Annotated Listing - hello.KTR (records 51-100)


Record #	Length	Function / Map Type	Return Code	Handle	PID	TID	Summary Interpretation	Notes
51	31	Change File Pointer	-	124	91	1	CHGFILEPTR SFN=124 OFF=1720	-
52	19	Read (Pre)	-	124	91	1	READ SFN=124 114 bytes	-
53	138	Read (Post)	OK	124	91	1	READ SFN=124 114 bytes OK	-
54	20	Get Module	-	-	91	1	GETMODULE GRE2VMAN	-
55	35	Get Module	-	-	91	1	GETMODULE C:\OS2\DLL\GRE2VMAN.DLL	-
56	30	File	-	131	-	-	MAP File C:\OS2\DLL\GRE2VMAN.DLL to 131	-
57	31	Change File Pointer	-	131	91	1	CHGFILEPTR SFN=131 OFF=3008	-
58	19	Read (Pre)	-	131	91	1	READ SFN=131 32 bytes	-
59	56	Read (Post)	OK	131	91	1	READ SFN=131 32 bytes OK	-
60	20	Get Module	-	-	91	1	GETMODULE SDDGRADD	-
61	18	Get Module	-	-	91	1	GETMODULE sddpmi	-
62	36	Open (Pre)	-	257	91	1	OPEN \DEV\SCREEN$	-
63	19	File	-	257	-	-	MAP File \DEV\SCREEN$ to 257	-
64	44	Open (Post)	OK	257	91	1	OPEN \DEV\SCREEN$ OK	-
65	15	Close	-	257	91	1	CLOSE SFN=257	-
66	26	File	-	105	-	-	MAP File C:\OS2\DLL\VMAN.DLL to 105	-
67	31	Change File Pointer	-	105	91	1	CHGFILEPTR SFN=105 OFF=7232	-
68	19	Read (Pre)	-	105	91	1	READ SFN=105 32 bytes	-
69	56	Read (Post)	OK	105	91	1	READ SFN=105 32 bytes OK	-
70	18	Get Module	-	-	91	1	GETMODULE DSPRES	-
71	34	Get Module	-	-	91	1	GETMODULE C:\NETFIN\EQNPMGRE.DLL	This is the Netfinity DLL that is loaded into every process to provide a hook for the remote workstation control function that allows a remote "console" to take over the video, mouse and keyboard of a target system.
72	17	Get Module	-	-	91	1	GETMODULE PMSPL	-
73	27	File	-	39	-	-	MAP File C:\OS2\DLL\PMSPL.DLL to 39	-
74	31	Change File Pointer	-	39	91	1	CHGFILEPTR SFN=39 OFF=260096	-
75	19	Read (Pre)	-	39	91	1	READ SFN=39 512 bytes	-
76	536	Read (Post)	OK	39	91	1	READ SFN=39 512 bytes OK	-
77	26	File	-	31	-	-	MAP File C:\OS2\DLL\FFST.DLL to 31	-
78	31	Change File Pointer	-	31	91	1	CHGFILEPTR SFN=31 OFF=10592	-
79	19	Read (Pre)	-	31	91	1	READ SFN=31 769 bytes	-
80	793	Read (Post)	OK	31	91	1	READ SFN=31 769 bytes OK	-
81	19	Get Module	-	-	91	1	GETMODULE EQNRCVI	-
82	19	Get Module	-	-	91	1	GETMODULE BVHWNDW	-
83	29	File	-	129	-	-	MAP File C:\NETFIN\EQNPMGRE.DLL to 129	-
84	31	Change File Pointer	-	129	91	1	CHGFILEPTR SFN=129 OFF=10240	-
85	19	Read (Pre)	-	129	91	1	READ SFN=129 512 bytes	-
86	536	Read (Post)	OK	129	91	1	READ SFN=129 512 bytes OK	-
87	35	Open (Pre)	-	257	91	1	OPEN \DEV\MOUSE$	The next 4 records are the PM opening and communicating with the MOUSE$ device. This is an interface provided by MOUSE.SYS via DosDevIOCTL(),.
88	18	File	-	257	-	-	MAP File \DEV\MOUSE$ to 257	-
89	43	Open (Post)	OK	257	91	1	OPEN \DEV\MOUSE$ OK
90	15	Close	-	257	91	1	CLOSE SFN=257	-
91	21	File	-	95	-	-	MAP File C:\OS2\CMD.EXE to 95	The next 9 records show code/data being read from CMD.EXE.
92	31	Change File Pointer	-	95	91	1	CHGFILEPTR SFN=95 OFF=5636	-
93	19	Read (Pre)	-	95	91	1	READ SFN=95 835 bytes	-
94	859	Read (Post)	OK	95	91	1	READ SFN=95 835 bytes OK	-
95	31	Change File Pointer	-	95	91	1	CHGFILEPTR SFN=95 OFF=3072	-
96	19	Read (Pre)	-	95	91	1	READ SFN=95 22 bytes	-
97	46	Read (Post)	OK	95	91	1	READ SFN=95 22 bytes OK	-
98	31	Change File Pointer	-	95	91	1	CHGFILEPTR SFN=95 OFF=3096	-
99	19	Read (Pre)	-	95	91	1	READ SFN=95 2537 bytes	-
100	2561	Read (Post)	OK	95	91	1	READ SFN=95 2537 bytes OK	-