osloader!BlLoadImage32Ex和osloader!BlLoadBootDrivers调试记录--非常重要
kd> g
Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
osloader!BlGetAdvancedBootOption+0x1:
0042cb6a 086944 or byte ptr [ecx+44h],ch
kd> g
BD: Boot Debugger Initialized
BD: osloader.exe base address 00400000
Break instruction exception - code 80000003 (first chance)
osloader!DbgBreakPoint:
004239ec cc int 3
kd> p
osloader!DbgBreakPoint+0x1:
004239ed c3 ret
kd> bl
0 d Enable Clear u 0001 (0001) (win32k!RawInputThread)
1 d Enable Clear u 0001 (0001) (winsrv!ConServerDllInitialization)
2 d Enable Clear u 0001 (0001) (win32k!xxxInitInput)
3 d Enable Clear u 0001 (0001) (USER32!CreateWindowStationW)
4 e Disable Clear 00429fd8 0001 (0001) osloader!BlLoadBootDrivers
5 e Disable Clear 0041af95 0001 (0001) osloader!BlLoadImageEx
6 e Disable Clear 0041bff9 0001 (0001) osloader!BlLoadDeviceDriver
7 e Disable Clear 0041a6b4 0001 (0001) osloader!BlLoadImage32Ex
8 e Disable Clear 0042cb6f 0001 (0001) osloader!BlSelectKernel
10 e Disable Clear 00428a87 0001 (0001) osloader!BlOsLoader
kd> bc 0
kd> bc 1
kd> bc 2
kd> bc 3
kd> bp osloader!BlOsLoader
breakpoint 10 redefined
kd> g
Breakpoint 8 hit
osloader!BlSelectKernel:
0042cb6f 55 push ebp
kd> g
Breakpoint 0 hit
osloader!BlOsLoader:
00428a87 55 push ebp
kd> kc
00 osloader!BlOsLoader
01 osloader!BlStartup
02 osloader!NtProcessStartup
WARNING: Frame IP not in any known module. Following frames may be wrong.
03 0x0
04 osloader!`string'
05 0x0
kd> dv
Argc = 7
Argv = 0x00060e5c
Envp = 0x00000000
HalDataTableEntry = 0xffff0ff0
LoadDeviceLKG1Path = char [256] ""
SystemDeviceId = 0x30
userSpecifiedKernelName = 0x00000000 ""
KdDllName = char [256] ""
KernelPathName = char [256] ""
userSpecifiedPae = 0x55 'U'
userSpecifiedNoPae = 0xff ''
ServerHive = 0x00 ''
KdDataTableEntry = 0x00060010
DeviceName = char [256] ""
LoadDevicePath = char [256] ""
HalPathName = char [256] ""
KernelPathSet = struct FULL_PATH_SET
KdDllBase = 0x00000000
highestSystemPage = 0
KdDllLoadFailed = 0x00 ''
SystemBase = 0xffffffff
bDiskCacheInitialized = 0x00 ''
LoadDeviceId = 0x428a87
LoadFileName = 0x00060ed0 "???"
LoadOptions = 0x0044c420 "x86systempartition=multi(0)disk(0)rdisk(0)partition(1)"
OsLoader = 0x0044c4a0 "osloadoptions=FASTDETECT 3G PAE DEBUG DEBUGPORT=COM1: BAUDRATE=115200"
SystemEntry = 0x00060e5c
BootFileSystem = 0xffffffff
bLastKnownGood = 0x00 ''
DevicePrefix = char [256] ""
LoadDevice = 0x00000007 "--- memory read error at address 0x00000007 ---"
LoadDevicePathSet = struct FULL_PATH_SET
LoadDeviceLKG2Path = char [256] ""
KernelDirectoryPath = char [256] ""
unicodeString = ""
SystemDevicePath = char [256] ""
SystemDataTableEntry = 0x00000400
Directory = char [256] ""
HalBase = 0x00430010
BadFileName = char [128] "00"
bLastKnownGoodChosenLate = 0x00 ''
XIPRomOption = 0x00060ed0 "???"
XIPBootOption = 0x0044c4a0 "osloadoptions=FASTDETECT 3G PAE DEBUG DEBUGPORT=COM1: BAUDRATE=115200"
FileId = 0x60e5c
kd> bp osloader!BlLoadImage
Couldn't resolve error at 'osloader!BlLoadImage'
kd> x osloader!BlLoadImage
kd> x osloader!*BlLoadImage
kd> x osloader!*BlLoadImage*
0041ab23 osloader!BlLoadImage64Ex (unsigned long, _TYPE_OF_MEMORY, char *, unsigned short, unsigned long, unsigned long, void **)
0041af95 osloader!BlLoadImageEx (unsigned long, _TYPE_OF_MEMORY, char *, unsigned short, unsigned long, unsigned long, void **)
0041a6b4 osloader!BlLoadImage32Ex (unsigned long, _TYPE_OF_MEMORY, char *, unsigned short, unsigned long, unsigned long, void **)
kd> u 41a6b4
osloader!BlLoadImage32Ex [d:\srv03rtm\base\boot\lib\peldrt.c @ 89]:
0041a6b4 55 push ebp
0041a6b5 8bec mov ebp,esp
0041a6b7 81ec80050000 sub esp,580h
0041a6bd 53 push ebx
0041a6be 33db xor ebx,ebx
0041a6c0 56 push esi
0041a6c1 57 push edi
0041a6c2 33c0 xor eax,eax
kd> bl
0 e Disable Clear 00428a87 0001 (0001) osloader!BlOsLoader
4 e Disable Clear 00429fd8 0001 (0001) osloader!BlLoadBootDrivers
5 e Disable Clear 0041af95 0001 (0001) osloader!BlLoadImageEx
6 e Disable Clear 0041bff9 0001 (0001) osloader!BlLoadDeviceDriver
7 e Disable Clear 0041a6b4 0001 (0001) osloader!BlLoadImage32Ex
8 e Disable Clear 0042cb6f 0001 (0001) osloader!BlSelectKernel
kd> u 41ab23
osloader!BlLoadImage64Ex [d:\srv03rtm\base\boot\lib\peldrt.c @ 89]:
0041ab23 55 push ebp
0041ab24 8bec mov ebp,esp
0041ab26 81ec84050000 sub esp,584h
0041ab2c 53 push ebx
0041ab2d 33db xor ebx,ebx
0041ab2f 56 push esi
0041ab30 57 push edi
0041ab31 33c0 xor eax,eax
kd> bp osloader!BlLoadImage64Ex
kd> g
Breakpoint 5 hit
osloader!BlLoadImageEx:
0041af95 55 push ebp
kd> kc
00 osloader!BlLoadImageEx
01 osloader!BlOsLoader
02 osloader!BlStartup
03 osloader!NtProcessStartup
WARNING: Frame IP not in any known module. Following frames may be wrong.
04 0x0
05 osloader!`string'
06 0x0
kd> dv
DeviceId = 3
MemoryType = LoaderSystemCode (0n9)
LoadFile = 0x0006093c "\WINDOWS\system32\ntkrnlpa.exe"
ImageType = 0x14c
PreferredAlignment = 0
PreferredBasePage = 0
ImageBase = 0x00060e14
kd> x osloader!*debug*
0047cfc0 osloader!BdDebugRoutine = 0x00421035
0044655c osloader!NetDebugFlag = 3
004462ad osloader!RamdiskDebugLevel = 0x01 ''
0048329c osloader!CmpCheckKeyDebug = struct __unnamed
004832b4 osloader!CmpCheckValueListDebug = struct __unnamed
0044b324 osloader!BdDebuggerNotPresent = 0
004832d0 osloader!HvCheckHiveDebug = struct __unnamed
0044b001 osloader!HalpGoodBiosDebug = 0x00 ''
0047b180 osloader!DebugMessage = unsigned char [80] ".Boot Debugger Using: COM1 (Baud Rate 115200)."
00483288 osloader!CmRegistryIODebug = struct __unnamed
004468ac osloader!szDebug = char [17] "unsupporteddebug"
0044b428 osloader!CmpKeyCellDebug = 0
004462ac osloader!RamdiskDebug = 0x01 ''
0044b424 osloader!NtfsDebugIt = 0x00 ''
0044690c osloader!szHiberDebug = unsigned char [6] "debug"
004832f0 osloader!HvRecoverDataDebug = struct __unnamed
00446df0 osloader!ScsiDebug = 0
00483294 osloader!CmpCheckRegistry2Debug = struct __unnamed
0044b520 osloader!DebugLoadOptions = char [60] ""
004832e4 osloader!HvCheckBinDebug = struct __unnamed
0044b320 osloader!BdDebuggerEnabled = 1
00483280 osloader!CmCheckRegistryDebug = struct __unnamed
00424302 osloader!DebugService2 (void *, void *, unsigned long)
004242da osloader!DebugService (unsigned long, void *, void *, void *, void *)
0040254c osloader!ScsiDebugPause (void)
004207f0 osloader!BdInitDebugger (char *, void *, char *)
004017d3 osloader!ScsiDebugPrint (unsigned long, char *)
00424315 osloader!DebugPrint (struct _STRING *, unsigned long, unsigned long)
kd> eb 0044655c f
kd> p
osloader!BlLoadImageEx+0x1:
0041af96 8bec mov ebp,esp
kd> p
osloader!BlLoadImageEx+0x3:
0041af98 803d986e440000 cmp byte ptr [osloader!BlAmd64UseLongMode (00446e98)],0
kd> p
osloader!BlLoadImageEx+0xa:
0041af9f 7506 jne osloader!BlLoadImageEx+0x12 (0041afa7)
kd> p
osloader!BlLoadImageEx+0xc:
0041afa1 5d pop ebp
kd> p
osloader!BlLoadImageEx+0xd:
0041afa2 e90df7ffff jmp osloader!BlLoadImage32Ex (0041a6b4)
kd> p
Breakpoint 7 hit
osloader!BlLoadImage32Ex:
0041a6b4 55 push ebp
kd> dv
DeviceId = 3
MemoryType = LoaderSystemCode (0n9)
LoadFile = 0x0006093c "\WINDOWS\system32\ntkrnlpa.exe"
ImageType = 0x14c
PreferredAlignment = 0
PreferredBasePage = 0
ImageBase = 0x00060e14
ImgCache = struct _IMAGE_PREFETCH_CACHE
ActualBase = 0x60e3c
FileId = 0x41a6b4
FileInfo = struct _FILE_INFORMATION
NumberOfSections = 0x14c
Status = 3
Count = 0
NewImageBase = 0
NtHeaders = 0x00000009
SectionHeader = 0x00000003
BasePage = 0x14c
LocalBuffer = unsigned char [1280] "t be run in DOS mode....$"
RelocSize = 0
bFreeCache = 0x00 ''
Index = 0x14c
SeekPosition = {146338125709360}
oldLimit = 0
Length = 0x14c
kd> gu
BD: \WINDOWS\system32\ntkrnlpa.exe base address 80A02000
osloader!BlOsLoader+0xb7d:
00429604 8bf0 mov esi,eax
kd> g
Breakpoint 5 hit
osloader!BlLoadImageEx:
0041af95 55 push ebp
kd> dv
DeviceId = 3
MemoryType = LoaderHalCode (0n10)
LoadFile = 0x00060710 "\WINDOWS\system32\hal.dll"
ImageType = 0x14c
PreferredAlignment = 0
PreferredBasePage = 0
ImageBase = 0x00060e00
kd> g
Breakpoint 7 hit
osloader!BlLoadImage32Ex:
0041a6b4 55 push ebp
kd> dv
DeviceId = 3
MemoryType = LoaderHalCode (0n10)
LoadFile = 0x00060710 "\WINDOWS\system32\hal.dll"
ImageType = 0x14c
PreferredAlignment = 0
PreferredBasePage = 0
ImageBase = 0x00060e00
ImgCache = struct _IMAGE_PREFETCH_CACHE
ActualBase = 0x60e3c
FileId = 0x41a6b4
FileInfo = struct _FILE_INFORMATION
NumberOfSections = 0x14c
Status = 3
Count = 0
NewImageBase = 0
NtHeaders = 0x0000000a
SectionHeader = 0x00000003
BasePage = 0x14c
LocalBuffer = unsigned char [1280] ""
RelocSize = 0
bFreeCache = 0x00 ''
Index = 0x14c
SeekPosition = {146338125709360}
oldLimit = 0
Length = 0x14c
kd> bd 5
kd> g
BD: \WINDOWS\system32\hal.dll base address 804EA000
Breakpoint 7 hit
osloader!BlLoadImage32Ex:
0041a6b4 55 push ebp
kd> dv
DeviceId = 3
MemoryType = LoaderSystemCode (0n9)
LoadFile = 0x00060b3c "\WINDOWS\system32\KDCOM.DLL"
ImageType = 0x14c
PreferredAlignment = 0
PreferredBasePage = 0
ImageBase = 0x00060dfc
ImgCache = struct _IMAGE_PREFETCH_CACHE
ActualBase = 0x60e3c
FileId = 0x41a6b4
FileInfo = struct _FILE_INFORMATION
NumberOfSections = 0x14c
Status = 3
Count = 0
NewImageBase = 0
NtHeaders = 0x00000009
SectionHeader = 0x00000003
BasePage = 0x14c
LocalBuffer = unsigned char [1280] "MZ???"
RelocSize = 0x44662a
bFreeCache = 0x00 ''
Index = 0x14c
SeekPosition = {1701322445422640}
oldLimit = 0
Length = 0x14c
kd> g
BD: \WINDOWS\system32\KDCOM.DLL base address 8051A000
Breakpoint 7 hit
osloader!BlLoadImage32Ex:
0041a6b4 55 push ebp
kd> dv
DeviceId = 3
MemoryType = LoaderSystemCode (0n9)
LoadFile = 0x0005fed8 "\WINDOWS\system32\BOOTVID.dll"
ImageType = 0x14c
PreferredAlignment = 0
PreferredBasePage = 0
ImageBase = 0x0005ffe0
ImgCache = struct _IMAGE_PREFETCH_CACHE
ActualBase = 0x5fff0
FileId = 0x41a6b4
FileInfo = struct _FILE_INFORMATION
NumberOfSections = 0x60920
Status = 3
Count = 0
NewImageBase = 0
NtHeaders = 0x00000009
SectionHeader = 0x00000003
BasePage = 0x14c
LocalBuffer = unsigned char [1280] "???"
RelocSize = 0x80eea3b4
bFreeCache = 0x00 ''
Index = 0x14c
SeekPosition = {48}
oldLimit = 0
Length = 0x14c
kd> x osloader!*psloaded*
kd> x osloader!*loaded*
0044af54 osloader!BlNumProgressBarFilesLoaded = 0n0
00483268 osloader!CmpProfileLoaded = 0x00 ''
0044af50 osloader!BlNumFilesLoaded = 0n3
00414911 osloader!BlAmd64TransferLoadedModuleState (void)
0040c18b osloader!BlCheckForLoadedDll (char *, struct _KLDR_DATA_TABLE_ENTRY **)
kd> g
BD: \WINDOWS\system32\BOOTVID.dll base address 80010000
Breakpoint 4 hit
osloader!BlLoadBootDrivers:
00429fd8 55 push ebp
kd> dv
DefaultPathSet = 0x00060cbc
BootDriverListHead = 0x80076010 [ 0x80081cf8 - 0x80081ed8 ]
BadFileName = 0x00060c3c "\WINDOWS\FONTS\vgaoem.fon"
DriverDevice = char [128] "???"
DriverName = char [64] "???"
DriverPath = char [128] "???"
AbsolutePath = 0x00 ''
DeviceName = struct _UNICODE_STRING ""
Status = 0x429fd8
SystemRootBuffer = unsigned short [13]
SystemRootLength = 0
FileName = ""
LocalPathSet = struct FULL_PATH_SET
DriverNode = 0xffffffff
DriverEntry = 0x00060cbc
DeviceId = 0x80140030
kd> dv
DefaultPathSet = 0x00060cbc
BootDriverListHead = 0x80076010 [ 0x80081cf8 - 0x80081ed8 ]
BadFileName = 0x00060c3c "\WINDOWS\FONTS\vgaoem.fon"
DriverDevice = char [128] "h???"
DriverName = char [64] "???"
DriverPath = char [128] "???"
AbsolutePath = 0x00 ''
DeviceName = ""
Status = 8
SystemRootBuffer = unsigned short [13]
SystemRootLength = 0xc
FileName = " "
LocalPathSet = struct FULL_PATH_SET
DriverNode = 0x00000030
DriverEntry = 0xffffffff
DeviceId = 0
kd> x osloader!BootDriverListHead
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x80076010)
((osloader!_LIST_ENTRY *)0x80076010) : 0x80076010 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x80081cf8 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x80081ed8 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x80081cf8)
((osloader!_LIST_ENTRY *)0x80081cf8) : 0x80081cf8 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x80082a68 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x80076010 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x80082a68)
((osloader!_LIST_ENTRY *)0x80082a68) : 0x80082a68 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x800824a0 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x80081cf8 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x800824a0)
((osloader!_LIST_ENTRY *)0x800824a0) : 0x800824a0 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x80082b50 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x80082a68 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x80082b50)
((osloader!_LIST_ENTRY *)0x80082b50) : 0x80082b50 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x80082698 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x800824a0 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x80082698)
((osloader!_LIST_ENTRY *)0x80082698) : 0x80082698 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x800823a8 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x80082b50 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x800823a8)
((osloader!_LIST_ENTRY *)0x800823a8) : 0x800823a8 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x800822b0 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x80082698 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x800822b0)
((osloader!_LIST_ENTRY *)0x800822b0) : 0x800822b0 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x800821c8 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x800823a8 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x800821c8)
((osloader!_LIST_ENTRY *)0x800821c8) : 0x800821c8 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x80082c48 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x800822b0 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x80082c48)
((osloader!_LIST_ENTRY *)0x80082c48) : 0x80082c48 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x80082968 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x800821c8 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x80082968)
((osloader!_LIST_ENTRY *)0x80082968) : 0x80082968 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x80081de0 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x80082c48 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x80081de0)
((osloader!_LIST_ENTRY *)0x80081de0) : 0x80081de0 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x800820e0 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x80082968 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x800820e0)
((osloader!_LIST_ENTRY *)0x800820e0) : 0x800820e0 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x80081fd8 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x80081de0 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x80081fd8)
((osloader!_LIST_ENTRY *)0x80081fd8) : 0x80081fd8 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x80082598 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x800820e0 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x80082598)
((osloader!_LIST_ENTRY *)0x80082598) : 0x80082598 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x80082d48 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x80081fd8 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x80082d48)
((osloader!_LIST_ENTRY *)0x80082d48) : 0x80082d48 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x80082880 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x80082598 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x80082880)
((osloader!_LIST_ENTRY *)0x80082880) : 0x80082880 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x80082798 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x80082d48 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x80082798)
((osloader!_LIST_ENTRY *)0x80082798) : 0x80082798 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x80081ed8 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x80082880 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((osloader!_LIST_ENTRY *)0x80081ed8)
((osloader!_LIST_ENTRY *)0x80081ed8) : 0x80081ed8 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x80076010 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x80082798 \[Type: _LIST_ENTRY \*
kd> dt BOOT_DRIVER_NODE 0x80081cf8
osloader!BOOT_DRIVER_NODE
+0x000 ListEntry : _BOOT_DRIVER_LIST_ENTRY
+0x01c Group : _UNICODE_STRING "Boot Bus Extender"
+0x024 Name : _UNICODE_STRING "ACPI"
+0x02c Tag : 1
+0x030 ErrorControl : 1
kd> dt BOOT_DRIVER_NODE 0x80082a68
osloader!BOOT_DRIVER_NODE
+0x000 ListEntry : _BOOT_DRIVER_LIST_ENTRY
+0x01c Group : _UNICODE_STRING "Boot Bus Extender"
+0x024 Name : _UNICODE_STRING "PCI"
+0x02c Tag : 2
+0x030 ErrorControl : 3
kd> dt BOOT_DRIVER_NODE 0x800824a0
osloader!BOOT_DRIVER_NODE
+0x000 ListEntry : _BOOT_DRIVER_LIST_ENTRY
+0x01c Group : _UNICODE_STRING "Boot Bus Extender"
+0x024 Name : _UNICODE_STRING "isapnp"
+0x02c Tag : 3
+0x030 ErrorControl : 3
kd> dt BOOT_DRIVER_NODE 0x80082698
osloader!BOOT_DRIVER_NODE
+0x000 ListEntry : _BOOT_DRIVER_LIST_ENTRY
+0x01c Group : _UNICODE_STRING "System Bus Extender"
+0x024 Name : _UNICODE_STRING "MountMgr"
+0x02c Tag : 4
+0x030 ErrorControl : 1
kd> dt BOOT_DRIVER_NODE 0x800823a8
osloader!BOOT_DRIVER_NODE
+0x000 ListEntry : _BOOT_DRIVER_LIST_ENTRY
+0x01c Group : _UNICODE_STRING "System Bus Extender"
+0x024 Name : _UNICODE_STRING "Ftdisk"
+0x02c Tag : 5
+0x030 ErrorControl : 1
kd> dt BOOT_DRIVER_NODE 0x800821c8
osloader!BOOT_DRIVER_NODE
+0x000 ListEntry : _BOOT_DRIVER_LIST_ENTRY
+0x01c Group : _UNICODE_STRING "System Bus Extender"
+0x024 Name : _UNICODE_STRING "dmio"
+0x02c Tag : 9
+0x030 ErrorControl : 1
kd> dt BOOT_DRIVER_NODE 0x80082c48
osloader!BOOT_DRIVER_NODE
+0x000 ListEntry : _BOOT_DRIVER_LIST_ENTRY
+0x01c Group : _UNICODE_STRING "System Bus Extender"
+0x024 Name : _UNICODE_STRING "VolSnap"
+0x02c Tag : 0xb
+0x030 ErrorControl : 1
kd> dt BOOT_DRIVER_NODE 0x80082968
osloader!BOOT_DRIVER_NODE
+0x000 ListEntry : _BOOT_DRIVER_LIST_ENTRY
+0x01c Group : _UNICODE_STRING "System Bus Extender"
+0x024 Name : _UNICODE_STRING "PartMgr"
+0x02c Tag : 0xc
+0x030 ErrorControl : 1
kd> dt BOOT_DRIVER_NODE 0x80081de0
osloader!BOOT_DRIVER_NODE
+0x000 ListEntry : _BOOT_DRIVER_LIST_ENTRY
+0x01c Group : _UNICODE_STRING "SCSI miniport"
+0x024 Name : _UNICODE_STRING "atapi"
+0x02c Tag : 3
+0x030 ErrorControl : 1
kd> dt BOOT_DRIVER_NODE 0x800820e0
osloader!BOOT_DRIVER_NODE
+0x000 ListEntry : _BOOT_DRIVER_LIST_ENTRY
+0x01c Group : _UNICODE_STRING "SCSI Class"
+0x024 Name : _UNICODE_STRING "Disk"
+0x02c Tag : 2
+0x030 ErrorControl : 1
kd> dt BOOT_DRIVER_NODE 0x80081fd8
osloader!BOOT_DRIVER_NODE
+0x000 ListEntry : _BOOT_DRIVER_LIST_ENTRY
+0x01c Group : _UNICODE_STRING "filter"
+0x024 Name : _UNICODE_STRING "DfsDriver"
+0x02c Tag : 0xffffffff
+0x030 ErrorControl : 1
kd> dt BOOT_DRIVER_NODE 0x80082598
osloader!BOOT_DRIVER_NODE
+0x000 ListEntry : _BOOT_DRIVER_LIST_ENTRY
+0x01c Group : _UNICODE_STRING "Base"
+0x024 Name : _UNICODE_STRING "KSecDD"
+0x02c Tag : 2
+0x030 ErrorControl : 1
kd> dt BOOT_DRIVER_NODE 0x80082d48
osloader!BOOT_DRIVER_NODE
+0x000 ListEntry : _BOOT_DRIVER_LIST_ENTRY
+0x01c Group : _UNICODE_STRING "File system"
+0x024 Name : _UNICODE_STRING "Ntfs"
+0x02c Tag : 0xffffffff
+0x030 ErrorControl : 3
kd> dt BOOT_DRIVER_NODE 0x80082880
osloader!BOOT_DRIVER_NODE
+0x000 ListEntry : _BOOT_DRIVER_LIST_ENTRY
+0x01c Group : _UNICODE_STRING "NDIS Wrapper"
+0x024 Name : _UNICODE_STRING "NDIS"
+0x02c Tag : 0xffffffff
+0x030 ErrorControl : 1
kd> dt BOOT_DRIVER_NODE 0x80082798
osloader!BOOT_DRIVER_NODE
+0x000 ListEntry : _BOOT_DRIVER_LIST_ENTRY
+0x01c Group : _UNICODE_STRING "Network"
+0x024 Name : _UNICODE_STRING "Mup"
+0x02c Tag : 2
+0x030 ErrorControl : 1
kd> dt BOOT_DRIVER_NODE 0x80081ed8
osloader!BOOT_DRIVER_NODE
+0x000 ListEntry : _BOOT_DRIVER_LIST_ENTRY
+0x01c Group : _UNICODE_STRING "Pnp Filter"
+0x024 Name : _UNICODE_STRING "crcdisk"
+0x02c Tag : 2
+0x030 ErrorControl : 1
kd> p
osloader!BlLoadBootDrivers+0x26e:
0042a246 8d4318 lea eax,[ebx+18h]
kd> t
Breakpoint 2 hit
osloader!BlLoadDeviceDriver:
0041bff9 55 push ebp
kd> dv
PathSet = 0x0005fdbc
DriverName = 0x0005fee8 "ACPI.sys"
DriverDescription = 0x00000000 ""
DriverFlags = 0x4000
DriverDataTableEntry = 0x80081d10
FullName = char [256] "???"
Base = 0x0041bff9
DllName = char [256] "???"
Index = 8
kd> dx -r1 ((osloader!FULL_PATH_SET *)0x5fdbc)
((osloader!FULL_PATH_SET *)0x5fdbc) : 0x5fdbc [Type: FULL_PATH_SET *]
+0x000\] PathCount : 0x1 \[Type: unsigned long
+0x004\] AliasName : 0x4428a8 : "\\SystemRoot" \[Type: char \*
+0x008\] PathOffset : "system32\\DRIVERS\\" \[Type: char \[256\]
+0x108\] Source \[Type: PATH_SOURCE \[3\]
kd> p
osloader!BlLoadImageEx+0xd:
0041afa2 e90df7ffff jmp osloader!BlLoadImage32Ex (0041a6b4)
kd> t
Breakpoint 7 hit
osloader!BlLoadImage32Ex:
0041a6b4 55 push ebp
kd> kc
00 osloader!BlLoadImage32Ex
01 osloader!BlLoadDeviceDriver
02 osloader!BlLoadBootDrivers
03 osloader!BlOsLoader
04 osloader!BlStartup
05 osloader!NtProcessStartup
WARNING: Frame IP not in any known module. Following frames may be wrong.
06 0x0
07 osloader!`string'
08 0x0
kd> dv
DeviceId = 3
MemoryType = LoaderBootDriver (0n11)
LoadFile = 0x0005fc0c "\WINDOWS\system32\DRIVERS\ACPI.sys"
ImageType = 0x14c
PreferredAlignment = 0
PreferredBasePage = 0
kd> gu
BD: \WINDOWS\system32\DRIVERS\ACPI.sys base address 80364000
osloader!BlLoadDeviceDriver+0xf4:
0041c0ed 8bf0 mov esi,eax
kd> g
Breakpoint 7 hit
osloader!BlLoadImage32Ex:
0041a6b4 55 push ebp
kd> dv
DeviceId = 3
MemoryType = LoaderBootDriver (0n11)
LoadFile = 0x0005f9d4 "\WINDOWS\system32\DRIVERS\WMILIB.SYS"
ImageType = 0x14c
PreferredAlignment = 0
kd> gu
BD: \WINDOWS\system32\DRIVERS\WMILIB.SYS base address 80001000
osloader!BlScanImportDescriptorTable32+0x122:
0040c58d 8bf0 mov esi,eax
kd> g
Breakpoint 2 hit
osloader!BlLoadDeviceDriver:
0041bff9 55 push ebp
kd> kc
00 osloader!BlLoadDeviceDriver
01 osloader!BlLoadBootDrivers
02 osloader!BlOsLoader
03 osloader!BlStartup
04 osloader!NtProcessStartup
WARNING: Frame IP not in any known module. Following frames may be wrong.
05 0x0
06 osloader!`string'
07 0x0
kd> dv
PathSet = 0x0005fdbc
DriverName = 0x0005fee8 "pci.sys"
DriverDescription = 0x00000000 ""
DriverFlags = 0x4000
DriverDataTableEntry = 0x80082a80
FullName = char [256] "???"
Base = 0x0041bff9
kd> g
Breakpoint 7 hit
osloader!BlLoadImage32Ex:
0041a6b4 55 push ebp
kd> dv
DeviceId = 3
MemoryType = LoaderBootDriver (0n11)
LoadFile = 0x0005fc0c "\WINDOWS\system32\DRIVERS\pci.sys"
ImageType = 0x14c
PreferredAlignment = 0
PreferredBasePage = 0
ImageBase = 0x0005fd0c
ImgCache = struct _IMAGE_PREFETCH_CACHE
ActualBase = 0x5fd14
FileId = 0x41a6b4
FileInfo = struct _FILE_INFORMATION
NumberOfSections = 0x5fecc
Status = 3
Count = 0
NewImageBase = 0
NtHeaders = 0x0000000b
SectionHeader = 0x00000003
BasePage = 0x14c
LocalBuffer = unsigned char [1280] ""
RelocSize = 0x5fef0
bFreeCache = 0x00 ''
Index = 0x14c
SeekPosition = {1684649382248496}
oldLimit = 0
Length = 0x14c
kd> gu
BD: \WINDOWS\system32\DRIVERS\pci.sys base address 803D1000
osloader!BlLoadDeviceDriver+0xf4:
0041c0ed 8bf0 mov esi,eax
kd> g
Breakpoint 2 hit
osloader!BlLoadDeviceDriver:
0041bff9 55 push ebp
kd> bd 2
kd> g
Breakpoint 7 hit
osloader!BlLoadImage32Ex:
0041a6b4 55 push ebp
kd> bd 7
kd> g
BD: \WINDOWS\system32\DRIVERS\isapnp.sys base address 80062000
BD: \WINDOWS\system32\DRIVERS\pciide.sys base address 80018000
BD: \WINDOWS\system32\DRIVERS\PCIIDEX.SYS base address 80522000
BD: \WINDOWS\System32\Drivers\MountMgr.sys base address 80535000
BD: \WINDOWS\system32\DRIVERS\ftdisk.sys base address 80545000
BD: \WINDOWS\System32\drivers\dmload.sys base address 8056F000
BD: \WINDOWS\System32\drivers\dmio.sys base address 80576000
BD: \WINDOWS\system32\DRIVERS\volsnap.sys base address 805F5000
BD: \WINDOWS\System32\Drivers\PartMgr.sys base address 8061E000
BD: \WINDOWS\system32\DRIVERS\atapi.sys base address 80629000
BD: \WINDOWS\system32\DRIVERS\disk.sys base address 80664000
BD: \WINDOWS\system32\DRIVERS\CLASSPNP.SYS base address 8067C000
BD: \WINDOWS\system32\drivers\Dfs.sys base address 806AE000
BD: \WINDOWS\System32\Drivers\KSecDD.sys base address 806C0000
BD: \WINDOWS\System32\Drivers\Ntfs.sys base address 806EC000
BD: \WINDOWS\System32\Drivers\NDIS.sys base address 80F2D000
BD: \WINDOWS\System32\Drivers\Mup.sys base address 807C0000
BD: \WINDOWS\system32\DRIVERS\crcdisk.sys base address 807F3000
kd> x nt!psloaded*
80c2dd80 nt!PsLoadedModuleResource = struct _ERESOURCE
80b20c80 nt!PsLoadedModuleSpinLock = 0
80c2dd70 nt!PsLoadedModuleList = struct _LIST_ENTRY [ 0x8cd53218 - 0x8cac27f8 ]
kd> dx -r1 (*((ntkrpamp!_LIST_ENTRY *)0x80c2dd70))
(*((ntkrpamp!_LIST_ENTRY *)0x80c2dd70)) [Type: _LIST_ENTRY]
+0x000\] Flink : 0x8cd53218 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac27f8 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cd53218)
((ntkrpamp!_LIST_ENTRY *)0x8cd53218) : 0x8cd53218 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cd531b0 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x80c2dd70 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cd531b0)
((ntkrpamp!_LIST_ENTRY *)0x8cd531b0) : 0x8cd531b0 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cd53148 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cd53218 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cd53148)
((ntkrpamp!_LIST_ENTRY *)0x8cd53148) : 0x8cd53148 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cd530d8 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cd531b0 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cd530d8)
((ntkrpamp!_LIST_ENTRY *)0x8cd530d8) : 0x8cd530d8 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cd53070 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cd53148 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cd53070)
((ntkrpamp!_LIST_ENTRY *)0x8cd53070) : 0x8cd53070 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac2008 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cd530d8 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac2008)
((ntkrpamp!_LIST_ENTRY *)0x8cac2008) : 0x8cac2008 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac2fa0 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cd53070 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac2fa0)
((ntkrpamp!_LIST_ENTRY *)0x8cac2fa0) : 0x8cac2fa0 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac2f30 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac2008 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac2f30)
((ntkrpamp!_LIST_ENTRY *)0x8cac2f30) : 0x8cac2f30 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac2ec0 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac2fa0 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac2ec0)
((ntkrpamp!_LIST_ENTRY *)0x8cac2ec0) : 0x8cac2ec0 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac2e50 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac2f30 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac2e50)
((ntkrpamp!_LIST_ENTRY *)0x8cac2e50) : 0x8cac2e50 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac2de0 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac2ec0 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac2de0)
((ntkrpamp!_LIST_ENTRY *)0x8cac2de0) : 0x8cac2de0 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac2d70 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac2e50 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac2d70)
((ntkrpamp!_LIST_ENTRY *)0x8cac2d70) : 0x8cac2d70 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac2d00 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac2de0 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac2d00)
((ntkrpamp!_LIST_ENTRY *)0x8cac2d00) : 0x8cac2d00 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac2c98 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac2d70 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac2c98)
((ntkrpamp!_LIST_ENTRY *)0x8cac2c98) : 0x8cac2c98 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac2c28 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac2d00 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac2c28)
((ntkrpamp!_LIST_ENTRY *)0x8cac2c28) : 0x8cac2c28 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac2bb8 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac2c98 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac2bb8)
((ntkrpamp!_LIST_ENTRY *)0x8cac2bb8) : 0x8cac2bb8 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac2b50 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac2c28 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac2b50)
((ntkrpamp!_LIST_ENTRY *)0x8cac2b50) : 0x8cac2b50 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac2ae8 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac2bb8 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac2ae8)
((ntkrpamp!_LIST_ENTRY *)0x8cac2ae8) : 0x8cac2ae8 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac2a78 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac2b50 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac2a78)
((ntkrpamp!_LIST_ENTRY *)0x8cac2a78) : 0x8cac2a78 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac2a10 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac2ae8 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac2a10)
((ntkrpamp!_LIST_ENTRY *)0x8cac2a10) : 0x8cac2a10 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac29a0 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac2a78 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac29a0)
((ntkrpamp!_LIST_ENTRY *)0x8cac29a0) : 0x8cac29a0 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac2938 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac2a10 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac2938)
((ntkrpamp!_LIST_ENTRY *)0x8cac2938) : 0x8cac2938 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac28d0 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac29a0 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac28d0)
((ntkrpamp!_LIST_ENTRY *)0x8cac28d0) : 0x8cac28d0 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac2868 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac2938 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac2868)
((ntkrpamp!_LIST_ENTRY *)0x8cac2868) : 0x8cac2868 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x8cac27f8 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac28d0 \[Type: _LIST_ENTRY \*
kd> dx -r1 ((ntkrpamp!_LIST_ENTRY *)0x8cac27f8)
((ntkrpamp!_LIST_ENTRY *)0x8cac27f8) : 0x8cac27f8 [Type: _LIST_ENTRY *]
+0x000\] Flink : 0x80c2dd70 \[Type: _LIST_ENTRY \*
+0x004\] Blink : 0x8cac2868 \[Type: _LIST_ENTRY \*
kd> !Process
PROCESS 80b2a6c0 SessionId: none Cid: 0000 Peb: 00000000 ParentCid: 0000
DirBase: 01000000 ObjectTable: e1001e38 HandleCount: 1.
Image: Idle
VadRoot 00000000 Vads 0 Clone 0 Private 0. Modified 0. Locked 0.
DeviceMap 00000000
Token e1002a50
ElapsedTime 00:00:00.000
UserTime 00:00:00.000
KernelTime 00:00:00.000
QuotaPoolUsage[PagedPool] 0
QuotaPoolUsage[NonPagedPool] 0
Working Set Sizes (now,min,max) (8, 50, 450) (32KB, 200KB, 1800KB)
PeakWorkingSetSize 0
VirtualSize 0 Mb
PeakVirtualSize 0 Mb
PageFaultCount 0
MemoryPriority BACKGROUND
BasePriority 0
CommitCharge 0
THREAD 80b2a460 Cid 0000.0000 Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 0
kd> !thread
THREAD 80b2a460 Cid 0000.0000 Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 0
Not impersonating
Owning Process 80b2a6c0 Image: Idle
Attached Process N/A Image: N/A
Wait Start TickCount 274647506 Ticks: 0
Context Switch Count 0 IdealProcessor: 0
UserTime 00:00:00.000
KernelTime 00:00:00.000
Stack Init 80b1e950 Current 80b1e724 Base 80b1e950 Limit 80b1b950 Call 00000000
Priority 0 BasePriority 0 PriorityDecrement 0 IoPriority 0 PagePriority 0
ChildEBP RetAddr Args to Child
80b1e69c 80b0a8f0 00000001 00000000 0000000e nt!RtlpBreakWithStatusInstruction (FPO: [1,0,0]) [d:\srv03rtm\base\ntos\rtl\i386\debug2.asm @ 59]
80b1e6a4 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x2c (FPO: [0,0,0]) [d:\srv03rtm\base\ntos\ke\i386\ctxswap.asm @ 1382]