nt!KiReadyThread函数分析和紧随其后的nt!KiProcessDeferredReadyList函数

nt!KiReadyThread函数分析和紧随其后的nt!KiProcessDeferredReadyList函数

0: kd> kc
#
00 nt!KiReadyThread
01 nt!KiUnwaitThread
02 nt!KeSetEvent
03 USBPORT!USBPORT_SignalWorker
04 USBPORT!USBPORT_InvalidateEndpoint
05 USBPORT!USBPORTSVC_InvalidateEndpoint
06 usbuhci!UhciInterruptDpc
07 USBPORT!USBPORT_IsrDpc
08 nt!KiRetireDpcList
09 nt!KiIdleLoop
0: kd> dv
Thread = 0x899475c8

FORCEINLINE
VOID
FASTCALL
KiInsertDeferredReadyList (
IN PKTHREAD Thread
)
{

//
// On the MP system, insert the specified thread in the deferred ready
// list. On the UP system, ready the thread immediately.
//

#if defined(NT_UP)

Thread->State = DeferredReady;
Thread->DeferredProcessor = 0;
KiDeferredReadyThread(Thread);

#else

PKPRCB Prcb;

Prcb = KeGetCurrentPrcb();
Thread->State = DeferredReady;
Thread->DeferredProcessor = Prcb->Number;
PushEntryList(&Prcb->DeferredReadyListHead,
&Thread->SwapListEntry);

#endif

return;
}

0: kd> dx -id 0,0,ffffffff80b20320 -r1 ((ntkrnlmp!_KPRCB *)0xffdff120)
((ntkrnlmp!_KPRCB *)0xffdff120) : 0xffdff120 [Type: _KPRCB *]
[+0x000] MinorVersion : 0x1 [Type: unsigned short]
[+0x002] MajorVersion : 0x1 [Type: unsigned short]
[+0x004] CurrentThread : 0x80b200c0 [Type: _KTHREAD *]
[+0x008] NextThread : 0x89dc62a0 [Type: _KTHREAD *]

[+0x928] ReadySummary : 0x0 [Type: unsigned long]
[+0x92c] SelectNextLast : 0x0 [Type: unsigned long]
[+0x930] DispatcherReadyListHead [Type: _LIST_ENTRY [32]]
[+0xa30] DeferredReadyListHead [Type: _SINGLE_LIST_ENTRY]

0: kd> dv
Thread = 0x899475c8
0: kd> dx -id 0,0,ffffffff80b20320 -r1 (*((ntkrnlmp!_SINGLE_LIST_ENTRY *)0xffdffb50))
(*((ntkrnlmp!_SINGLE_LIST_ENTRY *)0xffdffb50)) [Type: _SINGLE_LIST_ENTRY]
[+0x000] Next : 0x0 [Type: _SINGLE_LIST_ENTRY *]

0: kd> p
eax=ffdffb50 ebx=00000000 ecx=89a7fe00 edx=00000000 esi=89a7fda0 edi=899475c8
eip=80a42d21 esp=80b14570 ebp=80b1457c iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KiReadyThread+0xb5:
80a42d21 c3 ret
0: kd> dx -id 0,0,ffffffff80b20320 -r1 (*((ntkrnlmp!_SINGLE_LIST_ENTRY *)0xffdffb50))
(*((ntkrnlmp!_SINGLE_LIST_ENTRY *)0xffdffb50)) [Type: _SINGLE_LIST_ENTRY]
[+0x000] Next : 0x89a7fe00 [Type: _SINGLE_LIST_ENTRY *]

0: kd> dt kthread 0x89a7fe00-60
ntdll!KTHREAD
+0x000 Header : _DISPATCHER_HEADER
+0x010 MutantListHead : _LIST_ENTRY [ 0x89a7fdb0 - 0x89a7fdb0 ]
+0x018 InitialStack : 0xf76f7000 Void
+0x01c StackLimit : 0xf76f4000 Void
+0x020 KernelStack : 0xf76f6ce0 Void
+0x024 ThreadLock : 0
+0x028 ContextSwitches : 0x2693f
+0x02c State : 0x7 ''
+0x02d NpxState : 0xa ''
+0x02e WaitIrql : 0 ''
+0x02f WaitMode : 0 ''

0: kd> kc
#
00 nt!KiProcessDeferredReadyList
01 nt!KiExitDispatcher
02 nt!KeSetEvent
03 USBPORT!USBPORT_SignalWorker
04 USBPORT!USBPORT_InvalidateEndpoint
05 USBPORT!USBPORTSVC_InvalidateEndpoint
06 usbuhci!UhciInterruptDpc
07 USBPORT!USBPORT_IsrDpc
08 nt!KiRetireDpcList
09 nt!KiIdleLoop

0: kd> kv
# ChildEBP RetAddr Args to Child
00 80b14568 80a4002e 899475c0 899470e8 4f444648 nt!KiProcessDeferredReadyList (FPO: [0,0,0]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\thredsup.c @ 825]
01 80b1458c 80a342fd 00000000 80b145c4 bae2ac25 nt!KiExitDispatcher+0x42 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\waitsup.c @ 80]
02 80b14598 bae2ac25 029475c0 00000001 00000000 nt!KeSetEvent+0xf7 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\eventobj.c @ 443]
03 80b145c4 bae3516e 89947030 10000001 89947030 USBPORT!USBPORT_SignalWorker+0xe3 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\drivers\wdm\usb\hcd\usbport\thread.c @ 330]
04 80b145f0 bae35215 89947030 89b2c440 00000002 USBPORT!USBPORT_InvalidateEndpoint+0x558 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\drivers\wdm\usb\hcd\usbport\core.c @ 2586]
05 80b14608 f757e550 899478e4 00000000 899470e8 USBPORT!USBPORTSVC_InvalidateEndpoint+0x47 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\drivers\wdm\usb\hcd\usbport\core.c @ 2625]
06 80b14624 bae776f4 00002080 6b6c5001 ffdff980 usbuhci!UhciInterruptDpc+0x58 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\drivers\wdm\usb\hcd\miniport\usbuhci\int.c @ 272]
07 80b14648 80a41432 89947608 89947030 00000000 USBPORT!USBPORT_IsrDpc+0x19e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\drivers\wdm\usb\hcd\usbport\int.c @ 320]
08 80b146a0 80b00ab2 00000000 0000000e 00000000 nt!KiRetireDpcList+0xd6 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\dpcsup.c @ 1076]
09 80b146a4 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x5e (FPO: [0,0,0]) [d:\srv03rtm\base\ntos\ke\i386\ctxswap.asm @ 1436]

0: kd> bp nt!KiDeferredReadyThread
0: kd> g
Breakpoint 18 hit
eax=0000001b ebx=00000000 ecx=89a7fda0 edx=00000000 esi=00000000 edi=ffdff120
eip=80a41c28 esp=80b1455c ebp=80b1458c iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KiDeferredReadyThread:
80a41c28 55 push ebp
0: kd> kc
#
00 nt!KiDeferredReadyThread
01 nt!KiProcessDeferredReadyList
02 nt!KiExitDispatcher
03 nt!KeSetEvent
04 USBPORT!USBPORT_SignalWorker
05 USBPORT!USBPORT_InvalidateEndpoint
06 USBPORT!USBPORTSVC_InvalidateEndpoint
07 usbuhci!UhciInterruptDpc
08 USBPORT!USBPORT_IsrDpc
09 nt!KiRetireDpcList
0a nt!KiIdleLoop

do {
Processor = Thread->IdealProcessor;
IdleSet = KiIdleSummary & Affinity;
if (IdleSet != 0) {

+0x10e IdealProcessor : 0x1 ''

+0x120 Affinity : 3

0: kd> x nt!KiIdleSummary
80b16e80 nt!KiIdleSummary = 2 1号处理器闲置。

Thread->State = Standby;
Thread->NextProcessor = (UCHAR)Processor;
KiClearIdleSummary(AFFINITY_MASK(Processor));

ASSERT((TargetPrcb->NextThread == NULL) ||
(TargetPrcb->NextThread == TargetPrcb->IdleThread));

TargetPrcb->NextThread = Thread;

0: kd> dx -id 0,0,ffffffff80b20320 -r1 ((ntkrnlmp!_KPRCB *)0xf7737120)
((ntkrnlmp!_KPRCB *)0xf7737120) : 0xf7737120 [Type: _KPRCB *]
[+0x000] MinorVersion : 0x1 [Type: unsigned short]
[+0x002] MajorVersion : 0x1 [Type: unsigned short]
[+0x004] CurrentThread : 0xf7739fa0 [Type: _KTHREAD *]
[+0x008] NextThread : 0x0 [Type: _KTHREAD *]

[+0x928] ReadySummary : 0x0 [Type: unsigned long]
[+0x92c] SelectNextLast : 0x0 [Type: unsigned long]
[+0x930] DispatcherReadyListHead [Type: _LIST_ENTRY [32]]

0: kd> dx -id 0,0,ffffffff80b20320 -r1 (*((ntkrnlmp!_SINGLE_LIST_ENTRY *)0xf7737b50))
(*((ntkrnlmp!_SINGLE_LIST_ENTRY *)0xf7737b50)) [Type: _SINGLE_LIST_ENTRY]
[+0x000] Next : 0x0 [Type: _SINGLE_LIST_ENTRY *]

0: kd> dx -id 0,0,ffffffff80b20320 -r1 ((ntkrnlmp!_KTHREAD *)0xf7739fa0)
((ntkrnlmp!_KTHREAD *)0xf7739fa0) : 0xf7739fa0 [Type: _KTHREAD *]
[+0x000] Header [Type: _DISPATCHER_HEADER]
[+0x010] MutantListHead [Type: _LIST_ENTRY]
[+0x018] InitialStack : 0xf78ab000 [Type: void *]
[+0x01c] StackLimit : 0xf78a8000 [Type: void *]
[+0x020] KernelStack : 0xf78aad4c [Type: void *]
[+0x024] ThreadLock : 0x0 [Type: unsigned long]
[+0x028] ContextSwitches : 0x1073ea [Type: unsigned long]
[+0x02c] State : 0x2 [Type: unsigned char]

0: kd> dv Preempted
Preempted = 0x00 ''

do {
Processor = Thread->IdealProcessor;
IdleSet = KiIdleSummary & Affinity;
if (IdleSet != 0) {

0: kd> dv IdleSet
IdleSet = 2

TargetPrcb = KiProcessorBlock[Processor];
KiAcquireTwoPrcbLocks(CurrentPrcb, TargetPrcb);
if (((KiIdleSummary & TargetPrcb->SetMember) != 0) &&
((Thread->Affinity & TargetPrcb->SetMember) != 0)) {

//
// Set the thread state to standby, set the processor
// number the thread is being assigned to, and clear the
// associated bit in idle summary.
//

Thread->State = Standby;
Thread->NextProcessor = (UCHAR)Processor;
KiClearIdleSummary(AFFINITY_MASK(Processor));

0: kd> dv Processor
Processor = 1

KiClearIdleSummary(AFFINITY_MASK(Processor));

0: kd> x nt!KiIdleSummary
80b16e80 nt!KiIdleSummary = 0

TargetPrcb->NextThread = Thread;

0: kd> dx -id 0,0,ffffffff80b20320 -r1 ((ntkrnlmp!_KPRCB *)0xf7737120)
((ntkrnlmp!_KPRCB *)0xf7737120) : 0xf7737120 [Type: _KPRCB *]
[+0x000] MinorVersion : 0x1 [Type: unsigned short]
[+0x002] MajorVersion : 0x1 [Type: unsigned short]
[+0x004] CurrentThread : 0xf7739fa0 [Type: _KTHREAD *]
[+0x008] NextThread : 0x89a7fda0 [Type: _KTHREAD *]
[+0x00c] IdleThread : 0xf7739fa0 [Type: _KTHREAD *]

0: kd> g
Breakpoint 19 hit
eax=f7737538 ebx=899475c0 ecx=89a7fda0 edx=f7737120 esi=89a7fda0 edi=89a7fe40
eip=80a43ac4 esp=f76f6d34 ebp=f76f6d64 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiSwapThread:
80a43ac4 55 push ebp
1: kd> kc
#
00 nt!KiSwapThread
01 nt!KeWaitForSingleObject
02 USBPORT!USBPORT_WorkerThread
03 nt!PspSystemThreadStartup
04 nt!KiThreadStartup
1: kd> kv
# ChildEBP RetAddr Args to Child
00 f76f6d30 80a35ea9 80a30b6a 899470e8 4f444648 nt!KiSwapThread (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\thredsup.c @ 1698]
01 f76f6d64 bae2bf7b 899475c0 00000005 00000000 nt!KeWaitForSingleObject+0x2d7 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\wait.c @ 1161]
02 f76f6dac 80d391f0 89947030 00000000 00000000 USBPORT!USBPORT_WorkerThread+0x57 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\drivers\wdm\usb\hcd\usbport\thread.c @ 106]
03 f76f6ddc 80b00d52 bae2bf24 89947030 00000000 nt!PspSystemThreadStartup+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ps\create.c @ 2213]
04 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 [d:\srv03rtm\base\ntos\ke\i386\threadbg.asm @ 81]

1: kd> dx -id 0,0,ffffffff80b20320 -r1 ((ntkrnlmp!_KPRCB *)0xf7737120)
((ntkrnlmp!_KPRCB *)0xf7737120) : 0xf7737120 [Type: _KPRCB *]
[+0x000] MinorVersion : 0x1 [Type: unsigned short]
[+0x002] MajorVersion : 0x1 [Type: unsigned short]
[+0x004] CurrentThread : 0x89a7fda0 [Type: _KTHREAD *]
[+0x008] NextThread : 0x0 [Type: _KTHREAD *]
[+0x00c] IdleThread : 0xf7739fa0 [Type: _KTHREAD *]