nt!KiQuantumEnd函数分析之KiComputeNewPriority后时间片加满和优先级降到基本优先级

nt!KiQuantumEnd函数分析之KiComputeNewPriority后时间片加满和优先级降到基本优先级

Thread->Priority = KiComputeNewPriority(Thread, 1);

FORCEINLINE
SCHAR
KiComputeNewPriority (
IN PKTHREAD Thread,
IN SCHAR Adjustment
)
{

SCHAR Priority;

//
// Compute the new thread priority.
//

ASSERT((Thread->PriorityDecrement >= 0) && (Thread->PriorityDecrement <= Thread->Priority));
ASSERT((Thread->Priority < LOW_REALTIME_PRIORITY) ? TRUE : (Thread->PriorityDecrement == 0));

Priority = Thread->Priority;
if (Priority < LOW_REALTIME_PRIORITY) {
Priority = Priority - Thread->PriorityDecrement - Adjustment;
if (Priority < Thread->BasePriority) {
Priority = Thread->BasePriority;
}

Thread->PriorityDecrement = 0;
}

return Priority;
}

第二部分：

0: kd> g
Breakpoint 27 hit
eax=f789eedc ebx=ffdff000 ecx=00000041 edx=00002012 esi=00000000 edi=804edc60
eip=80a40778 esp=ba1b0bfc ebp=ba1b0c04 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
nt!KiQuantumEnd:
80a40778 55 push ebp
0: kd> kc 2
#
00 nt!KiQuantumEnd
01 nt!KiDispatchInterrupt
0: kd> dx -id 0,0,89831250 -r1 ((basesrv!_KPRCB *)0xffdff120)
((basesrv!_KPRCB *)0xffdff120) : 0xffdff120 [Type: _KPRCB *]
[+0x000] MinorVersion : 0x1 [Type: unsigned short]
[+0x002] MajorVersion : 0x1 [Type: unsigned short]
[+0x004] CurrentThread : 0x895f2a78 [Type: _KTHREAD *]
[+0x008] NextThread : 0x0 [Type: _KTHREAD *]

0: kd> dx -id 0,0,89831250 -r1 ((basesrv!_KTHREAD *)0x895f2a78)
((basesrv!_KTHREAD *)0x895f2a78) : 0x895f2a78 [Type: _KTHREAD *]
[+0x000] Header [Type: _DISPATCHER_HEADER]
[+0x010] MutantListHead [Type: _LIST_ENTRY]
[+0x018] InitialStack : 0xba1b1000 [Type: void *]
[+0x01c] StackLimit : 0xba1ad000 [Type: void *]
[+0x020] KernelStack : 0xba1b0c5c [Type: void *]
[+0x024] ThreadLock : 0x0 [Type: unsigned long]
[+0x028] ContextSwitches : 0x470 [Type: unsigned long]
[+0x02c] State : 0x2 [Type: unsigned char]
[+0x02d] NpxState : 0xa [Type: unsigned char]
[+0x02e] WaitIrql : 0x0 [Type: unsigned char]
[+0x02f] WaitMode : 1 [Type: char]
[+0x030] Teb : 0x7ffd5000 [Type: void *]
[+0x034] ApcState [Type: _KAPC_STATE]
[+0x04c] ApcQueueLock : 0x0 [Type: unsigned long]
[+0x050] WaitStatus : 258 [Type: long]
[+0x054] WaitBlockList : 0x895f2b18 [Type: _KWAIT_BLOCK *]
[+0x058] Alertable : 0x0 [Type: unsigned char]
[+0x059] WaitNext : 0x0 [Type: unsigned char]
[+0x05a] WaitReason : 0x6 [Type: unsigned char]
[+0x05b] Priority : 15 [Type: char]
[+0x05c] EnableStackSwap : 0x1 [Type: unsigned char]
[+0x05d] SwapBusy : 0x0 [Type: unsigned char]
[+0x05e] Alerted [Type: unsigned char [2]]
[+0x060] WaitListEntry [Type: _LIST_ENTRY]
[+0x060] SwapListEntry [Type: _SINGLE_LIST_ENTRY]
[+0x068] Queue : 0x0 [Type: _KQUEUE *]
[+0x06c] WaitTime : 0x105ee7d7 [Type: unsigned long]
[+0x070] KernelApcDisable : 0 [Type: short]
[+0x072] SpecialApcDisable : 0 [Type: short]
[+0x070] CombinedApcDisable : 0x0 [Type: unsigned long]
[+0x078] Timer [Type: _KTIMER]
[+0x0a0] WaitBlock [Type: _KWAIT_BLOCK [4]]
[+0x100] QueueListEntry [Type: _LIST_ENTRY]
[+0x108] ApcStateIndex : 0x0 [Type: unsigned char]
[+0x109] ApcQueueable : 0x1 [Type: unsigned char]
[+0x10a] Preempted : 0x0 [Type: unsigned char]
[+0x10b] ProcessReadyQueue : 0x0 [Type: unsigned char]
[+0x10c] KernelStackResident : 0x1 [Type: unsigned char]
[+0x10d] Saturation : 0 [Type: char]
[+0x10e] IdealProcessor : 0x0 [Type: unsigned char]
[+0x10f] NextProcessor : 0x0 [Type: unsigned char]
[+0x110] BasePriority : 13 '\r' [Type: char]
[+0x111] Spare4 : 0x0 [Type: unsigned char]
[+0x112] PriorityDecrement : 2 [Type: char]
[+0x113] Quantum : -31 [Type: char]

0: kd> kv 2
# ChildEBP RetAddr Args to Child
00 ba1b0bf8 80b007e7 804ee6e5 ba1b0cac 804edc60 nt!KiQuantumEnd (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\dpcsup.c @ 246]
01 ba1b0bfc 804ee6e5 ba1b0cac 804edc60 badb0d00 nt!KiDispatchInterrupt+0xc7 (FPO: [Uses EBP] [0,0,3]) [d:\srv03rtm\base\ntos\ke\i386\ctxswap.asm @ 317]
windbg> .open -a ffffffff80b007e7
windbg> .open -a ffffffff80a40778

if ((Process->DisableQuantum != FALSE) &&
(Thread->Priority >= LOW_REALTIME_PRIORITY)) {

Thread->Quantum = MAXCHAR;

} else {
Thread->Quantum = Process->ThreadQuantum;

0: kd> p
eax=f789eedc ebx=ffdff000 ecx=00000041 edx=00002012 esi=00000000 edi=804edc60
eip=80a40781 esp=ba1b0bdc ebp=ba1b0bf8 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KiQuantumEnd+0x9:
80a40781 648b3d20000000 mov edi,dword ptr fs:[20h] fs:0030:00000020=ffdff120
0: kd> p
eax=f789eedc ebx=ffdff000 ecx=00000041 edx=00002012 esi=00000000 edi=ffdff120
eip=80a40788 esp=ba1b0bdc ebp=ba1b0bf8 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KiQuantumEnd+0x10:
80a40788 648b3524010000 mov esi,dword ptr fs:[124h] fs:0030:00000124=895f2a78
0: kd> p
eax=f789eedc ebx=ffdff000 ecx=00000041 edx=00002012 esi=895f2a78 edi=ffdff120
eip=80a4078f esp=ba1b0bdc ebp=ba1b0bf8 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KiQuantumEnd+0x17:
80a4078f 33c0 xor eax,eax
0: kd> p
eax=00000000 ebx=ffdff000 ecx=ffdff9e4 edx=00002012 esi=895f2a78 edi=ffdff120
eip=80a407ae esp=ba1b0bdc ebp=ba1b0bf8 iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000297
nt!KiQuantumEnd+0x36:
80a407ae ff15ac30a080 call dword ptr [nt!_imp__KeRaiseIrqlToSynchLevel (80a030ac)] ds:0023:80a030ac={hal!KeRaiseIrqlToSynchLevel (804edc14)}
0: kd> p
eax=00000002 ebx=ffdff000 ecx=ffdff9e4 edx=00000004 esi=895f2a78 edi=ffdff120
eip=80a407b4 esp=ba1b0bdc ebp=ba1b0bf8 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
nt!KiQuantumEnd+0x3c:
80a407b4 ff150831a080 call dword ptr [nt!_imp__KeGetCurrentIrql (80a03108)] ds:0023:80a03108={hal!KeGetCurrentIrql (804edc6c)}
0: kd> p
eax=895f2a9c ebx=80a059f8 ecx=00000000 edx=00000004 esi=895f2a78 edi=ffdff120
eip=80a407ea esp=ba1b0bdc ebp=ba1b0bf8 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiQuantumEnd+0x72:
80a407ea ff150831a080 call dword ptr [nt!_imp__KeGetCurrentIrql (80a03108)] ds:0023:80a03108={hal!KeGetCurrentIrql (804edc6c)}
0: kd> p
eax=ffdff9bc ebx=80a059f8 ecx=00000000 edx=00000004 esi=895f2a78 edi=ffdff120
eip=80a40821 esp=ba1b0bdc ebp=ba1b0bf8 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiQuantumEnd+0xa9:
80a40821 388e13010000 cmp byte ptr [esi+113h],cl ds:0023:895f2b8b=e1
0: kd> dd 895f2a78+113h
895f2b8b 010100e1 00000300 54e02000 00000389
895f2b9b b207a000 5f2aac80 5f2ba889 00000089
895f2bab 00000000 00000000 00000000 00000000
895f2bbb 00000000 00000000 7c0d1800 1b0d64e1
895f2bcb 000012ba 00000400 1b100000 300012ba
895f2bdb 00000000 5f2a7800 5f2aac89 5f2aac89
895f2beb a4167a89 a4167e80 a416a880 00000080
895f2bfb 00000000 00000000 00000000 05000500
0: kd> p
eax=ffdff9bc ebx=80a059f8 ecx=00000000 edx=00000004 esi=895f2a78 edi=ffdff120
eip=80a4082d esp=ba1b0bdc ebp=ba1b0bf8 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KiQuantumEnd+0xb5:
80a4082d 8b4644 mov eax,dword ptr [esi+44h] ds:0023:895f2abc=8954e020
0: kd> p
eax=8954e020 ebx=80a059f8 ecx=00000000 edx=00000004 esi=895f2a78 edi=ffdff120
eip=80a40830 esp=ba1b0bdc ebp=ba1b0bf8 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!KiQuantumEnd+0xb8:
80a40830 384869 cmp byte ptr [eax+69h],cl ds:0023:8954e089=00
0: kd> p
eax=8954e020 ebx=80a059f8 ecx=00000000 edx=00000004 esi=895f2a78 edi=ffdff120
eip=80a40847 esp=ba1b0bdc ebp=ba1b0bf8 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiQuantumEnd+0xcf:
80a40847 8a4063 mov al,byte ptr [eax+63h] ds:0023:8954e083=24
0: kd> p
eax=8954e024 ebx=80a059f8 ecx=00000000 edx=00000004 esi=895f2a78 edi=ffdff120
eip=80a40850 esp=ba1b0bdc ebp=ba1b0bf8 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiQuantumEnd+0xd8:
80a40850 8a8612010000 mov al,byte ptr [esi+112h] ds:0023:895f2b8a=02
0: kd> dx -id 0,0,89831250 -r1 ((basesrv!_KPRCB *)0xffdff120)
((basesrv!_KPRCB *)0xffdff120) : 0xffdff120 [Type: _KPRCB *]
[+0x000] MinorVersion : 0x1 [Type: unsigned short]
[+0x002] MajorVersion : 0x1 [Type: unsigned short]
[+0x004] CurrentThread : 0x895f2a78 [Type: _KTHREAD *]

[+0x928] ReadySummary : 0x0 [Type: unsigned long]

0: kd> dx -id 0,0,89831250 -r1 ((basesrv!_KTHREAD *)0x895f2a78)
((basesrv!_KTHREAD *)0x895f2a78) : 0x895f2a78 [Type: _KTHREAD *]
[+0x000] Header [Type: _DISPATCHER_HEADER]
[+0x010] MutantListHead [Type: _LIST_ENTRY]
[+0x018] InitialStack : 0xba1b1000 [Type: void *]
[+0x01c] StackLimit : 0xba1ad000 [Type: void *]
[+0x020] KernelStack : 0xba1b0c5c [Type: void *]
[+0x024] ThreadLock : 0x1 [Type: unsigned long]
[+0x028] ContextSwitches : 0x470 [Type: unsigned long]
[+0x02c] State : 0x2 [Type: unsigned char]
[+0x02d] NpxState : 0xa [Type: unsigned char]
[+0x02e] WaitIrql : 0x0 [Type: unsigned char]
[+0x02f] WaitMode : 1 [Type: char]
[+0x030] Teb : 0x7ffd5000 [Type: void *]
[+0x034] ApcState [Type: _KAPC_STATE]
[+0x04c] ApcQueueLock : 0x0 [Type: unsigned long]
[+0x050] WaitStatus : 258 [Type: long]
[+0x054] WaitBlockList : 0x895f2b18 [Type: _KWAIT_BLOCK *]
[+0x058] Alertable : 0x0 [Type: unsigned char]
[+0x059] WaitNext : 0x0 [Type: unsigned char]
[+0x05a] WaitReason : 0x6 [Type: unsigned char]
[+0x05b] Priority : 15 [Type: char]

[+0x112] PriorityDecrement : 2 [Type: char]
[+0x113] Quantum : 36 '$' [Type: char] [+0x113] Quantum : 36 '$'

第三部分：

Thread->Priority = KiComputeNewPriority(Thread, 1);//之后

15-2-1=12<13
13

0: kd> p
eax=8954e00d ebx=80a059f8 ecx=0000000d edx=00000004 esi=895f2a78 edi=ffdff120
eip=80a408b9 esp=ba1b0bdc ebp=ba1b0bf8 iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000297
nt!KiQuantumEnd+0x141:
80a408b9 837f0800 cmp dword ptr [edi+8],0 ds:0023:ffdff128=00000000
0: kd> dx -id 0,0,89831250 -r1 ((basesrv!_KTHREAD *)0x895f2a78)
((basesrv!_KTHREAD *)0x895f2a78) : 0x895f2a78 [Type: _KTHREAD *]
[+0x000] Header [Type: _DISPATCHER_HEADER]
[+0x010] MutantListHead [Type: _LIST_ENTRY]
[+0x018] InitialStack : 0xba1b1000 [Type: void *]
[+0x01c] StackLimit : 0xba1ad000 [Type: void *]
[+0x020] KernelStack : 0xba1b0c5c [Type: void *]
[+0x024] ThreadLock : 0x1 [Type: unsigned long]
[+0x028] ContextSwitches : 0x470 [Type: unsigned long]
[+0x02c] State : 0x2 [Type: unsigned char]
[+0x02d] NpxState : 0xa [Type: unsigned char]
[+0x02e] WaitIrql : 0x0 [Type: unsigned char]
[+0x02f] WaitMode : 1 [Type: char]
[+0x030] Teb : 0x7ffd5000 [Type: void *]
[+0x034] ApcState [Type: _KAPC_STATE]
[+0x04c] ApcQueueLock : 0x0 [Type: unsigned long]
[+0x050] WaitStatus : 258 [Type: long]
[+0x054] WaitBlockList : 0x895f2b18 [Type: _KWAIT_BLOCK *]
[+0x058] Alertable : 0x0 [Type: unsigned char]
[+0x059] WaitNext : 0x0 [Type: unsigned char]
[+0x05a] WaitReason : 0x6 [Type: unsigned char]
[+0x05b] Priority : 13 '\r' [Type: char]

[+0x110] BasePriority : 13 '\r' [Type: char]
[+0x111] Spare4 : 0x0 [Type: unsigned char]
[+0x112] PriorityDecrement : 0 [Type: char]
[+0x113] Quantum : 36 '$' [Type: char]

if (Prcb->NextThread == NULL) {
if ((NewThread = KiSelectReadyThread(Thread->Priority, Prcb)) != NULL) {
NewThread->State = Standby;
Prcb->NextThread = NewThread;
}

} else {
Thread->Preempted = FALSE;
}

0: kd> dx -id 0,0,89831250 -r1 ((basesrv!_KPRCB *)0xffdff120)
((basesrv!_KPRCB *)0xffdff120) : 0xffdff120 [Type: _KPRCB *]
[+0x000] MinorVersion : 0x1 [Type: unsigned short]
[+0x002] MajorVersion : 0x1 [Type: unsigned short]
[+0x004] CurrentThread : 0x895f2a78 [Type: _KTHREAD *]
[+0x008] NextThread : 0x0 [Type: _KTHREAD *]
[+0x00c] IdleThread : 0x80b200c0 [Type: _KTHREAD *]

[+0x928] ReadySummary : 0x0 [Type: unsigned long]
[+0x92c] SelectNextLast : 0x0 [Type: unsigned long]
[+0x930] DispatcherReadyListHead [Type: _LIST_ENTRY [32]]

KiReleaseThreadLock(Thread);
if (Prcb->NextThread != NULL) { 不符合条件。

总体来说，时间片有加满了，优先级从15降到了13。基本优先级。