PDA

View Full Version : Errore drwatson debugger


katoble
23-11-2009, 16:02
E' già la seconda volta che quanto clicco sull'icona di internet per disconnettermi mi si blocca tutto e mi viene il messaggio di errore del degubber di windows. Il computer si impalla e solo dopo aver terminato drwatson con task manager mi riparte. Stavolta ho scoperto dove viene messo il report e lo allego, magari sapete dirmi a cosa sono dovuti gli errori.


Microsoft (R) DrWtsn32
Copyright (C) 1985-2001 Microsoft Corp. Tutti i diritti riservati.



Exception dell'applicazione:
App: E:\WINDOWS\Explorer.EXE (pid=1608)
Ora: 23/11/2009 @ 16:47:53.421
Numero exception: c0000005 (access violation)

*----> System Information <----*

Id sessione terminal: 0
Numero processori: 2
Tipo processore: x86 Family 6 Model 15 Stepping 13
Versione di Windows: 5.1
Build corrente: 2600
Service Pack: 3
Tipo corrente: Multiprocessor Free
Organizzazione registrata:
Proprietario autorizzato:

*----> Elenco Task <----*
0 System Process
4 System
564 smss.exe
612 csrss.exe
636 winlogon.exe
680 services.exe
692 lsass.exe
872 svchost.exe
976 svchost.exe
1020 svchost.exe
1076 svchost.exe
1120 spoolsv.exe
1168 sched.exe
1332 avfwsvc.exe
1344 avguard.exe
1400 mbamservice.exe
1432 svchost.exe
1608 Explorer.EXE
1644 ctfmon.exe
1824 avgnt.exe
1832 mbamgui.exe
1896 CN405WLUSB54.exe
320 alg.exe
608 svchost.exe
2112 svchost.exe
3180 drwtsn32.exe

*----> Elenco moduli <----*
(0000000000400000 - 0000000000409000: E:\WINDOWS\system32\Normaliz.dll
(0000000000e80000 - 0000000000ebd000: E:\WINDOWS\system32\webcheck.dll
(0000000001000000 - 00000000010ff000: E:\WINDOWS\Explorer.EXE
(0000000001440000 - 0000000001ed1000: E:\WINDOWS\system32\ieframe.dll
(0000000002010000 - 00000000022d5000: E:\WINDOWS\system32\xpsp2res.dll
(00000000025a0000 - 00000000025ae000: E:\WINDOWS\system32\eappprxy.dll
(0000000002600000 - 0000000002628000: E:\WINDOWS\system32\OneX.DLL
(0000000003010000 - 0000000003022000: E:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
(0000000003180000 - 000000000320d000: E:\PROGRA~1\ZIPGEN~1\DROPHA~1.DLL
(0000000003e30000 - 0000000003f2f000: E:\PROGRA~1\ZIPGEN~1\contmenu.dll
(0000000010000000 - 000000001004c000: E:\Program Files\Avira\AntiVir Desktop\shlext.dll
(000000001a400000 - 000000001a532000: E:\WINDOWS\system32\urlmon.dll
(000000003fde0000 - 0000000040221000: E:\WINDOWS\system32\msi.dll
(00000000478c0000 - 00000000478ca000: E:\WINDOWS\system32\dot3api.dll
(000000004d4f0000 - 000000004d549000: E:\WINDOWS\system32\WINHTTP.dll
(000000005ad70000 - 000000005ada8000: E:\WINDOWS\system32\UxTheme.dll
(000000005b860000 - 000000005b8b6000: E:\WINDOWS\system32\NETAPI32.dll
(000000005ba60000 - 000000005bad1000: E:\WINDOWS\system32\themeui.dll
(000000005cb70000 - 000000005cb96000: E:\WINDOWS\system32\ShimEng.dll
(000000005d090000 - 000000005d12a000: E:\WINDOWS\system32\comctl32.dll
(000000005dca0000 - 000000005de88000: E:\WINDOWS\system32\iertutil.dll
(000000005df10000 - 000000005df70000: E:\WINDOWS\system32\wzcdlg.dll
(0000000063000000 - 00000000630e6000: E:\WINDOWS\system32\WININET.dll
(0000000068000000 - 0000000068036000: E:\WINDOWS\system32\rsaenh.dll
(000000006c1b0000 - 000000006c1fd000: E:\WINDOWS\system32\DUSER.dll
(000000006f880000 - 000000006fa4a000: E:\WINDOWS\AppPatch\AcGenral.DLL
(0000000071aa0000 - 0000000071aa8000: E:\WINDOWS\system32\WS2HELP.dll
(0000000071ab0000 - 0000000071ac7000: E:\WINDOWS\system32\WS2_32.dll
(0000000071b20000 - 0000000071b32000: E:\WINDOWS\system32\MPR.dll
(0000000071bf0000 - 0000000071c03000: E:\WINDOWS\system32\SAMLIB.dll
(0000000071c10000 - 0000000071c1e000: E:\WINDOWS\System32\ntlanman.dll
(0000000071c80000 - 0000000071c87000: E:\WINDOWS\System32\NETRAP.dll
(0000000071c90000 - 0000000071cd0000: E:\WINDOWS\System32\NETUI1.dll
(0000000071cd0000 - 0000000071ce7000: E:\WINDOWS\System32\NETUI0.dll
(00000000723c0000 - 00000000723d3000: E:\Program Files\Internet Explorer\mui\0410\browselc.dll
(0000000073000000 - 0000000073026000: E:\WINDOWS\system32\WINSPOOL.DRV
(0000000073030000 - 0000000073040000: E:\WINDOWS\system32\WZCSAPI.DLL
(00000000736d0000 - 00000000736d6000: E:\WINDOWS\system32\dot3dlg.dll
(00000000745b0000 - 00000000745d2000: E:\WINDOWS\system32\eappcfg.dll
(0000000074720000 - 000000007476c000: E:\WINDOWS\system32\Msctf.dll
(0000000074ad0000 - 0000000074ad8000: E:\WINDOWS\system32\POWRPROF.dll
(0000000074af0000 - 0000000074afa000: E:\WINDOWS\system32\BatMeter.dll
(00000000754d0000 - 0000000075550000: E:\WINDOWS\system32\CRYPTUI.dll
(00000000755c0000 - 00000000755ee000: E:\WINDOWS\system32\msctfime.ime
(0000000075cf0000 - 0000000075d81000: E:\WINDOWS\system32\MLANG.dll
(0000000075f60000 - 0000000075f67000: E:\WINDOWS\System32\drprov.dll
(0000000075f70000 - 0000000075f7a000: E:\WINDOWS\System32\davclnt.dll
(0000000075f80000 - 000000007607d000: E:\WINDOWS\system32\BROWSEUI.dll
(0000000076080000 - 00000000760e5000: E:\WINDOWS\system32\MSVCP60.dll
(0000000076280000 - 00000000762a1000: E:\WINDOWS\system32\stobject.dll
(0000000076360000 - 0000000076370000: E:\WINDOWS\system32\WINSTA.dll
(0000000076380000 - 0000000076385000: E:\WINDOWS\system32\MSIMG32.dll
(0000000076390000 - 00000000763ad000: E:\WINDOWS\system32\IMM32.DLL
(00000000763b0000 - 00000000763f9000: E:\WINDOWS\system32\comdlg32.dll
(0000000076400000 - 00000000765a5000: E:\WINDOWS\system32\NETSHELL.dll
(0000000076600000 - 000000007661d000: E:\WINDOWS\System32\CSCDLL.dll
(0000000076980000 - 0000000076988000: E:\WINDOWS\system32\LINKINFO.dll
(0000000076990000 - 00000000769b5000: E:\WINDOWS\system32\ntshrui.dll
(00000000769c0000 - 0000000076a74000: E:\WINDOWS\system32\USERENV.dll
(0000000076b20000 - 0000000076b31000: E:\WINDOWS\system32\ATL.DLL
(0000000076b40000 - 0000000076b6d000: E:\WINDOWS\system32\WINMM.dll
(0000000076c00000 - 0000000076c2e000: E:\WINDOWS\system32\credui.dll
(0000000076c30000 - 0000000076c5e000: E:\WINDOWS\system32\WINTRUST.dll
(0000000076c90000 - 0000000076cb8000: E:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d60000 - 0000000076d79000: E:\WINDOWS\system32\iphlpapi.dll
(0000000076e80000 - 0000000076e8e000: E:\WINDOWS\system32\rtutils.dll
(0000000076f50000 - 0000000076f58000: E:\WINDOWS\system32\WTSAPI32.dll
(0000000076f60000 - 0000000076f8c000: E:\WINDOWS\system32\WLDAP32.dll
(0000000076fd0000 - 000000007704f000: E:\WINDOWS\system32\CLBCATQ.DLL
(0000000077050000 - 0000000077115000: E:\WINDOWS\system32\COMRes.dll
(0000000077120000 - 00000000771ab000: E:\WINDOWS\system32\OLEAUT32.dll
(00000000773d0000 - 00000000774d3000: E:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5705_x-ww_36cfed49\comctl32.dll
(00000000774e0000 - 000000007761e000: E:\WINDOWS\system32\ole32.dll
(0000000077920000 - 0000000077a13000: E:\WINDOWS\system32\SETUPAPI.dll
(0000000077a20000 - 0000000077a74000: E:\WINDOWS\System32\cscui.dll
(0000000077a80000 - 0000000077b15000: E:\WINDOWS\system32\CRYPT32.dll
(0000000077b20000 - 0000000077b32000: E:\WINDOWS\system32\MSASN1.dll
(0000000077b40000 - 0000000077b62000: E:\WINDOWS\system32\Apphelp.dll
(0000000077be0000 - 0000000077bf5000: E:\WINDOWS\system32\MSACM32.dll
(0000000077c00000 - 0000000077c08000: E:\WINDOWS\system32\VERSION.dll
(0000000077c10000 - 0000000077c68000: E:\WINDOWS\system32\msvcrt.dll
(0000000077dd0000 - 0000000077e6b000: E:\WINDOWS\system32\ADVAPI32.dll
(0000000077e70000 - 0000000077f02000: E:\WINDOWS\system32\RPCRT4.dll
(0000000077f10000 - 0000000077f59000: E:\WINDOWS\system32\GDI32.dll
(0000000077f60000 - 0000000077fd6000: E:\WINDOWS\system32\SHLWAPI.dll
(0000000077fe0000 - 0000000077ff1000: E:\WINDOWS\system32\Secur32.dll
(000000007c800000 - 000000007c8f7000: E:\WINDOWS\system32\kernel32.dll
(000000007c900000 - 000000007c9b2000: E:\WINDOWS\system32\ntdll.dll
(000000007c9c0000 - 000000007d1d7000: E:\WINDOWS\system32\SHELL32.dll
(000000007e290000 - 000000007e401000: E:\WINDOWS\system32\SHDOCVW.dll
(000000007e410000 - 000000007e4a1000: E:\WINDOWS\system32\USER32.dll
(000000007e720000 - 000000007e7d0000: E:\WINDOWS\system32\SXS.DLL

*----> Scarico dello stato per l'id del thread 0x64c <----*

eax=00380650 ebx=0007f81c ecx=00000000 edx=7c90e514 esi=00000000 edi=7ffde000
eip=7c90e514 esp=0007f7f4 ebp=0007f890 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for E:\WINDOWS\system32\ntdll.dll -
funzione: ntdll!KiFastSystemCallRet
7c90e4fa e829000000 call ntdll!RtlRaiseException (7c90e528)
7c90e4ff 8b0424 mov eax,[esp]
7c90e502 8be5 mov esp,ebp
7c90e504 5d pop ebp
7c90e505 c3 ret
7c90e506 8da42400000000 lea esp,[esp]
7c90e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c90e510 8bd4 mov edx,esp
7c90e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c90e514 c3 ret
7c90e515 8da42400000000 lea esp,[esp]
7c90e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c90e520 8d542408 lea edx,[esp+0x8]
7c90e524 cd2e int 2e
7c90e526 c3 ret
7c90e527 90 nop
ntdll!RtlRaiseException:
7c90e528 55 push ebp
7c90e529 8bec mov ebp,esp

*----> Back Trace dello stack <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for E:\WINDOWS\system32\USER32.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for E:\WINDOWS\system32\Msctf.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for E:\WINDOWS\system32\SHELL32.dll -
*** ERROR: Module load completed but symbols could not be loaded for E:\WINDOWS\Explorer.EXE
*** ERROR: Symbol file could not be found. Defaulted to export symbols for E:\WINDOWS\system32\kernel32.dll -
ChildEBP RetAddr Args to Child
0007f890 7e4195f9 00000002 0007f8b8 00000000 ntdll!KiFastSystemCallRet
0007f8ec 7e4196a8 00000001 0007fac8 000001f4 USER32!GetLastInputInfo+0x105
0007f908 74740332 00000001 0007fac8 00000000 USER32!MsgWaitForMultipleObjects+0x1f
0007f954 7474089d 0007fac8 00000670 0007f9b4 Msctf!TF_CheckThreadInputIdle+0x775
0007fbd8 74740db2 02ee0028 00000028 0007fc98 Msctf!TF_CheckThreadInputIdle+0xce0
0007fbec 7474121a 0012dac0 00000028 00000008 Msctf!TF_CheckThreadInputIdle+0x11f5
0007fc58 7474193e 00000003 00000001 0007fc6c Msctf!TF_CheckThreadInputIdle+0x165d
0007fc84 7473d2a7 0012dab8 00000001 000201a2 Msctf!TF_CheckThreadInputIdle+0x1d81
0007fdc0 7e418734 000201a2 0000c09c 00000000 Msctf!TF_CreateCicLoadMutex+0x6344
0007fdec 7e418816 7474043e 000201a2 0000c09c USER32!GetDC+0x6d
0007fe54 7e4189cd 00000000 7474043e 000201a2 USER32!GetDC+0x14f
0007feb4 7e418a10 0007fed4 00000000 0007fef0 USER32!GetWindowLongW+0x127
0007fec4 7ca25bdc 0007fed4 000f5718 000201a2 USER32!DispatchMessageW+0xf
0007fef0 7ca25a71 7c80932e 000f5718 000f5718 SHELL32!SHChangeNotify+0x131d
0007ff08 7ca0e0d4 00000000 0007ff5c 01013276 SHELL32!SHChangeNotify+0x11b2
0007ff14 01013276 000f5718 7ffde000 0007ffc0 SHELL32!Ordinal201+0x28
0007ff5c 0101a5d7 00000000 00000000 0002061e Explorer+0x13276
0007ffc0 7c817067 00000010 000810a0 7ffde000 Explorer+0x1a5d7
0007fff0 00000000 0101a56f 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

*----> Scarico Raw Stack <----*
000000000007f7f4 4a df 90 7c 74 95 80 7c - 02 00 00 00 1c f8 07 00 J..|t..|........
000000000007f804 01 00 00 00 00 00 00 00 - 50 f8 07 00 00 00 00 00 ........P.......
000000000007f814 02 00 00 00 00 00 00 00 - 54 07 00 00 30 00 00 00 ........T...0...
000000000007f824 18 f8 07 00 ea 01 00 00 - 68 f8 07 00 e9 93 41 7e ........h.....A~
000000000007f834 a8 93 41 7e d8 f8 07 00 - 14 00 00 00 01 00 00 00 ..A~............
000000000007f844 00 00 00 00 00 00 00 00 - 10 00 00 00 c0 b4 b3 ff ................
000000000007f854 ff ff ff ff 00 d0 fd 7f - 00 e0 fd 7f 00 d0 fd 7f ................
000000000007f864 78 f8 07 00 50 f8 07 00 - 1c f8 07 00 46 ae 42 7e x...P.......F.B~
000000000007f874 02 00 00 00 10 f8 07 00 - 01 00 00 00 44 fe 07 00 ............D...
000000000007f884 a0 9a 83 7c 68 96 80 7c - 00 00 00 00 ec f8 07 00 ...|h..|........
000000000007f894 f9 95 41 7e 02 00 00 00 - b8 f8 07 00 00 00 00 00 ..A~............
000000000007f8a4 f4 01 00 00 00 00 00 00 - b4 f9 07 00 46 ae 42 7e ............F.B~
000000000007f8b4 c8 fa 07 00 54 07 00 00 - 30 00 00 00 c8 fa 07 00 ....T...0.......
000000000007f8c4 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007f8d4 10 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000007f8e4 00 d0 fd 7f 30 00 00 00 - 08 f9 07 00 a8 96 41 7e ....0.........A~
000000000007f8f4 01 00 00 00 c8 fa 07 00 - f4 01 00 00 ff 41 00 00 .............A..
000000000007f904 b8 f8 07 00 54 f9 07 00 - 32 03 74 74 01 00 00 00 ....T...2.tt....
000000000007f914 c8 fa 07 00 00 00 00 00 - f4 01 00 00 ff 41 00 00 .............A..
000000000007f924 00 00 00 00 c0 da 12 00 - 05 40 00 80 00 00 00 00 .........@......

*----> Scarico dello stato per l'id del thread 0x6f8 <----*

eax=00000000 ebx=7e42929a ecx=010463c4 edx=0239fa01 esi=010460f8 edi=00000000
eip=7c90e514 esp=0239ff14 ebp=0239ff44 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

funzione: ntdll!KiFastSystemCallRet
7c90e4fa e829000000 call ntdll!RtlRaiseException (7c90e528)
7c90e4ff 8b0424 mov eax,[esp]
7c90e502 8be5 mov esp,ebp
7c90e504 5d pop ebp
7c90e505 c3 ret
7c90e506 8da42400000000 lea esp,[esp]
7c90e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c90e510 8bd4 mov edx,esp
7c90e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c90e514 c3 ret
7c90e515 8da42400000000 lea esp,[esp]
7c90e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c90e520 8d542408 lea edx,[esp+0x8]
7c90e524 cd2e int 2e
7c90e526 c3 ret
7c90e527 90 nop
ntdll!RtlRaiseException:
7c90e528 55 push ebp
7c90e529 8bec mov ebp,esp

*----> Back Trace dello stack <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for E:\WINDOWS\system32\SHLWAPI.dll -
ChildEBP RetAddr Args to Child
0239ff44 0100ffed 00000000 0239ffb4 77f76f42 ntdll!KiFastSystemCallRet
0239ff50 77f76f42 010460f8 0000005c 00880045 Explorer+0xffed
0239ffb4 7c80b713 00000000 0000005c 00880045 SHLWAPI!Ordinal505+0x3e9
0239ffec 00000000 77f76ed3 0007fdbc 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Scarico Raw Stack <----*
000000000239ff14 18 94 41 7e 40 1a 00 01 - 00 00 00 00 f8 60 04 01 ..A~@........`..
000000000239ff24 00 00 00 00 8a 00 01 00 - 2a c0 00 00 04 00 00 00 ........*.......
000000000239ff34 00 00 00 00 e8 93 d8 00 - a9 02 00 00 ea 01 00 00 ................
000000000239ff44 50 ff 39 02 ed ff 00 01 - 00 00 00 00 b4 ff 39 02 P.9...........9.
000000000239ff54 42 6f f7 77 f8 60 04 01 - 5c 00 00 00 45 00 88 00 Bo.w.`..\...E...
000000000239ff64 bc fd 07 00 c4 ff 00 01 - 8d 3c 01 01 70 02 00 00 .........<..p...
000000000239ff74 f8 60 04 01 08 00 00 00 - 00 00 00 00 00 00 00 00 .`..............
000000000239ff84 00 00 00 00 00 00 00 00 - 00 00 00 00 a0 1d 88 89 ................
000000000239ff94 a4 a0 4f 80 00 00 00 00 - 00 00 00 00 00 00 00 00 ..O.............
000000000239ffa4 ac a0 4f 80 00 00 00 00 - f2 1e 70 80 1a da 90 7c ..O.......p....|
000000000239ffb4 ec ff 39 02 13 b7 80 7c - 00 00 00 00 5c 00 00 00 ..9....|....\...
000000000239ffc4 45 00 88 00 bc fd 07 00 - 00 90 fd 7f 00 76 bf 89 E............v..
000000000239ffd4 c0 ff 39 02 b8 11 2a 89 - ff ff ff ff a0 9a 83 7c ..9...*........|
000000000239ffe4 20 b7 80 7c 00 00 00 00 - 00 00 00 00 00 00 00 00 ..|............
000000000239fff4 d3 6e f7 77 bc fd 07 00 - 00 00 00 00 11 00 00 00 .n.w............
00000000023a0004 70 06 00 00 6c 06 00 00 - 15 0c 00 00 48 00 03 00 p...l.......H...
00000000023a0014 00 00 00 00 00 00 00 00 - 5f 60 00 00 00 00 00 00 ........_`......
00000000023a0024 f8 06 00 00 48 06 00 00 - 11 04 00 00 6c 00 01 00 ....H.......l...
00000000023a0034 00 00 00 00 00 00 00 00 - 64 67 00 00 00 00 00 00 ........dg......
00000000023a0044 08 07 00 00 48 06 00 00 - 00 00 00 00 00 00 00 00 ....H...........

*----> Scarico dello stato per l'id del thread 0x6fc <----*

eax=000000c0 ebx=00000000 ecx=77dd6a77 edx=77dd6a3e esi=ffffffff edi=7c90f668
eip=7c90e514 esp=0241ff9c ebp=0241ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

funzione: ntdll!KiFastSystemCallRet
7c90e4fa e829000000 call ntdll!RtlRaiseException (7c90e528)
7c90e4ff 8b0424 mov eax,[esp]
7c90e502 8be5 mov esp,ebp
7c90e504 5d pop ebp
7c90e505 c3 ret
7c90e506 8da42400000000 lea esp,[esp]
7c90e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c90e510 8bd4 mov edx,esp
7c90e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c90e514 c3 ret
7c90e515 8da42400000000 lea esp,[esp]
7c90e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c90e520 8d542408 lea edx,[esp+0x8]
7c90e524 cd2e int 2e
7c90e526 c3 ret
7c90e527 90 nop
ntdll!RtlRaiseException:
7c90e528 55 push ebp
7c90e529 8bec mov ebp,esp

*----> Back Trace dello stack <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0241ffb4 7c80b713 00000000 7c90f668 ffffffff ntdll!KiFastSystemCallRet
0241ffec 00000000 7c92797d 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Scarico Raw Stack <----*
000000000241ff9c 1a d2 90 7c c4 79 92 7c - 01 00 00 00 ac ff 41 02 ...|.y.|......A.
000000000241ffac 00 00 00 00 00 00 00 80 - ec ff 41 02 13 b7 80 7c ..........A....|
000000000241ffbc 00 00 00 00 68 f6 90 7c - ff ff ff ff 00 00 00 00 ....h..|........
000000000241ffcc 00 80 fd 7f 00 76 bf 89 - c0 ff 41 02 38 7b 81 89 .....v....A.8{..
000000000241ffdc ff ff ff ff a0 9a 83 7c - 20 b7 80 7c 00 00 00 00 .......| ..|....
000000000241ffec 00 00 00 00 00 00 00 00 - 7d 79 92 7c 00 00 00 00 ........}y.|....
000000000241fffc 00 00 00 00 c8 00 00 00 - eb 01 00 00 ff ee ff ee ................
000000000242000c 02 10 00 00 00 00 00 00 - 00 fe 00 00 00 00 10 00 ................
000000000242001c 00 20 00 00 00 02 00 00 - 00 20 00 00 2f 02 00 00 . ....... ../...
000000000242002c ff ef fd 7f 11 00 08 06 - 00 00 00 00 00 00 00 00 ................
000000000242003c 00 00 00 00 00 00 00 00 - 98 05 42 02 0f 00 00 00 ..........B.....
000000000242004c f8 ff ff ff 50 00 42 02 - 50 00 42 02 40 06 42 02 ....P.B.P.B.@.B.
000000000242005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000242006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000242007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000242008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000242009c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000024200ac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000024200bc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000024200cc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Scarico dello stato per l'id del thread 0x704 <----*

eax=000000c0 ebx=00000000 ecx=0239fb00 edx=00000000 esi=00000000 edi=00000001
eip=7c90e514 esp=0249fcec ebp=0249ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

funzione: ntdll!KiFastSystemCallRet
7c90e4fa e829000000 call ntdll!RtlRaiseException (7c90e528)
7c90e4ff 8b0424 mov eax,[esp]
7c90e502 8be5 mov esp,ebp
7c90e504 5d pop ebp
7c90e505 c3 ret
7c90e506 8da42400000000 lea esp,[esp]
7c90e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c90e510 8bd4 mov edx,esp
7c90e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c90e514 c3 ret
7c90e515 8da42400000000 lea esp,[esp]
7c90e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c90e520 8d542408 lea edx,[esp+0x8]
7c90e524 cd2e int 2e
7c90e526 c3 ret
7c90e527 90 nop
ntdll!RtlRaiseException:
7c90e528 55 push ebp
7c90e529 8bec mov ebp,esp

*----> Back Trace dello stack <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0249ffb4 7c80b713 00000000 00000020 0239fce4 ntdll!KiFastSystemCallRet
0249ffec 00000000 7c928c8f 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Scarico Raw Stack <----*
000000000249fcec 4a df 90 7c b6 8d 92 7c - 03 00 00 00 30 fd 49 02 J..|...|....0.I.
000000000249fcfc 01 00 00 00 01 00 00 00 - 00 00 00 00 20 00 00 00 ............ ...
000000000249fd0c e4 fc 39 02 00 00 00 00 - 80 f9 97 7c 80 f9 97 7c ..9........|...|
000000000249fd1c dc 02 00 00 04 07 00 00 - 03 00 00 00 03 00 00 00 ................
000000000249fd2c 02 00 00 00 d8 02 00 00 - c0 02 00 00 f4 04 00 00 ................
000000000249fd3c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000249fd4c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000249fd5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000249fd6c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000249fd7c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000249fd8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000249fd9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000249fdac 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000249fdbc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000249fdcc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000249fddc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000249fdec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000249fdfc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000249fe0c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000249fe1c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Scarico dello stato per l'id del thread 0x708 <----*

eax=02300010 ebx=0016f598 ecx=00008000 edx=7c90e514 esi=00000000 edi=7ffde000
eip=7c90e514 esp=0251fd30 ebp=0251fdcc iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

funzione: ntdll!KiFastSystemCallRet
7c90e4fa e829000000 call ntdll!RtlRaiseException (7c90e528)
7c90e4ff 8b0424 mov eax,[esp]
7c90e502 8be5 mov esp,ebp
7c90e504 5d pop ebp
7c90e505 c3 ret
7c90e506 8da42400000000 lea esp,[esp]
7c90e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c90e510 8bd4 mov edx,esp
7c90e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c90e514 c3 ret
7c90e515 8da42400000000 lea esp,[esp]
7c90e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c90e520 8d542408 lea edx,[esp+0x8]
7c90e524 cd2e int 2e
7c90e526 c3 ret
7c90e527 90 nop
ntdll!RtlRaiseException:
7c90e528 55 push ebp
7c90e529 8bec mov ebp,esp

*----> Back Trace dello stack <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0251fdcc 7e4195f9 00000009 0251fdf4 00000000 ntdll!KiFastSystemCallRet
0251fe28 7c9f3ad8 00000008 0251fe50 ffffffff USER32!GetLastInputInfo+0x105
0251ff4c 7ca0c5dc 77f76f42 00000000 7c8099ea SHELL32!Shell_GetCachedImageIndex+0x450
0251ffb4 7c80b713 00000000 7c8099ea 00000001 SHELL32!Ordinal753+0x133
0251ffec 00000000 77f76ed3 0239f4d4 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Scarico Raw Stack <----*
000000000251fd30 4a df 90 7c 74 95 80 7c - 09 00 00 00 98 f5 16 00 J..|t..|........
000000000251fd40 01 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000251fd50 09 00 00 00 02 00 00 00 - 30 12 59 00 14 00 00 00 ........0.Y.....
000000000251fd60 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................
000000000251fd70 00 00 00 00 30 00 00 00 - 14 00 00 00 01 00 00 00 ....0...........
000000000251fd80 c8 45 0e 00 00 00 00 00 - 00 00 00 00 ec fd 51 02 .E............Q.
000000000251fd90 8f 04 44 7e 30 88 41 7e - 00 e0 fd 7f 00 50 fd 7f ..D~0.A~.....P..
000000000251fda0 00 50 fd 7f 00 00 00 00 - 98 f5 16 00 86 00 01 00 .P..............
000000000251fdb0 09 00 00 00 4c fd 51 02 - 00 00 00 00 dc ff 51 02 ....L.Q.......Q.
000000000251fdc0 a0 9a 83 7c 68 96 80 7c - 00 00 00 00 28 fe 51 02 ...|h..|....(.Q.
000000000251fdd0 f9 95 41 7e 09 00 00 00 - f4 fd 51 02 00 00 00 00 ..A~......Q.....
000000000251fde0 ff ff ff ff 01 00 00 00 - d8 fe 10 00 08 00 00 00 ................
000000000251fdf0 00 00 00 00 c0 05 00 00 - 74 05 00 00 90 07 00 00 ........t.......
000000000251fe00 08 05 00 00 8c 04 00 00 - ec 02 00 00 18 03 00 00 ................
000000000251fe10 08 03 00 00 f0 02 00 00 - 00 00 00 00 01 00 00 00 ................
000000000251fe20 00 50 fd 7f f0 02 00 00 - 4c ff 51 02 d8 3a 9f 7c .P......L.Q..:.|
000000000251fe30 08 00 00 00 50 fe 51 02 - ff ff ff ff ff 04 00 00 ....P.Q.........
000000000251fe40 f4 fd 51 02 00 00 00 00 - 00 00 00 00 00 00 00 00 ..Q.............
000000000251fe50 c0 05 00 00 74 05 00 00 - 90 07 00 00 08 05 00 00 ....t...........
000000000251fe60 8c 04 00 00 ec 02 00 00 - 18 03 00 00 08 03 00 00 ................

*----> Scarico dello stato per l'id del thread 0x1cc <----*

eax=00000000 ebx=00000000 ecx=013df508 edx=7c90e514 esi=00000000 edi=00000000
eip=7c90e514 esp=013df508 ebp=013df568 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

funzione: ntdll!KiFastSystemCallRet
7c90e4fa e829000000 call ntdll!RtlRaiseException (7c90e528)
7c90e4ff 8b0424 mov eax,[esp]
7c90e502 8be5 mov esp,ebp
7c90e504 5d pop ebp
7c90e505 c3 ret
7c90e506 8da42400000000 lea esp,[esp]
7c90e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c90e510 8bd4 mov edx,esp
7c90e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c90e514 c3 ret
7c90e515 8da42400000000 lea esp,[esp]
7c90e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c90e520 8d542408 lea edx,[esp+0x8]
7c90e524 cd2e int 2e
7c90e526 c3 ret
7c90e527 90 nop
ntdll!RtlRaiseException:
7c90e528 55 push ebp
7c90e529 8bec mov ebp,esp

*----> Back Trace dello stack <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for E:\WINDOWS\system32\iphlpapi.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for E:\WINDOWS\system32\NETSHELL.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for E:\WINDOWS\system32\stobject.dll -
ChildEBP RetAddr Args to Child
013df568 76d62bea 00000588 00120003 013df6d4 ntdll!KiFastSystemCallRet
013df5c4 76d62f5d 00000006 00000000 013df6d4 iphlpapi!GetAdapterOrderMap+0x31b
013df834 76d635a5 013df8dc 0010ba50 00000000 iphlpapi!GetUniDirectionalAdapterInfo+0x245
013df86c 76d660bf 02e43820 0010ba50 00000000 iphlpapi!GetUniDirectionalAdapterInfo+0x88d
013df8c0 764422cd 00000000 013df8dc 000019fe iphlpapi!GetAdaptersInfo+0x6e
013dfb40 7645f00c 0010ba50 02e43820 013dfc08 NETSHELL!NetSetupSetProgressCallback+0x1891a
013dfbc8 7646072a 013dfbe4 00000001 0015b018 NETSHELL!NetSetupSetProgressCallback+0x35659
013dfbec 7645d144 0010ba18 013dfc08 013dfc8c NETSHELL!NetSetupSetProgressCallback+0x36d77
013dfc10 7645e121 00d895ec 7645e0eb 000cde28 NETSHELL!NetSetupSetProgressCallback+0x33791
013dfc24 7e418734 00000000 00000113 00007fbe NETSHELL!NetSetupSetProgressCallback+0x3476e
013dfc50 7e419857 7645e0eb 00000000 00000113 USER32!GetDC+0x6d
013dfcb8 7e419791 00000000 7645e0eb 00000000 USER32!IsChild+0x149
013dfd10 7e418a10 013dfd68 00000000 013dfd8c USER32!IsChild+0x83
013dfd20 762815ac 013dfd68 00000000 76280000 USER32!DispatchMessageW+0xf
013dfd8c 7628362e 76280000 00000000 00020188 stobject+0x15ac
013dffb4 7c80b713 00000000 00000000 00000000 stobject!DllCanUnloadNow+0x19e4
013dffec 00000000 762835df 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Scarico Raw Stack <----*
00000000013df508 8a d2 90 7c 75 16 80 7c - 88 05 00 00 00 00 00 00 ...|u..|........
00000000013df518 00 00 00 00 00 00 00 00 - 44 f5 3d 01 03 00 12 00 ........D.=.....
00000000013df528 d4 f6 3d 01 24 00 00 00 - 4c f7 3d 01 e1 00 00 00 ..=.$...L.=.....
00000000013df538 00 00 00 00 48 f7 3d 01 - 00 00 00 00 00 00 00 00 ....H.=.........
00000000013df548 04 00 00 00 a8 f4 3d 01 - 38 f5 3d 01 9c f5 3d 01 ......=.8.=...=.
00000000013df558 b0 f8 3d 01 a0 9a 83 7c - 40 0b 81 7c ff ff ff ff ..=....|@..|....
00000000013df568 c4 f5 3d 01 ea 2b d6 76 - 88 05 00 00 03 00 12 00 ..=..+.v........
00000000013df578 d4 f6 3d 01 24 00 00 00 - 4c f7 3d 01 e1 00 00 00 ..=.$...L.=.....
00000000013df588 d0 f5 3d 01 00 00 00 00 - e8 f6 3d 01 1c f7 3d 01 ..=.......=...=.
00000000013df598 00 00 00 00 b0 f8 3d 01 - a0 9a 83 7c 00 9a 80 7c ......=....|...|
00000000013df5a8 ff ff ff ff fd 99 80 7c - 5d 2a d6 76 78 15 13 00 .......|]*.vx...
00000000013df5b8 98 31 e2 02 b8 f3 17 00 - 00 00 00 00 34 f8 3d 01 .1..........4.=.
00000000013df5c8 5d 2f d6 76 06 00 00 00 - 00 00 00 00 d4 f6 3d 01 ]/.v..........=.
00000000013df5d8 40 f7 3d 01 4c f7 3d 01 - 48 f7 3d 01 98 31 e2 02 @.=.L.=.H.=..1..
00000000013df5e8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000013df5f8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000013df608 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000013df618 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000013df628 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000013df638 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Scarico dello stato per l'id del thread 0xf24 <----*

eax=00000000 ebx=00000000 ecx=000a7090 edx=0406fe10 esi=000dd6a0 edi=00000100
eip=7c90e514 esp=0406fe18 ebp=0406ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

funzione: ntdll!KiFastSystemCallRet
7c90e4fa e829000000 call ntdll!RtlRaiseException (7c90e528)
7c90e4ff 8b0424 mov eax,[esp]
7c90e502 8be5 mov esp,ebp
7c90e504 5d pop ebp
7c90e505 c3 ret
7c90e506 8da42400000000 lea esp,[esp]
7c90e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c90e510 8bd4 mov edx,esp
7c90e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c90e514 c3 ret
7c90e515 8da42400000000 lea esp,[esp]
7c90e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c90e520 8d542408 lea edx,[esp+0x8]
7c90e524 cd2e int 2e
7c90e526 c3 ret
7c90e527 90 nop
ntdll!RtlRaiseException:
7c90e528 55 push ebp
7c90e529 8bec mov ebp,esp

*----> Back Trace dello stack <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for E:\WINDOWS\system32\RPCRT4.dll -
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0406ff80 77e76caf 0406ffa8 77e76ad1 000dd6a0 ntdll!KiFastSystemCallRet
0406ff88 77e76ad1 000dd6a0 000e000d 1003468c RPCRT4!I_RpcBCacheFree+0x61c
0406ffa8 77e76c97 000a6de8 0406ffec 7c80b713 RPCRT4!I_RpcBCacheFree+0x43e
0406ffb4 7c80b713 02de8d38 000e000d 1003468c RPCRT4!I_RpcBCacheFree+0x604
0406ffec 00000000 77e76c7d 02de8d38 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Scarico Raw Stack <----*
000000000406fe18 aa da 90 7c e3 65 e7 77 - 5c 02 00 00 74 ff 06 04 ...|.e.w\...t...
000000000406fe28 00 00 00 00 a8 97 16 00 - 50 ff 06 04 c0 7e 00 c0 ........P....~..
000000000406fe38 00 00 00 00 00 ff fa 01 - c6 97 06 00 90 6a a2 81 .............j..
000000000406fe48 00 00 00 00 9c 36 50 c0 - 02 37 a3 89 00 00 00 00 .....6P..7......
000000000406fe58 6c 5b 2b b3 56 11 4f 80 - 40 f5 df ff 02 ff 1f c0 l[+.V.O.@.......
000000000406fe68 3e 82 4e 80 0e 00 00 00 - 98 5b 2b b3 70 ff 1f c0 >.N......[+.p...
000000000406fe78 78 5b 2b b3 f3 a9 4e 80 - 00 b0 fd 7f 01 00 00 00 x[+...N.........
000000000406fe88 00 00 00 00 6c ff 1f c0 - 00 00 00 00 fc 07 30 c0 ....l.........0.
000000000406fe98 30 5c 2b b3 9a 12 4f 80 - 98 5b 2b b3 00 00 00 00 0\+...O..[+.....
000000000406fea8 00 00 00 00 d0 e9 22 89 - 08 35 a3 89 01 35 a3 89 ......"..5...5..
000000000406feb8 00 00 00 00 6c ff 1f c0 - 00 00 00 00 b9 17 55 80 ....l.........U.
000000000406fec8 ff ff da 01 00 00 20 00 - af 1d 00 00 d4 35 a3 89 ...... ......5..
000000000406fed8 08 35 a3 89 50 d8 ba 89 - 00 00 00 00 00 00 db 01 .5..P...........
000000000406fee8 4c 5b 2b b3 00 00 00 00 - 1f 00 00 00 40 f5 71 f7 L[+.........@.q.
000000000406fef8 34 ca 4d 80 ff ff ff ff - 46 02 00 00 4d c8 4d 80 4.M.....F...M.M.
000000000406ff08 28 5c 2b b3 08 fb d8 88 - 20 f1 71 f7 a4 fc d8 88 (\+..... .q.....
000000000406ff18 e8 1b 4e 80 78 fb d8 88 - 08 fb d8 88 1e 1c 4e 80 ..N.x.........N.
000000000406ff28 74 fc d8 88 80 ff 06 04 - ae df e7 77 48 ff 06 04 t..........wH...
000000000406ff38 be df e7 77 e0 10 90 7c - b0 c5 0b 00 38 8d de 02 ...w...|....8...
000000000406ff48 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> Scarico dello stato per l'id del thread 0xb3c <----*

eax=00000102 ebx=00000000 ecx=0141fe18 edx=7c90e514 esi=000dd6a0 edi=00000100
eip=7c90e514 esp=0141fe18 ebp=0141ff80 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

funzione: ntdll!KiFastSystemCallRet
7c90e4fa e829000000 call ntdll!RtlRaiseException (7c90e528)
7c90e4ff 8b0424 mov eax,[esp]
7c90e502 8be5 mov esp,ebp
7c90e504 5d pop ebp
7c90e505 c3 ret
7c90e506 8da42400000000 lea esp,[esp]
7c90e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c90e510 8bd4 mov edx,esp
7c90e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c90e514 c3 ret
7c90e515 8da42400000000 lea esp,[esp]
7c90e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c90e520 8d542408 lea edx,[esp+0x8]
7c90e524 cd2e int 2e
7c90e526 c3 ret
7c90e527 90 nop
ntdll!RtlRaiseException:
7c90e528 55 push ebp
7c90e529 8bec mov ebp,esp

*----> Back Trace dello stack <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0141ff80 77e76caf 0141ffa8 77e76ad1 000dd6a0 ntdll!KiFastSystemCallRet
0141ff88 77e76ad1 000dd6a0 000e000d 1003468c RPCRT4!I_RpcBCacheFree+0x61c
0141ffa8 77e76c97 000a6de8 0141ffec 7c80b713 RPCRT4!I_RpcBCacheFree+0x43e
0141ffb4 7c80b713 000cb568 000e000d 1003468c RPCRT4!I_RpcBCacheFree+0x604
0141ffec 00000000 77e76c7d 000cb568 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Scarico Raw Stack <----*
000000000141fe18 aa da 90 7c e3 65 e7 77 - 5c 02 00 00 74 ff 41 01 ...|.e.w\...t.A.
000000000141fe28 00 00 00 00 78 a7 16 00 - 50 ff 41 01 80 a9 bf 89 ....x...P.A.....
000000000141fe38 34 bb b4 b4 34 bb b4 b4 - 00 00 00 00 05 c6 4d 80 4...4.........M.
000000000141fe48 48 7f 02 89 03 00 00 00 - 02 a9 bf 89 00 00 00 00 H...............
000000000141fe58 04 00 00 00 5c fe 31 02 - 48 bd b4 b4 e0 3e 57 80 ....\.1.H....>W.
000000000141fe68 5c fe 31 02 0c 00 00 00 - 70 3f 57 80 64 bd b4 b4 \.1.....p?W.d...
000000000141fe78 5c fe 31 02 a7 3e 57 80 - 00 00 00 00 00 00 00 00 \.1..>W.........
000000000141fe88 00 00 00 00 68 cc 6c e2 - 9c bb b4 b4 4b fc 56 80 ....h.l.....K.V.
000000000141fe98 68 cc 6c e2 58 05 00 00 - 48 7f 02 89 68 cc 6c e2 h.l.X...H...h.l.
000000000141fea8 80 a9 bf 89 58 05 00 00 - 00 00 00 00 b0 3a fd e1 ....X........:..
000000000141feb8 b8 bb b4 b4 3b fd 56 80 - 68 cc 6c e2 b0 3a fd e1 ....;.V.h.l..:..
000000000141fec8 48 7f 02 89 03 00 10 00 - 80 a9 bf 89 58 05 00 00 H...........X...
000000000141fed8 fc bb b4 b4 1f cb 57 80 - 68 cc 6c e2 ec bb b4 b4 ......W.h.l.....
000000000141fee8 00 00 00 00 68 65 e0 88 - 00 00 00 00 6e 3f da 20 ....he......n?.
000000000141fef8 4c 6c ca 01 00 bb b4 b4 - 00 00 00 00 00 00 00 00 Ll..............
000000000141ff08 0f 00 00 00 48 7f 02 89 - 03 00 10 00 68 cc 6c e2 ....H.......h.l.
000000000141ff18 38 f5 71 f7 66 c7 4d 80 - 00 86 f6 88 2f c5 4d 80 8.q.f.M...../.M.
000000000141ff28 74 87 f6 88 80 ff 41 01 - ae df e7 77 48 ff 41 01 t.....A....wH.A.
000000000141ff38 be df e7 77 e0 10 90 7c - d8 35 e0 02 68 b5 0c 00 ...w...|.5..h...
000000000141ff48 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

*----> Scarico dello stato per l'id del thread 0xd48 <----*

eax=7c914a44 ebx=00000000 ecx=00000007 edx=00000002 esi=7c97e420 edi=7c97e440
eip=7c90e514 esp=0324ff70 ebp=0324ffb4 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286

funzione: ntdll!KiFastSystemCallRet
7c90e4fa e829000000 call ntdll!RtlRaiseException (7c90e528)
7c90e4ff 8b0424 mov eax,[esp]
7c90e502 8be5 mov esp,ebp
7c90e504 5d pop ebp
7c90e505 c3 ret
7c90e506 8da42400000000 lea esp,[esp]
7c90e50d 8d4900 lea ecx,[ecx]
ntdll!KiFastSystemCall:
7c90e510 8bd4 mov edx,esp
7c90e512 0f34 sysenter
ntdll!KiFastSystemCallRet:
7c90e514 c3 ret
7c90e515 8da42400000000 lea esp,[esp]
7c90e51c 8d642400 lea esp,[esp]
ntdll!KiIntSystemCall:
7c90e520 8d542408 lea edx,[esp+0x8]
7c90e524 cd2e int 2e
7c90e526 c3 ret
7c90e527 90 nop
ntdll!RtlRaiseException:
7c90e528 55 push ebp
7c90e529 8bec mov ebp,esp

*----> Back Trace dello stack <----*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
0324ffb4 7c80b713 00000000 0239f6cc 0239f6cc ntdll!KiFastSystemCallRet
0324ffec 00000000 7c910250 00000000 00000000 kernel32!GetModuleFileNameA+0x1b4

*----> Scarico Raw Stack <----*
000000000324ff70 4a da 90 7c 8d 02 91 7c - d4 02 00 00 ac ff 24 03 J..|...|......$.
000000000324ff80 b0 ff 24 03 98 ff 24 03 - a0 ff 24 03 cc f6 39 02 ..$...$...$...9.
000000000324ff90 cc f6 39 02 00 00 00 00 - 00 00 00 00 18 17 df 02 ..9.............
000000000324ffa0 00 7c 28 e8 ff ff ff ff - a0 1c 2a b3 59 75 92 7c .|(.......*.Yu.|
000000000324ffb0 58 48 e0 02 ec ff 24 03 - 13 b7 80 7c 00 00 00 00 XH....$....|....
000000000324ffc0 cc f6 39 02 cc f6 39 02 - 00 00 00 00 00 a0 fd 7f ..9...9.........
000000000324ffd0 00 56 bf 89 c0 ff 24 03 - 18 52 06 89 ff ff ff ff .V....$..R......
000000000324ffe0 a0 9a 83 7c 20 b7 80 7c - 00 00 00 00 00 00 00 00 ...| ..|........
000000000324fff0 00 00 00 00 50 02 91 7c - 00 00 00 00 00 00 00 00 ....P..|........
0000000003250000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003250010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003250020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003250030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003250040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003250050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003250060 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003250070 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003250080 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003250090 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000032500a0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Scarico dello stato per l'id del thread 0x25c <----*

eax=00000000 ebx=00000000 ecx=ffffffff edx=00000000 esi=0014dd28 edi=7e41945d
eip=755d6a95 esp=00e6e840 ebp=00e6e874 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** ERROR: Symbol file could not be found. Defaulted to export symbols for E:\WINDOWS\system32\msctfime.ime -
funzione: msctfime!CtfImeDispatchDefImeMessage
755d6a7d 45 inc ebp
755d6a7e 148b adc al,0x8b
755d6a80 4d dec ebp
755d6a81 f8 clc
755d6a82 53 push ebx
755d6a83 56 push esi
755d6a84 898184010000 mov [ecx+0x184],eax
755d6a8a e89cebffff call msctfime!CtfImeDispatchDefImeMessage+0x1dd8 (755d562b)
755d6a8f 8b4510 mov eax,[ebp+0x10]
755d6a92 8b4df8 mov ecx,[ebp-0x8]
FAULT ->755d6a95 898188010000 mov [ecx+0x188],eax ds:0023:00000187=????????
755d6a9b 8b45fc mov eax,[ebp-0x4]
755d6a9e 5f pop edi
755d6a9f 5e pop esi
755d6aa0 5b pop ebx
755d6aa1 c9 leave
755d6aa2 c21000 ret 0x10
755d6aa5 cc int 3
755d6aa6 cc int 3
755d6aa7 cc int 3
755d6aa8 cc int 3

*----> Back Trace dello stack <----*

katoble
24-11-2009, 11:00
up

katoble
25-11-2009, 08:29
up