stack corruption?

I am debugging a BSOD that has to do with memory corruption.
Sometimes, I get a dump where the running thread appears to be executing a
DPC routine.
The weird thing is - the stack of the running thread shows ONLY the “DPC
stack” and doesn’t have any leftovers of the regular stack. The only
“leftover” is the thread start address, which alludes on what the thread
was suppose to be doing.
Is this a normal thing to see when dealing with DPC stacks or is the stack
corrupted?

Depending upon the version of Windows, the OS may switch to a separate stack
for DPCs (otherwise, there is an interesting problem for DPC routines - they
have no idea how much stack space is “left”.)

Normally, the contents of the kernel stack aren’t interesting in such a
crash, since the operation in-progress when the DPC fired would be
independent of the DPC itself. However, if the debugger isn’t walking back
up the stack, you should be able to do it yourself (you can give the EIP,
ESP and EBP to the kv command. It is painful, but it can be done.)

Regards,

Tony

Tony Mason
Consulting Partner
OSR Open Systems Resources, Inc.
http://www.osr.com

-----Original Message-----
From: xxxxx@yahoo.com [mailto:xxxxx@yahoo.com]
Sent: Friday, January 31, 2003 2:55 PM
To: Kernel Debugging Interest List
Subject: [windbg] stack corruption?

I am debugging a BSOD that has to do with memory corruption.
Sometimes, I get a dump where the running thread appears to be executing a
DPC routine.
The weird thing is - the stack of the running thread shows ONLY the “DPC
stack” and doesn’t have any leftovers of the regular stack. The only
“leftover” is the thread start address, which alludes on what the thread
was suppose to be doing.
Is this a normal thing to see when dealing with DPC stacks or is the stack
corrupted?

You are currently subscribed to windbg as: xxxxx@osr.com
To unsubscribe send a blank email to xxxxx@lists.osr.com