lkd> lm kv
start end module name
804d8000 806e5000 nt (pdb symbols) c:\windows\symbols\exe\ntkrpamp.pdb
Loaded symbol image file: ntkrpamp.exe
Image path: ntkrpamp.exe
Image name: ntkrpamp.exe
Timestamp: Mon Apr 14 02:31:06 2008 (4802516A)
CheckSum: 001F3382
ImageSize: 0020D000
File version: 5.1.2600.5512
Product version: 5.1.2600.5512
File flags: 0 (Mask 3F)
File OS: 40004 NT Win32
File type: 1.0 App
File date: 00000000.00000000
Translations: 0804.04b0
CompanyName: Microsoft Corporation
ProductName: Microsoft(R) Windows(R) Operating System
InternalName: ntkrpamp.exe
OriginalFilename: ntkrpamp.exe
ProductVersion: 5.1.2600.5512
FileVersion: 5.1.2600.5512 (xpsp.080413-2111)
FileDescription: NT Kernel & System
LegalCopyright: (C) Microsoft Corporation. All rights reserved.
Unloaded modules:
a31ea000 a3215000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0002B000
a328a000 a32b5000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0002B000
a328a000 a32b5000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0002B000
a4336000 a4361000 kmixer.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0002B000
ba6fb000 ba6fc000 drmkaud.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00001000
a4838000 a4845000 DMusic.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000D000
a4401000 a4424000 aec.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00023000
b7784000 b7792000 swmidi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000E000
ba642000 ba644000 splitter.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00002000
ba248000 ba253000 imapi.sys
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 0000B000
ba340000 ba345000 Cdaudio.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00005000
b78fd000 b7900000 Sfloppy.SYS
Timestamp: unavailable (00000000)
Checksum: 00000000
ImageSize: 00003000
I/O系统:
1、一组分发例程
2、增加设备例程
3、初始化例程:dirverentry
4、启动IO例程
5、中断服务例程
6、DPC例程
可以使用winobj工具或者!Object来查看device下的设备名称:
lkd> !object \device
Object: e1011748 Type: (8a39f640) Directory
ObjectHeader: e1011730 (old version)
HandleCount: 0 PointerCount: 290
Directory Object: e1009030 Name: Device
14 symbolic links snapped through this directory
Hash Address Type Name
---- ------- ---- ----
00 8a2d0f18 Device KsecDD
8a2d5030 Device Ndis
89a50880 Device Beep
e1449ad0 SymbolicLink ScsiPort2
8a399610 Device 00000032
8a39a3d0 Device 00000025
8a351f10 Device 00000019
01 89991460 Device Netbios
e1474328 SymbolicLink ScsiPort3
8a3993d0 Device 00000033
8a39a190 Device 00000026
02 899e2168 Device Ip
8a398610 Device 00000040
87a11438 Device KSENUM#00000001
8a1c9030 Device {33BDAA0C-DB68-4E79-B11A-47F067E1B66D}
e148b6c8 SymbolicLink ScsiPort4
8a399190 Device 00000034
8a1c0ca8 Device RDP_CONSOLE0
8a350f10 Device 00000027
03 87d039e8 Device KSENUM#00000002
8a3092a8 Device {5775C892-1DBE-4797-A826-644E5631B01E}
8a2e95b8 Device ATKACPI
899bbc20 Device Fips
8a22a038 Device Video0
8a34ff10 Device 00000035
8a1c0290 Device RDP_CONSOLE1
8a2d3aa0 Device KeyboardClass0
8a3983d0 Device 00000041
8a350cd0 Device 00000028
04 8a1ca030 Device {6B3064DB-0EC8-485A-A910-EC0293F1E1F4}
8a070a58 Device NDProxy
87c64030 Device Sniffer_{5775C892-1DBE-4797-A826-644E5631B01E}
87c25348 Device SNIFFER
89e6e038 Device Video1
8a34fcd0 Device 00000036
8a1c08b8 Device KeyboardClass1
8a398190 Device 00000042
8a350a90 Device 00000029
05 899e0040 Device Video2
8a2fd040 Device Serial0
8a34ef10 Device 00000043
8a34fa90 Device 00000037
8a2d4e48 Device PointerClass0
8a1c1868 Device RdpDrDvMgr
8a34bf18 Device 00000050
8a39c240 Device 0000000a
06 899b19d0 Device {204DD0DA-BAFE-4566-A1D4-7BE56350CCD7}
8a1c5030 Device {A607EE81-E177-420F-A410-F78ADC3959AC}
8a1c8030 Device {1FBC0329-0BDA-42FC-9F38-2524EED70985}
899ddca0 Device Video3
8a34f850 Device 00000038
89d35030 Device USBPDO-0
8a34ecd0 Device 00000044
8a1bf5a8 Device Processor
8a1c2030 Device PointerClass1
8a34be00 Device 00000051
8a352f10 Device 0000000b
07 8a34e248 Device WMIDataDevice
e1493b38 Directory DmControl
89a70040 Device Video4
89cdb030 Device USBPDO-1
89d4a2e8 Device Selene.00
8a34f610 Device 00000039
8a34bce8 Device 00000052
8a34ace8 Device RawTape
8a352cd0 Device 0000000c
08 89c5b530 Device FloppyPDO0
87ce7670 Device PROCEXP141
87bddae8 Device WebDavRedirector
89cd3030 Device USBPDO-2
8a1c56b0 Device RdpDrPort
8a34bbd0 Device 00000053
8a2d0b10 Device NTPNP_PCI0000
8a34e628 Device 00000046
8a351cd0 Device 0000001a
8a352a90 Device 0000000d
09 89cca030 Device USBPDO-3
8a30e720 Device 00000047
8a3042d0 Device 00000060
8a34bab8 Device 00000054
8a2d0930 Device NTPNP_PCI0001
8a351a90 Device 0000001b
8a352850 Device 0000000e
10 89c37608 Device RasAcd
899e86e8 Device IPNAT
89cc0030 Device USBPDO-4
8a06b578 Device PSched
8a37e928 Device 00000048
8a2dc8f0 Device 00000061
8a34b9a0 Device 00000055
8a2d0750 Device NTPNP_PCI0002
8a351850 Device 0000001c
8a352610 Device 0000000f
11 899ea248 Device Tcp
899a3330 Device EncryptedDisk
87bb13b8 Device VMnetUserif
879d5030 Device ParallelVdm0
8a2d3520 Device ParallelPort0
89c72030 Device USBPDO-5
8a395b18 Device NTPNP_PCI0010
8a2dc560 Device 00000062
8a34b888 Device 00000056
8a34de50 Device NTPNP_PCI0003
8a305518 Device 00000049
8a351610 Device 0000001d
12 8882e918 Device NetBT_Tcpip_{204DD0DA-BAFE-4566-A1D4-7BE56350CCD7}
8a1c1988 Device RdpDr
899b3de8 Device USBPDO-6
e1023b18 Directory HarddiskDmVolumes
8a377540 Device 00000070
8a2dc448 Device 00000063
8a34b770 Device 00000057
8a3957e0 Device NTPNP_PCI0011
8a34db18 Device NTPNP_PCI0004
8a350850 Device 0000002a
8a3513d0 Device 0000001e
13 8a2ce030 Device HarddiskVolume1
89980500 Device NetBT_Tcpip_{37338A36-EE77-4050-B85D-AED67B37DAB7}
8a2d1570 Device {5829ECEF-E34F-4A0A-95EE-24F744D9D7B0}
e2c41bd8 Directory Http
8a377428 Device 00000071
8a34d7e0 Device NTPNP_PCI0005
8a2dc330 Device 00000064
8a34b658 Device 00000058
8a396e50 Device NTPNP_PCI0012
8a350610 Device 0000002b
8a351190 Device 0000001f
14 8a2fb9e0 Device HarddiskVolume2
8a0733d0 Device CdRom0
8a1c0e90 Device Termdd
884022b8 Device sysaudio
899b1030 Device FsWrap
8a34ce50 Device NTPNP_PCI0006
8a30d7b0 Device 00000072
8a2dc218 Device 00000065
8a34b540 Device 00000059
8a396b18 Device NTPNP_PCI0013
8a3503d0 Device 0000002c
15 899a3918 Device NetBT_Tcpip_{AFFA5C1D-A124-4BEC-BAA9-1EA1904D7171}
8a2d92b8 Device {37338A36-EE77-4050-B85D-AED67B37DAB7}
e14630a0 Directory Ide
87c289c8 Device Sniffer_{ADE7313F-E926-4A96-94BC-2034CDA11E55}
88817e88 Device VideoPdo0
8a303d30 Device NTPNP_PCI0020
899e6620 Device Parallel0
8a34cb18 Device NTPNP_PCI0007
8a34f3d0 Device 0000003a
8a2db030 Device 00000073
8a377030 Device 00000066
8a3967e0 Device NTPNP_PCI0014
8a350190 Device 0000002d
16 8a2d2030 Device 00000080
8a34f190 Device 0000003b
8a34c7e0 Device NTPNP_PCI0008
8a2db938 Device 00000074
8a377f18 Device 00000067
8a3039f8 Device NTPNP_PCI0021
8a396600 Device NTPNP_PCI0015
8a399f10 Device 0000002e
17 87c2b030 Device Sniffer_{204DD0DA-BAFE-4566-A1D4-7BE56350CCD7}
899bdcd8 Event VolumesSafeForWriteAccess
89d3b030 Device 00000081
8a395e50 Device NTPNP_PCI0009
8a2dc030 Device NTPNP_PCI0022
8a398f10 Device 0000003c
8a2db820 Device 00000075
8a377e00 Device 00000068
8a39db28 Device NTPNP_PCI0016
8a399cd0 Device 0000002f
18 87ab1d58 Device PECKbdProtector
87c28030 Device Sniffer_{AFFA5C1D-A124-4BEC-BAA9-1EA1904D7171}
8a2dccf8 Device NTPNP_PCI0023
8a377ce8 Device 00000069
8a39d948 Device NTPNP_PCI0017
8a398cd0 Device 0000003d
19 8a1c6030 Device {25142084-AAEF-4F10-92B3-295613D52F44}
87a144a0 Device hcmon
899bc480 Device NetBt_Wins_Export
8a398a90 Device 0000003e
8a39d768 Device NTPNP_PCI0018
8a34e9a0 Device 0000004a
20 8734c4e8 Device KSENUM#0000000c
8a398850 Device 0000003f
8a30a5f8 Device FSVideo
8a2fe3b8 Device 00000078
8a39d588 Device NTPNP_PCI0019
8a34e888 Device 0000004b
21 899b7368 Device NetbiosSmb
8a30a3b8 Device 00000079
8a345f18 Device 0000004c
22 8a305880 Device 0000004d
8a34b428 Device 0000005a
23 8a2db438 Device MountPointManager
8a1b6030 Device {ADE7313F-E926-4A96-94BC-2034CDA11E55}
899e97c8 Device ssmctl
8a37b030 Device 0000005b
8a2d0638 Device 0000004e
24 8a2d57d0 Device Mup
888899c0 Device WANARP
87cdbb48 Device LanmanServer
8a37bf18 Device 0000005c
8a39d470 Device 0000004f
25 899ea130 Device Udp
8a37be00 Device 0000005d
26 899e1918 Device NetBT_Tcpip_{ADE7313F-E926-4A96-94BC-2034CDA11E55}
e146c948 Directory Harddisk0
899eb030 Device RawIp
8a1cc030 Device NdisWanIp
8a397d50 Device 2203718790
8a377bd0 Device 0000006a
8a37bce8 Device 0000005e
8a353a40 Device 00000001
27 89c578d0 Device Floppy0
e14972e8 Directory Harddisk1
8a34af18 Device RawDisk
8a377ab8 Device 0000006b
8a37bbd0 Device 0000005f
8a3536e0 Device 00000002
28 888084e8 Device NetBT_Tcpip_{5775C892-1DBE-4797-A826-644E5631B01E}
8a227028 Device USBFDO-0
8a3779a0 Device 0000006c
89a2e9f0 Device Null
8a3534a0 Device 00000003
8a3523d0 Device 00000010
29 8a1c69d0 Device {62B6C129-2ACC-420E-B171-016704B1FFD2}
8a377888 Device 0000006d
89c5fae8 Device IPSEC
8a2e2028 Device USBFDO-1
89d34030 Device 0000007a
8a1c3030 Device ParTechInc0
8a353260 Device 00000004
8a352190 Device 00000011
30 899ec908 Device LanmanDatagramReceiver
e1001cc8 Section PhysicalMemory
8a1cdc48 Device NdisTapi
8a06bdf0 Device NdisWan
899ea3c8 Device IPMULTICAST
8a2df028 Device USBFDO-2
89cdcc98 Device 0000007b
8a1c3d98 Device ParTechInc1
8a376f10 Device DmLoader
8a377770 Device 0000006e
8a39bf10 Device 00000012
8a39c030 Device 00000005
31 899ad030 Device LanmanRedirector
8a1c97c0 Device Gpc
8a1bb820 Device {AFFA5C1D-A124-4BEC-BAA9-1EA1904D7171}
8a377658 Device 0000006f
8a20c028 Device USBFDO-3
89cd5c98 Device 0000007c
8a1c3b00 Device ParTechInc2
8a39bcd0 Device 00000013
8a39cc68 Device 00000006
32 89c38978 Device NamedPipe
87b908f8 Device vmx86
8a201028 Device USBFDO-4
89ccdc98 Device 0000007d
8a376030 Device FtControl
8a39af10 Device 00000020
8a39ca28 Device 00000007
33 89c58988 Device Mailslot
8a1c89d0 Device {73A1F4B0-8BD4-4CB8-AB51-ED6665B6CFC6}
8a1f5028 Device USBFDO-5
89cc4c98 Device 0000007e
8a39acd0 Device 00000021
8a39b850 Device 00000015
8a39c7e8 Device 00000008
34 899a84e0 Device Afd
879e4030 Device VMparport0
87c268d8 Device Ndisuio
87c48030 Device Sniffer_{37338A36-EE77-4050-B85D-AED67B37DAB7}
8a34ae00 Device RawCdRom
89c77c98 Device 0000007f
8a39aa90 Device 00000022
8a39b610 Device 00000016
8a39c5a8 Device 00000009
35 899e2718 Device Asusgio
87a8e7b8 Device vstor2
e101d080 SymbolicLink ScsiPort0
8a399a90 Device 00000030
8a39a850 Device 00000023
8a39b3d0 Device 00000017
36 e1024030 Directory Scsi
899a0340 Device avipbb
e149ae60 SymbolicLink ScsiPort1
e101b368 Directory WinDfs
8a399850 Device 00000031
8a39a610 Device 00000024
8a39b190 Device 00000018
利用内核调试器显示键盘类驱动程序的驱动程序对象
lkd> !drvobj kbdclass
Driver object (8a2d4a30) is for:
\Driver\Kbdclass
Driver Extension List: (id , addr)
Device Object list:
8a1c08b8 8a2d3aa0
根据以上的对象:
lkd> !devobj 8a1c08b8
Device object (8a1c08b8) is for:
KeyboardClass1 \Driver\Kbdclass DriverObject 8a2d4a30
Current Irp 00000000 RefCount 0 Type 0000000b Flags 00002044
Dacl e1495bfc DevExt 8a1c0970 DevObjExt 8a1c0a50
ExtensionFlags (0000000000)
AttachedTo (Lower) 8a1c0ca8 \Driver\TermDD
Device queue is not busy.
lkd> !devobj 8a2d3aa0
Device object (8a2d3aa0) is for:
KeyboardClass0 \Driver\Kbdclass DriverObject 8a2d4a30
Current Irp 00000000 RefCount 0 Type 0000000b Flags 00002044
Dacl e1495bfc DevExt 8a2d3b58 DevObjExt 8a2d3c38
ExtensionFlags (0000000000)
AttachedDevice (Upper) 87aa8020 \Driver\PECKbdProtector
AttachedTo (Lower) 8a2d3c88 \Driver\i8042prt
Device queue is not busy.
怎么会有2个键盘类?看到 \Driver\PECKbdProtector 这个设备应该是我的杀毒软件保护键盘输入的一个模拟键盘类!
查看IRP
lkd> !irpfind
unable to get large pool allocation table - either wrong symbols or pool tagging is disabled
Searching NonPaged pool (823c6000 : 8a3c6000) for Tag: Irp?
Irp [ Thread ] irpStack: (Mj,Mn) DevObj [Driver] MDL Process
870f0780 [87cca620] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
870fa5a8 [87ccec58] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
8713c5a0 [00000000] Irp is complete (CurrentLocation 3 > StackCount 2) 0x89a6f860
8714c8f8 [87cc0da8] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
87153a00 [87cc09b8] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
8715a358 [87cdb020] irpStack: ( c, 2) 8a2842f0 [ \FileSystem\Ntfs]
8715ab00 [88403da8] irpStack: ( c, 2) 8a2842f0 [ \FileSystem\Ntfs]
871ba190 [87cc0da8] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
871bca00 [87cca620] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
871c0878 [87c82020] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
871c1820 [87c81348] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
871e0b98 [87c874f0] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
871fb8f8 [87cca620] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
872568e0 [87ccbda8] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
8726ecf0 [87c81348] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
872a0260 [87ccec58] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
872be008 [87cc09b8] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
872c1838 [87cc09b8] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
8732edf0 [87cc09b8] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
87352288 [87cb0658] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
87353290 [87cabda8] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
8737bd90 [87ccec58] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
873a0960 [87cca620] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
873e1008 [87cabda8] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
87429b00 [87cabda8] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
87453568 [87ccec58] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
874d7ce0 [87ccec58] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
8752f310 [87cca620] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
8754d008 [87cabda8] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
8756a8b0 [87ccec58] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
875ab8c8 [87ccbda8] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
875ac2f8 [87ccbda8] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
875e5208 [87cc09b8] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
87604200 [87af1598] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
8760bc48 [87cca620] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
87622b88 [87bba380] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
876bfce8 [87cca620] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
87804758 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 0x87961278
8785ce70 [8786d630] irpStack: ( e, 0) 899ec908 [ \FileSystem\MRxSmb]
87880cd8 [87aed990] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
87943288 [87af1598] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
8796eb70 [87962868] irpStack: ( e, 9) 899a84e0 [ \Driver\AFD]
87992768 [87a3bda8] irpStack: ( e,20) 899a84e0 [ \Driver\AFD] 0x87ae8da0
879a2638 [87a39330] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
879b76d8 [87a89448] irpStack: ( e,20) 899a84e0 [ \Driver\AFD] 0x87b8a390
87a03008 [879a3020] irpStack: ( e,20) 899a84e0 [ \Driver\AFD] 0x87b8a390
87a40a28 [87aed990] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
87a4ae70 [87af1598] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
87a57e70 [87aed990] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
87a79e70 [87af1598] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
87a7c830 [879537b0] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
87a8e3f0 [879537b0] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
87a95a38 [87a397e0] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
87ab1008 [87a3dda8] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
87af8480 [87aed990] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
87af8818 [87a397e0] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
87afb6f8 [87a397e0] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
87b0ecb0 [87962868] irpStack: ( e, 9) 899a84e0 [ \Driver\AFD]
87b1ce70 [87a89448] irpStack: ( e,20) 899a84e0 [ \Driver\AFD] 0x87b8a390
87b23258 [87b96da8] irpStack: ( e, 0) 899ec908 [ \FileSystem\MRxSmb]
87b422b8 [87a397e0] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
87b44820 [8787e428] irpStack: ( e, 0) 899ec908 [ \FileSystem\MRxSmb]
87b4a930 [87b96da8] irpStack: ( e, 0) 899ec908 [ \FileSystem\MRxSmb]
87b4d008 [87ba24f0] irpStack: ( e, 9) 899a84e0 [ \Driver\AFD]
87b6f3a8 [87aaaa28] irpStack: ( e,20) 899a84e0 [ \Driver\AFD] 0x87b8a390
87b7a008 [87aed990] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
87b8b1e8 [87cabda8] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
87bcc470 [87a397e0] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
87bcf748 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 0x875b46f0
87c4ae70 [8787e428] irpStack: ( e, 0) 899ec908 [ \FileSystem\MRxSmb]
87c4b638 [87a397e0] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
87c6f608 [87cca620] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
87c78ec8 [87cb0658] irpStack: ( e, 0) 8a2dca88 [ \FileSystem\FltMgr]
87ca48b0 [87a397e0] irpStack: ( e,43) 899a84e0 [ \Driver\AFD]
87d08c50 [87ce9da8] irpStack: ( c, 2) 8a2842f0 [ \FileSystem\Ntfs]
8880d008 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 0x00000000
8880d5c8 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 0x00000000
8880d858 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 0x89a6f860
8880dd78 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 0x00000000
8880e008 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 0x00000000
8880e338 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 0x88817418
8880e5c8 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 0x88817418
8880e858 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 0x899a3ee4
8880eae8 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 0x899a3ee4
8880ed78 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 0x00000000
8880f008 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 0xffffffff
8880f338 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 0x00000000
8880f5c8 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 0xffffffff
8880f858 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 0xffffffff
8880fae8 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 0xffffffff
8880fd78 [00000000] Irp is complete (CurrentLocation 4 > StackCount 3) 0xffffffff
88810008 [00000000] I