对BAT1节点_STA方法的处理之从ACPI!RestartCtxtPassive到ACPI!StartTimeSlicePassive

对BAT1节点_STA方法的处理之从ACPI!RestartCtxtPassive到ACPI!StartTimeSlicePassive
1: kd> g
Breakpoint 37 hit
eax=899b0024 ebx=00000000 ecx=899b0024 edx=00000000 esi=899b0024 edi=89985178
eip=f741f8c9 esp=f791aae8 ebp=f791ab18 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!AsyncEvalObject:
f741f8c9 55 push ebp
1: kd> kc
#
00 ACPI!AsyncEvalObject
01 ACPI!AMLIAsyncEvalObject
02 ACPI!ACPIGet
03 ACPI!IsPciDeviceWorker
04 ACPI!IsPciDevice
05 ACPI!GetOpRegionScopeWorker
06 ACPI!GetOpRegionScope
07 ACPI!PciConfigSpaceHandlerWorker
08 ACPI!PciConfigSpaceHandler
09 ACPI!InternalOpRegionHandler
0a ACPI!WriteCookAccess
0b ACPI!RunContext
0c ACPI!InsertReadyQueue
0d ACPI!RestartCtxtPassive
0e ACPI!ACPIWorker
0f nt!PspSystemThreadStartup
10 nt!KiThreadStartup
1: kd> dv
pns = 0x899b0024
pdataResult = 0x89985164
icArgs = 0n0
pdataArgs = 0x00000000
pfnAsyncCallBack = 0xf74074ae
pvContext = 0x89985138
fAsync = 0x01 ''
pctxt = 0x00000008
1: kd> db 0x899b0024
899b0024 64 a0 91 89 68 00 9b 89-ac ff 9a 89 00 00 00 00 d...h...........
899b0034 5f 48 49 44 30 f3 9a 89-ac ff 9a 89 00 00 01 00 _HID0...........
899b0044 00 00 00 00 41 d0 0a 03-00 00 00 00 00 00 00 00 ....A...........

if (fQueueContext)
{
rc = RestartContext(pctxt, FALSE); 返回到这里
}

1: kd> g
Breakpoint 36 hit
eax=00008004 ebx=899b0040 ecx=00000000 edx=00002700 esi=f7438ca8 edi=00000000
eip=f741fb55 esp=f791aac8 ebp=f791aae4 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!AsyncEvalObject+0x28c:
f741fb55 59 pop ecx
1: kd> t
eax=00008004 ebx=899b0040 ecx=89903000 edx=00002700 esi=f7438ca8 edi=00008004
eip=f741fb58 esp=f791aacc ebp=f791aae4 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!AsyncEvalObject+0x28f:
f741fb58 e9cafeffff jmp ACPI!AsyncEvalObject+0x15e (f741fa27)

rc = AsyncEvalObject(pns, pdataResult, icArgs, pdataArgs,
pfnAsyncCallBack, pvContext, TRUE);

if (rc == AMLISTA_PENDING)
rc = STATUS_PENDING;

#define AMLISTA_PENDING 0x00008004

1: kd> gu
eax=00000103 ebx=f743b938 ecx=00000000 edx=00002700 esi=89985138 edi=89985140
eip=f7407905 esp=f791ab20 ebp=f791ab74 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ACPIGet+0x24d:
f7407905 b903010000 mov ecx,103h

if (async) {

//
// Evaluate the request
//
status = AMLIAsyncEvalObject(
acpiObject,
&(request->ResultData),
argumentCount,
argumentPtr,
completionRoutine,
request
);
if (status == STATUS_PENDING) {

//
// We cannot do anything else here. Wait for the completion routine
// to fire
//
return status;

1: kd> gu
eax=00000103 ebx=00000000 ecx=00000103 edx=00002700 esi=899bf3d8 edi=00000103
eip=f740d1b7 esp=f791aba0 ebp=f791abac iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!IsPciDeviceWorker+0x71:
f740d1b7 3bc7 cmp eax,edi
1: kd> kc
#
00 ACPI!IsPciDeviceWorker
01 ACPI!IsPciDevice
02 ACPI!GetOpRegionScopeWorker
03 ACPI!GetOpRegionScope
04 ACPI!PciConfigSpaceHandlerWorker
05 ACPI!PciConfigSpaceHandler
06 ACPI!InternalOpRegionHandler
07 ACPI!WriteCookAccess
08 ACPI!RunContext
09 ACPI!InsertReadyQueue
0a ACPI!RestartCtxtPassive
0b ACPI!ACPIWorker
0c nt!PspSystemThreadStartup
0d nt!KiThreadStartup

NTSTATUS
EXPORT
IsPciDeviceWorker(
IN PNSOBJ AcpiObject,
IN NTSTATUS Status,
IN POBJDATA Result,
IN PVOID Context
)
{
if (hidObj) {

status = ACPIGetNSPnpIDAsync(
state->AcpiObject,
IsPciDeviceWorker,
(PVOID)state,
&state->Hid,
NULL);

if (status == STATUS_PENDING) {
return status;
}

1: kd> gu
eax=00000103 ebx=00000000 ecx=00000103 edx=00002700 esi=899c4150 edi=899bf400
eip=f740d401 esp=f791abb4 ebp=f791abc8 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!IsPciDevice+0x4f:
f740d401 83c410 add esp,10h
1: kd> gu
eax=00000103 ebx=00000000 ecx=00000103 edx=00002700 esi=899c4150 edi=00000800
eip=f740d4ac esp=f791abe0 ebp=f791abec iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
ACPI!GetOpRegionScopeWorker+0x62:
f740d4ac 8bd8 mov ebx,eax
1: kd> kc
#
00 ACPI!GetOpRegionScopeWorker
01 ACPI!GetOpRegionScope
02 ACPI!PciConfigSpaceHandlerWorker
03 ACPI!PciConfigSpaceHandler
04 ACPI!InternalOpRegionHandler
05 ACPI!WriteCookAccess
06 ACPI!RunContext
07 ACPI!InsertReadyQueue
08 ACPI!RestartCtxtPassive
09 ACPI!ACPIWorker
0a nt!PspSystemThreadStartup
0b nt!KiThreadStartup
NTSTATUS
EXPORT
GetOpRegionScopeWorker(
IN PNSOBJ AcpiObject,
IN NTSTATUS Status,
IN POBJDATA Result,
IN PVOID Context
)
{

status = IsPciDevice(state->Parent,
GetOpRegionScopeWorker,
(PVOID)state,
&state->IsPciDeviceResult);

if (status == STATUS_PENDING) {
return status;
}

1: kd> gu
eax=00000103 ebx=89987378 ecx=00000103 edx=00002700 esi=00000103 edi=899c4170
eip=f740d55b esp=f791abf4 ebp=f791ac08 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!GetOpRegionScope+0x55:
f740d55b 83c410 add esp,10h
1: kd> gu
eax=00000103 ebx=89987378 ecx=00000103 edx=00002700 esi=00000103 edi=899b0b80
eip=f740d68d esp=f791ac20 ebp=f791ac70 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
ACPI!PciConfigSpaceHandlerWorker+0x61:
f740d68d 3bc6 cmp eax,esi
NTSTATUS
EXPORT
PciConfigSpaceHandlerWorker(
IN PNSOBJ AcpiObject,
IN NTSTATUS CompletionStatus,
IN POBJDATA Result,
IN PVOID Context
)
{
。。。
if (!state->OpRegion->Context) {

if (!(state->Flags & PCISUPP_GOT_SCOPE)) {

state->Flags |= PCISUPP_GOT_SCOPE;

status = GetOpRegionScope(state->OpRegion,
PciConfigSpaceHandlerWorker,
(PVOID)state,
&((PNSOBJ)(state->OpRegion->Context)));

if (status == STATUS_PENDING) {
return status;
}

1: kd> gu
eax=00000103 ebx=00008000 ecx=e71d4552 edx=00002700 esi=899affac edi=899873b4
eip=f740d9dd esp=f791ac78 ebp=f791ac8c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!PciConfigSpaceHandler+0x6d:
f740d9dd 83c410 add esp,10h
1: kd> gu
eax=00000103 ebx=00008000 ecx=e71d4552 edx=00002700 esi=899affac edi=899b0b50
eip=f742813d esp=f791ac94 ebp=f791acbc iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
ACPI!InternalOpRegionHandler+0x67:
f742813d 8bf0 mov esi,eax
1: kd> gu
eax=00000103 ebx=00008000 ecx=80ae0dfa edx=80b18958 esi=8997dc08 edi=899b0134
eip=f7417e5f esp=f791acc4 ebp=f791acf4 iopl=0 nv up ei ng nz ac pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000296
ACPI!WriteCookAccess+0x242:
f7417e5f 83c420 add esp,20h
1: kd> gu
eax=00008004 ebx=f743a948 ecx=80ae0dfa edx=80b18958 esi=8997c000 edi=8997dc08
eip=f741d832 esp=f791acfc ebp=f791ad1c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!RunContext+0x122:
f741d832 83c40c add esp,0Ch

while (!IsStackEmpty(pctxt))
{
CHKDEBUGGERREQ();
pfh = (PFRAMEHDR)pctxt->LocalHeap.pbHeapEnd;
ASSERT(pfh->pfnParse != NULL);

rc = pfh->pfnParse(pctxt, pfh, rc);
if ((rc == AMLISTA_PENDING) || (rc == AMLISTA_DONE))
{
break;
}
}

跳出while循环

if (rc == AMLISTA_PENDING)
{
pctxt->dwfCtxt |= CTXTF_NEED_CALLBACK;
}

1: kd> g
Breakpoint 12 hit
eax=00000120 ebx=f743a948 ecx=f743a948 edx=00000000 esi=8997c000 edi=00008004
eip=f741d8a7 esp=f791ad08 ebp=f791ad1c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!RunContext+0x197:
f741d8a7 834e2020 or dword ptr [esi+20h],20h ds:0023:8997c020=00000120

1: kd> gu
eax=00008004 ebx=00000000 ecx=8997e000 edx=00002707 esi=8997c000 edi=00000000
eip=f7420671 esp=f791ad24 ebp=f791ad44 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!InsertReadyQueue+0x155:
f7420671 83c414 add esp,14h

else if ((gReadyQueue.pkthCurrent == NULL) &&
!(gReadyQueue.dwfCtxtQ & CQF_PAUSED))
//
// We only execute the method if we are not in paused state.
//
{
LOGSCHEDEVENT('EVAL', (ULONG_PTR)pctxt, (ULONG_PTR)
(pctxt->pnctxt? pctxt->pnctxt->pnsObj: pctxt->pnsObj),
(ULONG_PTR)pctxt->pbOp);
//
// There is no active context and we can execute it immediately.
//
rc = RunContext(pctxt);

if ((gReadyQueue.plistCtxtQ != NULL) &&
!(gReadyQueue.dwfCtxtQ & CQF_WORKITEM_SCHEDULED))
{
//
// If we have more jobs in the queue and we haven't scheduled
// a dispatch, schedule one.
//
LOGSCHEDEVENT('KICK', (ULONG_PTR)rc, 0, 0);
OSQueueWorkItem(&gReadyQueue.WorkItem);
gReadyQueue.dwfCtxtQ |= CQF_WORKITEM_SCHEDULED;
}

1: kd> x acpi!gReadyQueue
f743a928 ACPI!gReadyQueue = struct _ctxtq
1: kd> dx -r1 (*((ACPI!_ctxtq *)0xf743a928))
(*((ACPI!_ctxtq *)0xf743a928)) [Type: _ctxtq]
[+0x000] dwfCtxtQ : 0x0 [Type: unsigned long]
[+0x004] pkthCurrent : 0x0 [Type: _KTHREAD *]
[+0x008] pctxtCurrent : 0x0 [Type: _ctxt *]
[+0x00c] plistCtxtQ : 0x89903010 [Type: _List *]
[+0x010] dwmsTimeSliceLength : 0x64 [Type: unsigned long]
[+0x014] dwmsTimeSliceInterval : 0x64 [Type: unsigned long]
[+0x018] pfnPauseCallback : 0x0 [Type: void (__cdecl*)(void *)]
[+0x01c] PauseCBContext : 0x0 [Type: void *]
[+0x020] mutCtxtQ [Type: _mutex]
[+0x028] Timer [Type: _KTIMER]
[+0x050] DpcStartTimeSlice [Type: _KDPC]
[+0x070] DpcExpireTimeSlice [Type: _KDPC]
[+0x090] WorkItem [Type: _WORK_QUEUE_ITEM]
1: kd> dx -r1 (*((ACPI!_WORK_QUEUE_ITEM *)0xf743a9b8))
(*((ACPI!_WORK_QUEUE_ITEM *)0xf743a9b8)) [Type: _WORK_QUEUE_ITEM]
[+0x000] List [Type: _LIST_ENTRY]
[+0x008] WorkerRoutine : 0xf7420495 [Type: void (*)(void *)]
[+0x00c] Parameter : 0xf743a928 [Type: void *]
1: kd> u f7420495
ACPI!StartTimeSlicePassive [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\sched.c @ 93]:
f7420495 55 push ebp
f7420496 8bec mov ebp,esp
f7420498 53 push ebx
f7420499 56 push esi
f742049a 57 push edi
f742049b 6a01 push 1
f742049d bf3c3d43f7 mov edi,offset ACPI!`string' (f7433d3c)
f74204a2 57 push edi

1: kd> t
Breakpoint 34 hit
eax=00000017 ebx=00008004 ecx=8997e000 edx=00002707 esi=8997c000 edi=00000000
eip=f7413470 esp=f791ad30 ebp=f791ad44 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
ACPI!OSQueueWorkItem:
f7413470 55 push ebp
1: kd> kc
#
00 ACPI!OSQueueWorkItem
01 ACPI!InsertReadyQueue
02 ACPI!RestartCtxtPassive
03 ACPI!ACPIWorker
04 nt!PspSystemThreadStartup
05 nt!KiThreadStartup

02 ACPI!StartTimeSlicePassive 下次运行可能是ACPI!StartTimeSlicePassive
03 ACPI!ACPIWorker
04 nt!PspSystemThreadStartup
05 nt!KiThreadStartup

1: kd> gu
eax=00000041 ebx=00008004 ecx=00000041 edx=00000002 esi=8997c000 edi=00000000
eip=f74206a9 esp=f791ad38 ebp=f791ad44 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!InsertReadyQueue+0x18d:
f74206a9 830d28a943f702 or dword ptr [ACPI!gReadyQueue (f743a928)],2 ds:0023:f743a928=00000000
1: kd> gu
eax=00008004 ebx=899050e8 ecx=00000041 edx=00000002 esi=f743a948 edi=f7433e20
eip=f742079a esp=f791ad4c ebp=f791ad64 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!RestartCtxtPassive+0x54:
f742079a 56 push esi
1: kd> kc
#
00 ACPI!RestartCtxtPassive
01 ACPI!ACPIWorker
02 nt!PspSystemThreadStartup
03 nt!KiThreadStartup
1: kd> gu
Breakpoint 35 hit
eax=00000000 ebx=00000000 ecx=00010001 edx=00000000 esi=899050ec edi=f743b318
eip=f74133c5 esp=f791ad70 ebp=f791adac iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ACPIWorker+0xbf:
f74133c5 ff1534b042f7 call dword ptr [ACPI!_imp__KeGetCurrentIrql (f742b034)] ds:0023:f742b034={hal!KeGetCurrentIrql (804edc6c)}

(WorkItem->WorkerRoutine)(WorkItem->Parameter);
if (KeGetCurrentIrql() != 0) {

Status = KeWaitForMultipleObjects(ACPIMaximumObject,
&WaitObjects[0],
WaitAny,
Executive,
KernelMode,
FALSE,
NULL,
&WaitBlockArray[0]);

1: kd> p
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=899050ec edi=f743b318
eip=f7413349 esp=f791ad70 ebp=f791adac iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ACPIWorker+0x43:
f7413349 48 dec eax

typedef enum _ACPI_WORKER_OBJECT {
ACPIWorkToDo,
ACPITerminate,
ACPIMaximumObject
} ACPI_WORKER_OBJECT;

switch (Status) {

case ACPIWorkToDo:
break;

1: kd> x acpi!ACPIWorkQueue
f743b318 ACPI!ACPIWorkQueue = struct _LIST_ENTRY [ 0xf743a9b8 - 0xf743a9b8 ]
1: kd> dx -r1 (*((ACPI!_LIST_ENTRY *)0xf743b318))
(*((ACPI!_LIST_ENTRY *)0xf743b318)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0xf743a9b8 [Type: _LIST_ENTRY *]
[+0x004] Blink : 0xf743a9b8 [Type: _LIST_ENTRY *]
1: kd> dt WORK_QUEUE_ITEM 0xf743a9b8
hal!WORK_QUEUE_ITEM
+0x000 List : _LIST_ENTRY [ 0xf743b318 - 0xf743b318 ]
+0x008 WorkerRoutine : 0xf7420495 void ACPI!StartTimeSlicePassive+0
+0x00c Parameter : 0xf743a928 Void

WorkerRoutine = WorkItem->WorkerRoutine;
Parameter = WorkItem->Parameter;
(WorkItem->WorkerRoutine)(WorkItem->Parameter);

THREAD 899a1020 Cid 0004.0008 Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 0
IRP List:
899bf5b0: (0006,0190) Flags: 00000000 Mdl: 00000000
Not impersonating
DeviceMap e10003d8
Owning Process 899a2278 Image: System
Attached Process N/A Image: N/A
Wait Start TickCount 274647546 Ticks: 69 (0:00:00:01.078)
Context Switch Count 9 IdealProcessor: 0
UserTime 00:00:00.000
KernelTime 00:00:00.828
Stack Init f789b000 Current f789a1b8 Base f789b000 Limit f7898000 Call 00000000
Priority 31 BasePriority 8 PriorityDecrement 0 IoPriority 0 PagePriority 0
ChildEBP RetAddr
f789eef8 f73fb91b hal!HalpClockInterrupt+0x15a (FPO: [0,2] TrapFrame @ f789eef8) [d:\srv03rtm\base\hals\halmps\i386\mpclock.asm @ 554]
f789ef84 f73fc619 ACPI!ACPIBuildProcessGenericList+0x57 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\buildsrc.c @ 4847]
f789ef9c 80a41432 ACPI!ACPIBuildDeviceDpc+0x67 (FPO: [4,0,0]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\buildsrc.c @ 553]
f789eff4 80b00756 nt!KiRetireDpcList+0xd6 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\dpcsup.c @ 1076]
f789eff8 f789a124 nt!KiDispatchInterrupt+0x36 (FPO: [Uses EBP] [0,0,1]) [d:\srv03rtm\base\ntos\ke\i386\ctxswap.asm @ 226]
WARNING: Frame IP not in any known module. Following frames may be wrong.
80b00756 00000000 0xf789a124

THREAD 89981ca0 Cid 0004.0078 Teb: 00000000 Win32Thread: 00000000 RUNNING on processor 1
Not impersonating
DeviceMap e10003d8
Owning Process 899a2278 Image: System
Attached Process N/A Image: N/A
Wait Start TickCount 274647614 Ticks: 1 (0:00:00:00.015)
Context Switch Count 3 IdealProcessor: 1
UserTime 00:00:00.000
KernelTime 00:00:00.218
Stack Init f791b000 Current f791acc0 Base f791b000 Limit f7918000 Call 00000000
Priority 8 BasePriority 8 PriorityDecrement 0 IoPriority 0 PagePriority 0
ChildEBP RetAddr
f791ad64 f74133c5 ACPI!StartTimeSlicePassive+0x32 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\sched.c @ 98]
f791adac 80d391f0 ACPI!ACPIWorker+0xbf (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\worker.c @ 302]
f791addc 80b00d52 nt!PspSystemThreadStartup+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ps\create.c @ 2213]
00000000 00000000 nt!KiThreadStartup+0x16 [d:\srv03rtm\base\ntos\ke\i386\threadbg.asm @ 81]