Win2K Hung after FS Check

NTDEV
1

Hello,

I’m debugging my Win2K Bus Driver. I installed my Bus Driver and a dummy
Function Driver and then rebooted the target system. While coming back up,
the target system loads my driver and always hangs after the following
messages:

“Checking File System on E:
The type of File System is NTFS
Volume Label is …
Volume is clean.
|
Windows has finished checking the disk.”

From WinDbg, if I do , I see that the shades of blue moving across
the top of the screen (above the messages) on the target system stop; they
start when I say . But the system doesn’t boot up all the way and
remains at the same message.

Anybody have any idea what the system is doing at this point ?

[Note that before I installed my drivers, the system had booted fine.
Also, in my Bus Driver, I create a RealTime Thread (HIGH_PRIORITY) with CPU
Affinity set to CPU 3 (on a 4 CPU system) and this thread executes
continuously till my Bus Driver unloads] – Could this be related to the
problem somehow ?

Could somebody please tell me how to proceed ? I’m new to kernel-debugging
in NT.

Thanks much,
Puja

2

Well you are going to have to figure out what your driver is doing (or not
doing) to stall the system this way.

You really haven’t provided much information. You should try using some of
the kernel debugging extensions available through windbag’s command window
to figure what state the system is in.

Try “!help” in the debugger command window. This will produce a list of “!”
prefixed kernel debugging commands. Try “!process 0 7”. This will produce a
list of all processes and their threads complete with stack traces for each
thread (well most of them anyhow.)

Try “!devnode 0 1” this will list all the PnP device nodes in the system and
their state.

Set breakpoints in your driver and trace through its execution.

Rebuild your driver with copious amounts of runtime debug printf tracing
information. Trace every function entry/exit and paramter values. Trace
every loop entry/exit. Trace all error paths. You can never be too rich, or
too thin, or have too many debug printfs (suitably protected by a level
filter macro of course.)

If you are really, really lost, consider taking a driver lab class from OSR
or Walter Oney or Jamie Hanrahan.

Mark Roddy
Windows 2000/NT Consultant
Hollis Technology Solutions
www.hollistech.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of xxxxx@usa.net
Sent: Friday, May 12, 2000 6:00 PM
To: NT Developers Interest List
Subject: [ntdev] Win2K Hung after FS Check

Hello,

I’m debugging my Win2K Bus Driver. I installed my Bus Driver and a dummy
Function Driver and then rebooted the target system. While coming back up,
the target system loads my driver and always hangs after the following
messages:

“Checking File System on E:
The type of File System is NTFS
Volume Label is …
Volume is clean.
|
Windows has finished checking the disk.”

From WinDbg, if I do , I see that the shades of blue moving across
the top of the screen (above the messages) on the target system stop; they
start when I say . But the system doesn’t boot up all the way and
remains at the same message.

Anybody have any idea what the system is doing at this point ?

[Note that before I installed my drivers, the system had booted fine.
Also, in my Bus Driver, I create a RealTime Thread (HIGH_PRIORITY) with CPU
Affinity set to CPU 3 (on a 4 CPU system) and this thread executes
continuously till my Bus Driver unloads] – Could this be related to the
problem somehow ?

Could somebody please tell me how to proceed ? I’m new to kernel-debugging
in NT.

Thanks much,
Puja


You are currently subscribed to ntdev as: xxxxx@wattanuck.mv.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

3

Hello Mark,

As per your advice, I put debug printf statements in my driver and tried it
again. Here is what’s happening:

  1. When my Bus Driver is installed, the system hangs after the File System
    Check during the boot process (by this time, my Bus Driver has already been
    loaded and its DriverEntry() and AddDevice() routines executed – also the
    real-time thread has been created and is executing at HIGH_PRIORITY on CPU
    3, this is a compute-bound thread which never sleeps, and stops only when
    the Driver is unloaded).

  2. When I trigger the enumeration of my Bus (using enum.exe), the Target
    System displays “Found New Hardware … Insert the CD labelled Toaster
    Device Installation Disk”. When I choose drive A: (which is my floppy
    drive, containing the toaster.sys), this window stops responding. Task
    Manager also shows Task: Found New Hardware, Status: Not responding. When
    I click “End Task” in the Task Manager, it pops another Error window saying
    “This program cannot be closed. If it is being debugged, please resume it
    or close the debugger first”. [WinDbg shows all 4 CPUs on the target
    system as Running. So why am I getting this error ?]

  3. I had put a printf() in my RT thread’s while-loop also. And in WinDbg,
    I could see these printf messages scrolling past while the system is hung
    in #1 and #2. Does that mean that the system is hung because of this RT
    thread ? But since this RT thread has its affinity set to CPU 3, why
    should it hang the entire system (the other CPUs 0, 1 and 2 should still be
    functional) ?

  4. On doing “!process 0 7” to look at the threads and their stacks, my
    windbg hangs after displaying some data. i.e. it stops responding. Why is
    this ?

Could you please advise what other info I should be looking for ?

Thanks
Puja

On 05/13/00, ““Mark Roddy” ” wrote:
> Well you are going to have to figure out what your driver is doing (or not
> doing) to stall the system this way.
>
> You really haven’t provided much information. You should try using some of
> the kernel debugging extensions available through windbag’s command window
> to figure what state the system is in.
>
> Try “!help” in the debugger command window. This will produce a list of “!”
> prefixed kernel debugging commands. Try “!process 0 7”. This will produce a
> list of all processes and their threads complete with stack traces for each
> thread (well most of them anyhow.)
>
> Try “!devnode 0 1” this will list all the PnP device nodes in the system and
> their state.
>
> Set breakpoints in your driver and trace through its execution.
>
> Rebuild your driver with copious amounts of runtime debug printf tracing
> information. Trace every function entry/exit and paramter values. Trace
> every loop entry/exit. Trace all error paths. You can never be too rich, or
> too thin, or have too many debug printfs (suitably protected by a level
> filter macro of course.)
>
> If you are really, really lost, consider taking a driver lab class from OSR
> or Walter Oney or Jamie Hanrahan.
>
>
>
> Mark Roddy
> Windows 2000/NT Consultant
> Hollis Technology Solutions
> www.hollistech.com
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of xxxxx@usa.net
> Sent: Friday, May 12, 2000 6:00 PM
> To: NT Developers Interest List
> Subject: [ntdev] Win2K Hung after FS Check
>
>
> Hello,
>
> I’m debugging my Win2K Bus Driver. I installed my Bus Driver and a dummy
> Function Driver and then rebooted the target system. While coming back up,
> the target system loads my driver and always hangs after the following
> messages:
>
> “Checking File System on E:
> The type of File System is NTFS
> Volume Label is …
> Volume is clean.
> |
> Windows has finished checking the disk.”
>
> >From WinDbg, if I do , I see that the shades of blue moving across
> the top of the screen (above the messages) on the target system stop; they
> start when I say . But the system doesn’t boot up all the way and
> remains at the same message.
>
> Anybody have any idea what the system is doing at this point ?
>
> [Note that before I installed my drivers, the system had booted fine.
> Also, in my Bus Driver, I create a RealTime Thread (HIGH_PRIORITY) with CPU
> Affinity set to CPU 3 (on a 4 CPU system) and this thread executes
> continuously till my Bus Driver unloads] – Could this be related to the
> problem somehow ?
>
> Could somebody please tell me how to proceed ? I’m new to kernel-debugging
> in NT.
>
> Thanks much,
> Puja
>
> —
> You are currently subscribed to ntdev as: xxxxx@wattanuck.mv.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)

4

GUIs hanging like that is often due to an I/O or other IRP that is not
completed. Are you returning from AddDevice() and then (properly)
completing all the PnP queries and IRP_MN_START_DEVICE? Also, you have
to do things differently for power IRPs. If you receive one power IRP
and don’t tell PnP Mgr you’re ready to handle another, it will probably
hang.

Dave Cox
Hewlett-Packard Co.
HPSO/SSMO (Santa Barbara)
https://ecardfile.com/id/Dave+Cox

-----Original Message-----
From: xxxxx@usa.net [mailto:xxxxx@usa.net]
Sent: Sunday, May 14, 2000 6:00 PM
To: NT Developers Interest List
Subject: [ntdev] RE: Win2K Hung after FS Check

Hello Mark,

As per your advice, I put debug printf statements in my driver and tried it
again. Here is what’s happening:

  1. When my Bus Driver is installed, the system hangs after the File System
    Check during the boot process (by this time, my Bus Driver has already been
    loaded and its DriverEntry() and AddDevice() routines executed – also the
    real-time thread has been created and is executing at HIGH_PRIORITY on CPU
    3, this is a compute-bound thread which never sleeps, and stops only when
    the Driver is unloaded).

  2. When I trigger the enumeration of my Bus (using enum.exe), the Target
    System displays “Found New Hardware … Insert the CD labelled Toaster
    Device Installation Disk”. When I choose drive A: (which is my floppy
    drive, containing the toaster.sys), this window stops responding. Task
    Manager also shows Task: Found New Hardware, Status: Not responding. When
    I click “End Task” in the Task Manager, it pops another Error window saying
    “This program cannot be closed. If it is being debugged, please resume it
    or close the debugger first”. [WinDbg shows all 4 CPUs on the target
    system as Running. So why am I getting this error ?]

  3. I had put a printf() in my RT thread’s while-loop also. And in WinDbg,
    I could see these printf messages scrolling past while the system is hung
    in #1 and #2. Does that mean that the system is hung because of this RT
    thread ? But since this RT thread has its affinity set to CPU 3, why
    should it hang the entire system (the other CPUs 0, 1 and 2 should still be
    functional) ?

  4. On doing “!process 0 7” to look at the threads and their stacks, my
    windbg hangs after displaying some data. i.e. it stops responding. Why is
    this ?

Could you please advise what other info I should be looking for ?

Thanks
Puja

On 05/13/00, ““Mark Roddy” ” wrote:
> Well you are going to have to figure out what your driver is doing (or not
> doing) to stall the system this way.
>
> You really haven’t provided much information. You should try using some of
> the kernel debugging extensions available through windbag’s command window
> to figure what state the system is in.
>
> Try “!help” in the debugger command window. This will produce a list of
“!”
> prefixed kernel debugging commands. Try “!process 0 7”. This will produce
a
> list of all processes and their threads complete with stack traces for
each
> thread (well most of them anyhow.)
>
> Try “!devnode 0 1” this will list all the PnP device nodes in the system
and
> their state.
>
> Set breakpoints in your driver and trace through its execution.
>
> Rebuild your driver with copious amounts of runtime debug printf tracing
> information. Trace every function entry/exit and paramter values. Trace
> every loop entry/exit. Trace all error paths. You can never be too rich,
or
> too thin, or have too many debug printfs (suitably protected by a level
> filter macro of course.)
>
> If you are really, really lost, consider taking a driver lab class from
OSR
> or Walter Oney or Jamie Hanrahan.
>
>
>
> Mark Roddy
> Windows 2000/NT Consultant
> Hollis Technology Solutions
> www.hollistech.com
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of xxxxx@usa.net
> Sent: Friday, May 12, 2000 6:00 PM
> To: NT Developers Interest List
> Subject: [ntdev] Win2K Hung after FS Check
>
>
> Hello,
>
> I’m debugging my Win2K Bus Driver. I installed my Bus Driver and a dummy
> Function Driver and then rebooted the target system. While coming back
up,
> the target system loads my driver and always hangs after the following
> messages:
>
> “Checking File System on E:
> The type of File System is NTFS
> Volume Label is …
> Volume is clean.
> |
> Windows has finished checking the disk.”
>
> >From WinDbg, if I do , I see that the shades of blue moving
across
> the top of the screen (above the messages) on the target system stop; they
> start when I say . But the system doesn’t boot up all the way and
> remains at the same message.
>
> Anybody have any idea what the system is doing at this point ?
>
> [Note that before I installed my drivers, the system had booted fine.
> Also, in my Bus Driver, I create a RealTime Thread (HIGH_PRIORITY) with
CPU
> Affinity set to CPU 3 (on a 4 CPU system) and this thread executes
> continuously till my Bus Driver unloads] – Could this be related to the
> problem somehow ?
>
> Could somebody please tell me how to proceed ? I’m new to
kernel-debugging
> in NT.
>
> Thanks much,
> Puja
>
> —
> You are currently subscribed to ntdev as: xxxxx@wattanuck.mv.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)


You are currently subscribed to ntdev as: david_cox2@hp.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

5

I have a lot of problems with a HIGH_PRIORITY compute bound never sleeping
thread, but I don’t think that this is your problem. Instead your PnP state
machine processing in either your bus driver or your function driver (which
I assume is what is being loaded here when the PnP Manager hangs) is broken.
It sounds like you have either not completed an IRP correctly, or violated
one or other of the obscure and frequently counter intuitive PnP IRP
processing rules. Read the DDK very carefully regarding which PnP IRPs are
required for bus drivers and for function drivers (and remember that
sometimes your bus driver is a bus driver and sometimes it is a function
driver.) Also read Walter Oney’s book very carefully too. Then forget all
that and turn on two debugging aids: driver verifier and pnp tracing.

Driver verifier is in the DDK tools directory. It will check a lot of the
IRP processing your driver does and complain loudly when you break the
(semi) documented rules.

Pnp tracing requires the checked OS (and HAL). You should set up an
alternate boot configuration in boot.ini specifying /HAL= and /KERNEL=
options for the checked kernel and hal from the checked cd. I usually copy
renamed versions of checked ntoskrnl.exe and the appropriate hal.dll to the
system directory of the test machine.

Once you have the checked os running use windbag to start pnp tracing:

“!patch pnpqueue”

this will start producing a lot of output from the pnp manager on the debug
console. Most of it will be useless. But you should study it closely,
especially when colleagues are near by, and exclaim things like “Aha!” and
“But of course!”.

You should examine your device objects using !devobj and !devnode. !devnode
0 10 or something like that will dump all of the PnP device nodes in the
system, including yours.

Why does windbag hang? Because windbag is fundamentally and it appears
irredeemably broken. With each new “release” of windbag we slide deeper and
deeper into the La Brea Tarpit of bad software.

Someday in the distant future our fossilized remains will be plucked forth
and placed in museums to be stared at by the awe-struck boy scout children
of the digerati.

“Look ma they really did use windbag for debugging!”

Most of our fossils will have grimaces of disgust and dismay, except for
one, called the mysterious Harv Davey, which will have on it a smile like
that of the Mona Lisa, as if it were saying “its not that bad”. Nobody will
understand why.

But I digress.

You can try to cajole windbag into a stacktrace via “!stacks” or “!process 0
0”. Use !process 0 0 to get the address of the system process and then use
that address with a !process 0xXXXXXXX 7 to get all the thread stacks for
that process.

If windbag has crawled up its own ass again, killing it and restarting it
may produce better results. Also try setting the baudrate up to 57600 if it
is down around 19200. Also make sure that you have debug symbols for
everything accessible on a LOCAL drive. Also make sure that you have
128/256/or better yet 512MB of ram on the system running windbag. Also, a
PIII@600Mhz or so wouldn’t hurt. Also make sure that windbag is set to load
any symbols no matter how bogus they appear to be, without any prompts,
complaints, hiccups or burps. As there are quite a few versions of 'the
‘bag’ floating around, try another version or two or three. Everybody has
their own personal favorite.

Finally, I’ve personally found that sacrificing a goat works wonders :slight_smile:

Mark Roddy
Windows 2000/NT Consultant
Hollis Technology Solutions
www.hollistech.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of xxxxx@usa.net
Sent: Monday, May 15, 2000 7:00 PM
To: NT Developers Interest List
Subject: [ntdev] RE: Win2K Hung after FS Check

Hello Mark,

As per your advice, I put debug printf statements in my driver and tried it
again. Here is what’s happening:

  1. When my Bus Driver is installed, the system hangs after the File System
    Check during the boot process (by this time, my Bus Driver has already been
    loaded and its DriverEntry() and AddDevice() routines executed – also the
    real-time thread has been created and is executing at HIGH_PRIORITY on CPU
    3, this is a compute-bound thread which never sleeps, and stops only when
    the Driver is unloaded).

  2. When I trigger the enumeration of my Bus (using enum.exe), the Target
    System displays “Found New Hardware … Insert the CD labelled Toaster
    Device Installation Disk”. When I choose drive A: (which is my floppy
    drive, containing the toaster.sys), this window stops responding. Task
    Manager also shows Task: Found New Hardware, Status: Not responding. When
    I click “End Task” in the Task Manager, it pops another Error window saying
    “This program cannot be closed. If it is being debugged, please resume it
    or close the debugger first”. [WinDbg shows all 4 CPUs on the target
    system as Running. So why am I getting this error ?]

  3. I had put a printf() in my RT thread’s while-loop also. And in WinDbg,
    I could see these printf messages scrolling past while the system is hung
    in #1 and #2. Does that mean that the system is hung because of this RT
    thread ? But since this RT thread has its affinity set to CPU 3, why
    should it hang the entire system (the other CPUs 0, 1 and 2 should still be
    functional) ?

  4. On doing “!process 0 7” to look at the threads and their stacks, my
    windbg hangs after displaying some data. i.e. it stops responding. Why is
    this ?

Could you please advise what other info I should be looking for ?

Thanks
Puja

On 05/13/00, ““Mark Roddy” ” wrote:
> Well you are going to have to figure out what your driver is doing (or not
> doing) to stall the system this way.
>
> You really haven’t provided much information. You should try using some of
> the kernel debugging extensions available through windbag’s command window
> to figure what state the system is in.
>
> Try “!help” in the debugger command window. This will produce a list of
“!”
> prefixed kernel debugging commands. Try “!process 0 7”. This will produce
a
> list of all processes and their threads complete with stack traces for
each
> thread (well most of them anyhow.)
>
> Try “!devnode 0 1” this will list all the PnP device nodes in the system
and
> their state.
>
> Set breakpoints in your driver and trace through its execution.
>
> Rebuild your driver with copious amounts of runtime debug printf tracing
> information. Trace every function entry/exit and paramter values. Trace
> every loop entry/exit. Trace all error paths. You can never be too rich,
or
> too thin, or have too many debug printfs (suitably protected by a level
> filter macro of course.)
>
> If you are really, really lost, consider taking a driver lab class from
OSR
> or Walter Oney or Jamie Hanrahan.
>
>
>
> Mark Roddy
> Windows 2000/NT Consultant
> Hollis Technology Solutions
> www.hollistech.com
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of xxxxx@usa.net
> Sent: Friday, May 12, 2000 6:00 PM
> To: NT Developers Interest List
> Subject: [ntdev] Win2K Hung after FS Check
>
>
> Hello,
>
> I’m debugging my Win2K Bus Driver. I installed my Bus Driver and a dummy
> Function Driver and then rebooted the target system. While coming back
up,
> the target system loads my driver and always hangs after the following
> messages:
>
> “Checking File System on E:
> The type of File System is NTFS
> Volume Label is …
> Volume is clean.
> |
> Windows has finished checking the disk.”
>
> >From WinDbg, if I do , I see that the shades of blue moving
across
> the top of the screen (above the messages) on the target system stop; they
> start when I say . But the system doesn’t boot up all the way and
> remains at the same message.
>
> Anybody have any idea what the system is doing at this point ?
>
> [Note that before I installed my drivers, the system had booted fine.
> Also, in my Bus Driver, I create a RealTime Thread (HIGH_PRIORITY) with
CPU
> Affinity set to CPU 3 (on a 4 CPU system) and this thread executes
> continuously till my Bus Driver unloads] – Could this be related to the
> problem somehow ?
>
> Could somebody please tell me how to proceed ? I’m new to
kernel-debugging
> in NT.
>
> Thanks much,
> Puja
>
> —
> You are currently subscribed to ntdev as: xxxxx@wattanuck.mv.com
> To unsubscribe send a blank email to $subst(‘Email.Unsub’)


You are currently subscribed to ntdev as: xxxxx@wattanuck.mv.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)

6

Hello,

I tried out several things in my Win2K Bus Driver and here is what I observed:

The hang while trying to access the floppy drive A: did not happen after I changed the priority of my RT thread to LOW_REALTIME_PRIORITY (initially it was HIGH_PRIORITY). Maybe this is because the FS worker-threads are supposed to be the highest priority RT threads ?

But this still caused the system to hang at init/boot time after FS Check (I have given the stack below: all threads EXCEPT my thread which is running, are in NT!@KiSwapThread@0+0x1b1 ). Could somebody explain why this is ?

After that, I introduced a delay of 1 ms in the RT thread’s tight while-loop. This got around the problem of the system hang at init/boot time. But I didn’t want the delay, so I’ve made my thread a normal thread (instead of RT i.e. I don’t set its priority), and there are no hangs.

Does this mean, that there can be no compute-bound RT threads at system init time ? I didn’t see any such mention in the DDK or any of the books. Has anybody had any experience with this ?

Is there any function I can call to check if the system has initialized fully ? I’m considering sleeping in my RT thread till the system is fully initialized and then making it a RT thread.

Any help/explanation is welcome!
Puja

== WinDbg output ==

~
* 0 1 Stopped 1 _KiThreadStartup@4
1 2 Running 1 0xFFFFFFFF80AA5800
2 3 Running 1 0xFFFFFFFF80A9F800
3 4 Running 1 0xFFFFFFFF80A99800

kvbns

FramePtr RetAddr Param1 Param2 Param3 Function Name

00 fffffffff24c3af8 ffffffff8045302a 0000000000000001 0000000000000000 0000000000000000 NT!RtlpBreakWithStatusInstruction (FPO: [1,0,0])
01 fffffffff24c3d40 fffffffff20c136b fffffffff20c10dc 00000000000186a0 0000000000000000 NT!DbgPrint+0xba (EBP)
02 fffffffff24c3da8 ffffffff80452614 ffffffff80a18d08 0000000000000000 0000000000000000 BUSENUM!CswSimThreadMain+0x133(0x80A18D08) (EBP) [pnp.c @ 1779]
03 fffffffff24c3ddc ffffffff80467122 fffffffff20c1238 ffffffff80a18d08 0000000000000000 NT!PspSystemThreadStartup+0x54 (EBP)
04 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 NT!KiThreadStartup+0x16 (No FPO)

~1
kvbns

FramePtr RetAddr Param1 Param2 Param3 Function Name

00 fffffffff2423d44 ffffffff80450969 ffffffff8046c380 ffffffff80aaa128 ffffffff80aa5000 HAL!@HalAcpiC1Idle@4+0x15 (FPO: [0,2,0])
01 fffffffff2423d54 ffffffff804617c8 000000000000000e 000000006db6db6d ffffffffdb6db6db NT!@PopProcessorIdle@4+0x71 (FPO: [0,0,3])
02 ffffffff80aa5800 ffffffff80aa5800 0000000000000000 0000000000000000 00000000000005c6 NT!KiIdleLoop+0x10 (No FPO)
03 ffffffff80aa5800 ffffffff80aa5800 0000000000000000 0000000000000000 00000000000005c6 0xFFFFFFFF80AA5800 (No FPO)

~2
kvbns

FramePtr RetAddr Param1 Param2 Param3 Function Name

00 fffffffff242bd44 ffffffff80450969 ffffffff8046c380 ffffffff80aa9488 ffffffff80a9f000 HAL!@HalAcpiC1Idle@4+0x15 (FPO: [0,2,0])
01 fffffffff242bd54 ffffffff804617c8 000000000000000e 000000006db6db6d ffffffffdb6db6db NT!@PopProcessorIdle@4+0x71 (FPO: [0,0,3])
02 ffffffff80a9f800 ffffffff80a9f800 0000000000000000 0000000000000000 00000000000005a0 NT!KiIdleLoop+0x10 (No FPO)
03 ffffffff80a9f800 ffffffff80a9f800 0000000000000000 0000000000000000 00000000000005a0 0xFFFFFFFF80A9F800 (No FPO)

~3
kvbns

FramePtr RetAddr Param1 Param2 Param3 Function Name

00 fffffffff2433d44 ffffffff80450969 ffffffff8046c380 ffffffff80aa3488 ffffffff80a99000 HAL!@HalAcpiC1Idle@4+0x15 (FPO: [0,2,0])
01 fffffffff2433d54 ffffffff804617c8 000000000000000e 000000006db6db6d ffffffffdb6db6db NT!@PopProcessorIdle@4+0x71 (FPO: [0,0,3])
02 ffffffff80a99800 ffffffff80a99800 0000000000000000 0000000000000000 00000000000004b0 NT!KiIdleLoop+0x10 (No FPO)
03 ffffffff80a99800 ffffffff80a99800 0000000000000000 0000000000000000 00000000000004b0 0xFFFFFFFF80A99800 (No FPO)

~0
!process
Debugger extension library [E:\mssdk\Bin\W2KFre\kdextx86] loaded
E:\mssdk\Bin\W2KFre\kdextx86 uses the old 32 bit extension API and may not be fully
compatible with current systems.
PROCESS 80aaa760 SessionId: 0 Cid: 0008 Peb: 00000000 ParentCid: 0000
DirBase: 00030000 ObjectTable: 80ad71c8 TableSize: 105.
Image: System
VadRoot 80a92108 Clone 0 Private 4. Modified 610. Locked 0.
DeviceMap 80aa9448
Token e1002ad0
ElapsedTime 1:49:05.0515
UserTime 0:00:00.0000
KernelTime 0:00:42.0250
QuotaPoolUsage[PagedPool] 0
QuotaPoolUsage[NonPagedPool] 0
Working Set Sizes (now,min,max) (52, 0, 345) (208KB, 0KB, 1380KB)
PeakWorkingSetSize 159
VirtualSize 0 Mb
PeakVirtualSize 0 Mb
PageFaultCount 1457
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 6

THREAD 80aaa4e0 Cid 8.4 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrFreePage) KernelMode Non-Alertable
80480620 SynchronizationEvent
804811e0 NotificationTimer

THREAD 80a97b20 Cid 8.c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
80473300 Unknown

THREAD 80a978a0 Cid 8.10 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
80473300 Unknown

THREAD 80a97620 Cid 8.14 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
80473300 Unknown

THREAD 80a973a0 Cid 8.18 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
80473300 Unknown

THREAD 80a97120 Cid 8.1c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
80473300 Unknown

THREAD 80a96020 Cid 8.20 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
80473300 Unknown

THREAD 80a96da0 Cid 8.24 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
80473300 Unknown

THREAD 80a96b20 Cid 8.28 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
80473300 Unknown

THREAD 80a968a0 Cid 8.2c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
80473300 Unknown

THREAD 80a96620 Cid 8.30 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
80473300 Unknown

THREAD 80a963a0 Cid 8.34 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) UserMode Non-Alertable
8047333c Unknown

THREAD 80a95020 Cid 8.38 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) UserMode Non-Alertable
8047333c Unknown

THREAD 80a95da0 Cid 8.3c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) UserMode Non-Alertable
8047333c Unknown

THREAD 80a95b20 Cid 8.40 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
80473378 Unknown

THREAD 80a958a0 Cid 8.44 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f2473d78 NotificationTimer
804733c0 SynchronizationEvent

THREAD 80a92bc0 Cid 8.48 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrVirtualMemory) UserMode Non-Alertable
80480644 Semaphore Limit 0x7fffffff
80480580 NotificationEvent

THREAD 80a92940 Cid 8.4c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrFreePage) KernelMode Non-Alertable
80480cb0 NotificationEvent
8047fed0 NotificationEvent

THREAD 80a926c0 Cid 8.50 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f247fd70 NotificationTimer
80480670 SynchronizationEvent

THREAD 80a921c0 Cid 8.54 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrVirtualMemory) KernelMode Non-Alertable
804803e0 NotificationEvent

THREAD 80a91020 Cid 8.58 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
8047fb10 SynchronizationEvent

THREAD 80a8d020 Cid 8.5c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
80474600 Unknown

THREAD 80a8dda0 Cid 8.60 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
80474628 Unknown

THREAD 80a88020 Cid 8.64 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f780e070 NotificationEvent
f780e080 NotificationEvent

THREAD 80a44020 Cid 8.68 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f77d0ae0 Semaphore Limit 0x7fffffff

THREAD 80a36b80 Cid 8.6c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
f76c3b38 Unknown

<<<<<<<<<< My thread: >>>>>>>>>>
THREAD 80a189c0 Cid 8.70 Teb: 00000000 Win32Thread: 00000000 RUNNING

THREAD 85898da0 Cid 8.74 Teb: 00000000 Win32Thread: 00000000 WAIT: (UserRequest) KernelMode Non-Alertable
8569c2b0 NotificationEvent

THREAD 85897620 Cid 8.7c Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f20aa670 SynchronizationEvent
f20aa680 SynchronizationEvent

THREAD 858973a0 Cid 8.78 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
85817330 SynchronizationEvent
85817340 SynchronizationEvent

THREAD 8589a020 Cid 8.80 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
85817368 SynchronizationEvent
85817378 SynchronizationEvent

THREAD 8589ada0 Cid 8.84 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
858173a0 SynchronizationEvent
858173b0 SynchronizationEvent

THREAD 8589ab20 Cid 8.88 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
858173d8 SynchronizationEvent
858173e8 SynchronizationEvent

THREAD 85968580 Cid 8.90 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f25132a0 NotificationEvent

THREAD 85c34020 Cid 8.94 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
85ae8b4c Unknown

THREAD 85c34da0 Cid 8.98 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
85ae8a6c Unknown

THREAD 85c34b20 Cid 8.8c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
85ae8adc Unknown

THREAD 85c348a0 Cid 8.9c Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f1e7889c NotificationEvent
85c34988 NotificationTimer

THREAD 85ca2860 Cid 8.a0 Teb: 00000000 Win32Thread: 00000000 WAIT: (UserRequest) KernelMode Non-Alertable
85ca36f0 NotificationEvent

THREAD 85ca2560 Cid 8.a4 Teb: 00000000 Win32Thread: 00000000 WAIT: (UserRequest) KernelMode Non-Alertable
85ca27f0 NotificationEvent

!process 0x80aaa760 7
PROCESS 80aaa760 SessionId: 0 Cid: 0008 Peb: 00000000 ParentCid: 0000
DirBase: 00030000 ObjectTable: 80ad71c8 TableSize: 105.
Image: System
VadRoot 80a92108 Clone 0 Private 4. Modified 610. Locked 0.
DeviceMap 80aa9448
Token e1002ad0
ElapsedTime 1:49:05.0515
UserTime 0:00:00.0000
KernelTime 0:00:42.0250
QuotaPoolUsage[PagedPool] 0
QuotaPoolUsage[NonPagedPool] 0
Working Set Sizes (now,min,max) (52, 0, 345) (208KB, 0KB, 1380KB)
PeakWorkingSetSize 159
VirtualSize 0 Mb
PeakVirtualSize 0 Mb
PageFaultCount 1457
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 6

THREAD 80aaa4e0 Cid 8.4 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrFreePage) KernelMode Non-Alertable
80480620 SynchronizationEvent
804811e0 NotificationTimer
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 3621
Context Switch Count 1619
UserTime 0:00:00.0000
KernelTime 0:00:11.0156
Start Address NT!_Phase1Initialization@4 (0x80542668)
Stack Init f241c000 Current f241b9c0 Base f241c000 Limit f2419000 Call 0
Priority 0 BasePriority 0 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f241b9d8 8042b69e 80065624 000052d9 00000000 NT!@KiSwapThread@0+0x1b1
f241ba0c 80446b4d 00000002 f241ba40 00000001 NT!_KeWaitForMultipleObjects@32+0x268
f241ba58 80543395 00000000 00000000 00000000 NT!_MmZeroPageThread@0+0x5f
f241bda8 80452614 80086000 00000000 00000000 NT!_Phase1Initialization@4+0xd2d
f241bddc 80467122 80542668 80086000 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 80a97b20 Cid 8.c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
80473300 Unknown
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 781
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address NT!_ExpWorkerThread@4 (0x80416bf2)
Stack Init f243c000 Current f243bd34 Base f243c000 Limit f2439000 Call 0
Priority 13 BasePriority 13 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f243bd4c 8042cfdd 00000000 80473300 80a97b20 NT!@KiSwapThread@0+0x1b1
f243bd70 80416c65 00000000 8043e800 00000000 NT!_KeRemoveQueue@12+0x197
f243bda8 80452614 00000000 00000000 00000000 NT!_ExpWorkerThread@4+0x73
f243bddc 80467122 80416bf2 00000000 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

<<<<<<>>>>>>>

THREAD 80a95da0 Cid 8.3c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) UserMode Non-Alertable
8047333c Unknown
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 2841
Context Switch Count 231
UserTime 0:00:00.0000
KernelTime 0:00:00.0062
Start Address NT!_ExpWorkerThread@4 (0x80416bf2)
Stack Init f246c000 Current f246bd34 Base f246c000 Limit f2469000 Call 0
Priority 12 BasePriority 12 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f246bd4c 8042cfdd 85ca4a28 8047333c 80a95da0 NT!@KiSwapThread@0+0x1b1
f246bd70 80416c65 00000000 8043e801 00000000 NT!_KeRemoveQueue@12+0x197
f246bda8 80452614 85ca4a28 00000000 00000000 NT!_ExpWorkerThread@4+0x73
f246bddc 80467122 80416bf2 00000001 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 80a95b20 Cid 8.40 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
80473378 Unknown
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 2657
Context Switch Count 17
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address NT!_ExpWorkerThread@4 (0x80416bf2)
Stack Init f2470000 Current f246fd34 Base f2470000 Limit f246d000 Call 0
Priority 15 BasePriority 15 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f246fd4c 8042cfdd 80481a10 80473378 80a95b20 NT!@KiSwapThread@0+0x1b1
f246fd70 80416c65 00000000 8043e800 00000000 NT!_KeRemoveQueue@12+0x197
f246fda8 80452614 00000000 00000000 00000000 NT!_ExpWorkerThread@4+0x73
f246fddc 80467122 80416bf2 00000002 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 80a958a0 Cid 8.44 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f2473d78 NotificationTimer
804733c0 SynchronizationEvent
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 4069
Context Switch Count 52
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address NT!_ExpWorkerThreadBalanceManager@4 (0x80493922)
Stack Init f2474000 Current f2473cf8 Base f2474000 Limit f2471000 Call 0
Priority 14 BasePriority 14 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f2473d10 8042b69e ff676980 00000000 ffffffff NT!@KiSwapThread@0+0x1b1
f2473d44 80493977 00000002 f2473da0 00000001 NT!_KeWaitForMultipleObjects@32+0x268
f2473da8 80452614 00000000 00000000 00000000 NT!_ExpWorkerThreadBalanceManager@4+0x55
f2473ddc 80467122 80493922 00000000 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 80a92bc0 Cid 8.48 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrVirtualMemory) UserMode Non-Alertable
80480644 Semaphore Limit 0x7fffffff
80480580 NotificationEvent
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 789
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address NT!_MiDereferenceSegmentThread@4 (0x8043833a)
Stack Init f2478000 Current f2477d20 Base f2478000 Limit f2475000 Call 0
Priority 18 BasePriority 8 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.

ChildEBP RetAddr Args to Child
f2477d38 8042b69e 80480640 00000000 00000000 NT!@KiSwapThread@0+0x1b1
f2477d6c 8043837d 00000002 f2477da0 00000001 NT!_KeWaitForMultipleObjects@32+0x268
f2477da8 80452614 00000000 00000000 00000000 NT!_MiDereferenceSegmentThread@4+0x43
f2477ddc 80467122 8043833a 00000000 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 80a92940 Cid 8.4c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrFreePage) KernelMode Non-Alertable
80480cb0 NotificationEvent
8047fed0 NotificationEvent
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 789
Context Switch Count 2
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address NT!_MiModifiedPageWriter@4 (0x804c9cb4)
Stack Init f247c000 Current f247bcd8 Base f247c000 Limit f2479000 Call 0
Priority 17 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f247bcf0 8042b69e 804806a0 80480eb0 00000000 NT!@KiSwapThread@0+0x1b1
f247bd24 8043aba1 00000002 f247bd6c 00000001 NT!_KeWaitForMultipleObjects@32+0x268
f247bd70 804c9e00 00000000 00000000 00000000 NT!_MiModifiedPageWriterWorker@0+0x37
804806a0 80a92428 00040000 00000000 804806b0 NT!_MiModifiedPageWriter@4+0x14c
80a92608 804806a0 00000000 00000000 00000000 +0xffffffff
80a92568 80a92608 00000000 00000000 00000000 NT!_MmMappedFileHeader
80a924c8 80a92568 00000000 00000000 00000000 +0xffffffff
80a92428 80a924c8 00000000 00000000 00000000 +0xffffffff
804806a0 80a92428 00040000 00000000 804806b0 +0xffffffff
80a92608 804806a0 00000000 00000000 00000000 +0xffffffff
80a92568 80a92608 00000000 00000000 00000000 NT!_MmMappedFileHeader
80a924c8 80a92568 00000000 00000000 00000000 +0xffffffff
80a92428 80a924c8 00000000 00000000 00000000 +0xffffffff
804806a0 80a92428 00040000 00000000 804806b0 +0xffffffff
80a92608 804806a0 00000000 00000000 00000000 +0xffffffff
80a92568 80a92608 00000000 00000000 00000000 NT!_MmMappedFileHeader
80a924c8 80a92568 00000000 00000000 00000000 +0xffffffff
80a92428 80a924c8 00000000 00000000 00000000 +0xffffffff
804806a0 80a92428 00040000 00000000 804806b0 +0xffffffff
80a92608 804806a0 00000000 00000000 00000000 +0xffffffff
80a92568 80a92608 00000000 00000000 00000000 NT!_MmMappedFileHeader
80a924c8 80a92568 00000000 00000000 00000000 +0xffffffff
80a92428 80a924c8 00000000 00000000 00000000 +0xffffffff
804806a0 80a92428 00040000 00000000 804806b0 +0xffffffff
80a92608 804806a0 00000000 00000000 00000000 +0xffffffff
80a92568 80a92608 00000000 00000000 00000000 NT!_MmMappedFileHeader
80a924c8 80a92568 00000000 00000000 00000000 +0xffffffff
80a92428 80a924c8 00000000 00000000 00000000 +0xffffffff
804806a0 80a92428 00040000 00000000 804806b0 +0xffffffff
80a92608 804806a0 00000000 00000000 00000000 +0xffffffff
80a92568 80a92608 00000000 00000000 00000000 NT!_MmMappedFileHeader
80a924c8 80a92568 00000000 00000000 00000000 +0xffffffff
80a92428 80a924c8 00000000 00000000 00000000 +0xffffffff
804806a0 80a92428 00040000 00000000 804806b0 +0xffffffff
80a92608 804806a0 00000000 00000000 00000000 +0xffffffff
80a92568 80a92608 00000000 00000000 00000000 NT!_MmMappedFileHeader
80a924c8 80a92568 00000000 00000000 00000000 +0xffffffff
80a92428 80a924c8 00000000 00000000 00000000 +0xffffffff
804806a0 80a92428 00040000 00000000 804806b0 +0xffffffff
80a92608 804806a0 00000000 00000000 00000000 +0xffffffff
5f215400 64657070 656c6946 64616548 72007265 +0xffffffff
30407265 80a92568 00000000 00000000 00000000 +0xffffffff
80a92428 80a924c8 00000000 00000000 00000000 +0xffffffff
804806a0 80a92428 00040000 00000000 804806b0 +0xffffffff
80a92608 804806a0 00000000 00000000 00000000 +0xffffffff
80a92568 80a92608 00000000 00000000 00000000 NT!_MmMappedFileHeader
80a924c8 80a92568 00000000 00000000 00000000 +0xffffffff
80a92428 80a924c8 00000000 00000000 00000000 +0xffffffff
804806a0 80a92428 00040000 00000000 804806b0 +0xffffffff
80a92608 804806a0 00000000 00000000 00000000 +0xffffffff

THREAD 80a926c0 Cid 8.50 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f247fd70 NotificationTimer
80480670 SynchronizationEvent
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 4069
Context Switch Count 53
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address NT!_KeBalanceSetManager@4 (0x8046081c)
Stack Init f2480000 Current f247fcc0 Base f2480000 Limit f247d000 Call 0
Priority 16 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f247fcd8 8042b69e ffffffff ff676980 00000000 NT!@KiSwapThread@0+0x1b1
f247fd0c 8046089a 00000002 f247fd98 00000001 NT!_KeWaitForMultipleObjects@32+0x268
f247fda8 80452614 00000000 00000000 00000000 NT!_KeBalanceSetManager@4+0x7e
f247fddc 80467122 8046081c 00000000 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 80a921c0 Cid 8.54 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrVirtualMemory) KernelMode Non-Alertable
804803e0 NotificationEvent
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 789
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address NT!_MiMappedPageWriter@4 (0x8043b53c)
Stack Init f2484000 Current f2483d2c Base f2484000 Limit f2481000 Call 0
Priority 17 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f2483d44 8042b921 00000000 00000000 80065624 NT!@KiSwapThread@0+0x1b1
f2483d6c 8043b589 804803e0 00000012 00000000 NT!_KeWaitForSingleObject@20+0x1a3
f2483da8 80452614 00000000 00000000 00000000 NT!_MiMappedPageWriter@4+0x4d
f2483ddc 80467122 8043b53c 00000000 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 80a91020 Cid 8.58 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
8047fb10 SynchronizationEvent
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 3877
Context Switch Count 14
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address NT!_KeSwapProcessOrStack@4 (0x80460916)
Stack Init f2488000 Current f2487d40 Base f2488000 Limit f2485000 Call 0
Priority 23 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f2487d58 8042b921 00000000 00000000 00000000 NT!@KiSwapThread@0+0x1b1
f2487d80 8046093a 8047fb10 00000000 00000000 NT!_KeWaitForSingleObject@20+0x1a3
f2487da8 80452614 00000000 00000000 00000000 NT!_KeSwapProcessOrStack@4+0x24
f2487ddc 80467122 80460916 00000000 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 80a8d020 Cid 8.5c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
80474600 Unknown
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 801
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address NT!_FsRtlWorkerThread@4 (0x8041c0ea)
Stack Init f248c000 Current f248bd4c Base f248c000 Limit f2489000 Call 0
Priority 16 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f248bd64 8042cfdd 80064c40 00000000 80474600 NT!@KiSwapThread@0+0x1b1
f248bd88 8041c11d 00000000 00000000 00000000 NT!_KeRemoveQueue@12+0x197
f248bda8 80452614 00000000 00000000 00000000 NT!_FsRtlWorkerThread@4+0x33
f248bddc 80467122 8041c0ea 00000000 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 80a8dda0 Cid 8.60 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
80474628 Unknown
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 801
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address NT!_FsRtlWorkerThread@4 (0x8041c0ea)
Stack Init f2490000 Current f248fd4c Base f2490000 Limit f248d000 Call 0
Priority 17 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f248fd64 8042cfdd 80064c40 00000001 80474628 NT!@KiSwapThread@0+0x1b1
f248fd88 8041c11d 00000000 00000000 00000000 NT!_KeRemoveQueue@12+0x197
f248fda8 80452614 00000001 00000000 00000000 NT!_FsRtlWorkerThread@4+0x33
f248fddc 80467122 8041c0ea 00000001 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 80a88020 Cid 8.64 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f780e070 NotificationEvent
f780e080 NotificationEvent
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 2261
Context Switch Count 262
UserTime 0:00:00.0000
KernelTime 0:00:00.0250
Start Address ACPI!_ACPIWorker@4 (0xf7802860)
Stack Init f2494000 Current f2493d1c Base f2494000 Limit f2491000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f2493d34 8042b69e f780e0a0 00000000 80064c40 NT!@KiSwapThread@0+0x1b1
f2493d68 f78028a6 00000002 f2493d9c 00000001 NT!_KeWaitForMultipleObjects@32+0x268
f2493da8 80452614 00000000 00000000 00000000 ACPI!_ACPIWorker@4+0x46
f2493ddc 80467122 f7802860 00000000 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 80a44020 Cid 8.68 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f77d0ae0 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 874
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address DMIO!_voliod_loop@4 (0xf77bdaf8)
Stack Init f2498000 Current f2497d3c Base f2498000 Limit f2495000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f2497d54 8042b921 00000000 f77d1550 00000000 NT!@KiSwapThread@0+0x1b1
f2497d7c f77bde91 f77d0ae0 00000000 00000000 NT!_KeWaitForSingleObject@20+0x1a3
f2497da8 80452614 00000000 00000000 00000000 DMIO!_voliod_loop@4+0x399
f2497ddc 80467122 f77bdaf8 00000000 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 80a36b80 Cid 8.6c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
f76c3b38 Unknown
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 2484
Context Switch Count 18
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address _ndisVerifierFunctionTable (0xf76c527e)
Stack Init f249c000 Current f249bd50 Base f249c000 Limit f2499000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f249bd68 8042cfdd 00000000 85a7ebe8 00000000 NT!@KiSwapThread@0+0x1b1
f249bd8c f76c52ac 00000000 00000000 00000000 NT!_KeRemoveQueue@12+0x197
f249bda8 80452614 000000c0 00000000 00000000 _ndisVerifierFunctionTable+0x772
f249bddc 80467122 f76c527e 00000000 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

<<<<<<<<<<< My thread: >>>>>>>>>>>>

THREAD 80a189c0 Cid 8.70 Teb: 00000000 Win32Thread: 00000000 RUNNING
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 2561
Context Switch Count 20
UserTime 0:00:00.0000
KernelTime 0:00:30.0265
Start Address BUSENUM!CswSimThreadMain (0xf20c1238)
Stack Init f24c4000 Current f24c3cac Base f24c4000 Limit f24c1000 Call 0
Priority 16 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
00000000 00000000 00000000 00000000 00000000 NTDLL!_RtlAllocateHeap@12+0xac

THREAD 85898da0 Cid 8.74 Teb: 00000000 Win32Thread: 00000000 WAIT: (UserRequest) KernelMode Non-Alertable
8569c2b0 NotificationEvent
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 2288
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address EFS!_EfsGetSessionKey@4 (0xf2320338)
Stack Init f24dc000 Current f24dbc3c Base f24dc000 Limit f24d9000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f24dbc54 8042b921 00000000 00000000 804d53f4 NT!@KiSwapThread@0+0x1b1
f24dbc7c 804d54ab 8569c2b0 00000006 00000000 NT!_KeWaitForSingleObject@20+0x1a3
f24dbcec 804624e9 00000074 00000000 00000000 NT!_NtWaitForSingleObject@12+0xb7
f24dbcec 804301eb 00000074 00000000 00000000 NT!_KiSystemService+0xc9
f24dbd70 f232034e 00000074 00000000 00000000 NT!_ZwWaitForSingleObject@12+0xb
f24dbda8 80452614 00000000 00000000 00000000 EFS!_EfsGetSessionKey@4+0x16
f24dbddc 80467122 f2320338 00000000 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 85897620 Cid 8.7c Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f20aa670 SynchronizationEvent
f20aa680 SynchronizationEvent
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 2291
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address RASPPTP!_MainPassiveLevelThread@4 (0xf20a1af1)
Stack Init f24e4000 Current f24e3d20 Base f24e4000 Limit f24e1000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f24e3d38 8042b69e 00000000 00000000 00000000 NT!@KiSwapThread@0+0x1b1
f24e3d6c f20a1b1d 00000002 f24e3da4 00000001 NT!_KeWaitForMultipleObjects@32+0x268
f24e3da8 80452614 00000000 00000000 00000000 RASPPTP!_MainPassiveLevelThread@4+0x2c
f24e3ddc 80467122 f20a1af1 00000000 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 858973a0 Cid 8.78 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
85817330 SynchronizationEvent
85817340 SynchronizationEvent
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 2337
Context Switch Count 2
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address RASPPTP!_PacketWorkingThread@4 (0xf20a1b76)
Stack Init f24e0000 Current f24dfd20 Base f24e0000 Limit f24dd000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f24dfd38 8042b69e 00000000 85817328 00000000 NT!@KiSwapThread@0+0x1b1
f24dfd6c f20a1bc4 00000002 f24dfda4 00000001 NT!_KeWaitForMultipleObjects@32+0x268
f24dfda8 80452614 85817328 00000000 00000000 RASPPTP!_PacketWorkingThread@4+0x58
f24dfddc 80467122 f20a1b76 85817328 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 8589a020 Cid 8.80 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
85817368 SynchronizationEvent
85817378 SynchronizationEvent
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 2291
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address RASPPTP!_PacketWorkingThread@4 (0xf20a1b76)
Stack Init f24e8000 Current f24e7d20 Base f24e8000 Limit f24e5000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f24e7d38 8042b69e 00000000 85817360 00000000 NT!@KiSwapThread@0+0x1b1
f24e7d6c f20a1bc4 00000002 f24e7da4 00000001 NT!_KeWaitForMultipleObjects@32+0x268
f24e7da8 80452614 85817360 00000000 00000000 RASPPTP!_PacketWorkingThread@4+0x58
f24e7ddc 80467122 f20a1b76 85817360 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 8589ada0 Cid 8.84 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
858173a0 SynchronizationEvent
858173b0 SynchronizationEvent
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 2291
Context Switch Count 2
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address RASPPTP!_PacketWorkingThread@4 (0xf20a1b76)
Stack Init f24ec000 Current f24ebd20 Base f24ec000 Limit f24e9000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f24ebd38 8042b69e 00000000 85817398 00000000 NT!@KiSwapThread@0+0x1b1
f24ebd6c f20a1bc4 00000002 f24ebda4 00000001 NT!_KeWaitForMultipleObjects@32+0x268
f24ebda8 80452614 85817398 00000000 00000000 RASPPTP!_PacketWorkingThread@4+0x58
f24ebddc 80467122 f20a1b76 85817398 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 8589ab20 Cid 8.88 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
858173d8 SynchronizationEvent
858173e8 SynchronizationEvent
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 2291
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address RASPPTP!_PacketWorkingThread@4 (0xf20a1b76)
Stack Init f24f0000 Current f24efd20 Base f24f0000 Limit f24ed000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f24efd38 8042b69e 00000000 858173d0 00000000 NT!@KiSwapThread@0+0x1b1
f24efd6c f20a1bc4 00000002 f24efda4 00000001 NT!_KeWaitForMultipleObjects@32+0x268
f24efda8 80452614 858173d0 00000000 00000000 RASPPTP!_PacketWorkingThread@4+0x58
f24efddc 80467122 f20a1b76 858173d0 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 85968580 Cid 8.90 Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f25132a0 NotificationEvent
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 2467
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address RASACD!_AcdNotificationRequestThread@4 (0xf2512d8e)
Stack Init f24f8000 Current f24f7d38 Base f24f8000 Limit f24f5000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f24f7d50 8042b921 00000000 f25132a0 800654e0 NT!@KiSwapThread@0+0x1b1
f24f7d78 f2512e66 f25132a0 00000000 00000000 NT!_KeWaitForSingleObject@20+0x1a3
f24f7da8 80452614 00000000 00000000 00000000 RASACD!_AcdNotificationRequestThread@4+0xd8
f24f7ddc 80467122 f2512d8e 00000000 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 85c34020 Cid 8.94 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
85ae8b4c Unknown
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 2504
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address RDBSS!_RxFinalizeVNetRoot@12 (0xf1e7a476)
Stack Init f1fd4000 Current f1fd3cf4 Base f1fd4000 Limit f1fd1000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f1fd3d0c 8042cfdd 00000000 85ae8b08 804614d0 NT!@KiSwapThread@0+0x1b1
f1fd3d30 f1e73b01 00000000 00000000 00000000 NT!_KeRemoveQueue@12+0x197
f1fd3d9c f1e7a481 85ae8b08 00000000 80452614 RDBSS!_RxpWorkerThreadDispatcher@8+0x6f
f1fd3da8 80452614 85ae8b08 00000000 00000000 RDBSS!_RxFinalizeVNetRoot@12+0x6b
f1fd3ddc 80467122 f1e7a476 85ae8b08 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 85c34da0 Cid 8.98 Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
85ae8a6c Unknown
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 2504
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address RDBSS!_RxFinalizeVNetRoot@12 (0xf1e7a476)
Stack Init f1fd0000 Current f1fcfcf4 Base f1fd0000 Limit f1fcd000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f1fcfd0c 8042cfdd 00000000 85ae8a28 804614d0 NT!@KiSwapThread@0+0x1b1
f1fcfd30 f1e73b01 00000000 00000000 00000000 NT!_KeRemoveQueue@12+0x197
f1fcfd9c f1e7a481 85ae8a28 00000000 80452614 RDBSS!_RxpWorkerThreadDispatcher@8+0x6f
f1fcfda8 80452614 85ae8a28 00000000 00000000 RDBSS!_RxFinalizeVNetRoot@12+0x6b
f1fcfddc 80467122 f1e7a476 85ae8a28 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 85c34b20 Cid 8.8c Teb: 00000000 Win32Thread: 00000000 WAIT: (WrEventPairLow) KernelMode Non-Alertable
85ae8adc Unknown
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 2504
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address RDBSS!_RxFinalizeVNetRoot@12 (0xf1e7a476)
Stack Init f24f4000 Current f24f3cf4 Base f24f4000 Limit f24f1000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f24f3d0c 8042cfdd 00000000 85ae8a98 804614d0 NT!@KiSwapThread@0+0x1b1
f24f3d30 f1e73b01 00000000 00000000 00000000 NT!_KeRemoveQueue@12+0x197
f24f3d9c f1e7a481 85ae8a98 00000000 80452614 RDBSS!_RxpWorkerThreadDispatcher@8+0x6f
f24f3da8 80452614 85ae8a98 00000000 00000000 RDBSS!_RxFinalizeVNetRoot@12+0x6b
f24f3ddc 80467122 f1e7a476 85ae8a98 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 85c348a0 Cid 8.9c Teb: 00000000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
f1e7889c NotificationEvent
85c34988 NotificationTimer
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 2504
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address RDBSS!_RxSpinUpRequestsDispatcher@4 (0xf1e71f2a)
Stack Init f1fcc000 Current f1fcbd38 Base f1fcc000 Limit f1fc9000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f1fcbd50 8042b921 f1e78880 f1e78890 00000000 NT!@KiSwapThread@0+0x1b1
f1fcbd78 f1e71fdb f1e7889c 00000000 00000000 NT!_KeWaitForSingleObject@20+0x1a3
f1fcbda8 80452614 f1e78880 00000000 00000000 RDBSS!_RxSpinUpRequestsDispatcher@4+0x58
f1fcbddc 80467122 f1e71f2a f1e78880 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 85ca2860 Cid 8.a0 Teb: 00000000 Win32Thread: 00000000 WAIT: (UserRequest) KernelMode Non-Alertable
85ca36f0 NotificationEvent
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 2621
Context Switch Count 2
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address MOUNTMGR!_WorkerThread@4 (0xf2288304)
Stack Init f1fc8000 Current f1fc7c18 Base f1fc8000 Limit f1fc5000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f1fc7c30 8042b921 00000000 00000000 804d53f4 NT!@KiSwapThread@0+0x1b1
f1fc7c58 804d54ab 85ca36f0 00000006 85ca2800 NT!_KeWaitForSingleObject@20+0x1a3
f1fc7cc8 804624e9 000000e0 00000000 00000000 NT!_NtWaitForSingleObject@12+0xb7
f1fc7cc8 804301eb 000000e0 00000000 00000000 NT!_KiSystemService+0xc9
f1fc7d4c f2288395 000000e0 00000000 00000000 NT!_ZwWaitForSingleObject@12+0xb
f1fc7da8 80452614 80a45968 00000000 00000000 MOUNTMGR!_WorkerThread@4+0x91
f1fc7ddc 80467122 f2288304 80a45968 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16

THREAD 85ca2560 Cid 8.a4 Teb: 00000000 Win32Thread: 00000000 WAIT: (UserRequest) KernelMode Non-Alertable
85ca27f0 NotificationEvent
Not impersonating
Owning Process 80aaa760
WaitTime (seconds) 2561
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address NT!_SepRmCommandServerThread@4 (0x804fd060)
Stack Init f1fc4000 Current f1fc39dc Base f1fc4000 Limit f1fc1000 Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0

ChildEBP RetAddr Args to Child
f1fc39f4 8042b921 00000000 00000000 804d53f4 NT!@KiSwapThread@0+0x1b1
f1fc3a1c 804d54ab 85ca27f0 00000006 6db6db00 NT!_KeWaitForSingleObject@20+0x1a3
f1fc3a8c 804624e9 000000f8 00000000 00000000 NT!_NtWaitForSingleObject@12+0xb7
f1fc3a8c 804301eb 000000f8 00000000 00000000 NT!_KiSystemService+0xc9
f1fc3b10 804fd181 000000f8 00000000 00000000 NT!_ZwWaitForSingleObject@12+0xb
f1fc3ba0 804fd06e 6db6db6d db6db6db 6db6db6d NT!_SepRmCommandServerThreadInit@0+0x3d
f1fc3da8 80452614 00000000 00000000 00000000 NT!_SepRmCommandServerThread@4+0xe
f1fc3ddc 80467122 804fd060 00000000 00000000 NT!_PspSystemThreadStartup@8+0x54
00000000 00000000 00000000 00000000 00000000 NT!_KiThreadStartup@4+0x16