We define abstraction as selective ignorance. 



  2:	DllBase(0x0000000077ac0000)	C:\Windows\system32\ntdll.dll
  0:0000000077bb71f5 ==> ZwAcceptConnectPort
  1:0000000077bb7209 ==> ZwAccessCheck
  2:0000000077bb7217 ==> ZwAccessCheckAndAuditAlarm
  3:0000000077bb7232 ==> ZwAccessCheckByType
  4:0000000077bb7246 ==> ZwAccessCheckByTypeAndAuditAlarm
  5:0000000077bb7267 ==> ZwAccessCheckByTypeResultList
  6:0000000077bb7285 ==> ZwAccessCheckByTypeResultListAndAuditAlarm
  7:0000000077bb72b0 ==> ZwAccessCheckByTypeResultListAndAuditAlarmByHandle
  8:0000000077bb72e3 ==> ZwAcquireCMFViewOwnership
  9:0000000077bb72fd ==> ZwAddAtom
 10:0000000077bb7307 ==> ZwAddBootEntry

[---]

380:0000000077bb9074 ==> ZwWaitForMultipleObjects32
381:0000000077bb908f ==> ZwWaitForSingleObject
382:0000000077bb90a5 ==> ZwWaitForWorkViaWorkerFactory
383:0000000077bb90c3 ==> ZwWaitHighEventPair
384:0000000077bb90d7 ==> ZwWaitLowEventPair
385:0000000077bb90ea ==> ZwWorkerFactoryWorkerReady
386:0000000077bb9105 ==> ZwWriteFile
387:0000000077bb9111 ==> ZwWriteFileGather
388:0000000077bb9123 ==> ZwWriteRequestData
389:0000000077bb9136 ==> ZwWriteVirtualMemory
390:0000000077bb914b ==> ZwYieldExecution

0	nt!NtMapUserPhysicalPagesScatter (fffff800`0243ad40)
1	nt!NtWaitForSingleObject (fffff800`023077c0)
2	nt!NtCallbackReturn (fffff800`020a0590)
3	nt!NtReadFile (fffff800`022d2630)
4	nt!NtDeviceIoControlFile (fffff800`02312950)
5	nt!NtWriteFile (fffff800`02310660)
6	nt!NtRemoveIoCompletion (fffff800`022df7b0)
7	nt!NtReleaseSemaphore (fffff800`022c4454)
8	nt!NtReplyWaitReceivePort (fffff800`022d4f30)
9	nt!NtReplyPort (fffff800`022d2390)
10	nt!NtSetInformationThread (fffff800`022ce160)

[---]

380	nt!NtUnloadKey2 (fffff800`0246af10)
381	nt!NtUnloadKeyEx (fffff800`0246a870)
382	nt!NtUnlockFile (fffff800`022ac834)
383	nt!NtUnlockVirtualMemory (fffff800`02165180)
384	nt!NtVdmControl (fffff800`02467320)
385	nt!NtWaitForDebugEvent (fffff800`02412640)
386	nt!NtWaitForKeyedEvent (fffff800`02322e50)
387	nt!NtWaitForWorkViaWorkerFactory (fffff800`020d998c)
388	nt!NtWaitHighEventPair (fffff800`024082f0)
389	nt!NtWaitLowEventPair (fffff800`02408380)
390	nt!NtWorkerFactoryWorkerReady (fffff800`020dc16c)


HOME Windows Crash Dump Analysis Basics


Copyright©Takashi Toyota 2004- 2012
It is 2012-05-20 today.