nt!KiDeferredReadyThread抢占的一个例子和nt!KiExitDispatcher调用nt!KiProcessDeferredReadyList后调用nt!SwapContext的一个例子
背景:0号处理器运行nt!KiDeferredReadyThread处理一个延迟就绪线程,放到1号处理器的
NextThread中。
此时1号处理器也在运行nt!KiDeferredReadyThread函数,把线程0x89575080-60优先级夜为15,比1号处理器的CurrentThread=0x89555268的优先级为15,所以放到就绪队列了。
第一部分:
1: kd> p
eax=89555268 ebx=f7737120 ecx=0000000f edx=0000000e esi=89804020 edi=80a059f8
eip=80a425aa esp=f789ece4 ebp=f789ed04 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
nt!KiDeferredReadyThread+0x982:
80a425aa 897308 mov dword ptr [ebx+8],esi ds:0023:f7737128=00000000
0: kd> p
eax=89555268 ebx=f7737120 ecx=0000000f edx=0000000e esi=89804020 edi=80a059f8
eip=80a425ad esp=f789ece4 ebp=f789ed04 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
nt!KiDeferredReadyThread+0x985:
80a425ad ff150831a080 call dword ptr [nt!_imp__KeGetCurrentIrql (80a03108)] ds:0023:80a03108={hal!KeGetCurrentIrql (804edc6c)}
0: kd> dx -id 0,0,8954e020 -r1 ((ntkrnlmp!_KPRCB *)0xf7737120)
((ntkrnlmp!_KPRCB *)0xf7737120) : 0xf7737120 [Type: _KPRCB *]
[+0x000] MinorVersion : 0x1 [Type: unsigned short]
[+0x002] MajorVersion : 0x1 [Type: unsigned short]
[+0x004] CurrentThread : 0x89555268 [Type: _KTHREAD *]
[+0x008] NextThread : 0x89804020 [Type: _KTHREAD *]
[+0x00c] IdleThread : 0xf7739fa0 [Type: _KTHREAD *]
[+0x010] Number : 1 [Type: char]
[+0x011] Reserved : 0 [Type: char]
[+0x012] BuildType : 0x1 [Type: unsigned short]
[+0x014] SetMember : 0x2 [Type: unsigned long]
} else {
Thread1 = TargetPrcb->CurrentThread;
if (ThreadPriority > Thread1->Priority) {
Thread1->Preempted = TRUE;
Thread->State = Standby;
TargetPrcb->NextThread = Thread;
KiReleaseTwoPrcbLocks(CurrentPrcb, TargetPrcb);
KiRequestDispatchInterrupt(Thread->NextProcessor);
return;
}
}
KiRequestDispatchInterrupt(Thread->NextProcessor);
1: kd> p
Breakpoint 16 hit
eax=00000001 ebx=00000102 ecx=00000002 edx=00000000 esi=f7737120 edi=00000000
eip=804ee4f8 esp=f75d692c ebp=f75d6950 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
hal!HalRequestSoftwareInterrupt:
804ee4f8 643a0d95000000 cmp cl,byte ptr fs:[95h] fs:0030:00000095=00
1: kd> kc 4
#
00 hal!HalRequestSoftwareInterrupt
01 nt!KiIpiServiceRoutine
02 hal!HalpIpiHandler
03 nt!KiDeferredReadyThread
rsi10: mov PCR[PcHal.DpcPending], 1
fstRET HalRequestSoftwareInterrupt
fstENDP HalRequestSoftwareInterrupt
PcHal equ 00094H
PcrE struc
PcrNumber db 0 ; Processor's number
ShortDpc db 0 ; Short circut dpc interrupt
DpcPending db 0 ; Dpc interrupt pending
1: kd> db 0030:95
0030:00000095 00 00 00 a0 62 ef 03 00-00 00 00 a0 62 ef 03 70 ....b.......b..p
0030:000000a5 26 97 d6 00 00 00 00 5c-e9 b2 d6 00 00 00 00 00 &......\........
0030:000000b5 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
1: kd> db 0030:96
0030:00000096 00 00 a0 62 ef 03 00 00-00 00 a0 62 ef 03 70 26 ...b.......b..p&
1: kd> dx -id 0,0,8954e020 -r1 ((ntkrnlmp!_KPRCB *)0xf7737120)
((ntkrnlmp!_KPRCB *)0xf7737120) : 0xf7737120 [Type: _KPRCB *]
[+0x000] MinorVersion : 0x1 [Type: unsigned short]
[+0x002] MajorVersion : 0x1 [Type: unsigned short]
[+0x004] CurrentThread : 0x89555268 [Type: _KTHREAD *]
[+0x008] NextThread : 0x89804020 [Type: _KTHREAD *]
Thread->NextProcessor = (UCHAR)Processor;
if ((Thread1 = TargetPrcb->NextThread) != NULL) {
ASSERT(Thread1->State == Standby);
if (ThreadPriority > Thread1->Priority) {
Thread1->Preempted = TRUE;
Thread->State = Standb
