调试笔记:LPC循环等待挂死
在XP SP2系统中,打开一个WORD文件时,WORD启动后便失去响应,而且无法杀掉这个进程。这种情况通常是挂在内核态了。
以下是使用Ctrl+ScrollLock触发蓝屏后,分析转储文件的概要信息。
观察WinWord进程的唯一线程,其情况如下:
kd> !THREAD 885eb468
THREAD 885eb468 Cid 11ac.106c Teb: 7ffde000 Win32Thread: e248a770 WAIT: (Executive) KernelMode Non-Alertable
885eb65c Semaphore Limit 0x1
Waiting for reply to LPC MessageId 0042b9fd:
Pending LPC Reply Message:
e4cee348: [e4cee348,e4cee348]
IRP List:
89645de0: (0006,0220) Flags: 00000884 Mdl: 00000000
Not impersonating
DeviceMap e2dc38f0
Owning Process 896c8020 Image: WINWORD.EXE
Attached Process N/A Image: N/A
Wait Start TickCount 15541648 Ticks: 256087 (0:01:06:41.359)
Context Switch Count 1142 LargeStack
UserTime 00:00:00.531
KernelTime 00:00:01.562
Win32 Start Address 0x300019f0
Start Address 0x7c810685
Stack Init ad570000 Current ad56efcc Base ad570000 Limit ad56a000 Call 0
Priority 10 BasePriority 8 PriorityDecrement 0 DecrementCount 16
ChildEBP RetAddr Args to Child
ad56efe4 8050049e 885eb4d8 885eb468 804f9cec nt!KiSwapContext+0x2e (FPO: [Uses EBP] [0,0,4])
ad56eff0 804f9cec 00000000 885eb468 e23790f8 nt!KiSwapThread+0x46 (FPO: [0,0,0])
ad56f018 805987fc 00000000 00000000 acd70d00 nt!KeWaitForSingleObject+0x1c2 (FPO: [Non-Fpo])
ad56f0d4 80598a2a ad56f300 ad56f224 ad56f22c nt!NtSecureConnectPort+0x662 (FPO: [Non-Fpo])
ad56f100 acd60ebc ad56f300 ad56f224 ad56f22c nt!NtConnectPort+0x24 (FPO: [Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be wrong.
ad56f154 8053cbc8 ad56f300 ad56f224 ad56f22c hidsys+0x12ebc
ad56f154 804fd80d ad56f300 ad56f224 ad56f22c nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ ad56f17c)
ad56f1ec ba5e9a05 ad56f300 ad56f224 ad56f22c nt!ZwConnectPort+0x11 (FPO: [8,0,0])
ad56f2dc ba5e3f54 ba5e5da0 00000001 ad56f300 KSecDD!CreateConnection+0xe5 (FPO: [Non-Fpo])
ad56f310 ba5e38da 00000001 ad56f320 00000000 KSecDD!CreateClient+0x90 (FPO: [Non-Fpo])
ad56f324 ba5e9044 ad56f430 ad56f340 e538b030 KSecDD!IsOkayToExec+0x2c (FPO: [Non-Fpo])
ad56f434 ba5ea4f1 ad56f688 ad56f44c ad56f45c KSecDD!SecpGetLogonSessionData+0x14 (FPO: [Non-Fpo])
ad56f444 acd54168 ad56f688 ad56f454 00000000 KSecDD!LsaGetLogonSessionData+0x11 (FPO: [Non-Fpo])
ad56f45c acd64d5f ad56f688 ad56f6b8 acd79004 hidsys+0x6168
ad56f6d4 acd6d393 8827a45c 00000004 00000000 hidsys+0x16d5f
ad56f6e8 acd6d939 8827a45c 0000002d ad56f700 hidsys!strcspn+0x58f3
ad56f708 acd77c96 8827a45c 8800c32b ad56f724 hidsys!strcspn+0x5e99
ad56f728 acd77bd4 8827a45c 87caacf4 ad56f79c hidsys!strcspn+0x101f6
ad56f75c acd772db ad56f79c 8827a45c ad56f798 hidsys!strcspn+0x10134
ad56f7cc acd77238 8827a45c 87ffe004 ad56f80c hidsys!strcspn+0xf83b
ad56f7e8 acd65113 886c53b4 ad56f80c 87ffe004 hidsys!strcspn+0xf798
ad56f830 acd59c62 886c53b4 ad56f8c0 ad560000 hidsys+0x17113
ad56f8a8 acd595e5 8ac8d318 89645de0 88df33b8 hidsys+0xbc62
ad56f8d8 804ee0ef 8ac8d318 89645de0 889fe438 hidsys+0xb5e5
ad56f8e8 ba5ff876 89645fdc 8ad115a8 89645de0 nt!IopfCallDriver+0x31 (FPO: [0,0,0])
ad56f934 804ee0ef 8ac8dc80 00000001 89646000 sr!SrCreate+0x150 (FPO: [Non-Fpo])
ad56f944 ade7381d 881b6064 881b6008 00000002 nt!IopfCallDriver+0x31 (FPO: [0,0,0])
ad56f96c ade645bb 89645de0 ad56fa20 89645de0 mfehidk!DEVICEDISPATCH::LowerDevicePassThrough+0x48
ad56f990 ade64c32 89645de0 01645fdc 889fe438 mfehidk+0x75bb
ad56fa28 ade72a57 889fe438 89645de0 ad56fa60 mfehidk+0x7c32
ad56fa38 ade72aa7 ad56fa48 8a596eb0 891bc888 mfehidk+0x15a57
ad56fa60 804ee0ef 891bc888 89645de0 89645de0 mfehidk!DEVICEDISPATCH::DispatchPassThrough+0x48
ad56fa70 805778d6 8accebf0 8969afd4 ad56fc18 nt!IopfCallDriver+0x31 (FPO: [0,0,0])
ad56fb50 805b3c2a 8accec08 00000000 8969af30 nt!IopParseDevice+0xa12 (FPO: [Non-Fpo])
ad56fbd8 805b010b 00000000 ad56fc18 00000040 nt!ObpLookupObjectName+0x56a (FPO: [Non-Fpo])
ad56fc2c 8056a613 00000000 00000000 00000001 nt!ObOpenObjectByName+0xeb (FPO: [Non-Fpo])
ad56fca8 8056af8a 001247d8 00100020 00124790 nt!IopCreateFile+0x407 (FPO: [Non-Fpo])
ad56fd04 8056e773 001247d8 00100020 00124790 nt!IoCreateFile+0x8e (FPO: [Non-Fpo])
ad56fd44 8053cbc8 001247d8 00100020 00124790 nt!NtOpenFile+0x27 (FPO: [Non-Fpo])
ad56fd44 7c90eb94 001247d8 00100020 00124790 nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ ad56fd64)
从栈顶的几个栈帧来看,这个线程在连接LPC端口,端口的名字是:
kd> dS ad56f224
ba5e98ec "\LsaAuthenticationPort"
这个端口可谓是系统中各种安全检查任务的咽喉,LSASS进程负责监听和维护这个端口,完成以下关键任务:
- 安全管理,包括Kerberos、NTLM支持
- 证书管理
- 用户帐号管理
- EFS (Encrypted File System)中密钥的加解密
那么这个线程是因为什么要连接LsaAuthenticationPort端口呢?中间两个没有符号的模块都是安全软件的驱动程序,它们应该是在执行所谓的On Access检查。是打开文件动作触发起来的。打开的文件是:
kd> dS ad56fc18
e4d58270 "\Device\HarddiskVolume1\PROGRA~1"
e4d582b0 "\COMMON~1\MICROS~1\VBA\VBA6\VBE6"
e4d582f0 ".DLL"
那么为什么这个连接LsaAuthenticationPort端口的操作“不动了”呢?
连接的过程中,请求者会向要连接的端口发送一条LPC_CONNECTION_REQUEST类型的消息。上面线程信息中以红色显示的应该就是这条信息的ID:
kd> !lpc message 0042b9fd
Searching message 42b9fd in threads ...
Client thread 885eb468 waiting a reply from 42b9fd
Searching thread 885eb468 in port rundown queues ...
Server connection port e2da1378 Name: LsaAuthenticationPort
Handles: 1 References: 144
Server process : 8a66c940 (lsass.exe)
Queue semaphore : 8aa0c978
Semaphore state 0 (0x0)
The message queue is empty
The LpcDataInfoChainHead queue is empty
Done.
之所以能看到这个信息,是因为NtSecureConnectPort函数将LPC消息的ID登记到了ETHREAD结构的LpcReplyMessageId字段中。
kd> dt _ETHREAD 885eb468 -y LpcR*
nt!_ETHREAD
+0x1c8 LpcReplyChain : _LIST_ENTRY [ 0x87c35bc8 - 0x884446a8 ]
+0x1f4 LpcReplySemaphore : _KSEMAPHORE
+0x208 LpcReplyMessage : 0xe4cee348
+0x228 LpcReceivedMessageId : 0x300019f0
+0x23c LpcReplyMessageId : 0x42b9fd
+0x250 LpcReceivedMsgIdValid : 0y0
每个LPC消息都由LPCP_MESSAGE结构开始:
kd> dt nt!_LPCP_MESSAGE 0xe4cee348 -r
+0x000 Entry : _LIST_ENTRY [ 0xe4cee348 - 0xe4cee348 ]
+0x000 Flink : 0xe4cee348 _LIST_ENTRY [ 0xe4cee348 - 0xe4cee348 ]
+0x000 Flink : 0xe4cee348 _LIST_ENTRY [ 0xe4cee348 - 0xe4cee348 ]
+0x004 Blink : 0xe4cee348 _LIST_ENTRY [ 0xe4cee348 - 0xe4cee348 ]
+0x004 Blink : 0xe4cee348 _LIST_ENTRY [ 0xe4cee348 - 0xe4cee348 ]
+0x000 Flink : 0xe4cee348 _LIST_ENTRY [ 0xe4cee348 - 0xe4cee348 ]
+0x004 Blink : 0xe4cee348 _LIST_ENTRY [ 0xe4cee348 - 0xe4cee348 ]
+0x000 FreeEntry : _SINGLE_LIST_ENTRY
+0x000 Next : 0xe4cee348 _SINGLE_LIST_ENTRY
+0x000 Next : 0xe4cee348 _SINGLE_LIST_ENTRY
+0x004 Reserved0 : 0xe4cee348
+0x008 SenderPort : 0xe33d6380
+0x00c RepliedToThread : (null)
+0x010 PortContext : 0x80030001
+0x018 Request : _PORT_MESSAGE
+0x000 u1 : __unnamed
+0x000 s1 : __unnamed
+0x000 Length : 0xec00bc
+0x004 u2 : __unnamed
+0x000 s2 : __unnamed
+0x000 ZeroInit : 0xa
+0x008 ClientId : _CLIENT_ID
+0x000 UniqueProcess : 0x000011ac
+0x004 UniqueThread : 0x0000106c
+0x008 DoNotUseThisField : 8.9208703074531578e-311
+0x010 MessageId : 0x42b9fd
+0x014 ClientViewSize : 0
+0x014 CallbackId : 0
现在看来,有可能是LSASS中出了什么问题,导致它不响应(回复)来自WinWORD的连接请求。LSASS是一个相对繁忙的进程,其中有很多个线程,列出LSASS进程中的各个线程:
!PROCESS 8a66c940 2
...
THREAD 88eed4b0 Cid 0558.12c0 Teb: 7ff98000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
88eed6a4 Semaphore Limit 0x1
THREAD 88d115e0 Cid 0558.1144 Teb: 7ff9e000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
88d117d4 Semaphore Limit 0x1
THREAD 88a4e2d0 Cid 0558.1394 Teb: 7ff9b000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
88a4e4c4 Semaphore Limit 0x1
THREAD 883b0020 Cid 0558.0300 Teb: 7ff94000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
883b0214 Semaphore Limit 0x1
THREAD 883e4020 Cid 0558.1210 Teb: 7ff93000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
883e4214 Semaphore Limit 0x1
THREAD 89521590 Cid 0558.14fc Teb: 7ff9c000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
89521784 Semaphore Limit 0x1
THREAD 8990eba8 Cid 0558.1384 Teb: 7ffdc000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
8990ed9c Semaphore Limit 0x1
THREAD 884f6a00 Cid 0558.08a0 Teb: 7ff92000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
884f6bf4 Semaphore Limit 0x1
THREAD 89032b40 Cid 0558.1488 Teb: 7ff90000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
89032d34 Semaphore Limit 0x1
THREAD 88eba020 Cid 0558.129c Teb: 7ff8f000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
88eba214 Semaphore Limit 0x1
THREAD 888de8f8 Cid 0558.0de8 Teb: 7ff8e000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
888deaec Semaphore Limit 0x1
THREAD 899189d0 Cid 0558.14e8 Teb: 7ff8a000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
89918bc4 Semaphore Limit 0x1
THREAD 8a5563d8 Cid 0558.09b0 Teb: 7ff87000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
8a5565cc Semaphore Limit 0x1
THREAD 8858f568 Cid 0558.1124 Teb: 7ff85000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
8858f75c Semaphore Limit 0x1
THREAD 88381da8 Cid 0558.1558 Teb: 7ff84000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
88381f9c Semaphore Limit 0x1
THREAD 88e30590 Cid 0558.1768 Teb: 7ff88000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
88e30784 Semaphore Limit 0x1
THREAD 8aa00520 Cid 0558.0d4c Teb: 7ff89000 Win32Thread: 00000000 WAIT: (WrLpcReceive) UserMode Non-Alertable
8aa0b308 Semaphore Limit 0x7fffffff
THREAD 8a4fa830 Cid 0558.1224 Teb: 7ff86000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
8a4faa24 Semaphore Limit 0x1
在以上列出的线程中,很多线程的等待原因都是WrLpcReply,也就是等待LPC的回复信息。这说明,LSASS进程中有很多进程在等待其它人回复它的LPC消息。这可能是导致它不回付WinWORD的原因。随便拿出一个处于WrLpcReply状态的LSASS线程,观察:
kd> !THREAD 888de8f8
THREAD 888de8f8 Cid 0558.0de8 Teb: 7ff8e000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
888deaec Semaphore Limit 0x1
Waiting for reply to LPC MessageId 003f3a15:
Current LPC port e27d34b0
Not impersonating
DeviceMap e10087c0
Owning Process 8a66c940 Image: lsass.exe
Attached Process N/A Image: N/A
Wait Start TickCount 15245181 Ticks: 552554 (0:02:23:53.656)
Context Switch Count 41
UserTime 00:00:00.000
KernelTime 00:00:00.000
Win32 Start Address 0x75738d13
Start Address 0x7c810679
Stack Init ada37000 Current ada36c50 Base ada37000 Limit ada34000 Call 0
Priority 10 BasePriority 9 PriorityDecrement 0 DecrementCount 0
Kernel stack not resident.
ChildEBP RetAddr Args to Child
ada36c68 8050049e 888de968 888de8f8 804f9cec nt!KiSwapContext+0x2e (FPO: [Uses EBP] [0,0,4])
ada36c74 804f9cec 888deaec 888deac0 888de8f8 nt!KiSwapThread+0x46 (FPO: [0,0,0])
ada36c9c 805977e9 00000001 00000011 01c9da01 nt!KeWaitForSingleObject+0x1c2 (FPO: [Non-Fpo])
ada36d50 8053cbc8 000003d0 01569da0 01569da0 nt!NtRequestWaitReplyPort+0x63d (FPO: [Non-Fpo])
ada36d50 7c90eb94 000003d0 01569da0 01569da0 nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ ada36d64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
01c9dc18 00000000 00000000 00000000 00000000 0x7c90eb94
可见,这个LSASS的线程果真是在等待ID为003f3a15的LPC消息得到回复。观察这个消息的详情:
kd> !lpc message 003f3a15
Searching message 3f3a15 in threads ...
Client thread 888de8f8 waiting a reply from 3f3a15
Searching thread 888de8f8 in port rundown queues ...
Server communication port 0xe265e968
Handles: 1 References: 1
The LpcDataInfoChainHead queue is empty
Connected port: 0xe27d34b0 Server connection port: 0xe2661ef0
Client communication port 0xe27d34b0
Handles: 1 References: 19
The LpcDataInfoChainHead queue is empty
Server connection port e2661ef0 Name: ntsvcs
Handles: 1 References: 432
Server process : 8a7f8da0 (services.exe)
Queue semaphore : 8aa06248
Semaphore state 263 (0x107)
Messages in queue:
0000 e5581b60 - Busy Id=0045b168 From: 0518.0194 Context=82ee0000 [e2661f00 . e11b5ea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 001b0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e11b5ea0 - Busy Id=0045b16b From: 0720.1078 Context=80630041 [e5581b60 . e1b3e358]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 0000ab01 000f0241 00000000 ac2aab01 00000000 8a7f8da0
0000 e1b3e358 - Busy Id=0045b17f From: 0720.05b8 Context=80630041 [e11b5ea0 . e40f3398]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e40f3398 - Busy Id=0045b192 From: 0720.1160 Context=80630041 [e1b3e358 . e2ea3a18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e2ea3a18 - Busy Id=0045b199 From: 075c.0f5c Context=805d0044 [e40f3398 . e482d540]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00006b01 000f0241 00000000 ac2a6b01 00000000 8a7f8da0
0000 e482d540 - Busy Id=0045b1af From: 0720.1050 Context=80630041 [e2ea3a18 . e5227820]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00005b01 000f0241 ae675b44 ade74eb0 895f3670 ae675b60
0000 e5227820 - Busy Id=0045b1c3 From: 0720.132c Context=80630041 [e482d540 . e4c3a698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00005b01 000f0241 ae675b44 ade74eb0 895f3670 ae675b60
0000 e4c3a698 - Busy Id=0045b1d9 From: 0720.02b8 Context=80630041 [e5227820 . e51d6a48]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 0000ab01 000f0241 00000000 ac2aab01 00000000 8a7f8da0
0000 e51d6a48 - Busy Id=0045b1f9 From: 0720.08cc Context=80630041 [e4c3a698 . e4af6698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 0000ab01 000f0241 00000000 ac2aab01 00000000 8a7f8da0
0000 e4af6698 - Busy Id=0045b20c From: 0720.14a8 Context=80630041 [e51d6a48 . e410f2e0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 0000ab01 000f0241 00000000 ac2aab01 00000000 8a7f8da0
0000 e410f2e0 - Busy Id=0045b21f From: 0720.0340 Context=80630041 [e4af6698 . e4046a18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00005b01 000f0241 ae675b44 ade74eb0 895f3670 ae675b60
0000 e4046a18 - Busy Id=0045b22e From: 0720.0e9c Context=80630041 [e410f2e0 . e3d18258]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00005b01 000f0241 ae675b44 ade74eb0 895f3670 ae675b60
0000 e3d18258 - Busy Id=0045b23f From: 0720.14b4 Context=80630041 [e4046a18 . e551fa18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e551fa18 - Busy Id=0045b240 From: 01cc.03ac Context=8020001a [e3d18258 . e3a73ea0]
Length=00e800d0 Type=00000001 (LPC_REQUEST)
Data: 00019b01 003b0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e3a73ea0 - Busy Id=0045b250 From: 0720.16bc Context=80630041 [e551fa18 . e22cdea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e22cdea0 - Busy Id=0045b25e From: 0720.07dc Context=80630041 [e3a73ea0 . e3baa008]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e3baa008 - Busy Id=0045b26e From: 0720.0e64 Context=80630041 [e22cdea0 . e4a1ea18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e4a1ea18 - Busy Id=0045b27c From: 0720.0ed0 Context=80630041 [e3baa008 . e4ed8b28]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00005b01 000f0241 ae675b44 ade74eb0 895f3670 ae675b60
0000 e4ed8b28 - Busy Id=0045b28b From: 0720.03fc Context=80630041 [e4a1ea18 . e1bde3e0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 0000ab01 000f0241 00000000 ac2aab01 00000000 8a7f8da0
0000 e1bde3e0 - Busy Id=0045b299 From: 0720.0468 Context=80630041 [e4ed8b28 . e4351ea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e4351ea0 - Busy Id=0045b2ac From: 0720.1428 Context=80630041 [e1bde3e0 . e4e37b98]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e4e37b98 - Busy Id=0045b2bb From: 0720.09ac Context=80630041 [e4351ea0 . e21fcea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00005b01 000f0241 ae675b44 ade74eb0 895f3670 ae675b60
0000 e21fcea0 - Busy Id=0045b2ce From: 0720.0eb0 Context=80630041 [e4e37b98 . e514f698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e514f698 - Busy Id=0045b2dc From: 0720.1088 Context=80630041 [e21fcea0 . e4c9ca18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e4c9ca18 - Busy Id=0045b2ef From: 0720.029c Context=80630041 [e514f698 . e4a668d0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e4a668d0 - Busy Id=0045b2ff From: 0720.11e0 Context=80630041 [e4c9ca18 . e4c4b5e0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00005b01 000f0241 ae675b44 ade74eb0 895f3670 ae675b60
0000 e4c4b5e0 - Busy Id=0045b30f From: 0720.0270 Context=80630041 [e4a668d0 . e4c831b0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e4c831b0 - Busy Id=0045b311 From: 1634.11bc Context=82ef003e [e4c4b5e0 . e1c45358]
Length=00600048 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000a0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e1c45358 - Busy Id=0045b323 From: 0720.0a2c Context=80630041 [e4c831b0 . e3bd3a78]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00005b01 000f0241 ae675b44 ade74eb0 895f3670 ae675b60
0000 e3bd3a78 - Busy Id=0045b334 From: 0720.0adc Context=80630041 [e1c45358 . e41a93f8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e41a93f8 - Busy Id=0045b347 From: 0164.0c00 Context=8011000d [e3bd3a78 . e3150a18]
Length=00680050 Type=00000001 (LPC_REQUEST)
Data: 00019b01 00060241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e3150a18 - Busy Id=0045b34f From: 0720.0970 Context=80630041 [e41a93f8 . e4d34a98]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e4d34a98 - Busy Id=0045b35d From: 0720.00f8 Context=80630041 [e3150a18 . e4853908]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00005b01 000f0241 ae675b44 ade74eb0 895f3670 ae675b60
0000 e4853908 - Busy Id=0045b370 From: 0720.0b1c Context=80630041 [e4d34a98 . e1fcaa18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00005b01 000f0241 ae675b44 ade74eb0 895f3670 ae675b60
0000 e1fcaa18 - Busy Id=0045b37e From: 0720.16d4 Context=80630041 [e4853908 . e234c740]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e234c740 - Busy Id=0045b394 From: 0720.16fc Context=80630041 [e1fcaa18 . e53344a8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e53344a8 - Busy Id=0045b3a8 From: 0720.11f8 Context=80630041 [e234c740 . e24b4280]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e24b4280 - Busy Id=0045b3bb From: 0720.123c Context=80630041 [e53344a8 . e4ffa390]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e4ffa390 - Busy Id=0045b3d5 From: 0720.0b24 Context=80630041 [e24b4280 . e316b528]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00005b01 000f0241 ae675b44 ade74eb0 895f3670 ae675b60
0000 e316b528 - Busy Id=0045b3e5 From: 0720.1748 Context=80630041 [e4ffa390 . e4e46828]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00006b01 000f0241 00000000 ac2a6b01 00000000 8a7f8da0
0000 e4e46828 - Busy Id=0045b3f3 From: 0720.157c Context=80630041 [e316b528 . e3dab5a0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e3dab5a0 - Busy Id=0045b407 From: 0720.1678 Context=80630041 [e4e46828 . e565f9e0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00006b01 000f0241 00000000 ac2a6b01 00000000 8a7f8da0
0000 e565f9e0 - Busy Id=0045b416 From: 0720.09d4 Context=80630041 [e3dab5a0 . e3e514d0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e3e514d0 - Busy Id=0045b424 From: 0720.1530 Context=80630041 [e565f9e0 . e3b27238]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e3b27238 - Busy Id=0045b432 From: 0720.0648 Context=80630041 [e3e514d0 . e3354178]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00006b01 000f0241 00000000 ac2a6b01 00000000 8a7f8da0
0000 e3354178 - Busy Id=0045b441 From: 0720.1294 Context=80630041 [e3b27238 . e4222008]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e4222008 - Busy Id=0045b44f From: 0720.1784 Context=80630041 [e3354178 . e50755e8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e50755e8 - Busy Id=0045b45d From: 0720.1378 Context=80630041 [e4222008 . e43fc350]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00006b01 000f0241 00000000 ac2a6b01 00000000 8a7f8da0
0000 e43fc350 - Busy Id=0045b46d From: 0720.124c Context=80630041 [e50755e8 . e48634f8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e48634f8 - Busy Id=0045b47b From: 0720.111c Context=80630041 [e43fc350 . e49e6db8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e49e6db8 - Busy Id=0045b489 From: 0720.0634 Context=80630041 [e48634f8 . e3e48880]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00006b01 000f0241 00000000 ac2a6b01 00000000 8a7f8da0
0000 e3e48880 - Busy Id=0045b49c From: 0720.1714 Context=80630041 [e49e6db8 . e3ea38e0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e3ea38e0 - Busy Id=0045b4af From: 0720.1654 Context=80630041 [e3e48880 . e5378a18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e5378a18 - Busy Id=0045b4c3 From: 0720.1190 Context=80630041 [e3ea38e0 . e424cea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00006b01 000f0241 00000000 ac2a6b01 00000000 8a7f8da0
0000 e424cea0 - Busy Id=0045b4d2 From: 0720.0c44 Context=80630041 [e5378a18 . e4b9b530]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e4b9b530 - Busy Id=0045b4e0 From: 0720.0dcc Context=80630041 [e424cea0 . e4b94690]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e4b94690 - Busy Id=0045b4f3 From: 0720.16ac Context=80630041 [e4b9b530 . e4a75ea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 0000ab01 000f0241 00000000 ac2aab01 00000000 8a7f8da0
0000 e4a75ea0 - Busy Id=0045b502 From: 0720.11e8 Context=80630041 [e4b94690 . e4357698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 0000ab01 000f0241 00000000 ac2aab01 00000000 8a7f8da0
0000 e4357698 - Busy Id=0045b512 From: 0720.1008 Context=80630041 [e4a75ea0 . e480e388]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 0000ab01 000f0241 00000000 ac2aab01 00000000 8a7f8da0
0000 e480e388 - Busy Id=0045b521 From: 0720.0964 Context=80630041 [e4357698 . e489ca98]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e489ca98 - Busy Id=0045b52f From: 0720.0bb4 Context=80630041 [e480e388 . e4b2c548]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e4b2c548 - Busy Id=0045b537 From: 0164.15cc Context=8011000d [e489ca98 . e1baec60]
Length=00880070 Type=00000001 (LPC_REQUEST)
Data: 00002b01 00080241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e1baec60 - Busy Id=0045b53f From: 0720.12ec Context=80630041 [e4b2c548 . e39f8ea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e39f8ea0 - Busy Id=0045b54d From: 0720.07e0 Context=80630041 [e1baec60 . e3139430]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e3139430 - Busy Id=0045b55b From: 0720.14c8 Context=80630041 [e39f8ea0 . e416aea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e416aea0 - Busy Id=0045b569 From: 0720.15fc Context=80630041 [e3139430 . e1c55a18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00006b01 000f0241 00000000 ac2a6b01 00000000 8a7f8da0
0000 e1c55a18 - Busy Id=0045b580 From: 0720.040c Context=80630041 [e416aea0 . e3c5a008]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e3c5a008 - Busy Id=0045b593 From: 0720.07cc Context=80630041 [e1c55a18 . e3e8ea18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e3e8ea18 - Busy Id=0045b5a6 From: 0720.0cfc Context=80630041 [e3c5a008 . e1083008]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00006b01 000f0241 00000000 ac2a6b01 00000000 8a7f8da0
0000 e1083008 - Busy Id=0045b5b7 From: 0720.1150 Context=80630041 [e3e8ea18 . e52cb538]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e52cb538 - Busy Id=0045b5cb From: 0720.0258 Context=80630041 [e1083008 . e5212ea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e5212ea0 - Busy Id=0045b5d9 From: 0720.13b4 Context=80630041 [e52cb538 . e4b82a18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00006b01 000f0241 00000000 ac2a6b01 00000000 8a7f8da0
0000 e4b82a18 - Busy Id=0045b5e8 From: 0720.1524 Context=80630041 [e5212ea0 . e4b92508]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e4b92508 - Busy Id=0045b5f6 From: 0720.11c4 Context=80630041 [e4b82a18 . e4eebea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e4eebea0 - Busy Id=0045b604 From: 0720.0b28 Context=80630041 [e4b92508 . e1b822f8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00006b01 000f0241 00000000 ac2a6b01 00000000 8a7f8da0
0000 e1b822f8 - Busy Id=0045b613 From: 0720.0f00 Context=80630041 [e4eebea0 . e3fff4d8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e3fff4d8 - Busy Id=0045b621 From: 0720.0e58 Context=80630041 [e1b822f8 . e544ca18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e544ca18 - Busy Id=0045b63b From: 0720.0704 Context=80630041 [e3fff4d8 . e3e035d8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e3e035d8 - Busy Id=0045b668 From: 0720.09c0 Context=80630041 [e544ca18 . e4ceba18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e4ceba18 - Busy Id=0045b682 From: 0720.073c Context=80630041 [e3e035d8 . e4d484d8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00006b01 000f0241 00000000 ac2a6b01 00000000 8a7f8da0
0000 e4d484d8 - Busy Id=0045b690 From: 0720.12bc Context=80630041 [e4ceba18 . e54f5a28]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e54f5a28 - Busy Id=0045b74e From: 0720.1148 Context=80630041 [e4d484d8 . e2379b78]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e2379b78 - Busy Id=0045b78c From: 0720.1680 Context=80630041 [e54f5a28 . e4071a18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00006b01 000f0241 00000000 ac2a6b01 00000000 8a7f8da0
0000 e4071a18 - Busy Id=0045b7d5 From: 0720.0eb8 Context=80630041 [e2379b78 . e50644f0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e50644f0 - Busy Id=0045b7ee From: 0720.0554 Context=80630041 [e4071a18 . e50b35b0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e50b35b0 - Busy Id=0045b7fc From: 0720.17c4 Context=80630041 [e50644f0 . e5724a18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00006b01 000f0241 00000000 ac2a6b01 00000000 8a7f8da0
0000 e5724a18 - Busy Id=0045b816 From: 0720.1140 Context=80630041 [e50b35b0 . e3f64698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e3f64698 - Busy Id=0045b829 From: 0720.0e40 Context=80630041 [e5724a18 . e38d77b0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e38d77b0 - Busy Id=0045b837 From: 0720.04c0 Context=80630041 [e3f64698 . e4b48008]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00005b01 000f0241 ae675b44 ade74eb0 895f3670 ae675b60
0000 e4b48008 - Busy Id=0045b848 From: 0720.1450 Context=80630041 [e38d77b0 . e55024a0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00005b01 000f0241 ae675b44 ade74eb0 895f3670 ae675b60
0000 e55024a0 - Busy Id=0045b85c From: 0720.17e0 Context=80630041 [e4b48008 . e24577b8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 0000ab01 000f0241 00000000 ac2aab01 00000000 8a7f8da0
0000 e24577b8 - Busy Id=0045b870 From: 0720.14d0 Context=80630041 [e55024a0 . e5236a20]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 0000ab01 000f0241 00000000 ac2aab01 00000000 8a7f8da0
0000 e5236a20 - Busy Id=0045b87f From: 0720.0cec Context=80630041 [e24577b8 . e4c71ea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 0000ab01 000f0241 00000000 ac2aab01 00000000 8a7f8da0
0000 e4c71ea0 - Busy Id=0045b88d From: 0720.13d8 Context=80630041 [e5236a20 . e4e55da0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00002b01 000f0241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e4e55da0 - Busy Id=0045b89b From: 0720.0db4 Context=80630041 [e4c71ea0 . e38ead18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00005b01 000f0241 ae675b44 ade74eb0 895f3670 ae675b60
0000 e38ead18 - Busy Id=0045b8b1 From: 0720.1430 Context=80630041 [e4e55da0 . e233da98]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00005b01 000f0241 ae675b44 ade74eb0 895f3670 ae675b60
0000 e233da98 - Busy Id=0045b8c5 From: 0720.1214 Context=80630041 [e38ead18 . e1ffc550]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 0000ab01 000f0241 00000000 ac2aab01 00000000 8a7f8da0
0000 e1ffc550 - Busy Id=0045b8d4 From: 0720.0ed4 Context=80630041 [e233da98 . e4a646b0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 0000ab01 000f0241 00000000 ac2aab01 00000000 8a7f8da0
0000 e4a646b0 - Busy Id=0045b8e7 From: 0720.1320 Context=80630041 [e1ffc550 . e359ca98]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e359ca98 - Busy Id=0045b8f7 From: 0720.0814 Context=80630041 [e4a646b0 . e4d5f608]
Length=00700058 Type=00000001 (LPC_REQUEST)
Data: 00002b01 00000241 acbe2b44 ade74eb0 895f3670 acbe2b60
0000 e4d5f608 - Busy Id=0045b8f8 From: 0720.0680 Context=80630041 [e359ca98 . e3567870]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3567870 - Busy Id=0045b90c From: 0720.1640 Context=80630041 [e4d5f608 . e4c7bea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00001000 00000001
0000 e4c7bea0 - Busy Id=0045b91a From: 0720.0978 Context=80630041 [e3567870 . e499e2b8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00001000 00000001
0000 e499e2b8 - Busy Id=0045b929 From: 0720.0140 Context=80630041 [e4c7bea0 . e4cb6550]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00001000 00000001
0000 e4cb6550 - Busy Id=0045b943 From: 0720.1004 Context=80630041 [e499e2b8 . e48cf8e8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00001000 00000001
0000 e48cf8e8 - Busy Id=0045b957 From: 0720.026c Context=80630041 [e4cb6550 . e493b358]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00001000 00000001
0000 e493b358 - Busy Id=0045b966 From: 0720.16c0 Context=80630041 [e48cf8e8 . e49796a8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00001000 00000001
0000 e49796a8 - Busy Id=0045b98b From: 0720.06f4 Context=80630041 [e493b358 . e23186b0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00001000 00000001
0000 e23186b0 - Busy Id=0045b999 From: 0720.0130 Context=80630041 [e49796a8 . e24ad938]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00001000 00000001
0000 e24ad938 - Busy Id=0045b9a7 From: 0720.140c Context=80630041 [e23186b0 . e481b5d8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00001000 00000001
0000 e481b5d8 - Busy Id=0045b9b8 From: 0720.0808 Context=80630041 [e24ad938 . e4bc0418]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00001000 00000001
0000 e4bc0418 - Busy Id=0045b9c6 From: 0720.17dc Context=80630041 [e481b5d8 . e358f990]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00001000 00000001
0000 e358f990 - Busy Id=0045b9d4 From: 0720.0a18 Context=80630041 [e4bc0418 . e4c616c0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00001000 00000001
0000 e4c616c0 - Busy Id=0045b9e2 From: 0720.03e0 Context=80630041 [e358f990 . e4a33a20]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4a33a20 - Busy Id=0045b9f5 From: 0720.11b4 Context=80630041 [e4c616c0 . e3c4f620]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3c4f620 - Busy Id=0045ba03 From: 0720.1170 Context=80630041 [e4a33a20 . e50b46c8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e50b46c8 - Busy Id=0045ba11 From: 0720.0160 Context=80630041 [e3c4f620 . e385cea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000003 00000000 00000000 00000000
0000 e385cea0 - Busy Id=0045ba24 From: 0720.081c Context=80630041 [e50b46c8 . e50fa570]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000003 00000000 00000000 00000000
0000 e50fa570 - Busy Id=0045ba34 From: 0720.1200 Context=80630041 [e385cea0 . e4faeea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4faeea0 - Busy Id=0045ba45 From: 0720.0f4c Context=80630041 [e50fa570 . e50b9008]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000003 00000000 00000000 00000000
0000 e50b9008 - Busy Id=0045ba57 From: 0720.1130 Context=80630041 [e4faeea0 . e3588a98]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000003 00000000 00000000 00000000
0000 e3588a98 - Busy Id=0045ba69 From: 0720.1120 Context=80630041 [e50b9008 . e3e4ba18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3e4ba18 - Busy Id=0045ba78 From: 0720.11c8 Context=80630041 [e3588a98 . e3c7c620]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000003 00000001 00000000 00000000
0000 e3c7c620 - Busy Id=0045ba92 From: 0720.04ac Context=80630041 [e3e4ba18 . e1b84a98]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e1b84a98 - Busy Id=0045baa5 From: 0720.1128 Context=80630041 [e3c7c620 . e4890498]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4890498 - Busy Id=0045bab3 From: 0720.1648 Context=80630041 [e1b84a98 . e4cfd4e8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00050023 01080098
0000 e4cfd4e8 - Busy Id=0045bac2 From: 0720.0ea0 Context=80630041 [e4890498 . e4fffa30]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4fffa30 - Busy Id=0045bad6 From: 0720.0550 Context=80630041 [e4cfd4e8 . e4222600]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 001402f8 001402f8 00000000 6d69a4d3
0000 e4222600 - Busy Id=0045bae4 From: 0720.1458 Context=80630041 [e4fffa30 . e533a4d8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e533a4d8 - Busy Id=0045baf8 From: 0720.0320 Context=80630041 [e4222600 . e5281af0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e5281af0 - Busy Id=0045bb08 From: 0720.06f0 Context=80630041 [e533a4d8 . e5335a18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e5335a18 - Busy Id=0045bb17 From: 0720.0310 Context=80630041 [e5281af0 . e381d768]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e381d768 - Busy Id=0045bb25 From: 0720.1338 Context=80630041 [e5335a18 . e512d2f8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e512d2f8 - Busy Id=0045bb33 From: 0720.00e4 Context=80630041 [e381d768 . e3148698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3148698 - Busy Id=0045bb4a From: 0720.1500 Context=80630041 [e512d2f8 . e400daf0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e400daf0 - Busy Id=0045bb58 From: 0720.0fc4 Context=80630041 [e3148698 . e5304548]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e5304548 - Busy Id=0045bb70 From: 0720.0b34 Context=80630041 [e400daf0 . e3e519a0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3e519a0 - Busy Id=0045bb7f From: 0720.0ad8 Context=80630041 [e5304548 . e27f7560]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e27f7560 - Busy Id=0045bc0c From: 0720.1774 Context=80630041 [e3e519a0 . e3278910]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3278910 - Busy Id=0045bc24 From: 0720.11d8 Context=80630041 [e27f7560 . e49de4d0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e49de4d0 - Busy Id=0045bc35 From: 0720.17c8 Context=80630041 [e3278910 . e3ce74e8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3ce74e8 - Busy Id=0045bc43 From: 0720.12a0 Context=80630041 [e49de4d0 . e5365698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e5365698 - Busy Id=0045bc51 From: 0720.0ccc Context=80630041 [e3ce74e8 . e36b48d8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e36b48d8 - Busy Id=0045bc5f From: 0720.01ac Context=80630041 [e5365698 . e2323698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e2323698 - Busy Id=0045bc76 From: 0720.15ac Context=80630041 [e36b48d8 . e4ce7570]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4ce7570 - Busy Id=0045bc8a From: 0720.179c Context=80630041 [e2323698 . e4c3b6b8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4c3b6b8 - Busy Id=0045bc99 From: 0720.1074 Context=80630041 [e4ce7570 . e429fc98]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e429fc98 - Busy Id=0045bd09 From: 0720.10c8 Context=80630041 [e4c3b6b8 . e41f5840]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e41f5840 - Busy Id=0045bd18 From: 0720.015c Context=80630041 [e429fc98 . e51ceea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e51ceea0 - Busy Id=0045bd26 From: 0720.0bd4 Context=80630041 [e41f5840 . e55ca670]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e55ca670 - Busy Id=0045bd3b From: 0720.1610 Context=80630041 [e51ceea0 . e4831a18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4831a18 - Busy Id=0045bd4d From: 0720.0884 Context=80630041 [e55ca670 . e3f1c2d0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3f1c2d0 - Busy Id=0045bd5b From: 0720.1770 Context=80630041 [e4831a18 . e55328d8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e55328d8 - Busy Id=0045bd6e From: 0720.0f84 Context=80630041 [e3f1c2d0 . e50c0008]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e50c0008 - Busy Id=0045bd82 From: 0720.0db0 Context=80630041 [e55328d8 . e51e6698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e51e6698 - Busy Id=0045bd96 From: 0720.1310 Context=80630041 [e50c0008 . e508dc00]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e508dc00 - Busy Id=0045bda4 From: 0720.10f8 Context=80630041 [e51e6698 . e551c698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e551c698 - Busy Id=0045bdb3 From: 0720.0bc8 Context=80630041 [e508dc00 . e4efe698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4efe698 - Busy Id=0045bdc2 From: 0720.1064 Context=80630041 [e551c698 . e5494008]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e5494008 - Busy Id=0045bddb From: 0720.09b4 Context=80630041 [e4efe698 . e1cf78d0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e1cf78d0 - Busy Id=0045bdec From: 0720.1704 Context=80630041 [e5494008 . e311c538]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e311c538 - Busy Id=0045bdfb From: 0720.1804 Context=80630041 [e1cf78d0 . e4b8baf0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4b8baf0 - Busy Id=0045be0c From: 0720.1808 Context=80630041 [e311c538 . e2330570]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e2330570 - Busy Id=0045be1a From: 0720.180c Context=80630041 [e4b8baf0 . e1a8fea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e1a8fea0 - Busy Id=0045be3b From: 0720.1814 Context=80630041 [e2330570 . e5733698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e5733698 - Busy Id=0045be49 From: 0720.1818 Context=80630041 [e1a8fea0 . e4e1a418]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4e1a418 - Busy Id=0045be60 From: 0720.181c Context=80630041 [e5733698 . e23efa18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e23efa18 - Busy Id=0045be6f From: 0720.1820 Context=80630041 [e4e1a418 . e4f37ea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4f37ea0 - Busy Id=0045be82 From: 0720.1828 Context=80630041 [e23efa18 . e4111ea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4111ea0 - Busy Id=0045be92 From: 0720.182c Context=80630041 [e4f37ea0 . e244c6d8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000201 000f0241 00000000 00000000 00000000 00000000
0000 e244c6d8 - Busy Id=0045bea2 From: 0720.1830 Context=80630041 [e4111ea0 . e3d2ea18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3d2ea18 - Busy Id=0045beb0 From: 0720.1834 Context=80630041 [e244c6d8 . e5732578]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e5732578 - Busy Id=0045bf45 From: 0720.1860 Context=80630041 [e3d2ea18 . e22f1698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e22f1698 - Busy Id=0045bfba From: 0720.1864 Context=80630041 [e5732578 . e3c90528]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3c90528 - Busy Id=0045bfdc From: 0720.1868 Context=80630041 [e22f1698 . e3c903c0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3c903c0 - Busy Id=0045bfef From: 0720.186c Context=80630041 [e3c90528 . e432cea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e432cea0 - Busy Id=0045c002 From: 0720.1870 Context=80630041 [e3c903c0 . e5692550]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e5692550 - Busy Id=0045c011 From: 0720.1874 Context=80630041 [e432cea0 . e3bfb0b0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3bfb0b0 - Busy Id=0045c01f From: 0720.1878 Context=80630041 [e5692550 . e1cb4ea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e1cb4ea0 - Busy Id=0045c038 From: 0720.187c Context=80630041 [e3bfb0b0 . e5207b60]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e5207b60 - Busy Id=0045c055 From: 0720.1880 Context=80630041 [e1cb4ea0 . e1ca0698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e1ca0698 - Busy Id=0045c064 From: 0720.1884 Context=80630041 [e5207b60 . e4a31598]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4a31598 - Busy Id=0045c077 From: 0720.1888 Context=80630041 [e1ca0698 . e4285c98]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4285c98 - Busy Id=0045c09b From: 0720.188c Context=80630041 [e4a31598 . e4b48a78]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4b48a78 - Busy Id=0045c0b0 From: 0720.189c Context=80630041 [e4285c98 . e3eedea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3eedea0 - Busy Id=0045c0ca From: 0720.18a0 Context=80630041 [e4b48a78 . e52de4d8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e52de4d8 - Busy Id=0045c10d From: 0720.18b0 Context=80630041 [e3eedea0 . e2468c00]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e2468c00 - Busy Id=0045c122 From: 0720.18b4 Context=80630041 [e52de4d8 . e5486460]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e5486460 - Busy Id=0045c138 From: 0720.18b8 Context=80630041 [e2468c00 . e432b698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e432b698 - Busy Id=0045c151 From: 0720.18bc Context=80630041 [e5486460 . e2265718]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e2265718 - Busy Id=0045c161 From: 0720.18c0 Context=80630041 [e432b698 . e4eaf558]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4eaf558 - Busy Id=0045c175 From: 0720.18c4 Context=80630041 [e2265718 . e3d1a5b8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3d1a5b8 - Busy Id=0045c186 From: 0720.18c8 Context=80630041 [e4eaf558 . e51e9ea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e51e9ea0 - Busy Id=0045c19b From: 0720.18cc Context=80630041 [e3d1a5b8 . e508d370]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e508d370 - Busy Id=0045c1a9 From: 0720.18d0 Context=80630041 [e51e9ea0 . e4b31af0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4b31af0 - Busy Id=0045c1b8 From: 0720.18d8 Context=80630041 [e508d370 . e52c5b60]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e52c5b60 - Busy Id=0045c1cd From: 0720.18dc Context=80630041 [e4b31af0 . e4bf1560]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4bf1560 - Busy Id=0045c1db From: 0720.18e0 Context=80630041 [e52c5b60 . e33f1aa0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e33f1aa0 - Busy Id=0045c439 From: 0720.190c Context=80630041 [e4bf1560 . e51fd5e0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e51fd5e0 - Busy Id=0045c448 From: 0720.1910 Context=80630041 [e33f1aa0 . e4dcc8c8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4dcc8c8 - Busy Id=0045c457 From: 0720.1914 Context=80630041 [e51fd5e0 . e4e3baf0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4e3baf0 - Busy Id=0045c468 From: 0720.1918 Context=80630041 [e4dcc8c8 . e2521658]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e2521658 - Busy Id=0045c476 From: 0720.191c Context=80630041 [e4e3baf0 . e3de4ea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3de4ea0 - Busy Id=0045c484 From: 0720.1920 Context=80630041 [e2521658 . e50bfea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e50bfea0 - Busy Id=0045c4a3 From: 0720.1928 Context=80630041 [e3de4ea0 . e3fcaaf0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3fcaaf0 - Busy Id=0045c4b1 From: 0720.192c Context=80630041 [e50bfea0 . e22ac698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e22ac698 - Busy Id=0045c4bf From: 0720.1930 Context=80630041 [e3fcaaf0 . e5621570]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e5621570 - Busy Id=0045c4e5 From: 0720.1938 Context=80630041 [e22ac698 . e10b69a8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e10b69a8 - Busy Id=0045c4f3 From: 0720.193c Context=80630041 [e5621570 . e41ac528]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e41ac528 - Busy Id=0045c500 From: 0720.1940 Context=80630041 [e10b69a8 . e1c46a30]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e1c46a30 - Busy Id=0045c512 From: 0720.1944 Context=80630041 [e41ac528 . e4aed578]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4aed578 - Busy Id=0045c522 From: 0720.1948 Context=80630041 [e1c46a30 . e416c4a8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e416c4a8 - Busy Id=0045c530 From: 0720.194c Context=80630041 [e4aed578 . e43d2698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e43d2698 - Busy Id=0045c53f From: 0720.1950 Context=80630041 [e416c4a8 . e50c0618]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e50c0618 - Busy Id=0045c54d From: 0720.1954 Context=80630041 [e43d2698 . e233b698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e233b698 - Busy Id=0045c55a From: 0720.1958 Context=80630041 [e50c0618 . e3661a98]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3661a98 - Busy Id=0045c568 From: 0720.195c Context=80630041 [e233b698 . e495bd88]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e495bd88 - Busy Id=0045c578 From: 0720.1960 Context=80630041 [e3661a98 . e2e77ea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e2e77ea0 - Busy Id=0045c58f From: 0720.1964 Context=80630041 [e495bd88 . e3550a18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3550a18 - Busy Id=0045c59f From: 0720.1968 Context=80630041 [e2e77ea0 . e36c8a98]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e36c8a98 - Busy Id=0045c5c0 From: 0720.196c Context=80630041 [e3550a18 . e50de598]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e50de598 - Busy Id=0045c5d6 From: 0720.1970 Context=80630041 [e36c8a98 . e56614a0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e56614a0 - Busy Id=0045c5e4 From: 0720.1974 Context=80630041 [e50de598 . e5539008]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e5539008 - Busy Id=0045c5f8 From: 0720.1978 Context=80630041 [e56614a0 . e3e04008]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3e04008 - Busy Id=0045c60a From: 0720.197c Context=80630041 [e5539008 . e22ac530]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e22ac530 - Busy Id=0045c61e From: 0720.1980 Context=80630041 [e3e04008 . e5366b60]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e5366b60 - Busy Id=0045c630 From: 0720.1994 Context=80630041 [e22ac530 . e381f590]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e381f590 - Busy Id=0045c63f From: 0720.1998 Context=80630041 [e5366b60 . e4e76a18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4e76a18 - Busy Id=0045c65d From: 0720.19a0 Context=80630041 [e381f590 . e4eb04e0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4eb04e0 - Busy Id=0045c66d From: 0720.19a4 Context=80630041 [e4e76a18 . e380ea18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e380ea18 - Busy Id=0045c681 From: 0720.19a8 Context=80630041 [e4eb04e0 . e4c1a540]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4c1a540 - Busy Id=0045c699 From: 0720.19ac Context=80630041 [e380ea18 . e3e9a698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3e9a698 - Busy Id=0045c6c0 From: 0720.19b0 Context=80630041 [e4c1a540 . e3d03938]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3d03938 - Busy Id=0045c6de From: 0720.19b8 Context=80630041 [e3e9a698 . e4ffaea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4ffaea0 - Busy Id=0045c707 From: 0720.19c0 Context=80630041 [e3d03938 . e510e660]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e510e660 - Busy Id=0045c71a From: 0720.19c4 Context=80630041 [e4ffaea0 . e2431a18]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e2431a18 - Busy Id=0045c72d From: 0720.19c8 Context=80630041 [e510e660 . e4b52590]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4b52590 - Busy Id=0045c73c From: 0720.19cc Context=80630041 [e2431a18 . e4c9daf0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4c9daf0 - Busy Id=0045c74f From: 0720.19d0 Context=80630041 [e4b52590 . e400a718]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e400a718 - Busy Id=0045c762 From: 0720.19d4 Context=80630041 [e4c9daf0 . e41d7810]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 0000bd01 000f0241 0144bdc4 01449650 0144bdfc 0144d93c
0000 e41d7810 - Busy Id=0045c772 From: 0720.19d8 Context=80630041 [e400a718 . e25137d8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e25137d8 - Busy Id=0045c781 From: 0720.19dc Context=80630041 [e41d7810 . e26ddb60]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e26ddb60 - Busy Id=0045c794 From: 0720.19e0 Context=80630041 [e25137d8 . e4b52428]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4b52428 - Busy Id=0045c7a2 From: 0720.19e4 Context=80630041 [e26ddb60 . e41d74d8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e41d74d8 - Busy Id=0045c7b1 From: 0720.19e8 Context=80630041 [e4b52428 . e43efaf0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e43efaf0 - Busy Id=0045c7bf From: 0720.19ec Context=80630041 [e41d74d8 . e43bc4d8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e43bc4d8 - Busy Id=0045c7d5 From: 0720.18f0 Context=80630041 [e43efaf0 . e4f2b598]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4f2b598 - Busy Id=0045c7e5 From: 0720.18f4 Context=80630041 [e43bc4d8 . e50de430]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e50de430 - Busy Id=0045c7f6 From: 0720.18f8 Context=80630041 [e4f2b598 . e12ad950]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e12ad950 - Busy Id=0045c80d From: 0720.18e4 Context=80630041 [e50de430 . e4cc4008]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4cc4008 - Busy Id=0045c81d From: 0720.1908 Context=80630041 [e12ad950 . e56b2ea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e56b2ea0 - Busy Id=0045c82d From: 0720.1618 Context=80630041 [e4cc4008 . e4b618d8]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e4b618d8 - Busy Id=0045c83b From: 0720.0a8c Context=80630041 [e56b2ea0 . e3d6f948]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e3d6f948 - Busy Id=0045c84f From: 0720.1984 Context=80630041 [e4b618d8 . e53d6900]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e53d6900 - Busy Id=0045c863 From: 0720.199c Context=80630041 [e3d6f948 . e23cc698]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00000001 000f0241 00000000 00000000 00000000 00000000
0000 e23cc698 - Busy Id=0045cce9 From: 04f4.09c4 Context=83080049 [e53d6900 . e5464418]
Length=00200008 Type=00000005 (LPC_PORT_CLOSED)
Data: 39871c70 01c989bd
0000 e5464418 - Busy Id=0045cd6a From: 139c.0ed8 Context=82d20020 [e23cc698 . e3ea1698]
Length=0094007c Type=00000001 (LPC_REQUEST)
Data: 00001901 00080241 7c97c080 00090280 000bae60 000000d8
0000 e3ea1698 - Busy Id=0045cd91 From: 0820.1a10 Context=00000139 [e5464418 . e3d6e470]
Length=011800e8 Type=0000000a (LPC_CONNECTION_REQUEST)
Data: 00000000 00000000 00000000 00000000 00000000 00000000
0000 e3d6e470 - Busy Id=0045d01e From: 0164.0f54 Context=800d0009 [e3ea1698 . e5743ea0]
Length=00480030 Type=00000001 (LPC_REQUEST)
Data: 00009b01 000f0241 ae579b44 ade74eb0 895f3670 ae579b60
0000 e5743ea0 - Busy Id=0045d049 From: 02a8.12d0 Context=8024000f [e3d6e470 . e540c358]
Length=007c0064 Type=00000001 (LPC_REQUEST)
Data: 0000ef01 001c0241 8a695ba8 7ff91000 adfa2b90 c0601ff8
0000 e540c358 - Busy Id=0045d96b From: 1c1c.1c20 Context=802b0007 [e5743ea0 . e1b84930]
Length=011800e8 Type=0000000a (LPC_CONNECTION_REQUEST)
Data: 00000000 00000000 00000000 00000000 00000000 00000000
0000 e1b84930 - Busy Id=0045e6b0 From: 1c8c.1c90 Context=80030001 [e540c358 . e2661f00]
Length=011800e8 Type=0000000a (LPC_CONNECTION_REQUEST)
Data: 00000000 00000000 00000000 00000000 00000000 00000000
The message queue contains 262 messages
Messages in LpcDataInfoChainHead:
0000 e430c3e0 - Busy Id=003270dc From: 0558.12c0 Context=80080005 [e2661f70 . e4d87650]
Length=0044002c Type=00380001 (LPC_REQUEST)
Data: 00000001 000b0242 7c97c080 00090250 00091fa8 000000d8
0000 e4d87650 - Busy Id=0032717c From: 0558.1144 Context=80080005 [e430c3e0 . e1d98008]
Length=0044002c Type=00380001 (LPC_REQUEST)
Data: 00000001 000b0242 4fcf7a97 ff6972b6 7d8b9c42 00000001
0000 e1d98008 - Busy Id=00328ac6 From: 0558.1394 Context=80080005 [e4d87650 . e3af6c00]
Length=0044002c Type=00380001 (LPC_REQUEST)
Data: 00000001 000b0242 12345678 abcd1234 230100ef fbcf6745
0000 e3af6c00 - Busy Id=0033e440 From: 0558.05d4 Context=80080005 [e1d98008 . e54504e8]
Length=0044002c Type=00380001 (LPC_REQUEST)
Data: 00000001 000b0242 438703f2 c5a09c89 3d8a5080 00000001
0000 e54504e8 - Busy Id=00341184 From: 0558.1210 Context=80080005 [e3af6c00 . e52d3ea0]
Length=0044002c Type=00380001 (LPC_REQUEST)
Data: 00000001 000b0242 12345678 abcd1234 230100ef fbcf6745
0000 e52d3ea0 - Busy Id=0034fd11 From: 0558.0300 Context=80080005 [e54504e8 . e4ed1848]
Length=0044002c Type=00380001 (LPC_REQUEST)
Data: 00000001 000b0242 00000000 00000000 00000000 00000000
0000 e4ed1848 - Busy Id=00368557 From: 0558.14fc Context=80080005 [e52d3ea0 . e23e5390]
Length=0044002c Type=00380001 (LPC_REQUEST)
Data: 00003b01 000b0242 ad1b3b44 ade74eb0 895f3670 ad1b3b60
0000 e23e5390 - Busy Id=00374946 From: 0558.1384 Context=80080005 [e4ed1848 . e427cd90]
Length=0044002c Type=00380001 (LPC_REQUEST)
Data: 00000001 000b0242 00000000 00000000 00000000 00000000
0000 e427cd90 - Busy Id=003bf823 From: 0558.08a0 Context=80080005 [e23e5390 . e3babc78]
Length=0044002c Type=00380001 (LPC_REQUEST)
Data: 00007d01 000b0242 88da5375 3045464d acb47b58 ade71ce3
0000 e3babc78 - Busy Id=003c80a8 From: 0558.1488 Context=80080005 [e427cd90 . e4dd8ea0]
Length=0044002c Type=00380001 (LPC_REQUEST)
Data: 00007d01 000b0242 88da5375 3045464d acb47b58 ade71ce3
0000 e4dd8ea0 - Busy Id=003d6f76 From: 0558.129c Context=80080005 [e3babc78 . e231ee58]
Length=0044002c Type=00380001 (LPC_REQUEST)
Data: 0000cb01 000b0242 ae80cb44 ade74eb0 895f3670 ae80cb60
0000 e231ee58 - Busy Id=003f3a15 From: 0558.0de8 Context=80080005 [e4dd8ea0 . e38f8008]
Length=0044002c Type=00380001 (LPC_REQUEST)
Data: 00000001 000b0242 00000000 00000000 00000000 00000000
0000 e38f8008 - Busy Id=004227f8 From: 0558.14e8 Context=80080005 [e231ee58 . e3105a20]
Length=0044002c Type=00380001 (LPC_REQUEST)
Data: 0000cb01 000b0242 ae80cb44 ade74eb0 895f3670 ae80cb60
0000 e3105a20 - Busy Id=00422b4d From: 0558.09b0 Context=80080005 [e38f8008 . e43fb110]
Length=0044002c Type=00380001 (LPC_REQUEST)
Data: 00000001 000b0242 12345678 abcd1234 230100ef fbcf6745
0000 e43fb110 - Busy Id=0042b9fe From: 0558.1124 Context=80080005 [e3105a20 . e3c44298]
Length=0044002c Type=00380001 (LPC_REQUEST)
Data: 00000001 000b0242 00000000 00000000 00000000 00000000
0000 e3c44298 - Busy Id=0042ed0e From: 0558.1558 Context=80080005 [e43fb110 . e3c48c70]
Length=0044002c Type=00380001 (LPC_REQUEST)
Data: 00000001 000b0242 00000000 00000000 00010002 0208000e
0000 e3c48c70 - Busy Id=00435990 From: 0558.1768 Context=80080005 [e3c44298 . e4cc3c18]
Length=0044002c Type=00380001 (LPC_REQUEST)
Data: 00000001 000b0242 00000000 00000000 00000000 c06007f0
0000 e4cc3c18 - Busy Id=0043db48 From: 0558.1224 Context=80080005 [e3c48c70 . e2661f70]
Length=0044002c Type=00380001 (LPC_REQUEST)
Data: 00000001 000b0242 00000000 00000000 00000000 00000000
The LpcDataInfoChainHead queue contains 18 messages
Threads in RunDown queue : 0xe430c218 0xe4d87488 0xe1d97e40 0xe3af6a38 0xe5450320 0xe52d3cd8 0xe4ed1680 0xe23e51c8 0xe427cbc8 0xe3babab0 0xe4dd8cd8 0xe231ec90 0xe38f7e40 0xe3105858 0xe43faf48 0xe3c440d0 0xe3c48aa8 0xe4cc3a50
Done.
上面的显示很长,其主要内容是,刚才那个LSASS线程在等待ntsvc端口的回复,这个端口是services进程监听的,而且这个LPC端口的消息队列中堆积了很多消息。
现在的目标指向了services进程,观察它,会发现它有这样一个线程:
kd> !THREAD 884444e0
THREAD 884444e0 Cid 0544.0e5c Teb: 7ff95000 Win32Thread: 00000000 WAIT: (Executive) KernelMode Non-Alertable
884446d4 Semaphore Limit 0x1
Waiting for reply to LPC MessageId 00327179:
Pending LPC Reply Message:
e3364398: [e3364398,e3364398]
IRP List:
89166008: (0006,0220) Flags: 00000884 Mdl: 00000000
Not impersonating
DeviceMap e10087c0
Owning Process 8a7f8da0 Image: services.exe
Attached Process N/A Image: N/A
Wait Start TickCount 15746429 Ticks: 51306 (0:00:13:21.656)
Context Switch Count 63846
UserTime 00:00:02.406
KernelTime 00:00:11.234
Win32 Start Address 0x003270dc
LPC Server thread working on message Id 3270dc
Start Address 0x7c810679
Stack Init acb0c000 Current acb0afcc Base acb0c000 Limit acb09000 Call 0
Priority 10 BasePriority 9 PriorityDecrement 0 DecrementCount 0
ChildEBP RetAddr Args to Child
acb0afe4 8050049e 88444550 884444e0 804f9cec nt!KiSwapContext+0x2e (FPO: [Uses EBP] [0,0,4])
acb0aff0 804f9cec 00000000 884444e0 e5178868 nt!KiSwapThread+0x46 (FPO: [0,0,0])
acb0b018 805987fc 00000000 00000000 acd70d00 nt!KeWaitForSingleObject+0x1c2 (FPO: [Non-Fpo])
acb0b0d4 80598a2a acb0b300 acb0b224 acb0b22c nt!NtSecureConnectPort+0x662 (FPO: [Non-Fpo])
acb0b100 acd60ebc acb0b300 acb0b224 acb0b22c nt!NtConnectPort+0x24 (FPO: [Non-Fpo])
WARNING: Stack unwind information not available. Following frames may be wrong.
acb0b154 8053cbc8 acb0b300 acb0b224 acb0b22c hidsys+0x12ebc
acb0b154 804fd80d acb0b300 acb0b224 acb0b22c nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ acb0b17c)
acb0b1ec ba5e9a05 acb0b300 acb0b224 acb0b22c nt!ZwConnectPort+0x11 (FPO: [8,0,0])
acb0b2dc ba5e3f54 ba5e5da0 00000001 acb0b300 KSecDD!CreateConnection+0xe5 (FPO: [Non-Fpo])
acb0b310 ba5e38da 00000001 acb0b320 00000000 KSecDD!CreateClient+0x90 (FPO: [Non-Fpo])
acb0b324 ba5e9044 acb0b430 acb0b340 e27ac030 KSecDD!IsOkayToExec+0x2c (FPO: [Non-Fpo])
acb0b434 ba5ea4f1 acb0b688 acb0b44c acb0b45c KSecDD!SecpGetLogonSessionData+0x14 (FPO: [Non-Fpo])
acb0b444 acd54168 acb0b688 acb0b454 00000000 KSecDD!LsaGetLogonSessionData+0x11 (FPO: [Non-Fpo])
acb0b45c acd64d5f acb0b688 acb0b6b8 acd79004 hidsys+0x6168
acb0b6d4 acd6d393 8811fe04 00000004 00000000 hidsys+0x16d5f
acb0b6e8 acd6d939 8811fe04 0000002d acb0b700 hidsys!strcspn+0x58f3
acb0b708 acd77c96 8811fe04 87d55ce2 acb0b724 hidsys!strcspn+0x5e99
acb0b728 acd77bd4 8811fe04 894aabb4 acb0b79c hidsys!strcspn+0x101f6
acb0b75c acd772db acb0b79c 8811fe04 acb0b798 hidsys!strcspn+0x10134
acb0b7cc acd77238 8811fe04 87d35004 acb0b80c hidsys!strcspn+0xf83b
acb0b7e8 acd65113 8815a00c acb0b80c 87d35004 hidsys!strcspn+0xf798
acb0b830 acd59c62 8815a00c acb0b8c0 acb00000 hidsys+0x17113
acb0b8a8 acd595e5 8ac8d318 89166008 88df33b8 hidsys+0xbc62
acb0b8d8 804ee0ef 8ac8d318 89166008 8ac69150 hidsys+0xb5e5
acb0b8e8 ba5ff876 89166204 8ad115a8 89166008 nt!IopfCallDriver+0x31 (FPO: [0,0,0])
acb0b934 804ee0ef 8ac8dc80 00000001 89166228 sr!SrCreate+0x150 (FPO: [Non-Fpo])
acb0b944 ade7381d 88e31064 88e31008 00000002 nt!IopfCallDriver+0x31 (FPO: [0,0,0])
acb0b96c ade645bb 89166008 acb0ba20 89166008 mfehidk!DEVICEDISPATCH::LowerDevicePassThrough+0x48
acb0b990 ade64c32 89166008 01166204 8ac69150 mfehidk+0x75bb
acb0ba28 ade72a57 8ac69150 89166008 acb0ba60 mfehidk+0x7c32
acb0ba38 ade72aa7 acb0ba48 8a596eb0 891bc888 mfehidk+0x15a57
acb0ba60 804ee0ef 891bc888 89166008 89166008 mfehidk!DEVICEDISPATCH::DispatchPassThrough+0x48
acb0ba70 805778d6 8accebf0 88e1f864 acb0bc18 nt!IopfCallDriver+0x31 (FPO: [0,0,0])
acb0bb50 805b3c2a 8accec08 00000000 88e1f7c0 nt!IopParseDevice+0xa12 (FPO: [Non-Fpo])
acb0bbd8 805b010b 00000000 acb0bc18 00000040 nt!ObpLookupObjectName+0x56a (FPO: [Non-Fpo])
acb0bc2c 8056a613 00000000 00000000 00000001 nt!ObOpenObjectByName+0xeb (FPO: [Non-Fpo])
acb0bca8 8056af8a 017cf6d0 00100100 017cf68c nt!IopCreateFile+0x407 (FPO: [Non-Fpo])
acb0bd04 8056e773 017cf6d0 00100100 017cf68c nt!IoCreateFile+0x8e (FPO: [Non-Fpo])
acb0bd44 8053cbc8 017cf6d0 00100100 017cf68c nt!NtOpenFile+0x27 (FPO: [Non-Fpo])
acb0bd44 7c90eb94 017cf6d0 00100100 017cf68c nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ acb0bd64)
这个线程的栈回溯与前面Word进程的遭遇很类似,它也是因为打开文件而受到“安全检查”,然后等待打开一个LPC端口,仔细看一下原来也是在连接LsaAuthenticationPort:
kd> dS acb0b224
ba5e98ec "\LsaAuthenticationPort"
不过,它要打开的文件与WORD要打开的不同:
kd> dS acb0bc18
e1219ac8 "\Device\HarddiskVolume1\WINDOWS\"
e1219b08 "System32\config\SecEvent.Evt"
检查一下在等待的消息ID:
kd> !lpc message 00327179
Searching message 327179 in threads ...
Client thread 884444e0 waiting a reply from 327179
Searching thread 884444e0 in port rundown queues ...
Server connection port e2da1378 Name: LsaAuthenticationPort
Handles: 1 References: 144
Server process : 8a66c940 (lsass.exe)
Queue semaphore : 8aa0c978
Semaphore state 0 (0x0)
The message queue is empty
The LpcDataInfoChainHead queue is empty
Done.
注意,上面的显示还有这样一句话:
LPC Server thread working on message Id 3270dc
也就是说,刚才那个在等待LsaAuthenticationPort端口的Services线程当时在处理回复3270dc消息。这个消息是谁的呢?
kd> !lpc message 3270dc
Searching message 3270dc in threads ...
Server thread 884444e0 is working on message 3270dc
Client thread 88eed4b0 waiting a reply from 3270dc
Searching thread 88eed4b0 in port rundown queues ...
Server communication port 0xe265e968
Handles: 1 References: 1
The LpcDataInfoChainHead queue is empty
Connected port: 0xe27d34b0 Server connection port: 0xe2661ef0
Client communication port 0xe27d34b0
Handles: 1 References: 19
The LpcDataInfoChainHead queue is empty
Server connection port e2661ef0 Name: ntsvcs
Handles: 1 References: 432
Server process : 8a7f8da0 (services.exe)
Queue semaphore : 8aa06248
Semaphore state 263 (0x107)
也就是说,等待这个消息的客户线程是88eed4b0 :
kd> !thread 88eed4b0
THREAD 88eed4b0 Cid 0558.12c0 Teb: 7ff98000 Win32Thread: 00000000 WAIT: (WrLpcReply) UserMode Non-Alertable
88eed6a4 Semaphore Limit 0x1
Waiting for reply to LPC MessageId 003270dc:
Current LPC port e27d34b0
Not impersonating
DeviceMap e10087c0
Owning Process 8a66c940 Image: lsass.exe
Attached Process N/A Image: N/A
Wait Start TickCount 11653439 Ticks: 4144296 (0:17:59:14.625)
Context Switch Count 27
UserTime 00:00:00.000
KernelTime 00:00:00.000
Win32 Start Address 0x75738d13
Start Address 0x7c810679
Stack Init ae04b000 Current ae04ac50 Base ae04b000 Limit ae048000 Call 0
Priority 9 BasePriority 9 PriorityDecrement 0 DecrementCount 16
Kernel stack not resident.
ChildEBP RetAddr Args to Child
ae04ac68 8050049e 88eed520 88eed4b0 804f9cec nt!KiSwapContext+0x2e (FPO: [Uses EBP] [0,0,4])
ae04ac74 804f9cec 88eed6a4 88eed678 88eed4b0 nt!KiSwapThread+0x46 (FPO: [0,0,0])
ae04ac9c 805977e9 00000001 00000011 00000001 nt!KeWaitForSingleObject+0x1c2 (FPO: [Non-Fpo])
ae04ad50 8053cbc8 000003d0 000be8a8 000be8a8 nt!NtRequestWaitReplyPort+0x63d (FPO: [Non-Fpo])
ae04ad50 7c90eb94 000003d0 000be8a8 000be8a8 nt!KiFastCallEntry+0xf8 (FPO: [0,0] TrapFrame @ ae04ad64)
WARNING: Frame IP not in any known module. Following frames may be wrong.
015ef2f8 00000000 00000000 00000000 00000000 0x7c90eb94
看来这个客户线程真的是LSASS的。
于是,可以知道,LSASS在等待Services的回复,Services在收到请求,准备回复时,需要打开SecEvent.Evt文件(记录安全日志),但是打开时需要接受安全检查,为了做安全检查,有人需要去连接LSASS的LsaAuthenticationPort端口,但是此时LSASS是在等待Services的回复,于是二者循环等待了。这导致Word起来时,连接LsaAuthenticationPort端口也被堵死。
很多用户态挂死都与LPC有关,尽管这不是问题的根源。Vista和Server 2008引入了ALPC来改进旧的LPC,以帮助缓解这个的问题。Undocumented Windows NT中很好的介绍了LPC,http://www.windowsitlibrary.com/Content/356/08/2.html。