RPC, LPC and ALPC Patterns and Case Studies
The following patterns and case studies may help in analysis of (A)LPC wait chains and the output of !lpc and !alpc WinDbg commands from kernel and complete memory dumps.
Patterns:
• LPC Deadlock (Volume 1, page 474)
• LPC Wait Chain (Volume 3, page 97)
• Paged Out Data (Volume 3, page 118)
• Process Object Wait Chain (+ ALPC, Volume 5, page 49)
• Blocked Queue (ALPC, Volume 6, page 34)
• Semantic Structures (ALPC, Volume 6, page 73)
• RPC Wait Chain (+ how to distinguish between LPC and RPC, Volume 5, page 95)
• Screwbolt Wait Chain (page 198)
LPC case studies:
• Blocked GUI Thread, Wait Chain and Virtualized Process (Volume 3, page 170)
• Insufficient Memory, Handle Leak, Wait Chain, Deadlock, Inconsistent Dump and Overaged System (Volume 3, page 175)
• Coupled Processes, Wait chains, Message Box, Waiting Thread Time, Paged Out Data, Incorrect Stack Trace, Hidden Exception, Unknown Component and Execution Residue (Volume 3, page 228)
• Inconsistent Dump, Blocked Threads, Wait Chains, Incorrect Stack Trace and Process Factory (Volume 3, page 279)
• Stack Trace Collection, Suspended Threads, Not My Version, Special Process, Main Thread and Blocked LPC Chain Threads (Volume 4, page 204)
• Stack Trace Collection, Missing Threads, Waiting Time, Critical Section and LPC Wait Chains (Volume 4, page 226)
• Inconsistent Dump, Stack Trace Collection, LPC, Thread, Process, Executive Resource Wait Chains, Missing Threads and Waiting Thread Time (Volume 5, page 133)
• Stack Trace Collection, Special Process, LPC and Critical Section Wait Chains, Blocked Thread, Coupled Machines, Thread Waiting Time and IRP Distribution Anomaly (Volume 5, page 188)
ALPC case studies:
• ALPC Wait Chain, Missing Threads, Message Box, Zombie and Special Processes (Volume 4, page 214)
• ALPC Wait Chains, Missing Threads, Waiting Thread Time and Semantic Process Coupling (Volume 5, page 200)
RPC target:
In Search of Lost CID (Volume 2, page 136)