Exception in the Ring3K

Hilary Cheng hilarycheng@hidden
Sat Mar 21 22:24:27 CET 2009
Previous message: Probably off topic
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Skipped content of type multipart/alternative-------------- next part --------------
init_tt using thread tracing, kernel ./kernel/ring3k-bin, client ./kernel/ring3k-client
name_object name_object_t \??
open path = ??
on_open name_object_t::on_open ??
open path = DosDevices
alloc_object allocating object
name_object name_object_t \Device
open path = Device
on_open name_object_t::on_open Device
name_object name_object_t \Device\MailSlot
open path = Device\MailSlot
open path = MailSlot
on_open name_object_t::on_open MailSlot
name_object name_object_t \Security
open path = Security
on_open name_object_t::on_open Security
name_object name_object_t \BaseNamedObjects
open path = BaseNamedObjects
on_open name_object_t::on_open BaseNamedObjects
name_object name_object_t \Security\LSA_AUTHENTICATION_INITIALIZED
open path = Security\LSA_AUTHENTICATION_INITIALIZED
open path = LSA_AUTHENTICATION_INITIALIZED
on_open name_object_t::on_open LSA_AUTHENTICATION_INITIALIZED
name_object name_object_t \SeLsaInitEvent
open path = SeLsaInitEvent
on_open name_object_t::on_open SeLsaInitEvent
open path = Device\KsecDD
open path = KsecDD
open path = Device\NamedPipe
open path = NamedPipe
name_object name_object_t \KernelObjects
open path = KernelObjects
on_open name_object_t::on_open KernelObjects
name_object name_object_t \KernelObjects\CritSecOutOfMemoryEvent
open path = KernelObjects\CritSecOutOfMemoryEvent
open path = CritSecOutOfMemoryEvent
on_open name_object_t::on_open CritSecOutOfMemoryEvent
open path = Device\HarddiskVolume1
open path = HarddiskVolume1
open path = ??\c:
open path = c:
alloc_object allocating object
open path = ??\c:\winnt\system32\ntdll.dll
open path = c:\winnt\system32\ntdll.dll
open following \Device\HarddiskVolume1
open path = Device\HarddiskVolume1
open path = HarddiskVolume1
open directory_t::open winnt\system32\ntdll.dll
open_file name = winnt\system32\ntdll.dll
open_unicode_file open file : /proc/self/fd/3/winnt/system32/ntdll.dll
get_proc_address KiIntSystemCall
init_ntdll KiIntSystemCall = 00000000
open path = ??\c:\winnt\system32\smss.exe
open path = c:\winnt\system32\smss.exe
open following \Device\HarddiskVolume1
open path = Device\HarddiskVolume1
open path = HarddiskVolume1
open directory_t::open winnt\system32\smss.exe
open_file name = winnt\system32\smss.exe
open_unicode_file open file : /proc/self/fd/3/winnt/system32/smss.exe
mapit image at 0x48580000
mapit read 4 sections, load at 48580000
mapit .text    00001000 00000600 00009600 0000951a
mapit .data    0000b000 00009c00 00000400 00000b00
mapit .rsrc    0000c000 0000a000 00000400 000003c0
mapit .reloc   0000d000 0000a400 00000c00 00000b3c
mapit image at 0x77f80000
mapit read 6 sections, load at 77f80000
mapit .text    00001000 00000400 00042600 00042492
mapit ECODE    00044000 00042a00 00004400 00004371
mapit PAGE     00049000 00046e00 00003a00 00003983
mapit .data    0004d000 0004a800 00002200 00002350
mapit .rsrc    00050000 0004ca00 00026e00 00026d08
mapit .reloc   00077000 00073800 00001e00 00001da8
mapit anonymous map
mapit anonymous map
open path = ??\c:\winnt\system32\l_intl.nls
open path = c:\winnt\system32\l_intl.nls
open following \Device\HarddiskVolume1
open path = Device\HarddiskVolume1
open path = HarddiskVolume1
open directory_t::open winnt\system32\l_intl.nls
open_file name = winnt\system32\l_intl.nls
open_unicode_file open file : /proc/self/fd/3/winnt/system32/l_intl.nls
mapit anonymous map
map_locale_data locale data l_intl.nls at 0x10000
open path = ??\c:\winnt\system32\c_850.nls
open path = c:\winnt\system32\c_850.nls
open following \Device\HarddiskVolume1
open path = Device\HarddiskVolume1
open path = HarddiskVolume1
open directory_t::open winnt\system32\c_850.nls
open_file name = winnt\system32\c_850.nls
open_unicode_file open file : /proc/self/fd/3/winnt/system32/c_850.nls
mapit anonymous map
map_locale_data locale data c_850.nls at 0x20000
open path = ??\c:\winnt\system32\c_1252.nls
open path = c:\winnt\system32\c_1252.nls
open following \Device\HarddiskVolume1
open path = Device\HarddiskVolume1
open path = HarddiskVolume1
open directory_t::open winnt\system32\c_1252.nls
open_file name = winnt\system32\c_1252.nls
open_unicode_file open file : /proc/self/fd/3/winnt/system32/c_1252.nls
mapit anonymous map
map_locale_data locale data c_1252.nls at 0x40000
create_initial_process entry point = 485895fe
mapit anonymous map
get_proc_address LdrInitializeThunk
get_proc_address KiUserApcDispatcher
create LdrInitializeThunk = 0x77f83406 pKiUserApcDispatcher = 0x77f9fb60
1014: NtOpenKey(7ffcfc74,80000000,7ffcfc50) ret=77f90738
NtOpenKey 0x7ffcfc74 80000000 0x7ffcfc50
NtOpenKey len 00000018 root (nil) attr 00000040 \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss.exe
open_parse_key remaining = Image File Execution Options\smss.exe
NtOpenKey open_key returned c000003a
1014: NtOpenKey retval=c000003a ret=77f90738
1014: NtOpenKey(7ffcfc74,80000000,7ffcfc50) ret=77f90738
NtOpenKey 0x7ffcfc74 80000000 0x7ffcfc50
NtOpenKey len 00000018 root (nil) attr 00000040 \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss.exe
open_parse_key remaining = Image File Execution Options\smss.exe
NtOpenKey open_key returned c000003a
1014: NtOpenKey retval=c000003a ret=77f90738
1014: NtCreateEvent(77fcd1a0,00100003,00000000,00000001,00000000) ret=77f8a095
NtCreateEvent 0x77fcd1a0 00100003 (nil) 1 0
process_alloc_user_handle handle = 00000004
1014: NtCreateEvent retval=00000000 ret=77f8a095
1014: NtCreateEvent(77fcd3f0,00100003,00000000,00000001,00000000) ret=77f93eea
NtCreateEvent 0x77fcd3f0 00100003 (nil) 1 0
process_alloc_user_handle handle = 00000008
1014: NtCreateEvent retval=00000000 ret=77f93eea
1014: NtQuerySystemInformation(00000000,7ffcf8cc,0000002c,00000000) ret=77fc937a
NtQuerySystemInformation 0 0x7ffcf8cc 44 (nil)
1014: NtQuerySystemInformation retval=00000000 ret=77fc937a
1014: NtAllocateVirtualMemory(ffffffff,7ffcf894,00000000,7ffcf970,00002000,00000004) ret=77fc9441
NtAllocateVirtualMemory returns  0x80000 00100000  00000000
1014: NtAllocateVirtualMemory retval=00000000 ret=77fc9441
1014: NtAllocateVirtualMemory(ffffffff,7ffcf940,00000000,7ffcf974,00001000,00000004) ret=77fc947a
split splitting block
NtAllocateVirtualMemory returns  0x80000 00001000  00000000
1014: NtAllocateVirtualMemory retval=00000000 ret=77fc947a
1014: NtCreateEvent(00080618,00100003,00000000,00000001,00000000) ret=77f93eea
NtCreateEvent 0x80618 00100003 (nil) 1 0
process_alloc_user_handle handle = 0000000c
1014: NtCreateEvent retval=00000000 ret=77f93eea
1014: NtAllocateVirtualMemory(ffffffff,7ffcf684,00000000,7ffcf6a4,00001000,00000004) ret=77fc9152
split splitting block
NtAllocateVirtualMemory returns  0x81000 00002000  00000000
1014: NtAllocateVirtualMemory retval=00000000 ret=77fc9152
1014: NtOpenKey(7ffcf950,80000000,7ffcf92c) ret=77f90738
NtOpenKey 0x7ffcf950 80000000 0x7ffcf92c
NtOpenKey len 00000018 root (nil) attr 00000040 \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss.exe
open_parse_key remaining = Image File Execution Options\smss.exe
NtOpenKey open_key returned c000003a
1014: NtOpenKey retval=c000003a ret=77f90738
1014: NtOpenDirectoryObject(77fcd000,00000003,7ffcfc30) ret=77f91e14
nt_open_object object = \KnownDlls
open path = KnownDlls
on_open find_object_t::on_open KnownDlls doesn't exist
1014: NtOpenDirectoryObject retval=c0000034 ret=77f91e14
1014: NtClose(b80d99b6) ret=77f83fbb
NtClose 0xb80d99b6
1014: NtClose retval=c0000008 ret=77f83fbb
create name = \Device\NamedPipe\ntsvcs
open path = Device\NamedPipe\ntsvcs
open path = NamedPipe\ntsvcs
open pipe = ntsvcs
on_open pipe_factory()
create_server creating pipe server
process_alloc_user_handle handle = 00000004
NtFsControlFile 0x4 (nil) (nil) (nil) 0xb7768fcc 00110008 (nil) 0 (nil) 0
access_allowed fixme: no access check
fs_control pipe_server_t 00110008
NtCreatePort 0xb778aed4 0xb778ae8c 256 256 (nil)
NtCreatePort root = (nil) port = \SeRmCommandPort
name_object name_object_t \SeRmCommandPort
open path = SeRmCommandPort
on_open name_object_t::on_open SeRmCommandPort
process_alloc_user_handle handle = 00000008
NtListenPort 0x8 0xb778aed8
access_allowed fixme: no access check
1014: NtFsControlFile(00000000,00000000,00000000,00000000,7ffcf7f4,00090028,00000000,00000000,00000000,00000000) ret=77f93701
NtFsControlFile (nil) (nil) (nil) (nil) 0x7ffcf7f4 00090028 (nil) 0 (nil) 0
1014: NtFsControlFile retval=c0000008 ret=77f93701
1014: NtFreeVirtualMemory(ffffffff,7ffcf55c,7ffcf560,00004000) ret=77fca08a
NtFreeVirtualMemory 0xffffffff 0x7ffcf55c 0x7ffcf560 16384
split splitting block
NtFreeVirtualMemory returning 00000000
1014: NtFreeVirtualMemory retval=00000000 ret=77fca08a
1014: NtFsControlFile(00000000,00000000,00000000,00000000,7ffcf7f4,00090028,00000000,00000000,00000000,00000000) ret=77f93701
NtFsControlFile (nil) (nil) (nil) (nil) 0x7ffcf7f4 00090028 (nil) 0 (nil) 0
1014: NtFsControlFile retval=c0000008 ret=77f93701
1014: NtAllocateVirtualMemory(ffffffff,7ffcf458,00000000,7ffcf478,00001000,00000004) ret=77fc9152
NtAllocateVirtualMemory returns  0x82000 00001000  00000000
1014: NtAllocateVirtualMemory retval=00000000 ret=77fc9152
1014: NtFreeVirtualMemory(ffffffff,7ffcf55c,7ffcf560,00004000) ret=77fca08a
NtFreeVirtualMemory 0xffffffff 0x7ffcf55c 0x7ffcf560 16384
NtFreeVirtualMemory returning 00000000
1014: NtFreeVirtualMemory retval=00000000 ret=77fca08a
1014: NtOpenKey(7ffcf794,80000000,7ffcf770) ret=77f90738
NtOpenKey 0x7ffcf794 80000000 0x7ffcf770
NtOpenKey len 00000018 root (nil) attr 00000040 \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\smss.exe
open_parse_key remaining = Image File Execution Options\smss.exe
NtOpenKey open_key returned c000003a
1014: NtOpenKey retval=c000003a ret=77f90738
1014: NtTestAlert() ret=77f8cbe1
1014: NtTestAlert retval=00000000 ret=77f8cbe1
1014: NtContinue(7ffcfd28,00000001) ret=77f927a1
NtContinue 0x7ffcfd28 1
eax 00000000 ebx 00000000 ecx 00000000 edx 00000000
esi 00000000 edi 00000000 ebp 00000000 efl 00000296
cs:eip 0073:485895fe ss:esp 007b:7ffcfff8
ds 007b es 007b fs 0033 gs 0000
1014: NtContinue retval=00000000 ret=77f927a1
1014: NtAllocateVirtualMemory(ffffffff,7ffcfdec,00000000,7ffcfe0c,00001000,00000004) ret=77fc9152
NtAllocateVirtualMemory returns  0x82000 00001000  00000000
1014: NtAllocateVirtualMemory retval=00000000 ret=77fc9152
stopped
ring3k debugger

 b          backtrace
 c          continue
 d <addr>   dump the contents of memory
 h          help (this text)
 r          display registers
 q          quit ring3k
 u <addr>   disassemble

eax 00070056 ebx 00060000 ecx 00000000 edx 00080000
esi 00000000 edi 00081ffc ebp 7ffcfff4 efl 00200282
cs:eip 0073:77f9f9e0 ss:esp 007b:7ffcffc8
ds 007b es 007b fs 0033 gs 0000
-
Previous message: Probably off topic
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the ring3k mailing list