Skip to content

Instantly share code, notes, and snippets.

@Alvazz

Alvazz/windbg.log

Forked from amurzeau/windbg.log
Created January 3, 2023 06:48
Show Gist options
  • Save Alvazz/d0ff293812c9f4d97ab3859e030d4dce to your computer and use it in GitHub Desktop.
Save Alvazz/d0ff293812c9f4d97ab3859e030d4dce to your computer and use it in GitHub Desktop.
Download ZIP
Windbg debug pending IRP on synchronous audio router at process cleanup
Raw
windbg.log
Microsoft (R) Windows Debugger Version 10.0.17763.1 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\WINDOWS\livekd.dmp]
Kernel Complete Dump File: Full address space is available
Comment: 'LiveKD live system view'
************* Path validation summary **************
Response Time (ms) Location
Deferred srv*C:\Users\Doc\AppData\Local\Temp\symbolcache
*http://msdl.microsoft.com/download/symbols
Symbol search path is: srv*C:\Users\Doc\AppData\Local\Temp\symbolcache
*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 8 Kernel Version 9200 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS Personal
Built by: 9600.18821.amd64fre.winblue_ltsb.170914-0600
Machine Name:
Kernel base = 0xfffff801`49885000 PsLoadedModuleList = 0xfffff801`49b57650
Debug session time: Thu Dec 27 22:12:22.513 2018 (UTC + 1:00)
System Uptime: 0 days 4:57:04.758
Loading Kernel Symbols
...............................................................
................................................................
...........................................................
Loading User Symbols
Loading unloaded module list
..............
*** ERROR: Module load completed but symbols could not be loaded for LiveKdD.SYS
0: kd> .process ffffe0002b050680
Implicit process is now ffffe000`2b050680
0: kd> !process ffffe0002b050680 7
PROCESS ffffe0002b050680
SessionId: 1 Cid: 0fbc Peb: 7ff5ffff3000 ParentCid: 0efc
DirBase: 156933000 ObjectTable: ffffc001615e3980 HandleCount: <Data Not Accessible>
Image: jackd.exe
VadRoot ffffe0002b91a620 Vads 137 Clone 0 Private 2394. Modified 15084. Locked 0.
DeviceMap ffffc0015f53c950
Token ffffc001615e3060
ElapsedTime 04:55:23.368
UserTime 00:00:00.125
KernelTime 00:00:00.171
QuotaPoolUsage[PagedPool] 275704
QuotaPoolUsage[NonPagedPool] 18192
Working Set Sizes (now,min,max) (7441, 4301, 4596) (29764KB, 17204KB, 18384KB)
PeakWorkingSetSize 8884
VirtualSize 153 Mb
PeakVirtualSize 198 Mb
PageFaultCount 29205
MemoryPriority BACKGROUND
BasePriority 4
CommitCharge 2878
Job ffffe0002c3d7b50
THREAD ffffe0002b8f9380 Cid 0fbc.0fc0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (DelayExecution) KernelMode Non-Alertable
ffffffffffffffff NotificationEvent
Not impersonating
DeviceMap ffffc0015f53c950
Owning Process ffffe0002b050680 Image: jackd.exe
Attached Process N/A Image: N/A
Wait Start TickCount 1147225
Context Switch Count 112351 IdealProcessor: 0
UserTime 00:00:00.031
KernelTime 00:00:00.156
Win32 Start Address 0x0000000000401530
Stack Init ffffd00185f8dc90 Current ffffd00185f8d0d0
Base ffffd00185f8e000 Limit ffffd00185f88000 Call 0000000000000000
Priority 4 BasePriority 4 PriorityDecrement 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
ffffd001`85f8d110 fffff801`498f07be : ffffd001`70340180 ffffe000`2b8f9380 00000000`fffffffe fffff801`fffffffe : nt!KiSwapContext+0x76
ffffd001`85f8d250 fffff801`498f0239 : ffffe000`2b8f9380 00000000`00000000 00000000`000a6f30 00000000`00000000 : nt!KiSwapThread+0x14e
ffffd001`85f8d2f0 fffff801`498d6534 : ffffd001`85f8d450 00000000`00000002 fffff780`00000035 00000000`00000000 : nt!KiCommitThreadWait+0x129
ffffd001`85f8d370 fffff801`49a167e8 : ffffe000`2b0b8d68 00000000`00000000 ffffd001`85f8d450 00000000`00000000 : nt!KeDelayExecutionThread+0xe14
ffffd001`85f8d410 fffff801`49c72901 : ffffe000`00000080 ffffe000`2b050680 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x33718
ffffd001`85f8d4a0 fffff801`49c1c302 : ffffe000`276c07f0 00000000`00000000 00000000`00000000 ffffe000`2b0b8cb0 : nt!IopCleanupProcessResources+0x25
ffffd001`85f8d4e0 fffff801`49c1840e : ffffe000`2b0b8c80 ffffe000`26e37b00 ffffe000`2b0b8c90 ffffe000`2b0b8c00 : nt!IopCloseFile+0x272
ffffd001`85f8d570 fffff801`49c18207 : 00000000`00000000 00000000`ffff800a 00000000`00000000 00000000`00000001 : nt!ObpDecrementHandleCount+0x1b6
ffffd001`85f8d610 fffff801`49c17be6 : 00000000`00000001 00000000`00000000 00000000`00000fbc 00000000`00000000 : nt!ObCloseHandleTableEntry+0x313
ffffd001`85f8d6e0 fffff801`49ca15cd : 00000000`00040001 ffffd001`85f8d840 ffffe000`2b050680 ffffe000`2b8f9380 : nt!ExSweepHandleTable+0xba
ffffd001`85f8d740 fffff801`49ca1398 : 00000000`00040000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObKillProcess+0x31
ffffd001`85f8d770 fffff801`49c67ea7 : ffffe000`2b050680 ffffc001`615e3060 ffffd001`85f8d840 00000000`00000000 : nt!PspRundownSingleProcess+0xa4
ffffd001`85f8d800 fffff801`49d0c038 : 00000000`0000f291 ffffe000`2b8f9380 ffffd001`85f8db00 ffffe000`2b8f9428 : nt!PspExitThread+0x573
ffffd001`85f8d910 fffff801`498edafa : ffffe000`2b8f9480 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSchedulerApcTerminate+0x18
ffffd001`85f8d940 fffff801`499d7ac0 : 00000000`0000009c ffffd001`85f8d9c0 fffff801`49a65444 00000000`00000000 : nt!KiDeliverApc+0x2fa
ffffd001`85f8d9c0 fffff801`499de45a : ffffe000`2b8f9380 00000000`ffffffff 00000000`00000000 ffffe000`2a5a9060 : nt!KiInitiateUserApc+0x70
ffffd001`85f8db00 00007ffb`9ae1071a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9f (TrapFrame @ ffffd001`85f8db00)
00000000`0023f7c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`9ae1071a
0: kd> !thread ffffe0002b8f9380
THREAD ffffe0002b8f9380 Cid 0fbc.0fc0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (DelayExecution) KernelMode Non-Alertable
ffffffffffffffff NotificationEvent
Not impersonating
DeviceMap ffffc0015f53c950
Owning Process ffffe0002b050680 Image: jackd.exe
Attached Process N/A Image: N/A
Wait Start TickCount 1147225
Context Switch Count 112351 IdealProcessor: 0
UserTime 00:00:00.031
KernelTime 00:00:00.156
Win32 Start Address 0x0000000000401530
Stack Init ffffd00185f8dc90 Current ffffd00185f8d0d0
Base ffffd00185f8e000 Limit ffffd00185f88000 Call 0000000000000000
Priority 4 BasePriority 4 PriorityDecrement 0 IoPriority 2 PagePriority 5
Child-SP RetAddr : Args to Child : Call Site
ffffd001`85f8d110 fffff801`498f07be : ffffd001`70340180 ffffe000`2b8f9380 00000000`fffffffe fffff801`fffffffe : nt!KiSwapContext+0x76
ffffd001`85f8d250 fffff801`498f0239 : ffffe000`2b8f9380 00000000`00000000 00000000`000a6f30 00000000`00000000 : nt!KiSwapThread+0x14e
ffffd001`85f8d2f0 fffff801`498d6534 : ffffd001`85f8d450 00000000`00000002 fffff780`00000035 00000000`00000000 : nt!KiCommitThreadWait+0x129
ffffd001`85f8d370 fffff801`49a167e8 : ffffe000`2b0b8d68 00000000`00000000 ffffd001`85f8d450 00000000`00000000 : nt!KeDelayExecutionThread+0xe14
ffffd001`85f8d410 fffff801`49c72901 : ffffe000`00000080 ffffe000`2b050680 00000000`00000000 00000000`00000000 : nt! ?? ::FNODOBFM::`string'+0x33718
ffffd001`85f8d4a0 fffff801`49c1c302 : ffffe000`276c07f0 00000000`00000000 00000000`00000000 ffffe000`2b0b8cb0 : nt!IopCleanupProcessResources+0x25
ffffd001`85f8d4e0 fffff801`49c1840e : ffffe000`2b0b8c80 ffffe000`26e37b00 ffffe000`2b0b8c90 ffffe000`2b0b8c00 : nt!IopCloseFile+0x272
ffffd001`85f8d570 fffff801`49c18207 : 00000000`00000000 00000000`ffff800a 00000000`00000000 00000000`00000001 : nt!ObpDecrementHandleCount+0x1b6
ffffd001`85f8d610 fffff801`49c17be6 : 00000000`00000001 00000000`00000000 00000000`00000fbc 00000000`00000000 : nt!ObCloseHandleTableEntry+0x313
ffffd001`85f8d6e0 fffff801`49ca15cd : 00000000`00040001 ffffd001`85f8d840 ffffe000`2b050680 ffffe000`2b8f9380 : nt!ExSweepHandleTable+0xba
ffffd001`85f8d740 fffff801`49ca1398 : 00000000`00040000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!ObKillProcess+0x31
ffffd001`85f8d770 fffff801`49c67ea7 : ffffe000`2b050680 ffffc001`615e3060 ffffd001`85f8d840 00000000`00000000 : nt!PspRundownSingleProcess+0xa4
ffffd001`85f8d800 fffff801`49d0c038 : 00000000`0000f291 ffffe000`2b8f9380 ffffd001`85f8db00 ffffe000`2b8f9428 : nt!PspExitThread+0x573
ffffd001`85f8d910 fffff801`498edafa : ffffe000`2b8f9480 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSchedulerApcTerminate+0x18
ffffd001`85f8d940 fffff801`499d7ac0 : 00000000`0000009c ffffd001`85f8d9c0 fffff801`49a65444 00000000`00000000 : nt!KiDeliverApc+0x2fa
ffffd001`85f8d9c0 fffff801`499de45a : ffffe000`2b8f9380 00000000`ffffffff 00000000`00000000 ffffe000`2a5a9060 : nt!KiInitiateUserApc+0x70
ffffd001`85f8db00 00007ffb`9ae1071a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceExit+0x9f (TrapFrame @ ffffd001`85f8db00)
00000000`0023f7c8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x00007ffb`9ae1071a
0: kd> .thread ffffe0002b8f9380
Implicit thread is now ffffe000`2b8f9380
0: kd> .register
^ Syntax error in '.register'
0: kd> .registers
^ Syntax error in '.registers'
0: kd> !registers
No export registers found
0: kd> !register
No export register found
0: kd> !reg
reg <command> <params> - Registry extensions
querykey|q <FullKeyPath> - Dump subkeys and values
keyinfo <HiveAddr> <KnodeAddr> - Dump subkeys and values, given knode
kcb <Address> - Dump registry key-control-blocks
knode <Address> - Dump registry key-node struct
kbody <Address> - Dump registry key-body struct
kvalue <Address> - Dump registry key-value struct
valuelist <HiveAddr> <KnodeAddr> - Dumps list of values for a particular knode
subkeylist <HiveAddr> <KnodeAddr> - Dumps list of subkeys for a particular knode
baseblock <HiveAddr> - Dump the baseblock for the specified hive
seccache <HiveAddr> - Dump the security cache for the specified hive
hashindex <HiveAddr> <conv_key> - Find the hash entry given a Kcb ConvKey
openkeys <HiveAddr|0> - Dump the keys opened inside the specified hive
openhandles <HiveAddr|0> - Dump the handles opened inside the specified hive
findkcb <FullKeyPath> - Find the kcb for the corresponding path
hivelist - Displays the list of the hives in the system
viewlist <HiveAddr> - Dump the pinned/mapped view list for the specified hive
freebins <HiveAddr> - Dump the free bins for the specified hive
freecells <BinAddr> - Dump the free cells in the specified bin
dirtyvector<HiveAddr> - Dump the dirty vector for the specified hive
cellindex <HiveAddr> <cellindex> - Finds the VA for a specified cell index
freehints <HiveAddr> <Storage> <Display> - Dumps freehint info
translist <RmAddr|0> - Displays the list of active transactions in this RM
uowlist <TransAddr> - Displays the list of UoW attached to this transaction
locktable <KcbAddr|ThreadAddr> - Displays relevant LOCK table content
convkey <KeyPath> - Displays hash keys for a key path input
postblocklist - Displays the list of threads which have 1 or more postblocks posted
notifylist - Displays the list of notify blocks in the system
ixlock <LockAddr> - Dumps ownership of an intent lock
finalize <conv_key> - Finalizes the specified path or component hash
dumppool [s|r] - Dump registry allocated paged pool
s - Save list of registry pages to temporary file
r - Restore list of registry pages from temp. file
0: kd> .frame 1
01 ffffd001`85f8d250 fffff801`498f0239 nt!KiSwapThread+0x14e
0: kd> .frame 3
03 ffffd001`85f8d370 fffff801`49a167e8 nt!KeDelayExecutionThread+0xe14
0: kd> .frame 4
04 ffffd001`85f8d410 fffff801`49c72901 nt! ?? ::FNODOBFM::`string'+0x33718
0: kd> .frame 5
05 ffffd001`85f8d4a0 fffff801`49c1c302 nt!IopCleanupProcessResources+0x25
0: kd> .frame 8
08 ffffd001`85f8d610 fffff801`49c17be6 nt!ObCloseHandleTableEntry+0x313
0: kd> .frame /r 8
08 ffffd001`85f8d610 fffff801`49c17be6 nt!ObCloseHandleTableEntry+0x313
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000007ff5 rdi=ffffe0002b0b8cb0
rip=fffff80149c18207 rsp=ffffd00185f8d610 rbp=0000000000000424
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=ffffe0002b050680 r13=ffffe0002b0b8c80
r14=0000000000000001 r15=ffffc001615e3980
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!ObCloseHandleTableEntry+0x313:
fffff801`49c18207 385c2430 cmp byte ptr [rsp+30h],bl ss:ffffd001`85f8d640=00
0: kd> .frame /r 9
09 ffffd001`85f8d6e0 fffff801`49ca15cd nt!ExSweepHandleTable+0xba
rax=0000000000000000 rbx=0000000000000424 rcx=0000000000000000
rdx=0000000000000000 rsi=fffae0002b8f9380 rdi=ffffffffffffffff
rip=fffff80149c17be6 rsp=ffffd00185f8d6e0 rbp=ffffd00185f8d800
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000102 r13=ffffe0002b050680
r14=ffffc00162015090 r15=ffffc001615e3980
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!ExSweepHandleTable+0xba:
fffff801`49c17be6 4533c9 xor r9d,r9d
0: kd> !process
PROCESS ffffe00026d0c040
SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000
DirBase: 001ab000 ObjectTable: ffffc0015d003000 HandleCount: <Data Not Accessible>
Image: System
VadRoot ffffe0002c86d8c0 Vads 145 Clone 0 Private 326. Modified 1163895. Locked 352.
DeviceMap ffffc0015d00c340
Token ffffc0015d0055f0
ElapsedTime 04:57:00.066
UserTime 00:00:00.000
KernelTime 00:09:20.968
QuotaPoolUsage[PagedPool] 0
QuotaPoolUsage[NonPagedPool] 0
Working Set Sizes (now,min,max) (6195, 50, 450) (24780KB, 200KB, 1800KB)
PeakWorkingSetSize 7259
VirtualSize 28 Mb
PeakVirtualSize 37 Mb
PageFaultCount 34432
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 330
THREAD ffffe00026d59040 Cid 0004.0008 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable
fffff80149b57f40 NotificationEvent
THREAD ffffe00026d784c0 Cid 0004.000c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
fffff80149b3d720 SynchronizationEvent
THREAD ffffe00026ddc6c0 Cid 0004.0010 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
fffff80149b3dfa0 Semaphore Limit 0x7fffffff
THREAD ffffe00026e09040 Cid 0004.0014 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
fffff80149b3dfa0 Semaphore Limit 0x7fffffff
THREAD ffffe00026e15040 Cid 0004.0018 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
ffffe00026d09920 QueueObject
THREAD ffffe00026e39040 Cid 0004.001c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) UserMode Non-Alertable
fffff80149b30628 SynchronizationTimer
fffff80149b30610 SynchronizationEvent
fffff80149b30668 SynchronizationEvent
THREAD ffffe00026e37040 Cid 0004.0024 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
fffff80149b35d00 QueueObject
THREAD ffffe00026e36040 Cid 0004.0028 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
fffff80149b86180 Gate
THREAD ffffe00026e36880 Cid 0004.002c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
ffffd00170192180 Gate
THREAD ffffe00026e35040 Cid 0004.0030 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
ffffd00170345180 Gate
THREAD ffffe00026e35880 Cid 0004.0034 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Suspended) KernelMode Non-Alertable
ffffd001703c5180 Gate
THREAD ffffe00026e3a040 Cid 0004.0038 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrVirtualMemory) UserMode Non-Alertable
fffff80149b57bc0 NotificationEvent
fffff80149b57ac0 Semaphore Limit 0x7fffffff
fffff80149b57d60 NotificationEvent
fffff80149b57c40 NotificationEvent
fffff80149b56240 NotificationEvent
fffff80149b57b40 SynchronizationTimer
fffff80149b57b20 SynchronizationEvent
THREAD ffffe00026e8c040 Cid 0004.003c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable
fffff80149b45260 Gate
THREAD ffffe00026e8c880 Cid 0004.0040 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
fffff80149b5ed80 SynchronizationEvent
fffff80149b56b00 SynchronizationEvent
THREAD ffffe00026e8e040 Cid 0004.0048 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
fffff80149b5ed40 SynchronizationEvent
THREAD ffffe00026e8d540 Cid 0004.0044 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable
fffff80149b576a0 SynchronizationEvent
fffff80149b576b8 SynchronizationEvent
fffff80149b576d0 SynchronizationEvent
fffff80149b576e8 SynchronizationEvent
fffff80149b57700 SynchronizationEvent
fffff80149b57718 SynchronizationEvent
fffff80149b57730 SynchronizationEvent
fffff80149b57748 SynchronizationEvent
fffff80149b57760 SynchronizationEvent
fffff80149b57778 SynchronizationEvent
fffff80149b57790 SynchronizationEvent
fffff80149b577a8 SynchronizationEvent
fffff80149b577c0 SynchronizationEvent
fffff80149b577d8 SynchronizationEvent
fffff80149b577f0 SynchronizationEvent
fffff80149b57808 SynchronizationEvent
fffff80149b57820 SynchronizationEvent
THREAD ffffe00026dc7040 Cid 0004.0054 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrFreePage) KernelMode Non-Alertable
fffff80149b66960 SynchronizationEvent
fffff80149b66980 SynchronizationEvent
fffff80149b669a0 SynchronizationEvent
fffff80149b669c0 SynchronizationEvent
fffff80149b669e0 SynchronizationEvent
THREAD ffffe00026dc8040 Cid 0004.0058 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
fffff80149b64620 QueueObject
THREAD ffffe00026dc8880 Cid 0004.005c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
fffff80149b64660 QueueObject
THREAD ffffe00026f83040 Cid 0004.0068 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00026ed9e30 SynchronizationEvent
ffffe00026ed9e48 SynchronizationTimer
THREAD ffffe00026f83880 Cid 0004.006c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00026ed99f0 SynchronizationEvent
ffffe00026ed9a08 SynchronizationTimer
THREAD ffffe00026f97440 Cid 0004.0070 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00026f97df0 SynchronizationEvent
ffffe00026f97e08 SynchronizationTimer
THREAD ffffe00026fa1880 Cid 0004.0078 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00026fa1230 SynchronizationEvent
ffffe00026fa1248 SynchronizationTimer
THREAD ffffe00026fa2880 Cid 0004.007c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00026fa2230 SynchronizationEvent
ffffe00026fa2248 SynchronizationTimer
THREAD ffffe00026fc3880 Cid 0004.0080 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00026fc3230 SynchronizationEvent
ffffe00026fc3248 SynchronizationTimer
THREAD ffffe00026ff7040 Cid 0004.0084 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00026fee970 SynchronizationEvent
THREAD ffffe00026ff8880 Cid 0004.0088 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00026ff8230 SynchronizationEvent
THREAD ffffe000270a2880 Cid 0004.0090 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe000270a3230 SynchronizationEvent
ffffe000270a3248 SynchronizationTimer
THREAD ffffe000270a0880 Cid 0004.0094 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe000270a0230 SynchronizationEvent
THREAD ffffe00026d70040 Cid 0004.00a0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
fffff80149b62780 QueueObject
THREAD ffffe00026edc040 Cid 0004.00a4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
fffff80149b62780 QueueObject
THREAD ffffe00026f76040 Cid 0004.00a8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
fffff80149b62780 QueueObject
THREAD ffffe00026f76880 Cid 0004.00ac Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
fffff80149b62780 QueueObject
THREAD ffffe00026f79540 Cid 0004.00b0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
fffff8001ca5e3a0 NotificationEvent
fffff8001ca5e3e0 NotificationEvent
THREAD ffffe000271fc040 Cid 0004.00d0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe000271fbf40 SynchronizationEvent
ffffe000271fbf58 SynchronizationEvent
ffffe000271fbf70 SynchronizationEvent
ffffe000271fbf88 SynchronizationEvent
ffffe000271fbfa0 SynchronizationEvent
ffffe000271fbfb8 SynchronizationEvent
ffffe000271fbfd0 SynchronizationEvent
ffffe000271fbfe8 SynchronizationEvent
THREAD ffffe000271fc880 Cid 0004.00d4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00027095d98 SynchronizationEvent
ffffe00027095d80 SynchronizationEvent
THREAD ffffe000279a94c0 Cid 0004.00dc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Alertable
fffff8001cf6cc68 NotificationEvent
fffff8001cf6cc98 Semaphore Limit 0x7fffffff
THREAD ffffe000279a8880 Cid 0004.00e0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Alertable
ffffe00026ffa018 NotificationEvent
ffffe00026ffa030 SynchronizationTimer
THREAD ffffe000279e7480 Cid 0004.00e4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe000279c8b38 NotificationEvent
THREAD ffffe000282a0040 Cid 0004.00e8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
fffff8001d9168e0 SynchronizationTimer
THREAD ffffe000282a0880 Cid 0004.00ec Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
fffff8001d9168a0 QueueObject
THREAD ffffe0002829e880 Cid 0004.00f0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe000282a12e0 Semaphore Limit 0x7fffffff
THREAD ffffe0002829d040 Cid 0004.00f4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe000282a1320 Semaphore Limit 0x7fffffff
THREAD ffffe0002829d880 Cid 0004.00f8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe000282a1360 Semaphore Limit 0x7fffffff
THREAD ffffe0002829c040 Cid 0004.00fc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe000282a13a0 Semaphore Limit 0x7fffffff
THREAD ffffe00029278040 Cid 0004.010c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00029294380 Semaphore Limit 0x7fffffff
THREAD ffffe00029278880 Cid 0004.0110 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe000292943a0 Semaphore Limit 0x7fffffff
THREAD ffffe000293fc040 Cid 0004.0114 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe000292943c0 Semaphore Limit 0x7fffffff
THREAD ffffe000293fc880 Cid 0004.0118 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe000292943e0 Semaphore Limit 0x7fffffff
THREAD ffffe000293fb040 Cid 0004.011c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00029294400 Semaphore Limit 0x7fffffff
THREAD ffffe000293fb880 Cid 0004.0120 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00029294420 Semaphore Limit 0x7fffffff
THREAD ffffe000293fa040 Cid 0004.0124 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00029294440 Semaphore Limit 0x7fffffff
THREAD ffffe000293fa880 Cid 0004.0128 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00029294460 Semaphore Limit 0x7fffffff
THREAD ffffe000293f9040 Cid 0004.012c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00029294480 Semaphore Limit 0x7fffffff
THREAD ffffe0002a55d880 Cid 0004.0144 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
fffff8001e6301e0 SynchronizationEvent
THREAD ffffe0002a5fb040 Cid 0004.014c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) UserMode Alertable
ffffe0002a84c9f8 NotificationEvent
THREAD ffffe00028280880 Cid 0004.0154 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
ffffe00028280eb0 Semaphore Limit 0x1
THREAD ffffe0002a856880 Cid 0004.0164 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a88c338 Semaphore Limit 0x8000
ffffe0002a88c380 NotificationEvent
THREAD ffffe0002a8746c0 Cid 0004.0168 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00029274b20 SynchronizationEvent
THREAD ffffe0002a7f5080 Cid 0004.01a4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) UserMode Non-Alertable
fffff80149b24430 SynchronizationEvent
THREAD ffffe0002a7f4080 Cid 0004.01a8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) UserMode Non-Alertable
fffff80149b244f0 SynchronizationEvent
THREAD ffffe0002a8a5600 Cid 0004.01b0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a8db7b8 Semaphore Limit 0x7fffffff
THREAD ffffe0002a8c9880 Cid 0004.01b4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a8db768 Semaphore Limit 0x7fffffff
THREAD ffffe0002ab89040 Cid 0004.01b8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffd0017204db70 SynchronizationTimer
THREAD ffffe0002ab47880 Cid 0004.01bc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffd0017209fb70 SynchronizationTimer
THREAD ffffe0002aca8040 Cid 0004.01c0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00026d2d308 NotificationEvent
ffffe00026d2d2d8 SynchronizationEvent
ffffe00026d2d2a8 Semaphore Limit 0x7fffffff
THREAD ffffe0002aca8880 Cid 0004.01c4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (DelayExecution) KernelMode Non-Alertable
ffffffffffffffff NotificationEvent
THREAD ffffe0002aca7040 Cid 0004.01c8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (DelayExecution) KernelMode Non-Alertable
ffffffffffffffff NotificationEvent
THREAD ffffe0002aca2740 Cid 0004.01cc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a6bec28 SynchronizationEvent
THREAD ffffe0002ad71880 Cid 0004.01d0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a944390 SynchronizationEvent
ffffe0002a9443a8 SynchronizationEvent
ffffe0002a9443c0 SynchronizationEvent
ffffe0002a9443d8 SynchronizationEvent
ffffe0002a9443f0 SynchronizationEvent
ffffe0002a944460 NotificationEvent
THREAD ffffe0002acd9040 Cid 0004.01d4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a863ba0 SynchronizationEvent
ffffe0002a863bb8 SynchronizationEvent
ffffe0002a863bd0 SynchronizationEvent
ffffe0002a863be8 SynchronizationEvent
ffffe0002a863c00 SynchronizationEvent
ffffe0002a863c18 SynchronizationEvent
ffffe0002a863c30 SynchronizationEvent
ffffe0002a863c48 SynchronizationEvent
ffffe0002a863c60 SynchronizationEvent
ffffe0002a863c78 SynchronizationEvent
ffffe0002a863c90 SynchronizationEvent
ffffe0002a863ca8 SynchronizationEvent
ffffe0002a863cc0 SynchronizationEvent
ffffe0002a863cd8 SynchronizationEvent
ffffe0002a863cf0 SynchronizationEvent
ffffe0002a863d08 SynchronizationEvent
ffffe0002a9442e0 NotificationEvent
THREAD ffffe0002acd9880 Cid 0004.01d8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a944240 SynchronizationEvent
ffffe0002a944258 SynchronizationEvent
ffffe0002a944270 SynchronizationEvent
ffffe0002a9fd510 NotificationEvent
THREAD ffffe0002ace6880 Cid 0004.01dc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a9fd2e0 SynchronizationEvent
ffffe0002a9fd2f8 SynchronizationEvent
ffffe0002a9fd310 SynchronizationEvent
ffffe0002a9fd380 NotificationEvent
THREAD ffffe0002ad6e040 Cid 0004.01e0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a9fd250 SynchronizationEvent
ffffe0002a9fd268 SynchronizationEvent
ffffe0002a9fd280 SynchronizationEvent
ffffe0002aea03e0 NotificationEvent
THREAD ffffe0002ad6e880 Cid 0004.01e4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00026ffef20 SynchronizationEvent
ffffe00026ffef38 SynchronizationEvent
ffffe00026ffef50 SynchronizationEvent
ffffe00026ffefc0 NotificationEvent
THREAD ffffe0002ad6d040 Cid 0004.01e8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00026ffe930 SynchronizationEvent
ffffe00026ffe948 SynchronizationEvent
ffffe00026ffe960 SynchronizationEvent
ffffe00026ffe9d0 NotificationEvent
THREAD ffffe0002ad6d880 Cid 0004.01ec Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a860fb0 SynchronizationEvent
ffffe0002a860fc8 SynchronizationEvent
ffffe0002a860fe0 SynchronizationEvent
ffffe0002a860050 NotificationEvent
THREAD ffffe0002ad0d040 Cid 0004.01f0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a860300 SynchronizationEvent
ffffe0002a860318 SynchronizationEvent
ffffe0002a860330 SynchronizationEvent
ffffe0002a8603a0 NotificationEvent
THREAD ffffe0002ad0d880 Cid 0004.01f4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a864550 SynchronizationEvent
ffffe0002a864568 SynchronizationEvent
ffffe0002a864580 SynchronizationEvent
ffffe0002a8645f0 NotificationEvent
THREAD ffffe0002ad6c040 Cid 0004.01f8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a865740 SynchronizationEvent
ffffe0002a865758 SynchronizationEvent
ffffe0002a865770 SynchronizationEvent
ffffe0002a86ae20 NotificationEvent
THREAD ffffe0002ad6c880 Cid 0004.01fc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a86ae80 SynchronizationEvent
ffffe0002a86ae98 SynchronizationEvent
ffffe0002a86aeb0 SynchronizationEvent
ffffe0002a8600f0 NotificationEvent
THREAD ffffe0002ad6a040 Cid 0004.0200 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a82e630 SynchronizationEvent
ffffe0002a82e648 SynchronizationEvent
ffffe0002a82e660 SynchronizationEvent
ffffe0002a82e6d0 NotificationEvent
THREAD ffffe0002ad6a880 Cid 0004.0204 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00026fff480 SynchronizationEvent
ffffe00026fff498 SynchronizationEvent
ffffe00026fff4b0 SynchronizationEvent
ffffe00026fff520 NotificationEvent
THREAD ffffe0002ad69040 Cid 0004.0208 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a86ef20 SynchronizationEvent
ffffe0002a86ef38 SynchronizationEvent
ffffe0002a86ef50 SynchronizationEvent
ffffe0002a86efc0 NotificationEvent
THREAD ffffe0002ad69880 Cid 0004.020c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a8697c0 SynchronizationEvent
ffffe0002a8697d8 SynchronizationEvent
ffffe0002a8697f0 SynchronizationEvent
ffffe0002a869860 NotificationEvent
THREAD ffffe0002ad68040 Cid 0004.0210 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a86b7c0 SynchronizationEvent
ffffe0002a86b7d8 SynchronizationEvent
ffffe0002a86b7f0 SynchronizationEvent
ffffe0002a86b860 NotificationEvent
THREAD ffffe0002ad68880 Cid 0004.0214 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a86b670 SynchronizationEvent
ffffe0002a86b688 SynchronizationEvent
ffffe0002a86b6a0 SynchronizationEvent
ffffe0002a86b710 NotificationEvent
THREAD ffffe0002ad65040 Cid 0004.0218 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a802ad0 SynchronizationEvent
ffffe0002a802ae8 SynchronizationEvent
ffffe0002a802b00 SynchronizationEvent
ffffe0002a802b70 NotificationEvent
THREAD ffffe0002ad65880 Cid 0004.021c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a802530 SynchronizationEvent
ffffe0002a802548 SynchronizationEvent
ffffe0002a802560 SynchronizationEvent
ffffe0002a8025d0 NotificationEvent
THREAD ffffe0002ad64040 Cid 0004.0220 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a86fb70 SynchronizationEvent
ffffe0002a86fb88 SynchronizationEvent
ffffe0002a86fba0 SynchronizationEvent
ffffe0002a86fc10 NotificationEvent
THREAD ffffe0002ad64880 Cid 0004.0224 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a86f540 SynchronizationEvent
ffffe0002a86f558 SynchronizationEvent
ffffe0002a86f570 SynchronizationEvent
ffffe0002a86f5e0 NotificationEvent
THREAD ffffe0002ad63040 Cid 0004.0228 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a870ec0 SynchronizationEvent
ffffe0002a870ed8 SynchronizationEvent
ffffe0002a870ef0 SynchronizationEvent
ffffe0002a870f60 NotificationEvent
THREAD ffffe0002ad63880 Cid 0004.022c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a870920 SynchronizationEvent
ffffe0002a870938 SynchronizationEvent
ffffe0002a870950 SynchronizationEvent
ffffe0002a8709c0 NotificationEvent
THREAD ffffe0002ad5f040 Cid 0004.0230 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a863db0 SynchronizationEvent
ffffe0002a863dc8 SynchronizationEvent
ffffe0002a863de0 SynchronizationEvent
ffffe0002a865430 NotificationEvent
THREAD ffffe0002ad5d040 Cid 0004.0234 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a8e5040 SynchronizationEvent
ffffe0002a8e5058 SynchronizationEvent
ffffe0002a8e5070 SynchronizationEvent
ffffe0002a8e50e0 NotificationEvent
THREAD ffffe0002ad5d880 Cid 0004.0238 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002aff6d38 NotificationEvent
ffffe0002aff6c18 SynchronizationTimer
ffffe0002aff6da0 SynchronizationEvent
ffffe0002aff6db8 SynchronizationEvent
ffffe0002aff6dd0 SynchronizationEvent
ffffe0002aff6de8 SynchronizationEvent
ffffe0002aff6e00 SynchronizationEvent
ffffe0002aff6e18 SynchronizationEvent
ffffe0002aff6e30 SynchronizationEvent
THREAD ffffe0002ace2880 Cid 0004.0240 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a51f498 NotificationEvent
ffffe0002a51f480 SynchronizationEvent
THREAD ffffe0002b536300 Cid 0004.0244 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002b1f8628 SynchronizationEvent
THREAD ffffe00026d08880 Cid 0004.026c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002ade0540 SynchronizationEvent
ffffe0002ade0508 SynchronizationEvent
THREAD ffffe0002b5cc880 Cid 0004.0270 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002a66b200 SynchronizationEvent
ffffe0002a66b268 SynchronizationEvent
ffffe0002a66b2d0 SynchronizationEvent
ffffe0002a66b338 SynchronizationEvent
ffffe0002a66b3a0 SynchronizationEvent
ffffe0002a66b180 SynchronizationEvent
ffffe0002a66b150 SynchronizationEvent
THREAD ffffe0002b5d4880 Cid 0004.0274 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00026dd8540 SynchronizationEvent
ffffe00026dd8508 SynchronizationEvent
ffffe00026dd85b0 SynchronizationEvent
THREAD ffffe0002b5d1080 Cid 0004.0278 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Alertable
ffffd001738ae9e8 SynchronizationEvent
ffffd001738ae9d0 SynchronizationEvent
ffffd001738ae9a0 SynchronizationEvent
THREAD ffffe0002b6a9880 Cid 0004.02ac Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Alertable
ffffe0002b6a6240 QueueObject
THREAD ffffe0002b0c1040 Cid 0004.03c0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002b167d10 NotificationEvent
ffffe0002b167d28 SynchronizationEvent
ffffe0002b167d70 NotificationEvent
THREAD ffffe0002bde6040 Cid 0004.0540 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
fffff80020128620 SynchronizationEvent
fffff80020128600 SynchronizationEvent
THREAD ffffe0002be41080 Cid 0004.0568 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002be43c70 SynchronizationEvent
ffffe0002be43c88 SynchronizationTimer
THREAD ffffe0002be26200 Cid 0004.05b4 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002be4f630 NotificationEvent
ffffe0002be4f648 NotificationEvent
THREAD ffffe0002bf24040 Cid 0004.0600 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002be39d68 SynchronizationEvent
ffffe0002be39d80 SynchronizationEvent
THREAD ffffe0002c127040 Cid 0004.0640 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002c0c41a8 SynchronizationEvent
THREAD ffffe0002c127880 Cid 0004.0674 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002c0c41d8 SynchronizationEvent
THREAD ffffe0002c126040 Cid 0004.0684 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002c0c4208 SynchronizationEvent
THREAD ffffe0002c126880 Cid 0004.0690 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
ffffe0002c0c2278 QueueObject
THREAD ffffe0002c140880 Cid 0004.04b8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
ffffe0002c125028 QueueObject
THREAD ffffe0002c122040 Cid 0004.061c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
ffffe0002c125348 QueueObject
THREAD ffffe0002c122880 Cid 0004.06a8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
ffffe0002c125668 QueueObject
THREAD ffffe0002c121040 Cid 0004.06f8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
ffffe0002c125988 QueueObject
THREAD ffffe0002c121880 Cid 0004.046c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
ffffe0002c124028 QueueObject
THREAD ffffe0002c120040 Cid 0004.07b8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
ffffe0002c124348 QueueObject
THREAD ffffe0002c120880 Cid 0004.07dc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
ffffe0002c124668 QueueObject
THREAD ffffe0002c11f040 Cid 0004.07f0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
ffffe0002c124988 QueueObject
THREAD ffffe0002c11f880 Cid 0004.051c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Non-Alertable
fffff8002051a8f8 QueueObject
THREAD ffffe0002c5ba240 Cid 0004.0ba8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002c5babf0 SynchronizationEvent
ffffe0002c5bac08 SynchronizationTimer
THREAD ffffe0002c4943c0 Cid 0004.0b54 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002c494c60 SynchronizationEvent
THREAD ffffe0002c493040 Cid 0004.044c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002c494220 SynchronizationEvent
THREAD ffffe0002be82880 Cid 0004.0454 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe00026e3ad80 NotificationEvent
ffffe00026e34240 NotificationEvent
fffff80020454bc0 NotificationTimer
fffff80020454b80 NotificationEvent
fffff80020454ba0 SynchronizationEvent
THREAD ffffe0002c9cc080 Cid 0004.0f08 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
fffff80149b30808 NotificationEvent
fffff80149b307c8 NotificationEvent
fffff80149b307b0 NotificationEvent
fffff80149b6a1d0 NotificationEvent
THREAD ffffe0002ca5a800 Cid 0004.0d3c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002b7e5be0 NotificationEvent
ffffe0002b7e5bf8 SynchronizationEvent
THREAD ffffe0002bb67700 Cid 0004.03ac Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002bf5ba30 SynchronizationEvent
ffffe0002bf5ba48 SynchronizationTimer
THREAD ffffe0002dd0a040 Cid 0004.13cc Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
fffff8001f44fda0 SynchronizationEvent
THREAD ffffe0002dfc8880 Cid 0004.0334 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002e39b270 NotificationEvent
THREAD ffffe0002e356880 Cid 0004.0c74 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002e39b2f0 NotificationEvent
ffffe0002e39b2d8 NotificationEvent
THREAD ffffe0002de86880 Cid 0004.13a0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (Executive) KernelMode Non-Alertable
ffffe0002e39b200 NotificationEvent
ffffe0002e39b218 NotificationEvent
THREAD ffffe0002e35b880 Cid 0004.084c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrVirtualMemory) KernelMode Non-Alertable
fffff80149b436c0 NotificationEvent
ffffd001854c5b40 SynchronizationTimer
THREAD ffffe0002e39b880 Cid 0004.0aa8 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
ffffe0002e098d30 EventPair
THREAD ffffe0002cbef640 Cid 0004.1024 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
fffff80149b30340 EventPair
THREAD ffffe00027531880 Cid 0004.1140 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
fffff80149b30340 EventPair
THREAD ffffe0002e38e040 Cid 0004.0e4c Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
fffff80149b30340 EventPair
THREAD ffffe000274e5540 Cid 0004.0d80 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrQueue) KernelMode Non-Alertable
fffff80149b30340 EventPair
0: kd> dt _HANDLE_TYPE ffffc001615e3980
*** ERROR: Symbol file could not be found. Defaulted to export symbols for CI.dll -
*** ERROR: Module load completed but symbols could not be loaded for mcupdate_GenuineIntel.dll
*** ERROR: Symbol file could not be found. Defaulted to export symbols for werkernel.sys -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for CLFS.SYS -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for tm.sys -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for PSHED.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for BOOTVID.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for cmimcext.sys -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for WppRecorder.sys -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for WMILIB.SYS -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for msrpc.sys -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for WDFLDR.SYS -
*** ERROR: Module load completed but symbols could not be loaded for acpiex.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for cng.sys -
*** ERROR: Module load completed but symbols could not be loaded for msisadrv.sys
*** ERROR: Module load completed but symbols could not be loaded for pci.sys
*** ERROR: Module load completed but symbols could not be loaded for vdrvroot.sys
*** ERROR: Module load completed but symbols could not be loaded for pdc.sys
*** ERROR: Module load completed but symbols could not be loaded for partmgr.sys
*** ERROR: Module load completed but symbols could not be loaded for spaceport.sys
*** ERROR: Module load completed but symbols could not be loaded for volmgr.sys
*** ERROR: Module load completed but symbols could not be loaded for VBoxDrv.sys
*** ERROR: Module load completed but symbols could not be loaded for volmgrx.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for vmci.sys -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for vsock.sys -
*** ERROR: Module load completed but symbols could not be loaded for mountmgr.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for fltmgr.sys -
*** ERROR: Module load completed but symbols could not be loaded for fileinfo.sys
*** ERROR: Module load completed but symbols could not be loaded for Wof.sys
*** ERROR: Module load completed but symbols could not be loaded for iaStorA.sys
*** ERROR: Module load completed but symbols could not be loaded for VBoxNetAdp6.sys
*** ERROR: Module load completed but symbols could not be loaded for CompositeBus.sys
*** ERROR: Module load completed but symbols could not be loaded for umbus.sys
*** ERROR: Module load completed but symbols could not be loaded for Ntfs.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for ksecdd.sys -
*** ERROR: Module load completed but symbols could not be loaded for pcw.sys
*** ERROR: Module load completed but symbols could not be loaded for Fs_Rec.sys
*** ERROR: Module load completed but symbols could not be loaded for volsnap.sys
*** ERROR: Module load completed but symbols could not be loaded for dfsc.sys
*** ERROR: Module load completed but symbols could not be loaded for disk.sys
*** ERROR: Module load completed but symbols could not be loaded for ksecpkg.sys
*** ERROR: Module load completed but symbols could not be loaded for intelpep.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for crashdmp.sys -
*** ERROR: Module load completed but symbols could not be loaded for fvevol.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for mup.sys -
*** ERROR: Module load completed but symbols could not be loaded for wfplwfs.sys
*** ERROR: Module load completed but symbols could not be loaded for rdyboost.sys
*** ERROR: Module load completed but symbols could not be loaded for ahcache.sys
*** ERROR: Module load completed but symbols could not be loaded for dump_iaStorA.sys
*** ERROR: Module load completed but symbols could not be loaded for cdrom.sys
*** ERROR: Module load completed but symbols could not be loaded for Null.SYS
*** ERROR: Module load completed but symbols could not be loaded for Beep.SYS
*** ERROR: Module load completed but symbols could not be loaded for BasicRender.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for rdbss.sys -
*** ERROR: Module load completed but symbols could not be loaded for VBoxUSBMon.sys
*** ERROR: Module load completed but symbols could not be loaded for mssmbios.sys
*** ERROR: Module load completed but symbols could not be loaded for kdnic.sys
*** ERROR: Module load completed but symbols could not be loaded for pacer.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for vwififlt.sys -
*** ERROR: Module load completed but symbols could not be loaded for nm3.sys
*** ERROR: Module load completed but symbols could not be loaded for VBoxNetLwf.sys
*** ERROR: Module load completed but symbols could not be loaded for netbios.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for watchdog.sys -
*** ERROR: Module load completed but symbols could not be loaded for BasicDisplay.sys
*** ERROR: Module load completed but symbols could not be loaded for Npfs.SYS
*** ERROR: Module load completed but symbols could not be loaded for Msfs.SYS
*** ERROR: Module load completed but symbols could not be loaded for tdx.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for TDI.SYS -
*** ERROR: Module load completed but symbols could not be loaded for ws2ifsl.sys
*** ERROR: Module load completed but symbols could not be loaded for netbt.sys
*** ERROR: Module load completed but symbols could not be loaded for afd.sys
*** ERROR: Module load completed but symbols could not be loaded for nsiproxy.sys
*** ERROR: Module load completed but symbols could not be loaded for npsvctrig.sys
*** ERROR: Module load completed but symbols could not be loaded for mshidkmdf.sys
*** ERROR: Module load completed but symbols could not be loaded for i8042prt.sys
*** ERROR: Module load completed but symbols could not be loaded for cdfs.sys
*** ERROR: Module load completed but symbols could not be loaded for igdkmd64.sys
*** ERROR: Module load completed but symbols could not be loaded for ucx01000.sys
*** ERROR: Module load completed but symbols could not be loaded for HECIx64.sys
*** ERROR: Module load completed but symbols could not be loaded for usbehci.sys
*** ERROR: Module load completed but symbols could not be loaded for HDAudBus.sys
*** ERROR: Module load completed but symbols could not be loaded for Rt630x64.sys
*** ERROR: Module load completed but symbols could not be loaded for sows.sys
*** ERROR: Module load completed but symbols could not be loaded for SFEP.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for HIDPARSE.SYS -
*** ERROR: Module load completed but symbols could not be loaded for vwifibus.sys
*** ERROR: Module load completed but symbols could not be loaded for RtsPStor.sys
*** ERROR: Module load completed but symbols could not be loaded for iwdbus.sys
*** ERROR: Module load completed but symbols could not be loaded for rdpbus.sys
*** ERROR: Module load completed but symbols could not be loaded for vbaudio_cable64_win7.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for drmk.sys -
*** ERROR: Module load completed but symbols could not be loaded for ksthunk.sys
*** ERROR: Module load completed but symbols could not be loaded for vbaudio_hfvaio64_win7.sys
*** ERROR: Module load completed but symbols could not be loaded for SynTP.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for USBD.SYS -
*** ERROR: Module load completed but symbols could not be loaded for kbdclass.sys
*** ERROR: Module load completed but symbols could not be loaded for mouclass.sys
*** ERROR: Module load completed but symbols could not be loaded for Smb_driver_Intel.sys
*** ERROR: Module load completed but symbols could not be loaded for CmBatt.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for BATTC.SYS -
*** ERROR: Module load completed but symbols could not be loaded for intelppm.sys
*** ERROR: Module load completed but symbols could not be loaded for NdisVirtualBus.sys
*** ERROR: Module load completed but symbols could not be loaded for swenum.sys
*** ERROR: Module load completed but symbols could not be loaded for teVirtualMIDI64.sys
*** ERROR: Module load completed but symbols could not be loaded for vbaudio_vmvaio64_win7.sys
*** ERROR: Module load completed but symbols could not be loaded for vbaudio_vmauxvaio64_win7.sys
*** ERROR: Module load completed but symbols could not be loaded for SynchronousAudioRouter.sys
*** ERROR: Module load completed but symbols could not be loaded for PROCMON23.SYS
*** ERROR: Module load completed but symbols could not be loaded for fastfat.SYS
*** ERROR: Module load completed but symbols could not be loaded for UsbHub3.sys
*** ERROR: Module load completed but symbols could not be loaded for lltdio.sys
*** ERROR: Module load completed but symbols could not be loaded for mrxsmb10.sys
*** ERROR: Module load completed but symbols could not be loaded for npf.sys
*** ERROR: Module load completed but symbols could not be loaded for luafv.sys
*** ERROR: Module load completed but symbols could not be loaded for vmnetbridge.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for VMNET.SYS -
*** ERROR: Module load completed but symbols could not be loaded for RTKVHD64.sys
*** ERROR: Module load completed but symbols could not be loaded for IntcDAud.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for dump_diskdump.sys -
*** ERROR: Module load completed but symbols could not be loaded for dump_dumpfve.sys
*** ERROR: Module load completed but symbols could not be loaded for btfilter.sys
*** ERROR: Module load completed but symbols could not be loaded for BTHUSB.sys
*** ERROR: Module load completed but symbols could not be loaded for bthpan.sys
*** ERROR: Module load completed but symbols could not be loaded for BthA2DP.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for btampm.sys -
*** ERROR: Module load completed but symbols could not be loaded for BthAvrcpTg.sys
*** ERROR: Module load completed but symbols could not be loaded for bthhfenum.sys
*** ERROR: Module load completed but symbols could not be loaded for monitor.sys
*** ERROR: Module load completed but symbols could not be loaded for usbccgp.sys
*** ERROR: Module load completed but symbols could not be loaded for mouhid.sys
*** ERROR: Module load completed but symbols could not be loaded for BthLEEnum.sys
*** ERROR: Module load completed but symbols could not be loaded for rfcomm.sys
*** ERROR: Module load completed but symbols could not be loaded for BthHFHid.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for bthport.sys -
*** ERROR: Module load completed but symbols could not be loaded for BthEnum.sys
*** ERROR: Module load completed but symbols could not be loaded for BthHfAud.sys
*** ERROR: Module load completed but symbols could not be loaded for awealloc.sys
*** ERROR: Module load completed but symbols could not be loaded for imdisk.sys
*** ERROR: Module load completed but symbols could not be loaded for IntelHaxm.sys
*** ERROR: Module load completed but symbols could not be loaded for ndisuio.sys
*** ERROR: Module load completed but symbols could not be loaded for rspndr.sys
*** ERROR: Module load completed but symbols could not be loaded for bowser.sys
*** ERROR: Module load completed but symbols could not be loaded for mpsdrv.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for mrxsmb.sys -
*** ERROR: Module load completed but symbols could not be loaded for mrxsmb20.sys
*** ERROR: Module load completed but symbols could not be loaded for hcmon.sys
*** ERROR: Module load completed but symbols could not be loaded for vmx86.sys
*** ERROR: Module load completed but symbols could not be loaded for WudfPf.sys
*** ERROR: Module load completed but symbols could not be loaded for peauth.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for srvnet.sys -
*** ERROR: Module load completed but symbols could not be loaded for tcpipreg.sys
*** ERROR: Module load completed but symbols could not be loaded for vmnetuserif.sys
*** ERROR: Module load completed but symbols could not be loaded for srv2.sys
*** ERROR: Module load completed but symbols could not be loaded for HTTP.sys
*** ERROR: Module load completed but symbols could not be loaded for srv.sys
*** ERROR: Module load completed but symbols could not be loaded for vwifimp.sys
*** ERROR: Module load completed but symbols could not be loaded for tunnel.sys
*** ERROR: Module load completed but symbols could not be loaded for condrv.sys
*** ERROR: Module load completed but symbols could not be loaded for PROCEXP152.SYS
*** ERROR: Module load completed but symbols could not be loaded for Dbgv.sys
*** ERROR: Symbol file could not be found. Defaulted to export symbols for kd.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for win32k.sys -
*** ERROR: Module load completed but symbols could not be loaded for TSDDD.dll
*** WARNING: Unable to verify timestamp for cdd.dll
*** ERROR: Module load completed but symbols could not be loaded for cdd.dll
Exit on Control-C
0: kd> dt nt!_HANDLE_TYPE ffffc001615e3980
Symbol nt!_HANDLE_TYPE not found.
0: kd> dt nt!_HANDLE_TABLE ffffc001615e3980
+0x000 NextHandleNeedingPool : 0x800
+0x004 ExtraInfoPages : 0n0
+0x008 TableCode : 0xffffc001`62014001
+0x010 QuotaProcess : 0xffffe000`2b050680 _EPROCESS
+0x018 HandleTableList : _LIST_ENTRY [ 0xffffc001`5e0b8058 - 0xffffc001`61612558 ]
+0x028 UniqueProcessId : 0xfbc
+0x02c Flags : 8
+0x02c StrictFIFO : 0y0
+0x02c EnableHandleExceptions : 0y0
+0x02c Rundown : 0y0
+0x02c Duplicated : 0y1
+0x030 HandleContentionEvent : _EX_PUSH_LOCK
+0x038 HandleTableLock : _EX_PUSH_LOCK
+0x040 FreeLists : [1] _HANDLE_TABLE_FREE_LIST
+0x040 ActualEntry : [32] ""
+0x060 DebugInfo : (null)
0: kd> dx -id 0,0,ffffe00026d0c040 -r1 (*((ntkrnlmp!_LIST_ENTRY *)0xffffc001615e3998))
(*((ntkrnlmp!_LIST_ENTRY *)0xffffc001615e3998)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0xffffc0015e0b8058 [Type: _LIST_ENTRY *]
[+0x008] Blink : 0xffffc00161612558 [Type: _LIST_ENTRY *]
0: kd> dp nt!LEVEL_CODE_MASK
Couldn't resolve error at 'nt!LEVEL_CODE_MASK'
0: kd> dp LEVEL_CODE_MASK
Couldn't resolve error at 'LEVEL_CODE_MASK'
0: kd> dx -r1 ((ntkrnlmp!_LIST_ENTRY *)0xffffc0015e0b8058)
((ntkrnlmp!_LIST_ENTRY *)0xffffc0015e0b8058) : 0xffffc0015e0b8058 [Type: _LIST_ENTRY *]
[+0x000] Flink : 0xffffc00162104058 [Type: _LIST_ENTRY *]
[+0x008] Blink : 0xffffc001615e3998 [Type: _LIST_ENTRY *]
0: kd> !objects
No export objects found
0: kd> !object
Usage: !object [-p] | [[<Path>] | [<Address>] | [0 <TypeName>]]
0: kd> !object -p
Cannot find _OBJECT_NAMESPACE_LOOKUPTABLE type.
0: kd> !handle 0 1 0xffffe000`2b050680
PROCESS ffffe0002b050680
SessionId: 1 Cid: 0fbc Peb: 7ff5ffff3000 ParentCid: 0efc
DirBase: 156933000 ObjectTable: ffffc001615e3980 HandleCount: <Data Not Accessible>
Image: jackd.exe
Handle Error reading handle count.
0428: Object: ffffe0002c6a96c0 GrantedAccess: 001f0003 (Protected)
042c: Object: ffffe0002ca64c20 GrantedAccess: 00120089 (Protected) (Inherit) (Audit)
0430: Object: ffffe0002b976480 GrantedAccess: 001fffff (Protected) (Audit)
0434: Object: ffffe0002c7a6880 GrantedAccess: 001fffff (Protected) (Audit)
0438: Object: ffffe0002b013630 GrantedAccess: 001f0001
043c: Object: ffffe0002c7a6630 GrantedAccess: 001f0001
0440: Object: ffffe0002c816c50 GrantedAccess: 001f0003 (Inherit)
0444: Object: ffffe0002b559480 GrantedAccess: 001fffff (Protected) (Audit)
044c: Object: ffffe0002b937db0 GrantedAccess: 00000001
0450: Object: ffffe0002c587f20 GrantedAccess: 0012019f (Protected) (Inherit) (Audit)
0458: Object: ffffe0002c8baf20 GrantedAccess: 00000002 (Protected) (Inherit) (Audit)
0464: Object: ffffc001620345c0 GrantedAccess: 000f0007 (Protected)
0468: Object: ffffc001620345c0 GrantedAccess: 000f001f (Protected)
046c: Object: ffffc0016208c160 GrantedAccess: 000f0007 (Protected) (Inherit)
0474: Object: ffffe0002c67ded0 GrantedAccess: 00000804 (Inherit)
0478: Object: ffffe0002c7b0210 GrantedAccess: 001f0003 (Inherit) (Audit)
0484: Object: ffffe0002ca80a20 GrantedAccess: 001f0003 (Protected) (Inherit) (Audit)
0488: Object: ffffc001626b3590 GrantedAccess: 00020019 (Inherit) (Audit)
048c: Object: ffffe00028032880 GrantedAccess: 001fffff (Protected) (Audit)
0490: Object: ffffe0002c214930 GrantedAccess: 001f0003
049c: Object: ffffc0016208e580 GrantedAccess: 000f001f (Protected) (Audit)
04a0: Object: ffffc0016208e580 GrantedAccess: 000f0007 (Protected) (Audit)
04a4: Object: ffffc0016208add0 GrantedAccess: 000f0007 (Inherit)
04a8: Object: ffffc0016208add0 GrantedAccess: 000f001f (Inherit)
04ac: Object: ffffe0002bbbc9e0 GrantedAccess: 001f0003 (Protected) (Inherit)
04b4: Object: ffffc0016208e280 GrantedAccess: 000f001f (Protected) (Audit)
04b8: Object: ffffe0002b08c940 GrantedAccess: 00100003 (Protected)
04bc: Object: ffffe0002cceb880 GrantedAccess: 001fffff (Protected) (Audit)
04c0: Object: ffffe0002bd0e960 GrantedAccess: 001f0003 (Protected) (Inherit)
04c4: Object: ffffc001621673d0 GrantedAccess: 000f0007 (Inherit)
04c8: Object: ffffc001621673d0 GrantedAccess: 000f001f (Inherit)
04d0: Object: ffffc0016208e280 GrantedAccess: 000f0007 (Protected) (Audit)
04d4: Object: ffffc0016208c160 GrantedAccess: 000f001f (Protected) (Inherit)
04d8: Object: ffffc0016208c080 GrantedAccess: 000f001f (Protected) (Audit)
04dc: Object: ffffc0016208c080 GrantedAccess: 000f0007 (Protected) (Audit)
04e0: Object: ffffc0016208c080 GrantedAccess: 000f0007 (Protected) (Audit)
04e4: Object: ffffc0016208c080 GrantedAccess: 000f001f (Protected) (Audit)
04e8: Object: ffffc0016208c160 GrantedAccess: 000f001f (Protected) (Inherit)
04f0: Object: ffffe0002bb6b220 GrantedAccess: 0012019f (Protected) (Inherit) (Audit)
04f4: Object: ffffe0002749f880 GrantedAccess: 001fffff (Protected) (Audit)
0500: Object: ffffe0002714d080 GrantedAccess: 001fffff (Protected) (Audit)
0504: Object: ffffe0002710d080 GrantedAccess: 001fffff (Protected) (Audit)
0508: Object: ffffe0002c1e7400 GrantedAccess: 001f0003 (Protected) (Audit)
050c: Object: ffffc0016208e580 GrantedAccess: 000f0007 (Protected) (Audit)
0510: Object: ffffc0016208e580 GrantedAccess: 000f001f (Protected) (Audit)
0518: Object: ffffe0002a8899c0 GrantedAccess: 001f0003 (Protected)
051c: Object: ffffc0016208add0 GrantedAccess: 000f001f (Inherit)
0520: Object: ffffc0016208c160 GrantedAccess: 000f0007 (Protected) (Inherit)
0528: Object: ffffc0016208e280 GrantedAccess: 000f0007 (Protected) (Audit)
052c: Object: ffffc0016208e280 GrantedAccess: 000f001f (Protected) (Audit)
0530: Object: ffffc001621673d0 GrantedAccess: 000f0007 (Inherit)
0534: Object: ffffc0016208add0 GrantedAccess: 000f0007 (Inherit)
0538: Object: ffffc0016208e1c0 GrantedAccess: 000f0007 (Protected)
0540: Object: ffffc001621673d0 GrantedAccess: 000f001f (Inherit)
0544: Object: ffffc0016208e1c0 GrantedAccess: 000f0007 (Protected)
0548: Object: ffffc0016208e1c0 GrantedAccess: 000f001f (Protected)
0558: Object: ffffe000270ec080 GrantedAccess: 001fffff (Protected) (Audit)
0560: Object: ffffc00162105450 GrantedAccess: 000f0007 (Inherit)
0564: Object: ffffc00162105450 GrantedAccess: 000f001f (Inherit)
0568: Object: ffffe0002bf78d20 GrantedAccess: 001f0003 (Protected) (Inherit) (Audit)
056c: Object: ffffe0002c590880 GrantedAccess: 001fffff (Protected) (Audit)
0570: Object: ffffc001627286c0 GrantedAccess: 00020019 (Protected)
0574: Object: ffffc00162707480 GrantedAccess: 00020019 (Protected) (Audit)
0578: Object: ffffe000271a1510 GrantedAccess: 00100020 (Inherit) (Audit)
057c: Object: ffffe000292e48e0 GrantedAccess: 001f0003 (Protected) (Inherit)
0580: Object: ffffe0002727b080 GrantedAccess: 001fffff (Protected) (Audit)
0584: Object: ffffe0002c83ef20 GrantedAccess: 00120089 (Protected) (Inherit) (Audit)
0588: Object: ffffe0002ab8ae50 GrantedAccess: 00100000 (Inherit)
058c: Object: ffffc00162e080b0 GrantedAccess: 000f0005
0590: Object: ffffc0016208e1c0 GrantedAccess: 000f001f (Protected)
0598: Object: ffffe0002777e300 GrantedAccess: 001f0003 (Protected) (Audit)
059c: Object: ffffc001793d4650 GrantedAccess: 000f0007 (Inherit)
05a0: Object: ffffc001793d4650 GrantedAccess: 000f001f (Inherit)
05a8: Object: ffffe00026f75600 GrantedAccess: 001f0003 (Protected) (Audit)
05ac: Object: ffffc00183190830 GrantedAccess: 000f0007
05b0: Object: ffffc00183190830 GrantedAccess: 000f001f
05b8: Object: ffffe000272b72e0 GrantedAccess: 001f0003 (Protected) (Inherit)
05bc: Object: ffffe0002737e880 GrantedAccess: 001fffff (Protected) (Audit)
05c8: Object: ffffc00162105450 GrantedAccess: 000f0007 (Inherit)
05cc: Object: ffffc00162105450 GrantedAccess: 000f001f (Inherit)
0: kd> .frame
09 ffffd001`85f8d6e0 fffff801`49ca15cd nt!ExSweepHandleTable+0xba
0: kd> .frame 7
07 ffffd001`85f8d570 fffff801`49c18207 nt!ObpDecrementHandleCount+0x1b6
0: kd> .frame 8
08 ffffd001`85f8d610 fffff801`49c17be6 nt!ObCloseHandleTableEntry+0x313
0: kd> .frame 9
09 ffffd001`85f8d6e0 fffff801`49ca15cd nt!ExSweepHandleTable+0xba
0: kd> .frame 9 /r
Couldn't resolve error at 'r'
0: kd> .frame /r 9
09 ffffd001`85f8d6e0 fffff801`49ca15cd nt!ExSweepHandleTable+0xba
rax=0000000000000000 rbx=0000000000000424 rcx=0000000000000000
rdx=0000000000000000 rsi=fffae0002b8f9380 rdi=ffffffffffffffff
rip=fffff80149c17be6 rsp=ffffd00185f8d6e0 rbp=ffffd00185f8d800
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000102 r13=ffffe0002b050680
r14=ffffc00162015090 r15=ffffc001615e3980
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!ExSweepHandleTable+0xba:
fffff801`49c17be6 4533c9 xor r9d,r9d
0: kd> !object ffffc001615e3980
ffffc001615e3980: Not a valid object (ObjectType invalid)
0: kd> !object ffffc00162015090
Object: ffffc00162015090 Type: (ffffe00026d01e90) Directory
ObjectHeader: ffffc00162015060 (new version)
HandleCount: 55836606465 PointerCount: 0
Directory Object: 00000000 Name: (*** Name not accessible ***)
Hash Address Type Name
---- ------- ---- ----
01 Unable to read directory entry at 0000001e001f01ff
02 Unable to read directory entry at e0002c6a9690f761
03 Unable to read directory entry at 0000001c001f0003
04 Unable to read directory entry at e0002ca64bf0fffb
05 Unable to read directory entry at 0000001e00120089
06 Unable to read directory entry at e0002b9764500001
07 Unable to read directory entry at 00000008001fffff
08 Unable to read directory entry at e0002c7a68500001
09 Unable to read directory entry at 00000008001fffff
10 Unable to read directory entry at e0002b013600ffff
11 Unable to read directory entry at 00000026001f0001
12 Unable to read directory entry at e0002c7a6600fffd
13 Unable to read directory entry at 00000026001f0001
14 Unable to read directory entry at e0002c816c20ffff
15 Unable to read directory entry at 0000000c001f0003
16 Unable to read directory entry at e0002b5594500001
17 Unable to read directory entry at 00000008001fffff
20 Unable to read directory entry at e0002b937d8049ab
21 Unable to read directory entry at 0000001e00000001
22 Unable to read directory entry at e0002c587ef0fff7
23 Unable to read directory entry at 0000001e0012019f
25 ffffc00162015170 - ffffc00162015170: Not a valid object (ObjectType invalid)
26 Unable to read directory entry at e0002c8baef0fff5
27 Unable to read directory entry at 0000001e00000002
29 ffffc00162015710 - ffffc00162015710: Not a valid object (ObjectType invalid)
31 ffffc00162015700 Directory (*** Name not accessible ***)
32 Unable to read directory entry at c001620345900001
33 Unable to read directory entry at 00000023000f0007
34 Unable to read directory entry at c00162034590ffff
35 Unable to read directory entry at 00000023000f001f
36 Unable to read directory entry at c0016208c1300001
0: kd> dt nt!_HANDLE_TABLE ffffc001615e3980
+0x000 NextHandleNeedingPool : 0x800
+0x004 ExtraInfoPages : 0n0
+0x008 TableCode : 0xffffc001`62014001
+0x010 QuotaProcess : 0xffffe000`2b050680 _EPROCESS
+0x018 HandleTableList : _LIST_ENTRY [ 0xffffc001`5e0b8058 - 0xffffc001`61612558 ]
+0x028 UniqueProcessId : 0xfbc
+0x02c Flags : 8
+0x02c StrictFIFO : 0y0
+0x02c EnableHandleExceptions : 0y0
+0x02c Rundown : 0y0
+0x02c Duplicated : 0y1
+0x030 HandleContentionEvent : _EX_PUSH_LOCK
+0x038 HandleTableLock : _EX_PUSH_LOCK
+0x040 FreeLists : [1] _HANDLE_TABLE_FREE_LIST
+0x040 ActualEntry : [32] ""
+0x060 DebugInfo : (null)
0: kd> !process 0xffffe000`2b050680
PROCESS ffffe0002b050680
SessionId: 1 Cid: 0fbc Peb: 7ff5ffff3000 ParentCid: 0efc
DirBase: 156933000 ObjectTable: ffffc001615e3980 HandleCount: <Data Not Accessible>
Image: jackd.exe
VadRoot ffffe0002b91a620 Vads 137 Clone 0 Private 2394. Modified 15084. Locked 0.
DeviceMap ffffc0015f53c950
Token ffffc001615e3060
ElapsedTime 04:55:23.368
UserTime 00:00:00.125
KernelTime 00:00:00.171
QuotaPoolUsage[PagedPool] 275704
QuotaPoolUsage[NonPagedPool] 18192
Working Set Sizes (now,min,max) (7441, 4301, 4596) (29764KB, 17204KB, 18384KB)
PeakWorkingSetSize 8884
VirtualSize 153 Mb
PeakVirtualSize 198 Mb
PageFaultCount 29205
MemoryPriority BACKGROUND
BasePriority 4
CommitCharge 2878
Job ffffe0002c3d7b50
THREAD ffffe0002b8f9380 Cid 0fbc.0fc0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (DelayExecution) KernelMode Non-Alertable
ffffffffffffffff NotificationEvent
Not impersonating
DeviceMap ffffc0015f53c950
Owning Process ffffe0002b050680 Image: jackd.exe
Attached Process N/A Image: N/A
Wait Start TickCount 1147225
Context Switch Count 112351 IdealProcessor: 0
UserTime 00:00:00.031
KernelTime 00:00:00.156
Win32 Start Address 0x0000000000401530
Stack Init ffffd00185f8dc90 Current ffffd00185f8d0d0
Base ffffd00185f8e000 Limit ffffd00185f88000 Call 0000000000000000
Priority 4 BasePriority 4 PriorityDecrement 0 IoPriority 2 PagePriority 5
Child-SP RetAddr Call Site
ffffd001`85f8d110 fffff801`498f07be nt!KiSwapContext+0x76
ffffd001`85f8d250 fffff801`498f0239 nt!KiSwapThread+0x14e
ffffd001`85f8d2f0 fffff801`498d6534 nt!KiCommitThreadWait+0x129
ffffd001`85f8d370 fffff801`49a167e8 nt!KeDelayExecutionThread+0xe14
ffffd001`85f8d410 fffff801`49c72901 nt! ?? ::FNODOBFM::`string'+0x33718
ffffd001`85f8d4a0 fffff801`49c1c302 nt!IopCleanupProcessResources+0x25
ffffd001`85f8d4e0 fffff801`49c1840e nt!IopCloseFile+0x272
ffffd001`85f8d570 fffff801`49c18207 nt!ObpDecrementHandleCount+0x1b6
ffffd001`85f8d610 fffff801`49c17be6 nt!ObCloseHandleTableEntry+0x313
ffffd001`85f8d6e0 fffff801`49ca15cd nt!ExSweepHandleTable+0xba
ffffd001`85f8d740 fffff801`49ca1398 nt!ObKillProcess+0x31
ffffd001`85f8d770 fffff801`49c67ea7 nt!PspRundownSingleProcess+0xa4
ffffd001`85f8d800 fffff801`49d0c038 nt!PspExitThread+0x573
ffffd001`85f8d910 fffff801`498edafa nt!KiSchedulerApcTerminate+0x18
ffffd001`85f8d940 fffff801`499d7ac0 nt!KiDeliverApc+0x2fa
ffffd001`85f8d9c0 fffff801`499de45a nt!KiInitiateUserApc+0x70
ffffd001`85f8db00 00007ffb`9ae1071a nt!KiSystemServiceExit+0x9f (TrapFrame @ ffffd001`85f8db00)
00000000`0023f7c8 00000000`00000000 0x00007ffb`9ae1071a
0: kd> .frame /r 9
09 ffffd001`85f8d6e0 fffff801`49ca15cd nt!ExSweepHandleTable+0xba
rax=0000000000000000 rbx=0000000000000424 rcx=0000000000000000
rdx=0000000000000000 rsi=fffae0002b8f9380 rdi=ffffffffffffffff
rip=fffff80149c17be6 rsp=ffffd00185f8d6e0 rbp=ffffd00185f8d800
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000102 r13=ffffe0002b050680
r14=ffffc00162015090 r15=ffffc001615e3980
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!ExSweepHandleTable+0xba:
fffff801`49c17be6 4533c9 xor r9d,r9d
0: kd> dt nt!_HANDLE_TABLE_ENTRY ffffc00162015090
+0x000 VolatileLowValue : 0n0
+0x000 LowValue : 0n0
+0x000 InfoTable : (null)
+0x000 Unlocked : 0y0
+0x000 RefCnt : 0y0000000000000000 (0)
+0x000 Attributes : 0y000
+0x000 ObjectPointerBits : 0y00000000000000000000000000000000000000000000 (0)
+0x008 HighValue : 0n128851051007
+0x008 NextFreeHandleEntry : 0x0000001e`001f01ff _HANDLE_TABLE_ENTRY
+0x008 LeafHandleValue : _EXHANDLE
+0x008 GrantedAccessBits : 0y0000111110000000111111111 (0x1f01ff)
+0x008 NoRightsUpgrade : 0y0
+0x008 Spare : 0y000000 (0)
+0x00c TypeInfo : 0x1e
0: kd> dt ntoskrnl!_HANDLE_TABLE_ENTRY ffffc00162015090
Symbol ntoskrnl!_HANDLE_TABLE_ENTRY not found.
0: kd> dt nt!_HANDLE_TABLE_ENTRY ffffc00162015090
+0x000 VolatileLowValue : 0n0
+0x000 LowValue : 0n0
+0x000 InfoTable : (null)
+0x000 Unlocked : 0y0
+0x000 RefCnt : 0y0000000000000000 (0)
+0x000 Attributes : 0y000
+0x000 ObjectPointerBits : 0y00000000000000000000000000000000000000000000 (0)
+0x008 HighValue : 0n128851051007
+0x008 NextFreeHandleEntry : 0x0000001e`001f01ff _HANDLE_TABLE_ENTRY
+0x008 LeafHandleValue : _EXHANDLE
+0x008 GrantedAccessBits : 0y0000111110000000111111111 (0x1f01ff)
+0x008 NoRightsUpgrade : 0y0
+0x008 Spare : 0y000000 (0)
+0x00c TypeInfo : 0x1e
0: kd> dx -id 0,0,ffffe00026d0c040 -r1 (*((ntkrnlmp!_EXHANDLE *)0xffffc00162015098))
(*((ntkrnlmp!_EXHANDLE *)0xffffc00162015098)) [Type: _EXHANDLE]
[+0x000 ( 1: 0)] TagBits : 0x3 [Type: unsigned long]
[+0x000 (31: 2)] Index : 0x7c07f [Type: unsigned long]
[+0x000] GenericHandleOverlay : 0x1e001f01ff [Type: void *]
[+0x000] Value : 0x1e001f01ff [Type: unsigned __int64]
0: kd> .frame /r 8
08 ffffd001`85f8d610 fffff801`49c17be6 nt!ObCloseHandleTableEntry+0x313
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000007ff5 rdi=ffffe0002b0b8cb0
rip=fffff80149c18207 rsp=ffffd00185f8d610 rbp=0000000000000424
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=ffffe0002b050680 r13=ffffe0002b0b8c80
r14=0000000000000001 r15=ffffc001615e3980
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!ObCloseHandleTableEntry+0x313:
fffff801`49c18207 385c2430 cmp byte ptr [rsp+30h],bl ss:ffffd001`85f8d640=00
0: kd> !object ffffe0002b0b8c80
ffffe0002b0b8c80: Not a valid object (ObjectType invalid)
0: kd> !object ffffe0002b050680
Object: ffffe0002b050680 Type: (ffffe00026cfef20) Process
ObjectHeader: ffffe0002b050650 (new version)
HandleCount: 3 PointerCount: 86528
0: kd> !handle ffffe0002b0b8c80
PROCESS ffffe00026d0c040
SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000
DirBase: 001ab000 ObjectTable: ffffc0015d003000 HandleCount: <Data Not Accessible>
Image: System
Kernel handle Error reading handle count.
Invalid Handle: 0x2b0b8c80
0: kd> dt nt!_OBJECT_HEADER ffffe0002b0b8c80
+0x000 PointerCount : 0n32759
+0x008 HandleCount : 0n0
+0x008 NextToFree : (null)
+0x010 Lock : _EX_PUSH_LOCK
+0x018 TypeIndex : 0x1e ''
+0x019 TraceFlags : 0 ''
+0x019 DbgRefTrace : 0y0
+0x019 DbgTracePermanent : 0y0
+0x01a InfoMask : 0xc ''
+0x01b Flags : 0x40 '@'
+0x01b NewObject : 0y0
+0x01b KernelObject : 0y0
+0x01b KernelOnlyAccess : 0y0
+0x01b ExclusiveObject : 0y0
+0x01b PermanentObject : 0y0
+0x01b DefaultSecurityQuota : 0y0
+0x01b SingleHandleEntry : 0y1
+0x01b DeletedInline : 0y0
+0x01c Spare : 0
+0x020 ObjectCreateInfo : 0xffffe000`2b7b22c0 _OBJECT_CREATE_INFORMATION
+0x020 QuotaBlockCharged : 0xffffe000`2b7b22c0 Void
+0x028 SecurityDescriptor : (null)
+0x030 Body : _QUAD
0: kd> dx -id 0,0,ffffe00026d0c040 -r1 (*((ntkrnlmp!_QUAD *)0xffffe0002b0b8cb0))
(*((ntkrnlmp!_QUAD *)0xffffe0002b0b8cb0)) [Type: _QUAD]
[+0x000] UseThisFieldToCopy : 14155781 [Type: __int64]
[+0x000] DoNotUseThisField : 0.000000 [Type: double]
0: kd> !object ffffe00026d0c040
Object: ffffe00026d0c040 Type: (ffffe00026cfef20) Process
ObjectHeader: ffffe00026d0c010 (new version)
HandleCount: 5 PointerCount: 178392
0: kd> !object 0xffffe0002b0b8cb0
Object: ffffe0002b0b8cb0 Type: (ffffe00026e37b00) File
ObjectHeader: ffffe0002b0b8c80 (new version)
HandleCount: 0 PointerCount: 32759
Directory Object: 00000000 Name: \{0eb287d4-6c04-4926-ae19-3c066a4c3f3a} {00000018}
0: kd> !object 0xffffe0002b0b8cb0 7
Object: ffffe0002b0b8cb0 Type: (ffffe00026e37b00) File
ObjectHeader: ffffe0002b0b8c80 (new version)
HandleCount: 0 PointerCount: 32759
Directory Object: 00000000 Name: \{0eb287d4-6c04-4926-ae19-3c066a4c3f3a} {00000018}
0: kd> !object 0xffffe0002b0b8cb0 ff
Object: ffffe0002b0b8cb0 Type: (ffffe00026e37b00) File
ObjectHeader: ffffe0002b0b8c80 (new version)
HandleCount: 0 PointerCount: 32759
Directory Object: 00000000 Name: \{0eb287d4-6c04-4926-ae19-3c066a4c3f3a} {00000018}
Optional Headers:
HandleInfo(ffffe0002b0b8c80)
QuotaInfo(ffffe0002b0b8c80) PPool: 7ff7, NPPool: 0
SecurityDescriptor: 0, SDQuotaBlock: 0000000000000000
0: kd> !object ffffe00026e37b00
Object: ffffe00026e37b00 Type: (ffffe00026d0ee00) Type
ObjectHeader: ffffe00026e37ad0 (new version)
HandleCount: 0 PointerCount: 2
Directory Object: ffffc0015d00c060 Name: File
0: kd> dt nt!_OBJECT_HEADER ffffe0002b0b8c80
+0x000 PointerCount : 0n32759
+0x008 HandleCount : 0n0
+0x008 NextToFree : (null)
+0x010 Lock : _EX_PUSH_LOCK
+0x018 TypeIndex : 0x1e ''
+0x019 TraceFlags : 0 ''
+0x019 DbgRefTrace : 0y0
+0x019 DbgTracePermanent : 0y0
+0x01a InfoMask : 0xc ''
+0x01b Flags : 0x40 '@'
+0x01b NewObject : 0y0
+0x01b KernelObject : 0y0
+0x01b KernelOnlyAccess : 0y0
+0x01b ExclusiveObject : 0y0
+0x01b PermanentObject : 0y0
+0x01b DefaultSecurityQuota : 0y0
+0x01b SingleHandleEntry : 0y1
+0x01b DeletedInline : 0y0
+0x01c Spare : 0
+0x020 ObjectCreateInfo : 0xffffe000`2b7b22c0 _OBJECT_CREATE_INFORMATION
+0x020 QuotaBlockCharged : 0xffffe000`2b7b22c0 Void
+0x028 SecurityDescriptor : (null)
+0x030 Body : _QUAD
0: kd> dt nt!_OBJECT_HEADER ffffe00026e37ad0
+0x000 PointerCount : 0n2
+0x008 HandleCount : 0n0
+0x008 NextToFree : (null)
+0x010 Lock : _EX_PUSH_LOCK
+0x018 TypeIndex : 0x2 ''
+0x019 TraceFlags : 0 ''
+0x019 DbgRefTrace : 0y0
+0x019 DbgTracePermanent : 0y0
+0x01a InfoMask : 0x3 ''
+0x01b Flags : 0x13 ''
+0x01b NewObject : 0y1
+0x01b KernelObject : 0y1
+0x01b KernelOnlyAccess : 0y0
+0x01b ExclusiveObject : 0y0
+0x01b PermanentObject : 0y1
+0x01b DefaultSecurityQuota : 0y0
+0x01b SingleHandleEntry : 0y0
+0x01b DeletedInline : 0y0
+0x01c Spare : 0
+0x020 ObjectCreateInfo : (null)
+0x020 QuotaBlockCharged : (null)
+0x028 SecurityDescriptor : (null)
+0x030 Body : _QUAD
0: kd> dt nt!_OBJECT_HEADER ffffe0002b0b8c80
+0x000 PointerCount : 0n32759
+0x008 HandleCount : 0n0
+0x008 NextToFree : (null)
+0x010 Lock : _EX_PUSH_LOCK
+0x018 TypeIndex : 0x1e ''
+0x019 TraceFlags : 0 ''
+0x019 DbgRefTrace : 0y0
+0x019 DbgTracePermanent : 0y0
+0x01a InfoMask : 0xc ''
+0x01b Flags : 0x40 '@'
+0x01b NewObject : 0y0
+0x01b KernelObject : 0y0
+0x01b KernelOnlyAccess : 0y0
+0x01b ExclusiveObject : 0y0
+0x01b PermanentObject : 0y0
+0x01b DefaultSecurityQuota : 0y0
+0x01b SingleHandleEntry : 0y1
+0x01b DeletedInline : 0y0
+0x01c Spare : 0
+0x020 ObjectCreateInfo : 0xffffe000`2b7b22c0 _OBJECT_CREATE_INFORMATION
+0x020 QuotaBlockCharged : 0xffffe000`2b7b22c0 Void
+0x028 SecurityDescriptor : (null)
+0x030 Body : _QUAD
0: kd> dt nt!_OBJECT_TYPE ffffe00026e37ad0
+0x000 TypeList : _LIST_ENTRY [ 0x00000000`00000002 - 0x00000000`00000000 ]
+0x010 Name : _UNICODE_STRING "--- memory read error at address 0x00000000`13030002 ---"
+0x020 DefaultObject : (null)
+0x028 Index : 0 ''
+0x02c TotalNumberOfObjects : 0
+0x030 TotalNumberOfHandles : 0x26e37b00
+0x034 HighWaterNumberOfObjects : 0xffffe000
+0x038 HighWaterNumberOfHandles : 0x26e37b00
+0x040 TypeInfo : _OBJECT_TYPE_INITIALIZER
+0x0b8 TypeLock : _EX_PUSH_LOCK
+0x0c0 Key : 0x49cfa608
+0x0c8 CallbackList : _LIST_ENTRY [ 0xfffff801`49c5b960 - 0xfffff801`49d0167c ]
0: kd> dt nt!_OBJECT_HEADER ffffe0002b0b8c80
+0x000 PointerCount : 0n32759
+0x008 HandleCount : 0n0
+0x008 NextToFree : (null)
+0x010 Lock : _EX_PUSH_LOCK
+0x018 TypeIndex : 0x1e ''
+0x019 TraceFlags : 0 ''
+0x019 DbgRefTrace : 0y0
+0x019 DbgTracePermanent : 0y0
+0x01a InfoMask : 0xc ''
+0x01b Flags : 0x40 '@'
+0x01b NewObject : 0y0
+0x01b KernelObject : 0y0
+0x01b KernelOnlyAccess : 0y0
+0x01b ExclusiveObject : 0y0
+0x01b PermanentObject : 0y0
+0x01b DefaultSecurityQuota : 0y0
+0x01b SingleHandleEntry : 0y1
+0x01b DeletedInline : 0y0
+0x01c Spare : 0
+0x020 ObjectCreateInfo : 0xffffe000`2b7b22c0 _OBJECT_CREATE_INFORMATION
+0x020 QuotaBlockCharged : 0xffffe000`2b7b22c0 Void
+0x028 SecurityDescriptor : (null)
+0x030 Body : _QUAD
0: kd> dt nt!ObTypeIndexTable
Symbol nt!ObTypeIndexTable not found.
0: kd> dt void* nt!ObTypeIndexTable
Ptr64 to
Void
Cannot find specified field members.
0: kd> dt nt!ObTypeIndexTable
Symbol nt!ObTypeIndexTable not found.
0: kd> dps nt!ObTypeIndexTable
fffff801`49b409e0 00000000`00000000
fffff801`49b409e8 ffffd001`74d08000
fffff801`49b409f0 ffffe000`26d0ee00
fffff801`49b409f8 ffffe000`26d01e90
fffff801`49b40a00 ffffe000`26d122e0
fffff801`49b40a08 ffffe000`26d022b0
fffff801`49b40a10 ffffe000`26d72800
fffff801`49b40a18 ffffe000`26cfef20
fffff801`49b40a20 ffffe000`26d0f410
fffff801`49b40a28 ffffe000`26d0df20
fffff801`49b40a30 ffffe000`26d0db00
fffff801`49b40a38 ffffe000`26d04310
fffff801`49b40a40 ffffe000`26e09e40
fffff801`49b40a48 ffffe000`26e09ce0
fffff801`49b40a50 ffffe000`26e09b80
fffff801`49b40a58 ffffe000`26e098e0
0: kd> dt nt!_OBJECT_TYPE poi(nt!ObTypeIndexTable + (0x1e*8))
+0x000 TypeList : _LIST_ENTRY [ 0xffffe000`26e37b00 - 0xffffe000`26e37b00 ]
+0x010 Name : _UNICODE_STRING "File"
+0x020 DefaultObject : 0x00000000`0000009b Void
+0x028 Index : 0x1e ''
+0x02c TotalNumberOfObjects : 0x7780
+0x030 TotalNumberOfHandles : 0xa56
+0x034 HighWaterNumberOfObjects : 0x8276
+0x038 HighWaterNumberOfHandles : 0xd08
+0x040 TypeInfo : _OBJECT_TYPE_INITIALIZER
+0x0b8 TypeLock : _EX_PUSH_LOCK
+0x0c0 Key : 0x656c6946
+0x0c8 CallbackList : _LIST_ENTRY [ 0xffffe000`26e37bc8 - 0xffffe000`26e37bc8 ]
0: kd> dx -id 0,0,ffffe00026d0c040 -r1 (*((ntkrnlmp!_OBJECT_TYPE_INITIALIZER *)0xffffe00026e37b40))
(*((ntkrnlmp!_OBJECT_TYPE_INITIALIZER *)0xffffe00026e37b40)) [Type: _OBJECT_TYPE_INITIALIZER]
[+0x000] Length : 0x78 [Type: unsigned short]
[+0x002] ObjectTypeFlags : 0x11 [Type: unsigned char]
[+0x002 ( 0: 0)] CaseInsensitive : 0x1 [Type: unsigned char]
[+0x002 ( 1: 1)] UnnamedObjectsOnly : 0x0 [Type: unsigned char]
[+0x002 ( 2: 2)] UseDefaultObject : 0x0 [Type: unsigned char]
[+0x002 ( 3: 3)] SecurityRequired : 0x0 [Type: unsigned char]
[+0x002 ( 4: 4)] MaintainHandleCount : 0x1 [Type: unsigned char]
[+0x002 ( 5: 5)] MaintainTypeList : 0x0 [Type: unsigned char]
[+0x002 ( 6: 6)] SupportsObjectCallbacks : 0x0 [Type: unsigned char]
[+0x002 ( 7: 7)] CacheAligned : 0x0 [Type: unsigned char]
[+0x004] ObjectTypeCode : 0x1 [Type: unsigned long]
[+0x008] InvalidAttributes : 0x130 [Type: unsigned long]
[+0x00c] GenericMapping [Type: _GENERIC_MAPPING]
[+0x01c] ValidAccessMask : 0x1f01ff [Type: unsigned long]
[+0x020] RetainAccess : 0x0 [Type: unsigned long]
[+0x024] PoolType : NonPagedPoolNx (512) [Type: _POOL_TYPE]
[+0x028] DefaultPagedPoolCharge : 0x400 [Type: unsigned long]
[+0x02c] DefaultNonPagedPoolCharge : 0x180 [Type: unsigned long]
[+0x030] DumpProcedure : 0x0 [Type: void (__cdecl*)(void *,_OBJECT_DUMP_CONTROL *)]
[+0x038] OpenProcedure : 0x0 [Type: long (__cdecl*)(_OB_OPEN_REASON,char,_EPROCESS *,void *,unsigned long *,unsigned long)]
[+0x040] CloseProcedure : 0xfffff80149c1c090 [Type: void (__cdecl*)(_EPROCESS *,void *,unsigned __int64,unsigned __int64)]
[+0x048] DeleteProcedure : 0xfffff80149c27464 [Type: void (__cdecl*)(void *)]
[+0x050] ParseProcedure : 0xfffff80149cfa608 [Type: long (__cdecl*)(void *,void *,_ACCESS_STATE *,char,unsigned long,_UNICODE_STRING *,_UNICODE_STRING *,void *,_SECURITY_QUALITY_OF_SERVICE *,void * *)]
[+0x058] SecurityProcedure : 0xfffff80149c5b960 [Type: long (__cdecl*)(void *,_SECURITY_OPERATION_CODE,unsigned long *,void *,unsigned long *,void * *,_POOL_TYPE,_GENERIC_MAPPING *,char)]
[+0x060] QueryNameProcedure : 0xfffff80149d0167c [Type: long (__cdecl*)(void *,unsigned char,_OBJECT_NAME_INFORMATION *,unsigned long,unsigned long *,char)]
[+0x068] OkayToCloseProcedure : 0x0 [Type: unsigned char (__cdecl*)(_EPROCESS *,void *,void *,char)]
[+0x070] WaitObjectFlagMask : 0x10000000 [Type: unsigned long]
[+0x074] WaitObjectFlagOffset : 0x50 [Type: unsigned short]
[+0x076] WaitObjectPointerOffset : 0x20 [Type: unsigned short]
0: kd> u fffff80149c1c090
nt!IopCloseFile:
fffff801`49c1c090 48895c2408 mov qword ptr [rsp+8],rbx
fffff801`49c1c095 48896c2410 mov qword ptr [rsp+10h],rbp
fffff801`49c1c09a 4889742420 mov qword ptr [rsp+20h],rsi
fffff801`49c1c09f 57 push rdi
fffff801`49c1c0a0 4154 push r12
fffff801`49c1c0a2 4155 push r13
fffff801`49c1c0a4 4156 push r14
fffff801`49c1c0a6 4157 push r15
0: kd> .frame /r 7
07 ffffd001`85f8d570 fffff801`49c18207 nt!ObpDecrementHandleCount+0x1b6
rax=0000000000000000 rbx=ffffe0002b0b8c80 rcx=0000000000000000
rdx=0000000000000000 rsi=ffffe0002b0b8c00 rdi=0000000000000001
rip=fffff80149c1840e rsp=ffffd00185f8d570 rbp=ffffe00026e37b00
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=ffffe0002b050680 r13=0000000000000000
r14=ffffffffffffffff r15=ffffe0002b050680
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!ObpDecrementHandleCount+0x1b6:
fffff801`49c1840e 4084f6 test sil,sil
0: kd> .frame /r 6
06 ffffd001`85f8d4e0 fffff801`49c1840e nt!IopCloseFile+0x272
rax=0000000000000000 rbx=ffffe000276c07f0 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=ffffe0002b0b8cb0
rip=fffff80149c1c302 rsp=ffffd00185f8d4e0 rbp=ffffe0002b050680
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002a7783a0 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!IopCloseFile+0x272:
fffff801`49c1c302 e9fcfeffff jmp nt!IopCloseFile+0x173 (fffff801`49c1c203)
0: kd> .frame /r 7
07 ffffd001`85f8d570 fffff801`49c18207 nt!ObpDecrementHandleCount+0x1b6
rax=0000000000000000 rbx=ffffe0002b0b8c80 rcx=0000000000000000
rdx=0000000000000000 rsi=ffffe0002b0b8c00 rdi=0000000000000001
rip=fffff80149c1840e rsp=ffffd00185f8d570 rbp=ffffe00026e37b00
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=ffffe0002b050680 r13=0000000000000000
r14=ffffffffffffffff r15=ffffe0002b050680
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!ObpDecrementHandleCount+0x1b6:
fffff801`49c1840e 4084f6 test sil,sil
0: kd> dp poi(ffffe00026e37b00+0x30)
00008276`00000a56 ????????`???????? ????????`????????
00008276`00000a66 ????????`???????? ????????`????????
00008276`00000a76 ????????`???????? ????????`????????
00008276`00000a86 ????????`???????? ????????`????????
00008276`00000a96 ????????`???????? ????????`????????
00008276`00000aa6 ????????`???????? ????????`????????
00008276`00000ab6 ????????`???????? ????????`????????
00008276`00000ac6 ????????`???????? ????????`????????
0: kd> dps poi(ffffe00026e37b00+0x30)
00008276`00000a56 ????????`????????
00008276`00000a5e ????????`????????
00008276`00000a66 ????????`????????
00008276`00000a6e ????????`????????
00008276`00000a76 ????????`????????
00008276`00000a7e ????????`????????
00008276`00000a86 ????????`????????
00008276`00000a8e ????????`????????
00008276`00000a96 ????????`????????
00008276`00000a9e ????????`????????
00008276`00000aa6 ????????`????????
00008276`00000aae ????????`????????
00008276`00000ab6 ????????`????????
00008276`00000abe ????????`????????
00008276`00000ac6 ????????`????????
00008276`00000ace ????????`????????
0: kd> poi(ffffe00026e37b00+0x30)
^ No runnable debuggees error in 'poi(ffffe00026e37b00+0x30)'
0: kd> dps poi(0xffffe00026e37b00+0x30)
00008276`00000a56 ????????`????????
00008276`00000a5e ????????`????????
00008276`00000a66 ????????`????????
00008276`00000a6e ????????`????????
00008276`00000a76 ????????`????????
00008276`00000a7e ????????`????????
00008276`00000a86 ????????`????????
00008276`00000a8e ????????`????????
00008276`00000a96 ????????`????????
00008276`00000a9e ????????`????????
00008276`00000aa6 ????????`????????
00008276`00000aae ????????`????????
00008276`00000ab6 ????????`????????
00008276`00000abe ????????`????????
00008276`00000ac6 ????????`????????
00008276`00000ace ????????`????????
0: kd> d poi(0xffffe00026e37b00 + 0x30)
00008276`00000a56 ????????`????????
00008276`00000a5e ????????`????????
00008276`00000a66 ????????`????????
00008276`00000a6e ????????`????????
00008276`00000a76 ????????`????????
00008276`00000a7e ????????`????????
00008276`00000a86 ????????`????????
00008276`00000a8e ????????`????????
00008276`00000a96 ????????`????????
00008276`00000a9e ????????`????????
00008276`00000aa6 ????????`????????
00008276`00000aae ????????`????????
00008276`00000ab6 ????????`????????
00008276`00000abe ????????`????????
00008276`00000ac6 ????????`????????
00008276`00000ace ????????`????????
0: kd> dp 0xffffe00026e37b30
ffffe000`26e37b30 00008276`00000a56 00000000`00000d08
ffffe000`26e37b40 00000001`00110078 00120089`00000130
ffffe000`26e37b50 001200a0`00120116 001f01ff`001f01ff
ffffe000`26e37b60 00000200`00000000 00000180`00000400
ffffe000`26e37b70 00000000`00000000 00000000`00000000
ffffe000`26e37b80 fffff801`49c1c090 fffff801`49c27464
ffffe000`26e37b90 fffff801`49cfa608 fffff801`49c5b960
ffffe000`26e37ba0 fffff801`49d0167c 00000000`00000000
0: kd> !object 0xffffe00026e37b30
ffffe00026e37b30: Not a valid object (ObjectType invalid)
0: kd> dt nt!_OBJECT_HEADER ffffe0002b0b8c80
+0x000 PointerCount : 0n32759
+0x008 HandleCount : 0n0
+0x008 NextToFree : (null)
+0x010 Lock : _EX_PUSH_LOCK
+0x018 TypeIndex : 0x1e ''
+0x019 TraceFlags : 0 ''
+0x019 DbgRefTrace : 0y0
+0x019 DbgTracePermanent : 0y0
+0x01a InfoMask : 0xc ''
+0x01b Flags : 0x40 '@'
+0x01b NewObject : 0y0
+0x01b KernelObject : 0y0
+0x01b KernelOnlyAccess : 0y0
+0x01b ExclusiveObject : 0y0
+0x01b PermanentObject : 0y0
+0x01b DefaultSecurityQuota : 0y0
+0x01b SingleHandleEntry : 0y1
+0x01b DeletedInline : 0y0
+0x01c Spare : 0
+0x020 ObjectCreateInfo : 0xffffe000`2b7b22c0 _OBJECT_CREATE_INFORMATION
+0x020 QuotaBlockCharged : 0xffffe000`2b7b22c0 Void
+0x028 SecurityDescriptor : (null)
+0x030 Body : _QUAD
0: kd> .frame /r 6
06 ffffd001`85f8d4e0 fffff801`49c1840e nt!IopCloseFile+0x272
rax=0000000000000000 rbx=ffffe000276c07f0 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=ffffe0002b0b8cb0
rip=fffff80149c1c302 rsp=ffffd00185f8d4e0 rbp=ffffe0002b050680
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002a7783a0 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!IopCloseFile+0x272:
fffff801`49c1c302 e9fcfeffff jmp nt!IopCloseFile+0x173 (fffff801`49c1c203)
0: kd> .frame /r 6
06 ffffd001`85f8d4e0 fffff801`49c1840e nt!IopCloseFile+0x272
rax=0000000000000000 rbx=ffffe000276c07f0 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=ffffe0002b0b8cb0
rip=fffff80149c1c302 rsp=ffffd00185f8d4e0 rbp=ffffe0002b050680
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002a7783a0 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!IopCloseFile+0x272:
fffff801`49c1c302 e9fcfeffff jmp nt!IopCloseFile+0x173 (fffff801`49c1c203)
0: kd> 0xffffe0002b0b8c80+0x30
^ Syntax error in '0xffffe0002b0b8c80+0x30'
0: kd> d0xffffe0002b0b8c80+0x30
Symbol not found at address ffffe0002b0b8cb0.
0: kd> dp 0xffffe0002b0b8c80+0x30
ffffe000`2b0b8cb0 00000000`00d80005 ffffe000`26ead060
ffffe000`2b0b8cc0 00000000`00000000 00000000`00000000
ffffe000`2b0b8cd0 ffffe000`2b649950 00000000`00000000
ffffe000`2b0b8ce0 00000000`00000000 00000000`00000000
ffffe000`2b0b8cf0 00000000`00000000 00000000`00000000
ffffe000`2b0b8d00 00000000`00040400 00000000`0078004e
ffffe000`2b0b8d10 ffffc001`62010750 00000000`00000000
ffffe000`2b0b8d20 00000000`00000000 00000000`00000000
0: kd> !object ffffe000`2b0b8cb0
Object: ffffe0002b0b8cb0 Type: (ffffe00026e37b00) File
ObjectHeader: ffffe0002b0b8c80 (new version)
HandleCount: 0 PointerCount: 32759
Directory Object: 00000000 Name: \{0eb287d4-6c04-4926-ae19-3c066a4c3f3a} {00000018}
0: kd> dt nt!_FILE_OBJECT ffffe000`2b0b8cb0
+0x000 Type : 0n5
+0x002 Size : 0n216
+0x008 DeviceObject : 0xffffe000`26ead060 _DEVICE_OBJECT
+0x010 Vpb : (null)
+0x018 FsContext : (null)
+0x020 FsContext2 : 0xffffe000`2b649950 Void
+0x028 SectionObjectPointer : (null)
+0x030 PrivateCacheMap : (null)
+0x038 FinalStatus : 0n0
+0x040 RelatedFileObject : (null)
+0x048 LockOperation : 0 ''
+0x049 DeletePending : 0 ''
+0x04a ReadAccess : 0 ''
+0x04b WriteAccess : 0 ''
+0x04c DeleteAccess : 0 ''
+0x04d SharedRead : 0 ''
+0x04e SharedWrite : 0 ''
+0x04f SharedDelete : 0 ''
+0x050 Flags : 0x40400
+0x058 FileName : _UNICODE_STRING "\{0eb287d4-6c04-4926-ae19-3c066a4c3f3a}"
+0x068 CurrentByteOffset : _LARGE_INTEGER 0x0
+0x070 Waiters : 0
+0x074 Busy : 0
+0x078 LastLock : (null)
+0x080 Lock : _KEVENT
+0x098 Event : _KEVENT
+0x0b0 CompletionContext : 0xffffe000`2b72b5a0 _IO_COMPLETION_CONTEXT
+0x0b8 IrpListLock : 0
+0x0c0 IrpList : _LIST_ENTRY [ 0xffffe000`28108d50 - 0xffffe000`28108d50 ]
+0x0d0 FileObjectExtension : (null)
0: kd> .frame /r 5
05 ffffd001`85f8d4a0 fffff801`49c1c302 nt!IopCleanupProcessResources+0x25
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=ffffe0002b050680
rip=fffff80149c72901 rsp=ffffd00185f8d4a0 rbp=ffffe0002b050680
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002a7783a0 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!IopCleanupProcessResources+0x25:
fffff801`49c72901 4885db test rbx,rbx
0: kd> dx -id 0,0,ffffe00026d0c040 -r1 (*((ntkrnlmp!_LIST_ENTRY *)0xffffe0002b0b8d70))
(*((ntkrnlmp!_LIST_ENTRY *)0xffffe0002b0b8d70)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0xffffe00028108d50 [Type: _LIST_ENTRY *]
[+0x008] Blink : 0xffffe00028108d50 [Type: _LIST_ENTRY *]
0: kd> dt IRP
*************************************************************************
*** ***
*** ***
*** Your debugger is not using the correct symbols ***
*** ***
*** In order for this command to work properly, your symbol path ***
*** must point to .pdb files that have full type information. ***
*** ***
*** Certain .pdb files (such as the public OS symbols) do not ***
*** contain the required information. Contact the group that ***
*** provided you with these symbols if you need this command to ***
*** work. ***
*** ***
*** Type referenced: IRP ***
*** ***
*************************************************************************
Symbol IRP not found.
0: kd> dt nt!_IRP
+0x000 Type : Int2B
+0x002 Size : Uint2B
+0x004 AllocationProcessorNumber : Uint2B
+0x006 Reserved : Uint2B
+0x008 MdlAddress : Ptr64 _MDL
+0x010 Flags : Uint4B
+0x018 AssociatedIrp : <unnamed-tag>
+0x020 ThreadListEntry : _LIST_ENTRY
+0x030 IoStatus : _IO_STATUS_BLOCK
+0x040 RequestorMode : Char
+0x041 PendingReturned : UChar
+0x042 StackCount : Char
+0x043 CurrentLocation : Char
+0x044 Cancel : UChar
+0x045 CancelIrql : UChar
+0x046 ApcEnvironment : Char
+0x047 AllocationFlags : UChar
+0x048 UserIosb : Ptr64 _IO_STATUS_BLOCK
+0x050 UserEvent : Ptr64 _KEVENT
+0x058 Overlay : <unnamed-tag>
+0x068 CancelRoutine : Ptr64 void
+0x070 UserBuffer : Ptr64 Void
+0x078 Tail : <unnamed-tag>
0: kd> dt nt!_IRP 0xffffe00028108d50
+0x000 Type : 0n-29328
+0x002 Size : 0x2b0b
+0x004 AllocationProcessorNumber : 0xe000
+0x006 Reserved : 0xffff
+0x008 MdlAddress : 0xffffe000`2b0b8d70 _MDL
+0x010 Flags : 0
+0x018 AssociatedIrp : <unnamed-tag>
+0x020 ThreadListEntry : _LIST_ENTRY [ 0x04000001`06070001 - 0x00000000`00ae6150 ]
+0x030 IoStatus : _IO_STATUS_BLOCK
+0x040 RequestorMode : 80 'P'
+0x041 PendingReturned : 0x61 'a'
+0x042 StackCount : -82 ''
+0x043 CurrentLocation : 0 ''
+0x044 Cancel : 0 ''
+0x045 CancelIrql : 0 ''
+0x046 ApcEnvironment : 0 ''
+0x047 AllocationFlags : 0 ''
+0x048 UserIosb : (null)
+0x050 UserEvent : 0x00000000`00ae6170 _KEVENT
+0x058 Overlay : <unnamed-tag>
+0x068 CancelRoutine : (null)
+0x070 UserBuffer : (null)
+0x078 Tail : <unnamed-tag>
0: kd> dx -id 0,0,ffffe00026d0c040 -r1 (*((ntkrnlmp!_IRP *)0xffffe00028108d50)).Overlay
(*((ntkrnlmp!_IRP *)0xffffe00028108d50)).Overlay [Type: <unnamed-tag>]
[+0x000] AsynchronousParameters [Type: <unnamed-tag>]
[+0x000] AllocationSize : {0} [Type: _LARGE_INTEGER]
0: kd> .frame /r 4
04 ffffd001`85f8d410 fffff801`49c72901 nt! ?? ::FNODOBFM::`string'+0x33718
rax=0000000000000000 rbx=ffffe0002b0b8d68 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80149a167e8 rsp=ffffd00185f8d410 rbp=ffffe0002b050600
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002b0b8d70 r15=ffffe0002b0b8cb0
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt! ?? ::FNODOBFM::`string'+0x33718:
fffff801`49a167e8 8b942490000000 mov edx,dword ptr [rsp+90h] ss:ffffd001`85f8d4a0=00000080
0: kd> .frame /r 5
05 ffffd001`85f8d4a0 fffff801`49c1c302 nt!IopCleanupProcessResources+0x25
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=ffffe0002b050680
rip=fffff80149c72901 rsp=ffffd00185f8d4a0 rbp=ffffe0002b050680
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002a7783a0 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!IopCleanupProcessResources+0x25:
fffff801`49c72901 4885db test rbx,rbx
0: kd> .frame /r 4
04 ffffd001`85f8d410 fffff801`49c72901 nt! ?? ::FNODOBFM::`string'+0x33718
rax=0000000000000000 rbx=ffffe0002b0b8d68 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80149a167e8 rsp=ffffd00185f8d410 rbp=ffffe0002b050600
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002b0b8d70 r15=ffffe0002b0b8cb0
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt! ?? ::FNODOBFM::`string'+0x33718:
fffff801`49a167e8 8b942490000000 mov edx,dword ptr [rsp+90h] ss:ffffd001`85f8d4a0=00000080
0: kd> .frame /r 4
04 ffffd001`85f8d410 fffff801`49c72901 nt! ?? ::FNODOBFM::`string'+0x33718
rax=0000000000000000 rbx=ffffe0002b0b8d68 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80149a167e8 rsp=ffffd00185f8d410 rbp=ffffe0002b050600
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002b0b8d70 r15=ffffe0002b0b8cb0
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt! ?? ::FNODOBFM::`string'+0x33718:
fffff801`49a167e8 8b942490000000 mov edx,dword ptr [rsp+90h] ss:ffffd001`85f8d4a0=00000080
0: kd> .frame /r 4
04 ffffd001`85f8d410 fffff801`49c72901 nt! ?? ::FNODOBFM::`string'+0x33718
rax=0000000000000000 rbx=ffffe0002b0b8d68 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80149a167e8 rsp=ffffd00185f8d410 rbp=ffffe0002b050600
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002b0b8d70 r15=ffffe0002b0b8cb0
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt! ?? ::FNODOBFM::`string'+0x33718:
fffff801`49a167e8 8b942490000000 mov edx,dword ptr [rsp+90h] ss:ffffd001`85f8d4a0=00000080
0: kd> .frame /r 5
05 ffffd001`85f8d4a0 fffff801`49c1c302 nt!IopCleanupProcessResources+0x25
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=ffffe0002b050680
rip=fffff80149c72901 rsp=ffffd00185f8d4a0 rbp=ffffe0002b050680
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002a7783a0 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!IopCleanupProcessResources+0x25:
fffff801`49c72901 4885db test rbx,rbx
0: kd> db nt!PerfGlobalGroupMask+0x6
fffff801`49be0086 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
fffff801`49be0096 00 00 00 00 00 00 00 00-00 00 3f 00 00 00 04 00 ..........?.....
fffff801`49be00a6 00 00 00 00 00 00 00 00-00 00 ff f5 24 00 00 00 ............$...
fffff801`49be00b6 00 00 ff 3f 99 bd 00 00-00 00 01 00 00 00 00 00 ...?............
fffff801`49be00c6 73 00 40 9e e0 26 00 e0-ff ff 00 00 00 00 00 00 s.@..&..........
fffff801`49be00d6 00 00 20 9b 8b 49 01 f8-ff ff 00 93 bd 49 01 f8 .. ..I.......I..
fffff801`49be00e6 ff ff ff f5 24 00 00 00-00 00 00 00 00 00 80 fa ....$...........
fffff801`49be00f6 ff ff 01 00 00 00 00 30-00 00 18 a0 cf 26 00 e0 .......0.....&..
0: kd> db nt!PerfGlobalGroupMask
fffff801`49be0080 07 21 01 00 80 40 00 00-00 00 00 00 00 00 00 00 .!...@..........
fffff801`49be0090 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
fffff801`49be00a0 3f 00 00 00 04 00 00 00-00 00 00 00 00 00 00 00 ?...............
fffff801`49be00b0 ff f5 24 00 00 00 00 00-ff 3f 99 bd 00 00 00 00 ..$......?......
fffff801`49be00c0 01 00 00 00 00 00 73 00-40 9e e0 26 00 e0 ff ff ......s.@..&....
fffff801`49be00d0 00 00 00 00 00 00 00 00-20 9b 8b 49 01 f8 ff ff ........ ..I....
fffff801`49be00e0 00 93 bd 49 01 f8 ff ff-ff f5 24 00 00 00 00 00 ...I......$.....
fffff801`49be00f0 00 00 00 00 80 fa ff ff-01 00 00 00 00 30 00 00 .............0..
0: kd>
fffff801`49be0080 07 21 01 00 80 40 00 00-00 00 00 00 00 00 00 00 .!...@..........
fffff801`49be0090 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
fffff801`49be00a0 3f 00 00 00 04 00 00 00-00 00 00 00 00 00 00 00 ?...............
fffff801`49be00b0 ff f5 24 00 00 00 00 00-ff 3f 99 bd 00 00 00 00 ..$......?......
fffff801`49be00c0 01 00 00 00 00 00 73 00-40 9e e0 26 00 e0 ff ff ......s.@..&....
fffff801`49be00d0 00 00 00 00 00 00 00 00-20 9b 8b 49 01 f8 ff ff ........ ..I....
fffff801`49be00e0 00 93 bd 49 01 f8 ff ff-ff f5 24 00 00 00 00 00 ...I......$.....
fffff801`49be00f0 00 00 00 00 80 fa ff ff-01 00 00 00 00 30 00 00 .............0..
0: kd> .fnent fffff801`49c72901
Debugger function entry 000000c3`150c3008 for:
(fffff801`49c728dc) nt!IopCleanupProcessResources+0x25 | (fffff801`49c72918) nt!IopCancelIrpsInCurrentThreadListApcRoutine
BeginAddress = 00000000`003ed8dc
EndAddress = 00000000`003ed915
UnwindInfoAddress = 00000000`00258334
Unwind info at fffff801`49add334, 10 bytes
version 2, flags 0, prolog a, codes 6
00: offs 2, unwind op 6, op info 1 UWOP_EPILOG Length: 2. Flags: 1
01: offs 0, unwind op 6, op info 0 UWOP_EPILOG (padding)
02: offs a, unwind op 4, op info 3 UWOP_SAVE_NONVOL FrameOffset: 40 reg: rbx.
04: offs a, unwind op 2, op info 5 UWOP_ALLOC_SMALL.
05: offs 6, unwind op 0, op info 7 UWOP_PUSH_NONVOL reg: rdi.
0: kd> .fnent fffff801`49a167e8
Debugger function entry 000000c3`150c3008 for:
(fffff801`499e30d0) nt! ?? ::FNODOBFM::`string'+0x33718 | (fffff801`49a405d4) nt!DisplayFilter
BeginAddress = 00000000`0019178c
EndAddress = 00000000`0019185f
UnwindInfoAddress = 00000000`0025836c
Unwind info at fffff801`49add36c, 10 bytes
version 2, flags 4, prolog 0, codes 0
Chained info:
BeginAddress = 00000000`000bbbf4
EndAddress = 00000000`000bbe1f
UnwindInfoAddress = 00000000`00258354
Unwind info at fffff801`49add354, 18 bytes
version 2, flags 0, prolog 1d, codes a
00: offs b, unwind op 6, op info 0 UWOP_EPILOG Length: b. Flags: 0
01: offs 7c, unwind op 6, op info 1 UWOP_EPILOG Offset from end: 17c (FFFFF80149940CA3)
02: offs 1d, unwind op 2, op info 9 UWOP_ALLOC_SMALL.
03: offs 19, unwind op 0, op info f UWOP_PUSH_NONVOL reg: r15.
04: offs 17, unwind op 0, op info e UWOP_PUSH_NONVOL reg: r14.
05: offs 15, unwind op 0, op info c UWOP_PUSH_NONVOL reg: r12.
06: offs 13, unwind op 0, op info 7 UWOP_PUSH_NONVOL reg: rdi.
07: offs 12, unwind op 0, op info 6 UWOP_PUSH_NONVOL reg: rsi.
08: offs 11, unwind op 0, op info 5 UWOP_PUSH_NONVOL reg: rbp.
09: offs 10, unwind op 0, op info 3 UWOP_PUSH_NONVOL reg: rbx.
0: kd> .fnent fffff801`49a167e8
Debugger function entry 000000c3`150c3008 for:
(fffff801`499e30d0) nt! ?? ::FNODOBFM::`string'+0x33718 | (fffff801`49a405d4) nt!DisplayFilter
BeginAddress = 00000000`0019178c
EndAddress = 00000000`0019185f
UnwindInfoAddress = 00000000`0025836c
Unwind info at fffff801`49add36c, 10 bytes
version 2, flags 4, prolog 0, codes 0
Chained info:
BeginAddress = 00000000`000bbbf4
EndAddress = 00000000`000bbe1f
UnwindInfoAddress = 00000000`00258354
Unwind info at fffff801`49add354, 18 bytes
version 2, flags 0, prolog 1d, codes a
00: offs b, unwind op 6, op info 0 UWOP_EPILOG Length: b. Flags: 0
01: offs 7c, unwind op 6, op info 1 UWOP_EPILOG Offset from end: 17c (FFFFF80149940CA3)
02: offs 1d, unwind op 2, op info 9 UWOP_ALLOC_SMALL.
03: offs 19, unwind op 0, op info f UWOP_PUSH_NONVOL reg: r15.
04: offs 17, unwind op 0, op info e UWOP_PUSH_NONVOL reg: r14.
05: offs 15, unwind op 0, op info c UWOP_PUSH_NONVOL reg: r12.
06: offs 13, unwind op 0, op info 7 UWOP_PUSH_NONVOL reg: rdi.
07: offs 12, unwind op 0, op info 6 UWOP_PUSH_NONVOL reg: rsi.
08: offs 11, unwind op 0, op info 5 UWOP_PUSH_NONVOL reg: rbp.
09: offs 10, unwind op 0, op info 3 UWOP_PUSH_NONVOL reg: rbx.
0: kd> ln nt+00000000`000bbbf4
Browse module
Set bu breakpoint
(fffff801`49940bf4) nt!IopCancelIrpsInFileObjectList | (fffff801`49940e20) nt!IopCheckListForCancelableIrp
Exact matches:
nt!IopCancelIrpsInFileObjectList (<no parameter info>)
0: kd> .fnent nt!IopCancelIrpsInFileObjectList
Debugger function entry 000000c3`150c3008 for:
(fffff801`49940bf4) nt!IopCancelIrpsInFileObjectList | (fffff801`49940e20) nt!IopCheckListForCancelableIrp
Exact matches:
nt!IopCancelIrpsInFileObjectList (<no parameter info>)
BeginAddress = 00000000`000bbbf4
EndAddress = 00000000`000bbe1f
UnwindInfoAddress = 00000000`00258354
Unwind info at fffff801`49add354, 18 bytes
version 2, flags 0, prolog 1d, codes a
00: offs b, unwind op 6, op info 0 UWOP_EPILOG Length: b. Flags: 0
01: offs 7c, unwind op 6, op info 1 UWOP_EPILOG Offset from end: 17c (FFFFF80149940CA3)
02: offs 1d, unwind op 2, op info 9 UWOP_ALLOC_SMALL.
03: offs 19, unwind op 0, op info f UWOP_PUSH_NONVOL reg: r15.
04: offs 17, unwind op 0, op info e UWOP_PUSH_NONVOL reg: r14.
05: offs 15, unwind op 0, op info c UWOP_PUSH_NONVOL reg: r12.
06: offs 13, unwind op 0, op info 7 UWOP_PUSH_NONVOL reg: rdi.
07: offs 12, unwind op 0, op info 6 UWOP_PUSH_NONVOL reg: rsi.
08: offs 11, unwind op 0, op info 5 UWOP_PUSH_NONVOL reg: rbp.
09: offs 10, unwind op 0, op info 3 UWOP_PUSH_NONVOL reg: rbx.
0: kd> ln nt+00000000`000bbe1f
Browse module
Set bu breakpoint
(fffff801`49940bf4) nt!IopCancelIrpsInFileObjectList+0x22b | (fffff801`49940e20) nt!IopCheckListForCancelableIrp
0: kd> ln nt+fffff801`49a167e8
Browse module
Set bu breakpoint
0: kd> ln fffff801`49a167e8
Browse module
Set bu breakpoint
(fffff801`499e30d0) nt! ?? ::FNODOBFM::`string'+0x33718 | (fffff801`49a405d4) nt!DisplayFilter
0: kd> .frame /r 5
05 ffffd001`85f8d4a0 fffff801`49c1c302 nt!IopCleanupProcessResources+0x25
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=ffffe0002b050680
rip=fffff80149c72901 rsp=ffffd00185f8d4a0 rbp=ffffe0002b050680
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002a7783a0 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!IopCleanupProcessResources+0x25:
fffff801`49c72901 4885db test rbx,rbx
0: kd> .frame /r 4
04 ffffd001`85f8d410 fffff801`49c72901 nt! ?? ::FNODOBFM::`string'+0x33718
rax=0000000000000000 rbx=ffffe0002b0b8d68 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80149a167e8 rsp=ffffd00185f8d410 rbp=ffffe0002b050600
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002b0b8d70 r15=ffffe0002b0b8cb0
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt! ?? ::FNODOBFM::`string'+0x33718:
fffff801`49a167e8 8b942490000000 mov edx,dword ptr [rsp+90h] ss:ffffd001`85f8d4a0=00000080
0: kd> .frame /r 5
05 ffffd001`85f8d4a0 fffff801`49c1c302 nt!IopCleanupProcessResources+0x25
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=ffffe0002b050680
rip=fffff80149c72901 rsp=ffffd00185f8d4a0 rbp=ffffe0002b050680
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002a7783a0 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!IopCleanupProcessResources+0x25:
fffff801`49c72901 4885db test rbx,rbx
0: kd> .frame /r 4
04 ffffd001`85f8d410 fffff801`49c72901 nt! ?? ::FNODOBFM::`string'+0x33718
rax=0000000000000000 rbx=ffffe0002b0b8d68 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80149a167e8 rsp=ffffd00185f8d410 rbp=ffffe0002b050600
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002b0b8d70 r15=ffffe0002b0b8cb0
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt! ?? ::FNODOBFM::`string'+0x33718:
fffff801`49a167e8 8b942490000000 mov edx,dword ptr [rsp+90h] ss:ffffd001`85f8d4a0=00000080
0: kd> .frame /r 4
04 ffffd001`85f8d410 fffff801`49c72901 nt! ?? ::FNODOBFM::`string'+0x33718
rax=0000000000000000 rbx=ffffe0002b0b8d68 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80149a167e8 rsp=ffffd00185f8d410 rbp=ffffe0002b050600
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002b0b8d70 r15=ffffe0002b0b8cb0
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt! ?? ::FNODOBFM::`string'+0x33718:
fffff801`49a167e8 8b942490000000 mov edx,dword ptr [rsp+90h] ss:ffffd001`85f8d4a0=00000080
0: kd>
04 ffffd001`85f8d410 fffff801`49c72901 nt! ?? ::FNODOBFM::`string'+0x33718
rax=0000000000000000 rbx=ffffe0002b0b8d68 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80149a167e8 rsp=ffffd00185f8d410 rbp=ffffe0002b050600
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002b0b8d70 r15=ffffe0002b0b8cb0
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt! ?? ::FNODOBFM::`string'+0x33718:
fffff801`49a167e8 8b942490000000 mov edx,dword ptr [rsp+90h] ss:ffffd001`85f8d4a0=00000080
0: kd> .frame /r 5
05 ffffd001`85f8d4a0 fffff801`49c1c302 nt!IopCleanupProcessResources+0x25
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=ffffe0002b050680
rip=fffff80149c72901 rsp=ffffd00185f8d4a0 rbp=ffffe0002b050680
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002a7783a0 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!IopCleanupProcessResources+0x25:
fffff801`49c72901 4885db test rbx,rbx
0: kd> .frame /r 4
04 ffffd001`85f8d410 fffff801`49c72901 nt! ?? ::FNODOBFM::`string'+0x33718
rax=0000000000000000 rbx=ffffe0002b0b8d68 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80149a167e8 rsp=ffffd00185f8d410 rbp=ffffe0002b050600
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002b0b8d70 r15=ffffe0002b0b8cb0
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt! ?? ::FNODOBFM::`string'+0x33718:
fffff801`49a167e8 8b942490000000 mov edx,dword ptr [rsp+90h] ss:ffffd001`85f8d4a0=00000080
0: kd> .frame /r 5
05 ffffd001`85f8d4a0 fffff801`49c1c302 nt!IopCleanupProcessResources+0x25
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=ffffe0002b050680
rip=fffff80149c72901 rsp=ffffd00185f8d4a0 rbp=ffffe0002b050680
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002a7783a0 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!IopCleanupProcessResources+0x25:
fffff801`49c72901 4885db test rbx,rbx
0: kd> dt nt!_FILE_OBJECT ffffe000`2b0b8cb0
+0x000 Type : 0n5
+0x002 Size : 0n216
+0x008 DeviceObject : 0xffffe000`26ead060 _DEVICE_OBJECT
+0x010 Vpb : (null)
+0x018 FsContext : (null)
+0x020 FsContext2 : 0xffffe000`2b649950 Void
+0x028 SectionObjectPointer : (null)
+0x030 PrivateCacheMap : (null)
+0x038 FinalStatus : 0n0
+0x040 RelatedFileObject : (null)
+0x048 LockOperation : 0 ''
+0x049 DeletePending : 0 ''
+0x04a ReadAccess : 0 ''
+0x04b WriteAccess : 0 ''
+0x04c DeleteAccess : 0 ''
+0x04d SharedRead : 0 ''
+0x04e SharedWrite : 0 ''
+0x04f SharedDelete : 0 ''
+0x050 Flags : 0x40400
+0x058 FileName : _UNICODE_STRING "\{0eb287d4-6c04-4926-ae19-3c066a4c3f3a}"
+0x068 CurrentByteOffset : _LARGE_INTEGER 0x0
+0x070 Waiters : 0
+0x074 Busy : 0
+0x078 LastLock : (null)
+0x080 Lock : _KEVENT
+0x098 Event : _KEVENT
+0x0b0 CompletionContext : 0xffffe000`2b72b5a0 _IO_COMPLETION_CONTEXT
+0x0b8 IrpListLock : 0
+0x0c0 IrpList : _LIST_ENTRY [ 0xffffe000`28108d50 - 0xffffe000`28108d50 ]
+0x0d0 FileObjectExtension : (null)
0: kd> dx -id 0,0,ffffe00026d0c040 -r1 (*((ntkrnlmp!_KEVENT *)0xffffe0002b0b8d30))
(*((ntkrnlmp!_KEVENT *)0xffffe0002b0b8d30)) [Type: _KEVENT]
[+0x000] Header [Type: _DISPATCHER_HEADER]
0: kd> .frame /r 4
04 ffffd001`85f8d410 fffff801`49c72901 nt! ?? ::FNODOBFM::`string'+0x33718
rax=0000000000000000 rbx=ffffe0002b0b8d68 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80149a167e8 rsp=ffffd00185f8d410 rbp=ffffe0002b050600
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002b0b8d70 r15=ffffe0002b0b8cb0
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt! ?? ::FNODOBFM::`string'+0x33718:
fffff801`49a167e8 8b942490000000 mov edx,dword ptr [rsp+90h] ss:ffffd001`85f8d4a0=00000080
0: kd> .frame /r 3
03 ffffd001`85f8d370 fffff801`49a167e8 nt!KeDelayExecutionThread+0xe14
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=ffffe0002b8f9380
rip=fffff801498d6534 rsp=ffffd00185f8d370 rbp=0000000000000000
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=00000029bcd43434 r13=0000000000000002
r14=0000000000000000 r15=0000000000000002
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!KeDelayExecutionThread+0xe14:
fffff801`498d6534 3d00010000 cmp eax,100h
0: kd> .frame /r 4
04 ffffd001`85f8d410 fffff801`49c72901 nt! ?? ::FNODOBFM::`string'+0x33718
rax=0000000000000000 rbx=ffffe0002b0b8d68 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80149a167e8 rsp=ffffd00185f8d410 rbp=ffffe0002b050600
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002b0b8d70 r15=ffffe0002b0b8cb0
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt! ?? ::FNODOBFM::`string'+0x33718:
fffff801`49a167e8 8b942490000000 mov edx,dword ptr [rsp+90h] ss:ffffd001`85f8d4a0=00000080
0: kd> dp 0xffffd00185f8d410+0x90
ffffd001`85f8d4a0 ffffe000`00000080 ffffe000`2b050680
ffffd001`85f8d4b0 00000000`00000000 00000000`00000000
ffffd001`85f8d4c0 ffffc001`62022301 00000000`00000001
ffffd001`85f8d4d0 ffffe000`2b0b8cb0 fffff801`49c1c302
ffffd001`85f8d4e0 ffffe000`276c07f0 00000000`00000000
ffffd001`85f8d4f0 00000000`00000000 ffffe000`2b0b8cb0
ffffd001`85f8d500 ffffe000`2b0b8e30 fffff801`49c3c313
ffffd001`85f8d510 00000000`00000000 ffffe000`2b0b8dc0
0: kd> .frame /r 5
05 ffffd001`85f8d4a0 fffff801`49c1c302 nt!IopCleanupProcessResources+0x25
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=ffffe0002b050680
rip=fffff80149c72901 rsp=ffffd00185f8d4a0 rbp=ffffe0002b050680
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002a7783a0 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!IopCleanupProcessResources+0x25:
fffff801`49c72901 4885db test rbx,rbx
0: kd> .frame /r 5
05 ffffd001`85f8d4a0 fffff801`49c1c302 nt!IopCleanupProcessResources+0x25
rax=0000000000000000 rbx=0000000000000000 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=ffffe0002b050680
rip=fffff80149c72901 rsp=ffffd00185f8d4a0 rbp=ffffe0002b050680
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002a7783a0 r15=0000000000000000
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt!IopCleanupProcessResources+0x25:
fffff801`49c72901 4885db test rbx,rbx
0: kd> .frame /r 4
04 ffffd001`85f8d410 fffff801`49c72901 nt! ?? ::FNODOBFM::`string'+0x33718
rax=0000000000000000 rbx=ffffe0002b0b8d68 rcx=0000000000000000
rdx=0000000000000000 rsi=0000000000000000 rdi=0000000000000000
rip=fffff80149a167e8 rsp=ffffd00185f8d410 rbp=ffffe0002b050600
r8=0000000000000000 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=0000000000000000 r13=0000000000000001
r14=ffffe0002b0b8d70 r15=ffffe0002b0b8cb0
iopl=0 nv up di pl nz na pe nc
cs=0000 ss=0000 ds=0000 es=0000 fs=0000 gs=0000 efl=00000000
nt! ?? ::FNODOBFM::`string'+0x33718:
fffff801`49a167e8 8b942490000000 mov edx,dword ptr [rsp+90h] ss:ffffd001`85f8d4a0=00000080
0: kd> dp 0xffffd00185f8d410+0x40
ffffd001`85f8d450 ffffffff`ffec7800 fffff801`49faa87c
ffffd001`85f8d460 00000000`00000000 ffffe000`2a7783a0
ffffd001`85f8d470 00000000`00000000 ffffe000`2b050680
ffffd001`85f8d480 00000000`00000000 ffffe000`2b050680
ffffd001`85f8d490 00000000`00000000 fffff801`49c72901
ffffd001`85f8d4a0 ffffe000`00000080 ffffe000`2b050680
ffffd001`85f8d4b0 00000000`00000000 00000000`00000000
ffffd001`85f8d4c0 ffffc001`62022301 00000000`00000001
0: kd> dp ffffe0002b0b8d70
ffffe000`2b0b8d70 ffffe000`28108d50 ffffe000`28108d50
ffffe000`2b0b8d80 00000000`00000000 00000000`000047c0
ffffe000`2b0b8d90 61546552`02040015 f6710989`e85f7949
ffffe000`2b0b8da0 00000000`00000000 00000000`00000003
ffffe000`2b0b8db0 00000000`00000000 00000000`00000000
ffffe000`2b0b8dc0 00000000`00000000 00000000`00000000
ffffe000`2b0b8dd0 6e657645`02080004 f6710989`e85f7909
ffffe000`2b0b8de0 00000070`00000000 ffffe000`00000000
0: kd> dt nt!_FILE_OBJECT ffffe000`2b0b8cb0
+0x000 Type : 0n5
+0x002 Size : 0n216
+0x008 DeviceObject : 0xffffe000`26ead060 _DEVICE_OBJECT
+0x010 Vpb : (null)
+0x018 FsContext : (null)
+0x020 FsContext2 : 0xffffe000`2b649950 Void
+0x028 SectionObjectPointer : (null)
+0x030 PrivateCacheMap : (null)
+0x038 FinalStatus : 0n0
+0x040 RelatedFileObject : (null)
+0x048 LockOperation : 0 ''
+0x049 DeletePending : 0 ''
+0x04a ReadAccess : 0 ''
+0x04b WriteAccess : 0 ''
+0x04c DeleteAccess : 0 ''
+0x04d SharedRead : 0 ''
+0x04e SharedWrite : 0 ''
+0x04f SharedDelete : 0 ''
+0x050 Flags : 0x40400
+0x058 FileName : _UNICODE_STRING "\{0eb287d4-6c04-4926-ae19-3c066a4c3f3a}"
+0x068 CurrentByteOffset : _LARGE_INTEGER 0x0
+0x070 Waiters : 0
+0x074 Busy : 0
+0x078 LastLock : (null)
+0x080 Lock : _KEVENT
+0x098 Event : _KEVENT
+0x0b0 CompletionContext : 0xffffe000`2b72b5a0 _IO_COMPLETION_CONTEXT
+0x0b8 IrpListLock : 0
+0x0c0 IrpList : _LIST_ENTRY [ 0xffffe000`28108d50 - 0xffffe000`28108d50 ]
+0x0d0 FileObjectExtension : (null)
0: kd> dx -id 0,0,ffffe00026d0c040 -r1 (*((ntkrnlmp!_LIST_ENTRY *)0xffffe0002b0b8d70))
(*((ntkrnlmp!_LIST_ENTRY *)0xffffe0002b0b8d70)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0xffffe00028108d50 [Type: _LIST_ENTRY *]
[+0x008] Blink : 0xffffe00028108d50 [Type: _LIST_ENTRY *]
0: kd> dx -r1 ((ntkrnlmp!_LIST_ENTRY *)0xffffe00028108d50)
((ntkrnlmp!_LIST_ENTRY *)0xffffe00028108d50) : 0xffffe00028108d50 [Type: _LIST_ENTRY *]
[+0x000] Flink : 0xffffe0002b0b8d70 [Type: _LIST_ENTRY *]
[+0x008] Blink : 0xffffe0002b0b8d70 [Type: _LIST_ENTRY *]
0: kd> dx -r1 ((ntkrnlmp!_LIST_ENTRY *)0xffffe0002b0b8d70)
((ntkrnlmp!_LIST_ENTRY *)0xffffe0002b0b8d70) : 0xffffe0002b0b8d70 [Type: _LIST_ENTRY *]
[+0x000] Flink : 0xffffe00028108d50 [Type: _LIST_ENTRY *]
[+0x008] Blink : 0xffffe00028108d50 [Type: _LIST_ENTRY *]
0: kd> dx -r1 ((ntkrnlmp!_LIST_ENTRY *)0xffffe00028108d50)
((ntkrnlmp!_LIST_ENTRY *)0xffffe00028108d50) : 0xffffe00028108d50 [Type: _LIST_ENTRY *]
[+0x000] Flink : 0xffffe0002b0b8d70 [Type: _LIST_ENTRY *]
[+0x008] Blink : 0xffffe0002b0b8d70 [Type: _LIST_ENTRY *]
0: kd> dx -r1 ((ntkrnlmp!_LIST_ENTRY *)0xffffe0002b0b8d70)
((ntkrnlmp!_LIST_ENTRY *)0xffffe0002b0b8d70) : 0xffffe0002b0b8d70 [Type: _LIST_ENTRY *]
[+0x000] Flink : 0xffffe00028108d50 [Type: _LIST_ENTRY *]
[+0x008] Blink : 0xffffe00028108d50 [Type: _LIST_ENTRY *]
0: kd> dt nt!_IRP
+0x000 Type : Int2B
+0x002 Size : Uint2B
+0x004 AllocationProcessorNumber : Uint2B
+0x006 Reserved : Uint2B
+0x008 MdlAddress : Ptr64 _MDL
+0x010 Flags : Uint4B
+0x018 AssociatedIrp : <unnamed-tag>
+0x020 ThreadListEntry : _LIST_ENTRY
+0x030 IoStatus : _IO_STATUS_BLOCK
+0x040 RequestorMode : Char
+0x041 PendingReturned : UChar
+0x042 StackCount : Char
+0x043 CurrentLocation : Char
+0x044 Cancel : UChar
+0x045 CancelIrql : UChar
+0x046 ApcEnvironment : Char
+0x047 AllocationFlags : UChar
+0x048 UserIosb : Ptr64 _IO_STATUS_BLOCK
+0x050 UserEvent : Ptr64 _KEVENT
+0x058 Overlay : <unnamed-tag>
+0x068 CancelRoutine : Ptr64 void
+0x070 UserBuffer : Ptr64 Void
+0x078 Tail : <unnamed-tag>
0: kd> dt nt!_IRP Overlay.
+0x058 Overlay :
+0x000 AsynchronousParameters : <unnamed-tag>
+0x000 AllocationSize : _LARGE_INTEGER
0: kd> dt nt!_IRP Overlay.AsynchronousParameters.
+0x058 Overlay :
+0x000 AsynchronousParameters :
+0x000 UserApcRoutine : Ptr64 void
+0x000 IssuingProcess : Ptr64 Void
+0x008 UserApcContext : Ptr64 Void
0: kd> dt nt!_IRP Tail.
+0x078 Tail :
+0x000 Overlay : <unnamed-tag>
+0x000 Apc : _KAPC
+0x000 CompletionKey : Ptr64 Void
0: kd> dt nt!_IRP Tail.Overlay.
+0x078 Tail :
+0x000 Overlay :
+0x000 DeviceQueueEntry : _KDEVICE_QUEUE_ENTRY
+0x000 DriverContext : [4] Ptr64 Void
+0x020 Thread : Ptr64 _ETHREAD
+0x028 AuxiliaryBuffer : Ptr64 Char
+0x030 ListEntry : _LIST_ENTRY
+0x040 CurrentStackLocation : Ptr64 _IO_STACK_LOCATION
+0x040 PacketType : Uint4B
+0x048 OriginalFileObject : Ptr64 _FILE_OBJECT
+0x050 IrpExtension : Ptr64 Void
0: kd> dt nt!_IRP Tail.Overlay.ListEntry
+0x078 Tail :
+0x000 Overlay :
+0x030 ListEntry : _LIST_ENTRY
0: kd> dt nt!_IRP Tail.Overlay.ListEntry
+0x078 Tail :
+0x000 Overlay :
+0x030 ListEntry : _LIST_ENTRY
0: kd> dt nt!_IRP 0xFFFFE00028108CA8
+0x000 Type : 0n0
+0x002 Size : 0
+0x004 AllocationProcessorNumber : 0
+0x006 Reserved : 0
+0x008 MdlAddress : (null)
+0x010 Flags : 0
+0x018 AssociatedIrp : <unnamed-tag>
+0x020 ThreadListEntry : _LIST_ENTRY [ 0x00000000`00000000 - 0x00000000`00000000 ]
+0x030 IoStatus : _IO_STATUS_BLOCK
+0x040 RequestorMode : 0 ''
+0x041 PendingReturned : 0 ''
+0x042 StackCount : 0 ''
+0x043 CurrentLocation : 0 ''
+0x044 Cancel : 0 ''
+0x045 CancelIrql : 0 ''
+0x046 ApcEnvironment : 0 ''
+0x047 AllocationFlags : 0 ''
+0x048 UserIosb : (null)
+0x050 UserEvent : 0x00000000`00000001 _KEVENT
+0x058 Overlay : <unnamed-tag>
+0x068 CancelRoutine : 0xffffe000`28108d08 void +ffffe00028108d08
+0x070 UserBuffer : 0x00000000`01800010 Void
+0x078 Tail : <unnamed-tag>
0: kd> dt nt!_IRP 0xFFFFE00028108CA8 Tail.Overlay.ListEntry
+0x078 Tail :
+0x000 Overlay :
+0x030 ListEntry : _LIST_ENTRY [ 0xffffe000`2b0b8d70 - 0xffffe000`2b0b8d70 ]
0: kd> dt nt!_IRP 0xFFFFE00028108CA8 Tail.Overlay.ListEntry.
+0x078 Tail :
+0x000 Overlay :
+0x030 ListEntry : [ 0xffffe000`2b0b8d70 - 0xffffe000`2b0b8d70 ]
+0x000 Flink : 0xffffe000`2b0b8d70 _LIST_ENTRY [ 0xffffe000`28108d50 - 0xffffe000`28108d50 ]
+0x008 Blink : 0xffffe000`2b0b8d70 _LIST_ENTRY [ 0xffffe000`28108d50 - 0xffffe000`28108d50 ]
0: kd> dx -id 0,0,ffffe00026d0c040 -r1 (*((ntkrnlmp!_IO_STATUS_BLOCK *)0xffffe00028108cd8))
(*((ntkrnlmp!_IO_STATUS_BLOCK *)0xffffe00028108cd8)) [Type: _IO_STATUS_BLOCK]
[+0x000] Status : 0 [Type: long]
[+0x000] Pointer : 0x0 [Type: void *]
[+0x008] Information : 0x0 [Type: unsigned __int64]
0: kd> u ffffe00028108d08
ffffe000`28108d08 088d102800e0 or byte ptr [rbp-1FFFD7F0h],cl
ffffe000`28108d0e ff ???
ffffe000`28108d0f ff08 dec dword ptr [rax]
ffffe000`28108d11 8d10 lea edx,[rax]
ffffe000`28108d13 2800 sub byte ptr [rax],al
ffffe000`28108d15 e0ff loopne ffffe000`28108d16
ffffe000`28108d17 ff10 call qword ptr [rax]
ffffe000`28108d19 008001000000 add byte ptr [rax+1],al
0: kd> dx -id 0,0,ffffe00026d0c040 -r1 (*((ntkrnlmp!_IRP *)0xffffe00028108ca8)).AssociatedIrp
(*((ntkrnlmp!_IRP *)0xffffe00028108ca8)).AssociatedIrp [Type: <unnamed-tag>]
[+0x000] MasterIrp : 0x0 [Type: _IRP *]
[+0x000] IrpCount : 0 [Type: long]
[+0x000] SystemBuffer : 0x0 [Type: void *]
0: kd> dx -id 0,0,ffffe00026d0c040 -r1 (*((ntkrnlmp!_IRP *)0xffffe00028108ca8)).Tail
(*((ntkrnlmp!_IRP *)0xffffe00028108ca8)).Tail [Type: <unnamed-tag>]
[+0x000] Overlay [Type: <unnamed-tag>]
[+0x000] Apc [Type: _KAPC]
[+0x000] CompletionKey : 0x20707249022e0051 [Type: void *]
0: kd> lm 0xffffe000`28108d08
Unknown option '0'
Unknown option 'x'
Unknown option '0'
Unknown option '0'
Unknown option '0'
Unknown option '`'
Unknown option '2'
Unknown option '8'
^ Syntax error in 'lm 0xffffe000`28108d08'
0: kd> lm 0xffffe00028108d08
Unknown option '0'
Unknown option 'x'
Unknown option '0'
Unknown option '0'
Unknown option '0'
Unknown option '2'
Unknown option '8'
^ Syntax error in 'lm 0xffffe00028108d08'
0: kd> lm ffffe00028108d08
Unknown option '0'
Unknown option '0'
Unknown option '0'
Unknown option '2'
Unknown option '8'
^ Syntax error in 'lm ffffe00028108d08'
0: kd> ln ffffe00028108d08
Browse module
Set bu breakpoint
0: kd> !irp 0xFFFFE00028108CA8
IRP signature does not match, probably not an IRP. Use any flag to force.
0: kd> dt nt!_FILE_OBJECT ffffe000`2b0b8cb0
+0x000 Type : 0n5
+0x002 Size : 0n216
+0x008 DeviceObject : 0xffffe000`26ead060 _DEVICE_OBJECT
+0x010 Vpb : (null)
+0x018 FsContext : (null)
+0x020 FsContext2 : 0xffffe000`2b649950 Void
+0x028 SectionObjectPointer : (null)
+0x030 PrivateCacheMap : (null)
+0x038 FinalStatus : 0n0
+0x040 RelatedFileObject : (null)
+0x048 LockOperation : 0 ''
+0x049 DeletePending : 0 ''
+0x04a ReadAccess : 0 ''
+0x04b WriteAccess : 0 ''
+0x04c DeleteAccess : 0 ''
+0x04d SharedRead : 0 ''
+0x04e SharedWrite : 0 ''
+0x04f SharedDelete : 0 ''
+0x050 Flags : 0x40400
+0x058 FileName : _UNICODE_STRING "\{0eb287d4-6c04-4926-ae19-3c066a4c3f3a}"
+0x068 CurrentByteOffset : _LARGE_INTEGER 0x0
+0x070 Waiters : 0
+0x074 Busy : 0
+0x078 LastLock : (null)
+0x080 Lock : _KEVENT
+0x098 Event : _KEVENT
+0x0b0 CompletionContext : 0xffffe000`2b72b5a0 _IO_COMPLETION_CONTEXT
+0x0b8 IrpListLock : 0
+0x0c0 IrpList : _LIST_ENTRY [ 0xffffe000`28108d50 - 0xffffe000`28108d50 ]
+0x0d0 FileObjectExtension : (null)
0: kd> !irp 0xffffe000`28108d30
Irp is active with 7 stacks 6 is current (= 0xffffe00028108f68)
No Mdl: System buffer=ffffe000270f3040: Thread ffffe0002b976480: Irp stack trace.
cmd flg cl Device File Completion-Context
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
>[IRP_MJ_DEVICE_CONTROL(e), N/A(0)]
5 1 ffffe0002a778040 ffffe0002b0b8cb0 00000000-00000000 pending
\Driver\SynchronousAudioRouter
Args: 00000200 00000000 0x22c00c 00000000
[IRP_MJ_DEVICE_CONTROL(e), N/A(0)]
5 0 ffffe0002a7783a0 ffffe0002b0b8cb0 00000000-00000000
\Driver\ksthunk
Args: 00000200 00000000 0x22c00c 00000000
0: kd> dt nt!_IRP 0xffffe000`28108d30
+0x000 Type : 0n6
+0x002 Size : 0x2c8
+0x004 AllocationProcessorNumber : 2
+0x006 Reserved : 0
+0x008 MdlAddress : (null)
+0x010 Flags : 0x62070
+0x018 AssociatedIrp : <unnamed-tag>
+0x020 ThreadListEntry : _LIST_ENTRY [ 0xffffe000`2b0b8d70 - 0xffffe000`2b0b8d70 ]
+0x030 IoStatus : _IO_STATUS_BLOCK
+0x040 RequestorMode : 1 ''
+0x041 PendingReturned : 0 ''
+0x042 StackCount : 7 ''
+0x043 CurrentLocation : 6 ''
+0x044 Cancel : 0x1 ''
+0x045 CancelIrql : 0 ''
+0x046 ApcEnvironment : 0 ''
+0x047 AllocationFlags : 0x4 ''
+0x048 UserIosb : 0x00000000`00ae6150 _IO_STATUS_BLOCK
+0x050 UserEvent : (null)
+0x058 Overlay : <unnamed-tag>
+0x068 CancelRoutine : (null)
+0x070 UserBuffer : 0x00000000`00ae6170 Void
+0x078 Tail : <unnamed-tag>
0: kd> dx -id 0,0,ffffe00026d0c040 -r1 (*((ntkrnlmp!_IO_STATUS_BLOCK *)0xffffe00028108d60))
(*((ntkrnlmp!_IO_STATUS_BLOCK *)0xffffe00028108d60)) [Type: _IO_STATUS_BLOCK]
[+0x000] Status : 0 [Type: long]
[+0x000] Pointer : 0x0 [Type: void *]
[+0x008] Information : 0x0 [Type: unsigned __int64]
0: kd> !irp 0xffffe000`28108d30 1
Irp is active with 7 stacks 6 is current (= 0xffffe00028108f68)
No Mdl: System buffer=ffffe000270f3040: Thread ffffe0002b976480: Irp stack trace.
Flags = 00062070
ThreadListEntry.Flink = ffffe0002b0b8d70
ThreadListEntry.Blink = ffffe0002b0b8d70
IoStatus.Status = 00000000
IoStatus.Information = 00000000
RequestorMode = 00000001
Cancel = 01
CancelIrql = 0
ApcEnvironment = 00
UserIosb = 00ae6150
UserEvent = 00000000
Overlay.AsynchronousParameters.UserApcRoutine = ffffe0002b050682
Overlay.AsynchronousParameters.UserApcContext = 00ae6150
Overlay.AllocationSize = 00000000 - 00000000
CancelRoutine = 00000000
UserBuffer = 00ae6170
&Tail.Overlay.DeviceQueueEntry = ffffe00028108da8
Tail.Overlay.Thread = ffffe0002b976480
Tail.Overlay.AuxiliaryBuffer = 00000000
Tail.Overlay.ListEntry.Flink = 00000000
Tail.Overlay.ListEntry.Blink = 00000000
Tail.Overlay.CurrentStackLocation = ffffe00028108f68
Tail.Overlay.OriginalFileObject = ffffe0002b0b8cb0
Tail.Apc = 00000000
Tail.CompletionKey = 00000000
cmd flg cl Device File Completion-Context
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
[N/A(0), N/A(0)]
0 0 00000000 00000000 00000000-00000000
Args: 00000000 00000000 00000000 00000000
>[IRP_MJ_DEVICE_CONTROL(e), N/A(0)]
5 1 ffffe0002a778040 ffffe0002b0b8cb0 00000000-00000000 pending
\Driver\SynchronousAudioRouter
Args: 00000200 00000000 0x22c00c 00000000
[IRP_MJ_DEVICE_CONTROL(e), N/A(0)]
5 0 ffffe0002a7783a0 ffffe0002b0b8cb0 00000000-00000000
\Driver\ksthunk
Args: 00000200 00000000 0x22c00c 00000000
0: kd> !drvobj \Driver\SynchronousAudioRouter
Driver object (ffffe0002a7796f0) is for:
\Driver\SynchronousAudioRouter
Driver Extension List: (id , addr)
(fffff8001f22c518 ffffe0002a67e700) (fffff8001f3e4e7c ffffe0002a7794f0)
Device Object list:
ffffe0002a778040
0: kd> !ioctldecode 0x22c00c
Unknown IOCTL : 0x22c00c
Device Type : 0x22 (FILE_DEVICE_WINLOAD) (FILE_DEVICE_USER_MODE_BUS) (FILE_DEVICE_USB) (FILE_DEVICE_UNKNOWN)
Method : 0x0 METHOD_BUFFERED
Access : FILE_READ_ACCESS FILE_WRITE_ACCESS
Function : 0x3
0: kd> !irp ffffe0002a778040
IRP signature does not match, probably not an IRP. Use any flag to force.
0: kd> dt nt!_IO_STACK_LOCATION ffffe0002a778040
+0x000 MajorFunction : 0x3 ''
+0x001 MinorFunction : 0 ''
+0x002 Flags : 0x78 'x'
+0x003 Control : 0x1 ''
+0x008 Parameters : <unnamed-tag>
+0x028 DeviceObject : (null)
+0x030 FileObject : 0x00000100`00002000 _FILE_OBJECT
+0x038 CompletionRoutine : (null)
+0x040 Context : 0xffffe000`2a7781b0 Void
0: kd> dt nt!_IO_STACK_LOCATION ffffe0002b0b8cb0
+0x000 MajorFunction : 0x5 ''
+0x001 MinorFunction : 0 ''
+0x002 Flags : 0xd8 ''
+0x003 Control : 0 ''
+0x008 Parameters : <unnamed-tag>
+0x028 DeviceObject : (null)
+0x030 FileObject : (null)
+0x038 CompletionRoutine : (null)
+0x040 Context : (null)
0: kd> dt nt!_IO_STACK_LOCATION ffffe000`28108f58
+0x000 MajorFunction : 0 ''
+0x001 MinorFunction : 0 ''
+0x002 Flags : 0 ''
+0x003 Control : 0 ''
+0x008 Parameters : <unnamed-tag>
+0x028 DeviceObject : 0x00000000`0022c00c _DEVICE_OBJECT
+0x030 FileObject : (null)
+0x038 CompletionRoutine : 0xffffe000`2a778040 long +ffffe0002a778040
+0x040 Context : 0xffffe000`2b0b8cb0 Void
0: kd> dt nt!_IO_STACK_LOCATION ffffe000`28108f68
+0x000 MajorFunction : 0xe ''
+0x001 MinorFunction : 0 ''
+0x002 Flags : 0x5 ''
+0x003 Control : 0x1 ''
+0x008 Parameters : <unnamed-tag>
+0x028 DeviceObject : 0xffffe000`2a778040 _DEVICE_OBJECT
+0x030 FileObject : 0xffffe000`2b0b8cb0 _FILE_OBJECT
+0x038 CompletionRoutine : (null)
+0x040 Context : (null)
0: kd> dx -id 0,0,ffffe00026d0c040 -r1 ((ntkrnlmp!_DEVICE_OBJECT *)0xffffe0002a778040)
((ntkrnlmp!_DEVICE_OBJECT *)0xffffe0002a778040) : 0xffffe0002a778040 : Device for "\Driver\SynchronousAudioRouter" [Type: _DEVICE_OBJECT *]
[<Raw View>] [Type: _DEVICE_OBJECT]
Flags : 0x2000
UpperDevices : Immediately above is Device for "\Driver\ksthunk" [at 0xffffe0002a7783a0]
LowerDevices : Immediately below is Device for "\Driver\PnpManager" [at 0xffffe00026ead060]
Driver : 0xffffe0002a7796f0 : Driver "\Driver\SynchronousAudioRouter" [Type: _DRIVER_OBJECT *]
0: kd> dx -id 0,0,ffffe00026d0c040 -r1 (*((ntkrnlmp!_IO_STACK_LOCATION *)0xffffe00028108f68)).Parameters
(*((ntkrnlmp!_IO_STACK_LOCATION *)0xffffe00028108f68)).Parameters [Type: <unnamed-tag>]
[+0x000] Create [Type: <unnamed-tag>]
[+0x000] CreatePipe [Type: <unnamed-tag>]
[+0x000] CreateMailslot [Type: <unnamed-tag>]
[+0x000] Read [Type: <unnamed-tag>]
[+0x000] Write [Type: <unnamed-tag>]
[+0x000] QueryDirectory [Type: <unnamed-tag>]
[+0x000] NotifyDirectory [Type: <unnamed-tag>]
[+0x000] QueryFile [Type: <unnamed-tag>]
[+0x000] SetFile [Type: <unnamed-tag>]
[+0x000] QueryEa [Type: <unnamed-tag>]
[+0x000] SetEa [Type: <unnamed-tag>]
[+0x000] QueryVolume [Type: <unnamed-tag>]
[+0x000] SetVolume [Type: <unnamed-tag>]
[+0x000] FileSystemControl [Type: <unnamed-tag>]
[+0x000] LockControl [Type: <unnamed-tag>]
[+0x000] DeviceIoControl [Type: <unnamed-tag>]
[+0x000] QuerySecurity [Type: <unnamed-tag>]
[+0x000] SetSecurity [Type: <unnamed-tag>]
[+0x000] MountVolume [Type: <unnamed-tag>]
[+0x000] VerifyVolume [Type: <unnamed-tag>]
[+0x000] Scsi [Type: <unnamed-tag>]
[+0x000] QueryQuota [Type: <unnamed-tag>]
[+0x000] SetQuota [Type: <unnamed-tag>]
[+0x000] QueryDeviceRelations [Type: <unnamed-tag>]
[+0x000] QueryInterface [Type: <unnamed-tag>]
[+0x000] DeviceCapabilities [Type: <unnamed-tag>]
[+0x000] FilterResourceRequirements [Type: <unnamed-tag>]
[+0x000] ReadWriteConfig [Type: <unnamed-tag>]
[+0x000] SetLock [Type: <unnamed-tag>]
[+0x000] QueryId [Type: <unnamed-tag>]
[+0x000] QueryDeviceText [Type: <unnamed-tag>]
[+0x000] UsageNotification [Type: <unnamed-tag>]
[+0x000] WaitWake [Type: <unnamed-tag>]
[+0x000] PowerSequence [Type: <unnamed-tag>]
[+0x000] Power [Type: <unnamed-tag>]
[+0x000] StartDevice [Type: <unnamed-tag>]
[+0x000] WMI [Type: <unnamed-tag>]
[+0x000] Others [Type: <unnamed-tag>]
0: kd> dx -id 0,0,ffffe00026d0c040 -r1 (*((ntkrnlmp!_IO_STACK_LOCATION *)0xffffe00028108f68)).Parameters.DeviceIoControl
(*((ntkrnlmp!_IO_STACK_LOCATION *)0xffffe00028108f68)).Parameters.DeviceIoControl [Type: <unnamed-tag>]
[+0x000] OutputBufferLength : 0x200 [Type: unsigned long]
[+0x008] InputBufferLength : 0x0 [Type: unsigned long]
[+0x010] IoControlCode : 0x22c00c [Type: unsigned long]
[+0x018] Type3InputBuffer : 0x0 [Type: void *]
0: kd> dx -id 0,0,ffffe00026d0c040 -r1 ((ntkrnlmp!_FILE_OBJECT *)0xffffe0002b0b8cb0)
((ntkrnlmp!_FILE_OBJECT *)0xffffe0002b0b8cb0) : 0xffffe0002b0b8cb0 [Type: _FILE_OBJECT *]
[+0x000] Type : 5 [Type: short]
[+0x002] Size : 216 [Type: short]
[+0x008] DeviceObject : 0xffffe00026ead060 : Device for "\Driver\PnpManager" [Type: _DEVICE_OBJECT *]
[+0x010] Vpb : 0x0 [Type: _VPB *]
[+0x018] FsContext : 0x0 [Type: void *]
[+0x020] FsContext2 : 0xffffe0002b649950 [Type: void *]
[+0x028] SectionObjectPointer : 0x0 [Type: _SECTION_OBJECT_POINTERS *]
[+0x030] PrivateCacheMap : 0x0 [Type: void *]
[+0x038] FinalStatus : 0 [Type: long]
[+0x040] RelatedFileObject : 0x0 [Type: _FILE_OBJECT *]
[+0x048] LockOperation : 0x0 [Type: unsigned char]
[+0x049] DeletePending : 0x0 [Type: unsigned char]
[+0x04a] ReadAccess : 0x0 [Type: unsigned char]
[+0x04b] WriteAccess : 0x0 [Type: unsigned char]
[+0x04c] DeleteAccess : 0x0 [Type: unsigned char]
[+0x04d] SharedRead : 0x0 [Type: unsigned char]
[+0x04e] SharedWrite : 0x0 [Type: unsigned char]
[+0x04f] SharedDelete : 0x0 [Type: unsigned char]
[+0x050] Flags : 0x40400 [Type: unsigned long]
[+0x058] FileName : "\{0eb287d4-6c04-4926-ae19-3c066a4c3f3a}" [Type: _UNICODE_STRING]
[+0x068] CurrentByteOffset : {0} [Type: _LARGE_INTEGER]
[+0x070] Waiters : 0x0 [Type: unsigned long]
[+0x074] Busy : 0x0 [Type: unsigned long]
[+0x078] LastLock : 0x0 [Type: void *]
[+0x080] Lock [Type: _KEVENT]
[+0x098] Event [Type: _KEVENT]
[+0x0b0] CompletionContext : 0xffffe0002b72b5a0 [Type: _IO_COMPLETION_CONTEXT *]
[+0x0b8] IrpListLock : 0x0 [Type: unsigned __int64]
[+0x0c0] IrpList [Type: _LIST_ENTRY]
[+0x0d0] FileObjectExtension : 0x0 [Type: void *]
0: kd> u ffffe0002a778040
ffffe000`2a778040 0300 add eax,dword ptr [rax]
ffffe000`2a778042 7801 js ffffe000`2a778045
ffffe000`2a778044 0000 add byte ptr [rax],al
ffffe000`2a778046 0000 add byte ptr [rax],al
ffffe000`2a778048 f096 lock xchg eax,esi
ffffe000`2a77804a 772a ja ffffe000`2a778076
ffffe000`2a77804c 00e0 add al,ah
ffffe000`2a77804e ff ???
IRP = FILE_OBJECT.IrpList - 0x20
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment