当前位置: 首页 > news >正文

KiFindReadyThread函数和KiSelectReadyThread函数和TargetPrcb->DispatcherReadyListHead数组的关系

news 2026/6/3 13:00:25

KiFindReadyThread函数和KiDeferredReadyThread函数和KiSelectReadyThread函数和TargetPrcb->DispatcherReadyListHead数组的关系

第一部分:找出下一个线程,并下断点

KPCR for Processor 1 at f7737000:


[+0x928]ReadySummary : 0x200[Type: unsigned long]
[+0x92c] SelectNextLast : 0x0 [Type: unsigned long]
[+0x930] DispatcherReadyListHead [Type: _LIST_ENTRY [32]]
[+0xa30] DeferredReadyListHead [Type: _SINGLE_LIST_ENTRY]

0010 0000 0000

第九位


1: kd> dx -id 0,0,89831250 -r1 (*((basesrv!_LIST_ENTRY *)0xf7737a98))
(*((basesrv!_LIST_ENTRY *)0xf7737a98)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0x89836080 [Type: _LIST_ENTRY *]
[+0x004] Blink : 0x89836080 [Type: _LIST_ENTRY *]

1: kd>dt kthread 0x89836080-60
CSRSRV!KTHREAD
+0x000 Header : _DISPATCHER_HEADER
+0x010 MutantListHead : _LIST_ENTRY [ 0x89836030 - 0x89836030 ]
+0x018 InitialStack : 0xf701c000 Void
+0x01c StackLimit : 0xf7019000 Void
+0x020 KernelStack : 0xf701bce0 Void
+0x024 ThreadLock : 0
+0x028 ContextSwitches : 0x406
+0x02c State : 0x1 ''
+0x02d NpxState : 0xa ''
+0x02e WaitIrql : 0 ''
+0x02f WaitMode : 0 ''
+0x030 Teb : (null)
+0x034 ApcState : _KAPC_STATE
+0x04c ApcQueueLock : 0
+0x050 WaitStatus : 0n0
+0x054 WaitBlockList : 0x898360c0 _KWAIT_BLOCK
+0x058 Alertable : 0 ''
+0x059 WaitNext : 0 ''
+0x05a WaitReason : 0x5 ''
+0x05b Priority : 9 ''
+0x05c EnableStackSwap : 0x1 ''
+0x05d SwapBusy : 0 ''
+0x05e Alerted : [2] ""
+0x060 WaitListEntry : _LIST_ENTRY [ 0xf7737a98 - 0xf7737a98 ]

1: kd> !thread 0x89836080-60
THREAD 89836020 Cid 0004.0100 Teb: 00000000 Win32Thread: 00000000 READY on processor 1
Not impersonating
DeviceMap e10003d8
Owning Process 899a2278 Image: System
Attached Process N/A Image: N/A
Wait Start TickCount 274655207 Ticks: 4 (0:00:00:00.062)
Context Switch Count 1030 IdealProcessor: 1
UserTime 00:00:00.000
KernelTime 00:00:00.171
Stack Init f701c000 Current f701bce0 Base f701c000 Limit f7019000 Call 00000000
Priority 9 BasePriority 8 PriorityDecrement 0 IoPriority 0 PagePriority 0
ChildEBP RetAddr Args to Child
f701bcf8 80a440eb 898360c0 89836020 898d45c0 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4]) [d:\srv03rtm\base\ntos\ke\i386\ctxswap.asm @ 139]
f701bd30 80a35ea9 80a30b6a 898d40e8 4f444648 nt!KiSwapThread+0x627 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\thredsup.c @ 2000]
f701bd64 bae8bf7b 898d45c0 00000005 00000000 nt!KeWaitForSingleObject+0x2d7 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\wait.c @ 1161]
f701bdac 80d391f0 898d4030 00000000 00000000 USBPORT!USBPORT_WorkerThread+0x57 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\drivers\wdm\usb\hcd\usbport\thread.c @ 106]
f701bddc 80b00d52 bae8bf24 898d4030 00000000 nt!PspSystemThreadStartup+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ps\create.c @ 2213]
00000000 f000ff53 f000e2c3 f000ff53 f000ff53 nt!KiThreadStartup+0x16 [d:\srv03rtm\base\ntos\ke\i386\threadbg.asm @ 81]
WARNING: Frame IP not in any known module. Following frames may be wrong.
30000000 00000000 00000000 00000000 00000000 0xf000ff53


1: kd> bp 80a35ea9
1: kd> g
Breakpoint 39 hit
eax=00000000 ebx=898d45c0 ecx=00000000 edx=80010031 esi=89836020 edi=898360c0
eip=80a35ea9 esp=f701bd38 ebp=f701bd64 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KeWaitForSingleObject+0x2d7:
80a35ea9 3d00010000 cmp eax,100h
1: kd> kc
#
00 nt!KeWaitForSingleObject
01 USBPORT!USBPORT_WorkerThread
02 nt!PspSystemThreadStartup
03 nt!KiThreadStartup

第二部分:查看让出cpu的线程的状态。


typedef enum _KTHREAD_STATE {
Initialized,
Ready,
Running,
Standby,
Terminated,
Waiting,


1: kd> dt kTHREAD 89804020
CSRSRV!KTHREAD
+0x000 Header : _DISPATCHER_HEADER
+0x010 MutantListHead : _LIST_ENTRY [ 0x89804030 - 0x89804030 ]
+0x018 InitialStack : 0xf75f7000 Void
+0x01c StackLimit : 0xf75f4000 Void
+0x020 KernelStack : 0xf75f692c Void
+0x024 ThreadLock : 0
+0x028 ContextSwitches : 0x25d
+0x02c State : 0x5 '' Waiting,

1: kd> !THREAD 89804020
THREAD 89804020 Cid 01b0.01e0 Teb: 7ffd8000 Win32Thread: e1639460 WAIT: (WrUserRequest) UserMode Non-Alertable
8957cd20 SynchronizationEvent
89505548 SynchronizationEvent
89804b80 SynchronizationEvent
IRP List:
894f8458: (0006,01d8) Flags: 00000970 Mdl: 00000000
8989e008: (0006,0190) Flags: 00000970 Mdl: 00000000
89530910: (0006,01d8) Flags: 00000970 Mdl: 00000000
89756e70: (0006,0190) Flags: 00000970 Mdl: 00000000
Not impersonating
DeviceMap e10003d8
Owning Process 89831250 Image: csrss.exe
Attached Process N/A Image: N/A
Wait Start TickCount 274655209 Ticks: 3 (0:00:00:00.046)
Context Switch Count 605 IdealProcessor: 1 LargeStack
UserTime 00:00:00.000
KernelTime 00:00:00.796
Stack Init f75f7000 Current f75f692c Base f75f7000 Limit f75f4000 Call 00000000
Priority 15 BasePriority 13 PriorityDecrement 0 IoPriority 0 PagePriority 0
ChildEBP RetAddr Args to Child
f75f6944 80a440eb f7737120 89804020 89804080 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4]) [d:\srv03rtm\base\ntos\ke\i386\ctxswap.asm @ 139]
f75f697c 80a358c7 00000000 e1639460 00000002 nt!KiSwapThread+0x627 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\thredsup.c @ 2000]
f75f69b4 bf8a4685 00000003 89804b50 00000001 nt!KeWaitForMultipleObjects+0x3b5 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\wait.c @ 816]
f75f6a04 bf8b123e 00000002 89804b50 bf8fe215 win32k!xxxMsgWaitForMultipleObjects+0xeb (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\queue.c @ 4540]
f75f6d1c bf8b21ba bfa70aa0 00000001 f75f6d48 win32k!xxxDesktopThread+0x437 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 594]
f75f6d2c bf806d52 bfa70aa0 f75f6d58 008cfff4 win32k!xxxCreateSystemThreads+0x9c (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 347]
f75f6d48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
f75f6d48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ f75f6d64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
00000000 00000000 00000000 00000000 00000000 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])

http://www.cnnetsun.cn/news/101794.html

相关文章:

  • 基于SpringBoot的大学生科技竞赛管理系统(毕业设计项目源码+文档)
  • 基于SpringBoot的动漫分享系统的设计与实现(毕业设计项目源码+文档)
  • 震惊!这3家环保服务商靠谱到让你意想不到!
  • 微服务网格:Istio 流量管理实战
  • 电脑启动太慢怎么解决?从底层优化到专业电脑加速的5大终极策略
  • 我的新能源车企,如何靠六西格玛培训跑赢质量与成本的终极竞赛?
  • [创业之路]-734-没有权力的责任是奴役,没有责任的权力是腐败,没有利益的责任是忽悠。管得好,叫责权利统一;管不好,叫利权责倒挂。一流的组织:用责任牵引权力和利益;末流的组织:用利益和权力逃避责任
  • 基于SpringBoot的自动驾驶数据处理任务众包平台系统毕业设计项目源码
  • 基于SpringBoot的养老院管理系统毕业设计项目源码
  • 若是Windows下的HGDB配置参数work_mem>=2GB会导致HGDB服务无法启动
  • 17、使用psad应对网络攻击:原理、配置与实例
  • EmotiVoice能否替代真人配音?实测对比告诉你
  • EmotiVoice语音紧迫感调控适合警报通知
  • vue基于springboot的土壤监测信息采集系统
  • vue基于springboot的小区停车场收费车辆计费管理系统的设计与实现
  • vue基于springboot的文创产品商城众筹平台设计与实现
  • vue基于springboot的物流运输仓储仓库采购信息系统平台的设计与实现
  • 基于SpringBoot的民宿管理系统的设计与实现毕业设计项目源码
  • 基于SpringBoot的民运会赛务管理系统的设计与实现毕业设计项目源码
  • PCB焊锡虚焊排查与预防全攻略
  • 保姆级教程!把AI大模型训练过程揉碎了讲给你听,小白也能秒懂!
  • 4-DE10-Nano的HDMI方块移动案例——I2C通信协议
  • 5款AI写论文哪个好?深度横评后我发现了宏智树AI学术圈隐藏的“六边形战士”
  • 软件测试认证体系全面分析
  • 局域网扫描工具 MyLanViewer v6.7.2 便携版
  • EmotiVoice能否支持实时变声聊天?技术可行性验证
  • 如何提升合成语音的韵律感?EmotiVoice提供完整方案
  • 办公室中的Python课 P03 【数据小仓库】变量与数据类型:文件柜里的不同标签
  • 计算机毕业设计|基于springboot + vue敬老院管理系统(源码+数据库+文档)
  • 基于EmotiVoice的语音合成应用实践全攻略