hal!KeGetCurrentIrql:
mov eax,dword ptr ds:[FFFE0080h] <------------> ds:[FFFE0080h]是任务优先级寄存器TPR,eax存放了原任务优先级
shr eax,4
movzx eax,byte ptr hal!HalpVectorToIRQL [eax] ------> 在HalpVectorToIRQL数组中获取对应的原先的IRQL
ret
db hal!HalpVectorToIRQL: 任务优先级到IRQL的转换表(任务优先级/16做为索引,得到IRQL)内容
00 ff ff 01 02 ff 05 06 07 08 09 0a 1b 1c 1d 1e
00 00 00 00 00 00 00 00 2a 00 00 00 c4 00 00 00
KeAcquireSpinLock 在单核处理器的实现
hal!KfAcquireSpinLock:
mov edx,dword ptr ds:[0FFFE0080h] --->同KeGetCurrentIrql一样,获得之前任务优先级
mov dword ptr ds:[0FFFE0080h],41h --->设置当前任务优先级到任务优先级寄存器TPR
下次通过KeGetCurrentIrql获得IRQL时,得到任务优先级=0x41,再通过
HalpVectorToIRQL转换(/16=4),获得当前IRQL=DISPATCH_LEVEL
shr edx,4
movzx eax,byte ptr hal!HalpVectorToIRQL [edx]
ret
![(1)如何快速的在指定文件夹打开命令行?(1)如何快速的在指定文件夹打开命令行?[图]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)