Skip to content

Instantly share code, notes, and snippets.

@r41p41

r41p41/CVE-2015-2545_375e51a989525cfec8296faaffdefa35

Created February 4, 2016 16:43
Show Gist options
  • Save r41p41/a068c69f2131120d3c56 to your computer and use it in GitHub Desktop.
Save r41p41/a068c69f2131120d3c56 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
CVE-2015-2545_375e51a989525cfec8296faaffdefa35
Microsoft (R) Windows Debugger Version 6.2.9200.16384 X86
Copyright (c) Microsoft Corporation. All rights reserved.
*** wait with pending attach
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
ModLoad: 2faf0000 2fb56000 C:\PROGRA~2\MIF5BA~1\Office12\WINWORD.EXE
ModLoad: 77bc0000 77bc0000 C:\Windows\SysWOW64\ntdll.dll
ModLoad: 77040000 77140000 C:\Windows\syswow64\kernel32.dll
ModLoad: 757b0000 757f6000 C:\Windows\syswow64\KERNELBASE.dll
ModLoad: 74a40000 74adb000 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCR80.dll
ModLoad: 75eb0000 75f5c000 C:\Windows\syswow64\msvcrt.dll
ModLoad: 74880000 748cb000 C:\Windows\system32\apphelp.dll
ModLoad: 73b10000 73cb0000 C:\Windows\AppPatch\EMET.DLL
ModLoad: 75b20000 75bc0000 C:\Windows\syswow64\ADVAPI32.dll
ModLoad: 77140000 77159000 C:\Windows\SysWOW64\sechost.dll
ModLoad: 76bb0000 76ca0000 C:\Windows\syswow64\RPCRT4.dll
ModLoad: 75730000 75790000 C:\Windows\syswow64\SspiCli.dll
ModLoad: 75720000 7572c000 C:\Windows\syswow64\CRYPTBASE.dll
ModLoad: 74b50000 74bcb000 C:\Windows\AppPatch\AcSpecfc.DLL
ModLoad: 75a90000 75b14000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7600.16385_none_ebf82fc36c758ad5\COMCTL32.dll
ModLoad: 76ca0000 76d30000 C:\Windows\syswow64\GDI32.dll
ModLoad: 775b0000 776b0000 C:\Windows\syswow64\USER32.dll
ModLoad: 77330000 7733a000 C:\Windows\syswow64\LPK.dll
ModLoad: 75960000 759fd000 C:\Windows\syswow64\USP10.dll
ModLoad: 74800000 74879000 C:\Windows\system32\mscms.dll
ModLoad: 74b30000 74b47000 C:\Windows\system32\USERENV.dll
ModLoad: 751b0000 751bb000 C:\Windows\system32\profapi.dll
ModLoad: 75d10000 75d67000 C:\Windows\syswow64\SHLWAPI.dll
ModLoad: 75800000 7595c000 C:\Windows\syswow64\ole32.dll
ModLoad: 75f60000 76ba9000 C:\Windows\syswow64\SHELL32.dll
ModLoad: 743a0000 743d2000 C:\Windows\system32\WINMM.dll
ModLoad: 738f0000 739d7000 C:\Windows\system32\DDRAW.dll
ModLoad: 74f70000 74f76000 C:\Windows\system32\DCIMAN32.dll
ModLoad: 77160000 772fd000 C:\Windows\syswow64\SETUPAPI.dll
ModLoad: 77300000 77327000 C:\Windows\syswow64\CFGMGR32.dll
ModLoad: 75a00000 75a8f000 C:\Windows\syswow64\OLEAUT32.dll
ModLoad: 75790000 757a2000 C:\Windows\syswow64\DEVOBJ.dll
ModLoad: 74ea0000 74eb3000 C:\Windows\system32\dwmapi.dll
ModLoad: 74e60000 74e72000 C:\Windows\system32\MPR.dll
ModLoad: 75c90000 75d0b000 C:\Windows\syswow64\COMDLG32.dll
ModLoad: 75d70000 75dd0000 C:\Windows\syswow64\IMM32.dll
ModLoad: 75bc0000 75c8c000 C:\Windows\syswow64\MSCTF.dll
ModLoad: 75dd0000 75e05000 C:\Windows\syswow64\WS2_32.dll
ModLoad: 77b90000 77b96000 C:\Windows\syswow64\NSI.dll
ModLoad: 6e0f0000 6e330000 C:\Windows\system32\msi.dll
ModLoad: 6cfb0000 6e0ec000 C:\PROGRA~2\MIF5BA~1\Office12\wwlib.dll
ModLoad: 6c230000 6cfb0000 C:\PROGRA~2\MIF5BA~1\Office12\oart.dll
ModLoad: 6b210000 6c228000 C:\Program Files (x86)\Common Files\Microsoft Shared\office12\mso.dll
ModLoad: 73810000 738e7000 C:\PROGRA~2\MIF5BA~1\Office12\1033\wwintl.dll
ModLoad: 74ec0000 74f40000 C:\Windows\system32\uxtheme.dll
ModLoad: 745b0000 7474e000 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\Comctl32.dll
ModLoad: 6abb0000 6b204000 C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSORES.DLL
ModLoad: 74270000 7432a000 C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
ModLoad: 6a1d0000 6abad000 C:\Program Files (x86)\Common Files\Microsoft Shared\office12\1033\MSOINTL.DLL
ModLoad: 737c0000 7380a000 C:\Windows\system32\mscoree.dll
ModLoad: 735c0000 7363a000 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
ModLoad: 74f60000 74f69000 C:\Windows\system32\VERSION.DLL
ModLoad: 73760000 737b1000 C:\Windows\system32\Winspool.DRV
ModLoad: 75e20000 75ea3000 C:\Windows\syswow64\CLBCatQ.DLL
ModLoad: 71ab0000 71bb9000 C:\Program Files (x86)\Common Files\Microsoft Shared\office12\riched20.dll
ModLoad: 739e0000 73ad5000 C:\Windows\system32\propsys.dll
ModLoad: 74760000 74781000 C:\Windows\system32\ntmarta.dll
ModLoad: 76f30000 76f75000 C:\Windows\syswow64\WLDAP32.dll
ModLoad: 74fc0000 74fee000 C:\Windows\System32\shdocvw.dll
ModLoad: 04b30000 04c8c000 C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE11\msxml5.dll
ModLoad: 73680000 73696000 C:\Windows\system32\CRYPTSP.dll
ModLoad: 73640000 7367b000 C:\Windows\system32\rsaenh.dll
ModLoad: 751a0000 751ae000 C:\Windows\system32\RpcRtRemote.dll
ModLoad: 73560000 735bf000 C:\Windows\system32\SXS.DLL
ModLoad: 719f0000 71aa6000 C:\Program Files (x86)\Microsoft Office\Office12\msproof6.dll
ModLoad: 6a140000 6a1c7000 C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\MSVCP80.dll
ModLoad: 74b10000 74b24000 C:\Program Files (x86)\Microsoft Office\Office12\MSOHEV.DLL
(e64.a90): Break instruction exception - code 80000003 (first chance)
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\syswow64\kernel32.dll -
eax=7ef9a000 ebx=00000000 ecx=00000000 edx=77c5f50a esi=00000000 edi=00000000
eip=77bd000c esp=0694f7c8 ebp=0694f7f4 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
77bd000c cc int 3
0:010> ba r4 ZwProtectVirtualMemory
0:010> g
(e64.af4): Guard page violation - code 80000001 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=04b2fb4c ebx=04b2fb4c ecx=04b2fb4e edx=77040000 esi=770ff6a0 edi=00000000
eip=77beff62 esp=04b2fa70 ebp=04b2faec iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010202
77beff62 8b7e20 mov edi,dword ptr [esi+20h] ds:002b:770ff6c0=040c0c00
0:003> g
(e64.af4): Single step exception - code 80000004 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=04b2fb4c ebx=04b2fb4c ecx=04b2fb4e edx=77040000 esi=770ff6a0 edi=000c0c04
eip=77beff65 esp=04b2fa70 ebp=04b2faec iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
77beff65 03fa add edi,edx
0:003> g
(e64.af4): Guard page violation - code 80000001 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00005a4d ebx=77bc0000 ecx=04b2f900 edx=00000000 esi=77bc0000 edi=04b2f98c
eip=77bef38f esp=04b2f92c ebp=04b2f968 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010246
77bef38f 663906 cmp word ptr [esi],ax ds:002b:77bc0000=4d5a
0:003> g
(e64.af4): Single step exception - code 80000004 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00005a4d ebx=77bc0000 ecx=04b2f900 edx=00000000 esi=77bc0000 edi=04b2f98c
eip=77bef392 esp=04b2f92c ebp=04b2f968 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
77bef392 0f85a3c80000 jne 77bfbc3b [br=0]
0:003> g
(e64.af4): Guard page violation - code 80000001 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=04b2fb84 ebx=04b2fb84 ecx=04b2fb86 edx=757b0000 esi=757ea6b0 edi=00000000
eip=77beff62 esp=04b2faa8 ebp=04b2fb24 iopl=0 nv up ei pl nz na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206
77beff62 8b7e20 mov edi,dword ptr [esi+20h] ds:002b:757ea6d0=a8b00300
0:003> g
(e64.af4): Single step exception - code 80000004 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=04b2fb84 ebx=04b2fb84 ecx=04b2fb86 edx=757b0000 esi=757ea6b0 edi=0003b0a8
eip=77beff65 esp=04b2faa8 ebp=04b2fb24 iopl=0 nv up ei pl nz na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000206
77beff65 03fa add edi,edx
0:003> g
SetContext failed, 0x80070005
MachineInfo::SetContext failed - Thread: 00251410 Handle: 17c Id: af4 - Error == 0x80070005
SetContext failed, 0x80070005
MachineInfo::SetContext failed - Thread: 00252270 Handle: 184 Id: cb4 - Error == 0x80070005
ModLoad: 74bd0000 74d68000 NetworkExplorer.dll
ModLoad: 74bd0000 74d68000 C:\Windows\SysWOW64\NetworkExplorer.dll
ModLoad: 03070000 030eb000 C:\Windows\SysWOW64\comdlg32.dll
ModLoad: 751c0000 75218000 C:\Program Files (x86)\Common Files\microsoft shared\ink\tiptsf.dll
ModLoad: 69c70000 69ddf000 C:\Windows\SysWOW64\explorerframe.dll
ModLoad: 74230000 7425f000 C:\Windows\SysWOW64\DUser.dll
ModLoad: 69bb0000 69c62000 C:\Windows\SysWOW64\DUI70.dll
ModLoad: 72e90000 72f8b000 C:\Windows\SysWOW64\WindowsCodecs.dll
ModLoad: 72370000 723a1000 EhStorAPI.DLL
ModLoad: 72370000 723a1000 C:\Windows\SysWOW64\EhStorShell.dll
ModLoad: 661c0000 663dd000 GrooveShellExtensions.DLL
ModLoad: 06d10000 06f2d000 GrooveShellExtensions.DLL
ModLoad: 661c0000 663dd000 C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
ModLoad: 06d10000 06f2d000 C:\PROGRA~2\MIF5BA~1\Office12\GR469A~1.DLL
ModLoad: 68ef0000 68fe1000 C:\PROGRA~2\MIF5BA~1\Office12\GrooveUtil.DLL
ModLoad: 05ed0000 05fc1000 C:\PROGRA~2\MIF5BA~1\Office12\GrooveUtil.DLL
ModLoad: 776c0000 777b4000 C:\Windows\syswow64\WININET.dll
ModLoad: 776b0000 776b3000 C:\Windows\syswow64\Normaliz.dll
ModLoad: 77340000 77475000 C:\Windows\syswow64\urlmon.dll
ModLoad: 77480000 7759c000 C:\Windows\syswow64\CRYPT32.dll
ModLoad: 775a0000 775ac000 C:\Windows\syswow64\MSASN1.dll
ModLoad: 76d30000 76f29000 C:\Windows\syswow64\iertutil.dll
ModLoad: 68ff0000 68ff7000 C:\PROGRA~2\MIF5BA~1\Office12\GrooveNew.DLL
ModLoad: 03310000 03317000 C:\PROGRA~2\MIF5BA~1\Office12\GrooveNew.DLL
ModLoad: 7c630000 7c64b000 C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1\ATL80.DLL
ModLoad: 03330000 0334b000 C:\Windows\WinSxS\x86_microsoft.vc80.atl_1fc8b3b9a1e18e3b_8.0.50727.42_none_dc990e4797f81af1\ATL80.DLL
ModLoad: 748d0000 748d5000 C:\Windows\SysWOW64\MSImg32.dll
ModLoad: 72300000 7236f000 ntshrui.dll
ModLoad: 72300000 7236f000 C:\Windows\SysWOW64\ntshrui.dll
ModLoad: 73740000 73759000 C:\Windows\SysWOW64\srvcli.dll
ModLoad: 74750000 7475b000 C:\Windows\SysWOW64\cscapi.dll
ModLoad: 74260000 7426a000 C:\Windows\SysWOW64\slc.dll
ModLoad: 73ae0000 73b0f000 C:\Windows\SysWOW64\xmllite.dll
ModLoad: 743e0000 74474000 C:\Windows\SysWOW64\MsftEdit.dll
ModLoad: 06f30000 06ffc000 C:\Windows\SysWOW64\msctf.dll
ModLoad: 736b0000 736da000 C:\Windows\SysWOW64\msls31.dll
ModLoad: 73530000 7355f000 C:\Windows\SysWOW64\XmlLite.dll
ModLoad: 74f40000 74f49000 C:\Windows\SysWOW64\LINKINFO.dll
ModLoad: 74ff0000 7508f000 C:\Windows\SysWOW64\SearchFolder.dll
ModLoad: 75140000 7519c000 C:\Windows\SysWOW64\StructuredQuery.dll
ModLoad: 75130000 75138000 C:\Windows\SysWOW64\Secur32.dll
ModLoad: 747f0000 747fc000 C:\Windows\SysWOW64\mssprxy.dll
ModLoad: 75090000 750a6000 C:\Windows\SysWOW64\thumbcache.dll
ModLoad: 75e10000 75e15000 C:\Windows\syswow64\PSAPI.DLL
ModLoad: 6fbd0000 7064c000 C:\Windows\SysWOW64\ieframe.DLL
ModLoad: 74f80000 74fbc000 C:\Windows\SysWOW64\OLEACC.dll
ModLoad: 69b00000 69ba6000 mssup.DLL
ModLoad: 69b00000 69ba6000 C:\Windows\SysWOW64\mssvp.dll
ModLoad: 74360000 74376000 C:\Windows\SysWOW64\MAPI32.dll
ModLoad: 06590000 065f6000 winword.exe
SetContext failed, 0x80070005
MachineInfo::SetContext failed - Thread: 0027E220 Handle: 348 Id: b40 - Error == 0x80070005
ModLoad: 06590000 065f6000 winword.exe
ModLoad: 65e30000 65e67000 C:\PROGRA~2\MIF5BA~1\Office12\GRA32A~1.DLL
ModLoad: 05fd0000 06007000 C:\PROGRA~2\MIF5BA~1\Office12\GRA32A~1.DLL
ModLoad: 74900000 74a32000 C:\Windows\SysWOW64\msxml3.dll
ModLoad: 750b0000 750db000 C:\Program Files (x86)\Internet Explorer\ieproxy.dll
ModLoad: 750e0000 7512e000 C:\Windows\SysWOW64\actxprxy.dll
ModLoad: 74790000 7479f000 C:\Windows\SysWOW64\samcli.dll
ModLoad: 74360000 74372000 C:\Windows\SysWOW64\SAMLIB.dll
ModLoad: 74220000 74229000 C:\Windows\SysWOW64\netutils.dll
SetContext failed, 0x80070005
MachineInfo::SetContext failed - Thread: 00252270 Handle: 2ac Id: e14 - Error == 0x80070005
ModLoad: 73ae0000 73b0f000 C:\Program Files (x86)\Common Files\Microsoft Shared\TEXTCONV\WPFT532.CNV
ModLoad: 73710000 7372e000 C:\Program Files (x86)\Common Files\Microsoft Shared\TEXTCONV\msconv97.dll
ModLoad: 734b0000 734ec000 C:\Program Files (x86)\Common Files\Microsoft Shared\TEXTCONV\WPFT632.CNV
ModLoad: 73af0000 73b0e000 C:\Program Files (x86)\Common Files\Microsoft Shared\TEXTCONV\msconv97.dll
ModLoad: 73500000 7352f000 C:\Program Files (x86)\Common Files\Microsoft Shared\TEXTCONV\WPFT532.CNV
ModLoad: 73710000 7372e000 C:\Program Files (x86)\Common Files\Microsoft Shared\TEXTCONV\msconv97.dll
ModLoad: 72e50000 72e8c000 C:\Program Files (x86)\Common Files\Microsoft Shared\TEXTCONV\WPFT632.CNV
ModLoad: 73af0000 73b0e000 C:\Program Files (x86)\Common Files\Microsoft Shared\TEXTCONV\msconv97.dll
ModLoad: 74020000 7402a000 C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\RECOVR32.CNV
ModLoad: 73710000 7372e000 C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\msconv97.dll
ModLoad: 10000000 10014000 C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\Works632.cnv
ModLoad: 030d0000 030e4000 C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\Works632.cnv
ModLoad: 73ae0000 73b0f000 C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\WPFT532.CNV
ModLoad: 73510000 7352e000 C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\msconv97.dll
ModLoad: 734b0000 734ec000 C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\WPFT632.CNV
ModLoad: 73af0000 73b0e000 C:\Program Files (x86)\Common Files\Microsoft Shared\TextConv\msconv97.dll
ModLoad: 73500000 7352f000 C:\Program Files (x86)\Common Files\Microsoft Shared\TEXTCONV\WPFT532.CNV
ModLoad: 73710000 7372e000 C:\Program Files (x86)\Common Files\Microsoft Shared\TEXTCONV\msconv97.dll
ModLoad: 72e50000 72e8c000 C:\Program Files (x86)\Common Files\Microsoft Shared\TEXTCONV\WPFT632.CNV
ModLoad: 73af0000 73b0e000 C:\Program Files (x86)\Common Files\Microsoft Shared\TEXTCONV\msconv97.dll
(e64.cbc): Unknown exception - code e0000002 (first chance)
ModLoad: 69a10000 69ba5000 C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL
ModLoad: 74020000 7402d000 C:\Windows\SysWOW64\WTSAPI32.DLL
ModLoad: 73ae0000 73b09000 C:\Windows\SysWOW64\WINSTA.dll
(e64.cbc): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\OGL.DLL -
eax=0527101f ebx=06015f96 ecx=00000060 edx=00000060 esi=0a590048 edi=00000160
eip=69a3bcc7 esp=0036ae00 ebp=0036ae2c iopl=0 nv up ei pl nz ac po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010212
OGL!GdipAddPathLine2I+0x332:
69a3bcc7 8818 mov byte ptr [eax],bl ds:002b:0527101f=??
0:000> g
(e64.cbc): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0527206f ebx=07a1b096 ecx=0000007a edx=0000007a esi=0a590048 edi=000001b1
eip=69a3bcc7 esp=0036ae00 ebp=0036ae2c iopl=0 nv up ei pl nz ac pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010216
OGL!GdipAddPathLine2I+0x332:
69a3bcc7 8818 mov byte ptr [eax],bl ds:002b:0527206f=??
0:000> g
(e64.cbc): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=052730b8 ebx=0c271696 ecx=000000c2 edx=000000c2 esi=0a590048 edi=00000717
eip=69a3bcc7 esp=0036ae00 ebp=0036ae2c iopl=0 nv up ei pl nz na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206
OGL!GdipAddPathLine2I+0x332:
69a3bcc7 8818 mov byte ptr [eax],bl ds:002b:052730b8=??
0:000> g
(e64.cbc): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=052740b2 ebx=0fa9f796 ecx=000000fa edx=000000fa esi=0a590048 edi=000009f8
eip=69a3bcc7 esp=0036ae00 ebp=0036ae2c iopl=0 nv up ei pl nz na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00010206
OGL!GdipAddPathLine2I+0x332:
69a3bcc7 8818 mov byte ptr [eax],bl ds:002b:052740b2=??
0:000> g
ModLoad: 73480000 734ee000 C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT
(e64.cbc): C++ EH exception - code e06d7363 (first chance)
(e64.cbc): C++ EH exception - code e06d7363 (first chance)
(e64.cbc): C++ EH exception - code e06d7363 (first chance)
(e64.cbc): C++ EH exception - code e06d7363 (first chance)
(e64.cbc): C++ EH exception - code e06d7363 (first chance)
(e64.cbc): C++ EH exception - code e06d7363 (first chance)
(e64.cbc): C++ EH exception - code e06d7363 (first chance)
(e64.cbc): C++ EH exception - code e06d7363 (first chance)
(e64.cbc): C++ EH exception - code e06d7363 (first chance)
(e64.cbc): C++ EH exception - code e06d7363 (first chance)
Breakpoint 0 hit
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files (x86)\Common Files\Microsoft Shared\GRPHFLT\EPSIMP32.FLT -
eax=000000e9 ebx=001df701 ecx=77bdffd8 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd070 esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6e:
734bd070 8975d4 mov dword ptr [ebp-2Ch],esi ss:002b:0036c828=00000000
0:000> ub eip
EPSIMP32!RegisterPercentCallback+0x15c53:
734bd055 3b482c cmp ecx,dword ptr [eax+2Ch]
734bd058 7d21 jge EPSIMP32!RegisterPercentCallback+0x15c79 (734bd07b)
734bd05a 8b5024 mov edx,dword ptr [eax+24h]
734bd05d 8b12 mov edx,dword ptr [edx]
734bd05f 8b5220 mov edx,dword ptr [edx+20h]
734bd062 035028 add edx,dword ptr [eax+28h]
734bd065 c745d003000000 mov dword ptr [ebp-30h],3
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx]
0:000> bc 0
0:000> bp 734bd06c "u ecx+edx;r;g;"
0:000> bp ntdll!NtCreateEvent+0x5 ".if(eax == 0x45){g;}"
0:000> g
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Windows\syswow64\KERNELBASE.dll -
77bdffd9 0b09 or ecx,dword ptr [ecx]
77bdffdb 46 inc esi
77bdffdc bfcccc8d54 mov edi,548DCCCCh
77bdffe1 2404 and al,4
77bdffe3 64ff15c0000000 call dword ptr fs:[0C0h]
77bdffea 83c404 add esp,4
77bdffed c21400 ret 14h
77bdfff0 b84e000000 mov eax,4Eh
eax=001df870 ebx=001df701 ecx=77bdffd9 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffd9=0b
77bdffda 0946bf or dword ptr [esi-41h],eax
77bdffdd cc int 3
77bdffde cc int 3
77bdffdf 8d542404 lea edx,[esp+4]
77bdffe3 64ff15c0000000 call dword ptr fs:[0C0h]
77bdffea 83c404 add esp,4
77bdffed c21400 ret 14h
77bdfff0 b84e000000 mov eax,4Eh
eax=001df870 ebx=001df701 ecx=77bdffda edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffda=09
77bdffdb 46 inc esi
77bdffdc bfcccc8d54 mov edi,548DCCCCh
77bdffe1 2404 and al,4
77bdffe3 64ff15c0000000 call dword ptr fs:[0C0h]
77bdffea 83c404 add esp,4
77bdffed c21400 ret 14h
77bdfff0 b84e000000 mov eax,4Eh
77bdfff5 33c9 xor ecx,ecx
eax=001df870 ebx=001df701 ecx=77bdffdb edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffdb=46
77bdffdc bfcccc8d54 mov edi,548DCCCCh
77bdffe1 2404 and al,4
77bdffe3 64ff15c0000000 call dword ptr fs:[0C0h]
77bdffea 83c404 add esp,4
77bdffed c21400 ret 14h
77bdfff0 b84e000000 mov eax,4Eh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
eax=001df870 ebx=001df701 ecx=77bdffdc edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffdc=bf
77bdffdd cc int 3
77bdffde cc int 3
77bdffdf 8d542404 lea edx,[esp+4]
77bdffe3 64ff15c0000000 call dword ptr fs:[0C0h]
77bdffea 83c404 add esp,4
77bdffed c21400 ret 14h
77bdfff0 b84e000000 mov eax,4Eh
77bdfff5 33c9 xor ecx,ecx
eax=001df870 ebx=001df701 ecx=77bdffdd edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffdd=cc
77bdffde cc int 3
77bdffdf 8d542404 lea edx,[esp+4]
77bdffe3 64ff15c0000000 call dword ptr fs:[0C0h]
77bdffea 83c404 add esp,4
77bdffed c21400 ret 14h
77bdfff0 b84e000000 mov eax,4Eh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
eax=001df870 ebx=001df701 ecx=77bdffde edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffde=cc
77bdffdf 8d542404 lea edx,[esp+4]
77bdffe3 64ff15c0000000 call dword ptr fs:[0C0h]
77bdffea 83c404 add esp,4
77bdffed c21400 ret 14h
77bdfff0 b84e000000 mov eax,4Eh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
eax=001df870 ebx=001df701 ecx=77bdffdf edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffdf=8d
77bdffe0 54 push esp
77bdffe1 2404 and al,4
77bdffe3 64ff15c0000000 call dword ptr fs:[0C0h]
77bdffea 83c404 add esp,4
77bdffed c21400 ret 14h
77bdfff0 b84e000000 mov eax,4Eh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
eax=001df870 ebx=001df701 ecx=77bdffe0 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffe0=54
77bdffe1 2404 and al,4
77bdffe3 64ff15c0000000 call dword ptr fs:[0C0h]
77bdffea 83c404 add esp,4
77bdffed c21400 ret 14h
77bdfff0 b84e000000 mov eax,4Eh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
eax=001df870 ebx=001df701 ecx=77bdffe1 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffe1=24
77bdffe2 0464 add al,64h
77bdffe4 ff15c0000000 call dword ptr ds:[0C0h]
77bdffea 83c404 add esp,4
77bdffed c21400 ret 14h
77bdfff0 b84e000000 mov eax,4Eh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
eax=001df870 ebx=001df701 ecx=77bdffe2 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffe2=04
77bdffe3 64ff15c0000000 call dword ptr fs:[0C0h]
77bdffea 83c404 add esp,4
77bdffed c21400 ret 14h
77bdfff0 b84e000000 mov eax,4Eh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
eax=001df870 ebx=001df701 ecx=77bdffe3 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffe3=64
77bdffe4 ff15c0000000 call dword ptr ds:[0C0h]
77bdffea 83c404 add esp,4
77bdffed c21400 ret 14h
77bdfff0 b84e000000 mov eax,4Eh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
eax=001df870 ebx=001df701 ecx=77bdffe4 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffe4=ff
77bdffe5 15c0000000 adc eax,0C0h
77bdffea 83c404 add esp,4
77bdffed c21400 ret 14h
77bdfff0 b84e000000 mov eax,4Eh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
eax=001df870 ebx=001df701 ecx=77bdffe5 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffe5=15
77bdffe6 c00000 rol byte ptr [eax],0
77bdffe9 0083c404c214 add byte ptr [ebx+14C204C4h],al
77bdffef 00b84e000000 add byte ptr [eax+4Eh],bh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
77be0005 c21400 ret 14h
eax=001df870 ebx=001df701 ecx=77bdffe6 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffe6=c0
77bdffe7 0000 add byte ptr [eax],al
77bdffe9 0083c404c214 add byte ptr [ebx+14C204C4h],al
77bdffef 00b84e000000 add byte ptr [eax+4Eh],bh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
77be0005 c21400 ret 14h
eax=001df870 ebx=001df701 ecx=77bdffe7 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffe7=00
77bdffe8 0000 add byte ptr [eax],al
77bdffea 83c404 add esp,4
77bdffed c21400 ret 14h
77bdfff0 b84e000000 mov eax,4Eh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
eax=001df870 ebx=001df701 ecx=77bdffe8 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffe8=00
77bdffe9 0083c404c214 add byte ptr [ebx+14C204C4h],al
77bdffef 00b84e000000 add byte ptr [eax+4Eh],bh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
77be0005 c21400 ret 14h
77be0008 b84f000000 mov eax,4Fh
eax=001df870 ebx=001df701 ecx=77bdffe9 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffe9=00
77bdffea 83c404 add esp,4
77bdffed c21400 ret 14h
77bdfff0 b84e000000 mov eax,4Eh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
77be0005 c21400 ret 14h
eax=001df870 ebx=001df701 ecx=77bdffea edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffea=83
77bdffeb c404c2 les eax,fword ptr [edx+eax*8]
77bdffee 1400 adc al,0
77bdfff0 b84e000000 mov eax,4Eh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
77be0005 c21400 ret 14h
eax=001df870 ebx=001df701 ecx=77bdffeb edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffeb=c4
77bdffec 04c2 add al,0C2h
77bdffee 1400 adc al,0
77bdfff0 b84e000000 mov eax,4Eh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
77be0005 c21400 ret 14h
eax=001df870 ebx=001df701 ecx=77bdffec edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffec=04
77bdffed c21400 ret 14h
77bdfff0 b84e000000 mov eax,4Eh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
77be0005 c21400 ret 14h
77be0008 b84f000000 mov eax,4Fh
eax=001df870 ebx=001df701 ecx=77bdffed edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffed=c2
77bdffef 00b84e000000 add byte ptr [eax+4Eh],bh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
77be0005 c21400 ret 14h
77be0008 b84f000000 mov eax,4Fh
77be000d b907000000 mov ecx,7
eax=001df870 ebx=001df701 ecx=77bdffef edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c724 ebp=0036c760 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffef=00
77bdffee 1400 adc al,0
77bdfff0 b84e000000 mov eax,4Eh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
77be0005 c21400 ret 14h
77be0008 b84f000000 mov eax,4Fh
eax=001df870 ebx=001df701 ecx=77bdffee edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffee=14
77bdffef 00b84e000000 add byte ptr [eax+4Eh],bh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
77be0005 c21400 ret 14h
77be0008 b84f000000 mov eax,4Fh
77be000d b907000000 mov ecx,7
eax=001df870 ebx=001df701 ecx=77bdffef edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdffef=00
77bdfff0 b84e000000 mov eax,4Eh
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
77be0005 c21400 ret 14h
77be0008 b84f000000 mov eax,4Fh
77be000d b907000000 mov ecx,7
eax=001df870 ebx=001df701 ecx=77bdfff0 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c818 ebp=0036c854 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdfff0=b8
77bdfff3 0000 add byte ptr [eax],al
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
77be0005 c21400 ret 14h
77be0008 b84f000000 mov eax,4Fh
77be000d b907000000 mov ecx,7
eax=001df870 ebx=001df701 ecx=77bdfff3 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c794 ebp=0036c7d0 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdfff3=00
77bdfff4 0033 add byte ptr [ebx],dh
77bdfff6 c9 leave
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
77be0005 c21400 ret 14h
77be0008 b84f000000 mov eax,4Fh
77be000d b907000000 mov ecx,7
eax=001df870 ebx=001df701 ecx=77bdfff4 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c724 ebp=0036c760 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdfff4=00
77bdfff1 4e dec esi
77bdfff2 0000 add byte ptr [eax],al
77bdfff4 0033 add byte ptr [ebx],dh
77bdfff6 c9 leave
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
77be0005 c21400 ret 14h
eax=001df870 ebx=001df701 ecx=77bdfff1 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c678 ebp=0036c6b4 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdfff1=4e
77bdfff2 0000 add byte ptr [eax],al
77bdfff4 0033 add byte ptr [ebx],dh
77bdfff6 c9 leave
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
77be0005 c21400 ret 14h
77be0008 b84f000000 mov eax,4Fh
eax=001df870 ebx=001df701 ecx=77bdfff2 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c678 ebp=0036c6b4 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdfff2=00
77bdfff3 0000 add byte ptr [eax],al
77bdfff5 33c9 xor ecx,ecx
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
77be0005 c21400 ret 14h
77be0008 b84f000000 mov eax,4Fh
77be000d b907000000 mov ecx,7
eax=001df870 ebx=001df701 ecx=77bdfff3 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c678 ebp=0036c6b4 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdfff3=00
77bdfff4 0033 add byte ptr [ebx],dh
77bdfff6 c9 leave
77bdfff7 8d542404 lea edx,[esp+4]
77bdfffb 64ff15c0000000 call dword ptr fs:[0C0h]
77be0002 83c404 add esp,4
77be0005 c21400 ret 14h
77be0008 b84f000000 mov eax,4Fh
77be000d b907000000 mov ecx,7
eax=001df870 ebx=001df701 ecx=77bdfff4 edx=00000000 esi=00000000 edi=001d87e8
eip=734bd06c esp=0036c678 ebp=0036c6b4 iopl=0 nv up ei pl zr na pe nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000246
EPSIMP32!RegisterPercentCallback+0x15c6a:
734bd06c 0fb6040a movzx eax,byte ptr [edx+ecx] ds:002b:77bdfff4=00
(e64.cbc): C++ EH exception - code e06d7363 (first chance)
eax=0000004d ebx=001df760 ecx=0a9c0fd8 edx=001d7fa8 esi=001d87e8 edi=00000000
eip=77bdff19 esp=0a9c1032 ebp=0036c8e0 iopl=0 nv up ei pl nz na po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202
77bdff19 33c9 xor ecx,ecx
0:000> dd esp
0a9c1032 0a9c2fd8 ffffffff 0a9c01d8 0a9c01dc
0a9c1042 00000040 0a9c01e0 00000000 00000000
0a9c1052 00000000 00000000 00000000 00000000
0a9c1062 00000000 00000000 00000000 00000000
0a9c1072 00000000 00000000 00000000 00000000
0a9c1082 00000000 00000000 00000000 00000000
0a9c1092 00000000 00000000 00000000 00000000
0a9c10a2 00000000 00000000 00000000 00000000
0:000> g poi(esp)
eax=00000000 ebx=001df760 ecx=51730000 edx=000fe168 esi=001d87e8 edi=00000000
eip=0a9c2fd8 esp=0a9c104a ebp=0036c8e0 iopl=0 nv up ei pl nz ac po nc
cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000212
0a9c2fd8 60 pushad
0:000> uf eip
Flow analysis was incomplete, some code may be missing
0a9c2fd8 60 pushad
0a9c2fd9 64a100000000 mov eax,dword ptr fs:[00000000h]
0a9c2fdf 8b4004 mov eax,dword ptr [eax+4]
0a9c2fe2 250000ffff and eax,0FFFF0000h
0a9c2fe7 6681384d5a cmp word ptr [eax],5A4Dh
0a9c2fec 7517 jne 0a9c3005
0a9c2fee 81783c00020000 cmp dword ptr [eax+3Ch],200h
0a9c2ff5 730e jae 0a9c3005
0a9c2ff7 8b503c mov edx,dword ptr [eax+3Ch]
0a9c2ffa 03d0 add edx,eax
0a9c2ffc 66813a5045 cmp word ptr [edx],4550h
0a9c3001 7502 jne 0a9c3005
0a9c3003 eb07 jmp 0a9c300c
0a9c3005 2d00000100 sub eax,10000h
0a9c300a ebdb jmp 0a9c2fe7
0a9c300c 8b7a1c mov edi,dword ptr [edx+1Ch]
0a9c300f 8b722c mov esi,dword ptr [edx+2Ch]
0a9c3012 03f0 add esi,eax
0a9c3014 03fe add edi,esi
0a9c3016 83ed04 sub ebp,4
0a9c3019 8b4d00 mov ecx,dword ptr [ebp]
0a9c301c 3bce cmp ecx,esi
0a9c301e 7218 jb 0a9c3038
0a9c3020 3bcf cmp ecx,edi
0a9c3022 7314 jae 0a9c3038
0a9c3024 8079fdff cmp byte ptr [ecx-3],0FFh
0a9c3028 750e jne 0a9c3038
0a9c302a 8079fe50 cmp byte ptr [ecx-2],50h
0a9c302e 7508 jne 0a9c3038
0a9c3030 8079ff10 cmp byte ptr [ecx-1],10h
0a9c3034 7502 jne 0a9c3038
0a9c3036 eb02 jmp 0a9c303a
0a9c3038 ebdc jmp 0a9c3016
0a9c303a 896c2418 mov dword ptr [esp+18h],ebp
0a9c303e 61 popad
0a9c303f 87e1 xchg esp,ecx
0a9c3041 60 pushad
0a9c3042 8bec mov ebp,esp
0a9c3044 e800000000 call 0a9c3049
0a9c3049 8b3424 mov esi,dword ptr [esp]
0a9c304c 8d642404 lea esp,[esp+4]
0a9c3050 81ee71000000 sub esi,71h
0a9c3056 81c6a0000000 add esi,0A0h
0a9c305c 68dc000000 push 0DCh
0a9c3061 59 pop ecx
0a9c3062 8d3c8e lea edi,[esi+ecx*4]
0a9c3065 6a1f push 1Fh
0a9c3067 58 pop eax
0a9c3068 d12f shr dword ptr [edi],1
0a9c306a d116 rcl dword ptr [esi],1
0a9c306c 83c604 add esi,4
0a9c306f 48 dec eax
0a9c3070 7506 jne 0a9c3078
0a9c3072 6a1f push 1Fh
0a9c3074 58 pop eax
0a9c3075 83c704 add edi,4
0a9c3078 7177 jno 0a9c30f1
0a9c307a b245 mov dl,45h
0a9c307c 2c98 sub al,98h
0a9c307e c52d86c52d0e lds ebp,fword ptr ds:[0E2DC586h]
0a9c3084 c529 lds ebp,fword ptr [ecx]
0a9c3086 844521 test byte ptr [ebp+21h],al
0a9c3089 90 nop
0a9c308a c50d409c3600 lds ecx,fword ptr ds:[369C40h]
0a9c3090 3980ba04403c cmp dword ptr [eax+3C4004BAh],eax
0a9c3096 023b add bh,byte ptr [ebx]
0a9c3098 803100 xor byte ptr [ecx],0
0a9c309b 3a88409c2680 cmp cl,byte ptr [eax-7FD963C0h]
0a9c30a1 29803aef403c sub dword ptr [eax+3C40EF3Ah],eax
0a9c30a7 022b add ch,byte ptr [ebx]
0a9c30a9 802100 and byte ptr [ecx],0
0a9c30ac 3a6b29 cmp ch,byte ptr [ebx+29h]
0a9c30af 7428 je 0a9c30d9
0a9c30b0 2800 sub byte ptr [eax],al
0a9c30b1 0000 add byte ptr [eax],al
0a9c30b3 00c5 add ch,al
0a9c30be 292b sub dword ptr [ebx],ebp
0a9c30c0 2b740000 sub esi,dword ptr [eax+eax]
0a9c30c4 0080451e92c1 add byte ptr [eax-3E6DE1BBh],al
0a9c30ca e301 jecxz 0a9c30cd
0a9c30cc c1737e5c sal dword ptr [ebx+7Eh],5Ch
0a9c30cd 737e jae 0a9c314d
0a9c30cf 5c pop esp
0a9c30d0 aa stos byte ptr es:[edi]
0a9c30d1 aa stos byte ptr es:[edi]
0a9c30d2 aa stos byte ptr es:[edi]
0a9c30d3 2afe sub bh,dh
0a9c30d5 99 cdq
0a9c30d6 e424 in al,24h
0a9c30d8 f9 stc
0a9c30d9 d7 xlat byte ptr [ebx]
0a9c30da c01f33 rcr byte ptr [edi],33h
0a9c30dd 3333 xor esi,dword ptr [ebx]
0a9c30df 333a xor edi,dword ptr [edx]
0a9c30e1 fb sti
0a9c30e2 c16382c4 shl dword ptr [ebx-7Eh],0C4h
0a9c30e6 3e7ef9 ht jle 0a9c30e2
0a9c30e9 d7 xlat byte ptr [ebx]
0a9c30ea c01f33 rcr byte ptr [edi],33h
0a9c30ed 3333 xor esi,dword ptr [ebx]
0a9c30ef 333a xor edi,dword ptr [edx]
0a9c30f1 fb sti
0a9c30f2 c17782c4 sal dword ptr [edi-7Eh],0C4h
0a9c30f6 3e7cc5 ht jl 0a9c30be
0a9c30f9 22fe and bh,dh
0a9c30fb 45 inc ebp
0a9c30fc 2afc sub bh,ah
0a9c30fe 15682fafad adc eax,0ADAF2F68h
0a9c3103 64e1aa loope 0a9c30b0
0a9c3106 45 inc ebp
0a9c3107 7640 jbe 0a9c3149
0a9c3109 62627f bound esp,qword ptr [edx+7Fh]
0a9c3149 008023323a28 add byte ptr [eax+283A3223h],al
0a9c314d 3a28 cmp ch,byte ptr [eax]
0a9c314f 39b7b1203232 cmp dword ptr [edi+323220B1h],esi
0a9c3155 b9b2393980 mov ecx,803939B2h
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment