当前位置: 首页 > news >正文

断点nt!KiDispatchInterrupt+0x4d可以截获CurrentThread被NextThread抢占后的线程切换的情况--server03调试记录

第一部分:
nt!KiDispatchInterrupt+0x3b对应cmp byte ptr [ebx].PcPrcbData.PbQuantumEnd, 0 ;
如果[ebx].PcPrcbData.PbQuantumEnd=1,说明时间片用完了,会跳转调用nt!KiQuantumEnd
否则,查看NextThread是否,如果存在则把CurrentThread放到就绪队列里面,然后切换到NextThread。

;
; Check to determine if quantum end is requested.
;
; N.B. If a new thread is selected as a result of processing the quantum
; end request, then the new thread is returned with the dispatcher
; database locked. Otherwise, NULL is returned with the dispatcher
; database unlocked.
;

kdi40: sti ; enable interrupts
cmp byte ptr [ebx].PcPrcbData.PbQuantumEnd, 0 ; quantum end requested
jne kdi90 ; if neq, quantum end request

第二部分:


0: kd> g
Breakpoint 16 hit
eax=00000001 ebx=00000102 ecx=00000002 edx=00000000 esi=f7737120 edi=00000000
eip=804ee4f8 esp=f78d27e4 ebp=f78d2808 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
hal!HalRequestSoftwareInterrupt:
804ee4f8 643a0d95000000 cmp cl,byte ptr fs:[95h] fs:0030:00000095=00
1: kd> g
Breakpoint 14 hit
eax=00000041 ebx=f78d298c ecx=8999e3a0 edx=00000000 esi=00000000 edi=f71451f2
eip=80b00720 esp=f78d2890 ebp=f78d2894 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiDispatchInterrupt:
80b00720 648b1d1c000000 mov ebx,dword ptr fs:[1Ch] fs:0030:0000001c=f7737000
1: kd> dx -id 0,0,89831250 -r1 ((basesrv!_KPRCB *)0xf7737120)
((basesrv!_KPRCB *)0xf7737120) : 0xf7737120 [Type: _KPRCB *]
[+0x000] MinorVersion : 0x1 [Type: unsigned short]
[+0x002] MajorVersion : 0x1 [Type: unsigned short]
[+0x004] CurrentThread : 0x8999e3a0 [Type: _KTHREAD *]
[+0x008] NextThread : 0x89995568 [Type: _KTHREAD *]

[+0x928] ReadySummary : 0x300 [Type: unsigned long]

1: kd> dx -id 0,0,89831250 -r1 ((basesrv!_KTHREAD *)0x89995568)
((basesrv!_KTHREAD *)0x89995568) : 0x89995568 [Type: _KTHREAD *]
[+0x000] Header [Type: _DISPATCHER_HEADER]
[+0x010] MutantListHead [Type: _LIST_ENTRY]
[+0x018] InitialStack : 0xf790b000 [Type: void *]
[+0x01c] StackLimit : 0xf7908000 [Type: void *]
[+0x020] KernelStack : 0xf790ac6c [Type: void *]
[+0x024] ThreadLock : 0x0 [Type: unsigned long]
[+0x028] ContextSwitches : 0x77 [Type: unsigned long]
[+0x02c] State : 0x3 [Type: unsigned char]

[+0x05b] Priority : 16 [Type: char]

1: kd> g
Breakpoint 45 hit
eax=00000000 ebx=f7737000 ecx=8999e3a0 edx=00000000 esi=00000000 edi=f71451f2
eip=80b0075b esp=f78d2890 ebp=f78d2894 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiDispatchInterrupt+0x3b:
80b0075b 80bbe109000000 cmp byte ptr [ebx+9E1h],0 ds:0023:f77379e1=00
1: kd> p
eax=00000000 ebx=f7737000 ecx=8999e3a0 edx=00000000 esi=00000000 edi=f71451f2
eip=80b00762 esp=f78d2890 ebp=f78d2894 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiDispatchInterrupt+0x42:
80b00762 7577 jne nt!KiDispatchInterrupt+0xbb (80b007db) [br=0]
1: kd> p
eax=00000000 ebx=f7737000 ecx=8999e3a0 edx=00000000 esi=00000000 edi=f71451f2
eip=80b00764 esp=f78d2890 ebp=f78d2894 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiDispatchInterrupt+0x44:
80b00764 83bb2801000000 cmp dword ptr [ebx+128h],0 ds:0023:f7737128=89995568
1: kd> p
eax=00000000 ebx=f7737000 ecx=8999e3a0 edx=00000000 esi=00000000 edi=f71451f2
eip=80b0076b esp=f78d2890 ebp=f78d2894 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
nt!KiDispatchInterrupt+0x4b:
80b0076b 746d je nt!KiDispatchInterrupt+0xba (80b007da) [br=0]
1: kd> p
Breakpoint 48 hit
eax=00000000 ebx=f7737000 ecx=8999e3a0 edx=00000000 esi=00000000 edi=f71451f2
eip=80b0076d esp=f78d2890 ebp=f78d2894 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
nt!KiDispatchInterrupt+0x4d:
80b0076d 83ec0c sub esp,0Ch
1: kd> g
Breakpoint 38 hit
eax=00000002 ebx=f7737000 ecx=8999e3a0 edx=f7737120 esi=89995568 edi=8999e3a0
eip=80a4412e esp=f78d2880 ebp=f78d2894 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiQueueReadyThread:
80a4412e 55 push ebp

1: kd> gu
eax=00000000 ebx=f7737000 ecx=f7737ab8 edx=f7737ab8 esi=89995568 edi=8999e3a0
eip=80b007c5 esp=f78d2884 ebp=f78d2894 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiDispatchInterrupt+0xa5:
80b007c5 b101 mov cl,1
1: kd> dx -id 0,0,89831250 -r1 ((basesrv!_KPRCB *)0xf7737120)
((basesrv!_KPRCB *)0xf7737120) : 0xf7737120 [Type: _KPRCB *]
[+0x000] MinorVersion : 0x1 [Type: unsigned short]
[+0x002] MajorVersion : 0x1 [Type: unsigned short]
[+0x004] CurrentThread : 0x89995568 [Type: _KTHREAD *]
[+0x008] NextThread : 0x0 [Type: _KTHREAD *]

[+0x928] ReadySummary : 0x2300 [Type: unsigned long]

1: kd> dx -id 0,0,89831250 -r1 ((basesrv!_KTHREAD *)0x8999e3a0)
((basesrv!_KTHREAD *)0x8999e3a0) : 0x8999e3a0 [Type: _KTHREAD *]
[+0x000] Header [Type: _DISPATCHER_HEADER]
[+0x010] MutantListHead [Type: _LIST_ENTRY]
[+0x018] InitialStack : 0xf78d3000 [Type: void *]
[+0x01c] StackLimit : 0xf78d0000 [Type: void *]
[+0x020] KernelStack : 0xf78d28e8 [Type: void *]
[+0x024] ThreadLock : 0x0 [Type: unsigned long]
[+0x028] ContextSwitches : 0x617 [Type: unsigned long]
[+0x02c] State : 0x1 [Type: unsigned char]

[+0x113] Quantum : 7 [Type: char]

1: kd> g
Breakpoint 46 hit
eax=00000000 ebx=f7737000 ecx=f7737a01 edx=f7737ab8 esi=89995568 edi=8999e3a0
eip=80b007f0 esp=f78d2880 ebp=f78d2894 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!SwapContext:
80b007f0 51 push ecx

http://www.cnnetsun.cn/news/151959.html

相关文章:

  • 计算机毕业设计springboot家庭财务管理系统APP 基于Spring Boot的家庭财务智能管理移动应用开发 Spring Boot驱动的家庭财务管理系统移动端设计与实现
  • Open-AutoGLM坐标漂移难题,一文掌握精准修正的7种高级手法
  • (独家)Open-AutoGLM弹窗自愈系统设计内幕:3步实现无人值守自动处理
  • 从规则引擎到AI决策,弹窗处理如何迈入智能化时代?,Open-AutoGLM实战路径全披露
  • 无路可退的渗透测试工程师,35岁前趁早多接触下这些方向
  • 非科班学网络安全,是“黄金大道”还是“天坑之旅”?
  • C语言变量命名规则C语言变量与常量基本数据类型
  • 1、数学物理中的量化与群论研究
  • 18、物理中的几何方法与模型研究
  • 2、量子物理早期实验与理论探索
  • 基于ssm的面向企事业单位的项目申报小程序源代码(源码+文档+数据库)
  • FaceFusion镜像提供多维度性能指标看板
  • 30、6G 网络:连接未来的无限可能
  • AIDD-人工智能药物设计-AI 药物重定位:GraphRAG 让黑箱模型说人话
  • FaceFusion人脸替换技术通过ISO信息安全认证
  • 转行IT必看:【云计算运维】和【网络安全】选哪个?
  • 2025_网络安全就业真相:200万缺口+薪资24万起+无35岁危机,程序员必看!
  • FaceFusion在AI法律顾问形象亲和力优化中的实践
  • 办公室中的Python课 P06 【精准检索】字典:像查通讯录一样管理数据
  • 转行网络安全必备:5 个免费学习平台 + 3 个实战靶场推荐
  • FaceFusion如何提升戴头巾人物的脸部轮廓还原?
  • Open-AutoGLM如何实现零延迟弹窗识别?:基于动态行为分析的自动化决策机制
  • FaceFusion在AI心理咨询形象信任感构建中的设计原则
  • Open-AutoGLM的上下文记忆如何突破长度限制:3大核心技术首次公开
  • 【Open-AutoGLM无代码自动化核心解密】:掌握底层逻辑的5大关键技术
  • 断点nt!KiDispatchInterrupt+0x4d可以截获CurrentThread被NextThread抢占后的线程切换的情况--server03调试指南
  • FaceFusion镜像提供API调用频率限制配置
  • 网络安全面试技巧深度指南:从“会做”到“会面”的降维打击
  • 24、5G网络中SDR、SDN与NFV技术深度解析
  • FaceFusion人脸融合在AI导游系统中的形象定制