WinDbg : !stacks
The !stacks extension command is used to display the kernel stacks. Examples.
kd> !stacks 0
Proc.Thread .Thread Ticks ThreadState Blocker
[8273d640 Idle]
0.000000 8273d380 000029f RUNNING nt!KiIdleLoop+0xce
[839afbf8 System]
4.000058 83a314b8 0000b39 Blocked nt!MiModifiedPageWriter+0x39
4.000068 83a2d430 000000d Blocked nt!CcQueueLazyWriteScanThread+0x4a
4.000074 83a29308 0000367 Blocked nt!AlpcpReceiveMessagePort+0x245
4.000078 83a46a88 000000d Blocked nt!EtwpLogger+0xd0
4.000080 83a51020 000000d Blocked nt!EtwpLogger+0xd0
4.000084 83a5c788 000000d Blocked nt!EtwpLogger+0xd0
4.000088 83a5c1f0 000000d Blocked nt!EtwpLogger+0xd0
4.00008c 83aa41c8 00001fc Blocked nt!EtwpLogger+0xd0
4.000090 842a7280 000000d Blocked nt!EtwpLogger+0xd0
4.000094 842b2020 0000645 Blocked nt!EtwpLogger+0xd0
4.000098 842b65c8 0000b37 Blocked nt!WdipSemCheckTimeout+0x21d
4.00009c 839b5020 00008db Blocked ACPI!ACPIWorkerThread+0x47
4.0000a0 84308428 0000b33 Blocked ACPI!PciRootBusBiosMethodDispatcherOnResume+0x30
4.0000a4 842c8d48 000008d Blocked nt!EtwpLogger+0xd0
4.0000a8 839ec020 0000b31 Blocked vmbus!AwFinalizeWorkItem+0x4e
4.0000ac 839ecd48 0000b31 Blocked vmbus!AwFinalizeWorkItem+0x4e
4.0000b0 839eca70 000064b Blocked vmbus!AwFinalizeWorkItem+0x4e
4.0000b4 842d9648 0000b2f Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000b8 846e1250 0000b2f Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000bc 846e2020 0000b2f Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000c0 846e2cf8 0000b2f Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000c4 846e2a20 0000b2f Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000c8 846e2610 0000b2f Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000cc 846e3020 0000b2f Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000d0 846e3d48 0000b2f Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000d8 846e3570 0000b2f Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000dc 8474a7a8 0000acf Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000e0 84780020 0000a04 Blocked ndis!ndisThreadPoolTimerHandler+0xd9
4.0000e8 847806d0 000034d Blocked ndis!ndisCmWaitThread+0x5b
4.0000ec 847d4d48 000000d Blocked rdyboost!SMKM_STORE<SMD_TRAITS>::SmStWorker+0x64
4.0000f0 847bfd48 0000003 Blocked rdyboost!SmdRBMemoryWatchdogThread+0xc0
4.0000fc 84851020 0000a8c Blocked Wdf01000!FxSystemThread::Thread+0xea
4.000100 849a6718 00009f7 Blocked watchdog!SMgrGdiCalloutThread+0x35
4.000108 8490d020 00009f7 Blocked blbdrive!BlbIoWorkerThread+0x1e
4.00010c 84938bc8 0000290 Blocked nt!AlpcpReceiveMessagePort+0x245
4.000128 84871d48 0000002 Blocked VMBusVideoM!WorkerThreadRoutine+0xa9
4.0001a0 84c3ed48 0000645 Blocked nt!EtwpLogger+0xd0
4.0001b4 83a24368 00001db Blocked nt!IoRemoveIoCompletion+0x23
4.0002b0 84d53508 0000310 Blocked luafv!SynchronousFsControl+0x18f
4.00032c 84d75d48 0000901 Blocked nt!EtwpLogger+0xd0
4.000374 84db5930 00001c4 Blocked nt!EtwpLogger+0xd0
4.0003a0 84eecd48 00008d2 Blocked nt!EtwpLogger+0xd0
4.0003c8 84f04d48 00008ca Blocked nt!EtwpLogger+0xd0
4.0003cc 84f1ad48 00008c2 Blocked nt!EtwpLogger+0xd0
4.0003f0 84eeb338 00008bd Blocked csc!CscEnpEvictAutoThread+0x13e
4.0003f4 84eebce0 00008bd Blocked csc!CscEnpEvictAutoThread+0x13e
4.0004c4 84f69d48 000087a Blocked HTTP!UlpTimedWaitOnEvent+0x18
4.0004c8 84f69a70 000073a Blocked HTTP!UlpTimedWaitOnEvent+0x18
4.0004cc 84f69798 000077a Blocked HTTP!UlpScavengerThread+0x5e
4.00051c 84f7b228 00006a5 Blocked mpsdrv!AuditSuccessEvent+0x19b
4.0005f8 84863300 0000813 Blocked Wdf01000!FxSystemThread::Thread+0xea
4.000670 85079750 000028f Blocked srv2!SrvProcWorkerThread+0x113
4.000688 850d51d8 0000290 Blocked srv2!SrvProcWorkerThread+0x113
4.00068c 85084bc0 00007eb Blocked srv2!SrvProcWorkerThread+0x113
4.000758 84fa3020 00000f2 Blocked HTTP!UlpTimedWaitOnEvent+0x18
4.0008cc 8495faf8 000028f Blocked srv2!SrvProcWorkerThread+0x113
4.0008d0 8495f820 000029a Blocked srv2!SrvProcWorkerThread+0x113
[8490d9c8 smss.exe]
110.000158 84907d48 0000907 Blocked nt!IoRemoveIoCompletion+0x23
[84c3b030 csrss.exe]
168.000174 83a17ca0 00005da Blocked nt!AlpcpSignalAndWait+0x7b
168.000178 83a237c8 0000822 Blocked nt!ObpWaitForMultipleObjects+0x262
168.00017c 83a23d48 000003c Blocked nt!AlpcpReceiveMessagePort+0x245
168.00019c 84c3ad48 000009f Blocked nt!AlpcpReceiveMessagePort+0x245
168.0001fc 84cce030 0000070 Blocked nt!AlpcpReceiveMessagePort+0x245
[84bf2d40 wininit.exe]
18c.0001a8 84c45d48 000018b Blocked nt!ObpWaitForMultipleObjects+0x262
18c.0001ac 84c48d48 00001c6 Blocked nt!IoRemoveIoCompletion+0x23
18c.0001b0 848ff770 000018b Blocked nt!IoRemoveIoCompletion+0x23
18c.0001f8 84d0f4d8 0000908 Blocked nt!IoRemoveIoCompletion+0x23
18c.000230 84ceed48 000090b Blocked nt!IoRemoveIoCompletion+0x23
18c.0002e8 84d71b78 000090b Blocked nt!IoRemoveIoCompletion+0x23
[848a7d40 csrss.exe]
194.0001b8 8490a030 0000367 Blocked nt!AlpcpSignalAndWait+0x7b
194.0001bc 8490ad48 0000649 Blocked nt!ObpWaitForMultipleObjects+0x262
194.0001c0 84900268 00001d3 Blocked nt!AlpcpReceiveMessagePort+0x245
194.0001d8 84cc4d48 00001dc Blocked nt!AlpcpReceiveMessagePort+0x245
194.000204 84ccda60 0000001 Blocked win32k!xxxMsgWaitForMultipleObjects+0xe9
[84c54d40 winlogon.exe]
1c8.0001cc 84900a08 000031c Blocked nt!KiFastCallEntry+0x12a
1c8.0001dc 84cc8978 000069a Blocked nt!EtwpReceiveNotification+0xf4
1c8.0001e0 84cc8030 0000187 Blocked nt!ObpWaitForMultipleObjects+0x262
1c8.0001e4 84cc9d48 0000187 Blocked nt!IoRemoveIoCompletion+0x23
1c8.0001f4 84d0fa40 000031c Blocked nt!IoRemoveIoCompletion+0x23
1c8.000358 84dd94d0 00008df Blocked nt!IoRemoveIoCompletion+0x23
[84ccb408 services.exe]
1ec.000240 84cea478 000003c Blocked nt!ObpWaitForMultipleObjects+0x262
1ec.000244 84cf5030 00007e1 Blocked nt!IoRemoveIoCompletion+0x23
1ec.000248 84cf3418 00007e1 Blocked nt!IoRemoveIoCompletion+0x23
1ec.00024c 84cee030 000034d Blocked nt!ObpWaitForMultipleObjects+0x262
1ec.000254 84d1f030 00007df Blocked nt!IoRemoveIoCompletion+0x23
1ec.000258 84d1fd48 000018c Blocked nt!IoRemoveIoCompletion+0x23
1ec.00025c 84c3ba68 0000649 Blocked nt!IoRemoveIoCompletion+0x23
1ec.000260 84cef378 000092f Blocked nt!IoRemoveIoCompletion+0x23
1ec.000268 84d20030 00007e1 Blocked nt!IoRemoveIoCompletion+0x23
1ec.00026c 84d20d48 0000148 Blocked nt!IoRemoveIoCompletion+0x23
1ec.0002ac 84d4aaf8 000003c Blocked nt!IoRemoveIoCompletion+0x23
1ec.000468 84f3ec20 0000699 Blocked nt!EtwpReceiveNotification+0xf4
1ec.0004e0 842ad408 00007df Blocked nt!IoRemoveIoCompletion+0x23
1ec.0006bc 850345a0 00007df Blocked nt!IoRemoveIoCompletion+0x23
1ec.0006c0 850342b8 0000649 Blocked nt!IoRemoveIoCompletion+0x23
1ec.0006c4 850a3030 0000645 Blocked nt!IoRemoveIoCompletion+0x23
1ec.0006c8 850a3d48 000063e Blocked nt!IoRemoveIoCompletion+0x23
1ec.0006cc 850a3a60 00003cd Blocked nt!IoRemoveIoCompletion+0x23
1ec.0006d0 850a3778 00003cd Blocked nt!IoRemoveIoCompletion+0x23
1ec.0006d4 850a3490 00007e1 Blocked nt!IoRemoveIoCompletion+0x23
1ec.0006d8 84d35b78 00007e1 Blocked nt!IoRemoveIoCompletion+0x23
[84cdc860 lsass.exe]
208.000220 848f7b20 00008b5 Blocked nt!KiFastCallEntry+0x12a
208.000224 84d047a8 00001ac Blocked nt!ObpWaitForMultipleObjects+0x262
208.000228 84d044c0 00008e4 Blocked nt!IoRemoveIoCompletion+0x23
208.00022c 84cfb030 0000901 Blocked nt!IoRemoveIoCompletion+0x23
208.000234 84d103a0 0000294 Blocked nt!IoRemoveIoCompletion+0x23
208.000270 84d23378 00006a8 Blocked nt!IoRemoveIoCompletion+0x23
208.00033c 84d72a60 00000aa Blocked nt!IoRemoveIoCompletion+0x23
208.000394 84eed338 00008c2 Blocked nt!EtwpReceiveNotification+0xf4
208.000774 850cad48 00006b1 Blocked nt!KiFastCallEntry+0x12a
<OUTPUT SNIPPED>
There are other stitches for the !stacks command which you can explore. Since kernel threads are displayed for all processes running in the system to see the execution context of a process we need to shift to it. the post on processes here shows how one can do that.
The !stacks extension command is used to display the kernel stacks. Examples.
kd> !stacks 0
Proc.Thread .Thread Ticks ThreadState Blocker
[8273d640 Idle]
0.000000 8273d380 000029f RUNNING nt!KiIdleLoop+0xce
[839afbf8 System]
4.000058 83a314b8 0000b39 Blocked nt!MiModifiedPageWriter+0x39
4.000068 83a2d430 000000d Blocked nt!CcQueueLazyWriteScanThread+0x4a
4.000074 83a29308 0000367 Blocked nt!AlpcpReceiveMessagePort+0x245
4.000078 83a46a88 000000d Blocked nt!EtwpLogger+0xd0
4.000080 83a51020 000000d Blocked nt!EtwpLogger+0xd0
4.000084 83a5c788 000000d Blocked nt!EtwpLogger+0xd0
4.000088 83a5c1f0 000000d Blocked nt!EtwpLogger+0xd0
4.00008c 83aa41c8 00001fc Blocked nt!EtwpLogger+0xd0
4.000090 842a7280 000000d Blocked nt!EtwpLogger+0xd0
4.000094 842b2020 0000645 Blocked nt!EtwpLogger+0xd0
4.000098 842b65c8 0000b37 Blocked nt!WdipSemCheckTimeout+0x21d
4.00009c 839b5020 00008db Blocked ACPI!ACPIWorkerThread+0x47
4.0000a0 84308428 0000b33 Blocked ACPI!PciRootBusBiosMethodDispatcherOnResume+0x30
4.0000a4 842c8d48 000008d Blocked nt!EtwpLogger+0xd0
4.0000a8 839ec020 0000b31 Blocked vmbus!AwFinalizeWorkItem+0x4e
4.0000ac 839ecd48 0000b31 Blocked vmbus!AwFinalizeWorkItem+0x4e
4.0000b0 839eca70 000064b Blocked vmbus!AwFinalizeWorkItem+0x4e
4.0000b4 842d9648 0000b2f Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000b8 846e1250 0000b2f Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000bc 846e2020 0000b2f Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000c0 846e2cf8 0000b2f Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000c4 846e2a20 0000b2f Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000c8 846e2610 0000b2f Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000cc 846e3020 0000b2f Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000d0 846e3d48 0000b2f Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000d8 846e3570 0000b2f Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000dc 8474a7a8 0000acf Blocked Wdf01000!FxSystemThread::Thread+0xea
4.0000e0 84780020 0000a04 Blocked ndis!ndisThreadPoolTimerHandler+0xd9
4.0000e8 847806d0 000034d Blocked ndis!ndisCmWaitThread+0x5b
4.0000ec 847d4d48 000000d Blocked rdyboost!SMKM_STORE<SMD_TRAITS>::SmStWorker+0x64
4.0000f0 847bfd48 0000003 Blocked rdyboost!SmdRBMemoryWatchdogThread+0xc0
4.0000fc 84851020 0000a8c Blocked Wdf01000!FxSystemThread::Thread+0xea
4.000100 849a6718 00009f7 Blocked watchdog!SMgrGdiCalloutThread+0x35
4.000108 8490d020 00009f7 Blocked blbdrive!BlbIoWorkerThread+0x1e
4.00010c 84938bc8 0000290 Blocked nt!AlpcpReceiveMessagePort+0x245
4.000128 84871d48 0000002 Blocked VMBusVideoM!WorkerThreadRoutine+0xa9
4.0001a0 84c3ed48 0000645 Blocked nt!EtwpLogger+0xd0
4.0001b4 83a24368 00001db Blocked nt!IoRemoveIoCompletion+0x23
4.0002b0 84d53508 0000310 Blocked luafv!SynchronousFsControl+0x18f
4.00032c 84d75d48 0000901 Blocked nt!EtwpLogger+0xd0
4.000374 84db5930 00001c4 Blocked nt!EtwpLogger+0xd0
4.0003a0 84eecd48 00008d2 Blocked nt!EtwpLogger+0xd0
4.0003c8 84f04d48 00008ca Blocked nt!EtwpLogger+0xd0
4.0003cc 84f1ad48 00008c2 Blocked nt!EtwpLogger+0xd0
4.0003f0 84eeb338 00008bd Blocked csc!CscEnpEvictAutoThread+0x13e
4.0003f4 84eebce0 00008bd Blocked csc!CscEnpEvictAutoThread+0x13e
4.0004c4 84f69d48 000087a Blocked HTTP!UlpTimedWaitOnEvent+0x18
4.0004c8 84f69a70 000073a Blocked HTTP!UlpTimedWaitOnEvent+0x18
4.0004cc 84f69798 000077a Blocked HTTP!UlpScavengerThread+0x5e
4.00051c 84f7b228 00006a5 Blocked mpsdrv!AuditSuccessEvent+0x19b
4.0005f8 84863300 0000813 Blocked Wdf01000!FxSystemThread::Thread+0xea
4.000670 85079750 000028f Blocked srv2!SrvProcWorkerThread+0x113
4.000688 850d51d8 0000290 Blocked srv2!SrvProcWorkerThread+0x113
4.00068c 85084bc0 00007eb Blocked srv2!SrvProcWorkerThread+0x113
4.000758 84fa3020 00000f2 Blocked HTTP!UlpTimedWaitOnEvent+0x18
4.0008cc 8495faf8 000028f Blocked srv2!SrvProcWorkerThread+0x113
4.0008d0 8495f820 000029a Blocked srv2!SrvProcWorkerThread+0x113
[8490d9c8 smss.exe]
110.000158 84907d48 0000907 Blocked nt!IoRemoveIoCompletion+0x23
[84c3b030 csrss.exe]
168.000174 83a17ca0 00005da Blocked nt!AlpcpSignalAndWait+0x7b
168.000178 83a237c8 0000822 Blocked nt!ObpWaitForMultipleObjects+0x262
168.00017c 83a23d48 000003c Blocked nt!AlpcpReceiveMessagePort+0x245
168.00019c 84c3ad48 000009f Blocked nt!AlpcpReceiveMessagePort+0x245
168.0001fc 84cce030 0000070 Blocked nt!AlpcpReceiveMessagePort+0x245
[84bf2d40 wininit.exe]
18c.0001a8 84c45d48 000018b Blocked nt!ObpWaitForMultipleObjects+0x262
18c.0001ac 84c48d48 00001c6 Blocked nt!IoRemoveIoCompletion+0x23
18c.0001b0 848ff770 000018b Blocked nt!IoRemoveIoCompletion+0x23
18c.0001f8 84d0f4d8 0000908 Blocked nt!IoRemoveIoCompletion+0x23
18c.000230 84ceed48 000090b Blocked nt!IoRemoveIoCompletion+0x23
18c.0002e8 84d71b78 000090b Blocked nt!IoRemoveIoCompletion+0x23
[848a7d40 csrss.exe]
194.0001b8 8490a030 0000367 Blocked nt!AlpcpSignalAndWait+0x7b
194.0001bc 8490ad48 0000649 Blocked nt!ObpWaitForMultipleObjects+0x262
194.0001c0 84900268 00001d3 Blocked nt!AlpcpReceiveMessagePort+0x245
194.0001d8 84cc4d48 00001dc Blocked nt!AlpcpReceiveMessagePort+0x245
194.000204 84ccda60 0000001 Blocked win32k!xxxMsgWaitForMultipleObjects+0xe9
[84c54d40 winlogon.exe]
1c8.0001cc 84900a08 000031c Blocked nt!KiFastCallEntry+0x12a
1c8.0001dc 84cc8978 000069a Blocked nt!EtwpReceiveNotification+0xf4
1c8.0001e0 84cc8030 0000187 Blocked nt!ObpWaitForMultipleObjects+0x262
1c8.0001e4 84cc9d48 0000187 Blocked nt!IoRemoveIoCompletion+0x23
1c8.0001f4 84d0fa40 000031c Blocked nt!IoRemoveIoCompletion+0x23
1c8.000358 84dd94d0 00008df Blocked nt!IoRemoveIoCompletion+0x23
[84ccb408 services.exe]
1ec.000240 84cea478 000003c Blocked nt!ObpWaitForMultipleObjects+0x262
1ec.000244 84cf5030 00007e1 Blocked nt!IoRemoveIoCompletion+0x23
1ec.000248 84cf3418 00007e1 Blocked nt!IoRemoveIoCompletion+0x23
1ec.00024c 84cee030 000034d Blocked nt!ObpWaitForMultipleObjects+0x262
1ec.000254 84d1f030 00007df Blocked nt!IoRemoveIoCompletion+0x23
1ec.000258 84d1fd48 000018c Blocked nt!IoRemoveIoCompletion+0x23
1ec.00025c 84c3ba68 0000649 Blocked nt!IoRemoveIoCompletion+0x23
1ec.000260 84cef378 000092f Blocked nt!IoRemoveIoCompletion+0x23
1ec.000268 84d20030 00007e1 Blocked nt!IoRemoveIoCompletion+0x23
1ec.00026c 84d20d48 0000148 Blocked nt!IoRemoveIoCompletion+0x23
1ec.0002ac 84d4aaf8 000003c Blocked nt!IoRemoveIoCompletion+0x23
1ec.000468 84f3ec20 0000699 Blocked nt!EtwpReceiveNotification+0xf4
1ec.0004e0 842ad408 00007df Blocked nt!IoRemoveIoCompletion+0x23
1ec.0006bc 850345a0 00007df Blocked nt!IoRemoveIoCompletion+0x23
1ec.0006c0 850342b8 0000649 Blocked nt!IoRemoveIoCompletion+0x23
1ec.0006c4 850a3030 0000645 Blocked nt!IoRemoveIoCompletion+0x23
1ec.0006c8 850a3d48 000063e Blocked nt!IoRemoveIoCompletion+0x23
1ec.0006cc 850a3a60 00003cd Blocked nt!IoRemoveIoCompletion+0x23
1ec.0006d0 850a3778 00003cd Blocked nt!IoRemoveIoCompletion+0x23
1ec.0006d4 850a3490 00007e1 Blocked nt!IoRemoveIoCompletion+0x23
1ec.0006d8 84d35b78 00007e1 Blocked nt!IoRemoveIoCompletion+0x23
[84cdc860 lsass.exe]
208.000220 848f7b20 00008b5 Blocked nt!KiFastCallEntry+0x12a
208.000224 84d047a8 00001ac Blocked nt!ObpWaitForMultipleObjects+0x262
208.000228 84d044c0 00008e4 Blocked nt!IoRemoveIoCompletion+0x23
208.00022c 84cfb030 0000901 Blocked nt!IoRemoveIoCompletion+0x23
208.000234 84d103a0 0000294 Blocked nt!IoRemoveIoCompletion+0x23
208.000270 84d23378 00006a8 Blocked nt!IoRemoveIoCompletion+0x23
208.00033c 84d72a60 00000aa Blocked nt!IoRemoveIoCompletion+0x23
208.000394 84eed338 00008c2 Blocked nt!EtwpReceiveNotification+0xf4
208.000774 850cad48 00006b1 Blocked nt!KiFastCallEntry+0x12a
<OUTPUT SNIPPED>
There are other stitches for the !stacks command which you can explore. Since kernel threads are displayed for all processes running in the system to see the execution context of a process we need to shift to it. the post on processes here shows how one can do that.
No comments:
Post a Comment