Dr.Watson entry - what does it mean?


G

Greg Foulks

I found a Dr. Watson error log that shows the following... What does it
mean?

Application exception occurred:
App: (pid=1592)
When: 9/17/2003 @ 12:27:23.906
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: GATEKEEPER
User Name: administrator
Number of Processors: 1
Processor Type: x86 Family 6 Model 8 Stepping 3
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 4
Current Type: Uniprocessor Free
Registered Organization: NewFound Technologies, Inc.
Registered Owner: Gatekeeper

*----> Task List <----*
0 Idle.exe
8 System.exe
176 SMSS.exe
200 CSRSS.exe
224 WINLOGON.exe
252 SERVICES.exe
264 LSASS.exe
384 termsrv.exe
476 svchost.exe
528 svchost.exe
568 spoolsv.exe
640 msdtc.exe
760 amgrsrvc.exe
804 LLSSRV.exe
832 sscansvc.exe
916 Mcshield.exe
932 VsTskMgr.exe
968 naimas32.exe
1020 ntfrs.exe
1080 regsvc.exe
1096 mstask.exe
1116 svchost.exe
1192 WinMgmt.exe
1200 svchost.exe
1212 Wuser32.exe
1248 beremote.exe
1292 dfssvc.exe
1312 mqsvc.exe
1508 MSPADMIN.exe
1656 WSPSRV.exe
1700 W3PROXY.exe
1724 W3PREFCH.exe
1616 CcmExec.exe
2204 CSRSS.exe
2108 WINLOGON.exe
2332 rdpclip.exe
2344 explorer.exe
2412 naimag32.exe
2420 shstat.exe
2424 IMClient.exe
2428 mmc.exe
1984 logon.scr.exe
2148 IEXPLORE.exe
896 OLFCT115.exe
2000 Setup.exe
1592 IKernel.exe
1404 DRWTSN32.exe
0 _Total.exe

(00400000 - 004AA000)
(77F80000 - 77FFB000)
(71710000 - 71794000)
(77F40000 - 77F7C000)
(7C4E0000 - 7C599000)
(77E10000 - 77E75000)
(7C2D0000 - 7C332000)
(77D30000 - 77D9E000)
(782F0000 - 78538000)
(63180000 - 631E5000)
(78000000 - 78045000)
(77A50000 - 77B3C000)
(779B0000 - 77A4B000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(775A0000 - 77626000)
(10000000 - 10008000)
(018C0000 - 018D3000)
(01920000 - 01956000)
(01B90000 - 01BE2000)
(77800000 - 7781E000)
(76620000 - 76631000)
(01E00000 - 01E37000)
(77570000 - 775A0000)
(01F50000 - 01F85000)
(77840000 - 7787E000)
(770C0000 - 770E3000)
(02210000 - 02262000)
(02380000 - 023B5000)
(02700000 - 02752000)
(02870000 - 028A5000)
(02C10000 - 02C31000)

State Dump for Thread Id 0x5f8

eax=00010011 ebx=00000000 ecx=01010101 edx=00000000 esi=0054e1b0
edi=00000000
eip=77e13569 esp=0012e748 ebp=0012e778 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246


function: WaitMessage
77e1355e b836120000 mov eax,0x1236
77e13563 8d542404 lea edx,[esp+0x4]
ss:0094862f=????????
77e13567 cd2e int 2e
77e13569 c3 ret

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0012E778 77E1CA62 000C01A6 000B01AC 00000001 00000000 user32!WaitMessage
0012E79C 77E2BB55 77E10000 001BE8F8 00000000 77E2B2BD
user32!CreateDialogParamA
0012EA54 77E2B59D 00002010 0012EBF4 FFFFFFFF 00000000
user32!SoftModalMessageBox
0012EB9C 77E2C0DE 00000001 00000000 00000028 000B01AC user32!SetSystemMenu
0012EBF4 77E3812F 000B01AC 025468F0 001FFD60 00002010 user32!MessageBoxExW
0012EC24 77E380BC 000B01AC 02B8D8C0 01AB5A78 00002010 user32!MessageBoxExA
0012EC44 01927D63 000B01AC 02B8D8C0 01AB5A78 00002010 user32!MessageBoxA
0012ECF0 01927863 0218FF80 77E38098 0012EE8C 0266CBE0 !<nosymbols>
0012EF14 0192F284 0012EF70 02B8CE1C 02190390 02195B10 !<nosymbols>
0012EFB4 0192ED03 0012F048 02B8CE10 02190B94 00000046 !<nosymbols>
0012F07C 0192C3FD 00000046 0012F19C 018E1FA8 0012F168 !<nosymbols>
0012F0E0 018C5554 02190B94 0000000A 018C8748 00000000 !<nosymbols>
0012F1B8 018C5B77 018CA3CC 018E0000 018C6678 018E2000 !<nosymbols>
0012F2C8 01927863 02A13670 0270E6C8 0012F464 02A8E050 !<nosymbols>
0012F4EC 0192F284 0012F548 02B8B1AC 026FE1E0 02A13610 !<nosymbols>
0012F58C 0192ED03 0012F620 02B8B1A0 026FC244 00000033 !<nosymbols>
0012F654 0192C3FD 00000033 0012F774 0012F81C 0012F740 !<nosymbols>
0012F6B8 018C5554 026FC244 00000001 018C8748 00000000 !<nosymbols>
0012F790 018C4D45 018CA2E8 00120000 00206688 0012FABC !<nosymbols>
0012F854 77D77FB0 00000000 02020202 00000001 0012FB0C !<nosymbols>
0012F86C 77D95AD7 018C4B3D 0012F880 00000001 018E1ED8
rpcrt4!NdrServerMarshall
0012FACC 77D8F77E 02507BB8 0020F900 00142E78 0012FB0C rpcrt4!<nosymbols>
0012FB30 779E92E4 02507BB8 00142E78 0020F900 00000000
rpcrt4!CStdStubBuffer_Invoke
02500614 FFFFFFFF 00000000 00000000 00000000 00000000
oleaut32!UserEXCEPINFO_free_local
001FC2A8 02500614 001FC2D0 001FC290 00000000 00000000 <nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000 <nosymbols>

*----> Raw Stack Dump <----*
0012e748 7a cb e1 77 ac 01 0b 00 - 00 00 00 00 ff ff 00 00
z..w............
0012e758 a6 01 0c 00 00 02 00 00 - 00 00 00 00 45 00 56 00
.............E.V.
0012e768 98 a7 1e 00 83 01 00 00 - 65 01 00 00 00 00 00 00
.........e.......
0012e778 9c e7 12 00 62 ca e1 77 - a6 01 0c 00 ac 01 0b 00
.....b..w........
0012e788 01 00 00 00 00 00 00 00 - 3e 00 00 00 15 00 01 00
.........>.......
0012e798 ac eb 12 00 54 ea 12 00 - 55 bb e2 77 00 00 e1 77
.....T...U..w...w
0012e7a8 f8 e8 1b 00 00 00 00 00 - bd b2 e2 77 ac eb 12 00
............w....
0012e7b8 00 00 00 00 01 00 00 00 - ac eb 12 00 01 00 00 00
.................
0012e7c8 23 00 00 c0 00 00 00 00 - d6 aa 4e 7c 00 00 00 00
#.........N|....
0012e7d8 d7 bd 4e 7c 01 00 00 00 - fc e7 12 00 01 00 00 00
...N|............
0012e7e8 00 00 00 00 1c e8 12 00 - 02 01 00 00 14 e9 12 00
.................
0012e7f8 01 00 00 00 1c 02 00 00 - 18 de 6a 01 83 33 f8 77
...........j..3.w
0012e808 e0 40 0b 00 f4 dd 6a 01 - 10 00 00 00 10 cc 1f 00
[email protected]
0012e818 88 49 13 00 84 cc 1f 00 - 4b c5 a6 77 84 cc 1f 00
..I......K..w....
0012e828 48 88 b2 77 c8 9e 13 00 - 20 3e a5 77 10 cc 1f 00 H..w....
0012e838 00 00 00 00 00 00 00 00 - 00 00 00 00 15 01 01 80 ...............
..
0012e848 88 e8 12 00 06 8f aa 77 - e8 b9 b2 77 b0 9e 13 00
........w...w....
0012e858 84 cc 1f 00 00 00 00 00 - 00 00 00 00 10 00 00 00
.................
0012e868 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0012e878 68 07 20 00 d4 e9 12 00 - 00 00 00 00 e8 9e 13 00 h.
..............

State Dump for Thread Id 0x694

eax=00430ee4 ebx=00000000 ecx=0012fc6c edx=00000000 esi=77f94086
edi=00000060
eip=77f94091 esp=00e6ff64 ebp=00e6ff88 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000246


function: ZwWaitForSingleObject
77f94086 b8ea000000 mov eax,0xea
77f9408b 8d542404 lea edx,[esp+0x4]
ss:01689e4b=????????
77f9408f cd2e int 2e
77f94091 c20c00 ret 0xc
77f94094 8a5001 mov dl,[eax+0x1]
ds:00c4adca=??
77f94097 3a5101 cmp dl,[ecx+0x1]
ds:00949b52=??
77f9409a 0f8598c7ffff jne RtlEqualPrefixSid+0x44 (77f90838)
77f940a0 84d2 test dl,dl
77f940a2 7410 jz RtlQueryAtomInAtomTable+0x31
(77f94fb4)
77f940a4 0fb6d2 movzx edx,dl
77f940a7 33ff xor edi,edi
77f940a9 8d72ff lea esi,[edx+0xff]
ds:00819ee6=????????
77f940ac 85f6 test esi,esi
77f940ae 0f8f04100100 jnle RtlEraseUnicodeString+0x4e
(77fa50b8)
77f940b4 b001 mov al,0x1

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
00E6FF88 7C4F1B1B 00000060 FFFFFFFF 00000000 00430E66
ntdll!ZwWaitForSingleObject
00E6FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!WaitForSingleObject

State Dump for Thread Id 0x564

eax=00000000 ebx=80030001 ecx=00141d78 edx=00000000 esi=0013c890
edi=00000100
eip=77f839c7 esp=00f6fe28 ebp=00f6ff74 iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000206


function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,[esp+0x4]
ss:01789d0f=????????
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,[edi+0x10]
ds:00819fe6=????????
77f839cd 8b483c mov ecx,[eax+0x3c]
ds:00819ee6=????????
77f839d0 f6400801 test byte ptr [eax+0x8],0x1
ds:00819ee6=??
77f839d4 7502 jnz RtlCreateProcessParameters+0xd
(77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov [ebp+0xe4],ecx
ss:01789e5a=????????
77f839db 8b4710 mov eax,[edi+0x10]
ds:00819fe6=????????
77f839de 668b4038 mov ax,[eax+0x38]
ds:00819ee7=????
77f839e2 668945e0 mov [ebp+0xe0],ax
ss:01789e5b=????
77f839e6 668945e2 mov [ebp+0xe2],ax
ss:01789e5b=????
77f839ea 53 push ebx

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
00F6FF74 77D56D9E 77D39A00 0013C890 4013C388 00000070
ntdll!NtReplyWaitReceivePortEx
00F6FFA8 77D41C6C 0013B6E0 00F6FFEC 7C4E987C 0013B148 rpcrt4!TowerConstruct
00F6FFB4 7C4E987C 0013B148 4013C388 00000070 0013B148
rpcrt4!I_RpcServerInqTransportType
00F6FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState

State Dump for Thread Id 0x92c

eax=00140000 ebx=00000102 ecx=0106fd44 edx=00000000 esi=77f89153
edi=0106ff74
eip=77f8915e esp=0106ff60 ebp=0106ff7c iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000206


function: ZwDelayExecution
77f89153 b832000000 mov eax,0x32
77f89158 8d542404 lea edx,[esp+0x4]
ss:01889e47=????????
77f8915c cd2e int 2e
77f8915e c20800 ret 0x8

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0106FF7C 7C4FAC79 0000EA60 00000000 77AB85FC 0000EA60 ntdll!ZwDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep

*----> Raw Stack Dump <----*
0106ff60 a5 ac 4f 7c 00 00 00 00 - 74 ff 06 01 68 c4 4f 7c
...O|....t...h.O|
0106ff70 a0 ed 13 00 00 ba 3c dc - ff ff ff ff 30 75 00 00
.......<.....0u..
0106ff80 79 ac 4f 7c 60 ea 00 00 - 00 00 00 00 fc 85 ab 77
y.O|`..........w
0106ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5 77
`....F.w.......w
0106ffa0 a0 ed 13 00 ec ff 06 01 - a0 ed 13 00 53 46 ab 77
.............SF.w
0106ffb0 d8 7a a6 77 c3 7a a6 77 - 7c 98 4e 7c a0 ed 13 00
..z.w.z.w|.N|....
0106ffc0 d8 7a a6 77 c3 7a a6 77 - a0 ed 13 00 00 b0 fd 7f
..z.w.z.w........
0106ffd0 08 b7 13 00 c0 ff 06 01 - 08 b7 13 00 ff ff ff ff
.................
0106ffe0 b4 f0 4f 7c 60 d3 4e 7c - 00 00 00 00 00 00 00 00
...O|`.N|........
0106fff0 00 00 00 00 39 46 ab 77 - a0 ed 13 00 00 00 00 00
.....9F.w........
01070000 43 4f 4d 2b 01 00 00 00 - 01 00 11 00 24 00 00 00
COM+........$...
01070010 00 01 01 00 63 00 00 00 - 00 00 00 01 01 00 00 00
.....c...........
01070020 00 01 10 00 00 00 00 00 - c0 00 00 00 00 00 00 46
................F
01070030 06 00 00 00 20 01 00 00 - 40 01 00 00 33 5f 30 00 ....
[email protected]_0.
01070040 60 02 00 00 0c 00 00 00 - 33 5f 31 00 6c 02 00 00
`.......3_1.l...
01070050 88 01 00 00 33 5f 32 00 - f4 03 00 00 38 00 00 00
.....3_2.....8...
01070060 33 5f 33 00 2c 04 00 00 - a8 05 00 00 33 5f 34 00
3_3.,.......3_4.
01070070 d4 09 00 00 28 00 00 00 - 33 5f 35 00 fc 09 00 00
.....(...3_5.....
01070080 28 00 00 00 33 5f 36 00 - 24 0a 00 00 28 00 00 00
(...3_6.$...(...
01070090 33 5f 37 00 4c 0a 00 00 - 44 08 00 00 33 5f 38 00
3_7.L...D...3_8.

State Dump for Thread Id 0x69c

eax=00000000 ebx=80030001 ecx=00010101 edx=00000000 esi=0013c890
edi=00143268
eip=77f839c7 esp=0117fe28 ebp=0117ff74 iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000206


function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,[esp+0x4]
ss:01999d0f=00000000
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,[edi+0x10]
ds:0095d14e=????????
77f839cd 8b483c mov ecx,[eax+0x3c]
ds:00819ee6=????????
77f839d0 f6400801 test byte ptr [eax+0x8],0x1
ds:00819ee6=??
77f839d4 7502 jnz RtlCreateProcessParameters+0xd
(77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov [ebp+0xe4],ecx
ss:01999e5a=00010000
77f839db 8b4710 mov eax,[edi+0x10]
ds:0095d14e=????????
77f839de 668b4038 mov ax,[eax+0x38]
ds:00819ee7=????
77f839e2 668945e0 mov [ebp+0xe0],ax
ss:01999e5b=0100
77f839e6 668945e2 mov [ebp+0xe2],ax
ss:01999e5b=0100
77f839ea 53 push ebx

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0117FF74 77D56D9E 77D39A00 0013C890 00000000 00000000
ntdll!NtReplyWaitReceivePortEx
0117FFA8 77D41C6C 00141CE8 0117FFEC 7C4E987C 00141D10 rpcrt4!TowerConstruct
0117FFB4 7C4E987C 00141D10 00000000 00000000 00141D10
rpcrt4!I_RpcServerInqTransportType
0117FFEC 00000000 77D41C54 00141D10 00000000 00000008
kernel32!SetThreadExecutionState

*----> Raw Stack Dump <----*
0117fe28 d4 74 d5 77 88 00 00 00 - 54 ff 17 01 00 00 00 00
..t.w....T.......
0117fe38 f0 40 1a 00 58 ff 17 01 - d8 a1 13 00 e8 1c 14 00
[email protected]
0117fe48 10 1d 14 00 42 08 89 08 - 89 41 04 8d 4d fc e8 68
.....B....A..M..h
0117fe58 01 05 00 c9 c2 04 00 55 - 8b ec 51 56 8d 4d fc e8
........U..QV.M..
0117fe68 02 00 00 00 8b 75 08 8b - 0d 98 4e 48 00 8b 46 08
......u....NH..F.
0117fe78 3b c1 74 07 8b f0 8b 46 - 08 eb f5 8d 4c 01 00 00
;.t....F....L...
0117fe88 01 05 00 8b c6 5e c9 c3 - 55 8b ec 51 56 8b f1 8d
......^..U..QV...
0117fe98 4d fc e8 88 00 05 00 8b - 4d 08 8b 01 8b 50 08 89
M.......M....P..
0117fea8 11 8b 50 08 3b 15 98 4e - 48 00 74 03 89 4a 04 8b
...P.;..NH.t..J..
0117feb8 51 04 89 50 04 8b 56 04 - 5e 3b 4a 04 75 05 89 42
Q..P..V.^;J.u..B
0117fec8 04 eb 0f 8b 51 04 3b 4a - 08 75 05 89 42 08 eb 02
.....Q.;J.u..B...
0117fed8 89 02 89 48 08 89 41 04 - 8d 4d fc e8 db 00 05 00
....H..A..M......
0117fee8 c9 c2 04 00 55 8b ec 51 - 56 8b f1 8d 4d fc e8 2c
.....U..QV...M..,
0117fef8 00 05 00 8b 4d 08 8b 41 - 08 8b 10 89 51 08 8b 10
.....M..A....Q...
0117ff08 3b 15 a0 4e 48 00 74 03 - 89 4a 04 8b 51 04 89 50
;..NH.t..J..Q..P
0117ff18 04 8b 56 04 5e 3b 4a 04 - 75 05 89 42 04 eb 0e 8b
...V.^;J.u..B....
0117ff28 51 04 3b 0a 60 3d a3 fe - a0 1d ca fe 00 00 00 00
Q.;.`=..........
0117ff38 a0 1d ca fe 30 1f ca fe - 64 7c a8 f6 41 df 42 80
.....0...d|..A.B.
0117ff48 f2 de 42 80 d4 4b 06 80 - 00 1f ca fe 01 00 03 80
...B..K..........
0117ff58 00 a2 2f 4d ff ff ff ff - 50 fe 17 01 01 00 03 80
.../M....P.......

State Dump for Thread Id 0x6c8

eax=00000001 ebx=80030001 ecx=00185388 edx=00000000 esi=0013c890
edi=00000100
eip=77f839c7 esp=018bfe28 ebp=018bff74 iopl=0 nv up ei pl nz na pe
nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202


function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,[esp+0x4]
ss:020d9d0f=????????
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,[edi+0x10]
ds:00819fe6=????????
77f839cd 8b483c mov ecx,[eax+0x3c]
ds:00819ee7=????????
77f839d0 f6400801 test byte ptr [eax+0x8],0x1
ds:00819ee7=??
77f839d4 7502 jnz RtlCreateProcessParameters+0xd
(77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov [ebp+0xe4],ecx
ss:020d9e5a=????????
77f839db 8b4710 mov eax,[edi+0x10]
ds:00819fe6=????????
77f839de 668b4038 mov ax,[eax+0x38]
ds:00819ee8=????
77f839e2 668945e0 mov [ebp+0xe0],ax
ss:020d9e5b=????
77f839e6 668945e2 mov [ebp+0xe2],ax
ss:020d9e5b=????
77f839ea 53 push ebx

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
018BFF74 77D56D9E 77D39A00 0013C890 00145228 0117FA74
ntdll!NtReplyWaitReceivePortEx
018BFFA8 77D41C6C 001C8870 018BFFEC 7C4E987C 001BE308 rpcrt4!TowerConstruct
018BFFB4 7C4E987C 001BE308 00145228 0117FA74 001BE308
rpcrt4!I_RpcServerInqTransportType
018BFFEC 00000000 77D41C54 001BE308 00000000 00905A4D
kernel32!SetThreadExecutionState

*----> Raw Stack Dump <----*
018bfe28 d4 74 d5 77 88 00 00 00 - 54 ff 8b 01 00 00 00 00
..t.w....T.......
018bfe38 40 51 1c 00 58 ff 8b 01 - d8 a1 13 00 70 88 1c 00
@Q..X.......p...
018bfe48 08 e3 1b 00 01 00 00 00 - a0 7b a8 f6 ac 99 3c c0
..........{....<.
018bfe58 10 0c 00 00 74 7b a8 f6 - fd 81 43 80 30 d6 36 81
.....t{....C.0.6.
018bfe68 02 7b 00 00 9f 7a 43 80 - 54 54 15 00 3c be 66 f2
..{...zC.TT..<.f.
018bfe78 99 bf 42 80 00 00 00 00 - 00 00 00 00 43 01 00 00
...B.........C...
018bfe88 e1 4b 4a 80 04 7d a8 f6 - 60 3d a3 fe 7c 4b 06 80
..KJ..}..`=..|K..
018bfe98 03 00 1f 00 a8 22 df fe - 38 7b a8 f6 10 bc 66 f2
......"..8{....f.
018bfea8 00 00 00 00 20 00 00 00 - 60 3d a3 fe 10 bc 66 f2 ....
....`=....f.
018bfeb8 00 90 14 00 2c 02 00 00 - 10 0c 00 00 ff ff ff ff
.....,...........
018bfec8 08 7c a8 f6 d6 60 4a 80 - e8 c7 2f ff f4 7b a8 f6
..|...`J.../..{..
018bfed8 a8 22 df fe 68 d4 91 80 - 00 00 00 00 00 00 00 00
.."..h...........
018bfee8 00 00 00 00 00 00 00 00 - d0 07 00 00 00 00 00 00
.................
018bfef8 50 8a 13 e2 00 00 00 00 - 00 00 00 00 3c 9e 14 00
P...........<...
018bff08 00 00 00 00 00 00 00 00 - 18 32 16 e2 2c 02 00 00
..........2..,...
018bff18 01 00 00 00 54 54 15 00 - a0 7b a8 f6 01 f4 44 80
.....TT...{....D.
018bff28 e0 7c a8 f6 60 3d a3 fe - e0 3a a3 fe 00 00 00 00
..|..`=...:......
018bff38 e0 3a a3 fe 70 3c a3 fe - 64 7c a8 f6 41 df 42 80
..:..p<..d|..A.B.
018bff48 f2 de 42 80 d4 4b 06 80 - 40 3c a3 fe 01 00 03 80
[email protected]<......
018bff58 00 a2 2f 4d ff ff ff ff - 50 fe 8b 01 01 00 03 80
.../M....P.......

State Dump for Thread Id 0x274

eax=00000000 ebx=00000000 ecx=001fcc10 edx=00000000 esi=01dfff34
edi=0046dd38
eip=77e12f5c esp=01dffef0 ebp=01dfff10 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246


function: TranslateMessageEx
77e12f3a 0f8540d80200 jne UnregisterHotKey+0xe89 (77e40780)
77e12f40 33c0 xor eax,eax
77e12f42 c20800 ret 0x8
77e12f45 ff742408 push dword ptr [esp+0x8]
ss:02619dd7=00002100
77e12f49 51 push ecx
77e12f4a e8ce1e0000 call GetKeyState+0x9b (77e14e1d)
77e12f4f ebf1 jmp DrawStateA+0x6e6 (77e1e842)
77e12f51 b89a110000 mov eax,0x119a
77e12f56 8d542404 lea edx,[esp+0x4]
ss:02619dd7=00002100
77e12f5a cd2e int 2e
77e12f5c c21000 ret 0x10

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
01DFFF10 00435EDA 01DFFF34 00000000 00000000 00000000
user32!TranslateMessageEx
01DFFF80 0045B4E9 0012E6E8 00000000 00000000 00CF0500 !<nosymbols>
01DFFFB4 7C4E987C 00CF0500 00000000 00000000 00CF0500 !<nosymbols>
01DFFFEC 00000000 0045B48A 00CF0500 00000000 00905A4D
kernel32!SetThreadExecutionState

*----> Raw Stack Dump <----*
01dffef0 bc 57 e1 77 34 ff df 01 - 00 00 00 00 00 00 00 00
..W.w4...........
01dfff00 00 00 00 00 00 00 00 00 - 80 57 e1 77 38 dd 46 00
..........W.w8.F.
01dfff10 80 ff df 01 da 5e 43 00 - 34 ff df 01 00 00 00 00
......^C.4.......
01dfff20 00 00 00 00 00 00 00 00 - 00 00 00 00 00 05 cf 00
.................
01dfff30 00 05 cf 00 e2 01 09 00 - 00 04 00 00 be ba 00 00
.................
01dfff40 10 cc 1f 00 0a a2 1e 00 - b8 01 00 00 ab 00 00 00
.................
01dfff50 a0 85 9d fe 40 84 9d fe - 59 42 40 80 88 7c a8 f6
[email protected]@..|..
01dfff60 0c e5 d2 fe 74 7c a8 f6 - e8 01 00 00 30 07 e5 01
.....t|......0...
01dfff70 28 ff df 01 a4 ff df 01 - 84 6a 46 00 00 00 00 00
(........jF.....
01dfff80 b4 ff df 01 e9 b4 45 00 - e8 e6 12 00 00 00 00 00
.......E.........
01dfff90 00 00 00 00 00 05 cf 00 - 60 3d a3 fe 8c ff df 01
.........`=......
01dfffa0 ff ff ff ff dc ff df 01 - 10 cb 45 00 e0 d5 46 00
...........E...F.
01dfffb0 00 00 00 00 ec ff df 01 - 7c 98 4e 7c 00 05 cf 00
.........|.N|....
01dfffc0 00 00 00 00 00 00 00 00 - 00 05 cf 00 00 80 fd 7f
.................
01dfffd0 23 00 00 00 c0 ff df 01 - 23 00 00 00 ff ff ff ff
#.......#.......
01dfffe0 b4 f0 4f 7c 60 d3 4e 7c - 00 00 00 00 00 00 00 00
...O|`.N|........
01dffff0 00 00 00 00 8a b4 45 00 - 00 05 cf 00 00 00 00 00
.......E.........
01e00000 4d 5a 90 00 03 00 00 00 - 04 00 00 00 ff ff 00 00
MZ..............
01e00010 b8 00 00 00 00 00 00 00 - 40 00 00 00 00 00 00 00
[email protected]
01e00020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................

State Dump for Thread Id 0x944

eax=00000000 ebx=00000000 ecx=00000101 edx=ffffffff esi=07060504
edi=03020120
eip=02d51000 esp=02e7ffb8 ebp=02e7ffec iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000246


function: <nosymbols>
02d50ff6 ???
02d50ff7 ???
02d50ff8 ???
02d50ff9 ???
02d50ffa ???
02d50ffb ???
02d50ffc ???
02d50ffd ???
02d50ffe ???
02d50fff ???
FAULT ->02d51000 ???
02d51001 ???
02d51002 ???
02d51003 ???
02d51004 ???
02d51005 ???
02d51006 ???
02d51007 ???
02d51008 ???
02d51009 ???
02d5100a ???
02d5100b ???

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
02E7FFB4 7C4E987C 00000000 03020120 07060504 00000000 <nosymbols>
02E7FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState
 
Ad

Advertisements

J

James

Greetings,

Do you have Norton AV?

If so, this might be the cause/resolution:

http://www.computing.net/windowsme/wwwboard/forum/36956.htm
l

Kindest regards,

James
-----Original Message-----
I found a Dr. Watson error log that shows the following... What does it
mean?

Application exception occurred:
App: (pid=1592)
When: 9/17/2003 @ 12:27:23.906
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: GATEKEEPER
User Name: administrator
Number of Processors: 1
Processor Type: x86 Family 6 Model 8 Stepping 3
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 4
Current Type: Uniprocessor Free
Registered Organization: NewFound Technologies, Inc.
Registered Owner: Gatekeeper

*----> Task List <----*
0 Idle.exe
8 System.exe
176 SMSS.exe
200 CSRSS.exe
224 WINLOGON.exe
252 SERVICES.exe
264 LSASS.exe
384 termsrv.exe
476 svchost.exe
528 svchost.exe
568 spoolsv.exe
640 msdtc.exe
760 amgrsrvc.exe
804 LLSSRV.exe
832 sscansvc.exe
916 Mcshield.exe
932 VsTskMgr.exe
968 naimas32.exe
1020 ntfrs.exe
1080 regsvc.exe
1096 mstask.exe
1116 svchost.exe
1192 WinMgmt.exe
1200 svchost.exe
1212 Wuser32.exe
1248 beremote.exe
1292 dfssvc.exe
1312 mqsvc.exe
1508 MSPADMIN.exe
1656 WSPSRV.exe
1700 W3PROXY.exe
1724 W3PREFCH.exe
1616 CcmExec.exe
2204 CSRSS.exe
2108 WINLOGON.exe
2332 rdpclip.exe
2344 explorer.exe
2412 naimag32.exe
2420 shstat.exe
2424 IMClient.exe
2428 mmc.exe
1984 logon.scr.exe
2148 IEXPLORE.exe
896 OLFCT115.exe
2000 Setup.exe
1592 IKernel.exe
1404 DRWTSN32.exe
0 _Total.exe

(00400000 - 004AA000)
(77F80000 - 77FFB000)
(71710000 - 71794000)
(77F40000 - 77F7C000)
(7C4E0000 - 7C599000)
(77E10000 - 77E75000)
(7C2D0000 - 7C332000)
(77D30000 - 77D9E000)
(782F0000 - 78538000)
(63180000 - 631E5000)
(78000000 - 78045000)
(77A50000 - 77B3C000)
(779B0000 - 77A4B000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(775A0000 - 77626000)
(10000000 - 10008000)
(018C0000 - 018D3000)
(01920000 - 01956000)
(01B90000 - 01BE2000)
(77800000 - 7781E000)
(76620000 - 76631000)
(01E00000 - 01E37000)
(77570000 - 775A0000)
(01F50000 - 01F85000)
(77840000 - 7787E000)
(770C0000 - 770E3000)
(02210000 - 02262000)
(02380000 - 023B5000)
(02700000 - 02752000)
(02870000 - 028A5000)
(02C10000 - 02C31000)

State Dump for Thread Id 0x5f8

eax=00010011 ebx=00000000 ecx=01010101 edx=00000000 esi=0054e1b0
edi=00000000
eip=77e13569 esp=0012e748 ebp=0012e778 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246


function: WaitMessage
77e1355e b836120000 mov eax,0x1236
77e13563 8d542404 lea edx,[esp+0x4]
ss:0094862f=????????
77e13567 cd2e int 2e
77e13569 c3 ret

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0012E778 77E1CA62 000C01A6 000B01AC 00000001 00000000 user32!WaitMessage
0012E79C 77E2BB55 77E10000 001BE8F8 00000000 77E2B2BD
user32!CreateDialogParamA
0012EA54 77E2B59D 00002010 0012EBF4 FFFFFFFF 00000000
user32!SoftModalMessageBox
0012EB9C 77E2C0DE 00000001 00000000 00000028 000B01AC user32!SetSystemMenu
0012EBF4 77E3812F 000B01AC 025468F0 001FFD60 00002010 user32!MessageBoxExW
0012EC24 77E380BC 000B01AC 02B8D8C0 01AB5A78 00002010 user32!MessageBoxExA
0012EC44 01927D63 000B01AC 02B8D8C0 01AB5A78 00002010 user32!MessageBoxA
0012ECF0 01927863 0218FF80 77E38098 0012EE8C 0266CBE0 !
0012EF14 0192F284 0012EF70 02B8CE1C 02190390 02195B10 !
0012EFB4 0192ED03 0012F048 02B8CE10 02190B94 00000046 !
0012F07C 0192C3FD 00000046 0012F19C 018E1FA8 0012F168 !
0012F0E0 018C5554 02190B94 0000000A 018C8748 00000000 !
0012F1B8 018C5B77 018CA3CC 018E0000 018C6678 018E2000 !
0012F2C8 01927863 02A13670 0270E6C8 0012F464 02A8E050 !
0012F4EC 0192F284 0012F548 02B8B1AC 026FE1E0 02A13610 !
0012F58C 0192ED03 0012F620 02B8B1A0 026FC244 00000033 !
0012F654 0192C3FD 00000033 0012F774 0012F81C 0012F740 !
0012F6B8 018C5554 026FC244 00000001 018C8748 00000000 !
0012F790 018C4D45 018CA2E8 00120000 00206688 0012FABC !
0012F854 77D77FB0 00000000 02020202 00000001 0012FB0C !
0012F86C 77D95AD7 018C4B3D 0012F880 00000001 018E1ED8
rpcrt4!NdrServerMarshall
0012FACC 77D8F77E 02507BB8 0020F900 00142E78 0012FB0C
rpcrt4! said:
0012FB30 779E92E4 02507BB8 00142E78 0020F900 00000000
rpcrt4!CStdStubBuffer_Invoke
02500614 FFFFFFFF 00000000 00000000 00000000 00000000
oleaut32!UserEXCEPINFO_free_local
001FC2A8 02500614 001FC2D0 001FC290 00000000 00000000
00000000 00000000 00000000 00000000 00000000 00000000
*----> Raw Stack Dump <----*
0012e748 7a cb e1 77 ac 01 0b 00 - 00 00 00 00 ff ff 00 00
z..w............
0012e758 a6 01 0c 00 00 02 00 00 - 00 00 00 00 45 00 56 00
.............E.V.
0012e768 98 a7 1e 00 83 01 00 00 - 65 01 00 00 00 00 00 00
.........e.......
0012e778 9c e7 12 00 62 ca e1 77 - a6 01 0c 00 ac 01 0b 00
.....b..w........
0012e788 01 00 00 00 00 00 00 00 - 3e 00 00 00 15 00 01 00
.........>.......
0012e798 ac eb 12 00 54 ea 12 00 - 55 bb e2 77 00 00 e1 77
.....T...U..w...w
0012e7a8 f8 e8 1b 00 00 00 00 00 - bd b2 e2 77 ac eb 12 00
............w....
0012e7b8 00 00 00 00 01 00 00 00 - ac eb 12 00 01 00 00 00
.................
0012e7c8 23 00 00 c0 00 00 00 00 - d6 aa 4e 7c 00 00 00 00
#.........N|....
0012e7d8 d7 bd 4e 7c 01 00 00 00 - fc e7 12 00 01 00 00 00
...N|............
0012e7e8 00 00 00 00 1c e8 12 00 - 02 01 00 00 14 e9 12 00
.................
0012e7f8 01 00 00 00 1c 02 00 00 - 18 de 6a 01 83 33 f8 77
...........j..3.w
0012e808 e0 40 0b 00 f4 dd 6a 01 - 10 00 00 00 10 cc 1f 00
[email protected]
0012e818 88 49 13 00 84 cc 1f 00 - 4b c5 a6 77 84 cc 1f 00
..I......K..w....
0012e828 48 88 b2 77 c8 9e 13 00 - 20 3e a5 77 10 cc 1f 00 H..w....
0012e838 00 00 00 00 00 00 00 00 - 00 00 00 00 15 01 01 80 ...............
..
0012e848 88 e8 12 00 06 8f aa 77 - e8 b9 b2 77 b0 9e 13 00
........w...w....
0012e858 84 cc 1f 00 00 00 00 00 - 00 00 00 00 10 00 00 00
.................
0012e868 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00
.................
0012e878 68 07 20 00 d4 e9 12 00 - 00 00 00 00 e8 9e 13 00 h.
..............

State Dump for Thread Id 0x694

eax=00430ee4 ebx=00000000 ecx=0012fc6c edx=00000000 esi=77f94086
edi=00000060
eip=77f94091 esp=00e6ff64 ebp=00e6ff88 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000246


function: ZwWaitForSingleObject
77f94086 b8ea000000 mov eax,0xea
77f9408b 8d542404 lea edx,[esp+0x4]
ss:01689e4b=????????
77f9408f cd2e int 2e
77f94091 c20c00 ret 0xc
77f94094 8a5001 mov dl,[eax+0x1]
ds:00c4adca=??
77f94097 3a5101 cmp dl,[ecx+0x1]
ds:00949b52=??
77f9409a 0f8598c7ffff jne
RtlEqualPrefixSid+0x44 (77f90838)
77f940a0 84d2 test dl,dl
77f940a2 7410 jz RtlQueryAtomInAtomTable+0x31
(77f94fb4)
77f940a4 0fb6d2 movzx edx,dl
77f940a7 33ff xor edi,edi
77f940a9 8d72ff lea esi,[edx+0xff]
ds:00819ee6=????????
77f940ac 85f6 test esi,esi
77f940ae 0f8f04100100 jnle RtlEraseUnicodeString+0x4e
(77fa50b8)
77f940b4 b001 mov al,0x1

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
00E6FF88 7C4F1B1B 00000060 FFFFFFFF 00000000 00430E66
ntdll!ZwWaitForSingleObject
00E6FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!WaitForSingleObject

State Dump for Thread Id 0x564

eax=00000000 ebx=80030001 ecx=00141d78 edx=00000000 esi=0013c890
edi=00000100
eip=77f839c7 esp=00f6fe28 ebp=00f6ff74 iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000206


function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,[esp+0x4]
ss:01789d0f=????????
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,[edi+0x10]
ds:00819fe6=????????
77f839cd 8b483c mov ecx,[eax+0x3c]
ds:00819ee6=????????
77f839d0 f6400801 test byte ptr [eax+0x8],0x1
ds:00819ee6=??
77f839d4 7502 jnz RtlCreateProcessParameters+0xd
(77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov [ebp+0xe4],ecx
ss:01789e5a=????????
77f839db 8b4710 mov eax,[edi+0x10]
ds:00819fe6=????????
77f839de 668b4038 mov ax,[eax+0x38]
ds:00819ee7=????
77f839e2 668945e0 mov [ebp+0xe0],ax
ss:01789e5b=????
77f839e6 668945e2 mov [ebp+0xe2],ax
ss:01789e5b=????
77f839ea 53 push ebx

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
00F6FF74 77D56D9E 77D39A00 0013C890 4013C388 00000070
ntdll!NtReplyWaitReceivePortEx
00F6FFA8 77D41C6C 0013B6E0 00F6FFEC 7C4E987C 0013B148 rpcrt4!TowerConstruct
00F6FFB4 7C4E987C 0013B148 4013C388 00000070 0013B148
rpcrt4!I_RpcServerInqTransportType
00F6FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState

State Dump for Thread Id 0x92c

eax=00140000 ebx=00000102 ecx=0106fd44 edx=00000000 esi=77f89153
edi=0106ff74
eip=77f8915e esp=0106ff60 ebp=0106ff7c iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000206


function: ZwDelayExecution
77f89153 b832000000 mov eax,0x32
77f89158 8d542404 lea edx,[esp+0x4]
ss:01889e47=????????
77f8915c cd2e int 2e
77f8915e c20800 ret 0x8

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0106FF7C 7C4FAC79 0000EA60 00000000 77AB85FC 0000EA60 ntdll!ZwDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep

*----> Raw Stack Dump <----*
0106ff60 a5 ac 4f 7c 00 00 00 00 - 74 ff 06 01 68 c4 4f 7c
...O|....t...h.O|
0106ff70 a0 ed 13 00 00 ba 3c dc - ff ff ff ff 30 75 00 00
.......<.....0u..
0106ff80 79 ac 4f 7c 60 ea 00 00 - 00 00 00 00 fc 85 ab 77
y.O|`..........w
0106ff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5 77
`....F.w.......w
0106ffa0 a0 ed 13 00 ec ff 06 01 - a0 ed 13 00 53 46 ab 77
.............SF.w
0106ffb0 d8 7a a6 77 c3 7a a6 77 - 7c 98 4e 7c a0 ed 13 00
..z.w.z.w|.N|....
0106ffc0 d8 7a a6 77 c3 7a a6 77 - a0 ed 13 00 00 b0 fd 7f
..z.w.z.w........
0106ffd0 08 b7 13 00 c0 ff 06 01 - 08 b7 13 00 ff ff ff ff
.................
0106ffe0 b4 f0 4f 7c 60 d3 4e 7c - 00 00 00 00 00 00 00 00
...O|`.N|........
0106fff0 00 00 00 00 39 46 ab 77 - a0 ed 13 00 00 00 00 00
.....9F.w........
01070000 43 4f 4d 2b 01 00 00 00 - 01 00 11 00 24 00 00 00
COM+........$...
01070010 00 01 01 00 63 00 00 00 - 00 00 00 01 01 00 00 00
.....c...........
01070020 00 01 10 00 00 00 00 00 - c0 00 00 00 00 00 00 46
................F
01070030 06 00 00 00 20 01 00 00 - 40 01 00 00 33 5f 30 00 ....
[email protected]_0.
01070040 60 02 00 00 0c 00 00 00 - 33 5f 31 00 6c 02 00 00
`.......3_1.l...
01070050 88 01 00 00 33 5f 32 00 - f4 03 00 00 38 00 00 00
.....3_2.....8...
01070060 33 5f 33 00 2c 04 00 00 - a8 05 00 00 33 5f 34 00
3_3.,.......3_4.
01070070 d4 09 00 00 28 00 00 00 - 33 5f 35 00 fc 09 00 00
.....(...3_5.....
01070080 28 00 00 00 33 5f 36 00 - 24 0a 00 00 28 00 00 00
(...3_6.$...(...
01070090 33 5f 37 00 4c 0a 00 00 - 44 08 00 00 33 5f 38 00
3_7.L...D...3_8.

State Dump for Thread Id 0x69c

eax=00000000 ebx=80030001 ecx=00010101 edx=00000000 esi=0013c890
edi=00143268
eip=77f839c7 esp=0117fe28 ebp=0117ff74 iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000206


function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,[esp+0x4]
ss:01999d0f=00000000
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,[edi+0x10]
ds:0095d14e=????????
77f839cd 8b483c mov ecx,[eax+0x3c]
ds:00819ee6=????????
77f839d0 f6400801 test byte ptr [eax+0x8],0x1
ds:00819ee6=??
77f839d4 7502 jnz RtlCreateProcessParameters+0xd
(77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov [ebp+0xe4],ecx
ss:01999e5a=00010000
77f839db 8b4710 mov eax,[edi+0x10]
ds:0095d14e=????????
77f839de 668b4038 mov ax,[eax+0x38]
ds:00819ee7=????
77f839e2 668945e0 mov [ebp+0xe0],ax
ss:01999e5b=0100
77f839e6 668945e2 mov [ebp+0xe2],ax
ss:01999e5b=0100
77f839ea 53 push ebx

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0117FF74 77D56D9E 77D39A00 0013C890 00000000 00000000
ntdll!NtReplyWaitReceivePortEx
0117FFA8 77D41C6C 00141CE8 0117FFEC 7C4E987C 00141D10 rpcrt4!TowerConstruct
0117FFB4 7C4E987C 00141D10 00000000 00000000 00141D10
rpcrt4!I_RpcServerInqTransportType
0117FFEC 00000000 77D41C54 00141D10 00000000 00000008
kernel32!SetThreadExecutionState

*----> Raw Stack Dump <----*
0117fe28 d4 74 d5 77 88 00 00 00 - 54 ff 17 01 00 00 00 00
..t.w....T.......
0117fe38 f0 40 1a 00 58 ff 17 01 - d8 a1 13 00 e8 1c 14 00
[email protected]
0117fe48 10 1d 14 00 42 08 89 08 - 89 41 04 8d 4d fc e8 68
.....B....A..M..h
0117fe58 01 05 00 c9 c2 04 00 55 - 8b ec 51 56 8d 4d fc e8
........U..QV.M..
0117fe68 02 00 00 00 8b 75 08 8b - 0d 98 4e 48 00 8b 46 08
......u....NH..F.
0117fe78 3b c1 74 07 8b f0 8b 46 - 08 eb f5 8d 4c 01 00 00
;.t....F....L...
0117fe88 01 05 00 8b c6 5e c9 c3 - 55 8b ec 51 56 8b f1 8d
......^..U..QV...
0117fe98 4d fc e8 88 00 05 00 8b - 4d 08 8b 01 8b 50 08 89
M.......M....P..
0117fea8 11 8b 50 08 3b 15 98 4e - 48 00 74 03 89 4a 04 8b
...P.;..NH.t..J..
0117feb8 51 04 89 50 04 8b 56 04 - 5e 3b 4a 04 75 05 89 42
Q..P..V.^;J.u..B
0117fec8 04 eb 0f 8b 51 04 3b 4a - 08 75 05 89 42 08 eb 02
.....Q.;J.u..B...
0117fed8 89 02 89 48 08 89 41 04 - 8d 4d fc e8 db 00 05 00
....H..A..M......
0117fee8 c9 c2 04 00 55 8b ec 51 - 56 8b f1 8d 4d fc e8 2c
.....U..QV...M..,
0117fef8 00 05 00 8b 4d 08 8b 41 - 08 8b 10 89 51 08 8b 10
.....M..A....Q...
0117ff08 3b 15 a0 4e 48 00 74 03 - 89 4a 04 8b 51 04 89 50
;..NH.t..J..Q..P
0117ff18 04 8b 56 04 5e 3b 4a 04 - 75 05 89 42 04 eb 0e 8b
...V.^;J.u..B....
0117ff28 51 04 3b 0a 60 3d a3 fe - a0 1d ca fe 00 00 00 00
Q.;.`=..........
0117ff38 a0 1d ca fe 30 1f ca fe - 64 7c a8 f6 41 df 42 80
.....0...d|..A.B.
0117ff48 f2 de 42 80 d4 4b 06 80 - 00 1f ca fe 01 00 03 80
...B..K..........
0117ff58 00 a2 2f 4d ff ff ff ff - 50 fe 17 01 01 00 03 80
.../M....P.......

State Dump for Thread Id 0x6c8

eax=00000001 ebx=80030001 ecx=00185388 edx=00000000 esi=0013c890
edi=00000100
eip=77f839c7 esp=018bfe28 ebp=018bff74 iopl=0 nv up ei pl nz na pe
nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000202


function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,[esp+0x4]
ss:020d9d0f=????????
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,[edi+0x10]
ds:00819fe6=????????
77f839cd 8b483c mov ecx,[eax+0x3c]
ds:00819ee7=????????
77f839d0 f6400801 test byte ptr [eax+0x8],0x1
ds:00819ee7=??
77f839d4 7502 jnz RtlCreateProcessParameters+0xd
(77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov [ebp+0xe4],ecx
ss:020d9e5a=????????
77f839db 8b4710 mov eax,[edi+0x10]
ds:00819fe6=????????
77f839de 668b4038 mov ax,[eax+0x38]
ds:00819ee8=????
77f839e2 668945e0 mov [ebp+0xe0],ax
ss:020d9e5b=????
77f839e6 668945e2 mov [ebp+0xe2],ax
ss:020d9e5b=????
77f839ea 53 push ebx

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
018BFF74 77D56D9E 77D39A00 0013C890 00145228 0117FA74
ntdll!NtReplyWaitReceivePortEx
018BFFA8 77D41C6C 001C8870 018BFFEC 7C4E987C 001BE308 rpcrt4!TowerConstruct
018BFFB4 7C4E987C 001BE308 00145228 0117FA74 001BE308
rpcrt4!I_RpcServerInqTransportType
018BFFEC 00000000 77D41C54 001BE308 00000000 00905A4D
kernel32!SetThreadExecutionState

*----> Raw Stack Dump <----*
018bfe28 d4 74 d5 77 88 00 00 00 - 54 ff 8b 01 00 00 00 00
..t.w....T.......
018bfe38 40 51 1c 00 58 ff 8b 01 - d8 a1 13 00 70 88 1c 00
@Q..X.......p...
018bfe48 08 e3 1b 00 01 00 00 00 - a0 7b a8 f6 ac 99 3c c0
..........{....<.
018bfe58 10 0c 00 00 74 7b a8 f6 - fd 81 43 80 30 d6 36 81
.....t{....C.0.6.
018bfe68 02 7b 00 00 9f 7a 43 80 - 54 54 15 00 3c be 66 f2
..{...zC.TT..<.f.
018bfe78 99 bf 42 80 00 00 00 00 - 00 00 00 00 43 01 00 00
...B.........C...
018bfe88 e1 4b 4a 80 04 7d a8 f6 - 60 3d a3 fe 7c 4b 06 80
..KJ..}..`=..|K..
018bfe98 03 00 1f 00 a8 22 df fe - 38 7b a8 f6 10 bc 66 f2
......"..8{....f.
018bfea8 00 00 00 00 20 00 00 00 - 60 3d a3 fe 10 bc 66 f2 ....
....`=....f.
018bfeb8 00 90 14 00 2c 02 00 00 - 10 0c 00 00 ff ff ff ff
.....,...........
018bfec8 08 7c a8 f6 d6 60 4a 80 - e8 c7 2f ff f4 7b a8 f6
..|...`J.../..{..
018bfed8 a8 22 df fe 68 d4 91 80 - 00 00 00 00 00 00 00 00
.."..h...........
018bfee8 00 00 00 00 00 00 00 00 - d0 07 00 00 00 00 00 00
.................
018bfef8 50 8a 13 e2 00 00 00 00 - 00 00 00 00 3c 9e 14 00
P...........<...
018bff08 00 00 00 00 00 00 00 00 - 18 32 16 e2 2c 02 00 00
..........2..,...
018bff18 01 00 00 00 54 54 15 00 - a0 7b a8 f6 01 f4 44 80
.....TT...{....D.
018bff28 e0 7c a8 f6 60 3d a3 fe - e0 3a a3 fe 00 00 00 00
..|..`=...:......
018bff38 e0 3a a3 fe 70 3c a3 fe - 64 7c a8 f6 41 df 42 80
..:..p<..d|..A.B.
018bff48 f2 de 42 80 d4 4b 06 80 - 40 3c a3 fe 01 00 03 80
[email protected]<......
018bff58 00 a2 2f 4d ff ff ff ff - 50 fe 8b 01 01 00 03 80
.../M....P.......

State Dump for Thread Id 0x274

eax=00000000 ebx=00000000 ecx=001fcc10 edx=00000000 esi=01dfff34
edi=0046dd38
eip=77e12f5c esp=01dffef0 ebp=01dfff10 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000246


function: TranslateMessageEx
77e12f3a 0f8540d80200 jne
UnregisterHotKey+0xe89 (77e40780)
77e12f40 33c0 xor eax,eax
77e12f42 c20800 ret 0x8
77e12f45 ff742408 push dword ptr [esp+0x8]
ss:02619dd7=00002100
77e12f49 51 push ecx
77e12f4a e8ce1e0000 call GetKeyState+0x9b (77e14e1d)
77e12f4f ebf1 jmp DrawStateA+0x6e6 (77e1e842)
77e12f51 b89a110000 mov eax,0x119a
77e12f56 8d542404 lea edx,[esp+0x4]
ss:02619dd7=00002100
77e12f5a cd2e int 2e
77e12f5c c21000 ret 0x10

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
01DFFF10 00435EDA 01DFFF34 00000000 00000000 00000000
user32!TranslateMessageEx
01DFFF80 0045B4E9 0012E6E8 00000000 00000000 00CF0500 !
01DFFFB4 7C4E987C 00CF0500 00000000 00000000 00CF0500 !
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top