瑞星卡卡安全论坛技术交流区系统软件 【讨论】無意中在文本文檔裡面發現的.很多一下發不完.

1   1  /  1  页   跳转

【讨论】無意中在文本文檔裡面發現的.很多一下發不完.

收藏
lake1
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2006-10-14
  • 来自:
发表于: 2006-10-14 17:24 | 只看楼主 短消息 资料
字号: 1楼

【讨论】無意中在文本文檔裡面發現的.很多一下發不完.

Microsoft (R) DrWtsn32
Copyright (C) 1985-2001 Microsoft Corp. All rights reserved.



发生应用程序意外错误:
应用程序: E:\联众世界\SiTuan.exe (pid=3704)
时间: 2006-10-7 @ 20:59:27.937
意外情况编号: c0000005 (访问侵犯)

*----> 系统信息 <----*
计算机名: LXY-A5CB90F99F3
用户名: Administrator
终端会话 Id: 0
处理器数量: 1
处理器类型: x86 Family 15 Model 44 Stepping 2
Windows 版本: 5.1
当前内部版本号: 2600
Service Pack: 2
当前类型: Uniprocessor Free
注册的单位: 硬件维护小组
注册的所有者: 微软用户

*----> 任务列表 <----*
0 System Process
4 System
552 smss.exe
612 csrss.exe
652 winlogon.exe
696 services.exe
708 lsass.exe
860 Ati2evxx.exe
872 svchost.exe
972 svchost.exe
1068 CCenter.exe
1084 svchost.exe
1168 svchost.exe
1280 svchost.exe
1308 Ravmond.exe
1380 rfwsrv.exe
1544 spoolsv.exe
1640 RavStub.exe
1844 Ati2evxx.exe
1932 Explorer.EXE
1976 RfwMain.exe
2044 RavTask.exe
144 Ravmon.exe
180 ctfmon.exe
236 QQ.exe
1776 wmplayer.exe
436 wdfmgr.exe
2276 alg.exe
2612 Error 0x8007007A
2804 Error 0x8007007A
3704 Error 0x8007007A
2436 drwtsn32.exe

*----> 模块清单 <----*
(0000000000400000 - 000000000047b000: E:\ÁªÖÚÊÀ½ç\SiTuan.exe
(0000000000a90000 - 0000000000ad3000: E:\ÁªÖÚÊÀ½ç\SiTuan_Res.dll
(0000000000ae0000 - 0000000000aee000: E:\ÁªÖÚÊÀ½ç\SiTuan_Board.dll
(00000000014d0000 - 00000000015b8000: E:\ÁªÖÚÊÀ½ç\GLChatEx.ocx
(00000000015c0000 - 00000000015e3000: E:\ÁªÖÚÊÀ½ç\glchatex.dll
(0000000010000000 - 0000000010080000: E:\ÁªÖÚÊÀ½ç\odctrls\SiTuan_skn.DLL
(000000005adc0000 - 000000005adf7000: C:\WINDOWS\system32\uxtheme.dll
(000000005d170000 - 000000005d207000: C:\WINDOWS\system32\COMCTL32.dll
(000000005efe0000 - 000000005eff7000: C:\WINDOWS\system32\OLEPRO32.DLL
(0000000060fd0000 - 0000000061025000: C:\WINDOWS\system32\hnetcfg.dll
(0000000061be0000 - 0000000061bed000: C:\WINDOWS\system32\MFC42LOC.DLL
(0000000062c20000 - 0000000062c29000: C:\WINDOWS\system32\LPK.DLL
(0000000070e20000 - 0000000070e33000: C:\WINDOWS\system32\asycfilt.dll
(00000000719c0000 - 00000000719fe000: C:\WINDOWS\system32\mswsock.dll
(0000000071a00000 - 0000000071a08000: C:\WINDOWS\System32\wshtcpip.dll
(0000000071a10000 - 0000000071a18000: C:\WINDOWS\system32\WS2HELP.dll
(0000000071a20000 - 0000000071a37000: C:\WINDOWS\system32\WS2_32.dll
(0000000071a40000 - 0000000071a4b000: C:\WINDOWS\system32\WSOCK32.dll
(0000000073640000 - 000000007366e000: C:\WINDOWS\system32\msctfime.ime
(0000000073d30000 - 0000000073e2e000: C:\WINDOWS\system32\MFC42.DLL
(0000000073e70000 - 0000000073ecc000: C:\WINDOWS\system32\DSOUND.dll
(0000000073fa0000 - 000000007400b000: C:\WINDOWS\system32\USP10.dll
(0000000074680000 - 00000000746cb000: C:\WINDOWS\system32\MSCTF.dll
(00000000762f0000 - 00000000762f5000: C:\WINDOWS\system32\MSIMG32.dll
(0000000076300000 - 000000007631d000: C:\WINDOWS\system32\IMM32.DLL
(00000000765e0000 - 0000000076672000: C:\WINDOWS\system32\CRYPT32.dll
(0000000076680000 - 0000000076722000: C:\WINDOWS\system32\WININET.dll
(0000000076990000 - 0000000076acd000: C:\WINDOWS\system32\ole32.dll
(0000000076b10000 - 0000000076b3a000: C:\WINDOWS\system32\WINMM.dll
(0000000076d70000 - 0000000076d92000: C:\WINDOWS\system32\Apphelp.dll
(0000000076db0000 - 0000000076dc2000: C:\WINDOWS\system32\MSASN1.dll
(0000000076fa0000 - 000000007701f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077020000 - 00000000770ba000: C:\WINDOWS\system32\COMRes.dll
(00000000770f0000 - 000000007717c000: C:\WINDOWS\system32\OLEAUT32.dll
(0000000077180000 - 0000000077282000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
(0000000077bd0000 - 0000000077bd8000: C:\WINDOWS\system32\VERSION.dll
(0000000077be0000 - 0000000077c38000: C:\WINDOWS\system32\msvcrt.dll
(0000000077d10000 - 0000000077d9f000: C:\WINDOWS\system32\USER32.dll
(0000000077da0000 - 0000000077e49000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e50000 - 0000000077ee1000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077ef0000 - 0000000077f37000: C:\WINDOWS\system32\GDI32.dll
(0000000077f40000 - 0000000077fb6000: C:\WINDOWS\system32\SHLWAPI.dll
(000000007c800000 - 000000007c91c000: C:\WINDOWS\system32\kernel32.dll
(000000007c920000 - 000000007c9b4000: C:\WINDOWS\system32\ntdll.dll
(000000007d590000 - 000000007dd82000: C:\WINDOWS\system32\SHELL32.dll

*----> 线程 ID 0xe7c 的状态转储 <----*

eax=00af0047 ebx=003764e8 ecx=003764e8 edx=7c92eb94 esi=00474728 edi=00474728
eip=003764e9 esp=0012fcd0 ebp=00474728 iopl=0 nv up ei pl nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206

函数: <nosymbols>
No prior disassembly possible
003764e9 00af00784faf add [edi+0xaf4f7800],ch
003764ef 0000 add [eax],al
003764f1 0000 add [eax],al
003764f3 0000 add [eax],al
003764f5 0000 add [eax],al
003764f7 0000 add [eax],al
003764f9 0000 add [eax],al
003764fb 0001 add [ecx],al
003764fd 0000 add [eax],al
错误 ->003764e9 00af00784faf add [edi+0xaf4f7800],ch ds:0023:af96bf28=??
003764ef 0000 add [eax],al
003764f1 0000 add [eax],al
003764f3 0000 add [eax],al
003764f5 0000 add [eax],al
003764f7 0000 add [eax],al
003764f9 0000 add [eax],al
003764fb 0001 add [ecx],al
003764fd 0000 add [eax],al
003764ff 0000 add [eax],al
00376501 0000 add [eax],al

*----> 堆栈反向跟踪 <---*
ChildEBP RetAddr Args to Child
00474728 00000001 00000000 00000000 00000000 0x3764e9

*----> 原始堆栈转储 <----*
000000000012fcd0 d7 b5 40 00 01 00 00 00 - 28 47 47 00 c0 ff 12 00 ..@.....(GG.....
000000000012fce0 ff ff ff ff 98 3e 37 00 - 53 69 54 75 e8 64 37 00 .....>7.SiTu.d7.
000000000012fcf0 4c 50 00 7c 00 a1 93 7c - 00 00 00 00 00 00 00 00 LP.|...|........
000000000012fd00 30 78 14 00 58 78 14 00 - 40 06 37 00 ff ff ff ff 0x..Xx..@.7.....
000000000012fd10 18 ee 92 7c 00 8e 93 7c - 0c 00 00 00 0c 00 00 00 ...|...|........
000000000012fd20 00 00 00 00 78 01 37 00 - 78 01 37 00 40 06 14 00 ....x.7.x.7.@...
000000000012fd30 48 52 37 00 00 00 00 00 - 10 78 14 00 38 78 14 00 HR7......x..8x..
000000000012fd40 78 01 37 00 00 00 00 00 - 08 00 00 00 e0 52 37 00 x.7..........R7.
000000000012fd50 78 01 14 00 38 78 14 00 - 00 00 00 00 01 00 00 00 x...8x..........
000000000012fd60 70 3b 14 00 78 01 14 00 - bc fd 12 00 c4 fd 12 00 p;..x...........
000000000012fd70 00 00 00 00 a0 fd 12 00 - 34 31 93 7c 5c 52 37 00 ........41.|\R7.
000000000012fd80 0e 00 00 00 ac fd 12 00 - fc fd 12 00 1c 00 00 00 ................
000000000012fd90 5c 52 37 00 9c 00 00 00 - 01 00 00 00 00 00 00 00 \R7.............
000000000012fda0 ec fe 12 00 0d 29 81 7c - c4 fd 12 00 0e 00 00 00 .....).|........
000000000012fdb0 00 00 00 00 dc 52 37 00 - 20 29 81 7c 1c 00 1e 00 .....R7. ).|....
000000000012fdc0 04 00 00 00 0e 00 80 00 - d8 fd 12 00 00 00 00 00 ................
000000000012fdd0 c8 05 93 7c 40 52 37 00 - a4 fe 12 00 51 05 93 7c ...|@R7.....Q..|
000000000012fde0 53 69 54 75 61 6e 2e 49 - 78 3b 14 00 48 52 37 00 SiTuan.Ix;..HR7.
000000000012fdf0 03 00 00 00 63 00 6b 00 - 20 00 32 00 00 00 00 00 ....c.k. .2.....
000000000012fe00 78 01 37 00 58 78 14 00 - d4 fe 12 00 02 00 00 00 x.7.Xx..........



发生应用程序意外错误:
应用程序: C:\WINDOWS\amcap.exe (pid=2604)
时间: 2006-10-10 @ 17:35:23.390
意外情况编号: c0000005 (访问侵犯)

*----> 系统信息 <----*
计算机名: LXY-A5CB90F99F3
用户名: Administrator
终端会话 Id: 0
处理器数量: 1
处理器类型: x86 Family 15 Model 44 Stepping 2
Windows 版本: 5.1
当前内部版本号: 2600
Service Pack: 2
当前类型: Uniprocessor Free
注册的单位: 硬件维护小组
注册的所有者: 微软用户
最后编辑2006-10-14 17:16:27
分享到:
gototop
 
lake1
头像
初生襁褓狮
  • 帖子:25
  • 注册: 2006-10-14
  • 来自:
发表于: 2006-10-14 17:24 | 只看楼主 短消息 资料
字号: 2楼

*----> 任务列表 <----*
0 System Process
4 System
552 smss.exe
612 csrss.exe
640 winlogon.exe
692 services.exe
704 lsass.exe
860 Ati2evxx.exe
872 svchost.exe
968 svchost.exe
1064 CCenter.exe
1080 svchost.exe
1164 svchost.exe
1280 svchost.exe
1308 Ravmond.exe
1376 rfwsrv.exe
1548 spoolsv.exe
1632 RavStub.exe
1836 Ati2evxx.exe
1924 Explorer.EXE
1936 RfwMain.exe
156 RavTask.exe
172 Ravmon.exe
208 ctfmon.exe
820 wdfmgr.exe
920 wmiprvse.exe
1016 alg.exe
2180 VM_STI.exe
2188 svchost.exe
2232 rundll32.exe
2328 VM_STI.exe
2460 wuauclt.exe
2604 amcap.exe
2636 drwtsn32.exe

*----> 模块清单 <----*
(0000000000400000 - 000000000040d000: C:\WINDOWS\amcap.exe
(000000005adc0000 - 000000005adf7000: C:\WINDOWS\system32\uxtheme.dll
(000000005d170000 - 000000005d207000: C:\WINDOWS\system32\COMCTL32.dll
(000000005efe0000 - 000000005eff7000: C:\WINDOWS\system32\OLEPRO32.DLL
(0000000062c20000 - 0000000062c29000: C:\WINDOWS\system32\LPK.DLL
(0000000072c80000 - 0000000072c88000: C:\WINDOWS\system32\msacm32.drv
(0000000072c90000 - 0000000072c99000: C:\WINDOWS\system32\wdmaud.drv
(0000000073620000 - 0000000073627000: C:\WINDOWS\system32\msdmo.dll
(0000000073640000 - 000000007366e000: C:\WINDOWS\system32\msctfime.ime
(0000000073b40000 - 0000000073b60000: C:\WINDOWS\system32\MSVFW32.dll
(0000000073fa0000 - 000000007400b000: C:\WINDOWS\system32\USP10.dll
(0000000074680000 - 00000000746cb000: C:\WINDOWS\system32\MSCTF.dll
(0000000075230000 - 0000000075262000: C:\WINDOWS\system32\qcap.dll
(0000000075af0000 - 0000000075b01000: C:\WINDOWS\system32\devenum.dll
(0000000076060000 - 00000000761b6000: C:\WINDOWS\system32\setupapi.dll
(0000000076300000 - 000000007631d000: C:\WINDOWS\system32\IMM32.DLL
(0000000076320000 - 0000000076367000: C:\WINDOWS\system32\comdlg32.dll
(00000000765e0000 - 0000000076672000: C:\WINDOWS\system32\CRYPT32.dll
(0000000076990000 - 0000000076acd000: C:\WINDOWS\system32\ole32.dll
(0000000076b10000 - 0000000076b3a000: C:\WINDOWS\system32\WINMM.dll
(0000000076c00000 - 0000000076c2e000: C:\WINDOWS\system32\WINTRUST.dll
(0000000076c60000 - 0000000076c88000: C:\WINDOWS\system32\IMAGEHLP.dll
(0000000076d70000 - 0000000076d92000: C:\WINDOWS\system32\Apphelp.dll
(0000000076db0000 - 0000000076dc2000: C:\WINDOWS\system32\MSASN1.dll
(0000000076fa0000 - 000000007701f000: C:\WINDOWS\system32\CLBCATQ.DLL
(0000000077020000 - 00000000770ba000: C:\WINDOWS\system32\COMRes.dll
(00000000770f0000 - 000000007717c000: C:\WINDOWS\system32\OLEAUT32.dll
(0000000077180000 - 0000000077282000: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll
(0000000077ba0000 - 0000000077ba7000: C:\WINDOWS\system32\midimap.dll
(0000000077bb0000 - 0000000077bc5000: C:\WINDOWS\system32\MSACM32.dll
(0000000077bd0000 - 0000000077bd8000: C:\WINDOWS\system32\VERSION.dll
(0000000077be0000 - 0000000077c38000: C:\WINDOWS\system32\MSVCRT.dll
(0000000077d10000 - 0000000077d9f000: C:\WINDOWS\system32\USER32.dll
(0000000077da0000 - 0000000077e49000: C:\WINDOWS\system32\ADVAPI32.dll
(0000000077e50000 - 0000000077ee1000: C:\WINDOWS\system32\RPCRT4.dll
(0000000077ef0000 - 0000000077f37000: C:\WINDOWS\system32\GDI32.dll
(0000000077f40000 - 0000000077fb6000: C:\WINDOWS\system32\SHLWAPI.dll
(000000007c800000 - 000000007c91c000: C:\WINDOWS\system32\kernel32.dll
(000000007c920000 - 000000007c9b4000: C:\WINDOWS\system32\ntdll.dll
(000000007cf70000 - 000000007d0d7000: C:\WINDOWS\system32\quartz.dll
(000000007d590000 - 000000007dd82000: C:\WINDOWS\system32\SHELL32.dll

*----> 线程 ID 0xa30 的状态转储 <----*

eax=00000000 ebx=00000000 ecx=0001019c edx=00000000 esi=00000005 edi=0006fe54
eip=00403f58 esp=0006fd58 ebp=00000111 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000202

*** WARNING: Unable to verify checksum for C:\WINDOWS\amcap.exe
*** ERROR: Module load completed but symbols could not be loaded for C:\WINDOWS\amcap.exe
函数: amcap
00403f48 90 nop
00403f49 90 nop
00403f4a 90 nop
00403f4b 90 nop
00403f4c 90 nop
00403f4d 90 nop
00403f4e 90 nop
00403f4f 90 nop
00403f50 a12ca24000 mov eax,[amcap+0xa22c (0040a22c)]
00403f55 83ec14 sub esp,0x14
错误 ->00403f58 8b08 mov ecx,[eax] ds:0023:00000000=????????
00403f5a 56 push esi
00403f5b 57 push edi
00403f5c 8b7c2428 mov edi,[esp+0x28]
00403f60 6854a34000 push 0x40a354
00403f65 6840724000 push 0x407240
00403f6a 50 push eax
00403f6b 81e7ffff0000 and edi,0xffff
00403f71 ff11 call dword ptr [ecx]
00403f73 8d47fc lea eax,[edi-0x4]
00403f76 83f82f cmp eax,0x2f

*----> 堆栈反向跟踪 <---*
WARNING: Stack unwind information not available. Following frames may be wrong.
ChildEBP RetAddr Args to Child
00000111 00000000 00000000 00000000 00000000 amcap+0x3f58

*----> 原始堆栈转储 <----*
000000000006fd58 70 fe 06 00 67 04 d4 77 - 60 d5 d1 77 ff ff ff ff p...g..w`..w....
000000000006fd68 59 d5 d1 77 56 16 40 00 - 9c 01 01 00 11 01 00 00 Y..wV.@.........
000000000006fd78 05 00 00 00 00 00 00 00 - 54 fe 06 00 40 13 40 00 ........T...@.@.
000000000006fd88 18 fe 06 00 00 00 00 00 - 6c 0e 69 74 37 00 03 00 ........l.it7...
000000000006fd98 00 00 00 00 01 00 00 00 - 71 0e 69 74 00 00 00 00 ........q.it....
000000000006fda8 00 f0 fd 7f 02 01 00 00 - 00 00 82 00 37 00 03 00 ............7...
000000000006fdb8 a4 fd 06 00 a9 09 69 74 - 18 fe 06 00 48 e5 6b 74 ......it....H.kt
000000000006fdc8 78 0e 69 74 ff ff ff ff - 71 0e 69 74 f2 ea d1 77 x.it....q.it...w
000000000006fdd8 00 00 00 00 01 00 00 00 - 6c fe 06 00 00 00 00 00 ........l.......
000000000006fde8 0c ff 06 00 28 fe 06 00 - 34 87 d1 77 9c 01 01 00 ....(...4..w....
000000000006fdf8 11 01 00 00 05 00 00 00 - 00 00 00 00 40 13 40 00 ............@.@.
000000000006fe08 cd ab ba dc 00 00 00 00 - 54 fe 06 00 40 13 40 00 ........T...@.@.
000000000006fe18 80 fe 06 00 16 88 d1 77 - 40 13 40 00 9c 01 01 00 .......w@.@.....
000000000006fe28 11 01 00 00 05 00 00 00 - 00 00 00 00 14 ff 06 00 ................
000000000006fe38 0c ff 06 00 80 2c 54 00 - 14 00 00 00 01 00 00 00 .....,T.........
000000000006fe48 00 00 00 00 00 00 00 00 - 10 00 00 00 00 00 00 00 ................
000000000006fe58 30 00 00 00 01 00 00 00 - 00 00 00 00 00 00 00 00 0...............
000000000006fe68 34 fe 06 00 7c f9 06 00 - d0 fe 06 00 67 04 d4 77 4...|.......g..w
000000000006fe78 30 88 d1 77 00 00 00 00 - e0 fe 06 00 cd 89 d1 77 0..w...........w
000000000006fe88 00 00 00 00 40 13 40 00 - 9c 01 01 00 11 01 00 00 ....@.@.........
gototop
 
<<上一主题|下一主题>>
1   1  /  1  页   跳转
页面顶部
Powered by Discuz!NT