0:000> !analyze -vvvv ******************************************************************************* * * * Exception Analysis * * * ******************************************************************************* DBGHELP: c:\windows\system32\kernel32.dll - OK DBGHELP: c:\windows\system32\ntdll.dll - OK DBGHELP: F:\sbester\mysql-proxy-0.8.2-winx64-x86\bin\mysql-proxy.exe - OK DBGHELP: F:\sbester\mysql-proxy-0.8.2-winx64-x86\bin\glib-2.0.dll - OK DBGHELP: F:\sbester\mysql-proxy-0.8.2-winx64-x86\bin\mysql-chassis.dll - OK DBGHELP: c:\windows\system32\KERNELBASE.dll - OK DBGHELP: c:\windows\system32\kernel32.dll - OK DBGHELP: c:\windows\system32\ntdll.dll - OK DBGHELP: F:\sbester\mysql-proxy-0.8.2-winx64-x86\bin\mysql-proxy.exe - OK DBGHELP: F:\sbester\mysql-proxy-0.8.2-winx64-x86\bin\glib-2.0.dll - OK DBGHELP: F:\sbester\mysql-proxy-0.8.2-winx64-x86\bin\mysql-chassis.dll - OK DBGHELP: c:\windows\system32\KERNELBASE.dll - OK FAULTING_IP: KERNELBASE!MultiByteToWideChar+37a 000007fe`fd5421cb 0fb603 movzx eax,byte ptr [rbx] EXCEPTION_RECORD: ffffffffffffffff -- (.exr 0xffffffffffffffff) ExceptionAddress: 000007fefd5421cb (KERNELBASE!MultiByteToWideChar+0x000000000000037a) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 0000000000000000 Parameter[1]: 0000000000d66000 Attempt to read from address 0000000000d66000 FAULTING_THREAD: 0000000000001f98 DEFAULT_BUCKET_ID: INVALID_POINTER_READ PROCESS_NAME: mysql-proxy.exe ERROR_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - The instruction at 0x%08lx referenced memory at 0x%08lx. The memory could not be %s. EXCEPTION_CODE_STR: c0000005 EXCEPTION_PARAMETER1: 0000000000000000 EXCEPTION_PARAMETER2: 0000000000d66000 READ_ADDRESS: 0000000000d66000 FOLLOWUP_IP: glib_2_0!kernel_mbtowc+4c [g:\bs\merlin-common-vs2008-64bit\src\glib-2.16.6\glib\win_iconv.c @ 1366] 000007fe`e417379c 8903 mov dword ptr [rbx],eax WATSON_BKT_MODULE: KERNELBASE.dll WATSON_BKT_MODVER: 6.1.7600.16850 WATSON_BKT_MODSTAMP: 4e211da1 WATSON_BKT_MODOFFSET: 21cb MODULE_VER_PRODUCT: Microsoft® Windows® Operating System BUILD_VERSION_STRING: 6.1.7600.16850 (win7_gdr.110715-1503) MOD_LIST: NTGLOBALFLAG: 70 APPLICATION_VERIFIER_FLAGS: 0 ANALYSIS_SESSION_HOST: HOD01 ANALYSIS_SESSION_TIME: 05-30-2012 11:12:06.0233 THREAD_ATTRIBUTES: [ GLOBAL ] Global PID: [5936] Global Thread_Count: [1] Global LoadedModule_Count: [32] Global PageSize: [4096] Global ModList_SHA1_Hash: [185d1eea3c1fae408e68fc26fa2a68225c85822b] Global ProcessName: [mysql-proxy.exe] Global CommandLine: [f:\sbester\mysql-proxy-0.8.2-winx64-x86\bin\mysql-proxy.exe --proxy-backend-addresses=1.1.1.1] Global Desktop_Name: [Winsta0\Default] Global Debugger_CPU_Architecture: [X64] Global CPU_ProcessorCount: [24] Global CPU_MHZ: [2534] Global CPU_Architecture: [X64] Global CPU_Family: [6] Global CPU_Model: [12] Global CPU_Stepping: [2] Global CPU_VendorString: [] Global ProcessBeingDebugged Global GFlags: [112] Global Application_Verifer_Flags: [0] Global SystemUpTime: [26 days 22:36:40.000] Global SystemUpTime: [2327800] Global ProcessUpTime: [0 days 0:50:57.000] Global ProcessUpTime: [3057] Global CurrentTimeDate: [Wed May 30 11:12:06.000 2012 (UTC + 2:00)] Global CurrentTimeDate: [1338369126] Global ProductType: [2] Global SuiteMask: [274] [ THREAD ] 00 Id: 1730.1f98 Frame[00] Is_OriginalExceptionThread Frame[00] Stack_Frames_Extraction_Time_(ms): [0x10] Frame[00] ThreadStartAddress: [mysql_proxy!mainCRTStartup] Frame[00] ThreadStartAddress: [0x000000013fa62558] Frame[0f] CompleteStackWalk Frame[10] CompleteStackWalk Frame[00] Thread_LastError: [0x7a] Frame[00] Thread_LastStatus: [0xc0000139] Frame[00] LdrInitalize Frame[00] ThreadLocale: [0x409] Frame[00] BadReadAddress: [0xd66000] Frame[00] badptr_READ: [0x0000000000d66000] Frame[00] Number_of_Stack_Frames: [0x11] Frame[00] Bad_Frame_Count: [0x0] Frame[00] Ignored_Frame_Count: [0x0] Frame[00] Frames_not_in_stack_range: [0x0] Frame[00] NotSysEnter Frame[00] OneBit_Arch_AX Frame[00] badptr_Arch_BX: [0x0000000000d66000] Frame[00] null_Arch_CX Frame[00] OneBit_Arch_DX Frame[00] badptr_Arch_SI: [0x000007fffffb001c] Frame[00] badptr_Arch_DI: [0x0000000000b9f438] Frame[00] badptr_Arch_SP: [0x0000000000b9f2a0] Frame[00] badptr_Arch_BP: [0x000000000000f8ff] Frame[00] NX_LoadedModule_Arch_IP: [0x000007fefd5421cb] Frame[00] badptr_msr_r8: [0x000000000000e000] Frame[00] OneBit_msr_r9 Frame[00] null_msr_r10 Frame[00] badptr_msr_r11: [0x0000000000b9f2a8] Frame[00] badptr_msr_r12: [0x00000000000d41f0] Frame[00] OneBit_msr_r13 Frame[00] badptr_msr_r14: [0x0000000000b9f438] Frame[00] badptr_msr_r15: [0x0000000000d66001] Frame[00] Instruction_Pointer: [0x000007fefd5421cb] Frame[00] ip_not_executable: [0xfd5421cb] Frame[00] IP_Biased Frame[00] Stack_Attribute_Extraction_Time_(ms): [0x7d] PROBLEM_CLASSES: INVALID_POINTER_READ Tid [0x1f98] Frame [0x00]: kernelbase!MultiByteToWideChar PRIMARY_PROBLEM_CLASS: INVALID_POINTER_READ BUGCHECK_STR: APPLICATION_FAULT_INVALID_POINTER_READ LAST_CONTROL_TRANSFER: from 00000000772f021b to 000007fefd5421cb STACK_TEXT: 00000000`00b9f2a0 00000000`772f021b : 00000000`00000000 00000000`00000000 00000000`00c35f40 000007fe`e41738be : KERNELBASE!MultiByteToWideChar+0x37a 00000000`00b9f380 000007fe`e417379c : 00000000`00c5d5da 00000000`000089a5 00000000`00000000 00000000`00000000 : kernel32!MultiByteToWideCharStub+0x1b 00000000`00b9f3c0 000007fe`e4175828 : 00000000`00c269a0 00000000`00b9f568 00000000`00b9f570 00000000`00000000 : glib_2_0!kernel_mbtowc+0x4c [g:\bs\merlin-common-vs2008-64bit\src\glib-2.16.6\glib\win_iconv.c @ 1366] 00000000`00b9f400 000007fe`e4172fad : 00000000`00020000 00000000`721bd877 00000000`00b9f910 00000000`00c35f50 : glib_2_0!win_iconv+0x88 [g:\bs\merlin-common-vs2008-64bit\src\glib-2.16.6\glib\win_iconv.c @ 828] 00000000`00b9f4b0 000007fe`e4174643 : 00000000`00000000 00000000`00b9f910 00000000`00000000 00000000`00c26670 : glib_2_0!iconv+0x1d [g:\bs\merlin-common-vs2008-64bit\src\glib-2.16.6\glib\win_iconv.c @ 768] 00000000`00b9f4f0 000007fe`e4174753 : 00000000`00000000 00000000`00000000 00000000`00d5526e 000007fe`e417626a : glib_2_0!g_iconv+0x13 [g:\bs\merlin-common-vs2008-64bit\src\glib-2.16.6\glib\gconvert.c @ 178] 00000000`00b9f530 000007fe`e41764b5 : 00000000`00d5526e 00000000`00b9f910 00000000`000089a4 00000000`00000000 : glib_2_0!g_convert_with_iconv+0xd3 [g:\bs\merlin-common-vs2008-64bit\src\glib-2.16.6\glib\gconvert.c @ 610] 00000000`00b9f5c0 000007fe`e4176bac : 00000000`ffffffff 00000000`00000000 00000000`00000000 000007fe`e4166a52 : glib_2_0!g_convert+0xa5 [g:\bs\merlin-common-vs2008-64bit\src\glib-2.16.6\glib\gconvert.c @ 755] 00000000`00b9f600 000007fe`e41788b0 : 00000000`00d5526e 00000000`00c25f20 00000000`00d56d00 000007fe`e4178755 : glib_2_0!g_locale_to_utf8+0x6c [g:\bs\merlin-common-vs2008-64bit\src\glib-2.16.6\glib\gconvert.c @ 1079] 00000000`00b9f660 000007fe`e4179135 : 00000000`00c25f20 00000000`00000060 00000000`00000000 00000000`00000000 : glib_2_0!parse_arg+0x130 [g:\bs\merlin-common-vs2008-64bit\src\glib-2.16.6\glib\goption.c @ 1025] 00000000`00b9f6b0 000007fe`e41799d2 : 00000000`00000000 00000000`00b9f760 00000000`00b9f908 00000000`00c26670 : glib_2_0!parse_long_option+0x225 [g:\bs\merlin-common-vs2008-64bit\src\glib-2.16.6\glib\goption.c @ 1383] 00000000`00b9f710 000007fe`ed4455ab : 00000000`00d56d00 00000000`00c25f20 00000000`00c26610 00000000`00c26610 : glib_2_0!g_option_context_parse+0x2d2 [g:\bs\merlin-common-vs2008-64bit\src\glib-2.16.6\glib\goption.c @ 1654] 00000000`00b9f7f0 00000001`3fa61ab8 : 00000000`00c20cb0 00000000`00d56d00 00000000`00b9f900 00000000`00b9f908 : mysql_chassis!chassis_frontend_init_plugins+0xd7 [g:\bs\mysql-proxy-vs2008-64bit\src\mysql-proxy-0.8.2\src\chassis-frontend.c @ 395] 00000000`00b9f860 00000001`3fa623a2 : 00000000`00000002 00000000`00d55200 00000000`00000000 00000000`00c20cb0 : mysql_proxy!main_cmdline+0x52c [g:\bs\mysql-proxy-vs2008-64bit\src\mysql-proxy-0.8.2\src\mysql-proxy-cli.c @ 474] 00000000`00b9f900 00000000`772ef33d : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : mysql_proxy!__tmainCRTStartup+0x11a [f:\dd\vctools\crt_bld\self_64_amd64\crt\src\crtexe.c @ 586] 00000000`00b9f930 00000000`77522ca1 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : kernel32!BaseThreadInitThunk+0xd 00000000`00b9f960 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!RtlUserThreadStart+0x1d FAULT_INSTR_CODE: c0850389 FAULTING_SOURCE_CODE: 1362: len = cv->mblen(cv, buf, bufsize); 1363: if (len == -1) 1364: return -1; 1365: *wbufsize = MultiByteToWideChar(cv->codepage, mbtowc_flags (cv->codepage), > 1366: (const char *)buf, len, (wchar_t *)wbuf, *wbufsize); 1367: if (*wbufsize == 0) 1368: return_error(EILSEQ); 1369: return len; 1370: } 1371: SYMBOL_STACK_INDEX: 2 SYMBOL_NAME: glib_2_0!kernel_mbtowc+4c FOLLOWUP_NAME: MachineOwner MODULE_NAME: glib_2_0 IMAGE_NAME: glib-2.0.dll DEBUG_FLR_IMAGE_TIMESTAMP: 4e3ff87b STACK_COMMAND: dt ntdll!LdrpLastDllInitializer BaseDllName ; dt ntdll!LdrpFailureData ; ~0s ; kb FAILURE_BUCKET_ID: INVALID_POINTER_READ_c0000005_glib-2.0.dll!kernel_mbtowc BUCKET_ID: X64_APPLICATION_FAULT_INVALID_POINTER_READ_glib_2_0!kernel_mbtowc+4c ANALYSIS_SESSION_ELAPSED_TIME: 144 Followup: MachineOwner --------- glib_2_0!kernel_mbtowc: 000007fe`e4173750 48895c2408 mov qword ptr [rsp+8],rbx 000007fe`e4173755 48896c2410 mov qword ptr [rsp+10h],rbp 000007fe`e417375a 4889742418 mov qword ptr [rsp+18h],rsi 000007fe`e417375f 57 push rdi 000007fe`e4173760 4883ec30 sub rsp,30h 000007fe`e4173764 488bd9 mov rbx,rcx 000007fe`e4173767 498be9 mov rbp,r9 000007fe`e417376a 488bf2 mov rsi,rdx 000007fe`e417376d ff5318 call qword ptr [rbx+18h] 000007fe`e4173770 8bf8 mov edi,eax 000007fe`e4173772 83f8ff cmp eax,0FFFFFFFFh 000007fe`e4173775 7437 je glib_2_0!kernel_mbtowc+0x5e (000007fe`e41737ae) 000007fe`e4173777 8b0b mov ecx,dword ptr [rbx] 000007fe`e4173779 e822fbffff call glib_2_0!mbtowc_flags (000007fe`e41732a0) 000007fe`e417377e 488b5c2460 mov rbx,qword ptr [rsp+60h] 000007fe`e4173783 448bcf mov r9d,edi 000007fe`e4173786 8bd0 mov edx,eax 000007fe`e4173788 8b03 mov eax,dword ptr [rbx] 000007fe`e417378a 4c8bc6 mov r8,rsi 000007fe`e417378d 89442428 mov dword ptr [rsp+28h],eax 000007fe`e4173791 48896c2420 mov qword ptr [rsp+20h],rbp 000007fe`e4173796 ff1534c40e00 call qword ptr [glib_2_0!_imp_MultiByteToWideChar (000007fe`e425fbd0)] 000007fe`e417379c 8903 mov dword ptr [rbx],eax 000007fe`e417379e 85c0 test eax,eax 000007fe`e41737a0 7511 jne glib_2_0!kernel_mbtowc+0x63 (000007fe`e41737b3) 000007fe`e41737a2 ff1510c70e00 call qword ptr [glib_2_0!_imp__errno (000007fe`e425feb8)] 000007fe`e41737a8 c7002a000000 mov dword ptr [rax],2Ah 000007fe`e41737ae 83c8ff or eax,0FFFFFFFFh 000007fe`e41737b1 eb02 jmp glib_2_0!kernel_mbtowc+0x65 (000007fe`e41737b5) 000007fe`e41737b3 8bc7 mov eax,edi 000007fe`e41737b5 488b5c2440 mov rbx,qword ptr [rsp+40h] 000007fe`e41737ba 488b6c2448 mov rbp,qword ptr [rsp+48h] 000007fe`e41737bf 488b742450 mov rsi,qword ptr [rsp+50h] 000007fe`e41737c4 4883c430 add rsp,30h 000007fe`e41737c8 5f pop rdi 000007fe`e41737c9 c3 ret kernel32!MultiByteToWideCharStub: 00000000`772f0200 4883ec38 sub rsp,38h 00000000`772f0204 8b442468 mov eax,dword ptr [rsp+68h] 00000000`772f0208 89442428 mov dword ptr [rsp+28h],eax 00000000`772f020c 488b442460 mov rax,qword ptr [rsp+60h] 00000000`772f0211 4889442420 mov qword ptr [rsp+20h],rax 00000000`772f0216 e80d000000 call kernel32!MultiByteToWideChar (00000000`772f0228) KERNELBASE!MultiByteToWideChar: 000007fe`fd542020 fff3 push rbx 000007fe`fd542022 55 push rbp 000007fe`fd542023 56 push rsi 000007fe`fd542024 57 push rdi 000007fe`fd542025 4154 push r12 000007fe`fd542027 4156 push r14 000007fe`fd542029 4157 push r15 000007fe`fd54202b 4881eca0000000 sub rsp,0A0h 000007fe`fd542032 488b05d7ff0500 mov rax,qword ptr [KERNELBASE!_security_cookie (000007fe`fd5a2010)] 000007fe`fd542039 4833c4 xor rax,rsp 000007fe`fd54203c 4889842480000000 mov qword ptr [rsp+80h],rax 000007fe`fd542044 4c8bb42400010000 mov r14,qword ptr [rsp+100h] 000007fe`fd54204c 4533ff xor r15d,r15d 000007fe`fd54204f 418bf1 mov esi,r9d 000007fe`fd542052 498bd8 mov rbx,r8 000007fe`fd542055 8bea mov ebp,edx 000007fe`fd542057 8bf9 mov edi,ecx 000007fe`fd542059 81f960ea0000 cmp ecx,0EA60h 000007fe`fd54205f 0f8387650000 jae KERNELBASE!MultiByteToWideChar+0x259 (000007fe`fd5485ec) 000007fe`fd542065 4c89ac2498000000 mov qword ptr [rsp+98h],r13 000007fe`fd54206d 4585c9 test r9d,r9d 000007fe`fd542070 0f8466200000 je KERNELBASE!MultiByteToWideChar+0x20e (000007fe`fd5440dc) 000007fe`fd542076 4c63ac2408010000 movsxd r13,dword ptr [rsp+108h] 000007fe`fd54207e 4585ed test r13d,r13d 000007fe`fd542081 0f8855200000 js KERNELBASE!MultiByteToWideChar+0x20e (000007fe`fd5440dc) 000007fe`fd542087 4885db test rbx,rbx 000007fe`fd54208a 0f844c200000 je KERNELBASE!MultiByteToWideChar+0x20e (000007fe`fd5440dc) 000007fe`fd542090 4585ed test r13d,r13d 000007fe`fd542093 7412 je KERNELBASE!MultiByteToWideChar+0x87 (000007fe`fd5420a7) 000007fe`fd542095 4d85f6 test r14,r14 000007fe`fd542098 0f843e200000 je KERNELBASE!MultiByteToWideChar+0x20e (000007fe`fd5440dc) 000007fe`fd54209e 493bde cmp rbx,r14 000007fe`fd5420a1 0f8435200000 je KERNELBASE!MultiByteToWideChar+0x20e (000007fe`fd5440dc) 000007fe`fd5420a7 4183f9ff cmp r9d,0FFFFFFFFh 000007fe`fd5420ab 0f8e15200000 jle KERNELBASE!MultiByteToWideChar+0x1f8 (000007fe`fd5440c6) 000007fe`fd5420b1 83ff03 cmp edi,3 000007fe`fd5420b4 0f8453a30200 je KERNELBASE!TlsGetValue+0xd790 (000007fe`fd56c40d) 000007fe`fd5420ba 85ff test edi,edi 000007fe`fd5420bc 0f857c410000 jne KERNELBASE!MultiByteToWideChar+0x9e (000007fe`fd54623e) 000007fe`fd5420c2 8b3da0f50500 mov edi,dword ptr [KERNELBASE!gAnsiCodePage (000007fe`fd5a1668)] 000007fe`fd5420c8 4c8b2551ff0500 mov r12,qword ptr [KERNELBASE!gpACPHashN (000007fe`fd5a2020)] 000007fe`fd5420cf 4d85e4 test r12,r12 000007fe`fd5420d2 0f842aa90200 je KERNELBASE!TlsGetValue+0xde19 (000007fe`fd56ca02) 000007fe`fd5420d8 498b442408 mov rax,qword ptr [r12+8] 000007fe`fd5420dd 4885c0 test rax,rax 000007fe`fd5420e0 0f859ba30200 jne KERNELBASE!TlsGetValue+0xd808 (000007fe`fd56c481) 000007fe`fd5420e6 f7c5f0ffffff test ebp,0FFFFFFF0h 000007fe`fd5420ec 0f855ca90200 jne KERNELBASE!TlsGetValue+0xde78 (000007fe`fd56ca4e) 000007fe`fd5420f2 40f6c501 test bpl,1 000007fe`fd5420f6 740a je KERNELBASE!MultiByteToWideChar+0x108 (000007fe`fd542102) 000007fe`fd5420f8 40f6c502 test bpl,2 000007fe`fd5420fc 0f854ca90200 jne KERNELBASE!TlsGetValue+0xde78 (000007fe`fd56ca4e) 000007fe`fd542102 4c63fe movsxd r15,esi 000007fe`fd542105 8bcd mov ecx,ebp 000007fe`fd542107 4c03fb add r15,rbx 000007fe`fd54210a 83e102 and ecx,2 000007fe`fd54210d 40f6c504 test bpl,4 000007fe`fd542111 0f853f3b0100 jne KERNELBASE!MultiByteToWideChar+0x4a9 (000007fe`fd555c56) 000007fe`fd542117 498b742418 mov rsi,qword ptr [r12+18h] 000007fe`fd54211c 4585ed test r13d,r13d 000007fe`fd54211f 0f84221c0000 je KERNELBASE!MultiByteToWideChar+0x1ce (000007fe`fd543d47) 000007fe`fd542125 498b442410 mov rax,qword ptr [r12+10h] 000007fe`fd54212a 498bfe mov rdi,r14 000007fe`fd54212d 4f8d2c6e lea r13,[r14+r13*2] 000007fe`fd542131 6683780201 cmp word ptr [rax+2],1 000007fe`fd542136 0f855da60200 jne KERNELBASE!TlsGetValue+0xdb62 (000007fe`fd56c799) 000007fe`fd54213c 85c9 test ecx,ecx 000007fe`fd54213e 0f85db1a0100 jne KERNELBASE!MultiByteToWideChar+0x44d (000007fe`fd553c1f) 000007fe`fd542144 40f6c508 test bpl,8 000007fe`fd542148 7550 jne KERNELBASE!MultiByteToWideChar+0x345 (000007fe`fd54219a) 000007fe`fd54214a 4d2bee sub r13,r14 000007fe`fd54214d 418bc7 mov eax,r15d 000007fe`fd542150 2bc3 sub eax,ebx 000007fe`fd542152 49d1fd sar r13,1 000007fe`fd542155 4863d0 movsxd rdx,eax 000007fe`fd542158 4c3bea cmp r13,rdx 000007fe`fd54215b 0f8c2ba60200 jl KERNELBASE!TlsGetValue+0xdb55 (000007fe`fd56c78c) 000007fe`fd542161 4889542448 mov qword ptr [rsp+48h],rdx 000007fe`fd542166 4c8b6c2448 mov r13,qword ptr [rsp+48h] 000007fe`fd54216b 4585ed test r13d,r13d 000007fe`fd54216e 0f8e8a000000 jle KERNELBASE!MultiByteToWideChar+0x198 (000007fe`fd5421fe) 000007fe`fd542174 660f1f0400 nop word ptr [rax+rax] 000007fe`fd542179 90 nop 000007fe`fd54217a 90 nop 000007fe`fd54217b 90 nop 000007fe`fd54217c 90 nop 000007fe`fd54217d 90 nop 000007fe`fd54217f 90 nop 000007fe`fd542180 0fb603 movzx eax,byte ptr [rbx] 000007fe`fd542183 ffca dec edx 000007fe`fd542185 4883c702 add rdi,2 000007fe`fd542189 0fb70c46 movzx ecx,word ptr [rsi+rax*2] 000007fe`fd54218d 48ffc3 inc rbx 000007fe`fd542190 66894ffe mov word ptr [rdi-2],cx 000007fe`fd542194 85d2 test edx,edx 000007fe`fd542196 7fe8 jg KERNELBASE!MultiByteToWideChar+0x180 (000007fe`fd542180) 000007fe`fd542198 eb64 jmp KERNELBASE!MultiByteToWideChar+0x198 (000007fe`fd5421fe) 000007fe`fd54219a 4d2bee sub r13,r14 000007fe`fd54219d 418bc7 mov eax,r15d 000007fe`fd5421a0 2bc3 sub eax,ebx 000007fe`fd5421a2 49d1fd sar r13,1 000007fe`fd5421a5 4863d0 movsxd rdx,eax 000007fe`fd5421a8 4c3bea cmp r13,rdx 000007fe`fd5421ab 0f8cada50200 jl KERNELBASE!TlsGetValue+0xdb27 (000007fe`fd56c75e) 000007fe`fd5421b1 4889542448 mov qword ptr [rsp+48h],rdx 000007fe`fd5421b6 4c8b6c2448 mov r13,qword ptr [rsp+48h] 000007fe`fd5421bb 4585ed test r13d,r13d 000007fe`fd5421be 7e3e jle KERNELBASE!MultiByteToWideChar+0x198 (000007fe`fd5421fe) 000007fe`fd5421c0 bdfff80000 mov ebp,0F8FFh 000007fe`fd5421c5 41b800e00000 mov r8d,0E000h 000007fe`fd5421cb 0fb603 movzx eax,byte ptr [rbx] ds:00000000`00d66000=?? 000007fe`fd5421ce 0fb70c46 movzx ecx,word ptr [rsi+rax*2] 000007fe`fd5421d2 66890f mov word ptr [rdi],cx 000007fe`fd5421d5 4d8b4c2410 mov r9,qword ptr [r12+10h] 000007fe`fd5421da 66413b4906 cmp cx,word ptr [r9+6] 000007fe`fd5421df 0f8486a50200 je KERNELBASE!TlsGetValue+0xdb34 (000007fe`fd56c76b) 000007fe`fd5421e5 66413bc8 cmp cx,r8w 000007fe`fd5421e9 0f838fa50200 jae KERNELBASE!TlsGetValue+0xdb47 (000007fe`fd56c77e) 000007fe`fd5421ef ffca dec edx 000007fe`fd5421f1 48ffc3 inc rbx 000007fe`fd5421f4 4883c702 add rdi,2 000007fe`fd5421f8 85d2 test edx,edx 000007fe`fd5421fa 7fcf jg KERNELBASE!MultiByteToWideChar+0x37a (000007fe`fd5421cb) 000007fe`fd5421fc eb00 jmp KERNELBASE!MultiByteToWideChar+0x198 (000007fe`fd5421fe) 000007fe`fd5421fe 493bdf cmp rbx,r15 000007fe`fd542201 0f82c1a70200 jb KERNELBASE!TlsGetValue+0xdddf (000007fe`fd56c9c8) 000007fe`fd542207 418bc5 mov eax,r13d 000007fe`fd54220a 4c8bac2498000000 mov r13,qword ptr [rsp+98h] 000007fe`fd542212 488b8c2480000000 mov rcx,qword ptr [rsp+80h] 000007fe`fd54221a 4833cc xor rcx,rsp 000007fe`fd54221d e8aef0ffff call KERNELBASE!_security_check_cookie (000007fe`fd5412d0) 000007fe`fd542222 4881c4a0000000 add rsp,0A0h 000007fe`fd542229 415f pop r15 000007fe`fd54222b 415e pop r14 000007fe`fd54222d 415c pop r12 000007fe`fd54222f 5f pop rdi 000007fe`fd542230 5e pop rsi 000007fe`fd542231 5d pop rbp 000007fe`fd542232 5b pop rbx 000007fe`fd542233 c3 ret 000007fe`fd542234 488bac24d8000000 mov rbp,qword ptr [rsp+0D8h] 000007fe`fd54223c 498b4710 mov rax,qword ptr [r15+10h] 000007fe`fd542240 4c89742468 mov qword ptr [rsp+68h],r14 000007fe`fd542245 66448b7004 mov r14w,word ptr [rax+4] 000007fe`fd54224a 85ff test edi,edi 000007fe`fd54224c 0f8522a00200 jne KERNELBASE!TlsGetValue+0xd5f1 (000007fe`fd56c274) 000007fe`fd542252 4585ed test r13d,r13d 000007fe`fd542255 7509 jne KERNELBASE!WideCharToMultiByte+0x43a (000007fe`fd542260) 000007fe`fd542257 4885f6 test rsi,rsi 000007fe`fd54225a 0f858d790000 jne KERNELBASE!WideCharToMultiByte+0x49c (000007fe`fd549bed) 000007fe`fd542260 4885ed test rbp,rbp 000007fe`fd542263 488d4c2444 lea rcx,[rsp+44h] 000007fe`fd542268 480f45cd cmovne rcx,rbp 000007fe`fd54226c c70100000000 mov dword ptr [rcx],0 http://msdn.microsoft.com/en-us/library/windows/desktop/dd319072%28v=vs.85%29.aspx (MultiByteToWideChar function ) int MultiByteToWideChar( __in UINT CodePage, __in DWORD dwFlags, __in LPCSTR lpMultiByteStr, __in int cbMultiByte, __out_opt LPWSTR lpWideCharStr, __in int cchWideChar );