Below is a stack trace of a call to KeWaitForSingleObject, however I
unable to determine the parameters especially the object that is being
waited on. (I also dumped the stack data). They all seem to be zero. The
docs don’t indicate that the Object can be NULL and the procedure is not
a fast call. What is strange is that there are many stack traces in
which KeWaitForSingleObject is being called and the parameters all seem
to be zero.
Can anyone explain what is going on?
Thanks,
Ken
*** Stack trace for last set context - .thread/.cxr resets it
ChildEBP RetAddr Args to Child
f33965c8 804f6320 814135a8 81413538 804f04e8 nt!KiSwapContext+0x2e (FPO:
[EBP 0xf33965fc] [0,0,4])
f33965d4 804f04e8 f33966b4 00000103 e11b4e00 nt!KiSwapThread+0x44 (FPO:
[0,0,2])
f33965fc f4998fff 00000000 00000000 00000000
nt!KeWaitForSingleObject+0x1c0 (FPO: [Non-Fpo])
f3396614 f49ba3c1 f33966b8 80ecf438 00000000 mrxsmb!SmbCeSuspend+0x14
(FPO: [1,0,0])
f3396664 f49be5b4 80ecf438 f49b4470 f3396708 mrxsmb!_SmbCeTransact+0xa4
(FPO: [Non-Fpo])
f3396740 f49be6f1 80ecf438 00000000 80dae008
mrxsmb!MRxSmbQueryFileInformation+0x473 (FPO: [1,35,3])
f3396758 f49bee4c 80dae008 80dd82c0 00000004
mrxsmb!MRxSmbQueryFileInformationFromPseudoOpen+0xe0 (FPO: [Non-Fpo])
f33967a4 f49bdaf7 00dae008 80dd82c0 f49b8ad3
mrxsmb!SmbPseExchangeStart_Create+0x24e (FPO: [Non-Fpo])
f33967b0 f49b8ad3 80dae008 00000001 e2374008
mrxsmb!SmbPseExchangeStart_default+0xe (FPO: [1,0,0])
f33967cc f49b970c 814229d8 80dd8340 80dd82c0
mrxsmb!SmbCeInitiateExchange+0x29d (FPO: [EBP 0x814b2538] [1,1,4])
814b2538 00000002 00000000 f49b3d28 8115801c mrxsmb!MRxSmbCreate+0x27c
(FPO: [Non-Fpo])
kd> dd f33965c8
f33965c8 f33966c4 804f6320 814135a8 81413538
f33965d8 804f04e8 f33966b4 00000103 e11b4e00
f33965e8 8106d670 00000002 f49caa24 00000234
f33965f8 00000000 f3396664 f4998fff 00000000
f3396608 00000000 00000000 00000000 00000000
f3396618 f49ba3c1 f33966b8 80ecf438 00000000
f3396628 e11b4ec8 00000000 00000000 00000000
f3396638 00000000 00000000 00000000 00000000
kd> dd
f3396648 00000000 00000000 00000000 00000000
f3396658 00000000 00000000 00000000 f33966cc
f3396668 f49be5b4 80ecf438 f49b4470 f3396708
f3396678 00000002 00000000 00000000 e11b4ec8
f3396688 0000003e f3396704 00000002 00000000
f3396698 00000000 80dae100 00000028 f33966b4
f33966a8 80ecf5a0 80dd8428 80ecf438 8106d670
f33966b8 00000000 00000000 00000000 80048200