nt!KiReadyThread函数分析和紧随其后的nt!KiProcessDeferredReadyList函数

nt!KiReadyThread函数分析和紧随其后的nt!KiProcessDeferredReadyList函数

0: kd> kc

00 nt!KiReadyThread

01 nt!KiUnwaitThread

02 nt!KeSetEvent

03 USBPORT!USBPORT_SignalWorker

04 USBPORT!USBPORT_InvalidateEndpoint

05 USBPORT!USBPORTSVC_InvalidateEndpoint

06 usbuhci!UhciInterruptDpc

07 USBPORT!USBPORT_IsrDpc

08 nt!KiRetireDpcList

09 nt!KiIdleLoop

0: kd> dv

Thread = 0x899475c8

FORCEINLINE

VOID

FASTCALL

KiInsertDeferredReadyList (

IN PKTHREAD Thread

)

{

//

// On the MP system, insert the specified thread in the deferred ready

// list. On the UP system, ready the thread immediately.

//

#if defined(NT_UP)

Thread->State = DeferredReady;

Thread->DeferredProcessor = 0;

KiDeferredReadyThread(Thread);

#else

PKPRCB Prcb;

Prcb = KeGetCurrentPrcb();

Thread->State = DeferredReady;

Thread->DeferredProcessor = Prcb->Number;

PushEntryList(&Prcb->DeferredReadyListHead,

&Thread->SwapListEntry);

#endif

return;

}

0: kd> dx -id 0,0,ffffffff80b20320 -r1 ((ntkrnlmp!_KPRCB *)0xffdff120)

((ntkrnlmp!_KPRCB *)0xffdff120) : 0xffdff120 [Type: _KPRCB *]

+0x000\] MinorVersion : 0x1 \[Type: unsigned short

+0x002\] MajorVersion : 0x1 \[Type: unsigned short

+0x004\] CurrentThread : 0x80b200c0 \[Type: _KTHREAD \*

+0x008\] NextThread : 0x89dc62a0 \[Type: _KTHREAD \*

+0x928\] ReadySummary : 0x0 \[Type: unsigned long

+0x92c\] SelectNextLast : 0x0 \[Type: unsigned long

+0x930\] DispatcherReadyListHead \[Type: _LIST_ENTRY \[32\]

+0xa30\] DeferredReadyListHead \[Type: _SINGLE_LIST_ENTRY

0: kd> dv

Thread = 0x899475c8

0: kd> dx -id 0,0,ffffffff80b20320 -r1 (*((ntkrnlmp!_SINGLE_LIST_ENTRY *)0xffdffb50))

(*((ntkrnlmp!_SINGLE_LIST_ENTRY *)0xffdffb50)) [Type: _SINGLE_LIST_ENTRY]

+0x000\] Next : 0x0 \[Type: _SINGLE_LIST_ENTRY \*

0: kd> p

eax=ffdffb50 ebx=00000000 ecx=89a7fe00 edx=00000000 esi=89a7fda0 edi=899475c8

eip=80a42d21 esp=80b14570 ebp=80b1457c iopl=0 nv up ei ng nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286

nt!KiReadyThread+0xb5:

80a42d21 c3 ret

0: kd> dx -id 0,0,ffffffff80b20320 -r1 (*((ntkrnlmp!_SINGLE_LIST_ENTRY *)0xffdffb50))

(*((ntkrnlmp!_SINGLE_LIST_ENTRY *)0xffdffb50)) [Type: _SINGLE_LIST_ENTRY]

+0x000\] Next : 0x89a7fe00 \[Type: _SINGLE_LIST_ENTRY \*

0: kd> dt kthread 0x89a7fe00-60

ntdll!KTHREAD

+0x000 Header : _DISPATCHER_HEADER

+0x010 MutantListHead : _LIST_ENTRY [ 0x89a7fdb0 - 0x89a7fdb0 ]

+0x018 InitialStack : 0xf76f7000 Void

+0x01c StackLimit : 0xf76f4000 Void

+0x020 KernelStack : 0xf76f6ce0 Void

+0x024 ThreadLock : 0

+0x028 ContextSwitches : 0x2693f

+0x02c State : 0x7 ''

+0x02d NpxState : 0xa ''

+0x02e WaitIrql : 0 ''

+0x02f WaitMode : 0 ''

0: kd> kc

00 nt!KiProcessDeferredReadyList

01 nt!KiExitDispatcher

02 nt!KeSetEvent

03 USBPORT!USBPORT_SignalWorker

04 USBPORT!USBPORT_InvalidateEndpoint

05 USBPORT!USBPORTSVC_InvalidateEndpoint

06 usbuhci!UhciInterruptDpc

07 USBPORT!USBPORT_IsrDpc

08 nt!KiRetireDpcList

09 nt!KiIdleLoop

0: kd> kv

ChildEBP RetAddr Args to Child

00 80b14568 80a4002e 899475c0 899470e8 4f444648 nt!KiProcessDeferredReadyList (FPO: [0,0,0]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\thredsup.c @ 825]

01 80b1458c 80a342fd 00000000 80b145c4 bae2ac25 nt!KiExitDispatcher+0x42 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\waitsup.c @ 80]

02 80b14598 bae2ac25 029475c0 00000001 00000000 nt!KeSetEvent+0xf7 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\eventobj.c @ 443]

03 80b145c4 bae3516e 89947030 10000001 89947030 USBPORT!USBPORT_SignalWorker+0xe3 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\drivers\wdm\usb\hcd\usbport\thread.c @ 330]

04 80b145f0 bae35215 89947030 89b2c440 00000002 USBPORT!USBPORT_InvalidateEndpoint+0x558 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\drivers\wdm\usb\hcd\usbport\core.c @ 2586]

05 80b14608 f757e550 899478e4 00000000 899470e8 USBPORT!USBPORTSVC_InvalidateEndpoint+0x47 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\drivers\wdm\usb\hcd\usbport\core.c @ 2625]

06 80b14624 bae776f4 00002080 6b6c5001 ffdff980 usbuhci!UhciInterruptDpc+0x58 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\drivers\wdm\usb\hcd\miniport\usbuhci\int.c @ 272]

07 80b14648 80a41432 89947608 89947030 00000000 USBPORT!USBPORT_IsrDpc+0x19e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\drivers\wdm\usb\hcd\usbport\int.c @ 320]

08 80b146a0 80b00ab2 00000000 0000000e 00000000 nt!KiRetireDpcList+0xd6 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\dpcsup.c @ 1076]

09 80b146a4 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x5e (FPO: [0,0,0]) [d:\srv03rtm\base\ntos\ke\i386\ctxswap.asm @ 1436]

0: kd> bp nt!KiDeferredReadyThread

0: kd> g

Breakpoint 18 hit

eax=0000001b ebx=00000000 ecx=89a7fda0 edx=00000000 esi=00000000 edi=ffdff120

eip=80a41c28 esp=80b1455c ebp=80b1458c iopl=0 nv up ei ng nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286

nt!KiDeferredReadyThread:

80a41c28 55 push ebp

0: kd> kc

00 nt!KiDeferredReadyThread

01 nt!KiProcessDeferredReadyList

02 nt!KiExitDispatcher

03 nt!KeSetEvent

04 USBPORT!USBPORT_SignalWorker

05 USBPORT!USBPORT_InvalidateEndpoint

06 USBPORT!USBPORTSVC_InvalidateEndpoint

07 usbuhci!UhciInterruptDpc

08 USBPORT!USBPORT_IsrDpc

09 nt!KiRetireDpcList

0a nt!KiIdleLoop

do {

Processor = Thread->IdealProcessor;

IdleSet = KiIdleSummary & Affinity;

if (IdleSet != 0) {

+0x10e IdealProcessor : 0x1 ''

+0x120 Affinity : 3

0: kd> x nt!KiIdleSummary

80b16e80 nt!KiIdleSummary = 2 1号处理器闲置。

Thread->State = Standby;

Thread->NextProcessor = (UCHAR)Processor;

KiClearIdleSummary(AFFINITY_MASK(Processor));

ASSERT((TargetPrcb->NextThread == NULL) ||

(TargetPrcb->NextThread == TargetPrcb->IdleThread));

TargetPrcb->NextThread = Thread;

0: kd> dx -id 0,0,ffffffff80b20320 -r1 ((ntkrnlmp!_KPRCB *)0xf7737120)

((ntkrnlmp!_KPRCB *)0xf7737120) : 0xf7737120 [Type: _KPRCB *]

+0x000\] MinorVersion : 0x1 \[Type: unsigned short

+0x002\] MajorVersion : 0x1 \[Type: unsigned short

+0x004\] CurrentThread : 0xf7739fa0 \[Type: _KTHREAD \*

+0x008\] NextThread : 0x0 \[Type: _KTHREAD \*

+0x928\] ReadySummary : 0x0 \[Type: unsigned long

+0x92c\] SelectNextLast : 0x0 \[Type: unsigned long

+0x930\] DispatcherReadyListHead \[Type: _LIST_ENTRY \[32\]

0: kd> dx -id 0,0,ffffffff80b20320 -r1 (*((ntkrnlmp!_SINGLE_LIST_ENTRY *)0xf7737b50))

(*((ntkrnlmp!_SINGLE_LIST_ENTRY *)0xf7737b50)) [Type: _SINGLE_LIST_ENTRY]

+0x000\] Next : 0x0 \[Type: _SINGLE_LIST_ENTRY \*

0: kd> dx -id 0,0,ffffffff80b20320 -r1 ((ntkrnlmp!_KTHREAD *)0xf7739fa0)

((ntkrnlmp!_KTHREAD *)0xf7739fa0) : 0xf7739fa0 [Type: _KTHREAD *]

+0x000\] Header \[Type: _DISPATCHER_HEADER

+0x010\] MutantListHead \[Type: _LIST_ENTRY

+0x018\] InitialStack : 0xf78ab000 \[Type: void \*

+0x01c\] StackLimit : 0xf78a8000 \[Type: void \*

+0x020\] KernelStack : 0xf78aad4c \[Type: void \*

+0x024\] ThreadLock : 0x0 \[Type: unsigned long

+0x028\] ContextSwitches : 0x1073ea \[Type: unsigned long

+0x02c\] State : 0x2 \[Type: unsigned char

0: kd> dv Preempted

Preempted = 0x00 ''

do {

Processor = Thread->IdealProcessor;

IdleSet = KiIdleSummary & Affinity;

if (IdleSet != 0) {

0: kd> dv IdleSet

IdleSet = 2

TargetPrcb = KiProcessorBlock[Processor];

KiAcquireTwoPrcbLocks(CurrentPrcb, TargetPrcb);

if (((KiIdleSummary & TargetPrcb->SetMember) != 0) &&

((Thread->Affinity & TargetPrcb->SetMember) != 0)) {

//

// Set the thread state to standby, set the processor

// number the thread is being assigned to, and clear the

// associated bit in idle summary.

//

Thread->State = Standby;

Thread->NextProcessor = (UCHAR)Processor;

KiClearIdleSummary(AFFINITY_MASK(Processor));

0: kd> dv Processor

Processor = 1

KiClearIdleSummary(AFFINITY_MASK(Processor));

0: kd> x nt!KiIdleSummary

80b16e80 nt!KiIdleSummary = 0

TargetPrcb->NextThread = Thread;

0: kd> dx -id 0,0,ffffffff80b20320 -r1 ((ntkrnlmp!_KPRCB *)0xf7737120)

((ntkrnlmp!_KPRCB *)0xf7737120) : 0xf7737120 [Type: _KPRCB *]

+0x000\] MinorVersion : 0x1 \[Type: unsigned short

+0x002\] MajorVersion : 0x1 \[Type: unsigned short

+0x004\] CurrentThread : 0xf7739fa0 \[Type: _KTHREAD \*

+0x008\] NextThread : 0x89a7fda0 \[Type: _KTHREAD \*

+0x00c\] IdleThread : 0xf7739fa0 \[Type: _KTHREAD \*

0: kd> g

Breakpoint 19 hit

eax=f7737538 ebx=899475c0 ecx=89a7fda0 edx=f7737120 esi=89a7fda0 edi=89a7fe40

eip=80a43ac4 esp=f76f6d34 ebp=f76f6d64 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!KiSwapThread:

80a43ac4 55 push ebp

1: kd> kc

00 nt!KiSwapThread

01 nt!KeWaitForSingleObject

02 USBPORT!USBPORT_WorkerThread

03 nt!PspSystemThreadStartup

04 nt!KiThreadStartup

1: kd> kv

ChildEBP RetAddr Args to Child

00 f76f6d30 80a35ea9 80a30b6a 899470e8 4f444648 nt!KiSwapThread (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\thredsup.c @ 1698]

01 f76f6d64 bae2bf7b 899475c0 00000005 00000000 nt!KeWaitForSingleObject+0x2d7 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\wait.c @ 1161]

02 f76f6dac 80d391f0 89947030 00000000 00000000 USBPORT!USBPORT_WorkerThread+0x57 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\drivers\wdm\usb\hcd\usbport\thread.c @ 106]

03 f76f6ddc 80b00d52 bae2bf24 89947030 00000000 nt!PspSystemThreadStartup+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ps\create.c @ 2213]

04 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 [d:\srv03rtm\base\ntos\ke\i386\threadbg.asm @ 81]

1: kd> dx -id 0,0,ffffffff80b20320 -r1 ((ntkrnlmp!_KPRCB *)0xf7737120)

((ntkrnlmp!_KPRCB *)0xf7737120) : 0xf7737120 [Type: _KPRCB *]

+0x000\] MinorVersion : 0x1 \[Type: unsigned short

+0x002\] MajorVersion : 0x1 \[Type: unsigned short

+0x004\] CurrentThread : 0x89a7fda0 \[Type: _KTHREAD \*

+0x008\] NextThread : 0x0 \[Type: _KTHREAD \*

+0x00c\] IdleThread : 0xf7739fa0 \[Type: _KTHREAD \*