Hi Guys,
While analyzing one of memory dump, i see stack for a thread
0: kd> .thread 0xffffe0015472e050 Implicit thread is now ffffe001
5472e050
0: kd> k
*** Stack trace for last set context - .thread/.cxr resets it
Child-SP RetAddr Call Site
00 ffffd00025821770 b7b7b7b7
b7b7b7b7 0xb7b7b7b7b7b7b7b7 01 ffffd000
25821778 b7b7b7b7b7b7b7b7 0xb7b7b7b7
b7b7b7b7
02 ffffd00025821780 b7b7b7b7
b7b7b7b7 0xb7b7b7b7`b7b7b7b7
…
This is a worker thread part of a struct which seems to be alright. Interestingly above thread is not appearing in !process 0 7.
I am wondering what has happened with this thread.
-Gyan
What does !thread show for that thread? Do those addresses match what the OS thinks the stack should be?
Tony
OSR
This thread has been terminated. Thats what !thread o/p says
0: kd> !thread 0xffffe001`5472e050
THREAD ffffe0015472e050 Cid 0004.1fcc Teb: 0000000000000000 Win32Thread: 0000000000000000 TERMINATED
Not impersonating
…
Because of some reference, its still hanging in memory. Is it still possible to have some stack frame for terminated thread?
-Gyan
The thread stack is usually unmapped at this point (i.e. “reaped” by the
reaper thread). You can see if this has already happened by checking the the
InitialStack field from the KTHREAD. If it’s NULL then there is no way to
get the stack back at this point (if it’s not null the best you can do is
dump the raw contents with dps and look for breadcrumbs).
-scott
OSR
@OSRDrivers
wrote in message news:xxxxx@windbg…
This thread has been terminated. Thats what !thread o/p says
0: kd> !thread 0xffffe001`5472e050
THREAD ffffe0015472e050 Cid 0004.1fcc Teb: 0000000000000000 Win32Thread:
0000000000000000 TERMINATED
Not impersonating
…
Because of some reference, its still hanging in memory. Is it still possible
to have some stack frame for terminated thread?
-Gyan