Opened log file 'c:\DebuggingTV\0x28.txt' 1: kd> g Break instruction exception - code 80000003 (first chance) ******************************************************************************* * * * You are seeing this message because you pressed either * * CTRL+C (if you run console kernel debugger) or, * * CTRL+BREAK (if you run GUI kernel debugger), * * on your debugger machine's keyboard. * * * * THIS IS NOT A BUG OR A SYSTEM CRASH * * * * If you did not intend to break into the debugger, press the "g" key, then * * press the "Enter" key now. This message might immediately reappear. If it * * does, press "g" and "Enter" again. * * * ******************************************************************************* 1: kd> !session Sessions on machine: 4 Valid Sessions: 0 1 2 3 Error in reading current session 1: kd> !sprocess 3 Dumping Session 3 _MM_SESSION_SPACE fffff98015240000 _MMSESSION fffff98015240b40 PROCESS fffffa80014b98a0 SessionId: 3 Cid: 0d60 Peb: 7fffffdf000 ParentCid: 0d50 DirBase: 131e1000 ObjectTable: fffff88003045290 HandleCount: 85. Image: csrss.exe PROCESS fffffa80013f8040 SessionId: 3 Cid: 0d90 Peb: 7fffffde000 ParentCid: 0d50 DirBase: 08be7000 ObjectTable: fffff88001ff46a0 HandleCount: 115. Image: winlogon.exe PROCESS fffffa800161fc10 SessionId: 3 Cid: 0dc0 Peb: 7fffffdd000 ParentCid: 0d90 DirBase: 15270000 ObjectTable: fffff880033962b0 HandleCount: 175. Image: LogonUI.exe 1: kd> !sprocess 2 Dumping Session 2 _MM_SESSION_SPACE fffff98015248000 _MMSESSION fffff98015248b40 PROCESS fffffa80014558b0 SessionId: 2 Cid: 0b44 Peb: 7fffffdf000 ParentCid: 0580 DirBase: 176bb000 ObjectTable: fffff880018b2ba0 HandleCount: 267. Image: csrss.exe PROCESS fffffa80013c4190 SessionId: 2 Cid: 0b40 Peb: 7fffffde000 ParentCid: 0580 DirBase: 1f341000 ObjectTable: fffff880008fcd40 HandleCount: 125. Image: winlogon.exe PROCESS fffffa80011c2ba0 SessionId: 2 Cid: 0be0 Peb: 7fffffd8000 ParentCid: 03d4 DirBase: 33ed9000 ObjectTable: fffff88002f2f6d0 HandleCount: 293. Image: taskeng.exe PROCESS fffffa800142b040 SessionId: 2 Cid: 027c Peb: 7fffffd8000 ParentCid: 0450 DirBase: 325c1000 ObjectTable: fffff88002ff0ae0 HandleCount: 530. Image: explorer.exe PROCESS fffffa800152f040 SessionId: 2 Cid: 0514 Peb: 7fffffdf000 ParentCid: 03c4 DirBase: 17f01000 ObjectTable: fffff8800273f410 HandleCount: 82. Image: dwm.exe PROCESS fffffa80014f0c10 SessionId: 2 Cid: 0b54 Peb: 7fffffdf000 ParentCid: 027c DirBase: 09473000 ObjectTable: fffff880032b2ec0 HandleCount: 383. Image: MSASCui.exe PROCESS fffffa80038dda30 SessionId: 2 Cid: 09d0 Peb: 7fffffde000 ParentCid: 027c DirBase: 1b2aa000 ObjectTable: fffff88002bc6e90 HandleCount: 68. Image: VMwareTray.exe PROCESS fffffa80015822f0 SessionId: 2 Cid: 09e8 Peb: 7fffffdc000 ParentCid: 027c DirBase: 140ca000 ObjectTable: fffff880031e2470 HandleCount: 141. Image: vmtoolsd.exe PROCESS fffffa800136cc10 SessionId: 2 Cid: 0bdc Peb: 7fffffd3000 ParentCid: 027c DirBase: 115b0000 ObjectTable: fffff8800340c550 HandleCount: 431. Image: sidebar.exe 1: kd> !sprocess 1 Dumping Session 1 _MM_SESSION_SPACE fffff98001223000 _MMSESSION fffff98001223b40 PROCESS fffffa80024292f0 SessionId: 1 Cid: 01ec Peb: 7fffffdb000 ParentCid: 01e0 DirBase: 20b72000 ObjectTable: fffff88001882a30 HandleCount: 207. Image: csrss.exe PROCESS fffffa80024a3480 SessionId: 1 Cid: 0234 Peb: 7fffffde000 ParentCid: 01e0 DirBase: 1f3f9000 ObjectTable: fffff880018d8430 HandleCount: 126. Image: winlogon.exe PROCESS fffffa80039f5850 SessionId: 1 Cid: 0610 Peb: 7fffffd3000 ParentCid: 03c4 DirBase: 13016000 ObjectTable: fffff88001e54f10 HandleCount: 75. Image: dwm.exe PROCESS fffffa80039e77e0 SessionId: 1 Cid: 0630 Peb: 7fffffdf000 ParentCid: 05e8 DirBase: 12c6f000 ObjectTable: fffff88001cc76a0 HandleCount: 541. Image: explorer.exe PROCESS fffffa8003594c10 SessionId: 1 Cid: 0708 Peb: 7fffffd8000 ParentCid: 0630 DirBase: 0c75f000 ObjectTable: fffff88001fc3c50 HandleCount: 381. Image: MSASCui.exe PROCESS fffffa80034ac040 SessionId: 1 Cid: 0710 Peb: 7fffffde000 ParentCid: 0630 DirBase: 0be2d000 ObjectTable: fffff88001fd6c80 HandleCount: 65. Image: VMwareTray.exe PROCESS fffffa80034b79b0 SessionId: 1 Cid: 0720 Peb: 7fffffd7000 ParentCid: 0630 DirBase: 0b3e9000 ObjectTable: fffff88001fc6c60 HandleCount: 209. Image: vmtoolsd.exe PROCESS fffffa8004074a80 SessionId: 1 Cid: 07d0 Peb: 7fffffd8000 ParentCid: 03d4 DirBase: 07510000 ObjectTable: fffff88001b833a0 HandleCount: 315. Image: taskeng.exe 1: kd> x win32k!*SendMessage* fffff960`0013e380 win32k!GetSendMessageReceiver () fffff960`0007f550 win32k!xxxSendMessageEx () fffff960`000c9020 win32k!xxxSendMessageToClient () fffff960`0006fbd0 win32k!xxxSendMessageCallback () fffff960`000704d0 win32k!xxxWrapSendMessageBSM () fffff960`0025eba0 win32k!gapfnScSendMessage = fffff960`000dd9a0 win32k!NtUserQuerySendMessage () fffff960`000c88b0 win32k!xxxSendMessageTimeout () fffff960`001504d0 win32k!ClientI_WMsgkSendMessage () fffff960`000e56b0 win32k!xxxWrapSendMessageCallback () fffff960`00070600 win32k!xxxSendMessageBSM () fffff960`0013e020 win32k!xxxSendMessageFF () fffff960`000ce7d0 win32k!ClearSendMessages () fffff960`00120e00 win32k!xxxSendMessageToUI () fffff960`000723a0 win32k!xxxProcessAsyncSendMessage () fffff960`00083a70 win32k!xxxWrapSendMessage () 1: kd> uf fffff960`000c9020 No code found, aborting 1: kd> !session -s 2 Sessions on machine: 4 .process /P fffffa80014558b0 Implicit process is now fffffa80`014558b0 .cache forcedecodeptes done Using session 2 1: kd> uf win32k!xxxSendMessageToClient win32k!xxxSendMessageToClient: fffff960`000c9020 488bc4 mov rax,rsp fffff960`000c9023 48895808 mov qword ptr [rax+8],rbx fffff960`000c9027 48896810 mov qword ptr [rax+10h],rbp fffff960`000c902b 48897018 mov qword ptr [rax+18h],rsi fffff960`000c902f 48897820 mov qword ptr [rax+20h],rdi fffff960`000c9033 4154 push r12 fffff960`000c9035 4883ec60 sub rsp,60h fffff960`000c9039 498be8 mov rbp,r8 fffff960`000c903c 448a412a mov r8b,byte ptr [rcx+2Ah] fffff960`000c9040 41bc01000000 mov r12d,1 fffff960`000c9046 41c1e803 shr r8d,3 fffff960`000c904a 498bf1 mov rsi,r9 fffff960`000c904d 4c8b0d3c6c1c00 mov r9,qword ptr [win32k!gpsi (fffff960`0028fc90)] fffff960`000c9054 4523c4 and r8d,r12d fffff960`000c9057 833d32b71b0000 cmp dword ptr [win32k!gihmodUserApiHook (fffff960`00284790)],0 fffff960`000c905e 8bda mov ebx,edx fffff960`000c9060 4c8bd9 mov r11,rcx fffff960`000c9063 0f8d38010000 jge win32k!xxxSendMessageToClient+0x181 (fffff960`000c91a1) win32k!xxxSendMessageToClient+0x49: fffff960`000c9069 0fb74942 movzx ecx,word ptr [rcx+42h] fffff960`000c906d 6681e1ff3f and cx,3FFFh fffff960`000c9072 8d815ffdffff lea eax,[rcx-2A1h] fffff960`000c9078 6683f809 cmp ax,9 fffff960`000c907c 0f871f010000 ja win32k!xxxSendMessageToClient+0x181 (fffff960`000c91a1) win32k!xxxSendMessageToClient+0x62: fffff960`000c9082 498b8390000000 mov rax,qword ptr [r11+90h] fffff960`000c9089 0fb7f9 movzx edi,cx fffff960`000c908c 493b84f970edffff cmp rax,qword ptr [r9+rdi*8-1290h] fffff960`000c9094 740e je win32k!xxxSendMessageToClient+0x84 (fffff960`000c90a4) win32k!xxxSendMessageToClient+0x76: fffff960`000c9096 493b84f9b8ecffff cmp rax,qword ptr [r9+rdi*8-1348h] fffff960`000c909e 0f85fd000000 jne win32k!xxxSendMessageToClient+0x181 (fffff960`000c91a1) win32k!xxxSendMessageToClient+0x84: fffff960`000c90a4 0fb7c1 movzx eax,cx fffff960`000c90a7 2d9a020000 sub eax,29Ah fffff960`000c90ac 4863c8 movsxd rcx,eax fffff960`000c90af 488d05ca691c00 lea rax,[win32k!gSharedInfo+0x20 (fffff960`0028fa80)] fffff960`000c90b6 4803c9 add rcx,rcx fffff960`000c90b9 4c8b54c808 mov r10,qword ptr [rax+rcx*8+8] fffff960`000c90be 4d85d2 test r10,r10 fffff960`000c90c1 7422 je win32k!xxxSendMessageToClient+0xc5 (fffff960`000c90e5) win32k!xxxSendMessageToClient+0xa3: fffff960`000c90c3 3b1cc8 cmp ebx,dword ptr [rax+rcx*8] fffff960`000c90c6 7717 ja win32k!xxxSendMessageToClient+0xbf (fffff960`000c90df) win32k!xxxSendMessageToClient+0xa8: fffff960`000c90c8 8bcb mov ecx,ebx fffff960`000c90ca 488bc3 mov rax,rbx fffff960`000c90cd 418bd4 mov edx,r12d fffff960`000c90d0 83e107 and ecx,7 fffff960`000c90d3 48c1e803 shr rax,3 fffff960`000c90d7 d3e2 shl edx,cl fffff960`000c90d9 42841410 test byte ptr [rax+r10],dl fffff960`000c90dd 7506 jne win32k!xxxSendMessageToClient+0xc5 (fffff960`000c90e5) win32k!xxxSendMessageToClient+0xbf: fffff960`000c90df 4584632a test byte ptr [r11+2Ah],r12b fffff960`000c90e3 7469 je win32k!xxxSendMessageToClient+0x12e (fffff960`000c914e) win32k!xxxSendMessageToClient+0xc5: fffff960`000c90e5 8bc3 mov eax,ebx fffff960`000c90e7 8bd3 mov edx,ebx fffff960`000c90e9 25ffff0100 and eax,1FFFFh fffff960`000c90ee 3d00040000 cmp eax,400h fffff960`000c90f3 488b842490000000 mov rax,qword ptr [rsp+90h] fffff960`000c90fb 4889442438 mov qword ptr [rsp+38h],rax fffff960`000c9100 498b84f9f0edffff mov rax,qword ptr [r9+rdi*8-1210h] fffff960`000c9108 4489442430 mov dword ptr [rsp+30h],r8d fffff960`000c910d 4889442428 mov qword ptr [rsp+28h],rax fffff960`000c9112 4c8bce mov r9,rsi fffff960`000c9115 7218 jb win32k!xxxSendMessageToClient+0x10f (fffff960`000c912f) win32k!xxxSendMessageToClient+0xf7: fffff960`000c9117 418bc8 mov ecx,r8d fffff960`000c911a 48894c2420 mov qword ptr [rsp+20h],rcx win32k!xxxSendMessageToClient+0xff: fffff960`000c911f 4c8bc5 mov r8,rbp fffff960`000c9122 498bcb mov rcx,r11 fffff960`000c9125 e8e6350000 call win32k!SfnDWORD (fffff960`000cc710) fffff960`000c912a e9d7000000 jmp win32k!xxxSendMessageToClient+0x1e6 (fffff960`000c9206) win32k!xxxSendMessageToClient+0x10f: fffff960`000c912f 0fb7cb movzx ecx,bx fffff960`000c9132 4c8d25c76ef3ff lea r12,[win32k!DereferenceW32Process (win32k+0x0) (fffff960`00000000)] fffff960`000c9139 468a9421b0ef2500 mov r10b,byte ptr [rcx+r12+25EFB0h] fffff960`000c9141 418bc8 mov ecx,r8d fffff960`000c9144 48894c2420 mov qword ptr [rsp+20h],rcx fffff960`000c9149 e9a6000000 jmp win32k!xxxSendMessageToClient+0x1d4 (fffff960`000c91f4) win32k!xxxSendMessageToClient+0x12e: fffff960`000c914e 8bbc2498000000 mov edi,dword ptr [rsp+98h] fffff960`000c9155 85ff test edi,edi fffff960`000c9157 7422 je win32k!xxxSendMessageToClient+0x15b (fffff960`000c917b) win32k!xxxSendMessageToClient+0x139: fffff960`000c9159 488b0d18741c00 mov rcx,qword ptr [win32k!gptiCurrent (fffff960`00290578)] fffff960`000c9160 4c895c2448 mov qword ptr [rsp+48h],r11 fffff960`000c9165 488b4160 mov rax,qword ptr [rcx+60h] fffff960`000c9169 4889442440 mov qword ptr [rsp+40h],rax fffff960`000c916e 488d442440 lea rax,[rsp+40h] fffff960`000c9173 48894160 mov qword ptr [rcx+60h],rax fffff960`000c9177 45016308 add dword ptr [r11+8],r12d win32k!xxxSendMessageToClient+0x15b: fffff960`000c917b 4c8bce mov r9,rsi fffff960`000c917e 4c8bc5 mov r8,rbp fffff960`000c9181 8bd3 mov edx,ebx fffff960`000c9183 498bcb mov rcx,r11 fffff960`000c9186 e88552fcff call win32k!xxxDefWindowProc (fffff960`0008e410) fffff960`000c918b 85ff test edi,edi fffff960`000c918d 488b8c24a0000000 mov rcx,qword ptr [rsp+0A0h] fffff960`000c9195 488901 mov qword ptr [rcx],rax fffff960`000c9198 747a je win32k!xxxSendMessageToClient+0x1f4 (fffff960`000c9214) win32k!xxxSendMessageToClient+0x17a: fffff960`000c919a e8a1f3ffff call win32k!ThreadUnlock1 (fffff960`000c8540) fffff960`000c919f eb73 jmp win32k!xxxSendMessageToClient+0x1f4 (fffff960`000c9214) win32k!xxxSendMessageToClient+0x181: fffff960`000c91a1 8bc3 mov eax,ebx fffff960`000c91a3 8bd3 mov edx,ebx fffff960`000c91a5 25ffff0100 and eax,1FFFFh fffff960`000c91aa 3d00040000 cmp eax,400h fffff960`000c91af 488b842490000000 mov rax,qword ptr [rsp+90h] fffff960`000c91b7 4889442438 mov qword ptr [rsp+38h],rax fffff960`000c91bc 498b81e8020000 mov rax,qword ptr [r9+2E8h] fffff960`000c91c3 4489442430 mov dword ptr [rsp+30h],r8d fffff960`000c91c8 4889442428 mov qword ptr [rsp+28h],rax fffff960`000c91cd 498b8390000000 mov rax,qword ptr [r11+90h] fffff960`000c91d4 4c8bce mov r9,rsi fffff960`000c91d7 4889442420 mov qword ptr [rsp+20h],rax fffff960`000c91dc 0f833dffffff jae win32k!xxxSendMessageToClient+0xff (fffff960`000c911f) win32k!xxxSendMessageToClient+0x1c2: fffff960`000c91e2 4c8d25176ef3ff lea r12,[win32k!DereferenceW32Process (win32k+0x0) (fffff960`00000000)] fffff960`000c91e9 0fb7cb movzx ecx,bx fffff960`000c91ec 468a9421b0ef2500 mov r10b,byte ptr [rcx+r12+25EFB0h] win32k!xxxSendMessageToClient+0x1d4: fffff960`000c91f4 4183e23f and r10d,3Fh fffff960`000c91f8 4c8bc5 mov r8,rbp fffff960`000c91fb 498bcb mov rcx,r11 fffff960`000c91fe 43ff94d4a0eb2500 call qword ptr [r12+r10*8+25EBA0h] win32k!xxxSendMessageToClient+0x1e6: fffff960`000c9206 4c8bd8 mov r11,rax fffff960`000c9209 488b8424a0000000 mov rax,qword ptr [rsp+0A0h] fffff960`000c9211 4c8918 mov qword ptr [rax],r11 win32k!xxxSendMessageToClient+0x1f4: fffff960`000c9214 4c8d5c2460 lea r11,[rsp+60h] fffff960`000c9219 498b5b10 mov rbx,qword ptr [r11+10h] fffff960`000c921d 498b6b18 mov rbp,qword ptr [r11+18h] fffff960`000c9221 498b7320 mov rsi,qword ptr [r11+20h] fffff960`000c9225 498b7b28 mov rdi,qword ptr [r11+28h] fffff960`000c9229 498be3 mov rsp,r11 fffff960`000c922c 415c pop r12 fffff960`000c922e c3 ret 1: kd> ba e 1 win32k!xxxSendMessageToClient 1: kd> g Breakpoint 0 hit 1: kd> .prompt_allow Allow the following information to be displayed at the prompt: (Other settings can affect whether the information is actually displayed) None Do not allow the following information to be displayed at the prompt: sym - Symbol for current instruction dis - Disassembly of current instruction ea - Effective address for current instruction reg - Register state src - Source info for current instruction 1: kd> .prompt_allow +sym Allow the following information to be displayed at the prompt: (Other settings can affect whether the information is actually displayed) sym - Symbol for current instruction Do not allow the following information to be displayed at the prompt: dis - Disassembly of current instruction ea - Effective address for current instruction reg - Register state src - Source info for current instruction 1: kd> g Breakpoint 0 hit win32k!xxxSendMessageToClient: 1: kd> .prompt_allow -sym Allow the following information to be displayed at the prompt: (Other settings can affect whether the information is actually displayed) None Do not allow the following information to be displayed at the prompt: sym - Symbol for current instruction dis - Disassembly of current instruction ea - Effective address for current instruction reg - Register state src - Source info for current instruction 1: kd> g Breakpoint 0 hit 1: kd> r rax=fffff9801d3fe440 rbx=0000000000000000 rcx=fffff900c0562ab0 rdx=0000000000000020 rsi=fffff900c0562ab0 rdi=0000000000000000 rip=fffff960000c9020 rsp=fffff9801d3fe388 rbp=0000000000000020 r8=000000000001001e r9=0000000002000001 r10=fffff900c0562ab0 r11=fffff96000000000 r12=0000000000000004 r13=000000000001001e r14=0000000000000000 r15=0000000002000001 iopl=0 nv up ei pl zr na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000246 win32k!xxxSendMessageToClient: fffff960`000c9020 488bc4 mov rax,rsp 1: kd> dq fffff900c0562ab0 fffff900`c0562ab0 00000000`0001001c 00000000`00000008 fffff900`c0562ac0 fffff900`c07bba60 fffffa80`014c5200 fffff900`c0562ad0 fffff900`c0562ab0 80000700`00020040 fffff900`c0562ae0 96000000`80000800 000007fe`fc230000 fffff900`c0562af0 00000000`00000000 fffff900`c05624b0 fffff900`c0562b00 fffff900`c0562620 fffff900`c0560b60 fffff900`c0562b10 fffff900`c0562cf0 00000000`00000000 fffff900`c0562b20 00000000`00000000 00000258`00000320 1: kd> g Breakpoint 0 hit 0: kd> r rax=fffff980134d1a10 rbx=fffff900c06da010 rcx=fffff900c0804b00 rdx=0000000000000403 rsi=fffff900c1c397d0 rdi=0000000000000000 rip=fffff960000c9020 rsp=fffff980134d18d8 rbp=fffff980134d1ca0 r8=000000000000c026 r9=0000000000000630 r10=fffff900c0804b00 r11=0000000000000000 r12=0000000000000000 r13=00000000000025ff r14=0000000000000000 r15=0000000000000000 iopl=0 nv up ei pl zr na po nc cs=0010 ss=0018 ds=002b es=002b fs=0053 gs=002b efl=00000246 win32k!xxxSendMessageToClient: fffff960`000c9020 488bc4 mov rax,rsp 0: kd> dq rcx fffff900`c0804b00 00000000`00010080 00000000`00000005 fffff900`c0804b10 fffff900`c1c397d0 fffffa80`024b9aa0 fffff900`c0804b20 fffff900`c0804b00 80000700`40000018 fffff900`c0804b30 04c00000`00000100 000007fe`fdde0000 fffff900`c0804b40 00000000`00000000 fffff900`c0804970 fffff900`c0804b50 fffff900`c0811330 fffff900`c0800b60 fffff900`c0804b60 00000000`00000000 00000000`00000000 fffff900`c0804b70 00000000`00000000 0000001b`00000070 0: kd> !process -1 0 PROCESS fffffa80039e77e0 SessionId: 1 Cid: 0630 Peb: 7fffffdf000 ParentCid: 05e8 DirBase: 12c6f000 ObjectTable: fffff88001cc76a0 HandleCount: 543. Image: explorer.exe 0: kd> g Breakpoint 0 hit 1: kd> !process -1 0 PROCESS fffffa800142b040 SessionId: 2 Cid: 027c Peb: 7fffffd8000 ParentCid: 0450 DirBase: 325c1000 ObjectTable: fffff88002ff0ae0 HandleCount: 532. Image: explorer.exe 1: kd> ba e 1 win32k!xxxSendMessageToClient "!process -1 0; .printf \"hWnd: %p uMsg: %p wParam: %p lParam: %p\", poi(@rcx), poi(@rcx+@$ptrsize), poi(@rcx+2*@$ptrsize), poi(@rcx+3*@$ptrsize); .echo; .echo; g" breakpoint 0 redefined 1: kd> g PROCESS fffffa80039e77e0 SessionId: 1 Cid: 0630 Peb: 7fffffdf000 ParentCid: 05e8 DirBase: 12c6f000 ObjectTable: fffff88001cc76a0 HandleCount: 544. Image: explorer.exe hWnd: 00000000000100f2 uMsg: 0000000000000005 wParam: fffff900c1dfb010 lParam: fffffa80024b9aa0 PROCESS fffffa80039e77e0 SessionId: 1 Cid: 0630 Peb: 7fffffdf000 ParentCid: 05e8 DirBase: 12c6f000 ObjectTable: fffff88001cc76a0 HandleCount: 543. Image: explorer.exe hWnd: 000000000001007e uMsg: 0000000000000005 wParam: fffff900c1c42d60 lParam: fffffa80024b9aa0 PROCESS fffffa800142b040 SessionId: 2 Cid: 027c Peb: 7fffffd8000 ParentCid: 0450 DirBase: 325c1000 ObjectTable: fffff88002ff0ae0 HandleCount: 533. Image: explorer.exe hWnd: 0000000000010120 uMsg: 0000000000000005 wParam: fffff900c071b540 lParam: fffffa800137d480 PROCESS fffffa800142b040 SessionId: 2 Cid: 027c Peb: 7fffffd8000 ParentCid: 0450 DirBase: 325c1000 ObjectTable: fffff88002ff0ae0 HandleCount: 532. Image: explorer.exe hWnd: 00000000000100ae uMsg: 0000000000000005 wParam: fffff900c070a190 lParam: fffffa800137d480 PROCESS fffffa80039e77e0 SessionId: 1 Cid: 0630 Peb: 7fffffdf000 ParentCid: 05e8 DirBase: 12c6f000 ObjectTable: fffff88001cc76a0 HandleCount: 544. Image: explorer.exe hWnd: 000000000001005a uMsg: 000000000000002f wParam: fffff900c1c42d60 lParam: fffffa80024b9aa0 PROCESS fffffa800142b040 SessionId: 2 Cid: 027c Peb: 7fffffd8000 ParentCid: 0450 DirBase: 325c1000 ObjectTable: fffff88002ff0ae0 HandleCount: 535. Image: explorer.exe hWnd: 0000000000010086 uMsg: 000000000000002f wParam: fffff900c070a190 lParam: fffffa800137d480 PROCESS fffffa800142b040 SessionId: 2 Cid: 027c Peb: 7fffffd8000 ParentCid: 0450 DirBase: 325c1000 ObjectTable: fffff88002ff0ae0 HandleCount: 535. Image: explorer.exe hWnd: 00000000000100ae uMsg: 0000000000000009 wParam: fffff900c070a190 lParam: fffffa800137d480 PROCESS fffffa800142b040 SessionId: 2 Cid: 027c Peb: 7fffffd8000 ParentCid: 0450 DirBase: 325c1000 ObjectTable: fffff88002ff0ae0 HandleCount: 535. Image: explorer.exe hWnd: 00000000000100ae uMsg: 0000000000000009 wParam: fffff900c070a190 lParam: fffffa800137d480 PROCESS fffffa800142b040 SessionId: 2 Cid: 027c Peb: 7fffffd8000 ParentCid: 0450 DirBase: 325c1000 ObjectTable: fffff88002ff0ae0 HandleCount: 535. Image: explorer.exe hWnd: 00000000000100ae uMsg: 0000000000000009 wParam: fffff900c070a190 lParam: fffffa800137d480 PROCESS fffffa800142b040 SessionId: 2 Cid: 027c Peb: 7fffffd8000 ParentCid: 0450 DirBase: 325c1000 ObjectTable: fffff88002ff0ae0 HandleCount: 535. Image: explorer.exe hWnd: 00000000000100ae uMsg: 0000000000000009 wParam: fffff900c070a190 lParam: fffffa800137d480 PROCESS fffffa80039e77e0 SessionId: 1 Cid: 0630 Peb: 7fffffdf000 ParentCid: 05e8 DirBase: 12c6f000 ObjectTable: fffff88001cc76a0 HandleCount: 544. Image: explorer.exe hWnd: 000000000001007e uMsg: 0000000000000006 wParam: fffff900c1c42d60 lParam: fffffa80024b9aa0 PROCESS fffffa80039e77e0 SessionId: 1 Cid: 0630 Peb: 7fffffdf000 ParentCid: 05e8 DirBase: 12c6f000 ObjectTable: fffff88001cc76a0 HandleCount: 545. Image: explorer.exe hWnd: 000000000001007e uMsg: 0000000000000007 wParam: fffff900c1c42d60 lParam: fffffa80024b9aa0 PROCESS fffffa80039e77e0 SessionId: 1 Cid: 0630 Peb: 7fffffdf000 ParentCid: 05e8 DirBase: 12c6f000 ObjectTable: fffff88001cc76a0 HandleCount: 546. Image: explorer.exe hWnd: 000000000001007e uMsg: 0000000000000008 wParam: fffff900c1c42d60 lParam: fffffa80024b9aa0 PROCESS fffffa80039e77e0 SessionId: 1 Cid: 0630 Peb: 7fffffdf000 ParentCid: 05e8 DirBase: 12c6f000 ObjectTable: fffff88001cc76a0 HandleCount: 547. Image: explorer.exe hWnd: 000000000001007e uMsg: 0000000000000009 wParam: fffff900c1c42d60 lParam: fffffa80024b9aa0 PROCESS fffffa80014a6850 SessionId: 2 Cid: 0c78 Peb: 7fffffde000 ParentCid: 02e8 DirBase: 2df81000 ObjectTable: fffff880027d39d0 HandleCount: 61. Image: dllhost.exe hWnd: 000000000006001e uMsg: 0000000000000002 wParam: fffff900c07ea870 lParam: fffffa800137d480 PROCESS fffffa80014a6850 SessionId: 2 Cid: 0c78 Peb: 7fffffde000 ParentCid: 02e8 DirBase: 2df81000 ObjectTable: fffff880027d39d0 HandleCount: 61. Image: dllhost.exe hWnd: 000000000006001e uMsg: 0000000000000004 wParam: fffff900c07ea870 lParam: fffffa800137d480 PROCESS fffffa80014a6850 SessionId: 2 Cid: 0c78 Peb: 7fffffde000 ParentCid: 02e8 DirBase: 2df81000 ObjectTable: fffff880027d39d0 HandleCount: 61. Image: dllhost.exe hWnd: 000000000006001e uMsg: 0000000000000004 wParam: fffff900c07ea870 lParam: fffffa800137d480 0: kd> .logclose Closing open log file c:\DebuggingTV\0x28.txt