Trojan.Win32.FlyStudio_2f0e2c3a83

by malwarelabrobot on April 1st, 2018 in Malware Descriptions.

HEUR:HackTool.Win32.FlyStudio.gen (Kaspersky), Adware.Stud (VIPRE), Artemis!2F0E2C3A8371 (McAfee), Trojan.Win32.FlyStudio.FD, Trojan.Win32.Swrort.3.FD, GenericEmailWorm.YR, TrojanFlyStudio.YR (Lavasoft MAS)
Behaviour: Trojan, Worm, EmailWorm, HackTool, Adware

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 2f0e2c3a83718c6c9bc26c02fa84a33f
SHA1: 2ae2f3a62642446682f5ed31df5ecf2974d2a80b
SHA256: 2fc172721fb748f662b88178a8bfd96368e0c385bcdd5b5365661d672215b538
SSDeep: 24576:5O8NNf8NUX/flYGbnKZaTV8A8OHa/d/O0xjb89nz:jNNUeX/flDQaTV8A8y6/bjcn
Size: 999936 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2016-05-13 05:03:41
Analyzed on: Windows7 SP1 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

Behaviour	Description
EmailWorm	Worm can send e-mails.

Process activity

The Trojan creates the following process(es):
No processes have been created.
The Trojan injects its code into the following process(es):

Ãƒâ€”Ã‚Â¿ÃƒÅ¸ÃƒÂ¤ÃƒÅ ÃƒËœÃ‚Â»Ã‚Â¤Ã‚Â³ÃƒÅ’ÃƒÂÃƒÂ².exe:3796
%original file name%.exe:2940

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:2940 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\Windows\System32\hdceke.h (8 bytes)
C:\Ãƒâ€”Ã‚Â¿ÃƒÅ¸ÃƒÂ¤ÃƒÅ ÃƒËœÃ‚Â»Ã‚Â¤Ã‚Â³ÃƒÅ’ÃƒÂÃƒÂ².exe (552 bytes)
C:\stockall.txt (82 bytes)

Registry activity

The process %original file name%.exe:2940 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\2f0e2c3a83718c6c9bc26c02fa84a33f_RASMANCS]
"EnableConsoleTracing" = "0"

[HKCU\Software\Ãƒâ€”Ã‚Â¿ÃƒÅ¸ÃƒÂ¤ÃƒË†Ã‚Â«Ãƒâ€”Ãƒâ€Ã‚Â¶Ã‚Â¯Ã‚Â¹Ãƒâ€°Ãƒâ€ Ã‚Â±Ã‚Â½Ã‚Â»Ãƒâ€™Ãƒâ€”Ã‚Â³ÃƒÅ’ÃƒÂÃƒÂ²]
"Ã‚ÂµÃƒËœÃƒâ€“Ã‚Â·" = "c:\%original file name%.exe"

[HKLM\SOFTWARE\Microsoft\Tracing\2f0e2c3a83718c6c9bc26c02fa84a33f_RASMANCS]
"MaxFileSize" = "1048576"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\2f0e2c3a83718c6c9bc26c02fa84a33f_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\2f0e2c3a83718c6c9bc26c02fa84a33f_RASAPI32]
"EnableFileTracing" = "0"

[HKCU\Software\Ãƒâ€”Ã‚Â¿ÃƒÅ¸ÃƒÂ¤ÃƒË†Ã‚Â«Ãƒâ€”Ãƒâ€Ã‚Â¶Ã‚Â¯Ã‚Â¹Ãƒâ€°Ãƒâ€ Ã‚Â±Ã‚Â½Ã‚Â»Ãƒâ€™Ãƒâ€”Ã‚Â³ÃƒÅ’ÃƒÂÃƒÂ²]
"Ãƒâ€Ãƒâ€¹ÃƒÂÃƒÂÃƒâ€“Ã‚Âµ" = "362"

[HKLM\SOFTWARE\Microsoft\Tracing\2f0e2c3a83718c6c9bc26c02fa84a33f_RASMANCS]
"FileTracingMask" = "4294901760"
"EnableFileTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\2f0e2c3a83718c6c9bc26c02fa84a33f_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\2f0e2c3a83718c6c9bc26c02fa84a33f_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\2f0e2c3a83718c6c9bc26c02fa84a33f_RASAPI32]
"FileTracingMask" = "4294901760"

[HKCU\Software\Ãƒâ€”Ã‚Â¿ÃƒÅ¸ÃƒÂ¤ÃƒË†Ã‚Â«Ãƒâ€”Ãƒâ€Ã‚Â¶Ã‚Â¯Ã‚Â¹Ãƒâ€°Ãƒâ€ Ã‚Â±Ã‚Â½Ã‚Â»Ãƒâ€™Ãƒâ€”Ã‚Â³ÃƒÅ’ÃƒÂÃƒÂ²]
"inst" = "123606"
"Port" = "30196"
"Ãƒâ€ ÃƒÂ´Ã‚Â¶Ã‚Â¯Ãƒâ€“Ã‚Âµ" = "2940"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3D 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\2f0e2c3a83718c6c9bc26c02fa84a33f_RASAPI32]
"EnableConsoleTracing" = "0"
"ConsoleTracingMask" = "4294901760"

"MaxFileSize" = "1048576"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

Dropped PE files

MD5	File path
b5355b9e1b661d4f30779a800ff26f33	c:\Ã—Â¿ÃŸÃ¤ÃŠÃ˜Â»Â¤Â³ÃŒÃÃ².exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: qq:358256780
Product Name: ???????????
Product Version: 8.3.4.0
Legal Copyright: ????????,????????????????????????
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 8.3.4.0
File Description: ???-????????
Comments: ????????,????????????????????????
Language: Language Neutral

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
UPX0	4096	2076672	0	0	d41d8cd98f00b204e9800998ecf8427e
UPX1	2080768	991232	990208	5.48142	e288522c44fb59d8551c48461964acbc
.rsrc	3072000	12288	8704	3.75754	0301f0ed9e2673eb202c48a53e51ac78

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://idc-hq-hk.sinajs.cn/list=sz399001
hxxp://eastmoney.xdwscache.ourwebcdn.com/stocklist.html
www.zdjy.top	183.67.16.220
hq.sinajs.cn	203.90.242.126
quote.eastmoney.com	157.185.149.167
z1.zdjy.top

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY Unsupported/Fake Windows NT Version 5.0

Traffic

GET /stocklist.html HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

Accept: */*

Host: quote.eastmoney.com

Cache-Control: no-cache


HTTP/1.1 200 OK

Date: Sat, 31 Mar 2018 03:02:48 GMT

Server: Tengine

Content-Type: text/html

Content-Length: 608273

Last-Modified: Sat, 31 Mar 2018 03:01:21 GMT

Accept-Ranges: bytes

ETag: "f92e258c9cc8d31:0"

X-Powered-By: ASP.NET

X-Via: 1.1 huangxian181:0 (Cdn Cache Server V2.0), 1.1 lundun103:0 (Cdn Cache Server V2.0), 1.1 PShlamstdAMS1uv190:10 (Cdn Cache Server V2.0)

Connection: keep-alive
..<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "h
ttp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html 
xmlns="hXXp://VVV.w3.org/1999/xhtml">..<head>..    <title&
gt;.................. _ ........ _ ..........</title>..    <m
eta http-equiv="content-type" content="text/html; charset=gb2312" />
;..    <link href="hXXp://hqres.eastmoney.com/EMQuote_Lib/css/qphf.
css" rel="stylesheet" type="text/css" />..    <link href="http:/
/hqres.eastmoney.com/EMQuote_A/eqcss/qmain.css" rel="stylesheet" type=
"text/css" />..    <link href="hXXp://hqres.eastmoney.com/EMQuot
e_A/eqcss/master.css" rel="stylesheet" type="text/css" />..    <
script type="text/javascript" src="hXXp://hqres.eastmoney.com/EMQuote_
A/eqjs/Base.js"></script>..    <script type="text/javascri
pt" src="hXXp://VVV.eastmoney.com/js/StockSuggest.js"></script&g
t;..    <script src="hXXp://hqres.eastmoney.com/EMQuote_Lib/js/qphf
.js" type="text/javascript"></script>  ..</head>..<b
ody>..    ..<div class="qphox">...<div class="tmbox">..
        <ul><li><a target="_blank" href="hXXp://finance
.eastmoney.com/" >....</a></li><li class="i">|<
;/li><li><a target="_blank" href="hXXp://finance.eastmoney
.com/yaowen.html" >....</a></li><li class="i">|&l
t;/li><li><a target="_blank" href="hXXp://stock.eastmoney.
com/" >....</a></li><li class="i">|</li><<< skipped >>>

GET /list=sz399001 HTTP/1.1

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

Accept: */*

Host: hq.sinajs.cn

Cache-Control: no-cache


HTTP/1.1 200 OK

Cache-Control: no-cache

Content-Length: 226

Connection: Keep-Alive

Content-Type: application/javascript; charset=GBK
var hq_str_sz399001="........,10776.706,10755.920,10868.655,10883.049,
10766.526,0.000,0.000,20910316308,300756301796.344,0,0.000,0,0.000,0,0
.000,0,0.000,0,0.000,0,0.000,0,0.000,0,0.000,0,0.000,0,0.000,2018-03-3
0,16:30:03,00";.HTTP/1.1 200 OK..Cache-Control: no-cache..Content-Leng
th: 226..Connection: Keep-Alive..Content-Type: application/javascript;
 charset=GBK..var hq_str_sz399001="........,10776.706,10755.920,10868.
655,10883.049,10766.526,0.000,0.000,20910316308,300756301796.344,0,0.0
00,0,0.000,0,0.000,0,0.000,0,0.000,0,0.000,0,0.000,0,0.000,0,0.000,0,0
.000,2018-03-30,16:30:03,00";...

The Trojan connects to the servers at the folowing location(s):

%original file name%.exe_2940:

`.rsrc

t%C@2tx@

t%SVh

t$(SSh

~%UVW

t.It It

SSh<.e

}?9\$0~9

u$SShe

Jiu2.iu

/wK(.wE

wininet.dll

kernel32.dll

Kernel32.dll

advapi32.dll

ole32.dll

user32.dll

Shell32.dll

MapVirtualKeyA

MsgWaitForMultipleObjects

HttpOpenRequestA

HttpSendRequestA

HttpQueryInfoA

ShellExecuteExA

keybd_event

TCPServer

WinRing0.dll

ReadIoPortByte

KERNEL32.DLL

GDI32.DLL

USER32.DLL

SHELL32.DLL

ADVAPI32.DLL

MPR.DLL

WINMM.DLL

FreeLibraryWriteIoPortByteEx

tc.exe

\tc.exe

WTCommlib.dll

Tc.dll

failure[apikey

OcrKingForPassages

hXXp://sf.scu.edu.cn/servlet/feeImage

Content-Disposition: form-data; name="apiKey"

[apikey]

hXXp://lab.ocrking.com/ok.html

Content-Disposition: form-data; name="ocrfile"; filename="feeImage.jpg"

Referer: hXXp://lab.ocrking.com

Host: lab.ocrking.com

https

Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)

http=

HTTP/1.1

Content-Type: application/x-www-form-urlencoded

hXXps://

hXXp://

hXXp://hq.sinajs.cn/list=sz399001

&password=

C:\Windows\System32\

hXXp://hq.sinajs.cn/list=

hXXp://ichart.finance.yahoo.com/table.csv?a=

.SZ&ql=1

VVV.zdjy.top

\port

127.0.0.1

\atcon.txt

\cloudtrad.ini

cloudtrad.ini

358256780

\Tc.exe

358256780@qq.com

;1:1;2;0;0;0;0

;1:1;2;7;8;8;1

;1:1;2;7;8;2;2

;1:1;2;7;8;2;1

;1:1;2;4;39;2;2

;2:1;4;8;24;2;1

hXXp://VVV.zdjy.top/mdataip.txt

(@z1.zdjy.top

sh-cqgaji.myalauda.cn

bj-cqgaji1.myalauda.cn

cqgaji-web2-0.daoapp.io

hXXp://quote.eastmoney.com/stocklist.html

hXXp://quote.eastmoney.com/sh

.html

hXXp://quote.eastmoney.com/sz

\stockall.txt

hXXp://qt.gtimg.cn/q=

.rsrc

A.Xe3f

####.BVjv;

.PJ8&4

k\\%SG@x

Om.Hs

!G.CS

y`g#Z%fpm

5<\UWSSHh

%UmG|

8,J8-H}GN

wx`>x.htC

.Be$>;

t2.ez

z#h.WW

b.LDQ2

K.sUQ

]*,^] %F

uA.MT

GE.IY\

HA_X%Ux:

AY.lj

*.xnt2,#

%CxdH

N4xdh%dP

C.kwFt

@.%XXgrHVx

%C 5A

s.tyP

?n.NNn

%*.*f I64

CNotSupportedExcepti

7Z.DLL7H

CmdT"

.INaK

.MSVCRTE

.PAVC

.htm7H

(&07-034/)7

)*$-2{

.Tu8&

7%s:%dS

%ld%cW

zcÁ

.chs\S

e.Uc-c-9

.Xj/-W5

"ZKey

ADVAPI32.dll

COMCTL32.dll

comdlg32.dll

GDI32.dll

OLEAUT32.dll

SHELL32.dll

USER32.dll

WINMM.dll

WINSPOOL.DRV

WS2_32.dll

RegCloseKey

ShellExecuteA

hXXp://VVV.zdjy.top/updata/updata.txt

updata.zip

1973-11-15-

\tlog.txt

hXXp://wpa.qq.com/msgrd?v=3&uin=

hXXp://r.qzone.qq.com/fcg-bin/cgi_get_score.fcg?mask=7&uins=

smtp.

@qq.com:

hXXp://zhidao.baidu.com/link?url=pMvhbOuS6gAg6g8CFyzxRtqVRfJACFTd5r227lp33nSiegxVQzOyOPVWTLir5OgqA47vn8a8Gk-4eGj7vMJWxGGR6ZnR9_OEApfIsjZEVRK

*.ini

:510050:510050

\atcon.tem

\atcon.bak

@ping 127.0.0.1 -n

del Restart.bat

\Restart.bat

pwrtest.exe

.text

`.data

.pdata

@.idata

@.rsrc

@.reloc

WTTLogInit

RegDeleteKeyExW

RegDeleteKeyW

pwrtest.pdb

u.fD;n|t'f;~|L

u5fD;{|t.fD;c|L

urL90umH

RegOpenKeyExW

GetProcessHeap

KERNEL32.dll

_amsg_exit

msvcrt.dll

ntdll.dll

POWRPROF.dll

SETUPAPI.dll

RegCreateKeyExW

tdh.dll

name="Microsoft.Windows.pwrtest"

version="1.0.0.0"

<description> my foo exe </description>

<requestedExecutionLevel

<!-- Windows 7 -->

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>

<!-- Windows 8 -->

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

<!-- Windows BLUE -->

<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>

<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">

</asmv3:windowsSettings>

.idata

t.hXuA

D$.Ph4IA

= =$=(=,=0=4=

2 2$2(2,2

6%7,797@7

pwrtestlog.etl

pwrtestlog.log

pwrtestlog.xml

yjstock.exe

user\Alert.alt

hXXp://data.10jqka.com.cn/ipo/xgsgyzq

zdjyzdjy@sina.com

hXXp://item.taobao.com/item.htm?spm=a1z10.1-c.w4004-2248521139.2.D3TEsA&id=520436485350

hXXp://item.taobao.com/item.htm?spm=a1z10.1-c.w4004-2248521139.4.D3TEsA&id=520436385744

hXXp://VVV.zdjy.top/help.htm

9:00-15:00

&nick=

hXXps://item.taobao.com/item.htm?spm=a1z10.1-c.w4004-2248521139.2.CgQIvb&id=520440644054

VBScript.RegExp

V8.87 2016-05-13 VVV.zdjy.top

shex.tnf

szex.tnf

d:\dzh3\DZH.exe

C:\new_tdx\TdxW.exe

D:\FoxGrandJy\FoxTrader.exe

__MSVCRT_HEAP_SELECT

GetCPInfo

HP-Socket.fne

TCPClient_Create

TCPClient_Destroy

TCPClient_Fetch

TCPClient_GetConnectionExtra

TCPClient_GetConnectionID

TCPClient_GetKeepAliveTime

TCPClient_GetLastError

TCPClient_GetLastErrorDesc

TCPClient_GetListenAddress

TCPClient_GetPendingDataLength

TCPClient_GetSocketBufferSize

TCPClient_GetState

TCPClient_HasStarted

TCPClient_Peek

TCPClient_Send

TCPClient_SendPackets

TCPClient_SendPart

TCPClient_SetConnectionExtra

TCPClient_SetKeepAliveTime

TCPClient_SetSocketBufferSize

TCPClient_Start

TCPClient_Stop

TCPServer_Create

TCPServer_Destroy

TCPServer_Disconnect

TCPServer_DisconnectLongConnections

TCPServer_DisconnectSilenceConnections

TCPServer_Fetch

TCPServer_GetAcceptSocketCount

TCPServer_GetAllConnectionIDs

TCPServer_GetConnectPeriod

TCPServer_GetConnectionCount

TCPServer_GetConnectionExtra

TCPServer_GetKeepAliveTime

TCPServer_GetLastError

TCPServer_GetLastErrorDesc

TCPServer_GetListenAddress

TCPServer_GetPendingDataLength

TCPServer_GetRemoteAddress

TCPServer_GetSocketBufferSize

TCPServer_GetState

TCPServer_HasStarted

TCPServer_Peek

TCPServer_Send

TCPServer_SendPackets

TCPServer_SendPart

TCPServer_SetAcceptSocketCount

TCPServer_SetConnectionExtra

TCPServer_SetKeepAliveTime

TCPServer_SetSocketBufferSize

TCPServer_Start

TCPServer_Stop

F%*.*f

CNotSupportedException

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

COMCTL32.DLL

CCmdTarget

windows

MSWHEEL_ROLLMSG

iphlpapi.dll

SHLWAPI.dll

MPR.dll

VERSION.dll

WSOCK32.dll

.PAVCException@@

.PAVCNotSupportedException@@

.PAVCFileException@@

(*.prn)|*.prn|

(*.*)|*.*||

Mpr.dll

Advapi32.dll

User32.dll

Gdi32.dll

(&07-034/)7 '

?? / %d]

%d / %d]

: %d]

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|BMP

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

%s:%d

out.prn

%d.%d

%d / %d

%d/%d

Bogus message code %d

(%d-%d):

%ld%c

x86 Family %s Model %s Stepping %s

X-X-X-X

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

HTTP/1.0

%s <%s>

Reply-To: %s

From: %s

To: %s

Subject: %s

Date: %s

Cc: %s

%a, %d %b %Y %H:%M:%S

HELO %s

SMTP

AUTH LOGIN

LOGIN

AUTH=LOGIN

EHLO %s

Content-Type: application/octet-stream; name=%s

Content-Disposition: attachment; filename=%s

MAIL FROM:<%s>

RCPT TO:<%s>

1.1.3

;3 #>6.&

'2, / 0&7!4-)1#

%d%d%d

rundll32.exe shell32.dll,

IsShowDiglog

.PAVCResourceException@@

%d-%d-%d

%Y-%m-%d

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.jpg;*.bmp;*.gif;*.ico;*.cur|JPG

(*.JPG)|*.jpg|BMP

(*.BMP)|*.bmp|GIF

(*.GIF)|*.gif|

(*.ICO)|*.ico|

(*.CUR)|*.cur||

0.0.0.0

`.rdata

@.data

operator

GetProcessWindowStation

D:\MyWork\Cpp\HP-Socket\Bin\HPSocket4C\x86\HPSocket4C.pdb

CreateIoCompletionPort

MsgWaitForMultipleObjectsEx

HPSocket4C.dll

Create_HP_TcpAgent

Create_HP_TcpAgentListener

Create_HP_TcpClient

Create_HP_TcpClientListener

Create_HP_TcpPullAgent

Create_HP_TcpPullAgentListener

Create_HP_TcpPullClient

Create_HP_TcpPullClientListener

Create_HP_TcpPullServer

Create_HP_TcpPullServerListener

Create_HP_TcpServer

Create_HP_TcpServerListener

Create_HP_UdpCast

Create_HP_UdpCastListener

Create_HP_UdpClient

Create_HP_UdpClientListener

Create_HP_UdpServer

Create_HP_UdpServerListener

Destroy_HP_TcpAgent

Destroy_HP_TcpAgentListener

Destroy_HP_TcpClient

Destroy_HP_TcpClientListener

Destroy_HP_TcpPullAgent

Destroy_HP_TcpPullAgentListener

Destroy_HP_TcpPullClient

Destroy_HP_TcpPullClientListener

Destroy_HP_TcpPullServer

Destroy_HP_TcpPullServerListener

Destroy_HP_TcpServer

Destroy_HP_TcpServerListener

Destroy_HP_UdpCast

Destroy_HP_UdpCastListener

Destroy_HP_UdpClient

Destroy_HP_UdpClientListener

Destroy_HP_UdpServer

Destroy_HP_UdpServerListener

HP_TcpAgent_GetKeepAliveInterval

HP_TcpAgent_GetKeepAliveTime

HP_TcpAgent_GetSocketBufferSize

HP_TcpAgent_IsReuseAddress

HP_TcpAgent_SendSmallFile

HP_TcpAgent_SetKeepAliveInterval

HP_TcpAgent_SetKeepAliveTime

HP_TcpAgent_SetReuseAddress

HP_TcpAgent_SetSocketBufferSize

HP_TcpClient_GetKeepAliveInterval

HP_TcpClient_GetKeepAliveTime

HP_TcpClient_GetSocketBufferSize

HP_TcpClient_SendSmallFile

HP_TcpClient_SetKeepAliveInterval

HP_TcpClient_SetKeepAliveTime

HP_TcpClient_SetSocketBufferSize

HP_TcpPullAgent_Fetch

HP_TcpPullAgent_Peek

HP_TcpPullClient_Fetch

HP_TcpPullClient_Peek

HP_TcpPullServer_Fetch

HP_TcpPullServer_Peek

HP_TcpServer_GetAcceptSocketCount

HP_TcpServer_GetKeepAliveInterval

HP_TcpServer_GetKeepAliveTime

HP_TcpServer_GetSocketBufferSize

HP_TcpServer_GetSocketListenQueue

HP_TcpServer_SendSmallFile

HP_TcpServer_SetAcceptSocketCount

HP_TcpServer_SetKeepAliveInterval

HP_TcpServer_SetKeepAliveTime

HP_TcpServer_SetSocketBufferSize

HP_TcpServer_SetSocketListenQueue

HP_UdpCast_GetBindAdddress

HP_UdpCast_GetCastMode

HP_UdpCast_GetMaxDatagramSize

HP_UdpCast_GetMultiCastTtl

HP_UdpCast_GetRemoteAddress

HP_UdpCast_IsMultiCastLoop

HP_UdpCast_IsReuseAddress

HP_UdpCast_SetBindAdddress

HP_UdpCast_SetCastMode

HP_UdpCast_SetMaxDatagramSize

HP_UdpCast_SetMultiCastLoop

HP_UdpCast_SetMultiCastTtl

HP_UdpCast_SetReuseAddress

HP_UdpClient_GetDetectAttempts

HP_UdpClient_GetDetectInterval

HP_UdpClient_GetMaxDatagramSize

HP_UdpClient_SetDetectAttempts

HP_UdpClient_SetDetectInterval

HP_UdpClient_SetMaxDatagramSize

HP_UdpServer_GetDetectAttempts

HP_UdpServer_GetDetectInterval

HP_UdpServer_GetMaxDatagramSize

HP_UdpServer_GetPostReceiveCount

HP_UdpServer_SetDetectAttempts

HP_UdpServer_SetDetectInterval

HP_UdpServer_SetMaxDatagramSize

HP_UdpServer_SetPostReceiveCount

_Create_HP_TcpAgent@4

_Create_HP_TcpAgentListener@0

_Create_HP_TcpClient@4

_Create_HP_TcpClientListener@0

_Create_HP_TcpPullAgent@4

_Create_HP_TcpPullAgentListener@0

_Create_HP_TcpPullClient@4

_Create_HP_TcpPullClientListener@0

_Create_HP_TcpPullServer@4

_Create_HP_TcpPullServerListener@0

_Create_HP_TcpServer@4

_Create_HP_TcpServerListener@0

_Create_HP_UdpCast@4

_Create_HP_UdpCastListener@0

_Create_HP_UdpClient@4

_Create_HP_UdpClientListener@0

_Create_HP_UdpServer@4

_Create_HP_UdpServerListener@0

_Destroy_HP_TcpAgent@4

_Destroy_HP_TcpAgentListener@4

_Destroy_HP_TcpClient@4

_Destroy_HP_TcpClientListener@4

_Destroy_HP_TcpPullAgent@4

_Destroy_HP_TcpPullAgentListener@4

_Destroy_HP_TcpPullClient@4

_Destroy_HP_TcpPullClientListener@4

_Destroy_HP_TcpPullServer@4

_Destroy_HP_TcpPullServerListener@4

_Destroy_HP_TcpServer@4

_Destroy_HP_TcpServerListener@4

_Destroy_HP_UdpCast@4

_Destroy_HP_UdpCastListener@4

_Destroy_HP_UdpClient@4

_Destroy_HP_UdpClientListener@4

_Destroy_HP_UdpServer@4

_Destroy_HP_UdpServerListener@4

_HP_TcpAgent_GetKeepAliveInterval@4

_HP_TcpAgent_GetKeepAliveTime@4

_HP_TcpAgent_GetSocketBufferSize@4

_HP_TcpAgent_IsReuseAddress@4

_HP_TcpAgent_SendSmallFile@20

_HP_TcpAgent_SetKeepAliveInterval@8

_HP_TcpAgent_SetKeepAliveTime@8

_HP_TcpAgent_SetReuseAddress@8

_HP_TcpAgent_SetSocketBufferSize@8

_HP_TcpClient_GetKeepAliveInterval@4

_HP_TcpClient_GetKeepAliveTime@4

_HP_TcpClient_GetSocketBufferSize@4

_HP_TcpClient_SendSmallFile@16

_HP_TcpClient_SetKeepAliveInterval@8

_HP_TcpClient_SetKeepAliveTime@8

_HP_TcpClient_SetSocketBufferSize@8

_HP_TcpPullAgent_Fetch@16

_HP_TcpPullAgent_Peek@16

_HP_TcpPullClient_Fetch@12

_HP_TcpPullClient_Peek@12

_HP_TcpPullServer_Fetch@16

_HP_TcpPullServer_Peek@16

_HP_TcpServer_GetAcceptSocketCount@4

_HP_TcpServer_GetKeepAliveInterval@4

_HP_TcpServer_GetKeepAliveTime@4

_HP_TcpServer_GetSocketBufferSize@4

_HP_TcpServer_GetSocketListenQueue@4

_HP_TcpServer_SendSmallFile@20

_HP_TcpServer_SetAcceptSocketCount@8

_HP_TcpServer_SetKeepAliveInterval@8

_HP_TcpServer_SetKeepAliveTime@8

_HP_TcpServer_SetSocketBufferSize@8

_HP_TcpServer_SetSocketListenQueue@8

_HP_UdpCast_GetBindAdddress@4

_HP_UdpCast_GetCastMode@4

_HP_UdpCast_GetMaxDatagramSize@4

_HP_UdpCast_GetMultiCastTtl@4

_HP_UdpCast_GetRemoteAddress@16

_HP_UdpCast_IsMultiCastLoop@4

_HP_UdpCast_IsReuseAddress@4

_HP_UdpCast_SetBindAdddress@8

_HP_UdpCast_SetCastMode@8

_HP_UdpCast_SetMaxDatagramSize@8

_HP_UdpCast_SetMultiCastLoop@8

_HP_UdpCast_SetMultiCastTtl@8

_HP_UdpCast_SetReuseAddress@8

_HP_UdpClient_GetDetectAttempts@4

_HP_UdpClient_GetDetectInterval@4

_HP_UdpClient_GetMaxDatagramSize@4

_HP_UdpClient_SetDetectAttempts@8

_HP_UdpClient_SetDetectInterval@8

_HP_UdpClient_SetMaxDatagramSize@8

_HP_UdpServer_GetDetectAttempts@4

_HP_UdpServer_GetDetectInterval@4

_HP_UdpServer_GetMaxDatagramSize@4

_HP_UdpServer_GetPostReceiveCount@4

_HP_UdpServer_SetDetectAttempts@8

_HP_UdpServer_SetDetectInterval@8

_HP_UdpServer_SetMaxDatagramSize@8

_HP_UdpServer_SetPostReceiveCount@8

.?AVC_HP_UdpCast@@

.?AVC_HP_UdpClient@@

.?AVC_HP_TcpPullClient@@

.?AVC_HP_TcpClient@@

.?AVC_HP_TcpPullAgent@@

.?AVC_HP_TcpAgent@@

.?AVC_HP_UdpServer@@

.?AVC_HP_TcpPullServer@@

.?AVC_HP_TcpServer@@

.?AVCUdpCast@@

.?AVCUdpClient@@

.?AVCUdpServer@@

.?AVCTcpPullAgent@@

.?AVCTcpPullClient@@

.?AVCTcpPullServer@@

.?AVCTcpAgent@@

.?AVCTcpClient@@

.?AVCTcpServer@@

.?AVIUdpCast@@

.?AVIUdpClient@@

.?AVITcpClient@@

.?AVITcpAgent@@

.?AVIUdpServer@@

.?AVITcpServer@@

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

=&>5>^>{>

5 5$5(5,5

4%8U8_8j8

2 2$2(24282<2

3 3$3(3,303

8@kernel32.dll

shell32.dll

program internal error number is %d.

:"%s"

:"%s".

c:\%original file name%.exe

.PAVCOleException@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCArchiveException@@

ww.zdjy.top/kfdl

#include "l.chs\afxres.rc" // Standard components

WinExec

RegOpenKeyExA

RegCreateKeyA

RegCreateKeyExA

ScaleViewportExtEx

SetViewportExtEx

OffsetViewportOrgEx

SetViewportOrgEx

GetViewportOrgEx

GetViewportExtEx

UnhookWindowsHookEx

CreateDialogIndirectParamA

GetKeyState

GetKeyboardLayout

VkKeyScanExA

SetWindowsHookExA

EnumWindows

RegisterHotKey

UnregisterHotKey

InternetCanonicalizeUrlA

InternetCrackUrlA

$K-Dm.KwAe

,9t%0s/:vBJ}SZ

RASAPI32.dll

WININET.dll

6.2.6.0

(hXXp://VVV.eyuyan.com)

%s\canwritetodir.file

SetupDiGetClassDevs on GUID_DEVICE_BATTERY, failed:0xx

Battery %d: %s

CreateFile failed with: 0xx

SetupDiGetInterfaceDeviceDetail, failed: 0xx

base\power\tools\pwrtest\exe\battery.cpp

SetupDiEnumInterfaceDevice, failed: 0xx

BatteryNo value %d is out of bound (number of batteries is %d)

DeviceIoControl on IOCTL_BATTERY_QUERY_TAG returns BATTERY_TAG_INVALID: 0xx

ManufactureName: %s

DeviceName: %s

UniqueID: %s

SerialNumber: %s

EstimatedTime: %d seconds

DeviceIoControl on IOCTL_BATTERY_QUERY_TAG failed: 0xx

DeviceIoControl on IOCTL_BATTERY_QUERY_INFORMATION/Info %d failed: 0xx

DeviceIoControl on IOCTL_BATTERY_QUERY_INFORMATION/BATTERY_STATUS failed 0xx

BATTERY_SET_CHARGE_SUPPORTED

BATTERY_SET_DISCHARGE_SUPPORTED

Chemistry: %s

DesignedCapacity: %d mWh (or relative)

FullChargedCapacity: %d mWh (or relative)

CriticalBias: %d mWh (or relative)

CycleCount: %d

DefaultAlert1: %d

DefaultAlert2: %d

Capacitiy: %d mWh (or relative)

Voltage: %d millivolts

Rate: %d mWh (or relative)

SystemS1StateSupported = %d

SystemS2StateSupported = %d

SystemS3StateSupported = %d

SystemS4StateSupported = %d

SystemS5StateSupported = %d

RtcWakeSupported = S%d

FastSystemS4 = %d

VideoDimPresent = %d

HiberFilePresent = %d

AoAc = %d

SystemS1StateSupported

SystemS2StateSupported

SystemS3StateSupported

SystemS4StateSupported

SystemS5StateSupported

RtcWakeSupported

base\power\tools\pwrtest\exe\ppminfowmi.cpp

This program isn't supported running in the Wow64 environment.

HeapAlloc(size=0x%x) Failed!

Max Transition Latency: %u us

Number of States: %u

%-5u %4u (%3u%%) %s

number="%d" frequency="%d" percentofmaxfrequency="%d" type="%s"

ERROR: specified logical processor number is out of range: %u

InstanceName: %s

processor='%d'

OS Processor Number: %u

Processor Block Address: 0x%x

Processor Block Length: %u

Processor Id: %u

Apic Id: %u

AddressSpaceID: 0x%x

BitWidth: 0x%x

BitOffset: 0x%x

Reserved: 0x%x

processor="%d"

State %u

Frequency: %u Mhz

Power: %u mWatts

Latency: %u us

BM Latency: %u us

Control: 0x%x

Status: 0x%x

index="%d"

Instance name: %s

Processor performance and throttle states: (%u states)

Current state: %u

Fastest state considering policy ceiling: %u

Slowest state considering policy floor: %u

Slowest performance state: %u

Thermal constraint (ceiling): %u

Max frequency: %u mhz

Busy adj threshold: %u%%

Domain coordination: 0x%x

Type: 0x%x

Reserved: 0x%x

Time check: %u ms

P-state handler: %sPresent

P-state context: %sPresent

T-state handler: %sPresent

T-state context: %sPresent

Feedback handler: %sPresent

State %u:

Frequency: %u Mhz (%u%%)

Power: %u mWatts

IncreaseLevel: %u%%

DecreaseLevel: %u%%

IncreaseTime: %u clock ticks (~%u us)

DecreaseTime: %u clock ticks (~%u us)

Hit count: %u

ERROR: failed to get ProcessorStatus_GUID WMI data for processor %d

Kernel Idle States: (%u states)

TargetState: %u

Type: %u

Latency: %u us

Power: %u mWatts

TimeCheck: %u QPC ticks (%u ms)

PromotePercent: %u%%

DemotePercent: %u%%

StateType: C%u

IdleHandler: %sPresent

Context: %sPresent

number="%d" latency="%uus" power="%umW" TimeCheck="%ums" PromotePercent="%u" DemotePercent="%u" StateType="C%u"

FadtC2Latency: %u

FadtC3Latency: %u

CStateVersionInUse: %u

AddressSpaceID: 0x%x

BitWidth: 0x%x

BitOffset: 0x%x

Reserved: 0x%x

StateType: %u

Latency: %u

PowerConsumption: %u

The CPU doesn't support P/C states.

-  = = = = - = m %C

interval="%d"

Initialization for pwrtest options failed, HRESULT: 0x%x

Initialization for pwrtest scenario options failed, HRESULT: 0x%x

Failed to initialize WTT log devices, HRESULT: 0x%x

ERROR: failed to generate trace session GUID: 0x%x

Unable to open %s for writing, giving up.

Unable to open %s for writing, trying TEMP folder instead.

Logging to %s

%s\%s.%s

XML log name: %s

WTT log name: %s

WTT log level: %d

Plainlog name: %s

Session name: %s

ETL log name: %s

ETW buffer size: %d

ETW min buffers: %d

ETW max buffers: %d

Delay write log: %s

$LogFile:file="%s",writemode=overwrite;$PlainLog:file="%s",writemode=overwrite

$Console:enablelvl=Msg|Error|Warn|Assert

base\power\tools\pwrtest\exe\pwrtestscenario.cpp

es thread execution state monitoring Win7

To see available scenario options type: pwrtest.exe /scenario /?

Example: pwrtest.exe /sleep /?

Default log location is the same folder as pwrtest.exe

Log file extensions added automatically (.wtl, .xml, etc.)

-must run from an administrator/elevated command prompt in order to support

-must run natively (WoW64 not supported) in order to support ETW tracing

date="d/d/d" time="d:d:d" filename="%s"

This program only runs on Windows Vista or newer OS

Pwrtest needs to run elevated in order to support ETW tracing.

WoW64 is not supported, must execute the native binary in order to support ETW tracing.

RegOpenKeyEx

ERROR: Event TimeStamp information could not be obtained (0xx)

d/d/d d:d:d

%sd/d/d d:d:d::d

The TIMER scenario supports the following options:

%s event property could not be obtained

base\power\tools\pwrtest\exe\scenariotimer.cpp

d:d:d.d NtSetTimerResolution

(resolution:%d process:%s pid:%d service:%s)

(resolution:%d process:%s pid: %d subprocess tag:%d)

(resolution:%d process:%s pid:%d)

(resolution:%d process:%s)

d:d:d.d ExSetTimerResolution

(resolution:%d)

d:d:d.d UpdateTimerResolution

d:d:d.d TimerResolutionRundown

(current resolution:%d minimum resolution: %d maximum resolution: %d kernel count:%d kernel request:%d)

d:d:d.d TimerResolutionRequestRundown

The THERMAL scenario supports the following options:

Note: This scenario only works on systems which report thermal data to the

operating system

base\power\tools\pwrtest\exe\scenariothermal.cpp

All temperatures in %s

Timestamp Temp(%s) Data Mode ACPI Node

d:d:d%9lld Passive %s

_TC1:%u

_TC2:%u

_TSP:%u

PassiveCooling

d:d:d%9lld Active %s

d:d:d%9lld Hot %s

d:d:d%9lld Critical %s

LogInterval

d:d:d% Illegal Throttle

Processor:%d

Elapsed:%d

Interval:%d

d:d:d Fan %-2d %s %s

The MONITOR scenario supports the following options:

Could not initialize WMI event tracing for monitor brightness. GLE:0x%x

base\power\tools\pwrtest\exe\scenariomonitor.cpp

d:d:d console Adaptive Dim Timeout: %d -> %d seconds

d:d:d  %s Monitor State: %s -> %s

d:d:d  Screen Saver Started

d:d:d  Console Locked

d:d:d  Screen Saver Timeout: %d seconds

d:d:d  Screen Saver Timeout: %d -> %d seconds

d:d:d  Blank Timeout: %d seconds

d:d:d  Blank Timeout: %d -> %d seconds

d:d:d  Dim Timeout: %d seconds

d:d:d  Dim Timeout: %d -> %d seconds

d:d:d  Dim Brightness: %d%%

d:d:d  Dim Brightness: %d%% -> %d%%

d:d:d  Normal Monitor Brightness: %d%%

d:d:d  Normal Monitor Brightness: %d%% -> %d%%

d:d:d  Idle Reset

d:d:d  Idle: %d seconds

d:d:d console Physical Monitor Brightness Changed: %d%% -> %d%%

The REQUESTS scenario supports the following options:

base\power\tools\pwrtest\exe\scenariorequests.cpp

d:d:d Create: %s

Type:%s ProcessID:%lu SessionID:%lu

Context: %s

Allow:%s%s%s%s%s%s

Count: %sSystem:%lu %sDisplay:%lu %sAwayMode:%lu %sPerfBoost:%lu

%sExecutionRequired:%lu %sFullScreenVideo:%lu

d:d:d Change: %s

d:d:d Close: %s

The PROCESSIDLE scenario supports the following options:

%ws: Idle task registered: "%ws" in process %d

%ws: Idle task unregistered: "%ws" in process %d

%ws: Idle task started: "%ws" in process %d

%ws: Idle task stopped: "%ws" in process %d

%ws: Idle task completed: "%ws" in process %d

d:d:d.d

%s event property could not be obtained. %d. Error code %X. Required size: %d.

base\power\tools\pwrtest\exe\scenarioprocessidle.cpp

ID %d

Process idle tasks thread exited with error: 0xx

id="%d"

id="%d" shortterm="%d" rechargable="%d"

d/d/d

The BATTERY scenario supports the following options:

base\power\tools\pwrtest\exe\scenariobattery.cpp

d - %s d:d:d = m m m

Sleep time -%d seconds- is too small. Must be larger than 30 seconds! Using default value %d

Timeout for receive power transition end event -%d seconds- is too small. Must be larger than %d seconds!

The SLEEP scenario supports the following options:

t supported for hibernate, system will restart and immediately resume after writing hiber file)

/s:all indicates cycling through all supported power states in order

/s:rnd indicates cycling through all supported power states randomly

/unattend indicates not to change system execution state after wakeup

base\power\tools\pwrtest\exe\scenariosleep.cpp

Setting the AC value for GUID_LOCK_CONSOLE_ON_WAKE failed%s

Setting the DC value for GUID_LOCK_CONSOLE_ON_WAKE failed%s

Setting the AC value for GUID_HIBERNATE_FASTS4_POLICY failed%s

Setting the DC value for GUID_HIBERNATE_FASTS4_POLICY failed%s

Setting the AC value for GUID_ALLOW_RTC_WAKE failed%s

Setting the DC value for GUID_ALLOW_RTC_WAKE failed%s

Setting the AC value for GUID_UNATTEND_SLEEP_TIMEOUT failed%s

Setting the DC value for GUID_UNATTEND_SLEEP_TIMEOUT failed%s

NumTransitions:%d DelayTime:%d SleepTime:%d

bHybrid:%d SleepType:%d QPCCheck:%d

EndEventTimeout:%d

System does not support any sleep states.

System does not support the target sleep state.

hybrid="%d" delay="%d" sleeptime="%d" IgnoreUsbHub="%d" EndTransitionEventTimeout="%d"

tracerpt.exe -rt "%s" -o pstrace.xml -of XML -y

tracerpt cmd: %s

No.%d Transition -- TargetState: %s

Simulating a key press to keep the system awake

Setting the wake alarm at %d/%d/%d %d:%d:%d::%d for %d seconds

Current Time could not be obtained. Setting the wake alarm for %d seconds

Non Root USB HUB Detected: %s

number="%d" status="%d"

d:d:d

WaitForTransition: ResetEvent failed (0xx)

TargetState: S%d

EffectiveState: S%d

The DEVICE scenario supports the following options:

The DISK scenario supports the following options:

base\power\tools\pwrtest\exe\scenariodeviceanddisk.cpp

d:d:d %-2d %s %s %s

d:d:d Removed

%s, %s

d:d:d %-2d %s %s Idle: ]s, NonIdle: =s %s

d:d:d * -- Pol Timeout: %ds, IgnoreThreshold: %ds

d:d:d New BusyCount: =

%s %s

d:d:d %sBusyCount: =

State: D%d ConservativeTimeout: Ms%s

Idle:s PerformanceTimeout: ]s%s

Query %s failed. Error code = %#x

\\.\PHYSICALDRIVE

The PPM scenario supports the following options:

Polling interval must be greater than 500ms, using default value %d

Cycle count must be greater than 0, using default value %d

Info: the CPU doesn't support P-states.

Info: the CPU doesn't support C-states.

base\power\tools\pwrtest\exe\scenariolegacyppm.cpp

WmiNotificationRegistration() Failed! rc=0x%x

Unregister for PPM WMI event failed! rc=0x%x

ERROR: instance name could not be allocated (0xx)

%s: Unknown Event Id = %u

IdleStateIndex="%d"

%s count="%u"

BucketCount="%d"

%s Count="%d"

%u.%.3u

.ldus

MinLimitMs="%d" MaxLimitMs="%d"

The ES scenario displays thread execution state and system state changes.

The ES scenario supports the following options:

/stes:y indicates SetThreadExecutionState events should be logged (default)

/stes:n indicates SetThreadExecutionState events should not be logged

/user indicates only user events (SetThreadExecutionState) should be logged

The IDLE scenario supports the /t:n option as well as all /es options:

Waiting for Execution State Events%s

and Execution State Events...

Waiting for System Idle Events%s

base\power\tools\pwrtest\exe\scenarioesidle.cpp

0xx

Continuous: %d Display: %d System: %d AwayMode: %d UserPresent: %d

The INFO scenario supports the following options:

base\power\tools\pwrtest\exe\scenarioinfo.cpp

MaxIdlenessAllowed = %d

Idleness = %d

TimeRemaining = %d

CoolingMode = %d

AcOnLine = %d

BatteryPresent = %d

Charging = %d

Discharging = %d

MaxCapacity = %d

RemainingCapacity = %d

RateOfDrain = %d

EstimatedTime = %d

DefaultAlert1 = %d

DefaultAlert2 = %d

getCpuPerf: CpuInfoProcessor

getCpuPerf: CpuInfoIdle

The CPU(s) doesn't support P-states. Querying for PCC information...

getCpuPerf: CpuInfoPerf

Timed out waiting for PCC rundown event. Wait time can be increased using option /w:, but this won't have an effect if the system doesn't support PCC.

WaitForSingleObject: Unknown return value 0x%x

Minimum performance frequency percentage: -%%

Minimum throttled frequency percentage: -%%

SetEvent failed. LastError: 0x%x

supports AoAc.

is installed by the Windows Device Testing Framework (WDTF) which is

found in the Microsoft Windows Driver Kit (WDK) version 8 or later.

The CS scenario supports the following options:

base\power\tools\pwrtest\exe\scenarioconnectedstandby.cpp

System does not support AoAc, cannot test Connected Standby.

Virtual power button driver not found, please install the Windows Device

Testing Framework (WDTF) which is found in the Microsoft Windows Driver Kit

NumTransitions:%d DelayTime:%d CSExitTime:%d

Supported Platform States: %lu

StateCount="%lu" ResetCount="%lu" Timestamp="d/d/d d:d:d.d"

d:d:d.d %s Connected Standby

Timestamp="d/d/d d:d:d.d"

d:d:d.d Input %s

%s phase failed

d:d:d.d %s %s Phase

d:d:d.d %s has active execution required power request, will block DAM phase completion until cleared or invalidated.

name="%s" Timestamp="d/d/d d:d:d.d"

Caller="%s" Timestamp="d/d/d d:d:d.d"

d:d:d.d %s cleared execution required power request, no longer blocks DAM phase completion.

Setting the AC value for GUID_VIDEO_POWERDOWN_TIMEOUT failed%s

Setting the DC value for GUID_VIDEO_POWERDOWN_TIMEOUT failed%s

Setting the AC value for GUID_VIDEO_CONSOLE_LOCK_TIMEOUT failed%s

Setting the DC value for GUID_VIDEO_CONSOLE_LOCK_TIMEOUT failed%s

The PLATIDLE scenario supports the following options:

base\power\tools\pwrtest\exe\scenarioplatidle.cpp

System does not support AoAc, cannot get platform idle statistics.

System does not report any supported platform idle states, cannot continue!

Supported Platform Idle State Count: %lu

d:d:d State:%lu Succeeded:%lu Failed:%lu Cancelled:%lu

base\power\tools\pwrtest\exe\platidle.cpp

%s event property could not be obtained from struct %s index %lu

wttlog.dll

Unable to open %s for writing.

Log File Str:%s, 0x%x, %d

Start: %s

Error: %s

File: %s

Line: %u

Error Code: 0x%x

Warn: %s

Assert: %s

%s, Line: %u

End: %s, %s, %s

Failed to write to log file this string: %s

plaintext.log

Unable to extract log filename. Use plaintext.log instead

<%s>%s

<%s %s%s>%s

</%s>

<%s %s>%d</%s>

<%s>%d</%s>

<%s>%lld</%s>

<%s>%u</%s>

<%s>%I64u</%s>

<%s format="hex">0x%x</%s>

<%s format="hex">0x%I64x</%s>

<%s>%llu</%s>

<%s format="hex">0x%llx</%s>

<Timestamp>d/d/d d:d:d.d</Timestamp>

OpenDevice failed: 0x%x

DeviceIoControl failed: 0x%x

WaitForDisplayOn failed: 0x%x

NtPowerInformation failed: 0x%x

Software\Policies\Microsoft\Windows\Personalization

Software\Policies\Microsoft\Windows

devobj.dll

SOFTWARE\Microsoft\Windows\CurrentVersion\Tests\PowerButton

[%hs,%d] %ls

button.inf

GetDevObjFunctions failed: 0x%x

DevObjCreateDeviceInfoListFunction failed: 0x%x

DevObjGetClassDevsFunction failed: 0x%x

DevObjEnumDeviceInfoFunction failed: 0x%x

DevObjEnumDeviceInterfacesFunction failed: 0x%x

DevObjGetDeviceInterfaceDetailFunction failed: 0x%x

malloc failed: 0x%x

CreateFile failed: 0x%x

newdev.dll

powrprof.dll

d:d:d.d %-5d ACPI Notify (0x80), _PPC = %u

d:d:d.d %-5d ACPI Notify (0x81)

d:d:d.d %-5d ACPI Notify (0x82), _TPC = %u

d:d:d.d %-5d Perf State Change (State:%u, Speed:%u Mhz) %s

d:d:d.d %-5d Domain Perf State Change

(State:%u, Speed:%u Mhz, Affinity:%#x)

d:d:d.d %-5d Idle State %s (Old:%u, New:%u, Affinity:%#x)

d:d:d.d %-5d Idle Accounting Event

d:d:d.d %-5d Thermal Constraint Change (State:%u, Affinity:%#x)

6.3.9600.16384 (winblue_rtm.130821-1623)

PwrTest.exe

Windows

Operating System

6.3.9600.16384

Bbase\power\tools\pwrtest\exe\platidle.cpp

File : %s, Line : %u

Status : 0x%x, StatusType : %u

= Start of Test Case : %s

= End of Test Case : %s

%s, Line: %u

COpenDevice failed: 0x%x

lDeviceIoControl failed: 0x%x

*!&><?{}

!"#$%&'()* ,-./01234567

mscoree.dll

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

3.3.1

hXXp://VVV.jessma.org

Grid.Document

(*.*)

8.3.4.0

%original file name%.exe_2940_rwx_00270000_00033000:

.text

`.rdata

@.data

.rsrc

@.reloc

iu2.iui

operator

GetProcessWindowStation

0.0.0.0

D:\MyWork\Cpp\HP-Socket\Bin\HPSocket4C\x86\HPSocket4C.pdb

CreateIoCompletionPort

KERNEL32.dll

MsgWaitForMultipleObjectsEx

USER32.dll

WINMM.dll

WS2_32.dll

GetProcessHeap

GetCPInfo

HPSocket4C.dll

Create_HP_TcpAgent

Create_HP_TcpAgentListener

Create_HP_TcpClient

Create_HP_TcpClientListener

Create_HP_TcpPullAgent

Create_HP_TcpPullAgentListener

Create_HP_TcpPullClient

Create_HP_TcpPullClientListener

Create_HP_TcpPullServer

Create_HP_TcpPullServerListener

Create_HP_TcpServer

Create_HP_TcpServerListener

Create_HP_UdpCast

Create_HP_UdpCastListener

Create_HP_UdpClient

Create_HP_UdpClientListener

Create_HP_UdpServer

Create_HP_UdpServerListener

Destroy_HP_TcpAgent

Destroy_HP_TcpAgentListener

Destroy_HP_TcpClient

Destroy_HP_TcpClientListener

Destroy_HP_TcpPullAgent

Destroy_HP_TcpPullAgentListener

Destroy_HP_TcpPullClient

Destroy_HP_TcpPullClientListener

Destroy_HP_TcpPullServer

Destroy_HP_TcpPullServerListener

Destroy_HP_TcpServer

Destroy_HP_TcpServerListener

Destroy_HP_UdpCast

Destroy_HP_UdpCastListener

Destroy_HP_UdpClient

Destroy_HP_UdpClientListener

Destroy_HP_UdpServer

Destroy_HP_UdpServerListener

HP_TcpAgent_GetKeepAliveInterval

HP_TcpAgent_GetKeepAliveTime

HP_TcpAgent_GetSocketBufferSize

HP_TcpAgent_IsReuseAddress

HP_TcpAgent_SendSmallFile

HP_TcpAgent_SetKeepAliveInterval

HP_TcpAgent_SetKeepAliveTime

HP_TcpAgent_SetReuseAddress

HP_TcpAgent_SetSocketBufferSize

HP_TcpClient_GetKeepAliveInterval

HP_TcpClient_GetKeepAliveTime

HP_TcpClient_GetSocketBufferSize

HP_TcpClient_SendSmallFile

HP_TcpClient_SetKeepAliveInterval

HP_TcpClient_SetKeepAliveTime

HP_TcpClient_SetSocketBufferSize

HP_TcpPullAgent_Fetch

HP_TcpPullAgent_Peek

HP_TcpPullClient_Fetch

HP_TcpPullClient_Peek

HP_TcpPullServer_Fetch

HP_TcpPullServer_Peek

HP_TcpServer_GetAcceptSocketCount

HP_TcpServer_GetKeepAliveInterval

HP_TcpServer_GetKeepAliveTime

HP_TcpServer_GetSocketBufferSize

HP_TcpServer_GetSocketListenQueue

HP_TcpServer_SendSmallFile

HP_TcpServer_SetAcceptSocketCount

HP_TcpServer_SetKeepAliveInterval

HP_TcpServer_SetKeepAliveTime

HP_TcpServer_SetSocketBufferSize

HP_TcpServer_SetSocketListenQueue

HP_UdpCast_GetBindAdddress

HP_UdpCast_GetCastMode

HP_UdpCast_GetMaxDatagramSize

HP_UdpCast_GetMultiCastTtl

HP_UdpCast_GetRemoteAddress

HP_UdpCast_IsMultiCastLoop

HP_UdpCast_IsReuseAddress

HP_UdpCast_SetBindAdddress

HP_UdpCast_SetCastMode

HP_UdpCast_SetMaxDatagramSize

HP_UdpCast_SetMultiCastLoop

HP_UdpCast_SetMultiCastTtl

HP_UdpCast_SetReuseAddress

HP_UdpClient_GetDetectAttempts

HP_UdpClient_GetDetectInterval

HP_UdpClient_GetMaxDatagramSize

HP_UdpClient_SetDetectAttempts

HP_UdpClient_SetDetectInterval

HP_UdpClient_SetMaxDatagramSize

HP_UdpServer_GetDetectAttempts

HP_UdpServer_GetDetectInterval

HP_UdpServer_GetMaxDatagramSize

HP_UdpServer_GetPostReceiveCount

HP_UdpServer_SetDetectAttempts

HP_UdpServer_SetDetectInterval

HP_UdpServer_SetMaxDatagramSize

HP_UdpServer_SetPostReceiveCount

_Create_HP_TcpAgent@4

_Create_HP_TcpAgentListener@0

_Create_HP_TcpClient@4

_Create_HP_TcpClientListener@0

_Create_HP_TcpPullAgent@4

_Create_HP_TcpPullAgentListener@0

_Create_HP_TcpPullClient@4

_Create_HP_TcpPullClientListener@0

_Create_HP_TcpPullServer@4

_Create_HP_TcpPullServerListener@0

_Create_HP_TcpServer@4

_Create_HP_TcpServerListener@0

_Create_HP_UdpCast@4

_Create_HP_UdpCastListener@0

_Create_HP_UdpClient@4

_Create_HP_UdpClientListener@0

_Create_HP_UdpServer@4

_Create_HP_UdpServerListener@0

_Destroy_HP_TcpAgent@4

_Destroy_HP_TcpAgentListener@4

_Destroy_HP_TcpClient@4

_Destroy_HP_TcpClientListener@4

_Destroy_HP_TcpPullAgent@4

_Destroy_HP_TcpPullAgentListener@4

_Destroy_HP_TcpPullClient@4

_Destroy_HP_TcpPullClientListener@4

_Destroy_HP_TcpPullServer@4

_Destroy_HP_TcpPullServerListener@4

_Destroy_HP_TcpServer@4

_Destroy_HP_TcpServerListener@4

_Destroy_HP_UdpCast@4

_Destroy_HP_UdpCastListener@4

_Destroy_HP_UdpClient@4

_Destroy_HP_UdpClientListener@4

_Destroy_HP_UdpServer@4

_Destroy_HP_UdpServerListener@4

_HP_TcpAgent_GetKeepAliveInterval@4

_HP_TcpAgent_GetKeepAliveTime@4

_HP_TcpAgent_GetSocketBufferSize@4

_HP_TcpAgent_IsReuseAddress@4

_HP_TcpAgent_SendSmallFile@20

_HP_TcpAgent_SetKeepAliveInterval@8

_HP_TcpAgent_SetKeepAliveTime@8

_HP_TcpAgent_SetReuseAddress@8

_HP_TcpAgent_SetSocketBufferSize@8

_HP_TcpClient_GetKeepAliveInterval@4

_HP_TcpClient_GetKeepAliveTime@4

_HP_TcpClient_GetSocketBufferSize@4

_HP_TcpClient_SendSmallFile@16

_HP_TcpClient_SetKeepAliveInterval@8

_HP_TcpClient_SetKeepAliveTime@8

_HP_TcpClient_SetSocketBufferSize@8

_HP_TcpPullAgent_Fetch@16

_HP_TcpPullAgent_Peek@16

_HP_TcpPullClient_Fetch@12

_HP_TcpPullClient_Peek@12

_HP_TcpPullServer_Fetch@16

_HP_TcpPullServer_Peek@16

_HP_TcpServer_GetAcceptSocketCount@4

_HP_TcpServer_GetKeepAliveInterval@4

_HP_TcpServer_GetKeepAliveTime@4

_HP_TcpServer_GetSocketBufferSize@4

_HP_TcpServer_GetSocketListenQueue@4

_HP_TcpServer_SendSmallFile@20

_HP_TcpServer_SetAcceptSocketCount@8

_HP_TcpServer_SetKeepAliveInterval@8

_HP_TcpServer_SetKeepAliveTime@8

_HP_TcpServer_SetSocketBufferSize@8

_HP_TcpServer_SetSocketListenQueue@8

_HP_UdpCast_GetBindAdddress@4

_HP_UdpCast_GetCastMode@4

_HP_UdpCast_GetMaxDatagramSize@4

_HP_UdpCast_GetMultiCastTtl@4

_HP_UdpCast_GetRemoteAddress@16

_HP_UdpCast_IsMultiCastLoop@4

_HP_UdpCast_IsReuseAddress@4

_HP_UdpCast_SetBindAdddress@8

_HP_UdpCast_SetCastMode@8

_HP_UdpCast_SetMaxDatagramSize@8

_HP_UdpCast_SetMultiCastLoop@8

_HP_UdpCast_SetMultiCastTtl@8

_HP_UdpCast_SetReuseAddress@8

_HP_UdpClient_GetDetectAttempts@4

_HP_UdpClient_GetDetectInterval@4

_HP_UdpClient_GetMaxDatagramSize@4

_HP_UdpClient_SetDetectAttempts@8

_HP_UdpClient_SetDetectInterval@8

_HP_UdpClient_SetMaxDatagramSize@8

_HP_UdpServer_GetDetectAttempts@4

_HP_UdpServer_GetDetectInterval@4

_HP_UdpServer_GetMaxDatagramSize@4

_HP_UdpServer_GetPostReceiveCount@4

_HP_UdpServer_SetDetectAttempts@8

_HP_UdpServer_SetDetectInterval@8

_HP_UdpServer_SetMaxDatagramSize@8

_HP_UdpServer_SetPostReceiveCount@8

.?AVC_HP_UdpCast@@

.?AVC_HP_UdpClient@@

.?AVC_HP_TcpPullClient@@

.?AVC_HP_TcpClient@@

.?AVC_HP_TcpPullAgent@@

.?AVC_HP_TcpAgent@@

.?AVC_HP_UdpServer@@

.?AVC_HP_TcpPullServer@@

.?AVC_HP_TcpServer@@

.?AVCUdpCast@@

.?AVCUdpClient@@

.?AVCUdpServer@@

.?AVCTcpPullAgent@@

.?AVCTcpPullClient@@

.?AVCTcpPullServer@@

.?AVCTcpAgent@@

.?AVCTcpClient@@

.?AVCTcpServer@@

.?AVIUdpCast@@

.?AVIUdpClient@@

.?AVITcpClient@@

.?AVITcpAgent@@

.?AVIUdpServer@@

.?AVITcpServer@@

zcÁ

c:\%original file name%.exe

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

=&>5>^>{>

5 5$5(5,5

4%8U8_8j8

2 2$2(24282<2

3 3$3(3,303

mscoree.dll

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

KERNEL32.DLL

WUSER32.DLL

3.3.1

hXXp://VVV.jessma.org

%original file name%.exe_2940_rwx_00401000_002EC000:

t%SVh

t$(SSh

~%UVW

t.It It

SSh<.e

}?9\$0~9

u$SShe

Jiu2.iu

/wK(.wE

wininet.dll

kernel32.dll

Kernel32.dll

advapi32.dll

ole32.dll

user32.dll

Shell32.dll

MapVirtualKeyA

MsgWaitForMultipleObjects

HttpOpenRequestA

HttpSendRequestA

HttpQueryInfoA

ShellExecuteExA

keybd_event

TCPServer

WinRing0.dll

ReadIoPortByte

KERNEL32.DLL

GDI32.DLL

USER32.DLL

SHELL32.DLL

ADVAPI32.DLL

MPR.DLL

WINMM.DLL

FreeLibraryWriteIoPortByteEx

tc.exe

\tc.exe

WTCommlib.dll

Tc.dll

failure[apikey

OcrKingForPassages

hXXp://sf.scu.edu.cn/servlet/feeImage

Content-Disposition: form-data; name="apiKey"

[apikey]

hXXp://lab.ocrking.com/ok.html

Content-Disposition: form-data; name="ocrfile"; filename="feeImage.jpg"

Referer: hXXp://lab.ocrking.com

Host: lab.ocrking.com

https

Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1)

http=

HTTP/1.1

Content-Type: application/x-www-form-urlencoded

hXXps://

hXXp://

hXXp://hq.sinajs.cn/list=sz399001

&password=

C:\Windows\System32\

hXXp://hq.sinajs.cn/list=

hXXp://ichart.finance.yahoo.com/table.csv?a=

.SZ&ql=1

VVV.zdjy.top

\port

127.0.0.1

\atcon.txt

\cloudtrad.ini

cloudtrad.ini

358256780

\Tc.exe

358256780@qq.com

;1:1;2;0;0;0;0

;1:1;2;7;8;8;1

;1:1;2;7;8;2;2

;1:1;2;7;8;2;1

;1:1;2;4;39;2;2

;2:1;4;8;24;2;1

hXXp://VVV.zdjy.top/mdataip.txt

(@z1.zdjy.top

sh-cqgaji.myalauda.cn

bj-cqgaji1.myalauda.cn

cqgaji-web2-0.daoapp.io

hXXp://quote.eastmoney.com/stocklist.html

hXXp://quote.eastmoney.com/sh

.html

hXXp://quote.eastmoney.com/sz

\stockall.txt

hXXp://qt.gtimg.cn/q=

.rsrc

A.Xe3f

####.BVjv;

.PJ8&4

k\\%SG@x

Om.Hs

!G.CS

y`g#Z%fpm

5<\UWSSHh

%UmG|

8,J8-H}GN

wx`>x.htC

.Be$>;

t2.ez

z#h.WW

b.LDQ2

K.sUQ

]*,^] %F

uA.MT

GE.IY\

HA_X%Ux:

AY.lj

*.xnt2,#

%CxdH

N4xdh%dP

C.kwFt

@.%XXgrHVx

%C 5A

s.tyP

?n.NNn

%*.*f I64

CNotSupportedExcepti

7Z.DLL7H

CmdT"

.INaK

.MSVCRTE

.PAVC

.htm7H

(&07-034/)7

)*$-2{

.Tu8&

7%s:%dS

%ld%cW

zcÁ

.chs\S

e.Uc-c-9

.Xj/-W5

"ZKey

ADVAPI32.dll

COMCTL32.dll

comdlg32.dll

GDI32.dll

OLEAUT32.dll

SHELL32.dll

USER32.dll

WINMM.dll

WINSPOOL.DRV

WS2_32.dll

RegCloseKey

ShellExecuteA

hXXp://VVV.zdjy.top/updata/updata.txt

updata.zip

1973-11-15-

\tlog.txt

hXXp://wpa.qq.com/msgrd?v=3&uin=

hXXp://r.qzone.qq.com/fcg-bin/cgi_get_score.fcg?mask=7&uins=

smtp.

@qq.com:

hXXp://zhidao.baidu.com/link?url=pMvhbOuS6gAg6g8CFyzxRtqVRfJACFTd5r227lp33nSiegxVQzOyOPVWTLir5OgqA47vn8a8Gk-4eGj7vMJWxGGR6ZnR9_OEApfIsjZEVRK

*.ini

:510050:510050

\atcon.tem

\atcon.bak

@ping 127.0.0.1 -n

del Restart.bat

\Restart.bat

pwrtest.exe

.text

`.data

.pdata

@.idata

@.rsrc

@.reloc

WTTLogInit

RegDeleteKeyExW

RegDeleteKeyW

pwrtest.pdb

u.fD;n|t'f;~|L

u5fD;{|t.fD;c|L

urL90umH

RegOpenKeyExW

GetProcessHeap

KERNEL32.dll

_amsg_exit

msvcrt.dll

ntdll.dll

POWRPROF.dll

SETUPAPI.dll

RegCreateKeyExW

tdh.dll

name="Microsoft.Windows.pwrtest"

version="1.0.0.0"

<description> my foo exe </description>

<requestedExecutionLevel

<!-- Windows 7 -->

<supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/>

<!-- Windows 8 -->

<supportedOS Id="{4a2f28e3-53b9-4441-ba9c-d69d4a4a6e38}"/>

<!-- Windows BLUE -->

<supportedOS Id="{1f676c76-80e1-4239-95bb-83d0f6d0da78}"/>

<asmv3:windowsSettings xmlns="hXXp://schemas.microsoft.com/SMI/2005/WindowsSettings">

</asmv3:windowsSettings>

.idata

t.hXuA

D$.Ph4IA

= =$=(=,=0=4=

2 2$2(2,2

6%7,797@7

pwrtestlog.etl

pwrtestlog.log

pwrtestlog.xml

yjstock.exe

user\Alert.alt

hXXp://data.10jqka.com.cn/ipo/xgsgyzq

zdjyzdjy@sina.com

hXXp://item.taobao.com/item.htm?spm=a1z10.1-c.w4004-2248521139.2.D3TEsA&id=520436485350

hXXp://item.taobao.com/item.htm?spm=a1z10.1-c.w4004-2248521139.4.D3TEsA&id=520436385744

hXXp://VVV.zdjy.top/help.htm

9:00-15:00

&nick=

hXXps://item.taobao.com/item.htm?spm=a1z10.1-c.w4004-2248521139.2.CgQIvb&id=520440644054

VBScript.RegExp

V8.87 2016-05-13 VVV.zdjy.top

shex.tnf

szex.tnf

d:\dzh3\DZH.exe

C:\new_tdx\TdxW.exe

D:\FoxGrandJy\FoxTrader.exe

__MSVCRT_HEAP_SELECT

GetCPInfo

HP-Socket.fne

TCPClient_Create

TCPClient_Destroy

TCPClient_Fetch

TCPClient_GetConnectionExtra

TCPClient_GetConnectionID

TCPClient_GetKeepAliveTime

TCPClient_GetLastError

TCPClient_GetLastErrorDesc

TCPClient_GetListenAddress

TCPClient_GetPendingDataLength

TCPClient_GetSocketBufferSize

TCPClient_GetState

TCPClient_HasStarted

TCPClient_Peek

TCPClient_Send

TCPClient_SendPackets

TCPClient_SendPart

TCPClient_SetConnectionExtra

TCPClient_SetKeepAliveTime

TCPClient_SetSocketBufferSize

TCPClient_Start

TCPClient_Stop

TCPServer_Create

TCPServer_Destroy

TCPServer_Disconnect

TCPServer_DisconnectLongConnections

TCPServer_DisconnectSilenceConnections

TCPServer_Fetch

TCPServer_GetAcceptSocketCount

TCPServer_GetAllConnectionIDs

TCPServer_GetConnectPeriod

TCPServer_GetConnectionCount

TCPServer_GetConnectionExtra

TCPServer_GetKeepAliveTime

TCPServer_GetLastError

TCPServer_GetLastErrorDesc

TCPServer_GetListenAddress

TCPServer_GetPendingDataLength

TCPServer_GetRemoteAddress

TCPServer_GetSocketBufferSize

TCPServer_GetState

TCPServer_HasStarted

TCPServer_Peek

TCPServer_Send

TCPServer_SendPackets

TCPServer_SendPart

TCPServer_SetAcceptSocketCount

TCPServer_SetConnectionExtra

TCPServer_SetKeepAliveTime

TCPServer_SetSocketBufferSize

TCPServer_Start

TCPServer_Stop

F%*.*f

CNotSupportedException

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

COMCTL32.DLL

CCmdTarget

windows

MSWHEEL_ROLLMSG

iphlpapi.dll

SHLWAPI.dll

MPR.dll

VERSION.dll

WSOCK32.dll

.PAVCException@@

.PAVCNotSupportedException@@

.PAVCFileException@@

(*.prn)|*.prn|

(*.*)|*.*||

Mpr.dll

Advapi32.dll

User32.dll

Gdi32.dll

(&07-034/)7 '

?? / %d]

%d / %d]

: %d]

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|BMP

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

%s:%d

out.prn

%d.%d

%d / %d

%d/%d

Bogus message code %d

(%d-%d):

%ld%c

x86 Family %s Model %s Stepping %s

X-X-X-X

Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)

HTTP/1.0

%s <%s>

Reply-To: %s

From: %s

To: %s

Subject: %s

Date: %s

Cc: %s

%a, %d %b %Y %H:%M:%S

HELO %s

SMTP

AUTH LOGIN

LOGIN

AUTH=LOGIN

EHLO %s

Content-Type: application/octet-stream; name=%s

Content-Disposition: attachment; filename=%s

MAIL FROM:<%s>

RCPT TO:<%s>

1.1.3

;3 #>6.&

'2, / 0&7!4-)1#

%d%d%d

rundll32.exe shell32.dll,

IsShowDiglog

.PAVCResourceException@@

%d-%d-%d

%Y-%m-%d

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.jpg;*.bmp;*.gif;*.ico;*.cur|JPG

(*.JPG)|*.jpg|BMP

(*.BMP)|*.bmp|GIF

(*.GIF)|*.gif|

(*.ICO)|*.ico|

(*.CUR)|*.cur||

0.0.0.0

`.rdata

@.data

operator

GetProcessWindowStation

D:\MyWork\Cpp\HP-Socket\Bin\HPSocket4C\x86\HPSocket4C.pdb

CreateIoCompletionPort

MsgWaitForMultipleObjectsEx

HPSocket4C.dll

Create_HP_TcpAgent

Create_HP_TcpAgentListener

Create_HP_TcpClient

Create_HP_TcpClientListener

Create_HP_TcpPullAgent

Create_HP_TcpPullAgentListener

Create_HP_TcpPullClient

Create_HP_TcpPullClientListener

Create_HP_TcpPullServer

Create_HP_TcpPullServerListener

Create_HP_TcpServer

Create_HP_TcpServerListener

Create_HP_UdpCast

Create_HP_UdpCastListener

Create_HP_UdpClient

Create_HP_UdpClientListener

Create_HP_UdpServer

Create_HP_UdpServerListener

Destroy_HP_TcpAgent

Destroy_HP_TcpAgentListener

Destroy_HP_TcpClient

Destroy_HP_TcpClientListener

Destroy_HP_TcpPullAgent

Destroy_HP_TcpPullAgentListener

Destroy_HP_TcpPullClient

Destroy_HP_TcpPullClientListener

Destroy_HP_TcpPullServer

Destroy_HP_TcpPullServerListener

Destroy_HP_TcpServer

Destroy_HP_TcpServerListener

Destroy_HP_UdpCast

Destroy_HP_UdpCastListener

Destroy_HP_UdpClient

Destroy_HP_UdpClientListener

Destroy_HP_UdpServer

Destroy_HP_UdpServerListener

HP_TcpAgent_GetKeepAliveInterval

HP_TcpAgent_GetKeepAliveTime

HP_TcpAgent_GetSocketBufferSize

HP_TcpAgent_IsReuseAddress

HP_TcpAgent_SendSmallFile

HP_TcpAgent_SetKeepAliveInterval

HP_TcpAgent_SetKeepAliveTime

HP_TcpAgent_SetReuseAddress

HP_TcpAgent_SetSocketBufferSize

HP_TcpClient_GetKeepAliveInterval

HP_TcpClient_GetKeepAliveTime

HP_TcpClient_GetSocketBufferSize

HP_TcpClient_SendSmallFile

HP_TcpClient_SetKeepAliveInterval

HP_TcpClient_SetKeepAliveTime

HP_TcpClient_SetSocketBufferSize

HP_TcpPullAgent_Fetch

HP_TcpPullAgent_Peek

HP_TcpPullClient_Fetch

HP_TcpPullClient_Peek

HP_TcpPullServer_Fetch

HP_TcpPullServer_Peek

HP_TcpServer_GetAcceptSocketCount

HP_TcpServer_GetKeepAliveInterval

HP_TcpServer_GetKeepAliveTime

HP_TcpServer_GetSocketBufferSize

HP_TcpServer_GetSocketListenQueue

HP_TcpServer_SendSmallFile

HP_TcpServer_SetAcceptSocketCount

HP_TcpServer_SetKeepAliveInterval

HP_TcpServer_SetKeepAliveTime

HP_TcpServer_SetSocketBufferSize

HP_TcpServer_SetSocketListenQueue

HP_UdpCast_GetBindAdddress

HP_UdpCast_GetCastMode

HP_UdpCast_GetMaxDatagramSize

HP_UdpCast_GetMultiCastTtl

HP_UdpCast_GetRemoteAddress

HP_UdpCast_IsMultiCastLoop

HP_UdpCast_IsReuseAddress

HP_UdpCast_SetBindAdddress

HP_UdpCast_SetCastMode

HP_UdpCast_SetMaxDatagramSize

HP_UdpCast_SetMultiCastLoop

HP_UdpCast_SetMultiCastTtl

HP_UdpCast_SetReuseAddress

HP_UdpClient_GetDetectAttempts

HP_UdpClient_GetDetectInterval

HP_UdpClient_GetMaxDatagramSize

HP_UdpClient_SetDetectAttempts

HP_UdpClient_SetDetectInterval

HP_UdpClient_SetMaxDatagramSize

HP_UdpServer_GetDetectAttempts

HP_UdpServer_GetDetectInterval

HP_UdpServer_GetMaxDatagramSize

HP_UdpServer_GetPostReceiveCount

HP_UdpServer_SetDetectAttempts

HP_UdpServer_SetDetectInterval

HP_UdpServer_SetMaxDatagramSize

HP_UdpServer_SetPostReceiveCount

_Create_HP_TcpAgent@4

_Create_HP_TcpAgentListener@0

_Create_HP_TcpClient@4

_Create_HP_TcpClientListener@0

_Create_HP_TcpPullAgent@4

_Create_HP_TcpPullAgentListener@0

_Create_HP_TcpPullClient@4

_Create_HP_TcpPullClientListener@0

_Create_HP_TcpPullServer@4

_Create_HP_TcpPullServerListener@0

_Create_HP_TcpServer@4

_Create_HP_TcpServerListener@0

_Create_HP_UdpCast@4

_Create_HP_UdpCastListener@0

_Create_HP_UdpClient@4

_Create_HP_UdpClientListener@0

_Create_HP_UdpServer@4

_Create_HP_UdpServerListener@0

_Destroy_HP_TcpAgent@4

_Destroy_HP_TcpAgentListener@4

_Destroy_HP_TcpClient@4

_Destroy_HP_TcpClientListener@4

_Destroy_HP_TcpPullAgent@4

_Destroy_HP_TcpPullAgentListener@4

_Destroy_HP_TcpPullClient@4

_Destroy_HP_TcpPullClientListener@4

_Destroy_HP_TcpPullServer@4

_Destroy_HP_TcpPullServerListener@4

_Destroy_HP_TcpServer@4

_Destroy_HP_TcpServerListener@4

_Destroy_HP_UdpCast@4

_Destroy_HP_UdpCastListener@4

_Destroy_HP_UdpClient@4

_Destroy_HP_UdpClientListener@4

_Destroy_HP_UdpServer@4

_Destroy_HP_UdpServerListener@4

_HP_TcpAgent_GetKeepAliveInterval@4

_HP_TcpAgent_GetKeepAliveTime@4

_HP_TcpAgent_GetSocketBufferSize@4

_HP_TcpAgent_IsReuseAddress@4

_HP_TcpAgent_SendSmallFile@20

_HP_TcpAgent_SetKeepAliveInterval@8

_HP_TcpAgent_SetKeepAliveTime@8

_HP_TcpAgent_SetReuseAddress@8

_HP_TcpAgent_SetSocketBufferSize@8

_HP_TcpClient_GetKeepAliveInterval@4

_HP_TcpClient_GetKeepAliveTime@4

_HP_TcpClient_GetSocketBufferSize@4

_HP_TcpClient_SendSmallFile@16

_HP_TcpClient_SetKeepAliveInterval@8

_HP_TcpClient_SetKeepAliveTime@8

_HP_TcpClient_SetSocketBufferSize@8

_HP_TcpPullAgent_Fetch@16

_HP_TcpPullAgent_Peek@16

_HP_TcpPullClient_Fetch@12

_HP_TcpPullClient_Peek@12

_HP_TcpPullServer_Fetch@16

_HP_TcpPullServer_Peek@16

_HP_TcpServer_GetAcceptSocketCount@4

_HP_TcpServer_GetKeepAliveInterval@4

_HP_TcpServer_GetKeepAliveTime@4

_HP_TcpServer_GetSocketBufferSize@4

_HP_TcpServer_GetSocketListenQueue@4

_HP_TcpServer_SendSmallFile@20

_HP_TcpServer_SetAcceptSocketCount@8

_HP_TcpServer_SetKeepAliveInterval@8

_HP_TcpServer_SetKeepAliveTime@8

_HP_TcpServer_SetSocketBufferSize@8

_HP_TcpServer_SetSocketListenQueue@8

_HP_UdpCast_GetBindAdddress@4

_HP_UdpCast_GetCastMode@4

_HP_UdpCast_GetMaxDatagramSize@4

_HP_UdpCast_GetMultiCastTtl@4

_HP_UdpCast_GetRemoteAddress@16

_HP_UdpCast_IsMultiCastLoop@4

_HP_UdpCast_IsReuseAddress@4

_HP_UdpCast_SetBindAdddress@8

_HP_UdpCast_SetCastMode@8

_HP_UdpCast_SetMaxDatagramSize@8

_HP_UdpCast_SetMultiCastLoop@8

_HP_UdpCast_SetMultiCastTtl@8

_HP_UdpCast_SetReuseAddress@8

_HP_UdpClient_GetDetectAttempts@4

_HP_UdpClient_GetDetectInterval@4

_HP_UdpClient_GetMaxDatagramSize@4

_HP_UdpClient_SetDetectAttempts@8

_HP_UdpClient_SetDetectInterval@8

_HP_UdpClient_SetMaxDatagramSize@8

_HP_UdpServer_GetDetectAttempts@4

_HP_UdpServer_GetDetectInterval@4

_HP_UdpServer_GetMaxDatagramSize@4

_HP_UdpServer_GetPostReceiveCount@4

_HP_UdpServer_SetDetectAttempts@8

_HP_UdpServer_SetDetectInterval@8

_HP_UdpServer_SetMaxDatagramSize@8

_HP_UdpServer_SetPostReceiveCount@8

.?AVC_HP_UdpCast@@

.?AVC_HP_UdpClient@@

.?AVC_HP_TcpPullClient@@

.?AVC_HP_TcpClient@@

.?AVC_HP_TcpPullAgent@@

.?AVC_HP_TcpAgent@@

.?AVC_HP_UdpServer@@

.?AVC_HP_TcpPullServer@@

.?AVC_HP_TcpServer@@

.?AVCUdpCast@@

.?AVCUdpClient@@

.?AVCUdpServer@@

.?AVCTcpPullAgent@@

.?AVCTcpPullClient@@

.?AVCTcpPullServer@@

.?AVCTcpAgent@@

.?AVCTcpClient@@

.?AVCTcpServer@@

.?AVIUdpCast@@

.?AVIUdpClient@@

.?AVITcpClient@@

.?AVITcpAgent@@

.?AVIUdpServer@@

.?AVITcpServer@@

<requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>

=&>5>^>{>

5 5$5(5,5

4%8U8_8j8

2 2$2(24282<2

3 3$3(3,303

8@kernel32.dll

shell32.dll

program internal error number is %d.

:"%s"

:"%s".

c:\%original file name%.exe

.PAVCOleException@@

.PAVCObject@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCArchiveException@@

ww.zdjy.top/kfdl

#include "l.chs\afxres.rc" // Standard components

WinExec

RegOpenKeyExA

RegCreateKeyA

RegCreateKeyExA

ScaleViewportExtEx

SetViewportExtEx

OffsetViewportOrgEx

SetViewportOrgEx

GetViewportOrgEx

GetViewportExtEx

UnhookWindowsHookEx

CreateDialogIndirectParamA

GetKeyState

GetKeyboardLayout

VkKeyScanExA

SetWindowsHookExA

EnumWindows

RegisterHotKey

UnregisterHotKey

InternetCanonicalizeUrlA

InternetCrackUrlA

6.2.6.0

(hXXp://VVV.eyuyan.com)

%s\canwritetodir.file

SetupDiGetClassDevs on GUID_DEVICE_BATTERY, failed:0xx

Battery %d: %s

CreateFile failed with: 0xx

SetupDiGetInterfaceDeviceDetail, failed: 0xx

base\power\tools\pwrtest\exe\battery.cpp

SetupDiEnumInterfaceDevice, failed: 0xx

BatteryNo value %d is out of bound (number of batteries is %d)

DeviceIoControl on IOCTL_BATTERY_QUERY_TAG returns BATTERY_TAG_INVALID: 0xx

ManufactureName: %s

DeviceName: %s

UniqueID: %s

SerialNumber: %s

EstimatedTime: %d seconds

DeviceIoControl on IOCTL_BATTERY_QUERY_TAG failed: 0xx

DeviceIoControl on IOCTL_BATTERY_QUERY_INFORMATION/Info %d failed: 0xx

DeviceIoControl on IOCTL_BATTERY_QUERY_INFORMATION/BATTERY_STATUS failed 0xx

BATTERY_SET_CHARGE_SUPPORTED

BATTERY_SET_DISCHARGE_SUPPORTED

Chemistry: %s

DesignedCapacity: %d mWh (or relative)

FullChargedCapacity: %d mWh (or relative)

CriticalBias: %d mWh (or relative)

CycleCount: %d

DefaultAlert1: %d

DefaultAlert2: %d

Capacitiy: %d mWh (or relative)

Voltage: %d millivolts

Rate: %d mWh (or relative)

SystemS1StateSupported = %d

SystemS2StateSupported = %d

SystemS3StateSupported = %d

SystemS4StateSupported = %d

SystemS5StateSupported = %d

RtcWakeSupported = S%d

FastSystemS4 = %d

VideoDimPresent = %d

HiberFilePresent = %d

AoAc = %d

SystemS1StateSupported

SystemS2StateSupported

SystemS3StateSupported

SystemS4StateSupported

SystemS5StateSupported

RtcWakeSupported

base\power\tools\pwrtest\exe\ppminfowmi.cpp

This program isn't supported running in the Wow64 environment.

HeapAlloc(size=0x%x) Failed!

Max Transition Latency: %u us

Number of States: %u

%-5u %4u (%3u%%) %s

number="%d" frequency="%d" percentofmaxfrequency="%d" type="%s"

ERROR: specified logical processor number is out of range: %u

InstanceName: %s

processor='%d'

OS Processor Number: %u

Processor Block Address: 0x%x

Processor Block Length: %u

Processor Id: %u

Apic Id: %u

AddressSpaceID: 0x%x

BitWidth: 0x%x

BitOffset: 0x%x

Reserved: 0x%x

processor="%d"

State %u

Frequency: %u Mhz

Power: %u mWatts

Latency: %u us

BM Latency: %u us

Control: 0x%x

Status: 0x%x

index="%d"

Instance name: %s

Processor performance and throttle states: (%u states)

Current state: %u

Fastest state considering policy ceiling: %u

Slowest state considering policy floor: %u

Slowest performance state: %u

Thermal constraint (ceiling): %u

Max frequency: %u mhz

Busy adj threshold: %u%%

Domain coordination: 0x%x

Type: 0x%x

Reserved: 0x%x

Time check: %u ms

P-state handler: %sPresent

P-state context: %sPresent

T-state handler: %sPresent

T-state context: %sPresent

Feedback handler: %sPresent

State %u:

Frequency: %u Mhz (%u%%)

Power: %u mWatts

IncreaseLevel: %u%%

DecreaseLevel: %u%%

IncreaseTime: %u clock ticks (~%u us)

DecreaseTime: %u clock ticks (~%u us)

Hit count: %u

ERROR: failed to get ProcessorStatus_GUID WMI data for processor %d

Kernel Idle States: (%u states)

TargetState: %u

Type: %u

Latency: %u us

Power: %u mWatts

TimeCheck: %u QPC ticks (%u ms)

PromotePercent: %u%%

DemotePercent: %u%%

StateType: C%u

IdleHandler: %sPresent

Context: %sPresent

number="%d" latency="%uus" power="%umW" TimeCheck="%ums" PromotePercent="%u" DemotePercent="%u" StateType="C%u"

FadtC2Latency: %u

FadtC3Latency: %u

CStateVersionInUse: %u

AddressSpaceID: 0x%x

BitWidth: 0x%x

BitOffset: 0x%x

Reserved: 0x%x

StateType: %u

Latency: %u

PowerConsumption: %u

The CPU doesn't support P/C states.

-  = = = = - = m %C

interval="%d"

Initialization for pwrtest options failed, HRESULT: 0x%x

Initialization for pwrtest scenario options failed, HRESULT: 0x%x

Failed to initialize WTT log devices, HRESULT: 0x%x

ERROR: failed to generate trace session GUID: 0x%x

Unable to open %s for writing, giving up.

Unable to open %s for writing, trying TEMP folder instead.

Logging to %s

%s\%s.%s

XML log name: %s

WTT log name: %s

WTT log level: %d

Plainlog name: %s

Session name: %s

ETL log name: %s

ETW buffer size: %d

ETW min buffers: %d

ETW max buffers: %d

Delay write log: %s

$LogFile:file="%s",writemode=overwrite;$PlainLog:file="%s",writemode=overwrite

$Console:enablelvl=Msg|Error|Warn|Assert

base\power\tools\pwrtest\exe\pwrtestscenario.cpp

es thread execution state monitoring Win7

To see available scenario options type: pwrtest.exe /scenario /?

Example: pwrtest.exe /sleep /?

Default log location is the same folder as pwrtest.exe

Log file extensions added automatically (.wtl, .xml, etc.)

-must run from an administrator/elevated command prompt in order to support

-must run natively (WoW64 not supported) in order to support ETW tracing

date="d/d/d" time="d:d:d" filename="%s"

This program only runs on Windows Vista or newer OS

Pwrtest needs to run elevated in order to support ETW tracing.

WoW64 is not supported, must execute the native binary in order to support ETW tracing.

RegOpenKeyEx

ERROR: Event TimeStamp information could not be obtained (0xx)

d/d/d d:d:d

%sd/d/d d:d:d::d

The TIMER scenario supports the following options:

%s event property could not be obtained

base\power\tools\pwrtest\exe\scenariotimer.cpp

d:d:d.d NtSetTimerResolution

(resolution:%d process:%s pid:%d service:%s)

(resolution:%d process:%s pid: %d subprocess tag:%d)

(resolution:%d process:%s pid:%d)

(resolution:%d process:%s)

d:d:d.d ExSetTimerResolution

(resolution:%d)

d:d:d.d UpdateTimerResolution

d:d:d.d TimerResolutionRundown

(current resolution:%d minimum resolution: %d maximum resolution: %d kernel count:%d kernel request:%d)

d:d:d.d TimerResolutionRequestRundown

The THERMAL scenario supports the following options:

Note: This scenario only works on systems which report thermal data to the

operating system

base\power\tools\pwrtest\exe\scenariothermal.cpp

All temperatures in %s

Timestamp Temp(%s) Data Mode ACPI Node

d:d:d%9lld Passive %s

_TC1:%u

_TC2:%u

_TSP:%u

PassiveCooling

d:d:d%9lld Active %s

d:d:d%9lld Hot %s

d:d:d%9lld Critical %s

LogInterval

d:d:d% Illegal Throttle

Processor:%d

Elapsed:%d

Interval:%d

d:d:d Fan %-2d %s %s

The MONITOR scenario supports the following options:

Could not initialize WMI event tracing for monitor brightness. GLE:0x%x

base\power\tools\pwrtest\exe\scenariomonitor.cpp

d:d:d console Adaptive Dim Timeout: %d -> %d seconds

d:d:d  %s Monitor State: %s -> %s

d:d:d  Screen Saver Started

d:d:d  Console Locked

d:d:d  Screen Saver Timeout: %d seconds

d:d:d  Screen Saver Timeout: %d -> %d seconds

d:d:d  Blank Timeout: %d seconds

d:d:d  Blank Timeout: %d -> %d seconds

d:d:d  Dim Timeout: %d seconds

d:d:d  Dim Timeout: %d -> %d seconds

d:d:d  Dim Brightness: %d%%

d:d:d  Dim Brightness: %d%% -> %d%%

d:d:d  Normal Monitor Brightness: %d%%

d:d:d  Normal Monitor Brightness: %d%% -> %d%%

d:d:d  Idle Reset

d:d:d  Idle: %d seconds

d:d:d console Physical Monitor Brightness Changed: %d%% -> %d%%

The REQUESTS scenario supports the following options:

base\power\tools\pwrtest\exe\scenariorequests.cpp

d:d:d Create: %s

Type:%s ProcessID:%lu SessionID:%lu

Context: %s

Allow:%s%s%s%s%s%s

Count: %sSystem:%lu %sDisplay:%lu %sAwayMode:%lu %sPerfBoost:%lu

%sExecutionRequired:%lu %sFullScreenVideo:%lu

d:d:d Change: %s

d:d:d Close: %s

The PROCESSIDLE scenario supports the following options:

%ws: Idle task registered: "%ws" in process %d

%ws: Idle task unregistered: "%ws" in process %d

%ws: Idle task started: "%ws" in process %d

%ws: Idle task stopped: "%ws" in process %d

%ws: Idle task completed: "%ws" in process %d

d:d:d.d

%s event property could not be obtained. %d. Error code %X. Required size: %d.

base\power\tools\pwrtest\exe\scenarioprocessidle.cpp

ID %d

Process idle tasks thread exited with error: 0xx

id="%d"

id="%d" shortterm="%d" rechargable="%d"

d/d/d

The BATTERY scenario supports the following options:

base\power\tools\pwrtest\exe\scenariobattery.cpp

d - %s d:d:d = m m m

Sleep time -%d seconds- is too small. Must be larger than 30 seconds! Using default value %d

Timeout for receive power transition end event -%d seconds- is too small. Must be larger than %d seconds!

The SLEEP scenario supports the following options:

t supported for hibernate, system will restart and immediately resume after writing hiber file)

/s:all indicates cycling through all supported power states in order

/s:rnd indicates cycling through all supported power states randomly

/unattend indicates not to change system execution state after wakeup

base\power\tools\pwrtest\exe\scenariosleep.cpp

Setting the AC value for GUID_LOCK_CONSOLE_ON_WAKE failed%s

Setting the DC value for GUID_LOCK_CONSOLE_ON_WAKE failed%s

Setting the AC value for GUID_HIBERNATE_FASTS4_POLICY failed%s

Setting the DC value for GUID_HIBERNATE_FASTS4_POLICY failed%s

Setting the AC value for GUID_ALLOW_RTC_WAKE failed%s

Setting the DC value for GUID_ALLOW_RTC_WAKE failed%s

Setting the AC value for GUID_UNATTEND_SLEEP_TIMEOUT failed%s

Setting the DC value for GUID_UNATTEND_SLEEP_TIMEOUT failed%s

NumTransitions:%d DelayTime:%d SleepTime:%d

bHybrid:%d SleepType:%d QPCCheck:%d

EndEventTimeout:%d

System does not support any sleep states.

System does not support the target sleep state.

hybrid="%d" delay="%d" sleeptime="%d" IgnoreUsbHub="%d" EndTransitionEventTimeout="%d"

tracerpt.exe -rt "%s" -o pstrace.xml -of XML -y

tracerpt cmd: %s

No.%d Transition -- TargetState: %s

Simulating a key press to keep the system awake

Setting the wake alarm at %d/%d/%d %d:%d:%d::%d for %d seconds

Current Time could not be obtained. Setting the wake alarm for %d seconds

Non Root USB HUB Detected: %s

number="%d" status="%d"

d:d:d

WaitForTransition: ResetEvent failed (0xx)

TargetState: S%d

EffectiveState: S%d

The DEVICE scenario supports the following options:

The DISK scenario supports the following options:

base\power\tools\pwrtest\exe\scenariodeviceanddisk.cpp

d:d:d %-2d %s %s %s

d:d:d Removed

%s, %s

d:d:d %-2d %s %s Idle: ]s, NonIdle: =s %s

d:d:d * -- Pol Timeout: %ds, IgnoreThreshold: %ds

d:d:d New BusyCount: =

%s %s

d:d:d %sBusyCount: =

State: D%d ConservativeTimeout: Ms%s

Idle:s PerformanceTimeout: ]s%s

Query %s failed. Error code = %#x

\\.\PHYSICALDRIVE

The PPM scenario supports the following options:

Polling interval must be greater than 500ms, using default value %d

Cycle count must be greater than 0, using default value %d

Info: the CPU doesn't support P-states.

Info: the CPU doesn't support C-states.

base\power\tools\pwrtest\exe\scenariolegacyppm.cpp

WmiNotificationRegistration() Failed! rc=0x%x

Unregister for PPM WMI event failed! rc=0x%x

ERROR: instance name could not be allocated (0xx)

%s: Unknown Event Id = %u

IdleStateIndex="%d"

%s count="%u"

BucketCount="%d"

%s Count="%d"

%u.%.3u

.ldus

MinLimitMs="%d" MaxLimitMs="%d"

The ES scenario displays thread execution state and system state changes.

The ES scenario supports the following options:

/stes:y indicates SetThreadExecutionState events should be logged (default)

/stes:n indicates SetThreadExecutionState events should not be logged

/user indicates only user events (SetThreadExecutionState) should be logged

The IDLE scenario supports the /t:n option as well as all /es options:

Waiting for Execution State Events%s

and Execution State Events...

Waiting for System Idle Events%s

base\power\tools\pwrtest\exe\scenarioesidle.cpp

0xx

Continuous: %d Display: %d System: %d AwayMode: %d UserPresent: %d

The INFO scenario supports the following options:

base\power\tools\pwrtest\exe\scenarioinfo.cpp

MaxIdlenessAllowed = %d

Idleness = %d

TimeRemaining = %d

CoolingMode = %d

AcOnLine = %d

BatteryPresent = %d

Charging = %d

Discharging = %d

MaxCapacity = %d

RemainingCapacity = %d

RateOfDrain = %d

EstimatedTime = %d

DefaultAlert1 = %d

DefaultAlert2 = %d

getCpuPerf: CpuInfoProcessor

getCpuPerf: CpuInfoIdle

The CPU(s) doesn't support P-states. Querying for PCC information...

getCpuPerf: CpuInfoPerf

Timed out waiting for PCC rundown event. Wait time can be increased using option /w:, but this won't have an effect if the system doesn't support PCC.

WaitForSingleObject: Unknown return value 0x%x

Minimum performance frequency percentage: -%%

Minimum throttled frequency percentage: -%%

SetEvent failed. LastError: 0x%x

supports AoAc.

is installed by the Windows Device Testing Framework (WDTF) which is

found in the Microsoft Windows Driver Kit (WDK) version 8 or later.

The CS scenario supports the following options:

base\power\tools\pwrtest\exe\scenarioconnectedstandby.cpp

System does not support AoAc, cannot test Connected Standby.

Virtual power button driver not found, please install the Windows Device

Testing Framework (WDTF) which is found in the Microsoft Windows Driver Kit

NumTransitions:%d DelayTime:%d CSExitTime:%d

Supported Platform States: %lu

StateCount="%lu" ResetCount="%lu" Timestamp="d/d/d d:d:d.d"

d:d:d.d %s Connected Standby

Timestamp="d/d/d d:d:d.d"

d:d:d.d Input %s

%s phase failed

d:d:d.d %s %s Phase

d:d:d.d %s has active execution required power request, will block DAM phase completion until cleared or invalidated.

name="%s" Timestamp="d/d/d d:d:d.d"

Caller="%s" Timestamp="d/d/d d:d:d.d"

d:d:d.d %s cleared execution required power request, no longer blocks DAM phase completion.

Setting the AC value for GUID_VIDEO_POWERDOWN_TIMEOUT failed%s

Setting the DC value for GUID_VIDEO_POWERDOWN_TIMEOUT failed%s

Setting the AC value for GUID_VIDEO_CONSOLE_LOCK_TIMEOUT failed%s

Setting the DC value for GUID_VIDEO_CONSOLE_LOCK_TIMEOUT failed%s

The PLATIDLE scenario supports the following options:

base\power\tools\pwrtest\exe\scenarioplatidle.cpp

System does not support AoAc, cannot get platform idle statistics.

System does not report any supported platform idle states, cannot continue!

Supported Platform Idle State Count: %lu

d:d:d State:%lu Succeeded:%lu Failed:%lu Cancelled:%lu

base\power\tools\pwrtest\exe\platidle.cpp

%s event property could not be obtained from struct %s index %lu

wttlog.dll

Unable to open %s for writing.

Log File Str:%s, 0x%x, %d

Start: %s

Error: %s

File: %s

Line: %u

Error Code: 0x%x

Warn: %s

Assert: %s

%s, Line: %u

End: %s, %s, %s

Failed to write to log file this string: %s

plaintext.log

Unable to extract log filename. Use plaintext.log instead

<%s>%s

<%s %s%s>%s

</%s>

<%s %s>%d</%s>

<%s>%d</%s>

<%s>%lld</%s>

<%s>%u</%s>

<%s>%I64u</%s>

<%s format="hex">0x%x</%s>

<%s format="hex">0x%I64x</%s>

<%s>%llu</%s>

<%s format="hex">0x%llx</%s>

<Timestamp>d/d/d d:d:d.d</Timestamp>

OpenDevice failed: 0x%x

DeviceIoControl failed: 0x%x

WaitForDisplayOn failed: 0x%x

NtPowerInformation failed: 0x%x

Software\Policies\Microsoft\Windows\Personalization

Software\Policies\Microsoft\Windows

devobj.dll

SOFTWARE\Microsoft\Windows\CurrentVersion\Tests\PowerButton

[%hs,%d] %ls

button.inf

GetDevObjFunctions failed: 0x%x

DevObjCreateDeviceInfoListFunction failed: 0x%x

DevObjGetClassDevsFunction failed: 0x%x

DevObjEnumDeviceInfoFunction failed: 0x%x

DevObjEnumDeviceInterfacesFunction failed: 0x%x

DevObjGetDeviceInterfaceDetailFunction failed: 0x%x

malloc failed: 0x%x

CreateFile failed: 0x%x

newdev.dll

powrprof.dll

d:d:d.d %-5d ACPI Notify (0x80), _PPC = %u

d:d:d.d %-5d ACPI Notify (0x81)

d:d:d.d %-5d ACPI Notify (0x82), _TPC = %u

d:d:d.d %-5d Perf State Change (State:%u, Speed:%u Mhz) %s

d:d:d.d %-5d Domain Perf State Change

(State:%u, Speed:%u Mhz, Affinity:%#x)

d:d:d.d %-5d Idle State %s (Old:%u, New:%u, Affinity:%#x)

d:d:d.d %-5d Idle Accounting Event

d:d:d.d %-5d Thermal Constraint Change (State:%u, Affinity:%#x)

6.3.9600.16384 (winblue_rtm.130821-1623)

PwrTest.exe

Windows

Operating System

6.3.9600.16384

Bbase\power\tools\pwrtest\exe\platidle.cpp

File : %s, Line : %u

Status : 0x%x, StatusType : %u

= Start of Test Case : %s

= End of Test Case : %s

%s, Line: %u

COpenDevice failed: 0x%x

lDeviceIoControl failed: 0x%x

*!&><?{}

!"#$%&'()* ,-./01234567

mscoree.dll

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

3.3.1

hXXp://VVV.jessma.org

Grid.Document

(*.*)

×¿ßäÊØ»¤³ÌÐò.exe_3796:

`.rsrc

t$(SSh

~%UVW

u$SShe

Jiu2.iu

1wK(.wS

\updata.zip

inflate 1.1.3 Copyright 1995-1998 Mark Adler

F%*.*f

CNotSupportedException

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

COMCTL32.DLL

CCmdTarget

__MSVCRT_HEAP_SELECT

user32.dll

iphlpapi.dll

SHLWAPI.dll

MPR.dll

VERSION.dll

WININET.dll

.PAVCException@@

.PAVCNotSupportedException@@

.PAVCFileException@@

(*.prn)|*.prn|

(*.*)|*.*||

Shell32.dll

Mpr.dll

Advapi32.dll

User32.dll

Gdi32.dll

Kernel32.dll

(&07-034/)7 '

?? / %d]

%d / %d]

: %d]

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|BMP

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

%s:%d

windows

out.prn

%d.%d

%d / %d

%d/%d

Bogus message code %d

(%d-%d):

%ld%c

1.1.3

.PAVCObject@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCArchiveException@@

zcÁ

#include "l.chs\afxres.rc" // Standard components

GetCPInfo

WinExec

GetProcessHeap

RegOpenKeyExA

RegCreateKeyA

RegCreateKeyExA

RegCloseKey

GetViewportExtEx

ScaleViewportExtEx

SetViewportExtEx

OffsetViewportOrgEx

SetViewportOrgEx

GetViewportOrgEx

ShellExecuteA

GetKeyState

GetKeyboardLayout

VkKeyScanExA

keybd_event

EnumWindows

CreateDialogIndirectParamA

UnhookWindowsHookEx

SetWindowsHookExA

.text

`.rdata

@.data

.rsrc

e.Uc-c-9

.Xj/-W5

"ZKey

KERNEL32.DLL

ADVAPI32.dll

COMCTL32.dll

comdlg32.dll

GDI32.dll

ole32.dll

OLEAUT32.dll

SHELL32.dll

USER32.dll

WINMM.dll

WINSPOOL.DRV

WS2_32.dll

(*.*)

6.2.6.0

358256780@qq.com

(hXXp://VVV.eyuyan.com)

×¿ßäÊØ»¤³ÌÐò.exe_3796_rwx_00401000_000C0000:

t$(SSh

~%UVW

u$SShe

Jiu2.iu

1wK(.wS

\updata.zip

inflate 1.1.3 Copyright 1995-1998 Mark Adler

F%*.*f

CNotSupportedException

commctrl_DragListMsg

Afx:%x:%x:%x:%x:%x

Afx:%x:%x

COMCTL32.DLL

CCmdTarget

__MSVCRT_HEAP_SELECT

user32.dll

iphlpapi.dll

SHLWAPI.dll

MPR.dll

VERSION.dll

WININET.dll

.PAVCException@@

.PAVCNotSupportedException@@

.PAVCFileException@@

(*.prn)|*.prn|

(*.*)|*.*||

Shell32.dll

Mpr.dll

Advapi32.dll

User32.dll

Gdi32.dll

Kernel32.dll

(&07-034/)7 '

?? / %d]

%d / %d]

: %d]

(*.WAV;*.MID)|*.WAV;*.MID|WAV

(*.WAV)|*.WAV|MIDI

(*.MID)|*.MID|

(*.txt)|*.txt|

(*.JPG;*.BMP;*.GIF;*.ICO;*.CUR)|*.JPG;*.BMP;*.GIF;*.ICO;*.CUR|JPG

(*.JPG)|*.JPG|BMP

(*.BMP)|*.BMP|GIF

(*.GIF)|*.GIF|

(*.ICO)|*.ICO|

(*.CUR)|*.CUR|

%s:%d

windows

out.prn

%d.%d

%d / %d

%d/%d

Bogus message code %d

(%d-%d):

%ld%c

1.1.3

.PAVCObject@@

.PAVCSimpleException@@

.PAVCMemoryException@@

.?AVCNotSupportedException@@

.PAVCResourceException@@

.PAVCUserException@@

.?AVCCmdTarget@@

.?AVCCmdUI@@

.?AVCTestCmdUI@@

.PAVCArchiveException@@

zcÁ

#include "l.chs\afxres.rc" // Standard components

GetCPInfo

WinExec

GetProcessHeap

RegOpenKeyExA

RegCreateKeyA

RegCreateKeyExA

RegCloseKey

GetViewportExtEx

ScaleViewportExtEx

SetViewportExtEx

OffsetViewportOrgEx

SetViewportOrgEx

GetViewportOrgEx

ShellExecuteA

GetKeyState

GetKeyboardLayout

VkKeyScanExA

keybd_event

EnumWindows

CreateDialogIndirectParamA

UnhookWindowsHookEx

SetWindowsHookExA

.text

`.rdata

@.data

.rsrc

(*.*)

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
Delete the original Trojan file.
Delete or disinfect the following files created/modified by the Trojan:

C:\Windows\System32\hdceke.h (8 bytes)
C:\Ãƒâ€”Ã‚Â¿ÃƒÅ¸ÃƒÂ¤ÃƒÅ ÃƒËœÃ‚Â»Ã‚Â¤Ã‚Â³ÃƒÅ’ÃƒÂÃƒÂ².exe (552 bytes)
C:\stockall.txt (82 bytes)
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Trojan.Win32.FlyStudio_2f0e2c3a83

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Trojan.Win32.FlyStudio_2f0e2c3a83

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet