Created
July 14, 2025 16:50
-
-
Save rbmm/2a0a89af437bc63ddce65bf0b86396dc to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p | |
| ------------------------------------------------ | |
| KernelBase.dll!CreateProcessInternalW | |
| KernelBase.dll!CreateProcessAsUserW + 63 | |
| kernel32.dll!CreateProcessAsUserW + 60 | |
| rpcss.dll!long CClassData::PrivilegedLaunchRunAsServer(CToken *,int,unsigned long,unsigned long,unsigned long,unsigned short *,unsigned __int64,unsigned __int64,unsigned __int64,tagBLOB *,_GUID const *,void *,tagBLOB *,void *,void *,void *,void * *,void * | |
| rpcss.dll!<lambda_489b516486e6fe272c46d0ac0b2bfda9>::operator() + 2ff | |
| rpcss.dll!_LaunchWinRTRunAsServer + 1c3 | |
| rpcrt4.dll!Invoke + 73 | |
| rpcrt4.dll!NdrStubCall2 + 30d | |
| rpcrt4.dll!NdrServerCall2 + 1a | |
| rpcrt4.dll!DispatchToStubInCNoAvrf + 17 | |
| rpcrt4.dll!long RPC_INTERFACE::DispatchToStubWorker(_RPC_MESSAGE *,unsigned int,int,long *) + 194 | |
| rpcrt4.dll!long LRPC_SCALL::DispatchRequest(int *) + aa8 | |
| rpcrt4.dll!void LRPC_SCALL::QueueOrDispatchCall(void) + e4 | |
| rpcrt4.dll!void LRPC_SCALL::HandleRequest(_PORT_MESSAGE *,_PORT_MESSAGE *,void *,unsigned __int64,RPCP_ALPC_HANDLE_ATTR *) + 2ba | |
| rpcrt4.dll!void LRPC_ADDRESS::HandleRequest(_PORT_MESSAGE *,RPCP_ALPC_MESSAGE_ATTRIBUTES *,_PORT_MESSAGE *,int) + 3ac | |
| rpcrt4.dll!void LRPC_ADDRESS::ProcessIO(void *) + 2f3 | |
| rpcrt4.dll!void LrpcIoComplete(_TP_CALLBACK_INSTANCE *,void *,_TP_ALPC *,void *) + c8 | |
| ntdll.dll!TppAlpcpExecuteCallback + 3b3 | |
| ntdll.dll!TppWorkerThread + 563 | |
| kernel32.dll!BaseThreadInitThunk + 17 | |
| ntdll.dll!RtlUserThreadStart + 2c | |
| ------------------------------------------------ | |
| C:\WINDOWS\system32\svchost.exe -k RPCSS -p | |
| ------------------------------------------------ | |
| ntdll.dll!ZwAlpcSendWaitReceivePort + 14 | |
| RPCRT4.dll!long LRPC_BASE_CCALL::DoSendReceive(void) + 156 | |
| RPCRT4.dll!virtual long LRPC_BASE_CCALL::SendReceive(_RPC_MESSAGE *) + 56 | |
| RPCRT4.dll!I_RpcSendReceive + 4e | |
| RPCRT4.dll!NdrpSendReceive + 2e | |
| RPCRT4.dll!NdrpClientCall2 + 4e6 | |
| RPCRT4.dll!NdrClientCall2 + 1f | |
| rpcss.dll!virtual long CActivatableClassData::LaunchRunAsServer(ACTIVATION_PARAMS *,void * *,void * *,unsigned long *,int *) + 245 | |
| rpcss.dll!long CServerTableEntry::StartServerAndWaitImpl(ACTIVATION_PARAMS *,CClassData *,int,CNamedObject *,CNamedObject *,long,long *,int *,long *) + d1 | |
| rpcss.dll!long CServerTableEntry::StartServerAndWait(ACTIVATION_PARAMS *,CClassData *,int,CNamedObject *,long *) + 7ad | |
| rpcss.dll!long Activation(ACTIVATION_PARAMS *) + 1a37 | |
| rpcss.dll!long ActivateFromProperties(IActivationPropertiesIn *,IActivationPropertiesOut * *) + 1d3 | |
| rpcss.dll!virtual long ActivationPropertiesIn::DelegateCreateInstance(IUnknown *,IActivationPropertiesOut * *) + 98 | |
| rpcss.dll!long ActivateFromPropertiesPreamble(ActivationPropertiesIn *,IActivationPropertiesOut * *,ACTIVATION_PARAMS *) + 1bd0 | |
| rpcss.dll!long PerformScmStage(tagACTIVATION_STAGE,ACTIVATION_PARAMS *,tagMInterfacePointer *,tagMInterfacePointer * *) + a8b | |
| rpcss.dll!SCMActivatorCreateInstance + 1fd | |
| RPCRT4.dll!Invoke + 73 | |
| RPCRT4.dll!NdrStubCall2 + 30d | |
| RPCRT4.dll!NdrServerCall2 + 1a | |
| RPCRT4.dll!DispatchToStubInCNoAvrf + 17 | |
| RPCRT4.dll!long RPC_INTERFACE::DispatchToStubWorker(_RPC_MESSAGE *,unsigned int,int,long *) + 194 | |
| RPCRT4.dll!long LRPC_SCALL::DispatchRequest(int *) + aa8 | |
| RPCRT4.dll!void LRPC_SCALL::QueueOrDispatchCall(void) + e4 | |
| RPCRT4.dll!void LRPC_SCALL::HandleRequest(_PORT_MESSAGE *,_PORT_MESSAGE *,void *,unsigned __int64,RPCP_ALPC_HANDLE_ATTR *) + 2ba | |
| RPCRT4.dll!void LRPC_ADDRESS::HandleRequest(_PORT_MESSAGE *,RPCP_ALPC_MESSAGE_ATTRIBUTES *,_PORT_MESSAGE *,int) + 3ac | |
| RPCRT4.dll!void LRPC_ADDRESS::ProcessIO(void *) + 2f3 | |
| RPCRT4.dll!void LrpcIoComplete(_TP_CALLBACK_INSTANCE *,void *,_TP_ALPC *,void *) + c8 | |
| ntdll.dll!TppAlpcpExecuteCallback + 3b3 | |
| ntdll.dll!TppWorkerThread + 563 | |
| KERNEL32.DLL!BaseThreadInitThunk + 17 | |
| ntdll.dll!RtlUserThreadStart + 2c | |
| ------------------------------------------------ | |
| sihost.exe | |
| ntdll.dll!ZwWaitForMultipleObjects + 14 | |
| KERNELBASE.dll!WaitForMultipleObjectsEx + 123 | |
| combase.dll!long MTAThreadWaitForCall(CSyncClientCall *,WaitForCallReason,unsigned long) + f4 | |
| combase.dll!virtual long CSyncClientCall::SendReceive2(tagRPCOLEMESSAGE *,unsigned long *) + fe5 | |
| combase.dll!long CSyncClientCall::SendReceiveInRetryContext(SyncClientCallRetryContext *,tagRPCOLEMESSAGE *,unsigned long *) + 5b | |
| combase.dll!virtual long CSyncClientCall::SendReceive(tagRPCOLEMESSAGE *,unsigned long *) + 283 | |
| combase.dll!void NdrExtpProxySendReceive(void *,_MIDL_STUB_MESSAGE *) + b3 | |
| RPCRT4.dll!NdrpClientCall3 + 431 | |
| combase.dll!ObjectStublessClient + 146 | |
| combase.dll!ObjectStubless + 42 | |
| combase.dll!long CRpcResolver::DelegateActivationToSCM(bool,IActivationPropertiesIn *,IActivationPropertiesOut * *) + 649 | |
| combase.dll!long CRpcResolver::CreateInstance(IActivationPropertiesIn *,IActivationPropertiesOut * *) + 1a | |
| combase.dll!virtual long CClientContextActivator::CreateInstance(IUnknown *,IActivationPropertiesIn *,IActivationPropertiesOut * *) + 22b | |
| combase.dll!long WinRTCreateInstanceOfOutofprocClass(IWinRTRuntimeClassInfo *,Windows::Foundation::IExtensionRegistration *,unsigned long,unsigned long,unsigned __int64,Windows::Foundation::IActivationContext *,tagMULTI_QI *) + 129 | |
| combase.dll!WinRTActivateInstanceInternal + 5fb | |
| combase.dll!virtual long CExtensionRegistration::Activate(IInspectable * *) + 91 | |
| activationmanager.dll!long AppActivation::CreateActivatableApplication(Windows::ApplicationModel::Activation::IActivatedEventArgs *,Windows::ApplicationModel::Core::IActivatableApplication * *) + de | |
| activationmanager.dll!long AppActivation::ActivateInternal(bool,Windows::ApplicationModel::Activation::IInitializeActivatedEventArgs *,CRPCTimeoutAndWaitOnAppLaunchGrace *,IPendingViewRequest *,ACTIVATION_PHASE *,IInspectable * *) + 10b | |
| activationmanager.dll!virtual long AppActivation::Activate(bool,Windows::ApplicationModel::Activation::IInitializeActivatedEventArgs *,IPendingViewRequest *,ACTIVATION_PHASE *,IInspectable * *) + 1ae | |
| activationmanager.dll!long Execution::ActivationManagerShim::ActivateViewForApplication(unsigned __int64,unsigned short const *,unsigned short const *,unsigned __int64,ACTIVATEOPTIONSINTERNAL,PACKAGEACTIVATIONSETTINGS,ActivationUserInfo const &,_GUID cons | |
| activationmanager.dll!<lambda_ad8f10689a8fc17e756c2fa83f2e2e2d>::operator() + a32 | |
| activationmanager.dll!long Execution::ActivationManagerShim::ActivateApplicationForContractCore(HSTRING__ *,HSTRING__ *,unsigned __int64,ACTIVATEOPTIONSINTERNAL,IInspectable *,_ActivateComponentInfo const *,ActivateByExtensionArgs *,IInspectable *,Activat | |
| activationmanager.dll!virtual long Execution::ActivationManagerShim::ActivateApplicationForContractByAcidAsUserWithHost(HSTRING__ *,HSTRING__ *,IInspectable *,HSTRING__ *,IInspectable *,ACTIVATEOPTIONSINTERNAL,unsigned __int64,unsigned long *) + 2f9 | |
| RPCRT4.dll!Invoke + 73 | |
| RPCRT4.dll!long Ndr64StubWorker(void *,void *,_RPC_MESSAGE *,_MIDL_SERVER_INFO_ *,long (*const *)(void),_MIDL_SYNTAX_INFO *,unsigned long *) + 6ee | |
| RPCRT4.dll!NdrStubCall3 + c0 | |
| combase.dll!CStdStubBuffer_Invoke + 7d | |
| combase.dll!ObjectMethodExceptionHandlingAction<<lambda_c9f3956a20c9da92a64affc24fdd69ec> > + 47 | |
| combase.dll!long DefaultStubInvoke(bool,IServerCall *,IRpcChannelBuffer *,IRpcStubBuffer *,unsigned long *) + 376 | |
| combase.dll!long StubInvoke(tagRPCOLEMESSAGE *,_GUID const &,CStdIdentity *,IRpcStubBuffer *,CServerChannel *,tagIPIDEntry *,unsigned long *) + 321 | |
| combase.dll!virtual long ServerCall::ContextInvoke(tagIPIDEntry *) + 2cd | |
| combase.dll!long DefaultInvokeInApartment(ServerCall *,tagIPIDEntry *) + 8a | |
| combase.dll!long ComInvokeWithLockAndIPID(ServerCall *,tagIPIDEntry *) + daf | |
| combase.dll!void ThreadInvoke(_RPC_MESSAGE *) + 103 | |
| RPCRT4.dll!DispatchToStubInCNoAvrf + 17 | |
| RPCRT4.dll!long RPC_INTERFACE::DispatchToStubWorker(_RPC_MESSAGE *,unsigned int,int,long *) + 194 | |
| RPCRT4.dll!long LRPC_SCALL::DispatchRequest(int *) + 85a | |
| RPCRT4.dll!void LRPC_SCALL::QueueOrDispatchCall(void) + e4 | |
| RPCRT4.dll!void LRPC_SCALL::HandleRequest(_PORT_MESSAGE *,_PORT_MESSAGE *,void *,unsigned __int64,RPCP_ALPC_HANDLE_ATTR *) + 2ba | |
| RPCRT4.dll!void LRPC_ADDRESS::HandleRequest(_PORT_MESSAGE *,RPCP_ALPC_MESSAGE_ATTRIBUTES *,_PORT_MESSAGE *,int) + 3ac | |
| RPCRT4.dll!void LRPC_ADDRESS::ProcessIO(void *) + 2f3 | |
| RPCRT4.dll!void LrpcIoComplete(_TP_CALLBACK_INSTANCE *,void *,_TP_ALPC *,void *) + c8 | |
| ntdll.dll!TppAlpcpExecuteCallback + 3b3 | |
| ntdll.dll!TppWorkerThread + 563 | |
| KERNEL32.DLL!BaseThreadInitThunk + 17 | |
| ntdll.dll!RtlUserThreadStart + 2c | |
| ------------------------------------------------ | |
| C:\WINDOWS\Explorer.EXE | |
| win32u.dll!NtUserMsgWaitForMultipleObjectsEx + 14 | |
| combase.dll!long CCliModalLoop::BlockFn(void * *,unsigned long,unsigned long *) + 110 | |
| combase.dll!long ModalLoop(CSyncClientCall *) + b9 | |
| combase.dll!virtual long CSyncClientCall::SendReceive2(tagRPCOLEMESSAGE *,unsigned long *) + 1596 | |
| combase.dll!long ClassicSTAThreadSendReceive(CSyncClientCall *,tagRPCOLEMESSAGE *,unsigned long *) + 1a2 | |
| combase.dll!virtual long CSyncClientCall::SendReceive(tagRPCOLEMESSAGE *,unsigned long *) + 55a | |
| combase.dll!void NdrExtpProxySendReceive(void *,_MIDL_STUB_MESSAGE *) + b3 | |
| RPCRT4.dll!NdrpClientCall3 + 431 | |
| combase.dll!ObjectStublessClient + 146 | |
| combase.dll!ObjectStubless + 42 | |
| twinui.appcore.dll!virtual long ApplicationActivationManagerProxy::ActivateApplicationForContractByAcidAsUserWithHost(HSTRING__ *,HSTRING__ *,IInspectable *,HSTRING__ *,IInspectable *,ACTIVATEOPTIONSINTERNAL,unsigned __int64,unsigned long *) + 95 | |
| Windows.System.Launcher.dll!virtual long AssociationLaunchExecuteCommandBase::Execute(void) + 3fe | |
| windows.storage.dll!long CBindAndInvokeStaticVerb::InitAndCallExecute(IExecuteCommand *,IShellItemArray *,bool) + 162 | |
| windows.storage.dll!TRYRESULT CBindAndInvokeStaticVerb::TryExecuteCommandHandler(void) + 195 | |
| windows.storage.dll!virtual long CBindAndInvokeStaticVerb::Execute(void) + 165 | |
| windows.storage.dll!long RegDataDrivenCommand::_TryInvokeAssociation(_CMINVOKECOMMANDINFOEX const *,IShellItemArray *) + a7 | |
| windows.storage.dll!long RegDataDrivenCommand::_Invoke(_CMINVOKECOMMANDINFOEX const *,IShellItemArray *,IBindCtx *) + 176 | |
| SHELL32.dll!long CRegistryVerbsContextMenu::_Execute(_CMINVOKECOMMANDINFOEX *,unsigned int) + cb | |
| SHELL32.dll!virtual long CRegistryVerbsContextMenu::InvokeCommand(_CMINVOKECOMMANDINFO *) + ce | |
| SHELL32.dll!HDXA_LetHandlerProcessCommandEx + 12e | |
| SHELL32.dll!virtual long CDefFolderMenu::InvokeCommand(_CMINVOKECOMMANDINFO *) + 25a | |
| windows.storage.dll!long CShellExecute::_InvokeInProcExec(IContextMenu *) + 132 | |
| windows.storage.dll!long CShellExecute::_InvokeCtxMenu(void) + 5b | |
| windows.storage.dll!void CShellExecute::_DoExecute(ShellExecuteProvider::ShellExecuteNormal &) + bf | |
| windows.storage.dll!void CShellExecute::ExecuteNormal(_SHELLEXECUTEINFOW *) + 265 | |
| windows.storage.dll!unsigned long ShellExecuteNormal(_SHELLEXECUTEINFOW *) + 5a | |
| windows.storage.dll!ShellExecuteExW + c1 | |
| windows.storage.dll!ShellExecCmdLineWithSite + 1d3 | |
| SHELL32.dll!int CRunDlg::OKPushed(void) + 3b3 | |
| SHELL32.dll!__int64 RunDlgProc(HWND__ *,unsigned int,unsigned __int64,__int64) + 209 | |
| user32.dll!int UserCallDlgProcCheckWow(_ACTIVATION_CONTEXT *,__int64 (*)(HWND__ *,unsigned int,unsigned __int64,__int64),HWND__ *,_WM_VALUE,unsigned __int64,__int64,void *,__int64 *) + 18a | |
| user32.dll!DefDlgProcWorker + c4 | |
| user32.dll!DefDlgProcW + 36 | |
| user32.dll!__int64 UserCallWinProcCheckWow(_ACTIVATION_CONTEXT *,__int64 (*)(tagWND *,unsigned int,unsigned __int64,__int64),HWND__ *,_WM_VALUE,unsigned __int64,__int64,void *,int) + 341 | |
| user32.dll!__int64 SendMessageWorker(tagWND *,unsigned int,unsigned __int64,__int64,int) + 223 | |
| user32.dll!__int64 SendMessageInternal(HWND__ *,unsigned int,unsigned __int64,__int64,int) + 174 | |
| user32.dll!SendMessageW + ef | |
| comctl32.dll!void Button_ReleaseCapture(tagBUTN *,int) + 18d | |
| comctl32.dll!__int64 Button_WndProc(HWND__ *,unsigned int,unsigned __int64,__int64) + d29 | |
| user32.dll!__int64 UserCallWinProcCheckWow(_ACTIVATION_CONTEXT *,__int64 (*)(tagWND *,unsigned int,unsigned __int64,__int64),HWND__ *,_WM_VALUE,unsigned __int64,__int64,void *,int) + 341 | |
| user32.dll!DispatchMessageWorker + 1dd | |
| user32.dll!IsDialogMessageW + 13b | |
| user32.dll!__int64 DialogBox2(HWND__ *,HWND__ *,int,int) + 2a0 | |
| user32.dll!__int64 InternalDialogBox(void *,DLGTEMPLATE *,HWND__ *,__int64 (*)(HWND__ *,unsigned int,unsigned __int64,__int64),__int64,unsigned int) + 8f | |
| user32.dll!DialogBoxIndirectParamAorW + 6c | |
| user32.dll!DialogBoxParamW + 72 | |
| SHELL32.dll!SHFusionDialogBoxParam + 62 | |
| SHELL32.dll!RunFileDlg + 201 | |
| Explorer.EXE!void _RunFileDlg(HWND__ *,unsigned int,_ITEMIDLIST_ABSOLUTE const *,unsigned int,unsigned int,unsigned long) + 99 | |
| Explorer.EXE!unsigned long CTray::_RunDlgThreadProc(tagRECT *) + 356 | |
| shcore.dll!_WrapperThreadProc + 15a | |
| KERNEL32.DLL!BaseThreadInitThunk + 17 | |
| ntdll.dll!RtlUserThreadStart + 2c |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment