📄 jiurl玩玩win2k进程线程篇 ethread.htm
字号:
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<!-- saved from url=(0070)http://jiurl.cosoft.org.cn/jiurl/document/JiurlPlayWin2k/PsEthread.htm -->
<HTML><HEAD><TITLE>JIURL玩玩Win2k进程线程篇 ETHREAD</TITLE>
<META content="text/html; charset=gb2312" http-equiv=Content-Type>
<STYLE type=text/css>.title {
FONT-FAMILY: "黑体", Arial, sans-serif; FONT-SIZE: 21px; FONT-WEIGHT: bold; LINE-HEIGHT: 48px; TEXT-DECORATION: none
}
.author {
FONT-FAMILY: "宋体"; FONT-SIZE: 12px; LINE-HEIGHT: 16px
}
.content {
FONT-SIZE: 14px; LINE-HEIGHT: 20px
}
</STYLE>
<META content="MSHTML 5.00.2614.3500" name=GENERATOR></HEAD>
<BODY bgColor=#f7f7f7 topMargin=5>
<DIV align=center>
<CENTER>
<TABLE border=0 cellPadding=0 cellSpacing=0 height=29 width="96%">
<TBODY>
<TR>
<TD class=title height=41 width="100%">
<P align=center><FONT face=宋体>JIURL玩玩Win2k进程线程篇 </FONT><FONT
face=宋体>ETHREAD</FONT></P></TD></TR></CENTER>
<TR>
<TD class=author height=9 width="100%">
<P align=center><FONT face=宋体>作者: <A
href="mailto:jiurl@mail.china.com">JIURL</A> </FONT></P></TD></TR>
<TR>
<TD class=author height=6 width="100%">
<P align=center><FONT
face=宋体>
主页: <A href="http://jiurl.yeah.net/">http://jiurl.yeah.net/</A>
</FONT></P></TD></TR>
<TR>
<TD class=author height=2 width="100%">
<P align=center><FONT face=宋体> 日期: 2003-7-30</FONT>
</P></TD></TR></TBODY></TABLE></DIV>
<DIV align=center>
<CENTER>
<TABLE border=0 cellPadding=0 cellSpacing=0 height=1 width="96%">
<TBODY>
<TR>
<TD height=1 width="100%">
<HR color=#396da5 SIZE=3>
</TD></TR></TBODY></TABLE></CENTER></DIV>
<DIV align=center>
<TABLE border=0 cellPadding=0 cellSpacing=0 class=content height=4300
width="96%">
<TBODY>
<TR>
<TD height=2132 vAlign=top width="131%">
<P> 每个线程都有一个 ETHREAD 结构。Win2k Build 2195 中 ETHREAD
结构定义如下<BR><BR>kd> !strct ethread<BR>!strct ethread<BR>struct _ETHREAD
(sizeof=584)<BR>+000 struct _KTHREAD Tcb<BR>+000 struct _DISPATCHER_HEADER
Header<BR>+000 byte Type<BR>+001 byte Absolute<BR>+002 byte Size<BR>+003
byte Inserted<BR>+004 int32 SignalState<BR>+008 struct _LIST_ENTRY
WaitListHead<BR>+008 struct _LIST_ENTRY *Flink<BR>+00c struct _LIST_ENTRY
*Blink<BR>+010 struct _LIST_ENTRY MutantListHead<BR>+010 struct
_LIST_ENTRY *Flink<BR>+014 struct _LIST_ENTRY *Blink<BR>+018 void
*InitialStack<BR>+01c void *StackLimit<BR>+020 void *Teb<BR>+024 void
*TlsArray<BR>+028 void *KernelStack<BR>+02c byte DebugActive<BR>+02d byte
State<BR>+02e byte Alerted[2]<BR>+030 byte Iopl<BR>+031 byte
NpxState<BR>+032 char Saturation<BR>+033 char Priority<BR>+034 struct
_KAPC_STATE ApcState<BR>+034 struct _LIST_ENTRY ApcListHead[2]<BR>struct
_LIST_ENTRY *Flink<BR>struct _LIST_ENTRY *Blink<BR>+044 struct _KPROCESS
*Process<BR>+048 byte KernelApcInProgress<BR>+049 byte
KernelApcPending<BR>+04a byte UserApcPending<BR>+04c uint32
ContextSwitches<BR>+050 int32 WaitStatus<BR>+054 byte WaitIrql<BR>+055
char WaitMode<BR>+056 byte WaitNext<BR>+057 byte WaitReason<BR>+058 struct
_KWAIT_BLOCK *WaitBlockList<BR>+05c struct _LIST_ENTRY
WaitListEntry<BR>+05c struct _LIST_ENTRY *Flink<BR>+060 struct _LIST_ENTRY
*Blink<BR>+064 uint32 WaitTime<BR>+068 char BasePriority<BR>+069 byte
DecrementCount<BR>+06a char PriorityDecrement<BR>+06b char Quantum<BR>+06c
struct _KWAIT_BLOCK WaitBlock[4]<BR>struct _LIST_ENTRY
WaitListEntry<BR>struct _LIST_ENTRY *Flink<BR>struct _LIST_ENTRY
*Blink<BR>struct _KTHREAD *Thread<BR>void *Object<BR>struct _KWAIT_BLOCK
*NextWaitBlock<BR>uint16 WaitKey<BR>uint16 WaitType<BR>+0cc void
*LegoData<BR>+0d0 uint32 KernelApcDisable<BR>+0d4 uint32
UserAffinity<BR>+0d8 byte SystemAffinityActive<BR>+0d9 byte
PowerState<BR>+0da byte NpxIrql<BR>+0db byte Pad[1]<BR>+0dc void
*ServiceTable<BR>+0e0 struct _KQUEUE *Queue<BR>+0e4 uint32
ApcQueueLock<BR>+0e8 struct _KTIMER Timer<BR>+0e8 struct
_DISPATCHER_HEADER Header<BR>+0e8 byte Type<BR>+0e9 byte Absolute<BR>+0ea
byte Size<BR>+0eb byte Inserted<BR>+0ec int32 SignalState<BR>+0f0 struct
_LIST_ENTRY WaitListHead<BR>+0f0 struct _LIST_ENTRY *Flink<BR>+0f4 struct
_LIST_ENTRY *Blink<BR>+0f8 union _ULARGE_INTEGER DueTime<BR>+0f8 uint32
LowPart<BR>+0fc uint32 HighPart<BR>+0f8 struct __unnamed12 u<BR>+0f8
uint32 LowPart<BR>+0fc uint32 HighPart<BR>+0f8 uint64 QuadPart<BR>+100
struct _LIST_ENTRY TimerListEntry<BR>+100 struct _LIST_ENTRY
*Flink<BR>+104 struct _LIST_ENTRY *Blink<BR>+108 struct _KDPC *Dpc<BR>+10c
int32 Period<BR>+110 struct _LIST_ENTRY QueueListEntry<BR>+110 struct
_LIST_ENTRY *Flink<BR>+114 struct _LIST_ENTRY *Blink<BR>+118 uint32
Affinity<BR>+11c byte Preempted<BR>+11d byte ProcessReadyQueue<BR>+11e
byte KernelStackResident<BR>+11f byte NextProcessor<BR>+120 void
*CallbackStack<BR>+124 void *Win32Thread<BR>+128 struct _KTRAP_FRAME
*TrapFrame<BR>+12c struct _KAPC_STATE *ApcStatePointer[2]<BR>+134 char
PreviousMode<BR>+135 byte EnableStackSwap<BR>+136 byte LargeStack<BR>+137
byte ResourceIndex<BR>+138 uint32 KernelTime<BR>+13c uint32
UserTime<BR>+140 struct _KAPC_STATE SavedApcState<BR>+140 struct
_LIST_ENTRY ApcListHead[2]<BR>struct _LIST_ENTRY *Flink<BR>struct
_LIST_ENTRY *Blink<BR>+150 struct _KPROCESS *Process<BR>+154 byte
KernelApcInProgress<BR>+155 byte KernelApcPending<BR>+156 byte
UserApcPending<BR>+158 byte Alertable<BR>+159 byte ApcStateIndex<BR>+15a
byte ApcQueueable<BR>+15b byte AutoAlignment<BR>+15c void
*StackBase<BR>+160 struct _KAPC SuspendApc<BR>+160 int16 Type<BR>+162
int16 Size<BR>+164 uint32 Spare0<BR>+168 struct _KTHREAD *Thread<BR>+16c
struct _LIST_ENTRY ApcListEntry<BR>+16c struct _LIST_ENTRY *Flink<BR>+170
struct _LIST_ENTRY *Blink<BR>+174 function *KernelRoutine<BR>+178 function
*RundownRoutine<BR>+17c function *NormalRoutine<BR>+180 void
*NormalContext<BR>+184 void *SystemArgument1<BR>+188 void
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -