Meaning of "Attached process" in the output of !process?

brad_H

When I use the !process xxx 0x7 on a process, sometimes I get something like the following, where a particular thread has a attached process.
My question is what is the meaning of this? How can a process attach to a particular thread?

And In this particular case, csrss is attaching to one of its own threads, can someone make a sense out of this?

        THREAD 8fa70600  Cid 0004.130c  Teb: 00000000 Win32Thread: 00000000 WAIT: (WrQueue) KernelMode Non-Alertable
            81facbb8  PriQueueObject
        Not impersonating
        DeviceMap                 88206af8
        Owning Process            81f68900       Image:         System
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      243348         Ticks: 937 (0:00:00:14.640)
        Context Switch Count      167379         IdealProcessor: 1  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:06:13.593
        Win32 Start Address nt!ExpWorkerThread (0x820473c0)
        Stack Init 8de5bde0 Current 8de5bbdc Base 8de5c000 Limit 8de59000 Call 00000000
        Priority 15 BasePriority 12 PriorityDecrement 0 IoPriority 2 PagePriority 5
        ChildEBP RetAddr  Args to Child              
        8de5bbf4 82050a69 00000100 88bf4120 8fa70600 nt!KiSwapContext+0x19 (FPO: [Uses EBP] [1,0,4])
        8de5bc90 8204fa97 81facbb8 8fa70600 8fa706e0 nt!KiSwapThread+0xb19 (FPO: [Non-Fpo])
        8de5bce4 820477fc 00000000 81facbb8 8fa70600 nt!KiCommitThreadWait+0x127 (FPO: [Non-Fpo])
        8de5bd24 8204744b 8230a540 00000000 00000000 nt!KeRemovePriQueue+0x13c (FPO: [Non-Fpo])
        8de5bd78 821261c8 81facbb8 c4a283c8 00000000 nt!ExpWorkerThread+0x8b (FPO: [Non-Fpo])
        8de5bdb0 8218178d 820473c0 81facbb8 00000000 nt!PspSystemThreadStartup+0x4a (FPO: [Non-Fpo])
        8de5bdbc 00000000 00000000 00356dd0 00356e70 nt!KiThreadStartup+0x15

        THREAD 91bb1040  Cid 0004.1314  Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 1
        Not impersonating
        DeviceMap                 88206af8
        Owning Process            81f68900       Image:         System
        Attached Process          901798c0       Image:         csrss.exe
        Wait Start TickCount      244285         Ticks: 0
        Context Switch Count      38517          IdealProcessor: 1  NoStackSwap
        UserTime                  00:00:00.000
        KernelTime                00:00:07.671
        Win32 Start Address nt!ExpWorkerThread (0x820473c0)
        Stack Init 8de63de0 Current 8de637fc Base 8de64000 Limit 8de61000 Call 00000000
        Priority 13 BasePriority 12 PriorityDecrement 0 IoPriority 2 PagePriority 5
        ChildEBP RetAddr  Args to Child              
        8de63a2c 823236b6 0000004c c000021a a2047964 nt!KeBugCheckEx
        8de63a54 8231e12a 00000000 8de63c04 8de63c88 nt!PopGracefulShutdown+0x221 (FPO: [1,0,0])
        8de63a98 82316026 00000004 00000006 c0000004 nt!PopTransitionSystemPowerStateEx+0xa93a
        8de63bf0 821793eb 00000004 00000006 c0000004 nt!NtSetSystemPowerState+0x4e (FPO: [3,84,0])
        8de63bf0 82164aa9 00000004 00000006 c0000004 nt!KiSystemServicePostCall (FPO: [0,3] TrapFrame @ 8de63c04)
        8de63c74 8250046d 00000004 00000006 c0000004 nt!ZwSetSystemPowerState+0x11 (FPO: [3,0,0])
        8de63ccc 8243c43d 00000006 c0000004 00000000 nt!PopIssueActionRequest+0xc446f
        8de63d0c 82034c3e 81facbb8 91bb1040 822b67b0 nt!PopPolicyWorkerAction+0x5f (FPO: [Non-Fpo])
        8de63d28 820474aa 00000001 00000000 91bb1040 nt!PopPolicyWorkerThread+0x8a (FPO: [Non-Fpo])
        8de63d78 821261c8 81facbb8 c4a103c8 00000000 nt!ExpWorkerThread+0xea (FPO: [Non-Fpo])
        8de63db0 8218178d 820473c0 81facbb8 00000000 nt!PspSystemThreadStartup+0x4a (FPO: [Non-Fpo])
        8de63dbc 00000000 00000000 80dc0dd0 0001e080 nt!KiThreadStartup+0x15

Scott_Noone_(OSR)

https://learn.microsoft.com/en-us/windows-hardware/drivers/ddi/ntifs/nf-ntifs-kestackattachprocess