news 2026/4/15 0:11:40

nt!KiSwapThread函数分析之CurrentPrcb->NextThread == NULL的情况下KiSelectReadyThread选出新线程

作者头像

张小明

前端开发工程师

1.2k 24
文章封面图
nt!KiSwapThread函数分析之CurrentPrcb->NextThread == NULL的情况下KiSelectReadyThread选出新线程

nt!KiSwapThread函数分析之CurrentPrcb->NextThread == NULL的情况下KiSelectReadyThread选出新线程

第一部分:


1: kd> kc
#
00 nt!KiSwapThread
01 nt!KeWaitForSingleObject
02 nt!ExpWaitForResource
03 nt!ExAcquireResourceExclusiveLite
04 win32k!EnterCrit
05 win32k!xxxSleepThread
06 win32k!xxxRealWaitMessageEx
07 win32k!NtUserWaitMessage

1: kd> g
Breakpoint 43 hit
eax=f7737538 ebx=8999e298 ecx=89575020 edx=f7737120 esi=89575020 edi=895750c0
eip=80a43ac4 esp=f75c6c30 ebp=f75c6c60 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiSwapThread:
80a43ac4 55 push ebp
1: kd> !pcr
KPCR for Processor 1 at f7737000:
Major 1 Minor 1
NtTib.ExceptionList: f75c6548
NtTib.StackBase: 00000000
NtTib.StackLimit: 00000000
NtTib.SubSystemTib: f7737ef0
NtTib.Version: 00008a20
NtTib.UserPointer: 00000002
NtTib.SelfTib: 7ffde000

SelfPcr: f7737000
Prcb: f7737120
Irql: 00000000
IRR: 00000000
IDR: ffffffff
InterruptMode: 00000000
IDT: f773d6e0
GDT: f773d2e0
TSS: f7737ef0

CurrentThread: 89575020
NextThread: 00000000
IdleThread: f7739fa0

DpcQueue:
1: kd> dt KPCR f7737000
basesrv!KPCR
+0x000 NtTib : _NT_TIB
+0x000 Used_ExceptionList : 0xf75c6548 _EXCEPTION_REGISTRATION_RECORD
+0x004 Used_StackBase : (null)
+0x008 PerfGlobalGroupMask : (null)
+0x00c TssCopy : 0xf7737ef0 Void
+0x010 ContextSwitches : 0x8a20
+0x014 SetMemberCopy : 2
+0x018 Used_Self : 0x7ffde000 Void
+0x01c SelfPcr : 0xf7737000 _KPCR
+0x020 Prcb : 0xf7737120 _KPRCB
+0x024 Irql : 0 ''
+0x028 IRR : 0
+0x02c IrrActive : 0
+0x030 IDR : 0xffffffff
+0x034 KdVersionBlock : (null)
+0x038 IDT : 0xf773d6e0 _KIDTENTRY
+0x03c GDT : 0xf773d2e0 _KGDTENTRY
+0x040 TSS : 0xf7737ef0 _KTSS
+0x044 MajorVersion : 1
+0x046 MinorVersion : 1
+0x048 SetMember : 2
+0x04c StallScaleFactor : 0xe10
+0x050 SpareUnused : 0 ''
+0x051 Number : 0x1 ''
+0x052 Spare0 : 0 ''
+0x053 SecondLevelCacheAssociativity : 0 ''
+0x054 VdmAlert : 0
+0x058 KernelReserved : [14] 0
+0x090 SecondLevelCacheSize : 0
+0x094 HalReserved : [16] 1
+0x0d4 InterruptMode : 0
+0x0d8 Spare1 : 0 ''
+0x0dc KernelReserved2 : [17] 0
+0x120 PrcbData : _KPRCB
1: kd> dx -id 0,0,8954e020 -r1 ((basesrv!_KPRCB *)0xf7737120)
((basesrv!_KPRCB *)0xf7737120) : 0xf7737120 [Type: _KPRCB *]
[+0x000] MinorVersion : 0x1 [Type: unsigned short]
[+0x002] MajorVersion : 0x1 [Type: unsigned short]
[+0x004] CurrentThread : 0x89575020 [Type: _KTHREAD *]
[+0x008] NextThread : 0x0 [Type: _KTHREAD *]

[+0x928] ReadySummary : 0x4200 [Type: unsigned long]
[+0x92c] SelectNextLast : 0x0 [Type: unsigned long]
[+0x930] DispatcherReadyListHead [Type: _LIST_ENTRY [32]]
[+0xa30] DeferredReadyListHead [Type: _SINGLE_LIST_ENTRY]

0x4200
100 0010 0000 0000
1: kd> dx -id 0,0,8954e020 -r1 (*((basesrv!_LIST_ENTRY *)0xf7737ac0))
(*((basesrv!_LIST_ENTRY *)0xf7737ac0)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0x895552c8 [Type: _LIST_ENTRY *]
[+0x004] Blink : 0x895552c8 [Type: _LIST_ENTRY *]

1: kd> dx -id 0,0,8954e020 -r1 (*((basesrv!_LIST_ENTRY *)0xf7737a98))
(*((basesrv!_LIST_ENTRY *)0xf7737a98)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0x89836080 [Type: _LIST_ENTRY *]
[+0x004] Blink : 0x89836080 [Type: _LIST_ENTRY *]

1: kd> dt kthread 0x895552c8-60
CSRSRV!KTHREAD
+0x000 Header : _DISPATCHER_HEADER
+0x010 MutantListHead : _LIST_ENTRY [ 0x89555278 - 0x89555278 ]
+0x018 InitialStack : 0xf75d7000 Void
+0x01c StackLimit : 0xf75d4000 Void
+0x020 KernelStack : 0xf75d69dc Void
+0x024 ThreadLock : 0
+0x028 ContextSwitches : 0xa11
+0x02c State : 0x1 ''

1: kd> dt kthread 0x89836080-60
CSRSRV!KTHREAD
+0x000 Header : _DISPATCHER_HEADER
+0x010 MutantListHead : _LIST_ENTRY [ 0x89836030 - 0x89836030 ]
+0x018 InitialStack : 0xf701c000 Void
+0x01c StackLimit : 0xf7019000 Void
+0x020 KernelStack : 0xf701bce0 Void
+0x024 ThreadLock : 0
+0x028 ContextSwitches : 0x408
+0x02c State : 0x1 ''


1: kd> !thread
THREAD 89575020 Cid 01c8.01cc Teb: 7ffde000 Win32Thread: e1406ea8 WAIT: (WrResource) KernelMode Non-Alertable
8999e298 SynchronizationEvent
89575098 NotificationTimer
IRP List:
899bf510: (0006,0094) Flags: 00000800 Mdl: 00000000
Not impersonating
DeviceMap e10003d8
Owning Process 8954e020 Image: winlogon.exe
Attached Process N/A Image: N/A
Wait Start TickCount 274655240 Ticks: 2 (0:00:00:00.031)
Context Switch Count 1164 IdealProcessor: 1 LargeStack
UserTime 00:00:00.328
KernelTime 00:00:01.703


//
// If the deferred ready list is not empty, then process the list.
//

#if !defined(NT_UP)

if (CurrentPrcb->DeferredReadyListHead.Next != NULL) {
KiProcessDeferredReadyList(CurrentPrcb);
}

#endif

1: kd> dx -id 0,0,8954e020 -r1 (*((basesrv!_SINGLE_LIST_ENTRY *)0xf7737b50))
(*((basesrv!_SINGLE_LIST_ENTRY *)0xf7737b50)) [Type: _SINGLE_LIST_ENTRY]
[+0x000] Next : 0x0 [Type: _SINGLE_LIST_ENTRY *]

第二部分:

FORCEINLINE
PKTHREAD
KiSelectReadyThread (
IN KPRIORITY LowPriority,
IN PKPRCB Prcb
)

/*++

Routine Description:

This function searches the dispatcher ready queues from the specified
low priority to the highest priority in an attempt to find a thread
that can execute on the specified processor.

Arguments:

LowPriority - Supplies the lowest priority dispatcher ready queue to
examine.

Prcb - Supplies a pointer to a processor control block.

Return Value:

If a thread is located that can execute on the specified processor, then
the address of the thread object is returned. Otherwise a null pointer
is returned.

--*/

{

ULONG HighPriority;
PRLIST_ENTRY ListEntry;
ULONG PrioritySet;
PKTHREAD Thread;

//
// Compute the set of priority levels that should be scanned in an attempt
// to find a thread that can run on the current processor.
//

PrioritySet = KiPriorityMask[LowPriority] & Prcb->ReadySummary;
Thread = NULL;
if (PrioritySet != 0) {
KeFindFirstSetLeftMember(PrioritySet, &HighPriority);

ASSERT((PrioritySet & PRIORITY_MASK(HighPriority)) != 0);
ASSERT(IsListEmpty(&Prcb->DispatcherReadyListHead[HighPriority]) == FALSE);

ListEntry = Prcb->DispatcherReadyListHead[HighPriority].Flink;
Thread = CONTAINING_RECORD(ListEntry, KTHREAD, WaitListEntry);

ASSERT((KPRIORITY)HighPriority == Thread->Priority);
ASSERT((Thread->Affinity & AFFINITY_MASK(Prcb->Number)) != 0);
ASSERT(Thread->NextProcessor == Prcb->Number);

if (RemoveEntryList(&Thread->WaitListEntry) != FALSE) {
Prcb->ReadySummary ^= PRIORITY_MASK(HighPriority);
}
}

//
// Return thread address if one could be found.
//

return Thread;
}


[+0x930] DispatcherReadyListHead [Type: _LIST_ENTRY [32]]

第三部分:

1: kd> p
eax=f77379bc ebx=f7737120 ecx=00000000 edx=f7737120 esi=00000000 edi=80a059f8
eip=80a43b2d esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiSwapThread+0x69:
80a43b2d 8b8b28090000 mov ecx,dword ptr [ebx+928h] ds:0023:f7737a48=00004200
1: kd> p
eax=f77379bc ebx=f7737120 ecx=00004200 edx=f7737120 esi=00000000 edi=80a059f8
eip=80a43b33 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiSwapThread+0x6f:
80a43b33 230d305fa080 and ecx,dword ptr [nt!KiPriorityMask (80a05f30)] ds:0023:80a05f30=ffffffff
1: kd> p
eax=f77379bc ebx=f7737120 ecx=00004200 edx=f7737120 esi=00000000 edi=80a059f8
eip=80a43b39 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
nt!KiSwapThread+0x75:
80a43b39 6a00 push 0
1: kd> p
eax=f77379bc ebx=f7737120 ecx=00004200 edx=f7737120 esi=00000000 edi=80a059f8
eip=80a43b3b esp=f75c6bf8 ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
nt!KiSwapThread+0x77:
80a43b3b 894de0 mov dword ptr [ebp-20h],ecx ss:0010:f75c6c0c=895750c0
1: kd> p
eax=f77379bc ebx=f7737120 ecx=00004200 edx=f7737120 esi=00000000 edi=80a059f8
eip=80a43b3e esp=f75c6bf8 ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
nt!KiSwapThread+0x7a:
80a43b3e 5e pop esi
1: kd> p
eax=f77379bc ebx=f7737120 ecx=00004200 edx=f7737120 esi=00000000 edi=80a059f8
eip=80a43b3f esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
nt!KiSwapThread+0x7b:
80a43b3f 0f84c6000000 je nt!KiSwapThread+0x147 (80a43c0b) [br=0]
1: kd> p
eax=f77379bc ebx=f7737120 ecx=00004200 edx=f7737120 esi=00000000 edi=80a059f8
eip=80a43b45 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
nt!KiSwapThread+0x81:
80a43b45 0fbd45e0 bsr eax,dword ptr [ebp-20h] ss:0010:f75c6c0c=00004200
1: kd> p
eax=0000000e ebx=f7737120 ecx=00004200 edx=f7737120 esi=00000000 edi=80a059f8
eip=80a43b49 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
nt!KiSwapThread+0x85:
80a43b49 8bf0 mov esi,eax
1: kd> p
eax=0000000e ebx=f7737120 ecx=00004200 edx=f7737120 esi=0000000e edi=80a059f8
eip=80a43b4b esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
nt!KiSwapThread+0x87:
80a43b4b 8d04b5b05ea080 lea eax,nt!KiMask32Array (80a05eb0)[esi*4]
1: kd> p
eax=80a05ee8 ebx=f7737120 ecx=00004200 edx=f7737120 esi=0000000e edi=80a059f8
eip=80a43b52 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
nt!KiSwapThread+0x8e:
80a43b52 8508 test dword ptr [eax],ecx ds:0023:80a05ee8=00004000

1: kd> bp 80a43b2d
1: kd> p
eax=80a05ee8 ebx=f7737120 ecx=00004200 edx=f7737120 esi=0000000e edi=80a059f8
eip=80a43b54 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
nt!KiSwapThread+0x90:
80a43b54 8975e0 mov dword ptr [ebp-20h],esi ss:0010:f75c6c0c=00004200
1: kd> p
eax=80a05ee8 ebx=f7737120 ecx=00004200 edx=f7737120 esi=0000000e edi=80a059f8
eip=80a43b57 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
nt!KiSwapThread+0x93:
80a43b57 8945e8 mov dword ptr [ebp-18h],eax ss:0010:f75c6c14=8999e298
1: kd> p
eax=80a05ee8 ebx=f7737120 ecx=00004200 edx=f7737120 esi=0000000e edi=80a059f8
eip=80a43b5a esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
nt!KiSwapThread+0x96:
80a43b5a 7512 jne nt!KiSwapThread+0xaa (80a43b6e) [br=1]
1: kd> p
eax=80a05ee8 ebx=f7737120 ecx=00004200 edx=f7737120 esi=0000000e edi=80a059f8
eip=80a43b6e esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
nt!KiSwapThread+0xaa:
80a43b6e 8db4f330090000 lea esi,[ebx+esi*8+930h]
1: kd> p
eax=80a05ee8 ebx=f7737120 ecx=00004200 edx=f7737120 esi=f7737ac0 edi=80a059f8
eip=80a43b75 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
nt!KiSwapThread+0xb1:
80a43b75 3936 cmp dword ptr [esi],esi ds:0023:f7737ac0=895552c8
1: kd> p
eax=80a05ee8 ebx=f7737120 ecx=00004200 edx=f7737120 esi=f7737ac0 edi=80a059f8
eip=80a43b77 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei ng nz na po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000283
nt!KiSwapThread+0xb3:
80a43b77 7512 jne nt!KiSwapThread+0xc7 (80a43b8b) [br=1]
1: kd> p
eax=80a05ee8 ebx=f7737120 ecx=00004200 edx=f7737120 esi=f7737ac0 edi=80a059f8
eip=80a43b8b esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei ng nz na po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000283
nt!KiSwapThread+0xc7:
80a43b8b 8b36 mov esi,dword ptr [esi] ds:0023:f7737ac0=895552c8
1: kd> p
eax=80a05ee8 ebx=f7737120 ecx=00004200 edx=f7737120 esi=895552c8 edi=80a059f8
eip=80a43b8d esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei ng nz na po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000283
nt!KiSwapThread+0xc9:
80a43b8d 0fbe46fb movsx eax,byte ptr [esi-5] ds:0023:895552c3=0e
1: kd> p
eax=0000000e ebx=f7737120 ecx=00004200 edx=f7737120 esi=895552c8 edi=80a059f8
eip=80a43b91 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei ng nz na po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000283
nt!KiSwapThread+0xcd:
80a43b91 83ee60 sub esi,60h
1: kd> p
eax=0000000e ebx=f7737120 ecx=00004200 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43b94 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
nt!KiSwapThread+0xd0:
80a43b94 3945e0 cmp dword ptr [ebp-20h],eax ss:0010:f75c6c0c=0000000e
1: kd> p
eax=0000000e ebx=f7737120 ecx=00004200 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43b97 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiSwapThread+0xd3:
80a43b97 7412 je nt!KiSwapThread+0xe7 (80a43bab) [br=1]
1: kd> p
eax=0000000e ebx=f7737120 ecx=00004200 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43bab esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiSwapThread+0xe7:
80a43bab 0fbe4310 movsx eax,byte ptr [ebx+10h] ds:0023:f7737130=01
1: kd> p
eax=00000001 ebx=f7737120 ecx=00004200 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43baf esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiSwapThread+0xeb:
80a43baf 8b0485b05ea080 mov eax,dword ptr nt!KiMask32Array (80a05eb0)[eax*4] ds:0023:80a05eb4=00000002
1: kd> p
eax=00000002 ebx=f7737120 ecx=00004200 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43bb6 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiSwapThread+0xf2:
80a43bb6 858620010000 test dword ptr [esi+120h],eax ds:0023:89555388=00000003
1: kd> p
eax=00000002 ebx=f7737120 ecx=00004200 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43bbc esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
nt!KiSwapThread+0xf8:
80a43bbc 7512 jne nt!KiSwapThread+0x10c (80a43bd0) [br=1]
1: kd> p
eax=00000002 ebx=f7737120 ecx=00004200 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43bd0 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
nt!KiSwapThread+0x10c:
80a43bd0 0fb6860f010000 movzx eax,byte ptr [esi+10Fh] ds:0023:89555377=01
1: kd> p
eax=00000001 ebx=f7737120 ecx=00004200 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43bd7 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
nt!KiSwapThread+0x113:
80a43bd7 0fbe4b10 movsx ecx,byte ptr [ebx+10h] ds:0023:f7737130=01
1: kd> p
eax=00000001 ebx=f7737120 ecx=00000001 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43bdb esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
nt!KiSwapThread+0x117:
80a43bdb 3bc1 cmp eax,ecx
1: kd> p
eax=00000001 ebx=f7737120 ecx=00000001 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43bdd esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiSwapThread+0x119:
80a43bdd 7412 je nt!KiSwapThread+0x12d (80a43bf1) [br=1]
1: kd> p
eax=00000001 ebx=f7737120 ecx=00000001 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43bf1 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiSwapThread+0x12d:
80a43bf1 8b4660 mov eax,dword ptr [esi+60h] ds:0023:895552c8=f7737ac0
1: kd> p
eax=f7737ac0 ebx=f7737120 ecx=00000001 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43bf4 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiSwapThread+0x130:
80a43bf4 8b4e64 mov ecx,dword ptr [esi+64h] ds:0023:895552cc=f7737ac0
1: kd> p
eax=f7737ac0 ebx=f7737120 ecx=f7737ac0 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43bf7 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiSwapThread+0x133:
80a43bf7 3bc1 cmp eax,ecx
1: kd> p
eax=f7737ac0 ebx=f7737120 ecx=f7737ac0 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43bf9 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiSwapThread+0x135:
80a43bf9 8901 mov dword ptr [ecx],eax ds:0023:f7737ac0=895552c8
1: kd> p
eax=f7737ac0 ebx=f7737120 ecx=f7737ac0 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43bfb esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiSwapThread+0x137:
80a43bfb 894804 mov dword ptr [eax+4],ecx ds:0023:f7737ac4=895552c8
1: kd> p
eax=f7737ac0 ebx=f7737120 ecx=f7737ac0 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43bfe esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiSwapThread+0x13a:
80a43bfe 750b jne nt!KiSwapThread+0x147 (80a43c0b) [br=0]
1: kd> p
eax=f7737ac0 ebx=f7737120 ecx=f7737ac0 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43c00 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiSwapThread+0x13c:
80a43c00 8b45e8 mov eax,dword ptr [ebp-18h] ss:0010:f75c6c14=80a05ee8
1: kd> p
eax=80a05ee8 ebx=f7737120 ecx=f7737ac0 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43c03 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiSwapThread+0x13f:
80a43c03 8b00 mov eax,dword ptr [eax] ds:0023:80a05ee8=00004000
1: kd> p
eax=00004000 ebx=f7737120 ecx=f7737ac0 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43c05 esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiSwapThread+0x141:
80a43c05 318328090000 xor dword ptr [ebx+928h],eax ds:0023:f7737a48=00004200


1: kd> p
eax=00004000 ebx=f7737120 ecx=f7737ac0 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43c0b esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
nt!KiSwapThread+0x147:
80a43c0b 85f6 test esi,esi
1: kd> p
eax=00004000 ebx=f7737120 ecx=f7737ac0 edx=f7737120 esi=89555268 edi=80a059f8
eip=80a43c0d esp=f75c6bfc ebp=f75c6c2c iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
nt!KiSwapThread+0x149:
80a43c0d 0f8503040000 jne nt!KiSwapThread+0x552 (80a44016) [br=1]


+0x928 ReadySummary : 0x200
+0x92c SelectNextLast : 0
+0x930 DispatcherReadyListHead : [32] _LIST_ENTRY [ 0xf7737a50 - 0xf7737a50 ]


1: kd> dx -id 0,0,8954e020 -r1 (*((basesrv!_LIST_ENTRY (*)[32])0xf7737a50))

[14] [Type: _LIST_ENTRY]


1: kd> dx -id 0,0,8954e020 -r1 (*((basesrv!_LIST_ENTRY *)0xf7737ac0))
(*((basesrv!_LIST_ENTRY *)0xf7737ac0)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0xf7737ac0 [Type: _LIST_ENTRY *]
[+0x004] Blink : 0xf7737ac0 [Type: _LIST_ENTRY *]

版权声明: 本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若内容造成侵权/违法违规/事实不符,请联系邮箱:809451989@qq.com进行投诉反馈,一经查实,立即删除!
网站建设 2026/4/7 21:39:54

网络安全证书的含金量究竟有多高?

收藏!网络安全证书不是智商税:5张黄金认证助你敲开大厂门,避坑法则全解析 文章解析了网络安全证书的价值定位,强调其是行业"敲门砖"而非"智商税"。重点介绍了CISSP、CEH等5张高含金量认证及其优势&#xff0…

作者头像 李华
网站建设 2026/4/6 21:22:46

常见的五大网络安全模型

网络安全学习指南:五大核心安全模型详解实战资源包(强烈建议收藏) 文章详细介绍了网络安全的五大核心模型:基本模型、访问模型、PPDR模型、PDRR模型和MPDRR模型,阐述了各模型的组成要素和特点。同时提供了网络安全学习…

作者头像 李华
网站建设 2026/4/7 2:15:30

1小时搭建数据泄漏监控原型:快马平台实战

快速体验 打开 InsCode(快马)平台 https://www.inscode.net输入框内输入如下内容: 在InsCode平台快速开发数据泄漏监控原型,需求:1. 用户输入邮箱 2. 检查预设的模拟泄露数据库 3. 返回简单JSON结果 4. 基础前端展示 5. 可一键部署。使用Pyt…

作者头像 李华
网站建设 2026/4/11 18:28:54

Gemini 3 + Nano Banana Pro 正在终结“平民美学”的幻觉

在人类文明的历史长河中,美学权力的每一次变迁都伴随着资源的重新分配。从教会对艺术的垄断,到工业时代对设计的普及,我们曾天真地以为,随着 AI 技术的爆发,人类将迎来一个“美学大同”的乌托邦。 然而,20…

作者头像 李华
网站建设 2026/4/11 7:24:04

3分钟用软连接搭建开发环境原型

快速体验 打开 InsCode(快马)平台 https://www.inscode.net输入框内输入如下内容: 创建一个快速环境配置脚本,使用Linux软连接搭建开发环境原型。功能包括:1. 一键创建常用工具软连接 2. 设置项目目录结构 3. 配置开发环境快捷方式 4. 初始化…

作者头像 李华