Any suggestion for futher analysis of CRITICAL_PROCESS_DIED crash to
help narrow down culprit.
I have access to complete memory dmp and tried to set up Kernel
Debugging session in hyper-V, but despite enabling Kernel Debugging
via Serial Named Pipes with Hyper-V the debugger doesn’t connect. The
debugger does connect with bootdebug:on and break into winload.efi,
but when BSOD occurs debugger doesn’t break.
This issue occurred on physical machines as well as the virtual.
kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
CRITICAL_PROCESS_DIED (ef)
A critical system process died
Arguments:
Arg1: ffffe00080a0c8c0, Process object or thread object
Arg2: 0000000000000000, If this is 0, a process died. If this is 1, a
thread died.
Arg3: 0000000000000000
Arg4: 0000000000000000
Debugging Details:
DUMP_CLASS: 1
DUMP_QUALIFIER: 402
BUILD_VERSION_STRING: 6.3.9600.18589 (winblue_ltsb.170204-0600)
SYSTEM_MANUFACTURER: Microsoft Corporation
VIRTUAL_MACHINE: HyperV
SYSTEM_PRODUCT_NAME: Virtual Machine
SYSTEM_SKU: None
SYSTEM_VERSION: Hyper-V UEFI Release v2.0
BIOS_VENDOR: Microsoft Corporation
BIOS_VERSION: Hyper-V UEFI Release v2.0
BIOS_DATE: 08/26/2016
BASEBOARD_MANUFACTURER: Microsoft Corporation
BASEBOARD_PRODUCT: Virtual Machine
BASEBOARD_VERSION: Hyper-V UEFI Release v2.0
DUMP_TYPE: 0
BUGCHECK_P1: ffffe00080a0c8c0
BUGCHECK_P2: 0
BUGCHECK_P3: 0
BUGCHECK_P4: 0
PROCESS_NAME: wininit.exe
CRITICAL_PROCESS: wininit.exe
EXCEPTION_CODE: (NTSTATUS) 0x96026768 -
ERROR_CODE: (NTSTATUS) 0x96026768 -
CPU_COUNT: 1
CPU_MHZ: af8
CPU_VENDOR: GenuineIntel
CPU_FAMILY: 6
CPU_MODEL: 9e
CPU_STEPPING: 9
CPU_MICROCODE: 6,9e,9,0 (F,M,S,R) SIG: FFFFFFFF’00000000 (cache)
FFFFFFFF’00000000 (init)
DEFAULT_BUCKET_ID: WIN8_DRIVER_FAULT
BUGCHECK_STR: 0xEF
CURRENT_IRQL: 0
ANALYSIS_SESSION_HOST: DESKTOP-RTTN04O
ANALYSIS_SESSION_TIME: 06-16-2017 07:38:01.0475
ANALYSIS_VERSION: 10.0.15063.137 amd64fre
BAD_STACK_POINTER: ffffd000600d1888
LAST_CONTROL_TRANSFER: from fffff801df68d2e4 to fffff801df1ce2a0
STACK_TEXT:
ffffd000600d1888 fffff801df68d2e4 : 00000000000000ef<br>ffffe00080a0c8c0 0000000000000000 0000000000000000 :
nt!KeBugCheckEx
ffffd000600d1890 fffff801df5a85fa : 0000000000000001<br>ffffd000600d1999 0000000000000000 0000000000000000 :
nt!PspCatchCriticalBreak+0xa4
ffffd000600d18d0 fffff801df68ce86 : 0000000000000001<br>ffffd000600d1999 0000000000000001 ffffffffffffffff : nt! ??
::NNGAKEGL::string'+0x6fea<br>ffffd000600d1930 fffff801df1d9ab3 : 0000000000000008
000000b196026768 ffffe0007f7c1880 000000b195eff558 :<br>nt!NtTerminateProcess+0x2c2<br>ffffd000600d1a00 00007ffdf0d4097a : 00007ffdf0cc84f0
00009f69b635d096 000000000000000e 000000b196291228 :<br>nt!KiSystemServiceCopyEnd+0x13<br>000000b195eff4f8 00007ffdf0cc84f0 : 00009f69b635d096
000000000000000e 000000b196291228 000000b195eff628 :<br>ntdll!NtTerminateProcess+0xa<br>000000b195eff500 00007ffdf077516a : 000000000000000e
000000000000000e 000000b196291220 00007ffdf0d05f67 :<br>ntdll!RtlExitUserProcess+0x60<br>000000b195eff5f0 00007ffdeee771d5 : 000000000000000e
0000000000000000 0000000000000000 00007ffd00000008 :<br>KERNEL32!ExitProcessImplementation+0xa<br>000000b195eff620 00007ffdeee76e6f : 000000b196291218
00000000dae67593 0041002d0047004c 0034003100440055 :<br>msvcrt!_crtExitProcess+0x15<br>000000b195eff650 00007ff71cf1ac15 : 000000b1960226fb
0000000000000000 0000000000000000 0000000000000000 :<br>msvcrt!doexit+0x15b<br>000000b195eff6c0 00007ffdf07713d2 : 00007ff71cf17bb0
00007ff71ca23000 00007ff71ca23000 0000000000000000 :<br>wininit!__mainCRTStartup+0x1c2<br>000000b195eff780 00007ffdf0cc54e4 : 00007ffdf07713b0
0000000000000000 0000000000000000 0000000000000000 :<br>KERNEL32!BaseThreadInitThunk+0x22<br>000000b195eff7b0 0000000000000000 : 0000000000000000
0000000000000000 0000000000000000 0000000000000000 :<br>ntdll!RtlUserThreadStart+0x34<br><br>STACK_COMMAND: kb<br>THREAD_SHA1_HASH_MOD_FUNC: 78e5e5ee84defa9a712af7c5d7da03a981eef1ca<br>THREAD_SHA1_HASH_MOD_FUNC_OFFSET: 6cc35f3c6e145933fd675767150418a268df8cf5<br>THREAD_SHA1_HASH_MOD: e6e2ca33faf662a181153fef2d904d54f6e10b1e<br>FOLLOWUP_IP:<br>ntdll!NtTerminateProcess+a<br>00007ffdf0d4097a c3 ret
FAULT_INSTR_CODE: 441f0fc3
SYMBOL_STACK_INDEX: 5
SYMBOL_NAME: ntdll!NtTerminateProcess+a
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: ntdll
IMAGE_NAME: ntdll.dll
DEBUG_FLR_IMAGE_TIMESTAMP: 57ae642e
BUCKET_ID_FUNC_OFFSET: a
FAILURE_BUCKET_ID:
0xEF_wininit.exe_BUGCHECK_CRITICAL_PROCESS_96026768_STACKPTR_ERROR_ntdll!NtTerminateProcess
BUCKET_ID: 0xEF_wininit.exe_BUGCHECK_CRITICAL_PROCESS_96026768_STACKPTR_ERROR_ntdll!NtTerminateProcess
PRIMARY_PROBLEM_CLASS:
0xEF_wininit.exe_BUGCHECK_CRITICAL_PROCESS_96026768_STACKPTR_ERROR_ntdll!NtTerminateProcess
TARGET_TIME: 2017-06-15T15:11:35.000Z
OSBUILD: 9600
OSSERVICEPACK: 18589
SERVICEPACK_NUMBER: 0
OS_REVISION: 0
SUITE_MASK: 272
PRODUCT_TYPE: 1
OSPLATFORM_TYPE: x64
OSNAME: Windows 8.1
OSEDITION: Windows 8.1 WinNt TerminalServer SingleUserTS
OS_LOCALE:
USER_LCID: 0
OSBUILD_TIMESTAMP: 2017-02-05 03:43:09
BUILDDATESTAMP_STR: 170204-0600
BUILDLAB_STR: winblue_ltsb
BUILDOSVER_STR: 6.3.9600.18589
ANALYSIS_SESSION_ELAPSED_TIME: a27
ANALYSIS_SOURCE: KM
FAILURE_ID_HASH_STRING:
km:0xef_wininit.exe_bugcheck_critical_process_96026768_stackptr_error_ntdll!ntterminateprocess
FAILURE_ID_HASH: {d3ae0218-0799-b67e-a1ce-53a4a39ed9c3}
Followup: MachineOwner
---------
kd> lm
start end module name
00007ff71cf10000 00007ff71cf38000 wininit (pdb symbols)
c:\symbols\wininit.pdb\5027DD19CB6A4AC3BAFAB94DD613C2922\wininit.pdb
00007ffdeddc0000 00007ffdeddcb000 wininitext (deferred)
00007ffdeddd0000 00007ffdedde5000 profapi (deferred)
00007ffdedf50000 00007ffdee065000 KERNELBASE (deferred)
00007ffdee0c0000 00007ffdee0ee000 SspiCli (deferred)
00007ffdee360000 00007ffdee4a0000 RPCRT4 (deferred)
00007ffdee6b0000 00007ffdee827000 USER32 (deferred)
00007ffdeebf0000 00007ffdeed3f000 GDI32 (deferred)
00007ffdeee70000 00007ffdeef1a000 msvcrt (pdb symbols)
c:\symbols\msvcrt.pdb\641F17F578D2431E91F0D267FBD1B0522\msvcrt.pdb
00007ffdeef20000 00007ffdef072000 MSCTF (deferred)
00007ffdf0770000 00007ffdf08ae000 KERNEL32 (pdb symbols)
c:\symbols\kernel32.pdb\A49C2B8068D747D5B88373C92E68D42C2\kernel32.pdb
00007ffdf08b0000 00007ffdf08e6000 IMM32 (deferred)
00007ffdf0b90000 00007ffdf0be9000 sechost (deferred)
00007ffdf0cb0000 00007ffdf0e5d000 ntdll (pdb symbols)
c:\symbols\ntdll.pdb\309B7D2A275C49A1917EC6033A73D0ED1\ntdll.pdb
fffff80098400000 fffff80098488000 CI (deferred)
fffff800984b9000 fffff80098536000 mcupdate_GenuineIntel
(deferred)
fffff80098536000 fffff80098544000 werkernel (deferred)
fffff80098544000 fffff800985a6000 CLFS (deferred)
fffff800985a6000 fffff800985c8000 tm (deferred)
fffff800985c8000 fffff800985dd000 PSHED (deferred)
fffff800985dd000 fffff800985e7000 BOOTVID (deferred)
fffff800985e7000 fffff800985f2000 cmimcext (deferred)
fffff80098629000 fffff80098686000 msrpc (deferred)
fffff80098686000 fffff80098755000 Wdf01000 (deferred)
fffff80098755000 fffff80098766000 WDFLDR (deferred)
fffff80098766000 fffff8009877e000 acpiex (deferred)
fffff8009877e000 fffff80098789000 WppRecorder (deferred)
fffff80098789000 fffff800987f4000 spaceport (deferred)
fffff8009883f000 fffff800988c7000 ACPI (deferred)
fffff800988c7000 fffff800988d1000 WMILIB (deferred)
fffff800988d1000 fffff8009895e000 cng (deferred)
fffff80098967000 fffff80098974000 vdrvroot (deferred)
fffff80098974000 fffff80098990000 pdc (deferred)
fffff80098990000 fffff800989a8000 partmgr (deferred)
fffff800989a8000 fffff800989be000 volmgr (deferred)
fffff80098a00000 fffff80098a5f000 volmgrx (deferred)
fffff80098a5f000 fffff80098a7c000 vmbus (deferred)
fffff80098a7c000 fffff80098a93000 vmbkmcl (deferred)
fffff80098a93000 fffff80098aa8000 winhv (deferred)
fffff80098aa8000 fffff80098ae6000 sdbus (deferred)
fffff80098ae6000 fffff80098b01000 mountmgr (deferred)
fffff80098b01000 fffff80098b1b000 EhStorClass (deferred)
fffff80098b1b000 fffff80098b77000 fltmgr (deferred)
fffff80098b77000 fffff80098b8d000 fileinfo (deferred)
fffff80098b8d000 fffff80098bb8000 Wof (deferred)
fffff80098c00000 fffff80098c79000 UsbHub3 (deferred)
fffff80098c79000 fffff80098c84000 Fs_Rec (deferred)
fffff80098cc0000 fffff80098e52000 symefasi (deferred)
fffff80098e52000 fffff80098f0ee80 mfehidk (deferred)
fffff80098f0f000 fffff80098f84000 usbhub (deferred)
fffff80098f84000 fffff80098ff4000 USBPORT (deferred)
fffff80099000000 fffff80099061000 storport (deferred)
fffff80099061000 fffff80099088000 usbccgp (deferred)
fffff80099088000 fffff80099094000 USBD (deferred)
fffff80099094000 fffff800990ad000 usbehci (deferred)
fffff800990ad000 fffff800990bd000 pcw (deferred)
fffff800990bd000 fffff800992b5000 Ntfs (deferred)
fffff800992b5000 fffff800992d1000 ksecdd (deferred)
fffff800992d1000 fffff800993bf000 ReFS (deferred)
fffff800993bf000 fffff800993cb000 storvsc (deferred)
fffff800993cb000 fffff800993fd000 ucx01000 (deferred)
fffff80099400000 fffff80099477000 NETIO (deferred)
fffff8009949d000 fffff800995b4000 ndis (deferred)
fffff800995b4000 fffff800995e5000 ksecpkg (deferred)
fffff80099640000 fffff800998a6000 tcpip (deferred)
fffff800998a6000 fffff80099912000 fwpkclnt (deferred)
fffff80099912000 fffff80099937000 wfplwfs (deferred)
fffff80099937000 fffff80099989a80 mfewfpk (deferred)
fffff8009998a000 fffff800999aa000 mup (deferred)
fffff800999aa000 fffff800999c6000 disk (deferred)
fffff80099a00000 fffff80099a17000 sdstor (deferred)
fffff80099a17000 fffff80099a5d000 rdyboost (deferred)
fffff80099a5d000 fffff80099a6c000 intelpep (deferred)
fffff80099a76000 fffff80099b0b000 fvevol (deferred)
fffff80099b0b000 fffff80099b5c000 volsnap (deferred)
fffff80099b5c000 fffff80099bb1000 USBXHCI (deferred)
fffff80099bb1000 fffff80099bd7000 USBSTOR (deferred)
fffff80099bd7000 fffff80099bed000 uaspstor (deferred)
fffff80099c66000 fffff80099cba000 CLASSPNP (deferred)
fffff80099cba000 fffff80099ccf000 crashdmp (deferred)
fffff80099d14000 fffff80099d42000 cdrom (deferred)
fffff80099d42000 fffff80099d6e000 ccSetx64 (deferred)
fffff80099d6e000 fffff80099d96000 hdlpflt (deferred)
fffff80099d96000 fffff80099da2000 hdlpevnt (deferred)
fffff80099da2000 fffff80099db8000 hdlpctrl (deferred)
fffff8009a02b000 fffff8009a10a000 SRTSP64 (deferred)
fffff8009a10a000 fffff8009a11f000 SRTSPX64 (deferred)
fffff8009a11f000 fffff8009a163000 Ironx64 (deferred)
fffff8009a163000 fffff8009a19b000 SYMEVENT64x86 (deferred)
fffff8009a200000 fffff8009a28e000 csc (deferred)
fffff8009a2f9000 fffff8009a508000 EX64 (deferred)
fffff8009a508000 fffff8009a52b000 ENG64 (deferred)
fffff8009a52b000 fffff8009a534000 Null (deferred)
fffff8009a534000 fffff8009a53c000 Beep (deferred)
fffff8009a53c000 fffff8009a551f00 ctxusbm (deferred)
fffff8009a552000 fffff8009a560000 BasicRender (deferred)
fffff8009a560000 fffff8009a5ce000 rdbss (deferred)
fffff8009a600000 fffff8009a690000 afd (deferred)
fffff8009a690000 fffff8009a6ba000 pacer (deferred)
fffff8009a6ba000 fffff8009a6cb000 netbios (deferred)
fffff8009a6e3000 fffff8009a862000 dxgkrnl (deferred)
fffff8009a862000 fffff8009a874000 watchdog (deferred)
fffff8009a874000 fffff8009a8d7000 dxgmms1 (deferred)
fffff8009a8d7000 fffff8009a8e9000 BasicDisplay (deferred)
fffff8009a8e9000 fffff8009a8f0000 rcVidMpt (deferred)
fffff8009a8f0000 fffff8009a903000 VIDEOPRT (deferred)
fffff8009a903000 fffff8009a917000 Npfs (deferred)
fffff8009a917000 fffff8009a923000 Msfs (deferred)
fffff8009a923000 fffff8009a943000 tdx (deferred)
fffff8009a943000 fffff8009a951000 TDI (deferred)
fffff8009a951000 fffff8009a99b000 netbt (deferred)
fffff8009aa8e000 fffff8009ab24000 SYMNETS (deferred)
fffff8009ab24000 fffff8009ab32000 nsiproxy (deferred)
fffff8009ab32000 fffff8009ab3e000 npsvctrig (deferred)
fffff8009ab3e000 fffff8009ab4a000 mssmbios (deferred)
fffff8009ac00000 fffff8009ac28000 EraserUtilRebootDrv (deferred)
fffff8009ac28000 fffff8009ac4f000 dfsc (deferred)
fffff8009ac4f000 fffff8009ac5d000 monitor (deferred)
fffff8009ac69000 fffff8009ad63000 IDSvia64 (deferred)
fffff8009ad63000 fffff8009addf000 eeCtrl64 (deferred)
fffff8009addf000 fffff8009adf5000 dump_dumpfve (deferred)
fffff8009ae00000 fffff8009ae39000 fastfat (deferred)
fffff8009ae39000 fffff8009ae54000 cdfs (deferred)
fffff8009ae54000 fffff8009ae60000 dump_diskdump (deferred)
fffff8009ae60000 fffff8009ae6c000 dump_storvsc (deferred)
fffff8009ae79000 fffff8009b03b000 BHDrvx64 (deferred)
fffff8009b03b000 fffff8009b054000 ahcache (deferred)
fffff8009b054000 fffff8009b063000 CompositeBus (deferred)
fffff8009b063000 fffff8009b06e000 kdnic (deferred)
fffff8009b06e000 fffff8009b07f000 umbus (deferred)
fffff8009b07f000 fffff8009b09d000 intelppm (deferred)
fffff8009b09d000 fffff8009b0a2500 VMBusHID (deferred)
fffff8009b0a3000 fffff8009b0c2000 HIDCLASS (deferred)
fffff8009b0c2000 fffff8009b0c9f00 HIDPARSE (deferred)
fffff8009b0ca000 fffff8009b0d4000 hyperkbd (deferred)
fffff8009b0d4000 fffff8009b0e6000 kbdclass (deferred)
fffff8009b0e6000 fffff8009b0f3000 hdlpdbk (deferred)
fffff8009b0f3000 fffff8009b101000 dmvsc (deferred)
fffff8009b101000 fffff8009b10b000 vmgencounter (deferred)
fffff8009b10b000 fffff8009b125000 serial (deferred)
fffff8009b125000 fffff8009b132000 serenum (deferred)
fffff8009b132000 fffff8009b13e000 rcSmCard (deferred)
fffff8009b13e000 fffff8009b14a000 SMCLIB (deferred)
fffff8009b14a000 fffff8009b15b000 scfilter (deferred)
fffff8009b15b000 fffff8009b166000 NdisVirtualBus (deferred)
fffff8009b166000 fffff8009b167600 swenum (deferred)
fffff8009b168000 fffff8009b1b6000 ks (deferred)
fffff8009b1b6000 fffff8009b1c1000 rdpbus (deferred)
fffff8009b1c1000 fffff8009b1ce000 mouhid (deferred)
fffff8009b1ce000 fffff8009b1de000 mouclass (deferred)
fffff8009b1de000 fffff8009b1f5000 dump_vmbkmcl (deferred)
fffff801de3ba000 fffff801de3c3000 kd (deferred)
fffff801df010000 fffff801df080000 hal (deferred)
fffff801df080000 fffff801df80c000 nt (pdb symbols)
c:\symbols\ntkrnlmp.pdb\C1E2C0CCCDAC4F5DB73D0B72F3EECA3F1\ntkrnlmp.pdb
fffff96000184000 fffff96000599000 win32k (deferred)
fffff960007ab000 fffff960007b4000 TSDDD (deferred)
Unloaded modules:
fffff8009ab4a000 fffff8009abc8000 mfefirek.sys
fffff8009aa00000 fffff8009aa4b000 mfeavfk.sys
fffff80099ccf000 fffff80099cdb000 dump_storport.sys
fffff80099ce7000 fffff80099cfe000 dump_vmbkmcl.sys
fffff80099cdb000 fffff80099ce7000 dump_storvsc.sys
fffff80099cfe000 fffff80099d14000 dump_dumpfve.sys
fffff8009ac4f000 fffff8009ac60000 dam.sys
fffff8009895e000 fffff80098967000 SymELAM.sys
fffff80099bed000 fffff80099bf9000 hwpolicy.sys
00007ffdeddb0000 00007ffdeddb4000 kbdus.dll
00007ffdeddb0000 00007ffdeddb4000 kbdus.dll
00007ffdeddb0000 00007ffdeddb9000 wls0wndh.dll
kd> !process ffffe00080a0c8c0 7
PROCESS ffffe00080a0c8c0
SessionId: 0 Cid: 0234 Peb: 7ff71ca23000 ParentCid: 01d8
DirBase: 20a3a000 ObjectTable: ffffc001dfffff40 HandleCount:
Image: wininit.exe
VadRoot ffffe0007f7c2630 Vads 42 Clone 0 Private 194. Modified 42. Locked 0.
DeviceMap ffffc001dea0db20
Token ffffc001e42481e0
ElapsedTime 00:00:00.412
UserTime 00:00:00.000
KernelTime 00:00:00.000
QuotaPoolUsage[PagedPool] 85928
QuotaPoolUsage[NonPagedPool] 5360
Working Set Sizes (now,min,max) (917, 50, 345) (3668KB, 200KB, 1380KB)
PeakWorkingSetSize 876
VirtualSize 2097192 Mb
PeakVirtualSize 2097196 Mb
PageFaultCount 1000
MemoryPriority BACKGROUND
BasePriority 13
CommitCharge 246
THREAD ffffe0007f7c1880 Cid 0234.0238 Teb: 00007ff71ca2e000
Win32Thread: fffff901400e3b50 RUNNING on processor 0
Not impersonating
DeviceMap ffffc001dea0db20
Owning Process ffffe00080a0c8c0 Image:
wininit.exe
Attached Process N/A Image: N/A
Wait Start TickCount 316 Ticks: 0
Context Switch Count 268 IdealProcessor: 0
UserTime 00:00:00.015
KernelTime 00:00:00.125
Win32 Start Address wininit!WinMainCRTStartup (0x00007ff71cf17bb0)
Stack Init ffffd000600d1b90 Current ffffd000600d1300
Base ffffd000600d2000 Limit ffffd000600cb000 Call 0000000000000000
Priority 15 BasePriority 15 PriorityDecrement 0 IoPriority 2
PagePriority 5
Child-SP RetAddr : Args to Child
: Call Site
ffffd000600d1888 fffff801df68d2e4 : 00000000000000ef<br>ffffe00080a0c8c0 0000000000000000 0000000000000000 :
nt!KeBugCheckEx
ffffd000600d1890 fffff801df5a85fa : 0000000000000001<br>ffffd000600d1999 0000000000000000 0000000000000000 :
nt!PspCatchCriticalBreak+0xa4
ffffd000600d18d0 fffff801df68ce86 : 0000000000000001<br>ffffd000600d1999 0000000000000001 ffffffffffffffff : nt! ??
::NNGAKEGL::string'+0x6fea<br> ffffd000600d1930 fffff801df1d9ab3 : 0000000000000008
000000b196026768 ffffe0007f7c1880 000000b195eff558 :<br>nt!NtTerminateProcess+0x2c2<br> ffffd000600d1a00 00007ffdf0d4097a : 00007ffdf0cc84f0
00009f69b635d096 000000000000000e 000000b196291228 :<br>nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ ffffd000600d1a00)
000000b195eff4f8 00007ffdf0cc84f0 : 00009f69b635d096<br>000000000000000e 000000b196291228 000000b195eff628 :
ntdll!NtTerminateProcess+0xa
000000b195eff500 00007ffdf077516a : 000000000000000e<br>000000000000000e 000000b196291220 00007ffdf0d05f67 :
ntdll!RtlExitUserProcess+0x60
000000b195eff5f0 00007ffdeee771d5 : 000000000000000e<br>0000000000000000 0000000000000000 00007ffd00000008 :
KERNEL32!ExitProcessImplementation+0xa
000000b195eff620 00007ffdeee76e6f : 000000b196291218<br>00000000dae67593 0041002d0047004c 0034003100440055 :
msvcrt!_crtExitProcess+0x15
000000b195eff650 00007ff71cf1ac15 : 000000b1960226fb<br>0000000000000000 0000000000000000 0000000000000000 :
msvcrt!doexit+0x15b
000000b195eff6c0 00007ffdf07713d2 : 00007ff71cf17bb0<br>00007ff71ca23000 00007ff71ca23000 0000000000000000 :
wininit!__mainCRTStartup+0x1c2
000000b195eff780 00007ffdf0cc54e4 : 00007ffdf07713b0<br>0000000000000000 0000000000000000 0000000000000000 :
KERNEL32!BaseThreadInitThunk+0x22
000000b195eff7b0 0000000000000000 : 0000000000000000<br>0000000000000000 0000000000000000 0000000000000000 :
ntdll!RtlUserThreadStart+0x34
THREAD ffffe0007f7ec380 Cid 0234.024c Teb: 00007ff71ca2c000
Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
ffffe0007f7dee40 QueueObject
Not impersonating
DeviceMap ffffc001dea0db20
Owning Process ffffe00080a0c8c0 Image:
wininit.exe
Attached Process N/A Image: N/A
Wait Start TickCount 314 Ticks: 2 (0:00:00:00.031)
Context Switch Count 6 IdealProcessor: 0
UserTime 00:00:00.000
KernelTime 00:00:00.000
Win32 Start Address ntdll!TppWorkerThread (0x00007ffdf0ce89b0)
Stack Init ffffd00060487b90 Current ffffd00060487330
Base ffffd00060488000 Limit ffffd00060481000 Call 0000000000000000
Priority 14 BasePriority 13 PriorityDecrement 0 IoPriority 2
PagePriority 5
Child-SP RetAddr : Args to Child
: Call Site
ffffd00060487370 fffff801df113f1e : fffff801df37d180<br>ffffe0007f7ec380 ffffd000fffffffe fffff801df0af194 :
nt!KiSwapContext+0x76
ffffd000604874b0 fffff801df113999 : ffffe0007f7ec380<br>fffff801df1d167d ffffe00000000000 0000000002f0c454 :
nt!KiSwapThread+0x14e
ffffd00060487550 fffff801df112908 : 0000000000000000<br>0000000000000000 00000000000000b7 0000000000000000 :
nt!KiCommitThreadWait+0x129
ffffd000604875d0 fffff801df111f6a : ffffe0007f7dee40<br>0000000000000001 0000000000000001 0000000000000002 :
nt!KeRemoveQueueEx+0x788
ffffd00060487650 fffff801df1115fb : ffffe00081681bb8<br>0000000000000000 ffffe0007f7ec700 7ffffffffffffffe :
nt!IoRemoveIoCompletion+0x8a
ffffd00060487770 fffff801df1d9ab3 : 000000000000002c<br>000000b19602e360 0000000000000010 000000b19619f778 :
nt!NtWaitForWorkViaWorkerFactory+0x30b
ffffd00060487990 00007ffdf0d421aa : 00007ffdf0ce90f6<br>00007ffdf0cc9550 00007ffdf0cc9550 0000000000000010 :
nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ ffffd00060487a00)<br> 000000b19619f6f8 00007ffdf0ce90f6 : 00007ffdf0cc9550
00007ffdf0cc9550 0000000000000010 000000b19602e6e0 :<br>ntdll!NtWaitForWorkViaWorkerFactory+0xa<br> 000000b19619f700 00007ffdf07713d2 : 0000000000000000
00007ffdf0ce89b0 000000b196027650 0000000000000000 :<br>ntdll!TppWorkerThread+0x746<br> 000000b19619fae0 00007ffdf0cc54e4 : 00007ffdf07713b0
0000000000000000 0000000000000000 0000000000000000 :<br>KERNEL32!BaseThreadInitThunk+0x22<br> 000000b19619fb10 0000000000000000 : 0000000000000000
0000000000000000 0000000000000000 0000000000000000 :<br>ntdll!RtlUserThreadStart+0x34<br> THREAD ffffe0007f7cc080 Cid 0234.0254 Teb: 00007ff71ca2a000<br>Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable<br> ffffe0007f7dee40 QueueObject<br> Not impersonating<br> DeviceMap ffffc001dea0db20<br> Owning Process ffffe00080a0c8c0 Image:<br> wininit.exe<br> Attached Process N/A Image: N/A<br> Wait Start TickCount 293 Ticks: 23 (0:00:00:00.359)<br> Context Switch Count 1 IdealProcessor: 0<br> UserTime 00:00:00.000<br> KernelTime 00:00:00.000<br> Win32 Start Address ntdll!TppWorkerThread (0x00007ffdf0ce89b0)<br> Stack Init ffffd00060507b90 Current ffffd00060507330<br> Base ffffd00060508000 Limit ffffd00060501000 Call 0000000000000000<br> Priority 13 BasePriority 13 PriorityDecrement 0 IoPriority 2<br>PagePriority 5<br> Child-SP RetAddr : Args to Child<br> : Call Site<br> ffffd00060507370 fffff801df113f1e : fffff801df37d180
ffffe0007f7cc080 00000000fffffffe 0000000000000000 :<br>nt!KiSwapContext+0x76<br> ffffd000605074b0 fffff801df113999 : ffffe0007f7cc080
0000000000000000 0000000000000000 0000000000000000 :<br>nt!KiSwapThread+0x14e<br> ffffd00060507550 fffff801df112908 : 0000000000000000
0000000000000000 ffffe000000000aa 0000000000000000 :<br>nt!KiCommitThreadWait+0x129<br> ffffd000605075d0 fffff801df111f6a : ffffe0007f7dee40
0000000000000001 0000000000000001 0000000000000002 :<br>nt!KeRemoveQueueEx+0x788<br> ffffd00060507650 fffff801df1115fb : 0000000000000000
0000000000000000 0000000400000001 0000000000000000 :<br>nt!IoRemoveIoCompletion+0x8a<br> ffffd00060507770 fffff801df1d9ab3 : 000000000000002c
000000b196023bb0 ffffe00000000010 000000b19621f6f8 :<br>nt!NtWaitForWorkViaWorkerFactory+0x30b<br> ffffd00060507990 00007ffdf0d421aa : 00007ffdf0ce90f6
00007ffdf0ce89b0 0000000000000003 000000b196027650 :<br>nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ ffffd00060507a00)
000000b19621f678 00007ffdf0ce90f6 : 00007ffdf0ce89b0<br>0000000000000003 000000b196027650 000000b196027650 :
ntdll!NtWaitForWorkViaWorkerFactory+0xa
000000b19621f680 00007ffdf07713d2 : 0000000000000000<br>00007ffdf0ce89b0 000000b196027650 0000000000000000 :
ntdll!TppWorkerThread+0x746
000000b19621fa60 00007ffdf0cc54e4 : 00007ffdf07713b0<br>0000000000000000 0000000000000000 0000000000000000 :
KERNEL32!BaseThreadInitThunk+0x22
000000b19621fa90 0000000000000000 : 0000000000000000<br>0000000000000000 0000000000000000 0000000000000000 :
ntdll!RtlUserThreadStart+0x34
Thanks
Malcolm.