Critical Regions和Guarded Regions区别
KeEnterCriticalRegion和KeLeaveCriticalRegion配合使用,能禁止用户模式APC和普通内核模式APC的调用,但是不能禁止特殊内核模式的调用(NormalRoutine为空的内核模式APC)
KeEnterGuardedRegion和KeLeaveGuardedRegion能禁止所有APC调用
KeEnterCriticalRegion会调用KeEnterCriticalRegionThread()函数,再看看KeEnterCriticalRegionThread()的内部实现
FORCEINLINE
VOID
KeEnterCriticalRegionThread (
PKTHREAD Thread
) /*++ Routine Description: This function disables kernel APC's for the current thread. N.B. The following code does not require any interlocks. There are
two cases of interest: 1) On an MP system, the thread cannot
be running on two processors as once, and 2) if the thread is
is interrupted to deliver a kernel mode APC which also calls
this routine, the values read and stored will stack and unstack
properly. Arguments: Thread - Supplies a pointer to the current thread. N.B. This must be a pointer to the current thread. Return Value: None. --*/ { ASSERT(Thread == KeGetCurrentThread()); ASSERT((Thread->KernelApcDisable <= ) && (Thread->KernelApcDisable != -)); Thread->KernelApcDisable -= ;
KeMemoryBarrierWithoutFence();
return;
}
KeEnterGuardRegion会调用KeEnterGuardRegionThread()函数,再看看KeEnterGuardRegionThread()的内部实现
FORCEINLINE
VOID
KeEnterGuardedRegionThread (
IN PKTHREAD Thread
) /*++ Routine Description: This function disables special kernel APC's for the current thread. N.B. The following code does not require any interlocks. There are
two cases of interest: 1) On an MP system, the thread cannot
be running on two processors as once, and 2) if the thread is
is interrupted to deliver a kernel mode APC which also calls
this routine, the values read and stored will stack and unstack
properly. Arguments: Thread - Supplies a pointer to the current thread. N.B. This must be a pointer to the current thread. Return Value: None. --*/ { ASSERT(KeGetCurrentIrql() <= APC_LEVEL); ASSERT(Thread == KeGetCurrentThread()); ASSERT((Thread->SpecialApcDisable <= ) && (Thread->SpecialApcDisable != -)); Thread->SpecialApcDisable -= ;
KeMemoryBarrierWithoutFence();
return;
}
注意两者之间的区别
KeEnterCriticalRegionThread中为
Thread->KernelApcDisable -= 1;
KeEnterGuardRegionThread中为
Thread->SpecialApcDisable -= 1;
再看看这里的改变会对APC的派发有什么影响,查看KiDeliverApc函数代码
VOID
KiDeliverApc (
IN KPROCESSOR_MODE PreviousMode,
IN PKEXCEPTION_FRAME ExceptionFrame,
IN PKTRAP_FRAME TrapFrame
) /*++ Routine Description: This function is called from the APC interrupt code and when one or
more of the APC pending flags are set at system exit and the previous
IRQL is zero. All special kernel APC's are delivered first, followed
by normal kernel APC's if one is not already in progress, and finally
if the user APC queue is not empty, the user APC pending flag is set,
and the previous mode is user, then a user APC is delivered. On entry
to this routine IRQL is set to APC_LEVEL. N.B. The exception frame and trap frame addresses are only guaranteed
to be valid if, and only if, the previous mode is user. Arguments: PreviousMode - Supplies the previous processor mode. ExceptionFrame - Supplies a pointer to an exception frame. TrapFrame - Supplies a pointer to a trap frame. Return Value: None. --*/ { PKAPC Apc;
PKKERNEL_ROUTINE KernelRoutine;
KLOCK_QUEUE_HANDLE LockHandle;
PLIST_ENTRY NextEntry;
PVOID NormalContext;
PKNORMAL_ROUTINE NormalRoutine;
PKTRAP_FRAME OldTrapFrame;
PKPROCESS Process;
PVOID SystemArgument1;
PVOID SystemArgument2;
PKTHREAD Thread; //
// If the thread was interrupted in the middle of the SLIST pop code,
// then back up the PC to the start of the SLIST pop.
// if (TrapFrame != NULL) {
KiCheckForSListAddress(TrapFrame);
} //
// Save the current thread trap frame address and set the thread trap
// frame address to the new trap frame. This will prevent a user mode
// exception from being raised within an APC routine.
// Thread = KeGetCurrentThread();
OldTrapFrame = Thread->TrapFrame;
Thread->TrapFrame = TrapFrame; //
// If special APC are not disabled, then attempt to deliver one or more
// APCs.
// Process = Thread->ApcState.Process;
Thread->ApcState.KernelApcPending = FALSE;
if (Thread->SpecialApcDisable == ) { //
// If the kernel APC queue is not empty, then attempt to deliver a
// kernel APC.
//
// N.B. The following test is not synchronized with the APC insertion
// code. However, when an APC is inserted in the kernel queue of
// a running thread an APC interrupt is requested. Therefore, if
// the following test were to falsely return that the kernel APC
// queue was empty, an APC interrupt would immediately cause this
// code to be executed a second time in which case the kernel APC
// queue would found to contain an entry.
// KeMemoryBarrier();
while (IsListEmpty(&Thread->ApcState.ApcListHead[KernelMode]) == FALSE) { //
// Raise IRQL to dispatcher level, lock the APC queue, and check
// if any kernel mode APC's can be delivered.
//
// If the kernel APC queue is now empty because of the removal of
// one or more entries, then release the APC lock, and attempt to
// deliver a user APC.
// KeAcquireInStackQueuedSpinLock(&Thread->ApcQueueLock, &LockHandle);
NextEntry = Thread->ApcState.ApcListHead[KernelMode].Flink;
if (NextEntry == &Thread->ApcState.ApcListHead[KernelMode]) {
KeReleaseInStackQueuedSpinLock(&LockHandle);
break;
} //
// Clear kernel APC pending, get the address of the APC object,
// and determine the type of APC.
//
// N.B. Kernel APC pending must be cleared each time the kernel
// APC queue is found to be non-empty.
// Thread->ApcState.KernelApcPending = FALSE;
Apc = CONTAINING_RECORD(NextEntry, KAPC, ApcListEntry);
ReadForWriteAccess(Apc);
KernelRoutine = Apc->KernelRoutine;
NormalRoutine = Apc->NormalRoutine;
NormalContext = Apc->NormalContext;
SystemArgument1 = Apc->SystemArgument1;
SystemArgument2 = Apc->SystemArgument2;
if (NormalRoutine == (PKNORMAL_ROUTINE)NULL) { //
// First entry in the kernel APC queue is a special kernel APC.
// Remove the entry from the APC queue, set its inserted state
// to FALSE, release dispatcher database lock, and call the kernel
// routine. On return raise IRQL to dispatcher level and lock
// dispatcher database lock.
// RemoveEntryList(NextEntry);
Apc->Inserted = FALSE;
KeReleaseInStackQueuedSpinLock(&LockHandle);
(KernelRoutine)(Apc,
&NormalRoutine,
&NormalContext,
&SystemArgument1,
&SystemArgument2); #if DBG if (KeGetCurrentIrql() != LockHandle.OldIrql) {
KeBugCheckEx(IRQL_UNEXPECTED_VALUE,
KeGetCurrentIrql() << | LockHandle.OldIrql << ,
(ULONG_PTR)KernelRoutine,
(ULONG_PTR)Apc,
(ULONG_PTR)NormalRoutine);
} #endif } else { //
// First entry in the kernel APC queue is a normal kernel APC.
// If there is not a normal kernel APC in progress and kernel
// APC's are not disabled, then remove the entry from the APC
// queue, set its inserted state to FALSE, release the APC queue
// lock, call the specified kernel routine, set kernel APC in
// progress, lower the IRQL to zero, and call the normal kernel
// APC routine. On return raise IRQL to dispatcher level, lock
// the APC queue, and clear kernel APC in progress.
// if ((Thread->ApcState.KernelApcInProgress == FALSE) &&
(Thread->KernelApcDisable == )) { RemoveEntryList(NextEntry);
Apc->Inserted = FALSE;
KeReleaseInStackQueuedSpinLock(&LockHandle);
(KernelRoutine)(Apc,
&NormalRoutine,
&NormalContext,
&SystemArgument1,
&SystemArgument2); #if DBG if (KeGetCurrentIrql() != LockHandle.OldIrql) {
KeBugCheckEx(IRQL_UNEXPECTED_VALUE,
KeGetCurrentIrql() << | LockHandle.OldIrql << | ,
(ULONG_PTR)KernelRoutine,
(ULONG_PTR)Apc,
(ULONG_PTR)NormalRoutine);
} #endif if (NormalRoutine != (PKNORMAL_ROUTINE)NULL) {
Thread->ApcState.KernelApcInProgress = TRUE;
KeLowerIrql();
(NormalRoutine)(NormalContext,
SystemArgument1,
SystemArgument2); KeRaiseIrql(APC_LEVEL, &LockHandle.OldIrql);
} Thread->ApcState.KernelApcInProgress = FALSE; } else {
KeReleaseInStackQueuedSpinLock(&LockHandle);
goto CheckProcess;
}
}
} //
// Kernel APC queue is empty. If the previous mode is user, user APC
// pending is set, and the user APC queue is not empty, then remove
// the first entry from the user APC queue, set its inserted state to
// FALSE, clear user APC pending, release the dispatcher database lock,
// and call the specified kernel routine. If the normal routine address
// is not NULL on return from the kernel routine, then initialize the
// user mode APC context and return. Otherwise, check to determine if
// another user mode APC can be processed.
//
// N.B. There is no race condition associated with checking the APC
// queue outside the APC lock. User APCs are always delivered at
// system exit and never interrupt the execution of the thread
// in the kernel.
// if ((PreviousMode == UserMode) &&
(IsListEmpty(&Thread->ApcState.ApcListHead[UserMode]) == FALSE) &&
(Thread->ApcState.UserApcPending != FALSE)) { //
// Raise IRQL to dispatcher level, lock the APC queue, and deliver
// a user mode APC.
// KeAcquireInStackQueuedSpinLock(&Thread->ApcQueueLock, &LockHandle); //
// If the user APC queue is now empty because of the removal of
// one or more entries, then release the APC lock and exit.
// Thread->ApcState.UserApcPending = FALSE;
NextEntry = Thread->ApcState.ApcListHead[UserMode].Flink;
if (NextEntry == &Thread->ApcState.ApcListHead[UserMode]) {
KeReleaseInStackQueuedSpinLock(&LockHandle);
goto CheckProcess;
} Apc = CONTAINING_RECORD(NextEntry, KAPC, ApcListEntry);
ReadForWriteAccess(Apc);
KernelRoutine = Apc->KernelRoutine;
NormalRoutine = Apc->NormalRoutine;
NormalContext = Apc->NormalContext;
SystemArgument1 = Apc->SystemArgument1;
SystemArgument2 = Apc->SystemArgument2;
RemoveEntryList(NextEntry);
Apc->Inserted = FALSE;
KeReleaseInStackQueuedSpinLock(&LockHandle);
(KernelRoutine)(Apc,
&NormalRoutine,
&NormalContext,
&SystemArgument1,
&SystemArgument2); if (NormalRoutine == (PKNORMAL_ROUTINE)NULL) {
KeTestAlertThread(UserMode); } else {
KiInitializeUserApc(ExceptionFrame,
TrapFrame,
NormalRoutine,
NormalContext,
SystemArgument1,
SystemArgument2);
}
}
} //
// Check if process was attached during the APC routine.
// CheckProcess:
if (Thread->ApcState.Process != Process) {
KeBugCheckEx(INVALID_PROCESS_ATTACH_ATTEMPT,
(ULONG_PTR)Process,
(ULONG_PTR)Thread->ApcState.Process,
(ULONG)Thread->ApcStateIndex,
(ULONG)KeIsExecutingDpc());
} //
// Restore the previous thread trap frame address.
// Thread->TrapFrame = OldTrapFrame;
return;
}
可以看到,这个函数会判断Thread->SpecialApcDisable 和 Thread->KernelApcSidable 的值,如果Thread->SpecialApcDisable 为0,会先派发特殊内核APC,然后判断Thread->KernelApcDisable是否为0,为0 就去进一步的派发普通内核 Apc和 用户Apc
后续再补充代码实现细节.
Critical Regions和Guarded Regions区别的更多相关文章
- Windows内核开发-6-内核机制 Kernel Mechanisms
Windows内核开发-6-内核机制 Kernel Mechanisms 一部分Windows的内核机制对于驱动开发很有帮助,还有一部分对于内核理解和调试也很有帮助. Interrupt Reques ...
- [REP]AWS Regions and Availability Zones: the simplest explanation you will ever find around
When it comes to Amazon Web Services, there are two concepts that are extremely important and spanni ...
- Windows Kernel Security Training Courses
http://www.codemachine.com/courses.html#kerdbg Windows Kernel Internals for Security Researchers Thi ...
- C puzzles详解【51-57题】
第五十一题 Write a C function which does the addition of two integers without using the '+' operator. You ...
- mser 最大稳定极值区域(文字区域定位)算法 附完整C代码
mser 的全称:Maximally Stable Extremal Regions 第一次听说这个算法时,是来自当时部门的一个同事, 提及到他的项目用它来做文字区域的定位,对这个算法做了一些优化. ...
- Hbase学习02
第2章 Apache HBase配置 本章在“入门”一章中进行了扩展,以进一步解释Apache HBase的配置. 请仔细阅读本章,特别是基本先决条件,确保您的HBase测试和部署顺利进行,并防止数据 ...
- fasta/fastq格式解读
1)知识简介--------------------------------------------------------1.1)测序质量值 首先在了解fastq,fasta之前,了解一下什么是质量 ...
- [libgdx游戏开发教程]使用Libgdx进行游戏开发(4)-素材管理
游戏中总是有大量的图像资源,我们通常的做法是把要用的图片做成图片集,这样做的好处就不多说了.直接来看怎么用. 这里我们使用自己的类Assets来管理它们,让这个工具类作为我们的资源管家,从而可以在任何 ...
- 目标检测之线段检测---lsd line segment detector
(1)线段检测应用背景 (2)线段检测原理简介 (3)线段检测实例 a line segment detector (4)hough 变换和 lsd 的区别 --------------------- ...
随机推荐
- Java50道经典习题-程序10 自由落体
题目:一球从100米高度自由落下,每次落地后反跳回原高度的一半:再落下,求它在 第10次落地时,共经过多少米?第10次反弹多高? import java.util.Scanner; public cl ...
- 使用textarea标签代替input标签可以实现输入框的大小调节,自动换行,滚动条显示
<!DOCTYPE html> <html lang="en"> <head> <meta charset="UTF-8&quo ...
- ckeditor4.5.11+ckfinder_java2.6.2配置
http://blog.csdn.net/skyman1942/article/details/52537100 1.环境说明: 日期:2016-09-14 工具:ckeditor_4.5.11+ck ...
- Dreamweaver_CS6安装及破解文件
资源下载地址: 链接: https://pan.baidu.com/s/1mhQ5DoO 密码: mnv3 1.下载,安装,先作为试用版安装 可能显示的页面不一样,但是就是安装试用版 2.接受许可协议 ...
- x == (x = y) 不等于 (x = y) == x ?
简评:不瞒你说,我现在数数都是从 0 开始数的,整数是 1024. 有这么一个 Java 程序: class Quirky { public static void main(String[] arg ...
- day04 --class --homework
# -*- coding: utf-8 -*- # @Time : 2018/12/24 12:10 # @Author : Endless-cloud # @Site : # @File : 04 ...
- 类型转换 / BOOL 类型
/* Swift不允许隐式类型转换, 但可以使用显示类型转换(强制类型转换) OC: int intValue = 10; double doubleValue = (double)intValue; ...
- L07-Linux配置ssh免密远程登录
本文配置可实现:集群服务器之间相互可以ssh免密登录.若只想从单一机器(如master)ssh免密登录其他机器(slave1.slave2),则只跟着操作到第二步即可. 建议先花两三分钟把全文看完再跟 ...
- gradle第一篇:初入门
有的时候,感觉技术真是一年一个样,之前呢ant式微,被maven取代,而现在呢,maven慢慢式微,又渐渐要被gradle取代,不说多了我们现在就来讲一讲gradle吧. 第一步——安装: ①安装所需 ...
- c#移位运算符("<<"及">>")详细说明
以前感觉移位运算符自己挺明白的,也许是学的时间长了,后来一看,忘得差不多了.现在参考一些网上的学习资料,将位移运算符整理一下,作为知识点总结,也算个积累.在讲移位运算符之前,先简单补充一下原码与补码的 ...