O'Reilly logo

Memory Dump Analysis Anthology, Volume 8a by Dmitry Vostokov

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Wait Chain (RTL_RESOURCE)

Here we provide another variant of a general Wait Chain pattern (Volume 1, page 482) related to RtlAcquireResourceShared and RtlAcquireResourceExclusive calls:

 THREAD fffffa8052d66060 Cid 03c0.3240 Teb: 000007fffff90000 Win32Thread: 0000000000000000 WAIT: (UserRequest) UserMode Non-Alertable fffffa804a79ad50 Semaphore Limit 0x7fffffff Impersonation token: fffff8a01b19d060 (Level Impersonation) DeviceMap fffff8a0035276c0 Owning Process fffffa804a16b260 Image: lsm.exe Attached Process N/A Image: N/A Wait Start TickCount 73343513 Ticks: 1460259 (0:06:20:16.546) Context Switch Count 17 IdealProcessor: 1 UserTime 00:00:00.000 KernelTime 00:00:00.000 Win32 Start Address ntdll!TppWorkerThread (0x000000007735fbf0) Stack ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required