Hi all, again!

Still having problems with some machines.
Fact: "Zfdinvscanner.e.exe has generated an error"'
Windows 2000, SP4, IE 6.0.2800
Novell Client 4.90 SP2

Here is the logs:

FILEMON (the last 100 lines):
----------
4420 10:43:45 ZfDInvScanner.e:1516 OPEN C:\DOCUME~1
\ADMINI~1\LOCALS~1\Temp\ SUCCESS Options: Open Directory Access:
All
4421 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\DOCUME~1
\ADMINI~1\LOCALS~1\Temp\ SUCCESS
4422 10:43:45 ZfDInvScanner.e:1516 OPEN C:\DOCUME~1
SUCCESS Options: Open Access: All
4423 10:43:45 ZfDInvScanner.e:1516 QUERY INFORMATION
C:\DOCUME~1 SUCCESS Attributes: D
4424 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\DOCUME~1
SUCCESS
4425 10:43:45 ZfDInvScanner.e:1516 OPEN C:\ SUCCESS
Options: Open Directory Access: All
4426 10:43:45 ZfDInvScanner.e:1516 DIRECTORY C:\
SUCCESS FileBothDirectoryInformation: DOCUME~1
4427 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\ SUCCESS

4428 10:43:45 ZfDInvScanner.e:1516 OPEN C:\DOCUME~1
\ADMINI~1 SUCCESS Options: Open Access: All
4429 10:43:45 ZfDInvScanner.e:1516 QUERY INFORMATION
C:\DOCUME~1\ADMINI~1 SUCCESS Attributes: D
4430 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\DOCUME~1
\ADMINI~1 SUCCESS
4431 10:43:45 ZfDInvScanner.e:1516 OPEN C:\DOCUME~1\
SUCCESS Options: Open Directory Access: All
4432 10:43:45 ZfDInvScanner.e:1516 DIRECTORY C:\DOCUME~1
\ SUCCESS FileBothDirectoryInformation: ADMINI~1
4433 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\DOCUME~1\
SUCCESS
4434 10:43:45 ZfDInvScanner.e:1516 OPEN C:\DOCUME~1
\ADMINI~1\LOCALS~1 SUCCESS Options: Open Access: All
4435 10:43:45 ZfDInvScanner.e:1516 QUERY INFORMATION
C:\DOCUME~1\ADMINI~1\LOCALS~1 SUCCESS Attributes: DH
4436 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\DOCUME~1
\ADMINI~1\LOCALS~1 SUCCESS
4437 10:43:45 ZfDInvScanner.e:1516 OPEN C:\DOCUME~1
\ADMINI~1\ SUCCESS Options: Open Directory Access: All
4438 10:43:45 ZfDInvScanner.e:1516 DIRECTORY C:\DOCUME~1
\ADMINI~1\ SUCCESS FileBothDirectoryInformation: LOCALS~1
4439 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\DOCUME~1
\ADMINI~1\ SUCCESS
4440 10:43:45 ZfDInvScanner.e:1516 OPEN C:\DOCUME~1
\ADMINI~1\LOCALS~1\Temp SUCCESS Options: Open Access: All
4441 10:43:45 ZfDInvScanner.e:1516 QUERY INFORMATION
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp SUCCESS Attributes: D
4442 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\DOCUME~1
\ADMINI~1\LOCALS~1\Temp SUCCESS
4443 10:43:45 ZfDInvScanner.e:1516 OPEN C:\DOCUME~1
\ADMINI~1\LOCALS~1\ SUCCESS Options: Open Directory Access: All
4444 10:43:45 ZfDInvScanner.e:1516 DIRECTORY C:\DOCUME~1
\ADMINI~1\LOCALS~1\ SUCCESS FileBothDirectoryInformation: Temp
4445 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\DOCUME~1
\ADMINI~1\LOCALS~1\ SUCCESS
4446 10:43:45 ZfDInvScanner.e:1516 OPEN C:\DOCUME~1
SUCCESS Options: Open Access: All
4447 10:43:45 ZfDInvScanner.e:1516 QUERY INFORMATION
C:\DOCUME~1 SUCCESS Attributes: D
4448 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\DOCUME~1
SUCCESS
4449 10:43:45 ZfDInvScanner.e:1516 OPEN C:\ SUCCESS
Options: Open Directory Access: All
4450 10:43:45 ZfDInvScanner.e:1516 DIRECTORY C:\
SUCCESS FileBothDirectoryInformation: DOCUME~1
4451 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\ SUCCESS

4452 10:43:45 ZfDInvScanner.e:1516 OPEN C:\DOCUME~1
\ADMINI~1 SUCCESS Options: Open Access: All
4453 10:43:45 ZfDInvScanner.e:1516 QUERY INFORMATION
C:\DOCUME~1\ADMINI~1 SUCCESS Attributes: D
4454 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\DOCUME~1
\ADMINI~1 SUCCESS
4455 10:43:45 ZfDInvScanner.e:1516 OPEN C:\DOCUME~1\
SUCCESS Options: Open Directory Access: All
4456 10:43:45 ZfDInvScanner.e:1516 DIRECTORY C:\DOCUME~1
\ SUCCESS FileBothDirectoryInformation: ADMINI~1
4457 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\DOCUME~1\
SUCCESS
4458 10:43:45 ZfDInvScanner.e:1516 OPEN C:\DOCUME~1
\ADMINI~1\LOCALS~1 SUCCESS Options: Open Access: All
4459 10:43:45 ZfDInvScanner.e:1516 QUERY INFORMATION
C:\DOCUME~1\ADMINI~1\LOCALS~1 SUCCESS Attributes: DH
4460 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\DOCUME~1
\ADMINI~1\LOCALS~1 SUCCESS
4461 10:43:45 ZfDInvScanner.e:1516 OPEN C:\DOCUME~1
\ADMINI~1\ SUCCESS Options: Open Directory Access: All
4462 10:43:45 ZfDInvScanner.e:1516 DIRECTORY C:\DOCUME~1
\ADMINI~1\ SUCCESS FileBothDirectoryInformation: LOCALS~1
4463 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\DOCUME~1
\ADMINI~1\ SUCCESS
4464 10:43:45 ZfDInvScanner.e:1516 OPEN C:\DOCUME~1
\ADMINI~1\LOCALS~1\Temp SUCCESS Options: Open Access: All
4465 10:43:45 ZfDInvScanner.e:1516 QUERY INFORMATION
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp SUCCESS Attributes: D
4466 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\DOCUME~1
\ADMINI~1\LOCALS~1\Temp SUCCESS
4467 10:43:45 ZfDInvScanner.e:1516 OPEN C:\DOCUME~1
\ADMINI~1\LOCALS~1\ SUCCESS Options: Open Directory Access: All
4468 10:43:45 ZfDInvScanner.e:1516 DIRECTORY C:\DOCUME~1
\ADMINI~1\LOCALS~1\ SUCCESS FileBothDirectoryInformation: Temp
4469 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\DOCUME~1
\ADMINI~1\LOCALS~1\ SUCCESS
4470 10:43:45 ZfDInvScanner.e:1516 OPEN C:\DOCUME~1
\ADMINI~1\LOCALS~1\Temp\ SUCCESS Options: Open Access: All
4471 10:43:45 ZfDInvScanner.e:1516 QUERY INFORMATION
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ SUCCESS Attributes: D
4472 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\DOCUME~1
\ADMINI~1\LOCALS~1\Temp\ SUCCESS
4473 10:43:45 ZfDInvScanner.e:1516 OPEN C:\DOCUME~1
\ADMINI~1\LOCALS~1\Temp\ SUCCESS Options: Open Directory Access:
All
4474 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\DOCUME~1
\ADMINI~1\LOCALS~1\Temp\ SUCCESS
4475 10:43:45 ZfDInvScanner.e:1516 READ
C:\Zenworks\PrivateDictionary.xml SUCCESS Offset: 16384
Length: 4096
4476 10:43:45 ZfDInvScanner.e:1516 READ
C:\Zenworks\PrivateDictionary.xml SUCCESS Offset: 20480
Length: 4096
4477 10:43:45 ZfDInvScanner.e:1516 READ
C:\Zenworks\PrivateDictionary.xml END OF FILE Offset:
24169 Length: 4096
4478 10:43:45 ZfDInvScanner.e:1516 CLOSE
C:\Zenworks\PrivateDictionary.xml SUCCESS
4479 10:43:45 ZfDInvScanner.e:1516 OPEN
C:\Zenworks\PrivateDictionary.xml SUCCESS Options: Open
Access: All
4480 10:43:45 ZfDInvScanner.e:1516 OPEN
C:\Zenworks\PrivateDictionary.xml SUCCESS Options: Open
Access: All
4481 10:43:45 ZfDInvScanner.e:1516 QUERY INFORMATION
C:\Zenworks\PrivateDictionary.xml SUCCESS
FileFsVolumeInformation
4482 10:43:45 ZfDInvScanner.e:1516 QUERY INFORMATION
C:\Zenworks\PrivateDictionary.xml SUCCESS
FileInternalInformation
4483 10:43:45 ZfDInvScanner.e:1516 QUERY INFORMATION
C:\Zenworks\PrivateDictionary.xml SUCCESS Length: 24169
4484 10:43:45 ZfDInvScanner.e:1516 CLOSE
C:\Zenworks\PrivateDictionary.xml SUCCESS
4485 10:43:45 ZfDInvScanner.e:1516 READ
C:\Zenworks\PrivateDictionary.xml SUCCESS Offset: 0 Length:
4096
4486 10:43:45 ZfDInvScanner.e:1516 READ
C:\Zenworks\PrivateDictionary.xml SUCCESS Offset: 4096
Length: 4096
4487 10:43:45 ZfDInvScanner.e:1516 READ
C:\Zenworks\PrivateDictionary.xml SUCCESS Offset: 8192
Length: 4096
4488 10:43:45 ZfDInvScanner.e:1516 READ
C:\Zenworks\PrivateDictionary.xml SUCCESS Offset: 12288
Length: 4096
4489 10:43:45 ZfDInvScanner.e:1516 READ
C:\Zenworks\PrivateDictionary.xml SUCCESS Offset: 16384
Length: 4096
4490 10:43:45 ZfDInvScanner.e:1516 READ
C:\Zenworks\PrivateDictionary.xml SUCCESS Offset: 20480
Length: 4096
4491 10:43:45 ZfDInvScanner.e:1516 READ
C:\Zenworks\PrivateDictionary.xml END OF FILE Offset:
24169 Length: 4096
4492 10:43:45 ZfDInvScanner.e:1516 CLOSE
C:\Zenworks\PrivateDictionary.xml SUCCESS
4493 10:43:45 ZfDInvScanner.e:1516 OPEN C:\Program
Files\Novell\ZENworks\Inventory\drwtsn32.exe FILE NOT FOUND Options:
Open Access: All
4494 10:43:45 ZfDInvScanner.e:1516 OPEN C:\Program
Files\Novell\ZENworks\Inventory\drwtsn32.exe FILE NOT FOUND Options:
Open Access: All
4495 10:43:45 ZfDInvScanner.e:1516 OPEN C:\WINNT\system32
\drwtsn32.exe SUCCESS Options: Open Access: All
4496 10:43:45 ZfDInvScanner.e:1516 QUERY INFORMATION
C:\WINNT\system32\drwtsn32.exe SUCCESS Attributes: A
4497 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\WINNT\system32
\drwtsn32.exe SUCCESS
4498 10:43:45 ZfDInvScanner.e:1516 OPEN C:\WINNT\system32
\drwtsn32.exe SUCCESS Options: Open Access: All
4499 10:43:45 ZfDInvScanner.e:1516 QUERY INFORMATION
C:\WINNT\system32\drwtsn32.exe SUCCESS Attributes: A
4500 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\WINNT\system32
\drwtsn32.exe SUCCESS
4501 10:43:45 ZfDInvScanner.e:1516 OPEN C:\WINNT\system32
\drwtsn32.exe SUCCESS Options: Open Access: Execute
4502 10:43:45 ZfDInvScanner.e:1516 OPEN C:\WINNT\system32
\drwtsn32.exe SUCCESS Options: Open Access: All
4503 10:43:45 ZfDInvScanner.e:1516 QUERY INFORMATION
C:\WINNT\system32\drwtsn32.exe SUCCESS FileFsVolumeInformation
4504 10:43:45 ZfDInvScanner.e:1516 QUERY INFORMATION
C:\WINNT\system32\drwtsn32.exe SUCCESS FileInternalInformation
4505 10:43:45 ZfDInvScanner.e:1516 QUERY INFORMATION
C:\WINNT\system32\drwtsn32.exe SUCCESS Length: 72464
4506 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\WINNT\system32
\drwtsn32.exe SUCCESS
4507 10:43:45 ZfDInvScanner.e:1516 CLOSE C:\WINNT\system32
\drwtsn32.exe SUCCESS
4508 10:43:45 CSRSS.EXE:216 OPEN C:\Program
Files\Novell\ZENworks\Inventory\ZfDInvScanner.exe SUCCESS Options:
Open Access: All
4509 10:43:45 CSRSS.EXE:216 OPEN C:\Program
Files\Novell\ZENworks\Inventory\ZfDInvScanner.exe SUCCESS Options:
Open Access: All
4510 10:43:45 CSRSS.EXE:216 QUERY INFORMATION C:\Program
Files\Novell\ZENworks\Inventory\ZfDInvScanner.exe SUCCESS
FileFsVolumeInformation
4511 10:43:45 CSRSS.EXE:216 QUERY INFORMATION C:\Program
Files\Novell\ZENworks\Inventory\ZfDInvScanner.exe SUCCESS
FileInternalInformation
4512 10:43:45 CSRSS.EXE:216 QUERY INFORMATION C:\Program
Files\Novell\ZENworks\Inventory\ZfDInvScanner.exe SUCCESS Length:
516096
4513 10:43:45 CSRSS.EXE:216 CLOSE C:\Program
Files\Novell\ZENworks\Inventory\ZfDInvScanner.exe SUCCESS
4514 10:43:45 DRWTSN32.EXE:2136 QUERY INFORMATION
C:\Program Files\Novell\ZENworks\Inventory\ZfDInvScanner.exe
SUCCESS Length: 516096
4515 10:43:45 DRWTSN32.EXE:2136 QUERY INFORMATION
C:\Program Files\Novell\ZENworks\Inventory\ZfDInvScanner.exe
SUCCESS Length: 516096
4516 10:43:47 ZfDInvScanner.e:2136 READ C: SUCCESS
Offset: 13824 Length: 12800
4517 10:43:47 ZfDInvScanner.e:2136 READ C: SUCCESS
Offset: 26624 Length: 1024
4518 10:43:47 ZfDInvScanner.e:2136 READ C: SUCCESS
Offset: 27648 Length: 1024
4519 10:43:47 ZfDInvScanner.e:1516 CLOSE C:\Program
Files\Novell\ZENworks\Inventory SUCCESS
4520 10:43:47 ZfDInvScanner.e:1516 CLOSE
C:\Zenworks\ZenErrors.log SUCCESS
4521 10:43:48 DRWTSN32.EXE:2136 CLOSE C:\Program
Files\Novell\ZENworks\Inventory\ZfDInvScanner.exe SUCCESS


DRWTSN LOG (Complete):

Application exception occurred:
App: (pid=1936)
When: 12/1/2004 @ 17:30:46.654
Exception number: c0000005 (access violation)

*----> System Information <----*
Computer Name: L0005
User Name: Administrator
Number of Processors: 1
Processor Type: x86 Family 6 Model 13 Stepping 6
Windows 2000 Version: 5.0
Current Build: 2195
Service Pack: 4
Current Type: Uniprocessor Free
Registered Organization: Johnson Matthey AB
Registered Owner: Presentation

*----> Task List <----*
0 Idle.exe
8 System.exe
192 SMSS.exe
216 CSRSS.exe
212 WINLOGON.exe
264 SERVICES.exe
276 LSASS.exe
400 ati2evxx.exe
448 S24EvMon.exe
500 SVCHOST.exe
548 SVCHOST.exe
584 ccSetMgr.exe
608 ccEvtMgr.exe
708 SPOOLSV.exe
740 BAsfIpM.exe
760 btwdins.exe
792 DefWatch.exe
828 NALNTSRV.exe
876 RegSrvc.exe
924 ZenRem32.exe
944 REGSVC.exe
956 SavRoam.exe
976 SCARDSVR.exe
1000 mstask.exe
912 Rtvscan.exe
1092 SVCHOST.exe
1104 WM.exe
1456 WMRUNDLL.exe
1504 xtagent.exe
1212 ZCfgSvc.exe
1688 ati2evxx.exe
1740 1XConfig.exe
1592 EXPLORER.exe
1784 Apoint.exe
1900 atiptaxx.exe
1808 PRONoMgr.exe
1772 NalAgent.exe
1964 quickset.exe
1972 prpcui.exe
1988 ApntEx.exe
2056 Directcd.exe
2064 dpmw32.exe
2076 nwtray.exe
2104 ccApp.exe
2172 VPTray.exe
1704 TASKMGR.exe
2152 WINMGMT.exe
1424 REGEDIT.exe
1936 ZfDInvScanner.e.exe
1496 DRWTSN32.exe
0 _Total.exe

(00400000 - 00489000)
(77F80000 - 77FFD000)
(77E10000 - 77E75000)
(7C570000 - 7C623000)
(77F40000 - 77F7B000)
(7C2D0000 - 7C332000)
(77D30000 - 77DA1000)
(75050000 - 75058000)
(75030000 - 75044000)
(78000000 - 78045000)
(75020000 - 75028000)
(77820000 - 77827000)
(759B0000 - 759B6000)
(77880000 - 7790E000)
(7C0F0000 - 7C151000)
(77570000 - 775A0000)
(20000000 - 2000F000)
(779B0000 - 77A4B000)
(77A50000 - 77B3F000)
(71710000 - 71794000)
(10000000 - 1000B000)
(01150000 - 01177000)
(68000000 - 680F4000)
(70A70000 - 70AD9000)
(76620000 - 76630000)
(77340000 - 77353000)
(77520000 - 77525000)
(77320000 - 77337000)
(75150000 - 7515F000)
(75170000 - 751BF000)
(7C340000 - 7C34F000)
(77BF0000 - 77C01000)
(77980000 - 779A4000)
(77950000 - 7797A000)
(751C0000 - 751C6000)
(773B0000 - 773DF000)
(77380000 - 773A3000)
(77830000 - 7783E000)
(774E0000 - 77513000)
(774C0000 - 774D1000)
(77530000 - 77552000)
(77360000 - 77379000)
(782F0000 - 78535000)
(68100000 - 68126000)
(012E0000 - 012F3000)
(68200000 - 6821C000)
(50D50000 - 50D97000)
(50D00000 - 50D15000)
(50DF0000 - 50E10000)
(50DB0000 - 50DDB000)
(50D20000 - 50D4B000)
(50DA0000 - 50DAB000)
(01310000 - 01366000)
(775A0000 - 77630000)
(015F0000 - 015FB000)
(690A0000 - 690AB000)
(01600000 - 01607000)
(58200000 - 582C9000)
(58300000 - 58338000)
(58380000 - 583BD000)
(6A400000 - 6A41B000)
(01930000 - 0194D000)
(01950000 - 019C2000)
(75160000 - 7516C000)
(75210000 - 75225000)
(751D0000 - 75208000)
(65A60000 - 65A6A000)
(65C20000 - 65CCD000)
(65A30000 - 65A3A000)
(01B10000 - 01B22000)
(700E0000 - 70106000)
(01B40000 - 01D44000)

State Dump for Thread Id 0x794

eax=00485d4b ebx=00d2958c ecx=00000035 edx=00d2958c esi=00d2958d
edi=00000035
eip=00440ab3 esp=0012f2a4 ebp=0012f2b0 iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000206


function: <nosymbols>
00440a99 8b7d08 mov edi,[ebp+0x8]
ss:00bf9196=????????
00440a9c 8d05785d4800 lea eax,[00485d78]
ds:00485d78=00000000
00440aa2 83780800 cmp dword ptr [eax+0x8],0x0
ds:00f4fc31=????????
00440aa6 753b jnz 0044bae3
00440aa8 b0ff mov al,0xff
00440aaa 8bff mov edi,edi
00440aac 0ac0 or al,al
00440aae 742e jz 004494de
00440ab0 8a06 mov al,[esi]
ds:00d2958d=42
00440ab2 46 inc esi
FAULT ->00440ab3 8a27 mov ah,[edi]
ds:00000035=??
00440ab5 47 inc edi
00440ab6 38c4 cmp ah,al
00440ab8 74f2 jz 004437ac
00440aba 2c41 sub al,0x41
00440abc 3c1a cmp al,0x1a
00440abe 1ac9 sbb cl,cl
00440ac0 80e120 and cl,0x20
00440ac3 02c1 add al,cl
00440ac5 0441 add al,0x41
00440ac7 86e0 xchg al,ah
00440ac9 2c41 sub al,0x41

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0012F2B0 004342F8 00000035 00D2958C 0012F328 0012F34C !<nosymbols>
00D29588 3338424B 37303734 3645492D 2D315053 34303032 !<nosymbols>
00000001 00000000 00000000 00000000 00000000 00000000 <nosymbols>

*----> Raw Stack Dump <----*
0012f2a4 8c 95 d2 00 31 00 00 00 - 31 00 00 00 88 95 d2
00 ....1...1.......
0012f2b4 f8 42 43 00 35 00 00 00 - 8c 95 d2 00 28 f3 12 00 .BC.5.......
(...
0012f2c4 4c f3 12 00 0e 00 00 00 - 00 00 00 00 99 5a 43 00
L............ZC.
0012f2d4 90 8a d2 00 04 f3 12 00 - 50 39 47 00 2c f3 12
00 ........P9G.,...
0012f2e4 00 00 00 00 00 00 00 00 - c0 ff 12 00 00 00 00
00 ................
0012f2f4 80 02 00 00 1f 00 00 00 - 30 e2 3f 3d 19 cb c4 01 ........0.?
=....
0012f304 55 1f f8 77 4b 42 38 33 - 34 37 30 37 2d 49 45 36 U..wKB834707-
IE6
0012f314 53 50 31 2d 32 30 30 34 - 30 39 32 39 2e 30 39 31 SP1-
20040929.091
0012f324 39 30 31 00 31 00 12 00 - 4b 42 38 33 34 37 30 37
901.1...KB834707
0012f334 2d 49 45 36 53 50 31 2d - 32 30 30 34 30 39 32 39 -IE6SP1-
20040929
0012f344 2e 30 39 31 39 30 31 00 - 31 00 d2 00 46 01 00
00 .091901.1...F...
0012f354 a8 6c d2 00 60 8b d2 00 - 00 00 00 00 00 00 00
00 .l..`...........
0012f364 00 00 00 00 00 00 00 00 - 00 f4 12 00 04 00 00
00 ................
0012f374 40 f5 12 00 c0 f4 12 00 - 00 00 d2 00 04 00 00 00
@...............
0012f384 00 00 00 00 00 00 d2 00 - 30 00 3e 02 a8 6c d2
00 ........0.>..l..
0012f394 01 00 00 00 58 00 3e 02 - 00 f3 12 00 04 00 00
00 ....X.>.........
0012f3a4 b0 ff 12 00 55 1f f8 77 - 00 00 d2 00 04 00 00
00 ....U..w........
0012f3b4 00 00 d2 00 98 01 00 00 - 90 8a d2 00 a8 6c d2
00 .............l..
0012f3c4 01 00 00 00 00 f5 12 00 - 50 f3 12 00 00 00 d2
00 ........P.......
0012f3d4 b0 ff 12 00 55 1f f8 77 - 28 25 f8 77 ff ff ff ff ....U..w
(%.w....

State Dump for Thread Id 0x4b0

eax=778321fe ebx=00000003 ecx=0012f244 edx=00000000 esi=77f82873
edi=00000003
eip=77f8287e esp=0128fd24 ebp=0128fd70 iopl=0 nv up ei pl zr na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000246


function: NtWaitForMultipleObjects
77f82873 b8e9000000 mov eax,0xe9
77f82878 8d542404 lea edx,[esp+0x4]
ss:01d59c0b=????????
77f8287c cd2e int 2e
77f8287e c21400 ret 0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
0128FD70 7C59A0C2 0128FD48 00000001 00000000 00000000 ntdll!
NtWaitForMultipleObjects
0128FFB4 7C57B388 00000004 000B000A 7C325107 00138E40 kernel32!
WaitForMultipleObjects
0128FFEC 00000000 778321FE 00138E40 00000000 000000C8 kernel32!lstrcmpiW

*----> Raw Stack Dump <----*
0128fd24 af a1 59 7c 03 00 00 00 - 48 fd 28 01 01 00 00 00 ..Y|....H.
(.....
0128fd34 00 00 00 00 00 00 00 00 - 00 00 00 00 40 8e 13
00 ............@...
0128fd44 01 00 00 00 b0 00 00 00 - b4 00 00 00 c4 00 00
00 ................
0128fd54 8c fc 44 e1 04 00 00 00 - 00 00 00 00 00 00 00
00 ..D.............
0128fd64 a8 f9 0a 82 04 00 00 00 - 01 00 00 00 b4 ff 28 01 ..............
(.
0128fd74 c2 a0 59 7c 48 fd 28 01 - 01 00 00 00 00 00 00 00 ..Y|H.
(.........
0128fd84 00 00 00 00 00 00 00 00 - b2 22 83 77 03 00 00
00 .........".w....
0128fd94 b0 fe 28 01 00 00 00 00 - ff ff ff ff 40 8e 13 00 ..
(.........@...
0128fda4 07 51 32 7c 0a 00 0b 00 - a8 82 4d 80 4e e3 44
80 .Q2|......M.N.D.
0128fdb4 78 fc 44 e1 00 00 00 00 - 00 00 00 00 38 00 00 00
x.D.........8...
0128fdc4 23 00 00 00 23 00 00 00 - 0a 00 0b 00 07 51 32 7c
#...#........Q2|
0128fdd4 40 8e 13 00 ff ff ff ff - 44 f2 12 00 fe 21 83 77
@.......D....!.w
0128fde4 f8 eb fd 7f 00 b7 57 7c - 1b 00 00 00 00 02 00
00 ......W|........
0128fdf4 fc ff 28 01 23 00 00 00 - 00 00 00 00 05 00 00 00 ..
(.#...........
0128fe04 04 00 00 00 05 cf 40 80 - 98 00 00 00 f8 00 00
00 ......@.........
0128fe14 00 00 00 00 04 00 00 00 - 24 00 01 e1 05 00 00
00 ........$.......
0128fe24 00 00 c8 00 16 65 4d 81 - 00 00 00 00 48 05 fe
e2 .....eM.....H...
0128fe34 00 00 00 00 48 03 00 00 - 68 81 00 e1 30 00 30
00 ....H...h...0.0.
0128fe44 e6 64 4d 81 b4 8b 54 b2 - b5 f5 44 80 88 83 00
e1 .dM...T...D.....
0128fe54 01 ef 0a 82 c0 12 48 80 - e8 2e 0b 82 b0 8c 54
b2 ......H.......T.

State Dump for Thread Id 0x5bc

eax=77d358be ebx=00143410 ecx=0012e83c edx=00000000 esi=00143328
edi=00000100
eip=77f83310 esp=014efe28 ebp=014eff74 iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000206


function: ZwReplyWaitReceivePortEx
77f83305 b8ac000000 mov eax,0xac
77f8330a 8d542404 lea edx,[esp+0x4]
ss:01fb9d0f=3a303100
77f8330e cd2e int 2e
77f83310 c21400 ret 0x14

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
014EFF74 77D37B4C 77D35924 00143328 77D33E01 00130000 ntdll!
ZwReplyWaitReceivePortEx
014EFFA8 77D358D6 00142C18 014EFFEC 7C57B388 00143410 rpcrt4!
NdrCorrelationInitialize
014EFFB4 7C57B388 00143410 77D33E01 00130000 00143410 rpcrt4!
RpcBindingFree
014EFFEC 00000000 00000000 00000000 00000000 00000000 kernel32!lstrcmpiW

State Dump for Thread Id 0x90c

eax=77ab502c ebx=00000102 ecx=01ea01e8 edx=00000000 esi=77f82826
edi=015eff74
eip=77f82831 esp=015eff60 ebp=015eff7c iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000
efl=00000206


function: NtDelayExecution
77f82826 b832000000 mov eax,0x32
77f8282b 8d542404 lea edx,[esp+0x4]
ss:020b9e47=0b9dd000
77f8282f cd2e int 2e
77f82831 c20800 ret 0x8
77f82834 53 push ebx
77f82835 51 push ecx
77f82836 6a00 push 0x0
77f82838 c70701000000 mov dword ptr [edi],0x1
ds:015eff74=dc3cba00
77f8283e ff750c push dword ptr [ebp+0xc]
ss:020b9e62=ffffffff
77f82841 50 push eax
77f82842 e879fdffff call RtlMultiByteToUnicodeN (77f825c0)
77f82847 e928fcffff jmp RtlConsoleMultiByteToUnicodeN+0x333
(77f82474)

*----> Stack Back Trace <----*

FramePtr ReturnAd Param#1 Param#2 Param#3 Param#4 Function Name
015EFF7C 7C59A20E 0000EA60 00000000 77AB8FFB 0000EA60 ntdll!
NtDelayExecution
00007530 00000000 00000000 00000000 00000000 00000000 kernel32!Sleep

*----> Raw Stack Dump <----*
015eff60 43 a2 59 7c 00 00 00 00 - 74 ff 5e 01 73 9f 59 7c
C.Y|....t.^.s.Y|
015eff70 80 5c 14 00 00 ba 3c dc - ff ff ff ff 30 75 00
00 .\....<.....0u..
015eff80 0e a2 59 7c 60 ea 00 00 - 00 00 00 00 fb 8f ab
77 ..Y|`..........w
015eff90 60 ea 00 00 ee 50 ab 77 - 00 00 00 00 00 00 a5 77
`....P.w.......w
015effa0 80 5c 14 00 ec ff 5e 01 - 80 5c 14 00 46 50 ab
77 .\....^..\..FP.w
015effb0 45 7d a6 77 30 7d a6 77 - 88 b3 57 7c 80 5c 14 00
E}.w0}.w..W|.\..
015effc0 45 7d a6 77 30 7d a6 77 - 80 5c 14 00 00 b0 fd 7f
E}.w0}.w.\......
015effd0 e8 01 ea 01 c0 ff 5e 01 - e8 01 ea 01 ff ff ff
ff ......^.........
015effe0 44 1f 5c 7c 08 2b 57 7c - 00 00 00 00 00 00 00 00
D.\|.+W|........
015efff0 00 00 00 00 2c 50 ab 77 - 80 5c 14 00 00 00 00
00 ....,P.w.\......
015f0000 4d 5a 90 00 03 00 00 00 - 04 00 00 00 ff ff 00 00
MZ..............
015f0010 b8 00 00 00 00 00 00 00 - 40 00 00 00 00 00 00
00 ........@.......
015f0020 00 00 00 00 00 00 00 00 - 00 00 00 00 00 00 00
00 ................
015f0030 00 00 00 00 00 00 00 00 - 00 00 00 00 f8 00 00
00 ................
015f0040 0e 1f ba 0e 00 b4 09 cd - 21 b8 01 4c cd 21 54 68 ........!..L.!
Th
015f0050 69 73 20 70 72 6f 67 72 - 61 6d 20 63 61 6e 6e 6f is program
canno
015f0060 74 20 62 65 20 72 75 6e - 20 69 6e 20 44 4f 53 20 t be run in
DOS
015f0070 6d 6f 64 65 2e 0d 0d 0a - 24 00 00 00 00 00 00 00
mode....$.......
015f0080 27 b5 86 f4 63 d4 e8 a7 - 63 d4 e8 a7 63 d4 e8
a7 '...c...c...c...
015f0090 18 c8 e4 a7 62 d4 e8 a7 - e0 c8 e6 a7 62 d4 e8
a7 ....b.......b...