Aller au contenu
  • Pas encore inscrit ?

    Pourquoi ne pas vous inscrire ? C'est simple, rapide et gratuit.
    Pour en savoir plus, lisez Les avantages de l'inscription... et la Charte de Zébulon.
    De plus, les messages que vous postez en tant qu'invité restent invisibles tant qu'un modérateur ne les a pas validés. Inscrivez-vous, ce sera un gain de temps pour tout le monde, vous, les helpeurs et les modérateurs ! :wink:

RESOLU-Informations systeme,érreur Dr Watson


Juan-13-
 Partager

Messages recommandés

Bonjour,Dr watson me signale une erreur et j'ai été voir dans infos system et la aucune erreur sauf un rapport de Dr Watson qui est le suivant, C:\WINDOWS\PCHealth\HelpCtr\Binaries\Help Svc.exe c0000005 ntdll! Rt IEnter Critical Section (7C911010).Et dans l'observateur d'évenement,information date heure Dr Watson,et quand je clic dessu,j'ai le message suivant,L'application,C:WINDOWS\Pchealth\HelpCtr\Binaries\HelpSvc.exe,a généré une erreur d'application (date,heure)L'exception générée était c0000005 a l'adresse 7C911010 (ntdll!RtIEnterCriticalSection),et quand je clic dessous,Catégorie Aucun,(date,heure)L'ID de levenement est 4097,nom de la société Microsoft Corporation,Nom du fichier drwtsn32.exe,Nom du produit Systeme d'explotation Microsoft,Source Dr Watson Type Information,Version du fichier 5.1.2600.0,Version du produit pareil.SVP si vous pouvez m'expliquer dou viens cette érreur,et pourquoi?Pourtant j'ai pas de pb particulier!Tout à l'air de bien fonctionner!J'ai entendu dire qu'il faut mettre ces pilotes a jour!Je voudrais savoir comment il faut faire?Ou si c'est fait automatiquement avec les mises à jour de Microsoft?Merci pour votre aide et conseils.A + Juan-13-

Modifié par Juan-13-
Lien vers le commentaire
Partager sur d’autres sites

re,a chaque fois que j'efface l'erreur dans Dr Watson,meme que je ne n'éteint pas le PC elle revient sans arrêt et toujours la même érreur,et si je fais afficher (j'ai pu tout sélectionner et copier)pour le coller sur le méssage,car ça parle de processeur,je crois?SVP,si vous pouvez m'aider et me dire si c'est important ou non.Merci d'avance.Juan-13- PS:Le résultat de Dr Watson

 

Une exception d'application s'est produite :

AppC:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe (pid=3772)

Lorsque : 15/08/2006 @ 13:52:25.406

Numéro d'exception : c0000005 (violation d'accès)

 

*----> Informations système <----*

Nom ordinateur : 049141620007

Nom utilisateur : SYSTEM

ID de la session Terminal : 0

Nombre de processeurs : 1

Type de processeur : x86 Family 15 Model 47 Stepping 2

Version de Windows : 5.1

Numéro actuel : 2600

Service Pack : 2

Type actuel : Uniprocessor Free

Organisation enregistrée :

Propriétaire enregistré : Soraya

 

*----> Liste des tâches <----*

0 System Process

4 System

468 smss.exe

532 csrss.exe

564 winlogon.exe

608 services.exe

620 lsass.exe

776 Ati2evxx.exe

800 svchost.exe

852 svchost.exe

916 svchost.exe

956 svchost.exe

1096 svchost.exe

1120 ccProxy.exe

1380 ccSetMgr.exe

1420 ISSVC.exe

1456 Ati2evxx.exe

1528 Explorer.EXE

1552 SNDSrvc.exe

1572 SPBBCSvc.exe

1684 ccEvtMgr.exe

1928 spoolsv.exe

188 CLCapSvc.exe

208 dllhost.exe

240 CLMLServer.exe

264 DKService.exe

308 CLMLService.exe

400 HIDSERVICE.exe

488 navapsvc.exe

836 ULCDRSvr.exe

1196 wdfmgr.exe

2056 CLSched.exe

2252 SOUNDMAN.EXE

2260 atiptaxx.exe

2268 ccApp.exe

2276 monitor.exe

2284 PCMService.exe

2300 ABoard.exe

2308 vsnpstd2.exe

2344 AOSD.exe

3916 AcroRd32.exe

1976 svchost.exe

2212 msmsgs.exe

3772 HelpSvc.exe

2976 wmiprvse.exe

1088 drwtsn32.exe

 

*----> Liste des modules <----*

(0000000001000000 - 00000000010b8000: C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

(0000000020000000 - 00000000202da000: C:\WINDOWS\system32\xpsp2res.dll

(0000000058b50000 - 0000000058be7000: C:\WINDOWS\system32\comctl32.dll

(00000000595b0000 - 000000005977a000: C:\WINDOWS\AppPatch\AcGenral.DLL

(000000005b090000 - 000000005b0c8000: C:\WINDOWS\system32\UxTheme.dll

(000000005cea0000 - 000000005cec6000: C:\WINDOWS\system32\ShimEng.dll

(0000000062dc0000 - 0000000062dc9000: C:\WINDOWS\system32\LPK.DLL

(0000000066240000 - 0000000066265000: C:\WINDOWS\system32\itss.dll

(0000000068d90000 - 0000000068d94000: C:\WINDOWS\PCHealth\HelpCtr\Binaries\HCAppRes.dll

(000000006f890000 - 000000006f9a1000: C:\WINDOWS\system32\ESENT.dll

(00000000745e0000 - 00000000748a6000: C:\WINDOWS\system32\msi.dll

(00000000753c0000 - 000000007542b000: C:\WINDOWS\system32\USP10.dll

(0000000076320000 - 000000007633d000: C:\WINDOWS\system32\IMM32.DLL

(0000000076960000 - 0000000076a15000: C:\WINDOWS\system32\USERENV.dll

(0000000076ae0000 - 0000000076b0f000: C:\WINDOWS\system32\WINMM.dll

(0000000076f80000 - 0000000076fff000: C:\WINDOWS\system32\CLBCATQ.DLL

(0000000077000000 - 00000000770d4000: C:\WINDOWS\system32\COMRes.dll

(00000000770e0000 - 000000007716c000: C:\WINDOWS\system32\OLEAUT32.dll

(0000000077170000 - 0000000077210000: C:\WINDOWS\system32\urlmon.dll

(0000000077210000 - 00000000772c1000: C:\WINDOWS\system32\SXS.DLL

(0000000077390000 - 0000000077492000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_xww_a84f1ff9\comctl32.dll

(00000000774a0000 - 00000000775dd000: C:\WINDOWS\system32\ole32.dll

(00000000779e0000 - 0000000077a76000: C:\WINDOWS\system32\CRYPT32.dll

(0000000077a80000 - 0000000077a92000: C:\WINDOWS\system32\MSASN1.dll

(0000000077aa0000 - 0000000077b47000: C:\WINDOWS\system32\WININET.dll

(0000000077b50000 - 0000000077b72000: C:\WINDOWS\system32\Apphelp.dll

(0000000077bb0000 - 0000000077bc5000: C:\WINDOWS\system32\MSACM32.dll

(0000000077bd0000 - 0000000077bd8000: C:\WINDOWS\system32\VERSION.dll

(0000000077be0000 - 0000000077c38000: C:\WINDOWS\system32\msvcrt.dll

(0000000077d10000 - 0000000077da0000: C:\WINDOWS\system32\USER32.dll

(0000000077da0000 - 0000000077e4c000: C:\WINDOWS\system32\ADVAPI32.dll

(0000000077e50000 - 0000000077ee1000: C:\WINDOWS\system32\RPCRT4.dll

(0000000077ef0000 - 0000000077f37000: C:\WINDOWS\system32\GDI32.dll

(0000000077f40000 - 0000000077fb6000: C:\WINDOWS\system32\SHLWAPI.dll

(000000007c800000 - 000000007c904000: C:\WINDOWS\system32\kernel32.dll

(000000007c910000 - 000000007c9c7000: C:\WINDOWS\system32\ntdll.dll

(000000007c9d0000 - 000000007d1f3000: C:\WINDOWS\system32\SHELL32.dll

 

*----> Vidage de l'état de la thread 0xd5c <----*

 

eax=00000008 ebx=66242200 ecx=7ffdf000 edx=00000008 esi=0007f94c edi=000cb7a0

eip=7c911010 esp=0007f920 ebp=0007f92c iopl=0 nv up ei pl nz na pe nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

 

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ntdll.dll -

fonction : ntdll!RtlEnterCriticalSection

7c910ffc 0000 add [eax],al

7c910ffe 0000 add [eax],al

7c911000 90 nop

7c911001 90 nop

7c911002 90 nop

7c911003 90 nop

7c911004 90 nop

ntdll!RtlEnterCriticalSection:

7c911005 648b0d18000000 mov ecx,fs:[00000018]

7c91100c 8b542404 mov edx,[esp+0x4]

FAUTE ->7c911010 837a1400 cmp dword ptr [edx+0x14],0x0 ds:0023:0000001c=????????

7c911014 754f jnz ntdll!RtlEnterCriticalSection+0x60 (7c911065)

7c911016 f0ff4204 lock inc dword ptr [edx+0x4]

7c91101a 7519 jnz ntdll!RtlEnterCriticalSection+0x30 (7c911035)

7c91101c 8b4124 mov eax,[ecx+0x24]

7c91101f 89420c mov [edx+0xc],eax

7c911022 c7420801000000 mov dword ptr [edx+0x8],0x1

7c911029 33c0 xor eax,eax

7c91102b c20400 ret 0x4

7c91102e 8da42400000000 lea esp,[esp]

7c911035 8b4124 mov eax,[ecx+0x24]

 

*----> Suivi arrière de la pile <----*

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\itss.dll -

WARNING: Stack unwind information not available. Following frames may be wrong.

*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\PCHealth\HelpCtr\Binaries\HelpSvc.exe

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\kernel32.dll -

ChildEBP RetAddr Args to Child

0007f92c 66250c84 00000008 000c9410 00000000 ntdll!RtlEnterCriticalSection+0xb

0007f950 6624c9de 000c8fe8 000000b4 00000000 itss+0x10c84

0007f980 6625199e 000bf4e0 000cb7a0 00002000 itss+0xc9de

0007f9c8 6625467e 000cb768 00000054 00000000 itss+0x1199e

0007fc54 66254d58 000cbb00 00000000 000cba10 itss+0x1467e

0007fc68 662553fa 000cba2c 000cb9e8 000cba10 itss+0x14d58

0007fc7c 66255dcb 000cb9e8 0007fc9c 6624fde6 itss+0x153fa

0007fc88 6624fde6 00000001 00000000 000c9410 itss+0x15dcb

0007fc9c 6624ff8c 000cb9e8 0007fcc0 6624ee25 itss+0xfde6

0007fca8 6624ee25 000cba10 000c93e8 6624fb34 itss+0xff8c

0007fcc0 6624fde6 00000001 00000000 000ce758 itss+0xee25

0007fcd4 6624ff8c 000c93e8 0007fcf4 66258ff6 itss+0xfde6

0007fce0 66258ff6 000c9410 000ce758 6625f2c8 itss+0xff8c

0007fcf4 66258ccf 000c9410 000ce730 66259cb6 itss+0x18ff6

0007fd0c 6624fde6 00000001 0003707c 00037090 itss+0x18ccf

0007fd20 6624ff8c 000ce730 0007fd40 66258ff6 itss+0xfde6

0007fd2c 66258ff6 000ce758 00037090 6625f2c8 itss+0xff8c

0007fd40 01075278 000ce758 00037090 00000000 itss+0x18ff6

0007fd54 010752cd 00000000 0003707c 00037068 HelpSvc+0x75278

0007fd7c 01038ee7 00037058 00037068 0007fdd4 HelpSvc+0x752cd

0007fdac 010394b0 00035190 0007fdc4 01039502 HelpSvc+0x38ee7

0007fdb8 01039502 00000000 0007fddc 01039eaa HelpSvc+0x394b0

0007fdc4 01039eaa 00037068 00035174 00035174 HelpSvc+0x39502

0007fddc 01039eef 00037058 00035158 00035174 HelpSvc+0x39eaa

0007fdf0 01039f5b 0007fe04 00037058 00035288 HelpSvc+0x39eef

0007fe08 0103a05b 00000000 00035158 00035158 HelpSvc+0x39f5b

0007fe28 0103a0e8 00000001 0007fef8 0103a112 HelpSvc+0x3a05b

0007fe34 0103a112 00000001 0101b317 00000000 HelpSvc+0x3a0e8

0007fef8 0101b3f7 00000002 00033d98 00000002 HelpSvc+0x3a112

0007ff1c 01026d6f 01000000 00000000 000207de HelpSvc+0x1b3f7

0007ffc0 7c816fd7 00000001 00000000 7ffda000 HelpSvc+0x26d6f

0007fff0 00000000 01026bd7 00000000 78746341 kernel32!RegisterWaitForInputIdle+0x49

 

*----> Vidage brut de la pile <----*

000000000007f920 cf 80 24 66 08 00 00 00 - e8 8f 0c 00 50 f9 07 00 ..$f........P...

000000000007f930 84 0c 25 66 08 00 00 00 - 10 94 0c 00 00 00 00 00 ..%f............

000000000007f940 00 00 00 00 fe 01 00 00 - 00 00 00 00 08 00 00 00 ................

000000000007f950 80 f9 07 00 de c9 24 66 - e8 8f 0c 00 b4 00 00 00 ......$f........

000000000007f960 00 00 00 00 90 f9 07 00 - a0 b7 0c 00 68 b7 0c 00 ............h...

000000000007f970 54 20 00 00 54 00 00 00 - 32 07 92 7c 90 94 0c 00 T ..T...2..|....

000000000007f980 c8 f9 07 00 9e 19 25 66 - e0 f4 0b 00 a0 b7 0c 00 ......%f........

000000000007f990 00 20 00 00 00 00 00 00 - 10 ba 0c 00 00 bb 0c 00 . ..............

000000000007f9a0 18 bb 0c 00 54 00 00 00 - ab 06 92 7c b4 00 00 00 ....T......|....

000000000007f9b0 00 00 00 00 b4 00 00 00 - 00 00 00 00 b4 20 00 00 ............. ..

000000000007f9c0 00 00 00 00 c8 f2 25 66 - 54 fc 07 00 7e 46 25 66 ......%fT...~F%f

000000000007f9d0 68 b7 0c 00 54 00 00 00 - 00 00 00 00 18 bb 0c 00 h...T...........

000000000007f9e0 00 20 00 00 04 fa 07 00 - 00 bb 0c 00 10 ba 0c 00 . ..............

000000000007f9f0 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000007fa00 00 00 00 00 00 00 00 00 - 01 00 00 00 46 00 00 00 ............F...

000000000007fa10 68 b7 0c 00 01 00 00 00 - 00 00 00 00 18 bb 0c 00 h...............

000000000007fa20 00 20 00 00 18 db 0c 00 - 00 bb 0c 00 10 ba 0c 00 . ..............

000000000007fa30 ab 46 25 66 05 00 00 00 - 4e 00 61 00 00 00 00 00 .F%f....N.a.....

000000000007fa40 02 00 00 00 00 00 00 00 - d9 bc 0c 00 2c bb 0c 00 ............,...

000000000007fa50 01 00 00 00 01 00 00 00 - 3b 1e 00 00 08 00 00 00 ........;.......

 

*----> Vidage de l'état de la thread 0x4fc <----*

 

eax=0053c488 ebx=0065fdf8 ecx=00000000 edx=7c91eb94 esi=00000000 edi=7ffda000

eip=7c91eb94 esp=0065fdd0 ebp=0065fe6c iopl=0 nv up ei pl zr na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

 

fonction : ntdll!KiFastSystemCallRet

7c91eb89 90 nop

7c91eb8a 90 nop

ntdll!KiFastSystemCall:

7c91eb8b 8bd4 mov edx,esp

7c91eb8d 0f34 sysenter

7c91eb8f 90 nop

7c91eb90 90 nop

7c91eb91 90 nop

7c91eb92 90 nop

7c91eb93 90 nop

ntdll!KiFastSystemCallRet:

7c91eb94 c3 ret

7c91eb95 8da42400000000 lea esp,[esp]

7c91eb9c 8d642400 lea esp,[esp]

7c91eba0 90 nop

7c91eba1 90 nop

7c91eba2 90 nop

7c91eba3 90 nop

7c91eba4 90 nop

ntdll!KiIntSystemCall:

7c91eba5 8d542408 lea edx,[esp+0x8]

7c91eba9 cd2e int 2e

 

*----> Suivi arrière de la pile <----*

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\USER32.dll -

WARNING: Stack unwind information not available. Following frames may be wrong.

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\msvcrt.dll -

ChildEBP RetAddr Args to Child

0065fe6c 77d195f9 00000002 0065fe94 00000000 ntdll!KiFastSystemCallRet

0065fec8 77d196a8 00000001 0065ff44 ffffffff USER32!GetLastInputInfo+0x105

0065fee4 0101d6bb 00000001 0065ff44 00000000 USER32!MsgWaitForMultipleObjects+0x1f

0065ff28 0101d8b1 00375587 0065ff44 ffffffff HelpSvc+0x1d6bb

0065ff3c 0105b092 00000094 ffffffff 000a2b88 HelpSvc+0x1d8b1

0065ff5c 0101e00c 000a2b88 00039098 00034bc0 HelpSvc+0x5b092

0065ff80 77c0a3b0 00034d40 000a2b88 00000000 HelpSvc+0x1e00c

0065ffb4 7c80b683 00034bc0 000a2b88 00000000 msvcrt!endthreadex+0xa9

0065ffec 00000000 77c0a341 00034bc0 00000000 kernel32!GetModuleFileNameA+0x1b4

 

*----> Vidage brut de la pile <----*

000000000065fdd0 ab e9 91 7c e2 94 80 7c - 02 00 00 00 f8 fd 65 00 ...|...|......e.

000000000065fde0 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000065fdf0 02 00 00 00 00 00 00 00 - 94 00 00 00 a4 00 00 00 ................

000000000065fe00 08 fb f4 b7 08 00 00 00 - 10 50 53 80 10 8c 4d 80 .........PS...M.

000000000065fe10 ff ff ff ff 78 01 09 00 - 14 00 00 00 01 00 00 00 ....x...........

000000000065fe20 00 00 00 00 00 00 00 00 - 10 00 00 00 f4 11 b5 84 ................

000000000065fe30 ab e9 91 7c e2 94 80 7c - 00 a0 fd 7f 00 e0 fd 7f ...|...|........

000000000065fe40 24 95 80 7c 00 00 00 00 - f8 fd 65 00 00 00 00 00 $..|......e.....

000000000065fe50 02 00 00 00 ec fd 65 00 - 94 00 00 00 74 ff 65 00 ......e.....t.e.

000000000065fe60 a8 9a 83 7c d8 95 80 7c - 00 00 00 00 c8 fe 65 00 ...|...|......e.

000000000065fe70 f9 95 d1 77 02 00 00 00 - 94 fe 65 00 00 00 00 00 ...w......e.....

000000000065fe80 ff ff ff ff 00 00 00 00 - 00 00 00 00 01 00 00 00 ................

000000000065fe90 9c 92 80 7c 94 00 00 00 - a4 00 00 00 00 00 00 00 ...|............

000000000065fea0 00 00 00 00 00 00 00 00 - 01 00 00 00 00 00 00 00 ................

000000000065feb0 00 e0 fd 7f 9c 92 80 7c - 00 00 00 00 00 00 00 00 .......|........

000000000065fec0 00 e0 fd 7f a4 00 00 00 - e4 fe 65 00 a8 96 d1 77 ..........e....w

000000000065fed0 01 00 00 00 44 ff 65 00 - ff ff ff ff ff 04 00 00 ....D.e.........

000000000065fee0 94 fe 65 00 28 ff 65 00 - bb d6 01 01 01 00 00 00 ..e.(.e.........

000000000065fef0 44 ff 65 00 00 00 00 00 - ff ff ff ff ff 04 00 00 D.e.............

000000000065ff00 05 10 91 7c 40 4d 03 00 - ed 10 91 7c 6d d5 01 01 ...|@M.....|m...

 

*----> Vidage de l'état de la thread 0x1a4 <----*

 

eax=00000000 ebx=00000000 ecx=00004357 edx=7c98c0d8 esi=000aa000 edi=00000100

eip=7c91eb94 esp=0074fe1c ebp=0074ff80 iopl=0 nv up ei pl zr na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

 

fonction : ntdll!KiFastSystemCallRet

7c91eb89 90 nop

7c91eb8a 90 nop

ntdll!KiFastSystemCall:

7c91eb8b 8bd4 mov edx,esp

7c91eb8d 0f34 sysenter

7c91eb8f 90 nop

7c91eb90 90 nop

7c91eb91 90 nop

7c91eb92 90 nop

7c91eb93 90 nop

ntdll!KiFastSystemCallRet:

7c91eb94 c3 ret

7c91eb95 8da42400000000 lea esp,[esp]

7c91eb9c 8d642400 lea esp,[esp]

7c91eba0 90 nop

7c91eba1 90 nop

7c91eba2 90 nop

7c91eba3 90 nop

7c91eba4 90 nop

ntdll!KiIntSystemCall:

7c91eba5 8d542408 lea edx,[esp+0x8]

7c91eba9 cd2e int 2e

 

*----> Suivi arrière de la pile <----*

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\RPCRT4.dll -

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

0074ff80 77e56c22 0074ffa8 77e56a3b 000aa000 ntdll!KiFastSystemCallRet

0074ff88 77e56a3b 000aa000 01001920 0007f748 RPCRT4!I_RpcBCacheFree+0x5ea

0074ffa8 77e56c0a 000a0030 0074ffec 7c80b683 RPCRT4!I_RpcBCacheFree+0x403

0074ffb4 7c80b683 000aa288 01001920 0007f748 RPCRT4!I_RpcBCacheFree+0x5d2

0074ffec 00000000 77e56bf0 000aa288 00000000 kernel32!GetModuleFileNameA+0x1b4

 

*----> Vidage brut de la pile <----*

000000000074fe1c 99 e3 91 7c 03 67 e5 77 - 40 01 00 00 70 ff 74 00 ...|[email protected]

000000000074fe2c 00 00 00 00 00 cd 0a 00 - 54 ff 74 00 30 00 48 00 ........T.t.0.H.

000000000074fe3c 00 00 00 00 94 03 00 00 - ec 04 00 00 00 00 00 00 ................

000000000074fe4c 00 00 00 00 02 00 00 00 - 01 00 00 00 00 00 00 00 ................

000000000074fe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000074fe6c 21 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 !...............

000000000074fe7c 33 04 02 08 00 00 00 00 - 78 01 09 00 00 00 00 00 3.......x.......

000000000074fe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000074fe9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000074feac 00 00 00 00 02 40 00 80 - 00 00 00 00 00 00 00 00 [email protected]

000000000074febc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000074fecc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000074fedc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000074feec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000074fefc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000074ff0c 00 00 00 00 00 00 00 00 - bc 31 b5 84 24 7c 26 b8 .........1..$|&.

000000000074ff1c d9 9a 4f 80 e1 9a 4f 80 - 8c 31 b5 84 20 30 b5 84 ..O...O..1.. 0..

000000000074ff2c 54 30 b5 84 80 ff 74 00 - 99 66 e5 77 4c ff 74 00 T0....t..f.wL.t.

000000000074ff3c a9 66 e5 77 ed 10 91 7c - 60 a2 0a 00 88 a2 0a 00 .f.w...|`.......

000000000074ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

 

*----> Vidage de l'état de la thread 0xf50 <----*

 

eax=774be429 ebx=00007530 ecx=7ffda000 edx=00000000 esi=00000000 edi=0078ff50

eip=7c91eb94 esp=0078ff20 ebp=0078ff78 iopl=0 nv up ei pl nz na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206

 

fonction : ntdll!KiFastSystemCallRet

7c91eb89 90 nop

7c91eb8a 90 nop

ntdll!KiFastSystemCall:

7c91eb8b 8bd4 mov edx,esp

7c91eb8d 0f34 sysenter

7c91eb8f 90 nop

7c91eb90 90 nop

7c91eb91 90 nop

7c91eb92 90 nop

7c91eb93 90 nop

ntdll!KiFastSystemCallRet:

7c91eb94 c3 ret

7c91eb95 8da42400000000 lea esp,[esp]

7c91eb9c 8d642400 lea esp,[esp]

7c91eba0 90 nop

7c91eba1 90 nop

7c91eba2 90 nop

7c91eba3 90 nop

7c91eba4 90 nop

ntdll!KiIntSystemCall:

7c91eba5 8d542408 lea edx,[esp+0x8]

7c91eba9 cd2e int 2e

 

*----> Suivi arrière de la pile <----*

WARNING: Stack unwind information not available. Following frames may be wrong.

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ole32.dll -

ChildEBP RetAddr Args to Child

0078ff78 7c802451 0000ea60 00000000 0078ffb4 ntdll!KiFastSystemCallRet

0078ff88 774be31d 0000ea60 000aca18 774be3dc kernel32!Sleep+0xf

0078ffb4 7c80b683 000aca18 00000000 7c92094e ole32!StringFromGUID2+0x51b

0078ffec 00000000 774be429 000aca18 00000000 kernel32!GetModuleFileNameA+0x1b4

 

*----> Vidage brut de la pile <----*

000000000078ff20 5c d8 91 7c ed 23 80 7c - 00 00 00 00 50 ff 78 00 \..|.#.|....P.x.

000000000078ff30 40 25 80 7c f8 6d 5c 77 - 30 75 00 00 14 00 00 00 @%.|.m\w0u......

000000000078ff40 01 00 00 00 00 00 00 00 - 00 00 00 00 10 00 00 00 ................

000000000078ff50 00 ba 3c dc ff ff ff ff - 00 d1 4a 77 50 ff 78 00 ..<.......JwP.x.

000000000078ff60 30 ff 78 00 38 49 09 00 - dc ff 78 00 a8 9a 83 7c 0.x.8I....x....|

000000000078ff70 58 24 80 7c 00 00 00 00 - 88 ff 78 00 51 24 80 7c X$.|......x.Q$.|

000000000078ff80 60 ea 00 00 00 00 00 00 - b4 ff 78 00 1d e3 4b 77 `.........x...Kw

000000000078ff90 60 ea 00 00 18 ca 0a 00 - dc e3 4b 77 00 00 00 00 `.........Kw....

000000000078ffa0 00 00 00 00 18 ca 0a 00 - 00 00 4a 77 44 e4 4b 77 ..........JwD.Kw

000000000078ffb0 4e 09 92 7c ec ff 78 00 - 83 b6 80 7c 18 ca 0a 00 N..|..x....|....

000000000078ffc0 00 00 00 00 4e 09 92 7c - 18 ca 0a 00 00 90 fd 7f ....N..|........

000000000078ffd0 00 f6 7b 86 c0 ff 78 00 - 50 a9 c8 84 ff ff ff ff ..{...x.P.......

000000000078ffe0 a8 9a 83 7c 90 b6 80 7c - 00 00 00 00 00 00 00 00 ...|...|........

000000000078fff0 00 00 00 00 29 e4 4b 77 - 18 ca 0a 00 00 00 00 00 ....).Kw........

0000000000790000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000790010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000790020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000790030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000790040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000790050 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

 

*----> Vidage de l'état de la thread 0xd54 <----*

 

eax=00000204 ebx=00000000 ecx=0000021a edx=00000000 esi=000aa000 edi=00000100

eip=7c91eb94 esp=007cfe1c ebp=007cff80 iopl=0 nv up ei pl zr na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

 

fonction : ntdll!KiFastSystemCallRet

7c91eb89 90 nop

7c91eb8a 90 nop

ntdll!KiFastSystemCall:

7c91eb8b 8bd4 mov edx,esp

7c91eb8d 0f34 sysenter

7c91eb8f 90 nop

7c91eb90 90 nop

7c91eb91 90 nop

7c91eb92 90 nop

7c91eb93 90 nop

ntdll!KiFastSystemCallRet:

7c91eb94 c3 ret

7c91eb95 8da42400000000 lea esp,[esp]

7c91eb9c 8d642400 lea esp,[esp]

7c91eba0 90 nop

7c91eba1 90 nop

7c91eba2 90 nop

7c91eba3 90 nop

7c91eba4 90 nop

ntdll!KiIntSystemCall:

7c91eba5 8d542408 lea edx,[esp+0x8]

7c91eba9 cd2e int 2e

 

*----> Suivi arrière de la pile <----*

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

007cff80 77e56c22 007cffa8 77e56a3b 000aa000 ntdll!KiFastSystemCallRet

007cff88 77e56a3b 000aa000 00000000 003b0178 RPCRT4!I_RpcBCacheFree+0x5ea

007cffa8 77e56c0a 000a0030 007cffec 7c80b683 RPCRT4!I_RpcBCacheFree+0x403

007cffb4 7c80b683 000ae580 00000000 003b0178 RPCRT4!I_RpcBCacheFree+0x5d2

007cffec 00000000 77e56bf0 000ae580 00000000 kernel32!GetModuleFileNameA+0x1b4

 

*----> Vidage brut de la pile <----*

00000000007cfe1c 99 e3 91 7c 03 67 e5 77 - 40 01 00 00 70 ff 7c 00 ...|[email protected]|.

00000000007cfe2c 00 00 00 00 10 e9 0a 00 - 54 ff 7c 00 30 00 48 00 ........T.|.0.H.

00000000007cfe3c 00 00 00 00 94 03 00 00 - ec 04 00 00 00 00 00 00 ................

00000000007cfe4c 00 00 00 00 02 00 00 00 - 01 00 00 00 00 00 00 00 ................

00000000007cfe5c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000007cfe6c 1f 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000007cfe7c 01 00 00 00 02 40 00 80 - 00 00 00 00 00 00 00 00 [email protected]

00000000007cfe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000007cfe9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000007cfeac 00 00 00 00 02 40 00 80 - 00 00 00 00 00 00 00 00 [email protected]

00000000007cfebc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000007cfecc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000007cfedc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000007cfeec 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000007cfefc 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000007cff0c 00 00 00 00 00 00 00 00 - 5c c8 b0 84 24 3c 0c b8 ........\...$<..

00000000007cff1c d9 9a 4f 80 e1 9a 4f 80 - 2c c8 b0 84 c0 c6 b0 84 ..O...O.,.......

00000000007cff2c f4 c6 b0 84 80 ff 7c 00 - 99 66 e5 77 4c ff 7c 00 ......|..f.wL.|.

00000000007cff3c a9 66 e5 77 ed 10 91 7c - 58 e5 0a 00 80 e5 0a 00 .f.w...|X.......

00000000007cff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

 

*----> Vidage de l'état de la thread 0xe0 <----*

 

eax=000cf224 ebx=00000000 ecx=7c9206eb edx=00590001 esi=000aa000 edi=000b5738

eip=7c91eb94 esp=0084fe1c ebp=0084ff80 iopl=0 nv up ei pl zr na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

 

fonction : ntdll!KiFastSystemCallRet

7c91eb89 90 nop

7c91eb8a 90 nop

ntdll!KiFastSystemCall:

7c91eb8b 8bd4 mov edx,esp

7c91eb8d 0f34 sysenter

7c91eb8f 90 nop

7c91eb90 90 nop

7c91eb91 90 nop

7c91eb92 90 nop

7c91eb93 90 nop

ntdll!KiFastSystemCallRet:

7c91eb94 c3 ret

7c91eb95 8da42400000000 lea esp,[esp]

7c91eb9c 8d642400 lea esp,[esp]

7c91eba0 90 nop

7c91eba1 90 nop

7c91eba2 90 nop

7c91eba3 90 nop

7c91eba4 90 nop

ntdll!KiIntSystemCall:

7c91eba5 8d542408 lea edx,[esp+0x8]

7c91eba9 cd2e int 2e

 

*----> Suivi arrière de la pile <----*

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

0084ff80 77e56c22 0084ffa8 77e56a3b 000aa000 ntdll!KiFastSystemCallRet

0084ff88 77e56a3b 000aa000 0074fbe0 0074fc98 RPCRT4!I_RpcBCacheFree+0x5ea

0084ffa8 77e56c0a 000a0030 0084ffec 7c80b683 RPCRT4!I_RpcBCacheFree+0x403

0084ffb4 7c80b683 000b53a8 0074fbe0 0074fc98 RPCRT4!I_RpcBCacheFree+0x5d2

0084ffec 00000000 77e56bf0 000b53a8 00000000 kernel32!GetModuleFileNameA+0x1b4

 

*----> Vidage brut de la pile <----*

000000000084fe1c 99 e3 91 7c 03 67 e5 77 - 40 01 00 00 70 ff 84 00 ...|[email protected]

000000000084fe2c 00 00 00 00 f0 17 0c 00 - 54 ff 84 00 30 00 48 00 ........T...0.H.

000000000084fe3c 00 00 00 00 18 28 e9 e2 - 1c 28 e9 e2 00 00 00 00 .....(...(......

000000000084fe4c 00 00 00 00 02 dc 6d 86 - 01 00 00 00 08 e7 7b 86 ......m.......{.

000000000084fe5c 28 1b ad 84 10 1b ad 84 - 48 bd 52 b8 8d 23 5c 80 (.......H.R..#\.

000000000084fe6c 20 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ...............

000000000084fe7c 01 00 00 00 02 40 00 80 - 00 00 00 00 00 00 00 00 [email protected]

000000000084fe8c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000084fe9c 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

000000000084feac 00 00 00 00 02 40 00 80 - f4 01 00 00 78 dc 6d 86 [email protected]

000000000084febc 48 cb 9e e2 19 00 02 00 - f4 01 00 00 00 00 00 00 H...............

000000000084fecc 58 cb 9e e2 e8 93 25 e3 - 19 28 e9 e2 d8 bb 52 b8 X.....%..(....R.

000000000084fedc 34 30 60 80 48 cb 9e e2 - e8 93 25 e3 78 dc 6d 86 40`.H.....%.x.m.

000000000084feec 00 00 00 00 19 00 02 00 - ec bb 52 b8 fe bd 62 80 ..........R...b.

000000000084fefc 73 00 45 e1 01 00 00 00 - 64 04 45 e1 80 bc 52 b8 s.E.....d.E...R.

000000000084ff0c 3c bc 52 b8 d6 4d 63 80 - 44 7f aa 84 24 bc 52 b8 <.R..Mc.D...$.R.

000000000084ff1c d9 9a 4f 80 e1 9a 4f 80 - 14 7f aa 84 a8 7d aa 84 ..O...O......}..

000000000084ff2c dc 7d aa 84 80 ff 84 00 - 99 66 e5 77 4c ff 84 00 .}.......f.wL...

000000000084ff3c a9 66 e5 77 ed 10 91 7c - 70 17 0c 00 a8 53 0b 00 .f.w...|p....S..

000000000084ff4c 00 a2 2f 4d ff ff ff ff - 00 5d 1e ee ff ff ff ff ../M.....]......

 

*----> Vidage de l'état de la thread 0x864 <----*

 

eax=00000000 ebx=00000000 ecx=0088dc34 edx=0088dca0 esi=008713e4 edi=008713e0

eip=7c91eb94 esp=00ddff10 ebp=00ddff3c iopl=0 nv up ei ng nz ac po cy

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297

 

fonction : ntdll!KiFastSystemCallRet

7c91eb89 90 nop

7c91eb8a 90 nop

ntdll!KiFastSystemCall:

7c91eb8b 8bd4 mov edx,esp

7c91eb8d 0f34 sysenter

7c91eb8f 90 nop

7c91eb90 90 nop

7c91eb91 90 nop

7c91eb92 90 nop

7c91eb93 90 nop

ntdll!KiFastSystemCallRet:

7c91eb94 c3 ret

7c91eb95 8da42400000000 lea esp,[esp]

7c91eb9c 8d642400 lea esp,[esp]

7c91eba0 90 nop

7c91eba1 90 nop

7c91eba2 90 nop

7c91eba3 90 nop

7c91eba4 90 nop

ntdll!KiIntSystemCall:

7c91eba5 8d542408 lea edx,[esp+0x8]

7c91eba9 cd2e int 2e

 

*----> Suivi arrière de la pile <----*

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINDOWS\system32\ESENT.dll -

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

00ddff3c 6f892cf4 000001f0 00ddff68 00ddff6c ntdll!KiFastSystemCallRet

00ddff74 6f89b4ae 00000000 00ddffb4 6f89737b ESENT+0x2cf4

00ddff80 6f89737b 00871430 00000000 00000000 ESENT+0xb4ae

00ddffb4 7c80b683 000ced28 00000000 00000000 ESENT+0x737b

00ddffec 00000000 6f897356 000ced28 00000000 kernel32!GetModuleFileNameA+0x1b4

 

*----> Vidage brut de la pile <----*

0000000000ddff10 1b e3 91 7c 46 a7 80 7c - f0 01 00 00 6c ff dd 00 ...|F..|....l...

0000000000ddff20 54 ff dd 00 34 ff dd 00 - 2c ff dd 00 00 5d 1e ee T...4...,....]..

0000000000ddff30 ff ff ff ff d0 96 8a 6f - 00 00 00 00 74 ff dd 00 .......o....t...

0000000000ddff40 f4 2c 89 6f f0 01 00 00 - 68 ff dd 00 6c ff dd 00 .,.o....h...l...

0000000000ddff50 70 ff dd 00 30 75 00 00 - 28 ed 0c 00 28 ed 0c 00 p...0u..(...(...

0000000000ddff60 00 00 00 00 e4 13 87 00 - 00 10 00 00 91 96 8a 6f ...............o

0000000000ddff70 80 00 8f 00 80 ff dd 00 - ae b4 89 6f 00 00 00 00 ...........o....

0000000000ddff80 b4 ff dd 00 7b 73 89 6f - 30 14 87 00 00 00 00 00 ....{s.o0.......

0000000000ddff90 00 00 00 00 28 ed 0c 00 - 00 00 00 00 8c ff dd 00 ....(...........

0000000000ddffa0 14 01 50 80 dc ff dd 00 - ee c2 97 6f a0 73 89 6f ..P........o.s.o

0000000000ddffb0 00 00 00 00 ec ff dd 00 - 83 b6 80 7c 28 ed 0c 00 ...........|(...

0000000000ddffc0 00 00 00 00 00 00 00 00 - 28 ed 0c 00 00 60 fd 7f ........(....`..

0000000000ddffd0 00 f6 7b 86 c0 ff dd 00 - 30 79 af 84 ff ff ff ff ..{.....0y......

0000000000ddffe0 a8 9a 83 7c 90 b6 80 7c - 00 00 00 00 00 00 00 00 ...|...|........

0000000000ddfff0 00 00 00 00 56 73 89 6f - 28 ed 0c 00 00 00 00 00 ....Vs.o(.......

0000000000de0000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000de0010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000de0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000de0030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000de0040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

 

*----> Vidage de l'état de la thread 0xf7c <----*

 

eax=00375836 ebx=00e1febc ecx=00e30000 edx=00003758 esi=00000000 edi=7ffda000

eip=7c91eb94 esp=00e1fe94 ebp=00e1ff30 iopl=0 nv up ei pl zr na po nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

 

fonction : ntdll!KiFastSystemCallRet

7c91eb89 90 nop

7c91eb8a 90 nop

ntdll!KiFastSystemCall:

7c91eb8b 8bd4 mov edx,esp

7c91eb8d 0f34 sysenter

7c91eb8f 90 nop

7c91eb90 90 nop

7c91eb91 90 nop

7c91eb92 90 nop

7c91eb93 90 nop

ntdll!KiFastSystemCallRet:

7c91eb94 c3 ret

7c91eb95 8da42400000000 lea esp,[esp]

7c91eb9c 8d642400 lea esp,[esp]

7c91eba0 90 nop

7c91eba1 90 nop

7c91eba2 90 nop

7c91eba3 90 nop

7c91eba4 90 nop

ntdll!KiIntSystemCall:

7c91eba5 8d542408 lea edx,[esp+0x8]

7c91eba9 cd2e int 2e

 

*----> Suivi arrière de la pile <----*

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

00e1ff30 6f89b593 00000002 00e1ff50 00000000 ntdll!KiFastSystemCallRet

00e1ff80 6f89737b 00000000 00000000 7c91d592 ESENT+0xb593

00e1ffb4 7c80b683 000ceff0 00000000 7c91d592 ESENT+0x737b

00e1ffec 00000000 6f897356 000ceff0 00000000 kernel32!GetModuleFileNameA+0x1b4

 

*----> Vidage brut de la pile <----*

0000000000e1fe94 ab e9 91 7c e2 94 80 7c - 02 00 00 00 bc fe e1 00 ...|...|........

0000000000e1fea4 01 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000e1feb4 f0 ef 0c 00 f0 ef 0c 00 - f8 01 00 00 0c 02 00 00 ................

0000000000e1fec4 48 cb 9e e2 48 cb 9e e2 - 5c 03 00 00 00 00 00 00 H...H...\.......

0000000000e1fed4 60 cb 9e e2 b8 96 25 e3 - 14 00 00 00 01 00 00 00 `.....%.........

0000000000e1fee4 00 00 00 00 00 00 00 00 - 10 00 00 00 a8 1b ad 84 ................

0000000000e1fef4 00 00 00 00 ff ff ff ff - 00 a0 fd 7f 00 50 fd 7f .............P..

0000000000e1ff04 24 3c 19 b8 00 00 00 00 - bc fe e1 00 64 2d af 84 $<..........d-..

0000000000e1ff14 02 00 00 00 b0 fe e1 00 - c8 2b af 84 a4 ff e1 00 .........+......

0000000000e1ff24 a8 9a 83 7c d8 95 80 7c - 00 00 00 00 80 ff e1 00 ...|...|........

0000000000e1ff34 93 b5 89 6f 02 00 00 00 - 50 ff e1 00 00 00 00 00 ...o....P.......

0000000000e1ff44 ff ff ff ff 00 00 00 00 - 00 00 00 00 f8 01 00 00 ................

0000000000e1ff54 0c 02 00 00 00 00 00 00 - 00 00 00 00 30 d0 4f 80 ............0.O.

0000000000e1ff64 00 00 00 00 00 00 00 00 - ec d0 4f 80 e7 02 6d 80 ..........O...m.

0000000000e1ff74 c8 2b af 84 50 3d 19 b8 - 00 00 00 00 b4 ff e1 00 .+..P=..........

0000000000e1ff84 7b 73 89 6f 00 00 00 00 - 00 00 00 00 92 d5 91 7c {s.o...........|

0000000000e1ff94 f0 ef 0c 00 00 00 00 00 - 8c ff e1 00 14 01 50 80 ..............P.

0000000000e1ffa4 dc ff e1 00 ee c2 97 6f - a0 73 89 6f 00 00 00 00 .......o.s.o....

0000000000e1ffb4 ec ff e1 00 83 b6 80 7c - f0 ef 0c 00 00 00 00 00 .......|........

0000000000e1ffc4 92 d5 91 7c f0 ef 0c 00 - 00 50 fd 7f 00 f6 7b 86 ...|.....P....{.

 

*----> Vidage de l'état de la thread 0x578 <----*

 

eax=6f897356 ebx=00000000 ecx=6300564c edx=535c534f esi=00871454 edi=00871450

eip=7c91eb94 esp=00f6ff10 ebp=00f6ff3c iopl=0 nv up ei ng nz ac po cy

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297

 

fonction : ntdll!KiFastSystemCallRet

7c91eb89 90 nop

7c91eb8a 90 nop

ntdll!KiFastSystemCall:

7c91eb8b 8bd4 mov edx,esp

7c91eb8d 0f34 sysenter

7c91eb8f 90 nop

7c91eb90 90 nop

7c91eb91 90 nop

7c91eb92 90 nop

7c91eb93 90 nop

ntdll!KiFastSystemCallRet:

7c91eb94 c3 ret

7c91eb95 8da42400000000 lea esp,[esp]

7c91eb9c 8d642400 lea esp,[esp]

7c91eba0 90 nop

7c91eba1 90 nop

7c91eba2 90 nop

7c91eba3 90 nop

7c91eba4 90 nop

ntdll!KiIntSystemCall:

7c91eba5 8d542408 lea edx,[esp+0x8]

7c91eba9 cd2e int 2e

 

*----> Suivi arrière de la pile <----*

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

00f6ff3c 6f892cf4 00000214 00f6ff68 00f6ff6c ntdll!KiFastSystemCallRet

00f6ff74 6f89b4ae 00000000 00f6ffb4 6f89737b ESENT+0x2cf4

00f6ff80 6f89737b 008714a0 00094bb0 00000000 ESENT+0xb4ae

00f6ffb4 7c80b683 000cf100 00094bb0 00000000 ESENT+0x737b

00f6ffec 00000000 6f897356 000cf100 00000000 kernel32!GetModuleFileNameA+0x1b4

 

*----> Vidage brut de la pile <----*

0000000000f6ff10 1b e3 91 7c 46 a7 80 7c - 14 02 00 00 6c ff f6 00 ...|F..|....l...

0000000000f6ff20 54 ff f6 00 34 ff f6 00 - 2c ff f6 00 00 ba 3c dc T...4...,.....<.

0000000000f6ff30 ff ff ff ff 54 2d 8a 6f - 85 2d 8a 6f 74 ff f6 00 ....T-.o.-.ot...

0000000000f6ff40 f4 2c 89 6f 14 02 00 00 - 68 ff f6 00 6c ff f6 00 .,.o....h...l...

0000000000f6ff50 70 ff f6 00 60 ea 00 00 - 00 f1 0c 00 00 f1 0c 00 p...`...........

0000000000f6ff60 b0 4b 09 00 00 00 00 00 - 00 00 00 00 ec d0 4f 80 .K............O.

0000000000f6ff70 e7 02 6d 80 80 ff f6 00 - ae b4 89 6f 00 00 00 00 ..m........o....

0000000000f6ff80 b4 ff f6 00 7b 73 89 6f - a0 14 87 00 b0 4b 09 00 ....{s.o.....K..

0000000000f6ff90 00 00 00 00 00 f1 0c 00 - 00 00 00 00 8c ff f6 00 ................

0000000000f6ffa0 14 01 50 80 dc ff f6 00 - ee c2 97 6f a0 73 89 6f ..P........o.s.o

0000000000f6ffb0 00 00 00 00 ec ff f6 00 - 83 b6 80 7c 00 f1 0c 00 ...........|....

0000000000f6ffc0 b0 4b 09 00 00 00 00 00 - 00 f1 0c 00 00 40 fd 7f [email protected]

0000000000f6ffd0 00 f6 7b 86 c0 ff f6 00 - 30 79 af 84 ff ff ff ff ..{.....0y......

0000000000f6ffe0 a8 9a 83 7c 90 b6 80 7c - 00 00 00 00 00 00 00 00 ...|...|........

0000000000f6fff0 00 00 00 00 56 73 89 6f - 00 f1 0c 00 00 00 00 00 ....Vs.o........

0000000000f70000 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f70010 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f70020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f70030 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

0000000000f70040 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................

 

*----> Vidage de l'état de la thread 0x7fc <----*

 

eax=0003ff5c ebx=6f97e110 ecx=6f97e000 edx=000037b9 esi=00000220 edi=00000000

eip=7c91eb94 esp=021ffe84 ebp=021ffee8 iopl=0 nv up ei ng nz ac po cy

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297

 

fonction : ntdll!KiFastSystemCallRet

7c91eb89 90 nop

7c91eb8a 90 nop

ntdll!KiFastSystemCall:

7c91eb8b 8bd4 mov edx,esp

7c91eb8d 0f34 sysenter

7c91eb8f 90 nop

7c91eb90 90 nop

7c91eb91 90 nop

7c91eb92 90 nop

7c91eb93 90 nop

ntdll!KiFastSystemCallRet:

7c91eb94 c3 ret

7c91eb95 8da42400000000 lea esp,[esp]

7c91eb9c 8d642400 lea esp,[esp]

7c91eba0 90 nop

7c91eba1 90 nop

7c91eba2 90 nop

7c91eba3 90 nop

7c91eba4 90 nop

ntdll!KiIntSystemCall:

7c91eba5 8d542408 lea edx,[esp+0x8]

7c91eba9 cd2e int 2e

 

*----> Suivi arrière de la pile <----*

WARNING: Stack unwind information not available. Following frames may be wrong.

ChildEBP RetAddr Args to Child

021ffee8 6f891928 00000220 000003e8 00000000 ntdll!KiFastSystemCallRet

021fff00 6f89188b 000003e8 0037cd66 6f97e110 ESENT+0x1928

021fff38 6f891640 000003e8 000003e8 021fff80 ESENT+0x188b

021fff48 6f8919fd 000003e8 006bfa74 000cf190 ESENT+0x1640

021fff80 6f89737b 00000000 006bfa74 006bfa7c ESENT+0x19fd

021fffb4 7c80b683 000cf190 006bfa74 006bfa7c ESENT+0x737b

021fffec 00000000 6f897356 000cf190 00000000 kernel32!GetModuleFileNameA+0x1b4

 

*----> Vidage brut de la pile <----*

00000000021ffe84 c0 e9 91 7c cb 25 80 7c - 20 02 00 00 00 00 00 00 ...|.%.| .......

00000000021ffe94 b8 fe 1f 02 00 00 00 00 - e8 03 00 00 10 e1 97 6f ...............o

00000000021ffea4 14 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 ................

00000000021ffeb4 10 00 00 00 80 69 67 ff - ff ff ff ff 00 a0 fd 7f .....ig.........

00000000021ffec4 00 f0 fa 7f b8 fe 1f 02 - 00 00 00 00 98 fe 1f 02 ................

00000000021ffed4 00 00 00 00 a4 ff 1f 02 - a8 9a 83 7c f8 25 80 7c ...........|.%.|

00000000021ffee4 00 00 00 00 00 ff 1f 02 - 28 19 89 6f 20 02 00 00 ........(..o ...

00000000021ffef4 e8 03 00 00 00 00 00 00 - 7c e1 97 6f 38 ff 1f 02 ........|..o8...

00000000021fff04 8b 18 89 6f e8 03 00 00 - 66 cd 37 00 10 e1 97 6f ...o....f.7....o

00000000021fff14 f8 48 6e 00 00 00 00 00 - 10 e1 97 6f 00 00 00 00 .Hn........o....

00000000021fff24 3c ff 1f 02 71 16 89 6f - 00 00 ff ff 00 00 00 00 <...q..o........

00000000021fff34 00 00 00 00 48 ff 1f 02 - 40 16 89 6f e8 03 00 00 [email protected]

00000000021fff44 e8 03 00 00 80 ff 1f 02 - fd 19 89 6f e8 03 00 00 ...........o....

00000000021fff54 74 fa 6b 00 90 f1 0c 00 - 90 f1 0c 00 30 d0 4f 80 t.k.........0.O.

00000000021fff64 ee b9 37 00 00 00 00 00 - ec d0 4f 80 d6 bd 37 00 ..7.......O...7.

00000000021fff74 d6 bd 37 00 d6 bd 37 00 - d6 bd 37 00 b4 ff 1f 02 ..7...7...7.....

00000000021fff84 7b 73 89 6f 00 00 00 00 - 74 fa 6b 00 7c fa 6b 00 {s.o....t.k.|.k.

00000000021fff94 90 f1 0c 00 00 00 00 00 - 8c ff 1f 02 14 01 50 80 ..............P.

00000000021fffa4 dc ff 1f 02 ee c2 97 6f - a0 73 89 6f 00 00 00 00 .......o.s.o....

00000000021fffb4 ec ff 1f 02 83 b6 80 7c - 90 f1 0c 00 74 fa 6b 00 .......|....t.k.

 

n

Lien vers le commentaire
Partager sur d’autres sites

Rejoindre la conversation

Vous publiez en tant qu’invité. Si vous avez un compte, connectez-vous maintenant pour publier avec votre compte.
Remarque : votre message nécessitera l’approbation d’un modérateur avant de pouvoir être visible.

Invité
Répondre à ce sujet…

×   Collé en tant que texte enrichi.   Coller en tant que texte brut à la place

  Seulement 75 émoticônes maximum sont autorisées.

×   Votre lien a été automatiquement intégré.   Afficher plutôt comme un lien

×   Votre contenu précédent a été rétabli.   Vider l’éditeur

×   Vous ne pouvez pas directement coller des images. Envoyez-les depuis votre ordinateur ou insérez-les depuis une URL.

 Partager

  • En ligne récemment   0 membre est en ligne

    • Aucun utilisateur enregistré regarde cette page.
×
×
  • Créer...