0x80000003 exception

Sam_Sheng · February 18, 2013, 1:26am

My 32 bit app gets some exceptions like below.

Who could shed some light on this? Thanks in advance.

-Sam

0ee2fa20 72eb3412 00000000 0ee2fa64 72eb3439 ntdll!RtlExitUserThread+0x41
0ee2fa2c 72eb3438 00000000 b195ae57 00000000 msvcr90!_endthreadex+0x23
0ee2fa64 72eb34c7 00000000 0ee2fa7c 74d633aa msvcr90!_endthreadex+0x49
0ee2fa70 74d633aa 0b167bd0 0ee2fabc 76f29ef2 msvcr90!_endthreadex+0xd8
0ee2fa7c 76f29ef2 0b167bd0 78559582 00000000 kernel32!BaseThreadInitThunk+0xe
0ee2fabc 76f29ec5 72eb345e 0b167bd0 00000000 ntdll!__RtlUserThreadStart+0x70
0ee2fad4 00000000 72eb345e 0b167bd0 00000000 ntdll!_RtlUserThreadStart+0x1b

OSR_Community_User · February 18, 2013, 9:28am

This happens when you hit a breakpoint (int 3) instructionand there is no
debugger connected. Most often, this is a breakpoint in the storage
allocator, usually hit when the rather simplistic tests done in the
Release CRT discover heap damage, although that is not the only source of
the error.

Have you run it under the debugger?

Download the (free) Application Verifier and see what it says. You may
have to turn on several memory tests before you find the one that detects
the error early enough to be useful. The most likely causes are buffer
overrun and using a pointer to already-freed space (stale pointer).
joe

My 32 bit app gets some exceptions like below.

Who could shed some light on this? Thanks in advance.

-Sam

0ee2fa20 72eb3412 00000000 0ee2fa64 72eb3439 ntdll!RtlExitUserThread+0x41
0ee2fa2c 72eb3438 00000000 b195ae57 00000000 msvcr90!_endthreadex+0x23
0ee2fa64 72eb34c7 00000000 0ee2fa7c 74d633aa msvcr90!_endthreadex+0x49
0ee2fa70 74d633aa 0b167bd0 0ee2fabc 76f29ef2 msvcr90!_endthreadex+0xd8
0ee2fa7c 76f29ef2 0b167bd0 78559582 00000000
kernel32!BaseThreadInitThunk+0xe
0ee2fabc 76f29ec5 72eb345e 0b167bd0 00000000
ntdll!__RtlUserThreadStart+0x70
0ee2fad4 00000000 72eb345e 0b167bd0 00000000
ntdll!_RtlUserThreadStart+0x1b

WINDBG is sponsored by OSR

OSR is hiring!! Info at http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Sam_Sheng · February 25, 2013, 6:11pm

Thanks for the information.

The exception is discovered in released package, which is not run under debugger.

I see the final eip points here. Do you mean memory exception in thread proc causes the thread to terminate process?

0:034> u eip
ntdll!RtlExitUserThread+0x41:
77dc801d cc int 3
77dc801e 90 nop
77dc801f 90 nop
77dc8020 90 nop
77dc8021 90 nop
77dc8022 90 nop
ntdll!RtlpFreeTebLanguageList:
77dc8023 8bff mov edi,edi
77dc8025 55 push ebp
0:034> ub eip
ntdll!RtlExitUserThread+0x25:
77dc8001 e837fdffff call ntdll!LdrShutdownThread (77dc7d3d)
77dc8006 56 push esi
77dc8007 e8dc1afeff call ntdll!TpCheckTerminateWorker (77da9ae8)
77dc800c ff7508 push dword ptr [ebp+8]
77dc800f 56 push esi
77dc8010 e84f80fcff call ntdll!ZwTerminateThread (77d90064)
77dc8015 ff7508 push dword ptr [ebp+8]
77dc8018 e8c354ffff call ntdll!RtlExitUserProcess (77dbd4e0)

OSR_Community_User · February 25, 2013, 10:08pm

> Thanks for the information.

The exception is discovered in released package, which is not run under
debugger.

And that is why it is treated as an exception. Note that there is
absolutely nothing that precludes your running the release version of the
application under the debugger. See my essay on “Surviving the Release
Version” on www.flounder.com/mvp_tips.htm

I see the final eip points here. Do you mean memory exception in thread
proc causes the thread to terminate process?

You reported that you were getting a 0x80000003 exception. Where was the
discussion of the memory exception (0xC0000005)?

0:034> u eip
ntdll!RtlExitUserThread+0x41:
77dc801d cc int 3
77dc801e 90 nop
77dc801f 90 nop
77dc8020 90 nop
77dc8021 90 nop
77dc8022 90 nop
ntdll!RtlpFreeTebLanguageList:
77dc8023 8bff mov edi,edi
77dc8025 55 push ebp
0:034> ub eip
ntdll!RtlExitUserThread+0x25:
77dc8001 e837fdffff call ntdll!LdrShutdownThread (77dc7d3d)
77dc8006 56 push esi
77dc8007 e8dc1afeff call ntdll!TpCheckTerminateWorker (77da9ae8)
77dc800c ff7508 push dword ptr [ebp+8]
77dc800f 56 push esi
77dc8010 e84f80fcff call ntdll!ZwTerminateThread (77d90064)
77dc8015 ff7508 push dword ptr [ebp+8]
77dc8018 e8c354ffff call ntdll!RtlExitUserProcess (77dbd4e0)

It would have been nice to have seen this all in one sequence. But it
looks like RtlExitUserProcess has returned, and this was not expected.
joe

WINDBG is sponsored by OSR

OSR is hiring!! Info at http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Sam_Sheng · February 26, 2013, 2:51pm

I feel strange that the eip is after calling rtlExitUserProcess. Here’s all thread stacks.

0:029> ~*kb

0 Id: 1158.1168 Suspend: 0 Teb: 7efdd000 Unfrozen
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
0022f90c 6d663c3c 002bb57c 00000000 00000000 0x749c7e47
00000000 00000000 00000000 00000000 00000000 0x6d663c3c

1 Id: 1158.dcc Suspend: 0 Teb: 7efda000 Unfrozen
ChildEBP RetAddr Args to Child
02b8fb3c 75de162d 02b8faf0 02b8fb64 00000000 ntdll!ZwWaitForMultipleObjects+0x15
02b8fb80 02b8fbd8 749d03da 00000002 7efde000 kernel32!WaitForMultipleObjectsExImplementation+0xe0
WARNING: Frame IP not in any known module. Following frames may be wrong.
00000000 00000000 00000000 00000000 00000000 0x2b8fbd8

2 Id: 1158.8e4 Suspend: 0 Teb: 7efd7000 Unfrozen
ChildEBP RetAddr Args to Child
02d7fe10 770321aa 00000194 02d7fec4 75defd54 ntdll!NtWaitForWorkViaWorkerFactory+0x12
02d7ff70 75de3677 00573778 02d7ffbc 77009d72 ntdll!TppWorkerThread+0x216
02d7ff7c 77009d72 00573778 75defd98 00000000 kernel32!BaseThreadInitThunk+0xe
02d7ffbc 77009d45 77032c91 00573778 00000000 ntdll!__RtlUserThreadStart+0x70
02d7ffd4 00000000 77032c91 00573778 00000000 ntdll!_RtlUserThreadStart+0x1b

3 Id: 1158.105c Suspend: 0 Teb: 7efaf000 Unfrozen
ChildEBP RetAddr Args to Child
02fffc6c 770321aa 00000194 02fffd20 75f6ffe8 ntdll!NtWaitForWorkViaWorkerFactory+0x12
02fffdcc 75de3677 00573778 02fffe18 77009d72 ntdll!TppWorkerThread+0x216
02fffdd8 77009d72 00573778 75f6fc3c 00000000 kernel32!BaseThreadInitThunk+0xe
02fffe18 77009d45 77032c91 00573778 00000000 ntdll!__RtlUserThreadStart+0x70
02fffe30 00000000 77032c91 00573778 00000000 ntdll!_RtlUserThreadStart+0x1b

4 Id: 1158.1064 Suspend: 0 Teb: 7efac000 Unfrozen
ChildEBP RetAddr Args to Child
031ff97c 770321aa 0000019c 031ffa30 7416f8f8 ntdll!NtWaitForWorkViaWorkerFactory+0x12
031ffadc 75de3677 00573778 031ffb28 77009d72 ntdll!TppWorkerThread+0x216
031ffae8 77009d72 00573778 7416f90c 00000000 kernel32!BaseThreadInitThunk+0xe
031ffb28 77009d45 77032c91 00573778 00000000 ntdll!__RtlUserThreadStart+0x70
031ffb40 00000000 77032c91 00573778 00000000 ntdll!_RtlUserThreadStart+0x1b

5 Id: 1158.1068 Suspend: 0 Teb: 7efa9000 Unfrozen
ChildEBP RetAddr Args to Child
02eef6f8 770321aa 00000194 02eef7ac 75e7fa7c ntdll!NtWaitForWorkViaWorkerFactory+0x12
02eef858 75de3677 00573778 02eef8a4 77009d72 ntdll!TppWorkerThread+0x216
02eef864 77009d72 00573778 75e7fa80 00000000 kernel32!BaseThreadInitThunk+0xe
02eef8a4 77009d45 77032c91 00573778 00000000 ntdll!__RtlUserThreadStart+0x70
02eef8bc 00000000 77032c91 00573778 00000000 ntdll!_RtlUserThreadStart+0x1b

6 Id: 1158.5bc Suspend: 0 Teb: 7efa6000 Unfrozen
ChildEBP RetAddr Args to Child
0335fdf0 770321aa 00000270 0335fea4 743cfd74 ntdll!NtWaitForWorkViaWorkerFactory+0x12
0335ff50 75de3677 005d1930 0335ff9c 77009d72 ntdll!TppWorkerThread+0x216
0335ff5c 77009d72 005d1930 743cfdb8 00000000 kernel32!BaseThreadInitThunk+0xe
0335ff9c 77009d45 77032c91 005d1930 00000000 ntdll!__RtlUserThreadStart+0x70
0335ffb4 00000000 77032c91 005d1930 00000000 ntdll!_RtlUserThreadStart+0x1b

7 Id: 1158.e18 Suspend: 0 Teb: 7efa3000 Unfrozen
ChildEBP RetAddr Args to Child
0356f9fc 77031dab 00000020 005bd288 00000001 ntdll!ZwWaitForMultipleObjects+0x15
0356fb90 75de3677 00000000 0356fbdc 77009d72 ntdll!TppWaiterpThread+0x33d
0356fb9c 77009d72 005bd258 745ff9f8 00000000 kernel32!BaseThreadInitThunk+0xe
0356fbdc 77009d45 77031c7f 005bd258 00000000 ntdll!__RtlUserThreadStart+0x70
0356fbf4 00000000 77031c7f 005bd258 00000000 ntdll!_RtlUserThreadStart+0x1b

8 Id: 1158.8dc Suspend: 0 Teb: 7efa0000 Unfrozen
ChildEBP RetAddr Args to Child
036af6e4 75de162d 036af698 036af70c 00000000 ntdll!ZwWaitForMultipleObjects+0x15
036af72c 75de1921 00000001 7efde000 00000000 kernel32!WaitForMultipleObjectsExImplementation+0xe0
036af748 6caa2948 00000001 009c0d1c 00000000 kernel32!WaitForMultipleObjects+0x18
WARNING: Frame IP not in any known module. Following frames may be wrong.
036af774 73153433 009bfbb8 b3828e0b 00000000 0x6caa2948
036af7ac 731534c7 00000000 036af7c4 75de3677 msvcr90!_callthreadstartex+0x1b [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
036af7b8 75de3677 00a18fe8 036af804 77009d72 msvcr90!_threadstartex+0x69 [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
036af7c4 77009d72 00a18fe8 7463fa20 00000000 kernel32!BaseThreadInitThunk+0xe
036af804 77009d45 7315345e 00a18fe8 00000000 ntdll!__RtlUserThreadStart+0x70
036af81c 00000000 7315345e 00a18fe8 00000000 ntdll!_RtlUserThreadStart+0x1b

9 Id: 1158.404 Suspend: 0 Teb: 7ef9d000 Unfrozen
ChildEBP RetAddr Args to Child
039cfa48 75de3677 00000000 039cfa94 77009d72 ntdll!ZwWaitForMultipleObjects+0x15
039cfa94 77009d45 6d6e1c2f 00000000 00000000 kernel32!BaseThreadInitThunk+0xe
039cfaac 00000000 6d6e1c2f 00000000 00000000 ntdll!_RtlUserThreadStart+0x1b

10 Id: 1158.460 Suspend: 0 Teb: 7ef9a000 Unfrozen
ChildEBP RetAddr Args to Child
03bff820 77009fbc 77009f6a 00000000 00000000 ntdll!NtDelayExecution+0x15
03bff97c 7700371e 002b0138 770036fa 74b6f848 ntdll!LdrpInitializeThread+0x131
03bff984 770036fa 74b6f848 00000000 002b0000 ntdll!RtlpFreeHeap+0xbb1
03bffa6c 00000000 00000001 00000000 036cfd20 ntdll!RtlpFreeHeap+0xb7a

11 Id: 1158.1060 Suspend: 0 Teb: 7ef97000 Unfrozen
ChildEBP RetAddr Args to Child
03e3fb14 770321aa 00000270 03e3fbc8 74eafe50 ntdll!NtWaitForWorkViaWorkerFactory+0x12
03e3fc74 75de3677 005d1930 03e3fcc0 77009d72 ntdll!TppWorkerThread+0x216
03e3fc80 77009d72 005d1930 74eafee4 00000000 kernel32!BaseThreadInitThunk+0xe
03e3fcc0 77009d45 77032c91 005d1930 00000000 ntdll!__RtlUserThreadStart+0x70
03e3fcd8 00000000 77032c91 005d1930 00000000 ntdll!_RtlUserThreadStart+0x1b

12 Id: 1158.1058 Suspend: 0 Teb: 7ef94000 Unfrozen
ChildEBP RetAddr Args to Child
03fafb44 75de3677 005c2b70 03fafb90 77009d72 ntdll!NtDelayExecution+0x15
03fafb50 77009d72 005c2b70 74f3f9b4 00000000 kernel32!BaseThreadInitThunk+0xe
03fafb90 77009d45 758fc7f5 005c2b70 00000000 ntdll!__RtlUserThreadStart+0x70
03fafba8 00000000 758fc7f5 005c2b70 00000000 ntdll!_RtlUserThreadStart+0x1b

13 Id: 1158.d08 Suspend: 0 Teb: 7ef91000 Unfrozen
ChildEBP RetAddr Args to Child
043ff818 731938bb 00000000 00000000 00000000 ntdll!NtDelayExecution+0x15
043ff864 73153433 00979fd0 b4d7813b 00000000 msvcr90!free+0xcd [f:\dd\vctools\crt_bld\self_x86\crt\src\free.c @ 110]
043ff89c 731534c7 00000000 043ff8b4 75de3677 msvcr90!_callthreadstartex+0x1b [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
043ff8a8 75de3677 036fb430 043ff8f4 77009d72 msvcr90!_threadstartex+0x69 [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
043ff8b4 77009d72 036fb430 7336fad0 00000000 kernel32!BaseThreadInitThunk+0xe
043ff8f4 77009d45 7315345e 036fb430 00000000 ntdll!__RtlUserThreadStart+0x70
043ff90c 00000000 7315345e 036fb430 00000000 ntdll!_RtlUserThreadStart+0x1b

14 Id: 1158.1174 Suspend: 0 Teb: 7ef8e000 Unfrozen
ChildEBP RetAddr Args to Child
050ffc00 75de1184 00000be4 ffffffff 00000000 ntdll!ZwWaitForSingleObject+0x15
050ffc18 75de1138 00000be4 ffffffff 00000000 kernel32!WaitForSingleObjectExImplementation+0x75
050ffc2c 6c953b61 00000be4 ffffffff 07647204 kernel32!WaitForSingleObject+0x12
WARNING: Frame IP not in any known module. Following frames may be wrong.
050ffd00 731938da 050ffd18 00000000 0000000f 0x6c953b61
050ffe34 76ffdea3 036e1288 036dbf70 036e1288 msvcr90!free+0xec [f:\dd\vctools\crt_bld\self_x86\crt\src\free.c @ 115]
050ffe4c 75de14d1 002b0000 00000000 036e1288 ntdll!RtlFreeHeap+0x105
050ffe60 731938bb 002b0000 00000000 731938da kernel32!HeapFree+0x14
050ffeac 73153433 037053c0 b5e78743 00000000 msvcr90!free+0xcd [f:\dd\vctools\crt_bld\self_x86\crt\src\free.c @ 110]
050ffee4 731534c7 00000000 050ffefc 75de3677 msvcr90!_callthreadstartex+0x1b [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
050ffef0 75de3677 036e1288 050fff3c 77009d72 msvcr90!_threadstartex+0x69 [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
050ffefc 77009d72 036e1288 7206fd18 00000000 kernel32!BaseThreadInitThunk+0xe
050fff3c 77009d45 7315345e 036e1288 00000000 ntdll!__RtlUserThreadStart+0x70
050fff54 00000000 7315345e 036e1288 00000000 ntdll!_RtlUserThreadStart+0x1b

15 Id: 1158.6c4 Suspend: 0 Teb: 7ef8b000 Unfrozen
ChildEBP RetAddr Args to Child
053bfdd8 75de3677 73ed70be 053bfe24 77009d72 ntdll!ZwRemoveIoCompletion+0x15
053bfe24 77009d45 73ed6f14 005a61d8 00000000 kernel32!BaseThreadInitThunk+0xe
053bfe3c 00000000 73ed6f14 005a61d8 00000000 ntdll!_RtlUserThreadStart+0x1b

16 Id: 1158.e28 Suspend: 0 Teb: 7ef85000 Unfrozen
ChildEBP RetAddr Args to Child
0583f9f8 73153433 036ef3d0 b56b8397 00000000 ntdll!NtDelayExecution+0x15
0583fa30 731534c7 00000000 0583fa48 75de3677 msvcr90!_callthreadstartex+0x1b [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
0583fa3c 75de3677 036e16d8 0583fa88 77009d72 msvcr90!_threadstartex+0x69 [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
0583fa48 77009d72 036e16d8 728af8ac 00000000 kernel32!BaseThreadInitThunk+0xe
0583fa88 77009d45 7315345e 036e16d8 00000000 ntdll!__RtlUserThreadStart+0x70
0583faa0 00000000 7315345e 036e16d8 00000000 ntdll!_RtlUserThreadStart+0x1b

17 Id: 1158.8c8 Suspend: 0 Teb: 7ef88000 Unfrozen
ChildEBP RetAddr Args to Child
0598f6a8 73193a58 002b0000 00000000 00000020 ntdll!ZwRemoveIoCompletion+0x15
0598f6ec 73193b58 00000010 002b0000 00000000 msvcr90!malloc+0x79 [f:\dd\vctools\crt_bld\self_x86\crt\src\malloc.c @ 163]
0598f704 00000000 00000000 00000000 00000000 msvcr90!operator new+0x1f [f:\dd\vctools\crt_bld\self_x86\crt\src\new.cpp @ 59]

18 Id: 1158.12a4 Suspend: 0 Teb: 7ef82000 Unfrozen
ChildEBP RetAddr Args to Child
05ecfa28 75de1184 000005cc ffffffff 00000001 ntdll!ZwWaitForSingleObject+0x15
05ecfaa4 75de3677 00000000 05ecfaf0 77009d72 kernel32!WaitForSingleObjectExImplementation+0x75
05ecfab0 77009d72 00000000 72e5f8d4 00000000 kernel32!BaseThreadInitThunk+0xe
05ecfaf0 77009d45 6d7132fb 00000000 00000000 ntdll!__RtlUserThreadStart+0x70
05ecfb08 00000000 6d7132fb 00000000 00000000 ntdll!_RtlUserThreadStart+0x1b

19 Id: 1158.12a0 Suspend: 0 Teb: 7ef7f000 Unfrozen
ChildEBP RetAddr Args to Child
0609fa24 770060a4 73ed67e4 c00000a3 0609fb48 ntdll!ZwWaitForSingleObject+0x15
0609fa6c 77032fb1 00000000 00000000 005fafa8 ntdll!RtlNtStatusToDosError+0x40
0609fa88 00000000 0609fa00 00000614 00000099 ntdll!TpPostTask+0x1a7

20 Id: 1158.123c Suspend: 0 Teb: 7ef7c000 Unfrozen
ChildEBP RetAddr Args to Child
05d5f820 770321aa 00000664 05d5f8d4 72dcfba4 ntdll!NtWaitForWorkViaWorkerFactory+0x12
05d5f980 75de3677 0062a788 05d5f9cc 77009d72 ntdll!TppWorkerThread+0x216
05d5f98c 77009d72 0062a788 72dcfbe8 00000000 kernel32!BaseThreadInitThunk+0xe
05d5f9cc 77009d45 77032c91 0062a788 00000000 ntdll!__RtlUserThreadStart+0x70
05d5f9e4 00000000 77032c91 0062a788 00000000 ntdll!_RtlUserThreadStart+0x1b

21 Id: 1158.12d0 Suspend: 0 Teb: 7ef79000 Unfrozen
ChildEBP RetAddr Args to Child
063bfe48 75de162d 063bfdfc 063bfe70 00000000 ntdll!ZwWaitForMultipleObjects+0x15
063bfeb8 75de3677 00000001 063bff04 77009d72 kernel32!WaitForMultipleObjectsExImplementation+0xe0
063bfec4 77009d72 060de1c8 7132fd20 00000000 kernel32!BaseThreadInitThunk+0xe
063bff04 77009d45 76487bbd 060de1c8 00000000 ntdll!__RtlUserThreadStart+0x70
063bff1c 00000000 76487bbd 060de1c8 00000000 ntdll!_RtlUserThreadStart+0x1b

22 Id: 1158.e24 Suspend: 0 Teb: 7ef76000 Unfrozen
ChildEBP RetAddr Args to Child
062afb3c 75de1184 00000508 000927c0 00000000 ntdll!ZwWaitForSingleObject+0x15
062afb54 75de1138 00000508 000927c0 00000000 kernel32!WaitForSingleObjectExImplementation+0x75
062afb68 62972692 00000508 000927c0 00000000 kernel32!WaitForSingleObject+0x12
WARNING: Frame IP not in any known module. Following frames may be wrong.
062afbe4 75de3677 005d88d8 062afc30 77009d72 0x62972692
062afbf0 77009d72 005d88d8 7123fe14 00000000 kernel32!BaseThreadInitThunk+0xe
062afc30 77009d45 627edb13 005d88d8 00000000 ntdll!__RtlUserThreadStart+0x70
062afc48 00000000 627edb13 005d88d8 00000000 ntdll!_RtlUserThreadStart+0x1b

23 Id: 1158.128c Suspend: 0 Teb: 7ef73000 Unfrozen
ChildEBP RetAddr Args to Child
0660faf4 75de162d 0660faa8 0660fb1c 00000000 ntdll!ZwWaitForMultipleObjects+0x15
0660fb3c 75de1921 00000002 7efde000 00000000 kernel32!WaitForMultipleObjectsExImplementation+0xe0
0660fb58 62371400 00000002 0660fb7c 00000000 kernel32!WaitForMultipleObjects+0x18
WARNING: Frame IP not in any known module. Following frames may be wrong.
0660fc00 75de3677 0046b1d8 0660fc4c 77009d72 0x62371400
0660fc0c 77009d72 0046b1d8 7169fe68 00000000 kernel32!BaseThreadInitThunk+0xe
0660fc4c 77009d45 75d012e5 0046b1d8 00000000 ntdll!__RtlUserThreadStart+0x70
0660fc64 00000000 75d012e5 0046b1d8 00000000 ntdll!_RtlUserThreadStart+0x1b

24 Id: 1158.11c0 Suspend: 0 Teb: 7ef70000 Unfrozen
ChildEBP RetAddr Args to Child
0677fcfc 75de1184 000008fc ffffffff 00000000 ntdll!ZwWaitForSingleObject+0x15
0677fd14 75de1138 000008fc ffffffff 00000000 kernel32!WaitForSingleObjectExImplementation+0x75
0677fd28 62371947 000008fc ffffffff 0046fdb0 kernel32!WaitForSingleObject+0x12
WARNING: Frame IP not in any known module. Following frames may be wrong.
0677fdf0 75de3677 0046b1d8 0677fe3c 77009d72 0x62371947
0677fdfc 77009d72 0046b1d8 717efc18 00000000 kernel32!BaseThreadInitThunk+0xe
0677fe3c 77009d45 75d012e5 0046b1d8 00000000 ntdll!__RtlUserThreadStart+0x70
0677fe54 00000000 75d012e5 0046b1d8 00000000 ntdll!_RtlUserThreadStart+0x1b

25 Id: 1158.11f0 Suspend: 0 Teb: 7ef6d000 Unfrozen
ChildEBP RetAddr Args to Child
06c9f8b4 75de1184 00000920 ffffffff 00000000 ntdll!ZwWaitForSingleObject+0x15
06c9f8cc 75de1138 00000920 ffffffff 00000000 kernel32!WaitForSingleObjectExImplementation+0x75
06c9f8e0 6299174e 00000920 ffffffff 00000000 kernel32!WaitForSingleObject+0x12
WARNING: Frame IP not in any known module. Following frames may be wrong.
06c9f928 75de3677 00607578 06c9f974 77009d72 0x6299174e
06c9f934 77009d72 00607578 71c0fb50 00000000 kernel32!BaseThreadInitThunk+0xe
06c9f974 77009d45 627edb13 00607578 00000000 ntdll!__RtlUserThreadStart+0x70
06c9f98c 00000000 627edb13 00607578 00000000 ntdll!_RtlUserThreadStart+0x1b

26 Id: 1158.11d8 Suspend: 0 Teb: 7ef6a000 Unfrozen
ChildEBP RetAddr Args to Child
06e3f8b8 76ffdea3 036e2c68 036dbf70 036e2c68 ntdll!NtDelayExecution+0x15
06e3f8e4 731938bb 002b0000 00000000 731938da ntdll!RtlFreeHeap+0x105
06e3f930 73153433 03765f00 b60b80cf 00000000 msvcr90!free+0xcd [f:\dd\vctools\crt_bld\self_x86\crt\src\free.c @ 110]
06e3f968 731534c7 00000000 06e3f980 75de3677 msvcr90!_callthreadstartex+0x1b [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
06e3f974 75de3677 036e2c68 06e3f9c0 77009d72 msvcr90!_threadstartex+0x69 [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
06e3f980 77009d72 036e2c68 71eafbe4 00000000 kernel32!BaseThreadInitThunk+0xe
06e3f9c0 77009d45 7315345e 036e2c68 00000000 ntdll!__RtlUserThreadStart+0x70
06e3f9d8 00000000 7315345e 036e2c68 00000000 ntdll!_RtlUserThreadStart+0x1b

27 Id: 1158.1290 Suspend: 0 Teb: 7ef67000 Unfrozen
ChildEBP RetAddr Args to Child
0715fd54 731938da 1000251d ffb3b4c0 ffffffff ntdll!ZwWaitForSingleObject+0x15
0715fd78 73ed678c 0000095c 00000954 00000001 msvcr90!free+0xec [f:\dd\vctools\crt_bld\self_x86\crt\src\free.c @ 115]
WARNING: Frame IP not in any known module. Following frames may be wrong.
0715ff30 73153433 0370d848 b7fd86cf 00000000 0x73ed678c
0715ff68 731534c7 00000000 0715ff80 75de3677 msvcr90!_callthreadstartex+0x1b [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
0715ff74 75de3677 036e2c68 0715ffc0 77009d72 msvcr90!_threadstartex+0x69 [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
0715ff80 77009d72 036e2c68 701cfde4 00000000 kernel32!BaseThreadInitThunk+0xe
0715ffc0 77009d45 7315345e 036e2c68 00000000 ntdll!__RtlUserThreadStart+0x70
0715ffd8 00000000 7315345e 036e2c68 00000000 ntdll!_RtlUserThreadStart+0x1b

28 Id: 1158.240 Suspend: 0 Teb: 7ef64000 Unfrozen
ChildEBP RetAddr Args to Child
0725fa54 75de162d 0725fa08 0725fa7c 00000000 ntdll!ZwWaitForMultipleObjects+0x15
0725fa9c 75de1921 00000001 7efde000 00000000 kernel32!WaitForMultipleObjectsExImplementation+0xe0
0725fab8 6ca93b87 00000001 037b46dc 00000000 kernel32!WaitForMultipleObjects+0x18
WARNING: Frame IP not in any known module. Following frames may be wrong.
0725fb18 731534c7 00000000 0725fb30 75de3677 0x6ca93b87
0725fb24 75de3677 036e2c68 0725fb70 77009d72 msvcr90!_threadstartex+0x69 [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
0725fb30 77009d72 036e2c68 702cf954 00000000 kernel32!BaseThreadInitThunk+0xe
0725fb70 77009d45 7315345e 036e2c68 00000000 ntdll!__RtlUserThreadStart+0x70
0725fb88 00000000 7315345e 036e2c68 00000000 ntdll!_RtlUserThreadStart+0x1b

29 Id: 1158.7a8 Suspend: 0 Teb: 7eed4000 Unfrozen

ChildEBP RetAddr Args to Child
0be2ef80 75de1184 00000104 ffffffff 00000000 ntdll!ZwWaitForSingleObject+0x15
0be2ef98 75de1138 00000104 ffffffff 00000000 kernel32!WaitForSingleObjectExImplementation+0x75
0be2efac 6d6b41c9 00000104 ffffffff 002b7dd0 kernel32!WaitForSingleObject+0x12
WARNING: Frame IP not in any known module. Following frames may be wrong.
0be2f298 76fff899 7388f2a0 00531b1c 8cca2840 0x6d6b41c9
0be2f5bc 6d6b4297 6d6b41fc 75ea030c 0be2f688 ntdll!LdrpFindLoadedDllByName+0x68
0be2f600 75e09d57 0be2f6b8 bb5da67e 00000000 0x6d6b4297
0be2f688 77040727 0be2f6b8 77040604 00000000 kernel32!UnhandledExceptionFilter+0x127
0be2f690 77040604 00000000 0be2fb94 76ffc3d0 ntdll!__RtlUserThreadStart+0x62
0be2f6a4 770404a9 00000000 00000000 00000000 ntdll!_EH4_CallFilterFunc+0x12
0be2f6cc 770287b9 fffffffe 0be2fb84 0be2f808 ntdll!_except_handler4+0x8e
0be2f6f0 7702878b 0be2f7b8 0be2fb84 0be2f808 ntdll!ExecuteHandler2+0x26
0be2f7a0 76fe010f 00e2f7b8 0be2f808 0be2f7b8 ntdll!ExecuteHandler+0x24
0be2f7a0 770222b9 00e2f7b8 0be2f808 0be2f7b8 ntdll!KiUserExceptionDispatcher+0xf
0be2faf8 73153412 00000000 0be2fb3c 73153439 ntdll!RtlExitUserThread+0x41
0be2fb04 73153438 00000000 bb0a829b 00000000 msvcr90!_endthreadex+0x23 [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 412]
0be2fb3c 731534c7 00000000 0be2fb54 75de3677 msvcr90!_callthreadstartex+0x20 [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
0be2fb48 75de3677 074c60d8 0be2fb94 77009d72 msvcr90!_threadstartex+0x69 [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
0be2fb54 77009d72 074c60d8 7cebf9b0 00000000 kernel32!BaseThreadInitThunk+0xe
0be2fb94 77009d45 7315345e 074c60d8 00000000 ntdll!__RtlUserThreadStart+0x70
0be2fbac 00000000 7315345e 074c60d8 00000000 ntdll!_RtlUserThreadStart+0x1b

OSR_Community_User · February 26, 2013, 3:47pm

Why are there 29 active threads when you are exiting the process? It is
the programmer’s responsibility to see that all threads are correctly
terminated before exiting the process. Of course, if you’ve suffered sone
internal error, particularly on the main thread, the standard behaviors is
to exit the process, and in that case, since the process has suffered
undefined behavior and nothing can be assumed about its correctness. So
no matter what happens, all bets are off. Make sure there are no exit()
calls anywhere in your code; these can result in undefined behavior,
particularly in multithreaded apps.

The problem is that we really don’t have much to go on. I can come up
with a lot of scenarios for undefined behavior if there was no error but
you are relying on exit() [either implicit by returning from main() with
active threads, or explicit by exit() being called when there are active
threads] that I don’t think the 0x80000003 question is worth trying to
answer if you either call exit() or have experienced another error. So
please clarify what has happened.
joe

I feel strange that the eip is after calling rtlExitUserProcess. Here’s
all thread stacks.

0:029> ~*kb

0 Id: 1158.1168 Suspend: 0 Teb: 7efdd000 Unfrozen
ChildEBP RetAddr Args to Child
WARNING: Frame IP not in any known module. Following frames may be wrong.
0022f90c 6d663c3c 002bb57c 00000000 00000000 0x749c7e47
00000000 00000000 00000000 00000000 00000000 0x6d663c3c

1 Id: 1158.dcc Suspend: 0 Teb: 7efda000 Unfrozen
ChildEBP RetAddr Args to Child
02b8fb3c 75de162d 02b8faf0 02b8fb64 00000000
ntdll!ZwWaitForMultipleObjects+0x15
02b8fb80 02b8fbd8 749d03da 00000002 7efde000
kernel32!WaitForMultipleObjectsExImplementation+0xe0
WARNING: Frame IP not in any known module. Following frames may be wrong.
00000000 00000000 00000000 00000000 00000000 0x2b8fbd8

2 Id: 1158.8e4 Suspend: 0 Teb: 7efd7000 Unfrozen
ChildEBP RetAddr Args to Child
02d7fe10 770321aa 00000194 02d7fec4 75defd54
ntdll!NtWaitForWorkViaWorkerFactory+0x12
02d7ff70 75de3677 00573778 02d7ffbc 77009d72 ntdll!TppWorkerThread+0x216
02d7ff7c 77009d72 00573778 75defd98 00000000
kernel32!BaseThreadInitThunk+0xe
02d7ffbc 77009d45 77032c91 00573778 00000000
ntdll!__RtlUserThreadStart+0x70
02d7ffd4 00000000 77032c91 00573778 00000000
ntdll!_RtlUserThreadStart+0x1b

3 Id: 1158.105c Suspend: 0 Teb: 7efaf000 Unfrozen
ChildEBP RetAddr Args to Child
02fffc6c 770321aa 00000194 02fffd20 75f6ffe8
ntdll!NtWaitForWorkViaWorkerFactory+0x12
02fffdcc 75de3677 00573778 02fffe18 77009d72 ntdll!TppWorkerThread+0x216
02fffdd8 77009d72 00573778 75f6fc3c 00000000
kernel32!BaseThreadInitThunk+0xe
02fffe18 77009d45 77032c91 00573778 00000000
ntdll!__RtlUserThreadStart+0x70
02fffe30 00000000 77032c91 00573778 00000000
ntdll!_RtlUserThreadStart+0x1b

4 Id: 1158.1064 Suspend: 0 Teb: 7efac000 Unfrozen
ChildEBP RetAddr Args to Child
031ff97c 770321aa 0000019c 031ffa30 7416f8f8
ntdll!NtWaitForWorkViaWorkerFactory+0x12
031ffadc 75de3677 00573778 031ffb28 77009d72 ntdll!TppWorkerThread+0x216
031ffae8 77009d72 00573778 7416f90c 00000000
kernel32!BaseThreadInitThunk+0xe
031ffb28 77009d45 77032c91 00573778 00000000
ntdll!__RtlUserThreadStart+0x70
031ffb40 00000000 77032c91 00573778 00000000
ntdll!_RtlUserThreadStart+0x1b

5 Id: 1158.1068 Suspend: 0 Teb: 7efa9000 Unfrozen
ChildEBP RetAddr Args to Child
02eef6f8 770321aa 00000194 02eef7ac 75e7fa7c
ntdll!NtWaitForWorkViaWorkerFactory+0x12
02eef858 75de3677 00573778 02eef8a4 77009d72 ntdll!TppWorkerThread+0x216
02eef864 77009d72 00573778 75e7fa80 00000000
kernel32!BaseThreadInitThunk+0xe
02eef8a4 77009d45 77032c91 00573778 00000000
ntdll!__RtlUserThreadStart+0x70
02eef8bc 00000000 77032c91 00573778 00000000
ntdll!_RtlUserThreadStart+0x1b

6 Id: 1158.5bc Suspend: 0 Teb: 7efa6000 Unfrozen
ChildEBP RetAddr Args to Child
0335fdf0 770321aa 00000270 0335fea4 743cfd74
ntdll!NtWaitForWorkViaWorkerFactory+0x12
0335ff50 75de3677 005d1930 0335ff9c 77009d72 ntdll!TppWorkerThread+0x216
0335ff5c 77009d72 005d1930 743cfdb8 00000000
kernel32!BaseThreadInitThunk+0xe
0335ff9c 77009d45 77032c91 005d1930 00000000
ntdll!__RtlUserThreadStart+0x70
0335ffb4 00000000 77032c91 005d1930 00000000
ntdll!_RtlUserThreadStart+0x1b

7 Id: 1158.e18 Suspend: 0 Teb: 7efa3000 Unfrozen
ChildEBP RetAddr Args to Child
0356f9fc 77031dab 00000020 005bd288 00000001
ntdll!ZwWaitForMultipleObjects+0x15
0356fb90 75de3677 00000000 0356fbdc 77009d72 ntdll!TppWaiterpThread+0x33d
0356fb9c 77009d72 005bd258 745ff9f8 00000000
kernel32!BaseThreadInitThunk+0xe
0356fbdc 77009d45 77031c7f 005bd258 00000000
ntdll!__RtlUserThreadStart+0x70
0356fbf4 00000000 77031c7f 005bd258 00000000
ntdll!_RtlUserThreadStart+0x1b

8 Id: 1158.8dc Suspend: 0 Teb: 7efa0000 Unfrozen
ChildEBP RetAddr Args to Child
036af6e4 75de162d 036af698 036af70c 00000000
ntdll!ZwWaitForMultipleObjects+0x15
036af72c 75de1921 00000001 7efde000 00000000
kernel32!WaitForMultipleObjectsExImplementation+0xe0
036af748 6caa2948 00000001 009c0d1c 00000000
kernel32!WaitForMultipleObjects+0x18
WARNING: Frame IP not in any known module. Following frames may be wrong.
036af774 73153433 009bfbb8 b3828e0b 00000000 0x6caa2948
036af7ac 731534c7 00000000 036af7c4 75de3677
msvcr90!_callthreadstartex+0x1b
[f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
036af7b8 75de3677 00a18fe8 036af804 77009d72 msvcr90!_threadstartex+0x69
[f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
036af7c4 77009d72 00a18fe8 7463fa20 00000000
kernel32!BaseThreadInitThunk+0xe
036af804 77009d45 7315345e 00a18fe8 00000000
ntdll!__RtlUserThreadStart+0x70
036af81c 00000000 7315345e 00a18fe8 00000000
ntdll!_RtlUserThreadStart+0x1b

9 Id: 1158.404 Suspend: 0 Teb: 7ef9d000 Unfrozen
ChildEBP RetAddr Args to Child
039cfa48 75de3677 00000000 039cfa94 77009d72
ntdll!ZwWaitForMultipleObjects+0x15
039cfa94 77009d45 6d6e1c2f 00000000 00000000
kernel32!BaseThreadInitThunk+0xe
039cfaac 00000000 6d6e1c2f 00000000 00000000
ntdll!_RtlUserThreadStart+0x1b

10 Id: 1158.460 Suspend: 0 Teb: 7ef9a000 Unfrozen
ChildEBP RetAddr Args to Child
03bff820 77009fbc 77009f6a 00000000 00000000 ntdll!NtDelayExecution+0x15
03bff97c 7700371e 002b0138 770036fa 74b6f848
ntdll!LdrpInitializeThread+0x131
03bff984 770036fa 74b6f848 00000000 002b0000 ntdll!RtlpFreeHeap+0xbb1
03bffa6c 00000000 00000001 00000000 036cfd20 ntdll!RtlpFreeHeap+0xb7a

11 Id: 1158.1060 Suspend: 0 Teb: 7ef97000 Unfrozen
ChildEBP RetAddr Args to Child
03e3fb14 770321aa 00000270 03e3fbc8 74eafe50
ntdll!NtWaitForWorkViaWorkerFactory+0x12
03e3fc74 75de3677 005d1930 03e3fcc0 77009d72 ntdll!TppWorkerThread+0x216
03e3fc80 77009d72 005d1930 74eafee4 00000000
kernel32!BaseThreadInitThunk+0xe
03e3fcc0 77009d45 77032c91 005d1930 00000000
ntdll!__RtlUserThreadStart+0x70
03e3fcd8 00000000 77032c91 005d1930 00000000
ntdll!_RtlUserThreadStart+0x1b

12 Id: 1158.1058 Suspend: 0 Teb: 7ef94000 Unfrozen
ChildEBP RetAddr Args to Child
03fafb44 75de3677 005c2b70 03fafb90 77009d72 ntdll!NtDelayExecution+0x15
03fafb50 77009d72 005c2b70 74f3f9b4 00000000
kernel32!BaseThreadInitThunk+0xe
03fafb90 77009d45 758fc7f5 005c2b70 00000000
ntdll!__RtlUserThreadStart+0x70
03fafba8 00000000 758fc7f5 005c2b70 00000000
ntdll!_RtlUserThreadStart+0x1b

13 Id: 1158.d08 Suspend: 0 Teb: 7ef91000 Unfrozen
ChildEBP RetAddr Args to Child
043ff818 731938bb 00000000 00000000 00000000 ntdll!NtDelayExecution+0x15
043ff864 73153433 00979fd0 b4d7813b 00000000 msvcr90!free+0xcd
[f:\dd\vctools\crt_bld\self_x86\crt\src\free.c @ 110]
043ff89c 731534c7 00000000 043ff8b4 75de3677
msvcr90!_callthreadstartex+0x1b
[f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
043ff8a8 75de3677 036fb430 043ff8f4 77009d72 msvcr90!_threadstartex+0x69
[f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
043ff8b4 77009d72 036fb430 7336fad0 00000000
kernel32!BaseThreadInitThunk+0xe
043ff8f4 77009d45 7315345e 036fb430 00000000
ntdll!__RtlUserThreadStart+0x70
043ff90c 00000000 7315345e 036fb430 00000000
ntdll!_RtlUserThreadStart+0x1b

14 Id: 1158.1174 Suspend: 0 Teb: 7ef8e000 Unfrozen
ChildEBP RetAddr Args to Child
050ffc00 75de1184 00000be4 ffffffff 00000000
ntdll!ZwWaitForSingleObject+0x15
050ffc18 75de1138 00000be4 ffffffff 00000000
kernel32!WaitForSingleObjectExImplementation+0x75
050ffc2c 6c953b61 00000be4 ffffffff 07647204
kernel32!WaitForSingleObject+0x12
WARNING: Frame IP not in any known module. Following frames may be wrong.
050ffd00 731938da 050ffd18 00000000 0000000f 0x6c953b61
050ffe34 76ffdea3 036e1288 036dbf70 036e1288 msvcr90!free+0xec
[f:\dd\vctools\crt_bld\self_x86\crt\src\free.c @ 115]
050ffe4c 75de14d1 002b0000 00000000 036e1288 ntdll!RtlFreeHeap+0x105
050ffe60 731938bb 002b0000 00000000 731938da kernel32!HeapFree+0x14
050ffeac 73153433 037053c0 b5e78743 00000000 msvcr90!free+0xcd
[f:\dd\vctools\crt_bld\self_x86\crt\src\free.c @ 110]
050ffee4 731534c7 00000000 050ffefc 75de3677
msvcr90!_callthreadstartex+0x1b
[f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
050ffef0 75de3677 036e1288 050fff3c 77009d72 msvcr90!_threadstartex+0x69
[f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
050ffefc 77009d72 036e1288 7206fd18 00000000
kernel32!BaseThreadInitThunk+0xe
050fff3c 77009d45 7315345e 036e1288 00000000
ntdll!__RtlUserThreadStart+0x70
050fff54 00000000 7315345e 036e1288 00000000
ntdll!_RtlUserThreadStart+0x1b

15 Id: 1158.6c4 Suspend: 0 Teb: 7ef8b000 Unfrozen
ChildEBP RetAddr Args to Child
053bfdd8 75de3677 73ed70be 053bfe24 77009d72
ntdll!ZwRemoveIoCompletion+0x15
053bfe24 77009d45 73ed6f14 005a61d8 00000000
kernel32!BaseThreadInitThunk+0xe
053bfe3c 00000000 73ed6f14 005a61d8 00000000
ntdll!_RtlUserThreadStart+0x1b

16 Id: 1158.e28 Suspend: 0 Teb: 7ef85000 Unfrozen
ChildEBP RetAddr Args to Child
0583f9f8 73153433 036ef3d0 b56b8397 00000000 ntdll!NtDelayExecution+0x15
0583fa30 731534c7 00000000 0583fa48 75de3677
msvcr90!_callthreadstartex+0x1b
[f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
0583fa3c 75de3677 036e16d8 0583fa88 77009d72 msvcr90!_threadstartex+0x69
[f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
0583fa48 77009d72 036e16d8 728af8ac 00000000
kernel32!BaseThreadInitThunk+0xe
0583fa88 77009d45 7315345e 036e16d8 00000000
ntdll!__RtlUserThreadStart+0x70
0583faa0 00000000 7315345e 036e16d8 00000000
ntdll!_RtlUserThreadStart+0x1b

17 Id: 1158.8c8 Suspend: 0 Teb: 7ef88000 Unfrozen
ChildEBP RetAddr Args to Child
0598f6a8 73193a58 002b0000 00000000 00000020
ntdll!ZwRemoveIoCompletion+0x15
0598f6ec 73193b58 00000010 002b0000 00000000 msvcr90!malloc+0x79
[f:\dd\vctools\crt_bld\self_x86\crt\src\malloc.c @ 163]
0598f704 00000000 00000000 00000000 00000000 msvcr90!operator new+0x1f
[f:\dd\vctools\crt_bld\self_x86\crt\src\new.cpp @ 59]

18 Id: 1158.12a4 Suspend: 0 Teb: 7ef82000 Unfrozen
ChildEBP RetAddr Args to Child
05ecfa28 75de1184 000005cc ffffffff 00000001
ntdll!ZwWaitForSingleObject+0x15
05ecfaa4 75de3677 00000000 05ecfaf0 77009d72
kernel32!WaitForSingleObjectExImplementation+0x75
05ecfab0 77009d72 00000000 72e5f8d4 00000000
kernel32!BaseThreadInitThunk+0xe
05ecfaf0 77009d45 6d7132fb 00000000 00000000
ntdll!__RtlUserThreadStart+0x70
05ecfb08 00000000 6d7132fb 00000000 00000000
ntdll!_RtlUserThreadStart+0x1b

19 Id: 1158.12a0 Suspend: 0 Teb: 7ef7f000 Unfrozen
ChildEBP RetAddr Args to Child
0609fa24 770060a4 73ed67e4 c00000a3 0609fb48
ntdll!ZwWaitForSingleObject+0x15
0609fa6c 77032fb1 00000000 00000000 005fafa8
ntdll!RtlNtStatusToDosError+0x40
0609fa88 00000000 0609fa00 00000614 00000099 ntdll!TpPostTask+0x1a7

20 Id: 1158.123c Suspend: 0 Teb: 7ef7c000 Unfrozen
ChildEBP RetAddr Args to Child
05d5f820 770321aa 00000664 05d5f8d4 72dcfba4
ntdll!NtWaitForWorkViaWorkerFactory+0x12
05d5f980 75de3677 0062a788 05d5f9cc 77009d72 ntdll!TppWorkerThread+0x216
05d5f98c 77009d72 0062a788 72dcfbe8 00000000
kernel32!BaseThreadInitThunk+0xe
05d5f9cc 77009d45 77032c91 0062a788 00000000
ntdll!__RtlUserThreadStart+0x70
05d5f9e4 00000000 77032c91 0062a788 00000000
ntdll!_RtlUserThreadStart+0x1b

21 Id: 1158.12d0 Suspend: 0 Teb: 7ef79000 Unfrozen
ChildEBP RetAddr Args to Child
063bfe48 75de162d 063bfdfc 063bfe70 00000000
ntdll!ZwWaitForMultipleObjects+0x15
063bfeb8 75de3677 00000001 063bff04 77009d72
kernel32!WaitForMultipleObjectsExImplementation+0xe0
063bfec4 77009d72 060de1c8 7132fd20 00000000
kernel32!BaseThreadInitThunk+0xe
063bff04 77009d45 76487bbd 060de1c8 00000000
ntdll!__RtlUserThreadStart+0x70
063bff1c 00000000 76487bbd 060de1c8 00000000
ntdll!_RtlUserThreadStart+0x1b

22 Id: 1158.e24 Suspend: 0 Teb: 7ef76000 Unfrozen
ChildEBP RetAddr Args to Child
062afb3c 75de1184 00000508 000927c0 00000000
ntdll!ZwWaitForSingleObject+0x15
062afb54 75de1138 00000508 000927c0 00000000
kernel32!WaitForSingleObjectExImplementation+0x75
062afb68 62972692 00000508 000927c0 00000000
kernel32!WaitForSingleObject+0x12
WARNING: Frame IP not in any known module. Following frames may be wrong.
062afbe4 75de3677 005d88d8 062afc30 77009d72 0x62972692
062afbf0 77009d72 005d88d8 7123fe14 00000000
kernel32!BaseThreadInitThunk+0xe
062afc30 77009d45 627edb13 005d88d8 00000000
ntdll!__RtlUserThreadStart+0x70
062afc48 00000000 627edb13 005d88d8 00000000
ntdll!_RtlUserThreadStart+0x1b

23 Id: 1158.128c Suspend: 0 Teb: 7ef73000 Unfrozen
ChildEBP RetAddr Args to Child
0660faf4 75de162d 0660faa8 0660fb1c 00000000
ntdll!ZwWaitForMultipleObjects+0x15
0660fb3c 75de1921 00000002 7efde000 00000000
kernel32!WaitForMultipleObjectsExImplementation+0xe0
0660fb58 62371400 00000002 0660fb7c 00000000
kernel32!WaitForMultipleObjects+0x18
WARNING: Frame IP not in any known module. Following frames may be wrong.
0660fc00 75de3677 0046b1d8 0660fc4c 77009d72 0x62371400
0660fc0c 77009d72 0046b1d8 7169fe68 00000000
kernel32!BaseThreadInitThunk+0xe
0660fc4c 77009d45 75d012e5 0046b1d8 00000000
ntdll!__RtlUserThreadStart+0x70
0660fc64 00000000 75d012e5 0046b1d8 00000000
ntdll!_RtlUserThreadStart+0x1b

24 Id: 1158.11c0 Suspend: 0 Teb: 7ef70000 Unfrozen
ChildEBP RetAddr Args to Child
0677fcfc 75de1184 000008fc ffffffff 00000000
ntdll!ZwWaitForSingleObject+0x15
0677fd14 75de1138 000008fc ffffffff 00000000
kernel32!WaitForSingleObjectExImplementation+0x75
0677fd28 62371947 000008fc ffffffff 0046fdb0
kernel32!WaitForSingleObject+0x12
WARNING: Frame IP not in any known module. Following frames may be wrong.
0677fdf0 75de3677 0046b1d8 0677fe3c 77009d72 0x62371947
0677fdfc 77009d72 0046b1d8 717efc18 00000000
kernel32!BaseThreadInitThunk+0xe
0677fe3c 77009d45 75d012e5 0046b1d8 00000000
ntdll!__RtlUserThreadStart+0x70
0677fe54 00000000 75d012e5 0046b1d8 00000000
ntdll!_RtlUserThreadStart+0x1b

25 Id: 1158.11f0 Suspend: 0 Teb: 7ef6d000 Unfrozen
ChildEBP RetAddr Args to Child
06c9f8b4 75de1184 00000920 ffffffff 00000000
ntdll!ZwWaitForSingleObject+0x15
06c9f8cc 75de1138 00000920 ffffffff 00000000
kernel32!WaitForSingleObjectExImplementation+0x75
06c9f8e0 6299174e 00000920 ffffffff 00000000
kernel32!WaitForSingleObject+0x12
WARNING: Frame IP not in any known module. Following frames may be wrong.
06c9f928 75de3677 00607578 06c9f974 77009d72 0x6299174e
06c9f934 77009d72 00607578 71c0fb50 00000000
kernel32!BaseThreadInitThunk+0xe
06c9f974 77009d45 627edb13 00607578 00000000
ntdll!__RtlUserThreadStart+0x70
06c9f98c 00000000 627edb13 00607578 00000000
ntdll!_RtlUserThreadStart+0x1b

26 Id: 1158.11d8 Suspend: 0 Teb: 7ef6a000 Unfrozen
ChildEBP RetAddr Args to Child
06e3f8b8 76ffdea3 036e2c68 036dbf70 036e2c68 ntdll!NtDelayExecution+0x15
06e3f8e4 731938bb 002b0000 00000000 731938da ntdll!RtlFreeHeap+0x105
06e3f930 73153433 03765f00 b60b80cf 00000000 msvcr90!free+0xcd
[f:\dd\vctools\crt_bld\self_x86\crt\src\free.c @ 110]
06e3f968 731534c7 00000000 06e3f980 75de3677
msvcr90!_callthreadstartex+0x1b
[f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
06e3f974 75de3677 036e2c68 06e3f9c0 77009d72 msvcr90!_threadstartex+0x69
[f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
06e3f980 77009d72 036e2c68 71eafbe4 00000000
kernel32!BaseThreadInitThunk+0xe
06e3f9c0 77009d45 7315345e 036e2c68 00000000
ntdll!__RtlUserThreadStart+0x70
06e3f9d8 00000000 7315345e 036e2c68 00000000
ntdll!_RtlUserThreadStart+0x1b

27 Id: 1158.1290 Suspend: 0 Teb: 7ef67000 Unfrozen
ChildEBP RetAddr Args to Child
0715fd54 731938da 1000251d ffb3b4c0 ffffffff
ntdll!ZwWaitForSingleObject+0x15
0715fd78 73ed678c 0000095c 00000954 00000001 msvcr90!free+0xec
[f:\dd\vctools\crt_bld\self_x86\crt\src\free.c @ 115]
WARNING: Frame IP not in any known module. Following frames may be wrong.
0715ff30 73153433 0370d848 b7fd86cf 00000000 0x73ed678c
0715ff68 731534c7 00000000 0715ff80 75de3677
msvcr90!_callthreadstartex+0x1b
[f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
0715ff74 75de3677 036e2c68 0715ffc0 77009d72 msvcr90!_threadstartex+0x69
[f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
0715ff80 77009d72 036e2c68 701cfde4 00000000
kernel32!BaseThreadInitThunk+0xe
0715ffc0 77009d45 7315345e 036e2c68 00000000
ntdll!__RtlUserThreadStart+0x70
0715ffd8 00000000 7315345e 036e2c68 00000000
ntdll!_RtlUserThreadStart+0x1b

28 Id: 1158.240 Suspend: 0 Teb: 7ef64000 Unfrozen
ChildEBP RetAddr Args to Child
0725fa54 75de162d 0725fa08 0725fa7c 00000000
ntdll!ZwWaitForMultipleObjects+0x15
0725fa9c 75de1921 00000001 7efde000 00000000
kernel32!WaitForMultipleObjectsExImplementation+0xe0
0725fab8 6ca93b87 00000001 037b46dc 00000000
kernel32!WaitForMultipleObjects+0x18
WARNING: Frame IP not in any known module. Following frames may be wrong.
0725fb18 731534c7 00000000 0725fb30 75de3677 0x6ca93b87
0725fb24 75de3677 036e2c68 0725fb70 77009d72 msvcr90!_threadstartex+0x69
[f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
0725fb30 77009d72 036e2c68 702cf954 00000000
kernel32!BaseThreadInitThunk+0xe
0725fb70 77009d45 7315345e 036e2c68 00000000
ntdll!__RtlUserThreadStart+0x70
0725fb88 00000000 7315345e 036e2c68 00000000
ntdll!_RtlUserThreadStart+0x1b

29 Id: 1158.7a8 Suspend: 0 Teb: 7eed4000 Unfrozen

ChildEBP RetAddr Args to Child
0be2ef80 75de1184 00000104 ffffffff 00000000
ntdll!ZwWaitForSingleObject+0x15
0be2ef98 75de1138 00000104 ffffffff 00000000
kernel32!WaitForSingleObjectExImplementation+0x75
0be2efac 6d6b41c9 00000104 ffffffff 002b7dd0
kernel32!WaitForSingleObject+0x12
WARNING: Frame IP not in any known module. Following frames may be wrong.
0be2f298 76fff899 7388f2a0 00531b1c 8cca2840 0x6d6b41c9
0be2f5bc 6d6b4297 6d6b41fc 75ea030c 0be2f688
ntdll!LdrpFindLoadedDllByName+0x68
0be2f600 75e09d57 0be2f6b8 bb5da67e 00000000 0x6d6b4297
0be2f688 77040727 0be2f6b8 77040604 00000000
kernel32!UnhandledExceptionFilter+0x127
0be2f690 77040604 00000000 0be2fb94 76ffc3d0
ntdll!__RtlUserThreadStart+0x62
0be2f6a4 770404a9 00000000 00000000 00000000
ntdll!_EH4_CallFilterFunc+0x12
0be2f6cc 770287b9 fffffffe 0be2fb84 0be2f808 ntdll!_except_handler4+0x8e
0be2f6f0 7702878b 0be2f7b8 0be2fb84 0be2f808 ntdll!ExecuteHandler2+0x26
0be2f7a0 76fe010f 00e2f7b8 0be2f808 0be2f7b8 ntdll!ExecuteHandler+0x24
0be2f7a0 770222b9 00e2f7b8 0be2f808 0be2f7b8
ntdll!KiUserExceptionDispatcher+0xf
0be2faf8 73153412 00000000 0be2fb3c 73153439 ntdll!RtlExitUserThread+0x41
0be2fb04 73153438 00000000 bb0a829b 00000000 msvcr90!_endthreadex+0x23
[f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 412]
0be2fb3c 731534c7 00000000 0be2fb54 75de3677
msvcr90!_callthreadstartex+0x20
[f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
0be2fb48 75de3677 074c60d8 0be2fb94 77009d72 msvcr90!_threadstartex+0x69
[f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
0be2fb54 77009d72 074c60d8 7cebf9b0 00000000
kernel32!BaseThreadInitThunk+0xe
0be2fb94 77009d45 7315345e 074c60d8 00000000
ntdll!__RtlUserThreadStart+0x70
0be2fbac 00000000 7315345e 074c60d8 00000000
ntdll!_RtlUserThreadStart+0x1b

WINDBG is sponsored by OSR

OSR is hiring!! Info at http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

raj_r · February 26, 2013, 5:20pm

i just glanced through your original post in forum to get a feel of
the question
but i dont get your question

you have done u and ub and you see an int3 so ?
the int3 is hardcoded in the function after RtlExituserProcess

what is your question are you are asking why int3 was hit ?
RtlExitUserThread has an int3 hardcoded in the function

you can try disassembling RtlExituserThread a bit further up and you
will see NtQueryInformationThread is called for with 0x0c and
depending on the result either ZwTerminateThread or RtlExituserProcess

008A0859 n>MOV EDI, EDI
008A085B PUSH EBP
008A085C MOV EBP, ESP
008A085E PUSH ECX
008A085F PUSH ESI
008A0860 XOR ESI, ESI
008A0862 PUSH ESI ; /pReqsize => NULL
008A0863 PUSH 4 ; |Bufsize = 4
008A0865 LEA EAX, DWORD PTR SS:[EBP-4] ; |
008A0868 PUSH EAX ; |Buffer
008A0869 PUSH 0C ; |InfoClass = C
(12.) AmIlastThread
008A086B PUSH -2 ; |hThread =
FFFFFFFE (GetCurrentThread Pseudo
008A086D MOV DWORD PTR SS:[EBP-4], ESI ; |
008A0870 CALL ntdll_1.ZwQueryInformationThread ; \ZwQueryInformationThread
008A0875 TEST EAX, EAX
008A0877 JL SHORT ntdll_1.008A087E
008A0879 CMP DWORD PTR SS:[EBP-4], ESI
008A087C JNZ SHORT ntdll_1.008A0892
008A087E CALL ntdll_1.LdrShutdownThread
008A0883 PUSH ESI ; /Arg1
008A0884 CALL ntdll_1.TpCheckTerminateWorker ; \TpCheckTerminateWorker
008A0889 PUSH DWORD PTR SS:[EBP+8]
008A088C PUSH ESI
008A088D CALL ntdll_1.ZwTerminateThread
008A0892 PUSH DWORD PTR SS:[EBP+8] ; /Arg1
008A0895 CALL ntdll_1.RtlExitUserProcess ; \RtlExitUserProcess
008A089A INT3

On 2/27/13, xxxxx@flounder.com wrote:
> Why are there 29 active threads when you are exiting the process? It is
> the programmer’s responsibility to see that all threads are correctly
> terminated before exiting the process. Of course, if you’ve suffered sone
> internal error, particularly on the main thread, the standard behaviors is
> to exit the process, and in that case, since the process has suffered
> undefined behavior and nothing can be assumed about its correctness. So
> no matter what happens, all bets are off. Make sure there are no exit()
> calls anywhere in your code; these can result in undefined behavior,
> particularly in multithreaded apps.
>
> The problem is that we really don’t have much to go on. I can come up
> with a lot of scenarios for undefined behavior if there was no error but
> you are relying on exit() [either implicit by returning from main() with
> active threads, or explicit by exit() being called when there are active
> threads] that I don’t think the 0x80000003 question is worth trying to
> answer if you either call exit() or have experienced another error. So
> please clarify what has happened.
> joe
>
>> I feel strange that the eip is after calling rtlExitUserProcess. Here’s
>> all thread stacks.
>>
>> 0:029> ~*kb
>>
>> 0 Id: 1158.1168 Suspend: 0 Teb: 7efdd000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> WARNING: Frame IP not in any known module. Following frames may be wrong.
>> 0022f90c 6d663c3c 002bb57c 00000000 00000000 0x749c7e47
>> 00000000 00000000 00000000 00000000 00000000 0x6d663c3c
>>
>> 1 Id: 1158.dcc Suspend: 0 Teb: 7efda000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 02b8fb3c 75de162d 02b8faf0 02b8fb64 00000000
>> ntdll!ZwWaitForMultipleObjects+0x15
>> 02b8fb80 02b8fbd8 749d03da 00000002 7efde000
>> kernel32!WaitForMultipleObjectsExImplementation+0xe0
>> WARNING: Frame IP not in any known module. Following frames may be wrong.
>> 00000000 00000000 00000000 00000000 00000000 0x2b8fbd8
>>
>> 2 Id: 1158.8e4 Suspend: 0 Teb: 7efd7000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 02d7fe10 770321aa 00000194 02d7fec4 75defd54
>> ntdll!NtWaitForWorkViaWorkerFactory+0x12
>> 02d7ff70 75de3677 00573778 02d7ffbc 77009d72 ntdll!TppWorkerThread+0x216
>> 02d7ff7c 77009d72 00573778 75defd98 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 02d7ffbc 77009d45 77032c91 00573778 00000000
>> ntdll! _RtlUserThreadStart+0x70
>> 02d7ffd4 00000000 77032c91 00573778 00000000
>> ntdll!RtlUserThreadStart+0x1b
>>
>> 3 Id: 1158.105c Suspend: 0 Teb: 7efaf000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 02fffc6c 770321aa 00000194 02fffd20 75f6ffe8
>> ntdll!NtWaitForWorkViaWorkerFactory+0x12
>> 02fffdcc 75de3677 00573778 02fffe18 77009d72 ntdll!TppWorkerThread+0x216
>> 02fffdd8 77009d72 00573778 75f6fc3c 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 02fffe18 77009d45 77032c91 00573778 00000000
>> ntdll! RtlUserThreadStart+0x70
>> 02fffe30 00000000 77032c91 00573778 00000000
>> ntdll!_RtlUserThreadStart+0x1b
>>
>> 4 Id: 1158.1064 Suspend: 0 Teb: 7efac000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 031ff97c 770321aa 0000019c 031ffa30 7416f8f8
>> ntdll!NtWaitForWorkViaWorkerFactory+0x12
>> 031ffadc 75de3677 00573778 031ffb28 77009d72 ntdll!TppWorkerThread+0x216
>> 031ffae8 77009d72 00573778 7416f90c 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 031ffb28 77009d45 77032c91 00573778 00000000
>> ntdll! _RtlUserThreadStart+0x70
>> 031ffb40 00000000 77032c91 00573778 00000000
>> ntdll!RtlUserThreadStart+0x1b
>>
>> 5 Id: 1158.1068 Suspend: 0 Teb: 7efa9000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 02eef6f8 770321aa 00000194 02eef7ac 75e7fa7c
>> ntdll!NtWaitForWorkViaWorkerFactory+0x12
>> 02eef858 75de3677 00573778 02eef8a4 77009d72 ntdll!TppWorkerThread+0x216
>> 02eef864 77009d72 00573778 75e7fa80 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 02eef8a4 77009d45 77032c91 00573778 00000000
>> ntdll! RtlUserThreadStart+0x70
>> 02eef8bc 00000000 77032c91 00573778 00000000
>> ntdll!_RtlUserThreadStart+0x1b
>>
>> 6 Id: 1158.5bc Suspend: 0 Teb: 7efa6000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 0335fdf0 770321aa 00000270 0335fea4 743cfd74
>> ntdll!NtWaitForWorkViaWorkerFactory+0x12
>> 0335ff50 75de3677 005d1930 0335ff9c 77009d72 ntdll!TppWorkerThread+0x216
>> 0335ff5c 77009d72 005d1930 743cfdb8 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 0335ff9c 77009d45 77032c91 005d1930 00000000
>> ntdll! _RtlUserThreadStart+0x70
>> 0335ffb4 00000000 77032c91 005d1930 00000000
>> ntdll!RtlUserThreadStart+0x1b
>>
>> 7 Id: 1158.e18 Suspend: 0 Teb: 7efa3000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 0356f9fc 77031dab 00000020 005bd288 00000001
>> ntdll!ZwWaitForMultipleObjects+0x15
>> 0356fb90 75de3677 00000000 0356fbdc 77009d72 ntdll!TppWaiterpThread+0x33d
>> 0356fb9c 77009d72 005bd258 745ff9f8 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 0356fbdc 77009d45 77031c7f 005bd258 00000000
>> ntdll! RtlUserThreadStart+0x70
>> 0356fbf4 00000000 77031c7f 005bd258 00000000
>> ntdll!_RtlUserThreadStart+0x1b
>>
>> 8 Id: 1158.8dc Suspend: 0 Teb: 7efa0000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 036af6e4 75de162d 036af698 036af70c 00000000
>> ntdll!ZwWaitForMultipleObjects+0x15
>> 036af72c 75de1921 00000001 7efde000 00000000
>> kernel32!WaitForMultipleObjectsExImplementation+0xe0
>> 036af748 6caa2948 00000001 009c0d1c 00000000
>> kernel32!WaitForMultipleObjects+0x18
>> WARNING: Frame IP not in any known module. Following frames may be wrong.
>> 036af774 73153433 009bfbb8 b3828e0b 00000000 0x6caa2948
>> 036af7ac 731534c7 00000000 036af7c4 75de3677
>> msvcr90!_callthreadstartex+0x1b
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
>> 036af7b8 75de3677 00a18fe8 036af804 77009d72 msvcr90!_threadstartex+0x69
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
>> 036af7c4 77009d72 00a18fe8 7463fa20 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 036af804 77009d45 7315345e 00a18fe8 00000000
>> ntdll! __RtlUserThreadStart+0x70
>> 036af81c 00000000 7315345e 00a18fe8 00000000
>> ntdll!RtlUserThreadStart+0x1b
>>
>> 9 Id: 1158.404 Suspend: 0 Teb: 7ef9d000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 039cfa48 75de3677 00000000 039cfa94 77009d72
>> ntdll!ZwWaitForMultipleObjects+0x15
>> 039cfa94 77009d45 6d6e1c2f 00000000 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 039cfaac 00000000 6d6e1c2f 00000000 00000000
>> ntdll!RtlUserThreadStart+0x1b
>>
>> 10 Id: 1158.460 Suspend: 0 Teb: 7ef9a000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 03bff820 77009fbc 77009f6a 00000000 00000000 ntdll!NtDelayExecution+0x15
>> 03bff97c 7700371e 002b0138 770036fa 74b6f848
>> ntdll!LdrpInitializeThread+0x131
>> 03bff984 770036fa 74b6f848 00000000 002b0000 ntdll!RtlpFreeHeap+0xbb1
>> 03bffa6c 00000000 00000001 00000000 036cfd20 ntdll!RtlpFreeHeap+0xb7a
>>
>> 11 Id: 1158.1060 Suspend: 0 Teb: 7ef97000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 03e3fb14 770321aa 00000270 03e3fbc8 74eafe50
>> ntdll!NtWaitForWorkViaWorkerFactory+0x12
>> 03e3fc74 75de3677 005d1930 03e3fcc0 77009d72 ntdll!TppWorkerThread+0x216
>> 03e3fc80 77009d72 005d1930 74eafee4 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 03e3fcc0 77009d45 77032c91 005d1930 00000000
>> ntdll! RtlUserThreadStart+0x70
>> 03e3fcd8 00000000 77032c91 005d1930 00000000
>> ntdll!_RtlUserThreadStart+0x1b
>>
>> 12 Id: 1158.1058 Suspend: 0 Teb: 7ef94000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 03fafb44 75de3677 005c2b70 03fafb90 77009d72 ntdll!NtDelayExecution+0x15
>> 03fafb50 77009d72 005c2b70 74f3f9b4 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 03fafb90 77009d45 758fc7f5 005c2b70 00000000
>> ntdll!__RtlUserThreadStart+0x70
>> 03fafba8 00000000 758fc7f5 005c2b70 00000000
>> ntdll!_RtlUserThreadStart+0x1b
>>
>> 13 Id: 1158.d08 Suspend: 0 Teb: 7ef91000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 043ff818 731938bb 00000000 00000000 00000000 ntdll!NtDelayExecution+0x15
>> 043ff864 73153433 00979fd0 b4d7813b 00000000 msvcr90!free+0xcd
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\free.c @ 110]
>> 043ff89c 731534c7 00000000 043ff8b4 75de3677
>> msvcr90!_callthreadstartex+0x1b
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
>> 043ff8a8 75de3677 036fb430 043ff8f4 77009d72 msvcr90!_threadstartex+0x69
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
>> 043ff8b4 77009d72 036fb430 7336fad0 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 043ff8f4 77009d45 7315345e 036fb430 00000000
>> ntdll!__RtlUserThreadStart+0x70
>> 043ff90c 00000000 7315345e 036fb430 00000000
>> ntdll!_RtlUserThreadStart+0x1b
>>
>> 14 Id: 1158.1174 Suspend: 0 Teb: 7ef8e000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 050ffc00 75de1184 00000be4 ffffffff 00000000
>> ntdll!ZwWaitForSingleObject+0x15
>> 050ffc18 75de1138 00000be4 ffffffff 00000000
>> kernel32!WaitForSingleObjectExImplementation+0x75
>> 050ffc2c 6c953b61 00000be4 ffffffff 07647204
>> kernel32!WaitForSingleObject+0x12
>> WARNING: Frame IP not in any known module. Following frames may be wrong.
>> 050ffd00 731938da 050ffd18 00000000 0000000f 0x6c953b61
>> 050ffe34 76ffdea3 036e1288 036dbf70 036e1288 msvcr90!free+0xec
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\free.c @ 115]
>> 050ffe4c 75de14d1 002b0000 00000000 036e1288 ntdll!RtlFreeHeap+0x105
>> 050ffe60 731938bb 002b0000 00000000 731938da kernel32!HeapFree+0x14
>> 050ffeac 73153433 037053c0 b5e78743 00000000 msvcr90!free+0xcd
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\free.c @ 110]
>> 050ffee4 731534c7 00000000 050ffefc 75de3677
>> msvcr90!_callthreadstartex+0x1b
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
>> 050ffef0 75de3677 036e1288 050fff3c 77009d72 msvcr90!_threadstartex+0x69
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
>> 050ffefc 77009d72 036e1288 7206fd18 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 050fff3c 77009d45 7315345e 036e1288 00000000
>> ntdll!__RtlUserThreadStart+0x70
>> 050fff54 00000000 7315345e 036e1288 00000000
>> ntdll!_RtlUserThreadStart+0x1b
>>
>> 15 Id: 1158.6c4 Suspend: 0 Teb: 7ef8b000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 053bfdd8 75de3677 73ed70be 053bfe24 77009d72
>> ntdll!ZwRemoveIoCompletion+0x15
>> 053bfe24 77009d45 73ed6f14 005a61d8 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 053bfe3c 00000000 73ed6f14 005a61d8 00000000
>> ntdll!_RtlUserThreadStart+0x1b
>>
>> 16 Id: 1158.e28 Suspend: 0 Teb: 7ef85000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 0583f9f8 73153433 036ef3d0 b56b8397 00000000 ntdll!NtDelayExecution+0x15
>> 0583fa30 731534c7 00000000 0583fa48 75de3677
>> msvcr90!_callthreadstartex+0x1b
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
>> 0583fa3c 75de3677 036e16d8 0583fa88 77009d72 msvcr90!_threadstartex+0x69
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
>> 0583fa48 77009d72 036e16d8 728af8ac 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 0583fa88 77009d45 7315345e 036e16d8 00000000
>> ntdll!__RtlUserThreadStart+0x70
>> 0583faa0 00000000 7315345e 036e16d8 00000000
>> ntdll!_RtlUserThreadStart+0x1b
>>
>> 17 Id: 1158.8c8 Suspend: 0 Teb: 7ef88000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 0598f6a8 73193a58 002b0000 00000000 00000020
>> ntdll!ZwRemoveIoCompletion+0x15
>> 0598f6ec 73193b58 00000010 002b0000 00000000 msvcr90!malloc+0x79
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\malloc.c @ 163]
>> 0598f704 00000000 00000000 00000000 00000000 msvcr90!operator new+0x1f
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\new.cpp @ 59]
>>
>> 18 Id: 1158.12a4 Suspend: 0 Teb: 7ef82000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 05ecfa28 75de1184 000005cc ffffffff 00000001
>> ntdll!ZwWaitForSingleObject+0x15
>> 05ecfaa4 75de3677 00000000 05ecfaf0 77009d72
>> kernel32!WaitForSingleObjectExImplementation+0x75
>> 05ecfab0 77009d72 00000000 72e5f8d4 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 05ecfaf0 77009d45 6d7132fb 00000000 00000000
>> ntdll! _RtlUserThreadStart+0x70
>> 05ecfb08 00000000 6d7132fb 00000000 00000000
>> ntdll!RtlUserThreadStart+0x1b
>>
>> 19 Id: 1158.12a0 Suspend: 0 Teb: 7ef7f000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 0609fa24 770060a4 73ed67e4 c00000a3 0609fb48
>> ntdll!ZwWaitForSingleObject+0x15
>> 0609fa6c 77032fb1 00000000 00000000 005fafa8
>> ntdll!RtlNtStatusToDosError+0x40
>> 0609fa88 00000000 0609fa00 00000614 00000099 ntdll!TpPostTask+0x1a7
>>
>> 20 Id: 1158.123c Suspend: 0 Teb: 7ef7c000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 05d5f820 770321aa 00000664 05d5f8d4 72dcfba4
>> ntdll!NtWaitForWorkViaWorkerFactory+0x12
>> 05d5f980 75de3677 0062a788 05d5f9cc 77009d72 ntdll!TppWorkerThread+0x216
>> 05d5f98c 77009d72 0062a788 72dcfbe8 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 05d5f9cc 77009d45 77032c91 0062a788 00000000
>> ntdll! RtlUserThreadStart+0x70
>> 05d5f9e4 00000000 77032c91 0062a788 00000000
>> ntdll!_RtlUserThreadStart+0x1b
>>
>> 21 Id: 1158.12d0 Suspend: 0 Teb: 7ef79000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 063bfe48 75de162d 063bfdfc 063bfe70 00000000
>> ntdll!ZwWaitForMultipleObjects+0x15
>> 063bfeb8 75de3677 00000001 063bff04 77009d72
>> kernel32!WaitForMultipleObjectsExImplementation+0xe0
>> 063bfec4 77009d72 060de1c8 7132fd20 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 063bff04 77009d45 76487bbd 060de1c8 00000000
>> ntdll! _RtlUserThreadStart+0x70
>> 063bff1c 00000000 76487bbd 060de1c8 00000000
>> ntdll!RtlUserThreadStart+0x1b
>>
>> 22 Id: 1158.e24 Suspend: 0 Teb: 7ef76000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 062afb3c 75de1184 00000508 000927c0 00000000
>> ntdll!ZwWaitForSingleObject+0x15
>> 062afb54 75de1138 00000508 000927c0 00000000
>> kernel32!WaitForSingleObjectExImplementation+0x75
>> 062afb68 62972692 00000508 000927c0 00000000
>> kernel32!WaitForSingleObject+0x12
>> WARNING: Frame IP not in any known module. Following frames may be wrong.
>> 062afbe4 75de3677 005d88d8 062afc30 77009d72 0x62972692
>> 062afbf0 77009d72 005d88d8 7123fe14 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 062afc30 77009d45 627edb13 005d88d8 00000000
>> ntdll! RtlUserThreadStart+0x70
>> 062afc48 00000000 627edb13 005d88d8 00000000
>> ntdll!_RtlUserThreadStart+0x1b
>>
>> 23 Id: 1158.128c Suspend: 0 Teb: 7ef73000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 0660faf4 75de162d 0660faa8 0660fb1c 00000000
>> ntdll!ZwWaitForMultipleObjects+0x15
>> 0660fb3c 75de1921 00000002 7efde000 00000000
>> kernel32!WaitForMultipleObjectsExImplementation+0xe0
>> 0660fb58 62371400 00000002 0660fb7c 00000000
>> kernel32!WaitForMultipleObjects+0x18
>> WARNING: Frame IP not in any known module. Following frames may be wrong.
>> 0660fc00 75de3677 0046b1d8 0660fc4c 77009d72 0x62371400
>> 0660fc0c 77009d72 0046b1d8 7169fe68 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 0660fc4c 77009d45 75d012e5 0046b1d8 00000000
>> ntdll! _RtlUserThreadStart+0x70
>> 0660fc64 00000000 75d012e5 0046b1d8 00000000
>> ntdll!RtlUserThreadStart+0x1b
>>
>> 24 Id: 1158.11c0 Suspend: 0 Teb: 7ef70000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 0677fcfc 75de1184 000008fc ffffffff 00000000
>> ntdll!ZwWaitForSingleObject+0x15
>> 0677fd14 75de1138 000008fc ffffffff 00000000
>> kernel32!WaitForSingleObjectExImplementation+0x75
>> 0677fd28 62371947 000008fc ffffffff 0046fdb0
>> kernel32!WaitForSingleObject+0x12
>> WARNING: Frame IP not in any known module. Following frames may be wrong.
>> 0677fdf0 75de3677 0046b1d8 0677fe3c 77009d72 0x62371947
>> 0677fdfc 77009d72 0046b1d8 717efc18 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 0677fe3c 77009d45 75d012e5 0046b1d8 00000000
>> ntdll! RtlUserThreadStart+0x70
>> 0677fe54 00000000 75d012e5 0046b1d8 00000000
>> ntdll!_RtlUserThreadStart+0x1b
>>
>> 25 Id: 1158.11f0 Suspend: 0 Teb: 7ef6d000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 06c9f8b4 75de1184 00000920 ffffffff 00000000
>> ntdll!ZwWaitForSingleObject+0x15
>> 06c9f8cc 75de1138 00000920 ffffffff 00000000
>> kernel32!WaitForSingleObjectExImplementation+0x75
>> 06c9f8e0 6299174e 00000920 ffffffff 00000000
>> kernel32!WaitForSingleObject+0x12
>> WARNING: Frame IP not in any known module. Following frames may be wrong.
>> 06c9f928 75de3677 00607578 06c9f974 77009d72 0x6299174e
>> 06c9f934 77009d72 00607578 71c0fb50 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 06c9f974 77009d45 627edb13 00607578 00000000
>> ntdll!__RtlUserThreadStart+0x70
>> 06c9f98c 00000000 627edb13 00607578 00000000
>> ntdll!_RtlUserThreadStart+0x1b
>>
>> 26 Id: 1158.11d8 Suspend: 0 Teb: 7ef6a000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 06e3f8b8 76ffdea3 036e2c68 036dbf70 036e2c68 ntdll!NtDelayExecution+0x15
>> 06e3f8e4 731938bb 002b0000 00000000 731938da ntdll!RtlFreeHeap+0x105
>> 06e3f930 73153433 03765f00 b60b80cf 00000000 msvcr90!free+0xcd
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\free.c @ 110]
>> 06e3f968 731534c7 00000000 06e3f980 75de3677
>> msvcr90!_callthreadstartex+0x1b
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
>> 06e3f974 75de3677 036e2c68 06e3f9c0 77009d72 msvcr90!_threadstartex+0x69
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
>> 06e3f980 77009d72 036e2c68 71eafbe4 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 06e3f9c0 77009d45 7315345e 036e2c68 00000000
>> ntdll!__RtlUserThreadStart+0x70
>> 06e3f9d8 00000000 7315345e 036e2c68 00000000
>> ntdll!_RtlUserThreadStart+0x1b
>>
>> 27 Id: 1158.1290 Suspend: 0 Teb: 7ef67000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 0715fd54 731938da 1000251d ffb3b4c0 ffffffff
>> ntdll!ZwWaitForSingleObject+0x15
>> 0715fd78 73ed678c 0000095c 00000954 00000001 msvcr90!free+0xec
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\free.c @ 115]
>> WARNING: Frame IP not in any known module. Following frames may be wrong.
>> 0715ff30 73153433 0370d848 b7fd86cf 00000000 0x73ed678c
>> 0715ff68 731534c7 00000000 0715ff80 75de3677
>> msvcr90!_callthreadstartex+0x1b
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
>> 0715ff74 75de3677 036e2c68 0715ffc0 77009d72 msvcr90!_threadstartex+0x69
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
>> 0715ff80 77009d72 036e2c68 701cfde4 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 0715ffc0 77009d45 7315345e 036e2c68 00000000
>> ntdll!__RtlUserThreadStart+0x70
>> 0715ffd8 00000000 7315345e 036e2c68 00000000
>> ntdll!_RtlUserThreadStart+0x1b
>>
>> 28 Id: 1158.240 Suspend: 0 Teb: 7ef64000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 0725fa54 75de162d 0725fa08 0725fa7c 00000000
>> ntdll!ZwWaitForMultipleObjects+0x15
>> 0725fa9c 75de1921 00000001 7efde000 00000000
>> kernel32!WaitForMultipleObjectsExImplementation+0xe0
>> 0725fab8 6ca93b87 00000001 037b46dc 00000000
>> kernel32!WaitForMultipleObjects+0x18
>> WARNING: Frame IP not in any known module. Following frames may be wrong.
>> 0725fb18 731534c7 00000000 0725fb30 75de3677 0x6ca93b87
>> 0725fb24 75de3677 036e2c68 0725fb70 77009d72 msvcr90!_threadstartex+0x69
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
>> 0725fb30 77009d72 036e2c68 702cf954 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 0725fb70 77009d45 7315345e 036e2c68 00000000
>> ntdll!__RtlUserThreadStart+0x70
>> 0725fb88 00000000 7315345e 036e2c68 00000000
>> ntdll!_RtlUserThreadStart+0x1b
>>
>> # 29 Id: 1158.7a8 Suspend: 0 Teb: 7eed4000 Unfrozen
>> ChildEBP RetAddr Args to Child
>> 0be2ef80 75de1184 00000104 ffffffff 00000000
>> ntdll!ZwWaitForSingleObject+0x15
>> 0be2ef98 75de1138 00000104 ffffffff 00000000
>> kernel32!WaitForSingleObjectExImplementation+0x75
>> 0be2efac 6d6b41c9 00000104 ffffffff 002b7dd0
>> kernel32!WaitForSingleObject+0x12
>> WARNING: Frame IP not in any known module. Following frames may be wrong.
>> 0be2f298 76fff899 7388f2a0 00531b1c 8cca2840 0x6d6b41c9
>> 0be2f5bc 6d6b4297 6d6b41fc 75ea030c 0be2f688
>> ntdll!LdrpFindLoadedDllByName+0x68
>> 0be2f600 75e09d57 0be2f6b8 bb5da67e 00000000 0x6d6b4297
>> 0be2f688 77040727 0be2f6b8 77040604 00000000
>> kernel32!UnhandledExceptionFilter+0x127
>> 0be2f690 77040604 00000000 0be2fb94 76ffc3d0
>> ntdll!__RtlUserThreadStart+0x62
>> 0be2f6a4 770404a9 00000000 00000000 00000000
>> ntdll!_EH4_CallFilterFunc+0x12
>> 0be2f6cc 770287b9 fffffffe 0be2fb84 0be2f808 ntdll!_except_handler4+0x8e
>> 0be2f6f0 7702878b 0be2f7b8 0be2fb84 0be2f808 ntdll!ExecuteHandler2+0x26
>> 0be2f7a0 76fe010f 00e2f7b8 0be2f808 0be2f7b8 ntdll!ExecuteHandler+0x24
>> 0be2f7a0 770222b9 00e2f7b8 0be2f808 0be2f7b8
>> ntdll!KiUserExceptionDispatcher+0xf
>> 0be2faf8 73153412 00000000 0be2fb3c 73153439 ntdll!RtlExitUserThread+0x41
>> 0be2fb04 73153438 00000000 bb0a829b 00000000 msvcr90!_endthreadex+0x23
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 412]
>> 0be2fb3c 731534c7 00000000 0be2fb54 75de3677
>> msvcr90!_callthreadstartex+0x20
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 348]
>> 0be2fb48 75de3677 074c60d8 0be2fb94 77009d72 msvcr90!_threadstartex+0x69
>> [f:\dd\vctools\crt_bld\self_x86\crt\src\threadex.c @ 326]
>> 0be2fb54 77009d72 074c60d8 7cebf9b0 00000000
>> kernel32!BaseThreadInitThunk+0xe
>> 0be2fb94 77009d45 7315345e 074c60d8 00000000
>> ntdll!__RtlUserThreadStart+0x70
>> 0be2fbac 00000000 7315345e 074c60d8 00000000
>> ntdll!_RtlUserThreadStart+0x1b
>>
>>
>> —
>> WINDBG is sponsored by OSR
>>
>> OSR is hiring!! Info at http://www.osr.com/careers
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
>
>
> —
> WINDBG is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

Sam_Sheng · February 27, 2013, 5:49pm

The last mail exceeds limit of mail length, so I send it again.

— On Wed, 2/27/13, Sam Sheng wrote:

From: Sam Sheng
Subject: Re: [windbg] 0x80000003 exception
To: “Kernel Debugging Interest List”
Date: Wednesday, February 27, 2013, 1:57 PM

That’s exactly my question, for this thread is not the last one, other threads are still running.
Why is ExitProcess called?
The mini dump is from end user, so I have no idea what’s going on there.
Thanks for kindly help.
-Sam

— On Tue, 2/26/13, raj_r wrote:

From: raj_r
Subject: Re: [windbg] 0x80000003 exception
To: “Kernel Debugging Interest List”
Date: Tuesday, February 26, 2013, 2:19 PM

i just glanced through your original post in forum to get a feel of
the question
but i dont get your question

you
have done u and ub and you see an int3 so ?
the int3 is hardcoded in the function after RtlExituserProcess

what is your question are you are asking why int3 was hit ?
RtlExitUserThread has an int3 hardcoded? in the function

you can try disassembling RtlExituserThread a bit further up? and you
will see NtQueryInformationThread is called for with 0x0c and
depending on the result either ZwTerminateThread or RtlExituserProcess

008A0859 n>MOV? ???EDI, EDI
008A085B???PUSH? ? EBP
008A085C???MOV? ???EBP, ESP
008A085E???PUSH? ? ECX
008A085F???PUSH? ? ESI
008A0860???XOR? ???ESI, ESI
008A0862???PUSH? ? ESI? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ;
/pReqsize => NULL
008A0863???PUSH? ? 4? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ; |Bufsize = 4
008A0865???LEA? ???EAX, DWORD PTR SS:[EBP-4]? ? ? ? ; |
008A0868???PUSH? ? EAX? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ; |Buffer
008A0869???PUSH? ? 0C? ? ? ? ? ? ? ? ? ? ? ? ? ? ???; |InfoClass = C
(12.) AmIlastThread
008A086B???PUSH? ? -2? ? ? ? ? ? ? ? ? ? ? ? ? ? ???; |hThread =
FFFFFFFE? (GetCurrentThread Pseudo
008A086D???MOV? ???DWORD PTR
SS:[EBP-4], ESI? ? ? ? ; |
008A0870???CALL? ? ntdll_1.ZwQueryInformationThread ; \ZwQueryInformationThread
008A0875???TEST? ? EAX, EAX
008A0877???JL? ? ? SHORT ntdll_1.008A087E
008A0879???CMP? ???DWORD PTR SS:[EBP-4], ESI
008A087C???JNZ? ???SHORT ntdll_1.008A0892
008A087E???CALL? ? ntdll_1.LdrShutdownThread
008A0883???PUSH? ? ESI? ? ? ? ? ? ? ? ? ? ? ? ? ? ? ; /Arg1
008A0884???CALL? ? ntdll_1.TpCheckTerminateWorker???; \TpCheckTerminateWorker
008A0889???PUSH? ? DWORD PTR SS:[EBP+8]
008A088C???PUSH? ? ESI
008A088D???CALL?
? ntdll_1.ZwTerminateThread
008A0892???PUSH? ? DWORD PTR SS:[EBP+8]? ? ? ? ? ???; /Arg1
008A0895???CALL? ? ntdll_1.RtlExitUserProcess? ? ???; \RtlExitUserProcess
008A089A???INT3

On 2/27/13, xxxxx@flounder.com wrote:
> Why are there 29 active threads when you are exiting the process?? It is
> the programmer’s responsibility to see that all threads are correctly
> terminated before exiting the process.? Of course, if you’ve suffered sone
> internal error, particularly on the main thread, the standard behaviors is
> to exit the process, and in that
case, since the process has suffered
> undefined behavior and nothing can be assumed about its correctness.? So
> no matter what happens, all bets are off.? Make sure there are no exit()
> calls anywhere in your code; these can result in undefined behavior,
> particularly in multithreaded apps.
>
> The problem is that we really don’t have much to go on.? I can come up
> with a lot of scenarios for undefined behavior if there was no error but
> you are relying on exit() [either implicit by returning from main() with
> active threads, or explicit by exit() being called when there are active
> threads] that I don’t think the 0x80000003 question is worth trying to
> answer if you either call exit() or have experienced another error.? So
> please clarify what has happened.
>? ? ? ???joe
>
>> I feel strange that the
eip is after calling rtlExitUserProcess. Here’s
>> all thread stacks.
>>

OSR is hiring!! Info at http://www.osr.com/careers

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

OSR_Community_User · February 28, 2013, 1:47am

Basic question: You have written a multithreaded app. Have you written
code, which does not call TerminateThread, that guarantees that all these
threads properly shut themselves down by exiting their top-level thread
function, before the main thread is allowed to terminate? If not, you
must first do this because a program which fails to cleanly terminate all
its threads is typically erroneous, but the manifestation may depend on
the number of available cores, the system load, the phase of the moon, and
the angular separation of Mars and Jupiter.

Until you can answer in the affirmative, there is no point in attempting
to debug the program.

Note also that if the app suffered any other error, such as a memory
access error, and is being shut down by the error handler, you must solve
that problem first, because correct behavior cannot be guaranteed no
matter how well you have written your code.

The breakpoint seems to occur because the program returned from the
exit-process subroutine, which should be impossible.
joe

The last mail exceeds limit of mail length, so I send it again.

— On Wed, 2/27/13, Sam Sheng wrote:
>
> From: Sam Sheng
> Subject: Re: [windbg] 0x80000003 exception
> To: “Kernel Debugging Interest List”
> Date: Wednesday, February 27, 2013, 1:57 PM
>
> That’s exactly my question, for this thread is not the last one, other
> threads are still running.
> Why is ExitProcess called?
> The mini dump is from end user, so I have no idea what’s going on there.
> Thanks for kindly help.
> -Sam
>
> — On Tue, 2/26/13, raj_r wrote:
>
> From: raj_r
> Subject: Re: [windbg] 0x80000003 exception
> To: “Kernel Debugging Interest List”
> Date: Tuesday, February 26, 2013, 2:19 PM
>
> i just glanced through your original post in forum to get a feel of
> the question
> but i dont get your question
>
> you
> have done u and ub and you see an int3 so ?
> the int3 is hardcoded in the function after RtlExituserProcess
>
> what is your question are you are asking why int3 was hit ?
> RtlExitUserThread has an int3 hardcoded in the function
>
> you can try disassembling RtlExituserThread a bit further up and you
> will see NtQueryInformationThread is called for with 0x0c and
> depending on the result either ZwTerminateThread or RtlExituserProcess
>
>
> 008A0859 n>MOV EDI, EDI
> 008A085B PUSH EBP
> 008A085C MOV EBP, ESP
> 008A085E PUSH ECX
> 008A085F PUSH ESI
> 008A0860 XOR ESI, ESI
> 008A0862 PUSH ESI ;
> /pReqsize => NULL
> 008A0863 PUSH 4 ; |Bufsize = 4
> 008A0865 LEA EAX, DWORD PTR SS:[EBP-4] ; |
> 008A0868 PUSH EAX ; |Buffer
> 008A0869 PUSH 0C ; |InfoClass = C
> (12.) AmIlastThread
> 008A086B PUSH -2 ; |hThread =
> FFFFFFFE (GetCurrentThread Pseudo
> 008A086D MOV DWORD PTR
> SS:[EBP-4], ESI ; |
> 008A0870 CALL ntdll_1.ZwQueryInformationThread ;
> \ZwQueryInformationThread
> 008A0875 TEST EAX, EAX
> 008A0877 JL SHORT ntdll_1.008A087E
> 008A0879 CMP DWORD PTR SS:[EBP-4], ESI
> 008A087C JNZ SHORT ntdll_1.008A0892
> 008A087E CALL ntdll_1.LdrShutdownThread
> 008A0883 PUSH ESI ; /Arg1
> 008A0884 CALL ntdll_1.TpCheckTerminateWorker ;
> \TpCheckTerminateWorker
> 008A0889 PUSH DWORD PTR SS:[EBP+8]
> 008A088C PUSH ESI
> 008A088D CALL
> ntdll_1.ZwTerminateThread
> 008A0892 PUSH DWORD PTR SS:[EBP+8] ; /Arg1
> 008A0895 CALL ntdll_1.RtlExitUserProcess ; \RtlExitUserProcess
> 008A089A INT3
>
>
>
> On 2/27/13, xxxxx@flounder.com wrote:
>> Why are there 29 active threads when you are exiting the process? It is
>> the programmer’s responsibility to see that all threads are correctly
>> terminated before exiting the process. Of course, if you’ve suffered
>> sone
>> internal error, particularly on the main thread, the standard behaviors
>> is
>> to exit the process, and in that
> case, since the process has suffered
>> undefined behavior and nothing can be assumed about its correctness. So
>> no matter what happens, all bets are off. Make sure there are no exit()
>> calls anywhere in your code; these can result in undefined behavior,
>> particularly in multithreaded apps.
>>
>> The problem is that we really don’t have much to go on. I can come up
>> with a lot of scenarios for undefined behavior if there was no error but
>> you are relying on exit() [either implicit by returning from main() with
>> active threads, or explicit by exit() being called when there are active
>> threads] that I don’t think the 0x80000003 question is worth trying to
>> answer if you either call exit() or have experienced another error. So
>> please clarify what has happened.
>> joe
>>
>>> I feel strange that the
> eip is after calling rtlExitUserProcess. Here’s
>>> all thread stacks.
>>>
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
> —
> WINDBG is sponsored by OSR
>
> OSR is hiring!! Info at http://www.osr.com/careers
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer