断点nt!KiDispatchInterrupt+0x4d可以截获CurrentThread被NextThread抢占后的线程切换的情况--server03调试记录-深圳市維司達科技有限公司

第一部分：
nt!KiDispatchInterrupt+0x3b对应cmp byte ptr [ebx].PcPrcbData.PbQuantumEnd, 0 ;
如果[ebx].PcPrcbData.PbQuantumEnd=1，说明时间片用完了，会跳转调用nt!KiQuantumEnd
否则，查看NextThread是否，如果存在则把CurrentThread放到就绪队列里面，然后切换到NextThread。

;
; Check to determine if quantum end is requested.
;
; N.B. If a new thread is selected as a result of processing the quantum
; end request, then the new thread is returned with the dispatcher
; database locked. Otherwise, NULL is returned with the dispatcher
; database unlocked.
;

kdi40: sti ; enable interrupts
cmp byte ptr [ebx].PcPrcbData.PbQuantumEnd, 0 ; quantum end requested
jne kdi90 ; if neq, quantum end request

第二部分：

0: kd> g
Breakpoint 16 hit
eax=00000001 ebx=00000102 ecx=00000002 edx=00000000 esi=f7737120 edi=00000000
eip=804ee4f8 esp=f78d27e4 ebp=f78d2808 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
hal!HalRequestSoftwareInterrupt:
804ee4f8 643a0d95000000 cmp cl,byte ptr fs:[95h] fs:0030:00000095=00
1: kd> g
Breakpoint 14 hit
eax=00000041 ebx=f78d298c ecx=8999e3a0 edx=00000000 esi=00000000 edi=f71451f2
eip=80b00720 esp=f78d2890 ebp=f78d2894 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiDispatchInterrupt:
80b00720 648b1d1c000000 mov ebx,dword ptr fs:[1Ch] fs:0030:0000001c=f7737000
1: kd> dx -id 0,0,89831250 -r1 ((basesrv!_KPRCB *)0xf7737120)
((basesrv!_KPRCB *)0xf7737120) : 0xf7737120 [Type: _KPRCB *]
[+0x000] MinorVersion : 0x1 [Type: unsigned short]
[+0x002] MajorVersion : 0x1 [Type: unsigned short]
[+0x004] CurrentThread : 0x8999e3a0 [Type: _KTHREAD *]
[+0x008] NextThread : 0x89995568 [Type: _KTHREAD *]

[+0x928] ReadySummary : 0x300 [Type: unsigned long]

1: kd> dx -id 0,0,89831250 -r1 ((basesrv!_KTHREAD *)0x89995568)
((basesrv!_KTHREAD *)0x89995568) : 0x89995568 [Type: _KTHREAD *]
[+0x000] Header [Type: _DISPATCHER_HEADER]
[+0x010] MutantListHead [Type: _LIST_ENTRY]
[+0x018] InitialStack : 0xf790b000 [Type: void *]
[+0x01c] StackLimit : 0xf7908000 [Type: void *]
[+0x020] KernelStack : 0xf790ac6c [Type: void *]
[+0x024] ThreadLock : 0x0 [Type: unsigned long]
[+0x028] ContextSwitches : 0x77 [Type: unsigned long]
[+0x02c] State : 0x3 [Type: unsigned char]

[+0x05b] Priority : 16 [Type: char]

1: kd> g
Breakpoint 45 hit
eax=00000000 ebx=f7737000 ecx=8999e3a0 edx=00000000 esi=00000000 edi=f71451f2
eip=80b0075b esp=f78d2890 ebp=f78d2894 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiDispatchInterrupt+0x3b:
80b0075b 80bbe109000000 cmp byte ptr [ebx+9E1h],0 ds:0023:f77379e1=00
1: kd> p
eax=00000000 ebx=f7737000 ecx=8999e3a0 edx=00000000 esi=00000000 edi=f71451f2
eip=80b00762 esp=f78d2890 ebp=f78d2894 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiDispatchInterrupt+0x42:
80b00762 7577 jne nt!KiDispatchInterrupt+0xbb (80b007db) [br=0]
1: kd> p
eax=00000000 ebx=f7737000 ecx=8999e3a0 edx=00000000 esi=00000000 edi=f71451f2
eip=80b00764 esp=f78d2890 ebp=f78d2894 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiDispatchInterrupt+0x44:
80b00764 83bb2801000000 cmp dword ptr [ebx+128h],0 ds:0023:f7737128=89995568
1: kd> p
eax=00000000 ebx=f7737000 ecx=8999e3a0 edx=00000000 esi=00000000 edi=f71451f2
eip=80b0076b esp=f78d2890 ebp=f78d2894 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
nt!KiDispatchInterrupt+0x4b:
80b0076b 746d je nt!KiDispatchInterrupt+0xba (80b007da) [br=0]
1: kd> p
Breakpoint 48 hit
eax=00000000 ebx=f7737000 ecx=8999e3a0 edx=00000000 esi=00000000 edi=f71451f2
eip=80b0076d esp=f78d2890 ebp=f78d2894 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
nt!KiDispatchInterrupt+0x4d:
80b0076d 83ec0c sub esp,0Ch
1: kd> g
Breakpoint 38 hit
eax=00000002 ebx=f7737000 ecx=8999e3a0 edx=f7737120 esi=89995568 edi=8999e3a0
eip=80a4412e esp=f78d2880 ebp=f78d2894 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiQueueReadyThread:
80a4412e 55 push ebp

1: kd> gu
eax=00000000 ebx=f7737000 ecx=f7737ab8 edx=f7737ab8 esi=89995568 edi=8999e3a0
eip=80b007c5 esp=f78d2884 ebp=f78d2894 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!KiDispatchInterrupt+0xa5:
80b007c5 b101 mov cl,1
1: kd> dx -id 0,0,89831250 -r1 ((basesrv!_KPRCB *)0xf7737120)
((basesrv!_KPRCB *)0xf7737120) : 0xf7737120 [Type: _KPRCB *]
[+0x000] MinorVersion : 0x1 [Type: unsigned short]
[+0x002] MajorVersion : 0x1 [Type: unsigned short]
[+0x004] CurrentThread : 0x89995568 [Type: _KTHREAD *]
[+0x008] NextThread : 0x0 [Type: _KTHREAD *]

[+0x928] ReadySummary : 0x2300 [Type: unsigned long]

1: kd> dx -id 0,0,89831250 -r1 ((basesrv!_KTHREAD *)0x8999e3a0)
((basesrv!_KTHREAD *)0x8999e3a0) : 0x8999e3a0 [Type: _KTHREAD *]
[+0x000] Header [Type: _DISPATCHER_HEADER]
[+0x010] MutantListHead [Type: _LIST_ENTRY]
[+0x018] InitialStack : 0xf78d3000 [Type: void *]
[+0x01c] StackLimit : 0xf78d0000 [Type: void *]
[+0x020] KernelStack : 0xf78d28e8 [Type: void *]
[+0x024] ThreadLock : 0x0 [Type: unsigned long]
[+0x028] ContextSwitches : 0x617 [Type: unsigned long]
[+0x02c] State : 0x1 [Type: unsigned char]

[+0x113] Quantum : 7 [Type: char]

1: kd> g
Breakpoint 46 hit
eax=00000000 ebx=f7737000 ecx=f7737a01 edx=f7737ab8 esi=89995568 edi=8999e3a0
eip=80b007f0 esp=f78d2880 ebp=f78d2894 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!SwapContext:
80b007f0 51 push ecx

断点nt!KiDispatchInterrupt+0x4d可以截获CurrentThread被NextThread抢占后的线程切换的情况--server03调试记录

Open-AutoGLM安全架构设计揭秘：3步实现敏感数据跨域安全流转

Java开发实战干货：5个超实用工具类封装，告别重复造轮子！

5、超格拉斯曼代数作为量子空间的深入探究

7、考克斯特多面体沿镜面滚动的研究

智能学术解决方案：2025年10大支持LaTeX的AI论文生成平台

1、量子物理基础：从早期实验到理论发展