taking a stab at analyzing a debug log

James Hawkins truiken at gmail.com
Thu Sep 30 12:17:57 CDT 2004 

Hi,

I've been trying to get Easy CD Extractor to work for a while now, and
the program ezcddax.exe is having some weird (possibly) scheduling and
threading problems, so in the meantime I've looked at some of the
other exe's that Easy Cd Extractor installed.  One such exe is
burn.exe.  When I run this, it seemingly immediately exits.  This is
an interesting part of +relay:

0009:Call kernel32.GetModuleHandleA(00000000) ret=0040158a
0009:Ret  kernel32.GetModuleHandleA() retval=00400000 ret=0040158a
0009:Call kernel32.GetModuleFileNameA(00400000,406cfc18,00000105) ret=0040114e
0009:Call ntdll.RtlAllocateHeap(40370000,00000000,0000020a) ret=404da841
0009:Ret  ntdll.RtlAllocateHeap() retval=403a91d8 ret=404da841
0009:Call ntdll.LdrLockLoaderLock(00000000,00000000,406cfad4) ret=404eafce
0009:Ret  ntdll.LdrLockLoaderLock() retval=00000000 ret=404eafce
0009:Call ntdll.LdrFindEntryForAddress(00400000,406cfad0) ret=404eafe0
0009:Ret  ntdll.LdrFindEntryForAddress() retval=00000000 ret=404eafe0
0009:Call ntdll.LdrUnlockLoaderLock(00000000,00000009) ret=404eb02c
0009:Ret  ntdll.LdrUnlockLoaderLock() retval=00000000 ret=404eb02c
0009:Call ntdll.RtlUnicodeToMultiByteN(406cfc18,00000105,406cfad4,403a91d8,00000
060) ret=404d2873
0009:Ret  ntdll.RtlUnicodeToMultiByteN() retval=00000000 ret=404d2873
0009:Call ntdll.RtlFreeHeap(40370000,00000000,403a91d8) ret=404da871
0009:Ret  ntdll.RtlFreeHeap() retval=00000001 ret=404da871
0009:Ret  kernel32.GetModuleFileNameA() retval=00000030 ret=0040114e
0009:Call kernel32.ExitProcess(00000001) ret=00401454
0009:Call ntdll.LdrShutdownProcess() ret=404f5bd0

It seems that the last system call burn.exe makes before exiting is
GetModuleFileNameA.  I added an ERR in this function to see what
filename it was getting, and it is:

err:module:GetModuleFileNameA filename: L"C:\\Program Files\\Easy
CD-DA Extractor 7\\burn.exe"

which is the path of the program.  After this call, burn.exe starts
the exit process.  Maybe burn.exe didn't like the results from
GetModuleFileName?  I'm not exactly experienced with analyzing debug
logs, so I'm probably way off, but hopefully I'll get better.

-- 
James Hawkins

More information about the wine-devel mailing list