System snapshot taken on 4/11/01 12:23:30 PM. *----> Summary/Overview <----* SET619MI.DLL attempted to use a null data pointer variable. Module Name: SET619MI.DLL Version: 6.00.6103 Manufacturer: Sun Microsystems, Inc. Application Name: Setup.exe Description: Office Productivity Suite Version: 6.00.6103 Manufacturer: Sun Microsystems, Inc. User's Remarks: *----> System Information <----* Microsoft Windows 98 4.10.2222 A Clean install using /T:C:\WININST0.400 /SrcDir=C:\WINDOWS\OPTIONS\CABS /IS /IW /IQ /ID /IV /IZ /II /NR /II /C /U:xxxxxxxxxxxxxxxxx IE 5 5.00.2919.6307 Uptime: 0:02:38:50 Normal mode On "WROTH1" as "wroth" Fujitsu PC Corporation GenuineIntel x86 Family 6 Model 8 Stepping 3 128MB RAM 41% system resources free Windows-managed swap file on drive C (1983MB free) Temporary files on drive c (1983MB free) *----> Task list <----* Program Type Path ------------ 1. Kernel32.dll 4.10.2222 Microsoft Corporation 2. MSGSRV32.EXE 4.10.2222 Microsoft Corporation 3. Spool32.exe 4.10.1998 Microsoft Corporation 4. Mprexe.exe 4.10.1998 Microsoft Corporation 5. Mstask.exe 4.71.1959.1 Microsoft Corporation 6. MMTASK.TSK 4.03.1998 Microsoft Corporation 7. Explorer.exe 4.72.3110.1 Microsoft Corporation 8. Taskmon.exe 4.10.1998 Microsoft Corporation 9. Systray.exe 4.10.2222 Microsoft Corporation 10. Irmon.exe 4.10.1998 Microsoft Corporation 11. Prpcui.exe 1.1.0.0 Intel Corporation 12. Dockapp.exe 1, 0, 0, 1 , 13. Btnhnd.exe 2, 2, 0, 0 FUJITSU LIMITED 14. Mgavrtcl.exe 2.0.1.0 McAfee.com 15. Seti@home.exe 3.03 University of California, Berkeley 16. RUNDLL.EXE 4.10.1998 Microsoft Corporation 17. Ypager.exe 3, 5, 0, 844 Yahoo! Inc. 18. Netswtray.exe 3, 2, 2, 0 J.W. Hance 19. Pmset98.exe 1, 1, 0, 1 FUJITSU LIMITED 20. Drwatson.exe 4.03 Microsoft Corporation 21. Wmiexe.exe 5.00.1755.1 Microsoft Corporation 22. Mgavrte.exe 1, 0, 0, 42 McAfee.com 23. Netscape.exe 4.76.0.11 Netscape Communications Corporation 24. Mirc32.exe 5.82 mIRC Co. Ltd. 25. Palm.exe 4.0.0 Palm, Inc. 26. Hotsync.exe 3.1.1 Palm, Inc. 27. Alarmapp.exe 4.0.0 Palm, Inc. 28. Rundll32.exe 4.10.1998 Microsoft Corporation 29. Setup.exe 6.00.6103 Sun Microsystems, Inc. *----> Startup Items <----* Name Loaded from Command ------------------- 1. PMSet98 Startup Group "C:\Program Files\Fujitsu\PMSet98\PMSet98.exe" /A 2. Shortcut to Drwatson.exe Startup Group C:\WINDOWS\DRWATSON.EXE 3. Microsoft Office Startup Group "C:\Program Files\Microsoft Office\Office10\OSA.EXE" -b -l 4. Taskbar Display Controls Registry (Per-User Run) RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY 5. Yahoo! Pager Registry (Per-User Run) C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe 6. NetSwitcher Tray Application Registry (Per-User Run) C:\PROGRA~1\NETSWI~2\NETSWT~1.EXE 7. ScanRegistry Registry (Machine Run) c:\windows\scanregw.exe /autorun 8. TaskMonitor Registry (Machine Run) c:\windows\taskmon.exe 9. SystemTray Registry (Machine Run) SysTray.Exe 10. IrMon Registry (Machine Run) IrMon.exe 11. LoadPowerProfile Registry (Machine Run) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme 12. PRPCMonitor Registry (Machine Run) PRPCUI.exe 13. BayMgr Registry (Machine Run) DockApp.exe 14. SBWatchDog.EXE Registry (Machine Run) C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.EXE /l 15. LoadBtnHnd Registry (Machine Run) C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe 16. mgavrtclexe Registry (Machine Run) C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe 17. seticlient Registry (Machine Run) C:\Program Files\SETI@home\SETI@home.exe -min 18. CriticalUpdate Registry (Machine Run) c:\windows\SYSTEM\wucrtupd.exe -startup 19. LoadPowerProfile Registry (Machine Service) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme 20. SchedulingAgent Registry (Machine Service) mstask.exe 21. mgavrtclexe Registry (Machine Service) C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe *----> System Hooks <----* Hook type Hooked by Application DLL path Application path ------------------------ 1. Keyboard Idle.dll YPAGER.EXE C:\PROGRAM FILES\YAHOO!\MESSENGER\Idle.dll C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE 2. Mouse Idle.dll YPAGER.EXE C:\PROGRAM FILES\YAHOO!\MESSENGER\Idle.dll C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE *----> Kernel Drivers <----* Driver Loaded from Type Likely path ------------------- 1. VMM Microsoft Corporation Virtual Machine Manager 2. MTRR Microsoft Corporation ? 3. VCACHE Microsoft Corporation Cache manager 4. DFS 4.10.2222 Microsoft Corporation DFS Virtual Device (Version 4.0) 5. PERF Microsoft Corporation System Monitor data collection driver 6. VFIXD 1.00.02 Intel Corporation Compatibility VxD 7. VPOWERD 4.10.2223 Microsoft Corporation VPOWERD Virtual Device (Version 4.0) 8. VPICD Microsoft Corporation Hardware interrupt manager 9. VrtwD 1.1.075.3 Intel Corporation Real-Time Clock VxD 10. VTD Microsoft Corporation Timer device driver 11. VWIN32 Microsoft Corporation Win32 subsystem driver 12. VXDLDR Microsoft Corporation Dynamic device driver loader 13. NTKERN Microsoft Corporation Windows Driver Model 14. CONFIGMG Microsoft Corporation Configuration manager 15. PCI 4.10.2223 Microsoft Corporation PCI Virtual Device (Version 4.0) 16. ISAPNP 4.10.1998 Microsoft Corporation ISAPNP Virtual Device (Version 4.0) 17. PCCARD 4.10.2222 Microsoft Corporation PCCARD Virtual Device (Version 4.0) 18. ACPI Microsoft Corporation ? 19. VCDFSD Microsoft Corporation CD-ROM filesystem driver 20. IOS Microsoft Corporation I/O Supervisor 21. PAGEFILE Microsoft Corporation Swapfile driver 22. PAGESWAP Microsoft Corporation Swapfile manager 23. PARITY Microsoft Corporation Memory parity driver 24. REBOOT Microsoft Corporation Ctrl+Alt+Del manager 25. EBIOS Microsoft Corporation Extended BIOS driver 26. VDD Microsoft Corporation Display driver 27. TRIDENT 4.12.01.2224 Trident Microsystems, Inc. TRIDENT Virtual Device (Version 4.0) 28. VSD Microsoft Corporation Speaker driver 29. LTVCD 5.62 LT LT Windows Modem 30. COMBUFF Microsoft Corporation Communications buffer driver 31. VCD Microsoft Corporation Communications port driver 32. SERIAL 4.10.2222 Microsoft Corporation SERIAL Virtual Device (Version 4.0) 33. IRENUM 4.10.2222 Microsoft Corporation IRENUM Virtual Device (Version 4.0) 34. FASTIR 4.10.1998 Microsoft Corporation FASTIR Virtual Device (Version 4.0) 35. VMOUSE Microsoft Corporation Mouse driver 36. MSMINI 4.10.1998 Microsoft Corporation MSMINI Virtual Device (Version 4.0) 37. VKD Microsoft Corporation Keyboard driver 38. VPD Microsoft Corporation Printer driver 39. INT13 Microsoft Corporation BIOS hard disk emulation driver 40. VMCPD Microsoft Corporation Math coprocessor driver 41. BIOSXLAT Microsoft Corporation BIOS emulation driver 42. VNETBIOS 4.10.1998 Microsoft Corporation VNETBIOS Virtual Device (Version 4.0) 43. NDIS 4.10.2222 Microsoft Corporation NDIS Virtual Device (Version 4.0) 44. PPPMAC 4.10.2222 Microsoft Corporation Windows Virtual PPP Driver 45. NDISWAN 4.10.1998 Microsoft Corporation Windows Virtual WAN Protocol Driver 46. NETBEUI 4.10.1998 Microsoft Corporation NETBEUI Virtual Device (Version 4.0) 47. VTDI 4.10.1998 Microsoft Corporation Windows TDI Support Driver 48. WSOCK2 4.10.1998 Microsoft Corporation Windows Sockets Driver 2 TCP/IP only. 49. VIP 4.10.2226 Microsoft Corporation Windows IP Driver 50. MSTCP 4.10.2222 Microsoft Corporation Windows TCP Driver 51. VDHCP 4.10.2161 Microsoft Corporation DHCP VxD Driver 52. VNBT 4.10.2148 Microsoft Corporation VNBT VxD Driver 53. AFVXD 4.10.2222 Microsoft Corporation Windows Sockets VTDI Driver 54. DOSMGR Microsoft Corporation MS-DOS emulation manager 55. VMPOLL Microsoft Corporation System idle-time driver 56. JAVASUP 5.00.3229 Microsoft Corporation Microsoft® Virtual Machine Helper Device for Java 57. VCOMM Microsoft Corporation Communications port Plug and Play driver 58. VCOND Microsoft Corporation Console subsystem driver 59. VTDAPI Microsoft Corporation Multimedia timer driver 60. TSIUSB 11,500,7500,0 LapLink.com, Inc. TBird Component 61. mrtRate Version 2.11 Marimba, Inc. Rate Sencing Driver 62. VFLATD Microsoft Corporation Linear aperture video driver 63. SBEMUL 64. mmdevldr 4.10.1998 Microsoft Corporation mmdevldr Virtual Device (Version 4.0) 65. BAYMGR 1.00.5 Softex Inc. BayManager Miniport Driver 66. CBSS 4.10.2222 Microsoft Corporation CBSS Virtual Device (Version 4.0) 67. Display1 68. CDTSD 4.10.1998 Microsoft Corporation CDTSD Virtual Device (Version 4.0) 69. CDVSD 4.10.2222 Microsoft Corporation CDVSD Virtual Device (Version 4.0) 70. DiskTSD 4.10.2222 Microsoft Corporation DiskTSD Virtual Device (Version 4.0) 71. DiskVSD 4.10.1998 Microsoft Corporation DiskVSD Virtual Device (Version 4.0) 72. voltrack 4.10.1998 Microsoft Corporation voltrack Virtual Device (Version 4.0) 73. YEDFD 4.33 Y-E DATA INC. YEDFD VSD 74. IOMEGA 6.7.5.0 Iomega Corporation IOMEGA Universal DASD VSD 75. MXLW9X 1.0.0.59 MusicMatch, Inc. MusicMatch Access Layer VxD 76. MXLSTACK 1.0.0.59 MusicMatch, Inc. MusicMatch Access Layer Stack VxD 77. CDR4VSD 2.5 (080) Adaptec CD-R Helper VSD for Windows 95 78. APIX 4.00.952 Microsoft Corporation APIX Virtual Device (Version 4.0) 79. CDRPWD 2.5d (296) Adaptec CD-R Packet Writing Driver 80. CD_Read 1.2.0.0 Iomega Corporation IOMEGA Recordit VXD 81. RMM 4.10.1998 Microsoft Corporation RMM Virtual Device (Version 4.0) 82. BIGMEM 4.10.1998 Microsoft Corporation BIGMEM Virtual Device (Version 4.0) 83. SPAP 4.10.2222 Microsoft Corporation SPAP Virtual Device (Version 4.0) 84. AOLMAC 1.63 America Online Network Adapter 85. HSFLOP 4.10.2222 Microsoft Corporation HSFLOP Virtual Device (Version 4.0) 86. SCSIPORT 4.10.2222 Microsoft Corporation SCSIPORT Virtual Device (Version 4.0) 87. SERENUM 4.10.2222 Microsoft Corporation SERENUM Virtual Device (Version 4.0) 88. LPTENUM 4.10.1998 Microsoft Corporation LPTENUM Virtual Device (Version 4.0) 89. SERWAVE 4.10.2222 Microsoft Corporation Serwave Virtual Device 90. WDMAUD 91. THOTKEY 4.12.01.2224 Trident Microsystems, Inc. Virtual Hotkey device change Driver. 92. sage 4.71.1016 Microsoft Corporation sage Virtual Device (Version 4.0) 93. vjoyd 4.07.00.0716 Microsoft Corporation Joystick Virtual Device 94. BTNHND 95. MCKRNL 96. MCUTIL 97. MCSCAN32 98. WSHTCP 4.10.1998 Microsoft Corporation Windows Sockets TCP helper Driver 99. PGPMLOCK 100. FIOLOG 4.10.1998 Microsoft Corporation File I/O Logging VxD for Application Defrag 101. DRVWCDB 3.10.36a Seagate Software, Inc. Device Driver 102. DRVWPPQT 3.10.36a Seagate Software, Inc. Device Driver 103. DRVWQ117 3.10.36a Seagate Software, Inc. Device Driver 104. VDMAD Microsoft Corporation Direct Memory Access controller driver 105. V86MMGR Microsoft Corporation MS-DOS memory manager 106. VSHINIT 107. VSHIELD 108. SPOOLER Microsoft Corporation Print spooler 109. UDF Microsoft Corporation ? 110. VFAT Microsoft Corporation FAT filesystem driver 111. VDEF Microsoft Corporation Default filesystem driver 112. CDFS 4.10.1998 Microsoft Corporation CDFS Virtual Device (Version 4.0) 113. CDUDF 2.5d (296) Adaptec CD-UDF File System Driver 114. CDUDFRW 2.5d (296) Adaptec CD-UDF RW File System Driver 115. UDFREADR 1.02 (107) Adaptec CD-UDF Read-Only File System Driver 116. IFSMGR Microsoft Corporation File system manager 117. VNETSUP 4.10.1998 Microsoft Corporation VNETSUP Virtual Device (Version 4.0) 118. VREDIR 4.10.2222 Microsoft Corporation VREDIR Virtual Device (Version 4.0) 119. VSERVER 4.10.2224 Microsoft Corporation VSERVER Virtual Device (Version 4.0) 120. VFBACKUP Microsoft Corporation Floppy backup helper driver 121. SHELL Microsoft Corporation Shell device driver 122. DRWATSON 4.03 Microsoft Corporation Dr. Watson for Windows 98 123. KMIXER 124. SYSAUDIO 125. redbook 126. swmidi 127. wdmaud 128. baymgr 1.00.5 Softex Inc. BayManager Miniport Driver 129. e100bnt5 3.37.20.0002 Intel Corporation NDIS 5 driver 130. smcirda 4.10.1998 Microsoft Corporation smcirda.SYS miniport 131. netpptp 4.10.2222 Microsoft Corporation Windows Point to Point Tunneling Driver 132. usbhub 133. WMILIB 134. WMIDRV 135. uhcd 136. USBD 137. sbemul 138. STAC97FJ 139. portcls 140. cmbatt 141. fuj02b1 142. hidvkd 143. ec 144. compbatt 145. BATTC 146. acpi Microsoft Corporation ? 147. swenum 148. ks 149. update 150. prpc 151. wdmfs *----> User-Mode Drivers <----* Driver Type Path ------------ 1. mmsystem.dll 4.03.1998 Microsoft Corporation 2. power.drv 4.10.1998 Microsoft Corporation 3. serwvdrv.drv 4.10.2222 Microsoft Corporation 4. msacm.drv 4.03.1998 Microsoft Corporation 5. wdmaud.drv 4.10.1998 Microsoft Corporation 6. midimap.drv 4.03.1998 Microsoft Corporation *----> MS-DOS Drivers <----* Name Type ------------ 1. HIMEM Device driver 2. DBLBUFF Device driver 3. IFSHLP Device driver 4. DOSKEY TSR program *----> 32-bit Modules <----* Name Date Address Path --------------- 1. INT619MI.DLL 6.00.6103 Sun Microsystems, Inc. 2. IDLE.DLL 1, 0, 0, 2 Yahoo! Inc. idle 3. SETUP.EXE 6.00.6103 Sun Microsystems, Inc. Office Productivity Suite 4. WINMM.DLL 4.03.1998 Microsoft Corporation System APIs for Multimedia 5. STS619MI.DLL 6.00.6103 Sun Microsystems, Inc. 6. SET619MI.DLL 6.00.6103 Sun Microsystems, Inc. 7. VERSION.DLL 4.10.1998 Microsoft Corporation Win32 VERSION core component 8. SB619MI.DLL 6.00.6103 Sun Microsystems, Inc. 9. SVT619MI.DLL 6.00.6103 Sun Microsystems, Inc. 10. USER9X.DLL 6.00.6103 Sun Microsystems, Inc. 11. SVL619MI.DLL 6.00.6103 Sun Microsystems, Inc. 12. TK619MI.DLL 6.00.6103 Sun Microsystems, Inc. 13. VCL619MI.DLL 6.00.6103 Sun Microsystems, Inc. 14. IMM32.DLL 4.10.1998 Microsoft Corporation Win32 IMM32 core component 15. WINSPOOL.DRV 4.10.1998 Microsoft Corporation Win32 WINSPOOL core component 16. SOT619MI.DLL 6.00.6103 Sun Microsystems, Inc. 17. UTL619MI.DLL 6.00.6103 Sun Microsystems, Inc. 18. UCBHELPER1MSC.DLL 6.00.6103 Sun Microsystems, Inc. 19. COMPHELP2.DLL 6.00.6103 Sun Microsystems, Inc. 20. CPPUHELPER2MSC.DLL 6.00.6103 Sun Microsystems, Inc. 21. CPPU2.DLL 6.00.6103 Sun Microsystems, Inc. 22. TL619MI.DLL 6.00.6103 Sun Microsystems, Inc. 23. VOS2MSC.DLL 6.00.6103 Sun Microsystems, Inc. 24. SAL2.DLL 6.00.6103 Sun Microsystems, Inc. 25. SHELL9X.DLL 6.00.6103 Sun Microsystems, Inc. 26. SHELL32.DLL 4.72.3612.1700 Microsoft Corporation Windows Shell Common Dll 27. COMCTL32.DLL 5.81 Microsoft Corporation Common Controls Library 28. KERNEL9X.DLL 6.00.6103 Sun Microsystems, Inc. 29. OLE32.DLL 4.71.2900 Microsoft Corporation Microsoft OLE for Windows and Windows NT 30. MPR.DLL 4.10.1998 Microsoft Corporation WIN32 Network Interface DLL 31. WSOCK32.DLL 4.10.1998 Microsoft Corporation BSD Socket API for Windows 32. MSWSOCK.DLL 4.10.2222 Microsoft Corporation Microsoft WinSock Extension APIs 33. WS2_32.DLL 4.10.2222 Microsoft Corporation Windows Socket 2.0 32-Bit DLL 34. WININET.DLL 5.00.3017.1200 Microsoft Corporation Internet Extensions for Win32 35. SHLWAPI.DLL 5.00.2919.6304 Microsoft Corporation Shell Light-weight Utility Library 36. WS2HELP.DLL 4.10.1998 Microsoft Corporation Windows Socket 2.0 Helper for Windows 98 37. USER32.DLL 4.10.2222 Microsoft Corporation Win32 USER32 core component 38. GDI32.DLL 4.10.1998 Microsoft Corporation Win32 GDI core component 39. MSVCRT.DLL 6.00.8397.0 Microsoft Corporation Microsoft (R) C Runtime Library 40. ADVAPI32.DLL 4.80.1675 Microsoft Corporation Win32 ADVAPI32 core component 41. KERNEL32.DLL 4.10.2222 Microsoft Corporation Win32 Kernel core component *----> 16-bit Modules <----* Name Type Path ------------ 1. KERNEL 4.10.1998 Microsoft Corporation 2. SYSTEM 4.10.1998 Microsoft Corporation 3. KEYBOARD 4.10.2222 Microsoft Corporation 4. MOUSE 9.01.0.000 Microsoft Corporation 5. DISPLAY 4.12.01.2224 Trident Microsystems, Inc. 6. DIBENG 4.10.1998 Microsoft Corporation 7. WIN87EM 8. M97BIOS 4.12.01.2224 Trident Microsystems, Inc. 9. EMBED95 4.12.01.2224 Trident Microsystems, Inc. 10. SOUND 4.10.1998 Microsoft Corporation 11. COMM 4.10.1998 Microsoft Corporation 12. GDI 4.10.2222 Microsoft Corporation 13. USER 4.10.2223 Microsoft Corporation 14. DDEML 4.10.1998 Microsoft Corporation 15. MSPLUS 4.40.500 Microsoft Corporation 16. MSGSRV32 4.10.2222 Microsoft Corporation 17. MMSYSTEM 4.03.1998 Microsoft Corporation 18. POWER 4.10.1998 Microsoft Corporation 19. LZEXPAND 4.00.429 Microsoft Corporation 20. VER 4.10.1998 Microsoft Corporation 21. SHELL 4.10.1998 Microsoft Corporation 22. COMMCTRL 4.10.1998 Microsoft Corporation 23. SYSTHUNK 4.10.1998 Microsoft Corporation 24. OLECLI 1.20.000 Microsoft Corporation 25. OLESVR 1.10.000 Microsoft Corporation 26. TRID_KEY 27. SERWVDRV 4.10.2222 Microsoft Corporation 28. VMODCTL 4.10.2222 Microsoft Corporation 29. UMDM16 4.10.1998 Microsoft Corporation 30. UMDMXFRM 4.10.2222 Microsoft Corporation 31. MSACMMAP 4.03.1998 Microsoft Corporation 32. MSACM 4.03.1998 Microsoft Corporation 33. MMTASK 4.03.1998 Microsoft Corporation 34. WDMAUDDRV 4.10.1998 Microsoft Corporation 35. MIDIMAP 4.03.1998 Microsoft Corporation 36. COMMDLG 4.00.950 Microsoft Corporation 37. RUNDLL 4.10.1998 Microsoft Corporation 38. DESKCP16 4.10.2222 Microsoft Corporation 39. TOOLHELP 4.10.1998 Microsoft Corporation 40. RWABS16 41. PIFMGR 4.10.2222 Microsoft Corporation 42. PSCRIPT 4.10.2222 Microsoft Corporation 43. SETUPX 4.10.2222 Microsoft Corporation *----> Details <----* Command line: "C:\Program Files\OpenOffice\619\program\setup.exe" Trap 0e 0000 - Invalid page fault eax=00000000 ebx=0000001b ecx=0079f8dc edx=00f1feb0 esi=007697c0 edi=00000122 eip=0040505b esp=00f1fe10 ebp=00f1ff40 -- -- -- nv up EI pl nz na PE nc cs=0167 ss=016f ds=016f es=016f fs=4587 gs=0000 SET619MI.DLL:.text+0x405b: >0167:0040505b 8b8080000000 mov eax,dword ptr [eax+00000080] sel type base lim/bot ---- ---- -------- -------- cs 0167 r-x- 00000000 ffffffff ss 016f rw-e 00000000 0000b7a0 ds 016f rw-e 00000000 0000b7a0 es 016f rw-e 00000000 0000b7a0 fs 4587 rw-- 81772adc 00000037 gs 0000 ---- stack base: 00e20000 TIB limits: 00f1d000 - 00f20000 -- exception record -- Exception Code: c0000005 (access violation) Exception Address: 0040505b (SET619MI.DLL:.text+0x405b) Exception Info: 00000000 ffffffff SET619MI.DLL:.text+0x405b: >0167:0040505b 8b8080000000 mov eax,dword ptr [eax+00000080] 0167:00405030 8d8d60ffffff lea ecx,[ebp-000000a0] 0167:00405036 885dfc mov byte ptr [ebp-04],bl 0167:00405039 e8fad00600 call 00472138 = TL619MI.DLL!121 0167:0040503e 6818814900 push 00498118 0167:00405043 8d4dec lea ecx,[ebp-14] 0167:00405046 e86bd10600 call 004721b6 = TL619MI.DLL!126 0167:0040504b 8b8e80000000 mov ecx,dword ptr [esi+00000080] 0167:00405051 8d9570ffffff lea edx,[ebp-00000090] 0167:00405057 52 push edx 0167:00405058 8b411c mov eax,dword ptr [ecx+1c] SET619MI.DLL:.text+0x405b: *0167:0040505b 8b8080000000 mov eax,dword ptr [eax+00000080] 0167:00405061 8bc8 mov ecx,eax 0167:00405063 e858ae0400 call 0044fec0 = SET619MI.DLL!1098 0167:00405068 50 push eax 0167:00405069 8d4dec lea ecx,[ebp-14] 0167:0040506c c645fc23 mov byte ptr [ebp-04],23 0167:00405070 e88dd00600 call 00472102 = TL619MI.DLL!124 0167:00405075 8d8d70ffffff lea ecx,[ebp-00000090] 0167:0040507b 885dfc mov byte ptr [ebp-04],bl 0167:0040507e e8b5d00600 call 00472138 = TL619MI.DLL!121 0167:00405083 681c814900 push 0049811c -------------------- -- stack summary -- 016f:00f1ff40 0167:0040505b SET619MI.DLL:.text+0x405b (0076925c,00000002,00afb2a0,1c20c0db, 00afb2a0,00afc870,004c2085,00afb2a0) 016f:00f1ff98 0167:004644b1 SET619MI.DLL:.text+0x634b1 (00afc870,81772ad4,00000008,817aacb0, 00000007,00f1ffa4,0000016f,ffffffff) 016f:00f1ffcc 0167:bff88f20 KERNEL32!ThreadStartup -- stack trace -- 016f:00f1ff40 0167:0040505b SET619MI.DLL:.text+0x405b (0076925c,00000002,00afb2a0,1c20c0db, 00afb2a0,00afc870,004c2085,00afb2a0) 0167:00405030 8d8d60ffffff lea ecx,[ebp-000000a0] 0167:00405036 885dfc mov byte ptr [ebp-04],bl 0167:00405039 e8fad00600 call 00472138 = TL619MI.DLL!121 0167:0040503e 6818814900 push 00498118 0167:00405043 8d4dec lea ecx,[ebp-14] 0167:00405046 e86bd10600 call 004721b6 = TL619MI.DLL!126 0167:0040504b 8b8e80000000 mov ecx,dword ptr [esi+00000080] 0167:00405051 8d9570ffffff lea edx,[ebp-00000090] 0167:00405057 52 push edx 0167:00405058 8b411c mov eax,dword ptr [ecx+1c] SET619MI.DLL:.text+0x405b: *0167:0040505b 8b8080000000 mov eax,dword ptr [eax+00000080] 0167:00405061 8bc8 mov ecx,eax 0167:00405063 e858ae0400 call 0044fec0 = SET619MI.DLL!1098 0167:00405068 50 push eax 0167:00405069 8d4dec lea ecx,[ebp-14] 0167:0040506c c645fc23 mov byte ptr [ebp-04],23 0167:00405070 e88dd00600 call 00472102 = TL619MI.DLL!124 0167:00405075 8d8d70ffffff lea ecx,[ebp-00000090] 0167:0040507b 885dfc mov byte ptr [ebp-04],bl 0167:0040507e e8b5d00600 call 00472138 = TL619MI.DLL!121 0167:00405083 681c814900 push 0049811c -------------------- 016f:00f1ff98 0167:004644b1 SET619MI.DLL:.text+0x634b1 (00afc870,81772ad4,00000008,817aacb0, 00000007,00f1ffa4,0000016f,ffffffff) 0167:00464491 8b742408 mov esi,dword ptr [esp+08] 0167:00464495 6a00 push +00 0167:00464497 c6461001 mov byte ptr [esi+10],01 0167:0046449b ff1574424800 call dword ptr [00484274] -> OLE32.DLL!CoInitialize 0167:004644a1 8b4624 mov eax,dword ptr [esi+24] 0167:004644a4 8b4e18 mov ecx,dword ptr [esi+18] 0167:004644a7 50 push eax 0167:004644a8 51 push ecx 0167:004644a9 8b4e14 mov ecx,dword ptr [esi+14] 0167:004644ac e86f04faff call 00404920 = SET619MI.DLL!546 SET619MI.DLL:.text+0x634b1: *0167:004644b1 6a00 push +00 0167:004644b3 6a2f push +2f 0167:004644b5 e8f2e30000 call 004728ac = VCL619MI.DLL!322 0167:004644ba 5e pop esi 0167:004644bb c3 retd 0167:004644bc 90 nop 0167:004644bd 90 nop 0167:004644be 90 nop 0167:004644bf 90 nop 0167:004644c0 83e904 sub ecx,+04 0167:004644c3 e938ffffff jmp 00464400 = SET619MI.DLL!1721 -------------------- 016f:00f1ffcc 0167:bff88f20 KERNEL32!ThreadStartup -- stack dump -- 00f1fe10 00f1feb0 -> d0 b1 af 00 40 00 00 00 0c 00 75 00 00 00 00 00 ....@.....u..... 00f1fe14 81772ad4 -> 07 00 01 00 10 64 f1 ce ec fb f1 00 00 00 f2 00 .....d.......... 00f1fe18 00afb2a0 -> 2c 9b 48 00 24 9b 48 00 a0 b3 af 00 00 00 00 00 ,.H.$.H......... 00f1fe1c 817aacb0 -> 06 00 08 00 f0 9b 93 cd 00 00 00 00 00 00 00 00 ................ 00f1fe20 00000000 00f1fe24 00afae90 -> 01 00 00 00 07 00 00 00 70 72 6f 67 72 61 6d 00 ........program. 00f1fe28 007e95cc -> 00 00 00 00 10 9f af 00 b4 95 7e 00 00 00 00 00 ................ 00f1fe2c 00000000 ... 00f1fe34 817aacb0 -> 06 00 08 00 f0 9b 93 cd 00 00 00 00 00 00 00 00 ................ 00f1fe38 00000000 00f1fe3c 00afcb50 -> 01 00 00 00 03 00 00 00 36 31 39 00 69 00 67 00 ........619.i.g. 00f1fe40 007e42c0 -> 00 00 00 00 00 ca af 00 30 23 7c 00 00 00 00 00 ........0#|..... 00f1fe44 00000000 ... 00f1fe64 00afbf10 -> 01 00 00 00 09 00 00 00 73 65 74 75 70 2e 6c 6f ........setup.lo 00f1fe68 007d3680 -> 00 00 00 00 90 ae af 00 9c d0 77 00 00 00 00 00 ..........w..... 00f1fe6c 00000000 ... 00f1fe78 00afa180 -> 01 00 00 00 20 00 00 00 43 3a 5c 50 72 6f 67 72 .... ...C:\Progr 00f1fe7c 00aaff60 -> 05 00 00 00 1f 00 00 00 43 3a 5c 50 72 6f 67 72 ........C:\Progr 00f1fe80 00000000 ... 00f1fe9c 007697c0 -> 50 4d 48 00 04 d4 77 00 d8 3a 11 01 e0 49 10 01 PMH...w..:...I.. 00f1fea0 00aaff60 -> 05 00 00 00 1f 00 00 00 43 3a 5c 50 72 6f 67 72 ........C:\Progr 00f1fea4 00850f6c -> 90 00 00 a0 00 00 00 00 41 01 00 00 01 00 00 00 ........A....... 00f1fea8 bff7a3bc = KERNEL32.DLL:.text+0x13bc -------------------- 0167:bff7a3a0 eb36 jmp bff7a3d8 = KERNEL32.DLL:.text+0x13d8 0167:bff7a3a2 8b4d08 mov ecx,dword ptr [ebp+08] 0167:bff7a3a5 0fb64170 movzx eax,byte ptr [ecx+70] 0167:bff7a3a9 0b45f4 or eax,dword ptr [ebp-0c] 0167:bff7a3ac 50 push eax 0167:bff7a3ad 8b45f8 mov eax,dword ptr [ebp-08] 0167:bff7a3b0 2b45fc sub eax,dword ptr [ebp-04] 0167:bff7a3b3 50 push eax 0167:bff7a3b4 ff75fc push dword ptr [ebp-04] 0167:bff7a3b7 e8f6feffff call bff7a2b2 = KERNEL32.DLL:.text+0x12b2 KERNEL32.DLL:.text+0x13bc: *0167:bff7a3bc 85c0 test eax,eax 0167:bff7a3be 747d jz bff7a43d = KERNEL32.DLL:.text+0x143d 0167:bff7a3c0 8b4608 mov eax,dword ptr [esi+08] 0167:bff7a3c3 8b4e04 mov ecx,dword ptr [esi+04] 0167:bff7a3c6 8bdf mov ebx,edi 0167:bff7a3c8 894108 mov dword ptr [ecx+08],eax 0167:bff7a3cb 8b5604 mov edx,dword ptr [esi+04] 0167:bff7a3ce 8b4608 mov eax,dword ptr [esi+08] 0167:bff7a3d1 895004 mov dword ptr [eax+04],edx 0167:bff7a3d4 80243efd and byte ptr [esi+edi],fd 0167:bff7a3d8 837df000 cmp dword ptr [ebp-10],+00 -------------------- 00f1feac 00000006 00f1feb0 00afb1d0 -> 01 00 00 00 0a 00 00 00 4f 70 65 6e 4f 66 66 69 ........OpenOffi 00f1feb4 00000040 00f1feb8 0075000c -> 01 00 00 a0 1c 0e 85 00 8c b3 7e 00 80 00 00 00 ................ 00f1febc 00000000 00f1fec0 00afae90 -> 01 00 00 00 07 00 00 00 70 72 6f 67 72 61 6d 00 ........program. 00f1fec4 0078388c -> ec 53 78 00 f0 6d 7d 00 00 00 00 00 00 00 00 00 .Sx..m}......... 00f1fec8 00000000 ... 00f1fed0 0075000c -> 01 00 00 a0 1c 0e 85 00 8c b3 7e 00 80 00 00 00 ................ 00f1fed4 cef16430 -> 01 00 00 00 d4 2a 77 81 b0 ac 7a 81 50 7c 93 cd .....*w...z.P|.. 00f1fed8 00f1fefc -> 10 ff f1 00 c4 8d f8 bf 00 00 75 00 90 00 00 00 ..........u..... 00f1fedc bff7a10e = KERNEL32.DLL:.text+0x110e -------------------- 0167:bff7a0ea fa cli 0167:bff7a0eb bf4ec3fabf mov edi,bffac34e 0167:bff7a0f0 8b442404 mov eax,dword ptr [esp+04] 0167:bff7a0f4 0fb64870 movzx ecx,byte ptr [eax+70] 0167:bff7a0f8 0b4c2408 or ecx,dword ptr [esp+08] 0167:bff7a0fc f6c101 test cl,01 0167:bff7a0ff 750d jnz bff7a10e = KERNEL32.DLL:.text+0x110e 0167:bff7a101 ff704c push dword ptr [eax+4c] 0167:bff7a104 e8e5a1ffff call bff742ee = KERNEL32.DLL:_FREQASM+0x32ee 0167:bff7a109 e83e010000 call bff7a24c = KERNEL32.DLL:.text+0x124c KERNEL32.DLL:.text+0x110e: *0167:bff7a10e c20800 retd 0008 0167:bff7a111 53 push ebx 0167:bff7a112 56 push esi 0167:bff7a113 8b742410 mov esi,dword ptr [esp+10] 0167:bff7a117 57 push edi 0167:bff7a118 8b7c2418 mov edi,dword ptr [esp+18] 0167:bff7a11c 55 push ebp 0167:bff7a11d ba00001000 mov edx,00100000 0167:bff7a122 8d1c3e lea ebx,[esi+edi] 0167:bff7a125 8b03 mov eax,dword ptr [ebx] 0167:bff7a127 a801 test al,01 -------------------- 00f1fee0 bff7a567 = KERNEL32.DLL:.text+0x1567 -------------------- 0167:bff7a54a 56 push esi 0167:bff7a54b e8a6fdffff call bff7a2f6 = KERNEL32.DLL:.text+0x12f6 0167:bff7a550 89450c mov dword ptr [ebp+0c],eax 0167:bff7a553 85c0 test eax,eax 0167:bff7a555 7436 jz bff7a58d = KERNEL32.DLL:.text+0x158d 0167:bff7a557 ff7510 push dword ptr [ebp+10] 0167:bff7a55a 56 push esi 0167:bff7a55b 0d000000a0 or eax,a0000000 0167:bff7a560 8903 mov dword ptr [ebx],eax 0167:bff7a562 e889fbffff call bff7a0f0 = KERNEL32.DLL:.text+0x10f0 KERNEL32.DLL:.text+0x1567: *0167:bff7a567 8d4304 lea eax,[ebx+04] 0167:bff7a56a eb49 jmp bff7a5b5 = KERNEL32.DLL:.text+0x15b5 0167:bff7a56c 6a08 push +08 0167:bff7a56e e82d240000 call bff7c9a0 = KERNEL32.DLL:.text+0x39a0 0167:bff7a573 eb18 jmp bff7a58d = KERNEL32.DLL:.text+0x158d 0167:bff7a575 6a08 push +08 0167:bff7a577 e824240000 call bff7c9a0 = KERNEL32.DLL:.text+0x39a0 0167:bff7a57c eb0f jmp bff7a58d = KERNEL32.DLL:.text+0x158d 0167:bff7a57e 6a10 push +10 0167:bff7a580 ff75fc push dword ptr [ebp-04] 0167:bff7a583 680a000100 push 0001000a -------------------- 00f1fee4 00750000 -> 00 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00f1fee8 00000000 00f1feec 81772ad4 -> 07 00 01 00 10 64 f1 ce ec fb f1 00 00 00 f2 00 .....d.......... 00f1fef0 00f1ff38 -> 3b 99 47 00 1b 00 00 00 98 ff f1 00 b1 44 46 00 ;.G..........DF. 00f1fef4 00afae70 -> 01 00 00 00 0b 00 00 00 3c 6f 75 74 65 72 70 61 ........ 22 01 00 00 eb b8 f2 65 08 00 00 00 a0 b2 af 00 "......e........ 00f1ff00 bff88dc4 = KERNEL32.DLL:.text+0xfdc4 -------------------- 0167:bff88da7 8b450c mov eax,dword ptr [ebp+0c] 0167:bff88daa 8b4d0c mov ecx,dword ptr [ebp+0c] 0167:bff88dad 83e008 and eax,+08 0167:bff88db0 83e104 and ecx,+04 0167:bff88db3 c1e003 shl eax,03 0167:bff88db6 0bc1 or eax,ecx 0167:bff88db8 50 push eax 0167:bff88db9 ff7510 push dword ptr [ebp+10] 0167:bff88dbc ff7508 push dword ptr [ebp+08] 0167:bff88dbf e88616ffff call bff7a44a = KERNEL32.DLL:.text+0x144a KERNEL32.DLL:.text+0xfdc4: *0167:bff88dc4 5d pop ebp 0167:bff88dc5 c20c00 retd 000c 0167:bff88dc8 56 push esi 0167:bff88dc9 57 push edi 0167:bff88dca 8b74240c mov esi,dword ptr [esp+0c] 0167:bff88dce 8b7e38 mov edi,dword ptr [esi+38] 0167:bff88dd1 8b4754 mov eax,dword ptr [edi+54] 0167:bff88dd4 85c0 test eax,eax 0167:bff88dd6 7453 jz bff88e2b = KERNEL32.DLL:.text+0xfe2b 0167:bff88dd8 8b4008 mov eax,dword ptr [eax+08] 0167:bff88ddb ff742410 push dword ptr [esp+10] -------------------- 00f1ff04 00750000 -> 00 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00f1ff08 00000090 00f1ff0c 00000000 00f1ff10 00000122 00f1ff14 65f2b8eb = OLE32.DLL:.text+0x2a8eb -------------------- 0167:65f2b8c5 8b750c mov esi,dword ptr [ebp+0c] 0167:65f2b8c8 8bc6 mov eax,esi 0167:65f2b8ca 83e00e and eax,+0e 0167:65f2b8cd 3bc6 cmp eax,esi 0167:65f2b8cf 0f8509520100 jnz 65f40ade = OLE32.DLL:.text+0x3fade 0167:65f2b8d5 837d0800 cmp dword ptr [ebp+08],+00 0167:65f2b8d9 0f8509520100 jnz 65f40ae8 = OLE32.DLL:.text+0x3fae8 0167:65f2b8df a100e0fa65 mov eax,dword ptr [65fae000] 0167:65f2b8e4 50 push eax 0167:65f2b8e5 ff150c14f065 call dword ptr [65f0140c] -> KERNEL32.DLL!TlsGetValue OLE32.DLL:.text+0x2a8eb: *0167:65f2b8eb 8945fc mov dword ptr [ebp-04],eax 0167:65f2b8ee 33c0 xor eax,eax 0167:65f2b8f0 3945fc cmp dword ptr [ebp-04],eax 0167:65f2b8f3 7508 jnz 65f2b8fd = OLE32.DLL:.text+0x2a8fd 0167:65f2b8f5 8d4dfc lea ecx,[ebp-04] 0167:65f2b8f8 e86f280000 call 65f2e16c = OLE32.DLL:.text+0x2d16c 0167:65f2b8fd 8945f8 mov dword ptr [ebp-08],eax 0167:65f2b900 837df800 cmp dword ptr [ebp-08],+00 0167:65f2b904 0f8ce8510100 jl 65f40af2 = OLE32.DLL:.text+0x3faf2 0167:65f2b90a 8bc6 mov eax,esi 0167:65f2b90c 83e002 and eax,+02 -------------------- 00f1ff18 00000008 00f1ff1c 00afb2a0 -> 2c 9b 48 00 24 9b 48 00 a0 b3 af 00 00 00 00 00 ,.H.$.H......... 00f1ff20 00000000 00f1ff24 1c85a3e8 = TL619MI.DLL:.data+0x3e8 -> 35 0f 00 00 00 00 00 00 00 00 00 00 00 01 02 03 5............... 00f1ff28 00000000 00f1ff2c 00afa180 -> 01 00 00 00 20 00 00 00 43 3a 5c 50 72 6f 67 72 .... ...C:\Progr 00f1ff30 00f1fe14 -> d4 2a 77 81 a0 b2 af 00 b0 ac 7a 81 00 00 00 00 .*w.......z..... 00f1ff34 00f1ff88 -> bc ff f1 00 03 ef 00 78 c8 e2 02 78 00 00 00 00 .......x...x.... 00f1ff38 0047993b = SET619MI.DLL:.text+0x7893b -> b8 08 a9 48 00 e9 d1 f3 ff ff cc cc cc cc cc cc ...H............ 00f1ff3c 0000001b 00f1ff40 00f1ff98 -> cc ff f1 00 20 8f f8 bf 70 c8 af 00 d4 2a 77 81 .... ...p....*w. 00f1ff44 004644b1 = SET619MI.DLL:.text+0x634b1 -------------------- 0167:00464491 8b742408 mov esi,dword ptr [esp+08] 0167:00464495 6a00 push +00 0167:00464497 c6461001 mov byte ptr [esi+10],01 0167:0046449b ff1574424800 call dword ptr [00484274] -> OLE32.DLL!CoInitialize 0167:004644a1 8b4624 mov eax,dword ptr [esi+24] 0167:004644a4 8b4e18 mov ecx,dword ptr [esi+18] 0167:004644a7 50 push eax 0167:004644a8 51 push ecx 0167:004644a9 8b4e14 mov ecx,dword ptr [esi+14] 0167:004644ac e86f04faff call 00404920 = SET619MI.DLL!546 SET619MI.DLL:.text+0x634b1: *0167:004644b1 6a00 push +00 0167:004644b3 6a2f push +2f 0167:004644b5 e8f2e30000 call 004728ac = VCL619MI.DLL!322 0167:004644ba 5e pop esi 0167:004644bb c3 retd 0167:004644bc 90 nop 0167:004644bd 90 nop 0167:004644be 90 nop 0167:004644bf 90 nop 0167:004644c0 83e904 sub ecx,+04 0167:004644c3 e938ffffff jmp 00464400 = SET619MI.DLL!1721 -------------------- 00f1ff48 0076925c -> b4 38 77 00 dc 1a 7b 00 a8 9a 79 00 00 00 00 00 .8w...{...y..... 00f1ff4c 00000002 00f1ff50 00afb2a0 -> 2c 9b 48 00 24 9b 48 00 a0 b3 af 00 00 00 00 00 ,.H.$.H......... 00f1ff54 1c20c0db = VOS2MSC.DLL:.text+0xb0db -------------------- 0167:1c20c0cb cc int 3 0167:1c20c0cc cc int 3 0167:1c20c0cd cc int 3 0167:1c20c0ce cc int 3 0167:1c20c0cf cc int 3 0167:1c20c0d0 56 push esi 0167:1c20c0d1 8b742408 mov esi,dword ptr [esp+08] 0167:1c20c0d5 56 push esi 0167:1c20c0d6 8b06 mov eax,dword ptr [esi] 0167:1c20c0d8 ff5004 call dword ptr [eax+04] VOS2MSC.DLL:.text+0xb0db: *0167:1c20c0db 8a460c mov al,byte ptr [esi+0c] 0167:1c20c0de 83c404 add esp,+04 0167:1c20c0e1 84c0 test al,al 0167:1c20c0e3 750d jnz 1c20c0f2 = VOS2MSC.DLL:.text+0xb0f2 0167:1c20c0e5 8b0e mov ecx,dword ptr [esi] 0167:1c20c0e7 56 push esi 0167:1c20c0e8 c6460c01 mov byte ptr [esi+0c],01 0167:1c20c0ec ff5114 call dword ptr [ecx+14] 0167:1c20c0ef 83c404 add esp,+04 0167:1c20c0f2 5e pop esi 0167:1c20c0f3 c3 retd -------------------- 00f1ff58 00afb2a0 -> 2c 9b 48 00 24 9b 48 00 a0 b3 af 00 00 00 00 00 ,.H.$.H......... 00f1ff5c 00afc870 -> 93 67 f8 ff ff ff ff ff 00 00 00 00 00 00 00 00 .g.............. 00f1ff60 004c2085 = SAL2.DLL:.text+0x1085 -------------------- 0167:004c206d 90 nop 0167:004c206e 90 nop 0167:004c206f 90 nop 0167:004c2070 6a00 push +00 0167:004c2072 6a00 push +00 0167:004c2074 ff154c945900 call dword ptr [0059944c] -> SAL2.DLL:.text+0xf90 0167:004c207a 8b442404 mov eax,dword ptr [esp+04] 0167:004c207e 8b4830 mov ecx,dword ptr [eax+30] 0167:004c2081 51 push ecx 0167:004c2082 ff502c call dword ptr [eax+2c] SAL2.DLL:.text+0x1085: *0167:004c2085 83c404 add esp,+04 0167:004c2088 ff15a8b34d00 call dword ptr [004db3a8] -> OLE32.DLL!CoUninitialize 0167:004c208e 33c0 xor eax,eax 0167:004c2090 c20400 retd 0004 0167:004c2093 90 nop 0167:004c2094 90 nop 0167:004c2095 90 nop 0167:004c2096 90 nop 0167:004c2097 90 nop 0167:004c2098 90 nop 0167:004c2099 90 nop -------------------- 00f1ff64 00afb2a0 -> 2c 9b 48 00 24 9b 48 00 a0 b3 af 00 00 00 00 00 ,.H.$.H......... 00f1ff68 7800265a = MSVCRT.DLL:.text+0x165a -------------------- 0167:78002637 0f8443990000 jz 7800bf80 = MSVCRT.DLL:.text+0xaf80 0167:7800263d ff1564e00278 call dword ptr [7802e064] -> KERNEL32.DLL!GetCurrentThreadId 0167:78002643 8906 mov dword ptr [esi],eax 0167:78002645 a138740378 mov eax,dword ptr [78037438] 0167:7800264a 85c0 test eax,eax 0167:7800264c 7402 jz 78002650 = MSVCRT.DLL:.text+0x1650 0167:7800264e ffd0 call eax 0167:78002650 8365fc00 and dword ptr [ebp-04],+00 0167:78002654 ff764c push dword ptr [esi+4c] 0167:78002657 ff5648 call dword ptr [esi+48] MSVCRT.DLL:.text+0x165a: *0167:7800265a e92e990000 jmp 7800bf8d = MSVCRT.DLL:.text+0xaf8d 0167:7800265f c3 retd 0167:78002660 a13c740378 mov eax,dword ptr [7803743c] 0167:78002665 85c0 test eax,eax 0167:78002667 7402 jz 7800266b = MSVCRT.DLL:.text+0x166b 0167:78002669 ffd0 call eax 0167:7800266b 56 push esi 0167:7800266c e820000000 call 78002691 = MSVCRT.DLL:.text+0x1691 0167:78002671 8bf0 mov esi,eax 0167:78002673 85f6 test esi,esi 0167:78002675 0f844f990000 jz 7800bfca = MSVCRT.DLL:.text+0xafca -------------------- 00f1ff6c 00afb3a0 -> 48 00 00 00 93 67 f8 ff 00 00 00 00 00 00 00 00 H....g.......... 00f1ff70 81772ad4 -> 07 00 01 00 10 64 f1 ce ec fb f1 00 00 00 f2 00 .....d.......... 00f1ff74 00000008 00f1ff78 817aacb0 -> 06 00 08 00 f0 9b 93 cd 00 00 00 00 00 00 00 00 ................ 00f1ff7c c0000005 00f1ff80 00f1ff70 -> d4 2a 77 81 08 00 00 00 b0 ac 7a 81 05 00 00 c0 .*w.......z..... 00f1ff84 00f1fc40 -> 18 fd f1 00 34 fd f1 00 6c fc f1 00 49 68 f7 bf ....4...l...Ih.. 00f1ff88 00f1ffbc -> ff ff ff ff b4 05 fc bf 50 90 f7 bf 00 00 00 00 ........P....... 00f1ff8c 7800ef03 = MSVCRT.DLL!_except_handler3 -> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E 00f1ff90 7802e2c8 = MSVCRT.DLL:.rdata+0x2c8 -> ff ff ff ff ab bf 00 78 bf bf 00 78 00 00 00 00 .......x...x.... 00f1ff94 00000000 00f1ff98 00f1ffcc -> ec ff f1 00 ef 69 f8 bf ff 25 00 78 70 c8 af 00 .....i...%.xp... 00f1ff9c bff88f20 = KERNEL32!ThreadStartup -------------------- 0167:bff88f02 53 push ebx 0167:bff88f03 56 push esi 0167:bff88f04 57 push edi 0167:bff88f05 8965e8 mov dword ptr [ebp-18],esp 0167:bff88f08 c745fc00000000 mov dword ptr [ebp-04],00000000 0167:bff88f0f f6451090 test byte ptr [ebp+10],90 0167:bff88f13 7505 jnz bff88f1a = KERNEL32.DLL:.text+0xff1a 0167:bff88f15 e854edffff call bff87c6e = KERNEL32.DLL:.text+0xec6e 0167:bff88f1a ff750c push dword ptr [ebp+0c] 0167:bff88f1d ff5508 call dword ptr [ebp+08] KERNEL32!ThreadStartup: *0167:bff88f20 8945e4 mov dword ptr [ebp-1c],eax 0167:bff88f23 eb1e jmp bff88f43 = KERNEL32.DLL:.text+0xff43 0167:bff88f25 ff75ec push dword ptr [ebp-14] 0167:bff88f28 e8074c0100 call bff9db34 = KERNEL32.DLL!UnhandledExceptionFilter 0167:bff88f2d c3 retd 0167:bff88f2e 8b65e8 mov esp,dword ptr [ebp-18] 0167:bff88f31 a1e49cfcbf mov eax,dword ptr [bffc9ce4] 0167:bff88f36 8b00 mov eax,dword ptr [eax] 0167:bff88f38 80482308 or byte ptr [eax+23],08 0167:bff88f3c 6aff push -01 0167:bff88f3e e88c420000 call bff8d1cf = KERNEL32.DLL:.text+0x141cf -------------------- 00f1ffa0 00afc870 -> 93 67 f8 ff ff ff ff ff 00 00 00 00 00 00 00 00 .g.............. 00f1ffa4 81772ad4 -> 07 00 01 00 10 64 f1 ce ec fb f1 00 00 00 f2 00 .....d.......... 00f1ffa8 00000008 00f1ffac 817aacb0 -> 06 00 08 00 f0 9b 93 cd 00 00 00 00 00 00 00 00 ................ 00f1ffb0 00000007 00f1ffb4 00f1ffa4 -> d4 2a 77 81 08 00 00 00 b0 ac 7a 81 07 00 00 00 .*w.......z..... 00f1ffb8 0000016f 00f1ffbc ffffffff 00f1ffc0 bffc05b4 = KERNEL32.DLL:.text+0x475b4 -> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E 00f1ffc4 bff79050 = KERNEL32.DLL:.text+0x50 -> ff ff ff ff 25 8f f8 bf 2e 8f f8 bf 00 00 00 00 ....%........... 00f1ffc8 00000000 00f1ffcc 00f1ffec -> 00 00 00 00 ec 68 f8 bf ff 25 00 78 70 c8 af 00 .....h...%.xp... 00f1ffd0 bff869ef = KERNEL32.DLL:.text+0xd9ef -------------------- 0167:bff869ca 6800060000 push 00000600 0167:bff869cf e841abffff call bff81515 = KERNEL32.DLL:.text+0x8515 0167:bff869d4 ff7510 push dword ptr [ebp+10] 0167:bff869d7 ff750c push dword ptr [ebp+0c] 0167:bff869da ff7508 push dword ptr [ebp+08] 0167:bff869dd f6451001 test byte ptr [ebp+10],01 0167:bff869e1 7407 jz bff869ea = KERNEL32.DLL:.text+0xd9ea 0167:bff869e3 e8d9330000 call bff89dc1 = KERNEL32.DLL:.text+0x10dc1 0167:bff869e8 eb05 jmp bff869ef = KERNEL32.DLL:.text+0xd9ef 0167:bff869ea e8f3240000 call bff88ee2 = KERNEL32.DLL:.text+0xfee2 KERNEL32.DLL:.text+0xd9ef: *0167:bff869ef 50 push eax 0167:bff869f0 e813350000 call bff89f08 = KERNEL32.DLL!ExitThread 0167:bff869f5 5f pop edi 0167:bff869f6 5e pop esi 0167:bff869f7 5b pop ebx 0167:bff869f8 5d pop ebp 0167:bff869f9 c20c00 retd 000c 0167:bff869fc 56 push esi 0167:bff869fd 57 push edi 0167:bff869fe 8b7c240c mov edi,dword ptr [esp+0c] 0167:bff86a02 8b7738 mov esi,dword ptr [edi+38] -------------------- 00f1ffd4 780025ff = MSVCRT.DLL:.text+0x15ff -------------------- 0167:780025e2 68ff250078 push 780025ff 0167:780025e7 ff750c push dword ptr [ebp+0c] 0167:780025ea ff7508 push dword ptr [ebp+08] 0167:780025ed ff1554e00278 call dword ptr [7802e054] -> KERNEL32.DLL!CreateThread 0167:780025f3 85c0 test eax,eax 0167:780025f5 0f8464990000 jz 7800bf5f = MSVCRT.DLL:.text+0xaf5f 0167:780025fb 5f pop edi 0167:780025fc 5e pop esi 0167:780025fd 5d pop ebp 0167:780025fe c3 retd MSVCRT.DLL:.text+0x15ff: *0167:780025ff 55 push ebp 0167:78002600 8bec mov ebp,esp 0167:78002602 6aff push -01 0167:78002604 68c8e20278 push 7802e2c8 0167:78002609 6803ef0078 push 7800ef03 0167:7800260e 64a100000000 mov eax,dword ptr fs:[00000000] 0167:78002614 50 push eax 0167:78002615 64892500000000 mov dword ptr fs:[00000000],esp 0167:7800261c 83ec0c sub esp,+0c 0167:7800261f 53 push ebx 0167:78002620 56 push esi -------------------- 00f1ffd8 00afc870 -> 93 67 f8 ff ff ff ff ff 00 00 00 00 00 00 00 00 .g.............. 00f1ffdc 00000048 00f1ffe0 00000000 ... 00f1fff0 bff868ec = KERNEL32.DLL:.text+0xd8ec -------------------- 0167:bff868d5 56 push esi 0167:bff868d6 e862a60000 call bff90f3d = KERNEL32.DLL:.text+0x17f3d 0167:bff868db ff8610020000 inc dword ptr [esi+00000210] 0167:bff868e1 8bc6 mov eax,esi 0167:bff868e3 5f pop edi 0167:bff868e4 5e pop esi 0167:bff868e5 5b pop ebx 0167:bff868e6 8be5 mov esp,ebp 0167:bff868e8 5d pop ebp 0167:bff868e9 c21400 retd 0014 KERNEL32.DLL:.text+0xd8ec: *0167:bff868ec 55 push ebp 0167:bff868ed a1e09cfcbf mov eax,dword ptr [bffc9ce0] 0167:bff868f2 8bec mov ebp,esp 0167:bff868f4 8b0de49cfcbf mov ecx,dword ptr [bffc9ce4] 0167:bff868fa 53 push ebx 0167:bff868fb 56 push esi 0167:bff868fc 57 push edi 0167:bff868fd 8b19 mov ebx,dword ptr [ecx] 0167:bff868ff f6451010 test byte ptr [ebp+10],10 0167:bff86903 8b38 mov edi,dword ptr [eax] 0167:bff86905 740a jz bff86911 = KERNEL32.DLL:.text+0xd911 -------------------- 00f1fff4 780025ff = MSVCRT.DLL:.text+0x15ff -------------------- 0167:780025e2 68ff250078 push 780025ff 0167:780025e7 ff750c push dword ptr [ebp+0c] 0167:780025ea ff7508 push dword ptr [ebp+08] 0167:780025ed ff1554e00278 call dword ptr [7802e054] -> KERNEL32.DLL!CreateThread 0167:780025f3 85c0 test eax,eax 0167:780025f5 0f8464990000 jz 7800bf5f = MSVCRT.DLL:.text+0xaf5f 0167:780025fb 5f pop edi 0167:780025fc 5e pop esi 0167:780025fd 5d pop ebp 0167:780025fe c3 retd MSVCRT.DLL:.text+0x15ff: *0167:780025ff 55 push ebp 0167:78002600 8bec mov ebp,esp 0167:78002602 6aff push -01 0167:78002604 68c8e20278 push 7802e2c8 0167:78002609 6803ef0078 push 7800ef03 0167:7800260e 64a100000000 mov eax,dword ptr fs:[00000000] 0167:78002614 50 push eax 0167:78002615 64892500000000 mov dword ptr fs:[00000000],esp 0167:7800261c 83ec0c sub esp,+0c 0167:7800261f 53 push ebx 0167:78002620 56 push esi -------------------- 00f1fff8 00afc870 -> 93 67 f8 ff ff ff ff ff 00 00 00 00 00 00 00 00 .g.............. 00f1fffc 00000048