date/time         : 2011-03-28 22:05
computer name     : ARCHY
user name         : Administrator
admin/terminal    : TRUE / FALSE
operating system  : Windows XP Service Pack 3 build 2600
system language   : Chinese
system up time    : 8 hours 25 minutes 
program up time   : 10 minutes 30 seconds 
processors        : 2x Intel(R) Pentium(R) D CPU 2.80GHz
physical memory   : 815/1534 MB (/ܼ)
display mode      : 1, 1280x960, 32 bit
allocated memory  : 11.78 MB
executable        : flashfxp.exe
exec. date/time   : 2008-11-21 11:53
version           : 3.7.6.1308
executable size   : 3985920
executable hash   : 9FDCFFCDC62D63BF512B8D41273E7CC6
madExcept version : 2.7k
exception class   : EAccessViolation
exception message : ȡڵַ 7C931A79 ģ 'ntdll.dll'ȡ ַ 00000008.

main thread ($440):
7c931a79 ntdll.dll                                RtlAllocateHeap
7c809a79 kernel32.dll                             LocalAlloc
769ad018 ole32.dll                                CoTaskMemAlloc
77f46cad SHLWAPI.dll                              SHStrDupW
005c0050 flashfxp.exe SBSSHClient       8815  +31 TElSSHClientTunnelConnection.SendData
769acffc ole32.dll                                CoTaskMemFree
77f46d93 SHLWAPI.dll                              StrRetToBufW
77f440ce SHLWAPI.dll                              #219
7d5c167d shell32.dll                              SHGetPathFromIDListW
7d604d41 shell32.dll                              SHGetPathFromIDList
004dae9c flashfxp.exe UPTShellUtils      614   +7 ShellGetPathFromIdList
005feee1 flashfxp.exe UPTShellControls  3572   +2 TPTShListData.GetPathName
005ff340 flashfxp.exe UPTShellControls  3757  +11 TPTShListData.GetExtraData
00607e19 flashfxp.exe UPTShellControls  8859   +7 TPTCustomShellList.AddNewShellItem
00606500 flashfxp.exe UPTShellControls  7861 +118 TPTCustomShellList.RefreshItems
00609df3 flashfxp.exe UPTShellControls 10029  +31 TPTCustomShellList.TimerElapsed
005f22c2 flashfxp.exe TimerEx            189   +1 TTimerEx.Timer
005f20dc flashfxp.exe TimerEx            102   +7 TTimerEx.AppWinProcEx
004871a9 flashfxp.exe Forms             6477   +4 TApplication.WndProc
0047f1c0 flashfxp.exe Forms             1484   +8 StdWndProc
77d196c2 user32.dll                               DispatchMessageA
00487d37 flashfxp.exe Forms             6901  +34 TApplication.ProcessMessage
00487d6e flashfxp.exe Forms             6939   +1 TApplication.HandleMessage
00487f8e flashfxp.exe Forms             7029  +21 TApplication.Run
006ec68d flashfxp.exe FlashFXP           682 +509 initialization

thread $438 (TChangeHandlerThread):
7c92e514 ntdll.dll                              KiFastSystemCallRet
7c92df48 ntdll.dll                              NtWaitForMultipleObjects
7c80958a kernel32.dll                           WaitForMultipleObjectsEx
7c80a110 kernel32.dll                           WaitForMultipleObjects
005ffbd1 flashfxp.exe UPTShellControls 4038 +11 TChangeHandlerThread.Execute
0044d1be flashfxp.exe madExcept                 HookedTThreadExecute
0041b210 flashfxp.exe Classes          6905  +1 ThreadProc
00403fbc flashfxp.exe System                    ThreadWrapper
0044d0f1 flashfxp.exe madExcept                 CallThreadProc
0044d133 flashfxp.exe madExcept                 ThreadExceptFrame
>> created by main thread ($440) at:
005ff897 flashfxp.exe UPTShellControls 3934  +2 TChangeHandlerThread.Create

thread $790: <priority:1>
7c92e514 ntdll.dll  KiFastSystemCallRet
7c92da48 ntdll.dll  NtRemoveIoCompletion

:
00400000 flashfxp.exe          3.7.6.1308       D:\FlashFXP
01250000 safemon.dll           6.8.1.1030       D:\Program Files\360safe\safemon
012c0000 Normaliz.dll          6.0.5441.0       C:\WINDOWS\system32
01cb0000 ssleay32.dll          0.9.8.9          D:\FlashFXP
01d10000 libeay32.dll          0.9.8.9          D:\FlashFXP
07160000 audiodev.dll          5.2.5721.5145    C:\WINDOWS\system32
10000000 AdobeDriveCS4_NP.dll  4.0.0.344        C:\Program Files\Common Files\Adobe\Adobe Drive CS4
10930000 portabledeviceapi.dll 5.2.5721.5145    C:\WINDOWS\system32
11c70000 WMASF.DLL             11.0.5721.5238   C:\WINDOWS\system32
15110000 WMVCore.DLL           11.0.5721.5275   C:\WINDOWS\system32
16210000 wpdshext.dll          5.2.5721.5145    C:\WINDOWS\system32
1f840000 odbcint.dll           3.525.1117.0     C:\WINDOWS\system32
325c0000 msohev.dll            11.0.5510.0      D:\Program Files\Microsoft Office\OFFICE11
3e410000 WININET.dll           8.0.6001.19019   C:\WINDOWS\system32
3eab0000 iertutil.dll          8.0.6001.19019   C:\WINDOWS\system32
43ce0000 urlmon.dll            8.0.6001.19019   C:\WINDOWS\system32
4ae90000 gdiplus.dll           5.2.6001.22319   C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.6001.22319_x-ww_f0b4c2df
5adc0000 uxtheme.dll           6.0.2900.5512    C:\WINDOWS\system32
5fdd0000 NETAPI32.dll          5.1.2600.5694    C:\WINDOWS\system32
60fd0000 hnetcfg.dll           5.1.2600.5512    C:\WINDOWS\system32
62c20000 LPK.DLL               5.1.2600.5512    C:\WINDOWS\system32
719c0000 mswsock.dll           5.1.2600.5625    C:\WINDOWS\System32
71a00000 wshtcpip.dll          5.1.2600.5512    C:\WINDOWS\System32
71a10000 WS2HELP.dll           5.1.2600.5512    C:\WINDOWS\system32
71a20000 WS2_32.dll            5.1.2600.5512    C:\WINDOWS\system32
71a40000 wsock32.dll           5.1.2600.5512    C:\WINDOWS\system32
71a90000 MPR.dll               5.1.2600.5512    C:\WINDOWS\system32
71b70000 SAMLIB.dll            5.1.2600.5512    C:\WINDOWS\System32
71b90000 ntlanman.dll          5.1.2600.5512    C:\WINDOWS\System32
71c00000 NETRAP.dll            5.1.2600.5512    C:\WINDOWS\System32
71c10000 NETUI1.dll            5.1.2600.5512    C:\WINDOWS\System32
71c50000 NETUI0.dll            5.1.2600.5512    C:\WINDOWS\System32
72f70000 winspool.drv          5.1.2600.5512    C:\WINDOWS\system32
73540000 ODBC32.dll            3.525.3012.0     C:\WINDOWS\system32
73640000 msctfime.ime          5.1.2600.5768    C:\WINDOWS\system32
73ce0000 shgina.dll            6.0.2900.5512    C:\WINDOWS\system32
73fa0000 USP10.dll             1.420.2600.5969  C:\WINDOWS\system32
74680000 MSCTF.dll             5.1.2600.5512    C:\WINDOWS\system32
758d0000 MSGINA.dll            5.1.2600.5512    C:\WINDOWS\system32
759d0000 USERENV.dll           5.1.2600.5512    C:\WINDOWS\system32
75ed0000 drprov.dll            5.1.2600.5512    C:\WINDOWS\System32
75ee0000 davclnt.dll           5.1.2600.5512    C:\WINDOWS\System32
75ff0000 MSVCP60.dll           6.2.3104.0       C:\WINDOWS\system32
76060000 SETUPAPI.dll          5.1.2600.5512    C:\WINDOWS\system32
762d0000 WINSTA.dll            5.1.2600.5512    C:\WINDOWS\system32
76300000 IMM32.DLL             5.1.2600.5512    C:\WINDOWS\system32
76320000 comdlg32.dll          6.0.2900.5512    C:\WINDOWS\system32
765e0000 crypt32.dll           5.131.2600.5512  C:\WINDOWS\system32
76950000 LINKINFO.dll          5.1.2600.5512    C:\WINDOWS\system32
76960000 ntshrui.dll           5.1.2600.5512    C:\WINDOWS\system32
76990000 ole32.dll             5.1.2600.6010    C:\WINDOWS\system32
76af0000 ATL.DLL               3.5.2284.2       C:\WINDOWS\system32
76b10000 winmm.dll             5.1.2600.5512    C:\WINDOWS\system32
76bc0000 PSAPI.DLL             5.1.2600.5512    C:\WINDOWS\system32
76c00000 WINTRUST.dll          5.131.2600.5922  C:\WINDOWS\system32
76c60000 IMAGEHLP.dll          5.1.2600.5512    C:\WINDOWS\system32
76d70000 appHelp.dll           5.1.2600.5512    C:\WINDOWS\system32
76db0000 MSASN1.dll            5.1.2600.5875    C:\WINDOWS\system32
76ef0000 DNSAPI.dll            5.1.2600.5625    C:\WINDOWS\system32
76f30000 WLDAP32.dll           5.1.2600.5512    C:\WINDOWS\system32
76f80000 winrnr.dll            5.1.2600.5512    C:\WINDOWS\System32
76f90000 rasadhlp.dll          5.1.2600.5512    C:\WINDOWS\system32
76fa0000 CLBCATQ.DLL           2001.12.4414.700 C:\WINDOWS\system32
77020000 COMRes.dll            2001.12.4414.700 C:\WINDOWS\system32
770f0000 oleaut32.dll          5.1.2600.5512    C:\WINDOWS\system32
77180000 comctl32.dll          6.0.2900.6028    C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202
77bd0000 version.dll           5.1.2600.5512    C:\WINDOWS\system32
77be0000 msvcrt.dll            7.0.2600.5512    C:\WINDOWS\system32
77d10000 user32.dll            5.1.2600.5512    C:\WINDOWS\system32
77da0000 advapi32.dll          5.1.2600.5755    C:\WINDOWS\system32
77e50000 RPCRT4.dll            5.1.2600.6022    C:\WINDOWS\system32
77ef0000 GDI32.dll             5.1.2600.5698    C:\WINDOWS\system32
77f40000 SHLWAPI.dll           6.0.2900.5912    C:\WINDOWS\system32
77fc0000 Secur32.dll           5.1.2600.5834    C:\WINDOWS\system32
7c800000 kernel32.dll          5.1.2600.5781    C:\WINDOWS\system32
7c920000 ntdll.dll             5.1.2600.6055    C:\WINDOWS\system32
7d590000 shell32.dll           6.0.2900.6072    C:\WINDOWS\system32

disassembling:
[...]
7c9317ac   push    dword ptr [ebp-$1c]
7c9317af   call    -$10d6 ($7c9306de)
7c9317b4   lea     edx, [esi+8]
7c9317b7   mov     [ebp-$19c], edx
7c9317bd   mov     eax, [edx]
7c9317bf   mov     [ebp-$11c], eax
7c9317c5   mov     ecx, [edx+4]
7c9317c8   mov     [ebp-$174], ecx
7c9317ce   jmp     loc_7c930ede
7c931a54   mov     esi, [eax+4]
7c931a57   sub     esi, 8
7c931a5a   mov     [ebp-$38], esi
7c931a5d   mov     al, [esi+5]
7c931a60   mov     [ebp-$1d], al
7c931a63   lea     ecx, [esi+8]
7c931a66   mov     edi, [ecx]
7c931a68   mov     [ebp-$1b8], edi
7c931a6e   mov     edx, [esi+$c]
7c931a71   mov     [ebp-$88], edx
7c931a77   mov     edx, [edx]
7c931a79 > cmp     edx, [edi+4]
7c931a7c   jnz     loc_7c95699a
7c931a82   cmp     edx, ecx
7c931a84   jnz     loc_7c95699a
7c931a8a   mov     ecx, [ebp-$88]
7c931a90   mov     [ecx], edi
7c931a92   mov     [edi+4], ecx
7c931a95   cmp     edi, ecx
7c931a97   jnz     loc_7c931ac8
7c931a99   movzx   ecx, word ptr [esi]
7c931a9c   mov     edx, ecx
7c931a9e   shr     edx, 3
7c931aa1   mov     [ebp-$1c0], edx
7c931aa7   and     ecx, 7
7c931aaa   xor     edi, edi
7c931aac   inc     edi
7c931aad   shl     edi, cl
7c931aaf   mov     [ebp-$b0], edi
7c931ab5   lea     edi, [edx+ebx+$158]
7c931abc   xor     ecx, ecx
7c931abe   mov     cl, [edi]
[...]

