Opened log file 'c:\DebuggingTV\0x31.log' 0:000> .symfix c:\mss 0:000> .reload .................... 0:000> !heap -s LFH Key : 0x000000f922f51164 Termination on corruption : ENABLED Heap Flags Reserv Commit Virt Free List UCR Virt Lock Fast (k) (k) (k) (k) length blocks cont. heap ------------------------------------------------------------------------------------- 0000000000370000 00000002 1024 400 1024 13 5 1 0 0 LFH 0000000000010000 00008000 64 8 64 5 1 1 0 0 0000000000100000 00001002 1088 256 1088 7 3 2 0 0 LFH 0000000001bc0000 00001002 512 256 512 4 3 1 0 0 LFH Virtual block: 0000000080000000 - 0000000080000000 (size 0000000000000000) 0000000001e70000 00001002 512 112 512 40 2 1 1 0 ------------------------------------------------------------------------------------- 0:000> !address -summary --- Usage Summary ---------------- RgnCount ----------- Total Size -------- %ofBusy %ofTotal Free 47 7ff`7b510000 ( 7.998 Tb) 99.97% Heap 12 0`80321000 ( 2.003 Gb) 96.62% 0.02% 25 0`0379b000 ( 55.605 Mb) 2.62% 0.00% Image 121 0`00d70000 ( 13.438 Mb) 0.63% 0.00% Other 8 0`001b1000 ( 1.691 Mb) 0.08% 0.00% Stack 3 0`00100000 ( 1.000 Mb) 0.05% 0.00% TEB 1 0`00002000 ( 8.000 kb) 0.00% 0.00% PEB 1 0`00001000 ( 4.000 kb) 0.00% 0.00% --- Type Summary (for busy) ------ RgnCount ----------- Total Size -------- %ofBusy %ofTotal MEM_PRIVATE 26 0`81438000 ( 2.020 Gb) 97.43% 0.02% MEM_MAPPED 23 0`02937000 ( 41.215 Mb) 1.94% 0.00% MEM_IMAGE 122 0`00d71000 ( 13.441 Mb) 0.63% 0.00% --- State Summary ---------------- RgnCount ----------- Total Size -------- %ofBusy %ofTotal MEM_FREE 47 7ff`7b510000 ( 7.998 Tb) 99.97% MEM_COMMIT 157 0`8238d000 ( 2.035 Gb) 98.15% 0.02% MEM_RESERVE 14 0`02753000 ( 39.324 Mb) 1.85% 0.00% --- Protect Summary (for commit) - RgnCount ----------- Total Size -------- %ofBusy %ofTotal PAGE_READWRITE 46 0`80157000 ( 2.001 Gb) 96.54% 0.02% PAGE_READONLY 77 0`0196c000 ( 25.422 Mb) 1.20% 0.00% PAGE_EXECUTE_READ 20 0`008b6000 ( 8.711 Mb) 0.41% 0.00% PAGE_WRITECOPY 13 0`00012000 ( 72.000 kb) 0.00% 0.00% PAGE_READWRITE|PAGE_GUARD 1 0`00002000 ( 8.000 kb) 0.00% 0.00% --- Largest Region by Usage ----------- Base Address -------- Region Size ---------- Free 1`3f4a8000 7fd`bb9c8000 ( 7.991 Tb) Heap 0`80000000 0`80001000 ( 2.000 Gb) 0`009c5000 0`011cb000 ( 17.793 Mb) Image 7fe`fecb1000 0`0017e000 ( 1.492 Mb) Other 0`00600000 0`00181000 ( 1.504 Mb) Stack 0`00160000 0`000f9000 ( 996.000 kb) TEB 7ff`fffde000 0`00002000 ( 8.000 kb) PEB 7ff`fffd5000 0`00001000 ( 4.000 kb) 0:000> !heap -s LFH Key : 0x000000f922f51164 Termination on corruption : ENABLED Heap Flags Reserv Commit Virt Free List UCR Virt Lock Fast (k) (k) (k) (k) length blocks cont. heap ------------------------------------------------------------------------------------- 0000000000370000 00000002 1024 400 1024 13 5 1 0 0 LFH 0000000000010000 00008000 64 8 64 5 1 1 0 0 0000000000100000 00001002 1088 256 1088 7 3 2 0 0 LFH 0000000001bc0000 00001002 512 256 512 4 3 1 0 0 LFH Virtual block: 0000000080000000 - 0000000080000000 (size 0000000000000000) 0000000001e70000 00001002 512 112 512 40 2 1 1 0 ------------------------------------------------------------------------------------- 0:000> !address 0000000080000000 Usage: Heap Base Address: 00000000`80000000 End Address: 00000001`00001000 Region Size: 00000000`80001000 State: 00001000 MEM_COMMIT Protect: 00000004 PAGE_READWRITE Type: 00020000 MEM_PRIVATE Allocation Base: 00000000`80000000 Allocation Protect: 00000004 PAGE_READWRITE More info: heap owning the address: !heap 0x1e70000 More info: heap large/virtual block More info: heap entry containing the address: !heap -x 0x80000000 0:000> ? 00000000`80001000 Evaluate expression: 2147487744 = 00000000`80001000 0:000> dc 00000000`80000000 00000000`80000000 01e70118 00000000 01e70118 00000000 ................ 00000000`80000010 00000000 00000000 00000000 00000000 ................ 00000000`80000020 80001000 00000000 80001000 00000000 ................ 00000000`80000030 00000000 00000000 7c3bc04d 04000000 ........M.;|.... 00000000`80000040 00000048 00000065 0000006c 0000006c H...e...l...l... 00000000`80000050 0000006f 00000020 00000057 00000065 o... ...W...e... 00000000`80000060 00000069 00000072 00000064 00000021 i...r...d...!... 00000000`80000070 00000000 00000000 00000000 00000000 ................ 0:000> k Child-SP RetAddr Call Site 00000000`0025e318 000007fe`fd701430 ntdll!NtWaitForMultipleObjects+0xa 00000000`0025e320 00000000`775a2ce3 KERNELBASE!WaitForMultipleObjectsEx+0xe8 00000000`0025e420 00000000`77619105 kernel32!WaitForMultipleObjectsExImplementation+0xb3 00000000`0025e4b0 00000000`77619287 kernel32!WerpReportFaultInternal+0x215 00000000`0025e550 00000000`776192df kernel32!WerpReportFault+0x77 00000000`0025e580 00000000`776194fc kernel32!BasepReportFault+0x1f 00000000`0025e5b0 00000000`778343b8 kernel32!UnhandledExceptionFilter+0x1fc 00000000`0025e690 00000000`777b85a8 ntdll! ?? ::FNODOBFM::`string'+0x2365 00000000`0025e6c0 00000000`777c9d0d ntdll!_C_specific_handler+0x8c 00000000`0025e730 00000000`777b91af ntdll!RtlpExecuteHandlerForException+0xd 00000000`0025e760 00000000`777f1278 ntdll!RtlDispatchException+0x45a 00000000`0025ee40 000007fe`fdb1f367 ntdll!KiUserExceptionDispatch+0x2e 00000000`0025f550 000007fe`fdaec294 usp10!DoubleWideCharMappedString::DoubleWideCharMappedString+0x117 00000000`0025f5a0 000007fe`fdad2289 usp10!ScriptIsComplex+0x54 00000000`0025f690 000007fe`fdad1897 lpk!InternalTextOut+0x14d 00000000`0025f760 000007fe`fd9cfa61 lpk!LpkExtTextOut+0x57 *** WARNING: Unable to verify checksum for LastCall.exe *** ERROR: Module load completed but symbols could not be loaded for LastCall.exe 00000000`0025f7d0 00000001`3f49155a gdi32!TextOutW+0x337 00000000`0025f890 00000001`3f491593 LastCall+0x155a 00000000`0025f8f0 00000001`3f4915b3 LastCall+0x1593 00000000`0025f920 00000001`3f491309 LastCall+0x15b3 00000000`0025f950 00000000`776b9bd1 LastCall+0x1309 00000000`0025fa10 00000000`776b98da user32!UserCallWinProcCheckWow+0x1ad 00000000`0025fad0 00000001`3f4910d0 user32!DispatchMessageWorker+0x3b5 00000000`0025fb50 00000001`3f491738 LastCall+0x10d0 00000000`0025fbc0 00000000`7759652d LastCall+0x1738 00000000`0025fc00 00000000`777cc521 kernel32!BaseThreadInitThunk+0xd 00000000`0025fc30 00000000`00000000 ntdll!RtlUserThreadStart+0x1d 0:000> k Child-SP RetAddr Call Site 00000000`0025e318 000007fe`fd701430 ntdll!NtWaitForMultipleObjects+0xa 00000000`0025e320 00000000`775a2ce3 KERNELBASE!WaitForMultipleObjectsEx+0xe8 00000000`0025e420 00000000`77619105 kernel32!WaitForMultipleObjectsExImplementation+0xb3 00000000`0025e4b0 00000000`77619287 kernel32!WerpReportFaultInternal+0x215 00000000`0025e550 00000000`776192df kernel32!WerpReportFault+0x77 00000000`0025e580 00000000`776194fc kernel32!BasepReportFault+0x1f 00000000`0025e5b0 00000000`778343b8 kernel32!UnhandledExceptionFilter+0x1fc 00000000`0025e690 00000000`777b85a8 ntdll! ?? ::FNODOBFM::`string'+0x2365 00000000`0025e6c0 00000000`777c9d0d ntdll!_C_specific_handler+0x8c 00000000`0025e730 00000000`777b91af ntdll!RtlpExecuteHandlerForException+0xd 00000000`0025e760 00000000`777f1278 ntdll!RtlDispatchException+0x45a 00000000`0025ee40 000007fe`fdb1f367 ntdll!KiUserExceptionDispatch+0x2e 00000000`0025f550 000007fe`fdaec294 usp10!DoubleWideCharMappedString::DoubleWideCharMappedString+0x117 00000000`0025f5a0 000007fe`fdad2289 usp10!ScriptIsComplex+0x54 00000000`0025f690 000007fe`fdad1897 lpk!InternalTextOut+0x14d 00000000`0025f760 000007fe`fd9cfa61 lpk!LpkExtTextOut+0x57 00000000`0025f7d0 00000001`3f49155a gdi32!TextOutW+0x337 00000000`0025f890 00000001`3f491593 LastCall+0x155a 00000000`0025f8f0 00000001`3f4915b3 LastCall+0x1593 00000000`0025f920 00000001`3f491309 LastCall+0x15b3 00000000`0025f950 00000000`776b9bd1 LastCall+0x1309 00000000`0025fa10 00000000`776b98da user32!UserCallWinProcCheckWow+0x1ad 00000000`0025fad0 00000001`3f4910d0 user32!DispatchMessageWorker+0x3b5 00000000`0025fb50 00000001`3f491738 LastCall+0x10d0 00000000`0025fbc0 00000000`7759652d LastCall+0x1738 00000000`0025fc00 00000000`777cc521 kernel32!BaseThreadInitThunk+0xd 00000000`0025fc30 00000000`00000000 ntdll!RtlUserThreadStart+0x1d 0:000> ub 00000001`3f49155a LastCall+0x1538: 00000001`3f491538 4889442438 mov qword ptr [rsp+38h],rax 00000001`3f49153d 8b442430 mov eax,dword ptr [rsp+30h] 00000001`3f491541 89442420 mov dword ptr [rsp+20h],eax 00000001`3f491545 4c8b4c2440 mov r9,qword ptr [rsp+40h] 00000001`3f49154a 4533c0 xor r8d,r8d 00000001`3f49154d 33d2 xor edx,edx 00000001`3f49154f 488b4c2438 mov rcx,qword ptr [rsp+38h] 00000001`3f491554 ff15a67a0000 call qword ptr [LastCall+0x9000 (00000001`3f499000)] 0:000> dps 00000001`3f499000 L1 00000001`3f499000 000007fe`fd9bc470 gdi32!TextOutW 0:000> dps 00000000`0025f7d0 00000000`0025f890 00000000`0025f7d0 00000000`0025f850 00000000`0025f7d8 00000000`000000a1 00000000`0025f7e0 00000000`01bc1398 00000000`0025f7e8 00000000`00000000 00000000`0025f7f0 00000000`00000000 00000000`0025f7f8 00000001`3f49e338 LastCall+0xe338 00000000`0025f800 00000000`0fffffff 00000000`0025f808 00000000`00000000 00000000`0025f810 00000000`ffffffff 00000000`0025f818 00000000`00000001 00000000`0025f820 00000000`00000000 00000000`0025f828 00000000`006713a4 00000000`0025f830 00000000`00000000 00000000`0025f838 00009407`6075d42f 00000000`0025f840 00000000`00000000 00000000`0025f848 00000000`006713a4 00000000`0025f850 00000000`00000000 00000000`0025f858 00000000`00000111 00000000`0025f860 00000000`00000000 00000000`0025f868 00000000`00000000 00000000`0025f870 00000000`00000001 00000000`0025f878 00000000`00000000 00000000`0025f880 00000000`00000000 00000000`0025f888 00000001`3f49155a LastCall+0x155a 00000000`0025f890 00000000`006713a4 0:000> dps 00000000`0025f888+38+8 00000000`0025f8c8 00000000`58011ca0 00000000`0025f8d0 00000001`3f49e338 LastCall+0xe338 00000000`0025f8d8 00000000`0047002a 00000000`0025f8e0 00000000`00000001 00000000`0025f8e8 00000001`3f491593 LastCall+0x1593 00000000`0025f8f0 00000000`006713a4 00000000`0025f8f8 00000000`776b75b0 user32!DefWindowProcW+0x108 00000000`0025f900 00000000`00000000 00000000`0025f908 00000000`776b9bef user32!UserCallWinProcCheckWow+0x1cb 00000000`0025f910 00000000`00000000 00000000`0025f918 00000001`3f4915b3 LastCall+0x15b3 00000000`0025f920 00000000`006713a4 00000000`0025f928 00000000`02010005 00000000`0025f930 00000000`006713a4 00000000`0025f938 00000000`00000000 00000000`0025f940 00000000`000000a1 0:000> dp 00000000`0025f888+38+8 00000000`0025f8c8 00000000`58011ca0 00000001`3f49e338 00000000`0025f8d8 00000000`0047002a 00000000`00000001 00000000`0025f8e8 00000001`3f491593 00000000`006713a4 00000000`0025f8f8 00000000`776b75b0 00000000`00000000 00000000`0025f908 00000000`776b9bef 00000000`00000000 00000000`0025f918 00000001`3f4915b3 00000000`006713a4 00000000`0025f928 00000000`02010005 00000000`006713a4 00000000`0025f938 00000000`00000000 00000000`000000a1 0:000> dp 00000000`0025f888+40+8 00000000`0025f8d0 00000001`3f49e338 00000000`0047002a 00000000`0025f8e0 00000000`00000001 00000001`3f491593 00000000`0025f8f0 00000000`006713a4 00000000`776b75b0 00000000`0025f900 00000000`00000000 00000000`776b9bef 00000000`0025f910 00000000`00000000 00000001`3f4915b3 00000000`0025f920 00000000`006713a4 00000000`02010005 00000000`0025f930 00000000`006713a4 00000000`00000000 00000000`0025f940 00000000`000000a1 00000001`3f491309 0:000> du 00000001`3f49e338 00000001`3f49e338 "Hello Weird!" 0:000> dp 00000000`0025f888+20+8 00000000`0025f8b0 00000000`0fffffff 000007fe`faf31445 00000000`0025f8c0 00000000`0fffffff 00000000`58011ca0 00000000`0025f8d0 00000001`3f49e338 00000000`0047002a 00000000`0025f8e0 00000000`00000001 00000001`3f491593 00000000`0025f8f0 00000000`006713a4 00000000`776b75b0 00000000`0025f900 00000000`00000000 00000000`776b9bef 00000000`0025f910 00000000`00000000 00000001`3f4915b3 00000000`0025f920 00000000`006713a4 00000000`02010005 0:000> k Child-SP RetAddr Call Site 00000000`0025e318 000007fe`fd701430 ntdll!NtWaitForMultipleObjects+0xa 00000000`0025e320 00000000`775a2ce3 KERNELBASE!WaitForMultipleObjectsEx+0xe8 00000000`0025e420 00000000`77619105 kernel32!WaitForMultipleObjectsExImplementation+0xb3 00000000`0025e4b0 00000000`77619287 kernel32!WerpReportFaultInternal+0x215 00000000`0025e550 00000000`776192df kernel32!WerpReportFault+0x77 00000000`0025e580 00000000`776194fc kernel32!BasepReportFault+0x1f 00000000`0025e5b0 00000000`778343b8 kernel32!UnhandledExceptionFilter+0x1fc 00000000`0025e690 00000000`777b85a8 ntdll! ?? ::FNODOBFM::`string'+0x2365 00000000`0025e6c0 00000000`777c9d0d ntdll!_C_specific_handler+0x8c 00000000`0025e730 00000000`777b91af ntdll!RtlpExecuteHandlerForException+0xd 00000000`0025e760 00000000`777f1278 ntdll!RtlDispatchException+0x45a 00000000`0025ee40 000007fe`fdb1f367 ntdll!KiUserExceptionDispatch+0x2e 00000000`0025f550 000007fe`fdaec294 usp10!DoubleWideCharMappedString::DoubleWideCharMappedString+0x117 00000000`0025f5a0 000007fe`fdad2289 usp10!ScriptIsComplex+0x54 00000000`0025f690 000007fe`fdad1897 lpk!InternalTextOut+0x14d 00000000`0025f760 000007fe`fd9cfa61 lpk!LpkExtTextOut+0x57 00000000`0025f7d0 00000001`3f49155a gdi32!TextOutW+0x337 00000000`0025f890 00000001`3f491593 LastCall+0x155a 00000000`0025f8f0 00000001`3f4915b3 LastCall+0x1593 00000000`0025f920 00000001`3f491309 LastCall+0x15b3 00000000`0025f950 00000000`776b9bd1 LastCall+0x1309 00000000`0025fa10 00000000`776b98da user32!UserCallWinProcCheckWow+0x1ad 00000000`0025fad0 00000001`3f4910d0 user32!DispatchMessageWorker+0x3b5 00000000`0025fb50 00000001`3f491738 LastCall+0x10d0 00000000`0025fbc0 00000000`7759652d LastCall+0x1738 00000000`0025fc00 00000000`777cc521 kernel32!BaseThreadInitThunk+0xd 00000000`0025fc30 00000000`00000000 ntdll!RtlUserThreadStart+0x1d