00 64 fc 97
b7 [email protected]...
0043ff44 f3 da 42 80 a4 da 42 80 - d4 4b 06 80 e0 72 57
81 ..B...B..K...rW.
0043ff54 80 71 57 81 01 10 f4 77 - 00 20 50 c0 00 00 00
00 .qW....w. P.....
0043ff64 c5 a0 e8 77 8e 4f 07 00 - 01 00 00 00 80 00 00
00 ...w.O..........
0043ff74 ff ff ff ff 28 49 07 00 - 32 49 07 00 00 00 00
00 ....(I..2I......
0043ff84 4e d7 19 76 7b 15 00 01 - 01 00 00 00 80 4f 07
00 N..v{........O..
0043ff94 00 00 00 00 78 4f 07 00 - ec ff 43 00 78 4f 07
00 ....xO....C.xO..
0043ffa4 00 00 00 00 3e 24 db 77 - 01 00 00 00 80 4f 07
00 ....>$.w.....O..
State Dump for Thread Id 0x19c
eax=778321fe ebx=00000004 ecx=77db0260 edx=00000000
esi=77f837a7 edi=00000004
eip=77f837b2 esp=0090fd24 ebp=0090fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0138d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0090FD70 77E8A31D 0090FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0090FFB4 77E887DD 00000005 00000000 000B000A 00096100
kernel32!WaitForMultipleObjects
0090FFEC 00000000 778321FE 00096100 00000000 000000C8
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0090fd24 b7 7a e8 77 04 00 00 00 - 48 fd 90 00 01 00 00
00 .z.w....H.......
0090fd34 00 00 00 00 00 00 00 00 - 01 00 00 00 00 61 09
00 .............a..
0090fd44 01 00 00 00 08 01 00 00 - 0c 01 00 00 1c 01 00
00 ................
0090fd54 70 01 00 00 00 00 00 00 - 00 6b 4a 80 00 00 00
00 p........kJ.....
0090fd64 74 06 61 81 20 30 88 81 - d8 85 36 e1 b4 ff 90
00 t.a. 0....6.....
0090fd74 1d a3 e8 77 48 fd 90 00 - 01 00 00 00 00 00 00
00 ...wH...........
0090fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 04 00 00
00 .........".w....
0090fd94 b0 fe 90 00 00 00 00 00 - ff ff ff ff 00 61 09
00 .............a..
0090fda4 0a 00 0b 00 00 00 00 00 - 68 ca 32 e1 6c ca 32
e1 ........h.2.l.2.
0090fdb4 e0 51 89 81 00 00 00 00 - 01 00 00 00 38 00 00
00 .Q..........8...
0090fdc4 23 00 00 00 23 00 00 00 - 00 00 00 00 0a 00 0b
00 #...#...........
0090fdd4 00 61 09 00 00 6c f8 77 - 60 02 db 77 fe 21 83
77 .a...l.w`..w.!.w
0090fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
0090fdf4 fc ff 90 00 23 00 00 00 - 8c 4f 45 80 80 fb 97
b7 ....#....OE.....
0090fe04 08 37 57 81 08 37 57 81 - 40 00 00 00 24 fb 97
b7 .7W..7W.@...$...
0090fe14 d0 f8 44 80 00 8c 57 81 - 00 00 00 00 00 00 00
00 ..D...W.........
0090fe24 08 9c 57 81 a6 24 49 80 - 08 9c 57 81 dc 00 00
00 ..W..$I...W.....
0090fe34 40 6a 89 81 03 00 10 00 - 08 37 57 81 40 6a 89
81 @j.......7W.@j..
0090fe44 20 37 57 81 08 37 57 81 - 0c 37 57 81 e0 51 89
81 7W..7W..7W..Q..
0090fe54 40 fd 97 b7 01 00 00 00 - 60 8c 57 81 01 00 00
00 @.......`.W.....
State Dump for Thread Id 0x1a4
eax=000bb8b0 ebx=004601f0 ecx=0095fd38 edx=000bb8b0
esi=00074928 edi=0095f898
eip=e03c3a68 esp=0095f794 ebp=00580046 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
e03c3a5e ???
e03c3a5f ???
e03c3a60 ???
e03c3a61 ???
e03c3a62 ???
e03c3a63 ???
e03c3a64 ???
e03c3a65 ???
e03c3a66 ???
e03c3a67 ???
FAULT ->e03c3a68 ???
e03c3a69 ???
e03c3a6a ???
e03c3a6b ???
e03c3a6c ???
e03c3a6d ???
e03c3a6e ???
e03c3a6f ???
e03c3a70 ???
e03c3a71 ???
e03c3a72 ???
e03c3a73 ???
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0095F790 0095F8A0 010013C0 00074928 90909090 90909090
<nosymbols>
00580046 00000000 00000000 00000000 00000000 00000000
<nosymbols>
*----> Raw Stack Dump <----*
0095f794 a0 f8 95 00 c0 13 00 01 - 28 49 07 00 90 90 90
90 ........(I......
0095f7a4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7b4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7c4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7d4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7e4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f7f4 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f804 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f814 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f824 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f834 90 90 90 90 90 90 90 90 - 90 90 90 90 90 90 90
90 ................
0095f844 90 90 90 eb 19 5e 31 c9 - 81 e9 89 ff ff ff 81
36 .....^1........6
0095f854 80 bf 32 94 81 ee fc ff - ff ff e2 f2 eb 05 e8
e2 ..2.............
0095f864 ff ff ff 03 53 06 1f 74 - 57 75 95 80 bf bb 92
7f ....S..tWu......
0095f874 89 5a 1a ce b1 de 7c e1 - be 32 94 09 f9 3a 6b
b6 .Z....|..2...:k.
0095f884 d7 9f 4d 85 71 da c6 81 - bf 32 1d c6 b3 5a f8
ec ..M.q....2...Z..
0095f894 bf 32 fc b3 8d 1c f0 e8 - c8 41 a6 df eb cd c2
88 .2.......A......
0095f8a4 36 74 90 7f 89 5a e6 7e - 0c 24 7c ad be 32 94
09 6t...Z.~.$|..2..
0095f8b4 f9 22 6b b6 d7 4c 4c 62 - cc da 8a 81 bf 32 1d
c6 ."k..LLb.....2..
0095f8c4 ab cd e2 84 d7 f9 79 7c - 84 da 9a 81 bf 32 1d
c6 ......y|.....2..
State Dump for Thread Id 0x1dc
eax=00469c90 ebx=002d0003 ecx=009af8bc edx=00000000
esi=00079530 edi=00000100
eip=77f83bb8 esp=009afe28 ebp=009aff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:0142d3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
009AFF74 77D420D9 77D425B9 00079530 00000000 00000000
ntdll!NtReplyWaitReceivePortEx
009AFFA8 77D424DA 00074D38 009AFFEC 77E887DD 000802C0
rpcrt4!NdrConformantArrayMemorySize
009AFFB4 77E887DD 000802C0 00000000 00000000 000802C0
rpcrt4!NdrConformantArrayMemorySize
009AFFEC 00000000 77D424C2 000802C0 00000000 2B4D4F43
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
009afe28 85 22 d4 77 a0 00 00 00 - 54 ff 9a 00 00 00 00
00 .".w....T.......
009afe38 d0 60 0a 00 58 ff 9a 00 - c0 4c 07 00 28 8e 09
00 .`..X....L..(...
009afe48 6d 31 f8 77 b4 3b 95 b7 - 28 00 40 00 00 00 00
00 m1.w.;..(.@.....
009afe58 f8 05 00 00 e4 05 00 00 - bc 52 00 00 00 00 00
00 .........R......
009afe68 02 87 01 00 00 00 00 00 - 00 00 00 00 b4 3b 95
b7 .............;..
009afe78 77 14 45 80 01 00 00 00 - e0 51 89 81 7a 00 00
00 w.E......Q..z...
009afe88 00 00 00 00 00 00 00 00 - 14 00 00 00 38 00 00
00 ............8...
009afe98 54 0c 00 00 5f 9c ab 2c - 55 0c 00 00 5f 9c ab
2c T..._..,U..._..,
009afea8 56 0c 00 00 5f 9c ab 2c - 57 0c 00 00 5f 9c ab
2c V..._..,W..._..,
009afeb8 58 0c 00 00 5f 9c ab 2c - 59 0c 00 00 5f 9c ab
2c X..._..,Y..._..,
009afec8 5a 0c 00 00 5f 9c ab 2c - 5b 0c 00 00 5f 9c ab
2c Z..._..,[..._..,
009afed8 5c 0c 00 00 5f 9c ab 2c - 5d 0c 00 00 5f 9c ab
2c \..._..,]..._..,
009afee8 5e 0c 00 00 5f 9c ab 2c - 5f 0c 00 00 5f 9c ab
2c ^..._..,_..._..,
009afef8 60 0c 00 00 5f 9c ab 2c - 61 0c 00 00 5f 9c ab
2c `..._..,a..._..,
009aff08 62 0c 00 00 5f 9c ab 2c - 63 0c 00 00 5f 9c ab
2c b..._..,c..._..,
009aff18 64 0c 00 00 5f 9c ab 2c - 65 0c 00 00 5f 9c ab
2c d..._..,e..._..,
009aff28 66 0c 00 00 5f 9c ab 2c - 67 0c 00 00 5f 9c ab
2c f..._..,g..._..,
009aff38 14 00 00 00 00 00 00 00 - 64 3c 95 b7 f3 da 42
80 ........d<....B.
009aff48 a4 da 42 80 d4 4b 06 80 - c0 7e 56 81 03 00 2d
00 ..B..K...~V...-.
009aff58 00 a2 2f 4d ff ff ff ff - 50 fe 9a 00 ff ff ff
ff ../M....P.......
State Dump for Thread Id 0x418
eax=00000000 ebx=009a8957 ecx=00461edc edx=00000000
esi=77f8318c edi=00abff88
eip=77f83197 esp=00abff74 ebp=00abff90 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0153d547=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00ABFF90 761A5902 00018C1F 00000000 77D37D12 00077ED0
ntdll!NtDelayExecution
00ABFFB4 77E887DD 00000000 77D37D12 00077ED0 00000000
rpcss!<nosymbols>
00ABFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x54c
eax=761a5824 ebx=009a8957 ecx=00077ed0 edx=00000000
esi=77f8318c edi=00c4ff88
eip=77f83197 esp=00c4ff74 ebp=00c4ff90 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:016cd547=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF90 761A5902 00018C1F 00000000 77D37D12 00077ED0
ntdll!NtDelayExecution
00C4FFB4 77E887DD 00000000 77D37D12 00077ED0 00000000
rpcss!<nosymbols>
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x2a4
eax=00000000 ebx=000493e0 ecx=7ffd6000 edx=00000000
esi=000750c8 edi=000493e0
eip=77f837dc esp=00d0febc ebp=00d0fee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: ZwRemoveIoCompletion
77f837d1 b8a8000000 mov eax,0xa8
77f837d6 8d542404 lea edx,
[esp+0x4] ss:0178d48f=????????
77f837da cd2e int 2e
77f837dc c21400 ret 0x14
77f837df 53 push ebx
77f837e0 f7e1 mul ecx
77f837e2 8bd8 mov ebx,eax
77f837e4 8b442408 mov eax,
[esp+0x8] ss:0178d48f=????????
77f837e8 f7642414 mul dword ptr
[esp+0x14] ss:0178d48f=????????
77f837ec 03d8 add ebx,eax
77f837ee 8b442408 mov eax,
[esp+0x8] ss:0178d48f=????????
77f837f2 f7e1 mul ecx
77f837f4 03d3 add edx,ebx
77f837f6 5b pop ebx
77f837f7 c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D0FEE4 77D40090 0000005C 00D0FF1C 00D0FF0C 00D0FF14
ntdll!ZwRemoveIoCompletion
00D0FF20 77D48565 000493E0 00D0FF60 00D0FF5C 00D0FF70
rpcrt4!PerformRpcInitialization
00D0FF74 77D48444 77D42528 000750C8 0007A128 74FE9380
rpcrt4!NdrClientContextUnmarshall
00D0FFA8 77D424DA 00079708 00D0FFEC 77E887DD 00079730
rpcrt4!NdrClientContextUnmarshall
00D0FFB4 77E887DD 00079730 0007A128 74FE9380 00079730
rpcrt4!NdrConformantArrayMemorySize
00D0FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x10c
eax=77d424c2 ebx=00320008 ecx=761a2dca edx=00000000
esi=00079530 edi=00000100
eip=77f83bb8 esp=00d4fe28 ebp=00d4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:017cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D4FF74 77D420D9 77D42528 00079530 77D339FF 000B20B8
ntdll!NtReplyWaitReceivePortEx
00D4FFA8 77D424DA 000AA870 00D4FFEC 77E887DD 000BC1E0
rpcrt4!NdrConformantArrayMemorySize
00D4FFB4 77E887DD 000BC1E0 77D339FF 000B20B8 000BC1E0
rpcrt4!NdrConformantArrayMemorySize
00D4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x594
eax=77d424c2 ebx=000aa6f8 ecx=761a2dca edx=00000000
esi=00079530 edi=00000100
eip=77f83bb8 esp=00d8fe28 ebp=00d8ff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:0180d3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D8FF74 77D420D9 77D42528 00079530 77D339FF 000B20B8
ntdll!NtReplyWaitReceivePortEx
00D8FFA8 77D424DA 000A7800 00D8FFEC 77E887DD 000AA6F8
rpcrt4!NdrConformantArrayMemorySize
00D8FFB4 77E887DD 000AA6F8 77D339FF 000B20B8 000AA6F8
rpcrt4!NdrConformantArrayMemorySize
00D8FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
Application exception occurred:
App: rundll32.exe (pid=1108)
When: 10/14/2003 @ 14:39:03.984
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
576 regsvc.exe
600 mstask.exe
628 stisvc.exe
688 WinMgmt.exe
712 mspmspsv.exe
724 svchost.exe
1052 explorer.exe
1152 igfxtray.exe
1180 hkcmd.exe
1228 vptray.exe
1284 FINDFAST.exe
1304 OSA.exe
1376 ipmsg2.02.exe
1012 wmplayer.exe
1044 telnet.exe
1108 rundll32.exe
260 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77D9E000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B3C000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(66D20000 - 66D51000)
(773E0000 - 773F5000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(75030000 - 75043000)
(75020000 - 75028000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(10000000 - 10017000)
State Dump for Thread Id 0x4f8
eax=003bee30 ebx=01402020 ecx=a036eed8 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 00084520 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 0022011E 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 0022011E 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A3B0 0022011E 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 0022011E 01000000 0007A280 00000454
shell32!SHFileOperationA
0006FF18 010016EB 0022011E 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 10 4a 09 00 - dc e5 06 00 f8 b2 74
71 .....J........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 1c 4b 09 00 10 4a 09 00 - 90 f2 07 00 c2 00 16
00 .K...J..........
0006e5a0 0f 00 00 00 00 00 00 00 - 00 00 00 00 d8 81 41
01 ..............A.
0006e5b0 4a 02 00 00 b7 01 00 00 - fe 00 00 00 00 00 00
00 J...............
0006e5c0 00 00 00 00 ff ff ff ff - 44 01 27 00 38 a4 77
71 ........D.'.8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - 1e 01 22 00 f4 e5 06
00 ./wq......".....
0006e5e0 17 b5 74 71 20 45 08 00 - 00 00 00 00 00 00 00
00 ..tq E..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 80 a2 07 00 1e 01 22 00 - 20 a3 07 00 00 00 00
00 ......". .......
0006e620 87 03 01 a2 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 7c 06 01 28 20 00 00 00 - 40 00 00 00 78 01 07
00 |..( [email protected]...
0006e690 78 01 07 00 78 01 07 00 - 78 01 07 00 30 00 00
00 x...x...x...0...
State Dump for Thread Id 0x4b8
eax=00000120 ebx=0007f058 ecx=0007d268 edx=00000000
esi=0007d268 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D56D9E 77D39A00 0007D268 400847B0 00000070
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D41C6C 0007E378 00C4FFEC 77E887DD 0007F058
rpcrt4!TowerConstruct
00C4FFB4 77E887DD 0007F058 400847B0 00000070 0007F058
rpcrt4!I_RpcServerInqTransportType
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x334
eax=77ab4639 ebx=00000102 ecx=0007e8c8 edx=00000000
esi=77f8318c edi=00c8ff74
eip=77f83197 esp=00c8ff60 ebp=00c8ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0170d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C8FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
*----> Raw Stack Dump <----*
00c8ff60 17 76 e8 77 00 00 00 00 - 74 ff c8 00 b5 77 e8
77 .v.w....t....w.w
00c8ff70 f0 54 09 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 .T....<.....0u..
00c8ff80 eb 75 e8 77 60 ea 00 00 - 00 00 00 00 fc 85 ab
77 .u.w`..........w
00c8ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5
77 `....F.w.......w
00c8ffa0 f0 54 09 00 ec ff c8 00 - f0 54 09 00 53 46 ab
77 .T.......T..SF.w
00c8ffb0 d8 7a a6 77 c3 7a a6 77 - dd 87 e8 77 f0 54 09
00 .z.w.z.w...w.T..
00c8ffc0 d8 7a a6 77 c3 7a a6 77 - f0 54 09 00 00 c0 fd
7f .z.w.z.w.T......
00c8ffd0 c8 e8 07 00 c0 ff c8 00 - c8 e8 07 00 ff ff ff
ff ................
00c8ffe0 56 18 ea 77 88 ae e8 77 - 00 00 00 00 00 00 00
00 V..w...w........
00c8fff0 00 00 00 00 39 46 ab 77 - f0 54 09 00 00 00 00
00 ....9F.w.T......
00c90000 00 00 00 00 9f 00 13 00 - 10 00 90 01 17 00 b0
01 ................
00c90010 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90020 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90030 00 00 00 00 01 00 00 00 - 0d 02 01 01 00 00 00
00 ................
00c90040 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00
00 ................
00c90050 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90060 00 00 00 00 1f 00 89 01 - 00 00 00 00 ff ff ff
ff ................
00c90070 ff ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90080 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90090 21 00 8a 01 00 00 00 40 - 06 00 00 00 00 00 00
00 !......@........
State Dump for Thread Id 0x198
eax=00000000 ebx=00000002 ecx=7ffdb000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d3fe5c ebp=00d3fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017bd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3FEA8 77E12A00 00D3FE80 00000001 00000000 00D3FEA0
ntdll!NtWaitForMultipleObjects
00D3FF04 77E12A77 00D3FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D3FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D3FF74 70C1AB1B 00D3FFA0 00D3FFA4 00D3FFA8 00D3FF9C !
Ordinal265
00D3FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D3FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x558
eax=00d7f27c ebx=00d7f26c ecx=00000002 edx=000d4f48
esi=00000000 edi=000d4f48
eip=70dcf39f esp=00d7f214 ebp=00d7f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:017fc7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:017fc84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000d4f48=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:017fc7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000d4f48=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:017fc7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:00d7f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:017fc7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:017fc7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:017fc84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:017fc84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D7F224 702BE5B6 000B4C5C 0000000E 00D7F27C 000D4F48 !
DllGetClassObject
00D7F248 10001B67 00088BD8 0000000E 00D7F27C 00000001 !
RegisterFormatEnumerator
00D7F2C0 702B6223 00000000 000B9858 00088D78 00000000 !
<nosymbols>
00D7F2E8 702D1A5A 00088BD0 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
00D7F318 702BA988 00088BD0 00000016 000B9858 702BA95D !
DllGetClassObject
00D7F354 702C59C3 00000016 00D7F5C0 00000000 000D6A00 !
CoInternetQueryInfo
00D7F7D0 702BB3AF 00000000 000D6A00 000D6A10 702BB372 !
FindMediaTypeClass
00D7F7FC 702B8EF8 00000000 000D24D8 00088BD0 00088BD8 !
IsAsyncMoniker
00D7F824 702B7DA6 00088D78 000D24D8 00088BD0 00088BD8 !
FindMediaType
00D7F86C 70D495F1 00088BD0 000D24D8 000B4C7C 00000000 !
CreateAsyncBindCtxEx
00D7FAC0 70D4943E 000D24D8 873F0000 00D7FBE4 01051EE0 !
DllGetClassObject
00D7FADC 70D493A1 00D7FBE4 01051EF4 873F0000 01051EE0 !
DllGetClassObject
00D7FB00 70D4E77C 00D7FBE4 01051C40 00001FDD 873F0000 !
DllGetClassObject
00D7FB50 70D4AB9F 01051690 01051C40 00000000 00000000 !
DllGetClassObject
00D7FB74 70D4AAC1 01051DC0 00000001 00000000 00D7FBE4 !
DllGetClassObject
00D7FBCC 70D50AF3 01051DC0 00000000 10000000 000D7590 !
DllGetClassObject
00D7FCE4 00000000 00400000 01051360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
00d7f214 00 00 00 00 7c f2 d7 00 - 7c 8d 08 00 00 00 00
00 ....|...|.......
00d7f224 48 f2 d7 00 b6 e5 2b 70 - 5c 4c 0b 00 0e 00 00
00 H.....+p\L......
00d7f234 7c f2 d7 00 48 4f 0d 00 - 6c f2 d7 00 00 00 00
00 |...HO..l.......
00d7f244 4c 00 6f 01 c0 f2 d7 00 - 67 1b 00 10 d8 8b 08
00 L.o.....g.......
00d7f254 0e 00 00 00 7c f2 d7 00 - 01 00 00 00 6c f2 d7
00 ....|.......l...
00d7f264 d8 8b 08 00 0d 30 2c 70 - 00 00 00 00 58 98 0b
00 .....0,p....X...
00d7f274 7c 8d 08 00 d8 8b 08 00 - 06 00 00 00 90 f2 d7
00 |...............
00d7f284 7c 8d 08 00 00 00 00 00 - d0 8b 08 00 14 00 00
00 |...............
00d7f294 00 00 00 00 78 8d 08 00 - 00 00 00 00 00 00 00
00 ....x...........
00d7f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
00d7f2b4 50 00 6f 01 60 70 0d 00 - 4c 00 6f 01 e8 f2 d7
00 P.o.`p..L.o.....
00d7f2c4 23 62 2b 70 00 00 00 00 - 58 98 0b 00 78 8d 08
00 #b+p....X...x...
00d7f2d4 00 00 00 00 00 00 00 00 - d0 8b 08 00 00 00 00
00 ................
00d7f2e4 00 00 00 00 18 f3 d7 00 - 5a 1a 2d 70 d0 8b 08
00 ........Z.-p....
00d7f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00d7f304 58 98 0b 00 00 00 00 00 - 00 00 00 00 bc 6a 0d
00 X............j..
00d7f314 00 6a 0d 00 54 f3 d7 00 - 88 a9 2b 70 d0 8b 08
00 .j..T.....+p....
00d7f324 16 00 00 00 58 98 0b 00 - 5d a9 2b 70 b8 6f 0d
00 ....X...].+p.o..
00d7f334 16 00 00 00 58 98 0b 00 - 04 01 00 00 00 6a 0d
00 ....X........j..
00d7f344 00 00 00 00 01 00 00 00 - 05 40 00 80 58 98 0b
00 [email protected]...
State Dump for Thread Id 0x424
eax=778321fe ebx=00000003 ecx=7ffda000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=0168fd24 ebp=0168fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0210d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0168FD70 77E8A31D 0168FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0168FFB4 77E887DD 00000004 000D46EC 7FFDA000 000D46F8
kernel32!WaitForMultipleObjects
0168FFEC 00000000 778321FE 000D46F8 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0168fd24 b7 7a e8 77 03 00 00 00 - 48 fd 68 01 01 00 00
00 .z.w....H.h.....
0168fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 f8 46 0d
00 .............F..
0168fd44 01 00 00 00 04 02 00 00 - 08 02 00 00 18 02 00
00 ................
0168fd54 00 00 00 00 00 00 00 00 - 08 d0 3b 81 60 27 37
81 ..........;.`'7.
0168fd64 08 d0 3b 81 00 00 00 00 - 03 00 00 00 b4 ff 68
01 ..;...........h.
0168fd74 1d a3 e8 77 48 fd 68 01 - 01 00 00 00 00 00 00
00 ...wH.h.........
0168fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
0168fd94 b0 fe 68 01 00 00 00 00 - ff ff ff ff f8 46 0d
00 ..h..........F..
0168fda4 00 a0 fd 7f ec 46 0d 00 - 80 ce 4e 81 00 00 00
00 .....F....N.....
0168fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
0168fdc4 23 00 00 00 23 00 00 00 - ec 46 0d 00 00 a0 fd
7f #...#....F......
0168fdd4 f8 46 0d 00 00 a0 fd 7f - 00 a0 fd 7f fe 21 83
77 .F...........!.w
0168fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
0168fdf4 fc ff 68 01 23 00 00 00 - 8c 4f 45 80 80 bb 0c
b7 ..h.#....OE.....
0168fe04 a8 2b 63 81 a8 2b 63 81 - 40 00 00 00 24 bb 0c
b7 .+c..+c.@...$...
0168fe14 d0 f8 44 80 00 d0 50 81 - 00 00 00 00 00 00 00
00 ..D...P.........
0168fe24 28 fd 48 81 a6 24 49 80 - 28 fd 48 81 74 01 00
00 (.H..$I.(.H.t...
0168fe34 40 6a 89 81 03 00 10 00 - a8 2b 63 81 40 6a 89
81 @j.......+c.@j..
0168fe44 c0 2b 63 81 a8 2b 63 81 - ac 2b 63 81 00 00 00
00 .+c..+c..+c.....
0168fe54 00 00 00 00 00 00 00 00 - ac 2b 63 81 00 00 00
00 .........+c.....
Application exception occurred:
App: rundll32.exe (pid=1368)
When: 10/14/2003 @ 14:39:40.125
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
576 regsvc.exe
600 mstask.exe
628 stisvc.exe
688 WinMgmt.exe
712 mspmspsv.exe
724 svchost.exe
1052 explorer.exe
1152 igfxtray.exe
1180 hkcmd.exe
1228 vptray.exe
1284 FINDFAST.exe
1304 OSA.exe
1376 ipmsg2.02.exe
1012 wmplayer.exe
1044 telnet.exe
1368 rundll32.exe
260 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77D9E000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B3C000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(76B30000 - 76B6D000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(75030000 - 75043000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(71000000 - 71149000)
(71F00000 - 71F4D000)
(77570000 - 775A0000)
(6A8F0000 - 6A910000)
(74870000 - 74886000)
(77410000 - 77423000)
(70020000 - 70025000)
(66D20000 - 66D51000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(10000000 - 10017000)
State Dump for Thread Id 0x454
eax=00081684 ebx=01402020 ecx=7117cff8 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 00084520 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 002D0122 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 002D0122 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A3B0 002D0122 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 002D0122 01000000 0007A280 00000558
shell32!SHFileOperationA
0006FF18 010016EB 002D0122 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 10 4a 09 00 - dc e5 06 00 f8 b2 74
71 .....J........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 1c 4b 09 00 10 4a 09 00 - 90 f2 07 00 fc 00 15
00 .K...J..........
0006e5a0 00 02 00 00 00 00 00 00 - 87 00 8b 00 45 14 42
01 ............E.B.
0006e5b0 8d 01 00 00 63 01 00 00 - fe 00 00 00 00 00 00
00 ....c...........
0006e5c0 00 00 00 00 ff ff ff ff - 42 01 33 00 38 a4 77
71 ........B.3.8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - 22 01 2d 00 f4 e5 06
00 ./wq....".-.....
0006e5e0 17 b5 74 71 20 45 08 00 - 00 00 00 00 00 00 00
00 ..tq E..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 80 a2 07 00 22 01 2d 00 - 20 a3 07 00 00 00 00
00 ....".-. .......
0006e620 b3 03 01 b0 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 7c 06 01 28 20 00 00 00 - 40 00 00 00 78 01 07
00 |..( [email protected]...
0006e690 78 01 07 00 78 01 07 00 - 78 01 07 00 30 00 00
00 x...x...x...0...
State Dump for Thread Id 0x1b8
eax=00000120 ebx=0007f058 ecx=0007d268 edx=00000000
esi=0007d268 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D56D9E 77D39A00 0007D268 400847B0 00000070
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D41C6C 0007E378 00C4FFEC 77E887DD 0007F058
rpcrt4!TowerConstruct
00C4FFB4 77E887DD 0007F058 400847B0 00000070 0007F058
rpcrt4!I_RpcServerInqTransportType
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x378
eax=77ab4639 ebx=00000102 ecx=0007e8c8 edx=00000000
esi=77f8318c edi=00c8ff74
eip=77f83197 esp=00c8ff60 ebp=00c8ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0170d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C8FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
*----> Raw Stack Dump <----*
00c8ff60 17 76 e8 77 00 00 00 00 - 74 ff c8 00 b5 77 e8
77 .v.w....t....w.w
00c8ff70 f0 54 09 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 .T....<.....0u..
00c8ff80 eb 75 e8 77 60 ea 00 00 - 00 00 00 00 fc 85 ab
77 .u.w`..........w
00c8ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5
77 `....F.w.......w
00c8ffa0 f0 54 09 00 ec ff c8 00 - f0 54 09 00 53 46 ab
77 .T.......T..SF.w
00c8ffb0 d8 7a a6 77 c3 7a a6 77 - dd 87 e8 77 f0 54 09
00 .z.w.z.w...w.T..
00c8ffc0 d8 7a a6 77 c3 7a a6 77 - f0 54 09 00 00 c0 fd
7f .z.w.z.w.T......
00c8ffd0 c8 e8 07 00 c0 ff c8 00 - c8 e8 07 00 ff ff ff
ff ................
00c8ffe0 56 18 ea 77 88 ae e8 77 - 00 00 00 00 00 00 00
00 V..w...w........
00c8fff0 00 00 00 00 39 46 ab 77 - f0 54 09 00 00 00 00
00 ....9F.w.T......
00c90000 00 00 00 00 9f 00 13 00 - 10 00 90 01 17 00 b0
01 ................
00c90010 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90020 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90030 00 00 00 00 01 00 00 00 - 0d 02 01 01 00 00 00
00 ................
00c90040 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00
00 ................
00c90050 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90060 00 00 00 00 1f 00 89 01 - 00 00 00 00 ff ff ff
ff ................
00c90070 ff ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90080 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90090 21 00 8a 01 00 00 00 40 - 06 00 00 00 00 00 00
00 !......@........
State Dump for Thread Id 0x4b8
eax=00081720 ebx=00000002 ecx=77a52790 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d3fe5c ebp=00d3fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017bd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3FEA8 77E12A00 00D3FE80 00000001 00000000 00D3FEA0
ntdll!NtWaitForMultipleObjects
00D3FF04 77E12A77 00D3FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D3FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D3FF74 70C1AB1B 00D3FFA0 00D3FFA4 00D3FFA8 00D3FF9C !
Ordinal265
00D3FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D3FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x4f8
eax=000b3928 ebx=00000002 ecx=00000008 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d7fe5c ebp=00d7fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017fd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D7FEA8 77E12A00 00D7FE80 00000001 00000000 00D7FEA0
ntdll!NtWaitForMultipleObjects
00D7FF04 77E12A77 00D7FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D7FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D7FF74 70C1AB1B 00D7FFA0 00D7FFA4 00D7FFA8 00D7FF9C !
Ordinal265
00D7FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D7FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x424
eax=014cf27c ebx=014cf26c ecx=00000002 edx=00091f68
esi=00000000 edi=00091f68
eip=70dcf39f esp=014cf214 ebp=014cf224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:01f4c7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:01f4c84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:00091f68=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:01f4c7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:00091f68=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:01f4c7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:014cf27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:01f4c7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:01f4c7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:01f4c84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:01f4c84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
014CF224 702BE5B6 000CB024 0000000E 014CF27C 00091F68 !
DllGetClassObject
014CF248 10001B67 00088BD8 0000000E 014CF27C 00000001 !
RegisterFormatEnumerator
014CF2C0 702B6223 00000000 000C1A28 00088D78 00000000 !
<nosymbols>
014CF2E8 702D1A5A 00088BD0 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
014CF318 702BA988 00088BD0 00000016 000C1A28 702BA95D !
DllGetClassObject
014CF354 702C59C3 00000016 014CF5C0 00000000 000CF130 !
CoInternetQueryInfo
014CF7D0 702BB3AF 00000000 000CF130 000CF140 702BB372 !
FindMediaTypeClass
014CF7FC 702B8EF8 00000000 000B8558 00088BD0 00088BD8 !
IsAsyncMoniker
014CF824 702B7DA6 00088D78 000B8558 00088BD0 00088BD8 !
FindMediaType
014CF86C 70D495F1 00088BD0 000B8558 000CB044 00000000 !
CreateAsyncBindCtxEx
014CFAC0 70D4943E 000B8558 873F0000 014CFBE4 018E1EE0 !
DllGetClassObject
014CFADC 70D493A1 014CFBE4 018E1EF4 873F0000 018E1EE0 !
DllGetClassObject
014CFB00 70D4E77C 014CFBE4 018E1C40 00001FDD 873F0000 !
DllGetClassObject
014CFB50 70D4AB9F 018E1690 018E1C40 00000000 00000000 !
DllGetClassObject
014CFB74 70D4AAC1 018E1DC0 00000001 00000000 014CFBE4 !
DllGetClassObject
014CFBCC 70D50AF3 018E1DC0 00000000 10000000 000B6920 !
DllGetClassObject
014CFCE4 00000000 00400000 018E1360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
014cf214 00 00 00 00 7c f2 4c 01 - 7c 8d 08 00 00 00 00
00 ....|.L.|.......
014cf224 48 f2 4c 01 b6 e5 2b 70 - 24 b0 0c 00 0e 00 00
00 H.L...+p$.......
014cf234 7c f2 4c 01 68 1f 09 00 - 6c f2 4c 01 00 00 00
00 |.L.h...l.L.....
014cf244 4c 00 f6 01 c0 f2 4c 01 - 67 1b 00 10 d8 8b 08
00 L.....L.g.......
014cf254 0e 00 00 00 7c f2 4c 01 - 01 00 00 00 6c f2 4c
01 ....|.L.....l.L.
014cf264 d8 8b 08 00 0d 30 2c 70 - 00 00 00 00 28 1a 0c
00 .....0,p....(...
014cf274 7c 8d 08 00 d8 8b 08 00 - 06 00 00 00 90 f2 4c
01 |.............L.
014cf284 7c 8d 08 00 00 00 00 00 - d0 8b 08 00 14 00 00
00 |...............
014cf294 00 00 00 00 78 8d 08 00 - 00 00 00 00 00 00 00
00 ....x...........
014cf2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
014cf2b4 50 00 f6 01 98 58 0b 00 - 4c 00 f6 01 e8 f2 4c
01 P....X..L.....L.
014cf2c4 23 62 2b 70 00 00 00 00 - 28 1a 0c 00 78 8d 08
00 #b+p....(...x...
014cf2d4 00 00 00 00 00 00 00 00 - d0 8b 08 00 00 00 00
00 ................
014cf2e4 00 00 00 00 18 f3 4c 01 - 5a 1a 2d 70 d0 8b 08
00 ......L.Z.-p....
014cf2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
014cf304 28 1a 0c 00 00 00 00 00 - 00 00 00 00 ec f1 0c
00 (...............
014cf314 30 f1 0c 00 54 f3 4c 01 - 88 a9 2b 70 d0 8b 08
00 0...T.L...+p....
014cf324 16 00 00 00 28 1a 0c 00 - 5d a9 2b 70 00 1a 0c
00 ....(...].+p....
014cf334 16 00 00 00 28 1a 0c 00 - 04 01 00 00 30 f1 0c
00 ....(.......0...
014cf344 00 00 00 00 01 00 00 00 - 05 40 00 80 28 1a 0c
00 .........@..(...
State Dump for Thread Id 0x3ec
eax=778321fe ebx=00000003 ecx=7ffd9000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=01f1fd24 ebp=01f1fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0299d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01F1FD70 77E8A31D 01F1FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
01F1FFB4 77E887DD 00000004 000BB0FC 7FFD9000 000C0E58
kernel32!WaitForMultipleObjects
01F1FFEC 00000000 778321FE 000C0E58 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
01f1fd24 b7 7a e8 77 03 00 00 00 - 48 fd f1 01 01 00 00
00 .z.w....H.......
01f1fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 58 0e 0c
00 ............X...
01f1fd44 01 00 00 00 50 02 00 00 - 54 02 00 00 64 02 00
00 ....P...T...d...
01f1fd54 8c 4f 45 80 d8 fa 0f b7 - 38 df 61 e3 38 df 61
e3 .OE.....8.a.8.a.
01f1fd64 18 00 00 00 7c fa 0f b7 - d0 f8 44 80 b4 ff f1
01 ....|.....D.....
01f1fd74 1d a3 e8 77 48 fd f1 01 - 01 00 00 00 00 00 00
00 ...wH...........
01f1fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
01f1fd94 b0 fe f1 01 00 00 00 00 - ff ff ff ff 58 0e 0c
00 ............X...
01f1fda4 00 90 fd 7f fc b0 0b 00 - c0 fa 0f b7 d0 f8 44
80 ..............D.
01f1fdb4 3c df 61 e3 00 00 00 00 - 00 00 00 00 38 00 00
00 <.a.........8...
01f1fdc4 23 00 00 00 23 00 00 00 - fc b0 0b 00 00 90 fd
7f #...#...........
01f1fdd4 58 0e 0c 00 00 90 fd 7f - 00 90 fd 7f fe 21 83
77 X............!.w
01f1fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
01f1fdf4 fc ff f1 01 23 00 00 00 - 00 df 61 e3 a8 88 b3
e2 ....#.....a.....
01f1fe04 54 08 00 00 38 df 61 e3 - 38 df 61 e3 34 fd 0f
b7 T...8.a.8.a.4...
01f1fe14 8c 05 46 80 68 29 40 80 - ff ff ff ff 60 fb 0f
b7 ..F.h)@.....`...
01f1fe24 55 54 4a 80 68 02 5a 81 - 7c b1 00 00 a0 d3 9c
81 UTJ.h.Z.|.......
01f1fe34 00 07 00 00 ae cc 44 80 - 7c b1 00 00 a0 d3 9c
81 ......D.|.......
01f1fe44 7c b1 00 00 a0 d3 9c 81 - 01 c2 fd 7f 0b 01 00
00 |...............
01f1fe54 41 d6 44 80 0b 01 00 00 - f0 d0 59 81 00 c0 fd
7f A.D.......Y.....
Application exception occurred:
App: rundll32.exe (pid=884)
When: 10/14/2003 @ 14:59:33.656
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
576 regsvc.exe
600 mstask.exe
628 stisvc.exe
688 WinMgmt.exe
712 mspmspsv.exe
724 svchost.exe
1052 explorer.exe
1152 igfxtray.exe
1180 hkcmd.exe
1228 vptray.exe
1284 FINDFAST.exe
1304 OSA.exe
1376 ipmsg2.02.exe
1012 wmplayer.exe
1044 telnet.exe
408 nlnotes.exe
1108 naldaemn.exe
1272 nhldaemn.exe
884 rundll32.exe
924 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77D9E000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B3C000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(76B30000 - 76B6D000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(75030000 - 75043000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(71000000 - 71149000)
(66D20000 - 66D51000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(10000000 - 10017000)
State Dump for Thread Id 0x378
eax=000816d4 ebx=01402020 ecx=7117cff8 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 00084570 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 002A00F8 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 002A00F8 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A400 002A00F8 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 002A00F8 01000000 0007A2D0 00000374
shell32!SHFileOperationA
0006FF18 010016EB 002A00F8 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 60 4a 09 00 - dc e5 06 00 f8 b2 74
71 ....`J........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 6c 4b 09 00 60 4a 09 00 - e0 f8 07 00 04 02 0c
00 lK..`J..........
0006e5a0 0f 00 00 00 00 00 00 00 - 00 00 00 00 b7 46 54
01 .............FT.
0006e5b0 33 02 00 00 b5 01 00 00 - fe 00 00 00 00 00 00
00 3...............
0006e5c0 00 00 00 00 ff ff ff ff - 44 02 10 00 38 a4 77
71 ........D...8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - f8 00 2a 00 f4 e5 06
00 ./wq......*.....
0006e5e0 17 b5 74 71 70 45 08 00 - 00 00 00 00 00 00 00
00 ..tqpE..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 d0 a2 07 00 f8 00 2a 00 - 70 a3 07 00 00 00 00
00 ......*.p.......
0006e620 a4 02 01 43 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 52 00 01 01 20 00 00 00 - 40 00 00 00 78 01 07
00 R... [email protected]...
0006e690 78 01 07 00 78 01 07 00 - 78 01 07 00 30 00 00
00 x...x...x...0...
State Dump for Thread Id 0x52c
eax=00000120 ebx=0007f0a8 ecx=0007d2b8 edx=00000000
esi=0007d2b8 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D56D9E 77D39A00 0007D2B8 40084800 00000070
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D41C6C 0007E3C8 00C4FFEC 77E887DD 0007F0A8
rpcrt4!TowerConstruct
00C4FFB4 77E887DD 0007F0A8 40084800 00000070 0007F0A8
rpcrt4!I_RpcServerInqTransportType
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x420
eax=77ab4639 ebx=00000102 ecx=0007e918 edx=00000000
esi=77f8318c edi=00c8ff74
eip=77f83197 esp=00c8ff60 ebp=00c8ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0170d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C8FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
*----> Raw Stack Dump <----*
00c8ff60 17 76 e8 77 00 00 00 00 - 74 ff c8 00 b5 77 e8
77 .v.w....t....w.w
00c8ff70 00 f3 07 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 ......<.....0u..
00c8ff80 eb 75 e8 77 60 ea 00 00 - 00 00 00 00 fc 85 ab
77 .u.w`..........w
00c8ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5
77 `....F.w.......w
00c8ffa0 00 f3 07 00 ec ff c8 00 - 00 f3 07 00 53 46 ab
77 ............SF.w
00c8ffb0 d8 7a a6 77 c3 7a a6 77 - dd 87 e8 77 00 f3 07
00 .z.w.z.w...w....
00c8ffc0 d8 7a a6 77 c3 7a a6 77 - 00 f3 07 00 00 c0 fd
7f .z.w.z.w........
00c8ffd0 18 e9 07 00 c0 ff c8 00 - 18 e9 07 00 ff ff ff
ff ................
00c8ffe0 56 18 ea 77 88 ae e8 77 - 00 00 00 00 00 00 00
00 V..w...w........
00c8fff0 00 00 00 00 39 46 ab 77 - 00 f3 07 00 00 00 00
00 ....9F.w........
00c90000 00 00 00 00 9f 00 13 00 - 10 00 90 01 17 00 b0
01 ................
00c90010 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90020 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90030 00 00 00 00 01 00 00 00 - 0d 02 01 01 00 00 00
00 ................
00c90040 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00
00 ................
00c90050 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90060 00 00 00 00 1f 00 89 01 - 00 00 00 00 ff ff ff
ff ................
00c90070 ff ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90080 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90090 21 00 8a 01 00 00 00 40 - 06 00 00 00 00 00 00
00 !......@........
State Dump for Thread Id 0x48c
eax=00d3f27c ebx=00d3f26c ecx=00000002 edx=000c5078
esi=00000000 edi=000c5078
eip=70dcf39f esp=00d3f214 ebp=00d3f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:017bc7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:017bc84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000c5078=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:017bc7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000c5078=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:017bc7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:00d3f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:017bc7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:017bc7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:017bc84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:017bc84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3F224 702BE5B6 000C5174 0000000E 00D3F27C 000C5078 !
DllGetClassObject
00D3F248 10001B67 00088C28 0000000E 00D3F27C 00000001 !
RegisterFormatEnumerator
00D3F2C0 702B6223 00000000 000CA5E0 00088DC8 00000000 !
<nosymbols>
00D3F2E8 702D1A5A 00088C20 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
00D3F318 702BA988 00088C20 00000016 000CA5E0 702BA95D !
DllGetClassObject
00D3F354 702C59C3 00000016 00D3F5C0 00000000 000C9408 !
CoInternetQueryInfo
00D3F7D0 702BB3AF 00000000 000C9408 000C9418 702BB372 !
FindMediaTypeClass
00D3F7FC 702B8EF8 00000000 000923A8 00088C20 00088C28 !
IsAsyncMoniker
00D3F824 702B7DA6 00088DC8 000923A8 00088C20 00088C28 !
FindMediaType
00D3F86C 70D495F1 00088C20 000923A8 000C5194 00000000 !
CreateAsyncBindCtxEx
00D3FAC0 70D4943E 000923A8 873F0000 00D3FBE4 015E1EE0 !
DllGetClassObject
00D3FADC 70D493A1 00D3FBE4 015E1EF4 873F0000 015E1EE0 !
DllGetClassObject
00D3FB00 70D4E77C 00D3FBE4 015E1C40 00001FDD 873F0000 !
DllGetClassObject
00D3FB50 70D4AB9F 015E1690 015E1C40 00000000 00000000 !
DllGetClassObject
00D3FB74 70D4AAC1 015E1DC0 00000001 00000000 00D3FBE4 !
DllGetClassObject
00D3FBCC 70D50AF3 015E1DC0 00000000 10000000 000DB0F8 !
DllGetClassObject
00D3FCE4 00000000 00400000 015E1360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
00d3f214 00 00 00 00 7c f2 d3 00 - cc 8d 08 00 00 00 00
00 ....|...........
00d3f224 48 f2 d3 00 b6 e5 2b 70 - 74 51 0c 00 0e 00 00
00 H.....+ptQ......
00d3f234 7c f2 d3 00 78 50 0c 00 - 6c f2 d3 00 00 00 00
00 |...xP..l.......
00d3f244 4c 00 c6 01 c0 f2 d3 00 - 67 1b 00 10 28 8c 08
00 L.......g...(...
00d3f254 0e 00 00 00 7c f2 d3 00 - 01 00 00 00 6c f2 d3
00 ....|.......l...
00d3f264 28 8c 08 00 0d 30 2c 70 - 00 00 00 00 e0 a5 0c
00 (....0,p........
00d3f274 cc 8d 08 00 28 8c 08 00 - 06 00 00 00 90 f2 d3
00 ....(...........
00d3f284 cc 8d 08 00 00 00 00 00 - 20 8c 08 00 14 00 00
00 ........ .......
00d3f294 00 00 00 00 c8 8d 08 00 - 00 00 00 00 00 00 00
00 ................
00d3f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
00d3f2b4 50 00 c6 01 08 59 0b 00 - 4c 00 c6 01 e8 f2 d3
00 P....Y..L.......
00d3f2c4 23 62 2b 70 00 00 00 00 - e0 a5 0c 00 c8 8d 08
00 #b+p............
00d3f2d4 00 00 00 00 00 00 00 00 - 20 8c 08 00 00 00 00
00 ........ .......
00d3f2e4 00 00 00 00 18 f3 d3 00 - 5a 1a 2d 70 20 8c 08
00 ........Z.-p ...
00d3f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00d3f304 e0 a5 0c 00 00 00 00 00 - 00 00 00 00 c4 94 0c
00 ................
00d3f314 08 94 0c 00 54 f3 d3 00 - 88 a9 2b 70 20 8c 08
00 ....T.....+p ...
00d3f324 16 00 00 00 e0 a5 0c 00 - 5d a9 2b 70 c8 a1 0c
00 ........].+p....
00d3f334 16 00 00 00 e0 a5 0c 00 - 04 01 00 00 08 94 0c
00 ................
00d3f344 00 00 00 00 01 00 00 00 - 05 40 00 80 e0 a5 0c
00 .........@......
State Dump for Thread Id 0x424
eax=71160000 ebx=00000002 ecx=000010dc edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d7fe5c ebp=00d7fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017fd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D7FEA8 77E12A00 00D7FE80 00000001 00000000 00D7FEA0
ntdll!NtWaitForMultipleObjects
00D7FF04 77E12A77 00D7FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D7FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D7FF74 70C1AB1B 00D7FFA0 00D7FFA4 00D7FFA8 00D7FF9C !
Ordinal265
00D7FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D7FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x4d4
eax=70c1acaf ebx=00000002 ecx=00000000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=015dfe5c ebp=015dfea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0205d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
015DFEA8 77E12A00 015DFE80 00000001 00000000 015DFEA0
ntdll!NtWaitForMultipleObjects
015DFF04 77E12A77 015DFED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
015DFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
015DFF74 70C1AB1B 015DFFA0 015DFFA4 015DFFA8 015DFF9C !
Ordinal265
015DFFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
015DFFEC 00000000 70C1ACAF 00000000 00000000 015E00A1 !
Ordinal293
*----> Raw Stack Dump <----*
015dfe5c b7 7a e8 77 02 00 00 00 - 80 fe 5d 01 01 00 00
00 .z.w......].....
015dfe6c 00 00 00 00 a0 fe 5d 01 - 00 00 00 00 00 00 00
00 ......].........
015dfe7c 02 00 00 00 5c 01 00 00 - 7c 01 00 00 00 9c fd
7f ....\...|.......
015dfe8c 68 ff 5d 01 00 18 ea 77 - 7c fc 5d 01 00 00 00
00 h.]....w|.].....
015dfe9c 38 a0 e1 77 00 ba 3c dc - ff ff ff ff 04 ff 5d
01 8..w..<.......].
015dfeac 00 2a e1 77 80 fe 5d 01 - 01 00 00 00 00 00 00
00 .*.w..].........
015dfebc a0 fe 5d 01 00 00 00 00 - 60 ea 00 00 18 bb c2
70 ..].....`......p
015dfecc 00 00 00 00 5c 01 00 00 - 7c 01 00 00 68 ff 5d
01 ....\...|...h.].
015dfedc 68 ff 5d 01 95 2b f8 77 - 18 36 f8 77 ff ff ff
ff h.]..+.w.6.w....
015dfeec 78 ff 5d 01 0b 9f e8 77 - 00 00 00 00 cc 96 fd
7f x.]....w........
015dfefc 00 00 00 00 7c 01 00 00 - 20 ff 5d 01 77 2a e1
77 ....|... .].w*.w
015dff0c d0 fe 5d 01 38 bb c2 70 - 60 ea 00 00 41 00 00
00 ..].8..p`...A...
015dff1c 00 00 00 00 74 ff 5d 01 - 93 a7 c1 70 01 00 00
00 ....t.]....p....
015dff2c 38 bb c2 70 00 00 00 00 - 60 ea 00 00 41 00 00
00 8..p....`...A...
015dff3c 00 00 00 00 18 bb c2 70 - 00 00 00 00 00 00 00
00 .......p........
015dff4c 00 00 00 00 30 33 07 00 - 16 00 18 00 00 9c fd
7f ....03..........
015dff5c 00 00 00 00 00 ff 5d 01 - a0 35 54 01 18 bb c2
70 ......]..5T....p
015dff6c 60 ea 00 00 01 00 00 00 - ac ff 5d 01 1b ab c1
70 `.........]....p
015dff7c a0 ff 5d 01 a4 ff 5d 01 - a8 ff 5d 01 9c ff 5d
01 ..]...]...]...].
015dff8c 60 ea 00 00 00 00 00 00 - 00 00 bd 70 00 00 00
00 `..........p....
State Dump for Thread Id 0x4d0
eax=778321fe ebx=00000003 ecx=7ffdb000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=01c1fd24 ebp=01c1fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0269d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01C1FD70 77E8A31D 01C1FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
01C1FFB4 77E887DD 00000004 000821DC 7FFDB000 000DCCE8
kernel32!WaitForMultipleObjects
01C1FFEC 00000000 778321FE 000DCCE8 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
01c1fd24 b7 7a e8 77 03 00 00 00 - 48 fd c1 01 01 00 00
00 .z.w....H.......
01c1fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 e8 cc 0d
00 ................
01c1fd44 01 00 00 00 20 02 00 00 - 24 02 00 00 34 02 00
00 .... ...$...4...
01c1fd54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01c1fd64 00 00 00 00 00 00 00 00 - 00 00 00 00 b4 ff c1
01 ................
01c1fd74 1d a3 e8 77 48 fd c1 01 - 01 00 00 00 00 00 00
00 ...wH...........
01c1fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
01c1fd94 b0 fe c1 01 00 00 00 00 - ff ff ff ff e8 cc 0d
00 ................
01c1fda4 00 b0 fd 7f dc 21 08 00 - 00 00 00 00 38 00 00
00 .....!......8...
01c1fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
01c1fdc4 23 00 00 00 23 00 00 00 - dc 21 08 00 00 b0 fd
7f #...#....!......
01c1fdd4 e8 cc 0d 00 00 b0 fd 7f - 00 b0 fd 7f fe 21 83
77 .............!.w
01c1fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
01c1fdf4 fc ff c1 01 23 00 00 00 - 00 00 00 00 00 00 00
00 ....#...........
01c1fe04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01c1fe14 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01c1fe24 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01c1fe34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01c1fe44 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01c1fe54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
Application exception occurred:
App: rundll32.exe (pid=1420)
When: 10/14/2003 @ 14:59:49.265
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
576 regsvc.exe
600 mstask.exe
628 stisvc.exe
688 WinMgmt.exe
712 mspmspsv.exe
724 svchost.exe
1052 explorer.exe
1152 igfxtray.exe
1180 hkcmd.exe
1228 vptray.exe
1284 FINDFAST.exe
1304 OSA.exe
1376 ipmsg2.02.exe
1012 wmplayer.exe
1044 telnet.exe
408 nlnotes.exe
1108 naldaemn.exe
1272 nhldaemn.exe
1420 rundll32.exe
1100 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77D9E000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B3C000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(66D20000 - 66D51000)
(773E0000 - 773F5000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(75030000 - 75043000)
(75020000 - 75028000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(10000000 - 10017000)
State Dump for Thread Id 0x39c
eax=000021ff ebx=01402020 ecx=00000000 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 00084570 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 002C00F8 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 002C00F8 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A400 002C00F8 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 002C00F8 01000000 0007A2D0 0000058C
shell32!SHFileOperationA
0006FF18 010016EB 002C00F8 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 60 4a 09 00 - dc e5 06 00 f8 b2 74
71 ....`J........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 6c 4b 09 00 60 4a 09 00 - 30 f9 07 00 34 02 10
00 lK..`J..0...4...
0006e5a0 0f 00 00 00 00 00 00 00 - 00 00 00 00 51 86 54
01 ............Q.T.
0006e5b0 27 02 00 00 b8 01 00 00 - fe 00 00 00 00 00 00
00 '...............
0006e5c0 00 00 00 00 ff ff ff ff - 68 02 11 00 38 a4 77
71 ........h...8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - f8 00 2c 00 f4 e5 06
00 ./wq......,.....
0006e5e0 17 b5 74 71 70 45 08 00 - 00 00 00 00 00 00 00
00 ..tqpE..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 d0 a2 07 00 f8 00 2c 00 - 70 a3 07 00 00 00 00
00 ......,.p.......
0006e620 93 06 01 1b 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 53 00 01 01 20 00 00 00 - 40 00 00 00 78 01 07
00 S... [email protected]...
0006e690 78 01 07 00 78 01 07 00 - 78 01 07 00 30 00 00
00 x...x...x...0...
State Dump for Thread Id 0x374
eax=00000120 ebx=0007f0a8 ecx=0007d2b8 edx=00000000
esi=0007d2b8 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D56D9E 77D39A00 0007D2B8 40084800 00000070
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D41C6C 0007E3C8 00C4FFEC 77E887DD 0007F0A8
rpcrt4!TowerConstruct
00C4FFB4 77E887DD 0007F0A8 40084800 00000070 0007F0A8
rpcrt4!I_RpcServerInqTransportType
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x4d0
eax=77ab4639 ebx=00000102 ecx=0007e918 edx=00000000
esi=77f8318c edi=00c8ff74
eip=77f83197 esp=00c8ff60 ebp=00c8ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0170d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C8FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
*----> Raw Stack Dump <----*
00c8ff60 17 76 e8 77 00 00 00 00 - 74 ff c8 00 b5 77 e8
77 .v.w....t....w.w
00c8ff70 00 f3 07 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 ......<.....0u..
00c8ff80 eb 75 e8 77 60 ea 00 00 - 00 00 00 00 fc 85 ab
77 .u.w`..........w
00c8ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5
77 `....F.w.......w
00c8ffa0 00 f3 07 00 ec ff c8 00 - 00 f3 07 00 53 46 ab
77 ............SF.w
00c8ffb0 d8 7a a6 77 c3 7a a6 77 - dd 87 e8 77 00 f3 07
00 .z.w.z.w...w....
00c8ffc0 d8 7a a6 77 c3 7a a6 77 - 00 f3 07 00 00 c0 fd
7f .z.w.z.w........
00c8ffd0 18 e9 07 00 c0 ff c8 00 - 18 e9 07 00 ff ff ff
ff ................
00c8ffe0 56 18 ea 77 88 ae e8 77 - 00 00 00 00 00 00 00
00 V..w...w........
00c8fff0 00 00 00 00 39 46 ab 77 - 00 f3 07 00 00 00 00
00 ....9F.w........
00c90000 00 00 00 00 9f 00 13 00 - 10 00 90 01 17 00 b0
01 ................
00c90010 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90020 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90030 00 00 00 00 01 00 00 00 - 0d 02 01 01 00 00 00
00 ................
00c90040 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00
00 ................
00c90050 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90060 00 00 00 00 1f 00 89 01 - 00 00 00 00 ff ff ff
ff ................
00c90070 ff ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90080 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90090 21 00 8a 01 00 00 00 40 - 06 00 00 00 00 00 00
00 !......@........
State Dump for Thread Id 0x4d4
eax=00d3f27c ebx=00d3f26c ecx=00000002 edx=000d62a0
esi=00000000 edi=000d62a0
eip=70dcf39f esp=00d3f214 ebp=00d3f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:017bc7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:017bc84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000d62a0=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:017bc7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000d62a0=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:017bc7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:00d3f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:017bc7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:017bc7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:017bc84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:017bc84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3F224 702BE5B6 000B5D2C 0000000E 00D3F27C 000D62A0 !
DllGetClassObject
00D3F248 10001B67 00088C28 0000000E 00D3F27C 00000001 !
RegisterFormatEnumerator
00D3F2C0 702B6223 00000000 000BA868 00088DC8 00000000 !
<nosymbols>
00D3F2E8 702D1A5A 00088C20 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
00D3F318 702BA988 00088C20 00000016 000BA868 702BA95D !
DllGetClassObject
00D3F354 702C59C3 00000016 00D3F5C0 00000000 000D7368 !
CoInternetQueryInfo
00D3F7D0 702BB3AF 00000000 000D7368 000D7378 702BB372 !
FindMediaTypeClass
00D3F7FC 702B8EF8 00000000 000D3828 00088C20 00088C28 !
IsAsyncMoniker
00D3F824 702B7DA6 00088DC8 000D3828 00088C20 00088C28 !
FindMediaType
00D3F86C 70D495F1 00088C20 000D3828 000B5D4C 00000000 !
CreateAsyncBindCtxEx
00D3FAC0 70D4943E 000D3828 873F0000 00D3FBE4 01511EE0 !
DllGetClassObject
00D3FADC 70D493A1 00D3FBE4 01511EF4 873F0000 01511EE0 !
DllGetClassObject
00D3FB00 70D4E77C 00D3FBE4 01511C40 00001FDD 873F0000 !
DllGetClassObject
00D3FB50 70D4AB9F 01511690 01511C40 00000000 00000000 !
DllGetClassObject
00D3FB74 70D4AAC1 01511DC0 00000001 00000000 00D3FBE4 !
DllGetClassObject
00D3FBCC 70D50AF3 01511DC0 00000000 10000000 000D82E0 !
DllGetClassObject
00D3FCE4 00000000 00400000 01511360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
00d3f214 00 00 00 00 7c f2 d3 00 - cc 8d 08 00 00 00 00
00 ....|...........
00d3f224 48 f2 d3 00 b6 e5 2b 70 - 2c 5d 0b 00 0e 00 00
00 H.....+p,]......
00d3f234 7c f2 d3 00 a0 62 0d 00 - 6c f2 d3 00 00 00 00
00 |....b..l.......
00d3f244 4c 00 bb 01 c0 f2 d3 00 - 67 1b 00 10 28 8c 08
00 L.......g...(...
00d3f254 0e 00 00 00 7c f2 d3 00 - 01 00 00 00 6c f2 d3
00 ....|.......l...
00d3f264 28 8c 08 00 0d 30 2c 70 - 00 00 00 00 68 a8 0b
00 (....0,p....h...
00d3f274 cc 8d 08 00 28 8c 08 00 - 06 00 00 00 90 f2 d3
00 ....(...........
00d3f284 cc 8d 08 00 00 00 00 00 - 20 8c 08 00 14 00 00
00 ........ .......
00d3f294 00 00 00 00 c8 8d 08 00 - 00 00 00 00 00 00 00
00 ................
00d3f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
00d3f2b4 50 00 bb 01 30 81 0d 00 - 4c 00 bb 01 e8 f2 d3
00 P...0...L.......
00d3f2c4 23 62 2b 70 00 00 00 00 - 68 a8 0b 00 c8 8d 08
00 #b+p....h.......
00d3f2d4 00 00 00 00 00 00 00 00 - 20 8c 08 00 00 00 00
00 ........ .......
00d3f2e4 00 00 00 00 18 f3 d3 00 - 5a 1a 2d 70 20 8c 08
00 ........Z.-p ...
00d3f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00d3f304 68 a8 0b 00 00 00 00 00 - 00 00 00 00 24 74 0d
00 h...........$t..
00d3f314 68 73 0d 00 54 f3 d3 00 - 88 a9 2b 70 20 8c 08
00 hs..T.....+p ...
00d3f324 16 00 00 00 68 a8 0b 00 - 5d a9 2b 70 20 79 0d
00 ....h...].+p y..
00d3f334 16 00 00 00 68 a8 0b 00 - 04 01 00 00 68 73 0d
00 ....h.......hs..
00d3f344 00 00 00 00 01 00 00 00 - 05 40 00 80 68 a8 0b
00 [email protected]...
State Dump for Thread Id 0x424
eax=01960020 ebx=00000002 ecx=00000008 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d7fe5c ebp=00d7fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017fd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D7FEA8 77E12A00 00D7FE80 00000001 00000000 00D7FEA0
ntdll!NtWaitForMultipleObjects
00D7FF04 77E12A77 00D7FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D7FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D7FF74 70C1AB1B 00D7FFA0 00D7FFA4 00D7FFA8 00D7FF9C !
Ordinal265
00D7FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D7FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x52c
eax=778321fe ebx=00000003 ecx=7ffdb000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=01b4fd24 ebp=01b4fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:025cd2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01B4FD70 77E8A31D 01B4FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
01B4FFB4 77E887DD 00000004 000D5A44 7FFDB000 000D5A50
kernel32!WaitForMultipleObjects
01B4FFEC 00000000 778321FE 000D5A50 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
01b4fd24 b7 7a e8 77 03 00 00 00 - 48 fd b4 01 01 00 00
00 .z.w....H.......
01b4fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 50 5a 0d
00 ............PZ..
01b4fd44 01 00 00 00 04 02 00 00 - 08 02 00 00 18 02 00
00 ................
01b4fd54 80 ce 4e 81 08 ec 47 b7 - 01 f3 40 80 00 00 12
00 ..N...G...@.....
01b4fd64 00 00 00 00 00 47 87 81 - 02 00 00 00 b4 ff b4
01 .....G..........
01b4fd74 1d a3 e8 77 48 fd b4 01 - 01 00 00 00 00 00 00
00 ...wH...........
01b4fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
01b4fd94 b0 fe b4 01 00 00 00 00 - ff ff ff ff 50 5a 0d
00 ............PZ..
01b4fda4 00 b0 fd 7f 44 5a 0d 00 - 01 ec 47 b7 01 00 00
00 ....DZ....G.....
01b4fdb4 12 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
01b4fdc4 23 00 00 00 23 00 00 00 - 44 5a 0d 00 00 b0 fd
7f #...#...DZ......
01b4fdd4 50 5a 0d 00 00 b0 fd 7f - 00 b0 fd 7f fe 21 83
77 PZ...........!.w
01b4fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
01b4fdf4 fc ff b4 01 23 00 00 00 - 18 e9 47 b7 30 eb 47
b7 ....#.....G.0.G.
01b4fe04 98 eb 47 b7 3f 29 ef bf - a0 23 f0 bf ff ff ff
ff ..G.?)...#......
01b4fe14 a8 eb 47 b7 82 1c ef bf - e8 6e 4a 81 24 00 00
00 ..G......nJ.$...
01b4fe24 8f 1c ef bf 36 00 00 00 - 00 00 00 00 00 00 00
00 ....6...........
01b4fe34 00 00 00 00 24 00 00 00 - 80 29 2f 81 00 00 00
00 ....$....)/.....
01b4fe44 0e 00 00 00 12 00 00 00 - 00 00 00 00 58 36 3c
81 ............X6<.
01b4fe54 03 37 33 00 00 00 00 00 - 00 00 00 00 01 00 00
00 .73.............
Application exception occurred:
App: rundll32.exe (pid=1360)
When: 10/14/2003 @ 15:02:11.031
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
576 regsvc.exe
592 mstask.exe
616 stisvc.exe
684 WinMgmt.exe
708 mspmspsv.exe
720 svchost.exe
1048 explorer.exe
1204 igfxtray.exe
1232 hkcmd.exe
1160 vptray.exe
1064 FINDFAST.exe
1272 OSA.exe
1360 rundll32.exe
1120 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77D9E000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B3C000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(66D20000 - 66D51000)
(773E0000 - 773F5000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(75030000 - 75043000)
(75020000 - 75028000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(10000000 - 10017000)
State Dump for Thread Id 0x54c
eax=7f6f0824 ebx=01402020 ecx=00000200 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 00084490 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 000200C0 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 000200C0 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A218 000200C0 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 000200C0 01000000 0007A0E8 00000550
shell32!SHFileOperationA
0006FF18 010016EB 000200C0 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 28 47 09 00 - dc e5 06 00 f8 b2 74
71 ....(G........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 34 48 09 00 28 47 09 00 - 48 f7 07 00 d4 00 01
00 4H..(G..H.......
0006e5a0 00 02 00 00 00 00 00 00 - 29 01 38 01 a8 1f 01
00 ........).8.....
0006e5b0 d0 01 00 00 05 02 00 00 - fe 00 00 00 00 00 00
00 ................
0006e5c0 00 00 00 00 ff ff ff ff - c8 00 01 00 38 a4 77
71 ............8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - c0 00 02 00 f4 e5 06
00 ./wq............
0006e5e0 17 b5 74 71 90 44 08 00 - 00 00 00 00 00 00 00
00 ..tq.D..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 e8 a0 07 00 c0 00 02 00 - 78 01 07 00 78 01 07
00 ........x...x...
0006e620 b7 01 01 10 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 54 00 01 01 20 00 00 00 - 40 00 00 00 02 00 00
00 T... ...@.......
0006e690 00 00 66 00 80 92 e6 77 - 40 00 00 00 30 00 00
00 [email protected]...
State Dump for Thread Id 0x554
eax=00000120 ebx=0007eec0 ecx=0007d0d0 edx=00000000
esi=0007d0d0 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D56D9E 77D39A00 0007D0D0 40084720 00000070
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D41C6C 0007E1E0 00C4FFEC 77E887DD 0007EEC0
rpcrt4!TowerConstruct
00C4FFB4 77E887DD 0007EEC0 40084720 00000070 0007EEC0
rpcrt4!I_RpcServerInqTransportType
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x558
eax=77ab4639 ebx=00000102 ecx=0007e730 edx=00000000
esi=77f8318c edi=00c8ff74
eip=77f83197 esp=00c8ff60 ebp=00c8ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0170d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C8FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
*----> Raw Stack Dump <----*
00c8ff60 17 76 e8 77 00 00 00 00 - 74 ff c8 00 b5 77 e8
77 .v.w....t....w.w
00c8ff70 18 f1 07 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 ......<.....0u..
00c8ff80 eb 75 e8 77 60 ea 00 00 - 00 00 00 00 fc 85 ab
77 .u.w`..........w
00c8ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5
77 `....F.w.......w
00c8ffa0 18 f1 07 00 ec ff c8 00 - 18 f1 07 00 53 46 ab
77 ............SF.w
00c8ffb0 d8 7a a6 77 c3 7a a6 77 - dd 87 e8 77 18 f1 07
00 .z.w.z.w...w....
00c8ffc0 d8 7a a6 77 c3 7a a6 77 - 18 f1 07 00 00 c0 fd
7f .z.w.z.w........
00c8ffd0 30 e7 07 00 c0 ff c8 00 - 30 e7 07 00 ff ff ff
ff 0.......0.......
00c8ffe0 56 18 ea 77 88 ae e8 77 - 00 00 00 00 00 00 00
00 V..w...w........
00c8fff0 00 00 00 00 39 46 ab 77 - 18 f1 07 00 00 00 00
00 ....9F.w........
00c90000 00 00 00 00 9f 00 13 00 - 10 00 90 01 17 00 b0
01 ................
00c90010 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90020 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90030 00 00 00 00 01 00 00 00 - 0d 02 01 01 00 00 00
00 ................
00c90040 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00
00 ................
00c90050 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90060 00 00 00 00 1f 00 89 01 - 00 00 00 00 ff ff ff
ff ................
00c90070 ff ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90080 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90090 21 00 8a 01 00 00 00 40 - 06 00 00 00 00 00 00
00 !......@........
State Dump for Thread Id 0x578
eax=00d3f27c ebx=00d3f26c ecx=00000002 edx=000d4cb0
esi=00000000 edi=000d4cb0
eip=70dcf39f esp=00d3f214 ebp=00d3f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:017bc7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:017bc84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000d4cb0=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:017bc7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000d4cb0=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:017bc7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:00d3f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:017bc7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:017bc7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:017bc84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:017bc84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3F224 702BE5B6 000B49EC 0000000E 00D3F27C 000D4CB0 !
DllGetClassObject
00D3F248 10001B67 00088B48 0000000E 00D3F27C 00000001 !
RegisterFormatEnumerator
00D3F2C0 702B6223 00000000 000B9888 00088CE8 00000000 !
<nosymbols>
00D3F2E8 702D1A5A 00088B40 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
00D3F318 702BA988 00088B40 00000016 000B9888 702BA95D !
DllGetClassObject
00D3F354 702C59C3 00000016 00D3F5C0 00000000 000D6738 !
CoInternetQueryInfo
00D3F7D0 702BB3AF 00000000 000D6738 000D6748 702BB372 !
FindMediaTypeClass
00D3F7FC 702B8EF8 00000000 000D2228 00088B40 00088B48 !
IsAsyncMoniker
00D3F824 702B7DA6 00088CE8 000D2228 00088B40 00088B48 !
FindMediaType
00D3F86C 70D495F1 00088B40 000D2228 000B4A0C 00000000 !
CreateAsyncBindCtxEx
00D3FAC0 70D4943E 000D2228 873F0000 00D3FBE4 01051EE0 !
DllGetClassObject
00D3FADC 70D493A1 00D3FBE4 01051EF4 873F0000 01051EE0 !
DllGetClassObject
00D3FB00 70D4E77C 00D3FBE4 01051C40 00001FDD 873F0000 !
DllGetClassObject
00D3FB50 70D4AB9F 01051690 01051C40 00000000 00000000 !
DllGetClassObject
00D3FB74 70D4AAC1 01051DC0 00000001 00000000 00D3FBE4 !
DllGetClassObject
00D3FBCC 70D50AF3 01051DC0 00000000 10000000 000D6ED0 !
DllGetClassObject
00D3FCE4 00000000 00400000 01051360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
00d3f214 00 00 00 00 7c f2 d3 00 - ec 8c 08 00 00 00 00
00 ....|...........
00d3f224 48 f2 d3 00 b6 e5 2b 70 - ec 49 0b 00 0e 00 00
00 H.....+p.I......
00d3f234 7c f2 d3 00 b0 4c 0d 00 - 6c f2 d3 00 00 00 00
00 |....L..l.......
00d3f244 4c 00 6f 01 c0 f2 d3 00 - 67 1b 00 10 48 8b 08
00 L.o.....g...H...
00d3f254 0e 00 00 00 7c f2 d3 00 - 01 00 00 00 6c f2 d3
00 ....|.......l...
00d3f264 48 8b 08 00 0d 30 2c 70 - 00 00 00 00 88 98 0b
00 H....0,p........
00d3f274 ec 8c 08 00 48 8b 08 00 - 06 00 00 00 90 f2 d3
00 ....H...........
00d3f284 ec 8c 08 00 00 00 00 00 - 40 8b 08 00 14 00 00
00 ........@.......
00d3f294 00 00 00 00 e8 8c 08 00 - 00 00 00 00 00 00 00
00 ................
00d3f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
00d3f2b4 50 00 6f 01 f0 6d 0d 00 - 4c 00 6f 01 e8 f2 d3
00 P.o..m..L.o.....
00d3f2c4 23 62 2b 70 00 00 00 00 - 88 98 0b 00 e8 8c 08
00 #b+p............
00d3f2d4 00 00 00 00 00 00 00 00 - 40 8b 08 00 00 00 00
00 ........@.......
00d3f2e4 00 00 00 00 18 f3 d3 00 - 5a 1a 2d 70 40 8b 08
00 ........Z.-p@...
00d3f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00d3f304 88 98 0b 00 00 00 00 00 - 00 00 00 00 f4 67 0d
00 .............g..
00d3f314 38 67 0d 00 54 f3 d3 00 - 88 a9 2b 70 40 8b 08
00 8g..T.....+p@...
00d3f324 16 00 00 00 88 98 0b 00 - 5d a9 2b 70 f0 6c 0d
00 ........].+p.l..
00d3f334 16 00 00 00 88 98 0b 00 - 04 01 00 00 38 67 0d
00 ............8g..
00d3f344 00 00 00 00 01 00 00 00 - 05 40 00 80 88 98 0b
00 .........@......
State Dump for Thread Id 0x57c
eax=016e0020 ebx=00000002 ecx=00000008 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d7fe5c ebp=00d7fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017fd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D7FEA8 77E12A00 00D7FE80 00000001 00000000 00D7FEA0
ntdll!NtWaitForMultipleObjects
00D7FF04 77E12A77 00D7FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D7FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D7FF74 70C1AB1B 00D7FFA0 00D7FFA4 00D7FFA8 00D7FF9C !
Ordinal265
00D7FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D7FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x540
eax=778321fe ebx=00000003 ecx=7ffdb000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=0168fd24 ebp=0168fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0210d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0168FD70 77E8A31D 0168FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0168FFB4 77E887DD 00000004 000D4454 7FFDB000 000D4460
kernel32!WaitForMultipleObjects
0168FFEC 00000000 778321FE 000D4460 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0168fd24 b7 7a e8 77 03 00 00 00 - 48 fd 68 01 01 00 00
00 .z.w....H.h.....
0168fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 60 44 0d
00 ............`D..
0168fd44 01 00 00 00 08 02 00 00 - 0c 02 00 00 1c 02 00
00 ................
0168fd54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0168fd64 00 00 00 00 00 00 00 00 - 00 00 00 00 b4 ff 68
01 ..............h.
0168fd74 1d a3 e8 77 48 fd 68 01 - 01 00 00 00 00 00 00
00 ...wH.h.........
0168fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
0168fd94 b0 fe 68 01 00 00 00 00 - ff ff ff ff 60 44 0d
00 ..h.........`D..
0168fda4 00 b0 fd 7f 54 44 0d 00 - e9 ee 42 80 50 31 41
81 ....TD....B.P1A.
0168fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
0168fdc4 23 00 00 00 23 00 00 00 - 54 44 0d 00 00 b0 fd
7f #...#...TD......
0168fdd4 60 44 0d 00 00 b0 fd 7f - 00 b0 fd 7f fe 21 83
77 `D...........!.w
0168fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
0168fdf4 fc ff 68 01 23 00 00 00 - 14 55 42 01 68 bb 33
b7 ..h.#....UB.h.3.
0168fe04 c6 54 42 80 d4 4b 06 80 - 08 db 49 81 e0 2b 41
81 .TB..K....I..+A.
0168fe14 f1 e8 00 00 98 06 a2 81 - f1 e8 00 00 98 06 a2
81 ................
0168fe24 01 12 fa 7f 80 b0 41 81 - c1 99 00 00 18 9a 9a
81 ......A.........
0168fe34 00 07 00 00 ae cc 44 80 - c1 99 00 00 18 9a 9a
81 ......D.........
0168fe44 c1 99 00 00 18 9a 9a 81 - 01 92 f9 7f 33 05 00
00 ............3...
0168fe54 41 d6 44 80 33 05 00 00 - 30 6b 5b 81 00 90 f9
7f A.D.3...0k[.....
Application exception occurred:
App: rundll32.exe (pid=268)
When: 10/14/2003 @ 15:03:33.031
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
576 regsvc.exe
592 mstask.exe
616 stisvc.exe
684 WinMgmt.exe
708 mspmspsv.exe
720 svchost.exe
1048 explorer.exe
1204 igfxtray.exe
1232 hkcmd.exe
1160 vptray.exe
1064 FINDFAST.exe
1272 OSA.exe
268 rundll32.exe
1256 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77D9E000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B3C000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(66D20000 - 66D51000)
(773E0000 - 773F5000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(75030000 - 75043000)
(75020000 - 75028000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(10000000 - 10017000)
State Dump for Thread Id 0x2dc
eax=0008119c ebx=01402020 ecx=7117cff8 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 00084490 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 000700E6 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 000700E6 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A218 000700E6 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 000700E6 01000000 0007A0E8 0000010C
shell32!SHFileOperationA
0006FF18 010016EB 000700E6 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 28 47 09 00 - dc e5 06 00 f8 b2 74
71 ....(G........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 34 48 09 00 28 47 09 00 - f8 f6 07 00 f2 00 06
00 4H..(G..........
0006e5a0 0f 00 00 00 00 00 00 00 - 00 00 00 00 2d 5f 02
00 ............-_..
0006e5b0 2d 02 00 00 b8 01 00 00 - fe 00 00 00 00 00 00
00 -...............
0006e5c0 00 00 00 00 ff ff ff ff - f0 00 06 00 38 a4 77
71 ............8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - e6 00 07 00 f4 e5 06
00 ./wq............
0006e5e0 17 b5 74 71 90 44 08 00 - 00 00 00 00 00 00 00
00 ..tq.D..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 e8 a0 07 00 e6 00 07 00 - 78 01 07 00 78 01 07
00 ........x...x...
0006e620 8b 02 01 58 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 54 00 01 01 20 00 00 00 - 40 00 00 00 02 00 00
00 T... ...@.......
0006e690 00 00 66 00 80 92 e6 77 - 40 00 00 00 30 00 00
00 [email protected]...
State Dump for Thread Id 0x424
eax=00000120 ebx=0007eec0 ecx=0007d0d0 edx=00000000
esi=0007d0d0 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D56D9E 77D39A00 0007D0D0 40084720 00000070
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D41C6C 0007E1E0 00C4FFEC 77E887DD 0007EEC0
rpcrt4!TowerConstruct
00C4FFB4 77E887DD 0007EEC0 40084720 00000070 0007EEC0
rpcrt4!I_RpcServerInqTransportType
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x4f0
eax=77ab4639 ebx=00000102 ecx=0007e730 edx=00000000
esi=77f8318c edi=00c8ff74
eip=77f83197 esp=00c8ff60 ebp=00c8ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0170d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C8FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
*----> Raw Stack Dump <----*
00c8ff60 17 76 e8 77 00 00 00 00 - 74 ff c8 00 b5 77 e8
77 .v.w....t....w.w
00c8ff70 18 f1 07 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 ......<.....0u..
00c8ff80 eb 75 e8 77 60 ea 00 00 - 00 00 00 00 fc 85 ab
77 .u.w`..........w
00c8ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5
77 `....F.w.......w
00c8ffa0 18 f1 07 00 ec ff c8 00 - 18 f1 07 00 53 46 ab
77 ............SF.w
00c8ffb0 d8 7a a6 77 c3 7a a6 77 - dd 87 e8 77 18 f1 07
00 .z.w.z.w...w....
00c8ffc0 d8 7a a6 77 c3 7a a6 77 - 18 f1 07 00 00 c0 fd
7f .z.w.z.w........
00c8ffd0 30 e7 07 00 c0 ff c8 00 - 30 e7 07 00 ff ff ff
ff 0.......0.......
00c8ffe0 56 18 ea 77 88 ae e8 77 - 00 00 00 00 00 00 00
00 V..w...w........
00c8fff0 00 00 00 00 39 46 ab 77 - 18 f1 07 00 00 00 00
00 ....9F.w........
00c90000 00 00 00 00 9f 00 13 00 - 10 00 90 01 17 00 b0
01 ................
00c90010 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90020 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90030 00 00 00 00 01 00 00 00 - 0d 02 01 01 00 00 00
00 ................
00c90040 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00
00 ................
00c90050 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90060 00 00 00 00 1f 00 89 01 - 00 00 00 00 ff ff ff
ff ................
00c90070 ff ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90080 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90090 21 00 8a 01 00 00 00 40 - 06 00 00 00 00 00 00
00 !......@........
State Dump for Thread Id 0x45c
eax=000b5008 ebx=00000002 ecx=000000aa edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d3fe5c ebp=00d3fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017bd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3FEA8 77E12A00 00D3FE80 00000001 00000000 00D3FEA0
ntdll!NtWaitForMultipleObjects
00D3FF04 77E12A77 00D3FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D3FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D3FF74 70C1AB1B 00D3FFA0 00D3FFA4 00D3FFA8 00D3FF9C !
Ordinal265
00D3FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D3FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x460
eax=00d7f27c ebx=00d7f26c ecx=00000002 edx=000d95d0
esi=00000000 edi=000d95d0
eip=70dcf39f esp=00d7f214 ebp=00d7f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:017fc7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:017fc84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000d95d0=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:017fc7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000d95d0=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:017fc7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:00d7f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:017fc7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:017fc7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:017fc84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:017fc84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D7F224 702BE5B6 000B9634 0000000E 00D7F27C 000D95D0 !
DllGetClassObject
00D7F248 10001B67 00088B48 0000000E 00D7F27C 00000001 !
RegisterFormatEnumerator
00D7F2C0 702B6223 00000000 000BE880 00088CE8 00000000 !
<nosymbols>
00D7F2E8 702D1A5A 00088B40 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
00D7F318 702BA988 00088B40 00000016 000BE880 702BA95D !
DllGetClassObject
00D7F354 702C59C3 00000016 00D7F5C0 00000000 000DA7D8 !
CoInternetQueryInfo
00D7F7D0 702BB3AF 00000000 000DA7D8 000DA7E8 702BB372 !
FindMediaTypeClass
00D7F7FC 702B8EF8 00000000 000D69E0 00088B40 00088B48 !
IsAsyncMoniker
00D7F824 702B7DA6 00088CE8 000D69E0 00088B40 00088B48 !
FindMediaType
00D7F86C 70D495F1 00088B40 000D69E0 000B9654 00000000 !
CreateAsyncBindCtxEx
00D7FAC0 70D4943E 000D69E0 873F0000 00D7FBE4 01051EE0 !
DllGetClassObject
00D7FADC 70D493A1 00D7FBE4 01051EF4 873F0000 01051EE0 !
DllGetClassObject
00D7FB00 70D4E77C 00D7FBE4 01051C40 00001FDD 873F0000 !
DllGetClassObject
00D7FB50 70D4AB9F 01051690 01051C40 00000000 00000000 !
DllGetClassObject
00D7FB74 70D4AAC1 01051DC0 00000001 00000000 00D7FBE4 !
DllGetClassObject
00D7FBCC 70D50AF3 01051DC0 00000000 10000000 000DC468 !
DllGetClassObject
00D7FCE4 00000000 00400000 01051360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
00d7f214 00 00 00 00 7c f2 d7 00 - ec 8c 08 00 00 00 00
00 ....|...........
00d7f224 48 f2 d7 00 b6 e5 2b 70 - 34 96 0b 00 0e 00 00
00 H.....+p4.......
00d7f234 7c f2 d7 00 d0 95 0d 00 - 6c f2 d7 00 00 00 00
00 |.......l.......
00d7f244 4c 00 6f 01 c0 f2 d7 00 - 67 1b 00 10 48 8b 08
00 L.o.....g...H...
00d7f254 0e 00 00 00 7c f2 d7 00 - 01 00 00 00 6c f2 d7
00 ....|.......l...
00d7f264 48 8b 08 00 0d 30 2c 70 - 00 00 00 00 80 e8 0b
00 H....0,p........
00d7f274 ec 8c 08 00 48 8b 08 00 - 06 00 00 00 90 f2 d7
00 ....H...........
00d7f284 ec 8c 08 00 00 00 00 00 - 40 8b 08 00 14 00 00
00 ........@.......
00d7f294 00 00 00 00 e8 8c 08 00 - 00 00 00 00 00 00 00
00 ................
00d7f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
00d7f2b4 50 00 6f 01 e8 1c 0b 00 - 4c 00 6f 01 e8 f2 d7
00 P.o.....L.o.....
00d7f2c4 23 62 2b 70 00 00 00 00 - 80 e8 0b 00 e8 8c 08
00 #b+p............
00d7f2d4 00 00 00 00 00 00 00 00 - 40 8b 08 00 00 00 00
00 ........@.......
00d7f2e4 00 00 00 00 18 f3 d7 00 - 5a 1a 2d 70 40 8b 08
00 ........Z.-p@...
00d7f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00d7f304 80 e8 0b 00 00 00 00 00 - 00 00 00 00 94 a8 0d
00 ................
00d7f314 d8 a7 0d 00 54 f3 d7 00 - 88 a9 2b 70 40 8b 08
00 ....T.....+p@...
00d7f324 16 00 00 00 80 e8 0b 00 - 5d a9 2b 70 f8 b8 0d
00 ........].+p....
00d7f334 16 00 00 00 80 e8 0b 00 - 04 01 00 00 d8 a7 0d
00 ................
00d7f344 00 00 00 00 01 00 00 00 - 05 40 00 80 80 e8 0b
00 .........@......
State Dump for Thread Id 0x480
eax=778321fe ebx=00000003 ecx=7ffda000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=0168fd24 ebp=0168fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0210d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0168FD70 77E8A31D 0168FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0168FFB4 77E887DD 00000004 0008338C 7FFDA000 000D8D80
kernel32!WaitForMultipleObjects
0168FFEC 00000000 778321FE 000D8D80 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0168fd24 b7 7a e8 77 03 00 00 00 - 48 fd 68 01 01 00 00
00 .z.w....H.h.....
0168fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 80 8d 0d
00 ................
0168fd44 01 00 00 00 04 02 00 00 - 08 02 00 00 18 02 00
00 ................
0168fd54 e0 51 89 81 e0 51 89 81 - fc 6a 48 b7 94 4e 4a
80 .Q...Q...jH..NJ.
0168fd64 0f 4d 4a 80 40 00 00 00 - 94 6b 48 b7 b4 ff 68
01 [email protected].
0168fd74 1d a3 e8 77 48 fd 68 01 - 01 00 00 00 00 00 00
00 ...wH.h.........
0168fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
0168fd94 b0 fe 68 01 00 00 00 00 - ff ff ff ff 80 8d 0d
00 ..h.............
0168fda4 00 a0 fd 7f 8c 33 08 00 - 00 00 00 00 00 00 00
00 .....3..........
0168fdb4 20 00 4f 81 00 00 00 00 - 00 00 00 00 38 00 00
00 .O.........8...
0168fdc4 23 00 00 00 23 00 00 00 - 8c 33 08 00 00 a0 fd
7f #...#....3......
0168fdd4 80 8d 0d 00 00 a0 fd 7f - 00 a0 fd 7f fe 21 83
77 .............!.w
0168fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
0168fdf4 fc ff 68 01 23 00 00 00 - 28 6b 48 b7 8c 00 4f
81 ..h.#...(kH...O.
0168fe04 14 6b 48 b7 00 00 00 00 - e2 7b 41 80 00 00 00
00 .kH......{A.....
0168fe14 60 d9 46 80 48 eb 2b e3 - 3c 6b 48 b7 2b e7 49
80 `.F.H.+.<kH.+.I.
0168fe24 e0 d8 46 80 4a e7 49 80 - 91 ec 00 00 98 5d a2
81 ..F.J.I......]..
0168fe34 00 07 00 00 ae cc 44 80 - 91 ec 00 00 98 5d a2
81 ......D......]..
0168fe44 91 ec 00 00 98 5d a2 81 - 01 62 fd 7f 3a 05 00
00 .....]...b..:...
0168fe54 41 d6 44 80 3a 05 00 00 - 30 6b 5b 81 00 60 fd
7f A.D.:...0k[..`..
Application exception occurred:
App: rundll32.exe (pid=1152)
When: 10/14/2003 @ 15:05:44.203
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
576 regsvc.exe
592 mstask.exe
616 stisvc.exe
684 WinMgmt.exe
708 mspmspsv.exe
720 svchost.exe
1048 explorer.exe
1204 igfxtray.exe
1232 hkcmd.exe
1160 vptray.exe
1064 FINDFAST.exe
1272 OSA.exe
1152 rundll32.exe
1144 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77D9E000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B3C000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(76B30000 - 76B6D000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(75030000 - 75043000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(71000000 - 71149000)
(76DF0000 - 76E01000)
(75160000 - 7516C000)
(75210000 - 75225000)
(751D0000 - 75208000)
(71F00000 - 71F4D000)
(77570000 - 775A0000)
(6A8F0000 - 6A910000)
(74870000 - 74886000)
(77410000 - 77423000)
(70020000 - 70025000)
(66D20000 - 66D51000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(10000000 - 10017000)
State Dump for Thread Id 0x10c
eax=0008119c ebx=01402020 ecx=7117cff8 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 00084490 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 000C00F0 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 000C00F0 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A218 000C00F0 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 000C00F0 01000000 0007A0E8 00000480
shell32!SHFileOperationA
0006FF18 010016EB 000C00F0 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 28 47 09 00 - dc e5 06 00 f8 b2 74
71 ....(G........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 34 48 09 00 28 47 09 00 - 48 f7 07 00 4e 01 02
00 4H..(G..H...N...
0006e5a0 0f 00 00 00 00 00 00 00 - 00 00 00 00 b6 5e 04
00 .............^..
0006e5b0 38 02 00 00 b4 01 00 00 - fe 00 00 00 00 00 00
00 8...............
0006e5c0 00 00 00 00 ff ff ff ff - e6 00 0c 00 38 a4 77
71 ............8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - f0 00 0c 00 f4 e5 06
00 ./wq............
0006e5e0 17 b5 74 71 90 44 08 00 - 00 00 00 00 00 00 00
00 ..tq.D..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 e8 a0 07 00 f0 00 0c 00 - 78 01 07 00 78 01 07
00 ........x...x...
0006e620 71 02 01 5f 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 53 00 01 01 20 00 00 00 - 40 00 00 00 02 00 00
00 S... ...@.......
0006e690 00 00 66 00 80 92 e6 77 - 40 00 00 00 30 00 00
00 [email protected]...
State Dump for Thread Id 0x460
eax=00000120 ebx=0007eec0 ecx=0007d0d0 edx=00000000
esi=0007d0d0 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D56D9E 77D39A00 0007D0D0 40084720 00000070
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D41C6C 0007E1E0 00C4FFEC 77E887DD 0007EEC0
rpcrt4!TowerConstruct
00C4FFB4 77E887DD 0007EEC0 40084720 00000070 0007EEC0
rpcrt4!I_RpcServerInqTransportType
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x4f0
eax=016a0020 ebx=00000002 ecx=00000008 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d3fe5c ebp=00d3fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017bd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3FEA8 77E12A00 00D3FE80 00000001 00000000 00D3FEA0
ntdll!NtWaitForMultipleObjects
00D3FF04 77E12A77 00D3FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D3FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D3FF74 70C1AB1B 00D3FFA0 00D3FFA4 00D3FFA8 00D3FF9C !
Ordinal265
00D3FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D3FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x424
eax=016a0020 ebx=00000002 ecx=00000008 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d7fe5c ebp=00d7fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017fd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D7FEA8 77E12A00 00D7FE80 00000001 00000000 00D7FEA0
ntdll!NtWaitForMultipleObjects
00D7FF04 77E12A77 00D7FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D7FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D7FF74 70C1AB1B 00D7FFA0 00D7FFA4 00D7FFA8 00D7FF9C !
Ordinal265
00D7FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D7FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x3f8
eax=010bf27c ebx=010bf26c ecx=00000002 edx=000b5440
esi=00000000 edi=000b5440
eip=70dcf39f esp=010bf214 ebp=010bf224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:01b3c7f6=f00d0bad
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:01b3c84f=adf00d0b
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000b5440=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:01b3c7f6=f00d0bad
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000b5440=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:01b3c7f6=f00d0bad
70dcf3a4 8908 mov
[eax],ecx ds:010bf27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:01b3c7f6=f00d0bad
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:01b3c7f6=f00d0bad
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:01b3c84e=f00d0bad
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:01b3c84e=f00d0bad
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
010BF224 702BE5B6 000D275C 0000000E 010BF27C 000B5440 !
DllGetClassObject
010BF248 10001B67 00088B48 0000000E 010BF27C 00000001 !
RegisterFormatEnumerator
010BF2C0 702B6223 00000000 000B2D98 00088CE8 00000000 !
<nosymbols>
010BF2E8 702D1A5A 00088B40 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
010BF318 702BA988 00088B40 00000016 000B2D98 702BA95D !
DllGetClassObject
010BF354 702C59C3 00000016 010BF5C0 00000000 000C6318 !
CoInternetQueryInfo
010BF7D0 702BB3AF 00000000 000C6318 000C6328 702BB372 !
FindMediaTypeClass
010BF7FC 702B8EF8 00000000 000BCF40 00088B40 00088B48 !
IsAsyncMoniker
010BF824 702B7DA6 00088CE8 000BCF40 00088B40 00088B48 !
FindMediaType
010BF86C 70D495F1 00088B40 000BCF40 000D277C 00000000 !
CreateAsyncBindCtxEx
010BFAC0 70D4943E 000BCF40 873F0000 010BFBE4 01551EE0 !
DllGetClassObject
010BFADC 70D493A1 010BFBE4 01551EF4 873F0000 01551EE0 !
DllGetClassObject
010BFB00 70D4E77C 010BFBE4 01551C40 00001FDD 873F0000 !
DllGetClassObject
010BFB50 70D4AB9F 01551690 01551C40 00000000 00000000 !
DllGetClassObject
010BFB74 70D4AAC1 01551DC0 00000001 00000000 010BFBE4 !
DllGetClassObject
010BFBCC 70D50AF3 01551DC0 00000000 10000000 000B2538 !
DllGetClassObject
010BFCE4 00000000 00400000 01551360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
010bf214 00 00 00 00 7c f2 0b 01 - ec 8c 08 00 00 00 00
00 ....|...........
010bf224 48 f2 0b 01 b6 e5 2b 70 - 5c 27 0d 00 0e 00 00
00 H.....+p\'......
010bf234 7c f2 0b 01 40 54 0b 00 - 6c f2 0b 01 00 00 00
00 |[email protected].......
010bf244 4c 00 bd 01 c0 f2 0b 01 - 67 1b 00 10 48 8b 08
00 L.......g...H...
010bf254 0e 00 00 00 7c f2 0b 01 - 01 00 00 00 6c f2 0b
01 ....|.......l...
010bf264 48 8b 08 00 0d 30 2c 70 - 00 00 00 00 98 2d 0b
00 H....0,p.....-..
010bf274 ec 8c 08 00 48 8b 08 00 - 06 00 00 00 90 f2 0b
01 ....H...........
010bf284 ec 8c 08 00 00 00 00 00 - 40 8b 08 00 14 00 00
00 ........@.......
010bf294 00 00 00 00 e8 8c 08 00 - 00 00 00 00 00 00 00
00 ................
010bf2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
010bf2b4 50 00 bd 01 90 5b 0b 00 - 4c 00 bd 01 e8 f2 0b
01 P....[..L.......
010bf2c4 23 62 2b 70 00 00 00 00 - 98 2d 0b 00 e8 8c 08
00 #b+p.....-......
010bf2d4 00 00 00 00 00 00 00 00 - 40 8b 08 00 00 00 00
00 ........@.......
010bf2e4 00 00 00 00 18 f3 0b 01 - 5a 1a 2d 70 40 8b 08
00 ........Z.-p@...
010bf2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
010bf304 98 2d 0b 00 00 00 00 00 - 00 00 00 00 d4 63 0c
00 .-...........c..
010bf314 18 63 0c 00 54 f3 0b 01 - 88 a9 2b 70 40 8b 08
00 .c..T.....+p@...
010bf324 16 00 00 00 98 2d 0b 00 - 5d a9 2b 70 28 72 0b
00 .....-..].+p(r..
010bf334 16 00 00 00 98 2d 0b 00 - 04 01 00 00 18 63 0c
00 .....-.......c..
010bf344 00 00 00 00 01 00 00 00 - 05 40 00 80 98 2d 0b
00 [email protected]..
State Dump for Thread Id 0x128
eax=77ab4639 ebx=00000102 ecx=00070778 edx=00000000
esi=77f8318c edi=0154ff74
eip=77f83197 esp=0154ff60 ebp=0154ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:01fcd533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0154FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
*----> Raw Stack Dump <----*
0154ff60 17 76 e8 77 00 00 00 00 - 74 ff 54 01 b5 77 e8
77 .v.w....t.T..w.w
0154ff70 40 87 08 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 @.....<.....0u..
0154ff80 eb 75 e8 77 60 ea 00 00 - 00 00 00 00 fc 85 ab
77 .u.w`..........w
0154ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5
77 `....F.w.......w
0154ffa0 40 87 08 00 ec ff 54 01 - 40 87 08 00 53 46 ab
77 @[email protected]
0154ffb0 d8 7a a6 77 c3 7a a6 77 - dd 87 e8 77 40 87 08
00 .z.w.z.w...w@...
0154ffc0 d8 7a a6 77 c3 7a a6 77 - 40 87 08 00 00 c0 fd
7f .z.w.z.w@.......
0154ffd0 78 07 07 00 c0 ff 54 01 - 78 07 07 00 ff ff ff
ff x.....T.x.......
0154ffe0 56 18 ea 77 88 ae e8 77 - 00 00 00 00 00 00 00
00 V..w...w........
0154fff0 00 00 00 00 39 46 ab 77 - 40 87 08 00 00 00 00
00 ....9F.w@.......
01550000 a1 00 55 01 01 00 00 00 - 07 00 00 00 00 00 00
0a ..U.............
01550010 00 00 00 00 00 00 00 00 - 00 06 00 00 00 00 00
06 ................
01550020 00 00 00 00 00 1d 00 00 - 00 00 00 00 00 00 00
00 ................
01550030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01550040 00 00 01 01 0c 00 00 00 - 00 00 00 00 00 00 00
00 ................
01550050 01 0a 00 00 00 00 00 00 - 00 00 00 01 00 00 00
00 ................
01550060 01 02 00 01 02 00 0a 00 - 00 00 00 00 00 00 00
00 ................
01550070 03 00 00 13 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01550080 00 00 00 00 00 00 11 00 - 00 00 00 00 00 00 00
00 ................
01550090 00 00 00 00 00 00 00 05 - 00 00 00 00 05 00 00
00 ................
State Dump for Thread Id 0x46c
eax=778321fe ebx=00000003 ecx=7ffd9000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=01b8fd24 ebp=01b8fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0260d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01B8FD70 77E8A31D 01B8FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
01B8FFB4 77E887DD 00000004 000BD354 7FFD9000 000C15E8
kernel32!WaitForMultipleObjects
01B8FFEC 00000000 778321FE 000C15E8 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
01b8fd24 b7 7a e8 77 03 00 00 00 - 48 fd b8 01 01 00 00
00 .z.w....H.......
01b8fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 e8 15 0c
00 ................
01b8fd44 01 00 00 00 58 02 00 00 - 5c 02 00 00 6c 02 00
00 ....X...\...l...
01b8fd54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01b8fd64 00 00 00 00 00 00 00 00 - 00 00 00 00 b4 ff b8
01 ................
01b8fd74 1d a3 e8 77 48 fd b8 01 - 01 00 00 00 00 00 00
00 ...wH...........
01b8fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
01b8fd94 b0 fe b8 01 00 00 00 00 - ff ff ff ff e8 15 0c
00 ................
01b8fda4 00 90 fd 7f 54 d3 0b 00 - 00 00 00 00 00 00 00
00 ....T...........
01b8fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
01b8fdc4 23 00 00 00 23 00 00 00 - 54 d3 0b 00 00 90 fd
7f #...#...T.......
01b8fdd4 e8 15 0c 00 00 90 fd 7f - 00 90 fd 7f fe 21 83
77 .............!.w
01b8fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
01b8fdf4 fc ff b8 01 23 00 00 00 - 00 00 00 00 00 00 00
00 ....#...........
01b8fe04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01b8fe14 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01b8fe24 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01b8fe34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01b8fe44 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01b8fe54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
Application exception occurred:
App: rundll32.exe (pid=1416)
When: 10/14/2003 @ 17:22:58.406
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
392 svchost.exe
424 spoolsv.exe
452 defwatch.exe
468 svchost.exe
496 nslsvice.exe
508 nsl.exe
520 rtvscan.exe
572 regsvc.exe
592 mstask.exe
636 stisvc.exe
696 WinMgmt.exe
712 mspmspsv.exe
724 svchost.exe
1040 explorer.exe
1148 igfxtray.exe
1196 hkcmd.exe
1228 vptray.exe
1284 FINDFAST.exe
1292 OSA.exe
1388 ipmsg2.02.exe
316 YPager.exe
1096 VB6.exe
1044 IEXPLORE.exe
1416 rundll32.exe
1432 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77D9E000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B3C000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(10000000 - 10007000)
(66D20000 - 66D51000)
(773E0000 - 773F5000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(75030000 - 75043000)
(75020000 - 75028000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(016E0000 - 016F7000)
State Dump for Thread Id 0x374
eax=000021ff ebx=01402020 ecx=00000000 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 000846B8 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 00180290 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 00180290 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A548 00180290 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 00180290 01000000 0007A418 00000588
shell32!SHFileOperationA
0006FF18 010016EB 00180290 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 c8 40 09 00 - dc e5 06 00 f8 b2 74
71 [email protected]
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 d4 41 09 00 c8 40 09 00 - 78 fa 07 00 54 02 0a
00 [email protected]...
0006e5a0 0f 00 00 00 00 00 00 00 - 00 00 00 00 55 04 7d
00 ............U.}.
0006e5b0 32 02 00 00 b2 01 00 00 - fe 00 00 00 00 00 00
00 2...............
0006e5c0 00 00 00 00 ff ff ff ff - c4 01 1d 00 38 a4 77
71 ............8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - 90 02 18 00 f4 e5 06
00 ./wq............
0006e5e0 17 b5 74 71 b8 46 08 00 - 00 00 00 00 00 00 00
00 ..tq.F..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 18 a4 07 00 90 02 18 00 - b8 a4 07 00 00 00 00
00 ................
0006e620 9d 02 01 91 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 85 04 01 65 20 00 00 00 - 40 00 00 00 78 01 07
00 ...e [email protected]...
0006e690 78 01 07 00 78 01 07 00 - 78 01 07 00 30 00 00
00 x...x...x...0...
State Dump for Thread Id 0x220
eax=00000120 ebx=0007f1f0 ecx=0007d400 edx=00000000
esi=0007d400 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D56D9E 77D39A00 0007D400 40097C18 00000070
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D41C6C 0007E510 00C4FFEC 77E887DD 0007F1F0
rpcrt4!TowerConstruct
00C4FFB4 77E887DD 0007F1F0 40097C18 00000070 0007F1F0
rpcrt4!I_RpcServerInqTransportType
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x5a0
eax=77ab4639 ebx=00c8ff80 ecx=0007ea60 edx=00000000
esi=77f8377b edi=00000128
eip=77f83786 esp=00c8ff64 ebp=00c8ff88 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:0170d537=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C8FF88 77AB4719 00000128 00007530 00000000 77A50000
ntdll!NtWaitForSingleObject
00007530 00000000 00000000 00000000 00000000 00000000
ole32!UpdateDCOMSettings
*----> Raw Stack Dump <----*
00c8ff64 0f 78 e8 77 28 01 00 00 - 00 00 00 00 80 ff c8
00 .x.w(...........
00c8ff74 b5 77 e8 77 48 f4 07 00 - 02 01 00 00 00 5d 1e
ee .w.wH........]..
00c8ff84 ff ff ff ff 30 75 00 00 - 19 47 ab 77 28 01 00
00 ....0u...G.w(...
00c8ff94 30 75 00 00 00 00 00 00 - 00 00 a5 77 48 f4 07
00 0u.........wH...
00c8ffa4 ec ff c8 00 48 f4 07 00 - 53 46 ab 77 d8 7a a6
77 ....H...SF.w.z.w
00c8ffb4 c3 7a a6 77 dd 87 e8 77 - 48 f4 07 00 d8 7a a6
77 .z.w...wH....z.w
00c8ffc4 c3 7a a6 77 48 f4 07 00 - 00 c0 fd 7f 60 ea 07
00 .z.wH.......`...
00c8ffd4 c0 ff c8 00 60 ea 07 00 - ff ff ff ff 56 18 ea
77 ....`.......V..w
00c8ffe4 88 ae e8 77 00 00 00 00 - 00 00 00 00 00 00 00
00 ...w............
00c8fff4 39 46 ab 77 48 f4 07 00 - 00 00 00 00 00 00 00
00 9F.wH...........
00c90004 9f 00 13 00 10 00 90 01 - 17 00 b0 01 ff ff ff
00 ................
00c90014 ff ff ff 00 00 00 00 00 - 00 00 00 00 ff ff ff
00 ................
00c90024 ff ff ff 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90034 01 00 00 00 0d 02 01 01 - 00 00 00 00 00 00 00
00 ................
00c90044 00 00 00 00 00 00 00 00 - 02 00 00 00 01 00 00
00 ................
00c90054 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90064 1f 00 89 01 00 00 00 00 - ff ff ff ff ff ff ff
ff ................
00c90074 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90084 01 00 00 00 00 00 00 00 - 00 00 00 00 21 00 8a
01 ............!...
00c90094 00 00 00 40 06 00 00 00 - 00 00 00 00 00 00 00
00 ...@............
State Dump for Thread Id 0x58c
eax=00d3f27c ebx=00d3f26c ecx=00000002 edx=000d5450
esi=00000000 edi=000d5450
eip=70dcf39f esp=00d3f214 ebp=00d3f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:017bc7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:017bc84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000d5450=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:017bc7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000d5450=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:017bc7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:00d3f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:017bc7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:017bc7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:017bc84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:017bc84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3F224 702BE5B6 000B4F0C 0000000E 00D3F27C 000D5450 !
DllGetClassObject
00D3F248 016E1B67 00088D70 0000000E 00D3F27C 00000001 !
RegisterFormatEnumerator
00D3F2C0 702B6223 00000000 000D6DA8 00088F10 00000000 !
<nosymbols>
00D3F2E8 702D1A5A 00088D68 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
00D3F318 702BA988 00088D68 00000016 000D6DA8 702BA95D !
DllGetClassObject
00D3F354 702C59C3 00000016 00D3F5C0 00000000 000D5548 !
CoInternetQueryInfo
00D3F7D0 702BB3AF 00000000 000D5548 000D5558 702BB372 !
FindMediaTypeClass
00D3F7FC 702B8EF8 00000000 000D2A10 00088D68 00088D70 !
IsAsyncMoniker
00D3F824 702B7DA6 00088F10 000D2A10 00088D68 00088D70 !
FindMediaType
00D3F86C 70D495F1 00088D68 000D2A10 000B4F2C 00000000 !
CreateAsyncBindCtxEx
00D3FAC0 70D4943E 000D2A10 873F0000 00D3FBE4 01051EE0 !
DllGetClassObject
00D3FADC 70D493A1 00D3FBE4 01051EF4 873F0000 01051EE0 !
DllGetClassObject
00D3FB00 70D4E77C 00D3FBE4 01051C40 00001FDD 873F0000 !
DllGetClassObject
00D3FB50 70D4AB9F 01051690 01051C40 00000000 00000000 !
DllGetClassObject
00D3FB74 70D4AAC1 01051DC0 00000001 00000000 00D3FBE4 !
DllGetClassObject
00D3FBCC 70D50AF3 01051DC0 00000000 10000000 000D7840 !
DllGetClassObject
00D3FCE4 00000000 00400000 01051360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
00d3f214 00 00 00 00 7c f2 d3 00 - 14 8f 08 00 00 00 00
00 ....|...........
00d3f224 48 f2 d3 00 b6 e5 2b 70 - 0c 4f 0b 00 0e 00 00
00 H.....+p.O......
00d3f234 7c f2 d3 00 50 54 0d 00 - 6c f2 d3 00 00 00 00
00 |...PT..l.......
00d3f244 4c 00 71 01 c0 f2 d3 00 - 67 1b 6e 01 70 8d 08
00 L.q.....g.n.p...
00d3f254 0e 00 00 00 7c f2 d3 00 - 01 00 00 00 6c f2 d3
00 ....|.......l...
00d3f264 70 8d 08 00 0d 30 2c 70 - 00 00 00 00 a8 6d 0d
00 p....0,p.....m..
00d3f274 14 8f 08 00 70 8d 08 00 - 06 00 00 00 90 f2 d3
00 ....p...........
00d3f284 14 8f 08 00 00 00 00 00 - 68 8d 08 00 14 00 00
00 ........h.......
00d3f294 00 00 00 00 10 8f 08 00 - 00 00 00 00 00 00 00
00 ................
00d3f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
00d3f2b4 50 00 71 01 10 73 0d 00 - 4c 00 71 01 e8 f2 d3
00 P.q..s..L.q.....
00d3f2c4 23 62 2b 70 00 00 00 00 - a8 6d 0d 00 10 8f 08
00 #b+p.....m......
00d3f2d4 00 00 00 00 00 00 00 00 - 68 8d 08 00 00 00 00
00 ........h.......
00d3f2e4 00 00 00 00 18 f3 d3 00 - 5a 1a 2d 70 68 8d 08
00 ........Z.-ph...
00d3f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00d3f304 a8 6d 0d 00 00 00 00 00 - 00 00 00 00 04 56 0d
00 .m...........V..
00d3f314 48 55 0d 00 54 f3 d3 00 - 88 a9 2b 70 68 8d 08
00 HU..T.....+ph...
00d3f324 16 00 00 00 a8 6d 0d 00 - 5d a9 2b 70 40 71 0d
00 .....m..].+p@q..
00d3f334 16 00 00 00 a8 6d 0d 00 - 04 01 00 00 48 55 0d
00 .....m......HU..
00d3f344 00 00 00 00 01 00 00 00 - 05 40 00 80 a8 6d 0d
00 [email protected]..
State Dump for Thread Id 0x5a8
eax=00000000 ebx=00000002 ecx=7ffda000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d7fe5c ebp=00d7fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017fd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D7FEA8 77E12A00 00D7FE80 00000001 00000000 00D7FEA0
ntdll!NtWaitForMultipleObjects
00D7FF04 77E12A77 00D7FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D7FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D7FF74 70C1AB1B 00D7FFA0 00D7FFA4 00D7FFA8 00D7FF9C !
Ordinal265
00D7FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D7FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x5a4
eax=778321fe ebx=00000003 ecx=7ffdb000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=0168fd24 ebp=0168fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0210d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0168FD70 77E8A31D 0168FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0168FFB4 77E887DD 00000004 000D4BF4 7FFDB000 000D4C00
kernel32!WaitForMultipleObjects
0168FFEC 00000000 778321FE 000D4C00 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0168fd24 b7 7a e8 77 03 00 00 00 - 48 fd 68 01 01 00 00
00 .z.w....H.h.....
0168fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 4c 0d
00 .............L..
0168fd44 01 00 00 00 04 02 00 00 - 08 02 00 00 18 02 00
00 ................
0168fd54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0168fd64 00 00 00 00 00 00 00 00 - 00 00 00 00 b4 ff 68
01 ..............h.
0168fd74 1d a3 e8 77 48 fd 68 01 - 01 00 00 00 00 00 00
00 ...wH.h.........
0168fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
0168fd94 b0 fe 68 01 00 00 00 00 - ff ff ff ff 00 4c 0d
00 ..h..........L..
0168fda4 00 b0 fd 7f f4 4b 0d 00 - e0 bd 4e 81 00 00 00
00 .....K....N.....
0168fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
0168fdc4 23 00 00 00 23 00 00 00 - f4 4b 0d 00 00 b0 fd
7f #...#....K......
0168fdd4 00 4c 0d 00 00 b0 fd 7f - 00 b0 fd 7f fe 21 83
77 .L...........!.w
0168fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
0168fdf4 fc ff 68 01 23 00 00 00 - 8c 4f 45 80 80 3b 10
b7 ..h.#....OE..;..
0168fe04 08 50 47 81 08 50 47 81 - 40 00 00 00 24 3b 10
b7 .PG..PG.@...$;..
0168fe14 d0 f8 44 80 00 fb 3b 81 - 00 00 00 00 00 00 00
00 ..D...;.........
0168fe24 88 1f 37 81 a6 24 49 80 - 88 1f 37 81 70 01 00
00 ..7..$I...7.p...
0168fe34 40 6a 89 81 03 00 10 00 - 08 50 47 81 40 6a 89
81 @j.......PG.@j..
0168fe44 20 50 47 81 08 50 47 81 - 0c 50 47 81 00 00 00
00 PG..PG..PG.....
0168fe54 00 00 00 00 00 00 00 00 - 0c 50 47 81 00 00 00
00 .........PG.....
Application exception occurred:
App: explorer.exe (pid=872)
When: 10/17/2003 @ 10:45:26.593
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
392 svchost.exe
424 spoolsv.exe
452 defwatch.exe
468 svchost.exe
496 nslsvice.exe
508 nsl.exe
520 rtvscan.exe
572 regsvc.exe
588 mstask.exe
608 stisvc.exe
672 WinMgmt.exe
708 mspmspsv.exe
720 svchost.exe
872 explorer.exe
1056 igfxtray.exe
1060 hkcmd.exe
1044 vptray.exe
1216 FINDFAST.exe
1224 OSA.exe
1264 nlnotes.exe
1184 naldaemn.exe
1140 nhldaemn.exe
1240 VB6.exe
1292 ipmsg2.02.exe
1136 DRWTSN32.exe
0 _Total.exe
(00400000 - 0043E000)
(77F80000 - 77FFB000)
(77DB0000 - 77E0D000)
(77E80000 - 77F36000)
(77D30000 - 77D9E000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(70BD0000 - 70C35000)
(78000000 - 78046000)
(71710000 - 71794000)
(732E0000 - 73305000)
(23000000 - 23056000)
(782F0000 - 78536000)
(77A50000 - 77B3C000)
(775A0000 - 77625000)
(779B0000 - 77A4B000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(71000000 - 71149000)
(71160000 - 7125D000)
(77C10000 - 77C6E000)
(76DF0000 - 76E01000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(75030000 - 75043000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(76620000 - 76630000)
(75160000 - 7516C000)
(75210000 - 75225000)
(751D0000 - 75208000)
(76F20000 - 76F95000)
(70340000 - 70381000)
(766D0000 - 766E8000)
(76740000 - 76748000)
(77880000 - 7790D000)
(766F0000 - 766F7000)
(77570000 - 775A0000)
(770F0000 - 772ED000)
(77560000 - 77569000)
(77400000 - 77408000)
(77410000 - 77423000)
(76290000 - 762CB000)
(6DE80000 - 6DEE3000)
(770B0000 - 770B7000)
(717F0000 - 71819000)
(76B30000 - 76B6D000)
(717C0000 - 717DE000)
(77BF0000 - 77C01000)
(773B0000 - 773DE000)
(77380000 - 773A2000)
(77800000 - 7781E000)
(71960000 - 71972000)
(71F00000 - 71F4D000)
(6A8F0000 - 6A910000)
(74870000 - 74886000)
(70020000 - 70025000)
(76710000 - 76719000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(718C0000 - 71944000)
(702B0000 - 7032A000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(70440000 - 704CF000)
(70C50000 - 70EFD000)
(75AC0000 - 75AE8000)
(658F0000 - 65A04000)
(70510000 - 7051A000)
(70F30000 - 70F9E000)
(75E60000 - 75E7A000)
(66650000 - 666A4000)
(66D20000 - 66D51000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(10000000 - 10017000)
State Dump for Thread Id 0x104
eax=71001a78 ebx=00000001 ecx=00094f98 edx=00000000
esi=00094ad0 edi=00000000
eip=77e12268 esp=0006ff00 ebp=0006ff1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:00aed4d3=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006FF1C 7832B0E5 00000000 004018DF 00094AD0 00000000
user32!WaitMessage
0006FF60 00401621 00000060 00000000 00020656 00000001
shell32!Ordinal201
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
explorer!<nosymbols>
0006FFF0 00000000 004015A8 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006ff00 56 b1 32 78 8e 76 e8 77 - d0 4a 09 00 01 00 00
00 V.2x.v.w.J......
0006ff10 d0 4a 09 00 d0 4a 09 00 - 60 ff 06 00 60 ff 06
00 .J...J..`...`...
0006ff20 e5 b0 32 78 00 00 00 00 - df 18 40 00 d0 4a 09
00 [email protected]..
0006ff30 00 00 00 00 56 06 02 00 - 00 f0 fd 7f 30 7f 42
81 ....V.......0.B.
0006ff40 78 a1 e8 77 ff ff ff ff - 0c 00 00 00 56 06 02
00 x..w........V...
0006ff50 b3 a1 e8 77 02 00 00 00 - ab 81 05 00 e0 ff 06
00 ...w............
0006ff60 c0 ff 06 00 21 16 40 00 - 60 00 00 00 00 00 00
00 ....!.@.`.......
0006ff70 56 06 02 00 01 00 00 00 - 00 00 00 00 44 00 00
00 V...........D...
0006ff80 98 62 07 00 80 57 07 00 - b8 62 07 00 00 00 00
00 .b...W...b......
0006ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 98 e9 06
00 ................
0006ffa0 38 66 07 00 90 e9 06 00 - 01 00 00 00 01 00 00
00 8f..............
0006ffb0 00 00 00 00 ff ff ff ff - ff ff ff ff ff ff ff
ff ................
0006ffc0 f0 ff 06 00 90 ca e9 77 - 00 00 00 00 00 00 00
00 .......w........
0006ffd0 00 f0 fd 7f 00 00 00 00 - c8 ff 06 00 00 00 00
00 ................
0006ffe0 ff ff ff ff 56 18 ea 77 - 98 ca e9 77 00 00 00
00 ....V..w...w....
0006fff0 00 00 00 00 00 00 00 00 - a8 15 40 00 00 00 00
00 ..........@.....
00070000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 00 00
00 ................
00070010 00 00 00 00 00 fe 00 00 - 00 00 10 00 00 20 00
00 ............. ..
00070020 00 02 00 00 00 20 00 00 - f4 19 00 00 ff ef fd
7f ..... ..........
00070030 01 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x444
eax=fffffff0 ebx=00000000 ecx=002301f8 edx=00000000
esi=00000000 edi=00000000
eip=77e12268 esp=00e4ff2c ebp=00e4ff4c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:018cd4ff=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00E4FF4C 00403743 70C0C464 00400000 0035002D 0032002D
user32!WaitMessage
00E4FFB4 77E887DD 00000000 0035002D 0032002D 0006FEE0
explorer!<nosymbols>
00E4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x358
eax=00000000 ebx=00000008 ecx=78327290 edx=00000000
esi=77f837a7 edi=00000008
eip=77f837b2 esp=00e9fd98 ebp=00e9fde4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0191d36b=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00E9FDE4 77E12A00 00E9FDBC 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
00E9FE40 77E12A77 00E9FE0C 00E9FEB8 FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
00E9FE5C 7832A4D2 00000007 00E9FEB8 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
7840E540 FFFFFFFF 00000000 00000000 000001B0 00000000
shell32!Ordinal200
77FD0000 7840E540 77FD0028 77FCFFE8 00000025 00000025
<nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000
shell32!<nosymbols>
State Dump for Thread Id 0x2fc
eax=000000c0 ebx=00e4fccc ecx=77e8b119 edx=00000000
esi=ffffffff edi=00000557
eip=77f83197 esp=010fffa0 ebp=010fffb4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b
gs=0000 efl=00000246
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:01b7d573=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
010FFFB4 77E887DD 00E4FCCC 00000557 FFFFFFFF 00E4FCCC
ntdll!NtDelayExecution
010FFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x4b4
eax=0113fa34 ebx=00000000 ecx=000aa0b0 edx=00000000
esi=00000000 edi=0113fda4
eip=77f83c6a esp=0113f9f0 ebp=0113fa50 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: ZwDeviceIoControlFile
77f83c5f b838000000 mov eax,0x38
77f83c64 8d542404 lea edx,
[esp+0x4] ss:01bbcfc3=????????
77f83c68 cd2e int 2e
77f83c6a c22800 ret 0x28
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0113FA50 76F56601 000007A8 0017000E 76F5D658 00000038
ntdll!ZwDeviceIoControlFile
0113FD30 76F50AFA 000A1F64 0113FD4C 000A1EE0 000A1ED0
netshell!<nosymbols>
0113FDA8 76F51B8A 0113FDC4 0113FDEC 000BF498 000BE800
netshell!<nosymbols>
0113FDCC 76F4EF71 000A1EE0 0113FDEC 00000000 0113FED8
netshell!<nosymbols>
0113FDF4 76F4EEF9 00508A2A 000BF498 0113FE24 77E11D0A
netshell!<nosymbols>
0113FE04 77E11D0A 00000000 00000113 00007FE3 00508A2A
netshell!<nosymbols>
0113FE24 77E11C40 76F4EEC5 00000000 00000113 00007FE3
user32!DispatchMessageW
0113FEB0 77E11CEF 0113FED8 00000000 76F21AF1 0113FED8
user32!GetAppCompatFlags2
00000001 00000000 00000000 00000000 00000000 00000000
user32!DispatchMessageW
*----> Raw Stack Dump <----*
0113f9f0 b9 b7 e8 77 a8 07 00 00 - 00 00 00 00 00 00 00
00 ...w............
0113fa00 00 00 00 00 28 fa 13 01 - 0e 00 17 00 58 d6 f5
76 ....(.......X..v
0113fa10 38 00 00 00 84 fa 13 01 - a0 02 00 00 a4 fd 13
01 8...............
0113fa20 4c fd 13 01 a8 07 00 00 - 00 00 00 00 90 00 00
00 L...............
0113fa30 e6 68 f5 76 74 fa 13 01 - 1c fa 13 01 01 01 01
01 .h.vt...........
0113fa40 a0 fe 13 01 56 18 ea 77 - e8 b7 e8 77 ff ff ff
ff ....V..w...w....
0113fa50 30 fd 13 01 01 66 f5 76 - a8 07 00 00 0e 00 17
00 0....f.v........
0113fa60 58 d6 f5 76 38 00 00 00 - 84 fa 13 01 a0 02 00
00 X..v8...........
0113fa70 38 fd 13 01 00 00 00 00 - ec fd 13 01 a4 fd 13
01 8...............
0113fa80 d0 1e 0a 00 07 01 01 00 - 04 00 00 00 40 42 0f
00 ............@B..
0113fa90 04 01 01 80 04 00 00 00 - 00 00 00 00 14 01 01
80 ................
0113faa0 04 00 00 00 00 00 00 00 - 01 01 02 00 04 00 00
00 ................
0113fab0 e6 10 00 00 02 01 02 00 - 04 00 00 00 fb 36 00
00 .............6..
0113fac0 03 01 02 00 04 00 00 00 - 00 00 00 00 04 01 02
00 ................
0113fad0 04 00 00 00 00 00 00 00 - 08 02 02 80 04 00 00
00 ................
0113fae0 ff 16 00 00 ff ff ff 80 - 04 00 00 00 94 14 00
00 ................
0113faf0 13 02 02 80 04 00 00 00 - 4e 00 00 00 14 02 02
80 ........N.......
0113fb00 04 00 00 00 00 00 00 00 - 15 02 02 80 04 00 00
00 ................
0113fb10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0113fb20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x428
eax=00000000 ebx=77e1bfad ecx=0118fd0c edx=00000000
esi=0118fd70 edi=77e11dba
eip=77e11d6b esp=0118fd04 ebp=0118fd1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:01c0d2d7=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:01c0d2d7=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:01c0d2d7=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0118FD1C 766D193C 0118FD70 00000000 00000000 00000000
user32!TranslateMessageEx
0118FD90 766D182F 00010070 00000000 766D2A8C 00000001
stobject!DllGetClassObject
0118FFB4 77E887DD 00000000 00E4FAA0 77F82B95 00000000
stobject!DllGetClassObject
0118FFEC 00000000 766D17EA 00000000 00000000 00040000
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0118fd04 e1 1d e1 77 70 fd 18 01 - 00 00 00 00 00 00 00
00 ...wp...........
0118fd14 00 00 00 00 00 00 00 00 - 90 fd 18 01 3c 19 6d
76 ............<.mv
0118fd24 70 fd 18 01 00 00 00 00 - 00 00 00 00 00 00 00
00 p...............
0118fd34 a0 fa e4 00 00 00 6d 76 - 00 00 00 00 30 00 00
00 ......mv....0...
0118fd44 00 40 00 00 00 13 6d 76 - 00 00 00 00 1e 00 00
00 [email protected]........
0118fd54 00 00 6d 76 51 00 04 00 - 11 00 01 00 10 00 00
00 ..mvQ...........
0118fd64 00 00 00 00 b0 28 6d 76 - 00 00 00 00 7a 00 01
00 .....(mv....z...
0118fd74 2d 05 00 00 d1 04 00 00 - 00 00 00 00 da 9d 09
00 -...............
0118fd84 42 01 00 00 10 01 00 00 - 00 00 00 00 b4 ff 18
01 B...............
0118fd94 2f 18 6d 76 70 00 01 00 - 00 00 00 00 8c 2a 6d
76 /.mvp........*mv
0118fda4 01 00 00 00 95 2b f8 77 - 43 00 3a 00 5c 00 57
00 .....+.wC.:.\.W.
0118fdb4 49 00 4e 00 4e 00 54 00 - 5c 00 53 00 79 00 73
00 I.N.N.T.\.S.y.s.
0118fdc4 74 00 65 00 6d 00 33 00 - 32 00 5c 00 73 00 74
00 t.e.m.3.2.\.s.t.
0118fdd4 6f 00 62 00 6a 00 65 00 - 63 00 74 00 2e 00 64
00 o.b.j.e.c.t...d.
0118fde4 6c 00 6c 00 00 00 e8 77 - 1b 00 00 00 00 02 00
00 l.l....w........
0118fdf4 fc ff 18 01 23 00 00 00 - 00 00 00 00 00 00 00
00 ....#...........
0118fe04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0118fe14 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0118fe24 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0118fe34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x404
eax=77562bda ebx=00000002 ecx=00000000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=0121ff24 ebp=0121ff70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:01c9d4f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0121FF70 77E8A31D 0121FF48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0121FFB4 77E887DD 00000000 0118EC94 0118F520 00000000
kernel32!WaitForMultipleObjects
0121FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x3e8
eax=00000000 ebx=000493e0 ecx=000df464 edx=00000000
esi=00085718 edi=000493e0
eip=77f837dc esp=0136febc ebp=0136fee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: ZwRemoveIoCompletion
77f837d1 b8a8000000 mov eax,0xa8
77f837d6 8d542404 lea edx,
[esp+0x4] ss:01ded48f=????????
77f837da cd2e int 2e
77f837dc c21400 ret 0x14
77f837df 53 push ebx
77f837e0 f7e1 mul ecx
77f837e2 8bd8 mov ebx,eax
77f837e4 8b442408 mov eax,
[esp+0x8] ss:01ded48f=????????
77f837e8 f7642414 mul dword ptr
[esp+0x14] ss:01ded48f=????????
77f837ec 03d8 add ebx,eax
77f837ee 8b442408 mov eax,
[esp+0x8] ss:01ded48f=????????
77f837f2 f7e1 mul ecx
77f837f4 03d3 add edx,ebx
77f837f6 5b pop ebx
77f837f7 c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0136FEE4 77D809DA 0000012C 0136FF1C 0136FF0C 0136FF14
ntdll!ZwRemoveIoCompletion
0136FF20 77D50EDE 000493E0 0136FF60 0136FF5C 0136FF70
rpcrt4!I_RpcTransGetAddressList
0136FF74 77D50D17 77D39A00 00085718 00000008 0118F62C
rpcrt4!TowerConstruct
0136FFA8 77D41C6C 000B05B0 0136FFEC 77E887DD 000A93D0
rpcrt4!TowerConstruct
0136FFB4 77E887DD 000A93D0 00000008 0118F62C 000A93D0
rpcrt4!I_RpcServerInqTransportType
0136FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x27c
eax=01baf27c ebx=01baf26c ecx=00000002 edx=00120bc8
esi=00000000 edi=00120bc8
eip=70dcf39f esp=01baf214 ebp=01baf224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:0262c7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:0262c84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:00120bc8=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:0262c7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:00120bc8=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:0262c7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:01baf27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:0262c7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:0262c7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:0262c84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:0262c84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01BAF224 702BE5B6 0013A024 0000000E 01BAF27C 00120BC8 !
DllGetClassObject
01BAF248 10001B67 000E9080 0000000E 01BAF27C 00000001 !
RegisterFormatEnumerator
01BAF2C0 702B6223 00000000 00106BC8 000E9220 00000000 !
<nosymbols>
01BAF2E8 702D1A5A 000E9078 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
01BAF318 702BA988 000E9078 00000016 00106BC8 702BA95D !
DllGetClassObject
01BAF354 702C59C3 00000016 01BAF5C0 00000000 0010B4A8 !
CoInternetQueryInfo
01BAF7D0 702BB3AF 00000000 0010B4A8 0010B4B8 702BB372 !
FindMediaTypeClass
01BAF7FC 702B8EF8 00000000 0011D8C0 000E9078 000E9080 !
IsAsyncMoniker
01BAF824 702B7DA6 000E9220 0011D8C0 000E9078 000E9080 !
FindMediaType
01BAF86C 70D495F1 000E9078 0011D8C0 0013A044 00000000 !
CreateAsyncBindCtxEx
01BAFAC0 70D4943E 0011D8C0 873F0000 01BAFBE4 01E60EF0 !
DllGetClassObject
01BAFADC 70D493A1 01BAFBE4 01E60F04 873F0000 01E60EF0 !
DllGetClassObject
01BAFB00 70D4E77C 01BAFBE4 01E60BB0 00001FDD 873F0000 !
DllGetClassObject
01BAFB50 70D4AB9F 01E60150 01E60BB0 00000000 00000000 !
DllGetClassObject
01BAFB74 70D4AAC1 01E60CC0 00000001 00000000 01BAFBE4 !
DllGetClassObject
01BAFBCC 70D50AF3 01E60CC0 00000000 10000000 00127A68 !
DllGetClassObject
01BAFCE4 00000000 00400000 01E566A0 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
01baf214 00 00 00 00 7c f2 ba 01 - 24 92 0e 00 00 00 00
00 ....|...$.......
01baf224 48 f2 ba 01 b6 e5 2b 70 - 24 a0 13 00 0e 00 00
00 H.....+p$.......
01baf234 7c f2 ba 01 c8 0b 12 00 - 6c f2 ba 01 00 00 00
00 |.......l.......
01baf244 4c 00 91 02 c0 f2 ba 01 - 67 1b 00 10 80 90 0e
00 L.......g.......
01baf254 0e 00 00 00 7c f2 ba 01 - 01 00 00 00 6c f2 ba
01 ....|.......l...
01baf264 80 90 0e 00 0d 30 2c 70 - 00 00 00 00 c8 6b 10
00 .....0,p.....k..
01baf274 24 92 0e 00 80 90 0e 00 - 06 00 00 00 90 f2 ba
01 $...............
01baf284 24 92 0e 00 00 00 00 00 - 78 90 0e 00 14 00 00
00 $.......x.......
01baf294 00 00 00 00 20 92 0e 00 - 00 00 00 00 00 00 00
00 .... ...........
01baf2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
01baf2b4 50 00 91 02 e0 82 0b 00 - 4c 00 91 02 e8 f2 ba
01 P.......L.......
01baf2c4 23 62 2b 70 00 00 00 00 - c8 6b 10 00 20 92 0e
00 #b+p.....k.. ...
01baf2d4 00 00 00 00 00 00 00 00 - 78 90 0e 00 00 00 00
00 ........x.......
01baf2e4 00 00 00 00 18 f3 ba 01 - 5a 1a 2d 70 78 90 0e
00 ........Z.-px...
01baf2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01baf304 c8 6b 10 00 00 00 00 00 - 00 00 00 00 64 b5 10
00 .k..........d...
01baf314 a8 b4 10 00 54 f3 ba 01 - 88 a9 2b 70 78 90 0e
00 ....T.....+px...
01baf324 16 00 00 00 c8 6b 10 00 - 5d a9 2b 70 00 d9 11
00 .....k..].+p....
01baf334 16 00 00 00 c8 6b 10 00 - 04 01 00 00 a8 b4 10
00 .....k..........
01baf344 00 00 00 00 01 00 00 00 - 05 40 00 80 c8 6b 10
00 [email protected]..
State Dump for Thread Id 0x500
eax=77d41c54 ebx=80050002 ecx=00000000 edx=00000000
esi=000864e0 edi=00086520
eip=77f83bb8 esp=01cffe28 ebp=01cfff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:0277d3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01CFFF74 77D56D9E 77D39A00 000864E0 00000000 00000000
ntdll!NtReplyWaitReceivePortEx
01CFFFA8 77D41C6C 000A5DC0 01CFFFEC 77E887DD 000A2E58
rpcrt4!TowerConstruct
01CFFFB4 77E887DD 000A2E58 00000000 00000000 000A2E58
rpcrt4!I_RpcServerInqTransportType
01CFFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x284
eax=0008d308 ebx=00000002 ecx=7ffdd000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=01d3fe5c ebp=01d3fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:027bd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01D3FEA8 77E12A00 01D3FE80 00000001 00000000 01D3FEA0
ntdll!NtWaitForMultipleObjects
01D3FF04 77E12A77 01D3FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
01D3FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
01D3FF74 70C1AB1B 01D3FFA0 01D3FFA4 01D3FFA8 01D3FF9C !
Ordinal265
01D3FFAC 70C1ACDF 00000000 77E887DD 00000000 7FFDE000 !
Ordinal293
01D3FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x488
eax=00070110 ebx=00000000 ecx=00000403 edx=00000000
esi=000a55e8 edi=00000000
eip=77e12268 esp=01d9fcd8 ebp=01d9ff28 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:0281d2ab=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01D9FF28 71181ACF 00000000 00000230 0006EA1C 000C0498
user32!WaitMessage
01D9FFB4 77E887DD 000C0498 00000230 0006EA1C 000C0498 !
Ordinal123
01D9FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x4b8
eax=77ab4639 ebx=00000102 ecx=00070778 edx=00000000
esi=77f8318c edi=01ddff74
eip=77f83197 esp=01ddff60 ebp=01ddff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0285d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01DDFF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
State Dump for Thread Id 0x48c
eax=00070110 ebx=0228ff74 ecx=00000324 edx=00000000
esi=77f8377b edi=00000538
eip=77f83786 esp=0228ff58 ebp=0228ff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:02d0d52b=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0228FF7C 77E87837 00000538 000927C0 00000000 70CFD855
ntdll!NtWaitForSingleObject
77F8316D 4AFFC033 E0850F08 89000005 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
State Dump for Thread Id 0x408
eax=09000010 ebx=022cff74 ecx=00000000 edx=00000000
esi=77f8377b edi=00000544
eip=77f83786 esp=022cff58 ebp=022cff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:02d4d52b=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
022CFF7C 77E87837 00000544 000927C0 00000000 70CFD855
ntdll!NtWaitForSingleObject
77F8316D 4AFFC033 E0850F08 89000005 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
State Dump for Thread Id 0x2f0
eax=778321fe ebx=00000003 ecx=7ffd9000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=028efd24 ebp=028efd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0336d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
028EFD70 77E8A31D 028EFD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
028EFFB4 77E887DD 00000004 000DECE4 7FFD9000 00110DA8
kernel32!WaitForMultipleObjects
028EFFEC 00000000 778321FE 00110DA8 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
028efd24 b7 7a e8 77 03 00 00 00 - 48 fd 8e 02 01 00 00
00 .z.w....H.......
028efd34 00 00 00 00 00 00 00 00 - 00 00 00 00 a8 0d 11
00 ................
028efd44 01 00 00 00 fc 05 00 00 - 00 06 00 00 10 06 00
00 ................
028efd54 14 3a 38 b7 ff 03 1f 00 - 2c 3b 38 b7 01 00 00
00 .:8.....,;8.....
028efd64 24 c2 36 81 a8 3a 38 b7 - 54 1d 49 80 b4 ff 8e
02 $.6..:8.T.I.....
028efd74 1d a3 e8 77 48 fd 8e 02 - 01 00 00 00 00 00 00
00 ...wH...........
028efd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
028efd94 b0 fe 8e 02 00 00 00 00 - ff ff ff ff a8 0d 11
00 ................
028efda4 00 90 fd 7f e4 ec 0d 00 - ff ff ff ff f0 3a 38
b7 .............:8.
028efdb4 78 52 4a 80 00 00 00 00 - 00 00 00 00 38 00 00
00 xRJ.........8...
028efdc4 23 00 00 00 23 00 00 00 - e4 ec 0d 00 00 90 fd
7f #...#...........
028efdd4 a8 0d 11 00 00 90 fd 7f - 00 90 fd 7f fe 21 83
77 .............!.w
028efde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
028efdf4 fc ff 8e 02 23 00 00 00 - 09 00 00 00 0c 00 00
00 ....#...........
028efe04 d4 13 3d e3 00 00 00 00 - 00 00 00 00 00 00 00
02 ..=.............
028efe14 48 3b 38 b7 00 00 00 02 - 7c 3b 38 b7 86 f2 4a
80 H;8.....|;8...J.
028efe24 30 90 4c e3 30 90 4c e3 - 00 00 00 00 00 00 00
00 0.L.0.L.........
028efe34 01 00 00 00 48 3b 38 b7 - 8e f2 4a 80 30 90 4c
e3 ....H;8...J.0.L.
028efe44 00 00 00 02 80 3c 38 b7 - 00 00 00 00 00 00 00
00 .....<8.........
028efe54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
Application exception occurred:
App: explorer.exe (pid=644)
When: 10/17/2003 @ 10:48:45.640
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
392 svchost.exe
424 spoolsv.exe
452 defwatch.exe
468 svchost.exe
496 nslsvice.exe
508 nsl.exe
520 rtvscan.exe
572 regsvc.exe
588 mstask.exe
608 stisvc.exe
672 WinMgmt.exe
708 mspmspsv.exe
720 svchost.exe
1056 igfxtray.exe
1060 hkcmd.exe
1044 vptray.exe
1216 FINDFAST.exe
1224 OSA.exe
1264 nlnotes.exe
1184 naldaemn.exe
1140 nhldaemn.exe
1292 ipmsg2.02.exe
644 explorer.exe
892 DRWTSN32.exe
0 _Total.exe
(00400000 - 0043E000)
(77F80000 - 77FFB000)
(77DB0000 - 77E0D000)
(77E80000 - 77F36000)
(77D30000 - 77D9E000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(70BD0000 - 70C35000)
(78000000 - 78046000)
(71710000 - 71794000)
(732E0000 - 73305000)
(23000000 - 23056000)
(782F0000 - 78536000)
(77A50000 - 77B3C000)
(775A0000 - 77625000)
(779B0000 - 77A4B000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(71000000 - 71149000)
(71160000 - 7125D000)
(77C10000 - 77C6E000)
(76620000 - 76630000)
(75160000 - 7516C000)
(75210000 - 75225000)
(751D0000 - 75208000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(75030000 - 75043000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(76F20000 - 76F95000)
(70340000 - 70381000)
(766D0000 - 766E8000)
(76740000 - 76748000)
(77880000 - 7790D000)
(766F0000 - 766F7000)
(77570000 - 775A0000)
(770F0000 - 772ED000)
(77560000 - 77569000)
(77400000 - 77408000)
(77410000 - 77423000)
(76290000 - 762CB000)
(6DE80000 - 6DEE3000)
(76DF0000 - 76E01000)
(71960000 - 71972000)
(71F00000 - 71F4D000)
(6A8F0000 - 6A910000)
(74870000 - 74886000)
(70020000 - 70025000)
(702B0000 - 7032A000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(70440000 - 704CF000)
(70C50000 - 70EFD000)
(718C0000 - 71944000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(76710000 - 76719000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(75AC0000 - 75AE8000)
(658F0000 - 65A04000)
(70510000 - 7051A000)
(6B700000 - 6B790000)
(75E60000 - 75E7A000)
(70F30000 - 70F9E000)
(69B10000 - 69C25000)
(76B30000 - 76B6D000)
(6AC20000 - 6AC58000)
(6E0B0000 - 6E0E3000)
(770B0000 - 770B7000)
(66650000 - 666A4000)
(08830000 - 08868000)
(07680000 - 07AF2000)
(08110000 - 083DE000)
(68DC0000 - 68EB6000)
(72760000 - 7276F000)
(089C0000 - 089DC000)
(68ED0000 - 68F16000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(74FD0000 - 74FED000)
(75010000 - 75017000)
(782C0000 - 782CC000)
(77340000 - 77353000)
(77520000 - 77525000)
(77320000 - 77337000)
(773B0000 - 773DE000)
(77380000 - 773A2000)
(77360000 - 77379000)
(777E0000 - 777E8000)
(777F0000 - 777F5000)
(10000000 - 10017000)
(66D20000 - 66D51000)
(16200000 - 16206000)
(04530000 - 0453C000)
(04650000 - 0465A000)
(755A0000 - 755ED000)
(04A60000 - 04A70000)
(08530000 - 0872D000)
(07260000 - 07299000)
(074A0000 - 0752A000)
(083F0000 - 08408000)
State Dump for Thread Id 0x38c
eax=00094c30 ebx=00000001 ecx=7832d0d8 edx=00000000
esi=00094c10 edi=00000000
eip=77e12268 esp=0006ff00 ebp=0006ff1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:00aed4d3=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006FF1C 7832B0E5 00000000 004018DF 00094C10 0074006E
user32!WaitMessage
0006FF60 00401621 00000060 00000000 00020644 00000005
shell32!Ordinal201
0006FFC0 77E9CA90 0074006E 0041005C 7FFDF000 00000065
explorer!<nosymbols>
0006FFF0 00000000 004015A8 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006ff00 56 b1 32 78 8e 76 e8 77 - 10 4c 09 00 01 00 00
00 V.2x.v.w.L......
0006ff10 10 4c 09 00 10 4c 09 00 - 60 ff 06 00 60 ff 06
00 .L...L..`...`...
0006ff20 e5 b0 32 78 00 00 00 00 - df 18 40 00 10 4c 09
00 [email protected]..
0006ff30 6e 00 74 00 44 06 02 00 - 00 f0 fd 7f b0 e6 41
81 n.t.D.........A.
0006ff40 78 a1 e8 77 ff ff ff ff - 0c 00 00 00 44 06 02
00 x..w........D...
0006ff50 b3 a1 e8 77 02 00 00 00 - 3c 94 50 00 e0 ff 06
00 ...w....<.P.....
0006ff60 c0 ff 06 00 21 16 40 00 - 60 00 00 00 00 00 00
00 ....!.@.`.......
0006ff70 44 06 02 00 05 00 00 00 - 5c 00 41 00 44 00 00
00 D.......\.A.D...
0006ff80 78 57 07 00 90 62 07 00 - a8 62 07 00 00 00 00
00 xW...b...b......
0006ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 56 18 ea
77 ............V..w
0006ffa0 f0 7f e8 77 ff ff ff ff - 01 00 00 00 05 00 00
00 ...w............
0006ffb0 00 00 00 00 ff ff ff ff - ff ff ff ff ff ff ff
ff ................
0006ffc0 f0 ff 06 00 90 ca e9 77 - 6e 00 74 00 5c 00 41
00 .......wn.t.\.A.
0006ffd0 00 f0 fd 7f 65 00 00 00 - c8 ff 06 00 65 00 00
00 ....e.......e...
0006ffe0 ff ff ff ff 56 18 ea 77 - 98 ca e9 77 00 00 00
00 ....V..w...w....
0006fff0 00 00 00 00 00 00 00 00 - a8 15 40 00 00 00 00
00 ..........@.....
00070000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 00 00
00 ................
00070010 00 00 00 00 00 fe 00 00 - 00 00 40 00 00 20 00
00 ..........@.. ..
00070020 00 02 00 00 00 20 00 00 - a1 80 00 00 ff ef fd
7f ..... ..........
00070030 01 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x408
eax=000a614c ebx=00000102 ecx=77b2a0e8 edx=00000000
esi=77f8318c edi=00e0ff74
eip=77f83197 esp=00e0ff60 ebp=00e0ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0188d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00E0FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
State Dump for Thread Id 0x488
eax=00000000 ebx=00000000 ecx=000ea520 edx=00000000
esi=00000000 edi=00000000
eip=77e12268 esp=00e4ff2c ebp=00e4ff4c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:018cd4ff=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00E4FF4C 00403743 70C0C464 00400000 0035002D 0032002D
user32!WaitMessage
00E4FFB4 77E887DD 00000000 0035002D 0032002D 0006FEE0
explorer!<nosymbols>
00E4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x500
eax=00000000 ebx=00000008 ecx=ffffffff edx=00000000
esi=77f837a7 edi=00000008
eip=77f837b2 esp=00e9fd98 ebp=00e9fde4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0191d36b=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00E9FDE4 77E12A00 00E9FDBC 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
00E9FE40 77E12A77 00E9FE0C 00E9FEB8 FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
00E9FE5C 7832A4D2 00000007 00E9FEB8 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
7840E540 FFFFFFFF 00000000 00000000 00000224 00000000
shell32!Ordinal200
77FD0000 7840E540 77FD0028 77FCFFE8 0000000C 0000000C
<nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000
shell32!<nosymbols>
State Dump for Thread Id 0x3e8
eax=00edcff8 ebx=00000002 ecx=00000040 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00edfe5c ebp=00edfea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0195d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00EDFEA8 77E12A00 00EDFE80 00000001 00000000 00EDFEA0
ntdll!NtWaitForMultipleObjects
00EDFF04 77E12A77 00EDFED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00EDFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00EDFF74 70C1AB1B 00EDFFA0 00EDFFA4 00EDFFA8 00EDFF9C !
Ordinal265
00EDFFAC 70C1ACDF 00000000 77E887DD 00000000 7FFDE000 !
Ordinal293
00EDFFEC 00000000 70C1ACAF 00000000 00000000 000000C8 !
Ordinal293
*----> Raw Stack Dump <----*
00edfe5c b7 7a e8 77 02 00 00 00 - 80 fe ed 00 01 00 00
00 .z.w............
00edfe6c 00 00 00 00 a0 fe ed 00 - 00 00 00 00 00 00 00
00 ................
00edfe7c 02 00 00 00 d4 01 00 00 - 14 02 00 00 90 4f a5
77 .............O.w
00edfe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 a0 fe ed
00 ................
00edfe9c 00 00 00 00 00 ba 3c dc - ff ff ff ff 04 ff ed
00 ......<.........
00edfeac 00 2a e1 77 80 fe ed 00 - 01 00 00 00 00 00 00
00 .*.w............
00edfebc a0 fe ed 00 00 00 00 00 - 60 ea 00 00 18 bb c2
70 ........`......p
00edfecc 00 00 00 00 d4 01 00 00 - 14 02 00 00 84 ff ed
00 ................
00edfedc 4f 7a 2e 73 00 00 16 71 - 74 ff ed 00 00 e0 fd
7f Oz.s...qt.......
00edfeec 18 bb c2 70 00 00 00 00 - 00 00 00 00 cc 96 fd
7f ...p............
00edfefc 00 00 00 00 14 02 00 00 - 20 ff ed 00 77 2a e1
77 ........ ...w*.w
00edff0c d0 fe ed 00 38 bb c2 70 - 60 ea 00 00 41 00 00
00 ....8..p`...A...
00edff1c 00 00 00 00 74 ff ed 00 - 93 a7 c1 70 01 00 00
00 ....t......p....
00edff2c 38 bb c2 70 00 00 00 00 - 60 ea 00 00 41 00 00
00 8..p....`...A...
00edff3c 00 e0 fd 7f 18 bb c2 70 - 00 00 00 00 00 00 00
00 .......p........
00edff4c 00 00 00 00 80 85 09 00 - b0 b0 b2 77 60 eb a7
77 ...........w`..w
00edff5c 00 00 00 00 00 e0 fd 7f - 69 7d 53 00 18 bb c2
70 ........i}S....p
00edff6c 60 ea 00 00 01 00 00 00 - ac ff ed 00 1b ab c1
70 `..............p
00edff7c a0 ff ed 00 a4 ff ed 00 - a8 ff ed 00 9c ff ed
00 ................
00edff8c 60 ea 00 00 00 e0 fd 7f - 00 00 bd 70 00 00 00
00 `..........p....
State Dump for Thread Id 0x428
eax=000000c0 ebx=00e4fccc ecx=00000000 edx=00000000
esi=00000012 edi=00000557
eip=77f83197 esp=0108ffa0 ebp=0108ffb4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b
gs=0000 efl=00000246
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:01b0d573=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0108FFB4 77E887DD 00E4FCCC 00000557 00000012 00E4FCCC
ntdll!NtDelayExecution
0108FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x4b4
eax=010cfa34 ebx=00000000 ecx=000a19b8 edx=00000000
esi=00000000 edi=010cfda4
eip=77f83c6a esp=010cf9f0 ebp=010cfa50 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: ZwDeviceIoControlFile
77f83c5f b838000000 mov eax,0x38
77f83c64 8d542404 lea edx,
[esp+0x4] ss:01b4cfc3=????????
77f83c68 cd2e int 2e
77f83c6a c22800 ret 0x28
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
010CFA50 76F56601 000009E4 0017000E 76F5D658 00000038
ntdll!ZwDeviceIoControlFile
010CFD30 76F50AFA 0009FFE4 010CFD4C 0009FF60 0009FF50
netshell!<nosymbols>
010CFDA8 76F51B8A 010CFDC4 010CFDEC 000A8B50 000AB858
netshell!<nosymbols>
010CFDCC 76F4EF71 0009FF60 010CFDEC 00000000 010CFED8
netshell!<nosymbols>
010CFDF4 76F4EEF9 005393B0 000A8B50 010CFE24 77E11D0A
netshell!<nosymbols>
010CFE04 77E11D0A 00000000 00000113 00007BFF 005393B0
netshell!<nosymbols>
010CFE24 77E11C40 76F4EEC5 00000000 00000113 00007BFF
user32!DispatchMessageW
010CFEB0 77E11CEF 010CFED8 00000000 76F21AF1 010CFED8
user32!GetAppCompatFlags2
00000001 00000000 00000000 00000000 00000000 00000000
user32!DispatchMessageW
*----> Raw Stack Dump <----*
010cf9f0 b9 b7 e8 77 e4 09 00 00 - 00 00 00 00 00 00 00
00 ...w............
010cfa00 00 00 00 00 28 fa 0c 01 - 0e 00 17 00 58 d6 f5
76 ....(.......X..v
010cfa10 38 00 00 00 84 fa 0c 01 - a0 02 00 00 a4 fd 0c
01 8...............
010cfa20 4c fd 0c 01 e4 09 00 00 - 00 00 00 00 90 00 00
00 L...............
010cfa30 e6 68 f5 76 74 fa 0c 01 - 1c fa 0c 01 01 01 01
01 .h.vt...........
010cfa40 a0 fe 0c 01 56 18 ea 77 - e8 b7 e8 77 ff ff ff
ff ....V..w...w....
010cfa50 30 fd 0c 01 01 66 f5 76 - e4 09 00 00 0e 00 17
00 0....f.v........
010cfa60 58 d6 f5 76 38 00 00 00 - 84 fa 0c 01 a0 02 00
00 X..v8...........
010cfa70 38 fd 0c 01 00 00 00 00 - ec fd 0c 01 a4 fd 0c
01 8...............
010cfa80 50 ff 09 00 07 01 01 00 - 04 00 00 00 40 42 0f
00 P...........@B..
010cfa90 04 01 01 80 04 00 00 00 - 00 00 00 00 14 01 01
80 ................
010cfaa0 04 00 00 00 00 00 00 00 - 01 01 02 00 04 00 00
00 ................
010cfab0 02 11 00 00 02 01 02 00 - 04 00 00 00 eb 37 00
00 .............7..
010cfac0 03 01 02 00 04 00 00 00 - 00 00 00 00 04 01 02
00 ................
010cfad0 04 00 00 00 00 00 00 00 - 08 02 02 80 04 00 00
00 ................
010cfae0 13 17 00 00 ff ff ff 80 - 04 00 00 00 5c 15 00
00 ............\...
010cfaf0 13 02 02 80 04 00 00 00 - 4e 00 00 00 14 02 02
80 ........N.......
010cfb00 04 00 00 00 00 00 00 00 - 15 02 02 80 04 00 00
00 ................
010cfb10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
010cfb20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x358
eax=0000000c ebx=77e1bfad ecx=00000000 edx=00000000
esi=0110fd70 edi=77e11dba
eip=77e11d6b esp=0110fd04 ebp=0110fd1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:01b8d2d7=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:01b8d2d7=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:01b8d2d7=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0110FD1C 766D193C 0110FD70 00000000 00000000 00000000
user32!TranslateMessageEx
0110FD90 766D182F 0003004C 00000000 766D2A8C 00000001
stobject!DllGetClassObject
0110FFB4 77E887DD 00000000 00F00021 00E4FA1C 00000000
stobject!DllGetClassObject
0110FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x444
eax=00000000 ebx=00000000 ecx=000aa520 edx=00000000
esi=000864c0 edi=00000100
eip=77f83bb8 esp=0114fe28 ebp=0114ff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:01bcd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0114FF74 77D56D9E 77D39AD0 000864C0 00000000 00000000
ntdll!NtReplyWaitReceivePortEx
0114FFA8 77D41C6C 00079288 0114FFEC 77E887DD 0008F9E8
rpcrt4!TowerConstruct
0114FFB4 77E887DD 0008F9E8 00000000 00000000 0008F9E8
rpcrt4!I_RpcServerInqTransportType
0114FFEC 00000000 77D41C54 0008F9E8 00000000 000000C8
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0114fe28 d4 74 d5 77 2c 01 00 00 - 54 ff 14 01 00 00 00
00 .t.w,...T.......
0114fe38 08 b0 0a 00 58 ff 14 01 - 10 92 07 00 e8 40 0a
00 ....X........@..
0114fe48 6d 31 f8 77 00 00 00 00 - 01 71 49 81 74 bb 4a
ed m1.w.....qI.t.J.
0114fe58 78 b1 46 80 00 00 00 00 - 08 00 45 81 08 00 45
81 x.F.......E...E.
0114fe68 00 00 00 00 01 00 00 00 - 00 50 45 80 00 00 00
00 .........PE.....
0114fe78 01 71 49 01 98 bb 4a ed - e2 ac 46 80 00 00 00
00 .qI...J...F.....
0114fe88 00 00 00 00 a3 00 42 80 - 08 00 45 81 88 dc 48
81 ......B...E...H.
0114fe98 00 00 00 00 08 00 45 81 - 70 dc 48 81 00 00 00
00 ......E.p.H.....
0114fea8 08 00 45 81 0c bc 4a ed - c6 54 42 80 08 00 45
81 ..E...J..TB...E.
0114feb8 d4 4b 06 80 00 4b 06 80 - 00 00 00 00 70 7e 4e
81 .K...K......p~N.
0114fec8 73 35 66 b7 31 06 66 b7 - 0c bc 4a ed 00 00 00
00 s5f.1.f...J.....
0114fed8 ec bb 4a ed 00 4b 06 80 - 6b 00 66 b7 0c bc 4a
ed ..J..K..k.f...J.
0114fee8 f3 ff 65 b7 40 34 4c 81 - 08 00 45 81 08 00 45
81 [email protected].
0114fef8 88 dc 48 81 ac bb 4a ed - 3d 00 00 00 f0 bc 4a
ed ..H...J.=.....J.
0114ff08 8c 05 46 80 e8 56 40 80 - ff ff ff ff 34 bc 4a
ed [email protected].
0114ff18 3e 9e 49 80 48 00 45 81 - 54 bc 4a ed 48 bc 4a
ed >.I.H.E.T.J.H.J.
0114ff28 44 bc 4a ed c0 71 49 81 - 60 82 49 81 00 00 00
00 D.J..qI.`.I.....
0114ff38 60 82 49 81 f0 83 49 81 - 64 bc 4a ed f3 da 42
80 `.I...I.d.J...B.
0114ff48 a4 da 42 80 d4 4b 06 80 - c0 83 49 81 02 00 05
00 ..B..K....I.....
0114ff58 00 a2 2f 4d ff ff ff ff - 50 fe 14 01 00 00 02
80 ../M....P.......
State Dump for Thread Id 0x4b8
eax=77562bda ebx=00000002 ecx=00000000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=011eff24 ebp=011eff70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:01c6d4f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
011EFF70 77E8A31D 011EFF48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
011EFFB4 77E887DD 00000000 0110EC94 0110F520 00000000
kernel32!WaitForMultipleObjects
011EFFEC 00000000 77562BDA 00000000 00000000 000000C8
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
011eff24 b7 7a e8 77 02 00 00 00 - 48 ff 1e 01 01 00 00
00 .z.w....H.......
011eff34 00 00 00 00 00 00 00 00 - 94 ec 10 01 00 00 00
00 ................
011eff44 00 00 00 00 44 03 00 00 - 40 03 00 00 c0 a2 4c
81 [email protected].
011eff54 60 a1 4c 81 00 00 00 00 - 00 00 00 00 00 00 00
00 `.L.............
011eff64 00 00 00 00 00 00 00 00 - 00 00 00 00 b4 ff 1e
01 ................
011eff74 1d a3 e8 77 48 ff 1e 01 - 01 00 00 00 00 00 00
00 ...wH...........
011eff84 00 00 00 00 00 00 00 00 - 1a 2c 56 77 02 00 00
00 .........,Vw....
011eff94 a4 ff 1e 01 00 00 00 00 - ff ff ff ff 20 f5 10
01 ............ ...
011effa4 44 03 00 00 40 03 00 00 - 00 00 00 00 00 00 00
00 D...@...........
011effb4 ec ff 1e 01 dd 87 e8 77 - 00 00 00 00 94 ec 10
01 .......w........
011effc4 20 f5 10 01 00 00 00 00 - 00 40 fd 7f 00 00 00
00 ........@......
011effd4 c0 ff 1e 01 00 00 00 00 - ff ff ff ff 56 18 ea
77 ............V..w
011effe4 88 ae e8 77 00 00 00 00 - 00 00 00 00 00 00 00
00 ...w............
011efff4 da 2b 56 77 00 00 00 00 - 00 00 00 00 c8 00 00
00 .+Vw............
011f0004 00 01 00 00 ff ee ff ee - 02 00 00 00 00 00 00
00 ................
011f0014 00 fe 00 00 00 00 10 00 - 00 20 00 00 00 02 00
00 ......... ......
011f0024 00 20 00 00 dc 01 00 00 - ff ef fd 7f 09 00 08
06 . ..............
011f0034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
011f0044 98 05 1f 01 0f 00 00 00 - f8 ff ff ff 50 00 1f
01 ............P...
011f0054 50 00 1f 01 40 06 1f 01 - 00 00 00 00 00 00 00
00 P...@...........
State Dump for Thread Id 0x470
eax=c002100b ebx=000493e0 ecx=00000102 edx=00000000
esi=000856f8 edi=000493e0
eip=77f837dc esp=0132febc ebp=0132fee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: ZwRemoveIoCompletion
77f837d1 b8a8000000 mov eax,0xa8
77f837d6 8d542404 lea edx,
[esp+0x4] ss:01dad48f=adf00d0b
77f837da cd2e int 2e
77f837dc c21400 ret 0x14
77f837df 53 push ebx
77f837e0 f7e1 mul ecx
77f837e2 8bd8 mov ebx,eax
77f837e4 8b442408 mov eax,
[esp+0x8] ss:01dad48f=adf00d0b
77f837e8 f7642414 mul dword ptr
[esp+0x14] ss:01dad48f=adf00d0b
77f837ec 03d8 add ebx,eax
77f837ee 8b442408 mov eax,
[esp+0x8] ss:01dad48f=adf00d0b
77f837f2 f7e1 mul ecx
77f837f4 03d3 add edx,ebx
77f837f6 5b pop ebx
77f837f7 c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0132FEE4 77D809DA 00000128 0132FF1C 0132FF0C 0132FF14
ntdll!ZwRemoveIoCompletion
0132FF20 77D50EDE 000493E0 0132FF60 0132FF5C 0132FF70
rpcrt4!I_RpcTransGetAddressList
0132FF74 77D50D17 77D39A00 000856F8 00000008 0110F62C
rpcrt4!TowerConstruct
0132FFA8 77D41C6C 0008FCF0 0132FFEC 77E887DD 0008D200
rpcrt4!TowerConstruct
0132FFB4 77E887DD 0008D200 00000008 0110F62C 0008D200
rpcrt4!I_RpcServerInqTransportType
0132FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x524
eax=77d41c54 ebx=00000000 ecx=00000000 edx=00000000
esi=000864c0 edi=00000100
eip=77f83bb8 esp=0136fe28 ebp=0136ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:01ded3fb=adf00d0b
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0136FF74 77D56D9E 77D39A00 000864C0 00000000 00000000
ntdll!NtReplyWaitReceivePortEx
0136FFA8 77D41C6C 000A58B8 0136FFEC 77E887DD 000B2020
rpcrt4!TowerConstruct
0136FFB4 77E887DD 000B2020 00000000 00000000 000B2020
rpcrt4!I_RpcServerInqTransportType
0136FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x528
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000
esi=000a7690 edi=00000000
eip=77e12268 esp=013afcd8 ebp=013aff28 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:01e2d2ab=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
013AFF28 71181ACF 00000000 000001E8 0006EA1C 000B4D40
user32!WaitMessage
013AFFB4 77E887DD 000B4D40 000001E8 0006EA1C 000B4D40 !
Ordinal123
013AFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x52c
eax=00070110 ebx=01c8ff74 ecx=00000325 edx=00000000
esi=77f8377b edi=0000042c
eip=77f83786 esp=01c8ff58 ebp=01c8ff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:0270d52b=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01C8FF7C 77E87837 0000042C 000927C0 00000000 70CFD855
ntdll!NtWaitForSingleObject
77F8316D 4AFFC033 E0850F08 89000005 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
*----> Raw Stack Dump <----*
01c8ff58 0f 78 e8 77 2c 04 00 00 - 00 00 00 00 74 ff c8
01 .x.w,.......t...
01c8ff68 00 00 00 00 00 25 85 01 - 3c 31 f8 77 00 44 5f
9a .....%..<1.w.D_.
01c8ff78 fe ff ff ff 6d 31 f8 77 - 37 78 e8 77 2c 04 00
00 ....m1.w7x.w,...
01c8ff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 2c 04 00
00 .'......U..p,...
01c8ff98 c0 27 09 00 09 00 00 00 - 00 25 85 01 ec ff c8
01 .'.......%......
01c8ffa8 00 25 85 01 95 d7 cf 70 - 58 a2 0c 00 6f d7 cf
70 .%.....pX...o..p
01c8ffb8 dd 87 e8 77 00 25 85 01 - 09 00 00 00 58 a2 0c
00 ...w.%......X...
01c8ffc8 00 25 85 01 00 c0 fa 7f - 50 4b 0c 00 c0 ff c8
01 .%......PK......
01c8ffd8 50 4b 0c 00 ff ff ff ff - 56 18 ea 77 88 ae e8
77 PK......V..w...w
01c8ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf
70 ............f..p
01c8fff8 00 25 85 01 00 00 00 00 - 43 6c 69 65 6e 74 20
55 .%......Client U
01c90008 72 6c 43 61 63 68 65 20 - 4d 4d 46 20 56 65 72
20 rlCache MMF Ver
01c90018 35 2e 32 00 00 c0 18 00 - 00 50 00 00 00 31 00
00 5.2......P...1..
01c90028 a8 01 00 00 00 00 00 00 - 00 6c d0 1d 00 00 00
00 .........l......
01c90038 00 c0 d2 02 00 00 00 00 - 00 a0 3b 02 00 00 00
00 ..........;.....
01c90048 04 00 00 00 76 00 00 00 - 39 4e 38 39 41 48 4d
33 ....v...9N89AHM3
01c90058 7b 00 00 00 55 51 42 46 - 4b 38 45 52 73 00 00
00 {...UQBFK8ERs...
01c90068 4f 36 42 41 52 55 51 39 - 7e 00 00 00 43 41 59
4e O6BARUQ9~...CAYN
01c90078 5a 44 47 54 00 00 00 00 - 00 00 00 00 00 00 00
00 ZDGT............
01c90088 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x220
eax=01ebcff8 ebx=00000002 ecx=00000040 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=01ebfe5c ebp=01ebfea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0293d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01EBFEA8 77E12A00 01EBFE80 00000001 00000000 01EBFEA0
ntdll!NtWaitForMultipleObjects
01EBFF04 77E12A77 01EBFED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
01EBFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
01EBFF74 70C1AB1B 01EBFFA0 01EBFFA4 01EBFFA8 01EBFF9C !
Ordinal265
01EBFFAC 70C1ACDF 00000000 77E887DD 00000000 7FFAD000 !
Ordinal293
01EBFFEC 00000000 70C1ACAF 00000000 00000000 000000C8 !
Ordinal293
*----> Raw Stack Dump <----*
01ebfe5c b7 7a e8 77 02 00 00 00 - 80 fe eb 01 01 00 00
00 .z.w............
01ebfe6c 00 00 00 00 a0 fe eb 01 - 00 00 00 00 00 00 00
00 ................
01ebfe7c 02 00 00 00 d4 01 00 00 - 88 04 00 00 90 4f a5
77 .............O.w
01ebfe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 a0 fe eb
01 ................
01ebfe9c 00 00 00 00 00 ba 3c dc - ff ff ff ff 04 ff eb
01 ......<.........
01ebfeac 00 2a e1 77 80 fe eb 01 - 01 00 00 00 00 00 00
00 .*.w............
01ebfebc a0 fe eb 01 00 00 00 00 - 60 ea 00 00 18 bb c2
70 ........`......p
01ebfecc 00 00 00 00 d4 01 00 00 - 88 04 00 00 84 ff eb
01 ................
01ebfedc 4f 7a 2e 73 00 00 16 71 - 74 ff eb 01 00 d0 fa
7f Oz.s...qt.......
01ebfeec 18 bb c2 70 00 00 00 00 - 00 00 00 00 cc b6 fa
7f ...p............
01ebfefc 00 00 00 00 88 04 00 00 - 20 ff eb 01 77 2a e1
77 ........ ...w*.w
01ebff0c d0 fe eb 01 38 bb c2 70 - 60 ea 00 00 41 00 00
00 ....8..p`...A...
01ebff1c 00 00 00 00 74 ff eb 01 - 93 a7 c1 70 01 00 00
00 ....t......p....
01ebff2c 38 bb c2 70 00 00 00 00 - 60 ea 00 00 41 00 00
00 8..p....`...A...
01ebff3c 00 d0 fa 7f 18 bb c2 70 - 00 00 00 00 00 00 00
00 .......p........
01ebff4c 00 00 00 00 00 00 00 00 - 84 ff eb 01 f6 fe 20
70 .............. p
01ebff5c e5 03 00 00 8c ff eb 01 - 99 82 53 00 18 bb c2
70 ..........S....p
01ebff6c 60 ea 00 00 01 00 00 00 - ac ff eb 01 1b ab c1
70 `..............p
01ebff7c a0 ff eb 01 a4 ff eb 01 - a8 ff eb 01 9c ff eb
01 ................
01ebff8c 60 ea 00 00 00 d0 fa 7f - 00 00 bd 70 00 00 00
00 `..........p....
State Dump for Thread Id 0x530
eax=70d6aaf0 ebx=01f4ff74 ecx=01857100 edx=00000000
esi=77f8377b edi=00000490
eip=77f83786 esp=01f4ff58 ebp=01f4ff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:029cd52b=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01F4FF7C 77E87837 00000490 000927C0 00000000 70CFD855
ntdll!NtWaitForSingleObject
77F8316D 4AFFC033 E0850F08 89000005 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
State Dump for Thread Id 0x540
eax=037dcff8 ebx=00000002 ecx=00000040 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=037dfe5c ebp=037dfea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0425d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
037DFEA8 77E12A00 037DFE80 00000001 00000000 037DFEA0
ntdll!NtWaitForMultipleObjects
037DFF04 77E12A77 037DFED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
037DFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
037DFF74 70C1AB1B 037DFFA0 037DFFA4 037DFFA8 037DFF9C !
Ordinal265
037DFFAC 70C1ACDF 00000000 77E887DD 00000000 7FFDB000 !
Ordinal293
037DFFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x544
eax=0381cff8 ebx=00000002 ecx=00000040 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=0381fe5c ebp=0381fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0429d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0381FEA8 77E12A00 0381FE80 00000001 00000000 0381FEA0
ntdll!NtWaitForMultipleObjects
0381FF04 77E12A77 0381FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
0381FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
0381FF74 70C1AB1B 0381FFA0 0381FFA4 0381FFA8 0381FF9C !
Ordinal265
0381FFAC 70C1ACDF 00000000 77E887DD 00000000 00030002 !
Ordinal293
0381FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x548
eax=0386f27c ebx=0386f26c ecx=00000002 edx=0015a8c8
esi=00000000 edi=0015a8c8
eip=70dcf39f esp=0386f214 ebp=0386f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:042ec7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:042ec84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:0015a8c8=0015a660
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:042ec7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:0015a8c8=60
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:042ec7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:0386f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:042ec7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:042ec7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:042ec84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:042ec84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0386F224 702BE5B6 039086E4 0000000E 0386F27C 0015A8C8 !
DllGetClassObject
0386F248 10001B67 000FDCB0 0000000E 0386F27C 00000001 !
RegisterFormatEnumerator
0386F2C0 702B6223 00000000 00165F90 000FDE50 00000000 !
<nosymbols>
0386F2E8 702D1A5A 000FDCA8 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
0386F318 702BA988 000FDCA8 00000016 00165F90 702BA95D !
DllGetClassObject
0386F354 702C59C3 00000016 0386F5C0 00000000 038FEA58 !
CoInternetQueryInfo
0386F7D0 702BB3AF 00000000 038FEA58 038FEA68 702BB372 !
FindMediaTypeClass
0386F7FC 702B8EF8 00000000 0014E5F8 000FDCA8 000FDCB0 !
IsAsyncMoniker
0386F824 702B7DA6 000FDE50 0014E5F8 000FDCA8 000FDCB0 !
FindMediaType
0386F86C 70D495F1 000FDCA8 0014E5F8 03908704 00000000 !
CreateAsyncBindCtxEx
0386FAC0 70D4943E 0014E5F8 873F0000 0386FBE4 0186BBA0 !
DllGetClassObject
0386FADC 70D493A1 0386FBE4 0186BBB4 873F0000 0186BBA0 !
DllGetClassObject
0386FB00 70D4E77C 0386FBE4 0186B540 00001FDD 873F0000 !
DllGetClassObject
0386FB50 70D4AB9F 0186BF00 0186B540 00000000 00000000 !
DllGetClassObject
0386FB74 70D4AAC1 0186B6E0 00000001 00000000 0386FBE4 !
DllGetClassObject
0386FBCC 70D50AF3 0186B6E0 00000000 10000000 0016EA68 !
DllGetClassObject
0386FCE4 00000000 00400000 0186B9A0 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
0386f214 00 00 00 00 7c f2 86 03 - 54 de 0f 00 00 00 00
00 ....|...T.......
0386f224 48 f2 86 03 b6 e5 2b 70 - e4 86 90 03 0e 00 00
00 H.....+p........
0386f234 7c f2 86 03 c8 a8 15 00 - 6c f2 86 03 00 00 00
00 |.......l.......
0386f244 4c 00 0d 04 c0 f2 86 03 - 67 1b 00 10 b0 dc 0f
00 L.......g.......
0386f254 0e 00 00 00 7c f2 86 03 - 01 00 00 00 6c f2 86
03 ....|.......l...
0386f264 b0 dc 0f 00 0d 30 2c 70 - 00 00 00 00 90 5f 16
00 .....0,p....._..
0386f274 54 de 0f 00 b0 dc 0f 00 - 06 00 00 00 90 f2 86
03 T...............
0386f284 54 de 0f 00 00 00 00 00 - a8 dc 0f 00 14 00 00
00 T...............
0386f294 00 00 00 00 50 de 0f 00 - 00 00 00 00 00 00 00
00 ....P...........
0386f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
0386f2b4 50 00 0d 04 30 25 0b 00 - 4c 00 0d 04 e8 f2 86
03 P...0%..L.......
0386f2c4 23 62 2b 70 00 00 00 00 - 90 5f 16 00 50 de 0f
00 #b+p....._..P...
0386f2d4 00 00 00 00 00 00 00 00 - a8 dc 0f 00 00 00 00
00 ................
0386f2e4 00 00 00 00 18 f3 86 03 - 5a 1a 2d 70 a8 dc 0f
00 ........Z.-p....
0386f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0386f304 90 5f 16 00 00 00 00 00 - 00 00 00 00 14 eb 8f
03 ._..............
0386f314 58 ea 8f 03 54 f3 86 03 - 88 a9 2b 70 a8 dc 0f
00 X...T.....+p....
0386f324 16 00 00 00 90 5f 16 00 - 5d a9 2b 70 f0 2b 0b
00 ....._..].+p.+..
0386f334 16 00 00 00 90 5f 16 00 - 04 01 00 00 58 ea 8f
03 ....._......X...
0386f344 00 00 00 00 01 00 00 00 - 05 40 00 80 90 5f 16
00 .........@..._..
State Dump for Thread Id 0x550
eax=00000000 ebx=ffffffff ecx=000f7258 edx=00000000
esi=7fffffff edi=00000102
eip=77f83786 esp=0401facc ebp=0401fb04 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:04a9d09f=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0401FB04 74FD7EE6 00000788 00000778 00000000 00000004
ntdll!NtWaitForSingleObject
0401FBF0 75031DA9 00000001 0401FE84 0401FC7C 0401FD80
msafd!WSPSetSockOpt
0401FC54 7021E1F5 00000001 0401FE84 0401FC7C 0401FD80
ws2_32!select
0401FFB0 7021E35B 77E887DD 038E5910 00000000 7FFDF000 !
InternetGetConnectedStateExW
0401FFEC 00000000 00000000 00000000 00000000 00000000 !
InternetGetConnectedStateExW
*----> Raw Stack Dump <----*
0401facc d2 bc fd 74 88 07 00 00 - 01 00 00 00 f0 fa 01
04 ...t............
0401fadc 84 fe 01 04 78 fb 01 04 - 68 fb 01 04 90 95 b3
2d ....x...h......-
0401faec 59 94 c3 01 ff ff ff ff - ff ff ff 7f e8 56 8e
03 Y............V..
0401fafc 00 00 00 00 00 00 00 00 - f0 fb 01 04 e6 7e fd
74 .............~.t
0401fb0c 88 07 00 00 78 07 00 00 - 00 00 00 00 04 00 00
00 ....x...........
0401fb1c 80 fd 01 04 c0 0c 10 00 - 7c fc 01 04 00 00 00
00 ........|.......
0401fb2c 00 00 00 00 80 0f 05 fd - ff ff ff ff ff ff ff
ff ................
0401fb3c dc fb 01 04 40 b7 fc 77 - b8 0c 07 00 f8 a9 0f
00 [email protected]........
0401fb4c 5c 90 27 70 f8 a9 0f 00 - f8 a9 0f 00 00 00 00
00 \.'p............
0401fb5c 00 00 00 00 00 00 00 00 - 00 00 00 00 80 0f 05
fd ................
0401fb6c ff ff ff ff 01 00 00 00 - 00 56 8e 03 78 07 00
00 .........V..x...
0401fb7c 19 00 00 00 88 67 15 00 - 30 00 00 00 00 00 00
00 .....g..0.......
0401fb8c 18 bb c2 70 00 00 07 00 - 04 00 00 00 00 2b f8
77 ...p.........+.w
0401fb9c 08 36 f8 77 ff ff ff ff - 01 53 f8 77 00 00 07
00 .6.w.....S.w....
0401fbac e8 56 8e 03 00 aa 0f 00 - 00 00 00 00 68 fb 01
04 .V..........h...
0401fbbc 2c 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ,...............
0401fbcc 00 00 00 00 10 00 00 00 - 84 fb 01 04 1c fb 01
04 ................
0401fbdc 24 fc 01 04 44 fc 01 04 - 36 df fd 74 78 30 fd
74 $...D...6..tx0.t
0401fbec ff ff ff ff 54 fc 01 04 - a9 1d 03 75 01 00 00
00 ....T......u....
0401fbfc 84 fe 01 04 7c fc 01 04 - 80 fd 01 04 88 ff 01
04 ....|...........
State Dump for Thread Id 0x54c
eax=778321fe ebx=00000004 ecx=7ffa9000 edx=00000000
esi=77f837a7 edi=00000004
eip=77f837b2 esp=0405fd24 ebp=0405fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:04add2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0405FD70 77E8A31D 0405FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0405FFB4 77E887DD 00000005 038EFF5C 7FFA9000 000ECC90
kernel32!WaitForMultipleObjects
0405FFEC 00000000 778321FE 000ECC90 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0405fd24 b7 7a e8 77 04 00 00 00 - 48 fd 05 04 01 00 00
00 .z.w....H.......
0405fd34 00 00 00 00 00 00 00 00 - 01 00 00 00 90 cc 0e
00 ................
0405fd44 01 00 00 00 28 07 00 00 - 60 07 00 00 70 07 00
00 ....(...`...p...
0405fd54 c4 06 00 00 01 00 00 00 - 04 f2 59 81 a8 fa 26
b7 ..........Y...&.
0405fd64 54 1d 49 80 93 20 49 80 - e8 f1 59 81 b4 ff 05
04 T.I.. I...Y.....
0405fd74 1d a3 e8 77 48 fd 05 04 - 01 00 00 00 00 00 00
00 ...wH...........
0405fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 04 00 00
00 .........".w....
0405fd94 b0 fe 05 04 00 00 00 00 - ff ff ff ff 90 cc 0e
00 ................
0405fda4 00 90 fa 7f 5c ff 8e 03 - 78 52 4a 80 e8 f1 59
81 ....\...xRJ...Y.
0405fdb4 00 00 00 00 00 00 00 00 - 01 00 00 00 38 00 00
00 ............8...
0405fdc4 23 00 00 00 23 00 00 00 - 5c ff 8e 03 00 90 fa
7f #...#...\.......
0405fdd4 90 cc 0e 00 00 90 fa 7f - 00 90 fa 7f fe 21 83
77 .............!.w
0405fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
0405fdf4 fc ff 05 04 23 00 00 00 - 8c 4f 45 80 80 fb 26
b7 ....#....OE...&.
0405fe04 08 24 49 81 08 24 49 81 - 40 00 00 00 24 fb 26
b7 .$I..$I.@...$.&.
0405fe14 d0 f8 44 80 00 5b 57 81 - 00 00 00 00 00 00 00
00 ..D..[W.........
0405fe24 08 6a 57 81 a6 24 49 80 - 41 e8 00 00 18 f6 a1
81 .jW..$I.A.......
0405fe34 00 07 00 00 ae cc 44 80 - 41 e8 00 00 18 f6 a1
81 ......D.A.......
0405fe44 41 e8 00 00 18 f6 a1 81 - 01 42 fd 7f 6b 01 00
00 A........B..k...
0405fe54 41 d6 44 80 6b 01 00 00 - 30 5c 57 81 00 40 fd
7f A.D.k...0\W..@..
State Dump for Thread Id 0x404
eax=74fd4766 ebx=00101610 ecx=732f0ca0 edx=00000000
esi=74fe93a0 edi=00000000
eip=77f837dc esp=040bff84 ebp=040bffb4 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: ZwRemoveIoCompletion
77f837d1 b8a8000000 mov eax,0xa8
77f837d6 8d542404 lea edx,
[esp+0x4] ss:04b3d557=????????
77f837da cd2e int 2e
77f837dc c21400 ret 0x14
77f837df 53 push ebx
77f837e0 f7e1 mul ecx
77f837e2 8bd8 mov ebx,eax
77f837e4 8b442408 mov eax,
[esp+0x8] ss:04b3d557=????????
77f837e8 f7642414 mul dword ptr
[esp+0x14] ss:04b3d557=????????
77f837ec 03d8 add ebx,eax
77f837ee 8b442408 mov eax,
[esp+0x8] ss:04b3d557=????????
77f837f2 f7e1 mul ecx
77f837f4 03d3 add edx,ebx
77f837f6 5b pop ebx
77f837f7 c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
040BFFB4 77E887DD 74FD5F4B 7FFA9000 037DF7AC 00101610
ntdll!ZwRemoveIoCompletion
040BFFEC 00000000 74FD4766 00101610 00000000 000000C8
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
040bff84 b8 47 fd 74 b8 06 00 00 - bc ff 0b 04 b0 ff 0b
04 .G.t............
040bff94 a4 ff 0b 04 28 2c fd 74 - 00 90 fa 7f ac f7 7d
03 ....(,.t......}.
040bffa4 41 02 00 c0 00 00 00 00 - 00 00 fd 74 f8 2a 15
00 A..........t.*..
040bffb4 ec ff 0b 04 dd 87 e8 77 - 4b 5f fd 74 00 90 fa
7f .......wK_.t....
040bffc4 ac f7 7d 03 10 16 10 00 - 00 30 fa 7f a0 0c 2f
73 ..}......0..../s
040bffd4 c0 ff 0b 04 a0 0c 2f 73 - ff ff ff ff 56 18 ea
77 ....../s....V..w
040bffe4 88 ae e8 77 00 00 00 00 - 00 00 00 00 00 00 00
00 ...w............
040bfff4 66 47 fd 74 10 16 10 00 - 00 00 00 00 c8 00 00
00 fG.t............
040c0004 00 01 00 00 ff ee ff ee - 02 10 00 00 00 00 00
00 ................
040c0014 00 fe 00 00 00 00 20 00 - 00 20 00 00 00 02 00
00 ...... .. ......
040c0024 00 20 00 00 15 04 00 00 - ff ef fd 7f 19 00 08
06 . ..............
040c0034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
040c0044 a8 05 0c 04 0f 00 00 00 - f8 ff ff ff 50 00 0c
04 ............P...
040c0054 50 00 0c 04 40 06 0c 04 - 00 00 0d 04 00 00 00
00 P...@...........
040c0064 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
040c0074 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
040c0084 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
040c0094 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
040c00a4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
040c00b4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
Application exception occurred:
App: explorer.exe (pid=1272)
When: 10/17/2003 @ 10:53:45.843
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
392 svchost.exe
424 spoolsv.exe
452 defwatch.exe
468 svchost.exe
496 nslsvice.exe
508 nsl.exe
520 rtvscan.exe
572 regsvc.exe
588 mstask.exe
608 stisvc.exe
672 WinMgmt.exe
708 mspmspsv.exe
720 svchost.exe
1056 igfxtray.exe
1060 hkcmd.exe
1044 vptray.exe
1216 FINDFAST.exe
1224 OSA.exe
1292 ipmsg2.02.exe
1272 explorer.exe
1184 DRWTSN32.exe
0 _Total.exe
(00400000 - 0043E000)
(77F80000 - 77FFB000)
(77DB0000 - 77E0D000)
(77E80000 - 77F36000)
(77D30000 - 77D9E000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(70BD0000 - 70C35000)
(78000000 - 78046000)
(71710000 - 71794000)
(732E0000 - 73305000)
(23000000 - 23056000)
(782F0000 - 78536000)
(77A50000 - 77B3C000)
(775A0000 - 77625000)
(779B0000 - 77A4B000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(71000000 - 71149000)
(71160000 - 7125D000)
(77C10000 - 77C6E000)
(76DF0000 - 76E01000)
(76620000 - 76630000)
(75160000 - 7516C000)
(75210000 - 75225000)
(751D0000 - 75208000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(75030000 - 75043000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(76F20000 - 76F95000)
(70340000 - 70381000)
(766D0000 - 766E8000)
(76740000 - 76748000)
(77880000 - 7790D000)
(766F0000 - 766F7000)
(77570000 - 775A0000)
(770F0000 - 772ED000)
(77560000 - 77569000)
(77400000 - 77408000)
(77410000 - 77423000)
(76290000 - 762CB000)
(6DE80000 - 6DEE3000)
(76710000 - 76719000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(71960000 - 71972000)
(71F00000 - 71F4D000)
(6A8F0000 - 6A910000)
(74870000 - 74886000)
(70020000 - 70025000)
(702B0000 - 7032A000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(70440000 - 704CF000)
(70C50000 - 70EFD000)
(718C0000 - 71944000)
(75AC0000 - 75AE8000)
(658F0000 - 65A04000)
(70510000 - 7051A000)
(6AC20000 - 6AC58000)
(76B30000 - 76B6D000)
(020C0000 - 020D8000)
(66650000 - 666A4000)
(6B700000 - 6B790000)
(75E60000 - 75E7A000)
(70F30000 - 70F9E000)
(69BF0000 - 69C0D000)
(77800000 - 7781E000)
(77BF0000 - 77C01000)
(16200000 - 16206000)
(10000000 - 1000C000)
(02C70000 - 02C7A000)
(76930000 - 7695B000)
(77920000 - 77943000)
(03810000 - 03846000)
(03850000 - 0386D000)
(703D0000 - 703EB000)
(66D20000 - 66D51000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(03E30000 - 03E47000)
State Dump for Thread Id 0x548
eax=000021ff ebx=00000001 ecx=00000000 edx=00000000
esi=00094b50 edi=00000000
eip=77e12268 esp=0006ff00 ebp=0006ff1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:00aed4d3=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006FF1C 7832B0E5 00000000 004018DF 00094B50 0074006E
user32!WaitMessage
0006FF60 00401621 00000060 00000000 00020644 00000005
shell32!Ordinal201
0006FFC0 77E9CA90 0074006E 0041005C 7FFDF000 00000065
explorer!<nosymbols>
0006FFF0 00000000 004015A8 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006ff00 56 b1 32 78 8e 76 e8 77 - 50 4b 09 00 01 00 00
00 V.2x.v.wPK......
0006ff10 50 4b 09 00 50 4b 09 00 - 60 ff 06 00 60 ff 06
00 PK..PK..`...`...
0006ff20 e5 b0 32 78 00 00 00 00 - df 18 40 00 50 4b 09
00 [email protected]..
0006ff30 6e 00 74 00 44 06 02 00 - 00 f0 fd 7f 90 26 36
81 n.t.D........&6.
0006ff40 78 a1 e8 77 ff ff ff ff - 0c 00 00 00 44 06 02
00 x..w........D...
0006ff50 b3 a1 e8 77 02 00 00 00 - 01 9e 53 00 e0 ff 06
00 ...w......S.....
0006ff60 c0 ff 06 00 21 16 40 00 - 60 00 00 00 00 00 00
00 ....!.@.`.......
0006ff70 44 06 02 00 05 00 00 00 - 5c 00 41 00 44 00 00
00 D.......\.A.D...
0006ff80 78 57 07 00 90 62 07 00 - a8 62 07 00 00 00 00
00 xW...b...b......
0006ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 56 18 ea
77 ............V..w
0006ffa0 f0 7f e8 77 ff ff ff ff - 01 00 00 00 05 00 00
00 ...w............
0006ffb0 00 00 00 00 ff ff ff ff - ff ff ff ff ff ff ff
ff ................
0006ffc0 f0 ff 06 00 90 ca e9 77 - 6e 00 74 00 5c 00 41
00 .......wn.t.\.A.
0006ffd0 00 f0 fd 7f 65 00 00 00 - c8 ff 06 00 65 00 00
00 ....e.......e...
0006ffe0 ff ff ff ff 56 18 ea 77 - 98 ca e9 77 00 00 00
00 ....V..w...w....
0006fff0 00 00 00 00 00 00 00 00 - a8 15 40 00 00 00 00
00 ..........@.....
00070000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 00 00
00 ................
00070010 00 00 00 00 00 fe 00 00 - 00 00 20 00 00 20 00
00 .......... .. ..
00070020 00 02 00 00 00 20 00 00 - 29 ad 00 00 ff ef fd
7f ..... ..).......
00070030 01 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x1bc
eax=77d32778 ebx=00000000 ecx=00083fe0 edx=00000000
esi=000864c0 edi=00000100
eip=77f83bb8 esp=00dcfe28 ebp=00dcff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:0184d3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00DCFF74 77D56D9E 77D39AD0 000864C0 40085FB8 00000070
ntdll!NtReplyWaitReceivePortEx
00DCFFA8 77D41C6C 00079288 00DCFFEC 77E887DD 000851A0
rpcrt4!TowerConstruct
00DCFFB4 77E887DD 000851A0 40085FB8 00000070 000851A0
rpcrt4!I_RpcServerInqTransportType
00DCFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x550
eax=77d34e00 ebx=00000102 ecx=0000001b edx=00000000
esi=77f8318c edi=00e0ff74
eip=77f83197 esp=00e0ff60 ebp=00e0ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0188d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00E0FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
State Dump for Thread Id 0x540
eax=fffffff0 ebx=00000000 ecx=002301f8 edx=00000000
esi=00000000 edi=00000000
eip=77e12268 esp=00e4ff2c ebp=00e4ff4c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:018cd4ff=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00E4FF4C 00403743 70C0C464 00400000 0035002D 0032002D
user32!WaitMessage
00E4FFB4 77E887DD 00000000 0035002D 0032002D 0006FEE0
explorer!<nosymbols>
00E4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x544
eax=00e9f91c ebx=00000009 ecx=00e9fb70 edx=00000000
esi=77f837a7 edi=00000009
eip=77f837b2 esp=00e9fd98 ebp=00e9fde4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0191d36b=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00E9FDE4 77E12A00 02190FD8 00000001 00000000 00E9FDDC
ntdll!NtWaitForMultipleObjects
00E9FE40 77E12A77 00E9FE0C 00E9FEB8 000007D0 000000FF
user32!MsgWaitForMultipleObjectsEx
00E9FE5C 7832A4D2 00000008 00E9FEB8 00000000 000007D0
user32!MsgWaitForMultipleObjects
7840E540 FFFFFFFF 00000000 00000000 00000204 00000000
shell32!Ordinal200
77FD0000 7840E540 77FD0028 77FCFFE8 00000032 00000032
<nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000
shell32!<nosymbols>
State Dump for Thread Id 0x220
eax=014cf000 ebx=00000002 ecx=000b8140 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00edfe5c ebp=00edfea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0195d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00EDFEA8 77E12A00 00EDFE80 00000001 00000000 00EDFEA0
ntdll!NtWaitForMultipleObjects
00EDFF04 77E12A77 00EDFED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00EDFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00EDFF74 70C1AB1B 00EDFFA0 00EDFFA4 00EDFFA8 00EDFF9C !
Ordinal265
00EDFFAC 70C1ACDF 00000000 77E887DD 00000000 7FFDE000 !
Ordinal293
00EDFFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x528
eax=00000066 ebx=00000002 ecx=00000040 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00f1fe5c ebp=00f1fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0199d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00F1FEA8 77E12A00 00F1FE80 00000001 00000000 00F1FEA0
ntdll!NtWaitForMultipleObjects
00F1FF04 77E12A77 00F1FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00F1FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00F1FF74 70C1AB1B 00F1FFA0 00F1FFA4 00F1FFA8 00F1FF9C !
Ordinal265
00F1FFAC 70C1ACDF 00000000 77E887DD 00000000 7FFDE000 !
Ordinal293
00F1FFEC 00000000 70C1ACAF 00000000 00000000 000000C8 !
Ordinal293
*----> Raw Stack Dump <----*
00f1fe5c b7 7a e8 77 02 00 00 00 - 80 fe f1 00 01 00 00
00 .z.w............
00f1fe6c 00 00 00 00 a0 fe f1 00 - 00 00 00 00 00 00 00
00 ................
00f1fe7c 02 00 00 00 c0 01 00 00 - 4c 02 00 00 90 4f a5
77 ........L....O.w
00f1fe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 a0 fe f1
00 ................
00f1fe9c 00 00 00 00 00 ba 3c dc - ff ff ff ff 04 ff f1
00 ......<.........
00f1feac 00 2a e1 77 80 fe f1 00 - 01 00 00 00 00 00 00
00 .*.w............
00f1febc a0 fe f1 00 00 00 00 00 - 60 ea 00 00 18 bb c2
70 ........`......p
00f1fecc 00 00 00 00 c0 01 00 00 - 4c 02 00 00 84 ff f1
00 ........L.......
00f1fedc 4f 7a 2e 73 00 00 16 71 - 74 ff f1 00 00 e0 fd
7f Oz.s...qt.......
00f1feec 18 bb c2 70 00 00 00 00 - 00 00 00 00 cc 86 fd
7f ...p............
00f1fefc 00 00 00 00 4c 02 00 00 - 20 ff f1 00 77 2a e1
77 ....L... ...w*.w
00f1ff0c d0 fe f1 00 38 bb c2 70 - 60 ea 00 00 41 00 00
00 ....8..p`...A...
00f1ff1c 00 00 00 00 74 ff f1 00 - 93 a7 c1 70 01 00 00
00 ....t......p....
00f1ff2c 38 bb c2 70 00 00 00 00 - 60 ea 00 00 41 00 00
00 8..p....`...A...
00f1ff3c 00 e0 fd 7f 18 bb c2 70 - 00 00 00 00 00 00 00
00 .......p........
00f1ff4c 00 00 00 00 48 b8 09 00 - b0 b0 b2 77 60 eb a7
77 ....H......w`..w
00f1ff5c 00 00 00 00 00 e0 fd 7f - e9 13 58 00 18 bb c2
70 ..........X....p
00f1ff6c 60 ea 00 00 01 00 00 00 - ac ff f1 00 1b ab c1
70 `..............p
00f1ff7c a0 ff f1 00 a4 ff f1 00 - a8 ff f1 00 9c ff f1
00 ................
00f1ff8c 60 ea 00 00 00 e0 fd 7f - 00 00 bd 70 00 00 00
00 `..........p....
State Dump for Thread Id 0x538
eax=000000c0 ebx=00e4fccc ecx=00000000 edx=00000000
esi=00000400 edi=00000000
eip=77f83197 esp=0110ffa0 ebp=0110ffb4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b
gs=0000 efl=00000246
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:01b8d573=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0110FFB4 77E887DD 00E4FCCC 00000000 00000400 00E4FCCC
ntdll!NtDelayExecution
0110FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x408
eax=0114fa34 ebx=00000000 ecx=000a2f50 edx=00000000
esi=0114fed8 edi=00000000
eip=77e11d6b esp=0114fe98 ebp=0114feb0 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:01bcd46b=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:01bcd46b=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:01bcd46b=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0114FEB0 76F21AFB 0114FED8 00000000 00000000 00000000
user32!TranslateMessageEx
00000001 00000000 00000000 00000000 00000000 00000000
netshell!DllGetClassObject
State Dump for Thread Id 0x530
eax=0118fd70 ebx=77e1bfad ecx=0047cf30 edx=00000000
esi=0118fd70 edi=77e11dba
eip=77e11d6b esp=0118fd04 ebp=0118fd1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:01c0d2d7=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:01c0d2d7=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:01c0d2d7=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0118FD1C 766D193C 0118FD70 00000000 00000000 00000000
user32!TranslateMessageEx
0118FD90 766D182F 0002011A 00000000 766D2A8C 00000001
stobject!DllGetClassObject
0118FFB4 77E887DD 00000000 00E4FAA0 77F82B95 00000000
stobject!DllGetClassObject
0118FFEC 00000000 766D17EA 00000000 00000000 00040000
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0118fd04 e1 1d e1 77 70 fd 18 01 - 00 00 00 00 00 00 00
00 ...wp...........
0118fd14 00 00 00 00 00 00 00 00 - 90 fd 18 01 3c 19 6d
76 ............<.mv
0118fd24 70 fd 18 01 00 00 00 00 - 00 00 00 00 00 00 00
00 p...............
0118fd34 a0 fa e4 00 00 00 6d 76 - 00 00 00 00 30 00 00
00 ......mv....0...
0118fd44 00 40 00 00 00 13 6d 76 - 00 00 00 00 1e 00 00
00 [email protected]........
0118fd54 00 00 6d 76 61 00 06 00 - 11 00 01 00 10 00 00
00 ..mva...........
0118fd64 00 00 00 00 b0 28 6d 76 - 00 00 00 00 1a 01 02
00 .....(mv........
0118fd74 1d 00 00 00 00 00 00 00 - 00 00 00 00 4f 22 55
00 ............O"U.
0118fd84 1d 02 00 00 4a 02 00 00 - 00 00 00 00 b4 ff 18
01 ....J...........
0118fd94 2f 18 6d 76 1a 01 02 00 - 00 00 00 00 8c 2a 6d
76 /.mv.........*mv
0118fda4 01 00 00 00 95 2b f8 77 - 43 00 3a 00 5c 00 57
00 .....+.wC.:.\.W.
0118fdb4 49 00 4e 00 4e 00 54 00 - 5c 00 73 00 79 00 73
00 I.N.N.T.\.s.y.s.
0118fdc4 74 00 65 00 6d 00 33 00 - 32 00 5c 00 73 00 74
00 t.e.m.3.2.\.s.t.
0118fdd4 6f 00 62 00 6a 00 65 00 - 63 00 74 00 2e 00 64
00 o.b.j.e.c.t...d.
0118fde4 6c 00 6c 00 00 00 e8 77 - 1b 00 00 00 00 02 00
00 l.l....w........
0118fdf4 fc ff 18 01 23 00 00 00 - 00 01 00 00 fc fc fc
fc ....#...........
0118fe04 fc fc fc fc 04 00 00 00 - 00 01 00 00 00 00 00
ec ................
0118fe14 ec ec ec ec 00 00 00 00 - 00 01 00 00 00 00 00
00 ................
0118fe24 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0118fe34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x52c
eax=00000000 ebx=00000000 ecx=000a64f8 edx=00000000
esi=000864c0 edi=00000100
eip=77f83bb8 esp=0121fe28 ebp=0121ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:01c9d3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0121FF74 77D56D9E 77D39AD0 000864C0 00000000 00000000
ntdll!NtReplyWaitReceivePortEx
0121FFA8 77D41C6C 00079288 0121FFEC 77E887DD 000A0380
rpcrt4!TowerConstruct
0121FFB4 77E887DD 000A0380 00000000 00000000 000A0380
rpcrt4!I_RpcServerInqTransportType
0121FFEC 00000000 77D41C54 000A0380 00000000 000000C8
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0121fe28 d4 74 d5 77 2c 01 00 00 - 54 ff 21 01 00 00 00
00 .t.w,...T.!.....
0121fe38 f0 c5 0a 00 58 ff 21 01 - 10 92 07 00 88 b2 09
00 ....X.!.........
0121fe48 6d 31 f8 77 00 00 00 00 - 01 99 44 81 74 ab 47
b7 m1.w......D.t.G.
0121fe58 78 b1 46 80 00 00 00 00 - a8 0c 46 81 a8 0c 46
81 x.F.......F...F.
0121fe68 00 00 00 00 01 00 00 00 - 00 50 45 80 00 00 00
00 .........PE.....
0121fe78 01 99 44 01 98 ab 47 b7 - e2 ac 46 80 00 00 00
00 ..D...G...F.....
0121fe88 00 00 00 00 a3 00 42 80 - a8 0c 46 81 08 76 47
81 ......B...F..vG.
0121fe98 00 00 00 00 a8 0c 46 81 - f0 75 47 81 00 00 00
00 ......F..uG.....
0121fea8 a8 0c 46 81 0c ac 47 b7 - c6 54 42 80 a8 0c 46
81 ..F...G..TB...F.
0121feb8 d4 4b 06 80 00 4b 06 80 - 00 00 00 00 70 7e 4e
81 .K...K......p~N.
0121fec8 73 35 66 b7 31 06 66 b7 - 0c ac 47 b7 00 00 00
00 s5f.1.f...G.....
0121fed8 ec ab 47 b7 00 4b 06 80 - 6b 00 66 b7 0c ac 47
b7 ..G..K..k.f...G.
0121fee8 f3 ff 65 b7 20 87 47 81 - a8 0c 46 81 a8 0c 46
81 ..e. .G...F...F.
0121fef8 08 76 47 81 ac ab 47 b7 - 3d 00 00 00 f0 ac 47
b7 .vG...G.=.....G.
0121ff08 8c 05 46 80 e8 56 40 80 - ff ff ff ff 34 ac 47
b7 [email protected].
0121ff18 3e 9e 49 80 e8 0c 46 81 - 54 ac 47 b7 48 ac 47
b7 >.I...F.T.G.H.G.
0121ff28 44 ac 47 b7 c0 99 44 81 - a0 e1 49 81 00 00 00
00 D.G...D...I.....
0121ff38 a0 e1 49 81 30 e3 49 81 - 64 ac 47 b7 f3 da 42
80 ..I.0.I.d.G...B.
0121ff48 a4 da 42 80 d4 4b 06 80 - 00 e3 49 81 02 00 05
00 ..B..K....I.....
0121ff58 00 a2 2f 4d ff ff ff ff - 50 fe 21 01 00 00 02
80 ../M....P.!.....
State Dump for Thread Id 0x524
eax=77562bda ebx=00000002 ecx=00000000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=0127ff24 ebp=0127ff70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:01cfd4f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0127FF70 77E8A31D 0127FF48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0127FFB4 77E887DD 00000000 0118EC94 0118F520 00000000
kernel32!WaitForMultipleObjects
0127FFEC 00000000 77562BDA 00000000 00000000 000000C8
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0127ff24 b7 7a e8 77 02 00 00 00 - 48 ff 27 01 01 00 00
00 .z.w....H.'.....
0127ff34 00 00 00 00 00 00 00 00 - 94 ec 18 01 00 00 00
00 ................
0127ff44 00 00 00 00 6c 03 00 00 - 68 03 00 00 00 1f 41
81 ....l...h.....A.
0127ff54 a0 1d 41 81 80 7c 95 b7 - 00 00 00 00 1f ac 46
80 ..A..|........F.
0127ff64 40 6a 89 81 00 00 00 00 - 00 00 00 00 b4 ff 27
01 @j............'.
0127ff74 1d a3 e8 77 48 ff 27 01 - 01 00 00 00 00 00 00
00 ...wH.'.........
0127ff84 00 00 00 00 00 00 00 00 - 1a 2c 56 77 02 00 00
00 .........,Vw....
0127ff94 a4 ff 27 01 00 00 00 00 - ff ff ff ff 20 f5 18
01 ..'......... ...
0127ffa4 6c 03 00 00 68 03 00 00 - 00 00 00 00 00 00 00
00 l...h...........
0127ffb4 ec ff 27 01 dd 87 e8 77 - 00 00 00 00 94 ec 18
01 ..'....w........
0127ffc4 20 f5 18 01 00 00 00 00 - 00 f0 fa 7f 00 00 00
00 ...............
0127ffd4 c0 ff 27 01 00 00 00 00 - ff ff ff ff 56 18 ea
77 ..'.........V..w
0127ffe4 88 ae e8 77 00 00 00 00 - 00 00 00 00 00 00 00
00 ...w............
0127fff4 da 2b 56 77 00 00 00 00 - 00 00 00 00 c8 00 00
00 .+Vw............
01280004 00 01 00 00 ff ee ff ee - 02 00 00 00 00 00 00
00 ................
01280014 00 fe 00 00 00 00 10 00 - 00 20 00 00 00 02 00
00 ......... ......
01280024 00 20 00 00 dc 01 00 00 - ff ef fd 7f 0a 00 08
06 . ..............
01280034 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01280044 98 05 28 01 0f 00 00 00 - f8 ff ff ff 50 00 28
01 ..(.........P.(.
01280054 50 00 28 01 40 06 28 01 - 00 00 00 00 00 00 00
00 P.(.@.(.........
State Dump for Thread Id 0x470
eax=00000000 ebx=000493e0 ecx=00085900 edx=00000000
esi=000856f8 edi=000493e0
eip=77f837dc esp=013bfebc ebp=013bfee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: ZwRemoveIoCompletion
77f837d1 b8a8000000 mov eax,0xa8
77f837d6 8d542404 lea edx,
[esp+0x4] ss:01e3d48f=????????
77f837da cd2e int 2e
77f837dc c21400 ret 0x14
77f837df 53 push ebx
77f837e0 f7e1 mul ecx
77f837e2 8bd8 mov ebx,eax
77f837e4 8b442408 mov eax,
[esp+0x8] ss:01e3d48f=????????
77f837e8 f7642414 mul dword ptr
[esp+0x14] ss:01e3d48f=????????
77f837ec 03d8 add ebx,eax
77f837ee 8b442408 mov eax,
[esp+0x8] ss:01e3d48f=????????
77f837f2 f7e1 mul ecx
77f837f4 03d3 add edx,ebx
77f837f6 5b pop ebx
77f837f7 c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
013BFEE4 77D809DA 00000128 013BFF1C 013BFF0C 013BFF14
ntdll!ZwRemoveIoCompletion
013BFF20 77D50EDE 000493E0 013BFF60 013BFF5C 013BFF70
rpcrt4!I_RpcTransGetAddressList
013BFF74 77D50D17 77D39A00 000856F8 00000008 0118F62C
rpcrt4!TowerConstruct
013BFFA8 77D41C6C 000AF7E8 013BFFEC 77E887DD 000AF008
rpcrt4!TowerConstruct
013BFFB4 77E887DD 000AF008 00000008 0118F62C 000AF008
rpcrt4!I_RpcServerInqTransportType
013BFFEC 00000000 77D41C54 000AF008 00000000 00000000
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
013bfebc 2e 79 e8 77 28 01 00 00 - 0c ff 3b 01 fc fe 3b
01 .y.w(.....;...;.
013bfecc dc fe 3b 01 d4 fe 3b 01 - 00 a2 2f 4d ff ff ff
ff ..;...;.../M....
013bfedc 00 51 07 00 d4 50 07 00 - 20 ff 3b 01 da 09 d8
77 .Q...P.. .;....w
013bfeec 28 01 00 00 1c ff 3b 01 - 0c ff 3b 01 14 ff 3b
01 (.....;...;...;.
013bfefc e0 93 04 00 e0 93 04 00 - f8 56 08 00 b2 73 e8
77 .........V...s.w
013bff0c 01 00 00 00 28 01 00 00 - 00 00 00 00 00 00 00
00 ....(...........
013bff1c 00 00 00 00 74 ff 3b 01 - de 0e d5 77 e0 93 04
00 ....t.;....w....
013bff2c 60 ff 3b 01 5c ff 3b 01 - 70 ff 3b 01 58 ff 3b
01 `.;.\.;.p.;.X.;.
013bff3c 64 ff 3b 01 6c ff 3b 01 - 10 92 07 00 e8 f7 0a
00 d.;.l.;.........
013bff4c 08 f0 0a 00 28 01 00 00 - 02 00 00 00 a8 00 00
00 ....(...........
013bff5c 00 00 00 00 00 00 00 00 - 00 00 00 00 01 00 00
00 ................
013bff6c 00 00 00 00 28 01 00 00 - a8 ff 3b 01 17 0d d5
77 ....(.....;....w
013bff7c 00 9a d3 77 f8 56 08 00 - 08 00 00 00 2c f6 18
01 ...w.V......,...
013bff8c 08 f0 0a 00 00 00 00 00 - db 0d 43 80 c0 99 44
81 ..........C...D.
013bff9c 20 c0 42 81 ff ff ff ff - 08 f0 0a 00 b4 ff 3b
01 .B...........;.
013bffac 6c 1c d4 77 e8 f7 0a 00 - ec ff 3b 01 dd 87 e8
77 l..w......;....w
013bffbc 08 f0 0a 00 08 00 00 00 - 2c f6 18 01 08 f0 0a
00 ........,.......
013bffcc 00 e0 fa 7f ce b1 f8 77 - c0 ff 3b 01 ce b1 f8
77 .......w..;....w
013bffdc ff ff ff ff 56 18 ea 77 - 88 ae e8 77 00 00 00
00 ....V..w...w....
013bffec 00 00 00 00 00 00 00 00 - 54 1c d4 77 08 f0 0a
00 ........T..w....
State Dump for Thread Id 0x4f0
eax=00000032 ebx=00000000 ecx=0162f15c edx=00000000
esi=000ab850 edi=00000000
eip=77e12268 esp=0162fcd8 ebp=0162ff28 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:020ad2ab=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0162FF28 71181ACF 00000000 00000218 0006EA1C 000B5D88
user32!WaitMessage
0162FFB4 77E887DD 000B5D88 00000218 0006EA1C 000B5D88 !
Ordinal123
0162FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x4f4
eax=00000000 ebx=01f0ff74 ecx=00000446 edx=00000000
esi=77f8377b edi=00000498
eip=77f83786 esp=01f0ff58 ebp=01f0ff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:0298d52b=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01F0FF7C 77E87837 00000498 000927C0 00000000 70CFD855
ntdll!NtWaitForSingleObject
77F8316D 4AFFC033 E0850F08 89000005 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
State Dump for Thread Id 0x3f0
eax=000ff528 ebx=01f4ff74 ecx=00000008 edx=00000000
esi=77f8377b edi=000004bc
eip=77f83786 esp=01f4ff58 ebp=01f4ff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: NtWaitForSingleObject
77f8377b b8ea000000 mov eax,0xea
77f83780 8d542404 lea edx,
[esp+0x4] ss:029cd52b=????????
77f83784 cd2e int 2e
77f83786 c20c00 ret 0xc
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01F4FF7C 77E87837 000004BC 000927C0 00000000 70CFD855
ntdll!NtWaitForSingleObject
77F8316D 4AFFC033 E0850F08 89000005 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
State Dump for Thread Id 0x55c
eax=020bf27c ebx=020bf26c ecx=00000002 edx=0008ddb8
esi=00000000 edi=0008ddb8
eip=70dcf39f esp=020bf214 ebp=020bf224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:02b3c7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:02b3c84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:0008ddb8=0010e450
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:02b3c7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:0008ddb8=50
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:02b3c7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:020bf27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:02b3c7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:02b3c7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:02b3c84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:02b3c84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
020BF224 702BE5B6 021CE9C4 0000000E 020BF27C 0008DDB8 !
DllGetClassObject
020BF248 03E31B67 000CC3F0 0000000E 020BF27C 00000001 !
RegisterFormatEnumerator
020BF2C0 702B6223 00000000 00169E28 000CC590 00000000 !
<nosymbols>
020BF2E8 702D1A5A 000CC3E8 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
020BF318 702BA988 000CC3E8 00000016 00169E28 702BA95D !
DllGetClassObject
020BF354 702C59C3 00000016 020BF5C0 00000000 001477D0 !
CoInternetQueryInfo
020BF7D0 702BB3AF 00000000 001477D0 001477E0 702BB372 !
FindMediaTypeClass
020BF7FC 702B8EF8 00000000 02170BD8 000CC3E8 000CC3F0 !
IsAsyncMoniker
020BF824 702B7DA6 000CC590 02170BD8 000CC3E8 000CC3F0 !
FindMediaType
020BF86C 70D495F1 000CC3E8 02170BD8 021CE9E4 00000000 !
CreateAsyncBindCtxEx
020BFAC0 70D4943E 02170BD8 873F0000 020BFBE4 01B041F0 !
DllGetClassObject
020BFADC 70D493A1 020BFBE4 01B04204 873F0000 01B041F0 !
DllGetClassObject
020BFB00 70D4E77C 020BFBE4 01B02710 00001FDD 873F0000 !
DllGetClassObject
020BFB50 70D4AB9F 01AD0710 01B02710 00000000 00000000 !
DllGetClassObject
020BFB74 70D4AAC1 01B028A0 00000001 00000000 020BFBE4 !
DllGetClassObject
020BFBCC 70D50AF3 01B028A0 00000000 10000000 00121F00 !
DllGetClassObject
020BFCE4 00000000 00400000 01ADFAA0 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
020bf214 00 00 00 00 7c f2 0b 02 - 94 c5 0c 00 00 00 00
00 ....|...........
020bf224 48 f2 0b 02 b6 e5 2b 70 - c4 e9 1c 02 0e 00 00
00 H.....+p........
020bf234 7c f2 0b 02 b8 dd 08 00 - 6c f2 0b 02 00 00 00
00 |.......l.......
020bf244 4c 00 e6 03 c0 f2 0b 02 - 67 1b e3 03 f0 c3 0c
00 L.......g.......
020bf254 0e 00 00 00 7c f2 0b 02 - 01 00 00 00 6c f2 0b
02 ....|.......l...
020bf264 f0 c3 0c 00 0d 30 2c 70 - 00 00 00 00 28 9e 16
00 .....0,p....(...
020bf274 94 c5 0c 00 f0 c3 0c 00 - 06 00 00 00 90 f2 0b
02 ................
020bf284 94 c5 0c 00 00 00 00 00 - e8 c3 0c 00 14 00 00
00 ................
020bf294 00 00 00 00 90 c5 0c 00 - 00 00 00 00 00 00 00
00 ................
020bf2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
020bf2b4 50 00 e6 03 b8 66 0b 00 - 4c 00 e6 03 e8 f2 0b
02 P....f..L.......
020bf2c4 23 62 2b 70 00 00 00 00 - 28 9e 16 00 90 c5 0c
00 #b+p....(.......
020bf2d4 00 00 00 00 00 00 00 00 - e8 c3 0c 00 00 00 00
00 ................
020bf2e4 00 00 00 00 18 f3 0b 02 - 5a 1a 2d 70 e8 c3 0c
00 ........Z.-p....
020bf2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
020bf304 28 9e 16 00 00 00 00 00 - 00 00 00 00 8c 78 14
00 (............x..
020bf314 d0 77 14 00 54 f3 0b 02 - 88 a9 2b 70 e8 c3 0c
00 .w..T.....+p....
020bf324 16 00 00 00 28 9e 16 00 - 5d a9 2b 70 10 ce 13
02 ....(...].+p....
020bf334 16 00 00 00 28 9e 16 00 - 04 01 00 00 d0 77 14
00 ....(........w..
020bf344 00 00 00 00 01 00 00 00 - 05 40 00 80 28 9e 16
00 .........@..(...
State Dump for Thread Id 0x10c
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000
esi=000c9838 edi=00000000
eip=77e12268 esp=02f5fcd8 ebp=02f5ff28 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b
gs=0000 efl=00000202
function: WaitMessage
77e1225d b836120000 mov eax,0x1236
77e12262 8d542404 lea edx,
[esp+0x4] ss:039dd2ab=????????
77e12266 cd2e int 2e
77e12268 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
02F5FF28 71181ACF 00000000 00073400 02020EA4 0009A5C0
user32!WaitMessage
02F5FFB4 77E887DD 0009A5C0 00073400 02020EA4 0009A5C0 !
Ordinal123
02F5FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x474
eax=00000000 ebx=00000002 ecx=01010101 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=02fdfe5c ebp=02fdfea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:03a5d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
02FDFEA8 77E12A00 02FDFE80 00000001 00000000 02FDFEA0
ntdll!NtWaitForMultipleObjects
02FDFF04 77E12A77 02FDFED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
02FDFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
02FDFF74 70C1AB1B 02FDFFA0 02FDFFA4 02FDFFA8 02FDFF9C !
Ordinal265
02FDFFAC 70C1ACDF 00000000 77E887DD 00000000 7FFA8000 !
Ordinal293
02FDFFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x4e4
eax=778321fe ebx=00000003 ecx=7ffaa000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=03e1fd24 ebp=03e1fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0489d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
03E1FD70 77E8A31D 03E1FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
03E1FFB4 77E887DD 00000004 00105C7C 7FFAA000 02139448
kernel32!WaitForMultipleObjects
03E1FFEC 00000000 778321FE 02139448 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
03e1fd24 b7 7a e8 77 03 00 00 00 - 48 fd e1 03 01 00 00
00 .z.w....H.......
03e1fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 48 94 13
02 ............H...
03e1fd44 01 00 00 00 3c 06 00 00 - ec 06 00 00 dc 06 00
00 ....<...........
03e1fd54 d3 6a 43 80 3b 02 00 00 - 00 20 50 c0 b0 b5 59
81 .jC.;.... P...Y.
03e1fd64 00 00 00 00 00 00 00 00 - 70 c4 ae e2 b4 ff e1
03 ........p.......
03e1fd74 1d a3 e8 77 48 fd e1 03 - 01 00 00 00 00 00 00
00 ...wH...........
03e1fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
03e1fd94 b0 fe e1 03 00 00 00 00 - ff ff ff ff 48 94 13
02 ............H...
03e1fda4 00 a0 fa 7f 7c 5c 10 00 - 00 00 00 00 38 00 00
00 ....|\......8...
03e1fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
03e1fdc4 23 00 00 00 23 00 00 00 - 7c 5c 10 00 00 a0 fa
7f #...#...|\......
03e1fdd4 48 94 13 02 00 a0 fa 7f - 00 a0 fa 7f fe 21 83
77 H............!.w
03e1fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
03e1fdf4 fc ff e1 03 23 00 00 00 - 79 6d 43 80 00 00 00
00 ....#...ymC.....
03e1fe04 b0 b5 59 81 00 dd 46 80 - 3a 02 00 00 e0 b4 59
81 ..Y...F.:.....Y.
03e1fe14 cc a7 00 00 20 eb 9b 81 - d5 9e 00 00 f8 13 9b
81 .... ...........
03e1fe24 0d 85 00 00 38 a9 98 81 - 7f aa 00 00 e8 2b 9c
81 ....8........+..
03e1fe34 00 07 00 00 ae cc 44 80 - 7f aa 00 00 e8 2b 9c
81 ......D......+..
03e1fe44 7f aa 00 00 e8 2b 9c 81 - 01 62 fa 7f b1 0a 00
00 .....+...b......
03e1fe54 41 d6 44 80 b1 0a 00 00 - 90 9a 44 81 00 60 fa
7f A.D.......D..`..
Application exception occurred:
App: rundll32.exe (pid=1124)
When: 10/17/2003 @ 15:08:29.078
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
576 regsvc.exe
596 mstask.exe
624 stisvc.exe
684 WinMgmt.exe
712 mspmspsv.exe
724 svchost.exe
1192 igfxtray.exe
1224 hkcmd.exe
1240 vptray.exe
1300 FINDFAST.exe
1308 OSA.exe
744 ipmsg2.02.exe
1180 nlnotes.exe
1348 naldaemn.exe
320 nhldaemn.exe
288 explorer.exe
732 nero.exe
1124 rundll32.exe
1212 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77D9E000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B3C000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(66D20000 - 66D51000)
(773E0000 - 773F5000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(75030000 - 75043000)
(75020000 - 75028000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(10000000 - 10017000)
State Dump for Thread Id 0x524
eax=7f6f0824 ebx=01402020 ecx=00000200 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 000844F8 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 00160164 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 00160164 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A380 00160164 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 00160164 01000000 0007A250 00000464
shell32!SHFileOperationA
0006FF18 010016EB 00160164 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 e8 49 09 00 - dc e5 06 00 f8 b2 74
71 .....I........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 f4 4a 09 00 e8 49 09 00 - 60 f2 07 00 08 02 11
00 .J...I..`.......
0006e5a0 00 02 00 00 00 00 00 00 - 8a 00 67 00 c6 6f e2
00 ..........g..o..
0006e5b0 7a 01 00 00 29 01 00 00 - fe 00 00 00 00 00 00
00 z...)...........
0006e5c0 00 00 00 00 ff ff ff ff - 20 02 21 00 38 a4 77
71 ........ .!.8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - 64 01 16 00 f4 e5 06
00 ./wq....d.......
0006e5e0 17 b5 74 71 f8 44 08 00 - 00 00 00 00 00 00 00
00 ..tq.D..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 50 a2 07 00 64 01 16 00 - f0 a2 07 00 00 00 00
00 P...d...........
0006e620 f6 02 01 be 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 54 00 01 01 20 00 00 00 - 40 00 00 00 78 01 07
00 T... [email protected]...
0006e690 78 01 07 00 78 01 07 00 - 78 01 07 00 30 00 00
00 x...x...x...0...
State Dump for Thread Id 0x55c
eax=00000120 ebx=0007f028 ecx=0007d238 edx=00000000
esi=0007d238 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D56D9E 77D39A00 0007D238 40084788 00000070
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D41C6C 0007E348 00C4FFEC 77E887DD 0007F028
rpcrt4!TowerConstruct
00C4FFB4 77E887DD 0007F028 40084788 00000070 0007F028
rpcrt4!I_RpcServerInqTransportType
00C4FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
State Dump for Thread Id 0x498
eax=77ab4639 ebx=00000102 ecx=0007e898 edx=00000000
esi=77f8318c edi=00c8ff74
eip=77f83197 esp=00c8ff60 ebp=00c8ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtDelayExecution
77f8318c b832000000 mov eax,0x32
77f83191 8d542404 lea edx,
[esp+0x4] ss:0170d533=????????
77f83195 cd2e int 2e
77f83197 c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C8FF7C 77E875EB 0000EA60 00000000 77AB85FC 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
*----> Raw Stack Dump <----*
00c8ff60 17 76 e8 77 00 00 00 00 - 74 ff c8 00 b5 77 e8
77 .v.w....t....w.w
00c8ff70 c8 54 09 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 .T....<.....0u..
00c8ff80 eb 75 e8 77 60 ea 00 00 - 00 00 00 00 fc 85 ab
77 .u.w`..........w
00c8ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5
77 `....F.w.......w
00c8ffa0 c8 54 09 00 ec ff c8 00 - c8 54 09 00 53 46 ab
77 .T.......T..SF.w
00c8ffb0 d8 7a a6 77 c3 7a a6 77 - dd 87 e8 77 c8 54 09
00 .z.w.z.w...w.T..
00c8ffc0 d8 7a a6 77 c3 7a a6 77 - c8 54 09 00 00 c0 fd
7f .z.w.z.w.T......
00c8ffd0 98 e8 07 00 c0 ff c8 00 - 98 e8 07 00 ff ff ff
ff ................
00c8ffe0 56 18 ea 77 88 ae e8 77 - 00 00 00 00 00 00 00
00 V..w...w........
00c8fff0 00 00 00 00 39 46 ab 77 - c8 54 09 00 00 00 00
00 ....9F.w.T......
00c90000 00 00 00 00 9f 00 13 00 - 10 00 90 01 17 00 b0
01 ................
00c90010 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90020 ff ff ff 00 ff ff ff 00 - 00 00 00 00 00 00 00
00 ................
00c90030 00 00 00 00 01 00 00 00 - 0d 02 01 01 00 00 00
00 ................
00c90040 00 00 00 00 00 00 00 00 - 00 00 00 00 02 00 00
00 ................
00c90050 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90060 00 00 00 00 1f 00 89 01 - 00 00 00 00 ff ff ff
ff ................
00c90070 ff ff ff ff 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90080 00 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c90090 21 00 8a 01 00 00 00 40 - 06 00 00 00 00 00 00
00 !......@........
State Dump for Thread Id 0x588
eax=00000000 ebx=00000002 ecx=7ffdb000 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00d3fe5c ebp=00d3fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:017bd42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3FEA8 77E12A00 00D3FE80 00000001 00000000 00D3FEA0
ntdll!NtWaitForMultipleObjects
00D3FF04 77E12A77 00D3FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D3FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D3FF74 70C1AB1B 00D3FFA0 00D3FFA4 00D3FFA8 00D3FF9C !
Ordinal265
00D3FFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00D3FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x53c
eax=00d7f27c ebx=00d7f26c ecx=00000002 edx=000d48b8
esi=00000000 edi=000d48b8
eip=70dcf39f esp=00d7f214 ebp=00d7f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:017fc7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:017fc84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000d48b8=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:017fc7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000d48b8=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:017fc7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:00d7f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:017fc7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:017fc7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:017fc84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:017fc84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D7F224 702BE5B6 000B45C4 0000000E 00D7F27C 000D48B8 !
DllGetClassObject
00D7F248 10001B67 00088BB0 0000000E 00D7F27C 00000001 !
RegisterFormatEnumerator
00D7F2C0 702B6223 00000000 000B93F0 00088D50 00000000 !
<nosymbols>
00D7F2E8 702D1A5A 00088BA8 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
00D7F318 702BA988 00088BA8 00000016 000B93F0 702BA95D !
DllGetClassObject
00D7F354 702C59C3 00000016 00D7F5C0 00000000 000D5B38 !
CoInternetQueryInfo
00D7F7D0 702BB3AF 00000000 000D5B38 000D5B48 702BB372 !
FindMediaTypeClass
00D7F7FC 702B8EF8 00000000 000D1FD0 00088BA8 00088BB0 !
IsAsyncMoniker
00D7F824 702B7DA6 00088D50 000D1FD0 00088BA8 00088BB0 !
FindMediaType
00D7F86C 70D495F1 00088BA8 000D1FD0 000B45E4 00000000 !
CreateAsyncBindCtxEx
00D7FAC0 70D4943E 000D1FD0 873F0000 00D7FBE4 01051DE0 !
DllGetClassObject
00D7FADC 70D493A1 00D7FBE4 01051DF4 873F0000 01051DE0 !
DllGetClassObject
00D7FB00 70D4E77C 00D7FBE4 01051A70 00001FDD 873F0000 !
DllGetClassObject
00D7FB50 70D4AB9F 01051F50 01051A70 00000000 00000000 !
DllGetClassObject
00D7FB74 70D4AAC1 01051B90 00000001 00000000 00D7FBE4 !
DllGetClassObject
00D7FBCC 70D50AF3 01051B90 00000000 10000000 000D7698 !
DllGetClassObject
00D7FCE4 00000000 00400000 01051360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
00d7f214 00 00 00 00 7c f2 d7 00 - 54 8d 08 00 00 00 00
00 ....|...T.......
00d7f224 48 f2 d7 00 b6 e5 2b 70 - c4 45 0b 00 0e 00 00
00 H.....+p.E......
00d7f234 7c f2 d7 00 b8 48 0d 00 - 6c f2 d7 00 00 00 00
00 |....H..l.......
00d7f244 4c 00 6f 01 c0 f2 d7 00 - 67 1b 00 10 b0 8b 08
00 L.o.....g.......
00d7f254 0e 00 00 00 7c f2 d7 00 - 01 00 00 00 6c f2 d7
00 ....|.......l...
00d7f264 b0 8b 08 00 0d 30 2c 70 - 00 00 00 00 f0 93 0b
00 .....0,p........
00d7f274 54 8d 08 00 b0 8b 08 00 - 06 00 00 00 90 f2 d7
00 T...............
00d7f284 54 8d 08 00 00 00 00 00 - a8 8b 08 00 14 00 00
00 T...............
00d7f294 00 00 00 00 50 8d 08 00 - 00 00 00 00 00 00 00
00 ....P...........
00d7f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
00d7f2b4 50 00 6f 01 d0 6d 0d 00 - 4c 00 6f 01 e8 f2 d7
00 P.o..m..L.o.....
00d7f2c4 23 62 2b 70 00 00 00 00 - f0 93 0b 00 50 8d 08
00 #b+p........P...
00d7f2d4 00 00 00 00 00 00 00 00 - a8 8b 08 00 00 00 00
00 ................
00d7f2e4 00 00 00 00 18 f3 d7 00 - 5a 1a 2d 70 a8 8b 08
00 ........Z.-p....
00d7f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00d7f304 f0 93 0b 00 00 00 00 00 - 00 00 00 00 f4 5b 0d
00 .............[..
00d7f314 38 5b 0d 00 54 f3 d7 00 - 88 a9 2b 70 a8 8b 08
00 8[..T.....+p....
00d7f324 16 00 00 00 f0 93 0b 00 - 5d a9 2b 70 40 60 0d
00 ........].+p@`..
00d7f334 16 00 00 00 f0 93 0b 00 - 04 01 00 00 38 5b 0d
00 ............8[..
00d7f344 00 00 00 00 01 00 00 00 - 05 40 00 80 f0 93 0b
00 .........@......
State Dump for Thread Id 0x410
eax=778321fe ebx=00000003 ecx=7ffda000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=0168fd24 ebp=0168fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0210d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0168FD70 77E8A31D 0168FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0168FFB4 77E887DD 00000004 000D4084 7FFDA000 000D4090
kernel32!WaitForMultipleObjects
0168FFEC 00000000 778321FE 000D4090 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0168fd24 b7 7a e8 77 03 00 00 00 - 48 fd 68 01 01 00 00
00 .z.w....H.h.....
0168fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 90 40 0d
00 .............@..
0168fd44 01 00 00 00 04 02 00 00 - 08 02 00 00 18 02 00
00 ................
0168fd54 00 00 00 00 00 00 00 00 - 28 b8 3a 81 40 93 3b
81 ........(.:.@.;.
0168fd64 28 b8 3a 81 00 00 00 00 - 03 00 00 00 b4 ff 68
01 (.:...........h.
0168fd74 1d a3 e8 77 48 fd 68 01 - 01 00 00 00 00 00 00
00 ...wH.h.........
0168fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
0168fd94 b0 fe 68 01 00 00 00 00 - ff ff ff ff 90 40 0d
00 ..h..........@..
0168fda4 00 a0 fd 7f 84 40 0d 00 - e0 ec 4e 81 00 00 00
00 [email protected].....
0168fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
0168fdc4 23 00 00 00 23 00 00 00 - 84 40 0d 00 00 a0 fd
7f #...#....@......
0168fdd4 90 40 0d 00 00 a0 fd 7f - 00 a0 fd 7f fe 21 83
77 .@...........!.w
0168fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
0168fdf4 fc ff 68 01 23 00 00 00 - 8c 4f 45 80 80 db b2
b7 ..h.#....OE.....
0168fe04 68 fc 35 81 68 fc 35 81 - 40 00 00 00 24 db b2
b7 h.5.h.5.@...$...
0168fe14 d0 f8 44 80 00 ab 36 81 - 00 00 00 00 00 00 00
00 ..D...6.........
0168fe24 68 ea 3b 81 a6 24 49 80 - 68 ea 3b 81 74 01 00
00 h.;..$I.h.;.t...
0168fe34 40 6a 89 81 03 00 10 00 - 68 fc 35 81 40 6a 89
81 @j......h.5.@j..
0168fe44 80 fc 35 81 68 fc 35 81 - 6c fc 35 81 00 00 00
00 ..5.h.5.l.5.....
0168fe54 00 00 00 00 00 00 00 00 - 6c fc 35 81 00 00 00
00 ........l.5.....
Application exception occurred:
App: explorer.exe (pid=860)
When: 10/17/2003 @ 17:47:44.687
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 4
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
408 svchost.exe
432 spoolsv.exe
460 defwatch.exe
476 svchost.exe
508 nslsvice.exe
524 nsl.exe
540 rtvscan.exe
584 regsvc.exe
612 mstask.exe
776 stisvc.exe
848 WinMgmt.exe
884 mspmspsv.exe
896 svchost.exe
860 explorer.exe
1120 igfxtray.exe
1132 hkcmd.exe
1080 vptray.exe
1316 FINDFAST.exe
1104 OSA.exe
1360 DRWTSN32.exe
0 _Total.exe
(00400000 - 0043E000)
(77F80000 - 77FFB000)
(7C2D0000 - 7C332000)
(7C4E0000 - 7C599000)
(77D30000 - 77D9E000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(70BD0000 - 70C35000)
(78000000 - 78045000)
(71710000 - 71794000)
(732E0000 - 73305000)
(23000000 - 23056000)
(782F0000 - 78538000)
(77A50000 - 77B3C000)
(775A0000 - 77626000)
(779B0000 - 77A4B000)
(77840000 - 7787E000)
(770C0000 - 770E3000)
(71000000 - 71149000)
(00D70000 - 00F74000)
(71160000 - 7125D000)
(76620000 - 76631000)
(7C0F0000 - 7C152000)
(75160000 - 7516C000)
(75210000 - 75225000)
(751D0000 - 75208000)
(75170000 - 751BF000)
(7C340000 - 7C34F000)
(751C0000 - 751C6000)
(75150000 - 7515F000)
(75030000 - 75044000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(76DF0000 - 76E01000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(76F20000 - 76F97000)
(70340000 - 70381000)
(766D0000 - 766E8000)
(76740000 - 76748000)
(77880000 - 7790E000)
(766F0000 - 766F7000)
(77570000 - 775A0000)
(77560000 - 77568000)
(77400000 - 77408000)
(77410000 - 77423000)
(76290000 - 762CB000)
(6DE80000 - 6DEE4000)
(71960000 - 71972000)
(71F00000 - 71F4D000)
(6A8F0000 - 6A910000)
(74870000 - 74886000)
(70020000 - 70025000)
(702B0000 - 7032A000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(70440000 - 704CF000)
(70C50000 - 70EFD000)
(718C0000 - 71944000)
(70200000 - 70295000)
(77440000 - 774B8000)
(77430000 - 77440000)
(76710000 - 76719000)
(75AC0000 - 75AE8000)
(658F0000 - 65A04000)
(70510000 - 7051A000)
(70F30000 - 70F9E000)
(66650000 - 666A4000)
(75E60000 - 75E7A000)
(66D20000 - 66D51000)
(774E0000 - 77513000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(10000000 - 10017000)
State Dump for Thread Id 0x3b8
eax=00000024 ebx=00000001 ecx=00000040 edx=00000000
esi=0008f930 edi=00000000
eip=77e13569 esp=0006ff00 ebp=0006ff1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1355e b836120000 mov eax,0x1236
77e13563 8d542404 lea edx,
[esp+0x4] ss:00ae9de7=????????
77e13567 cd2e int 2e
77e13569 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006FF1C 7831ADBB 00000000 004084C4 0008F930 00000000
user32!WaitMessage
0006FF60 00408201 0000005C 00000000 00020656 00000001
shell32!Ordinal201
0006FFC0 7C4E87F5 00000000 00000000 7FFDF000 00000000
explorer!<nosymbols>
0006FFF0 00000000 00408188 00000000 000000C8 00000100
kernel32!DosDateTimeToFileTime
*----> Raw Stack Dump <----*
0006ff00 41 ae 31 78 94 55 4f 7c - 30 f9 08 00 01 00 00
00 A.1x.UO|0.......
0006ff10 30 f9 08 00 30 f9 08 00 - 60 ff 06 00 60 ff 06
00 0...0...`...`...
0006ff20 bb ad 31 78 00 00 00 00 - c4 84 40 00 30 f9 08
00 [email protected]...
0006ff30 00 00 00 00 56 06 02 00 - 00 f0 fd 7f 30 cf 3b
81 ....V.......0.;.
0006ff40 92 ab 4f 7c ff ff ff ff - 0c 00 00 00 56 06 02
00 ..O|........V...
0006ff50 d5 ab 4f 7c 02 00 00 00 - 6b 8f 04 00 e0 ff 06
00 ..O|....k.......
0006ff60 c0 ff 06 00 01 82 40 00 - 5c 00 00 00 00 00 00
00 ......@.\.......
0006ff70 56 06 02 00 01 00 00 00 - 00 00 00 00 44 00 00
00 V...........D...
0006ff80 50 62 07 00 40 44 07 00 - 70 62 07 00 00 00 00
00 [email protected]......
0006ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 98 e9 06
00 ................
0006ffa0 60 9e 07 00 90 e9 06 00 - 01 00 00 00 01 00 00
00 `...............
0006ffb0 00 00 00 00 ff ff ff ff - ff ff ff ff ff ff ff
ff ................
0006ffc0 f0 ff 06 00 f5 87 4e 7c - 00 00 00 00 00 00 00
00 ......N|........
0006ffd0 00 f0 fd 7f 00 00 00 00 - c8 ff 06 00 00 00 00
00 ................
0006ffe0 ff ff ff ff b4 f0 4f 7c - c8 8e 4e 7c 00 00 00
00 ......O|..N|....
0006fff0 00 00 00 00 00 00 00 00 - 88 81 40 00 00 00 00
00 ..........@.....
00070000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 00 00
00 ................
00070010 00 00 00 00 00 fe 00 00 - 00 00 10 00 00 20 00
00 ............. ..
00070020 00 02 00 00 00 20 00 00 - 23 19 00 00 ff ef fd
7f ..... ..#.......
00070030 01 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x2dc
eax=0007fc84 ebx=00000000 ecx=00076e00 edx=00000000
esi=00080f90 edi=00000100
eip=77f839c7 esp=00d2fe28 ebp=00d2ff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,
[esp+0x4] ss:017a9d0f=????????
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839cd 8b483c mov ecx,
[eax+0x3c] ds:00af9b6a=????????
77f839d0 f6400801 test byte ptr
[eax+0x8],0x1 ds:00af9b6a=??
77f839d4 7502 jnz
RtlCreateProcessParameters+0xd (77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov
[ebp+0xe4],ecx ss:017a9e5a=????????
77f839db 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839de 668b4038 mov ax,
[eax+0x38] ds:00af9b6b=????
77f839e2 668945e0 mov
[ebp+0xe0],ax ss:017a9e5b=????
77f839e6 668945e2 mov
[ebp+0xe2],ax ss:017a9e5b=????
77f839ea 53 push ebx
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D2FF74 77D56D9E 77D39AD0 00080F90 40080A88 00000070
ntdll!NtReplyWaitReceivePortEx
00D2FFA8 77D41C6C 0007DA10 00D2FFEC 7C4E987C 0007FC70
rpcrt4!TowerConstruct
00D2FFB4 7C4E987C 0007FC70 40080A88 00000070 0007FC70
rpcrt4!I_RpcServerInqTransportType
00D2FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x110
eax=77ab4639 ebx=00000102 ecx=0007fff0 edx=00000000
esi=77f89153 edi=00d6ff74
eip=77f8915e esp=00d6ff60 ebp=00d6ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: ZwDelayExecution
77f89153 b832000000 mov eax,0x32
77f89158 8d542404 lea edx,
[esp+0x4] ss:017e9e47=????????
77f8915c cd2e int 2e
77f8915e c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D6FF7C 7C4FAC79 0000EA60 00000000 77AB85FC 0000EA60
ntdll!ZwDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
*----> Raw Stack Dump <----*
00d6ff60 a5 ac 4f 7c 00 00 00 00 - 74 ff d6 00 68 c4 4f
7c ..O|....t...h.O|
00d6ff70 a0 35 08 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 .5....<.....0u..
00d6ff80 79 ac 4f 7c 60 ea 00 00 - 00 00 00 00 fc 85 ab
77 y.O|`..........w
00d6ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5
77 `....F.w.......w
00d6ffa0 a0 35 08 00 ec ff d6 00 - a0 35 08 00 53 46 ab
77 .5.......5..SF.w
00d6ffb0 d8 7a a6 77 c3 7a a6 77 - 7c 98 4e 7c a0 35 08
00 .z.w.z.w|.N|.5..
00d6ffc0 d8 7a a6 77 c3 7a a6 77 - a0 35 08 00 00 c0 fd
7f .z.w.z.w.5......
00d6ffd0 f0 ff 07 00 c0 ff d6 00 - f0 ff 07 00 ff ff ff
ff ................
00d6ffe0 b4 f0 4f 7c 60 d3 4e 7c - 00 00 00 00 00 00 00
00 ..O|`.N|........
00d6fff0 00 00 00 00 39 46 ab 77 - a0 35 08 00 00 00 00
00 ....9F.w.5......
00d70000 4d 5a 90 00 03 00 00 00 - 04 00 00 00 ff ff 00
00 MZ..............
00d70010 b8 00 00 00 00 00 00 00 - 40 00 00 00 00 00 00
00 ........@.......
00d70020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00d70030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 01 00
00 ................
00d70040 0e 1f ba 0e 00 b4 09 cd - 21 b8 01 4c cd 21 54
68 ........!..L.!Th
00d70050 69 73 20 70 72 6f 67 72 - 61 6d 20 63 61 6e 6e
6f is program canno
00d70060 74 20 62 65 20 72 75 6e - 20 69 6e 20 44 4f 53
20 t be run in DOS
00d70070 6d 6f 64 65 2e 0d 0d 0a - 24 00 00 00 00 00 00
00 mode....$.......
00d70080 9b b6 e5 4f df d7 8b 1c - df d7 8b 1c df d7 8b
1c ...O............
00d70090 92 f4 97 1c de d7 8b 1c - 16 f5 a1 1c de d7 8b
1c ................
State Dump for Thread Id 0x230
eax=0008c44c ebx=00000000 ecx=0000001c edx=00000000
esi=00000000 edi=00000000
eip=77e13569 esp=00fcff2c ebp=00fcff4c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1355e b836120000 mov eax,0x1236
77e13563 8d542404 lea edx,
[esp+0x4] ss:01a49e13=????????
77e13567 cd2e int 2e
77e13569 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00FCFF4C 0040A389 70C0C464 00400000 0035002D 0032002D
user32!WaitMessage
00FCFFB4 7C4E987C 00000000 0035002D 0032002D 0006FEE0
explorer!<nosymbols>
00FCFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x140
eax=027d0010 ebx=00000008 ecx=00002000 edx=00000000
esi=77f93233 edi=00000008
eip=77f9323e esp=0101fd98 ebp=0101fde4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:01a99c7f=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0101FDE4 77E13990 0101FDBC 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0101FE40 77E13A5C 0101FE0C 0101FEB8 FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
0101FE5C 78319390 00000007 0101FEB8 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
784102B8 FFFFFFFF 00000000 00000000 000001E0 00000000
shell32!Ordinal200
77FCFE20 784102B8 77FCFE48 77FCFE08 00000017 00000017
<nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000
shell32!<nosymbols>
State Dump for Thread Id 0x3c0
eax=0105f1e8 ebx=00000002 ecx=02810238 edx=00000000
esi=77f93233 edi=00000002
eip=77f9323e esp=0105fe5c ebp=0105fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:01ad9d43=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0105FEA8 77E13990 0105FE80 00000001 00000000 0105FEA0
ntdll!NtWaitForMultipleObjects
0105FF04 77E13A5C 0105FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
0105FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
0105FF74 70C1AB1B 0105FFA0 0105FFA4 0105FFA8 0105FF9C !
Ordinal265
0105FFAC 70C1ACDF 00000012 7C4E987C 00000000 00000000 !
Ordinal293
0105FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x4f4
eax=0000001c ebx=00000002 ecx=7ffd8000 edx=00000000
esi=77f93233 edi=00000002
eip=77f9323e esp=010efe5c ebp=010efea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:01b69d43=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
010EFEA8 77E13990 010EFE80 00000001 00000000 010EFEA0
ntdll!NtWaitForMultipleObjects
010EFF04 77E13A5C 010EFED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
010EFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
010EFF74 70C1AB1B 010EFFA0 010EFFA4 010EFFA8 010EFF9C !
Ordinal265
010EFFAC 70C1ACDF 00000012 7C4E987C 00000000 00000000 !
Ordinal293
010EFFEC 00000000 70C1ACAF 00000000 00000000 000000C8 !
Ordinal293
*----> Raw Stack Dump <----*
010efe5c d7 bd 4e 7c 02 00 00 00 - 80 fe 0e 01 01 00 00
00 ..N|............
010efe6c 00 00 00 00 a0 fe 0e 01 - 00 00 00 00 00 00 00
00 ................
010efe7c 02 00 00 00 00 02 00 00 - 24 02 00 00 90 4f a5
77 ........$....O.w
010efe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 a0 fe 0e
01 ................
010efe9c 00 00 00 00 00 ba 3c dc - ff ff ff ff 04 ff 0e
01 ......<.........
010efeac 90 39 e1 77 80 fe 0e 01 - 01 00 00 00 00 00 00
00 .9.w............
010efebc a0 fe 0e 01 00 00 00 00 - 60 ea 00 00 18 bb c2
70 ........`......p
010efecc 00 00 00 00 00 02 00 00 - 24 02 00 00 84 ff 0e
01 ........$.......
010efedc 4f 7a 2e 73 00 00 16 71 - 74 ff 0e 01 00 00 00
00 Oz.s...qt.......
010efeec 18 bb c2 70 00 00 00 00 - 00 00 00 00 cc 86 fd
7f ...p............
010efefc 00 00 00 00 24 02 00 00 - 20 ff 0e 01 5c 3a e1
77 ....$... ...\:.w
010eff0c d0 fe 0e 01 38 bb c2 70 - 60 ea 00 00 41 00 00
00 ....8..p`...A...
010eff1c 00 00 00 00 74 ff 0e 01 - 93 a7 c1 70 01 00 00
00 ....t......p....
010eff2c 38 bb c2 70 00 00 00 00 - 60 ea 00 00 41 00 00
00 8..p....`...A...
010eff3c 00 00 00 00 18 bb c2 70 - 00 00 00 00 00 00 00
00 .......p........
010eff4c 00 00 00 00 00 00 00 00 - f0 fe 0e 01 00 8c fd
7f ................
010eff5c dc ff 0e 01 b4 f0 4f 7c - 0d 0c 05 00 18 bb c2
70 ......O|.......p
010eff6c 60 ea 00 00 01 00 00 00 - ac ff 0e 01 1b ab c1
70 `..............p
010eff7c a0 ff 0e 01 a4 ff 0e 01 - a8 ff 0e 01 9c ff 0e
01 ................
010eff8c 60 ea 00 00 00 00 00 00 - 00 00 bd 70 00 00 00
00 `..........p....
State Dump for Thread Id 0x78
eax=000000c0 ebx=00fcfccc ecx=7c4f3496 edx=00000000
esi=ffffffff edi=00000557
eip=77f8915e esp=012bffa0 ebp=012bffb4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b
gs=0000 efl=00000246
function: ZwDelayExecution
77f89153 b832000000 mov eax,0x32
77f89158 8d542404 lea edx,
[esp+0x4] ss:01d39e87=????????
77f8915c cd2e int 2e
77f8915e c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
012BFFB4 7C4E987C 00FCFCCC 00000557 FFFFFFFF 00FCFCCC
ntdll!ZwDelayExecution
012BFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x468
eax=00000000 ebx=00000000 ecx=00000405 edx=00000000
esi=00000000 edi=012ffda4
eip=77f950df esp=012ff9f0 ebp=012ffa50 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: ZwDeviceIoControlFile
77f950d4 b838000000 mov eax,0x38
77f950d9 8d542404 lea edx,
[esp+0x4] ss:01d798d7=????????
77f950dd cd2e int 2e
77f950df c22800 ret 0x28
77f950e2 8bca mov ecx,edx
77f950e4 894dcc mov
[ebp+0xcc],ecx ss:01d79936=????????
77f950e7 66832100 and word ptr
[ecx],0x0 ds:00000405=????
77f950eb e9eccaffff jmp
RtlDosPathNameToNtPathName_U+0x25a (77f91bdc)
77f950f0 8b4508 mov eax,
[ebp+0x8] ss:01d79936=????????
77f950f3 5e pop esi
77f950f4 5f pop edi
77f950f5 c9 leave
77f950f6 c3 ret
77f950f7 55 push ebp
77f950f8 8bec mov ebp,esp
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
012FFA50 76F585B4 00000708 0017000E 76F5F700 00000038
ntdll!ZwDeviceIoControlFile
012FFD30 76F52B06 000B5F04 012FFD4C 000B5E80 000B5E70
netshell!<nosymbols>
012FFDA8 76F53B99 012FFDC4 012FFDEC 000B4F78 000B4A58
netshell!NetSetupSetProgressCallback
012FFDCC 76F50F7D 000B5E80 012FFDEC 00000000 012FFED8
netshell!NetSetupSetProgressCallback
012FFDF4 76F50F05 00053187 000B4F78 012FFE24 77E12CA8
netshell!NetSetupSetProgressCallback
012FFE04 77E12CA8 00000000 00000113 00007FE3 00053187
netshell!NetSetupSetProgressCallback
012FFE24 77E12E4E 76F50ED1 00000000 00000113 00007FE3
user32!GetSysColor
012FFEB0 77E12F0F 012FFED8 00000000 76F21E2C 012FFED8
user32!GetSysColor
00000001 00000000 00000000 00000000 00000000 00000000
user32!DispatchMessageW
*----> Raw Stack Dump <----*
012ff9f0 91 d6 4f 7c 08 07 00 00 - 00 00 00 00 00 00 00
00 ..O|............
012ffa00 00 00 00 00 28 fa 2f 01 - 0e 00 17 00 00 f7 f5
76 ....(./........v
012ffa10 38 00 00 00 84 fa 2f 01 - a0 02 00 00 a4 fd 2f
01 8...../......./.
012ffa20 4c fd 2f 01 08 07 00 00 - 00 00 00 00 90 00 00
00 L./.............
012ffa30 98 88 f5 76 74 fa 2f 01 - 1c fa 2f 01 01 01 01
02 ...vt./.../.....
012ffa40 a0 fe 2f 01 b4 f0 4f 7c - c0 d6 4f 7c ff ff ff
ff ../...O|..O|....
012ffa50 30 fd 2f 01 b4 85 f5 76 - 08 07 00 00 0e 00 17
00 0./....v........
012ffa60 00 f7 f5 76 38 00 00 00 - 84 fa 2f 01 a0 02 00
00 ...v8...../.....
012ffa70 38 fd 2f 01 00 00 00 00 - ec fd 2f 01 a4 fd 2f
01 8./......./.../.
012ffa80 70 5e 0b 00 07 01 01 00 - 04 00 00 00 40 42 0f
00 p^..........@B..
012ffa90 04 01 01 80 04 00 00 00 - 00 00 00 00 14 01 01
80 ................
012ffaa0 04 00 00 00 00 00 00 00 - 01 01 02 00 04 00 00
00 ................
012ffab0 7b 00 00 00 02 01 02 00 - 04 00 00 00 79 03 00
00 {...........y...
012ffac0 03 01 02 00 04 00 00 00 - 00 00 00 00 04 01 02
00 ................
012ffad0 04 00 00 00 00 00 00 00 - 08 02 02 80 04 00 00
00 ................
012ffae0 50 00 00 00 ff ff ff 80 - 04 00 00 00 4a 01 00
00 P...........J...
012ffaf0 13 02 02 80 04 00 00 00 - 4e 00 00 00 14 02 02
80 ........N.......
012ffb00 04 00 00 00 00 00 00 00 - 15 02 02 80 04 00 00
00 ................
012ffb10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
012ffb20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x464
eax=77801aae ebx=77e339d4 ecx=7780314c edx=00000000
esi=0133fd70 edi=77e12f5f
eip=77e12f5c esp=0133fd04 ebp=0133fd1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e12f3a 0f8540d80200 jne
UnregisterHotKey+0xe89 (77e40780)
77e12f40 33c0 xor eax,eax
77e12f42 c20800 ret 0x8
77e12f45 ff742408 push dword ptr
[esp+0x8] ss:01db9beb=????????
77e12f49 51 push ecx
77e12f4a e8ce1e0000 call GetKeyState+0x9b
(77e14e1d)
77e12f4f ebf1 jmp DrawStateA+0x6e6
(77e1e842)
77e12f51 b89a110000 mov eax,0x119a
77e12f56 8d542404 lea edx,
[esp+0x4] ss:01db9beb=????????
77e12f5a cd2e int 2e
77e12f5c c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0133FD1C 766D1AD2 0133FD70 00000000 00000000 00000000
user32!TranslateMessageEx
0133FD90 766D198E 00010074 00000000 766D2848 00000001
stobject!DllGetClassObject
0133FFB4 7C4E987C 00000000 00FCFAA0 77F98191 00000000
stobject!DllGetClassObject
0133FFEC 00000000 766D1949 00000000 00000000 00040000
kernel32!SetThreadExecutionState
*----> Raw Stack Dump <----*
0133fd04 86 2f e1 77 70 fd 33 01 - 00 00 00 00 00 00 00
00 ./.wp.3.........
0133fd14 00 00 00 00 00 00 00 00 - 90 fd 33 01 d2 1a 6d
76 ..........3...mv
0133fd24 70 fd 33 01 00 00 00 00 - 00 00 00 00 00 00 00
00 p.3.............
0133fd34 a0 fa fc 00 00 00 6d 76 - 00 00 00 00 30 00 00
00 ......mv....0...
0133fd44 00 40 00 00 00 13 6d 76 - 00 00 00 00 1e 00 00
00 [email protected]........
0133fd54 00 00 6d 76 4f 00 05 00 - 11 00 01 00 10 00 00
00 ..mvO...........
0133fd64 00 00 00 00 50 28 6d 76 - 00 00 00 00 74 00 01
00 ....P(mv....t...
0133fd74 13 01 00 00 07 00 00 00 - 00 00 00 00 74 e6 04
00 ............t...
0133fd84 bc 01 00 00 87 00 00 00 - 00 00 00 00 b4 ff 33
01 ..............3.
0133fd94 8e 19 6d 76 74 00 01 00 - 00 00 00 00 48 28 6d
76 ..mvt.......H(mv
0133fda4 01 00 00 00 91 81 f9 77 - 43 00 3a 00 5c 00 57
00 .......wC.:.\.W.
0133fdb4 49 00 4e 00 4e 00 54 00 - 5c 00 73 00 79 00 73
00 I.N.N.T.\.s.y.s.
0133fdc4 74 00 65 00 6d 00 33 00 - 32 00 5c 00 73 00 74
00 t.e.m.3.2.\.s.t.
0133fdd4 6f 00 62 00 6a 00 65 00 - 63 00 74 00 2e 00 64
00 o.b.j.e.c.t...d.
0133fde4 6c 00 6c 00 00 00 4e 7c - 1b 00 00 00 00 02 00
00 l.l...N|........
0133fdf4 fc ff 33 01 23 00 00 00 - 00 00 00 00 00 00 00
00 ..3.#...........
0133fe04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0133fe14 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0133fe24 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0133fe34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x42c
eax=77562bda ebx=00000002 ecx=00000000 edx=00000000
esi=77f93233 edi=00000002
eip=77f9323e esp=013cff24 ebp=013cff70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:01e49e0b=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
013CFF70 7C4FABFB 013CFF48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
013CFFB4 7C4E987C 00000000 00000009 0133F520 00000000
kernel32!WaitForMultipleObjects
013CFFEC 00000000 77562BDA 00000000 00000000 00007077
kernel32!SetThreadExecutionState
*----> Raw Stack Dump <----*
013cff24 d7 bd 4e 7c 02 00 00 00 - 48 ff 3c 01 01 00 00
00 ..N|....H.<.....
013cff34 00 00 00 00 00 00 00 00 - 09 00 00 00 00 00 00
00 ................
013cff44 00 00 00 00 ac 02 00 00 - 84 02 00 00 e0 64 39
81 .............d9.
013cff54 80 63 39 81 00 00 00 00 - 00 00 00 00 00 00 00
00 .c9.............
013cff64 00 00 00 00 00 00 00 00 - 00 00 00 00 b4 ff 3c
01 ..............<.
013cff74 fb ab 4f 7c 48 ff 3c 01 - 01 00 00 00 00 00 00
00 ..O|H.<.........
013cff84 00 00 00 00 00 00 00 00 - 1a 2c 56 77 02 00 00
00 .........,Vw....
013cff94 a4 ff 3c 01 00 00 00 00 - ff ff ff ff 20 f5 33
01 ..<......... .3.
013cffa4 ac 02 00 00 84 02 00 00 - 00 00 00 00 00 00 00
00 ................
013cffb4 ec ff 3c 01 7c 98 4e 7c - 00 00 00 00 09 00 00
00 ..<.|.N|........
013cffc4 20 f5 33 01 00 00 00 00 - 00 f0 fa 7f 00 00 00
00 .3.............
013cffd4 c0 ff 3c 01 00 00 00 00 - ff ff ff ff b4 f0 4f
7c ..<...........O|
013cffe4 60 d3 4e 7c 00 00 00 00 - 00 00 00 00 00 00 00
00 `.N|............
013cfff4 da 2b 56 77 00 00 00 00 - 00 00 00 00 77 70 00
00 .+Vw........wp..
013d0004 00 00 00 07 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
013d0014 00 00 00 00 00 00 00 00 - 00 00 00 00 77 0f 77
77 ............w.ww
013d0024 77 77 77 00 00 00 00 00 - 00 00 00 00 00 00 00
00 www.............
013d0034 00 00 00 00 00 00 00 00 - 00 00 00 00 77 0f 77
78 ............w.wx
013d0044 88 00 77 80 00 00 00 00 - 00 00 00 00 00 00 00
00 ..w.............
013d0054 00 00 00 00 00 00 00 00 - 00 00 00 00 77 77 0f
77 ............ww.w
State Dump for Thread Id 0x424
eax=00000102 ebx=000493e0 ecx=00000102 edx=00000000
esi=000801c8 edi=000493e0
eip=77f8beb2 esp=0151febc ebp=0151fee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: NtRemoveIoCompletion
77f8bea7 b8a8000000 mov eax,0xa8
77f8beac 8d542404 lea edx,
[esp+0x4] ss:01f99da3=adf00d0b
77f8beb0 cd2e int 2e
77f8beb2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0151FEE4 77D809DA 00000124 0151FF1C 0151FF0C 0151FF14
ntdll!NtRemoveIoCompletion
0151FF20 77D50EDE 000493E0 0151FF60 0151FF5C 0151FF70
rpcrt4!I_RpcTransGetAddressList
0151FF74 77D50D17 77D39A00 000801C8 0133F3CA 77F8C277
rpcrt4!TowerConstruct
0151FFA8 77D41C6C 0009AA88 0151FFEC 7C4E987C 000A5150
rpcrt4!TowerConstruct
0151FFB4 7C4E987C 000A5150 0133F3CA 77F8C277 000A5150
rpcrt4!I_RpcServerInqTransportType
0151FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x44c
eax=000ad7ac ebx=00000000 ecx=00076e00 edx=00000000
esi=00080f90 edi=00000100
eip=77f839c7 esp=0155fe28 ebp=0155ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,
[esp+0x4] ss:01fd9d0f=adf00d0b
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839cd 8b483c mov ecx,
[eax+0x3c] ds:00b27692=????????
77f839d0 f6400801 test byte ptr
[eax+0x8],0x1 ds:00b27692=??
77f839d4 7502 jnz
RtlCreateProcessParameters+0xd (77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov
[ebp+0xe4],ecx ss:01fd9e5a=f00d0bad
77f839db 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839de 668b4038 mov ax,
[eax+0x38] ds:00b27693=????
77f839e2 668945e0 mov
[ebp+0xe0],ax ss:01fd9e5b=0d0b
77f839e6 668945e2 mov
[ebp+0xe2],ax ss:01fd9e5b=0d0b
77f839ea 53 push ebx
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0155FF74 77D56D9E 77D39AD0 00080F90 00000000 00000000
ntdll!NtReplyWaitReceivePortEx
0155FFA8 77D41C6C 0007DA10 0155FFEC 7C4E987C 000AD798
rpcrt4!TowerConstruct
0155FFB4 7C4E987C 000AD798 00000000 00000000 000AD798
rpcrt4!I_RpcServerInqTransportType
0155FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x544
eax=01b56000 ebx=00000000 ecx=00000006 edx=00000000
esi=000a4b00 edi=00000000
eip=77e13569 esp=016afcd8 ebp=016aff28 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: WaitMessage
77e1355e b836120000 mov eax,0x1236
77e13563 8d542404 lea edx,
[esp+0x4] ss:02129bbf=00000000
77e13567 cd2e int 2e
77e13569 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
016AFF28 71181ACF 00000000 00000250 0006EA1C 000B85C0
user32!WaitMessage
016AFFB4 7C4E987C 000B85C0 00000250 0006EA1C 000B85C0 !
Ordinal123
016AFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x540
eax=00070100 ebx=01f8ff74 ecx=00000403 edx=00000000
esi=77f94086 edi=00000438
eip=77f94091 esp=01f8ff58 ebp=01f8ff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: ZwWaitForSingleObject
77f94086 b8ea000000 mov eax,0xea
77f9408b 8d542404 lea edx,
[esp+0x4] ss:02a09e3f=????????
77f9408f cd2e int 2e
77f94091 c20c00 ret 0xc
77f94094 8a5001 mov dl,
[eax+0x1] ds:00ae9fe6=??
77f94097 3a5101 cmp dl,
[ecx+0x1] ds:00a7a2e9=??
77f9409a 0f8598c7ffff jne
RtlEqualPrefixSid+0x44 (77f90838)
77f940a0 84d2 test dl,dl
77f940a2 7410 jz
RtlQueryAtomInAtomTable+0x31 (77f94fb4)
77f940a4 0fb6d2 movzx edx,dl
77f940a7 33ff xor edi,edi
77f940a9 8d72ff lea esi,
[edx+0xff] ds:00a79ee6=????????
77f940ac 85f6 test esi,esi
77f940ae 0f8f04100100 jnle
RtlEraseUnicodeString+0x4e (77fa50b8)
77f940b4 b001 mov al,0x1
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01F8FF7C 7C4F1B1B 00000438 000927C0 00000000 70CFD855
ntdll!ZwWaitForSingleObject
77F89134 4AFFC033 58850F08 890000C1 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
*----> Raw Stack Dump <----*
01f8ff58 c2 c4 4f 7c 38 04 00 00 - 00 00 00 00 74 ff f8
01 ..O|8.......t...
01f8ff68 00 00 00 00 00 25 b5 01 - 03 91 f8 77 00 44 5f
9a .....%.....w.D_.
01f8ff78 fe ff ff ff 34 91 f8 77 - 1b 1b 4f 7c 38 04 00
00 ....4..w..O|8...
01f8ff88 c0 27 09 00 00 00 00 00 - 55 d8 cf 70 38 04 00
00 .'......U..p8...
01f8ff98 c0 27 09 00 09 00 00 00 - 00 25 b5 01 ec ff f8
01 .'.......%......
01f8ffa8 00 25 b5 01 95 d7 cf 70 - 38 86 0c 00 6f d7 cf
70 .%.....p8...o..p
01f8ffb8 7c 98 4e 7c 00 25 b5 01 - 09 00 00 00 38 86 0c
00 |.N|.%......8...
01f8ffc8 00 25 b5 01 00 c0 fa 7f - d8 e9 08 00 c0 ff f8
01 .%..............
01f8ffd8 d8 e9 08 00 ff ff ff ff - b4 f0 4f 7c 60 d3 4e
7c ..........O|`.N|
01f8ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 66 d7 cf
70 ............f..p
01f8fff8 00 25 b5 01 00 00 00 00 - 43 6c 69 65 6e 74 20
55 .%......Client U
01f90008 72 6c 43 61 63 68 65 20 - 4d 4d 46 20 56 65 72
20 rlCache MMF Ver
01f90018 35 2e 32 00 00 c0 18 00 - 00 50 00 00 00 31 00
00 5.2......P...1..
01f90028 c1 03 00 00 00 00 00 00 - 00 6c d0 1d 00 00 00
00 .........l......
01f90038 00 e0 f4 02 00 00 00 00 - 00 a0 3b 02 00 00 00
00 ..........;.....
01f90048 04 00 00 00 a4 00 00 00 - 39 4e 38 39 41 48 4d
33 ........9N89AHM3
01f90058 a4 00 00 00 55 51 42 46 - 4b 38 45 52 a3 00 00
00 ....UQBFK8ER....
01f90068 4f 36 42 41 52 55 51 39 - a3 00 00 00 43 41 59
4e O6BARUQ9....CAYN
01f90078 5a 44 47 54 00 00 00 00 - 00 00 00 00 00 00 00
00 ZDGT............
01f90088 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x53c
eax=09000010 ebx=021cff74 ecx=00000000 edx=00000000
esi=77f94086 edi=00000484
eip=77f94091 esp=021cff58 ebp=021cff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: ZwWaitForSingleObject
77f94086 b8ea000000 mov eax,0xea
77f9408b 8d542404 lea edx,
[esp+0x4] ss:02c49e3f=????????
77f9408f cd2e int 2e
77f94091 c20c00 ret 0xc
77f94094 8a5001 mov dl,
[eax+0x1] ds:09a79ef6=??
77f94097 3a5101 cmp dl,
[ecx+0x1] ds:00a79ee6=??
77f9409a 0f8598c7ffff jne
RtlEqualPrefixSid+0x44 (77f90838)
77f940a0 84d2 test dl,dl
77f940a2 7410 jz
RtlQueryAtomInAtomTable+0x31 (77f94fb4)
77f940a4 0fb6d2 movzx edx,dl
77f940a7 33ff xor edi,edi
77f940a9 8d72ff lea esi,
[edx+0xff] ds:00a79ee6=????????
77f940ac 85f6 test esi,esi
77f940ae 0f8f04100100 jnle
RtlEraseUnicodeString+0x4e (77fa50b8)
77f940b4 b001 mov al,0x1
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
021CFF7C 7C4F1B1B 00000484 000927C0 00000000 70CFD855
ntdll!ZwWaitForSingleObject
77F89134 4AFFC033 58850F08 890000C1 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
State Dump for Thread Id 0x548
eax=0276f27c ebx=0276f26c ecx=00000002 edx=000fc238
esi=00000000 edi=000fc238
eip=70dcf39f esp=0276f214 ebp=0276f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:031e910a=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:031e9163=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000fc238=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:031e910a=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000fc238=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:031e910a=????????
70dcf3a4 8908 mov
[eax],ecx ds:0276f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:031e910a=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:031e910a=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:031e9162=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:031e9162=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0276F224 702BE5B6 0012BFE4 0000000E 0276F27C 000FC238 !
DllGetClassObject
0276F248 10001B67 000CD4D0 0000000E 0276F27C 00000001 !
RegisterFormatEnumerator
0276F2C0 702B6223 00000000 000E5D58 000CD670 00000000 !
<nosymbols>
0276F2E8 702D1A5A 000CD4C8 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
0276F318 702BA988 000CD4C8 00000016 000E5D58 702BA95D !
DllGetClassObject
0276F354 702C59C3 00000016 0276F5C0 00000000 000CB1B0 !
CoInternetQueryInfo
0276F7D0 702BB3AF 00000000 000CB1B0 000CB1C0 702BB372 !
FindMediaTypeClass
0276F7FC 702B8EF8 00000000 000F1068 000CD4C8 000CD4D0 !
IsAsyncMoniker
0276F824 702B7DA6 000CD670 000F1068 000CD4C8 000CD4D0 !
FindMediaType
0276F86C 70D495F1 000CD4C8 000F1068 0012C004 00000000 !
CreateAsyncBindCtxEx
0276FAC0 70D4943E 000F1068 873F0000 0276FBE4 01B59DB0 !
DllGetClassObject
0276FADC 70D493A1 0276FBE4 01B59DC4 873F0000 01B59DB0 !
DllGetClassObject
0276FB00 70D4E77C 0276FBE4 01B59890 00001FDD 873F0000 !
DllGetClassObject
0276FB50 70D4AB9F 01B592E0 01B59890 00000000 00000000 !
DllGetClassObject
0276FB74 70D4AAC1 01B59A10 00000001 00000000 0276FBE4 !
DllGetClassObject
0276FBCC 70D50AF3 01B59A10 00000000 10000000 0011AA38 !
DllGetClassObject
0276FCE4 00000000 00400000 01B60B40 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
0276f214 00 00 00 00 7c f2 76 02 - 74 d6 0c 00 00 00 00
00 ....|.v.t.......
0276f224 48 f2 76 02 b6 e5 2b 70 - e4 bf 12 00 0e 00 00
00 H.v...+p........
0276f234 7c f2 76 02 38 c2 0f 00 - 6c f2 76 02 00 00 00
00 |.v.8...l.v.....
0276f244 4c 00 87 02 c0 f2 76 02 - 67 1b 00 10 d0 d4 0c
00 L.....v.g.......
0276f254 0e 00 00 00 7c f2 76 02 - 01 00 00 00 6c f2 76
02 ....|.v.....l.v.
0276f264 d0 d4 0c 00 0d 30 2c 70 - 00 00 00 00 58 5d 0e
00 .....0,p....X]..
0276f274 74 d6 0c 00 d0 d4 0c 00 - 06 00 00 00 90 f2 76
02 t.............v.
0276f284 74 d6 0c 00 00 00 00 00 - c8 d4 0c 00 14 00 00
00 t...............
0276f294 00 00 00 00 70 d6 0c 00 - 00 00 00 00 00 00 00
00 ....p...........
0276f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
0276f2b4 50 00 87 02 d8 4f 0b 00 - 4c 00 87 02 e8 f2 76
02 P....O..L.....v.
0276f2c4 23 62 2b 70 00 00 00 00 - 58 5d 0e 00 70 d6 0c
00 #b+p....X]..p...
0276f2d4 00 00 00 00 00 00 00 00 - c8 d4 0c 00 00 00 00
00 ................
0276f2e4 00 00 00 00 18 f3 76 02 - 5a 1a 2d 70 c8 d4 0c
00 ......v.Z.-p....
0276f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0276f304 58 5d 0e 00 00 00 00 00 - 00 00 00 00 6c b2 0c
00 X]..........l...
0276f314 b0 b1 0c 00 54 f3 76 02 - 88 a9 2b 70 c8 d4 0c
00 ....T.v...+p....
0276f324 16 00 00 00 58 5d 0e 00 - 5d a9 2b 70 f8 cf 0d
00 ....X]..].+p....
0276f334 16 00 00 00 58 5d 0e 00 - 04 01 00 00 b0 b1 0c
00 ....X]..........
0276f344 00 00 00 00 01 00 00 00 - 05 40 00 80 58 5d 0e
00 [email protected]]..
State Dump for Thread Id 0x12c
eax=778321fe ebx=00000003 ecx=0000004c edx=00000000
esi=77f93233 edi=00000003
eip=77f9323e esp=0284fd24 ebp=0284fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:032c9c0b=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0284FD70 7C4FABFB 0284FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0284FFB4 7C4E987C 00000004 7FFAA000 7C2D02A7 000D8C48
kernel32!WaitForMultipleObjects
0284FFEC 00000000 778321FE 000D8C48 00000000 00000001
kernel32!SetThreadExecutionState
*----> Raw Stack Dump <----*
0284fd24 d7 bd 4e 7c 03 00 00 00 - 48 fd 84 02 01 00 00
00 ..N|....H.......
0284fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 48 8c 0d
00 ............H...
0284fd44 01 00 00 00 70 05 00 00 - 74 05 00 00 84 05 00
00 ....p...t.......
0284fd54 68 0a c7 b7 80 fd 44 80 - 00 f3 59 81 e0 00 00
00 h.....D...Y.....
0284fd64 00 00 00 00 a8 03 5a 81 - b2 34 49 80 b4 ff 84
02 ......Z..4I.....
0284fd74 fb ab 4f 7c 48 fd 84 02 - 01 00 00 00 00 00 00
00 ..O|H...........
0284fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
0284fd94 b0 fe 84 02 00 00 00 00 - ff ff ff ff 48 8c 0d
00 ............H...
0284fda4 a7 02 2d 7c 00 a0 fa 7f - 90 fd b1 e2 70 0a c7
b7 ..-|........p...
0284fdb4 a0 0b 89 81 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
0284fdc4 23 00 00 00 23 00 00 00 - 00 a0 fa 7f a7 02 2d
7c #...#.........-|
0284fdd4 48 8c 0d 00 00 a0 fa 7f - 4c 00 00 00 fe 21 83
77 H.......L....!.w
0284fde4 f8 ab fa 7f 24 98 4e 7c - 1b 00 00 00 00 02 00
00 ....$.N|........
0284fdf4 fc ff 84 02 23 00 00 00 - 34 0d c7 b7 8c 0b 46
80 ....#...4.....F.
0284fe04 f0 29 40 80 ff ff ff ff - 4c 0b c7 b7 d6 60 4a
80 .)@.....L....`J.
0284fe14 a8 03 5a 81 38 0b c7 b7 - f8 e1 c5 e2 48 d1 8b
81 ..Z.8.......H...
0284fe24 00 00 00 00 0c 0c c7 b7 - 16 67 00 00 10 da 95
81 .........g......
0284fe34 00 07 00 00 4c d1 44 80 - 16 67 00 00 10 da 95
81 ....L.D..g......
0284fe44 16 67 00 00 10 da 95 81 - 01 c6 fd 7f 92 01 00
00 .g..............
0284fe54 f1 da 44 80 92 01 00 00 - 30 f4 59 81 00 c0 fd
7f ..D.....0.Y.....
Application exception occurred:
App: rundll32.exe (pid=852)
When: 10/17/2003 @ 18:03:40.203
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 4
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
396 svchost.exe
424 spoolsv.exe
452 defwatch.exe
468 svchost.exe
500 nslsvice.exe
528 nsl.exe
536 rtvscan.exe
568 regsvc.exe
588 mstask.exe
620 stisvc.exe
688 WinMgmt.exe
700 mspmspsv.exe
712 svchost.exe
1108 explorer.exe
1172 igfxtray.exe
1196 hkcmd.exe
1240 vptray.exe
1012 FINDFAST.exe
1284 OSA.exe
852 rundll32.exe
1028 DRWTSN32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(7C4E0000 - 7C599000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78045000)
(782F0000 - 78538000)
(7C2D0000 - 7C332000)
(77D30000 - 77DA1000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B45000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77626000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787E000)
(770C0000 - 770E3000)
(76620000 - 76631000)
(66D20000 - 66D51000)
(773E0000 - 773F5000)
(70200000 - 70295000)
(77440000 - 774B8000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77513000)
(774C0000 - 774D1000)
(75030000 - 75044000)
(75020000 - 75028000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(7C0F0000 - 7C152000)
(75170000 - 751BF000)
(7C340000 - 7C34F000)
(751C0000 - 751C6000)
(75150000 - 7515F000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(10000000 - 10017000)
State Dump for Thread Id 0x2b4
eax=0008110c ebx=01402020 ecx=7117cff8 edx=00000000
esi=0006e59c edi=000003ee
eip=77e12f5c esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e12f3a 0f8540d80200 jne
UnregisterHotKey+0xe89 (77e40780)
77e12f40 33c0 xor eax,eax
77e12f42 c20800 ret 0x8
77e12f45 ff742408 push dword ptr
[esp+0x8] ss:00ae8447=????????
77e12f49 51 push ecx
77e12f4a e8ce1e0000 call GetKeyState+0x9b
(77e14e1d)
77e12f4f ebf1 jmp DrawStateA+0x6e6
(77e1e842)
77e12f51 b89a110000 mov eax,0x119a
77e12f56 8d542404 lea edx,
[esp+0x4] ss:00ae8447=????????
77e12f5a cd2e int 2e
77e12f5c c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 000844A0 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C6 0006F758
comctl32!Ordinal164
0006F7A4 652676BB 00000000 000200B4 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78362E21 000200B4 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78369FB1 0007A220 000200B4 00000005 00000000
shell32!Ordinal652
0006FAE8 7836A237 000200B4 01000000 0007A0F0 00000354
shell32!SHFileOperation
0006FF18 010016EB 000200B4 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 7C4E87F5 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!DosDateTimeToFileTime
*----> Raw Stack Dump <----*
0006e560 86 2f e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ./.w............
0006e570 00 00 00 00 a0 60 09 00 - dc e5 06 00 f8 b2 74
71 .....`........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 ac 61 09 00 a0 60 09 00 - 28 ef 07 00 c4 00 01
00 .a...`..(.......
0006e5a0 00 02 00 00 00 00 00 00 - 21 01 28 01 83 20 01
00 ........!.(.. ..
0006e5b0 b2 01 00 00 df 01 00 00 - fe 00 00 00 00 00 00
00 ................
0006e5c0 00 00 00 00 ff ff ff ff - b8 00 04 00 38 a4 77
71 ............8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - b4 00 02 00 f4 e5 06
00 ./wq............
0006e5e0 17 b5 74 71 a0 44 08 00 - 00 00 00 00 00 00 00
00 ..tq.D..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c6 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 f0 a0 07 00 b4 00 02 00 - 78 01 07 00 78 01 07
00 ........x...x...
0006e620 45 00 00 00 54 2a f9 77 - 40 06 07 00 78 13 07
00 E...T*[email protected]...
0006e630 45 00 00 00 d8 21 07 00 - 28 e6 06 00 00 02 00
00 E....!..(.......
0006e640 e4 e7 06 00 91 81 f9 77 - 98 2a f9 77 ff ff ff
ff .......w.*.w....
0006e650 f4 e7 06 00 5c c3 fc 77 - 78 13 07 00 0a 02 00
00 ....\..wx.......
0006e660 1a 02 00 00 00 00 00 00 - 28 00 00 00 a0 e6 06
00 ........(.......
0006e670 9c e6 06 00 ff ff ff ff - d8 93 e6 77 17 71 f4
77 ...........w.q.w
0006e680 52 00 01 01 20 00 00 00 - 40 00 00 00 78 01 07
00 R... [email protected]...
0006e690 78 01 07 00 78 01 07 00 - 78 01 07 00 30 00 00
00 x...x...x...0...
State Dump for Thread Id 0x204
eax=77d424c2 ebx=0007d9a0 ecx=00084abc edx=00000000
esi=0007f468 edi=00000100
eip=77f839c7 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,
[esp+0x4] ss:016c9d0f=????????
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839cd 8b483c mov ecx,
[eax+0x3c] ds:787bc3a8=????????
77f839d0 f6400801 test byte ptr
[eax+0x8],0x1 ds:787bc3a8=??
77f839d4 7502 jnz
RtlCreateProcessParameters+0xd (77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov
[ebp+0xe4],ecx ss:016c9e5a=????????
77f839db 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839de 668b4038 mov ax,
[eax+0x38] ds:787bc3a9=????
77f839e2 668945e0 mov
[ebp+0xe0],ax ss:016c9e5b=????
77f839e6 668945e2 mov
[ebp+0xe2],ax ss:016c9e5b=????
77f839ea 53 push ebx
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D420D9 77D42528 0007F468 00000000 40084730
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D424DA 0007E1E8 00C4FFEC 7C4E987C 0007D9A0
rpcrt4!NdrConformantArrayMemorySize
00C4FFB4 7C4E987C 0007D9A0 00000000 40084730 0007D9A0
rpcrt4!NdrConformantArrayMemorySize
00C4FFEC 00000000 77D424C2 0007D9A0 00000000 00000000
kernel32!SetThreadExecutionState
*----> Raw Stack Dump <----*
00c4fe28 85 22 d4 77 00 01 00 00 - 54 ff c4 00 00 00 00
00 .".w....T.......
00c4fe38 00 7d 09 00 58 ff c4 00 - 00 09 08 00 e8 e1 07
00 .}..X...........
00c4fe48 a0 d9 07 00 50 87 89 81 - 50 87 89 81 00 00 00
00 ....P...P.......
00c4fe58 01 00 00 00 b0 eb 6a b7 - 00 00 00 00 38 0d 36
e3 ......j.....8.6.
00c4fe68 74 eb 6a b7 00 00 00 00 - 63 53 41 80 50 88 89
81 t.j.....cSA.P...
00c4fe78 e0 51 89 81 64 ec 6a b7 - 7a 0d 45 80 04 00 00
00 .Q..d.j.z.E.....
00c4fe88 88 95 45 81 24 4f 4a 80 - 80 f3 06 00 00 00 00
00 ..E.$OJ.........
00c4fe98 48 f3 06 00 7b 25 02 00 - 00 00 00 00 00 00 00
00 H...{%..........
00c4fea8 01 00 00 00 19 00 02 00 - 00 00 00 00 19 00 02
00 ................
00c4feb8 00 00 00 00 00 00 00 00 - 00 00 00 00 54 03 00
00 ............T...
00c4fec8 00 00 00 00 08 ec 6a b7 - 00 00 00 00 00 00 00
00 ......j.........
00c4fed8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c4fee8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c4fef8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c4ff08 87 00 00 00 86 00 00 00 - 00 20 50 c0 19 00 02
00 ......... P.....
00c4ff18 06 00 02 00 63 00 00 00 - 3f 00 0f 00 01 00 00
00 ....c...?.......
00c4ff28 00 20 50 c0 80 a3 40 81 - e0 89 40 81 00 00 00
00 . P...@...@.....
00c4ff38 e0 89 40 81 70 8b 40 81 - 64 ec 6a b7 41 df 42
80 [email protected][email protected].
00c4ff48 f2 de 42 80 d4 4b 06 80 - 40 8b 40 81 e0 89 40
81 ..B..K..@.@...@.
00c4ff58 00 a2 2f 4d ff ff ff ff - 50 fe c4 00 ff ff ff
ff ../M....P.......
State Dump for Thread Id 0x334
eax=00cff27c ebx=00cff26c ecx=00000002 edx=000d4b48
esi=00000000 edi=000d4b48
eip=70dcf39f esp=00cff214 ebp=00cff224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:0177910a=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:01779163=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000d4b48=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:0177910a=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000d4b48=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:0177910a=????????
70dcf3a4 8908 mov
[eax],ecx ds:00cff27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:0177910a=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:0177910a=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:01779162=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:01779162=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00CFF224 702BE5B6 000B4BCC 0000000E 00CFF27C 000D4B48 !
DllGetClassObject
00CFF248 10001B67 00088B58 0000000E 00CFF27C 00000001 !
RegisterFormatEnumerator
00CFF2C0 702B6223 00000000 000B9760 00088CF8 00000000 !
<nosymbols>
00CFF2E8 702D1A5A 00088B50 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
00CFF318 702BA988 00088B50 00000016 000B9760 702BA95D !
DllGetClassObject
00CFF354 702C59C3 00000016 00CFF5C0 00000000 000D5FB8 !
CoInternetQueryInfo
00CFF7D0 702BB3AF 00000000 000D5FB8 000D5FC8 702BB372 !
FindMediaTypeClass
00CFF7FC 702B8EF8 00000000 000D23B8 00088B50 00088B58 !
IsAsyncMoniker
00CFF824 702B7DA6 00088CF8 000D23B8 00088B50 00088B58 !
FindMediaType
00CFF86C 70D495F1 00088B50 000D23B8 000B4BEC 00000000 !
CreateAsyncBindCtxEx
00CFFAC0 70D4943E 000D23B8 873F0000 00CFFBE4 01051EE0 !
DllGetClassObject
00CFFADC 70D493A1 00CFFBE4 01051EF4 873F0000 01051EE0 !
DllGetClassObject
00CFFB00 70D4E77C 00CFFBE4 01051C40 00001FDD 873F0000 !
DllGetClassObject
00CFFB50 70D4AB9F 01051690 01051C40 00000000 00000000 !
DllGetClassObject
00CFFB74 70D4AAC1 01051DC0 00000001 00000000 00CFFBE4 !
DllGetClassObject
00CFFBCC 70D50AF3 01051DC0 00000000 10000000 000D70B0 !
DllGetClassObject
00CFFCE4 00000000 00400000 01051360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
00cff214 00 00 00 00 7c f2 cf 00 - fc 8c 08 00 00 00 00
00 ....|...........
00cff224 48 f2 cf 00 b6 e5 2b 70 - cc 4b 0b 00 0e 00 00
00 H.....+p.K......
00cff234 7c f2 cf 00 48 4b 0d 00 - 6c f2 cf 00 00 00 00
00 |...HK..l.......
00cff244 4c 00 6f 01 c0 f2 cf 00 - 67 1b 00 10 58 8b 08
00 L.o.....g...X...
00cff254 0e 00 00 00 7c f2 cf 00 - 01 00 00 00 6c f2 cf
00 ....|.......l...
00cff264 58 8b 08 00 0d 30 2c 70 - 00 00 00 00 60 97 0b
00 X....0,p....`...
00cff274 fc 8c 08 00 58 8b 08 00 - 06 00 00 00 90 f2 cf
00 ....X...........
00cff284 fc 8c 08 00 00 00 00 00 - 50 8b 08 00 14 00 00
00 ........P.......
00cff294 00 00 00 00 f8 8c 08 00 - 00 00 00 00 00 00 00
00 ................
00cff2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
00cff2b4 50 00 6f 01 d0 6f 0d 00 - 4c 00 6f 01 e8 f2 cf
00 P.o..o..L.o.....
00cff2c4 23 62 2b 70 00 00 00 00 - 60 97 0b 00 f8 8c 08
00 #b+p....`.......
00cff2d4 00 00 00 00 00 00 00 00 - 50 8b 08 00 00 00 00
00 ........P.......
00cff2e4 00 00 00 00 18 f3 cf 00 - 5a 1a 2d 70 50 8b 08
00 ........Z.-pP...
00cff2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00cff304 60 97 0b 00 00 00 00 00 - 00 00 00 00 74 60 0d
00 `...........t`..
00cff314 b8 5f 0d 00 54 f3 cf 00 - 88 a9 2b 70 50 8b 08
00 ._..T.....+pP...
00cff324 16 00 00 00 60 97 0b 00 - 5d a9 2b 70 78 65 0d
00 ....`...].+pxe..
00cff334 16 00 00 00 60 97 0b 00 - 04 01 00 00 b8 5f 0d
00 ....`........_..
00cff344 00 00 00 00 01 00 00 00 - 05 40 00 80 60 97 0b
00 .........@..`...
State Dump for Thread Id 0x2a0
eax=016e0020 ebx=00000002 ecx=00000008 edx=00000000
esi=77f93233 edi=00000002
eip=77f9323e esp=00d3fe5c ebp=00d3fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:017b9d43=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3FEA8 77E13990 00D3FE80 00000001 00000000 00D3FEA0
ntdll!NtWaitForMultipleObjects
00D3FF04 77E13A5C 00D3FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00D3FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00D3FF74 70C1AB1B 00D3FFA0 00D3FFA4 00D3FFA8 00D3FF9C !
Ordinal265
00D3FFAC 70C1ACDF 00000000 7C4E987C 00000000 00000000 !
Ordinal293
00D3FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x538
eax=778321fe ebx=00000003 ecx=0000004c edx=00000000
esi=77f93233 edi=00000003
eip=77f9323e esp=0168fd24 ebp=0168fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:02109c0b=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0168FD70 7C4FABFB 0168FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0168FFB4 7C4E987C 00000004 7FFDC000 7C2D02A7 000D4450
kernel32!WaitForMultipleObjects
0168FFEC 00000000 778321FE 000D4450 00000000 00000001
kernel32!SetThreadExecutionState
*----> Raw Stack Dump <----*
0168fd24 d7 bd 4e 7c 03 00 00 00 - 48 fd 68 01 01 00 00
00 ..N|....H.h.....
0168fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 50 44 0d
00 ............PD..
0168fd44 01 00 00 00 d4 01 00 00 - d8 01 00 00 e8 01 00
00 ................
0168fd54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0168fd64 00 00 00 00 00 00 00 00 - 00 00 00 00 b4 ff 68
01 ..............h.
0168fd74 fb ab 4f 7c 48 fd 68 01 - 01 00 00 00 00 00 00
00 ..O|H.h.........
0168fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
0168fd94 b0 fe 68 01 00 00 00 00 - ff ff ff ff 50 44 0d
00 ..h.........PD..
0168fda4 a7 02 2d 7c 00 c0 fd 7f - 00 00 00 00 00 00 00
00 ..-|............
0168fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
0168fdc4 23 00 00 00 23 00 00 00 - 00 c0 fd 7f a7 02 2d
7c #...#.........-|
0168fdd4 50 44 0d 00 00 c0 fd 7f - 4c 00 00 00 fe 21 83
77 PD......L....!.w
0168fde4 f8 cb fd 7f 24 98 4e 7c - 1b 00 00 00 00 02 00
00 ....$.N|........
0168fdf4 fc ff 68 01 23 00 00 00 - 00 00 00 00 00 00 00
00 ..h.#...........
0168fe04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0168fe14 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0168fe24 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0168fe34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0168fe44 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0168fe54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
Application exception occurred:
App: rundll32.exe (pid=544)
When: 10/20/2003 @ 07:30:10.546
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 3
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 smss.exe
172 csrss.exe
192 winlogon.exe
220 services.exe
232 lsass.exe
396 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
524 rtvscan.exe
572 regsvc.exe
592 mstask.exe
620 stisvc.exe
684 winmgmt.exe
712 mspmspsv.exe
724 svchost.exe
1040 explorer.exe
1148 igfxtray.exe
1176 hkcmd.exe
1224 vptray.exe
1264 FINDFAST.exe
1272 OSA.exe
544 rundll32.exe
100 drwtsn32.exe
0 _Total.exe
(01000000 - 01004000)
(77F80000 - 77FFB000)
(77E80000 - 77F36000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77920000 - 77943000)
(78000000 - 78046000)
(782F0000 - 78536000)
(77DB0000 - 77E0D000)
(77D30000 - 77DA1000)
(70BD0000 - 70C35000)
(71710000 - 71794000)
(77A50000 - 77B45000)
(65260000 - 652A0000)
(779B0000 - 77A4B000)
(775A0000 - 77625000)
(691A0000 - 691A9000)
(71160000 - 7125D000)
(77840000 - 7787D000)
(770C0000 - 770E3000)
(76620000 - 76630000)
(66D20000 - 66D51000)
(773E0000 - 773F5000)
(70200000 - 70295000)
(77440000 - 774B7000)
(77430000 - 77440000)
(70C50000 - 70EFD000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(702B0000 - 7032A000)
(70440000 - 704CF000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(75030000 - 75043000)
(75020000 - 75028000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(77C10000 - 77C6E000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 75160000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(10000000 - 10017000)
State Dump for Thread Id 0x330
eax=000021ff ebx=01402020 ecx=00000000 edx=00000000
esi=0006e59c edi=000003ee
eip=77e11d6b esp=0006e560 ebp=0006e578 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e11d48 0f85cad90200 jne
CallMsgFilter+0xeb8 (77e3f718)
77e11d4e 33c0 xor eax,eax
77e11d50 c20800 ret 0x8
77e11d53 ff742408 push dword ptr
[esp+0x8] ss:00aebb33=????????
77e11d57 51 push ecx
77e11d58 e861090000 call GetKeyState+0x92
(77e126be)
77e11d5d c20800 ret 0x8
77e11d60 b89a110000 mov eax,0x119a
77e11d65 8d542404 lea edx,
[esp+0x4] ss:00aebb33=????????
77e11d69 cd2e int 2e
77e11d6b c21000 ret 0x10
77e11d6e 8b442404 mov eax,
[esp+0x4] ss:00aebb33=????????
77e11d72 cd2b int 2b
77e11d74 e939990300 jmp
SetClassLongW+0x654 (77e4b6b2)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006E578 7174B2F8 0006E59C 00000000 00000000 00000000
user32!TranslateMessageEx
0006E5DC 7174B517 00084490 00000000 00000000 65264733
comctl32!Ordinal389
0006E5F4 7174B529 0006F758 00000007 652673C5 0006F758
comctl32!Ordinal164
0006F7A4 652676BA 00000000 000300C8 00000000 00000000
comctl32!PropertySheetW
0006F7C4 78359179 000300C8 00000005 00000000 00000000 desk!
CPlApplet
0006F804 78361842 0007A218 000300C8 00000005 00000000
shell32!Ordinal652
0006FAE8 78361AC8 000300C8 01000000 0007A0E8 00000220
shell32!SHFileOperationA
0006FF18 010016EB 000300C8 01000000 000732E0 00000001
shell32!Control_RunDLLW
0006FF60 010011F6 01000000 00000000 00020692 00000001
rundll32!<nosymbols>
0006FFC0 77E9CA90 00000000 00000000 7FFDF000 00000000
rundll32!<nosymbols>
0006FFF0 00000000 01001171 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Raw Stack Dump <----*
0006e560 e1 1d e1 77 9c e5 06 00 - 00 00 00 00 00 00 00
00 ...w............
0006e570 00 00 00 00 28 47 09 00 - dc e5 06 00 f8 b2 74
71 ....(G........tq
0006e580 9c e5 06 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0006e590 34 48 09 00 28 47 09 00 - 20 ef 07 00 f2 00 02
00 4H..(G.. .......
0006e5a0 00 02 00 00 00 00 00 00 - fc 00 d2 00 f2 f0 01
00 ................
0006e5b0 4b 01 00 00 47 01 00 00 - fe 00 00 00 00 00 00
00 K...G...........
0006e5c0 00 00 00 00 ff ff ff ff - c6 00 05 00 38 a4 77
71 ............8.wq
0006e5d0 80 2f 77 71 09 04 00 00 - c8 00 03 00 f4 e5 06
00 ./wq............
0006e5e0 17 b5 74 71 90 44 08 00 - 00 00 00 00 00 00 00
00 ..tq.D..........
0006e5f0 33 47 26 65 a4 f7 06 00 - 29 b5 74 71 58 f7 06
00 3G&e....).tqX...
0006e600 07 00 00 00 c5 73 26 65 - 58 f7 06 00 00 00 00
00 .....s&eX.......
0006e610 e8 a0 07 00 c8 00 03 00 - 78 01 07 00 78 01 07
00 ........x...x...
0006e620 ea 01 01 39 58 e6 06 00 - 40 06 07 00 70 39 f8
77 [email protected]
0006e630 00 00 07 00 78 13 07 00 - 45 00 00 00 d8 21 07
00 ....x...E....!..
0006e640 30 e6 06 00 00 02 00 00 - ec e7 06 00 95 2b f8
77 0............+.w
0006e650 b8 39 f8 77 ff ff ff ff - fc e7 06 00 27 b2 fc
77 .9.w........'..w
0006e660 78 13 07 00 0a 02 00 00 - 1a 02 00 00 00 00 00
00 x...............
0006e670 9c e6 06 00 ff ff ff ff - 80 92 e6 77 0a 60 f4
77 ...........w.`.w
0006e680 52 00 01 01 20 00 00 00 - 40 00 00 00 02 00 00
00 R... ...@.......
0006e690 00 00 66 00 80 92 e6 77 - 40 00 00 00 30 00 00
00 [email protected]...
State Dump for Thread Id 0x78
eax=77d424c2 ebx=0007d998 ecx=00084aac edx=00000000
esi=0007f460 edi=00000100
eip=77f83bb8 esp=00c4fe28 ebp=00c4ff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f83bad b8ac000000 mov eax,0xac
77f83bb2 8d542404 lea edx,
[esp+0x4] ss:016cd3fb=????????
77f83bb6 cd2e int 2e
77f83bb8 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00C4FF74 77D420D9 77D42528 0007F460 00000000 40084720
ntdll!NtReplyWaitReceivePortEx
00C4FFA8 77D424DA 0007E1E0 00C4FFEC 77E887DD 0007D998
rpcrt4!NdrConformantArrayMemorySize
00C4FFB4 77E887DD 0007D998 00000000 40084720 0007D998
rpcrt4!NdrConformantArrayMemorySize
00C4FFEC 00000000 77D424C2 0007D998 00000000 00000000
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
00c4fe28 85 22 d4 77 04 01 00 00 - 54 ff c4 00 00 00 00
00 .".w....T.......
00c4fe38 c8 8d 09 00 58 ff c4 00 - f8 08 08 00 e0 e1 07
00 ....X...........
00c4fe48 98 d9 07 00 50 87 89 81 - 50 87 89 81 00 00 00
00 ....P...P.......
00c4fe58 01 00 00 00 b0 fb 36 b7 - 00 00 00 00 78 15 3c
e3 ......6.....x.<.
00c4fe68 74 fb 36 b7 00 00 00 00 - 72 4f 41 80 50 88 89
81 t.6.....rOA.P...
00c4fe78 e0 51 89 81 64 fc 36 b7 - ca 08 45 80 04 00 00
00 .Q..d.6...E.....
00c4fe88 08 e0 3e 81 66 41 4a 80 - 80 f3 06 00 00 00 00
00 ..>.fAJ.........
00c4fe98 48 f3 06 00 49 15 03 00 - 00 00 00 00 00 00 00
00 H...I...........
00c4fea8 01 00 00 00 19 00 02 00 - 00 00 00 00 19 00 02
00 ................
00c4feb8 00 00 00 00 00 00 00 00 - 00 00 00 00 20 02 00
00 ............ ...
00c4fec8 00 00 00 00 08 fc 36 b7 - 00 00 00 00 00 00 00
00 ......6.........
00c4fed8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c4fee8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c4fef8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00c4ff08 00 00 00 00 5c 28 50 c0 - 7c 00 00 00 00 20 50
c0 ....\(P.|.... P.
00c4ff18 06 00 02 00 19 00 02 00 - 7c 00 00 00 01 00 00
00 ........|.......
00c4ff28 00 20 50 c0 e0 46 3d 81 - a0 4d 3d 81 00 00 00
00 . P..F=..M=.....
00c4ff38 a0 4d 3d 81 30 4f 3d 81 - 64 fc 36 b7 f3 da 42
80 .M=.0O=.d.6...B.
00c4ff48 a4 da 42 80 d4 4b 06 80 - 00 4f 3d 81 a0 4d 3d
81 ..B..K...O=..M=.
00c4ff58 00 a2 2f 4d ff ff ff ff - 50 fe c4 00 ff ff ff
ff ../M....P.......
State Dump for Thread Id 0x528
eax=014a0020 ebx=00000002 ecx=00000008 edx=00000000
esi=77f837a7 edi=00000002
eip=77f837b2 esp=00cffe5c ebp=00cffea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0177d42f=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00CFFEA8 77E12A00 00CFFE80 00000001 00000000 00CFFEA0
ntdll!NtWaitForMultipleObjects
00CFFF04 77E12A77 00CFFED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
00CFFF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
00CFFF74 70C1AB1B 00CFFFA0 00CFFFA4 00CFFFA8 00CFFF9C !
Ordinal265
00CFFFAC 70C1ACDF 00000000 77E887DD 00000000 00000000 !
Ordinal293
00CFFFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x358
eax=00d3f27c ebx=00d3f26c ecx=00000002 edx=000d4b68
esi=00000000 edi=000d4b68
eip=70dcf39f esp=00d3f214 ebp=00d3f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
70dcf382 8bcf mov ecx,edi
70dcf384 e8c96aecff call 70c95e52
70dcf389 8b7d14 mov edi,
[ebp+0x14] ss:017bc7f6=????????
70dcf38c 8d4c0002 lea ecx,
[eax+eax+0x2] ds:017bc84f=????????
70dcf390 8bc1 mov eax,ecx
70dcf392 c1e902 shr ecx,0x2
70dcf395 f3a5 rep movsd
ds:00000000=???????? es:000d4b68=00000000
70dcf397 8bc8 mov ecx,eax
70dcf399 8b4510 mov eax,
[ebp+0x10] ss:017bc7f6=????????
70dcf39c 83e103 and ecx,0x3
FAULT ->70dcf39f f3a4 rep movsb
ds:00000000=?? es:000d4b68=00
70dcf3a1 8b4d14 mov ecx,
[ebp+0x14] ss:017bc7f6=????????
70dcf3a4 8908 mov
[eax],ecx ds:00d3f27c=00000006
70dcf3a6 eb51 jmp
DllGetClassObject+0x98145 (70dd76f9)
70dcf3a8 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:017bc7f6=????????
70dcf3ac 0f8258a6f8ff jb
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3b2 8b4508 mov eax,
[ebp+0x8] ss:017bc7f6=????????
70dcf3b5 8b400c mov eax,
[eax+0xc] ds:017bc84e=????????
70dcf3b8 85c0 test eax,eax
70dcf3ba 0f844aa6f8ff je
DllGetClassObject+0x1a456 (70d59a0a)
70dcf3c0 8b7024 mov esi,
[eax+0x24] ds:017bc84e=????????
70dcf3c3 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00D3F224 702BE5B6 000B4B34 0000000E 00D3F27C 000D4B68 !
DllGetClassObject
00D3F248 10001B67 00088B48 0000000E 00D3F27C 00000001 !
RegisterFormatEnumerator
00D3F2C0 702B6223 00000000 000B9858 00088CE8 00000000 !
<nosymbols>
00D3F2E8 702D1A5A 00088B40 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
00D3F318 702BA988 00088B40 00000016 000B9858 702BA95D !
DllGetClassObject
00D3F354 702C59C3 00000016 00D3F5C0 00000000 000D5D48 !
CoInternetQueryInfo
00D3F7D0 702BB3AF 00000000 000D5D48 000D5D58 702BB372 !
FindMediaTypeClass
00D3F7FC 702B8EF8 00000000 000D22E0 00088B40 00088B48 !
IsAsyncMoniker
00D3F824 702B7DA6 00088CE8 000D22E0 00088B40 00088B48 !
FindMediaType
00D3F86C 70D495F1 00088B40 000D22E0 000B4B54 00000000 !
CreateAsyncBindCtxEx
00D3FAC0 70D4943E 000D22E0 873F0000 00D3FBE4 01051EE0 !
DllGetClassObject
00D3FADC 70D493A1 00D3FBE4 01051EF4 873F0000 01051EE0 !
DllGetClassObject
00D3FB00 70D4E77C 00D3FBE4 01051C40 00001FDD 873F0000 !
DllGetClassObject
00D3FB50 70D4AB9F 01051690 01051C40 00000000 00000000 !
DllGetClassObject
00D3FB74 70D4AAC1 01051DC0 00000001 00000000 00D3FBE4 !
DllGetClassObject
00D3FBCC 70D50AF3 01051DC0 00000000 10000000 000D7018 !
DllGetClassObject
00D3FCE4 00000000 00400000 01051360 C00007B0 00081800 !
DllGetClassObject
*----> Raw Stack Dump <----*
00d3f214 00 00 00 00 7c f2 d3 00 - ec 8c 08 00 00 00 00
00 ....|...........
00d3f224 48 f2 d3 00 b6 e5 2b 70 - 34 4b 0b 00 0e 00 00
00 H.....+p4K......
00d3f234 7c f2 d3 00 68 4b 0d 00 - 6c f2 d3 00 00 00 00
00 |...hK..l.......
00d3f244 4c 00 6f 01 c0 f2 d3 00 - 67 1b 00 10 48 8b 08
00 L.o.....g...H...
00d3f254 0e 00 00 00 7c f2 d3 00 - 01 00 00 00 6c f2 d3
00 ....|.......l...
00d3f264 48 8b 08 00 0d 30 2c 70 - 00 00 00 00 58 98 0b
00 H....0,p....X...
00d3f274 ec 8c 08 00 48 8b 08 00 - 06 00 00 00 90 f2 d3
00 ....H...........
00d3f284 ec 8c 08 00 00 00 00 00 - 40 8b 08 00 14 00 00
00 ........@.......
00d3f294 00 00 00 00 e8 8c 08 00 - 00 00 00 00 00 00 00
00 ................
00d3f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
00d3f2b4 50 00 6f 01 38 6f 0d 00 - 4c 00 6f 01 e8 f2 d3
00 P.o.8o..L.o.....
00d3f2c4 23 62 2b 70 00 00 00 00 - 58 98 0b 00 e8 8c 08
00 #b+p....X.......
00d3f2d4 00 00 00 00 00 00 00 00 - 40 8b 08 00 00 00 00
00 ........@.......
00d3f2e4 00 00 00 00 18 f3 d3 00 - 5a 1a 2d 70 40 8b 08
00 ........Z.-p@...
00d3f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00d3f304 58 98 0b 00 00 00 00 00 - 00 00 00 00 04 5e 0d
00 X............^..
00d3f314 48 5d 0d 00 54 f3 d3 00 - 88 a9 2b 70 40 8b 08
00 H]..T.....+p@...
00d3f324 16 00 00 00 58 98 0b 00 - 5d a9 2b 70 08 63 0d
00 ....X...].+p.c..
00d3f334 16 00 00 00 58 98 0b 00 - 04 01 00 00 48 5d 0d
00 ....X.......H]..
00d3f344 00 00 00 00 01 00 00 00 - 05 40 00 80 58 98 0b
00 [email protected]...
State Dump for Thread Id 0x2f0
eax=778321fe ebx=00000003 ecx=7ffdb000 edx=00000000
esi=77f837a7 edi=00000003
eip=77f837b2 esp=0168fd24 ebp=0168fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f837a7 b8e9000000 mov eax,0xe9
77f837ac 8d542404 lea edx,
[esp+0x4] ss:0210d2f7=????????
77f837b0 cd2e int 2e
77f837b2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0168FD70 77E8A31D 0168FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0168FFB4 77E887DD 00000004 000D4364 7FFDB000 000D4370
kernel32!WaitForMultipleObjects
0168FFEC 00000000 778321FE 000D4370 00000000 00000001
kernel32!GetModuleFileNameA
*----> Raw Stack Dump <----*
0168fd24 b7 7a e8 77 03 00 00 00 - 48 fd 68 01 01 00 00
00 .z.w....H.h.....
0168fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 70 43 0d
00 ............pC..
0168fd44 01 00 00 00 d0 01 00 00 - d4 01 00 00 e4 01 00
00 ................
0168fd54 00 00 00 00 a0 1d 3a 81 - 90 fa 41 80 e8 a3 3c
81 ......:...A...<.
0168fd64 48 22 3a 81 01 00 00 00 - 01 00 00 00 b4 ff 68
01 H":...........h.
0168fd74 1d a3 e8 77 48 fd 68 01 - 01 00 00 00 00 00 00
00 ...wH.h.........
0168fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
0168fd94 b0 fe 68 01 00 00 00 00 - ff ff ff ff 70 43 0d
00 ..h.........pC..
0168fda4 00 b0 fd 7f 64 43 0d 00 - 00 00 00 00 38 00 00
00 ....dC......8...
0168fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
0168fdc4 23 00 00 00 23 00 00 00 - 64 43 0d 00 00 b0 fd
7f #...#...dC......
0168fdd4 70 43 0d 00 00 b0 fd 7f - 00 b0 fd 7f fe 21 83
77 pC...........!.w
0168fde4 00 00 00 00 85 87 e8 77 - 1b 00 00 00 00 02 00
00 .......w........
0168fdf4 fc ff 68 01 23 00 00 00 - 28 2c 51 81 a6 24 49
80 ..h.#...(,Q..$I.
0168fe04 28 2c 51 81 2c 02 00 00 - 40 6a 89 81 03 00 1f
00 (,Q.,...@j......
0168fe14 88 16 3a 81 40 6a 89 81 - a0 16 3a 81 88 16 3a
81 ..:.@j....:...:.
0168fe24 31 5b 00 00 98 bc 94 81 - 00 07 00 00 ae cc 44
80 1[............D.
0168fe34 31 5b 00 00 98 bc 94 81 - 31 5b 00 00 98 bc 94
81 1[......1[......
0168fe44 01 72 fd 7f 79 0a 00 00 - 41 d6 44 80 79 0a 00
00 .r..y...A.D.y...
0168fe54 f0 0b 33 81 00 70 fd 7f - fc 07 30 c0 00 00 00
00 ..3..p....0.....
Application exception occurred:
App: taskmgr.exe (pid=1304)
When: 10/22/2003 @ 14:14:07.140
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 4
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
400 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
544 rtvscan.exe
576 regsvc.exe
596 mstask.exe
644 stisvc.exe
696 WinMgmt.exe
712 mspmspsv.exe
724 svchost.exe
1224 igfxtray.exe
1240 hkcmd.exe
1276 vptray.exe
1284 FINDFAST.exe
1316 OSA.exe
1068 ipmsg2.02.exe
1056 nlnotes.exe
1168 naldaemn.exe
700 nhldaemn.exe
1432 explorer.exe
1304 TASKMGR.exe
656 IEXPLORE.exe
1048 NTVDM.exe
1520 DRWTSN32.exe
0 _Total.exe
(01000000 - 01018000)
(77F80000 - 77FFB000)
(77F40000 - 77F7C000)
(7C4E0000 - 7C599000)
(77E10000 - 77E75000)
(7C2D0000 - 7C332000)
(77D30000 - 77DA1000)
(71710000 - 71794000)
(782F0000 - 78538000)
(63180000 - 631E5000)
(78000000 - 78045000)
(66390000 - 6639B000)
(65780000 - 6578D000)
(66640000 - 6664A000)
(77530000 - 77552000)
(77880000 - 7790E000)
(7C0F0000 - 7C152000)
(75170000 - 751BF000)
(7C340000 - 7C34F000)
(751C0000 - 751C6000)
(75150000 - 7515F000)
(75030000 - 75044000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
State Dump for Thread Id 0x540
eax=ffffffff ebx=00000000 ecx=00000002 edx=00120007
esi=00000001 edi=00081220
eip=7c4ee38e esp=0006f480 ebp=0006f4e8 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: CompareStringW
7c4ee370 8b7d18 mov edi,
[ebp+0x18] ss:00ae93ce=????????
7c4ee373 33db xor ebx,ebx
7c4ee375 895508 mov
[ebp+0x8],edx ss:00ae93ce=????????
7c4ee378 3bd3 cmp edx,ebx
7c4ee37a 897d1c mov
[ebp+0x1c],edi ss:00ae93ce=????????
7c4ee37d 0f84f54f0100 je
WriteProfileStringA+0x25 (7c503378)
7c4ee383 3bfb cmp edi,ebx
7c4ee385 0f84ed4f0100 je
WriteProfileStringA+0x25 (7c503378)
7c4ee38b 6a02 push 0x2
7c4ee38d 59 pop ecx
FAULT ->7c4ee38e 668b02 mov ax,
[edx] ds:00120007=????
7c4ee391 663b07 cmp ax,
[edi] ds:00081220=0043
7c4ee394 0f84edb4ffff je
SetThreadExecutionState+0x232 (7c4e9887)
7c4ee39a 668b02 mov ax,
[edx] ds:00120007=????
7c4ee39d 663b07 cmp ax,
[edi] ds:00081220=0043
7c4ee3a0 0f8417cdffff je
GetStdHandle+0x1b0 (7c4eb0bd)
7c4ee3a6 8b4ddc mov ecx,
[ebp+0xdc] ss:00ae93ce=????????
7c4ee3a9 895dc8 mov
[ebp+0xc8],ebx ss:00ae93ce=????????
7c4ee3ac f7de neg esi
7c4ee3ae 1bf6 sbb esi,esi
7c4ee3b0 33c0 xor eax,eax
7c4ee3b2 81e6000000e8 and esi,0xe8000000
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006F4E8 7C4FA1AA 00120007 00000001 00120007 FFFFFFFF
kernel32!CompareStringW
00000021 00000000 00000000 00000000 00000000 00000000
kernel32!lstrcmpiW
*----> Raw Stack Dump <----*
0006f480 07 00 12 00 78 11 08 00 - 20 12 08 00 00 00 07
00 ....x... .......
0006f490 00 00 07 00 00 00 07 00 - 07 00 00 00 01 00 00
00 ................
0006f4a0 00 00 00 00 08 00 00 00 - 04 00 1d 00 ff ff ff
e7 ................
0006f4b0 00 00 00 00 00 00 00 00 - 48 0e 02 02 00 00 00
00 ........H.......
0006f4c0 f8 17 08 00 f8 45 07 00 - 40 62 08 00 30 00 00
00 [email protected]...
0006f4d0 40 00 00 00 6c f3 06 00 - 0c 00 00 00 f4 fa 06
00 @...l...........
0006f4e0 91 81 f9 77 c0 21 f9 77 - 21 00 00 00 aa a1 4f
7c ...w.!.w!.....O|
0006f4f0 07 00 12 00 01 00 00 00 - 07 00 12 00 ff ff ff
ff ................
0006f500 20 12 08 00 20 12 08 00 - 10 2a 08 00 00 00 00
00 ... ....*......
0006f510 3e 63 00 01 07 00 12 00 - 20 12 08 00 00 00 00
00 >c...... .......
0006f520 e0 33 08 00 0d 00 00 00 - 6e 67 00 01 78 11 08
00 .3......ng..x...
0006f530 e0 33 08 00 dc 43 07 00 - 0d 00 00 00 56 68 00
01 .3...C......Vh..
0006f540 e0 33 08 00 70 7b 08 00 - 21 00 00 00 58 22 08
00 .3..p{..!...X"..
0006f550 94 f7 06 00 dc 43 07 00 - e0 33 08 00 48 79 00
01 .....C...3..Hy..
0006f560 dc 43 07 00 54 03 30 00 - d0 43 07 00 54 03 30
00 .C..T.0..C..T.0.
0006f570 02 af b2 5d 25 00 00 00 - 1e 9d 05 c3 00 00 00
00 ...]%...........
0006f580 41 93 32 a9 00 00 00 00 - 55 15 f1 44 01 00 00
00 A.2.....U..D....
0006f590 e5 94 0b 00 d2 ed 01 00 - 36 ec 18 00 00 8b 00
00 ........6.......
0006f5a0 51 9c 00 00 6c 68 02 00 - 54 d5 00 00 88 f5 2c
00 Q...lh..T.....,.
0006f5b0 fd 72 00 00 5b 37 0a 00 - 00 00 00 00 ef 4c 0c
00 .r..[7.......L..
State Dump for Thread Id 0x470
eax=00000000 ebx=77f89134 ecx=ffffffff edx=00000000
esi=006eff9c edi=0100dca8
eip=77e12f5c esp=006eff5c ebp=006eff74 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e12f3a 0f8540d80200 jne
UnregisterHotKey+0xe89 (77e40780)
77e12f40 33c0 xor eax,eax
77e12f42 c20800 ret 0x8
77e12f45 ff742408 push dword ptr
[esp+0x8] ss:01169e43=????????
77e12f49 51 push ecx
77e12f4a e8ce1e0000 call GetKeyState+0x9b
(77e14e1d)
77e12f4f ebf1 jmp DrawStateA+0x6e6
(77e1e842)
77e12f51 b89a110000 mov eax,0x119a
77e12f56 8d542404 lea edx,
[esp+0x4] ss:01169e43=????????
77e12f5a cd2e int 2e
77e12f5c c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
006EFF74 0100B070 006EFF9C 00000000 00000000 00000000
user32!TranslateMessageEx
00000000 00000000 00000000 00000000 00000000 00000000
taskmgr!<nosymbols>
State Dump for Thread Id 0x198
eax=00000001 ebx=00000000 ecx=01010101 edx=00000000
esi=77f94086 edi=00000094
eip=77f94091 esp=0075ff6c ebp=0075ff90 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: ZwWaitForSingleObject
77f94086 b8ea000000 mov eax,0xea
77f9408b 8d542404 lea edx,
[esp+0x4] ss:011d9e53=????????
77f9408f cd2e int 2e
77f94091 c20c00 ret 0xc
77f94094 8a5001 mov dl,
[eax+0x1] ds:00a79ee7=??
77f94097 3a5101 cmp dl,
[ecx+0x1] ds:01a89fe7=??
77f9409a 0f8598c7ffff jne
RtlEqualPrefixSid+0x44 (77f90838)
77f940a0 84d2 test dl,dl
77f940a2 7410 jz
RtlQueryAtomInAtomTable+0x31 (77f94fb4)
77f940a4 0fb6d2 movzx edx,dl
77f940a7 33ff xor edi,edi
77f940a9 8d72ff lea esi,
[edx+0xff] ds:00a79ee6=????????
77f940ac 85f6 test esi,esi
77f940ae 0f8f04100100 jnle
RtlEraseUnicodeString+0x4e (77fa50b8)
77f940b4 b001 mov al,0x1
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0075FF90 7C4F1B1B 00000094 FFFFFFFF 00000000 01009D29
ntdll!ZwWaitForSingleObject
0075FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!WaitForSingleObject
Application exception occurred:
App: explorer.exe (pid=548)
When: 10/27/2003 @ 09:27:15.640
Exception number: c0000005 (access violation)
*----> System Information <----*
Computer Name: 003OSG33
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 7
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 4
Current Type: Uniprocessor Free
Registered Organization: China Banking Corporation
Registered Owner: China Banking Corporation
*----> Task List <----*
0 Idle.exe
8 System.exe
148 SMSS.exe
172 CSRSS.exe
168 WINLOGON.exe
220 SERVICES.exe
232 LSASS.exe
400 svchost.exe
428 spoolsv.exe
456 defwatch.exe
472 svchost.exe
500 nslsvice.exe
512 nsl.exe
544 rtvscan.exe
576 regsvc.exe
596 mstask.exe
648 stisvc.exe
700 WinMgmt.exe
712 mspmspsv.exe
724 svchost.exe
548 explorer.exe
1004 igfxtray.exe
1216 hkcmd.exe
1244 vptray.exe
1284 FINDFAST.exe
1232 OSA.exe
1264 VB6.exe
1048 ipmsg2.02.exe
1300 nlnotes.exe
1324 naldaemn.exe
1332 nhldaemn.exe
1360 DRWTSN32.exe
0 _Total.exe
(00400000 - 0043E000)
(77F80000 - 77FFB000)
(7C2D0000 - 7C332000)
(7C4E0000 - 7C599000)
(77D30000 - 77DA1000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(63180000 - 631E5000)
(78000000 - 78045000)
(71710000 - 71794000)
(732E0000 - 73305000)
(23000000 - 23056000)
(782F0000 - 78538000)
(77A50000 - 77B47000)
(775A0000 - 77626000)
(779B0000 - 77A4B000)
(77840000 - 7787E000)
(770C0000 - 770E3000)
(00E10000 - 00F59000)
(71160000 - 7125D000)
(7C0F0000 - 7C152000)
(76DF0000 - 76E01000)
(76620000 - 76631000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(75170000 - 751BF000)
(7C340000 - 7C34F000)
(751C0000 - 751C6000)
(75150000 - 7515F000)
(75030000 - 75044000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(75160000 - 7516C000)
(75210000 - 75225000)
(751D0000 - 75208000)
(76F20000 - 76F97000)
(70340000 - 70381000)
(766D0000 - 766E8000)
(76740000 - 76748000)
(77880000 - 7790E000)
(766F0000 - 766F7000)
(77570000 - 775A0000)
(01290000 - 01494000)
(77560000 - 77568000)
(77400000 - 77408000)
(77410000 - 77423000)
(76290000 - 762CB000)
(6DE80000 - 6DEE4000)
(770B0000 - 770B7000)
(76B30000 - 76B6E000)
(76710000 - 76719000)
(70200000 - 70295000)
(77440000 - 774B8000)
(77430000 - 77440000)
(71960000 - 71972000)
(71F00000 - 71F4D000)
(6A8F0000 - 6A910000)
(74870000 - 74886000)
(70020000 - 70025000)
(1A400000 - 1A47A000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(70440000 - 704CF000)
(63580000 - 63830000)
(718C0000 - 71944000)
(75AC0000 - 75AE8000)
(658F0000 - 65A04000)
(70510000 - 7051A000)
(70F30000 - 70F9E000)
(75E60000 - 75E7A000)
(66650000 - 666A4000)
(66D20000 - 66D51000)
(774E0000 - 77513000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(10000000 - 10017000)
State Dump for Thread Id 0x3f4
eax=000021ff ebx=00000001 ecx=00000000 edx=00000000
esi=00092a60 edi=00000000
eip=77e13569 esp=0006ff00 ebp=0006ff1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1355e b836120000 mov eax,0x1236
77e13563 8d542404 lea edx,
[esp+0x4] ss:00ae9de7=????????
77e13567 cd2e int 2e
77e13569 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006FF1C 7831ADBB 00000000 004084C4 00092A60 00000000
user32!WaitMessage
0006FF60 00408201 0000005C 00000000 00020656 00000001
shell32!Ordinal201
0006FFC0 7C4E87F5 00000000 00000000 7FFDF000 00000000
explorer!<nosymbols>
0006FFF0 00000000 00408188 00000000 000000C8 00000100
kernel32!DosDateTimeToFileTime
*----> Raw Stack Dump <----*
0006ff00 41 ae 31 78 94 55 4f 7c - 60 2a 09 00 01 00 00
00 A.1x.UO|`*......
0006ff10 60 2a 09 00 60 2a 09 00 - 60 ff 06 00 60 ff 06
00 `*..`*..`...`...
0006ff20 bb ad 31 78 00 00 00 00 - c4 84 40 00 60 2a 09
00 ..1x......@.`*..
0006ff30 00 00 00 00 56 06 02 00 - 00 f0 fd 7f 70 9c 3e
81 ....V.......p.>.
0006ff40 92 ab 4f 7c ff ff ff ff - 0c 00 00 00 56 06 02
00 ..O|........V...
0006ff50 d5 ab 4f 7c 02 00 00 00 - 93 eb 01 00 e0 ff 06
00 ..O|............
0006ff60 c0 ff 06 00 01 82 40 00 - 5c 00 00 00 00 00 00
00 ......@.\.......
0006ff70 56 06 02 00 01 00 00 00 - 00 00 00 00 44 00 00
00 V...........D...
0006ff80 50 62 07 00 40 44 07 00 - 70 62 07 00 00 00 00
00 [email protected]......
0006ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 98 e9 06
00 ................
0006ffa0 60 9e 07 00 90 e9 06 00 - 01 00 00 00 01 00 00
00 `...............
0006ffb0 00 00 00 00 ff ff ff ff - ff ff ff ff ff ff ff
ff ................
0006ffc0 f0 ff 06 00 f5 87 4e 7c - 00 00 00 00 00 00 00
00 ......N|........
0006ffd0 00 f0 fd 7f 00 00 00 00 - c8 ff 06 00 00 00 00
00 ................
0006ffe0 ff ff ff ff b4 f0 4f 7c - c8 8e 4e 7c 00 00 00
00 ......O|..N|....
0006fff0 00 00 00 00 00 00 00 00 - 88 81 40 00 00 00 00
00 ..........@.....
00070000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 00 00
00 ................
00070010 00 00 00 00 00 fe 00 00 - 00 00 10 00 00 20 00
00 ............. ..
00070020 00 02 00 00 00 20 00 00 - 49 10 00 00 ff ef fd
7f ..... ..I.......
00070030 01 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x488
eax=00dcfcfc ebx=80030001 ecx=000a3a00 edx=00000000
esi=00086580 edi=00000100
eip=77f839c7 esp=00dcfe28 ebp=00dcff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,
[esp+0x4] ss:01849d0f=????????
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839cd 8b483c mov ecx,
[eax+0x3c] ds:01849be2=????????
77f839d0 f6400801 test byte ptr
[eax+0x8],0x1 ds:01849be2=??
77f839d4 7502 jnz
RtlCreateProcessParameters+0xd (77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov
[ebp+0xe4],ecx ss:01849e5a=????????
77f839db 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839de 668b4038 mov ax,
[eax+0x38] ds:01849be3=????
77f839e2 668945e0 mov
[ebp+0xe0],ax ss:01849e5b=????
77f839e6 668945e2 mov
[ebp+0xe2],ax ss:01849e5b=????
77f839ea 53 push ebx
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00DCFF74 77D3D9DB 77D3DDED 00086580 40086078 00000070
ntdll!NtReplyWaitReceivePortEx
00DCFFA8 77D3DD0B 00079398 00DCFFEC 7C4E987C 000866B0
rpcrt4!RpcBindingSetOption
00DCFFB4 7C4E987C 000866B0 40086078 00000070 000866B0
rpcrt4!RpcBindingSetOption
00DCFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x420
eax=00486f70 ebx=00000000 ecx=00231f50 edx=00000000
esi=00000000 edi=00000000
eip=77e13569 esp=00f9ff2c ebp=00f9ff4c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: WaitMessage
77e1355e b836120000 mov eax,0x1236
77e13563 8d542404 lea edx,
[esp+0x4] ss:01a19e13=adf00d0b
77e13567 cd2e int 2e
77e13569 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00F9FF4C 0040A389 631BC487 00400000 0035002D 0032002D
user32!WaitMessage
00F9FFB4 7C4E987C 00000000 0035002D 0032002D 0006FEE0
explorer!<nosymbols>
00F9FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x41c
eax=00000000 ebx=00000008 ecx=78302228 edx=00000000
esi=77f93233 edi=00000008
eip=77f9323e esp=00fefd98 ebp=00fefde4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:01a69c7f=4c52550b
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00FEFDE4 77E13990 00FEFDBC 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
00FEFE40 77E13A5C 00FEFE0C 00FEFEB8 FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
00FEFE5C 78319390 00000007 00FEFEB8 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
784102B8 FFFFFFFF 00000000 00000000 000001C8 00000000
shell32!Ordinal200
77FCFE20 784102B8 77FCFE48 77FCFE08 00000023 00000023
<nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000
shell32!<nosymbols>
State Dump for Thread Id 0x428
eax=000a2e20 ebx=00000002 ecx=782f4cd0 edx=00000000
esi=77f93233 edi=00000002
eip=77f9323e esp=0106fe5c ebp=0106fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:01ae9d43=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0106FEA8 77E13990 0106FE80 00000001 00000000 0106FEA0
ntdll!NtWaitForMultipleObjects
0106FF04 77E13A5C 0106FED0 631DBB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
0106FF20 631CA7B6 00000001 631DBB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
0106FF74 631CAB3E 0106FFA0 0106FFA4 0106FFA8 0106FF9C !
Ordinal265
0106FFAC 631CAD02 00000012 7C4E987C 00000000 00000000 !
Ordinal293
0106FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293
State Dump for Thread Id 0x430
eax=000000c0 ebx=00f9fccc ecx=7c4f3496 edx=00000000
esi=ffffffff edi=00000557
eip=77f8915e esp=0128ffa0 ebp=0128ffb4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b
gs=0000 efl=00000246
function: ZwDelayExecution
77f89153 b832000000 mov eax,0x32
77f89158 8d542404 lea edx,
[esp+0x4] ss:01d09e87=????????
77f8915c cd2e int 2e
77f8915e c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0128FFB4 7C4E987C 00F9FCCC 00000557 FFFFFFFF 00F9FCCC
ntdll!ZwDelayExecution
0128FFEC 00000000 77F85C00 00F9FCCC 00000000 00905A4D
kernel32!SetThreadExecutionState
*----> Raw Stack Dump <----*
0128ffa0 42 5c f8 77 01 00 00 00 - ac ff 28 01 00 00 00
00 B\.w......(.....
0128ffb0 00 00 00 80 ec ff 28 01 - 7c 98 4e 7c cc fc f9
00 ......(.|.N|....
0128ffc0 57 05 00 00 ff ff ff ff - cc fc f9 00 00 50 fd
7f W............P..
0128ffd0 96 34 4f 7c c0 ff 28 01 - 96 34 4f 7c ff ff ff
ff .4O|..(..4O|....
0128ffe0 b4 f0 4f 7c 60 d3 4e 7c - 00 00 00 00 00 00 00
00 ..O|`.N|........
0128fff0 00 00 00 00 00 5c f8 77 - cc fc f9 00 00 00 00
00 .....\.w........
01290000 4d 5a 90 00 03 00 00 00 - 04 00 00 00 ff ff 00
00 MZ..............
01290010 b8 00 00 00 00 00 00 00 - 40 00 00 00 00 00 00
00 ........@.......
01290020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01290030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 01 00
00 ................
01290040 0e 1f ba 0e 00 b4 09 cd - 21 b8 01 4c cd 21 54
68 ........!..L.!Th
01290050 69 73 20 70 72 6f 67 72 - 61 6d 20 63 61 6e 6e
6f is program canno
01290060 74 20 62 65 20 72 75 6e - 20 69 6e 20 44 4f 53
20 t be run in DOS
01290070 6d 6f 64 65 2e 0d 0d 0a - 24 00 00 00 00 00 00
00 mode....$.......
01290080 9b b6 e5 4f df d7 8b 1c - df d7 8b 1c df d7 8b
1c ...O............
01290090 92 f4 97 1c de d7 8b 1c - 16 f5 a1 1c de d7 8b
1c ................
012900a0 df d7 8a 1c b6 d6 8b 1c - 25 f4 92 1c d2 d7 8b
1c ........%.......
012900b0 25 f4 cb 1c cf d7 8b 1c - 25 f4 b4 1c de d7 8b
1c %.......%.......
012900c0 05 f4 96 1c ef d7 8b 1c - 05 f4 97 1c 8f d7 8b
1c ................
012900d0 48 f4 ce 1c de d7 8b 1c - 25 f4 b6 1c de d7 8b
1c H.......%.......
State Dump for Thread Id 0x408
eax=000b70f0 ebx=00000000 ecx=00000000 edx=00000000
esi=00000000 edi=014efda4
eip=77f950df esp=014ef9f0 ebp=014efa50 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: ZwDeviceIoControlFile
77f950d4 b838000000 mov eax,0x38
77f950d9 8d542404 lea edx,
[esp+0x4] ss:01f698d7=????????
77f950dd cd2e int 2e
77f950df c22800 ret 0x28
77f950e2 8bca mov ecx,edx
77f950e4 894dcc mov
[ebp+0xcc],ecx ss:01f69936=????????
77f950e7 66832100 and word ptr
[ecx],0x0 ds:00000000=????
77f950eb e9eccaffff jmp
RtlDosPathNameToNtPathName_U+0x25a (77f91bdc)
77f950f0 8b4508 mov eax,
[ebp+0x8] ss:01f69936=????????
77f950f3 5e pop esi
77f950f4 5f pop edi
77f950f5 c9 leave
77f950f6 c3 ret
77f950f7 55 push ebp
77f950f8 8bec mov ebp,esp
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
014EFA50 76F585B4 0000075C 0017000E 76F5F700 00000038
ntdll!ZwDeviceIoControlFile
014EFD30 76F52B06 0009CFDC 014EFD4C 0009CF58 0009CF48
netshell!<nosymbols>
014EFDA8 76F53B99 014EFDC4 014EFDEC 000B70F0 000AA4C8
netshell!NetSetupSetProgressCallback
014EFDCC 76F50F7D 0009CF58 014EFDEC 00000000 014EFED8
netshell!NetSetupSetProgressCallback
014EFDF4 76F50F05 000C3240 000B70F0 014EFE24 77E12CA8
netshell!NetSetupSetProgressCallback
014EFE04 77E12CA8 00000000 00000113 00007FE3 000C3240
netshell!NetSetupSetProgressCallback
014EFE24 77E12E4E 76F50ED1 00000000 00000113 00007FE3
user32!GetSysColor
014EFEB0 77E12F0F 014EFED8 00000000 76F21E2C 014EFED8
user32!GetSysColor
00000001 00000000 00000000 00000000 00000000 00000000
user32!DispatchMessageW
*----> Raw Stack Dump <----*
014ef9f0 91 d6 4f 7c 5c 07 00 00 - 00 00 00 00 00 00 00
00 ..O|\...........
014efa00 00 00 00 00 28 fa 4e 01 - 0e 00 17 00 00 f7 f5
76 ....(.N........v
014efa10 38 00 00 00 84 fa 4e 01 - a0 02 00 00 a4 fd 4e
01 8.....N.......N.
014efa20 4c fd 4e 01 5c 07 00 00 - 00 00 00 00 90 00 00
00 L.N.\...........
014efa30 98 88 f5 76 74 fa 4e 01 - 1c fa 4e 01 01 01 01
01 ...vt.N...N.....
014efa40 a0 fe 4e 01 b4 f0 4f 7c - c0 d6 4f 7c ff ff ff
ff ..N...O|..O|....
014efa50 30 fd 4e 01 b4 85 f5 76 - 5c 07 00 00 0e 00 17
00 0.N....v\.......
014efa60 00 f7 f5 76 38 00 00 00 - 84 fa 4e 01 a0 02 00
00 ...v8.....N.....
014efa70 38 fd 4e 01 00 00 00 00 - ec fd 4e 01 a4 fd 4e
01 8.N.......N...N.
014efa80 48 cf 09 00 07 01 01 00 - 04 00 00 00 40 42 0f
00 H...........@B..
014efa90 04 01 01 80 04 00 00 00 - 00 00 00 00 14 01 01
80 ................
014efaa0 04 00 00 00 00 00 00 00 - 01 01 02 00 04 00 00
00 ................
014efab0 c2 00 00 00 02 01 02 00 - 04 00 00 00 da 06 00
00 ................
014efac0 03 01 02 00 04 00 00 00 - 00 00 00 00 04 01 02
00 ................
014efad0 04 00 00 00 00 00 00 00 - 08 02 02 80 04 00 00
00 ................
014efae0 9b 00 00 00 ff ff ff 80 - 04 00 00 00 16 03 00
00 ................
014efaf0 13 02 02 80 04 00 00 00 - 4e 00 00 00 14 02 02
80 ........N.......
014efb00 04 00 00 00 00 00 00 00 - 15 02 02 80 04 00 00
00 ................
014efb10 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
014efb20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x40c
eax=00000000 ebx=77e339d4 ecx=0152fd0c edx=00000000
esi=0152fd70 edi=77e12f5f
eip=77e12f5c esp=0152fd04 ebp=0152fd1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: TranslateMessageEx
77e12f3a 0f8540d80200 jne
UnregisterHotKey+0xe89 (77e40780)
77e12f40 33c0 xor eax,eax
77e12f42 c20800 ret 0x8
77e12f45 ff742408 push dword ptr
[esp+0x8] ss:01fa9beb=????????
77e12f49 51 push ecx
77e12f4a e8ce1e0000 call GetKeyState+0x9b
(77e14e1d)
77e12f4f ebf1 jmp DrawStateA+0x6e6
(77e1e842)
77e12f51 b89a110000 mov eax,0x119a
77e12f56 8d542404 lea edx,
[esp+0x4] ss:01fa9beb=????????
77e12f5a cd2e int 2e
77e12f5c c21000 ret 0x10
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0152FD1C 766D1AD2 0152FD70 00000000 00000000 00000000
user32!TranslateMessageEx
0152FD90 766D198E 00010076 00000000 766D2848 00000001
stobject!DllGetClassObject
0152FFB4 7C4E987C 00000000 00F9FAA0 77F98191 00000000
stobject!DllGetClassObject
0152FFEC 00000000 766D1949 00000000 00000000 00040000
kernel32!SetThreadExecutionState
*----> Raw Stack Dump <----*
0152fd04 86 2f e1 77 70 fd 52 01 - 00 00 00 00 00 00 00
00 ./.wp.R.........
0152fd14 00 00 00 00 00 00 00 00 - 90 fd 52 01 d2 1a 6d
76 ..........R...mv
0152fd24 70 fd 52 01 00 00 00 00 - 00 00 00 00 00 00 00
00 p.R.............
0152fd34 a0 fa f9 00 00 00 6d 76 - 00 00 00 00 30 00 00
00 ......mv....0...
0152fd44 00 40 00 00 00 13 6d 76 - 00 00 00 00 1e 00 00
00 [email protected]........
0152fd54 00 00 6d 76 65 00 01 00 - 11 00 01 00 10 00 00
00 ..mve...........
0152fd64 00 00 00 00 50 28 6d 76 - 00 00 00 00 80 00 01
00 ....P(mv........
0152fd74 2d 05 00 00 d1 04 00 00 - 00 00 00 00 0f aa 09
00 -...............
0152fd84 dd 03 00 00 ab 02 00 00 - 00 00 00 00 b4 ff 52
01 ..............R.
0152fd94 8e 19 6d 76 76 00 01 00 - 00 00 00 00 48 28 6d
76 ..mvv.......H(mv
0152fda4 01 00 00 00 91 81 f9 77 - 43 00 3a 00 5c 00 57
00 .......wC.:.\.W.
0152fdb4 49 00 4e 00 4e 00 54 00 - 5c 00 73 00 79 00 73
00 I.N.N.T.\.s.y.s.
0152fdc4 74 00 65 00 6d 00 33 00 - 32 00 5c 00 73 00 74
00 t.e.m.3.2.\.s.t.
0152fdd4 6f 00 62 00 6a 00 65 00 - 63 00 74 00 2e 00 64
00 o.b.j.e.c.t...d.
0152fde4 6c 00 6c 00 00 00 4e 7c - 1b 00 00 00 00 02 00
00 l.l...N|........
0152fdf4 fc ff 52 01 23 00 00 00 - 00 00 00 00 00 00 00
00 ..R.#...........
0152fe04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0152fe14 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0152fe24 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0152fe34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
State Dump for Thread Id 0x400
eax=77562bda ebx=00000002 ecx=00000000 edx=00000000
esi=77f93233 edi=00000002
eip=77f9323e esp=015bff24 ebp=015bff70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:02039e0b=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
015BFF70 7C4FABFB 015BFF48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
015BFFB4 7C4E987C 00000000 00000009 0152F520 00000000
kernel32!WaitForMultipleObjects
015BFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x4b8
eax=00000000 ebx=000493e0 ecx=000859c0 edx=00000000
esi=000857b8 edi=000493e0
eip=77f8beb2 esp=0170febc ebp=0170fee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297
function: NtRemoveIoCompletion
77f8bea7 b8a8000000 mov eax,0xa8
77f8beac 8d542404 lea edx,
[esp+0x4] ss:02189da3=????????
77f8beb0 cd2e int 2e
77f8beb2 c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0170FEE4 77D357C0 00000124 0170FF1C 0170FF0C 0170FF14
ntdll!NtRemoveIoCompletion
0170FF20 77D52899 000493E0 0170FF60 0170FF5C 0170FF70
rpcrt4!UuidFromStringA
0170FF74 77D52778 77D3DD59 000857B8 0152F3CA 77F8C277
rpcrt4!I_RpcTransConnectionReallocPacket
0170FFA8 77D3DD0B 000A3288 0170FFEC 7C4E987C 000A3048
rpcrt4!I_RpcTransConnectionReallocPacket
0170FFB4 7C4E987C 000A3048 0152F3CA 77F8C277 000A3048
rpcrt4!RpcBindingSetOption
0170FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x4c4
eax=77d3dcf3 ebx=80030001 ecx=000b76e0 edx=00000000
esi=00086580 edi=00000100
eip=77f839c7 esp=01affe28 ebp=01afff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,
[esp+0x4] ss:02579d0f=????????
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839cd 8b483c mov ecx,
[eax+0x3c] ds:787b7bd9=????????
77f839d0 f6400801 test byte ptr
[eax+0x8],0x1 ds:787b7bd9=??
77f839d4 7502 jnz
RtlCreateProcessParameters+0xd (77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov
[ebp+0xe4],ecx ss:02579e5a=????????
77f839db 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839de 668b4038 mov ax,
[eax+0x38] ds:787b7bda=????
77f839e2 668945e0 mov
[ebp+0xe0],ax ss:02579e5b=????
77f839e6 668945e2 mov
[ebp+0xe2],ax ss:02579e5b=????
77f839ea 53 push ebx
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01AFFF74 77D3D9DB 77D3DD59 00086580 00000000 00DCFA74
ntdll!NtReplyWaitReceivePortEx
01AFFFA8 77D3DD0B 000AE510 01AFFFEC 7C4E987C 000B8DD0
rpcrt4!RpcBindingSetOption
01AFFFB4 7C4E987C 000B8DD0 00000000 00DCFA74 000B8DD0
rpcrt4!RpcBindingSetOption
01AFFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
State Dump for Thread Id 0x2e8
eax=00007530 ebx=0000059c ecx=01b3e97c edx=00000000
esi=000003e0 edi=01b3e97c
eip=77e137e7 esp=01b3e8f4 ebp=01b3e92c iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: GetClientRect
77e137ce e177 loope
AttachThreadInput+0x56 (77e21447)
77e137d0 dc37 fdiv qword ptr [edi]
ds:01b3e97c=01b3e9a800000000
77e137d2 e177 loope
AttachThreadInput+0x5a (77e2144b)
77e137d4 dc37 fdiv qword ptr [edi]
ds:01b3e97c=01b3e9a800000000
77e137d6 e177 loope
AttachThreadInput+0x5e (77e2144f)
77e137d8 dc37 fdiv qword ptr [edi]
ds:01b3e97c=01b3e9a800000000
77e137da e177 loope DrawStateA+0xef7
(77e1f053)
77e137dc b8bc110000 mov eax,0x11bc
77e137e1 8d542404 lea edx,
[esp+0x4] ss:025b87db=????????
77e137e5 cd2e int 2e
77e137e7 c21c00 ret 0x1c
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01B3E92C 77E25DB4 FFFFFFFF 000003E0 0004027A C065C064
user32!GetClientRect
01B3E954 7833D051 FFFFFFFF 000003E0 0004027A C065C064
user32!SendMessageTimeoutW
01B3E980 78329109 0004027A 00000000 00129008 00000000
shell32!Ordinal3
01B3E9A8 7832A2AD 00000001 0003025A 00000001 00000000
shell32!ShellExecuteEx
00000000 00000000 00000000 00000000 00000000 00000000
shell32!Ordinal159
*----> Raw Stack Dump <----*
01b3e8f4 85 5b e2 77 0a 00 01 00 - e0 03 00 00 7a 02 04
00 .[.w........z...
01b3e904 64 c0 65 c0 1c e9 b3 01 - af 02 00 00 00 00 00
00 d.e.............
01b3e914 2c 00 1d 01 64 c0 65 c0 - 02 00 00 00 30 75 00
00 ,...d.e.....0u..
01b3e924 00 00 00 00 00 00 00 00 - 54 e9 b3 01 b4 5d e2
77 ........T....].w
01b3e934 ff ff ff ff e0 03 00 00 - 7a 02 04 00 64 c0 65
c0 ........z...d.e.
01b3e944 02 00 00 00 30 75 00 00 - 7c e9 b3 01 00 00 00
00 ....0u..|.......
01b3e954 80 e9 b3 01 51 d0 33 78 - ff ff ff ff e0 03 00
00 ....Q.3x........
01b3e964 7a 02 04 00 64 c0 65 c0 - 02 00 00 00 30 75 00
00 z...d.e.....0u..
01b3e974 7c e9 b3 01 08 90 12 00 - 00 00 00 00 a8 e9 b3
01 |...............
01b3e984 09 91 32 78 7a 02 04 00 - 00 00 00 00 08 90 12
00 ..2xz...........
01b3e994 00 00 00 00 9c 05 00 00 - 7a 02 04 00 01 00 00
00 ........z.......
01b3e9a4 0e 00 00 00 00 00 00 00 - ad a2 32 78 01 00 00
00 ..........2x....
01b3e9b4 5a 02 03 00 01 00 00 00 - 00 00 00 00 00 ed b3
01 Z...............
01b3e9c4 08 90 12 00 33 98 32 78 - 00 00 00 00 08 90 12
00 ....3.2x........
01b3e9d4 03 00 20 20 00 00 00 00 - 8e 97 32 78 00 ed b3
01 .. ......2x....
01b3e9e4 9f dd 4f 7c 00 ed b3 01 - 04 97 32 78 00 ed b3
01 ..O|......2x....
01b3e9f4 9f dd 4f 7c 00 00 00 00 - 50 ed b3 01 a8 ab 09
00 ..O|....P.......
01b3ea04 01 00 00 00 b3 53 31 78 - 00 ed b3 01 c0 e1 0d
00 .....S1x........
01b3ea14 40 f0 b3 01 d8 ef b3 01 - 13 00 00 00 68 a1 7e
63 @...........h.~c
01b3ea24 50 ea b3 01 b0 e3 58 63 - c9 30 02 02 77 00 00
00 P.....Xc.0..w...
State Dump for Thread Id 0x1a0
eax=77a8e915 ebx=00000102 ecx=00070778 edx=00000000
esi=77f89153 edi=01b7ff74
eip=77f8915e esp=01b7ff60 ebp=01b7ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
function: ZwDelayExecution
77f89153 b832000000 mov eax,0x32
77f89158 8d542404 lea edx,
[esp+0x4] ss:025f9e47=????????
77f8915c cd2e int 2e
77f8915e c20800 ret 0x8
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
01B7FF7C 7C4FAC79 0000EA60 00000000 77A60216 0000EA60
ntdll!ZwDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep
State Dump for Thread Id 0x424
eax=00115000 ebx=0244ff74 ecx=00117000 edx=00000000
esi=77f94086 edi=000004cc
eip=77f94091 esp=0244ff58 ebp=0244ff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: ZwWaitForSingleObject
77f94086 b8ea000000 mov eax,0xea
77f9408b 8d542404 lea edx,
[esp+0x4] ss:02ec9e3f=????????
77f9408f cd2e int 2e
77f94091 c20c00 ret 0xc
77f94094 8a5001 mov dl,
[eax+0x1] ds:00b8eee6=??
77f94097 3a5101 cmp dl,
[ecx+0x1] ds:00b90ee6=??
77f9409a 0f8598c7ffff jne
RtlEqualPrefixSid+0x44 (77f90838)
77f940a0 84d2 test dl,dl
77f940a2 7410 jz
RtlQueryAtomInAtomTable+0x31 (77f94fb4)
77f940a4 0fb6d2 movzx edx,dl
77f940a7 33ff xor edi,edi
77f940a9 8d72ff lea esi,
[edx+0xff] ds:00a79ee6=????????
77f940ac 85f6 test esi,esi
77f940ae 0f8f04100100 jnle
RtlEraseUnicodeString+0x4e (77fa50b8)
77f940b4 b001 mov al,0x1
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0244FF7C 7C4F1B1B 000004CC 000927C0 00000000 6369DC45
ntdll!ZwWaitForSingleObject
77F89134 4AFFC033 58850F08 890000C1 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
State Dump for Thread Id 0x4b4
eax=0248f27c ebx=0248f26c ecx=00000002 edx=00115950
esi=00000000 edi=00115950
eip=636ffeeb esp=0248f214 ebp=0248f224 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
function: <nosymbols>
636ffece 8bcf mov ecx,edi
636ffed0 e8c9cce9ff call 6359cb9e
636ffed5 8b7d14 mov edi,
[ebp+0x14] ss:02f0910a=????????
636ffed8 8d4c0002 lea ecx,
[eax+eax+0x2] ds:02f09163=????????
636ffedc 8bc1 mov eax,ecx
636ffede c1e902 shr ecx,0x2
636ffee1 f3a5 rep movsd
ds:00000000=???????? es:00115950=00000000
636ffee3 8bc8 mov ecx,eax
636ffee5 8b4510 mov eax,
[ebp+0x10] ss:02f0910a=????????
636ffee8 83e103 and ecx,0x3
FAULT ->636ffeeb f3a4 rep movsb
ds:00000000=?? es:00115950=00
636ffeed 8b4d14 mov ecx,
[ebp+0x14] ss:02f0910a=????????
636ffef0 8908 mov
[eax],ecx ds:0248f27c=00000006
636ffef2 eb51 jmp
MatchExactGetIDsOfNames+0x63a31 (63708245)
636ffef4 837d1401 cmp dword ptr
[ebp+0x14],0x1 ss:02f0910a=????????
636ffef8 0f826229f4ff jb 63642860
636ffefe 8b4508 mov eax,
[ebp+0x8] ss:02f0910a=????????
636fff01 8b400c mov eax,
[eax+0xc] ds:02f09162=????????
636fff04 85c0 test eax,eax
636fff06 0f845429f4ff je 63642860
636fff0c 8b7024 mov esi,
[eax+0x24] ds:02f09162=????????
636fff0f 85f6 test esi,esi
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0248F224 1A40ED02 0012DFF4 0000000E 0248F27C 00115950 !
MatchExactGetIDsOfNames
0248F248 10001B67 000DB7C8 0000000E 0248F27C 00000001 !
FindMimeFromData
0248F2C0 1A406806 00000000 00120C30 000DB968 00000000 !
<nosymbols>
0248F2E8 1A421CC4 000DB7C0 00000016 00000000 00000000 !
CreateAsyncBindCtxEx
0248F318 1A40AE34 000DB7C0 00000016 00120C30 1A40AE09 !
CompareSecurityIds
0248F354 1A415831 00000016 0248F5C0 00000000 00108B40 !
IsAsyncMoniker
0248F7D0 1A40B47D 00000000 00108B40 00108B50 1A40B440 !
FindMediaTypeClass
0248F7FC 1A408227 00000000 000C21F8 000DB7C0 000DB7C8 !
IsAsyncMoniker
0248F824 1A4077FD 000DB968 000C21F8 000DB7C0 000DB7C8 !
CreateAsyncBindCtxEx
0248F86C 635F1B8D 000DB7C0 000C21F8 0012E014 00000000 !
CreateAsyncBindCtxEx
0248FAC0 635F19DA 000C21F8 873F0000 0248FBE4 02026830 !
<nosymbols>
0248FADC 635F193D 0248FBE4 02026844 873F0000 02026830 !
<nosymbols>
0248FB00 63603F30 0248FBE4 02023EB0 00001FDD 873F0000 !
<nosymbols>
0248FB50 635F1254 0202A3E0 02023EB0 00000000 00000000 !
<nosymbols>
0248FB74 635F27A6 02023FA0 00000001 00000000 0248FBE4 !
<nosymbols>
0248FBCC 636055AF 02023FA0 00000000 10000000 00128008 !
<nosymbols>
0248FCE4 00000000 00400000 0201B160 C00007B0 00081800 !
<nosymbols>
*----> Raw Stack Dump <----*
0248f214 00 00 00 00 7c f2 48 02 - 6c b9 0d 00 00 00 00
00 ....|.H.l.......
0248f224 48 f2 48 02 02 ed 40 1a - f4 df 12 00 0e 00 00
00 H.H...@.........
0248f234 7c f2 48 02 50 59 11 00 - 6c f2 48 02 00 00 00
00 |.H.PY..l.H.....
0248f244 4c 00 b4 02 c0 f2 48 02 - 67 1b 00 10 c8 b7 0d
00 L.....H.g.......
0248f254 0e 00 00 00 7c f2 48 02 - 01 00 00 00 6c f2 48
02 ....|.H.....l.H.
0248f264 c8 b7 0d 00 da 18 41 1a - 00 00 00 00 30 0c 12
00 ......A.....0...
0248f274 6c b9 0d 00 c8 b7 0d 00 - 06 00 00 00 90 f2 48
02 l.............H.
0248f284 6c b9 0d 00 00 00 00 00 - c0 b7 0d 00 14 00 00
00 l...............
0248f294 00 00 00 00 68 b9 0d 00 - 00 00 00 00 00 00 00
00 ....h...........
0248f2a4 e5 81 76 4f af 6c 8d 47 - 9c b8 4c a5 93 be e7
fb ..vO.l.G..L.....
0248f2b4 50 00 b4 02 78 42 0b 00 - 4c 00 b4 02 e8 f2 48
02 P...xB..L.....H.
0248f2c4 06 68 40 1a 00 00 00 00 - 30 0c 12 00 68 b9 0d
00 [email protected]...
0248f2d4 00 00 00 00 00 00 00 00 - c0 b7 0d 00 00 00 00
00 ................
0248f2e4 00 00 00 00 18 f3 48 02 - c4 1c 42 1a c0 b7 0d
00 ......H...B.....
0248f2f4 16 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0248f304 30 0c 12 00 00 00 00 00 - 00 00 00 00 fc 8b 10
00 0...............
0248f314 40 8b 10 00 54 f3 48 02 - 34 ae 40 1a c0 b7 0d
00 @...T.H.4.@.....
0248f324 16 00 00 00 30 0c 12 00 - 09 ae 40 1a d8 9e 0f
00 ....0.....@.....
0248f334 16 00 00 00 30 0c 12 00 - 04 01 00 00 40 8b 10
00 ....0.......@...
0248f344 00 00 00 00 01 00 00 00 - 05 40 00 80 30 0c 12
00 [email protected]...
State Dump for Thread Id 0x450
eax=0250fd70 ebx=024cff74 ecx=00000000 edx=00000000
esi=77f94086 edi=000004e4
eip=77f94091 esp=024cff58 ebp=024cff7c iopl=0 nv
up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000293
function: ZwWaitForSingleObject
77f94086 b8ea000000 mov eax,0xea
77f9408b 8d542404 lea edx,
[esp+0x4] ss:02f49e3f=????????
77f9408f cd2e int 2e
77f94091 c20c00 ret 0xc
77f94094 8a5001 mov dl,
[eax+0x1] ds:02f89c56=??
77f94097 3a5101 cmp dl,
[ecx+0x1] ds:00a79ee6=??
77f9409a 0f8598c7ffff jne
RtlEqualPrefixSid+0x44 (77f90838)
77f940a0 84d2 test dl,dl
77f940a2 7410 jz
RtlQueryAtomInAtomTable+0x31 (77f94fb4)
77f940a4 0fb6d2 movzx edx,dl
77f940a7 33ff xor edi,edi
77f940a9 8d72ff lea esi,
[edx+0xff] ds:00a79ee6=????????
77f940ac 85f6 test esi,esi
77f940ae 0f8f04100100 jnle
RtlEraseUnicodeString+0x4e (77fa50b8)
77f940b4 b001 mov al,0x1
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
024CFF7C 7C4F1B1B 000004E4 000927C0 00000000 6369DC45
ntdll!ZwWaitForSingleObject
77F89134 4AFFC033 58850F08 890000C1 FF900C42 8D0F044A
kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000
<nosymbols>
State Dump for Thread Id 0x51c
eax=7ffd2004 ebx=00000003 ecx=02b1f8d0 edx=00000000
esi=77f93233 edi=00000003
eip=77f9323e esp=02b1fd24 ebp=02b1fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:03599c0b=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
02B1FD70 7C4FABFB 02B1FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
02B1FFB4 7C4E987C 00000004 7FFAC000 7C2D02A7 000E0678
kernel32!WaitForMultipleObjects
02B1FFEC 00000000 778321FE 000E0678 00000000 00000001
kernel32!SetThreadExecutionState
*----> Raw Stack Dump <----*
02b1fd24 d7 bd 4e 7c 03 00 00 00 - 48 fd b1 02 01 00 00
00 ..N|....H.......
02b1fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 78 06 0e
00 ............x...
02b1fd44 01 00 00 00 c4 05 00 00 - c8 05 00 00 d8 05 00
00 ................
02b1fd54 88 02 00 00 5b cc cd 2c - 89 02 00 00 5b cc cd
2c ....[..,....[..,
02b1fd64 8a 02 00 00 5b cc cd 2c - 8b 02 00 00 b4 ff b1
02 ....[..,........
02b1fd74 fb ab 4f 7c 48 fd b1 02 - 01 00 00 00 00 00 00
00 ..O|H...........
02b1fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
02b1fd94 b0 fe b1 02 00 00 00 00 - ff ff ff ff 78 06 0e
00 ............x...
02b1fda4 a7 02 2d 7c 00 c0 fa 7f - 93 02 00 00 5b cc cd
2c ..-|........[..,
02b1fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
02b1fdc4 23 00 00 00 23 00 00 00 - 00 c0 fa 7f a7 02 2d
7c #...#.........-|
02b1fdd4 78 06 0e 00 00 c0 fa 7f - 4c 00 00 00 fe 21 83
77 x.......L....!.w
02b1fde4 f8 cb fa 7f 24 98 4e 7c - 1b 00 00 00 00 02 00
00 ....$.N|........
02b1fdf4 fc ff b1 02 23 00 00 00 - 48 f2 36 81 48 f2 36
81 ....#...H.6.H.6.
02b1fe04 40 00 00 00 24 8b 89 b7 - 80 fd 44 80 00 b6 3e
81 @...$.....D...>.
02b1fe14 00 00 00 00 00 00 00 00 - 88 35 38 81 b2 34 49
80 .........58..4I.
02b1fe24 88 35 38 81 28 03 00 00 - 1e bf 00 00 d0 1a 9e
81 .58.(...........
02b1fe34 00 07 00 00 4c d1 44 80 - 1e bf 00 00 d0 1a 9e
81 ....L.D.........
02b1fe44 1e bf 00 00 d0 1a 9e 81 - 01 c2 fd 7f b3 05 00
00 ................
02b1fe54 f1 da 44 80 b3 05 00 00 - 30 be 36 81 00 c0 fd
7f ..D.....0.6.....