Advertisement
Guest User

Untitled

a guest
Mar 26th, 2017
86
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 6.10 KB | None | 0 0
  1. kd> !process 0 0
  2.  
  3. PROCESS ffffe001f9652080
  4. SessionId: 1 Cid: 0da4 Peb: 7ffdf000 ParentCid: 0588
  5. DirBase: 11d6d000 ObjectTable: ffffc0013e905680 HandleCount: <Data Not Accessible>
  6. Image: myfile.exe
  7.  
  8. kd> !process ffffe001f9652080 7
  9.  
  10. 1: kd> !process ffffe001f9652080 7
  11. PROCESS ffffe001f9652080
  12. SessionId: 1 Cid: 0da4 Peb: 7ffdf000 ParentCid: 0588
  13. DirBase: 11d6d000 ObjectTable: ffffc0013e905680 HandleCount: <Data Not Accessible>
  14. Image: myfile.exe
  15. VadRoot ffffe001f64dda10 Vads 129 Clone 0 Private 5676. Modified 520. Locked 0.
  16. DeviceMap ffffc0013dff8c30
  17. Token ffffc0014336a8e0
  18. ElapsedTime 00:08:14.197
  19. UserTime 00:00:00.046
  20. KernelTime 00:00:00.125
  21. QuotaPoolUsage[PagedPool] 231392
  22. QuotaPoolUsage[NonPagedPool] 17632
  23. Working Set Sizes (now,min,max) (11793, 50, 345) (47172KB, 200KB, 1380KB)
  24. PeakWorkingSetSize 13859
  25. VirtualSize 148 Mb
  26. PeakVirtualSize 159 Mb
  27. PageFaultCount 24764
  28. MemoryPriority BACKGROUND
  29. BasePriority 8
  30. CommitCharge 6195
  31. DebugPort ffffe001fa6f0f90
  32. Job ffffe001f8544620
  33. THREAD ffffe001fa713440 Cid 0da4.10a4 Teb: 000000007ffdb000 Win32Thread: ffffe001f6822cb0 WAIT: (WrUserRequest) UserMode Non-Alertable
  34. ffffe001fa4bbb90 SynchronizationEvent
  35. Not impersonating
  36. DeviceMap ffffc0013dff8c30
  37. Owning Process ffffe001f9652080 Image: myfile.exe
  38. Attached Process N/A Image: N/A
  39. Wait Start TickCount 56653 Ticks: 2 (0:00:00:00.031)
  40. Context Switch Count 11053 IdealProcessor: 2
  41. UserTime 00:00:01.125
  42. KernelTime 00:00:00.781
  43. Win32 Start Address 0x000000000044aa31
  44. Stack Init ffffd00025d59c90 Current ffffd00025d59480
  45. Base ffffd00025d5a000 Limit ffffd00025d54000 Call 0
  46. Priority 10 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
  47.  
  48. Child-SP RetAddr : Args to Child : Call Site
  49. ffffd000`25d594c0 fffff802`a1c92130 : ffffe001`f805e0c0 fffff961`00000000 ffffe001`fa713440 fffff802`a1c8ee76 : nt!KiSwapContext+0x76
  50. ffffd000`25d59600 fffff802`a1c91b48 : 00000000`00000000 00000000`00010001 00000000`00000000 00000000`00000000 : nt!KiSwapThread+0x160
  51. ffffd000`25d596b0 fffff802`a1c9120d : 00000000`00000000 00000000`00000000 ffffd000`25d59900 00000000`00000000 : nt!KiCommitThreadWait+0x148
  52. ffffd000`25d59740 fffff961`00c95dc5 : fffff901`00000000 ffffd000`25d598a0 fffff901`423edb20 fffff901`0000000d : nt!KeWaitForMultipleObjects+0x3fd
  53. ffffd000`25d59800 fffff961`00c959f8 : fffff901`423edb20 fffff901`423edb20 00000000`00003dff fffff961`00c958a3 : win32kfull!xxxRealSleepThread+0x355
  54. ffffd000`25d598f0 fffff961`00c94ba0 : ffffd000`25d59b80 00000000`00000000 fffff901`423edb20 00000000`00000000 : win32kfull!xxxSleepThread2+0x98
  55. ffffd000`25d59940 fffff961`00c93fc0 : ffffd000`25d59ab8 ffffd000`25d5c240 00000000`00000000 00000000`ffffffff : win32kfull!xxxRealInternalGetMessage+0xb70
  56. ffffd000`25d59a70 fffff802`a1dd2a63 : ffffe001`fa713440 00000000`570a8480 00000000`00000020 00000000`00000000 : win32kfull!NtUserGetMessage+0x90
  57. ffffd000`25d59b00 00000000`570b344a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ ffffd000`25d59b00)
  58. 00000000`0009e6b8 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : 0x570b344a
  59.  
  60. THREAD ffffe001fab05840 Cid 0da4.11ac Teb: 000000007fe9e000 Win32Thread: 0000000000000000 WAIT: (WrQueue) UserMode Alertable
  61. ffffe001f6741d40 QueueObject
  62. Not impersonating
  63. DeviceMap ffffc0013dff8c30
  64. Owning Process ffffe001f9652080 Image: myfile.exe
  65. Attached Process N/A Image: N/A
  66. Wait Start TickCount 51667 Ticks: 4988 (0:00:01:17.937)
  67. Context Switch Count 34 IdealProcessor: 2
  68. UserTime 00:00:00.000
  69. KernelTime 00:00:00.015
  70. Win32 Start Address 0x0000000077e54630
  71. Stack Init ffffd000203cfc90 Current ffffd000203cf420
  72. Base ffffd000203d0000 Limit ffffd000203ca000 Call 0
  73. Priority 8 BasePriority 8 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5
  74. Child-SP RetAddr : Args to Child : Call Site
  75. ffffd000`203cf460 fffff802`a1c92130 : 0000ffff`00000000 00000000`00000001 ffffe001`fab05980 ffffe001`fab05940 : nt!KiSwapContext+0x76
  76. ffffd000`203cf5a0 fffff802`a1c91b48 : 00000000`743af562 00000000`00000030 00000000`00000000 ffffe001`f9652578 : nt!KiSwapThread+0x160
  77. ffffd000`203cf650 fffff802`a1c907a5 : 00000000`69f79021 00000000`00000010 fffffa80`013de6b0 fffffa80`0127b690 : nt!KiCommitThreadWait+0x148
  78. ffffd000`203cf6e0 fffff802`a1c90382 : ffffe001`f6741d40 00000000`00000000 00000000`00000001 00000000`00000000 : nt!KeRemoveQueueEx+0x215
  79. ffffd000`203cf750 fffff802`a1c8fd43 : fffff680`003a1d78 ffffe001`f9652578 ffffd000`203cfa00 00000000`00000000 : nt!IoRemoveIoCompletion+0x82
  80. ffffd000`203cf870 fffff802`a1dd2a63 : fffff6fb`40001d08 fffff680`003a1d78 ffff504a`eece1c5c 00000000`00000000 : nt!NtWaitForWorkViaWorkerFactory+0x303
  81. ffffd000`203cfa90 00007ff9`eeab538a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ ffffd000`203cfb00)
  82. 00000000`049eea78 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : ntdll!NtWaitForWorkViaWorkerFactory+0xa
  83.  
  84. Stack Init ffffd00025d59c90 Current ffffd00025d59480
  85. Stack Init ffffd000203cfc90 Current ffffd000203cf420
  86.  
  87. dc ffffd00025d59c90
  88. dc ffffd000203cfc90
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement