当前位置: 首页 > news >正文

nt!KeWaitForMultipleObjects函数分析之一个例子ExpWorkerThreadBalanceManager

news 来源:原创 2025/5/16 10:35:14

第一部分:
1: kd> dt kTHREAD 8999c8a0

   +0x02c State            : 0x2 ''
 
   +0x054 WaitBlockList    : 0x8999c940 _KWAIT_BLOCK

 第一个_KWAIT_BLOCK:

1: kd> dx -id 0,0,899a2278 -r1 ((CSRSRV!_KWAIT_BLOCK *)0x8999c940)
((CSRSRV!_KWAIT_BLOCK *)0x8999c940)                 : 0x8999c940 [Type: _KWAIT_BLOCK *]
    [+0x000] WaitListEntry    [Type: _LIST_ENTRY]
    [+0x008] Thread           : 0x8999c8a0 [Type: _KTHREAD *]
    [+0x00c] Object           : 0xf78fad78 [Type: void *]
    [+0x010] NextWaitBlock    : 0x8999c958 [Type: _KWAIT_BLOCK *]
    [+0x014] WaitKey          : 0x0 [Type: unsigned short]
    [+0x016] WaitType         : 0x1 [Type: unsigned short]

 第二个_KWAIT_BLOCK:

1: kd> dx -id 0,0,899a2278 -r1 ((CSRSRV!_KWAIT_BLOCK *)0x8999c958)
((CSRSRV!_KWAIT_BLOCK *)0x8999c958)                 : 0x8999c958 [Type: _KWAIT_BLOCK *]
    [+0x000] WaitListEntry    [Type: _LIST_ENTRY]
    [+0x008] Thread           : 0x8999c8a0 [Type: _KTHREAD *]
    [+0x00c] Object           : 0x80bf5c60 [Type: void *]                //80bf5c60          nt!ExpThreadSetManagerEvent = struct _KEVENT
    [+0x010] NextWaitBlock    : 0x8999c970 [Type: _KWAIT_BLOCK *]
    [+0x014] WaitKey          : 0x1 [Type: unsigned short]
    [+0x016] WaitType         : 0x1 [Type: unsigned short]

1: kd> x nt!ExpThreadSetManagerEvent
80bf5c60          nt!ExpThreadSetManagerEvent = struct _KEVENT

 第三个_KWAIT_BLOCK:
1: kd> dx -id 0,0,899a2278 -r1 ((CSRSRV!_KWAIT_BLOCK *)0x8999c970)
((CSRSRV!_KWAIT_BLOCK *)0x8999c970)                 : 0x8999c970 [Type: _KWAIT_BLOCK *]
    [+0x000] WaitListEntry    [Type: _LIST_ENTRY]
    [+0x008] Thread           : 0x8999c8a0 [Type: _KTHREAD *]
    [+0x00c] Object           : 0x80bf5c50 [Type: void *]                //80bf5c50          nt!ExpThreadSetManagerShutdownEvent = struct _KEVENT
    [+0x010] NextWaitBlock    : 0x8999c940 [Type: _KWAIT_BLOCK *]            //返回到    NextWaitBlock    : 0x8999c940结束
    [+0x014] WaitKey          : 0x2 [Type: unsigned short]
    [+0x016] WaitType         : 0x1 [Type: unsigned short]

1: kd> x nt!ExpThreadSetManagerShutdownEvent
80bf5c50          nt!ExpThreadSetManagerShutdownEvent = struct _KEVENT


第二部分:
1: kd> dt ktimer 0xf78fad78                            //Object           : 0xf78fad78
CSRSRV!KTIMER
   +0x000 Header           : _DISPATCHER_HEADER
   +0x010 DueTime          : _ULARGE_INTEGER 0x00002707`bbe04df6
   +0x018 TimerListEntry   : _LIST_ENTRY [ 0x0 - 0x0 ]
   +0x020 Dpc              : (null)
   +0x024 Period           : 0n0
1: kd> dx -id 0,0,899a2278 -r1 (*((CSRSRV!_DISPATCHER_HEADER *)0xf78fad78))
(*((CSRSRV!_DISPATCHER_HEADER *)0xf78fad78))                 [Type: _DISPATCHER_HEADER]
    [+0x000] Type             : 0x8 [Type: unsigned char]
    [+0x001] Absolute         : 0x0 [Type: unsigned char]
    [+0x002] Size             : 0xa [Type: unsigned char]
    [+0x003] Inserted         : 0x0 [Type: unsigned char]
    [+0x003] DebugActive      : 0x0 [Type: unsigned char]
    [+0x000] Lock             : 655368 [Type: long]
    [+0x004] SignalState      : 1 [Type: long]        //定时器到期SignalState      : 1
    [+0x008] WaitListHead     [Type: _LIST_ENTRY]


    DueTime.QuadPart = - THREAD_SET_INTERVAL;

#define THREAD_SET_INTERVAL (1 * 1000 * 1000 * 10)


1: kd> dt kevent 0x80bf5c60                80bf5c60          nt!ExpThreadSetManagerEvent = struct _KEVENT
CSRSRV!KEVENT
   +0x000 Header           : _DISPATCHER_HEADER
1: kd> dx -id 0,0,899a2278 -r1 (*((CSRSRV!_DISPATCHER_HEADER *)0x80bf5c60))
(*((CSRSRV!_DISPATCHER_HEADER *)0x80bf5c60))                 [Type: _DISPATCHER_HEADER]
    [+0x000] Type             : 0x1 [Type: unsigned char]
    [+0x001] Absolute         : 0x0 [Type: unsigned char]
    [+0x002] Size             : 0x4 [Type: unsigned char]
    [+0x003] Inserted         : 0x0 [Type: unsigned char]
    [+0x003] DebugActive      : 0x0 [Type: unsigned char]
    [+0x000] Lock             : 262145 [Type: long]
    [+0x004] SignalState      : 0 [Type: long]
    [+0x008] WaitListHead     [Type: _LIST_ENTRY]


1: kd> dt kevent 0x80bf5c50            //80bf5c50          nt!ExpThreadSetManagerShutdownEvent = struct _KEVENT
CSRSRV!KEVENT
   +0x000 Header           : _DISPATCHER_HEADER
1: kd> dx -id 0,0,899a2278 -r1 (*((CSRSRV!_DISPATCHER_HEADER *)0x80bf5c50))
(*((CSRSRV!_DISPATCHER_HEADER *)0x80bf5c50))                 [Type: _DISPATCHER_HEADER]
    [+0x000] Type             : 0x1 [Type: unsigned char]
    [+0x001] Absolute         : 0x0 [Type: unsigned char]
    [+0x002] Size             : 0x4 [Type: unsigned char]
    [+0x003] Inserted         : 0x0 [Type: unsigned char]
    [+0x003] DebugActive      : 0x0 [Type: unsigned char]
    [+0x000] Lock             : 262145 [Type: long]
    [+0x004] SignalState      : 0 [Type: long]
    [+0x008] WaitListHead     [Type: _LIST_ENTRY]


第三部分:
VOID
ExpWorkerThreadBalanceManager (
    IN PVOID StartContext
    )

{
    KTIMER PeriodTimer;
    LARGE_INTEGER DueTime;
    PVOID WaitObjects[MaximumBalanceObject];
    NTSTATUS Status;

    PAGED_CODE();

    UNREFERENCED_PARAMETER (StartContext);

    //
    // Raise the thread priority to just higher than the priority of the
    // critical work queue.
    //

    KeSetBasePriorityThread (KeGetCurrentThread(),
                             CRITICAL_WORK_QUEUE_PRIORITY + 1);

    //
    // Initialize the periodic timer and set the manager period.
    //

    KeInitializeTimer (&PeriodTimer);
    DueTime.QuadPart = - THREAD_SET_INTERVAL;

    //
    // Initialize the wait object array.
    //

    WaitObjects[TimerExpiration] = (PVOID)&PeriodTimer;
    WaitObjects[ThreadSetManagerEvent] = (PVOID)&ExpThreadSetManagerEvent;
    WaitObjects[ShutdownEvent] = (PVOID)&ExpThreadSetManagerShutdownEvent;

    //
    // Loop forever processing events.
    //

    while (TRUE) {

        //
        // Set the timer to expire at the next periodic interval.
        //

        KeSetTimer (&PeriodTimer, DueTime, NULL);

        //
        // Wake up when the timer expires or the set manager event is
        // signalled.
        //

        Status = KeWaitForMultipleObjects (MaximumBalanceObject,
                                           WaitObjects,
                                           WaitAny,
                                           Executive,
                                           KernelMode,
                                           FALSE,
                                           NULL,
                                           NULL);

        switch (Status) {

            case TimerExpiration:

                //
                // Periodic timer expiration - go see if any work queues
                // are deadlocked.
                //

                ExpDetectWorkerThreadDeadlock ();
                break;

            case ThreadSetManagerEvent:

                //
                // Someone has asked us to check some metrics to determine
                // whether we should create another worker thread.
                //

                ExpCheckDynamicThreadCount ();
                break;

            case ShutdownEvent:

                //
                // Time to exit...
                //

                KeCancelTimer (&PeriodTimer);

                ASSERT (ExpLastWorkerThread);

                //
                // Wait for the last worker thread to terminate
                //

                KeWaitForSingleObject (ExpLastWorkerThread,
                                       Executive,
                                       KernelMode,
                                       FALSE,
                                       NULL);

                ObDereferenceObject (ExpLastWorkerThread);

                PsTerminateSystemThread(STATUS_SYSTEM_SHUTDOWN);

                break;
        }

        //
        // Special debugger support.
        //
        // This checks if special debugging routines need to be run on the
        // behalf of the debugger.
        //

        if (ExpDebuggerWork == 1) {

             ExInitializeWorkItem(&ExpDebuggerWorkItem, ExpDebuggerWorker, NULL);
             ExpDebuggerWork = 2;
             ExQueueWorkItem(&ExpDebuggerWorkItem, DelayedWorkQueue);
        }
    }
}

第四部分:case TimerExpiration:分支

#define STATUS_KERNEL_APC 0x100


//
// Define balance set wait object types.
//

typedef enum _BALANCE_OBJECT {
    TimerExpiration,
    ThreadSetManagerEvent,
    ShutdownEvent,
    MaximumBalanceObject
} BALANCE_OBJECT;


        switch (Status) {

            case TimerExpiration:

                //
                // Periodic timer expiration - go see if any work queues
                // are deadlocked.
                //

                ExpDetectWorkerThreadDeadlock ();
                break;


第五部分:ExpDetectWorkerThreadDeadlock
//
// Worker Thread
//

typedef enum _WORK_QUEUE_TYPE {
    CriticalWorkQueue,
    DelayedWorkQueue,
    HyperCriticalWorkQueue,
    MaximumWorkQueue
} WORK_QUEUE_TYPE;


1: kd> x nt!ExWorkerQueue
80bf5c80          nt!ExWorkerQueue = struct _EX_WORK_QUEUE [3]
80bf5c80          nt!ExWorkerQueue = struct _EX_WORK_QUEUE []
1: kd> dx -r1 (*((ntkrnlmp!_EX_WORK_QUEUE (*)[3])0x80bf5c80))
(*((ntkrnlmp!_EX_WORK_QUEUE (*)[3])0x80bf5c80))                 [Type: _EX_WORK_QUEUE [3]]
    [0]              [Type: _EX_WORK_QUEUE]
    [1]              [Type: _EX_WORK_QUEUE]
    [2]              [Type: _EX_WORK_QUEUE]
1: kd> dx -r1 (*((ntkrnlmp!_EX_WORK_QUEUE *)0x80bf5c80))
(*((ntkrnlmp!_EX_WORK_QUEUE *)0x80bf5c80))                 [Type: _EX_WORK_QUEUE]
    [+0x000] WorkerQueue      [Type: _KQUEUE]
    [+0x028] DynamicThreadCount : 0x0 [Type: unsigned long]
    [+0x02c] WorkItemsProcessed : 0x240 [Type: unsigned long]
    [+0x030] WorkItemsProcessedLastPass : 0x23f [Type: unsigned long]
    [+0x034] QueueDepthLastPass : 0x0 [Type: unsigned long]
    [+0x038] Info             [Type: EX_QUEUE_WORKER_INFO]
1: kd> dx -r1 (*((ntkrnlmp!_EX_WORK_QUEUE *)0x80bf5cbc))
(*((ntkrnlmp!_EX_WORK_QUEUE *)0x80bf5cbc))                 [Type: _EX_WORK_QUEUE]
    [+0x000] WorkerQueue      [Type: _KQUEUE]
    [+0x028] DynamicThreadCount : 0x0 [Type: unsigned long]
    [+0x02c] WorkItemsProcessed : 0x16c [Type: unsigned long]
    [+0x030] WorkItemsProcessedLastPass : 0x16a [Type: unsigned long]
    [+0x034] QueueDepthLastPass : 0x0 [Type: unsigned long]
    [+0x038] Info             [Type: EX_QUEUE_WORKER_INFO]
1: kd> dx -r1 (*((ntkrnlmp!_EX_WORK_QUEUE *)0x80bf5cf8))
(*((ntkrnlmp!_EX_WORK_QUEUE *)0x80bf5cf8))                 [Type: _EX_WORK_QUEUE]
    [+0x000] WorkerQueue      [Type: _KQUEUE]
    [+0x028] DynamicThreadCount : 0x0 [Type: unsigned long]
    [+0x02c] WorkItemsProcessed : 0x7a [Type: unsigned long]
    [+0x030] WorkItemsProcessedLastPass : 0x79 [Type: unsigned long]
    [+0x034] QueueDepthLastPass : 0x0 [Type: unsigned long]
    [+0x038] Info             [Type: EX_QUEUE_WORKER_INFO]

相关文章:

  • 字节手撕题 小于 n 的最大整数 贪心 回溯 剪枝 全排列
  • 基于springboot的地方美食分享网站(全套)
  • 基于Flux模型的多模态可控图像生成工作流实践
  • 从零开始上手huggingface
  • 综合实验配置
  • 开源链动2+1模式、AI智能名片与S2B2C商城小程序源码在社交电商渠道拓宽中的协同应用研究
  • Linux 账号和权限管理命令选项解释
  • 深度学习——图像相似度评价指标
  • busybox的终端图形化界面菜单
  • 电缆接地电流监测系统,为电力稳定运行保驾护航
  • Linux进程间通信
  • 《Java到Go的平滑转型指南》
  • HTML CSS JS官方文档
  • Camera2 实现重力感应四个方向调试相机预览
  • [学习笔记] VM虚拟机安装Ubuntu系统
  • SpringMVC_day02
  • 【清华大学】AIGC发展研究(3.0版)
  • ROS导航工具包Navigation
  • Scikit-learn模型评估全流程解析:从数据划分到交叉验证优化
  • Java-模块二-2
  • 美官方将使用华为芯片视作违反美出口管制行为,外交部回应
  • 端午小长假前夜火车票今日开抢,多个技巧提高购票成功率
  • 董军同德国国防部长举行会谈
  • “老中青少”四代同堂,季春艳携锡剧《玲珑女》冲击梅花奖
  • 国台办:实现祖国完全统一是大势所趋、大义所在、民心所向
  • 广东省中医院脾胃病科大科主任张北平病逝,年仅52岁