date/time : 2011-01-10, 20:52:00, 972ms computer name : RAPC user name : ra registered owner : Microsoft / Microsoft operating system : Windows 7 x64 build 7600 system language : German system up time : 6 hours 19 minutes program up time : 1 second processors : 4x AMD Athlon(tm) II X4 605e Processor physical memory : 2120/3839 MB (free/total) free disk space : (C:) 14,02 GB display mode : 1920x1080, 32 bit process id : $75c allocated memory : 93,09 MB executable : Armada2.exe current module : FleetOpsHook.dll module date/time : 2010-12-25 10:14 version : 3.1.5 contact name : xtlc contact email : rt@krawall.de callstack crc : $f5012264, $8fe58305, $8fe58305 exception number : 1 exception class : EAccessViolation exception message : Access violation at address 755995C2 in module 'msvcrt.dll'. Write of address 06886000. main thread ($b88): 755995c2 +8d19 msvcrt.dll strncpy 00655c04 +0144 Armada2.exe iparser.Fill_Individual_Field 00656242 +02f2 Armada2.exe iparser.Parse_Struct_Array 00656f5f +027f Armada2.exe iparser.Parse_Declaration 006580ec +032c Armada2.exe iparser.Parse_File 00481a71 +0051 Armada2.exe Localized_Strings.Load_Dynamic_String_File 0048197b +001b Armada2.exe Localized_Strings.Localized_Strings 00483fc2 +01b2 Armada2.exe Program.SystemOpen 00476065 +00f5 Armada2.exe _WinMain@16 5a9a9dfd +0029 FleetOpsHook.dll FleetOpsFunctionsHook 4821 +3 DebugException_Execute_New 5a9a9fcd +00a1 FleetOpsHook.dll FleetOpsFunctionsHook 4884 +33 A2_WinMain 006734ef +012f Armada2.exe _WinMainCRTStartup 75c03675 +0010 kernel32.dll BaseThreadInitThunk thread $101c: 777c1ecf +0b ntdll.dll NtWaitForWorkViaWorkerFactory 75c03675 +10 kernel32.dll BaseThreadInitThunk thread $6a0: 777c00e6 +0e ntdll.dll NtWaitForMultipleObjects 75c03675 +10 kernel32.dll BaseThreadInitThunk thread $404: 777c1ecf +0b ntdll.dll NtWaitForWorkViaWorkerFactory 75c03675 +10 kernel32.dll BaseThreadInitThunk modules: 00400000 Armada2.exe 43.0.0.0 C:\Fleet Operations\data 02930000 fmodex.dll 0.4.32.0 C:\Fleet Operations\data 04840000 Tunngle.dll 1.0.3.1 C:\Fleet Operations\data 10000000 NetworkManager.dll C:\Fleet Operations\data 18000000 binkw32.dll 1.9.16.0 C:\Fleet Operations\data 4a800000 Win2kDisableTaskSwitch.dll C:\Fleet Operations\data 5a800000 FleetOpsHook.dll C:\Fleet Operations 5e340000 d3dx9_33.dll 9.18.904.15 C:\Fleet Operations\data 68c90000 d3d8.dll 6.1.7600.16385 C:\Windows\system32 69680000 MSVCP60.dll 7.0.7600.16385 C:\Windows\system32 696f0000 MSVFW32.dll 6.1.7600.16385 C:\Windows\system32 69720000 AVIFIL32.dll 6.1.7600.16490 C:\Windows\system32 711a0000 dwmapi.dll 6.1.7600.16385 C:\Windows\system32 72210000 uxtheme.dll 6.1.7600.16385 C:\Windows\system32 72350000 COMCTL32.dll 6.10.7600.16661 C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd 725e0000 POWRPROF.dll 6.1.7600.16385 C:\Windows\system32 72660000 wshtcpip.dll 6.1.7600.16385 C:\Windows\System32 72670000 ntmarta.dll 6.1.7600.16385 C:\Windows\system32 72710000 rasadhlp.dll 6.1.7600.16385 C:\Windows\system32 72720000 fwpuclnt.dll 6.1.7600.16385 C:\Windows\System32 72760000 mdnsNSP.dll 2.0.3.0 C:\Program Files (x86)\Bonjour 72790000 pnrpnsp.dll 6.1.7600.16385 C:\Windows\system32 727b0000 napinsp.dll 6.1.7600.16385 C:\Windows\system32 73520000 winrnr.dll 6.1.7600.16385 C:\Windows\System32 73620000 DNSAPI.dll 6.1.7600.16385 C:\Windows\system32 73670000 mswsock.dll 6.1.7600.16385 C:\Windows\system32 736b0000 NLAapi.dll 6.1.7600.16385 C:\Windows\system32 73910000 wsock32.dll 6.1.7600.16385 C:\Windows\system32 74390000 propsys.dll 7.0.7600.16385 C:\Windows\system32 74a20000 MSACM32.dll 6.1.7600.16385 C:\Windows\system32 74a80000 DSOUND.dll 6.1.7600.16385 C:\Windows\system32 74b00000 d3d8thk.dll 6.1.7600.16385 C:\Windows\system32 74b10000 d3d9.dll 6.1.7600.16385 C:\Windows\system32 74ce0000 WINMM.dll 6.1.7600.16385 C:\Windows\system32 74f60000 VERSION.dll 6.1.7600.16385 C:\Windows\system32 750b0000 WINNSI.DLL 6.1.7600.16385 C:\Windows\system32 750c0000 Iphlpapi.DLL 6.1.7600.16385 C:\Windows\system32 75300000 CRYPTBASE.dll 6.1.7600.16385 C:\Windows\syswow64 75310000 SspiCli.dll 6.1.7600.16484 C:\Windows\syswow64 75370000 CLBCatQ.DLL 2001.12.8530.16385 C:\Windows\syswow64 75400000 DEVOBJ.dll 6.1.7600.16385 C:\Windows\syswow64 75420000 ADVAPI32.dll 6.1.7600.16385 C:\Windows\syswow64 754c0000 WLDAP32.dll 6.1.7600.16385 C:\Windows\syswow64 75570000 NSI.dll 6.1.7600.16385 C:\Windows\syswow64 75580000 msvcrt.dll 7.0.7600.16385 C:\Windows\syswow64 75630000 IMM32.dll 6.1.7600.16385 C:\Windows\syswow64 75690000 comdlg32.dll 6.1.7600.16385 C:\Windows\syswow64 75710000 MSASN1.dll 6.1.7600.16415 C:\Windows\syswow64 757b0000 LPK.dll 6.1.7600.16385 C:\Windows\syswow64 757c0000 iertutil.dll 8.0.7600.16700 C:\Windows\syswow64 759f0000 GDI32.dll 6.1.7600.16385 C:\Windows\syswow64 75a80000 CFGMGR32.dll 6.1.7600.16385 C:\Windows\syswow64 75ab0000 sechost.dll 6.1.7600.16385 C:\Windows\SysWOW64 75ad0000 CRYPT32.dll 6.1.7600.16385 C:\Windows\syswow64 75bf0000 kernel32.dll 6.1.7600.16385 C:\Windows\syswow64 75cf0000 SETUPAPI.dll 6.1.7600.16385 C:\Windows\syswow64 75e90000 USER32.dll 6.1.7600.16385 C:\Windows\syswow64 75f90000 ole32.dll 6.1.7600.16624 C:\Windows\syswow64 760f0000 RPCRT4.dll 6.1.7600.16385 C:\Windows\syswow64 761f0000 KERNELBASE.dll 6.1.7600.16385 C:\Windows\syswow64 76240000 IMAGEHLP.dll 6.1.7600.16385 C:\Windows\syswow64 76270000 wininet.dll 8.0.7600.16700 C:\Windows\syswow64 76370000 SHELL32.dll 6.1.7600.16644 C:\Windows\syswow64 76fc0000 SHLWAPI.dll 6.1.7600.16385 C:\Windows\syswow64 77020000 urlmon.dll 8.0.7600.16700 C:\Windows\syswow64 77160000 WS2_32.dll 6.1.7600.16385 C:\Windows\syswow64 771a0000 USP10.dll 1.626.7600.16385 C:\Windows\syswow64 77240000 OLEAUT32.dll 6.1.7600.16567 C:\Windows\syswow64 772d0000 MSCTF.dll 6.1.7600.16385 C:\Windows\syswow64 77770000 Normaliz.dll 6.1.7600.16385 C:\Windows\syswow64 777a0000 ntdll.dll 6.1.7600.16559 C:\Windows\SysWOW64 processes: 0000 Idle 0 0 0 0004 System 0 0 0 0128 smss.exe 0 0 0 0188 csrss.exe 0 0 0 01cc wininit.exe 0 0 0 01e0 csrss.exe 1 0 0 0204 services.exe 0 0 0 0214 lsass.exe 0 0 0 021c lsm.exe 0 0 0 028c svchost.exe 0 0 0 02fc svchost.exe 0 0 0 0344 atiesrxx.exe 0 0 0 0370 winlogon.exe 1 0 0 0398 svchost.exe 0 0 0 03c0 svchost.exe 0 0 0 03e4 svchost.exe 0 0 0 0080 UnsignedThemesSvc.exe 0 0 0 040c svchost.exe 0 0 0 0480 svchost.exe 0 0 0 0528 atieclxx.exe 1 0 0 055c spoolsv.exe 0 0 0 059c sched.exe 0 0 0 05bc svchost.exe 0 0 0 0624 avguard.exe 0 0 0 0640 AppleMobileDeviceService.exe 0 0 0 0660 mDNSResponder.exe 0 0 0 0670 avshadow.exe 0 0 0 0678 conhost.exe 0 0 0 06a4 srvany.exe 0 0 0 06c4 KMService.exe 0 0 0 06d0 conhost.exe 0 0 0 0700 svchost.exe 0 0 0 0738 TnglCtrl.exe 0 0 0 0814 taskhost.exe 1 26 21 normal 086c dwm.exe 1 19 2 high 0884 explorer.exe 1 981 593 normal 0970 Skype.exe 1 533 207 normal C:\Program Files (x86)\Skype\Phone 09b8 DTLite.exe 1 123 43 normal C:\Program Files (x86)\DAEMON Tools Lite 09ec Dropbox.exe 1 49 25 normal C:\Users\ra\AppData\Roaming\Dropbox\bin 0a44 avgnt.exe 1 86 22 normal C:\Program Files (x86)\Avira\AntiVir Desktop 0a54 VDeck.exe 1 1030 460 normal 0a9c iTunesHelper.exe 1 16 12 normal C:\Program Files (x86)\iTunes 0ab0 MOM.exe 1 10 9 normal 04ac svchost.exe 0 0 0 04f4 CCC.exe 1 41 41 normal 0c74 iPodService.exe 0 0 0 0d14 firefox.exe 1 1394 105 normal C:\Program Files (x86)\Mozilla Firefox 0d28 skypePM.exe 1 460 218 normal C:\Program Files (x86)\Skype\Plugin Manager 0d8c SearchIndexer.exe 0 0 0 0f14 svchost.exe 0 0 0 0fbc wmpnetwk.exe 0 0 0 124c svchost.exe 0 0 0 0820 audiodg.exe 0 0 0 04c4 WUDFHost.exe 0 0 0 1328 iTunes.exe 1 163 138 normal C:\Program Files (x86)\iTunes 0eac AppleMobileDeviceHelper.exe 1 4 2 normal C:\Program Files (x86)\Common Files\Apple\Mobile Device Support 0f98 conhost.exe 1 20 1 normal 1228 distnoted.exe 1 4 1 normal C:\Program Files (x86)\Common Files\Apple\Apple Application Support 1244 conhost.exe 1 20 1 normal 08d4 plugin-container.exe 1 30 22 normal C:\Program Files (x86)\Mozilla Firefox 0dac SearchProtocolHost.exe 0 0 0 13dc SearchFilterHost.exe 0 0 0 idle 09b0 Armada2.exe 1 29 16 normal C:\Fleet Operations\data 075c Armada2.exe 1 53 34 normal C:\Fleet Operations\data hardware: + Computer - ACPI x64-based PC + Disk drives - OCZ-VERTEX2 ATA Device + Display adapters - ATI Radeon HD 4290 (driver 8.791.0.0) + DVD/CD-ROM drives - BED LQV4PYVCL6 SCSI CdRom Device + Human Interface Devices - HID-konformes Benutzersteuergerät - USB-Eingabegerät - USB-Eingabegerät - USB-Eingabegerät + IDE ATA/ATAPI controllers - ATA Channel 0 - ATA Channel 0 - ATA Channel 1 - ATA Channel 1 - Standard-Zweikanal-PCI-IDE-Controller - Standard-Zweikanal-PCI-IDE-Controller + IEEE 1394 Bus host controllers - OHCI-konformer VIA 1394-Hostcontroller + Keyboards - HID-Tastatur - Standardtastatur (PS/2) + Mice and other pointing devices - HID-konforme Maus + Monitors - PnP-Monitor (Standard) - PnP-Monitor (Standard) + Network adapters - Realtek PCIe GBE Family Controller (driver 7.17.304.2010) - TAP-Win32 Adapter V9 (Tunngle) (driver 9.0.0.6) + Portable Devices - Apple iPhone + Ports (COM & LPT) - Kommunikationsanschluss (COM1) + Processors - AMD Athlon(tm) II X4 605e Processor - AMD Athlon(tm) II X4 605e Processor - AMD Athlon(tm) II X4 605e Processor - AMD Athlon(tm) II X4 605e Processor + Sound, video and game controllers - ATI High Definition Audio Device (driver 7.11.0.7710) - VIA High Definition Audio (driver 6.0.1.8100) + Storage controllers - AFEH96QP IDE Controller + Storage volume shadow copies - Standard-Volumeschattenkopie + System devices - ACPI-Einschaltknopf - ACPI-Schalter - ATI E/A-Kommunikationsprozessor-PCI-Buscontroller - ATI E/A-Kommunikationsprozessor-SMBus-Controller - Busenumerator für Verbundgeräte - DMA-Controller - Enumerator-Treiber für Microsoft Virtual Drive - Erweiterter E/A-Bus - Hauptplatinenressourcen - Hauptplatinenressourcen - Hauptplatinenressourcen - Hauptplatinenressourcen - Hauptplatinenressourcen - High Definition Audio-Controller - High Definition Audio-Controller - Hochpräzisionsereigniszeitgeber - Microsoft ACPI-konformes System - Microsoft Windows-Verwaltungsschnittstelle für ACPI - Microsoft-Systemverwaltungs-BIOS-Treiber - Numerischer Coprozessor - PCI Standard-Host-CPU-Brücke - PCI Standard-Host-CPU-Brücke - PCI Standard-Host-CPU-Brücke - PCI Standard-Host-CPU-Brücke - PCI Standard-Host-CPU-Brücke - PCI Standard-Host-CPU-Brücke - PCI Standard-ISA-Brücke - PCI Standard-PCI-zu-PCI-Brücke - PCI Standard-PCI-zu-PCI-Brücke - PCI Standard-PCI-zu-PCI-Brücke - PCI Standard-PCI-zu-PCI-Brücke - PCI-Bus - PnP-Softwaregeräte-Enumerator - Programmierbarer Interruptcontroller - Remote Desktop Device Redirector Bus - System CMOS/Echtzeituhr - Systemlautsprecher - Systemplatine - Systemzeitgeber - Terminalserver-Maustreiber - Terminalserver-Tastaturtreiber - Treiber für Datei-als-Volume - UMBus-Stamm-Busenumerator - UMBusenumerator - Virtual PC-Hostbustreiber - Volume-Verwaltung + Universal Serial Bus controllers - Apple Mobile Device USB Driver (driver 6.0.9999.52) - Fresco Logic xHCI (USB3) Controller FL1000 Series (driver 3.0.100.58) - Fresco Logic xHCI (USB3) Root Hub (driver 3.0.100.58) - Generic USB Hub - Standard OpenHCD USB-Hostcontroller - Standard OpenHCD USB-Hostcontroller - Standard OpenHCD USB-Hostcontroller - Standard OpenHCD USB-Hostcontroller - Standard PCI-zu-USB erweiterter Hostcontroller - Standard PCI-zu-USB erweiterter Hostcontroller - Standard PCI-zu-USB erweiterter Hostcontroller - USB-Root-Hub - USB-Root-Hub - USB-Root-Hub - USB-Root-Hub - USB-Root-Hub - USB-Root-Hub - USB-Root-Hub - USB-Verbundgerät + USB-Virtualisierung - USB-Virtualisierungsconnectortreiber cpu registers: eax = 00000000 ebx = fffffffb ecx = 3fbedec3 edx = 0583db10 esi = 02549003 edi = 06886000 eip = 755995c2 esp = 0018e2d8 ebp = 0018e310 stack dump: 0018e2d8 28 f9 52 02 e0 c7 58 02 - 03 90 54 02 0a 5c 65 00 (.R...X...T..\e. 0018e2e8 10 db 83 05 02 90 54 02 - ff ff ff ff 28 f9 52 02 ......T.....(.R. 0018e2f8 b8 b1 57 02 d0 8f 54 02 - 04 00 00 00 e0 c2 58 02 ..W...T.......X. 0018e308 b8 f6 18 00 44 7d 5b 02 - 6c e3 18 00 47 62 65 00 ....D}[.l...Gbe. 0018e318 10 db 83 05 0a 00 00 00 - 38 e3 18 00 28 f9 52 02 ........8...(.R. 0018e328 fe ff ff ff e0 db 58 75 - 01 00 00 00 b8 00 00 00 ......Xu........ 0018e338 00 00 00 00 2c 00 00 00 - 02 00 00 00 4c 1d 00 00 ....,.......L... 0018e348 00 26 06 00 10 db 83 05 - b1 00 00 00 00 00 00 00 .&.............. 0018e358 28 f9 52 02 da aa 1b 00 - 80 93 57 02 28 a5 5b 02 (.R.......W.(.[. 0018e368 b8 f6 18 2c 98 e3 18 00 - 64 6f 65 00 a4 e9 18 01 ...,....doe..... 0018e378 20 00 f8 04 b8 ed 18 00 - de aa 1b 00 de aa 1b 00 ................ 0018e388 28 f9 52 02 20 00 f8 04 - 28 f9 52 02 1f 00 00 00 (.R.....(.R..... 0018e398 c4 ed 18 00 f1 80 65 00 - 20 00 f8 04 b8 ed 18 00 ......e......... 0018e3a8 de aa 1b 00 08 00 00 00 - a4 e9 18 00 02 00 00 00 ................ 0018e3b8 78 0e 59 02 8c ab 6f 00 - a0 b1 57 02 28 f9 52 02 x.Y...o...W.(.R. 0018e3c8 00 00 24 00 50 01 24 00 - 18 e4 18 00 01 00 00 00 ..$.P.$......... 0018e3d8 f8 39 24 00 68 3b 27 00 - 28 3a 24 00 18 00 00 00 .9$.h;'.(:$..... 0018e3e8 b4 00 00 00 00 e6 18 00 - f8 39 24 00 79 00 00 00 .........9$.y... 0018e3f8 f8 37 29 00 02 00 00 00 - f9 00 00 00 dc e6 18 00 .7)............. 0018e408 80 00 00 00 4c e8 18 00 - 00 00 00 00 00 00 00 00 ....L........... disassembling: 5a9a9dd4 public FleetOpsFunctionsHook.DebugException_Execute_New: ; function entry point 5a9a9dd4 4818 push ebp 5a9a9dd5 mov ebp, esp 5a9a9dd7 push 0 5a9a9dd9 push 0 5a9a9ddb push ebx 5a9a9ddc push esi 5a9a9ddd push edi 5a9a9dde xor eax, eax 5a9a9de0 push ebp 5a9a9de1 push $5a9a9e7f ; System.@HandleFinally 5a9a9de6 push dword ptr fs:[eax] 5a9a9de9 mov fs:[eax], esp 5a9a9dec 4819 mov eax, [ebp+8] 5a9a9def 4820 xor edx, edx 5a9a9df1 push ebp 5a9a9df2 push $5a9a9e09 ; System.@HandleAnyException 5a9a9df7 push dword ptr fs:[edx] 5a9a9dfa mov fs:[edx], esp 5a9a9dfd 4821 > call eax 5a9a9dfd 5a9a9dff xor eax, eax 5a9a9e01 pop edx 5a9a9e02 pop ecx 5a9a9e03 pop ecx 5a9a9e04 mov fs:[eax], edx 5a9a9e07 jmp loc_5a9a9e61 5a9a9e07 5a9a9e07 ; --------------------------------------------------------- 5a9a9e07 5a9a9e09 jmp -$1a52d2 ($5a804b3c) ; System.@HandleAnyException 5a9a9e09 5a9a9e0e 4823 push 1 5a9a9e10 push 0 5a9a9e12 push 0 5a9a9e14 push 0 5a9a9e16 push 0 5a9a9e18 push 0 5a9a9e1a push 0 5a9a9e1c push 0 [...]