nt!KiDispatchInterrupt函数调用nt!KiQueueReadyThread和调用nt!SwapContext切换线程到NextThread的一个例子老线程时间片没有用完--非常重要
CurrentThread : 0x8999e3a0被NextThread : 0x8999c8a0抢占了
CurrentThread : 0x8999e3a0的kthread结构成员:[+0x10a] Preempted : 0x1
VOID
FASTCALL
KiDeferredReadyThread (
IN PKTHREAD Thread
)
{
if ((Thread1 = TargetPrcb->NextThread) != NULL) {
ASSERT(Thread1->State == Standby);
if (ThreadPriority > Thread1->Priority) {
Thread1->Preempted = TRUE;
Thread->State = Standby;
TargetPrcb->NextThread = Thread;
Thread1->State = DeferredReady;
Thread1->DeferredProcessor = CurrentPrcb->Number;
KiReleaseTwoPrcbLocks(CurrentPrcb, TargetPrcb);
KiDeferredReadyThread(Thread1);
return;
}
} else {
Thread1 = TargetPrcb->CurrentThread;
if (ThreadPriority > Thread1->Priority) {
Thread1->Preempted = TRUE;
Thread->State = Standby;
TargetPrcb->NextThread = Thread;
KiReleaseTwoPrcbLocks(CurrentPrcb, TargetPrcb);
KiRequestDispatchInterrupt(Thread->NextProcessor); 这里请求了软件中断。
return;
}
}
0: kd> g
Breakpoint 16 hit
eax=00000001 ebx=00000102 ecx=00000002 edx=00000000 esi=f7737120 edi=00000000
eip=804ee4f8 esp=f78d2878 ebp=f78d289c iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
hal!HalRequestSoftwareInterrupt:
804ee4f8 643a0d95000000 cmp cl,byte ptr fs:[95h] fs:0030:00000095=02
1: kd> kc
#
00 hal!HalRequestSoftwareInterrupt
01 nt!KiIpiServiceRoutine
02 hal!HalpIpiHandler
03 hal!HalpClockInterruptPn
04 Ntfs!NtfsCalculateNamedBytes
05 Ntfs!NtfsCheckpointVolume
06 Ntfs!NtfsCheckpointAllVolumes
07 nt!ExpWorkerThread
08 nt!PspSystemThreadStartup
09 nt!KiThreadStartup
1: kd> g
Breakpoint 14 hit
eax=f7737000 ebx=f78d2994 ecx=00000000 edx=899015b0 esi=804ecc3f edi=f7155ee1
eip=80b00720 esp=f78d2900 ebp=f78d2918 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
nt!KiDispatchInterrupt:
80b00720 648b1d1c000000 mov ebx,dword ptr fs:[1Ch] fs:0030:0000001c=f7737000
1: kd> dx -id 0,0,89831250 -r1 ((basesrv!_KPRCB *)0xf7737120)
((basesrv!_KPRCB *)0xf7737120) : 0xf7737120 [Type: _KPRCB *]
[+0x000] MinorVersion : 0x1 [Type: unsigned short]
[+0x002] MajorVersion : 0x1 [Type: unsigned short]
[+0x004] CurrentThread : 0x8999e3a0 [Type: _KTHREAD *]
[+0x008] NextThread : 0x8999c8a0 [Type: _KTHREAD *]
[+0x00c] IdleThread : 0xf7739fa0 [Type: _KTHREAD *]
[+0x8a4] TimerHand : 0x0 [Type: unsigned long]
[+0x8a8] TimerRequest : 0x0 [Type: unsigned long]
[+0x8ac] DpcThread : 0x0 [Type: void *]
[+0x8b0] DpcEvent [Type: _KEVENT]
[+0x8c0] ThreadDpcEnable : 0x0 [Type: unsigned char]
[+0x8c1] QuantumEnd : 0x0 [Type: unsigned char]
[+0x8c2] PrcbPad50 : 0x0 [Type: unsigned char]
[+0x8c3] IdleSchedule : 0x0 [Type: unsigned char]
[+0x8c4] DpcSetEventRequest : 0 [Type: long]
[+0x8c8] PrcbPad5 [Type: unsigned char [22]]
[+0x8e0] CallDpc [Type: _KDPC]
[+0x900] PrcbPad7 [Type: unsigned long [8]]
[+0x920] WaitListHead [Type: _LIST_ENTRY]
[+0x928] ReadySummary : 0x100 [Type: unsigned long]
1: kd> g
Breakpoint 45 hit
eax=00000000 ebx=f7737000 ecx=00000000 edx=899015b0 esi=804ecc3f edi=f7155ee1
eip=80b0075b esp=f78d2900 ebp=f78d2918 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiDispatchInterrupt+0x3b:
80b0075b 80bbe109000000 cmp byte ptr [ebx+9E1h],0 ds:0023:f77379e1=00
1: kd> p
eax=00000000 ebx=f7737000 ecx=00000000 edx=899015b0 esi=804ecc3f edi=f7155ee1
eip=80b00762 esp=f78d2900 ebp=f78d2918 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiDispatchInterrupt+0x42:
80b00762 7577 jne nt!KiDispatchInterrupt+0xbb (80b007db) [br=0]
1: kd> p
eax=00000000 ebx=f7737000 ecx=00000000 edx=899015b0 esi=804ecc3f edi=f7155ee1
eip=80b00764 esp=f78d2900 ebp=f78d2918 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiDispatchInterrupt+0x44:
80b00764 83bb2801000000 cmp dword ptr [ebx+128h],0 ds:0023:f7737128=8999c8a0
1: kd> dx -id 0,0,89831250 -r1 ((basesrv!_KTHREAD *)0x8999c8a0)
((basesrv!_KTHREAD *)0x8999c8a0) : 0x8999c8a0 [Type: _KTHREAD *]
[+0x000] Header [Type: _DISPATCHER_HEADER]
)
