DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)

Hello All,
I am looking at the below Kernel dump. I see the stack is corrupted in the
below analyze command. How do i troubleshoot further???

1: kd> !analyze -v
ERROR: FindPlugIns 8007007b
*******************************************************************************
*
*
* Bugcheck Analysis
*
*
*
*******************************************************************************

DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at
an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 3f3f3f3f, memory referenced
Arg2: 000000ff, IRQL
Arg3: 00000008, value 0 = read operation, 1 = write operation
Arg4: 3f3f3f3f, address which referenced memory

Debugging Details:

READ_ADDRESS: 3f3f3f3f

CURRENT_IRQL: 2

FAULTING_IP:
+2702faf00c3d83c
3f3f3f3f ?? ???

PROCESS_NAME: System

DEFAULT_BUCKET_ID: VISTA_DRIVER_FAULT

BUGCHECK_STR: 0xD1

LAST_CONTROL_TRANSFER: from 3f3f3f3f to 81880fd9

FAILED_INSTRUCTION_ADDRESS:
+2702faf00c3d83c
3f3f3f3f ?? ???

STACK_TEXT:
00018730 3f3f3f3f badb0d00 00000000 3f3f3f3f nt!KiTrap0E+0x2e1
WARNING: Frame IP not in any known module. Following frames may be wrong.
000187a0 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187a4 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187a8 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187ac 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187b0 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187b4 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187b8 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187bc 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187c0 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187c4 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187c8 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187cc 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187d0 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187d4 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187d8 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187dc 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187e0 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187e4 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187e8 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187ec 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187f0 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187f4 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187f8 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000187fc 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018800 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018804 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018808 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
0001880c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018810 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018814 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018818 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
0001881c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018820 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018824 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018828 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
0001882c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018830 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018834 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018838 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
0001883c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018840 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018844 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018848 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
0001884c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018850 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018854 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018858 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
0001885c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018860 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018864 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018868 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
0001886c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018870 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018874 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018878 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
0001887c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018880 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018884 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018888 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
0001888c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018890 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018894 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
00018898 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
0001889c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000188a0 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000188a4 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000188a8 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000188ac 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000188b0 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000188b4 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000188b8 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000188bc 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000188c0 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
000188c4 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f

STACK_COMMAND: kb

FOLLOWUP_IP:
nt!KiTrap0E+2e1
81880fd9 833d841c968100 cmp dword ptr [nt!KiFreezeFlag (81961c84)],0

SYMBOL_STACK_INDEX: 0

SYMBOL_NAME: nt!KiTrap0E+2e1

FOLLOWUP_NAME: MachineOwner

MODULE_NAME: nt

IMAGE_NAME: ntkrpamp.exe

DEBUG_FLR_IMAGE_TIMESTAMP: 4c0e557c

FAILURE_BUCKET_ID: 0xD1_CODE_AV_BAD_IP_nt!KiTrap0E+2e1

BUCKET_ID: 0xD1_CODE_AV_BAD_IP_nt!KiTrap0E+2e1

Followup: MachineOwner

That is some stack!

Is this reproducible? Are there other threads in the dump that provide
any clues? Have you tested with verifier?

Because of horror shows like this I always incorporate kernel logging
into my drivers so that I have runtime trace information that provides
some level of clue regarding what was happening when everything went
to fail.

Of course if my ringbuffer were filled with
“???..” that wouldn’t be of much help either.

Mark Roddy

On Wed, Mar 9, 2011 at 12:45 AM, SRG wrote:
> Hello All,
> I am looking at the below Kernel dump. I see the?stack is corrupted in the
> below analyze command. How do i troubleshoot further???
>
> 1: kd> !analyze -v
> ERROR: FindPlugIns 8007007b
> ***
>
> ?
> * ? ? ? ? ? ? ? ? ? ? ? ?Bugcheck Analysis
> ?

>
> ?
>

> DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
> An attempt was made to access a pageable (or completely invalid) address at
> an
> interrupt request level (IRQL) that is too high. ?This is usually
> caused by drivers using improper addresses.
> If kernel debugger is available get stack backtrace.
> Arguments:
> Arg1: 3f3f3f3f, memory referenced
> Arg2: 000000ff, IRQL
> Arg3: 00000008, value 0 = read operation, 1 = write operation
> Arg4: 3f3f3f3f, address which referenced memory
> Debugging Details:
> ------------------
>
> READ_ADDRESS: ?3f3f3f3f
> CURRENT_IRQL: ?2
> FAULTING_IP:
> +2702faf00c3d83c
> 3f3f3f3f ?? ? ? ? ? ? ? ???
> PROCESS_NAME: ?System
> DEFAULT_BUCKET_ID: ?VISTA_DRIVER_FAULT
> BUGCHECK_STR: ?0xD1
> LAST_CONTROL_TRANSFER: ?from 3f3f3f3f to 81880fd9
> FAILED_INSTRUCTION_ADDRESS:
> +2702faf00c3d83c
> 3f3f3f3f ?? ? ? ? ? ? ? ???
> STACK_TEXT:
> 00018730 3f3f3f3f badb0d00 00000000 3f3f3f3f nt!KiTrap0E+0x2e1
> WARNING: Frame IP not in any known module. Following frames may be wrong.
> 000187a0 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187a4 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187a8 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187ac 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187b0 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187b4 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187b8 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187bc 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187c0 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187c4 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187c8 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187cc 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187d0 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187d4 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187d8 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187dc 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187e0 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187e4 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187e8 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187ec 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187f0 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187f4 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187f8 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000187fc 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018800 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018804 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018808 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 0001880c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018810 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018814 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018818 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 0001881c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018820 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018824 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018828 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 0001882c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018830 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018834 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018838 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 0001883c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018840 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018844 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018848 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 0001884c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018850 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018854 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018858 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 0001885c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018860 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018864 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018868 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 0001886c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018870 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018874 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018878 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 0001887c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018880 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018884 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018888 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 0001888c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018890 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018894 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 00018898 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 0001889c 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000188a0 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000188a4 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000188a8 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000188ac 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000188b0 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000188b4 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000188b8 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000188bc 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000188c0 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
> 000188c4 3f3f3f3f 3f3f3f3f 3f3f3f3f 3f3f3f3f 0x3f3f3f3f
>
> STACK_COMMAND: ?kb
> FOLLOWUP_IP:
> nt!KiTrap0E+2e1
> 81880fd9 833d841c968100 ?cmp ? ? dword ptr [nt!KiFreezeFlag (81961c84)],0
> SYMBOL_STACK_INDEX: ?0
> SYMBOL_NAME: ?nt!KiTrap0E+2e1
> FOLLOWUP_NAME: ?MachineOwner
> MODULE_NAME: nt
> IMAGE_NAME: ?ntkrpamp.exe
> DEBUG_FLR_IMAGE_TIMESTAMP: ?4c0e557c
> FAILURE_BUCKET_ID: ?0xD1_CODE_AV_BAD_IP_nt!KiTrap0E+2e1
> BUCKET_ID: ?0xD1_CODE_AV_BAD_IP_nt!KiTrap0E+2e1
> Followup: MachineOwner
> — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the
> List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer

Dump stack further, i.e.:

0: kd> dps esp - 3000 esp + 3000

And see what is there?

>0: kd> dps esp - 3000 esp + 3000

Note that you can automate dumping the current thread’s entire stack with
the following command:

dps @@(@$thread->Tcb.StackLimit) @@(@$thread->Tcb.StackBase)

That makes sure you’re only dumping a valid range and don’t have to worry
about x86/x64 differences in stack size.

-scott


Scott Noone
Consulting Associate and Chief System Problem Analyst
OSR Open Systems Resources, Inc.
http://www.osronline.com

That looks like buffer overflow, and RET after that. Too bad that last control transfer registers are lost.

Thanks all for your inputs. I tried scott’s command and i got a longer
stack below (removed some empty addresses for clarity) but still clueless…

1: kd> dps @@(@$thread->Tcb.StackLimit) @@(@$thread->Tcb.StackBase)
803ea000 8d746000
803ea004 33f3b60f
803ea008 1f2e3d4c
803ea00c 5d8b8ca3
803ea010 10ebc1e8
803ea014 33f1b60f
803ea018 ee78b514
803ea01c b60f8ca3
803ea020 b5348bf3
803ea024 8ca3f678 Ntfs!Spbox+0x688
803ea028 7d89df8b

803ea058 bd3c8bfb
803ea05c 8ca3f278 Ntfs!Spbox+0x288
803ea060 ebc1d88b
803ea064 9d3c3318
803ea068 8ca3fa78 Ntfs!Sel+0x288
803ea06c ebc1d98b

803ea094 bd048b18
803ea098 8ca3fa78 Ntfs!Sel+0x288
803ea09c 789d0433
803ea0a0 c18ca3f6
803ea0a4 b60f08e9
803ea0a8 8d0433c9
803ea0ac 8ca3f278 Ntfs!Spbox+0x288
803ea0b0 e84db60f

803ea100 bd34338c
803ea104 8ca3f678 Ntfs!Spbox+0x688
803ea108 ebc1da8b
803ea10c fbb60f08

803ea188 9d3c33e4
803ea18c 8ca3ee78 Ntfs!U4+0x300
803ea190 8910eac1

803ea1f0 b5348b18
803ea1f4 8ca3fa78 Ntfs!Sel+0x288
803ea1f8 78bd3433

803ea220 bd3c8bfb
803ea224 8ca3f678 Ntfs!Spbox+0x688
803ea228 c1e45d8b
803ea22c b60f08eb
803ea230 9d3c33db
803ea234 8ca3f278 Ntfs!Spbox+0x288
803ea238 ebc1d98b
803ea23c 9d3c3318
803ea240 8ca3fa78 Ntfs!Sel+0x288
803ea244 33dab60f

803ea274 9d3c33db
803ea278 8ca3f678 Ntfs!Spbox+0x688
803ea27c e45db60f

803ea29c 9d14338c
803ea2a0 8ca3f678 Ntfs!Spbox+0x688
803ea2a4 0f08e9c1
803ea2a8 1433c9b6
803ea2ac a3f2788d
803ea2b0 4db60f8c
803ea2b4 8d1433e8
803ea2b8 8ca3ee78 Ntfs!U4+0x300
803ea2bc 3318488b

803ea350 bd3c8bfb
803ea354 8ca3f278 Ntfs!Spbox+0x288
803ea358 ebc1da8b
803ea35c 9d3c3318
803ea360 8ca3fa78 Ntfs!Sel+0x288
803ea364 ebc1d98b

803ea38c bd148bda
803ea390 8ca3fa78 Ntfs!Sel+0x288
803ea394 789d1433
803ea398 c18ca3f6
803ea39c b60f08e9
803ea3a0 8d1433c9
803ea3a4 8ca3f278 Ntfs!Spbox+0x288
803ea3a8 e84db60f

803ea3d8 b5348b18
803ea3dc 8ca3fa78 Ntfs!Sel+0x288
803ea3e0 0f10ebc1

803ea3f4 bd3433fb
803ea3f8 8ca3f278 Ntfs!Spbox+0x288
803ea3fc c1e85d8b
803ea400 b60f10eb
803ea404 bd3433f9
803ea408 8ca3ee78 Ntfs!U4+0x300
803ea40c 0fec7589

803ea430 bd343318
803ea434 8ca3fa78 Ntfs!Sel+0x288
803ea438 33fab60f

803ea510 bd1cb60f
803ea514 8ca3ee79 Ntfs!U4+0x301
803ea518 88e87d8b

803ea574 bd1cb60f
803ea578 8ca3ee79 Ntfs!U4+0x301
803ea57c 8bf45d88
803ea580 ebc1e85d
803ea584 fbb60f08
803ea588 bd1cb60f
803ea58c 8ca3ee79 Ntfs!U4+0x301
803ea590 8bf55d88

803ea6dc b5348bf3
803ea6e0 8ca40678 Ntfs!NtfsAttributeDefinitions+0x670
803ea6e4 33f9b60f

803ea70c bd3433f8
803ea710 8ca3fe78 Ntfs!Sel+0x688
803ea714 8be87d8b
803ea718 08ebc1d8
803ea71c c1dbb60f
803ea720 3c8b18ef
803ea724 a40a78bd asyncmac!AsyncInfoValidate+0x1d
803ea728 9d3c338c
803ea72c 8ca40278 Ntfs!NtfsAttributeDefinitions+0x270
803ea730 ebc1d98b

803ea76c 8d043318
803ea770 8ca40a78 Ntfs!NtfsAttributeDefinitions+0xa70
803ea774 e84db60f

803ea7dc 343318ef
803ea7e0 a40a78bd asyncmac!AsyncInfoValidate+0x1d
803ea7e4 f9b60f8c
803ea7e8 78bd3433
803ea7ec 0f8ca3fe
803ea7f0 3c8bfbb6
803ea7f4 a40678bd tssecsrv!DrvUnload (tssecsrv+0x8bd)
803ea7f8 e45d8b8c
803ea7fc 3318ebc1
803ea800 0a789d3c
803ea804 d98b8ca4
803ea808 0f08ebc1
803ea80c 3c33dbb6
803ea810 a402789d srv!InitializeServer+0xad
803ea814 dab60f8c
-------------------------
803ea844 3c33dbb6
803ea848 a406789d tssecsrv!DrvUnload (tssecsrv+0x89d)
803ea84c 5db60f8c
803ea850 9d3c33e4
803ea854 8ca3fe78 Ntfs!Sel+0x688
803ea858 c1e45d8b
803ea85c eac108eb
803ea860 f47d8910
803ea864 0ffbb60f
803ea868 148bdab6
803ea86c a40278bd srv!InitializeServer+0xcd
803ea870 9d14338c
803ea874 8ca40678 Ntfs!NtfsAttributeDefinitions+0x670
803ea878 3318e9c1
---------------------------
803ea8c4 bd3433fb
803ea8c8 8ca40678 Ntfs!NtfsAttributeDefinitions+0x670
803ea8cc c1e85d8b
803ea8d0 fa8b10eb
803ea8d4 3318efc1
803ea8d8 0a78bd34
803ea8dc b60f8ca4
803ea8e0 bd3433f9
803ea8e4 8ca3fe78 Ntfs!Sel+0x688
803ea8e8 8bfbb60f
--------------------------------------
803ea910 9d3c33da
803ea914 8ca3fe78 Ntfs!Sel+0x688
803ea918 ebc1da8b
-----------------------
803ea928 bd3c8b18
803ea92c 8ca40a78 Ntfs!NtfsAttributeDefinitions+0xa70
803ea930 789d3c33
--------------------
803ea968 14338ca4
803ea96c a406789d tssecsrv!DrvUnload (tssecsrv+0x89d)
803ea970 18e9c18c
-------------------------------------
803ea9b0 b5348be4
803ea9b4 8ca40278 Ntfs!NtfsAttributeDefinitions+0x270
803ea9b8 0f10ebc1
803ea9bc 3433fbb6
803ea9c0 a40678bd tssecsrv!DrvUnload (tssecsrv+0x8bd)
803ea9c4 e85d8b8c
803ea9c8 efc1fa8b
803ea9cc bd343318
803ea9d0 8ca40a78 Ntfs!NtfsAttributeDefinitions+0xa70
803ea9d4 0f10ebc1
803ea9d8 3433f9b6
803ea9dc a3fe78bd
803ea9e0 fbb60f8c
803ea9e4 8be45d8b
803ea9e8 0678bd3c
803ea9ec ebc18ca4
803ea9f0 9d3c3318
803ea9f4 8ca40a78 Ntfs!NtfsAttributeDefinitions+0xa70
803ea9f8 ebc1d98b
803ea9fc dbb60f08
803eaa00 789d3c33
803eaa04 0f8ca402
803eaa08 3c33dab6
803eaa0c a3fe789d
803eaa10 f07d898c
803eaa14 c1e87d8b
803eaa18 3c8b18ef
803eaa1c a40a78bd asyncmac!AsyncInfoValidate+0x1d
803eaa20 c1da8b8c
803eaa24 b60f08eb
803eaa28 9d3c33db
803eaa2c 8ca40278 Ntfs!NtfsAttributeDefinitions+0x270
803eaa30 ebc1d98b
------------------------
803eaa6c 8d143318
803eaa70 8ca40a78 Ntfs!NtfsAttributeDefinitions+0xa70
803eaa74 e84db60f
------------------------------
803eaac4 343318ef
803eaac8 a40a78bd asyncmac!AsyncInfoValidate+0x1d
803eaacc 10ebc18c
803eaad0 33f9b60f
803eaad4 fe78bd34
803eaad8 7d8b8ca3
803eaadc ec7589e4
803eaae0 8bf3b60f
803eaae4 0678b534
803eaae8 efc18ca4
803eaaec bd343318
803eaaf0 8ca40a78 Ntfs!NtfsAttributeDefinitions+0xa70
803eaaf4 ebc1d98b
803eaaf8 fbb60f08
803eaafc 78bd3433
803eab00 0f8ca402
803eab04 3433fab6
803eab08 a3fe78bd
803eab0c 89da8b8c
803eab10 758bf075
803eab14 08ebc1e8
803eab18 c1fbb60f
803eab1c 348b18ee
803eab20 a40a78b5 asyncmac!AsyncInfoValidate+0x15
803eab24 bd34338c
803eab28 8ca40278 Ntfs!NtfsAttributeDefinitions+0x270
803eab2c ebc1d98b
803eab30 fbb60f10
803eab34 78bd3433
803eab38 8b8ca406
803eab3c b60fe45d
803eab40 bd3433fb
803eab44 8ca3fe78 Ntfs!Sel+0x688
803eab48 7d89fe8b
803eab4c 08ebc1f4
803eab50 0f10eac1
803eab54 348bf3b6
803eab58 a40278b5 srv!InitializeServer+0xc5
803eab5c d2b60f8c
803eab60 78953433
803eab64 c18ca406
803eab68 343318e9
803eab6c a40a788d asyncmac!AsyncSendLineUp+0x45
803eab70 4db60f8c
803eab74 8d3433e8
803eab78 8ca3fe78 Ntfs!Sel+0x688
803eab7c 8340e883
----------------------
803eabd0 9fb60ffb
803eabd4 8ca40e78 Ntfs!TxfTransCancelListLookasideList+0x18
803eabd8 8bee5d88
803eabdc 18efc1f9
803eabe0 789fb60f
803eabe4 888ca40e
803eabe8 b60fef5d
803eabec 9fb60ff9
803eabf0 8ca40e78 Ntfs!TxfTransCancelListLookasideList+0x18
803eabf4 8bf05d88
-------------------
803eac20 9fb60f18
803eac24 8ca40e78 Ntfs!TxfTransCancelListLookasideList+0x18
803eac28 0ff35d88
--------------------
803eac70 8d58fdb0
803eac74 00000000
803eac78 818f2266 nt!FsRtlCheckNoExclusiveConflict+0x59
803eac7c 8d58fccc
803eac80 84da4580
803eac84 8d548120
803eac88 00000000
803eac8c 818f6352 nt!CcUnmapInactiveViews+0xbf
803eac90 84da4580
-----------------------
803eacbc ffffffff
803eacc0 8194c120 nt!AlpcpCompletionListDatabase+0x660
803eacc4 00000003
803eacc8 8d00fd30
803eaccc 8d58fd30
803eacd0 818f0744 nt!MiFreeMergePages+0x19f
803eacd4 84da4580
803eacd8 8194c100 nt!AlpcpCompletionListDatabase+0x640
803eacdc 84da4580
----------------------
803ead30 8d58fd7c
803ead34 818efdfa nt!ExReinitializeResourceLite+0x3f
803ead38 8194c100 nt!AlpcpCompletionListDatabase+0x640
803ead3c 00000000
------------------------
803ead7c 8d58fdc0
803ead80 81a1fc42 nt!OpcodeINSWV86+0x13
803ead84 00000022
--------------------
803eadb0 ffffffff
803eadb4 81871ce9 nt!KiInitializeContextThread+0x124
803eadb8 0521c35b
803eadbc 00000000
803eadc0 00000000
803eadc4 81888f4e nt! ?? ::FNODOBFM::`string’+0x4ade
803eadc8 818efd25 nt!FsRtlInsertPerStreamContext+0xa6
803eadcc 00000000
---------------------------
803eb07c 8ca43b8c Ntfs!NtfsStatusQueue+0x174c
803eb080 4589c533
----------------------------------
803eb99c c3c9fffe
803eb9a0 8ca3537e Ntfs!_imp _KeFreeCalloutStack+0x2
803eb9a4 8ca35163 Ntfs!imp
MmMapLockedPagesWithReservedMapping+0x3
803eb9a8 8ca3518f Ntfs!_imp _KeDelayExecutionThread+0x3
803eb9ac 8ca351eb Ntfs!imp
SeAuditHardLinkCreationWithTransaction+0x3
803eb9b0 8ca3523c Ntfs!_imp _FsRtlIncrementCcFastReadResourceMiss
803eb9b4 8ca35248 Ntfs!imp
FsRtlIncrementCcFastReadNoWait
803eb9b8 8ca35293 Ntfs!_imp _KeSetPriorityThread+0x3
803eb9bc 8ca3539e Ntfs!imp
RtlValidSid+0x2
803eb9c0 90909090
-------------------
803ebaf0 25ff9090
803ebaf4 8ca38690 Ntfs! safe_se_handler_table+0x23b0
803ebaf8 90909090
803ebafc 92646890
803ebb00 94e88ca3
803ebb04 59ffffdd
803ebb08 909090c3
803ebb0c 25ff9090
803ebb10 8ca38694 Ntfs!
safe_se_handler_table+0x23b4
803ebb14 90909090
-------------------
803ebbd0 ff8b9090
803ebbd4 81ec8b55 volmgrx!VMX_LOG::FlushSequentialIo+0x1b
803ebbd8 0000e0ec
---------------------
803ebce4 83ec8b55
803ebce8 8ca140ec Ntfs!NtfsSnapshotScbInternal+0xf7
803ebcec 338ca43b
-----------------
803ebd8c d445c7c8
803ebd90 8ca41f78 Ntfs!NtfsCompressCtxLookasideList+0x38
803ebd94 0fcc458b
---------------------
803ebee8 b51433fc
803ebeec 8ca41778 Ntfs!NtfsRepairStatistics+0x58
803ebef0 fb70b60f
------------------
803ebf30 b51433ee
803ebf34 8ca40f78 Ntfs!TxfVscbQuotaInfoLookasideList+0x18
803ebf38 0fee5089
----------------
803ebf54 b51433f3
803ebf58 8ca41378 Ntfs!TxfFoLookasideList+0x18
803ebf5c f270b60f
-----------------
803ebf78 b514338c
803ebf7c 8ca41778 Ntfs!NtfsRepairStatistics+0x58
803ebf80 f770b60f
---------------
803ec020 15ff8ca4
803ec024 8ca3864c Ntfs! safe_se_handler_table+0x236c
803ec028 010f45c6
-------------------
803ec0b4 15ff1445
803ec0b8 8ca38608 Ntfs!
safe_se_handler_table+0x2328
803ec0bc f685f08b
------------------
803ec228 8ca38608 Ntfs! safe_se_handler_table+0x2328
803ec22c f685f08b
-----------------
803ec454 15ff1445
803ec458 8ca38608 Ntfs!
safe_se_handler_table+0x2328
803ec45c f685f08b
---------------------------
803ec534 15ffd08b
803ec538 8ca38170 Ntfs! safe_se_handler_table+0x1e90
803ec53c 0001033d
803ec540 fc458900
803ec544 53531475
803ec548 458d5353
803ec54c 15ff5080
803ec550 8ca38610 Ntfs!
safe_se_handler_table+0x2330
803ec554 8990458b
-------------------------
803ec5f8 803ec618
803ec5fc 9123bf73 vmxnet3n61x86!realloc+0x8ab1
803ec600 854cee80
---------------------
803ec654 803ec6ac
803ec658 9123a397 vmxnet3n61x86!realloc+0x6ed5
803ec65c 014bf188
-------------------------
803ec6ac 803ec6cc
803ec6b0 9123a887 vmxnet3n61x86!realloc+0x73c5
803ec6b4 85e62718
803ec6b8 9123a952 vmxnet3n61x86!realloc+0x7490
803ec6bc 90465600
803ec6c0 0000009e
803ec6c4 854bf1b8
803ec6c8 00000001
803ec6cc 803ec6dc
803ec6d0 9123ab98 vmxnet3n61x86!realloc+0x76d6
803ec6d4 85e627a0
803ec6d8 00000000
803ec6dc 803ec708
803ec6e0 818051f4 hal!HalBuildScatterGatherList+0x1ba
803ec6e4 8544e030
803ec6e8 00000000
803ec6ec 85637008
803ec6f0 85e62718
803ec6f4 85e62780
803ec6f8 854a8748
803ec6fc 85e62718
803ec700 818012f0 hal!HalpDmaOperations
803ec704 818012f0 hal!HalpDmaOperations
803ec708 803ec74c
803ec70c 8060d554 NDIS!NdisMAllocateNetBufferSGList+0x94
803ec710 85637008
803ec714 8544e030
803ec718 85e62780
803ec71c 00000000
803ec720 00000078
803ec724 9123ab42 vmxnet3n61x86!realloc+0x7680
803ec728 85e62718
803ec72c 00000000
803ec730 85637008
803ec734 00000818
803ec738 85e62718
803ec73c 854bf188
803ec740 85637008
803ec744 00000818
803ec748 8544e0e8
803ec74c 803ec78c
803ec750 9123a77e vmxnet3n61x86!realloc+0x72bc
803ec754 00000078
803ec758 85e627a4
803ec75c 85e62718
803ec760 00000001
803ec764 00000000
803ec768 9123a81b vmxnet3n61x86!realloc+0x7359
803ec76c 80644000 NDIS!WPP_GLOBAL_Control
803ec770 8544e0e8
803ec774 9123a4a8 vmxnet3n61x86!realloc+0x6fe6
803ec778 00000000
803ec77c 854bf1a8
803ec780 00000000
803ec784 85e62690
803ec788 028b1889
803ec78c 803ec7b4
803ec790 806d849e NDIS!ndisMSendNBLToMiniport+0xb4
803ec794 854bc000
803ec798 854bf1b0
803ec79c 00000000
803ec7a0 00000000
803ec7a4 85e62690
803ec7a8 8561fc10
803ec7ac 8561f410
803ec7b0 00000000
803ec7b4 803ec7d4
803ec7b8 8060d7d7 NDIS!ndisFilterSendNetBufferLists+0x8b
803ec7bc 8544e0e8
803ec7c0 85e62690
803ec7c4 00000000
803ec7c8 00000000
803ec7cc 8544e0e8
803ec7d0 8544e0e8
803ec7d4 803ec7ec
803ec7d8 8060d720 NDIS!NdisFSendNetBufferLists+0x18
803ec7dc 85e62690
803ec7e0 85e62690
803ec7e4 00000000
803ec7e8 00000000
803ec7ec 803ec868
803ec7f0 992b24a3 pacer!PcFilterSendNetBufferLists+0x233
803ec7f4 818ddfee nt!KiIpiServiceRoutine+0x86
803ec7f8 9123c2e6 vmxnet3n61x86!realloc+0x8e24
803ec7fc 803d1000
803ec800 81807838 hal!HalEndSystemInterrupt+0x7a
803ec804 803d1000
803ec808 803ec818
803ec80c 81817cc9 hal!HalpIpiHandler+0x189
803ec810 00000002
803ec814 000000e1
803ec818 803ec8c8
803ec81c 9123c2e6 vmxnet3n61x86!realloc+0x8e24
803ec820 badb0d00
803ec824 803ec8e4
803ec828 8c8de99f tcpip!Ipv4pFragmentPacketHelper+0x7a4
803ec82c 85e62690
803ec830 803eca84
803ec834 8561d1c0
803ec838 8c8de9ac tcpip!Ipv4pFragmentPacketHelper+0x7b1
803ec83c 748d0c7d
803ec840 c383f807
803ec844 862c8738
803ec848 00000042
803ec84c 803ec86c
803ec850 9123bf73 vmxnet3n61x86!realloc+0x8ab1
803ec854 854d8080
803ec858 862c879e
803ec85c 00000036
803ec860 00000036
803ec864 862ad580
803ec868 00000042
803ec86c 803ec88c
803ec870 9123bf73 vmxnet3n61x86!realloc+0x8ab1
803ec874 854cfa80
----------------------
803ec8c8 803ec920
803ec8cc 9123a397 vmxnet3n61x86!realloc+0x6ed5
803ec8d0 004bf188
--------------------------
803ec920 803ec940
803ec924 9123a887 vmxnet3n61x86!realloc+0x73c5
803ec928 862ad518
803ec92c 9123a952 vmxnet3n61x86!realloc+0x7490
803ec930 90465600
803ec934 000000b6
803ec938 854bf1b8
803ec93c 00000001
803ec940 803ec950
803ec944 9123ab98 vmxnet3n61x86!realloc+0x76d6
803ec948 862ad5a0
803ec94c 00000000
803ec950 803ec97c
803ec954 818051f4 hal!HalBuildScatterGatherList+0x1ba
803ec958 8544e030
803ec95c 00000000
803ec960 862d14e8
803ec964 862ad518
803ec968 862ad580
803ec96c 854a8748
803ec970 862ad518
803ec974 818012f0 hal!HalpDmaOperations
803ec978 818012f0 hal!HalpDmaOperations
803ec97c 803ec9c0
803ec980 8060d554 NDIS!NdisMAllocateNetBufferSGList+0x94
803ec984 862d14e8
803ec988 8544e030
803ec98c 862ad580
803ec990 00000000
803ec994 00000078
803ec998 9123ab42 vmxnet3n61x86!realloc+0x7680
803ec99c 862ad518
-------------------
803ec9c0 803eca00
803ec9c4 9123a77e vmxnet3n61x86!realloc+0x72bc
803ec9c8 00000078
803ec9cc 862ad5a4
803ec9d0 862ad518
803ec9d4 00000001
803ec9d8 00000000
803ec9dc 9123a81b vmxnet3n61x86!realloc+0x7359
803ec9e0 80644000 NDIS!WPP_GLOBAL_Control
803ec9e4 8544e0e8
803ec9e8 9123a4a8 vmxnet3n61x86!realloc+0x6fe6
803ec9ec 00000001
803ec9f0 854bf1a8
803ec9f4 00000000
803ec9f8 862ad490
803ec9fc 0061fc10
803eca00 803eca28
803eca04 806d849e NDIS!ndisMSendNBLToMiniport+0xb4
803eca08 854bc000
803eca0c 854bf1b0
803eca10 00000000
803eca14 00000000
803eca18 862ad490
803eca1c 8561fc10
803eca20 8561f410
803eca24 00000000
803eca28 803eca48
803eca2c 8060d7d7 NDIS!ndisFilterSendNetBufferLists+0x8b
803eca30 8544e0e8
803eca34 862ad490
803eca38 00000000
803eca3c 00000001
803eca40 8544e0e8
803eca44 8544e0e8
803eca48 803eca60
803eca4c 8060d720 NDIS!NdisFSendNetBufferLists+0x18
803eca50 862ad490
803eca54 862ad490
803eca58 00000000
803eca5c 00000001
803eca60 803ecadc
803eca64 992b24a3 pacer!PcFilterSendNetBufferLists+0x233
803eca68 8561fc10
803eca6c 862ad490
803eca70 00000000
803eca74 00000001
803eca78 806429a8 NDIS!HighestAcceptableMax+0xa8
803eca7c 00000788
803eca80 862ad000
803eca84 819356e0 nt!NonPagedPoolDescriptor
803eca88 00000102
803eca8c 862c87c0
803eca90 819356e0 nt!NonPagedPoolDescriptor
803eca94 00000102
803eca98 8196b102 nt!CcBcbSpinLock+0x2
803eca9c 803ecaac
803ecaa0 8180770c hal!KfLowerIrql+0x64
803ecaa4 000001ff
803ecaa8 8196b102 nt!CcBcbSpinLock+0x2
803ecaac 803ecb00
803ecab0 818040ed hal!KeReleaseQueuedSpinLock+0x2d
803ecab4 81921133 nt!ExAllocatePoolWithTag+0x5ed
803ecab8 00000ff0
----------------------
803ecadc 803ecaf8
803ecae0 8060d869 NDIS!ndisSendNBLToFilter+0x87
803ecae4 8561b298
803ecae8 002ad490
803ecaec 00000000
803ecaf0 00000001
803ecaf4 80644000 NDIS!WPP_GLOBAL_Control
803ecaf8 803ecb1c
803ecafc 806d83b5 NDIS!NdisSendNetBufferLists+0x4f
803ecb00 862ad490
-------------------
803ecb1c 803ecb44
803ecb20 8c894103 tcpip!FlFastSendPackets+0xc1
803ecb24 85621c50
-----------------------------
803ecb78 803ecb88
803ecb7c 8180770c hal!KfLowerIrql+0x64
803ecb80 818ddfee nt!KiIpiServiceRoutine+0x86
803ecb84 81803fb6 hal!HalpReleaseHighLevelLock+0x6
803ecb88 803d1000
803ecb8c 818ddfee nt!KiIpiServiceRoutine+0x86
803ecb90 81803f9e hal!HalpAcquireHighLevelLock+0x2e
803ecb94 803d1000
803ecb98 81807838 hal!HalEndSystemInterrupt+0x7a
803ecb9c 803d1000
803ecba0 803ecbb0
803ecba4 81817cc9 hal!HalpIpiHandler+0x189
803ecba8 81803f02 hal!KeAcquireSpinLockRaiseToSynch+0x32
803ecbac 000000e1
803ecbb0 803ecc68
803ecbb4 818ddfee nt!KiIpiServiceRoutine+0x86
803ecbb8 818de8e5 nt!KeUpdateRunTime+0xf4
803ecbbc 803d1000
803ecbc0 81807838 hal!HalEndSystemInterrupt+0x7a
803ecbc4 803d1000
803ecbc8 803ecbd8
803ecbcc 81817cc9 hal!HalpIpiHandler+0x189
803ecbd0 803d101c
803ecbd4 000000e1
803ecbd8 803ecc64
803ecbdc 818de8e5 nt!KeUpdateRunTime+0xf4
803ecbe0 badb0d00
--------------------
803ecbfc 803ecc24
803ecc00 8c904398 tcpip!TcpMppEventHandler+0x99
803ecc04 00000000
------------------
803ecc44 803ecca4
803ecc48 8c9030b5 tcpip!TcpTimerMppTimeoutHandler+0x33
803ecc4c 85344dd4
------------------------
803ecc84 803eccf4
803ecc88 818105ec hal!HalpQueryBrokenPmTimerCount+0x10e
803ecc8c 48608b1e
803ecc90 00000004
803ecc94 481312db
803ecc98 00000004
803ecc9c 004d788f
803ecca0 00000002
803ecca4 81810698 hal!HalpQueryBrokenPmTimerCount+0x1ba
803ecca8 00000000
803eccac 803d2f90
803eccb0 0001878c
803eccb4 0013128f
803eccb8 8c8e91c0 tcpip!TcpPeriodicTimeoutHandler+0x3fa
803eccbc 48000000
803eccc0 00000004
803eccc4 ff000000
803eccc8 ffffffff
803ecccc 481312db
803eccd0 00000004
803eccd4 c00000a3
803eccd8 00000000
803eccdc 803d2f90
803ecce0 0001878c
803ecce4 818e3e13 nt!PpmIdleCountToMs+0x42
803ecce8 9124a34d intelppm!C1Idle+0x5
803eccec 818e3dc6 nt!PpmCallIdleHandler+0x2e
803eccf0 85516540
803eccf4 803d2f90
803eccf8 803ecd50
803eccfc 818e3d14 nt!PoIdle+0x2d1
803ecd00 855164f0
-----------------------
803ecd50 84d55910
803ecd54 818db861 nt!KiIdleLoop+0xd
803ecd58 00000000
803ecd5c 0000000e
-----------------------
803ecdb8 ffffffff
803ecdbc 00000001
803ecdc0 81871f38 nt!KiThreadStartup
803ecdc4 00000000
803ecdc8 00000000
803ecdcc 00000000
803ecdd0 00000000
803ecdd4 00000000
803ecdd8 de03006a
803ecddc 133ee853
803ecde0 c483fffe
803ecde4 c0335f0c
803ecde8 c25d5b5e
803ecdec 90900008
803ecdf0 0000027f
803ecdf4 00000000
803ecdf8 00000000
803ecdfc 00000000

On Wed, Mar 9, 2011 at 6:47 AM, Scott Noone wrote:

> 0: kd> dps esp - 3000 esp + 3000
>>
>
> Note that you can automate dumping the current thread’s entire stack with
> the following command:
>
> dps @@(@$thread->Tcb.StackLimit) @@(@$thread->Tcb.StackBase)
>
> That makes sure you’re only dumping a valid range and don’t have to worry
> about x86/x64 differences in stack size.
>
> -scott
>
> –
> Scott Noone
> Consulting Associate and Chief System Problem Analyst
> OSR Open Systems Resources, Inc.
> http://www.osronline.com
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>