Перейти к содержанию
bbh_blocked_dnftl

Dx Portal Помогите разобрать стёк ассемблера.

NewSistems
 Поделиться

Рекомендуемые сообщения

NewSistems Новичок

NewSistems

Опубликовано
Опубликовано

77AED1A1 inc dword ptr [eax+eax*8-3B137AF1h]

77AED1A8 std

77AED1A9 inc dword ptr [ebx+ebx*8+67830F74h]

77AED1B0 sub al,0

77AED1B2 lea eax,[edi+24h]

77AED1B5 push eax

77AED1B6 call _RtlReleaseSRWLockExclusive@4 (77A94360h)

77AED1BB xor bl,bl

77AED1BD mov ecx,edi

77AED1BF call _EtwpGetNextRegistration@4 (77B3E419h)

77AED1C4 mov edi,eax

77AED1C6 lea ecx,[esi+28h]

77AED1C9 test edi,edi

77AED1CB je EtwDeliverDataBlock+76h (77AC9696h)

77AED1D1 jmp string L"??%C:"+490E4h (77AED154h)

77AED1D3 cmp byte ptr [_EtwpReplySend (77B50007h)],0

77AED1DA jne EtwDeliverDataBlock+85h (77AC96A5h)

77AED1E0 cmp dword ptr [ebp-8],0

77AED1E4 ?? ??

77AED1E5 ?? ??

77AED1E6 ?? ??

77AED1E7 ?? ??

77AED1E8 ?? ??

77AED1E9 ?? ??

77AED1EA ?? ??

77AED1EB ?? ??

77AED1EC ?? ??

77AED1ED ?? ??

77AED1EE ?? ??

77AED1EF ?? ??

77AED1F0 ?? ??

77AED1F1 ?? ??

77AED1F2 ?? ??

77AED1F3 ?? ??

77AED1F4 ?? ??

77AED1F5 ?? ??

77AED1F6 add ecx,dword ptr [ecx+458B0446h]

77AED1FC hlt

77AED1FD mov dword ptr [esi+10h],eax

77AED200 mov eax,dword ptr [ebp-18h]

77AED203 mov dword ptr [esi+18h],eax

77AED206 mov eax,dword ptr [ebp-14h]

77AED209 push esi

77AED20A mov byte ptr [esi+0Ch],0

77AED20E mov dword ptr [esi+1Ch],eax

77AED211 call _EtwReplyNotification@4 (77B42930h)

77AED216 mov esi,eax

77AED218 jmp EtwDeliverDataBlock+88h (77AC96A8h)

77AED21D mov ax,word ptr [edi+36h]

77AED221 mov ecx,3FFFh

77AED226 and ax,cx

77AED229 cmp ax,dx

77AED22C je string L"??%C:"+491C8h (77AED238h)

77AED22E cmp ax,2

77AED232 jne EtwpProcessNotification+70h (77AC9749h)

77AED238 mov ecx,dword ptr [ebp+8]

77AED23B mov eax,dword ptr [edi+30h]

77AED23E cdq

77AED23F push ebx

77AED240 mov dword ptr [ecx],eax

77AED242 mov dword ptr [ecx+4],edx

77AED245 call _EtwProcessPrivateLoggerRequest@4 (77B3FB50h)

77AED24A mov ecx,dword ptr [ebp+0Ch]

77AED24D mov dword ptr [ecx],eax

77AED24F mov eax,dword ptr [ebp+10h]

77AED252 mov byte ptr [eax],1

77AED255 mov al,1

77AED257 jmp EtwpProcessNotification+72h (77AC974Bh)

77AED25C and ecx,edx

77AED25E cmp cx,0Ah

77AED262 jne EtwpProcessNotification+70h (77AC9749h)

77AED268 cmp dword ptr [ebx],7

77AED26B ?? ??

77AED26C ?? ??

77AED26D ?? ??

77AED26E ?? ??

77AED26F ?? ??

77AED270 ?? ??

77AED271 ?? ??

77AED272 ?? ??

77AED273 ?? ??

77AED274 ?? ??

77AED275 ?? ??

77AED276 ?? ??

77AED277 ?? ??

77AED278 ?? ??

77AED279 inc ebx

77AED27A and al,3Bh

77AED27C inc ecx

77AED27D and byte ptr [edi],cl

77AED27F ?? ??

77AED280 ?? ??

77AED281 ?? ??

77AED282 ?? ??

77AED283 ?? ??

77AED284 ?? ??

77AED285 ?? ??

77AED286 ?? ??

77AED287 ?? ??

77AED288 ?? ??

77AED289 ?? ??

77AED28A ?? ??

77AED28B ?? ??

77AED28C ?? ??

77AED28D ?? ??

77AED28E ?? ??

77AED28F ?? ??

77AED290 inc ecx

77AED291 ?? ??

77AED292 ?? ??

77AED293 ?? ??

77AED294 ?? ??

77AED295 ?? ??

77AED296 ?? ??

77AED297 ?? ??

77AED298 ?? ??

77AED299 ?? ??

77AED29A ?? ??

77AED29B ?? ??

77AED29C ?? ??

77AED29D ?? ??

77AED29E ?? ??

77AED29F ?? ??

77AED2A0 ?? ??

77AED2A1 ?? ??

77AED2A2 ?? ??

77AED2A3 std

77AED2A4 dec dword ptr [ebx-3174FBBAh]

77AED2AA test eax,eax

77AED2AC je string L"??%C:"+4924Eh (77AED2BEh)

77AED2AE mov esi,eax

77AED2B0 mov eax,dword ptr [esi]

77AED2B2 test eax,eax

77AED2B4 je string L"??%C:"+49256h (77AED2C6h)

77AED2B6 jmp string L"??%C:"+4923Eh (77AED2AEh)

77AED2B8 cmp dword ptr [esi],ecx

77AED2BA je string L"??%C:"+49256h (77AED2C6h)

77AED2BC mov ecx,esi

77AED2BE mov esi,dword ptr [esi+8]

77AED2C1 and esi,0FFFFFFFCh

77AED2C4 jne string L"??%C:"+49248h (77AED2B8h)

77AED2C6 test esi,esi

77AED2C8 je string L"??%C:"+49281h (77AED2F1h)

77AED2CA push 10h

77AED2CC ?? ??

77AED2CD ?? ??

77AED2CE ?? ??

77AED2CF ?? ??

77AED2D0 ?? ??

77AED2D1 ?? ??

77AED2D2 ?? ??

77AED2D3 ?? ??

77AED2D4 ?? ??

77AED2D5 ?? ??

77AED2D6 ?? ??

77AED2D7 ?? ??

77AED2D8 ?? ??

77AED2D9 ?? ??

77AED2DA ?? ??

77AED2DB or al,85h

77AED2DD sal byte ptr [ebp+11h],0Fh

77AED2E1 mov bh,46h

77AED2E3 ?? ??

77AED2E4 ?? ??

77AED2E5 ?? ??

77AED2E6 ?? ??

77AED2E7 ?? ??

77AED2E8 ?? ??

77AED2E9 ?? ??

77AED2EA ?? ??

77AED2EB ?? ??

77AED2EC ?? ??

77AED2ED jne string L"??%C:"+49243h (77AED2B3h)

77AED2EF std

77AED2F0 push dword ptr [ebx]

77AED2F2 imul cl

77AED2F4 jg string L"??%C:"+4924Ah (77AED2BAh)

77AED2F6 std

77AED2F7 push esi

77AED2F9 rol dword ptr [ecx],74h

77AED2FC ?? ??

77AED2FD ?? ??

77AED2FE ?? ??

77AED2FF ?? ??

77AED300 ?? ??

77AED301 ?? ??

77AED302 ?? ??

77AED303 ?? ??

77AED304 ?? ??

77AED305 ?? ??

77AED306 ?? ??

77AED307 ?? ??

77AED308 ?? ??

77AED309 ?? ??

77AED30A ?? ??

77AED30B ?? ??

77AED30C ?? ??

77AED30D retf 0F601h

77AED310 ?? ??

77AED311 ?? ??

77AED312 ?? ??

77AED313 ?? ??

77AED314 ?? ??

77AED315 ?? ??

77AED316 ?? ??

77AED317 ?? ??

77AED318 ?? ??

77AED319 ?? ??

77AED31A ?? ??

77AED31B ?? ??

77AED31C ?? ??

77AED31D ?? ??

77AED31E ?? ??

77AED31F ?? ??

77AED320 ?? ??

77AED321 ?? ??

77AED322 ?? ??

77AED323 ?? ??

77AED324 ?? ??

77AED325 ?? ??

77AED326 ?? ??

77AED327 ?? ??

77AED328 ?? ??

77AED329 ?? ??

77AED32A ?? ??

77AED32B ?? ??

77AED32C ?? ??

77AED32D ?? ??

77AED32E ?? ??

77AED32F ?? ??

77AED330 ?? ??

77AED331 ?? ??

77AED332 ?? ??

77AED333 ?? ??

77AED334 ?? ??

77AED335 ?? ??

77AED336 ?? ??

77AED337 ?? ??

77AED338 ?? ??

77AED339 ?? ??

77AED33A ?? ??

77AED33B ?? ??

77AED33C ?? ??

77AED33D ?? ??

77AED33E ?? ??

77AED33F ?? ??

77AED340 ?? ??

77AED341 ?? ??

77AED342 ?? ??

77AED343 ?? ??

77AED344 ?? ??

77AED345 add byte ptr [eax],al

77AED347 add byte ptr [ebp+56102444h],cl

77AED34D push ebx

77AED34E push eax

77AED34F call _memset (77A78280h)

77AED354 add esp,0Ch

77AED357 mov dword ptr [esp+10h],esi

77AED35B mov dword ptr [esp+3Ch],20000h

77AED363 mov esi,ebx

77AED365 mov edx,esi

77AED367 and edx,0FFFF7FFFh

77AED36D cmp edx,40h

77AED370 jae string L"??%C:"+4936Ah (77AED3DAh)

77AED372 mov eax,dword ptr [_EtwpLoggerArray (77B500E8h)]

77AED377 test eax,eax

77AED379 je string L"??%C:"+4936Ah (77AED3DAh)

77AED37B lea eax,[eax+edx*8]

77AED37E xor ecx,ecx

77AED380 add eax,4

77AED383 ?? ??

77AED384 ?? ??

77AED385 ?? ??

77AED386 ?? ??

77AED387 ?? ??

77AED388 ?? ??

77AED389 ?? ??

77AED38A ?? ??

77AED38B ?? ??

77AED38C ?? ??

77AED38D ?? ??

77AED38E ?? ??

77AED38F ?? ??

77AED390 ?? ??

77AED391 call 6E268896

77AED396 rol dword ptr [ecx],74h

77AED399 jge 4132A3A3

77AED39F inc dword ptr [ebx+0FF004C0h]

77AED3A5 ror dword ptr [eax],0EBh

77AED3A8 xor dword ptr [ebx+0D891h],ecx

77AED3AE add byte ptr [ebx+48D1449h],cl

77AED3B4 enter 0C983h,0FFh

77AED3B8 add eax,4

77AED3BB lock xadd dword ptr [eax],ecx

77AED3BF test edx,400h

77AED3C5 jne string L"??%C:"+4936Ah (77AED3DAh)

77AED3C7 lea eax,[esp+10h]

77AED3CB mov dword ptr [esp+18h],esi

77AED3CF push eax

77AED3D0 push ecx

77AED3D1 mov dword ptr [esp+24h],ebx

77AED3D5 call _EtwpStopUmLogger@16 (77B41B6Eh)

77AED3DA inc esi

77AED3DB cmp esi,40h

77AED3DE jb string L"??%C:"+492F5h (77AED365h)

77AED3E0 call LdrpAcquireLoaderLock (77A995ECh)

77AED3E5 mov ebx,offset _FastPebLock (77B50820h)

77AED3EA push ebx

77AED3EB call _RtlEnterCriticalSection@4 (77A90E80h)

77AED3F0 mov eax,dword ptr fs:[00000030h]

77AED3F6 push dword ptr [eax+18h]

77AED3F9 call RtlLockHeap (77ABCB90h)

77AED3FE push edi

77AED3FF push 0

77AED401 call _NtTerminateProcess@8 (77A8C5B0h)

77AED406 mov ecx,dword ptr fs:[30h]

77AED40D mov esi,eax

77AED40F push dword ptr [ecx+18h]

77AED412 call RtlUnlockHeap (77ABCAF0h)

77AED417 push ebx

77AED418 call _RtlLeaveCriticalSection@4 (77A90EC0h)

77AED41D test esi,esi

77AED41F js string L"??%C:"+493C6h (77AED436h)

77AED421 push edi

77AED422 ?? ??

77AED423 ?? ??

77AED424 ?? ??

77AED425 ?? ??

77AED426 ?? ??

77AED427 ?? ??

77AED428 ?? ??

77AED429 ?? ??

77AED42A ?? ??

77AED42B ?? ??

77AED42C ?? ??

77AED42D ?? ??

77AED42E ?? ??

77AED42F ?? ??

77AED430 ?? ??

77AED431 ?? ??

77AED432 jp string L"??%C:"+493B5h (77AED425h)

77AED434 stc

77AED435 ?? ??

77AED436 ?? ??

77AED437 ?? ??

77AED438 ?? ??

77AED439 ?? ??

77AED43A ?? ??

77AED43B ?? ??

77AED43C ?? ??

77AED43D ?? ??

77AED43E ?? ??

77AED43F ?? ??

77AED440 ?? ??

77AED441 ?? ??

77AED442 ?? ??

77AED443 ?? ??

77AED444 ?? ??

77AED445 xlat byte ptr [ebx]

77AED446 rep stc

77AED448 dec esp

77AED44A mov eax,dword ptr [ebp-14h]

77AED44D mov dword ptr [ebp-78h],eax

77AED450 push 3

77AED452 mov eax,dword ptr [ebp-78h]

77AED455 push dword ptr [eax+4]

77AED458 mov eax,dword ptr [ebp-78h]

77AED45B push dword ptr [eax]

77AED45D call _RtlReportException@12 (77B0B970h)

77AED462 xor eax,eax

77AED464 ret

77AED465 mov esp,dword ptr [ebp-18h]

77AED468 mov dword ptr [ebp-4],0FFFFFFFEh

77AED46F jmp TpCheckTerminateWorker+44h (77ABD794h)

77AED474 mov ecx,dword ptr [ebp-14h]

77AED477 mov eax,dword ptr [ecx]

77AED479 mov eax,dword ptr [eax]

77AED47B mov dword ptr [ebp-2Ch],eax

77AED47E lea edx,[ebp-24h]

77AED481 call _LdrpInitializeProcessWrapperFilter@8 (77B0417Bh)

77AED486 ret

77AED487 mov esp,dword ptr [ebp-18h]

77AED48A mov esi,dword ptr [ebp-2Ch]

77AED48D mov dword ptr [ebp-1Ch],esi

77AED490 mov dword ptr [ebp-4],0FFFFFFFEh

77AED497 mov edi,dword ptr [ebp-30h]

77AED49A jmp _LdrpInitialize+24A1h (77AACE87h)

77AED49F mov ecx,esi

77AED4A1 call _LdrpInitializationFailure@4 (77B03F7Ch)

77AED4A6 cmp dword ptr [ebp-24h],0

77AED4AA jne string L"??%C:"+49444h (77AED4B4h)

77AED4AC cmp esi,0C0000017h

77AED4B2 jne string L"??%C:"+4944Ch (77AED4BCh)

77AED4B4 push esi

77AED4B5 push 0FFFFFFFFh

77AED4B7 call _NtTerminateProcess@8 (77A8C5B0h)

77AED4BC push esi

77AED4BD call _RtlRaiseStatus@4 (77A907A0h)

77AED4C2 mov eax,dword ptr fs:[00000018h]

77AED4C8 test byte ptr [eax+0FCAh],20h

77AED4CF jne LdrShutdownThread+0FFFFFC91h (77A72A01h)

77AED4D5 xor esi,esi

77AED4D7 jmp LdrShutdownThread+0FFFFFDA7h (77A72B17h)

77AED4DC xor esi,esi

77AED4DE mov ebx,dword ptr [ebp-20h]

77AED4E1 mov edi,dword ptr [ebp-1Ch]

77AED4E4 mov eax,dword ptr [ebp-34h]

77AED4E7 mov dword ptr [ebp-24h],eax

77AED4EA jmp LdrShutdownThread+0FFFFFCAAh (77A72A1Ah)

77AED4EF xor esi,esi

77AED4F1 mov ebx,dword ptr [ebp-20h]

77AED4F4 mov edi,dword ptr [ebp-1Ch]

77AED4F7 jmp LdrShutdownThread+4FBF6h (77AC2966h)

77AED4FC xor esi,esi

77AED4FE mov ebx,dword ptr [ebp-20h]

77AED501 mov edi,dword ptr [ebp-1Ch]

77AED504 jmp LdrShutdownThread+0FFFFFCB8h (77A72A28h)

77AED509 mov eax,dword ptr [ebx+10h]

77AED50C mov dword ptr [ebx+10h],esi

77AED50F push eax

77AED510 push esi

77AED511 mov eax,dword ptr fs:[00000030h]

77AED517 push dword ptr [eax+18h]

77AED51A call RtlFreeHeap (77A91BD0h)

77AED51F jmp LdrShutdownThread+0FFFFFDDCh (77A72B4Ch)

77AED524 mov edx,dword ptr ds:[7FFE0330h]

77AED52A mov eax,edx

77AED52C and eax,1Fh

77AED52F push 20h

77AED531 pop ecx

77AED532 sub ecx,eax

77AED534 mov eax,dword ptr [_LdrpCorExeMainRoutine (77B50154h)]

77AED539 ror eax,cl

77AED53B xor eax,edx

77AED53D mov dword ptr [edi+0B0h],eax

77AED543 jmp LdrpInitializeThread+28h (77AB5A35h)

77AED548 mov eax,dword ptr fs:[00000018h]

77AED54E test byte ptr [eax+0FCAh],20h

77AED555 jne LdrpInitializeThread+3Bh (77AB5A48h)

77AED55B jmp LdrpInitializeThread+191h (77AB5B9Eh)

77AED560 cmp esi,0C0000017h

77AED566 jne string L"??%C:"+49512h (77AED582h)

77AED568 mov dword ptr [ebp-34h],0FFD23940h

77AED56F or dword ptr [ebp-30h],0FFFFFFFFh

77AED573 lea eax,[ebp-34h]

77AED576 push eax

77AED577 push ebx

77AED578 call _NtDelayExecution@8 (77A8C630h)

77AED57D jmp LdrpInitializeThread+43h (77AB5A50h)

77AED582 test esi,esi

77AED584 jns LdrpInitializeThread+53h (77AB5A60h)

77AED58A push esi

77AED58B push 0FFFFFFFFh

77AED58D call _NtTerminateProcess@8 (77A8C5B0h)

77AED592 push esi

77AED593 call _RtlRaiseStatus@4 (77A907A0h)

77AED598 cmp esi,0C0000017h

77AED59E jne string L"??%C:"+4954Ah (77AED5BAh)

77AED5A0 mov dword ptr [ebp-34h],0FFD23940h

77AED5A7 or dword ptr [ebp-30h],0FFFFFFFFh

77AED5AB lea eax,[ebp-34h]

77AED5AE push eax

77AED5AF push ebx

77AED5B0 call _NtDelayExecution@8 (77A8C630h)

77AED5B5 jmp LdrpInitializeThread+53h (77AB5A60h)

77AED5BA test esi,esi

77AED5BC jns LdrpInitializeThread+62h (77AB5A6Fh)

77AED5C2 jmp string L"??%C:"+4951Ah (77AED58Ah)

77AED5C4 xor ebx,ebx

77AED5C6 mov esi,dword ptr [ebp-20h]

77AED5C9 jmp LdrpInitializeThread+168h (77AB5B75h)

77AED5CE xor ebx,ebx

77AED5D0 jmp LdrpInitializeThread+1710Ah (77ACCB17h)

77AED5D5 xor ebx,ebx

77AED5D7 jmp LdrpInitializeThread+19Ch (77AB5BA9h)

77AED5DC add esi,4

77AED5DF mov dword ptr [ebp-20h],esi

77AED5E2 test byte ptr [_LdrpDebugFlags (77B52100h)],5

77AED5E9 je string L"??%C:"+495A1h (77AED611h)

77AED5EB push dword ptr [ebx+18h]

77AED5EE lea eax,[ebx+24h]

77AED5F1 push eax

77AED5F2 push edi

77AED5F3 push offset string "Calling TLS callback %p for DLL "... (77A9C78Ah)

77AED5F8 push 2

77AED5FA push offset string "LdrpCallTlsInitializers" (77A9C7B8h)

77AED5FF push 426h

77AED604 push offset string "minkernelntdllldrtls.c" (77A9C728h)

77AED609 call _LdrpLogDbgPrint (77B01817h)

77AED60E add esp,20h

77AED611 xor al,al

77AED613 je string L"??%C:"+495A6h (77AED616h)

77AED615 int 3

77AED616 push 0

77AED618 push dword ptr [ebp-1Ch]

77AED61B mov edx,dword ptr [ebx+18h]

77AED61E mov ecx,edi

77AED620 call LdrpCallInitRoutine (77A99615h)

77AED625 jmp LdrpCallTlsInitializers+3Ah (77A6F82Ah)

77AED62A mov ecx,dword ptr [ebp-14h]

77AED62D call _LdrpCalloutExceptionFilter@4 (77B0442Dh)

77AED632 ret

77AED633 mov esp,dword ptr [ebp-18h]

77AED636 jmp LdrpCallTlsInitializers+44h (77A6F834h)

77AED63B mov ecx,dword ptr [eax+4]

77AED63E cmp dword ptr [eax],edx

77AED640 jne string L"??%C:"+495E9h (77AED659h)

77AED642 test ebx,ebx

77AED644 je string L"??%C:"+495DBh (77AED64Bh)

77AED646 mov dword ptr [ebx+4],ecx

77AED649 jmp string L"??%C:"+495E2h (77AED652h)

77AED64B mov dword ptr _LdrpDelayedTlsReclaimTable (77B51FA0h)[esi*8],ecx

77AED652 mov dword ptr [eax+4],edi

77AED655 mov edi,eax

77AED657 mov eax,ebx

77AED659 mov ebx,eax

77AED65B mov eax,ecx

77AED65D test ecx,ecx

77AED65F je LdrpCleanupThreadTlsData+4Eh (77A72CB6h)

77AED665 jmp string L"??%C:"+495CBh (77AED63Bh)

77AED667 mov esi,dword ptr [edi+4]

77AED66A push edi

77AED66B push 0

77AED66D push ebx

77AED66E call RtlFreeHeap (77A91BD0h)

77AED673 mov edi,esi

77AED675 test esi,esi

77AED677 je LdrpCleanupThreadTlsData+5Eh (77A72CC6h)

77AED67D jmp string L"??%C:"+495F7h (77AED667h)

77AED67F mov esi,dword ptr [ebp-1Ch]

77AED682 jmp TppPoolRemoveWorker+70h (77A543A1h)

77AED687 mov esi,dword ptr [ebp-1Ch]

77AED68A jmp TppIopFree+69h (77AC9D29h)

77AED68F cmp dword ptr [ebp+8],0

77AED693 jne string L"??%C:"+49634h (77AED6A4h)

77AED695 mov eax,dword ptr fs:[00000030h]

77AED69B mov eax,dword ptr [eax+0Ch]

77AED69E cmp byte ptr [eax+28h],0

77AED6A2 jne string L"??%C:"+49639h (77AED6A9h)

77AED6A4 call _TppRaiseInvalidParameter@0 (77B4592Dh)

77AED6A9 xor eax,eax

77AED6AB jmp TppIopValidateIo+40h (77AC9DF7h)

77AED6B0 push dword ptr [esi+8]

77AED6B3 mov eax,dword ptr fs:[00000030h]

77AED6B9 push 0

77AED6BB push dword ptr [eax+18h]

77AED6BE call RtlFreeHeap (77A91BD0h)

77AED6C3 jmp RtlpUninitializeAssemblyStorageMap+31h (77A73D7Dh)

77AED6C8 xor ebx,ebx

77AED6CA xor eax,eax

77AED6CC and dword ptr [ebp-0Ch],ebx

77AED6CF xor edi,edi

77AED6D1 and dword ptr [ebp-8],ebx

77AED6D4 xor esi,esi

77AED6D6 mov dword ptr [ebp-4],eax

77AED6D9 jmp RtlpWnfNotificationThread+3Eh (77A669BEh)

77AED6DE call _RtlpWnfCalculateAndSetNextTimer@0 (77B0FC50h)

77AED6E3 mov eax,dword ptr [ebp-4]

77AED6E6 xor esi,esi

77AED6E8 jmp RtlpWnfNotificationThread+3Eh (77A669BEh)

77AED6ED push 0

77AED6EF lea eax,[ebp-14h]

77AED6F2 push eax

77AED6F3 push dword ptr [ebp+0Ch]

77AED6F6 push dword ptr [ebp+10h]

77AED6F9 call TpSetWaitEx (77AB5F10h)

77AED6FE jmp RtlpWnfNotificationThread+88h (77A66A08h)

77AED703 cmp dword ptr [esp+10h],0

77AED708 jne string L"??%C:"+496BAh (77AED72Ah)

77AED70A push dword ptr [esi+58h]

77AED70D mov eax,dword ptr fs:[00000030h]

77AED713 push 0

77AED715 push dword ptr [eax+18h]

77AED718 call RtlFreeHeap (77A91BD0h)

77AED71D and dword ptr [esi+58h],0

77AED721 and dword ptr [esi+5Ch],0

77AED725 jmp RtlpWnfProcessCurrentDescriptor+95h (77A5E91Ch)

77AED72A push ebx

77AED72B call _RtlReleaseSRWLockExclusive@4 (77A94360h)

77AED730 mov ebx,80h

77AED735 mov eax,dword ptr ds:[77B5073Ch]

77AED73A add eax,4

77AED73D push eax

77AED73E call RtlReleaseSRWLockShared (77A97FE0h)

77AED743 jmp RtlpWnfProcessCurrentDescriptor+13Dh (77A5E9C4h)

77AED748 cmp dword ptr [esp+10h],0

77AED74D push ebx

77AED74E jne string L"??%C:"+496BBh (77AED72Bh)

77AED750 mov dword ptr [esi+58h],edi

77AED753 call _RtlReleaseSRWLockExclusive@4 (77A94360h)

77AED758 mov ebx,103h

77AED75D jmp string L"??%C:"+496C5h (77AED735h)

77AED75F mov edi,dword ptr [esi+58h]

77AED762 lea eax,[esi+28h]

77AED765 and dword ptr [esi+58h],0

77AED769 push eax

77AED76A call _RtlReleaseSRWLockExclusive@4 (77A94360h)

77AED76F jmp RtlpWnfProcessCurrentDescriptor+0BAh (77A5E941h)

77AED774 mov ecx,0C000022Dh

77AED779 cmp ebx,ecx

77AED77B jne RtlpWnfProcessCurrentDescriptor+12Dh (77A5E9B4h)

77AED781 mov ecx,esi

77AED783 mov dword ptr [esi+58h],edi

77AED786 mov dword ptr [esi+5Ch],2

77AED78D call _RtlpWnfCalculateRetryTime@4 (77B0FCF2h)

77AED792 jmp RtlpWnfProcessCurrentDescriptor+12Dh (77A5E9B4h)

77AED797 xor esi,esi

77AED799 lea eax,[edi+8]

77AED79C push esi

77AED79D push esi

77AED79E push ebx

77AED79F push dword ptr [edi+18h]

77AED7A2 push edi

77AED7A3 push eax

77AED7A4 call _NtGetCompleteWnfStateSubscription@24 (77A8D0F0h)

77AED7A9 test ebx,ebx

77AED7AB jne string L"??%C:"+4974Dh (77AED7BDh)

77AED7AD mov eax,dword ptr fs:[00000030h]

77AED7B3 push edi

77AED7B4 push esi

77AED7B5 push dword ptr [eax+18h]

77AED7B8 call RtlFreeHeap (77A91BD0h)

77AED7BD mov ebx,80h

77AED7C2 jmp RtlpWnfProcessCurrentDescriptor+148h (77A5E9CFh)

77AED7C7 mov eax,dword ptr [esp+0Ch]

77AED7CB push eax

77AED7CC call _RtlReleaseSRWLockExclusive@4 (77A94360h)

77AED7D1 mov eax,dword ptr ds:[77B5073Ch]

77AED7D6 add eax,4

77AED7D9 push eax

77AED7DA call _RtlReleaseSRWLockExclusive@4 (77A94360h)

77AED7DF mov eax,0C0000001h

77AED7E4 jmp RtlpRemoveUserSubFromNameSub+0EDh (77A7544Bh)

77AED7E9 push dword ptr [esi+14h]

77AED7EC mov edx,esi

77AED7EE mov ecx,ebx

77AED7F0 push dword ptr [esi+10h]

77AED7F3 push dword ptr [ebx+24h]

77AED7F6 push dword ptr [ebx+10h]

77AED7F9 push dword ptr [esi+50h]

77AED7FC call _RtlpWnfETWEventUnsubscribe@28 (77B0FF2Ah)

77AED801 jmp RtlpRemoveUserSubFromNameSub+4Ah (77A753A8h)

77AED806 cmp edi,0C0000034h

77AED80C je string L"??%C:"+497AAh (77AED81Ah)

77AED80E cmp edi,0C0000189h

77AED814 jne RtlpRemoveUserSubFromNameSub+0C6h (77A75424h)

77AED81A xor edi,edi

77AED81C jmp RtlpRemoveUserSubFromNameSub+0C6h (77A75424h)

77AED821 push dword ptr [esi+14h]

77AED824 mov ecx,esi

77AED826 push dword ptr [esi+10h]

77AED829 call _RtlpWnfETWEventNameSubRundown@12 (77B0FDF3h)

77AED82E jmp RtlpDecRefWnfNameSubscription+43h (77A75264h)

77AED833 push dword ptr [esi+58h]

77AED836 mov eax,dword ptr fs:[00000030h]

77AED83C push 0

77AED83E push dword ptr [eax+18h]

77AED841 call RtlFreeHeap (77A91BD0h)

77AED846 jmp RtlpDecRefWnfNameSubscription+7Ah (77A7529Bh)

77AED84B cmp dword ptr [esi+64h],edi

77AED84E jne RtlpWnfWalkUserSubscriptionList+0A3h (77A5E7D6h)

77AED854 jmp RtlpWnfWalkUserSubscriptionList+2B0h (77A5E9E3h)

77AED859 mov eax,dword ptr [ebp-4Ch]

77AED85C cmp eax,dword ptr [esi+4Ch]

77AED85F jg RtlpWnfWalkUserSubscriptionList+2B9h (77A5E9ECh)

77AED865 jl string L"??%C:"+49803h (77AED873h)

77AED867 mov eax,dword ptr [ebp-50h]

77AED86A cmp eax,dword ptr [esi+48h]

77AED86D jae RtlpWnfWalkUserSubscriptionList+2B9h (77A5E9ECh)

77AED873 mov eax,dword ptr [esi+5Ch]

77AED876 cmp eax,dword ptr [ebx+10h]

77AED879 jb RtlpWnfWalkUserSubscriptionList+2B9h (77A5E9ECh)

77AED87F jmp RtlpWnfWalkUserSubscriptionList+0ACh (77A5E7DFh)

77AED884 cmp dword ptr [esi+34h],edi

77AED887 jne RtlpWnfWalkUserSubscriptionList+393h (77A5EAC6h)

77AED88D cmp dword ptr [ebp-24h],0

77AED891 jge string L"??%C:"+4982Dh (77AED89Dh)

77AED893 test byte ptr [esi+20h],4

77AED897 jne RtlpWnfWalkUserSubscriptionList+393h (77A5EAC6h)

77AED89D push edi

77AED89E push edi

77AED89F push dword ptr [ebp-44h]

77AED8A2 push dword ptr [ebp-54h]

77AED8A5 push edi

77AED8A6 push dword ptr [ebp-30h]

77AED8A9 push dword ptr [ebp-34h]

77AED8AC mov ecx,dword ptr [ebp-20h]

77AED8AF call dword ptr [___guard_check_icall_fptr (77B541D0h)]

77AED8B5 call dword ptr [ebp-20h]

77AED8B8 mov dword ptr [ebp-24h],edi

77AED8BB mov eax,dword ptr [ebp-38h]

77AED8BE jmp RtlpWnfWalkUserSubscriptionList+393h (77A5EAC6h)

77AED8C3 mov dword ptr [ebp-24h],edi

77AED8C6 push eax

77AED8C7 push dword ptr [ebp-44h]

77AED8CA push dword ptr [ebp-30h]

77AED8CD push dword ptr [ebp-34h]

77AED8D0 mov ecx,dword ptr [ebp-20h]

77AED8D3 call dword ptr [___guard_check_icall_fptr (77B541D0h)]

77AED8D9 call dword ptr [ebp-20h]

77AED8DC mov eax,dword ptr [ebp-38h]

77AED8DF jmp RtlpWnfWalkUserSubscriptionList+39Eh (77A5EAD1h)

77AED8E4 push dword ptr [ebp-30h]

77AED8E7 push dword ptr [ebp-34h]

77AED8EA push dword ptr [ebp-24h]

77AED8ED push eax

77AED8EE push dword ptr [ebp-20h]

77AED8F1 push dword ptr [ebp-28h]

77AED8F4 mov edx,esi

77AED8F6 mov ecx,dword ptr [ebx+10h]

77AED8F9 call _RtlpWnfETWEventCallback@32 (77B0FD6Ah)

77AED8FE jmp RtlpWnfWalkUserSubscriptionList+3ABh (77A5EADEh)

77AED903 xor edi,edi

77AED905 mov ebx,dword ptr [ebp-70h]

77AED908 mov esi,dword ptr [ebp-78h]

77AED90B mov eax,dword ptr [ebp-6Ch]

77AED90E mov dword ptr [ebp-3Ch],eax

77AED911 mov eax,dword ptr [ebp-74h]

77AED914 mov dword ptr [ebp-48h],eax

77AED917 mov ecx,dword ptr [ebp-64h]

77AED91A jmp RtlpWnfWalkUserSubscriptionList+445h (77A5EB78h)

77AED91F mov eax,dword ptr [ebx+10h]

77AED922 sub eax,dword ptr [esi+1Ch]

77AED925 test eax,eax

77AED927 jg RtlpWnfWalkUserSubscriptionList+416h (77A5EB49h)

77AED92D jmp RtlpWnfWalkUserSubscriptionList+41Ch (77A5EB4Fh)

77AED932 mov dword ptr [esi+40h],edi

77AED935 mov dword ptr [esi+54h],edi

77AED938 mov dword ptr [esi+48h],edi

77AED93B mov dword ptr [esi+4Ch],edi

77AED93E mov dword ptr [esi+50h],edi

77AED941 mov dword ptr [esi+5Ch],edi

77AED944 jmp RtlpWnfWalkUserSubscriptionList+42Bh (77A5EB5Eh)

77AED949 test byte ptr [esi+20h],4

77AED94D je RtlpWnfWalkUserSubscriptionList+42Bh (77A5EB5Eh)

77AED953 mov dword ptr [ebp-58h],1

77AED95A push dword ptr [ebx+10h]

77AED95D mov ecx,esi

77AED95F call _RtlpWnfMarkFailure@12 (77B0FFAAh)

77AED964 jmp RtlpWnfWalkUserSubscriptionList+42Bh (77A5EB5Eh)

77AED969 push dword ptr [ebp-8]

77AED96C mov ecx,edi

77AED96E call dword ptr [___guard_check_icall_fptr (77B541D0h)]

77AED974 call edi

77AED976 jmp RtlpDecRefWnfUserSubscription+24h (77A752E9h)

77AED97B sub esi,4

77AED97E jne RtlWaitOnAddress+83h (77A75993h)

77AED984 mov esi,dword ptr [ebp+0Ch]

77AED987 mov ecx,dword ptr [esi+4]

77AED98A mov edx,ecx

77AED98C mov eax,dword ptr [esi]

77AED98E mov ebx,eax

77AED990 lock cmpxchg8b qword ptr [edi]

77AED994 cmp eax,dword ptr [esi]

77AED996 jne RtlWaitOnAddress+83h (77A75993h)

77AED99C cmp edx,dword ptr [esi+4]

77AED99F jmp RtlWaitOnAddress+7Dh (77A7598Dh)

77AED9A4 or ecx,ebx

77AED9A6 lock cmpxchg dword ptr [esi],ecx

77AED9AA cmp eax,edx

77AED9AC je string L"??%C:"+49948h (77AED9B8h)

77AED9AE mov edx,eax

77AED9B0 test eax,eax

77AED9B2 jne RtlpWaitOnAddressRemoveWaitBlock+2Fh (77A75AE2h)

77AED9B8 lea eax,[edi+14h]

77AED9BB xchg ebx,dword ptr [eax]

77AED9BD cmp ebx,2

77AED9C0 je RtlpWaitOnAddressRemoveWaitBlock+0A8h (77A75B5Bh)

77AED9C6 xor edx,edx

77AED9C8 mov ecx,edi

77AED9CA call RtlpWaitOnAddressWithTimeout (77A5476Bh)

77AED9CF jmp RtlpWaitOnAddressRemoveWaitBlock+0AAh (77A75B5Dh)

77AED9D4 mov dword ptr [esi+8],edi

77AED9D7 test edi,edi

77AED9D9 je string L"??%C:"+49970h (77AED9E0h)

77AED9DB mov dword ptr [edi+0Ch],esi

77AED9DE jmp string L"??%C:"+49973h (77AED9E3h)

77AED9E0 mov dword ptr [esi+10h],esi

77AED9E3 mov edx,edi

77AED9E5 mov edi,dword ptr [ebp-8]

77AED9E8 jmp string L"??%C:"+499A5h (77AEDA15h)

77AED9EA and dword ptr [edi+0Ch],0

77AED9EE mov eax,edi

77AED9F0 mov esi,dword ptr [ebp-14h]

77AED9F3 mov edx,edi

77AED9F5 mov edi,dword ptr [ebp-8]

77AED9F8 mov dword ptr [ebp-0Ch],eax

77AED9FB jmp string L"??%C:"+499A5h (77AEDA15h)

77AED9FD mov edi,dword ptr [ebp-8]

77AEDA00 mov edx,eax

77AEDA02 and edx,0FFFFFFFCh

77AEDA05 mov ecx,eax

77AEDA07 mov dword ptr [ebp-0Ch],edx

77AEDA0A mov eax,edx

77AEDA0C mov dword ptr [ebp-18h],ecx

77AEDA0F mov esi,dword ptr [edx+0Ch]

77AEDA12 mov dword ptr [ebp-14h],esi

77AEDA15 test edx,edx

77AEDA17 jne RtlpWaitOnAddressRemoveWaitBlock+6Ah (77A75B1Dh)

77AEDA1D cmp byte ptr [ebp-1],dl

77AEDA20 jne string L"??%C:"+499C5h (77AEDA35h)

77AEDA22 xor ecx,ecx

77AEDA24 lea eax,[edi+14h]

77AEDA27 xchg ecx,dword ptr [eax]

77AEDA29 cmp ecx,2

77AEDA2C je string L"??%C:"+499C5h (77AEDA35h)

77AEDA2E push edx

77AEDA2F push edi

77AEDA30 call _NtWaitForAlertByThreadId@8 (77A8DDB0h)

77AEDA35 mov ecx,dword ptr [ebp-0Ch]

77AEDA38 mov dword ptr [ecx+10h],esi

77AEDA3B mov ecx,dword ptr [ebp-18h]

77AEDA3E mov esi,dword ptr [ebp-10h]

77AEDA41 test cl,1

77AEDA44 je string L"??%C:"+499DDh (77AEDA4Dh)

77AEDA46 mov byte ptr [ebp-1],bl

77AEDA49 xor edx,edx

77AEDA4B jmp string L"??%C:"+499E6h (77AEDA56h)

77AEDA4D mov edx,ecx

77AEDA4F mov byte ptr [ebp-1],0

77AEDA53 and edx,0FFFFFFFCh

77AEDA56 mov eax,ecx

77AEDA58 lock cmpxchg dword ptr [esi],edx

77AEDA5C cmp eax,ecx

77AEDA5E je string L"??%C:"+499F4h (77AEDA64h)

77AEDA60 mov ecx,eax

77AEDA62 jmp string L"??%C:"+499D1h (77AEDA41h)

77AEDA64 cmp byte ptr [ebp-1],0

77AEDA68 je RtlpWaitOnAddressRemoveWaitBlock+0A8h (77A75B5Bh)

77AEDA6E push eax

77AEDA6F call _RtlpWaitOnAddressWakeEntireList@4 (77B334B4h)

77AEDA74 jmp RtlpWaitOnAddressRemoveWaitBlock+0A8h (77A75B5Bh)

77AEDA79 mov esi,dword ptr [ebp-1Ch]

77AEDA7C jmp TppAlpcpFree+69h (77ACA9A9h)

77AEDA81 cmp dword ptr [ebp+8],0

77AEDA85 jne string L"??%C:"+49A26h (77AEDA96h)

77AEDA87 mov eax,dword ptr fs:[00000030h]

77AEDA8D mov eax,dword ptr [eax+0Ch]

77AEDA90 cmp byte ptr [eax+28h],0

77AEDA94 jne string L"??%C:"+49A2Bh (77AEDA9Bh)

77AEDA96 call _TppRaiseInvalidParameter@0 (77B4592Dh)

77AEDA9B xor eax,eax

77AEDA9D jmp TppAlpcpValidateAlpc+43h (77ACAA82h)

77AEDAA2 mov esi,dword ptr [ebp-1Ch]

77AEDAA5 jmp TppPoolpFree+10Ah (77ACA279h)

77AEDAAA cmp eax,0FFFFFFFFh

77AEDAAD je LdrpUnloadNode+0F3h (77A6EEB4h)

77AEDAB3 cmp eax,0FFFFFFFCh

77AEDAB6 je LdrpUnloadNode+33h (77A6EDF4h)

77AEDABC cmp eax,6

77AEDABF je LdrpUnloadNode+33h (77A6EDF4h)

77AEDAC5 cmp eax,7

77AEDAC8 je LdrpUnloadNode+33h (77A6EDF4h)

77AEDACE jmp LdrpUnloadNode+0F3h (77A6EEB4h)

77AEDAD3 lea eax,[esi+24h]

77AEDAD6 push eax

77AEDAD7 push offset string "Unmapping DLL "%wZ"n" (77A9C664h)

77AEDADC push 2

77AEDADE push offset string "LdrpUnloadNode" (77A9C67Ah)

77AEDAE3 push 0DB9h

77AEDAE8 push offset string "minkernelntdllldrsnap.c" (77A9C32Ch)

77AEDAED call _LdrpLogDbgPrint (77B01817h)

77AEDAF2 add esp,18h

77AEDAF5 jmp LdrpUnloadNode+0A1h (77A6EE62h)

77AEDAFA xor bl,bl

 

 

 

Вот, стёк из программы на C++. Ошибка на строке 77AED4C2 mov eax,dword ptr fs:[00000018h], просто скопируйте вставьте этот текст в поиск вашего браузера и увидите его в стёке. Как исправить, чтобы программа запустилась.

 

Читать дальше

Ссылка на комментарий
Поделиться на другие сайты

Присоединяйтесь к обсуждению

Вы можете написать сейчас и зарегистрироваться позже. Если у вас есть аккаунт, авторизуйтесь, чтобы опубликовать от имени своего аккаунта.

Гость
Ответить в этой теме...

×   Вставлено с форматированием.   Вставить как обычный текст

  Разрешено использовать не более 75 эмодзи.

×   Ваша ссылка была автоматически встроена.   Отображать как обычную ссылку

×   Ваш предыдущий контент был восстановлен.   Очистить редактор

×   Вы не можете вставлять изображения напрямую. Загружайте или вставляйте изображения по ссылке.

Загрузка...
×
 Поделиться
Перейти к списку тем
×
×
  • Создать...