Exception number: c0000005 (access violation) explorer keeps crashing

V

Viren

Aplication exception occurred:
App: explorer.exe (pid=1112)
When: 7/23/2003 @ 10:17:52.881
Exception number: c0000005 (access violation)

--> Task List <----*
0 Idle.exe
8 System.exe
152 SMSS.exe
176 CSRSS.exe
196 WINLOGON.exe
224 SERVICES.exe
236 LSASS.exe
420 svchost.exe
444 spoolsv.exe
520 defwatch.exe
536 svchost.exe
564 rtvscan.exe
632 regsvc.exe
648 mstask.exe
728 WinMgmt.exe
744 MsPMSPSv.exe
756 svchost.exe
1112 explorer.exe
1200 igfxtray.exe
1208 hkcmd.exe
1212 vptray.exe
1292 nlnotes.exe
600 nhldaemn.exe
1320 clisvcl.exe
1264 launch32.exe
972 SMSAPM32.exe
1164 SMSMon32.exe
1380 Wuser32.exe
1452 trillian.exe
992 javaw.exe
944 IEXPLORE.exe
1628 EXCEL.exe
1032 wmplayer.exe
1752 IEXPLORE.exe
1740 CMD.exe
1668 CMD.exe
1792 CMD.exe
1920 javaw.exe
1796 IEXPLORE.exe
1812 DRWTSN32.exe
0 _Total.exe

(00400000 - 0043E000)
(77F80000 - 77FFB000)
(7C2D0000 - 7C332000)
(7C4E0000 - 7C599000)
(77D30000 - 77D9E000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(70BD0000 - 70C35000)
(78000000 - 78045000)
(71710000 - 71794000)
(732E0000 - 73305000)
(23000000 - 23056000)
(782F0000 - 78538000)
(77A50000 - 77B3C000)
(775A0000 - 77626000)
(779B0000 - 77A4B000)
(77840000 - 7787E000)
(770C0000 - 770E3000)
(00D90000 - 00ED9000)
(00EE0000 - 010E4000)
(71160000 - 7125D000)
(76620000 - 76631000)
(7C0F0000 - 7C152000)
(76DF0000 - 76E01000)
(76FA0000 - 76FAF000)
(773E0000 - 773F5000)
(75170000 - 751BF000)
(7C340000 - 7C34F000)
(751C0000 - 751C6000)
(75150000 - 7515F000)
(75030000 - 75044000)
(75020000 - 75028000)
(77950000 - 7797A000)
(77980000 - 779A4000)
(75050000 - 75058000)
(75160000 - 7516C000)
(75210000 - 75225000)
(751D0000 - 75208000)
(76F20000 - 76F97000)
(70340000 - 70381000)
(766D0000 - 766E8000)
(76740000 - 76748000)
(77880000 - 7790E000)
(766F0000 - 766F7000)
(77570000 - 775A0000)
(77560000 - 77568000)
(770B0000 - 770B7000)
(77400000 - 77408000)
(77410000 - 77423000)
(71F00000 - 71F4D000)
(6A8F0000 - 6A910000)
(74870000 - 74886000)
(70020000 - 70025000)
(71960000 - 71972000)
(1A400000 - 1A47A000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(70440000 - 704CF000)
(718C0000 - 71944000)
(75E60000 - 75E7A000)
(70200000 - 70295000)
(77440000 - 774B8000)
(77430000 - 77440000)
(75D40000 - 75D46000)
(76710000 - 76719000)
(10000000 - 10024000)
(76B30000 - 76B6E000)
(66D20000 - 66D51000)
(04670000 - 046A6000)
(046B0000 - 046CD000)
(046F0000 - 04716000)
(04730000 - 0477C000)
(77800000 - 7781E000)
(76930000 - 7695B000)
(77920000 - 77943000)
(067E0000 - 06805000)
(06820000 - 0682A000)
(16200000 - 16206000)
(379B0000 - 37A3C000)
(06FE0000 - 06FE8000)
(63580000 - 6382E000)
(75AC0000 - 75AE8000)
(658F0000 - 65A04000)
(70510000 - 7051A000)
(70F30000 - 70F9E000)
(66650000 - 666A4000)
(703D0000 - 703EB000)
(774E0000 - 77513000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77830000 - 7783E000)
(75AB0000 - 75AB5000)
(69B10000 - 69C25000)

State Dump for Thread Id 0x1f0

eax=00000000 ebx=00000001 ecx=000b5950 edx=00000000
esi=0008e680 edi=00000000
eip=77e13569 esp=0006ff00 ebp=0006ff1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246


function: WaitMessage
77e1355e b836120000 mov eax,0x1236
77e13563 8d542404 lea edx,
[esp+0x4] ss:00ae9de7=????????
77e13567 cd2e int 2e
77e13569 c3 ret

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006FF1C 7831ADBB 00000000 004084C4 0008E680 00000000
user32!WaitMessage
0006FF60 00408201 0000005C 00000000 000205BE 00000001
shell32!Ordinal201
0006FFC0 7C4E87F5 00000000 00000000 7FFDF000 00000000
explorer!<nosymbols>
0006FFF0 00000000 00408188 00000000 000000C8 00000100
kernel32!DosDateTimeToFileTime

*----> Raw Stack Dump <----*
0006ff00 41 ae 31 78 94 55 4f 7c - 80 e6 08 00 01 00 00
00 A.1x.UO|........
0006ff10 80 e6 08 00 80 e6 08 00 - 60 ff 06 00 60 ff 06
00 ........`...`...
0006ff20 bb ad 31 78 00 00 00 00 - c4 84 40 00 80 e6 08
00 ..1x......@.....
0006ff30 00 00 00 00 be 05 02 00 - 00 f0 fd 7f 30 47 d2
81 ............0G..
0006ff40 92 ab 4f 7c ff ff ff ff - 0c 00 00 00 be 05 02
00 ..O|............
0006ff50 d5 ab 4f 7c 02 00 00 00 - 8e 40 01 00 e0 ff 06
00 ..O|.....@......
0006ff60 c0 ff 06 00 01 82 40 00 - 5c 00 00 00 00 00 00
00 ......@.\.......
0006ff70 be 05 02 00 01 00 00 00 - 00 00 00 00 44 00 00
00 ............D...
0006ff80 30 61 07 00 a8 43 07 00 - 50 61 07 00 00 00 00
00 0a...C..Pa......
0006ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 98 e9 06
00 ................
0006ffa0 48 9c 07 00 90 e9 06 00 - 01 00 00 00 01 00 00
00 H...............
0006ffb0 00 00 00 00 ff ff ff ff - ff ff ff ff ff ff ff
ff ................
0006ffc0 f0 ff 06 00 f5 87 4e 7c - 00 00 00 00 00 00 00
00 ......N|........
0006ffd0 00 f0 fd 7f 00 00 00 00 - c8 ff 06 00 00 00 00
00 ................
0006ffe0 ff ff ff ff b4 f0 4f 7c - c8 8e 4e 7c 00 00 00
00 ......O|..N|....
0006fff0 00 00 00 00 00 00 00 00 - 88 81 40 00 00 00 00
00 ..........@.....
00070000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 00 00
00 ................
00070010 00 00 00 00 00 fe 00 00 - 00 00 20 00 00 20 00
00 .......... .. ..
00070020 00 02 00 00 00 20 00 00 - 84 0d 00 00 ff ef fd
7f ..... ..........
00070030 01 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00
00 ................

State Dump for Thread Id 0x1d8

eax=004857a0 ebx=00000000 ecx=00230ac8 edx=00000000
esi=00000000 edi=00000000
eip=77e13569 esp=0113ff2c ebp=0113ff4c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246


function: WaitMessage
77e1355e b836120000 mov eax,0x1236
77e13563 8d542404 lea edx,
[esp+0x4] ss:01bb9e13=????????
77e13567 cd2e int 2e
77e13569 c3 ret

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0113FF4C 0040A389 70C0C464 00400000 0035002D 0032002D
user32!WaitMessage
0113FFB4 7C4E987C 00000000 0035002D 0032002D 0006FEE0
explorer!<nosymbols>
0113FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState

State Dump for Thread Id 0x488

eax=08d40010 ebx=0000000a ecx=00002000 edx=00000000
esi=77f93233 edi=0000000a
eip=77f9323e esp=0118fd98 ebp=0118fde4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246


function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:01c09c7f=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0118FDE4 77E13990 001359F0 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0118FE40 77E13A5C 001498B0 0118FEB8 FFFFFFFF 000000FF
user32!MsgWaitForMultipleObjectsEx
0118FE5C 78319390 00000009 0118FEB8 00000000 FFFFFFFF
user32!MsgWaitForMultipleObjects
784102B8 FFFFFFFF 00000000 00000000 000001C8 00000000
shell32!Ordinal200
77FCFE20 784102B8 77FCFE48 77FCFE08 00000231 00000231
<nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000
shell32!<nosymbols>

State Dump for Thread Id 0x45c

eax=000000c0 ebx=0113fccc ecx=7c4f3496 edx=00000000
esi=ffffffff edi=00000557
eip=77f8915e esp=013fffa0 ebp=013fffb4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b
gs=0000 efl=00000246


function: ZwDelayExecution
77f89153 b832000000 mov eax,0x32
77f89158 8d542404 lea edx,
[esp+0x4] ss:01e79e87=????????
77f8915c cd2e int 2e
77f8915e c20800 ret 0x8

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
013FFFB4 7C4E987C 0113FCCC 00000557 FFFFFFFF 0113FCCC
ntdll!ZwDelayExecution
013FFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState

State Dump for Thread Id 0x3f0

eax=00000001 ebx=00000000 ecx=00000219 edx=00000000
esi=0143fed8 edi=00000000
eip=77e12f5c esp=0143fe98 ebp=0143feb0 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246


function: TranslateMessageEx
77e12f3a 0f8540d80200 jne
UnregisterHotKey+0xe89 (77e40780)
77e12f40 33c0 xor eax,eax
77e12f42 c20800 ret 0x8
77e12f45 ff742408 push dword ptr
[esp+0x8] ss:01eb9d7f=????????
77e12f49 51 push ecx
77e12f4a e8ce1e0000 call GetKeyState+0x9b
(77e14e1d)
77e12f4f ebf1 jmp DrawStateA+0x6e6
(77e1e842)
77e12f51 b89a110000 mov eax,0x119a
77e12f56 8d542404 lea edx,
[esp+0x4] ss:01eb9d7f=????????
77e12f5a cd2e int 2e
77e12f5c c21000 ret 0x10

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0143FEB0 76F21E36 0143FED8 00000000 00000000 00000000
user32!TranslateMessageEx
00000001 00000000 00000000 00000000 00000000 00000000
netshell!DllGetClassObject

State Dump for Thread Id 0x470

eax=00000000 ebx=77e339d4 ecx=00075ed0 edx=00000000
esi=0147fd70 edi=77e12f5f
eip=77e12f5c esp=0147fd04 ebp=0147fd1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246


function: TranslateMessageEx
77e12f3a 0f8540d80200 jne
UnregisterHotKey+0xe89 (77e40780)
77e12f40 33c0 xor eax,eax
77e12f42 c20800 ret 0x8
77e12f45 ff742408 push dword ptr
[esp+0x8] ss:01ef9beb=????????
77e12f49 51 push ecx
77e12f4a e8ce1e0000 call GetKeyState+0x9b
(77e14e1d)
77e12f4f ebf1 jmp DrawStateA+0x6e6
(77e1e842)
77e12f51 b89a110000 mov eax,0x119a
77e12f56 8d542404 lea edx,
[esp+0x4] ss:01ef9beb=????????
77e12f5a cd2e int 2e
77e12f5c c21000 ret 0x10

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0147FD1C 766D1AD2 0147FD70 00000000 00000000 00000000
user32!TranslateMessageEx
0147FD90 766D198E 00010078 00000000 766D2848 00000001
stobject!DllGetClassObject
0147FFB4 7C4E987C 00000000 0113FAA0 77F98191 00000000
stobject!DllGetClassObject
0147FFEC 00000000 766D1949 00000000 00000000 00040000
kernel32!SetThreadExecutionState

*----> Raw Stack Dump <----*
0147fd04 86 2f e1 77 70 fd 47 01 - 00 00 00 00 00 00 00
00 ./.wp.G.........
0147fd14 00 00 00 00 00 00 00 00 - 90 fd 47 01 d2 1a 6d
76 ..........G...mv
0147fd24 70 fd 47 01 00 00 00 00 - 00 00 00 00 00 00 00
00 p.G.............
0147fd34 a0 fa 13 01 00 00 6d 76 - 00 00 00 00 30 00 00
00 ......mv....0...
0147fd44 00 40 00 00 00 13 6d 76 - 00 00 00 00 1e 00 00
00 [email protected]........
0147fd54 00 00 6d 76 45 00 26 00 - 11 00 01 00 10 00 00
00 ..mvE.&.........
0147fd64 00 00 00 00 50 28 6d 76 - 00 00 00 00 78 00 01
00 ....P(mv....x...
0147fd74 13 01 00 00 05 00 00 00 - 00 00 00 00 9c 44 27
00 .............D'.
0147fd84 f1 02 00 00 21 02 00 00 - 00 00 00 00 b4 ff 47
01 ....!.........G.
0147fd94 8e 19 6d 76 78 00 01 00 - 00 00 00 00 48 28 6d
76 ..mvx.......H(mv
0147fda4 01 00 00 00 91 81 f9 77 - 43 00 3a 00 5c 00 57
00 .......wC.:.\.W.
0147fdb4 49 00 4e 00 4e 00 54 00 - 5c 00 73 00 79 00 73
00 I.N.N.T.\.s.y.s.
0147fdc4 74 00 65 00 6d 00 33 00 - 32 00 5c 00 73 00 74
00 t.e.m.3.2.\.s.t.
0147fdd4 6f 00 62 00 6a 00 65 00 - 63 00 74 00 2e 00 64
00 o.b.j.e.c.t...d.
0147fde4 6c 00 6c 00 00 00 4e 7c - 1b 00 00 00 00 02 00
00 l.l...N|........
0147fdf4 fc ff 47 01 23 00 00 00 - 48 71 b5 81 30 bc ae
b7 ..G.#...Hq..0...
0147fe04 00 71 b5 81 5c 6b 32 b7 - f0 03 42 80 48 71 b5
81 .q..\k2...B.Hq..
0147fe14 d5 2d ae b7 48 71 b5 81 - 00 00 00 00 04 11 b9
81 .-..Hq..........
0147fe24 48 71 b5 81 45 32 ae b7 - 48 71 b5 81 9c 62 bf
81 Hq..E2..Hq...b..
0147fe34 38 11 b9 81 00 00 00 00 - 00 00 04 00 01 00 00
00 8...............

State Dump for Thread Id 0x4c0

eax=77562bda ebx=00000002 ecx=00000000 edx=00000000
esi=77f93233 edi=00000002
eip=77f9323e esp=0155ff24 ebp=0155ff70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246


function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:01fd9e0b=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0155FF70 7C4FABFB 0155FF48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0155FFB4 7C4E987C 00000000 00000009 0147F520 00000000
kernel32!WaitForMultipleObjects
0155FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState

State Dump for Thread Id 0x4d8

eax=00000001 ebx=000493e0 ecx=000fb4b8 edx=00000000
esi=0007ff10 edi=000493e0
eip=77f8beb2 esp=016efebc ebp=016efee4 iopl=0 nv
up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000297


function: NtRemoveIoCompletion
77f8bea7 b8a8000000 mov eax,0xa8
77f8beac 8d542404 lea edx,
[esp+0x4] ss:02169da3=????????
77f8beb0 cd2e int 2e
77f8beb2 c21400 ret 0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
016EFEE4 77D80976 00000124 016EFF1C 016EFF0C 016EFF14
ntdll!NtRemoveIoCompletion
016EFF20 77D50E9E 000493E0 016EFF60 016EFF5C 016EFF70
rpcrt4!I_RpcTransGetAddressList
016EFF74 77D50CD7 77D39A00 0007FF10 0147F3CA 77F8C277
rpcrt4!TowerConstruct
016EFFA8 77D41C6D 000B8248 016EFFEC 7C4E987C 000A09B0
rpcrt4!TowerConstruct
016EFFB4 7C4E987C 000A09B0 0147F3CA 77F8C277 000A09B0
rpcrt4!I_RpcServerInqTransportType
016EFFEC 00000000 77D41C55 000A09B0 00000000 000000C8
kernel32!SetThreadExecutionState

*----> Raw Stack Dump <----*
016efebc a1 fe 4e 7c 24 01 00 00 - 0c ff 6e 01 fc fe 6e
01 ..N|$.....n...n.
016efecc dc fe 6e 01 d4 fe 6e 01 - 00 a2 2f 4d ff ff ff
ff ..n...n.../M....
016efedc b8 55 13 00 8c 55 13 00 - 20 ff 6e 01 76 09 d8
77 .U...U.. .n.v..w
016efeec 24 01 00 00 1c ff 6e 01 - 0c ff 6e 01 14 ff 6e
01 $.....n...n...n.
016efefc e0 93 04 00 e0 93 04 00 - 10 ff 07 00 3d c2 4f
7c ............=.O|
016eff0c 01 00 00 00 24 01 00 00 - 00 00 00 00 00 00 00
00 ....$...........
016eff1c 00 00 00 00 74 ff 6e 01 - 9e 0e d5 77 e0 93 04
00 ....t.n....w....
016eff2c 60 ff 6e 01 5c ff 6e 01 - 70 ff 6e 01 58 ff 6e
01 `.n.\.n.p.n.X.n.
016eff3c 64 ff 6e 01 6c ff 6e 01 - a8 da 07 00 48 82 0b
00 d.n.l.n.....H...
016eff4c b0 09 0a 00 24 01 00 00 - 14 00 00 00 a8 00 00
00 ....$...........
016eff5c 00 00 00 00 00 00 00 00 - 00 00 00 00 01 00 00
00 ................
016eff6c 00 00 00 00 24 01 00 00 - a8 ff 6e 01 d7 0c d5
77 ....$.....n....w
016eff7c 00 9a d3 77 10 ff 07 00 - ca f3 47 01 77 c2 f8
77 ...w......G.w..w
016eff8c b0 09 0a 00 00 00 00 00 - 0f 12 43 80 20 48 d2
81 ..........C. H..
016eff9c 20 17 b3 81 ff ff ff ff - b0 09 0a 00 b4 ff 6e
01 .............n.
016effac 6d 1c d4 77 48 82 0b 00 - ec ff 6e 01 7c 98 4e
7c m..wH.....n.|.N|
016effbc b0 09 0a 00 ca f3 47 01 - 77 c2 f8 77 b0 09 0a
00 ......G.w..w....
016effcc 00 e0 fa 7f 34 1b f9 77 - c0 ff 6e 01 34 1b f9
77 ....4..w..n.4..w
016effdc ff ff ff ff b4 f0 4f 7c - 60 d3 4e 7c 00 00 00
00 ......O|`.N|....
016effec 00 00 00 00 00 00 00 00 - 55 1c d4 77 b0 09 0a
00 ........U..w....

State Dump for Thread Id 0x1a0

eax=00000012 ebx=00000554 ecx=0014a138 edx=00000000
esi=0265ff98 edi=77e15780
eip=77e12f5c esp=0265ff58 ebp=0265ff78 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246


function: TranslateMessageEx
77e12f3a 0f8540d80200 jne
UnregisterHotKey+0xe89 (77e40780)
77e12f40 33c0 xor eax,eax
77e12f42 c20800 ret 0x8
77e12f45 ff742408 push dword ptr
[esp+0x8] ss:030d9e3f=????????
77e12f49 51 push ecx
77e12f4a e8ce1e0000 call GetKeyState+0x9b
(77e14e1d)
77e12f4f ebf1 jmp DrawStateA+0x6e6
(77e1e842)
77e12f51 b89a110000 mov eax,0x119a
77e12f56 8d542404 lea edx,
[esp+0x4] ss:030d9e3f=????????
77e12f5a cd2e int 2e
77e12f5c c21000 ret 0x10

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0265FF78 77575C36 0265FF98 00000000 00000000 00000000
user32!TranslateMessageEx
0265FFB4 7C4E987C 00000554 77595428 01B4D824 00000554
winmm!midiOutGetNumDevs
0265FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState

State Dump for Thread Id 0x540

eax=000a32c0 ebx=80060003 ecx=00122570 edx=00000000
esi=00080cb8 edi=00000100
eip=77f839c7 esp=05a9fe28 ebp=05a9ff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202


function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,
[esp+0x4] ss:06519d0f=????????
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839cd 8b483c mov ecx,
[eax+0x3c] ds:00b1d1a6=????????
77f839d0 f6400801 test byte ptr
[eax+0x8],0x1 ds:00b1d1a6=??
77f839d4 7502 jnz
RtlCreateProcessParameters+0xd (77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov
[ebp+0xe4],ecx ss:06519e5a=????????
77f839db 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839de 668b4038 mov ax,
[eax+0x38] ds:00b1d1a7=????
77f839e2 668945e0 mov
[ebp+0xe0],ax ss:06519e5b=????
77f839e6 668945e2 mov
[ebp+0xe2],ax ss:06519e5b=????
77f839ea 53 push ebx

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
05A9FF74 77D56D5E 77D39A00 00080CB8 0151FA9C 00000022
ntdll!NtReplyWaitReceivePortEx
05A9FFA8 77D41C6D 000B9308 05A9FFEC 7C4E987C 000B3518
rpcrt4!TowerConstruct
05A9FFB4 7C4E987C 000B3518 0151FA9C 00000022 000B3518
rpcrt4!I_RpcServerInqTransportType
05A9FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState

State Dump for Thread Id 0x648

eax=00000000 ebx=80060003 ecx=00137fc8 edx=00000000
esi=00080cb8 edi=00000100
eip=77f839c7 esp=05b9fe28 ebp=05b9ff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206


function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,
[esp+0x4] ss:06619d0f=????????
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839cd 8b483c mov ecx,
[eax+0x3c] ds:00a79ee6=????????
77f839d0 f6400801 test byte ptr
[eax+0x8],0x1 ds:00a79ee6=??
77f839d4 7502 jnz
RtlCreateProcessParameters+0xd (77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov
[ebp+0xe4],ecx ss:06619e5a=????????
77f839db 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839de 668b4038 mov ax,
[eax+0x38] ds:00a79ee7=????
77f839e2 668945e0 mov
[ebp+0xe0],ax ss:06619e5b=????
77f839e6 668945e2 mov
[ebp+0xe2],ax ss:06619e5b=????
77f839ea 53 push ebx

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
05B9FF74 77D56D5E 77D39A00 00080CB8 0151FA9C 00000022
ntdll!NtReplyWaitReceivePortEx
05B9FFA8 77D41C6D 000BCCB8 05B9FFEC 7C4E987C 000C6208
rpcrt4!TowerConstruct
05B9FFB4 7C4E987C 000C6208 0151FA9C 00000022 000C6208
rpcrt4!I_RpcServerInqTransportType
05B9FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState

State Dump for Thread Id 0x19c

eax=fffffffb ebx=00000000 ecx=ffffff65 edx=00000000
esi=000c2ff8 edi=00000000
eip=77e13569 esp=06f9fcd8 ebp=06f9ff28 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202


function: WaitMessage
77e1355e b836120000 mov eax,0x1236
77e13563 8d542404 lea edx,
[esp+0x4] ss:07a19bbf=????????
77e13567 cd2e int 2e
77e13569 c3 ret

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
06F9FF28 71181ACF 00000000 0113E350 0113E2C0 000CB008
user32!WaitMessage
06F9FFB4 7C4E987C 000CB008 0113E350 0113E2C0 000CB008 !
Ordinal123
06F9FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState

State Dump for Thread Id 0x72c

eax=7ffab000 ebx=80060003 ecx=00000000 edx=00000000
esi=00080cb8 edi=00000100
eip=77f839c7 esp=07d0fe28 ebp=07d0ff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202


function: NtReplyWaitReceivePortEx
77f839bc b8ac000000 mov eax,0xac
77f839c1 8d542404 lea edx,
[esp+0x4] ss:08789d0f=????????
77f839c5 cd2e int 2e
77f839c7 c21400 ret 0x14
77f839ca 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839cd 8b483c mov ecx,
[eax+0x3c] ds:80a24ee6=????????
77f839d0 f6400801 test byte ptr
[eax+0x8],0x1 ds:80a24ee6=??
77f839d4 7502 jnz
RtlCreateProcessParameters+0xd (77f83cd8)
77f839d6 03c8 add ecx,eax
77f839d8 894de4 mov
[ebp+0xe4],ecx ss:08789e5a=????????
77f839db 8b4710 mov eax,
[edi+0x10] ds:00a79fe6=????????
77f839de 668b4038 mov ax,
[eax+0x38] ds:80a24ee7=????
77f839e2 668945e0 mov
[ebp+0xe0],ax ss:08789e5b=????
77f839e6 668945e2 mov
[ebp+0xe2],ax ss:08789e5b=????
77f839ea 53 push ebx

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
07D0FF74 77D56D5E 77D39A00 00080CB8 00000000 00000000
ntdll!NtReplyWaitReceivePortEx
07D0FFA8 77D41C6D 0008AB58 07D0FFEC 7C4E987C 00094718
rpcrt4!TowerConstruct
07D0FFB4 7C4E987C 00094718 00000000 00000000 00094718
rpcrt4!I_RpcServerInqTransportType
07D0FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!SetThreadExecutionState

State Dump for Thread Id 0x410

eax=000000be ebx=07043a80 ecx=07e1fda0 edx=00000000
esi=070431c0 edi=635a0be0
eip=63623f21 esp=07e1fd80 ebp=07e1fd94 iopl=0 nv
up ei ng nz na pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000283


function: <nosymbols>
63623f0e 8b08 mov ecx,
[eax] ds:000000be=????????
63623f10 50 push eax
63623f11 ff5108 call dword ptr
[ecx+0x8] ds:08899c86=????????
63623f14 397508 cmp
[ebp+0x8],esi ss:08899c7a=????????
63623f17 74ce jz 6362cae7
63623f19 8b06 mov eax,
[esi] ds:070431c0=0000005d
63623f1b 8d4d0c lea ecx,
[ebp+0xc] ss:08899c7a=????????
63623f1e 51 push ecx
63623f1f 57 push edi
63623f20 56 push esi
FAULT ->63623f21 ff10 call dword ptr
[eax] ds:000000be=????????
63623f23 85c0 test eax,eax
63623f25 7c16 jl 6362ca3d
63623f27 8b450c mov eax,
[ebp+0xc] ss:08899c7a=????????
63623f2a 8b08 mov ecx,
[eax] ds:000000be=????????
63623f2c 50 push eax
63623f2d ff5108 call dword ptr
[ecx+0x8] ds:08899c86=????????
63623f30 8b4d08 mov ecx,
[ebp+0x8] ss:08899c7a=????????
63623f33 33c0 xor eax,eax
63623f35 3b4d0c cmp ecx,
[ebp+0xc] ss:08899c7a=????????
63623f38 0f94c0 sete al
63623f3b ebad jmp 636272ea

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
07E1FD94 63623FE1 07033900 070431C0 00000000 07033A00 !
<nosymbols>
07E1FDB8 636240EF 07033900 07042C80 0000000F 00000000 !
<nosymbols>
07E1FDEC 63637A95 07033900 07E1FE04 00000001 07033570 !
<nosymbols>
07E1FE08 63637185 00000001 07033570 00000000 067023E8 !
<nosymbols>
07E1FE80 6369108E 00000000 00000000 00000000 06702008 !
<nosymbols>
00000001 00000000 00000000 00000000 00000000 00000000 !
MatchExactGetIDsOfNames

*----> Raw Stack Dump <----*
07e1fd80 c0 31 04 07 e0 0b 5a 63 - a0 fd e1 07 00 00 00
00 .1....Zc........
07e1fd90 00 3a 03 07 b8 fd e1 07 - e1 3f 62 63 00 39 03
07 .:.......?bc.9..
07e1fda0 c0 31 04 07 00 00 00 00 - 00 3a 03 07 00 00 00
00 .1.......:......
07e1fdb0 60 3a 04 07 02 00 00 00 - ec fd e1 07 ef 40 62
63 `:...........@bc
07e1fdc0 00 39 03 07 80 2c 04 07 - 0f 00 00 00 00 00 00
00 .9...,..........
07e1fdd0 e4 fd e1 07 01 00 00 00 - 70 35 03 07 00 3a 03
07 ........p5...:..
07e1fde0 00 3a 03 07 00 00 00 00 - 00 3a 03 07 08 fe e1
07 .:.......:......
07e1fdf0 95 7a 63 63 00 39 03 07 - 04 fe e1 07 01 00 00
00 .zcc.9..........
07e1fe00 70 35 03 07 00 00 00 00 - 80 fe e1 07 85 71 63
63 p5...........qcc
07e1fe10 01 00 00 00 70 35 03 07 - 00 00 00 00 e8 23 70
06 ....p5.......#p.
07e1fe20 0e 70 63 63 00 00 00 00 - 00 00 00 00 70 35 03
07 .pcc........p5..
07e1fe30 c0 5e 58 63 70 35 03 07 - 01 00 00 00 36 d0 59
63 .^Xcp5......6.Yc
07e1fe40 70 35 03 07 b8 d4 5d 63 - 70 35 03 07 00 00 00
00 p5....]cp5......
07e1fe50 08 20 70 06 b5 df 5d 63 - 00 3a 03 07 ce 14 69
63 . p...]c.:....ic
07e1fe60 10 3a 03 07 00 00 00 00 - 08 20 70 06 98 23 70
06 .:....... p..#p.
07e1fe70 08 20 70 06 00 00 70 06 - 00 00 00 00 00 00 00
00 . p...p.........
07e1fe80 01 00 00 00 8e 10 69 63 - 00 00 00 00 00 00 00
00 ......ic........
07e1fe90 00 00 00 00 08 20 70 06 - c4 fe e1 07 00 00 00
00 ..... p.........
07e1fea0 c0 5e 58 63 18 a2 0a 09 - 30 a2 0a 09 2b 97 bc
69 .^Xc....0...+..i
07e1feb0 08 20 70 06 18 94 10 00 - c0 93 10 00 f4 86 c0
70 . p............p

State Dump for Thread Id 0x7a8

eax=778321fe ebx=00000003 ecx=0000004c edx=00000000
esi=77f93233 edi=00000003
eip=77f9323e esp=0868fd24 ebp=0868fd70 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246


function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:09109c0b=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0868FD70 7C4FABFB 0868FD48 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0868FFB4 7C4E987C 00000004 7FFAC000 7C2D02A7 000C11E0
kernel32!WaitForMultipleObjects
0868FFEC 00000000 778321FE 000C11E0 00000000 00000001
kernel32!SetThreadExecutionState

*----> Raw Stack Dump <----*
0868fd24 d7 bd 4e 7c 03 00 00 00 - 48 fd 68 08 01 00 00
00 ..N|....H.h.....
0868fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 e0 11 0c
00 ................
0868fd44 01 00 00 00 ac 03 00 00 - ec 05 00 00 00 06 00
00 ................
0868fd54 00 00 00 00 20 c4 06 82 - 24 cc 7d b6 40 cc 7d
b6 .... ...$.}.@.}.
0868fd64 ac ca 7d b6 05 00 00 00 - 67 f5 40 80 b4 ff 68
08 ..}[email protected].
0868fd74 fb ab 4f 7c 48 fd 68 08 - 01 00 00 00 00 00 00
00 ..O|H.h.........
0868fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
0868fd94 b0 fe 68 08 00 00 00 00 - ff ff ff ff e0 11 0c
00 ..h.............
0868fda4 a7 02 2d 7c 00 c0 fa 7f - 00 00 00 00 38 00 00
00 ..-|........8...
0868fdb4 00 00 00 00 00 00 00 00 - 00 00 00 00 38 00 00
00 ............8...
0868fdc4 23 00 00 00 23 00 00 00 - 00 c0 fa 7f a7 02 2d
7c #...#.........-|
0868fdd4 e0 11 0c 00 00 c0 fa 7f - 4c 00 00 00 fe 21 83
77 ........L....!.w
0868fde4 f8 cb fa 7f 24 98 4e 7c - 1b 00 00 00 00 02 00
00 ....$.N|........
0868fdf4 fc ff 68 08 23 00 00 00 - 00 00 00 00 a8 06 b2
81 ..h.#...........
0868fe04 00 00 00 00 60 06 b2 81 - 8c 35 00 00 20 a5 0e
82 ....`....5.. ...
0868fe14 00 07 00 00 4c d1 44 80 - 8c 35 00 00 20 a5 0e
82 ....L.D..5.. ...
0868fe24 8c 35 00 00 20 a5 0e 82 - 01 d2 fd 7f 5c 03 00
00 .5.. .......\...
0868fe34 f1 da 44 80 5c 03 00 00 - f0 00 8c 81 00 d0 fd
7f ..D.\...........
0868fe44 fc 07 30 c0 00 00 00 00 - f1 da 44 80 5c 03 00
00 ..0.......D.\...
0868fe54 f0 00 8c 81 00 00 00 00 - 01 00 00 00 00 00 00
00 ................

State Dump for Thread Id 0x7e0

eax=70c1acaf ebx=00000002 ecx=77f89650 edx=00000000
esi=77f93233 edi=00000002
eip=77f9323e esp=0905fe5c ebp=0905fea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246


function: NtWaitForMultipleObjects
77f93233 b8e9000000 mov eax,0xe9
77f93238 8d542404 lea edx,
[esp+0x4] ss:09ad9d43=????????
77f9323c cd2e int 2e
77f9323e c21400 ret 0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0905FEA8 77E13990 0905FE80 00000001 00000000 0905FEA0
ntdll!NtWaitForMultipleObjects
0905FF04 77E13A5C 0905FED0 70C2BB38 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
0905FF20 70C1A793 00000001 70C2BB38 00000000 0000EA60
user32!MsgWaitForMultipleObjects
0905FF74 70C1AB1B 0905FFA0 0905FFA4 0905FFA8 0905FF9C !
Ordinal265
0905FFAC 70C1ACDF 00000012 7C4E987C 00000000 00000000 !
Ordinal293
0905FFEC 00000000 00000000 00000000 00000000 00000000 !
Ordinal293

State Dump for Thread Id 0x680

eax=77ab464e ebx=00000102 ecx=00070778 edx=00000000
esi=77f89153 edi=0909ff74
eip=77f8915e esp=0909ff60 ebp=0909ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206


function: ZwDelayExecution
77f89153 b832000000 mov eax,0x32
77f89158 8d542404 lea edx,
[esp+0x4] ss:09b19e47=????????
77f8915c cd2e int 2e
77f8915e c20800 ret 0x8

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0909FF7C 7C4FAC79 0000EA60 00000000 77AB862F 0000EA60
ntdll!ZwDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep

*----> Raw Stack Dump <----*
0909ff60 a5 ac 4f 7c 00 00 00 00 - 74 ff 09 09 68 c4 4f
7c ..O|....t...h.O|
0909ff70 28 a5 12 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 (.....<.....0u..
0909ff80 79 ac 4f 7c 60 ea 00 00 - 00 00 00 00 2f 86 ab
77 y.O|`......./..w
0909ff90 60 ea 00 00 10 47 ab 77 - 00 00 00 00 00 00 a5
77 `....G.w.......w
0909ffa0 28 a5 12 00 ec ff 09 09 - 28 a5 12 00 68 46 ab
77 (.......(...hF.w
0909ffb0 d8 7a a6 77 c3 7a a6 77 - 7c 98 4e 7c 28 a5 12
00 .z.w.z.w|.N|(...
0909ffc0 d8 7a a6 77 c3 7a a6 77 - 28 a5 12 00 00 90 fa
7f .z.w.z.w(.......
0909ffd0 78 07 07 00 c0 ff 09 09 - 78 07 07 00 ff ff ff
ff x.......x.......
0909ffe0 b4 f0 4f 7c 60 d3 4e 7c - 00 00 00 00 00 00 00
00 ..O|`.N|........
0909fff0 00 00 00 00 4e 46 ab 77 - 28 a5 12 00 00 00 00
00 ....NF.w(.......
090a0000 c1 00 00 00 00 01 00 00 - ff ee ff ee 03 10 00
00 ................
090a0010 01 00 00 00 00 fe 00 00 - 00 00 10 00 00 20 00
00 ............. ..
090a0020 00 02 00 00 00 20 00 00 - b4 03 00 00 ff ef fd
7f ..... ..........
090a0030 1b 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
090a0040 00 00 00 00 98 05 0a 09 - 0f 00 00 00 f8 ff ff
ff ................
090a0050 50 00 0a 09 50 00 0a 09 - 08 06 0a 09 00 00 00
00 P...P...........
090a0060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
090a0070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
090a0080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
090a0090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Top