news 2026/4/28 14:38:01

ACPI!ACPIBuildProcessRunMethodPhaseCheckSta函数对节点BAT2的处理--从DPC到异步函数ACPI!ACPIWorker

作者头像

张小明

前端开发工程师

1.2k 24
文章封面图
ACPI!ACPIBuildProcessRunMethodPhaseCheckSta函数对节点BAT2的处理--从DPC到异步函数ACPI!ACPIWorker

ACPI!ACPIBuildProcessRunMethodPhaseCheckSta函数对节点BAT2的处理
0: kd> g
Breakpoint 26 hit
eax=00000003 ebx=00000003 ecx=89906ce0 edx=00000001 esi=89906cd0 edi=80b019f4
eip=f73fbbfa esp=f789ef64 ebp=f789ef84 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ACPIBuildProcessRunMethodPhaseCheckSta:
f73fbbfa 55 push ebp
0: kd> kc
#
00 ACPI!ACPIBuildProcessRunMethodPhaseCheckSta
01 ACPI!ACPIBuildProcessGenericList
02 ACPI!ACPIBuildDeviceDpc
03 nt!KiRetireDpcList
04 nt!KiDispatchInterrupt
WARNING: Frame IP not in any known module. Following frames may be wrong.
05 0x0
0: kd> dv
BuildRequest = 0x89906cd0
0: kd> dx -r1 ((ACPI!_ACPI_BUILD_REQUEST *)0x89906cd0)
((ACPI!_ACPI_BUILD_REQUEST *)0x89906cd0) : 0x89906cd0 [Type: _ACPI_BUILD_REQUEST *]
[+0x000] ListEntry [Type: _LIST_ENTRY]
[+0x008] Signature : 0x5f534750 [Type: unsigned long]
[+0x00c] Flags : 0xc [Type: unsigned long]
[+0x00c] UFlags [Type: __unnamed]
[+0x010] WorkDone : 0x1 [Type: unsigned long]
[+0x014] CurrentWorkDone : 0x3 [Type: unsigned long]
[+0x018] NextWorkDone : 0x0 [Type: unsigned long]
[+0x01c] BuildContext : 0x899aee58 [Type: void *]
[+0x020] Status : 0 [Type: long]
[+0x024] CurrentObject : 0x0 [Type: _NSObj *]
[+0x028] CallBack : 0x0 [Type: void (*)(void *,void *,long)]
[+0x02c] CallBackContext : 0x0 [Type: void *]
[+0x030] DeviceRequest [Type: __unnamed]
[+0x030] RunRequest [Type: __unnamed]
[+0x030] SynchronizeRequest [Type: __unnamed]
[+0x044] Integer : 0x0 [Type: unsigned long]
[+0x044] String : 0x0 [Type: unsigned char *]
[+0x044] TargetListEntry : 0x0 [Type: _LIST_ENTRY *]
0: kd> dt acpi!_DEVICE_EXTENSION 0x899aee58
+0x000 Flags : 0xa
+0x000 UFlags : __unnamed
+0x008 Signature : 0x5f534750
+0x00c DebugFlags : 0
+0x010 DispatchTable : (null)
+0x014 WorkContext : WORK_QUEUE_CONTEXT
+0x014 Fdo : _FDO_DEVICE_EXTENSION
+0x014 Filter : _FILTER_DEVICE_EXTENSION
+0x014 Pdo : _PDO_DEVICE_EXTENSION
+0x058 WorkQueue : EXTENSION_WORKER
+0x058 Button : BUTTON_EXTENSION
+0x058 Thermal : THERMAL_EXTENSION
+0x058 LinkNode : LINK_NODE_EXTENSION
+0x058 Dock : DOCK_EXTENSION
+0x058 Processor : _PROCESSOR_DEVICE_EXTENSION
+0x088 DeviceState : 0 ( Stopped )
+0x08c PreviousState : 0 ( Stopped )
+0x090 PowerInfo : _ACPI_POWER_INFO
+0x10c DeviceID : (null)
+0x10c Address : 0
+0x110 InstanceID : (null)
+0x114 ResourceList : (null)
+0x118 PnpResourceList : (null)
+0x11c OutstandingIrpCount : 0n1
+0x120 ReferenceCount : 0n4
+0x124 HibernatePathCount : 0n0
+0x128 RemoveEvent : (null)
+0x12c AcpiObject : 0x899b4804 _NSObj
+0x130 DeviceObject : (null)
+0x134 TargetDeviceObject : (null)
+0x138 PhysicalDeviceObject : (null)
+0x13c ParentExtension : 0x89981a18 _DEVICE_EXTENSION
+0x140 ChildDeviceList : _LIST_ENTRY [ 0x899aef98 - 0x899aef98 ]
+0x148 SiblingDeviceList : _LIST_ENTRY [ 0x899aeda0 - 0x899ae150 ]
+0x150 EjectDeviceHead : _LIST_ENTRY [ 0x899aefa8 - 0x899aefa8 ]
+0x158 EjectDeviceList : _LIST_ENTRY [ 0x899aefb0 - 0x899aefb0 ]
0: kd> db 0x899b4804
899b4804 18 45 9b 89 70 4a 9b 89-f0 f0 9a 89 48 48 9b 89 .E..pJ......HH..
899b4814 42 41 54 32 30 f3 9a 89-84 47 9b 89 00 00 06 00 BAT20....G......
899b4824 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
899b4834 58 ee 9a 89 00 00 00 00-48 4e 53 4f 44 00 00 00 X.......HNSOD...
899b4844 00 f0 9a 89 08 4a 9b 89-8c 48 9b 89 04 48 9b 89 .....J...H...H..
899b4854 00 00 00 00 5f 48 49 44-30 f3 9a 89 04 48 9b 89 ...._HID0....H..
899b4864 00 00 01 00 00 00 00 00-41 d0 0c 0a 00 00 00 00 ........A.......
899b4874 00 00 00 00 00 00 00 00-00 00 00 00 48 4e 53 4f ............HNSO


//
// Go out and see if the requested object is present
//
acpiObject = ACPIAmliGetNamedChild(
acpiObject,
ObjectID
);
if (!acpiObject) {

status = STATUS_OBJECT_NAME_NOT_FOUND;
goto ACPIGetExit;

}

0: kd> kc
#
00 ACPI!ACPIGet
01 ACPI!ACPIBuildProcessRunMethodPhaseCheckSta
02 ACPI!ACPIBuildProcessGenericList
03 ACPI!ACPIBuildDeviceDpc
04 nt!KiRetireDpcList
05 nt!KiDispatchInterrupt
WARNING: Frame IP not in any known module. Following frames may be wrong.
06 0x0
0: kd> dv
Target = 0x899b4804
ObjectID = 0x4154535f
Flags = 0x40040802
SimpleArgument = 0x00000000
SimpleArgumentSize = 0
CallBackRoutine = 0xf73fa5bc
CallBackContext = 0x89906cd0
Buffer = 0x89906d14
BufferSize = 0x00000000
completionRoutine = 0xf7407364
status = 0n1074006018
argument = struct _ObjData
argumentPtr = 0x00000000
acpiObject = 0x899b4804
deviceExtension = 0x899aee58
async = 0x01 ''
argumentCount = 0
0: kd> t
eax=00000000 ebx=f743b938 ecx=00000000 edx=00000000 esi=899c6320 edi=899c6328
eip=f73fa418 esp=f789eee0 ebp=f789ef28 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ACPIAmliGetNamedChild:
f73fa418 55 push ebp
0: kd> kc
#
00 ACPI!ACPIAmliGetNamedChild
01 ACPI!ACPIGet
02 ACPI!ACPIBuildProcessRunMethodPhaseCheckSta
03 ACPI!ACPIBuildProcessGenericList
04 ACPI!ACPIBuildDeviceDpc
05 nt!KiRetireDpcList
06 nt!KiDispatchInterrupt
WARNING: Frame IP not in any known module. Following frames may be wrong.
07 0x0
0: kd> db f789eee0
f789eee0 dd 78 40 f7 04 48 9b 89-5f 53 54 41 58 ee 9a 89 .x@..H.._STAX...
f789eef0 d0 6c 90 89 00 00 00 00-01 00 00 00 01 00 00 00 .l..............
f789ef00 01 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
f789ef10 00 00 00 00 0a 00 00 00-58 ee 9a 89 00 00 00 00 ........X.......
f789ef20 64 73 40 f7 23 00 00 01-60 ef 89 f7 48 bc 3f f7 ds@.#...`...H.?.
f789ef30 04 48 9b 89 5f 53 54 41-02 08 04 40 00 00 00 00 .H.._STA...@....
f789ef40 00 00 00 00 bc a5 3f f7-d0 6c 90 89 14 6d 90 89 ......?..l...m..
f789ef50 00 00 00 00 f4 19 b0 80-d0 6c 90 89 03 00 00 00 .........l......
0: kd> dv
AcpiObject = 0x899b4804
ObjectId = 0x4154535f
0: kd> db 0x899b4804
899b4804 18 45 9b 89 70 4a 9b 89-f0 f0 9a 89 48 48 9b 89 .E..pJ......HH..
899b4814 42 41 54 32 30 f3 9a 89-84 47 9b 89 00 00 06 00 BAT20....G......
899b4824 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
899b4834 58 ee 9a 89 00 00 00 00-48 4e 53 4f 44 00 00 00 X.......HNSOD...
899b4844 00 f0 9a 89 08 4a 9b 89-8c 48 9b 89 04 48 9b 89 .....J...H...H..
899b4854 00 00 00 00 5f 48 49 44-30 f3 9a 89 04 48 9b 89 ...._HID0....H..
899b4864 00 00 01 00 00 00 00 00-41 d0 0c 0a 00 00 00 00 ........A.......
899b4874 00 00 00 00 00 00 00 00-00 00 00 00 48 4e 53 4f ............HNSO


0: kd> gu
eax=899b4938 ebx=f743b938 ecx=4154535f edx=00000000 esi=899c6320 edi=899c6328
eip=f74078dd esp=f789eeec ebp=f789ef28 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ACPIGet+0x225:
f74078dd 85c0 test eax,eax


0: kd> g
Breakpoint 33 hit
eax=899b4938 ebx=f743b938 ecx=899c634c edx=00000000 esi=899c6320 edi=899c6328
eip=f7415242 esp=f789eed0 ebp=f789ef28 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
ACPI!AMLIAsyncEvalObject:
f7415242 55 push ebp
0: kd> g
Breakpoint 37 hit
eax=899b4938 ebx=00000000 ecx=899b4938 edx=00000000 esi=899b4938 edi=899c6360
eip=f741f8c9 esp=f789ee9c ebp=f789eecc iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!AsyncEvalObject:
f741f8c9 55 push ebp
0: kd> kc
#
00 ACPI!AsyncEvalObject
01 ACPI!AMLIAsyncEvalObject
02 ACPI!ACPIGet
03 ACPI!ACPIBuildProcessRunMethodPhaseCheckSta
04 ACPI!ACPIBuildProcessGenericList
05 ACPI!ACPIBuildDeviceDpc
06 nt!KiRetireDpcList
07 nt!KiDispatchInterrupt
WARNING: Frame IP not in any known module. Following frames may be wrong.
08 0x0


0: kd> g
Breakpoint 42 hit
eax=8997c000 ebx=899b4938 ecx=8997df34 edx=00000000 esi=8997df34 edi=00000000
eip=f74207d4 esp=f789ee78 ebp=f789ee98 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!RestartContext:
f74207d4 55 push ebp
0: kd> kc
#
00 ACPI!RestartContext
01 ACPI!AsyncEvalObject
02 ACPI!AMLIAsyncEvalObject
03 ACPI!ACPIGet
04 ACPI!ACPIBuildProcessRunMethodPhaseCheckSta
05 ACPI!ACPIBuildProcessGenericList
06 ACPI!ACPIBuildDeviceDpc
07 nt!KiRetireDpcList
08 nt!KiDispatchInterrupt
WARNING: Frame IP not in any known module. Following frames may be wrong.
09 0x0
0: kd> dv
pctxt = 0x8997c000
fDelayExecute = 0x00 ''

else if ((prest = NEWRESTOBJ(sizeof(RESTART))) != NULL)
{
pctxt->dwfCtxt |= CTXTF_NEED_CALLBACK;
prest->pctxt = pctxt;
ExInitializeWorkItem(&prest->WorkItem, RestartCtxtPassive, prest);
OSQueueWorkItem(&prest->WorkItem);

0: kd> t
Breakpoint 34 hit
eax=899050ec ebx=00000000 ecx=00000002 edx=00000004 esi=8997c000 edi=80ae2bca
eip=f7413470 esp=f789ee60 ebp=f789ee74 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
ACPI!OSQueueWorkItem:
f7413470 55 push ebp
0: kd> x acpi!ACPIWorkQueue
f743b318 ACPI!ACPIWorkQueue = struct _LIST_ENTRY [ 0xf743b318 - 0xf743b318 ]
0: kd> dx -r1 (*((ACPI!_LIST_ENTRY *)0xf743b318))
(*((ACPI!_LIST_ENTRY *)0xf743b318)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0xf743b318 [Type: _LIST_ENTRY *]
[+0x004] Blink : 0xf743b318 [Type: _LIST_ENTRY *]


0: kd> kc
#
00 nt!KeSetEvent
01 ACPI!OSQueueWorkItem
02 ACPI!RestartContext
03 ACPI!AsyncEvalObject
04 ACPI!AMLIAsyncEvalObject
05 ACPI!ACPIGet
06 ACPI!ACPIBuildProcessRunMethodPhaseCheckSta
07 ACPI!ACPIBuildProcessGenericList
08 ACPI!ACPIBuildDeviceDpc
09 nt!KiRetireDpcList
0a nt!KiDispatchInterrupt
WARNING: Frame IP not in any known module. Following frames may be wrong.
0b 0x0
0: kd> dv
Event = 0xf743b330
Increment = 0n0
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0xf7 ''
0: kd> dx -r1 ((ntkrnlmp!_KEVENT *)0xf743b330)
((ntkrnlmp!_KEVENT *)0xf743b330) : 0xf743b330 [Type: _KEVENT *]
[+0x000] Header [Type: _DISPATCHER_HEADER]
0: kd> dx -r1 (*((ntkrnlmp!_DISPATCHER_HEADER *)0xf743b330))
(*((ntkrnlmp!_DISPATCHER_HEADER *)0xf743b330)) [Type: _DISPATCHER_HEADER]
[+0x000] Type : 0x0 [Type: unsigned char]
[+0x001] Absolute : 0x0 [Type: unsigned char]
[+0x002] Size : 0x4 [Type: unsigned char]
[+0x003] Inserted : 0x0 [Type: unsigned char]
[+0x003] DebugActive : 0x0 [Type: unsigned char]
[+0x000] Lock : 262144 [Type: long]
[+0x004] SignalState : 0 [Type: long]
[+0x008] WaitListHead [Type: _LIST_ENTRY]
0: kd> u 0xf743b330
ACPI!ACPIWorkToDoEvent:
f743b330 0000 add byte ptr [eax],al
f743b332 0400 add al,0
f743b334 0000 add byte ptr [eax],al
f743b336 0000 add byte ptr [eax],al
f743b338 18a843f718a8 sbb byte ptr [eax-57E708BDh],ch
f743b33e 43 inc ebx
f743b33f f70000000000 test dword ptr [eax],0
f743b345 0000 add byte ptr [eax],al


InsertTailList(&ACPIWorkQueue, &WorkItem->List);

0: kd> x acpi!ACPIWorkQueue
f743b318 ACPI!ACPIWorkQueue = struct _LIST_ENTRY [ 0x899050ec - 0xf743b318 ]
0: kd> dx -r1 (*((ACPI!_LIST_ENTRY *)0xf743b318))
(*((ACPI!_LIST_ENTRY *)0xf743b318)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0x899050ec [Type: _LIST_ENTRY *]
[+0x004] Blink : 0xf743b318 [Type: _LIST_ENTRY *]


KeReleaseSpinLock(&ACPIWorkerSpinLock, OldIrql);

0: kd> t
eax=899050ec ebx=00000002 ecx=f743b360 edx=000c0802 esi=f743b318 edi=f743b360
eip=804ee150 esp=f789ee4c ebp=f789ee5c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
hal!KfReleaseSpinLock:
804ee150 0fb6c2 movzx eax,dl
0: kd> kc
#
00 hal!KfReleaseSpinLock
01 ACPI!OSQueueWorkItem
02 ACPI!RestartContext
03 ACPI!AsyncEvalObject
04 ACPI!AMLIAsyncEvalObject
05 ACPI!ACPIGet
06 ACPI!ACPIBuildProcessRunMethodPhaseCheckSta
07 ACPI!ACPIBuildProcessGenericList
08 ACPI!ACPIBuildDeviceDpc
09 nt!KiRetireDpcList
0a nt!KiDispatchInterrupt
WARNING: Frame IP not in any known module. Following frames may be wrong.
0b 0x0

cPublicFastCall KfReleaseSpinLock ,2
cPublicFpo 0,0

movzx eax, dl ; zero extend old IRQL

ifndef NT_UP

RELEASE_SPINLOCK ecx ; release spin lock

endif

;
; Lower IRQL to its previous level.
;
; N.B. Ensure that the requested priority is set before returning.
;

movzx ecx, _HalpIRQLtoTPR[eax] ; translate IRQL to TPR value
mov dword ptr APIC[LU_TPR], ecx ; lower to old IRQL
mov eax, dword ptr APIC[LU_TPR] ; synchronize

fstRET KfReleaseSpinLock

fstENDP KfReleaseSpinLock

0: kd> p
eax=00000002 ebx=00000002 ecx=f743b360 edx=000c0802 esi=f743b318 edi=f743b360
eip=804ee153 esp=f789ee4c ebp=f789ee5c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
hal!KfReleaseSpinLock+0x3:
804ee153 57 push edi
0: kd> p
eax=00000002 ebx=00000002 ecx=f743b360 edx=000c0802 esi=f743b318 edi=f743b360
eip=804ee179 esp=f789ee4c ebp=f789ee5c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
hal!KfReleaseSpinLock+0x29:
804ee179 0fb688b8db4e80 movzx ecx,byte ptr hal!HalpIRQLtoTPR (804edbb8)[eax] ds:0023:804edbba=41
0: kd> p
Breakpoint 17 hit
eax=f7420746 ebx=00000000 ecx=899050e8 edx=00000000 esi=899050ec edi=f743b318
eip=f74133c3 esp=f791ad6c ebp=f791adac iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ACPIWorker+0xbd:
f74133c3 ffd0 call eax {ACPI!RestartCtxtPassive (f7420746)}

THREAD 899a1020 Cid 0004.0008 Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 0
IRP List:
899bf5b0: (0006,0190) Flags: 00000000 Mdl: 00000000
Not impersonating
DeviceMap e10003d8
Owning Process 899a2278 Image: System
Attached Process N/A Image: N/A
Wait Start TickCount 274647546 Ticks: 119 (0:00:00:01.859)
Context Switch Count 9 IdealProcessor: 0
UserTime 00:00:00.000
KernelTime 00:00:00.828
Stack Init f789b000 Current f789a1b8 Base f789b000 Limit f7898000 Call 00000000
Priority 31 BasePriority 8 PriorityDecrement 0 IoPriority 0 PagePriority 0
ChildEBP RetAddr
f789edd8 804ee179 hal!HalpClockInterrupt+0x15a (FPO: [0,2] TrapFrame @ f789edd8) [d:\srv03rtm\base\hals\halmps\i386\mpclock.asm @ 554]
f789ee48 f74134e1 hal!KfReleaseSpinLock+0x29 (FPO: [0,0,0]) [d:\srv03rtm\base\hals\halmps\i386\mpspin.asm @ 273]
f789ee5c f74208c7 ACPI!OSQueueWorkItem+0x71 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\worker.c @ 377]
f789ee74 f741fb55 ACPI!RestartContext+0xf3 (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\sched.c @ 354]
f789ee98 f74153a2 ACPI!AsyncEvalObject+0x28c (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\sync.c @ 343]
f789eecc f7407905 ACPI!AMLIAsyncEvalObject+0x160 (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\amliapi.c @ 871]
f789ef28 f73fbc48 ACPI!ACPIGet+0x24d (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\get.c @ 275]
f789ef60 f73fb914 ACPI!ACPIBuildProcessRunMethodPhaseCheckSta+0x4e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\buildsrc.c @ 5716]
f789ef84 f73fc619 ACPI!ACPIBuildProcessGenericList+0x50 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\buildsrc.c @ 4847]
f789ef9c 80a41432 ACPI!ACPIBuildDeviceDpc+0x67 (FPO: [4,0,0]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\buildsrc.c @ 553]
f789eff4 80b00756 nt!KiRetireDpcList+0xd6 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\dpcsup.c @ 1076]
f789eff8 f789a124 nt!KiDispatchInterrupt+0x36 (FPO: [Uses EBP] [0,0,1]) [d:\srv03rtm\base\ntos\ke\i386\ctxswap.asm @ 226]
WARNING: Frame IP not in any known module. Following frames may be wrong.
80b00756 00000000 0xf789a124


THREAD 89981ca0 Cid 0004.0078 Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 1
Not impersonating
DeviceMap e10003d8
Owning Process 899a2278 Image: System
Attached Process N/A Image: N/A
Wait Start TickCount 274647653 Ticks: 12 (0:00:00:00.187)
Context Switch Count 4 IdealProcessor: 1
UserTime 00:00:00.000
KernelTime 00:00:00.531
Stack Init f791b000 Current f791acc0 Base f791b000 Limit f7918000 Call 00000000
Priority 8 BasePriority 8 PriorityDecrement 0 IoPriority 0 PagePriority 0
ChildEBP RetAddr
f791adac 80d391f0 ACPI!ACPIWorker+0xbd (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\worker.c @ 301]
f791addc 80b00d52 nt!PspSystemThreadStartup+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ps\create.c @ 2213]
00000000 00000000 nt!KiThreadStartup+0x16 [d:\srv03rtm\base\ntos\ke\i386\threadbg.asm @ 81]

第二部分:


1: kd> kc
#
00 ACPI!ACPIWorker
01 nt!PspSystemThreadStartup
02 nt!KiThreadStartup

1: kd> t
Breakpoint 3 hit
eax=f7420746 ebx=00000000 ecx=899050e8 edx=00000000 esi=899050ec edi=f743b318
eip=f7420746 esp=f791ad68 ebp=f791adac iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!RestartCtxtPassive:
f7420746 55 push ebp
1: kd> kc
#
00 ACPI!RestartCtxtPassive
01 ACPI!ACPIWorker
02 nt!PspSystemThreadStartup
03 nt!KiThreadStartup
1: kd> dv
prest = 0x899050e8
1: kd> dx -r1 ((ACPI!_restart *)0x899050e8)
((ACPI!_restart *)0x899050e8) : 0x899050e8 [Type: _restart *]
[+0x000] pctxt : 0x8997c000 [Type: _ctxt *]
[+0x004] WorkItem [Type: _WORK_QUEUE_ITEM]
1: kd> dx -r1 ((ACPI!_ctxt *)0x8997c000)
((ACPI!_ctxt *)0x8997c000) : 0x8997c000 [Type: _ctxt *]
[+0x000] dwSig : 0x54585443 [Type: unsigned long]
[+0x004] pbCtxtEnd : 0x8997e000 : 0x54 [Type: unsigned char *]
[+0x008] listCtxt [Type: _List]
[+0x010] listQueue [Type: _List]
[+0x018] pplistCtxtQueue : 0x0 [Type: _List * *]
[+0x01c] plistResources : 0x0 [Type: _List *]
[+0x020] dwfCtxt : 0x120 [Type: unsigned long]
[+0x024] pnsObj : 0x899b4938 [Type: _NSObj *]
[+0x028] pnsScope : 0x899b4938 [Type: _NSObj *]
[+0x02c] powner : 0x0 [Type: _objowner *]
[+0x030] pcall : 0x0 [Type: _call *]
[+0x034] pnctxt : 0x0 [Type: _nestedctxt *]
[+0x038] dwSyncLevel : 0x0 [Type: unsigned long]
[+0x03c] pbOp : 0x0 [Type: unsigned char *]
[+0x040] Result [Type: _ObjData]
[+0x054] pfnAsyncCallBack : 0xf7407364 [Type: void (__cdecl*)(_NSObj *,long,_ObjData *,void *)]
[+0x058] pdataCallBack : 0x899c634c [Type: _ObjData *]
[+0x05c] pvContext : 0x899c6320 [Type: void *]
[+0x060] Timer [Type: _KTIMER]
[+0x088] Dpc [Type: _KDPC]
[+0x0a8] pheapCurrent : 0x8997c0bc [Type: _heap *]
[+0x0ac] CtxtData [Type: _ctxtdata]
[+0x0bc] LocalHeap [Type: _heap]
1: kd> dx -r1 ((ACPI!_NSObj *)0x899b4938)
((ACPI!_NSObj *)0x899b4938) : 0x899b4938 [Type: _NSObj *]
[+0x000] list [Type: _List]
[+0x008] pnsParent : 0x899b4804 [Type: _NSObj *]
[+0x00c] pnsFirstChild : 0x0 [Type: _NSObj *]
[+0x010] dwNameSeg : 0x4154535f [Type: unsigned long]
[+0x014] hOwner : 0x899af330 [Type: void *]
[+0x018] pnsOwnedNext : 0x899b48f4 [Type: _NSObj *]
[+0x01c] ObjData [Type: _ObjData]
[+0x030] Context : 0x0 [Type: void *]
[+0x034] dwRefCount : 0x0 [Type: unsigned long]
1: kd> db 0x899b4938
899b4938 f4 48 9b 89 a0 49 9b 89-04 48 9b 89 00 00 00 00 .H...I...H......
899b4948 5f 53 54 41 30 f3 9a 89-f4 48 9b 89 00 00 08 00 _STA0....H......
899b4958 00 00 00 00 00 00 00 00-18 00 00 00 7c 49 9b 89 ............|I..
899b4968 00 00 00 00 00 00 00 00-48 4d 45 54 24 00 00 00 ........HMET$...
899b4978 00 f0 9a 89 00 00 00 00-00 00 00 00 00 00 00 00 ................
899b4988 00 00 00 00 00 a4 56 4d-50 53 0a 02 48 4e 53 4f ......VMPS..HNSO
899b4998 44 00 00 00 00 f0 9a 89-38 49 9b 89 08 4a 9b 89 D.......8I...J..
899b49a8 04 48 9b 89 00 00 00 00-5f 42 49 46 30 f3 9a 89 .H......_BIF0...
1: kd> db 0x899b4804
899b4804 18 45 9b 89 70 4a 9b 89-f0 f0 9a 89 48 48 9b 89 .E..pJ......HH..
899b4814 42 41 54 32 30 f3 9a 89-84 47 9b 89 00 00 06 00 BAT20....G......
899b4824 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
899b4834 58 ee 9a 89 00 00 00 00-48 4e 53 4f 44 00 00 00 X.......HNSOD...
899b4844 00 f0 9a 89 08 4a 9b 89-8c 48 9b 89 04 48 9b 89 .....J...H...H..
899b4854 00 00 00 00 5f 48 49 44-30 f3 9a 89 04 48 9b 89 ...._HID0....H..
899b4864 00 00 01 00 00 00 00 00-41 d0 0c 0a 00 00 00 00 ........A.......
899b4874 00 00 00 00 00 00 00 00-00 00 00 00 48 4e 53 4f ............HNSO
1: kd> dt ACPI!_ctxt 0x8997c000
+0x000 dwSig : 0x54585443
+0x004 pbCtxtEnd : 0x8997e000 "TSER"
+0x008 listCtxt : _List
+0x010 listQueue : _List
+0x018 pplistCtxtQueue : (null)
+0x01c plistResources : (null)
+0x020 dwfCtxt : 0x120
+0x024 pnsObj : 0x899b4938 _NSObj
+0x028 pnsScope : 0x899b4938 _NSObj
+0x02c powner : (null)
+0x030 pcall : (null)
+0x034 pnctxt : (null)
+0x038 dwSyncLevel : 0
+0x03c pbOp : (null)
+0x040 Result : _ObjData
+0x054 pfnAsyncCallBack : 0xf7407364 void ACPI!ACPIGetWorkerForInteger+0
+0x058 pdataCallBack : 0x899c634c _ObjData
+0x05c pvContext : 0x899c6320 Void
+0x060 Timer : _KTIMER
+0x088 Dpc : _KDPC
+0x0a8 pheapCurrent : 0x8997c0bc _heap
+0x0ac CtxtData : _ctxtdata
+0x0bc LocalHeap : _heap
1: kd> u f7407364
ACPI!ACPIGetWorkerForInteger [d:\srv03rtm\base\busdrv\acpi\driver\nt\get.c @ 4707]:
f7407364 55 push ebp
f7407365 8bec mov ebp,esp
f7407367 51 push ecx
f7407368 53 push ebx
f7407369 8b5d0c mov ebx,dword ptr [ebp+0Ch]
f740736c 85db test ebx,ebx
f740736e 56 push esi
f740736f 57 push edi
windbg> .open -a fffffffff7407364
1: kd> dt ACPI_GET_REQUEST 0x899c6320
+0x000 Flags : 0x40040802
+0x000 UFlags : __unnamed
+0x004 ObjectID : 0x4154535f
+0x008 ListEntry : _LIST_ENTRY [ 0xf743b940 - 0xf743b940 ]
+0x010 DeviceExtension : 0x899aee58 _DEVICE_EXTENSION
+0x014 AcpiObject : 0x899b4804 _NSObj
+0x018 CallBackRoutine : 0xf73fa5bc void ACPI!ACPIBuildCompleteMustSucceed+0
+0x01c CallBackContext : 0x89906cd0 Void//ACPI_BUILD_REQUEST
+0x020 Buffer : 0x89906d14 -> (null)
+0x024 BufferSize : (null)
+0x028 Status : 0n0
+0x02c ResultData : _ObjData

1: kd>dt ACPI_BUILD_REQUEST 0x89906cd0
+0x000 ListEntry : _LIST_ENTRY [ 0x89906c80 - 0xf743b870 ]
+0x008 Signature : 0x5f534750
+0x00c Flags : 0xc
+0x00c UFlags : __unnamed
+0x010 WorkDone : 1
+0x014 CurrentWorkDone : 3
+0x018 NextWorkDone : 4
+0x01c BuildContext : 0x899aee58 Void
+0x020 Status : 0n0
+0x024 CurrentObject : (null)
+0x028 CallBack : (null)
+0x02c CallBackContext : (null)
+0x030 DeviceRequest : __unnamed
+0x030 RunRequest : __unnamed
+0x030 SynchronizeRequest : __unnamed
+0x044 Integer : 0
+0x044 String : (null)
+0x044 TargetListEntry : (null)

第三部分:


回顾:

NTSTATUS LOCAL AsyncEvalObject(PNSOBJ pns, POBJDATA pdataResult, int icArgs,
POBJDATA pdataArgs, PFNACB pfnAsyncCallBack,
PVOID pvContext, BOOLEAN fAsync)
{
TRACENAME("ASYNCEVALOBJECT")
NTSTATUS rc = STATUS_SUCCESS;
PCTXT pctxt = NULL;

ENTER(2, ("AsyncEvalObject(Obj=%s,pdataResult=%x,icArgs=%d,pdataArgs=%x,pfnAysnc=%x,pvContext=%x,fAsync=%x)\n",
GetObjectPath(pns), pdataResult, icArgs, pdataArgs,
pfnAsyncCallBack, pvContext, fAsync));

LOGSCHEDEVENT('ASYN', (ULONG_PTR)KeGetCurrentIrql(), (ULONG_PTR)pns, 0);
if ((rc = NewContext(&pctxt)) == STATUS_SUCCESS)
{
BOOLEAN fQueueContext = FALSE;

pctxt->pnsObj = pns;
pctxt->pnsScope = pns;
pctxt->pfnAsyncCallBack = pfnAsyncCallBack;
pctxt->pdataCallBack = pdataResult;
pctxt->pvContext = pvContext;

0: kd> g
Breakpoint 37 hit
eax=899b4938 ebx=00000000 ecx=899b4938 edx=00000000 esi=899b4938 edi=899c6360
eip=f741f8c9 esp=f789ee9c ebp=f789eecc iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!AsyncEvalObject:
f741f8c9 55 push ebp
0: kd> kc
#
00 ACPI!AsyncEvalObject
01 ACPI!AMLIAsyncEvalObject
02 ACPI!ACPIGet
03 ACPI!ACPIBuildProcessRunMethodPhaseCheckSta
04 ACPI!ACPIBuildProcessGenericList
05 ACPI!ACPIBuildDeviceDpc
06 nt!KiRetireDpcList
07 nt!KiDispatchInterrupt

NTSTATUS
ACPIBuildProcessRunMethodPhaseCheckSta(
IN PACPI_BUILD_REQUEST BuildRequest
)
{


//
// Get the device status
//
status = ACPIGetDevicePresenceAsync(
deviceExtension,
ACPIBuildCompleteMustSucceed, //-->CallBackRoutine
BuildRequest, //-->CallBackContext
(PVOID *) &(BuildRequest->Integer),
NULL
);

NTSTATUS
ACPIGet(
IN PVOID Target,
IN ULONG ObjectID,
IN ULONG Flags,
IN PVOID SimpleArgument,
IN ULONG SimpleArgumentSize,
IN PFNACB CallBackRoutine OPTIONAL,
IN PVOID CallBackContext OPTIONAL,
OUT PVOID *Buffer,
OUT ULONG *BufferSize OPTIONAL
)
{


//
// Determine the completion routine that we should use
//
switch( (Flags & GET_REQUEST_MASK) ) {
case GET_REQUEST_BUFFER:
completionRoutine = ACPIGetWorkerForBuffer;
break;
case GET_REQUEST_DATA:
completionRoutine = ACPIGetWorkerForData;
break;
case GET_REQUEST_INTEGER:
completionRoutine = ACPIGetWorkerForInteger;

RtlZeroMemory( request, sizeof(ACPI_GET_REQUEST) );

//
// Propogate the information that the caller provided
//
request->Flags = Flags;
request->ObjectID = ObjectID;
request->DeviceExtension = deviceExtension;
request->AcpiObject = acpiObject;
request->CallBackRoutine = CallBackRoutine;
request->CallBackContext = CallBackContext;
request->Buffer = Buffer;
request->BufferSize = BufferSize;

//
// What we do now depends on wether or not the user wants us to
// behave async or sync
//
if (async) {

//
// Evaluate the request
//
status = AMLIAsyncEvalObject(
acpiObject,
&(request->ResultData),
argumentCount,
argumentPtr,
completionRoutine,
request
);

NTSTATUS AMLIAPI AMLIAsyncEvalObject(PNSOBJ pns, POBJDATA pdataResult,
int icArgs, POBJDATA pdataArgs,
PFNACB pfnAsyncCallBack, PVOID pvContext)
{

回顾:

版权声明: 本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若内容造成侵权/违法违规/事实不符,请联系邮箱:809451989@qq.com进行投诉反馈,一经查实,立即删除!
网站建设 2026/4/19 23:40:22

ZTE ONU管理神器:这款开源工具如何让网络运维效率飙升300%?

ZTE ONU管理神器:这款开源工具如何让网络运维效率飙升300%? 【免费下载链接】zteOnu 项目地址: https://gitcode.com/gh_mirrors/zt/zteOnu 还在为复杂的ZTE ONU设备管理而头疼吗?zteOnu开源工具或许正是你寻找的解决方案。这款基于G…

作者头像 李华
网站建设 2026/4/27 7:42:29

VirtualLab Fusion应用:衍射光束扩散器产生LightTrans标识的设计与分析

摘要衍射扩散器可以被设计来创建任何图案。在这里,我们展示了 VirtualLab Fusion的一些可能性,以设计、优化、建模和仿真这种衍射光学元件(DOE)并把公司的标志投射到一幢大楼上。有不同的方法来生成光的图案。利用相干激光和衍射扩…

作者头像 李华
网站建设 2026/4/28 7:15:48

Windows变身AirPlay接收器:Shairport4w终极使用手册

Windows变身AirPlay接收器:Shairport4w终极使用手册 【免费下载链接】Shairport4w An AirPlay Audio-Receiver for your Windows-PC 项目地址: https://gitcode.com/gh_mirrors/sh/Shairport4w 还在为苹果设备与Windows电脑之间的音频壁垒而烦恼吗&#xff1…

作者头像 李华
网站建设 2026/4/17 8:15:49

Windows 11性能调优实战:系统加速与资源优化完整指南

Windows 11性能调优实战:系统加速与资源优化完整指南 【免费下载链接】Win11Debloat 一个简单的PowerShell脚本,用于从Windows中移除预装的无用软件,禁用遥测,从Windows搜索中移除Bing,以及执行各种其他更改以简化和改…

作者头像 李华
网站建设 2026/4/26 16:04:27

BioAge生物年龄计算:从入门到精通的完整指南

BioAge生物年龄计算:从入门到精通的完整指南 【免费下载链接】BioAge Biological Age Calculations Using Several Biomarker Algorithms 项目地址: https://gitcode.com/gh_mirrors/bi/BioAge BioAge是一个基于R语言的生物年龄计算工具包,它通过…

作者头像 李华
网站建设 2026/4/20 15:36:56

DLSS Swapper终极指南:免费提升游戏画质的神器

DLSS Swapper终极指南:免费提升游戏画质的神器 【免费下载链接】dlss-swapper 项目地址: https://gitcode.com/GitHub_Trending/dl/dlss-swapper 作为一名资深游戏玩家,我曾经对游戏中模糊的画面和帧率波动感到困扰。直到发现了DLSS Swapper这款…

作者头像 李华