NtTestAlert主动触发APC调用

线程只有在进入alertable状态时才能运行 APC 作业。那是否有不用alertable状态运行 APC 作业的方法。还真有一个就是NtTestAlert函数，它检查当前线程的 APC 队列，如果有任何排队的作业，它会运行它们以清空队列。当一个线程启动时，NtTestAlert会被首先调用在执行下面流程。因此，如果在线程的开始状态将 APC 排队，就可以安全地运行。其中它的底层调用是KeTestAlertThread:

BOOLEAN
 NTAPI
 KeTestAlertThread(IN KPROCESSOR_MODE AlertMode)
 {
     PKTHREAD Thread = KeGetCurrentThread();
     BOOLEAN OldState;
     KLOCK_QUEUE_HANDLE ApcLock;
     ASSERT_THREAD(Thread);
     ASSERT_IRQL_LESS_OR_EQUAL(DISPATCH_LEVEL);

     /* Lock the Dispatcher Database and the APC Queue */
     KiAcquireApcLockRaiseToSynch(Thread, &ApcLock);

     /* Save the old State */
     OldState = Thread->Alerted[AlertMode];

     /* Check the Thread is alerted */
     if (OldState)
     {
         /* Disable alert for this mode */
         Thread->Alerted[AlertMode] = FALSE;
     }
     else if ((AlertMode != KernelMode) &&
              (!IsListEmpty(&Thread->ApcState.ApcListHead[UserMode])))
     {
         /* If the mode is User and the Queue isn't empty, set Pending */
         Thread->ApcState.UserApcPending = TRUE;
     }

     /* Release Locks and return the Old State */
     KiReleaseApcLock(&ApcLock);
     return OldState;
 }