Make that w3wp.exe process(es).
Pat
"Pat [MSFT]" <patfilot DeleteThis @online.microsoft.com> wrote in message
news:%23x3GgRcIEHA.3060@TK2MSFTNGP11.phx.gbl...
> Thread 9 is handling a FTP download, looks like it is taking a while.
>
> No ASP pages, etc. They are probably running in a dllhost. Re-run
IISState
> against any dllhosts that are running when the problem occurs.
>
> Pat
>
> "K" <news.nospam DeleteThis @mcglashan.com.au> wrote in message
> news:OWcqi2bIEHA.3356@TK2MSFTNGP11.phx.gbl...
> > Can anyone tell me what's causing one of my sites to periodically stop
> > responding based on the IISState log, run immediately prior to recycling
> the
> > Application Pool following no response from the site, below.
> >
> >
> > Opened log file 'C:\iisstate\output\IISState-1424.log'
> >
> > ***********************
> > Starting new log output
> > IISState version 3.3.1
> >
> > Wed Apr 14 11:00:14 2004
> >
> > OS = Windows 2003 Server
> > Executable: inetinfo.exe
> > PID = 1424
> >
> > Note: Thread times are formatted as HH:MM:SS.ms
> >
> > ***********************
> >
> >
> >
> >
> > Thread ID: 0
> > System Thread ID: 594
> > Kernel Time: 0:0:0.0
> > User Time: 0:0:0.15
> > Thread Type: Other
> > # ChildEBP RetAddr
> > 00 0006f9a8 77f4303b SharedUserData!SystemCallStub+0x4
> > 01 0006f9ac 77e4905d ntdll!NtReadFile+0xc
> > 02 0006fa14 77db51f1 kernel32!ReadFile+0x16c
> > 03 0006fa40 77db5297 ADVAPI32!ScGetPipeInput+0x28
> > 04 0006fab0 77dfa7f1 ADVAPI32!ScDispatcherLoop+0x4c
> > 05 0006fcec 01002655 ADVAPI32!StartServiceCtrlDispatcherA+0x91
> > 06 0006fe1c 010027ea inetinfo!StartDispatchTable+0x214
> > 07 0006ff44 01003160 inetinfo!main+0x104
> > 08 0006ffc0 77e4f38c inetinfo!mainCRTStartup+0x12f
> > 09 0006fff0 00000000 kernel32!BaseProcessStart+0x23
> >
> >
> >
> >
> > Thread ID: 1
> > System Thread ID: 598
> > Kernel Time: 0:0:0.0
> > User Time: 0:0:0.0
> > Thread Type: Other
> > # ChildEBP RetAddr
> > 00 0083fe18 77f43741 SharedUserData!SystemCallStub+0x4
> > 01 0083fe1c 77e41817 ntdll!ZwWaitForSingleObject+0xc
> > 02 0083fe8c 77e4168f kernel32!WaitForSingleObjectEx+0xac
> > 03 0083fe9c 01002cf9 kernel32!WaitForSingleObject+0xf
> > 04 0083ffb8 77e4a990 inetinfo!W3SVCThreadEntry+0x3b
> > 05 0083ffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 2
> > System Thread ID: 59c
> > Kernel Time: 0:0:0.31
> > User Time: 0:0:0.62
> > Thread Type: Other
> > # ChildEBP RetAddr
> > 00 0087fcc4 77f43741 SharedUserData!SystemCallStub+0x4
> > 01 0087fcc8 77e41817 ntdll!ZwWaitForSingleObject+0xc
> > 02 0087fd38 77e4168f kernel32!WaitForSingleObjectEx+0xac
> > 03 0087fd48 649f24ac kernel32!WaitForSingleObject+0xf
> > 04 0087fd70 010023b6 iisadmin!ServiceEntry+0x214
> > 05 0087ffa8 77db571b inetinfo!InetinfoStartService+0x2a6
> > 06 0087ffb8 77e4a990 ADVAPI32!ScSvcctrlThreadA+0xe
> > 07 0087ffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 3
> > System Thread ID: 5b0
> > Kernel Time: 0:0:0.0
> > User Time: 0:0:0.0
> > Thread Type: Other
> > # ChildEBP RetAddr
> > 00 00a7ff9c 77f4262b SharedUserData!SystemCallStub+0x4
> > 01 00a7ffa0 77f6b5b2 ntdll!NtDelayExecution+0xc
> > 02 00a7ffb8 77e4a990 ntdll!RtlpTimerThread+0x45
> > 03 00a7ffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 4
> > System Thread ID: 5b8
> > Kernel Time: 0:0:0.15
> > User Time: 0:0:0.31
> > Thread Status: Thread is in a WAIT state.
> > Thread Type: Other
> > # ChildEBP RetAddr
> > 00 00b8feb0 77f4372d SharedUserData!SystemCallStub+0x4
> > 01 00b8feb4 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
> > 02 00b8ff5c 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
> > 03 00b8ff74 6e0b377a kernel32!WaitForMultipleObjects+0x17
> > 04 00b8ffa0 6e0b6012 COADMIN!NOTIFY_CONTEXT::GetNextContext+0x68
> > 05 00b8ffb8 77e4a990 COADMIN!NOTIFY_CONTEXT::NotifyThreadProc+0x62
> > 06 00b8ffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 5
> > System Thread ID: 254
> > Kernel Time: 0:0:0.15
> > User Time: 0:0:0.0
> > Thread Type: Possible ASP page. Possible DCOM activity
> > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> > Continuing with other analysis.
> >
> > No remote call being made
> >
> > # ChildEBP RetAddr
> > 00 0161fe20 77f4313f SharedUserData!SystemCallStub+0x4
> > 01 0161fe24 77c57b25 ntdll!NtReplyWaitReceivePortEx+0xc
> > 02 0161ff8c 77c696a9 RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x193
> > 03 0161ff90 77c695f1 RPCRT4!RecvLotsaCallsWrapper+0x9
> > 04 0161ffb0 77c696d7 RPCRT4!BaseCachedThreadRoutine+0x9c
> > 05 0161ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
> > 06 0161ffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 6
> > System Thread ID: 2d4
> > Kernel Time: 0:0:0.46
> > User Time: 0:0:0.109
> > Thread Status: Thread is in a WAIT state.
> > Thread Type: Other
> > # ChildEBP RetAddr
> > 00 0165fbc0 77f4372d SharedUserData!SystemCallStub+0x4
> > 01 0165fbc4 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
> > 02 0165fc6c 77d076f5 kernel32!WaitForMultipleObjectsEx+0x11a
> > 03 0165fcc8 77d077f5 USER32!RealMsgWaitForMultipleObjectsEx+0x13f
> > 04 0165fce4 643f5723 USER32!MsgWaitForMultipleObjects+0x1d
> > 05 0165fd30 6930d973 INFOCOMM!IIS_SERVICE::StartServiceOperation+0x22f
> > 06 0165fd70 010023b6 ftpsvc2!ServiceEntry+0xac
> > 07 0165ffa8 77db571b inetinfo!InetinfoStartService+0x2a6
> > 08 0165ffb8 77e4a990 ADVAPI32!ScSvcctrlThreadA+0xe
> > 09 0165ffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 7
> > System Thread ID: 2f0
> > Kernel Time: 0:0:0.31
> > User Time: 0:0:0.93
> > Thread Status: Thread is in a WAIT state.
> > Thread Type: SMTP Service Worker Thread
> > # ChildEBP RetAddr
> > 00 0175fbc0 77f4372d SharedUserData!SystemCallStub+0x4
> > 01 0175fbc4 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
> > 02 0175fc6c 77d076f5 kernel32!WaitForMultipleObjectsEx+0x11a
> > 03 0175fcc8 77d077f5 USER32!RealMsgWaitForMultipleObjectsEx+0x13f
> > 04 0175fce4 643f5723 USER32!MsgWaitForMultipleObjects+0x1d
> > 05 0175fd30 6b77305d INFOCOMM!IIS_SERVICE::StartServiceOperation+0x22f
> > 06 0175fd70 010023b6 SMTPSVC!ServiceEntry+0x129
> > 07 0175ffa8 77db571b inetinfo!InetinfoStartService+0x2a6
> > 08 0175ffb8 77e4a990 ADVAPI32!ScSvcctrlThreadA+0xe
> > 09 0175ffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 8
> > System Thread ID: 324
> > Kernel Time: 0:0:38.906
> > User Time: 0:0:18.625
> > Thread Type: HTTP Listener
> > # ChildEBP RetAddr
> > 00 01a7ff50 77f430c7 SharedUserData!SystemCallStub+0x4
> > 01 01a7ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
> > 02 01a7ff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x27
> > 03 01a7ffb8 77e4a990 ISATQ!AtqPoolThread+0x40
> > 04 01a7ffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 9
> > System Thread ID: 328
> > Kernel Time: 0:0:34.296
> > User Time: 0:0:12.906
> > Thread Type: HTTP Listener
> > # ChildEBP RetAddr
> > 00 01abf504 77f426cb SharedUserData!SystemCallStub+0x4
> > 01 01abf508 71b216a6 ntdll!NtDeviceIoControlFile+0xc
> > 02 01abf594 71c0141c mswsock!WSPSend+0x16b
> > 03 01abf5dc 6930e133 WS2_32!send+0x80
> > 04 01abf60c 6930e3a3 ftpsvc2!SockSend+0x68
> > 05 01abfa30 6930e3f5 ftpsvc2!vSockReply+0xe2
> > 06 01abfa50 6931103c ftpsvc2!ReplyToUser+0x2d
> > 07 01abfa78 69311c9f ftpsvc2!USER_DATA::StartupSession+0x6a
> > 08 01abfaa0 69309568 ftpsvc2!USER_DATA::ProcessAsyncIoCompletion+0x2f0
> > 09 01abfefc 6930994c ftpsvc2!ProcessNewClient+0x182
> > 0a 01abff4c 63ec675a ftpsvc2!FtpdNewConnectionEx+0x17b
> > 0b 01abff60 63ec71ae ISATQ!ATQ_CONTEXT::ConnectionCompletion+0x15
> > 0c 01abff84 63ec73c6 ISATQ!AtqpProcessContext+0x1b6
> > 0d 01abffb8 77e4a990 ISATQ!AtqPoolThread+0x1d1
> > 0e 01abffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 10
> > System Thread ID: 33c
> > Kernel Time: 0:0:0.0
> > User Time: 0:0:0.46
> > Thread Type: Possible ASP page. Possible DCOM activity
> > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> > Continuing with other analysis.
> >
> > No remote call being made
> >
> > # ChildEBP RetAddr
> > 00 01ebfe20 77f4313f SharedUserData!SystemCallStub+0x4
> > 01 01ebfe24 77c57b25 ntdll!NtReplyWaitReceivePortEx+0xc
> > 02 01ebff8c 77c696a9 RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x193
> > 03 01ebff90 77c695f1 RPCRT4!RecvLotsaCallsWrapper+0x9
> > 04 01ebffb0 77c696d7 RPCRT4!BaseCachedThreadRoutine+0x9c
> > 05 01ebffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
> > 06 01ebffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 11
> > System Thread ID: 340
> > Kernel Time: 0:0:0.0
> > User Time: 0:0:0.0
> > Thread Type: Possible ASP page. Possible DCOM activity
> > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> > Continuing with other analysis.
> >
> > No remote call being made
> >
> > # ChildEBP RetAddr
> > 00 01effeb4 77f430c7 SharedUserData!SystemCallStub+0x4
> > 01 01effeb8 77e430bc ntdll!ZwRemoveIoCompletion+0xc
> > 02 01effee4 77c5df31 kernel32!GetQueuedCompletionStatus+0x27
> > 03 01efff20 77c5ddd8 RPCRT4!COMMON_ProcessCalls+0x9f
> > 04 01efff8c 77c580f9 RPCRT4!LOADABLE_TRANSPORT::ProcessIOEvents+0x115
> > 05 01efff90 77c695f1 RPCRT4!ProcessIOEventsWrapper+0x9
> > 06 01efffb0 77c696d7 RPCRT4!BaseCachedThreadRoutine+0x9c
> > 07 01efffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
> > 08 01efffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 12
> > System Thread ID: 368
> > Kernel Time: 0:0:0.0
> > User Time: 0:0:0.0
> > Thread Type: Possible ASP page. Possible DCOM activity
> > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> > Continuing with other analysis.
> >
> > No remote call being made
> >
> > # ChildEBP RetAddr
> > 00 01f3fe20 77f4313f SharedUserData!SystemCallStub+0x4
> > 01 01f3fe24 77c57b25 ntdll!NtReplyWaitReceivePortEx+0xc
> > 02 01f3ff8c 77c696a9 RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x193
> > 03 01f3ff90 77c695f1 RPCRT4!RecvLotsaCallsWrapper+0x9
> > 04 01f3ffb0 77c696d7 RPCRT4!BaseCachedThreadRoutine+0x9c
> > 05 01f3ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
> > 06 01f3ffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 13
> > System Thread ID: 370
> > Kernel Time: 0:0:0.93
> > User Time: 0:0:0.15
> > Thread Status: Thread is in a WAIT state.
> > Thread Type: Other
> > # ChildEBP RetAddr
> > 00 01f7fcec 77f4372d SharedUserData!SystemCallStub+0x4
> > 01 01f7fcf0 77f75297 ntdll!NtWaitForMultipleObjects+0xc
> > 02 01f7ffb8 77e4a990 ntdll!RtlpWaitThread+0x158
> > 03 01f7ffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 14
> > System Thread ID: 37c
> > Kernel Time: 0:0:0.0
> > User Time: 0:0:0.0
> > Thread Status: Thread is in a WAIT state.
> > Thread Type: Other
> > # ChildEBP RetAddr
> > 00 01fbfec8 77f4372d SharedUserData!SystemCallStub+0x4
> > 01 01fbfecc 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
> > 02 01fbff74 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
> > 03 01fbff8c 69532430 kernel32!WaitForMultipleObjects+0x17
> > 04 01fbffb8 77e4a990 exstrace!RegNotifyThread+0x68
> > 05 01fbffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 15
> > System Thread ID: 380
> > Kernel Time: 0:0:0.0
> > User Time: 0:0:0.0
> > Thread Status: Thread is in a WAIT state.
> > Thread Type: Other
> > # ChildEBP RetAddr
> > 00 01fffecc 77f4372d SharedUserData!SystemCallStub+0x4
> > 01 01fffed0 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
> > 02 01ffff78 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
> > 03 01ffff90 695319c0 kernel32!WaitForMultipleObjects+0x17
> > 04 01ffffb8 77e4a990 exstrace!WriteTraceThread+0x2f
> > 05 01ffffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 16
> > System Thread ID: 384
> > Kernel Time: 0:0:0.0
> > User Time: 0:0:0.0
> > Thread Status: Thread is in a WAIT state.
> > Thread Type: Other
> > # ChildEBP RetAddr
> > 00 021ffecc 77f4372d SharedUserData!SystemCallStub+0x4
> > 01 021ffed0 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
> > 02 021fff78 6930882e kernel32!WaitForMultipleObjectsEx+0x11a
> > 03 021fffb0 77f4308b ftpsvc2!PASV_ACCEPT_CONTEXT::AcceptThreadFunc+0x32
> > 04 021fffb8 77e4a990 ntdll!NtRegisterThreadTerminatePort+0xc
> > 05 021fffc4 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 17
> > System Thread ID: 388
> > Kernel Time: 0:0:0.0
> > User Time: 0:0:0.31
> > Thread Type: Other
> > # ChildEBP RetAddr
> > 00 0223ff18 77f43741 SharedUserData!SystemCallStub+0x4
> > 01 0223ff1c 77e41817 ntdll!ZwWaitForSingleObject+0xc
> > 02 0223ff8c 77e4168f kernel32!WaitForSingleObjectEx+0xac
> > 03 0223ff9c 01678673 kernel32!WaitForSingleObject+0xf
> > 04 0223ffb8 77e4a990 FCACHDLL!CScheduleThread::ScheduleThread+0x60
> > 05 0223ffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 18
> > System Thread ID: 38c
> > Kernel Time: 0:0:0.15
> > User Time: 0:0:0.15
> > Thread Status: Thread is in a WAIT state.
> > Thread Type: SMTP Service Worker Thread
> > # ChildEBP RetAddr
> > 00 0237fec0 77f4372d SharedUserData!SystemCallStub+0x4
> > 01 0237fec4 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
> > 02 0237ff6c 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
> > 03 0237ff84 6b78b2d6 kernel32!WaitForMultipleObjects+0x17
> > 04 0237ffb8 77e4a990 SMTPSVC!TcpRegNotifyThread+0xdc
> > 05 0237ffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 19
> > System Thread ID: 390
> > Kernel Time: 0:0:0.0
> > User Time: 0:0:0.0
> > Thread Type: SMTP Service Worker Thread
> > # ChildEBP RetAddr
> > 00 023cff20 77f43741 SharedUserData!SystemCallStub+0x4
> > 01 023cff24 77e41817 ntdll!ZwWaitForSingleObject+0xc
> > 02 023cff94 77e4168f kernel32!WaitForSingleObjectEx+0xac
> > 03 023cffa4 6b78b17a kernel32!WaitForSingleObject+0xf
> > 04 023cffb8 77e4a990 SMTPSVC!FreeLibThread+0x2c
> > 05 023cffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 20
> > System Thread ID: 520
> > Kernel Time: 0:0:0.0
> > User Time: 0:0:0.0
> > Thread Type: HTTP Listener
> > # ChildEBP RetAddr
> > 00 02b8fe38 77f43741 SharedUserData!SystemCallStub+0x4
> > 01 02b8fe3c 71b23ac3 ntdll!ZwWaitForSingleObject+0xc
> > 02 02b8fe78 71b239d1 mswsock!SockWaitForSingleObject+0x19b
> > 03 02b8ff3c 71c016c9 mswsock!WSPSelect+0x229
> > 04 02b8ff8c 63ec4696 WS2_32!select+0xb9
> > 05 02b8ffb4 63ec4700 ISATQ!ATQ_BMON_SET::BmonThreadFunc+0x22
> > 06 02b8ffb8 77e4a990 ISATQ!BmonThreadFunc+0x9
> > 07 02b8ffc4 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 21
> > System Thread ID: 558
> > Kernel Time: 0:0:0.0
> > User Time: 0:0:0.0
> > Thread Type: Other
> > # ChildEBP RetAddr
> > 00 02c5ff10 77f43741 SharedUserData!SystemCallStub+0x4
> > 01 02c5ff14 77e41817 ntdll!ZwWaitForSingleObject+0xc
> > 02 02c5ff84 77e4168f kernel32!WaitForSingleObjectEx+0xac
> > 03 02c5ff94 02bcd064 kernel32!WaitForSingleObject+0xf
> > 04 02c5ffb8 77e4a990 aqueue!CSMTP_RETRY_HANDLER::RetryThreadRoutine+0xc1
> > 05 02c5ffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 22
> > System Thread ID: 608
> > Kernel Time: 0:0:0.250
> > User Time: 0:0:1.453
> > Thread Status: Thread is in a WAIT state.
> > Thread Type: SMTP Service Worker Thread
> > # ChildEBP RetAddr
> > 00 02cdfe84 77f4372d SharedUserData!SystemCallStub+0x4
> > 01 02cdfe88 77e41bfa ntdll!NtWaitForMultipleObjects+0xc
> > 02 02cdff30 77e4b0e4 kernel32!WaitForMultipleObjectsEx+0x11a
> > 03 02cdff48 02bac648 kernel32!WaitForMultipleObjects+0x17
> > 04 02cdffa4 6b77e8ae aqueue!CConnMgr::GetNextConnection+0x1e1
> > 05 02cdffb8 77e4a990 SMTPSVC!PERSIST_QUEUE::QueueThreadRoutine+0x21
> > 06 02cdffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 23
> > System Thread ID: cc8
> > Kernel Time: 0:0:0.15
> > User Time: 0:0:0.0
> > Thread Type: Possible ASP page. Possible DCOM activity
> > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> > Continuing with other analysis.
> >
> > No remote call being made
> >
> > # ChildEBP RetAddr
> > 00 02d8fe20 77f4313f SharedUserData!SystemCallStub+0x4
> > 01 02d8fe24 77c57b25 ntdll!NtReplyWaitReceivePortEx+0xc
> > 02 02d8ff8c 77c696a9 RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x193
> > 03 02d8ff90 77c695f1 RPCRT4!RecvLotsaCallsWrapper+0x9
> > 04 02d8ffb0 77c696d7 RPCRT4!BaseCachedThreadRoutine+0x9c
> > 05 02d8ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
> > 06 02d8ffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 24
> > System Thread ID: f70
> > Kernel Time: 0:0:30.859
> > User Time: 0:0:12.906
> > Thread Type: HTTP Listener
> > # ChildEBP RetAddr
> > 00 01c3ff50 77f430c7 SharedUserData!SystemCallStub+0x4
> > 01 01c3ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
> > 02 01c3ff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x27
> > 03 01c3ffb8 77e4a990 ISATQ!AtqPoolThread+0x40
> > 04 01c3ffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 25
> > System Thread ID: f74
> > Kernel Time: 0:0:37.750
> > User Time: 0:0:14.375
> > Thread Type: HTTP Listener
> > # ChildEBP RetAddr
> > 00 02e0ff50 77f430c7 SharedUserData!SystemCallStub+0x4
> > 01 02e0ff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
> > 02 02e0ff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x27
> > 03 02e0ffb8 77e4a990 ISATQ!AtqPoolThread+0x40
> > 04 02e0ffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 26
> > System Thread ID: ffc
> > Kernel Time: 0:0:2.468
> > User Time: 0:0:6.593
> > Thread Type: Possible ASP page. Possible DCOM activity
> > Executing Page: ASP.dll symbols not found. Unable to locate ASP page.
> > Continuing with other analysis.
> >
> > No remote call being made
> >
> > # ChildEBP RetAddr
> > 00 0118fe20 77f4313f SharedUserData!SystemCallStub+0x4
> > 01 0118fe24 77c57b25 ntdll!NtReplyWaitReceivePortEx+0xc
> > 02 0118ff8c 77c696a9 RPCRT4!LRPC_ADDRESS::ReceiveLotsaCalls+0x193
> > 03 0118ff90 77c695f1 RPCRT4!RecvLotsaCallsWrapper+0x9
> > 04 0118ffb0 77c696d7 RPCRT4!BaseCachedThreadRoutine+0x9c
> > 05 0118ffb8 77e4a990 RPCRT4!ThreadStartRoutine+0x17
> > 06 0118ffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 27
> > System Thread ID: fdc
> > Kernel Time: 0:0:13.515
> > User Time: 0:0:5.15
> > Thread Type: HTTP Listener
> > # ChildEBP RetAddr
> > 00 013cff50 77f430c7 SharedUserData!SystemCallStub+0x4
> > 01 013cff54 77e430bc ntdll!ZwRemoveIoCompletion+0xc
> > 02 013cff80 63ec7235 kernel32!GetQueuedCompletionStatus+0x27
> > 03 013cffb8 77e4a990 ISATQ!AtqPoolThread+0x40
> > 04 013cffec 00000000 kernel32!BaseThreadStart+0x34
> >
> >
> >
> >
> > Thread ID: 28
> > System Thread ID: d30
> > Kernel Time: 0:0:1.468
&nb
FAQ
Profile
Private Messages
Log in
