世岩清上:以现代化企业展厅为战略支点,赋能企业高质量发展
2026/1/16 20:15:45
_SB总线_INI方法的处理之从ACPI!AMLIAsyncEvalObject到ACPI!ACPIWorker函数中的ACPI!RestartCtxtPassive
第0部分:
0: kd> g
Breakpoint 33 hit
eax=899afccc ebx=89981a18 ecx=0041e000 edx=00000000 esi=89906e30 edi=00000000
eip=f7415242 esp=f789ef04 ebp=f789ef60 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!AMLIAsyncEvalObject:
f7415242 55 push ebp
0: kd> kc
#
00 ACPI!AMLIAsyncEvalObject
01 ACPI!ACPIBuildProcessRunMethodPhaseRunMethod
02 ACPI!ACPIBuildProcessGenericList
03 ACPI!ACPIBuildDeviceDpc
04 nt!KiRetireDpcList
05 nt!KiDispatchInterrupt
WARNING: Frame IP not in any known module. Following frames may be wrong.
06 0x0
0: kd> g
Breakpoint 6 hit
eax=00000000 ebx=00000005 ecx=80ae0dfa edx=80b18958 esi=89906e30 edi=80b019f4
eip=f73fb914 esp=f789ef6c ebp=f789ef84 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ACPIBuildProcessGenericList+0x50:
f73fb914 85db test ebx,ebx
0: kd> g
Breakpoint 17 hit
eax=f7420746 ebx=00000000 ecx=89906dc0 edx=00000000 esi=89906dc4 edi=f743b318
eip=f74133c3 esp=f791ad6c ebp=f791adac iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ACPIWorker+0xbd:
f74133c3 ffd0 call eax {ACPI!RestartCtxtPassive (f7420746)}
第一部分:
NTSTATUS AMLIAPI AMLIAsyncEvalObject(PNSOBJ pns, POBJDATA pdataResult,
int icArgs, POBJDATA pdataArgs,
PFNACB pfnAsyncCallBack, PVOID pvContext)
{
rc =AsyncEvalObject(pns, pdataResult, icArgs, pdataArgs,
pfnAsyncCallBack, pvContext, TRUE);
NTSTATUS LOCAL AsyncEvalObject(PNSOBJ pns, POBJDATA pdataResult, int icArgs,
POBJDATA pdataArgs, PFNACB pfnAsyncCallBack,
PVOID pvContext, BOOLEAN fAsync)
{
else if (((rc =PushPost(pctxt, ProcessEvalObj, (ULONG_PTR)pns, 0,
&pctxt->Result)) == STATUS_SUCCESS) &&
((rc = ReadObject(pctxt, &pns->ObjData, &pctxt->Result)) !=
AMLISTA_PENDING))
{
fQueueContext = TRUE;
}
if (fQueueContext)
{
rc =RestartContext(pctxt, FALSE);
}
NTSTATUS LOCAL RestartContext(PCTXT pctxt, BOOLEAN fDelayExecute)
{
else if ((prest = NEWRESTOBJ(sizeof(RESTART))) != NULL)
{
pctxt->dwfCtxt |= CTXTF_NEED_CALLBACK;
prest->pctxt = pctxt;
ExInitializeWorkItem(&prest->WorkItem, RestartCtxtPassive, prest);
OSQueueWorkItem(&prest->WorkItem);
rc = AMLISTA_PENDING;
}
第二部分:当时System进程的两个线程的状态:
THREAD 899a1020 Cid 0004.0008 Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 0
IRP List:
899bf5b0: (0006,0190) Flags: 00000000 Mdl: 00000000
Not impersonating
DeviceMap e10003d8
Owning Process 899a2278 Image: System
Attached Process N/A Image: N/A
Wait Start TickCount 274647546 Ticks: 28 (0:00:00:00.437)
Context Switch Count 9 IdealProcessor: 0
UserTime 00:00:00.000
KernelTime 00:00:00.828
Stack Init f789b000 Current f789a1b8 Base f789b000 Limit f7898000 Call 00000000
Priority 31 BasePriority 8 PriorityDecrement 0 IoPriority 0 PagePriority 0
ChildEBP RetAddr
f789eef8 f73fb914 hal!HalpClockInterrupt+0x15a (FPO: [0,2] TrapFrame @ f789eef8) [d:\srv03rtm\base\hals\halmps\i386\mpclock.asm @ 554]
f789ef84 f73fc619 ACPI!ACPIBuildProcessGenericList+0x50 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\buildsrc.c @ 4847]
f789ef9c 80a41432 ACPI!ACPIBuildDeviceDpc+0x67 (FPO: [4,0,0]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\buildsrc.c @ 553]
f789eff4 80b00756 nt!KiRetireDpcList+0xd6 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\dpcsup.c @ 1076]
f789eff8 f789a124 nt!KiDispatchInterrupt+0x36 (FPO: [Uses EBP] [0,0,1]) [d:\srv03rtm\base\ntos\ke\i386\ctxswap.asm @ 226]
WARNING: Frame IP not in any known module. Following frames may be wrong.
80b00756 00000000 0xf789a124
THREAD 89981ca0 Cid 0004.0078 Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 1
Not impersonating
DeviceMap e10003d8
Owning Process 899a2278 Image: System
Attached Process N/A Image: N/A
Wait Start TickCount 274647547 Ticks: 27 (0:00:00:00.421)
Context Switch Count 2 IdealProcessor: 1
UserTime 00:00:00.000
KernelTime 00:00:00.000
Stack Init f791b000 Current f791acc0 Base f791b000 Limit f7918000 Call 00000000
Priority 8 BasePriority 8 PriorityDecrement 0 IoPriority 0 PagePriority 0
ChildEBP RetAddr
f791adac 80d391f0 ACPI!ACPIWorker+0xbd (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\worker.c @ 301]
f791addc 80b00d52 nt!PspSystemThreadStartup+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ps\create.c @ 2213]
00000000 00000000 nt!KiThreadStartup+0x16 [d:\srv03rtm\base\ntos\ke\i386\threadbg.asm @ 81]
第三部分:
1: kd> t
Breakpoint 3 hit
eax=f7420746 ebx=00000000 ecx=89906dc0 edx=00000000 esi=89906dc4 edi=f743b318
eip=f7420746 esp=f791ad68 ebp=f791adac iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!RestartCtxtPassive:
f7420746 55 push ebp
1: kd> kc
#
00 ACPI!RestartCtxtPassive
01 ACPI!ACPIWorker
02 nt!PspSystemThreadStartup
03 nt!KiThreadStartup
1: kd> kv
# ChildEBP RetAddr Args to Child
00 f791ad64 f74133c5 89906dc0 00000000 89981ca0 ACPI!RestartCtxtPassive (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\sched.c @ 376]
01 f791adac 80d391f0 00000000 00000000 00000000 ACPI!ACPIWorker+0xbf (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\worker.c @ 302]
02 f791addc 80b00d52 f7413306 00000000 00000000 nt!PspSystemThreadStartup+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ps\create.c @ 2213]
03 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 [d:\srv03rtm\base\ntos\ke\i386\threadbg.asm @ 81]
1: kd> x acpi!ACPIWorkQueue
f743b318 ACPI!ACPIWorkQueue = struct _LIST_ENTRY [ 0xf743b318 - 0xf743b318 ]
1: kd> dx -r1 (*((ACPI!_LIST_ENTRY *)0xf743b318))
(*((ACPI!_LIST_ENTRY *)0xf743b318)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0xf743b318 [Type: _LIST_ENTRY *]
[+0x004] Blink : 0xf743b318 [Type: _LIST_ENTRY *]
1: kd> dv
prest = 0x89906dc0
1: kd> dx -r1 ((ACPI!_restart *)0x89906dc0)
((ACPI!_restart *)0x89906dc0) : 0x89906dc0 [Type: _restart *]
[+0x000] pctxt : 0x8997c000 [Type: _ctxt *]
[+0x004] WorkItem [Type: _WORK_QUEUE_ITEM]
1: kd> dx -r1 ((ACPI!_ctxt *)0x8997c000)
((ACPI!_ctxt *)0x8997c000) : 0x8997c000 [Type: _ctxt *]
[+0x000] dwSig : 0x54585443 [Type: unsigned long]
[+0x004] pbCtxtEnd : 0x8997e000 : 0x54 [Type: unsigned char *]
[+0x008] listCtxt [Type: _List]
[+0x010] listQueue [Type: _List]
[+0x018] pplistCtxtQueue : 0x0 [Type: _List * *]
[+0x01c] plistResources : 0x0 [Type: _List *]
[+0x020] dwfCtxt : 0x120 [Type: unsigned long]
[+0x024] pnsObj : 0x899afccc [Type: _NSObj *]
[+0x028] pnsScope : 0x899afccc[Type: _NSObj *]
[+0x02c] powner : 0x0 [Type: _objowner *]
[+0x030] pcall : 0x0 [Type: _call *]
[+0x034] pnctxt : 0x0 [Type: _nestedctxt *]
[+0x038] dwSyncLevel : 0x0 [Type: unsigned long]
[+0x03c] pbOp : 0x0 [Type: unsigned char *]
[+0x040] Result [Type: _ObjData]
[+0x054] pfnAsyncCallBack : 0xf73fa5bc [Type: void (__cdecl*)(_NSObj *,long,_ObjData *,void *)]
[+0x058] pdataCallBack : 0x0 [Type: _ObjData *]
[+0x05c] pvContext : 0x89906e30 [Type: void *]
[+0x060] Timer [Type: _KTIMER]
[+0x088] Dpc [Type: _KDPC]
[+0x0a8] pheapCurrent : 0x8997c0bc [Type: _heap *]
[+0x0ac] CtxtData [Type: _ctxtdata]
[+0x0bc] LocalHeap [Type: _heap]
1: kd> dx -r1 ((ACPI!_NSObj *)0x899afccc)
((ACPI!_NSObj *)0x899afccc) : 0x899afccc [Type: _NSObj *]
[+0x000] list [Type: _List]
[+0x008] pnsParent : 0x899af0f0 [Type: _NSObj *]
[+0x00c] pnsFirstChild : 0x0 [Type: _NSObj *]
[+0x010] dwNameSeg : 0x494e495f [Type: unsigned long]
[+0x014] hOwner : 0x899af330 [Type: void *]
[+0x018] pnsOwnedNext : 0x899afc88 [Type: _NSObj *]
[+0x01c] ObjData [Type: _ObjData]
[+0x030] Context : 0x0 [Type: void *]
[+0x034] dwRefCount : 0x0 [Type: unsigned long]
1: kd> db 0x899afccc
899afccc 88 fc 9a 89 4c ff 9a 89-f0 f0 9a 89 00 00 00 00 ....L...........
899afcdc 5f 49 4e 49 30 f3 9a 89-88 fc 9a 89 00 00 08 00_INI0...........
899afcec 00 00 00 00 00 00 00 00-30 02 00 00 10 fd 9a 89 ........0.......
899afcfc 00 00 00 00 00 00 00 00-48 4d 45 54 3c 02 00 00 ........HMET<...
899afd0c 00 f0 9a 89 00 00 00 00-00 00 00 00 00 00 00 00 ................
899afd1c 00 00 00 00 00 a0 0b 92-93 46 4c 41 47 0a 00 a4 .........FLAG...
899afd2c 00 70 0a 01 46 4c 41 47-a0 49 11 5b 12 5c 5f 4f .p..FLAG.I.[.\_O
899afd3c 53 49 60 a0 15 5c 5f 4f-53 49 0d 4c 69 6e 75 78 SI`..\_OSI.Linux
1: kd> db 0x899af0f0
899af0f0 ac f0 9a 89 34 f1 9a 89-24 f0 9a 89 74 f4 9a 89 ....4...$...t...
899af100 5f 53 42 5f 00 00 00 00-00 00 00 00 00 00 00 00_SB_............
899af110 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
899af120 18 1a 98 89 00 00 00 00-48 4e 53 4f 44 00 00 00 ........HNSOD...
899af130 00 f0 9a 89 f0 f0 9a 89-78 f1 9a 89 24 f0 9a 89 ........x...$...
899af140 00 00 00 00 5f 53 49 5f-00 00 00 00 00 00 00 00 ...._SI_........
899af150 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
899af160 00 00 00 00 00 00 00 00-00 00 00 00 48 4e 53 4f ............HNSO
1: kd> dx -r1 (*((ACPI!_heap *)0x8997c0bc))
(*((ACPI!_heap *)0x8997c0bc)) [Type: _heap]
[+0x000] dwSig : 0x50414548 [Type: unsigned long]
[+0x004] pbHeapEnd : 0x8997df34: 0x43 [Type: unsigned char *]
[+0x008] pheapHead : 0x8997c0bc [Type: _heap *]
[+0x00c] pheapNext : 0x0 [Type: _heap *]
[+0x010] pbHeapTop : 0x8997c0d4 : 0x0 [Type: unsigned char *]
[+0x014] plistFreeHeap : 0x0 [Type: _List *]
[+0x018] Heap [Type: _heapobjhdr]
1: kd> dt framehdr 0x8997df34
ACPI!FRAMEHDR
+0x000 dwSig : 0x4c4c4143
+0x004 dwLen : 0xcc
+0x008 dwfFrame : 2
+0x00c pfnParse : 0xf7427709 long ACPI!ParseCall+0