System snapshot taken on 4/12/01 3:46:13 PM. *----> Summary/Overview <----* Win32 Kernel core component attempted to read from memory that does not exist. It may be using an uninitialized variable, or it may be attempting to access memory after having freed it. Module Name: KERNEL32.DLL Description: Win32 Kernel core component Version: 4.10.2222 Product: Microsoft(R) Windows(R) Operating System Manufacturer: Microsoft Corporation Application Name: Soffice.exe Description: Office Productivity Suite Version: 6.00.6286 Manufacturer: Sun Microsystems, Inc. -------------------- If the Taskbar is behaving strangely, try exiting IMGICON. Module Name: IMGICON.EXE Description: IMGICON Version: 6, 3, 0, 6 Product: Iomega Corp. IMGICON 6.3 Manufacturer: Iomega Corp. User's Remarks: *----> System Information <----* Microsoft Windows 98 4.10.2222 A Clean install using /T:C:\WININST0.400 /SrcDir=C:\WINDOWS\OPTIONS\CABS /IS /IW /IQ /ID /IV /IZ /II /NR /II /C /U:xxxxxxxxxxxxxxxxx IE 5 5.00.2919.6307 Uptime: 0:03:06:01 Normal mode On "WROTH1" as "wroth" Fujitsu PC Corporation GenuineIntel x86 Family 6 Model 8 Stepping 3 128MB RAM 43% system resources free Windows-managed swap file on drive C (1827MB free) Temporary files on drive c (1827MB free) *----> Task list <----* Program Type Path ------------ 1. Kernel32.dll 4.10.2222 Microsoft Corporation 2. MSGSRV32.EXE 4.10.2222 Microsoft Corporation 3. Spool32.exe 4.10.1998 Microsoft Corporation 4. Mprexe.exe 4.10.1998 Microsoft Corporation 5. Mstask.exe 4.71.1959.1 Microsoft Corporation 6. MMTASK.TSK 4.03.1998 Microsoft Corporation 7. Explorer.exe 4.72.3110.1 Microsoft Corporation 8. Taskmon.exe 4.10.1998 Microsoft Corporation 9. Systray.exe 4.10.2222 Microsoft Corporation 10. Irmon.exe 4.10.1998 Microsoft Corporation 11. Prpcui.exe 1.1.0.0 Intel Corporation 12. Dockapp.exe 1, 0, 0, 1 , 13. Btnhnd.exe 2, 2, 0, 0 FUJITSU LIMITED 14. Mgavrtcl.exe 2.0.1.0 McAfee.com 15. Seti@home.exe 3.03 University of California, Berkeley 16. Imgicon.exe 6, 3, 0, 6 Iomega Corp. 17. RUNDLL.EXE 4.10.1998 Microsoft Corporation 18. Ypager.exe 3, 5, 0, 844 Yahoo! Inc. 19. Netswtray.exe 3, 2, 2, 0 J.W. Hance 20. Pmset98.exe 1, 1, 0, 1 FUJITSU LIMITED 21. Drwatson.exe 4.03 Microsoft Corporation 22. Wmiexe.exe 5.00.1755.1 Microsoft Corporation 23. Mgavrte.exe 1, 0, 0, 42 McAfee.com 24. Netscape.exe 4.76.0.11 Netscape Communications Corporation 25. Palm.exe 4.0.0 Palm, Inc. 26. Hotsync.exe 3.1.1 Palm, Inc. 27. Alarmapp.exe 4.0.0 Palm, Inc. 28. Ddhelp.exe 4.07.00.0700 Microsoft Corporation 29. Dtsc.exe 2.0 Iomega 30. Netscape.exe 4.76.0.11 Netscape Communications Corporation 31. Soffice.exe 6.00.6286 Sun Microsystems, Inc. *----> Startup Items <----* Name Loaded from Command ------------------- 1. PMSet98 Startup Group "C:\Program Files\Fujitsu\PMSet98\PMSet98.exe" /A 2. Shortcut to Drwatson.exe Startup Group C:\WINDOWS\DRWATSON.EXE 3. Microsoft Office Startup Group "C:\Program Files\Microsoft Office\Office10\OSA.EXE" -b -l 4. Taskbar Display Controls Registry (Per-User Run) RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY 5. Yahoo! Pager Registry (Per-User Run) C:\PROGRAM FILES\YAHOO!\MESSENGER\ypager.exe 6. NetSwitcher Tray Application Registry (Per-User Run) C:\PROGRA~1\NETSWI~2\NETSWT~1.EXE 7. ScanRegistry Registry (Machine Run) c:\windows\scanregw.exe /autorun 8. TaskMonitor Registry (Machine Run) c:\windows\taskmon.exe 9. SystemTray Registry (Machine Run) SysTray.Exe 10. IrMon Registry (Machine Run) IrMon.exe 11. LoadPowerProfile Registry (Machine Run) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme 12. PRPCMonitor Registry (Machine Run) PRPCUI.exe 13. BayMgr Registry (Machine Run) DockApp.exe 14. SBWatchDog.EXE Registry (Machine Run) C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.EXE /l 15. LoadBtnHnd Registry (Machine Run) C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe 16. mgavrtclexe Registry (Machine Run) C:\WINDOWS\MCBin\AV\Rt\mgavrtcl.exe 17. seticlient Registry (Machine Run) C:\Program Files\SETI@home\SETI@home.exe -min 18. CriticalUpdate Registry (Machine Run) c:\windows\SYSTEM\wucrtupd.exe -startup 19. Iomega Startup Options Registry (Machine Run) C:\Program Files\Iomega\Common\ImgStart.exe 20. Iomega Drive Icons Registry (Machine Run) C:\Program Files\Iomega\DriveIcons\ImgIcon.exe 21. LoadPowerProfile Registry (Machine Service) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme 22. SchedulingAgent Registry (Machine Service) mstask.exe 23. mgavrtclexe Registry (Machine Service) C:\WINDOWS\MCBin\AV\Rt\mgavrte.exe *----> System Hooks <----* Hook type Hooked by Application DLL path Application path ------------------------ 1. Keyboard Idle.dll YPAGER.EXE C:\PROGRAM FILES\YAHOO!\MESSENGER\Idle.dll C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE 2. Mouse Idle.dll YPAGER.EXE C:\PROGRAM FILES\YAHOO!\MESSENGER\Idle.dll C:\PROGRAM FILES\YAHOO!\MESSENGER\YPAGER.EXE 3. Shell Imghook.dll IMGICON.EXE C:\PROGRAM FILES\IOMEGA\DRIVEICONS\Imghook.dll C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE *----> Kernel Drivers <----* Driver Loaded from Type Likely path ------------------- 1. VMM Microsoft Corporation Virtual Machine Manager 2. MTRR Microsoft Corporation ? 3. VCACHE Microsoft Corporation Cache manager 4. DFS 4.10.2222 Microsoft Corporation DFS Virtual Device (Version 4.0) 5. PERF Microsoft Corporation System Monitor data collection driver 6. VFIXD 1.00.02 Intel Corporation Compatibility VxD 7. VPOWERD 4.10.2223 Microsoft Corporation VPOWERD Virtual Device (Version 4.0) 8. VPICD Microsoft Corporation Hardware interrupt manager 9. VrtwD 1.1.075.3 Intel Corporation Real-Time Clock VxD 10. VTD Microsoft Corporation Timer device driver 11. VWIN32 Microsoft Corporation Win32 subsystem driver 12. VXDLDR Microsoft Corporation Dynamic device driver loader 13. NTKERN Microsoft Corporation Windows Driver Model 14. CONFIGMG Microsoft Corporation Configuration manager 15. PCI 4.10.2223 Microsoft Corporation PCI Virtual Device (Version 4.0) 16. ISAPNP 4.10.1998 Microsoft Corporation ISAPNP Virtual Device (Version 4.0) 17. PCCARD 4.10.2222 Microsoft Corporation PCCARD Virtual Device (Version 4.0) 18. ACPI Microsoft Corporation ? 19. VCDFSD Microsoft Corporation CD-ROM filesystem driver 20. IOS Microsoft Corporation I/O Supervisor 21. PAGEFILE Microsoft Corporation Swapfile driver 22. PAGESWAP Microsoft Corporation Swapfile manager 23. PARITY Microsoft Corporation Memory parity driver 24. REBOOT Microsoft Corporation Ctrl+Alt+Del manager 25. EBIOS Microsoft Corporation Extended BIOS driver 26. VDD Microsoft Corporation Display driver 27. TRIDENT 4.12.01.2224 Trident Microsystems, Inc. TRIDENT Virtual Device (Version 4.0) 28. VSD Microsoft Corporation Speaker driver 29. LTVCD 5.62 LT LT Windows Modem 30. COMBUFF Microsoft Corporation Communications buffer driver 31. VCD Microsoft Corporation Communications port driver 32. SERIAL 4.10.2222 Microsoft Corporation SERIAL Virtual Device (Version 4.0) 33. IRENUM 4.10.2222 Microsoft Corporation IRENUM Virtual Device (Version 4.0) 34. FASTIR 4.10.1998 Microsoft Corporation FASTIR Virtual Device (Version 4.0) 35. VMOUSE Microsoft Corporation Mouse driver 36. MSMINI 4.10.1998 Microsoft Corporation MSMINI Virtual Device (Version 4.0) 37. VKD Microsoft Corporation Keyboard driver 38. VPD Microsoft Corporation Printer driver 39. INT13 Microsoft Corporation BIOS hard disk emulation driver 40. VMCPD Microsoft Corporation Math coprocessor driver 41. BIOSXLAT Microsoft Corporation BIOS emulation driver 42. VNETBIOS 4.10.1998 Microsoft Corporation VNETBIOS Virtual Device (Version 4.0) 43. NDIS 4.10.2222 Microsoft Corporation NDIS Virtual Device (Version 4.0) 44. PPPMAC 4.10.2222 Microsoft Corporation Windows Virtual PPP Driver 45. NDISWAN 4.10.1998 Microsoft Corporation Windows Virtual WAN Protocol Driver 46. NETBEUI 4.10.1998 Microsoft Corporation NETBEUI Virtual Device (Version 4.0) 47. VTDI 4.10.1998 Microsoft Corporation Windows TDI Support Driver 48. WSOCK2 4.10.1998 Microsoft Corporation Windows Sockets Driver 2 TCP/IP only. 49. VIP 4.10.2226 Microsoft Corporation Windows IP Driver 50. MSTCP 4.10.2222 Microsoft Corporation Windows TCP Driver 51. VDHCP 4.10.2161 Microsoft Corporation DHCP VxD Driver 52. VNBT 4.10.2148 Microsoft Corporation VNBT VxD Driver 53. AFVXD 4.10.2222 Microsoft Corporation Windows Sockets VTDI Driver 54. DOSMGR Microsoft Corporation MS-DOS emulation manager 55. VMPOLL Microsoft Corporation System idle-time driver 56. JAVASUP 5.00.3229 Microsoft Corporation Microsoft® Virtual Machine Helper Device for Java 57. VCOMM Microsoft Corporation Communications port Plug and Play driver 58. VCOND Microsoft Corporation Console subsystem driver 59. VTDAPI Microsoft Corporation Multimedia timer driver 60. TSIUSB 11,500,7500,0 LapLink.com, Inc. TBird Component 61. mrtRate Version 2.11 Marimba, Inc. Rate Sencing Driver 62. VFLATD Microsoft Corporation Linear aperture video driver 63. SBEMUL 64. mmdevldr 4.10.1998 Microsoft Corporation mmdevldr Virtual Device (Version 4.0) 65. BAYMGR 1.00.5 Softex Inc. BayManager Miniport Driver 66. CBSS 4.10.2222 Microsoft Corporation CBSS Virtual Device (Version 4.0) 67. Display1 68. CDTSD 4.10.1998 Microsoft Corporation CDTSD Virtual Device (Version 4.0) 69. CDVSD 4.10.2222 Microsoft Corporation CDVSD Virtual Device (Version 4.0) 70. DiskTSD 4.10.2222 Microsoft Corporation DiskTSD Virtual Device (Version 4.0) 71. DiskVSD 4.10.1998 Microsoft Corporation DiskVSD Virtual Device (Version 4.0) 72. voltrack 4.10.1998 Microsoft Corporation voltrack Virtual Device (Version 4.0) 73. YEDFD 4.33 Y-E DATA INC. YEDFD VSD 74. IOMEGA 6.7.5.0 Iomega Corporation IOMEGA Universal DASD VSD 75. MXLW9X 1.0.0.59 MusicMatch, Inc. MusicMatch Access Layer VxD 76. MXLSTACK 1.0.0.59 MusicMatch, Inc. MusicMatch Access Layer Stack VxD 77. CDR4VSD 2.5 (080) Adaptec CD-R Helper VSD for Windows 95 78. APIX 4.00.952 Microsoft Corporation APIX Virtual Device (Version 4.0) 79. CDRPWD 2.5d (296) Adaptec CD-R Packet Writing Driver 80. CD_Read 1.2.0.0 Iomega Corporation IOMEGA Recordit VXD 81. RMM 4.10.1998 Microsoft Corporation RMM Virtual Device (Version 4.0) 82. BIGMEM 4.10.1998 Microsoft Corporation BIGMEM Virtual Device (Version 4.0) 83. SPAP 4.10.2222 Microsoft Corporation SPAP Virtual Device (Version 4.0) 84. AOLMAC 1.63 America Online Network Adapter 85. HSFLOP 4.10.2222 Microsoft Corporation HSFLOP Virtual Device (Version 4.0) 86. SCSIPORT 4.10.2222 Microsoft Corporation SCSIPORT Virtual Device (Version 4.0) 87. SERENUM 4.10.2222 Microsoft Corporation SERENUM Virtual Device (Version 4.0) 88. LPTENUM 4.10.1998 Microsoft Corporation LPTENUM Virtual Device (Version 4.0) 89. SERWAVE 4.10.2222 Microsoft Corporation Serwave Virtual Device 90. WDMAUD 91. THOTKEY 4.12.01.2224 Trident Microsystems, Inc. Virtual Hotkey device change Driver. 92. sage 4.71.1016 Microsoft Corporation sage Virtual Device (Version 4.0) 93. vjoyd 4.07.00.0716 Microsoft Corporation Joystick Virtual Device 94. BTNHND 95. MCKRNL 96. MCUTIL 97. MCSCAN32 98. WSHTCP 4.10.1998 Microsoft Corporation Windows Sockets TCP helper Driver 99. DDRAW 4.07.00.0700 Microsoft Corporation DirectDraw Virtual Device 100. FIOLOG 4.10.1998 Microsoft Corporation File I/O Logging VxD for Application Defrag 101. DRVWCDB 3.10.36a Seagate Software, Inc. Device Driver 102. DRVWPPQT 3.10.36a Seagate Software, Inc. Device Driver 103. DRVWQ117 3.10.36a Seagate Software, Inc. Device Driver 104. VDMAD Microsoft Corporation Direct Memory Access controller driver 105. V86MMGR Microsoft Corporation MS-DOS memory manager 106. VSHINIT 107. VSHIELD 108. SPOOLER Microsoft Corporation Print spooler 109. UDF Microsoft Corporation ? 110. VFAT Microsoft Corporation FAT filesystem driver 111. VDEF Microsoft Corporation Default filesystem driver 112. CDFS 4.10.1998 Microsoft Corporation CDFS Virtual Device (Version 4.0) 113. CDUDF 2.5d (296) Adaptec CD-UDF File System Driver 114. CDUDFRW 2.5d (296) Adaptec CD-UDF RW File System Driver 115. UDFREADR 1.02 (107) Adaptec CD-UDF Read-Only File System Driver 116. IFSMGR Microsoft Corporation File system manager 117. VNETSUP 4.10.1998 Microsoft Corporation VNETSUP Virtual Device (Version 4.0) 118. VREDIR 4.10.2222 Microsoft Corporation VREDIR Virtual Device (Version 4.0) 119. VSERVER 4.10.2224 Microsoft Corporation VSERVER Virtual Device (Version 4.0) 120. VFBACKUP Microsoft Corporation Floppy backup helper driver 121. SHELL Microsoft Corporation Shell device driver 122. DRWATSON 4.03 Microsoft Corporation Dr. Watson for Windows 98 123. KMIXER 124. SYSAUDIO 125. redbook 126. swmidi 127. wdmaud 128. baymgr 1.00.5 Softex Inc. BayManager Miniport Driver 129. e100bnt5 3.37.20.0002 Intel Corporation NDIS 5 driver 130. smcirda 4.10.1998 Microsoft Corporation smcirda.SYS miniport 131. netpptp 4.10.2222 Microsoft Corporation Windows Point to Point Tunneling Driver 132. usbhub 133. WMILIB 134. WMIDRV 135. uhcd 136. USBD 137. sbemul 138. STAC97FJ 139. portcls 140. cmbatt 141. fuj02b1 142. hidvkd 143. ec 144. compbatt 145. BATTC 146. acpi Microsoft Corporation ? 147. swenum 148. ks 149. update 150. prpc 151. wdmfs *----> User-Mode Drivers <----* Driver Type Path ------------ 1. mmsystem.dll 4.03.1998 Microsoft Corporation 2. power.drv 4.10.1998 Microsoft Corporation 3. serwvdrv.drv 4.10.2222 Microsoft Corporation 4. msacm.drv 4.03.1998 Microsoft Corporation 5. wdmaud.drv 4.10.1998 Microsoft Corporation 6. midimap.drv 4.03.1998 Microsoft Corporation *----> MS-DOS Drivers <----* Name Type ------------ 1. HIMEM Device driver 2. DBLBUFF Device driver 3. IFSHLP Device driver 4. DOSKEY TSR program *----> 32-bit Modules <----* Name Date Address Path --------------- 1. CFGMGR2.DLL 6.00.6286 Sun Microsystems, Inc. 2. REG2.DLL 6.00.6286 Sun Microsystems, Inc. 3. STORE2.DLL 6.00.6286 Sun Microsystems, Inc. 4. TDMGR.DLL 6.00.6286 Sun Microsystems, Inc. 5. RDBTDP.DLL 6.00.6286 Sun Microsystems, Inc. 6. IMPREG.DLL 6.00.6286 Sun Microsystems, Inc. 7. CPLD.DLL 6.00.6286 Sun Microsystems, Inc. 8. DEFREG.DLL 6.00.6286 Sun Microsystems, Inc. 9. SIMREG.DLL 6.00.6286 Sun Microsystems, Inc. 10. SMGR.DLL 6.00.6286 Sun Microsystems, Inc. 11. SOFFICE.EXE 6.00.6286 Sun Microsystems, Inc. Office Productivity Suite 12. OFA625MI.DLL 6.00.6286 Sun Microsystems, Inc. 13. BASCTL625MI.DLL 6.00.6286 Sun Microsystems, Inc. 14. SVX625MI.DLL 6.00.6286 Sun Microsystems, Inc. 15. DL625MI.DLL 6.00.6286 Sun Microsystems, Inc. 16. DBTOOLS2.DLL 6.00.6286 Sun Microsystems, Inc. 17. SET625MI.DLL 6.00.6286 Sun Microsystems, Inc. 18. VERSION.DLL 4.10.1998 Microsoft Corporation Win32 VERSION core component 19. SFX625MI.DLL 6.00.6286 Sun Microsystems, Inc. 20. XO625MI.DLL 6.00.6286 Sun Microsystems, Inc. 21. GO625MI.DLL 6.00.6286 Sun Microsystems, Inc. 22. SO625MI.DLL 6.00.6286 Sun Microsystems, Inc. 23. J625MI_G.DLL 6.00.6286 Sun Microsystems, Inc. 24. SB625MI.DLL 6.00.6286 Sun Microsystems, Inc. 25. XCR625MI.DLL 6.00.6286 Sun Microsystems, Inc. 26. SVT625MI.DLL 6.00.6286 Sun Microsystems, Inc. 27. USER9X.DLL 6.00.6286 Sun Microsystems, Inc. 28. SVL625MI.DLL 6.00.6286 Sun Microsystems, Inc. 29. TK625MI.DLL 6.00.6286 Sun Microsystems, Inc. 30. VCL625MI.DLL 6.00.6286 Sun Microsystems, Inc. 31. IMM32.DLL 4.10.1998 Microsoft Corporation Win32 IMM32 core component 32. WINSPOOL.DRV 4.10.1998 Microsoft Corporation Win32 WINSPOOL core component 33. SOT625MI.DLL 6.00.6286 Sun Microsystems, Inc. 34. UTL625MI.DLL 6.00.6286 Sun Microsystems, Inc. 35. UCBHELPER1MSC.DLL 6.00.6286 Sun Microsystems, Inc. 36. COMPHELP2.DLL 6.00.6286 Sun Microsystems, Inc. 37. STS625MI.DLL 6.00.6286 Sun Microsystems, Inc. 38. CPPUHELPER2MSC.DLL 6.00.6286 Sun Microsystems, Inc. 39. CPPU2.DLL 6.00.6286 Sun Microsystems, Inc. 40. TL625MI.DLL 6.00.6286 Sun Microsystems, Inc. 41. VOS2MSC.DLL 6.00.6286 Sun Microsystems, Inc. 42. SAL2.DLL 6.00.6286 Sun Microsystems, Inc. 43. SHELL9X.DLL 6.00.6286 Sun Microsystems, Inc. 44. SHELL32.DLL 4.72.3612.1700 Microsoft Corporation Windows Shell Common Dll 45. COMCTL32.DLL 5.81 Microsoft Corporation Common Controls Library 46. KERNEL9X.DLL 6.00.6286 Sun Microsystems, Inc. 47. OLE32.DLL 4.71.2900 Microsoft Corporation Microsoft OLE for Windows and Windows NT 48. MPR.DLL 4.10.1998 Microsoft Corporation WIN32 Network Interface DLL 49. WSOCK32.DLL 4.10.1998 Microsoft Corporation BSD Socket API for Windows 50. MSWSOCK.DLL 4.10.2222 Microsoft Corporation Microsoft WinSock Extension APIs 51. WS2_32.DLL 4.10.2222 Microsoft Corporation Windows Socket 2.0 32-Bit DLL 52. WININET.DLL 5.00.3017.1200 Microsoft Corporation Internet Extensions for Win32 53. SHLWAPI.DLL 5.00.2919.6304 Microsoft Corporation Shell Light-weight Utility Library 54. WS2HELP.DLL 4.10.1998 Microsoft Corporation Windows Socket 2.0 Helper for Windows 98 55. USER32.DLL 4.10.2222 Microsoft Corporation Win32 USER32 core component 56. GDI32.DLL 4.10.1998 Microsoft Corporation Win32 GDI core component 57. MSVCRT.DLL 6.00.8397.0 Microsoft Corporation Microsoft (R) C Runtime Library 58. ADVAPI32.DLL 4.80.1675 Microsoft Corporation Win32 ADVAPI32 core component 59. KERNEL32.DLL 4.10.2222 Microsoft Corporation Win32 Kernel core component *----> 16-bit Modules <----* Name Type Path ------------ 1. KERNEL 4.10.1998 Microsoft Corporation 2. SYSTEM 4.10.1998 Microsoft Corporation 3. KEYBOARD 4.10.2222 Microsoft Corporation 4. MOUSE 9.01.0.000 Microsoft Corporation 5. DISPLAY 4.12.01.2224 Trident Microsystems, Inc. 6. DIBENG 4.10.1998 Microsoft Corporation 7. WIN87EM 8. M97BIOS 4.12.01.2224 Trident Microsystems, Inc. 9. EMBED95 4.12.01.2224 Trident Microsystems, Inc. 10. SOUND 4.10.1998 Microsoft Corporation 11. COMM 4.10.1998 Microsoft Corporation 12. GDI 4.10.2222 Microsoft Corporation 13. USER 4.10.2223 Microsoft Corporation 14. DDEML 4.10.1998 Microsoft Corporation 15. MSPLUS 4.40.500 Microsoft Corporation 16. MSGSRV32 4.10.2222 Microsoft Corporation 17. MMSYSTEM 4.03.1998 Microsoft Corporation 18. POWER 4.10.1998 Microsoft Corporation 19. LZEXPAND 4.00.429 Microsoft Corporation 20. VER 4.10.1998 Microsoft Corporation 21. SHELL 4.10.1998 Microsoft Corporation 22. COMMCTRL 4.10.1998 Microsoft Corporation 23. SYSTHUNK 4.10.1998 Microsoft Corporation 24. OLECLI 1.20.000 Microsoft Corporation 25. OLESVR 1.10.000 Microsoft Corporation 26. TRID_KEY 27. SERWVDRV 4.10.2222 Microsoft Corporation 28. VMODCTL 4.10.2222 Microsoft Corporation 29. UMDM16 4.10.1998 Microsoft Corporation 30. UMDMXFRM 4.10.2222 Microsoft Corporation 31. MSACMMAP 4.03.1998 Microsoft Corporation 32. MSACM 4.03.1998 Microsoft Corporation 33. MMTASK 4.03.1998 Microsoft Corporation 34. WDMAUDDRV 4.10.1998 Microsoft Corporation 35. MIDIMAP 4.03.1998 Microsoft Corporation 36. COMMDLG 4.00.950 Microsoft Corporation 37. RUNDLL 4.10.1998 Microsoft Corporation 38. DESKCP16 4.10.2222 Microsoft Corporation 39. TOOLHELP 4.10.1998 Microsoft Corporation 40. RWABS16 41. PIFMGR 4.10.2222 Microsoft Corporation 42. PSCRIPT 4.10.2222 Microsoft Corporation 43. DDRAW16 4.07.00.0700 Microsoft Corporation *----> Details <----* Command line: "C:\Program Files\OpenOffice\625\program\soffice.exe" "C:\WINDOWS\DESKTOP\BUILDOO.SDW" Trap 0e 0000 - Invalid page fault eax=00a22ef4 ebx=00b12eb8 ecx=00a2000c edx=00100000 esi=00a22ef4 edi=000effc4 eip=bff7a125 esp=00c4f7c4 ebp=00c4f804 -- -- -- nv up EI pl nz AC po nc cs=0167 ss=016f ds=016f es=016f fs=5c37 gs=0000 KERNEL32.DLL:.text+0x1125: >0167:bff7a125 8b03 mov eax,dword ptr [ebx] sel type base lim/bot ---- ---- -------- -------- cs 0167 r-x- 00000000 ffffffff ss 016f rw-e 00000000 0000b7a0 ds 016f rw-e 00000000 0000b7a0 es 016f rw-e 00000000 0000b7a0 fs 5c37 rw-- 8178b3a8 00000037 gs 0000 ---- stack base: 00b50000 TIB limits: 00c4b000 - 00c50000 -- exception record -- Exception Code: c0000005 (access violation) Exception Address: bff7a125 (KERNEL32.DLL:.text+0x1125) Exception Info: 00000000 00b12eb8 KERNEL32.DLL:.text+0x1125: >0167:bff7a125 8b03 mov eax,dword ptr [ebx] 0167:bff7a109 e83e010000 call bff7a24c = KERNEL32.DLL:.text+0x124c 0167:bff7a10e c20800 retd 0008 0167:bff7a111 53 push ebx 0167:bff7a112 56 push esi 0167:bff7a113 8b742410 mov esi,dword ptr [esp+10] 0167:bff7a117 57 push edi 0167:bff7a118 8b7c2418 mov edi,dword ptr [esp+18] 0167:bff7a11c 55 push ebp 0167:bff7a11d ba00001000 mov edx,00100000 0167:bff7a122 8d1c3e lea ebx,[esi+edi] KERNEL32.DLL:.text+0x1125: *0167:bff7a125 8b03 mov eax,dword ptr [ebx] 0167:bff7a127 a801 test al,01 0167:bff7a129 7425 jz bff7a150 = KERNEL32.DLL:.text+0x1150 0167:bff7a12b 25fcffff0f and eax,0ffffffc 0167:bff7a130 8b5308 mov edx,dword ptr [ebx+08] 0167:bff7a133 03f8 add edi,eax 0167:bff7a135 8b4b04 mov ecx,dword ptr [ebx+04] 0167:bff7a138 895108 mov dword ptr [ecx+08],edx 0167:bff7a13b 8b5308 mov edx,dword ptr [ebx+08] 0167:bff7a13e 8b4304 mov eax,dword ptr [ebx+04] 0167:bff7a141 894204 mov dword ptr [edx+04],eax -------------------- -- stack summary -- 016f:00c4f804 0167:bff7a125 KERNEL32.DLL:.text+0x1125 (00a20000,00a22eb8,0000003c,00000000, 00000036,00d84de0,00d838c8,00000000) 016f:00c4f82c 0167:bff7a550 KERNEL32.DLL:.text+0x1550 (00a20000,0000003c,00000000,bff77d9f, 00e715ad,00a20000,00000000,00000036) 016f:00c4f840 0167:bff88dc4 KERNEL32.DLL:.text+0xfdc4 (00a20000,00000000,00000036,00d81cb0, 00d84de0,00d81cb0,00000000,004136f2) 016f:bff77d9e 0167:00e715ad KERNEL9X.DLL:.text+0x5ad (896432ff,244c8b22,018b6614,24244c8b, 018a02e3,28244c8b,018b02e3,83028f64) -- stack trace -- 016f:00c4f804 0167:bff7a125 KERNEL32.DLL:.text+0x1125 (00a20000,00a22eb8,0000003c,00000000, 00000036,00d84de0,00d838c8,00000000) 0167:bff7a109 e83e010000 call bff7a24c = KERNEL32.DLL:.text+0x124c 0167:bff7a10e c20800 retd 0008 0167:bff7a111 53 push ebx 0167:bff7a112 56 push esi 0167:bff7a113 8b742410 mov esi,dword ptr [esp+10] 0167:bff7a117 57 push edi 0167:bff7a118 8b7c2418 mov edi,dword ptr [esp+18] 0167:bff7a11c 55 push ebp 0167:bff7a11d ba00001000 mov edx,00100000 0167:bff7a122 8d1c3e lea ebx,[esi+edi] KERNEL32.DLL:.text+0x1125: *0167:bff7a125 8b03 mov eax,dword ptr [ebx] 0167:bff7a127 a801 test al,01 0167:bff7a129 7425 jz bff7a150 = KERNEL32.DLL:.text+0x1150 0167:bff7a12b 25fcffff0f and eax,0ffffffc 0167:bff7a130 8b5308 mov edx,dword ptr [ebx+08] 0167:bff7a133 03f8 add edi,eax 0167:bff7a135 8b4b04 mov ecx,dword ptr [ebx+04] 0167:bff7a138 895108 mov dword ptr [ecx+08],edx 0167:bff7a13b 8b5308 mov edx,dword ptr [ebx+08] 0167:bff7a13e 8b4304 mov eax,dword ptr [ebx+04] 0167:bff7a141 894204 mov dword ptr [edx+04],eax -------------------- 016f:00c4f82c 0167:bff7a550 KERNEL32.DLL:.text+0x1550 (00a20000,0000003c,00000000,bff77d9f, 00e715ad,00a20000,00000000,00000036) 0167:bff7a532 8b4604 mov eax,dword ptr [esi+04] 0167:bff7a535 8b4dfc mov ecx,dword ptr [ebp-04] 0167:bff7a538 894104 mov dword ptr [ecx+04],eax 0167:bff7a53b 894e04 mov dword ptr [esi+04],ecx 0167:bff7a53e e953ffffff jmp bff7a496 = KERNEL32.DLL:.text+0x1496 0167:bff7a543 ff7510 push dword ptr [ebp+10] 0167:bff7a546 ff750c push dword ptr [ebp+0c] 0167:bff7a549 53 push ebx 0167:bff7a54a 56 push esi 0167:bff7a54b e8a6fdffff call bff7a2f6 = KERNEL32.DLL:.text+0x12f6 KERNEL32.DLL:.text+0x1550: *0167:bff7a550 89450c mov dword ptr [ebp+0c],eax 0167:bff7a553 85c0 test eax,eax 0167:bff7a555 7436 jz bff7a58d = KERNEL32.DLL:.text+0x158d 0167:bff7a557 ff7510 push dword ptr [ebp+10] 0167:bff7a55a 56 push esi 0167:bff7a55b 0d000000a0 or eax,a0000000 0167:bff7a560 8903 mov dword ptr [ebx],eax 0167:bff7a562 e889fbffff call bff7a0f0 = KERNEL32.DLL:.text+0x10f0 0167:bff7a567 8d4304 lea eax,[ebx+04] 0167:bff7a56a eb49 jmp bff7a5b5 = KERNEL32.DLL:.text+0x15b5 0167:bff7a56c 6a08 push +08 -------------------- 016f:00c4f840 0167:bff88dc4 KERNEL32.DLL:.text+0xfdc4 (00a20000,00000000,00000036,00d81cb0, 00d84de0,00d81cb0,00000000,004136f2) 0167:bff88da7 8b450c mov eax,dword ptr [ebp+0c] 0167:bff88daa 8b4d0c mov ecx,dword ptr [ebp+0c] 0167:bff88dad 83e008 and eax,+08 0167:bff88db0 83e104 and ecx,+04 0167:bff88db3 c1e003 shl eax,03 0167:bff88db6 0bc1 or eax,ecx 0167:bff88db8 50 push eax 0167:bff88db9 ff7510 push dword ptr [ebp+10] 0167:bff88dbc ff7508 push dword ptr [ebp+08] 0167:bff88dbf e88616ffff call bff7a44a = KERNEL32.DLL:.text+0x144a KERNEL32.DLL:.text+0xfdc4: *0167:bff88dc4 5d pop ebp 0167:bff88dc5 c20c00 retd 000c 0167:bff88dc8 56 push esi 0167:bff88dc9 57 push edi 0167:bff88dca 8b74240c mov esi,dword ptr [esp+0c] 0167:bff88dce 8b7e38 mov edi,dword ptr [esi+38] 0167:bff88dd1 8b4754 mov eax,dword ptr [edi+54] 0167:bff88dd4 85c0 test eax,eax 0167:bff88dd6 7453 jz bff88e2b = KERNEL32.DLL:.text+0xfe2b 0167:bff88dd8 8b4008 mov eax,dword ptr [eax+08] 0167:bff88ddb ff742410 push dword ptr [esp+10] -------------------- 016f:bff77d9e 0167:00e715ad KERNEL9X.DLL:.text+0x5ad (896432ff,244c8b22,018b6614,24244c8b, 018a02e3,28244c8b,018b02e3,83028f64) 0167:00e71593 6a00 push +00 0167:00e71595 ffd5 call ebp 0167:00e71597 8bf8 mov edi,eax 0167:00e71599 85ff test edi,edi 0167:00e7159b 7478 jz 00e71615 = KERNEL9X.DLL:.text+0x615 0167:00e7159d 57 push edi 0167:00e7159e 6a00 push +00 0167:00e715a0 ff151020e700 call dword ptr [00e72010] -> KERNEL32.DLL!GetProcessHeap 0167:00e715a6 50 push eax 0167:00e715a7 ff150c20e700 call dword ptr [00e7200c] -> KERNEL32.DLL!HeapAlloc KERNEL9X.DLL:.text+0x5ad: *0167:00e715ad 8bf0 mov esi,eax 0167:00e715af 85f6 test esi,esi 0167:00e715b1 740f jz 00e715c2 = KERNEL9X.DLL:.text+0x5c2 0167:00e715b3 6a00 push +00 0167:00e715b5 6a00 push +00 0167:00e715b7 57 push edi 0167:00e715b8 56 push esi 0167:00e715b9 6aff push -01 0167:00e715bb 53 push ebx 0167:00e715bc 6a00 push +00 0167:00e715be 6a00 push +00 -------------------- -- stack dump -- 00c4f7c4 00c4f804 -> 2c f8 c4 00 50 a5 f7 bf 00 00 a2 00 b8 2e a2 00 ,...P........... 00c4f7c8 000effc4 00c4f7cc 00a22eb8 -> 00 00 0f a0 0c 00 a2 00 3c 00 a2 00 3a 5c 00 00 ........<...:\.. 00c4f7d0 0000003c 00c4f7d4 bff7a3a0 = KERNEL32.DLL:.text+0x13a0 -------------------- 0167:bff7a385 2bfb sub edi,ebx 0167:bff7a387 57 push edi 0167:bff7a388 894108 mov dword ptr [ecx+08],eax 0167:bff7a38b 8b5604 mov edx,dword ptr [esi+04] 0167:bff7a38e 8b4608 mov eax,dword ptr [esi+08] 0167:bff7a391 895004 mov dword ptr [eax+04],edx 0167:bff7a394 8d041e lea eax,[esi+ebx] 0167:bff7a397 50 push eax 0167:bff7a398 ff7508 push dword ptr [ebp+08] 0167:bff7a39b e871fdffff call bff7a111 = KERNEL32.DLL:.text+0x1111 KERNEL32.DLL:.text+0x13a0: *0167:bff7a3a0 eb36 jmp bff7a3d8 = KERNEL32.DLL:.text+0x13d8 0167:bff7a3a2 8b4d08 mov ecx,dword ptr [ebp+08] 0167:bff7a3a5 0fb64170 movzx eax,byte ptr [ecx+70] 0167:bff7a3a9 0b45f4 or eax,dword ptr [ebp-0c] 0167:bff7a3ac 50 push eax 0167:bff7a3ad 8b45f8 mov eax,dword ptr [ebp-08] 0167:bff7a3b0 2b45fc sub eax,dword ptr [ebp-04] 0167:bff7a3b3 50 push eax 0167:bff7a3b4 ff75fc push dword ptr [ebp-04] 0167:bff7a3b7 e8f6feffff call bff7a2b2 = KERNEL32.DLL:.text+0x12b2 0167:bff7a3bc 85c0 test eax,eax -------------------- 00c4f7d8 00a20000 -> 00 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00c4f7dc 00a22ef4 -> 00 00 00 00 69 28 27 95 10 00 41 70 70 6c 69 63 ....i('...Applic 00c4f7e0 000effc4 00c4f7e4 00000000 00c4f7e8 00a2000c -> 01 00 00 a0 8c 2d a2 00 3c 00 a2 00 80 00 00 00 .....-..<....... 00c4f7ec 00a20000 -> 00 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00c4f7f0 00a22eb8 -> 00 00 0f a0 0c 00 a2 00 3c 00 a2 00 3a 5c 00 00 ........<...:\.. 00c4f7f4 00000000 ... 00c4f7fc 00000b12 00c4f800 00000a23 00c4f804 00c4f82c -> 40 f8 c4 00 c4 8d f8 bf 00 00 a2 00 3c 00 00 00 @...........<... 00c4f808 bff7a550 = KERNEL32.DLL:.text+0x1550 -------------------- 0167:bff7a532 8b4604 mov eax,dword ptr [esi+04] 0167:bff7a535 8b4dfc mov ecx,dword ptr [ebp-04] 0167:bff7a538 894104 mov dword ptr [ecx+04],eax 0167:bff7a53b 894e04 mov dword ptr [esi+04],ecx 0167:bff7a53e e953ffffff jmp bff7a496 = KERNEL32.DLL:.text+0x1496 0167:bff7a543 ff7510 push dword ptr [ebp+10] 0167:bff7a546 ff750c push dword ptr [ebp+0c] 0167:bff7a549 53 push ebx 0167:bff7a54a 56 push esi 0167:bff7a54b e8a6fdffff call bff7a2f6 = KERNEL32.DLL:.text+0x12f6 KERNEL32.DLL:.text+0x1550: *0167:bff7a550 89450c mov dword ptr [ebp+0c],eax 0167:bff7a553 85c0 test eax,eax 0167:bff7a555 7436 jz bff7a58d = KERNEL32.DLL:.text+0x158d 0167:bff7a557 ff7510 push dword ptr [ebp+10] 0167:bff7a55a 56 push esi 0167:bff7a55b 0d000000a0 or eax,a0000000 0167:bff7a560 8903 mov dword ptr [ebx],eax 0167:bff7a562 e889fbffff call bff7a0f0 = KERNEL32.DLL:.text+0x10f0 0167:bff7a567 8d4304 lea eax,[ebx+04] 0167:bff7a56a eb49 jmp bff7a5b5 = KERNEL32.DLL:.text+0x15b5 0167:bff7a56c 6a08 push +08 -------------------- 00c4f80c 00a20000 -> 00 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00c4f810 00a22eb8 -> 00 00 0f a0 0c 00 a2 00 3c 00 a2 00 3a 5c 00 00 ........<...:\.. 00c4f814 0000003c 00c4f818 00000000 00c4f81c 00000036 00c4f820 00d84de0 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00c4f824 00d838c8 -> 43 00 3a 00 5c 00 50 00 52 00 4f 00 47 00 52 00 C.:.\.P.R.O.G.R. 00c4f828 00000000 00c4f82c 00c4f840 -> 9f 7d f7 bf ad 15 e7 00 00 00 a2 00 00 00 00 00 .}.............. 00c4f830 bff88dc4 = KERNEL32.DLL:.text+0xfdc4 -------------------- 0167:bff88da7 8b450c mov eax,dword ptr [ebp+0c] 0167:bff88daa 8b4d0c mov ecx,dword ptr [ebp+0c] 0167:bff88dad 83e008 and eax,+08 0167:bff88db0 83e104 and ecx,+04 0167:bff88db3 c1e003 shl eax,03 0167:bff88db6 0bc1 or eax,ecx 0167:bff88db8 50 push eax 0167:bff88db9 ff7510 push dword ptr [ebp+10] 0167:bff88dbc ff7508 push dword ptr [ebp+08] 0167:bff88dbf e88616ffff call bff7a44a = KERNEL32.DLL:.text+0x144a KERNEL32.DLL:.text+0xfdc4: *0167:bff88dc4 5d pop ebp 0167:bff88dc5 c20c00 retd 000c 0167:bff88dc8 56 push esi 0167:bff88dc9 57 push edi 0167:bff88dca 8b74240c mov esi,dword ptr [esp+0c] 0167:bff88dce 8b7e38 mov edi,dword ptr [esi+38] 0167:bff88dd1 8b4754 mov eax,dword ptr [edi+54] 0167:bff88dd4 85c0 test eax,eax 0167:bff88dd6 7453 jz bff88e2b = KERNEL32.DLL:.text+0xfe2b 0167:bff88dd8 8b4008 mov eax,dword ptr [eax+08] 0167:bff88ddb ff742410 push dword ptr [esp+10] -------------------- 00c4f834 00a20000 -> 00 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00c4f838 0000003c 00c4f83c 00000000 00c4f840 bff77d9f = KERNEL32.DLL!WideCharToMultiByte -> 2b d2 68 51 1d fa bf 64 ff 32 64 89 22 8b 4c 24 +.hQ...d.2d.".L$ 00c4f844 00e715ad = KERNEL9X.DLL:.text+0x5ad -------------------- 0167:00e71593 6a00 push +00 0167:00e71595 ffd5 call ebp 0167:00e71597 8bf8 mov edi,eax 0167:00e71599 85ff test edi,edi 0167:00e7159b 7478 jz 00e71615 = KERNEL9X.DLL:.text+0x615 0167:00e7159d 57 push edi 0167:00e7159e 6a00 push +00 0167:00e715a0 ff151020e700 call dword ptr [00e72010] -> KERNEL32.DLL!GetProcessHeap 0167:00e715a6 50 push eax 0167:00e715a7 ff150c20e700 call dword ptr [00e7200c] -> KERNEL32.DLL!HeapAlloc KERNEL9X.DLL:.text+0x5ad: *0167:00e715ad 8bf0 mov esi,eax 0167:00e715af 85f6 test esi,esi 0167:00e715b1 740f jz 00e715c2 = KERNEL9X.DLL:.text+0x5c2 0167:00e715b3 6a00 push +00 0167:00e715b5 6a00 push +00 0167:00e715b7 57 push edi 0167:00e715b8 56 push esi 0167:00e715b9 6aff push -01 0167:00e715bb 53 push ebx 0167:00e715bc 6a00 push +00 0167:00e715be 6a00 push +00 -------------------- 00c4f848 00a20000 -> 00 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 00c4f84c 00000000 00c4f850 00000036 00c4f854 00d81cb0 -> 02 00 00 00 39 00 00 00 2f 00 2f 00 2e 00 2f 00 ....9..././.../. 00c4f858 00d84de0 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00c4f85c 00d81cb0 -> 02 00 00 00 39 00 00 00 2f 00 2f 00 2e 00 2f 00 ....9..././.../. 00c4f860 00000000 00c4f864 004136f2 = SAL2.DLL:.text+0x126f2 -------------------- 0167:004136d2 6880000000 push 00000080 0167:004136d7 6a03 push +03 0167:004136d9 6a00 push +00 0167:004136db 6a03 push +03 0167:004136dd 6800000080 push 80000000 0167:004136e2 50 push eax 0167:004136e3 e8f818ffff call 00404fe0 = SAL2.DLL!rtl_uString_getStr 0167:004136e8 83c404 add esp,+04 0167:004136eb 50 push eax 0167:004136ec ff1534fb4d00 call dword ptr [004dfb34] -> KERNEL9X.DLL!CreateFileW_9x SAL2.DLL:.text+0x126f2: *0167:004136f2 8906 mov dword ptr [esi],eax 0167:004136f4 8a442410 mov al,byte ptr [esp+10] 0167:004136f8 c7860802000000000000 mov dword ptr [esi+00000208],00000000 0167:00413702 a806 test al,06 0167:00413704 c7861002000000000000 mov dword ptr [esi+00000210],00000000 0167:0041370e c7860c02000000000000 mov dword ptr [esi+0000020c],00000000 0167:00413718 7412 jz 0041372c = SAL2.DLL:.text+0x1272c 0167:0041371a 33d2 xor edx,edx 0167:0041371c 84db test bl,bl 0167:0041371e 0f95c2 setnz dl 0167:00413721 42 inc edx -------------------- 00c4f868 00d838c8 -> 43 00 3a 00 5c 00 50 00 52 00 4f 00 47 00 52 00 C.:.\.P.R.O.G.R. 00c4f86c 80000000 00c4f870 00000003 00c4f874 00000000 00c4f878 00000003 00c4f87c 00000080 00c4f880 00000000 ... 00c4f88c 00412457 = SAL2.DLL:.text+0x11457 -------------------- 0167:0041243a 50 push eax 0167:0041243b e87032ffff call 004056b0 = SAL2.DLL!osl_getSystemPathFromNormalizedPath 0167:00412440 8b5c2428 mov ebx,dword ptr [esp+28] 0167:00412444 83c408 add esp,+08 0167:00412447 f6c301 test bl,01 0167:0041244a 752f jnz 0041247b = SAL2.DLL:.text+0x1147b 0167:0041244c 8b4c2410 mov ecx,dword ptr [esp+10] 0167:00412450 53 push ebx 0167:00412451 51 push ecx 0167:00412452 e819120000 call 00413670 = SAL2.DLL:.text+0x12670 SAL2.DLL:.text+0x11457: *0167:00412457 8bf8 mov edi,eax 0167:00412459 83c408 add esp,+08 0167:0041245c 3bfe cmp edi,esi 0167:0041245e 751f jnz 0041247f = SAL2.DLL:.text+0x1147f 0167:00412460 8b442410 mov eax,dword ptr [esp+10] 0167:00412464 3bc6 cmp eax,esi 0167:00412466 7409 jz 00412471 = SAL2.DLL:.text+0x11471 0167:00412468 50 push eax 0167:00412469 e88227ffff call 00404bf0 = SAL2.DLL!rtl_uString_release 0167:0041246e 83c404 add esp,+04 0167:00412471 5f pop edi -------------------- 00c4f890 00d838c0 -> 01 00 00 00 35 00 00 00 43 00 3a 00 5c 00 50 00 ....5...C.:.\.P. 00c4f894 00000000 00c4f898 00d81cb0 -> 02 00 00 00 39 00 00 00 2f 00 2f 00 2e 00 2f 00 ....9..././.../. 00c4f89c 00c4f924 -> 00 00 00 00 a0 01 d8 00 80 77 c6 00 9c 9a 78 81 .........w....x. 00c4f8a0 00c4f950 -> c4 f9 c4 00 44 15 1c 01 70 f9 c4 00 e0 f8 c4 00 ....D...p....... 00c4f8a4 00000000 00c4f8a8 00d838c0 -> 01 00 00 00 35 00 00 00 43 00 3a 00 5c 00 50 00 ....5...C.:.\.P. 00c4f8ac 00000000 00c4f8b0 011bf333 = CFGMGR2.DLL:.text+0x7e333 -------------------- 0167:011bf315 83ec0c sub esp,+0c 0167:011bf318 56 push esi 0167:011bf319 57 push edi 0167:011bf31a 8bf1 mov esi,ecx 0167:011bf31c 8b442428 mov eax,dword ptr [esp+28] 0167:011bf320 8b7c2424 mov edi,dword ptr [esp+24] 0167:011bf324 50 push eax 0167:011bf325 57 push edi 0167:011bf326 c744242400000000 mov dword ptr [esp+24],00000000 0167:011bf32e e8637c0400 call 01206f96 = SAL2.DLL!osl_openProfile CFGMGR2.DLL:.text+0x7e333: *0167:011bf333 83c408 add esp,+08 0167:011bf336 8906 mov dword ptr [esi],eax 0167:011bf338 85c0 test eax,eax 0167:011bf33a 7519 jnz 011bf355 = CFGMGR2.DLL:.text+0x7e355 0167:011bf33c 8d4c2408 lea ecx,[esp+08] 0167:011bf340 ff1544002201 call dword ptr [01220044] -> MSVCRT.DLL!??0exception@@QAE@XZ 0167:011bf346 8d4c2408 lea ecx,[esp+08] 0167:011bf34a 68b89f2301 push 01239fb8 0167:011bf34f 51 push ecx 0167:011bf350 e8c183feff call 011a7716 = MSVCRT.DLL!_CxxThrowException 0167:011bf355 57 push edi -------------------- 00c4f8b4 00d81cb0 -> 02 00 00 00 39 00 00 00 2f 00 2f 00 2e 00 2f 00 ....9..././.../. 00c4f8b8 00000000 00c4f8bc 00c4f9ac -> 50 1c d8 00 70 a5 4d 00 90 f9 c4 00 e4 f9 c4 00 P...p.M......... 00c4f8c0 00000000 00c4f8c4 00404bea = SAL2.DLL:.text+0x3bea -------------------- 0167:00404bd9 90 nop 0167:00404bda 90 nop 0167:00404bdb 90 nop 0167:00404bdc 90 nop 0167:00404bdd 90 nop 0167:00404bde 90 nop 0167:00404bdf 90 nop 0167:00404be0 8b442404 mov eax,dword ptr [esp+04] 0167:00404be4 50 push eax 0167:00404be5 e816760000 call 0040c200 = SAL2.DLL!osl_incrementInterlockedCount SAL2.DLL:.text+0x3bea: *0167:00404bea 59 pop ecx 0167:00404beb c3 retd 0167:00404bec 90 nop 0167:00404bed 90 nop 0167:00404bee 90 nop 0167:00404bef 90 nop 0167:00404bf0 56 push esi 0167:00404bf1 8b742408 mov esi,dword ptr [esp+08] 0167:00404bf5 56 push esi 0167:00404bf6 e825760000 call 0040c220 = SAL2.DLL!osl_decrementInterlockedCount 0167:00404bfb 83c404 add esp,+04 -------------------- 00c4f8c8 00d81cb0 -> 02 00 00 00 39 00 00 00 2f 00 2f 00 2e 00 2f 00 ....9..././.../. 00c4f8cc 0114aa91 = CFGMGR2.DLL:.text+0x9a91 -------------------- 0167:0114aa7d 90 nop 0167:0114aa7e 90 nop 0167:0114aa7f 90 nop 0167:0114aa80 8b442404 mov eax,dword ptr [esp+04] 0167:0114aa84 56 push esi 0167:0114aa85 8bf1 mov esi,ecx 0167:0114aa87 8b00 mov eax,dword ptr [eax] 0167:0114aa89 50 push eax 0167:0114aa8a 8906 mov dword ptr [esi],eax 0167:0114aa8c e807ca0500 call 011a7498 = SAL2.DLL!rtl_uString_acquire CFGMGR2.DLL:.text+0x9a91: *0167:0114aa91 83c404 add esp,+04 0167:0114aa94 8bc6 mov eax,esi 0167:0114aa96 5e pop esi 0167:0114aa97 c20400 retd 0004 0167:0114aa9a 90 nop 0167:0114aa9b 90 nop 0167:0114aa9c 90 nop 0167:0114aa9d 90 nop 0167:0114aa9e 90 nop 0167:0114aa9f 90 nop 0167:0114aaa0 8b442404 mov eax,dword ptr [esp+04] -------------------- 00c4f8d0 00c4f944 -> b8 f9 c4 00 d0 73 21 01 03 00 00 00 c4 f9 c4 00 .....s!......... 00c4f8d4 01217028 = CFGMGR2.DLL:.text+0xd6028 -> b8 c8 9f 23 01 e9 62 06 f9 ff cc cc cc cc cc cc ...#..b......... 00c4f8d8 00000000 00c4f8dc 011c1023 = CFGMGR2.DLL:.text+0x80023 -------------------- 0167:011c1006 e9d2040000 jmp 011c14dd = CFGMGR2.DLL:.text+0x804dd 0167:011c100b 56 push esi 0167:011c100c 51 push ecx 0167:011c100d 8d45ec lea eax,[ebp-14] 0167:011c1010 8bcc mov ecx,esp 0167:011c1012 89650c mov dword ptr [ebp+0c],esp 0167:011c1015 50 push eax 0167:011c1016 e8659af8ff call 0114aa80 = CFGMGR2.DLL:.text+0x9a80 0167:011c101b 8d4dd4 lea ecx,[ebp-2c] 0167:011c101e e8dde2ffff call 011bf300 = CFGMGR2.DLL:.text+0x7e300 CFGMGR2.DLL:.text+0x80023: *0167:011c1023 8d4dcc lea ecx,[ebp-34] 0167:011c1026 8975cc mov dword ptr [ebp-34],esi 0167:011c1029 51 push ecx 0167:011c102a e8bd64feff call 011a74ec = SAL2.DLL!rtl_string_new 0167:011c102f 8d55d0 lea edx,[ebp-30] 0167:011c1032 68f8ef2401 push 0124eff8 0167:011c1037 52 push edx 0167:011c1038 8975d0 mov dword ptr [ebp-30],esi 0167:011c103b e89464feff call 011a74d4 = SAL2.DLL!rtl_string_newFromStr 0167:011c1040 8d450c lea eax,[ebp+0c] 0167:011c1043 6804f02401 push 0124f004 -------------------- 00c4f8e0 00d81cb0 -> 02 00 00 00 39 00 00 00 2f 00 2f 00 2e 00 2f 00 ....9..././.../. 00c4f8e4 00000000 00c4f8e8 00d832f0 -> d0 03 22 01 01 00 00 00 00 00 00 00 bc 03 22 01 .."...........". 00c4f8ec 00d83b10 -> 90 22 d8 00 00 00 00 00 78 00 73 00 00 00 00 00 ."......x.s..... 00c4f8f0 00000000 00c4f8f4 00d779d0 -> 04 02 00 00 00 00 00 00 00 00 00 00 10 61 d7 00 .............a.. 00c4f8f8 005177d0 = CPPU2.DLL:.data+0x7d0 -> 00 00 00 00 c8 77 51 00 d0 79 d7 00 00 00 00 00 .....wQ..y...... 00c4f8fc 00404bfb = SAL2.DLL:.text+0x3bfb -------------------- 0167:00404bea 59 pop ecx 0167:00404beb c3 retd 0167:00404bec 90 nop 0167:00404bed 90 nop 0167:00404bee 90 nop 0167:00404bef 90 nop 0167:00404bf0 56 push esi 0167:00404bf1 8b742408 mov esi,dword ptr [esp+08] 0167:00404bf5 56 push esi 0167:00404bf6 e825760000 call 0040c220 = SAL2.DLL!osl_decrementInterlockedCount SAL2.DLL:.text+0x3bfb: *0167:00404bfb 83c404 add esp,+04 0167:00404bfe 85c0 test eax,eax 0167:00404c00 7509 jnz 00404c0b = SAL2.DLL:.text+0x3c0b 0167:00404c02 56 push esi 0167:00404c03 e8e86e0000 call 0040baf0 = SAL2.DLL!rtl_freeMemory 0167:00404c08 83c404 add esp,+04 0167:00404c0b 5e pop esi 0167:00404c0c c3 retd 0167:00404c0d 90 nop 0167:00404c0e 90 nop 0167:00404c0f 90 nop -------------------- 00c4f900 004da570 = SAL2.DLL:.data+0x570 -> 17 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00c4f904 005177d0 = CPPU2.DLL:.data+0x7d0 -> 00 00 00 00 c8 77 51 00 d0 79 d7 00 00 00 00 00 .....wQ..y...... 00c4f908 011bf56f = CFGMGR2.DLL:.text+0x7e56f -------------------- 0167:011bf54b 83c408 add esp,+08 0167:011bf54e 3bf0 cmp esi,eax 0167:011bf550 0f8593feffff jnz 011bf3e9 = CFGMGR2.DLL:.text+0x7e3e9 0167:011bf556 8d442458 lea eax,[esp+58] 0167:011bf55a 6810191401 push 01141910 0167:011bf55f 50 push eax 0167:011bf560 e8e77cfeff call 011a724c = CPPU2.DLL!uno_any_destruct 0167:011bf565 8b4c2458 mov ecx,dword ptr [esp+58] 0167:011bf569 51 push ecx 0167:011bf56a e8d57efeff call 011a7444 = SAL2.DLL!rtl_uString_release CFGMGR2.DLL:.text+0x7e56f: *0167:011bf56f 8b4c2470 mov ecx,dword ptr [esp+70] 0167:011bf573 83c40c add esp,+0c 0167:011bf576 64890d00000000 mov dword ptr fs:[00000000],ecx 0167:011bf57d 5f pop edi 0167:011bf57e 5e pop esi 0167:011bf57f 5d pop ebp 0167:011bf580 5b pop ebx 0167:011bf581 83c460 add esp,+60 0167:011bf584 c20400 retd 0004 0167:011bf587 8b4c2474 mov ecx,dword ptr [esp+74] 0167:011bf58b 895c2474 mov dword ptr [esp+74],ebx -------------------- 00c4f90c 004da570 = SAL2.DLL:.data+0x570 -> 17 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00c4f910 00000000 00c4f914 01141910 = CFGMGR2.DLL:.text+0x910 -> 8b 44 24 04 50 8b 08 ff 51 08 59 c3 90 90 90 90 .D$.P...Q.Y..... 00c4f918 00d832f0 -> d0 03 22 01 01 00 00 00 00 00 00 00 bc 03 22 01 .."...........". 00c4f91c 00d83b10 -> 90 22 d8 00 00 00 00 00 78 00 73 00 00 00 00 00 ."......x.s..... 00c4f920 00c4f9c4 -> 04 33 d8 00 82 e9 1b 01 70 a5 4d 00 f0 32 d8 00 .3......p.M..2.. 00c4f924 00000000 00c4f928 00d801a0 -> 1c 01 d8 00 ec 05 c6 00 50 00 52 00 4f 00 47 00 ........P.R.O.G. 00c4f92c 00c67780 -> 01 00 00 00 20 00 00 00 40 13 79 6d be c2 c0 01 .... ...@.ym.... 00c4f930 81789a9c -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00c4f934 00d801a0 -> 1c 01 d8 00 ec 05 c6 00 50 00 52 00 4f 00 47 00 ........P.R.O.G. 00c4f938 004da570 = SAL2.DLL:.data+0x570 -> 17 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00c4f93c 00d81cb0 -> 02 00 00 00 39 00 00 00 2f 00 2f 00 2e 00 2f 00 ....9..././.../. 00c4f940 00c4f8e8 -> f0 32 d8 00 10 3b d8 00 00 00 00 00 d0 79 d7 00 .2...;.......y.. 00c4f944 00c4f9b8 -> e4 f9 c4 00 13 70 21 01 02 00 00 00 04 33 d8 00 .....p!......3.. 00c4f948 012173d0 = CFGMGR2.DLL:.text+0xd63d0 -> b8 d0 a3 23 01 e9 ba 02 f9 ff cc cc cc cc cc cc ...#............ 00c4f94c 00000003 00c4f950 00c4f9c4 -> 04 33 d8 00 82 e9 1b 01 70 a5 4d 00 f0 32 d8 00 .3......p.M..2.. 00c4f954 011c1544 = CFGMGR2.DLL:.text+0x80544 -------------------- 0167:011c152e 90 nop 0167:011c152f 90 nop 0167:011c1530 83ec0c sub esp,+0c 0167:011c1533 8b442410 mov eax,dword ptr [esp+10] 0167:011c1537 56 push esi 0167:011c1538 57 push edi 0167:011c1539 8d4c2410 lea ecx,[esp+10] 0167:011c153d 50 push eax 0167:011c153e 51 push ecx 0167:011c153f e83cf9ffff call 011c0e80 = CFGMGR2.DLL:.text+0x7fe80 CFGMGR2.DLL:.text+0x80544: *0167:011c1544 8b10 mov edx,dword ptr [eax] 0167:011c1546 8b742424 mov esi,dword ptr [esp+24] 0167:011c154a 52 push edx 0167:011c154b 56 push esi 0167:011c154c e82f5ffeff call 011a7480 = SAL2.DLL!rtl_uString_assign 0167:011c1551 8b442420 mov eax,dword ptr [esp+20] 0167:011c1555 50 push eax 0167:011c1556 e8e95efeff call 011a7444 = SAL2.DLL!rtl_uString_release 0167:011c155b 8d4c241c lea ecx,[esp+1c] 0167:011c155f 33ff xor edi,edi 0167:011c1561 51 push ecx -------------------- 00c4f958 00c4f970 -> 70 a5 4d 00 0d f2 1b 01 ac f9 c4 00 b0 f9 c4 00 p.M............. 00c4f95c 00c4f8e0 -> b0 1c d8 00 00 00 00 00 f0 32 d8 00 10 3b d8 00 .........2...;.. 00c4f960 00d832f0 -> d0 03 22 01 01 00 00 00 00 00 00 00 bc 03 22 01 .."...........". 00c4f964 00d83b10 -> 90 22 d8 00 00 00 00 00 78 00 73 00 00 00 00 00 ."......x.s..... 00c4f968 00c4f9c4 -> 04 33 d8 00 82 e9 1b 01 70 a5 4d 00 f0 32 d8 00 .3......p.M..2.. 00c4f96c 00404bea = SAL2.DLL:.text+0x3bea -------------------- 0167:00404bd9 90 nop 0167:00404bda 90 nop 0167:00404bdb 90 nop 0167:00404bdc 90 nop 0167:00404bdd 90 nop 0167:00404bde 90 nop 0167:00404bdf 90 nop 0167:00404be0 8b442404 mov eax,dword ptr [esp+04] 0167:00404be4 50 push eax 0167:00404be5 e816760000 call 0040c200 = SAL2.DLL!osl_incrementInterlockedCount SAL2.DLL:.text+0x3bea: *0167:00404bea 59 pop ecx 0167:00404beb c3 retd 0167:00404bec 90 nop 0167:00404bed 90 nop 0167:00404bee 90 nop 0167:00404bef 90 nop 0167:00404bf0 56 push esi 0167:00404bf1 8b742408 mov esi,dword ptr [esp+08] 0167:00404bf5 56 push esi 0167:00404bf6 e825760000 call 0040c220 = SAL2.DLL!osl_decrementInterlockedCount 0167:00404bfb 83c404 add esp,+04 -------------------- 00c4f970 004da570 = SAL2.DLL:.data+0x570 -> 17 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00c4f974 011bf20d = CFGMGR2.DLL:.text+0x7e20d -------------------- 0167:011bf1f2 50 push eax 0167:011bf1f3 e85e82feff call 011a7456 = SAL2.DLL!rtl_uString_new 0167:011bf1f8 8d4d08 lea ecx,[ebp+08] 0167:011bf1fb 8d55ec lea edx,[ebp-14] 0167:011bf1fe 51 push ecx 0167:011bf1ff 8d45e8 lea eax,[ebp-18] 0167:011bf202 52 push edx 0167:011bf203 50 push eax 0167:011bf204 c645fc02 mov byte ptr [ebp-04],02 0167:011bf208 e823230000 call 011c1530 = CFGMGR2.DLL:.text+0x80530 CFGMGR2.DLL:.text+0x7e20d: *0167:011bf20d 83c418 add esp,+18 0167:011bf210 84c0 test al,al 0167:011bf212 7466 jz 011bf27a = CFGMGR2.DLL:.text+0x7e27a 0167:011bf214 6a04 push +04 0167:011bf216 c645fc03 mov byte ptr [ebp-04],03 0167:011bf21a e82783feff call 011a7546 = MSVCRT.DLL!??2@YAPAXI@Z 0167:011bf21f 8bf8 mov edi,eax 0167:011bf221 83c404 add esp,+04 0167:011bf224 897de0 mov dword ptr [ebp-20],edi 0167:011bf227 3bfb cmp edi,ebx 0167:011bf229 c645fc04 mov byte ptr [ebp-04],04 -------------------- 00c4f978 00c4f9ac -> 50 1c d8 00 70 a5 4d 00 90 f9 c4 00 e4 f9 c4 00 P...p.M......... 00c4f97c 00c4f9b0 -> 70 a5 4d 00 90 f9 c4 00 e4 f9 c4 00 13 70 21 01 p.M..........p!. 00c4f980 00c4f9cc -> 70 a5 4d 00 f0 32 d8 00 00 00 00 00 d9 12 00 78 p.M..2.........x ... 00c4f988 00c4f9b0 -> 70 a5 4d 00 90 f9 c4 00 e4 f9 c4 00 13 70 21 01 p.M..........p!. 00c4f98c 00c4f9ac -> 50 1c d8 00 70 a5 4d 00 90 f9 c4 00 e4 f9 c4 00 P...p.M......... 00c4f990 00d832f0 -> d0 03 22 01 01 00 00 00 00 00 00 00 bc 03 22 01 .."...........". 00c4f994 00d83b10 -> 90 22 d8 00 00 00 00 00 78 00 73 00 00 00 00 00 ."......x.s..... 00c4f998 00000000 00c4f99c 00d75260 -> 01 00 00 00 03 00 00 00 61 00 6e 00 79 00 00 00 ........a.n.y... 00c4f9a0 004f65a8 = CPPU2.DLL:.text+0x55a8 -------------------- 0167:004f6589 e826c80100 call 00512db4 = SAL2.DLL!rtl_uString_release 0167:004f658e 8b4c2418 mov ecx,dword ptr [esp+18] 0167:004f6592 51 push ecx 0167:004f6593 e81cc80100 call 00512db4 = SAL2.DLL!rtl_uString_release 0167:004f6598 83c408 add esp,+08 0167:004f659b 5b pop ebx 0167:004f659c 8b54240c mov edx,dword ptr [esp+0c] 0167:004f65a0 8b02 mov eax,dword ptr [edx] 0167:004f65a2 50 push eax 0167:004f65a3 e812c80100 call 00512dba = SAL2.DLL!osl_releaseMutex CPPU2.DLL:.text+0x55a8: *0167:004f65a8 83c404 add esp,+04 0167:004f65ab 5e pop esi 0167:004f65ac 5d pop ebp 0167:004f65ad 83c410 add esp,+10 0167:004f65b0 c3 retd 0167:004f65b1 90 nop 0167:004f65b2 90 nop 0167:004f65b3 90 nop 0167:004f65b4 90 nop 0167:004f65b5 90 nop 0167:004f65b6 90 nop -------------------- 00c4f9a4 00d83304 -> c0 32 d8 00 d0 15 14 01 b0 32 d8 00 08 51 d7 00 .2.......2...Q.. 00c4f9a8 00d83b10 -> 90 22 d8 00 00 00 00 00 78 00 73 00 00 00 00 00 ."......x.s..... 00c4f9ac 00d81c50 -> 01 00 00 00 23 00 00 00 2f 00 2f 00 2e 00 2f 00 ....#..././.../. 00c4f9b0 004da570 = SAL2.DLL:.data+0x570 -> 17 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00c4f9b4 00c4f990 -> f0 32 d8 00 10 3b d8 00 00 00 00 00 60 52 d7 00 .2...;......`R.. 00c4f9b8 00c4f9e4 -> fc f9 c4 00 b8 6e 21 01 04 00 00 00 31 21 14 01 .....n!.....1!.. 00c4f9bc 01217013 = CFGMGR2.DLL:.text+0xd6013 -------------------- 0167:01216ff3 e9e8a1f2ff jmp 011411e0 = CFGMGR2.DLL:.text+0x1e0 0167:01216ff8 8d4dec lea ecx,[ebp-14] 0167:01216ffb e9e0a1f2ff jmp 011411e0 = CFGMGR2.DLL:.text+0x1e0 0167:01217000 8d4d08 lea ecx,[ebp+08] 0167:01217003 e9d8a1f2ff jmp 011411e0 = CFGMGR2.DLL:.text+0x1e0 0167:01217008 8b45e0 mov eax,dword ptr [ebp-20] 0167:0121700b 50 push eax 0167:0121700c e8ff06f9ff call 011a7710 = MSVCRT.DLL!??3@YAXPAX@Z 0167:01217011 59 pop ecx 0167:01217012 c3 retd CFGMGR2.DLL:.text+0xd6013: *0167:01217013 b8189f2301 mov eax,01239f18 0167:01217018 e97706f9ff jmp 011a7694 = MSVCRT.DLL!__CxxFrameHandler 0167:0121701d cc int 3 0167:0121701e cc int 3 0167:0121701f cc int 3 0167:01217020 8d4d04 lea ecx,[ebp+04] 0167:01217023 e9b8a1f2ff jmp 011411e0 = CFGMGR2.DLL:.text+0x1e0 0167:01217028 b8c89f2301 mov eax,01239fc8 0167:0121702d e96206f9ff jmp 011a7694 = MSVCRT.DLL!__CxxFrameHandler 0167:01217032 cc int 3 0167:01217033 cc int 3 -------------------- 00c4f9c0 00000002 00c4f9c4 00d83304 -> c0 32 d8 00 d0 15 14 01 b0 32 d8 00 08 51 d7 00 .2.......2...Q.. 00c4f9c8 011be982 = CFGMGR2.DLL:.text+0x7d982 -------------------- 0167:011be963 8d442418 lea eax,[esp+18] 0167:011be967 52 push edx 0167:011be968 50 push eax 0167:011be969 e8ea88feff call 011a7258 = CPPU2.DLL!uno_type_sequence_construct 0167:011be96e 83c414 add esp,+14 0167:011be971 8d4c240c lea ecx,[esp+0c] 0167:011be975 c644241c04 mov byte ptr [esp+1c],04 0167:011be97a 51 push ecx 0167:011be97b 8bce mov ecx,esi 0167:011be97d e81e080000 call 011bf1a0 = CFGMGR2.DLL:.text+0x7e1a0 CFGMGR2.DLL:.text+0x7d982: *0167:011be982 391de4342501 cmp dword ptr [012534e4],ebx 0167:011be988 7517 jnz 011be9a1 = CFGMGR2.DLL:.text+0x7d9a1 0167:011be98a 6a0e push +0e 0167:011be98c e8b588feff call 011a7246 = CPPU2.DLL!typelib_static_type_getByTypeClass 0167:011be991 8b10 mov edx,dword ptr [eax] 0167:011be993 52 push edx 0167:011be994 68e4342501 push 012534e4 0167:011be999 e8a288feff call 011a7240 = CPPU2.DLL!typelib_static_sequence_type_init 0167:011be99e 83c40c add esp,+0c 0167:011be9a1 a1e4342501 mov eax,dword ptr [012534e4] 0167:011be9a6 6810191401 push 01141910 -------------------- 00c4f9cc 004da570 = SAL2.DLL:.data+0x570 -> 17 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00c4f9d0 00d832f0 -> d0 03 22 01 01 00 00 00 00 00 00 00 bc 03 22 01 .."...........". 00c4f9d4 00000000 00c4f9d8 780012d9 = MSVCRT.DLL:.text+0x2d9 -------------------- 0167:780012b3 ff3550710378 push dword ptr [78037150] 0167:780012b9 ff742408 push dword ptr [esp+08] 0167:780012bd e803000000 call 780012c5 = MSVCRT.DLL:.text+0x2c5 0167:780012c2 59 pop ecx 0167:780012c3 59 pop ecx 0167:780012c4 c3 retd 0167:780012c5 837c2404e0 cmp dword ptr [esp+04],-20 0167:780012ca 0f878bb90000 ja 7800cc5b = MSVCRT.DLL:.text+0xbc5b 0167:780012d0 ff742404 push dword ptr [esp+04] 0167:780012d4 e80a000000 call 780012e3 = MSVCRT.DLL:.text+0x2e3 MSVCRT.DLL:.text+0x2d9: *0167:780012d9 85c0 test eax,eax 0167:780012db 59 pop ecx 0167:780012dc 0f845db90000 jz 7800cc3f = MSVCRT.DLL:.text+0xbc3f 0167:780012e2 c3 retd 0167:780012e3 55 push ebp 0167:780012e4 8bec mov ebp,esp 0167:780012e6 6aff push -01 0167:780012e8 6848e20278 push 7802e248 0167:780012ed 6803ef0078 push 7800ef03 0167:780012f2 64a100000000 mov eax,dword ptr fs:[00000000] 0167:780012f8 50 push eax -------------------- 00c4f9dc 005177c8 = CPPU2.DLL:.data+0x7c8 -> 0c 00 00 00 00 00 00 00 00 00 00 00 c8 77 51 00 .............wQ. 00c4f9e0 00d83b10 -> 90 22 d8 00 00 00 00 00 78 00 73 00 00 00 00 00 ."......x.s..... 00c4f9e4 00c4f9fc -> 24 fa c4 00 fb 87 20 01 00 00 00 00 d2 25 14 01 $..... ......%.. 00c4f9e8 01216eb8 = CFGMGR2.DLL:.text+0xd5eb8 -> b8 60 9d 23 01 e9 d2 07 f9 ff cc cc cc cc cc cc .`.#............ 00c4f9ec 00000004 00c4f9f0 01142131 = CFGMGR2.DLL:.text+0x1131 -------------------- 0167:0114210e 7539 jnz 01142149 = CFGMGR2.DLL:.text+0x1149 0167:01142110 6a14 push +14 0167:01142112 e82f540600 call 011a7546 = MSVCRT.DLL!??2@YAPAXI@Z 0167:01142117 83c404 add esp,+04 0167:0114211a 89442404 mov dword ptr [esp+04],eax 0167:0114211e 85c0 test eax,eax 0167:01142120 c744241000000000 mov dword ptr [esp+10],00000000 0167:01142128 741a jz 01142144 = CFGMGR2.DLL:.text+0x1144 0167:0114212a 8bc8 mov ecx,eax 0167:0114212c e89fc70700 call 011be8d0 = CFGMGR2.DLL:.text+0x7d8d0 CFGMGR2.DLL:.text+0x1131: *0167:01142131 894628 mov dword ptr [esi+28],eax 0167:01142134 5e pop esi 0167:01142135 8b4c2404 mov ecx,dword ptr [esp+04] 0167:01142139 64890d00000000 mov dword ptr fs:[00000000],ecx 0167:01142140 83c410 add esp,+10 0167:01142143 c3 retd 0167:01142144 33c0 xor eax,eax 0167:01142146 894628 mov dword ptr [esi+28],eax 0167:01142149 8b4c2408 mov ecx,dword ptr [esp+08] 0167:0114214d 5e pop esi 0167:0114214e 64890d00000000 mov dword ptr fs:[00000000],ecx -------------------- 00c4f9f4 00d832f0 -> d0 03 22 01 01 00 00 00 00 00 00 00 bc 03 22 01 .."...........". 00c4f9f8 00d83b10 -> 90 22 d8 00 00 00 00 00 78 00 73 00 00 00 00 00 ."......x.s..... 00c4f9fc 00c4fa24 -> 44 fa c4 00 b0 88 20 01 00 00 00 00 c5 27 14 01 D..... ......'.. 00c4fa00 012087fb = CFGMGR2.DLL:.text+0xc77fb -------------------- 0167:012087eb cc int 3 0167:012087ec cc int 3 0167:012087ed cc int 3 0167:012087ee cc int 3 0167:012087ef cc int 3 0167:012087f0 8b45f0 mov eax,dword ptr [ebp-10] 0167:012087f3 50 push eax 0167:012087f4 e817eff9ff call 011a7710 = MSVCRT.DLL!??3@YAXPAX@Z 0167:012087f9 59 pop ecx 0167:012087fa c3 retd CFGMGR2.DLL:.text+0xc77fb: *0167:012087fb b8786d2201 mov eax,01226d78 0167:01208800 e98feef9ff jmp 011a7694 = MSVCRT.DLL!__CxxFrameHandler 0167:01208805 cc int 3 0167:01208806 cc int 3 0167:01208807 cc int 3 0167:01208808 cc int 3 0167:01208809 cc int 3 0167:0120880a cc int 3 0167:0120880b cc int 3 0167:0120880c cc int 3 0167:0120880d cc int 3 -------------------- 00c4fa04 00000000 00c4fa08 011425d2 = CFGMGR2.DLL:.text+0x15d2 -------------------- 0167:011425b2 e8d54e0600 call 011a748c = SAL2.DLL!osl_releaseMutex 0167:011425b7 83c404 add esp,+04 0167:011425ba 5f pop edi 0167:011425bb 5d pop ebp 0167:011425bc 8b4c2410 mov ecx,dword ptr [esp+10] 0167:011425c0 64890d00000000 mov dword ptr fs:[00000000],ecx 0167:011425c7 83c41c add esp,+1c 0167:011425ca c3 retd 0167:011425cb 8bcf mov ecx,edi 0167:011425cd e81efbffff call 011420f0 = CFGMGR2.DLL:.text+0x10f0 CFGMGR2.DLL:.text+0x15d2: *0167:011425d2 a1e4342501 mov eax,dword ptr [012534e4] 0167:011425d7 85c0 test eax,eax 0167:011425d9 7517 jnz 011425f2 = CFGMGR2.DLL:.text+0x15f2 0167:011425db 6a0e push +0e 0167:011425dd e8644c0600 call 011a7246 = CPPU2.DLL!typelib_static_type_getByTypeClass 0167:011425e2 8b00 mov eax,dword ptr [eax] 0167:011425e4 50 push eax 0167:011425e5 68e4342501 push 012534e4 0167:011425ea e8514c0600 call 011a7240 = CPPU2.DLL!typelib_static_sequence_type_init 0167:011425ef 83c40c add esp,+0c 0167:011425f2 8b15e4342501 mov edx,dword ptr [012534e4] -------------------- 00c4fa0c 00d83304 -> c0 32 d8 00 d0 15 14 01 b0 32 d8 00 08 51 d7 00 .2.......2...Q.. 00c4fa10 00000000 00c4fa14 00d832c0 -> 04 00 00 00 3c 79 7a 81 00 00 00 00 00 00 00 00 .... KERNEL32.DLL!GetCurrentThreadId 0167:0040e7e5 89461c mov dword ptr [esi+1c],eax 0167:0040e7e8 6880fd4d00 push 004dfd80 0167:0040e7ed ffd3 call ebx SAL2.DLL:.text+0xd7ef: *0167:0040e7ef 5f pop edi 0167:0040e7f0 5e pop esi 0167:0040e7f1 b001 mov al,01 0167:0040e7f3 5b pop ebx 0167:0040e7f4 c3 retd 0167:0040e7f5 8b542404 mov edx,dword ptr [esp+04] 0167:0040e7f9 52 push edx 0167:0040e7fa ff1550c14100 call dword ptr [0041c150] -> KERNEL32.DLL!EnterCriticalSection 0167:0040e800 b001 mov al,01 0167:0040e802 c3 retd 0167:0040e803 90 nop -------------------- 00c4fa1c 004dfd80 = SAL2.DLL:.data+0x5d80 -> 04 00 00 00 84 75 79 81 00 00 00 00 00 00 00 00 .....uy......... 00c4fa20 00d83304 -> c0 32 d8 00 d0 15 14 01 b0 32 d8 00 08 51 d7 00 .2.......2...Q.. 00c4fa24 00c4fa44 -> 7c fa c4 00 c8 88 20 01 00 00 00 00 db 2a 14 01 |..... ......*.. 00c4fa28 012088b0 = CFGMGR2.DLL:.text+0xc78b0 -> b8 18 6e 22 01 e9 da ed f9 ff cc cc cc cc cc cc ..n"............ 00c4fa2c 00000000 00c4fa30 011427c5 = CFGMGR2.DLL:.text+0x17c5 -------------------- 0167:0114279b c744240c00000000 mov dword ptr [esp+0c],00000000 0167:011427a3 8b4614 mov eax,dword ptr [esi+14] 0167:011427a6 8d7e14 lea edi,[esi+14] 0167:011427a9 50 push eax 0167:011427aa 897c2410 mov dword ptr [esp+10],edi 0167:011427ae e8df4c0600 call 011a7492 = SAL2.DLL!osl_acquireMutex 0167:011427b3 83c404 add esp,+04 0167:011427b6 8bce mov ecx,esi 0167:011427b8 c744241800000000 mov dword ptr [esp+18],00000000 0167:011427c0 e8abfdffff call 01142570 = CFGMGR2.DLL:.text+0x1570 CFGMGR2.DLL:.text+0x17c5: *0167:011427c5 8b7624 mov esi,dword ptr [esi+24] 0167:011427c8 8b5c2420 mov ebx,dword ptr [esp+20] 0167:011427cc 85f6 test esi,esi 0167:011427ce 8933 mov dword ptr [ebx],esi 0167:011427d0 7409 jz 011427db = CFGMGR2.DLL:.text+0x17db 0167:011427d2 8b0e mov ecx,dword ptr [esi] 0167:011427d4 56 push esi 0167:011427d5 ff5104 call dword ptr [ecx+04] 0167:011427d8 83c404 add esp,+04 0167:011427db 8b17 mov edx,dword ptr [edi] 0167:011427dd 52 push edx -------------------- 00c4fa34 00c4fad8 -> 00 00 00 00 00 00 00 00 28 fb c4 00 b7 c7 ea 00 ........(....... ... 00c4fa3c 00000000 00c4fa40 00d83304 -> c0 32 d8 00 d0 15 14 01 b0 32 d8 00 08 51 d7 00 .2.......2...Q.. 00c4fa44 00c4fa7c -> b0 fa c4 00 e0 39 53 00 ff ff ff ff 4c 46 52 00 .....9S.....LFR. 00c4fa48 012088c8 = CFGMGR2.DLL:.text+0xc78c8 -> b8 58 6e 22 01 e9 c2 ed f9 ff cc cc cc cc cc cc .Xn"............ 00c4fa4c 00000000 00c4fa50 01142adb = CFGMGR2.DLL:.text+0x1adb -------------------- 0167:01142abe 90 nop 0167:01142abf 90 nop 0167:01142ac0 51 push ecx 0167:01142ac1 8b442408 mov eax,dword ptr [esp+08] 0167:01142ac5 56 push esi 0167:01142ac6 8b742410 mov esi,dword ptr [esp+10] 0167:01142aca c744240400000000 mov dword ptr [esp+04],00000000 0167:01142ad2 56 push esi 0167:01142ad3 8d48f0 lea ecx,[eax-10] 0167:01142ad6 e8a5fcffff call 01142780 = CFGMGR2.DLL:.text+0x1780 CFGMGR2.DLL:.text+0x1adb: *0167:01142adb 8bc6 mov eax,esi 0167:01142add 5e pop esi 0167:01142ade 59 pop ecx 0167:01142adf c3 retd 0167:01142ae0 51 push ecx 0167:01142ae1 8b442410 mov eax,dword ptr [esp+10] 0167:01142ae5 8b4c2408 mov ecx,dword ptr [esp+08] 0167:01142ae9 56 push esi 0167:01142aea 8b742410 mov esi,dword ptr [esp+10] 0167:01142aee 50 push eax 0167:01142aef 56 push esi -------------------- 00c4fa54 00c4fad8 -> 00 00 00 00 00 00 00 00 28 fb c4 00 b7 c7 ea 00 ........(....... 00c4fa58 00d83300 -> a8 03 22 01 c0 32 d8 00 d0 15 14 01 b0 32 d8 00 .."..2.......2.. 00c4fa5c 00000000 00c4fa60 00525140 = CPPUHELPER2MSC.DLL:.text+0x4140 -------------------- 0167:0052512a 83c404 add esp,+04 0167:0052512d 5d pop ebp 0167:0052512e 8b7628 mov esi,dword ptr [esi+28] 0167:00525131 85f6 test esi,esi 0167:00525133 7423 jz 00525158 = CPPUHELPER2MSC.DLL:.text+0x4158 0167:00525135 8b7c2420 mov edi,dword ptr [esp+20] 0167:00525139 8b0e mov ecx,dword ptr [esi] 0167:0052513b 57 push edi 0167:0052513c 56 push esi 0167:0052513d ff510c call dword ptr [ecx+0c] CPPUHELPER2MSC.DLL:.text+0x4140: *0167:00525140 83c408 add esp,+08 0167:00525143 8bc7 mov eax,edi 0167:00525145 5f pop edi 0167:00525146 5e pop esi 0167:00525147 8b4c2408 mov ecx,dword ptr [esp+08] 0167:0052514b 64890d00000000 mov dword ptr fs:[00000000],ecx 0167:00525152 83c414 add esp,+14 0167:00525155 c20400 retd 0004 0167:00525158 8b442420 mov eax,dword ptr [esp+20] 0167:0052515c 8b4c2410 mov ecx,dword ptr [esp+10] 0167:00525160 5f pop edi -------------------- 00c4fa64 00d83300 -> a8 03 22 01 c0 32 d8 00 d0 15 14 01 b0 32 d8 00 .."..2.......2.. 00c4fa68 00c4fad8 -> 00 00 00 00 00 00 00 00 28 fb c4 00 b7 c7 ea 00 ........(....... ... 00c4fa74 00d83300 -> a8 03 22 01 c0 32 d8 00 d0 15 14 01 b0 32 d8 00 .."..2.......2.. 00c4fa78 00d80464 -> 90 0b d8 00 00 00 00 00 00 00 00 00 d0 0d d8 00 ................ 00c4fa7c 00c4fab0 -> e0 fa c4 00 70 39 53 00 ff ff ff ff 7b 31 ea 00 ....p9S.....{1.. 00c4fa80 005339e0 = CPPUHELPER2MSC.DLL:.text+0x129e0 -> b8 28 5e 53 00 e9 ba fa ff ff cc cc cc cc cc cc .(^S............ 00c4fa84 ffffffff 00c4fa88 0052464c = CPPUHELPER2MSC.DLL:.text+0x364c -------------------- 0167:0052462f 90 nop 0167:00524630 51 push ecx 0167:00524631 8b442408 mov eax,dword ptr [esp+08] 0167:00524635 56 push esi 0167:00524636 8b742410 mov esi,dword ptr [esp+10] 0167:0052463a c744240400000000 mov dword ptr [esp+04],00000000 0167:00524642 8b50fc mov edx,dword ptr [eax-04] 0167:00524645 8d48fc lea ecx,[eax-04] 0167:00524648 56 push esi 0167:00524649 ff5218 call dword ptr [edx+18] CPPUHELPER2MSC.DLL:.text+0x364c: *0167:0052464c 8bc6 mov eax,esi 0167:0052464e 5e pop esi 0167:0052464f 59 pop ecx 0167:00524650 c3 retd 0167:00524651 90 nop 0167:00524652 90 nop 0167:00524653 90 nop 0167:00524654 90 nop 0167:00524655 90 nop 0167:00524656 90 nop 0167:00524657 90 nop -------------------- 00c4fa8c 00c4fad8 -> 00 00 00 00 00 00 00 00 28 fb c4 00 b7 c7 ea 00 ........(....... 00c4fa90 00d80450 -> 44 53 53 00 08 51 d7 00 00 00 00 00 80 05 d8 00 DSS..Q.......... 00c4fa94 00000000 00c4fa98 00524db5 = CPPUHELPER2MSC.DLL:.text+0x3db5 -------------------- 0167:00524d99 5f pop edi 0167:00524d9a 5e pop esi 0167:00524d9b 8b4c2404 mov ecx,dword ptr [esp+04] 0167:00524d9f 64890d00000000 mov dword ptr fs:[00000000],ecx 0167:00524da6 83c410 add esp,+10 0167:00524da9 c3 retd 0167:00524daa 8b7c2420 mov edi,dword ptr [esp+20] 0167:00524dae 57 push edi 0167:00524daf 56 push esi 0167:00524db0 e87bf8ffff call 00524630 = CPPUHELPER2MSC.DLL!227 CPPUHELPER2MSC.DLL:.text+0x3db5: *0167:00524db5 8b4c2414 mov ecx,dword ptr [esp+14] 0167:00524db9 83c408 add esp,+08 0167:00524dbc 8bc7 mov eax,edi 0167:00524dbe 64890d00000000 mov dword ptr fs:[00000000],ecx 0167:00524dc5 5f pop edi 0167:00524dc6 5e pop esi 0167:00524dc7 83c410 add esp,+10 0167:00524dca c3 retd 0167:00524dcb 90 nop 0167:00524dcc 90 nop 0167:00524dcd 90 nop -------------------- 00c4fa9c 00d80450 -> 44 53 53 00 08 51 d7 00 00 00 00 00 80 05 d8 00 DSS..Q.......... 00c4faa0 00c4fad8 -> 00 00 00 00 00 00 00 00 28 fb c4 00 b7 c7 ea 00 ........(....... 00c4faa4 00a21e1c -> 00 00 00 00 28 1e a2 00 10 80 0c 00 24 1e a2 00 ....(.......$... 00c4faa8 00000000 ... 00c4fab0 00c4fae0 -> 28 fb c4 00 b7 c7 ea 00 03 00 00 00 18 47 56 00 (............GV. 00c4fab4 00533970 = CPPUHELPER2MSC.DLL:.text+0x12970 -> b8 88 5d 53 00 e9 2a fb ff ff cc cc cc cc cc cc ..]S..*......... 00c4fab8 ffffffff 00c4fabc 00ea317b = SMGR.DLL:.text+0x217b -------------------- 0167:00ea315e e885900000 call 00eac1e8 = SAL2.DLL!osl_releaseMutex 0167:00ea3163 83c404 add esp,+04 0167:00ea3166 33ed xor ebp,ebp 0167:00ea3168 896c240c mov dword ptr [esp+0c],ebp 0167:00ea316c 8b442428 mov eax,dword ptr [esp+28] 0167:00ea3170 8d542410 lea edx,[esp+10] 0167:00ea3174 52 push edx 0167:00ea3175 50 push eax 0167:00ea3176 8b08 mov ecx,dword ptr [eax] 0167:00ea3178 ff510c call dword ptr [ecx+0c] SMGR.DLL:.text+0x217b: *0167:00ea317b 83c408 add esp,+08 0167:00ea317e 8b38 mov edi,dword ptr [eax] 0167:00ea3180 c644242004 mov byte ptr [esp+20],04 0167:00ea3185 85ff test edi,edi 0167:00ea3187 740f jz 00ea3198 = SMGR.DLL:.text+0x2198 0167:00ea3189 8b07 mov eax,dword ptr [edi] 0167:00ea318b 57 push edi 0167:00ea318c ff5004 call dword ptr [eax+04] 0167:00ea318f 8bf7 mov esi,edi 0167:00ea3191 83c404 add esp,+04 0167:00ea3194 89742430 mov dword ptr [esp+30],esi -------------------- 00c4fac0 00d80450 -> 44 53 53 00 08 51 d7 00 00 00 00 00 80 05 d8 00 DSS..Q.......... 00c4fac4 00c4fad8 -> 00 00 00 00 00 00 00 00 28 fb c4 00 b7 c7 ea 00 ........(....... 00c4fac8 00a21e1c -> 00 00 00 00 28 1e a2 00 10 80 0c 00 24 1e a2 00 ....(.......$... 00c4facc 00000000 00c4fad0 00c4fb34 -> c0 d0 d7 00 49 44 56 00 54 fb c4 00 ac fc c4 00 ....IDV.T....... 00c4fad4 00000000 ... 00c4fae0 00c4fb28 -> 60 fb c4 00 10 3a 57 00 02 00 00 00 c0 d0 d7 00 `....:W......... 00c4fae4 00eac7b7 = SMGR.DLL:.text+0xb7b7 -------------------- 0167:00eac793 e9f85dffff jmp 00ea2590 = SMGR.DLL:.text+0x1590 0167:00eac798 8d4dec lea ecx,[ebp-14] 0167:00eac79b e9f05dffff jmp 00ea2590 = SMGR.DLL:.text+0x1590 0167:00eac7a0 8b45f0 mov eax,dword ptr [ebp-10] 0167:00eac7a3 83e001 and eax,+01 0167:00eac7a6 85c0 test eax,eax 0167:00eac7a8 0f8408000000 jz 00eac7b6 = SMGR.DLL:.text+0xb7b6 0167:00eac7ae 8b4d08 mov ecx,dword ptr [ebp+08] 0167:00eac7b1 e9da5dffff jmp 00ea2590 = SMGR.DLL:.text+0x1590 0167:00eac7b6 c3 retd SMGR.DLL:.text+0xb7b7: *0167:00eac7b7 b808ecea00 mov eax,00eaec08 0167:00eac7bc e987faffff jmp 00eac248 = MSVCRT.DLL!__CxxFrameHandler 0167:00eac7c1 cc int 3 0167:00eac7c2 cc int 3 0167:00eac7c3 cc int 3 0167:00eac7c4 cc int 3 0167:00eac7c5 cc int 3 0167:00eac7c6 cc int 3 0167:00eac7c7 cc int 3 0167:00eac7c8 cc int 3 0167:00eac7c9 cc int 3 -------------------- 00c4fae8 00000003 00c4faec 00564718 = UTL625MI.DLL:.text+0x13718 -------------------- 0167:00564701 fe ?db fe 0167:00564702 ff83c40c8b4d inc dword ptr [ebx+4d8b0cc4] 0167:00564708 ec in al,dx 0167:00564709 50 push eax 0167:0056470a 8d45e8 lea eax,[ebp-18] 0167:0056470d c645fc02 mov byte ptr [ebp-04],02 0167:00564711 8b11 mov edx,dword ptr [ecx] 0167:00564713 50 push eax 0167:00564714 51 push ecx 0167:00564715 ff520c call dword ptr [edx+0c] UTL625MI.DLL:.text+0x13718: *0167:00564718 83c40c add esp,+0c 0167:0056471b 8b30 mov esi,dword ptr [eax] 0167:0056471d b303 mov bl,03 0167:0056471f 85f6 test esi,esi 0167:00564721 885dfc mov byte ptr [ebp-04],bl 0167:00564724 7466 jz 0056478c = UTL625MI.DLL:.text+0x1378c 0167:00564726 a1e8f35700 mov eax,dword ptr [0057f3e8] 0167:0056472b 85c0 test eax,eax 0167:0056472d 7514 jnz 00564743 = UTL625MI.DLL:.text+0x13743 0167:0056472f 682ceb5700 push 0057eb2c 0167:00564734 6a16 push +16 -------------------- 00c4faf0 00d80450 -> 44 53 53 00 08 51 d7 00 00 00 00 00 80 05 d8 00 DSS..Q.......... 00c4faf4 00c4fb1c -> c0 d0 d7 00 08 51 d7 00 fc fa c4 00 60 fb c4 00 .....Q......`... 00c4faf8 00000000 00c4fafc 00a21e28 -> 24 1e a2 00 38 1e a2 00 00 00 00 00 84 82 10 00 $...8........... 00c4fb00 00a21e1c -> 00 00 00 00 28 1e a2 00 10 80 0c 00 24 1e a2 00 ....(.......$... 00c4fb04 00000000 00c4fb08 00565f93 = UTL625MI.DLL:.text+0x14f93 -------------------- 0167:00565f77 d3e2 shl edx,cl 0167:00565f79 52 push edx 0167:00565f7a ffd3 call ebx 0167:00565f7c 47 inc edi 0167:00565f7d eb9f jmp 00565f1e = UTL625MI.DLL:.text+0x14f1e 0167:00565f7f 8d542410 lea edx,[esp+10] 0167:00565f83 c744241014000000 mov dword ptr [esp+10],00000014 0167:00565f8b 52 push edx 0167:00565f8c 6a10 push +10 0167:00565f8e e8bd63ffff call 0055c350 = UTL625MI.DLL!267 UTL625MI.DLL:.text+0x14f93: *0167:00565f93 8b7c2418 mov edi,dword ptr [esp+18] 0167:00565f97 83c408 add esp,+08 0167:00565f9a 83ff01 cmp edi,+01 0167:00565f9d 742f jz 00565fce = UTL625MI.DLL:.text+0x14fce 0167:00565f9f 8d4810 lea ecx,[eax+10] 0167:00565fa2 890d14f35700 mov dword ptr [0057f314],ecx 0167:00565fa8 8bd1 mov edx,ecx 0167:00565faa 83c110 add ecx,+10 0167:00565fad be01000000 mov esi,00000001 0167:00565fb2 4f dec edi 0167:00565fb3 3bfe cmp edi,esi -------------------- 00c4fb0c 00000010 00c4fb10 00c4fb24 -> fc fa c4 00 60 fb c4 00 10 3a 57 00 02 00 00 00 ....`....:W..... 00c4fb14 00a21e1c -> 00 00 00 00 28 1e a2 00 10 80 0c 00 24 1e a2 00 ....(.......$... 00c4fb18 00d7d040 -> 01 00 00 00 30 00 00 00 63 00 6f 00 6d 00 2e 00 ....0...c.o.m... 00c4fb1c 00d7d0c0 -> 02 00 00 00 13 00 00 00 4f 00 66 00 66 00 69 00 ........O.f.f.i. 00c4fb20 00d75108 -> 1c e5 ea 00 c0 e4 ea 00 ac e4 ea 00 94 e4 ea 00 ................ 00c4fb24 00c4fafc -> 28 1e a2 00 1c 1e a2 00 00 00 00 00 93 5f 56 00 (............_V. 00c4fb28 00c4fb60 -> 74 fb c4 00 73 39 57 00 00 00 00 00 10 4f 56 00 t...s9W......OV. 00c4fb2c 00573a10 = UTL625MI.DLL:.text+0x22a10 -> b8 a8 92 57 00 e9 98 e2 ff ff cc cc cc cc cc cc ...W............ 00c4fb30 00000002 00c4fb34 00d7d0c0 -> 02 00 00 00 13 00 00 00 4f 00 66 00 66 00 69 00 ........O.f.f.i. 00c4fb38 00564449 = UTL625MI.DLL:.text+0x13449 -------------------- 0167:0056442a e8211a0000 call 00565e50 = UTL625MI.DLL:.text+0x14e50 0167:0056442f 895f08 mov dword ptr [edi+08],ebx 0167:00564432 eb02 jmp 00564436 = UTL625MI.DLL:.text+0x13436 0167:00564434 33ff xor edi,edi 0167:00564436 8d4c2414 lea ecx,[esp+14] 0167:0056443a 885c2428 mov byte ptr [esp+28],bl 0167:0056443e 51 push ecx 0167:0056443f 8bce mov ecx,esi 0167:00564441 897e04 mov dword ptr [esi+04],edi 0167:00564444 e867020000 call 005646b0 = UTL625MI.DLL!555 UTL625MI.DLL:.text+0x13449: *0167:00564449 8d542410 lea edx,[esp+10] 0167:0056444d 8bce mov ecx,esi 0167:0056444f 52 push edx 0167:00564450 c644242c03 mov byte ptr [esp+2c],03 0167:00564455 e8e6030000 call 00564840 = UTL625MI.DLL!907 0167:0056445a 8b442414 mov eax,dword ptr [esp+14] 0167:0056445e 3bc3 cmp eax,ebx 0167:00564460 740d jz 0056446f = UTL625MI.DLL:.text+0x1346f 0167:00564462 3b442410 cmp eax,dword ptr [esp+10] 0167:00564466 7507 jnz 0056446f = UTL625MI.DLL:.text+0x1346f 0167:00564468 8b4604 mov eax,dword ptr [esi+04] -------------------- 00c4fb3c 00c4fb54 -> 08 00 00 00 1c 1e a2 00 28 1e a2 00 74 fb c4 00 ........(...t... 00c4fb40 00c4fcac -> 9c 9a 78 81 22 00 00 00 b1 12 00 78 18 71 03 78 ..x."......x.q.x 00c4fb44 00a21dec -> 10 5b 57 00 c0 d0 d7 00 00 00 00 00 00 00 00 00 .[W............. 00c4fb48 00000000 00c4fb4c 1c85e538 = TL625MI.DLL:.data+0x4538 -> 04 00 00 00 d8 28 7a 81 00 00 00 00 00 00 00 00 .....(z......... 00c4fb50 00c4fcac -> 9c 9a 78 81 22 00 00 00 b1 12 00 78 18 71 03 78 ..x."......x.q.x 00c4fb54 00000008 00c4fb58 00a21e1c -> 00 00 00 00 28 1e a2 00 10 80 0c 00 24 1e a2 00 ....(.......$... 00c4fb5c 00a21e28 -> 24 1e a2 00 38 1e a2 00 00 00 00 00 84 82 10 00 $...8........... 00c4fb60 00c4fb74 -> 98 fb c4 00 cb 3a 57 00 00 00 00 00 2e 12 56 00 .....:W.......V. 00c4fb64 00573973 = UTL625MI.DLL:.text+0x22973 -> b8 e8 91 57 00 e9 35 e3 ff ff cc cc cc 8d 4d 04 ...W..5.......M. 00c4fb68 00000000 00c4fb6c 00564f10 = UTL625MI.DLL:.text+0x13f10 -------------------- 0167:00564eed 753c jnz 00564f2b = UTL625MI.DLL:.text+0x13f2b 0167:00564eef 6a08 push +08 0167:00564ef1 e89ac1feff call 00551090 = TL625MI.DLL!20 0167:00564ef6 83c404 add esp,+04 0167:00564ef9 89442400 mov dword ptr [esp],eax 0167:00564efd 85c0 test eax,eax 0167:00564eff c744240c00000000 mov dword ptr [esp+0c],00000000 0167:00564f07 741b jz 00564f24 = UTL625MI.DLL:.text+0x13f24 0167:00564f09 8bc8 mov ecx,eax 0167:00564f0b e8d0f4ffff call 005643e0 = UTL625MI.DLL!548 UTL625MI.DLL:.text+0x13f10: *0167:00564f10 a3e4f35700 mov dword ptr [0057f3e4],eax 0167:00564f15 8b4c2404 mov ecx,dword ptr [esp+04] 0167:00564f19 64890d00000000 mov dword ptr fs:[00000000],ecx 0167:00564f20 83c410 add esp,+10 0167:00564f23 c3 retd 0167:00564f24 33c0 xor eax,eax 0167:00564f26 a3e4f35700 mov dword ptr [0057f3e4],eax 0167:00564f2b 8b4c2404 mov ecx,dword ptr [esp+04] 0167:00564f2f 64890d00000000 mov dword ptr fs:[00000000],ecx 0167:00564f36 83c410 add esp,+10 0167:00564f39 c3 retd -------------------- 00c4fb70 00a21e1c -> 00 00 00 00 28 1e a2 00 10 80 0c 00 24 1e a2 00 ....(.......$... 00c4fb74 00c4fb98 -> f8 fc c4 00 d1 35 57 00 03 00 00 00 13 63 64 00 .....5W......cd. 00c4fb78 00573acb = UTL625MI.DLL:.text+0x22acb -------------------- 0167:00573abb cc int 3 0167:00573abc cc int 3 0167:00573abd cc int 3 0167:00573abe cc int 3 0167:00573abf cc int 3 0167:00573ac0 8b45f0 mov eax,dword ptr [ebp-10] 0167:00573ac3 50 push eax 0167:00573ac4 e87be0ffff call 00571b44 = TL625MI.DLL!21 0167:00573ac9 59 pop ecx 0167:00573aca c3 retd UTL625MI.DLL:.text+0x22acb: *0167:00573acb b830945700 mov eax,00579430 0167:00573ad0 e9dde1ffff jmp 00571cb2 = MSVCRT.DLL!__CxxFrameHandler 0167:00573ad5 cc int 3 0167:00573ad6 cc int 3 0167:00573ad7 cc int 3 0167:00573ad8 cc int 3 0167:00573ad9 cc int 3 0167:00573ada cc int 3 0167:00573adb cc int 3 0167:00573adc cc int 3 0167:00573add cc int 3 -------------------- 00c4fb7c 00000000 00c4fb80 0056122e = UTL625MI.DLL:.text+0x1022e -------------------- 0167:0056120c 8918 mov dword ptr [eax],ebx 0167:0056120e 66895804 mov word ptr [eax+04],bx 0167:00561212 885806 mov byte ptr [eax+06],bl 0167:00561215 885807 mov byte ptr [eax+07],bl 0167:00561218 66895808 mov word ptr [eax+08],bx 0167:0056121c eb02 jmp 00561220 = UTL625MI.DLL:.text+0x10220 0167:0056121e 33c0 xor eax,eax 0167:00561220 894610 mov dword ptr [esi+10],eax 0167:00561223 c706105b5700 mov dword ptr [esi],00575b10 0167:00561229 e8a23c0000 call 00564ed0 = UTL625MI.DLL!554 UTL625MI.DLL:.text+0x1022e: *0167:0056122e 8b4e10 mov ecx,dword ptr [esi+10] 0167:00561231 56 push esi 0167:00561232 8901 mov dword ptr [ecx],eax 0167:00561234 8b5610 mov edx,dword ptr [esi+10] 0167:00561237 668b44242c mov ax,word ptr [esp+2c] 0167:0056123c 8d4c242c lea ecx,[esp+2c] 0167:00561240 66894204 mov word ptr [edx+04],ax 0167:00561244 8b5610 mov edx,dword ptr [esi+10] 0167:00561247 51 push ecx 0167:00561248 8b0a mov ecx,dword ptr [edx] 0167:0056124a e871380000 call 00564ac0 = UTL625MI.DLL!552 -------------------- 00c4fb84 00c4fcac -> 9c 9a 78 81 22 00 00 00 b1 12 00 78 18 71 03 78 ..x."......x.q.x 00c4fb88 00a21dec -> 10 5b 57 00 c0 d0 d7 00 00 00 00 00 00 00 00 00 .[W............. 00c4fb8c 00c4fd04 -> 38 fe c4 00 c5 15 6b 1c 00 00 00 00 88 a6 70 1c 8.....k.......p. 00c4fb90 00000000 00c4fb94 00a21dec -> 10 5b 57 00 c0 d0 d7 00 00 00 00 00 00 00 00 00 .[W............. 00c4fb98 00c4fcf8 -> 70 fd c4 00 3a d8 6b 1d 06 00 00 00 38 fe c4 00 p...:.k.....8... 00c4fb9c 005735d1 = UTL625MI.DLL:.text+0x225d1 -> b8 08 89 57 00 e9 d7 e6 ff ff cc cc cc cc cc 8d ...W............ 00c4fba0 00000003 00c4fba4 00646313 = SVL625MI.DLL:.text+0x45313 -------------------- 0167:006462f7 8bf1 mov esi,ecx 0167:006462f9 6a00 push +00 0167:006462fb 51 push ecx 0167:006462fc 8bcc mov ecx,esp 0167:006462fe 6a0b push +0b 0167:00646300 6a13 push +13 0167:00646302 6820306600 push 00663020 0167:00646307 e8c4b9fcff call 00611cd0 = SVL625MI.DLL!6676 0167:0064630c 8bce mov ecx,esi 0167:0064630e e8ef7f0000 call 0064e302 = UTL625MI.DLL!982 SVL625MI.DLL:.text+0x45313: *0167:00646313 8d7e18 lea edi,[esi+18] 0167:00646316 c6461401 mov byte ptr [esi+14],01 0167:0064631a 57 push edi 0167:0064631b c70700000000 mov dword ptr [edi],00000000 0167:00646321 e8a47e0000 call 0064e1ca = SAL2.DLL!rtl_uString_new 0167:00646326 8d442418 lea eax,[esp+18] 0167:0064632a c7069c356500 mov dword ptr [esi],0065359c 0167:00646330 50 push eax 0167:00646331 e82a060000 call 00646960 = SVL625MI.DLL:.text+0x45960 0167:00646336 83c408 add esp,+08 0167:00646339 8d4c2414 lea ecx,[esp+14] -------------------- 00c4fba8 00d7d0c0 -> 02 00 00 00 13 00 00 00 4f 00 66 00 66 00 69 00 ........O.f.f.i. 00c4fbac 00000000 00c4fbb0 00c4fcac -> 9c 9a 78 81 22 00 00 00 b1 12 00 78 18 71 03 78 ..x."......x.q.x 00c4fbb4 0066a68c = SVL625MI.DLL:.data+0xa68c -> 70 d1 d7 00 00 00 00 00 01 00 00 00 8c a6 66 00 p.............f. 00c4fbb8 00c4fd04 -> 38 fe c4 00 c5 15 6b 1c 00 00 00 00 88 a6 70 1c 8.....k.......p. 00c4fbbc 00000000 00c4fbc0 0066a68c = SVL625MI.DLL:.data+0xa68c -> 70 d1 d7 00 00 00 00 00 01 00 00 00 8c a6 66 00 p.............f. 00c4fbc4 00646b13 = SVL625MI.DLL:.text+0x45b13 -------------------- 0167:00646aee e819770000 call 0064e20c = SAL2.DLL!osl_acquireMutex 0167:00646af3 8b0d94a66600 mov ecx,dword ptr [0066a694] 0167:00646af9 a190a66600 mov eax,dword ptr [0066a690] 0167:00646afe 83c404 add esp,+04 0167:00646b01 41 inc ecx 0167:00646b02 85c0 test eax,eax 0167:00646b04 890d94a66600 mov dword ptr [0066a694],ecx 0167:00646b0a 7534 jnz 00646b40 = SVL625MI.DLL:.text+0x45b40 0167:00646b0c 6a1c push +1c 0167:00646b0e e8bd700000 call 0064dbd0 = TL625MI.DLL!20 SVL625MI.DLL:.text+0x45b13: *0167:00646b13 83c404 add esp,+04 0167:00646b16 85c0 test eax,eax 0167:00646b18 741c jz 00646b36 = SVL625MI.DLL:.text+0x45b36 0167:00646b1a 8bc8 mov ecx,eax 0167:00646b1c e8cff7ffff call 006462f0 = SVL625MI.DLL:.text+0x452f0 0167:00646b21 a390a66600 mov dword ptr [0066a690],eax 0167:00646b26 8b0e mov ecx,dword ptr [esi] 0167:00646b28 51 push ecx 0167:00646b29 e8d8760000 call 0064e206 = SAL2.DLL!osl_releaseMutex 0167:00646b2e 83c404 add esp,+04 0167:00646b31 8bc7 mov eax,edi -------------------- 00c4fbc8 00646b21 = SVL625MI.DLL:.text+0x45b21 -------------------- 0167:00646b02 85c0 test eax,eax 0167:00646b04 890d94a66600 mov dword ptr [0066a694],ecx 0167:00646b0a 7534 jnz 00646b40 = SVL625MI.DLL:.text+0x45b40 0167:00646b0c 6a1c push +1c 0167:00646b0e e8bd700000 call 0064dbd0 = TL625MI.DLL!20 0167:00646b13 83c404 add esp,+04 0167:00646b16 85c0 test eax,eax 0167:00646b18 741c jz 00646b36 = SVL625MI.DLL:.text+0x45b36 0167:00646b1a 8bc8 mov ecx,eax 0167:00646b1c e8cff7ffff call 006462f0 = SVL625MI.DLL:.text+0x452f0 SVL625MI.DLL:.text+0x45b21: *0167:00646b21 a390a66600 mov dword ptr [0066a690],eax 0167:00646b26 8b0e mov ecx,dword ptr [esi] 0167:00646b28 51 push ecx 0167:00646b29 e8d8760000 call 0064e206 = SAL2.DLL!osl_releaseMutex 0167:00646b2e 83c404 add esp,+04 0167:00646b31 8bc7 mov eax,edi 0167:00646b33 5f pop edi 0167:00646b34 5e pop esi 0167:00646b35 c3 retd 0167:00646b36 c70590a6660000000000 mov dword ptr [0066a690],00000000 0167:00646b40 8b0e mov ecx,dword ptr [esi] -------------------- 00c4fbcc 00000000 00c4fbd0 1c70a688 = VCL625MI.DLL:.data+0x4688 -> 18 1d a2 00 00 00 00 00 40 bb 10 01 00 00 00 00 ........@....... 00c4fbd4 1d63401e = SFX625MI.DLL:.text+0x13301e -------------------- 0167:1d633ffd 83c404 add esp,+04 0167:1d634000 c645fc06 mov byte ptr [ebp-04],06 0167:1d634004 e8ef900600 call 1d69d0f8 = VCL625MI.DLL!294 0167:1d634009 25ff000000 and eax,000000ff 0167:1d63400e 85c0 test eax,eax 0167:1d634010 7560 jnz 1d634072 = SFX625MI.DLL:.text+0x133072 0167:1d634012 8d55a4 lea edx,[ebp-5c] 0167:1d634015 52 push edx 0167:1d634016 8d4da8 lea ecx,[ebp-58] 0167:1d634019 e8d2800600 call 1d69c0f0 = SVL625MI.DLL!261 SFX625MI.DLL:.text+0x13301e: *0167:1d63401e 898514ffffff mov dword ptr [ebp-000000ec],eax 0167:1d634024 8b8514ffffff mov eax,dword ptr [ebp-000000ec] 0167:1d63402a 898510ffffff mov dword ptr [ebp-000000f0],eax 0167:1d634030 c645fc07 mov byte ptr [ebp-04],07 0167:1d634034 8b8d10ffffff mov ecx,dword ptr [ebp-000000f0] 0167:1d63403a e8d3850600 call 1d69c612 = SVL625MI.DLL!264 0167:1d63403f 898544ffffff mov dword ptr [ebp-000000bc],eax 0167:1d634045 8b8d44ffffff mov ecx,dword ptr [ebp-000000bc] 0167:1d63404b 8b11 mov edx,dword ptr [ecx] 0167:1d63404d 52 push edx 0167:1d63404e 8d45e0 lea eax,[ebp-20] -------------------- 00c4fbd8 00c4fca8 -> c5 b9 f7 bf 9c 9a 78 81 22 00 00 00 b1 12 00 78 ......x."......x 00c4fbdc 81789684 -> 80 8d 7a 81 e0 3b 7a 81 00 00 00 00 00 00 00 00 ..z..;z......... 00c4fbe0 00000000 00c4fbe4 00a21d18 -> 00 00 10 01 00 00 00 00 01 00 00 00 00 00 00 00 ................ 00c4fbe8 00000000 00c4fbec 019f0020 00c4fbf0 00000000 00c4fbf4 1a8f0000 00c4fbf8 00000000 00c4fbfc 80000000 ... 00c4fc04 88000000 00c4fc08 55a70000 00c4fc0c 0000c05c 00c4fc10 bff55d3b = USER32.DLL:.text+0x4d3b -------------------- 0167:bff55d15 66ff75bc push word ptr [ebp-44] 0167:bff55d19 8d45b8 lea eax,[ebp-48] 0167:bff55d1c 50 push eax 0167:bff55d1d 804dec01 or byte ptr [ebp-14],01 0167:bff55d21 e8f4230000 call bff5811a = KERNEL32.DLL!FT_Thunk 0167:bff55d26 0fb7d8 movzx ebx,ax 0167:bff55d29 8b4d34 mov ecx,dword ptr [ebp+34] 0167:bff55d2c e8ef230000 call bff58120 = KERNEL32.DLL!SUnMapLS 0167:bff55d31 e8c0230000 call bff580f6 = KERNEL32.DLL!SUnMapLS_IP_EBP_16 0167:bff55d36 e8af230000 call bff580ea = KERNEL32.DLL!SUnMapLS_IP_EBP_12 USER32.DLL:.text+0x4d3b: *0167:bff55d3b e964240000 jmp bff581a4 = KERNEL32.DLL!FT_Exit48 0167:bff55d40 55 push ebp 0167:bff55d41 7372 jnc bff55db5 = USER32.DLL:.text+0x4db5 0167:bff55d43 3332 xor esi,dword ptr [edx] 0167:bff55d45 7468 jz bff55daf = USER32.DLL:.text+0x4daf 0167:bff55d47 6b436f6e imul eax,dword ptr [ebx+6f],6e 0167:bff55d4b 6e outs dx,byte ptr ds:[esi] 0167:bff55d4c 656374696f arpl word ptr gs:[ecx+ebp*2+6f],esi 0167:bff55d51 6e outs dx,byte ptr ds:[esi] 0167:bff55d52 44 inc esp 0167:bff55d53 61 popad -------------------- 00c4fc14 00c4fc31 -> fd c4 00 c4 26 f7 bf 26 5d f5 bf 00 70 c4 00 00 ....&..&]...p... ... 00c4fc1c 00000000 00c4fc20 02060000 00c4fc24 000013d7 00c4fc28 172706a7 00c4fc2c 0110bb40 = SOFFICE.EXE:.data+0xb40 -> 18 94 10 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00c4fc30 00c4fd64 -> 00 00 00 00 a2 11 00 00 00 00 00 00 90 fd c4 00 ................ 00c4fc34 bff726c4 = KERNEL32.DLL:_FREQASM+0x16c4 -> 55 8b ec 8b 45 08 f7 40 04 06 00 00 00 75 48 83 U...E..@.....uH. 00c4fc38 bff55d26 = USER32.DLL:.text+0x4d26 -------------------- 0167:bff55d05 8b4534 mov eax,dword ptr [ebp+34] 0167:bff55d08 e871230000 call bff5807e = KERNEL32.DLL!SMapLS 0167:bff55d0d 895534 mov dword ptr [ebp+34],edx 0167:bff55d10 50 push eax 0167:bff55d11 66ff752e push word ptr [ebp+2e] 0167:bff55d15 66ff75bc push word ptr [ebp-44] 0167:bff55d19 8d45b8 lea eax,[ebp-48] 0167:bff55d1c 50 push eax 0167:bff55d1d 804dec01 or byte ptr [ebp-14],01 0167:bff55d21 e8f4230000 call bff5811a = KERNEL32.DLL!FT_Thunk USER32.DLL:.text+0x4d26: *0167:bff55d26 0fb7d8 movzx ebx,ax 0167:bff55d29 8b4d34 mov ecx,dword ptr [ebp+34] 0167:bff55d2c e8ef230000 call bff58120 = KERNEL32.DLL!SUnMapLS 0167:bff55d31 e8c0230000 call bff580f6 = KERNEL32.DLL!SUnMapLS_IP_EBP_16 0167:bff55d36 e8af230000 call bff580ea = KERNEL32.DLL!SUnMapLS_IP_EBP_12 0167:bff55d3b e964240000 jmp bff581a4 = KERNEL32.DLL!FT_Exit48 0167:bff55d40 55 push ebp 0167:bff55d41 7372 jnc bff55db5 = USER32.DLL:.text+0x4db5 0167:bff55d43 3332 xor esi,dword ptr [edx] 0167:bff55d45 7468 jz bff55daf = USER32.DLL:.text+0x4daf 0167:bff55d47 6b436f6e imul eax,dword ptr [ebx+6f],6e -------------------- 00c4fc3c 00c47000 -> 00 00 00 00 00 00 00 00 00 00 10 00 00 00 00 00 ................ 00c4fc40 00000000 00c4fc44 8177a4a8 -> 06 00 06 00 30 83 65 c1 00 00 00 00 00 00 00 00 ....0.e......... 00c4fc48 00000001 00c4fc4c 800030a0 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00c4fc50 00000000 00c4fc54 00000001 00c4fc58 00000000 00c4fc5c 00c4fc94 -> fc fc c4 00 a1 e9 f2 65 20 00 00 00 0b 00 00 00 .......e ....... 00c4fc60 65f2b1cc = OLE32.DLL:.text+0x2a1cc -------------------- 0167:65f2b1ab ff7528 push dword ptr [ebp+28] 0167:65f2b1ae ff7524 push dword ptr [ebp+24] 0167:65f2b1b1 ff7520 push dword ptr [ebp+20] 0167:65f2b1b4 ff751c push dword ptr [ebp+1c] 0167:65f2b1b7 ff7518 push dword ptr [ebp+18] 0167:65f2b1ba ff7514 push dword ptr [ebp+14] 0167:65f2b1bd ff7510 push dword ptr [ebp+10] 0167:65f2b1c0 ff750c push dword ptr [ebp+0c] 0167:65f2b1c3 ff7508 push dword ptr [ebp+08] 0167:65f2b1c6 ff153412f065 call dword ptr [65f01234] -> USER32.DLL!CreateWindowExA OLE32.DLL:.text+0x2a1cc: *0167:65f2b1cc 5d pop ebp 0167:65f2b1cd c23000 retd 0030 0167:65f2b1d0 55 push ebp 0167:65f2b1d1 b91033fb65 mov ecx,65fb3310 0167:65f2b1d6 8bec mov ebp,esp 0167:65f2b1d8 83ec28 sub esp,+28 0167:65f2b1db 56 push esi 0167:65f2b1dc 57 push edi 0167:65f2b1dd be01000000 mov esi,00000001 0167:65f2b1e2 e8ee67fdff call 65f019d5 = OLE32.DLL:.text+0x9d5 0167:65f2b1e7 833d8033fb6500 cmp dword ptr [65fb3380],+00 -------------------- 00c4fc64 00000000 ... 00c4fc6c 800095a0 -> e0 00 f8 3a 7a f3 00 81 e4 00 80 30 7a f3 00 81 ...:z......0z... 00c4fc70 88000000 00c4fc74 bff86abb = KERNEL32.DLL:.text+0xdabb -------------------- 0167:bff86a97 0c53 or al,53 0167:bff86a99 ff7508 push dword ptr [ebp+08] 0167:bff86a9c e8106d0100 call bff9d7b1 = KERNEL32.DLL:.text+0x247b1 0167:bff86aa1 8945fc mov dword ptr [ebp-04],eax 0167:bff86aa4 395dfc cmp dword ptr [ebp-04],ebx 0167:bff86aa7 7519 jnz bff86ac2 = KERNEL32.DLL:.text+0xdac2 0167:bff86aa9 a1e49cfcbf mov eax,dword ptr [bffc9ce4] 0167:bff86aae 8b08 mov ecx,dword ptr [eax] 0167:bff86ab0 ffb198000000 push dword ptr [ecx+00000098] 0167:bff86ab6 e8706fffff call bff7da2b = KERNEL32.DLL:.text+0x4a2b KERNEL32.DLL:.text+0xdabb: *0167:bff86abb 8bf0 mov esi,eax 0167:bff86abd e990000000 jmp bff86b52 = KERNEL32.DLL:.text+0xdb52 0167:bff86ac2 85f6 test esi,esi 0167:bff86ac4 7416 jz bff86adc = KERNEL32.DLL:.text+0xdadc 0167:bff86ac6 57 push edi 0167:bff86ac7 8d45f4 lea eax,[ebp-0c] 0167:bff86aca 50 push eax 0167:bff86acb 8d4dfc lea ecx,[ebp-04] 0167:bff86ace 51 push ecx 0167:bff86acf e89c270100 call bff99270 = KERNEL32.DLL:.text+0x20270 0167:bff86ad4 85c0 test eax,eax -------------------- 00c4fc78 81789684 -> 80 8d 7a 81 e0 3b 7a 81 00 00 00 00 00 00 00 00 ..z..;z......... 00c4fc7c 00000000 00c4fc80 8177dd12 -> 22 43 3a 5c 57 49 4e 44 4f 57 53 5c 44 45 53 4b "C:\WINDOWS\DESK 00c4fc84 00000000 ... 00c4fc8c 65f00000 = OLE32.DLL+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 00c4fc90 00000000 00c4fc94 00c4fcfc -> 3a d8 6b 1d 06 00 00 00 38 fe c4 00 c5 15 6b 1c :.k.....8.....k. 00c4fc98 65f2e9a1 = OLE32.DLL:.text+0x2d9a1 -------------------- 0167:65f2e981 b800000080 mov eax,80000000 0167:65f2e986 50 push eax 0167:65f2e987 50 push eax 0167:65f2e988 50 push eax 0167:65f2e989 50 push eax 0167:65f2e98a 6800000088 push 88000000 0167:65f2e98f ff354c3efb65 push dword ptr [65fb3e4c] 0167:65f2e995 ff35483efb65 push dword ptr [65fb3e48] 0167:65f2e99b 57 push edi 0167:65f2e99c e8e4c7ffff call 65f2b185 = OLE32.DLL:.text+0x2a185 OLE32.DLL:.text+0x2d9a1: *0167:65f2e9a1 a330e0fa65 mov dword ptr [65fae030],eax 0167:65f2e9a6 3bc7 cmp eax,edi 0167:65f2e9a8 0f846d230100 jz 65f40d1b = OLE32.DLL:.text+0x3fd1b 0167:65f2e9ae 8bc6 mov eax,esi 0167:65f2e9b0 5f pop edi 0167:65f2e9b1 5e pop esi 0167:65f2e9b2 8be5 mov esp,ebp 0167:65f2e9b4 5d pop ebp 0167:65f2e9b5 c3 retd 0167:65f2e9b6 0000 add byte ptr [eax],al 0167:65f2e9b8 41 inc ecx -------------------- 00c4fc9c 00000020 00c4fca0 0000000b 00c4fca4 00000022 00c4fca8 bff7b9c5 = KERNEL32.DLL:.text+0x29c5 -------------------- 0167:bff7b9a9 e81389ffff call bff742c1 = KERNEL32.DLL:_FREQASM+0x32c1 0167:bff7b9ae 5e pop esi 0167:bff7b9af c20400 retd 0004 0167:bff7b9b2 56 push esi 0167:bff7b9b3 8b742408 mov esi,dword ptr [esp+08] 0167:bff7b9b7 8a06 mov al,byte ptr [esi] 0167:bff7b9b9 3c04 cmp al,04 0167:bff7b9bb 7508 jnz bff7b9c5 = KERNEL32.DLL:.text+0x29c5 0167:bff7b9bd ff7604 push dword ptr [esi+04] 0167:bff7b9c0 e82989ffff call bff742ee = KERNEL32.DLL:_FREQASM+0x32ee KERNEL32.DLL:.text+0x29c5: *0167:bff7b9c5 5e pop esi 0167:bff7b9c6 c20400 retd 0004 0167:bff7b9c9 64a100000000 mov eax,dword ptr fs:[00000000] 0167:bff7b9cf 55 push ebp 0167:bff7b9d0 8bec mov ebp,esp 0167:bff7b9d2 6aff push -01 0167:bff7b9d4 685092f7bf push bff79250 0167:bff7b9d9 68b405fcbf push bffc05b4 0167:bff7b9de 50 push eax 0167:bff7b9df 8b4508 mov eax,dword ptr [ebp+08] 0167:bff7b9e2 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 00c4fcac 81789a9c -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00c4fcb0 00000022 00c4fcb4 780012b1 = MSVCRT.DLL:.text+0x2b1 -------------------- 0167:7800128d 8816 mov byte ptr [esi],dl 0167:7800128f 8d4608 lea eax,[esi+08] 0167:78001292 e91fffffff jmp 780011b6 = MSVCRT.DLL:.text+0x1b6 0167:78001297 33c0 xor eax,eax 0167:78001299 e920ffffff jmp 780011be = MSVCRT.DLL:.text+0x1be 0167:7800129e 55 push ebp 0167:7800129f 8bec mov ebp,esp 0167:780012a1 8b4508 mov eax,dword ptr [ebp+08] 0167:780012a4 ff348528700378 push dword ptr [eax*4+78037028] 0167:780012ab ff1548e00278 call dword ptr [7802e048] -> KERNEL32.DLL!LeaveCriticalSection MSVCRT.DLL:.text+0x2b1: *0167:780012b1 5d pop ebp 0167:780012b2 c3 retd 0167:780012b3 ff3550710378 push dword ptr [78037150] 0167:780012b9 ff742408 push dword ptr [esp+08] 0167:780012bd e803000000 call 780012c5 = MSVCRT.DLL:.text+0x2c5 0167:780012c2 59 pop ecx 0167:780012c3 59 pop ecx 0167:780012c4 c3 retd 0167:780012c5 837c2404e0 cmp dword ptr [esp+04],-20 0167:780012ca 0f878bb90000 ja 7800cc5b = MSVCRT.DLL:.text+0xbc5b 0167:780012d0 ff742404 push dword ptr [esp+04] -------------------- 00c4fcb8 78037118 = MSVCRT.DLL:.data+0x2118 -> 04 00 00 00 9c 9a 78 81 00 00 00 00 00 00 00 00 ......x......... 00c4fcbc 00c4fcf4 -> 70 a5 4d 00 70 fd c4 00 3a d8 6b 1d 06 00 00 00 p.M.p...:.k..... 00c4fcc0 7800ccb3 = MSVCRT.DLL:.text+0xbcb3 -------------------- 0167:7800cc9a 85c0 test eax,eax 0167:7800cc9c 7503 jnz 7800cca1 = MSVCRT.DLL:.text+0xbca1 0167:7800cc9e 6a01 push +01 0167:7800cca0 58 pop eax 0167:7800cca1 83c00f add eax,+0f 0167:7800cca4 24f0 and al,f0 0167:7800cca6 50 push eax 0167:7800cca7 e9cb46ffff jmp 78001377 = MSVCRT.DLL:.text+0x377 0167:7800ccac 6a09 push +09 0167:7800ccae e8eb45ffff call 7800129e = MSVCRT.DLL!_unlock MSVCRT.DLL:.text+0xbcb3: *0167:7800ccb3 59 pop ecx 0167:7800ccb4 c3 retd 0167:7800ccb5 6a10 push +10 0167:7800ccb7 5e pop esi 0167:7800ccb8 e97146ffff jmp 7800132e = MSVCRT.DLL:.text+0x32e 0167:7800ccbd 8b7508 mov esi,dword ptr [ebp+08] 0167:7800ccc0 e9c246ffff jmp 78001387 = MSVCRT.DLL:.text+0x387 0167:7800ccc5 6a01 push +01 0167:7800ccc7 58 pop eax 0167:7800ccc8 e9b06dffff jmp 78003a7d = MSVCRT.DLL:.text+0x2a7d 0167:7800cccd 33db xor ebx,ebx -------------------- 00c4fcc4 0000000b 00c4fcc8 00d75378 -> 43 00 6f 00 6e 00 74 00 65 00 6e 00 74 00 2e 00 C.o.n.t.e.n.t... 00c4fccc 0000000b 00c4fcd0 00d75370 -> 01 00 00 00 0b 00 00 00 43 00 6f 00 6e 00 74 00 ........C.o.n.t. 00c4fcd4 0040d512 = SAL2.DLL:.text+0xc512 -------------------- 0167:0040d4fc 8b542420 mov edx,dword ptr [esp+20] 0167:0040d500 51 push ecx 0167:0040d501 8b4c2420 mov ecx,dword ptr [esp+20] 0167:0040d505 52 push edx 0167:0040d506 8b542420 mov edx,dword ptr [esp+20] 0167:0040d50a 51 push ecx 0167:0040d50b 8b08 mov ecx,dword ptr [eax] 0167:0040d50d 52 push edx 0167:0040d50e 51 push ecx 0167:0040d50f ff5004 call dword ptr [eax+04] SAL2.DLL:.text+0xc512: *0167:0040d512 83c424 add esp,+24 0167:0040d515 c3 retd 0167:0040d516 90 nop 0167:0040d517 90 nop 0167:0040d518 90 nop 0167:0040d519 90 nop 0167:0040d51a 90 nop 0167:0040d51b 90 nop 0167:0040d51c 90 nop 0167:0040d51d 90 nop 0167:0040d51e 90 nop -------------------- 00c4fcd8 004da570 = SAL2.DLL:.data+0x570 -> 17 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00c4fcdc 00000000 00c4fce0 00000044 00c4fce4 004da570 = SAL2.DLL:.data+0x570 -> 17 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00c4fce8 00a21d18 -> 00 00 10 01 00 00 00 00 01 00 00 00 00 00 00 00 ................ 00c4fcec 00d75108 -> 1c e5 ea 00 c0 e4 ea 00 ac e4 ea 00 94 e4 ea 00 ................ 00c4fcf0 00404bea = SAL2.DLL:.text+0x3bea -------------------- 0167:00404bd9 90 nop 0167:00404bda 90 nop 0167:00404bdb 90 nop 0167:00404bdc 90 nop 0167:00404bdd 90 nop 0167:00404bde 90 nop 0167:00404bdf 90 nop 0167:00404be0 8b442404 mov eax,dword ptr [esp+04] 0167:00404be4 50 push eax 0167:00404be5 e816760000 call 0040c200 = SAL2.DLL!osl_incrementInterlockedCount SAL2.DLL:.text+0x3bea: *0167:00404bea 59 pop ecx 0167:00404beb c3 retd 0167:00404bec 90 nop 0167:00404bed 90 nop 0167:00404bee 90 nop 0167:00404bef 90 nop 0167:00404bf0 56 push esi 0167:00404bf1 8b742408 mov esi,dword ptr [esp+08] 0167:00404bf5 56 push esi 0167:00404bf6 e825760000 call 0040c220 = SAL2.DLL!osl_decrementInterlockedCount 0167:00404bfb 83c404 add esp,+04 -------------------- 00c4fcf4 004da570 = SAL2.DLL:.data+0x570 -> 17 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00c4fcf8 00c4fd70 -> 90 fd c4 00 ba 57 6f 1c 02 00 00 00 68 14 6b 1c .....Wo.....h.k. 00c4fcfc 1d6bd83a = SFX625MI.DLL:.text+0x1bc83a -------------------- 0167:1d6bd81d e8bc00feff call 1d69d8de = TL625MI.DLL!242 0167:1d6bd822 c3 retd 0167:1d6bd823 8d4dbc lea ecx,[ebp-44] 0167:1d6bd826 e8e540e4ff call 1d501910 = SFX625MI.DLL!40 0167:1d6bd82b c3 retd 0167:1d6bd82c 8b856cffffff mov eax,dword ptr [ebp-00000094] 0167:1d6bd832 50 push eax 0167:1d6bd833 e810cbfdff call 1d69a348 = VOS2MSC.DLL!609 0167:1d6bd838 59 pop ecx 0167:1d6bd839 c3 retd SFX625MI.DLL:.text+0x1bc83a: *0167:1d6bd83a b808836f1d mov eax,1d6f8308 0167:1d6bd83f e9320ffeff jmp 1d69e776 = MSVCRT.DLL!__CxxFrameHandler 0167:1d6bd844 cc int 3 0167:1d6bd845 cc int 3 0167:1d6bd846 cc int 3 0167:1d6bd847 cc int 3 0167:1d6bd848 cc int 3 0167:1d6bd849 cc int 3 0167:1d6bd84a cc int 3 0167:1d6bd84b cc int 3 0167:1d6bd84c cc int 3 -------------------- 00c4fd00 00000006 00c4fd04 00c4fe38 -> 78 ff c4 00 60 b5 f8 bf 00 00 00 00 a8 a4 77 81 x...`.........w. 00c4fd08 1c6b15c5 = VCL625MI.DLL:.text+0xb05c5 -------------------- 0167:1c6b15a7 50 push eax 0167:1c6b15a8 897c240c mov dword ptr [esp+0c],edi 0167:1c6b15ac e8df020400 call 1c6f1890 = SAL2.DLL!rtl_uString_new 0167:1c6b15b1 83c404 add esp,+04 0167:1c6b15b4 8b4e08 mov ecx,dword ptr [esi+08] 0167:1c6b15b7 c644246c02 mov byte ptr [esp+6c],02 0167:1c6b15bc 3bcf cmp ecx,edi 0167:1c6b15be 7405 jz 1c6b15c5 = VCL625MI.DLL:.text+0xb05c5 0167:1c6b15c0 8b11 mov edx,dword ptr [ecx] 0167:1c6b15c2 ff522c call dword ptr [edx+2c] VCL625MI.DLL:.text+0xb05c5: *0167:1c6b15c5 e8d6730200 call 1c6d89a0 = VCL625MI.DLL:.text+0xd79a0 0167:1c6b15ca 3bc7 cmp eax,edi 0167:1c6b15cc 894604 mov dword ptr [esi+04],eax 0167:1c6b15cf 7531 jnz 1c6b1602 = VCL625MI.DLL:.text+0xb0602 0167:1c6b15d1 8b442408 mov eax,dword ptr [esp+08] 0167:1c6b15d5 50 push eax 0167:1c6b15d6 e8bb020400 call 1c6f1896 = SAL2.DLL!rtl_uString_release 0167:1c6b15db 83c404 add esp,+04 0167:1c6b15de 8d4c2414 lea ecx,[esp+14] 0167:1c6b15e2 c744246cffffffff mov dword ptr [esp+6c],ffffffff 0167:1c6b15ea e82f020400 call 1c6f181e = VOS2MSC.DLL!160 -------------------- 00c4fd0c 00000000 00c4fd10 1c70a688 = VCL625MI.DLL:.data+0x4688 -> 18 1d a2 00 00 00 00 00 40 bb 10 01 00 00 00 00 ........@....... 00c4fd14 004da570 = SAL2.DLL:.data+0x570 -> 17 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00c4fd18 7801a58a = MSVCRT.DLL:.text+0x1958a -------------------- 0167:7801a566 8975e0 mov dword ptr [ebp-20],esi 0167:7801a569 834dfcff or dword ptr [ebp-04],-01 0167:7801a56d e811000000 call 7801a583 = MSVCRT.DLL:.text+0x19583 0167:7801a572 837de400 cmp dword ptr [ebp-1c],+00 0167:7801a576 e91770feff jmp 78001592 = MSVCRT.DLL:.text+0x592 0167:7801a57b 8b75e0 mov esi,dword ptr [ebp-20] 0167:7801a57e ebe9 jmp 7801a569 = MSVCRT.DLL:.text+0x19569 0167:7801a580 8b75e0 mov esi,dword ptr [ebp-20] 0167:7801a583 6a09 push +09 0167:7801a585 e8146dfeff call 7800129e = MSVCRT.DLL!_unlock MSVCRT.DLL:.text+0x1958a: *0167:7801a58a 59 pop ecx 0167:7801a58b c3 retd 0167:7801a58c 8b75e0 mov esi,dword ptr [ebp-20] 0167:7801a58f e92b70feff jmp 780015bf = MSVCRT.DLL:.text+0x5bf 0167:7801a594 55 push ebp 0167:7801a595 8bec mov ebp,esp 0167:7801a597 51 push ecx 0167:7801a598 51 push ecx 0167:7801a599 53 push ebx 0167:7801a59a 56 push esi 0167:7801a59b 57 push edi -------------------- 00c4fd1c 00000009 00c4fd20 1c20f548 = VOS2MSC.DLL!166 -> a0 97 20 1c 60 97 20 1c 20 9e 20 1c 90 9d 20 1c .. .`. . . ... . 00c4fd24 00000000 ... 00c4fd2c 00000044 00c4fd30 00000000 ... 00c4fd58 00000401 00c4fd5c 00000001 00c4fd60 00000000 ... 00c4fd68 000011a2 00c4fd6c 00000000 00c4fd70 00c4fd90 -> 28 fe c4 00 48 57 6f 1c 00 00 00 00 05 2d 10 01 (...HWo......-.. 00c4fd74 1c6f57ba = VCL625MI.DLL:.text+0xf47ba -------------------- 0167:1c6f57a4 8b45a0 mov eax,dword ptr [ebp-60] 0167:1c6f57a7 50 push eax 0167:1c6f57a8 e899b9ffff call 1c6f1146 = TL625MI.DLL!21 0167:1c6f57ad 59 pop ecx 0167:1c6f57ae c3 retd 0167:1c6f57af 8b45a0 mov eax,dword ptr [ebp-60] 0167:1c6f57b2 50 push eax 0167:1c6f57b3 e88ac0ffff call 1c6f1842 = VOS2MSC.DLL!609 0167:1c6f57b8 59 pop ecx 0167:1c6f57b9 c3 retd VCL625MI.DLL:.text+0xf47ba: *0167:1c6f57ba b8d0f16f1c mov eax,1c6ff1d0 0167:1c6f57bf e9ccc6ffff jmp 1c6f1e90 = MSVCRT.DLL!__CxxFrameHandler 0167:1c6f57c4 cc int 3 0167:1c6f57c5 cc int 3 0167:1c6f57c6 cc int 3 0167:1c6f57c7 cc int 3 0167:1c6f57c8 cc int 3 0167:1c6f57c9 cc int 3 0167:1c6f57ca cc int 3 0167:1c6f57cb cc int 3 0167:1c6f57cc cc int 3 -------------------- 00c4fd78 00000002 00c4fd7c 1c6b1468 = VCL625MI.DLL:.text+0xb0468 -------------------- 0167:1c6b143e 64892500000000 mov dword ptr fs:[00000000],esp 0167:1c6b1445 51 push ecx 0167:1c6b1446 53 push ebx 0167:1c6b1447 56 push esi 0167:1c6b1448 8b35089d701c mov esi,dword ptr [1c709d08] -> VCL625MI.DLL:.data+0x4688 0167:1c6b144e c744240800000000 mov dword ptr [esp+08],00000000 0167:1c6b1456 8d442408 lea eax,[esp+08] 0167:1c6b145a c744241400000000 mov dword ptr [esp+14],00000000 0167:1c6b1462 50 push eax 0167:1c6b1463 e858000000 call 1c6b14c0 = VCL625MI.DLL!341 VCL625MI.DLL:.text+0xb0468: *0167:1c6b1468 8ad8 mov bl,al 0167:1c6b146a 83c404 add esp,+04 0167:1c6b146d 84db test bl,bl 0167:1c6b146f 7415 jz 1c6b1486 = VCL625MI.DLL:.text+0xb0486 0167:1c6b1471 8b4e08 mov ecx,dword ptr [esi+08] 0167:1c6b1474 c6868600000001 mov byte ptr [esi+00000086],01 0167:1c6b147b 8b11 mov edx,dword ptr [ecx] 0167:1c6b147d ff12 call dword ptr [edx] 0167:1c6b147f c6868600000000 mov byte ptr [esi+00000086],00 0167:1c6b1486 e815030000 call 1c6b17a0 = VCL625MI.DLL!340 0167:1c6b148b 8b442408 mov eax,dword ptr [esp+08] -------------------- 00c4fd80 00c4fd8c -> 00 00 00 00 28 fe c4 00 48 57 6f 1c 00 00 00 00 ....(...HWo..... 00c4fd84 8177dd12 -> 22 43 3a 5c 57 49 4e 44 4f 57 53 5c 44 45 53 4b "C:\WINDOWS\DESK 00c4fd88 00000000 ... 00c4fd90 00c4fe28 -> 68 ff c4 00 0e 84 10 01 88 98 10 01 00 00 00 00 h............... 00c4fd94 1c6f5748 = VCL625MI.DLL:.text+0xf4748 -> b8 a8 f1 6f 1c e9 3e c7 ff ff cc cc cc cc cc cc ...o..>......... 00c4fd98 00000000 00c4fd9c 01102d05 = SOFFICE.EXE:.text+0x1d05 -------------------- 0167:01102cef cc int 3 0167:01102cf0 836c240414 sub dword ptr [esp+04],+14 0167:01102cf5 e936fdffff jmp 01102a30 = SOFFICE.EXE:.text+0x1a30 0167:01102cfa cc int 3 0167:01102cfb cc int 3 0167:01102cfc cc int 3 0167:01102cfd cc int 3 0167:01102cfe cc int 3 0167:01102cff cc int 3 0167:01102d00 e881030000 call 01103086 = VCL625MI.DLL!343 SOFFICE.EXE:.text+0x1d05: *0167:01102d05 33c0 xor eax,eax 0167:01102d07 c21000 retd 0010 0167:01102d0a 90 nop 0167:01102d0b 90 nop 0167:01102d0c 90 nop 0167:01102d0d 90 nop 0167:01102d0e 90 nop 0167:01102d0f 90 nop 0167:01102d10 ff2534911001 jmp dword ptr [01109134] -> SAL2.DLL!rtl_uString_release 0167:01102d16 ff2544911001 jmp dword ptr [01109144] -> SAL2.DLL!rtl_uString_assign 0167:01102d1c ff2548911001 jmp dword ptr [01109148] -> SAL2.DLL!rtl_uString_newFromAscii -------------------- 00c4fda0 01108344 = SOFFICE.EXE:.text+0x7344 -------------------- 0167:0110832f ebf5 jmp 01108326 = SOFFICE.EXE:.text+0x7326 0167:01108331 6a0a push +0a 0167:01108333 58 pop eax 0167:01108334 50 push eax 0167:01108335 56 push esi 0167:01108336 53 push ebx 0167:01108337 53 push ebx 0167:01108338 ff1504901001 call dword ptr [01109004] -> KERNEL32.DLL!GetModuleHandleA 0167:0110833e 50 push eax 0167:0110833f e8bca9ffff call 01102d00 = SOFFICE.EXE:.text+0x1d00 SOFFICE.EXE:.text+0x7344: *0167:01108344 894598 mov dword ptr [ebp-68],eax 0167:01108347 50 push eax 0167:01108348 ff1544901001 call dword ptr [01109044] -> MSVCRT.DLL!exit 0167:0110834e 8b45ec mov eax,dword ptr [ebp-14] 0167:01108351 8b08 mov ecx,dword ptr [eax] 0167:01108353 8b09 mov ecx,dword ptr [ecx] 0167:01108355 894d88 mov dword ptr [ebp-78],ecx 0167:01108358 50 push eax 0167:01108359 51 push ecx 0167:0110835a e869000000 call 011083c8 = MSVCRT.DLL!_XcptFilter 0167:0110835f 59 pop ecx -------------------- 00c4fda4 01100000 = SOFFICE.EXE+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 00c4fda8 00000000 00c4fdac 8177dd12 -> 22 43 3a 5c 57 49 4e 44 4f 57 53 5c 44 45 53 4b "C:\WINDOWS\DESK 00c4fdb0 00000001 00c4fdb4 00000000 00c4fdb8 8177a4a8 -> 06 00 06 00 30 83 65 c1 00 00 00 00 00 00 00 00 ....0.e......... 00c4fdbc 00b40000 00c4fdc0 00000001 00c4fdc4 8177dd12 -> 22 43 3a 5c 57 49 4e 44 4f 57 53 5c 44 45 53 4b "C:\WINDOWS\DESK 00c4fdc8 00d75550 -> 5c 55 d7 00 90 55 d7 00 00 00 00 00 43 3a 5c 50 \U...U......C:\P 00c4fdcc 00000000 ... 00c4fdd4 00d70e50 -> 30 0e d7 00 10 0e d7 00 f0 0d d7 00 d0 0d d7 00 0............... 00c4fdd8 00000002 00c4fddc 00000044 00c4fde0 00000000 ... 00c4fe08 00000401 00c4fe0c 00000001 00c4fe10 00000000 ... 00c4fe18 000011a2 00c4fe1c 00000000 00c4fe20 00c4fdb4 -> 00 00 00 00 a8 a4 77 81 00 00 b4 00 01 00 00 00 ......w......... 00c4fe24 8177a4a8 -> 06 00 06 00 30 83 65 c1 00 00 00 00 00 00 00 00 ....0.e......... 00c4fe28 00c4ff68 -> ff ff ff ff b4 05 fc bf 38 91 f7 bf 00 00 00 00 ........8....... 00c4fe2c 0110840e = SOFFICE.EXE:.text+0x740e -> ff 25 20 90 10 01 ff 25 1c 90 10 01 ff 25 10 90 .% ....%.....%.. 00c4fe30 01109888 = SOFFICE.EXE:.rdata+0x888 -> ff ff ff ff 4e 83 10 01 62 83 10 01 00 00 00 00 ....N...b....... 00c4fe34 00000000 00c4fe38 00c4ff78 -> f4 ff c4 00 12 b4 f8 bf a0 b3 78 81 08 00 00 00 ..........x..... 00c4fe3c bff8b560 = KERNEL32!ApplicationStartup -------------------- 0167:bff8b53c 7413 jz bff8b551 = KERNEL32.DLL:.text+0x12551 0167:bff8b53e 6a00 push +00 0167:bff8b540 56 push esi 0167:bff8b541 e82859ffff call bff80e6e = KERNEL32.DLL:.text+0x7e6e 0167:bff8b546 50 push eax 0167:bff8b547 6800050000 push 00000500 0167:bff8b54c e8c45fffff call bff81515 = KERNEL32.DLL:.text+0x8515 0167:bff8b551 c745fc00000000 mov dword ptr [ebp-04],00000000 0167:bff8b558 8b45d4 mov eax,dword ptr [ebp-2c] 0167:bff8b55b e8b98dfeff call bff74319 = KERNEL32.DLL:_FREQASM+0x3319 KERNEL32!ApplicationStartup: *0167:bff8b560 8945d8 mov dword ptr [ebp-28],eax 0167:bff8b563 eb1a jmp bff8b57f = KERNEL32.DLL:.text+0x1257f 0167:bff8b565 ff75ec push dword ptr [ebp-14] 0167:bff8b568 e8c7250100 call bff9db34 = KERNEL32.DLL!UnhandledExceptionFilter 0167:bff8b56d c3 retd 0167:bff8b56e 8b65e8 mov esp,dword ptr [ebp-18] 0167:bff8b571 8b45e0 mov eax,dword ptr [ebp-20] 0167:bff8b574 80480308 or byte ptr [eax+03],08 0167:bff8b578 6aff push -01 0167:bff8b57a e8501c0000 call bff8d1cf = KERNEL32.DLL:.text+0x141cf 0167:bff8b57f c745fcffffffff mov dword ptr [ebp-04],ffffffff -------------------- 00c4fe40 00000000 00c4fe44 8177a4a8 -> 06 00 06 00 30 83 65 c1 00 00 00 00 00 00 00 00 ....0.e......... 00c4fe48 00b40000 00c4fe4c 66666f53 00c4fe50 00656369 = SVL625MI.DLL:.rdata+0x5369 -> ff ff ff 20 02 65 00 00 00 00 00 2b 02 65 00 01 ... .e.....+.e.. 00c4fe54 00455845 = SAL2.DLL:.rdata+0x39845 -> 63 04 63 05 63 06 63 0a 63 0b 63 0c 63 0d 63 0f c.c.c.c.c.c.c.c. 00c4fe58 00000000 ... 00c4ff38 00c4ff6c -> b4 05 fc bf 38 91 f7 bf 00 00 00 00 f4 ff c4 00 ....8........... 00c4ff3c 81709050 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 00c4ff40 8177dd34 -> 3c 00 00 a0 74 66 79 81 84 6b 79 81 b4 5a 79 81 <...tfy..ky..Zy. 00c4ff44 d0695490 -> 01 00 00 00 a0 b3 78 81 a8 a4 77 81 e0 22 70 d0 ......x...w.."p. 00c4ff48 00c4ff6c -> b4 05 fc bf 38 91 f7 bf 00 00 00 00 f4 ff c4 00 ....8........... 00c4ff4c 01108210 = SOFFICE.EXE:.text+0x7210 -> 55 8b ec 6a ff 68 88 98 10 01 68 0e 84 10 01 64 U..j.h....h....d 00c4ff50 bff7b326 = KERNEL32.DLL:.text+0x2326 -------------------- 0167:bff7b309 8b00 mov eax,dword ptr [eax] 0167:bff7b30b 894304 mov dword ptr [ebx+04],eax 0167:bff7b30e 6800020000 push 00000200 0167:bff7b313 51 push ecx 0167:bff7b314 ff75fc push dword ptr [ebp-04] 0167:bff7b317 56 push esi 0167:bff7b318 e8f4edffff call bff7a111 = KERNEL32.DLL:.text+0x1111 0167:bff7b31d ff750c push dword ptr [ebp+0c] 0167:bff7b320 56 push esi 0167:bff7b321 e8caedffff call bff7a0f0 = KERNEL32.DLL:.text+0x10f0 KERNEL32.DLL:.text+0x2326: *0167:bff7b326 b801000000 mov eax,00000001 0167:bff7b32b 5f pop edi 0167:bff7b32c 5e pop esi 0167:bff7b32d 5b pop ebx 0167:bff7b32e 8be5 mov esp,ebp 0167:bff7b330 5d pop ebp 0167:bff7b331 c20c00 retd 000c 0167:bff7b334 55 push ebp 0167:bff7b335 8bec mov ebp,esp 0167:bff7b337 83ec04 sub esp,+04 0167:bff7b33a a1e49cfcbf mov eax,dword ptr [bffc9ce4] -------------------- 00c4ff54 00000000 00c4ff58 8177a4c8 -> 00 02 00 00 40 87 01 00 67 4b 7a 00 02 00 02 00 ....@...gKz..... 00c4ff5c 5c960000 00c4ff60 00c4fe40 -> 00 00 00 00 a8 a4 77 81 00 00 b4 00 53 6f 66 66 ......w.....Soff 00c4ff64 00c4f5f4 -> cc f6 c4 00 e8 f6 c4 00 20 f6 c4 00 49 68 f7 bf ........ ...Ih.. 00c4ff68 ffffffff 00c4ff6c bffc05b4 = KERNEL32.DLL:.text+0x475b4 -> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E 00c4ff70 bff79138 = KERNEL32.DLL:.text+0x138 -> ff ff ff ff 65 b5 f8 bf 6e b5 f8 bf 00 00 00 00 ....e...n....... 00c4ff74 00000000 00c4ff78 00c4fff4 -> ec 4f 8d 83 d5 9d f8 bf 00 00 00 00 .O.......... 00c4ff7c bff8b412 = KERNEL32.DLL:.text+0x12412 -------------------- 0167:bff8b3f3 ff7508 push dword ptr [ebp+08] 0167:bff8b3f6 56 push esi 0167:bff8b3f7 e8c9560000 call bff90ac5 = KERNEL32.DLL:.text+0x17ac5 0167:bff8b3fc ff7508 push dword ptr [ebp+08] 0167:bff8b3ff 33ff xor edi,edi 0167:bff8b401 57 push edi 0167:bff8b402 ff7634 push dword ptr [esi+34] 0167:bff8b405 e80397feff call bff74b0d = KERNEL32.DLL:_FREQASM+0x3b0d 0167:bff8b40a 897d08 mov dword ptr [ebp+08],edi 0167:bff8b40d e84a000000 call bff8b45c = KERNEL32.DLL:.text+0x1245c KERNEL32.DLL:.text+0x12412: *0167:bff8b412 a1e49cfcbf mov eax,dword ptr [bffc9ce4] 0167:bff8b417 8b00 mov eax,dword ptr [eax] 0167:bff8b419 83c060 add eax,+60 0167:bff8b41c 50 push eax 0167:bff8b41d e8cb8dfeff call bff741ed = KERNEL32.DLL!98 0167:bff8b422 e87626ffff call bff7da9d = KERNEL32.DLL:.text+0x4a9d 0167:bff8b427 8945f0 mov dword ptr [ebp-10],eax 0167:bff8b42a 837df800 cmp dword ptr [ebp-08],+00 0167:bff8b42e 7408 jz bff8b438 = KERNEL32.DLL:.text+0x12438 0167:bff8b430 ff75f8 push dword ptr [ebp-08] 0167:bff8b433 e843020000 call bff8b67b = KERNEL32.DLL:.text+0x1267b -------------------- 00c4ff80 8178b3a0 -> 07 00 01 00 c0 1c 83 d0 bc f5 c4 00 00 00 c5 00 ................ 00c4ff84 00000008 00c4ff88 8177a4a8 -> 06 00 06 00 30 83 65 c1 00 00 00 00 00 00 00 00 ....0.e......... 00c4ff8c 00000000 ... 00c4ffd0 0002ffff 00c4ffd4 0000f2c4 00c4ffd8 00c4e000 -> d1 85 40 00 24 13 f7 bf 78 00 00 00 f2 e0 c4 00 ..@.$...x....... 00c4ffdc 00c50000 00c4ffe0 00000000 00c4ffe4 ffffffff 00c4ffe8 81752b1c -> 50 45 00 00 4c 01 04 00 a5 ec cd 3a 00 00 00 00 PE..L......:.... 00c4ffec 00000000 00c4fff0 49bf5c96 00c4fff4 838d4fec 00c4fff8 bff89dd5 = KERNEL32.DLL:.text+0x10dd5 -------------------- 0167:bff89db2 e8a94b0000 call bff8e960 = KERNEL32.DLL:.text+0x15960 0167:bff89db7 56 push esi 0167:bff89db8 e8e32bffff call bff7c9a0 = KERNEL32.DLL:.text+0x39a0 0167:bff89dbd 33c0 xor eax,eax 0167:bff89dbf ebdf jmp bff89da0 = KERNEL32.DLL:.text+0x10da0 0167:bff89dc1 f644240c10 test byte ptr [esp+0c],10 0167:bff89dc6 7505 jnz bff89dcd = KERNEL32.DLL:.text+0x10dcd 0167:bff89dc8 e8a1deffff call bff87c6e = KERNEL32.DLL:.text+0xec6e 0167:bff89dcd ff742408 push dword ptr [esp+08] 0167:bff89dd1 ff542408 call dword ptr [esp+08] KERNEL32.DLL:.text+0x10dd5: *0167:bff89dd5 c20c00 retd 000c 0167:bff89dd8 56 push esi 0167:bff89dd9 a1e49cfcbf mov eax,dword ptr [bffc9ce4] 0167:bff89dde 8b742408 mov esi,dword ptr [esp+08] 0167:bff89de2 57 push edi 0167:bff89de3 8b38 mov edi,dword ptr [eax] 0167:bff89de5 8b4608 mov eax,dword ptr [esi+08] 0167:bff89de8 85c0 test eax,eax 0167:bff89dea 7413 jz bff89dff = KERNEL32.DLL:.text+0x10dff 0167:bff89dec 50 push eax 0167:bff89ded e8feb7feff call bff755f0 = KERNEL32.DLL:_FREQASM+0x45f0 -------------------- 00c4fffc 00000000