CommandLine: "C:\Program Files\ALW\test_windbg\Register_All_Ocx.bat" Symbol search path is: srv*c:\temp\symbols*http://msdl.microsoft.com/download/symbols;C:\Program Files\ALW\test_windbg;srv* Executable search path is: ModLoad: 4ad00000 4ad61000 cmd.exe ModLoad: 7c900000 7c9b2000 ntdll.dll ModLoad: 7c800000 7c8f6000 C:\WINDOWS\system32\kernel32.dll ModLoad: 77c10000 77c68000 C:\WINDOWS\system32\msvcrt.dll ModLoad: 7e410000 7e4a1000 C:\WINDOWS\system32\USER32.dll ModLoad: 77f10000 77f59000 C:\WINDOWS\system32\GDI32.dll (d6c.e38): Break instruction exception - code 80000003 (first chance) eax=00241eb4 ebx=7ffde000 ecx=00000007 edx=00000080 esi=00241f48 edi=00241eb4 eip=7c90120e esp=0012fb20 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!DbgBreakPoint: 7c90120e cc int 3 0:000> p eax=00241eb4 ebx=7ffde000 ecx=00000007 edx=00000080 esi=00241f48 edi=00241eb4 eip=7c90120f esp=0012fb20 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!DbgBreakPoint+0x1: 7c90120f c3 ret 0:000> p eax=00241eb4 ebx=7ffde000 ecx=00000007 edx=00000080 esi=00241f48 edi=00241eb4 eip=7c9402ed esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x1014: 7c9402ed 8b4368 mov eax,dword ptr [ebx+68h] ds:0023:7ffde068=00000070 0:000> p eax=00000070 ebx=7ffde000 ecx=00000007 edx=00000080 esi=00241f48 edi=00241eb4 eip=7c9402f0 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x1017: 7c9402f0 d1e8 shr eax,1 0:000> p eax=00000038 ebx=7ffde000 ecx=00000007 edx=00000080 esi=00241f48 edi=00241eb4 eip=7c9402f2 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x1019: 7c9402f2 2401 and al,1 0:000> p eax=00000000 ebx=7ffde000 ecx=00000007 edx=00000080 esi=00241f48 edi=00241eb4 eip=7c9402f4 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x101b: 7c9402f4 a2c1e1977c mov byte ptr [ntdll!ShowSnaps (7c97e1c1)],al ds:0023:7c97e1c1=00 0:000> p eax=00000000 ebx=7ffde000 ecx=00000007 edx=00000080 esi=00241f48 edi=00241eb4 eip=7c9402f9 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x1020: 7c9402f9 e906f8fdff jmp ntdll!LdrpInitializeProcess+0x1020 (7c91fb04) 0:000> p eax=00000000 ebx=7ffde000 ecx=00000007 edx=00000080 esi=00241f48 edi=00241eb4 eip=7c91fb04 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x1020: 7c91fb04 833d28f3977c01 cmp dword ptr [ntdll!LdrpNumberOfProcessors (7c97f328)],1 ds:0023:7c97f328=00000002 0:000> p eax=00000000 ebx=7ffde000 ecx=00000007 edx=00000080 esi=00241f48 edi=00241eb4 eip=7c91fb0b esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x1027: 7c91fb0b 7606 jbe ntdll!LdrpInitializeProcess+0x102f (7c91fb13) [br=0] 0:000> p eax=00000000 ebx=7ffde000 ecx=00000007 edx=00000080 esi=00241f48 edi=00241eb4 eip=7c91fb0d esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x1029: 7c91fb0d 56 push esi 0:000> p eax=00000000 ebx=7ffde000 ecx=00000007 edx=00000080 esi=00241f48 edi=00241eb4 eip=7c91fb0e esp=0012fb20 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x102a: 7c91fb0e e800710000 call ntdll!LdrpValidateImageForMp (7c926c13) 0:000> p eax=00000000 ebx=7ffde000 ecx=00000040 edx=000512a0 esi=00241f48 edi=00241eb4 eip=7c91fb13 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x102f: 7c91fb13 83659400 and dword ptr [ebp-6Ch],0 ss:0023:0012fc28=00000000 0:000> p eax=00000000 ebx=7ffde000 ecx=00000040 edx=000512a0 esi=00241f48 edi=00241eb4 eip=7c91fb17 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x1033: 7c91fb17 803dd502fe7f01 cmp byte ptr [SharedUserData+0x2d5 (7ffe02d5)],1 ds:0023:7ffe02d5=02 0:000> p eax=00000000 ebx=7ffde000 ecx=00000040 edx=000512a0 esi=00241f48 edi=00241eb4 eip=7c91fb1e esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x103a: 7c91fb1e 0f84da070200 je ntdll!LdrpInitializeProcess+0x103c (7c9402fe) [br=0] 0:000> p eax=00000000 ebx=7ffde000 ecx=00000040 edx=000512a0 esi=00241f48 edi=00241eb4 eip=7c91fb24 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x1045: 7c91fb24 803dd502fe7f00 cmp byte ptr [SharedUserData+0x2d5 (7ffe02d5)],0 ds:0023:7ffe02d5=02 0:000> p eax=00000000 ebx=7ffde000 ecx=00000040 edx=000512a0 esi=00241f48 edi=00241eb4 eip=7c91fb2b esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x104c: 7c91fb2b 0f84d6070200 je ntdll!LdrpInitializeProcess+0x104e (7c940307) [br=0] 0:000> p eax=00000000 ebx=7ffde000 ecx=00000040 edx=000512a0 esi=00241f48 edi=00241eb4 eip=7c91fb31 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x1064: 7c91fb31 8bbdfcfeffff mov edi,dword ptr [ebp-104h] ss:0023:0012fb90=00000000 0:000> p eax=00000000 ebx=7ffde000 ecx=00000040 edx=000512a0 esi=00241f48 edi=00000000 eip=7c91fb37 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x106a: 7c91fb37 33f6 xor esi,esi 0:000> p eax=00000000 ebx=7ffde000 ecx=00000040 edx=000512a0 esi=00000000 edi=00000000 eip=7c91fb39 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x106c: 7c91fb39 3bfe cmp edi,esi 0:000> p eax=00000000 ebx=7ffde000 ecx=00000040 edx=000512a0 esi=00000000 edi=00000000 eip=7c91fb3b esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x106e: 7c91fb3b 0f84bf250000 je ntdll!LdrpInitializeProcess+0x1085 (7c922100) [br=1] 0:000> p eax=00000000 ebx=7ffde000 ecx=00000040 edx=000512a0 esi=00000000 edi=00000000 eip=7c922100 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x1085: 7c922100 ff7518 push dword ptr [ebp+18h] ss:0023:0012fcac=7c926b00 0:000> p eax=00000000 ebx=7ffde000 ecx=00000040 edx=000512a0 esi=00000000 edi=00000000 eip=7c922103 esp=0012fb20 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x1088: 7c922103 ffb528ffffff push dword ptr [ebp-0D8h] ss:0023:0012fbbc=0012fce0 0:000> p eax=00000000 ebx=7ffde000 ecx=00000040 edx=000512a0 esi=00000000 edi=00000000 eip=7c922109 esp=0012fb1c ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x108e: 7c922109 e80a000000 call ntdll!LdrQueryApplicationCompatibilityGoo (7c922118) 0:000> p eax=c0000100 ebx=7ffde000 ecx=7c9221cb edx=7c980620 esi=00000000 edi=00000000 eip=7c92210e esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x1093: 7c92210e e941daffff jmp ntdll!LdrpInitializeProcess+0x1093 (7c91fb54) 0:000> p eax=c0000100 ebx=7ffde000 ecx=7c9221cb edx=7c980620 esi=00000000 edi=00000000 eip=7c91fb54 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x1093: 7c91fb54 897594 mov dword ptr [ebp-6Ch],esi ss:0023:0012fc28=00000000 0:000> p eax=c0000100 ebx=7ffde000 ecx=7c9221cb edx=7c980620 esi=00000000 edi=00000000 eip=7c91fb57 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x1096: 7c91fb57 803dd502fe7f02 cmp byte ptr [SharedUserData+0x2d5 (7ffe02d5)],2 ds:0023:7ffe02d5=02 0:000> p eax=c0000100 ebx=7ffde000 ecx=7c9221cb edx=7c980620 esi=00000000 edi=00000000 eip=7c91fb5e esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x109d: 7c91fb5e 751d jne ntdll!LdrpInitializeProcess+0x10bf (7c91fb7d) [br=0] 0:000> p eax=c0000100 ebx=7ffde000 ecx=7c9221cb edx=7c980620 esi=00000000 edi=00000000 eip=7c91fb60 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x109f: 7c91fb60 8b8564ffffff mov eax,dword ptr [ebp-9Ch] ss:0023:0012fbf8={cmd!_imp__FlushConsoleInputBuffer (cmd+0xd8) (4ad000d8)} 0:000> p eax=4ad000d8 ebx=7ffde000 ecx=7c9221cb edx=7c980620 esi=00000000 edi=00000000 eip=7c91fb66 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x10a5: 7c91fb66 6683785c01 cmp word ptr [eax+5Ch],1 ds:0023:4ad00134=0003 0:000> p eax=4ad000d8 ebx=7ffde000 ecx=7c9221cb edx=7c980620 esi=00000000 edi=00000000 eip=7c91fb6b esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x10aa: 7c91fb6b 7410 je ntdll!LdrpInitializeProcess+0x10bf (7c91fb7d) [br=0] 0:000> p eax=4ad000d8 ebx=7ffde000 ecx=7c9221cb edx=7c980620 esi=00000000 edi=00000000 eip=7c91fb6d esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x10ac: 7c91fb6d 8b8524ffffff mov eax,dword ptr [ebp-0DCh] ss:0023:0012fbb8=00020000 0:000> p eax=00020000 ebx=7ffde000 ecx=7c9221cb edx=7c980620 esi=00000000 edi=00000000 eip=7c91fb73 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x10b2: 7c91fb73 f6400a02 test byte ptr [eax+0Ah],2 ds:0023:0002000a=00 0:000> p eax=00020000 ebx=7ffde000 ecx=7c9221cb edx=7c980620 esi=00000000 edi=00000000 eip=7c91fb77 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x10b6: 7c91fb77 0f8475020000 je ntdll!LdrpInitializeProcess+0x10b8 (7c91fdf2) [br=1] 0:000> p eax=00020000 ebx=7ffde000 ecx=7c9221cb edx=7c980620 esi=00000000 edi=00000000 eip=7c91fdf2 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x10b8: 7c91fdf2 c7459402000000 mov dword ptr [ebp-6Ch],2 ss:0023:0012fc28=00000000 0:000> p eax=00020000 ebx=7ffde000 ecx=7c9221cb edx=7c980620 esi=00000000 edi=00000000 eip=7c91fdf9 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x10bf: 7c91fdf9 e97ffdffff jmp ntdll!LdrpInitializeProcess+0x10bf (7c91fb7d) 0:000> p eax=00020000 ebx=7ffde000 ecx=7c9221cb edx=7c980620 esi=00000000 edi=00000000 eip=7c91fb7d esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x10bf: 7c91fb7d ffb564ffffff push dword ptr [ebp-9Ch] ss:0023:0012fbf8={cmd!_imp__FlushConsoleInputBuffer (cmd+0xd8) (4ad000d8)} 0:000> p eax=00020000 ebx=7ffde000 ecx=7c9221cb edx=7c980620 esi=00000000 edi=00000000 eip=7c91fb83 esp=0012fb20 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x10c5: 7c91fb83 e8531b0000 call ntdll!LdrpCheckForSecuROMImage (7c9216db) 0:000> p eax=00061000 ebx=7ffde000 ecx=0012fa6c edx=7c90e514 esi=00000000 edi=00000000 eip=7c91fb88 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206 ntdll!LdrpInitializeProcess+0x10ca: 7c91fb88 3c01 cmp al,1 0:000> p eax=00061000 ebx=7ffde000 ecx=0012fa6c edx=7c90e514 esi=00000000 edi=00000000 eip=7c91fb8a esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 ntdll!LdrpInitializeProcess+0x10cc: 7c91fb8a 0f84196c0100 je ntdll!LdrpInitializeProcess+0x10ec (7c9367a9) [br=0] 0:000> p eax=00061000 ebx=7ffde000 ecx=0012fa6c edx=7c90e514 esi=00000000 edi=00000000 eip=7c91fb90 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 ntdll!LdrpInitializeProcess+0x10ce: 7c91fb90 ffb564ffffff push dword ptr [ebp-9Ch] ss:0023:0012fbf8={cmd!_imp__FlushConsoleInputBuffer (cmd+0xd8) (4ad000d8)} 0:000> p eax=00061000 ebx=7ffde000 ecx=0012fa6c edx=7c90e514 esi=00000000 edi=00000000 eip=7c91fb96 esp=0012fb20 ebp=0012fc94 iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 ntdll!LdrpInitializeProcess+0x10d4: 7c91fb96 e8eb190000 call ntdll!LdrpCheckForNXEntryAddress (7c921586) 0:000> p eax=00000000 ebx=7ffde000 ecx=00000003 edx=4ad001d0 esi=00000000 edi=00000000 eip=7c91fb9b esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x10d9: 7c91fb9b 3c01 cmp al,1 0:000> p eax=00000000 ebx=7ffde000 ecx=00000003 edx=4ad001d0 esi=00000000 edi=00000000 eip=7c91fb9d esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 ntdll!LdrpInitializeProcess+0x10db: 7c91fb9d 0f84066c0100 je ntdll!LdrpInitializeProcess+0x10ec (7c9367a9) [br=0] 0:000> p eax=00000000 ebx=7ffde000 ecx=00000003 edx=4ad001d0 esi=00000000 edi=00000000 eip=7c91fba3 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 ntdll!LdrpInitializeProcess+0x10dd: 7c91fba3 ffb564ffffff push dword ptr [ebp-9Ch] ss:0023:0012fbf8={cmd!_imp__FlushConsoleInputBuffer (cmd+0xd8) (4ad000d8)} 0:000> p eax=00000000 ebx=7ffde000 ecx=00000003 edx=4ad001d0 esi=00000000 edi=00000000 eip=7c91fba9 esp=0012fb20 ebp=0012fc94 iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 ntdll!LdrpInitializeProcess+0x10e3: 7c91fba9 e8361a0000 call ntdll!LdrpCheckForSafeDiscImage (7c9215e4) 0:000> p eax=00000000 ebx=7ffde000 ecx=ffffffff edx=4ad001d0 esi=00000000 edi=00000000 eip=7c91fbae esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x10e8: 7c91fbae 3c01 cmp al,1 0:000> p eax=00000000 ebx=7ffde000 ecx=ffffffff edx=4ad001d0 esi=00000000 edi=00000000 eip=7c91fbb0 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 ntdll!LdrpInitializeProcess+0x10ea: 7c91fbb0 0f84f36b0100 je ntdll!LdrpInitializeProcess+0x10ec (7c9367a9) [br=0] 0:000> p eax=00000000 ebx=7ffde000 ecx=ffffffff edx=4ad001d0 esi=00000000 edi=00000000 eip=7c91fbb6 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000297 ntdll!LdrpInitializeProcess+0x10f8: 7c91fbb6 397594 cmp dword ptr [ebp-6Ch],esi ss:0023:0012fc28=00000002 0:000> p eax=00000000 ebx=7ffde000 ecx=ffffffff edx=4ad001d0 esi=00000000 edi=00000000 eip=7c91fbb9 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x10fb: 7c91fbb9 0f853f020000 jne ntdll!LdrpInitializeProcess+0x10fd (7c91fdfe) [br=1] 0:000> p eax=00000000 ebx=7ffde000 ecx=ffffffff edx=4ad001d0 esi=00000000 edi=00000000 eip=7c91fdfe esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x10fd: 7c91fdfe 6a04 push 4 0:000> p eax=00000000 ebx=7ffde000 ecx=ffffffff edx=4ad001d0 esi=00000000 edi=00000000 eip=7c91fe00 esp=0012fb20 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x10ff: 7c91fe00 8d4594 lea eax,[ebp-6Ch] 0:000> p eax=0012fc28 ebx=7ffde000 ecx=ffffffff edx=4ad001d0 esi=00000000 edi=00000000 eip=7c91fe03 esp=0012fb20 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x1102: 7c91fe03 50 push eax 0:000> p eax=0012fc28 ebx=7ffde000 ecx=ffffffff edx=4ad001d0 esi=00000000 edi=00000000 eip=7c91fe04 esp=0012fb1c ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x1103: 7c91fe04 6a22 push 22h 0:000> p eax=0012fc28 ebx=7ffde000 ecx=ffffffff edx=4ad001d0 esi=00000000 edi=00000000 eip=7c91fe06 esp=0012fb18 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x1105: 7c91fe06 6aff push 0FFFFFFFFh 0:000> p eax=0012fc28 ebx=7ffde000 ecx=ffffffff edx=4ad001d0 esi=00000000 edi=00000000 eip=7c91fe08 esp=0012fb14 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x1107: 7c91fe08 e891defeff call ntdll!ZwSetInformationProcess (7c90dc9e) 0:000> p eax=00000000 ebx=7ffde000 ecx=0012fb0c edx=7c90e514 esi=00000000 edi=00000000 eip=7c91fe0d esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x110c: 7c91fe0d e9adfdffff jmp ntdll!LdrpInitializeProcess+0x110c (7c91fbbf) 0:000> p eax=00000000 ebx=7ffde000 ecx=0012fb0c edx=7c90e514 esi=00000000 edi=00000000 eip=7c91fbbf esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202 ntdll!LdrpInitializeProcess+0x110c: 7c91fbbf 397588 cmp dword ptr [ebp-78h],esi ss:0023:0012fc1c={kernel32!BaseProcessInitPostImport (7c8164a3)} 0:000> p eax=00000000 ebx=7ffde000 ecx=0012fb0c edx=7c90e514 esi=00000000 edi=00000000 eip=7c91fbc2 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206 ntdll!LdrpInitializeProcess+0x110f: 7c91fbc2 740d je ntdll!LdrpInitializeProcess+0x1140 (7c91fbd1) [br=0] 0:000> p eax=00000000 ebx=7ffde000 ecx=0012fb0c edx=7c90e514 esi=00000000 edi=00000000 eip=7c91fbc4 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206 ntdll!LdrpInitializeProcess+0x1111: 7c91fbc4 ff5588 call dword ptr [ebp-78h] ss:0023:0012fc1c={kernel32!BaseProcessInitPostImport (7c8164a3)} 0:000> p eax=00000000 ebx=7ffde000 ecx=7c910323 edx=000000d8 esi=00000000 edi=00000000 eip=7c91fbc7 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x1114: 7c91fbc7 8bf0 mov esi,eax 0:000> p eax=00000000 ebx=7ffde000 ecx=7c910323 edx=000000d8 esi=00000000 edi=00000000 eip=7c91fbc9 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x1116: 7c91fbc9 85f6 test esi,esi 0:000> p eax=00000000 ebx=7ffde000 ecx=7c910323 edx=000000d8 esi=00000000 edi=00000000 eip=7c91fbcb esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x1118: 7c91fbcb 0f8c5d070200 jl ntdll!LdrpInitializeProcess+0x111a (7c94032e) [br=0] 0:000> p eax=00000000 ebx=7ffde000 ecx=7c910323 edx=000000d8 esi=00000000 edi=00000000 eip=7c91fbd1 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x1140: 7c91fbd1 ffb520ffffff push dword ptr [ebp-0E0h] ss:0023:0012fbb4=0012fd30 0:000> p eax=00000000 ebx=7ffde000 ecx=7c910323 edx=000000d8 esi=00000000 edi=00000000 eip=7c91fbd7 esp=0012fb20 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x1146: 7c91fbd7 e8f1b7ffff call ntdll!LdrpRunInitializeRoutines (7c91b3cd) 0:000> p ModLoad: 76390000 763ad000 C:\WINDOWS\system32\IMM32.DLL ModLoad: 77dd0000 77e6b000 C:\WINDOWS\system32\ADVAPI32.dll ModLoad: 77e70000 77f03000 C:\WINDOWS\system32\RPCRT4.dll ModLoad: 77fe0000 77ff1000 C:\WINDOWS\system32\Secur32.dll ModLoad: 629c0000 629c9000 C:\WINDOWS\system32\LPK.DLL ModLoad: 74d90000 74dfb000 C:\WINDOWS\system32\USP10.dll eax=00000000 ebx=7ffde000 ecx=7c91b619 edx=000001b0 esi=00000000 edi=00000000 eip=7c91fbdc esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x114b: 7c91fbdc 8bf0 mov esi,eax 0:000> p eax=00000000 ebx=7ffde000 ecx=7c91b619 edx=000001b0 esi=00000000 edi=00000000 eip=7c91fbde esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x114d: 7c91fbde 85f6 test esi,esi 0:000> p eax=00000000 ebx=7ffde000 ecx=7c91b619 edx=000001b0 esi=00000000 edi=00000000 eip=7c91fbe0 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x114f: 7c91fbe0 0f8c6e070200 jl ntdll!LdrpInitializeProcess+0x1151 (7c940354) [br=0] 0:000> p eax=00000000 ebx=7ffde000 ecx=7c91b619 edx=000001b0 esi=00000000 edi=00000000 eip=7c91fbe6 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x1181: 7c91fbe6 833dcce1977c00 cmp dword ptr [ntdll!g_ShimsEnabled (7c97e1cc)],0 ds:0023:7c97e1cc=00000000 0:000> p eax=00000000 ebx=7ffde000 ecx=7c91b619 edx=000001b0 esi=00000000 edi=00000000 eip=7c91fbed esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x1188: 7c91fbed 741c je ntdll!LdrpInitializeProcess+0x11a7 (7c91fc0b) [br=1] 0:000> p eax=00000000 ebx=7ffde000 ecx=7c91b619 edx=000001b0 esi=00000000 edi=00000000 eip=7c91fc0b esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x11a7: 7c91fc0b 8b9b4c010000 mov ebx,dword ptr [ebx+14Ch] ds:0023:7ffde14c=00000000 0:000> p eax=00000000 ebx=00000000 ecx=7c91b619 edx=000001b0 esi=00000000 edi=00000000 eip=7c91fc11 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x11ad: 7c91fc11 85db test ebx,ebx 0:000> p eax=00000000 ebx=00000000 ecx=7c91b619 edx=000001b0 esi=00000000 edi=00000000 eip=7c91fc13 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x11af: 7c91fc13 0f856b070200 jne ntdll!LdrpInitializeProcess+0x11b1 (7c940384) [br=0] 0:000> p eax=00000000 ebx=00000000 ecx=7c91b619 edx=000001b0 esi=00000000 edi=00000000 eip=7c91fc19 esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x11b3: 7c91fc19 33c0 xor eax,eax 0:000> p eax=00000000 ebx=00000000 ecx=7c91b619 edx=000001b0 esi=00000000 edi=00000000 eip=7c91fc1b esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x11e4: 7c91fc1b 8b4dfc mov ecx,dword ptr [ebp-4] ss:0023:0012fc90=00003c15 0:000> p eax=00000000 ebx=00000000 ecx=00003c15 edx=000001b0 esi=00000000 edi=00000000 eip=7c91fc1e esp=0012fb24 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x11e7: 7c91fc1e 5f pop edi 0:000> p eax=00000000 ebx=00000000 ecx=00003c15 edx=000001b0 esi=00000000 edi=7ffdd000 eip=7c91fc1f esp=0012fb28 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x11e8: 7c91fc1f 5e pop esi 0:000> p eax=00000000 ebx=00000000 ecx=00003c15 edx=000001b0 esi=7ffde000 edi=7ffdd000 eip=7c91fc20 esp=0012fb2c ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x11e9: 7c91fc20 5b pop ebx 0:000> p eax=00000000 ebx=00000000 ecx=00003c15 edx=000001b0 esi=7ffde000 edi=7ffdd000 eip=7c91fc21 esp=0012fb30 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x11ea: 7c91fc21 e85102ffff call ntdll!__security_check_cookie (7c90fe77) 0:000> p eax=00000000 ebx=00000000 ecx=00003c15 edx=000001b0 esi=7ffde000 edi=7ffdd000 eip=7c91fc26 esp=0012fb30 ebp=0012fc94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x11ef: 7c91fc26 c9 leave 0:000> p eax=00000000 ebx=00000000 ecx=00003c15 edx=000001b0 esi=7ffde000 edi=7ffdd000 eip=7c91fc27 esp=0012fc98 ebp=0012fd1c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!LdrpInitializeProcess+0x11f0: 7c91fc27 c21400 ret 14h 0:000> p eax=00000000 ebx=00000000 ecx=00003c15 edx=000001b0 esi=7ffde000 edi=7ffdd000 eip=7c91fad7 esp=0012fcb0 ebp=0012fd1c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!_LdrpInitialize+0x183: 7c91fad7 8bf8 mov edi,eax 0:000> p eax=00000000 ebx=00000000 ecx=00003c15 edx=000001b0 esi=7ffde000 edi=00000000 eip=7c91fad9 esp=0012fcb0 ebp=0012fd1c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!_LdrpInitialize+0x185: 7c91fad9 897de0 mov dword ptr [ebp-20h],edi ss:0023:0012fcfc=00000000 0:000> p eax=00000000 ebx=00000000 ecx=00003c15 edx=000001b0 esi=7ffde000 edi=00000000 eip=7c91fadc esp=0012fcb0 ebp=0012fd1c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!_LdrpInitialize+0x188: 7c91fadc 3bfb cmp edi,ebx 0:000> p eax=00000000 ebx=00000000 ecx=00003c15 edx=000001b0 esi=7ffde000 edi=00000000 eip=7c91fade esp=0012fcb0 ebp=0012fd1c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!_LdrpInitialize+0x18a: 7c91fade 0f8cac120200 jl ntdll!_LdrpInitialize+0x18c (7c940d90) [br=0] 0:000> p eax=00000000 ebx=00000000 ecx=00003c15 edx=000001b0 esi=7ffde000 edi=00000000 eip=7c91fae4 esp=0012fcb0 ebp=0012fd1c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!_LdrpInitialize+0x1bd: 7c91fae4 8bb608020000 mov esi,dword ptr [esi+208h] ds:0023:7ffde208=00000000 0:000> p eax=00000000 ebx=00000000 ecx=00003c15 edx=000001b0 esi=00000000 edi=00000000 eip=7c91faea esp=0012fcb0 ebp=0012fd1c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!_LdrpInitialize+0x1c3: 7c91faea 3bf3 cmp esi,ebx 0:000> p eax=00000000 ebx=00000000 ecx=00003c15 edx=000001b0 esi=00000000 edi=00000000 eip=7c91faec esp=0012fcb0 ebp=0012fd1c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!_LdrpInitialize+0x1c5: 7c91faec 0f85cd120200 jne ntdll!_LdrpInitialize+0x1c7 (7c940dbf) [br=0] 0:000> p eax=00000000 ebx=00000000 ecx=00003c15 edx=000001b0 esi=00000000 edi=00000000 eip=7c91faf2 esp=0012fcb0 ebp=0012fd1c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!_LdrpInitialize+0x1d0: 7c91faf2 895dfc mov dword ptr [ebp-4],ebx ss:0023:0012fd18=00000001 0:000> p eax=00000000 ebx=00000000 ecx=00003c15 edx=000001b0 esi=00000000 edi=00000000 eip=7c91faf5 esp=0012fcb0 ebp=0012fd1c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!_LdrpInitialize+0x1d3: 7c91faf5 e9ec9dffff jmp ntdll!_LdrpInitialize+0x219 (7c9198e6) 0:000> p eax=00000000 ebx=00000000 ecx=00003c15 edx=000001b0 esi=00000000 edi=00000000 eip=7c9198e6 esp=0012fcb0 ebp=0012fd1c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!_LdrpInitialize+0x219: 7c9198e6 834dfcff or dword ptr [ebp-4],0FFFFFFFFh ss:0023:0012fd18=00000000 0:000> p eax=00000000 ebx=00000000 ecx=00003c15 edx=000001b0 esi=00000000 edi=00000000 eip=7c9198ea esp=0012fcb0 ebp=0012fd1c iopl=0 nv up ei ng nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000286 ntdll!_LdrpInitialize+0x21d: 7c9198ea e87d000000 call ntdll!_LdrpInitialize+0x24b (7c91996c) 0:000> p eax=00000000 ebx=00000000 ecx=00003c15 edx=7c97e174 esi=00000000 edi=00000000 eip=7c9198ef esp=0012fcb0 ebp=0012fd1c iopl=0 nv up ei ng nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000296 ntdll!_LdrpInitialize+0x222: 7c9198ef e89a45ffff call ntdll!ZwTestAlert (7c90de8e) 0:000> p eax=00000000 ebx=00000000 ecx=0012fca8 edx=7c90e514 esi=00000000 edi=00000000 eip=7c9198f4 esp=0012fcb0 ebp=0012fd1c iopl=0 nv up ei ng nz ac pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000296 ntdll!_LdrpInitialize+0x227: 7c9198f4 395de0 cmp dword ptr [ebp-20h],ebx ss:0023:0012fcfc=00000000 0:000> p eax=00000000 ebx=00000000 ecx=0012fca8 edx=7c90e514 esi=00000000 edi=00000000 eip=7c9198f7 esp=0012fcb0 ebp=0012fd1c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!_LdrpInitialize+0x22a: 7c9198f7 0f8c18750200 jl ntdll!_LdrpInitialize+0x22c (7c940e15) [br=0] 0:000> p eax=00000000 ebx=00000000 ecx=0012fca8 edx=7c90e514 esi=00000000 edi=00000000 eip=7c9198fd esp=0012fcb0 ebp=0012fd1c iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!_LdrpInitialize+0x241: 7c9198fd e80450ffff call ntdll!_SEH_epilog (7c90e906) 0:000> p eax=00000000 ebx=7ffde000 ecx=7c919902 edx=7c90e514 esi=061ff78c edi=0012fd30 eip=7c919902 esp=0012fd20 ebp=00000000 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!_LdrpInitialize+0x246: 7c919902 c20c00 ret 0Ch 0:000> p eax=00000000 ebx=7ffde000 ecx=7c919902 edx=7c90e514 esi=061ff78c edi=0012fd30 eip=7c90e457 esp=0012fd30 ebp=00000000 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!KiUserApcDispatcher+0x7: 7c90e457 6a01 push 1 0:000> p eax=00000000 ebx=7ffde000 ecx=7c919902 edx=7c90e514 esi=061ff78c edi=0012fd30 eip=7c90e459 esp=0012fd2c ebp=00000000 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!KiUserApcDispatcher+0x9: 7c90e459 57 push edi 0:000> p eax=00000000 ebx=7ffde000 ecx=7c919902 edx=7c90e514 esi=061ff78c edi=0012fd30 eip=7c90e45a esp=0012fd28 ebp=00000000 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!KiUserApcDispatcher+0xa: 7c90e45a e8ffebffff call ntdll!ZwContinue (7c90d05e) 0:000> t eax=00000000 ebx=7ffde000 ecx=7c919902 edx=7c90e514 esi=061ff78c edi=0012fd30 eip=7c90d05e esp=0012fd24 ebp=00000000 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!ZwContinue: 7c90d05e b820000000 mov eax,20h 0:000> t eax=00000020 ebx=7ffde000 ecx=7c919902 edx=7c90e514 esi=061ff78c edi=0012fd30 eip=7c90d063 esp=0012fd24 ebp=00000000 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!NtContinue+0x5: 7c90d063 ba0003fe7f mov edx,offset SharedUserData!SystemCallStub (7ffe0300) 0:000> t eax=00000020 ebx=7ffde000 ecx=7c919902 edx=7ffe0300 esi=061ff78c edi=0012fd30 eip=7c90d068 esp=0012fd24 ebp=00000000 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!NtContinue+0xa: 7c90d068 ff12 call dword ptr [edx] ds:0023:7ffe0300={ntdll!KiFastSystemCall (7c90e510)} 0:000> t eax=00000020 ebx=7ffde000 ecx=7c919902 edx=7ffe0300 esi=061ff78c edi=0012fd30 eip=7c90e510 esp=0012fd20 ebp=00000000 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!KiFastSystemCall: 7c90e510 8bd4 mov edx,esp 0:000> t eax=00000020 ebx=7ffde000 ecx=7c919902 edx=0012fd20 esi=061ff78c edi=0012fd30 eip=7c90e512 esp=0012fd20 ebp=00000000 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!KiFastSystemCall+0x2: 7c90e512 0f34 sysenter 0:000> t ModLoad: 77b40000 77b62000 C:\WINDOWS\system32\Apphelp.dll ModLoad: 77c00000 77c08000 C:\WINDOWS\system32\VERSION.dll ----> message Register succeeded ----> appui ok eax=00000000 ebx=00000000 ecx=7c800000 edx=7c97e120 esi=7c90de6e edi=00000000 eip=7c90e514 esp=0012fd98 ebp=0012fe94 iopl=0 nv up ei pl zr na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 ntdll!KiFastSystemCallRet: 7c90e514 c3 ret