nt!KiSwapThread函数分析之CurrentPrcb-＞NextThread == NULL的情况下KiSelectReadyThread选出新线程

nt!KiSwapThread函数分析之CurrentPrcb->NextThread == NULL的情况下KiSelectReadyThread选出新线程

第一部分：

1: kd> kc

00 nt!KiSwapThread

01 nt!KeWaitForSingleObject

02 nt!ExpWaitForResource

03 nt!ExAcquireResourceExclusiveLite

04 win32k!EnterCrit

05 win32k!xxxSleepThread

06 win32k!xxxRealWaitMessageEx

07 win32k!NtUserWaitMessage

1: kd> g

Breakpoint 43 hit

eax=f7737538 ebx=8999e298 ecx=89575020 edx=f7737120 esi=89575020 edi=895750c0

eip=80a43ac4 esp=f75c6c30 ebp=f75c6c60 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!KiSwapThread:

80a43ac4 55 push ebp

1: kd> !pcr

KPCR for Processor 1 at f7737000:

Major 1 Minor 1

NtTib.ExceptionList: f75c6548

NtTib.StackBase: 00000000

NtTib.StackLimit: 00000000

NtTib.SubSystemTib: f7737ef0

NtTib.Version: 00008a20

NtTib.UserPointer: 00000002

NtTib.SelfTib: 7ffde000

SelfPcr: f7737000

Prcb: f7737120

Irql: 00000000

IRR: 00000000

IDR: ffffffff

InterruptMode: 00000000

IDT: f773d6e0

GDT: f773d2e0

TSS: f7737ef0

CurrentThread: 89575020

NextThread: 00000000

IdleThread: f7739fa0

DpcQueue:

1: kd> dt KPCR f7737000

basesrv!KPCR

+0x000 NtTib : _NT_TIB

+0x000 Used_ExceptionList : 0xf75c6548 _EXCEPTION_REGISTRATION_RECORD

+0x004 Used_StackBase : (null)

+0x008 PerfGlobalGroupMask : (null)

+0x00c TssCopy : 0xf7737ef0 Void

+0x010 ContextSwitches : 0x8a20

+0x014 SetMemberCopy : 2

+0x018 Used_Self : 0x7ffde000 Void

+0x01c SelfPcr : 0xf7737000 _KPCR

+0x020 Prcb : 0xf7737120 _KPRCB

+0x024 Irql : 0 ''

+0x028 IRR : 0

+0x02c IrrActive : 0

+0x030 IDR : 0xffffffff

+0x034 KdVersionBlock : (null)

+0x038 IDT : 0xf773d6e0 _KIDTENTRY

+0x03c GDT : 0xf773d2e0 _KGDTENTRY

+0x040 TSS : 0xf7737ef0 _KTSS

+0x044 MajorVersion : 1

+0x046 MinorVersion : 1

+0x048 SetMember : 2

+0x04c StallScaleFactor : 0xe10

+0x050 SpareUnused : 0 ''

+0x051 Number : 0x1 ''

+0x052 Spare0 : 0 ''

+0x053 SecondLevelCacheAssociativity : 0 ''

+0x054 VdmAlert : 0

+0x058 KernelReserved : [14] 0

+0x090 SecondLevelCacheSize : 0

+0x094 HalReserved : [16] 1

+0x0d4 InterruptMode : 0

+0x0d8 Spare1 : 0 ''

+0x0dc KernelReserved2 : [17] 0

+0x120 PrcbData : _KPRCB

1: kd> dx -id 0,0,8954e020 -r1 ((basesrv!_KPRCB *)0xf7737120)

((basesrv!_KPRCB *)0xf7737120) : 0xf7737120 [Type: _KPRCB *]

+0x000\] MinorVersion : 0x1 \[Type: unsigned short

+0x002\] MajorVersion : 0x1 \[Type: unsigned short

+0x004\] CurrentThread : 0x89575020 \[Type: _KTHREAD \*

+0x008\] NextThread : 0x0 \[Type: _KTHREAD \*

+0x928\] ReadySummary : 0x4200 \[Type: unsigned long

+0x92c\] SelectNextLast : 0x0 \[Type: unsigned long

+0x930\] DispatcherReadyListHead \[Type: _LIST_ENTRY \[32\]

+0xa30\] DeferredReadyListHead \[Type: _SINGLE_LIST_ENTRY

0x4200

100 0010 0000 0000

1: kd> dx -id 0,0,8954e020 -r1 (*((basesrv!_LIST_ENTRY *)0xf7737ac0))

(*((basesrv!_LIST_ENTRY *)0xf7737ac0)) [Type: _LIST_ENTRY]

+0x000\] Flink : 0x895552c8 \[Type: _LIST_ENTRY \*

+0x004\] Blink : 0x895552c8 \[Type: _LIST_ENTRY \*

1: kd> dx -id 0,0,8954e020 -r1 (*((basesrv!_LIST_ENTRY *)0xf7737a98))

(*((basesrv!_LIST_ENTRY *)0xf7737a98)) [Type: _LIST_ENTRY]

+0x000\] Flink : 0x89836080 \[Type: _LIST_ENTRY \*

+0x004\] Blink : 0x89836080 \[Type: _LIST_ENTRY \*

1: kd> dt kthread 0x895552c8-60

CSRSRV!KTHREAD

+0x000 Header : _DISPATCHER_HEADER

+0x010 MutantListHead : _LIST_ENTRY [ 0x89555278 - 0x89555278 ]

+0x018 InitialStack : 0xf75d7000 Void

+0x01c StackLimit : 0xf75d4000 Void

+0x020 KernelStack : 0xf75d69dc Void

+0x024 ThreadLock : 0

+0x028 ContextSwitches : 0xa11

+0x02c State : 0x1 ''

1: kd> dt kthread 0x89836080-60

CSRSRV!KTHREAD

+0x000 Header : _DISPATCHER_HEADER

+0x010 MutantListHead : _LIST_ENTRY [ 0x89836030 - 0x89836030 ]

+0x018 InitialStack : 0xf701c000 Void

+0x01c StackLimit : 0xf7019000 Void

+0x020 KernelStack : 0xf701bce0 Void

+0x024 ThreadLock : 0

+0x028 ContextSwitches : 0x408

+0x02c State : 0x1 ''

1: kd> !thread

THREAD 89575020 Cid 01c8.01cc Teb: 7ffde000 Win32Thread: e1406ea8 WAIT: (WrResource) KernelMode Non-Alertable

8999e298 SynchronizationEvent

89575098 NotificationTimer

IRP List:

899bf510: (0006,0094) Flags: 00000800 Mdl: 00000000

Not impersonating

DeviceMap e10003d8

Owning Process 8954e020 Image: winlogon.exe

Attached Process N/A Image: N/A

Wait Start TickCount 274655240 Ticks: 2 (0:00:00:00.031)

Context Switch Count 1164 IdealProcessor: 1 LargeStack

UserTime 00:00:00.328

KernelTime 00:00:01.703

//

// If the deferred ready list is not empty, then process the list.

//

#if !defined(NT_UP)

if (CurrentPrcb->DeferredReadyListHead.Next != NULL) {

KiProcessDeferredReadyList(CurrentPrcb);

}

#endif

1: kd> dx -id 0,0,8954e020 -r1 (*((basesrv!_SINGLE_LIST_ENTRY *)0xf7737b50))

(*((basesrv!_SINGLE_LIST_ENTRY *)0xf7737b50)) [Type: _SINGLE_LIST_ENTRY]

+0x000\] Next : 0x0 \[Type: _SINGLE_LIST_ENTRY \*

第二部分：

FORCEINLINE

PKTHREAD

KiSelectReadyThread (

IN KPRIORITY LowPriority,

IN PKPRCB Prcb

)

/*++

Routine Description:

This function searches the dispatcher ready queues from the specified

low priority to the highest priority in an attempt to find a thread

that can execute on the specified processor.

Arguments:

LowPriority - Supplies the lowest priority dispatcher ready queue to

examine.

Prcb - Supplies a pointer to a processor control block.

Return Value:

If a thread is located that can execute on the specified processor, then

the address of the thread object is returned. Otherwise a null pointer

is returned.

--*/

{

ULONG HighPriority;

PRLIST_ENTRY ListEntry;

ULONG PrioritySet;

PKTHREAD Thread;

//

// Compute the set of priority levels that should be scanned in an attempt

// to find a thread that can run on the current processor.

//

PrioritySet = KiPriorityMask[LowPriority] & Prcb->ReadySummary;

Thread = NULL;

if (PrioritySet != 0) {

KeFindFirstSetLeftMember(PrioritySet, &HighPriority);

ASSERT((PrioritySet & PRIORITY_MASK(HighPriority)) != 0);

ASSERT(IsListEmpty(&Prcb->DispatcherReadyListHead[HighPriority]) == FALSE);

ListEntry = Prcb->DispatcherReadyListHead[HighPriority].Flink;

Thread = CONTAINING_RECORD(ListEntry, KTHREAD, WaitListEntry);

ASSERT((KPRIORITY)HighPriority == Thread->Priority);

ASSERT((Thread->Affinity & AFFINITY_MASK(Prcb->Number)) != 0);

ASSERT(Thread->NextProcessor == Prcb->Number);

if (RemoveEntryList(&Thread->WaitListEntry) != FALSE) {

Prcb->ReadySummary ^= PRIORITY_MASK(HighPriority);

}

}

//

// Return thread address if one could be found.

//

return Thread;

}

+0x930\] DispatcherReadyListHead \[Type: _LIST_ENTRY \[32\]

第三部分：

1: kd> p

eax=f77379bc ebx=f7737120 ecx=00000000 edx=f7737120 esi=00000000 edi=80a059f8

eip=80a43b2d esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!KiSwapThread+0x69:

80a43b2d 8b8b28090000 mov ecx,dword ptr [ebx+928h] ds:0023:f7737a48=00004200

1: kd> p

eax=f77379bc ebx=f7737120 ecx=00004200 edx=f7737120 esi=00000000 edi=80a059f8

eip=80a43b33 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!KiSwapThread+0x6f:

80a43b33 230d305fa080 and ecx,dword ptr [nt!KiPriorityMask (80a05f30)] ds:0023:80a05f30=ffffffff

1: kd> p

eax=f77379bc ebx=f7737120 ecx=00004200 edx=f7737120 esi=00000000 edi=80a059f8

eip=80a43b39 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

nt!KiSwapThread+0x75:

80a43b39 6a00 push 0

1: kd> p

eax=f77379bc ebx=f7737120 ecx=00004200 edx=f7737120 esi=00000000 edi=80a059f8

eip=80a43b3b esp=f75c6bf8 ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

nt!KiSwapThread+0x77:

80a43b3b 894de0 mov dword ptr [ebp-20h],ecx ss:0010:f75c6c0c=895750c0

1: kd> p

eax=f77379bc ebx=f7737120 ecx=00004200 edx=f7737120 esi=00000000 edi=80a059f8

eip=80a43b3e esp=f75c6bf8 ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

nt!KiSwapThread+0x7a:

80a43b3e 5e pop esi

1: kd> p

eax=f77379bc ebx=f7737120 ecx=00004200 edx=f7737120 esi=00000000 edi=80a059f8

eip=80a43b3f esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

nt!KiSwapThread+0x7b:

80a43b3f 0f84c6000000 je nt!KiSwapThread+0x147 (80a43c0b) [br=0]

1: kd> p

eax=f77379bc ebx=f7737120 ecx=00004200 edx=f7737120 esi=00000000 edi=80a059f8

eip=80a43b45 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

nt!KiSwapThread+0x81:

80a43b45 0fbd45e0 bsr eax,dword ptr [ebp-20h] ss:0010:f75c6c0c=00004200

1: kd> p

eax=0000000e ebx=f7737120 ecx=00004200 edx=f7737120 esi=00000000 edi=80a059f8

eip=80a43b49 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

nt!KiSwapThread+0x85:

80a43b49 8bf0 mov esi,eax

1: kd> p

eax=0000000e ebx=f7737120 ecx=00004200 edx=f7737120 esi=0000000e edi=80a059f8

eip=80a43b4b esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

nt!KiSwapThread+0x87:

80a43b4b 8d04b5b05ea080 lea eax,nt!KiMask32Array (80a05eb0)[esi*4]

1: kd> p

eax=80a05ee8 ebx=f7737120 ecx=00004200 edx=f7737120 esi=0000000e edi=80a059f8

eip=80a43b52 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

nt!KiSwapThread+0x8e:

80a43b52 8508 test dword ptr [eax],ecx ds:0023:80a05ee8=00004000

1: kd> bp 80a43b2d

1: kd> p

eax=80a05ee8 ebx=f7737120 ecx=00004200 edx=f7737120 esi=0000000e edi=80a059f8

eip=80a43b54 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

nt!KiSwapThread+0x90:

80a43b54 8975e0 mov dword ptr [ebp-20h],esi ss:0010:f75c6c0c=00004200

1: kd> p

eax=80a05ee8 ebx=f7737120 ecx=00004200 edx=f7737120 esi=0000000e edi=80a059f8

eip=80a43b57 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

nt!KiSwapThread+0x93:

80a43b57 8945e8 mov dword ptr [ebp-18h],eax ss:0010:f75c6c14=8999e298

1: kd> p

eax=80a05ee8 ebx=f7737120 ecx=00004200 edx=f7737120 esi=0000000e edi=80a059f8

eip=80a43b5a esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

nt!KiSwapThread+0x96:

80a43b5a 7512 jne nt!KiSwapThread+0xaa (80a43b6e) [br=1]

1: kd> p

eax=80a05ee8 ebx=f7737120 ecx=00004200 edx=f7737120 esi=0000000e edi=80a059f8

eip=80a43b6e esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

nt!KiSwapThread+0xaa:

80a43b6e 8db4f330090000 lea esi,[ebx+esi*8+930h]

1: kd> p

eax=80a05ee8 ebx=f7737120 ecx=00004200 edx=f7737120 esi=f7737ac0 edi=80a059f8

eip=80a43b75 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

nt!KiSwapThread+0xb1:

80a43b75 3936 cmp dword ptr [esi],esi ds:0023:f7737ac0=895552c8

1: kd> p

eax=80a05ee8 ebx=f7737120 ecx=00004200 edx=f7737120 esi=f7737ac0 edi=80a059f8

eip=80a43b77 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei ng nz na po cy

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000283

nt!KiSwapThread+0xb3:

80a43b77 7512 jne nt!KiSwapThread+0xc7 (80a43b8b) [br=1]

1: kd> p

eax=80a05ee8 ebx=f7737120 ecx=00004200 edx=f7737120 esi=f7737ac0 edi=80a059f8

eip=80a43b8b esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei ng nz na po cy

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000283

nt!KiSwapThread+0xc7:

80a43b8b 8b36 mov esi,dword ptr [esi] ds:0023:f7737ac0=895552c8

1: kd> p

eax=80a05ee8 ebx=f7737120 ecx=00004200 edx=f7737120 esi=895552c8 edi=80a059f8

eip=80a43b8d esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei ng nz na po cy

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000283

nt!KiSwapThread+0xc9:

80a43b8d 0fbe46fb movsx eax,byte ptr [esi-5] ds:0023:895552c3=0e

1: kd> p

eax=0000000e ebx=f7737120 ecx=00004200 edx=f7737120 esi=895552c8 edi=80a059f8

eip=80a43b91 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei ng nz na po cy

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000283

nt!KiSwapThread+0xcd:

80a43b91 83ee60 sub esi,60h

1: kd> p

eax=0000000e ebx=f7737120 ecx=00004200 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43b94 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei ng nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282

nt!KiSwapThread+0xd0:

80a43b94 3945e0 cmp dword ptr [ebp-20h],eax ss:0010:f75c6c0c=0000000e

1: kd> p

eax=0000000e ebx=f7737120 ecx=00004200 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43b97 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!KiSwapThread+0xd3:

80a43b97 7412 je nt!KiSwapThread+0xe7 (80a43bab) [br=1]

1: kd> p

eax=0000000e ebx=f7737120 ecx=00004200 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43bab esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!KiSwapThread+0xe7:

80a43bab 0fbe4310 movsx eax,byte ptr [ebx+10h] ds:0023:f7737130=01

1: kd> p

eax=00000001 ebx=f7737120 ecx=00004200 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43baf esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!KiSwapThread+0xeb:

80a43baf 8b0485b05ea080 mov eax,dword ptr nt!KiMask32Array (80a05eb0)[eax*4] ds:0023:80a05eb4=00000002

1: kd> p

eax=00000002 ebx=f7737120 ecx=00004200 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43bb6 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!KiSwapThread+0xf2:

80a43bb6 858620010000 test dword ptr [esi+120h],eax ds:0023:89555388=00000003

1: kd> p

eax=00000002 ebx=f7737120 ecx=00004200 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43bbc esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

nt!KiSwapThread+0xf8:

80a43bbc 7512 jne nt!KiSwapThread+0x10c (80a43bd0) [br=1]

1: kd> p

eax=00000002 ebx=f7737120 ecx=00004200 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43bd0 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

nt!KiSwapThread+0x10c:

80a43bd0 0fb6860f010000 movzx eax,byte ptr [esi+10Fh] ds:0023:89555377=01

1: kd> p

eax=00000001 ebx=f7737120 ecx=00004200 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43bd7 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

nt!KiSwapThread+0x113:

80a43bd7 0fbe4b10 movsx ecx,byte ptr [ebx+10h] ds:0023:f7737130=01

1: kd> p

eax=00000001 ebx=f7737120 ecx=00000001 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43bdb esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

nt!KiSwapThread+0x117:

80a43bdb 3bc1 cmp eax,ecx

1: kd> p

eax=00000001 ebx=f7737120 ecx=00000001 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43bdd esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!KiSwapThread+0x119:

80a43bdd 7412 je nt!KiSwapThread+0x12d (80a43bf1) [br=1]

1: kd> p

eax=00000001 ebx=f7737120 ecx=00000001 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43bf1 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!KiSwapThread+0x12d:

80a43bf1 8b4660 mov eax,dword ptr [esi+60h] ds:0023:895552c8=f7737ac0

1: kd> p

eax=f7737ac0 ebx=f7737120 ecx=00000001 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43bf4 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!KiSwapThread+0x130:

80a43bf4 8b4e64 mov ecx,dword ptr [esi+64h] ds:0023:895552cc=f7737ac0

1: kd> p

eax=f7737ac0 ebx=f7737120 ecx=f7737ac0 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43bf7 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!KiSwapThread+0x133:

80a43bf7 3bc1 cmp eax,ecx

1: kd> p

eax=f7737ac0 ebx=f7737120 ecx=f7737ac0 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43bf9 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!KiSwapThread+0x135:

80a43bf9 8901 mov dword ptr [ecx],eax ds:0023:f7737ac0=895552c8

1: kd> p

eax=f7737ac0 ebx=f7737120 ecx=f7737ac0 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43bfb esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!KiSwapThread+0x137:

80a43bfb 894804 mov dword ptr [eax+4],ecx ds:0023:f7737ac4=895552c8

1: kd> p

eax=f7737ac0 ebx=f7737120 ecx=f7737ac0 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43bfe esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!KiSwapThread+0x13a:

80a43bfe 750b jne nt!KiSwapThread+0x147 (80a43c0b) [br=0]

1: kd> p

eax=f7737ac0 ebx=f7737120 ecx=f7737ac0 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43c00 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!KiSwapThread+0x13c:

80a43c00 8b45e8 mov eax,dword ptr [ebp-18h] ss:0010:f75c6c14=80a05ee8

1: kd> p

eax=80a05ee8 ebx=f7737120 ecx=f7737ac0 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43c03 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!KiSwapThread+0x13f:

80a43c03 8b00 mov eax,dword ptr [eax] ds:0023:80a05ee8=00004000

1: kd> p

eax=00004000 ebx=f7737120 ecx=f7737ac0 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43c05 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!KiSwapThread+0x141:

80a43c05 318328090000 xor dword ptr [ebx+928h],eax ds:0023:f7737a48=00004200

1: kd> p

eax=00004000 ebx=f7737120 ecx=f7737ac0 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43c0b esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

nt!KiSwapThread+0x147:

80a43c0b 85f6 test esi,esi

1: kd> p

eax=00004000 ebx=f7737120 ecx=f7737ac0 edx=f7737120 esi=89555268 edi=80a059f8

eip=80a43c0d esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei ng nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282

nt!KiSwapThread+0x149:

80a43c0d 0f8503040000 jne nt!KiSwapThread+0x552 (80a44016) [br=1]

+0x928 ReadySummary : 0x200

+0x92c SelectNextLast : 0

+0x930 DispatcherReadyListHead : [32] _LIST_ENTRY [ 0xf7737a50 - 0xf7737a50 ]

1: kd> dx -id 0,0,8954e020 -r1 (*((basesrv!_LIST_ENTRY (*)[32])0xf7737a50))

14\] \[Type: _LIST_ENTRY

1: kd> dx -id 0,0,8954e020 -r1 (*((basesrv!_LIST_ENTRY *)0xf7737ac0))

(*((basesrv!_LIST_ENTRY *)0xf7737ac0)) [Type: _LIST_ENTRY]

+0x000\] Flink : 0xf7737ac0 \[Type: _LIST_ENTRY \*

+0x004\] Blink : 0xf7737ac0 \[Type: _LIST_ENTRY \*