调用nt!KiExitDispatcher的又一个函数nt!KeInsertQueueApc和nt!KiProcessDeferredReadyList函数分析和全局变量nt!KiIdleSummar

调用nt!KiExitDispatcher的又一个函数nt!KeInsertQueueApc和nt!KiProcessDeferredReadyList函数分析和全局变量nt!KiIdleSummary和nt!KiMask32Array的作用
0: kd> g
Breakpoint 41 hit
eax=0000001b ebx=804edc6c ecx=ffdff120 edx=00000000 esi=00000000 edi=ffdff120
eip=80a42c0c esp=f789ed18 ebp=f789ed38 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
nt!KiProcessDeferredReadyList:
80a42c0c 53 push ebx
0: kd> kc
#
00 nt!KiProcessDeferredReadyList
01 nt!KiExitDispatcher
02 nt!KeInsertQueueApc
03 nt!IopfCompleteRequest
04 mouclass!MouseClassServiceCallback
05 mouhid!MouHid_ReadComplete
06 nt!IopfCompleteRequest
07 HIDCLASS!HidpDistributeInterruptReport
08 HIDCLASS!HidpInterruptReadComplete

0: kd> dx -id 0,0,8954e020 -r1 (*((basesrv!_SINGLE_LIST_ENTRY *)0xffdffb50))
(*((basesrv!_SINGLE_LIST_ENTRY *)0xffdffb50)) [Type: _SINGLE_LIST_ENTRY]
[+0x000] Next : 0x89804080 [Type: _SINGLE_LIST_ENTRY *]
0: kd> dx -id 0,0,8954e020 -r1 ((basesrv!_SINGLE_LIST_ENTRY *)0x89804080)
((basesrv!_SINGLE_LIST_ENTRY *)0x89804080) : 0x89804080 [Type: _SINGLE_LIST_ENTRY *]
[+0x000] Next : 0x0 [Type: _SINGLE_LIST_ENTRY *]
0: kd> dt kthread 0x89804080-60
CSRSRV!KTHREAD
+0x000 Header : _DISPATCHER_HEADER
+0x010 MutantListHead : _LIST_ENTRY [ 0x89804030 - 0x89804030 ]
+0x018 InitialStack : 0xf75f7000 Void
+0x01c StackLimit : 0xf75f4000 Void
+0x020 KernelStack : 0xf75f692c Void
+0x024 ThreadLock : 0
+0x028 ContextSwitches : 0x25d
+0x02c State : 0x7 ''

+0x1bf AdjustReason : 0x1 ''

if (Thread->WaitStatus != STATUS_KERNEL_APC) { 没有运行
Thread->Quantum -= WAIT_QUANTUM_DECREMENT;
if (Thread->Quantum <= 0) {
Thread->Quantum = Process->ThreadQuantum;
Thread->Priority = KiComputeNewPriority(Thread, 1);
}
}

+0x050 WaitStatus : 0n256

#define STATUS_KERNEL_APC 0x100

参考：
00 nt!KiProcessDeferredReadyList
01 nt!KiExitDispatcher
02 nt!KeInsertQueueApc
03 nt!IopfCompleteRequest
参考结束：

前面是优先级调整部分：

//
// Save the value of thread's preempted flag and set thread preempted
// FALSE,
//

Preempted = Thread->Preempted; 可以再这里下断点：
Thread->Preempted = FALSE;

42 e Disable Clear 80a41f95 [d:\srv03rtm\base\ntos\ke\thredsup.c @ 398] 0001 (0001) nt!KiDeferredReadyThread+0x36d

0: kd> dv Preempted
Preempted = 0x00 ''

do {
Processor = Thread->IdealProcessor;
IdleSet = KiIdleSummary & Affinity;

0: kd> p
eax=00000001 ebx=0000000f ecx=00000003 edx=0000000f esi=89804020 edi=80a059f8
eip=80a41fbc esp=f789ece4 ebp=f789ed04 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiDeferredReadyThread+0x394:
80a41fbc a1806eb180 mov eax,dword ptr [nt!_KiIdleSummary (80b16e80)] ds:0023:80b16e80=00000002

0: kd> x nt!KiIdleSummary
80b16e80 nt!KiIdleSummary = 2

do {
Processor = Thread->IdealProcessor;
IdleSet = KiIdleSummary & Affinity;
if (IdleSet != 0) {

} else {
break;
}

} while (TRUE);

if ((IdleSet & AFFINITY_MASK(Processor)) == 0) {

0: kd> p
eax=00000002 ebx=0000000f ecx=00000003 edx=00000001 esi=89804020 edi=80a059f8
eip=80a41fce esp=f789ece4 ebp=f789ed04 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
nt!KiDeferredReadyThread+0x3a6:
80a41fce 850495b05ea080 test dword ptr nt!KiMask32Array (80a05eb0)[edx*4],eax ds:0023:80a05eb4=00000002

eax=00000002=IdleSet

AFFINITY_MASK

0: kd> x nt!KiMask32Array
80a05eb0 nt!KiMask32Array = unsigned long []
80a05eb0 nt!KiMask32Array = unsigned long [32]
80a05eb0 nt!KiMask32Array = unsigned long []
0: kd> dx -r1 (*((ntkrnlmp!unsigned long (*)[32])0x80a05eb0))
(*((ntkrnlmp!unsigned long (*)[32])0x80a05eb0)) [Type: unsigned long [32]]
[0] : 0x1 [Type: unsigned long]
[1] : 0x2 [Type: unsigned long]
[2] : 0x4 [Type: unsigned long]
[3] : 0x8 [Type: unsigned long]
[4] : 0x10 [Type: unsigned long]
[5] : 0x20 [Type: unsigned long]

+0x10e IdealProcessor : 0x1 ''

参考：另一个定义
#define AFFINITY_MASK(n) ((ULONG_PTR)1 << (n))
参考：另一个定义

#define AFFINITY_MASK(n) (KiAffinityArray[n])
#define KiAffinityArray KiMask32Array