windows - How can I work out what events are being waited for with WinDBG in a kernel debug session -

-

I am a full WinDbg novice and I have a Windows XP problem trying to debug that a customer has me Where our software and certain third party software logging stop windows from being closed. I have reproduced this problem and have verified that when both of our software and client software are installed (although not required to log on to the logoff), logoff problem occurs. I have seen that WM_ENDSESSION messages are not reaching windows When the user tries to log off and I know that third party software uses a kernel driver.

I have been looking at the processes in WinDbg and I'll send you that csrss.exe usually a WM_ENDSESSION message to all windows when I ran:

The process 82356020 6

I can look at the piles of csrss.exe to see: 

  WARNING: The following frames may be incorrect in any known module in the frame not IP. 00000000 00000000 00000000 00000000 00000000 0x7c90e514 THREAD 8246d 998 Cid 0248.02a0 Teb: 7ffd7000 Win32Thread: e1627008 Wait: (WrUserRequest) UserMode Non-Alert 8243d9f0 Synchronization Event 81fe0390 Synchronization Event No Impersonation DeviceMap e1004450 Owner Process 82356020 Image: csrss.exe Attached Process N / A Image: N / A forward start TickCount 1813 Ticks: 20748 (0: 00: 05: 24.187) context switches Count 3 LargeStack UserTime 00: 00: 00.000 KernelTime 00: 00: 00.000 start address stack Init 0x75b67cdf to f80bd000 current limiting f80bc9c8 base f80bd000 f80ba000 Call 0 priority 14 base primary Received 13 priority subtraction 0 component numbers 0 kernel stack is not resident child EBP Retadar Aarjes to Child F 80 BC 9 80 80 CCE 00000000 8246 D 998 804 F 9 AF 2 NT! Kespepantenkt + 0 x 2 A (FPO: [uses EBP] [0, 0, 4]) F 80 Bisielisi 804 F 9 AF 2 804 F 9 86 A E 6262008 00000000 NT! Keshopatred + 0x46 (FPO: [0,0,0]) f80bca24 bf80a4a3 00000002 82,475,218 00000001 NT KeWaitForMultipleObjects + 0x284 (FPO: [non-FPO]) f80bca5c bf88c0a6 00000001 82,475,218 00000000 win32k xxxMsgWaitForMultipleObjects + 0xb0 (FPO: [non-FPO]) f80bcd30 bf87507d bf9ac0a0 00000001 f80bcd54 win32k xxxDesktopThread + 0x339 (! FPO: [non-FPO]) f80bcd40 bf8010fd bf9ac0a0 f80bcd64 00bcfff4 win32k xxxCreateSystemThreads + 0x6a (FPO: [non-FPO]) f80bcd54 8053d648 00000000 00,000,022 00000000 win32k NtUserCallOneParam + 0x23 (FPO: [ Non-FPO]) f80bcd54 7c90e514 00000000 00,000,022 00000000 NT KiFastCallEntry + 0xf8! (FPO: [0,0] TrapFrame @ f80bcd64)

I'm thinking I've been waiting on that if csrss.exe is a phenomenon because it looks interesting waitForMultipleObjects allow logoff Can not someone tell me how can I know how it is waiting for something else and what can I do to check the problem?

Objects are right in production, waiting to be done:

< Pre> thread 8246d998 Cid 0248.02a0 Teb: 7ffd7000 Win32Thread: e1627008 Wait: (WrUserRequest) usermode Non Alertable 8243d9f0 SynchronizationEvent 81fe0390 SynchronizationEvent

I think the thread you are looking at It is a common thread, just about every system you see (it will not be sure what thread is actually, but I recognize the stack ... Mr. but I think I've been doing this too long!).

I will also note that you can not trust the parameters on the heap of all time. See some details here:

- Scott


Comments

Post a Comment

Popular posts from this blog

windows - Heroku throws SQLITE3 Read only exception -

-
After I deploy the app to Heroku, I have to run migration scripts and get this error message ... ITES \ padrino \ prophetmargin & gt; Heroku Rack AR: Rack mutated! SQLite3 :: ReadOnlyException: only one try to write database to read: CREATE TABLE "schema_migrations" ( "version" varchar (255) NOT NULL) /disk1/home/slugs/215264_925fd2c_65a3/mnt/.bundle/gems/gems/ padrino-core- is 0.9.11 / lib / padrino-core / cli / rake.rb: 9: in `init ' how can this be? I also tried to run Heroku dbpush SQLite: //db/my-db.db and that did not work Horoku sqlite3 but using postgres does not do. I'm not sure why you are receiving this error, however, as I have used sqlite3 in development and when pushing it into its travel, they do some magic which migrates to postgrads. I'm absolutely sure how Heroku does 'backwash' this database but it seems that this is happening to you because it's the SQLite db file which is obviously due to Heroku's
Read more

lex - Building a lexical Analyzer in Java -

-
I am currently learning lexical analysis in compiler design. To know how a lexical analyzer actually works, I am trying to build myself. I am planning to make it in Java The input to the lexical analyzer is a .tex file that is of the following format. \ section {script} {intro} \ section {Scope} arbitrary text \ section {relevance} uncontrolled text \ subdivision (profit) arbitrary text \ subsubsection {in real life} \ subdivision {Ingredient} \ end {document} The output of the lecture may be a table of contents with a page number in another file. 1 Introduction 1 1.1 Scope 1 1.2 Relevance 2 1.2.1 Benefits 2 1.2.1.1 Real life 2 1.2.2 loss 3 I hope that This problem is within the scope of Language Analysis Read the .exe file and check '\' and continue to check whether it is actually on search In the sectioning command is set to indicate whether or not a flag variable is the type of sectioning. I hope the above approach will work for the construction of Lexa
Read more

python - rename keys in a dictionary -

-
I want to change the names of keys in a dictionary which are ints, and I need them so that the inputs with key zero They can sort correctly. For example, my keys are like this: '1', '101', '11' and I may need them: '001', '101', '011' What is doing, but I know that there is a better way tmpDict = {} in the ADC for the old: t MpDict ['% 04d'% int (olden)] = addict [oldkey] New controlled = tmpDict You are going wrong about this if you want to draw entries on a line in a specific way, then you have to sort on the extraction. for sorted (D, key = int): print '% s:% R'% (k, d [k]) < / Div>
Read more