ffdff000 处的结构 KPCR

ffdff000 处的结构 KPCR

ffdff000 处的结构 KPCR

作者: JIURL

                主页: http://jiurl.yeah.net

    日期: 2003-11-13

    ffdff000 处是一个叫做 KPCR 的结构,PCR 即 Processor Control Region ,处理器控制域。这是一个很有用的结构。系统本身就大量使用。

    下面是从 WinDbg 中得到的 win2k build 2195 的 KPCR 结构

struct _KPCR (sizeof=2832)
+000 struct _NT_TIB NtTib
+000 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList
+004 void *StackBase
+008 void *StackLimit
+00c void *SubSystemTib
+010 void *FiberData
+010 uint32 Version
+014 void *ArbitraryUserPointer
+018 struct _NT_TIB *Self
+01c struct _KPCR *SelfPcr
+020 struct _KPRCB *Prcb
+024 byte Irql
+028 uint32 IRR
+02c uint32 IrrActive
+030 uint32 IDR
+034 uint32 Reserved2
+038 struct _KIDTENTRY *IDT
+03c struct _KGDTENTRY *GDT
+040 struct _KTSS *TSS
+044 uint16 MajorVersion
+046 uint16 MinorVersion
+048 uint32 SetMember
+04c uint32 StallScaleFactor
+050 byte DebugActive
+051 byte Number
+052 byte VdmAlert
+053 byte Reserved[1]
+054 uint32 KernelReserved[15]
+090 uint32 SecondLevelCacheSize
+094 uint32 HalReserved[16]
+0d4 uint32 InterruptMode
+0d8 byte Spare1
+0dc uint32 KernelReserved2[17]
+120 struct _KPRCB PrcbData
+120 uint16 MinorVersion
+122 uint16 MajorVersion
+124 struct _KTHREAD *CurrentThread
+128 struct _KTHREAD *NextThread
+12c struct _KTHREAD *IdleThread
+130 char Number
+131 char Reserved
+132 uint16 BuildType
+134 uint32 SetMember
+138 char CpuType
+139 char CpuID
+13a uint16 CpuStep
+13c struct _KPROCESSOR_STATE ProcessorState
+13c struct _CONTEXT ContextFrame
+13c uint32 ContextFlags
+140 uint32 Dr0
+144 uint32 Dr1
+148 uint32 Dr2
+14c uint32 Dr3
+150 uint32 Dr6
+154 uint32 Dr7
+158 struct _FLOATING_SAVE_AREA FloatSave
+158 uint32 ControlWord
+15c uint32 StatusWord
+160 uint32 TagWord
+164 uint32 ErrorOffset
+168 uint32 ErrorSelector
+16c uint32 DataOffset
+170 uint32 DataSelector
+174 byte RegisterArea[80]
+1c4 uint32 Cr0NpxState
+1c8 uint32 SegGs
+1cc uint32 SegFs
+1d0 uint32 SegEs
+1d4 uint32 SegDs
+1d8 uint32 Edi
+1dc uint32 Esi
+1e0 uint32 Ebx
+1e4 uint32 Edx
+1e8 uint32 Ecx
+1ec uint32 Eax
+1f0 uint32 Ebp
+1f4 uint32 Eip
+1f8 uint32 SegCs
+1fc uint32 EFlags
+200 uint32 Esp
+204 uint32 SegSs
+208 byte ExtendedRegisters[512]
+408 struct _KSPECIAL_REGISTERS SpecialRegisters
+408 uint32 Cr0
+40c uint32 Cr2
+410 uint32 Cr3
+414 uint32 Cr4
+418 uint32 KernelDr0
+41c uint32 KernelDr1
+420 uint32 KernelDr2
+424 uint32 KernelDr3
+428 uint32 KernelDr6
+42c uint32 KernelDr7
+430 struct _DESCRIPTOR Gdtr
+430 uint16 Pad
+432 uint16 Limit
+434 uint32 Base
+438 struct _DESCRIPTOR Idtr
+438 uint16 Pad
+43a uint16 Limit
+43c uint32 Base
+440 uint16 Tr
+442 uint16 Ldtr
+444 uint32 Reserved[6]
+45c uint32 KernelReserved[16]
+49c uint32 HalReserved[16]
+4dc struct _KSPIN_LOCK_QUEUE LockQueue[16]
struct _KSPIN_LOCK_QUEUE *Next
uint32 *Lock
+55c struct _KTHREAD *NpxThread
+560 uint32 InterruptCount
+564 uint32 KernelTime
+568 uint32 UserTime
+56c uint32 DpcTime
+570 uint32 InterruptTime
+574 uint32 ApcBypassCount
+578 uint32 DpcBypassCount
+57c uint32 AdjustDpcThreshold
+580 uint32 DebugDpcTime
+584 uint32 Spare2[4]
+594 uint32 ThreadStartCount[2]
+59c void *SpareHotData[2]
+5a4 uint32 CcFastReadNoWait
+5a8 uint32 CcFastReadWait
+5ac uint32 CcFastReadNotPossible
+5b0 uint32 CcCopyReadNoWait
+5b4 uint32 CcCopyReadWait
+5b8 uint32 CcCopyReadNoWaitMiss
+5bc uint32 KeAlignmentFixupCount
+5c0 uint32 KeContextSwitches
+5c4 uint32 KeDcacheFlushCount
+5c8 uint32 KeExceptionDispatchCount
+5cc uint32 KeFirstLevelTbFills
+5d0 uint32 KeFloatingEmulationCount
+5d4 uint32 KeIcacheFlushCount
+5d8 uint32 KeSecondLevelTbFills
+5dc uint32 KeSystemCalls
+5e0 uint32 ReservedCounter[8]
+600 void *SmallIrpFreeEntry
+604 void *LargeIrpFreeEntry
+608 void *MdlFreeEntry
+60c void *CreateInfoFreeEntry
+610 void *NameBufferFreeEntry
+614 void *SharedCacheMapEntry
+618 uint32 CachePad0[2]
+620 struct _PP_LOOKASIDE_LIST PPLookasideList[16]
struct _NPAGED_LOOKASIDE_LIST *P
struct _NPAGED_LOOKASIDE_LIST *L
+6a0 struct _PP_LOOKASIDE_LIST PPNPagedLookasideList[8]
struct _NPAGED_LOOKASIDE_LIST *P
struct _NPAGED_LOOKASIDE_LIST *L
+6e0 struct _PP_LOOKASIDE_LIST PPPagedLookasideList[8]
struct _NPAGED_LOOKASIDE_LIST *P
struct _NPAGED_LOOKASIDE_LIST *L
+720 byte ReservedPad[128]
+7a0 void *CurrentPacket[3]
+7ac uint32 TargetSet
+7b0 function *WorkerRoutine
+7b4 uint32 IpiFrozen
+7b8 uint32 CachePad1[2]
+7c0 uint32 RequestSummary
+7c4 struct _KPRCB *SignalDone
+7c8 uint32 ReverseStall
+7cc void *IpiFrame
+7d0 uint32 CachePad2[4]
+7e0 uint32 DpcInterruptRequested
+7e4 void *ChainedInterruptList
+7e8 uint32 CachePad3[2]
+7f0 uint32 MaximumDpcQueueDepth
+7f4 uint32 MinimumDpcRate
+7f8 uint32 CachePad4[2]
+800 struct _LIST_ENTRY DpcListHead
+800 struct _LIST_ENTRY *Flink
+804 struct _LIST_ENTRY *Blink
+808 uint32 DpcQueueDepth
+80c uint32 DpcRoutineActive
+810 uint32 DpcCount
+814 uint32 DpcLastCount
+818 uint32 DpcRequestRate
+81c void *DpcStack
+820 uint32 KernelReserved2[10]
+848 uint32 DpcLock
+84c byte SkipTick
+84d byte VendorString[13]
+85c uint32 MHz
+860 uint32 FeatureBits
+868 union _LARGE_INTEGER UpdateSignature
+868 uint32 LowPart
+86c int32 HighPart
+868 struct __unnamed3 u
+868 uint32 LowPart
+86c int32 HighPart
+868 int64 QuadPart
+870 uint32 QuantumEnd
+878 struct _PROCESSOR_POWER_STATE PowerState
+878 function *IdleFunction
+87c uint32 Idle0KernelTimeLimit
+880 uint32 Idle0LastTime
+884 void *IdleState
+888 uint64 LastCheck
+890 struct PROCESSOR_IDLE_TIMES IdleTimes
+890 uint64 StartTime
+898 uint64 EndTime
+8a0 uint32 IdleHandlerReserved[4]
+8b0 uint32 IdleTime1
+8b4 uint32 PromotionCheck
+8b8 uint32 IdleTime2
+8bc byte CurrentThrottle
+8bd byte ThrottleLimit
+8be byte Spare1[2]
+8c0 uint32 SetMember
+8c4 void *AbortThrottle
+8c8 uint64 DebugDelta
+8d0 uint32 DebugCount
+8d4 uint32 LastSysTime
+8d8 uint32 Spare2[10]
+900 struct _FX_SAVE_AREA NpxSaveArea
+900 union __unnamed63 U
+900 struct _FNSAVE_FORMAT FnArea
+900 uint32 ControlWord
+904 uint32 StatusWord
+908 uint32 TagWord
+90c uint32 ErrorOffset
+910 uint32 ErrorSelector
+914 uint32 DataOffset
+918 uint32 DataSelector
+91c byte RegisterArea[80]
+900 struct _FXSAVE_FORMAT FxArea
+900 uint16 ControlWord
+902 uint16 StatusWord
+904 uint16 TagWord
+906 uint16 ErrorOpcode
+908 uint32 ErrorOffset
+90c uint32 ErrorSelector
+910 uint32 DataOffset
+914 uint32 DataSelector
+918 uint32 MXCsr
+91c uint32 Reserved2
+920 byte RegisterArea[128]
+9a0 byte Reserved3[128]
+a20 byte Reserved4[224]
+b00 byte Align16Byte[8]
+b08 uint32 NpxSavedCpu
+b0c uint32 Cr0NpxState

某一时刻 KPCR 中的值
struct _KPCR (sizeof=2832)
+000 struct _NT_TIB NtTib
+000 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList = 8046F7CC
+004 void *StackBase = 8046FE30
+008 void *StackLimit = 8046D040
+00c void *SubSystemTib = 00000000
+010 void *FiberData = 00000000
+010 uint32 Version = 00000000
+014 void *ArbitraryUserPointer = 00000000
+018 struct _NT_TIB *Self = 00000000
+01c struct _KPCR *SelfPcr = FFDFF000
+020 struct _KPRCB *Prcb = FFDFF120
+024 byte Irql = 00 .
+028 uint32 IRR = 00000000
+02c uint32 IrrActive = 00000000
+030 uint32 IDR = ffffffff
+034 uint32 Reserved2 = 00000000
+038 struct _KIDTENTRY *IDT = 80036400
+03c struct _KGDTENTRY *GDT = 80036000
+040 struct _KTSS *TSS = 80223000
+044 uint16 MajorVersion = 0001
+046 uint16 MinorVersion = 0001
+048 uint32 SetMember = 00000001
+04c uint32 StallScaleFactor = 00000064
+050 byte DebugActive = 00 .
+051 byte Number = 00 .
+052 byte VdmAlert = 00 .
+053 byte Reserved[1] = 00 .
+054 uint32 KernelReserved[15] = 00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 00000000 .... .... ....
+090 uint32 SecondLevelCacheSize = 00020000
+094 uint32 HalReserved[16] = 00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 00000000 00000000 .... .... .... ....
+0d4 uint32 InterruptMode = 00000000
+0d8 byte Spare1 = 00 .
+0dc uint32 KernelReserved2[17] = 00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 00000000 00000000 .... .... .... ....
00000000 ....
+120 struct _KPRCB PrcbData
+120 uint16 MinorVersion = 0001
+122 uint16 MajorVersion = 0001
+124 struct _KTHREAD *CurrentThread = 8046BDF0
+128 struct _KTHREAD *NextThread = 00000000
+12c struct _KTHREAD *IdleThread = 8046BDF0
+130 char Number = 00 .
+131 char Reserved = 00 .
+132 uint16 BuildType = 0002
+134 uint32 SetMember = 00000001
+138 char CpuType = 06 .
+139 char CpuID = 01 .
+13a uint16 CpuStep = 0608
+13c struct _KPROCESSOR_STATE ProcessorState
+13c struct _CONTEXT ContextFrame
+13c uint32 ContextFlags = 00010017
+140 uint32 Dr0 = 00000000
+144 uint32 Dr1 = 00000000
+148 uint32 Dr2 = 00000000
+14c uint32 Dr3 = 00000000
+150 uint32 Dr6 = 00000023
+154 uint32 Dr7 = 00000000
+158 struct _FLOATING_SAVE_AREA FloatSave
+158 uint32 ControlWord = 00000000
+15c uint32 StatusWord = 00000000
+160 uint32 TagWord = 00000000
+164 uint32 ErrorOffset = 00000000
+168 uint32 ErrorSelector = 00000000
+16c uint32 DataOffset = 00000000
+170 uint32 DataSelector = 00000000
+174 byte RegisterArea[80] = 00 00 00 00 18 fc 46 80 . . . . . . F .
70 00 43 80 00 fc 46 80 p . C . . . F .
00 00 00 00 8c f8 46 80 . . . . . . F .
17 00 01 00 00 00 00 00 . . . . . . . .
+1c4 uint32 Cr0NpxState = 00000023
+1c8 uint32 SegGs = 00000000
+1cc uint32 SegFs = 00000030
+1d0 uint32 SegEs = 00000023
+1d4 uint32 SegDs = 00000023
+1d8 uint32 Edi = fe4cf228
+1dc uint32 Esi = fe4f50e0
+1e0 uint32 Ebx = ffffffff
+1e4 uint32 Edx = 8047e684
+1e8 uint32 Ecx = 000000b1
+1ec uint32 Eax = 00000001
+1f0 uint32 Ebp = 8046fc8c
+1f4 uint32 Eip = fe1c2806
+1f8 uint32 SegCs = 00000008
+1fc uint32 EFlags = 00000246
+200 uint32 Esp = 8046fc88
+204 uint32 SegSs = 00000010
+208 byte ExtendedRegisters[512] = 10 00 00 00 10 00 00 00 . . . . . . . .
10 00 00 00 9c 6a 06 80 . . . . . j . .
9c 6a 06 80 fe 03 00 00 . j . . . . . .
00 00 00 00 88 a4 06 80 . . . . . . . .
+408 struct _KSPECIAL_REGISTERS SpecialRegisters
+408 uint32 Cr0 = 8001003b
+40c uint32 Cr2 = 77e1fe01
+410 uint32 Cr3 = 00030000
+414 uint32 Cr4 = 000002d1
+418 uint32 KernelDr0 = 00000000
+41c uint32 KernelDr1 = 00000000
+420 uint32 KernelDr2 = 00000000
+424 uint32 KernelDr3 = 00000000
+428 uint32 KernelDr6 = ffff0ff0
+42c uint32 KernelDr7 = 00000400
+430 struct _DESCRIPTOR Gdtr
+430 uint16 Pad = 0000
+432 uint16 Limit = 03ff
+434 uint32 Base = 80036000
+438 struct _DESCRIPTOR Idtr
+438 uint16 Pad = 0000
+43a uint16 Limit = 07ff
+43c uint32 Base = 80036400
+440 uint16 Tr = 0028
+442 uint16 Ldtr = 0000
+444 uint32 Reserved[6] = 00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 .... ....
+45c uint32 KernelReserved[16] = 00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 00000000 00000000 .... .... .... ....
+49c uint32 HalReserved[16] = 00000000 00001010 00000000 00000000 .... .... .... ....
00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 00000000 00000000 .... .... .... ....
+4dc struct _KSPIN_LOCK_QUEUE LockQueue[16]
+4dc LockQueue[0]
+4dc struct _KSPIN_LOCK_QUEUE *Next = 00000000
+4e0 uint32 *Lock = 00000000
+4e4 LockQueue[1]
+4e4 struct _KSPIN_LOCK_QUEUE *Next = 00000000
+4e8 uint32 *Lock = 00000000
+4ec LockQueue[2]
+4ec struct _KSPIN_LOCK_QUEUE *Next = 00000000
+4f0 uint32 *Lock = 00000000
+4f4 LockQueue[3]
+4f4 struct _KSPIN_LOCK_QUEUE *Next = 00000000
+4f8 uint32 *Lock = 00000000
+4fc LockQueue[4]
+4fc struct _KSPIN_LOCK_QUEUE *Next = 00000000
+500 uint32 *Lock = 00000000
+504 LockQueue[5]
+504 struct _KSPIN_LOCK_QUEUE *Next = 00000000
+508 uint32 *Lock = 00000000
+50c LockQueue[6]
+50c struct _KSPIN_LOCK_QUEUE *Next = 00000000
+510 uint32 *Lock = 00000000
+514 LockQueue[7]
+514 struct _KSPIN_LOCK_QUEUE *Next = 00000000
+518 uint32 *Lock = 00000000
+51c LockQueue[8]
+51c struct _KSPIN_LOCK_QUEUE *Next = 00000000
+520 uint32 *Lock = 00000000
+524 LockQueue[9]
+524 struct _KSPIN_LOCK_QUEUE *Next = 00000000
+528 uint32 *Lock = 00000000
+52c LockQueue[10]
+52c struct _KSPIN_LOCK_QUEUE *Next = 00000000
+530 uint32 *Lock = 00000000
+534 LockQueue[11]
+534 struct _KSPIN_LOCK_QUEUE *Next = 00000000
+538 uint32 *Lock = 00000000
+53c LockQueue[12]
+53c struct _KSPIN_LOCK_QUEUE *Next = 00000000
+540 uint32 *Lock = 00000000
+544 LockQueue[13]
+544 struct _KSPIN_LOCK_QUEUE *Next = 00000000
+548 uint32 *Lock = 00000000
+54c LockQueue[14]
+54c struct _KSPIN_LOCK_QUEUE *Next = 00000000
+550 uint32 *Lock = 00000000
+554 LockQueue[15]
+554 struct _KSPIN_LOCK_QUEUE *Next = 00000000
+558 uint32 *Lock = 00000000
+55c struct _KTHREAD *NpxThread = 00000000
+560 uint32 InterruptCount = 00004aca
+564 uint32 KernelTime = 00003396
+568 uint32 UserTime = 000002d9
+56c uint32 DpcTime = 0000007b
+570 uint32 InterruptTime = 000003fb
+574 uint32 ApcBypassCount = 00001709
+578 uint32 DpcBypassCount = 00000000
+57c uint32 AdjustDpcThreshold = 00000014
+580 uint32 DebugDpcTime = 00000000
+584 uint32 Spare2[4] = 00000000 00000000 00000000 00000000 .... .... .... ....
+594 uint32 ThreadStartCount[2] = 00000000 00000000 .... ....
+59c void *SpareHotData[2] = 00000000
00000000
+5a4 uint32 CcFastReadNoWait = 00000000
+5a8 uint32 CcFastReadWait = 00000000
+5ac uint32 CcFastReadNotPossible = 00000000
+5b0 uint32 CcCopyReadNoWait = 00000000
+5b4 uint32 CcCopyReadWait = 00000000
+5b8 uint32 CcCopyReadNoWaitMiss = 00000000
+5bc uint32 KeAlignmentFixupCount = 00000000
+5c0 uint32 KeContextSwitches = 0000b897
+5c4 uint32 KeDcacheFlushCount = 00000000
+5c8 uint32 KeExceptionDispatchCount = 000007fe
+5cc uint32 KeFirstLevelTbFills = 00000000
+5d0 uint32 KeFloatingEmulationCount = 00000000
+5d4 uint32 KeIcacheFlushCount = 00000000
+5d8 uint32 KeSecondLevelTbFills = 00000000
+5dc uint32 KeSystemCalls = 00050211
+5e0 uint32 ReservedCounter[8] = 00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 00000000 00000000 .... .... .... ....
+600 void *SmallIrpFreeEntry = 00000000
+604 void *LargeIrpFreeEntry = 00000000
+608 void *MdlFreeEntry = 00000000
+60c void *CreateInfoFreeEntry = 00000000
+610 void *NameBufferFreeEntry = 00000000
+614 void *SharedCacheMapEntry = 00000000
+618 uint32 CachePad0[2] = 00000000 00000000 .... ....
+620 struct _PP_LOOKASIDE_LIST PPLookasideList[16]
+620 PPLookasideList[0]
+620 struct _NPAGED_LOOKASIDE_LIST *P = FE4EC808
+624 struct _NPAGED_LOOKASIDE_LIST *L = 804758A0
+628 PPLookasideList[1]
+628 struct _NPAGED_LOOKASIDE_LIST *P = FE4EC868
+62c struct _NPAGED_LOOKASIDE_LIST *L = 804756A0
+630 PPLookasideList[2]
+630 struct _NPAGED_LOOKASIDE_LIST *P = FE4EC7A8
+634 struct _NPAGED_LOOKASIDE_LIST *L = 80475740
+638 PPLookasideList[3]
+638 struct _NPAGED_LOOKASIDE_LIST *P = FE4F4748
+63c struct _NPAGED_LOOKASIDE_LIST *L = 8047F8A0
+640 PPLookasideList[4]
+640 struct _NPAGED_LOOKASIDE_LIST *P = FE4F46E8
+644 struct _NPAGED_LOOKASIDE_LIST *L = 8047F900
+648 PPLookasideList[5]
+648 struct _NPAGED_LOOKASIDE_LIST *P = FE4F1168
+64c struct _NPAGED_LOOKASIDE_LIST *L = 80472100
+650 PPLookasideList[6]
+650 struct _NPAGED_LOOKASIDE_LIST *P = FE4EC8C8
+654 struct _NPAGED_LOOKASIDE_LIST *L = 80475800
+658 PPLookasideList[7]
+658 struct _NPAGED_LOOKASIDE_LIST *P = 00000000
+65c struct _NPAGED_LOOKASIDE_LIST *L = 00000000
+660 PPLookasideList[8]
+660 struct _NPAGED_LOOKASIDE_LIST *P = 00000000
+664 struct _NPAGED_LOOKASIDE_LIST *L = 00000000
+668 PPLookasideList[9]
+668 struct _NPAGED_LOOKASIDE_LIST *P = 00000000
+66c struct _NPAGED_LOOKASIDE_LIST *L = 00000000
+670 PPLookasideList[10]
+670 struct _NPAGED_LOOKASIDE_LIST *P = 00000000
+674 struct _NPAGED_LOOKASIDE_LIST *L = 00000000
+678 PPLookasideList[11]
+678 struct _NPAGED_LOOKASIDE_LIST *P = 00000000
+67c struct _NPAGED_LOOKASIDE_LIST *L = 00000000
+680 PPLookasideList[12]
+680 struct _NPAGED_LOOKASIDE_LIST *P = 00000000
+684 struct _NPAGED_LOOKASIDE_LIST *L = 00000000
+688 PPLookasideList[13]
+688 struct _NPAGED_LOOKASIDE_LIST *P = 00000000
+68c struct _NPAGED_LOOKASIDE_LIST *L = 00000000
+690 PPLookasideList[14]
+690 struct _NPAGED_LOOKASIDE_LIST *P = 00000000
+694 struct _NPAGED_LOOKASIDE_LIST *L = 00000000
+698 PPLookasideList[15]
+698 struct _NPAGED_LOOKASIDE_LIST *P = 00000000
+69c struct _NPAGED_LOOKASIDE_LIST *L = 00000000
+6a0 struct _PP_LOOKASIDE_LIST PPNPagedLookasideList[8]
+6a0 PPNPagedLookasideList[0]
+6a0 struct _NPAGED_LOOKASIDE_LIST *P = FE4F2308
+6a4 struct _NPAGED_LOOKASIDE_LIST *L = 80472A00
+6a8 PPNPagedLookasideList[1]
+6a8 struct _NPAGED_LOOKASIDE_LIST *P = FE4F1BA8
+6ac struct _NPAGED_LOOKASIDE_LIST *L = 80472A50
+6b0 PPNPagedLookasideList[2]
+6b0 struct _NPAGED_LOOKASIDE_LIST *P = FE4F1AE8
+6b4 struct _NPAGED_LOOKASIDE_LIST *L = 80472AA0
+6b8 PPNPagedLookasideList[3]
+6b8 struct _NPAGED_LOOKASIDE_LIST *P = FE4F1A28
+6bc struct _NPAGED_LOOKASIDE_LIST *L = 80472AF0
+6c0 PPNPagedLookasideList[4]
+6c0 struct _NPAGED_LOOKASIDE_LIST *P = FE4F1968
+6c4 struct _NPAGED_LOOKASIDE_LIST *L = 80472B40
+6c8 PPNPagedLookasideList[5]
+6c8 struct _NPAGED_LOOKASIDE_LIST *P = FE4F18A8
+6cc struct _NPAGED_LOOKASIDE_LIST *L = 80472B90
+6d0 PPNPagedLookasideList[6]
+6d0 struct _NPAGED_LOOKASIDE_LIST *P = FE4F17E8
+6d4 struct _NPAGED_LOOKASIDE_LIST *L = 80472BE0
+6d8 PPNPagedLookasideList[7]
+6d8 struct _NPAGED_LOOKASIDE_LIST *P = FE4F1728
+6dc struct _NPAGED_LOOKASIDE_LIST *L = 80472C30
+6e0 struct _PP_LOOKASIDE_LIST PPPagedLookasideList[8]
+6e0 PPPagedLookasideList[0]
+6e0 struct _NPAGED_LOOKASIDE_LIST *P = FE4F22A8
+6e4 struct _NPAGED_LOOKASIDE_LIST *L = 80472CA0
+6e8 PPPagedLookasideList[1]
+6e8 struct _NPAGED_LOOKASIDE_LIST *P = FE4F1B48
+6ec struct _NPAGED_LOOKASIDE_LIST *L = 80472CF0
+6f0 PPPagedLookasideList[2]
+6f0 struct _NPAGED_LOOKASIDE_LIST *P = FE4F1A88
+6f4 struct _NPAGED_LOOKASIDE_LIST *L = 80472D40
+6f8 PPPagedLookasideList[3]
+6f8 struct _NPAGED_LOOKASIDE_LIST *P = FE4F19C8
+6fc struct _NPAGED_LOOKASIDE_LIST *L = 80472D90
+700 PPPagedLookasideList[4]
+700 struct _NPAGED_LOOKASIDE_LIST *P = FE4F1908
+704 struct _NPAGED_LOOKASIDE_LIST *L = 80472DE0
+708 PPPagedLookasideList[5]
+708 struct _NPAGED_LOOKASIDE_LIST *P = FE4F1848
+70c struct _NPAGED_LOOKASIDE_LIST *L = 80472E30
+710 PPPagedLookasideList[6]
+710 struct _NPAGED_LOOKASIDE_LIST *P = FE4F1788
+714 struct _NPAGED_LOOKASIDE_LIST *L = 80472E80
+718 PPPagedLookasideList[7]
+718 struct _NPAGED_LOOKASIDE_LIST *P = FE4F16C8
+71c struct _NPAGED_LOOKASIDE_LIST *L = 80472ED0
+720 byte ReservedPad[128] = 00 00 00 00 00 00 00 00 . . . . . . . .
00 00 00 00 00 00 00 00 . . . . . . . .
00 00 00 00 00 00 00 00 . . . . . . . .
00 00 00 00 00 00 00 00 . . . . . . . .
+7a0 void *CurrentPacket[3] = 00000000
00000000
00000000
+7ac uint32 TargetSet = 00000000
+7b0 function *WorkerRoutine = 00000000
+7b4 uint32 IpiFrozen = 00000000
+7b8 uint32 CachePad1[2] = 00000000 00000000 .... ....
+7c0 uint32 RequestSummary = 00000000
+7c4 struct _KPRCB *SignalDone = 00000000
+7c8 uint32 ReverseStall = 00000004
+7cc void *IpiFrame = 00000000
+7d0 uint32 CachePad2[4] = 00000000 00000000 00000000 00000000 .... .... .... ....
+7e0 uint32 DpcInterruptRequested = 00000001
+7e4 void *ChainedInterruptList = 00000000
+7e8 uint32 CachePad3[2] = 00000000 00000000 .... ....
+7f0 uint32 MaximumDpcQueueDepth = 00000001
+7f4 uint32 MinimumDpcRate = 00000003
+7f8 uint32 CachePad4[2] = 00000000 00000000 .... ....
+800 struct _LIST_ENTRY DpcListHead
+800 struct _LIST_ENTRY *Flink = 8047E684
+804 struct _LIST_ENTRY *Blink = FE4F5260
+808 uint32 DpcQueueDepth = 00000002
+80c uint32 DpcRoutineActive = 00000000
+810 uint32 DpcCount = 000023c1
+814 uint32 DpcLastCount = 000023c0
+818 uint32 DpcRequestRate = 00000000
+81c void *DpcStack = F9024000
+820 uint32 KernelReserved2[10] = 00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 .... ....
+848 uint32 DpcLock = 00000000
+84c byte SkipTick = 00 .
+84d byte VendorString[13] = 47 65 6e 75 69 6e 65 49 G e n u i n e I
6e 74 65 6c 00 n t e l .
+85c uint32 MHz = 00000227
+860 uint32 FeatureBits = 00000fff
+868 union _LARGE_INTEGER UpdateSignature
+868 uint32 LowPart = 00000000
+86c int32 HighPart = 00000000
+868 struct __unnamed3 u
+868 uint32 LowPart = 00000000
+86c int32 HighPart = 00000000
+868 int64 QuadPart = 0000000000000000
+870 uint32 QuantumEnd = 00000000
+878 struct _PROCESSOR_POWER_STATE PowerState
+878 function *IdleFunction = 80450804
+87c uint32 Idle0KernelTimeLimit = ffffffff
+880 uint32 Idle0LastTime = 00000000
+884 void *IdleState = 00000000
+888 uint64 LastCheck = 0000000000000000
+890 struct PROCESSOR_IDLE_TIMES IdleTimes
+890 uint64 StartTime = 0000000000000000
+898 uint64 EndTime = 0000000000000000
+8a0 uint32 IdleHandlerReserved[4] = 00000000 00000000 00000000 00000000 .... .... .... ....
+8b0 uint32 IdleTime1 = 00000000
+8b4 uint32 PromotionCheck = 00000000
+8b8 uint32 IdleTime2 = 00000000
+8bc byte CurrentThrottle = 08 .
+8bd byte ThrottleLimit = 08 .
+8be byte Spare1[2] = 00 00 . .
+8c0 uint32 SetMember = 00000001
+8c4 void *AbortThrottle = 00000000
+8c8 uint64 DebugDelta = 0000000000000000
+8d0 uint32 DebugCount = 00000000
+8d4 uint32 LastSysTime = 00000000
+8d8 uint32 Spare2[10] = 00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 00000000 00000000 .... .... .... ....
00000000 00000000 .... ....
+900 struct _FX_SAVE_AREA NpxSaveArea
+900 union __unnamed63 U
+900 struct _FNSAVE_FORMAT FnArea
+900 uint32 ControlWord = 00000000
+904 uint32 StatusWord = 00000000
+908 uint32 TagWord = 00000000
+90c uint32 ErrorOffset = 00000000
+910 uint32 ErrorSelector = 00000000
+914 uint32 DataOffset = 00000000
+918 uint32 DataSelector = 00000000
+91c byte RegisterArea[80] = 00 00 00 00 00 00 00 00 . . . . . . . .
00 00 00 00 00 00 00 00 . . . . . . . .
00 00 00 00 00 00 00 00 . . . . . . . .
00 00 00 00 00 00 00 00 . . . . . . . .
+900 struct _FXSAVE_FORMAT FxArea
+900 uint16 ControlWord = 0000
+902 uint16 StatusWord = 0000
+904 uint16 TagWord = 0000
+906 uint16 ErrorOpcode = 0000
+908 uint32 ErrorOffset = 00000000
+90c uint32 ErrorSelector = 00000000
+910 uint32 DataOffset = 00000000
+914 uint32 DataSelector = 00000000
+918 uint32 MXCsr = 00000000
+91c uint32 Reserved2 = 00000000
+920 byte RegisterArea[128] = 00 00 00 00 00 00 00 00 . . . . . . . .
00 00 00 00 00 00 00 00 . . . . . . . .
00 00 00 00 00 00 00 00 . . . . . . . .
00 00 00 00 00 00 00 00 . . . . . . . .
+9a0 byte Reserved3[128] = 00 00 00 00 00 00 00 00 . . . . . . . .
00 00 00 00 00 00 00 00 . . . . . . . .
00 00 00 00 00 00 00 00 . . . . . . . .
00 00 00 00 00 00 00 00 . . . . . . . .
+a20 byte Reserved4[224] = 00 00 00 00 00 00 00 00 . . . . . . . .
00 00 00 00 00 00 00 00 . . . . . . . .
00 00 00 00 00 00 00 00 . . . . . . . .
00 00 00 00 00 00 00 00 . . . . . . . .
+b00 byte Align16Byte[8] = 00 00 00 00 00 00 00 00 . . . . . . . .
+b08 uint32 NpxSavedCpu = 00000000
+b0c uint32 Cr0NpxState = 00000000

使用 WinDbg 的 !pcr 命令可以得到一个简单的 pcr 的输出

某一时刻使用 !pcr 的输出

kd> !pcr
PCR Processor 0 @ffdff000
NtTib.ExceptionList: 8046f7cc
NtTib.StackBase: 8046fe30
NtTib.StackLimit: 8046d040
NtTib.SubSystemTib: 00000000
NtTib.Version: 00000000
NtTib.UserPointer: 00000000
NtTib.SelfTib: 00000000

SelfPcr: ffdff000
Prcb: ffdff120
Irql: 00000000
IRR: 00000000
IDR: ffffffff
InterruptMode: 00000000
IDT: 80036400
GDT: 80036000
TSS: 80223000

CurrentThread: 8046bdf0
NextThread: 00000000
IdleThread: 8046bdf0

DpcQueue: 0x8047e680 0x80431669 nt!KiTimerExpiration
0xfe4f525c 0xfe1c1190 i8042prt!I8042KeyboardIsrDpc

欢迎交流,欢迎交朋友,
欢迎访问 http://jiurl.yeah.net http://jiurl.cosoft.org.cn/forum

你可能感兴趣的:(ffdff000 处的结构 KPCR)