ring3k 0.0.2 is available

Thomas Horsten thomas@hidden
Fri Sep 26 23:44:49 CEST 2008
Previous message: ring3k 0.0.2 is available
Next message: ring3k 0.0.2 is available
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi Mike,

2008/9/26 Mike McCormack <wine.msi@hidden>:

> I've undone the hard-coded segment registers that are likely to be the cause
> of this problem.
>
> http://ring3k.org/ring3k-0.0.3.tar.gz
>
> I've pasted the specs of the machine that it's working on below.  Its
> redeeming feature is that it's fanless...
> Let me know how this version goes on your SMP x86-64 monster ;)

Ok, as I said earlier it still fails on my machine. I've verified that
it's an SMP-related issue by running it with taskset -c 0, in which
case it always gets further, and taskset -c 0-3, in which case it
hangs most of the time. So probably a race condition.

Even with running on a single core it doesn't get anywhere near as far
as the trace on your system. Here's the output of taskset -c 0 ./runit
-t

init_skas skas3 patch not present
init_tt using tt
open_file root = (nil) name = \??\c:\winnt\system32\ntdll.dll
open_unicode_file open file : c:/winnt/system32/ntdll.dll
open_file root = (nil) name = \??\c:\winnt\system32\smss.exe
open_unicode_file open file : c:/winnt/system32/smss.exe
mapit anonymous map
mapit image at 0x48580000
mapit read 4 sections, load at 48580000
mapit .text    00001000 00000600 00009800 00009774
mapit .data    0000b000 00009e00 00000400 00000b00
mapit .rsrc    0000c000 0000a200 00000400 000003d0
mapit .reloc   0000d000 0000a600 00000c00 00000b52
mapit image at 0x77f80000
mapit read 6 sections, load at 77f80000
mapit .text    00001000 00000400 00044a00 000448f9
mapit ECODE    00046000 00044e00 00004400 00004371
mapit PAGE     0004b000 00049200 00003e00 00003dfd
mapit .data    0004f000 0004d000 00002200 00002a54
mapit .rsrc    00052000 0004f200 00026e00 00026d18
mapit .reloc   00079000 00076000 00002000 00001f40
mapit anonymous map
mapit anonymous map
get_proc_address LdrInitializeThunk
get_proc_address KiUserApcDispatcher
0304: NtOpenKey(7ff7fc74,80000000,7ff7fc50) ret=77f91379
NtOpenKey 0x7ff7fc74 80000000 0x7ff7fc50
NtOpenKey len 00000018 root (nil) attr 00000040
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image
File Execution Options\smss.exe
open_parse_key remaining = Image File Execution Options\smss.exe
NtOpenKey open_key returned c000003a
0304: NtOpenKey retval=c000003a ret=77f91379
NtCreatePort 0xf7f46fd8 0xf7f46f90 256 256 (nil)
NtCreatePort root = (nil) port = \SeRmCommandPort
process_alloc_user_handle handle = 00000004
NtListenPort 0x4 0xf7f46e90
access_allowed fixme: no access check
0304: NtOpenKey(7ff7fc74,80000000,7ff7fc50) ret=77f91379
NtOpenKey 0x7ff7fc74 80000000 0x7ff7fc50
NtOpenKey len 00000018 root (nil) attr 00000040
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image
File Execution Options\smss.exe
open_parse_key remaining = Image File Execution Options\smss.exe
NtOpenKey open_key returned c000003a
0304: NtOpenKey retval=c000003a ret=77f91379
0304 (debug 7ff7f754,0,37) : LDR: PID: 0x3 started -
'"c:\winnt\system32\smss.exe"'

0304: NtCreateEvent(7ff7f974,00100003,00000000,00000001,00000000) ret=77f8c9cd
NtCreateEvent 0x7ff7f974 00100003 (nil) 1 0
process_alloc_user_handle handle = 00000004
0304: NtCreateEvent retval=00000000 ret=77f8c9cd
0304: NtCreateEvent(77fcf670,00100003,00000000,00000001,00000000) ret=77f94ac1
NtCreateEvent 0x77fcf670 00100003 (nil) 1 0
process_alloc_user_handle handle = 00000008
0304: NtCreateEvent retval=00000000 ret=77f94ac1
0304: NtQuerySystemInformation(00000000,7ff7f8cc,0000002c,00000000)
ret=77fcb540NtQuerySystemInformation 0 0x7ff7f8cc 44 (nil)
0304: NtQuerySystemInformation retval=00000000 ret=77fcb540
0304: NtAllocateVirtualMemory(ffffffff,7ff7f894,00000000,7ff7f970,00002000,00000004)
ret=77fcb607
NtAllocateVirtualMemory returns  0x30000 00100000  00000000
0304: NtAllocateVirtualMemory retval=00000000 ret=77fcb607
0304: NtAllocateVirtualMemory(ffffffff,7ff7f940,00000000,7ff7f974,00001000,00000004)
ret=77fcb640
NtAllocateVirtualMemory returns  0x30000 00001000  00000000
0304: NtAllocateVirtualMemory retval=00000000 ret=77fcb640
0304: NtCreateEvent(00030618,00100003,00000000,00000001,00000000) ret=77f94ac1
NtCreateEvent 0x30618 00100003 (nil) 1 0
process_alloc_user_handle handle = 0000000c
0304: NtCreateEvent retval=00000000 ret=77f94ac1
0304: NtAllocateVirtualMemory(ffffffff,7ff7f680,00000000,7ff7f6a0,00001000,00000004)
ret=77fcce74
NtAllocateVirtualMemory returns  0x31000 00002000  00000000
0304: NtAllocateVirtualMemory retval=00000000 ret=77fcce74
0304: NtOpenKey(7ff7f950,80000000,7ff7f92c) ret=77f91379
NtOpenKey 0x7ff7f950 80000000 0x7ff7f92c
NtOpenKey len 00000018 root (nil) attr 00000040
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image
File Execution Options\smss.exe
open_parse_key remaining = Image File Execution Options\smss.exe
NtOpenKey open_key returned c000003a
0304: NtOpenKey retval=c000003a ret=77f91379
0304: NtOpenDirectoryObject(77fcf000,00000003,7ff7fc30) ret=77f8584a
nt_open_object object = \KnownDlls
0304: NtOpenDirectoryObject retval=c0000034 ret=77f8584a
0304 (debug 7ff7f75c,30178,11) : LDR: NEW PROCESS

0304 (debug 7ff7f754,11,37) :      Image Path:
c:\winnt\system32\smss.exe (smss.exe)

0304 (debug 7ff7f758,37,1c) :      Current Directory: c:\

0304 (debug 7ff7f758,37,16) :      Search Path: c:\

0304: NtFsControlFile(00000000,00000000,00000000,00000000,7ff7f7f4,00090028,00000000,00000000,00000000,00000000)
ret=77f86dbb
NtFsControlFile (nil) (nil) (nil) (nil) 0x7ff7f7f4 00090028 (nil) 0 (nil) 0
NtFsControlFile FSCTL_IS_VOLUME_MOUNTED
0304: NtFsControlFile retval=c0000008 ret=77f86dbb
0304: NtFreeVirtualMemory(ffffffff,7ff7f804,7ff7f808,00004000) ret=77fcc191
NtFreeVirtualMemory 0xffffffff 0x7ff7f804 0x7ff7f808 16384
NtFreeVirtualMemory returning 00000000
0304: NtFreeVirtualMemory retval=00000000 ret=77fcc191
0304: NtFsControlFile(00000000,00000000,00000000,00000000,7ff7f7f4,00090028,00000000,00000000,00000000,00000000)
ret=77f86dbb
NtFsControlFile (nil) (nil) (nil) (nil) 0x7ff7f7f4 00090028 (nil) 0 (nil) 0
NtFsControlFile FSCTL_IS_VOLUME_MOUNTED
0304: NtFsControlFile retval=c0000008 ret=77f86dbb
0304 (debug 7ff7f708,30000,21) : LDR: smss.exe bound to ntdll.dll

0304 (debug 7ff7f708,30000,2f) : LDR: smss.exe has correct binding to ntdll.dll

0304: NtOpenKey(7ff7f794,80000000,7ff7f770) ret=77f91379
NtOpenKey 0x7ff7f794 80000000 0x7ff7f770
NtOpenKey len 00000018 root (nil) attr 00000040
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image
File Execution Options\smss.exe
open_parse_key remaining = Image File Execution Options\smss.exe
NtOpenKey open_key returned c000003a
0304: NtOpenKey retval=c000003a ret=77f91379
0304 (debug 7ff7f6e8,49005c,14) : LDR: Real INIT LIST

0304: NtTestAlert() ret=77f84bcb
0304: NtTestAlert retval=00000000 ret=77f84bcb
0304: NtContinue(7ff7fd28,00000001) ret=77f8855e
NtContinue 0x7ff7fd28 1
eax 00000000 ebx 00000000 ecx 00000000 edx 00000000
esi 00000000 edi 00000000 ebp 00000000 efl 00000296
cs:eip 0023:4858983e ss:esp 002b:7ff7fff8
ds 002b es 002b fs 0063 gs 0000
0304: NtContinue retval=00000000 ret=77f8855e
0304: NtAllocateVirtualMemory(ffffffff,7ff7fde8,00000000,7ff7fe08,00001000,00000004)
ret=77fcce74
NtAllocateVirtualMemory returns  0x32000 00001000  00000000
0304: NtAllocateVirtualMemory retval=00000000 ret=77fcce74
0304: NtSetInformationProcess(ffffffff,00000005,7ff7ff48,00000004) ret=48588d1c
NtSetInformationProcess 0xffffffff 5 0x7ff7ff48 4
0304: NtSetInformationProcess retval=00000000 ret=48588d1c
0304: NtSetInformationProcess(ffffffff,0000000c,7ff7ff08,00000004) ret=485845d5
NtSetInformationProcess 0xffffffff 12 0x7ff7ff08 4
NtSetInformationProcess set ProcessDefaultHardErrorMode
0304: NtSetInformationProcess retval=00000000 ret=485845d5
0304: NtCreatePort(7ff7ff10,7ff7fee0,000000f4,00000130,00002200) ret=485846b9
NtCreatePort 0x7ff7ff10 0x7ff7fee0 244 304 0x2200
NtCreatePort root = (nil) port = \SmApiPort
process_alloc_user_handle handle = 00000010
0304: NtCreatePort retval=00000000 ret=485846b9
0304: NtQuerySystemInformation(00000000,7ff7fb4c,0000002c,00000000)
ret=77faf12bNtQuerySystemInformation 0 0x7ff7fb4c 44 (nil)
0304: NtQuerySystemInformation retval=00000000 ret=77faf12b
0304: NtAllocateVirtualMemory(ffffffff,7ff7fb80,00000000,7ff7fb90,00002000,00000004)
ret=77faf1b0
NtAllocateVirtualMemory returns  0x130000 00040000  00000000
0304: NtAllocateVirtualMemory retval=00000000 ret=77faf1b0
0304: NtAllocateVirtualMemory(ffffffff,7ff7fb80,00000000,7ff7fb94,00001000,00000004)
ret=77faf1fa
NtAllocateVirtualMemory returns  0x16e000 00002000  00000000
0304: NtAllocateVirtualMemory retval=00000000 ret=77faf1fa
0304: NtProtectVirtualMemory(ffffffff,7ff7fb80,7ff7fb7c,00000104,7ff7fb78)
ret=77faf226
NtProtectVirtualMemory 0xffffffff 0x7ff7fb80 0x7ff7fb7c 260 0x7ff7fb78
NtProtectVirtualMemory 0x16e000 00001000
0304: NtProtectVirtualMemory retval=00000000 ret=77faf226
0304: NtWriteVirtualMemory(ffffffff,0016fffc,7ff7fb90,00000004,00000000)
ret=77fb126d
NtWriteVirtualMemory 0xffffffff 0x16fffc 0x7ff7fb90 00000004 (nil)
NtWriteVirtualMemory 0xf7638ffc <- 0xf784ab90 4
NtWriteVirtualMemory wrote 4 bytes
0304: NtWriteVirtualMemory retval=00000000 ret=77fb126d
0304: NtCreateThread(7ff7feb8,001f03ff,7ff7fe84,ffffffff,7ff7fe9c,7ff7fba4,7ff7fe70,00000000)
ret=77faf6ee
NtCreateThread 0x7ff7feb8 001f03ff 0x7ff7fe84 0xffffffff 0x7ff7fe9c
0x7ff7fba4 0x7ff7fe70 0
mapit anonymous map
get_proc_address LdrInitializeThunk
get_proc_address KiUserApcDispatcher
process_alloc_user_handle handle = 00000014
0304: NtCreateThread retval=00000000 ret=77faf6ee
0305: NtTestAlert() ret=77f84bcb
0305: NtTestAlert retval=00000000 ret=77f84bcb
0304: NtQuerySystemInformation(00000000,7ff7fb4c,0000002c,00000000)
ret=77faf12bNtQuerySystemInformation 0 0x7ff7fb4c 44 (nil)
0304: NtQuerySystemInformation retval=00000000 ret=77faf12b
0305: NtContinue(0016fd28,00000001) ret=77f8855e
NtContinue 0x16fd28 1
eax 00000000 ebx 00000001 ecx 00000002 edx 00000003
esi 00000004 edi 00000005 ebp 00000000 efl 00000200
cs:eip 0018:4858818d ss:esp 0020:0016fff8
ds 002b es 002b fs 0063 gs 0000
0305: NtContinue retval=00000000 ret=77f8855e
0304: NtAllocateVirtualMemory(ffffffff,7ff7fb80,00000000,7ff7fb90,00002000,00000004)
ret=77faf1b0
NtAllocateVirtualMemory returns  0x170000 00040000  00000000
0304: NtAllocateVirtualMemory retval=00000000 ret=77faf1b0
set_thread_context failed
th@hidden:~/src/ring3k/ring3k-0.0.3/loader$ taskset -c 0 ./runit -t
init_skas skas3 patch not present
init_tt using tt
open_file root = (nil) name = \??\c:\winnt\system32\ntdll.dll
open_unicode_file open file : c:/winnt/system32/ntdll.dll
open_file root = (nil) name = \??\c:\winnt\system32\smss.exe
open_unicode_file open file : c:/winnt/system32/smss.exe
mapit anonymous map
mapit image at 0x48580000
mapit read 4 sections, load at 48580000
mapit .text    00001000 00000600 00009800 00009774
mapit .data    0000b000 00009e00 00000400 00000b00
mapit .rsrc    0000c000 0000a200 00000400 000003d0
mapit .reloc   0000d000 0000a600 00000c00 00000b52
mapit image at 0x77f80000
mapit read 6 sections, load at 77f80000
mapit .text    00001000 00000400 00044a00 000448f9
mapit ECODE    00046000 00044e00 00004400 00004371
mapit PAGE     0004b000 00049200 00003e00 00003dfd
mapit .data    0004f000 0004d000 00002200 00002a54
mapit .rsrc    00052000 0004f200 00026e00 00026d18
mapit .reloc   00079000 00076000 00002000 00001f40
mapit anonymous map
mapit anonymous map
get_proc_address LdrInitializeThunk
get_proc_address KiUserApcDispatcher
0304: NtOpenKey(7ff7fc74,80000000,7ff7fc50) ret=77f91379
NtOpenKey 0x7ff7fc74 80000000 0x7ff7fc50
NtOpenKey len 00000018 root (nil) attr 00000040
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image
File Execution Options\smss.exe
open_parse_key remaining = Image File Execution Options\smss.exe
NtOpenKey open_key returned c000003a
0304: NtOpenKey retval=c000003a ret=77f91379
NtCreatePort 0xf7fb8fd8 0xf7fb8f90 256 256 (nil)
NtCreatePort root = (nil) port = \SeRmCommandPort
process_alloc_user_handle handle = 00000004
NtListenPort 0x4 0xf7fb8e90
access_allowed fixme: no access check
0304: NtOpenKey(7ff7fc74,80000000,7ff7fc50) ret=77f91379
NtOpenKey 0x7ff7fc74 80000000 0x7ff7fc50
NtOpenKey len 00000018 root (nil) attr 00000040
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image
File Execution Options\smss.exe
open_parse_key remaining = Image File Execution Options\smss.exe
NtOpenKey open_key returned c000003a
0304: NtOpenKey retval=c000003a ret=77f91379
0304 (debug 7ff7f754,0,37) : LDR: PID: 0x3 started -
'"c:\winnt\system32\smss.exe"'

0304: NtCreateEvent(7ff7f974,00100003,00000000,00000001,00000000) ret=77f8c9cd
NtCreateEvent 0x7ff7f974 00100003 (nil) 1 0
process_alloc_user_handle handle = 00000004
0304: NtCreateEvent retval=00000000 ret=77f8c9cd
0304: NtCreateEvent(77fcf670,00100003,00000000,00000001,00000000) ret=77f94ac1
NtCreateEvent 0x77fcf670 00100003 (nil) 1 0
process_alloc_user_handle handle = 00000008
0304: NtCreateEvent retval=00000000 ret=77f94ac1
0304: NtQuerySystemInformation(00000000,7ff7f8cc,0000002c,00000000)
ret=77fcb540NtQuerySystemInformation 0 0x7ff7f8cc 44 (nil)
0304: NtQuerySystemInformation retval=00000000 ret=77fcb540
0304: NtAllocateVirtualMemory(ffffffff,7ff7f894,00000000,7ff7f970,00002000,00000004)
ret=77fcb607
NtAllocateVirtualMemory returns  0x30000 00100000  00000000
0304: NtAllocateVirtualMemory retval=00000000 ret=77fcb607
0304: NtAllocateVirtualMemory(ffffffff,7ff7f940,00000000,7ff7f974,00001000,00000004)
ret=77fcb640
NtAllocateVirtualMemory returns  0x30000 00001000  00000000
0304: NtAllocateVirtualMemory retval=00000000 ret=77fcb640
0304: NtCreateEvent(00030618,00100003,00000000,00000001,00000000) ret=77f94ac1
NtCreateEvent 0x30618 00100003 (nil) 1 0
process_alloc_user_handle handle = 0000000c
0304: NtCreateEvent retval=00000000 ret=77f94ac1
0304: NtAllocateVirtualMemory(ffffffff,7ff7f680,00000000,7ff7f6a0,00001000,00000004)
ret=77fcce74
NtAllocateVirtualMemory returns  0x31000 00002000  00000000
0304: NtAllocateVirtualMemory retval=00000000 ret=77fcce74
0304: NtOpenKey(7ff7f950,80000000,7ff7f92c) ret=77f91379
NtOpenKey 0x7ff7f950 80000000 0x7ff7f92c
NtOpenKey len 00000018 root (nil) attr 00000040
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image
File Execution Options\smss.exe
open_parse_key remaining = Image File Execution Options\smss.exe
NtOpenKey open_key returned c000003a
0304: NtOpenKey retval=c000003a ret=77f91379
0304: NtOpenDirectoryObject(77fcf000,00000003,7ff7fc30) ret=77f8584a
nt_open_object object = \KnownDlls
0304: NtOpenDirectoryObject retval=c0000034 ret=77f8584a
0304 (debug 7ff7f75c,30178,11) : LDR: NEW PROCESS

0304 (debug 7ff7f754,11,37) :      Image Path:
c:\winnt\system32\smss.exe (smss.exe)

0304 (debug 7ff7f758,37,1c) :      Current Directory: c:\

0304 (debug 7ff7f758,37,16) :      Search Path: c:\

0304: NtFsControlFile(00000000,00000000,00000000,00000000,7ff7f7f4,00090028,00000000,00000000,00000000,00000000)
ret=77f86dbb
NtFsControlFile (nil) (nil) (nil) (nil) 0x7ff7f7f4 00090028 (nil) 0 (nil) 0
NtFsControlFile FSCTL_IS_VOLUME_MOUNTED
0304: NtFsControlFile retval=c0000008 ret=77f86dbb
0304: NtFreeVirtualMemory(ffffffff,7ff7f804,7ff7f808,00004000) ret=77fcc191
NtFreeVirtualMemory 0xffffffff 0x7ff7f804 0x7ff7f808 16384
NtFreeVirtualMemory returning 00000000
0304: NtFreeVirtualMemory retval=00000000 ret=77fcc191
0304: NtFsControlFile(00000000,00000000,00000000,00000000,7ff7f7f4,00090028,00000000,00000000,00000000,00000000)
ret=77f86dbb
NtFsControlFile (nil) (nil) (nil) (nil) 0x7ff7f7f4 00090028 (nil) 0 (nil) 0
NtFsControlFile FSCTL_IS_VOLUME_MOUNTED
0304: NtFsControlFile retval=c0000008 ret=77f86dbb
0304 (debug 7ff7f708,30000,21) : LDR: smss.exe bound to ntdll.dll

0304 (debug 7ff7f708,30000,2f) : LDR: smss.exe has correct binding to ntdll.dll

0304: NtOpenKey(7ff7f794,80000000,7ff7f770) ret=77f91379
NtOpenKey 0x7ff7f794 80000000 0x7ff7f770
NtOpenKey len 00000018 root (nil) attr 00000040
\Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image
File Execution Options\smss.exe
open_parse_key remaining = Image File Execution Options\smss.exe
NtOpenKey open_key returned c000003a
0304: NtOpenKey retval=c000003a ret=77f91379
0304 (debug 7ff7f6e8,49005c,14) : LDR: Real INIT LIST

0304: NtTestAlert() ret=77f84bcb
0304: NtTestAlert retval=00000000 ret=77f84bcb
0304: NtContinue(7ff7fd28,00000001) ret=77f8855e
NtContinue 0x7ff7fd28 1
eax 00000000 ebx 00000000 ecx 00000000 edx 00000000
esi 00000000 edi 00000000 ebp 00000000 efl 00000296
cs:eip 0023:4858983e ss:esp 002b:7ff7fff8
ds 002b es 002b fs 0063 gs 0000
0304: NtContinue retval=00000000 ret=77f8855e
0304: NtAllocateVirtualMemory(ffffffff,7ff7fde8,00000000,7ff7fe08,00001000,00000004)
ret=77fcce74
NtAllocateVirtualMemory returns  0x32000 00001000  00000000
0304: NtAllocateVirtualMemory retval=00000000 ret=77fcce74
0304: NtSetInformationProcess(ffffffff,00000005,7ff7ff48,00000004) ret=48588d1c
NtSetInformationProcess 0xffffffff 5 0x7ff7ff48 4
0304: NtSetInformationProcess retval=00000000 ret=48588d1c
0304: NtSetInformationProcess(ffffffff,0000000c,7ff7ff08,00000004) ret=485845d5
NtSetInformationProcess 0xffffffff 12 0x7ff7ff08 4
NtSetInformationProcess set ProcessDefaultHardErrorMode
0304: NtSetInformationProcess retval=00000000 ret=485845d5
0304: NtCreatePort(7ff7ff10,7ff7fee0,000000f4,00000130,00002200) ret=485846b9
NtCreatePort 0x7ff7ff10 0x7ff7fee0 244 304 0x2200
NtCreatePort root = (nil) port = \SmApiPort
process_alloc_user_handle handle = 00000010
0304: NtCreatePort retval=00000000 ret=485846b9
0304: NtQuerySystemInformation(00000000,7ff7fb4c,0000002c,00000000)
ret=77faf12bNtQuerySystemInformation 0 0x7ff7fb4c 44 (nil)
0304: NtQuerySystemInformation retval=00000000 ret=77faf12b
0304: NtAllocateVirtualMemory(ffffffff,7ff7fb80,00000000,7ff7fb90,00002000,00000004)
ret=77faf1b0
NtAllocateVirtualMemory returns  0x130000 00040000  00000000
0304: NtAllocateVirtualMemory retval=00000000 ret=77faf1b0
0304: NtAllocateVirtualMemory(ffffffff,7ff7fb80,00000000,7ff7fb94,00001000,00000004)
ret=77faf1fa
NtAllocateVirtualMemory returns  0x16e000 00002000  00000000
0304: NtAllocateVirtualMemory retval=00000000 ret=77faf1fa
0304: NtProtectVirtualMemory(ffffffff,7ff7fb80,7ff7fb7c,00000104,7ff7fb78)
ret=77faf226
NtProtectVirtualMemory 0xffffffff 0x7ff7fb80 0x7ff7fb7c 260 0x7ff7fb78
NtProtectVirtualMemory 0x16e000 00001000
0304: NtProtectVirtualMemory retval=00000000 ret=77faf226
0304: NtWriteVirtualMemory(ffffffff,0016fffc,7ff7fb90,00000004,00000000)
ret=77fb126d
NtWriteVirtualMemory 0xffffffff 0x16fffc 0x7ff7fb90 00000004 (nil)
NtWriteVirtualMemory 0xf76aaffc <- 0xf78bcb90 4
NtWriteVirtualMemory wrote 4 bytes
0304: NtWriteVirtualMemory retval=00000000 ret=77fb126d
0304: NtCreateThread(7ff7feb8,001f03ff,7ff7fe84,ffffffff,7ff7fe9c,7ff7fba4,7ff7fe70,00000000)
ret=77faf6ee
NtCreateThread 0x7ff7feb8 001f03ff 0x7ff7fe84 0xffffffff 0x7ff7fe9c
0x7ff7fba4 0x7ff7fe70 0
mapit anonymous map
get_proc_address LdrInitializeThunk
get_proc_address KiUserApcDispatcher
process_alloc_user_handle handle = 00000014
0304: NtCreateThread retval=00000000 ret=77faf6ee
0305: NtTestAlert() ret=77f84bcb
0305: NtTestAlert retval=00000000 ret=77f84bcb
0304: NtQuerySystemInformation(00000000,7ff7fb4c,0000002c,00000000)
ret=77faf12bNtQuerySystemInformation 0 0x7ff7fb4c 44 (nil)
0304: NtQuerySystemInformation retval=00000000 ret=77faf12b
0305: NtContinue(0016fd28,00000001) ret=77f8855e
NtContinue 0x16fd28 1
eax 00000000 ebx 00000001 ecx 00000002 edx 00000003
esi 00000004 edi 00000005 ebp 00000000 efl 00000200
cs:eip 0018:4858818d ss:esp 0020:0016fff8
ds 002b es 002b fs 0063 gs 0000
0305: NtContinue retval=00000000 ret=77f8855e
0304: NtAllocateVirtualMemory(ffffffff,7ff7fb80,00000000,7ff7fb90,00002000,00000004)
ret=77faf1b0
NtAllocateVirtualMemory returns  0x170000 00040000  00000000
0304: NtAllocateVirtualMemory retval=00000000 ret=77faf1b0
set_thread_context failed
Previous message: ring3k 0.0.2 is available
Next message: ring3k 0.0.2 is available
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the ring3k mailing list