Hello

You have a problem with TA3D, it doesn't run or it crashes...
/
Vous avez un problème avec TA3D, il ne se lance pas ou plante...
Post Reply
V_Flashbang
Posts: 4
Joined: Mon Aug 13, 2012 8:56 pm

Hello

Post by V_Flashbang » Mon Aug 13, 2012 9:07 pm

My old account is inactive?

(using teamviewer on friends computer)
Anyways this is still coding, and i need help.
Currently my friend's computer is taking a dive.
As in, it has a shitty virus running through svchost.exe on windows xp 32 bit.
the damned thing is takign up 95,000 k about, (previously was like 422,000)
using anywhere frm 60-95 cpu
detected in both memory and running through svchost.
The first thing i think, is it running off of a command, like how services do, like '\*path*\mDNSresponder.exe' -k svchost.exe or soemthing, displayed properly in windows services module

so I went prowling around in services, didnt find much. Found 1 thing and it made the cpu shrivel from 65-95 to 78-85 usage (not cpu time)
But i looked at date modified, and at the bottom was a dll file i found interesting. Why? I never recognized it before
Prowling around for something semi-readable, i find a load of code lines, some registering processor types and others are simple pre processor commands, a lot of including paths leading to a file "mingw32.h"

Others are wierd-word-combos like that, that i can barely understand.
Point is, I'm banned on tau for trolling/criticizing someones mod and i need you guys to help me decode summadis shit.

PS no he does not have dr watson, i checked for both the executive and the logs, nonexistent.

look:
first one, include-this-command type of shit

Code: Select all

_sqlite3OpcodeProperty _azCompileOpt _sqlite3_compileoption_used _sqlite3_compileoption_get _sqlite3Stat _sqlite3StatusValue _sqlite3StatusAdd _sqlite3StatusSet _sqlite3_status _sqlite3_db_status _getDigits _parseTimezone _parseHhMmSs _computeJD _parseYyyyMmDd _setDateTimeToCurrent _parseDateOrTime _computeYMD _computeHMS _computeYMD_HMS _clearYMD_HMS_TZ _localtimeOffset _parseModifier _juliandayFunc _datetimeFunc _timeFunc _dateFunc _strftimeFunc _ctimeFunc _cdateFunc _ctimestampFunc _aDateTimeFuncs.99 _sqlite3RegisterDateTimeFunctions _sqlite3GlobalFunctions _sqlite3OsClose _sqlite3OsRead _sqlite3OsWrite _sqlite3OsTruncate _sqlite3OsSync _sqlite3OsFileSize _sqlite3OsLock _sqlite3OsUnlock _sqlite3OsCheckReservedLock _sqlite3OsFileControl _sqlite3OsSectorSize _sqlite3OsDeviceCharacteristics _sqlite3OsShmLock _sqlite3OsShmBarrier _sqlite3OsShmUnmap _sqlite3OsShmMap _sqlite3OsOpen _sqlite3OsDelete _sqlite3OsAccess _sqlite3OsFullPathname _sqlite3OsDlOpen _sqlite3OsDlError _sqlite3OsDlSym _sqlite3OsDlClose _sqlite3OsRandomness _sqlite3OsSleep _sqlite3OsCurrentTimeInt64 _sqlite3OsOpenMalloc _sqlite3OsCloseFree _sqlite3OsInit _sqlite3_vfs_find _vfsUnlink _sqlite3_vfs_register _sqlite3_vfs_unregister _sqlite3Hooks _sqlite3BenignMallocHooks _sqlite3BeginBenignMalloc _sqlite3EndBenignMalloc _sqlite3MemMalloc _sqlite3MemFree _sqlite3MemSize _sqlite3MemRealloc _sqlite3MemRoundup _sqlite3MemInit _sqlite3MemShutdown _defaultMethods.235 _sqlite3MemSetDefault _sqlite3MutexInit _sqlite3MutexEnd _sqlite3_mutex_alloc _sqlite3MutexAlloc _sqlite3_mutex_free _sqlite3_mutex_try _noopMutexInit _noopMutexEnd _noopMutexAlloc _noopMutexFree _noopMutexEnter _noopMutexTry _noopMutexLeave _sMutex.284 _sqlite3NoopMutex _winMutex_staticMutexes _winMutex_isInit _winMutex_lock _winMutexInit _winMutexEnd _winMutexAlloc _winMutexFree _winMutexEnter _winMutexTry _winMutexLeave _sMutex.309 _sqlite3DefaultMutex _sqlite3_release_memory _softHeapLimitEnforcer _sqlite3MemoryAlarm _sqlite3_memory_alarm _sqlite3_soft_heap_limit64 _sqlite3_soft_heap_limit _sqlite3MallocInit _sqlite3HeapNearlyFull _sqlite3MallocEnd _sqlite3_memory_highwater _sqlite3MallocAlarm _mallocWithAlarm _sqlite3Malloc _sqlite3ScratchMalloc _sqlite3ScratchFree _isLookaside _sqlite3MallocSize _sqlite3DbMallocSize _sqlite3DbFree _sqlite3Realloc _sqlite3_realloc _sqlite3MallocZero _sqlite3DbMallocZero _sqlite3DbMallocRaw _sqlite3DbRealloc _sqlite3DbReallocOrFree _sqlite3DbStrDup _sqlite3DbStrNDup _sqlite3SetString _sqlite3ApiExit _et_getdigit _zSpaces.415 _appendSpace _zOrd.419 _sqlite3VXPrintf _sqlite3StrAccumAppend _sqlite3StrAccumFinish _sqlite3StrAccumReset _sqlite3StrAccumInit _sqlite3VMPrintf _sqlite3MPrintf _sqlite3MAppendf _sqlite3_vmprintf _sqlite3_mprintf _renderLogMsg _sqlite3XPrintf _randomByte _sqlite3Prng _sqlite3_randomness _sqlite3PrngSaveState _sqlite3SavedPrng _sqlite3PrngRestoreState _sqlite3PrngResetState _sqlite3Utf8Trans1 _sqlite3Utf8Read _sqlite3VdbeMemTranslate _sqlite3VdbeMemHandleBom _sqlite3Utf8CharLen _sqlite3Utf16to8 _sqlite3Utf16ByteLen _sqlite3IsNaN _sqlite3Strlen30 _sqlite3Error _sqlite3ErrorMsg _sqlite3Dequote _sqlite3StrICmp _sqlite3AtoF _compare2pow63 _sqlite3Atoi64 _sqlite3GetInt32 _sqlite3Atoi _sqlite3PutVarint _sqlite3PutVarint32 _sqlite3GetVarint _sqlite3GetVarint32 _sqlite3VarintLen _sqlite3Get4byte _sqlite3Put4byte _hexToInt _sqlite3HexToBlob _logBadConnection _sqlite3SafetyCheckOk _sqlite3SafetyCheckSickOrOk _sqlite3HashInit _sqlite3HashClear _insertElement _findElementGivenHash _removeElementGivenHash _sqlite3HashFind _sqlite3HashInsert _azName.594 _sqlite3OpcodeName _sqlite3_os_type _utf8ToUnicode _unicodeToUtf8 _mbcsToUnicode _unicodeToMbcs _sqlite3_win32_mbcs_to_utf8 _utf8ToMbcs _seekWinFile _winClose _winWrite _winTruncate _winFileSize _getReadLock _unlockReadLock _winCheckReservedLock _winUnlock _winFileControl _winSectorSize _winDeviceCharacteristics _winShmEnterMutex _winShmLeaveMutex _winShmNodeList _winShmSystemLock _winShmPurge _winOpenSharedMemory _winShmUnmap _winShmLock _winShmBarrier _winShmMap _winIoMethod _convertUtf8Filename _zChars.694 _getTempname _getLastErrorMsg _winDelete _winAccess _winFullPathname _getSectorSize _winDlOpen _winDlError _winDlSym _winDlClose _winRandomness _winSleep _winFiletimeEpoch.734 _max32BitValue.735 _winCurrentTimeInt64 _winCurrentTime _winGetLastError _winVfs.745 _sqlite3_os_end _sqlite3BitvecCreate _sqlite3BitvecTest _sqlite3BitvecSet _sqlite3BitvecClear _sqlite3BitvecDestroy _sqlite3BitvecSize _sqlite3BitvecBuiltinTest _pcacheRemoveFromDirtyList _pcacheAddToDirtyList _pcacheUnpin _sqlite3PcacheInitialize _sqlite3PcacheShutdown _sqlite3PcacheSize _sqlite3PcacheOpen _sqlite3PcacheSetPageSize _sqlite3PcacheFetch _sqlite3PcacheRelease _sqlite3PcacheRef _sqlite3PcacheDrop _sqlite3PcacheMakeDirty _sqlite3PcacheMakeClean _sqlite3PcacheCleanAll _sqlite3PcacheClearSyncFlags _sqlite3PcacheMove _sqlite3PcacheTruncate _sqlite3PcacheClose _sqlite3PcacheClear _pcacheMergeDirtyList _pcacheSortDirtyList _sqlite3PcacheDirtyList _sqlite3PcacheRefCount _sqlite3PcachePageRefcount _sqlite3PcachePagecount _sqlite3PcacheSetCachesize _sqlite3PCacheBufferSetup _pcache1_g _pcache1Alloc _pcache1Free _pcache1AllocPage _pcache1FreePage _sqlite3PageMalloc _sqlite3PageFree _pcache1UnderMemoryPressure _pcache1ResizeHash _pcache1PinPage _pcache1RemoveFromHash _pcache1EnforceMaxPage _pcache1TruncateUnsafe _pcache1Init _pcache1Shutdown _pcache1Create _pcache1Cachesize _pcache1Pagecount _pcache1Fetch _pcache1Unpin _pcache1Rekey _pcache1Truncate _pcache1Destroy _defaultMethods.923 _sqlite3PCacheSetDefault _sqlite3RowSetInit _sqlite3RowSetClear _sqlite3RowSetInsert _rowSetMerge _rowSetSort _rowSetTreeToList _rowSetNDeepTree _rowSetListToTree _rowSetToList _sqlite3RowSetNext _sqlite3RowSetTest _aJournalMagic _pagerUseWal _subjRequiresPage _pageInJournal _read32bits _write32bits _pagerUnlockDb _pagerLockDb _readMasterJournal _journalHdrOffset _zeroHdr.987 _zeroJournalHdr _writeJournalHdr _readJournalHdr _writeMasterJournal _pager_lookup _pager_reset _releaseAllSavepoints _addToSavepointBitvecs _pager_unlock _pager_error _pager_end_transaction _pagerUnlockAndRollback _pager_cksum _pager_playback_one_page _pager_delmaster _pager_truncate _setSectorSize _pager_playback _readDbPage _pagerUndoCallback _pagerRollbackWal _pagerWalFrames _pagerBeginReadTransaction _pagerPagecount _pagerOpenWalIfPresent _pagerPlaybackSavepoint _sqlite3PagerSetCachesize _sqlite3PagerSetSafetyLevel _pagerOpentemp _sqlite3PagerSetBusyhandler _sqlite3PagerSetPagesize _sqlite3PagerTempSpace _sqlite3PagerMaxPageCount _sqlite3PagerReadFileheader _sqlite3PagerPagecount _pager_wait_on_lock _sqlite3PagerTruncateImage _pagerSyncHotJournal _sqlite3PagerClose _sqlite3PagerRef _zerobyte.1108 _syncJournal _pager_write_pagelist _openSubJournal _subjournalPage _pagerStress _sqlite3PagerOpen _hasHotJournal _sqlite3PagerSharedLock _pagerUnlockIfUnused _sqlite3PagerAcquire _sqlite3PagerLookup _sqlite3PagerUnref _pager_open_journal _sqlite3PagerBegin _pager_write _sqlite3PagerWrite _sqlite3PagerDontWrite _pager_incr_changecounter _sqlite3PagerSync _sqlite3PagerExclusiveLock _sqlite3PagerCommitPhaseOne _sqlite3PagerCommitPhaseTwo _sqlite3PagerRollback _sqlite3PagerIsreadonly _sqlite3PagerRefcount _sqlite3PagerMemUsed _sqlite3PagerPageRefcount _sqlite3PagerIsMemdb _sqlite3PagerOpenSavepoint _sqlite3PagerSavepoint _sqlite3PagerFilename _sqlite3PagerVfs _sqlite3PagerFile _sqlite3PagerJournalname _sqlite3PagerNosync _sqlite3PagerMovepage _sqlite3PagerGetData _sqlite3PagerGetExtra _sqlite3PagerLockingMode _sqlite3PagerSetJournalMode _sqlite3PagerGetJournalMode _sqlite3PagerOkToChangeJournalMode _sqlite3PagerJournalSizeLimit _sqlite3PagerBackupPtr _sqlite3PagerCheckpoint _sqlite3PagerWalCallback _sqlite3PagerWalSupported _pagerExclusiveLock _pagerOpenWal _sqlite3PagerOpenWal _sqlite3PagerCloseWal _walIndexPage _walCkptInfo _walIndexHdr _walChecksumBytes _walShmBarrier _walIndexWriteHdr _walEncodeFrame _walDecodeFrame _walLockShared _walUnlockShared _walLockExclusive _walUnlockExclusive _walNextHash _walHashGet _walFramePage _walFramePgno _walCleanupHash _walIndexAppend _walIndexRecover _walIndexClose _sqlite3WalOpen _walIteratorNext _walMerge _walMergesort _walIteratorFree _walIteratorInit _walCheckpoint _sqlite3WalClose _walIndexTryHdr _walIndexReadHdr _walTryBeginRead _sqlite3WalBeginReadTransaction _sqlite3WalEndReadTransaction _sqlite3WalRead _sqlite3WalDbsize _sqlite3WalBeginWriteTransaction _sqlite3WalEndWriteTransaction _sqlite3WalUndo _sqlite3WalSavepoint _sqlite3WalSavepointUndo _walRestartLog _sqlite3WalFrames _sqlite3WalCheckpoint _sqlite3WalCallback _sqlite3WalExclusiveMode _sqlite3WalHeapMemory _lockBtreeMutex _unlockBtreeMutex _sqlite3BtreeEnter _sqlite3BtreeLeave _sqlite3BtreeEnterCursor _sqlite3BtreeLeaveCursor _sqlite3BtreeEnterAll _sqlite3BtreeLeaveAll _sqlite3BtreeMutexArrayInsert _sqlite3BtreeMutexArrayEnter _sqlite3BtreeMutexArrayLeave _zMagicHeader _sqlite3SharedCacheList _sqlite3_enable_shared_cache _querySharedCacheTableLock _setSharedCacheTableLock _clearAllSharedCacheTableLocks _downgradeAllSharedCacheTableLocks _invalidateOverflowCache _invalidateAllOverflowCache _invalidateIncrblobCursors _btreeSetHasContent _btreeGetHasContent _btreeClearHasContent _saveCursorPosition _saveAllCursors _sqlite3BtreeClearCursor _btreeMoveto _btreeRestoreCursorPosition _sqlite3BtreeCursorHasMoved _ptrmapPageno _ptrmapPut _ptrmapGet 
other one:
includes directories leading up to mingw32.h, the most noticable for me (thanks Ruby programming language)

Code: Select all

                                           libgcc2.c /home/drh/mingw/gcc-i386-mingw32msvc/gcc/ /home/drh/mingw/source/gcc-2.95.3-20010828/gcc/libgcc2.c int:t(0,1)=r(0,1);0020000000000;0017777777777; char:t(0,2)=r(0,2);0;127; long int:t(0,3)=r(0,1);0020000000000;0017777777777; unsigned int:t(0,4)=r(0,1);0000000000000;0037777777777; long unsigned int:t(0,5)=r(0,1);0000000000000;0037777777777; long long int:t(0,6)=r(0,1);01000000000000000000000;0777777777777777777777; long long unsigned int:t(0,7)=r(0,1);0000000000000;01777777777777777777777; short int:t(0,8)=r(0,8);-32768;32767; short unsigned int:t(0,9)=r(0,9);0;65535; signed char:t(0,10)=r(0,10);-128;127; unsigned char:t(0,11)=r(0,11);0;255; float:t(0,12)=r(0,1);4;0; double:t(0,13)=r(0,1);8;0; long double:t(0,14)=r(0,1);12;0; complex int:t(0,15)=s8real:(0,1),0,32;imag:(0,1),32,32;; complex float:t(0,16)=r(0,16);4;0; complex double:t(0,17)=r(0,17);8;0; complex long double:t(0,18)=r(0,18);12;0; void:t(0,19)=(0,19) tconfig.h /home/drh/mingw/source/gcc-2.95.3-20010828/gcc/gansidecl.h /home/drh/mingw/source/gcc-2.95.3-20010828/gcc/../include/ansidecl.h /home/drh/mingw/source/gcc-2.95.3-20010828/gcc/config/i386/xm-i386.h tm.h /home/drh/mingw/source/gcc-2.95.3-20010828/gcc/config/i386/mingw32.h /home/drh/mingw/source/gcc-2.95.3-20010828/gcc/config/i386/cygwin.h /home/drh/mingw/source/gcc-2.95.3-20010828/gcc/config/i386/gas.h /home/drh/mingw/source/gcc-2.95.3-20010828/gcc/config/i386/i386.h processor_costs:T(9,1)=s28add:(0,1),0,32;lea:(0,1),32,32;shift_var:(0,1),64,32;shift_const:(0,1),96,32;mult_init:(0,1),128,32;mult_bit:(0,1),160,32;divide:(0,1),192,32;; processor_type:T(9,2)=ePROCESSOR_I386:0,PROCESSOR_I486:1,PROCESSOR_PENTIUM:2,PROCESSOR_PENTIUMPRO:3,PROCESSOR_K6:4,; reg_class:T(9,3)=eNO_REGS:0,AREG:1,DREG:2,CREG:3,BREG:4,AD_REGS:5,Q_REGS:6,SIREG:7,DIREG:8,INDEX_REGS:9,GENERAL_REGS:10,FP_TOP_REG:11,FP_SECOND_REG:12,FLOAT_REGS:13,ALL_REGS:14,LIM_REG_CLASSES:15,; i386_args:T(9,4)=s12words:(0,1),0,32;nregs:(0,1),32,32;regno:(0,1),64,32;; CUMULATIVE_ARGS:t(9,5)=(9,4) /home/drh/mingw/source/gcc-2.95.3-20010828/gcc/config/i386/bsd.h /home/drh/mingw/source/gcc-2.95.3-20010828/gcc/config/i386/unix.h /home/drh/mingw/source/gcc-2.95.3-20010828/gcc/config/dbxcoff.h /home/drh/mingw/source/gcc-2.95.3-20010828/gcc/config/i386/xm-mingw32.h /opt/mingw/i386-mingw32msvc/include/stdlib.h /opt/mingw/i386-mingw32msvc/include/_mingw.h /opt/mingw/i386-mingw32msvc/include/stddef.h size_t:t(16,1)=(0,4) wchar_t:t(16,2)=(0,9) div_t:t(14,1)=(14,2)=s8quot:(0,1),0,32;rem:(0,1),32,32;; ldiv_t:t(14,3)=(14,4)=s8quot:(0,3),0,32;rem:(0,3),32,32;; /opt/mingw/i386-mingw32msvc/include/unistd.h /opt/mingw/i386-mingw32msvc/include/io.h /opt/mingw/i386-mingw32msvc/include/stdio.h wint_t:t(20,1)=(0,4) va_list:t(19,1)=(19,2)=*(0,2) _iobuf:T(19,3)=s32_ptr:(19,2),0,32;_cnt:(0,1),32,32;_base:(19,2),64,32;_flag:(0,1),96,32;_file:(0,1),128,32;_charbuf:(0,1),160,32;_bufsiz:(0,1),192,32;_tmpfname:(19,2),224,32;; FILE:t(19,4)=(19,3) fpos_t:t(19,5)=(0,6) /opt/mingw/i386-mingw32msvc/include/sys/types.h ptrdiff_t:t(22,1)=(0,1) time_t:t(21,1)=(0,3) _off_t:t(21,2)=(0,3) off_t:t(21,3)=(21,2) _dev_t:t(21,4)=(0,4) dev_t:t(21,5)=(21,4) _ino_t:t(21,6)=(0,8) ino_t:t(21,7)=(21,6) _pid_t:t(21,8)=(0,1) pid_t:t(21,9)=(21,8) _mode_t:t(21,10)=(0,9) mode_t:t(21,11)=(21,10) _sigset_t:t(21,12)=(0,1) sigset_t:t(21,13)=(21,12) _fsize_t:t(18,1)=(0,5) _finddata_t:T(18,2)=s280attrib:(0,4),0,32;time_create:(21,1),32,32;time_access:(21,1),64,32;time_write:(21,1),96,32;size:(18,1),128,32;name:(18,3)=ar(0,1);0;259;(0,2),160,2080;; _finddatai64_t:T(18,4)=s288attrib:(0,4),0,32;time_create:(21,1),32,32;time_access:(21,1),64,32;time_write:(21,1),96,32;size:(0,6),128,64;name:(18,3),192,2080;; _wfinddata_t:T(18,5)=s540attrib:(0,4),0,32;time_create:(21,1),32,32;time_access:(21,1),64,32;time_write:(21,1),96,32;size:(18,1),128,32;name:(18,6)=ar(0,1);0;259;(16,2),160,4160;; _wfinddatai64_t:T(18,7)=s544attrib:(0,4),0,32;time_create:(21,1),32,32;time_access:(21,1),64,32;time_write:(21,1),96,32;size:(0,6),128,64;name:(18,6),192,4160;; /home/drh/mingw/source/gcc-2.95.3-20010828/gcc/machmode.h /home/drh/mingw/source/gcc-2.95.3-20010828/gcc/machmode.def machine_mode:T(23,1)=eVOIDmode:0,PQImode:1,QImode:2,PHImode:3,HImode:4,PSImode:5,SImode:6,PDImode:7,DImode:8,TImode:9,OImode:10,QFmode:11,HFmode:12,TQFmode:13,SFmode:14,DFmode:15,XFmode:16,TFmode:17,QCmode:18,HCmode:19,SCmode:20,DCmode:21,XCmode:22,TCmode:23,CQImode:24,CHImode:25,CSImode:26,CDImode:27,CTImode:28,COImode:29,BLKmode:30,CCmode:31,CCFPEQmode:32,MAX_MACHINE_MODE:33,; mode_class:T(23,2)=eMODE_RANDOM:0,MODE_INT:1,MODE_FLOAT:2,MODE_PARTIAL_INT:3,MODE_CC:4,MODE_COMPLEX_INT:5,MODE_COMPLEX_FLOAT:6,MAX_MODE_CLASS:7,; /home/drh/mingw/source/gcc-2.95.3-20010828/gcc/defaults.h UQItype:t(0,20)=(0,11) SItype:t(0,21)=(0,1) USItype:t(0,22)=(0,4) DItype:t(0,23)=(0,6) UDItype:t(0,24)=(0,7) SFtype:t(0,25)=(0,12) DFtype:t(0,26)=(0,13) XFtype:t(0,27)=(0,14) word_type:t(0,28)=(0,1) DIstruct:T(0,29)=s8low:(0,21),0,32;high:(0,21),32,32;; DIunion:t(0,30)=(0,31)=u8s:(0,29),0,64;ll:(0,23),0,64;; /home/drh/mingw/source/gcc-2.95.3-20010828/gcc/longlong.h __clz_tab:S(0,32)=ar(0,1);0;-1;(0,20) __divdi3:F(0,23) u:p(0,23) v:p(0,23) v:(0,23) __moddi3:F(0,23) __umoddi3:F(0,24) u:p(0,24) v:p(0,24) u:(0,24) v:(0,24) __udivdi3:F(0,24) n:p(0,24) d:p(0,24) n:r(0,24) d:r(0,24) /home/drh/mingw/source/gcc-2.95.3-20010828/gcc/gbl-ctors.h func_ptr:t(27,1)=(27,2)=*(27,3)=f(0,19) __CTOR_LIST__:G(0,32)=ar(0,1);0;1;(27,1) __DTOR_LIST__:G(0,32)   
I have a feeling its logging some of his stuff
i know those are some funky ass algorithms. Can someone verify whether the .h library files are 3rd party or common in GCC library? (its obviously pointing to a GCC directory)

the filename is sqlite3.dll and i also have a feeling that theres code in here that allows it to "regenerate" itself if it experiences a critical failure

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests