news 2026/4/16 15:56:16

KiFindReadyThread函数和KiSelectReadyThread函数和TargetPrcb->DispatcherReadyListHead数组的关系

作者头像

张小明

前端开发工程师

1.2k 24
文章封面图
KiFindReadyThread函数和KiSelectReadyThread函数和TargetPrcb->DispatcherReadyListHead数组的关系

KiFindReadyThread函数和KiDeferredReadyThread函数和KiSelectReadyThread函数和TargetPrcb->DispatcherReadyListHead数组的关系

第一部分:找出下一个线程,并下断点

KPCR for Processor 1 at f7737000:


[+0x928]ReadySummary : 0x200[Type: unsigned long]
[+0x92c] SelectNextLast : 0x0 [Type: unsigned long]
[+0x930] DispatcherReadyListHead [Type: _LIST_ENTRY [32]]
[+0xa30] DeferredReadyListHead [Type: _SINGLE_LIST_ENTRY]

0010 0000 0000

第九位


1: kd> dx -id 0,0,89831250 -r1 (*((basesrv!_LIST_ENTRY *)0xf7737a98))
(*((basesrv!_LIST_ENTRY *)0xf7737a98)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0x89836080 [Type: _LIST_ENTRY *]
[+0x004] Blink : 0x89836080 [Type: _LIST_ENTRY *]

1: kd>dt kthread 0x89836080-60
CSRSRV!KTHREAD
+0x000 Header : _DISPATCHER_HEADER
+0x010 MutantListHead : _LIST_ENTRY [ 0x89836030 - 0x89836030 ]
+0x018 InitialStack : 0xf701c000 Void
+0x01c StackLimit : 0xf7019000 Void
+0x020 KernelStack : 0xf701bce0 Void
+0x024 ThreadLock : 0
+0x028 ContextSwitches : 0x406
+0x02c State : 0x1 ''
+0x02d NpxState : 0xa ''
+0x02e WaitIrql : 0 ''
+0x02f WaitMode : 0 ''
+0x030 Teb : (null)
+0x034 ApcState : _KAPC_STATE
+0x04c ApcQueueLock : 0
+0x050 WaitStatus : 0n0
+0x054 WaitBlockList : 0x898360c0 _KWAIT_BLOCK
+0x058 Alertable : 0 ''
+0x059 WaitNext : 0 ''
+0x05a WaitReason : 0x5 ''
+0x05b Priority : 9 ''
+0x05c EnableStackSwap : 0x1 ''
+0x05d SwapBusy : 0 ''
+0x05e Alerted : [2] ""
+0x060 WaitListEntry : _LIST_ENTRY [ 0xf7737a98 - 0xf7737a98 ]

1: kd> !thread 0x89836080-60
THREAD 89836020 Cid 0004.0100 Teb: 00000000 Win32Thread: 00000000 READY on processor 1
Not impersonating
DeviceMap e10003d8
Owning Process 899a2278 Image: System
Attached Process N/A Image: N/A
Wait Start TickCount 274655207 Ticks: 4 (0:00:00:00.062)
Context Switch Count 1030 IdealProcessor: 1
UserTime 00:00:00.000
KernelTime 00:00:00.171
Stack Init f701c000 Current f701bce0 Base f701c000 Limit f7019000 Call 00000000
Priority 9 BasePriority 8 PriorityDecrement 0 IoPriority 0 PagePriority 0
ChildEBP RetAddr Args to Child
f701bcf8 80a440eb 898360c0 89836020 898d45c0 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4]) [d:\srv03rtm\base\ntos\ke\i386\ctxswap.asm @ 139]
f701bd30 80a35ea9 80a30b6a 898d40e8 4f444648 nt!KiSwapThread+0x627 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\thredsup.c @ 2000]
f701bd64 bae8bf7b 898d45c0 00000005 00000000 nt!KeWaitForSingleObject+0x2d7 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\wait.c @ 1161]
f701bdac 80d391f0 898d4030 00000000 00000000 USBPORT!USBPORT_WorkerThread+0x57 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\drivers\wdm\usb\hcd\usbport\thread.c @ 106]
f701bddc 80b00d52 bae8bf24 898d4030 00000000 nt!PspSystemThreadStartup+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ps\create.c @ 2213]
00000000 f000ff53 f000e2c3 f000ff53 f000ff53 nt!KiThreadStartup+0x16 [d:\srv03rtm\base\ntos\ke\i386\threadbg.asm @ 81]
WARNING: Frame IP not in any known module. Following frames may be wrong.
30000000 00000000 00000000 00000000 00000000 0xf000ff53


1: kd> bp 80a35ea9
1: kd> g
Breakpoint 39 hit
eax=00000000 ebx=898d45c0 ecx=00000000 edx=80010031 esi=89836020 edi=898360c0
eip=80a35ea9 esp=f701bd38 ebp=f701bd64 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KeWaitForSingleObject+0x2d7:
80a35ea9 3d00010000 cmp eax,100h
1: kd> kc
#
00 nt!KeWaitForSingleObject
01 USBPORT!USBPORT_WorkerThread
02 nt!PspSystemThreadStartup
03 nt!KiThreadStartup

第二部分:查看让出cpu的线程的状态。


typedef enum _KTHREAD_STATE {
Initialized,
Ready,
Running,
Standby,
Terminated,
Waiting,


1: kd> dt kTHREAD 89804020
CSRSRV!KTHREAD
+0x000 Header : _DISPATCHER_HEADER
+0x010 MutantListHead : _LIST_ENTRY [ 0x89804030 - 0x89804030 ]
+0x018 InitialStack : 0xf75f7000 Void
+0x01c StackLimit : 0xf75f4000 Void
+0x020 KernelStack : 0xf75f692c Void
+0x024 ThreadLock : 0
+0x028 ContextSwitches : 0x25d
+0x02c State : 0x5 '' Waiting,

1: kd> !THREAD 89804020
THREAD 89804020 Cid 01b0.01e0 Teb: 7ffd8000 Win32Thread: e1639460 WAIT: (WrUserRequest) UserMode Non-Alertable
8957cd20 SynchronizationEvent
89505548 SynchronizationEvent
89804b80 SynchronizationEvent
IRP List:
894f8458: (0006,01d8) Flags: 00000970 Mdl: 00000000
8989e008: (0006,0190) Flags: 00000970 Mdl: 00000000
89530910: (0006,01d8) Flags: 00000970 Mdl: 00000000
89756e70: (0006,0190) Flags: 00000970 Mdl: 00000000
Not impersonating
DeviceMap e10003d8
Owning Process 89831250 Image: csrss.exe
Attached Process N/A Image: N/A
Wait Start TickCount 274655209 Ticks: 3 (0:00:00:00.046)
Context Switch Count 605 IdealProcessor: 1 LargeStack
UserTime 00:00:00.000
KernelTime 00:00:00.796
Stack Init f75f7000 Current f75f692c Base f75f7000 Limit f75f4000 Call 00000000
Priority 15 BasePriority 13 PriorityDecrement 0 IoPriority 0 PagePriority 0
ChildEBP RetAddr Args to Child
f75f6944 80a440eb f7737120 89804020 89804080 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4]) [d:\srv03rtm\base\ntos\ke\i386\ctxswap.asm @ 139]
f75f697c 80a358c7 00000000 e1639460 00000002 nt!KiSwapThread+0x627 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\thredsup.c @ 2000]
f75f69b4 bf8a4685 00000003 89804b50 00000001 nt!KeWaitForMultipleObjects+0x3b5 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\wait.c @ 816]
f75f6a04 bf8b123e 00000002 89804b50 bf8fe215 win32k!xxxMsgWaitForMultipleObjects+0xeb (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\queue.c @ 4540]
f75f6d1c bf8b21ba bfa70aa0 00000001 f75f6d48 win32k!xxxDesktopThread+0x437 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 594]
f75f6d2c bf806d52 bfa70aa0 f75f6d58 008cfff4 win32k!xxxCreateSystemThreads+0x9c (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 347]
f75f6d48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
f75f6d48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ f75f6d64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
00000000 00000000 00000000 00000000 00000000 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])

版权声明: 本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若内容造成侵权/违法违规/事实不符,请联系邮箱:809451989@qq.com进行投诉反馈,一经查实,立即删除!
网站建设 2026/4/16 13:00:00

金融赋能·普惠托育!2025中国婴幼儿照护服务行业发展大会——普惠托育与保险金融行业交流分会议程发布

聚焦普惠托育可持续发展核心命题,破解“融资难、运营险”行业痛点,2025中国婴幼儿照护服务行业发展大会——普惠托育与保险金融行业交流分会将于12月26日13:30-17:00在山东国际会展中心3层济南厅举办。本次分会场以“跨界融合、方案落地、生态共建”为核…

作者头像 李华
网站建设 2026/4/16 12:42:25

鹅厂员工工作满 15 年即可退休,可一次性拿到 21 个月工资!

关注公众号回复“激活码”,获取最新IDEA激活码。近日,腾讯一则“工作满15年即可申请‘荣誉退休’,并获一次性21个月工资”的消息在知乎引起了讨论。2021年,腾讯推出国内互联网首个退休方案,首次将互联网和“退休”二字…

作者头像 李华
网站建设 2026/4/16 11:28:58

基于微信小程序的大学生餐厅点餐系统(毕业设计项目源码+文档)

课题摘要在高校餐饮数字化、便捷化需求升级的背景下,传统食堂就餐存在 “排队耗时久、错峰就餐难、菜品反馈不及时” 的痛点,基于微信小程序 SpringBoot 构建的大学生餐厅点餐系统,适配高校多食堂、多窗口运营场景,实现线上点餐、…

作者头像 李华
网站建设 2026/4/16 14:21:49

EmotiVoice语音合成在社交媒体内容创作中的爆款潜力

EmotiVoice:让声音“有情绪”的AI语音引擎如何引爆社交内容创作 在短视频每秒都在被千万人刷屏的今天,一个冷冰冰、毫无起伏的机械音早已无法留住观众的注意力。真正能让人驻足的内容,往往不只是画面吸引人,更在于那句恰到好处的…

作者头像 李华