work out why remote screen sharing driver cause wininit.exe to exit on startup

On Windows 8.1 device, with kernel debugger attached. I am trying to
workout why wininit.exe is terminating during startup ie. what cause
it to call ntdll!RtlExitUserProcess. Through trial and error have
worked out it is releated to 3rd party remote screen sharing drivers,
disabling them stops wininit.exe from terminating. However now trying
to work out why, because these same version driver on other machines
don’t cause this problem…Any suggestions?

************* Symbol Path validation summary **************
Response Time (ms) Location
Deferred srv*
Symbol search path is: srv*
Executable search path is: srv*
Windows 8.1 Kernel Version 9600 MP (1 procs) Free x64
Built by: 9600.18589.amd64fre.winblue_ltsb.170204-0600
Machine Name:
Kernel base = 0xfffff80246e09000 PsLoadedModuleList = 0xfffff802470dc670
System Uptime: 0 days 0:00:00.230
KDTARGET: Refreshing KD connection

*** Unhandled exception 0xc0000008, hit in
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows
SharedSection=1024,20480,768 Windows=On SubSystemType=Windows
ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3
ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16:
*** enter .exr 000000890852F480 for the exception record
*** enter .cxr 000000890852EE70 for the context
*** then kb to get the faulting stack
Break instruction exception - code 80000003 (first chance)
rax=0000000000000000 rbx=0000000000000065 rcx=9e66b3d5c9350000
rdx=0000000000000028 rsi=0000000000000000 rdi=0000000000000001
rip=00007ffd0984b360 rsp=000000890852e3f0 rbp=000000890852fa30
r8=0000000000000065 r9=0000000000000000 r10=0000000000000000
r11=0000000000000000 r12=00007ffd097f73e0 r13=00000089085f199c
r14=000000890852e560 r15=000000890852f480
iopl=0 nv up ei pl nz na po nc
cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000206
ntdll!RtlUnhandledExceptionFilter2+0x340:
0033:00007ffd0984b360 cc int 3 kd\> bp ntdll!RtlExitUserProcess kd\> g Breakpoint 0 hit rax=0000000000000000 rbx=000000000000000e rcx=000000000000000e rdx=0000000000000000 rsi=000000ad68f71220 rdi=000000ad68f71218 rip=00007ffd09778490 rsp=000000ad68ccf708 rbp=0000000000000000 r8=000000000000007e r9=0000000000000054 r10=000000000000009e r11=0000000000000288 r12=000000ad68f71220 r13=000000000000000e r14=0000000000000000 r15=000000ad68f71228 iopl=0 nv up ei pl nz na pe nc cs=0033 ss=002b ds=002b es=002b fs=0053 gs=002b efl=00000202 ntdll!RtlExitUserProcess: 0033:00007ffd09778490 48895c2410 mov qword ptr [rsp+10h],rbx
ss:002b:000000ad`68ccf718=0000000000000000
kd> kv

Child-SP RetAddr : Args to Child

: Call Site
00 000000ad68ccf708 00007ffd0962516a : 000000000000000e 0000000000000000 000000ad68f71220 00007ffd097b5f67 :
ntdll!RtlExitUserProcess
01 000000ad68ccf710 000000000000000e : 0000000000000000 000000ad68f71220 00007ffd097b5f67 000000ad68f71218 :
0x00007ffd0962516a 02 000000ad68ccf718 0000000000000000 : 000000ad68f71220
00007ffd097b5f67 000000ad68f71218 00007ffd084b71d5 : 0xe kd\> !process ffffe0003f3db8c0 7
PROCESS ffffe0003f3db8c0
SessionId: 0 Cid: 023c Peb: 7ff7f5c4f000 ParentCid: 01e0
DirBase: 17be3000 ObjectTable: ffffc0017b562280 HandleCount:

Image: wininit.exe
VadRoot ffffe0003f3d83d0 Vads 42 Clone 0 Private 190. Modified 42. Locked 0.
DeviceMap ffffc0017600d800
Token ffffc0017cace1c0
ElapsedTime 00:00:14.227
UserTime 00:00:00.000
KernelTime 00:00:00.000
QuotaPoolUsage[PagedPool] 85928
QuotaPoolUsage[NonPagedPool] 5360
Working Set Sizes (now,min,max) (927, 50, 345) (3708KB, 200KB, 1380KB)
PeakWorkingSetSize 888
VirtualSize 2097192 Mb
PeakVirtualSize 2097196 Mb
PageFaultCount 1009
MemoryPriority BACKGROUND
BasePriority 13
CommitCharge 244
THREAD ffffe0003f3dc880 Cid 023c.0240 Teb: 00007ff7f5c4d000
Win32Thread: fffff901400e3b50 RUNNING on processor 0
Not impersonating
DeviceMap ffffc0017600d800
Owning Process ffffe0003f3db8c0 Image:
wininit.exe
Attached Process N/A Image: N/A
Wait Start TickCount 819 Ticks: 0
Context Switch Count 197 IdealProcessor: 0
UserTime 00:00:00.000
KernelTime 00:00:00.125
Win32 Start Address 0x00007ff7f6bb7bb0
Stack Init ffffd0012f1aab90 Current ffffd0012f1aa300
Base ffffd0012f1ab000 Limit ffffd0012f1a4000 Call 0000000000000000
Priority 15 BasePriority 15 PriorityDecrement 0 IoPriority 2
PagePriority 5
Child-SP RetAddr : Args to Child
: Call Site
000000ad68ccf708 00007ffd0962516a : 000000000000000e<br>0000000000000000 000000ad68f71220 00007ffd097b5f67 :
ntdll!RtlExitUserProcess
000000ad68ccf710 000000000000000e : 0000000000000000<br>000000ad68f71220 00007ffd097b5f67 000000ad68f71218 :
0x00007ffd0962516a<br> 000000ad68ccf718 0000000000000000 : 000000ad68f71220
00007ffd097b5f67 000000ad68f71218 00007ffd084b71d5 : 0xe<br> THREAD ffffe0004059e880 Cid 023c.0254 Teb: 00007ff7f5c4b000<br>Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable<br> ffffe0003f1d5440 QueueObject<br> Not impersonating<br> DeviceMap ffffc0017600d800<br> Owning Process ffffe0003f3db8c0 Image:<br> wininit.exe<br> Attached Process N/A Image: N/A<br> Wait Start TickCount 779 Ticks: 40 (0:00:00:00.625)<br> Context Switch Count 6 IdealProcessor: 0<br> UserTime 00:00:00.000<br> KernelTime 00:00:00.000<br> Win32 Start Address ntdll!TppWorkerThread (0x00007ffd097989b0)<br> Stack Init ffffd0012edd7b90 Current ffffd0012edd7330<br> Base ffffd0012edd8000 Limit ffffd0012edd1000 Call 0000000000000000<br> Priority 13 BasePriority 13 PriorityDecrement 0 IoPriority 2<br>PagePriority 5<br> Child-SP RetAddr : Args to Child<br> : Call Site<br> ffffd0012edd7370 fffff80246e9cf1e : fffff80247106180
ffffe0004059e880 00000000fffffffe 0000000000000000 :<br>nt!KiSwapContext+0x76<br> ffffd0012edd74b0 fffff80246e9c999 : ffffe0004059e880
0000000000000001 ffffe0003dfd7010 ffffd0012edd7688 :<br>nt!KiSwapThread+0x14e<br> ffffd0012edd7550 fffff80246e9b908 : 0000000000000000
0000000000000000 ffffd001000000cc fffff80246e38194 :<br>nt!KiCommitThreadWait+0x129<br> ffffd0012edd75d0 fffff80246e9af6a : ffffe0003f1d5440
0000000000000001 ffffe0003f3cd801 ffffe00000000002 :<br>nt!KeRemoveQueueEx+0x788<br> ffffd0012edd7650 fffff80246e9a5fb : 0000000000000000
0000000000000000 0000000000000000 0000000000000000 :<br>nt!IoRemoveIoCompletion+0x8a<br> ffffd0012edd7770 fffff80246f62ab3 : 000000000000002c
000000ad68d10d70 0000000000000010 000000ad68fffaa8 :<br>nt!NtWaitForWorkViaWorkerFactory+0x30b<br> ffffd0012edd7990 00007ffd097f21aa : 00007ffd097990f6
0000000000000000 00007ffd0979acf0 0000000000000010 :<br>nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ ffffd0012edd7a00)
000000ad68fffa28 00007ffd097990f6 : 0000000000000000<br>00007ffd0979acf0 0000000000000010 000000ad68d110f0 :
ntdll!NtWaitForWorkViaWorkerFactory+0xa
000000ad68fffa30 00007ffd096213d2 : 0000000000000000<br>00007ffd097989b0 000000ad68d17650 0000000000000000 :
ntdll!TppWorkerThread+0x746
000000ad68fffe10 0000000000000000 : 00007ffd097989b0<br>000000ad68d17650 0000000000000000 00007ffd097989b0 :
0x00007ffd096213d2<br> THREAD ffffe0003f3cd880 Cid 023c.0260 Teb: 00007ff7f5c49000<br>Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable<br> ffffe0003f1d5440 QueueObject<br> Not impersonating<br> DeviceMap ffffc0017600d800<br> Owning Process ffffe0003f3db8c0 Image:<br> wininit.exe<br> Attached Process N/A Image: N/A<br> Wait Start TickCount 779 Ticks: 40 (0:00:00:00.625)<br> Context Switch Count 1 IdealProcessor: 0<br> UserTime 00:00:00.000<br> KernelTime 00:00:00.000<br> Win32 Start Address ntdll!TppWorkerThread (0x00007ffd097989b0)<br> Stack Init ffffd0012f08ab90 Current ffffd0012f08a330<br> Base ffffd0012f08b000 Limit ffffd0012f084000 Call 0000000000000000<br> Priority 13 BasePriority 13 PriorityDecrement 0 IoPriority 2<br>PagePriority 5<br> Child-SP RetAddr : Args to Child<br> : Call Site<br> ffffd0012f08a370 fffff80246e9cf1e : fffff80247106180
ffffe0003f3cd880 00000000fffffffe 0000000000000000 :<br>nt!KiSwapContext+0x76<br> ffffd0012f08a4b0 fffff80246e9c999 : ffffe0003f3cd880
0000000000000000 0000000000000000 0000000000000000 :<br>nt!KiSwapThread+0x14e<br> ffffd0012f08a550 fffff80246e9b908 : 0000000000000000
0000000000000000 ffffe000000000cc 0000000000000000 :<br>nt!KiCommitThreadWait+0x129<br> ffffd0012f08a5d0 fffff80246e9af6a : ffffe0003f1d5440
0000000000000001 0000000000000001 0000000000000002 :<br>nt!KeRemoveQueueEx+0x788<br> ffffd0012f08a650 fffff80246e9a5fb : 0000000000000000
0000000000000000 0000000000000000 0000000000000000 :<br>nt!IoRemoveIoCompletion+0x8a<br> ffffd0012f08a770 fffff80246f62ab3 : 000000000000002c
000000ad68d13bb0 ffffe00000000010 000000ad6977fad8 :<br>nt!NtWaitForWorkViaWorkerFactory+0x30b<br> ffffd0012f08a990 00007ffd097f21aa : 00007ffd097990f6
00007ffd097989b0 0000000000000003 000000ad68d17650 :<br>nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ ffffd0012f08aa00)
000000ad6977fa58 00007ffd097990f6 : 00007ffd097989b0<br>0000000000000003 000000ad68d17650 000000ad68d17650 :
ntdll!NtWaitForWorkViaWorkerFactory+0xa
000000ad6977fa60 00007ffd096213d2 : 0000000000000000<br>00007ffd097989b0 000000ad68d17650 0000000000000000 :
ntdll!TppWorkerThread+0x746
000000ad6977fe40 0000000000000000 : 00007ffd097989b0<br>000000ad68d17650 0000000000000000 00007ffd097989b0 :
0x00007ffd`096213d2

regs

Malcolm