locked
Some Question About Thread Kernel Stack... RRS feed

  • Question

  •  

    When I analysis the process of create process,I find one question that what the kernel stack of the first thread is.

    I painted a picture under the code. I don't understand why the top of the kernel stack is EXCEPTION_CHAIN_END.

     

    Code Snippet
     |-----------------------------------|
        |SwitchFrame->ExceptionList         |------->why????
        |             ApcBypassDisable      |
        |             RetAddr               |
        |  RetAddr=KiThreadStartup          |
        |                                   |
        |-----------------------------------|
        |                                   |
        |   PSystemRoutine(size=ULONG)      |
        |   PspUserThreadStartup()          |
        |-----------------------------------|
        |                                   |
        |   PStartRoutine(size=ULONG)       |
        |                                   |
        |-----------------------------------|
        |                                   |
        |   PStartContext(size=ULONG)       |
        |   BasepProcessStartThunk()        |
        |   BasepThreadStartThunk()         |
        |-----------------------------------|
        |                                   |
        |   PUserContextFlag(size=ULONG)    |
        |    1 user context present 0 isn't |
        |-----------------------------------|
        |                                   |
        |   KTRAP_FRAME(TrFrame)            |
        |                                   |
        |-----------------------------------|
        |                                   |
        |   FX_SAVE_AREA(NpxFrame)          |
        |-----------------------------------|

     

     

    Can you help me ?Thank you...

    Tuesday, August 7, 2007 8:20 PM