WINRAR弹窗堆栈

0:000> db 004ddfa8
004ddfa8 6f 00 70 00 65 00 6e 00-00 00 00 00 2d 00 6e 00 o.p.e.n.....-.n.

030631ac "http://cdn.castplatform.com/scri"
030631ec "pts/au4666.html?subid=0"

0:000> KVNF
# Memory ChildEBP RetAddr Args to Child
00 00123f00 7d68604a 00123f14 7d685fdd 030631ac SHELL32!ShellExecuteExW (FPO: [Non-Fpo])
*** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\WinRAR\WinRAR.exe
01 50 00123f50 00494f3f 00000000 004ddfa8 030631ac SHELL32!ShellExecuteW+0x6d (FPO: [Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be wrong.
02 2068 00125fb8 3edc5ee8 00ab2eb0 00126038 00126038 WinRAR+0x94f3f
03 24 00125fdc 3edc5e6d 00ab2eb0 00126014 3edc5ba8 ieframe!EnumConnectionPointSinks+0x6c (FPO: [Non-Fpo])
04 4c 00126028 3edc6d87 00160ad0 00126038 00000003 ieframe!IConnectionPoint_InvokeIndirect+0x80 (FPO: [Non-Fpo])
05 40 00126068 3edc6d35 00160ad0 000000fa 0012612c ieframe!IConnectionPoint_InvokeWithCancel+0x3a (FPO: [Non-Fpo])
06 d8 00126140 3ed58ca0 0333d7f4 00160ad0 00126208 ieframe!DoInvokeParamHelper+0x8b (FPO: [Non-Fpo])
07 f4 00126234 3ed6632b 0333d7f4 016f0662 0333d7f4 ieframe!FireEvent_BeforeNavigate+0x272 (FPO: [Non-Fpo])
08 48 0012627c 3d2c590f 00199754 033749ac 0333d7f4 ieframe!CBaseBrowser2::FireBeforeNavigate3+0x9f (FPO: [Non-Fpo])
09 10c4 00127340 3d2beb57 001273a0 00000000 00000000 mshtml!CWebOCEvents::BeforeNavigate2+0x29f
0a 1e8 00127528 3d2bf20d 0023afa8 001275b4 00249cb0 mshtml!CDoc::DoNavigate+0xaa6
0b 120 00127648 3d2c616e 0023afa8 00000000 0311eed8 mshtml!CDoc::FollowHyperlink2+0xdb0
0c 80 001276c8 3d2c6b21 00127790 00000000 0311eed8 mshtml!CDoc::FollowHyperlink+0x9d
0d 20d4 0012979c 3d2c6db4 00000000 0020003a 00000000 mshtml!CFrameSite::OnPropertyChange_Src+0x557
0e 68 00129804 3d2c6c48 0311eed8 030cbe48 00129a84 mshtml!CFrameSite::CreateObject+0x43e
0f 58 0012985c 3d139767 001298f0 03032b00 00000000 mshtml!CFrameSite::Notify+0x189
10 160 001299bc 3d137960 001299d0 00129acc 00129ab0 mshtml!CSpliceTreeEngine::InsertSplice+0x975
11 e4 00129aa0 3d139ebf 00129ad8 00129ae4 03032860 mshtml!CMarkup::SpliceTreeInternal+0x9a
12 50 00129af0 3d139deb 00129b28 00129b64 00000001 mshtml!CDoc::CutCopyMove+0xca
13 1c 00129b0c 3d2f037d 00129b28 00129b64 00000001 mshtml!CDoc::Move+0x16
14 94 00129ba0 3d2e1bc5 00000000 00129bbc 0012a120 mshtml!UnicodeCharacterCount+0x23b
15 68 00129c08 3d2e1aeb 030cb6c0 00000000 00129c44 mshtml!CElement::InsertBeforeHelper+0xd1
16 1c 00129c24 3d2e1c76 00174408 030cb6c0 00000001 mshtml!CElement::insertBefore+0x3c
17 40 00129c64 3d2e23fc 00174408 030cb6c0 0012a120 mshtml!CElement::appendChild+0x39
18 34 00129c98 3d1daaf3 00174408 02f46e88 033757e0 mshtml!Method_IDispatchpp_IDispatchp+0xca
19 74 00129d0c 3d1e6b1d 00174408 80010431 00000001 mshtml!CBase::ContextInvokeEx+0x5d1
1a 50 00129d5c 3d1f2868 00174408 80010431 00000001 mshtml!CElement::ContextInvokeEx+0x9d
1b 2c 00129d88 3d1da4f1 00174408 80010431 00000001 mshtml!CElement::VersionedInvokeEx+0x2d
1c 50 00129dd8 3e373a9a 030cb720 80010431 00000001 mshtml!PlainInvokeEx+0xea
1d 40 00129e18 3e3739e6 0039c0b0 80010431 00000409 jscript!IDispatchExInvokeEx2+0xf8
1e 3c 00129e54 3e374f26 0039c0b0 00000409 00000003 jscript!IDispatchExInvokeEx+0x6a
1f c0 00129f14 3e374e80 80010431 00000003 0012a118 jscript!InvokeDispatchEx+0x98
20 34 00129f48 3e372d6d 0039c0b0 00129f7c 00000003 jscript!VAR::InvokeByName+0x135
21 4c 00129f94 3e374235 0039c0b0 00000003 0012a118 jscript!VAR::InvokeDispName+0x7a
22 30 00129fc4 3e373114 0039c0b0 00000000 00000003 jscript!VAR::InvokeByDispID+0xce
23 19c 0012a160 3e3713ab 0012a178 0012a3d8 0012a3d8 jscript!CScriptRuntime::Run+0x29e0
24 e8 0012a248 3e3712e5 0012a3d8 00000001 035c16e8 jscript!ScrFncObj::CallWithFrameOnStack+0xff
25 4c 0012a294 3e372a05 0012a3d8 00000001 035c16e8 jscript!ScrFncObj::Call+0x8f
26 84 0012a318 3e3728c5 02f48470 0039c0b0 00000001 jscript!NameTbl::InvokeInternal+0x2a2
27 34 0012a34c 3e393b5f 0039c0b0 00000000 00000001 jscript!VAR::InvokeByDispID+0x17c
28 48 0012a394 3e374327 0039c0b0 0012a438 0012a3d8 jscript!JsFncCall+0xe1
29 68 0012a3fc 3e372a05 00000000 00000002 035c16e8 jscript!NatFncObj::Call+0x103
2a 84 0012a480 3e3728c5 02ec42e0 0039c0b0 00000001 jscript!NameTbl::InvokeInternal+0x2a2
2b 34 0012a4b4 3e3743fc 0039c0b0 00000000 00000001 jscript!VAR::InvokeByDispID+0x17c
2c 40 0012a4f4 3e3724c1 0039c0b0 0012a564 02f48470 jscript!VAR::InvokeJSObj<SYM *>+0xb8
2d 3c 0012a530 3e372d6d 0039c0b0 0012a564 00000001 jscript!VAR::InvokeByName+0x170
2e 4c 0012a57c 3e374235 0039c0b0 00000001 00000000 jscript!VAR::InvokeDispName+0x7a
2f 30 0012a5ac 3e374f93 0039c0b0 00000000 00000001 jscript!VAR::InvokeByDispID+0xce
30 19c 0012a748 3e3713ab 0012a760 0012ab80 0012ab80 jscript!CScriptRuntime::Run+0x2abe
31 e8 0012a830 3e3712e5 0012ab80 00000003 00399130 jscript!ScrFncObj::CallWithFrameOnStack+0xff
32 4c 0012a87c 3e372a05 0012ab80 00000003 00399130 jscript!ScrFncObj::Call+0x8f
33 84 0012a900 3e3728c5 02efc070 0039c0b0 00000003 jscript!NameTbl::InvokeInternal+0x2a2
34 34 0012a934 3e3743fc 0039c0b0 00000000 00000003 jscript!VAR::InvokeByDispID+0x17c
35 40 0012a974 3e3724c1 0039c0b0 0012a9e4 02f45778 jscript!VAR::InvokeJSObj<SYM *>+0xb8
36 3c 0012a9b0 3e372d6d 0039c0b0 0012a9e4 00000003 jscript!VAR::InvokeByName+0x170
37 4c 0012a9fc 3e374235 0039c0b0 00000003 0012ab80 jscript!VAR::InvokeDispName+0x7a
38 30 0012aa2c 3e373114 0039c0b0 00000000 00000003 jscript!VAR::InvokeByDispID+0xce
39 19c 0012abc8 3e3713ab 0012abe0 00000000 00000000 jscript!CScriptRuntime::Run+0x29e0
3a e8 0012acb0 3e3712e5 00000000 00000001 003991e0 jscript!ScrFncObj::CallWithFrameOnStack+0xff
3b 4c 0012acfc 3e372a05 00000000 00000001 003991e0 jscript!ScrFncObj::Call+0x8f
3c 84 0012ad80 3e3728c5 02efb618 0039c0b0 00000001 jscript!NameTbl::InvokeInternal+0x2a2
3d 34 0012adb4 3e3743fc 0039c0b0 00000000 00000001 jscript!VAR::InvokeByDispID+0x17c
3e 40 0012adf4 3e3724c1 0039c0b0 0012ae64 02f45778 jscript!VAR::InvokeJSObj<SYM *>+0xb8
3f 3c 0012ae30 3e372d6d 0039c0b0 0012ae64 00000001 jscript!VAR::InvokeByName+0x170
40 4c 0012ae7c 3e374235 0039c0b0 00000001 00000000 jscript!VAR::InvokeDispName+0x7a
41 30 0012aeac 3e374f93 0039c0b0 00000000 00000001 jscript!VAR::InvokeByDispID+0xce
42 19c 0012b048 3e3713ab 0012b060 00000000 00000000 jscript!CScriptRuntime::Run+0x2abe
43 e8 0012b130 3e3712e5 00000000 00000002 003992c0 jscript!ScrFncObj::CallWithFrameOnStack+0xff
44 4c 0012b17c 3e374aac 00000000 00000002 003992c0 jscript!ScrFncObj::Call+0x8f
45 84 0012b200 3e3728c5 0039c3a8 0039c0b0 00000001 jscript!NameTbl::InvokeInternal+0x137
46 34 0012b234 3e374f93 0039c0b0 00000000 00000001 jscript!VAR::InvokeByDispID+0x17c
47 19c 0012b3d0 3e3713ab 0012b3e8 0012b9e8 0012b9e8 jscript!CScriptRuntime::Run+0x2abe
48 e8 0012b4b8 3e3712e5 0012b9e8 00000003 02f44b98 jscript!ScrFncObj::CallWithFrameOnStack+0xff
49 4c 0012b504 3e372a05 0012b9e8 00000003 02f44b98 jscript!ScrFncObj::Call+0x8f
4a 84 0012b588 3e3728c5 02f19130 0039c0b0 00000001 jscript!NameTbl::InvokeInternal+0x2a2
4b 34 0012b5bc 3e38595a 0039c0b0 00000000 00000001 jscript!VAR::InvokeByDispID+0x17c
4c c0 0012b67c 3e374327 0039c0b0 0012b720 0012b9e8 jscript!JsFncApply+0x2ba
4d 68 0012b6e4 3e372a05 0012b9e8 00000002 00399350 jscript!NatFncObj::Call+0x103
4e 84 0012b768 3e3728c5 02f30200 0039c0b0 00000003 jscript!NameTbl::InvokeInternal+0x2a2
4f 34 0012b79c 3e3743fc 0039c0b0 00000000 00000003 jscript!VAR::InvokeByDispID+0x17c
50 40 0012b7dc 3e3724c1 0039c0b0 0012b84c 02f19130 jscript!VAR::InvokeJSObj<SYM *>+0xb8
51 3c 0012b818 3e372d6d 0039c0b0 0012b84c 00000003 jscript!VAR::InvokeByName+0x170
52 4c 0012b864 3e374235 0039c0b0 00000003 0012b9e8 jscript!VAR::InvokeDispName+0x7a
53 30 0012b894 3e373114 0039c0b0 00000000 00000003 jscript!VAR::InvokeByDispID+0xce
54 19c 0012ba30 3e3713ab 0012ba48 0012bd70 0012bd70 jscript!CScriptRuntime::Run+0x29e0
55 e8 0012bb18 3e3712e5 0012bd70 00000001 003993f0 jscript!ScrFncObj::CallWithFrameOnStack+0xff
56 4c 0012bb64 3e374aac 0012bd70 00000001 003993f0 jscript!ScrFncObj::Call+0x8f
57 84 0012bbe8 3e3728c5 02f39d20 0039c0b0 00000003 jscript!NameTbl::InvokeInternal+0x137
58 34 0012bc1c 3e373114 0039c0b0 00000000 00000003 jscript!VAR::InvokeByDispID+0x17c
59 19c 0012bdb8 3e3713ab 0012bdd0 00000000 00000000 jscript!CScriptRuntime::Run+0x29e0
5a e8 0012bea0 3e3712e5 00000000 00000002 00399480 jscript!ScrFncObj::CallWithFrameOnStack+0xff
5b 4c 0012beec 3e372a05 00000000 00000002 00399480 jscript!ScrFncObj::Call+0x8f
5c 84 0012bf70 3e3728c5 02ed8590 0039c0b0 00000001 jscript!NameTbl::InvokeInternal+0x2a2
5d 34 0012bfa4 3e3743fc 0039c0b0 00000000 00000001 jscript!VAR::InvokeByDispID+0x17c
5e 40 0012bfe4 3e3724c1 0039c0b0 0012c054 02f57008 jscript!VAR::InvokeJSObj<SYM *>+0xb8
5f 3c 0012c020 3e372d6d 0039c0b0 0012c054 00000001 jscript!VAR::InvokeByName+0x170
60 4c 0012c06c 3e374235 0039c0b0 00000001 00000000 jscript!VAR::InvokeDispName+0x7a
61 30 0012c09c 3e374f93 0039c0b0 00000000 00000001 jscript!VAR::InvokeByDispID+0xce
62 19c 0012c238 3e3713ab 0012c250 0012c574 0012c574 jscript!CScriptRuntime::Run+0x2abe
63 e8 0012c320 3e3712e5 0012c574 00000002 003995c0 jscript!ScrFncObj::CallWithFrameOnStack+0xff
64 4c 0012c36c 3e374aac 0012c574 00000002 003995c0 jscript!ScrFncObj::Call+0x8f
65 84 0012c3f0 3e3728c5 02f067e0 0039c0b0 00000003 jscript!NameTbl::InvokeInternal+0x137
66 30 0012c420 3e373114 0039c0b0 00000000 00000003 jscript!VAR::InvokeByDispID+0x17c
67 19c 0012c5bc 3e3713ab 0012c5d4 0012c71c 0012c71c jscript!CScriptRuntime::Run+0x29e0
68 e8 0012c6a4 3e3712e5 0012c71c 00000000 00399690 jscript!ScrFncObj::CallWithFrameOnStack+0xff
69 4c 0012c6f0 3e371113 0012c71c 00000000 00399690 jscript!ScrFncObj::Call+0x8f
6a 7c 0012c76c 3e37385e 02f3d518 0012c9b0 00000000 jscript!CSession::Execute+0x175
6b e8 0012c854 3e3736ea 02f3d518 00000000 00000001 jscript!NameTbl::InvokeDef+0x1b8
6c 84 0012c8d8 3d0f53b7 02f3d518 00000000 00000804 jscript!NameTbl::InvokeEx+0x129
6d 50 0012c928 3d13837f 0024b470 02f3d518 00000000 mshtml!CBase::InvokeDispatchWithThis+0x102
6e 12c 0012ca54 3d1f098e fffffd9f 80011789 030cb660 mshtml!CBase::InvokeEvent+0x213
6f 160 0012cbb4 3d1f11ac 0024b470 03020060 0024b470 mshtml!CBase::FireEvent+0xe2
70 170 0012cd24 3d12f322 3d1d2620 00000001 00000000 mshtml!CElement::FireEvent+0x3ce
71 20 0012cd44 3d1da1b3 0024b470 00000000 00232f38 mshtml!CScriptElement::FireOnReadyStateChange+0x1b
72 3c 0012cd80 3d1c4cc0 0012ce08 3d1c4c12 00000000 mshtml!GlobalWndOnMethodCall+0x104
73 20 0012cda0 77d18734 003b058e 00000024 00000000 mshtml!GlobalWndProc+0x183
74 2c 0012cdcc 77d18816 3d1c4c12 003b058e 00008002 USER32!InternalCallWinProc+0x28
75 68 0012ce34 77d189cd 00000000 3d1c4c12 003b058e USER32!UserCallWinProcCheckWow+0x150 (FPO: [Non-Fpo])
76 60 0012ce94 77d18a10 0012cec0 00000000 77d27424 USER32!DispatchMessageWorker+0x306 (FPO: [Non-Fpo])
77 10 0012cea4 004b33a2 0012cec0 00000000 0012cf18 USER32!DispatchMessageW+0xf (FPO: [Non-Fpo])
78 34 0012ced8 004b3987 00000000 00000000 5cc2451b WinRAR+0xb33a2
79 4 0012cedc 00000000 00000000 5cc2451b fffffffe WinRAR+0xb3987