Documente Academic
Documente Profesional
Documente Cultură
DBG-ADDR<00F48DEB>("Wow.exe")
DBG-ADDR<00F48E08>("Wow.exe")
DBG-ADDR<75635608>("KERNEL32.DLL")
DBG-ADDR<756355B6>("KERNEL32.DLL")
--- Thread ID: 10232 --DBG-ADDR<7754DF6C>("ntdll.dll")
DBG-ADDR<75627C04>("KERNEL32.DLL")
DBG-ADDR<7756AD1F>("ntdll.dll")
DBG-ADDR<7756ACEA>("ntdll.dll")
--- Thread ID: 8896 --DBG-ADDR<7754C4BC>("ntdll.dll")
DBG-ADDR<76BE2C02>("KERNELBASE.dll")
DBG-ADDR<00F59424>("Wow.exe")
DBG-ADDR<00F70167>("Wow.exe")
DBG-ADDR<00F74699>("Wow.exe")
DBG-ADDR<015A4FE0>("Wow.exe")
DBG-ADDR<015A506A>("Wow.exe")
DBG-ADDR<75627C04>("KERNEL32.DLL")
DBG-ADDR<7756AD1F>("ntdll.dll")
DBG-ADDR<7756ACEA>("ntdll.dll")
--- Thread ID: 8256 --DBG-ADDR<7754C4BC>("ntdll.dll")
DBG-ADDR<76BE2C02>("KERNELBASE.dll")
DBG-ADDR<00F79488>("Wow.exe")
DBG-ADDR<00F74699>("Wow.exe")
DBG-ADDR<015A4FE0>("Wow.exe")
DBG-ADDR<015A506A>("Wow.exe")
DBG-ADDR<75627C04>("KERNEL32.DLL")
DBG-ADDR<7756AD1F>("ntdll.dll")
DBG-ADDR<7756ACEA>("ntdll.dll")
--- Thread ID: 9584 --DBG-ADDR<7754C4BC>("ntdll.dll")
DBG-ADDR<76BE2C02>("KERNELBASE.dll")
DBG-ADDR<00F59424>("Wow.exe")
DBG-ADDR<00F700EF>("Wow.exe")
DBG-ADDR<00F74699>("Wow.exe")
DBG-ADDR<015A4FE0>("Wow.exe")
DBG-ADDR<015A506A>("Wow.exe")
DBG-ADDR<75627C04>("KERNEL32.DLL")
DBG-ADDR<7756AD1F>("ntdll.dll")
DBG-ADDR<7756ACEA>("ntdll.dll")
--- Thread ID: 5528 --DBG-ADDR<7754DF6C>("ntdll.dll")
DBG-ADDR<75627C04>("KERNEL32.DLL")
DBG-ADDR<7756AD1F>("ntdll.dll")
DBG-ADDR<7756ACEA>("ntdll.dll")
---------------------------------------Stack Trace (Using DBGHELP.DLL)
---------------------------------------Showing 6/6 threads...
--- Thread ID: 7300 [Current Thread] --00F42007 Wow.exe
<unknown symbol>+0 (038CCD08,03A6F200,038CB4E0,00000001)
00F43DC0
00F43EC4
00F43EDF
00F54D5B
BCF)
00F54F19
00FB)
00F46BCF
00F48A6E
00F48DEB
00F48E08
75635608
000000)
756355B6
000000)
Wow.exe
Wow.exe
Wow.exe
Wow.exe
Wow.exe
SFile::MakeFileLocal+1263 (00F43EC9,03A6F204,000000FC,0000
Wow.exe
Wow.exe
Wow.exe
Wow.exe
KERNEL32.DLL
0,00000000)
7756ACEA ntdll.dll
,00000000)
RtlInitializeExceptionChain+90 (015A5006,038E08C0,00000000
---------------------------------------Loaded Modules
---------------------------------------<Inspector.DebugModules:>
DBG-MODULE<00F40000 00FF5000 "Wow.exe" "Wow.pdb" 0 {37efe35e-517d-4e15-8563f4496
7a3c12a} 1 1379986265>
DBG-MODULE<69020000 00016000 "MPR.dll" "mpr.pdb" 0 {f1b94b40-5359-4c0c-8b9c06dbf
214e748} 2 1414544792>
DBG-MODULE<69550000 00141000 "dbghelp.dll" "dbghelp.pdb" 0 {24f6937d-6631-40a2-a
ff3210434afba90} 1 1265054906>
DBG-MODULE<69F70000 001D3000 "d3d9.dll" "d3d9.pdb" 0 {f8f65709-5c16-4527-aefbe58
8d054f0d5} 2 1414547905>
DBG-MODULE<6A500000 0007F000 "mscms.dll" "mscms.pdb" 0 {1b7c4a75-d240-47a4-a0464
e4fbd401862} 2 1414544108>
DBG-MODULE<6E410000 00017000 "MSACM32.dll" "msacm32.pdb" 0 {66e10c13-1126-4bb0-a
c86fb7a8b8cce1c} 2 1414544721>
DBG-MODULE<6E7C0000 000EC000 "DDRAW.dll" "ddraw.pdb" 0 {486e3d24-3830-4fa5-864cb
95b7e2667aa} 2 1414543963>
DBG-MODULE<6E8B0000 00074000 "AcSpecfc.DLL" "AcSpecfc.pdb" 0 {0b50a55c-1970-4512
-9f829e8c2b19012a} 2 1426034125>
DBG-MODULE<6EFE0000 00007000 "DCIMAN32.dll" "dciman32.pdb" 0 {77a3cef8-21be-492d
-ae8749d7f82fb959} 2 1414547999>
DBG-MODULE<6F6A0000 00023000 "WINMMBASE.dll" "winmmbase.pdb" 0 {773a9d5b-7983-4d
06-b3a0a02385aaad2d} 2 1414544266>
DBG-MODULE<6F860000 00089000 "COMCTL32.dll" "comctl32v582.pdb" 0 {3bb7a597-b3264c11-b801917d4a7da0ae} 2 1429929198>
DBG-MODULE<70170000 00021000 "DEVOBJ.dll" "devobj.pdb" 0 {7dda1bfd-61c9-43b9-889
8ee3d9035be53} 2 1414544601>
DBG-MODULE<701A0000 00023000 "WINMM.dll" "winmm.pdb" 0 {ff0d2553-53ac-46d4-8c593
c91f26717ee} 2 1414544138>
DBG-MODULE<70370000 0001A000 "dwmapi.dll" "dwmapi.pdb" 0 {60670c1e-c9c4-4d20-b99
c8e6e83d24e4c} 2 1414544302>
DBG-MODULE<705C0000 0014B000 "urlmon.dll" "urlmon.pdb" 0 {6b8deffd-e5ad-468d-bb4
4a4ea16b31c42} 2 1441898865>
DBG-MODULE<70D40000 000A0000 "apphelp.dll" "apphelp.pdb" 0 {037f6371-5335-468e-a
d54764ed142b861} 2 1414548011>
DBG-MODULE<712B0000 00046000 "fwpuclnt.dll" "fwpuclnt.pdb" 0 {b8905975-16d1-4ba4
-84127e5cf71b0ac2} 2 1414544189>
DBG-MODULE<71300000 00008000 "rasadhlp.dll" "rasadhlp.pdb" 0 {e180815f-7f9a-4a85
-b8c43ea47d6c8884} 2 1414544732>
DBG-MODULE<71390000 00376000 "msi.dll" "msi.pdb" 0 {d5466c79-6ca4-404b-a90d79b1a
509c5b2} 2 1434402537>
DBG-MODULE<72CA0000 0007E000 "DNSAPI.dll" "dnsapi.pdb" 0 {165b3d53-ca62-4097-a06
a54cfb25a85ec} 2 1414544783>
DBG-MODULE<72D20000 00008000 "VERSION.dll" "version.pdb" 0 {4dadb143-e234-4821-a
4c080ef73a4952e} 2 1414547985>
DBG-MODULE<731E0000 0004B000 "mswsock.dll" "mswsock.pdb" 0 {6b0d6839-4688-4027-b
ecb35001726e8d9} 2 1414544775>
DBG-MODULE<73230000 00008000 "WINNSI.DLL" "winnsi.pdb" 0 {2ca93168-0866-4965-9e0
daefc75a2b362} 2 1414544777>
DBG-MODULE<73240000 00020000 "IPHLPAPI.DLL" "iphlpapi.pdb" 0 {02d9ac30-0342-4c6c
-ab4b8392cf9d2605} 2 1414544769>
DBG-MODULE<73260000 0009F000 "WINHTTP.dll" "winhttp.pdb" 0 {52a299a6-7000-4e76-9
4661c6112c50096} 2 1414544175>
DBG-MODULE<73300000 0000A000 "ondemandconnroutehelper.dll" "OnDemandConnRouteHel
per.pdb" 0 {238c1d69-7ba6-48ef-9a028569a16652f0} 1 1414544702>
DBG-MODULE<73310000 001F3000 "WININET.dll" "wininet.pdb" 0 {6664aa11-9fd0-474d-9
8284bccc46a49e0} 2 1441899067>
DBG-MODULE<735D0000 0000A000 "Secur32.dll" "secur32.pdb" 0 {3038c46e-97d0-4810-8
740eccdb1bd73a0} 2 1414544779>
DBG-MODULE<735E0000 0000F000 "profapi.dll" "profapi.pdb" 0 {4e4981a8-efed-432a-8
24e07f832a0f989} 2 1414544771>
DBG-MODULE<735F0000 0001B000 "USERENV.dll" "userenv.pdb" 0 {83d19410-3824-48e6-b
3d28d2dacc1f6d1} 2 1414544457>
DBG-MODULE<73610000 00009000 "kernel.appcore.dll" "Kernel.Appcore.pdb" 0 {9fdd5e
16-9552-48d0-aaf693bd83d5a785} 1 1414544666>
DBG-MODULE<73620000 00206000 "Comctl32.dll" "comctl32.pdb" 0 {cc443e7a-4777-472d
-bacf1360d4ad5de6} 2 1438881619>
DBG-MODULE<73830000 00232000 "iertutil.dll" "iertutil.pdb" 0 {2e0a637a-d060-4560
-9f2ad8b0823187ec} 2 1441902797>
DBG-MODULE<73A70000 0008B000 "SHCORE.DLL" "shcore.pdb" 0 {ab29e1ed-4d52-4fed-828
e421ae8673dd7} 2 1421981223>
DBG-MODULE<74C90000 00054000 "bcryptPrimitives.dll" "bcryptprimitives.pdb" 0 {46
cb28d4-6f7e-4fd4-85df196c07cc27ee} 2 1414544757>
DBG-MODULE<74CF0000 0000A000 "CRYPTBASE.dll" "cryptbase.pdb" 0 {965b22dd-4cae-4f
69-8ef8939960be657c} 2 1414548075>
DBG-MODULE<74D00000 0001E000 "SspiCli.dll" "wsspicli.pdb" 0 {849b8e8d-6777-4a859ed4435f55818911} 1 1414544764>
DBG-MODULE<74D20000 001B1000 "SETUPAPI.dll" "setupapi.pdb" 0 {2789ff1b-9e7a-4e56
-b7963a59a1fed96c} 2 1414543418>
DBG-MODULE<75050000 00041000 "sechost.dll" "sechost.pdb" 0 {f28ed1eb-82e7-44d3-b
999e441a6b3ef43} 2 1426821659>
DBG-MODULE<750A0000 0017D000 "combase.dll" "combase.pdb" 0 {b9684e7a-2a1e-43dc-b
0f9a0a9717cb1ab} 2 1414544772>
DBG-MODULE<75220000 0009B000 "COMDLG32.dll" "comdlg32.pdb" 0 {72bf44b8-63fc-4de2
-925db45d335e2c3a} 2 1414545290>
DBG-MODULE<752D0000 00188000 "CRYPT32.dll" "crypt32.pdb" 0 {a93fd8c6-cebc-4415-8
b2937efcee9804f} 2 1414542078>
DBG-MODULE<75460000 00007000 "NSI.dll" "nsi.pdb" 0 {e855cbea-595c-4ff2-b952ff7f8
2447083} 2 1414548211>
DBG-MODULE<75500000 0010F000 "GDI32.dll" "wgdi32.pdb" 0 {c0cf278d-42eb-401e-ad5e
f1d6fd2cd425} 2 1435932043>
DBG-MODULE<75610000 00140000 "KERNEL32.DLL" "wkernel32.pdb" 0 {dfb9f6a1-661c-482
c-87b4d0d454332cb8} 1 1414547902>
DBG-MODULE<75750000 0003C000 "cfgmgr32.dll" "cfgmgr32.pdb" 0 {126aaf7d-0541-4d42
-b11ac7240a355bee} 2 1414544762>
DBG-MODULE<75790000 000BA000 "RPCRT4.dll" "wrpcrt4.pdb" 0 {34f9f7d0-96a4-45da-a6
a69fa4de53993e} 2 1435423350>
DBG-MODULE<758E0000 012BC000 "SHELL32.dll" "shell32.pdb" 0 {a514a533-b09f-4106-8
5c8954c7f2c7bc2} 2 1440511974>
DBG-MODULE<76BE0000 000D7000 "KERNELBASE.dll" "wkernelbase.pdb" 0 {21dacbc7-54b8
-49b9-8b431a83eba15e88} 2 1438956796>
DBG-MODULE<76CC0000 00045000 "SHLWAPI.dll" "shlwapi.pdb" 0 {68ec2a42-4e52-42c2-a
309e194e68b56cb} 2 1414543388>
DBG-MODULE<76D10000 00050000 "WS2_32.dll" "ws2_32.pdb" 0 {b4acd51c-f1b9-497a-89b
2c0de225bd36d} 2 1414544769>
DBG-MODULE<76D80000 00129000 "ole32.dll" "ole32.pdb" 0 {98238254-7562-4bdf-820d4
cb09bd0ce00} 2 1434398971>
DBG-MODULE<76EB0000 0000E000 "MSASN1.dll" "msasn1.pdb" 0 {47067747-aefa-40a3-a05
b91148806fa02} 2 1414544791>
DBG-MODULE<76EE0000 00112000 "MSCTF.dll" "msctf.pdb" 0 {7e838438-6823-4f45-b491c
219cc6a0003} 2 1426294385>
DBG-MODULE<77000000 0007C000 "ADVAPI32.dll" "advapi32.pdb" 0 {6a0005d8-3ad8-4eff
-a3342de450f0615b} 2 1438956682>
DBG-MODULE<77080000 000C3000 "msvcrt.dll" "msvcrt.pdb" 0 {d4416a97-d40c-497a-aa4
87f2b1835a142} 2 1414548270>
DBG-MODULE<77150000 00153000 "USER32.dll" "wuser32.pdb" 0 {fbaae417-246b-4e84-ae
5bcec86a73fc64} 2 1414544672>
DBG-MODULE<77310000 00095000 "OLEAUT32.dll" "oleaut32.pdb" 0 {ab2d635e-e225-41d0
-94beb9153dea4519} 2 1418964595>
DBG-MODULE<77410000 00027000 "IMM32.dll" "wimm32.pdb" 0 {57d0acfa-2275-4450-bb96
60da8818f362} 2 1414547988>
DBG-MODULE<77510000 0016E000 "ntdll.dll" "wntdll.pdb" 0 {8c67971c-1474-4905-80fc
7b7918183b46} 2 1438956686>
<:Inspector.DebugModules>
---------------------------------------Memory Dump
---------------------------------------Code: 32 bytes starting at (EIP = 00F42007 - 10)
00F41FF7: 75 08 68 F0 27 85 01 6A 00 6A 00 E8 44 B4 1D 00 u.h.'..j.j..D...
* = addr **
*
00F42007: 83 C4 20 EB 09 FF 75 08 E8 BB FD FF FF 59 5F 5B .. ...u......Y_[
Stack: 1024 bytes starting at (ESP = 03A6ED1C - 20)
03A6ECF0: 00 00 00 00 05 00 00 00 09 04 00 00 44 ED A6 03 ............D...
03A6ED00: 00 01 00 00 84 28 85 01 03 00 00 00 20 ED A6 03 .....(...... ...
03A6ED10: 0E 22 17 01 44 EE A6 03 07 20 F4 00 00 00 00 00 ."..D.... ......
* = addr
**
*
03A6ED10:
03A6ED20:
03A6ED30:
03A6ED40:
03A6ED50:
03A6ED60:
03A6ED70:
03A6ED80:
03A6ED90:
03A6EDA0:
03A6EDB0:
03A6EDC0:
03A6EDD0:
03A6EDE0:
03A6EDF0:
03A6EE00:
03A6EE10:
03A6EE20:
03A6EE30:
03A6EE40:
03A6EE50:
03A6EE60:
03A6EE70:
03A6EE80:
03A6EE90:
03A6EEA0:
03A6EEB0:
03A6EEC0:
03A6EED0:
03A6EEE0:
03A6EEF0:
03A6EF00:
03A6EF10:
03A6EF20:
03A6EF30:
03A6EF40:
03A6EF50:
03A6EF60:
03A6EF70:
03A6EF80:
03A6EF90:
03A6EFA0:
03A6EFB0:
03A6EFC0:
03A6EFD0:
03A6EFE0:
03A6EFF0:
03A6F000:
03A6F010:
03A6F020:
03A6F030:
03A6F040:
03A6F050:
03A6F060:
03A6F070:
03A6F080:
03A6F090:
03A6F0A0:
03A6F0B0:
03A6F0C0:
0E
00
20
04
90
5B
54
00
00
58
68
20
E8
23
00
0C
F8
98
00
08
00
38
08
28
FC
42
00
00
01
64
25
01
AA
34
51
00
64
05
2A
01
08
BC
C1
19
CF
FB
00
46
20
AC
28
E0
00
B8
1E
0C
10
A8
CE
00
22
00
24
F2
6D
71
5E
00
00
EE
EF
00
ED
00
00
EE
3B
93
00
CD
F2
00
00
C6
00
00
00
00
00
00
00
00
0F
EF
1F
F2
EF
56
01
00
CD
EF
43
4F
6B
00
00
00
00
F0
00
46
00
4D
00
F1
00
6B
AC
00
17
00
85
A6
94
11
11
00
00
A6
A6
00
A6
00
00
A6
F7
85
00
8C
A6
00
00
85
00
00
00
00
00
00
6F
00
5A
A6
49
A6
A6
F7
00
00
8C
A6
00
F5
F4
00
DC
53
00
A6
00
8B
00
93
00
A6
00
93
5B
00
01
00
01
03
03
01
01
00
00
03
03
00
03
00
00
03
00
01
00
03
03
00
00
01
00
00
00
00
00
00
00
00
01
03
01
03
03
00
00
00
03
03
00
00
00
00
00
00
00
03
00
03
00
03
00
03
00
03
01
00
44
F0
10
00
0D
34
98
A0
98
31
23
68
DC
A8
23
DF
68
00
5C
74
E0
9C
04
99
FB
00
00
00
3C
00
61
1C
00
CD
18
E0
70
00
88
00
04
5B
10
C9
C9
00
00
00
00
E9
30
02
38
FF
00
E9
01
02
00
7E
EE
27
8E
6D
00
CE
6D
ED
6D
8B
00
EF
AE
74
00
65
EF
00
EF
EF
B4
EF
01
EE
00
00
00
00
13
00
78
EF
00
70
3E
E6
EF
00
EF
00
F2
4D
00
3E
3E
00
00
00
00
10
00
00
00
FF
00
10
00
00
00
70
A6
85
94
94
00
87
94
A6
94
F5
00
A6
F5
89
00
F6
A6
00
A6
A6
8C
A6
00
A6
00
00
00
00
5A
00
11
A6
EA
11
8E
87
A6
00
A6
00
A6
F5
00
F4
F4
00
DC
00
00
55
00
00
00
FF
00
55
00
00
EA
F4
03
01
03
03
00
01
03
03
03
00
00
03
00
03
00
00
03
00
03
03
03
03
00
03
00
00
00
00
01
00
01
03
00
01
03
03
03
00
03
00
03
00
00
00
00
00
00
00
00
77
00
00
00
3F
00
77
00
00
00
00
07
08
44
5C
20
00
34
C7
1D
20
D0
A8
BC
00
34
B4
B4
68
74
C0
01
A8
00
00
44
00
00
00
6F
00
38
E1
00
A8
B8
5C
E0
00
C4
A0
C1
08
04
04
04
30
10
6C
68
30
00
07
80
3C
38
18
18
04
00
00
20
CD
ED
ED
0A
00
CE
A8
00
00
ED
F5
39
EE
17
F5
F5
EF
EF
3D
00
39
00
00
61
00
00
00
00
00
00
79
00
39
C5
EF
B4
00
3E
EF
43
CD
F2
F2
F2
44
44
09
09
00
00
00
4D
0A
0A
00
00
00
00
00
F4
8C
A6
A6
AC
00
87
F7
00
00
A6
92
94
A6
93
92
92
A6
A6
F4
00
94
00
00
74
00
00
00
00
00
00
11
00
94
92
A6
8C
00
F4
A6
00
8C
A6
A6
A6
8B
8B
DC
DC
00
00
00
93
DC
DC
00
00
00
00
00
00
03
03
03
01
00
01
00
00
00
03
03
03
03
03
03
03
03
03
00
00
03
00
00
61
00
00
00
00
00
00
01
00
03
03
03
03
00
00
03
00
03
03
03
03
03
03
00
00
00
00
00
03
00
00
00
00
00
00
00
00
05
08
CD
6C
84
00
98
00
68
DC
23
34
82
23
34
68
2A
8A
08
01
02
40
03
2F
00
00
01
90
B0
23
20
A8
48
70
5B
78
00
C1
DF
01
04
CC
10
FC
0A
4E
D4
18
08
20
80
0F
C8
80
00
00
C4
00
00
00
00
CD
70
ED
ED
00
6D
00
EF
AE
00
17
10
00
EE
EF
01
3D
CD
00
00
00
01
65
00
00
00
E9
1D
00
EF
39
EF
EF
7E
EF
00
43
3E
00
F2
EF
F2
00
00
00
01
00
00
00
00
00
01
00
00
00
F0
09
00
00
00
8C
11
A6
A6
00
94
00
A6
F5
00
93
F6
00
A6
A6
00
F4
8C
00
00
00
00
6E
00
00
00
8D
94
00
A6
94
A6
A6
F6
A6
00
00
F4
00
A6
A6
A6
00
00
54
DC
00
00
00
00
00
DC
00
00
00
A6
3D
00
00
00
03
01
03
03
00
03
00
03
00
00
03
00
00
03
03
00
00
03
00
00
00
00
47
00
00
00
03
03
00
03
03
03
03
00
03
00
00
00
00
03
03
03
00
00
00
00
00
00
00
00
00
00
00
00
00
03
00
00
."..D.... ......
.....'..........
$......D.......
.....m..\....p..
.m...... ...l...
[q..4...........
T^...m..4.......
.............m..
.....m..........
X...1... ...h...
h...#...........
...h.......#...
.........9..4...
#....t..........
....#...4...#...
.....e......4...
.;..h.......h...
........h...*...
....\...t....=..
....t....=......
................
8........9......
............@...
(...............
........Data/enG
B...............
................
................
....<.Z.o.......
d...............
%.o.ax..8...#...
.........y.. ...
..Z..........9..
4....p...9..H...
Q.I..>......p...
........\...[~..
d...p.......x...
.V..............
*........>...C..
.............>..
.........C......
....[M..........
.C..............
.O...>..........
.k...>..........
........0D......
.........D..N.T.
F.S.....l.......
.......h.......
......Uw0.......
(...0....... ...
.F..............
....8....M......
.M.....?<.......
........8.......
......Uw........
................
.k..............
..[...........=.
....~p..........
03A6F0D0:
03A6F0E0:
03A6F0F0:
03A6F100:
03A6F110:
00
00
75
71
1D
09
00
70
00
75
3D
00
64
12
6B
00
00
61
01
40
00
59
74
04
30
00
78
65
00
F1
00
11
2D
00
A6
00
01
65
00
03
FC
01
6E
34
20
00
00
47
39
82
00
00
42
EA
F8
00
00
2D
00
00
FB
77
2A
E8
E8
00
6F
2E
46
46
00
77
6D
8B
8B
00
2D
70
03
03
..=.............
....Yx......wowupdate-enGB-*.mp
q.......49...F..
.uk@0... ....F..