.
| Time |
Syscall Op |
Syscall Name |
| 2018-12-17T22:34:00.560425571Z | 48 | PC: 12a4c | Get DOS version |
| 2018-12-17T22:34:00.562271881Z | 53 | PC: 12bef | Get interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T22:34:00.563724957Z | 53 | PC: 12bfc | Get interrupt vector (Interrupt = '4' AKA 'Auxiliary output') |
| 2018-12-17T22:34:00.565218012Z | 53 | PC: 12c09 | Get interrupt vector (Interrupt = '5' AKA 'Printer output') |
| 2018-12-17T22:34:00.567230762Z | 53 | PC: 12c16 | Get interrupt vector (Interrupt = '6' AKA 'Direct console I/O') |
| 2018-12-17T22:34:00.568707386Z | 37 | PC: 12c2a | Set interrupt vector (Interrupt = '0' AKA 'Program terminate') |
| 2018-12-17T22:34:00.570501431Z | 74 | PC: 12af4 | Reallocate memory |
| 2018-12-17T22:34:00.573081165Z | 68 | PC: 12faa | I/O control for devices (Set for = 'pyright 1991 Borland Intl.') |
| 2018-12-17T22:34:00.583088584Z | 68 | PC: 12faa | I/O control for devices (Set for = '') |
| 2018-12-17T22:34:00.586855982Z | 42 | PC: 12e6b | Get date 0x12e6b: mov word ptr [si], cx
0x12e6d: mov word ptr [si + 2], dx
0x12e70: pop si
0x12e71: pop bp
0x12e72: ret
0x12e73: push bp
0x12e74: mov bp, sp
0x12e76: push si
0x12e77: mov si, word ptr [bp + 4]
0x12e7a: mov ah, 0x2c
0x12e7c: int 0x21
0x12e7e: mov word ptr [si], cx
0x12e80: mov word ptr [si + 2], dx
0x12e83: pop si
0x12e84: pop bp
0x12e85: ret
0x12e86: push bp
0x12e87: mov bp, sp
0x12e89: mov ah, 0x35
0x12e8b: mov al, byte ptr [bp + 4]
|
| 2018-12-17T22:34:00.589955778Z | 44 | PC: 12e7e | Get time 0x12e7e: mov word ptr [si], cx
0x12e80: mov word ptr [si + 2], dx
0x12e83: pop si
0x12e84: pop bp
0x12e85: ret
0x12e86: push bp
0x12e87: mov bp, sp
0x12e89: mov ah, 0x35
0x12e8b: mov al, byte ptr [bp + 4]
0x12e8e: int 0x21
0x12e90: xchg ax, bx
0x12e91: mov dx, es
0x12e93: pop bp
0x12e94: ret
0x12e95: push bp
0x12e96: mov bp, sp
0x12e98: mov ah, 0x25
0x12e9a: mov al, byte ptr [bp + 4]
0x12e9d: push ds
0x12e9e: lds dx, ptr [bp + 6]
|
| 2018-12-17T22:34:00.602458514Z | 47 | PC: 1366a | Get disk transfer address |
| 2018-12-17T22:34:00.60800501Z | 26 | PC: 13673 | Set disk transfer address |
| 2018-12-17T22:34:00.611074962Z | 78 | PC: 1367d | Find first file |
| 2018-12-17T22:34:00.616302781Z | 26 | PC: 13686 | Set disk transfer address |
| 2018-12-17T22:34:00.617915627Z | 47 | PC: 1369d | Get disk transfer address |
| 2018-12-17T22:34:00.619379385Z | 26 | PC: 136a6 | Set disk transfer address |
| 2018-12-17T22:34:00.620305505Z | 79 | PC: 136aa | Find next file |
| 2018-12-17T22:34:00.62317837Z | 26 | PC: 136b3 | Set disk transfer address |
| 2018-12-17T22:34:02.667173878Z | 72 | PC: 8f1b9 | Allocate memory |
| 2018-12-17T22:34:02.668599586Z | 72 | PC: 8f1bd | Allocate memory |
| 2018-12-17T22:34:02.671161179Z | 99 | PC: 90858 | Get DBCS lead byte table pointer |
| 2018-12-17T22:34:02.673710948Z | 61 | PC: 91f88 | Open file (Filename = 'C:\WINDOWS\HIMEM.SYS') |
| 2018-12-17T22:34:02.68624447Z | 66 | PC: 91f95 | Move file pointer |
| 2018-12-17T22:34:02.689293571Z | 62 | PC: 91fc1 | Close file |
| 2018-12-17T22:34:02.691606675Z | 75 | PC: 91fe0 | Execute program |
| 2018-12-17T22:34:02.709880028Z | 98 | PC: 916f1 | Get current PSP |
| 2018-12-17T22:34:02.712522811Z | 9 | PC: c605 | Display string (String= '�6����r���&;]�u�') |
| 2018-12-17T22:34:02.723196774Z | 48 | PC: c609 | Get DOS version |
| 2018-12-17T22:34:02.72697293Z | 9 | PC: c382 | Display string (String= '
Installed A20 handler number ') |
| 2018-12-17T22:34:02.732510121Z | 2 | PC: c38c | Character output (Char = '32') |
| 2018-12-17T22:34:02.736172092Z | 2 | PC: c3a7 | Character output (Char = '2e') |
| 2018-12-17T22:34:02.740269642Z | 9 | PC: c6d9 | Display string (String= '������VH�VD���V@�������������������������_���Ku����t1��������������D������t �� ���������a���1��Z���������������������W��������������5����������|�����(���������Nj�(������������p��^') |
| 2018-12-17T22:34:02.746437474Z | 9 | PC: c6e0 | Display string (String= '����5����������|�����(���������Nj�(������������p��^') |
| 2018-12-17T22:34:02.756878254Z | 61 | PC: 91f88 | Open file (Filename = 'C:\WINDOWS\SMARTDRV.EXE') |
| 2018-12-17T22:34:02.768574574Z | 66 | PC: 91f95 | Move file pointer |
| 2018-12-17T22:34:02.770209672Z | 62 | PC: 91fc1 | Close file |
| 2018-12-17T22:34:02.7729638Z | 75 | PC: 91fe0 | Execute program |
| 2018-12-17T22:34:02.800548754Z | 98 | PC: 916f1 | Get current PSP |
| 2018-12-17T22:34:02.805321334Z | 82 | PC: 13d46 | Get DOS internal pointers (SYSVARS) |
| 2018-12-17T22:34:02.808344978Z | 53 | PC: 13ac3 | Get interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-17T22:34:02.810077393Z | 37 | PC: 13ad6 | Set interrupt vector (Interrupt = '19' AKA 'Delete file') |
| 2018-12-17T22:34:02.811380852Z | 53 | PC: 13ae0 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address') |
| 2018-12-17T22:34:02.813408262Z | 37 | PC: 13af3 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address') |
| 2018-12-17T22:34:02.814648522Z | 9 | PC: 13a0d | Display string (Could not find end pointer) |
| 2018-12-17T22:34:02.82752479Z | 62 | PC: 8f8eb | Close file |
| 2018-12-17T22:34:02.830510745Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.832816696Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.834502987Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.837533384Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.839365636Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.840982186Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.843699309Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.845317352Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.846832011Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.848328956Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.850549633Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.852591218Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.854079941Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.856284323Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.857875598Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.859395241Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.861682655Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.863227808Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.864718015Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.866762837Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.86824114Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.871264712Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.873315735Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.874840416Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.876302251Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.878110307Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.895769984Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.897550149Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.899612733Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.900839252Z | 62 | PC: 8f8f2 | Close file |
| 2018-12-17T22:34:02.902087652Z | 61 | PC: 8f8ff | Open file (Filename = '') |
| 2018-12-17T22:34:02.905711515Z | 62 | PC: 8f90e | Close file |
| 2018-12-17T22:34:02.908179584Z | 69 | PC: 8f915 | Duplicate handle |
| 2018-12-17T22:34:02.910153277Z | 69 | PC: 8f919 | Duplicate handle |
| 2018-12-17T22:34:02.911921186Z | 61 | PC: 9387b | Open file (Filename = '') |
| 2018-12-17T22:34:02.917177628Z | 68 | PC: 9386b | I/O control for devices (Set for = '') |
| 2018-12-17T22:34:02.918504288Z | 61 | PC: 9387b | Open file (Filename = '') |
| 2018-12-17T22:34:02.92356746Z | 68 | PC: 9386b | I/O control for devices (Set for = '') |
| 2018-12-17T22:34:02.926022312Z | 74 | PC: 8f9c4 | Reallocate memory |
| 2018-12-17T22:34:02.927680021Z | 72 | PC: 8f9e0 | Allocate memory |
| 2018-12-17T22:34:02.929681911Z | 72 | PC: 8f9e4 | Allocate memory |
| 2018-12-17T22:34:02.937598802Z | 74 | PC: 8f9fb | Reallocate memory |
| 2018-12-17T22:34:02.939181704Z | 72 | PC: 8fa02 | Allocate memory |
| 2018-12-17T22:34:02.941208995Z | 72 | PC: 8fa06 | Allocate memory |
| 2018-12-17T22:34:02.943428346Z | 73 | PC: 8fa11 | Release memory |
| 2018-12-17T22:34:02.945141296Z | 73 | PC: 8efea | Release memory |
| 2018-12-17T22:34:02.94664879Z | 74 | PC: 8f003 | Reallocate memory |
| 2018-12-17T22:34:02.949387629Z | 72 | PC: 8f054 | Allocate memory |
| 2018-12-17T22:34:02.951248543Z | 72 | PC: 8f058 | Allocate memory |
| 2018-12-17T22:34:02.952810159Z | 73 | PC: 8f060 | Release memory |
| 2018-12-17T22:34:02.954731017Z | 61 | PC: 8f080 | Open file (Filename = 'r�,��S������������[��
|
| 2018-12-17T22:34:02.964880133Z | 63 | PC: 8f095 | Read file or device (Read 4 bytes on handle 5) |
| 2018-12-17T22:34:02.971055074Z | 66 | PC: 8f0ad | Move file pointer |
| 2018-12-17T22:34:02.973966418Z | 62 | PC: 8f0d1 | Close file |
| 2018-12-17T22:34:02.976046697Z | 75 | PC: 8f0f2 | Execute program |
| 2018-12-17T22:34:03.000912795Z | 80 | PC: 12be9 | Set current PSP |
| 2018-12-17T22:34:03.002455482Z | 48 | PC: 12bee | Get DOS version |
| 2018-12-17T22:34:03.004201439Z | 99 | PC: 193d0 | Get DBCS lead byte table pointer |
| 2018-12-17T22:34:03.006783657Z | 101 | PC: 12c74 | Get extended country info |
| 2018-12-17T22:34:03.008737606Z | 99 | PC: 12c7a | Get DBCS lead byte table pointer |
| 2018-12-17T22:34:03.010589057Z | 74 | PC: 12cdc | Reallocate memory |
| 2018-12-17T22:34:03.012503871Z | 72 | PC: 1355d | Allocate memory |
| 2018-12-17T22:34:03.015689379Z | 25 | PC: 13596 | Get default drive |
| 2018-12-17T22:34:03.017114695Z | 71 | PC: 135ad | Get current directory |
| 2018-12-17T22:34:03.019779608Z | 59 | PC: 135ba | Change current directory |
| 2018-12-17T22:34:03.026324889Z | 59 | PC: 135c8 | Change current directory |
| 2018-12-17T22:34:03.032638175Z | 59 | PC: 135d3 | Change current directory |
| 2018-12-17T22:34:03.036536305Z | 25 | PC: 12d13 | Get default drive |
| 2018-12-17T22:34:03.038161223Z | 37 | PC: 127d3 | Set interrupt vector (Interrupt = '34' AKA 'Random write') |
| 2018-12-17T22:34:03.040001662Z | 37 | PC: 127da | Set interrupt vector (Interrupt = '35' AKA 'Get file size in records') |
| 2018-12-17T22:34:03.041338104Z | 37 | PC: 127e1 | Set interrupt vector (Interrupt = '36' AKA 'Set random record number') |
| 2018-12-17T22:34:03.043851447Z | 80 | PC: 1301d | Set current PSP |
| 2018-12-17T22:34:03.045525221Z | 37 | PC: 13041 | Set interrupt vector (Interrupt = '46' AKA 'Set verify flag') |
| 2018-12-17T22:34:03.047030795Z | 53 | PC: 13362 | Get interrupt vector (Interrupt = '47' AKA 'Get disk transfer address') |
| 2018-12-17T22:34:03.048461531Z | 37 | PC: 13383 | Set interrupt vector (Interrupt = '47' AKA 'Get disk transfer address') |
| 2018-12-17T22:34:03.05047703Z | 51 | PC: 13417 | Get or set Ctrl-Break |
| 2018-12-17T22:34:03.053028472Z | 72 | PC: 130ec | Allocate memory |
| 2018-12-17T22:34:03.055033295Z | 61 | PC: 131b2 | Open file (Filename = '') |
| 2018-12-17T22:34:03.062918562Z | 62 | PC: 131ba | Close file |
| 2018-12-17T22:34:03.065581848Z | 51 | PC: 1344c | Get or set Ctrl-Break |
| 2018-12-17T22:34:03.067192134Z | 74 | PC: 1197c | Reallocate memory |
| 2018-12-17T22:34:03.069548628Z | 72 | PC: 11991 | Allocate memory |
| 2018-12-17T22:34:03.071231673Z | 73 | PC: 119b2 | Release memory |
| 2018-12-17T22:34:03.072660914Z | 72 | PC: 119bd | Allocate memory |
| 2018-12-17T22:34:03.075088956Z | 73 | PC: 119df | Release memory |
| 2018-12-17T22:34:03.077268718Z | 72 | PC: 119f5 | Allocate memory |
| 2018-12-17T22:34:03.07924607Z | 72 | PC: 119fd | Allocate memory |
