Crash with c0000005 (access violation)

Found a bug or something that needs fixing?
Post Reply
Gunslinger
Posts: 1
Joined: Tue Jul 05, 2016 11:09 pm

Crash with c0000005 (access violation)

Post by Gunslinger »

I'm running Windows XP x64 (NT5.2) and Explorer++ 1.3.5.531 x64. I'm logged into system as Power User.
From time to time Explorer++ crashed with no visible reason: when opening certain folders (folders containing many image files) or when just doing nothing with it. No error message appears.
But there's a log added in drwtsn32 (sorry, no english log availiable):

Исключение в приложении:
Прил.: D:\Explorer++\amd64\Explorer++.exe (pid=692)
Время: 16.05.2016 @ 17:30:22.046
Номер: c0000005 (нарушение прав доступа)

*----> Сведения о системе <----*
Имя компьютера: ****
Имя пользователя: ****
Код сеанса терминала: 0
Число процессоров: 4
Тип процессора: EM64T Family 6 Model 58 Stepping 9
Версия Windows: 5.2
Текущая сборка: 3790
Пакет обновления: 2
Текущий тип: Multiprocessor Free
Зарегистрированная организация:
Зарегистрированный пользователь: ****

*----> Список задач <----*
0 System Process
4 Error 0xD0000022
392 Error 0xD0000022
456 Error 0xD0000022
484 Error 0xD0000022
540 Error 0xD0000022
552 Error 0xD0000022
724 Error 0xD0000022
792 Error 0xD0000022
836 Error 0xD0000022
880 Error 0xD0000022
976 Error 0xD0000022
1052 Error 0xD0000022
1408 Explorer.EXE
1520 processgovernor.exe
1528 op_mon.exe
1536 rundll32.exe
1544 ctfmon.exe
1552 PROCEXP.EXE
1600 egui.exe
1616 punto.exe
1636 ctfmon.exe
1692 PROCEXP64.exe
376 ps64ldr.exe
2000 Error 0xD0000022
292 Error 0xD0000022
156 Error 0xD0000022
448 Error 0xD0000022
1792 Error 0xD0000022
1808 Error 0xD0000022
316 Error 0xD0000022
2172 Pen_TabletUser.exe
2284 Error 0xD0000022
2540 TuneUpUtilitiesApp64.exe
2716 Error 0xD0000022
2760 Error 0xD0000022
692 Explorer++.exe
2608 daemon.exe
1596 WTouchUser.exe
1964 winamp.exe
1060 drwtsn32.exe

*----> Список модулей <----*
0000000001e90000 - 0000000001e97000: D:\Unlocker\UnlockerCOM.dll
00000000029d0000 - 00000000029da000: D:\TuneUp Utilities 2013\SDShelEx-x64.dll
0000000002cf0000 - 0000000002d2b000: C:\WINDOWS\system32\msls31.dll
0000000002d30000 - 0000000002d3a000: C:\WINDOWS\system32\Normaliz.dll
0000000003d60000 - 0000000004946000: C:\WINDOWS\system32\ieframe.dll
0000000004950000 - 0000000004993000: D:\WinRAR\rarext.dll
0000000004b80000 - 0000000004e47000: C:\WINDOWS\system32\xpsp2res.dll
00000000050f0000 - 0000000005144000: D:\TeraCopy\TeraCopyExt64.dll
0000000010000000 - 0000000010011000: D:\Explorer++\amd64\Explorer++RU.dll
000000001a400000 - 000000001a576000: C:\WINDOWS\system32\urlmon.dll
0000000022000000 - 000000002203c000: D:\ESET NOD32 Antivirus\shellExt.dll
000000005dca0000 - 000000005dedf000: C:\WINDOWS\system32\iertutil.dll
0000000063000000 - 000000006311f000: C:\WINDOWS\system32\WININET.dll
0000000063580000 - 0000000063e55000: C:\WINDOWS\system32\mshtml.dll
0000000077c20000 - 0000000077d2c000: C:\WINDOWS\system32\USER32.dll
0000000077d40000 - 0000000077eb6000: C:\WINDOWS\system32\kernel32.dll
0000000077ec0000 - 0000000077ffb000: C:\WINDOWS\system32\ntdll.dll
0000000140000000 - 00000001401d3000: D:\Explorer++\amd64\Explorer++.exe
0000000180000000 - 000000018000c000: D:\Punto Switcher\PSHook64.dll
000007ff57040000 - 000007ff57071000: C:\WINDOWS\system32\IPHLPAPI.DLL
000007ff57140000 - 000007ff573c5000: C:\WINDOWS\system32\ole32.dll
000007ff58af0000 - 000007ff58b4c000: C:\WINDOWS\system32\msctfime.ime
000007ff5cbb0000 - 000007ff5cbd8000: C:\WINDOWS\system32\wmpshell.dll
000007ff614e0000 - 000007ff61580000: C:\WINDOWS\system32\shimgvw.dll
000007ff649f0000 - 000007ff64a06000: C:\WINDOWS\System32\ntlanman.dll
000007ff650e0000 - 000007ff65138000: C:\WINDOWS\System32\NETUI1.dll
000007ff65140000 - 000007ff65164000: C:\WINDOWS\System32\NETUI0.dll
000007ff724e0000 - 000007ff7261e000: C:\WINDOWS\system32\Dbghelp.dll
000007ff76470000 - 000007ff7668c000: C:\WINDOWS\WinSxS\amd64_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_25FD3B30\gdiplus.dll
000007ff77140000 - 000007ff7714c000: C:\WINDOWS\system32\WS2HELP.dll
000007ff77150000 - 000007ff77166000: C:\WINDOWS\System32\SAMLIB.dll
000007ff77230000 - 000007ff772af000: C:\WINDOWS\system32\UxTheme.dll
000007ff772d0000 - 000007ff772f1000: C:\WINDOWS\system32\MPR.dll
000007ff77310000 - 000007ff77340000: C:\WINDOWS\system32\WS2_32.dll
000007ff77370000 - 000007ff77409000: C:\WINDOWS\system32\netapi32.dll
000007ff78920000 - 000007ff7892b000: C:\WINDOWS\system32\msacm32.drv
000007ff78930000 - 000007ff7893d000: C:\WINDOWS\system32\wdmaud.drv
000007ff78f10000 - 000007ff78f51000: C:\WINDOWS\system32\WINSPOOL.DRV
000007ff793e0000 - 000007ff793e8000: C:\WINDOWS\system32\dciman32.dll
000007ff796c0000 - 000007ff796da000: C:\WINDOWS\system32\shgina.dll
000007ff7a410000 - 000007ff7a4af000: C:\WINDOWS\system32\MSCTF.dll
000007ff7b0f0000 - 000007ff7b20e000: C:\WINDOWS\system32\Riched20.dll
000007ff7bd30000 - 000007ff7bde4000: C:\WINDOWS\system32\CRYPTUI.dll
000007ff7c540000 - 000007ff7c675000: C:\WINDOWS\system32\MSGINA.dll
000007ff7c680000 - 000007ff7c78a000: C:\WINDOWS\system32\USERENV.dll
000007ff7ccc0000 - 000007ff7ccca000: C:\WINDOWS\System32\drprov.dll
000007ff7ce50000 - 000007ff7ce91000: C:\WINDOWS\system32\apphelp.dll
000007ff7ceb0000 - 000007ff7cebd000: C:\WINDOWS\System32\davclnt.dll
000007ff7cec0000 - 000007ff7d04c000: C:\WINDOWS\system32\browseui.dll
000007ff7d340000 - 000007ff7d36c000: C:\WINDOWS\system32\MSASN1.dll
000007ff7d370000 - 000007ff7d4cf000: C:\WINDOWS\system32\CRYPT32.dll
000007ff7d4d0000 - 000007ff7d4ea000: C:\WINDOWS\system32\WINSTA.dll
000007ff7d500000 - 000007ff7d539000: C:\WINDOWS\system32\IMM32.DLL
000007ff7d540000 - 000007ff7d5b7000: C:\WINDOWS\system32\COMDLG32.dll
000007ff7da10000 - 000007ff7da3c000: C:\WINDOWS\System32\CSCDLL.dll
000007ff7da40000 - 000007ff7dab3000: C:\WINDOWS\System32\cscui.dll
000007ff7dac0000 - 000007ff7dc38000: C:\WINDOWS\system32\SETUPAPI.dll
000007ff7df70000 - 000007ff7df7c000: C:\WINDOWS\system32\LINKINFO.dll
000007ff7df80000 - 000007ff7dfb1000: C:\WINDOWS\system32\ntshrui.dll
000007ff7dfc0000 - 000007ff7e217000: C:\WINDOWS\system32\SHDOCVW.dll
000007ff7e240000 - 000007ff7e290000: C:\WINDOWS\system32\WINMM.dll
000007ff7e380000 - 000007ff7e390000: C:\WINDOWS\system32\PSAPI.DLL
000007ff7e3e0000 - 000007ff7e430000: C:\WINDOWS\system32\WINTRUST.dll
000007ff7e470000 - 000007ff7e485000: C:\WINDOWS\system32\imagehlp.dll
000007ff7e950000 - 000007ff7e9b6000: C:\WINDOWS\system32\WLDAP32.dll
000007ff7e9c0000 - 000007ff7e9e2000: C:\WINDOWS\system32\Secur32.dll
000007ff7ea10000 - 000007ff7eaee000: C:\WINDOWS\system32\CLBCatQ.DLL
000007ff7eaf0000 - 000007ff7ebb6000: C:\WINDOWS\system32\COMRes.dll
000007ff7ebc0000 - 000007ff7ecd6000: C:\WINDOWS\system32\OLEAUT32.dll
000007ff7ef60000 - 000007ff7effb000: C:\WINDOWS\system32\SHLWAPI.dll
000007ff7f000000 - 000007ff7f187000: C:\WINDOWS\WinSxS\AMD64_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.5190_x-ww_639C4A9E\COMCTL32.dll
000007ff7f190000 - 000007ff7fb9c000: C:\WINDOWS\system32\SHELL32.dll
000007ff7fbb0000 - 000007ff7fbba000: C:\WINDOWS\system32\midimap.dll
000007ff7fbc0000 - 000007ff7fbe0000: C:\WINDOWS\system32\MSACM32.dll
000007ff7fbf0000 - 000007ff7fbfb000: C:\WINDOWS\system32\VERSION.dll
000007ff7fc00000 - 000007ff7fc86000: C:\WINDOWS\system32\msvcrt.dll
000007ff7fc90000 - 000007ff7fd2c000: C:\WINDOWS\system32\GDI32.dll
000007ff7fd30000 - 000007ff7fec9000: C:\WINDOWS\system32\RPCRT4.dll
000007ff7fee0000 - 000007ff7ffe6000: C:\WINDOWS\system32\ADVAPI32.dll

*----> Копия памяти для потока 0xb6c<----*

rax=0000000000000000 rbx=000000000012fac8 rcx=0000000023010cac
rdx=0000000000000039 rsi=0000000000000000 rdi=0000000000040256
rip=0000000077c43d9a rsp=000000000012f9f8 rbp=000000000012fb30
r8=00000000000002b4 r9=0000000042010a08 r10=0000000000000000
r11=0000000000000246 r12=000007ff7b0f0000 r13=0000000000000114
r14=0000000000000001 r15=0000000140000000
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -
функция: USER32!GetWindowLongPtrW
00000000`77c43d89 90 nop
00000000`77c43d8a 90 nop
00000000`77c43d8b 90 nop
00000000`77c43d8c 90 nop
00000000`77c43d8d 90 nop
00000000`77c43d8e 90 nop
00000000`77c43d8f 90 nop
00000000`77c43d90 4c8bd1 mov r10,rcx
00000000`77c43d93 b806100000 mov eax,0x1006
00000000`77c43d98 0f05 syscall
00000000`77c43d9a c3 ret
00000000`77c43d9b 90 nop
00000000`77c43d9c 90 nop
00000000`77c43d9d 90 nop
00000000`77c43d9e 90 nop
00000000`77c43d9f 90 nop
00000000`77c43da0 90 nop
00000000`77c43da1 90 nop
00000000`77c43da2 90 nop
00000000`77c43da3 90 nop
00000000`77c43da4 90 nop

*----> Обратная трассировка стека <----*
*** ERROR: Module load completed but symbols could not be loaded for D:\Explorer++\amd64\Explorer++.exe
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -
Child-SP RetAddr : Args to Child : Call Site
00000000`0012f9f8 00000000`77c43dd6 : 00000000`00000000 00000000`00000000 00000001`40000000 00000000`00000001 : USER32!GetWindowLongPtrW+0x11a
00000000`0012fa00 00000001`400a3b0d : 00000000`001203c3 00000000`0012fb30 00000000`00000000 000007ff`7b0f0000 : USER32!GetMessageW+0x26
00000000`0012fa30 00000001`4004bfb8 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : Explorer__+0xa3b0d
00000000`0012fed0 00000000`77d5970c : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`0012ffa8 : Explorer__+0x4bfb8
00000000`0012ff80 00000000`00000000 : 00000001`4004c000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseProcessStart+0x2c

*----> Копия необработанного стека <----*
000000000012f9f8 d6 3d c4 77 00 00 00 00 - 00 00 00 00 00 00 00 00 .=.w............
000000000012fa08 00 00 00 00 00 00 00 00 - 00 00 00 40 01 00 00 00 ...........@....
000000000012fa18 01 00 00 00 00 00 00 00 - c3 03 12 00 00 00 00 00 ................
000000000012fa28 0d 3b 0a 40 01 00 00 00 - c3 03 12 00 00 00 00 00 .;.@............
000000000012fa38 30 fb 12 00 00 00 00 00 - 00 00 00 00 00 00 00 00 0...............
000000000012fa48 00 00 0f 7b ff 07 00 00 - f8 fa 12 00 00 00 00 00 ...{............
000000000012fa58 80 fa 12 00 00 00 00 00 - 00 00 00 80 01 00 00 00 ................
000000000012fa68 00 00 00 00 00 00 00 00 - 00 00 00 40 01 00 00 00 ...........@....
000000000012fa78 00 00 00 00 00 00 00 00 - 2c 00 00 00 00 00 00 00 ........,.......
000000000012fa88 80 00 00 00 00 00 00 00 - 02 00 00 00 00 00 00 00 ................
000000000012fa98 3c 04 00 00 00 00 00 00 - 00 0c 1a 02 00 00 00 00 <...............
000000000012faa8 08 00 00 00 05 c6 00 00 - 00 00 00 00 00 00 00 00 ................
000000000012fab8 80 00 00 00 00 00 00 00 - 03 00 00 00 00 00 00 00 ................
000000000012fac8 30 01 0c 00 00 00 00 00 - 0f 00 00 00 00 00 00 00 0...............
000000000012fad8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000012fae8 cc a9 70 00 33 02 00 00 - ab 00 00 00 00 00 00 00 ..p.3...........
000000000012faf8 2c 00 00 00 02 00 00 00 - 03 00 00 00 7f ff ff ff ,...............
000000000012fb08 ff ff ff ff ff ff ff ff - ff ff ff ff 65 00 00 00 ............e...
000000000012fb18 2d 01 00 00 39 04 00 00 - 9b 03 00 00 00 00 00 00 -...9...........
000000000012fb28 28 00 00 00 00 00 00 00 - 34 00 2e 00 01 00 00 00 (.......4.......

*----> Копия памяти для потока 0x798<----*

rax=00000000000000c0 rbx=00000000ffffffff rcx=0000000000000000
rdx=0000000000000000 rsi=000000000259fed0 rdi=0000000000000000
rip=0000000077ef0d3a rsp=000000000259fea8 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000001 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -
функция: ntdll!NtDelayExecution
00000000`77ef0d20 4c8bd1 mov r10,rcx
00000000`77ef0d23 b830000000 mov eax,0x30
00000000`77ef0d28 0f05 syscall
00000000`77ef0d2a c3 ret
00000000`77ef0d2b 666690 nop
00000000`77ef0d2e 6690 nop
ntdll!NtDelayExecution:
00000000`77ef0d30 4c8bd1 mov r10,rcx
00000000`77ef0d33 b831000000 mov eax,0x31
00000000`77ef0d38 0f05 syscall
00000000`77ef0d3a c3 ret
00000000`77ef0d3b 666690 nop
00000000`77ef0d3e 6690 nop
ntdll!NtQueryDirectoryFile:
00000000`77ef0d40 4c8bd1 mov r10,rcx
00000000`77ef0d43 b832000000 mov eax,0x32
00000000`77ef0d48 0f05 syscall
00000000`77ef0d4a c3 ret
00000000`77ef0d4b 666690 nop
00000000`77ef0d4e 6690 nop
ntdll!ZwQuerySystemInformation:

*----> Обратная трассировка стека <----*
Child-SP RetAddr : Args to Child : Call Site
00000000`0259fea8 00000000`77d707c6 : 00000000`00000000 00000000`000000c0 00000000`00000000 00000000`0259fed0 : ntdll!NtDelayExecution+0xa
00000000`0259feb0 00000001`400c44ee : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000000 : kernel32!SleepEx+0x96
00000000`0259ff50 00000000`77d6b8ca : 00000000`77d6b890 00000000`00000000 00000000`00000000 00000000`0259ffa8 : Explorer__+0xc44ee
00000000`0259ff80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadStart+0x3a

*----> Копия необработанного стека <----*
000000000259fea8 c6 07 d7 77 00 00 00 00 - 00 00 00 00 00 00 00 00 ...w............
000000000259feb8 c0 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000259fec8 d0 fe 59 02 00 00 00 00 - 00 00 00 00 00 00 00 80 ..Y.............
000000000259fed8 00 00 00 00 00 00 00 00 - 48 00 00 00 00 00 00 00 ........H.......
000000000259fee8 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000259fef8 00 00 00 00 00 00 00 00 - 30 00 00 00 00 00 00 00 ........0.......
000000000259ff08 ff ff ff ff ff ff ff ff - ff ff ff ff ff ff ff ff ................
000000000259ff18 62 33 d4 77 00 00 00 00 - 00 00 00 00 00 00 00 00 b3.w............
000000000259ff28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000259ff38 00 00 00 00 00 00 00 00 - d0 44 0c 40 01 00 00 00 .........D.@....
000000000259ff48 ee 44 0c 40 01 00 00 00 - 00 00 00 00 00 00 00 00 .D.@............
000000000259ff58 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000259ff68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000259ff78 ca b8 d6 77 00 00 00 00 - 90 b8 d6 77 00 00 00 00 ...w.......w....
000000000259ff88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000259ff98 a8 ff 59 02 00 00 00 00 - 00 00 00 00 00 00 00 00 ..Y.............
000000000259ffa8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000259ffb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000259ffc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000259ffd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Копия памяти для потока 0x764<----*

rax=00000000000000c0 rbx=00000000ffffffff rcx=0000000000000000
rdx=0000000000000000 rsi=000000000269fed0 rdi=0000000000000000
rip=0000000077ef0d3a rsp=000000000269fea8 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000001 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244

функция: ntdll!NtDelayExecution
00000000`77ef0d20 4c8bd1 mov r10,rcx
00000000`77ef0d23 b830000000 mov eax,0x30
00000000`77ef0d28 0f05 syscall
00000000`77ef0d2a c3 ret
00000000`77ef0d2b 666690 nop
00000000`77ef0d2e 6690 nop
ntdll!NtDelayExecution:
00000000`77ef0d30 4c8bd1 mov r10,rcx
00000000`77ef0d33 b831000000 mov eax,0x31
00000000`77ef0d38 0f05 syscall
00000000`77ef0d3a c3 ret
00000000`77ef0d3b 666690 nop
00000000`77ef0d3e 6690 nop
ntdll!NtQueryDirectoryFile:
00000000`77ef0d40 4c8bd1 mov r10,rcx
00000000`77ef0d43 b832000000 mov eax,0x32
00000000`77ef0d48 0f05 syscall
00000000`77ef0d4a c3 ret
00000000`77ef0d4b 666690 nop
00000000`77ef0d4e 6690 nop
ntdll!ZwQuerySystemInformation:

*----> Обратная трассировка стека <----*
Child-SP RetAddr : Args to Child : Call Site
00000000`0269fea8 00000000`77d707c6 : 00000000`00000000 00000000`000000c0 00000000`00000000 00000000`0269fed0 : ntdll!NtDelayExecution+0xa
00000000`0269feb0 00000001`400c44ee : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000000 : kernel32!SleepEx+0x96
00000000`0269ff50 00000000`77d6b8ca : 00000000`77d6b890 00000000`00000000 00000000`00000000 00000000`0269ffa8 : Explorer__+0xc44ee
00000000`0269ff80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadStart+0x3a

*----> Копия необработанного стека <----*
000000000269fea8 c6 07 d7 77 00 00 00 00 - 00 00 00 00 00 00 00 00 ...w............
000000000269feb8 c0 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000269fec8 d0 fe 69 02 00 00 00 00 - 00 00 00 00 00 00 00 80 ..i.............
000000000269fed8 00 00 00 00 00 00 00 00 - 48 00 00 00 00 00 00 00 ........H.......
000000000269fee8 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000269fef8 00 00 00 00 00 00 00 00 - 30 00 00 00 00 00 00 00 ........0.......
000000000269ff08 ff ff ff ff ff ff ff ff - ff ff ff ff ff ff ff ff ................
000000000269ff18 62 33 d4 77 00 00 00 00 - 00 00 00 00 00 00 00 00 b3.w............
000000000269ff28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000269ff38 00 00 00 00 00 00 00 00 - d0 44 0c 40 01 00 00 00 .........D.@....
000000000269ff48 ee 44 0c 40 01 00 00 00 - 00 00 00 00 00 00 00 00 .D.@............
000000000269ff58 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000269ff68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000269ff78 ca b8 d6 77 00 00 00 00 - 90 b8 d6 77 00 00 00 00 ...w.......w....
000000000269ff88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000269ff98 a8 ff 69 02 00 00 00 00 - 00 00 00 00 00 00 00 00 ..i.............
000000000269ffa8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000269ffb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000269ffc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000269ffd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Копия памяти для потока 0x1b8<----*

rax=0000000007180040 rbx=0000000003046da0 rcx=000000020fcfdf97
rdx=000000000024fc10 rsi=0000000000000003 rdi=00000000032836b0
rip=000000014007feb1 rsp=000000000279f550 rbp=000000000279f650
r8=000000000024fc40 r9=0000049f82000000 r10=0000049f82ed0004
r11=0000000000083610 r12=0000000000000003 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na pe nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010200

функция: Explorer__
00000001`4007fe87 aa stosb
00000001`4007fe88 06 push es
00000001`4007fe89 004c635c add [rbx+0x5c],cl
00000001`4007fe8d 2478 and al,0x78
00000001`4007fe8f 488b8718030000 mov rax,[rdi+0x318]
00000001`4007fe96 42833c9801 cmp dword ptr [rax+r11*4],0x1
00000001`4007fe9b 0f858a000000 jne Explorer__+0x7ff2b (000000014007ff2b)
00000001`4007fea1 488b4758 mov rax,[rdi+0x58]
00000001`4007fea5 488b4c2438 mov rcx,[rsp+0x38]
00000001`4007feaa 4d69db50020000 imul r11,r11,0x250
СБОЙ -> 00000001`4007feb1 41894c0320 mov [r11+rax+0x20],ecx ds:00000000`07203670=????????
00000001`4007feb6 4c63442478 movsxd r8,[rsp+0x78]
00000001`4007febb 488b5758 mov rdx,[rdi+0x58]
00000001`4007febf 8b44243c mov eax,[rsp+0x3c]
00000001`4007fec3 4d69c050020000 imul r8,r8,0x250
00000001`4007feca 418944101c mov [r8+rdx+0x1c],eax
00000001`4007fecf 4863542478 movsxd rdx,[rsp+0x78]
00000001`4007fed4 488b4760 mov rax,[rdi+0x60]
00000001`4007fed8 4869d238020000 imul rdx,rdx,0x238
00000001`4007fedf c784022002000001000000 mov dword ptr [rdx+rax+0x220],0x1
00000001`4007feea 8b87ec020000 mov eax,[rdi+0x2ec]

*----> Обратная трассировка стека <----*
Child-SP RetAddr : Args to Child : Call Site
00000000`0279f550 00000000`77d42b70 : 00000000`00000000 00000000`00000000 00000000`00000001 00000001`40080020 : Explorer__+0x7feb1
00000000`0279f920 00000000`77ef30b5 : 00000001`40080020 00000000`032836b0 00000000`00000000 00000000`ffffffff : kernel32!QueueUserAPC+0x130
00000000`0279f9b0 00000000`77ef0d3a : 00000000`77d707c6 00000000`00000000 00000000`000000c0 00000000`00000000 : ntdll!KiUserApcDispatcher+0x15
00000000`0279fea8 00000000`77d707c6 : 00000000`00000000 00000000`000000c0 00000000`00000000 00000000`0279fed0 : ntdll!NtDelayExecution+0xa
00000000`0279feb0 00000001`400c44ee : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000000 : kernel32!SleepEx+0x96
00000000`0279ff50 00000000`77d6b8ca : 00000000`77d6b890 00000000`00000000 00000000`00000000 00000000`0279ffa8 : Explorer__+0xc44ee
00000000`0279ff80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadStart+0x3a

*----> Копия необработанного стека <----*
000000000279f550 a0 6d 04 03 00 00 00 00 - 50 f6 79 02 00 00 00 00 .m......P.y.....
000000000279f560 03 00 00 00 00 00 00 00 - b0 36 28 03 00 00 00 00 .........6(.....
000000000279f570 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000279f580 c4 1c 00 00 ff 07 00 00 - 97 df cf 0f 02 00 00 00 ................
000000000279f590 14 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000279f5a0 04 00 00 00 03 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000279f5b0 03 00 00 00 00 00 00 00 - b0 fa 79 02 00 00 00 00 ..........y.....
000000000279f5c0 00 00 ec 77 00 00 00 00 - 8d 03 00 00 00 00 00 00 ...w............
000000000279f5d0 7f 02 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000279f5e0 00 00 00 00 00 00 00 00 - 80 1f 00 00 ff ff 00 00 ................
000000000279f5f0 04 00 00 00 03 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000279f600 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000279f610 00 00 00 00 00 00 00 00 - 8d 03 00 00 00 00 00 00 ................
000000000279f620 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000279f630 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000279f640 00 00 00 00 00 00 00 00 - 03 00 00 00 00 00 00 00 ................
000000000279f650 00 00 00 00 00 00 00 00 - 90 f6 79 02 00 00 00 00 ..........y.....
000000000279f660 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000279f670 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000279f680 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Копия памяти для потока 0x4dc<----*

rax=00000000000000c0 rbx=00000000ffffffff rcx=0000000000000000
rdx=0000000000000000 rsi=00000000028efed0 rdi=0000000000000000
rip=0000000077ef0d3a rsp=00000000028efea8 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000001 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244

функция: ntdll!NtDelayExecution
00000000`77ef0d20 4c8bd1 mov r10,rcx
00000000`77ef0d23 b830000000 mov eax,0x30
00000000`77ef0d28 0f05 syscall
00000000`77ef0d2a c3 ret
00000000`77ef0d2b 666690 nop
00000000`77ef0d2e 6690 nop
ntdll!NtDelayExecution:
00000000`77ef0d30 4c8bd1 mov r10,rcx
00000000`77ef0d33 b831000000 mov eax,0x31
00000000`77ef0d38 0f05 syscall
00000000`77ef0d3a c3 ret
00000000`77ef0d3b 666690 nop
00000000`77ef0d3e 6690 nop
ntdll!NtQueryDirectoryFile:
00000000`77ef0d40 4c8bd1 mov r10,rcx
00000000`77ef0d43 b832000000 mov eax,0x32
00000000`77ef0d48 0f05 syscall
00000000`77ef0d4a c3 ret
00000000`77ef0d4b 666690 nop
00000000`77ef0d4e 6690 nop
ntdll!ZwQuerySystemInformation:

*----> Обратная трассировка стека <----*
Child-SP RetAddr : Args to Child : Call Site
00000000`028efea8 00000000`77d707c6 : 00000000`00000000 00000000`000000c0 00000000`00000000 00000000`028efed0 : ntdll!NtDelayExecution+0xa
00000000`028efeb0 00000001`40088eee : 00000000`00000001 00000000`00000001 00000000`00000000 00000000`00000000 : kernel32!SleepEx+0x96
00000000`028eff50 00000000`77d6b8ca : 00000000`77d6b890 00000000`00000000 00000000`00000000 00000000`028effa8 : Explorer__+0x88eee
00000000`028eff80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadStart+0x3a

*----> Копия необработанного стека <----*
00000000028efea8 c6 07 d7 77 00 00 00 00 - 00 00 00 00 00 00 00 00 ...w............
00000000028efeb8 c0 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000028efec8 d0 fe 8e 02 00 00 00 00 - 00 00 00 00 00 00 00 80 ................
00000000028efed8 00 00 00 00 00 00 00 00 - 48 00 00 00 00 00 00 00 ........H.......
00000000028efee8 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000028efef8 00 00 00 00 00 00 00 00 - 30 00 00 00 00 00 00 00 ........0.......
00000000028eff08 ff ff ff ff ff ff ff ff - ff ff ff ff ff ff ff ff ................
00000000028eff18 62 33 d4 77 00 00 00 00 - 00 00 00 00 00 00 00 00 b3.w............
00000000028eff28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000028eff38 00 00 00 00 00 00 00 00 - d0 8e 08 40 01 00 00 00 ...........@....
00000000028eff48 ee 8e 08 40 01 00 00 00 - 01 00 00 00 00 00 00 00 ...@............
00000000028eff58 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000028eff68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000028eff78 ca b8 d6 77 00 00 00 00 - 90 b8 d6 77 00 00 00 00 ...w.......w....
00000000028eff88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000028eff98 a8 ff 8e 02 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000028effa8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000028effb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000028effc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
00000000028effd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Копия памяти для потока 0x7e8<----*

rax=000007ff7647e778 rbx=0000000000000000 rcx=af612c2494af0000
rdx=0000000000000000 rsi=0000000002bdfd70 rdi=0000000000000002
rip=0000000077ef0faa rsp=0000000002bdfcc8 rbp=0000000000000000
r8=0000000000000001 r9=0000000040000502 r10=0000000000000000
r11=0000000000000246 r12=0000000000000000 r13=0000000000000000
r14=0000000000000002 r15=00000000ffffffff
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244

функция: ntdll!ZwWaitForMultipleObjects
00000000`77ef0f8e 6690 nop
ntdll!ZwQuerySystemTime:
00000000`77ef0f90 e93b7dffff jmp ntdll!RtlUnicodeToOemN+0x180 (0000000077ee8cd0)
00000000`77ef0f95 66666690 nop
00000000`77ef0f99 66666690 nop
00000000`77ef0f9d 666690 nop
ntdll!ZwWaitForMultipleObjects:
00000000`77ef0fa0 4c8bd1 mov r10,rcx
00000000`77ef0fa3 b858000000 mov eax,0x58
00000000`77ef0fa8 0f05 syscall
00000000`77ef0faa c3 ret
00000000`77ef0fab 666690 nop
00000000`77ef0fae 6690 nop
ntdll!ZwSetInformationObject:
00000000`77ef0fb0 4c8bd1 mov r10,rcx
00000000`77ef0fb3 b859000000 mov eax,0x59
00000000`77ef0fb8 0f05 syscall
00000000`77ef0fba c3 ret
00000000`77ef0fbb 666690 nop
00000000`77ef0fbe 6690 nop
ntdll!NtCancelIoFile:

*----> Обратная трассировка стека <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\WinSxS\amd64_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6002.23084_x-ww_25FD3B30\gdiplus.dll -
Child-SP RetAddr : Args to Child : Call Site
00000000`02bdfcc8 00000000`77d6d1eb : 000007ff`fffac000 00000000`77c51890 00000000`0002035e 00000000`0002035e : ntdll!ZwWaitForMultipleObjects+0xa
00000000`02bdfcd0 00000000`77c41ea7 : 00000000`77c424fa 00000001`800018b4 00000000`00000000 00000000`02bdfe48 : kernel32!ReleaseSemaphore+0x6b
00000000`02bdfdf0 00000000`77c3fb30 : 00000000`00000001 0000ffff`00000001 00000000`ffffffff 00000000`00000001 : USER32!IsDialogMessageW+0x927
00000000`02bdfed0 000007ff`764cb944 : 00000000`00000000 00000000`00000000 00000000`00000001 00000000`00000000 : USER32!MsgWaitForMultipleObjects+0x40
00000000`02bdff10 00000000`77d6b8ca : 00000000`00000000 00000000`000001c0 00000000`00000000 00000000`02bdffa8 : gdiplus!GdipEmfToWmfBits+0x12a90
00000000`02bdff80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadStart+0x3a

*----> Копия необработанного стека <----*
0000000002bdfcc8 eb d1 d6 77 00 00 00 00 - 00 c0 fa ff ff 07 00 00 ...w............
0000000002bdfcd8 90 18 c5 77 00 00 00 00 - 5e 03 02 00 00 00 00 00 ...w....^.......
0000000002bdfce8 5e 03 02 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ^...............
0000000002bdfcf8 00 00 00 00 00 00 00 00 - 01 00 00 00 01 00 00 00 ................
0000000002bdfd08 70 fd bd 02 00 00 00 00 - 02 00 00 00 00 00 00 00 p...............
0000000002bdfd18 be 19 c3 77 00 00 00 00 - 48 00 00 00 00 00 00 00 ...w....H.......
0000000002bdfd28 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002bdfd38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002bdfd48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002bdfd58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002bdfd68 00 00 00 00 00 00 00 00 - c0 01 00 00 00 00 00 00 ................
0000000002bdfd78 c8 01 00 00 00 00 00 00 - 38 69 70 00 00 00 00 00 ........8ip.....
0000000002bdfd88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002bdfd98 00 00 00 00 ff 07 00 00 - 00 00 00 00 00 00 00 00 ................
0000000002bdfda8 5e 03 02 00 00 00 00 00 - ff 04 00 00 00 00 00 00 ^...............
0000000002bdfdb8 ff ff ff ff 00 00 00 00 - c8 01 00 00 00 00 00 00 ................
0000000002bdfdc8 00 00 00 00 00 00 00 00 - 01 00 00 00 00 00 00 00 ................
0000000002bdfdd8 00 00 00 00 00 00 00 00 - 30 fe bd 02 00 00 00 00 ........0.......
0000000002bdfde8 a7 1e c4 77 00 00 00 00 - fa 24 c4 77 00 00 00 00 ...w.....$.w....
0000000002bdfdf8 b4 18 00 80 01 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Копия памяти для потока 0xdc<----*

rax=0000000000000000 rbx=0000000000000000 rcx=000007ff78934b80
rdx=0000000000000000 rsi=0000000003adfe70 rdi=0000000000000002
rip=0000000077ef0faa rsp=0000000003adfdc8 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000000
r14=0000000000000002 r15=00000000ffffffff
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244

функция: ntdll!ZwWaitForMultipleObjects
00000000`77ef0f8e 6690 nop
ntdll!ZwQuerySystemTime:
00000000`77ef0f90 e93b7dffff jmp ntdll!RtlUnicodeToOemN+0x180 (0000000077ee8cd0)
00000000`77ef0f95 66666690 nop
00000000`77ef0f99 66666690 nop
00000000`77ef0f9d 666690 nop
ntdll!ZwWaitForMultipleObjects:
00000000`77ef0fa0 4c8bd1 mov r10,rcx
00000000`77ef0fa3 b858000000 mov eax,0x58
00000000`77ef0fa8 0f05 syscall
00000000`77ef0faa c3 ret
00000000`77ef0fab 666690 nop
00000000`77ef0fae 6690 nop
ntdll!ZwSetInformationObject:
00000000`77ef0fb0 4c8bd1 mov r10,rcx
00000000`77ef0fb3 b859000000 mov eax,0x59
00000000`77ef0fb8 0f05 syscall
00000000`77ef0fba c3 ret
00000000`77ef0fbb 666690 nop
00000000`77ef0fbe 6690 nop
ntdll!NtCancelIoFile:

*----> Обратная трассировка стека <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\wdmaud.drv -
Child-SP RetAddr : Args to Child : Call Site
00000000`03adfdc8 00000000`77d6d1eb : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!ZwWaitForMultipleObjects+0xa
00000000`03adfdd0 00000000`77d6bcf1 : 00000000`00000000 00000000`77d6ad01 00000000`00000000 00000000`00000000 : kernel32!ReleaseSemaphore+0x6b
00000000`03adfef0 000007ff`78934bd8 : 00000000`00000000 00000000`00000010 00000000`00000000 00000000`00000000 : kernel32!WaitForMultipleObjects+0x11
00000000`03adff30 00000000`77d6b8ca : 00000000`77d6b890 00000000`00000000 00000000`00000000 00000000`03adffa8 : wdmaud!midMessage+0xd68
00000000`03adff80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadStart+0x3a

*----> Копия необработанного стека <----*
0000000003adfdc8 eb d1 d6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 ...w............
0000000003adfdd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003adfde8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003adfdf8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003adfe08 70 fe ad 03 00 00 00 00 - 02 00 00 00 00 00 00 00 p...............
0000000003adfe18 00 00 00 00 00 00 00 00 - 48 00 00 00 00 00 00 00 ........H.......
0000000003adfe28 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003adfe38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003adfe48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003adfe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003adfe68 00 00 00 00 00 00 00 00 - 64 04 00 00 00 00 00 00 ........d.......
0000000003adfe78 38 04 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 8...............
0000000003adfe88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003adfe98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003adfea8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003adfeb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003adfec8 00 00 00 00 00 00 00 00 - 80 4b 93 78 ff 07 00 00 .........K.x....
0000000003adfed8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003adfee8 f1 bc d6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 ...w............
0000000003adfef8 01 ad d6 77 00 00 00 00 - 00 00 00 00 00 00 00 00 ...w............

*----> Копия памяти для потока 0x7fc<----*

rax=0000000000000002 rbx=0000000003bdff40 rcx=000007ff78930000
rdx=0000000000001fb5 rsi=0000000000000000 rdi=000007ff7e242310
rip=0000000077c43d9a rsp=0000000003bdfea8 rbp=0000000000000000
r8=0000000003bdfa10 r9=0000000003bdfa18 r10=0000000000000419
r11=0000000000000246 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244

функция: USER32!GetWindowLongPtrW
00000000`77c43d89 90 nop
00000000`77c43d8a 90 nop
00000000`77c43d8b 90 nop
00000000`77c43d8c 90 nop
00000000`77c43d8d 90 nop
00000000`77c43d8e 90 nop
00000000`77c43d8f 90 nop
00000000`77c43d90 4c8bd1 mov r10,rcx
00000000`77c43d93 b806100000 mov eax,0x1006
00000000`77c43d98 0f05 syscall
00000000`77c43d9a c3 ret
00000000`77c43d9b 90 nop
00000000`77c43d9c 90 nop
00000000`77c43d9d 90 nop
00000000`77c43d9e 90 nop
00000000`77c43d9f 90 nop
00000000`77c43da0 90 nop
00000000`77c43da1 90 nop
00000000`77c43da2 90 nop
00000000`77c43da3 90 nop
00000000`77c43da4 90 nop

*----> Обратная трассировка стека <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\WINMM.dll -
Child-SP RetAddr : Args to Child : Call Site
00000000`03bdfea8 00000000`77c27f03 : 000007ff`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : USER32!GetWindowLongPtrW+0x11a
00000000`03bdfeb0 000007ff`7e2423f3 : 00000000`0000050c 00000000`0000050c 00000000`00000000 000007ff`7e242310 : USER32!GetMessageA+0x43
00000000`03bdfee0 00000000`77d6b8ca : 00000000`77d6b890 00000000`0000050c 00000000`00000000 000007ff`7e242310 : WINMM!PlaySoundW+0xc23
00000000`03bdff80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadStart+0x3a

*----> Копия необработанного стека <----*
0000000003bdfea8 03 7f c2 77 00 00 00 00 - 00 00 00 00 ff 07 00 00 ...w............
0000000003bdfeb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003bdfec8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003bdfed8 f3 23 24 7e ff 07 00 00 - 0c 05 00 00 00 00 00 00 .#$~............
0000000003bdfee8 0c 05 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003bdfef8 10 23 24 7e ff 07 00 00 - 00 00 00 00 00 00 00 00 .#$~............
0000000003bdff08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003bdff18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003bdff28 00 00 00 00 00 00 00 00 - 00 00 24 7e ff 07 00 00 ..........$~....
0000000003bdff38 00 00 00 00 00 00 00 00 - 60 05 01 00 00 00 00 00 ........`.......
0000000003bdff48 bc 03 00 00 00 00 00 00 - 90 80 f5 06 00 00 00 00 ................
0000000003bdff58 00 00 00 00 00 00 00 00 - 5d a4 70 00 ed 01 00 00 ........].p.....
0000000003bdff68 9a 02 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003bdff78 ca b8 d6 77 00 00 00 00 - 90 b8 d6 77 00 00 00 00 ...w.......w....
0000000003bdff88 0c 05 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003bdff98 10 23 24 7e ff 07 00 00 - 00 00 00 00 00 00 00 00 .#$~............
0000000003bdffa8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003bdffb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003bdffc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003bdffd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Копия памяти для потока 0x37c<----*

rax=0000000000000000 rbx=000000000020d2d0 rcx=000000000020cda8
rdx=000000000020d0b0 rsi=00000000ffffffff rdi=000000000020c7f0
rip=0000000077ef0caa rsp=000000000389fb98 rbp=000000000389fde0
r8=000000000389fae0 r9=00000000000005d4 r10=0000000000000000
r11=000000000389fa98 r12=0000000003600320 r13=000000007ffe0004
r14=00000000035f77e0 r15=000000000389fe20
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244

функция: ntdll!ZwReplyWaitReceivePortEx
00000000`77ef0c90 4c8bd1 mov r10,rcx
00000000`77ef0c93 b827000000 mov eax,0x27
00000000`77ef0c98 0f05 syscall
00000000`77ef0c9a c3 ret
00000000`77ef0c9b 666690 nop
00000000`77ef0c9e 6690 nop
ntdll!ZwReplyWaitReceivePortEx:
00000000`77ef0ca0 4c8bd1 mov r10,rcx
00000000`77ef0ca3 b828000000 mov eax,0x28
00000000`77ef0ca8 0f05 syscall
00000000`77ef0caa c3 ret
00000000`77ef0cab 666690 nop
00000000`77ef0cae 6690 nop
ntdll!ZwTerminateProcess:
00000000`77ef0cb0 4c8bd1 mov r10,rcx
00000000`77ef0cb3 b829000000 mov eax,0x29
00000000`77ef0cb8 0f05 syscall
00000000`77ef0cba c3 ret
00000000`77ef0cbb 666690 nop
00000000`77ef0cbe 6690 nop
ntdll!NtSetEventBoostPriority:

*----> Обратная трассировка стека <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -
Child-SP RetAddr : Args to Child : Call Site
00000000`0389fb98 000007ff`7fd6ff81 : 00000000`0020d2d0 00000000`0389fde0 00000000`0020d2d0 00000000`0020c7f0 : ntdll!ZwReplyWaitReceivePortEx+0xa
00000000`0389fba0 000007ff`7fd45389 : 00000000`001cc6c0 00000000`03600320 000007ff`7fd65d50 00000000`00000000 : RPCRT4!RpcBindingFree+0xb21
00000000`0389feb0 000007ff`7fd659b6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : RPCRT4!NdrMesTypeAlignSize+0x189
00000000`0389fee0 000007ff`7fd65d71 : 00000000`03600320 00000000`00000000 00000000`00000000 000007ff`7fd65d50 : RPCRT4!I_RpcAsyncSetHandle+0x596
00000000`0389ff50 00000000`77d6b8ca : 00000000`77d6b890 00000000`00000000 00000000`00000000 00000000`0389ffa8 : RPCRT4!I_RpcAsyncSetHandle+0x951
00000000`0389ff80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadStart+0x3a

*----> Копия необработанного стека <----*
000000000389fb98 81 ff d6 7f ff 07 00 00 - d0 d2 20 00 00 00 00 00 .......... .....
000000000389fba8 e0 fd 89 03 00 00 00 00 - d0 d2 20 00 00 00 00 00 .......... .....
000000000389fbb8 f0 c7 20 00 00 00 00 00 - 20 fe 89 03 00 00 00 00 .. ..... .......
000000000389fbc8 80 1f 00 00 ff ff 00 00 - 00 00 00 00 00 00 00 00 ................
000000000389fbd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000389fbe8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000389fbf8 02 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000389fc08 00 00 00 00 00 00 00 00 - 00 00 00 00 04 00 00 00 ................
000000000389fc18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000389fc28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000389fc38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000389fc48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000389fc58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000389fc68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000389fc78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000389fc88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000389fc98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000389fca8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000389fcb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
000000000389fcc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Копия памяти для потока 0xa68<----*

rax=0000000000000000 rbx=000000000000ea60 rcx=0000000077ef0c1a
rdx=0000000000000000 rsi=0000000003cdfe30 rdi=0000000000000000
rip=0000000077ef0d3a rsp=0000000003cdfe08 rbp=0000000000000000
r8=0000000003cdf538 r9=0000000003cdf580 r10=0000000000000000
r11=0000000000000202 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl nz na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000204

функция: ntdll!NtDelayExecution
00000000`77ef0d20 4c8bd1 mov r10,rcx
00000000`77ef0d23 b830000000 mov eax,0x30
00000000`77ef0d28 0f05 syscall
00000000`77ef0d2a c3 ret
00000000`77ef0d2b 666690 nop
00000000`77ef0d2e 6690 nop
ntdll!NtDelayExecution:
00000000`77ef0d30 4c8bd1 mov r10,rcx
00000000`77ef0d33 b831000000 mov eax,0x31
00000000`77ef0d38 0f05 syscall
00000000`77ef0d3a c3 ret
00000000`77ef0d3b 666690 nop
00000000`77ef0d3e 6690 nop
ntdll!NtQueryDirectoryFile:
00000000`77ef0d40 4c8bd1 mov r10,rcx
00000000`77ef0d43 b832000000 mov eax,0x32
00000000`77ef0d48 0f05 syscall
00000000`77ef0d4a c3 ret
00000000`77ef0d4b 666690 nop
00000000`77ef0d4e 6690 nop
ntdll!ZwQuerySystemInformation:

*----> Обратная трассировка стека <----*
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll -
Child-SP RetAddr : Args to Child : Call Site
00000000`03cdfe08 00000000`77d707c6 : 00000000`036468b0 00000000`77d84b4c 00000000`00020846 00000000`00000000 : ntdll!NtDelayExecution+0xa
00000000`03cdfe10 000007ff`57198540 : 00000000`00000000 00000000`00000000 00000000`00170950 00000000`00000000 : kernel32!SleepEx+0x96
00000000`03cdfeb0 000007ff`5717e900 : 00000000`0020ca10 000007ff`57379fd0 00000000`00000000 00000000`00000000 : ole32!CoTaskMemFree+0x5d0
00000000`03cdfee0 000007ff`5717e9f1 : 00000000`00170950 00000000`00170950 00000000`00000000 000007ff`57140000 : ole32!StringFromCLSID+0x1f60
00000000`03cdff50 00000000`77d6b8ca : 00000000`03602320 00000000`00000000 00000000`00170950 000007ff`5717e980 : ole32!StringFromCLSID+0x2051
00000000`03cdff80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadStart+0x3a

*----> Копия необработанного стека <----*
0000000003cdfe08 c6 07 d7 77 00 00 00 00 - b0 68 64 03 00 00 00 00 ...w.....hd.....
0000000003cdfe18 4c 4b d8 77 00 00 00 00 - 46 08 02 00 00 00 00 00 LK.w....F.......
0000000003cdfe28 00 00 00 00 00 00 00 00 - 00 ba 3c dc ff ff ff ff ..........<.....
0000000003cdfe38 00 00 00 00 00 00 00 00 - 48 00 00 00 00 00 00 00 ........H.......
0000000003cdfe48 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003cdfe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003cdfe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003cdfe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003cdfe88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003cdfe98 00 00 00 00 00 00 00 00 - 50 09 17 00 00 00 00 00 ........P.......
0000000003cdfea8 40 85 19 57 ff 07 00 00 - 00 00 00 00 00 00 00 00 @..W............
0000000003cdfeb8 00 00 00 00 00 00 00 00 - 50 09 17 00 00 00 00 00 ........P.......
0000000003cdfec8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000003cdfed8 00 e9 17 57 ff 07 00 00 - 10 ca 20 00 00 00 00 00 ...W...... .....
0000000003cdfee8 d0 9f 37 57 ff 07 00 00 - 00 00 00 00 00 00 00 00 ..7W............
0000000003cdfef8 00 00 00 00 00 00 00 00 - 80 ff cd 03 00 00 00 00 ................
0000000003cdff08 20 23 60 03 00 00 00 00 - 50 09 17 00 00 00 00 00 #`.....P.......
0000000003cdff18 ff 03 19 57 ff 07 00 00 - 12 00 14 00 00 00 00 00 ...W............
0000000003cdff28 00 00 00 00 ff 07 00 00 - 30 de 15 00 00 00 00 00 ........0.......
0000000003cdff38 80 ff cd 03 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

*----> Копия памяти для потока 0x49c<----*

rax=0000000000000002 rbx=000000000020d2d0 rcx=00000000035f77e0
rdx=0000000000000000 rsi=00000000ffffffff rdi=000000000020ce80
rip=0000000077ef0caa rsp=0000000004f4fb98 rbp=0000000004f4fde0
r8=0000000004f4fb98 r9=0000000004f4fde0 r10=0000000000000000
r11=0000000000000246 r12=0000000003601520 r13=000000007ffe0004
r14=00000000035f77e0 r15=0000000004f4fe18
iopl=0 nv up ei pl zr na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000244

функция: ntdll!ZwReplyWaitReceivePortEx
00000000`77ef0c90 4c8bd1 mov r10,rcx
00000000`77ef0c93 b827000000 mov eax,0x27
00000000`77ef0c98 0f05 syscall
00000000`77ef0c9a c3 ret
00000000`77ef0c9b 666690 nop
00000000`77ef0c9e 6690 nop
ntdll!ZwReplyWaitReceivePortEx:
00000000`77ef0ca0 4c8bd1 mov r10,rcx
00000000`77ef0ca3 b828000000 mov eax,0x28
00000000`77ef0ca8 0f05 syscall
00000000`77ef0caa c3 ret
00000000`77ef0cab 666690 nop
00000000`77ef0cae 6690 nop
ntdll!ZwTerminateProcess:
00000000`77ef0cb0 4c8bd1 mov r10,rcx
00000000`77ef0cb3 b829000000 mov eax,0x29
00000000`77ef0cb8 0f05 syscall
00000000`77ef0cba c3 ret
00000000`77ef0cbb 666690 nop
00000000`77ef0cbe 6690 nop
ntdll!NtSetEventBoostPriority:

*----> Обратная трассировка стека <----*
Child-SP RetAddr : Args to Child : Call Site
00000000`04f4fb98 000007ff`7fd6ff81 : 00000000`0020d2d0 00000000`04f4fde0 00000000`0020d2d0 00000000`0020ce80 : ntdll!ZwReplyWaitReceivePortEx+0xa
00000000`04f4fba0 000007ff`7fd45389 : 00000000`001bf270 00000000`03601520 000007ff`7fd65d50 00000000`00000000 : RPCRT4!RpcBindingFree+0xb21
00000000`04f4feb0 000007ff`7fd659b6 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : RPCRT4!NdrMesTypeAlignSize+0x189
00000000`04f4fee0 000007ff`7fd65d71 : 00000000`03601520 00000000`00000000 00000000`00000000 000007ff`7fd65d50 : RPCRT4!I_RpcAsyncSetHandle+0x596
00000000`04f4ff50 00000000`77d6b8ca : 00000000`77d6b890 00000000`00000000 00000000`00000000 00000000`04f4ffa8 : RPCRT4!I_RpcAsyncSetHandle+0x951
00000000`04f4ff80 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadStart+0x3a

*----> Копия необработанного стека <----*
0000000004f4fb98 81 ff d6 7f ff 07 00 00 - d0 d2 20 00 00 00 00 00 .......... .....
0000000004f4fba8 e0 fd f4 04 00 00 00 00 - d0 d2 20 00 00 00 00 00 .......... .....
0000000004f4fbb8 80 ce 20 00 00 00 00 00 - 18 fe f4 04 00 00 00 00 .. .............
0000000004f4fbc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f4fbd8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f4fbe8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f4fbf8 02 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f4fc08 00 00 00 00 00 00 00 00 - 00 00 00 00 05 00 00 00 ................
0000000004f4fc18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f4fc28 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f4fc38 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f4fc48 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f4fc58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f4fc68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f4fc78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f4fc88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f4fc98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f4fca8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f4fcb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
0000000004f4fcc8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
Post Reply