bug report.
Posted: Thu Oct 23, 2014 8:04 am
date/time : 2014-10-23, 15:41:02, 522ms
computer name : VPS
wts client name : HCH-THINK
user name : Administrator <admin>
registered owner : hyper-v / hyper-v
operating system : Windows 2003 Service Pack 2 build 3790
system language : Chinese
system up time : 14 days 5 hours
program up time : 5 minutes 34 seconds
processors : 2x Intel(R) Xeon(R) CPU L5640 @ 2.27GHz
physical memory : 2022/2559 MB (free/total)
free disk space : (C:) 3.46 GB
display mode : 1440x900, 16 bit
process id : $b0c
allocated memory : 7.78 MB
largest free block : 963.00 MB
executable : Server.exe
exec. date/time : 2014-10-22 17:54
version : 1.0.0.0
compiled with : Delphi XE6
contact name : hch
contact email : [email protected]
madExcept version : 4.0.10
callstack crc : $4e6c189b, $3380ccb4, $2212bbd7
exception number : 1
exception class : EReadError
exception message : Stream read error.
thread $494 (TCPClientThread):
00525cc0 +068 Server.exe System.Classes TStream.ReadBuffer
006795e6 +0da Server.exe MRVMediaServer 1557 +17 LoadHeader
00679981 +171 Server.exe MRVMediaServer 1631 +25 LoadPackTCP
00679d34 +0fc Server.exe MRVMediaServer 1727 +27 TRVMediaServerThread.DoRead
00408dc6 +09e Server.exe System 399 +0 TMonitor.Wait
00674395 +099 Server.exe MRVType 5032 +6 TCPClientThread.TCPRead
0067423f +1bb Server.exe MRVType 4997 +44 TCPClientThread.Execute
004a2853 +02b Server.exe madExcept HookedTThreadExecute
00534d95 +049 Server.exe System.Classes ThreadProc
00409b10 +028 Server.exe System 399 +0 ThreadWrapper
004a2739 +00d Server.exe madExcept CallThreadProcSafe
004a279e +032 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +023 Server.exe MRVType 4882 +1 TCPClientThread.Create
main thread ($d44):
77e2bf51 +00a USER32.dll WaitMessage
0064ada5 +149 Server.exe Vcl.Forms TApplication.Idle
00649fcb +017 Server.exe Vcl.Forms TApplication.HandleMessage
0064a2f1 +0c9 Server.exe Vcl.Forms TApplication.Run
0068bdef +03b Server.exe Server 25 +3 initialization
thread $4b8 (TRVListenerThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b5150e +5e WS2HELP.dll WahReferenceContextByHandle
71b62839 +9e WS2_32.dll select
00674534 +d8 Server.exe MRVType 5117 +14 WSSelect
006747de +7e Server.exe MRVType 5206 +15 TRVListenerThread.ListenServer
00674685 +4d Server.exe MRVType 5153 +8 TRVListenerThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $70c at:
00674593 +23 Server.exe MRVType 5129 +1 TRVListenerThread.Create
thread $920 (TRVListenerThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b5150e +5e WS2HELP.dll WahReferenceContextByHandle
71b62839 +9e WS2_32.dll select
00674534 +d8 Server.exe MRVType 5117 +14 WSSelect
006747de +7e Server.exe MRVType 5206 +15 TRVListenerThread.ListenServer
00674685 +4d Server.exe MRVType 5153 +8 TRVListenerThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $a28 at:
00674593 +23 Server.exe MRVType 5129 +1 TRVListenerThread.Create
thread $5f0 (TCPClientThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b694e2 +62 WS2_32.dll WSARecv
71b1114c +2c wsock32.dll recv
0066ff0b +37 Server.exe MRVType 1721 +6 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $b34 (TCPClientThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b694e2 +62 WS2_32.dll WSARecv
71b1114c +2c wsock32.dll recv
0066ff0b +37 Server.exe MRVType 1721 +6 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $e30 (TCPClientThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b694e2 +62 WS2_32.dll WSARecv
71b1114c +2c wsock32.dll recv
0066ff0b +37 Server.exe MRVType 1721 +6 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $4a8 (TCPClientThread):
7c956db7 +0a ntdll.dll NtDelayExecution
7c801ecf +47 kernel32.dll SleepEx
7c8024f8 +0a kernel32.dll Sleep
00674f6f +bb Server.exe MRVType 6957 +57 RecvNonBlock
0066ff2f +5b Server.exe MRVType 1724 +9 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $dec (TRVClientRedirect):
7c957b67 +0a ntdll.dll NtWaitForMultipleObjects
7c822026 +cc kernel32.dll WaitForMultipleObjectsEx
004abcfa +56 Server.exe System.SyncObjs THandleObject.WaitFor
006774e8 +2c Server.exe MRVMediaServer 558 +11 TRVClientRedirect.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $e30 (TCPClientThread) at:
00676eb9 +51 Server.exe MRVMediaServer 387 +1 TRVClientRedirect.Create
thread $fd8 (TRVClientRedirect):
7c957b77 +00a ntdll.dll NtWaitForSingleObject
71b62f2d +06b WS2_32.dll send
0067775a +0ba Server.exe MRVMediaServer 680 +34 TRVClientRedirect.RedirectStream
006779c9 +1c1 Server.exe MRVMediaServer 768 +58 TRVClientRedirect.RedirectData
0067754c +090 Server.exe MRVMediaServer 574 +27 TRVClientRedirect.Execute
004a2853 +02b Server.exe madExcept HookedTThreadExecute
00534d95 +049 Server.exe System.Classes ThreadProc
00409b10 +028 Server.exe System 399 +0 ThreadWrapper
004a2739 +00d Server.exe madExcept CallThreadProcSafe
004a279e +032 Server.exe madExcept ThreadExceptFrame
>> created by thread $b34 (TCPClientThread) at:
00676eb9 +051 Server.exe MRVMediaServer 387 +1 TRVClientRedirect.Create
thread $9a8 (TRVClientRedirect):
7c957b67 +0a ntdll.dll NtWaitForMultipleObjects
7c822026 +cc kernel32.dll WaitForMultipleObjectsEx
004abcfa +56 Server.exe System.SyncObjs THandleObject.WaitFor
006774e8 +2c Server.exe MRVMediaServer 558 +11 TRVClientRedirect.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4a8 (TCPClientThread) at:
00676eb9 +51 Server.exe MRVMediaServer 387 +1 TRVClientRedirect.Create
thread $46c (TRVClientRedirect):
7c957b67 +0a ntdll.dll NtWaitForMultipleObjects
7c822026 +cc kernel32.dll WaitForMultipleObjectsEx
004abcfa +56 Server.exe System.SyncObjs THandleObject.WaitFor
006774e8 +2c Server.exe MRVMediaServer 558 +11 TRVClientRedirect.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $5f0 (TCPClientThread) at:
00676eb9 +51 Server.exe MRVMediaServer 387 +1 TRVClientRedirect.Create
thread $bbc (TCPClientThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b694e2 +62 WS2_32.dll WSARecv
71b1114c +2c wsock32.dll recv
0066ff0b +37 Server.exe MRVType 1721 +6 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $818 (TCPClientThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b694e2 +62 WS2_32.dll WSARecv
71b1114c +2c wsock32.dll recv
0066ff0b +37 Server.exe MRVType 1721 +6 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $cec (TCPClientThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b694e2 +62 WS2_32.dll WSARecv
71b1114c +2c wsock32.dll recv
0066ff0b +37 Server.exe MRVType 1721 +6 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $4b0 (TCPClientThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b694e2 +62 WS2_32.dll WSARecv
71b1114c +2c wsock32.dll recv
0066ff0b +37 Server.exe MRVType 1721 +6 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $984 (TCPClientThread):
7c956db7 +0a ntdll.dll NtDelayExecution
7c801ecf +47 kernel32.dll SleepEx
7c8024f8 +0a kernel32.dll Sleep
00674f6f +bb Server.exe MRVType 6957 +57 RecvNonBlock
0066ff2f +5b Server.exe MRVType 1724 +9 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $f1c (TRVClientRedirect):
7c957b67 +0a ntdll.dll NtWaitForMultipleObjects
7c822026 +cc kernel32.dll WaitForMultipleObjectsEx
004abcfa +56 Server.exe System.SyncObjs THandleObject.WaitFor
006774e8 +2c Server.exe MRVMediaServer 558 +11 TRVClientRedirect.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $818 (TCPClientThread) at:
00676eb9 +51 Server.exe MRVMediaServer 387 +1 TRVClientRedirect.Create
thread $924 (TRVClientRedirect):
7c957b67 +0a ntdll.dll NtWaitForMultipleObjects
7c822026 +cc kernel32.dll WaitForMultipleObjectsEx
004abcfa +56 Server.exe System.SyncObjs THandleObject.WaitFor
006774e8 +2c Server.exe MRVMediaServer 558 +11 TRVClientRedirect.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b0 (TCPClientThread) at:
00676eb9 +51 Server.exe MRVMediaServer 387 +1 TRVClientRedirect.Create
thread $f8c (TRVClientRedirect):
7c957b67 +0a ntdll.dll NtWaitForMultipleObjects
7c822026 +cc kernel32.dll WaitForMultipleObjectsEx
004abcfa +56 Server.exe System.SyncObjs THandleObject.WaitFor
006774e8 +2c Server.exe MRVMediaServer 558 +11 TRVClientRedirect.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $cec (TCPClientThread) at:
00676eb9 +51 Server.exe MRVMediaServer 387 +1 TRVClientRedirect.Create
thread $dc0 (TRVClientRedirect):
7c957b67 +0a ntdll.dll NtWaitForMultipleObjects
7c822026 +cc kernel32.dll WaitForMultipleObjectsEx
004abcfa +56 Server.exe System.SyncObjs THandleObject.WaitFor
006774e8 +2c Server.exe MRVMediaServer 558 +11 TRVClientRedirect.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $984 (TCPClientThread) at:
00676eb9 +51 Server.exe MRVMediaServer 387 +1 TRVClientRedirect.Create
thread $90c (TCPClientThread):
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $870 (TCPClientThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b694e2 +62 WS2_32.dll WSARecv
71b1114c +2c wsock32.dll recv
0066ff0b +37 Server.exe MRVType 1721 +6 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
modules:
00400000 Server.exe 1.0.0.0 C:\Documents and Settings\Administrator\桌面
025d0000 Normaliz.dll 6.0.5441.0 C:\WINDOWS\system32
40270000 wininet.dll 8.0.6001.19298 C:\WINDOWS\system32
40910000 iertutil.dll 8.0.6001.19298 C:\WINDOWS\system32
439b0000 urlmon.dll 8.0.6001.19298 C:\WINDOWS\system32
4c510000 msctfime.ime 5.2.3790.3959 C:\WINDOWS\system32
69660000 hnetcfg.dll 5.2.3790.3959 C:\WINDOWS\system32
71a40000 wshtcpip.dll 5.2.3790.3959 C:\WINDOWS\System32
71a80000 mswsock.dll 5.2.3790.4318 C:\WINDOWS\system32
71ad0000 uxtheme.dll 6.0.3790.3959 C:\WINDOWS\system32
71b10000 wsock32.dll 5.2.3790.0 C:\WINDOWS\system32
71b20000 rdpsnd.dll 5.2.3790.0 C:\WINDOWS\system32
71b50000 WS2HELP.dll 5.2.3790.3959 C:\WINDOWS\system32
71b60000 WS2_32.dll 5.2.3790.3959 C:\WINDOWS\system32
71ba0000 NETAPI32.dll 5.2.3790.5030 C:\WINDOWS\system32
72f40000 winspool.drv 5.2.3790.3959 C:\WINDOWS\system32
73730000 ddraw.dll 5.3.3790.3959 C:\WINDOWS\system32
73a60000 DCIMAN32.dll 5.2.3790.0 C:\WINDOWS\system32
74430000 MSCTF.dll 5.2.3790.3959 C:\WINDOWS\system32
74ae0000 USP10.dll 1.422.3790.4695 C:\WINDOWS\system32
75d60000 apphelp.dll 5.2.3790.3959 C:\WINDOWS\system32
76180000 IMM32.DLL 5.2.3790.3959 C:\WINDOWS\system32
761a0000 comdlg32.dll 6.0.3790.3959 C:\WINDOWS\system32
769e0000 winmm.dll 5.2.3790.4916 C:\WINDOWS\system32
76ab0000 PSAPI.DLL 5.2.3790.3959 C:\WINDOWS\system32
76e60000 wtsapi32.dll 5.2.3790.3959 C:\WINDOWS\system32
76e70000 WLDAP32.dll 5.2.3790.3959 C:\WINDOWS\system32
76eb0000 Secur32.dll 5.2.3790.4530 C:\WINDOWS\system32
770d0000 SETUPAPI.dll 5.2.3790.3959 C:\WINDOWS\system32
774b0000 ole32.dll 5.2.3790.4926 C:\WINDOWS\system32
775f0000 oleaut32.dll 5.2.3790.4807 C:\WINDOWS\system32
777e0000 NTMARTA.DLL 5.2.3790.3959 C:\WINDOWS\system32
77b60000 version.dll 5.2.3790.3959 C:\WINDOWS\system32
77b70000 msvcrt.dll 7.0.3790.3959 C:\WINDOWS\system32
77bd0000 GDI32.dll 5.2.3790.4396 C:\WINDOWS\system32
77c20000 RPCRT4.dll 5.2.3790.4759 C:\WINDOWS\system32
77cd0000 comctl32.dll 6.0.3790.4770 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_05FDF087
77e10000 USER32.dll 5.2.3790.4033 C:\WINDOWS\system32
77eb0000 SHLWAPI.dll 6.0.3790.4603 C:\WINDOWS\system32
77f10000 WINSTA.dll 5.2.3790.3959 C:\WINDOWS\system32
77f30000 ADVAPI32.dll 5.2.3790.4455 C:\WINDOWS\system32
7c800000 kernel32.dll 5.2.3790.4480 C:\WINDOWS\system32
7c930000 ntdll.dll 5.2.3790.4937 C:\WINDOWS\system32
7ca10000 shell32.dll 6.0.3790.5018 C:\WINDOWS\system32
7e020000 SAMLIB.dll 5.2.3790.3959 C:\WINDOWS\system32
7f000000 LPK.DLL 5.2.3790.3959 C:\WINDOWS\system32
processes:
000 Idle 0 0 0
004 System 0 0 0 normal
14c smss.exe 0 0 0 normal C:\WINDOWS\system32
180 csrss.exe 0 0 0
198 winlogon.exe 0 0 0 high C:\WINDOWS\system32
1c8 services.exe 0 0 0 normal C:\WINDOWS\system32
1d4 lsass.exe 0 0 0 normal C:\WINDOWS\system32
294 svchost.exe 0 0 0 normal C:\WINDOWS\system32
2e8 svchost.exe 0 0 0
31c svchost.exe 0 0 0
340 svchost.exe 0 0 0 normal C:\WINDOWS\System32
39c svchost.exe 0 0 0 normal C:\WINDOWS\system32
3f8 msdtc.exe 0 0 0
448 svchost.exe 0 0 0
498 DUMeterSvc.exe 0 0 0 normal C:\Program Files\DU Meter
4ec inetinfo.exe 0 0 0 normal C:\WINDOWS\system32\inetsrv
534 mysqld.exe 0 0 0 normal D:\Program Files\MySQL\MySQL Server 5.1\bin
5f4 ServUDaemon.exe 0 0 0 normal C:\Program Files\Serv-U
610 burroguard.exe 0 0 0 normal D:\hch\qb\server
68c svchost.exe 0 0 0 normal C:\WINDOWS\System32
6b0 svchost.exe 0 0 0
9d8 svchost.exe 0 0 0 normal C:\WINDOWS\System32
ac0 alg.exe 0 0 0
b88 svchost.exe 0 0 0 normal C:\WINDOWS\System32
c04 csrss.exe 1 0 0
c20 winlogon.exe 1 41 15 high C:\WINDOWS\system32
cc8 rdpclip.exe 1 8 9 normal C:\WINDOWS\system32
d14 Explorer.EXE 1 196 112 normal C:\WINDOWS
d98 ctfmon.exe 1 18 11 normal C:\WINDOWS\system32
da0 DUMeter.exe 1 50 39 normal C:\Program Files\DU Meter
dac LedService.exe 1 74 64 normal D:\hch\LedService
af8 wmiprvse.exe 0 0 0
e1c logon.scr 0 0 0
16c burroservice.exe 0 0 0 normal D:\hch\qb\server
84c QQ.exe 1 376 117 normal D:\Program Files\Tencent\QQIntl\Bin
25c TXPlatform.exe 1 4 5 normal D:\Program Files\Tencent\QQIntl\Bin
574 conime.exe 1 11 9 normal C:\WINDOWS\system32
c98 w3wp.exe 0 0 0 normal c:\windows\system32\inetsrv
b0c Server.exe 1 117 93 normal C:\Documents and Settings\Administrator\桌面
cb8 csrss.exe 4 0 0
900 winlogon.exe 4 0 0 high C:\WINDOWS\system32
hardware:
+ DVD/CD-ROM 驱动器
- Msft Virtual CD/ROM
- Msft Virtual CD/ROM
+ IDE ATA/ATAPI 控制器
- Intel(R) 82371AB/EB PCI Bus Master IDE Controller
- 主要 IDE 通道
- 次要 IDE 通道
+ 人体学接口设备
- Microsoft Hyper-V Input
+ 声音、视频和游戏控制器
- 传统视频捕捉设备
- 传统音频驱动程序
- 媒体控制设备
- 视频编码解码器
- 音频编码解码器
+ 处理器
- Intel(R) Xeon(R) CPU L5640 @ 2.27GHz
- Intel(R) Xeon(R) CPU L5640 @ 2.27GHz
+ 显示卡
- Microsoft Hyper-V Video
+ 磁盘驱动器
- Virtual HD
- Virtual HD
+ 端口 (COM 和 LPT)
- 通信端口 (COM1)
- 通信端口 (COM2)
+ 系统设备
- ACPI Fixed Feature Button
- Direct memory access controller
- Intel 82371AB/EB PCI to ISA bridge (ISA mode)
- Intel 82443BX Pentium(R) II Processor to PCI Bridge
- ISAPNP Read Data Port
- Logical Disk Manager
- Microcode Update Device
- Microsoft ACPI-Compliant System
- Microsoft Hyper-V Data Exchange
- Microsoft Hyper-V Guest Shutdown
- Microsoft Hyper-V Heartbeat
- Microsoft Hyper-V S3 Cap
- Microsoft Hyper-V Storage Accelerator
- Microsoft Hyper-V Storage Accelerator
- Microsoft Hyper-V Time Synchronization
- Microsoft Hyper-V Virtual Machine Bus
- Microsoft Hyper-V Volume Shadow Copy
- Microsoft System Management BIOS Driver
- Motherboard resources
- Motherboard resources
- Numeric data processor
- PCI bus
- Plug and Play Software Device Enumerator
- Programmable interrupt controller
- System board
- System CMOS/real time clock
- System speaker
- System timer
- Volume Manager
- 控制台的全屏显示视频驱动程序
- 终端服务器设备重定向器
- 终端服务器键盘驱动程序
- 终端服务器鼠标驱动程序
+ 网络适配器
- Microsoft Hyper-V Network Adapter #4
- WAN 微型端口 (IP)
- WAN 微型端口 (L2TP)
- WAN 微型端口 (PPPOE)
- WAN 微型端口 (PPTP)
- 直接并口
+ 计算机
- ACPI Multiprocessor PC
+ 软盘控制器
- Standard floppy disk controller
+ 软盘驱动器
- 软盘驱动器
+ 键盘
- Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
+ 鼠标和其它指针设备
- HID-compliant mouse
- Microsoft PS/2 Mouse
cpu registers:
eax = 010d3820
ebx = 0000000b
ecx = 00000000
edx = 001830e0
esi = 00000000
edi = 00000010
eip = 00525cc5
esp = 03f6fd68
ebp = 03f6fddc
stack dump:
03f6fd68 c5 5c 52 00 de fa ed 0e - 01 00 00 00 07 00 00 00 .\R.............
03f6fd78 7c fd f6 03 c5 5c 52 00 - 20 38 0d 01 0b 00 00 00 |....\R. 8......
03f6fd88 00 00 00 00 10 00 00 00 - dc fd f6 03 98 fd f6 03 ................
03f6fd98 40 38 0d 01 a6 fe f6 03 - c6 fe f6 03 e1 03 0a 01 @8..............
03f6fda8 70 1f 08 01 eb 95 67 00 - c6 fe f6 03 e1 03 0a 01 p.....g.........
03f6fdb8 ea 6c 52 00 00 00 00 00 - 00 00 00 00 d8 fd f6 03 .lR.............
03f6fdc8 3d 2e 52 00 00 00 00 00 - 00 00 00 00 e1 03 0a 00 =.R.............
03f6fdd8 40 38 0d 01 24 fe f6 03 - 86 99 67 00 c8 fe f6 03 @8..$.....g.....
03f6fde8 c6 fe f6 03 5e 80 0a 01 - 20 5f 67 00 d7 0b 00 00 ....^... _g.....
03f6fdf8 00 00 00 00 d7 0b 00 00 - 00 00 00 00 01 00 00 00 ................
03f6fe08 40 38 0d 01 11 00 00 00 - 00 00 00 00 e0 10 00 00 @8..............
03f6fe18 00 00 00 00 cf 10 00 00 - 00 00 00 00 c8 fe f6 03 ................
03f6fe28 39 9d 67 00 c8 fe f6 03 - 04 ff f6 03 40 92 40 00 9.g.........@.@.
03f6fe38 c8 fe f6 03 00 00 00 00 - f0 13 0e 01 20 5f 67 00 ............ _g.
03f6fe48 c9 8d 40 00 50 04 00 00 - 80 37 0d 01 70 1f 08 01 [email protected]...
03f6fe58 90 03 0a 01 08 00 00 00 - 02 00 00 00 01 00 00 00 ................
03f6fe68 02 00 00 00 10 00 00 00 - 04 00 00 00 11 00 00 00 ................
03f6fe78 14 00 00 00 00 00 00 00 - 52 67 40 00 2d 7e 00 00 [email protected]~..
03f6fe88 10 01 68 6d 48 54 00 00 - 00 00 00 00 00 00 00 00 ..hmHT..........
03f6fe98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
disassembling:
[...]
006795d7 mov eax, [ebp+8]
006795da mov ecx, [eax-$5c]
006795dd mov eax, [ebp+8]
006795e0 lea edx, [eax-$22]
006795e3 mov eax, [ebp-4]
006795e6 > call -$153993 ($525c58) ; System.Classes.TStream.ReadBuffer
006795eb jmp loc_67960c
006795ed 1558 mov eax, [ebp+8]
006795f0 add eax, -$22
006795f3 mov [ebp-$10], eax
006795f6 mov eax, [ebp+8]
[...]
computer name : VPS
wts client name : HCH-THINK
user name : Administrator <admin>
registered owner : hyper-v / hyper-v
operating system : Windows 2003 Service Pack 2 build 3790
system language : Chinese
system up time : 14 days 5 hours
program up time : 5 minutes 34 seconds
processors : 2x Intel(R) Xeon(R) CPU L5640 @ 2.27GHz
physical memory : 2022/2559 MB (free/total)
free disk space : (C:) 3.46 GB
display mode : 1440x900, 16 bit
process id : $b0c
allocated memory : 7.78 MB
largest free block : 963.00 MB
executable : Server.exe
exec. date/time : 2014-10-22 17:54
version : 1.0.0.0
compiled with : Delphi XE6
contact name : hch
contact email : [email protected]
madExcept version : 4.0.10
callstack crc : $4e6c189b, $3380ccb4, $2212bbd7
exception number : 1
exception class : EReadError
exception message : Stream read error.
thread $494 (TCPClientThread):
00525cc0 +068 Server.exe System.Classes TStream.ReadBuffer
006795e6 +0da Server.exe MRVMediaServer 1557 +17 LoadHeader
00679981 +171 Server.exe MRVMediaServer 1631 +25 LoadPackTCP
00679d34 +0fc Server.exe MRVMediaServer 1727 +27 TRVMediaServerThread.DoRead
00408dc6 +09e Server.exe System 399 +0 TMonitor.Wait
00674395 +099 Server.exe MRVType 5032 +6 TCPClientThread.TCPRead
0067423f +1bb Server.exe MRVType 4997 +44 TCPClientThread.Execute
004a2853 +02b Server.exe madExcept HookedTThreadExecute
00534d95 +049 Server.exe System.Classes ThreadProc
00409b10 +028 Server.exe System 399 +0 ThreadWrapper
004a2739 +00d Server.exe madExcept CallThreadProcSafe
004a279e +032 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +023 Server.exe MRVType 4882 +1 TCPClientThread.Create
main thread ($d44):
77e2bf51 +00a USER32.dll WaitMessage
0064ada5 +149 Server.exe Vcl.Forms TApplication.Idle
00649fcb +017 Server.exe Vcl.Forms TApplication.HandleMessage
0064a2f1 +0c9 Server.exe Vcl.Forms TApplication.Run
0068bdef +03b Server.exe Server 25 +3 initialization
thread $4b8 (TRVListenerThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b5150e +5e WS2HELP.dll WahReferenceContextByHandle
71b62839 +9e WS2_32.dll select
00674534 +d8 Server.exe MRVType 5117 +14 WSSelect
006747de +7e Server.exe MRVType 5206 +15 TRVListenerThread.ListenServer
00674685 +4d Server.exe MRVType 5153 +8 TRVListenerThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $70c at:
00674593 +23 Server.exe MRVType 5129 +1 TRVListenerThread.Create
thread $920 (TRVListenerThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b5150e +5e WS2HELP.dll WahReferenceContextByHandle
71b62839 +9e WS2_32.dll select
00674534 +d8 Server.exe MRVType 5117 +14 WSSelect
006747de +7e Server.exe MRVType 5206 +15 TRVListenerThread.ListenServer
00674685 +4d Server.exe MRVType 5153 +8 TRVListenerThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $a28 at:
00674593 +23 Server.exe MRVType 5129 +1 TRVListenerThread.Create
thread $5f0 (TCPClientThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b694e2 +62 WS2_32.dll WSARecv
71b1114c +2c wsock32.dll recv
0066ff0b +37 Server.exe MRVType 1721 +6 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $b34 (TCPClientThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b694e2 +62 WS2_32.dll WSARecv
71b1114c +2c wsock32.dll recv
0066ff0b +37 Server.exe MRVType 1721 +6 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $e30 (TCPClientThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b694e2 +62 WS2_32.dll WSARecv
71b1114c +2c wsock32.dll recv
0066ff0b +37 Server.exe MRVType 1721 +6 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $4a8 (TCPClientThread):
7c956db7 +0a ntdll.dll NtDelayExecution
7c801ecf +47 kernel32.dll SleepEx
7c8024f8 +0a kernel32.dll Sleep
00674f6f +bb Server.exe MRVType 6957 +57 RecvNonBlock
0066ff2f +5b Server.exe MRVType 1724 +9 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $dec (TRVClientRedirect):
7c957b67 +0a ntdll.dll NtWaitForMultipleObjects
7c822026 +cc kernel32.dll WaitForMultipleObjectsEx
004abcfa +56 Server.exe System.SyncObjs THandleObject.WaitFor
006774e8 +2c Server.exe MRVMediaServer 558 +11 TRVClientRedirect.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $e30 (TCPClientThread) at:
00676eb9 +51 Server.exe MRVMediaServer 387 +1 TRVClientRedirect.Create
thread $fd8 (TRVClientRedirect):
7c957b77 +00a ntdll.dll NtWaitForSingleObject
71b62f2d +06b WS2_32.dll send
0067775a +0ba Server.exe MRVMediaServer 680 +34 TRVClientRedirect.RedirectStream
006779c9 +1c1 Server.exe MRVMediaServer 768 +58 TRVClientRedirect.RedirectData
0067754c +090 Server.exe MRVMediaServer 574 +27 TRVClientRedirect.Execute
004a2853 +02b Server.exe madExcept HookedTThreadExecute
00534d95 +049 Server.exe System.Classes ThreadProc
00409b10 +028 Server.exe System 399 +0 ThreadWrapper
004a2739 +00d Server.exe madExcept CallThreadProcSafe
004a279e +032 Server.exe madExcept ThreadExceptFrame
>> created by thread $b34 (TCPClientThread) at:
00676eb9 +051 Server.exe MRVMediaServer 387 +1 TRVClientRedirect.Create
thread $9a8 (TRVClientRedirect):
7c957b67 +0a ntdll.dll NtWaitForMultipleObjects
7c822026 +cc kernel32.dll WaitForMultipleObjectsEx
004abcfa +56 Server.exe System.SyncObjs THandleObject.WaitFor
006774e8 +2c Server.exe MRVMediaServer 558 +11 TRVClientRedirect.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4a8 (TCPClientThread) at:
00676eb9 +51 Server.exe MRVMediaServer 387 +1 TRVClientRedirect.Create
thread $46c (TRVClientRedirect):
7c957b67 +0a ntdll.dll NtWaitForMultipleObjects
7c822026 +cc kernel32.dll WaitForMultipleObjectsEx
004abcfa +56 Server.exe System.SyncObjs THandleObject.WaitFor
006774e8 +2c Server.exe MRVMediaServer 558 +11 TRVClientRedirect.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $5f0 (TCPClientThread) at:
00676eb9 +51 Server.exe MRVMediaServer 387 +1 TRVClientRedirect.Create
thread $bbc (TCPClientThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b694e2 +62 WS2_32.dll WSARecv
71b1114c +2c wsock32.dll recv
0066ff0b +37 Server.exe MRVType 1721 +6 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $818 (TCPClientThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b694e2 +62 WS2_32.dll WSARecv
71b1114c +2c wsock32.dll recv
0066ff0b +37 Server.exe MRVType 1721 +6 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $cec (TCPClientThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b694e2 +62 WS2_32.dll WSARecv
71b1114c +2c wsock32.dll recv
0066ff0b +37 Server.exe MRVType 1721 +6 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $4b0 (TCPClientThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b694e2 +62 WS2_32.dll WSARecv
71b1114c +2c wsock32.dll recv
0066ff0b +37 Server.exe MRVType 1721 +6 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $984 (TCPClientThread):
7c956db7 +0a ntdll.dll NtDelayExecution
7c801ecf +47 kernel32.dll SleepEx
7c8024f8 +0a kernel32.dll Sleep
00674f6f +bb Server.exe MRVType 6957 +57 RecvNonBlock
0066ff2f +5b Server.exe MRVType 1724 +9 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $f1c (TRVClientRedirect):
7c957b67 +0a ntdll.dll NtWaitForMultipleObjects
7c822026 +cc kernel32.dll WaitForMultipleObjectsEx
004abcfa +56 Server.exe System.SyncObjs THandleObject.WaitFor
006774e8 +2c Server.exe MRVMediaServer 558 +11 TRVClientRedirect.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $818 (TCPClientThread) at:
00676eb9 +51 Server.exe MRVMediaServer 387 +1 TRVClientRedirect.Create
thread $924 (TRVClientRedirect):
7c957b67 +0a ntdll.dll NtWaitForMultipleObjects
7c822026 +cc kernel32.dll WaitForMultipleObjectsEx
004abcfa +56 Server.exe System.SyncObjs THandleObject.WaitFor
006774e8 +2c Server.exe MRVMediaServer 558 +11 TRVClientRedirect.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b0 (TCPClientThread) at:
00676eb9 +51 Server.exe MRVMediaServer 387 +1 TRVClientRedirect.Create
thread $f8c (TRVClientRedirect):
7c957b67 +0a ntdll.dll NtWaitForMultipleObjects
7c822026 +cc kernel32.dll WaitForMultipleObjectsEx
004abcfa +56 Server.exe System.SyncObjs THandleObject.WaitFor
006774e8 +2c Server.exe MRVMediaServer 558 +11 TRVClientRedirect.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $cec (TCPClientThread) at:
00676eb9 +51 Server.exe MRVMediaServer 387 +1 TRVClientRedirect.Create
thread $dc0 (TRVClientRedirect):
7c957b67 +0a ntdll.dll NtWaitForMultipleObjects
7c822026 +cc kernel32.dll WaitForMultipleObjectsEx
004abcfa +56 Server.exe System.SyncObjs THandleObject.WaitFor
006774e8 +2c Server.exe MRVMediaServer 558 +11 TRVClientRedirect.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $984 (TCPClientThread) at:
00676eb9 +51 Server.exe MRVMediaServer 387 +1 TRVClientRedirect.Create
thread $90c (TCPClientThread):
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
thread $870 (TCPClientThread):
7c957b77 +0a ntdll.dll NtWaitForSingleObject
71b694e2 +62 WS2_32.dll WSARecv
71b1114c +2c wsock32.dll recv
0066ff0b +37 Server.exe MRVType 1721 +6 ReadFromSocket
00674161 +dd Server.exe MRVType 4974 +21 TCPClientThread.Execute
004a2853 +2b Server.exe madExcept HookedTThreadExecute
00534d95 +49 Server.exe System.Classes ThreadProc
00409b10 +28 Server.exe System 399 +0 ThreadWrapper
004a2739 +0d Server.exe madExcept CallThreadProcSafe
004a279e +32 Server.exe madExcept ThreadExceptFrame
>> created by thread $4b8 (TRVListenerThread) at:
00673e33 +23 Server.exe MRVType 4882 +1 TCPClientThread.Create
modules:
00400000 Server.exe 1.0.0.0 C:\Documents and Settings\Administrator\桌面
025d0000 Normaliz.dll 6.0.5441.0 C:\WINDOWS\system32
40270000 wininet.dll 8.0.6001.19298 C:\WINDOWS\system32
40910000 iertutil.dll 8.0.6001.19298 C:\WINDOWS\system32
439b0000 urlmon.dll 8.0.6001.19298 C:\WINDOWS\system32
4c510000 msctfime.ime 5.2.3790.3959 C:\WINDOWS\system32
69660000 hnetcfg.dll 5.2.3790.3959 C:\WINDOWS\system32
71a40000 wshtcpip.dll 5.2.3790.3959 C:\WINDOWS\System32
71a80000 mswsock.dll 5.2.3790.4318 C:\WINDOWS\system32
71ad0000 uxtheme.dll 6.0.3790.3959 C:\WINDOWS\system32
71b10000 wsock32.dll 5.2.3790.0 C:\WINDOWS\system32
71b20000 rdpsnd.dll 5.2.3790.0 C:\WINDOWS\system32
71b50000 WS2HELP.dll 5.2.3790.3959 C:\WINDOWS\system32
71b60000 WS2_32.dll 5.2.3790.3959 C:\WINDOWS\system32
71ba0000 NETAPI32.dll 5.2.3790.5030 C:\WINDOWS\system32
72f40000 winspool.drv 5.2.3790.3959 C:\WINDOWS\system32
73730000 ddraw.dll 5.3.3790.3959 C:\WINDOWS\system32
73a60000 DCIMAN32.dll 5.2.3790.0 C:\WINDOWS\system32
74430000 MSCTF.dll 5.2.3790.3959 C:\WINDOWS\system32
74ae0000 USP10.dll 1.422.3790.4695 C:\WINDOWS\system32
75d60000 apphelp.dll 5.2.3790.3959 C:\WINDOWS\system32
76180000 IMM32.DLL 5.2.3790.3959 C:\WINDOWS\system32
761a0000 comdlg32.dll 6.0.3790.3959 C:\WINDOWS\system32
769e0000 winmm.dll 5.2.3790.4916 C:\WINDOWS\system32
76ab0000 PSAPI.DLL 5.2.3790.3959 C:\WINDOWS\system32
76e60000 wtsapi32.dll 5.2.3790.3959 C:\WINDOWS\system32
76e70000 WLDAP32.dll 5.2.3790.3959 C:\WINDOWS\system32
76eb0000 Secur32.dll 5.2.3790.4530 C:\WINDOWS\system32
770d0000 SETUPAPI.dll 5.2.3790.3959 C:\WINDOWS\system32
774b0000 ole32.dll 5.2.3790.4926 C:\WINDOWS\system32
775f0000 oleaut32.dll 5.2.3790.4807 C:\WINDOWS\system32
777e0000 NTMARTA.DLL 5.2.3790.3959 C:\WINDOWS\system32
77b60000 version.dll 5.2.3790.3959 C:\WINDOWS\system32
77b70000 msvcrt.dll 7.0.3790.3959 C:\WINDOWS\system32
77bd0000 GDI32.dll 5.2.3790.4396 C:\WINDOWS\system32
77c20000 RPCRT4.dll 5.2.3790.4759 C:\WINDOWS\system32
77cd0000 comctl32.dll 6.0.3790.4770 C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.3790.4770_x-ww_05FDF087
77e10000 USER32.dll 5.2.3790.4033 C:\WINDOWS\system32
77eb0000 SHLWAPI.dll 6.0.3790.4603 C:\WINDOWS\system32
77f10000 WINSTA.dll 5.2.3790.3959 C:\WINDOWS\system32
77f30000 ADVAPI32.dll 5.2.3790.4455 C:\WINDOWS\system32
7c800000 kernel32.dll 5.2.3790.4480 C:\WINDOWS\system32
7c930000 ntdll.dll 5.2.3790.4937 C:\WINDOWS\system32
7ca10000 shell32.dll 6.0.3790.5018 C:\WINDOWS\system32
7e020000 SAMLIB.dll 5.2.3790.3959 C:\WINDOWS\system32
7f000000 LPK.DLL 5.2.3790.3959 C:\WINDOWS\system32
processes:
000 Idle 0 0 0
004 System 0 0 0 normal
14c smss.exe 0 0 0 normal C:\WINDOWS\system32
180 csrss.exe 0 0 0
198 winlogon.exe 0 0 0 high C:\WINDOWS\system32
1c8 services.exe 0 0 0 normal C:\WINDOWS\system32
1d4 lsass.exe 0 0 0 normal C:\WINDOWS\system32
294 svchost.exe 0 0 0 normal C:\WINDOWS\system32
2e8 svchost.exe 0 0 0
31c svchost.exe 0 0 0
340 svchost.exe 0 0 0 normal C:\WINDOWS\System32
39c svchost.exe 0 0 0 normal C:\WINDOWS\system32
3f8 msdtc.exe 0 0 0
448 svchost.exe 0 0 0
498 DUMeterSvc.exe 0 0 0 normal C:\Program Files\DU Meter
4ec inetinfo.exe 0 0 0 normal C:\WINDOWS\system32\inetsrv
534 mysqld.exe 0 0 0 normal D:\Program Files\MySQL\MySQL Server 5.1\bin
5f4 ServUDaemon.exe 0 0 0 normal C:\Program Files\Serv-U
610 burroguard.exe 0 0 0 normal D:\hch\qb\server
68c svchost.exe 0 0 0 normal C:\WINDOWS\System32
6b0 svchost.exe 0 0 0
9d8 svchost.exe 0 0 0 normal C:\WINDOWS\System32
ac0 alg.exe 0 0 0
b88 svchost.exe 0 0 0 normal C:\WINDOWS\System32
c04 csrss.exe 1 0 0
c20 winlogon.exe 1 41 15 high C:\WINDOWS\system32
cc8 rdpclip.exe 1 8 9 normal C:\WINDOWS\system32
d14 Explorer.EXE 1 196 112 normal C:\WINDOWS
d98 ctfmon.exe 1 18 11 normal C:\WINDOWS\system32
da0 DUMeter.exe 1 50 39 normal C:\Program Files\DU Meter
dac LedService.exe 1 74 64 normal D:\hch\LedService
af8 wmiprvse.exe 0 0 0
e1c logon.scr 0 0 0
16c burroservice.exe 0 0 0 normal D:\hch\qb\server
84c QQ.exe 1 376 117 normal D:\Program Files\Tencent\QQIntl\Bin
25c TXPlatform.exe 1 4 5 normal D:\Program Files\Tencent\QQIntl\Bin
574 conime.exe 1 11 9 normal C:\WINDOWS\system32
c98 w3wp.exe 0 0 0 normal c:\windows\system32\inetsrv
b0c Server.exe 1 117 93 normal C:\Documents and Settings\Administrator\桌面
cb8 csrss.exe 4 0 0
900 winlogon.exe 4 0 0 high C:\WINDOWS\system32
hardware:
+ DVD/CD-ROM 驱动器
- Msft Virtual CD/ROM
- Msft Virtual CD/ROM
+ IDE ATA/ATAPI 控制器
- Intel(R) 82371AB/EB PCI Bus Master IDE Controller
- 主要 IDE 通道
- 次要 IDE 通道
+ 人体学接口设备
- Microsoft Hyper-V Input
+ 声音、视频和游戏控制器
- 传统视频捕捉设备
- 传统音频驱动程序
- 媒体控制设备
- 视频编码解码器
- 音频编码解码器
+ 处理器
- Intel(R) Xeon(R) CPU L5640 @ 2.27GHz
- Intel(R) Xeon(R) CPU L5640 @ 2.27GHz
+ 显示卡
- Microsoft Hyper-V Video
+ 磁盘驱动器
- Virtual HD
- Virtual HD
+ 端口 (COM 和 LPT)
- 通信端口 (COM1)
- 通信端口 (COM2)
+ 系统设备
- ACPI Fixed Feature Button
- Direct memory access controller
- Intel 82371AB/EB PCI to ISA bridge (ISA mode)
- Intel 82443BX Pentium(R) II Processor to PCI Bridge
- ISAPNP Read Data Port
- Logical Disk Manager
- Microcode Update Device
- Microsoft ACPI-Compliant System
- Microsoft Hyper-V Data Exchange
- Microsoft Hyper-V Guest Shutdown
- Microsoft Hyper-V Heartbeat
- Microsoft Hyper-V S3 Cap
- Microsoft Hyper-V Storage Accelerator
- Microsoft Hyper-V Storage Accelerator
- Microsoft Hyper-V Time Synchronization
- Microsoft Hyper-V Virtual Machine Bus
- Microsoft Hyper-V Volume Shadow Copy
- Microsoft System Management BIOS Driver
- Motherboard resources
- Motherboard resources
- Numeric data processor
- PCI bus
- Plug and Play Software Device Enumerator
- Programmable interrupt controller
- System board
- System CMOS/real time clock
- System speaker
- System timer
- Volume Manager
- 控制台的全屏显示视频驱动程序
- 终端服务器设备重定向器
- 终端服务器键盘驱动程序
- 终端服务器鼠标驱动程序
+ 网络适配器
- Microsoft Hyper-V Network Adapter #4
- WAN 微型端口 (IP)
- WAN 微型端口 (L2TP)
- WAN 微型端口 (PPPOE)
- WAN 微型端口 (PPTP)
- 直接并口
+ 计算机
- ACPI Multiprocessor PC
+ 软盘控制器
- Standard floppy disk controller
+ 软盘驱动器
- 软盘驱动器
+ 键盘
- Standard 101/102-Key or Microsoft Natural PS/2 Keyboard
+ 鼠标和其它指针设备
- HID-compliant mouse
- Microsoft PS/2 Mouse
cpu registers:
eax = 010d3820
ebx = 0000000b
ecx = 00000000
edx = 001830e0
esi = 00000000
edi = 00000010
eip = 00525cc5
esp = 03f6fd68
ebp = 03f6fddc
stack dump:
03f6fd68 c5 5c 52 00 de fa ed 0e - 01 00 00 00 07 00 00 00 .\R.............
03f6fd78 7c fd f6 03 c5 5c 52 00 - 20 38 0d 01 0b 00 00 00 |....\R. 8......
03f6fd88 00 00 00 00 10 00 00 00 - dc fd f6 03 98 fd f6 03 ................
03f6fd98 40 38 0d 01 a6 fe f6 03 - c6 fe f6 03 e1 03 0a 01 @8..............
03f6fda8 70 1f 08 01 eb 95 67 00 - c6 fe f6 03 e1 03 0a 01 p.....g.........
03f6fdb8 ea 6c 52 00 00 00 00 00 - 00 00 00 00 d8 fd f6 03 .lR.............
03f6fdc8 3d 2e 52 00 00 00 00 00 - 00 00 00 00 e1 03 0a 00 =.R.............
03f6fdd8 40 38 0d 01 24 fe f6 03 - 86 99 67 00 c8 fe f6 03 @8..$.....g.....
03f6fde8 c6 fe f6 03 5e 80 0a 01 - 20 5f 67 00 d7 0b 00 00 ....^... _g.....
03f6fdf8 00 00 00 00 d7 0b 00 00 - 00 00 00 00 01 00 00 00 ................
03f6fe08 40 38 0d 01 11 00 00 00 - 00 00 00 00 e0 10 00 00 @8..............
03f6fe18 00 00 00 00 cf 10 00 00 - 00 00 00 00 c8 fe f6 03 ................
03f6fe28 39 9d 67 00 c8 fe f6 03 - 04 ff f6 03 40 92 40 00 9.g.........@.@.
03f6fe38 c8 fe f6 03 00 00 00 00 - f0 13 0e 01 20 5f 67 00 ............ _g.
03f6fe48 c9 8d 40 00 50 04 00 00 - 80 37 0d 01 70 1f 08 01 [email protected]...
03f6fe58 90 03 0a 01 08 00 00 00 - 02 00 00 00 01 00 00 00 ................
03f6fe68 02 00 00 00 10 00 00 00 - 04 00 00 00 11 00 00 00 ................
03f6fe78 14 00 00 00 00 00 00 00 - 52 67 40 00 2d 7e 00 00 [email protected]~..
03f6fe88 10 01 68 6d 48 54 00 00 - 00 00 00 00 00 00 00 00 ..hmHT..........
03f6fe98 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00 00 ................
disassembling:
[...]
006795d7 mov eax, [ebp+8]
006795da mov ecx, [eax-$5c]
006795dd mov eax, [ebp+8]
006795e0 lea edx, [eax-$22]
006795e3 mov eax, [ebp-4]
006795e6 > call -$153993 ($525c58) ; System.Classes.TStream.ReadBuffer
006795eb jmp loc_67960c
006795ed 1558 mov eax, [ebp+8]
006795f0 add eax, -$22
006795f3 mov [ebp-$10], eax
006795f6 mov eax, [ebp+8]
[...]