news 2026/4/3 6:46:18

KiLockDispatcherDatabase函数分析和KeAcquireQueuedSpinLockRaiseToSynch函数分析和全局变量nt!KiDispatcherLock的关系

作者头像

张小明

前端开发工程师

1.2k 24
文章封面图
KiLockDispatcherDatabase函数分析和KeAcquireQueuedSpinLockRaiseToSynch函数分析和全局变量nt!KiDispatcherLock的关系

KiLockDispatcherDatabase函数分析和KeAcquireQueuedSpinLockRaiseToSynch函数分析和全局变量nt!KiDispatcherLock的关系

第一部分:
#if defined(NT_UP)

#if defined(_X86_)

#define KiLockDispatcherDatabase(OldIrql) \
*(OldIrql) = KeRaiseIrqlToDpcLevel()

#else

#define KiLockDispatcherDatabase(OldIrql) \
*(OldIrql) = KeRaiseIrqlToSynchLevel()

#endif

#else // NT_UP

#define KiLockDispatcherDatabase(OldIrql) \
*(OldIrql) = KeAcquireQueuedSpinLockRaiseToSynch(LockQueueDispatcherLock)

#endif // NT_UP

KIRQL
FASTCALL
KeAcquireQueuedSpinLockRaiseToSynch (
IN KSPIN_LOCK_QUEUE_NUMBER Number
)
{
KIRQL OldIrql;

OldIrql = KfRaiseIrql(SYNCH_LEVEL);

#if !defined(NT_UP)

HalpAcquireQueuedSpinLock(&(KeGetCurrentPrcb()->LockQueue[Number]));

#endif

return OldIrql;
}

第二部分:


typedef enum _KSPIN_LOCK_QUEUE_NUMBER {
LockQueueDispatcherLock, 0
LockQueueUnusedSpare1, 1
LockQueuePfnLock, 2
LockQueueSystemSpaceLock,
LockQueueVacbLock,
LockQueueMasterLock,
LockQueueNonPagedPoolLock,
LockQueueIoCancelLock,
LockQueueWorkQueueLock,
LockQueueIoVpbLock,
LockQueueIoDatabaseLock,
LockQueueIoCompletionLock,
LockQueueNtfsStructLock,
LockQueueAfdWorkQueueLock,
LockQueueBcbLock,
LockQueueMmNonPagedPoolLock,
LockQueueMaximumLock 15
} KSPIN_LOCK_QUEUE_NUMBER, *PKSPIN_LOCK_QUEUE_NUMBER;

1: kd> dx -id 0,0,8954e020 -r1 (*((ntkrnlmp!_KSPIN_LOCK_QUEUE (*)[16])0xf7737538))
(*((ntkrnlmp!_KSPIN_LOCK_QUEUE (*)[16])0xf7737538)) [Type: _KSPIN_LOCK_QUEUE [16]]
[0] [Type: _KSPIN_LOCK_QUEUE]
[1] [Type: _KSPIN_LOCK_QUEUE]
[2] [Type: _KSPIN_LOCK_QUEUE]
[3] [Type: _KSPIN_LOCK_QUEUE]
[4] [Type: _KSPIN_LOCK_QUEUE]
[5] [Type: _KSPIN_LOCK_QUEUE]
[6] [Type: _KSPIN_LOCK_QUEUE]
[7] [Type: _KSPIN_LOCK_QUEUE]
[8] [Type: _KSPIN_LOCK_QUEUE]
[9] [Type: _KSPIN_LOCK_QUEUE]
[10] [Type: _KSPIN_LOCK_QUEUE]
[11] [Type: _KSPIN_LOCK_QUEUE]
[12] [Type: _KSPIN_LOCK_QUEUE]
[13] [Type: _KSPIN_LOCK_QUEUE]
[14] [Type: _KSPIN_LOCK_QUEUE]
[15] [Type: _KSPIN_LOCK_QUEUE]
1: kd> dx -id 0,0,8954e020 -r1 (*((ntkrnlmp!_KSPIN_LOCK_QUEUE *)0xf7737538))
(*((ntkrnlmp!_KSPIN_LOCK_QUEUE *)0xf7737538)) [Type: _KSPIN_LOCK_QUEUE]
[+0x000] Next : 0x0 [Type: _KSPIN_LOCK_QUEUE *]
[+0x004] Lock : 0x80b16800 : 0x0 [Type: unsigned long *]

1: kd> x nt!KiDispatcherLock
80b16800 nt!KiDispatcherLock = 0

第三部分:

F:\srv03rtm>grep ">LockQueue" -nri F:\srv03rtm\base\ntos\ke |grep -v "inary"
F:\srv03rtm\base\ntos\ke/amd64/queuelock.c:228: KxAcquireQueuedSpinLock(&KeGetCurrentPrcb()->LockQueue[Number]);
F:\srv03rtm\base\ntos\ke/amd64/queuelock.c:266: KxAcquireQueuedSpinLock(&KeGetCurrentPrcb()->LockQueue[Number]);
F:\srv03rtm\base\ntos\ke/amd64/queuelock.c:341: if (KxTryToAcquireQueuedSpinLock(&KeGetCurrentPrcb()->LockQueue[Number]) == FALSE) {
F:\srv03rtm\base\ntos\ke/amd64/queuelock.c:387: if (KxTryToAcquireQueuedSpinLock(&KeGetCurrentPrcb()->LockQueue[Number]) == FALSE) {
F:\srv03rtm\base\ntos\ke/amd64/queuelock.c:463: KxReleaseQueuedSpinLock(&KeGetCurrentPrcb()->LockQueue[Number]);
F:\srv03rtm\base\ntos\ke/amd64/queuelock.c:534: LockHandle->LockQueue.Lock = SpinLock;
F:\srv03rtm\base\ntos\ke/amd64/queuelock.c:535: LockHandle->LockQueue.Next = NULL;
F:\srv03rtm\base\ntos\ke/amd64/queuelock.c:536: KxAcquireQueuedSpinLock(&LockHandle->LockQueue);
F:\srv03rtm\base\ntos\ke/amd64/queuelock.c:573: LockHandle->LockQueue.Lock = SpinLock;
F:\srv03rtm\base\ntos\ke/amd64/queuelock.c:574: LockHandle->LockQueue.Next = NULL;
F:\srv03rtm\base\ntos\ke/amd64/queuelock.c:575: KxAcquireQueuedSpinLock(&LockHandle->LockQueue);
F:\srv03rtm\base\ntos\ke/amd64/queuelock.c:611: LockHandle->LockQueue.Lock = SpinLock;
F:\srv03rtm\base\ntos\ke/amd64/queuelock.c:612: LockHandle->LockQueue.Next = NULL;
F:\srv03rtm\base\ntos\ke/amd64/queuelock.c:613: KxAcquireQueuedSpinLock(&LockHandle->LockQueue);
F:\srv03rtm\base\ntos\ke/amd64/queuelock.c:645: KxReleaseQueuedSpinLock(&LockHandle->LockQueue);
F:\srv03rtm\base\ntos\ke/amd64/queuelock.c:677: KxReleaseQueuedSpinLock(&LockHandle->LockQueue);
F:\srv03rtm\base\ntos\ke/i386/misc.c:1037: LockNumber = QueuedLock - KeGetCurrentPrcb()->LockQueue;
F:\srv03rtm\base\ntos\ke/i386/misc.c:1141: KiAcquireQueuedLock(&KeGetCurrentPrcb()->LockQueue[Number]);
F:\srv03rtm\base\ntos\ke/i386/misc.c:1154: KiAcquireQueuedLock(&KeGetCurrentPrcb()->LockQueue[Number]);
F:\srv03rtm\base\ntos\ke/i386/misc.c:1175: QueuedLock = &KeGetCurrentPrcb()->LockQueue[Number];
F:\srv03rtm\base\ntos\ke/i386/misc.c:1209: KiReleaseQueuedLock(&KeGetCurrentPrcb()->LockQueue[Number]);
F:\srv03rtm\base\ntos\ke/i386/misc.c:1278: LockHandle->LockQueue.Next = NULL;
F:\srv03rtm\base\ntos\ke/i386/misc.c:1279: LockHandle->LockQueue.Lock = SpinLock;
F:\srv03rtm\base\ntos\ke/i386/misc.c:1280: KiAcquireQueuedLock(&LockHandle->LockQueue);
F:\srv03rtm\base\ntos\ke/i386/misc.c:1289: KiReleaseQueuedLock(&LockHandle->LockQueue);
F:\srv03rtm\base\ntos\ke/i386/misc.c:1330: LockNumber = QueuedLock - Prcb->LockQueue;
F:\srv03rtm\base\ntos\ke/i386/misc.c:1351: LockNumber = QueuedLock - Prcb->LockQueue;
F:\srv03rtm\base\ntos\ke/i386/misc.c:1442: KeGetCurrentPrcb()->LockQueue;
F:\srv03rtm\base\ntos\ke/i386/misc.c:1497: KeGetCurrentPrcb()->LockQueue;
F:\srv03rtm\base\ntos\ke/i386/misc.c:1513: Waiters = KiQueuedLockDepth(&KeGetCurrentPrcb()->LockQueue[LockNumber]);
F:\srv03rtm\base\ntos\ke/i386/spinlock.asm:933: push eax ; save &PRCB->LockQueue[Number]
F:\srv03rtm\base\ntos\ke/kiinit.c:208: Prcb->LockQueue[LockQueueDispatcherLock].Next = NULL;
F:\srv03rtm\base\ntos\ke/kiinit.c:209: Prcb->LockQueue[LockQueueDispatcherLock].Lock = &KiDispatcherLock;
F:\srv03rtm\base\ntos\ke/kiinit.c:211: Prcb->LockQueue[LockQueueUnusedSpare1].Next = NULL;
F:\srv03rtm\base\ntos\ke/kiinit.c:212: Prcb->LockQueue[LockQueueUnusedSpare1].Lock = NULL;
F:\srv03rtm\base\ntos\ke/kiinit.c:214: Prcb->LockQueue[LockQueuePfnLock].Next = NULL;
F:\srv03rtm\base\ntos\ke/kiinit.c:215: Prcb->LockQueue[LockQueuePfnLock].Lock = &MmPfnLock;
F:\srv03rtm\base\ntos\ke/kiinit.c:217: Prcb->LockQueue[LockQueueSystemSpaceLock].Next = NULL;
F:\srv03rtm\base\ntos\ke/kiinit.c:218: Prcb->LockQueue[LockQueueSystemSpaceLock].Lock = &MmSystemSpaceLock;
F:\srv03rtm\base\ntos\ke/kiinit.c:220: Prcb->LockQueue[LockQueueBcbLock].Next = NULL;
F:\srv03rtm\base\ntos\ke/kiinit.c:221: Prcb->LockQueue[LockQueueBcbLock].Lock = &CcBcbSpinLock;
F:\srv03rtm\base\ntos\ke/kiinit.c:223: Prcb->LockQueue[LockQueueMasterLock].Next = NULL;
F:\srv03rtm\base\ntos\ke/kiinit.c:224: Prcb->LockQueue[LockQueueMasterLock].Lock = &CcMasterSpinLock;
F:\srv03rtm\base\ntos\ke/kiinit.c:226: Prcb->LockQueue[LockQueueVacbLock].Next = NULL;
F:\srv03rtm\base\ntos\ke/kiinit.c:227: Prcb->LockQueue[LockQueueVacbLock].Lock = &CcVacbSpinLock;
F:\srv03rtm\base\ntos\ke/kiinit.c:229: Prcb->LockQueue[LockQueueWorkQueueLock].Next = NULL;
F:\srv03rtm\base\ntos\ke/kiinit.c:230: Prcb->LockQueue[LockQueueWorkQueueLock].Lock = &CcWorkQueueSpinLock;
F:\srv03rtm\base\ntos\ke/kiinit.c:232: Prcb->LockQueue[LockQueueNonPagedPoolLock].Next = NULL;
F:\srv03rtm\base\ntos\ke/kiinit.c:233: Prcb->LockQueue[LockQueueNonPagedPoolLock].Lock = &NonPagedPoolLock;
F:\srv03rtm\base\ntos\ke/kiinit.c:235: Prcb->LockQueue[LockQueueMmNonPagedPoolLock].Next = NULL;
F:\srv03rtm\base\ntos\ke/kiinit.c:236: Prcb->LockQueue[LockQueueMmNonPagedPoolLock].Lock = &MmNonPagedPoolLock;
F:\srv03rtm\base\ntos\ke/kiinit.c:238: Prcb->LockQueue[LockQueueIoCancelLock].Next = NULL;
F:\srv03rtm\base\ntos\ke/kiinit.c:239: Prcb->LockQueue[LockQueueIoCancelLock].Lock = &IopCancelSpinLock;
F:\srv03rtm\base\ntos\ke/kiinit.c:241: Prcb->LockQueue[LockQueueIoVpbLock].Next = NULL;
F:\srv03rtm\base\ntos\ke/kiinit.c:242: Prcb->LockQueue[LockQueueIoVpbLock].Lock = &IopVpbSpinLock;
F:\srv03rtm\base\ntos\ke/kiinit.c:244: Prcb->LockQueue[LockQueueIoDatabaseLock].Next = NULL;
F:\srv03rtm\base\ntos\ke/kiinit.c:245: Prcb->LockQueue[LockQueueIoDatabaseLock].Lock = &IopDatabaseLock;
F:\srv03rtm\base\ntos\ke/kiinit.c:247: Prcb->LockQueue[LockQueueIoCompletionLock].Next = NULL;
F:\srv03rtm\base\ntos\ke/kiinit.c:248: Prcb->LockQueue[LockQueueIoCompletionLock].Lock = &IopCompletionLock;
F:\srv03rtm\base\ntos\ke/kiinit.c:250: Prcb->LockQueue[LockQueueNtfsStructLock].Next = NULL;
F:\srv03rtm\base\ntos\ke/kiinit.c:251: Prcb->LockQueue[LockQueueNtfsStructLock].Lock = &NtfsStructLock;
F:\srv03rtm\base\ntos\ke/kiinit.c:253: Prcb->LockQueue[LockQueueAfdWorkQueueLock].Next = NULL;
F:\srv03rtm\base\ntos\ke/kiinit.c:254: Prcb->LockQueue[LockQueueAfdWorkQueueLock].Lock = &AfdWorkQueueSpinLock;

F:\srv03rtm>

F:\srv03rtm\base\ntos\ke/kiinit.c:215: Prcb->LockQueue[LockQueuePfnLock].Lock = &MmPfnLock;


第四部分:

1: kd> dx -id 0,0,8954e020 -r1 ((ntkrnlmp!_KPRCB *)0xf7737120)
((ntkrnlmp!_KPRCB *)0xf7737120) : 0xf7737120 [Type: _KPRCB *]
[+0x000] MinorVersion : 0x1 [Type: unsigned short]
[+0x002] MajorVersion : 0x1 [Type: unsigned short]
[+0x004] CurrentThread : 0x89804020 [Type: _KTHREAD *]
[+0x008] NextThread : 0x0 [Type: _KTHREAD *]
[+0x00c] IdleThread : 0xf7739fa0 [Type: _KTHREAD *]
[+0x010] Number : 1 [Type: char]
[+0x011] Reserved : 0 [Type: char]
[+0x012] BuildType : 0x1 [Type: unsigned short]
[+0x014] SetMember : 0x2 [Type: unsigned long]
[+0x018] CpuType : 6 [Type: char]
[+0x019] CpuID : 1 [Type: char]
[+0x01a] CpuStep : 0x503 [Type: unsigned short]
[+0x01c] ProcessorState [Type: _KPROCESSOR_STATE]
[+0x33c] KernelReserved [Type: unsigned long [16]]
[+0x37c] HalReserved [Type: unsigned long [16]]
[+0x3bc] PrcbPad0 [Type: unsigned char [92]]
[+0x418] LockQueue [Type: _KSPIN_LOCK_QUEUE [16]]


1: kd> dx -id 0,0,8954e020 -r1 (*((ntkrnlmp!_KSPIN_LOCK_QUEUE (*)[16])0xf7737538))


[2] [Type: _KSPIN_LOCK_QUEUE]


1: kd> dx -id 0,0,8954e020 -r1 (*((ntkrnlmp!_KSPIN_LOCK_QUEUE *)0xf7737548))
(*((ntkrnlmp!_KSPIN_LOCK_QUEUE *)0xf7737548)) [Type: _KSPIN_LOCK_QUEUE]
[+0x000] Next : 0x0 [Type: _KSPIN_LOCK_QUEUE *]
[+0x004] Lock : 0x80b16a80 : 0x0 [Type: unsigned long *]

1: kd> x nt!MmPfnLock
80b16a80 nt!MmPfnLock = 0

typedef enum _KSPIN_LOCK_QUEUE_NUMBER {
LockQueueDispatcherLock, 0
LockQueueUnusedSpare1, 1
LockQueuePfnLock, 2
LockQueueSystemSpaceLock,
LockQueueVacbLock,
LockQueueMasterLock,
LockQueueNonPagedPoolLock,
LockQueueIoCancelLock,
LockQueueWorkQueueLock,
LockQueueIoVpbLock,
LockQueueIoDatabaseLock,
LockQueueIoCompletionLock,
LockQueueNtfsStructLock,
LockQueueAfdWorkQueueLock,
LockQueueBcbLock,
LockQueueMmNonPagedPoolLock,
LockQueueMaximumLock 15
} KSPIN_LOCK_QUEUE_NUMBER, *PKSPIN_LOCK_QUEUE_NUMBER;

版权声明: 本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若内容造成侵权/违法违规/事实不符,请联系邮箱:809451989@qq.com进行投诉反馈,一经查实,立即删除!
网站建设 2026/3/21 18:37:50

医疗护理Agent的提醒频率该设多少?90%从业者忽略的关键数据曝光

第一章:医疗护理Agent的提醒频率在智能医疗系统中,护理Agent的核心功能之一是根据患者健康状态动态调整提醒频率。合理的提醒机制不仅能提升患者依从性,还能避免信息过载带来的干扰。影响提醒频率的关键因素 患者病情严重程度:重症…

作者头像 李华
网站建设 2026/3/28 23:47:15

会话管理_Session

目录HttpSession概述原理图应用场景HttpSession的使用getSession方法的处理逻辑HttpSession的时效性为什么要设置session的时效HttpSession概述 HttpSession是一种保留更多信息在服务端的一种技术,服务器会为每一个客户端开辟一块内存空间,即session对象…

作者头像 李华
网站建设 2026/4/2 2:41:51

Windows找不到d3dx9_38.dll文件 无法运行游戏软件 彻底修复解决

在使用电脑系统时经常会出现丢失找不到某些文件的情况,由于很多常用软件都是采用 Microsoft Visual Studio 编写的,所以这类软件的运行需要依赖微软Visual C运行库,比如像 QQ、迅雷、Adobe 软件等等,如果没有安装VC运行库或者安装…

作者头像 李华
网站建设 2026/3/27 2:10:03

彻底免费解决d3dx9_42.dll文件找不到的情况 无法运行软件或游戏

在使用电脑系统时经常会出现丢失找不到某些文件的情况,由于很多常用软件都是采用 Microsoft Visual Studio 编写的,所以这类软件的运行需要依赖微软Visual C运行库,比如像 QQ、迅雷、Adobe 软件等等,如果没有安装VC运行库或者安装…

作者头像 李华
网站建设 2026/3/31 17:06:21

免费彻底解决d3dx9_43.dll文件缺少找不到问题 无法打开游戏或软件

在使用电脑系统时经常会出现丢失找不到某些文件的情况,由于很多常用软件都是采用 Microsoft Visual Studio 编写的,所以这类软件的运行需要依赖微软Visual C运行库,比如像 QQ、迅雷、Adobe 软件等等,如果没有安装VC运行库或者安装…

作者头像 李华
网站建设 2026/3/31 0:57:04

d3dx9d_33.dll文件debug版本 免费下载 修复找不到文件问题

在使用电脑系统时经常会出现丢失找不到某些文件的情况,由于很多常用软件都是采用 Microsoft Visual Studio 编写的,所以这类软件的运行需要依赖微软Visual C运行库,比如像 QQ、迅雷、Adobe 软件等等,如果没有安装VC运行库或者安装…

作者头像 李华