That is correct. I am getting cancellation APC, it is not blocked, but my cancel routine is not being called. This is the content of the APC
kd> dt nt!_KAPC (0xfffff88002147b40 - 0x10) +0x000 Type : 0x12 '' +0x001 SpareByte0 : 0 '' +0x002 Size : 0x58 'X' +0x003 SpareByte1 : 0 '' +0x004 SpareLong0 : 0 +0x008 Thread : 0xfffffa8002f77b60 _KTHREAD
+0x010 ApcListEntry : _LIST_ENTRY [0xfffffa8002f77bb0 - 0xfffffa8002f77bb0]
+0x020 KernelRoutine : 0xfffff800028d28f0 void nt!IopCancelIrpsInCurrentThreadListSpecialApc+0 +0x028 RundownRoutine : (null) +0x030 NormalRoutine : (null) +0x038 NormalContext : (null) +0x040 SystemArgument1 : 0xfffff88002147b10 Void
+0x048 SystemArgument2 : (null)
+0x050 ApcStateIndex : 0 ‘’
+0x051 ApcMode : 0 ‘’
+0x052 Inserted : 0x1 ‘’
So, I’m trying to look for the IRP list from KTHREAD structure to make sure my IRP is in there but I couldn’t find the field in KTHREAD that would lead me to the list of IRP associated with the current thread. The field _KTHREAD->ThreadListEntry is actually an entry of the linked list of threads.
Sorry for spamming but I was hoping there is something I missed in the _KTHREAD structure.
kd> dt nt!_KTHREAD fffffa8002f77b60 +0x000 Header : _DISPATCHER_HEADER +0x018 CycleTime : 0x4cfc0963 +0x020 QuantumTarget : 0x5e87fd14 +0x028 InitialStack : 0xfffff88005b17db0 Void
+0x030 StackLimit : 0xfffff88005b0f000 Void +0x038 KernelStack : 0xfffff88005b16eb0 Void
+0x040 ThreadLock : 0
+0x048 WaitRegister : _KWAIT_STATUS_REGISTER
+0x049 Running : 0x1 ‘’
+0x04a Alerted : [2] “”
+0x04c KernelStackResident : 0y1
+0x04c ReadyTransition : 0y0
+0x04c ProcessReadyQueue : 0y0
+0x04c WaitNext : 0y0
+0x04c SystemAffinityActive : 0y0
+0x04c Alertable : 0y1
+0x04c GdiFlushActive : 0y0
+0x04c UserStackWalkActive : 0y0
+0x04c ApcInterruptRequest : 0y0
+0x04c ForceDeferSchedule : 0y0
+0x04c QuantumEndMigrate : 0y0
+0x04c UmsDirectedSwitchEnable : 0y0
+0x04c TimerActive : 0y0
+0x04c SystemThread : 0y0
+0x04c Reserved : 0y000000000000000000 (0)
+0x04c MiscFlags : 0n33
+0x050 ApcState : _KAPC_STATE
+0x050 ApcStateFill : [43] “???”
+0x07b Priority : 10 ‘’
+0x07c NextProcessor : 0
+0x080 DeferredProcessor : 0
+0x088 ApcQueueLock : 1
+0x090 WaitStatus : 0n256
+0x098 WaitBlockList : 0xfffffa8002f77c68 _KWAIT_BLOCK +0x0a0 WaitListEntry : _LIST_ENTRY [0xfffffa8002681100 - 0xfffff800029fe420] +0x0a0 SwapListEntry : _SINGLE_LIST_ENTRY +0x0b0 Queue : (null) +0x0b8 Teb : 0x000007fffffde000 Void
+0x0c0 Timer : _KTIMER
+0x100 AutoAlignment : 0y0
+0x100 DisableBoost : 0y0
+0x100 EtwStackTraceApc1Inserted : 0y0
+0x100 EtwStackTraceApc2Inserted : 0y0
+0x100 CalloutActive : 0y0
+0x100 ApcQueueable : 0y1
+0x100 EnableStackSwap : 0y1
+0x100 GuiThread : 0y1
+0x100 UmsPerformingSyscall : 0y0
+0x100 VdmSafe : 0y0
+0x100 UmsDispatched : 0y0
+0x100 ReservedFlags : 0y000000000000000000000 (0)
+0x100 ThreadFlags : 0n224
+0x104 Spare0 : 0
+0x108 WaitBlock : [4] _KWAIT_BLOCK
+0x108 WaitBlockFill4 : [44] “???”
+0x134 ContextSwitches : 0xa2a
+0x108 WaitBlockFill5 : [92] “???”
+0x164 State : 0x2 ‘’
+0x165 NpxState : 1 ‘’
+0x166 WaitIrql : 0 ‘’
+0x167 WaitMode : 0 ‘’
+0x108 WaitBlockFill6 : [140] “???”
+0x194 WaitTime : 0x1e9a9
+0x108 WaitBlockFill7 : [168] “???”
+0x1b0 TebMappedLowVa : (null)
+0x1b8 Ucb : (null)
+0x108 WaitBlockFill8 : [188] “???”
+0x1c4 KernelApcDisable : 0n0
+0x1c6 SpecialApcDisable : 0n0
+0x1c4 CombinedApcDisable : 0
+0x1c8 QueueListEntry : _LIST_ENTRY [0x0000000000000000 - 0x0000000000000000]
+0x1d8 TrapFrame : (null)
+0x1e0 FirstArgument : 0x000000000000005c Void +0x1e8 CallbackStack : (null) +0x1e8 CallbackDepth : 0 +0x1f0 ApcStateIndex : 0 '' +0x1f1 BasePriority : 8 '' +0x1f2 PriorityDecrement : 2 '' +0x1f2 ForegroundBoost : 0y0010 +0x1f2 UnusualBoost : 0y0000 +0x1f3 Preempted : 0 '' +0x1f4 AdjustReason : 0 '' +0x1f5 AdjustIncrement : 0 '' +0x1f6 PreviousMode : 1 '' +0x1f7 Saturation : 0 '' +0x1f8 SystemCallNumber : 5 +0x1fc FreezeCount : 0 +0x200 UserAffinity : _GROUP_AFFINITY +0x210 Process : 0xfffffa8002f71570 _KPROCESS
+0x218 Affinity : _GROUP_AFFINITY
+0x228 IdealProcessor : 0
+0x22c UserIdealProcessor : 0
+0x230 ApcStatePointer : [2] 0xfffffa8002f77bb0 _KAPC_STATE +0x240 SavedApcState : _KAPC_STATE +0x240 SavedApcStateFill : [43] "???" +0x26b WaitReason : 0 '' +0x26c SuspendCount : 0 '' +0x26d Spare1 : 0 '' +0x26e CodePatchInProgress : 0 '' +0x270 Win32Thread : 0xfffff900c26b45e0 Void
+0x278 StackBase : 0xfffff88005b18000 Void +0x280 SuspendApc : _KAPC +0x280 SuspendApcFill0 : [1] "??????" +0x281 ResourceIndex : 0x1 '' +0x280 SuspendApcFill1 : [3] "???" +0x283 QuantumReset : 0x12 '' +0x280 SuspendApcFill2 : [4] "???" +0x284 KernelTime : 0xdf +0x280 SuspendApcFill3 : [64] "???" +0x2c0 WaitPrcb : (null) +0x280 SuspendApcFill4 : [72] "???" +0x2c8 LegoData : (null) +0x280 SuspendApcFill5 : [83] "???" +0x2d3 LargeStack : 0x1 '' +0x2d4 UserTime : 0 +0x2d8 SuspendSemaphore : _KSEMAPHORE +0x2d8 SuspendSemaphorefill : [28] "???" +0x2f4 SListFaultCount : 0 +0x2f8 ThreadListEntry : _LIST_ENTRY [0xfffffa800270e668 - 0xfffffa8002f715a0] +0x308 MutantListHead : _LIST_ENTRY [0xfffffa8002f77e68 - 0xfffffa80`02f77e68]
+0x318 SListFaultAddress : (null)
+0x320 ReadOperationCount : 0n278
+0x328 WriteOperationCount : 0n287
+0x330 OtherOperationCount : 0n1436
+0x338 ReadTransferCount : 0n260611275
+0x340 WriteTransferCount : 0n259557067
+0x348 OtherTransferCount : 0n24508
+0x350 ThreadCounters : (null)
+0x358 XStateSave : (null)
Thank you for your help, Tony!