企业官网建设流程全解析

遵义网站制作小程序,丹阳seo公司,百度网站优化公司,邯郸广告设计招聘nt!KiSwapThread函数分析之nt!KiFindReadyThread和nt!KiSwapContext汇编代码和分析 第一部分#xff1a; 当前处理器为1号处理器#xff0c;对应的KPCR f7737000没有NextThread 和ReadySummary 0。的情况。 LONG_PTR FASTCALL KiSwapThread ( IN PKTHREAD OldThread,…nt!KiSwapThread函数分析之nt!KiFindReadyThread和nt!KiSwapContext汇编代码和分析第一部分当前处理器为1号处理器对应的KPCR f7737000没有NextThread和ReadySummary 0。的情况。LONG_PTRFASTCALLKiSwapThread (IN PKTHREAD OldThread,IN PKPRCB CurrentPrcb){if ((NewThread CurrentPrcb-NextThread) ! NULL) {//// Clear the next thread address, set the current thread address, and// set the thread state to running.//CurrentPrcb-NextThread NULL;CurrentPrcb-CurrentThread NewThread;NewThread-State Running;} else {//// Attempt to select a thread from the current processor dispatcher// ready queues.//if ((NewThread KiSelectReadyThread(0, CurrentPrcb)) ! NULL) {CurrentPrcb-CurrentThread NewThread;NewThread-State Running;} else {第二部分1: kd gBreakpoint 30 hiteaxffdff120 ebxf7737120 ecx00000001 edxffdff120 esi00000000 edi80a059f8eip80a429d8 espf75f6948 ebpf75f697c iopl0 nv up ei pl nz na pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000206nt!KiFindReadyThread:80a429d8 55 push ebp1: kd kc#00 nt!KiFindReadyThread01 nt!KiSwapThread02 nt!KeWaitForMultipleObjects03 win32k!xxxMsgWaitForMultipleObjects04 win32k!xxxDesktopThread05 win32k!xxxCreateSystemThreads06 win32k!NtUserCallOneParam07 nt!_KiSystemService08 SharedUserData!SystemCallStub09 winsrv!NtUserCallOneParam1: kd !pcrKPCR for Processor 1 at f7737000:1: kd dt KPCR f7737000basesrv!KPCR0x000 NtTib : _NT_TIB0x000 Used_ExceptionList : 0xf75f6260 _EXCEPTION_REGISTRATION_RECORD0x004 Used_StackBase : (null)0x008 PerfGlobalGroupMask : (null)0x00c TssCopy : 0xf7737ef0 Void0x010 ContextSwitches : 0x8a1e0x014 SetMemberCopy : 20x018 Used_Self : 0x7ffd8000 Void0x01c SelfPcr : 0xf7737000 _KPCR0x020 Prcb : 0xf7737120 _KPRCB1: kd dx -id 0,0,89831250 -r1 ((basesrv!_KPRCB *)0xf7737120)((basesrv!_KPRCB *)0xf7737120) : 0xf7737120 [Type: _KPRCB *][0x000] MinorVersion : 0x1 [Type: unsigned short][0x002] MajorVersion : 0x1 [Type: unsigned short][0x004] CurrentThread : 0x89804020 [Type: _KTHREAD *][0x008] NextThread : 0x0 [Type: _KTHREAD *][0x928] ReadySummary : 0x0 [Type: unsigned long][0x92c] SelectNextLast : 0x0 [Type: unsigned long][0x930] DispatcherReadyListHead [Type: _LIST_ENTRY [32]][0xa30] DeferredReadyListHead [Type: _SINGLE_LIST_ENTRY][0xa34] PrcbPad72 [Type: unsigned long [11]][0xa60] ChainedInterruptList : 0x0 [Type: void *][0xa64] LookasideIrpFloat : 32720 [Type: long][0xa68] SpareFields0 [Type: unsigned long [4]][0xa78] VendorString [Type: unsigned char [13]][0xa85] InitialApicId : 0x1 [Type: unsigned char][0xa86] LogicalProcessorsPerPhysicalProcessor : 0x2 [Type: unsigned char][0xa88] MHz : 0xe0f [Type: unsigned long][0xa8c] FeatureBits : 0x33fff [Type: unsigned long][0xa90] UpdateSignature : {876173328384} [Type: _LARGE_INTEGER][0xa98] IsrTime : 0x0 [Type: unsigned __int64][0xaa0] NpxSaveArea [Type: _FX_SAVE_AREA][0xcb0] PowerState [Type: _PROCESSOR_POWER_STATE]1: kd kv# ChildEBP RetAddr Args to Child00 f75f6944 80a43dd9 f7737120 89804020 89804080 nt!KiFindReadyThread (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\thredsup.c 722]01 f75f697c 80a358c7 00000000 e1639460 00000002 nt!KiSwapThread0x315 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\thredsup.c 1854]02 f75f69b4 bf8a4685 00000003 89804b50 00000001 nt!KeWaitForMultipleObjects0x3b5 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\wait.c 816]03 f75f6a04 bf8b123e 00000002 89804b50 bf8fe215 win32k!xxxMsgWaitForMultipleObjects0xeb (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\queue.c 4540]04 f75f6d1c bf8b21ba bfa70aa0 00000001 f75f6d48 win32k!xxxDesktopThread0x437 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c 594]05 f75f6d2c bf806d52 bfa70aa0 f75f6d58 008cfff4 win32k!xxxCreateSystemThreads0x9c (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c 347]06 f75f6d48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c 4789]07 f75f6d48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService0x13f (FPO: [0,3] TrapFrame f75f6d64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm 1328]08 008cffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub0x4 (FPO: [0,0,0])09 008cffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c 2683]windbg .open -a ffffffff80a43dd91: kd dx -id 0,0,89831250 -r1 ((basesrv!_KPRCB *)0xffdff120)((basesrv!_KPRCB *)0xffdff120) : 0xffdff120 [Type: _KPRCB *][0x000] MinorVersion : 0x1 [Type: unsigned short][0x002] MajorVersion : 0x1 [Type: unsigned short][0x004] CurrentThread : 0x895f2a78 [Type: _KTHREAD *][0x008] NextThread : 0x0 [Type: _KTHREAD *][0x928] ReadySummary : 0x4000 [Type: unsigned long][0x92c] SelectNextLast : 0x0 [Type: unsigned long][0x930] DispatcherReadyListHead [Type: _LIST_ENTRY [32]]1: kd dx -id 0,0,89831250 -r1 (*((basesrv!_LIST_ENTRY (*)[32])0xffdffa50))(*((basesrv!_LIST_ENTRY (*)[32])0xffdffa50)) [Type: _LIST_ENTRY [32]][14] [Type: _LIST_ENTRY]1: kd dx -id 0,0,89831250 -r1 (*((basesrv!_LIST_ENTRY *)0xffdffac0))(*((basesrv!_LIST_ENTRY *)0xffdffac0)) [Type: _LIST_ENTRY][0x000] Flink : 0x895552c8 [Type: _LIST_ENTRY *][0x004] Blink : 0x895552c8 [Type: _LIST_ENTRY *]if (RemoveEntryList(Thread-WaitListEntry) ! FALSE) {Prcb-ReadySummary ^ PRIORITY_MASK(HighPriority);}Thread-NextProcessor (UCHAR)Number;return Thread;PrioritySet Prcb-ReadySummary; edi00004000ASSERT(PrioritySet ! 0);1: kd peaxffdff120 ebxffdff120 ecx00000001 edxffdff120 esi00000000 edi00004000eip80a429e9 espf75f6920 ebpf75f6944 iopl0 nv up ei ng nz ac po nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000292nt!KiFindReadyThread0x11:80a429e9 85ff test edi,ediKeFindFirstSetLeftMember(PrioritySet, HighPriority);1: kd peax00000002 ebxffdffac0 ecx00000001 edxffdff120 esi89555268 edi00004000eip80a42a92 espf75f6920 ebpf75f6944 iopl0 nv up ei ng nz na po cycs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000283nt!KiFindReadyThread0xba:80a42a92 858620010000 test dword ptr [esi120h],eax ds:0023:8955538800000003Thread CONTAINING_RECORD(NextEntry, KTHREAD, WaitListEntry);if ((Thread-Affinity AFFINITY_MASK(Number)) ! 0) {1: kd peax00000002 ebxffdffac0 ecx00000001 edxffdff120 esi89555268 edi00004000eip80a42a92 espf75f6920 ebpf75f6944 iopl0 nv up ei ng nz na po cycs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000283nt!KiFindReadyThread0xba:80a42a92 858620010000 test dword ptr [esi120h],eax ds:0023:89555388000000031: kd dt kthread 89555268CSRSRV!KTHREAD0x000 Header : _DISPATCHER_HEADER0x010 MutantListHead : _LIST_ENTRY [ 0x89555278 - 0x89555278 ]0x018 InitialStack : 0xf75d7000 Void0x01c StackLimit : 0xf75d4000 Void0x020 KernelStack : 0xf75d6a18 Void0x024 ThreadLock : 00x028 ContextSwitches : 0xa100x02c State : 0x1 0x120 Affinity : 3if (RemoveEntryList(Thread-WaitListEntry) ! FALSE) {Prcb-ReadySummary ^ PRIORITY_MASK(HighPriority);}1: kd dx -id 0,0,89831250 -r1 ((basesrv!_KPRCB *)0xffdff120)[0x928] ReadySummary : 0x0 [Type: unsigned long]1: kd dx -id 0,0,89831250 -r1 (*((basesrv!_LIST_ENTRY (*)[32])0xffdffa50))[14] [Type: _LIST_ENTRY]1: kd dx -id 0,0,89831250 -r1 (*((basesrv!_LIST_ENTRY *)0xffdffac0))(*((basesrv!_LIST_ENTRY *)0xffdffac0)) [Type: _LIST_ENTRY][0x000] Flink : 0xffdffac0 [Type: _LIST_ENTRY *][0x004] Blink : 0xffdffac0 [Type: _LIST_ENTRY *]Thread-NextProcessor (UCHAR)Number;return Thread;}1: kd peax89555268 ebx80a05ee8 ecxffdffac0 edxffdff120 esi89555268 ediffdff120eip80a42b5e espf75f6920 ebpf75f6944 iopl0 nv up ei pl zr na pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000246nt!KiFindReadyThread0x186:80a42b5e 5f pop ediif ((NewThread CurrentPrcb-NextThread) NULL) {if ((TargetPrcb-ReadySummary ! 0) (NewThread KiFindReadyThread(Processor,TargetPrcb)) ! NULL) { 返回到这里1: kd peax89555268 ebxf7737120 ecxffdffac0 edxffdff120 esi00000000 edi80a059f8eip80a43dd9 espf75f694c ebpf75f697c iopl0 nv up ei pl zr na pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000246nt!KiSwapThread0x315:80a43dd9 8bf0 mov esi,eaxNewThread KiFindReadyThread(Processor,TargetPrcb) eax89555268//// A new thread has been found to run on the// current processor.//NewThread-State Running;KiReleasePrcbLock(TargetPrcb);CurrentPrcb-CurrentThread NewThread; CurrentThread : 0x895552681: kddt kthread 89555268CSRSRV!KTHREAD0x000 Header : _DISPATCHER_HEADER0x010 MutantListHead : _LIST_ENTRY [ 0x89555278 - 0x89555278 ]0x018 InitialStack : 0xf75d7000 Void0x01c StackLimit : 0xf75d4000 Void0x020 KernelStack : 0xf75d6a18 Void0x024 ThreadLock : 00x028 ContextSwitches : 0xa100x02c State : 0x2 Running0x10f NextProcessor : 0x1 1: kd((ntkrnlmp!_KPRCB *)0xf7737120) : 0xf7737120 [Type: _KPRCB *][0x000] MinorVersion : 0x1 [Type: unsigned short][0x002] MajorVersion : 0x1 [Type: unsigned short][0x004] CurrentThread : 0x89555268[Type: _KTHREAD *][0x008] NextThread : 0x0 [Type: _KTHREAD *][0x00c] IdleThread : 0xf7739fa0 [Type: _KTHREAD *][0x010] Number : 1 [Type: char]//// Clear idle on the current processor and// update the idle summary SMT set to indicate// the physical processor is not entirely idle.//KiClearIdleSummary(AFFINITY_MASK(Processor));KiClearSMTSummary(CurrentPrcb-MultiThreadProcessorSet);goto ThreadFound; 马上交换线程。#if !defined(_WIN64)#define KiAffinityArray KiMask32Array#endifextern const ULONG_PTR KiAffinityArray[];#define AFFINITY_MASK(n) (KiAffinityArray[n])1: kd x nt!KiIdleSummary80b16e80 nt!KiIdleSummary 01: kd dv ProcessorProcessor 1[0x4d0] MultiThreadProcessorSet : 0x3 [Type: unsigned long]} else {Pending KiSwapContext(OldThread, NewThread);};;; BOOLEAN; KiSwapContext (; IN PKTHREAD OldThread; IN PKTHREAD NewThread; );; Routine Description:;; This function is a small wrapper, callable from C code, that marshalls; arguments and calls the actual swap context routine.;; Arguments:;; OldThread (ecx) - Supplies the address of the old thread ecx89804020; NewThread (edx) - Supplies the address of the new thread. edx89555268;; Return Value:;; If a kernel APC is pending, then a value of TRUE is returned. Otherwise,; a value of FALSE is returned.;;--cPublicFastCall KiSwapContext, 2.fpo (0, 0, 0, 4, 1, 0)1: kd peax00000000 ebx89804020 ecx89804020 edx89555268 esi89555268 edi80a059f8eip80a440e6 espf75f694c ebpf75f697c iopl0 nv up ei pl nz ac pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000216nt!KiSwapThread0x622:80a440e6 e8edc50b00 call nt!KiSwapContext (80b006d8)1: kd teax00000000 ebx89804020ecx89804020edx89555268esi89555268 edi80a059f8eip80b006d8 espf75f6948 ebpf75f697c iopl0 nv up ei pl nz ac pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000216nt!KiSwapContext:80b006d8 83ec10 sub esp,10h1: kd kc#00 nt!KiSwapContext01 nt!KiSwapThreadWARNING: Frame IP not in any known module. Following frames may be wrong.02 0x0第三部分cPublicFastCall KiSwapContext, 2.fpo (0, 0, 0, 4, 1, 0);; N.B. The following registers MUST be saved such that ebp is saved last.; This is done so the debugger can find the saved ebp for a thread; that is not currently in the running state.;sub esp, 4*4mov [esp12], ebx ; save registersmov [esp8], esi ;mov [esp4], edi ;mov [esp0], ebp ;mov ebx, PCR[PcSelfPcr] ; set address of PCRmov edi, ecx ; set old thread addressmov esi, edx ; set next thread addressmovzx ecx, byte ptr [edi].ThWaitirql ; set APC interrupt bypass disableCAPSTART KiSwapContext8,SwapContextcall SwapContext ; swap contextCAPEND KiSwapContext8mov ebp, [esp0] ; restore registersmov edi, [esp4] ;mov esi, [esp8] ;mov ebx, [esp12] ;add esp, 4*4 ;fstRET KiSwapContext ;fstENDP KiSwapContext1: kd peax00000000 ebx89804020 ecx89804020 edx89555268 esi89555268 edi80a059f8eip80a440e6 espf75f694c ebpf75f697c iopl0 nv up ei pl nz ac pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000216nt!KiSwapThread0x622:80a440e6 e8edc50b00 call nt!KiSwapContext (80b006d8)1: kd teax00000000 ebx89804020 ecx89804020 edx89555268 esi89555268 edi80a059f8eip80b006d8 espf75f6948 ebpf75f697c iopl0 nv up ei pl nz ac pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000216nt!KiSwapContext:80b006d8 83ec10 sub esp,10h1: kd peax00000000 ebx89804020 ecx89804020 edx89555268 esi89555268 edi80a059f8eip80b006db espf75f6938 ebpf75f697c iopl0 nv up ei ng nz na po nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000282nt!KiSwapContext0x3:80b006db 895c240c mov dword ptr [esp0Ch],ebx ss:0010:f75f6944000003161: kd peax00000000 ebx89804020 ecx89804020 edx89555268 esi89555268 edi80a059f8eip80b006df espf75f6938 ebpf75f697c iopl0 nv up ei ng nz na po nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000282nt!KiSwapContext0x7:80b006df 89742408 mov dword ptr [esp8],esi ss:0010:f75f6940000000081: kd peax00000000 ebx89804020 ecx89804020 edx89555268 esi89555268 edi80a059f8eip80b006e3 espf75f6938 ebpf75f697c iopl0 nv up ei ng nz na po nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000282nt!KiSwapContext0xb:80b006e3 897c2404 mov dword ptr [esp4],edi ss:0010:f75f693c{nt!KiSwapContext (80b006d8)}1: kd peax00000000 ebx89804020 ecx89804020 edx89555268 esi89555268 edi80a059f8eip80b006e7 espf75f6938 ebpf75f697c iopl0 nv up ei ng nz na po nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000282nt!KiSwapContext0xf:80b006e7 892c24 mov dword ptr [esp],ebp ss:0010:f75f6938000000001: kd peax00000000 ebx89804020 ecx89804020 edx89555268 esi89555268 edi80a059f8eip80b006ea espf75f6938 ebpf75f697c iopl0 nv up ei ng nz na po nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000282nt!KiSwapContext0x12:80b006ea 648b1d1c000000 mov ebx,dword ptr fs:[1Ch] fs:0030:0000001cf77370001: kd peax00000000 ebxf7737000 ecx89804020 edx89555268 esi89555268 edi80a059f8eip80b006f1 espf75f6938 ebpf75f697c iopl0 nv up ei ng nz na po nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000282nt!KiSwapContext0x19:80b006f1 8bf9 mov edi,ecx1: kd peax00000000 ebxf7737000 ecx89804020 edx89555268 esi89555268 edi89804020eip80b006f3 espf75f6938 ebpf75f697c iopl0 nv up ei ng nz na po nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000282nt!KiSwapContext0x1b:80b006f3 8bf2 mov esi,edx1: kd peax00000000 ebxf7737000 ecx89804020 edx89555268 esi89555268 edi89804020eip80b006f5 espf75f6938 ebpf75f697c iopl0 nv up ei ng nz na po nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000282nt!KiSwapContext0x1d:80b006f5 0fb64f2e movzx ecx,byte ptr [edi2Eh] ds:0023:8980404e001: kd peax00000000 ebxf7737000 ecx00000000 edx89555268 esi89555268 edi89804020eip80b006f9 espf75f6938 ebpf75f697c iopl0 nv up ei ng nz na po nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000282nt!KiSwapContext0x21:80b006f9 e8f2000000 call nt!SwapContext (80b007f0)1: kd peax00000000 ebxf7737000 ecx00000000 edx80010031 esi89555268 edi89804020eip80b006fe espf75d6a24 ebp89831250 iopl0 nv up ei pl zr na pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000246nt!KiSwapContext0x26:80b006fe 8b2c24 mov ebp,dword ptr [esp] ss:0010:f75d6a24f75d6a681: kd peax00000000 ebxf7737000 ecx00000000 edx80010031 esi89555268 edi89804020eip80b00701 espf75d6a24 ebpf75d6a68 iopl0 nv up ei pl zr na pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000246nt!KiSwapContext0x29:80b00701 8b7c2404 mov edi,dword ptr [esp4] ss:0010:f75d6a28{nt!string (80a059f8)}1: kd peax00000000 ebxf7737000 ecx00000000 edx80010031 esi89555268 edi80a059f8eip80b00705 espf75d6a24 ebpf75d6a68 iopl0 nv up ei pl zr na pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000246nt!KiSwapContext0x2d:80b00705 8b742408 mov esi,dword ptr [esp8] ss:0010:f75d6a2c898360201: kd peax00000000 ebxf7737000 ecx00000000 edx80010031 esi89836020 edi80a059f8eip80b00709 espf75d6a24 ebpf75d6a68 iopl0 nv up ei pl zr na pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000246nt!KiSwapContext0x31:80b00709 8b5c240c mov ebx,dword ptr [esp0Ch] ss:0010:f75d6a30895552681: kd peax00000000 ebx89555268 ecx00000000 edx80010031 esi89836020 edi80a059f8eip80b0070d espf75d6a24 ebpf75d6a68 iopl0 nv up ei pl zr na pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000246nt!KiSwapContext0x35:80b0070d 83c410 add esp,10h1: kd peax00000000 ebx89555268 ecx00000000 edx80010031 esi89836020 edi80a059f8eip80b00710 espf75d6a34 ebpf75d6a68 iopl0 nv up ei ng nz na po nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000282nt!KiSwapContext0x38:80b00710 c3 ret1: kd kc#00 nt!KiSwapContext01 nt!KiSwapThreadWARNING: Frame IP not in any known module. Following frames may be wrong.02 0x01: kd !threadTHREAD 89555268 Cid 01b0.01dc Teb: 7ffd9000 Win32Thread: e1601268 RUNNING on processor 1IRP List:897fe008: (0006,0190) Flags: 00000970 Mdl: 00000000897569a0: (0006,0190) Flags: 00000970 Mdl: 00000000Not impersonatingDeviceMap e10003d8Owning Process 89831250 Image: csrss.exeAttached Process N/A Image: N/AWait Start TickCount 274655230 Ticks: 8 (0:00:00:00.125)Context Switch Count 2577 IdealProcessor: 0 LargeStackUserTime 00:00:00.000KernelTime 00:00:00.625Stack Init f75d7000 Current f75d6a18 Base f75d7000 Limit f75d4000 Call 00000000Priority 14 BasePriority 13 PriorityDecrement 0 IoPriority 0 PagePriority 0ChildEBP RetAddr Args to Childf75d6a30 80a440eb f7737120 89555268 895552c8 nt!KiSwapContext0x38 (FPO: [Uses EBP] [0,0,4]) [d:\srv03rtm\base\ntos\ke\i386\ctxswap.asm 144]00000000 f000ff53 f000e2c3 f000ff53 f000ff53 nt!KiSwapThread0x627 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\thredsup.c 2000]WARNING: Frame IP not in any known module. Following frames may be wrong.30000000 00000000 00000000 00000000 00000000 0xf000ff53#if !defined(NT_UP)if (OldThread NewThread) {KiSetContextSwapIdle(OldThread);Pending (BOOLEAN)((NewThread-ApcState.KernelApcPending ! FALSE) (NewThread-SpecialApcDisable 0) (WaitIrql 0));} else {Pending KiSwapContext(OldThread, NewThread);新线程返回到这里}#elsePending KiSwapContext(OldThread, NewThread);#endif//// If a kernel APC should be delivered, then deliver it now.//WaitStatus OldThread-WaitStatus;if (Pending ! FALSE) {1: kd peax00000000 ebx89555268 ecx00000000 edx80010031 esi89836020 edi80a059f8eip80a440eb espf75d6a38 ebpf75d6a68 iopl0 nv up ei ng nz na po nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000282nt!KiSwapThread0x627:80a440eb 84c0test al,al1: kd kc#00 nt!KiSwapThread01 nt!KeWaitForMultipleObjects02 win32k!RawInputThread03 win32k!xxxCreateSystemThreads04 win32k!NtUserCallOneParam05 nt!_KiSystemService06 SharedUserData!SystemCallStub07 winsrv!NtUserCallOneParam1: kd !threadTHREAD 89555268 Cid 01b0.01dc Teb: 7ffd9000 Win32Thread: e1601268 RUNNING on processor 1IRP List:897fe008: (0006,0190) Flags: 00000970 Mdl: 00000000897569a0: (0006,0190) Flags: 00000970 Mdl: 00000000Not impersonatingDeviceMap e10003d8Owning Process 89831250 Image: csrss.exeAttached Process N/A Image: N/AWait Start TickCount 274655230 Ticks: 8 (0:00:00:00.125)Context Switch Count 2577 IdealProcessor: 0 LargeStackUserTime 00:00:00.000KernelTime 00:00:00.625Stack Init f75d7000 Current f75d6a18 Base f75d7000 Limit f75d4000 Call 00000000Priority 14 BasePriority 13 PriorityDecrement 0 IoPriority 0 PagePriority 0ChildEBP RetAddr Args to Childf75d6a68 80a358c7 bfa03214 bfa01624 00000000 nt!KiSwapThread0x627 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\thredsup.c 2000]f75d6aa0 bf891bbd 00000007 89489d08 00000001 nt!KeWaitForMultipleObjects0x3b5 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\wait.c 816]f75d6d1c bf8b21b0 00000002 00000002 f75d6d48 win32k!RawInputThread0x712 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c 6349]f75d6d2c bf806d52 f75c64a0 f75d6d58 0088fff4 win32k!xxxCreateSystemThreads0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c 338]f75d6d48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c 4789]f75d6d48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService0x13f (FPO: [0,3] TrapFrame f75d6d64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm 1328]0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub0x4 (FPO: [0,0,0])0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c 2683]WaitStatus OldThread-WaitStatus;if (Pending ! FALSE) {1: kd peax00000000ebx89555268ecx00000000 edx80010031 esi89836020 edi80a059f8eip80a440ed espf75d6a38 ebpf75d6a68 iopl0 nv up ei pl zr na pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000246nt!KiSwapThread0x629:80a440ed 8b5b50mov ebx,dword ptr [ebx50h]ds:0023:895552b8000000011: kd peax00000000 ebx00000001 ecx00000000 edx80010031 esi89836020 edi80a059f8eip80a440f0 espf75d6a38 ebpf75d6a68 iopl0 nv up ei pl zr na pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000246nt!KiSwapThread0x62c:80a440f0 8b350431a080 mov esi,dword ptr [nt!_imp_KfLowerIrql (80a03104)] ds:0023:80a03104{hal!KfLowerIrql (804edc30)}