Since it’s a minifilter, you should use FltCreateFile[Ex], not ZwCreateFile.
Your driver resides on the boot disk, right?
Ken
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Friday, April 24, 2009 11:24 AM
To: Windows File Systems Devs Interest List
Subject: RE:[ntfsd] my minifilter issued BSOD:INACCESSIBLE_BOOT_DEVICE!!
oh,crazy things,In the BSOD,my driver still not loaded!
kd> lm o 1m
hal
nt
Mup
NDIS
Ntfs
KSecDD
fltmgr
SCSIPORT
atapi
dmio
ftdisk
ACPI
pci
isapnp
buslogic
CLASSPNP
PCIIDEX
MountMgr
disk
agp440
BOOTVID
compbatt
PartMgr
vmscsi
BATTC
intelide
Diskperf
dmload
WMILIB
and the all threads of the system process:
kd> !process 0 7
**** NT ACTIVE PROCESS DUMP ****
PROCESS 818b5380 SessionId: 0 Cid: 0008 Peb: 00000000 ParentCid: 0000
DirBase: 00030000 ObjectTable: 818b5e68 TableSize: 24.
Image: System
VadRoot 8187ef08 Clone 0 Private 1. Modified 87. Locked 0.
DeviceMap 81881e88
Token e1000750
ElapsedTime 14:56:55.0171
UserTime 0:00:00.0000
KernelTime 0:00:02.0906
QuotaPoolUsage[PagedPool] 0
QuotaPoolUsage[NonPagedPool] 0
Working Set Sizes (now,min,max) (56, 0, 345) (224KB, 0KB, 1380KB)
PeakWorkingSetSize 56
VirtualSize 0 Mb
PeakVirtualSize 0 Mb
PageFaultCount 52
MemoryPriority BACKGROUND
BasePriority 8
CommitCharge 1
THREAD 818b5100 Cid 8.4 Teb: 00000000 Win32Thread: 00000000
RUNNING
Not impersonating
Owning Process 818b5380
Wait Start TickCount 247 Elapsed Ticks: 1
Context Switch Count 594
UserTime 0:00:00.0000
KernelTime 0:00:02.0296
Start Address nt!Phase1Initialization (0x80547fce)
Stack Init f4024000 Current f4023078 Base f4024000 Limit f4021000
Call 0
Priority 31 BasePriority 8 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f4022cfc 8042a9e3 00000003 f4022d44 8185d5f0
nt!RtlpBreakWithStatusInstruction
f4022d2c 8042afd6 00000003 00000000 8185d5f0
nt!KiBugCheckDebugBreak+0x31
f40230b8 804ad9aa 0000007b 8185d5f0 c0000032 nt!KeBugCheckEx+0x390
f4023110 80428938 c0000032 00000000 00000000 nt!IopMountVolume+0x33e
f4023138 804bf2c9 f40234c8 8185d5f0 f402331c
nt!IopCheckVpbMounted+0x4a
f40232d8 80450893 8185d5f0 00000000 f4023390 nt!IopParseDevice+0x40f
f4023350 804d59a0 00000000 81881c00 00000040
nt!ObpLookupObjectName+0x4e7
f4023460 8049f9f1 00000000 00000000 00120100
nt!ObOpenObjectByName+0xc8
f402353c 8049f596 f40238bc 00100020 f4023894 nt!IopCreateFile+0x407
f4023584 804a8279 f40238bc 00100020 f4023894 nt!IoCreateFile+0x36
f40235c4 80464f84 f40238bc 00100020 f4023894 nt!NtOpenFile+0x25
f40235c4 8042fe9f f40238bc 00100020 f4023894 nt!KiSystemService+0xc4
f4023654 8055ad81 f40238bc 00100020 f4023894 nt!ZwOpenFile+0xb
f40238c0 805498b6 00000000 00000032 00000000
nt!PsLocateSystemDll+0x67
f4023a58 805486e9 80087000 00000000 00000000 nt!IoInitSystem+0x637
f4023da8 80454a24 80087000 00000000 00000000
nt!Phase1Initialization+0x71b
f4023ddc 80469212 80547fce 80087000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 81881940 Cid 8.c Teb: 00000000 Win32Thread: 00000000 WAIT:
(WrEventPairLow) UserMode Non-Alertable
804746a0 Unknown
Not impersonating
Owning Process 818b5380
Wait Start TickCount 15 Elapsed Ticks: 233
Context Switch Count 2
UserTime 0:00:00.0000
KernelTime 0:00:00.0015
Start Address nt!ExpWorkerThread (0x80416b4c)
Stack Init f402c000 Current f402bd34 Base f402c000 Limit f4029000
Call 0
Priority 13 BasePriority 13 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f402bd4c 8042d59b 00000000 804746a0 81881940 nt!KiSwapThread+0xc5
f402bd70 80416bbf 00000000 00000001 00000000 nt!KeRemoveQueue+0x195
f402bda8 80454a24 00000000 00000000 00000000 nt!ExpWorkerThread+0x73
f402bddc 80469212 80416b4c 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 818816c0 Cid 8.10 Teb: 00000000 Win32Thread: 00000000
WAIT: (WrEventPairLow) UserMode Non-Alertable
804746a0 Unknown
Not impersonating
Owning Process 818b5380
Wait Start TickCount 15 Elapsed Ticks: 233
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address nt!ExpWorkerThread (0x80416b4c)
Stack Init f4030000 Current f402fd34 Base f4030000 Limit f402d000
Call 0
Priority 13 BasePriority 13 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f402fd4c 8042d59b 00000000 804746a0 818816c0 nt!KiSwapThread+0xc5
f402fd70 80416bbf 00000000 00000001 00000000 nt!KeRemoveQueue+0x195
f402fda8 80454a24 00000000 00000000 00000000 nt!ExpWorkerThread+0x73
f402fddc 80469212 80416b4c 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 81881440 Cid 8.14 Teb: 00000000 Win32Thread: 00000000
WAIT: (WrEventPairLow) UserMode Non-Alertable
804746a0 Unknown
Not impersonating
Owning Process 818b5380
Wait Start TickCount 15 Elapsed Ticks: 233
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address nt!ExpWorkerThread (0x80416b4c)
Stack Init f4034000 Current f4033d34 Base f4034000 Limit f4031000
Call 0
Priority 13 BasePriority 13 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f4033d4c 8042d59b 00000000 804746a0 81881440 nt!KiSwapThread+0xc5
f4033d70 80416bbf 00000000 00000001 00000000 nt!KeRemoveQueue+0x195
f4033da8 80454a24 00000000 00000000 00000000 nt!ExpWorkerThread+0x73
f4033ddc 80469212 80416b4c 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 818811c0 Cid 8.18 Teb: 00000000 Win32Thread: 00000000
WAIT: (WrEventPairLow) UserMode Non-Alertable
804746a0 Unknown
Not impersonating
Owning Process 818b5380
Wait Start TickCount 247 Elapsed Ticks: 1
Context Switch Count 2
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address nt!ExpWorkerThread (0x80416b4c)
Stack Init f4038000 Current f4037d34 Base f4038000 Limit f4035000
Call 0
Priority 13 BasePriority 13 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f4037d4c 8042d59b bfed3068 804746a0 818811c0 nt!KiSwapThread+0xc5
f4037d70 80416bbf 00000000 00000001 00000000 nt!KeRemoveQueue+0x195
f4037da8 80454a24 00000000 00000000 00000000 nt!ExpWorkerThread+0x73
f4037ddc 80469212 80416b4c 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 81880020 Cid 8.1c Teb: 00000000 Win32Thread: 00000000
READY
Not impersonating
Owning Process 818b5380
Wait Start TickCount 247 Elapsed Ticks: 1
Context Switch Count 20
UserTime 0:00:00.0000
KernelTime 0:00:00.0031
Start Address nt!ExpWorkerThread (0x80416b4c)
Stack Init f403c000 Current f403ba40 Base f403c000 Limit f4039000
Call 0
Priority 13 BasePriority 13 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f403ba58 8042b745 00000040 81896d08 00000000
nt!KiUnlockDispatcherDatabase+0x73
f403ba6c 8041e0a0 f40230e0 00000001 00000000 nt!KeSetEvent+0x71
f403ba98 bfebe418 818987c8 00000000 bfef0850
nt!IopfCompleteRequest+0x1a6
f403baa4 bfef0850 818987c8 81896d08 c0000032
Ntfs!NtfsCompleteRequest+0x5c
f403bcd8 bfedf6dd 818987c8 81896d08 818987c8
Ntfs!NtfsMountVolume+0x1aac
f403bce8 bfec5bf9 818987c8 81896d08 818988c8
Ntfs!NtfsCommonFileSystemControl+0x37
f403bd78 80416bfa 818987c8 00000000 00000000
Ntfs!NtfsFspDispatch+0x1b3
f403bda8 80454a24 818987c8 00000000 00000000 nt!ExpWorkerThread+0xae
f403bddc 80469212 80416b4c 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 81880da0 Cid 8.20 Teb: 00000000 Win32Thread: 00000000
WAIT: (WrEventPairLow) UserMode Non-Alertable
804746dc Unknown
Not impersonating
Owning Process 818b5380
Wait Start TickCount 15 Elapsed Ticks: 233
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address nt!ExpWorkerThread (0x80416b4c)
Stack Init f4040000 Current f403fd34 Base f4040000 Limit f403d000
Call 0
Priority 12 BasePriority 12 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f403fd4c 8042d59b 00000000 804746dc 81880da0 nt!KiSwapThread+0xc5
f403fd70 80416bbf 00000000 00000001 00000000 nt!KeRemoveQueue+0x195
f403fda8 80454a24 00000001 00000000 00000000 nt!ExpWorkerThread+0x73
f403fddc 80469212 80416b4c 00000001 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 81880b20 Cid 8.24 Teb: 00000000 Win32Thread: 00000000
WAIT: (WrEventPairLow) UserMode Non-Alertable
804746dc Unknown
Not impersonating
Owning Process 818b5380
Wait Start TickCount 247 Elapsed Ticks: 1
Context Switch Count 3
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address nt!ExpWorkerThread (0x80416b4c)
Stack Init f4044000 Current f4043d34 Base f4044000 Limit f4041000
Call 0
Priority 12 BasePriority 12 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f4043d4c 8042d59b 80477c60 804746dc 81880b20 nt!KiSwapThread+0xc5
f4043d70 80416bbf 00000000 00000001 00000000 nt!KeRemoveQueue+0x195
f4043da8 80454a24 00000000 00000000 00000000 nt!ExpWorkerThread+0x73
f4043ddc 80469212 80416b4c 00000001 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 818808a0 Cid 8.28 Teb: 00000000 Win32Thread: 00000000
READY
Not impersonating
Owning Process 818b5380
Wait Start TickCount 247 Elapsed Ticks: 1
Context Switch Count 104
UserTime 0:00:00.0000
KernelTime 0:00:00.0062
Start Address nt!ExpWorkerThread (0x80416b4c)
Stack Init f4048000 Current f4047c2c Base f4048000 Limit f4045000
Call 0
Priority 13 BasePriority 12 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f4047c44 8042c2ad 00000000 818974f4 81897000 nt!KiSwapThread+0xc5
f4047c6c 80414f03 8185fa28 00000000 00000000
nt!KeWaitForSingleObject+0x1a1
f4047ca8 8041457c 818974f4 008974f4 f4047cc0
nt!ExpWaitForResource+0x2d
f4047cb8 804145c1 f4047cdc 8041456d 818974f4
nt!ExpAcquireResourceExclusiveLite+0x64
f4047cc0 8041456d 818974f4 00000001 818970f0
nt!ExAcquireResourceExclusiveLite+0x37
f4047cdc 804145c1 f4047d78 bfeeea81 818974f4
nt!ExpAcquireResourceExclusiveLite+0x55
f4047ce4 bfeeea81 818974f4 00000001 81897a68
nt!ExAcquireResourceExclusiveLite+0x37
f4047cf4 bff187c5 81897a68 818970f0 00000001
Ntfs!NtfsAcquireExclusiveVcb+0x1b
f4047d78 80416bfa 81897a68 00000000 00000000
Ntfs!NtfsSpecialDispatch+0x115
f4047da8 80454a24 81897a68 00000000 00000000 nt!ExpWorkerThread+0xae
f4047ddc 80469212 80416b4c 00000001 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 81880620 Cid 8.2c Teb: 00000000 Win32Thread: 00000000
WAIT: (WrEventPairLow) KernelMode Non-Alertable
80474718 Unknown
Not impersonating
Owning Process 818b5380
Wait Start TickCount 14 Elapsed Ticks: 234
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address nt!ExpWorkerThread (0x80416b4c)
Stack Init f404c000 Current f404bd34 Base f404c000 Limit f4049000
Call 0
Priority 15 BasePriority 15 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f404bd4c 8042d59b 00000000 80474718 81880620 nt!KiSwapThread+0xc5
f404bd70 80416bbf 00000000 00000000 00000000 nt!KeRemoveQueue+0x195
f404bda8 80454a24 00000002 00000000 00000000 nt!ExpWorkerThread+0x73
f404bddc 80469212 80416b4c 00000002 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 818803a0 Cid 8.30 Teb: 00000000 Win32Thread: 00000000
WAIT: (Executive) KernelMode Non-Alertable
f404fd78 NotificationTimer
80474760 SynchronizationEvent
Not impersonating
Owning Process 818b5380
Wait Start TickCount 232 Elapsed Ticks: 16
Context Switch Count 4
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address nt!ExpWorkerThreadBalanceManager (0x8049423e)
Stack Init f4050000 Current f404fcf8 Base f4050000 Limit f404d000
Call 0
Priority 14 BasePriority 14 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f404fd10 8042c02e ff676980 00000000 ffffffff nt!KiSwapThread+0xc5
f404fd44 80494293 00000002 f404fda0 00000001
nt!KeWaitForMultipleObjects+0x266
f404fda8 80454a24 00000000 00000000 00000000
nt!ExpWorkerThreadBalanceManager+0x55
f404fddc 80469212 8049423e 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 8187e880 Cid 8.34 Teb: 00000000 Win32Thread: 00000000
WAIT: (WrVirtualMemory) UserMode Non-Alertable
80481b44 Semaphore Limit 0x7fffffff
80481a70 NotificationEvent
Not impersonating
Owning Process 818b5380
Wait Start TickCount 104 Elapsed Ticks: 144
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address nt!MiDereferenceSegmentThread (0x8043941e)
Stack Init f4054000 Current f4053d20 Base f4054000 Limit f4051000
Call 0
Priority 18 BasePriority 8 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f4053d38 8042c02e 00000000 00000000 80064bd4 nt!KiSwapThread+0xc5
f4053d6c 80439462 00000002 f4053da0 00000001
nt!KeWaitForMultipleObjects+0x266
f4053da8 80454a24 00000000 00000000 00000000
nt!MiDereferenceSegmentThread+0x44
f4053ddc 80469212 8043941e 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 8187e600 Cid 8.38 Teb: 00000000 Win32Thread: 00000000
WAIT: (WrFreePage) KernelMode Non-Alertable
804821b0 NotificationEvent
80481370 NotificationEvent
Not impersonating
Owning Process 818b5380
Wait Start TickCount 104 Elapsed Ticks: 144
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address nt!MiModifiedPageWriter (0x804cd328)
Stack Init f4058000 Current f4057ce0 Base f4058000 Limit f4055000
Call 0
Priority 17 BasePriority 8 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f4057cf8 8042c02e 00000014 80481b80 00000000 nt!KiSwapThread+0xc5
f4057d2c 8043c829 00000002 f4057d6c 00000001
nt!KeWaitForMultipleObjects+0x266
f4057d70 804cd490 00000000 00000000 00000000
nt!MiModifiedPageWriterWorker+0x37
f4057da8 80454a24 00000000 00000000 00000000
nt!MiModifiedPageWriter+0x168
f4057ddc 80469212 804cd328 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 8187e380 Cid 8.3c Teb: 00000000 Win32Thread: 00000000
WAIT: (Executive) KernelMode Non-Alertable
f405bd70 NotificationTimer
80481b60 SynchronizationEvent
Not impersonating
Owning Process 818b5380
Wait Start TickCount 232 Elapsed Ticks: 16
Context Switch Count 3
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address nt!KeBalanceSetManager (0x8046373e)
Stack Init f405c000 Current f405bcc0 Base f405c000 Limit f4059000
Call 0
Priority 16 BasePriority 8 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f405bcd8 8042c02e ffffffff ff676980 00000000 nt!KiSwapThread+0xc5
f405bd0c 804637bc 00000002 f405bd98 00000001
nt!KeWaitForMultipleObjects+0x266
f405bda8 80454a24 00000000 00000000 00000000
nt!KeBalanceSetManager+0x7e
f405bddc 80469212 8046373e 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 8187e100 Cid 8.40 Teb: 00000000 Win32Thread: 00000000
WAIT: (Executive) KernelMode Non-Alertable
80480f10 SynchronizationEvent
Not impersonating
Owning Process 818b5380
Wait Start TickCount 104 Elapsed Ticks: 144
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address nt!KeSwapProcessOrStack (0x80463836)
Stack Init f4060000 Current f405fd40 Base f4060000 Limit f405d000
Call 0
Priority 23 BasePriority 8 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f405fd58 8042c2ad 00000000 00000000 00000000 nt!KiSwapThread+0xc5
f405fd80 8046385a 80480f10 00000000 00000000
nt!KeWaitForSingleObject+0x1a1
f405fda8 80454a24 00000000 00000000 00000000
nt!KeSwapProcessOrStack+0x24
f405fddc 80469212 80463836 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 8187d820 Cid 8.44 Teb: 00000000 Win32Thread: 00000000
WAIT: (WrEventPairLow) KernelMode Non-Alertable
804759a0 Unknown
Not impersonating
Owning Process 818b5380
Wait Start TickCount 104 Elapsed Ticks: 144
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address nt!FsRtlWorkerThread (0x8041c8cc)
Stack Init f4064000 Current f4063d4c Base f4064000 Limit f4061000
Call 0
Priority 16 BasePriority 8 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f4063d64 8042d59b 80064bec 00000000 804759a0 nt!KiSwapThread+0xc5
f4063d88 8041c8ff 00000000 00000000 00000000 nt!KeRemoveQueue+0x195
f4063da8 80454a24 00000000 00000000 00000000
nt!FsRtlWorkerThread+0x33
f4063ddc 80469212 8041c8cc 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 8187d5a0 Cid 8.48 Teb: 00000000 Win32Thread: 00000000
WAIT: (WrEventPairLow) KernelMode Non-Alertable
804759c8 Unknown
Not impersonating
Owning Process 818b5380
Wait Start TickCount 104 Elapsed Ticks: 144
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address nt!FsRtlWorkerThread (0x8041c8cc)
Stack Init f4068000 Current f4067d4c Base f4068000 Limit f4065000
Call 0
Priority 17 BasePriority 8 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f4067d64 8042d59b 80064bec 00000001 804759c8 nt!KiSwapThread+0xc5
f4067d88 8041c8ff 00000000 00000000 00000000 nt!KeRemoveQueue+0x195
f4067da8 80454a24 00000001 00000000 00000000
nt!FsRtlWorkerThread+0x33
f4067ddc 80469212 8041c8cc 00000001 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 8186dca0 Cid 8.4c Teb: 00000000 Win32Thread: 00000000
WAIT: (Executive) KernelMode Non-Alertable
bfff10d0 NotificationEvent
bfff10e0 NotificationEvent
Not impersonating
Owning Process 818b5380
Wait Start TickCount 170 Elapsed Ticks: 78
Context Switch Count 606
UserTime 0:00:00.0000
KernelTime 0:00:00.0500
Start Address ACPI!ACPIWorker (0xbffe58c8)
Stack Init f406c000 Current f406bd1c Base f406c000 Limit f4069000
Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f406bd34 8042c02e bfff1100 00000000 80064bec nt!KiSwapThread+0xc5
f406bd68 bffe590e 00000002 f406bd9c 00000001
nt!KeWaitForMultipleObjects+0x266
f406bda8 80454a24 00000000 00000000 00000000 ACPI!ACPIWorker+0x46
f406bddc 80469212 bffe58c8 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 81866760 Cid 8.50 Teb: 00000000 Win32Thread: 00000000
WAIT: (WrVirtualMemory) KernelMode Non-Alertable
80481570 NotificationEvent
Not impersonating
Owning Process 818b5380
Wait Start TickCount 105 Elapsed Ticks: 143
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address nt!MiMappedPageWriter (0x8043d0d8)
Stack Init f4070000 Current f406fd2c Base f4070000 Limit f406d000
Call 0
Priority 17 BasePriority 8 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f406fd44 8042c2ad 00000000 00000000 80064bd4 nt!KiSwapThread+0xc5
f406fd6c 8043d125 80481570 00000012 00000000
nt!KeWaitForSingleObject+0x1a1
f406fda8 80454a24 00000000 00000000 00000000
nt!MiMappedPageWriter+0x4d
f406fddc 80469212 8043d0d8 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 8185b1a0 Cid 8.54 Teb: 00000000 Win32Thread: 00000000
WAIT: (Executive) KernelMode Non-Alertable
bffb4200 Semaphore Limit 0x7fffffff
Not impersonating
Owning Process 818b5380
Wait Start TickCount 170 Elapsed Ticks: 78
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address dmio!voliod_loop (0xbffa0fc0)
Stack Init f4074000 Current f4073d3c Base f4074000 Limit f4071000
Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f4073d54 8042c2ad 00000000 bffb4c70 00000000 nt!KiSwapThread+0xc5
f4073d7c bffa1359 bffb4200 00000000 00000000
nt!KeWaitForSingleObject+0x1a1
f4073da8 80454a24 00000000 00000000 00000000 dmio!voliod_loop+0x399
f4073ddc 80469212 bffa0fc0 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
THREAD 818997c0 Cid 8.58 Teb: 00000000 Win32Thread: 00000000
WAIT: (WrEventPairLow) KernelMode Non-Alertable
bfe980b8 Unknown
Not impersonating
Owning Process 818b5380
Wait Start TickCount 236 Elapsed Ticks: 12
Context Switch Count 1
UserTime 0:00:00.0000
KernelTime 0:00:00.0000
Start Address NDIS!ndisWorkerThread (0xbfe9994a)
Stack Init f4078000 Current f4077d50 Base f4078000 Limit f4075000
Call 0
Priority 8 BasePriority 8 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
f4077d68 8042d59b 00000000 00000000 00000000 nt!KiSwapThread+0xc5
f4077d8c bfe99978 00000000 00000000 00000000 nt!KeRemoveQueue+0x195
f4077da8 80454a24 00000000 00000000 00000000
NDIS!ndisWorkerThread+0x22
f4077ddc 80469212 bfe9994a 00000000 00000000
nt!PspSystemThreadStartup+0x54
00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16
NTFSD is sponsored by OSR
For our schedule of debugging and file system seminars
(including our new fs mini-filter seminar) visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer