f6ef77b0 bf879ccd nt!MmMapViewOfSection
f6ef7828 806024b0 win32k!MapDesktop+0xe5
f6ef7854 8060269f nt!ExpWin32SessionCallout+0x3c
f6ef7880 805b1807 nt!ExpWin32OpenProcedure+0x67
f6ef7930 805b1ded nt!ObpIncrementHandleCount+0x2cf
f6ef7998 805b02ac nt!ObpCreateHandle+0x17d
f6ef79e8 bf87aa19 nt!ObOpenObjectByName+0x28c
f6ef7ab0 bf87833a win32k!xxxCreateDesktop+0x6d
f6ef7bc0 bf878d9c win32k!xxxResolveDesktop+0x815
f6ef7cc0 bf819e16 win32k!xxxCreateThreadInfo+0x4d5
f6ef7cd4 bf819f1c win32k!UserThreadCallout+0x72
f6ef7cf0 805c1785 win32k!W32pThreadCallout+0x3d
f6ef7d54 8053c8ce nt!PsConvertToGuiThread+0x139

f6ef7980 bf89bf8e nt!MmMapViewOfSection
f6ef79fc bf89c3f0 win32k!UserCreateHeap+0x4a
f6ef7a30 bf89c2a4 win32k!CreateDesktopHeap+0x73
f6ef7a80 bf879e12 win32k!xxxCreateDesktop2+0x195
f6ef7ab0 bf879dc0 win32k!ParseDesktop+0x93
f6ef7ae8 806024b0 win32k!ParseWindowStation+0xab
f6ef7b14 8060270c nt!ExpWin32SessionCallout+0x3c
f6ef7b58 805b37d9 nt!ExpWin32ParseProcedure+0x60
f6ef7be0 805b010b nt!ObpLookupObjectName+0x119
f6ef7c34 bf87aa19 nt!ObOpenObjectByName+0xeb
f6ef7cfc bf89d235 win32k!xxxCreateDesktop+0x6d
f6ef7d48 8053cbc8 win32k!NtUserCreateDesktop+0x95

f6ef79fc bf879ccd nt!MmMapViewOfSection
f6ef7a74 806024b0 win32k!MapDesktop+0xe5
f6ef7aa0 8060269f nt!ExpWin32SessionCallout+0x3c
f6ef7acc 805b1807 nt!ExpWin32OpenProcedure+0x67
f6ef7b7c 805b1ded nt!ObpIncrementHandleCount+0x2cf
f6ef7be4 805b02ac nt!ObpCreateHandle+0x17d
f6ef7c34 bf87aa19 nt!ObOpenObjectByName+0x28c
f6ef7cfc bf89d235 win32k!xxxCreateDesktop+0x6d
f6ef7d48 8053cbc8 win32k!NtUserCreateDesktop+0x95

f6ef7bd4 bf879ccd nt!MmMapViewOfSection
f6ef7c4c bf87ab0e win32k!MapDesktop+0xe5
f6ef7cfc bf89d235 win32k!xxxCreateDesktop+0x1bc
f6ef7d48 8053cbc8 win32k!NtUserCreateDesktop+0x95

f6fafba4 bf87a2bc nt!MmMapViewOfSection
f6fafbec bf87a1d0 win32k!InitMapSharedSection+0x60
f6fafd50 8053cbc8 win32k!NtUserProcessConnect+0x8a

f6f17b64 805a67e3 nt!MmMapViewOfSection
f6f17bf4 8053cbc8 nt!NtMapViewOfSection+0x2bd
f6f17bf4 804fde11 nt!KiFastCallEntry+0xf8
f6f17c94 bf879fdb nt!ZwMapViewOfSection+0x11
f6f17cd4 bf8771d2 win32k!GdiProcessCallout+0xbe
f6f17cf0 805c176f win32k!W32pProcessCallout+0x5c
f6f17d54 8053c8ce nt!PsConvertToGuiThread+0x123

f6f177b0 bf879ccd nt!MmMapViewOfSection
f6f17828 806024b0 win32k!MapDesktop+0xe5
f6f17854 8060269f nt!ExpWin32SessionCallout+0x3c
f6f17880 805b1807 nt!ExpWin32OpenProcedure+0x67
f6f17930 805b1ded nt!ObpIncrementHandleCount+0x2cf
f6f17998 805b02ac nt!ObpCreateHandle+0x17d
f6f179e8 bf87aa19 nt!ObOpenObjectByName+0x28c
f6f17ab0 bf87833a win32k!xxxCreateDesktop+0x6d
f6f17bc0 bf878d9c win32k!xxxResolveDesktop+0x815
f6f17cc0 bf819e16 win32k!xxxCreateThreadInfo+0x4d5
f6f17cd4 bf819f1c win32k!UserThreadCallout+0x72
f6f17cf0 805c1785 win32k!W32pThreadCallout+0x3d
f6f17d54 8053c8ce nt!PsConvertToGuiThread+0x139

------------------------------------------------

2nd run with MapDesktop

f9a1d944 806024b0 win32k!MapDesktop
f9a1d970 8060269f nt!ExpWin32SessionCallout+0x3c
f9a1d99c 805b1807 nt!ExpWin32OpenProcedure+0x67
f9a1da4c 805b1ded nt!ObpIncrementHandleCount+0x2cf
f9a1dab4 805b02ac nt!ObpCreateHandle+0x17d
f9a1db04 bf87aa19 nt!ObOpenObjectByName+0x28c
f9a1dbcc bf87833a win32k!xxxCreateDesktop+0x6d
f9a1dcdc bf89225a win32k!xxxResolveDesktop+0x815
f9a1dd4c 8053cbc8 win32k!NtUserResolveDesktop+0xdb

f701f828 806024b0 win32k!MapDesktop
f701f854 8060269f nt!ExpWin32SessionCallout+0x3c
f701f880 805b1807 nt!ExpWin32OpenProcedure+0x67
f701f930 805b1ded nt!ObpIncrementHandleCount+0x2cf
f701f998 805b02ac nt!ObpCreateHandle+0x17d
f701f9e8 bf87aa19 nt!ObOpenObjectByName+0x28c
f701fab0 bf87833a win32k!xxxCreateDesktop+0x6d
f701fbc0 bf878d9c win32k!xxxResolveDesktop+0x815
f701fcc0 bf819e16 win32k!xxxCreateThreadInfo+0x4d5
f701fcd4 bf819f1c win32k!UserThreadCallout+0x72
f701fcf0 805c1785 win32k!W32pThreadCallout+0x3d
f701fd54 8053c8ce nt!PsConvertToGuiThread+0x139

f701fa74 806024b0 win32k!MapDesktop
f701faa0 8060269f nt!ExpWin32SessionCallout+0x3c
f701facc 805b1807 nt!ExpWin32OpenProcedure+0x67
f701fb7c 805b1ded nt!ObpIncrementHandleCount+0x2cf
f701fbe4 805b02ac nt!ObpCreateHandle+0x17d
f701fc34 bf87aa19 nt!ObOpenObjectByName+0x28c
f701fcfc bf89d235 win32k!xxxCreateDesktop+0x6d
f701fd48 8053cbc8 win32k!NtUserCreateDesktop+0x95

f701fc4c bf87ab0e win32k!MapDesktop
f701fcfc bf89d235 win32k!xxxCreateDesktop+0x1bc
f701fd48 8053cbc8 win32k!NtUserCreateDesktop+0x95

f701f98c 806024b0 win32k!MapDesktop
f701f9b8 8060269f nt!ExpWin32SessionCallout+0x3c
f701f9e4 805b1807 nt!ExpWin32OpenProcedure+0x67
f701fa94 805b7932 nt!ObpIncrementHandleCount+0x2cf
f701fb38 80603c7c nt!ObDupHandleProcedure+0x9a
f701fb74 805b7982 nt!ExDupHandleTable+0x11a
f701fb9c 805c5ca6 nt!ObInitProcess+0x34
f701fce4 805c62f3 nt!PspCreateProcess+0x308
f701fd38 8053cbc8 nt!NtCreateProcessEx+0x77

f6fcf828 806024b0 win32k!MapDesktop
f6fcf854 8060269f nt!ExpWin32SessionCallout+0x3c
f6fcf880 805b1807 nt!ExpWin32OpenProcedure+0x67
f6fcf930 805b1ded nt!ObpIncrementHandleCount+0x2cf
f6fcf998 805b02ac nt!ObpCreateHandle+0x17d
f6fcf9e8 bf87aa19 nt!ObOpenObjectByName+0x28c
f6fcfab0 bf87833a win32k!xxxCreateDesktop+0x6d
f6fcfbc0 bf878d9c win32k!xxxResolveDesktop+0x815
f6fcfcc0 bf819e16 win32k!xxxCreateThreadInfo+0x4d5
f6fcfcd4 bf819f1c win32k!UserThreadCallout+0x72
f6fcfcf0 805c1785 win32k!W32pThreadCallout+0x3d
f6fcfd54 8053c8ce nt!PsConvertToGuiThread+0x139

after CreateDesktop, only process exit:

f9a1da80 806024b0 win32k!MapDesktop
f9a1daac 8060269f nt!ExpWin32SessionCallout+0x3c
f9a1dad8 805b1807 nt!ExpWin32OpenProcedure+0x67
f9a1db88 805b1ded nt!ObpIncrementHandleCount+0x2cf
f9a1dbf0 805b0494 nt!ObpCreateHandle+0x17d
f9a1dcc0 bf89235f nt!ObOpenObjectByPointer+0xa4
f9a1dd10 bf8862a5 win32k!xxxSetCsrssThreadDesktop+0x6e
f9a1dd30 bf88615f win32k!xxxSetInformationThread+0x9a
f9a1dd4c 8053cbc8 win32k!NtUserSetInformationThread+0x31

f9a1dca8 bf86bc92 win32k!MapDesktop
f9a1dcd4 bf892383 win32k!xxxSetThreadDesktop+0x3a
f9a1dd10 bf8862a5 win32k!xxxSetCsrssThreadDesktop+0xc3
f9a1dd30 bf88615f win32k!xxxSetInformationThread+0x9a
f9a1dd4c 8053cbc8 win32k!NtUserSetInformationThread+0x31

f99fda38 bf86bc92 win32k!MapDesktop
f99fda64 bf8a5608 win32k!xxxSetThreadDesktop+0x3a
f99fdd30 bf88dc63 win32k!xxxDesktopThread+0x576
f99fdd40 bf8010ba win32k!xxxCreateSystemThreads+0x6a
f99fdd54 8053cbc8 win32k!NtUserCallOneParam+0x23

f99fda38 bf86bc92 win32k!MapDesktop
f99fda64 bf8a5896 win32k!xxxSetThreadDesktop+0x3a
f99fdd30 bf88dc63 win32k!xxxDesktopThread+0x840
f99fdd40 bf8010ba win32k!xxxCreateSystemThreads+0x6a
f99fdd54 8053cbc8 win32k!NtUserCallOneParam+0x23

-----------

f6fafd4c 8053cbc8 win32k!NtUserResolveDesktop
f6fafd4c 7c91eb94 nt!KiFastCallEntry+0xf8
0299fe18 75b04e59 ntdll!KiFastSystemCallRet
0299fe64 75b061bc winsrv!NtUserResolveDesktop+0xc
0299feb0 75ae356d winsrv!ConsoleClientConnectRoutine+0x21b
0299fed0 75ae4a47 CSRSRV!CsrSrvClientConnect+0x70
0299fff4 00000000 CSRSRV!CsrApiRequestThread+0x431

--------------
SetThreadDesktop

f6d41d14 bf86bc92 win32k!MapDesktop
f6d41d40 bf86bde2 win32k!xxxSetThreadDesktop+0x3a
f6d41d58 8053cbc8 win32k!NtUserSetThreadDesktop+0x2f
f6d41d58 7c91eb94 nt!KiFastCallEntry+0xf8
00efff70 7e37f0ac ntdll!KiFastSystemCallRet
00efffb4 7c80b6a3 USER32!NtUserSetThreadDesktop+0xc
00efffec 00000000 KERNEL32!BaseThreadStart+0x37

-----------------------------

unmapping

f6d509a0 bf89bf9c nt!MmUnmapViewOfSection
f6d509fc bf89c3f0 win32k!UserCreateHeap+0x5c
f6d50a30 bf89c2a4 win32k!CreateDesktopHeap+0x73
f6d50a80 bf879e12 win32k!xxxCreateDesktop2+0x195
f6d50ab0 bf879dc0 win32k!ParseDesktop+0x93
f6d50ae8 806024b0 win32k!ParseWindowStation+0xab
f6d50b14 8060270c nt!ExpWin32SessionCallout+0x3c
f6d50b58 805b37d9 nt!ExpWin32ParseProcedure+0x60
f6d50be0 805b010b nt!ObpLookupObjectName+0x119
f6d50c34 bf87aa19 nt!ObOpenObjectByName+0xeb
f6d50cfc bf89d235 win32k!xxxCreateDesktop+0x6d
f6d50d48 8053cbc8 win32k!NtUserCreateDesktop+0x95

f9b7dc64 8059adea nt!MmUnmapViewOfSection
f9b7dca4 805afb2f nt!LpcpDeletePort+0xcc
f9b7dcc0 80522181 nt!ObpRemoveObjectRoutine+0xdf
f9b7dce4 805b0b2f nt!ObfDereferenceObject+0x5f
f9b7dcfc 805b0bc5 nt!ObpCloseHandleTableEntry+0x155
f9b7dd44 805b0cfd nt!ObpCloseHandle+0x87
f9b7dd58 8053cbc8 nt!NtClose+0x1d
f9b7dd58 7c91eb94 nt!KiFastCallEntry+0xf8
0052fe88 7c91d592 ntdll!KiFastSystemCallRet
0052fe8c 75ae4f78 ntdll!NtClose+0xc
0052fea0 75ae4fae CSRSRV!CsrProcessRefcountZero+0x2f
0052feb0 75ae5515 CSRSRV!CsrDereferenceProcess+0x20
0052fec4 75ae5540 CSRSRV!CsrThreadRefcountZero+0x33
0052fed4 75ae4ad9 CSRSRV!CsrDereferenceThread+0x20
0052fff4 00000000 CSRSRV!CsrApiRequestThread+0x4c3

f6fafa9c bf87b3cc nt!MmUnmapViewOfSection
f6fafad0 bf87b4b5 win32k!FreeView+0x66
f6fafaec 806024b0 win32k!UnmapDesktop+0x47
f6fafb18 80602572 nt!ExpWin32SessionCallout+0x3c
f6fafb44 805b11d3 nt!ExpWin32CloseProcedure+0x5c
f6fafb74 805b0b27 nt!ObpDecrementHandleCount+0x119
f6fafb9c 805b0bc5 nt!ObpCloseHandleTableEntry+0x14d
f6fafbe4 805b0cd6 nt!ObpCloseHandle+0x87
f6fafbf8 bf87b773 nt!ObCloseHandle+0x12
f6fafc18 bf877114 win32k!DestroyProcessInfo+0x1f2
f6fafc40 bf8771bc win32k!xxxUserProcessCallout+0xb7
f6fafc5c 805c761b win32k!W32pProcessCallout+0x42
f6fafd08 805c7a3a nt!PspExitThread+0x423
f6fafd28 805c7c15 nt!PspTerminateThreadByPointer+0x52
f6fafd54 8053cbc8 nt!NtTerminateProcess+0x105

f9bad980 bf87b3cc nt!MmUnmapViewOfSection
f9bad9b4 bf919a6c win32k!FreeView+0x66
f9bad9d0 806024b0 win32k!FreeDesktop+0x39
f9bad9fc 8060262f nt!ExpWin32SessionCallout+0x3c
f9bada14 805afb2f nt!ExpWin32DeleteProcedure+0x41
f9bada30 80522181 nt!ObpRemoveObjectRoutine+0xdf
f9bada54 bf8038ee nt!ObfDereferenceObject+0x5f
f9bada5c bf8029d3 win32k!UserDereferenceObject+0xe
f9bada68 bf8a58ba win32k!PopAndFreeW32ThreadLock+0x25
f9badd30 bf88dc63 win32k!xxxDesktopThread+0x864
f9badd40 bf8010ba win32k!xxxCreateSystemThreads+0x6a
f9badd54 8053cbc8 win32k!NtUserCallOneParam+0x23