Official BS.Player forums

Official BS.Player forums (http://forum.bsplayer.com/index.php)
-   Bug Reports And Codecs (http://forum.bsplayer.com/forumdisplay.php?f=10)
-   -   Version 1.00 RC1 Build 800 freeze explorer win2k (http://forum.bsplayer.com/showthread.php?t=3006)

onthewayhome 12th November 2003 12:06 AM

Version 1.00 RC1 Build 800 freeze explorer win2k
 
ok. after install, when trying open control panel of an win2k sp4 (all win update) explorer freeze. uninstall apears don't help.

i forget, sorry: win2k language: brazilian portuguese.

log:
Exce?§Ä?o de aplicativo:
Aplicativo: explorer.exe (pid=1232)
Data e hora: 11/11/2003 ?•s 20:36:56.750
N??mero da exce?§Ä?o: c0000005 (viola?§Ä?o de acesso)

*----> Informa?§Ä?o do sistema <----*
Nome do computador: ONTHEWAYHOME
Nome de usu??rio: Administrador
N??mero de processadores: 1
Tipo de processador: x86 Family 6 Model 8 Stepping 1
VersÄ?o do Windows 2000: 5.0
VersÄ?o atual: 2195
Service Pack: 4
Tipo atual: Uniprocessor Free
Empresa registrada:
Propriet??rio registrado:

*----> Lista de tarefas <----*
0 Idle.exe
8 System.exe
156 smss.exe
180 csrss.exe
200 WINLOGON.exe
228 services.exe
240 lsass.exe
420 svchost.exe
448 SPOOLSV.exe
476 CCEVTMGR.exe
576 mainserv.exe
596 svchost.exe
624 mdm.exe
668 NAVAPSVC.exe
704 NPROTECT.exe
756 nvsvc32.exe
788 regsvc.exe
852 mstask.exe
896 winmgmt.exe
940 svchost.exe
1136 sm56hlpr.exe
1168 ccApp.exe
1204 SOUNDMAN.exe
1208 rundll32.exe
1276 apcsystray.exe
628 svchost.exe
1232 explorer.exe
1040 drwtsn32.exe
0 _Total.exe

(00400000 - 0043E000)
(78460000 - 784DF000)
(792D0000 - 79332000)
(79720000 - 797DA000)
(77120000 - 7718E000)
(77F40000 - 77F79000)
(77E10000 - 77E6F000)
(63180000 - 631E5000)
(78000000 - 78045000)
(71710000 - 71794000)
(77890000 - 778B5000)
(23000000 - 23056000)
(77590000 - 777DD000)
(77A50000 - 77B3C000)
(72CA0000 - 72D26000)
(779B0000 - 77A4B000)
(77850000 - 7788E000)
(770A0000 - 770C3000)
(00DD0000 - 00F19000)
(71160000 - 7125D000)
(790D0000 - 79132000)
(00FF0000 - 01001000)
(76DD0000 - 76DE1000)
(76F80000 - 76F8F000)
(773C0000 - 773D5000)
(75120000 - 7516F000)
(793B0000 - 793BF000)
(75170000 - 75176000)
(75100000 - 7510F000)
(74FE0000 - 74FF4000)
(74FD0000 - 74FD8000)
(77950000 - 7797B000)
(77980000 - 779A4000)
(75000000 - 75009000)
(75110000 - 7511C000)
(751C0000 - 751D5000)
(75180000 - 751B8000)
(76F00000 - 76F78000)
(70340000 - 70382000)
(766A0000 - 766B8000)
(76710000 - 76718000)
(783C0000 - 78450000)
(766C0000 - 766C7000)
(77550000 - 77581000)
(68070000 - 68077000)
(66600000 - 66607000)
(77090000 - 77097000)
(01440000 - 01644000)
(76260000 - 7629D000)
(74130000 - 74194000)
(51980000 - 5198A000)
(71960000 - 71973000)
(70200000 - 70296000)
(77420000 - 77499000)
(77410000 - 77420000)
(1A400000 - 1A479000)
(77820000 - 77827000)
(75980000 - 75986000)
(70440000 - 704CF000)
(63580000 - 63830000)
(51080000 - 510DA000)
(77540000 - 77548000)
(773E0000 - 773E8000)
(773F0000 - 77403000)
(75E30000 - 75E4A000)
(76900000 - 7692B000)
(77920000 - 77943000)
(718C0000 - 71948000)
(60280000 - 602AB000)
(60000000 - 60045000)
(32520000 - 32532000)
(10000000 - 1001B000)
(02530000 - 0254E000)
(7CA00000 - 7CA23000)
(759F0000 - 759FE000)
(6B700000 - 6B790000)
(657A0000 - 658B4000)
(75A90000 - 75AB8000)
(02AD0000 - 034CB000)
(77800000 - 7781E000)
(038E0000 - 038FE000)
(03910000 - 03916000)
(64ED0000 - 64EEC000)
(03920000 - 03933000)
(03950000 - 0398C000)

Despejo de estado para o identificador do segmento 0x4d4

eax=0006f61c ebx=00000001 ecx=0b010101 edx=00000000 esi=00094630 edi=00000000
eip=77e5868b esp=0006ff00 ebp=0006ff1c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246


fun?§Ä?o: WaitMessage
77e58680 b836120000 mov eax,0x1236
77e58685 8d542404 lea edx,[esp+0x4] ss:00ae9de7=????????
77e58689 cd2e int 2e
77e5868b c3 ret

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
0006FF1C 775BADBB 00000000 004084C4 00094630 00000000 user32!WaitMessage
0006FF60 00408201 0000005C 00000000 000205BE 00000005 shell32!Ordinal201
0006FFC0 797487E7 00000000 00000000 7FFDF000 00000000 explorer!<nosymbols>
0006FFF0 00000000 00408188 00000000 000000C8 00000100 kernel32!ProcessIdToSessionId

*----> Despejo simplificado da pilha<----*
0006ff00 41 ae 5b 77 f9 ed 72 79 - 30 46 09 00 01 00 00 00 A.[w..ry0F......
0006ff10 30 46 09 00 30 46 09 00 - 60 ff 06 00 60 ff 06 00 0F..0F..`...`...
0006ff20 bb ad 5b 77 00 00 00 00 - c4 84 40 00 30 46 09 00 ..[w......@.0F..
0006ff30 00 00 00 00 be 05 02 00 - 00 f0 fd 7f b0 41 21 81 .............A!.
0006ff40 f2 51 73 79 ff ff ff ff - 0c 00 00 00 be 05 02 00 .Qsy............
0006ff50 3b 52 73 79 02 00 00 00 - 66 73 67 00 e0 ff 06 00 ;Rsy....fsg.....
0006ff60 c0 ff 06 00 01 82 40 00 - 5c 00 00 00 00 00 00 00 ......@.\.......
0006ff70 be 05 02 00 05 00 00 00 - 00 00 00 00 44 00 00 00 ............D...
0006ff80 38 61 07 00 20 56 07 00 - 58 61 07 00 00 00 00 00 8a.. V..Xa......
0006ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 2a 00 00 00 ............*...
0006ffa0 00 00 00 00 ea f1 06 00 - 01 00 00 00 05 00 00 00 ................
0006ffb0 00 00 00 00 ff ff ff ff - ff ff ff ff ff ff ff ff ................
0006ffc0 f0 ff 06 00 e7 87 74 79 - 00 00 00 00 00 00 00 00 ......ty........
0006ffd0 00 f0 fd 7f 00 00 00 00 - c8 ff 06 00 00 00 00 00 ................
0006ffe0 ff ff ff ff b4 1b 77 79 - 00 2b 72 79 00 00 00 00 ......wy.+ry....
0006fff0 00 00 00 00 00 00 00 00 - 88 81 40 00 00 00 00 00 ..........@.....
00070000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 00 00 00 ................
00070010 00 00 00 00 00 fe 00 00 - 00 00 20 00 00 20 00 00 .......... .. ..
00070020 00 02 00 00 00 20 00 00 - b3 49 00 00 ff ef fd 7f ..... ...I......
00070030 01 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

Despejo de estado para o identificador do segmento 0x1ac

eax=00082d10 ebx=00000000 ecx=00082c18 edx=00000000 esi=00084f10 edi=00000100
eip=784639c7 esp=00d8fe28 ebp=00d8ff74 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206


fun?§Ä?o: NtReplyWaitReceivePortEx
784639bc b8ac000000 mov eax,0xac
784639c1 8d542404 lea edx,[esp+0x4] ss:01809d0f=0d39393d
784639c5 cd2e int 2e
784639c7 c21400 ret 0x14
784639ca 8b4710 mov eax,[edi+0x10] ds:00a79fe6=????????
784639cd 8b483c mov ecx,[eax+0x3c] ds:00afcbf6=????????
784639d0 f6400801 test byte ptr [eax+0x8],0x1 ds:00afcbf6=??
784639d4 7502 jnz RtlCreateProcessParameters+0xd (78463cd8)
784639d6 03c8 add ecx,eax
784639d8 894de4 mov [ebp+0xe4],ecx ss:01809e5a=2d706565
784639db 8b4710 mov eax,[edi+0x10] ds:00a79fe6=????????
784639de 668b4038 mov ax,[eax+0x38] ds:00afcbf7=????
784639e2 668945e0 mov [ebp+0xe0],ax ss:01809e5b=7065
784639e6 668945e2 mov [ebp+0xe2],ax ss:01809e5b=7065
784639ea 53 push ebx

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
00D8FF74 77146D9E 77129AD0 00084F10 400849B8 00000070 ntdll!NtReplyWaitReceivePortEx
00D8FFA8 77131C6C 000792B0 00D8FFEC 7972B382 00084E10 rpcrt4!TowerConstruct
00D8FFB4 7972B382 00084E10 400849B8 00000070 00084E10 rpcrt4!I_RpcServerInqTransportType
00D8FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW

Despejo de estado para o identificador do segmento 0x13c

eax=77a50000 ebx=00000102 ecx=00087ed8 edx=00000000 esi=78469153 edi=00dcff74
eip=7846915e esp=00dcff60 ebp=00dcff7c iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206


fun?§Ä?o: ZwDelayExecution
78469153 b832000000 mov eax,0x32
78469158 8d542404 lea edx,[esp+0x4] ss:01849e47=0d726f64
7846915c cd2e int 2e
7846915e c20800 ret 0x8

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
00DCFF7C 7974A0B8 0000EA60 00000000 77AB85FC 0000EA60 ntdll!ZwDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep

*----> Despejo simplificado da pilha<----*
00dcff60 ed a0 74 79 00 00 00 00 - 74 ff dc 00 1d 9e 74 79 ..ty....t.....ty
00dcff70 d8 7e 08 00 00 ba 3c dc - ff ff ff ff 30 75 00 00 .~....<.....0u..
00dcff80 b8 a0 74 79 60 ea 00 00 - 00 00 00 00 fc 85 ab 77 ..ty`..........w
00dcff90 60 ea 00 00 fb 46 ab 77 - 00 00 00 00 00 00 a5 77 `....F.w.......w
00dcffa0 d8 7e 08 00 ec ff dc 00 - d8 7e 08 00 53 46 ab 77 .~.......~..SF.w
00dcffb0 d8 7a a6 77 c3 7a a6 77 - 82 b3 72 79 d8 7e 08 00 .z.w.z.w..ry.~..
00dcffc0 d8 7a a6 77 c3 7a a6 77 - d8 7e 08 00 00 c0 fd 7f .z.w.z.w.~......
00dcffd0 18 3f 08 00 c0 ff dc 00 - 18 3f 08 00 ff ff ff ff .?.......?......
00dcffe0 b4 1b 77 79 f0 2a 72 79 - 00 00 00 00 00 00 00 00 ..wy.*ry........
00dcfff0 00 00 00 00 39 46 ab 77 - d8 7e 08 00 00 00 00 00 ....9F.w.~......
00dd0000 4d 5a 90 00 03 00 00 00 - 04 00 00 00 ff ff 00 00 MZ..............
00dd0010 b8 00 00 00 00 00 00 00 - 40 00 00 00 00 00 00 00 ........@.......
00dd0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00dd0030 00 00 00 00 00 00 00 00 - 00 00 00 00 f8 00 00 00 ................
00dd0040 0e 1f ba 0e 00 b4 09 cd - 21 b8 01 4c cd 21 54 68 ........!..L.!Th
00dd0050 69 73 20 70 72 6f 67 72 - 61 6d 20 63 61 6e 6e 6f is program canno
00dd0060 74 20 62 65 20 72 75 6e - 20 69 6e 20 44 4f 53 20 t be run in DOS
00dd0070 6d 6f 64 65 2e 0d 0d 0a - 24 00 00 00 00 00 00 00 mode....$.......
00dd0080 03 0c cf 20 47 6d a1 73 - 47 6d a1 73 47 6d a1 73 ... Gm.sGm.sGm.s
00dd0090 8d 4e 86 73 42 6d a1 73 - 47 6d a0 73 f8 6e a1 73 .N.sBm.sGm.s.n.s

Despejo de estado para o identificador do segmento 0x21c

eax=0000001c ebx=00000000 ecx=00f5ff08 edx=00000000 esi=00000000 edi=00000000
eip=77e5868b esp=00f5ff2c ebp=00f5ff4c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246


fun?§Ä?o: WaitMessage
77e58680 b836120000 mov eax,0x1236
77e58685 8d542404 lea edx,[esp+0x4] ss:019d9e13=????????
77e58689 cd2e int 2e
77e5868b c3 ret

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
00F5FF4C 0040A389 631BC487 00400000 0035002D 0032002D user32!WaitMessage
00F5FFB4 7972B382 00000000 0035002D 0032002D 0006FEE0 explorer!<nosymbols>
00F5FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW

Despejo de estado para o identificador do segmento 0x3f8

eax=00000000 ebx=00000007 ecx=000ae448 edx=00000000 esi=78473233 edi=00000007
eip=7847323e esp=00fafd98 ebp=00fafde4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246


fun?§Ä?o: NtWaitForMultipleObjects
78473233 b8e9000000 mov eax,0xe9
78473238 8d542404 lea edx,[esp+0x4] ss:01a29c7f=????????
7847323c cd2e int 2e
7847323e c21400 ret 0x14

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
00FAFDE4 77E1E9FB 00FAFDBC 00000001 00000000 00FAFDDC ntdll!NtWaitForMultipleObjects
00FAFE40 77E1EA48 00FAFE0C 00FAFEB8 000007D0 000000FF user32!MsgWaitForMultipleObjectsEx
00FAFE5C 775B9390 00000006 00FAFEB8 00000000 000007D0 user32!MsgWaitForMultipleObjects
776B02B8 00000001 00000001 00000244 000001DC 00000000 shell32!Ordinal200

Despejo de estado para o identificador do segmento 0x484

eax=00000001 ebx=00000002 ecx=00000120 edx=00000000 esi=78473233 edi=00000002
eip=7847323e esp=00fefe5c ebp=00fefea8 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246


fun?§Ä?o: NtWaitForMultipleObjects
78473233 b8e9000000 mov eax,0xe9
78473238 8d542404 lea edx,[esp+0x4] ss:01a69d43=????????
7847323c cd2e int 2e
7847323e c21400 ret 0x14

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
00FEFEA8 77E1E9FB 00FEFE80 00000001 00000000 00FEFEA0 ntdll!NtWaitForMultipleObjects
00FEFF04 77E1EA48 00FEFED0 631DBB38 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx
00FEFF20 631CA7B6 00000001 631DBB38 00000000 0000EA60 user32!MsgWaitForMultipleObjects
00FEFF74 631CAB3E 00FEFFA0 00FEFFA4 00FEFFA8 00FEFF9C !Ordinal265
00FEFFAC 631CAD02 00000012 7972B382 00000000 00000000 !Ordinal293
00FEFFEC 00000000 631CACD2 00000000 00000000 00905A4D !Ordinal293

*----> Despejo simplificado da pilha<----*
00fefe5c 59 a0 74 79 02 00 00 00 - 80 fe fe 00 01 00 00 00 Y.ty............
00fefe6c 00 00 00 00 a0 fe fe 00 - 00 00 00 00 00 00 00 00 ................
00fefe7c 02 00 00 00 a4 01 00 00 - d8 01 00 00 90 4f a5 77 .............O.w
00fefe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 a0 fe fe 00 ................
00fefe9c 00 00 00 00 00 ba 3c dc - ff ff ff ff 04 ff fe 00 ......<.........
00fefeac fb e9 e1 77 80 fe fe 00 - 01 00 00 00 00 00 00 00 ...w............
00fefebc a0 fe fe 00 00 00 00 00 - 60 ea 00 00 18 bb 1d 63 ........`......c
00fefecc 00 00 00 00 a4 01 00 00 - d8 01 00 00 84 ff fe 00 ................
00fefedc 4f 7a 89 77 00 00 16 71 - 74 ff fe 00 00 00 00 00 Oz.w...qt.......
00fefeec 18 bb 1d 63 00 00 00 00 - 00 00 00 00 cc 96 fd 7f ...c............
00fefefc 00 00 00 00 d8 01 00 00 - 20 ff fe 00 48 ea e1 77 ........ ...H..w
00feff0c d0 fe fe 00 38 bb 1d 63 - 60 ea 00 00 41 00 00 00 ....8..c`...A...
00feff1c 00 00 00 00 74 ff fe 00 - b6 a7 1c 63 01 00 00 00 ....t......c....
00feff2c 38 bb 1d 63 00 00 00 00 - 60 ea 00 00 41 00 00 00 8..c....`...A...
00feff3c 00 00 00 00 18 bb 1d 63 - 00 00 00 00 00 00 00 00 .......c........
00feff4c 00 00 00 00 00 00 00 00 - f0 fe fe 00 00 9c fd 7f ................
00feff5c dc ff fe 00 b4 1b 77 79 - 10 ab 67 00 18 bb 1d 63 ......wy..g....c
00feff6c 60 ea 00 00 01 00 00 00 - ac ff fe 00 3e ab 1c 63 `...........>..c
00feff7c a0 ff fe 00 a4 ff fe 00 - a8 ff fe 00 9c ff fe 00 ................
00feff8c 60 ea 00 00 00 00 00 00 - 00 00 18 63 00 00 00 00 `..........c....

Despejo de estado para o identificador do segmento 0x2ac

eax=0104f1a4 ebx=00000000 ecx=00071378 edx=00000000 esi=776b02b8 edi=00000000
eip=78474091 esp=0104eb78 ebp=0104ebe8 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206


fun?§Ä?o: ZwWaitForSingleObject
78474086 b8ea000000 mov eax,0xea
7847408b 8d542404 lea edx,[esp+0x4] ss:01ac8a5f=????????
7847408f cd2e int 2e
78474091 c20c00 ret 0xc
78474094 8a5001 mov dl,[eax+0x1] ds:01ac908a=??
78474097 3a5101 cmp dl,[ecx+0x1] ds:00aeb25e=??
7847409a 0f8598c7ffff jne RtlEqualPrefixSid+0x44 (78470838)
784740a0 84d2 test dl,dl
784740a2 7410 jz RtlQueryAtomInAtomTable+0x31 (78474fb4)
784740a4 0fb6d2 movzx edx,dl
784740a7 33ff xor edi,edi
784740a9 8d72ff lea esi,[edx+0xff] ds:00a79ee6=????????
784740ac 85f6 test esi,esi
784740ae 0f8f04100100 jnle RtlEraseUnicodeString+0x4e (784850b8)
784740b4 b001 mov al,0x1

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
0104EBE8 784722F8 776B0200 77594B8B 776B02B8 00000000 ntdll!ZwWaitForSingleObject
0104EEC8 7759513E 0013DF45 00000000 0104F498 0104EF18 ntdll!RtlImageDirectoryEntryToData
0104EEDC 775950AB 00000000 0013DF45 00141EA8 0104EF00 shell32!Ordinal19
0104EF18 77594EFA 00141E50 00000000 0013DF45 77593458 shell32!Ordinal19
0104F154 775945E3 00141E54 00000000 00000000 77593458 shell32!Ordinal19
0104F17C 77593A6C 000EC7A8 001697F0 00000000 77593458 shell32!Ordinal19
0104F1A0 77593B21 0008DF78 0013DF2C 00000000 77593458 shell32!SHGetDesktopFolder
0104F1CC 77593A51 0013DF18 00000000 77593458 00164EE8 shell32!SHGetDesktopFolder
0104F1F0 77595516 0008BDE8 0013DF18 00000000 77593458 shell32!SHGetDesktopFolder
0104F214 77595486 0008BDE8 77593458 0013DF18 0104F498 shell32!Ordinal19
0104F234 7759545D 00000000 00142898 77593458 0104F498 shell32!Ordinal19
0104F490 775A5A7A 00000000 0104F4BC 00000000 775CD93E shell32!Ordinal19
0104F6C8 775CD8D0 0104F6F0 7759B86B 0015C3EC 0104F6F0 shell32!SHGetPathFromIDListW
0104FB5C 7759B1D3 000A2B80 0014E5C8 0015C3EC 00408178 shell32!Ordinal26
0104FB90 00408150 000A2B84 00000000 00000001 0104FBD0 shell32!SHChangeNotify
0104FBC4 004080F4 00000000 0014E5C8 775BBA57 000A0BB0 explorer!<nosymbols>
0104FF14 7759CEC7 40410177 0008FA08 00098DE8 00098DEC explorer!<nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000 shell32!Ordinal119

*----> Despejo simplificado da pilha<----*
0104eb78 87 23 47 78 dc 01 00 00 - 00 00 00 00 00 00 00 00 .#Gx............
0104eb88 00 00 00 00 b8 02 6b 77 - 50 1e 14 00 5c c3 4a 78 ......kwP...\.Jx
0104eb98 d8 0a 07 00 00 00 00 02 - d4 ed 04 01 34 00 00 c0 ............4...
0104eba8 43 00 84 00 00 00 0e 00 - 74 ec 04 01 00 00 00 00 C.......t.......
0104ebb8 c8 eb 04 01 00 00 00 00 - 4a d0 46 78 00 00 00 00 ........J.Fx....
0104ebc8 4c ec 04 01 49 20 2d 79 - 00 00 00 00 18 f1 04 01 L...I -y........
0104ebd8 00 00 00 80 62 00 00 00 - 02 00 00 00 00 00 00 00 ....b...........
0104ebe8 c8 ee 04 01 f8 22 47 78 - 00 02 6b 77 8b 4b 59 77 ....."Gx..kw.KYw
0104ebf8 b8 02 6b 77 00 00 00 00 - 45 df 13 00 fc 46 59 77 ..kw....E....FYw
0104ec08 14 ec 04 01 00 00 00 00 - 98 f4 04 01 44 00 69 00 ............D.i.
0104ec18 72 00 65 00 63 00 74 00 - 6f 00 72 00 79 00 00 00 r.e.c.t.o.r.y...
0104ec28 34 00 00 c0 00 00 00 00 - 00 00 00 00 02 00 00 00 4...............
0104ec38 00 00 00 00 01 00 00 00 - 18 00 00 00 73 00 68 00 ............s.h.
0104ec48 00 00 6c 00 07 00 00 00 - 00 00 07 00 a0 15 11 00 ..l.............
0104ec58 10 00 00 00 da a8 46 78 - dc ff 04 01 dc ff 04 01 ......Fx........
0104ec68 b4 ec 04 01 91 81 47 78 - 40 96 46 78 ff ff ff ff ......Gx@.Fx....
0104ec78 c4 ec 04 01 7d 91 72 79 - 00 00 07 00 08 00 14 00 ....}.ry........
0104ec88 08 00 00 00 40 ed 04 01 - 3c ed 04 01 00 00 00 00 ....@...<.......
0104ec98 88 81 b2 77 0d f3 73 79 - 08 00 00 00 40 ed 04 01 ...w..sy....@...
0104eca8 3c ed 04 01 8c ec 04 01 - dc ff 04 01 dc ff 04 01 <...............

Despejo de estado para o identificador do segmento 0x31c

eax=10056860 ebx=00000002 ecx=01de0690 edx=00000000 esi=78473233 edi=00000002
eip=7847323e esp=0108fe5c ebp=0108fea8 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246


fun?§Ä?o: NtWaitForMultipleObjects
78473233 b8e9000000 mov eax,0xe9
78473238 8d542404 lea edx,[esp+0x4] ss:01b09d43=????????
7847323c cd2e int 2e
7847323e c21400 ret 0x14

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
0108FEA8 77E1E9FB 0108FE80 00000001 00000000 0108FEA0 ntdll!NtWaitForMultipleObjects
0108FF04 77E1EA48 0108FED0 631DBB38 0000EA60 00000041 user32!MsgWaitForMultipleObjectsEx
0108FF20 631CA7B6 00000001 631DBB38 00000000 0000EA60 user32!MsgWaitForMultipleObjects
0108FF74 631CAB3E 0108FFA0 0108FFA4 0108FFA8 0108FF9C !Ordinal265
0108FFAC 631CAD02 00000012 7972B382 00000000 00000000 !Ordinal293
0108FFEC 00000000 631CACD2 00000000 00000000 000000C8 !Ordinal293

*----> Despejo simplificado da pilha<----*
0108fe5c 59 a0 74 79 02 00 00 00 - 80 fe 08 01 01 00 00 00 Y.ty............
0108fe6c 00 00 00 00 a0 fe 08 01 - 00 00 00 00 00 00 00 00 ................
0108fe7c 02 00 00 00 a4 01 00 00 - 40 02 00 00 90 4f a5 77 ........@....O.w
0108fe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 a0 fe 08 01 ................
0108fe9c 00 00 00 00 00 ba 3c dc - ff ff ff ff 04 ff 08 01 ......<.........
0108feac fb e9 e1 77 80 fe 08 01 - 01 00 00 00 00 00 00 00 ...w............
0108febc a0 fe 08 01 00 00 00 00 - 60 ea 00 00 18 bb 1d 63 ........`......c
0108fecc 00 00 00 00 a4 01 00 00 - 40 02 00 00 84 ff 08 01 ........@.......
0108fedc 4f 7a 89 77 00 00 16 71 - 74 ff 08 01 00 00 00 00 Oz.w...qt.......
0108feec 18 bb 1d 63 00 00 00 00 - 00 00 00 00 cc 76 fd 7f ...c.........v..
0108fefc 00 00 00 00 40 02 00 00 - 20 ff 08 01 48 ea e1 77 ....@... ...H..w
0108ff0c d0 fe 08 01 38 bb 1d 63 - 60 ea 00 00 41 00 00 00 ....8..c`...A...
0108ff1c 00 00 00 00 74 ff 08 01 - b6 a7 1c 63 01 00 00 00 ....t......c....
0108ff2c 38 bb 1d 63 00 00 00 00 - 60 ea 00 00 41 00 00 00 8..c....`...A...
0108ff3c 00 00 00 00 18 bb 1d 63 - 00 00 00 00 00 00 00 00 .......c........
0108ff4c 00 00 00 00 00 00 00 00 - f0 fe 08 01 00 7c fd 7f .............|..
0108ff5c dc ff 08 01 b4 1b 77 79 - 10 ab 67 00 18 bb 1d 63 ......wy..g....c
0108ff6c 60 ea 00 00 01 00 00 00 - ac ff 08 01 3e ab 1c 63 `...........>..c
0108ff7c a0 ff 08 01 a4 ff 08 01 - a8 ff 08 01 9c ff 08 01 ................
0108ff8c 60 ea 00 00 00 00 00 00 - 00 00 18 63 00 00 00 00 `..........c....

Despejo de estado para o identificador do segmento 0x324

eax=000000c0 ebx=00f5fccc ecx=00000000 edx=00000000 esi=00000320 edi=00000000
eip=7846915e esp=0123ffa0 ebp=0123ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246


fun?§Ä?o: ZwDelayExecution
78469153 b832000000 mov eax,0x32
78469158 8d542404 lea edx,[esp+0x4] ss:01cb9e87=????????
7846915c cd2e int 2e
7846915e c20800 ret 0x8

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
0123FFB4 7972B382 00F5FCCC 00000000 00000320 00F5FCCC ntdll!ZwDelayExecution
0123FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW

Despejo de estado para o identificador do segmento 0x420

eax=78478a70 ebx=00000000 ecx=00000020 edx=00000000 esi=0127fed8 edi=00000000
eip=77e580ff esp=0127fe98 ebp=0127feb0 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246


fun?§Ä?o: GetMenuItemRect
77e580e6 b899110000 mov eax,0x1199
77e580eb 8d542404 lea edx,[esp+0x4] ss:01cf9d7f=????????
77e580ef cd2e int 2e
77e580f1 c21000 ret 0x10
77e580f4 b89a110000 mov eax,0x119a
77e580f9 8d542404 lea edx,[esp+0x4] ss:01cf9d7f=????????
77e580fd cd2e int 2e
77e580ff c21000 ret 0x10

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
0127FEB0 76F01E36 0127FED8 00000000 00000000 00000000 user32!GetMenuItemRect
00000001 00000000 00000000 00000000 00000000 00000000 netshell!DllGetClassObject

Despejo de estado para o identificador do segmento 0x278

eax=012bf304 ebx=77e27252 ecx=00000000 edx=00000000 esi=012bfd70 edi=77e272d8
eip=77e580ff esp=012bfd04 ebp=012bfd1c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246


fun?§Ä?o: GetMenuItemRect
77e580e6 b899110000 mov eax,0x1199
77e580eb 8d542404 lea edx,[esp+0x4] ss:01d39beb=????????
77e580ef cd2e int 2e
77e580f1 c21000 ret 0x10
77e580f4 b89a110000 mov eax,0x119a
77e580f9 8d542404 lea edx,[esp+0x4] ss:01d39beb=????????
77e580fd cd2e int 2e
77e580ff c21000 ret 0x10

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
012BFD1C 766A1AD2 012BFD70 00000000 00000000 00000000 user32!GetMenuItemRect
012BFD90 766A198E 000B00E6 00000000 766A2848 00000001 stobject!DllGetClassObject
012BFFB4 7972B382 00000000 00F5FAA0 78478191 00000000 stobject!DllGetClassObject
012BFFEC 00000000 766A1949 00000000 00000000 000000C8 kernel32!lstrcmpiW

*----> Despejo simplificado da pilha<----*
012bfd04 06 73 e2 77 70 fd 2b 01 - 00 00 00 00 00 00 00 00 .s.wp.+.........
012bfd14 00 00 00 00 00 00 00 00 - 90 fd 2b 01 d2 1a 6a 76 ..........+...jv
012bfd24 70 fd 2b 01 00 00 00 00 - 00 00 00 00 00 00 00 00 p.+.............
012bfd34 a0 fa f5 00 00 00 6a 76 - 00 00 00 00 30 00 00 00 ......jv....0...
012bfd44 00 40 00 00 00 13 6a 76 - 00 00 00 00 1e 00 00 00 .@....jv........
012bfd54 00 00 6a 76 b3 00 05 00 - 11 00 01 00 10 00 00 00 ..jv............
012bfd64 00 00 00 00 50 28 6a 76 - 00 00 00 00 56 00 02 00 ....P(jv....V...
012bfd74 98 05 00 00 00 00 00 00 - 00 00 00 00 e9 7f 67 00 ..............g.
012bfd84 00 00 00 00 7b 01 00 00 - 00 00 00 00 b4 ff 2b 01 ....{.........+.
012bfd94 8e 19 6a 76 e6 00 0b 00 - 00 00 00 00 48 28 6a 76 ..jv........H(jv
012bfda4 01 00 00 00 91 81 47 78 - 43 00 3a 00 5c 00 57 00 ......GxC.:.\.W.
012bfdb4 49 00 4e 00 4e 00 54 00 - 5c 00 73 00 79 00 73 00 I.N.N.T.\.s.y.s.
012bfdc4 74 00 65 00 6d 00 33 00 - 32 00 5c 00 73 00 74 00 t.e.m.3.2.\.s.t.
012bfdd4 6f 00 62 00 6a 00 65 00 - 63 00 74 00 2e 00 64 00 o.b.j.e.c.t...d.
012bfde4 6c 00 6c 00 00 00 72 79 - 1b 00 00 00 00 02 00 00 l.l...ry........
012bfdf4 fc ff 2b 01 23 00 00 00 - 00 00 00 00 00 00 00 00 ..+.#...........
012bfe04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
012bfe14 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
012bfe24 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
012bfe34 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

Despejo de estado para o identificador do segmento 0x3f4

eax=00000001 ebx=00007530 ecx=00089df8 edx=00000000 esi=000840f0 edi=00007530
eip=7846beb2 esp=013ffebc ebp=013ffee4 iopl=0 nv up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000297


fun?§Ä?o: NtRemoveIoCompletion
7846bea7 b8a8000000 mov eax,0xa8
7846beac 8d542404 lea edx,[esp+0x4] ss:01e79da3=????????
7846beb0 cd2e int 2e
7846beb2 c21400 ret 0x14

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
013FFEE4 771709DA 00000124 013FFF1C 013FFF0C 013FFF14 ntdll!NtRemoveIoCompletion
013FFF20 77140EDE 00007530 013FFF60 013FFF5C 013FFF70 rpcrt4!I_RpcTransGetAddressList
013FFF74 77140D17 77129A00 000840F0 012BF3CA 7846C277 rpcrt4!TowerConstruct
013FFFA8 77131C6C 000A61F8 013FFFEC 7972B382 000A67D0 rpcrt4!TowerConstruct
013FFFB4 7972B382 000A67D0 012BF3CA 7846C277 000A67D0 rpcrt4!I_RpcServerInqTransportType
013FFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW

Despejo de estado para o identificador do segmento 0x11c

eax=00000000 ebx=00000000 ecx=000ae770 edx=00000000 esi=00084f10 edi=00000100
eip=784639c7 esp=0143fe28 ebp=0143ff74 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000206


fun?§Ä?o: NtReplyWaitReceivePortEx
784639bc b8ac000000 mov eax,0xac
784639c1 8d542404 lea edx,[esp+0x4] ss:01eb9d0f=????????
784639c5 cd2e int 2e
784639c7 c21400 ret 0x14
784639ca 8b4710 mov eax,[edi+0x10] ds:00a79fe6=????????
784639cd 8b483c mov ecx,[eax+0x3c] ds:00a79ee6=????????
784639d0 f6400801 test byte ptr [eax+0x8],0x1 ds:00a79ee6=??
784639d4 7502 jnz RtlCreateProcessParameters+0xd (78463cd8)
784639d6 03c8 add ecx,eax
784639d8 894de4 mov [ebp+0xe4],ecx ss:01eb9e5a=????????
784639db 8b4710 mov eax,[edi+0x10] ds:00a79fe6=????????
784639de 668b4038 mov ax,[eax+0x38] ds:00a79ee7=????
784639e2 668945e0 mov [ebp+0xe0],ax ss:01eb9e5b=????
784639e6 668945e2 mov [ebp+0xe2],ax ss:01eb9e5b=????
784639ea 53 push ebx

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
0143FF74 77146D9E 77129AD0 00084F10 00000000 00000000 ntdll!NtReplyWaitReceivePortEx
0143FFA8 77131C6C 000792B0 0143FFEC 7972B382 000A7958 rpcrt4!TowerConstruct
0143FFB4 7972B382 000A7958 00000000 00000000 000A7958 rpcrt4!I_RpcServerInqTransportType
0143FFEC 00000000 77131C54 000A7958 00000000 00905A4D kernel32!lstrcmpiW

*----> Despejo simplificado da pilha<----*
0143fe28 d4 74 14 77 28 01 00 00 - 54 ff 43 01 00 00 00 00 .t.w(...T.C.....
0143fe38 60 cd 0f 00 58 ff 43 01 - 38 92 07 00 58 72 0a 00 `...X.C.8...Xr..
0143fe48 34 91 46 78 00 00 00 00 - 00 00 00 00 00 00 00 00 4.Fx............
0143fe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0143fe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0143fe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0143fe88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0143fe98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0143fea8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0143feb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0143fec8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0143fed8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0143fee8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0143fef8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0143ff08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0143ff18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0143ff28 00 00 00 00 00 75 0e 81 - 20 60 13 81 00 00 00 00 .....u.. `......
0143ff38 20 60 13 81 b0 61 13 81 - 64 ac a6 bc 41 df 42 80 `...a..d...A.B.
0143ff48 f2 de 42 80 d4 4b 06 80 - 80 61 13 81 02 00 05 00 ..B..K...a......
0143ff58 00 a2 2f 4d ff ff ff ff - 50 fe 43 01 00 00 02 80 ../M....P.C.....

Despejo de estado para o identificador do segmento 0x244

eax=ffffffff ebx=00000000 ecx=00000002 edx=00650044 esi=00000001 edi=016ade1c
eip=79729927 esp=016add74 ebp=016adddc iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202


fun?§Ä?o: CompareStringW
79729909 8b7d18 mov edi,[ebp+0x18] ss:02127cc2=????????
7972990c 33db xor ebx,ebx
7972990e 895508 mov [ebp+0x8],edx ss:02127cc2=????????
79729911 3bd3 cmp edx,ebx
79729913 897d1c mov [ebp+0x1c],edi ss:02127cc2=????????
79729916 0f849a070000 je CompareStringW+0x8d4 (7972a0b6)
7972991c 3bfb cmp edi,ebx
7972991e 0f8492070000 je CompareStringW+0x8d4 (7972a0b6)
79729924 6a02 push 0x2
79729926 59 pop ecx
FALHA -> 79729927 668b02 mov ax,[edx] ds:00650044=????
7972992a 663b07 cmp ax,[edi] ds:016ade1c=0047
7972992d 0f85d0000000 jne CompareStringW+0x221 (79729a03)
79729933 663bc3 cmp ax,bx
79729936 0f84c7000000 je CompareStringW+0x221 (79729a03)
7972993c 668b040a mov ax,[edx+ecx] ds:00000002=????
79729940 03d1 add edx,ecx
79729942 03f9 add edi,ecx
79729944 895508 mov [ebp+0x8],edx ss:02127cc2=????????
79729947 897d1c mov [ebp+0x1c],edi ss:02127cc2=????????
7972994a 663b07 cmp ax,[edi] ds:016ade1c=0047
7972994d 0f85b0000000 jne CompareStringW+0x221 (79729a03)

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
016ADDDC 7972B2E8 00650044 00000001 00650044 FFFFFFFF kernel32!CompareStringW
016ADE60 0069006E 00200072 00730061 00630020 006E006F kernel32!lstrcmpiW
00690066 00000000 00000000 00000000 00000000 00000000 <nosymbols>

*----> Despejo simplificado da pilha<----*
016add74 44 00 65 00 e4 f1 0d 00 - 1c de 6a 01 ec e2 6a 01 D.e.......j...j.
016add84 0c e4 6a 01 f0 e2 6a 01 - 00 00 00 00 24 e4 6a 01 ..j...j.....$.j.
016add94 12 07 00 00 00 00 00 00 - cc dd 6a 01 00 00 00 00 ..........j.....
016adda4 64 99 46 78 00 00 07 00 - 78 94 14 00 00 00 00 00 d.Fx....x.......
016addb4 a8 dd 6a 01 c0 33 07 00 - 5c de 6a 01 91 81 47 78 ..j..3..\.j...Gx
016addc4 a0 99 46 78 ff ff ff ff - e4 f1 0d 00 5b ab 72 79 ..Fx........[.ry
016addd4 1c de 6a 01 48 f9 14 00 - 60 de 6a 01 e8 b2 72 79 ..j.H...`.j...ry
016adde4 44 00 65 00 01 00 00 00 - 44 00 65 00 ff ff ff ff D.e.....D.e.....
016addf4 1c de 6a 01 1c de 6a 01 - cb b2 72 79 00 00 00 00 ..j...j...ry....
016ade04 05 9a 60 77 44 00 65 00 - 1c de 6a 01 38 e4 6a 01 ..`wD.e...j.8.j.
016ade14 d8 21 07 00 18 e8 6a 01 - 47 00 65 00 72 00 65 00 .!....j.G.e.r.e.
016ade24 6e 00 63 00 69 00 61 00 - 64 00 6f 00 72 00 20 00 n.c.i.a.d.o.r. .
016ade34 64 00 61 00 20 00 e1 00 - 72 00 65 00 61 00 20 00 d.a. ...r.e.a. .
016ade44 64 00 65 00 20 00 74 00 - 72 00 61 00 62 00 61 00 d.e. .t.r.a.b.a.
016ade54 6c 00 68 00 6f 00 20 00 - 44 00 65 00 66 00 69 00 l.h.o. .D.e.f.i.
016ade64 6e 00 69 00 72 00 20 00 - 61 00 73 00 20 00 63 00 n.i.r. .a.s. .c.
016ade74 6f 00 6e 00 66 00 69 00 - 67 00 75 00 72 00 61 00 o.n.f.i.g.u.r.a.
016ade84 e7 00 f5 00 65 00 73 00 - 20 00 64 00 6f 00 20 00 ....e.s. .d.o. .
016ade94 47 00 65 00 72 00 65 00 - 6e 00 63 00 69 00 61 00 G.e.r.e.n.c.i.a.
016adea4 64 00 6f 00 72 00 20 00 - 64 00 61 00 20 00 e1 00 d.o.r. .d.a. ...

Despejo de estado para o identificador do segmento 0x3e8

eax=636a7e88 ebx=01dbff74 ecx=c2000072 edx=00000000 esi=78474086 edi=0000048c
eip=78474091 esp=01dbff58 ebp=01dbff7c iopl=0 nv up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293


fun?§Ä?o: ZwWaitForSingleObject
78474086 b8ea000000 mov eax,0xea
7847408b 8d542404 lea edx,[esp+0x4] ss:02839e3f=????????
7847408f cd2e int 2e
78474091 c20c00 ret 0xc
78474094 8a5001 mov dl,[eax+0x1] ds:64121d6e=??
78474097 3a5101 cmp dl,[ecx+0x1] ds:c2a79f58=??
7847409a 0f8598c7ffff jne RtlEqualPrefixSid+0x44 (78470838)
784740a0 84d2 test dl,dl
784740a2 7410 jz RtlQueryAtomInAtomTable+0x31 (78474fb4)
784740a4 0fb6d2 movzx edx,dl
784740a7 33ff xor edi,edi
784740a9 8d72ff lea esi,[edx+0xff] ds:00a79ee6=????????
784740ac 85f6 test esi,esi
784740ae 0f8f04100100 jnle RtlEraseUnicodeString+0x4e (784850b8)
784740b4 b001 mov al,0x1

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
01DBFF7C 7972B3D5 0000048C 000927C0 00000000 63678ACA ntdll!ZwWaitForSingleObject
78469134 4AFFC033 58850F08 890000C1 FF900C42 8D0F044A kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000 <nosymbols>

*----> Despejo simplificado da pilha<----*
01dbff58 8e 9e 74 79 8c 04 00 00 - 00 00 00 00 74 ff db 01 ..ty........t...
01dbff68 00 00 00 00 20 28 98 01 - 03 91 46 78 00 44 5f 9a .... (....Fx.D_.
01dbff78 fe ff ff ff 34 91 46 78 - d5 b3 72 79 8c 04 00 00 ....4.Fx..ry....
01dbff88 c0 27 09 00 00 00 00 00 - ca 8a 67 63 8c 04 00 00 .'........gc....
01dbff98 c0 27 09 00 09 00 00 00 - 20 28 98 01 ec ff db 01 .'...... (......
01dbffa8 20 28 98 01 b0 89 67 63 - 98 41 0e 00 8a 89 67 63 (....gc.A....gc
01dbffb8 82 b3 72 79 20 28 98 01 - 09 00 00 00 98 41 0e 00 ..ry (.......A..
01dbffc8 20 28 98 01 00 c0 fa 7f - f8 15 0c 00 c0 ff db 01 (..............
01dbffd8 f8 15 0c 00 ff ff ff ff - b4 1b 77 79 f0 2a 72 79 ..........wy.*ry
01dbffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 81 89 67 63 ..............gc
01dbfff8 20 28 98 01 00 00 00 00 - c8 00 00 00 00 01 00 00 (..............
01dc0008 ff ee ff ee 02 10 00 00 - 00 00 00 00 00 fe 00 00 ................
01dc0018 00 00 10 00 00 20 00 00 - 00 02 00 00 00 20 00 00 ..... ....... ..
01dc0028 30 01 00 00 ff ef fd 7f - 0c 00 08 06 00 00 00 00 0...............
01dc0038 00 00 00 00 00 00 00 00 - 00 00 00 00 98 05 dc 01 ................
01dc0048 0f 00 00 00 f8 ff ff ff - 50 00 dc 01 50 00 dc 01 ........P...P...
01dc0058 40 06 dc 01 00 00 00 00 - 00 00 00 00 00 00 00 00 @...............
01dc0068 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
01dc0078 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
01dc0088 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

Despejo de estado para o identificador do segmento 0x348

eax=77542bda ebx=00000002 ecx=00000000 edx=00000000 esi=78473233 edi=00000002
eip=7847323e esp=0226ff24 ebp=0226ff70 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246


fun?§Ä?o: NtWaitForMultipleObjects
78473233 b8e9000000 mov eax,0xe9
78473238 8d542404 lea edx,[esp+0x4] ss:02ce9e0b=ffffffff
7847323c cd2e int 2e
7847323e c21400 ret 0x14

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
0226FF70 79749F6C 0226FF48 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects
0226FFB4 7972B382 00000000 00000009 016A0764 00000000 kernel32!WaitForMultipleObjects
0226FFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW

Despejo de estado para o identificador do segmento 0x1e8

eax=7742da3c ebx=00000001 ecx=7846b200 edx=00000000 esi=78473233 edi=00000001
eip=7847323e esp=026dff40 ebp=026dff8c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246


fun?§Ä?o: NtWaitForMultipleObjects
78473233 b8e9000000 mov eax,0xe9
78473238 8d542404 lea edx,[esp+0x4] ss:03159e27=ffffffff
7847323c cd2e int 2e
7847323e c21400 ret 0x14

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
026DFF8C 7742DA61 026DFF64 00000001 00000000 026DFF84 ntdll!NtWaitForMultipleObjects
00000001 00000000 00000000 00000000 00000000 00000000 crypt32!CryptSIPLoad

Despejo de estado para o identificador do segmento 0x2b4

eax=000000c0 ebx=0000003f ecx=0271ef4c edx=00000000 esi=0271ebfc edi=00000001
eip=7847323e esp=0271ebe4 ebp=0271ffb4 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246


fun?§Ä?o: NtWaitForMultipleObjects
78473233 b8e9000000 mov eax,0xe9
78473238 8d542404 lea edx,[esp+0x4] ss:03198acb=ffffffff
7847323c cd2e int 2e
7847323e c21400 ret 0x14

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
0271FFB4 7972B382 016AE0CC 00000000 00000000 016AE0CC ntdll!NtWaitForMultipleObjects
0271FFEC 00000000 784776D6 016AE0CC 00000000 00000380 kernel32!lstrcmpiW

*----> Despejo simplificado da pilha<----*
0271ebe4 5e 38 46 78 0f 00 00 00 - 18 ec 71 02 01 00 00 00 ^8Fx......q.....
0271ebf4 01 00 00 00 00 00 00 00 - 98 f5 4a 78 98 f5 4a 78 ..........Jx..Jx
0271ec04 4c 05 00 00 b4 02 00 00 - 0f 00 00 00 0f 00 00 00 L...............
0271ec14 0e 00 00 00 90 02 00 00 - bc 03 00 00 8c 05 00 00 ................
0271ec24 60 05 00 00 b0 05 00 00 - d0 05 00 00 e0 05 00 00 `...............
0271ec34 f4 05 00 00 0c 06 00 00 - 24 06 00 00 34 06 00 00 ........$...4...
0271ec44 48 06 00 00 5c 06 00 00 - 74 06 00 00 84 06 00 00 H...\...t.......
0271ec54 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0271ec64 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0271ec74 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0271ec84 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0271ec94 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0271eca4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0271ecb4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0271ecc4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0271ecd4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0271ece4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0271ecf4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0271ed04 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0271ed14 00 00 00 00 00 00 00 00 - b0 87 0e 00 d0 cb 13 00 ................

Despejo de estado para o identificador do segmento 0x480

eax=00000000 ebx=00000003 ecx=7ffa8000 edx=00000000 esi=78473233 edi=00000003
eip=7847323e esp=0276ff20 ebp=0276ff6c iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000246


fun?§Ä?o: NtWaitForMultipleObjects
78473233 b8e9000000 mov eax,0xe9
78473238 8d542404 lea edx,[esp+0x4] ss:031e9e07=ffffffff
7847323c cd2e int 2e
7847323e c21400 ret 0x14

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
0276FF6C 79749F6C 0276FF44 00000001 00000000 00000000 ntdll!NtWaitForMultipleObjects
00000000 00000000 00000000 00000000 00000000 00000000 kernel32!WaitForMultipleObjects

Despejo de estado para o identificador do segmento 0x4a8

eax=77131c54 ebx=00007530 ecx=00000000 edx=00000000 esi=000840f0 edi=00007530
eip=7846beb2 esp=027afebc ebp=027afee4 iopl=0 nv up ei ng nz ac po cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000297


fun?§Ä?o: NtRemoveIoCompletion
7846bea7 b8a8000000 mov eax,0xa8
7846beac 8d542404 lea edx,[esp+0x4] ss:03229da3=ffffffff
7846beb0 cd2e int 2e
7846beb2 c21400 ret 0x14

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
027AFEE4 771709DA 0000012C 027AFF1C 027AFF0C 027AFF14 ntdll!NtRemoveIoCompletion
027AFF20 77140EDE 00007530 027AFF60 027AFF5C 027AFF70 rpcrt4!I_RpcTransGetAddressList
027AFF74 77140D17 77129A00 000840F0 00000000 00000000 rpcrt4!TowerConstruct
027AFFA8 77131C6C 0014C918 027AFFEC 7972B382 00130788 rpcrt4!TowerConstruct
027AFFB4 7972B382 00130788 00000000 00000000 00130788 rpcrt4!I_RpcServerInqTransportType
027AFFEC 00000000 77131C54 00130788 00000000 00000008 kernel32!lstrcmpiW

*----> Despejo simplificado da pilha<----*
027afebc 23 53 73 79 2c 01 00 00 - 0c ff 7a 02 fc fe 7a 02 #Ssy,.....z...z.
027afecc dc fe 7a 02 d4 fe 7a 02 - 00 5d 1e ee ff ff ff ff ..z...z..]......
027afedc 00 00 00 00 00 00 00 00 - 20 ff 7a 02 da 09 17 77 ........ .z....w
027afeec 2c 01 00 00 1c ff 7a 02 - 0c ff 7a 02 14 ff 7a 02 ,.....z...z...z.
027afefc 30 75 00 00 30 75 00 00 - f0 40 08 00 94 b5 72 79 0u..0u...@....ry
027aff0c 00 00 00 00 2c 01 00 00 - 00 00 00 00 00 00 00 00 ....,...........
027aff1c 00 00 00 00 74 ff 7a 02 - de 0e 14 77 30 75 00 00 ....t.z....w0u..
027aff2c 60 ff 7a 02 5c ff 7a 02 - 70 ff 7a 02 58 ff 7a 02 `.z.\.z.p.z.X.z.
027aff3c 64 ff 7a 02 6c ff 7a 02 - 38 92 07 00 18 c9 14 00 d.z.l.z.8.......
027aff4c 88 07 13 00 2c 01 00 00 - 02 00 00 00 00 00 00 00 ....,...........
027aff5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
027aff6c 00 00 00 00 2c 01 00 00 - a8 ff 7a 02 17 0d 14 77 ....,.....z....w
027aff7c 00 9a 12 77 f0 40 08 00 - 00 00 00 00 00 00 00 00 ...w.@..........
027aff8c 88 07 13 00 00 00 00 00 - 0f 12 43 80 00 75 0e 81 ..........C..u..
027aff9c c0 72 16 81 ff ff ff ff - 88 07 13 00 b4 ff 7a 02 .r............z.
027affac 6c 1c 13 77 18 c9 14 00 - ec ff 7a 02 82 b3 72 79 l..w......z...ry
027affbc 88 07 13 00 00 00 00 00 - 00 00 00 00 88 07 13 00 ................
027affcc 00 70 fa 7f 00 00 00 00 - c0 ff 7a 02 00 00 00 00 .p........z.....
027affdc ff ff ff ff b4 1b 77 79 - f0 2a 72 79 00 00 00 00 ......wy.*ry....
027affec 00 00 00 00 00 00 00 00 - 54 1c 13 77 88 07 13 00 ........T..w....

Despejo de estado para o identificador do segmento 0x124

eax=63605948 ebx=02a2ff74 ecx=000ddaf8 edx=00000000 esi=78474086 edi=000006ac
eip=78474091 esp=02a2ff58 ebp=02a2ff7c iopl=0 nv up ei ng nz ac pe cy
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000293


fun?§Ä?o: ZwWaitForSingleObject
78474086 b8ea000000 mov eax,0xea
7847408b 8d542404 lea edx,[esp+0x4] ss:034a9e3f=a7f09ae1
7847408f cd2e int 2e
78474091 c20c00 ret 0xc
78474094 8a5001 mov dl,[eax+0x1] ds:6407f82e=??
78474097 3a5101 cmp dl,[ecx+0x1] ds:00b579de=??
7847409a 0f8598c7ffff jne RtlEqualPrefixSid+0x44 (78470838)
784740a0 84d2 test dl,dl
784740a2 7410 jz RtlQueryAtomInAtomTable+0x31 (78474fb4)
784740a4 0fb6d2 movzx edx,dl
784740a7 33ff xor edi,edi
784740a9 8d72ff lea esi,[edx+0xff] ds:00a79ee6=????????
784740ac 85f6 test esi,esi
784740ae 0f8f04100100 jnle RtlEraseUnicodeString+0x4e (784850b8)
784740b4 b001 mov al,0x1

*----> Rastreamento regressivo da pilha<----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Nome da fun?§Ä?o
02A2FF7C 7972B3D5 000006AC 000927C0 00000000 63678ACA ntdll!ZwWaitForSingleObject
78469134 4AFFC033 58850F08 890000C1 FF900C42 8D0F044A kernel32!WaitForSingleObject
0424548B 00000000 00000000 00000000 00000000 00000000 <nosymbols>

*----> Despejo simplificado da pilha<----*
02a2ff58 8e 9e 74 79 ac 06 00 00 - 00 00 00 00 74 ff a2 02 ..ty........t...
02a2ff68 00 00 00 00 50 c4 98 01 - 03 91 46 78 00 44 5f 9a ....P.....Fx.D_.
02a2ff78 fe ff ff ff 34 91 46 78 - d5 b3 72 79 ac 06 00 00 ....4.Fx..ry....
02a2ff88 c0 27 09 00 00 00 00 00 - ca 8a 67 63 ac 06 00 00 .'........gc....
02a2ff98 c0 27 09 00 20 e8 18 63 - 50 c4 98 01 ec ff a2 02 .'.. ..cP.......
02a2ffa8 50 c4 98 01 b0 89 67 63 - 04 00 00 00 8a 89 67 63 P.....gc......gc
02a2ffb8 82 b3 72 79 50 c4 98 01 - 20 e8 18 63 04 00 00 00 ..ryP... ..c....
02a2ffc8 50 c4 98 01 00 60 fa 7f - a8 e0 15 00 c0 ff a2 02 P....`..........
02a2ffd8 a8 e0 15 00 ff ff ff ff - b4 1b 77 79 f0 2a 72 79 ..........wy.*ry
02a2ffe8 00 00 00 00 00 00 00 00 - 00 00 00 00 81 89 67 63 ..............gc
02a2fff8 50 c4 98 01 00 00 00 00 - 75 08 8b 76 08 8b 06 53 P.......u..v...S
02a30008 ff 75 fc 56 ff 50 18 8b - d8 8b 45 fc 85 c0 0f 84 .u.V.P....E.....
02a30018 e6 5e ff ff 8b 08 50 ff - 51 08 e9 db 5e ff ff 8b .^....P.Q...^...
02a30028 54 24 04 b8 03 40 00 80 - 85 d2 74 14 8b 41 10 89 T$...@....t..A..
02a30038 02 8b 49 10 85 c9 74 06 - 8b 01 51 ff 50 04 33 c0 ..I...t...Q.P.3.
02a30048 c2 04 00 56 8d 71 0c 33 - c0 39 06 75 07 56 ff 15 ...V.q.3.9.u.V..
02a30058 04 12 7a 65 85 c0 7c 10 - ff 74 24 0c 8b 36 ff 74 ..ze..|..t$..6.t
02a30068 24 0c 8b 06 56 ff 50 0c - 5e c2 08 00 8b 46 10 3b $...V.P.^....F.;
02a30078 c7 0f 84 fd 17 ff ff 8b - 08 57 50 ff 51 1c e9 f1 .........WP.Q...
02a30088 17 ff ff 8b 45 fc 50 8b - 08 ff 51 14 8b d8 3b df ....E.P...Q...;.

onthewayhome 12th November 2003 01:53 AM

also i told in a brazilian forum a few minutes later:
"ok. um pouco chato, mas bug rastreado. ?© uma intera?§Ä?o de software q gera. desabilitando o arquivo NVTUICPL.CPL - nvidia control panel, version 52.16 resolveu o problema. o interessante da coisa ?© q esse problema s?? ocorreu ap??s a instala?§Ä?o do bsplayer 1.00 RC1 build 800. se ocorrer o mesmo problema, tente desabilitar pelo registro do windows ou utilizando o tweakui (localize o arquivo tweakui.cpl) e, em control panel, desabilite o arquivo"

english translation:
ok. a little boring, bug bug tracked. a interaton of software does that. disable the file NVTUICPL.CPL - nvidia control panel, version 52.16 solve the problem. this problem just happend after instalation of bsplayer 1.00 RC1 build 800. if this happend, try disable this file by windows registry or by tweakui (locate the file tweakui.cpl) and, in control panel, disable the file


All times are GMT +1. The time now is 10:34 AM.

Powered by vBulletin® Version 3.8.9
Copyright ©2000 - 2024, vBulletin Solutions, Inc.
Search Engine Optimization by vBSEO 3.6.0 PL2
Ad Management plugin by RedTyger


1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20