Bonjour,
mon explorateur plante regulierement
j'ai essayer de reinstaller plusieurs fois, mais rien a
faire
mon systeme est un windows 2000 advanced serveur + sp3
je vous donne toutes les infos que j'ai pu recuperer au
moment de l'erreur
merci d'avance pour votre aide
dans les log applications, j'obtiens ceci a propos de
l'erreur:
Winlogon ID 1002
L'environnement s'est arrêté de façon inattendue et
Explorer.exe a redémarré.
DrWatson ID 4097
L'application, explorer.exe, a généré une erreur
d'application L'erreur s'est produite le 08/25/2002 à
19:15:28.876 L'exception générée était c0000005 à
l'adresse FD0034C0 (<nosymbols> )
puis dans le fichier
C:\Documents and Settings\All
Users\Documents\DrWatson\drwtsn32.log
Une exception d'application s'est produite :
App : explorer.exe (pid=1224)
Lorsque : 25/08/2002 @ 19:15:28.876
Numéro d'exception : c0000005 (violation d'accès)
*----> Informations système <----*
Nom ordinateur : SKUAL
Nom utilisateur : Administrateur
Nombre de processeurs : 1
Type de processeur : x86 Family 6 Model 4 Stepping
2
Version Windows 2000 : 5.0
Numéro actuel : 2195
Service Pack : 3
Type actuel : Uniprocessor Free
Organisation enregistrée :
Propriétaire enregistré : SKuAL
*----> Liste des tâches <----*
0 Idle.exe
8 System.exe
192 smss.exe
216 csrss.exe
240 WINLOGON.exe
268 services.exe
280 lsass.exe
400 termsrv.exe
520 svchost.exe
548 SPOOLSV.exe
576 msdtc.exe
696 svchost.exe
724 llssrv.exe
756 nvsvc32.exe
788 regsvc.exe
816 mstask.exe
864 winmgmt.exe
928 svchost.exe
940 xcommsvr.exe
1064 dfssvc.exe
1212 userinit.exe
1224 explorer.exe
1128 svchost.exe
1360 drwtsn32.exe
0 _Total.exe
(00400000 - 0043E000)
(78460000 - 784E1000)
(77DA0000 - 77DFD000)
(77E70000 - 77F31000)
(770C0000 - 77131000)
(77F40000 - 77F79000)
(77E00000 - 77E5F000)
(70BD0000 - 70C1C000)
(716B0000 - 7173A000)
(10000000 - 100A0000)
(00880000 - 008B0000)
(77580000 - 777CD000)
(77A40000 - 77B35000)
(72C60000 - 72CE5000)
(779A0000 - 77A3B000)
(78000000 - 78046000)
(00F00000 - 010FD000)
(71500000 - 7161C000)
(71110000 - 711D9000)
(75010000 - 75020000)
(77C00000 - 77C5E000)
(76DC0000 - 76DD2000)
(76F70000 - 76F7F000)
(773B0000 - 773C5000)
(750F0000 - 7513F000)
(77BD0000 - 77BDF000)
(75140000 - 75146000)
(750D0000 - 750E0000)
(74FB0000 - 74FC3000)
(74FA0000 - 74FA8000)
(77940000 - 7796B000)
(77970000 - 77994000)
(74FD0000 - 74FD9000)
(750E0000 - 750EC000)
(75190000 - 751A5000)
(75150000 - 75188000)
(01360000 - 0136C000)
(1D800000 - 1D804000)
(76EF0000 - 76F67000)
(014B0000 - 014F4000)
(76670000 - 76688000)
(766E0000 - 766E8000)
(783C0000 - 78450000)
(76690000 - 76697000)
(77540000 - 77571000)
(01590000 - 01598000)
(77840000 - 7787F000)
(77090000 - 770B3000)
(1A400000 - 1A473000)
(77810000 - 77817000)
(75950000 - 75956000)
(77530000 - 77539000)
État de vidage Thread Id 0x4c4
eax=00000000 ebx=00000001 ecx=00000240 edx=00000000
esi=00093620 edi=00000000
eip=77e485ed esp=0006ff00 ebp=0006ff1c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
fonction : WaitMessage
77e485e2 b836120000 mov eax,0x1236
77e485e7 8d542404 lea edx,
[esp+0x4] ss:00add4d3=????????
77e485eb cd2e int 2e
77e485ed c3 ret
*----> Parcours arrière de la pile <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0006FF1C 775BB0E5 00000000 004018DF 00093620 001D001C
user32!WaitMessage
0006FF60 00401621 0000005C 00000000 000205BE 00000001
shell32!Ordinal201
0006FFC0 77E8CA90 001D001C 001F001E 7FFDF000 00250024
explorer!<nosymbols>
0006FFF0 00000000 004015A8 00000000 000000C8 00000100
kernel32!CreateProcessW
*----> Vidage brut de la pile <----*
0006ff00 56 b1 5b 77 8e 76 e7 77 - 20 36 09 00 01 00 00
00 V.[w.v.w 6......
0006ff10 20 36 09 00 20 36 09 00 - 60 ff 06 00 60 ff 06
00 6.. 6..`...`...
0006ff20 e5 b0 5b 77 00 00 00 00 - df 18 40 00 20 36 09
00 ..[w......@. 6..
0006ff30 1c 00 1d 00 be 05 02 00 - 00 f0 fd 7f 60 8c d3
f4 ............`...
0006ff40 78 a1 e7 77 ff ff ff ff - 0c 00 00 00 be 05 02
00 x..w............
0006ff50 b3 a1 e7 77 02 00 00 00 - 5b e3 00 00 e0 ff 06
00 ...w....[.......
0006ff60 c0 ff 06 00 21 16 40 00 - 5c 00 00 00 00 00 00
00 ....!.@.\.......
0006ff70 be 05 02 00 01 00 00 00 - 1e 00 1f 00 44 00 00
00 ............D...
0006ff80 b0 48 07 00 b0 4c 07 00 - 28 4d 07 00 00 00 00
00 .H...L..(M......
0006ff90 00 00 00 00 00 00 00 00 - 00 00 00 00 98 e9 06
00 ................
0006ffa0 20 6c 07 00 90 e9 06 00 - 01 00 00 00 01 00 00
00 l..............
0006ffb0 00 00 00 00 ff ff ff ff - ff ff ff ff ff ff ff
ff ................
0006ffc0 f0 ff 06 00 90 ca e8 77 - 1c 00 1d 00 1e 00 1f
00 .......w........
0006ffd0 00 f0 fd 7f 24 00 25 00 - c8 ff 06 00 24 00 25
00 ....$.%.....$.%.
0006ffe0 ff ff ff ff 56 18 e9 77 - 98 ca e8 77 00 00 00
00 ....V..w...w....
0006fff0 00 00 00 00 00 00 00 00 - a8 15 40 00 00 00 00
00 ..........@.....
00070000 c8 00 00 00 00 01 00 00 - ff ee ff ee 02 00 00
00 ................
00070010 00 00 00 00 00 fe 00 00 - 00 00 10 00 00 20 00
00 ............. ..
00070020 00 02 00 00 00 20 00 00 - 75 03 00 00 ff ef fd
7f ..... ..u.......
00070030 01 00 08 06 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
État de vidage Thread Id 0x4e0
eax=770d24c2 ebx=00000000 ecx=00082d34 edx=00000000
esi=00082d80 edi=00000000
eip=78463bb8 esp=00effe28 ebp=00efff74 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
fonction : NtReplyWaitReceivePortEx
78463bad b8ac000000 mov eax,0xac
78463bb2 8d542404 lea edx,
[esp+0x4] ss:0196d3fb=????????
78463bb6 cd2e int 2e
78463bb8 c21400 ret 0x14
*----> Parcours arrière de la pile <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
00EFFF74 770D20D9 770D25B9 00082D80 00000000 40082874
ntdll!NtReplyWaitReceivePortEx
00EFFFA8 770D24DA 00078700 00EFFFEC 77E787DD 00082EC8
rpcrt4!NdrConformantArrayMemorySize
00EFFFB4 77E787DD 00082EC8 00000000 40082874 00082EC8
rpcrt4!NdrConformantArrayMemorySize
00EFFFEC 00000000 770D24C2 00082EC8 00000000 00905A4D
kernel32!GetModuleFileNameA
*----> Vidage brut de la pile <----*
00effe28 85 22 0d 77 14 01 00 00 - 54 ff ef 00 00 00 00
00 .".w....T.......
00effe38 10 a9 0c 00 58 ff ef 00 - 88 86 07 00 c8 1d 08
00 ....X...........
00effe48 6d 31 46 78 00 00 00 00 - 00 00 00 00 00 00 00
00 m1Fx............
00effe58 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00effe68 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00effe78 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00effe88 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00effe98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00effea8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00effeb8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00effec8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00effed8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00effee8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00effef8 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00efff08 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00efff18 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
00efff28 00 00 00 00 e0 76 f2 fe - 60 f1 f1 fe 00 00 00
00 .....v..`.......
00efff38 f0 f2 f1 fe 60 0c b2 f4 - 46 02 00 00 a4 da 42
80 ....`...F.....B.
00efff48 10 2f 06 80 c0 f2 f1 fe - 60 f1 f1 fe 00 00 00
00 ./......`.......
00efff58 00 a2 2f 4d ff ff ff ff - 50 fe ef 00 00 00 02
80 ../M....P.......
État de vidage Thread Id 0x500
eax=014ee5dc ebx=0006fee4 ecx=0114ff38 edx=00000000
esi=0006ff04 edi=00000000
eip=77e485ed esp=0114ff5c ebp=0114ff7c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
fonction : WaitMessage
77e485e2 b836120000 mov eax,0x1236
77e485e7 8d542404 lea edx,
[esp+0x4] ss:01bbd52f=????????
77e485eb cd2e int 2e
77e485ed c3 ret
*----> Parcours arrière de la pile <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0114FF7C 00403743 70BECF39 00400000 00390030 7FFDEBF8
user32!WaitMessage
0114FFB4 77E787DD 0006FEE4 00390030 7FFDEBF8 0006FEE4
explorer!<nosymbols>
0114FFEC 00000000 70BECEFF 0006FEE4 00000000 00000000
kernel32!GetModuleFileNameA
*----> Vidage brut de la pile <----*
0114ff5c aa 3d 40 00 36 00 02 00 - 0f 00 00 00 00 00 00
00 .=@.6...........
0114ff6c 00 00 00 00 79 03 01 00 - 40 02 00 00 b0 01 00
00 ....y...@.......
0114ff7c b4 ff 14 01 43 37 40 00 - 39 cf be 70 00 00 40
00 ....C7@.9..p..@.
0114ff8c 30 00 39 00 f8 eb fd 7f - 2c 37 40 00 62 24 40
00 0.9.....,7@.b$@.
0114ff9c 38 01 00 00 00 00 40 00 - 00 00 00 00 00 00 00
00 8.....@.........
0114ffac 00 00 00 00 00 00 00 00 - ec ff 14 01 dd 87 e7
77 ...............w
0114ffbc e4 fe 06 00 30 00 39 00 - f8 eb fd 7f e4 fe 06
00 ....0.9.........
0114ffcc 00 c0 fd 7f 00 00 00 00 - c0 ff 14 01 00 00 00
00 ................
0114ffdc ff ff ff ff 56 18 e9 77 - 88 ae e7 77 00 00 00
00 ....V..w...w....
0114ffec 00 00 00 00 00 00 00 00 - ff ce be 70 e4 fe 06
00 ...........p....
0114fffc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0115000c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0115001c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0115002c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0115003c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0115004c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0115005c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0115006c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0115007c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0115008c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
État de vidage Thread Id 0x528
eax=00081eb0 ebx=00000007 ecx=00000001 edx=00000000
esi=784637a7 edi=00000007
eip=784637b2 esp=0119fd98 ebp=0119fde4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
fonction : NtWaitForMultipleObjects
784637a7 b8e9000000 mov eax,0xe9
784637ac 8d542404 lea edx,
[esp+0x4] ss:01c0d36b=????????
784637b0 cd2e int 2e
784637b2 c21400 ret 0x14
*----> Parcours arrière de la pile <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0119FDE4 77E0E93B 0119FDBC 00000001 00000000 0119FDDC
ntdll!NtWaitForMultipleObjects
0119FE40 77E0E988 0119FE0C 0119FEB8 000007D0 000000FF
user32!MsgWaitForMultipleObjectsEx
0119FE5C 775BA4D2 00000006 0119FEB8 00000000 000007D0
user32!MsgWaitForMultipleObjects
7769E540 FFFFFFFF 00000000 00000000 000001B8 00000000
shell32!Ordinal200
784B0060 7769E540 784B0088 784B0048 00000005 00000005
<nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000
shell32!<nosymbols>
État de vidage Thread Id 0x534
eax=0c24548b ebx=00000002 ecx=840fd298 edx=00000000
esi=784637a7 edi=00000002
eip=784637b2 esp=011dfe5c ebp=011dfea8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
fonction : NtWaitForMultipleObjects
784637a7 b8e9000000 mov eax,0xe9
784637ac 8d542404 lea edx,
[esp+0x4] ss:01c4d42f=????????
784637b0 cd2e int 2e
784637b2 c21400 ret 0x14
*----> Parcours arrière de la pile <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
011DFEA8 77E0E93B 011DFE80 00000001 00000000 011DFEA0
ntdll!NtWaitForMultipleObjects
011DFF04 77E0E988 011DFED0 70C16170 0000EA60 00000041
user32!MsgWaitForMultipleObjectsEx
011DFF20 70BD18A5 00000001 70C16170 00000000 0000EA60
user32!MsgWaitForMultipleObjects
011DFF74 70BEC069 011DFFA0 011DFFA4 011DFFA8 011DFF9C
SHLWAPI!Ordinal60
011DFFAC 70BEBFCF 784639B8 77E787DD 00000000 78462B95
SHLWAPI!Ordinal124
011DFFEC 00000000 00000000 00000000 00000000 00000000
SHLWAPI!Ordinal124
État de vidage Thread Id 0x53c
eax=00070110 ebx=00000000 ecx=00000246 edx=00000000
esi=00000000 edi=000003bc
eip=784639eb esp=0121f1cc ebp=0121f23c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
fonction : NtReadFile
784639e0 b8a1000000 mov eax,0xa1
784639e5 8d542404 lea edx,
[esp+0x4] ss:01c8c79f=????????
784639e9 cd2e int 2e
784639eb c22400 ret 0x24
*----> Parcours arrière de la pile <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0121F23C 70C0E07F 000003BC 000CC1E4 00001000 0121F274
ntdll!NtReadFile
0121F26C 7759A9AA 00000000 0121F49C 00000004 0121F4A0
SHLWAPI!Ordinal477
0121F4A4 7759AE77 0008DE98 000CC1C8 0121F8FC 00000050
shell32!Ordinal121
0121F6CC 7759AE28 0121F6F4 775B20F3 0008DE9C 0121F6F4
shell32!Ordinal26
0121FB60 775B1E46 000A6298 000CAF48 0008DE9C 00405B78
shell32!Ordinal26
0121FB94 00404AE1 000A629C 00000000 00000001 0121FBD4
shell32!Ordinal181
0121FBC8 00404A85 00000000 000CAF48 775BBCDB 0008B848
explorer!<nosymbols>
0121FF18 775A529C 40410177 0009B810 00098DE0 00098DE4
explorer!<nosymbols>
00000000 00000000 00000000 00000000 00000000 00000000
shell32!Ordinal646
*----> Vidage brut de la pile <----*
0121f1cc 07 7f e7 77 bc 03 00 00 - 00 00 00 00 00 00 00
00 ...w............
0121f1dc 00 00 00 00 14 f2 21 01 - e4 c1 0c 00 00 10 00
00 ......!.........
0121f1ec 00 00 00 00 00 00 00 00 - 00 10 00 00 04 00 00
00 ................
0121f1fc c8 c1 0c 00 e4 64 0a 00 - 00 00 00 00 24 2a 00
10 .....d......$*..
0121f20c bc 03 00 00 00 00 00 80 - e9 bc 74 18 98 5c 8b
45 ..........t..\.E
0121f21c 00 00 00 00 aa 2a 00 10 - f4 f1 21 01 9c f4 21
01 .....*....!...!.
0121f22c dc ff 21 01 56 18 e9 77 - 38 7f e7 77 ff ff ff
ff ..!.V..w8..w....
0121f23c 6c f2 21 01 7f e0 c0 70 - bc 03 00 00 e4 c1 0c
00 l.!....p........
0121f24c 00 10 00 00 74 f2 21 01 - 00 00 00 00 c8 c1 0c
00 ....t.!.........
0121f25c 90 de 08 00 98 de 08 00 - 04 00 00 00 00 00 00
00 ................
0121f26c a4 f4 21 01 aa a9 59 77 - 00 00 00 00 9c f4 21
01 ..!...Yw......!.
0121f27c 04 00 00 00 a0 f4 21 01 - 00 00 00 00 90 de 08
00 ......!.........
0121f28c 3c e4 c0 70 16 b5 4a 78 - 2d b5 4a 78 00 00 00
00 <..p..Jx-.Jx....
0121f29c bc 03 00 00 00 00 00 00 - 03 00 1f 00 e4 f2 21
01 ..............!.
0121f2ac c9 83 e7 77 00 00 00 00 - 00 00 00 00 d8 64 0a
00 ...w.........d..
0121f2bc d8 64 0a 00 28 b2 0c 00 - 78 01 07 00 dc f2 21
01 .d..(...x.....!.
0121f2cc ac f2 21 01 40 06 07 00 - dc ff 21 01 56 18 e9
77 ..!.@.....!.V..w
0121f2dc a0 75 e7 77 90 04 00 00 - 30 f3 21 01 a7 e6 59
77 .u.w....0.!...Yw
0121f2ec 00 00 00 00 00 00 00 00 - 00 00 00 00 38 65 0a
00 ............8e..
0121f2fc 3d e6 59 77 90 de 08 00 - 0a e7 59 77 d0 de 08
00 =.Yw......Yw....
État de vidage Thread Id 0x544
eax=00000003 ebx=013199c0 ecx=0131ffa4 edx=f4d04d64
esi=7846377b edi=000000ec
eip=78463786 esp=013199a4 ebp=013199c8 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
fonction : NtWaitForSingleObject
7846377b b8ea000000 mov eax,0xea
78463780 8d542404 lea edx,
[esp+0x4] ss:01d86f77=????????
78463784 cd2e int 2e
78463786 c20c00 ret 0xc
*----> Parcours arrière de la pile <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
013199C8 77E77837 000000EC 00000000 00000000 70BD22EE
ntdll!NtWaitForSingleObject
013199EC 775AA3F3 000000EC 00004000 775AA341 775B406C
kernel32!WaitForSingleObject
01319A0C 775AA2EA 00000000 775B406C 00000000 00004000
shell32!SHGetFolderPathW
01319A38 775B13D2 00000000 00004008 00000000 00000000
shell32!SHGetFolderPathW
01319E64 775B139A 00000008 01319E7C 000C94B1 00000001
shell32!Ordinal72
0131A084 775B1013 00084A48 00000008 00001000 0131AB54
shell32!Ordinal72
0131A504 775B31A7 00084A4C 000C9470 00000001 0131A73C
shell32!Ordinal72
0131A8A8 775B3055 000C9470 77E072BD 000BF8E8 000BF8E8
shell32!Ordinal181
0131A8C0 775B2A09 0131AB54 C0000000 0000004E 0045F520
shell32!Ordinal181
0131AA34 77E2A290 00020048 0000004E 00000001 0131AB54
shell32!Ordinal181
0131AA54 77E06322 775B2958 00020048 0000004E 00000001
user32!SetWindowPlacement
0131AA84 77E07301 0045F520 0000004E 00000001 0131AB54
user32!IsWindowVisible
0131AAA4 716B5EA6 00020048 0000004E 00000001 0131AB54
user32!SendMessageW
0131AB34 716B9A01 000B1240 FFFFFF4F 0131AB54 00000000
COMCTL32!Ordinal413
0131AB90 716C1AE0 000B1240 00000005 000C9238 000B1240
COMCTL32!ImageList_Add
0131B084 716DD269 000B1240 000C9238 00000001 01010054
COMCTL32!Ordinal331
0131B168 716DD063 000B1240 00000000 00000007 00000000
COMCTL32!CreateToolbarEx
0131B1A4 716B9061 000B1240 0131B31C 0131B320 C0000000
COMCTL32!CreateToolbarEx
0131B30C 77E2A290 000100CA 00001014 00000000 00000000
COMCTL32!ImageList_Add
0131B32C 77E06322 716B89B2 000100CA 00001014 00000000
user32!SetWindowPlacement
0131B35C 77E07301 0045F5D8 00001014 00000000 00000000
user32!IsWindowVisible
0131B37C 775A3A7C 000100CA 00001014 00000000 00000000
user32!SendMessageW
0131B3A4 775A37C1 000BEB30 00000033 716B37AE 000BF8E8
shell32!Ordinal162
00000000 00000000 00000000 00000000 00000000 00000000
shell32!Ordinal162
*----> Vidage brut de la pile <----*
013199a4 0f 78 e7 77 ec 00 00 00 - 00 00 00 00 c0 99 31
01 .x.w..........1.
013199b4 5c 9c 31 01 00 40 00 00 - 6c 40 5b 77 00 00 00
00 \.1..@..l@[w....
013199c4 00 00 00 00 ec 99 31 01 - 37 78 e7 77 ec 00 00
00 ......1.7x.w....
013199d4 00 00 00 00 00 00 00 00 - ee 22 bd 70 ec 00 00
00 .........".p....
013199e4 00 00 00 00 00 00 00 00 - 0c 9a 31 01 f3 a3 5a
77 ..........1...Zw
013199f4 ec 00 00 00 00 40 00 00 - 41 a3 5a 77 6c 40 5b
77 .....@..A.Zwl@[w
01319a04 00 40 00 00 5c 9c 31 01 - 38 9a 31 01 ea a2 5a
77 .@..\.1.8.1...Zw
01319a14 00 00 00 00 6c 40 5b 77 - 00 00 00 00 00 40 00
00 ....l@[w.....@..
01319a24 5c 9c 31 01 08 00 00 00 - 48 4a 08 00 48 4a 08
00 \.1.....HJ..HJ..
01319a34 57 00 07 80 64 9e 31 01 - d2 13 5b 77 00 00 00
00 W...d.1...[w....
01319a44 08 40 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 .@..............
01319a54 43 00 3a 00 5c 00 00 00 - 08 06 07 00 e3 b7 4a
78 C.:.\.........Jx
01319a64 00 00 00 00 f0 15 0c 00 - 04 00 00 00 0c 00 00
00 ................
01319a74 a8 75 0c 00 78 1f 0c 00 - 03 00 00 00 06 00 00
00 .u..x...........
01319a84 18 9b 31 01 da 7a 46 78 - 8e 9b 31 01 f2 9a 31
01 ..1..zFx..1...1.
01319a94 06 00 00 00 8e 9b 31 01 - 70 9d 31 01 04 00 00
c0 ......1.p.1.....
01319aa4 ec 9a 31 01 95 2b 46 78 - 18 36 46 78 00 00 00
00 ..1..+Fx.6Fx....
01319ab4 fc 9a 31 01 82 73 e7 77 - 00 00 07 00 00 00 00
00 ..1..s.w........
01319ac4 50 50 07 00 fc 9a 31 01 - 1b 00 00 00 70 39 46
78 PP....1.....p9Fx
01319ad4 00 00 07 00 98 0b 07 00 - 1b 00 00 00 f8 f4 0b
00 ................
État de vidage Thread Id 0x54c
eax=000c90a0 ebx=00000000 ecx=000c90a0 edx=f4af0d64
esi=7846b2a5 edi=00100001
eip=78465947 esp=0135a544 ebp=0135a838 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
fonction : ZwQueryDirectoryFile
7846593c b87d000000 mov eax,0x7d
78465941 8d542404 lea edx,
[esp+0x4] ss:01dc7b17=????????
78465945 cd2e int 2e
78465947 c22c00 ret 0x2c
7846594a 55 push ebp
7846594b 8bec mov ebp,esp
7846594d 56 push esi
7846594e 8b7508 mov esi,
[ebp+0x8] ss:01dc7e0a=????????
78465951 57 push edi
78465952
817e08ffeeffee
ds:78ed8877=????????
cmp dword ptr
[esi+0x8],0xeeffeeff
78465959 8d7e08 lea edi,
[esi+0x8] ds:78ed8877=????????
7846595c 0f8568820200 jne
RtlWalkHeap+0x36e (7848dbca)
78465962 b001 mov al,0x1
78465964 5f pop edi
78465965 5e pop esi
*----> Parcours arrière de la pile <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0135A838 10004173 0135B100 0000049C 0135AEB0 00000000
ntdll!ZwQueryDirectoryFile
0135B3A4 77648CAE 000C90D0 000C90A0 77648529 00000000 !
<nosymbols>
0135B3E0 775A2B31 00000000 00010068 000000E0 0135B420
shell32!Ordinal690
0135B428 775A29FF 00000001 000BCA88 00000033 00000001
shell32!Ordinal162
0135B4A4 71513970 00000000 0135B4C0 0009FAF4 0009F794
shell32!Ordinal162
0135B538 71513788 0009FE08 00000050 000C0460 00000000
shdocvw!Ordinal200
0135B560 7112A3E5 0009F794 000C0460 00000000 0135B5C4
shdocvw!Ordinal200
0135B57C 7112AD0F 0009FE0C 000C0460 00000000 0135B5C4
BROWSEUI!DllGetClassObject
0135B59C 71513648 0009FE0C 000C0460 00000000 0135B5C4
BROWSEUI!DllGetClassObject
0135B5E0 715134F1 00000000 00099C30 00000000 00000200
shdocvw!Ordinal200
0135B608 7151342B 00099C30 00000000 00000000 00000400
shdocvw!Ordinal200
0135C67C 7112A3C4 0009F794 00099C30 00000000 00000000
shdocvw!Ordinal200
0135C6B4 7112F6C6 0009FE0C 00099C30 00000000 00000000
BROWSEUI!DllGetClassObject
0135F7FC 71501C1B 00000001 20000000 00000001 0009FE0C
BROWSEUI!Ordinal102
0135F814 71112006 0009F794 00010068 00000001 00000000
shdocvw!Ordinal206
0135F830 71113013 0009FE0C 00010068 00000001 00000000
BROWSEUI!Ordinal113
0135F86C 71112E1C 0009FDF8 00010068 00000001 00000000
BROWSEUI!Ordinal113
0135F894 77E2A290 0009FDF8 00000001 00000000 0135F938
BROWSEUI!Ordinal113
0135F8B4 77E046FC 71112D2A 00010068 00000001 00000000
user32!SetWindowPlacement
0135F8D0 77E0CED7 00449930 00000001 00000000 0135F938
user32!TranslateMessageEx
0135F900 784802FF 0135F910 00000060 00000060 00000000
user32!SetScrollPos
0135FA18 77E13BD1 00000100 7112A600 00000000 00000000
ntdll!KiUserCallbackDispatcher
0135FA54 70BF1243 00000100 7112A600 00000000 02CF0000
user32!CreateWindowExW
0135FEB4 7112EF81 00000100 7112A600 00000000 02CF0000
SHLWAPI!SHCreateThread
0135FF2C 7112EE7B 00010093 0006E9AC 784AB227 0009CDE0
BROWSEUI!Ordinal102
0135FFB4 77E787DD 0009CDE0 0006E9AC 784AB227 0009CDE0
BROWSEUI!Ordinal102
0135FFEC 00000000 7112EE3F 0009CDE0 00000000 00905A4D
kernel32!GetModuleFileNameA
*----> Vidage brut de la pile <----*
0135a544 8b ab e7 77 9c 04 00 00 - 00 00 00 00 00 00 00
00 ...w............
0135a554 00 00 00 00 18 a8 35 01 - 80 a5 35 01 68 02 00
00 ......5...5.h...
0135a564 03 00 00 00 01 00 00 00 - 28 a8 35 01 00 00 00
00 ........(.5.....
0135a574 da 22 e8 77 00 b1 35 01 - d0 90 0c 00 00 00 00
00 .".w..5.........
0135a584 00 00 00 00 00 a0 b7 c8 - f7 41 c2 01 e0 54 11
ed .........A...T..
0135a594 42 4c c2 01 00 a0 b7 c8 - f7 41 c2 01 e0 b7 b6
cc BL.......A......
0135a5a4 46 4c c2 01 10 a5 04 00 - 00 00 00 00 00 b0 04
00 FL..............
0135a5b4 00 00 00 00 20 00 00 00 - 14 00 00 00 00 00 00
00 .... ...........
0135a5c4 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
0135a5d4 00 00 00 00 00 00 00 00 - 00 00 61 00 70 00 70
00 ..........a.p.p.
0135a5e4 77 00 69 00 7a 00 2e 00 - 63 00 70 00 6c 00 4a
78 w.i.z...c.p.l.Jx
0135a5f4 d8 0a 07 00 10 40 0b 00 - 68 20 e8 77 98 f0 ec
77 .....@..h .w...w
0135a604 98 f0 ec 77 00 00 07 00 - 0f 00 00 00 fb 80 e7
77 ...w...........w
0135a614 a4 a6 35 01 24 b1 35 01 - a4 a6 35 01 01 00 00
00 ..5.$.5...5.....
0135a624 18 a6 35 01 00 00 35 01 - a4 a6 35 01 64 a6 35
01 ..5...5...5.d.5.
0135a634 d5 20 bd 70 2e b1 35 01 - a4 a6 35 01 5c 00 00
00 . .p..5...5.\...
0135a644 ae a6 35 01 4e 2e bd 70 - 00 b1 35 01 01 00 00
00 ..5.N..p..5.....
0135a654 04 01 00 00 bf 80 e7 77 - 50 26 5c 77 00 00 00
00 .......wP&\w....
0135a664 88 a8 35 01 09 2d bd 70 - 00 b1 35 01 80 a6 35
01 ..5..-.p..5...5.
0135a674 da 22 e8 77 5a 2c bd 70 - d0 90 0c 00 43 00 3a
00 .".wZ,.p....C.:.
État de vidage Thread Id 0x564
eax=80000002 ebx=013af56c ecx=840fd285 edx=840fd298
esi=013af364 edi=013af7cc
eip=fd0034c0 esp=013af338 ebp=013af570 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
fonction : <nosymbols>
fd0034b6 ???
fd0034b7 ???
fd0034b8 ???
fd0034b9 ???
fd0034ba ???
fd0034bb ???
fd0034bc ???
fd0034bd ???
fd0034be ???
fd0034bf ???
FAUTE ->fd0034c0 ???
fd0034c1 ???
fd0034c2 ???
fd0034c3 ???
fd0034c4 ???
fd0034c5 ???
fd0034c6 ???
fd0034c7 ???
fd0034c8 ???
fd0034c9 ???
fd0034ca ???
fd0034cb ???
*----> Parcours arrière de la pile <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
013AF334 100034E5 80000002 013AF364 013AF56C 013AF7CC
<nosymbols>
013AF570 775BF120 000B7F44 00000104 013AF7D0 775BF0E3 !
<nosymbols>
013AF580 775BF0E3 000B7F20 000B7F44 013AF7F8 013AF7B4
shell32!Ordinal159
013AF7D0 775BEF3F 000B7F20 013AF7F8 00000400 00000000
shell32!Ordinal159
00000000 00000000 00000000 00000000 00000000 00000000
shell32!Ordinal159
*----> Vidage brut de la pile <----*
013af338 e5 34 00 10 02 00 00 80 - 64 f3 3a 01 6c f5 3a
01 .4......d.:.l.:.
013af348 cc f7 3a 01 04 01 00 00 - 44 7f 0b 00 96 f1 5b
77 ..:.....D.....[w
013af358 02 00 00 80 64 f3 3a 01 - 6c f5 3a 01 53 00 79
00 ....d.:.l.:.S.y.
013af368 73 00 74 00 65 00 6d 00 - 5c 00 43 00 75 00 72
00 s.t.e.m.\.C.u.r.
013af378 72 00 65 00 6e 00 74 00 - 43 00 6f 00 6e 00 74
00 r.e.n.t.C.o.n.t.
013af388 72 00 6f 00 6c 00 53 00 - 65 00 74 00 5c 00 43
00 r.o.l.S.e.t.\.C.
013af398 6f 00 6e 00 74 00 72 00 - 6f 00 6c 00 5c 00 53
00 o.n.t.r.o.l.\.S.
013af3a8 65 00 73 00 73 00 69 00 - 6f 00 6e 00 20 00 4d
00 e.s.s.i.o.n. .M.
013af3b8 61 00 6e 00 61 00 67 00 - 65 00 72 00 5c 00 41
00 a.n.a.g.e.r.\.A.
013af3c8 70 00 70 00 43 00 6f 00 - 6d 00 70 00 61 00 74
00 p.p.C.o.m.p.a.t.
013af3d8 69 00 62 00 69 00 6c 00 - 69 00 74 00 79 00 5c
00 i.b.i.l.i.t.y.\.
013af3e8 6e 00 77 00 69 00 7a 00 - 2e 00 65 00 78 00 65
00 n.w.i.z...e.x.e.
013af3f8 00 00 00 00 3c f5 3a 01 - 90 83 0b 00 1c f5 3a
01 ....<.:.......:.
013af408 e8 f7 3a 01 00 00 00 00 - 00 00 00 00 34 00 00
c0 ..:.........4...
013af418 98 f4 3a 01 26 00 00 00 - 40 f4 3a 01 aa 6d 46
78 ..:.&...@.:..mFx
013af428 34 09 0b 00 00 00 07 00 - 1f 00 00 00 00 00 00
00 4...............
013af438 9e 51 46 78 34 00 00 c0 - 01 f4 3a 01 7a 79 da
77 .QFx4.....:.zy.w
013af448 d0 f3 3a 01 01 01 01 01 - e8 f6 3a 01 95 2b 46
78 ..:.......:..+Fx
013af458 18 36 46 78 ff ff ff ff - a8 f4 3a 01 08 00 00
00 .6Fx......:.....
013af468 c2 5c 0b 00 bf 80 e7 77 - 9e f8 3a 01 d2 5c 0b
00 .\.....w..:..\..
État de vidage Thread Id 0x46c
eax=000000c0 ebx=0114fcfc ecx=77e7b119 edx=00000000
esi=ffffffff edi=00000557
eip=78463197 esp=0153ffa0 ebp=0153ffb4 iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b
gs=0000 efl=00000246
fonction : NtDelayExecution
7846318c b832000000 mov eax,0x32
78463191 8d542404 lea edx,
[esp+0x4] ss:01fad573=????????
78463195 cd2e int 2e
78463197 c20800 ret 0x8
*----> Parcours arrière de la pile <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0153FFB4 77E787DD 0114FCFC 00000557 FFFFFFFF 0114FCFC
ntdll!NtDelayExecution
0153FFEC 00000000 7848A1FF 0114FCFC 00000000 00000000
kernel32!GetModuleFileNameA
*----> Vidage brut de la pile <----*
0153ffa0 e2 49 46 78 01 00 00 00 - ac ff 53 01 00 00 00
00 .IFx......S.....
0153ffb0 00 00 00 80 ec ff 53 01 - dd 87 e7 77 fc fc 14
01 ......S....w....
0153ffc0 57 05 00 00 ff ff ff ff - fc fc 14 01 00 50 fd
7f W............P..
0153ffd0 19 b1 e7 77 c0 ff 53 01 - 19 b1 e7 77 ff ff ff
ff ...w..S....w....
0153ffe0 56 18 e9 77 88 ae e7 77 - 00 00 00 00 00 00 00
00 V..w...w........
0153fff0 00 00 00 00 ff a1 48 78 - fc fc 14 01 00 00 00
00 ......Hx........
01540000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01540010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01540020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01540030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01540040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
01540050 3c 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 <...............
01540060 00 00 00 00 00 00 3c 42 - 42 11 42 3c 0d 00 00
00 ......<BB.B<....
01540070 00 00 00 00 00 00 00 00 - 00 00 00 00 3c 42 66
66 ............<Bff
01540080 12 86 6c 6c 65 0f 22 0d - 0d 00 22 22 0d 00 00
00 ..lle."...""....
01540090 00 00 00 3c 10 15 66 49 - ea 15 00 14 15 15 43
22 ...<..fI......C"
015400a0 22 1d 4a 1d 00 00 00 00 - 00 00 00 0d 42 6c 8b
b4 ".J.........Bl..
015400b0 b4 b4 10 66 0d 00 00 00 - 00 00 4a 22 0d 00 00
00 ...f......J"....
015400c0 00 00 00 42 66 6c ae b4 - ef 91 11 8b 8b 66 29
31 ...Bfl.......f)1
015400d0 31 00 4a 1d 0d 00 00 00 - 00 00 00 0f 43 8b 91
91 1.J.........C...
État de vidage Thread Id 0x568
eax=000cb000 ebx=00000002 ecx=0158eb54 edx=f4cc4d64
esi=784637a7 edi=00000002
eip=784637b2 esp=0158f4e0 ebp=0158f52c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
fonction : NtWaitForMultipleObjects
784637a7 b8e9000000 mov eax,0xe9
784637ac 8d542404 lea edx,
[esp+0x4] ss:01ffcab3=????????
784637b0 cd2e int 2e
784637b2 c21400 ret 0x14
*----> Parcours arrière de la pile <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0158F52C 77E0E93B 0158F504 00000001 00000000 0158F524
ntdll!NtWaitForMultipleObjects
0158F588 77A42370 0158F554 0158F5D0 000003E8 000041FF
user32!MsgWaitForMultipleObjectsEx
0158F5B0 77A98D18 0158F5D0 000003E8 0158F5E0 00000000
ole32!CoTaskMemAlloc
0158F5D8 77B1AB1B FFFFFFFF 0158F64C 00099B24 000A4DE8
ole32!CoGetCallContext
0158F5F8 77B1A9F8 00000001 00099B24 00000000 76EF3B4C
ole32!HACCEL_UserMarshal
0158F610 77B1A865 0158F64C 00099B24 0158F688 76EF3B4C
ole32!HACCEL_UserMarshal
0158F650 77A98C5B 00099B24 0158F91C 0158F748 00099B24
ole32!HACCEL_UserMarshal
0158F6C8 77A98632 00099B24 0158F91C 0158F748 0158FA04
ole32!CoGetCallContext
0158F720 77124B8A 00099B24 0158F91C 0158F748 00087644
ole32!CoGetCallContext
0158F73C 77123EAB 000C7144 0158F968 0158F74C 0158F74C
rpcrt4!NdrProxySendReceive
0158FB14 77124C61 76EF3AD0 76EF3B22 0158FB48 0158FB88
rpcrt4!NdrClientCall2
0158FB30 770D93AA 00000014 00000003 0158FB64 76EF2E46
rpcrt4!NdrProxyFreeBuffer
0158FB40 76EF2E46 000C7144 00000100 000CAB40 0158FB88
rpcrt4!RpcBindingInqAuthClientExW
0158FB64 76EF206D 0158FBA0 00000000 76F2D1E0 00000000
netshell!DllGetClassObject
0158FBA8 76EF1F0C 000BDF78 000BDF78 00000000 00000000
netshell!DllGetClassObject
0158FBCC 76EF1EC7 0158FBE8 0158FBE4 000BDF78 000BDF78
netshell!DllGetClassObject
0158FBEC 76EF1E9A 00000000 0158FC14 76EF1E70 000BDF78
netshell!DllGetClassObject
0158FBF8 76EF1E70 000BDF78 00000000 00000000 00000001
netshell!DllGetClassObject
0158FC14 76EF1CB1 000BDF78 00000001 0158FC44 0158FC3C
netshell!DllGetClassObject
0158FC4C 76EF1C44 000100C6 0158FC5C 00000000 0158FC6C
netshell!DllGetClassObject
0158FC60 76EF4D1D 000100C6 0158FC8C 77E2A290 000100C6
netshell!DllGetClassObject
0158FC6C 77E2A290 000100C6 00000001 00000000 0158FD10
netshell!DllGetClassObject
0158FC8C 77E046FC 76EF4CC2 000100C6 00000001 00000000
user32!SetWindowPlacement
0158FCA8 77E0CED7 0045F330 00000001 00000000 0158FD10
user32!TranslateMessageEx
0158FCD8 784802FF 0158FCE8 00000088 00000088 00000024
user32!SetScrollPos
0158FE18 77E13BD1 00000000 76EF4688 76EF4688 0158FE04
ntdll!KiUserCallbackDispatcher
0158FE54 76EF1C19 00000000 76EF4688 76EF4688 00CF0000
user32!CreateWindowExW
0158FEC0 76EF1AD4 00000000 000B02B0 0158FF28 00009C40
netshell!DllGetClassObject
00000001 00000000 00000000 00000000 00000000 00000000
netshell!DllGetClassObject
*----> Vidage brut de la pile <----*
0158f4e0 b7 7a e7 77 02 00 00 00 - 04 f5 58 01 01 00 00
00 .z.w......X.....
0158f4f0 00 00 00 00 24 f5 58 01 - 00 00 00 00 00 00 00
00 ....$.X.........
0158f500 02 00 00 00 00 03 00 00 - c4 02 00 00 10 33 0c
00 .............3..
0158f510 00 00 00 00 20 33 0c 00 - 01 00 00 00 20 31 0c
00 .... 3...... 1..
0158f520 40 f6 58 01 80 69 67 ff - ff ff ff ff 88 f5 58
01 @.X..ig.......X.
0158f530 3b e9 e0 77 04 f5 58 01 - 01 00 00 00 00 00 00
00 ;..w..X.........
0158f540 24 f5 58 01 00 00 00 00 - 02 01 00 00 88 f6 58
01 $.X...........X.
0158f550 01 00 00 00 00 03 00 00 - c4 02 00 00 01 00 00
00 ................
0158f560 00 03 00 00 78 ea 0b 00 - 00 80 00 00 88 f3 0b
00 ....x...........
0158f570 40 82 0c 00 ce 40 0c 77 - 00 00 00 00 cc 46 fd
7f @....@.w.....F..
0158f580 00 00 00 00 c4 02 00 00 - b0 f5 58 01 70 23 a4
77 ..........X.p#.w
0158f590 54 f5 58 01 d0 f5 58 01 - e8 03 00 00 ff 41 00
00 T.X...X......A..
0158f5a0 00 00 00 00 88 f6 58 01 - e8 4d 0a 00 00 00 00
00 ......X..M......
0158f5b0 d8 f5 58 01 18 8d a9 77 - d0 f5 58 01 e8 03 00
00 ..X....w..X.....
0158f5c0 e0 f5 58 01 00 00 00 00 - e8 4d 0a 00 30 4e 0a
00 ..X......M..0N..
0158f5d0 00 03 00 00 01 00 00 00 - f8 f5 58 01 1b ab b1
77 ..........X....w
0158f5e0 ff ff ff ff 4c f6 58 01 - 24 9b 09 00 e8 4d 0a
00 ....L.X.$....M..
0158f5f0 24 9b 09 00 00 00 00 00 - 10 f6 58 01 f8 a9 b1
77 $.........X....w
0158f600 01 00 00 00 24 9b 09 00 - 00 00 00 00 4c 3b ef
76 ....$.......L;.v
0158f610 50 f6 58 01 65 a8 b1 77 - 4c f6 58 01 24 9b 09
00 P.X.e..wL.X.$...
État de vidage Thread Id 0x504
eax=014c8e68 ebx=00000003 ecx=00070000 edx=00000000
esi=784637a7 edi=00000003
eip=784637b2 esp=0161ff20 ebp=0161ff6c iopl=0 nv
up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000246
fonction : NtWaitForMultipleObjects
784637a7 b8e9000000 mov eax,0xe9
784637ac 8d542404 lea edx,
[esp+0x4] ss:0208d4f3=????????
784637b0 cd2e int 2e
784637b2 c21400 ret 0x14
*----> Parcours arrière de la pile <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0161FF6C 77E7A31D 0161FF44 00000001 00000000 00000000
ntdll!NtWaitForMultipleObjects
0161FFB4 77E787DD 00000000 00000000 0114FA40 00000000
kernel32!WaitForMultipleObjects
0161FFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
État de vidage Thread Id 0x508
eax=000bb1e8 ebx=00000000 ecx=017a0000 edx=00000000
esi=0165f508 edi=0165f51c
eip=78463c6a esp=0165f474 ebp=0165f4d4 iopl=0 nv
up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000202
fonction : ZwDeviceIoControlFile
78463c5f b838000000 mov eax,0x38
78463c64 8d542404 lea edx,
[esp+0x4] ss:020cca47=????????
78463c68 cd2e int 2e
78463c6a c22800 ret 0x28
*----> Parcours arrière de la pile <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0165F4D4 77533E6E 000003B0 001D8000 0165F538 0000006C
ntdll!ZwDeviceIoControlFile
0165F520 775316DE 0165F538 00000000 00000000 001D8000
wdmaud!mxdMessage
0165F598 77544C2B 00000000 00000001 00000002 00000000
wdmaud!DriverProc
0165F5CC 77544B79 00000000 00000002 00000000 00000000
winmm!SendDriverMessage
77E7C684 C73068FF 566877E7 6477E918 000000A1 89645000
winmm!SendDriverMessage
6AEC8B55 00000000 00000000 00000000 00000000 00000000
<nosymbols>
*----> Vidage brut de la pile <----*
0165f474 9f 08 e8 77 b0 03 00 00 - c8 03 00 00 00 00 00
00 ...w............
0165f484 08 f5 65 01 08 f5 65 01 - 00 80 1d 00 38 f5 65
01 ..e...e.....8.e.
0165f494 6c 00 00 00 38 f5 65 01 - 60 00 00 00 1c f5 65
01 l...8.e.`.....e.
0165f4a4 38 f5 65 01 00 00 00 00 - c9 83 e7 77 00 00 00
00 8.e........w....
0165f4b4 1c f5 65 01 10 37 56 77 - a0 f4 65 01 1c f5 65
01 ..e..7Vw..e...e.
0165f4c4 dc ff 65 01 56 18 e9 77 - e8 b7 e7 77 ff ff ff
ff ..e.V..w...w....
0165f4d4 20 f5 65 01 6e 3e 53 77 - b0 03 00 00 00 80 1d
00 .e.n>Sw........
0165f4e4 38 f5 65 01 6c 00 00 00 - 38 f5 65 01 60 00 00
00 8.e.l...8.e.`...
0165f4f4 1c f5 65 01 08 f5 65 01 - a0 16 53 77 10 37 56
77 ..e...e...Sw.7Vw
0165f504 00 00 00 00 03 01 00 00 - 00 00 00 00 00 00 00
00 ................
0165f514 00 00 00 00 c8 03 00 00 - 01 00 00 00 98 f5 65
01 ..............e.
0165f524 de 16 53 77 38 f5 65 01 - 00 00 00 00 00 00 00
00 ..Sw8.e.........
0165f534 00 80 1d 00 34 ee 65 01 - 00 00 00 00 05 00 00
00 ....4.e.........
0165f544 00 00 44 72 69 76 65 72 - 50 72 6f 63 00 13 07
00 ..DriverProc....
0165f554 a0 16 53 77 00 00 00 00 - 00 00 00 00 00 00 00
00 ..Sw............
0165f564 da 59 46 78 08 06 07 00 - 10 00 43 01 19 c7 e7
77 .YFx......C....w
0165f574 00 00 07 00 a0 16 53 77 - 10 37 56 77 00 00 00
00 ......Sw.7Vw....
0165f584 00 00 00 00 10 00 43 01 - 00 00 00 00 78 f5 65
01 ......C.....x.e.
0165f594 00 6a 0c 00 cc f5 65 01 - 2b 4c 54 77 00 00 00
00 .j....e.+LTw....
0165f5a4 01 00 00 00 02 00 00 00 - 00 00 00 00 00 00 00
00 ................
État de vidage Thread Id 0x518
eax=770d24c2 ebx=00050002 ecx=00000000 edx=00000000
esi=00082d80 edi=00000100
eip=78463bb8 esp=016dfe28 ebp=016dff74 iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
fonction : NtReplyWaitReceivePortEx
78463bad b8ac000000 mov eax,0xac
78463bb2 8d542404 lea edx,
[esp+0x4] ss:0214d3fb=????????
78463bb6 cd2e int 2e
78463bb8 c21400 ret 0x14
*----> Parcours arrière de la pile <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
016DFF74 770D20D9 770D25B9 00082D80 00000000 00000000
ntdll!NtReplyWaitReceivePortEx
016DFFA8 770D24DA 00078700 016DFFEC 77E787DD 000B3278
rpcrt4!NdrConformantArrayMemorySize
016DFFB4 77E787DD 000B3278 00000000 00000000 000B3278
rpcrt4!NdrConformantArrayMemorySize
016DFFEC 00000000 00000000 00000000 00000000 00000000
kernel32!GetModuleFileNameA
État de vidage Thread Id 0x52c
eax=77a8d4f1 ebx=00000102 ecx=00000101 edx=00000000
esi=7846318c edi=0172ff74
eip=78463197 esp=0172ff60 ebp=0172ff7c iopl=0 nv
up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038
gs=0000 efl=00000206
fonction : NtDelayExecution
7846318c b832000000 mov eax,0x32
78463191 8d542404 lea edx,
[esp+0x4] ss:0219d533=????????
78463195 cd2e int 2e
78463197 c20800 ret 0x8
*----> Parcours arrière de la pile <----*
FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4
Function Name
0172FF7C 77E775EB 0000EA60 00000000 77A74D37 0000EA60
ntdll!NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000
kernel32!Sleep