*** wait with pending attach Symbol search path is: srv* Executable search path is: ModLoad: 00000001`3fd60000 00000001`3fd6f000 C:\DebuggingTV\TestActCtx\Release\TestActCtx.exe ModLoad: 00000000`77be0000 00000000`77d89000 C:\Windows\SYSTEM32\ntdll.dll ModLoad: 00000000`77ac0000 00000000`77bdf000 C:\Windows\system32\kernel32.dll ModLoad: 000007fe`fe300000 000007fe`fe36c000 C:\Windows\system32\KERNELBASE.dll ModLoad: 00000000`77500000 00000000`775fa000 C:\Windows\system32\USER32.dll ModLoad: 000007fe`fe870000 000007fe`fe8d7000 C:\Windows\system32\GDI32.dll ModLoad: 000007fe`ff960000 000007fe`ff96e000 C:\Windows\system32\LPK.dll ModLoad: 000007fe`ff750000 000007fe`ff819000 C:\Windows\system32\USP10.dll ModLoad: 000007fe`ff820000 000007fe`ff8bf000 C:\Windows\system32\msvcrt.dll ModLoad: 000007fe`ffa70000 000007fe`ffa9e000 C:\Windows\system32\IMM32.DLL ModLoad: 000007fe`fe760000 000007fe`fe869000 C:\Windows\system32\MSCTF.dll ModLoad: 000007fe`ff970000 000007fe`ffa4b000 C:\Windows\system32\ADVAPI32.dll ModLoad: 000007fe`ffa50000 000007fe`ffa6f000 C:\Windows\SYSTEM32\sechost.dll ModLoad: 000007fe`ffc80000 000007fe`ffdad000 C:\Windows\system32\RPCRT4.dll ModLoad: 000007fe`fe410000 000007fe`fe613000 C:\Windows\system32\ole32.dll ModLoad: 000007fe`fdf70000 000007fe`fdf7f000 C:\Windows\system32\CRYPTBASE.dll ModLoad: 000007fe`fe8e0000 000007fe`fe9b7000 C:\Windows\system32\OLEAUT32.DLL (1fb8.1fa8): Break instruction exception - code 80000003 (first chance) ntdll!DbgBreakPoint: 00000000`77c30530 cc int 3 0:001> !logexts.loge Windows API Logging Extensions v3.01 Parsing the manifest files... Location: C:\Program Files\Debugging Tools for Windows (x64)\winext\manifest\main.h Parsing file "main.h" ... Parsing file "winerror.h" ... Parsing file "kernel32.h" ... Parsing file "debugging.h" ... Parsing file "processes.h" ... Parsing file "memory.h" ... Parsing file "registry.h" ... Parsing file "fileio.h" ... Parsing file "strings.h" ... Parsing file "user32.h" ... Parsing file "clipboard.h" ... Parsing file "hook.h" ... Parsing file "gdi32.h" ... Parsing file "winspool.h" ... Parsing file "version.h" ... Parsing file "winsock2.h" ... Parsing file "advapi32.h" ... Parsing file "uuids.h" ... Parsing file "com.h" ... Parsing file "shell.h" ... Parsing file "ole32.h" ... Parsing file "ddraw.h" ... Parsing file "winmm.h" ... Parsing file "avifile.h" ... Parsing file "dplay.h" ... Parsing file "d3d.h" ... Parsing file "d3dtypes.h" ... Parsing file "d3dcaps.h" ... Parsing file "d3d8.h" ... Parsing file "d3d8types.h" ... Parsing file "d3d8caps.h" ... Parsing file "dsound.h" ... Parsing file "contexts.h" ... Parsing completed. Logexts injected. Output: "C:\Users\Dump Analysis\Desktop\LogExts\" Logging enabled. 0:001> !logc d * All categories disabled. 0:001> !logc Categories: 1 ActivationContext Disabled 2 AdvApi32 Disabled 3 AtomFunctions Disabled 4 AVIFileExports Disabled 5 Clipboard Disabled 6 ComponentObjectModel Disabled 7 DebuggingAndErrorHandling Disabled 8 DeviceFunctions Disabled 9 Direct3D Disabled 10 DirectDraw Disabled 11 DirectPlay Disabled 12 DirectSound Disabled 13 GDI Disabled 14 HandleAndObjectFunctions Disabled 15 HookingFunctions Disabled 16 IOFunctions Disabled 17 MemoryManagementFunctions Disabled 18 Multimedia Disabled 19 Printing Disabled 20 ProcessesAndThreads Disabled 21 RegistryFunctions Disabled 22 Shell Disabled 23 StringManipulation Disabled 24 ThreadLocalStorage Disabled 25 User32 Disabled 26 User32StringExports Disabled 27 Version Disabled 28 WinSock2 Disabled 0:001> !logc e 1 1 ActivationContext Enabled 0:001> !logo Logging currently enabled. Output directory: C:\Users\Dump Analysis\Desktop\LogExts\ Output settings: Debugger Disabled Text file Disabled Verbose log Enabled 0:001> !logo e t Debugger Disabled Text file Enabled Verbose log Enabled 0:001> !logo e d Debugger Enabled Text file Enabled Verbose log Enabled 0:001> g ModLoad: 00000000`6f620000 00000000`6f685000 C:\Program Files\Debugging Tools for Windows (x64)\winext\logexts.dll Parsing the manifest files... Location: C:\Program Files\Debugging Tools for Windows (x64)\winext\manifest\main.h Parsing file "main.h" ... Parsing file "winerror.h" ... Parsing file "kernel32.h" ... Parsing file "debugging.h" ... Parsing file "processes.h" ... Parsing file "memory.h" ... Parsing file "registry.h" ... Parsing file "fileio.h" ... Parsing file "strings.h" ... Parsing file "user32.h" ... Parsing file "clipboard.h" ... Parsing file "hook.h" ... Parsing file "gdi32.h" ... Parsing file "winspool.h" ... Parsing file "version.h" ... Parsing file "winsock2.h" ... Parsing file "advapi32.h" ... Parsing file "uuids.h" ... Parsing file "com.h" ... Parsing file "shell.h" ... Parsing file "ole32.h" ... Parsing file "ddraw.h" ... Parsing file "winmm.h" ... Parsing file "avifile.h" ... Parsing file "dplay.h" ... Parsing file "d3d.h" ... Parsing file "d3dtypes.h" ... Parsing file "d3dcaps.h" ... Parsing file "d3d8.h" ... Parsing file "d3d8types.h" ... Parsing file "d3d8caps.h" ... Parsing file "dsound.h" ... Parsing file "contexts.h" ... Parsing completed. ModLoad: 00000000`00160000 00000000`0016f000 TestActCtx.exe ModLoad: 00000001`3ff10000 00000001`3ff1f000 TestActCtx.exe ModLoad: 00000001`3f360000 00000001`3f36f000 TestActCtx.exe Thrd 1fc4 000000013FD61163 ActivateActCtx( 0x000000000037DD58) -> TRUE ( 0x000000000029FD28) Thrd 1fc4 000000013FD611CD ActivateActCtx( 0x0000000000390188) -> TRUE ( 0x000000000029FD38) Thrd 1fc4 000000013FD61201 ActivateActCtx( 0x000000000037E038) -> TRUE ( 0x000000000029FD20) (1fb8.1fc4): Unknown exception - code 00000001 (first chance) (1fb8.1fc4): Unknown exception - code c015000f (first chance) (1fb8.1fc4): Unknown exception - code c015000f (!!! second chance !!!) ntdll! ?? ::FNODOBFM::`string'+0x13ab0: 00000000`77c4fd5c 488b36 mov rsi,qword ptr [rsi] ds:00000000`030104d0=0000000003010470 0:000> g Thrd 1fc4 000000013FD61254 DeactivateActCtx( 0x00000000 0x1412620200000002) -> TRUE Thrd 1fc4 000000013FD61263 DeactivateActCtx( 0x00000000 0x1412620200000001) -> TRUE ntdll!NtTerminateProcess+0xa: 00000000`77c315da c3 ret