Trust No Program
www.sandboxie.com Forum Index » Official Versions 2.80 through 2.86
This topic is locked: you cannot edit posts or make replies.
tzuk


Joined: 22 Jun 2004
Posts: 15004
Post Posted: Tue May 08, 2007 11:32 pm Reply with quote
Quote:
I haven't a clue what I'm doing with this debugging tool but if you can point me in the right direction I'll give it another go.


If you haven't got a clue, then who typed this g?

Quote:

ntdll!DbgBreakPoint:
77f9193c cc int 3
0:009> g


If it was you, don't do that! Type

~* k 99

_________________
tzuk
View user's profileSend private message
Guest
Post Posted: Wed May 09, 2007 8:20 am Reply with quote
Hi tzuk,

I don't know where that "g" came from: all I did was let WinDbg do its stuff and I merely cut and pasted the results.

Sorry, but your kind advice on what to do arrived after I'd installed and played with WinDbg. I'll now go back and follow your instructions and post the results back.

Again, thanks for your kind help and guidance.

Martin
martinr


Joined: 15 Apr 2007
Posts: 76
Post Posted: Wed May 09, 2007 8:49 am Reply with quote
tzuk wrote:
It will tell us which Windows function it is that OE is trying to invoke.

Since Sandboxie is blocking access to that SCM component, it also has to provide helper functions for dealing with SCM. Because some apps do want to talk to that component.

In this case, it seems OE is trying to talk to SCM through a function for which there is no Sandboxie helper. That's why OE tries to access the blocked 'ntsvcs', and fails.

With the debugger, we'll see which function it is, and I'll 'fake' it too.

* * *

To provide the information, you need to start OE sandboxed so it hangs. Look in Sandboxie Control and note the process ID.

Now invoke Windbg from the command line:

\path\to\windbg -p processID

Then type into the Windbg input box:

~* k 99

And post what you get.





Hi tzuk,

Below is the info you asked for. I sincerely hope I have done as you asked. Apologies if I'm not siupposed to put so much text into a posting but I can't see any way to send attachments - I suppose for understandable reasons:


Microsoft (R) Windows Debugger Version 6.7.0005.0
Copyright (c) Microsoft Corporation. All rights reserved.

*** wait with pending attach
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
ModLoad: 01000000 01010000 C:\Program Files\Outlook Express\msimn.exe
ModLoad: 77f80000 77ffc000 C:\WINNT\system32\ntdll.dll
ModLoad: 7c2d0000 7c335000 C:\WINNT\system32\ADVAPI32.dll
ModLoad: 7c570000 7c624000 C:\WINNT\system32\KERNEL32.dll
ModLoad: 77d30000 77d9f000 C:\WINNT\system32\RPCRT4.dll
ModLoad: 77e10000 77e6f000 C:\WINNT\system32\USER32.dll
ModLoad: 77f40000 77f7c000 C:\WINNT\system32\GDI32.dll
ModLoad: 70a70000 70ad6000 C:\WINNT\system32\SHLWAPI.dll
ModLoad: 78000000 78045000 C:\WINNT\system32\msvcrt.dll
ModLoad: 7d220000 7d247000 \\?\SandboxieHome\SbieDll.dll
ModLoad: 690a0000 690ab000 C:\WINNT\system32\PSAPI.DLL
ModLoad: 007b0000 008d5000 C:\Program Files\Outlook Express\MSOE.DLL
ModLoad: 773e0000 773f5000 C:\WINNT\system32\ATL.DLL
ModLoad: 008e0000 008ff000 C:\WINNT\system32\MSOERT2.dll
ModLoad: 7ce20000 7cf0f000 C:\WINNT\system32\ole32.dll
ModLoad: 779b0000 77a4b000 C:\WINNT\system32\OLEAUT32.dll
ModLoad: 64300000 6433d000 C:\WINNT\system32\MSOEACCT.dll
ModLoad: 5ec00000 5ec95000 C:\WINNT\system32\INETCOMM.dll
ModLoad: 71710000 71794000 C:\WINNT\system32\comctl32.dll
ModLoad: 00d70000 00d82000 C:\WINNT\system32\acctres.dll
ModLoad: 00da0000 00dae000 C:\WINNT\system32\inetres.dll
ModLoad: 01010000 01270000 C:\Program Files\Outlook Express\msoeres.dll
ModLoad: 01270000 013ba000 C:\WINNT\system32\SHDOCVW.DLL
ModLoad: 63000000 63095000 C:\WINNT\system32\WININET.dll
ModLoad: 7c740000 7c7cc000 C:\WINNT\system32\CRYPT32.dll
ModLoad: 77430000 77441000 C:\WINNT\system32\MSASN1.dll
ModLoad: 7cf30000 7d176000 C:\WINNT\system32\shell32.dll
ModLoad: 7c950000 7c9df000 C:\WINNT\system32\CLBCATQ.DLL
ModLoad: 77800000 7780d000 C:\WINNT\system32\msident.dll
ModLoad: 77820000 77827000 C:\WINNT\system32\VERSION.dll
ModLoad: 759b0000 759b6000 C:\WINNT\system32\LZ32.DLL
ModLoad: 01610000 01616000 C:\WINNT\system32\msidntld.dll
ModLoad: 69000000 6900c000 C:\WINNT\system32\PSTOREC.DLL
ModLoad: 01640000 01656000 C:\Program Files\Common Files\System\directdb.dll
ModLoad: 718c0000 71944000 C:\WINNT\system32\shdoclc.dll
ModLoad: 70440000 704cf000 C:\WINNT\system32\mlang.dll
ModLoad: 71500000 715fc000 C:\WINNT\system32\browseui.dll
ModLoad: 35c40000 35cb6000 C:\Program Files\Common Files\System\wab32.dll
ModLoad: 35f40000 35f7f000 C:\Program Files\Common Files\System\wab32res.dll
ModLoad: 77840000 7787e000 C:\WINNT\system32\cscui.dll
ModLoad: 770c0000 770e3000 C:\WINNT\system32\CSCDLL.DLL
ModLoad: 63580000 63820000 C:\WINNT\system32\mshtml.dll
ModLoad: 1a400000 1a47d000 C:\WINNT\system32\URLMON.DLL
ModLoad: 75e60000 75e7a000 C:\WINNT\system32\IMM32.DLL
ModLoad: 75ac0000 75ae8000 C:\WINNT\system32\MSLS31.DLL
ModLoad: 76f90000 77001000 C:\WINNT\system32\jscript.dll
(250.2dc): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=00000000 ecx=00000101 edx=ffffffff esi=00000000 edi=00000000
eip=77f9193c esp=024fffa8 ebp=024fffb4 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000286
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ntdll.dll -
ntdll!DbgBreakPoint:
77f9193c cc int 3
0:009> ~* k 99

0 Id: 250.488 Suspend: 1 Teb: 7ffde000 Unfrozen
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
0006e638 7c59a29c ntdll!NtDelayExecution+0xb
00000000 00000000 KERNEL32!Sleep+0xb

1 Id: 250.3d4 Suspend: 1 Teb: 7ffdd000 Unfrozen
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\RPCRT4.dll -
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
015cffa8 77d37de8 ntdll!NtDelayExecution+0xb
015cffb4 7c57b396 RPCRT4!I_RpcConnectionInqSockBuffSize2+0x18e
015cffec 00000000 KERNEL32!lstrcmpiW+0xb7

2 Id: 250.330 Suspend: 1 Teb: 7ffdc000 Unfrozen
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
0160ff7c 7c59a29c ntdll!NtDelayExecution+0xb
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ole32.dll -
0160ff88 7ce89acc KERNEL32!Sleep+0xb
00000000 00000000 ole32!UpdateDCOMSettings+0xcf5d

3 Id: 250.424 Suspend: 1 Teb: 7ffdb000 Unfrozen
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Outlook Express\MSOE.DLL -
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
0170ff6c 007e8c2f USER32!GetMenuItemRect+0x19
0170ffb4 7c57b396 MSOE!FIsDefaultMailConfiged+0x95cb
0170ffec 00000000 KERNEL32!lstrcmpiW+0xb7

4 Id: 250.544 Suspend: 1 Teb: 7ffda000 Unfrozen
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\System\directdb.dll -
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
017aff74 016439e9 USER32!GetMenuItemRect+0x19
017affb4 7c57b396 directdb!DllGetClassObject+0x1140
017affec 00000000 KERNEL32!lstrcmpiW+0xb7

5 Id: 250.434 Suspend: 1 Teb: 7ffd9000 Unfrozen
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
01c7fde4 77e1e9db ntdll!ZwWaitForMultipleObjects+0xb
01c7fe40 77e1ea28 USER32!MsgWaitForMultipleObjectsEx+0x153
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\shell32.dll -
01c7fe5c 7cf6a903 USER32!MsgWaitForMultipleObjects+0x1d
01c7fe60 00000000 shell32!Ordinal244+0x82c

6 Id: 250.128 Suspend: 1 Teb: 7ffd8000 Unfrozen
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
01ddff74 77d58e4a ntdll!ZwReplyWaitReceivePortEx+0xb
01ddffa8 77d37de8 RPCRT4!TowerConstruct+0xc49f
01ddffb4 7c57b396 RPCRT4!I_RpcConnectionInqSockBuffSize2+0x18e
01ddffec 00000000 KERNEL32!lstrcmpiW+0xb7

7 Id: 250.324 Suspend: 1 Teb: 7ffd7000 Unfrozen
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
01e5ff74 7c59a150 ntdll!ZwWaitForMultipleObjects+0xb
01e5ffb4 7c57b396 KERNEL32!WaitForMultipleObjects+0x17
01e5ffec 00000000 KERNEL32!lstrcmpiW+0xb7

8 Id: 250.320 Suspend: 1 Teb: 7ffd6000 Unfrozen
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
023aff7c 7c57b3e9 ntdll!NtWaitForSingleObject+0xb
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\mshtml.dll -
023aff8c 6377fb6f KERNEL32!WaitForSingleObject+0xf
00000000 00000000 mshtml!com_ms_osp_ospmrshl_releaseByValExternal+0xeeb93

# 9 Id: 250.2dc Suspend: 1 Teb: 7ffd5000 Unfrozen
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
024fffb4 7c57b396 ntdll!DbgBreakPoint
024fffec 00000000 KERNEL32!lstrcmpiW+0xb7
View user's profileSend private message
tzuk


Joined: 22 Jun 2004
Posts: 15004
Post Posted: Wed May 09, 2007 2:15 pm Reply with quote
Thanks. This is what I wanted to see. Unfortunately it doesn't reveal the source of the problem. We see some invocations of 'Sleep', for example:

Quote:
2 Id: 250.330 Suspend: 1 Teb: 7ffdc000 Unfrozen
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
0160ff7c 7c59a29c ntdll!NtDelayExecution+0xb
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ole32.dll -
0160ff88 7ce89acc KERNEL32!Sleep+0xb
00000000 00000000 ole32!UpdateDCOMSettings+0xcf5d


This may imply that the program is resting for a few seconds between attempts to talk to 'ntsvcs'. So let's try another approach.

Instead of '~* k 99', type:

Code:
bp NtCreateFile
g


The g causes OE to keep running until it tries to open a file. So now when you break on NtCreateFile, type k 99.

Do this repeatedly for a while, try to get the 'k 99' command to print something referencing ADVAPI32.DLL. For example:

Code:

0:000> bp ntCreateFile
0:000> g
Breakpoint 1 hit
eax=0012f50c ebx=00000000 ecx=80100080 edx=00200000 esi=7c91043d edi=00000000
eip=7c90d682 esp=0012f470 ebp=0012f504 iopl=0         nv up ei ng nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000282
ntdll!NtCreateFile:
7c90d682 e959039200      jmp     7d22d9e0
0:000> k 99
ChildEBP RetAddr 
0012f46c 7c810916 ntdll!NtCreateFile
0012f504 7d22760f advapi32!SomeFunction+0x35f
View user's profileSend private message
martinr


Joined: 15 Apr 2007
Posts: 76
Post Posted: Wed May 09, 2007 8:16 pm Reply with quote
Code:
So let's try another approach.

Instead of '~* k 99', type:

[code]bp NtCreateFile
g[/code]

The [i]g[/i] causes OE to keep running until it tries to open a file.  So now when you break on [i]NtCreateFile[/i], type [i]k 99[/i].

Do this repeatedly for a while, try to get the 'k 99' command to print something referencing ADVAPI32.DLL. 



Dear tzuk

Operating on the "monkey see, monkey do" principle, I think I have got what you asked for (see below). (I'd be happy if I just understodd 1% of what I was doing with all this debugginhg stuff.)


Microsoft (R) Windows Debugger Version 6.7.0005.0
Copyright (c) Microsoft Corporation. All rights reserved.

*** wait with pending attach
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
ModLoad: 01000000 01010000 C:\Program Files\Outlook Express\msimn.exe
ModLoad: 77f80000 77ffc000 C:\WINNT\system32\ntdll.dll
ModLoad: 7c2d0000 7c335000 C:\WINNT\system32\ADVAPI32.dll
ModLoad: 7c570000 7c624000 C:\WINNT\system32\KERNEL32.dll
ModLoad: 77d30000 77d9f000 C:\WINNT\system32\RPCRT4.dll
ModLoad: 77e10000 77e6f000 C:\WINNT\system32\USER32.dll
ModLoad: 77f40000 77f7c000 C:\WINNT\system32\GDI32.dll
ModLoad: 70a70000 70ad6000 C:\WINNT\system32\SHLWAPI.dll
ModLoad: 78000000 78045000 C:\WINNT\system32\msvcrt.dll
ModLoad: 7d220000 7d247000 \\?\SandboxieHome\SbieDll.dll
ModLoad: 690a0000 690ab000 C:\WINNT\system32\PSAPI.DLL
ModLoad: 007b0000 008d5000 C:\Program Files\Outlook Express\MSOE.DLL
ModLoad: 773e0000 773f5000 C:\WINNT\system32\ATL.DLL
ModLoad: 008e0000 008ff000 C:\WINNT\system32\MSOERT2.dll
ModLoad: 7ce20000 7cf0f000 C:\WINNT\system32\ole32.dll
ModLoad: 779b0000 77a4b000 C:\WINNT\system32\OLEAUT32.dll
ModLoad: 64300000 6433d000 C:\WINNT\system32\MSOEACCT.dll
ModLoad: 5ec00000 5ec95000 C:\WINNT\system32\INETCOMM.dll
ModLoad: 71710000 71794000 C:\WINNT\system32\comctl32.dll
ModLoad: 00d70000 00d82000 C:\WINNT\system32\acctres.dll
ModLoad: 00da0000 00dae000 C:\WINNT\system32\inetres.dll
ModLoad: 01010000 01270000 C:\Program Files\Outlook Express\msoeres.dll
ModLoad: 01270000 013ba000 C:\WINNT\system32\SHDOCVW.DLL
ModLoad: 63000000 63095000 C:\WINNT\system32\WININET.dll
ModLoad: 7c740000 7c7cc000 C:\WINNT\system32\CRYPT32.dll
ModLoad: 77430000 77441000 C:\WINNT\system32\MSASN1.dll
ModLoad: 7cf30000 7d176000 C:\WINNT\system32\shell32.dll
ModLoad: 7c950000 7c9df000 C:\WINNT\system32\CLBCATQ.DLL
ModLoad: 77800000 7780d000 C:\WINNT\system32\msident.dll
ModLoad: 77820000 77827000 C:\WINNT\system32\VERSION.dll
ModLoad: 759b0000 759b6000 C:\WINNT\system32\LZ32.DLL
ModLoad: 01520000 01526000 C:\WINNT\system32\msidntld.dll
ModLoad: 69000000 6900c000 C:\WINNT\system32\PSTOREC.DLL
ModLoad: 01550000 01566000 C:\Program Files\Common Files\System\directdb.dll
ModLoad: 718c0000 71944000 C:\WINNT\system32\shdoclc.dll
ModLoad: 70440000 704cf000 C:\WINNT\system32\mlang.dll
ModLoad: 71500000 715fc000 C:\WINNT\system32\browseui.dll
ModLoad: 77840000 7787e000 C:\WINNT\system32\cscui.dll
ModLoad: 770c0000 770e3000 C:\WINNT\system32\CSCDLL.DLL
ModLoad: 35c40000 35cb6000 C:\Program Files\Common Files\System\wab32.dll
ModLoad: 35f40000 35f7f000 C:\Program Files\Common Files\System\wab32res.dll
ModLoad: 63580000 63820000 C:\WINNT\system32\mshtml.dll
ModLoad: 1a400000 1a47d000 C:\WINNT\system32\URLMON.DLL
ModLoad: 75e60000 75e7a000 C:\WINNT\system32\IMM32.DLL
ModLoad: 75ac0000 75ae8000 C:\WINNT\system32\MSLS31.DLL
ModLoad: 76f90000 77001000 C:\WINNT\system32\jscript.dll
(470.428): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=00000000 ecx=00000101 edx=ffffffff esi=00000000 edi=00000000
eip=77f9193c esp=0240ffa8 ebp=0240ffb4 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000286
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ntdll.dll -
ntdll!DbgBreakPoint:
77f9193c cc int 3
0:009> bp ntcreatefile
0:009> g
Breakpoint 0 hit
eax=0006e2b8 ebx=00000000 ecx=c0100080 edx=02000000 esi=77fcb6ca edi=00000000
eip=77f88278 esp=0006e218 ebp=0006e2b0 iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000282
ntdll!ZwCreateFile:
*** ERROR: Symbol file could not be found. Defaulted to export symbols for \\?\SandboxieHome\SbieDll.dll -
77f88278 e923632a05 jmp SbieDll!SbieDll_GetHandlePath+0x5a0 (7d22e5a0)
0:000> k 99
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
0006e2b0 7d23d580 ntdll!ZwCreateFile
0006e2f0 7d23d964 SbieDll!SbieApi_CallServer+0x30
0006e608 7d23da45 SbieDll!SbieApi_CallServer+0x414
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ADVAPI32.dll -
0006e640 7c2d3617 SbieDll!SbieApi_CallServer+0x4f5
00000000 00000000 ADVAPI32!QueryServiceLockStatusW+0x16b
View user's profileSend private message
tzuk


Joined: 22 Jun 2004
Posts: 15004
Post Posted: Thu May 10, 2007 12:00 am Reply with quote
Quote:
0006e2b0 7d23d580 ntdll!ZwCreateFile
0006e2f0 7d23d964 SbieDll!SbieApi_CallServer+0x30
0006e608 7d23da45 SbieDll!SbieApi_CallServer+0x414
0006e640 7c2d3617 SbieDll!SbieApi_CallServer+0x4f5
00000000 00000000 ADVAPI32!QueryServiceLockStatusW+0x16b


Good, I see you got the idea now. Smile But, this particular instance can't be the problem. We see the program has invoked QueryServiceLockStatusW, which is indeed a system function related to SCM.

But, we can also see that this particular function is already taken care of by Sandboxie -- as execution goes through SbieDll before it reaches the CreateFile function.

Note that you should look at the output from 'k 99' from the bottom line, and going up. In other words: ADVAPI32!QueryServiceLockStatusW was invoked first by the program. That in turn invoked SbieDll!SbieApi_CallServer a few times. Finally, execution goes to ntdll!ZwCreateFile.

Anyway, don't lose help! You just have to keep trying the same thing a bit more, see if you find an instance of 'k 99' output where there is no use of SbieDll between ADVAPI32 and the ZwCreateFile. If it isn't so, all you have to do is type 'g' again (or press F5) to keep OE going until the next time it hits CreateFile.

* * *

I'm sorry you have to go through this. I hope you're having some fun, at least. Smile
View user's profileSend private message
martinr


Joined: 15 Apr 2007
Posts: 76
Post Posted: Thu May 10, 2007 7:38 pm Reply with quote
Well, it's certainly interesting and I thank you for your patience until I provide you with the information you want.

This time I tried to be quicker in setting the debugger off after O.E had started, and I managed to get 2 different outputs as below. I very much hope it's what you want. Unfortunately, because I out of my depth, I can't tell by looking at them whether or not the info is helpful.

FIRST OUTPUT:



Microsoft (R) Windows Debugger Version 6.7.0005.0
Copyright (c) Microsoft Corporation. All rights reserved.

*** wait with pending attach
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
ModLoad: 01000000 01010000 C:\Program Files\Outlook Express\msimn.exe
ModLoad: 77f80000 77ffc000 C:\WINNT\system32\ntdll.dll
ModLoad: 7c2d0000 7c335000 C:\WINNT\system32\ADVAPI32.dll
ModLoad: 7c570000 7c624000 C:\WINNT\system32\KERNEL32.dll
ModLoad: 77d30000 77d9f000 C:\WINNT\system32\RPCRT4.dll
ModLoad: 77e10000 77e6f000 C:\WINNT\system32\USER32.dll
ModLoad: 77f40000 77f7c000 C:\WINNT\system32\GDI32.dll
ModLoad: 70a70000 70ad6000 C:\WINNT\system32\SHLWAPI.dll
ModLoad: 78000000 78045000 C:\WINNT\system32\msvcrt.dll
ModLoad: 7d220000 7d247000 \\?\SandboxieHome\SbieDll.dll
ModLoad: 690a0000 690ab000 C:\WINNT\system32\PSAPI.DLL
ModLoad: 007b0000 008d5000 C:\Program Files\Outlook Express\MSOE.DLL
ModLoad: 773e0000 773f5000 C:\WINNT\system32\ATL.DLL
ModLoad: 008e0000 008ff000 C:\WINNT\system32\MSOERT2.dll
ModLoad: 7ce20000 7cf0f000 C:\WINNT\system32\ole32.dll
ModLoad: 779b0000 77a4b000 C:\WINNT\system32\OLEAUT32.dll
ModLoad: 64300000 6433d000 C:\WINNT\system32\MSOEACCT.dll
ModLoad: 5ec00000 5ec95000 C:\WINNT\system32\INETCOMM.dll
ModLoad: 71710000 71794000 C:\WINNT\system32\comctl32.dll
ModLoad: 00d70000 00d82000 C:\WINNT\system32\acctres.dll
ModLoad: 00da0000 00dae000 C:\WINNT\system32\inetres.dll
ModLoad: 01010000 01270000 C:\Program Files\Outlook Express\msoeres.dll
ModLoad: 01270000 013ba000 C:\WINNT\system32\SHDOCVW.DLL
ModLoad: 63000000 63095000 C:\WINNT\system32\WININET.dll
ModLoad: 7c740000 7c7cc000 C:\WINNT\system32\CRYPT32.dll
ModLoad: 77430000 77441000 C:\WINNT\system32\MSASN1.dll
ModLoad: 7cf30000 7d176000 C:\WINNT\system32\shell32.dll
ModLoad: 7c950000 7c9df000 C:\WINNT\system32\CLBCATQ.DLL
ModLoad: 77800000 7780d000 C:\WINNT\system32\msident.dll
ModLoad: 77820000 77827000 C:\WINNT\system32\VERSION.dll
ModLoad: 759b0000 759b6000 C:\WINNT\system32\LZ32.DLL
ModLoad: 01620000 01626000 C:\WINNT\system32\msidntld.dll
ModLoad: 69000000 6900c000 C:\WINNT\system32\PSTOREC.DLL
ModLoad: 01650000 01666000 C:\Program Files\Common Files\System\directdb.dll
ModLoad: 718c0000 71944000 C:\WINNT\system32\shdoclc.dll
ModLoad: 70440000 704cf000 C:\WINNT\system32\mlang.dll
ModLoad: 71500000 715fc000 C:\WINNT\system32\browseui.dll
ModLoad: 35c40000 35cb6000 C:\Program Files\Common Files\System\wab32.dll
ModLoad: 35f40000 35f7f000 C:\Program Files\Common Files\System\wab32res.dll
ModLoad: 77840000 7787e000 C:\WINNT\system32\cscui.dll
ModLoad: 770c0000 770e3000 C:\WINNT\system32\CSCDLL.DLL
(488.3cc): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=00000000 ecx=00000101 edx=ffffffff esi=00000000 edi=00000000
eip=77f9193c esp=01f6ffa8 ebp=01f6ffb4 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000286
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ntdll.dll -
ntdll!DbgBreakPoint:
77f9193c cc int 3
0:008> bp NtCreateFile
0:008> g
ModLoad: 63580000 63820000 C:\WINNT\system32\mshtml.dll
Breakpoint 0 hit
eax=0006ddf4 ebx=00000000 ecx=80100080 edx=02000000 esi=77fcb6ca edi=00000000
eip=77f88278 esp=0006dd54 ebp=0006ddec iopl=0 nv up ei ng nz na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000282
ntdll!ZwCreateFile:
*** ERROR: Symbol file could not be found. Defaulted to export symbols for \\?\SandboxieHome\SbieDll.dll -
77f88278 e923632a05 jmp SbieDll!SbieDll_GetHandlePath+0x5a0 (7d22e5a0)
0:000> k 99
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be wrong.
0006ddec 7c59037b ntdll!ZwCreateFile
0006e02c 7c590780 KERNEL32!LoadLibraryExA+0x7d
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\VERSION.dll -
0006e0bc 778213f1 KERNEL32!LoadLibraryExW+0x21b
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\SHLWAPI.dll -
0006e10c 70a9c99c VERSION!GetFileVersionInfoSizeW+0x4b
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\mshtml.dll -
0006e220 635ed13d SHLWAPI!Ordinal350+0x1d
0006e45c 635ed59c mshtml!DllEnumClassObjects+0x189
0006e480 635ed5d0 mshtml!DllCanUnloadNow+0x358
0006e4a8 6369ea11 mshtml!DllCanUnloadNow+0x38c
0006e4c0 77f8806c mshtml!com_ms_osp_ospmrshl_releaseByValExternal+0xda35
0006e4e0 77f8568b ntdll!LdrInitializeThunk+0x24
0006e560 77f8d483 ntdll!RtlInitializeCriticalSection+0xd61
0006e7f8 77f85b43 ntdll!LdrQueryImageFileExecutionOptions+0x2865
0006e830 7c590796 ntdll!LdrLoadDll+0x17
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ole32.dll -
0006e8c4 7ce8d95d KERNEL32!LoadLibraryExW+0x231
0006e8e8 7ce8d7a6 ole32!CoInstall+0x1c42
0006e918 7ce8cee6 ole32!CoInstall+0x1a8b
0006eb58 7ce8ed11 ole32!CoInstall+0x11cb
0006eb9c 7ce8eb5a ole32!CoInstall+0x2ff6
0006ebc8 7ce8fea4 ole32!CoInstall+0x2e3f
0006ec38 7cee0fa1 ole32!CoInstall+0x4189
0006ec54 7ce91033 ole32!StgGetIFillLockBytesOnFile+0x822a
0006ec78 7ce90c20 ole32!CoInstall+0x5318
0006ec98 7ce90b76 ole32!CoInstall+0x4f05
0006ecb8 7ce90a85 ole32!CoInstall+0x4e5b
0006ecfc 7ce90a36 ole32!CoInstall+0x4d6a
0006ed24 7cee0fa1 ole32!CoInstall+0x4d1b
0006ed40 7ce9049e ole32!StgGetIFillLockBytesOnFile+0x822a
0006ef8c 7cee0fa1 ole32!CoInstall+0x4783
0006efa8 7ce91d3a ole32!StgGetIFillLockBytesOnFile+0x822a
0006f744 7ce3c2ac ole32!CoInstall+0x601f
0006f76c 7ce3c277 ole32!CoCreateInstanceEx+0x2b
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\INETCOMM.dll -
0006f79c 5ec13ec6 ole32!CoCreateInstance+0x35
0006f7fc 5ec138ad INETCOMM!CreateNNTPTransport+0x2be4
0006f840 5ec137dc INETCOMM!CreateNNTPTransport+0x25cb
0006f898 5ec13728 INETCOMM!CreateNNTPTransport+0x24fa
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Outlook Express\MSOE.DLL -
0006f8c0 007dc7df INETCOMM!CreateNNTPTransport+0x2446
0006f8e0 5ec1368d MSOE!DllGetClassObject+0xe4e7
0006f904 007dc7d0 INETCOMM!CreateNNTPTransport+0x23ab
0006f93c 007dc721 MSOE!DllGetClassObject+0xe4d8
0006f958 007e066c MSOE!DllGetClassObject+0xe429
0006f994 007c5871 MSOE!FIsDefaultMailConfiged+0x1008
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\USER32.dll -
0006f9b4 77e3a454 MSOE+0x15871
0006f9d4 77e14750 USER32!SetWindowPlacement+0x4e
0006f9f0 77e1cf77 USER32!TranslateMessageEx+0x750
0006fa20 77f91baf USER32!SetScrollPos+0xb82
0006fb68 77e1cfba ntdll!KiUserCallbackDispatcher+0x13
0006fba4 7d230aa2 USER32!CreateWindowExA+0x2e
0006fbe8 007e052a SbieDll!SbieDll_GetHandlePath+0x2aa2
0006fc64 007c9ebd MSOE!FIsDefaultMailConfiged+0xec6
0006fc7c 007c9cfd MSOE+0x19ebd
0006fc9c 77e3a454 MSOE+0x19cfd
0006fcbc 77e14605 USER32!SetWindowPlacement+0x4e
0006fd48 77e1a7f2 USER32!TranslateMessageEx+0x605
0006fdb0 007ecb70 USER32!DispatchMessageW+0xb
*** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\Outlook Express\msimn.exe
0006ff60 010020f7 MSOE!CoStartOutlookExpress+0x22
0006ffc0 7c5989a5 msimn+0x20f7
0006fff0 00000000 KERNEL32!ProcessIdToSessionId+0x17d



********************************************************************
SECOND OUTPUT:





Microsoft (R) Windows Debugger Version 6.7.0005.0
Copyright (c) Microsoft Corporation. All rights reserved.

*** wait with pending attach
Symbol search path is: *** Invalid ***
****************************************************************************
* Symbol loading may be unreliable without a symbol search path. *
* Use .symfix to have the debugger choose a symbol path. *
* After setting your symbol path, use .reload to refresh symbol locations. *
****************************************************************************
Executable search path is:
ModLoad: 01000000 01010000 C:\Program Files\Outlook Express\msimn.exe
ModLoad: 77f80000 77ffc000 C:\WINNT\system32\ntdll.dll
ModLoad: 7c2d0000 7c335000 C:\WINNT\system32\ADVAPI32.dll
ModLoad: 7c570000 7c624000 C:\WINNT\system32\KERNEL32.dll
ModLoad: 77d30000 77d9f000 C:\WINNT\system32\RPCRT4.dll
ModLoad: 77e10000 77e6f000 C:\WINNT\system32\USER32.dll
ModLoad: 77f40000 77f7c000 C:\WINNT\system32\GDI32.dll
ModLoad: 70a70000 70ad6000 C:\WINNT\system32\SHLWAPI.dll
ModLoad: 78000000 78045000 C:\WINNT\system32\msvcrt.dll
ModLoad: 7d220000 7d247000 \\?\SandboxieHome\SbieDll.dll
ModLoad: 690a0000 690ab000 C:\WINNT\system32\PSAPI.DLL
ModLoad: 007b0000 008d5000 C:\Program Files\Outlook Express\MSOE.DLL
ModLoad: 773e0000 773f5000 C:\WINNT\system32\ATL.DLL
ModLoad: 008e0000 008ff000 C:\WINNT\system32\MSOERT2.dll
ModLoad: 7ce20000 7cf0f000 C:\WINNT\system32\ole32.dll
ModLoad: 779b0000 77a4b000 C:\WINNT\system32\OLEAUT32.dll
ModLoad: 64300000 6433d000 C:\WINNT\system32\MSOEACCT.dll
ModLoad: 5ec00000 5ec95000 C:\WINNT\system32\INETCOMM.dll
ModLoad: 71710000 71794000 C:\WINNT\system32\comctl32.dll
ModLoad: 00d70000 00d82000 C:\WINNT\system32\acctres.dll
ModLoad: 00da0000 00dae000 C:\WINNT\system32\inetres.dll
ModLoad: 01010000 01270000 C:\Program Files\Outlook Express\msoeres.dll
ModLoad: 01270000 013ba000 C:\WINNT\system32\SHDOCVW.DLL
ModLoad: 63000000 63095000 C:\WINNT\system32\WININET.dll
ModLoad: 7c740000 7c7cc000 C:\WINNT\system32\CRYPT32.dll
ModLoad: 77430000 77441000 C:\WINNT\system32\MSASN1.dll
ModLoad: 7cf30000 7d176000 C:\WINNT\system32\shell32.dll
ModLoad: 7c950000 7c9df000 C:\WINNT\system32\CLBCATQ.DLL
ModLoad: 77800000 7780d000 C:\WINNT\system32\msident.dll
ModLoad: 77820000 77827000 C:\WINNT\system32\VERSION.dll
ModLoad: 759b0000 759b6000 C:\WINNT\system32\LZ32.DLL
ModLoad: 01620000 01626000 C:\WINNT\system32\msidntld.dll
ModLoad: 69000000 6900c000 C:\WINNT\system32\PSTOREC.DLL
ModLoad: 01650000 01666000 C:\Program Files\Common Files\System\directdb.dll
ModLoad: 718c0000 71944000 C:\WINNT\system32\shdoclc.dll
ModLoad: 70440000 704cf000 C:\WINNT\system32\mlang.dll
ModLoad: 71500000 715fc000 C:\WINNT\system32\browseui.dll
ModLoad: 35c40000 35cb6000 C:\Program Files\Common Files\System\wab32.dll
ModLoad: 35f40000 35f7f000 C:\Program Files\Common Files\System\wab32res.dll
ModLoad: 77840000 7787e000 C:\WINNT\system32\cscui.dll
ModLoad: 770c0000 770e3000 C:\WINNT\system32\CSCDLL.DLL
ModLoad: 63580000 63820000 C:\WINNT\system32\mshtml.dll
ModLoad: 1a400000 1a47d000 C:\WINNT\system32\URLMON.DLL
ModLoad: 75e60000 75e7a000 C:\WINNT\system32\IMM32.DLL
ModLoad: 75ac0000 75ae8000 C:\WINNT\system32\MSLS31.DLL
ModLoad: 76f90000 77001000 C:\WINNT\system32\jscript.dll
(484.3cc): Break instruction exception - code 80000003 (first chance)
eax=00000000 ebx=00000000 ecx=00000101 edx=ffffffff esi=00000000 edi=00000000
eip=77f9193c esp=024fffa8 ebp=024fffb4 iopl=0 nv up ei ng nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000286
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ntdll.dll -
ntdll!DbgBreakPoint:
77f9193c cc int 3
0:009> Microsoft (R) Windows Debugger Version 6.7.0005.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Outlook Express\MSOE.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\MSOERT2.dll -
*** ERROR: Module load completed but symbols could not be loaded for C:\WINNT\system32\acctres.dll
*** ERROR: Module load completed but symbols could not be loaded for C:\WINNT\system32\inetres.dll
*** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\Outlook Express\msimn.exe
*** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\Outlook Express\msoeres.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\SHDOCVW.DLL -
*** ERROR: Module load completed but symbols could not be loaded for C:\WINNT\system32\msidntld.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\System\directdb.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\URLMON.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Common Files\System\wab32.dll -
*** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\Common Files\System\wab32res.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\INETCOMM.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\WININET.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\mshtml.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\MSOEACCT.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\PSTOREC.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\PSAPI.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\mlang.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\SHLWAPI.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\browseui.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\comctl32.dll -
*** ERROR: Module load completed but symbols could not be loaded for C:\WINNT\system32\shdoclc.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\LZ32.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\MSLS31.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\IMM32.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\jscript.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\CSCDLL.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ATL.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\MSASN1.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\msident.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\VERSION.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\cscui.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\OLEAUT32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\RPCRT4.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\USER32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\GDI32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\msvcrt.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ADVAPI32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\CRYPT32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\CLBCATQ.DLL -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ole32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\shell32.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for \\?\SandboxieHome\SbieDll.dll -
Couldn't resolve error at 'icrosoft (R) Windows Debugger Version 6.7.0005.0'
0:009> Copyright (c) Microsoft Corporation. All rights reserved.
Couldn't resolve error at 'opyright (c) Microsoft Corporation. All rights reserved.'
0:009> *** wait with pending attach
0:009> Symbol search path is: *** Invalid ***
Couldn't resolve error at 'ymbol search path is: *** Invalid ***'
0:009> ****************************************************************************
0:009> * Symbol loading may be unreliable without a symbol search path. *
0:009> * Use .symfix to have the debugger choose a symbol path. *
0:009> * After setting your symbol path, use .reload to refresh symbol locations. *
0:009> ****************************************************************************
0:009> Executable search path is:
Couldn't resolve error at 'xecutable search path is: '
0:009> ModLoad: 01000000 01010000 C:\Program Files\Outlook Express\msimn.exe
Couldn't resolve error at 'odLoad: 01000000 01010000 C:\Program Files\Outlook Express\msimn.exe'
0:009> ModLoad: 77f80000 77ffc000 C:\WINNT\system32\ntdll.dll
Couldn't resolve error at 'odLoad: 77f80000 77ffc000 C:\WINNT\system32\ntdll.dll'
0:009> ModLoad: 7c2d0000 7c335000 C:\WINNT\system32\ADVAPI32.dll
Couldn't resolve error at 'odLoad: 7c2d0000 7c335000 C:\WINNT\system32\ADVAPI32.dll'
0:009> ModLoad: 7c570000 7c624000 C:\WINNT\system32\KERNEL32.dll
Couldn't resolve error at 'odLoad: 7c570000 7c624000 C:\WINNT\system32\KERNEL32.dll'
0:009> ModLoad: 77d30000 77d9f000 C:\WINNT\system32\RPCRT4.dll
Couldn't resolve error at 'odLoad: 77d30000 77d9f000 C:\WINNT\system32\RPCRT4.dll'
0:009> ModLoad: 77e10000 77e6f000 C:\WINNT\system32\USER32.dll
Couldn't resolve error at 'odLoad: 77e10000 77e6f000 C:\WINNT\system32\USER32.dll'
0:009> ModLoad: 77f40000 77f7c000 C:\WINNT\system32\GDI32.dll
Couldn't resolve error at 'odLoad: 77f40000 77f7c000 C:\WINNT\system32\GDI32.dll'
0:009> ModLoad: 70a70000 70ad6000 C:\WINNT\system32\SHLWAPI.dll
Couldn't resolve error at 'odLoad: 70a70000 70ad6000 C:\WINNT\system32\SHLWAPI.dll'
0:009> ModLoad: 78000000 78045000 C:\WINNT\system32\msvcrt.dll
Couldn't resolve error at 'odLoad: 78000000 78045000 C:\WINNT\system32\msvcrt.dll'
0:009> ModLoad: 7d220000 7d247000 \\?\SandboxieHome\SbieDll.dll
Couldn't resolve error at 'odLoad: 7d220000 7d247000 \\?\SandboxieHome\SbieDll.dll'
0:009> ModLoad: 690a0000 690ab000 C:\WINNT\system32\PSAPI.DLL
Couldn't resolve error at 'odLoad: 690a0000 690ab000 C:\WINNT\system32\PSAPI.DLL'
0:009> ModLoad: 007b0000 008d5000 C:\Program Files\Outlook Express\MSOE.DLL
Couldn't resolve error at 'odLoad: 007b0000 008d5000 C:\Program Files\Outlook Express\MSOE.DLL'
0:009> ModLoad: 773e0000 773f5000 C:\WINNT\system32\ATL.DLL
Couldn't resolve error at 'odLoad: 773e0000 773f5000 C:\WINNT\system32\ATL.DLL'
0:009> ModLoad: 008e0000 008ff000 C:\WINNT\system32\MSOERT2.dll
Couldn't resolve error at 'odLoad: 008e0000 008ff000 C:\WINNT\system32\MSOERT2.dll'
0:009> ModLoad: 7ce20000 7cf0f000 C:\WINNT\system32\ole32.dll
Couldn't resolve error at 'odLoad: 7ce20000 7cf0f000 C:\WINNT\system32\ole32.dll'
0:009> ModLoad: 779b0000 77a4b000 C:\WINNT\system32\OLEAUT32.dll
Couldn't resolve error at 'odLoad: 779b0000 77a4b000 C:\WINNT\system32\OLEAUT32.dll'
0:009> ModLoad: 64300000 6433d000 C:\WINNT\system32\MSOEACCT.dll
Couldn't resolve error at 'odLoad: 64300000 6433d000 C:\WINNT\system32\MSOEACCT.dll'
0:009> ModLoad: 5ec00000 5ec95000 C:\WINNT\system32\INETCOMM.dll
Couldn't resolve error at 'odLoad: 5ec00000 5ec95000 C:\WINNT\system32\INETCOMM.dll'
0:009> ModLoad: 71710000 71794000 C:\WINNT\system32\comctl32.dll
Couldn't resolve error at 'odLoad: 71710000 71794000 C:\WINNT\system32\comctl32.dll'
0:009> ModLoad: 00d70000 00d82000 C:\WINNT\system32\acctres.dll
Couldn't resolve error at 'odLoad: 00d70000 00d82000 C:\WINNT\system32\acctres.dll'
0:009> ModLoad: 00da0000 00dae000 C:\WINNT\system32\inetres.dll
Couldn't resolve error at 'odLoad: 00da0000 00dae000 C:\WINNT\system32\inetres.dll'
0:009> ModLoad: 01010000 01270000 C:\Program Files\Outlook Express\msoeres.dll
Couldn't resolve error at 'odLoad: 01010000 01270000 C:\Program Files\Outlook Express\msoeres.dll'
0:009> ModLoad: 01270000 013ba000 C:\WINNT\system32\SHDOCVW.DLL
Couldn't resolve error at 'odLoad: 01270000 013ba000 C:\WINNT\system32\SHDOCVW.DLL'
0:009> ModLoad: 63000000 63095000 C:\WINNT\system32\WININET.dll
Couldn't resolve error at 'odLoad: 63000000 63095000 C:\WINNT\system32\WININET.dll'
0:009> ModLoad: 7c740000 7c7cc000 C:\WINNT\system32\CRYPT32.dll
Couldn't resolve error at 'odLoad: 7c740000 7c7cc000 C:\WINNT\system32\CRYPT32.dll'
0:009> ModLoad: 77430000 77441000 C:\WINNT\system32\MSASN1.dll
Couldn't resolve error at 'odLoad: 77430000 77441000 C:\WINNT\system32\MSASN1.dll'
0:009> ModLoad: 7cf30000 7d176000 C:\WINNT\system32\shell32.dll
Couldn't resolve error at 'odLoad: 7cf30000 7d176000 C:\WINNT\system32\shell32.dll'
0:009> ModLoad: 7c950000 7c9df000 C:\WINNT\system32\CLBCATQ.DLL
Couldn't resolve error at 'odLoad: 7c950000 7c9df000 C:\WINNT\system32\CLBCATQ.DLL'
0:009> ModLoad: 77800000 7780d000 C:\WINNT\system32\msident.dll
Couldn't resolve error at 'odLoad: 77800000 7780d000 C:\WINNT\system32\msident.dll'
0:009> ModLoad: 77820000 77827000 C:\WINNT\system32\VERSION.dll
Couldn't resolve error at 'odLoad: 77820000 77827000 C:\WINNT\system32\VERSION.dll'
0:009> ModLoad: 759b0000 759b6000 C:\WINNT\system32\LZ32.DLL
Couldn't resolve error at 'odLoad: 759b0000 759b6000 C:\WINNT\system32\LZ32.DLL'
0:009> ModLoad: 01620000 01626000 C:\WINNT\system32\msidntld.dll
Couldn't resolve error at 'odLoad: 01620000 01626000 C:\WINNT\system32\msidntld.dll'
0:009> ModLoad: 69000000 6900c000 C:\WINNT\system32\PSTOREC.DLL
Couldn't resolve error at 'odLoad: 69000000 6900c000 C:\WINNT\system32\PSTOREC.DLL'
0:009> ModLoad: 01650000 01666000 C:\Program Files\Common Files\System\directdb.dll
Couldn't resolve error at 'odLoad: 01650000 01666000 C:\Program Files\Common Files\System\directdb.dll'
0:009> ModLoad: 718c0000 71944000 C:\WINNT\system32\shdoclc.dll
Couldn't resolve error at 'odLoad: 718c0000 71944000 C:\WINNT\system32\shdoclc.dll'
0:009> ModLoad: 70440000 704cf000 C:\WINNT\system32\mlang.dll
Couldn't resolve error at 'odLoad: 70440000 704cf000 C:\WINNT\system32\mlang.dll'
0:009> ModLoad: 71500000 715fc000 C:\WINNT\system32\browseui.dll
Couldn't resolve error at 'odLoad: 71500000 715fc000 C:\WINNT\system32\browseui.dll'
0:009> ModLoad: 35c40000 35cb6000 C:\Program Files\Common Files\System\wab32.dll
Couldn't resolve error at 'odLoad: 35c40000 35cb6000 C:\Program Files\Common Files\System\wab32.dll'
0:009> ModLoad: 35f40000 35f7f000 C:\Program Files\Common Files\System\wab32res.dll
Couldn't resolve error at 'odLoad: 35f40000 35f7f000 C:\Program Files\Common Files\System\wab32res.dll'
0:009> ModLoad: 77840000 7787e000 C:\WINNT\system32\cscui.dll
Couldn't resolve error at 'odLoad: 77840000 7787e000 C:\WINNT\system32\cscui.dll'
0:009> ModLoad: 770c0000 770e3000 C:\WINNT\system32\CSCDLL.DLL
Couldn't resolve error at 'odLoad: 770c0000 770e3000 C:\WINNT\system32\CSCDLL.DLL'
0:009> (488.3cc): Break instruction exception - code 80000003 (first chance)
^ Syntax error in '(488.3cc): Break instruction exception - code 80000003 (first chance)'
0:009> eax=00000000 ebx=00000000 ecx=00000101 edx=ffffffff esi=00000000 edi=00000000
Couldn't resolve error at 'x=00000000 ebx=00000000 ecx=00000101 edx=ffffffff esi=00000000 edi=00000000'
0:009> eip=77f9193c esp=01f6ffa8 ebp=01f6ffb4 iopl=0 nv up ei ng nz na pe nc
^ Quotes required in 'eip=77f9193c esp=01f6ffa8 ebp=01f6ffb4 iopl=0 nv up ei ng nz na pe nc'
0:009> cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000286
Couldn't resolve error at 's=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000286'
0:009> *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ntdll.dll -
0:009> ntdll!DbgBreakPoint:
^ Syntax error in 'ntdll!DbgBreakPoint:'
0:009> 77f9193c cc int 3
^ Syntax error in '77f9193c cc int 3'
0:009> 0:008> bp NtCreateFile
^ Syntax error in '0:008> bp NtCreateFile'
0:009> 0:008> g
^ Syntax error in '0:008> g'
0:009> ModLoad: 63580000 63820000 C:\WINNT\system32\mshtml.dll
Couldn't resolve error at 'odLoad: 63580000 63820000 C:\WINNT\system32\mshtml.dll'
0:009> Breakpoint 0 hit
^ Syntax error in 'Breakpoint 0 hit'
0:009> eax=0006ddf4 ebx=00000000 ecx=80100080 edx=02000000 esi=77fcb6ca edi=00000000
Couldn't resolve error at 'x=0006ddf4 ebx=00000000 ecx=80100080 edx=02000000 esi=77fcb6ca edi=00000000'
0:009> eip=77f88278 esp=0006dd54 ebp=0006ddec iopl=0 nv up ei ng nz na po nc
^ Quotes required in 'eip=77f88278 esp=0006dd54 ebp=0006ddec iopl=0 nv up ei ng nz na po nc'
0:009> cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000282
Couldn't resolve error at 's=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000282'
0:009> ntdll!ZwCreateFile:
^ Syntax error in 'ntdll!ZwCreateFile:'
0:009> *** ERROR: Symbol file could not be found. Defaulted to export symbols for \\?\SandboxieHome\SbieDll.dll -
0:009> 77f88278 e923632a05 jmp SbieDll!SbieDll_GetHandlePath+0x5a0 (7d22e5a0)
^ Syntax error in '77f88278 e923632a05 jmp SbieDll!SbieDll_GetHandlePath+0x5a0 (7d22e5a0)'
0:009> 0:000> k 99
^ Syntax error in '0:000> k 99'
0:009> ChildEBP RetAddr
Couldn't resolve error at 'hildEBP RetAddr '
0:009> WARNING: Stack unwind information not available. Following frames may be wrong.
^ Syntax error in 'WARNING: Stack unwind information not available. Following frames may be wrong.'
0:009> 0006ddec 7c59037b ntdll!ZwCreateFile
^ Syntax error in '0006ddec 7c59037b ntdll!ZwCreateFile'
0:009> 0006e02c 7c590780 KERNEL32!LoadLibraryExA+0x7d
^ Syntax error in '0006e02c 7c590780 KERNEL32!LoadLibraryExA+0x7d'
0:009> *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\VERSION.dll -
0:009> 0006e0bc 778213f1 KERNEL32!LoadLibraryExW+0x21b
^ Syntax error in '0006e0bc 778213f1 KERNEL32!LoadLibraryExW+0x21b'
0:009> *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\SHLWAPI.dll -
0:009> 0006e10c 70a9c99c VERSION!GetFileVersionInfoSizeW+0x4b
^ Syntax error in '0006e10c 70a9c99c VERSION!GetFileVersionInfoSizeW+0x4b'
0:009> *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\mshtml.dll -
0:009> 0006e220 635ed13d SHLWAPI!Ordinal350+0x1d
^ Syntax error in '0006e220 635ed13d SHLWAPI!Ordinal350+0x1d'
0:009> 0006e45c 635ed59c mshtml!DllEnumClassObjects+0x189
^ Syntax error in '0006e45c 635ed59c mshtml!DllEnumClassObjects+0x189'
0:009> 0006e480 635ed5d0 mshtml!DllCanUnloadNow+0x358
^ Syntax error in '0006e480 635ed5d0 mshtml!DllCanUnloadNow+0x358'
0:009> 0006e4a8 6369ea11 mshtml!DllCanUnloadNow+0x38c
^ Syntax error in '0006e4a8 6369ea11 mshtml!DllCanUnloadNow+0x38c'
0:009> 0006e4c0 77f8806c mshtml!com_ms_osp_ospmrshl_releaseByValExternal+0xda35
^ Syntax error in '0006e4c0 77f8806c mshtml!com_ms_osp_ospmrshl_releaseByValExternal+0xda35'
0:009> 0006e4e0 77f8568b ntdll!LdrInitializeThunk+0x24
^ Syntax error in '0006e4e0 77f8568b ntdll!LdrInitializeThunk+0x24'
0:009> 0006e560 77f8d483 ntdll!RtlInitializeCriticalSection+0xd61
^ Syntax error in '0006e560 77f8d483 ntdll!RtlInitializeCriticalSection+0xd61'
0:009> 0006e7f8 77f85b43 ntdll!LdrQueryImageFileExecutionOptions+0x2865
^ Syntax error in '0006e7f8 77f85b43 ntdll!LdrQueryImageFileExecutionOptions+0x2865'
0:009> 0006e830 7c590796 ntdll!LdrLoadDll+0x17
^ Syntax error in '0006e830 7c590796 ntdll!LdrLoadDll+0x17'
0:009> *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\ole32.dll -
0:009> 0006e8c4 7ce8d95d KERNEL32!LoadLibraryExW+0x231
^ Syntax error in '0006e8c4 7ce8d95d KERNEL32!LoadLibraryExW+0x231'
0:009> 0006e8e8 7ce8d7a6 ole32!CoInstall+0x1c42
^ Syntax error in '0006e8e8 7ce8d7a6 ole32!CoInstall+0x1c42'
0:009> 0006e918 7ce8cee6 ole32!CoInstall+0x1a8b
^ Syntax error in '0006e918 7ce8cee6 ole32!CoInstall+0x1a8b'
0:009> 0006eb58 7ce8ed11 ole32!CoInstall+0x11cb
^ Syntax error in '0006eb58 7ce8ed11 ole32!CoInstall+0x11cb'
0:009> 0006eb9c 7ce8eb5a ole32!CoInstall+0x2ff6
^ Syntax error in '0006eb9c 7ce8eb5a ole32!CoInstall+0x2ff6'
0:009> 0006ebc8 7ce8fea4 ole32!CoInstall+0x2e3f
^ Syntax error in '0006ebc8 7ce8fea4 ole32!CoInstall+0x2e3f'
0:009> 0006ec38 7cee0fa1 ole32!CoInstall+0x4189
^ Syntax error in '0006ec38 7cee0fa1 ole32!CoInstall+0x4189'
0:009> 0006ec54 7ce91033 ole32!StgGetIFillLockBytesOnFile+0x822a
^ Syntax error in '0006ec54 7ce91033 ole32!StgGetIFillLockBytesOnFile+0x822a'
0:009> 0006ec78 7ce90c20 ole32!CoInstall+0x5318
^ Syntax error in '0006ec78 7ce90c20 ole32!CoInstall+0x5318'
0:009> 0006ec98 7ce90b76 ole32!CoInstall+0x4f05
^ Syntax error in '0006ec98 7ce90b76 ole32!CoInstall+0x4f05'
0:009> 0006ecb8 7ce90a85 ole32!CoInstall+0x4e5b
^ Syntax error in '0006ecb8 7ce90a85 ole32!CoInstall+0x4e5b'
0:009> 0006ecfc 7ce90a36 ole32!CoInstall+0x4d6a
^ Syntax error in '0006ecfc 7ce90a36 ole32!CoInstall+0x4d6a'
0:009> 0006ed24 7cee0fa1 ole32!CoInstall+0x4d1b
^ Syntax error in '0006ed24 7cee0fa1 ole32!CoInstall+0x4d1b'
0:009> 0006ed40 7ce9049e ole32!StgGetIFillLockBytesOnFile+0x822a
^ Syntax error in '0006ed40 7ce9049e ole32!StgGetIFillLockBytesOnFile+0x822a'
0:009> 0006ef8c 7cee0fa1 ole32!CoInstall+0x4783
^ Syntax error in '0006ef8c 7cee0fa1 ole32!CoInstall+0x4783'
0:009> 0006efa8 7ce91d3a ole32!StgGetIFillLockBytesOnFile+0x822a
^ Syntax error in '0006efa8 7ce91d3a ole32!StgGetIFillLockBytesOnFile+0x822a'
0:009> 0006f744 7ce3c2ac ole32!CoInstall+0x601f
^ Syntax error in '0006f744 7ce3c2ac ole32!CoInstall+0x601f'
0:009> 0006f76c 7ce3c277 ole32!CoCreateInstanceEx+0x2b
^ Syntax error in '0006f76c 7ce3c277 ole32!CoCreateInstanceEx+0x2b'
0:009> *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\INETCOMM.dll -
0:009> 0006f79c 5ec13ec6 ole32!CoCreateInstance+0x35
^ Syntax error in '0006f79c 5ec13ec6 ole32!CoCreateInstance+0x35'
0:009> 0006f7fc 5ec138ad INETCOMM!CreateNNTPTransport+0x2be4
^ Syntax error in '0006f7fc 5ec138ad INETCOMM!CreateNNTPTransport+0x2be4'
0:009> 0006f840 5ec137dc INETCOMM!CreateNNTPTransport+0x25cb
^ Syntax error in '0006f840 5ec137dc INETCOMM!CreateNNTPTransport+0x25cb'
0:009> 0006f898 5ec13728 INETCOMM!CreateNNTPTransport+0x24fa
^ Syntax error in '0006f898 5ec13728 INETCOMM!CreateNNTPTransport+0x24fa'
0:009> *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Outlook Express\MSOE.DLL -
0:009> 0006f8c0 007dc7df INETCOMM!CreateNNTPTransport+0x2446
^ Syntax error in '0006f8c0 007dc7df INETCOMM!CreateNNTPTransport+0x2446'
0:009> 0006f8e0 5ec1368d MSOE!DllGetClassObject+0xe4e7
^ Syntax error in '0006f8e0 5ec1368d MSOE!DllGetClassObject+0xe4e7'
0:009> 0006f904 007dc7d0 INETCOMM!CreateNNTPTransport+0x23ab
^ Syntax error in '0006f904 007dc7d0 INETCOMM!CreateNNTPTransport+0x23ab'
0:009> 0006f93c 007dc721 MSOE!DllGetClassObject+0xe4d8
^ Syntax error in '0006f93c 007dc721 MSOE!DllGetClassObject+0xe4d8'
0:009> 0006f958 007e066c MSOE!DllGetClassObject+0xe429
^ Syntax error in '0006f958 007e066c MSOE!DllGetClassObject+0xe429'
0:009> 0006f994 007c5871 MSOE!FIsDefaultMailConfiged+0x1008
^ Syntax error in '0006f994 007c5871 MSOE!FIsDefaultMailConfiged+0x1008'
0:009> *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\WINNT\system32\USER32.dll -
0:009> 0006f9b4 77e3a454 MSOE+0x15871
^ Syntax error in '0006f9b4 77e3a454 MSOE+0x15871'
0:009> 0006f9d4 77e14750 USER32!SetWindowPlacement+0x4e
^ Syntax error in '0006f9d4 77e14750 USER32!SetWindowPlacement+0x4e'
0:009> 0006f9f0 77e1cf77 USER32!TranslateMessageEx+0x750
^ Syntax error in '0006f9f0 77e1cf77 USER32!TranslateMessageEx+0x750'
0:009> 0006fa20 77f91baf USER32!SetScrollPos+0xb82
^ Syntax error in '0006fa20 77f91baf USER32!SetScrollPos+0xb82'
0:009> 0006fb68 77e1cfba ntdll!KiUserCallbackDispatcher+0x13
^ Syntax error in '0006fb68 77e1cfba ntdll!KiUserCallbackDispatcher+0x13'
0:009> 0006fba4 7d230aa2 USER32!CreateWindowExA+0x2e
^ Syntax error in '0006fba4 7d230aa2 USER32!CreateWindowExA+0x2e'
0:009> 0006fbe8 007e052a SbieDll!SbieDll_GetHandlePath+0x2aa2
^ Syntax error in '0006fbe8 007e052a SbieDll!SbieDll_GetHandlePath+0x2aa2'
0:009> 0006fc64 007c9ebd MSOE!FIsDefaultMailConfiged+0xec6
^ Syntax error in '0006fc64 007c9ebd MSOE!FIsDefaultMailConfiged+0xec6'
0:009> 0006fc7c 007c9cfd MSOE+0x19ebd
^ Syntax error in '0006fc7c 007c9cfd MSOE+0x19ebd'
0:009> 0006fc9c 77e3a454 MSOE+0x19cfd
^ Syntax error in '0006fc9c 77e3a454 MSOE+0x19cfd'
0:009> 0006fcbc 77e14605 USER32!SetWindowPlacement+0x4e
^ Syntax error in '0006fcbc 77e14605 USER32!SetWindowPlacement+0x4e'
0:009> 0006fd48 77e1a7f2 USER32!TranslateMessageEx+0x605
^ Syntax error in '0006fd48 77e1a7f2 USER32!TranslateMessageEx+0x605'
0:009> 0006fdb0 007ecb70 USER32!DispatchMessageW+0xb
^ Syntax error in '0006fdb0 007ecb70 USER32!DispatchMessageW+0xb'
0:009> *** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\Outlook Express\msimn.exe
0:009> bp NtCreateFile





Hope at least one of these outputs helps you.

Many thanks for you patience.

Martin
View user's profileSend private message
tzuk


Joined: 22 Jun 2004
Posts: 15004
Post Posted: Fri May 11, 2007 11:51 pm Reply with quote
Quote:
Hope at least one of these outputs helps you.


I'm afraid not. Let's take another approach. I'll give you a version of SbieDll that stops the debugger when 'ntsvcs' is being accessed. Then you could do this 'k 99' and get an output that will be far more relevant to what we need.

But, it's going to take a couple of days for me to do that.
View user's profileSend private message
martinr


Joined: 15 Apr 2007
Posts: 76
Post Posted: Wed May 16, 2007 9:49 pm Reply with quote
DUPLICATED IN POSTING "OUTLOOK EXPRESS AND WMIEP_XXX"

Problem solved: O.E. store folder moved back to its default location.

For the record, I downloaded msconfig for Windows 2000 from http://www.3feetunder.com/krick/startup/ so I could do some clean-boot troubleshooting but the problem was still there. (A cracking little discovery!)

Then I noticed that sandboxed O.E. in the problem user-profile always locked up GoBack, whereas in the good user-profile, GoBack did not lock up. I could see also that the entries in GoBack log were quite different between the 2 user profiles. That led me to see the problem was that, in the problem user-profile, when I originally installed O.E., I moved the Store Folder to my data drive (O.E. > Tools > Options > Maintenance > Store Folder). I moved it back to the default location and the problem was solved: GoBack no longer stops working and the computer no longer crashes with O.E. in the sandbox.

(I still have the line OpenPipePath=\Device\NamedPipe\ntsvcs in Sandboxie.ini to get I.E. and O.E. to load without the 1.5 min delay)

Many thanks for your kind and patient help.

Martin
View user's profileSend private message
tzuk


Joined: 22 Jun 2004
Posts: 15004
Post Posted: Thu May 17, 2007 9:27 pm Reply with quote
I'm glad you got that resolved.

Quote:
(I still have the line OpenPipePath=\Device\NamedPipe\ntsvcs in Sandboxie.ini to get I.E. and O.E. to load without the 1.5 min delay)


I still remember. I guess I'll push back a bit that "special version" I promised you. I'll make it available for you around the time I release the next beta (which would take a bit more time).
View user's profileSend private message
Laptop Locking up
You can post new topics in this forum
You can reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
 		All times are GMT  
Page 2 of 2  
Use the RSS feed to watch this topic for replies
  
  
www.sandboxie.com Forum Index » Official Versions 2.80 through 2.86
 This topic is locked: you cannot edit posts or make replies.  

Sandboxie is Copyright © 2004-2012 by Sandboxie Holdings LLC.  All rights reserved.
Sandboxie.com | Contact Author
This site has been viewed 208,467,836 times since June 2004