第一部分:
1: kd> t
nt!CcGetVacbMiss+0x4ef:
80a1a68d e810eeffff call nt!SetVacb (80a194a2)
1: kd> t
Breakpoint 2 hit
nt!SetVacb:
80a194a2 55 push ebp
1: kd> kc
#
00 nt!SetVacb
01 nt!CcGetVacbMiss
02 nt!CcGetVirtualAddress
03 nt!CcMapData
04 Ntfs!NtfsMapStream
05 Ntfs!NtfsReadBootSector
06 Ntfs!NtfsMountVolume
07 Ntfs!NtfsCommonFileSystemControl
08 Ntfs!NtfsFspDispatch
09 nt!ExpWorkerThread
0a nt!PspSystemThreadStartup
0b nt!KiThreadStartup
1: kd> dv
SharedCacheMap = 0x89901cc8
Offset = {0}
Vacb = 0x89988000
第二部分:
1: kd> p
nt!CcGetVacbMiss+0x598:
80a1a736 e880b70d00 call nt!__SEH_epilog (80af5ebb)
1: kd> p
nt!CcGetVacbMiss+0x59d:
80a1a73b c21000 ret 10h
1: kd> p
nt!CcGetVirtualAddress+0xc7:
80a1a947 8bf0 mov esi,eax
1: kd> dv
SharedCacheMap = 0x89901d98
FileOffset = {0}
Vacb = 0xf78d6a08
ReceivedLength = 0xf78d69fc
VacbOffset = 0
OldIrql = 0x00 ''
1: kd> r
eax=89988000
返回到这里:
if ((TempVacb = GetVacb( SharedCacheMap, FileOffset )) == NULL) {
TempVacb = CcGetVacbMiss( SharedCacheMap, FileOffset, &OldIrql );
}
返回到这里:
ASSERT( TempVacb->BaseAddress != NULL );
return (PVOID)((PCHAR)TempVacb->BaseAddress + VacbOffset);
}
第三部分:
1: kd> p
nt!CcGetVirtualAddress+0x198:
80a1aa18 c21400 ret 14h
1: kd> r
eax=c1080000
返回到这里:
if (FlagOn(Flags, MAP_WAIT)) {
*Buffer = CcGetVirtualAddress( SharedCacheMap,
*FileOffset,
(PVACB *)&TempBcb,
&ReceivedLength );
ASSERT( ReceivedLength >= Length );
返回到这里:
第四部分:// Loop to touch each page
try {
//
// Loop to touch each page
//
BeyondLastByte.LowPart = 0;
while (PageCount != 0) {
MmSetPageFaultReadAhead( Thread, PageCount - 1 );
ch = *((volatile UCHAR *)(*Buffer) + BeyondLastByte.LowPart);
BeyondLastByte.LowPart += PAGE_SIZE;
PageCount -= 1;
}
第五部分:
1: kd> pr
nt!CcMapData+0x137:
80bf989f 8a0c0a mov cl,byte ptr [edx+ecx]
1: kd> r
eax=0000000f ebx=00000000 ecx=c1080000 edx=00000000
ecx=c1080000
1: kd> !pte c1080000
VA c1080000
PDE at C0300C10 PTE at C0304200
contains 0A03F963 contains 00027400
pfn a03f -G-DA--KWEV not valid
Proto: E1009C00
1: kd> dd C0304200
c0304200 00027400 00027402 00027404 00027406
c0304210 00027408 0002740a 0002740c 0002740e
c0304220 00027410 00027412 00027414 00027416
c0304230 00027418 0002741a 0002741c 0002741e
c0304240 00027420 00027422 00027424 00027426
c0304250 00027428 0002742a 0002742c 0002742e
c0304260 00027430 00027432 00027434 00027436
c0304270 00027438 0002743a 0002743c 0002743e
第六部分:
1: kd> pr
nt!CcMapData+0x137:
80bf989f 8a0c0a mov cl,byte ptr [edx+ecx]
1: kd> r
eax=0000000f ebx=00000000 ecx=c1080000 edx=00000000 esi=8999d020 edi=f78d6a64
eip=80bf989f esp=f78d69dc ebp=f78d6a28 iopl=0 nv up ei ng nz ac po cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000293
nt!CcMapData+0x137:
80bf989f 8a0c0a mov cl,byte ptr [edx+ecx] ds:0023:c1080000=??
1: kd> p
Breakpoint 11 hit
nt!MmAccessFault:
80abcfda 55 push ebp
1: kd> kc
#
00 nt!MmAccessFault
01 nt!_KiTrap0E
02 nt!CcMapData
03 Ntfs!NtfsMapStream
04 Ntfs!NtfsReadBootSector
05 Ntfs!NtfsMountVolume
06 Ntfs!NtfsCommonFileSystemControl
07 Ntfs!NtfsFspDispatch
08 nt!ExpWorkerThread
09 nt!PspSystemThreadStartup
0a nt!KiThreadStartup
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
