00409605 |. 50 ||PUSH EAX ; /size 00409606 |. 8945 E4 ||MOV DWORD PTR SS:[EBP-1C],EAX ; | 00409609 |. FF15 A4324400 ||CALL DWORD PTR DS:[<&MSVCRT.malloc>] ; \malloc 0040960F |. 8B4E 14 ||MOV ECX,DWORD PTR DS:[ESI+14] 00409612 |. 8B56 10 ||MOV EDX,DWORD PTR DS:[ESI+10] 00409615 |. 83C4 0C ||ADD ESP,0C 00409618 |. 8944CA F8 ||MOV DWORD PTR DS:[EDX+ECX*8-8],EAX ; <--- HERE 0040961C |. 8B46 14 ||MOV EAX,DWORD PTR DS:[ESI+14] 0040961F |. FF75 E4 ||PUSH DWORD PTR SS:[EBP-1C] ; /n 00409622 |. 8B4E 10 ||MOV ECX,DWORD PTR DS:[ESI+10] ; | 00409625 |. 53 ||PUSH EBX ; |String2 00409626 |. FF74C1 F8 ||PUSH DWORD PTR DS:[ECX+EAX*8-8] ; |String1 0040962A |. FF15 0C314400 ||CALL DWORD PTR DS:[<&KERNEL32.lstrcpyn>; \lstrcpynA In the code this should be somewhere here: nlhr->headersCount++; nlhr->headers=(NETLIBHTTPHEADER*)realloc(nlhr->headers,sizeof(NETLIBHTTPHEADER)*nlhr->headersCount); nlhr->headers[nlhr->headersCount-1].szName=(char*)malloc(pColon-pbuffer+1); lstrcpyn(nlhr->headers[nlhr->headersCount-1].szName,pbuffer,pColon-pbuffer+1); len=lstrlen(nlhr->headers[nlhr->headersCount-1].szName); Here is the whole function: int NetlibHttpRecvHeaders(WPARAM wParam,LPARAM lParam) { struct NetlibConnection *nlc=(struct NetlibConnection*)wParam; NETLIBHTTPREQUEST *nlhr; char buffer[4096]; int bytesPeeked; DWORD dwRequestTimeoutTime; char *peol,*pbuffer; int headersDone=0,firstLineLength; if(!NetlibEnterNestedCS(nlc,NLNCS_RECV)) return (int)(NETLIBHTTPREQUEST*)NULL; dwRequestTimeoutTime=GetTickCount()+HTTPRECVHEADERSTIMEOUT; nlhr=(NETLIBHTTPREQUEST*)calloc(1,sizeof(NETLIBHTTPREQUEST)); nlhr->cbSize=sizeof(NETLIBHTTPREQUEST); nlhr->nlc=nlc; nlhr->requestType=REQUEST_RESPONSE; if(!HttpPeekFirstResponseLine(nlc,dwRequestTimeoutTime,lParam|MSG_PEEK,&nlhr->resultCode,&nlhr->szResultDescr,&firstLineLength)) { NetlibLeaveNestedCS(&nlc->ncsRecv); return (int)(NETLIBHTTPREQUEST*)NULL; } bytesPeeked=NLRecv(nlc,buffer,firstLineLength,lParam|MSG_DUMPASTEXT); if(bytesPeekedncsRecv); NetlibHttpFreeRequestStruct(0,(LPARAM)nlhr); if(bytesPeeked!=SOCKET_ERROR) SetLastError(ERROR_HANDLE_EOF); return (int)(NETLIBHTTPREQUEST*)NULL; } for(;;) { bytesPeeked=RecvWithTimeoutTime(nlc,dwRequestTimeoutTime,buffer,sizeof(buffer)-1,MSG_PEEK|lParam); if(bytesPeeked==0 || bytesPeeked==SOCKET_ERROR) { NetlibLeaveNestedCS(&nlc->ncsRecv); NetlibHttpFreeRequestStruct(0,(LPARAM)nlhr); if(bytesPeeked==0) SetLastError(ERROR_HANDLE_EOF); return (int)(NETLIBHTTPREQUEST*)NULL; } buffer[bytesPeeked]='\0'; for(pbuffer=buffer;;) { peol=strchr(pbuffer,'\n'); if(peol==NULL) { if(lstrlen(buffer)ncsRecv); NetlibHttpFreeRequestStruct(0,(LPARAM)nlhr); SetLastError(ERROR_BAD_FORMAT); return (int)(NETLIBHTTPREQUEST*)NULL; } if((bytesPeeked==sizeof(buffer)-1 && pbuffer==buffer) //buffer overflow || (pbuffer!=buffer && NLRecv(nlc,buffer,pbuffer-buffer,lParam|MSG_DUMPASTEXT)==SOCKET_ERROR)) { //error removing read bytes from buffer NetlibLeaveNestedCS(&nlc->ncsRecv); NetlibHttpFreeRequestStruct(0,(LPARAM)nlhr); if(pbuffer==buffer) SetLastError(ERROR_BUFFER_OVERFLOW); return (int)(NETLIBHTTPREQUEST*)NULL; } Sleep(100); break; } if(peol==pbuffer || *--peol!='\r') { NetlibLeaveNestedCS(&nlc->ncsRecv); NetlibHttpFreeRequestStruct(0,(LPARAM)nlhr); SetLastError(ERROR_BAD_FORMAT); return (int)(NETLIBHTTPREQUEST*)NULL; } *peol='\0'; { char *pColon; int len; if(peol==pbuffer) { //blank line: end of headers if(NLRecv(nlc,buffer,peol+2-buffer,lParam|MSG_DUMPASTEXT)==SOCKET_ERROR) { NetlibLeaveNestedCS(&nlc->ncsRecv); NetlibHttpFreeRequestStruct(0,(LPARAM)nlhr); return (int)(NETLIBHTTPREQUEST*)NULL; } headersDone=1; break; } pColon=strchr(pbuffer,':'); if(pColon==NULL) { NetlibLeaveNestedCS(&nlc->ncsRecv); NetlibHttpFreeRequestStruct(0,(LPARAM)nlhr); SetLastError(ERROR_INVALID_DATA); return (int)(NETLIBHTTPREQUEST*)NULL; } nlhr->headersCount++; nlhr->headers=(NETLIBHTTPHEADER*)realloc(nlhr->headers,sizeof(NETLIBHTTPHEADER)*nlhr->headersCount); nlhr->headers[nlhr->headersCount-1].szName=(char*)malloc(pColon-pbuffer+1); lstrcpyn(nlhr->headers[nlhr->headersCount-1].szName,pbuffer,pColon-pbuffer+1); len=lstrlen(nlhr->headers[nlhr->headersCount-1].szName); while(len && (nlhr->headers[nlhr->headersCount-1].szName[len-1]==' ' || nlhr->headers[nlhr->headersCount-1].szName[len-1]=='\t')) nlhr->headers[nlhr->headersCount-1].szName[--len]='\0'; pColon++; while(*pColon==' ' || *pColon=='\t') pColon++; nlhr->headers[nlhr->headersCount-1].szValue=_strdup(pColon); } pbuffer=peol+2; } if(headersDone) break; } NetlibLeaveNestedCS(&nlc->ncsRecv); return (int)nlhr; } Dr Watson log: -------------- *----> Statusabbild für Threadkennung 0x620 <----* eax=00e31e50 ebx=0253df4b ecx=00000005 edx=00000000 esi=00e31db8 edi=0253df98 eip=00409618 esp=0253decc ebp=0253eef8 iopl=0 nv up ei pl nz na po nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000206 Funktion: miranda32 00409600 45 inc ebp 00409601 fc cld 00409602 2bc3 sub eax,ebx 00409604 40 inc eax 00409605 50 push eax 00409606 8945e4 mov [ebp-0x1c],eax 00409609 ff15a4324400 call dword ptr [miranda32+0x432a4 (004432a4)] 0040960f 8b4e14 mov ecx,[esi+0x14] 00409612 8b5610 mov edx,[esi+0x10] 00409615 83c40c add esp,0xc FEHLER ->00409618 8944caf8 mov [edx+ecx*8-0x8],eax ds:0023:00000020=???????? 0040961c 8b4614 mov eax,[esi+0x14] 0040961f ff75e4 push dword ptr [ebp-0x1c] 00409622 8b4e10 mov ecx,[esi+0x10] 00409625 53 push ebx 00409626 ff74c1f8 push dword ptr [ecx+eax*8-0x8] 0040962a ff150c314400 call dword ptr [miranda32+0x4310c (0044310c)] 00409630 8b4614 mov eax,[esi+0x14] 00409633 8b4e10 mov ecx,[esi+0x10] 00409636 ff74c1f8 push dword ptr [ecx+eax*8-0x8] 0040963a ff1504314400 call dword ptr [miranda32+0x43104 (00443104)] *----> Stack Back Trace <----* WARNING: Stack unwind information not available. Following frames may be wrong. ChildEBP RetAddr Args to Child 0253eef8 00409a3c 00e904b0 00000fff 00409803 miranda32+0x9618 0253efe0 004024cc 00000001 00e904b0 00000000 miranda32+0x9a3c 00e49840 00000000 00000000 00000000 00e31d80 miranda32+0x24cc *----> Raw Stack Dump <----* 000000000253decc 00 00 00 00 20 76 44 00 - 50 f0 53 02 44 61 74 65 .... vD.P.S.Date 000000000253dedc 3a 20 57 65 64 2c 20 30 - 35 20 4a 61 6e 20 32 30 : Wed, 05 Jan 20 000000000253deec 30 35 20 30 30 3a 32 33 - 3a 35 39 20 47 4d 54 00 05 00:23:59 GMT. 000000000253defc 0a 53 65 72 76 65 72 3a - 20 41 70 61 63 68 65 00 .Server: Apache. 000000000253df0c 0a 41 63 63 65 70 74 2d - 52 61 6e 67 65 73 3a 20 .Accept-Ranges: 000000000253df1c 62 79 74 65 73 00 0a 45 - 78 70 69 72 65 73 3a 20 bytes..Expires: 000000000253df2c 54 68 75 2c 20 31 39 20 - 4e 6f 76 20 31 39 38 31 Thu, 19 Nov 1981 000000000253df3c 20 30 38 3a 35 32 3a 30 - 30 20 47 4d 54 00 0a 43 08:52:00 GMT..C 000000000253df4c 61 63 68 65 2d 43 6f 6e - 74 72 6f 6c 3a 20 6e 6f ache-Control: no 000000000253df5c 2d 73 74 6f 72 65 2c 20 - 6e 6f 2d 63 61 63 68 65 -store, no-cache 000000000253df6c 2c 20 6d 75 73 74 2d 72 - 65 76 61 6c 69 64 61 74 , must-revalidat 000000000253df7c 65 2c 20 70 6f 73 74 2d - 63 68 65 63 6b 3d 30 2c e, post-check=0, 000000000253df8c 20 70 72 65 2d 63 68 65 - 63 6b 3d 30 00 0a 50 72 pre-check=0..Pr 000000000253df9c 61 67 6d 61 3a 20 6e 6f - 2d 63 61 63 68 65 0d 0a agma: no-cache.. 000000000253dfac 43 6f 6e 6e 65 63 74 69 - 6f 6e 3a 20 63 6c 6f 73 Connection: clos 000000000253dfbc 65 0d 0a 43 6f 6e 74 65 - 6e 74 2d 54 79 70 65 3a e..Content-Type: 000000000253dfcc 20 74 65 78 74 2f 68 74 - 6d 6c 3b 20 63 68 61 72 text/html; char 000000000253dfdc 73 65 74 3d 49 53 4f 2d - 38 38 35 39 2d 31 0d 0a set=ISO-8859-1.. 000000000253dfec 0d 0a 3c 68 74 6d 6c 3e - 0d 0a 3c 68 65 61 64 3e .... 000000000253dffc 0d 0a 3c 74 69 74 6c 65 - 3e 54 2d 4f 6e 6c 69 6e ..T-Onlin