对BAT1节点_STA方法的处理之从ACPI!RestartCtxtPassive到ACPI!StartTimeSlicePassive

对BAT1节点_STA方法的处理之从ACPI!RestartCtxtPassive到ACPI!StartTimeSlicePassive

1: kd> g

Breakpoint 37 hit

eax=899b0024 ebx=00000000 ecx=899b0024 edx=00000000 esi=899b0024 edi=89985178

eip=f741f8c9 esp=f791aae8 ebp=f791ab18 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!AsyncEvalObject:

f741f8c9 55 push ebp

1: kd> kc

00 ACPI!AsyncEvalObject

01 ACPI!AMLIAsyncEvalObject

02 ACPI!ACPIGet

03 ACPI!IsPciDeviceWorker

04 ACPI!IsPciDevice

05 ACPI!GetOpRegionScopeWorker

06 ACPI!GetOpRegionScope

07 ACPI!PciConfigSpaceHandlerWorker

08 ACPI!PciConfigSpaceHandler

09 ACPI!InternalOpRegionHandler

0a ACPI!WriteCookAccess

0b ACPI!RunContext

0c ACPI!InsertReadyQueue

0d ACPI!RestartCtxtPassive

0e ACPI!ACPIWorker

0f nt!PspSystemThreadStartup

10 nt!KiThreadStartup

1: kd> dv

pns = 0x899b0024

pdataResult = 0x89985164

icArgs = 0n0

pdataArgs = 0x00000000

pfnAsyncCallBack = 0xf74074ae

pvContext = 0x89985138

fAsync = 0x01 ''

pctxt = 0x00000008

1: kd> db 0x899b0024

899b0024 64 a0 91 89 68 00 9b 89-ac ff 9a 89 00 00 00 00 d...h...........

899b0034 5f 48 49 44 30 f3 9a 89-ac ff 9a 89 00 00 01 00 _HID0...........

899b0044 00 00 00 00 41 d0 0a 03-00 00 00 00 00 00 00 00 ....A...........

if (fQueueContext)

{

rc = RestartContext(pctxt, FALSE); 返回到这里

}

1: kd> g

Breakpoint 36 hit

eax=00008004 ebx=899b0040 ecx=00000000 edx=00002700 esi=f7438ca8 edi=00000000

eip=f741fb55 esp=f791aac8 ebp=f791aae4 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!AsyncEvalObject+0x28c:

f741fb55 59 pop ecx

1: kd> t

eax=00008004 ebx=899b0040 ecx=89903000 edx=00002700 esi=f7438ca8 edi=00008004

eip=f741fb58 esp=f791aacc ebp=f791aae4 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!AsyncEvalObject+0x28f:

f741fb58 e9cafeffff jmp ACPI!AsyncEvalObject+0x15e (f741fa27)

rc = AsyncEvalObject(pns, pdataResult, icArgs, pdataArgs,

pfnAsyncCallBack, pvContext, TRUE);

if (rc == AMLISTA_PENDING)

rc = STATUS_PENDING;

#define AMLISTA_PENDING 0x00008004

1: kd> gu

eax=00000103 ebx=f743b938 ecx=00000000 edx=00002700 esi=89985138 edi=89985140

eip=f7407905 esp=f791ab20 ebp=f791ab74 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!ACPIGet+0x24d:

f7407905 b903010000 mov ecx,103h

if (async) {

//

// Evaluate the request

//

status = AMLIAsyncEvalObject(

acpiObject,

&(request->ResultData),

argumentCount,

argumentPtr,

completionRoutine,

request

);

if (status == STATUS_PENDING) {

//

// We cannot do anything else here. Wait for the completion routine

// to fire

//

return status;

1: kd> gu

eax=00000103 ebx=00000000 ecx=00000103 edx=00002700 esi=899bf3d8 edi=00000103

eip=f740d1b7 esp=f791aba0 ebp=f791abac iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!IsPciDeviceWorker+0x71:

f740d1b7 3bc7 cmp eax,edi

1: kd> kc

00 ACPI!IsPciDeviceWorker

01 ACPI!IsPciDevice

02 ACPI!GetOpRegionScopeWorker

03 ACPI!GetOpRegionScope

04 ACPI!PciConfigSpaceHandlerWorker

05 ACPI!PciConfigSpaceHandler

06 ACPI!InternalOpRegionHandler

07 ACPI!WriteCookAccess

08 ACPI!RunContext

09 ACPI!InsertReadyQueue

0a ACPI!RestartCtxtPassive

0b ACPI!ACPIWorker

0c nt!PspSystemThreadStartup

0d nt!KiThreadStartup

NTSTATUS

EXPORT

IsPciDeviceWorker(

IN PNSOBJ AcpiObject,

IN NTSTATUS Status,

IN POBJDATA Result,

IN PVOID Context

)

{

if (hidObj) {

status = ACPIGetNSPnpIDAsync(

state->AcpiObject,

IsPciDeviceWorker,

(PVOID)state,

&state->Hid,

NULL);

if (status == STATUS_PENDING) {

return status;

}

1: kd> gu

eax=00000103 ebx=00000000 ecx=00000103 edx=00002700 esi=899c4150 edi=899bf400

eip=f740d401 esp=f791abb4 ebp=f791abc8 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!IsPciDevice+0x4f:

f740d401 83c410 add esp,10h

1: kd> gu

eax=00000103 ebx=00000000 ecx=00000103 edx=00002700 esi=899c4150 edi=00000800

eip=f740d4ac esp=f791abe0 ebp=f791abec iopl=0 nv up ei ng nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282

ACPI!GetOpRegionScopeWorker+0x62:

f740d4ac 8bd8 mov ebx,eax

1: kd> kc

00 ACPI!GetOpRegionScopeWorker

01 ACPI!GetOpRegionScope

02 ACPI!PciConfigSpaceHandlerWorker

03 ACPI!PciConfigSpaceHandler

04 ACPI!InternalOpRegionHandler

05 ACPI!WriteCookAccess

06 ACPI!RunContext

07 ACPI!InsertReadyQueue

08 ACPI!RestartCtxtPassive

09 ACPI!ACPIWorker

0a nt!PspSystemThreadStartup

0b nt!KiThreadStartup

NTSTATUS

EXPORT

GetOpRegionScopeWorker(

IN PNSOBJ AcpiObject,

IN NTSTATUS Status,

IN POBJDATA Result,

IN PVOID Context

)

{

status = IsPciDevice(state->Parent,

GetOpRegionScopeWorker,

(PVOID)state,

&state->IsPciDeviceResult);

if (status == STATUS_PENDING) {

return status;

}

1: kd> gu

eax=00000103 ebx=89987378 ecx=00000103 edx=00002700 esi=00000103 edi=899c4170

eip=f740d55b esp=f791abf4 ebp=f791ac08 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!GetOpRegionScope+0x55:

f740d55b 83c410 add esp,10h

1: kd> gu

eax=00000103 ebx=89987378 ecx=00000103 edx=00002700 esi=00000103 edi=899b0b80

eip=f740d68d esp=f791ac20 ebp=f791ac70 iopl=0 nv up ei ng nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282

ACPI!PciConfigSpaceHandlerWorker+0x61:

f740d68d 3bc6 cmp eax,esi

NTSTATUS

EXPORT

PciConfigSpaceHandlerWorker(

IN PNSOBJ AcpiObject,

IN NTSTATUS CompletionStatus,

IN POBJDATA Result,

IN PVOID Context

)

{

。。。

if (!state->OpRegion->Context) {

if (!(state->Flags & PCISUPP_GOT_SCOPE)) {

state->Flags |= PCISUPP_GOT_SCOPE;

status = GetOpRegionScope(state->OpRegion,

PciConfigSpaceHandlerWorker,

(PVOID)state,

&((PNSOBJ)(state->OpRegion->Context)));

if (status == STATUS_PENDING) {

return status;

}

1: kd> gu

eax=00000103 ebx=00008000 ecx=e71d4552 edx=00002700 esi=899affac edi=899873b4

eip=f740d9dd esp=f791ac78 ebp=f791ac8c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!PciConfigSpaceHandler+0x6d:

f740d9dd 83c410 add esp,10h

1: kd> gu

eax=00000103 ebx=00008000 ecx=e71d4552 edx=00002700 esi=899affac edi=899b0b50

eip=f742813d esp=f791ac94 ebp=f791acbc iopl=0 nv up ei ng nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286

ACPI!InternalOpRegionHandler+0x67:

f742813d 8bf0 mov esi,eax

1: kd> gu

eax=00000103 ebx=00008000 ecx=80ae0dfa edx=80b18958 esi=8997dc08 edi=899b0134

eip=f7417e5f esp=f791acc4 ebp=f791acf4 iopl=0 nv up ei ng nz ac pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000296

ACPI!WriteCookAccess+0x242:

f7417e5f 83c420 add esp,20h

1: kd> gu

eax=00008004 ebx=f743a948 ecx=80ae0dfa edx=80b18958 esi=8997c000 edi=8997dc08

eip=f741d832 esp=f791acfc ebp=f791ad1c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!RunContext+0x122:

f741d832 83c40c add esp,0Ch

while (!IsStackEmpty(pctxt))

{

CHKDEBUGGERREQ();

pfh = (PFRAMEHDR)pctxt->LocalHeap.pbHeapEnd;

ASSERT(pfh->pfnParse != NULL);

rc = pfh->pfnParse(pctxt, pfh, rc);

if ((rc == AMLISTA_PENDING) || (rc == AMLISTA_DONE))

{

break;

}

}

跳出while循环

if (rc == AMLISTA_PENDING)

{

pctxt->dwfCtxt |= CTXTF_NEED_CALLBACK;

}

1: kd> g

Breakpoint 12 hit

eax=00000120 ebx=f743a948 ecx=f743a948 edx=00000000 esi=8997c000 edi=00008004

eip=f741d8a7 esp=f791ad08 ebp=f791ad1c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!RunContext+0x197:

f741d8a7 834e2020 or dword ptr [esi+20h],20h ds:0023:8997c020=00000120

1: kd> gu

eax=00008004 ebx=00000000 ecx=8997e000 edx=00002707 esi=8997c000 edi=00000000

eip=f7420671 esp=f791ad24 ebp=f791ad44 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!InsertReadyQueue+0x155:

f7420671 83c414 add esp,14h

else if ((gReadyQueue.pkthCurrent == NULL) &&

!(gReadyQueue.dwfCtxtQ & CQF_PAUSED))

//

// We only execute the method if we are not in paused state.

//

{

LOGSCHEDEVENT('EVAL', (ULONG_PTR)pctxt, (ULONG_PTR)

(pctxt->pnctxt? pctxt->pnctxt->pnsObj: pctxt->pnsObj),

(ULONG_PTR)pctxt->pbOp);

//

// There is no active context and we can execute it immediately.

//

rc = RunContext(pctxt);

if ((gReadyQueue.plistCtxtQ != NULL) &&

!(gReadyQueue.dwfCtxtQ & CQF_WORKITEM_SCHEDULED))

{

//

// If we have more jobs in the queue and we haven't scheduled

// a dispatch, schedule one.

//

LOGSCHEDEVENT('KICK', (ULONG_PTR)rc, 0, 0);

OSQueueWorkItem(&gReadyQueue.WorkItem);

gReadyQueue.dwfCtxtQ |= CQF_WORKITEM_SCHEDULED;

}

1: kd> x acpi!gReadyQueue

f743a928 ACPI!gReadyQueue = struct _ctxtq

1: kd> dx -r1 (*((ACPI!_ctxtq *)0xf743a928))

(*((ACPI!_ctxtq *)0xf743a928)) [Type: _ctxtq]

+0x000\] dwfCtxtQ : 0x0 \[Type: unsigned long

+0x004\] pkthCurrent : 0x0 \[Type: _KTHREAD \*

+0x008\] pctxtCurrent : 0x0 \[Type: _ctxt \*

+0x00c\] plistCtxtQ : 0x89903010 \[Type: _List \*

+0x010\] dwmsTimeSliceLength : 0x64 \[Type: unsigned long

+0x014\] dwmsTimeSliceInterval : 0x64 \[Type: unsigned long

+0x018\] pfnPauseCallback : 0x0 \[Type: void (__cdecl\*)(void \*)

+0x01c\] PauseCBContext : 0x0 \[Type: void \*

+0x020\] mutCtxtQ \[Type: _mutex

+0x028\] Timer \[Type: _KTIMER

+0x050\] DpcStartTimeSlice \[Type: _KDPC

+0x070\] DpcExpireTimeSlice \[Type: _KDPC

+0x090\] WorkItem \[Type: _WORK_QUEUE_ITEM

1: kd> dx -r1 (*((ACPI!_WORK_QUEUE_ITEM *)0xf743a9b8))

(*((ACPI!_WORK_QUEUE_ITEM *)0xf743a9b8)) [Type: _WORK_QUEUE_ITEM]

+0x000\] List \[Type: _LIST_ENTRY

+0x008\] WorkerRoutine : 0xf7420495 \[Type: void (\*)(void \*)

+0x00c\] Parameter : 0xf743a928 \[Type: void \*

1: kd> u f7420495

ACPI!StartTimeSlicePassive [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\sched.c @ 93]:

f7420495 55 push ebp

f7420496 8bec mov ebp,esp

f7420498 53 push ebx

f7420499 56 push esi

f742049a 57 push edi

f742049b 6a01 push 1

f742049d bf3c3d43f7 mov edi,offset ACPI!`string' (f7433d3c)

f74204a2 57 push edi

1: kd> t

Breakpoint 34 hit

eax=00000017 ebx=00008004 ecx=8997e000 edx=00002707 esi=8997c000 edi=00000000

eip=f7413470 esp=f791ad30 ebp=f791ad44 iopl=0 nv up ei ng nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282

ACPI!OSQueueWorkItem:

f7413470 55 push ebp

1: kd> kc

00 ACPI!OSQueueWorkItem

01 ACPI!InsertReadyQueue

02 ACPI!RestartCtxtPassive

03 ACPI!ACPIWorker

04 nt!PspSystemThreadStartup

05 nt!KiThreadStartup

02 ACPI!StartTimeSlicePassive 下次运行可能是ACPI!StartTimeSlicePassive

03 ACPI!ACPIWorker

04 nt!PspSystemThreadStartup

05 nt!KiThreadStartup

1: kd> gu

eax=00000041 ebx=00008004 ecx=00000041 edx=00000002 esi=8997c000 edi=00000000

eip=f74206a9 esp=f791ad38 ebp=f791ad44 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!InsertReadyQueue+0x18d:

f74206a9 830d28a943f702 or dword ptr [ACPI!gReadyQueue (f743a928)],2 ds:0023:f743a928=00000000

1: kd> gu

eax=00008004 ebx=899050e8 ecx=00000041 edx=00000002 esi=f743a948 edi=f7433e20

eip=f742079a esp=f791ad4c ebp=f791ad64 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!RestartCtxtPassive+0x54:

f742079a 56 push esi

1: kd> kc

00 ACPI!RestartCtxtPassive

01 ACPI!ACPIWorker

02 nt!PspSystemThreadStartup

03 nt!KiThreadStartup

1: kd> gu

Breakpoint 35 hit

eax=00000000 ebx=00000000 ecx=00010001 edx=00000000 esi=899050ec edi=f743b318

eip=f74133c5 esp=f791ad70 ebp=f791adac iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!ACPIWorker+0xbf:

f74133c5 ff1534b042f7 call dword ptr [ACPI!_imp__KeGetCurrentIrql (f742b034)] ds:0023:f742b034={hal!KeGetCurrentIrql (804edc6c)}

(WorkItem->WorkerRoutine)(WorkItem->Parameter);

if (KeGetCurrentIrql() != 0) {

Status = KeWaitForMultipleObjects(ACPIMaximumObject,

&WaitObjects[0],

WaitAny,

Executive,

KernelMode,

FALSE,

NULL,

&WaitBlockArray[0]);

1: kd> p

eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=899050ec edi=f743b318

eip=f7413349 esp=f791ad70 ebp=f791adac iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!ACPIWorker+0x43:

f7413349 48 dec eax

typedef enum _ACPI_WORKER_OBJECT {

ACPIWorkToDo,

ACPITerminate,

ACPIMaximumObject

} ACPI_WORKER_OBJECT;

switch (Status) {

case ACPIWorkToDo:

break;

1: kd> x acpi!ACPIWorkQueue

f743b318 ACPI!ACPIWorkQueue = struct _LIST_ENTRY [ 0xf743a9b8 - 0xf743a9b8 ]

1: kd> dx -r1 (*((ACPI!_LIST_ENTRY *)0xf743b318))

(*((ACPI!_LIST_ENTRY *)0xf743b318)) [Type: _LIST_ENTRY]

+0x000\] Flink : 0xf743a9b8 \[Type: _LIST_ENTRY \*

+0x004\] Blink : 0xf743a9b8 \[Type: _LIST_ENTRY \*

1: kd> dt WORK_QUEUE_ITEM 0xf743a9b8

hal!WORK_QUEUE_ITEM

+0x000 List : _LIST_ENTRY [ 0xf743b318 - 0xf743b318 ]

+0x008 WorkerRoutine : 0xf7420495 void ACPI!StartTimeSlicePassive+0

+0x00c Parameter : 0xf743a928 Void

WorkerRoutine = WorkItem->WorkerRoutine;

Parameter = WorkItem->Parameter;

(WorkItem->WorkerRoutine)(WorkItem->Parameter);

THREAD 899a1020 Cid 0004.0008 Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 0

IRP List:

899bf5b0: (0006,0190) Flags: 00000000 Mdl: 00000000

Not impersonating

DeviceMap e10003d8

Owning Process 899a2278 Image: System

Attached Process N/A Image: N/A

Wait Start TickCount 274647546 Ticks: 69 (0:00:00:01.078)

Context Switch Count 9 IdealProcessor: 0

UserTime 00:00:00.000

KernelTime 00:00:00.828

Stack Init f789b000 Current f789a1b8 Base f789b000 Limit f7898000 Call 00000000

Priority 31 BasePriority 8 PriorityDecrement 0 IoPriority 0 PagePriority 0

ChildEBP RetAddr

f789eef8 f73fb91b hal!HalpClockInterrupt+0x15a (FPO: [0,2] TrapFrame @ f789eef8) [d:\srv03rtm\base\hals\halmps\i386\mpclock.asm @ 554]

f789ef84 f73fc619 ACPI!ACPIBuildProcessGenericList+0x57 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\buildsrc.c @ 4847]

f789ef9c 80a41432 ACPI!ACPIBuildDeviceDpc+0x67 (FPO: [4,0,0]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\buildsrc.c @ 553]

f789eff4 80b00756 nt!KiRetireDpcList+0xd6 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\dpcsup.c @ 1076]

f789eff8 f789a124 nt!KiDispatchInterrupt+0x36 (FPO: [Uses EBP] [0,0,1]) [d:\srv03rtm\base\ntos\ke\i386\ctxswap.asm @ 226]

WARNING: Frame IP not in any known module. Following frames may be wrong.

80b00756 00000000 0xf789a124

THREAD 89981ca0 Cid 0004.0078 Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 1

Not impersonating

DeviceMap e10003d8

Owning Process 899a2278 Image: System

Attached Process N/A Image: N/A

Wait Start TickCount 274647614 Ticks: 1 (0:00:00:00.015)

Context Switch Count 3 IdealProcessor: 1

UserTime 00:00:00.000

KernelTime 00:00:00.218

Stack Init f791b000 Current f791acc0 Base f791b000 Limit f7918000 Call 00000000

Priority 8 BasePriority 8 PriorityDecrement 0 IoPriority 0 PagePriority 0

ChildEBP RetAddr

f791ad64 f74133c5 ACPI!StartTimeSlicePassive+0x32 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\sched.c @ 98]

f791adac 80d391f0 ACPI!ACPIWorker+0xbf (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\worker.c @ 302]

f791addc 80b00d52 nt!PspSystemThreadStartup+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ps\create.c @ 2213]

00000000 00000000 nt!KiThreadStartup+0x16 [d:\srv03rtm\base\ntos\ke\i386\threadbg.asm @ 81]