Advanced Debugging
About AdvDbg Consult Train Services Products Tools Community Contact  
欢迎光临 高端调试 登录 | 注册 | FAQ
  内核调试
  ACPI调试
Linux内核调试
Windows内核调试
  调试方法学
  调试战役
调试原理
新工具观察
  操作系统
  Linux
Windows Vista
Windows
  驱动开发
  Linux驱动
WDF
WDM
  总线
  PCI Express
PCI/PCI-X
USB
无线通信协议
  中央处理器
  64位CPU
ARM
IA-32
  CPU Info Center
  计算机机系统
  ACPI标准
系统认证
Desktop
服务器
  嵌入式系统
  Embedded Linux
嵌入式开发工具
VxWorks
WinCE
嵌入式Windows
  特别链接
  格蠹调试套件(GDK)
  格蠹学院
  小朱书店
  老雷的微博
  《软件调试》
  《格蠹汇编》
  《软件调试(第二版)》
沪ICP备11027180号-1

Windows内核调试

帖子发起人: domo9528   发起时间: 2012-06-16 19:40 下午   回复: 5
高端调试 » 软件调试 » Windows内核调试 » 求助,Win7登陆界面CredentialProvider出现卡住的现象,但是确定不了原因

Print Search
帖子排序:    
   2012-06-16, 19:40 下午
domo9528 离线,最后访问时间: 2012/6/16 11:36:33 domo9528

发帖数前200位
注册: 2012-06-16
发 贴: 5
Indifferent [:|] 求助,Win7登陆界面CredentialProvider出现卡住的现象,但是确定不了原因
Reply Quote
Win7登陆界面CredentialProvider出现卡住的现象,以下是手动dump之后,转到logonUI.exe 的相关信息,看上都是在做WaitforSingleObject,但是不能确定真正的原因在哪里,求助

0: kd> .process 8fd7d030  
Implicit process is now 8fd7d030
0: kd> !process 8fd7d030  7
PROCESS 8fd7d030  SessionId: 1  Cid: 045c    Peb: 7ffdb000  ParentCid: 02f8
    DirBase: b82f51a0  ObjectTable: 953abc10  HandleCount: 252.
    Image: LogonUI.exe
    VadRoot 8fdb97b8 Vads 276 Clone 0 Private 2334. Modified 1. Locked 0.
    DeviceMap 8da08870
    Token                             98a908c0
    ElapsedTime                       00:00:23.971
    UserTime                          00:00:00.000
    KernelTime                        00:00:00.000
    QuotaPoolUsage[PagedPool]         0
    QuotaPoolUsage[NonPagedPool]      0
    Working Set Sizes (now,min,max)  (5132, 50, 345) (20528KB, 200KB, 1380KB)
    PeakWorkingSetSize                10216
    VirtualSize                       115 Mb
    PeakVirtualSize                   115 Mb
    PageFaultCount                    15702
    MemoryPriority                    BACKGROUND
    BasePriority                      13
    CommitCharge                      3672

        THREAD 8fd5d938  Cid 045c.0460  Teb: 7ffdf000 Win32Thread: ff50e2d8 WAIT: (UserRequest) UserMode Non-Alertable
            8fde7910  SynchronizationEvent
        Not impersonating
        DeviceMap                 8da08870
        Owning Process            8fd7d030       Image:         LogonUI.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      1591           Ticks: 1189 (0:00:00:18.548)
        Context Switch Count      887             
        UserTime                  00:00:00.062
        KernelTime                00:00:00.078
        Win32 Start Address LogonUI!wWinMainCRTStartup (0x006e1435)
        Stack Init ae623ed0 Current ae623ac8 Base ae624000 Limit ae621000 Call 1678
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        ChildEBP RetAddr  Args to Child              
        ae623ae0 8469c65d 8fd5d938 9032f308 9032c120 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
        ae623b18 8469b4a7 8fd5d9f8 8fd5d938 8fde7910 nt!KiSwapThread+0x266
        ae623b40 846950cf 8fd5d938 8fd5d9f8 00000000 nt!KiCommitThreadWait+0x1df
        ae623bb8 84846d17 8fde7910 00000006 00000001 nt!KeWaitForSingleObject+0x393
        ae623c20 8465c27a 000000e4 00000000 00000000 nt!NtWaitForSingleObject+0xc6
        ae623c20 77c57094 000000e4 00000000 00000000 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ ae623c34)
        0020eb60 77c56a24 77c42278 000000e4 00000000 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
        0020eb64 77c42278 000000e4 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])
        0020ebc8 77c4215c 00000000 00000000 00000001 ntdll!RtlpWaitOnCriticalSection+0x13e (FPO: [Non-Fpo])
        0020ebf0 77c6fe33 77ce7340 77eed77a 77c57c1a ntdll!RtlEnterCriticalSection+0x150 (FPO: [Non-Fpo])
        0020ed5c 77c722b2 0020edbc 0020ed88 00000000 ntdll!LdrpLoadDll+0x287 (FPO: [Non-Fpo])
        0020ed90 75e38b51 003d5d1c 0020edd4 0020edbc ntdll!LdrLoadDll+0x92 (FPO: [Non-Fpo])
        0020edcc 7639efdc 00000000 00000000 003d5d1c KERNELBASE!LoadLibraryExW+0x1d3 (FPO: [Non-Fpo])
        0020ef00 77c56fce 0020ef18 00000098 0020efd8 USER32!__ClientLoadLibrary+0x60 (FPO: [Non-Fpo])
        0020efac 763ada1a 7639e34b 0000000f 21f7022a ntdll!KiUserCallbackDispatcher+0x2e (FPO: [0,0,0])
        0020efb0 7639e34b 0000000f 21f7022a 00000000 USER32!NtUserCallNoParam+0xc (FPO: [1,0,0])
        0020efe8 7430c9a5 0000001f 7433a590 00000000 USER32!GetSystemMetrics+0x49 (FPO: [Non-Fpo])
        0020f0b8 7430c946 00000000 7433a8e0 00000000 UxTheme!CInternalNonclientMetrics::Acquire+0x2b (FPO: [Non-Fpo])
        0020f0cc 7430be8a 0020f0e4 00000000 7433a94c UxTheme!NcGetNonclientMetrics+0x3a (FPO: [Non-Fpo])
        0020f2e0 7430bdd9 00000000 7433a8e0 7433a1b0 UxTheme!_LoadNcThemeSysMetrics+0x29 (FPO: [Non-Fpo])
        0020f300 7430bba1 00000000 00000013 7433a8ac UxTheme!_LoadNcThemeMetrics+0x28d (FPO: [Non-Fpo])
        0020f314 7430b369 00000001 00000000 0020f348 UxTheme!AcquireNcThemeMetrics+0x38 (FPO: [0,0,0])
        0020f324 7430b2f2 00ae0001 00000000 7430b2ce UxTheme!NewThemeCheck+0x52 (FPO: [Non-Fpo])
        0020f330 7430b2ce 763f92a0 00000000 00000000 UxTheme!OnHooksEnabled+0x13 (FPO: [0,0,0])
        0020f348 763a25b8 00000000 0020f360 00000011 UxTheme!ThemeInitApiHook+0x1af (FPO: [Non-Fpo])
        0020f3c8 7639f027 74300000 7430b176 763a61b8 USER32!InitUserApiHook+0x29 (FPO: [Non-Fpo])
        0020f4f8 77c56fce 0020f510 00000098 0020f5d4 USER32!__ClientLoadLibrary+0xab (FPO: [Non-Fpo])
        0020f5a4 763ada1a 76394f5f 0000000f 21f71826 ntdll!KiUserCallbackDispatcher+0x2e (FPO: [0,0,0])
        0020f5a8 76394f5f 0000000f 21f71826 763a61b8 USER32!NtUserCallNoParam+0xc (FPO: [1,0,0])
        0020f5e4 73da3ea7 0001001c 0000031b 00000000 USER32!DefWindowProcW+0x39 (FPO: [Non-Fpo])
        0020f624 763ac4e7 0001001c 0000031b 00000000 DUI70!DirectUI::NativeHWNDHost::WndProc+0x344 (FPO: [Non-Fpo])
        0020f650 763ac5e7 73da3e01 0001001c 0000031b USER32!InternalCallWinProc+0x23
        0020f6c8 763acc19 003f22ec 73da3e01 0001001c USER32!UserCallWinProcCheckWow+0x14b (FPO: [Non-Fpo])
        0020f728 763acc70 73da3e01 00000000 0020f778 USER32!DispatchMessageWorker+0x35e (FPO: [Non-Fpo])
        0020f738 747b2e94 0020f750 00000000 00000000 USER32!DispatchMessageW+0xf (FPO: [Non-Fpo])
        0020f778 747b51f2 10000003 773d8e97 00000000 authui!CLogonFrame::DoModal+0xf9 (FPO: [Non-Fpo])
        0020f7a8 747b53ec 00000000 00000000 0020f7e4 authui!CLogonUI_CreateThenDoModalThenDestroy+0x1b4 (FPO: [Non-Fpo])
        0020f7b8 006e118e 003e2848 00000000 00000000 authui!CLogonUI::DoModal+0x65 (FPO: [Non-Fpo])
        0020f7e4 006e10c2 006e0000 00000000 003e6300 LogonUI!wWinMain+0xaf (FPO: [Non-Fpo])
        0020f878 773ced6c 7ffdb000 0020f8c4 77c7377b LogonUI!_initterm_e+0x1b1 (FPO: [Non-Fpo])

        THREAD 8fd43030  Cid 045c.04b8  Teb: 7ffde000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Alertable
            8fdc9be0  SynchronizationTimer
            8fcfd890  SynchronizationTimer
            8fdd1f68  SynchronizationTimer
            8fc9aec0  NotificationEvent
            ada81770  SynchronizationEvent
            8fdb8e08  SynchronizationEvent
        Not impersonating
        DeviceMap                 8da08870
        Owning Process            8fd7d030       Image:         LogonUI.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      1591           Ticks: 1189 (0:00:00:18.548)
        Context Switch Count      6             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWaiterpThread (0x77c3fd0d)
        Stack Init 9a683ed0 Current 9a683648 Base 9a684000 Limit 9a681000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        ChildEBP RetAddr  Args to Child              
        9a683660 8469c65d 8fd43030 807f9308 807f6120 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
        9a683698 8469b4a7 8fdb8e08 8fd43030 adab3c04 nt!KiSwapThread+0x266
        9a6836c0 84697484 8fd43030 adab3b68 00000000 nt!KiCommitThreadWait+0x1df
        9a68383c 84847900 00000006 9a683974 00000001 nt!KeWaitForMultipleObjects+0x535
        9a683ac8 8484766d 00000006 9a683b0c 00000001 nt!ObpWaitForMultipleObjects+0x262
        9a683c18 8465c27a 00000006 003ed930 00000001 nt!NtWaitForMultipleObjects+0xcd
        9a683c18 77c57094 00000006 003ed930 00000001 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 9a683c34)
        005bfd6c 77c56a04 77c3fe39 00000006 003ed930 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
        005bfd70 77c3fe39 00000006 003ed930 00000001 ntdll!ZwWaitForMultipleObjects+0xc (FPO: [5,0,0])
        005bff04 773ced6c 00000000 005bff50 77c7377b ntdll!TppWaiterpThread+0x33d (FPO: [Non-Fpo])
        005bff10 77c7377b 003ed900 7795c576 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
        005bff50 77c7374e 77c3fd0d 003ed900 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
        005bff68 00000000 77c3fd0d 003ed900 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

        THREAD 8fddb190  Cid 045c.04c4  Teb: 7ffdd000 Win32Thread: ff40cdd8 WAIT: (WrQueue) UserMode Alertable
            8fce3d80  QueueObject
        Not impersonating
        DeviceMap                 8da08870
        Owning Process            8fd7d030       Image:         LogonUI.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      1554           Ticks: 1226 (0:00:00:19.125)
        Context Switch Count      37             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x77c403e9)
        Stack Init 9a693ed0 Current 9a693a60 Base 9a694000 Limit 9a691000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 1 IoPriority 2 PagePriority 5
        ChildEBP RetAddr  Args to Child              
        9a693a78 8469c65d 8fddb190 807f9308 807f6120 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
        9a693ab0 8469b4a7 8fddb250 8fddb190 8fce3d80 nt!KiSwapThread+0x266
        9a693ad8 8469c1ad 8fddb190 8fddb250 000000d9 nt!KiCommitThreadWait+0x1df
        9a693b38 84846e93 8fce3d80 bdee5901 00000001 nt!KeRemoveQueueEx+0x4f8
        9a693b90 846a28f3 8fce3d80 9a693bc8 9a693bf0 nt!IoRemoveIoCompletion+0x23
        9a693c24 8465c27a 000000c4 0050fdbc 0050fe68 nt!NtWaitForWorkViaWorkerFactory+0x1a1
        9a693c24 77c57094 000000c4 0050fdbc 0050fe68 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 9a693c34)
        0050fd04 77c56a34 77c414e3 000000c4 0050fdbc ntdll!KiFastSystemCallRet (FPO: [0,0,0])
        0050fd08 77c414e3 000000c4 0050fdbc 779ec44e ntdll!NtWaitForWorkViaWorkerFactory+0xc (FPO: [2,0,0])
        0050fe68 773ced6c 003ecb38 0050feb4 77c7377b ntdll!TppWorkerThread+0x216 (FPO: [Non-Fpo])
        0050fe74 77c7377b 003ecb38 779ec492 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
        0050feb4 77c7374e 77c403e9 003ecb38 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
        0050fecc 00000000 77c403e9 003ecb38 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

        THREAD 8fdd9940  Cid 045c.04d0  Teb: 7ffdc000 Win32Thread: ff433dd8 WAIT: (UserRequest) UserMode Non-Alertable
            8fdafd48  Thread
        Not impersonating
        DeviceMap                 8da08870
        Owning Process            8fd7d030       Image:         LogonUI.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      1863           Ticks: 917 (0:00:00:14.305)
        Context Switch Count      298             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.031
        Win32 Start Address ntdll!TppWorkerThread (0x77c403e9)
        Stack Init 9a697ed0 Current 9a697ac8 Base 9a698000 Limit 9a695000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 1 IoPriority 2 PagePriority 5
        ChildEBP RetAddr  Args to Child              
        9a697ae0 8469c65d 8fdd9940 00000000 807f6120 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
        9a697b18 8469b4a7 8fdd9a00 8fdd9940 8fdafd48 nt!KiSwapThread+0x266
        9a697b40 846950cf 8fdd9940 8fdd9a00 00000000 nt!KiCommitThreadWait+0x1df
        9a697bb8 84846d17 8fdafd48 00000006 bdee1901 nt!KeWaitForSingleObject+0x393
        9a697c20 8465c27a 00000208 00000000 00000000 nt!NtWaitForSingleObject+0xc6
        9a697c20 77c57094 00000208 00000000 00000000 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 9a697c34)
        00a2f98c 77c56a24 75e3179c 00000208 00000000 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
        00a2f990 75e3179c 00000208 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])
        00a2f9fc 773cc2f3 00000208 ffffffff 00000000 KERNELBASE!WaitForSingleObjectEx+0x98 (FPO: [Non-Fpo])
        00a2fa14 773cc2a2 00000208 ffffffff 00000000 kernel32!WaitForSingleObjectExImplementation+0x75 (FPO: [Non-Fpo])
        00a2fa28 73d004f9 00000208 ffffffff 003f8c30 kernel32!WaitForSingleObject+0x12 (FPO: [Non-Fpo])
        00a2fa38 73d00535 73d19f38 00a2fa60 73d006b8 wdmaud!CWorker::~CWorker+0x43 (FPO: [0,0,4])
        00a2fa44 73d006b8 00000001 00000000 003e3d38 wdmaud!CWorker::`scalar deleting destructor'+0xd (FPO: [Non-Fpo])
        00a2fa60 73cff607 00415db8 26b32147 00000000 wdmaud!CWorkerGuard::DereferenceWorker+0x9e (FPO: [Non-Fpo])
        00a2fa8c 73cfdb2d 00415d78 00a2faac 73cfdd77 wdmaud!CWaveHandle::~CWaveHandle+0x29 (FPO: [Non-Fpo])
        00a2fa98 73cfdd77 00000001 003f8d30 003e3d50 wdmaud!CWaveHandle::`scalar deleting destructor'+0xd (FPO: [Non-Fpo])
        00a2faac 73cf4b2f 00415d78 00a2fae0 73e74bbf wdmaud!CWxd::Close+0x2b (FPO: [Non-Fpo])
        00a2fab8 73e74bbf 00000000 00000006 00415d78 wdmaud!wodMessage+0x79 (FPO: [Non-Fpo])
        00a2fae0 73c132a7 003e3d50 00000000 00415cb8 WINMM!waveOutClose+0x68 (FPO: [Non-Fpo])
        00a2fb00 73c11d7a 00415cb8 00000000 003e3d00 msacm32!_DoStreamSwitch+0xa7 (FPO: [Non-Fpo])
        00a2fb14 73c1148e 00415cb8 003e1e74 003e3d00 msacm32!mapWaveUnprepareHeader+0x29 (FPO: [Non-Fpo])
        00a2fb2c 73e749d7 00000000 00000008 00415cb8 msacm32!wodMessage+0xa6 (FPO: [Non-Fpo])
        00a2fb50 73e74c46 003e3d00 00000008 003e1e74 WINMM!waveMessage+0x66 (FPO: [Non-Fpo])
        00a2fb70 73e74b44 003e3d00 003e1e74 00000020 WINMM!waveOutUnprepareHeader+0x56 (FPO: [Non-Fpo])
        00a2fbac 73e79995 73e98b68 73e727ac 00400000 WINMM!soundClose+0x4e (FPO: [Non-Fpo])
        00a2fbc0 73e74a70 003e1e70 00200004 2627266c WINMM!soundPlay+0xe2 (FPO: [Non-Fpo])
        00a2fbfc 73e799ff 01e28788 00000200 00200004 WINMM!sndMessage+0x1a3 (FPO: [Non-Fpo])
        00a2fc24 747cc38f 01e28788 00000000 00200004 WINMM!sndPlaySoundI+0x520 (FPO: [Non-Fpo])
        00a2fc68 747e6a7b 003e3910 00a2fce8 77c3d897 authui!_RegQueryBoolValueFromHKLM+0x1d4 (FPO: [Non-Fpo])
        00a2fc74 77c3d897 00000128 776cc6ce 003ecb40 authui!PlaySoundWorkItemFromLogonUIProc+0x74 (FPO: [Non-Fpo])
        00a2fce8 77c40846 00000128 003e3910 776cc46e ntdll!RtlpTpWorkCallback+0x11d (FPO: [Non-Fpo])
        00a2fe48 773ced6c 003ecb38 00a2fe94 77c7377b ntdll!TppWorkerThread+0x572 (FPO: [Non-Fpo])
        00a2fe54 77c7377b 003ecb38 776cc4b2 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
        00a2fe94 77c7374e 77c403e9 003ecb38 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
        00a2feac 00000000 77c403e9 003ecb38 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

        THREAD 8fdf2450  Cid 045c.04f8  Teb: 7ffda000 Win32Thread: ff40ca90 WAIT: (UserRequest) UserMode Non-Alertable
            adaa2c68  NotificationEvent
        Not impersonating
        DeviceMap                 8da08870
        Owning Process            8fd7d030       Image:         LogonUI.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      1585           Ticks: 1195 (0:00:00:18.642)
        Context Switch Count      47             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x77c403e9)
        Stack Init 9a6bbed0 Current 9a6bbac8 Base 9a6bc000 Limit 9a6b9000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        ChildEBP RetAddr  Args to Child              
        9a6bbae0 8469c65d 8fdf2450 00000000 807f6120 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
        9a6bbb18 8469b4a7 8fdf2510 8fdf2450 adaa2c68 nt!KiSwapThread+0x266
        9a6bbb40 846950cf 8fdf2450 8fdf2510 00000000 nt!KiCommitThreadWait+0x1df
        9a6bbbb8 84846d17 adaa2c68 00000006 84698401 nt!KeWaitForSingleObject+0x393
        9a6bbc20 8465c27a 00000370 00000000 00000000 nt!NtWaitForSingleObject+0xc6
        9a6bbc20 77c57094 00000370 00000000 00000000 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 9a6bbc34)
        00bbefc8 77c56a24 75e3179c 00000370 00000000 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
        00bbefcc 75e3179c 00000370 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])
        00bbf038 773cc2f3 00000370 ffffffff 00000000 KERNELBASE!WaitForSingleObjectEx+0x98 (FPO: [Non-Fpo])
        00bbf050 773cc2a2 00000370 ffffffff 00000000 kernel32!WaitForSingleObjectExImplementation+0x75 (FPO: [Non-Fpo])
        00bbf064 747b4237 00000370 ffffffff 00bbf498 kernel32!WaitForSingleObject+0x12 (FPO: [Non-Fpo])
        00bbf07c 747b4e43 00000370 ffffffff 00bbf0a8 authui!InternalWaitForSingleObject+0x15 (FPO: [Non-Fpo])
        00bbf08c 747b7d71 00434330 00bbf4b8 0000000c authui!CCallbackQueueItem::WaitCallbackThread+0x12 (FPO: [Non-Fpo])
        00bbf0a8 747b7e50 00bbf498 00000000 00000001 authui!ServerStop+0xdf5 (FPO: [Non-Fpo])
        00bbf0cc 773004e8 0047c3d0 00bbf498 00000000 authui!WluirRequestCredentials+0x27 (FPO: [Non-Fpo])
        00bbf0fc 77365311 747b7e29 00bbf2e8 00000007 RPCRT4!Invoke+0x2a
        00bbf504 7736431d 00000000 00000000 0047c488 RPCRT4!NdrStubCall2+0x2d6
        00bbf520 7730063c 0047c488 216c18ba 02c39ca8 RPCRT4!NdrServerCall2+0x19
        00bbf55c 773007ca 747b4b7f 0047c488 00bbf644 RPCRT4!DispatchToStubInCNoAvrf+0x4a
        00bbf5b4 773006b6 02c39ca8 00000000 00000000 RPCRT4!RPC_INTERFACE::DispatchToStubWorker+0x16c
        00bbf5dc 773022ce 00000000 00000000 00bbf644 RPCRT4!RPC_INTERFACE::DispatchToStub+0x8b
        00bbf614 77300bfa 00000000 00000000 00bbf644 RPCRT4!RPC_INTERFACE::DispatchToStubWithObject+0xb2
        00bbf660 77300ac6 0047c3d0 00bbf67c 0047b250 RPCRT4!LRPC_SCALL::DispatchRequest+0x23b
        00bbf680 77300a85 0047c3d0 00470d90 0047b250 RPCRT4!LRPC_SCALL::QueueOrDispatchCall+0xbd
        00bbf69c 77300921 00000000 00470d78 02c39ca8 RPCRT4!LRPC_SCALL::HandleRequest+0x34f
        00bbf6d0 77300895 00000000 00470d78 00475a40 RPCRT4!LRPC_SASSOCIATION::HandleRequest+0x144
        00bbf708 772ffe85 02c39bc0 00000000 00475a40 RPCRT4!LRPC_ADDRESS::HandleRequest+0xbd
        00bbf780 772ffd1d 00000000 00bbf79c 772ffc6a RPCRT4!LRPC_ADDRESS::ProcessIO+0x50a
        00bbf78c 772ffc6a 02c39c5c 00000000 00bbf7c4 RPCRT4!LrpcServerIoHandler+0x16
        00bbf79c 77c41d63 00bbf808 02c39c5c 0040fd48 RPCRT4!LrpcIoComplete+0x16
        00bbf7c4 77c415b0 00bbf808 00000000 00000000 ntdll!TppAlpcpExecuteCallback+0x1c5 (FPO: [Non-Fpo])
        00bbf92c 773ced6c 003ecb38 00bbf978 77c7377b ntdll!TppWorkerThread+0x5a4 (FPO: [Non-Fpo])
        00bbf938 77c7377b 003ecb38 7775c35e 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
        00bbf978 77c7374e 77c403e9 003ecb38 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
        00bbf990 00000000 77c403e9 003ecb38 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

        THREAD 8fdb4d48  Cid 045c.0594  Teb: 7ffd9000 Win32Thread: ff433ae8 WAIT: (UserRequest) UserMode Non-Alertable
            8fd4ae80  SynchronizationEvent
            8fd4ad40  SynchronizationEvent
        Not impersonating
        DeviceMap                 8da08870
        Owning Process            8fd7d030       Image:         LogonUI.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      1388           Ticks: 1392 (0:00:00:21.715)
        Context Switch Count      2             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address msvcrt!_endthreadex (0x765612e5)
        Stack Init 9a727ed0 Current 9a727648 Base 9a728000 Limit 9a725000 Call 0
        Priority 13 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        ChildEBP RetAddr  Args to Child              
        9a727660 8469c65d 8fdb4d48 8474bf08 84748d20 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
        9a727698 8469b4a7 8fd4ad40 8fdb4d48 8fdb4e44 nt!KiSwapThread+0x266
        9a7276c0 84697484 8fdb4d48 8fdb4e08 00000000 nt!KiCommitThreadWait+0x1df
        9a72783c 84847900 00000002 9a727974 00000001 nt!KeWaitForMultipleObjects+0x535
        9a727ac8 8484766d 00000002 9a727afc 00000001 nt!ObpWaitForMultipleObjects+0x262
        9a727c18 8465c27a 00000002 0287f860 00000001 nt!NtWaitForMultipleObjects+0xcd
        9a727c18 77c57094 00000002 0287f860 00000001 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 9a727c34)
        0287f80c 77c56a04 75e36a36 00000002 0287f860 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
        0287f810 75e36a36 00000002 0287f860 00000001 ntdll!ZwWaitForMultipleObjects+0xc (FPO: [5,0,0])
        0287f8ac 773cbd1e 0287f860 0287f8d4 00000000 KERNELBASE!WaitForMultipleObjectsEx+0x100 (FPO: [Non-Fpo])
        0287f8f4 763a62f9 00000002 7ffdb000 00000000 kernel32!WaitForMultipleObjectsExImplementation+0xe0 (FPO: [Non-Fpo])
        0287f948 73c68d86 000001c0 0287f97c ffffffff USER32!RealMsgWaitForMultipleObjectsEx+0x13c (FPO: [Non-Fpo])
        0287f968 73c61848 000004ff ffffffff 00000001 DUser!CoreSC::Wait+0x59 (FPO: [Non-Fpo])
        0287f99c 73c68c8a 0287f9dc 00000000 00000000 DUser!CoreSC::xwProcessNL+0xaa (FPO: [Non-Fpo])
        0287f9bc 73c68be8 0287f9dc 00000000 00000000 DUser!GetMessageExA+0x44 (FPO: [Non-Fpo])
        0287fa10 76561287 00000000 23501784 00000000 DUser!ResourceManager::SharedThreadProc+0xb6 (FPO: [Non-Fpo])
        0287fa48 76561328 0287fa5c 773ced6c 00339d58 msvcrt!_endthreadex+0x44 (FPO: [Non-Fpo])
        0287fa50 773ced6c 00339d58 0287fa9c 77c7377b msvcrt!_endthreadex+0xce (FPO: [Non-Fpo])
        0287fa5c 77c7377b 00339d58 7549c0ba 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
        0287fa9c 77c7374e 765612e5 00339d58 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
        0287fab4 00000000 765612e5 00339d58 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

        THREAD 8fdafd48  Cid 045c.0598  Teb: 7ffd8000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
            8fde7910  SynchronizationEvent
        Not impersonating
        DeviceMap                 8da08870
        Owning Process            8fd7d030       Image:         LogonUI.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      1863           Ticks: 917 (0:00:00:14.305)
        Context Switch Count      525             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address wdmaud!CWorker::_StaticThreadProc (0x73cf80eb)
        Stack Init 9a72bed0 Current 9a72bac8 Base 9a72c000 Limit 9a729000 Call 0
        Priority 15 BasePriority 15 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
        ChildEBP RetAddr  Args to Child              
        9a72bae0 8469c65d 8fdafd48 8474bf08 84748d20 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
        9a72bb18 8469b4a7 8fdafe08 8fdafd48 8fde7910 nt!KiSwapThread+0x266
        9a72bb40 846950cf 8fdafd48 8fdafe08 00000000 nt!KiCommitThreadWait+0x1df
        9a72bbb8 84846d17 8fde7910 00000006 9a72ba01 nt!KeWaitForSingleObject+0x393
        9a72bc20 8465c27a 000000e4 00000000 00000000 nt!NtWaitForSingleObject+0xc6
        9a72bc20 77c57094 000000e4 00000000 00000000 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 9a72bc34)
        006df6dc 77c56a24 77c42278 000000e4 00000000 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
        006df6e0 77c42278 000000e4 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])
        006df744 77c4215c 00000000 00000000 77c67c14 ntdll!RtlpWaitOnCriticalSection+0x13e (FPO: [Non-Fpo])
        006df76c 77c68c76 77ce7340 77a3c2fa 00000001 ntdll!RtlEnterCriticalSection+0x150 (FPO: [Non-Fpo])
        006df8dc 77c68aa0 00000001 00000001 00000000 ntdll!LdrGetDllHandleEx+0x2f7 (FPO: [Non-Fpo])
        006df8f8 75e389cc 00000001 00000000 006df968 ntdll!LdrGetDllHandle+0x18 (FPO: [Non-Fpo])
        006df94c 75e388ca 006df968 21ba0871 00000000 KERNELBASE!GetModuleHandleForUnicodeString+0x22 (FPO: [Non-Fpo])
        006dfdc4 75e3899a 00000001 00000002 761289e0 KERNELBASE!BasepGetModuleHandleExW+0x181 (FPO: [Non-Fpo])
        006dfddc 761289b2 761289e0 00000000 00416078 KERNELBASE!GetModuleHandleW+0x29 (FPO: [Non-Fpo])
        006dfdf4 761288e8 006dfe0c 00000000 00000000 ole32!wCoUninitialize+0x1cc (FPO: [Non-Fpo])
        006dfe10 73cf8121 00000000 00000000 003f8c30 ole32!CoUninitialize+0x72 (FPO: [Non-Fpo])
        006dfe24 773ced6c 003f8c30 006dfe70 77c7377b wdmaud!CWorker::_StaticThreadProc+0x36 (FPO: [Non-Fpo])
        006dfe30 77c7377b 003f8c30 77a3c456 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
        006dfe70 77c7374e 73cf80eb 003f8c30 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
        006dfe88 00000000 73cf80eb 003f8c30 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

        THREAD ada59350  Cid 045c.05e8  Teb: 7ffd7000 Win32Thread: ff40f878 WAIT: (UserRequest) UserMode Non-Alertable
            adb2a868  SynchronizationEvent
        Not impersonating
        DeviceMap                 8da08870
        Owning Process            8fd7d030       Image:         LogonUI.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      1777           Ticks: 1003 (0:00:00:15.646)
        Context Switch Count      779             
        UserTime                  00:00:00.015
        KernelTime                00:00:00.062
        Win32 Start Address authui!CCredentialProviderThread::_sThreadProc (0x747b5285)
        Stack Init ae6dded0 Current ae6ddac8 Base ae6de000 Limit ae6db000 Call d34
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        ChildEBP RetAddr  Args to Child              
        ae6ddae0 8469c65d ada59350 8474bf08 84748d20 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
        ae6ddb18 8469b4a7 ada59410 ada59350 adb2a868 nt!KiSwapThread+0x266
        ae6ddb40 846950cf ada59350 ada59410 00000000 nt!KiCommitThreadWait+0x1df
        ae6ddbb8 84846d17 adb2a868 00000006 ae6ddb01 nt!KeWaitForSingleObject+0x393
        ae6ddc20 8465c27a 00000404 00000000 00000000 nt!NtWaitForSingleObject+0xc6
        ae6ddc20 77c57094 00000404 00000000 00000000 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ ae6ddc34)
        02efd8e4 77c56a24 77c42278 00000404 00000000 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
        02efd8e8 77c42278 00000404 00000000 00000000 ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])
        02efd94c 77c4215c 00000000 00000000 00000000 ntdll!RtlpWaitOnCriticalSection+0x13e (FPO: [Non-Fpo])
        02efd974 763a25b0 763f92a0 00000011 74300000 ntdll!RtlEnterCriticalSection+0x150 (FPO: [Non-Fpo])
        02efd9f0 7639f027 74300000 7430b176 02efdc20 USER32!InitUserApiHook+0x21 (FPO: [Non-Fpo])
        02efdb20 77c56fce 02efdb38 00000098 02efe1f0 USER32!__ClientLoadLibrary+0xab (FPO: [Non-Fpo])
        02efdbcc 7639eb94 7639eb28 80000000 02efdef8 ntdll!KiUserCallbackDispatcher+0x2e (FPO: [0,0,0])
        02efdbd0 7639eb28 80000000 02efdef8 02efdc20 USER32!NtUserCreateWindowEx+0xc (FPO: [15,0,0])
        02efde74 7639ec54 80000000 02efdef8 00000000 USER32!VerNtUserCreateWindowEx+0x1a3 (FPO: [Non-Fpo])
        02efdf20 7639bf73 80000000 77b168a8 00000000 USER32!_CreateWindowEx+0x201 (FPO: [Non-Fpo])
        02efdf5c 77b168fa 00000000 77b168a8 00000000 USER32!CreateWindowExA+0x33 (FPO: [Non-Fpo])
        02efdfa8 77b19a45 00000001 0049c9e8 02efdfcc urlmon!GetThreadNotificationWnd+0x57 (FPO: [Non-Fpo])
        02efdfb8 77b1997b 0049c9e8 00000000 00000000 urlmon!CTransaction::GetNotificationWnd+0x19 (FPO: [Non-Fpo])
        02efdfcc 77b194a6 00000100 0049c86c 0049c868 urlmon!CTransaction::Create+0x3c (FPO: [Non-Fpo])
        02efdff4 77b19ffc 00000100 0049c86c 0049c868 urlmon!GetTransactionObjects+0x144 (FPO: [Non-Fpo])
        02efe088 77b19dcc 0049c624 00432fa0 00000000 urlmon!CBinding::StartBinding+0x351 (FPO: [5,29,4])
        02efe0c4 77b19cef 00000000 00000000 00432fa0 urlmon!CUrlMon::StartBinding+0x19f (FPO: [Non-Fpo])
        02efe0ec 72936f4f 00433120 00000000 00000000 urlmon!CUrlMon::BindToStorage+0x71 (FPO: [Non-Fpo])
        02efe138 72936e40 00433120 00000000 00000000 msxml3!URLStream::OpenURL+0x3b0 (FPO: [Non-Fpo])
        02efe154 729327a4 02efe170 00000000 04194700 msxml3!URLStream::Open+0xa7 (FPO: [Non-Fpo])
        02efe188 72932651 00000000 04b95150 00000001 msxml3!XMLParser::PushURL+0x14b (FPO: [Non-Fpo])
        02efe1b4 7293253d 02c4910b 00000000 04b95150 msxml3!XMLParser::SetURL+0x62 (FPO: [Non-Fpo])
        02efe200 72932411 00000001 00000000 00000000 msxml3!Document::_load+0x117 (FPO: [Non-Fpo])
        02efe21c 729325ab 04b95140 00000001 206f3cec msxml3!Document::load+0x44 (FPO: [Non-Fpo])
        02efe28c 74b84cc6 00000000 01cd0008 18395b00 msxml3!DOMDocumentWrapper::load+0x1e8 (FPO: [Non-Fpo])
        02efe310 72ea464b 02efe3d8 21b2224c 00000000 EgisUtility!CMuiImpl::ResetLangFile+0xd6 (CONV: thiscall) 
        02efe7f4 72ea50f3 21b2296c 00000001 02efe840 EgisCredentialProvider!GetInitRes+0x23b (FPO: [Uses EBP] [0,306,5]) (CONV: cdecl) 
        02efe80c 72eab6f9 00480af8 00000001 00000000 EgisCredentialProvider!DllMain+0x73 (FPO: [3,3,2]) (CONV: stdcall) 
        02efe850 72eab7b3 72ea0000 02efe87c 77c68968 EgisCredentialProvider!__DllMainCRTStartup+0x7a (FPO: [Non-Fpo]) (CONV: cdecl) 
        02efe85c 77c68968 72ea0000 00000001 00000000 EgisCredentialProvider!_DllMainCRTStartup+0x1e (FPO: [Non-Fpo]) (CONV: stdcall) 
        02efe87c 77c75c11 72eab795 72ea0000 00000001 ntdll!LdrpCallInitRoutine+0x14
        02efe970 77c704be 00000000 7521d0fa 77c57c1a ntdll!LdrpRunInitializeRoutines+0x26f (FPO: [Non-Fpo])
        02efeadc 77c722b2 02efeb3c 02efeb08 00000000 ntdll!LdrpLoadDll+0x4d1 (FPO: [Non-Fpo])
        02efeb10 75e38b51 003d5d1c 02efeb54 02efeb3c ntdll!LdrLoadDll+0x92 (FPO: [Non-Fpo])

        THREAD ada5c520  Cid 045c.0618  Teb: 7ffd5000 Win32Thread: 00000000 WAIT: (UserRequest) UserMode Non-Alertable
            8fdbb7e8  SynchronizationEvent
        Not impersonating
        DeviceMap                 8da08870
        Owning Process            8fd7d030       Image:         LogonUI.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      2778           Ticks: 2 (0:00:00:00.031)
        Context Switch Count      341             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
*** WARNING: Unable to verify checksum for ImageReog.dll
        Win32 Start Address ImageReog!ILT+755(?fnReleaseProcessYGKPAXZ) (0x100012f8)
        Stack Init 9a790ed0 Current 9a790ac8 Base 9a791000 Limit 9a78e000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        ChildEBP RetAddr  Args to Child              
        9a790ae0 8469c65d ada5c520 8474bf08 84748d20 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
        9a790b18 8469b4a7 ada5c5e0 ada5c520 8fdbb7e8 nt!KiSwapThread+0x266
        9a790b40 846950cf ada5c520 ada5c5e0 000000dd nt!KiCommitThreadWait+0x1df
        9a790bb8 84846d17 8fdbb7e8 00000006 9a790c01 nt!KeWaitForSingleObject+0x393
        9a790c20 8465c27a 000002c0 00000000 9a790be4 nt!NtWaitForSingleObject+0xc6
        9a790c20 77c57094 000002c0 00000000 9a790be4 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 9a790c34)
        02d8fd98 77c56a24 75e3179c 000002c0 00000000 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
        02d8fd9c 75e3179c 000002c0 00000000 02d8fde4 ntdll!ZwWaitForSingleObject+0xc (FPO: [3,0,0])
        02d8fe08 773cc2f3 000002c0 00000032 00000000 KERNELBASE!WaitForSingleObjectEx+0x98 (FPO: [Non-Fpo])
        02d8fe20 773cc2a2 000002c0 00000032 00000000 kernel32!WaitForSingleObjectExImplementation+0x75 (FPO: [Non-Fpo])
        02d8fe34 10006d5a 000002c0 00000032 00000000 kernel32!WaitForSingleObject+0x12 (FPO: [Non-Fpo])
        02d8fe44 773ced6c 00000000 02d8fe90 77c7377b ImageReog!fnReleaseProcess+0x2a (FPO: [1,0,4]) (CONV: stdcall) 
        02d8fe50 77c7377b 00000000 7516c4b6 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
        02d8fe90 77c7374e 100012f8 00000000 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
        02d8fea8 00000000 100012f8 00000000 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

        THREAD ada5cd48  Cid 045c.061c  Teb: 7ffd6000 Win32Thread: ff40ebc0 WAIT: (UserRequest) UserMode Alertable
            8fd1bc98  SynchronizationEvent
        Not impersonating
        DeviceMap                 8da08870
        Owning Process            8fd7d030       Image:         LogonUI.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      1554           Ticks: 1226 (0:00:00:19.125)
        Context Switch Count      31             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address MMDevAPI!CDeviceEnumerator::PnpNotificationThreadWrapper (0x744627e1)
        Stack Init 9a770ed0 Current 9a770648 Base 9a771000 Limit 9a76e000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        ChildEBP RetAddr  Args to Child              
        9a770660 8469c65d ada5cd48 8474bf08 84748d20 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
        9a770698 8469b4a7 8fd1bc98 ada5cd48 ada5ce2c nt!KiSwapThread+0x266
        9a7706c0 84697484 ada5cd48 ada5ce08 00000000 nt!KiCommitThreadWait+0x1df
        9a77083c 84847900 00000001 9a770974 00000001 nt!KeWaitForMultipleObjects+0x535
        9a770ac8 8484766d 00000001 9a770af8 00000001 nt!ObpWaitForMultipleObjects+0x262
        9a770c18 8465c27a 00000001 02e8f634 00000001 nt!NtWaitForMultipleObjects+0xcd
        9a770c18 77c57094 00000001 02e8f634 00000001 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 9a770c34)
        02e8f5e0 77c56a04 75e36a36 00000001 02e8f634 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
        02e8f5e4 75e36a36 00000001 02e8f634 00000001 ntdll!ZwWaitForMultipleObjects+0xc (FPO: [5,0,0])
        02e8f680 773cbd1e 02e8f634 02e8f6a8 00000000 KERNELBASE!WaitForMultipleObjectsEx+0x100 (FPO: [Non-Fpo])
        02e8f6c8 763a62f9 00000001 7ffdb000 00000000 kernel32!WaitForMultipleObjectsExImplementation+0xe0 (FPO: [Non-Fpo])
        02e8f71c 74462101 0000025c 00000000 ffffffff USER32!RealMsgWaitForMultipleObjectsEx+0x13c (FPO: [Non-Fpo])
        02e8f7c4 744627ee 02e8f7d8 773ced6c 003f8e38 MMDevAPI!CDeviceEnumerator::PnpNotificationThread+0x2a3 (FPO: [Non-Fpo])
        02e8f7cc 773ced6c 003f8e38 02e8f818 77c7377b MMDevAPI!CDeviceEnumerator::PnpNotificationThreadWrapper+0xd (FPO: [Non-Fpo])
        02e8f7d8 77c7377b 003f8e38 7526c23e 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
        02e8f818 77c7374e 744627e1 003f8e38 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
        02e8f830 00000000 744627e1 003f8e38 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

        THREAD ada5d2b8  Cid 045c.0620  Teb: 7ffd4000 Win32Thread: 00000000 WAIT: (WrQueue) UserMode Alertable
            8fce3d80  QueueObject
        Not impersonating
        DeviceMap                 8da08870
        Owning Process            8fd7d030       Image:         LogonUI.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      1536           Ticks: 1244 (0:00:00:19.406)
        Context Switch Count      22             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x77c403e9)
        Stack Init 9a7a4ed0 Current 9a7a4a60 Base 9a7a5000 Limit 9a7a2000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        ChildEBP RetAddr  Args to Child              
        9a7a4a78 8469c65d ada5d2b8 807f9308 807f6120 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
        9a7a4ab0 8469b4a7 ada5d378 ada5d2b8 8fce3d80 nt!KiSwapThread+0x266
        9a7a4ad8 8469c1ad ada5d2b8 ada5d378 000000c7 nt!KiCommitThreadWait+0x1df
        9a7a4b38 84846e93 8fce3d80 bdfd2901 00000001 nt!KeRemoveQueueEx+0x4f8
        9a7a4b90 846a28f3 8fce3d80 9a7a4bc8 9a7a4bf0 nt!IoRemoveIoCompletion+0x23
        9a7a4c24 8465c27a 000000c4 031efbd8 031efc84 nt!NtWaitForWorkViaWorkerFactory+0x1a1
        9a7a4c24 77c57094 000000c4 031efbd8 031efc84 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 9a7a4c34)
        031efb20 77c56a34 77c414e3 000000c4 031efbd8 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
        031efb24 77c414e3 000000c4 031efbd8 74d0c6a2 ntdll!NtWaitForWorkViaWorkerFactory+0xc (FPO: [2,0,0])
        031efc84 773ced6c 003ecb38 031efcd0 77c7377b ntdll!TppWorkerThread+0x216 (FPO: [Non-Fpo])
        031efc90 77c7377b 003ecb38 74d0c6f6 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
        031efcd0 77c7374e 77c403e9 003ecb38 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
        031efce8 00000000 77c403e9 003ecb38 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

        THREAD ada5f6c0  Cid 045c.0624  Teb: 7ffd3000 Win32Thread: 00000000 WAIT: (Executive) UserMode Non-Alertable
            8fd7918c  Semaphore Limit 0x7fffffff
        Not impersonating
        DeviceMap                 8da08870
        Owning Process            8fd7d030       Image:         LogonUI.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      1554           Ticks: 1226 (0:00:00:19.125)
        Context Switch Count      54             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!EtwpNotificationThread (0x77c2f4e0)
        Stack Init 9a774ed0 Current 9a774a70 Base 9a775000 Limit 9a772000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 2 IoPriority 2 PagePriority 5
        ChildEBP RetAddr  Args to Child              
        9a774a88 8469c65d ada5f6c0 807f9308 807f6120 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
        9a774ac0 8469b4a7 ada5f780 ada5f6c0 8fd7918c nt!KiSwapThread+0x266
        9a774ae8 846950cf ada5f6c0 ada5f780 00000025 nt!KiCommitThreadWait+0x1df
        9a774b60 84806596 8fd7918c 00000000 00000001 nt!KeWaitForSingleObject+0x393
        9a774bb8 8486edba adcb3bf8 00000400 9a774bf4 nt!EtwpReceiveNotification+0xf4
        9a774c14 8465c27a 00000010 00000000 00000000 nt!NtTraceControl+0x281
        9a774c14 77c57094 00000010 00000000 00000000 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ 9a774c34)
        02defe98 77c56924 77c2f525 00000010 00000000 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
        02defe9c 77c2f525 00000010 00000000 00000000 ntdll!NtTraceControl+0xc (FPO: [6,0,0])
        02defecc 773ced6c 00000000 02deff18 77c7377b ntdll!EtwpNotificationThread+0x3d (FPO: [Non-Fpo])
        02defed8 77c7377b 00000000 7510c53e 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
        02deff18 77c7374e 77c2f4e0 00000000 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
        02deff30 00000000 77c2f4e0 00000000 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])

        THREAD ada84580  Cid 045c.06a4  Teb: 7ff9f000 Win32Thread: 00000000 WAIT: (WrQueue) UserMode Alertable
            ada92d40  QueueObject
        Not impersonating
        DeviceMap                 8da08870
        Owning Process            8fd7d030       Image:         LogonUI.exe
        Attached Process          N/A            Image:         N/A
        Wait Start TickCount      1591           Ticks: 1189 (0:00:00:18.548)
        Context Switch Count      2             
        UserTime                  00:00:00.000
        KernelTime                00:00:00.000
        Win32 Start Address ntdll!TppWorkerThread (0x77c403e9)
        Stack Init ae617ed0 Current ae617a60 Base ae618000 Limit ae615000 Call 0
        Priority 15 BasePriority 13 UnusualBoost 0 ForegroundBoost 1 IoPriority 2 PagePriority 5
        ChildEBP RetAddr  Args to Child              
        ae617a78 8469c65d ada84580 807f9308 807f6120 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4])
        ae617ab0 8469b4a7 ada84640 ada84580 ada92d40 nt!KiSwapThread+0x266
        ae617ad8 8469c1ad ada84580 ada84640 00000000 nt!KiCommitThreadWait+0x1df
        ae617b38 84846e93 ada92d40 846db401 00000001 nt!KeRemoveQueueEx+0x4f8
        ae617b90 846a28f3 ada92d40 ae617bc8 ae617bf0 nt!IoRemoveIoCompletion+0x23
        ae617c24 8465c27a 000003a0 03dafe38 03dafee4 nt!NtWaitForWorkViaWorkerFactory+0x1a1
        ae617c24 77c57094 000003a0 03dafe38 03dafee4 nt!KiFastCallEntry+0x12a (FPO: [0,3] TrapFrame @ ae617c34)
        03dafd80 77c56a34 77c414e3 000003a0 03dafe38 ntdll!KiFastSystemCallRet (FPO: [0,0,0])
        03dafd84 77c414e3 000003a0 03dafe38 7414c4c2 ntdll!NtWaitForWorkViaWorkerFactory+0xc (FPO: [2,0,0])
        03dafee4 773ced6c 00479a78 03daff30 77c7377b ntdll!TppWorkerThread+0x216 (FPO: [Non-Fpo])
        03dafef0 77c7377b 00479a78 7414c516 00000000 kernel32!BaseThreadInitThunk+0xe (FPO: [Non-Fpo])
        03daff30 77c7374e 77c403e9 00479a78 00000000 ntdll!__RtlUserThreadStart+0x70 (FPO: [Non-Fpo])
        03daff48 00000000 77c403e9 00479a78 00000000 ntdll!_RtlUserThreadStart+0x1b (FPO: [Non-Fpo])
IP 地址: 已记录   报告
   2012-06-16, 20:09 下午
domo9528 离线,最后访问时间: 2012/6/16 11:36:33 domo9528

发帖数前200位
注册: 2012-06-16
发 贴: 5
Indifferent [:|] Re: 求助,Win7登陆界面CredentialProvider出现卡住的现象,但是确定不了原因
Reply Quote
目前已知可能是 THREAD ada59350 和 THREAD ada5c520 中的2个CP的dll引起的 导致主线程 THREAD 8fd5d938 也卡住 
IP 地址: 已记录   报告
   2012-06-17, 23:33 下午
Raymond 离线,最后访问时间: 2020/7/3 3:40:25 格蠹老雷

发帖数前10位
注册: 2005-12-19
发 贴: 1,303
Re: 求助,Win7登陆界面CredentialProvider出现卡住的现象,但是确定不了原因
Reply Quote

很像是著名的LoaderLock死锁,THREAD ada59350 线程的嫌疑较大,拿到LoadLock后又去进另一个关键区,未遂,LoaderLock被Hold住不放了...

如果需要更多帮忙,可以把Dump文件压缩了发到我的GMAIL信箱

http://advdbg.org/books/swdbg/feedback.aspx

 
IP 地址: 已记录   报告
   2012-06-18, 14:07 下午
domo9528 离线,最后访问时间: 2012/6/16 11:36:33 domo9528

发帖数前200位
注册: 2012-06-16
发 贴: 5
Re: 求助,Win7登陆界面CredentialProvider出现卡住的现象,但是确定不了原因
Reply Quote
      谢谢张老师的解答,我这边会把dump上传到gmail.

      我这边有进一步去追这个问题,看起来像是您所说的LoaderLock死锁,从问题线程的调用来看,在DllMain中,Callstack中间接的调用了User32.dll 以及LoadLibrary.这边的行为的确和微软在Best Practices for Creating DLLs中规定的相违背。而且从主线程和问题线程的Callstack 来看,调用的顺序也非常类似,直到最后进去了关键区都是相互对应。

      并且,在修改了这边的代码,将问题线程中相关操作移动到其他时间点调用,就不会出现Hangup的现象。 所以应该也是比较明确出问题的代码段。不过我这边想进一步了解这边发生的机制。

从目前的结果来看,问题线程的这种调用,其实也使用了一段时间,却没有发现这个问题,而这个问题之所以会出现的原因是,新增加了一个thread 在做WaitForSingleObject(xxx, 50);在新增该线程之后,大概1/10的概率会出现这种Hangup的现象。移除这个线程,也不会出现Hangup的现象。

所以对于这个问题,我的理解是,由于WaitForSingleObject()的操作,导致LogonUI.exe本身的performance下降,使得本身存在风险的代码,出现了loadlock死锁。不过对于单独线程做WaitForSingleObject的操作,影响logonUI主线程的performance,这边也只是目前测试结果下的猜测。
IP 地址: 已记录   报告
   2012-06-18, 14:33 下午
domo9528 离线,最后访问时间: 2012/6/16 11:36:33 domo9528

发帖数前200位
注册: 2012-06-16
发 贴: 5
Re: 求助,Win7登陆界面CredentialProvider出现卡住的现象,但是确定不了原因
Reply Quote
我刚看了其他帖子里的loaderlock的内容

抓到如下的内容
0: kd> !ntsdexts.locks

CritSec ntdll!LdrpLoaderLock+0 at 77ce7340
WaiterWoken        No
LockCount          2
RecursionCount     1
OwningThread       5e8
EntryCount         0
ContentionCount    22
*** Locked

0: kd> !locks

CritSec ntdll!LdrpLoaderLock+0 at 77ce7340
WaiterWoken        No
LockCount          2
RecursionCount     1
OwningThread       5e8
EntryCount         0
ContentionCount    22
*** Locked


这边是不是可以确认就是loaderlock?
IP 地址: 已记录   报告
   2012-06-18, 16:00 下午
domo9528 离线,最后访问时间: 2012/6/16 11:36:33 domo9528

发帖数前200位
注册: 2012-06-16
发 贴: 5
Re: 求助,Win7登陆界面CredentialProvider出现卡住的现象,但是确定不了原因
Reply Quote
张老师,我这边发现,问题线程 中 RtlEnterCriticalSection  被主线程所占用,而 主线程 中 RtlEnterCriticalSection 被问题线程占用,所以出现了死锁. 
原理是知道了但是 没有WaitForSingleObject()的线程,却不会出现Hangup的现象,这边还是很困惑我。您有什么建议么?

0: kd> !cs 763f92a0
-----------------------------------------
Critical section   = 0x763f92a0 (USER32!gcsUserApiHook+0x0)
DebugInfo          = 0x003d51a0
LOCKED
LockCount          = 0x1
WaiterWoken        = No
OwningThread       = 0x00000460
RecursionCount     = 0x1
LockSemaphore      = 0x404
SpinCount          = 0x00000000

0: kd> !cs 77ce7340
-----------------------------------------
Critical section   = 0x77ce7340 (ntdll!LdrpLoaderLock+0x0)
DebugInfo          = 0x77ce7540
LOCKED
LockCount          = 0x2
WaiterWoken        = No
OwningThread       = 0x000005e8
RecursionCount     = 0x1
LockSemaphore      = 0xE4
SpinCount          = 0x00000000
IP 地址: 已记录   报告
高端调试 » 软件调试 » Windows内核调试 » 求助,Win7登陆界面CredentialProvider出现卡住的现象,但是确定不了原因

 
Legal Notice Privacy Statement Corporate Governance Corporate Governance
(C)2004-2020 ADVDBG.ORG All Rights Reserved.