Old Forums - READ ONLY

InstantForum.NET v3.4

Home

Member List

» Projects

» Faibanx 3D

» Demo01 - Ragdoll Physics/Engin...

Welcome Guest ( Login or Register )

Active Topics |

Popular Topics

Demo01 - Ragdoll Physics/Engine Test available for download ...

Author

Message

Posted 8/20/2005 5:32 AM

Forum Guru

Group: Forum Members
Active: 3/18/2007
Posts: 30

Tested!

Machine: HP Pavilion zv6007us laptop
CPU: 2 GHZ (running full speed plugged in) Athlon 64 3200+ (Venice model)
Ram: 512 MB DDR 2700
Graphics card: Radeon Xpress 200M with it's own 128 MB of video ram
OS: Windows XP Home Edition, SP2

Well, I fired it up to see what I could see...

Normally running: 64 FPS
It starts losing FPS after 3 guys on the screen.

I got 9 or 10 before it dropped to like 3 FPS.

Adding guys who intersect in each other really kills it too.

Not sure what engine you are using, but it's pretty ineffecient or maybe simply too calculationally intensive for real time play in a fair sized world. But the physics is really nice at least, way better than Second Life's. However even with simple physics, SL is freaking slow. So I'm thinking you may have a heck of a time coming up with a faster engine. You may have to make sacrifices. I'll try this on my desktop 2500+ machine with a much faster graphics card when I get a chance.

UPDATE!

I tested again this time moving the bodies apart... I had more than 20 guys at a fairly solid 55-64 FPS.

It seems when they lay on top of each other, then you get the problems and if they intersect, then it really kills the engine.

IP Logged

Posted 8/25/2005 12:17 PM

Supreme Being

Group: Forum Members
Active: 1/8/2006
Posts: 194

this demo tops prettymuch any internet game ive ever played! its almost like the Interactive Buddy game but better!

-------------------------------------------------------------------------

Besides what you might think, I'm not dead... I'm back and my sarcasm is as biting as ever..... bwahahahahahaa

IP Logged

Posted 9/8/2005 7:14 AM

Forum Newbie

Group: Forum Members
Active: 9/8/2005
Posts: 1

alright, I tested it, body count 361: 10FPS

also the big thing that got me though... is the ragdoll when moved around alot, tends to spaz out and flop all over and eventually falls off, unable to be clicked or other wise stoped.

IP Logged

Posted 10/28/2005 9:40 AM

Supreme Being

Group: Forum Members
Active: 6/24/2007
Posts: 94

great work! *remebers the best ragdoll physics game, Freedom Fighter, and drools*

IP Logged

Posted 10/28/2005 2:54 PM

Forum Administrator

Group: Forum Members
Active: 6/18/2018
Posts: 1,755

I've got my new development system all set up again, so there's gonna be progress on F3D this weekend...maybe.

-------------------------------
Dinosorceror, Administrator
Lava Dome Five Enterprises

IP Logged

Posted 10/29/2005 2:46 PM

Supreme Being

Group: Forum Members
Active: 3/22/2011
Posts: 152

There better be, Dino, or else... I'll throw a brick at you. And don't think it'll be a soft throw, either.

Something more important than Patch's sentiments: SAVE the goddamned INTERNET!

IP Logged

Posted 1/21/2006 2:11 PM

Forum Newbie

Group: Forum Members
Active: 1/22/2006
Posts: 2

just downloaded and played around with it! Even slinging ragdolls around is fun! >.>; But anywhos~.

One Ragdoll: 66FPS

Five: 19-24FPS

eleven: 11FPS

twenty: 3FPS

^^; But that's with a fairly poor compy~. Best thing on here is mah Video card, GeForce 5500-256MB. So jah! So far, so excellent! ^~^ good works!

IP Logged

Posted 5/18/2006 1:29 PM

Forum Guru

Group: Forum Members
Active: 5/10/2007
Posts: 31

Hello.

i'm new to faibanx3d but when i checked out your physics engine i was quite impressed.

1 body=40 fps

5 bodys = 2 fps

thats as high as i could go.

also my comp specs are. yes please pitty me

Intel 566 mghz celeron

128 k secondary cache

191 megs sdram

15 gig hd

8 meg graphics intel 810 chip

56 k modem not in use

100\10 lan modem

Debugging info for you. when i was shutting down the prog it indicated to dr.watson that it had performed an invalid memory access. this is due to a small syntax error probably.

i do have one suggestion. make the game opensource on sourceforge there you can get all the help you need for free. plus it takes the work off your shoulders. and nice work. really loved the way i could release my anger on the little guy.

suggestion for body. change it to busters from the mythbusters heh and then watch as the simulations commence mwuhahahah.

poor buster. *picks up doll and smacks it around* weee i like this.

Swords? who needs swords, when you got big feet!

IP Logged

Posted 5/18/2006 8:31 PM

Forum Administrator

Group: Forum Members
Active: 6/18/2018
Posts: 1,755

Mmmm, a post like that is enough to revitalize my will to live, and to work on the project.

Well, allllmost enough. I'm still in a relative shitstorm of other stuff, but someday I'll work on it again...

-------------------------------
Dinosorceror, Administrator
Lava Dome Five Enterprises

IP Logged

Posted 5/19/2006 12:44 PM

Forum Guru

Group: Forum Members
Active: 5/10/2007
Posts: 31

heres a more precise crash info for you.
when i shut down the prog i did a advanced detail and it told me that. newton was writing to memory that did not exsist or has already claimed it.

this is a serious syntax problem i think you might like the info i provide

*----> Details <----*

Command line: "C:\My Documents\Faibanx 3D Demo 1\F3DRagdollDemo.exe"

Trap 0e 0000 - Invalid page fault

eax=0361a398 ebx=00000000 ecx=00f4f4dc edx=d6c1f680 esi=0a0acb20 edi=0361a360

eip=035e54d0 esp=00f4f4d0 ebp=00f4f504 -- -- -- nv up EI pl nz na po nc

cs=0167 ss=016f ds=016f es=016f fs=4e1f gs=0000

NEWTON.DLL:.text+0x444d0:

>0167:035e54d0 397e20 cmp dword ptr [esi+20],edi

sel type base lim/bot

---- ---- -------- --------

cs 0167 r-x- 00000000 ffffffff

ss 016f rw-e 00000000 000087a0

ds 016f rw-e 00000000 000087a0

es 016f rw-e 00000000 000087a0

fs 4e1f rw-- 818a3f48 00000037

gs 0000 ----

stack base: 00550000

TIB limits: 00f4a000 - 00f50000

-- exception record --

Exception Code: c0000005 (access violation)

Exception Address: 035e54d0 (NEWTON.DLL:.text+0x444d0)

Exception Info: 00000000

0a0acb40

NEWTON.DLL:.text+0x444d0:

>0167:035e54d0 397e20 cmp dword ptr [esi+20],edi

0167:035e54c7 0f8488000000 jz 035e5555 = NEWTON.DLL:.text+0x44555

0167:035e54cd 8d4900 lea ecx,[ecx]

NEWTON.DLL:.text+0x444d0:

*0167:035e54d0 397e20 cmp dword ptr [esi+20],edi

0167:035e54d3 7409 jz 035e54de = NEWTON.DLL:.text+0x444de

0167:035e54d5 8b760c mov esi,dword ptr [esi+0c]

0167:035e54d8 85f6 test esi,esi

0167:035e54da 75f4 jnz 035e54d0 = NEWTON.DLL:.text+0x444d0

0167:035e54dc eb77 jmp 035e5555 = NEWTON.DLL:.text+0x44555

0167:035e54de e81dfeffff call 035e5300 = NEWTON.DLL:.text+0x44300

0167:035e54e3 ff08 dec dword ptr [eax]

0167:035e54e5 8b4808 mov ecx,dword ptr [eax+08]

0167:035e54e8 3bf1 cmp esi,ecx

0167:035e54ea 7506 jnz 035e54f2 = NEWTON.DLL:.text+0x444f2

0167:035e54ec 8b490c mov ecx,dword ptr [ecx+0c]

0167:035e54ef 894808 mov dword ptr [eax+08],ecx

0167:035e54f2 8b4804 mov ecx,dword ptr [eax+04]

0167:035e54f5 3bf1 cmp esi,ecx

0167:035e54f7 7506 jnz 035e54ff = NEWTON.DLL:.text+0x444ff

0167:035e54f9 8b5110 mov edx,dword ptr [ecx+10]

0167:035e54fc 895004 mov dword ptr [eax+04],edx

0167:035e54ff 8b06 mov eax,dword ptr [esi]

0167:035e5501 8bce mov ecx,esi

0167:035e5503 ff500c call dword ptr [eax+0c]

0167:035e5506 8b4610 mov eax,dword ptr [esi+10]

0167:035e5509 85c0 test eax,eax

0167:035e550b 7406 jz 035e5513 = NEWTON.DLL:.text+0x44513

0167:035e550d 8b ?db 8b

0167:035e550e 4e dec esi

0167:035e550f 0c ?db 0c

0167:035e5510 page not present

--------------------

-- stack summary --

016f:00f4f504 0167:035e54d0 NEWTON.DLL:.text+0x444d0

(00000000,00000000,00000001,035e5ec1,

00000000,00f4f55c,035e5f67,035a0000)

016f:00f4f520 0167:035e93e3 NEWTON.DLL:.text+0x483e3

(035a0000,00000000,00000000,00000000,

035a0000,818a3f84,00000001,00f4f534)

016f:00f4f55c 0167:035e5f67 NEWTON.DLL:.text+0x44f67

(035a0000,00000000,00000000,00000000,

035a0000,818a3f84,00000005,00000000)

016f:00f4f724 0167:bff7ddd6 KERNEL32.DLL:.text+0x4dd6

(818dcb88,00000000,00000000,bff76da8,

00000003,bff8e0cd,bff8e0a4,00000003)

016f:818dcb9c 0167:bff8e01c KERNEL32.DLL:.text+0x1501c

(818caea0,a0000045,818d52bc,818ca9d4,

00000000,00000000,00000000,00000020)

-- stack trace --

016f:00f4f504 0167:035e54d0 NEWTON.DLL:.text+0x444d0

(00000000,00000000,00000001,035e5ec1,

00000000,00f4f55c,035e5f67,035a0000)

0167:035e54c7 0f8488000000 jz 035e5555 = NEWTON.DLL:.text+0x44555

0167:035e54cd 8d4900 lea ecx,[ecx]

NEWTON.DLL:.text+0x444d0:

*0167:035e54d0 397e20 cmp dword ptr [esi+20],edi

0167:035e54d3 7409 jz 035e54de = NEWTON.DLL:.text+0x444de

0167:035e54d5 8b760c mov esi,dword ptr [esi+0c]

0167:035e54d8 85f6 test esi,esi

0167:035e54da 75f4 jnz 035e54d0 = NEWTON.DLL:.text+0x444d0

0167:035e54dc eb77 jmp 035e5555 = NEWTON.DLL:.text+0x44555

0167:035e54de e81dfeffff call 035e5300 = NEWTON.DLL:.text+0x44300

0167:035e54e3 ff08 dec dword ptr [eax]

0167:035e54e5 8b4808 mov ecx,dword ptr [eax+08]

0167:035e54e8 3bf1 cmp esi,ecx

0167:035e54ea 7506 jnz 035e54f2 = NEWTON.DLL:.text+0x444f2

0167:035e54ec 8b490c mov ecx,dword ptr [ecx+0c]

0167:035e54ef 894808 mov dword ptr [eax+08],ecx

0167:035e54f2 8b4804 mov ecx,dword ptr [eax+04]

0167:035e54f5 3bf1 cmp esi,ecx

0167:035e54f7 7506 jnz 035e54ff = NEWTON.DLL:.text+0x444ff

0167:035e54f9 8b5110 mov edx,dword ptr [ecx+10]

0167:035e54fc 895004 mov dword ptr [eax+04],edx

0167:035e54ff 8b06 mov eax,dword ptr [esi]

0167:035e5501 8bce mov ecx,esi

0167:035e5503 ff500c call dword ptr [eax+0c]

0167:035e5506 8b4610 mov eax,dword ptr [esi+10]

0167:035e5509 85c0 test eax,eax

0167:035e550b 7406 jz 035e5513 = NEWTON.DLL:.text+0x44513

0167:035e550d 8b ?db 8b

0167:035e550e 4e dec esi

0167:035e550f 0c ?db 0c

0167:035e5510 page not present

--------------------

016f:00f4f520 0167:035e93e3 NEWTON.DLL:.text+0x483e3

(035a0000,00000000,00000000,00000000,

035a0000,818a3f84,00000001,00f4f534)

0167:035e93d8 6a01 push +01

0167:035e93da 6a00 push +00

0167:035e93dc 6a00 push +00

0167:035e93de e823ffffff call 035e9306 = NEWTON.DLL:.text+0x48306

NEWTON.DLL:.text+0x483e3:

*0167:035e93e3 83c40c add esp,+0c

0167:035e93e6 c3 retd

0167:035e93e7 83ec44 sub esp,+44

0167:035e93ea 6800010000 push 00000100

0167:035e93ef e8e3c4ffff call 035e58d7 = NEWTON.DLL:.text+0x448d7

0167:035e93f4 85c0 test eax,eax

0167:035e93f6 59 pop ecx

0167:035e93f7 7508 jnz 035e9401 = NEWTON.DLL:.text+0x48401

0167:035e93f9 83c8ff or eax,-01

0167:035e93fc e98d010000 jmp 035e958e = NEWTON.DLL:.text+0x4858e

0167:035e9401 a3a0b96103 mov dword ptr [0361b9a0],eax

0167:035e9406 c70584b9610320000000 mov dword ptr [0361b984],00000020

0167:035e9410 8d8800010000 lea ecx,[eax+00000100]

0167:035e9416 eb1a jmp 035e9432 = NEWTON.DLL:.text+0x48432

0167:035e9418 8308ff or dword ptr [eax],-01

0167:035e941b c6400400 mov byte ptr [eax+04],00

0167:035e941f c6 ?db c6

0167:035e9420 40 inc eax

0167:035e9421 05 ?db 05

0167:035e9422 0a ?db 0a

0167:035e9423 page not present

--------------------

016f:00f4f55c 0167:035e5f67 NEWTON.DLL:.text+0x44f67

(035a0000,00000000,00000000,00000000,

035a0000,818a3f84,00000005,00000000)

0167:035e5f5d 53 push ebx

0167:035e5f5e 56 push esi

0167:035e5f5f ff7508 push dword ptr [ebp+08]

0167:035e5f62 e85bfeffff call 035e5dc2 = NEWTON.DLL:.text+0x44dc2

NEWTON.DLL:.text+0x44f67:

*0167:035e5f67 85c0 test eax,eax

0167:035e5f69 7503 jnz 035e5f6e = NEWTON.DLL:.text+0x44f6e

0167:035e5f6b 897de4 mov dword ptr [ebp-1c],edi

0167:035e5f6e 397de4 cmp dword ptr [ebp-1c],edi

0167:035e5f71 7413 jz 035e5f86 = NEWTON.DLL:.text+0x44f86

0167:035e5f73 a1e0ba6103 mov eax,dword ptr [0361bae0]

0167:035e5f78 3bc7 cmp eax,edi

0167:035e5f7a 740a jz 035e5f86 = NEWTON.DLL:.text+0x44f86

0167:035e5f7c 53 push ebx

0167:035e5f7d 56 push esi

0167:035e5f7e ff7508 push dword ptr [ebp+08]

0167:035e5f81 ffd0 call eax

0167:035e5f83 8945e4 mov dword ptr [ebp-1c],eax

0167:035e5f86 834dfcff or dword ptr [ebp-04],-01

0167:035e5f8a 8b45e4 mov eax,dword ptr [ebp-1c]

0167:035e5f8d eb1a jmp 035e5fa9 = NEWTON.DLL:.text+0x44fa9

0167:035e5f8f 8b45ec mov eax,dword ptr [ebp-14]

0167:035e5f92 8b08 mov ecx,dword ptr [eax]

0167:035e5f94 8b09 mov ecx,dword ptr [ecx]

0167:035e5f96 50 push eax

0167:035e5f97 51 push ecx

0167:035e5f98 e8083c0000 call 035e9ba5 = NEWTON.DLL:.text+0x48ba5

0167:035e5f9d 59 pop ecx

0167:035e5f9e 59 pop ecx

0167:035e5f9f c3 retd

0167:035e5fa0 8b65e8 mov esp,dword ptr [ebp-18]

0167:035e5fa3 83 ?db 83

0167:035e5fa4 4d dec ebp

0167:035e5fa5 fc cld

0167:035e5fa6 ff ?db ff

0167:035e5fa7 page not present

--------------------

016f:00f4f724 0167:bff7ddd6 KERNEL32.DLL:.text+0x4dd6

(818dcb88,00000000,00000000,bff76da8,

00000003,bff8e0cd,bff8e0a4,00000003)

0167:bff7ddca ff7510 push dword ptr [ebp+10]

0167:bff7ddcd ff750c push dword ptr [ebp+0c]

0167:bff7ddd0 56 push esi

0167:bff7ddd1 e84365ffff call bff74319 = KERNEL32.DLL:_FREQASM+0x3319

KERNEL32.DLL:.text+0x4dd6:

*0167:bff7ddd6 83f801 cmp eax,+01

0167:bff7ddd9 1bc0 sbb eax,eax

0167:bff7dddb 83e003 and eax,+03

0167:bff7ddde 8945e4 mov dword ptr [ebp-1c],eax

0167:bff7dde1 2965e0 sub dword ptr [ebp-20],esp

0167:bff7dde4 0365e0 add esp,dword ptr [ebp-20]

0167:bff7dde7 5f pop edi

0167:bff7dde8 5e pop esi

0167:bff7dde9 5b pop ebx

0167:bff7ddea 837de000 cmp dword ptr [ebp-20],+00

0167:bff7ddee 7407 jz bff7ddf7 = KERNEL32.DLL:.text+0x4df7

0167:bff7ddf0 c745e402000000 mov dword ptr [ebp-1c],00000002

0167:bff7ddf7 ff75d4 push dword ptr [ebp-2c]

0167:bff7ddfa e8b9000000 call bff7deb8 = KERNEL32.DLL:.text+0x4eb8

0167:bff7ddff eb25 jmp bff7de26 = KERNEL32.DLL:.text+0x4e26

0167:bff7de01 8b45ec mov eax,dword ptr [ebp-14]

0167:bff7de04 8945d8 mov dword ptr [ebp-28],eax

0167:bff7de07 ff75d8 push dword ptr [ebp-28]

0167:bff7de0a e825fd0100 call bff9db34 = KERNEL32.DLL!UnhandledExceptionFilter

0167:bff7de0f c3 retd

0167:bff7de10 8b65e8 mov esp,dword ptr [ebp-18]

0167:bff7de13 c7 ?db c7

0167:bff7de14 45 inc ebp

0167:bff7de15 e4 ?db e4

0167:bff7de16 page not present

--------------------

016f:818dcb9c 0167:bff8e01c KERNEL32.DLL:.text+0x1501c

(818caea0,a0000045,818d52bc,818ca9d4,

00000000,00000000,00000000,00000020)

0167:bff8e012 6a00 push +00

0167:bff8e014 6a00 push +00

0167:bff8e016 53 push ebx

0167:bff8e017 e816fdfeff call bff7dd32 = KERNEL32.DLL:.text+0x4d32

KERNEL32.DLL:.text+0x1501c:

*0167:bff8e01c 8bf0 mov esi,eax

0167:bff8e01e 668b4500 mov ax,word ptr [ebp]

0167:bff8e022 6625feff and ax,fffe

0167:bff8e026 66894500 mov word ptr [ebp],ax

0167:bff8e02a a804 test al,04

0167:bff8e02c 7415 jz bff8e043 = KERNEL32.DLL:.text+0x15043

0167:bff8e02e 8b0d249cfcbf mov ecx,dword ptr [bffc9c24]

0167:bff8e034 0fbf4310 movsx eax,word ptr [ebx+10]

0167:bff8e038 8b1481 mov edx,dword ptr [ecx+eax*4]

0167:bff8e03b ff7204 push dword ptr [edx+04]

0167:bff8e03e e8cc700000 call bff9510f = KERNEL32.DLL:.text+0x1c10f

0167:bff8e043 a1249cfcbf mov eax,dword ptr [bffc9c24]

0167:bff8e048 0fbf4b10 movsx ecx,word ptr [ebx+10]

0167:bff8e04c 8b1c88 mov ebx,dword ptr [eax+ecx*4]

0167:bff8e04f 66837b2a01 cmp word ptr [ebx+2a],+01

0167:bff8e054 7510 jnz bff8e066 = KERNEL32.DLL:.text+0x15066

0167:bff8e056 f60304 test byte ptr [ebx],04

0167:bff8e059 740b jz bff8e066 = KERNEL32.DLL:.text+0x15066

0167:bff8e05b 53 ?db 53

0167:bff8e05c page not present

--------------------

-- stack dump --

00f4f4d0 00000000

00f4f4d4 0361a360 = NEWTON.DLL:.data+0x1d360

-> 58 41 5f 03 01 00 00 00 00 00 00 00 00 00 10 00 XA_.............

...

00f4f4dc 00f4f54c -> 14 f7 f4 00 04 64 5e 03 d0 41 5f 03 00 00 00 00 .....d^..A_.....

00f4f4e0 035f2168 = NEWTON.DLL:.text+0x51168

-> b8 08 9b 5f 03 e9 38 38 ff ff cc cc cc cc cc cc ..._..88........

00f4f4e4 00000000

00f4f4e8 035e0e28 = NEWTON.DLL:.text+0x3fe28

--------------------

0167:035e0e1f cc int 3

0167:035e0e20 56 push esi

0167:035e0e21 8bf1 mov esi,ecx

0167:035e0e23 e808000000 call 035e0e30 = NEWTON.DLL:.text+0x3fe30

NEWTON.DLL:.text+0x3fe28:

*0167:035e0e28 8bc6 mov eax,esi

0167:035e0e2a 5e pop esi

0167:035e0e2b c20400 retd 0004

0167:035e0e2e cc int 3

0167:035e0e2f cc int 3

0167:035e0e30 c70114405f03 mov dword ptr [ecx],035f4014

0167:035e0e36 e945460000 jmp 035e5480 = NEWTON.DLL:.text+0x44480

0167:035e0e3b cc int 3

0167:035e0e3c cc int 3

0167:035e0e3d cc int 3

0167:035e0e3e cc int 3

0167:035e0e3f cc int 3

0167:035e0e40 64a100000000 mov eax,dword ptr fs:[00000000]

0167:035e0e46 8a0d80a36103 mov cl,byte ptr [0361a380]

0167:035e0e4c 6aff push -01

0167:035e0e4e 68fe1f5f03 push 035f1ffe

0167:035e0e53 50 push eax

0167:035e0e54 b801000000 mov eax,00000001

0167:035e0e59 84c8 test al,cl

0167:035e0e5b 64892500000000 mov dword ptr fs:[00000000],esp

0167:035e0e62 7525 jnz 035e0e89 = NEWTON.DLL:.text+0x3fe89

0167:035e0e64 09 ?db 09

0167:035e0e65 05 ?db 05

0167:035e0e66 80 ?db 80

0167:035e0e67 a3 ?db a3

0167:035e0e68 page not present

--------------------

00f4f4ec 00000001

00f4f4f0 035f2470 = NEWTON.DLL:.text+0x51470

--------------------

0167:035f2467 7507 jnz 035f2470 = NEWTON.DLL:.text+0x51470

0167:035f2469 8b01 mov eax,dword ptr [ecx]

0167:035f246b 6a01 push +01

0167:035f246d ff5018 call dword ptr [eax+18]

NEWTON.DLL:.text+0x51470:

*0167:035f2470 c3 retd

0167:035f2471 cc int 3

0167:035f2472 cc int 3

0167:035f2473 cc int 3

0167:035f2474 cc int 3

0167:035f2475 cc int 3

0167:035f2476 cc int 3

0167:035f2477 cc int 3

0167:035f2478 cc int 3

0167:035f2479 cc int 3

0167:035f247a cc int 3

0167:035f247b cc int 3

0167:035f247c cc int 3

0167:035f247d cc int 3

0167:035f247e cc int 3

0167:035f247f cc int 3

0167:035f2480 b998a36103 mov ecx,0361a398

0167:035f2485 e9662effff jmp 035e52f0 = NEWTON.DLL:.text+0x442f0

0167:035f248a 0000 add byte ptr [eax],al

0167:035f248c 0000 add byte ptr [eax],al

0167:035f248e 0000 add byte ptr [eax],al

0167:035f2490 0000 add byte ptr [eax],al

0167:035f2492 0000 add byte ptr [eax],al

0167:035f2494 0000 add byte ptr [eax],al

0167:035f2496 0000 add byte ptr [eax],al

0167:035f2498 0000 add byte ptr [eax],al

0167:035f249a 0000 add byte ptr [eax],al

0167:035f249c 0000 add byte ptr [eax],al

0167:035f249e 0000 add byte ptr [eax],al

0167:035f24a0 0000 add byte ptr [eax],al

0167:035f24a2 0000 add byte ptr [eax],al

0167:035f24a4 0000 add byte ptr [eax],al

0167:035f24a6 0000 add byte ptr [eax],al

0167:035f24a8 0000 add byte ptr [eax],al

0167:035f24aa 0000 add byte ptr [eax],al

0167:035f24ac 0000 add byte ptr [eax],al

0167:035f24ae 00 ?db 00

--------------------

00f4f4f4 00000001

00f4f4f8 035e9358 = NEWTON.DLL:.text+0x48358

--------------------

0167:035e9350 8b00 mov eax,dword ptr [eax]

0167:035e9352 85c0 test eax,eax

0167:035e9354 7402 jz 035e9358 = NEWTON.DLL:.text+0x48358

0167:035e9356 ffd0 call eax

NEWTON.DLL:.text+0x48358:

*0167:035e9358 a1a4ba6103 mov eax,dword ptr [0361baa4]

0167:035e935d 83e804 sub eax,+04

0167:035e9360 3b05a8ba6103 cmp eax,dword ptr [0361baa8]

0167:035e9366 a3a4ba6103 mov dword ptr [0361baa4],eax

0167:035e936b 73e3 jnc 035e9350 = NEWTON.DLL:.text+0x48350

0167:035e936d b874d05f03 mov eax,035fd074

0167:035e9372 be7cd05f03 mov esi,035fd07c

0167:035e9377 3bc6 cmp eax,esi

0167:035e9379 8bf8 mov edi,eax

0167:035e937b 730f jnc 035e938c = NEWTON.DLL:.text+0x4838c

0167:035e937d 8b07 mov eax,dword ptr [edi]

0167:035e937f 85c0 test eax,eax

0167:035e9381 7402 jz 035e9385 = NEWTON.DLL:.text+0x48385

0167:035e9383 ffd0 call eax

0167:035e9385 83c704 add edi,+04

0167:035e9388 3bfe cmp edi,esi

0167:035e938a 72f1 jc 035e937d = NEWTON.DLL:.text+0x4837d

0167:035e938c b880d05f03 mov eax,035fd080

0167:035e9391 be88d05f03 mov esi,035fd088

0167:035e9396 3b ?db 3b

0167:035e9397 c6 ?db c6

0167:035e9398 page not present

--------------------

00f4f4fc 00000000

...

00f4f504 00f4f520 -> 5c f5 f4 00 67 5f 5e 03 00 00 5a 03 00 00 00 00 \...g_^...Z.....

00f4f508 035e93e3 = NEWTON.DLL:.text+0x483e3

--------------------

0167:035e93d8 6a01 push +01

0167:035e93da 6a00 push +00

0167:035e93dc 6a00 push +00

0167:035e93de e823ffffff call 035e9306 = NEWTON.DLL:.text+0x48306

NEWTON.DLL:.text+0x483e3:

*0167:035e93e3 83c40c add esp,+0c

0167:035e93e6 c3 retd

0167:035e93e7 83ec44 sub esp,+44

0167:035e93ea 6800010000 push 00000100

0167:035e93ef e8e3c4ffff call 035e58d7 = NEWTON.DLL:.text+0x448d7

0167:035e93f4 85c0 test eax,eax

0167:035e93f6 59 pop ecx

0167:035e93f7 7508 jnz 035e9401 = NEWTON.DLL:.text+0x48401

0167:035e93f9 83c8ff or eax,-01

0167:035e93fc e98d010000 jmp 035e958e = NEWTON.DLL:.text+0x4858e

0167:035e9401 a3a0b96103 mov dword ptr [0361b9a0],eax

0167:035e9406 c70584b9610320000000 mov dword ptr [0361b984],00000020

0167:035e9410 8d8800010000 lea ecx,[eax+00000100]

0167:035e9416 eb1a jmp 035e9432 = NEWTON.DLL:.text+0x48432

0167:035e9418 8308ff or dword ptr [eax],-01

0167:035e941b c6400400 mov byte ptr [eax+04],00

0167:035e941f c6 ?db c6

0167:035e9420 40 inc eax

0167:035e9421 05 ?db 05

0167:035e9422 0a ?db 0a

0167:035e9423 page not present

--------------------

00f4f50c 00000000

...

00f4f514 00000001

00f4f518 035e5ec1 = NEWTON.DLL:.text+0x44ec1

--------------------

0167:035e5eb4 393544a46103 cmp dword ptr [0361a444],esi

0167:035e5eba 7505 jnz 035e5ec1 = NEWTON.DLL:.text+0x44ec1

0167:035e5ebc e817350000 call 035e93d8 = NEWTON.DLL:.text+0x483d8

NEWTON.DLL:.text+0x44ec1:

*0167:035e5ec1 e8cc360000 call 035e9592 = NEWTON.DLL:.text+0x48592

0167:035e5ec6 e8d61e0000 call 035e7da1 = NEWTON.DLL:.text+0x46da1

0167:035e5ecb ebc0 jmp 035e5e8d = NEWTON.DLL:.text+0x44e8d

0167:035e5ecd 6a0c push +0c

0167:035e5ecf 68d0415f03 push 035f41d0

0167:035e5ed4 e8e73c0000 call 035e9bc0 = NEWTON.DLL:.text+0x48bc0

0167:035e5ed9 33c0 xor eax,eax

0167:035e5edb 40 inc eax

0167:035e5edc 8945e4 mov dword ptr [ebp-1c],eax

0167:035e5edf 8b750c mov esi,dword ptr [ebp+0c]

0167:035e5ee2 33ff xor edi,edi

0167:035e5ee4 3bf7 cmp esi,edi

0167:035e5ee6 750c jnz 035e5ef4 = NEWTON.DLL:.text+0x44ef4

0167:035e5ee8 393db8a36103 cmp dword ptr [0361a3b8],edi

0167:035e5eee 0f84b3000000 jz 035e5fa7 = NEWTON.DLL:.text+0x44fa7

0167:035e5ef4 897dfc mov dword ptr [ebp-04],edi

0167:035e5ef7 3bf0 cmp esi,eax

0167:035e5ef9 7405 jz 035e5f00 = NEWTON.DLL:.text+0x44f00

0167:035e5efb 83fe02 cmp esi,+02

0167:035e5efe 7531 jnz 035e5f31 = NEWTON.DLL:.text+0x44f31

0167:035e5f00 a1 ?db a1

0167:035e5f01 page not present

--------------------

00f4f51c 00000000

00f4f520 00f4f55c -> 24 f7 f4 00 d6 dd f7 bf 00 00 5a 03 00 00 00 00 $.........Z.....

00f4f524 035e5f67 = NEWTON.DLL:.text+0x44f67

--------------------

0167:035e5f5d 53 push ebx

0167:035e5f5e 56 push esi

0167:035e5f5f ff7508 push dword ptr [ebp+08]

0167:035e5f62 e85bfeffff call 035e5dc2 = NEWTON.DLL:.text+0x44dc2

NEWTON.DLL:.text+0x44f67:

*0167:035e5f67 85c0 test eax,eax

0167:035e5f69 7503 jnz 035e5f6e = NEWTON.DLL:.text+0x44f6e

0167:035e5f6b 897de4 mov dword ptr [ebp-1c],edi

0167:035e5f6e 397de4 cmp dword ptr [ebp-1c],edi

0167:035e5f71 7413 jz 035e5f86 = NEWTON.DLL:.text+0x44f86

0167:035e5f73 a1e0ba6103 mov eax,dword ptr [0361bae0]

0167:035e5f78 3bc7 cmp eax,edi

0167:035e5f7a 740a jz 035e5f86 = NEWTON.DLL:.text+0x44f86

0167:035e5f7c 53 push ebx

0167:035e5f7d 56 push esi

0167:035e5f7e ff7508 push dword ptr [ebp+08]

0167:035e5f81 ffd0 call eax

0167:035e5f83 8945e4 mov dword ptr [ebp-1c],eax

0167:035e5f86 834dfcff or dword ptr [ebp-04],-01

0167:035e5f8a 8b45e4 mov eax,dword ptr [ebp-1c]

0167:035e5f8d eb1a jmp 035e5fa9 = NEWTON.DLL:.text+0x44fa9

0167:035e5f8f 8b45ec mov eax,dword ptr [ebp-14]

0167:035e5f92 8b08 mov ecx,dword ptr [eax]

0167:035e5f94 8b09 mov ecx,dword ptr [ecx]

0167:035e5f96 50 push eax

0167:035e5f97 51 push ecx

0167:035e5f98 e8083c0000 call 035e9ba5 = NEWTON.DLL:.text+0x48ba5

0167:035e5f9d 59 pop ecx

0167:035e5f9e 59 pop ecx

0167:035e5f9f c3 retd

0167:035e5fa0 8b65e8 mov esp,dword ptr [ebp-18]

0167:035e5fa3 83 ?db 83

0167:035e5fa4 4d dec ebp

0167:035e5fa5 fc cld

0167:035e5fa6 ff ?db ff

0167:035e5fa7 page not present

--------------------

00f4f528 035a0000 = NEWTON.DLL+0x0

-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............

00f4f52c 00000000

...

00f4f538 035a0000 = NEWTON.DLL+0x0

-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............

00f4f53c 818a3f84 -> 18 00 00 00 03 01 00 00 1f 4e 00 00 00 00 00 00 .........N......

00f4f540 00000001

00f4f544 00f4f534 -> 00 00 00 00 00 00 5a 03 84 3f 8a 81 01 00 00 00 ......Z..?......

00f4f548 00f4f300 -> d8 f3 f4 00 f4 f3 f4 00 2c f3 f4 00 49 68 f7 bf ........,...Ih..

00f4f54c 00f4f714 -> a0 fd f4 00 b4 05 fc bf 98 91 f7 bf 00 00 00 00 ................

00f4f550 035e6404 = NEWTON.DLL:.text+0x45404

-> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E

00f4f554 035f41d0 = NEWTON.DLL:.rdata+0x11d0

-> ff ff ff ff 8f 5f 5e 03 a0 5f 5e 03 00 00 00 00 ....._^.._^.....

00f4f558 00000000

00f4f55c 00f4f724 -> 9c cb 8d 81 1c e0 f8 bf 88 cb 8d 81 00 00 00 00 ................

00f4f560 bff7ddd6 = KERNEL32.DLL:.text+0x4dd6

--------------------

0167:bff7ddca ff7510 push dword ptr [ebp+10]

0167:bff7ddcd ff750c push dword ptr [ebp+0c]

0167:bff7ddd0 56 push esi

0167:bff7ddd1 e84365ffff call bff74319 = KERNEL32.DLL:_FREQASM+0x3319

KERNEL32.DLL:.text+0x4dd6:

*0167:bff7ddd6 83f801 cmp eax,+01

0167:bff7ddd9 1bc0 sbb eax,eax

0167:bff7dddb 83e003 and eax,+03

0167:bff7ddde 8945e4 mov dword ptr [ebp-1c],eax

0167:bff7dde1 2965e0 sub dword ptr [ebp-20],esp

0167:bff7dde4 0365e0 add esp,dword ptr [ebp-20]

0167:bff7dde7 5f pop edi

0167:bff7dde8 5e pop esi

0167:bff7dde9 5b pop ebx

0167:bff7ddea 837de000 cmp dword ptr [ebp-20],+00

0167:bff7ddee 7407 jz bff7ddf7 = KERNEL32.DLL:.text+0x4df7

0167:bff7ddf0 c745e402000000 mov dword ptr [ebp-1c],00000002

0167:bff7ddf7 ff75d4 push dword ptr [ebp-2c]

0167:bff7ddfa e8b9000000 call bff7deb8 = KERNEL32.DLL:.text+0x4eb8

0167:bff7ddff eb25 jmp bff7de26 = KERNEL32.DLL:.text+0x4e26

0167:bff7de01 8b45ec mov eax,dword ptr [ebp-14]

0167:bff7de04 8945d8 mov dword ptr [ebp-28],eax

0167:bff7de07 ff75d8 push dword ptr [ebp-28]

0167:bff7de0a e825fd0100 call bff9db34 = KERNEL32.DLL!UnhandledExceptionFilter

0167:bff7de0f c3 retd

0167:bff7de10 8b65e8 mov esp,dword ptr [ebp-18]

0167:bff7de13 c7 ?db c7

0167:bff7de14 45 inc ebp

0167:bff7de15 e4 ?db e4

0167:bff7de16 page not present

--------------------

00f4f564 035a0000 = NEWTON.DLL+0x0

-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............

00f4f568 00000000

...

00f4f574 035a0000 = NEWTON.DLL+0x0

-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............

00f4f578 818a3f84 -> 18 00 00 00 03 01 00 00 1f 4e 00 00 00 00 00 00 .........N......

00f4f57c 00000005

00f4f580 00000000

00f4f584 818dcb88 -> a4 95 89 81 74 b1 89 81 00 00 00 00 00 00 00 00 ....t...........

00f4f588 c15f6d10 -> 01 00 00 00 40 3f 8a 81 24 97 89 81 c0 bd 59 c1 ....@?..$.....Y.

00f4f58c 8185e1e0 -> 02 00 00 00 1c e0 85 81 ff ff ff ff 20 e2 85 81 ............ ...

00f4f590 c15f6d10 -> 01 00 00 00 40 3f 8a 81 24 97 89 81 c0 bd 59 c1 ....@?..$.....Y.

00f4f594 8189c730 -> d8 44 8b 81 18 08 8b 81 cc cc cc cc cc cc cc cc .D..............

00f4f598 00000000

00f4f59c 8189c732 -> 8b 81 18 08 8b 81 cc cc cc cc cc cc cc cc cc cc ................

00f4f5a0 c15f6d10 -> 01 00 00 00 40 3f 8a 81 24 97 89 81 c0 bd 59 c1 ....@?..$.....Y.

00f4f5a4 bff71826 = KERNEL32.DLL:_FREQASM+0x826

--------------------

0167:bff717e6 e89cfcbf8b call 4bb71487

0167:bff717eb 0039 add byte ptr [ecx],bh

0167:bff717ed 059894fcbf add eax,bffc9498

0167:bff717f2 7415 jz bff71809 = KERNEL32.DLL:_FREQASM+0x809

0167:bff717f4 8b157094fcbf mov edx,dword ptr [bffc9470]

0167:bff717fa e8fc290000 call bff741fb = KERNEL32.DLL:_FREQASM+0x31fb

0167:bff717ff 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff

0167:bff71809 c3 retd

0167:bff7180a 52 push edx

0167:bff7180b 50 push eax

0167:bff7180c a1e89cfcbf mov eax,dword ptr [bffc9ce8]

0167:bff71811 8b00 mov eax,dword ptr [eax]

0167:bff71813 39059894fcbf cmp dword ptr [bffc9498],eax

0167:bff71819 7413 jz bff7182e = KERNEL32.DLL:_FREQASM+0x82e

0167:bff7181b 8b157094fcbf mov edx,dword ptr [bffc9470]

0167:bff71821 e891290000 call bff741b7 = KERNEL32.DLL:_FREQASM+0x31b7

KERNEL32.DLL:_FREQASM+0x826:

*0167:bff71826 6664ff051e000000 inc word ptr fs:[0000001e]

0167:bff7182e 58 pop eax

0167:bff7182f 5a pop edx

0167:bff71830 c3 retd

0167:bff71831 ff7316 push dword ptr [ebx+16]

0167:bff71834 ff731a push dword ptr [ebx+1a]

0167:bff71837 ff731e push dword ptr [ebx+1e]

0167:bff7183a ff7322 push dword ptr [ebx+22]

0167:bff7183d 8b157094fcbf mov edx,dword ptr [bffc9470]

0167:bff71843 e8b3290000 call bff741fb = KERNEL32.DLL:_FREQASM+0x31fb

0167:bff71848 6664c7051e000000ffff mov word ptr fs:[0000001e],ffff

0167:bff71852 ff5326 call dword ptr [ebx+26]

0167:bff71855 8b157094fcbf mov edx,dword ptr [bffc9470]

0167:bff7185b e857290000 call bff741b7 = KERNEL32.DLL:_FREQASM+0x31b7

0167:bff71860 66 ?db 66

0167:bff71861 64 ?db 64

0167:bff71862 ff ?db ff

0167:bff71863 05 ?db 05

0167:bff71864 1e push ds

0167:bff71865 00 ?db 00

0167:bff71866 page not present

--------------------

00f4f5a8 00000000

00f4f5ac 00f4f5e0 -> 08 f6 f4 00 9c 46 f7 bf 00 e0 08 82 00 00 00 00 .....F..........

00f4f5b0 81809280 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00f4f5b4 820989bc -> 07 03 dd 01 4f 1c 00 00 ec 17 cf 01 b1 50 cf 17 ....O........P..

00f4f5b8 c15f6d10 -> 01 00 00 00 40 3f 8a 81 24 97 89 81 c0 bd 59 c1 ....@?..$.....Y.

00f4f5bc 00f4f5e0 -> 08 f6 f4 00 9c 46 f7 bf 00 e0 08 82 00 00 00 00 .....F..........

00f4f5c0 bff7a10e = KERNEL32.DLL:.text+0x110e

--------------------

0167:bff7a0ff 750d jnz bff7a10e = KERNEL32.DLL:.text+0x110e

0167:bff7a101 ff704c push dword ptr [eax+4c]

0167:bff7a104 e8e5a1ffff call bff742ee = KERNEL32.DLL:_FREQASM+0x32ee

0167:bff7a109 e83e010000 call bff7a24c = KERNEL32.DLL:.text+0x124c

KERNEL32.DLL:.text+0x110e:

*0167:bff7a10e c20800 retd 0008

0167:bff7a111 53 push ebx

0167:bff7a112 56 push esi

0167:bff7a113 8b742410 mov esi,dword ptr [esp+10]

0167:bff7a117 57 push edi

0167:bff7a118 8b7c2418 mov edi,dword ptr [esp+18]

0167:bff7a11c 55 push ebp

0167:bff7a11d ba00001000 mov edx,00100000

0167:bff7a122 8d1c3e lea ebx,[esi+edi]

0167:bff7a125 8b03 mov eax,dword ptr [ebx]

0167:bff7a127 a801 test al,01

0167:bff7a129 7425 jz bff7a150 = KERNEL32.DLL:.text+0x1150

0167:bff7a12b 25fcffff0f and eax,0ffffffc

0167:bff7a130 8b5308 mov edx,dword ptr [ebx+08]

0167:bff7a133 03f8 add edi,eax

0167:bff7a135 8b4b04 mov ecx,dword ptr [ebx+04]

0167:bff7a138 895108 mov dword ptr [ecx+08],edx

0167:bff7a13b 8b5308 mov edx,dword ptr [ebx+08]

0167:bff7a13e 8b4304 mov eax,dword ptr [ebx+04]

0167:bff7a141 894204 mov dword ptr [edx+04],eax

0167:bff7a144 8d930b100000 lea edx,[ebx+0000100b]

0167:bff7a14a c1ea0c shr edx,0c

0167:bff7a14d 8d ?db 8d

0167:bff7a14e page not present

--------------------

00f4f5c4 bff7b326 = KERNEL32.DLL:.text+0x2326

--------------------

0167:bff7b318 e8f4edffff call bff7a111 = KERNEL32.DLL:.text+0x1111

0167:bff7b31d ff750c push dword ptr [ebp+0c]

0167:bff7b320 56 push esi

0167:bff7b321 e8caedffff call bff7a0f0 = KERNEL32.DLL:.text+0x10f0

KERNEL32.DLL:.text+0x2326:

*0167:bff7b326 b801000000 mov eax,00000001

0167:bff7b32b 5f pop edi

0167:bff7b32c 5e pop esi

0167:bff7b32d 5b pop ebx

0167:bff7b32e 8be5 mov esp,ebp

0167:bff7b330 5d pop ebp

0167:bff7b331 c20c00 retd 000c

0167:bff7b334 55 push ebp

0167:bff7b335 8bec mov ebp,esp

0167:bff7b337 83ec04 sub esp,+04

0167:bff7b33a a1e49cfcbf mov eax,dword ptr [bffc9ce4]

0167:bff7b33f 53 push ebx

0167:bff7b340 56 push esi

0167:bff7b341 57 push edi

0167:bff7b342 8b7d08 mov edi,dword ptr [ebp+08]

0167:bff7b345 8b08 mov ecx,dword ptr [eax]

0167:bff7b347 81e7ff8fffff and edi,ffff8fff

0167:bff7b34d 8b5118 mov edx,dword ptr [ecx+18]

0167:bff7b350 ff724c push dword ptr [edx+4c]

0167:bff7b353 e8698fffff call bff742c1 = KERNEL32.DLL:_FREQASM+0x32c1

0167:bff7b358 f7c78d80ffff test edi,ffff808d

0167:bff7b35e 740c jz bff7b36c = KERNEL32.DLL:.text+0x236c

0167:bff7b360 6a57 push +57

0167:bff7b362 e8 ?db e8

0167:bff7b363 3916 cmp dword ptr [esi],edx

0167:bff7b365 00 ?db 00

0167:bff7b366 page not present

--------------------

00f4f5c8 8208e000 -> 00 00 20 00 00 00 00 00 20 00 00 00 01 00 00 a0 .. ..... .......

00f4f5cc 00000000

00f4f5d0 86385f8f

00f4f5d4 0000016f

00f4f5d8 8207e000 -> 94 0c ff ff 00 00 00 00 00 00 00 00 00 00 00 00 ................

00f4f5dc 820989bc -> 07 03 dd 01 4f 1c 00 00 ec 17 cf 01 b1 50 cf 17 ....O........P..

00f4f5e0 00f4f608 -> 1c f6 f4 00 a8 40 f9 bf 44 f6 f4 00 80 92 80 81 .....@..D.......

00f4f5e4 bff7469c = KERNEL32.DLL:_FREQASM+0x369c

--------------------

0167:bff7468f ff75f8 push dword ptr [ebp-08]

0167:bff74692 6a00 push +00

0167:bff74694 ff737c push dword ptr [ebx+7c]

0167:bff74697 e871040000 call bff74b0d = KERNEL32.DLL:_FREQASM+0x3b0d

KERNEL32.DLL:_FREQASM+0x369c:

*0167:bff7469c 5b pop ebx

0167:bff7469d 5f pop edi

0167:bff7469e 5e pop esi

0167:bff7469f c9 leave

0167:bff746a0 c20c00 retd 000c

0167:bff746a3 90 nop

0167:bff746a4 55 push ebp

0167:bff746a5 8bec mov ebp,esp

0167:bff746a7 56 push esi

0167:bff746a8 57 push edi

0167:bff746a9 53 push ebx

0167:bff746aa 8b5d08 mov ebx,dword ptr [ebp+08]

0167:bff746ad 8b450c mov eax,dword ptr [ebp+0c]

0167:bff746b0 8b4d10 mov ecx,dword ptr [ebp+10]

0167:bff746b3 0bc9 or ecx,ecx

0167:bff746b5 781e js bff746d5 = KERNEL32.DLL:_FREQASM+0x36d5

0167:bff746b7 2eff148dc447f7bf call dword ptr ss:[ecx*4+bff747c4]

0167:bff746bf 740d jz bff746ce = KERNEL32.DLL:_FREQASM+0x36ce

0167:bff746c1 8b4d14 mov ecx,dword ptr [ebp+14]

0167:bff746c4 8b00 mov eax,dword ptr [eax]

0167:bff746c6 2eff148d8848f7bf call dword ptr ss:[ecx*4+bff74888]

0167:bff746ce 5b pop ebx

0167:bff746cf 5f pop edi

0167:bff746d0 5e pop esi

0167:bff746d1 c9 leave

0167:bff746d2 c21000 retd 0010

0167:bff746d5 33c0 xor eax,eax

0167:bff746d7 ebf5 jmp bff746ce = KERNEL32.DLL:_FREQASM+0x36ce

0167:bff746d9 2e ?db 2e

0167:bff746da 8b ?db 8b

0167:bff746db c0 ?db c0

0167:bff746dc page not present

--------------------

00f4f5e8 8208e000 -> 00 00 20 00 00 00 00 00 20 00 00 00 01 00 00 a0 .. ..... .......

00f4f5ec 00000000

00f4f5f0 820989c0 -> 4f 1c 00 00 ec 17 cf 01 b1 50 cf 17 08 00 44 25 O........P....D%

00f4f5f4 00f4f63a -> 00 00 00 e0 07 82 9c 89 09 82 6c f6 f4 00 9c 46 ..........l....F

00f4f5f8 86385f8f

00f4f5fc 0000016f

00f4f600 820989c0 -> 4f 1c 00 00 ec 17 cf 01 b1 50 cf 17 08 00 44 25 O........P....D%

00f4f604 00000000

00f4f608 00f4f61c -> 10 6d 5f c1 44 f6 f4 00 0e a1 f7 bf 26 b3 f7 bf .m_.D.......&...

00f4f60c bff940a8 = KERNEL32.DLL:.text+0x1b0a8

--------------------

0167:bff940a0 ff731c push dword ptr [ebx+1c]

0167:bff940a3 e83405feff call bff745dc = KERNEL32.DLL:_FREQASM+0x35dc

KERNEL32.DLL:.text+0x1b0a8:

*0167:bff940a8 e91bfbffff jmp bff93bc8 = KERNEL32.DLL:.text+0x1abc8

0167:bff940ad 0fbf4316 movsx eax,word ptr [ebx+16]

0167:bff940b1 50 push eax

0167:bff940b2 ff7318 push dword ptr [ebx+18]

0167:bff940b5 ff731c push dword ptr [ebx+1c]

0167:bff940b8 e8575d0000 call bff99e14 = KERNEL32.DLL:.text+0x20e14

0167:bff940bd 8bd0 mov edx,eax

0167:bff940bf c1c210 rol edx,10

0167:bff940c2 e901fbffff jmp bff93bc8 = KERNEL32.DLL:.text+0x1abc8

0167:bff940c7 0fbf4316 movsx eax,word ptr [ebx+16]

0167:bff940cb 50 push eax

0167:bff940cc 0fbf4318 movsx eax,word ptr [ebx+18]

0167:bff940d0 50 push eax

0167:bff940d1 ff731a push dword ptr [ebx+1a]

0167:bff940d4 ff731e push dword ptr [ebx+1e]

0167:bff940d7 e8c805feff call bff746a4 = KERNEL32.DLL:_FREQASM+0x36a4

0167:bff940dc 8bd0 mov edx,eax

0167:bff940de c1c210 rol edx,10

0167:bff940e1 e9eafaffff jmp bff93bd0 = KERNEL32.DLL:.text+0x1abd0

0167:bff940e6 ff ?db ff

0167:bff940e7 73 ?db 73

0167:bff940e8 page not present

--------------------

00f4f610 00f4f644 -> 6c f6 f4 00 9c 46 f7 bf 00 e0 08 82 00 00 00 00 l....F..........

00f4f614 81809280 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00f4f618 8209899c -> 7c 00 00 a0 24 06 02 00 1c aa 02 00 0c 05 02 00 |...$...........

00f4f61c c15f6d10 -> 01 00 00 00 40 3f 8a 81 24 97 89 81 c0 bd 59 c1 ....@?..$.....Y.

00f4f620 00f4f644 -> 6c f6 f4 00 9c 46 f7 bf 00 e0 08 82 00 00 00 00 l....F..........

00f4f624 bff7a10e = KERNEL32.DLL:.text+0x110e

--------------------

0167:bff7a0ff 750d jnz bff7a10e = KERNEL32.DLL:.text+0x110e

0167:bff7a101 ff704c push dword ptr [eax+4c]

0167:bff7a104 e8e5a1ffff call bff742ee = KERNEL32.DLL:_FREQASM+0x32ee

0167:bff7a109 e83e010000 call bff7a24c = KERNEL32.DLL:.text+0x124c

KERNEL32.DLL:.text+0x110e:

*0167:bff7a10e c20800 retd 0008

0167:bff7a111 53 push ebx

0167:bff7a112 56 push esi

0167:bff7a113 8b742410 mov esi,dword ptr [esp+10]

0167:bff7a117 57 push edi

0167:bff7a118 8b7c2418 mov edi,dword ptr [esp+18]

0167:bff7a11c 55 push ebp

0167:bff7a11d ba00001000 mov edx,00100000

0167:bff7a122 8d1c3e lea ebx,[esi+edi]

0167:bff7a125 8b03 mov eax,dword ptr [ebx]

0167:bff7a127 a801 test al,01

0167:bff7a129 7425 jz bff7a150 = KERNEL32.DLL:.text+0x1150

0167:bff7a12b 25fcffff0f and eax,0ffffffc

0167:bff7a130 8b5308 mov edx,dword ptr [ebx+08]

0167:bff7a133 03f8 add edi,eax

0167:bff7a135 8b4b04 mov ecx,dword ptr [ebx+04]

0167:bff7a138 895108 mov dword ptr [ecx+08],edx

0167:bff7a13b 8b5308 mov edx,dword ptr [ebx+08]

0167:bff7a13e 8b4304 mov eax,dword ptr [ebx+04]

0167:bff7a141 894204 mov dword ptr [edx+04],eax

0167:bff7a144 8d930b100000 lea edx,[ebx+0000100b]

0167:bff7a14a c1ea0c shr edx,0c

0167:bff7a14d 8d ?db 8d

0167:bff7a14e page not present

--------------------

00f4f628 bff7b326 = KERNEL32.DLL:.text+0x2326

--------------------

0167:bff7b318 e8f4edffff call bff7a111 = KERNEL32.DLL:.text+0x1111

0167:bff7b31d ff750c push dword ptr [ebp+0c]

0167:bff7b320 56 push esi

0167:bff7b321 e8caedffff call bff7a0f0 = KERNEL32.DLL:.text+0x10f0

KERNEL32.DLL:.text+0x2326:

*0167:bff7b326 b801000000 mov eax,00000001

0167:bff7b32b 5f pop edi

0167:bff7b32c 5e pop esi

0167:bff7b32d 5b pop ebx

0167:bff7b32e 8be5 mov esp,ebp

0167:bff7b330 5d pop ebp

0167:bff7b331 c20c00 retd 000c

0167:bff7b334 55 push ebp

0167:bff7b335 8bec mov ebp,esp

0167:bff7b337 83ec04 sub esp,+04

0167:bff7b33a a1e49cfcbf mov eax,dword ptr [bffc9ce4]

0167:bff7b33f 53 push ebx

0167:bff7b340 56 push esi

0167:bff7b341 57 push edi

0167:bff7b342 8b7d08 mov edi,dword ptr [ebp+08]

0167:bff7b345 8b08 mov ecx,dword ptr [eax]

0167:bff7b347 81e7ff8fffff and edi,ffff8fff

0167:bff7b34d 8b5118 mov edx,dword ptr [ecx+18]

0167:bff7b350 ff724c push dword ptr [edx+4c]

0167:bff7b353 e8698fffff call bff742c1 = KERNEL32.DLL:_FREQASM+0x32c1

0167:bff7b358 f7c78d80ffff test edi,ffff808d

0167:bff7b35e 740c jz bff7b36c = KERNEL32.DLL:.text+0x236c

0167:bff7b360 6a57 push +57

0167:bff7b362 e8 ?db e8

0167:bff7b363 3916 cmp dword ptr [esi],edx

0167:bff7b365 00 ?db 00

0167:bff7b366 page not present

--------------------

00f4f62c 8208e000 -> 00 00 20 00 00 00 00 00 20 00 00 00 01 00 00 a0 .. ..... .......

00f4f630 00000000

00f4f634 869c5f8f

00f4f638 0000016f

00f4f63c 8207e000 -> 94 0c ff ff 00 00 00 00 00 00 00 00 00 00 00 00 ................

00f4f640 8209899c -> 7c 00 00 a0 24 06 02 00 1c aa 02 00 0c 05 02 00 |...$...........

00f4f644 00f4f66c -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00f4f648 bff7469c = KERNEL32.DLL:_FREQASM+0x369c

--------------------

0167:bff7468f ff75f8 push dword ptr [ebp-08]

0167:bff74692 6a00 push +00

0167:bff74694 ff737c push dword ptr [ebx+7c]

0167:bff74697 e871040000 call bff74b0d = KERNEL32.DLL:_FREQASM+0x3b0d

KERNEL32.DLL:_FREQASM+0x369c:

*0167:bff7469c 5b pop ebx

0167:bff7469d 5f pop edi

0167:bff7469e 5e pop esi

0167:bff7469f c9 leave

0167:bff746a0 c20c00 retd 000c

0167:bff746a3 90 nop

0167:bff746a4 55 push ebp

0167:bff746a5 8bec mov ebp,esp

0167:bff746a7 56 push esi

0167:bff746a8 57 push edi

0167:bff746a9 53 push ebx

0167:bff746aa 8b5d08 mov ebx,dword ptr [ebp+08]

0167:bff746ad 8b450c mov eax,dword ptr [ebp+0c]

0167:bff746b0 8b4d10 mov ecx,dword ptr [ebp+10]

0167:bff746b3 0bc9 or ecx,ecx

0167:bff746b5 781e js bff746d5 = KERNEL32.DLL:_FREQASM+0x36d5

0167:bff746b7 2eff148dc447f7bf call dword ptr ss:[ecx*4+bff747c4]

0167:bff746bf 740d jz bff746ce = KERNEL32.DLL:_FREQASM+0x36ce

0167:bff746c1 8b4d14 mov ecx,dword ptr [ebp+14]

0167:bff746c4 8b00 mov eax,dword ptr [eax]

0167:bff746c6 2eff148d8848f7bf call dword ptr ss:[ecx*4+bff74888]

0167:bff746ce 5b pop ebx

0167:bff746cf 5f pop edi

0167:bff746d0 5e pop esi

0167:bff746d1 c9 leave

0167:bff746d2 c21000 retd 0010

0167:bff746d5 33c0 xor eax,eax

0167:bff746d7 ebf5 jmp bff746ce = KERNEL32.DLL:_FREQASM+0x36ce

0167:bff746d9 2e ?db 2e

0167:bff746da 8b ?db 8b

0167:bff746db c0 ?db c0

0167:bff746dc page not present

--------------------

00f4f64c 8208e000 -> 00 00 20 00 00 00 00 00 20 00 00 00 01 00 00 a0 .. ..... .......

00f4f650 00000000

00f4f654 820989a0 -> 24 06 02 00 1c aa 02 00 0c 05 02 00 00 00 00 00 $...............

00f4f658 00f4f69e -> 00 00 50 70 80 81 0c 70 80 81 00 00 00 00 d0 f6 ..Pp...p........

00f4f65c 869c5f8f

00f4f660 00000001

00f4f664 00000000

...

00f4f690 00000001

00f4f694 00000000

00f4f698 00000001

00f4f69c 00000000

00f4f6a0 81807050 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00f4f6a4 8180700c -> 01 00 00 a0 40 9b 8c 81 b4 01 8e 81 80 00 00 00 ....@...........

00f4f6a8 00000000

00f4f6ac 00f4f6d0 -> 0e a1 f7 bf 08 f7 f4 00 50 70 80 81 20 08 6f 01 ........Pp.. .o.

00f4f6b0 bff7a10e = KERNEL32.DLL:.text+0x110e

--------------------

0167:bff7a0ff 750d jnz bff7a10e = KERNEL32.DLL:.text+0x110e

0167:bff7a101 ff704c push dword ptr [eax+4c]

0167:bff7a104 e8e5a1ffff call bff742ee = KERNEL32.DLL:_FREQASM+0x32ee

0167:bff7a109 e83e010000 call bff7a24c = KERNEL32.DLL:.text+0x124c

KERNEL32.DLL:.text+0x110e:

*0167:bff7a10e c20800 retd 0008

0167:bff7a111 53 push ebx

0167:bff7a112 56 push esi

0167:bff7a113 8b742410 mov esi,dword ptr [esp+10]

0167:bff7a117 57 push edi

0167:bff7a118 8b7c2418 mov edi,dword ptr [esp+18]

0167:bff7a11c 55 push ebp

0167:bff7a11d ba00001000 mov edx,00100000

0167:bff7a122 8d1c3e lea ebx,[esi+edi]

0167:bff7a125 8b03 mov eax,dword ptr [ebx]

0167:bff7a127 a801 test al,01

0167:bff7a129 7425 jz bff7a150 = KERNEL32.DLL:.text+0x1150

0167:bff7a12b 25fcffff0f and eax,0ffffffc

0167:bff7a130 8b5308 mov edx,dword ptr [ebx+08]

0167:bff7a133 03f8 add edi,eax

0167:bff7a135 8b4b04 mov ecx,dword ptr [ebx+04]

0167:bff7a138 895108 mov dword ptr [ecx+08],edx

0167:bff7a13b 8b5308 mov edx,dword ptr [ebx+08]

0167:bff7a13e 8b4304 mov eax,dword ptr [ebx+04]

0167:bff7a141 894204 mov dword ptr [edx+04],eax

0167:bff7a144 8d930b100000 lea edx,[ebx+0000100b]

0167:bff7a14a c1ea0c shr edx,0c

0167:bff7a14d 8d ?db 8d

0167:bff7a14e page not present

--------------------

00f4f6b4 00f4f6e8 -> 2f 12 06 00 67 14 6f 01 ff ff 6f 01 cd 5e 5e 03 /...g.o...o..^^.

00f4f6b8 81807050 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00f4f6bc 00f4f6f0 -> ff ff 6f 01 cd 5e 5e 03 01 00 00 00 00 f3 f4 00 ..o..^^.........

00f4f6c0 81807050 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00f4f6c4 818d8f10 -> 11 01 00 a0 0c a8 8c 81 1c 69 8d 81 ff ff ff ff .........i......

00f4f6c8 c15f6d10 -> 01 00 00 00 40 3f 8a 81 24 97 89 81 c0 bd 59 c1 ....@?..$.....Y.

00f4f6cc 00f4f6f0 -> ff ff 6f 01 cd 5e 5e 03 01 00 00 00 00 f3 f4 00 ..o..^^.........

00f4f6d0 bff7a10e = KERNEL32.DLL:.text+0x110e

--------------------

0167:bff7a0ff 750d jnz bff7a10e = KERNEL32.DLL:.text+0x110e

0167:bff7a101 ff704c push dword ptr [eax+4c]

0167:bff7a104 e8e5a1ffff call bff742ee = KERNEL32.DLL:_FREQASM+0x32ee

0167:bff7a109 e83e010000 call bff7a24c = KERNEL32.DLL:.text+0x124c

KERNEL32.DLL:.text+0x110e:

*0167:bff7a10e c20800 retd 0008

0167:bff7a111 53 push ebx

0167:bff7a112 56 push esi

0167:bff7a113 8b742410 mov esi,dword ptr [esp+10]

0167:bff7a117 57 push edi

0167:bff7a118 8b7c2418 mov edi,dword ptr [esp+18]

0167:bff7a11c 55 push ebp

0167:bff7a11d ba00001000 mov edx,00100000

0167:bff7a122 8d1c3e lea ebx,[esi+edi]

0167:bff7a125 8b03 mov eax,dword ptr [ebx]

0167:bff7a127 a801 test al,01

0167:bff7a129 7425 jz bff7a150 = KERNEL32.DLL:.text+0x1150

0167:bff7a12b 25fcffff0f and eax,0ffffffc

0167:bff7a130 8b5308 mov edx,dword ptr [ebx+08]

0167:bff7a133 03f8 add edi,eax

0167:bff7a135 8b4b04 mov ecx,dword ptr [ebx+04]

0167:bff7a138 895108 mov dword ptr [ecx+08],edx

0167:bff7a13b 8b5308 mov edx,dword ptr [ebx+08]

0167:bff7a13e 8b4304 mov eax,dword ptr [ebx+04]

0167:bff7a141 894204 mov dword ptr [edx+04],eax

0167:bff7a144 8d930b100000 lea edx,[ebx+0000100b]

0167:bff7a14a c1ea0c shr edx,0c

0167:bff7a14d 8d ?db 8d

0167:bff7a14e page not present

--------------------

00f4f6d4 00f4f708 -> 01 00 00 00 7c f5 f4 00 00 f3 f4 00 a0 fd f4 00 ....|...........

00f4f6d8 81807050 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00f4f6dc 016f0820

00f4f6e0 14674e1f

00f4f6e4 1bd886f4

00f4f6e8 0006122f

00f4f6ec 016f1467

00f4f6f0 016fffff

00f4f6f4 035e5ecd = NEWTON.DLL:.text+0x44ecd

-> 6a 0c 68 d0 41 5f 03 e8 e7 3c 00 00 33 c0 40 89 j.h.A_...<..3.@.

00f4f6f8 00000001

00f4f6fc 00f4f300 -> d8 f3 f4 00 f4 f3 f4 00 2c f3 f4 00 49 68 f7 bf ........,...Ih..

00f4f700 818a3f84 -> 18 00 00 00 03 01 00 00 1f 4e 00 00 00 00 00 00 .........N......

00f4f704 00f4f570 -> 00 00 00 00 00 00 5a 03 84 3f 8a 81 05 00 00 00 ......Z..?......

00f4f708 00000001

00f4f70c 00f4f57c -> 05 00 00 00 00 00 00 00 88 cb 8d 81 10 6d 5f c1 .............m_.

00f4f710 00f4f300 -> d8 f3 f4 00 f4 f3 f4 00 2c f3 f4 00 49 68 f7 bf ........,...Ih..

00f4f714 00f4fda0 -> 28 fe f4 00 9b b4 40 00 ff ff ff ff 38 fe f4 00 (.....@.....8...

00f4f718 bffc05b4 = KERNEL32.DLL:.text+0x475b4

-> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E

00f4f71c bff79198 = KERNEL32.DLL:.text+0x198

-> ff ff ff ff 01 de f7 bf 10 de f7 bf 00 00 00 00 ................

00f4f720 00000000

00f4f724 818dcb9c -> 01 02 01 00 24 97 89 81 a0 ae 8c 81 45 00 00 a0 ....$.......E...

00f4f728 bff8e01c = KERNEL32.DLL:.text+0x1501c

--------------------

0167:bff8e012 6a00 push +00

0167:bff8e014 6a00 push +00

0167:bff8e016 53 push ebx

0167:bff8e017 e816fdfeff call bff7dd32 = KERNEL32.DLL:.text+0x4d32

KERNEL32.DLL:.text+0x1501c:

*0167:bff8e01c 8bf0 mov esi,eax

0167:bff8e01e 668b4500 mov ax,word ptr [ebp]

0167:bff8e022 6625feff and ax,fffe

0167:bff8e026 66894500 mov word ptr [ebp],ax

0167:bff8e02a a804 test al,04

0167:bff8e02c 7415 jz bff8e043 = KERNEL32.DLL:.text+0x15043

0167:bff8e02e 8b0d249cfcbf mov ecx,dword ptr [bffc9c24]

0167:bff8e034 0fbf4310 movsx eax,word ptr [ebx+10]

0167:bff8e038 8b1481 mov edx,dword ptr [ecx+eax*4]

0167:bff8e03b ff7204 push dword ptr [edx+04]

0167:bff8e03e e8cc700000 call bff9510f = KERNEL32.DLL:.text+0x1c10f

0167:bff8e043 a1249cfcbf mov eax,dword ptr [bffc9c24]

0167:bff8e048 0fbf4b10 movsx ecx,word ptr [ebx+10]

0167:bff8e04c 8b1c88 mov ebx,dword ptr [eax+ecx*4]

0167:bff8e04f 66837b2a01 cmp word ptr [ebx+2a],+01

0167:bff8e054 7510 jnz bff8e066 = KERNEL32.DLL:.text+0x15066

0167:bff8e056 f60304 test byte ptr [ebx],04

0167:bff8e059 740b jz bff8e066 = KERNEL32.DLL:.text+0x15066

0167:bff8e05b 53 ?db 53

0167:bff8e05c page not present

--------------------

00f4f72c 818dcb88 -> a4 95 89 81 74 b1 89 81 00 00 00 00 00 00 00 00 ....t...........

00f4f730 00000000

...

00f4f738 bff76da8 = KERNEL32.DLL!GetProcAddress

--------------------

0167:bff76d9b 66ff7508 push word ptr [ebp+08]

0167:bff76d9f e86eaeffff call bff71c12 = KERNEL32.DLL:_FREQASM+0xc12

0167:bff76da4 c9 leave

0167:bff76da5 c20400 retd 0004

KERNEL32.DLL!GetProcAddress:

*0167:bff76da8 57 push edi

0167:bff76da9 6a22 push +22

0167:bff76dab 2bd2 sub edx,edx

0167:bff76dad 68671dfabf push bffa1d67

0167:bff76db2 64ff32 push dword ptr fs:[edx]

0167:bff76db5 648922 mov dword ptr fs:[edx],esp

0167:bff76db8 8b7c2418 mov edi,dword ptr [esp+18]

0167:bff76dbc 81ff00000100 cmp edi,00010000

0167:bff76dc2 7207 jc bff76dcb = KERNEL32.DLL:_FREQASM+0x5dcb

0167:bff76dc4 2bc0 sub eax,eax

0167:bff76dc6 8d48ff lea ecx,[eax-01]

0167:bff76dc9 f2ae repnz scas al,byte ptr es:[edi]

0167:bff76dcb 648f02 pop dword ptr fs:[edx]

0167:bff76dce 83c408 add esp,+08

0167:bff76dd1 5f pop edi

0167:bff76dd2 e974950000 jmp bff8034b = KERNEL32.DLL:.text+0x734b

0167:bff76dd7 2bd2 sub edx,edx

0167:bff76dd9 68041dfabf push bffa1d04

0167:bff76dde 64ff32 push dword ptr fs:[edx]

0167:bff76de1 648922 mov dword ptr fs:[edx],esp

0167:bff76de4 8b ?db 8b

0167:bff76de5 4c dec esp

0167:bff76de6 24 ?db 24

0167:bff76de7 0c ?db 0c

0167:bff76de8 page not present

--------------------

00f4f73c 00000003

00f4f740 bff8e0cd = KERNEL32.DLL!FreeLibrary

--------------------

0167:bff8e0ca c20400 retd 0004

KERNEL32.DLL!FreeLibrary:

*0167:bff8e0cd 8b442404 mov eax,dword ptr [esp+04]

0167:bff8e0d1 56 push esi

0167:bff8e0d2 be03000000 mov esi,00000003

0167:bff8e0d7 a801 test al,01

0167:bff8e0d9 740a jz bff8e0e5 = KERNEL32.DLL:.text+0x150e5

0167:bff8e0db 24fe and al,fe

0167:bff8e0dd 50 push eax

0167:bff8e0de e8665cffff call bff83d49 = KERNEL32.DLL!UnmapViewOfFile

0167:bff8e0e3 eb67 jmp bff8e14c = KERNEL32.DLL:.text+0x1514c

0167:bff8e0e5 a1e49cfcbf mov eax,dword ptr [bffc9ce4]

0167:bff8e0ea 8b00 mov eax,dword ptr [eax]

0167:bff8e0ec 83c060 add eax,+60

0167:bff8e0ef 50 push eax

0167:bff8e0f0 e8bf60feff call bff741b4 = KERNEL32.DLL!97

0167:bff8e0f5 8b0de49cfcbf mov ecx,dword ptr [bffc9ce4]

0167:bff8e0fb ff050495fcbf inc dword ptr [bffc9504]

0167:bff8e101 8b11 mov edx,dword ptr [ecx]

0167:bff8e103 ff742408 push dword ptr [esp+08]

0167:bff8e107 66ff4230 inc word ptr [edx+30]

0167:bff8e10b e8 ?db e8

0167:bff8e10c bf ?db bf

0167:bff8e10d page not present

--------------------

00f4f744 bff8e0a4 = KERNEL32.DLL:.text+0x150a4

--------------------

0167:bff8e09f e81cffffff call bff8dfc0 = KERNEL32.DLL:.text+0x14fc0

KERNEL32.DLL:.text+0x150a4:

*0167:bff8e0a4 89442400 mov dword ptr [esp],eax

0167:bff8e0a8 a1109dfcbf mov eax,dword ptr [bffc9d10]

0167:bff8e0ad 50 push eax

0167:bff8e0ae e80161feff call bff741b4 = KERNEL32.DLL!97

0167:bff8e0b3 e8f7f4ffff call bff8d5af = KERNEL32.DLL:.text+0x145af

0167:bff8e0b8 a1109dfcbf mov eax,dword ptr [bffc9d10]

0167:bff8e0bd 50 push eax

0167:bff8e0be e82a61feff call bff741ed = KERNEL32.DLL!98

0167:bff8e0c3 8b442400 mov eax,dword ptr [esp]

0167:bff8e0c7 83c404 add esp,+04

0167:bff8e0ca c20400 retd 0004

0167:bff8e0cd 8b442404 mov eax,dword ptr [esp+04]

0167:bff8e0d1 56 push esi

0167:bff8e0d2 be03000000 mov esi,00000003

0167:bff8e0d7 a801 test al,01

0167:bff8e0d9 740a jz bff8e0e5 = KERNEL32.DLL:.text+0x150e5

0167:bff8e0db 24fe and al,fe

0167:bff8e0dd 50 push eax

0167:bff8e0de e8665cffff call bff83d49 = KERNEL32.DLL!UnmapViewOfFile

0167:bff8e0e3 eb ?db eb

0167:bff8e0e4 page not present

--------------------

00f4f748 00000003

00f4f74c bff8e123 = KERNEL32.DLL:.text+0x15123

--------------------

0167:bff8e11b eb08 jmp bff8e125 = KERNEL32.DLL:.text+0x15125

0167:bff8e11d 50 push eax

0167:bff8e11e e862ffffff call bff8e085 = KERNEL32.DLL:.text+0x15085

KERNEL32.DLL:.text+0x15123:

*0167:bff8e123 8bf0 mov esi,eax

0167:bff8e125 a1e49cfcbf mov eax,dword ptr [bffc9ce4]

0167:bff8e12a 8b08 mov ecx,dword ptr [eax]

0167:bff8e12c 66ff4930 dec word ptr [ecx+30]

0167:bff8e130 a1e49cfcbf mov eax,dword ptr [bffc9ce4]

0167:bff8e135 8b00 mov eax,dword ptr [eax]

0167:bff8e137 83c060 add eax,+60

0167:bff8e13a 50 push eax

0167:bff8e13b e8ad60feff call bff741ed = KERNEL32.DLL!98

0167:bff8e140 e8edaeffff call bff89032 = KERNEL32.DLL:.text+0x10032

0167:bff8e145 83fe01 cmp esi,+01

0167:bff8e148 1bc0 sbb eax,eax

0167:bff8e14a f7d8 neg eax

0167:bff8e14c 5e pop esi

0167:bff8e14d c20400 retd 0004

0167:bff8e150 a1e496fcbf mov eax,dword ptr [bffc96e4]

0167:bff8e155 c3 retd

0167:bff8e156 53 push ebx

0167:bff8e157 56 push esi

0167:bff8e158 8b74240c mov esi,dword ptr [esp+0c]

0167:bff8e15c 57 push edi

0167:bff8e15d 81 ?db 81

0167:bff8e15e fe ?db fe

0167:bff8e15f 60 pushad

0167:bff8e160 ea ?db ea

0167:bff8e161 00 ?db 00

0167:bff8e162 00 ?db 00

0167:bff8e163 page not present

--------------------

00f4f750 8189b174 -> 88 cb 8d 81 c4 9a 8c 81 00 00 00 00 00 00 00 00 ................

00f4f754 0040e364 = F3DRAGDOLLDEMO.EXE:.data+0x1364

-> 00 00 0b 03 00 00 00 00 00 00 00 00 00 00 00 00 ................

00f4f758 00402db3 = F3DRAGDOLLDEMO.EXE:.text+0x1db3

--------------------

0167:00402dac 85c0 test eax,eax

0167:00402dae 7409 jz 00402db9 = F3DRAGDOLLDEMO.EXE:.text+0x1db9

0167:00402db0 50 push eax

0167:00402db1 ffd3 call ebx

F3DRAGDOLLDEMO.EXE:.text+0x1db3:

*0167:00402db3 c70600000000 mov dword ptr [esi],00000000

0167:00402db9 83ee04 sub esi,+04

0167:00402dbc 4f dec edi

0167:00402dbd 81fe50e34000 cmp esi,0040e350

0167:00402dc3 7dc5 jge 00402d8a = F3DRAGDOLLDEMO.EXE:.text+0x1d8a

0167:00402dc5 5f pop edi

0167:00402dc6 5d pop ebp

0167:00402dc7 5b pop ebx

0167:00402dc8 5e pop esi

0167:00402dc9 c3 retd

0167:00402dca 90 nop

0167:00402dcb 90 nop

0167:00402dcc 90 nop

0167:00402dcd 90 nop

0167:00402dce 90 nop

0167:00402dcf 90 nop

0167:00402dd0 e80b000000 call 00402de0 = F3DRAGDOLLDEMO.EXE:.text+0x1de0

0167:00402dd5 e916000000 jmp 00402df0 = F3DRAGDOLLDEMO.EXE:.text+0x1df0

0167:00402dda 90 nop

0167:00402ddb 90 nop

0167:00402ddc 90 nop

0167:00402ddd 90 nop

0167:00402dde 90 nop

0167:00402ddf 90 nop

0167:00402de0 b9e0ea4000 mov ecx,0040eae0

0167:00402de5 e916e2ffff jmp 00401000 = F3DRAGDOLLDEMO.EXE:.text+0x0

0167:00402dea 90 nop

0167:00402deb 90 nop

0167:00402dec 90 nop

0167:00402ded 90 nop

0167:00402dee 90 nop

0167:00402def 90 nop

0167:00402df0 68 ?db 68

0167:00402df1 00 ?db 00

0167:00402df2 2e ?db 2e

0167:00402df3 page not present

--------------------

00f4f75c 030b0000 = NDB.DLL+0x0

-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............

00f4f760 010708f5 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00f4f764 00f4fdac -> 38 fe f4 00 3e 54 40 00 00 00 40 00 00 00 00 00 8...>T@...@.....

00f4f768 01070e40 -> 0c 00 c5 01 8e 3b ac 00 a0 07 07 01 00 00 00 00 .....;..........

00f4f76c 00f4fac1 -> 49 4a 4b 4c 4d 4e 4f 50 51 52 53 54 55 56 57 58 IJKLMNOPQRSTUVWX

00f4f770 00403afe = F3DRAGDOLLDEMO.EXE:.text+0x2afe

--------------------

0167:00403af4 b9e0ea4000 mov ecx,0040eae0

0167:00403af9 e802f2ffff call 00402d00 = F3DRAGDOLLDEMO.EXE:.text+0x1d00

F3DRAGDOLLDEMO.EXE:.text+0x2afe:

*0167:00403afe 8bcb mov ecx,ebx

0167:00403b00 e8fb0c0000 call 00404800 = F3DRAGDOLLDEMO.EXE:.text+0x3800

0167:00403b05 85db test ebx,ebx

0167:00403b07 7410 jz 00403b19 = F3DRAGDOLLDEMO.EXE:.text+0x2b19

0167:00403b09 8bcb mov ecx,ebx

0167:00403b0b e870000000 call 00403b80 = F3DRAGDOLLDEMO.EXE:.text+0x2b80

0167:00403b10 53 push ebx

0167:00403b11 e89a0e0000 call 004049b0 = F3DRAGDOLLDEMO.EXE:.text+0x39b0

0167:00403b16 83c404 add esp,+04

0167:00403b19 8d95e8feffff lea edx,[ebp-00000118]

0167:00403b1f 52 push edx

0167:00403b20 e8f40e0000 call 00404a19 = F3DRAGDOLLDEMO.EXE:.text+0x3a19

0167:00403b25 687cd74000 push 0040d77c

0167:00403b2a e8ea0e0000 call 00404a19 = F3DRAGDOLLDEMO.EXE:.text+0x3a19

0167:00403b2f 83c408 add esp,+08

0167:00403b32 83f8ff cmp eax,-01

0167:00403b35 7405 jz 00403b3c = F3DRAGDOLLDEMO.EXE:.text+0x2b3c

0167:00403b37 e804f8ffff call 00403340 = F3DRAGDOLLDEMO.EXE:.text+0x2340

0167:00403b3c 8d ?db 8d

0167:00403b3d 85 ?db 85

0167:00403b3e page not present

--------------------

00f4f774 00000000

...

00f4f77c 00540000

00f4f780 775c3a63

00f4f784 6f646e69

00f4f788 545c7377

00f4f78c 5c504d45

00f4f790 7062645c

00f4f794 61746164

00f4f798 5f5c3031

00f4f79c 74726976

00f4f7a0 2e6c6175

00f4f7a4 00746164

00f4f7a8 00f4fc58 -> 20 01 02 03 04 05 06 07 00 00 00 00 28 6b f8 bf ...........(k..

00f4f7ac 00000100

00f4f7b0 00f4fa58 -> 20 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ...............

00f4f7b4 00000100

00f4f7b8 0040efac = F3DRAGDOLLDEMO.EXE:.data+0x1fac

-> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00f4f7bc 00000100

00f4f7c0 00000000

00f4f7c4 00000100

00f4f7c8 00f4fc58 -> 20 01 02 03 04 05 06 07 00 00 00 00 28 6b f8 bf ...........(k..

00f4f7cc 00000100

00f4f7d0 00f4fb58 -> 20 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ...............

00f4f7d4 00000100

00f4f7d8 00f4f7b8 -> ac ef 40 00 00 01 00 00 00 00 00 00 00 01 00 00 ..@.............

00f4f7dc 00000100

00f4f7e0 00f4fe28 -> 68 ff f4 00 3c 72 40 00 60 c1 40 00 00 00 00 00 h...<r@.`.@.....

00f4f7e4 0040723c = F3DRAGDOLLDEMO.EXE:.text+0x623c

-> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E

00f4f7e8 0040c240 = F3DRAGDOLLDEMO.EXE:.rdata+0x240

-> ff ff ff ff f8 68 40 00 fc 68 40 00 ff ff ff ff .....h@..h@.....

00f4f7ec ffffffff

00f4f7f0 00f4fd6c -> b4 59 40 00 05 01 00 00 16 4a 40 00 05 01 00 00 .Y@......J@.....

00f4f7f4 00408f79 = F3DRAGDOLLDEMO.EXE:.text+0x7f79

--------------------

0167:00408f69 6800020000 push 00000200

0167:00408f6e ff35c4f14000 push dword ptr [0040f1c4]

0167:00408f74 e86fd8ffff call 004067e8 = F3DRAGDOLLDEMO.EXE:.text+0x57e8

F3DRAGDOLLDEMO.EXE:.text+0x7f79:

*0167:00408f79 83c45c add esp,+5c

0167:00408f7c 33c0 xor eax,eax

0167:00408f7e 8d8decfaffff lea ecx,[ebp-00000514]

0167:00408f84 668b11 mov dx,word ptr [ecx]

0167:00408f87 f6c201 test dl,01

0167:00408f8a 7416 jz 00408fa2 = F3DRAGDOLLDEMO.EXE:.text+0x7fa2

0167:00408f8c 8088c1f0400010 or byte ptr [eax+0040f0c1],10

0167:00408f93 8a9405ecfdffff mov dl,byte ptr [ebp+eax-00000214]

0167:00408f9a 8890c0ef4000 mov byte ptr [eax+0040efc0],dl

0167:00408fa0 eb1c jmp 00408fbe = F3DRAGDOLLDEMO.EXE:.text+0x7fbe

0167:00408fa2 f6c202 test dl,02

0167:00408fa5 7410 jz 00408fb7 = F3DRAGDOLLDEMO.EXE:.text+0x7fb7

0167:00408fa7 8088c1f0400020 or byte ptr [eax+0040f0c1],20

0167:00408fae 8a9405ecfcffff mov dl,byte ptr [ebp+eax-00000314]

0167:00408fb5 ebe3 jmp 00408f9a = F3DRAGDOLLDEMO.EXE:.text+0x7f9a

0167:00408fb7 80 ?db 80

0167:00408fb8 a0 ?db a0

0167:00408fb9 page not present

--------------------

00f4f7f8 00000000

00f4f7fc 00000200

00f4f800 00f4fc58 -> 20 01 02 03 04 05 06 07 00 00 00 00 28 6b f8 bf ...........(k..

00f4f804 00000100

00f4f808 00f4fa58 -> 20 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ...............

00f4f80c 00000100

00f4f810 000004e4

00f4f814 00000000

...

00f4f81c 00000100

00f4f820 00f4fc58 -> 20 01 02 03 04 05 06 07 00 00 00 00 28 6b f8 bf ...........(k..

00f4f824 00000100

00f4f828 00f4fb58 -> 20 01 02 03 04 05 06 07 08 09 0a 0b 0c 0d 0e 0f ...............

00f4f82c 00000100

00f4f830 000004e4

00f4f834 00000000

00f4f838 00000001

00f4f83c 00f4fc58 -> 20 01 02 03 04 05 06 07 00 00 00 00 28 6b f8 bf ...........(k..

00f4f840 00000100

00f4f844 00f4f858 -> 48 00 20 00 20 00 20 00 20 00 20 00 20 00 20 00 H. . . . . . . .

00f4f848 000004e4

00f4f84c 00000000

...

00f4f854 000004e4

00f4f858 00200048

00f4f85c 00200020

...

00f4f868 00680020

00f4f86c 00280028

...

00f4f874 00200020

...

00f4f898 00100048

00f4f89c 00100010

...

00f4f8b8 00840084

...

00f4f8cc 00100010

...

00f4f8d8 01810010

00f4f8dc 01810181

...

00f4f8e4 01010181

00f4f8e8 01010101

...

00f4f90c 00100101

00f4f910 00100010

...

00f4f918 01820010

00f4f91c 01820182

...

00f4f924 01020182

00f4f928 01020102

...

00f4f94c 00100102

00f4f950 00100010

00f4f954 00200010

...

00f4f95c 01120010

00f4f960 00100010

...

00f4f96c 00100101

00f4f970 00200101

...

00f4f978 00100020

00f4f97c 00100010

...

00f4f988 4d5c3a43

00f4f98c 6f442079

00f4f990 656d7563

00f4f994 5c73746e

00f4f998 62696146

00f4f99c 20786e61

00f4f9a0 44204433

00f4f9a4 206f6d65

00f4f9a8 00100031

00f4f9ac 00100010

...

00f4f9bc 00140014

00f4f9c0 00100010

...

00f4f9c8 00140010

00f4f9cc 00100010

...

00f4f9d8 01010101

...

00f4fa04 00100101

00f4fa08 01010101

...

00f4fa14 01020101

00f4fa18 01020102

...

00f4fa44 00100102

00f4fa48 01020102

...

00f4fa58 03020120

00f4fa5c 07060504

00f4fa60 0b0a0908

00f4fa64 0f0e0d0c

00f4fa68 13121110

00f4fa6c 17161514

00f4fa70 1b1a1918

00f4fa74 1f1e1d1c

00f4fa78 23222120

00f4fa7c 27262524

00f4fa80 2b2a2928

00f4fa84 2f2e2d2c

00f4fa88 33323130

00f4fa8c 4d5c3a43

00f4fa90 4f442059

00f4fa94 454d5543

00f4fa98 5c53544e

00f4fa9c 42494146

00f4faa0 20584e41

00f4faa4 44204433

00f4faa8 204f4d45

00f4faac 33465c31

00f4fab0 47415244

00f4fab4 4c4c4f44

00f4fab8 4f4d4544

00f4fabc 4558452e

00f4fac0 4b4a4900

00f4fac4 4f4e4d4c

00f4fac8 53525150

00f4facc 57565554

00f4fad0 7b5a5958

00f4fad4 7f7e7d7c

00f4fad8 83828180

00f4fadc 87868584

00f4fae0 8b8a8988

00f4fae4 8f8e8d8c

00f4fae8 93929190

00f4faec 97969594

00f4faf0 9b8a9998

00f4faf4 9f8e9d8c

00f4faf8 a3a2a1a0

00f4fafc a7a6a5a4

00f4fb00 abaaa9a8

00f4fb04 afaeadac

00f4fb08 b3b2b1b0

00f4fb0c b7b6b5b4

00f4fb10 bbbab9b8

00f4fb14 bfbebdbc -> 20 00 6c 00 61 00 73 00 20 00 63 00 6f 00 6c 00 .l.a.s. .c.o.l.

00f4fb18 c3c2c1c0 -> 1d 30 f1 00 10 bf 30 f1 00 10 eb 28 e8 60 c1 ff .0....0....(.`..

00f4fb1c c7c6c5c4 -> ae 55 6d fa b2 a6 73 cd 7a 2a 9e 6b a6 e5 66 7c .Um...s.z*.k..f|

00f4fb20 cbcac9c8

00f4fb24 cfcecdcc -> 1c 9a 79 3f 16 66 cf 3c f4 88 88 ff 00 00 00 00 ..y?.f.<........

00f4fb28 d3d2d1d0

00f4fb2c d7d6d5d4 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00f4fb30 dbdad9d8

00f4fb34 dfdedddc

00f4fb38 c3c2c1c0 -> 1d 30 f1 00 10 bf 30 f1 00 10 eb 28 e8 60 c1 ff .0....0....(.`..

00f4fb3c c7c6c5c4 -> ae 55 6d fa b2 a6 73 cd 7a 2a 9e 6b a6 e5 66 7c .Um...s.z*.k..f|

00f4fb40 cbcac9c8

00f4fb44 cfcecdcc -> 1c 9a 79 3f 16 66 cf 3c f4 88 88 ff 00 00 00 00 ..y?.f.<........

00f4fb48 d3d2d1d0

00f4fb4c f7d6d5d4

00f4fb50 dbdad9d8

00f4fb54 9fdedddc

00f4fb58 03020120

00f4fb5c 07060504

00f4fb60 0b0a0908

00f4fb64 0f0e0d0c

00f4fb68 13121110

00f4fb6c 17161514

00f4fb70 1b1a1918

00f4fb74 1f1e1d1c

00f4fb78 23222120

00f4fb7c 27262524

00f4fb80 2b2a2928

00f4fb84 2f2e2d2c

00f4fb88 33323130

00f4fb8c 37363534

00f4fb90 775c3a63

00f4fb94 6f646e69

00f4fb98 545c7377

00f4fb9c 5c504d45

00f4fba0 7062645c

00f4fba4 61746164

00f4fba8 5f5c3031

00f4fbac 74726976

00f4fbb0 2e6c6175

00f4fbb4 006b6370

00f4fbb8 63626160

00f4fbbc 67666564

00f4fbc0 6b6a6968

00f4fbc4 6f6e6d6c

00f4fbc8 73727170

00f4fbcc 77767574

00f4fbd0 7b7a7978

00f4fbd4 7f7e7d7c

00f4fbd8 83828180

00f4fbdc 87868584

00f4fbe0 8b9a8988

00f4fbe4 8f9e8d9c

00f4fbe8 93929190

00f4fbec 97969594

00f4fbf0 9b9a9998

00f4fbf4 ff9e9d9c

00f4fbf8 a3a2a1a0

00f4fbfc a7a6a5a4

00f4fc00 abaaa9a8

00f4fc04 afaeadac

00f4fc08 b3b2b1b0

00f4fc0c b7b6b5b4

00f4fc10 bbbab9b8

00f4fc14 bfbebdbc -> 20 00 6c 00 61 00 73 00 20 00 63 00 6f 00 6c 00 .l.a.s. .c.o.l.

00f4fc18 e3e2e1e0

00f4fc1c e7e6e5e4

00f4fc20 ebeae9e8

00f4fc24 efeeedec

00f4fc28 f3f2f1f0

00f4fc2c d7f6f5f4

00f4fc30 fbfaf9f8

00f4fc34 dffefdfc

00f4fc38 e3e2e1e0

00f4fc3c e7e6e5e4

00f4fc40 ebeae9e8

00f4fc44 efeeedec

00f4fc48 f3f2f1f0

00f4fc4c f7f6f5f4

00f4fc50 0040c1a2 = F3DRAGDOLLDEMO.EXE:.rdata+0x1a2

-> 00 00 4b 45 52 4e 45 4c 33 32 00 00 00 00 00 00 ..KERNEL32......

00f4fc54 000001a4

00f4fc58 03020120

00f4fc5c 07060504

00f4fc60 00000000

00f4fc64 bff86b28 = KERNEL32.DLL:.text+0xdb28

--------------------

0167:bff86b1a 8858ff mov byte ptr [eax-01],bl

0167:bff86b1d a1109dfcbf mov eax,dword ptr [bffc9d10]

0167:bff86b22 50 push eax

0167:bff86b23 e88cd6feff call bff741b4 = KERNEL32.DLL!97

KERNEL32.DLL:.text+0xdb28:

*0167:bff86b28 8d85ecfeffff lea eax,[ebp-00000114]

0167:bff86b2e 50 push eax

0167:bff86b2f e87d74ffff call bff7dfb1 = KERNEL32.DLL:.text+0x4fb1

0167:bff86b34 50 push eax

0167:bff86b35 e8f16effff call bff7da2b = KERNEL32.DLL:.text+0x4a2b

0167:bff86b3a 8bf0 mov esi,eax

0167:bff86b3c a1109dfcbf mov eax,dword ptr [bffc9d10]

0167:bff86b41 50 push eax

0167:bff86b42 e8a6d6feff call bff741ed = KERNEL32.DLL!98

0167:bff86b47 85f6 test esi,esi

0167:bff86b49 7507 jnz bff86b52 = KERNEL32.DLL:.text+0xdb52

0167:bff86b4b 6a7e push +7e

0167:bff86b4d e84e5effff call bff7c9a0 = KERNEL32.DLL:.text+0x39a0

0167:bff86b52 85ff test edi,edi

0167:bff86b54 7416 jz bff86b6c = KERNEL32.DLL:.text+0xdb6c

0167:bff86b56 53 push ebx

0167:bff86b57 ff75fc push dword ptr [ebp-04]

0167:bff86b5a e8a16c0100 call bff9d800 = KERNEL32.DLL:.text+0x24800

0167:bff86b5f a1e09cfcbf mov eax,dword ptr [bffc9ce0]

0167:bff86b64 8b08 mov ecx,dword ptr [eax]

0167:bff86b66 80 ?db 80

0167:bff86b67 61 ?db 61

0167:bff86b68 page not present

--------------------

00f4fc68 00f4fdac -> 38 fe f4 00 3e 54 40 00 00 00 40 00 00 00 00 00 8...>T@...@.....

00f4fc6c bff7dfbf = KERNEL32.DLL:.text+0x4fbf

--------------------

0167:bff7dfb7 57 push edi

0167:bff7dfb8 55 push ebp

0167:bff7dfb9 53 push ebx

0167:bff7dfba e8b131ffff call bff71170 = KERNEL32.DLL:_FREQASM+0x170

KERNEL32.DLL:.text+0x4fbf:

*0167:bff7dfbf 8bd0 mov edx,eax

0167:bff7dfc1 a1e49cfcbf mov eax,dword ptr [bffc9ce4]

0167:bff7dfc6 8b08 mov ecx,dword ptr [eax]

0167:bff7dfc8 8b414c mov eax,dword ptr [ecx+4c]

0167:bff7dfcb 85c0 test eax,eax

0167:bff7dfcd 0f8493000000 jz bff7e066 = KERNEL32.DLL:.text+0x5066

0167:bff7dfd3 8b35249cfcbf mov esi,dword ptr [bffc9c24]

0167:bff7dfd9 0fbf4810 movsx ecx,word ptr [eax+10]

0167:bff7dfdd 8b2c8e mov ebp,dword ptr [esi+ecx*4]

0167:bff7dfe0 0fb74d16 movzx ecx,word ptr [ebp+16]

0167:bff7dfe4 3bca cmp ecx,edx

0167:bff7dfe6 7517 jnz bff7dfff = KERNEL32.DLL:.text+0x4fff

0167:bff7dfe8 8bca mov ecx,edx

0167:bff7dfea 8bf3 mov esi,ebx

0167:bff7dfec c1e902 shr ecx,02

0167:bff7dfef 8b7d10 mov edi,dword ptr [ebp+10]

0167:bff7dff2 f3a7 repz cmps dword ptr ds:[esi],dword ptr es:[edi]

0167:bff7dff4 7507 jnz bff7dffd = KERNEL32.DLL:.text+0x4ffd

0167:bff7dff6 8bca mov ecx,edx

0167:bff7dff8 83e103 and ecx,+03

0167:bff7dffb f3a6 repz cmps byte ptr ds:[esi],byte ptr es:[edi]

0167:bff7dffd 74 ?db 74

0167:bff7dffe 67 ?db 67

0167:bff7dfff page not present

--------------------

00f4fc70 00f4fc98 -> 69 6e 64 6f 77 73 5c 54 45 4d 50 5c 5c 64 62 70 indows\TEMP\\dbp

00f4fc74 00f4fdac -> 38 fe f4 00 3e 54 40 00 00 00 40 00 00 00 00 00 8...>T@...@.....

00f4fc78 00000000

00f4fc7c bff741f7 = KERNEL32.DLL:_FREQASM+0x31f7

--------------------

0167:bff741eb ebe8 jmp bff741d5 = KERNEL32.DLL:_FREQASM+0x31d5

0167:bff741ed 8b542404 mov edx,dword ptr [esp+04]

0167:bff741f1 50 push eax

0167:bff741f2 e804000000 call bff741fb = KERNEL32.DLL:_FREQASM+0x31fb

KERNEL32.DLL:_FREQASM+0x31f7:

*0167:bff741f7 58 pop eax

0167:bff741f8 c20400 retd 0004

0167:bff741fb 833dec9cfcbf01 cmp dword ptr [bffc9cec],+01

0167:bff74202 7c32 jl bff74236 = KERNEL32.DLL:_FREQASM+0x3236

0167:bff74204 3b157094fcbf cmp edx,dword ptr [bffc9470]

0167:bff7420a 7506 jnz bff74212 = KERNEL32.DLL:_FREQASM+0x3212

0167:bff7420c 837a0401 cmp dword ptr [edx+04],+01

0167:bff74210 7426 jz bff74238 = KERNEL32.DLL:_FREQASM+0x3238

0167:bff74212 ff4a04 dec dword ptr [edx+04]

0167:bff74215 754a jnz bff74261 = KERNEL32.DLL:_FREQASM+0x3261

0167:bff74217 c7420800000000 mov dword ptr [edx+08],00000000

0167:bff7421e ff4210 inc dword ptr [edx+10]

0167:bff74221 7e43 jle bff74266 = KERNEL32.DLL:_FREQASM+0x3266

0167:bff74223 8b0de89cfcbf mov ecx,dword ptr [bffc9ce8]

0167:bff74229 8b09 mov ecx,dword ptr [ecx]

0167:bff7422b ff4938 dec dword ptr [ecx+38]

0167:bff7422e 7506 jnz bff74236 = KERNEL32.DLL:_FREQASM+0x3236

0167:bff74230 83794c00 cmp dword ptr [ecx+4c],+00

0167:bff74234 753f jnz bff74275 = KERNEL32.DLL:_FREQASM+0x3275

0167:bff74236 90 ?db 90

0167:bff74237 page not present

--------------------

00f4fc80 bffc9490 = KERNEL32.DLL:.data+0x490

-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00f4fc84 bff86abb = KERNEL32.DLL:.text+0xdabb

--------------------

0167:bff86aae 8b08 mov ecx,dword ptr [eax]

0167:bff86ab0 ffb198000000 push dword ptr [ecx+00000098]

0167:bff86ab6 e8706fffff call bff7da2b = KERNEL32.DLL:.text+0x4a2b

KERNEL32.DLL:.text+0xdabb:

*0167:bff86abb 8bf0 mov esi,eax

0167:bff86abd e990000000 jmp bff86b52 = KERNEL32.DLL:.text+0xdb52

0167:bff86ac2 85f6 test esi,esi

0167:bff86ac4 7416 jz bff86adc = KERNEL32.DLL:.text+0xdadc

0167:bff86ac6 57 push edi

0167:bff86ac7 8d45f4 lea eax,[ebp-0c]

0167:bff86aca 50 push eax

0167:bff86acb 8d4dfc lea ecx,[ebp-04]

0167:bff86ace 51 push ecx

0167:bff86acf e89c270100 call bff99270 = KERNEL32.DLL:.text+0x20270

0167:bff86ad4 85c0 test eax,eax

0167:bff86ad6 0f84b4000000 jz bff86b90 = KERNEL32.DLL:.text+0xdb90

0167:bff86adc ff75fc push dword ptr [ebp-04]

0167:bff86adf 8d8decfeffff lea ecx,[ebp-00000114]

0167:bff86ae5 51 push ecx

0167:bff86ae6 e8c4a6feff call bff711af = KERNEL32.DLL:_FREQASM+0x1af

0167:bff86aeb 8d4df8 lea ecx,[ebp-08]

0167:bff86aee 8d95ecfeffff lea edx,[ebp-00000114]

0167:bff86af4 51 push ecx

0167:bff86af5 52 push edx

0167:bff86af6 e8 ?db e8

0167:bff86af7 3070ff xor byte ptr [eax-01],dh

0167:bff86afa ff ?db ff

0167:bff86afb page not present

--------------------

00f4fc88 818b0694 -> 9c 4b 8c 81 ec 43 8b 81 00 00 00 00 00 00 00 00 .K...C..........

00f4fc8c 00000000

...

00f4fc94 775c3a63

00f4fc98 6f646e69

00f4fc9c 545c7377

00f4fca0 5c504d45

00f4fca4 7062645c

00f4fca8 61746164

00f4fcac 57003031

00f4fcb0 5b5a5958

00f4fcb4 5f5e5d5c

00f4fcb8 63626160

00f4fcbc 67666564

00f4fcc0 6b6a6968

00f4fcc4 6f6e6d6c

00f4fcc8 73727170

00f4fccc 77767574

00f4fcd0 7b7a7978

00f4fcd4 7f7e7d7c

00f4fcd8 83828180

00f4fcdc 87868584

00f4fce0 8b8a8988

00f4fce4 8f8e8d8c

00f4fce8 93929190

00f4fcec 97969594

00f4fcf0 9b9a9998

00f4fcf4 9f9e9d9c

00f4fcf8 a3a2a1a0

00f4fcfc a7a6a5a4

00f4fd00 abaaa9a8

00f4fd04 afaeadac

00f4fd08 b3b2b1b0

00f4fd0c b7b6b5b4

00f4fd10 bbbab9b8

00f4fd14 bfbebdbc -> 20 00 6c 00 61 00 73 00 20 00 63 00 6f 00 6c 00 .l.a.s. .c.o.l.

00f4fd18 c3c2c1c0 -> 1d 30 f1 00 10 bf 30 f1 00 10 eb 28 e8 60 c1 ff .0....0....(.`..

00f4fd1c c7c6c5c4 -> ae 55 6d fa b2 a6 73 cd 7a 2a 9e 6b a6 e5 66 7c .Um...s.z*.k..f|

00f4fd20 cbcac9c8

00f4fd24 cfcecdcc -> 1c 9a 79 3f 16 66 cf 3c f4 88 88 ff 00 00 00 00 ..y?.f.<........

00f4fd28 d3d2d1d0

00f4fd2c d7d6d5d4 -> 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00f4fd30 dbdad9d8

00f4fd34 dfdedddc

00f4fd38 0000003f

00f4fd3c 010709d1 -> 02 f6 00 c4 02 f6 00 77 73 5c 54 45 4d 50 5c 5c .......ws\TEMP\\

00f4fd40 00000105

00f4fd44 00000000

...

00f4fd4c 00000110

00f4fd50 00f601bc -> 2d 00 00 00 bc 01 f6 00 bc 01 f6 00 c4 01 f6 00 -...............

00f4fd54 000008b0

00f4fd58 00000000

00f4fd5c 0040eae0 = F3DRAGDOLLDEMO.EXE:.data+0x1ae0

-> 58 c1 40 00 00 00 00 00 01 00 00 00 20 03 00 00 X.@......... ...

00f4fd60 004059e3 = F3DRAGDOLLDEMO.EXE:.text+0x49e3

--------------------

0167:004059d5 3b3500dc4000 cmp esi,dword ptr [0040dc00]

0167:004059db 770b ja 004059e8 = F3DRAGDOLLDEMO.EXE:.text+0x49e8

0167:004059dd 56 push esi

0167:004059de e8511e0000 call 00407834 = F3DRAGDOLLDEMO.EXE:.text+0x6834

F3DRAGDOLLDEMO.EXE:.text+0x49e3:

*0167:004059e3 85c0 test eax,eax

0167:004059e5 59 pop ecx

0167:004059e6 751c jnz 00405a04 = F3DRAGDOLLDEMO.EXE:.text+0x4a04

0167:004059e8 85f6 test esi,esi

0167:004059ea 7503 jnz 004059ef = F3DRAGDOLLDEMO.EXE:.text+0x49ef

0167:004059ec 6a01 push +01

0167:004059ee 5e pop esi

0167:004059ef 83c60f add esi,+0f

0167:004059f2 83e6f0 and esi,-10

0167:004059f5 56 push esi

0167:004059f6 6a00 push +00

0167:004059f8 ff35e0f14000 push dword ptr [0040f1e0]

0167:004059fe ff15ccc04000 call dword ptr [0040c0cc] -> KERNEL32.DLL!HeapAlloc

0167:00405a04 5e pop esi

0167:00405a05 c3 retd

0167:00405a06 8b4c2404 mov ecx,dword ptr [esp+04]

0167:00405a0a 33d2 xor edx,edx

0167:00405a0c 890de0ec4000 mov dword ptr [0040ece0],ecx

0167:00405a12 b858d94000 mov eax,0040d958

0167:00405a17 3b08 cmp ecx,dword ptr [eax]

0167:00405a19 7420 jz 00405a3b = F3DRAGDOLLDEMO.EXE:.text+0x4a3b

0167:00405a1b 83c008 add eax,+08

0167:00405a1e 42 inc edx

0167:00405a1f 3d ?db 3d

0167:00405a20 c0 ?db c0

0167:00405a21 da ?db da

0167:00405a22 40 ?db 40

0167:00405a23 page not present

--------------------

00f4fd64 0106000c -> 00 00 08 28 01 20 00 00 ff ff ff 7b 00 00 07 01 ...(. .....{....

00f4fd68 0040e8c9 = F3DRAGDOLLDEMO.EXE:.data+0x18c9

-> 00 00 00 00 00 00 00 00 00 00 00 63 3a 5c 77 69 ...........c:\wi

00f4fd6c 004059b4 = F3DRAGDOLLDEMO.EXE:.text+0x49b4

--------------------

0167:004059a4 837c2404e0 cmp dword ptr [esp+04],-20

0167:004059a9 7722 ja 004059cd = F3DRAGDOLLDEMO.EXE:.text+0x49cd

0167:004059ab ff742404 push dword ptr [esp+04]

0167:004059af e81c000000 call 004059d0 = F3DRAGDOLLDEMO.EXE:.text+0x49d0

F3DRAGDOLLDEMO.EXE:.text+0x49b4:

*0167:004059b4 85c0 test eax,eax

0167:004059b6 59 pop ecx

0167:004059b7 7516 jnz 004059cf = F3DRAGDOLLDEMO.EXE:.text+0x49cf

0167:004059b9 39442408 cmp dword ptr [esp+08],eax

0167:004059bd 7410 jz 004059cf = F3DRAGDOLLDEMO.EXE:.text+0x49cf

0167:004059bf ff742404 push dword ptr [esp+04]

0167:004059c3 e86c320000 call 00408c34 = F3DRAGDOLLDEMO.EXE:.text+0x7c34

0167:004059c8 85c0 test eax,eax

0167:004059ca 59 pop ecx

0167:004059cb 75de jnz 004059ab = F3DRAGDOLLDEMO.EXE:.text+0x49ab

0167:004059cd 33c0 xor eax,eax

0167:004059cf c3 retd

0167:004059d0 56 push esi

0167:004059d1 8b742408 mov esi,dword ptr [esp+08]

0167:004059d5 3b3500dc4000 cmp esi,dword ptr [0040dc00]

0167:004059db 770b ja 004059e8 = F3DRAGDOLLDEMO.EXE:.text+0x49e8

0167:004059dd 56 push esi

0167:004059de e8511e0000 call 00407834 = F3DRAGDOLLDEMO.EXE:.text+0x6834

0167:004059e3 85c0 test eax,eax

0167:004059e5 59 pop ecx

0167:004059e6 751c jnz 00405a04 = F3DRAGDOLLDEMO.EXE:.text+0x4a04

0167:004059e8 85f6 test esi,esi

0167:004059ea 7503 jnz 004059ef = F3DRAGDOLLDEMO.EXE:.text+0x49ef

0167:004059ec 6a01 push +01

0167:004059ee 5e pop esi

0167:004059ef 83c60f add esi,+0f

0167:004059f2 83 ?db 83

0167:004059f3 e6 ?db e6

0167:004059f4 page not present

--------------------

00f4fd70 00000105

00f4fd74 00404a16 = F3DRAGDOLLDEMO.EXE:.text+0x3a16

--------------------

0167:004049d6 40 inc eax

0167:004049d7 00c7 add bh,al

0167:004049d9 0544d94000 add eax,0040d944

0167:004049de b155 mov cl,55

0167:004049e0 40 inc eax

0167:004049e1 00a340d94000 add byte ptr [ebx+0040d940],ah

0167:004049e7 c70548d9400017564000 mov dword ptr [0040d948],00405617

0167:004049f1 c7054cd9400057554000 mov dword ptr [0040d94c],00405557

0167:004049fb c70550d94000ff554000 mov dword ptr [0040d950],004055ff

0167:00404a05 a354d94000 mov dword ptr [0040d954],eax

0167:00404a0a c3 retd

0167:00404a0b 6a01 push +01

0167:00404a0d ff742408 push dword ptr [esp+08]

0167:00404a11 e88e0f0000 call 004059a4 = F3DRAGDOLLDEMO.EXE:.text+0x49a4

F3DRAGDOLLDEMO.EXE:.text+0x3a16:

*0167:00404a16 59 pop ecx

0167:00404a17 59 pop ecx

0167:00404a18 c3 retd

0167:00404a19 55 push ebp

0167:00404a1a 8bec mov ebp,esp

0167:00404a1c 81ec08010000 sub esp,00000108

0167:00404a22 ff7508 push dword ptr [ebp+08]

0167:00404a25 ff1590c04000 call dword ptr [0040c090] -> KERNEL32.DLL!SetCurrentDirectoryA

0167:00404a2b 85c0 test eax,eax

0167:00404a2d 745e jz 00404a8d = F3DRAGDOLLDEMO.EXE:.text+0x3a8d

0167:00404a2f 8d85f8feffff lea eax,[ebp-00000108]

0167:00404a35 50 push eax

0167:00404a36 6805010000 push 00000105

0167:00404a3b ff158cc04000 call dword ptr [0040c08c] -> KERNEL32.DLL!GetCurrentDirectoryA

0167:00404a41 85c0 test eax,eax

0167:00404a43 7448 jz 00404a8d = F3DRAGDOLLDEMO.EXE:.text+0x3a8d

0167:00404a45 8a85f8feffff mov al,byte ptr [ebp-00000108]

0167:00404a4b 3c5c cmp al,5c

0167:00404a4d 7404 jz 00404a53 = F3DRAGDOLLDEMO.EXE:.text+0x3a53

0167:00404a4f 3c2f cmp al,2f

0167:00404a51 7508 jnz 00404a5b = F3DRAGDOLLDEMO.EXE:.text+0x3a5b

--------------------

00f4fd78 00000105

00f4fd7c 00405d15 = F3DRAGDOLLDEMO.EXE:.text+0x4d15

--------------------

0167:00405d0a 56 push esi

0167:00405d0b 8b742408 mov esi,dword ptr [esp+08]

0167:00405d0f 56 push esi

0167:00405d10 e8c9170000 call 004074de = F3DRAGDOLLDEMO.EXE:.text+0x64de

F3DRAGDOLLDEMO.EXE:.text+0x4d15:

*0167:00405d15 85c0 test eax,eax

0167:00405d17 59 pop ecx

0167:00405d18 7408 jz 00405d22 = F3DRAGDOLLDEMO.EXE:.text+0x4d22

0167:00405d1a 8b46fc mov eax,dword ptr [esi-04]

0167:00405d1d 5e pop esi

0167:00405d1e 83e809 sub eax,+09

0167:00405d21 c3 retd

0167:00405d22 56 push esi

0167:00405d23 6a00 push +00

0167:00405d25 ff35e0f14000 push dword ptr [0040f1e0]

0167:00405d2b ff15dcc04000 call dword ptr [0040c0dc] -> KERNEL32.DLL!HeapSize

0167:00405d31 5e pop esi

0167:00405d32 c3 retd

0167:00405d33 cc int 3

0167:00405d34 cc int 3

0167:00405d35 cc int 3

0167:00405d36 cc int 3

0167:00405d37 cc int 3

0167:00405d38 cc int 3

0167:00405d39 cc int 3

0167:00405d3a cc int 3

0167:00405d3b cc int 3

0167:00405d3c cc int 3

0167:00405d3d cc int 3

0167:00405d3e cc int 3

0167:00405d3f cc int 3

0167:00405d40 57 push edi

0167:00405d41 8b7c2408 mov edi,dword ptr [esp+08]

0167:00405d45 eb6a jmp 00405db1 = F3DRAGDOLLDEMO.EXE:.text+0x4db1

0167:00405d47 8da42400000000 lea esp,[esp+00000000]

0167:00405d4e 8bff mov edi,edi

0167:00405d50 8b4c2404 mov ecx,dword ptr [esp+04]

0167:00405d54 57 ?db 57

0167:00405d55 page not present

--------------------

00f4fd80 01070e60 -> 00 2e 40 00 54 48 3d 43 3a 5c 44 4d 49 5c 57 69 ..@.TH=C:\DMI\Wi

00f4fd84 0040d004 = F3DRAGDOLLDEMO.EXE:.data+0x4

-> d0 2d 40 00 00 00 00 00 00 00 00 00 1e 4b 40 00 .-@..........K@.

00f4fd88 00404aab = F3DRAGDOLLDEMO.EXE:.text+0x3aab

--------------------

0167:00404a9e c3 retd

0167:00404a9f 56 push esi

0167:00404aa0 ff3510f34000 push dword ptr [0040f310]

0167:00404aa6 e85f120000 call 00405d0a = F3DRAGDOLLDEMO.EXE:.text+0x4d0a

F3DRAGDOLLDEMO.EXE:.text+0x3aab:

*0167:00404aab 8b1510f34000 mov edx,dword ptr [0040f310]

0167:00404ab1 59 pop ecx

0167:00404ab2 8b0d0cf34000 mov ecx,dword ptr [0040f30c]

0167:00404ab8 8bf1 mov esi,ecx

0167:00404aba 2bf2 sub esi,edx

0167:00404abc 83c604 add esi,+04

0167:00404abf 3bc6 cmp eax,esi

0167:00404ac1 5e pop esi

0167:00404ac2 733a jnc 00404afe = F3DRAGDOLLDEMO.EXE:.text+0x3afe

0167:00404ac4 52 push edx

0167:00404ac5 e840120000 call 00405d0a = F3DRAGDOLLDEMO.EXE:.text+0x4d0a

0167:00404aca 83c010 add eax,+10

0167:00404acd 50 push eax

0167:00404ace ff3510f34000 push dword ptr [0040f310]

0167:00404ad4 e80f100000 call 00405ae8 = F3DRAGDOLLDEMO.EXE:.text+0x4ae8

0167:00404ad9 83c40c add esp,+0c

0167:00404adc 85c0 test eax,eax

0167:00404ade 7501 jnz 00404ae1 = F3DRAGDOLLDEMO.EXE:.text+0x3ae1

0167:00404ae0 c3 retd

0167:00404ae1 8b0d0cf34000 mov ecx,dword ptr [0040f30c]

0167:00404ae7 2b ?db 2b

0167:00404ae8 0d ?db 0d

0167:00404ae9 10 ?db 10

0167:00404aea f3 ?db f3

0167:00404aeb page not present

--------------------

00f4fd8c 01070e60 -> 00 2e 40 00 54 48 3d 43 3a 5c 44 4d 49 5c 57 69 ..@.TH=C:\DMI\Wi

00f4fd90 0040d004 = F3DRAGDOLLDEMO.EXE:.data+0x4

-> d0 2d 40 00 00 00 00 00 00 00 00 00 1e 4b 40 00 .-@..........K@.

00f4fd94 00404b15 = F3DRAGDOLLDEMO.EXE:.text+0x3b15

--------------------

0167:00404b10 e88affffff call 00404a9f = F3DRAGDOLLDEMO.EXE:.text+0x3a9f

F3DRAGDOLLDEMO.EXE:.text+0x3b15:

*0167:00404b15 f7d8 neg eax

0167:00404b17 1bc0 sbb eax,eax

0167:00404b19 59 pop ecx

0167:00404b1a f7d8 neg eax

0167:00404b1c 48 dec eax

0167:00404b1d c3 retd

0167:00404b1e 6880000000 push 00000080

0167:00404b23 e86a0e0000 call 00405992 = F3DRAGDOLLDEMO.EXE:.text+0x4992

0167:00404b28 85c0 test eax,eax

0167:00404b2a 59 pop ecx

0167:00404b2b a310f34000 mov dword ptr [0040f310],eax

0167:00404b30 750d jnz 00404b3f = F3DRAGDOLLDEMO.EXE:.text+0x3b3f

0167:00404b32 6a18 push +18

0167:00404b34 e82d090000 call 00405466 = F3DRAGDOLLDEMO.EXE:.text+0x4466

0167:00404b39 a110f34000 mov eax,dword ptr [0040f310]

0167:00404b3e 59 pop ecx

0167:00404b3f 832000 and dword ptr [eax],+00

0167:00404b42 a110f34000 mov eax,dword ptr [0040f310]

0167:00404b47 a30cf34000 mov dword ptr [0040f30c],eax

0167:00404b4c c3 retd

0167:00404b4d 55 push ebp

0167:00404b4e 8bec mov ebp,esp

0167:00404b50 81 ?db 81

0167:00404b51 ec in al,dx

0167:00404b52 40 inc eax

0167:00404b53 01 ?db 01

0167:00404b54 00 ?db 00

0167:00404b55 page not present

--------------------

00f4fd98 01070e40 -> 0c 00 c5 01 8e 3b ac 00 a0 07 07 01 00 00 00 00 .....;..........

00f4fd9c 00f4f774 -> 00 00 00 00 00 00 00 00 00 00 54 00 63 3a 5c 77 ..........T.c:\w

00f4fda0 00f4fe28 -> 68 ff f4 00 3c 72 40 00 60 c1 40 00 00 00 00 00 h...<r@.`.@.....

00f4fda4 0040b49b = F3DRAGDOLLDEMO.EXE:.text+0xa49b

--------------------

0167:0040b493 50 push eax

0167:0040b494 e81795ffff call 004049b0 = F3DRAGDOLLDEMO.EXE:.text+0x39b0

0167:0040b499 59 pop ecx

0167:0040b49a c3 retd

F3DRAGDOLLDEMO.EXE:.text+0xa49b:

*0167:0040b49b b810c64000 mov eax,0040c610

0167:0040b4a0 e9ea9affff jmp 00404f8f = F3DRAGDOLLDEMO.EXE:.text+0x3f8f

0167:0040b4a5 cc int 3

0167:0040b4a6 cc int 3

0167:0040b4a7 cc int 3

0167:0040b4a8 cc int 3

0167:0040b4a9 cc int 3

0167:0040b4aa cc int 3

0167:0040b4ab cc int 3

0167:0040b4ac cc int 3

0167:0040b4ad cc int 3

0167:0040b4ae cc int 3

0167:0040b4af cc int 3

0167:0040b4b0 8b85e4fdffff mov eax,dword ptr [ebp-0000021c]

0167:0040b4b6 50 push eax

0167:0040b4b7 e8f494ffff call 004049b0 = F3DRAGDOLLDEMO.EXE:.text+0x39b0

0167:0040b4bc 59 pop ecx

0167:0040b4bd c3 retd

0167:0040b4be b870c64000 mov eax,0040c670

0167:0040b4c3 e9c79affff jmp 00404f8f = F3DRAGDOLLDEMO.EXE:.text+0x3f8f

0167:0040b4c8 0000 add byte ptr [eax],al

0167:0040b4ca 0000 add byte ptr [eax],al

0167:0040b4cc 0000 add byte ptr [eax],al

0167:0040b4ce 0000 add byte ptr [eax],al

0167:0040b4d0 0000 add byte ptr [eax],al

0167:0040b4d2 0000 add byte ptr [eax],al

0167:0040b4d4 0000 add byte ptr [eax],al

0167:0040b4d6 0000 add byte ptr [eax],al

0167:0040b4d8 0000 add byte ptr [eax],al

0167:0040b4da 00 ?db 00

0167:0040b4db page not present

--------------------

00f4fda8 ffffffff

00f4fdac 00f4fe38 -> 78 ff f4 00 60 b5 f8 bf 00 00 00 00 24 97 89 81 x...`.......$...

00f4fdb0 0040543e = F3DRAGDOLLDEMO.EXE:.text+0x443e

--------------------

0167:00405431 56 push esi

0167:00405432 ff15b4c04000 call dword ptr [0040c0b4] -> KERNEL32.DLL!GetModuleHandleA

0167:00405438 50 push eax

0167:00405439 e8c2e1ffff call 00403600 = F3DRAGDOLLDEMO.EXE:.text+0x2600

F3DRAGDOLLDEMO.EXE:.text+0x443e:

*0167:0040543e 8945a0 mov dword ptr [ebp-60],eax

0167:00405441 50 push eax

0167:00405442 e8ee070000 call 00405c35 = F3DRAGDOLLDEMO.EXE:.text+0x4c35

0167:00405447 8b45ec mov eax,dword ptr [ebp-14]

0167:0040544a 8b08 mov ecx,dword ptr [eax]

0167:0040544c 8b09 mov ecx,dword ptr [ecx]

0167:0040544e 894d98 mov dword ptr [ebp-68],ecx

0167:00405451 50 push eax

0167:00405452 51 push ecx

0167:00405453 e8df150000 call 00406a37 = F3DRAGDOLLDEMO.EXE:.text+0x5a37

0167:00405458 59 pop ecx

0167:00405459 59 pop ecx

0167:0040545a c3 retd

0167:0040545b 8b65e8 mov esp,dword ptr [ebp-18]

0167:0040545e ff7598 push dword ptr [ebp-68]

0167:00405461 e8e0070000 call 00405c46 = F3DRAGDOLLDEMO.EXE:.text+0x4c46

0167:00405466 833dc8ec400001 cmp dword ptr [0040ecc8],+01

0167:0040546d 7505 jnz 00405474 = F3DRAGDOLLDEMO.EXE:.text+0x4474

0167:0040546f e8a01e0000 call 00407314 = F3DRAGDOLLDEMO.EXE:.text+0x6314

0167:00405474 ff742404 push dword ptr [esp+04]

0167:00405478 e8d01e0000 call 0040734d = F3DRAGDOLLDEMO.EXE:.text+0x634d

0167:0040547d 68 ?db 68

0167:0040547e page not present

--------------------

00f4fdb4 00400000 = F3DRAGDOLLDEMO.EXE+0x0

-> 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 MZ..............

00f4fdb8 00000000

...

00f4fdc0 00000001

00f4fdc4 00000000

00f4fdc8 81899724 -> 06 00 07 00 50 21 5e c1 00 00 00 00 00 00 00 00 ....P!^.........

00f4fdcc 00540000

00f4fdd0 00000000

00f4fdd4 818df8bf -> 00 00 00 00 00 30 2b 86 81 84 f8 8d 81 60 00 00 .....0+......`..

00f4fdd8 bffc9490 = KERNEL32.DLL:.data+0x490

-> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00f4fddc 00000044

00f4fde0 00000000

...

00f4fe08 00000401

00f4fe0c 00000001

00f4fe10 00000000

...

00f4fe18 000011a2

00f4fe1c 00000000

00f4fe20 00f4fdc4 -> 00 00 00 00 24 97 89 81 00 00 54 00 00 00 00 00 ....$.....T.....

00f4fe24 81899724 -> 06 00 07 00 50 21 5e c1 00 00 00 00 00 00 00 00 ....P!^.........

00f4fe28 00f4ff68 -> ff ff ff ff b4 05 fc bf 38 91 f7 bf 00 00 00 00 ........8.......

00f4fe2c 0040723c = F3DRAGDOLLDEMO.EXE:.text+0x623c

-> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E

00f4fe30 0040c160 = F3DRAGDOLLDEMO.EXE:.rdata+0x160

-> ff ff ff ff 47 54 40 00 5b 54 40 00 00 00 00 00 ....GT@.[T@.....

00f4fe34 00000000

00f4fe38 00f4ff78 -> f4 ff f4 00 12 b4 f8 bf 40 3f 8a 81 08 00 00 00 ........@?......

00f4fe3c bff8b560 = KERNEL32!ApplicationStartup

--------------------

0167:bff8b551 c745fc00000000 mov dword ptr [ebp-04],00000000

0167:bff8b558 8b45d4 mov eax,dword ptr [ebp-2c]

0167:bff8b55b e8b98dfeff call bff74319 = KERNEL32.DLL:_FREQASM+0x3319

KERNEL32!ApplicationStartup:

*0167:bff8b560 8945d8 mov dword ptr [ebp-28],eax

0167:bff8b563 eb1a jmp bff8b57f = KERNEL32.DLL:.text+0x1257f

0167:bff8b565 ff75ec push dword ptr [ebp-14]

0167:bff8b568 e8c7250100 call bff9db34 = KERNEL32.DLL!UnhandledExceptionFilter

0167:bff8b56d c3 retd

0167:bff8b56e 8b65e8 mov esp,dword ptr [ebp-18]

0167:bff8b571 8b45e0 mov eax,dword ptr [ebp-20]

0167:bff8b574 80480308 or byte ptr [eax+03],08

0167:bff8b578 6aff push -01

0167:bff8b57a e8501c0000 call bff8d1cf = KERNEL32.DLL:.text+0x141cf

0167:bff8b57f c745fcffffffff mov dword ptr [ebp-04],ffffffff

0167:bff8b586 ff75d8 push dword ptr [ebp-28]

0167:bff8b589 e87ae9ffff call bff89f08 = KERNEL32.DLL!ExitThread

0167:bff8b58e a1e49cfcbf mov eax,dword ptr [bffc9ce4]

0167:bff8b593 8b00 mov eax,dword ptr [eax]

0167:bff8b595 83c060 add eax,+60

0167:bff8b598 50 push eax

0167:bff8b599 e84f8cfeff call bff741ed = KERNEL32.DLL!98

0167:bff8b59e 6a ?db 6a

0167:bff8b59f ff ?db ff

0167:bff8b5a0 page not present

--------------------

00f4fe40 00000000

00f4fe44 81899724 -> 06 00 07 00 50 21 5e c1 00 00 00 00 00 00 00 00 ....P!^.........

00f4fe48 00540000

00f4fe4c 72643346

00f4fe50 6f646761

00f4fe54 65646c6c

00f4fe58 45006f6d

00f4fe5c 00004558

00f4fe60 00000000

...

00f4ff38 00f4ff6c -> b4 05 fc bf 38 91 f7 bf 00 00 00 00 f4 ff f4 00 ....8...........

00f4ff3c 81807050 -> 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

00f4ff40 818c4b5c -> 24 00 00 a0 04 00 00 00 00 00 00 00 00 00 00 00 $...............

00f4ff44 c15f6d10 -> 01 00 00 00 40 3f 8a 81 24 97 89 81 c0 bd 59 c1 ....@?..$.....Y.

00f4ff48 00f4ff6c -> b4 05 fc bf 38 91 f7 bf 00 00 00 00 f4 ff f4 00 ....8...........

00f4ff4c 00405370 = F3DRAGDOLLDEMO.EXE:.text+0x4370

--------------------

0167:0040536c 5e pop esi

0167:0040536d 5b pop ebx

0167:0040536e c9 leave

0167:0040536f c3 retd

F3DRAGDOLLDEMO.EXE:.text+0x4370:

*0167:00405370 55 push ebp

0167:00405371 8bec mov ebp,esp

0167:00405373 6aff push -01

0167:00405375 6860c14000 push 0040c160

0167:0040537a 683c724000 push 0040723c

0167:0040537f 64a100000000 mov eax,dword ptr fs:[00000000]

0167:00405385 50 push eax

0167:00405386 64892500000000 mov dword ptr fs:[00000000],esp

0167:0040538d 83ec58 sub esp,+58

0167:00405390 53 push ebx

0167:00405391 56 push esi

0167:00405392 57 push edi

0167:00405393 8965e8 mov dword ptr [ebp-18],esp

0167:00405396 ff15c0c04000 call dword ptr [0040c0c0] -> KERNEL32.DLL!GetVersion

0167:0040539c 33d2 xor edx,edx

0167:0040539e 8ad4 mov dl,ah

0167:004053a0 8915f4ec4000 mov dword ptr [0040ecf4],edx

0167:004053a6 8bc8 mov ecx,eax

0167:004053a8 81e1ff000000 and ecx,000000ff

0167:004053ae 89 ?db 89

0167:004053af 0d ?db 0d

0167:004053b0 page not present

--------------------

00f4ff50 bff7b326 = KERNEL32.DLL:.text+0x2326

--------------------

0167:bff7b318 e8f4edffff call bff7a111 = KERNEL32.DLL:.text+0x1111

0167:bff7b31d ff750c push dword ptr [ebp+0c]

0167:bff7b320 56 push esi

0167:bff7b321 e8caedffff call bff7a0f0 = KERNEL32.DLL:.text+0x10f0

KERNEL32.DLL:.text+0x2326:

*0167:bff7b326 b801000000 mov eax,00000001

0167:bff7b32b 5f pop edi

0167:bff7b32c 5e pop esi

0167:bff7b32d 5b pop ebx

0167:bff7b32e 8be5 mov esp,ebp

0167:bff7b330 5d pop ebp

0167:bff7b331 c20c00 retd 000c

0167:bff7b334 55 push ebp

0167:bff7b335 8bec mov ebp,esp

0167:bff7b337 83ec04 sub esp,+04

0167:bff7b33a a1e49cfcbf mov eax,dword ptr [bffc9ce4]

0167:bff7b33f 53 push ebx

0167:bff7b340 56 push esi

0167:bff7b341 57 push edi

0167:bff7b342 8b7d08 mov edi,dword ptr [ebp+08]

0167:bff7b345 8b08 mov ecx,dword ptr [eax]

0167:bff7b347 81e7ff8fffff and edi,ffff8fff

0167:bff7b34d 8b5118 mov edx,dword ptr [ecx+18]

0167:bff7b350 ff724c push dword ptr [edx+4c]

0167:bff7b353 e8698fffff call bff742c1 = KERNEL32.DLL:_FREQASM+0x32c1

0167:bff7b358 f7c78d80ffff test edi,ffff808d

0167:bff7b35e 740c jz bff7b36c = KERNEL32.DLL:.text+0x236c

0167:bff7b360 6a57 push +57

0167:bff7b362 e8 ?db e8

0167:bff7b363 3916 cmp dword ptr [esi],edx

0167:bff7b365 00 ?db 00

0167:bff7b366 page not present

--------------------

00f4ff54 00000000

00f4ff58 81899744 -> 00 02 00 00 e0 f9 01 00 ef 65 e8 00 01 00 01 00 .........e......

00f4ff5c 43b60000

00f4ff60 00f4fe40 -> 00 00 00 00 24 97 89 81 00 00 54 00 46 33 64 72 ....$.....T.F3dr

00f4ff64 00540000

00f4ff68 ffffffff

00f4ff6c bffc05b4 = KERNEL32.DLL:.text+0x475b4

-> 55 8b ec 83 ec 08 53 56 57 55 fc 8b 5d 0c 8b 45 U.....SVWU..]..E

00f4ff70 bff79138 = KERNEL32.DLL:.text+0x138

-> ff ff ff ff 65 b5 f8 bf 6e b5 f8 bf 00 00 00 00 ....e...n.......

00f4ff74 00000000

00f4ff78 00f4fff4 -> ec 3f ae 83 d5 9d f8 bf 00 00 00 00 .?..........

00f4ff7c bff8b412 = KERNEL32.DLL:.text+0x12412

--------------------

0167:bff8b405 e80397feff call bff74b0d = KERNEL32.DLL:_FREQASM+0x3b0d

0167:bff8b40a 897d08 mov dword ptr [ebp+08],edi

0167:bff8b40d e84a000000 call bff8b45c = KERNEL32.DLL:.text+0x1245c

KERNEL32.DLL:.text+0x12412:

*0167:bff8b412 a1e49cfcbf mov eax,dword ptr [bffc9ce4]

0167:bff8b417 8b00 mov eax,dword ptr [eax]

0167:bff8b419 83c060 add eax,+60

0167:bff8b41c 50 push eax

0167:bff8b41d e8cb8dfeff call bff741ed = KERNEL32.DLL!98

0167:bff8b422 e87626ffff call bff7da9d = KERNEL32.DLL:.text+0x4a9d

0167:bff8b427 8945f0 mov dword ptr [ebp-10],eax

0167:bff8b42a 837df800 cmp dword ptr [ebp-08],+00

0167:bff8b42e 7408 jz bff8b438 = KERNEL32.DLL:.text+0x12438

0167:bff8b430 ff75f8 push dword ptr [ebp-08]

0167:bff8b433 e843020000 call bff8b67b = KERNEL32.DLL:.text+0x1267b

0167:bff8b438 837d0800 cmp dword ptr [ebp+08],+00

0167:bff8b43c 740d jz bff8b44b = KERNEL32.DLL:.text+0x1244b

0167:bff8b43e ff7508 push dword ptr [ebp+08]

0167:bff8b441 6a00 push +00

0167:bff8b443 ff7634 push dword ptr [esi+34]

0167:bff8b446 e8c296feff call bff74b0d = KERNEL32.DLL:_FREQASM+0x3b0d

0167:bff8b44b ff75f0 push dword ptr [ebp-10]

0167:bff8b44e e8 ?db e8

0167:bff8b44f 7c1d jl bff8b46e = KERNEL32.DLL:.text+0x1246e

0167:bff8b451 00 ?db 00

0167:bff8b452 page not present

--------------------

00f4ff80 818a3f40 -> 07 00 00 00 00 9c 4c c1 c8 f2 f4 00 00 00 f5 00 ......L.........

00f4ff84 00000008

00f4ff88 81899724 -> 06 00 07 00 50 21 5e c1 00 00 00 00 00 00 00 00 ....P!^.........

00f4ff8c 00000000

...

00f4ffd0 0002ffff

00f4ffd4 0000f2f4

00f4ffd8 00f4e000 -> 00 00 00 00 dc b1 a1 06 b6 ea d3 06 40 bb 00 00 ............@...

00f4ffdc 00f50000

00f4ffe0 00000000

00f4ffe4 ffffffff

00f4ffe8 8189df88 -> 50 45 00 00 4c 01 04 00 5e 7a 49 42 00 00 00 00 PE..L...^zIB....

00f4ffec 00000000

00f4fff0 564f43b6

00f4fff4 83ae3fec

00f4fff8 bff89dd5 = KERNEL32.DLL:.text+0x10dd5

--------------------

0167:bff89dc6 7505 jnz bff89dcd = KERNEL32.DLL:.text+0x10dcd

0167:bff89dc8 e8a1deffff call bff87c6e = KERNEL32.DLL:.text+0xec6e

0167:bff89dcd ff742408 push dword ptr [esp+08]

0167:bff89dd1 ff542408 call dword ptr [esp+08]

KERNEL32.DLL:.text+0x10dd5:

*0167:bff89dd5 c20c00 retd 000c

0167:bff89dd8 56 push esi

0167:bff89dd9 a1e49cfcbf mov eax,dword ptr [bffc9ce4]

0167:bff89dde 8b742408 mov esi,dword ptr [esp+08]

0167:bff89de2 57 push edi

0167:bff89de3 8b38 mov edi,dword ptr [eax]

0167:bff89de5 8b4608 mov eax,dword ptr [esi+08]

0167:bff89de8 85c0 test eax,eax

0167:bff89dea 7413 jz bff89dff = KERNEL32.DLL:.text+0x10dff

0167:bff89dec 50 push eax

0167:bff89ded e8feb7feff call bff755f0 = KERNEL32.DLL:_FREQASM+0x45f0

0167:bff89df2 ff7608 push dword ptr [esi+08]

0167:bff89df5 6a00 push +00

0167:bff89df7 ff7734 push dword ptr [edi+34]

0167:bff89dfa e80eadfeff call bff74b0d = KERNEL32.DLL:_FREQASM+0x3b0d

0167:bff89dff 56 push esi

0167:bff89e00 e80d31ffff call bff7cf12 = KERNEL32.DLL:.text+0x3f12

0167:bff89e05 5f pop edi

0167:bff89e06 5e pop esi

0167:bff89e07 c20400 retd 0004

0167:bff89e0a 53 push ebx

0167:bff89e0b a1109dfcbf mov eax,dword ptr [bffc9d10]

0167:bff89e10 56 push esi

0167:bff89e11 57 push edi

0167:bff89e12 55 push ebp

0167:bff89e13 50 push eax

0167:bff89e14 e8 ?db e8

0167:bff89e15 page not present

--------------------

00f4fffc 00000000

Swords? who needs swords, when you got big feet!

IP Logged

Showing page 2 of 3 - 21 messages found

« First Page Prev Page Next Page Last Page »

« Next Oldest :: Next Newest »