EAX=00915837   EBX=BFF7427F   ECX=BFF92F1B   EDX=00914B6B   ESI=81623EF4

EDI=00000000   EBP=008AFE38   ESP=008AFDE0   EIP=00915848   o d I s z A p C

CS=0167   DS=016F   SS=016F   ES=016F   FS=34F7   GS=0000

-------------------------------------------------------------------------PROT32-

0167:00915835  MOV       ES,[EAX]                                              ^

0167:00915837  PUSHAD                                                          ^

0167:00915838  PUSH      0000005B

0167:0091583D  PUSH      00000000

0167:00915842  CALL      [00915858]

0167:00915848  ADD       ESP,08

0167:0091584B  POPAD

0167:0091584C  JMP       [KERNEL32!GetVersion]

0167:00915852  SBB       EBP,[EDI]

0167:00915854  STC

0167:00915855  MOV       EDI,E9D00001

0167:0091585A  MOV       ES,[EAX]

0167:0091585C  PUSHAD

0167:0091585D  PUSH      0000005C

0167:00915862  PUSH      00000000

0167:00915867  CALL      [0091587D]

0167:0091586D  ADD       ESP,08

0167:00915870  POPAD                                                           v

0167:00915871  JMP       [00915877]                                        < > v

--------------------------------------------------------------------------------

WINICE: Load32  Obj=0003 Add=016F:794DE000 Len=00003000 Mod=MSWSOCK

WINICE: Load32  Obj=0004 Add=016F:794E1000 Len=00001000 Mod=MSWSOCK

WINICE: Load32  Obj=0005 Add=016F:794E2000 Len=00002000 Mod=MSWSOCK

WINICE: Load32  Obj=0006 Add=016F:794E4000 Len=00001000 Mod=MSWSOCK

Break due to BPX #0167:00545F44  (ET=647.39 milliseconds)

:bc*

:lines 43

:pagein n

Screen dumper set to mode 2

:pagein n c:\Mainfa.html

:pagein d 401000 152000 c:\1

:pagein d 553000 4000 c:\2

:pagein d 557000 3f000 c:\3

:pagein d 675000 1000 c:\4

:pagein d 676000 1000 c:\5

:pagein n c:\APIfa.html

:pagein n c:\APIfae.html

PAGEIN address                                                             Stars