Вот например system worker из тех что отсутствуют в KiWaitListHead:
dt -r1 _KTHREAD 8A8B1C98
ntdll!_KTHREAD
+0x000 Header : _DISPATCHER_HEADER
+0x000 Type : 0x6 ''
+0x001 Absolute : 0 ''
+0x002 Size : 0x70 'p'
+0x003 Inserted : 0 ''
+0x004 SignalState : 0
+0x008 WaitListHead : _LIST_ENTRY [ 0x8a8b1ca0 - 0x8a8b1ca0 ]
+0x010 MutantListHead : _LIST_ENTRY [ 0x8a8b1ca8 - 0x8a8b1ca8 ]
+0x000 Flink : 0x8a8b1ca8 _LIST_ENTRY [ 0x8a8b1ca8 - 0x8a8b1ca8 ]
+0x004 Blink : 0x8a8b1ca8 _LIST_ENTRY [ 0x8a8b1ca8 - 0x8a8b1ca8 ]
+0x018 InitialStack : 0xba4e0000
+0x01c StackLimit : 0xba4dd000
+0x020 Teb : (null)
+0x024 TlsArray : (null)
+0x028 KernelStack : 0xba4dfd24
+0x02c DebugActive : 0 ''
+0x02d State : 0x5 ''
+0x02e Alerted : [2] ""
+0x030 Iopl : 0 ''
+0x031 NpxState : 0xa ''
+0x032 Saturation : 0 ''
+0x033 Priority : 13 ''
+0x034 ApcState : _KAPC_STATE
+0x000 ApcListHead : [2] _LIST_ENTRY [ 0x8a8b1ccc - 0x8a8b1ccc ]
+0x010 Process : 0x8a8b2830 _KPROCESS
+0x014 KernelApcInProgress : 0 ''
+0x015 KernelApcPending : 0 ''
+0x016 UserApcPending : 0 ''
+0x04c ContextSwitches : 0x6eb9
+0x050 IdleSwapBlock : 0 ''
+0x051 Spare0 : [3] ""
+0x054 WaitStatus : 0
+0x058 WaitIrql : 0 ''
+0x059 WaitMode : 1 ''
+0x05a WaitNext : 0 ''
+0x05b WaitReason : 0xf ''
+0x05c WaitBlockList : 0x8a8b1d08 _KWAIT_BLOCK
+0x000 WaitListEntry : _LIST_ENTRY [ 0x8a8b1a90 - 0x80564828 ]
+0x008 Thread : 0x8a8b1c98 _KTHREAD
+0x00c Object : 0x80564820
+0x010 NextWaitBlock : 0x8a8b1d08 _KWAIT_BLOCK
+0x014 WaitKey : 0
+0x016 WaitType : 1
+0x060 WaitListEntry : _LIST_ENTRY [ 0x0 - 0x8055c4a8 ]
+0x000 Flink : (null)
+0x004 Blink : 0x8055c4a8 _LIST_ENTRY [ 0x895aab20 - 0x89a43c28 ]
+0x060 SwapListEntry : _SINGLE_LIST_ENTRY
+0x000 Next : (null)
+0x068 WaitTime : 0x46a46
+0x06c BasePriority : 13 ''
+0x06d DecrementCount : 0x10 ''
+0x06e PriorityDecrement : 0 ''
+0x06f Quantum : 3 ''
+0x070 WaitBlock : [4] _KWAIT_BLOCK
+0x000 WaitListEntry : _LIST_ENTRY [ 0x8a8b1a90 - 0x80564828 ]
+0x008 Thread : 0x8a8b1c98 _KTHREAD
+0x00c Object : 0x80564820
+0x010 NextWaitBlock : 0x8a8b1d08 _KWAIT_BLOCK
+0x014 WaitKey : 0
+0x016 WaitType : 1
+0x0d0 LegoData : (null)
+0x0d4 KernelApcDisable : 0
+0x0d8 UserAffinity : 3
+0x0dc SystemAffinityActive : 0 ''
+0x0dd PowerState : 0 ''
+0x0de NpxIrql : 0 ''
+0x0df InitialNode : 0 ''
+0x0e0 ServiceTable : 0x8055c700
+0x0e4 Queue : 0x80564820 _KQUEUE
+0x000 Header : _DISPATCHER_HEADER
+0x010 EntryListHead : _LIST_ENTRY [ 0x80564830 - 0x80564830 ]
+0x018 CurrentCount : 0
+0x01c MaximumCount : 2
+0x020 ThreadListHead : _LIST_ENTRY [ 0x8a8b1db0 - 0x89fadaa0 ]
+0x0e8 ApcQueueLock : 0
+0x0f0 Timer : _KTIMER
+0x000 Header : _DISPATCHER_HEADER
+0x010 DueTime : _ULARGE_INTEGER 0xa`644f6499
+0x018 TimerListEntry : _LIST_ENTRY [ 0x8055ce00 - 0x8a322670 ]
+0x020 Dpc : (null)
+0x024 Period : 0
+0x118 QueueListEntry : _LIST_ENTRY [ 0x8a8b1b38 - 0x80564840 ]
+0x000 Flink : 0x8a8b1b38 _LIST_ENTRY [ 0x8a8b18c0 - 0x8a8b1db0 ]
+0x004 Blink : 0x80564840 _LIST_ENTRY [ 0x8a8b1db0 - 0x89fadaa0 ]
+0x120 SoftAffinity : 3
+0x124 Affinity : 3
+0x128 Preempted : 0 ''
+0x129 ProcessReadyQueue : 0 ''
+0x12a KernelStackResident : 0 ''
+0x12b NextProcessor : 0x1 ''
+0x12c CallbackStack : (null)
+0x130 Win32Thread : (null)
+0x134 TrapFrame : (null)
+0x138 ApcStatePointer : [2] 0x8a8b1ccc _KAPC_STATE
+0x000 ApcListHead : [2] _LIST_ENTRY [ 0x8a8b1ccc - 0x8a8b1ccc ]
+0x010 Process : 0x8a8b2830 _KPROCESS
+0x014 KernelApcInProgress : 0 ''
+0x015 KernelApcPending : 0 ''
+0x016 UserApcPending : 0 ''
+0x140 PreviousMode : 0 ''
+0x141 EnableStackSwap : 0x1 ''
+0x142 LargeStack : 0 ''
+0x143 ResourceIndex : 0x1 ''
+0x144 KernelTime : 0x19
+0x148 UserTime : 0
+0x14c SavedApcState : _KAPC_STATE
+0x000 ApcListHead : [2] _LIST_ENTRY [ 0x8a8b1de4 - 0x8a8b1de4 ]
+0x010 Process : (null)
+0x014 KernelApcInProgress : 0 ''
+0x015 KernelApcPending : 0 ''
+0x016 UserApcPending : 0 ''
+0x164 Alertable : 0 ''
+0x165 ApcStateIndex : 0 ''
+0x166 ApcQueueable : 0x1 ''
+0x167 AutoAlignment : 0 ''
+0x168 StackBase : 0xba4e0000
+0x16c SuspendApc : _KAPC
+0x000 Type : 18
+0x002 Size : 48
+0x004 Spare0 : 0
+0x008 Thread : 0x8a8b1c98 _KTHREAD
+0x00c ApcListEntry : _LIST_ENTRY [ 0x0 - 0x0 ]
+0x014 KernelRoutine : 0x80502f64 void nt!KiSuspendNop+0
+0x018 RundownRoutine : 0x80502f6c void nt!PopDispatchProcessorPolicyCallout+0
+0x01c NormalRoutine : 0x80502f74 void nt!KiSuspendThread+0
+0x020 NormalContext : (null)
+0x024 SystemArgument1 : (null)
+0x028 SystemArgument2 : (null)
+0x02c ApcStateIndex : 0 ''
+0x02d ApcMode : 0 ''
+0x02e Inserted : 0 ''
+0x19c SuspendSemaphore : _KSEMAPHORE
+0x000 Header : _DISPATCHER_HEADER
+0x010 Limit : 2
+0x1b0 ThreadListEntry : _LIST_ENTRY [ 0x8a8b1bd0 - 0x8a8b2660 ]
+0x000 Flink : 0x8a8b1bd0 _LIST_ENTRY [ 0x8a8b1958 - 0x8a8b1e48 ]
+0x004 Blink : 0x8a8b2660 _LIST_ENTRY [ 0x8a8b1e48 - 0x8a8b2880 ]
+0x1b8 FreezeCount : 0 ''
+0x1b9 SuspendCount : 0 ''
+0x1ba IdealProcessor : 0x1 ''
+0x1bb DisableBoost : 0 ''
GetContextState failed, 0x80004001
Стека в памяти нету, State 5 - это WAIT
Можно даже посмотреть на чем оно ждет:
dt _DISPATCHER_HEADER 0x80564820
ntdll!_DISPATCHER_HEADER
+0x000 Type : 0x4 ''
+0x001 Absolute : 0 ''
+0x002 Size : 0xa ''
+0x003 Inserted : 0 ''
+0x004 SignalState : 0
+0x008 WaitListHead : _LIST_ENTRY [ 0x8a8b1d08 - 0x8a8b15a0 ]4 - это Queue
Приехали
Offtopic: нашлась полезная дока по курсу на основе WRK. Universities of China, канешна же
Комментариев нет:
Отправить комментарий