info
Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
windows 2000 explorer crash
1 view
Skip to first unread message
CHRISTOS STAVRINOU
Jul 31, 2000, 3:00:00 AM7/31/00
to
I HAVE A SERIOUS PROBLEM USING MICROSOFT WINDOWS
2000 PRO. WHEN I TRY TO SET SECURITIES ON DIRECTORIES OR FILES ON MY NTFS
PARTITION EXPLORER.EXE CRASHES THE SYSTEM. I ALSO PASTE THE LOG FILE OF
DRWATCHON AT THE END OF THIS MAIL. IF YOU HAVE ANY ANSWERS PLEASE REPLY ME AT stav...@hotmail.com
THANK YOU.
Microsoft (R) Windows 2000 (TM) Version 5.00 DrWtsn32
Copyright (C) 1985-1999 Microsoft Corp. All rights reserved.
Application exception
occurred:
App: explorer.exe (pid=836)
When: 7/29/2000 @ 15:38:24.088
Exception number: c0000005 (access violation)
App: explorer.exe (pid=836)
When: 7/29/2000 @ 15:38:24.088
Exception number: c0000005 (access violation)
*----> System Information
<----*
Computer Name: PANIKOSSTAV
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 5 Model 4 Stepping 3
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: None
Current Type: Uniprocessor Free
Registered Organization: PS
Registered Owner: PANIKOS STAVRINOU
Computer Name: PANIKOSSTAV
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 5 Model 4 Stepping 3
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: None
Current Type: Uniprocessor Free
Registered Organization: PS
Registered Owner: PANIKOS STAVRINOU
*----> Task List <----*
0 Idle.exe
8 System.exe
156 smss.exe
180 csrss.exe
200 winlogon.exe
228 services.exe
240 lsass.exe
412 svchost.exe
444 SPOOLSV.exe
484 svchost.exe
520 navapsvc.exe
572 regsvc.exe
596 mstask.exe
620 winmgmt.exe
680 mspmspsv.exe
720 alertsvc.exe
836 explorer.exe
524 POProxy.exe
928 internat.exe
932 msmsgs.exe
940 navapw32.exe
960 OLFSNT40.exe
1072 msimn.exe
1100 MDM.exe
840 IEXPLORE.exe
1064 drwtsn32.exe
0 _Total.exe
0 Idle.exe
8 System.exe
156 smss.exe
180 csrss.exe
200 winlogon.exe
228 services.exe
240 lsass.exe
412 svchost.exe
444 SPOOLSV.exe
484 svchost.exe
520 navapsvc.exe
572 regsvc.exe
596 mstask.exe
620 winmgmt.exe
680 mspmspsv.exe
720 alertsvc.exe
836 explorer.exe
524 POProxy.exe
928 internat.exe
932 msmsgs.exe
940 navapw32.exe
960 OLFSNT40.exe
1072 msimn.exe
1100 MDM.exe
840 IEXPLORE.exe
1064 drwtsn32.exe
0 _Total.exe
(00400000 - 0043C000)
(77F80000 - 77FF9000)
(77DB0000 - 77E0A000)
(77E80000 - 77F36000)
(77D40000 - 77DAF000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77C70000 - 77CBA000)
(77B50000 - 77BDA000)
(775A0000 - 777E0000)
(77A50000 - 77B45000)
(77CC0000 - 77D40000)
(779B0000 - 77A45000)
(78000000 - 78046000)
(77850000 - 7788C000)
(770C0000 - 770E3000)
(76C80000 - 76D90000)
(76E10000 - 76ED8000)
(77C10000 - 77C6D000)
(76DF0000 - 76E01000)
(76FA0000 - 76FAF000)
(773E0000 - 773F2000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 7515F000)
(75030000 - 75044000)
(75020000 - 75028000)
(77950000 - 77979000)
(77980000 - 779A4000)
(75050000 - 75058000)
(76F20000 - 76F95000)
(766D0000 - 766E8000)
(76740000 - 76748000)
(77890000 - 7791D000)
(766F0000 - 766F7000)
(77570000 - 775A0000)
(76680000 - 766C1000)
(770F0000 - 772AD000)
(75090000 - 750A0000)
(75160000 - 7516C000)
(75210000 - 75225000)
(751D0000 - 75208000)
(77560000 - 77569000)
(76710000 - 76719000)
(77400000 - 77408000)
(77410000 - 77423000)
(6E420000 - 6E426000)
(75E60000 - 75E7A000)
(76290000 - 762CD000)
(76120000 - 76178000)
(71F00000 - 71F4D000)
(6A8F0000 - 6A910000)
(74870000 - 74886000)
(70020000 - 70025000)
(75870000 - 758F3000)
(77320000 - 77337000)
(773B0000 - 773DE000)
(77380000 - 773A2000)
(77830000 - 7783E000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(7CA00000 - 7CA22000)
(77440000 - 774B8000)
(77430000 - 77440000)
(64B10000 - 64BE0000)
(68DC0000 - 68EB6000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(76C00000 - 76C74000)
(76D90000 - 76DE3000)
(6BDD0000 - 6BDFE000)
(770B0000 - 770B7000)
(10000000 - 1000B000)
(76930000 - 7695B000)
(77920000 - 77942000)
(69BF0000 - 69C0D000)
(77800000 - 7781D000)
(77BF0000 - 77C01000)
(72F30000 - 72F3E000)
(75940000 - 759AF000)
(74A50000 - 74A57000)
(68760000 - 6876B000)
(74EE0000 - 74EF5000)
(71F50000 - 71F60000)
(69920000 - 69955000)
(780C0000 - 7814D000)
(717C0000 - 717DE000)
(76B20000 - 76B25000)
(772B0000 - 7731C000)
(77F80000 - 77FF9000)
(77DB0000 - 77E0A000)
(77E80000 - 77F36000)
(77D40000 - 77DAF000)
(77F40000 - 77F7C000)
(77E10000 - 77E75000)
(77C70000 - 77CBA000)
(77B50000 - 77BDA000)
(775A0000 - 777E0000)
(77A50000 - 77B45000)
(77CC0000 - 77D40000)
(779B0000 - 77A45000)
(78000000 - 78046000)
(77850000 - 7788C000)
(770C0000 - 770E3000)
(76C80000 - 76D90000)
(76E10000 - 76ED8000)
(77C10000 - 77C6D000)
(76DF0000 - 76E01000)
(76FA0000 - 76FAF000)
(773E0000 - 773F2000)
(75170000 - 751BF000)
(77BE0000 - 77BEF000)
(751C0000 - 751C6000)
(75150000 - 7515F000)
(75030000 - 75044000)
(75020000 - 75028000)
(77950000 - 77979000)
(77980000 - 779A4000)
(75050000 - 75058000)
(76F20000 - 76F95000)
(766D0000 - 766E8000)
(76740000 - 76748000)
(77890000 - 7791D000)
(766F0000 - 766F7000)
(77570000 - 775A0000)
(76680000 - 766C1000)
(770F0000 - 772AD000)
(75090000 - 750A0000)
(75160000 - 7516C000)
(75210000 - 75225000)
(751D0000 - 75208000)
(77560000 - 77569000)
(76710000 - 76719000)
(77400000 - 77408000)
(77410000 - 77423000)
(6E420000 - 6E426000)
(75E60000 - 75E7A000)
(76290000 - 762CD000)
(76120000 - 76178000)
(71F00000 - 71F4D000)
(6A8F0000 - 6A910000)
(74870000 - 74886000)
(70020000 - 70025000)
(75870000 - 758F3000)
(77320000 - 77337000)
(773B0000 - 773DE000)
(77380000 - 773A2000)
(77830000 - 7783E000)
(774E0000 - 77512000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(7CA00000 - 7CA22000)
(77440000 - 774B8000)
(77430000 - 77440000)
(64B10000 - 64BE0000)
(68DC0000 - 68EB6000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(76C00000 - 76C74000)
(76D90000 - 76DE3000)
(6BDD0000 - 6BDFE000)
(770B0000 - 770B7000)
(10000000 - 1000B000)
(76930000 - 7695B000)
(77920000 - 77942000)
(69BF0000 - 69C0D000)
(77800000 - 7781D000)
(77BF0000 - 77C01000)
(72F30000 - 72F3E000)
(75940000 - 759AF000)
(74A50000 - 74A57000)
(68760000 - 6876B000)
(74EE0000 - 74EF5000)
(71F50000 - 71F60000)
(69920000 - 69955000)
(780C0000 - 7814D000)
(717C0000 - 717DE000)
(76B20000 - 76B25000)
(772B0000 - 7731C000)
State Dump for Thread Id 0x340
eax=00000001 ebx=00000001 ecx=000002af edx=00000000
esi=000917f0 edi=00000000
eip=77e14b53 esp=0006ff00 ebp=0006ff1c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
eip=77e14b53 esp=0006ff00 ebp=0006ff1c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
function: WaitMessage
77e14b48 b836120000 mov eax,0x1236
77e14b4d 8d542404 lea edx,[esp+0x4] ss:00aed4d7=????????
77e14b51 cd2e int 2e
77e14b53 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
0006FF1C 775A59BF 00000000 0040CA37 000917F0 00000000 user32!WaitMessage
0006FF60 0040C730 00000054 00000000 000205AC 00000001 shell32!Ordinal201
0006FFC0 77E87903 00000000 00000000 7FFDF000 00000000 explorer!<nosymbols>
0006FFF0 00000000 0040C6A2 00000000 000000C8 00000100 kernel32!SetUnhandledExceptionFilter
0006FF1C 775A59BF 00000000 0040CA37 000917F0 00000000 user32!WaitMessage
0006FF60 0040C730 00000054 00000000 000205AC 00000001 shell32!Ordinal201
0006FFC0 77E87903 00000000 00000000 7FFDF000 00000000 explorer!<nosymbols>
0006FFF0 00000000 0040C6A2 00000000 000000C8 00000100 kernel32!SetUnhandledExceptionFilter
*----> Raw Stack Dump
<----*
0006ff00 30 5a 5a 77 a6 c0 e8 77 - f0 17 09 00 01 00 00 00 0ZZw...w........
0006ff10 f0 17 09 00 f0 17 09 00 - 60 ff 06 00 60 ff 06 00 ........`...`...
0006ff20 bf 59 5a 77 00 00 00 00 - 37 ca 40 00 f0 17 09 00 .YZw....7.@.....
0006ff30 00 00 00 00 ac 05 02 00 - 00 f0 fd 7f 00 e0 fd 7f ................
0006ff40 8b 65 e9 77 00 00 00 00 - 0c 00 00 00 ac 05 02 00 .e.w............
0006ff50 00 48 07 00 02 00 00 00 - 32 f5 00 00 e0 ff 06 00 .H......2.......
0006ff60 c0 ff 06 00 30 c7 40 00 - 54 00 00 00 00 00 00 00 ....0.@.T.......
0006ff70 ac 05 02 00 01 00 00 00 - 00 00 00 00 44 00 00 00 ............D...
0006ff80 d0 47 07 00 e8 47 07 00 - 00 48 07 00 00 00 00 00 .G...G...H......
0006ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 80 e9 06 00 ................
0006ffa0 f2 80 db 77 58 00 00 00 - 01 00 00 00 01 00 00 00 ...wX...........
0006ffb0 00 00 00 00 ff ff ff ff - ff ff ff ff ff ff ff ff ................
0006ffc0 f0 ff 06 00 03 79 e8 77 - 00 00 00 00 00 00 00 00 .....y.w........
0006ffd0 00 f0 fd 7f 00 00 00 00 - c8 ff 06 00 00 00 00 00 ................
0006ffe0 ff ff ff ff fd 13 ea 77 - 08 79 e8 77 00 00 00 00 .......w.y.w....
0006fff0 00 00 00 00 00 00 00 00 - a2 c6 40 00 00 00 00 00 ..........@.....
00070000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 00 00 00 ................
00070010 00 00 00 00 00 fe 00 00 - 00 00 10 00 00 20 00 00 ............. ..
00070020 00 02 00 00 00 20 00 00 - 18 16 00 00 ff ef fd 7f ..... ..........
00070030 01 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0006ff00 30 5a 5a 77 a6 c0 e8 77 - f0 17 09 00 01 00 00 00 0ZZw...w........
0006ff10 f0 17 09 00 f0 17 09 00 - 60 ff 06 00 60 ff 06 00 ........`...`...
0006ff20 bf 59 5a 77 00 00 00 00 - 37 ca 40 00 f0 17 09 00 .YZw....7.@.....
0006ff30 00 00 00 00 ac 05 02 00 - 00 f0 fd 7f 00 e0 fd 7f ................
0006ff40 8b 65 e9 77 00 00 00 00 - 0c 00 00 00 ac 05 02 00 .e.w............
0006ff50 00 48 07 00 02 00 00 00 - 32 f5 00 00 e0 ff 06 00 .H......2.......
0006ff60 c0 ff 06 00 30 c7 40 00 - 54 00 00 00 00 00 00 00 ....0.@.T.......
0006ff70 ac 05 02 00 01 00 00 00 - 00 00 00 00 44 00 00 00 ............D...
0006ff80 d0 47 07 00 e8 47 07 00 - 00 48 07 00 00 00 00 00 .G...G...H......
0006ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 80 e9 06 00 ................
0006ffa0 f2 80 db 77 58 00 00 00 - 01 00 00 00 01 00 00 00 ...wX...........
0006ffb0 00 00 00 00 ff ff ff ff - ff ff ff ff ff ff ff ff ................
0006ffc0 f0 ff 06 00 03 79 e8 77 - 00 00 00 00 00 00 00 00 .....y.w........
0006ffd0 00 f0 fd 7f 00 00 00 00 - c8 ff 06 00 00 00 00 00 ................
0006ffe0 ff ff ff ff fd 13 ea 77 - 08 79 e8 77 00 00 00 00 .......w.y.w....
0006fff0 00 00 00 00 00 00 00 00 - a2 c6 40 00 00 00 00 00 ..........@.....
00070000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 00 00 00 ................
00070010 00 00 00 00 00 fe 00 00 - 00 00 10 00 00 20 00 00 ............. ..
00070020 00 02 00 00 00 20 00 00 - 18 16 00 00 ff ef fd 7f ..... ..........
00070030 01 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
State Dump for Thread Id 0x324
eax=000cdba0 ebx=0006fee8 ecx=00b50003 edx=00000000
esi=0006ff04 edi=00000000
eip=77e14b53 esp=00d5ff60 ebp=00d5ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
eip=77e14b53 esp=00d5ff60 ebp=00d5ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
function: WaitMessage
77e14b48 b836120000 mov eax,0x1236
77e14b4d 8d542404 lea edx,[esp+0x4] ss:017dd537=????????
77e14b51 cd2e int 2e
77e14b53 c3 ret
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
00D5FF80 0040318F 77C8AFC3 00400000 00074818 00074824 user32!WaitMessage
00D5FFB4 77E92CA8 0006FEE8 00074818 00074824 0006FEE8 explorer!<nosymbols>
00D5FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!CreateFileA
00D5FF80 0040318F 77C8AFC3 00400000 00074818 00074824 user32!WaitMessage
00D5FFB4 77E92CA8 0006FEE8 00074818 00074824 0006FEE8 explorer!<nosymbols>
00D5FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!CreateFileA
State Dump for Thread Id 0x368
eax=02300004 ebx=00000009 ecx=04000000 edx=00000000
esi=77f87e6c edi=00000009
eip=77f87e77 esp=00dafd98 ebp=00dafde4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
eip=77f87e77 esp=00dafd98 ebp=00dafde4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
function: ZwWaitForMultipleObjects
77f87e6c b8e9000000 mov eax,0xe9
77f87e71 8d542404 lea edx,[esp+0x4] ss:0182d36f=????????
77f87e75 cd2e int 2e
77f87e77 c21400 ret 0x14
77f87e7a 668b08 mov cx,[eax] ds:02300004=????
77f87e7d 40 inc eax
77f87e7e 40 inc eax
77f87e7f 8945a4 mov [ebp+0xa4],eax ss:0182d3ba=????????
77f87e82 6685c9 test cx,cx
77f87e85 75f3 jnz RtlExpandEnvironmentStrings_U+0x26 (77f8e57a)
77f87e87 663930 cmp [eax],si ds:02300004=????
77f87e8a 75ee jnz ZwFsControlFile+0x54 (77f8bf7a)
77f87e8c 40 inc eax
77f87e8d 40 inc eax
77f87e8e 8945a4 mov [ebp+0xa4],eax ss:0182d3ba=????????
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
00DAFDE4 77E1464C 000EE9F8 00000001 00000000 00000000 ntdll!ZwWaitForMultipleObjects
00DAFE40 77E14718 00DAFE0C 00DAFEB8 FFFFFFFF 000000FF user32!MsgWaitForMultipleObjectsEx
00DAFE5C 775A483F 00000008 00DAFEB8 00000000 FFFFFFFF user32!MsgWaitForMultipleObjects
776BC2F0 FFFFFFFF 00000000 00000000 00000154 00000000 shell32!ExtractVersionResource16W
77FCDB00 776BC2F0 77FCDB28 77FCDAE8 000001A1 000001A1 <nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000 shell32!<nosymbols>
00DAFDE4 77E1464C 000EE9F8 00000001 00000000 00000000 ntdll!ZwWaitForMultipleObjects
00DAFE40 77E14718 00DAFE0C 00DAFEB8 FFFFFFFF 000000FF user32!MsgWaitForMultipleObjectsEx
00DAFE5C 775A483F 00000008 00DAFEB8 00000000 FFFFFFFF user32!MsgWaitForMultipleObjects
776BC2F0 FFFFFFFF 00000000 00000000 00000154 00000000 shell32!ExtractVersionResource16W
77FCDB00 776BC2F0 77FCDB28 77FCDAE8 000001A1 000001A1 <nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000 shell32!<nosymbols>
State Dump for Thread Id 0x36c
eax=00e7fea0 ebx=00000002 ecx=00000000 edx=00000000
esi=77f87e6c edi=00000002
eip=77f87e77 esp=00e7fe5c ebp=00e7fea8 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
eip=77f87e77 esp=00e7fe5c ebp=00e7fea8 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
function: ZwWaitForMultipleObjects
77f87e6c b8e9000000 mov eax,0xe9
77f87e71 8d542404 lea edx,[esp+0x4] ss:018fd433=????????
77f87e75 cd2e int 2e
77f87e77 c21400 ret 0x14
77f87e7a 668b08 mov cx,[eax] ds:00e7fea0=ba00
77f87e7d 40 inc eax
77f87e7e 40 inc eax
77f87e7f 8945a4 mov [ebp+0xa4],eax ss:018fd47e=????????
77f87e82 6685c9 test cx,cx
77f87e85 75f3 jnz RtlExpandEnvironmentStrings_U+0x26 (77f8e57a)
77f87e87 663930 cmp [eax],si ds:00e7fea0=ba00
77f87e8a 75ee jnz ZwFsControlFile+0x54 (77f8bf7a)
77f87e8c 40 inc eax
77f87e8d 40 inc eax
77f87e8e 8945a4 mov [ebp+0xa4],eax ss:018fd47e=????????
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
00E7FEA8 77E1464C 00E7FE80 00000001 00000000 00E7FEA0 ntdll!ZwWaitForMultipleObjects
00E7FF04 77E14718 00E7FED0 77CB4170 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx
00E7FF20 77C71991 00000001 77CB4170 00000000 0000EA60 user32!MsgWaitForMultipleObjects
00E7FF74 77C75E56 00E7FFA0 00E7FFA4 00E7FFA8 00E7FF9C shlwapi!Ordinal195
00E7FFAC 77C75DBC 00000000 77E92CA8 00000000 00000000 shlwapi!AssocQueryKeyW
00E7FFEC 00000000 00000000 00000000 00000000 00000000 shlwapi!AssocQueryKeyW
00E7FEA8 77E1464C 00E7FE80 00000001 00000000 00E7FEA0 ntdll!ZwWaitForMultipleObjects
00E7FF04 77E14718 00E7FED0 77CB4170 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx
00E7FF20 77C71991 00000001 77CB4170 00000000 0000EA60 user32!MsgWaitForMultipleObjects
00E7FF74 77C75E56 00E7FFA0 00E7FFA4 00E7FFA8 00E7FF9C shlwapi!Ordinal195
00E7FFAC 77C75DBC 00000000 77E92CA8 00000000 00000000 shlwapi!AssocQueryKeyW
00E7FFEC 00000000 00000000 00000000 00000000 00000000 shlwapi!AssocQueryKeyW
State Dump for Thread Id 0x364
eax=000000c0 ebx=00d5fd00 ecx=77e9f49f edx=00000000
esi=ffffffff edi=00000557
eip=77f90333 esp=00feffa0 ebp=00feffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
eip=77f90333 esp=00feffa0 ebp=00feffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
function: ZwDelayExecution
77f90328 b832000000 mov eax,0x32
77f9032d 8d542404 lea edx,[esp+0x4] ss:01a6d577=????????
77f90331 cd2e int 2e
77f90333 c20800 ret 0x8
77f90336 33c0 xor eax,eax
77f90338 e99ac6ffff jmp RtlCopySid+0x64 (77f8c9d7)
77f9033d 23d1 and edx,ecx
77f9033f 8a06 mov al,[esi] ds:ffffffff=??
77f90341 8807 mov [edi],al ds:00000557=??
77f90343 8a4601 mov al,[esi+0x1] ds:00a7d5d5=??
77f90346 884701 mov [edi+0x1],al ds:00a7db2d=??
77f90349 8a4602 mov al,[esi+0x2] ds:00a7d5d5=??
77f9034c c1e902 shr ecx,0x2
77f9034f 884702 mov [edi+0x2],al ds:00a7db2d=??
77f90352 83c603 add esi,0x3
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
00FEFFB4 77E92CA8 00D5FD00 00000557 FFFFFFFF 00D5FD00 ntdll!ZwDelayExecution
00FEFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!CreateFileA
00FEFFB4 77E92CA8 00D5FD00 00000557 FFFFFFFF 00D5FD00 ntdll!ZwDelayExecution
00FEFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!CreateFileA
State Dump for Thread Id 0x378
eax=00000a08 ebx=00000000 ecx=000ca8a8 edx=00000000
esi=0102fed8 edi=00000000
eip=77e1414f esp=0102fe98 ebp=0102feb0 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
eip=77e1414f esp=0102fe98 ebp=0102feb0 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
function: DispatchMessageW
77e14137 90 nop
77e14138 ffff ???
77e1413a ffff ???
77e1413c 7407 jz DrawFrame+0xae4 (77e22545)
77e1413e e477 in al,77
77e14140 8707 xchg [edi],eax ds:00000000=????????
77e14142 e477 in al,77
77e14144 b89a110000 mov eax,0x119a
77e14149 8d542404 lea edx,[esp+0x4] ss:01aad46f=????????
77e1414d cd2e int 2e
77e1414f c21000 ret 0x10
77e14152 55 push ebp
77e14153 8bec mov ebp,esp
77e14155 53 push ebx
77e14156 56 push esi
77e14157 8b7508 mov esi,[ebp+0x8] ss:01aad486=????????
77e1415a 8b450c mov eax,[ebp+0xc] ss:01aad486=????????
77e1415d 57 push edi
77e1415e 33ff xor edi,edi
77e14160 0fb74e2a movzx ecx,word ptr [esi+0x2a] ds:01aad4af=????
77e14164 81e1ff3fffff and ecx,0xffff3fff
77e1416a 7521 jnz UnregisterClassA+0x13f (77e1c68d)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
0102FEB0 76F218EC 0102FED8 00000000 00000000 00000000 user32!DispatchMessageW
00000001 00000000 00000000 00000000 00000000 00000000 netshell!DllGetClassObject
0102FEB0 76F218EC 0102FED8 00000000 00000000 00000000 user32!DispatchMessageW
00000001 00000000 00000000 00000000 00000000 00000000 netshell!DllGetClassObject
State Dump for Thread Id 0x37c
eax=0106fd70 ebx=77e1b629 ecx=00445a68 edx=00000000
esi=0106fd70 edi=77e1426e
eip=77e1414f esp=0106fd04 ebp=0106fd1c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
eip=77e1414f esp=0106fd04 ebp=0106fd1c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
function: DispatchMessageW
77e14137 90 nop
77e14138 ffff ???
77e1413a ffff ???
77e1413c 7407 jz DrawFrame+0xae4 (77e22545)
77e1413e e477 in al,77
77e14140 8707 xchg [edi],eax ds:77e1426e=8bec8b55
77e14142 e477 in al,77
77e14144 b89a110000 mov eax,0x119a
77e14149 8d542404 lea edx,[esp+0x4] ss:01aed2db=????????
77e1414d cd2e int 2e
77e1414f c21000 ret 0x10
77e14152 55 push ebp
77e14153 8bec mov ebp,esp
77e14155 53 push ebx
77e14156 56 push esi
77e14157 8b7508 mov esi,[ebp+0x8] ss:01aed2f2=????????
77e1415a 8b450c mov eax,[ebp+0xc] ss:01aed2f2=????????
77e1415d 57 push edi
77e1415e 33ff xor edi,edi
77e14160 0fb74e2a movzx ecx,word ptr [esi+0x2a] ds:01aed347=????
77e14164 81e1ff3fffff and ecx,0xffff3fff
77e1416a 7521 jnz UnregisterClassA+0x13f (77e1c68d)
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
0106FD1C 766D16D3 0106FD70 00000000 00000000 00000000 user32!DispatchMessageW
0106FD90 766D15BD 00010070 00000000 766D2610 00000001 stobject!DllGetClassObject
0106FFB4 77E92CA8 00000000 00D5FAD4 77FB80DB 00000000 stobject!DllGetClassObject
0106FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!CreateFileA
0106FD1C 766D16D3 0106FD70 00000000 00000000 00000000 user32!DispatchMessageW
0106FD90 766D15BD 00010070 00000000 766D2610 00000001 stobject!DllGetClassObject
0106FFB4 77E92CA8 00000000 00D5FAD4 77FB80DB 00000000 stobject!DllGetClassObject
0106FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!CreateFileA
State Dump for Thread Id 0x380
eax=76681757 ebx=00000003 ecx=00070000 edx=00000000
esi=77f87e6c edi=00000003
eip=77f87e77 esp=010aff20 ebp=010aff6c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
eip=77f87e77 esp=010aff20 ebp=010aff6c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
function: ZwWaitForMultipleObjects
77f87e6c b8e9000000 mov eax,0xe9
77f87e71 8d542404 lea edx,[esp+0x4] ss:01b2d4f7=????????
77f87e75 cd2e int 2e
77f87e77 c21400 ret 0x14
77f87e7a 668b08 mov cx,[eax] ds:76681757=8b55
77f87e7d 40 inc eax
77f87e7e 40 inc eax
77f87e7f 8945a4 mov [ebp+0xa4],eax ss:01b2d542=????????
77f87e82 6685c9 test cx,cx
77f87e85 75f3 jnz RtlExpandEnvironmentStrings_U+0x26 (77f8e57a)
77f87e87 663930 cmp [eax],si ds:76681757=8b55
77f87e8a 75ee jnz ZwFsControlFile+0x54 (77f8bf7a)
77f87e8c 40 inc eax
77f87e8d 40 inc eax
77f87e8e 8945a4 mov [ebp+0xa4],eax ss:01b2d542=????????
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
010AFF6C 77E9E68A 010AFF44 00000001 00000000 00000000 ntdll!ZwWaitForMultipleObjects
010AFFB4 77E92CA8 00000000 00000000 00D5FA44 00000000 kernel32!WaitForMultipleObjects
010AFFEC 00000000 76681757 00000000 00000000 00040000 kernel32!CreateFileA
010AFF6C 77E9E68A 010AFF44 00000001 00000000 00000000 ntdll!ZwWaitForMultipleObjects
010AFFB4 77E92CA8 00000000 00000000 00D5FA44 00000000 kernel32!WaitForMultipleObjects
010AFFEC 00000000 76681757 00000000 00000000 00040000 kernel32!CreateFileA
*----> Raw Stack Dump
<----*
010aff20 b2 79 e8 77 03 00 00 00 - 44 ff 0a 01 01 00 00 00 .y.w....D.......
010aff30 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 10 00 ................
010aff40 01 00 00 00 94 02 00 00 - 98 02 00 00 9c 02 00 00 ................
010aff50 60 ff 0a 01 80 00 00 00 - 00 00 00 00 00 00 00 00 `...............
010aff60 1e 00 20 00 d0 19 68 76 - 9c 02 00 00 b4 ff 0a 01 .. ...hv........
010aff70 8a e6 e9 77 44 ff 0a 01 - 01 00 00 00 00 00 00 00 ...wD...........
010aff80 00 00 00 00 00 00 00 00 - cb 17 68 76 03 00 00 00 ..........hv....
010aff90 a8 ff 0a 01 00 00 00 00 - ff ff ff ff 00 00 00 00 ................
010affa0 44 fa d5 00 00 00 00 00 - 94 02 00 00 98 02 00 00 D...............
010affb0 9c 02 00 00 ec ff 0a 01 - a8 2c e9 77 00 00 00 00 .........,.w....
010affc0 00 00 00 00 44 fa d5 00 - 00 00 00 00 00 40 fd 7f ....D........@..
010affd0 00 00 07 00 c0 ff 0a 01 - 00 00 07 00 ff ff ff ff ................
010affe0 fd 13 ea 77 08 c0 e9 77 - 00 00 00 00 00 00 00 00 ...w...w........
010afff0 00 00 00 00 57 17 68 76 - 00 00 00 00 00 00 00 00 ....W.hv........
010b0000 00 00 04 00 01 00 00 00 - 01 00 00 00 20 00 01 00 ............ ...
010b0010 08 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
010b0020 00 00 00 00 5c 00 5c 00 - 3f 00 5c 00 69 00 73 00 ....\.\.?.\.i.s.
010b0030 61 00 70 00 6e 00 70 00 - 23 00 63 00 74 00 6c 00 a.p.n.p.#.c.t.l.
010b0040 30 00 30 00 34 00 34 00 - 5f 00 64 00 65 00 76 00 0.0.4.4._.d.e.v.
010b0050 30 00 30 00 30 00 30 00 - 23 00 31 00 34 00 37 00 0.0.0.0.#.1.4.7.
010aff20 b2 79 e8 77 03 00 00 00 - 44 ff 0a 01 01 00 00 00 .y.w....D.......
010aff30 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 10 00 ................
010aff40 01 00 00 00 94 02 00 00 - 98 02 00 00 9c 02 00 00 ................
010aff50 60 ff 0a 01 80 00 00 00 - 00 00 00 00 00 00 00 00 `...............
010aff60 1e 00 20 00 d0 19 68 76 - 9c 02 00 00 b4 ff 0a 01 .. ...hv........
010aff70 8a e6 e9 77 44 ff 0a 01 - 01 00 00 00 00 00 00 00 ...wD...........
010aff80 00 00 00 00 00 00 00 00 - cb 17 68 76 03 00 00 00 ..........hv....
010aff90 a8 ff 0a 01 00 00 00 00 - ff ff ff ff 00 00 00 00 ................
010affa0 44 fa d5 00 00 00 00 00 - 94 02 00 00 98 02 00 00 D...............
010affb0 9c 02 00 00 ec ff 0a 01 - a8 2c e9 77 00 00 00 00 .........,.w....
010affc0 00 00 00 00 44 fa d5 00 - 00 00 00 00 00 40 fd 7f ....D........@..
010affd0 00 00 07 00 c0 ff 0a 01 - 00 00 07 00 ff ff ff ff ................
010affe0 fd 13 ea 77 08 c0 e9 77 - 00 00 00 00 00 00 00 00 ...w...w........
010afff0 00 00 00 00 57 17 68 76 - 00 00 00 00 00 00 00 00 ....W.hv........
010b0000 00 00 04 00 01 00 00 00 - 01 00 00 00 20 00 01 00 ............ ...
010b0010 08 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
010b0020 00 00 00 00 5c 00 5c 00 - 3f 00 5c 00 69 00 73 00 ....\.\.?.\.i.s.
010b0030 61 00 70 00 6e 00 70 00 - 23 00 63 00 74 00 6c 00 a.p.n.p.#.c.t.l.
010b0040 30 00 30 00 34 00 34 00 - 5f 00 64 00 65 00 76 00 0.0.4.4._.d.e.v.
010b0050 30 00 30 00 30 00 30 00 - 23 00 31 00 34 00 37 00 0.0.0.0.#.1.4.7.
State Dump for Thread Id 0x3b8
eax=00000001 ebx=80060004 ecx=00010101 edx=00000000
esi=00084ef0 edi=00000100
eip=77f82eec esp=0117fe28 ebp=0117ff74 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206
eip=77f82eec esp=0117fe28 ebp=0117ff74 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206
function: ZwReplyWaitReceivePortEx
77f82ee1 b8ac000000 mov eax,0xac
77f82ee6 8d542404 lea edx,[esp+0x4] ss:01bfd3ff=adf00d0b
77f82eea cd2e int 2e
77f82eec c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
0117FF74 77D4B407 77D4B7BF 00084EF0 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx
0117FFA8 77D4B771 000A16E0 0117FFEC 77E92CA8 000AAED8 rpcrt4!RpcBindingSetOption
0117FFB4 77E92CA8 000AAED8 00000000 00000000 000AAED8 rpcrt4!RpcBindingSetOption
0117FFEC 00000000 77D4B759 000AAED8 00000000 00000000 kernel32!CreateFileA
0117FF74 77D4B407 77D4B7BF 00084EF0 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx
0117FFA8 77D4B771 000A16E0 0117FFEC 77E92CA8 000AAED8 rpcrt4!RpcBindingSetOption
0117FFB4 77E92CA8 000AAED8 00000000 00000000 000AAED8 rpcrt4!RpcBindingSetOption
0117FFEC 00000000 77D4B759 000AAED8 00000000 00000000 kernel32!CreateFileA
*----> Raw Stack Dump
<----*
0117fe28 94 b5 d4 77 fc 00 00 00 - 54 ff 17 01 00 00 00 00 ...w....T.......
0117fe38 18 fe 0a 00 58 ff 17 01 - 00 7a 07 00 e0 16 0a 00 ....X....z......
0117fe48 d8 ae 0a 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 6b 00 00 00 ............k...
0117fe88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117fe98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117fea8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117feb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117fec8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117fed8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117fee8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117fef8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117ff08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117ff18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117ff28 00 00 00 00 20 20 b0 ff - a0 5d 9f ff 00 00 00 00 .... ...]......
0117ff38 30 5f 9f ff 60 ec 52 fd - 46 02 00 00 86 d6 42 80 0_..`.R.F.....B.
0117ff48 c0 95 06 80 00 5f 9f ff - a0 5d 9f ff 04 00 06 80 ....._...]......
0117ff58 00 a2 2f 4d ff ff ff ff - 50 fe 17 01 04 00 06 80 ../M....P.......
0117fe28 94 b5 d4 77 fc 00 00 00 - 54 ff 17 01 00 00 00 00 ...w....T.......
0117fe38 18 fe 0a 00 58 ff 17 01 - 00 7a 07 00 e0 16 0a 00 ....X....z......
0117fe48 d8 ae 0a 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 6b 00 00 00 ............k...
0117fe88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117fe98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117fea8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117feb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117fec8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117fed8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117fee8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117fef8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117ff08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117ff18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0117ff28 00 00 00 00 20 20 b0 ff - a0 5d 9f ff 00 00 00 00 .... ...]......
0117ff38 30 5f 9f ff 60 ec 52 fd - 46 02 00 00 86 d6 42 80 0_..`.R.F.....B.
0117ff48 c0 95 06 80 00 5f 9f ff - a0 5d 9f ff 04 00 06 80 ....._...]......
0117ff58 00 a2 2f 4d ff ff ff ff - 50 fe 17 01 04 00 06 80 ../M....P.......
State Dump for Thread Id 0x3d4
eax=77562bdf ebx=00000002 ecx=00000000 edx=00000000
esi=77f87e6c edi=00000002
eip=77f87e77 esp=011eff24 ebp=011eff70 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
eip=77f87e77 esp=011eff24 ebp=011eff70 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
function: ZwWaitForMultipleObjects
77f87e6c b8e9000000 mov eax,0xe9
77f87e71 8d542404 lea edx,[esp+0x4] ss:01c6d4fb=adf00d0b
77f87e75 cd2e int 2e
77f87e77 c21400 ret 0x14
77f87e7a 668b08 mov cx,[eax] ds:77562bdf=8b55
77f87e7d 40 inc eax
77f87e7e 40 inc eax
77f87e7f 8945a4 mov [ebp+0xa4],eax ss:01c6d546=f00d0bad
77f87e82 6685c9 test cx,cx
77f87e85 75f3 jnz RtlExpandEnvironmentStrings_U+0x26 (77f8e57a)
77f87e87 663930 cmp [eax],si ds:77562bdf=8b55
77f87e8a 75ee jnz ZwFsControlFile+0x54 (77f8bf7a)
77f87e8c 40 inc eax
77f87e8d 40 inc eax
77f87e8e 8945a4 mov [ebp+0xa4],eax ss:01c6d546=f00d0bad
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
011EFF70 77E9E68A 011EFF48 00000001 00000000 00000000 ntdll!ZwWaitForMultipleObjects
011EFFB4 77E92CA8 00000000 7FFD5BF8 00000000 00000000 kernel32!WaitForMultipleObjects
011EFFEC 00000000 77562BDF 00000000 00000000 6E420000 kernel32!CreateFileA
011EFF70 77E9E68A 011EFF48 00000001 00000000 00000000 ntdll!ZwWaitForMultipleObjects
011EFFB4 77E92CA8 00000000 7FFD5BF8 00000000 00000000 kernel32!WaitForMultipleObjects
011EFFEC 00000000 77562BDF 00000000 00000000 6E420000 kernel32!CreateFileA
*----> Raw Stack Dump
<----*
011eff24 b2 79 e8 77 02 00 00 00 - 48 ff 1e 01 01 00 00 00 .y.w....H.......
011eff34 00 00 00 00 00 00 00 00 - f8 5b fd 7f 00 00 00 00 .........[......
011eff44 00 00 00 00 cc 02 00 00 - 1c 02 00 00 20 90 99 ff ............ ...
011eff54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
011eff64 00 00 00 00 ac 3c 67 fd - 00 00 00 00 b4 ff 1e 01 .....<g.........
011eff74 8a e6 e9 77 48 ff 1e 01 - 01 00 00 00 00 00 00 00 ...wH...........
011eff84 00 00 00 00 00 00 00 00 - 1f 2c 56 77 02 00 00 00 .........,Vw....
011eff94 a4 ff 1e 01 00 00 00 00 - ff ff ff ff 00 00 00 00 ................
011effa4 cc 02 00 00 1c 02 00 00 - 00 00 00 00 2b 0e 43 80 ............+.C.
011effb4 ec ff 1e 01 a8 2c e9 77 - 00 00 00 00 f8 5b fd 7f .....,.w.....[..
011effc4 00 00 00 00 00 00 00 00 - 00 80 fd 7f 00 00 00 00 ................
011effd4 c0 ff 1e 01 00 00 00 00 - ff ff ff ff fd 13 ea 77 ...............w
011effe4 08 c0 e9 77 00 00 00 00 - 00 00 00 00 00 00 00 00 ...w............
011efff4 df 2b 56 77 00 00 00 00 - 00 00 00 00 00 00 42 6e .+Vw..........Bn
011f0004 01 00 00 00 86 00 01 00 - 00 00 00 00 65 00 05 00 ............e...
011f0014 00 00 00 00 81 00 07 00 - 3a 00 02 00 40 00 02 00 ........:...@...
011f0024 4e 00 01 00 b6 01 05 00 - 78 02 02 00 00 00 00 00 N.......x.......
011f0034 00 00 00 00 44 04 00 00 - 09 04 09 04 00 00 00 00 ....D...........
011f0044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
011f0054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
011eff24 b2 79 e8 77 02 00 00 00 - 48 ff 1e 01 01 00 00 00 .y.w....H.......
011eff34 00 00 00 00 00 00 00 00 - f8 5b fd 7f 00 00 00 00 .........[......
011eff44 00 00 00 00 cc 02 00 00 - 1c 02 00 00 20 90 99 ff ............ ...
011eff54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
011eff64 00 00 00 00 ac 3c 67 fd - 00 00 00 00 b4 ff 1e 01 .....<g.........
011eff74 8a e6 e9 77 48 ff 1e 01 - 01 00 00 00 00 00 00 00 ...wH...........
011eff84 00 00 00 00 00 00 00 00 - 1f 2c 56 77 02 00 00 00 .........,Vw....
011eff94 a4 ff 1e 01 00 00 00 00 - ff ff ff ff 00 00 00 00 ................
011effa4 cc 02 00 00 1c 02 00 00 - 00 00 00 00 2b 0e 43 80 ............+.C.
011effb4 ec ff 1e 01 a8 2c e9 77 - 00 00 00 00 f8 5b fd 7f .....,.w.....[..
011effc4 00 00 00 00 00 00 00 00 - 00 80 fd 7f 00 00 00 00 ................
011effd4 c0 ff 1e 01 00 00 00 00 - ff ff ff ff fd 13 ea 77 ...............w
011effe4 08 c0 e9 77 00 00 00 00 - 00 00 00 00 00 00 00 00 ...w............
011efff4 df 2b 56 77 00 00 00 00 - 00 00 00 00 00 00 42 6e .+Vw..........Bn
011f0004 01 00 00 00 86 00 01 00 - 00 00 00 00 65 00 05 00 ............e...
011f0014 00 00 00 00 81 00 07 00 - 3a 00 02 00 40 00 02 00 ........:...@...
011f0024 4e 00 01 00 b6 01 05 00 - 78 02 02 00 00 00 00 00 N.......x.......
011f0034 00 00 00 00 44 04 00 00 - 09 04 09 04 00 00 00 00 ....D...........
011f0044 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
011f0054 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
State Dump for Thread Id 0x3ec
eax=0133ff64 ebx=000493e0 ecx=00084220 edx=00000000
esi=00084018 edi=000493e0
eip=77f8b520 esp=0133febc ebp=0133fee4 iopl=0 nv up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000297
eip=77f8b520 esp=0133febc ebp=0133fee4 iopl=0 nv up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000297
function: ZwRemoveIoCompletion
77f8b515 b8a8000000 mov eax,0xa8
77f8b51a 8d542404 lea edx,[esp+0x4] ss:01dbd493=adf00d0b
77f8b51e cd2e int 2e
77f8b520 c21400 ret 0x14
77f8b523 8b4124 mov eax,[ecx+0x24] ds:00b017f6=????????
77f8b526 39420c cmp [edx+0xc],eax ds:00a7d5d6=????????
77f8b529 0f85bc370000 jne RtlAddAccessAllowedAce+0x1c (77f8eceb)
77f8b52f ff4208 inc dword ptr [edx+0x8] ds:00a7d5d6=????????
77f8b532 33c0 xor eax,eax
77f8b534 c20400 ret 0x4
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
0133FEE4 77D5C3A7 00000100 0133FF1C 0133FF0C 0133FF14 ntdll!ZwRemoveIoCompletion
0133FF20 77D5BB26 000493E0 0133FF60 0133FF5C 0133FF70 rpcrt4!NdrServerMarshall
0133FF74 77D5BA15 77D4B7BF 00084018 00000008 0106F62C rpcrt4!I_RpcBCacheAllocate
0133FFA8 77D4B771 000A1430 0133FFEC 77E92CA8 000A9DB8 rpcrt4!I_RpcBCacheAllocate
0133FFB4 77E92CA8 000A9DB8 00000008 0106F62C 000A9DB8 rpcrt4!RpcBindingSetOption
0133FFEC 00000000 77D4B759 000A9DB8 00000000 000000C8 kernel32!CreateFileA
0133FEE4 77D5C3A7 00000100 0133FF1C 0133FF0C 0133FF14 ntdll!ZwRemoveIoCompletion
0133FF20 77D5BB26 000493E0 0133FF60 0133FF5C 0133FF70 rpcrt4!NdrServerMarshall
0133FF74 77D5BA15 77D4B7BF 00084018 00000008 0106F62C rpcrt4!I_RpcBCacheAllocate
0133FFA8 77D4B771 000A1430 0133FFEC 77E92CA8 000A9DB8 rpcrt4!I_RpcBCacheAllocate
0133FFB4 77E92CA8 000A9DB8 00000008 0106F62C 000A9DB8 rpcrt4!RpcBindingSetOption
0133FFEC 00000000 77D4B759 000A9DB8 00000000 000000C8 kernel32!CreateFileA
*----> Raw Stack Dump
<----*
0133febc 45 ea e9 77 00 01 00 00 - 0c ff 33 01 fc fe 33 01 E..w......3...3.
0133fecc dc fe 33 01 d4 fe 33 01 - 00 a2 2f 4d ff ff ff ff ..3...3.../M....
0133fedc 34 4b 0a 00 08 4b 0a 00 - 20 ff 33 01 a7 c3 d5 77 4K...K.. .3....w
0133feec 00 01 00 00 1c ff 33 01 - 0c ff 33 01 14 ff 33 01 ......3...3...3.
0133fefc e0 93 04 00 e0 93 04 00 - 18 40 08 00 02 4a e9 77 .........@...J.w
0133ff0c 01 00 00 00 00 01 00 00 - 00 00 00 00 00 00 00 00 ................
0133ff1c 00 00 00 00 74 ff 33 01 - 26 bb d5 77 e0 93 04 00 ....t.3.&..w....
0133ff2c 60 ff 33 01 5c ff 33 01 - 70 ff 33 01 58 ff 33 01 `.3.\.3.p.3.X.3.
0133ff3c 64 ff 33 01 6c ff 33 01 - 00 7a 07 00 30 14 0a 00 d.3.l.3..z..0...
0133ff4c b8 9d 0a 00 00 01 00 00 - 03 00 00 00 58 03 00 00 ............X...
0133ff5c 00 00 00 00 00 00 00 00 - 00 00 00 00 01 00 00 00 ................
0133ff6c 00 00 00 00 00 01 00 00 - a8 ff 33 01 15 ba d5 77 ..........3....w
0133ff7c bf b7 d4 77 18 40 08 00 - 08 00 00 00 2c f6 06 01 ...w.@......,...
0133ff8c b8 9d 0a 00 bb 09 43 80 - 20 20 b0 ff 80 a9 90 ff ......C. ......
0133ff9c ff ff ff ff 27 0b 43 80 - b8 9d 0a 00 b4 ff 33 01 ....'.C.......3.
0133ffac 71 b7 d4 77 30 14 0a 00 - ec ff 33 01 a8 2c e9 77 q..w0.....3..,.w
0133ffbc b8 9d 0a 00 08 00 00 00 - 2c f6 06 01 b8 9d 0a 00 ........,.......
0133ffcc 00 d0 fa 7f f8 41 f8 77 - c0 ff 33 01 f8 41 f8 77 .....A.w..3..A.w
0133ffdc ff ff ff ff fd 13 ea 77 - 08 c0 e9 77 00 00 00 00 .......w...w....
0133ffec 00 00 00 00 00 00 00 00 - 59 b7 d4 77 b8 9d 0a 00 ........Y..w....
0133febc 45 ea e9 77 00 01 00 00 - 0c ff 33 01 fc fe 33 01 E..w......3...3.
0133fecc dc fe 33 01 d4 fe 33 01 - 00 a2 2f 4d ff ff ff ff ..3...3.../M....
0133fedc 34 4b 0a 00 08 4b 0a 00 - 20 ff 33 01 a7 c3 d5 77 4K...K.. .3....w
0133feec 00 01 00 00 1c ff 33 01 - 0c ff 33 01 14 ff 33 01 ......3...3...3.
0133fefc e0 93 04 00 e0 93 04 00 - 18 40 08 00 02 4a e9 77 .........@...J.w
0133ff0c 01 00 00 00 00 01 00 00 - 00 00 00 00 00 00 00 00 ................
0133ff1c 00 00 00 00 74 ff 33 01 - 26 bb d5 77 e0 93 04 00 ....t.3.&..w....
0133ff2c 60 ff 33 01 5c ff 33 01 - 70 ff 33 01 58 ff 33 01 `.3.\.3.p.3.X.3.
0133ff3c 64 ff 33 01 6c ff 33 01 - 00 7a 07 00 30 14 0a 00 d.3.l.3..z..0...
0133ff4c b8 9d 0a 00 00 01 00 00 - 03 00 00 00 58 03 00 00 ............X...
0133ff5c 00 00 00 00 00 00 00 00 - 00 00 00 00 01 00 00 00 ................
0133ff6c 00 00 00 00 00 01 00 00 - a8 ff 33 01 15 ba d5 77 ..........3....w
0133ff7c bf b7 d4 77 18 40 08 00 - 08 00 00 00 2c f6 06 01 ...w.@......,...
0133ff8c b8 9d 0a 00 bb 09 43 80 - 20 20 b0 ff 80 a9 90 ff ......C. ......
0133ff9c ff ff ff ff 27 0b 43 80 - b8 9d 0a 00 b4 ff 33 01 ....'.C.......3.
0133ffac 71 b7 d4 77 30 14 0a 00 - ec ff 33 01 a8 2c e9 77 q..w0.....3..,.w
0133ffbc b8 9d 0a 00 08 00 00 00 - 2c f6 06 01 b8 9d 0a 00 ........,.......
0133ffcc 00 d0 fa 7f f8 41 f8 77 - c0 ff 33 01 f8 41 f8 77 .....A.w..3..A.w
0133ffdc ff ff ff ff fd 13 ea 77 - 08 c0 e9 77 00 00 00 00 .......w...w....
0133ffec 00 00 00 00 00 00 00 00 - 59 b7 d4 77 b8 9d 0a 00 ........Y..w....
State Dump for Thread Id 0x448
eax=766d2ae3 ebx=00000000 ecx=77f8ae00 edx=00000000
esi=77f8a117 edi=000003a0
eip=77f8a122 esp=0178ff70 ebp=0178ff94 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
eip=77f8a122 esp=0178ff70 ebp=0178ff94 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
function: ZwWaitForSingleObject
77f8a117 b8ea000000 mov eax,0xea
77f8a11c 8d542404 lea edx,[esp+0x4] ss:0220d547=00000000
77f8a120 cd2e int 2e
77f8a122 c20c00 ret 0xc
77f8a125 56 push esi
77f8a126 8b742408 mov esi,[esp+0x8] ss:0220d547=00000000
77f8a12a 56 push esi
77f8a12b e8fab9ffff call RtlValidSid (77f85b2a)
77f8a130 3c01 cmp al,0x1
77f8a132 0f85949a0100 jne RtlCopySidAndAttributesArray+0x8b (77fa3bcc)
77f8a138 807e0200 cmp byte ptr [esi+0x2],0x0 ds:78a076ed=??
77f8a13c 0f85949a0100 jne RtlCopySidAndAttributesArray+0x95 (77fa3bd6)
77f8a142 807e0300 cmp byte ptr [esi+0x3],0x0 ds:78a076ed=??
77f8a146 0f858a9a0100 jne RtlCopySidAndAttributesArray+0x95 (77fa3bd6)
77f8a14c 6a0a push 0xa
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
0178FF94 77E88787 000003A0 FFFFFFFF 00000000 766D2B0F ntdll!ZwWaitForSingleObject
0178FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!WaitForSingleObject
0178FF94 77E88787 000003A0 FFFFFFFF 00000000 766D2B0F ntdll!ZwWaitForSingleObject
0178FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!WaitForSingleObject
State Dump for Thread Id 0x1e8
eax=7ffd2004 ebx=00000004 ecx=0184f8e0 edx=00000000
esi=77f87e6c edi=00000004
eip=77f87e77 esp=0184fd24 ebp=0184fd70 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
eip=77f87e77 esp=0184fd24 ebp=0184fd70 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
function: ZwWaitForMultipleObjects
77f87e6c b8e9000000 mov eax,0xe9
77f87e71 8d542404 lea edx,[esp+0x4] ss:022cd2fb=????????
77f87e75 cd2e int 2e
77f87e77 c21400 ret 0x14
77f87e7a 668b08 mov cx,[eax] ds:7ffd2004=0110
77f87e7d 40 inc eax
77f87e7e 40 inc eax
77f87e7f 8945a4 mov [ebp+0xa4],eax ss:022cd346=????????
77f87e82 6685c9 test cx,cx
77f87e85 75f3 jnz RtlExpandEnvironmentStrings_U+0x26 (77f8e57a)
77f87e87 663930 cmp [eax],si ds:7ffd2004=0110
77f87e8a 75ee jnz ZwFsControlFile+0x54 (77f8bf7a)
77f87e8c 40 inc eax
77f87e8d 40 inc eax
77f87e8e 8945a4 mov [ebp+0xa4],eax ss:022cd346=????????
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
0184FD70 77E9E68A 0184FD48 00000001 00000000 00000000 ntdll!ZwWaitForMultipleObjects
0184FFB4 77E92CA8 00000005 00000000 000B000A 000CBCE0 kernel32!WaitForMultipleObjects
0184FFEC 00000000 778321FE 000CBCE0 00000000 000000C8 kernel32!CreateFileA
0184FD70 77E9E68A 0184FD48 00000001 00000000 00000000 ntdll!ZwWaitForMultipleObjects
0184FFB4 77E92CA8 00000005 00000000 000B000A 000CBCE0 kernel32!WaitForMultipleObjects
0184FFEC 00000000 778321FE 000CBCE0 00000000 000000C8 kernel32!CreateFileA
*----> Raw Stack Dump
<----*
0184fd24 b2 79 e8 77 04 00 00 00 - 48 fd 84 01 01 00 00 00 .y.w....H.......
0184fd34 00 00 00 00 00 00 00 00 - 01 00 00 00 e0 bc 0c 00 ................
0184fd44 01 00 00 00 54 03 00 00 - 9c 01 00 00 a4 03 00 00 ....T...........
0184fd54 dc 01 00 00 0c 00 00 00 - f3 94 01 01 11 01 00 00 ................
0184fd64 d0 03 00 00 11 00 00 00 - 02 00 00 00 b4 ff 84 01 ................
0184fd74 8a e6 e9 77 48 fd 84 01 - 01 00 00 00 00 00 00 00 ...wH...........
0184fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 04 00 00 00 .........".w....
0184fd94 b0 fe 84 01 00 00 00 00 - ff ff ff ff e0 bc 0c 00 ................
0184fda4 0a 00 0b 00 00 00 00 00 - 00 00 00 00 27 e1 00 00 ............'...
0184fdb4 27 e1 00 00 00 00 00 00 - 01 00 00 00 38 00 00 00 '...........8...
0184fdc4 23 00 00 00 23 00 00 00 - 00 00 00 00 0a 00 0b 00 #...#...........
0184fdd4 e0 bc 0c 00 58 d6 f8 77 - 60 02 db 77 fe 21 83 77 ....X..w`..w.!.w
0184fde4 00 00 00 00 50 2c e9 77 - 1b 00 00 00 00 02 00 00 ....P,.w........
0184fdf4 fc ff 84 01 23 00 00 00 - 60 e1 00 00 0c 00 00 00 ....#...`.......
0184fe04 97 98 01 01 05 00 00 00 - 00 00 00 00 00 00 00 00 ................
0184fe14 00 00 00 00 11 00 00 00 - f8 84 00 01 01 00 00 00 ................
0184fe24 00 00 00 00 00 00 00 00 - 00 00 00 00 09 00 00 00 ................
0184fe34 20 89 01 01 02 00 00 00 - 00 00 00 00 00 00 00 00 ...............
0184fe44 00 00 00 00 0c 00 00 00 - 7c 96 01 01 4e bc 00 00 ........|...N...
0184fe54 02 07 00 00 00 00 00 00 - 00 00 00 00 26 00 00 00 ............&...
0184fd24 b2 79 e8 77 04 00 00 00 - 48 fd 84 01 01 00 00 00 .y.w....H.......
0184fd34 00 00 00 00 00 00 00 00 - 01 00 00 00 e0 bc 0c 00 ................
0184fd44 01 00 00 00 54 03 00 00 - 9c 01 00 00 a4 03 00 00 ....T...........
0184fd54 dc 01 00 00 0c 00 00 00 - f3 94 01 01 11 01 00 00 ................
0184fd64 d0 03 00 00 11 00 00 00 - 02 00 00 00 b4 ff 84 01 ................
0184fd74 8a e6 e9 77 48 fd 84 01 - 01 00 00 00 00 00 00 00 ...wH...........
0184fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 04 00 00 00 .........".w....
0184fd94 b0 fe 84 01 00 00 00 00 - ff ff ff ff e0 bc 0c 00 ................
0184fda4 0a 00 0b 00 00 00 00 00 - 00 00 00 00 27 e1 00 00 ............'...
0184fdb4 27 e1 00 00 00 00 00 00 - 01 00 00 00 38 00 00 00 '...........8...
0184fdc4 23 00 00 00 23 00 00 00 - 00 00 00 00 0a 00 0b 00 #...#...........
0184fdd4 e0 bc 0c 00 58 d6 f8 77 - 60 02 db 77 fe 21 83 77 ....X..w`..w.!.w
0184fde4 00 00 00 00 50 2c e9 77 - 1b 00 00 00 00 02 00 00 ....P,.w........
0184fdf4 fc ff 84 01 23 00 00 00 - 60 e1 00 00 0c 00 00 00 ....#...`.......
0184fe04 97 98 01 01 05 00 00 00 - 00 00 00 00 00 00 00 00 ................
0184fe14 00 00 00 00 11 00 00 00 - f8 84 00 01 01 00 00 00 ................
0184fe24 00 00 00 00 00 00 00 00 - 00 00 00 00 09 00 00 00 ................
0184fe34 20 89 01 01 02 00 00 00 - 00 00 00 00 00 00 00 00 ...............
0184fe44 00 00 00 00 0c 00 00 00 - 7c 96 01 01 4e bc 00 00 ........|...N...
0184fe54 02 07 00 00 00 00 00 00 - 00 00 00 00 26 00 00 00 ............&...
State Dump for Thread Id 0x29c
eax=77d4abc8 ebx=80060004 ecx=000f0b40 edx=00000000
esi=00084ef0 edi=00000100
eip=77f82eec esp=018dfe28 ebp=018dff74 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202
eip=77f82eec esp=018dfe28 ebp=018dff74 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202
function: ZwReplyWaitReceivePortEx
77f82ee1 b8ac000000 mov eax,0xac
77f82ee6 8d542404 lea edx,[esp+0x4] ss:0235d3ff=????????
77f82eea cd2e int 2e
77f82eec c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
018DFF74 77D4B407 77D4B7BF 00084EF0 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx
018DFFA8 77D4B771 000A16B8 018DFFEC 77E92CA8 000A3218 rpcrt4!RpcBindingSetOption
018DFFB4 77E92CA8 000A3218 00000000 00000000 000A3218 rpcrt4!RpcBindingSetOption
018DFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!CreateFileA
018DFF74 77D4B407 77D4B7BF 00084EF0 00000000 00000000 ntdll!ZwReplyWaitReceivePortEx
018DFFA8 77D4B771 000A16B8 018DFFEC 77E92CA8 000A3218 rpcrt4!RpcBindingSetOption
018DFFB4 77E92CA8 000A3218 00000000 00000000 000A3218 rpcrt4!RpcBindingSetOption
018DFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!CreateFileA
State Dump for Thread Id 0x2c8
eax=00cba210 ebx=00000002 ecx=64b18638 edx=00000000
esi=77f87e6c edi=00000002
eip=77f87e77 esp=01a3fd90 ebp=01a3fddc iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
eip=77f87e77 esp=01a3fd90 ebp=01a3fddc iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
function: ZwWaitForMultipleObjects
77f87e6c b8e9000000 mov eax,0xe9
77f87e71 8d542404 lea edx,[esp+0x4] ss:024bd367=????????
77f87e75 cd2e int 2e
77f87e77 c21400 ret 0x14
77f87e7a 668b08 mov cx,[eax] ds:00cba210=8638
77f87e7d 40 inc eax
77f87e7e 40 inc eax
77f87e7f 8945a4 mov [ebp+0xa4],eax ss:024bd3b2=????????
77f87e82 6685c9 test cx,cx
77f87e85 75f3 jnz RtlExpandEnvironmentStrings_U+0x26 (77f8e57a)
77f87e87 663930 cmp [eax],si ds:00cba210=8638
77f87e8a 75ee jnz ZwFsControlFile+0x54 (77f8bf7a)
77f87e8c 40 inc eax
77f87e8d 40 inc eax
77f87e8e 8945a4 mov [ebp+0xa4],eax ss:024bd3b2=????????
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
01A3FDDC 77E1464C 01A3FDB4 00000001 00000000 01A3FDD4 ntdll!ZwWaitForMultipleObjects
01A3FE38 77E14718 01A3FE04 01A3FE88 0000012C 000000FF user32!MsgWaitForMultipleObjectsEx
01A3FE54 64B73BB1 00000001 01A3FE88 00000000 0000012C user32!MsgWaitForMultipleObjects
00CB7380 01BFF955 00000000 00000000 00000000 00000000 msdxm!<nosymbols>
651945C0 00000000 00000000 00000000 00000000 00000000 <nosymbols>
01A3FDDC 77E1464C 01A3FDB4 00000001 00000000 01A3FDD4 ntdll!ZwWaitForMultipleObjects
01A3FE38 77E14718 01A3FE04 01A3FE88 0000012C 000000FF user32!MsgWaitForMultipleObjectsEx
01A3FE54 64B73BB1 00000001 01A3FE88 00000000 0000012C user32!MsgWaitForMultipleObjects
00CB7380 01BFF955 00000000 00000000 00000000 00000000 msdxm!<nosymbols>
651945C0 00000000 00000000 00000000 00000000 00000000 <nosymbols>
*----> Raw Stack Dump
<----*
01a3fd90 b2 79 e8 77 02 00 00 00 - b4 fd a3 01 01 00 00 00 .y.w............
01a3fda0 00 00 00 00 d4 fd a3 01 - 00 00 00 00 00 00 00 00 ................
01a3fdb0 02 00 00 00 7c 04 00 00 - 84 04 00 00 01 00 00 00 ....|...........
01a3fdc0 00 00 00 00 a0 fe a3 01 - cd ab ba dc 58 fe a3 01 ............X...
01a3fdd0 1a 40 e1 77 40 39 d2 ff - ff ff ff ff 38 fe a3 01 .@.w@9......8...
01a3fde0 4c 46 e1 77 b4 fd a3 01 - 01 00 00 00 00 00 00 00 LF.w............
01a3fdf0 d4 fd a3 01 00 00 00 00 - 47 4a e1 77 08 73 cb 00 ........GJ.w.s..
01a3fe00 00 00 00 00 7c 04 00 00 - 84 04 00 00 00 00 00 00 ....|...........
01a3fe10 00 00 00 00 00 00 00 00 - 01 00 00 00 90 51 46 00 .............QF.
01a3fe20 00 70 fa 7f 00 00 00 00 - 00 00 00 00 cc 76 fa 7f .p...........v..
01a3fe30 00 00 00 00 84 04 00 00 - 54 fe a3 01 18 47 e1 77 ........T....G.w
01a3fe40 04 fe a3 01 88 fe a3 01 - 2c 01 00 00 ff 00 00 00 ........,.......
01a3fe50 00 00 00 00 80 73 cb 00 - b1 3b b7 64 01 00 00 00 .....s...;.d....
01a3fe60 88 fe a3 01 00 00 00 00 - 2c 01 00 00 ff 00 00 00 ........,.......
01a3fe70 1e 00 00 00 d4 ea d5 00 - ec ff a3 01 08 73 cb 00 .............s..
01a3fe80 00 00 00 00 2c 01 00 00 - 7c 04 00 00 80 04 00 00 ....,...|.......
01a3fe90 c0 2b 4a 65 55 f9 bf 01 - f6 01 08 00 13 01 00 00 .+JeU...........
01a3fea0 01 00 00 00 00 00 00 00 - 47 64 2b 00 1d 01 00 00 ........Gd+.....
01a3feb0 ce 02 00 00 65 00 2e 00 - 52 00 61 00 64 00 69 00 ....e...R.a.d.i.
01a3fec0 6f 00 2e 00 53 00 79 00 - 73 00 74 00 65 00 6d 00 o...S.y.s.t.e.m.
01a3fd90 b2 79 e8 77 02 00 00 00 - b4 fd a3 01 01 00 00 00 .y.w............
01a3fda0 00 00 00 00 d4 fd a3 01 - 00 00 00 00 00 00 00 00 ................
01a3fdb0 02 00 00 00 7c 04 00 00 - 84 04 00 00 01 00 00 00 ....|...........
01a3fdc0 00 00 00 00 a0 fe a3 01 - cd ab ba dc 58 fe a3 01 ............X...
01a3fdd0 1a 40 e1 77 40 39 d2 ff - ff ff ff ff 38 fe a3 01 .@.w@9......8...
01a3fde0 4c 46 e1 77 b4 fd a3 01 - 01 00 00 00 00 00 00 00 LF.w............
01a3fdf0 d4 fd a3 01 00 00 00 00 - 47 4a e1 77 08 73 cb 00 ........GJ.w.s..
01a3fe00 00 00 00 00 7c 04 00 00 - 84 04 00 00 00 00 00 00 ....|...........
01a3fe10 00 00 00 00 00 00 00 00 - 01 00 00 00 90 51 46 00 .............QF.
01a3fe20 00 70 fa 7f 00 00 00 00 - 00 00 00 00 cc 76 fa 7f .p...........v..
01a3fe30 00 00 00 00 84 04 00 00 - 54 fe a3 01 18 47 e1 77 ........T....G.w
01a3fe40 04 fe a3 01 88 fe a3 01 - 2c 01 00 00 ff 00 00 00 ........,.......
01a3fe50 00 00 00 00 80 73 cb 00 - b1 3b b7 64 01 00 00 00 .....s...;.d....
01a3fe60 88 fe a3 01 00 00 00 00 - 2c 01 00 00 ff 00 00 00 ........,.......
01a3fe70 1e 00 00 00 d4 ea d5 00 - ec ff a3 01 08 73 cb 00 .............s..
01a3fe80 00 00 00 00 2c 01 00 00 - 7c 04 00 00 80 04 00 00 ....,...|.......
01a3fe90 c0 2b 4a 65 55 f9 bf 01 - f6 01 08 00 13 01 00 00 .+JeU...........
01a3fea0 01 00 00 00 00 00 00 00 - 47 64 2b 00 1d 01 00 00 ........Gd+.....
01a3feb0 ce 02 00 00 65 00 2e 00 - 52 00 61 00 64 00 69 00 ....e...R.a.d.i.
01a3fec0 6f 00 2e 00 53 00 79 00 - 73 00 74 00 65 00 6d 00 o...S.y.s.t.e.m.
State Dump for Thread Id 0x220
eax=7ffa6000 ebx=80060004 ecx=001100a8 edx=00000000
esi=00084ef0 edi=00000100
eip=77f82eec esp=01b1fe28 ebp=01b1ff74 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202
eip=77f82eec esp=01b1fe28 ebp=01b1ff74 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202
function: ZwReplyWaitReceivePortEx
77f82ee1 b8ac000000 mov eax,0xac
77f82ee6 8d542404 lea edx,[esp+0x4] ss:0259d3ff=????????
77f82eea cd2e int 2e
77f82eec c21400 ret 0x14
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
01B1FF74 77D4B407 77D4B7BF 00084EF0 00000000 0117FAA0 ntdll!ZwReplyWaitReceivePortEx
01B1FFA8 77D4B771 000EEE80 01B1FFEC 77E92CA8 000F3B80 rpcrt4!RpcBindingSetOption
01B1FFB4 77E92CA8 000F3B80 00000000 0117FAA0 000F3B80 rpcrt4!RpcBindingSetOption
01B1FFEC 00000000 77D4B759 000F3B80 00000000 00000000 kernel32!CreateFileA
01B1FF74 77D4B407 77D4B7BF 00084EF0 00000000 0117FAA0 ntdll!ZwReplyWaitReceivePortEx
01B1FFA8 77D4B771 000EEE80 01B1FFEC 77E92CA8 000F3B80 rpcrt4!RpcBindingSetOption
01B1FFB4 77E92CA8 000F3B80 00000000 0117FAA0 000F3B80 rpcrt4!RpcBindingSetOption
01B1FFEC 00000000 77D4B759 000F3B80 00000000 00000000 kernel32!CreateFileA
*----> Raw Stack Dump
<----*
01b1fe28 94 b5 d4 77 fc 00 00 00 - 54 ff b1 01 00 00 00 00 ...w....T.......
01b1fe38 d0 7e 0e 00 58 ff b1 01 - 00 7a 07 00 80 ee 0e 00 .~..X....z......
01b1fe48 80 3b 0f 00 7b 38 4b 80 - c0 8a 25 e1 00 00 00 00 .;..{8K...%.....
01b1fe58 01 00 00 00 b0 fb 78 fd - 00 00 00 00 18 90 46 e2 ......x.......F.
01b1fe68 74 fb 00 00 00 00 00 00 - d8 4e 41 80 06 02 00 00 t........NA.....
01b1fe78 27 e5 42 80 78 09 46 fe - a8 0f 46 fe 6a 00 00 00 '.B.x.F...F.j...
01b1fe88 48 f8 df ff a8 0f 46 18 - 00 00 00 00 6d 22 cd f8 H.....F.....m"..
01b1fe98 a0 0b 46 fe 00 00 00 00 - 00 00 00 00 e8 94 06 80 ..F.............
01b1fea8 84 0b 46 fe 00 00 00 00 - a6 8d cd f8 84 0b 46 fe ..F...........F.
01b1feb8 af 6d cd f8 fd 02 00 00 - e8 94 06 80 78 09 46 fe .m..........x.F.
01b1fec8 01 00 00 00 60 00 00 00 - 00 00 00 00 d8 08 cd f8 ....`...........
01b1fed8 47 08 cd f8 08 e0 43 fe - 6c e2 43 fe 08 fc 78 fd G.....C.l.C...x.
01b1fee8 01 00 00 00 c0 52 57 ff - ff ff ff ff 02 02 00 00 .....RW.........
01b1fef8 d3 3a 40 80 08 fc 78 fd - 08 e0 43 fe 6c e2 43 fe .:@...x...C.l.C.
01b1ff08 08 9e 06 80 00 00 00 00 - 18 3a 50 c0 54 03 00 00 .........:P.T...
01b1ff18 06 00 02 00 19 00 02 00 - de 04 00 00 01 00 00 00 ................
01b1ff28 00 20 50 c0 20 20 b0 ff - c0 52 57 ff 00 00 00 00 . P. ...RW.....
01b1ff38 50 54 57 ff 60 fc 78 fd - 46 02 00 00 86 d6 42 80 PTW.`.x.F.....B.
01b1ff48 c0 95 06 80 20 54 57 ff - c0 52 57 ff 04 00 06 80 .... TW..RW.....
01b1ff58 00 a2 2f 4d ff ff ff ff - 50 fe b1 01 04 00 06 80 ../M....P.......
01b1fe28 94 b5 d4 77 fc 00 00 00 - 54 ff b1 01 00 00 00 00 ...w....T.......
01b1fe38 d0 7e 0e 00 58 ff b1 01 - 00 7a 07 00 80 ee 0e 00 .~..X....z......
01b1fe48 80 3b 0f 00 7b 38 4b 80 - c0 8a 25 e1 00 00 00 00 .;..{8K...%.....
01b1fe58 01 00 00 00 b0 fb 78 fd - 00 00 00 00 18 90 46 e2 ......x.......F.
01b1fe68 74 fb 00 00 00 00 00 00 - d8 4e 41 80 06 02 00 00 t........NA.....
01b1fe78 27 e5 42 80 78 09 46 fe - a8 0f 46 fe 6a 00 00 00 '.B.x.F...F.j...
01b1fe88 48 f8 df ff a8 0f 46 18 - 00 00 00 00 6d 22 cd f8 H.....F.....m"..
01b1fe98 a0 0b 46 fe 00 00 00 00 - 00 00 00 00 e8 94 06 80 ..F.............
01b1fea8 84 0b 46 fe 00 00 00 00 - a6 8d cd f8 84 0b 46 fe ..F...........F.
01b1feb8 af 6d cd f8 fd 02 00 00 - e8 94 06 80 78 09 46 fe .m..........x.F.
01b1fec8 01 00 00 00 60 00 00 00 - 00 00 00 00 d8 08 cd f8 ....`...........
01b1fed8 47 08 cd f8 08 e0 43 fe - 6c e2 43 fe 08 fc 78 fd G.....C.l.C...x.
01b1fee8 01 00 00 00 c0 52 57 ff - ff ff ff ff 02 02 00 00 .....RW.........
01b1fef8 d3 3a 40 80 08 fc 78 fd - 08 e0 43 fe 6c e2 43 fe .:@...x...C.l.C.
01b1ff08 08 9e 06 80 00 00 00 00 - 18 3a 50 c0 54 03 00 00 .........:P.T...
01b1ff18 06 00 02 00 19 00 02 00 - de 04 00 00 01 00 00 00 ................
01b1ff28 00 20 50 c0 20 20 b0 ff - c0 52 57 ff 00 00 00 00 . P. ...RW.....
01b1ff38 50 54 57 ff 60 fc 78 fd - 46 02 00 00 86 d6 42 80 PTW.`.x.F.....B.
01b1ff48 c0 95 06 80 20 54 57 ff - c0 52 57 ff 04 00 06 80 .... TW..RW.....
01b1ff58 00 a2 2f 4d ff ff ff ff - 50 fe b1 01 04 00 06 80 ../M....P.......
State Dump for Thread Id 0x3f8
eax=77c75d93 ebx=00000002 ecx=00000449 edx=00000000
esi=77f87e6c edi=00000002
eip=77f87e77 esp=022ffe5c ebp=022ffea8 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
eip=77f87e77 esp=022ffe5c ebp=022ffea8 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
function: ZwWaitForMultipleObjects
77f87e6c b8e9000000 mov eax,0xe9
77f87e71 8d542404 lea edx,[esp+0x4] ss:02d7d433=????????
77f87e75 cd2e int 2e
77f87e77 c21400 ret 0x14
77f87e7a 668b08 mov cx,[eax] ds:77c75d93=6856
77f87e7d 40 inc eax
77f87e7e 40 inc eax
77f87e7f 8945a4 mov [ebp+0xa4],eax ss:02d7d47e=????????
77f87e82 6685c9 test cx,cx
77f87e85 75f3 jnz RtlExpandEnvironmentStrings_U+0x26 (77f8e57a)
77f87e87 663930 cmp [eax],si ds:77c75d93=6856
77f87e8a 75ee jnz ZwFsControlFile+0x54 (77f8bf7a)
77f87e8c 40 inc eax
77f87e8d 40 inc eax
77f87e8e 8945a4 mov [ebp+0xa4],eax ss:02d7d47e=????????
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
022FFEA8 77E1464C 022FFE80 00000001 00000000 022FFEA0 ntdll!ZwWaitForMultipleObjects
022FFF04 77E14718 022FFED0 77CB4170 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx
022FFF20 77C71991 00000001 77CB4170 00000000 0000EA60 user32!MsgWaitForMultipleObjects
022FFF74 77C75E56 022FFFA0 022FFFA4 022FFFA8 022FFF9C shlwapi!Ordinal195
022FFFAC 77C75DBC 00000000 77E92CA8 00000000 00000000 shlwapi!AssocQueryKeyW
022FFFEC 00000000 00000000 00000000 00000000 00000000 shlwapi!AssocQueryKeyW
022FFEA8 77E1464C 022FFE80 00000001 00000000 022FFEA0 ntdll!ZwWaitForMultipleObjects
022FFF04 77E14718 022FFED0 77CB4170 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx
022FFF20 77C71991 00000001 77CB4170 00000000 0000EA60 user32!MsgWaitForMultipleObjects
022FFF74 77C75E56 022FFFA0 022FFFA4 022FFFA8 022FFF9C shlwapi!Ordinal195
022FFFAC 77C75DBC 00000000 77E92CA8 00000000 00000000 shlwapi!AssocQueryKeyW
022FFFEC 00000000 00000000 00000000 00000000 00000000 shlwapi!AssocQueryKeyW
State Dump for Thread Id 0x50c
eax=800401e4 ebx=0234f49c ecx=00000000 edx=800401e4
esi=00000000 edi=00cbb140
eip=69923705 esp=0234f3e8 ebp=0234f428 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000286
eip=69923705 esp=0234f3e8 ebp=0234f428 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000286
function: <nosymbols>
699236e8 89411c mov [ecx+0x1c],eax ds:00a7d5d6=????????
699236eb 56 push esi
699236ec 68282e9269 push 0x69922e28
699236f1 6a01 push 0x1
699236f3 6a00 push 0x0
699236f5 68482e9269 push 0x69922e48
699236fa ff15c4139269 call dword ptr [699213c4] ds:699213c4=77a78023
69923700 8b36 mov esi,[esi] ds:00000000=????????
69923702 6a02 push 0x2
69923704 56 push esi
FAULT ->69923705 8b06 mov eax,[esi] ds:00000000=????????
69923707 ff5044 call dword ptr [eax+0x44] ds:80abd7ba=????????
6992370a 5e pop esi
6992370b c20400 ret 0x4
6992370e b834e59369 mov eax,0x6993e534
69923713 e888aa0100 call 6993e1a0
69923718 83ec10 sub esp,0x10
6992371b 56 push esi
6992371c 8bf1 mov esi,ecx
6992371e 56 push esi
6992371f 8975ec mov [ebp+0xec],esi ss:02dcc9fe=????????
69923722 ff1514119269 call dword ptr [69921114] ds:69921114=77f8aa4c
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
0234F428 69936ADD 00CBB40C 0234F49C 0002027C 0234F700 objsel!<nosymbols>
0234F504 6992B334 0234F530 00000110 0234F700 00470B98 objsel!<nosymbols>
0234F51C 77E13EB0 0002027C 00000110 00020284 00000001 objsel!<nosymbols>
0234F53C 77E27499 6992B219 0002027C 00000110 00020284 user32!SetTimer
0234F578 77E156F0 0002027C 00000110 00020284 0234F700 user32!LoadBitmapA
0234F5A8 77E22C6C 00470B98 00000110 00020284 0234F700 user32!DefWindowProcW
0234F660 77E2355D 69920000 00000006 00000000 00470B98 user32!DrawFrame
0234F690 77E2381E 69920000 69947950 00000000 6992B219 user32!EndDialog
0234F6B0 77E3DCF8 69920000 69947950 00030268 6992B219 user32!DialogBoxIndirectParamAorW
0234F6D4 6992B1F7 69920000 00000065 00030268 6992B219 user32!DialogBoxParamW
0234F754 69932DD5 0234F7A4 00000001 000CB820 00000000 objsel!<nosymbols>
0234F7E0 69932CB3 00CBA920 00030268 00000000 0234F83C objsel!<nosymbols>
0234F848 74EE96B9 00030268 00000000 0234F8BC 00000111 objsel!<nosymbols>
0234F8CC 74EEA2C3 00030268 00000111 000CB820 0046AAB0 aclui!IID_ISecurityInformation
0234F8EC 74EE7F73 00030268 00000111 000003E9 0005026E aclui!IID_ISecurityInformation
0234F910 77E13EB0 00030268 00000111 000003E9 0005026E aclui!IID_ISecurityInformation
0234F930 77E27499 74EE7EE0 00030268 00000111 000003E9 user32!SetTimer
0234F96C 77E1573B 00030268 00000111 000003E9 0005026E user32!LoadBitmapA
0234F99C 77E15A3B 0046AAB0 00000111 000003E9 0005026E user32!DefWindowProcW
0234F9BC 77E23C5F 00030268 00000111 000003E9 0005026E user32!SendMessageW
0234FA5C 77E22255 0005026E 00000202 00000000 000E000A user32!GetCursorFrameInfo
0234FA80 77E13EB0 0005026E 00000202 00000000 000E000A user32!DrawFrame
0234FAA0 77E1401A 77E2220C 0005026E 00000202 00000000 user32!SetTimer
0234FB2C 77E13F0F 0234FB94 00000000 77E367B9 0234FB94 user32!DispatchMessageW
0234FB5C 77B70A01 000E0122 004595B0 000003EE 000DEF48 user32!DispatchMessageW
0234FB78 77B71962 000DEF48 0234FB94 000DF044 000DEF48 comctl32!Ordinal390
0234FBD4 77B716FF 000F6330 00000002 0234FF74 00000000 comctl32!DestroyPropertySheetPage
0234FBEC 77B728B4 0234FCD4 00000003 7763DDED 0234FCD4 comctl32!DestroyPropertySheetPage
0234FD24 776281C9 000EDC60 0234FF6C 00000002 775AFDF0 comctl32!PropertySheetW
0234FF74 775A1F78 000F82E8 00000000 0006E404 77C8AFC3 shell32!Ordinal172
0234FFB4 77E92CA8 0006E3E8 00320037 00380033 0006E3E8 shell32!Ordinal455
0234FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!CreateFileA
0234F428 69936ADD 00CBB40C 0234F49C 0002027C 0234F700 objsel!<nosymbols>
0234F504 6992B334 0234F530 00000110 0234F700 00470B98 objsel!<nosymbols>
0234F51C 77E13EB0 0002027C 00000110 00020284 00000001 objsel!<nosymbols>
0234F53C 77E27499 6992B219 0002027C 00000110 00020284 user32!SetTimer
0234F578 77E156F0 0002027C 00000110 00020284 0234F700 user32!LoadBitmapA
0234F5A8 77E22C6C 00470B98 00000110 00020284 0234F700 user32!DefWindowProcW
0234F660 77E2355D 69920000 00000006 00000000 00470B98 user32!DrawFrame
0234F690 77E2381E 69920000 69947950 00000000 6992B219 user32!EndDialog
0234F6B0 77E3DCF8 69920000 69947950 00030268 6992B219 user32!DialogBoxIndirectParamAorW
0234F6D4 6992B1F7 69920000 00000065 00030268 6992B219 user32!DialogBoxParamW
0234F754 69932DD5 0234F7A4 00000001 000CB820 00000000 objsel!<nosymbols>
0234F7E0 69932CB3 00CBA920 00030268 00000000 0234F83C objsel!<nosymbols>
0234F848 74EE96B9 00030268 00000000 0234F8BC 00000111 objsel!<nosymbols>
0234F8CC 74EEA2C3 00030268 00000111 000CB820 0046AAB0 aclui!IID_ISecurityInformation
0234F8EC 74EE7F73 00030268 00000111 000003E9 0005026E aclui!IID_ISecurityInformation
0234F910 77E13EB0 00030268 00000111 000003E9 0005026E aclui!IID_ISecurityInformation
0234F930 77E27499 74EE7EE0 00030268 00000111 000003E9 user32!SetTimer
0234F96C 77E1573B 00030268 00000111 000003E9 0005026E user32!LoadBitmapA
0234F99C 77E15A3B 0046AAB0 00000111 000003E9 0005026E user32!DefWindowProcW
0234F9BC 77E23C5F 00030268 00000111 000003E9 0005026E user32!SendMessageW
0234FA5C 77E22255 0005026E 00000202 00000000 000E000A user32!GetCursorFrameInfo
0234FA80 77E13EB0 0005026E 00000202 00000000 000E000A user32!DrawFrame
0234FAA0 77E1401A 77E2220C 0005026E 00000202 00000000 user32!SetTimer
0234FB2C 77E13F0F 0234FB94 00000000 77E367B9 0234FB94 user32!DispatchMessageW
0234FB5C 77B70A01 000E0122 004595B0 000003EE 000DEF48 user32!DispatchMessageW
0234FB78 77B71962 000DEF48 0234FB94 000DF044 000DEF48 comctl32!Ordinal390
0234FBD4 77B716FF 000F6330 00000002 0234FF74 00000000 comctl32!DestroyPropertySheetPage
0234FBEC 77B728B4 0234FCD4 00000003 7763DDED 0234FCD4 comctl32!DestroyPropertySheetPage
0234FD24 776281C9 000EDC60 0234FF6C 00000002 775AFDF0 comctl32!PropertySheetW
0234FF74 775A1F78 000F82E8 00000000 0006E404 77C8AFC3 shell32!Ordinal172
0234FFB4 77E92CA8 0006E3E8 00320037 00380033 0006E3E8 shell32!Ordinal455
0234FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!CreateFileA
*----> Raw Stack Dump
<----*
0234f3e8 00 00 00 00 02 00 00 00 - a8 b0 cb 00 47 b6 92 69 ............G..i
0234f3f8 94 b1 cb 00 82 cf 92 69 - a8 b0 cb 00 0c b4 cb 00 .......i........
0234f408 07 00 00 00 00 f7 34 02 - 3f 78 e1 77 f0 1c 92 69 ......4.?x.w...i
0234f418 08 f4 34 02 48 f7 34 02 - 54 ef 93 69 00 00 00 00 ..4.H.4.T..i....
0234f428 04 f5 34 02 dd 6a 93 69 - 0c b4 cb 00 9c f4 34 02 ..4..j.i......4.
0234f438 7c 02 02 00 00 f7 34 02 - 01 00 00 00 00 00 00 c0 |.....4.........
0234f448 87 00 00 00 70 bb 45 00 - 80 f4 34 02 02 00 00 00 ....p.E...4.....
0234f458 02 00 00 00 00 00 00 00 - 20 df 0e 00 81 00 00 00 ........ .......
0234f468 79 46 f4 77 44 f4 34 02 - 00 00 00 40 48 f7 34 02 yF.wD.4....@H.4.
0234f478 46 23 bb 77 48 6d b5 77 - ff ff ff ff a4 f4 34 02 F#.wHm.w......4.
0234f488 00 00 00 00 b0 f4 34 02 - 55 22 e2 77 b0 f4 34 02 ......4.U".w..4.
0234f498 d9 80 e1 77 7c 02 02 00 - 84 02 02 00 a4 f7 34 02 ...w|.........4.
0234f4a8 1b c0 00 00 00 00 00 00 - e8 f4 34 02 90 19 42 6e ..........4...Bn
0234f4b8 7c 02 02 00 00 f7 34 02 - 01 00 00 00 00 00 00 00 |.....4.........
0234f4c8 06 6e e1 77 7c 02 02 00 - 08 00 00 00 00 f7 34 02 .n.w|.........4.
0234f4d8 00 00 00 00 7c 02 02 00 - 00 f7 34 02 01 00 00 00 ....|.....4.....
0234f4e8 1c f5 34 02 02 00 00 00 - 02 00 00 00 0b 00 00 00 ..4.............
0234f4f8 08 00 00 00 00 00 00 00 - 23 b3 92 69 1c f5 34 02 ........#..i..4.
0234f508 34 b3 92 69 30 f5 34 02 - 10 01 00 00 00 f7 34 02 4..i0.4.......4.
0234f518 98 0b 47 00 3c f5 34 02 - b0 3e e1 77 7c 02 02 00 ..G.<.4..>.w|...
0234f3e8 00 00 00 00 02 00 00 00 - a8 b0 cb 00 47 b6 92 69 ............G..i
0234f3f8 94 b1 cb 00 82 cf 92 69 - a8 b0 cb 00 0c b4 cb 00 .......i........
0234f408 07 00 00 00 00 f7 34 02 - 3f 78 e1 77 f0 1c 92 69 ......4.?x.w...i
0234f418 08 f4 34 02 48 f7 34 02 - 54 ef 93 69 00 00 00 00 ..4.H.4.T..i....
0234f428 04 f5 34 02 dd 6a 93 69 - 0c b4 cb 00 9c f4 34 02 ..4..j.i......4.
0234f438 7c 02 02 00 00 f7 34 02 - 01 00 00 00 00 00 00 c0 |.....4.........
0234f448 87 00 00 00 70 bb 45 00 - 80 f4 34 02 02 00 00 00 ....p.E...4.....
0234f458 02 00 00 00 00 00 00 00 - 20 df 0e 00 81 00 00 00 ........ .......
0234f468 79 46 f4 77 44 f4 34 02 - 00 00 00 40 48 f7 34 02 yF.wD.4....@H.4.
0234f478 46 23 bb 77 48 6d b5 77 - ff ff ff ff a4 f4 34 02 F#.wHm.w......4.
0234f488 00 00 00 00 b0 f4 34 02 - 55 22 e2 77 b0 f4 34 02 ......4.U".w..4.
0234f498 d9 80 e1 77 7c 02 02 00 - 84 02 02 00 a4 f7 34 02 ...w|.........4.
0234f4a8 1b c0 00 00 00 00 00 00 - e8 f4 34 02 90 19 42 6e ..........4...Bn
0234f4b8 7c 02 02 00 00 f7 34 02 - 01 00 00 00 00 00 00 00 |.....4.........
0234f4c8 06 6e e1 77 7c 02 02 00 - 08 00 00 00 00 f7 34 02 .n.w|.........4.
0234f4d8 00 00 00 00 7c 02 02 00 - 00 f7 34 02 01 00 00 00 ....|.....4.....
0234f4e8 1c f5 34 02 02 00 00 00 - 02 00 00 00 0b 00 00 00 ..4.............
0234f4f8 08 00 00 00 00 00 00 00 - 23 b3 92 69 1c f5 34 02 ........#..i..4.
0234f508 34 b3 92 69 30 f5 34 02 - 10 01 00 00 00 f7 34 02 4..i0.4.......4.
0234f518 98 0b 47 00 3c f5 34 02 - b0 3e e1 77 7c 02 02 00 ..G.<.4..>.w|...
State Dump for Thread Id 0x1d8
eax=7744855c ebx=00000001 ecx=00640041 edx=00000000
esi=77f87e6c edi=00000001
eip=77f87e77 esp=0239ff40 ebp=0239ff8c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
eip=77f87e77 esp=0239ff40 ebp=0239ff8c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
function: ZwWaitForMultipleObjects
77f87e6c b8e9000000 mov eax,0xe9
77f87e71 8d542404 lea edx,[esp+0x4] ss:02e1d517=????????
77f87e75 cd2e int 2e
77f87e77 c21400 ret 0x14
77f87e7a 668b08 mov cx,[eax] ds:7744855c=5553
77f87e7d 40 inc eax
77f87e7e 40 inc eax
77f87e7f 8945a4 mov [ebp+0xa4],eax ss:02e1d562=????????
77f87e82 6685c9 test cx,cx
77f87e85 75f3 jnz RtlExpandEnvironmentStrings_U+0x26 (77f8e57a)
77f87e87 663930 cmp [eax],si ds:7744855c=5553
77f87e8a 75ee jnz ZwFsControlFile+0x54 (77f8bf7a)
77f87e8c 40 inc eax
77f87e8d 40 inc eax
77f87e8e 8945a4 mov [ebp+0xa4],eax ss:02e1d562=????????
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
0239FF8C 77448581 0239FF64 00000001 00000000 0239FF84 ntdll!ZwWaitForMultipleObjects
00000001 00000000 00000000 00000000 00000000 00000000 crypt32!CertAddSerializedElementToStore
0239FF8C 77448581 0239FF64 00000001 00000000 0239FF84 ntdll!ZwWaitForMultipleObjects
00000001 00000000 00000000 00000000 00000000 00000000 crypt32!CertAddSerializedElementToStore
*----> Raw Stack Dump
<----*
0239ff40 b2 79 e8 77 01 00 00 00 - 64 ff 39 02 01 00 00 00 .y.w....d.9.....
0239ff50 00 00 00 00 84 ff 39 02 - 10 f8 08 00 08 f8 08 00 ......9.........
0239ff60 00 00 00 00 3c 05 00 00 - ac ac 2b fd 00 00 00 00 ....<.....+.....
0239ff70 01 00 00 00 54 ff 39 02 - 00 00 00 00 00 00 00 00 ....T.9.........
0239ff80 54 ff 39 02 80 2e 0f f7 - ff ff ff ff 01 00 00 00 T.9.............
0239ff90 81 85 44 77 64 ff 39 02 - 01 00 00 00 00 00 00 00 ..Dwd.9.........
0239ffa0 84 ff 39 02 00 00 00 00 - 65 00 74 00 74 00 69 00 ..9.....e.t.t.i.
0239ffb0 ec ff 39 02 08 f8 08 00 - a8 2c e9 77 08 f8 08 00 ..9......,.w....
0239ffc0 65 00 74 00 74 00 69 00 - 08 f8 08 00 00 b0 fa 7f e.t.t.i.........
0239ffd0 41 00 64 00 c0 ff 39 02 - 41 00 64 00 ff ff ff ff A.d...9.A.d.....
0239ffe0 fd 13 ea 77 08 c0 e9 77 - 00 00 00 00 00 00 00 00 ...w...w........
0239fff0 00 00 00 00 5c 85 44 77 - 08 f8 08 00 00 00 00 00 ....\.Dw........
023a0000 ff ff ff ff ff ff ff ff - ff 00 00 00 00 00 00 00 ................
023a0010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
023a0020 00 00 00 00 ff ff ff ff - ff ff ff ff ff 00 00 00 ................
023a0030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
023a0040 00 00 00 00 00 00 00 00 - ff ff 44 44 44 44 4f ff ..........DDDDO.
023a0050 ff 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
023a0060 00 00 00 00 00 00 00 00 - 00 00 00 00 ff f4 cc 44 ...............D
023a0070 47 4c 44 ff ff 00 00 00 - 00 00 00 00 00 00 00 00 GLD.............
0239ff40 b2 79 e8 77 01 00 00 00 - 64 ff 39 02 01 00 00 00 .y.w....d.9.....
0239ff50 00 00 00 00 84 ff 39 02 - 10 f8 08 00 08 f8 08 00 ......9.........
0239ff60 00 00 00 00 3c 05 00 00 - ac ac 2b fd 00 00 00 00 ....<.....+.....
0239ff70 01 00 00 00 54 ff 39 02 - 00 00 00 00 00 00 00 00 ....T.9.........
0239ff80 54 ff 39 02 80 2e 0f f7 - ff ff ff ff 01 00 00 00 T.9.............
0239ff90 81 85 44 77 64 ff 39 02 - 01 00 00 00 00 00 00 00 ..Dwd.9.........
0239ffa0 84 ff 39 02 00 00 00 00 - 65 00 74 00 74 00 69 00 ..9.....e.t.t.i.
0239ffb0 ec ff 39 02 08 f8 08 00 - a8 2c e9 77 08 f8 08 00 ..9......,.w....
0239ffc0 65 00 74 00 74 00 69 00 - 08 f8 08 00 00 b0 fa 7f e.t.t.i.........
0239ffd0 41 00 64 00 c0 ff 39 02 - 41 00 64 00 ff ff ff ff A.d...9.A.d.....
0239ffe0 fd 13 ea 77 08 c0 e9 77 - 00 00 00 00 00 00 00 00 ...w...w........
0239fff0 00 00 00 00 5c 85 44 77 - 08 f8 08 00 00 00 00 00 ....\.Dw........
023a0000 ff ff ff ff ff ff ff ff - ff 00 00 00 00 00 00 00 ................
023a0010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
023a0020 00 00 00 00 ff ff ff ff - ff ff ff ff ff 00 00 00 ................
023a0030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
023a0040 00 00 00 00 00 00 00 00 - ff ff 44 44 44 44 4f ff ..........DDDDO.
023a0050 ff 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
023a0060 00 00 00 00 00 00 00 00 - 00 00 00 00 ff f4 cc 44 ...............D
023a0070 47 4c 44 ff ff 00 00 00 - 00 00 00 00 00 00 00 00 GLD.............
State Dump for Thread Id 0x27c
eax=69938306 ebx=00000000 ecx=77e1993f edx=00000000
esi=77f8a117 edi=00000540
eip=77f8a122 esp=0248ff58 ebp=0248ff7c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
eip=77f8a122 esp=0248ff58 ebp=0248ff7c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246
function: ZwWaitForSingleObject
77f8a117 b8ea000000 mov eax,0xea
77f8a11c 8d542404 lea edx,[esp+0x4] ss:02f0d52f=????????
77f8a120 cd2e int 2e
77f8a122 c20c00 ret 0xc
77f8a125 56 push esi
77f8a126 8b742408 mov esi,[esp+0x8] ss:02f0d52f=????????
77f8a12a 56 push esi
77f8a12b e8fab9ffff call RtlValidSid (77f85b2a)
77f8a130 3c01 cmp al,0x1
77f8a132 0f85949a0100 jne RtlCopySidAndAttributesArray+0x8b (77fa3bcc)
77f8a138 807e0200 cmp byte ptr [esi+0x2],0x0 ds:78a076ed=??
77f8a13c 0f85949a0100 jne RtlCopySidAndAttributesArray+0x95 (77fa3bd6)
77f8a142 807e0300 cmp byte ptr [esi+0x3],0x0 ds:78a076ed=??
77f8a146 0f858a9a0100 jne RtlCopySidAndAttributesArray+0x95 (77fa3bd6)
77f8a14c 6a0a push 0xa
*----> Stack Back Trace <----*
FramePtr ReturnAd Param#1 Param#2
Param#3 Param#4 Function Name
0248FF7C 77E88787 00000540 FFFFFFFF 00000000 69938341 ntdll!ZwWaitForSingleObject
0248FFB4 77E92CA8 00CBB40C 0010FFF8 DCBAABCD 00CBB40C kernel32!WaitForSingleObject
0248FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!CreateFileA
0248FF7C 77E88787 00000540 FFFFFFFF 00000000 69938341 ntdll!ZwWaitForSingleObject
0248FFB4 77E92CA8 00CBB40C 0010FFF8 DCBAABCD 00CBB40C kernel32!WaitForSingleObject
0248FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!CreateFileA
0 new messages