System snapshot taken on 6/20/01 3:00:21 PM. *----> Summary/Overview <----* SAL2.DLL attempted to use a null data pointer variable. Module Name: SAL2.DLL Version: 6.00.6483 Manufacturer: Sun Microsystems, Inc. Application Name: Setup.exe Description: Office Productivity Suite Version: 6.00.6483 Manufacturer: Sun Microsystems, Inc. -------------------- If the Taskbar is behaving strangely, try exiting IMGICON. Module Name: IMGICON.EXE Description: IMGICON Version: 6, 3, 0, 6 Product: Iomega Corp. IMGICON 6.3 Manufacturer: Iomega Corp. User's Remarks: *----> System Information <----* Microsoft Windows 98 4.10.2222 A Clean install using /T:C:\WININST0.400 /SrcDir=C:\WINDOWS\OPTIONS\CABS /IS /IW /IQ /ID /IV /IZ /II /NR /II /C /U:xxxxxxxxxxxxxxxxx IE 5 5.00.2919.6307 Uptime: 0:03:34:07 Normal mode On "WROTH1" as "wroth" Fujitsu PC Corporation GenuineIntel x86 Family 6 Model 8 Stepping 3 128MB RAM 43% system resources free Windows-managed swap file on drive C (1650MB free) Temporary files on drive c (1650MB free) *----> Task list <----* Program Type Path ------------ 1. Kernel32.dll 4.10.2222 Microsoft Corporation 2. MSGSRV32.EXE 4.10.2222 Microsoft Corporation 3. Spool32.exe 4.10.1998 Microsoft Corporation 4. Mprexe.exe 4.10.1998 Microsoft Corporation 5. Mstask.exe 4.71.1959.1 Microsoft Corporation 6. MMTASK.TSK 4.03.1998 Microsoft Corporation 7. Explorer.exe 4.72.3110.1 Microsoft Corporation 8. Taskmon.exe 4.10.1998 Microsoft Corporation 9. Systray.exe 4.10.2222 Microsoft Corporation 10. Irmon.exe 4.10.1998 Microsoft Corporation 11. Prpcui.exe 1.1.0.0 Intel Corporation 12. Dockapp.exe 1, 0, 0, 1 , 13. Btnhnd.exe 2, 2, 0, 0 FUJITSU LIMITED 14. Mgavrtcl.exe 2.5.0.1 McAfee.com 15. Seti@home.exe 3.03 University of California, Berkeley 16. Imgicon.exe 6, 3, 0, 6 Iomega Corp. 17. Mcagent.exe 1, 0, 0, 11 McAfee.com 18. Mcupdate.exe 1, 0, 0, 5 McAfee.com 19. RUNDLL.EXE 4.10.1998 Microsoft Corporation 20. Netswtray.exe 3, 2, 2, 0 J.W. Hance 21. Pmset98.exe 1, 1, 0, 1 FUJITSU LIMITED 22. Drwatson.exe 4.03 Microsoft Corporation 23. Mgavrte.exe 1, 0, 0, 42 McAfee.com 24. Wmiexe.exe 5.00.1755.1 Microsoft Corporation 25. Palm.exe 4.0.1 Palm, Inc. 26. Hotsync.exe 4.0 Palm, Inc. 27. Alarmapp.exe 4.0.1 Palm, Inc. 28. Netscape.exe 4.76.0.11 Netscape Communications Corporation 29. Ddhelp.exe 4.07.00.0700 Microsoft Corporation 30. Soffice.exe 5.20 Sun Microsystems, Inc. 31. Setup.exe 32. Setup.exe 6.00.6483 Sun Microsystems, Inc. *----> Startup Items <----* Name Loaded from Command ------------------- 1. PMSet98 Startup Group "C:\Program Files\Fujitsu\PMSet98\PMSet98.exe" /A 2. Shortcut to Drwatson.exe Startup Group C:\WINDOWS\DRWATSON.EXE 3. Taskbar Display Controls Registry (Per-User Run) RunDLL deskcp16.dll,QUICKRES_RUNDLLENTRY 4. NetSwitcher Tray Application Registry (Per-User Run) C:\PROGRA~1\NETSWI~2\NETSWT~1.EXE 5. ScanRegistry Registry (Machine Run) c:\windows\scanregw.exe /autorun 6. TaskMonitor Registry (Machine Run) c:\windows\taskmon.exe 7. SystemTray Registry (Machine Run) SysTray.Exe 8. IrMon Registry (Machine Run) IrMon.exe 9. LoadPowerProfile Registry (Machine Run) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme 10. PRPCMonitor Registry (Machine Run) PRPCUI.exe 11. BayMgr Registry (Machine Run) DockApp.exe 12. SBWatchDog.EXE Registry (Machine Run) C:\WINDOWS\SYSTEM\SBUtils\SBWatchDog.EXE /l 13. LoadBtnHnd Registry (Machine Run) C:\Program Files\Fujitsu\BtnHnd\BtnHnd.exe 14. mgavrtclexe Registry (Machine Run) c:\windows\MCBin\AV\Rt\mgavrtcl.exe 15. seticlient Registry (Machine Run) C:\Program Files\SETI@home\SETI@home.exe -min 16. CriticalUpdate Registry (Machine Run) c:\windows\SYSTEM\wucrtupd.exe -startup 17. Iomega Startup Options Registry (Machine Run) C:\Program Files\Iomega\Common\ImgStart.exe 18. Iomega Drive Icons Registry (Machine Run) C:\Program Files\Iomega\DriveIcons\ImgIcon.exe 19. MCAgentExe Registry (Machine Run) C:\program files\mcafee.com\Agent\mcagent.exe 20. MCUpdateExe Registry (Machine Run) C:\program files\mcafee.com\Agent\mcupdate.exe /embedding 21. LoadPowerProfile Registry (Machine Service) Rundll32.exe powrprof.dll,LoadCurrentPwrScheme 22. SchedulingAgent Registry (Machine Service) mstask.exe 23. mgavrtclexe Registry (Machine Service) c:\windows\MCBin\AV\Rt\mgavrte.exe *----> System Hooks <----* Hook type Hooked by Application DLL path Application path ------------------------ 1. Shell Imghook.dll IMGICON.EXE C:\PROGRAM FILES\IOMEGA\DRIVEICONS\Imghook.dll C:\PROGRAM FILES\IOMEGA\DRIVEICONS\IMGICON.EXE *----> Kernel Drivers <----* Driver Loaded from Type Likely path ------------------- 1. VMM Microsoft Corporation Virtual Machine Manager 2. MTRR Microsoft Corporation ? 3. VCACHE Microsoft Corporation Cache manager 4. DFS 4.10.2222 Microsoft Corporation DFS Virtual Device (Version 4.0) 5. PERF Microsoft Corporation System Monitor data collection driver 6. VFIXD 1.00.02 Intel Corporation Compatibility VxD 7. VPOWERD 4.10.2223 Microsoft Corporation VPOWERD Virtual Device (Version 4.0) 8. VPICD Microsoft Corporation Hardware interrupt manager 9. VrtwD 1.1.075.3 Intel Corporation Real-Time Clock VxD 10. VTD Microsoft Corporation Timer device driver 11. VWIN32 Microsoft Corporation Win32 subsystem driver 12. VXDLDR Microsoft Corporation Dynamic device driver loader 13. NTKERN Microsoft Corporation Windows Driver Model 14. CONFIGMG Microsoft Corporation Configuration manager 15. PCI 4.10.2223 Microsoft Corporation PCI Virtual Device (Version 4.0) 16. ISAPNP 4.10.1998 Microsoft Corporation ISAPNP Virtual Device (Version 4.0) 17. PCCARD 4.10.2222 Microsoft Corporation PCCARD Virtual Device (Version 4.0) 18. ACPI Microsoft Corporation ? 19. VCDFSD Microsoft Corporation CD-ROM filesystem driver 20. IOS Microsoft Corporation I/O Supervisor 21. PAGEFILE Microsoft Corporation Swapfile driver 22. PAGESWAP Microsoft Corporation Swapfile manager 23. PARITY Microsoft Corporation Memory parity driver 24. REBOOT Microsoft Corporation Ctrl+Alt+Del manager 25. EBIOS Microsoft Corporation Extended BIOS driver 26. VDD Microsoft Corporation Display driver 27. TRIDENT 4.12.01.2224 Trident Microsystems, Inc. TRIDENT Virtual Device (Version 4.0) 28. VSD Microsoft Corporation Speaker driver 29. LTVCD 5.62 LT LT Windows Modem 30. COMBUFF Microsoft Corporation Communications buffer driver 31. VCD Microsoft Corporation Communications port driver 32. SERIAL 4.10.2222 Microsoft Corporation SERIAL Virtual Device (Version 4.0) 33. IRENUM 4.10.2222 Microsoft Corporation IRENUM Virtual Device (Version 4.0) 34. FASTIR 4.10.1998 Microsoft Corporation FASTIR Virtual Device (Version 4.0) 35. VMOUSE Microsoft Corporation Mouse driver 36. MSMINI 4.10.1998 Microsoft Corporation MSMINI Virtual Device (Version 4.0) 37. VKD Microsoft Corporation Keyboard driver 38. VPD Microsoft Corporation Printer driver 39. INT13 Microsoft Corporation BIOS hard disk emulation driver 40. VMCPD Microsoft Corporation Math coprocessor driver 41. BIOSXLAT Microsoft Corporation BIOS emulation driver 42. VNETBIOS 4.10.1998 Microsoft Corporation VNETBIOS Virtual Device (Version 4.0) 43. NDIS 4.10.2222 Microsoft Corporation NDIS Virtual Device (Version 4.0) 44. PPPMAC 4.10.2222 Microsoft Corporation Windows Virtual PPP Driver 45. NDISWAN 4.10.1998 Microsoft Corporation Windows Virtual WAN Protocol Driver 46. NETBEUI 4.10.1998 Microsoft Corporation NETBEUI Virtual Device (Version 4.0) 47. VTDI 4.10.1998 Microsoft Corporation Windows TDI Support Driver 48. WSOCK2 4.10.1998 Microsoft Corporation Windows Sockets Driver 2 TCP/IP only. 49. WSOCK 4.10.1998 Microsoft Corporation Windows Sockets Driver 50. WSIRDA 4.10.1998 Microsoft Corporation Windows Sockets IrLMP/IrLAP Protocol Driver 51. VIP 4.10.2226 Microsoft Corporation Windows IP Driver 52. MSTCP 4.10.2222 Microsoft Corporation Windows TCP Driver 53. VDHCP 4.10.2161 Microsoft Corporation DHCP VxD Driver 54. VNBT 4.10.2148 Microsoft Corporation VNBT VxD Driver 55. AFVXD 4.10.2222 Microsoft Corporation Windows Sockets VTDI Driver 56. DOSMGR Microsoft Corporation MS-DOS emulation manager 57. VMPOLL Microsoft Corporation System idle-time driver 58. JAVASUP 5.00.3229 Microsoft Corporation Microsoft® Virtual Machine Helper Device for Java 59. VCOMM Microsoft Corporation Communications port Plug and Play driver 60. VCOND Microsoft Corporation Console subsystem driver 61. VTDAPI Microsoft Corporation Multimedia timer driver 62. TSIUSB 11,500,7500,0 LapLink.com, Inc. TBird Component 63. mrtRate Version 2.11 Marimba, Inc. Rate Sencing Driver 64. VFLATD Microsoft Corporation Linear aperture video driver 65. SBEMUL 66. mmdevldr 4.10.1998 Microsoft Corporation mmdevldr Virtual Device (Version 4.0) 67. BAYMGR 1.00.5 Softex Inc. BayManager Miniport Driver 68. CBSS 4.10.2222 Microsoft Corporation CBSS Virtual Device (Version 4.0) 69. Display1 70. DiskTSD 4.10.2222 Microsoft Corporation DiskTSD Virtual Device (Version 4.0) 71. DiskVSD 4.10.1998 Microsoft Corporation DiskVSD Virtual Device (Version 4.0) 72. voltrack 4.10.1998 Microsoft Corporation voltrack Virtual Device (Version 4.0) 73. YEDFD 4.33 Y-E DATA INC. YEDFD VSD 74. IOMEGA 6.7.5.0 Iomega Corporation IOMEGA Universal DASD VSD 75. MXLW9X 1.0.0.59 MusicMatch, Inc. MusicMatch Access Layer VxD 76. MXLSTACK 1.0.0.59 MusicMatch, Inc. MusicMatch Access Layer Stack VxD 77. CDR4VSD 2.5 (080) Adaptec CD-R Helper VSD for Windows 95 78. APIX 4.00.952 Microsoft Corporation APIX Virtual Device (Version 4.0) 79. CDRPWD 2.5d (296) Adaptec CD-R Packet Writing Driver 80. RMM 4.10.1998 Microsoft Corporation RMM Virtual Device (Version 4.0) 81. BIGMEM 4.10.1998 Microsoft Corporation BIGMEM Virtual Device (Version 4.0) 82. SPAP 4.10.2222 Microsoft Corporation SPAP Virtual Device (Version 4.0) 83. AOLMAC 1.63 America Online Network Adapter 84. HSFLOP 4.10.2222 Microsoft Corporation HSFLOP Virtual Device (Version 4.0) 85. SCSIPORT 4.10.2222 Microsoft Corporation SCSIPORT Virtual Device (Version 4.0) 86. SERENUM 4.10.2222 Microsoft Corporation SERENUM Virtual Device (Version 4.0) 87. LPTENUM 4.10.1998 Microsoft Corporation LPTENUM Virtual Device (Version 4.0) 88. SERWAVE 4.10.2222 Microsoft Corporation Serwave Virtual Device 89. WDMAUD 90. THOTKEY 4.12.01.2224 Trident Microsystems, Inc. Virtual Hotkey device change Driver. 91. sage 4.71.1016 Microsoft Corporation sage Virtual Device (Version 4.0) 92. vjoyd 4.07.00.0716 Microsoft Corporation Joystick Virtual Device 93. BTNHND 94. MCKRNL 95. MCUTIL 96. MCSCAN32 97. WSHTCP 4.10.1998 Microsoft Corporation Windows Sockets TCP helper Driver 98. DSOUND 4.07.00.0700 Microsoft Corporation Microsoft DirectSound 99. quartz 4.00.501 Microsoft Corporation quartz Virtual Device (Version 4.0) 100. DDRAW 4.07.00.0700 Microsoft Corporation DirectDraw Virtual Device 101. PGPMLOCK 102. DRVWCDB 3.10.36a Seagate Software, Inc. Device Driver 103. DRVWPPQT 3.10.36a Seagate Software, Inc. Device Driver 104. DRVWQ117 3.10.36a Seagate Software, Inc. Device Driver 105. VDMAD Microsoft Corporation Direct Memory Access controller driver 106. V86MMGR Microsoft Corporation MS-DOS memory manager 107. VSHINIT 108. VSHIELD 109. SPOOLER Microsoft Corporation Print spooler 110. UDF Microsoft Corporation ? 111. VFAT Microsoft Corporation FAT filesystem driver 112. VDEF Microsoft Corporation Default filesystem driver 113. CDUDF 2.5d (296) Adaptec CD-UDF File System Driver 114. CDUDFRW 2.5d (296) Adaptec CD-UDF RW File System Driver 115. UDFREADR 1.02 (107) Adaptec CD-UDF Read-Only File System Driver 116. IFSMGR Microsoft Corporation File system manager 117. VNETSUP 4.10.1998 Microsoft Corporation VNETSUP Virtual Device (Version 4.0) 118. VREDIR 4.10.2222 Microsoft Corporation VREDIR Virtual Device (Version 4.0) 119. VSERVER 4.10.2224 Microsoft Corporation VSERVER Virtual Device (Version 4.0) 120. VFBACKUP Microsoft Corporation Floppy backup helper driver 121. SHELL Microsoft Corporation Shell device driver 122. DRWATSON 4.03 Microsoft Corporation Dr. Watson for Windows 98 123. KMIXER 124. SYSAUDIO 125. redbook 126. swmidi 127. wdmaud 128. baymgr 1.00.5 Softex Inc. BayManager Miniport Driver 129. e100bnt5 3.37.20.0002 Intel Corporation NDIS 5 driver 130. smcirda 4.10.1998 Microsoft Corporation smcirda.SYS miniport 131. netpptp 4.10.2222 Microsoft Corporation Windows Point to Point Tunneling Driver 132. usbhub 133. WMILIB 134. WMIDRV 135. uhcd 136. USBD 137. sbemul 138. STAC97FJ 139. portcls 140. cmbatt 141. fuj02b1 142. hidvkd 143. ec 144. compbatt 145. BATTC 146. acpi Microsoft Corporation ? 147. swenum 148. ks 149. update 150. prpc 151. wdmfs *----> User-Mode Drivers <----* Driver Type Path ------------ 1. mmsystem.dll 4.03.1998 Microsoft Corporation 2. power.drv 4.10.1998 Microsoft Corporation 3. serwvdrv.drv 4.10.2222 Microsoft Corporation 4. msacm.drv 4.03.1998 Microsoft Corporation 5. wdmaud.drv 4.10.1998 Microsoft Corporation 6. midimap.drv 4.03.1998 Microsoft Corporation *----> MS-DOS Drivers <----* Name Type ------------ 1. HIMEM Device driver 2. DBLBUFF Device driver 3. IFSHLP Device driver 4. DOSKEY TSR program *----> 32-bit Modules <----* Name Date Address Path --------------- 1. IMGHOOK.DLL 6, 3, 1, 3 Iomega Corporation IMGHOOK 2. SYSDTRANS.DLL 6.00.6483 Sun Microsystems, Inc. 3. OLEAUT32.DLL 2.40.4277 Microsoft Corporation Microsoft OLE 2.40 for Windows NT(TM) and Windows 95(TM) Operating Systems 4. I18N632MI.DLL 6.00.6483 Sun Microsystems, Inc. 5. RDBTDP.DLL 6.00.6483 Sun Microsystems, Inc. 6. REG2.DLL 6.00.6483 Sun Microsystems, Inc. 7. STORE2.DLL 6.00.6483 Sun Microsystems, Inc. 8. IMPREG.DLL 6.00.6483 Sun Microsystems, Inc. 9. TDMGR.DLL 6.00.6483 Sun Microsystems, Inc. 10. DEFREG.DLL 6.00.6483 Sun Microsystems, Inc. 11. SIMREG.DLL 6.00.6483 Sun Microsystems, Inc. 12. CPLD.DLL 6.00.6483 Sun Microsystems, Inc. 13. SMGR.DLL 6.00.6483 Sun Microsystems, Inc. 14. SETUP.EXE 6.00.6483 Sun Microsystems, Inc. Office Productivity Suite 15. WINMM.DLL 4.03.1998 Microsoft Corporation System APIs for Multimedia 16. STS632MI.DLL 6.00.6483 Sun Microsystems, Inc. 17. SET632MI.DLL 6.00.6483 Sun Microsystems, Inc. 18. VERSION.DLL 4.10.1998 Microsoft Corporation Win32 VERSION core component 19. SALHELPER2MSC.DLL 6.00.6483 Sun Microsystems, Inc. 20. SB632MI.DLL 6.00.6483 Sun Microsystems, Inc. 21. XCR632MI.DLL 6.00.6483 Sun Microsystems, Inc. 22. SVT632MI.DLL 6.00.6483 Sun Microsystems, Inc. 23. SVL632MI.DLL 6.00.6483 Sun Microsystems, Inc. 24. TK632MI.DLL 6.00.6483 Sun Microsystems, Inc. 25. VCL632MI.DLL 6.00.6483 Sun Microsystems, Inc. 26. IMM32.DLL 4.10.1998 Microsoft Corporation Win32 IMM32 core component 27. WINSPOOL.DRV 4.10.1998 Microsoft Corporation Win32 WINSPOOL core component 28. SOT632MI.DLL 6.00.6483 Sun Microsystems, Inc. 29. UTL632MI.DLL 6.00.6483 Sun Microsystems, Inc. 30. UCBHELPER1MSC.DLL 6.00.6483 Sun Microsystems, Inc. 31. COMPHELP2.DLL 6.00.6483 Sun Microsystems, Inc. 32. CPPUHELPER2MSC.DLL 6.00.6483 Sun Microsystems, Inc. 33. CPPU2.DLL 6.00.6483 Sun Microsystems, Inc. 34. TL632MI.DLL 6.00.6483 Sun Microsystems, Inc. 35. VOS2MSC.DLL 6.00.6483 Sun Microsystems, Inc. 36. SAL2.DLL 6.00.6483 Sun Microsystems, Inc. 37. W9XUCWRP2.DLL 6.00.6483 Sun Microsystems, Inc. 38. COMDLG32.DLL 4.72.3510.2300 Microsoft Corporation Common Dialogs DLL 39. SHELL32.DLL 4.72.3612.1700 Microsoft Corporation Windows Shell Common Dll 40. COMCTL32.DLL 5.81 Microsoft Corporation Common Controls Library 41. OLE32.DLL 4.71.3328 Microsoft Corporation Microsoft OLE for Windows and Windows NT 42. MPR.DLL 4.10.1998 Microsoft Corporation WIN32 Network Interface DLL 43. WSOCK32.DLL 4.10.1998 Microsoft Corporation BSD Socket API for Windows 44. MSWSOCK.DLL 4.10.2222 Microsoft Corporation Microsoft WinSock Extension APIs 45. WS2_32.DLL 4.10.2222 Microsoft Corporation Windows Socket 2.0 32-Bit DLL 46. WININET.DLL 5.00.3017.1200 Microsoft Corporation Internet Extensions for Win32 47. SHLWAPI.DLL 5.00.2919.6304 Microsoft Corporation Shell Light-weight Utility Library 48. WS2HELP.DLL 4.10.1998 Microsoft Corporation Windows Socket 2.0 Helper for Windows 98 49. USER32.DLL 4.10.2222 Microsoft Corporation Win32 USER32 core component 50. GDI32.DLL 4.10.1998 Microsoft Corporation Win32 GDI core component 51. MSVCRT.DLL 6.00.8397.0 Microsoft Corporation Microsoft (R) C Runtime Library 52. ADVAPI32.DLL 4.80.1675 Microsoft Corporation Win32 ADVAPI32 core component 53. KERNEL32.DLL 4.10.2222 Microsoft Corporation Win32 Kernel core component *----> 16-bit Modules <----* Name Type Path ------------ 1. KERNEL 4.10.1998 Microsoft Corporation 2. SYSTEM 4.10.1998 Microsoft Corporation 3. KEYBOARD 4.10.2222 Microsoft Corporation 4. MOUSE 9.01.0.000 Microsoft Corporation 5. DISPLAY 4.12.01.2224 Trident Microsystems, Inc. 6. DIBENG 4.10.1998 Microsoft Corporation 7. WIN87EM 8. M97BIOS 4.12.01.2224 Trident Microsystems, Inc. 9. EMBED95 4.12.01.2224 Trident Microsystems, Inc. 10. SOUND 4.10.1998 Microsoft Corporation 11. COMM 4.10.1998 Microsoft Corporation 12. GDI 4.10.2222 Microsoft Corporation 13. USER 4.10.2223 Microsoft Corporation 14. DDEML 4.10.1998 Microsoft Corporation 15. MSPLUS 4.40.500 Microsoft Corporation 16. MSGSRV32 4.10.2222 Microsoft Corporation 17. MMSYSTEM 4.03.1998 Microsoft Corporation 18. POWER 4.10.1998 Microsoft Corporation 19. LZEXPAND 4.00.429 Microsoft Corporation 20. VER 4.10.1998 Microsoft Corporation 21. SHELL 4.10.1998 Microsoft Corporation 22. COMMCTRL 4.10.1998 Microsoft Corporation 23. SYSTHUNK 4.10.1998 Microsoft Corporation 24. OLECLI 1.20.000 Microsoft Corporation 25. OLESVR 1.10.000 Microsoft Corporation 26. TRID_KEY 27. SERWVDRV 4.10.2222 Microsoft Corporation 28. VMODCTL 4.10.2222 Microsoft Corporation 29. UMDM16 4.10.1998 Microsoft Corporation 30. UMDMXFRM 4.10.2222 Microsoft Corporation 31. MSACMMAP 4.03.1998 Microsoft Corporation 32. MSACM 4.03.1998 Microsoft Corporation 33. MMTASK 4.03.1998 Microsoft Corporation 34. WDMAUDDRV 4.10.1998 Microsoft Corporation 35. MIDIMAP 4.03.1998 Microsoft Corporation 36. COMMDLG 4.00.950 Microsoft Corporation 37. RUNDLL 4.10.1998 Microsoft Corporation 38. DESKCP16 4.10.2222 Microsoft Corporation 39. TOOLHELP 4.10.1998 Microsoft Corporation 40. RWABS16 41. PIFMGR 4.10.2222 Microsoft Corporation 42. PSCRIPT 4.10.2222 Microsoft Corporation 43. DDRAW16 4.07.00.0700 Microsoft Corporation *----> Details <----* Command line: c:\windows\TEMP\sv1.tmp\setup.exe Trap 0e 0000 - Invalid page fault eax=ffffffff ebx=00000000 ecx=00000000 edx=00000000 esi=009ff524 edi=00000000 eip=004cb37b esp=009ff434 ebp=009ff434 -- -- -- nv up EI pl nz AC po nc cs=0167 ss=016f ds=016f es=016f fs=46b7 gs=0000 SAL2.DLL:.text+0xa37b: >0167:004cb37b f0 ?db f0 sel type base lim/bot ---- ---- -------- -------- cs 0167 r-x- 00000000 ffffffff ss 016f rw-e 00000000 0000b7a0 ds 016f rw-e 00000000 0000b7a0 es 016f rw-e 00000000 0000b7a0 fs 46b7 rw-- 817708d4 00000037 gs 0000 ---- stack base: 00900000 TIB limits: 009fb000 - 00a00000 -- exception record -- Exception Code: c0000005 (access violation) Exception Address: 004cb37b (SAL2.DLL:.text+0xa37b) Exception Info: 00000000 ffffffff SAL2.DLL:.text+0xa37b: >0167:004cb37b f0 ?db f0 0167:004cb36a 90 nop 0167:004cb36b 90 nop 0167:004cb36c 90 nop 0167:004cb36d 90 nop 0167:004cb36e 90 nop 0167:004cb36f 90 nop 0167:004cb370 55 push ebp 0167:004cb371 8bec mov ebp,esp 0167:004cb373 8b4d08 mov ecx,dword ptr [ebp+08] 0167:004cb376 b8ffffffff mov eax,ffffffff SAL2.DLL:.text+0xa37b: *0167:004cb37b f0 ?db f0 0167:004cb37c 0fc101 xadd dword ptr [ecx],eax 0167:004cb37f 48 dec eax 0167:004cb380 5d pop ebp 0167:004cb381 c3 retd 0167:004cb382 90 nop 0167:004cb383 90 nop 0167:004cb384 90 nop 0167:004cb385 90 nop 0167:004cb386 90 nop 0167:004cb387 90 nop -------------------- -- stack summary -- 016f:009ff434 0167:004cb37b SAL2.DLL:.text+0xa37b (00000000,00b64650,009ff524,00000000, 00b64650,009ff524,005f7734,00000000) 016f:009ff54c 0167:005f1f10 CPPU2.DLL:.text+0xf10 (008448b4,009ff4f0,c6780001,39210000, 009ff69c,1c6fc2e1,00000001,1c6ac06c) 016f:00b64650 0167:46b70002 0167:46b70002 (00000011,00b65cf0,00000000,00000000, 00000000,4f440000,00000000,00000000) -- stack trace -- 016f:009ff434 0167:004cb37b SAL2.DLL:.text+0xa37b (00000000,00b64650,009ff524,00000000, 00b64650,009ff524,005f7734,00000000) 0167:004cb36a 90 nop 0167:004cb36b 90 nop 0167:004cb36c 90 nop 0167:004cb36d 90 nop 0167:004cb36e 90 nop 0167:004cb36f 90 nop 0167:004cb370 55 push ebp 0167:004cb371 8bec mov ebp,esp 0167:004cb373 8b4d08 mov ecx,dword ptr [ebp+08] 0167:004cb376 b8ffffffff mov eax,ffffffff SAL2.DLL:.text+0xa37b: *0167:004cb37b f0 ?db f0 0167:004cb37c 0fc101 xadd dword ptr [ecx],eax 0167:004cb37f 48 dec eax 0167:004cb380 5d pop ebp 0167:004cb381 c3 retd 0167:004cb382 90 nop 0167:004cb383 90 nop 0167:004cb384 90 nop 0167:004cb385 90 nop 0167:004cb386 90 nop 0167:004cb387 90 nop -------------------- 016f:009ff54c 0167:005f1f10 CPPU2.DLL:.text+0xf10 (008448b4,009ff4f0,c6780001,39210000, 009ff69c,1c6fc2e1,00000001,1c6ac06c) 0167:005f1efd 90 nop 0167:005f1efe 90 nop 0167:005f1eff 90 nop 0167:005f1f00 83ec08 sub esp,+08 0167:005f1f03 53 push ebx 0167:005f1f04 56 push esi 0167:005f1f05 57 push edi 0167:005f1f06 8b7c2418 mov edi,dword ptr [esp+18] 0167:005f1f0a 57 push edi 0167:005f1f0b e8c6400200 call 00615fd6 = SAL2.DLL!osl_decrementInterlockedCount CPPU2.DLL:.text+0xf10: *0167:005f1f10 83c404 add esp,+04 0167:005f1f13 85c0 test eax,eax 0167:005f1f15 0f8577010000 jnz 005f2092 = CPPU2.DLL:.text+0x1092 0167:005f1f1b 8b4708 mov eax,dword ptr [edi+08] 0167:005f1f1e 83f819 cmp eax,+19 0167:005f1f21 7409 jz 005f1f2c = CPPU2.DLL:.text+0xf2c 0167:005f1f23 83f81a cmp eax,+1a 0167:005f1f26 0f858c000000 jnz 005f1fb8 = CPPU2.DLL:.text+0xfb8 0167:005f1f2c 8b4728 mov eax,dword ptr [edi+28] 0167:005f1f2f 85c0 test eax,eax 0167:005f1f31 0f8443010000 jz 005f207a = CPPU2.DLL:.text+0x107a -------------------- 016f:00b64650 0167:46b70002 0167:46b70002 (00000011,00b65cf0,00000000,00000000, 00000000,4f440000,00000000,00000000) -- stack dump -- 009ff434 009ff54c -> 50 46 b6 00 02 00 b7 46 b4 48 84 00 f0 f4 9f 00 PF.....F.H...... 009ff438 005f1f10 = CPPU2.DLL:.text+0xf10 -------------------- 0167:005f1efd 90 nop 0167:005f1efe 90 nop 0167:005f1eff 90 nop 0167:005f1f00 83ec08 sub esp,+08 0167:005f1f03 53 push ebx 0167:005f1f04 56 push esi 0167:005f1f05 57 push edi 0167:005f1f06 8b7c2418 mov edi,dword ptr [esp+18] 0167:005f1f0a 57 push edi 0167:005f1f0b e8c6400200 call 00615fd6 = SAL2.DLL!osl_decrementInterlockedCount CPPU2.DLL:.text+0xf10: *0167:005f1f10 83c404 add esp,+04 0167:005f1f13 85c0 test eax,eax 0167:005f1f15 0f8577010000 jnz 005f2092 = CPPU2.DLL:.text+0x1092 0167:005f1f1b 8b4708 mov eax,dword ptr [edi+08] 0167:005f1f1e 83f819 cmp eax,+19 0167:005f1f21 7409 jz 005f1f2c = CPPU2.DLL:.text+0xf2c 0167:005f1f23 83f81a cmp eax,+1a 0167:005f1f26 0f858c000000 jnz 005f1fb8 = CPPU2.DLL:.text+0xfb8 0167:005f1f2c 8b4728 mov eax,dword ptr [edi+28] 0167:005f1f2f 85c0 test eax,eax 0167:005f1f31 0f8443010000 jz 005f207a = CPPU2.DLL:.text+0x107a -------------------- 009ff43c 00000000 009ff440 00b64650 -> 02 00 00 00 00 00 00 00 11 00 00 00 f0 5c b6 00 .............\.. 009ff444 009ff524 -> 00 00 00 00 00 00 f7 bf 01 00 00 00 01 02 00 00 ................ 009ff448 00000000 009ff44c 00b64650 -> 02 00 00 00 00 00 00 00 11 00 00 00 f0 5c b6 00 .............\.. 009ff450 009ff524 -> 00 00 00 00 00 00 f7 bf 01 00 00 00 01 02 00 00 ................ 009ff454 005f7734 = CPPU2.DLL:.text+0x6734 -------------------- 0167:005f7717 8b4710 mov eax,dword ptr [edi+10] 0167:005f771a 395828 cmp dword ptr [eax+28],ebx 0167:005f771d 751a jnz 005f7739 = CPPU2.DLL:.text+0x6739 0167:005f771f 8d542418 lea edx,[esp+18] 0167:005f7723 57 push edi 0167:005f7724 52 push edx 0167:005f7725 e8a6c1ffff call 005f38d0 = CPPU2.DLL!typelib_typedescriptionreference_getDescription 0167:005f772a 8b442420 mov eax,dword ptr [esp+20] 0167:005f772e 50 push eax 0167:005f772f e8cca7ffff call 005f1f00 = CPPU2.DLL!typelib_typedescription_release CPPU2.DLL:.text+0x6734: *0167:005f7734 83c40c add esp,+0c 0167:005f7737 eb14 jmp 005f774d = CPPU2.DLL:.text+0x674d 0167:005f7739 89442418 mov dword ptr [esp+18],eax 0167:005f773d eb0e jmp 005f774d = CPPU2.DLL:.text+0x674d 0167:005f773f 8d4c2418 lea ecx,[esp+18] 0167:005f7743 57 push edi 0167:005f7744 51 push ecx 0167:005f7745 e886c1ffff call 005f38d0 = CPPU2.DLL!typelib_typedescriptionreference_getDescription 0167:005f774a 83c408 add esp,+08 0167:005f774d 8b542418 mov edx,dword ptr [esp+18] 0167:005f7751 8b4220 mov eax,dword ptr [edx+20] -------------------- 009ff458 00000000 009ff45c 009ff47c -> 00 00 00 00 50 46 b6 00 00 00 00 00 d0 26 60 1c ....PF.......&`. 009ff460 00b64650 -> 02 00 00 00 00 00 00 00 11 00 00 00 f0 5c b6 00 .............\.. 009ff464 008448b4 -> 90 23 70 1c b4 05 83 00 44 ac 7d 00 18 29 7d 00 .#p.....D.}..)}. 009ff468 009ff54c -> 50 46 b6 00 02 00 b7 46 b4 48 84 00 f0 f4 9f 00 PF.....F.H...... 009ff46c 00b647f0 -> 28 db 6f 1c 02 00 00 00 00 00 00 00 10 db 6f 1c (.o...........o. 009ff470 00000000 009ff474 005f8c51 = CPPU2.DLL:.text+0x7c51 -------------------- 0167:005f8c38 8b4c2410 mov ecx,dword ptr [esp+10] 0167:005f8c3c 8b542408 mov edx,dword ptr [esp+08] 0167:005f8c40 6a00 push +00 0167:005f8c42 51 push ecx 0167:005f8c43 6a00 push +00 0167:005f8c45 50 push eax 0167:005f8c46 8b442414 mov eax,dword ptr [esp+14] 0167:005f8c4a 52 push edx 0167:005f8c4b 50 push eax 0167:005f8c4c e80fe9ffff call 005f7560 = CPPU2.DLL:.text+0x6560 CPPU2.DLL:.text+0x7c51: *0167:005f8c51 83c418 add esp,+18 0167:005f8c54 c3 retd 0167:005f8c55 e836e8ffff call 005f7490 = CPPU2.DLL:.text+0x6490 0167:005f8c5a 8b4c2404 mov ecx,dword ptr [esp+04] 0167:005f8c5e 8901 mov dword ptr [ecx],eax 0167:005f8c60 c7410400000000 mov dword ptr [ecx+04],00000000 0167:005f8c67 c3 retd 0167:005f8c68 90 nop 0167:005f8c69 90 nop 0167:005f8c6a 90 nop 0167:005f8c6b 90 nop -------------------- 009ff478 009ff54c -> 50 46 b6 00 02 00 b7 46 b4 48 84 00 f0 f4 9f 00 PF.....F.H...... 009ff47c 00000000 009ff480 00b64650 -> 02 00 00 00 00 00 00 00 11 00 00 00 f0 5c b6 00 .............\.. 009ff484 00000000 009ff488 1c6026d0 = VCL632MI.DLL!cpp_acquire -> 8b 44 24 04 50 8b 08 ff 51 04 59 c3 90 90 90 90 .D$.P...Q.Y..... 009ff48c 00000000 009ff490 1c6ad2e8 = VCL632MI.DLL:.text+0xac2e8 -------------------- 0167:1c6ad2ca 83c40c add esp,+0c 0167:1c6ad2cd a1905b711c mov eax,dword ptr [1c715b90] 0167:1c6ad2d2 8b4c2408 mov ecx,dword ptr [esp+08] 0167:1c6ad2d6 56 push esi 0167:1c6ad2d7 8b742408 mov esi,dword ptr [esp+08] 0167:1c6ad2db 68d026601c push 1c6026d0 0167:1c6ad2e0 50 push eax 0167:1c6ad2e1 51 push ecx 0167:1c6ad2e2 56 push esi 0167:1c6ad2e3 e88e700400 call 1c6f4376 = CPPU2.DLL!uno_type_any_construct VCL632MI.DLL:.text+0xac2e8: *0167:1c6ad2e8 83c410 add esp,+10 0167:1c6ad2eb 8bc6 mov eax,esi 0167:1c6ad2ed 5e pop esi 0167:1c6ad2ee c3 retd 0167:1c6ad2ef 90 nop 0167:1c6ad2f0 8a0da05e711c mov cl,byte ptr [1c715ea0] 0167:1c6ad2f6 b001 mov al,01 0167:1c6ad2f8 84c8 test al,cl 0167:1c6ad2fa 7514 jnz 1c6ad310 = VCL632MI.DLL:.text+0xac310 0167:1c6ad2fc 0ac8 or cl,al 0167:1c6ad2fe 6a04 push +04 -------------------- 009ff494 009ff54c -> 50 46 b6 00 02 00 b7 46 b4 48 84 00 f0 f4 9f 00 PF.....F.H...... 009ff498 009ff524 -> 00 00 00 00 00 00 f7 bf 01 00 00 00 01 02 00 00 ................ 009ff49c 00b64650 -> 02 00 00 00 00 00 00 00 11 00 00 00 f0 5c b6 00 .............\.. 009ff4a0 1c6026d0 = VCL632MI.DLL!cpp_acquire -> 8b 44 24 04 50 8b 08 ff 51 04 59 c3 90 90 90 90 .D$.P...Q.Y..... 009ff4a4 008448b4 -> 90 23 70 1c b4 05 83 00 44 ac 7d 00 18 29 7d 00 .#p.....D.}..)}. 009ff4a8 1c6aae56 = VCL632MI.DLL:.text+0xa9e56 -------------------- 0167:1c6aae39 85c0 test eax,eax 0167:1c6aae3b 7405 jz 1c6aae42 = VCL632MI.DLL:.text+0xa9e42 0167:1c6aae3d 8d68ec lea ebp,[eax-14] 0167:1c6aae40 eb02 jmp 1c6aae44 = VCL632MI.DLL:.text+0xa9e44 0167:1c6aae42 33ed xor ebp,ebp 0167:1c6aae44 8d442470 lea eax,[esp+70] 0167:1c6aae48 8d8c2498000000 lea ecx,[esp+00000098] 0167:1c6aae4f 50 push eax 0167:1c6aae50 51 push ecx 0167:1c6aae51 e85a240000 call 1c6ad2b0 = VCL632MI.DLL!3930 VCL632MI.DLL:.text+0xa9e56: *0167:1c6aae56 83c408 add esp,+08 0167:1c6aae59 8bd8 mov ebx,eax 0167:1c6aae5b 8b17 mov edx,dword ptr [edi] 0167:1c6aae5d 8d44244c lea eax,[esp+4c] 0167:1c6aae61 50 push eax 0167:1c6aae62 8bcf mov ecx,edi 0167:1c6aae64 c68424bc00000002 mov byte ptr [esp+000000bc],02 0167:1c6aae6c ff5278 call dword ptr [edx+78] 0167:1c6aae6f 8b8c2494000000 mov ecx,dword ptr [esp+00000094] 0167:1c6aae76 8b542468 mov edx,dword ptr [esp+68] 0167:1c6aae7a 53 push ebx -------------------- 009ff4ac 009ff54c -> 50 46 b6 00 02 00 b7 46 b4 48 84 00 f0 f4 9f 00 PF.....F.H...... 009ff4b0 009ff524 -> 00 00 00 00 00 00 f7 bf 01 00 00 00 01 02 00 00 ................ 009ff4b4 008316a4 -> 9c 0a 00 00 56 14 00 00 00 00 00 00 b4 05 83 00 ....V........... 009ff4b8 009ff5e0 -> 94 db c3 00 01 02 00 00 88 00 00 00 00 00 01 00 ................ 009ff4bc 00000088 009ff4c0 00000200 009ff4c4 1c6aab5f = VCL632MI.DLL:.text+0xa9b5f -------------------- 0167:1c6aab38 00668b add byte ptr [esi-75],ah 0167:1c6aab3b 5c pop esp 0167:1c6aab3c 2414 and al,14 0167:1c6aab3e 663b9a98000000 cmp bx,word ptr [edx+00000098] 0167:1c6aab45 0f8547010000 jnz 1c6aac92 = VCL632MI.DLL:.text+0xa9c92 0167:1c6aab4b 8a158d5b711c mov dl,byte ptr [1c715b8d] 0167:1c6aab51 84d2 test dl,dl 0167:1c6aab53 0f8539010000 jnz 1c6aac92 = VCL632MI.DLL:.text+0xa9c92 0167:1c6aab59 56 push esi 0167:1c6aab5a e8810d0000 call 1c6ab8e0 = VCL632MI.DLL:.text+0xaa8e0 VCL632MI.DLL:.text+0xa9b5f: *0167:1c6aab5f 83c404 add esp,+04 0167:1c6aab62 33c0 xor eax,eax 0167:1c6aab64 e9160b0000 jmp 1c6ab67f = VCL632MI.DLL:.text+0xaa67f 0167:1c6aab69 8d4c241c lea ecx,[esp+1c] 0167:1c6aab6d 51 push ecx 0167:1c6aab6e 8bcf mov ecx,edi 0167:1c6aab70 e82b5affff call 1c6a05a0 = VCL632MI.DLL:.text+0x9f5a0 0167:1c6aab75 8bf0 mov esi,eax 0167:1c6aab77 85f6 test esi,esi 0167:1c6aab79 7507 jnz 1c6aab82 = VCL632MI.DLL:.text+0xa9b82 0167:1c6aab7b 33c0 xor eax,eax -------------------- 009ff4c8 00000000 009ff4cc 1c715bf8 = VCL632MI.DLL:.data+0x4bf8 -> 18 0f 7d 00 84 11 7d 00 d8 3a 11 01 34 12 7d 00 ..}...}..:..4.}. 009ff4d0 00000201 009ff4d4 00000088 009ff4d8 007d0001 -> 10 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 30 ....... .......0 009ff4dc 00b64804 -> e4 da 6f 1c c0 da 6f 1c 1c 48 b6 00 e8 cd 7e 00 ..o...o..H...... 009ff4e0 00000001 009ff4e4 1c715bf8 = VCL632MI.DLL:.data+0x4bf8 -> 18 0f 7d 00 84 11 7d 00 d8 3a 11 01 34 12 7d 00 ..}...}..:..4.}. 009ff4e8 000001ff 009ff4ec 00000082 009ff4f0 00000009 009ff4f4 00000054 009ff4f8 00010003 009ff4fc 00200001 009ff500 00000001 009ff504 02010001 009ff508 00000000 009ff50c c3bb0002 -> 79 00 02 00 00 00 04 00 08 00 ff ff 00 00 b8 00 y............... 009ff510 00060000 009ff514 168f2d00 009ff518 00000000 009ff51c 00000009 009ff520 009ff528 -> 00 00 f7 bf 01 00 00 00 01 02 00 00 88 00 00 00 ................ 009ff524 00000000 009ff528 bff70000 = KERNEL32.DLL+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 009ff52c 00000001 009ff530 00000201 009ff534 00000088 009ff538 00000001 009ff53c 0002c600 009ff540 00000009 009ff544 00000054 ... 009ff54c 00b64650 -> 02 00 00 00 00 00 00 00 11 00 00 00 f0 5c b6 00 .............\.. 009ff550 46b70002 009ff554 008448b4 -> 90 23 70 1c b4 05 83 00 44 ac 7d 00 18 29 7d 00 .#p.....D.}..)}. 009ff558 009ff4f0 -> 09 00 00 00 54 00 00 00 03 00 01 00 01 00 20 00 ....T......... . 009ff55c c6780001 009ff560 39210000 009ff564 009ff69c -> 90 fd 9f 00 6d 18 f7 bf 1f 54 b2 86 00 00 00 00 ....m....T...... 009ff568 1c6fc2e1 = VCL632MI.DLL:.text+0xfb2e1 -------------------- 0167:1c6fc2be e97df7faff jmp 1c6aba40 = VCL632MI.DLL!3916 0167:1c6fc2c3 8d4ddc lea ecx,[ebp-24] 0167:1c6fc2c6 e95568f0ff jmp 1c602b20 = VCL632MI.DLL!466 0167:1c6fc2cb 8d4d90 lea ecx,[ebp-70] 0167:1c6fc2ce e90dcdfaff jmp 1c6a8fe0 = VCL632MI.DLL!3622 0167:1c6fc2d3 8b8570ffffff mov eax,dword ptr [ebp-00000090] 0167:1c6fc2d9 50 push eax 0167:1c6fc2da e89777ffff call 1c6f3a76 = TL632MI.DLL!21 0167:1c6fc2df 59 pop ecx 0167:1c6fc2e0 c3 retd VCL632MI.DLL:.text+0xfb2e1: *0167:1c6fc2e1 b89070701c mov eax,1c707090 0167:1c6fc2e6 e97bcdffff jmp 1c6f9066 = MSVCRT.DLL!__CxxFrameHandler 0167:1c6fc2eb cc int 3 0167:1c6fc2ec cc int 3 0167:1c6fc2ed cc int 3 0167:1c6fc2ee cc int 3 0167:1c6fc2ef cc int 3 0167:1c6fc2f0 8b4504 mov eax,dword ptr [ebp+04] 0167:1c6fc2f3 50 push eax 0167:1c6fc2f4 e87d77ffff call 1c6f3a76 = TL632MI.DLL!21 0167:1c6fc2f9 59 pop ecx -------------------- 009ff56c 00000001 009ff570 1c6ac06c = VCL632MI.DLL:.text+0xab06c -------------------- 0167:1c6ac057 51 push ecx 0167:1c6ac058 8b4e04 mov ecx,dword ptr [esi+04] 0167:1c6ac05b 52 push edx 0167:1c6ac05c 8b54242c mov edx,dword ptr [esp+2c] 0167:1c6ac060 50 push eax 0167:1c6ac061 51 push ecx 0167:1c6ac062 6a00 push +00 0167:1c6ac064 6a03 push +03 0167:1c6ac066 52 push edx 0167:1c6ac067 e854e8ffff call 1c6aa8c0 = VCL632MI.DLL:.text+0xa98c0 VCL632MI.DLL:.text+0xab06c: *0167:1c6ac06c 83c424 add esp,+24 0167:1c6ac06f 8bf0 mov esi,eax 0167:1c6ac071 5f pop edi 0167:1c6ac072 5e pop esi 0167:1c6ac073 83c410 add esp,+10 0167:1c6ac076 c3 retd 0167:1c6ac077 8b742428 mov esi,dword ptr [esp+28] 0167:1c6ac07b 56 push esi 0167:1c6ac07c e8af0d0000 call 1c6ace30 = VCL632MI.DLL:.text+0xabe30 0167:1c6ac081 8b0e mov ecx,dword ptr [esi] 0167:1c6ac083 8b5608 mov edx,dword ptr [esi+08] -------------------- 009ff574 007df778 -> e0 8c 48 00 00 00 00 00 00 00 00 00 00 00 00 00 ..H............. 009ff578 00000003 009ff57c 00000000 009ff580 00000201 009ff584 00000088 009ff588 00c3db94 = SMGR.DLL+0xdb94 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 009ff58c 00000001 009ff590 00000002 009ff594 009ff5e0 -> 94 db c3 00 01 02 00 00 88 00 00 00 00 00 01 00 ................ 009ff598 008316a4 -> 9c 0a 00 00 56 14 00 00 00 00 00 00 b4 05 83 00 ....V........... 009ff59c 00000001 009ff5a0 bff55625 = USER32.DLL:.text+0x4625 -------------------- 0167:bff55600 83c058 add eax,+58 0167:bff55603 03442408 add eax,dword ptr [esp+08] 0167:bff55607 0fb708 movzx ecx,word ptr [eax] 0167:bff5560a c1c110 rol ecx,10 0167:bff5560d f744241002000000 test dword ptr [esp+10],00000002 0167:bff55615 7404 jz bff5561b = USER32.DLL:.text+0x461b 0167:bff55617 668b4802 mov cx,word ptr [eax+02] 0167:bff5561b c1c910 ror ecx,10 0167:bff5561e 8bc1 mov eax,ecx 0167:bff55620 e837f8ffff call bff54e5c = USER32.DLL:.text+0x3e5c USER32.DLL:.text+0x4625: *0167:bff55625 c21000 retd 0010 0167:bff55628 e82ff8ffff call bff54e5c = USER32.DLL:.text+0x3e5c 0167:bff5562d e943bcffff jmp bff51275 = USER32.DLL:.text+0x275 0167:bff55632 83ec04 sub esp,+04 0167:bff55635 8bd4 mov edx,esp 0167:bff55637 b904000000 mov ecx,00000004 0167:bff5563c 8b4204 mov eax,dword ptr [edx+04] 0167:bff5563f 8902 mov dword ptr [edx],eax 0167:bff55641 83c204 add edx,+04 0167:bff55644 e2f6 loop bff5563c = USER32.DLL:.text+0x463c 0167:bff55646 b805000000 mov eax,00000005 -------------------- 009ff5a4 1c6eb28a = VCL632MI.DLL:.text+0xea28a -------------------- 0167:1c6eb26d 8b4c2404 mov ecx,dword ptr [esp+04] 0167:1c6eb271 50 push eax 0167:1c6eb272 51 push ecx 0167:1c6eb273 ff15d4d36f1c call dword ptr [1c6fd3d4] -> USER32.DLL!CalcChildScroll 0167:1c6eb279 c3 retd 0167:1c6eb27a 8b542408 mov edx,dword ptr [esp+08] 0167:1c6eb27e 8b442404 mov eax,dword ptr [esp+04] 0167:1c6eb282 52 push edx 0167:1c6eb283 50 push eax 0167:1c6eb284 ff1584d26f1c call dword ptr [1c6fd284] -> USER32.DLL!GetWindowLongA VCL632MI.DLL:.text+0xea28a: *0167:1c6eb28a c3 retd 0167:1c6eb28b 90 nop 0167:1c6eb28c 90 nop 0167:1c6eb28d 90 nop 0167:1c6eb28e 90 nop 0167:1c6eb28f 90 nop 0167:1c6eb290 a11c55711c mov eax,dword ptr [1c71551c] 0167:1c6eb295 85c0 test eax,eax 0167:1c6eb297 741b jz 1c6eb2b4 = VCL632MI.DLL:.text+0xea2b4 0167:1c6eb299 8b442410 mov eax,dword ptr [esp+10] 0167:1c6eb29d 8b4c240c mov ecx,dword ptr [esp+0c] -------------------- 009ff5a8 00000a9c 009ff5ac bff524eb = USER32.DLL!GetKeyState -> b1 85 eb 26 b1 84 eb 22 b1 76 eb 1e b1 68 eb 1a ...&...".v...h.. 009ff5b0 1c630896 = VCL632MI.DLL:.text+0x2f896 -------------------- 0167:1c63087d 52 push edx 0167:1c63087e ff15b0d26f1c call dword ptr [1c6fd2b0] -> USER32.DLL!UpdateWindow 0167:1c630884 8b7c2410 mov edi,dword ptr [esp+10] 0167:1c630888 8d44241c lea eax,[esp+1c] 0167:1c63088c 50 push eax 0167:1c63088d 56 push esi 0167:1c63088e 8b4f18 mov ecx,dword ptr [edi+18] 0167:1c630891 57 push edi 0167:1c630892 51 push ecx 0167:1c630893 ff571c call dword ptr [edi+1c] VCL632MI.DLL:.text+0x2f896: *0167:1c630896 83c410 add esp,+10 0167:1c630899 81fb00020000 cmp ebx,00000200 0167:1c63089f 8bf0 mov esi,eax 0167:1c6308a1 7516 jnz 1c6308b9 = VCL632MI.DLL:.text+0x2f8b9 0167:1c6308a3 8b5704 mov edx,dword ptr [edi+04] 0167:1c6308a6 52 push edx 0167:1c6308a7 ff1510d36f1c call dword ptr [1c6fd310] -> USER32.DLL!SetCursor 0167:1c6308ad 8bc6 mov eax,esi 0167:1c6308af 5f pop edi 0167:1c6308b0 5e pop esi 0167:1c6308b1 5d pop ebp -------------------- 009ff5b4 007df778 -> e0 8c 48 00 00 00 00 00 00 00 00 00 00 00 00 00 ..H............. 009ff5b8 008316a4 -> 9c 0a 00 00 56 14 00 00 00 00 00 00 b4 05 83 00 ....V........... 009ff5bc 00000001 009ff5c0 009ff5e0 -> 94 db c3 00 01 02 00 00 88 00 00 00 00 00 01 00 ................ 009ff5c4 009ff660 -> 01 00 00 00 3b 36 f7 bf 9c 0a 00 00 00 02 00 00 ....;6.......... 009ff5c8 00000a9c 009ff5cc 00000200 009ff5d0 00000001 009ff5d4 008316a4 -> 9c 0a 00 00 56 14 00 00 00 00 00 00 b4 05 83 00 ....V........... 009ff5d8 0059d6c0 = SAL2.DLL:.data+0x36c0 -> 04 00 00 00 e4 fe 7a 81 00 00 00 00 00 00 00 00 ......z......... 009ff5dc 00b24a64 -> 80 33 70 1c 30 4a b2 00 84 11 7d 00 00 00 00 00 .3p.0J....}..... 009ff5e0 00c3db94 = SMGR.DLL+0xdb94 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 009ff5e4 00000201 009ff5e8 00000088 009ff5ec 00010000 009ff5f0 1c6db4eb = VCL632MI.DLL:.text+0xda4eb -------------------- 0167:1c6db4cf 90 nop 0167:1c6db4d0 56 push esi 0167:1c6db4d1 8b742408 mov esi,dword ptr [esp+08] 0167:1c6db4d5 56 push esi 0167:1c6db4d6 e8d98c0100 call 1c6f41b4 = VOS2MSC.DLL!629 0167:1c6db4db 83c404 add esp,+04 0167:1c6db4de 84c0 test al,al 0167:1c6db4e0 7410 jz 1c6db4f2 = VCL632MI.DLL:.text+0xda4f2 0167:1c6db4e2 ff460c inc dword ptr [esi+0c] 0167:1c6db4e5 ff1580d16f1c call dword ptr [1c6fd180] -> KERNEL32.DLL!GetCurrentThreadId VCL632MI.DLL:.text+0xda4eb: *0167:1c6db4eb 894610 mov dword ptr [esi+10],eax 0167:1c6db4ee b001 mov al,01 0167:1c6db4f0 5e pop esi 0167:1c6db4f1 c3 retd 0167:1c6db4f2 32c0 xor al,al 0167:1c6db4f4 5e pop esi 0167:1c6db4f5 c3 retd 0167:1c6db4f6 90 nop 0167:1c6db4f7 90 nop 0167:1c6db4f8 90 nop 0167:1c6db4f9 90 nop -------------------- 009ff5f4 007d1184 -> 00 00 10 01 b4 06 00 00 18 12 7d 00 e0 7c 65 1c ..........}..|e. 009ff5f8 1c6db55c = VCL632MI.DLL:.text+0xda55c -------------------- 0167:1c6db536 ff1580d16f1c call dword ptr [1c6fd180] -> KERNEL32.DLL!GetCurrentThreadId 0167:1c6db53c 8b15384d711c mov edx,dword ptr [1c714d38] -> VCL632MI.DLL:.data+0x4bf8 0167:1c6db542 8b0a mov ecx,dword ptr [edx] 0167:1c6db544 3981b0000000 cmp dword ptr [ecx+000000b0],eax 0167:1c6db54a 0f859a000000 jnz 1c6db5ea = VCL632MI.DLL:.text+0xda5ea 0167:1c6db550 8b4610 mov eax,dword ptr [esi+10] 0167:1c6db553 83c004 add eax,+04 0167:1c6db556 50 push eax 0167:1c6db557 8b10 mov edx,dword ptr [eax] 0167:1c6db559 ff5204 call dword ptr [edx+04] VCL632MI.DLL:.text+0xda55c: *0167:1c6db55c 83c404 add esp,+04 0167:1c6db55f 84c0 test al,al 0167:1c6db561 0f8592000000 jnz 1c6db5f9 = VCL632MI.DLL:.text+0xda5f9 0167:1c6db567 8b4614 mov eax,dword ptr [esi+14] 0167:1c6db56a 83c004 add eax,+04 0167:1c6db56d 50 push eax 0167:1c6db56e 8b08 mov ecx,dword ptr [eax] 0167:1c6db570 ff11 call dword ptr [ecx] 0167:1c6db572 8b4610 mov eax,dword ptr [esi+10] 0167:1c6db575 83c004 add eax,+04 0167:1c6db578 50 push eax -------------------- 009ff5fc 00b24a64 -> 80 33 70 1c 30 4a b2 00 84 11 7d 00 00 00 00 00 .3p.0J....}..... 009ff600 00000a9c 009ff604 00b24a64 -> 80 33 70 1c 30 4a b2 00 84 11 7d 00 00 00 00 00 .3p.0J....}..... 009ff608 009ff660 -> 01 00 00 00 3b 36 f7 bf 9c 0a 00 00 00 02 00 00 ....;6.......... 009ff60c 00000f00 009ff610 1c630270 = VCL632MI.DLL:.text+0x2f270 -------------------- 0167:1c63024e 83f80d cmp eax,+0d 0167:1c630251 0f87b0000000 ja 1c630307 = VCL632MI.DLL:.text+0x2f307 0167:1c630257 ff24858405631c jmp dword ptr [eax*4+1c630584] 0167:1c63025e e8bdb20a00 call 1c6db520 = VCL632MI.DLL:.text+0xda520 0167:1c630263 8b542424 mov edx,dword ptr [esp+24] 0167:1c630267 52 push edx 0167:1c630268 53 push ebx 0167:1c630269 55 push ebp 0167:1c63026a 56 push esi 0167:1c63026b e850030000 call 1c6305c0 = VCL632MI.DLL:.text+0x2f5c0 VCL632MI.DLL:.text+0x2f270: *0167:1c630270 83c410 add esp,+10 0167:1c630273 f7d8 neg eax 0167:1c630275 1bc0 sbb eax,eax 0167:1c630277 40 inc eax 0167:1c630278 8907 mov dword ptr [edi],eax 0167:1c63027a e8d1b30a00 call 1c6db650 = VCL632MI.DLL:.text+0xda650 0167:1c63027f e983000000 jmp 1c630307 = VCL632MI.DLL:.text+0x2f307 0167:1c630284 56 push esi 0167:1c630285 e8860d0000 call 1c631010 = VCL632MI.DLL:.text+0x30010 0167:1c63028a 83c404 add esp,+04 0167:1c63028d eb72 jmp 1c630301 = VCL632MI.DLL:.text+0x2f301 -------------------- 009ff614 00000a9c 009ff618 00000200 009ff61c 00000001 009ff620 00880201 009ff624 00000200 009ff628 00000001 009ff62c 00880201 009ff630 00000a9c 009ff634 00000000 009ff638 1c63226b = VCL632MI.DLL:.text+0x3126b -------------------- 0167:1c632250 8d44240c lea eax,[esp+0c] 0167:1c632254 57 push edi 0167:1c632255 8b7c2420 mov edi,dword ptr [esp+20] 0167:1c632259 50 push eax 0167:1c63225a 56 push esi 0167:1c63225b 57 push edi 0167:1c63225c 53 push ebx 0167:1c63225d 55 push ebp 0167:1c63225e c744242401000000 mov dword ptr [esp+24],00000001 0167:1c632266 e805ddffff call 1c62ff70 = VCL632MI.DLL:.text+0x2ef70 VCL632MI.DLL:.text+0x3126b: *0167:1c63226b 8b4c2410 mov ecx,dword ptr [esp+10] 0167:1c63226f 85c9 test ecx,ecx 0167:1c632271 740a jz 1c63227d = VCL632MI.DLL:.text+0x3127d 0167:1c632273 56 push esi 0167:1c632274 57 push edi 0167:1c632275 53 push ebx 0167:1c632276 55 push ebp 0167:1c632277 ff15a0d36f1c call dword ptr [1c6fd3a0] -> USER32.DLL!DefWindowProcA 0167:1c63227d 5f pop edi 0167:1c63227e 5e pop esi 0167:1c63227f 5d pop ebp -------------------- 009ff63c 00000a9c 009ff640 00000200 009ff644 00000001 009ff648 00880201 009ff64c 009ff660 -> 01 00 00 00 3b 36 f7 bf 9c 0a 00 00 00 02 00 00 ....;6.......... 009ff650 009ff668 -> 9c 0a 00 00 00 02 00 00 01 00 00 00 01 02 88 00 ................ 009ff654 000086d8 009ff658 009ff680 -> 94 f6 9f 00 07 44 f9 bf d8 86 3f 5e 3f 5e 00 00 .....D....?^?^.. 009ff65c 009ff6b4 -> 00 00 46 02 00 00 10 87 00 00 aa 3c 9f 00 6f 16 ..F........<..o. 009ff660 00000001 009ff664 bff7363b = KERNEL32.DLL:_FREQASM+0x263b -------------------- 0167:bff7361f 65d16e04 shr dword ptr gs:[esi+04],EvIa 0167:bff73623 7222 jc bff73647 = KERNEL32.DLL:_FREQASM+0x2647 0167:bff73625 65ff32 push dword ptr gs:[edx] 0167:bff73628 8d5204 lea edx,[edx+04] 0167:bff7362b e2f2 loop bff7361f = KERNEL32.DLL:_FREQASM+0x261f 0167:bff7362d 8bfc mov edi,esp 0167:bff7362f 33c0 xor eax,eax 0167:bff73631 65394608 cmp dword ptr gs:[esi+08],eax 0167:bff73635 7404 jz bff7363b = KERNEL32.DLL:_FREQASM+0x263b 0167:bff73637 65ff5608 call dword ptr gs:[esi+08] KERNEL32.DLL:_FREQASM+0x263b: *0167:bff7363b 8be7 mov esp,edi 0167:bff7363d 33c9 xor ecx,ecx 0167:bff7363f 8ee9 mov gs,cx 0167:bff73641 5f pop edi 0167:bff73642 5e pop esi 0167:bff73643 c9 leave 0167:bff73644 c20c00 retd 000c 0167:bff73647 52 push edx 0167:bff73648 51 push ecx 0167:bff73649 33c0 xor eax,eax 0167:bff7364b 48 dec eax -------------------- 009ff668 00000a9c 009ff66c 00000200 009ff670 00000001 009ff674 00880201 009ff678 86b2541f 009ff67c 0000016f 009ff680 009ff694 -> b8 19 f7 bf d2 86 7d 00 90 fd 9f 00 6d 18 f7 bf ......}.....m... 009ff684 bff94407 = KERNEL32.DLL:.text+0x1b407 -------------------- 0167:bff943e6 8bd0 mov edx,eax 0167:bff943e8 c1c210 rol edx,10 0167:bff943eb e9c8f7ffff jmp bff93bb8 = KERNEL32.DLL:.text+0x1abb8 0167:bff943f0 0fbf4316 movsx eax,word ptr [ebx+16] 0167:bff943f4 50 push eax 0167:bff943f5 668b4318 mov ax,word ptr [ebx+18] 0167:bff943f9 50 push eax 0167:bff943fa ff731a push dword ptr [ebx+1a] 0167:bff943fd e8e3d3fdff call bff717e5 = KERNEL32.DLL!K32Thk1632Prolog 0167:bff94402 e8f6f1fdff call bff735fd = KERNEL32.DLL:_FREQASM+0x25fd KERNEL32.DLL:.text+0x1b407: *0167:bff94407 e8fed3fdff call bff7180a = KERNEL32.DLL!K32Thk1632Epilog 0167:bff9440c 8bd0 mov edx,eax 0167:bff9440e c1c210 rol edx,10 0167:bff94411 e9aaf7ffff jmp bff93bc0 = KERNEL32.DLL:.text+0x1abc0 0167:bff94416 0fbf4316 movsx eax,word ptr [ebx+16] 0167:bff9441a 50 push eax 0167:bff9441b ff7318 push dword ptr [ebx+18] 0167:bff9441e e8c2d3fdff call bff717e5 = KERNEL32.DLL!K32Thk1632Prolog 0167:bff94423 e8e6f0fdff call bff7350e = KERNEL32.DLL:_FREQASM+0x250e 0167:bff94428 e8ddd3fdff call bff7180a = KERNEL32.DLL!K32Thk1632Epilog 0167:bff9442d e986f7ffff jmp bff93bb8 = KERNEL32.DLL:.text+0x1abb8 -------------------- 009ff688 5e3f86d8 009ff68c 00005e3f 009ff690 00000000 009ff694 bff719b8 = KERNEL32.DLL:_FREQASM+0x9b8 -------------------- 0167:bff71991 51 push ecx 0167:bff71992 c1cf10 ror edi,10 0167:bff71995 6664873d0e000000 xchg word ptr fs:[0000000e],di 0167:bff7199d 57 push edi 0167:bff7199e 686d18f7bf push bff7186d 0167:bff719a3 64ff3500000000 push dword ptr fs:[00000000] 0167:bff719aa 64892500000000 mov dword ptr fs:[00000000],esp 0167:bff719b1 55 push ebp 0167:bff719b2 8d6c24fc lea ebp,[esp-04] 0167:bff719b6 ffd2 call edx KERNEL32.DLL:_FREQASM+0x9b8: *0167:bff719b8 5d pop ebp 0167:bff719b9 0fb6c9 movzx ecx,cl 0167:bff719bc 648f0500000000 pop dword ptr fs:[00000000] 0167:bff719c3 8d642404 lea esp,[esp+04] 0167:bff719c7 5f pop edi 0167:bff719c8 6664893d0e000000 mov word ptr fs:[0000000e],di 0167:bff719d0 5b pop ebx 0167:bff719d1 660fb22424 lss sp,dword ptr [esp] 0167:bff719d6 6664891d1e000000 mov word ptr fs:[0000001e],bx 0167:bff719de 5b pop ebx 0167:bff719df 0bdb or ebx,ebx -------------------- 009ff698 007d86d2 -> 6e 74 00 00 00 02 01 57 00 84 00 84 00 bf 00 00 nt.....W........ 009ff69c 009ffd90 -> 28 fe 9f 00 18 c9 6f 1c 00 00 00 00 d5 e3 10 01 (.....o......... 009ff6a0 bff7186d = KERNEL32.DLL:_FREQASM+0x86d -------------------- 0167:bff7183d 8b157094fcbf mov edx,dword ptr [bffc9470] 0167:bff71843 e8b3290000 call bff741fb = KERNEL32.DLL:_FREQASM+0x31fb 0167:bff71848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff 0167:bff71852 ff5326 call dword ptr [ebx+26] 0167:bff71855 8b157094fcbf mov edx,dword ptr [bffc9470] 0167:bff7185b e857290000 call bff741b7 = KERNEL32.DLL:_FREQASM+0x31b7 0167:bff71860 6664ff051e000000 inc word ptr fs:[0000001e] 0167:bff71868 b114 mov cl,14 0167:bff7186a 8be5 mov esp,ebp 0167:bff7186c c3 retd KERNEL32.DLL:_FREQASM+0x86d: *0167:bff7186d 8b442404 mov eax,dword ptr [esp+04] 0167:bff71871 f7400406000000 test dword ptr [eax+04],00000006 0167:bff71878 7419 jz bff71893 = KERNEL32.DLL:_FREQASM+0x893 0167:bff7187a 8b442408 mov eax,dword ptr [esp+08] 0167:bff7187e 8178046d18f7bf cmp dword ptr [eax+04],bff7186d 0167:bff71885 750c jnz bff71893 = KERNEL32.DLL:_FREQASM+0x893 0167:bff71887 668b4808 mov cx,word ptr [eax+08] 0167:bff7188b 6664890d0e000000 mov word ptr fs:[0000000e],cx 0167:bff71893 b801000000 mov eax,00000001 0167:bff71898 c3 retd 0167:bff71899 9d popfd -------------------- 009ff6a4 86b2541f 009ff6a8 00000000 009ff6ac 5e3f86b2 009ff6b0 0000fd90 009ff6b4 02460000 009ff6b8 87100000 009ff6bc 3caa0000 009ff6c0 166f009f 009ff6c4 27370001 009ff6c8 00000157 009ff6cc 86d85e3f 009ff6d0 87165e3f 009ff6d4 168f3d76 009ff6d8 00000004 009ff6dc 00000000 009ff6e0 1c632240 = VCL632MI.DLL:.text+0x31240 -> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ 009ff6e4 00880201 009ff6e8 00000001 009ff6ec 00000200 009ff6f0 00000a9c 009ff6f4 02000a9c 009ff6f8 00000001 009ff6fc 00880201 009ff700 00017a64 009ff704 c3bb0000 -> 4d 5a 79 00 02 00 00 00 04 00 08 00 ff ff 00 00 MZy............. 009ff708 168f0000 009ff70c 5e3f0001 009ff710 f7c45e3f 009ff714 87448750 009ff718 00030000 009ff71c 1c632240 = VCL632MI.DLL:.text+0x31240 -> 51 53 8b 5c 24 10 55 8b 6c 24 10 56 8b 74 24 20 QS.\$.U.l$.V.t$ 009ff720 17671025 009ff724 02010000 009ff728 00010088 009ff72c 0a9c0200 ... 009ff734 f7c4166f 009ff738 8780009f 009ff73c 00010000 009ff740 02a502a0 009ff744 392d8780 009ff748 0001168f 009ff74c 435f0e66 009ff750 02000a9c 009ff754 02010001 009ff758 db940088 009ff75c 02f600c3 009ff760 00000165 009ff764 02000a9c 009ff768 00000001 009ff76c 00880201 009ff770 bff714d9 = KERNEL32.DLL:_FREQASM+0x4d9 -> 0f b7 ec 8c d1 0f b7 c9 0f b2 65 00 66 8c d6 66 ..........e.f..f 009ff774 c3bb0001 -> 5a 79 00 02 00 00 00 04 00 08 00 ff ff 00 00 b8 Zy.............. 009ff778 00010000 009ff77c 38a038a0 009ff780 bff714d9 = KERNEL32.DLL:_FREQASM+0x4d9 -> 0f b7 ec 8c d1 0f b7 c9 0f b2 65 00 66 8c d6 66 ..........e.f..f 009ff784 00b20167 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 009ff788 009ff790 -> b7 46 00 00 c4 f7 9f 00 18 0f 7d 00 6b 53 f8 ff .F........}.kS.. 009ff78c fff8016f 009ff790 000046b7 009ff794 009ff7c4 -> 9c 0a 00 00 00 02 00 00 01 00 00 00 01 02 88 00 ................ 009ff798 007d0f18 -> 00 00 10 01 00 00 00 00 05 00 00 00 00 00 00 00 ................ 009ff79c fff8536b 009ff7a0 007d1184 -> 00 00 10 01 b4 06 00 00 18 12 7d 00 e0 7c 65 1c ..........}..|e. 009ff7a4 1c6eb3c0 = VCL632MI.DLL:.text+0xea3c0 -------------------- 0167:1c6eb3a0 a11c55711c mov eax,dword ptr [1c71551c] 0167:1c6eb3a5 85c0 test eax,eax 0167:1c6eb3a7 740c jz 1c6eb3b5 = VCL632MI.DLL:.text+0xea3b5 0167:1c6eb3a9 8b442404 mov eax,dword ptr [esp+04] 0167:1c6eb3ad 50 push eax 0167:1c6eb3ae ff1500d36f1c call dword ptr [1c6fd300] -> USER32.DLL!CharLowerW 0167:1c6eb3b4 c3 retd 0167:1c6eb3b5 8b4c2404 mov ecx,dword ptr [esp+04] 0167:1c6eb3b9 51 push ecx 0167:1c6eb3ba ff1594d36f1c call dword ptr [1c6fd394] -> USER32.DLL!DispatchMessageA VCL632MI.DLL:.text+0xea3c0: *0167:1c6eb3c0 c3 retd 0167:1c6eb3c1 90 nop 0167:1c6eb3c2 90 nop 0167:1c6eb3c3 90 nop 0167:1c6eb3c4 90 nop 0167:1c6eb3c5 90 nop 0167:1c6eb3c6 90 nop 0167:1c6eb3c7 90 nop 0167:1c6eb3c8 90 nop 0167:1c6eb3c9 90 nop 0167:1c6eb3ca 90 nop -------------------- 009ff7a8 009ff7c4 -> 9c 0a 00 00 00 02 00 00 01 00 00 00 01 02 88 00 ................ 009ff7ac 1c6dbc87 = VCL632MI.DLL:.text+0xdac87 -------------------- 0167:1c6dbc6d 8b464c mov eax,dword ptr [esi+4c] 0167:1c6dbc70 85c0 test eax,eax 0167:1c6dbc72 740d jz 1c6dbc81 = VCL632MI.DLL:.text+0xdac81 0167:1c6dbc74 57 push edi 0167:1c6dbc75 e846f90000 call 1c6eb5c0 = VCL632MI.DLL:.text+0xea5c0 0167:1c6dbc7a 83c404 add esp,+04 0167:1c6dbc7d 84c0 test al,al 0167:1c6dbc7f 751a jnz 1c6dbc9b = VCL632MI.DLL:.text+0xdac9b 0167:1c6dbc81 57 push edi 0167:1c6dbc82 e819f70000 call 1c6eb3a0 = VCL632MI.DLL:.text+0xea3a0 VCL632MI.DLL:.text+0xdac87: *0167:1c6dbc87 8b4e4c mov ecx,dword ptr [esi+4c] 0167:1c6dbc8a 83c404 add esp,+04 0167:1c6dbc8d 85c9 test ecx,ecx 0167:1c6dbc8f 740a jz 1c6dbc9b = VCL632MI.DLL:.text+0xdac9b 0167:1c6dbc91 50 push eax 0167:1c6dbc92 57 push edi 0167:1c6dbc93 e8b8fa0000 call 1c6eb750 = VCL632MI.DLL:.text+0xea750 0167:1c6dbc98 83c408 add esp,+08 0167:1c6dbc9b 5f pop edi 0167:1c6dbc9c 5e pop esi 0167:1c6dbc9d c3 retd -------------------- 009ff7b0 009ff7c4 -> 9c 0a 00 00 00 02 00 00 01 00 00 00 01 02 88 00 ................ 009ff7b4 00b24a60 -> 90 33 70 1c 80 33 70 1c 30 4a b2 00 84 11 7d 00 .3p..3p.0J....}. 009ff7b8 00000001 009ff7bc 1c6dbc52 = VCL632MI.DLL:.text+0xdac52 -------------------- 0167:1c6dbc31 e81af70000 call 1c6eb350 = VCL632MI.DLL:.text+0xea350 0167:1c6dbc36 83c414 add esp,+14 0167:1c6dbc39 85c0 test eax,eax 0167:1c6dbc3b 7418 jz 1c6dbc55 = VCL632MI.DLL:.text+0xdac55 0167:1c6dbc3d 8d4c2400 lea ecx,[esp] 0167:1c6dbc41 51 push ecx 0167:1c6dbc42 ff15d0d26f1c call dword ptr [1c6fd2d0] -> USER32.DLL!TranslateMessage 0167:1c6dbc48 8d542400 lea edx,[esp] 0167:1c6dbc4c 52 push edx 0167:1c6dbc4d e80e000000 call 1c6dbc60 = VCL632MI.DLL:.text+0xdac60 VCL632MI.DLL:.text+0xdac52: *0167:1c6dbc52 83c404 add esp,+04 0167:1c6dbc55 83c41c add esp,+1c 0167:1c6dbc58 c3 retd 0167:1c6dbc59 90 nop 0167:1c6dbc5a 90 nop 0167:1c6dbc5b 90 nop 0167:1c6dbc5c 90 nop 0167:1c6dbc5d 90 nop 0167:1c6dbc5e 90 nop 0167:1c6dbc5f 90 nop 0167:1c6dbc60 a1384d711c mov eax,dword ptr [1c714d38] -------------------- 009ff7c0 009ff7c4 -> 9c 0a 00 00 00 02 00 00 01 00 00 00 01 02 88 00 ................ 009ff7c4 00000a9c 009ff7c8 00000200 009ff7cc 00000001 009ff7d0 00880201 009ff7d4 00c3db94 = SMGR.DLL+0xdb94 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 009ff7d8 000002f6 009ff7dc 00000165 009ff7e0 1c6dbd40 = VCL632MI.DLL:.text+0xdad40 -------------------- 0167:1c6dbd2a 75f5 jnz 1c6dbd21 = VCL632MI.DLL:.text+0xdad21 0167:1c6dbd2c 5f pop edi 0167:1c6dbd2d 5e pop esi 0167:1c6dbd2e 5d pop ebp 0167:1c6dbd2f 5b pop ebx 0167:1c6dbd30 83c40c add esp,+0c 0167:1c6dbd33 c20400 retd 0004 0167:1c6dbd36 8b4c2420 mov ecx,dword ptr [esp+20] 0167:1c6dbd3a 51 push ecx 0167:1c6dbd3b e8c0feffff call 1c6dbc00 = VCL632MI.DLL:.text+0xdac00 VCL632MI.DLL:.text+0xdad40: *0167:1c6dbd40 83c404 add esp,+04 0167:1c6dbd43 85f6 test esi,esi 0167:1c6dbd45 7408 jz 1c6dbd4f = VCL632MI.DLL:.text+0xdad4f 0167:1c6dbd47 e8d4f7ffff call 1c6db520 = VCL632MI.DLL:.text+0xda520 0167:1c6dbd4c 4e dec esi 0167:1c6dbd4d 75f8 jnz 1c6dbd47 = VCL632MI.DLL:.text+0xdad47 0167:1c6dbd4f 5f pop edi 0167:1c6dbd50 5e pop esi 0167:1c6dbd51 5d pop ebp 0167:1c6dbd52 5b pop ebx 0167:1c6dbd53 83c40c add esp,+0c -------------------- 009ff7e4 fff85301 009ff7e8 00000013 009ff7ec 1c715bf8 = VCL632MI.DLL:.data+0x4bf8 -> 18 0f 7d 00 84 11 7d 00 d8 3a 11 01 34 12 7d 00 ..}...}..:..4.}. 009ff7f0 009ffe38 -> 78 ff 9f 00 60 b5 f8 bf 00 00 00 00 ec bc 7a 81 x...`.........z. 009ff7f4 00000000 ... 009ff7fc fff8536b 009ff800 007d0f18 -> 00 00 10 01 00 00 00 00 05 00 00 00 00 00 00 00 ................ 009ff804 1c61d882 = VCL632MI.DLL:.text+0x1c882 -------------------- 0167:1c61d863 8a462c mov al,byte ptr [esi+2c] 0167:1c61d866 84c0 test al,al 0167:1c61d868 75f4 jnz 1c61d85e = VCL632MI.DLL:.text+0x1c85e 0167:1c61d86a 8a9688000000 mov dl,byte ptr [esi+00000088] 0167:1c61d870 66ff4678 inc word ptr [esi+78] 0167:1c61d874 8b4e04 mov ecx,dword ptr [esi+04] 0167:1c61d877 84d2 test dl,dl 0167:1c61d879 0f94c0 setz al 0167:1c61d87c 50 push eax 0167:1c61d87d e81ee40b00 call 1c6dbca0 = VCL632MI.DLL:.text+0xdaca0 VCL632MI.DLL:.text+0x1c882: *0167:1c61d882 66ff4e78 dec word ptr [esi+78] 0167:1c61d886 5e pop esi 0167:1c61d887 c3 retd 0167:1c61d888 90 nop 0167:1c61d889 90 nop 0167:1c61d88a 90 nop 0167:1c61d88b 90 nop 0167:1c61d88c 90 nop 0167:1c61d88d 90 nop 0167:1c61d88e 90 nop 0167:1c61d88f 90 nop -------------------- 009ff808 fff85301 009ff80c 1c715bf8 = VCL632MI.DLL:.data+0x4bf8 -> 18 0f 7d 00 84 11 7d 00 d8 3a 11 01 34 12 7d 00 ..}...}..:..4.}. 009ff810 1c61d80d = VCL632MI.DLL:.text+0x1c80d -------------------- 0167:1c61d7ed 90 nop 0167:1c61d7ee 90 nop 0167:1c61d7ef 90 nop 0167:1c61d7f0 56 push esi 0167:1c61d7f1 8b35384d711c mov esi,dword ptr [1c714d38] -> VCL632MI.DLL:.data+0x4bf8 0167:1c61d7f7 8a8688000000 mov al,byte ptr [esi+00000088] 0167:1c61d7fd c6868700000001 mov byte ptr [esi+00000087],01 0167:1c61d804 84c0 test al,al 0167:1c61d806 750f jnz 1c61d817 = VCL632MI.DLL:.text+0x1c817 0167:1c61d808 e843000000 call 1c61d850 = VCL632MI.DLL!413 VCL632MI.DLL:.text+0x1c80d: *0167:1c61d80d 8a8688000000 mov al,byte ptr [esi+00000088] 0167:1c61d813 84c0 test al,al 0167:1c61d815 74f1 jz 1c61d808 = VCL632MI.DLL:.text+0x1c808 0167:1c61d817 c6868700000000 mov byte ptr [esi+00000087],00 0167:1c61d81e 5e pop esi 0167:1c61d81f c3 retd 0167:1c61d820 56 push esi 0167:1c61d821 8b35384d711c mov esi,dword ptr [1c714d38] -> VCL632MI.DLL:.data+0x4bf8 0167:1c61d827 8a462c mov al,byte ptr [esi+2c] 0167:1c61d82a 84c0 test al,al 0167:1c61d82c 740c jz 1c61d83a = VCL632MI.DLL:.text+0x1c83a -------------------- 009ff814 01113ad8 = SETUP.EXE:.data+0xad8 -> 4c 17 11 01 28 12 7d 00 d4 1c 7d 00 ac 73 7d 00 L...(.}...}..s}. 009ff818 011029cf = SETUP.EXE:.text+0x19cf -------------------- 0167:011029a8 e8532c0000 call 01105600 = SETUP.EXE:.text+0x4600 0167:011029ad 8d4c2414 lea ecx,[esp+14] 0167:011029b1 e8a8da0000 call 0111045e = TL632MI.DLL!242 0167:011029b6 8d4c2410 lea ecx,[esp+10] 0167:011029ba e8d3d90000 call 01110392 = TL632MI.DLL!149 0167:011029bf 53 push ebx 0167:011029c0 6a0a push +0a 0167:011029c2 e813dd0000 call 011106da = VCL632MI.DLL!386 0167:011029c7 83c408 add esp,+08 0167:011029ca e805dd0000 call 011106d4 = VCL632MI.DLL!322 SETUP.EXE:.text+0x19cf: *0167:011029cf 8b7e04 mov edi,dword ptr [esi+04] 0167:011029d2 3bfb cmp edi,ebx 0167:011029d4 7410 jz 011029e6 = SETUP.EXE:.text+0x19e6 0167:011029d6 8bcf mov ecx,edi 0167:011029d8 e841e10000 call 01110b1e = STS632MI.DLL!21 0167:011029dd 57 push edi 0167:011029de e8bbd90000 call 0111039e = TL632MI.DLL!21 0167:011029e3 83c404 add esp,+04 0167:011029e6 8b7e08 mov edi,dword ptr [esi+08] 0167:011029e9 895e04 mov dword ptr [esi+04],ebx 0167:011029ec 3bfb cmp edi,ebx -------------------- 009ff81c 00000000 009ff820 1c715bf8 = VCL632MI.DLL:.data+0x4bf8 -> 18 0f 7d 00 84 11 7d 00 d8 3a 11 01 34 12 7d 00 ..}...}..:..4.}. 009ff824 009ffe38 -> 78 ff 9f 00 60 b5 f8 bf 00 00 00 00 ec bc 7a 81 x...`.........z. 009ff828 00000001 009ff82c 00b2e090 -> 01 00 00 00 13 00 00 00 6f 70 65 6e 5f 6f 66 66 ........open_off 009ff830 009ffbbc -> 10 03 00 00 10 08 7b 81 10 00 00 00 a0 a3 f7 bf ......{......... 009ff834 00b36290 -> 02 00 00 00 27 00 00 00 43 3a 5c 50 52 4f 47 52 ....'...C:\PROGR 009ff838 1a3f883e 009ff83c 00000000 009ff840 00b63170 -> 01 00 00 00 0c 00 00 00 72 65 73 70 6f 6e 73 65 ........response 009ff844 00000000 ... 009ff854 81c144ec -> e2 63 c1 81 00 00 00 00 00 00 00 00 00 00 00 00 .c.............. 009ff858 00b652a0 -> 03 00 00 00 1f 00 00 00 4f 00 70 00 65 00 6e 00 ........O.p.e.n. 009ff85c 00000000 009ff860 00000005 009ff864 00000000 ... 009ff870 0ed38876 009ff874 00000000 009ff878 264f189c 009ff87c 07498884 009ff880 817abcec -> 06 00 07 00 60 04 de cd 00 00 00 00 00 00 00 00 ....`........... 009ff884 79fb89ae 009ff888 bcec0147 009ff88c 1eaf817a 009ff890 1eff1e27 009ff894 00000000 009ff898 00b63170 -> 01 00 00 00 0c 00 00 00 72 65 73 70 6f 6e 73 65 ........response 009ff89c 0082c4d0 -> 00 00 00 00 10 52 b6 00 10 db 7f 00 00 00 00 00 .....R.......... 009ff8a0 00000000 ... 009ff8a8 011117c4 = SETUP.EXE:.rdata+0x7c4 -> b0 4e 10 01 30 08 11 01 2a 08 11 01 24 08 11 01 .N..0...*...$... 009ff8ac 00000000 ... 009ff8c0 007d120c -> 30 7d 7d 00 01 00 00 00 10 80 0c 00 14 12 7d 00 0}}...........}. 009ff8c4 007d11f0 -> 60 32 7d 00 60 32 7d 00 60 32 7d 00 4e 00 e0 3f `2}.`2}.`2}.N..? 009ff8c8 00000000 ... 009ff8e0 75f70000 009ff8e4 00010000 009ff8e8 00007649 009ff8ec 00008a58 009ff8f0 00000000 ... 009ff8f8 00000400 009ff8fc 00000300 009ff900 00000060 ... 009ff908 00000000 ... 009ff91c 893c0000 009ff920 174f46c4 009ff924 58778930 009ff928 587789a4 009ff92c 89ac0083 009ff930 00000000 ... 009ff938 001c0000 009ff93c 4855894c 009ff940 00001767 009ff944 587789a4 009ff948 000392e0 009ff94c 00000001 009ff950 1c715a30 = VCL632MI.DLL:.data+0x4a30 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 009ff954 ffffffff 009ff958 00ffffff 009ff95c 007d15ac -> 01 00 00 00 b0 31 b3 00 d0 b3 85 1c 00 00 00 00 .....1.......... 009ff960 00000000 009ff964 ffffffff ... 009ff96c 00000000 ... 009ff974 1c715b50 = VCL632MI.DLL:.data+0x4b50 -> ff ff ff ff 00 00 00 00 00 00 00 00 00 00 00 00 ................ 009ff978 007d7748 -> 1e 00 00 00 88 77 7d 00 1c 2d 7d 00 30 15 7d 00 .....w}..-}.0.}. 009ff97c 1c715828 = VCL632MI.DLL:.data+0x4828 -> 00 00 00 00 0a 00 00 00 00 00 00 00 00 00 00 00 ................ 009ff980 00000000 ... 009ff98c fcf400a9 009ff990 00009f98 009ff994 00000000 ... 009ff99c 007d7b7c -> 9c f2 6f 1c 00 00 00 00 1e 00 00 00 00 00 00 00 ..o............. 009ff9a0 007d7af4 -> 00 0f 00 00 56 14 00 00 00 00 00 00 40 7c 7d 00 ....V.......@|}. 009ff9a4 00000000 009ff9a8 00c221ba = W9XUCWRP2.DLL:.text+0x11ba -------------------- 0167:00c2219e 8bbc241c010000 mov edi,dword ptr [esp+0000011c] 0167:00c221a5 8b2d3440c200 mov ebp,dword ptr [00c24034] -> KERNEL32.DLL!MultiByteToWideChar 0167:00c221ab 52 push edx 0167:00c221ac 57 push edi 0167:00c221ad 8d442418 lea eax,[esp+18] 0167:00c221b1 6aff push -01 0167:00c221b3 50 push eax 0167:00c221b4 6a00 push +00 0167:00c221b6 6a00 push +00 0167:00c221b8 ffd5 call ebp W9XUCWRP2.DLL:.text+0x11ba: *0167:00c221ba 85c0 test eax,eax 0167:00c221bc 0f85a2000000 jnz 00c22264 = W9XUCWRP2.DLL:.text+0x1264 0167:00c221c2 50 push eax 0167:00c221c3 50 push eax 0167:00c221c4 8d4c2418 lea ecx,[esp+18] 0167:00c221c8 6aff push -01 0167:00c221ca 51 push ecx 0167:00c221cb 50 push eax 0167:00c221cc 50 push eax 0167:00c221cd ffd5 call ebp 0167:00c221cf 8bf0 mov esi,eax -------------------- 009ff9ac 007d78a8 -> b4 35 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .5p............. ... 009ff9b8 00000000 009ff9bc 007d78a8 -> b4 35 70 1c 00 00 00 00 00 00 00 00 00 00 00 00 .5p............. ... 009ff9c4 007dac44 -> 60 18 11 01 40 7c 7d 00 00 00 00 00 b4 48 84 00 `...@|}......H.. 009ff9c8 007e337c -> 80 19 11 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ 009ff9cc 00000000 ... 009ff9e8 5c504d54 009ff9ec 0000003f 009ff9f0 00000020 009ff9f4 0000004e 009ff9f8 00000000 ... 009ffa04 00b20000 -> 00 00 00 00 00 00 00 00 ff ff ff ff 41 00 00 00 ............A... 009ffa08 00000001 ... 009ffa10 00b652a0 -> 03 00 00 00 1f 00 00 00 4f 00 70 00 65 00 6e 00 ........O.p.e.n. 009ffa14 00000000 009ffa18 ffffffff ... 009ffa20 00000000 ... 009ffa38 7800cc37 = MSVCRT.DLL:.text+0xbc37 -------------------- 0167:7800cc16 50 push eax 0167:7800cc17 e8f9030000 call 7800d015 = MSVCRT.DLL:.text+0xc015 0167:7800cc1c 59 pop ecx 0167:7800cc1d 59 pop ecx 0167:7800cc1e 834dfcff or dword ptr [ebp-04],-01 0167:7800cc22 e809000000 call 7800cc30 = MSVCRT.DLL:.text+0xbc30 0167:7800cc27 837de400 cmp dword ptr [ebp-1c],+00 0167:7800cc2b e9e447ffff jmp 78001414 = MSVCRT.DLL:.text+0x414 0167:7800cc30 6a09 push +09 0167:7800cc32 e86746ffff call 7800129e = MSVCRT.DLL!_unlock MSVCRT.DLL:.text+0xbc37: *0167:7800cc37 59 pop ecx 0167:7800cc38 c3 retd 0167:7800cc39 56 push esi 0167:7800cc3a e9e947ffff jmp 78001428 = MSVCRT.DLL:.text+0x428 0167:7800cc3f 39442408 cmp dword ptr [esp+08],eax 0167:7800cc43 0f849946ffff jz 780012e2 = MSVCRT.DLL:.text+0x2e2 0167:7800cc49 ff742404 push dword ptr [esp+04] 0167:7800cc4d e8be8cffff call 78005910 = MSVCRT.DLL!_callnewh 0167:7800cc52 85c0 test eax,eax 0167:7800cc54 59 pop ecx 0167:7800cc55 0f857546ffff jnz 780012d0 = MSVCRT.DLL:.text+0x2d0 -------------------- 009ffa3c 00000009 009ffa40 00000000 ... 009ffa50 1c85b3d0 = TL632MI.DLL:.data+0x13d0 -> e6 01 00 00 00 00 00 00 00 00 00 00 50 65 72 73 ............Pers ... 009ffa58 1c715668 = VCL632MI.DLL:.data+0x4668 -> 00 00 00 00 d0 b3 85 1c d0 b3 85 1c 00 00 00 00 ................ 009ffa5c 00000000 ... 009ffa68 1c715a30 = VCL632MI.DLL:.data+0x4a30 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 009ffa6c 0082f50c -> 01 00 00 00 01 00 00 00 00 00 00 00 18 af 82 00 ................ 009ffa70 1c715a40 = VCL632MI.DLL:.data+0x4a40 -> 00 00 00 00 00 00 00 00 00 00 00 00 10 73 7d 00 .............s}. 009ffa74 0081fbb8 -> 40 5a 71 1c 00 00 00 00 ff ff 0c 00 04 10 00 a0 @Zq............. 009ffa78 00000000 009ffa7c 00000001 009ffa80 00000000 ... 009ffa8c 009f0137 009ffa90 0000689d 009ffa94 00000000 009ffa98 00010000 009ffa9c 00b20000 -> 00 00 00 00 00 00 00 00 ff ff ff ff 41 00 00 00 ............A... 009ffaa0 010848a0 009ffaa4 00098006 009ffaa8 7800e800 = MSVCRT.DLL:.text+0xd800 -> d8 47 41 84 c0 75 f4 8b c2 4a 85 c0 5e 74 13 8d .GA..u...J..^t.. 009ffaac 00000000 ... 009ffad0 00b24900 -> 50 53 b2 00 d0 52 b2 00 11 00 00 00 31 00 00 00 PS...R......1... 009ffad4 00b20000 -> 00 00 00 00 00 00 00 00 ff ff ff ff 41 00 00 00 ............A... 009ffad8 00000000 009ffadc 009ffae8 -> 7c 33 7e 00 43 00 3a 00 5c 00 57 00 49 00 4e 00 |3..C.:.\.W.I.N. 009ffae0 007dac44 -> 60 18 11 01 40 7c 7d 00 00 00 00 00 b4 48 84 00 `...@|}......H.. 009ffae4 007dd934 -> e8 18 11 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ 009ffae8 007e337c -> 80 19 11 01 00 00 00 00 00 00 00 00 00 00 00 00 ................ 009ffaec 003a0043 009ffaf0 0057005c = SAL2.DLL:.rdata+0x9405c -> c8 b2 c9 b2 96 84 97 84 98 84 99 84 ca b2 cb b2 ................ 009ffaf4 004e0049 = SAL2.DLL:.rdata+0x4049 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 30 ...............0 009ffaf8 004f0044 = SAL2.DLL:.rdata+0x14044 -> e5 e3 e7 e3 e6 e3 a3 94 00 00 f7 93 00 00 5d 98 ..............]. 009ffafc 00530057 = SAL2.DLL:.rdata+0x54057 -> c2 e1 e1 00 00 00 00 00 00 ec d0 00 00 bd cd 00 ................ 009ffb00 0054005c = SAL2.DLL:.rdata+0x6405c -> 00 00 00 00 ed e6 00 00 00 00 00 00 00 00 00 00 ................ 009ffb04 004d0045 = SAL2.DLL:.text+0xf045 -> 3b f3 0f 83 e6 00 00 00 c6 06 2b 46 66 3d 2b 00 ;.........+Ff=+. 009ffb08 005c0050 = UTL632MI.DLL:.text+0xf050 -> 89 71 08 8b 72 0c 85 f6 74 03 89 4e 04 8b 71 04 .q..r...t..N..q. 009ffb0c 00560053 = SAL2.DLL:.rdata+0x84053 -> cc 31 cc 32 cc 33 cc 34 cc 35 cc 36 cc 37 cc 3a .1.2.3.4.5.6.7.: 009ffb10 002e0031 009ffb14 004d0054 = SAL2.DLL:.text+0xf054 -> 00 75 1b 3b f3 0f 83 d4 00 00 00 8b 54 24 2c c6 .u.;........T$,. 009ffb18 005c0050 = UTL632MI.DLL:.text+0xf050 -> 89 71 08 8b 72 0c 85 f6 74 03 89 4e 04 8b 71 04 .q..r...t..N..q. 009ffb1c 00450053 = SET632MI.DLL:.text+0x4f053 -> ff 8d 4c 24 1c e8 e5 28 02 00 8d 4c 24 30 e8 dc ..L$...(...L$0.. 009ffb20 00550054 = SAL2.DLL:.rdata+0x74054 -> 00 00 e8 b3 00 00 a9 d4 e7 b0 00 00 d9 b0 d6 b0 ................ 009ffb24 002e0050 009ffb28 00580045 = SAL2.DLL:.rdata+0xa4045 -> dd cb dd cc dd cd dd ce dd cf dd d0 dd d1 dd d2 ................ 009ffb2c 00000045 009ffb30 7fe20147 = COMDLG32.DLL:.text+0xf147 -> a4 24 34 02 00 00 00 57 89 6e 0c 89 6e 08 e8 11 .$4....W.n..n... 009ffb34 54675d18 009ffb38 8b74015f 009ffb3c 01474c76 009ffb40 015f1364 009ffb44 00000000 009ffb48 064f0175 009ffb4c 8b5c8b58 009ffb50 071416ea 009ffb54 00002eda 009ffb58 0000077a 009ffb5c 2f3b8b6e 009ffb60 077a077a 009ffb64 064f0144 009ffb68 00000756 009ffb6c 8b800000 009ffb70 04df2d96 009ffb74 01440000 009ffb78 016f2da7 009ffb7c 166f1608 009ffb80 52708b8e 009ffb84 076e174f 009ffb88 166f077a 009ffb8c 8b9c46b7 009ffb90 174f4e04 009ffb94 000011a2 009ffb98 016f077a 009ffb9c 0b9b8baa 009ffba0 009ffbe0 -> 00 90 70 81 10 08 7b 81 40 00 00 00 00 00 00 00 ..p...{.@....... 009ffba4 00000320 009ffba8 817b07ec -> 24 00 00 a0 04 00 00 00 00 00 00 00 00 00 00 00 $............... 009ffbac 00000024 009ffbb0 bff7a3a0 = KERNEL32.DLL:.text+0x13a0 -------------------- 0167:bff7a385 2bfb sub edi,ebx 0167:bff7a387 57 push edi 0167:bff7a388 894108 mov dword ptr [ecx+08],eax 0167:bff7a38b 8b5604 mov edx,dword ptr [esi+04] 0167:bff7a38e 8b4608 mov eax,dword ptr [esi+08] 0167:bff7a391 895004 mov dword ptr [eax+04],edx 0167:bff7a394 8d041e lea eax,[esi+ebx] 0167:bff7a397 50 push eax 0167:bff7a398 ff7508 push dword ptr [ebp+08] 0167:bff7a39b e871fdffff call bff7a111 = KERNEL32.DLL:.text+0x1111 KERNEL32.DLL:.text+0x13a0: *0167:bff7a3a0 eb36 jmp bff7a3d8 = KERNEL32.DLL:.text+0x13d8 0167:bff7a3a2 8b4d08 mov ecx,dword ptr [ebp+08] 0167:bff7a3a5 0fb64170 movzx eax,byte ptr [ecx+70] 0167:bff7a3a9 0b45f4 or eax,dword ptr [ebp-0c] 0167:bff7a3ac 50 push eax 0167:bff7a3ad 8b45f8 mov eax,dword ptr [ebp-08] 0167:bff7a3b0 2b45fc sub eax,dword ptr [ebp-04] 0167:bff7a3b3 50 push eax 0167:bff7a3b4 ff75fc push dword ptr [ebp-04] 0167:bff7a3b7 e8f6feffff call bff7a2b2 = KERNEL32.DLL:.text+0x12b2 0167:bff7a3bc 85c0 test eax,eax -------------------- 009ffbb4 81709000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 009ffbb8 009ffbf8 -> 00 d3 aa ce 20 fc 9f 00 0e a1 f7 bf 67 a5 f7 bf .... .......g... 009ffbbc 00000310 009ffbc0 817b0810 -> 10 00 00 a0 4c e8 79 81 4c e8 79 81 4c e8 79 81 ....L.y.L.y.L.y. 009ffbc4 00000010 009ffbc8 bff7a3a0 = KERNEL32.DLL:.text+0x13a0 -------------------- 0167:bff7a385 2bfb sub edi,ebx 0167:bff7a387 57 push edi 0167:bff7a388 894108 mov dword ptr [ecx+08],eax 0167:bff7a38b 8b5604 mov edx,dword ptr [esi+04] 0167:bff7a38e 8b4608 mov eax,dword ptr [esi+08] 0167:bff7a391 895004 mov dword ptr [eax+04],edx 0167:bff7a394 8d041e lea eax,[esi+ebx] 0167:bff7a397 50 push eax 0167:bff7a398 ff7508 push dword ptr [ebp+08] 0167:bff7a39b e871fdffff call bff7a111 = KERNEL32.DLL:.text+0x1111 KERNEL32.DLL:.text+0x13a0: *0167:bff7a3a0 eb36 jmp bff7a3d8 = KERNEL32.DLL:.text+0x13d8 0167:bff7a3a2 8b4d08 mov ecx,dword ptr [ebp+08] 0167:bff7a3a5 0fb64170 movzx eax,byte ptr [ecx+70] 0167:bff7a3a9 0b45f4 or eax,dword ptr [ebp-0c] 0167:bff7a3ac 50 push eax 0167:bff7a3ad 8b45f8 mov eax,dword ptr [ebp-08] 0167:bff7a3b0 2b45fc sub eax,dword ptr [ebp-04] 0167:bff7a3b3 50 push eax 0167:bff7a3b4 ff75fc push dword ptr [ebp-04] 0167:bff7a3b7 e8f6feffff call bff7a2b2 = KERNEL32.DLL:.text+0x12b2 0167:bff7a3bc 85c0 test eax,eax -------------------- 009ffbcc 81709000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 009ffbd0 817b0820 -> 24 00 00 a0 04 00 00 00 00 00 00 00 00 00 00 00 $............... 009ffbd4 00000310 009ffbd8 00000000 009ffbdc 8170900c -> 01 00 00 a0 1c 90 70 81 44 91 7b 81 80 00 00 00 ......p.D.{..... 009ffbe0 81709000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 009ffbe4 817b0810 -> 10 00 00 a0 4c e8 79 81 4c e8 79 81 4c e8 79 81 ....L.y.L.y.L.y. 009ffbe8 00000040 009ffbec 00000000 009ffbf0 81709050 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 009ffbf4 8170900c -> 01 00 00 a0 1c 90 70 81 44 91 7b 81 80 00 00 00 ......p.D.{..... 009ffbf8 ceaad300 -> 01 00 00 00 cc 08 77 81 ec bc 7a 81 90 77 bb ce ......w...z..w.. 009ffbfc 009ffc20 -> cc 2a f9 bf 14 08 7b 81 4c e8 79 81 00 00 00 00 .*....{.L.y..... 009ffc00 bff7a10e = KERNEL32.DLL:.text+0x110e -------------------- 0167:bff7a0ea fa cli 0167:bff7a0eb bf4ec3fabf mov edi,bffac34e 0167:bff7a0f0 8b442404 mov eax,dword ptr [esp+04] 0167:bff7a0f4 0fb64870 movzx ecx,byte ptr [eax+70] 0167:bff7a0f8 0b4c2408 or ecx,dword ptr [esp+08] 0167:bff7a0fc f6c101 test cl,01 0167:bff7a0ff 750d jnz bff7a10e = KERNEL32.DLL:.text+0x110e 0167:bff7a101 ff704c push dword ptr [eax+4c] 0167:bff7a104 e8e5a1ffff call bff742ee = KERNEL32.DLL:_FREQASM+0x32ee 0167:bff7a109 e83e010000 call bff7a24c = KERNEL32.DLL:.text+0x124c KERNEL32.DLL:.text+0x110e: *0167:bff7a10e c20800 retd 0008 0167:bff7a111 53 push ebx 0167:bff7a112 56 push esi 0167:bff7a113 8b742410 mov esi,dword ptr [esp+10] 0167:bff7a117 57 push edi 0167:bff7a118 8b7c2418 mov edi,dword ptr [esp+18] 0167:bff7a11c 55 push ebp 0167:bff7a11d ba00001000 mov edx,00100000 0167:bff7a122 8d1c3e lea ebx,[esi+edi] 0167:bff7a125 8b03 mov eax,dword ptr [ebx] 0167:bff7a127 a801 test al,01 -------------------- 009ffc04 bff7a567 = KERNEL32.DLL:.text+0x1567 -------------------- 0167:bff7a54a 56 push esi 0167:bff7a54b e8a6fdffff call bff7a2f6 = KERNEL32.DLL:.text+0x12f6 0167:bff7a550 89450c mov dword ptr [ebp+0c],eax 0167:bff7a553 85c0 test eax,eax 0167:bff7a555 7436 jz bff7a58d = KERNEL32.DLL:.text+0x158d 0167:bff7a557 ff7510 push dword ptr [ebp+10] 0167:bff7a55a 56 push esi 0167:bff7a55b 0d000000a0 or eax,a0000000 0167:bff7a560 8903 mov dword ptr [ebx],eax 0167:bff7a562 e889fbffff call bff7a0f0 = KERNEL32.DLL:.text+0x10f0 KERNEL32.DLL:.text+0x1567: *0167:bff7a567 8d4304 lea eax,[ebx+04] 0167:bff7a56a eb49 jmp bff7a5b5 = KERNEL32.DLL:.text+0x15b5 0167:bff7a56c 6a08 push +08 0167:bff7a56e e82d240000 call bff7c9a0 = KERNEL32.DLL:.text+0x39a0 0167:bff7a573 eb18 jmp bff7a58d = KERNEL32.DLL:.text+0x158d 0167:bff7a575 6a08 push +08 0167:bff7a577 e824240000 call bff7c9a0 = KERNEL32.DLL:.text+0x39a0 0167:bff7a57c eb0f jmp bff7a58d = KERNEL32.DLL:.text+0x158d 0167:bff7a57e 6a10 push +10 0167:bff7a580 ff75fc push dword ptr [ebp-04] 0167:bff7a583 680a000100 push 0001000a -------------------- 009ffc08 81709000 -> 00 00 10 00 00 00 00 00 20 00 00 00 01 00 00 a0 ........ ....... 009ffc0c 00000040 009ffc10 00000000 009ffc14 bff741f7 = KERNEL32.DLL:_FREQASM+0x31f7 -------------------- 0167:bff741dd 51 push ecx 0167:bff741de 52 push edx 0167:bff741df 681d002a00 push 002a001d 0167:bff741e4 e8ebd1ffff call bff713d4 = KERNEL32.DLL!1 0167:bff741e9 59 pop ecx 0167:bff741ea 5a pop edx 0167:bff741eb ebe8 jmp bff741d5 = KERNEL32.DLL:_FREQASM+0x31d5 0167:bff741ed 8b542404 mov edx,dword ptr [esp+04] 0167:bff741f1 50 push eax 0167:bff741f2 e804000000 call bff741fb = KERNEL32.DLL:_FREQASM+0x31fb KERNEL32.DLL:_FREQASM+0x31f7: *0167:bff741f7 58 pop eax 0167:bff741f8 c20400 retd 0004 0167:bff741fb 833dec9cfcbf01 cmp dword ptr [bffc9cec],+01 0167:bff74202 7c32 jl bff74236 = KERNEL32.DLL:_FREQASM+0x3236 0167:bff74204 3b157094fcbf cmp edx,dword ptr [bffc9470] 0167:bff7420a 7506 jnz bff74212 = KERNEL32.DLL:_FREQASM+0x3212 0167:bff7420c 837a0401 cmp dword ptr [edx+04],+01 0167:bff74210 7426 jz bff74238 = KERNEL32.DLL:_FREQASM+0x3238 0167:bff74212 ff4a04 dec dword ptr [edx+04] 0167:bff74215 754a jnz bff74261 = KERNEL32.DLL:_FREQASM+0x3261 0167:bff74217 c7420800000000 mov dword ptr [edx+08],00000000 -------------------- 009ffc18 8179e84c -> 00 00 00 00 00 00 00 00 ec bc 7a 81 00 00 00 00 ..........z..... 009ffc1c 009ffc48 -> 38 fe 9f 00 a0 13 4c 00 d0 48 b2 00 40 30 b2 00 8.....L..H..@0.. 009ffc20 bff92acc = KERNEL32.DLL:.text+0x19acc -------------------- 0167:bff92aac e843d9feff call bff803f4 = KERNEL32.DLL:.text+0x73f4 0167:bff92ab1 8bf0 mov esi,eax 0167:bff92ab3 85f6 test esi,esi 0167:bff92ab5 7415 jz bff92acc = KERNEL32.DLL:.text+0x19acc 0167:bff92ab7 ff742410 push dword ptr [esp+10] 0167:bff92abb 56 push esi 0167:bff92abc ff742410 push dword ptr [esp+10] 0167:bff92ac0 8b442418 mov eax,dword ptr [esp+18] 0167:bff92ac4 894608 mov dword ptr [esi+08],eax 0167:bff92ac7 e88ed9feff call bff8045a = KERNEL32.DLL:.text+0x745a KERNEL32.DLL:.text+0x19acc: *0167:bff92acc 8bc6 mov eax,esi 0167:bff92ace 5e pop esi 0167:bff92acf c20c00 retd 000c 0167:bff92ad2 ff742404 push dword ptr [esp+04] 0167:bff92ad6 e80c16ffff call bff840e7 = KERNEL32.DLL:.text+0xb0e7 0167:bff92adb 85c0 test eax,eax 0167:bff92add 7406 jz bff92ae5 = KERNEL32.DLL:.text+0x19ae5 0167:bff92adf 50 push eax 0167:bff92ae0 e8e0c8feff call bff7f3c5 = KERNEL32.DLL:.text+0x63c5 0167:bff92ae5 c20400 retd 0004 0167:bff92ae8 55 push ebp -------------------- 009ffc24 817b0814 -> 4c e8 79 81 4c e8 79 81 4c e8 79 81 24 00 00 a0 L.y.L.y.L.y.$... 009ffc28 8179e84c -> 00 00 00 00 00 00 00 00 ec bc 7a 81 00 00 00 00 ..........z..... 009ffc2c 00000000 009ffc30 817b07f0 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 009ffc34 bff741f7 = KERNEL32.DLL:_FREQASM+0x31f7 -------------------- 0167:bff741dd 51 push ecx 0167:bff741de 52 push edx 0167:bff741df 681d002a00 push 002a001d 0167:bff741e4 e8ebd1ffff call bff713d4 = KERNEL32.DLL!1 0167:bff741e9 59 pop ecx 0167:bff741ea 5a pop edx 0167:bff741eb ebe8 jmp bff741d5 = KERNEL32.DLL:_FREQASM+0x31d5 0167:bff741ed 8b542404 mov edx,dword ptr [esp+04] 0167:bff741f1 50 push eax 0167:bff741f2 e804000000 call bff741fb = KERNEL32.DLL:_FREQASM+0x31fb KERNEL32.DLL:_FREQASM+0x31f7: *0167:bff741f7 58 pop eax 0167:bff741f8 c20400 retd 0004 0167:bff741fb 833dec9cfcbf01 cmp dword ptr [bffc9cec],+01 0167:bff74202 7c32 jl bff74236 = KERNEL32.DLL:_FREQASM+0x3236 0167:bff74204 3b157094fcbf cmp edx,dword ptr [bffc9470] 0167:bff7420a 7506 jnz bff74212 = KERNEL32.DLL:_FREQASM+0x3212 0167:bff7420c 837a0401 cmp dword ptr [edx+04],+01 0167:bff74210 7426 jz bff74238 = KERNEL32.DLL:_FREQASM+0x3238 0167:bff74212 ff4a04 dec dword ptr [edx+04] 0167:bff74215 754a jnz bff74261 = KERNEL32.DLL:_FREQASM+0x3261 0167:bff74217 c7420800000000 mov dword ptr [edx+08],00000000 -------------------- 009ffc38 bffc9490 = KERNEL32.DLL:.data+0x490 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 009ffc3c bff8433d = KERNEL32.DLL:.text+0xb33d -------------------- 0167:bff8431f c60004 mov byte ptr [eax],04 0167:bff84322 8b4508 mov eax,dword ptr [ebp+08] 0167:bff84325 89461c mov dword ptr [esi+1c],eax 0167:bff84328 eb08 jmp bff84332 = KERNEL32.DLL:.text+0xb332 0167:bff8432a 56 push esi 0167:bff8432b e82b4f0000 call bff8925b = KERNEL32.DLL:.text+0x1025b 0167:bff84330 33f6 xor esi,esi 0167:bff84332 a1109dfcbf mov eax,dword ptr [bffc9d10] 0167:bff84337 50 push eax 0167:bff84338 e8b0fefeff call bff741ed = KERNEL32.DLL!98 KERNEL32.DLL:.text+0xb33d: *0167:bff8433d 33c0 xor eax,eax 0167:bff8433f 85f6 test esi,esi 0167:bff84341 750d jnz bff84350 = KERNEL32.DLL:.text+0xb350 0167:bff84343 50 push eax 0167:bff84344 50 push eax 0167:bff84345 50 push eax 0167:bff84346 68050000c0 push c0000005 0167:bff8434b e88324ffff call bff767d3 = KERNEL32.DLL:_FREQASM+0x57d3 0167:bff84350 5e pop esi 0167:bff84351 5d pop ebp 0167:bff84352 c20400 retd 0004 -------------------- 009ffc40 bffc9490 = KERNEL32.DLL:.data+0x490 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 009ffc44 00b248d0 -> 04 00 00 00 f0 07 7b 81 00 00 00 00 00 00 00 00 ......{......... 009ffc48 009ffe38 -> 78 ff 9f 00 60 b5 f8 bf 00 00 00 00 ec bc 7a 81 x...`.........z. 009ffc4c 004c13a0 = SAL2.DLL:.text+0x3a0 -------------------- 0167:004c1381 8935f8a45900 mov dword ptr [0059a4f8],esi 0167:004c1387 68c0d65900 push 0059d6c0 0167:004c138c ffd3 call ebx 0167:004c138e 6a01 push +01 0167:004c1390 6a24 push +24 0167:004c1392 ff1594c24d00 call dword ptr [004dc294] -> MSVCRT.DLL!calloc 0167:004c1398 83c408 add esp,+08 0167:004c139b 8bf0 mov esi,eax 0167:004c139d 56 push esi 0167:004c139e ffd3 call ebx SAL2.DLL:.text+0x3a0: *0167:004c13a0 8bc6 mov eax,esi 0167:004c13a2 5e pop esi 0167:004c13a3 5b pop ebx 0167:004c13a4 81c494000000 add esp,00000094 0167:004c13aa c3 retd 0167:004c13ab 90 nop 0167:004c13ac 90 nop 0167:004c13ad 90 nop 0167:004c13ae 90 nop 0167:004c13af 90 nop 0167:004c13b0 56 push esi -------------------- 009ffc50 00b248d0 -> 04 00 00 00 f0 07 7b 81 00 00 00 00 00 00 00 00 ......{......... 009ffc54 00b23040 -> b0 32 70 1c c0 49 b2 00 11 00 00 00 51 00 00 00 .2p..I......Q... 009ffc58 00000000 009ffc5c 780012b1 = MSVCRT.DLL:.text+0x2b1 -------------------- 0167:7800128d 8816 mov byte ptr [esi],dl 0167:7800128f 8d4608 lea eax,[esi+08] 0167:78001292 e91fffffff jmp 780011b6 = MSVCRT.DLL:.text+0x1b6 0167:78001297 33c0 xor eax,eax 0167:78001299 e920ffffff jmp 780011be = MSVCRT.DLL:.text+0x1be 0167:7800129e 55 push ebp 0167:7800129f 8bec mov ebp,esp 0167:780012a1 8b4508 mov eax,dword ptr [ebp+08] 0167:780012a4 ff348528700378 push dword ptr [eax*4+78037028] 0167:780012ab ff1548e00278 call dword ptr [7802e048] -> KERNEL32.DLL!LeaveCriticalSection MSVCRT.DLL:.text+0x2b1: *0167:780012b1 5d pop ebp 0167:780012b2 c3 retd 0167:780012b3 ff3550710378 push dword ptr [78037150] 0167:780012b9 ff742408 push dword ptr [esp+08] 0167:780012bd e803000000 call 780012c5 = MSVCRT.DLL:.text+0x2c5 0167:780012c2 59 pop ecx 0167:780012c3 59 pop ecx 0167:780012c4 c3 retd 0167:780012c5 837c2404e0 cmp dword ptr [esp+04],-20 0167:780012ca 0f878bb90000 ja 7800cc5b = MSVCRT.DLL:.text+0xbc5b 0167:780012d0 ff742404 push dword ptr [esp+04] -------------------- 009ffc60 78037118 = MSVCRT.DLL:.data+0x2118 -> 04 00 00 00 24 5e 77 81 00 00 00 00 00 00 00 00 ....$^w......... 009ffc64 009ffca8 -> 37 cc 00 78 09 00 00 00 27 cc 00 78 00 00 00 00 7..x....'..x.... 009ffc68 7800cc37 = MSVCRT.DLL:.text+0xbc37 -------------------- 0167:7800cc16 50 push eax 0167:7800cc17 e8f9030000 call 7800d015 = MSVCRT.DLL:.text+0xc015 0167:7800cc1c 59 pop ecx 0167:7800cc1d 59 pop ecx 0167:7800cc1e 834dfcff or dword ptr [ebp-04],-01 0167:7800cc22 e809000000 call 7800cc30 = MSVCRT.DLL:.text+0xbc30 0167:7800cc27 837de400 cmp dword ptr [ebp-1c],+00 0167:7800cc2b e9e447ffff jmp 78001414 = MSVCRT.DLL:.text+0x414 0167:7800cc30 6a09 push +09 0167:7800cc32 e86746ffff call 7800129e = MSVCRT.DLL!_unlock MSVCRT.DLL:.text+0xbc37: *0167:7800cc37 59 pop ecx 0167:7800cc38 c3 retd 0167:7800cc39 56 push esi 0167:7800cc3a e9e947ffff jmp 78001428 = MSVCRT.DLL:.text+0x428 0167:7800cc3f 39442408 cmp dword ptr [esp+08],eax 0167:7800cc43 0f849946ffff jz 780012e2 = MSVCRT.DLL:.text+0x2e2 0167:7800cc49 ff742404 push dword ptr [esp+04] 0167:7800cc4d e8be8cffff call 78005910 = MSVCRT.DLL!_callnewh 0167:7800cc52 85c0 test eax,eax 0167:7800cc54 59 pop ecx 0167:7800cc55 0f857546ffff jnz 780012d0 = MSVCRT.DLL:.text+0x2d0 -------------------- 009ffc6c 00000009 009ffc70 7800cc27 = MSVCRT.DLL:.text+0xbc27 -------------------- 0167:7800cc0e 8945e4 mov dword ptr [ebp-1c],eax 0167:7800cc11 85c0 test eax,eax 0167:7800cc13 7409 jz 7800cc1e = MSVCRT.DLL:.text+0xbc1e 0167:7800cc15 56 push esi 0167:7800cc16 50 push eax 0167:7800cc17 e8f9030000 call 7800d015 = MSVCRT.DLL:.text+0xc015 0167:7800cc1c 59 pop ecx 0167:7800cc1d 59 pop ecx 0167:7800cc1e 834dfcff or dword ptr [ebp-04],-01 0167:7800cc22 e809000000 call 7800cc30 = MSVCRT.DLL:.text+0xbc30 MSVCRT.DLL:.text+0xbc27: *0167:7800cc27 837de400 cmp dword ptr [ebp-1c],+00 0167:7800cc2b e9e447ffff jmp 78001414 = MSVCRT.DLL:.text+0x414 0167:7800cc30 6a09 push +09 0167:7800cc32 e86746ffff call 7800129e = MSVCRT.DLL!_unlock 0167:7800cc37 59 pop ecx 0167:7800cc38 c3 retd 0167:7800cc39 56 push esi 0167:7800cc3a e9e947ffff jmp 78001428 = MSVCRT.DLL:.text+0x428 0167:7800cc3f 39442408 cmp dword ptr [esp+08],eax 0167:7800cc43 0f849946ffff jz 780012e2 = MSVCRT.DLL:.text+0x2e2 0167:7800cc49 ff742404 push dword ptr [esp+04] -------------------- 009ffc74 00000004 009ffc78 00b248d0 -> 04 00 00 00 f0 07 7b 81 00 00 00 00 00 00 00 00 ......{......... 009ffc7c 00000000 009ffc80 009ffd18 -> 70 48 b2 00 40 30 b2 00 8c f2 20 1c 00 00 00 00 pH..@0.... ..... 009ffc84 0000000c 009ffc88 00000000 009ffc8c 00b24900 -> 50 53 b2 00 d0 52 b2 00 11 00 00 00 31 00 00 00 PS...R......1... 009ffc90 bff7b9c5 = KERNEL32.DLL:.text+0x29c5 -------------------- 0167:bff7b9a9 e81389ffff call bff742c1 = KERNEL32.DLL:_FREQASM+0x32c1 0167:bff7b9ae 5e pop esi 0167:bff7b9af c20400 retd 0004 0167:bff7b9b2 56 push esi 0167:bff7b9b3 8b742408 mov esi,dword ptr [esp+08] 0167:bff7b9b7 8a06 mov al,byte ptr [esi] 0167:bff7b9b9 3c04 cmp al,04 0167:bff7b9bb 7508 jnz bff7b9c5 = KERNEL32.DLL:.text+0x29c5 0167:bff7b9bd ff7604 push dword ptr [esi+04] 0167:bff7b9c0 e82989ffff call bff742ee = KERNEL32.DLL:_FREQASM+0x32ee KERNEL32.DLL:.text+0x29c5: *0167:bff7b9c5 5e pop esi 0167:bff7b9c6 c20400 retd 0004 0167:bff7b9c9 64a100000000 mov eax,dword ptr fs:[00000000] 0167:bff7b9cf 55 push ebp 0167:bff7b9d0 8bec mov ebp,esp 0167:bff7b9d2 6aff push -01 0167:bff7b9d4 685092f7bf push bff79250 0167:bff7b9d9 68b405fcbf push bffc05b4 0167:bff7b9de 50 push eax 0167:bff7b9df 8b4508 mov eax,dword ptr [ebp+08] 0167:bff7b9e2 64892500000000 mov dword ptr fs:[00000000],esp -------------------- 009ffc94 81775e24 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 009ffc98 00b24900 -> 50 53 b2 00 d0 52 b2 00 11 00 00 00 31 00 00 00 PS...R......1... 009ffc9c 780012b1 = MSVCRT.DLL:.text+0x2b1 -------------------- 0167:7800128d 8816 mov byte ptr [esi],dl 0167:7800128f 8d4608 lea eax,[esi+08] 0167:78001292 e91fffffff jmp 780011b6 = MSVCRT.DLL:.text+0x1b6 0167:78001297 33c0 xor eax,eax 0167:78001299 e920ffffff jmp 780011be = MSVCRT.DLL:.text+0x1be 0167:7800129e 55 push ebp 0167:7800129f 8bec mov ebp,esp 0167:780012a1 8b4508 mov eax,dword ptr [ebp+08] 0167:780012a4 ff348528700378 push dword ptr [eax*4+78037028] 0167:780012ab ff1548e00278 call dword ptr [7802e048] -> KERNEL32.DLL!LeaveCriticalSection MSVCRT.DLL:.text+0x2b1: *0167:780012b1 5d pop ebp 0167:780012b2 c3 retd 0167:780012b3 ff3550710378 push dword ptr [78037150] 0167:780012b9 ff742408 push dword ptr [esp+08] 0167:780012bd e803000000 call 780012c5 = MSVCRT.DLL:.text+0x2c5 0167:780012c2 59 pop ecx 0167:780012c3 59 pop ecx 0167:780012c4 c3 retd 0167:780012c5 837c2404e0 cmp dword ptr [esp+04],-20 0167:780012ca 0f878bb90000 ja 7800cc5b = MSVCRT.DLL:.text+0xbc5b 0167:780012d0 ff742404 push dword ptr [esp+04] -------------------- 009ffca0 78037118 = MSVCRT.DLL:.data+0x2118 -> 04 00 00 00 24 5e 77 81 00 00 00 00 00 00 00 00 ....$^w......... 009ffca4 009ffce8 -> 60 e2 02 78 ff ff ff ff 38 fe 9f 00 8c 57 00 78 `..x....8....W.x 009ffca8 7800cc37 = MSVCRT.DLL:.text+0xbc37 -------------------- 0167:7800cc16 50 push eax 0167:7800cc17 e8f9030000 call 7800d015 = MSVCRT.DLL:.text+0xc015 0167:7800cc1c 59 pop ecx 0167:7800cc1d 59 pop ecx 0167:7800cc1e 834dfcff or dword ptr [ebp-04],-01 0167:7800cc22 e809000000 call 7800cc30 = MSVCRT.DLL:.text+0xbc30 0167:7800cc27 837de400 cmp dword ptr [ebp-1c],+00 0167:7800cc2b e9e447ffff jmp 78001414 = MSVCRT.DLL:.text+0x414 0167:7800cc30 6a09 push +09 0167:7800cc32 e86746ffff call 7800129e = MSVCRT.DLL!_unlock MSVCRT.DLL:.text+0xbc37: *0167:7800cc37 59 pop ecx 0167:7800cc38 c3 retd 0167:7800cc39 56 push esi 0167:7800cc3a e9e947ffff jmp 78001428 = MSVCRT.DLL:.text+0x428 0167:7800cc3f 39442408 cmp dword ptr [esp+08],eax 0167:7800cc43 0f849946ffff jz 780012e2 = MSVCRT.DLL:.text+0x2e2 0167:7800cc49 ff742404 push dword ptr [esp+04] 0167:7800cc4d e8be8cffff call 78005910 = MSVCRT.DLL!_callnewh 0167:7800cc52 85c0 test eax,eax 0167:7800cc54 59 pop ecx 0167:7800cc55 0f857546ffff jnz 780012d0 = MSVCRT.DLL:.text+0x2d0 -------------------- 009ffcac 00000009 009ffcb0 7800cc27 = MSVCRT.DLL:.text+0xbc27 -------------------- 0167:7800cc0e 8945e4 mov dword ptr [ebp-1c],eax 0167:7800cc11 85c0 test eax,eax 0167:7800cc13 7409 jz 7800cc1e = MSVCRT.DLL:.text+0xbc1e 0167:7800cc15 56 push esi 0167:7800cc16 50 push eax 0167:7800cc17 e8f9030000 call 7800d015 = MSVCRT.DLL:.text+0xc015 0167:7800cc1c 59 pop ecx 0167:7800cc1d 59 pop ecx 0167:7800cc1e 834dfcff or dword ptr [ebp-04],-01 0167:7800cc22 e809000000 call 7800cc30 = MSVCRT.DLL:.text+0xbc30 MSVCRT.DLL:.text+0xbc27: *0167:7800cc27 837de400 cmp dword ptr [ebp-1c],+00 0167:7800cc2b e9e447ffff jmp 78001414 = MSVCRT.DLL:.text+0x414 0167:7800cc30 6a09 push +09 0167:7800cc32 e86746ffff call 7800129e = MSVCRT.DLL!_unlock 0167:7800cc37 59 pop ecx 0167:7800cc38 c3 retd 0167:7800cc39 56 push esi 0167:7800cc3a e9e947ffff jmp 78001428 = MSVCRT.DLL:.text+0x428 0167:7800cc3f 39442408 cmp dword ptr [esp+08],eax 0167:7800cc43 0f849946ffff jz 780012e2 = MSVCRT.DLL:.text+0x2e2 0167:7800cc49 ff742404 push dword ptr [esp+04] -------------------- 009ffcb4 00000000 009ffcb8 00b24900 -> 50 53 b2 00 d0 52 b2 00 11 00 00 00 31 00 00 00 PS...R......1... 009ffcbc 00000000 009ffcc0 009ffd20 -> 8c f2 20 1c 00 00 00 00 00 00 00 00 44 00 00 00 .. .........D... 009ffcc4 00000000 009ffcc8 0000000c 009ffccc 00b1000c -> 00 01 40 fd 01 00 00 00 ff ff 7f 00 00 00 b2 00 ..@............. 009ffcd0 817b07f0 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 009ffcd4 00b248d0 -> 04 00 00 00 f0 07 7b 81 00 00 00 00 00 00 00 00 ......{......... 009ffcd8 009ffd70 -> 90 fd 9f 00 8a c9 6f 1c ff ff ff ff 08 3b 6b 1c ......o......;k. 009ffcdc 7800ef03 = MSVCRT.DLL!_except_handler3 -> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E 009ffce0 009ffd70 -> 90 fd 9f 00 8a c9 6f 1c ff ff ff ff 08 3b 6b 1c ......o......;k. 009ffce4 7800ef03 = MSVCRT.DLL!_except_handler3 -> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E 009ffce8 7802e260 = MSVCRT.DLL:.rdata+0x260 -> ff ff ff ff 00 00 00 00 30 cc 00 78 ff ff ff ff ........0..x.... 009ffcec ffffffff 009ffcf0 009ffe38 -> 78 ff 9f 00 60 b5 f8 bf 00 00 00 00 ec bc 7a 81 x...`.........z. 009ffcf4 7800578c = MSVCRT.DLL:.text+0x478c -------------------- 0167:78005768 59 pop ecx 0167:78005769 ebc1 jmp 7800572c = MSVCRT.DLL:.text+0x472c 0167:7800576b 83781c00 cmp dword ptr [eax+1c],+00 0167:7800576f 74e8 jz 78005759 = MSVCRT.DLL:.text+0x4759 0167:78005771 e9b5bb0100 jmp 7802132b = MSVCRT.DLL:.text+0x2032b 0167:78005776 ff3590780378 push dword ptr [78037890] 0167:7800577c ff1514e00278 call dword ptr [7802e014] -> KERNEL32.DLL!SetUnhandledExceptionFilter 0167:78005782 c3 retd 0167:78005783 ff742404 push dword ptr [esp+04] 0167:78005787 e804bcffff call 78001390 = MSVCRT.DLL!free MSVCRT.DLL:.text+0x478c: *0167:7800578c 59 pop ecx 0167:7800578d c3 retd 0167:7800578e 53 push ebx 0167:7800578f 56 push esi 0167:78005790 57 push edi 0167:78005791 be80770378 mov esi,78037780 0167:78005796 8b06 mov eax,dword ptr [esi] 0167:78005798 85c0 test eax,eax 0167:7800579a 750f jnz 780057ab = MSVCRT.DLL:.text+0x47ab 0167:7800579c 83c604 add esi,+04 0167:7800579f 81fe80780378 cmp esi,78037880 -------------------- 009ffcf8 00000000 009ffcfc 1c209452 = VOS2MSC.DLL:.text+0x8452 -------------------- 0167:1c20943a 5e pop esi 0167:1c20943b c20400 retd 0004 0167:1c20943e 90 nop 0167:1c20943f 90 nop 0167:1c209440 56 push esi 0167:1c209441 8bf1 mov esi,ecx 0167:1c209443 8b4604 mov eax,dword ptr [esi+04] 0167:1c209446 c70628f5201c mov dword ptr [esi],1c20f528 0167:1c20944c 50 push eax 0167:1c20944d e8d4520000 call 1c20e726 = MSVCRT.DLL!??3@YAXPAX@Z VOS2MSC.DLL:.text+0x8452: *0167:1c209452 83c404 add esp,+04 0167:1c209455 8bce mov ecx,esi 0167:1c209457 e8147cffff call 1c201070 = VOS2MSC.DLL!606 0167:1c20945c 5e pop esi 0167:1c20945d c3 retd 0167:1c20945e 90 nop 0167:1c20945f 90 nop 0167:1c209460 32c0 xor al,al 0167:1c209462 c3 retd 0167:1c209463 90 nop 0167:1c209464 90 nop -------------------- 009ffd00 1c20945c = VOS2MSC.DLL:.text+0x845c -------------------- 0167:1c20943f 90 nop 0167:1c209440 56 push esi 0167:1c209441 8bf1 mov esi,ecx 0167:1c209443 8b4604 mov eax,dword ptr [esi+04] 0167:1c209446 c70628f5201c mov dword ptr [esi],1c20f528 0167:1c20944c 50 push eax 0167:1c20944d e8d4520000 call 1c20e726 = MSVCRT.DLL!??3@YAXPAX@Z 0167:1c209452 83c404 add esp,+04 0167:1c209455 8bce mov ecx,esi 0167:1c209457 e8147cffff call 1c201070 = VOS2MSC.DLL!606 VOS2MSC.DLL:.text+0x845c: *0167:1c20945c 5e pop esi 0167:1c20945d c3 retd 0167:1c20945e 90 nop 0167:1c20945f 90 nop 0167:1c209460 32c0 xor al,al 0167:1c209462 c3 retd 0167:1c209463 90 nop 0167:1c209464 90 nop 0167:1c209465 90 nop 0167:1c209466 90 nop 0167:1c209467 90 nop -------------------- 009ffd04 00b23040 -> b0 32 70 1c c0 49 b2 00 11 00 00 00 51 00 00 00 .2p..I......Q... 009ffd08 1c6b3de9 = VCL632MI.DLL:.text+0xb2de9 -------------------- 0167:1c6b3dbf 8935ac5b711c mov dword ptr [1c715bac],esi 0167:1c6b3dc5 52 push edx 0167:1c6b3dc6 e801040400 call 1c6f41cc = SAL2.DLL!rtl_uString_release 0167:1c6b3dcb 8b44240c mov eax,dword ptr [esp+0c] 0167:1c6b3dcf 50 push eax 0167:1c6b3dd0 e8f7030400 call 1c6f41cc = SAL2.DLL!rtl_uString_release 0167:1c6b3dd5 83c408 add esp,+08 0167:1c6b3dd8 8d4c2414 lea ecx,[esp+14] 0167:1c6b3ddc c744246cffffffff mov dword ptr [esp+6c],ffffffff 0167:1c6b3de4 e86b030400 call 1c6f4154 = VOS2MSC.DLL!160 VCL632MI.DLL:.text+0xb2de9: *0167:1c6b3de9 8b4c2464 mov ecx,dword ptr [esp+64] 0167:1c6b3ded 5f pop edi 0167:1c6b3dee b001 mov al,01 0167:1c6b3df0 5e pop esi 0167:1c6b3df1 64890d00000000 mov dword ptr fs:[00000000],ecx 0167:1c6b3df8 83c468 add esp,+68 0167:1c6b3dfb c3 retd 0167:1c6b3dfc 90 nop 0167:1c6b3dfd 90 nop 0167:1c6b3dfe 90 nop 0167:1c6b3dff 90 nop -------------------- 009ffd0c 00000000 009ffd10 1c715bf8 = VCL632MI.DLL:.data+0x4bf8 -> 18 0f 7d 00 84 11 7d 00 d8 3a 11 01 34 12 7d 00 ..}...}..:..4.}. 009ffd14 00b24900 -> 50 53 b2 00 d0 52 b2 00 11 00 00 00 31 00 00 00 PS...R......1... 009ffd18 00b24870 -> 01 00 00 00 21 00 00 00 43 00 3a 00 5c 00 57 00 ....!...C.:.\.W. 009ffd1c 00b23040 -> b0 32 70 1c c0 49 b2 00 11 00 00 00 51 00 00 00 .2p..I......Q... 009ffd20 1c20f28c = VOS2MSC.DLL!610 -> 40 10 20 1c c0 10 20 1c f0 28 20 1c c0 12 20 1c @. ... ..( ... . 009ffd24 00000000 ... 009ffd2c 00000044 009ffd30 00000000 ... 009ffd58 00000001 009ffd5c 00000005 009ffd60 00000000 ... 009ffd70 009ffd90 -> 28 fe 9f 00 18 c9 6f 1c 00 00 00 00 d5 e3 10 01 (.....o......... 009ffd74 1c6fc98a = VCL632MI.DLL:.text+0xfb98a -------------------- 0167:1c6fc974 8b45a0 mov eax,dword ptr [ebp-60] 0167:1c6fc977 50 push eax 0167:1c6fc978 e8f970ffff call 1c6f3a76 = TL632MI.DLL!21 0167:1c6fc97d 59 pop ecx 0167:1c6fc97e c3 retd 0167:1c6fc97f 8b45a0 mov eax,dword ptr [ebp-60] 0167:1c6fc982 50 push eax 0167:1c6fc983 e8f077ffff call 1c6f4178 = VOS2MSC.DLL!609 0167:1c6fc988 59 pop ecx 0167:1c6fc989 c3 retd VCL632MI.DLL:.text+0xfb98a: *0167:1c6fc98a b8b078701c mov eax,1c7078b0 0167:1c6fc98f e9d2c6ffff jmp 1c6f9066 = MSVCRT.DLL!__CxxFrameHandler 0167:1c6fc994 cc int 3 0167:1c6fc995 cc int 3 0167:1c6fc996 cc int 3 0167:1c6fc997 cc int 3 0167:1c6fc998 cc int 3 0167:1c6fc999 cc int 3 0167:1c6fc99a cc int 3 0167:1c6fc99b cc int 3 0167:1c6fc99c cc int 3 -------------------- 009ffd78 ffffffff 009ffd7c 1c6b3b08 = VCL632MI.DLL:.text+0xb2b08 -------------------- 0167:1c6b3ade 64892500000000 mov dword ptr fs:[00000000],esp 0167:1c6b3ae5 51 push ecx 0167:1c6b3ae6 53 push ebx 0167:1c6b3ae7 56 push esi 0167:1c6b3ae8 8b35384d711c mov esi,dword ptr [1c714d38] -> VCL632MI.DLL:.data+0x4bf8 0167:1c6b3aee c744240800000000 mov dword ptr [esp+08],00000000 0167:1c6b3af6 8d442408 lea eax,[esp+08] 0167:1c6b3afa c744241400000000 mov dword ptr [esp+14],00000000 0167:1c6b3b02 50 push eax 0167:1c6b3b03 e858000000 call 1c6b3b60 = VCL632MI.DLL!440 VCL632MI.DLL:.text+0xb2b08: *0167:1c6b3b08 8ad8 mov bl,al 0167:1c6b3b0a 83c404 add esp,+04 0167:1c6b3b0d 84db test bl,bl 0167:1c6b3b0f 7415 jz 1c6b3b26 = VCL632MI.DLL:.text+0xb2b26 0167:1c6b3b11 8b4e08 mov ecx,dword ptr [esi+08] 0167:1c6b3b14 c6868600000001 mov byte ptr [esi+00000086],01 0167:1c6b3b1b 8b11 mov edx,dword ptr [ecx] 0167:1c6b3b1d ff12 call dword ptr [edx] 0167:1c6b3b1f c6868600000000 mov byte ptr [esi+00000086],00 0167:1c6b3b26 e815030000 call 1c6b3e40 = VCL632MI.DLL!439 0167:1c6b3b2b 8b442408 mov eax,dword ptr [esp+08] -------------------- 009ffd80 1c6b3b1f = VCL632MI.DLL:.text+0xb2b1f -------------------- 0167:1c6b3b02 50 push eax 0167:1c6b3b03 e858000000 call 1c6b3b60 = VCL632MI.DLL!440 0167:1c6b3b08 8ad8 mov bl,al 0167:1c6b3b0a 83c404 add esp,+04 0167:1c6b3b0d 84db test bl,bl 0167:1c6b3b0f 7415 jz 1c6b3b26 = VCL632MI.DLL:.text+0xb2b26 0167:1c6b3b11 8b4e08 mov ecx,dword ptr [esi+08] 0167:1c6b3b14 c6868600000001 mov byte ptr [esi+00000086],01 0167:1c6b3b1b 8b11 mov edx,dword ptr [ecx] 0167:1c6b3b1d ff12 call dword ptr [edx] VCL632MI.DLL:.text+0xb2b1f: *0167:1c6b3b1f c6868600000000 mov byte ptr [esi+00000086],00 0167:1c6b3b26 e815030000 call 1c6b3e40 = VCL632MI.DLL!439 0167:1c6b3b2b 8b442408 mov eax,dword ptr [esp+08] 0167:1c6b3b2f c7442414ffffffff mov dword ptr [esp+14],ffffffff 0167:1c6b3b37 85c0 test eax,eax 0167:1c6b3b39 7409 jz 1c6b3b44 = VCL632MI.DLL:.text+0xb2b44 0167:1c6b3b3b 8b08 mov ecx,dword ptr [eax] 0167:1c6b3b3d 50 push eax 0167:1c6b3b3e ff5108 call dword ptr [ecx+08] 0167:1c6b3b41 83c404 add esp,+04 0167:1c6b3b44 8b4c240c mov ecx,dword ptr [esp+0c] -------------------- 009ffd84 817aa6b6 -> 00 f0 28 00 00 a0 4c bb 7a 81 48 2a 7a 81 24 30 ..(...L.z.H*z.$0 009ffd88 00000000 ... 009ffd90 009ffe28 -> 68 ff 9f 00 70 0d 11 01 98 1d 11 01 00 00 00 00 h...p........... 009ffd94 1c6fc918 = VCL632MI.DLL:.text+0xfb918 -> b8 88 78 70 1c e9 44 c7 ff ff cc cc cc cc cc cc ..xp..D......... 009ffd98 00000000 009ffd9c 0110e3d5 = SETUP.EXE:.text+0xd3d5 -------------------- 0167:0110e3c7 90 nop 0167:0110e3c8 90 nop 0167:0110e3c9 90 nop 0167:0110e3ca 90 nop 0167:0110e3cb 90 nop 0167:0110e3cc 90 nop 0167:0110e3cd 90 nop 0167:0110e3ce 90 nop 0167:0110e3cf 90 nop 0167:0110e3d0 e8c5260000 call 01110a9a = VCL632MI.DLL!443 SETUP.EXE:.text+0xd3d5: *0167:0110e3d5 33c0 xor eax,eax 0167:0110e3d7 c21000 retd 0010 0167:0110e3da 90 nop 0167:0110e3db 90 nop 0167:0110e3dc 90 nop 0167:0110e3dd 90 nop 0167:0110e3de 90 nop 0167:0110e3df 90 nop 0167:0110e3e0 83ec14 sub esp,+14 0167:0110e3e3 53 push ebx 0167:0110e3e4 8b5c241c mov ebx,dword ptr [esp+1c] -------------------- 009ffda0 01110cf3 = SETUP.EXE:.text+0xfcf3 -------------------- 0167:01110cde ebf5 jmp 01110cd5 = SETUP.EXE:.text+0xfcd5 0167:01110ce0 6a0a push +0a 0167:01110ce2 58 pop eax 0167:01110ce3 50 push eax 0167:01110ce4 56 push esi 0167:01110ce5 53 push ebx 0167:01110ce6 53 push ebx 0167:01110ce7 ff1500101101 call dword ptr [01111000] -> KERNEL32.DLL!GetModuleHandleA 0167:01110ced 50 push eax 0167:01110cee e8ddd6ffff call 0110e3d0 = SETUP.EXE:.text+0xd3d0 SETUP.EXE:.text+0xfcf3: *0167:01110cf3 894598 mov dword ptr [ebp-68],eax 0167:01110cf6 50 push eax 0167:01110cf7 ff1538101101 call dword ptr [01111038] -> MSVCRT.DLL!exit 0167:01110cfd 8b45ec mov eax,dword ptr [ebp-14] 0167:01110d00 8b08 mov ecx,dword ptr [eax] 0167:01110d02 8b09 mov ecx,dword ptr [ecx] 0167:01110d04 894d88 mov dword ptr [ebp-78],ecx 0167:01110d07 50 push eax 0167:01110d08 51 push ecx 0167:01110d09 e81c000000 call 01110d2a = MSVCRT.DLL!_XcptFilter 0167:01110d0e 59 pop ecx -------------------- 009ffda4 01100000 = SETUP.EXE+0x0 -> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ.............. 009ffda8 00000000 009ffdac 817aa6b6 -> 00 f0 28 00 00 a0 4c bb 7a 81 48 2a 7a 81 24 30 ..(...L.z.H*z.$0 009ffdb0 00000005 009ffdb4 00000000 009ffdb8 817abcec -> 06 00 07 00 60 04 de cd 00 00 00 00 00 00 00 00 ....`........... 009ffdbc 008f0000 009ffdc0 c0000005 009ffdc4 817aa6b6 -> 00 f0 28 00 00 a0 4c bb 7a 81 48 2a 7a 81 24 30 ..(...L.z.H*z.$0 009ffdc8 00b24a80 -> 88 4a b2 00 00 00 00 00 63 3a 5c 77 69 6e 64 6f .J......c:\windo 009ffdcc 00000000 ... 009ffdd4 00b20e50 -> 30 0e b2 00 10 0e b2 00 f0 0d b2 00 d0 0d b2 00 0............... 009ffdd8 00000001 009ffddc 00000044 009ffde0 00000000 ... 009ffe08 00000001 009ffe0c 00000005 009ffe10 00000000 ... 009ffe20 009ffdb4 -> 00 00 00 00 ec bc 7a 81 00 00 8f 00 05 00 00 c0 ......z......... 009ffe24 009ff264 -> 3c f3 9f 00 58 f3 9f 00 90 f2 9f 00 49 68 f7 bf <...X.......Ih.. 009ffe28 009fff68 -> ff ff ff ff b4 05 fc bf 38 91 f7 bf 00 00 00 00 ........8....... 009ffe2c 01110d70 = SETUP.EXE:.text+0xfd70 -> ff 25 0c 10 11 01 ff 25 54 10 11 01 ff 25 00 10 .%.....%T....%.. 009ffe30 01111d98 = SETUP.EXE:.rdata+0xd98 -> ff ff ff ff fd 0c 11 01 11 0d 11 01 ec 1e 01 00 ................ 009ffe34 00000000 009ffe38 009fff78 -> f4 ff 9f 00 12 b4 f8 bf cc 08 77 81 08 00 00 00 ..........w..... 009ffe3c bff8b560 = KERNEL32!ApplicationStartup -------------------- 0167:bff8b53c 7413 jz bff8b551 = KERNEL32.DLL:.text+0x12551 0167:bff8b53e 6a00 push +00 0167:bff8b540 56 push esi 0167:bff8b541 e82859ffff call bff80e6e = KERNEL32.DLL:.text+0x7e6e 0167:bff8b546 50 push eax 0167:bff8b547 6800050000 push 00000500 0167:bff8b54c e8c45fffff call bff81515 = KERNEL32.DLL:.text+0x8515 0167:bff8b551 c745fc00000000 mov dword ptr [ebp-04],00000000 0167:bff8b558 8b45d4 mov eax,dword ptr [ebp-2c] 0167:bff8b55b e8b98dfeff call bff74319 = KERNEL32.DLL:_FREQASM+0x3319 KERNEL32!ApplicationStartup: *0167:bff8b560 8945d8 mov dword ptr [ebp-28],eax 0167:bff8b563 eb1a jmp bff8b57f = KERNEL32.DLL:.text+0x1257f 0167:bff8b565 ff75ec push dword ptr [ebp-14] 0167:bff8b568 e8c7250100 call bff9db34 = KERNEL32.DLL!UnhandledExceptionFilter 0167:bff8b56d c3 retd 0167:bff8b56e 8b65e8 mov esp,dword ptr [ebp-18] 0167:bff8b571 8b45e0 mov eax,dword ptr [ebp-20] 0167:bff8b574 80480308 or byte ptr [eax+03],08 0167:bff8b578 6aff push -01 0167:bff8b57a e8501c0000 call bff8d1cf = KERNEL32.DLL:.text+0x141cf 0167:bff8b57f c745fcffffffff mov dword ptr [ebp-04],ffffffff -------------------- 009ffe40 00000000 009ffe44 817abcec -> 06 00 07 00 60 04 de cd 00 00 00 00 00 00 00 00 ....`........... 009ffe48 008f0000 009ffe4c 75746553 009ffe50 58450070 009ffe54 00000045 009ffe58 00000000 ... 009fff38 009fff6c -> b4 05 fc bf 38 91 f7 bf 00 00 00 00 f4 ff 9f 00 ....8........... 009fff3c 81709050 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 009fff40 817aa6b8 -> 28 00 00 a0 4c bb 7a 81 48 2a 7a 81 24 30 78 81 (...L.z.H*z.$0x. 009fff44 ceaad300 -> 01 00 00 00 cc 08 77 81 ec bc 7a 81 90 77 bb ce ......w...z..w.. 009fff48 009fff6c -> b4 05 fc bf 38 91 f7 bf 00 00 00 00 f4 ff 9f 00 ....8........... 009fff4c 01110bbf = SETUP.EXE:.text+0xfbbf -------------------- 0167:01110ba9 3d00100000 cmp eax,00001000 0167:01110bae 73ec jnc 01110b9c = SETUP.EXE:.text+0xfb9c 0167:01110bb0 2bc8 sub ecx,eax 0167:01110bb2 8bc4 mov eax,esp 0167:01110bb4 8501 test dword ptr [ecx],eax 0167:01110bb6 8be1 mov esp,ecx 0167:01110bb8 8b08 mov ecx,dword ptr [eax] 0167:01110bba 8b4004 mov eax,dword ptr [eax+04] 0167:01110bbd 50 push eax 0167:01110bbe c3 retd SETUP.EXE:.text+0xfbbf: *0167:01110bbf 55 push ebp 0167:01110bc0 8bec mov ebp,esp 0167:01110bc2 6aff push -01 0167:01110bc4 68981d1101 push 01111d98 0167:01110bc9 68700d1101 push 01110d70 0167:01110bce 64a100000000 mov eax,dword ptr fs:[00000000] 0167:01110bd4 50 push eax 0167:01110bd5 64892500000000 mov dword ptr fs:[00000000],esp 0167:01110bdc 83ec68 sub esp,+68 0167:01110bdf 53 push ebx 0167:01110be0 56 push esi -------------------- 009fff50 bff7b326 = KERNEL32.DLL:.text+0x2326 -------------------- 0167:bff7b309 8b00 mov eax,dword ptr [eax] 0167:bff7b30b 894304 mov dword ptr [ebx+04],eax 0167:bff7b30e 6800020000 push 00000200 0167:bff7b313 51 push ecx 0167:bff7b314 ff75fc push dword ptr [ebp-04] 0167:bff7b317 56 push esi 0167:bff7b318 e8f4edffff call bff7a111 = KERNEL32.DLL:.text+0x1111 0167:bff7b31d ff750c push dword ptr [ebp+0c] 0167:bff7b320 56 push esi 0167:bff7b321 e8caedffff call bff7a0f0 = KERNEL32.DLL:.text+0x10f0 KERNEL32.DLL:.text+0x2326: *0167:bff7b326 b801000000 mov eax,00000001 0167:bff7b32b 5f pop edi 0167:bff7b32c 5e pop esi 0167:bff7b32d 5b pop ebx 0167:bff7b32e 8be5 mov esp,ebp 0167:bff7b330 5d pop ebp 0167:bff7b331 c20c00 retd 000c 0167:bff7b334 55 push ebp 0167:bff7b335 8bec mov ebp,esp 0167:bff7b337 83ec04 sub esp,+04 0167:bff7b33a a1e49cfcbf mov eax,dword ptr [bffc9ce4] -------------------- 009fff54 00000000 009fff58 817abd0c -> 00 02 00 00 e0 7c 02 00 af 46 a9 00 03 00 03 00 .....|...F...... 009fff5c 4c0e0000 009fff60 009ffe40 -> 00 00 00 00 ec bc 7a 81 00 00 8f 00 53 65 74 75 ......z.....Setu 009fff64 008f0000 009fff68 ffffffff 009fff6c bffc05b4 = KERNEL32.DLL:.text+0x475b4 -> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E 009fff70 bff79138 = KERNEL32.DLL:.text+0x138 -> ff ff ff ff 65 b5 f8 bf 6e b5 f8 bf 00 00 00 00 ....e...n....... 009fff74 00000000 009fff78 009ffff4 -> ec bf c5 83 d5 9d f8 bf 00 00 00 00 ............ 009fff7c bff8b412 = KERNEL32.DLL:.text+0x12412 -------------------- 0167:bff8b3f3 ff7508 push dword ptr [ebp+08] 0167:bff8b3f6 56 push esi 0167:bff8b3f7 e8c9560000 call bff90ac5 = KERNEL32.DLL:.text+0x17ac5 0167:bff8b3fc ff7508 push dword ptr [ebp+08] 0167:bff8b3ff 33ff xor edi,edi 0167:bff8b401 57 push edi 0167:bff8b402 ff7634 push dword ptr [esi+34] 0167:bff8b405 e80397feff call bff74b0d = KERNEL32.DLL:_FREQASM+0x3b0d 0167:bff8b40a 897d08 mov dword ptr [ebp+08],edi 0167:bff8b40d e84a000000 call bff8b45c = KERNEL32.DLL:.text+0x1245c KERNEL32.DLL:.text+0x12412: *0167:bff8b412 a1e49cfcbf mov eax,dword ptr [bffc9ce4] 0167:bff8b417 8b00 mov eax,dword ptr [eax] 0167:bff8b419 83c060 add eax,+60 0167:bff8b41c 50 push eax 0167:bff8b41d e8cb8dfeff call bff741ed = KERNEL32.DLL!98 0167:bff8b422 e87626ffff call bff7da9d = KERNEL32.DLL:.text+0x4a9d 0167:bff8b427 8945f0 mov dword ptr [ebp-10],eax 0167:bff8b42a 837df800 cmp dword ptr [ebp-08],+00 0167:bff8b42e 7408 jz bff8b438 = KERNEL32.DLL:.text+0x12438 0167:bff8b430 ff75f8 push dword ptr [ebp-08] 0167:bff8b433 e843020000 call bff8b67b = KERNEL32.DLL:.text+0x1267b -------------------- 009fff80 817708cc -> 07 00 01 00 90 e3 6a c1 10 f2 9f 00 00 00 a0 00 ......j......... 009fff84 00000008 009fff88 817abcec -> 06 00 07 00 60 04 de cd 00 00 00 00 00 00 00 00 ....`........... 009fff8c 00000000 ... 009fffd0 0002ffff 009fffd4 0000f29f 009fffd8 009fe000 -> 74 e4 9f 00 31 01 00 00 0a 00 00 00 38 e3 9f 00 t...1.......8... 009fffdc 00a00000 009fffe0 00000000 009fffe4 ffffffff 009fffe8 817a2834 -> 50 45 00 00 4c 01 04 00 1b 11 2a 3b 00 00 00 00 PE..L.....*;.... 009fffec 00000000 009ffff0 50274c0e 009ffff4 83c5bfec 009ffff8 bff89dd5 = KERNEL32.DLL:.text+0x10dd5 -------------------- 0167:bff89db2 e8a94b0000 call bff8e960 = KERNEL32.DLL:.text+0x15960 0167:bff89db7 56 push esi 0167:bff89db8 e8e32bffff call bff7c9a0 = KERNEL32.DLL:.text+0x39a0 0167:bff89dbd 33c0 xor eax,eax 0167:bff89dbf ebdf jmp bff89da0 = KERNEL32.DLL:.text+0x10da0 0167:bff89dc1 f644240c10 test byte ptr [esp+0c],10 0167:bff89dc6 7505 jnz bff89dcd = KERNEL32.DLL:.text+0x10dcd 0167:bff89dc8 e8a1deffff call bff87c6e = KERNEL32.DLL:.text+0xec6e 0167:bff89dcd ff742408 push dword ptr [esp+08] 0167:bff89dd1 ff542408 call dword ptr [esp+08] KERNEL32.DLL:.text+0x10dd5: *0167:bff89dd5 c20c00 retd 000c 0167:bff89dd8 56 push esi 0167:bff89dd9 a1e49cfcbf mov eax,dword ptr [bffc9ce4] 0167:bff89dde 8b742408 mov esi,dword ptr [esp+08] 0167:bff89de2 57 push edi 0167:bff89de3 8b38 mov edi,dword ptr [eax] 0167:bff89de5 8b4608 mov eax,dword ptr [esi+08] 0167:bff89de8 85c0 test eax,eax 0167:bff89dea 7413 jz bff89dff = KERNEL32.DLL:.text+0x10dff 0167:bff89dec 50 push eax 0167:bff89ded e8feb7feff call bff755f0 = KERNEL32.DLL:_FREQASM+0x45f0 -------------------- 009ffffc 00000000