当前位置：首页 > news >正文

nt!KiInsertQueueApc函数中的KiRequestApcInterrupt到hal!HalRequestSoftwareInterrupt

news 2026/3/26 17:30:59

第一部分：

VOID
FASTCALL
KiInsertQueueApc (
IN PKAPC InApc,
IN KPRIORITY Increment
)
{

if (ApcMode == KernelMode) {

//
// Thread transitions from the standby state to the running
// state can occur from the idle thread without holding the
// dispatcher lock. Reading the thread state after setting
// the kernel APC pending flag prevents the code from not
// delivering the APC interrupt in this case.
//

ASSERT((Thread != KeGetCurrentThread()) || (Thread->State == Running));

KeMemoryBarrier();
Thread->ApcState.KernelApcPending = TRUE;
KeMemoryBarrier();
ThreadState = Thread->State;
if (ThreadState == Running) {
KiRequestApcInterrupt(Thread->NextProcessor);

} else if ((ThreadState == Waiting) &&
(Thread->WaitIrql == 0) &&
(Thread->SpecialApcDisable == 0) &&
((Apc->NormalRoutine == NULL) ||
((Thread->KernelApcDisable == 0) &&
(Thread->ApcState.KernelApcInProgress == FALSE)))) {

KiUnwaitThread(Thread, STATUS_KERNEL_APC, Increment);
}

第二部分：

#if defined(NT_UP)

#define KiRequestApcInterrupt(Processor) KiRequestSoftwareInterrupt(APC_LEVEL)

#else

#define KiRequestApcInterrupt(Processor) \
if (KeGetCurrentProcessorNumber() == Processor) { \
KiRequestSoftwareInterrupt(APC_LEVEL); \
} else { \
KiIpiSend(AFFINITY_MASK(Processor), IPI_APC); \
}

#endif

第三部分：

1: kd> kc
#
00 hal!HalRequestSoftwareInterrupt
01 nt!KiInsertQueueApc
02 nt!KeInsertQueueApc
03 nt!IopCompleteRequest
04 nt!IopSynchronousServiceTail
05 nt!NtReadFile
06 nt!_KiSystemService
07 nt!ZwReadFile
08 win32k!StartDeviceRead
09 win32k!InputApc
0a nt!KiDeliverApc
0b nt!KiSwapThread
0c nt!KeWaitForMultipleObjects
0d win32k!xxxMsgWaitForMultipleObjects
0e win32k!xxxDesktopThread
0f win32k!xxxCreateSystemThreads
10 win32k!NtUserCallOneParam
11 nt!_KiSystemService
12 SharedUserData!SystemCallStub
13 winsrv!NtUserCallOneParam
1: kd> kv
# ChildEBP RetAddr Args to Child
00 f75f6698 80a3cbd6 8957da28 8989e048 00000000 hal!HalRequestSoftwareInterrupt (FPO: [0,0,0]) [d:\srv03rtm\base\hals\halmps\i386\mpswint.asm @ 84]
01 f75f66b8 80a3758e 8989e048 8989e008 00000000 nt!KiInsertQueueApc+0x13e (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\apcsup.c @ 578]
02 f75f66d4 80a2c076 8989e048 e163d238 00000000 nt!KeInsertQueueApc+0x80 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\apcobj.c @ 302]
03 f75f6730 80c70c45 8989e048 f75f6778 f75f6770 nt!IopCompleteRequest+0x368 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\io\iomgr\internal.c @ 1476]
04 f75f675c 80c6c1a2 894156b0 00000000 8957da28 nt!IopSynchronousServiceTail+0x1b1 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\io\iomgr\internal.c @ 7409]
05 f75f67f4 80afbcb2 00000224 00000000 bf8e7891 nt!NtReadFile+0x6be (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\io\iomgr\read.c @ 734]
06 f75f67f4 80a3ddd5 00000224 00000000 bf8e7891 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ f75f682c) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
07 f75f689c bf8fc2db 00000224 00000000 bf8e7891 nt!ZwReadFile+0x11 (FPO: [9,0,0]) [d:\srv03rtm\base\ntos\ke\mp\obj\i386\sysstubs.asm @ 1651]
08 f75f68d8 bf8e796d 000000f0 89804020 8989e048 win32k!StartDeviceRead+0x270 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1827]
09 f75f68f0 80a3c8d4 e163d210 e163d238 00000000 win32k!InputApc+0xdc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 2084]
0a f75f6938 80a44106 00000000 00000000 00000000 nt!KiDeliverApc+0x15e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\apcsup.c @ 337]
0b f75f697c 80a358c7 00000000 e1639460 00000002 nt!KiSwapThread+0x642 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\thredsup.c @ 2004]
0c f75f69b4 bf8a4685 00000003 89804b50 00000001 nt!KeWaitForMultipleObjects+0x3b5 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\wait.c @ 816]
0d f75f6a04 bf8b123e 00000002 89804b50 bf8fe215 win32k!xxxMsgWaitForMultipleObjects+0xeb (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\queue.c @ 4540]
0e f75f6d1c bf8b21ba bfa70aa0 00000001 f75f6d48 win32k!xxxDesktopThread+0x437 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 594]
0f f75f6d2c bf806d52 bfa70aa0 f75f6d58 008cfff4 win32k!xxxCreateSystemThreads+0x9c (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 347]
10 f75f6d48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
11 f75f6d48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ f75f6d64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
12 008cffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
13 008cffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]

第四部分：

1: kd> g
Breakpoint 50 hit
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=8989e008 edi=00000103
eip=804ee7d8 esp=f75f673c ebp=f75f675c iopl=0 nv up di pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000046
hal!HalpApcInterrupt:
804ee7d8 54 push esp
1: kd> kc
#
00 hal!HalpApcInterrupt
WARNING: Frame IP not in any known module. Following frames may be wrong.
01 0x0
02 0x0

查看全文

http://www.jsqmd.com/news/116705/