Example 1 of LOG file:
//Create new process:
//ping local
Create Process Debug Event
Process Handle 0x00000084. Base Address 0x01000000. Start Address 0x010021B0.
Breakpoint @ WSAStartup (0x75033e15). Thread ID: 0x000003e4, WinSock
Ret Address: 0x01001837
Breakpoint @ gethostbyname (0x750376b8). Thread ID: 0x000003e4, WinSock
Ret Address: 0x0100125f
Param: local
Breakpoint after gethostbyname (0x0100125F). Thread ID: 0x000003E4
Hostent: 0x0008D400
IP: 127.0.0.1
Breakpoint @ IcmpCreateFile (0x77521180). Thread ID: 0x000003E4, ICMP
Ret Address: 0x01001e05
Breakpoint after IcmpCreateFile (0x01001E05). Thread ID: 0x000003E4
Handle: 0x00000164
Breakpoint @ IcmpSendEcho2 (0x77521480). Thread ID: 0x000003E4, ICMP
Ret Address: 0x01001f47
Param1: 0x00000164 (Handle1)
Param1: 0x00000000 (Handle2)
Param3: 0x00000000 (Proc Addr)
Param4: 0x00000000 (Ptr)
Param5: 0x802018ac (IP: 127.0.0.1)
Param6: 0x00079fa0 (Req Data Buffer Ptr)
Param7: 0x00000020 (Req Data Size)
Param8: 0x0006ff2c (IPINFO Ptr)
Ttl=0x80
Tos=0x00
Flags=0x00
Options Size=0x00
Options Data Ptr=0x00000000
Param9: 0x0007a008 (Reply Data Buffer Ptr)
Param10: 0x00001ff8 (Reply Data Size)
Param11: 0x00000004 (timeout, ms)
61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 abcdefghijklmnop
71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
Breakpoint after IcmpSendEcho2 (0x01001F47). Thread ID: 0x000003E4
Received 1 echo replies
Reply Buffer Ptr: 7a00808
Address: 0x802018AC (127.0.0.1)
Status: 0x00000000
RTTime: 0x00000000
DataSize: 0x0020
Reserved: 0x0000
Data Ptr: 0x0007A024
Ttl=0x7F
Tos=0x00
Flags=0x00
Options Size=0x00
Options Data Ptr=0x0007a024
Received buffer:
61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 abcdefghijklmnop
71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
Breakpoint @ IcmpSendEcho2 (0x77521480). Thread ID: 0x000003E4, ICMP
Ret Address: 0x01001f47
Param1: 0x00000164 (Handle1)
Param1: 0x00000000 (Handle2)
Param3: 0x00000000 (Proc Addr)
Param4: 0x00000000 (Ptr)
Param5: 0x802018ac (IP: 127.0.0.1)
Param6: 0x00079fa0 (Req Data Buffer Ptr)
Param7: 0x00000020 (Req Data Size)
Param8: 0x0006ff2c (IPINFO Ptr)
Ttl=0x80
Tos=0x00
Flags=0x00
Options Size=0x00
Options Data Ptr=0x00000000
Param9: 0x0007a008 (Reply Data Buffer Ptr)
Param10: 0x00001ff8 (Reply Data Size)
Param11: 0x00000004 (timeout, ms)
61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 abcdefghijklmnop
71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
Breakpoint after IcmpSendEcho2 (0x01001F47). Thread ID: 0x000003E4
Received 1 echo replies
Reply Buffer Ptr: 7a00808
Address: 0x802018AC (127.0.0.1)
Status: 0x00000000
RTTime: 0x00000000
DataSize: 0x0020
Reserved: 0x0000
Data Ptr: 0x0007A024
Ttl=0x7F
Tos=0x00
Flags=0x00
Options Size=0x00
Options Data Ptr=0x0007a024
Received buffer:
61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 abcdefghijklmnop
71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
Breakpoint @ IcmpSendEcho2 (0x77521480). Thread ID: 0x000003E4, ICMP
Ret Address: 0x01001f47
Param1: 0x00000164 (Handle1)
Param1: 0x00000000 (Handle2)
Param3: 0x00000000 (Proc Addr)
Param4: 0x00000000 (Ptr)
Param5: 0x802018ac (IP: 127.0.0.1)
Param6: 0x00079fa0 (Req Data Buffer Ptr)
Param7: 0x00000020 (Req Data Size)
Param8: 0x0006ff2c (IPINFO Ptr)
Ttl=0x80
Tos=0x00
Flags=0x00
Options Size=0x00
Options Data Ptr=0x00000000
Param9: 0x0007a008 (Reply Data Buffer Ptr)
Param10: 0x00001ff8 (Reply Data Size)
Param11: 0x00000004 (timeout, ms)
61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 abcdefghijklmnop
71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
Breakpoint after IcmpSendEcho2 (0x01001F47). Thread ID: 0x000003E4
Received 1 echo replies
Reply Buffer Ptr: 7a00808
Address: 0x802018AC (127.0.0.1)
Status: 0x00000000
RTTime: 0x00000000
DataSize: 0x0020
Reserved: 0x0000
Data Ptr: 0x0007A024
Ttl=0x7F
Tos=0x00
Flags=0x00
Options Size=0x00
Options Data Ptr=0x0007a024
Received buffer:
61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 abcdefghijklmnop
71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
Breakpoint @ IcmpSendEcho2 (0x77521480). Thread ID: 0x000003E4, ICMP
Ret Address: 0x01001f47
Param1: 0x00000164 (Handle1)
Param1: 0x00000000 (Handle2)
Param3: 0x00000000 (Proc Addr)
Param4: 0x00000000 (Ptr)
Param5: 0x802018ac (IP: 127.0.0.1)
Param6: 0x00079fa0 (Req Data Buffer Ptr)
Param7: 0x00000020 (Req Data Size)
Param8: 0x0006ff2c (IPINFO Ptr)
Ttl=0x80
Tos=0x00
Flags=0x00
Options Size=0x00
Options Data Ptr=0x00000000
Param9: 0x0007a008 (Reply Data Buffer Ptr)
Param10: 0x00001ff8 (Reply Data Size)
Param11: 0x00000004 (timeout, ms)
61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 abcdefghijklmnop
71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
Breakpoint after IcmpSendEcho2 (0x01001F47). Thread ID: 0x000003E4
Received 1 echo replies
Reply Buffer Ptr: 7a00808
Address: 0x802018AC (127.0.0.1)
Status: 0x00000000
RTTime: 0x00000000
DataSize: 0x0020
Reserved: 0x0000
Data Ptr: 0x0007A024
Ttl=0x7F
Tos=0x00
Flags=0x00
Options Size=0x00
Options Data Ptr=0x0007a024
Received buffer:
61 62 63 64 65 66 67 68 69 6A 6B 6C 6D 6E 6F 70 abcdefghijklmnop
71 72 73 74 75 76 77 61 62 63 64 65 66 67 68 69 qrstuvwabcdefghi
Breakpoint @ IcmpCloseHandle (0x7752120A). Thread ID: 0x000003E4, ICMP
Ret Address: 0x0100212c
Param: 0x00000164 (Handle)
Exit Process Debug Event. Exit Code: 0x00000000.
//Exit Process
//Create new process:
//ping local
Example 2 of LOG file:
Breakpoint @ WSAStartup (0x776BA917). Thread ID: 0x000000C8, WinSock
Breakpoint @ gethostbyname (0x776B4BFA). Thread ID: 0x000000C8, WinSock
Param: whois.internic.org
Breakpoint @ socket (0x776B9BF7). Thread ID: 0x000000C8, WinSock
Param1: PF_INET
Param2: SOCK_STREAM
Param3: 0
Breakpoint @ bind (0x776B94C6). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: (Socket=2, Port=0, IP=0.0.0.0)
Param3: 16
Breakpoint @ connect (0x776B9548). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: (Socket=2, Port=43, IP=198.41.0.6)
Param3: 16
Breakpoint @ WSAAsyncSelect (0x776B91CD). Thread ID: 0x000000C8, WinSock
Breakpoint @ NetpGetComputerName (0x7780115F). Thread ID: 0x000000C8, NETAPI
Breakpoint @ NetApiBufferAllocate (0x778011A6). Thread ID: 0x000000C8, NETAPI
Param1: 32 (size in bytes)
Param2: 0x0012DB38 (pointer to buffer)
Breakpoint @ NetShareEnum (0x778030A9). Thread ID: 0x000000C8, NETAPI
Breakpoint @ NetpNtStatusToApiStatus (0x77801012). Thread ID: 0x000000C8, NETAPI
Breakpoint @ NetpNtStatusToApiStatus (0x77801012). Thread ID: 0x000000C8, NETAPI
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 64
Param3: 1
Param4: 0 (flags)
64 d
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 6F
Param3: 1
Param4: 0 (flags)
6F o
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 6D
Param3: 1
Param4: 0 (flags)
6D m
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 61
Param3: 1
Param4: 0 (flags)
61 a
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 69
Param3: 1
Param4: 0 (flags)
69 i
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 6E
Param3: 1
Param4: 0 (flags)
6E n
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 20
Param3: 1
Param4: 0 (flags)
20
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 6D
Param3: 1
Param4: 0 (flags)
78 x
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 6F
Param3: 1
Param4: 0 (flags)
78 x
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 73
Param3: 1
Param4: 0 (flags)
78 x
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 61
Param3: 1
Param4: 0 (flags)
78 x
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 69
Param3: 1
Param4: 0 (flags)
78 x
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 64
Param3: 1
Param4: 0 (flags)
78 x
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 2E
Param3: 1
Param4: 0 (flags)
2E .
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 63
Param3: 1
Param4: 0 (flags)
6E n
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 6F
Param3: 1
Param4: 0 (flags)
65 e
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 6D
Param3: 1
Param4: 0 (flags)
74 t
Breakpoint @ send (0x776B9290). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 0D 0A
Param3: 2
Param4: 0 (flags)
0D 0A ..
Breakpoint @ recv (0x776B7B1B). Thread ID: 0x000000C8, WinSock
Param1: 96 (socket)
Param2: 0x00149458
Param3: 4096
Param4: 0 (flags)
Breakpoint after recv (0x02541F2A). Thread ID: 0x000000C8
Bytes received: 601
0A 57 68 6F 69 73 20 53 65 72 76 65 72 20 56 65 .Whois Server Ve
72 73 69 6F 6E 20 31 2E 33 0A 0A 44 6F 6D 61 69 rsion 1.3..Domai
6E 20 6E 61 6D 65 73 20 69 6E 20 74 68 65 20 2E n names in the .
63 6F 6D 2C 20 2E 6E 65 74 2C 20 61 6E 64 20 2E com, .net, and .
6F 72 67 20 64 6F 6D 61 69 6E 73 20 63 61 6E 20 org domains can
6E 6F 77 20 62 65 20 72 65 67 69 73 74 65 72 65 now be registere
64 0A 77 69 74 68 20 6D 61 6E 79 20 64 69 66 66 d.with many diff
65 72 65 6E 74 20 63 6F 6D 70 65 74 69 6E 67 20 erent competing
72 65 67 69 73 74 72 61 72 73 2E 20 47 6F 20 74 registrars. Go t
6F 20 68 74 74 70 3A 2F 2F 77 77 77 2E 69 6E 74 o http://www.int
65 72 6E 69 63 2E 6E 65 74 0A 66 6F 72 20 64 65 ernic.net.for de
74 61 69 6C 65 64 20 69 6E 66 6F 72 6D 61 74 69 tailed informati
6F 6E 2E 0A 0A 20 20 20 44 6F 6D 61 69 6E 20 4E on... Domain N
61 6D 65 3A 20 58 58 58 58 58 58 2E 4E 45 54 0A ame: XXXXXX.NET.
20 20 20 52 65 67 69 73 74 72 61 72 3A 20 4E 45 Registrar: NE
54 57 4F 52 4B 20 53 4F 4C 55 54 49 4F 4E 53 2C TWORK SOLUTIONS,
20 49 4E 43 2E 0A 20 20 20 57 68 6F 69 73 20 53 INC.. Whois S
65 72 76 65 72 3A 20 77 68 6F 69 73 2E 6E 65 74 erver: whois.net
77 6F 72 6B 73 6F 6C 75 74 69 6F 6E 73 2E 63 6F worksolutions.co
6D 0A 20 20 20 52 65 66 65 72 72 61 6C 20 55 52 m. Referral UR
4C 3A 20 68 74 74 70 3A 2F 2F 77 77 77 2E 6E 65 L: http://www.ne
74 77 6F 72 6B 73 6F 6C 75 74 69 6F 6E 73 2E 63 tworksolutions.c
6F 6D 0A 20 20 20 4E 61 6D 65 20 53 65 72 76 65 om. Name Serve
72 3A 20 4E 53 32 2E 58 58 58 58 58 58 2E 4E 45 r: NS2.XXXXXX.NE
54 0A 20 20 20 4E 61 6D 65 20 53 65 72 76 65 72 T. Name Server
3A 20 4E 53 31 2E 4D 4F 53 41 49 44 2E 43 4F 4D : NS1.XXXXXX.NET
0A 20 20 20 55 70 64 61 74 65 64 20 44 61 74 65 . Updated Date
3A 20 31 39 2D 6A 61 6E 2D 32 30 30 32 0A 0A 0A : 19-jan-2002...
3E 3E 3E 20 4C 61 73 74 20 75 70 64 61 74 65 20 >>> Last update
6F 66 20 77 68 6F 69 73 20 64 61 74 61 62 61 73 of whois databas
65 3A 20 53 75 6E 2C 20 37 20 4A 75 6C 20 32 30 e: Sun, 7 Jul 20
30 32 20 31 36 3A 34 38 3A 34 34 20 45 44 54 20 02 16:48:44 EDT
3C 3C 3C 0A 0A 54 68 65 20 52 65 67 69 73 74 72 <<<..The Registr
79 20 64 61 74 61 62 61 73 65 20 63 6F 6E 74 61 y database conta
69 6E 73 20 4F 4E 4C 59 20 2E 43 4F 4D 2C 20 2E ins ONLY .COM, .
4E 45 54 2C 20 2E 4F 52 47 2C 20 2E 45 44 55 20 NET, .ORG, .EDU
64 6F 6D 61 69 6E 73 20 61 6E 64 0A 52 65 67 69 domains and.Regi
73 74 72 61 72 73 2E 0A 0A strars...
Breakpoint @ closesocket (0x776BA02B). Thread ID: 0x000000C8, WinSock
Param: 96 (socket)
Example 3 of LOG file (File I/O operation):
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 124 (Handle)
Breakpoint @ WSAStartup (0x75033E15). Thread ID: 0x00000678, WinSock
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: \\.\MountPointManager
Param2: query device
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 00000080 (Flags)
Param7: FFFFFFFF (Template)
Breakpoint after CreateFileW (0x77E92C05). Thread ID: 0x00000678
Handle: 204
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 204 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: \\.\PIPE\lsarpc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40000000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x00000678
Handle: 364
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 360 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 364 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 348 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: \\.\shadow
Param2:
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 00000000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77842AAE). Thread ID: 0x00000678
Handle: 372
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 372 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 340 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 228 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 224 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 212 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 252 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 248 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 240 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 268 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 260 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 288 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 284 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 276 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 296 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 312 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 304 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: \\.\MountPointManager
Param2: query device
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 00000080 (Flags)
Param7: FFFFFFFF (Template)
Breakpoint after CreateFileW (0x77E92C05). Thread ID: 0x00000678
Handle: 300
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 300 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: C:\WINNT\System32\shell32.dll
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x00000678
Handle: 300
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x00000678, KERNEL32
Param1: 300 (Handle)
Param2: 0012DA30 (Buffer)
Param3: 12 (Number of byte)
Param4: 1235500 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x00000678
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 312 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 300 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: C:\WINNT\system32\shell32.dll
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x00000678
Handle: 300
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x00000678, KERNEL32
Param1: 300 (Handle)
Param2: 0012DA30 (Buffer)
Param3: 12 (Number of byte)
Param4: 1235500 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x00000678
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 312 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 300 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: C:\WINNT\system32\NOTEPAD.EXE
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x00000678
Handle: 208
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x00000678, KERNEL32
Param1: 208 (Handle)
Param2: 0012DA30 (Buffer)
Param3: 12 (Number of byte)
Param4: 1235500 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x00000678
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 308 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 208 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: C:\WINNT\System32\shell32.dll
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x00000678
Handle: 208
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x00000678, KERNEL32
Param1: 208 (Handle)
Param2: 0012D974 (Buffer)
Param3: 12 (Number of byte)
Param4: 1235312 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x00000678
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 308 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 208 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: C:\Program Files\Internet Explorer\iexplore.exe
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x00000678
Handle: 208
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x00000678, KERNEL32
Param1: 208 (Handle)
Param2: 0012DA30 (Buffer)
Param3: 12 (Number of byte)
Param4: 1235500 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x00000678
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 308 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 208 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: C:\WINNT\system32\SHELL32.DLL
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x00000678
Handle: 208
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x00000678, KERNEL32
Param1: 208 (Handle)
Param2: 0012DB44 (Buffer)
Param3: 12 (Number of byte)
Param4: 1235776 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x00000678
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 292 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 208 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: \\.\PIPE\lsarpc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40000000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x00000678
Handle: 388
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 384 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 388 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 380 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 384 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: \\.\MountPointManager
Param2: query device
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 00000080 (Flags)
Param7: FFFFFFFF (Template)
Breakpoint after CreateFileW (0x77E92C05). Thread ID: 0x00000678
Handle: 396
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 396 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: C:\WINNT\Explorer.exe
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x00000678
Handle: 400
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x00000678, KERNEL32
Param1: 400 (Handle)
Param2: 0012D6F4 (Buffer)
Param3: 12 (Number of byte)
Param4: 1234672 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x00000678
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 396 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 400 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: \\.\PIPE\srvsvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x00000678
Handle: 420
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 416 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 420 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: C:\WINNT\system32\SHELL32.DLL
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x00000678
Handle: 416
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x00000678, KERNEL32
Param1: 416 (Handle)
Param2: 0012D6F4 (Buffer)
Param3: 12 (Number of byte)
Param4: 1234672 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x00000678
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 424 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 416 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: C:\WINNT\system32\SHELL32.DLL
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x00000678
Handle: 416
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x00000678, KERNEL32
Param1: 416 (Handle)
Param2: 0012D6F4 (Buffer)
Param3: 12 (Number of byte)
Param4: 1234672 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x00000678
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 420 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 416 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: C:\PROGRA~1\WinZip\winzip32.exe
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x00000678
Handle: 436
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x00000678, KERNEL32
Param1: 436 (Handle)
Param2: 0012D094 (Buffer)
Param3: 12 (Number of byte)
Param4: 1233040 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x00000678
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 428 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 436 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: C:\PROGRA~1\PAINTS~1\Psp.exe
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x00000678
Handle: 436
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x00000678, KERNEL32
Param1: 436 (Handle)
Param2: 0012D094 (Buffer)
Param3: 12 (Number of byte)
Param4: 1233040 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x00000678
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 428 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 436 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 416 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 416 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 416 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 424 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 24 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\MountPointManager
Param2: query device
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 00000080 (Flags)
Param7: FFFFFFFF (Template)
Breakpoint after CreateFileW (0x77E92C05). Thread ID: 0x0000062C
Handle: 432
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 432 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\MountPointManager
Param2: query device
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 00000080 (Flags)
Param7: FFFFFFFF (Template)
Breakpoint after CreateFileW (0x77E92C05). Thread ID: 0x0000062C
Handle: 432
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 432 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\?\Volume{14e62cb0-460d-11d5-8c53-806d6172696f}
Param2: query device
Param3: not shared
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 00000000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x783180F1). Thread ID: 0x0000062C
Handle: 432
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 432 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 464
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 464 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\MountPointManager
Param2: query device
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 00000080 (Flags)
Param7: FFFFFFFF (Template)
Breakpoint after CreateFileW (0x77E92C05). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\MountPointManager
Param2: query device
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 00000080 (Flags)
Param7: FFFFFFFF (Template)
Breakpoint after CreateFileW (0x77E92C05). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ WNetGetConnectionW (0x75091CDF). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 464 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 464
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 464 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ WNetGetConnectionW (0x75091CDF). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ MultinetGetConnectionPerformanceW (0x75091782). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ WNetSetLastErrorW (0x75098109). Thread ID: 0x0000062C, MPR
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ WNetGetConnectionW (0x75091CDF). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ WNetGetConnectionW (0x75091CDF). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ MultinetGetConnectionPerformanceW (0x75091782). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ WNetGetConnection3W (0x75092521). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ WNetGetConnectionW (0x75091CDF). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ WNetGetConnectionW (0x75091CDF). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ MultinetGetConnectionPerformanceW (0x75091782). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: C:\WINNT\system32\shell32.dll
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x0000062C, KERNEL32
Param1: 468 (Handle)
Param2: 012AE4EC (Buffer)
Param3: 12 (Number of byte)
Param4: 19588328 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x0000062C
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 472 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: C:\WINNT\System32\WScript.exe
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x0000062C
Handle: 484
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x0000062C, KERNEL32
Param1: 484 (Handle)
Param2: 012AE4EC (Buffer)
Param3: 12 (Number of byte)
Param4: 19588328 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x0000062C
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 480 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 484 (Handle)
Breakpoint @ WNetGetConnection3W (0x75092521). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ WNetGetConnection3W (0x75092521). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ WNetGetConnectionW (0x75091CDF). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ WNetGetConnectionW (0x75091CDF). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ MultinetGetConnectionPerformanceW (0x75091782). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 460
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: C:\Program Files\Microsoft Office\Office\Winword.exe
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x0000062C, KERNEL32
Param1: 468 (Handle)
Param2: 012AE4EC (Buffer)
Param3: 12 (Number of byte)
Param4: 19588328 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x0000062C
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 484 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ WNetGetConnection3W (0x75092521). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 472
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 472 (Handle)
Breakpoint @ WNetGetConnection3W (0x75092521). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 472
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: C:\PROGRA~1\MICROS~3\Common\MSDev98\Bin\msdev.exe
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x0000062C, KERNEL32
Param1: 468 (Handle)
Param2: 012AE4EC (Buffer)
Param3: 12 (Number of byte)
Param4: 19588328 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x0000062C
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 476 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: C:\PROGRA~1\MICROS~3\Common\MSDev98\Bin\msdev.exe
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x0000062C, KERNEL32
Param1: 468 (Handle)
Param2: 012AE4EC (Buffer)
Param3: 12 (Number of byte)
Param4: 19588328 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x0000062C
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 476 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: C:\PROGRA~1\MICROS~3\Common\MSDev98\Bin\msdev.exe
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x0000062C
Handle: 480
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x0000062C, KERNEL32
Param1: 480 (Handle)
Param2: 012AE4EC (Buffer)
Param3: 12 (Number of byte)
Param4: 19588328 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x0000062C
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 480 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: C:\PROGRA~1\MICROS~3\Common\MSDev98\Bin\msdev.exe
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x0000062C, KERNEL32
Param1: 468 (Handle)
Param2: 012AE4EC (Buffer)
Param3: 12 (Number of byte)
Param4: 19588328 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x0000062C
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 476 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: C:\PROGRA~1\MICROS~3\Common\MSDev98\Bin\msdev.exe
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 10000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77E3653F). Thread ID: 0x0000062C
Handle: 468
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x0000062C, KERNEL32
Param1: 468 (Handle)
Param2: 012AE4EC (Buffer)
Param3: 12 (Number of byte)
Param4: 19588328 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x77E3657F). Thread ID: 0x0000062C
Bytes read: 12
4D 5A 90 00 03 00 00 00 04 00 00 00 MZ..........
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 468 (Handle)
Breakpoint @ WNetGetConnection3W (0x75092521). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 484
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 472 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 484 (Handle)
Breakpoint @ WNetGetConnection3W (0x75092521). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 484
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 472 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 484 (Handle)
Breakpoint @ WNetGetConnectionW (0x75091CDF). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 484
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 472 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 484 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 472
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 484 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 472 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40160000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 484
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 472 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 484 (Handle)
Breakpoint @ WNetGetConnectionW (0x75091CDF). Thread ID: 0x0000062C, MPR
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 472
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: e:\alex\ss\stdafx.h
Param2: GENERIC_READ
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 00000080 (Flags)
Param7: 00000000 (Template)
Breakpoint after CreateFileW (0x76B39072). Thread ID: 0x00000678
Handle: 468
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 468 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 476 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 488 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 460 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 416 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 484 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 472 (Handle)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x0000062C, KERNEL32
Param1: \\.\PIPE\wkssvc
Param2: GENERIC_READ GENERIC_WRITE
Param3: FILE_SHARE_READ FILE_SHARE_WRITE
Param4: 00000000 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 40150000 (Flags)
Param7: 00000000 (Template)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x00000678, KERNEL32
Param: 380 (Handle)
Breakpoint after CreateFileW (0x77D4BCEC). Thread ID: 0x0000062C
Handle: 380
Breakpoint @ CreateFileA (0x77E86F87). Thread ID: 0x00000678, KERNEL32
Param1: e:\alex\ss\stdafx.h
Param2: GENERIC_READ
Param3: FILE_SHARE_READ
Param4: 0012F514 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 00000080 (Flags)
Param7: 00000000 (Template)
Breakpoint @ CreateFileW (0x77E870E0). Thread ID: 0x00000678, KERNEL32
Param1: e:\alex\ss\stdafx.h
Param2: GENERIC_READ
Param3: FILE_SHARE_READ
Param4: 0012F514 (lpSecurityAttributes)
Param5: OPEN_EXISTING
Param6: 00000080 (Flags)
Param7: 00000000 (Template)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 472 (Handle)
Breakpoint @ CloseHandle (0x77E86A72). Thread ID: 0x0000062C, KERNEL32
Param: 380 (Handle)
Breakpoint after CreateFileW (0x77E86FB4). Thread ID: 0x00000678
Handle: 472
Breakpoint after CreateFileA (0x004243D1). Thread ID: 0x00000678
Handle: 472
Breakpoint @ ReadFile (0x77E8732B). Thread ID: 0x00000678, KERNEL32
Param1: 472 (Handle)
Param2: 007F76A8 (Buffer)
Param3: 4096 (Number of byte)
Param4: 1242976 (Pointer to num of byte)
Param5: 00000000 (Overlapped str)
Breakpoint after ReadFile (0x00424438). Thread ID: 0x00000678
Bytes read: 502
2F 2F 20 73 74 64 61 66 78 2E 68 20 3A 20 69 6E // stdafx.h : in
63 6C 75 64 65 20 66 69 6C 65 20 66 6F 72 20 73 clude file for s
74 61 6E 64 61 72 64 20 73 79 73 74 65 6D 20 69 tandard system i
6E 63 6C 75 64 65 20 66 69 6C 65 73 2C 0D 0A 2F nclude files,../
2F 20 20 6F 72 20 70 72 6F 6A 65 63 74 20 73 70 / or project sp
65 63 69 66 69 63 20 69 6E 63 6C 75 64 65 20 66 ecific include f
69 6C 65 73 20 74 68 61 74 20 61 72 65 20 75 73 iles that are us
65 64 20 66 72 65 71 75 65 6E 74 6C 79 2C 20 62 ed frequently, b
75 74 0D 0A 2F 2F 20 20 20 20 20 20 61 72 65 20 ut..// are
63 68 61 6E 67 65 64 20 69 6E 66 72 65 71 75 65 changed infreque
6E 74 6C 79 0D 0A 2F 2F 0D 0A 0D 0A 23 64 65 66 ntly..//....#def
69 6E 65 20 56 43 5F 45 58 54 52 41 4C 45 41 4E ine VC_EXTRALEAN
09 09 2F 2F 20 45 78 63 6C 75 64 65 20 72 61 72 ..// Exclude rar
65 6C 79 2D 75 73 65 64 20 73 74 75 66 66 20 66 ely-used stuff f
72 6F 6D 20 57 69 6E 64 6F 77 73 20 68 65 61 64 rom Windows head
65 72 73 0D 0A 0D 0A 23 69 6E 63 6C 75 64 65 20 ers....#include
3C 61 66 78 77 69 6E 2E 68 3E 20 20 20 20 20 20 |