东莞网站平台费用_宁波妇科_丈哥seo博客工具_网页设计与制作代码

第一部分：
1: kd> dt kthread 0x89510898
ntdll!KTHREAD
   +0x000 Header           : _DISPATCHER_HEADER
   +0x010 MutantListHead   : _LIST_ENTRY [ 0x895108a8 - 0x895108a8 ]
   +0x018 InitialStack     : 0xba3ef000 Void
   +0x01c StackLimit       : 0xba3eb000 Void
   +0x020 KernelStack      : 0xba3eec5c Void
   +0x024 ThreadLock       : 0
   +0x028 ContextSwitches  : 0xa0
   +0x02c State            : 0x7 ''

1: kd> be 34
1: kd> be 45

    34 e Disable Clear  80b007f0     0001 (0001) nt!SwapContext
    45 e Disable Clear  80a440eb     0001 (0001) nt!KiSwapThread+0x627

第二部分：
1: kd> dt kthread 0x89510898
ntdll!KTHREAD
   +0x000 Header           : _DISPATCHER_HEADER
   +0x010 MutantListHead   : _LIST_ENTRY [ 0x895108a8 - 0x895108a8 ]
   +0x018 InitialStack     : 0xba3ef000 Void
   +0x01c StackLimit       : 0xba3eb000 Void
   +0x020 KernelStack      : 0xba3eec5c Void
   +0x024 ThreadLock       : 0
   +0x028 ContextSwitches  : 0xa0
   +0x02c State            : 0x7 ''

   +0x034 ApcState         : _KAPC_STATE

1: kd> dx -id 0,0,8981e020 -r1 (*((ntdll!_KAPC_STATE *)0x895108cc))
(*((ntdll!_KAPC_STATE *)0x895108cc))                 [Type: _KAPC_STATE]
    [+0x000] ApcListHead      [Type: _LIST_ENTRY [2]]
    [+0x010] Process          : 0x89838358 [Type: _KPROCESS *]
    [+0x014] KernelApcInProgress : 0x0 [Type: unsigned char]
    [+0x015] KernelApcPending : 0x1 [Type: unsigned char]
    [+0x016] UserApcPending   : 0x0 [Type: unsigned char]

第三部分：
1: kd> dt kthread 0x89510898
ntdll!KTHREAD
 
   +0x02c State            : 0x7 ''
 
   +0x128 ApcStatePointer  : [2] 0x895108cc _KAPC_STATE
1: kd> dx -id 0,0,8981e020 -r1 (*((ntdll!_KAPC_STATE * (*)[2])0x895109c0))
(*((ntdll!_KAPC_STATE * (*)[2])0x895109c0))                 [Type: _KAPC_STATE * [2]]
    [0]              : 0x895108cc [Type: _KAPC_STATE *]
    [1]              : 0x895109c8 [Type: _KAPC_STATE *]
1: kd> dx -id 0,0,8981e020 -r1 ((ntdll!_KAPC_STATE *)0x895108cc)
((ntdll!_KAPC_STATE *)0x895108cc)                 : 0x895108cc [Type: _KAPC_STATE *]
    [+0x000] ApcListHead      [Type: _LIST_ENTRY [2]]
    [+0x010] Process          : 0x89838358 [Type: _KPROCESS *]
    [+0x014] KernelApcInProgress : 0x0 [Type: unsigned char]
    [+0x015] KernelApcPending : 0x1 [Type: unsigned char]
    [+0x016] UserApcPending   : 0x0 [Type: unsigned char]
1: kd> dx -id 0,0,8981e020 -r1 (*((ntdll!_LIST_ENTRY (*)[2])0x895108cc))
(*((ntdll!_LIST_ENTRY (*)[2])0x895108cc))                 [Type: _LIST_ENTRY [2]]
    [0]              [Type: _LIST_ENTRY]
    [1]              [Type: _LIST_ENTRY]
1: kd> dx -id 0,0,8981e020 -r1 (*((ntdll!_LIST_ENTRY *)0x895108cc))
(*((ntdll!_LIST_ENTRY *)0x895108cc))                 [Type: _LIST_ENTRY]
    [+0x000] Flink            : 0x896e4e4c [Type: _LIST_ENTRY *]
    [+0x004] Blink            : 0x896e4e4c [Type: _LIST_ENTRY *]

第四部分：
1: kd> dt kapc 0x896e4e4c-c
GDI32!KAPC
   +0x000 Type             : 0n18
   +0x002 Size             : 0n48
   +0x004 Spare0           : 0
   +0x008 Thread           : 0x89510898 _KTHREAD
   +0x00c ApcListEntry     : _LIST_ENTRY [ 0x895108cc - 0x895108cc ]
   +0x014 KernelRoutine    : 0x80a2bd0e     void  nt!IopCompleteRequest+0
   +0x018 RundownRoutine   : 0x80c72194     void  nt!IopAbortRequest+0
   +0x01c NormalRoutine    : (null)
   +0x020 NormalContext    : (null)
   +0x024 SystemArgument1  : 0x895a7ca8 Void
   +0x028 SystemArgument2  : (null)
   +0x02c ApcStateIndex    : 0 ''
   +0x02d ApcMode          : 0 ''
   +0x02e Inserted         : 0x1 ''
1: kd> dt _irp 0x896e4e40-40
GDI32!_IRP
   +0x000 Type             : 0n6
   +0x002 Size             : 0x94
   +0x004 MdlAddress       : (null)
   +0x008 Flags            : 0x870
   +0x00c AssociatedIrp    : __unnamed
   +0x010 ThreadListEntry  : _LIST_ENTRY [ 0x89510ab0 - 0x89510ab0 ]
   +0x018 IoStatus         : _IO_STATUS_BLOCK
   +0x020 RequestorMode    : 1 ''
   +0x021 PendingReturned  : 0x1 ''
   +0x022 StackCount       : 1 ''
   +0x023 CurrentLocation  : 3 ''
   +0x024 Cancel           : 0 ''
   +0x025 CancelIrql       : 0 ''
   +0x026 ApcEnvironment   : 0 ''
   +0x027 AllocationFlags  : 0xc ''
   +0x028 UserIosb         : 0x006c1a00 _IO_STATUS_BLOCK
   +0x02c UserEvent        : 0x894e9800 _KEVENT
   +0x030 Overlay          : __unnamed
   +0x038 CancelRoutine    : (null)
   +0x03c UserBuffer       : 0x006c1408 Void
   +0x040 Tail             : __unnamed

第五部分：
1: kd> dt _irp -r
GDI32!_IRP
   +0x000 Type             : Int2B
   +0x002 Size             : Uint2B

   +0x00c AssociatedIrp    : __unnamed
      +0x000 MasterIrp        : Ptr32 _IRP

      +0x000 IrpCount         : Int4B
      +0x000 SystemBuffer     : Ptr32 Void

1: kd> dt _irp 0x896e4e40-40
GDI32!_IRP
   +0x000 Type             : 0n6
   +0x002 Size             : 0x94
   +0x004 MdlAddress       : (null)
   +0x008 Flags            : 0x870
   +0x00c AssociatedIrp    : __unnamed

1: kd> dx -id 0,0,8981e020 -r1 (*((GDI32!__unnamed *)0x896e4e0c))
(*((GDI32!__unnamed *)0x896e4e0c))                 [Type: __unnamed]
    [+0x000] MasterIrp        : 0x896c0c78 [Type: _IRP *]
    [+0x000] IrpCount         : -1989407624 [Type: long]
    [+0x000] SystemBuffer     : 0x896c0c78 [Type: void *]

1: kd> dd 0x896c0c78
896c0c78  03020005 00000010 00000030 0000005d
896c0c88  00000018 00000000 00000000 e160751f
896c0c98  45e3ef7f 690413a0 b8ade145 00000000
896c0ca8  0a0a0007 43504354 20204354 8911bcb4

1: kd> dt rpcconn_common 0x896c0c78
RPCRT4!rpcconn_common
   +0x000 rpc_vers         : 0x5 ''
   +0x001 rpc_vers_minor   : 0 ''
   +0x002 PTYPE            : 0x2 ''
   +0x003 pfc_flags        : 0x3 ''
   +0x004 drep             : [4]  "???"
   +0x008 frag_length      : 0x30
   +0x00a auth_length      : 0
   +0x00c call_id          : 0x5d            +0x00c call_id          : 0x5d

第六部分：
1: kd> !thread 89510898
THREAD 89510898  Cid 03b4.03b8  Teb: 7ffde000 Win32Thread: e17b6ea8 WAIT: (UserRequest) UserMode Non-Alertable
    894e9800  NotificationEvent
IRP List:
    896e4e00: (0006,0094) Flags: 00000870  Mdl: 00000000
Not impersonating
DeviceMap                 e10003d8
Owning Process            89838358       Image:         svchost.exe
Attached Process          N/A            Image:         N/A
Wait Start TickCount      274651022      Ticks: 168 (0:00:00:02.625)
Context Switch Count      159            IdealProcessor: 1                 LargeStack
UserTime                  00:00:00.140
KernelTime                00:00:00.156
Win32 Start Address svchost!wmainCRTStartup (0x0100317f)
Stack Init ba3ef000 Current ba3eec5c Base ba3ef000 Limit ba3eb000 Call 00000000
Priority 9 BasePriority 8 PriorityDecrement 0 IoPriority 0 PagePriority 0
ChildEBP RetAddr  Args to Child              
ba3eec74 80a440eb 89510938 89510898 894e9800 nt!KiSwapContext+0x26 (FPO: [Uses EBP] [0,0,4]) [d:\srv03rtm\base\ntos\ke\i386\ctxswap.asm @ 139]
ba3eecac 80a35ea9 00000000 00000000 00000001 nt!KiSwapThread+0x627 (FPO: [Non-Fpo]) (CONV: fastcall) [d:\srv03rtm\base\ntos\ke\thredsup.c @ 2000]
ba3eece0 80d1f189 894e9800 00000006 ba3eed01 nt!KeWaitForSingleObject+0x2d7 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\wait.c @ 1161]
ba3eed44 80afbcb2 00000255 00000000 00000000 nt!NtWaitForSingleObject+0xcd (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ob\obwait.c @ 402]
ba3eed44 7ffe0304 00000255 00000000 00000000 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ ba3eed64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
0006f5e4 77f2fbc8 77e64045 00000255 00000000 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
0006f5e8 77e64045 00000255 00000000 00000000 ntdll!NtWaitForSingleObject+0xc (FPO: [3,0,0]) [d:\srv03rtm\base\ntdll\daytona\obj\i386\usrstubs.asm @ 2371]
0006f658 77c6f002 00000255 ffffffff 00000000 kernel32!WaitForSingleObjectEx+0xac (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\win32\client\synch.c @ 1237]
0006f678 77c6f1bb 006c1a00 00000000 ffffffff RPCRT4!UTIL_WaitForSyncIO+0x1f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\com\rpc\runtime\trans\common\util.cxx @ 233]
0006f69c 77c727d8 006c19cc 006c1a00 0006f6c4 RPCRT4!UTIL_GetOverlappedResultEx+0xbf (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\com\rpc\runtime\trans\common\util.cxx @ 370]
0006f6c8 77bf4f4b 000003e5 00000024 006c12b8 RPCRT4!NMP_SyncSendRecv+0xd5 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\com\rpc\runtime\trans\common\nptrans.cxx @ 1995]
0006f6f4 77bf53ce 006daff0 00000000 00000024 RPCRT4!OSF_CCONNECTION::TransSendReceive+0xb9 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\srv03rtm\com\rpc\runtime\mtrt\osfclnt.cxx @ 3365]
0006f77c 77bf5c76 006c12b8 006c1a90 00000001 RPCRT4!OSF_CCONNECTION::SendFragment+0x32c (FPO: [Non-Fpo]) (CONV: thiscall) [d:\srv03rtm\com\rpc\runtime\mtrt\osfclnt.cxx @ 6012]
0006f7d4 77bfc0ca 00000000 ffffffff 0006f818 RPCRT4!OSF_CCALL::SendNextFragment+0x29b (FPO: [Non-Fpo]) (CONV: thiscall) [d:\srv03rtm\com\rpc\runtime\mtrt\osfclnt.cxx @ 9631]
0006f81c 77bfc397 0006f8b8 0006f860 000006bf RPCRT4!OSF_CCALL::FastSendReceive+0x162 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\srv03rtm\com\rpc\runtime\mtrt\osfclnt.cxx @ 8222]
0006f83c 77bfcbac 0006f8b8 0006f860 77e47889 RPCRT4!OSF_CCALL::SendReceiveHelper+0xe1 (FPO: [Non-Fpo]) (CONV: thiscall) [d:\srv03rtm\com\rpc\runtime\mtrt\osfclnt.cxx @ 8539]
0006f868 77bf1ca2 006c12d0 0006f8e4 0006f8b8 RPCRT4!OSF_CCALL::SendReceive+0x4c (FPO: [Non-Fpo]) (CONV: thiscall) [d:\srv03rtm\com\rpc\runtime\mtrt\osfclnt.cxx @ 8603]
0006f884 77c3f764 0006f8b8 77d80220 0006fc8c RPCRT4!I_RpcSendReceive+0xba (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\com\rpc\runtime\mtrt\msgapi.cxx @ 79]
0006f89c 77c7ed10 0006f8e4 006c12dc 000b5378 RPCRT4!NdrSendReceive+0x47 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\com\rpc\ndr20\auxilary.cxx @ 1269]
0006fc6c 77dc1926 77d80220 77d7f5e0 0006fc8c RPCRT4!NdrClientCall2+0x1f7 (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\com\rpc\ndr20\cltcall.cxx @ 1033]
0006fc84 77dbecfe 00000000 00000000 00000001 ADVAPI32!ROpenSCManagerW+0x17 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\screg\sc\client\svcctl_c.c @ 381]
0006fccc 77dc1046 00000000 00000000 00000001 ADVAPI32!OpenSCManagerW+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\screg\sc\client\scwrap.cxx @ 828]
0006fd4c 77dc16c1 00000298 0006fd78 00000216 ADVAPI32!ScDispatcherLoop+0xd3 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\screg\sc\client\scapi.cxx @ 892]
0006ffac 01003221 00084d00 00000000 00000000 ADVAPI32!StartServiceCtrlDispatcherW+0x121 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\screg\sc\client\scapi.cxx @ 705]
0006ffc0 77e62c34 00000000 00000000 7ffdf000 svchost!wmainCRTStartup+0xa2 (FPO: [0,0,3]) (CONV: stdcall) [d:\srv03rtm\base\screg\sc\svchost\svchost.c @ 1369]
0006fff0 00000000 0100317f 00000000 78746341 kernel32!BaseProcessStart+0x23 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\win32\client\support.c @ 580]

0006f77c 77bf5c76 006c12b8 006c1a90 00000001 RPCRT4!OSF_CCONNECTION::SendFragment+0x32c (FPO: [Non-Fpo]) (CONV: thiscall) [d:\srv03rtm\com\rpc\runtime\mtrt\osfclnt.cxx @ 6012]

RPC_STATUS
OSF_CCALL::SendNextFragment (
    IN unsigned char PacketType,
    IN BOOL fFirstSend,
    OUT void **ReceiveBuffer,
    OUT UINT *ReceivedLength
    )
/*++
Function Name:SendNextFragment

Parameters:

Description:

Returns:

--*/
{
    int PacketLength;
    RPC_STATUS Status;
    BOOL LastFragmentFlag;
    rpcconn_common  *pFragment;

    Status = Connection->SendFragment (
                           pFragment,
                           this,
                           LastFragmentFlag,
                           MyHeaderSize,
                           MaxSecuritySize,
                           MyBufferLength,
                           MaximumFragmentLength,
                           ReservedForSecurity,
                           !(Connection->fExclusive),
                           SendContext,
                           Timeout,
                           ReceiveBuffer,
                           ReceivedLength);

1: kd> dd 006c12b8
006c12b8  03000005 00000010 00000050 0000005d
006c12c8  00000038 00100000 00000000 f94c664d
006c12d8  4d5092d7 1e4171bc b5089c4f 00000009
006c12e8  00000000 00000009 00750077 00750061
006c12f8  00650073 00760072 00000000 00008000
006c1308  00000000 00008000 0000006e 00008000

1: kd> dt rpcconn_common 006c12b8
RPCRT4!rpcconn_common
   +0x000 rpc_vers         : 0x5 ''
   +0x001 rpc_vers_minor   : 0 ''
   +0x002 PTYPE            : 0 ''
   +0x003 pfc_flags        : 0x3 ''
   +0x004 drep             : [4]  "???"
   +0x008 frag_length      : 0x50
   +0x00a auth_length      : 0
   +0x00c call_id          : 0x5d            +0x00c call_id          : 0x5d

第七部分：

;
; If the new thread has a kernel mode APC pending, then request an APC
; interrupt.
;

        cmp     byte ptr [esi].ThApcState.AsKernelApcPending, 0 ; APC pending?        //下断点50
        jne     short sc80              ; if ne, kernel APC pending                //不等于0，跳转到sc80
        xor     eax, eax                ; set return value
        ret                             ; return

1: kd> g
Breakpoint 50 hit
nt!SwapContext+0xe9:
80b008d9 807e4900        cmp     byte ptr [esi+49h],0
1: kd> r
eax=ba3e20ac ebx=f7737000 ecx=00000000 edx=80010031 esi=89510898 edi=89816318
eip=80b008d9 esp=ba3eec64 ebp=89838358 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
nt!SwapContext+0xe9:
80b008d9 807e4900        cmp     byte ptr [esi+49h],0       ds:0023:895108e1=01

sc80:   cmp     word ptr [esi].ThSpecialApcDisable, 0 ; check if special APC disable
        jne     short sc90              ; if ne, special APC disable        //+0x072 SpecialApcDisable : 0n0，等于0，执行test cl,cl
        test    cl, cl                  ; test for APC bypass disable        //cl=0，APC被禁用了吗？0表示没有被禁用。
        jz      short sc90              ; if z, APC bypass enabled        //跳转到sc90
        mov     cl, APC_LEVEL           ; request software interrupt level
        fstCall HalRequestSoftwareInterrupt ;
        or      eax, esp                ; clear ZF flag
sc90:   setz    al                      ; set return value
        ret                             ; return

ThSpecialApcDisable equ 00072H

1: kd> dt kthread 89510898
ntdll!KTHREAD
   +0x000 Header           : _DISPATCHER_HEADER
   +0x010 MutantListHead   : _LIST_ENTRY [ 0x895108a8 - 0x895108a8 ]
   +0x018 InitialStack     : 0xba3ef000 Void
   +0x01c StackLimit       : 0xba3eb000 Void
   +0x020 KernelStack      : 0xba3eec5c Void
   +0x024 ThreadLock       : 0
   +0x028 ContextSwitches  : 0xa1
   +0x02c State            : 0x2 ''

   +0x072 SpecialApcDisable : 0n0

1: kd> r
eax=ba3e20ac ebx=f7737000 ecx=00000000 edx=80010031 esi=89510898 edi=89816318
eip=80b008e9 esp=ba3eec64 ebp=89838358 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
nt!SwapContext+0xf9:
80b008e9 84c9            test    cl,cl

test eax, eax
setz al

这里，test eax, eax执行AND操作，结果不影响EAX的值，但会设置标志寄存器。
如果结果为零，则setz指令将AL寄存器置为0x1（即真），否则置为0x00（即假）。

1: kd> r
eax=ba3e20ac ebx=f7737000 ecx=00000000 edx=80010031 esi=89510898 edi=89816318
eip=80b008e9 esp=ba3eec64 ebp=89838358 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
nt!SwapContext+0xf9:
80b008e9 84c9            test    cl,cl
1: kd> p
nt!SwapContext+0xfb:
80b008eb 740a            je      nt!SwapContext+0x107 (80b008f7)
1: kd> p
nt!SwapContext+0x107:
80b008f7 0f94c0          sete    al
1: kd> r
eax=ba3e20ac ebx=f7737000 ecx=00000000 edx=80010031 esi=89510898 edi=89816318
eip=80b008f7 esp=ba3eec64 ebp=89838358 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
nt!SwapContext+0x107:
80b008f7 0f94c0          sete    al
1: kd> p
nt!SwapContext+0x10a:
80b008fa c3              ret
1: kd> r
eax=ba3e2001 ebx=f7737000 ecx=00000000 edx=80010031 esi=89510898 edi=89816318
eip=80b008fa esp=ba3eec64 ebp=89838358 iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
nt!SwapContext+0x10a:
80b008fa c3              ret

第八部分：
1: kd> p
nt!KiSwapContext+0x26:
80b006fe 8b2c24          mov     ebp,dword ptr [esp]
1: kd> kc
 #
00 nt!KiSwapContext
01 nt!KiSwapThread
02 nt!KeWaitForSingleObject
03 nt!NtWaitForSingleObject
04 nt!_KiSystemService
05 SharedUserData!SystemCallStub
06 ntdll!NtWaitForSingleObject
07 kernel32!WaitForSingleObjectEx
08 RPCRT4!UTIL_WaitForSyncIO
09 RPCRT4!UTIL_GetOverlappedResultEx
0a RPCRT4!NMP_SyncSendRecv
0b RPCRT4!OSF_CCONNECTION::TransSendReceive
0c RPCRT4!OSF_CCONNECTION::SendFragment
0d RPCRT4!OSF_CCALL::SendNextFragment
0e RPCRT4!OSF_CCALL::FastSendReceive
0f RPCRT4!OSF_CCALL::SendReceiveHelper
10 RPCRT4!OSF_CCALL::SendReceive
11 RPCRT4!I_RpcSendReceive
12 RPCRT4!NdrSendReceive
13 RPCRT4!NdrClientCall2
14 ADVAPI32!ROpenServiceW
15 ADVAPI32!OpenServiceW
16 ADVAPI32!ScDispatcherLoop
17 ADVAPI32!StartServiceCtrlDispatcherW
18 svchost!wmainCRTStartup
19 kernel32!BaseProcessStart

1: kd> p
nt!KiSwapContext+0x35:
80b0070d 83c410          add     esp,10h
1: kd> p
nt!KiSwapContext+0x38:
80b00710 c3              ret
1: kd> r
eax=ba3e2001 ebx=89510898 ecx=00000000 edx=80010031 esi=894cec08 edi=80a059f8
eip=80b00710 esp=ba3eec78 ebp=ba3eecac iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000286
nt!KiSwapContext+0x38:
80b00710 c3              ret
1: kd> p
Breakpoint 45 hit
nt!KiSwapThread+0x627:
80a440eb 84c0            test    al,al
1: kd> r
eax=ba3e2001 ebx=89510898 ecx=00000000 edx=80010031 esi=894cec08 edi=80a059f8
eip=80a440eb esp=ba3eec7c ebp=ba3eecac iopl=0         nv up ei ng nz na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000286
nt!KiSwapThread+0x627:
80a440eb 84c0            test    al,al

    Pending = KiSwapContext(OldThread, NewThread);//Pending=1，返回值为1。

#endif

    //
    // If a kernel APC should be delivered, then deliver it now.
    //

    WaitStatus = OldThread->WaitStatus;
    if (Pending != FALSE) {
        KeLowerIrql(APC_LEVEL);
        KiDeliverApc(KernelMode, NULL, NULL);//开始出来APC，读取rpc服务端的响应数据。

        ASSERT(WaitIrql == 0);
    }