1. 首頁
  2. 問答
  3. WAIT:(WrLpcReceive)沒有消息?

WAIT:(WrLpcReceive)沒有消息?

2014-12-19 38 views
0

我有一個系統掛起的內核轉儲,我偶然發現系統線程中的一些佔用的ALPC端口。從nt!AlpcpReceiveMessage我可以看到線程正在等待的端口。從端口我可以看到正在等待的線程。但線程本身並不表示典型的 - thread X is waiting for ALPC message Y on ALPC port ZWAIT:(WrLpcReceive)沒有消息?

主題:

0: kd> !thread fffffa80069dc040 
THREAD fffffa80069dc040 Cid 0004.00b0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT: (WrLpcReceive) UserMode Non-Alertable 
    fffffa80069dc408 Semaphore Limit 0x1 
Not impersonating 
DeviceMap     fffff8a000008ca0 
Owning Process   fffffa80069a9740  Image:   System 
Attached Process   N/A   Image:   N/A 
Wait Start TickCount  16772   Ticks: 501 (0:00:00:07.815) 
Context Switch Count  408   IdealProcessor: 4    
UserTime     00:00:00.000 
KernelTime    00:00:00.000 
Win32 Start Address nt!PopUmpoMessageThread (0xfffff8000308c8e4) 
Stack Init fffff88003952c70 Current fffff88003952470 
Base fffff88003953000 Limit fffff8800394d000 Call 0 
Priority 14 BasePriority 13 UnusualBoost 0 ForegroundBoost 0 IoPriority 2 PagePriority 5 
Child-SP   RetAddr   : Args to Child               : Call Site 
fffff880`039524b0 fffff800`030c45f2 : 00000000`00000000 fffffa80`069dc040 00000000`00000000 00000000`00000009 : nt!KiSwapContext+0x7a 
fffff880`039525f0 fffff800`030d599f : 00000000`00000000 00000000`00000000 fffffa80`00000000 00000000`00000000 : nt!KiCommitThreadWait+0x1d2 
fffff880`03952680 fffff800`033dc5f9 : 00000000`00000000 00000000`00000010 00000000`00000001 00000000`00000000 : nt!KeWaitForSingleObject+0x19f 
fffff880`03952720 fffff800`033dc07c : 00000000`00000000 00000000`00000001 00000000`00000000 00000000`00000000 : nt!AlpcpReceiveMessagePort+0x189 
fffff880`03952780 fffff800`033ddd56 : fffffa80`069db1c0 00000000`00000000 00000000`00000000 fffffa80`069db1c0 : nt!AlpcpReceiveMessage+0x2d9 
fffff880`03952820 fffff800`030cde53 : fffffa80`069dc040 fffff880`039529c0 fffff880`03952af8 fffff800`0320230d : nt!NtAlpcSendWaitReceivePort+0x1e6 
fffff880`039528d0 fffff800`030ca410 : fffff800`0308c996 00000000`00000000 fffff880`03952b30 00000000`6f706d55 : nt!KiSystemServiceCopyEnd+0x13 (TrapFrame @ fffff880`03952940) 
fffff880`03952ad8 fffff800`0308c996 : 00000000`00000000 fffff880`03952b30 00000000`6f706d55 00000000`000007ff : nt!KiServiceLinkage 
fffff880`03952ae0 fffff800`0336a73a : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!PopUmpoMessageThread+0xb2 
fffff880`03952c00 fffff800`030bf8e6 : fffff880`009b3180 fffffa80`069dc040 fffffa80`069c6040 00000000`00000000 : nt!PspSystemThreadStartup+0x5a 
fffff880`03952c40 00000000`00000000 : fffff880`03953000 fffff880`0394d000 fffff880`03952470 00000000`00000000 : nt!KxStartSystemThread+0x16

端口:

0: kd> !alpc /p fffffa80`069db1c0 
Port fffffa80069db1c0 
    Type      : ALPC_CONNECTION_PORT 
    CommunicationInfo   : fffff8a0000a3230 
    ConnectionPort   : fffffa80069db1c0 (PowerPort) 
    ClientCommunicationPort : 0000000000000000 
    ServerCommunicationPort : 0000000000000000 
    OwnerProcess    : fffffa80069a9740 (System) 
    SequenceNo    : 0x00000001 (1) 
    CompletionPort   : 0000000000000000 
    CompletionList   : 0000000000000000 
    ConnectionPending   : No 
    ConnectionRefused   : No 
    Disconnected    : No 
    Closed     : No 
    FlushOnClose    : Yes 
    ReturnExtendedInfo  : No 
    Waitable     : No 
    Security     : Static 
    Wow64CompletionList  : No 

    1 thread(s) are waiting on the port: 

    THREAD fffffa80069dc040 Cid 0004.00b0 Teb: 0000000000000000 Win32Thread: 0000000000000000 WAIT 

    Main queue is empty. 


    Large message queue is empty. 


    Pending queue is empty. 


    Canceled queue is empty.
  • 是什麼原因導致(或可能導致)線程不表明它 正在等待消息?或者 - 可能導致線程等待沒有消息的端口?

來源

2014-12-19 GamerJ5

+0

如果您留下負面評分,常見問題是爲什麼評論。如果你認爲這個問題不符合社區的規則,請讓我知道爲什麼。如果你認爲這是一個愚蠢的問題,但符合社區的規則,那麼請隨時告訴我我是個白癡,但不要貶低這個問題 – GamerJ5

回答

1

這是一個接收線程。這個人正在等待lpc信息。換句話說,它閒置。

如果你正在尋找一個alpc等待鏈,你應該尋找與WrLPCReply或類似的線程。

來源

2014-12-21 07:47:12 Addy

相關問題

 相關問題