【数据驱动】基于时域数据的分数混沌系统的稀疏识别附Matlab代码
2026/1/11 21:34:51
ACPI!ACPIWorker函数分析和全局ACPIWorkQueue的关系和全局变量acpi!gReadyQueue和ACPI!StartTimeSlicePassive函数的关系--重要
ACPI!OSQueueWorkItem函数和ACPI!ACPIWorker函数是因果关系通过全局ACPIWorkQueue进行联系。
5 e Disable Clear f741337f [d:\srv03rtm\base\busdrv\acpi\driver\nt\worker.c @ 279] 0001 (0001) ACPI!ACPIWorker+0x79
1: kd> bl
0 e Disable Clear f74001de [d:\srv03rtm\base\busdrv\acpi\driver\nt\detect.c @ 1821] 0001 (0001) ACPI!ACPIDetectPdoDevices
1 d Enable Clear f74076b8 [d:\srv03rtm\base\busdrv\acpi\driver\nt\get.c @ 76] 0001 (0001) ACPI!ACPIGet
2 e Disable Clear f740cf7a [d:\srv03rtm\base\busdrv\acpi\driver\nt\pciopregion.c @ 1047] 0001 (0001) ACPI!GetPciAddressWorker+0x90
3 d Enable Clear f742051c [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\sched.c @ 188] 0001 (0001) ACPI!InsertReadyQueue
4 e Disable Clear f742042d [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\sched.c @ 150] 0001 (0001) ACPI!DispatchCtxtQueue+0xaf
5 e Disable Clear f741337f [d:\srv03rtm\base\busdrv\acpi\driver\nt\worker.c @ 279] 0001 (0001) ACPI!ACPIWorker+0x79
6 e Disable Clear 804f25ee [d:\srv03rtm\base\hals\halacpi\pmbus.c @ 165] 0001 (0001) hal!HalGetBusDataByOffset
7 e Disable Clear f7413470 [d:\srv03rtm\base\busdrv\acpi\driver\nt\worker.c @ 364] 0001 (0001) ACPI!OSQueueWorkItem
8 e Disable Clear f7420495 [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\sched.c @ 93] 0001 (0001) ACPI!StartTimeSlicePassive
VOID
ACPIWorker(
IN PVOID StartContext
)
{
KeAcquireSpinLock(&ACPIWorkerSpinLock, &OldIrql);
ASSERT(!IsListEmpty(&ACPIWorkQueue));
Entry = RemoveHeadList(&ACPIWorkQueue);
1: kd> kc
#
00 ACPI!ACPIWorker
01 nt!PspSystemThreadStartup
02 nt!KiThreadStartup
1: kd> kv
# ChildEBP RetAddr Args to Child
00 f791adac 80d391f0 00000000 00000000 00000000 ACPI!ACPIWorker+0x8c (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\worker.c @ 281]
01 f791addc 80b00d52 f7413306 00000000 00000000 nt!PspSystemThreadStartup+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ps\create.c @ 2213]
02 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 [d:\srv03rtm\base\ntos\ke\i386\threadbg.asm @ 81]
1: kd> x acpi!ACPIWorkQueue
f743b318 ACPI!ACPIWorkQueue = struct _LIST_ENTRY [ 0x89780fec - 0x89780fec ]
1: kd> dx -r1 (*((ACPI!_LIST_ENTRY *)0xf743b318))
(*((ACPI!_LIST_ENTRY *)0xf743b318)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0x89780fec [Type: _LIST_ENTRY *]
[+0x004] Blink : 0x89780fec [Type: _LIST_ENTRY *]
1: kd> dt WORK_QUEUE_ITEM 0x89780fec
hal!WORK_QUEUE_ITEM
+0x000 List : _LIST_ENTRY [ 0xf743b318 - 0xf743b318 ]
+0x008 WorkerRoutine : 0xf7420746 void ACPI!RestartCtxtPassive+0
+0x00c Parameter : 0x89780fe8 Void
1: kd> p
eax=f743b318 ebx=00000000 ecx=f743b360 edx=00000000 esi=89780fec edi=f743b318
eip=f7413392 esp=f791ad70 ebp=f791adac iopl=0 nv up ei ng nz na pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000287
ACPI!ACPIWorker+0x8c:
f7413392 393d18b343f7 cmp dword ptr [ACPI!ACPIWorkQueue (f743b318)],edi ds:0023:f743b318={ACPI!ACPIWorkQueue (f743b318)}
WorkerRoutine = WorkItem->WorkerRoutine;
Parameter = WorkItem->Parameter;
(WorkItem->WorkerRoutine)(WorkItem->Parameter);
1: kd> kc
#
00 ACPI!RestartCtxtPassive
01 ACPI!ACPIWorker
02 nt!PspSystemThreadStartup
03 nt!KiThreadStartup
1: kd> dv
prest = 0x89780fe8
1: kd> dx -r1 ((ACPI!_restart *)0x89780fe8)
((ACPI!_restart *)0x89780fe8) : 0x89780fe8 [Type: _restart *]
[+0x000] pctxt : 0x895c6000 [Type: _ctxt *]
[+0x004] WorkItem [Type: _WORK_QUEUE_ITEM]
VOID RestartCtxtPassive(PRESTART prest)
{
TRACENAME("RESTARTCTXTPASSIVE")
ENTER(2, ("RestartCtxtPassive(prest=%x)\n", prest));
AcquireMutex(&gReadyQueue.mutCtxtQ);
InsertReadyQueue(prest->pctxt,
(BOOLEAN)((prest->pctxt->dwfCtxt & CTXTF_ASYNC_EVAL) == 0));
ReleaseMutex(&gReadyQueue.mutCtxtQ);
FREERESTOBJ(prest);
EXIT(2, ("RestartCtxtPassive!\n"));
} //RestartCtxtPassive
1: kd> t
Breakpoint 3 hit
eax=895c6000 ebx=89780fe8 ecx=00000000 edx=00000000 esi=f743a948 edi=f7433e20
eip=f742051c esp=f791ad48 ebp=f791ad64 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!InsertReadyQueue:
f742051c 55 push ebp
1: kd> kc
#
00 ACPI!InsertReadyQueue
01 ACPI!RestartCtxtPassive
02 ACPI!ACPIWorker
03 nt!PspSystemThreadStartup
04 nt!KiThreadStartup
1: kd> kv
# ChildEBP RetAddr Args to Child
00 f791ad44 f742079a 895c6000 00000000 f743a948 ACPI!InsertReadyQueue (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\sched.c @ 188]
01 f791ad64 f74133c5 89780fe8 00000000 89981ca0 ACPI!RestartCtxtPassive+0x54 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\sched.c @ 384]
02 f791adac 80d391f0 00000000 00000000 00000000 ACPI!ACPIWorker+0xbf (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\worker.c @ 302]
03 f791addc 80b00d52 f7413306 00000000 00000000 nt!PspSystemThreadStartup+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ps\create.c @ 2213]
04 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 [d:\srv03rtm\base\ntos\ke\i386\threadbg.asm @ 81]
1: kd> dv
pctxt = 0x895c6000
fDelayExecute = 0x00 ''
else if ((gReadyQueue.pkthCurrent == NULL) &&
!(gReadyQueue.dwfCtxtQ & CQF_PAUSED))
//
// We only execute the method if we are not in paused state.
//
{
LOGSCHEDEVENT('EVAL', (ULONG_PTR)pctxt, (ULONG_PTR)
(pctxt->pnctxt? pctxt->pnctxt->pnsObj: pctxt->pnsObj),
(ULONG_PTR)pctxt->pbOp);
//
// There is no active context and we can execute it immediately.
//
rc = RunContext(pctxt);
1: kd> kc
#
00 ACPI!RunContext
01 ACPI!InsertReadyQueue
02 ACPI!RestartCtxtPassive
03 ACPI!ACPIWorker
04 nt!PspSystemThreadStartup
05 nt!KiThreadStartup
1: kd> kv
# ChildEBP RetAddr Args to Child
00 f791ad1c f7420671 895c6000 4556414c 895c6000 ACPI!RunContext (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\ctxt.c @ 537]
01 f791ad44 f742079a 895c6000 00000000 f743a948 ACPI!InsertReadyQueue+0x155 (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\sched.c @ 275]
02 f791ad64 f74133c5 89780fe8 00000000 89981ca0 ACPI!RestartCtxtPassive+0x54 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\sched.c @ 384]
03 f791adac 80d391f0 00000000 00000000 00000000 ACPI!ACPIWorker+0xbf (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\worker.c @ 302]
04 f791addc 80b00d52 f7413306 00000000 00000000 nt!PspSystemThreadStartup+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ps\create.c @ 2213]
05 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 [d:\srv03rtm\base\ntos\ke\i386\threadbg.asm @ 81]
1: kd> dv
pctxt = 0x895c6000
pctxtSave = 0xf741d710
pkthSave = 0x00000008
rc = 0n-1990434816
1: kd> dx -r1 ((ACPI!_ctxt *)0x895c6000)
((ACPI!_ctxt *)0x895c6000) : 0x895c6000 [Type: _ctxt *]
[+0x000] dwSig : 0x54585443 [Type: unsigned long]
[+0x004] pbCtxtEnd : 0x895c8000 : 0x0 [Type: unsigned char *]
[+0x008] listCtxt [Type: _List]
[+0x010] listQueue [Type: _List]
[+0x018] pplistCtxtQueue : 0x0 [Type: _List * *]
[+0x01c] plistResources : 0x0 [Type: _List *]
[+0x020] dwfCtxt : 0x128 [Type: unsigned long]
[+0x024] pnsObj : 0x8996d1e4 [Type: _NSObj *]
[+0x028] pnsScope : 0x8996d1e4 [Type: _NSObj *]
[+0x02c] powner : 0x0 [Type: _objowner *]
[+0x030] pcall : 0x0 [Type: _call *]
[+0x034] pnctxt : 0x0 [Type: _nestedctxt *]
[+0x038] dwSyncLevel : 0x0 [Type: unsigned long]
[+0x03c] pbOp : 0x0 [Type: unsigned char *]
[+0x040] Result [Type: _ObjData]
[+0x054] pfnAsyncCallBack : 0xf7407364 [Type: void (__cdecl*)(_NSObj *,long,_ObjData *,void *)]
[+0x058] pdataCallBack : 0x8996826c [Type: _ObjData *]
[+0x05c] pvContext : 0x89968240 [Type: void *]
[+0x060] Timer [Type: _KTIMER]
[+0x088] Dpc [Type: _KDPC]
[+0x0a8] pheapCurrent : 0x895c60bc [Type: _heap *]
[+0x0ac] CtxtData [Type: _ctxtdata]
[+0x0bc] LocalHeap [Type: _heap]
1: kd> dx -r1 (*((ACPI!_heap *)0x895c60bc))
(*((ACPI!_heap *)0x895c60bc)) [Type: _heap]
[+0x000] dwSig : 0x50414548 [Type: unsigned long]
[+0x004] pbHeapEnd : 0x895c7f34 : 0x43 [Type: unsigned char *]
[+0x008] pheapHead : 0x895c60bc [Type: _heap *]
[+0x00c] pheapNext : 0x0 [Type: _heap *]
[+0x010] pbHeapTop : 0x895c60d4 : 0x0 [Type: unsigned char *]
[+0x014] plistFreeHeap : 0x0 [Type: _List *]
[+0x018] Heap [Type: _heapobjhdr]
1: kd> dt framehdr 0x895c7f34
ACPI!FRAMEHDR
+0x000 dwSig : 0x4c4c4143
+0x004 dwLen : 0xcc
+0x008 dwfFrame : 2
+0x00c pfnParse : 0xf7427709 long ACPI!ParseCall+0
1: kd> dt _call 0x895c7f34
ACPI!_call
+0x000 FrameHdr : _framehdr
+0x010 pcallPrev : (null)
+0x014 pownerPrev : (null)
+0x018 pnsMethod : 0x8996d1e4 _NSObj
+0x01c iArg : 0n0
+0x020 icArgs : 0n0
+0x024 pdataArgs : (null)
+0x028 Locals : [8] _ObjData
+0x0c8 pdataResult : 0x895c6040 _ObjData
1: kd> dx -id 0,0,899a2278 -r1 ((ACPI!_NSObj *)0x8996d1e4)
((ACPI!_NSObj *)0x8996d1e4) : 0x8996d1e4 [Type: _NSObj *]
[+0x000] list [Type: _List]
[+0x008] pnsParent : 0x8996cd78 [Type: _NSObj *]
[+0x00c] pnsFirstChild : 0x0 [Type: _NSObj *]
[+0x010] dwNameSeg : 0x4154535f [Type: unsigned long]
[+0x014] hOwner : 0x899af330 [Type: void *]
[+0x018] pnsOwnedNext : 0x8996d1a0 [Type: _NSObj *]
[+0x01c] ObjData [Type: _ObjData]
[+0x030] Context : 0x0 [Type: void *]
[+0x034] dwRefCount : 0x0 [Type: unsigned long]
1: kd> db 0x8996d1e4
8996d1e4 a0 d1 96 89 54 d2 96 89-78 cd 96 89 00 00 00 00 ....T...x.......
8996d1f4 5f 53 54 41 30 f3 9a 89-a0 d1 96 89 00 00 08 00 _STA0...........
8996d204 00 00 00 00 00 00 00 00-20 00 00 00 28 d2 96 89 ........ ...(...
8996d214 00 00 00 00 00 00 00 00-48 4d 45 54 2c 00 00 00 ........HMET,...
8996d224 00 90 96 89 00 00 00 00-00 00 00 00 00 00 00 00 ................
8996d234 00 00 00 00 00 a4 7b 93-49 44 5f 5f 0c ad 15 90 ......{.ID__....
8996d244 07 0a 0f 00 48 4e 53 4f-44 00 00 00 00 90 96 89 ....HNSOD.......
8996d254 e4 d1 96 89 98 d2 96 89-78 cd 96 89 00 00 00 00 ........x.......
1: kd> db 0x8996cd78
8996cd78 38 cc 96 89 88 4f 97 89-ac ff 9a 89 f0 cd 96 89 8....O..........
8996cd88 50 32 50 30 30 f3 9a 89-38 cc 96 89 00 00 06 00 P2P00...8.......
Device (P2P0)
{
Name (_ADR, 0x00110000) // _ADR: Address
。。。
OperationRegion (REGS, PCI_Config, 0x00, 0x04)
Field (REGS, DWordAcc, NoLock, Preserve)
{
ID, 32
}
Method (_STA, 0, NotSerialized) // _STA: Status
{
Return (And (LEqual (ID, 0x079015AD), 0x0F))
}
参考:
else if ((gReadyQueue.pkthCurrent == NULL) &&
!(gReadyQueue.dwfCtxtQ & CQF_PAUSED))
//
// We only execute the method if we are not in paused state.
//
{
LOGSCHEDEVENT('EVAL', (ULONG_PTR)pctxt, (ULONG_PTR)
(pctxt->pnctxt? pctxt->pnctxt->pnsObj: pctxt->pnsObj),
(ULONG_PTR)pctxt->pbOp);
//
// There is no active context and we can execute it immediately.
//
rc = RunContext(pctxt); 返回到这里,继续下面的OSQueueWorkItem
if ((gReadyQueue.plistCtxtQ != NULL) &&
!(gReadyQueue.dwfCtxtQ & CQF_WORKITEM_SCHEDULED))
{
//
// If we have more jobs in the queue and we haven't scheduled
// a dispatch, schedule one.
//
LOGSCHEDEVENT('KICK', (ULONG_PTR)rc, 0, 0);
OSQueueWorkItem(&gReadyQueue.WorkItem);
gReadyQueue.dwfCtxtQ |= CQF_WORKITEM_SCHEDULED;
}
参考:
1: kd> g
Breakpoint 7 hit
eax=000000bd ebx=00008004 ecx=8997e000 edx=00002707 esi=895c6000 edi=00000000
eip=f7413470 esp=f791ad30 ebp=f791ad44 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
ACPI!OSQueueWorkItem:
f7413470 55 push ebp
1: kd> kc
#
00 ACPI!OSQueueWorkItem
01 ACPI!InsertReadyQueue
02 ACPI!RestartCtxtPassive
03 ACPI!ACPIWorker
04 nt!PspSystemThreadStartup
05 nt!KiThreadStartup
1: kd> dv
WorkItem = 0xf743a9b8
1: kd> dx -r1 ((ACPI!_WORK_QUEUE_ITEM *)0xf743a9b8)
((ACPI!_WORK_QUEUE_ITEM *)0xf743a9b8) : 0xf743a9b8 [Type: _WORK_QUEUE_ITEM *]
[+0x000] List [Type: _LIST_ENTRY]
[+0x008] WorkerRoutine : 0xf7420495 [Type: void (*)(void *)]
[+0x00c] Parameter : 0xf743a928 [Type: void *]
1: kd> u f7420495
ACPI!StartTimeSlicePassive [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\sched.c @ 93]:
f7420495 55 push ebp
f7420496 8bec mov ebp,esp
f7420498 53 push ebx
f7420499 56 push esi
f742049a 57 push edi
f742049b 6a01 push 1
f742049d bf3c3d43f7 mov edi,offset ACPI!`string' (f7433d3c)
f74204a2 57 push edi
1: kd> x acpi!ACPIWorkQueue
f743b318 ACPI!ACPIWorkQueue = struct _LIST_ENTRY [ 0xf743b318 - 0xf743b318 ]
1: kd> dx -r1 (*((ACPI!_LIST_ENTRY *)0xf743b318))
(*((ACPI!_LIST_ENTRY *)0xf743b318)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0xf743b318 [Type: _LIST_ENTRY *]
[+0x004] Blink : 0xf743b318 [Type: _LIST_ENTRY *]
1: kd> gu
eax=00000041 ebx=00008004 ecx=00000041 edx=00000002 esi=895c6000 edi=00000000
eip=f74206a9 esp=f791ad38 ebp=f791ad44 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!InsertReadyQueue+0x18d:
f74206a9 830d28a943f702 or dword ptr [ACPI!gReadyQueue (f743a928)],2 ds:0023:f743a928=00000000
1: kd> dx -r1 (*((ACPI!_LIST_ENTRY *)0xf743b318))
(*((ACPI!_LIST_ENTRY *)0xf743b318)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0xf743a9b8 [Type: _LIST_ENTRY *]
[+0x004] Blink : 0xf743a9b8 [Type: _LIST_ENTRY *]
1: kd> dt WORK_QUEUE_ITEM 0xf743a9b8
hal!WORK_QUEUE_ITEM
+0x000 List : _LIST_ENTRY [ 0xf743b318 - 0xf743b318 ]
+0x008 WorkerRoutine : 0xf7420495 void ACPI!StartTimeSlicePassive+0
+0x00c Parameter : 0xf743a928 Void
1: kd> bp ACPI!StartTimeSlicePassive
1: kd> g
Breakpoint 5 hit
eax=00000000 ebx=00000000 ecx=f743b360 edx=00000000 esi=89780fec edi=f743b318
eip=f741337f esp=f791ad70 ebp=f791adac iopl=0 nv up ei ng nz na pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000287
ACPI!ACPIWorker+0x79:
f741337f 8b3518b343f7 mov esi,dword ptr [ACPI!ACPIWorkQueue (f743b318)] ds:0023:f743b318=f743a9b8
解释1:
VOID
OSQueueWorkItem(
IN PWORK_QUEUE_ITEM WorkItem
)
{
//
// Insert the work item
//
KeAcquireSpinLock(&ACPIWorkerSpinLock, &OldIrql);
if (IsListEmpty(&ACPIWorkQueue)) {
KeSetEvent(&ACPIWorkToDoEvent, 0, FALSE); 这里设置了事件!!!
}
解释1:
解释2:
ACPIWorker(
IN PVOID StartContext
)
{
WaitObjects[ACPIWorkToDo] = (PVOID)&ACPIWorkToDoEvent;
WaitObjects[ACPITerminate] = (PVOID)&ACPITerminateEvent;
//
// Loop forever waiting for a work queue item, calling the processing
// routine, and then waiting for another work queue item.
//
do {
//
// Wait until something is put in the queue.
//
// By specifying a wait mode of KernelMode, the thread's kernel stack is
// not swappable
//
Status = KeWaitForMultipleObjects(ACPIMaximumObject,
&WaitObjects[0],
WaitAny,
Executive,
KernelMode,
FALSE,
NULL,
&WaitBlockArray[0]); 这里等待事件。
解释2:
1: kd> x acpi!ACPIWorkQueue
f743b318 ACPI!ACPIWorkQueue = struct _LIST_ENTRY [ 0xf743a9b8 - 0xf743a9b8 ]
1: kd> dx -r1 (*((ACPI!_LIST_ENTRY *)0xf743b318))
(*((ACPI!_LIST_ENTRY *)0xf743b318)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0xf743a9b8 [Type: _LIST_ENTRY *]
[+0x004] Blink : 0xf743a9b8 [Type: _LIST_ENTRY *]
1: kd> dt WORK_QUEUE_ITEM 0xf743a9b8
hal!WORK_QUEUE_ITEM
+0x000 List : _LIST_ENTRY [ 0xf743b318 - 0xf743b318 ]
+0x008 WorkerRoutine : 0xf7420495 void ACPI!StartTimeSlicePassive+0
+0x00c Parameter : 0xf743a928 Void
1: kd> x acpi!gReadyQueue
f743a928 ACPI!gReadyQueue = struct _ctxtq
1: kd> dx -r1 (*((ACPI!_ctxtq *)0xf743a928))
(*((ACPI!_ctxtq *)0xf743a928)) [Type: _ctxtq]
[+0x000] dwfCtxtQ : 0x2 [Type: unsigned long]
[+0x004] pkthCurrent : 0x0 [Type: _KTHREAD *]
[+0x008] pctxtCurrent : 0x0 [Type: _ctxt *]
[+0x00c] plistCtxtQ : 0x894ea010 [Type: _List *]
[+0x010] dwmsTimeSliceLength : 0x64 [Type: unsigned long]
[+0x014] dwmsTimeSliceInterval : 0x64 [Type: unsigned long]
[+0x018] pfnPauseCallback : 0x0 [Type: void (__cdecl*)(void *)]
[+0x01c] PauseCBContext : 0x0 [Type: void *]
[+0x020] mutCtxtQ [Type: _mutex]
[+0x028] Timer [Type: _KTIMER]
[+0x050] DpcStartTimeSlice [Type: _KDPC]
[+0x070] DpcExpireTimeSlice [Type: _KDPC]
[+0x090] WorkItem [Type: _WORK_QUEUE_ITEM]
WorkerRoutine = WorkItem->WorkerRoutine;
Parameter = WorkItem->Parameter;
(WorkItem->WorkerRoutine)(WorkItem->Parameter);
1: kd> t
Breakpoint 8 hit
eax=f7420495 ebx=00000000 ecx=f743a928 edx=00000000 esi=f743a9b8 edi=f743b318
eip=f7420495 esp=f791ad68 ebp=f791adac iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!StartTimeSlicePassive:
f7420495 55 push ebp
1: kd> kc
#
00 ACPI!StartTimeSlicePassive
01 ACPI!ACPIWorker
02 nt!PspSystemThreadStartup
03 nt!KiThreadStartup
1: kd> dv
pctxtq = 0xf743a928
1: kd> dx -r1 ((ACPI!_ctxtq *)0xf743a928)
((ACPI!_ctxtq *)0xf743a928) : 0xf743a928 [Type: _ctxtq *]
[+0x000] dwfCtxtQ : 0x2 [Type: unsigned long]
[+0x004] pkthCurrent : 0x0 [Type: _KTHREAD *]
[+0x008] pctxtCurrent : 0x0 [Type: _ctxt *]
[+0x00c] plistCtxtQ : 0x894ea010 [Type: _List *]
[+0x010] dwmsTimeSliceLength : 0x64 [Type: unsigned long]
[+0x014] dwmsTimeSliceInterval : 0x64 [Type: unsigned long]
[+0x018] pfnPauseCallback : 0x0 [Type: void (__cdecl*)(void *)]
[+0x01c] PauseCBContext : 0x0 [Type: void *]
[+0x020] mutCtxtQ [Type: _mutex]
[+0x028] Timer [Type: _KTIMER]
[+0x050] DpcStartTimeSlice [Type: _KDPC]
[+0x070] DpcExpireTimeSlice [Type: _KDPC]
[+0x090] WorkItem [Type: _WORK_QUEUE_ITEM]
1: kd> dx -r1 (*((ACPI!_WORK_QUEUE_ITEM *)0xf743a9b8))
(*((ACPI!_WORK_QUEUE_ITEM *)0xf743a9b8)) [Type: _WORK_QUEUE_ITEM]
[+0x000] List [Type: _LIST_ENTRY]
[+0x008] WorkerRoutine : 0xf7420495 [Type: void (*)(void *)]
[+0x00c] Parameter : 0xf743a928 [Type: void *]
1: kd> u f7420495
ACPI!StartTimeSlicePassive [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\sched.c @ 93]:
f7420495 55 push ebp
f7420496 8bec mov ebp,esp
f7420498 53 push ebx
f7420499 56 push esi
f742049a 57 push edi
f742049b 6a01 push 1
f742049d bf3c3d43f7 mov edi,offset ACPI!`string' (f7433d3c)
f74204a2 57 push edi
ACPI!StartTimeSlicePassive函数里的参数就是全局变量acpi!gReadyQueue的值
F:\srv03rtm\base\busdrv\acpi/driver/amlinew/amliapi.c:229: ExInitializeWorkItem(&gReadyQueue.WorkItem,
F:\srv03rtm\base\busdrv\acpi/driver/amlinew/amliapi.c:230: StartTimeSlicePassive, &gReadyQueue);
F:\srv03rtm\base\busdrv\acpi/driver/amlinew/amliapi.c:235: KeInitializeDpc(&gReadyQueue.DpcStartTimeSlice,
F:\srv03rtm\base\busdrv\acpi/driver/amlinew/amliapi.c:237: &gReadyQueue);
F:\srv03rtm\base\busdrv\acpi/driver/amlinew/amliapi.c:238: KeInitializeDpc(&gReadyQueue.DpcExpireTimeSlice,
F:\srv03rtm\base\busdrv\acpi/driver/amlinew/amliapi.c:240: &gReadyQueue);
全局变量acpi!gReadyQueue的成员gReadyQueue.WorkItem什么时候被赋值的?
NTSTATUS AMLIAPI AMLIInitialize(ULONG dwCtxtBlkSize, ULONG dwGlobalHeapBlkSize,
ULONG dwfAMLIInit, ULONG dwmsTimeSliceLength,
ULONG dwmsTimeSliceInterval, ULONG dwmsMaxCTObjs)
{
ExInitializeWorkItem(&gReadyQueue.WorkItem,
StartTimeSlicePassive, &gReadyQueue);
#define ExInitializeWorkItem(Item, Routine, Context) \
(Item)->WorkerRoutine = (Routine); \
(Item)->Parameter = (Context); \
(Item)->List.Flink = NULL;
全局变量acpi!gReadyQueue和ACPI!StartTimeSlicePassive函数是一回事,
ACPI!StartTimeSlicePassive的参数就是全局变量acpi!gReadyQueue!!!
参考:
WorkerRoutine = WorkItem->WorkerRoutine;
Parameter = WorkItem->Parameter;
(WorkItem->WorkerRoutine)(WorkItem->Parameter);
参考:
第三部分:
1: kd> g
Breakpoint 6 hit
eax=00000000 ebx=899ae2f8 ecx=00000100 edx=8996d118 esi=00000000 edi=00000000
eip=804f25ee esp=f791abdc ebp=f791ac48 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
hal!HalGetBusDataByOffset:
804f25ee 55 push ebp
1: kd> dv
BusDataType = PCIConfiguration (0n4)
BusNumber = 0
SlotNumber = 0x11
Buffer = 0x895c7e44
Offset = 0
Length = 4
bus = struct _BUS_HANDLER
1: kd> kc
#
00 hal!HalGetBusDataByOffset
01 ACPI!PciConfigSpaceHandlerWorker
02 ACPI!GetPciAddressWorker
03 ACPI!ACPIGetWorkerForInteger
04 ACPI!AsyncCallBack
05 ACPI!RunContext
06 ACPI!DispatchCtxtQueue
07 ACPI!StartTimeSlicePassive
08 ACPI!ACPIWorker
09 nt!PspSystemThreadStartup
0a nt!KiThreadStartup
1: kd> gu
eax=00000004 ebx=899ae2f8 ecx=00000000 edx=00000000 esi=00000000 edi=00000000
eip=f740d8c7 esp=f791abf8 ebp=f791ac48 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!PciConfigSpaceHandlerWorker+0x29b:
f740d8c7 8bf0 mov esi,eax
1: kd> db 0x895c7e44
895c7e44 ad 15 90 07 00 00 00 00-00 00 00 00 20 00 00 00 ............ ...