Context Navigation

Back to Ticket #75

Ticket #75: PDUMP.001.txt

File PDUMP.001.txt, 40.0 KB (added by stevenhl, 7 years ago)
pdump.001 analysis

Line
1
2	2017-07-24 SHL
3
4	http://trac.netlabs.org/efte/ticket/75
5
6	IBM OS/2 Dump Formatter for a retail or an hstrict SMP kernel.
7	Formatter is --> Internal revision 14.106_SMP
8	Dump file is --> Internal revision 14.109_SMP (process dump)
9
10	-- This is probably Holger's patched kernel.
11
12	Symbol (d:\devtools\pmdf\14_106_smp_t60\os2krnlr.sym) linked
13
14	Current slot number: 0106
15
16	Slot Pid Ppid Csid Ord Sta Pri pTSD pPTDA pTCB Disp SG Name
17	*0106# 0134 0033 0134 0002 run 0500 f9282000 f984a7c0 f93a2030 0940 1f EFTEPM
18
19	eax=00000001 ebx=70207020 ecx=70207020 edx=70207020 esi=70207020 edi=70207020
20	eip=70207020 esp=00db9a9c ebp=70207020 iopl=0 rf -- -- nv up ei pl nz ac pe nc
21	cs=005b ss=0053 ds=0053 es=0053 fs=150b gs=0000 cr2=00000000 cr3=00000000 p=01
22
23	Invalid linear address: 005b:70207020
24
25	# .h
26	IBM OS/2 Dump Formatter for a retail or an hstrict SMP kernel.
27	Formatter is --> Internal revision 14.106_SMP
28	Dump file is --> Internal revision 14.109_SMP (process dump)
29
30	Dump Requested: 01/08/2017 - 10:18:34
31	Dump Started: 01/08/2017 - 10:18:35
32	Dump Completed: 01/08/2017 - 10:18:36
33	Free Space Req/Actual: 10240K / 4194303K
34	Dump File size: 69260672
35	Dump state: Normal
36	Dump cause: Trap
37	Kernel type: retail smp
38	Trap type: 0000000e
39	Key Pid/Tid/Slot: 0x0134/0x0002/0x0106
40	Req Pid/Tid: 0x0134/0x0002
41	Sys Collected Data: 000c1070
42
43	Defaults for System level (PDUMPSYS) dumps:
44	SYSSUMM IDT SYSFS SYSVM SYSTK SYSSEM TRACE STRACE SMP SYSIO SYSPG
45
46	Defaults for User level (PDUMPUSR) dumps:
47	SUMM PRIVATE SHARED INSTANCE MVDM SEM SYSLDR SYSFS SYSVM SYSSEM SYSIO SYSPG
48
49	Original Dump Filename: P:\EFTE\DUMP\PDUMP.001
50
51	PID:134
52	Requested Information:
53	Children:0 Parents:0 Kill:N
54	SUMM PRIVATE SHARED INSTANCE MVDM SEM SYSLDR SYSFS SYSVM SYSSEM SYSIO SYSPG
55	ALL data collected
56
57	TRAP SCREEN INFORMATION
58
59	------------------------------------------------------------
60	Trap screen 1 found at address #70:989c
61	This screen is most likely related to a previous trap.
62
63	P1=00000001 P2=70207020 P3=XXXXXXXX P4=XXXXXXXX
64	CS:EIP=005b:70207020 CSACC=f0df CSLIM=ffffffff
65	SS:ESP=0053:00db9a9c SSACC=f0f3 SSLIM=ffffffff
66	EBP=70207020 FLG=00010216
67	EAX=00000001 EBX=70207020 ECX=70207020 EDX=70207020
68	ESI=70207020 EDI=70207020
69	DS=0053 DSACC=f0f3 DSLIM=ffffffff
70	ES=0053 ESACC=f0f3 ESLIM=ffffffff
71	FS=150b FSACC=00f3 FSLIM=00000030
72	GS=0000 GSACC=** GSLIM=*****
73
74	No Symbols Found
75
76	------------------------------------------------------------------------
77
78
79	XWPHOOK 03/29/2016 01:10:00 33,546 M:\XWORKPLACE\BIN\XWPHOOK.DLL
80	PMMERGE 11/23/2014 18:39:22 1,754,169 M:\OS2\DLL\PMMERGE.DLL
81
82	# .p
83	Slot Pid Ppid Csid Ord Sta Pri pTSD pPTDA pTCB Disp SG Name
84	0105 0134 0033 0134 0001 crt 0500 f9281000 f984a7c0 f93a1d2c 0f10 1f EFTEPM
85	*0106# 0134 0033 0134 0002 run 0500 f9282000 f984a7c0 f93a2030 0940 1f EFTEPM
86
87	------------------------------------------------------------------------
88
89	-- Peek at thread 1
90
91	# .s 105
92	Current slot number: 0105
93
94	# r
95	eax=00000bb8 ebx=001c9561 ecx=00000000 edx=00000000 esi=1d684fbc edi=ffffffff
96	eip=1fcaf331 esp=0059eee8 ebp=0059ef20 iopl=0 -- -- -- nv up ei pl zr na pe nc
97	cs=005b ss=0053 ds=0053 es=0053 fs=150b gs=0000 cr2=00000000 cr3=00000000 p=**
98	005b:1fcaf331 83c40c add esp,+0c
99
100	# ln
101	%1fcaf1bc PMMERGE SleepPmq + 175
102
103	Analyzing Call Gate ...
104	is in a call to:
105	%1ffc09a0 DOSCALL1 DOS32PMWAITEVENTSEM
106
107	# k
108	005b:1fcb3c31 00000bff ffffffff 00000000 0059ef5c [PMMERGE WIN32PEEKMSG + c4d]
109
110	# %findsym
111	Finding from 0059ede8 to 0059efe8 by dword
112	59ee08: 1fc01a02 = MatchColorDirectDefaultPalette + c86 ; PMMERGE
113	59ee30: 1fc4497c = UpdatePhyColorAttributes + 3e4
114	59eedc: 00072dc6 = GFrame__InsertView + 2e
115	59eee4: 1fcaf331 = SleepPmq + 175
116	59ef04: 00072fff = GFrame__SetMenu + 3f
117	59ef24: 1fcb3c31 = WIN32PEEKMSG + c4d
118	59ef38: 00070001 = AVIOWndProc + 439
119	59efac: 1fcb1893 = WIN32GETMSG + 23
120	59efd0: 00073721 = GUI__RunProgram + 75
121	59f018: 00067c17 = main + b3
122	Scan stopped at 59f068 stopaddr 59efe8
123
124	------------------------------------------------------------------------
125
126	-- Back to trapping thread
127
128	# .s*
129
130	# .p#
131	Slot Pid Ppid Csid Ord Sta Pri pTSD pPTDA pTCB Disp SG Name
132	*0106# 0134 0033 0134 0002 run 0500 f9282000 f984a7c0 f93a2030 0940 1f EFTEPM
133
134	# .pu#
135	Slot Pid Ord pPTDA Name pstkframe CS:EIP SS:ESP cbargs
136	*0106# 0134 0002 f984a7c0 EFTEPM %f9282f38 005b:70207020 0053:00db9814 0000
137
138	# dd 00db9a9c (from trap scree)
139	0053:00db9a9c 70207020 70207020 70207020 70207020
140	0053:00db9aac 70207020 70207020 70207020 70207020
141	0053:00db9abc 70207020 70207020 70207020 70207020
142	0053:00db9acc 70207020 70207020 70207020 70207020
143	0053:00db9adc 70207020 70207020 70207020 70207020
144	0053:00db9aec 70207020 70207020 70207020 70207020
145	0053:00db9afc 70207020 70207020 70207020 00db9bd8
146	0053:00db9b0c 00db9bd8 00db9bdc 00000000 00000000
147	0053:00db9b1c 1d6ef038 1d6da248 1d6da248 00000000
148
149	-- Stack is trashed
150
151	# da %1d6da248
152	%1d6da248 WARPSANS
153
154	# da %1d6da248
155	%1d6da248 WARPSANS
156
157	-- Code may have been doing font action or this might just be leftovers.
158
159	hookSendMsgHook stack frame - maybe
160	eip hwnd
161	0053:00db9b2c 0000000c 00db9b80 1e05083f 80000043
162	msg mp1 mp2
163	0053:00db9b3c 00000008 00db9c50 00000000 00db9bd8
164	0053:00db9b4c 00000000 00db9bd8 1fcda7bb 00000004
165	0053:00db9b5c 00000004 00000000 1fcfbe02 00000009
166	0053:00db9b6c 00000000 1d6d03d4 1d6cf670 00db9cf4
167	0053:00db9b7c 00db9bb8 1fcb2f51 1fac0613 1dd2af80
168	0053:00db9b8c 0007a2c6 fffffffc 1d6cf670 00db9cf4
169
170	# ln %1e05083f
171	%1e050000 XWPHOOK G_HookData + 83f ; hookSendMsgHook + 2c
172
173	-- #define WM_ADJUSTWINDOWPOS 0x0008
174
175	-- Send hook handling WM_ADJUSTWINDOWPOS
176
177	# dd 00db9c50 (PSWP) - gibberish - probably overwritten
178
179	fl cy cx y
180	%00db9c50 00008000 00000001 00000001 00000001 SWP_NOAUTOCLOSE
181	x hwndIns
182	%00db9c60 00000001 00000001 00000001 00000001
183	%00db9c70 00000001 00000001 00000001 1d684a4a
184	%00db9c80 00000000 00000000 00000000 00000000
185
186	# .m %1e05083f
187	*har par cpg va flg next prev link hash hob hal
188	0d2b %fdfa91bc 00000010 %1e050000 3d9 0d2a 0d2c 0000 0000 0ea9 0000 hco=02a2a
189	hob har hobnxt flgs own hmte sown,cnt lt st xf
190	0ea9 0d2b 0000 0838 0ea7 0ea7 0000 00 00 00 00 shared m:xwphook.dll
191
192	TCBOrdinal : 0002
193
194	TCBptib : %005b0060
195
196	# %tib %005b0060
197
198	tib_pexchain ffffffff tib_pstack 00da0000 tib_pstacklimit 00dba000
199	tib_ptib2 005b0078 tib_version 00000014 tib_ordinal 00000106
200
201	tib2_ultid 00000002 tib2_ulpri 00000200 tib2_version 00000014
202	tib2_usMCCount 0000 tib2_fMCForceFlag 0000
203
204	? 00dba000 - 00da0000 = 0001a000H ; stack size
205
206	# %findsym 00db6000 00dba000
207	Finding from 00db6000 to 00dba000 by dword
208	db85e4: 0007eea9 = _parse_tz + 49
209	db85fc: 0007eb1b = _CacheOSTZ + 18b
210	db8604: 000abb70 = __end_dst + 30
211	db8608: 000abb70 = __end_dst + 30
212	db8648: 000abb70 = __end_dst + 30
213	db8650: 000abb4c = __end_dst + c
214	db8654: 0007f592 = _isindst + 212
215	db8668: 0007f164 = _brktime + 64
216	db868c: 000790f9 = write + 49
217	db86ac: 0007ea24 = _CacheOSTZ + 94
218	db86dc: 000773d8 = tmpnam + c8
219	db8774: 0007eea9 = _parse_tz + 49
220	db878c: 0007eb1b = _CacheOSTZ + 18b
221	db8794: 000abb70 = __end_dst + 30
222	db8798: 000abb70 = __end_dst + 30
223	db87d8: 0007a271 = _OS2RemoveThread + 41
224	db87e0: 0007a179 = _AllocInitThreadData + 19
225	db87f8: 00074ffb = _open_flags + b
226	db881c: 00074ca0 = use_os2_high_mem + 10
227	db882c: 00061238 = FileInfo__FileInfo + 28
228	db8838: 000614b9 = FileFind__FindFirst + 1a1
229	db8928: 00060a53 = SlashDir + 4b
230	db8978: 00060d9e = ExpandPath + 236
231	db8988: 0007eea9 = _parse_tz + 49
232	db89a0: 0007eb1b = _CacheOSTZ + 18b
233	db89a8: 000abb70 = __end_dst + 30
234	db89ac: 000abb70 = __end_dst + 30
235	db89ec: 000abb70 = __end_dst + 30
236	db89f4: 000abb4c = __end_dst + c
237	db89f8: 0007f592 = _isindst + 212
238	db8a0c: 0007f164 = _brktime + 64
239	db8a30: 000790f9 = write + 49
240	db8a50: 0007ea24 = _CacheOSTZ + 94
241	db8a80: 000773d8 = tmpnam + c8
242	db8b7c: 0007eea9 = _parse_tz + 49
243	db8b94: 0007eb1b = _CacheOSTZ + 18b
244	db8b9c: 000abb70 = __end_dst + 30
245	db8ba0: 000abb70 = __end_dst + 30
246	db8bb4: 1ffc77d9 = HT32_Exit + 5
247	db8bc0: 1ffc7de1 = THK32XHNDLR
248	db8bec: 1ffc3e8b = DOS32FINDNEXT + 3b
249	db8c34: 00061506 = FileFind__FindNext + 3a
250	db8ccc: 00060a53 = SlashDir + 4b
251	db8d1c: 00060d9e = ExpandPath + 236
252	db8d58: 1ffca438 = _xcptGPFDefaultAction + a0
253	db8d70: 1ffc9e7d = DOS32R3EXCEPTIONDISPATCHER + 165
254	db8eb4: 000751a9 = _open_flags + 1b9
255	db8edc: 0002c000 = EBuffer__UnTabPoint + a8
256	db8f14: 1ffc0053 = DOS32QUERYSYSINFO + a
257	db8f38: 000a0c40 = HistoryFileName + 30
258	db8f50: 1ffc87bc = DOS32OPENL
259	db8f60: 1ffc881b = DOS32OPENL + 5f
260	db8f68: 1ffc77d9 = HT32_Exit + 5
261	db8f74: 1ffc7de1 = THK32XHNDLR
262	db8f7c: 1ffc87bc = DOS32OPENL
263	db8f9c: 1ffc77d9 = HT32_Exit + 5
264	db8fa4: 1ffc2526 = DOS32READ + 2a
265	db8fac: 000acfc0 = FileBuffer + 30
266	db8fc4: 1ffc77d9 = HT32_Exit + 5
267	db8fd4: 000acfc0 = FileBuffer + 30
268	db8fec: 0007a271 = _OS2RemoveThread + 41
269	db8ff4: 0007a179 = _AllocInitThreadData + 19
270	db90c4: 1ffc5e51 = DOS32WRITE + 29
271	db90e4: 1ffc5e51 = DOS32WRITE + 29
272	db912c: 1ffc5e51 = DOS32WRITE + 29
273	db956c: 1ffc5e51 = DOS32WRITE + 29
274	db963c: 1ffc77d9 = HT32_Exit + 5
275	db9684: 1ffc77d9 = HT32_Exit + 5
276	db96ec: 1fcbcda0 = DoEnableSubfunction + 58
277	db96f8: 1fcbab2f = ResetDC32 + 5fb
278	db970c: 1fcbac04 = ResetDC32 + 6d0
279	db9744: 11ef3c1c = p:eftepm.exe 0004:15388 ; %11ef3c1c M:\OS2\DLL\DOSCALL1.DLL
280	db9758: 11eb1314 = p:exceptq.dll 0001:4884
281	db976c: 1fcc1d8a = InvertCursor + 262
282
283	db9788: 1ffca2ee = _xcptExecuteUserExceptionHandler + 46
284	db978c: 1ffc1b7f = DOS32UNSETEXCEPTIONHANDLER + 3b
285	db9794: 1ffca30d = _xcptExecuteUserExceptionHandler + 65
286	db97a8: 1ffca330 = _xcptR3ExceptionHandler
287	db97c4: 1ffc9f9a = _xcptR3ExceptionDispatcher + 10e
288
289	db97d8: 1fcd87ea = ShowCursor + 5e
290	db97e0: 1fac0613 = m:pmgre.dll 0002:1555
291	db97e8: 1fcc914c = WIN32SHOWCURSOR + 38
292	db97f4: 00071f5d = GView__xGView + 4d
293
294	db9810: 1ffc9e7d = DOS32R3EXCEPTIONDISPATCHER + 165
295	db9974: fff42309 = _PGPageFault + 446
296
297	db9b34: 1e05083f = G_HookData + 83f hookSendMsgHook + 2c
298	db9b54: 1fcda7bb = GetHookToCall + 1e3 PMMERGE
299	db9b64: 1fcfbe02 = WinQueueWndProc + e
300	db9b80: 1fcb2f51 = CallSendMsgHook + 17d
301	db9b84: 1fac0613 = m:pmgre.dll 0002:1555
302	db9b8c: 0007a2c6 = _InitMultipleThread + 46 ; EFTEPM data
303	db9ba0: 1e050cee = G_HookData + cee ; hookInputHook + ee
304	db9bac: 1fac0613 = m:pmgre.dll 0002:1555
305	db9bb4: 1fcda7bb = GetHookToCall + 1e3
306	db9bc0: 1e050cee = G_HookData + cee
307	db9be0: 1fcb2dac = CallInputHook + 174
308	db9be8: 1fcb2dc6 = CallInputHook + 18e PMMERGE
309	db9bf4: 1fcbd4f2 = ReadMessage + 182
310	db9c2c: 1fcb371a = WIN32PEEKMSG + 736
311	db9c48: 00200bff = p:eftepm.exe 0003:1510399
312	db9c4c: 1fcb371a = WIN32PEEKMSG + 736
313	db9ca8: 0007a2c6 = _InitMultipleThread + 46
314	db9cb8: 00074603 = assert99 + c3
315	db9cc0: 0009c004 = p:eftepm.exe 0003:49156
316	db9cd0: 000723af = GView__IsActive + 3
317	db9cd8: 00051467 = GxView__Resize + 1f
318	db9ce8: 0009c004 = p:eftepm.exe 0003:49156
319	db9cf0: 00070a00 = ConGetEvent + 1cc
320	db9d04: 001c9464 = p:eftepm.exe 0003:1283172
321	db9d1c: 0059efe0 = p:eftepm.exe 0003:5304288
322	db9d28: 0007360a = GUI__ProcessEvent + 6e
323	db9d34: 0007368c = GUI__Run + 64
324	db9d48: 000711de = ConGetEvent + 9aa
325	db9d50: 000aacd0 = tools + 14
326	db9d54: 0007a2c6 = _InitMultipleThread + 46
327	db9d64: 0059efe0 = p:eftepm.exe 0003:5304288
328	db9d70: 0009d2f4 = ::min_capacity + 364
329	db9d7c: 00071263 = GViewPeer__GViewPeer + 63
330	db9e88: 11eb1270 = p:exceptq.dll 0001:4720
331	db9e9c: 0009a047 = p:eftepm.exe 0003:41031
332	db9eb4: 000804a6 = calloc + 6
333	db9fe4: 0007107c = ConGetEvent + 848
334	db9ffc: 0059efe0 = p:eftepm.exe 0003:5304288
335	Invalid address type: 402 - %00dba000
336	Scan stopped at dba000 stopaddr dba000
337
338	-- Stack trashed from approx
339
340	%00db99e4 00000053 00000053 70207020 70207020
341
342	-- to
343
344	%00db9afc 70207020 70207020 70207020 00db9bd8
345
346	-- 00db9afc + c - 00db99e4 - 8 = 011cH = 284T
347
348	------------------------------------------------------------------------
349
350	# u %G_HookData + 83f ( in hookSendMsgHook + 2c )
351
352	%1e05083f 83c410 add esp,+10
353	%1e050842 f605e800641a20 test byte ptr [1a6400e8],20 ;' '
354
355	# u %G_HookData + 83f-5
356	%1e05083a e89efeffff call %1e0506dd
357	%1e05083f 83c410 add esp,+10
358
359	#ln %1e0506dd
360	%1e050000 XWPHOOK G_HookData + 6dd
361
362	# u %1e0506dd ProcessMsgsForWinlist
363
364	%1e0506dd 55 push ebp
365	%1e0506de 8bec mov ebp,esp
366	%1e0506e0 83ec20 sub esp,+20 ;' '
367	%1e0506e3 53 push ebx
368	%1e0506e4 83fa01 cmp edx,+01 ; arg2 WM_CREATE
369	%1e0506e7 57 push edi
370	%1e0506e8 894d10 mov dword ptr [ebp+10],ecx
371	%1e0506eb 89550c mov dword ptr [ebp+0c],edx
372	%1e0506ee 894508 mov dword ptr [ebp+08],eax
373	%1e0506f1 7422 jz %1e050715
374	%1e0506f3 83fa02 cmp edx,+02 ; WM_
375	%1e0506f6 741d jz %1e050715
376	%1e0506f8 83fa0d cmp edx,+0d
377	%1e0506fb 7418 jz %1e050715
378	%1e0506fd 83fa55 cmp edx,+55 ;'U'
379	%1e050700 7413 jz %1e050715
380	%1e050702 83fa0a cmp edx,+0a
381	%1e050705 7505 jnz %1e05070c
382	%1e050707 f60101 test byte ptr [ecx],01
383	%1e05070a 7509 jnz %1e050715
384	%1e05070c 83fa47 cmp edx,+47 ;'G'
385	%1e05070f 0f85fc000000 jnz %1e050811 ; goto exit
386
387	%1e050715 8bd8 mov ebx,eax
388	%1e050717 6a05 push +05
389	%1e050719 53 push ebx
390	%1e05071a e8c124c601 call %1fcb2be0 ; PMMERGE WIN32QUERYWINDOW
391	%1e05071f 83c408 add esp,+08
392	%1e050722 3905c40f641a cmp dword ptr [1a640fc4],eax ; hwnd 80000001
393	%1e050728 0f85e3000000 jnz %1e050811
394	%1e05072e 391da40f641a cmp dword ptr [1a640fa4],ebx ; hwnd 8000008a
395	%1e050734 0f84d7000000 jz %1e050811
396
397	%1e05073a 55 push ebp
398	%1e05073b 8d7de0 lea edi,[ebp-20]
399	%1e05073e 57 push edi
400	%1e05073f 6a1e push +1e
401	%1e050741 53 push ebx
402	%1e050742 e8b9fcc501 call %1fcb0400 ; PMMERGE WIN32QUERYCLASSNAME
403	%1e050747 83c410 add esp,+10
404	%1e05074a 8bcf mov ecx,edi
405	%1e05074c 85c0 test eax,eax
406	%1e05074e 0f84bd000000 jz %1e050811 ; fail
407
408	%1e050754 bf4c00061e mov edi,1e06004c ; "#1"
409	%1e050759 8bd1 mov edx,ecx
410	%1e05075b 33c0 xor eax,eax
411	%1e05075d 33db xor ebx,ebx
412	%1e05075f 90 nop
413
414	%1e050760 8a02 mov al,byte ptr [edx]
415	%1e050762 8a1f mov bl,byte ptr [edi]
416	%1e050764 42 inc edx
417	%1e050765 47 inc edi
418	%1e050766 84db test bl,bl
419	%1e050768 7404 jz %1e05076e
420
421	%1e05076a 3ac3 cmp al,bl
422	%1e05076c 74f2 jz %1e050760
423
424	%1e05076e 2bc3 sub eax,ebx
425	%1e050770 0f8457000000 jz %1e0507cd
426
427	%1e050776 bf9c00061e mov edi,1e06009c ; "wpFolder window"
428	%1e05077b 8bd1 mov edx,ecx
429	%1e05077d 33c0 xor eax,eax
430	%1e05077f 33db xor ebx,ebx
431	%1e050781 8a02 mov al,byte ptr [edx]
432	%1e050783 8a1f mov bl,byte ptr [edi]
433	%1e050785 42 inc edx
434	%1e050786 47 inc edi
435	%1e050787 84db test bl,bl
436	%1e050789 7404 jz %1e05078f
437	%1e05078b 3ac3 cmp al,bl
438	%1e05078d 74f2 jz %1e050781
439	%1e05078f 2bc3 sub eax,ebx
440	%1e050791 743a jz %1e0507cd
441	%1e050793 bfac00061e mov edi,1e0600ac
442	%1e050798 8bd1 mov edx,ecx
443	%1e05079a 33c0 xor eax,eax
444	%1e05079c 33db xor ebx,ebx
445	%1e05079e 8bc0 mov eax,eax
446	%1e0507a0 8a02 mov al,byte ptr [edx]
447	%1e0507a2 8a1f mov bl,byte ptr [edi]
448	%1e0507a4 42 inc edx
449	%1e0507a5 47 inc edi
450	%1e0507a6 84db test bl,bl
451	%1e0507a8 7404 jz %1e0507ae
452	%1e0507aa 3ac3 cmp al,bl
453	%1e0507ac 74f2 jz %1e0507a0
454	%1e0507ae 2bc3 sub eax,ebx
455	%1e0507b0 741b jz %1e0507cd
456	%1e0507b2 babc00061e mov edx,1e0600bc
457	%1e0507b7 33c0 xor eax,eax
458	%1e0507b9 33db xor ebx,ebx
459	%1e0507bb 8a01 mov al,byte ptr [ecx]
460	%1e0507bd 8a1a mov bl,byte ptr [edx]
461	%1e0507bf 41 inc ecx
462	%1e0507c0 42 inc edx
463	%1e0507c1 84db test bl,bl
464	%1e0507c3 7404 jz %1e0507c9
465	%1e0507c5 3ac3 cmp al,bl
466	%1e0507c7 74f2 jz %1e0507bb
467	%1e0507c9 2bc3 sub eax,ebx
468	%1e0507cb 7544 jnz %1e050811
469
470	%1e0507cd 837d0c47 cmp dword ptr [ebp+0c],+47 ;'G'
471	%1e0507d1 7522 jnz %1e0507f5
472	%1e0507d3 8b4d10 mov ecx,dword ptr [ebp+10]
473	%1e0507d6 8b5d08 mov ebx,dword ptr [ebp+08]
474	%1e0507d9 51 push ecx
475	%1e0507da 53 push ebx
476	%1e0507db 8b1d1000641a mov ebx,dword ptr [1a640010]
477	%1e0507e1 68ab110000 push 000011ab
478	%1e0507e6 53 push ebx
479	%1e0507e7 e8cc58c601 call %1fcb60b8 ; PMMERGE WIN32POSTMSG
480
481	%1e0507ec 83c410 add esp,+10
482	%1e0507ef 5f pop edi
483	%1e0507f0 5b pop ebx
484	%1e0507f1 8be5 mov esp,ebp
485	%1e0507f3 5d pop ebp
486	%1e0507f4 c3 retd
487
488	%1e0507f5 8b5d0c mov ebx,dword ptr [ebp+0c]
489	%1e0507f8 53 push ebx
490	%1e0507f9 8b5d08 mov ebx,dword ptr [ebp+08]
491	%1e0507fc 53 push ebx
492	%1e0507fd 8b1d1000641a mov ebx,dword ptr [1a640010]
493	%1e050803 68aa110000 push 000011aa
494	%1e050808 53 push ebx
495	%1e050809 e8aa58c601 call %1fcb60b8 ; PMMERGE WIN32POSTMSG
496	%1e05080e 83c410 add esp,+10
497	%1e050811 ebdc jmp %1e0507ef
498	%1e050813 55 push ebp
499	%1e050814 8bec mov ebp,esp
500	%1e050816 83ec30 sub esp,+30 ;'0'
501	%1e050819 53 push ebx
502	%1e05081a 833dac0f641a00 cmp dword ptr [1a640fac],+00
503	%1e050821 57 push edi
504	%1e050822 0f858f000000 jnz %1e0508b7
505
506	%1e050828 8b5d0c mov ebx,dword ptr [ebp+0c]
507	%1e05082b 8b03 mov eax,dword ptr [ebx]
508	%1e05082d 8b4b04 mov ecx,dword ptr [ebx+04]
509	%1e050830 50 push eax
510	%1e050831 8b5308 mov edx,dword ptr [ebx+08]
511	%1e050834 83ec0c sub esp,+0c
512	%1e050837 8b430c mov eax,dword ptr [ebx+0c]
513	%1e05083a e89efeffff call %1e0506dd ; G_HookData + 6dd ProcessMsgsForWinlist
514	%1e05083f 83c410 add esp,+10
515	%1e050842 f605e800641a20 test byte ptr [1a6400e8],20 ;' '
516	%1e050849 0f8468000000 jz %1e0508b7
517	%1e05084f 837b0855 cmp dword ptr [ebx+08],+55 ;'U'
518	%1e050853 7562 jnz %1e0508b7
519	%1e050855 8b4304 mov eax,dword ptr [ebx+04]
520	%1e050858 85c0 test eax,eax
521	%1e05085a 745b jz %1e0508b7
522	%1e05085c f60004 test byte ptr [eax],04
523	%1e05085f 7456 jz %1e0508b7
524	%1e050861 a1a40f641a mov eax,dword ptr [1a640fa4]
525	%1e050866 39430c cmp dword ptr [ebx+0c],eax
526	%1e050869 744c jz %1e0508b7
527	%1e05086b 55 push ebp
528	%1e05086c 50 push eax
529	%1e05086d e8feddc601 call %1fcbe670 ; PMMERGE WIN32ISWINDOWVISIBLE
530	%1e050872 83c408 add esp,+08
531
532	%1e050875 85c0 test eax,eax
533	%1e050877 743e jz %1e0508b7
534
535	%1e050879 6a05 push +05
536	%1e05087b 8b4b0c mov ecx,dword ptr [ebx+0c]
537	%1e05087e 51 push ecx
538	%1e05087f e85c23c601 call %1fcb2be0 ; PMMERGE WIN32QUERYWINDOW
539	%1e050884 83c408 add esp,+08
540	%1e050887 3905c40f641a cmp dword ptr [1a640fc4],eax
541	%1e05088d 7528 jnz %1e0508b7
542
543	%1e05088f 55 push ebp
544	%1e050890 ff05ac0f641a inc dword ptr [1a640fac] ; is 0
545	%1e050896 6a04 push +04
546	%1e050898 8b0da40f641a mov ecx,dword ptr [1a640fa4]
547	%1e05089e 6a00 push +00
548	%1e0508a0 6a00 push +00
549	%1e0508a2 6a00 push +00
550	%1e0508a4 6a00 push +00
551	%1e0508a6 6a03 push +03
552	%1e0508a8 51 push ecx
553	%1e0508a9 e8fe2dc701 call %1fcc36ac ; PMMERGE WIN32SETWINDOWPOS
554	%1e0508ae 83c420 add esp,+20 ;' '
555	%1e0508b1 ff0dac0f641a dec dword ptr [1a640fac]
556	%1e0508b7 8b5d0c mov ebx,dword ptr [ebp+0c]
557	%1e0508ba 837b0855 cmp dword ptr [ebx+08],+55 ;'U'
558	%1e0508be 7546 jnz %1e050906
559	%1e0508c0 833d8c00641a00 cmp dword ptr [1a64008c],+00
560	%1e0508c7 743d jz %1e050906
561	%1e0508c9 833d9000641a00 cmp dword ptr [1a640090],+00
562	%1e0508d0 7434 jz %1e050906
563	%1e0508d2 8b0d3010641a mov ecx,dword ptr [1a641030]
564	%1e0508d8 3b4b0c cmp ecx,dword ptr [ebx+0c]
565	%1e0508db 7529 jnz %1e050906
566	%1e0508dd 8b5b04 mov ebx,dword ptr [ebx+04]
567	%1e0508e0 85db test ebx,ebx
568	%1e0508e2 7422 jz %1e050906
569	%1e0508e4 f60310 test byte ptr [ebx],10
570	%1e0508e7 741d jz %1e050906
571	%1e0508e9 6a00 push +00
572	%1e0508eb 8b1d1000641a mov ebx,dword ptr [1a640010]
573	%1e0508f1 6aff push -01
574	%1e0508f3 6899110000 push 00001199
575	%1e0508f8 53 push ebx
576	%1e0508f9 e8ba57c601 call %1fcb60b8 ; PMMERGE WIN32POSTMSG
577	%1e0508fe 83c410 add esp,+10
578	%1e050901 e915010000 jmp %1e050a1b
579	%1e050906 833d7800641a00 cmp dword ptr [1a640078],+00
580	%1e05090d 0f8408010000 jz %1e050a1b
581	%1e050913 f605d000641a01 test byte ptr [1a6400d0],01
582
583	%1e05091a 0f84fb000000 jz %1e050a1b
584	%1e050920 8b450c mov eax,dword ptr [ebp+0c]
585	%1e050923 83780833 cmp dword ptr [eax+08],+33 ;'3' ; WM_INITMENU
586	%1e050927 751e jnz %1e050947
587	%1e050929 833d1020641a00 cmp dword ptr [1a642010],+00
588	%1e050930 0f85e5000000 jnz %1e050a1b
589	%1e050936 8b00 mov eax,dword ptr [eax]
590	%1e050938 a31020641a mov dword ptr [1a642010],eax
591	%1e05093d e8a00c0000 call %1e0515e2 ; XWPHOOK WMMouseMove_AutoHideMouse ???
592	%1e050942 e9d4000000 jmp %1e050a1b
593
594	%1e050947 83780835 cmp dword ptr [eax+08],+35 ;'5' ; WM_MENUEND
595	%1e05094b 7522 jnz %1e05096f
596
597	------------------------------------------------------------------------
598
599	# ln %1e050813
600	%1e050000 XWPHOOK G_HookData + 813
601
602	# u G_HookData + 813 G_HookData + 83f ; G_HookData + 813 = hookSendMsgHook
603
604	%1e050813 55 push ebp
605	%1e050814 8bec mov ebp,esp
606	%1e050816 83ec30 sub esp,+30 ;'0'
607	%1e050819 53 push ebx
608	%1e05081a 833dac0f641a00 cmp dword ptr [1a640fac],+00 ; is 0, G_HookData.cSuppressWinlistNotify
609	%1e050821 57 push edi
610	%1e050822 0f858f000000 jnz %1e0508b7
611
612	%1e050828 8b5d0c mov ebx,dword ptr [ebp+0c]
613	%1e05082b 8b03 mov eax,dword ptr [ebx]
614	%1e05082d 8b4b04 mov ecx,dword ptr [ebx+04]
615	%1e050830 50 push eax
616	%1e050831 8b5308 mov edx,dword ptr [ebx+08]
617	%1e050834 83ec0c sub esp,+0c
618	%1e050837 8b430c mov eax,dword ptr [ebx+0c]
619	%1e05083a e89efeffff call %1e0506dd ; XWPHOOK G_HookData + 6dd ProcessMsgsForWinlist
620	%1e05083f 83c410 add esp,+10
621
622	%1e050842 f605e800641a20 test byte ptr [1a6400e8],20 ;' ' ; PGRFL_STAYONTOP
623	%1e050849 0f8468000000 jz %1e0508b7
624	%1e05084f 837b0855 cmp dword ptr [ebx+08],+55 ;'U' ; WM_WINDOWPOSCHANGED
625	%1e050853 7562 jnz %1e0508b7
626	%1e050855 8b4304 mov eax,dword ptr [ebx+04] ; mp1
627	%1e050858 85c0 test eax,eax ; 0?
628	%1e05085a 745b jz %1e0508b7
629	%1e05085c f60004 test byte ptr [eax],04
630	%1e05085f 7456 jz %1e0508b7
631	%1e050861 a1a40f641a mov eax,dword ptr [1a640fa4]
632	%1e050866 39430c cmp dword ptr [ebx+0c],eax
633	%1e050869 744c jz %1e0508b7
634	%1e05086b 55 push ebp
635	%1e05086c 50 push eax
636	%1e05086d e8feddc601 call %1fcbe670
637	%1e050872 83c408 add esp,+08
638	%1e050875 85c0 test eax,eax
639	%1e050877 743e jz %1e0508b7
640	%1e050879 6a05 push +05
641	%1e05087b 8b4b0c mov ecx,dword ptr [ebx+0c]
642	%1e05087e 51 push ecx
643	%1e05087f e85c23c601 call %1fcb2be0 ; PMMERGE WIN32QUERYWINDOW
644	%1e050884 83c408 add esp,+08
645	%1e050887 3905c40f641a cmp dword ptr [1a640fc4],eax
646	%1e05088d 7528 jnz %1e0508b7
647	%1e05088f 55 push ebp
648	%1e050890 ff05ac0f641a inc dword ptr [1a640fac] ; ++G_HookData.cSuppressWinlistNotify
649	%1e050896 6a04 push +04
650	%1e050898 8b0da40f641a mov ecx,dword ptr [1a640fa4]
651	%1e05089e 6a00 push +00
652	%1e0508a0 6a00 push +00
653	%1e0508a2 6a00 push +00
654	%1e0508a4 6a00 push +00
655	%1e0508a6 6a03 push +03
656	%1e0508a8 51 push ecx
657	%1e0508a9 e8fe2dc701 call %1fcc36ac
658	%1e0508ae 83c420 add esp,+20 ;' '
659	%1e0508b1 ff0dac0f641a dec dword ptr [1a640fac]
660	%1e0508b7 8b5d0c mov ebx,dword ptr [ebp+0c]
661	%1e0508ba 837b0855 cmp dword ptr [ebx+08],+55 ;'U'
662	%1e0508be 7546 jnz %1e050906
663	%1e0508c0 833d8c00641a00 cmp dword ptr [1a64008c],+00
664	%1e0508c7 743d jz %1e050906
665	%1e0508c9 833d9000641a00 cmp dword ptr [1a640090],+00
666	%1e0508d0 7434 jz %1e050906
667	%1e0508d2 8b0d3010641a mov ecx,dword ptr [1a641030]
668	%1e0508d8 3b4b0c cmp ecx,dword ptr [ebx+0c]
669	%1e0508db 7529 jnz %1e050906
670	%1e0508dd 8b5b04 mov ebx,dword ptr [ebx+04]
671	%1e0508e0 85db test ebx,ebx
672	%1e0508e2 7422 jz %1e050906
673	%1e0508e4 f60310 test byte ptr [ebx],10
674	%1e0508e7 741d jz %1e050906
675	%1e0508e9 6a00 push +00
676	%1e0508eb 8b1d1000641a mov ebx,dword ptr [1a640010]
677	%1e0508f1 6aff push -01
678	%1e0508f3 6899110000 push 00001199
679	%1e0508f8 53 push ebx
680	%1e0508f9 e8ba57c601 call %1fcb60b8
681	%1e0508fe 83c410 add esp,+10
682	%1e050901 e915010000 jmp %1e050a1b
683	%1e050906 833d7800641a00 cmp dword ptr [1a640078],+00
684	%1e05090d 0f8408010000 jz %1e050a1b
685	%1e050913 f605d000641a01 test byte ptr [1a6400d0],01
686	%1e05091a 0f84fb000000 jz %1e050a1b
687	%1e050920 8b450c mov eax,dword ptr [ebp+0c]
688	%1e050923 83780833 cmp dword ptr [eax+08],+33 ;'3'
689	%1e050927 751e jnz %1e050947
690	%1e050929 833d1020641a00 cmp dword ptr [1a642010],+00
691	%1e050930 0f85e5000000 jnz %1e050a1b
692	%1e050936 8b00 mov eax,dword ptr [eax]
693	%1e050938 a31020641a mov dword ptr [1a642010],eax
694	%1e05093d e8a00c0000 call %1e0515e2
695	%1e050942 e9d4000000 jmp %1e050a1b
696	%1e050947 83780835 cmp dword ptr [eax+08],+35 ;'5'
697	%1e05094b 7522 jnz %1e05096f
698	%1e05094d 8b00 mov eax,dword ptr [eax]
699	%1e05094f 39051020641a cmp dword ptr [1a642010],eax
700	%1e050955 0f85c0000000 jnz %1e050a1b
701	%1e05095b c7051020641a00000000 mov dword ptr [1a642010],00000000
702	%1e050965 e8780c0000 call %1e0515e2
703	%1e05096a e9ac000000 jmp %1e050a1b
704	%1e05096f 8bd8 mov ebx,eax
705	%1e050971 837b0855 cmp dword ptr [ebx+08],+55 ;'U'
706	%1e050975 0f85a0000000 jnz %1e050a1b
707	%1e05097b 833d1020641a00 cmp dword ptr [1a642010],+00
708	%1e050982 0f856a000000 jnz %1e0509f2
709	%1e050988 8b4b04 mov ecx,dword ptr [ebx+04]
710	%1e05098b 85c9 test ecx,ecx
711	%1e05098d 0f845f000000 jz %1e0509f2
712	%1e050993 f60108 test byte ptr [ecx],08
713	%1e050996 745a jz %1e0509f2
714	%1e050998 6a05 push +05
715	%1e05099a 8b4b0c mov ecx,dword ptr [ebx+0c]
716	%1e05099d 51 push ecx
717	%1e05099e e83d22c601 call %1fcb2be0
718	%1e0509a3 83c408 add esp,+08
719	%1e0509a6 3905c40f641a cmp dword ptr [1a640fc4],eax
720	%1e0509ac 7544 jnz %1e0509f2
721	%1e0509ae 55 push ebp
722	%1e0509af 8d7dd0 lea edi,[ebp-30]
723	%1e0509b2 57 push edi
724	%1e0509b3 8b4b0c mov ecx,dword ptr [ebx+0c]
725	%1e0509b6 6a1e push +1e
726	%1e0509b8 51 push ecx
727	%1e0509b9 e842fac501 call %1fcb0400
728	%1e0509be 83c410 add esp,+10
729	%1e0509c1 8bd7 mov edx,edi
730	%1e0509c3 85c0 test eax,eax
731	%1e0509c5 742b jz %1e0509f2
732	%1e0509c7 bfc400061e mov edi,1e0600c4
733	%1e0509cc 33c0 xor eax,eax
734	%1e0509ce 33c9 xor ecx,ecx
735	%1e0509d0 8a02 mov al,byte ptr [edx]
736	%1e0509d2 8a0f mov cl,byte ptr [edi]
737	%1e0509d4 42 inc edx
738	%1e0509d5 47 inc edi
739	%1e0509d6 84c9 test cl,cl
740	%1e0509d8 7404 jz %1e0509de
741	%1e0509da 3ac1 cmp al,cl
742	%1e0509dc 74f2 jz %1e0509d0
743	%1e0509de 2bc1 sub eax,ecx
744	%1e0509e0 7510 jnz %1e0509f2
745	%1e0509e2 8b4b0c mov ecx,dword ptr [ebx+0c]
746	%1e0509e5 890d1020641a mov dword ptr [1a642010],ecx
747	%1e0509eb e8f20b0000 call %1e0515e2
748	%1e0509f0 eb29 jmp %1e050a1b
749	%1e0509f2 8b450c mov eax,dword ptr [ebp+0c]
750	%1e0509f5 8b1d1020641a mov ebx,dword ptr [1a642010]
751	%1e0509fb 3b580c cmp ebx,dword ptr [eax+0c]
752	%1e0509fe 751b jnz %1e050a1b
753	%1e050a00 8b4004 mov eax,dword ptr [eax+04]
754	%1e050a03 85c0 test eax,eax
755	%1e050a05 7414 jz %1e050a1b
756	%1e050a07 f60010 test byte ptr [eax],10
757	%1e050a0a 740f jz %1e050a1b
758	%1e050a0c c7051020641a00000000 mov dword ptr [1a642010],00000000
759	%1e050a16 e8c70b0000 call %1e0515e2
760	%1e050a1b 833dd400641a00 cmp dword ptr [1a6400d4],+00
761	%1e050a22 0f84ca000000 jz %1e050af2
762	%1e050a28 8b450c mov eax,dword ptr [ebp+0c]
763	%1e050a2b 83780805 cmp dword ptr [eax+08],+05
764	%1e050a2f 7509 jnz %1e050a3a
765	%1e050a31 668b4004 mov ax,word ptr [eax+04]
766	%1e050a35 6685c0 test ax,ax
767	%1e050a38 7519 jnz %1e050a53
768	%1e050a3a 8b450c mov eax,dword ptr [ebp+0c]
769	%1e050a3d 83780855 cmp dword ptr [eax+08],+55 ;'U'
770	%1e050a41 0f85ab000000 jnz %1e050af2
771	%1e050a47 8b4004 mov eax,dword ptr [eax+04]
772	%1e050a4a f60008 test byte ptr [eax],08
773	%1e050a4d 0f849f000000 jz %1e050af2
774	%1e050a53 8b5d0c mov ebx,dword ptr [ebp+0c]
775	%1e050a56 6aff push -01
776	%1e050a58 55 push ebp
777	%1e050a59 6a05 push +05
778	%1e050a5b 8b4b0c mov ecx,dword ptr [ebx+0c]
779	%1e050a5e 51 push ecx
780	%1e050a5f e87c21c601 call %1fcb2be0
781	%1e050a64 83c40c add esp,+0c
782	%1e050a67 50 push eax
783	%1e050a68 e8ef73c601 call %1fcb7e5c
784	%1e050a6d 83c408 add esp,+08
785	%1e050a70 663d461f cmp ax,1f46
786	%1e050a74 0f8478000000 jz %1e050af2
787	%1e050a7a 6a40 push +40 ;'@'
788	%1e050a7c 8b4b0c mov ecx,dword ptr [ebx+0c]
789	%1e050a7f 51 push ecx
790	%1e050a80 e8fbe9c501 call %1fcaf480
791	%1e050a85 83c408 add esp,+08
792	%1e050a88 85c0 test eax,eax
793	%1e050a8a 7419 jz %1e050aa5
794	%1e050a8c 6a00 push +00
795	%1e050a8e 8b1d1000641a mov ebx,dword ptr [1a640010]
796	%1e050a94 50 push eax
797	%1e050a95 68a6110000 push 000011a6
798	%1e050a9a 53 push ebx
799	%1e050a9b e81856c601 call %1fcb60b8
800	%1e050aa0 83c410 add esp,+10
801	%1e050aa3 eb4d jmp %1e050af2
802	%1e050aa5 f605d800641a01 test byte ptr [1a6400d8],01
803	%1e050aac 7444 jz %1e050af2
804	%1e050aae 6a08 push +08
805	%1e050ab0 8b4b0c mov ecx,dword ptr [ebx+0c]
806	%1e050ab3 51 push ecx
807	%1e050ab4 e8a373c601 call %1fcb7e5c
808	%1e050ab9 83c408 add esp,+08
809	%1e050abc 66a90001 test ax,0100
810	%1e050ac0 7430 jz %1e050af2
811	%1e050ac2 6a05 push +05
812	%1e050ac4 8b4b0c mov ecx,dword ptr [ebx+0c]
813	%1e050ac7 51 push ecx
814	%1e050ac8 e81321c601 call %1fcb2be0
815	%1e050acd 83c408 add esp,+08
816	%1e050ad0 3905c40f641a cmp dword ptr [1a640fc4],eax
817	%1e050ad6 751a jnz %1e050af2
818	%1e050ad8 8b4b0c mov ecx,dword ptr [ebx+0c]
819	%1e050adb 6a00 push +00
820	%1e050add 51 push ecx
821	%1e050ade 8b0d1000641a mov ecx,dword ptr [1a640010]
822	%1e050ae4 68a6110000 push 000011a6
823	%1e050ae9 51 push ecx
824	%1e050aea e8c955c601 call %1fcb60b8
825	%1e050aef 83c410 add esp,+10
826	%1e050af2 f605e900641a20 test byte ptr [1a6400e9],20 ;' '
827	%1e050af9 0f8461010000 jz %1e050c60
828	%1e050aff 833da40f641a00 cmp dword ptr [1a640fa4],+00
829	%1e050b06 0f8454010000 jz %1e050c60
830	%1e050b0c 8b5d0c mov ebx,dword ptr [ebp+0c]
831	%1e050b0f 668b4b04 mov cx,word ptr [ebx+04]
832	%1e050b13 6681f90780 cmp cx,8007
833	%1e050b18 0f8542010000 jnz %1e050c60
834	%1e050b1e 833b00 cmp dword ptr [ebx],+00
835	%1e050b21 0f8439010000 jz %1e050c60
836	%1e050b27 837b0833 cmp dword ptr [ebx+08],+33 ;'3'
837	%1e050b2b 0f85e4000000 jnz %1e050c15
838	%1e050b31 833d1420641a00 cmp dword ptr [1a642014],+00
839	%1e050b38 0f85d7000000 jnz %1e050c15
840	%1e050b3e 6a05 push +05
841	%1e050b40 8b4b0c mov ecx,dword ptr [ebx+0c]
842	%1e050b43 51 push ecx
843	%1e050b44 e89720c601 call %1fcb2be0
844	%1e050b49 83c408 add esp,+08
845	%1e050b4c 3905c40f641a cmp dword ptr [1a640fc4],eax
846	%1e050b52 0f85bd000000 jnz %1e050c15
847	%1e050b58 33c9 xor ecx,ecx
848	%1e050b5a 6a08 push +08
849	%1e050b5c 66894df0 mov word ptr [ebp-10],cx
850	%1e050b60 894df2 mov dword ptr [ebp-0e],ecx
851	%1e050b63 894df6 mov dword ptr [ebp-0a],ecx
852	%1e050b66 894dfa mov dword ptr [ebp-06],ecx
853	%1e050b69 66894dfe mov word ptr [ebp-02],cx
854	%1e050b6d 8b4b0c mov ecx,dword ptr [ebx+0c]
855	%1e050b70 51 push ecx
856	%1e050b71 e86a20c601 call %1fcb2be0
857	%1e050b76 8b0b mov ecx,dword ptr [ebx]
858	%1e050b78 33d2 xor edx,edx
859	%1e050b7a 890d1420641a mov dword ptr [1a642014],ecx
860	%1e050b80 52 push edx
861	%1e050b81 8d4df0 lea ecx,[ebp-10]
862	%1e050b84 8bf8 mov edi,eax
863	%1e050b86 51 push ecx
864	%1e050b87 8955f8 mov dword ptr [ebp-08],edx
865	%1e050b8a 6880010000 push 00000180
866	%1e050b8f 8b0d1420641a mov ecx,dword ptr [1a642014]
867	%1e050b95 66c745f0ffff mov word ptr [ebp-10],ffff
868	%1e050b9b 66c745f20400 mov word ptr [ebp-0e],0004
869	%1e050ba1 51 push ecx
870	%1e050ba2 8955fc mov dword ptr [ebp-04],edx
871	%1e050ba5 668955f4 mov word ptr [ebp-0c],dx
872	%1e050ba9 66c745f6fe7f mov word ptr [ebp-0a],7ffe
873	%1e050baf e8f04fc601 call %1fcb5ba4
874	%1e050bb4 83c418 add esp,+18
875	%1e050bb7 8bc7 mov eax,edi
876	%1e050bb9 66c745f24100 mov word ptr [ebp-0e],0041
877
878	# u G_HookData + c00 G_HookData + cee ( looks like hookInputHook )
879
880	%1e050cb2 55 push ebp
881	%1e050cb3 33c0 xor eax,eax
882	%1e050cb5 8bec mov ebp,esp
883	%1e050cb7 53 push ebx
884	%1e050cb8 57 push edi
885	%1e050cb9 56 push esi
886	%1e050cba 33f6 xor esi,esi
887	%1e050cbc 83ec1c sub esp,+1c
888	%1e050cbf 39450c cmp dword ptr [ebp+0c],eax ; if (pqmsg == NULL)
889	%1e050cc2 8945ec mov dword ptr [ebp-14],eax
890	%1e050cc5 7508 jnz %1e050ccf
891
892	%1e050cc7 83c41c add esp,+1c
893	%1e050cca 5e pop esi
894	%1e050ccb 5f pop edi
895	%1e050ccc 5b pop ebx
896	%1e050ccd 5d pop ebp
897	%1e050cce c3 retd
898
899	%1e050ccf 3905ac0f641a cmp dword ptr [1a640fac],eax ; if (!G_HookData.cSuppressWinlistNotify)
900	%1e050cd5 751a jnz %1e050cf1
901
902	%1e050cd7 8b450c mov eax,dword ptr [ebp+0c]
903	%1e050cda 8b480c mov ecx,dword ptr [eax+0c]
904	%1e050cdd 8b5004 mov edx,dword ptr [eax+04]
905	%1e050ce0 51 push ecx
906	%1e050ce1 8b4808 mov ecx,dword ptr [eax+08]
907	%1e050ce4 83ec0c sub esp,+0c
908	%1e050ce7 8b00 mov eax,dword ptr [eax]
909	%1e050ce9 e8eff9ffff call %1e0506dd ; G_HookData + 6dd, ProcessMsgsForWinlist
910	%1e050cee 83c410 add esp,+10
911	#
912
913	hookInputHook stack frame
914
915	# dd db9ba0 -4
916
917	fp eip hwnd WM_SIZE
918	%00db9b9c 00db9bdc 1e050cee 800003cb 00000007
919	scx scy
920	%00db9bac 1fac0613 1dd2af80 1fcda7bb 00000004
921
922	# ln %1e050cee
923	%1e050000 XWPHOOK G_HookData + cee ( hookInputHook + ee )
924
925	# k db9b9c
926	005b:1e050cee 800003cb 00000007 1fac0613 1dd2af80 [XWPHOOK G_HookData + cee]
927	005b:1fcb2dac 00000001 1fcb2dc6 00000004 1d684a38 [PMMERGE CallInputHook + 174]
928
929	-- Might be SMP serialization defect
930
931	-- Might be GView::~GView defect

Download in other formats:

Original Format