企业官网建设流程全解析

nt!KiDispatchInterrupt函数调用nt!KiQueueReadyThread和调用nt!SwapContext切换线程到NextThread的一个例子老线程时间片没有用完--非常重要

CurrentThread    : 0x8999e3a0被NextThread       : 0x8999c8a0抢占了

CurrentThread    : 0x8999e3a0的kthread结构成员：[+0x10a] Preempted        : 0x1

VOID
FASTCALL
KiDeferredReadyThread (
    IN PKTHREAD Thread
    )
{

        if ((Thread1 = TargetPrcb->NextThread) != NULL) {

            ASSERT(Thread1->State == Standby);

            if (ThreadPriority > Thread1->Priority) {
                Thread1->Preempted = TRUE;
                Thread->State = Standby;
                TargetPrcb->NextThread = Thread;
                Thread1->State = DeferredReady;
                Thread1->DeferredProcessor = CurrentPrcb->Number;
                KiReleaseTwoPrcbLocks(CurrentPrcb, TargetPrcb);
                KiDeferredReadyThread(Thread1);
                return;
            }

        } else {
            Thread1 = TargetPrcb->CurrentThread;
            if (ThreadPriority > Thread1->Priority) {
               Thread1->Preempted = TRUE;
                Thread->State = Standby;
               TargetPrcb->NextThread = Thread;
                KiReleaseTwoPrcbLocks(CurrentPrcb, TargetPrcb);
               KiRequestDispatchInterrupt(Thread->NextProcessor);   这里请求了软件中断。
                return;
            }
        }

0: kd> g
Breakpoint 16 hit
eax=00000001 ebx=00000102 ecx=00000002 edx=00000000 esi=f7737120 edi=00000000
eip=804ee4f8 esp=f78d2878 ebp=f78d289c iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000202
hal!HalRequestSoftwareInterrupt:
804ee4f8 643a0d95000000  cmp     cl,byte ptr fs:[95h]       fs:0030:00000095=02
1: kd> kc
 #
00 hal!HalRequestSoftwareInterrupt
01 nt!KiIpiServiceRoutine
02 hal!HalpIpiHandler
03 hal!HalpClockInterruptPn
04 Ntfs!NtfsCalculateNamedBytes
05 Ntfs!NtfsCheckpointVolume
06 Ntfs!NtfsCheckpointAllVolumes
07 nt!ExpWorkerThread
08 nt!PspSystemThreadStartup
09 nt!KiThreadStartup
1: kd> g
Breakpoint 14 hit
eax=f7737000 ebx=f78d2994 ecx=00000000 edx=899015b0 esi=804ecc3f edi=f7155ee1
eip=80b00720 esp=f78d2900 ebp=f78d2918 iopl=0         nv up ei pl nz na po nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000202
nt!KiDispatchInterrupt:
80b00720 648b1d1c000000  mov     ebx,dword ptr fs:[1Ch] fs:0030:0000001c=f7737000
1: kd> dx -id 0,0,89831250 -r1 ((basesrv!_KPRCB *)0xf7737120)
((basesrv!_KPRCB *)0xf7737120)                 : 0xf7737120 [Type: _KPRCB *]
    [+0x000] MinorVersion     : 0x1 [Type: unsigned short]
    [+0x002] MajorVersion     : 0x1 [Type: unsigned short]
    [+0x004] CurrentThread    : 0x8999e3a0 [Type: _KTHREAD *]
    [+0x008] NextThread       : 0x8999c8a0 [Type: _KTHREAD *]
    [+0x00c] IdleThread       : 0xf7739fa0 [Type: _KTHREAD *]
 
    [+0x8a4] TimerHand        : 0x0 [Type: unsigned long]
    [+0x8a8] TimerRequest     : 0x0 [Type: unsigned long]
    [+0x8ac] DpcThread        : 0x0 [Type: void *]
    [+0x8b0] DpcEvent         [Type: _KEVENT]
    [+0x8c0] ThreadDpcEnable  : 0x0 [Type: unsigned char]
    [+0x8c1] QuantumEnd       : 0x0 [Type: unsigned char]
    [+0x8c2] PrcbPad50        : 0x0 [Type: unsigned char]
    [+0x8c3] IdleSchedule     : 0x0 [Type: unsigned char]
    [+0x8c4] DpcSetEventRequest : 0 [Type: long]
    [+0x8c8] PrcbPad5         [Type: unsigned char [22]]
    [+0x8e0] CallDpc          [Type: _KDPC]
    [+0x900] PrcbPad7         [Type: unsigned long [8]]
    [+0x920] WaitListHead     [Type: _LIST_ENTRY]
    [+0x928] ReadySummary     : 0x100 [Type: unsigned long]
   
1: kd> g
Breakpoint 45 hit
eax=00000000 ebx=f7737000 ecx=00000000 edx=899015b0 esi=804ecc3f edi=f7155ee1
eip=80b0075b esp=f78d2900 ebp=f78d2918 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
nt!KiDispatchInterrupt+0x3b:
80b0075b 80bbe109000000  cmp     byte ptr [ebx+9E1h],0      ds:0023:f77379e1=00
1: kd> p
eax=00000000 ebx=f7737000 ecx=00000000 edx=899015b0 esi=804ecc3f edi=f7155ee1
eip=80b00762 esp=f78d2900 ebp=f78d2918 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
nt!KiDispatchInterrupt+0x42:
80b00762 7577            jne     nt!KiDispatchInterrupt+0xbb (80b007db)  [br=0]
1: kd> p
eax=00000000 ebx=f7737000 ecx=00000000 edx=899015b0 esi=804ecc3f edi=f7155ee1
eip=80b00764 esp=f78d2900 ebp=f78d2918 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
nt!KiDispatchInterrupt+0x44:
80b00764 83bb2801000000  cmp     dword ptr [ebx+128h],0 ds:0023:f7737128=8999c8a0
1: kd> dx -id 0,0,89831250 -r1 ((basesrv!_KTHREAD *)0x8999c8a0)
((basesrv!_KTHREAD *)0x8999c8a0)                 : 0x8999c8a0 [Type: _KTHREAD *]
    [+0x000] Header           [Type: _DISPATCHER_HEADER]