RPC, LPC and ALPC Patterns and Case Studies
Monday, November 14th, 2011I was recently asked to provide explanation on how to analyze (A)LPC wait chains and the output of !lpc and !alpc commands in kernel and complete memory dumps and so I compiled these patterns:
- LPC Deadlock
- LPC Wait Chain
- Paged Out Data
- Process Object Wait Chain (+ ALPC)
- Blocked Queue (ALPC)
- Semantic Structures (ALPC)
- RPC Wait Chain (+ how to distinguish between LPC and RPC)
- Screwbolt Wait Chain
LPC case studies:
ALPC case studies:
RPC target:
http://www.dumpanalysis.org/blog/index.php/2008/07/11/in-search-of-lost-pid/
- Dmitry Vostokov @ DumpAnalysis.org + TraceAnalysis.org -