第一部分:
0: kd> p
Ntfs!LfsPinOrMapData+0x8c:
f71797f6 ff15a40016f7??? call??? dword ptr [Ntfs!_imp__CcPinRead (f71600a4)]
0: kd> t
nt!CcPinRead:
80bf9a5a 6a2c??????????? push??? 2Ch
0: kd> kc
#
00 nt!CcPinRead
01 Ntfs!LfsPinOrMapData
02 Ntfs!LfsReadRestart
03 Ntfs!LfsRestartLogFile
04 Ntfs!LfsOpenLogFile
05 Ntfs!NtfsStartLogFile
06 Ntfs!NtfsMountVolume
07 Ntfs!NtfsCommonFileSystemControl
08 Ntfs!NtfsFspDispatch
09 nt!ExpWorkerThread
0a nt!PspSystemThreadStartup
0b nt!KiThreadStartup
0: kd> dv
FileObject = 0x89469688
FileOffset = 0xf78d68b0 {0}
Length = 0x200
Flags = 1
Bcb = 0xf78d6900
??? //
//? Get pointer to SharedCacheMap.
//
??? SharedCacheMap = FileObject->SectionObjectPointer->SharedCacheMap;
第二部分:
0: kd> dv
FileObject = 0x89469688
FileOffset = 0xf78d68b0 {0}
Length = 0x200
Flags = 1
????????? MyBcb = 0x00000000
??????????? //
//? Call local routine to Map or Access the file data.? If we cannot map
//? the data because of a Wait condition, return FALSE.
//
??????????? if (!CcPinFileData( FileObject,
&LocalFileOffset,
Length,
(BOOLEAN)!FlagOn(SharedCacheMap->Flags, MODIFIED_WRITE_DISABLED),
FALSE,
Flags,
CurrentBcbPtr,
&LocalBuffer,
&BeyondLastByte )) {
0: kd> p
nt!CcPinRead+0xbf:
80bf9b19 e8c0b0e1ff????? call??? nt!CcPinFileData (80a14bde)
0: kd> p
nt!CcPinRead+0xc4:
80bf9b1e 84c0??????????? test??? al,al
0: kd> r
eax=f78d6801
第三部分:
dv
LocalBuffer = 0xc1140000
0: kd> dt lfs_restart_page_header 0xc1140000
Ntfs!LFS_RESTART_PAGE_HEADER
+0x000 MultiSectorHeader : _MULTI_SECTOR_HEADER
+0x008 ChkDskLsn??????? : _LARGE_INTEGER 0x0
+0x010 SystemPageSize?? : 0x1000
+0x014 LogPageSize????? : 0x1000
+0x018 RestartOffset??? : 0x30
+0x01a MinorVersion???? : 0n1
+0x01c MajorVersion???? : 0n1
+0x01e UpdateSequenceArray : [1] 9
0: kd> dd 0xc1140000
c1140000? 52545352 0009001e 00000000 00000000
c1140010? 00001000 00001000 00010030 00090001
c1140020? 00000000 00000000 00000000 00000000
c1140030? 08109f97 00000000 ffff0001 00020000
c1140040? 00000028 004000e0 04000000 00000000
c1140050? 00000068 00400030 85e12259 00000000
c1140060? 00000000 00000000 00000000 00000000
c1140070? 08109f8c 00000000 08109f97 00000000
0: kd> db 0xc1140000
c1140000? 52 53 54 52 1e 00 09 00-00 00 00 00 00 00 00 00? RSTR............
c1140010? 00 10 00 00 00 10 00 00-30 00 01 00 01 00 09 00? ........0.......
c1140020? 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00? ................
c1140030? 97 9f 10 08 00 00 00 00-01 00 ff ff 00 00 02 00? ................
c1140040? 28 00 00 00 e0 00 40 00-00 00 00 04 00 00 00 00? (.....@.........
c1140050? 68 00 00 00 30 00 40 00-59 22 e1 85 00 00 00 00? h...0.@.Y"......
c1140060? 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00? ................
c1140070? 8c 9f 10 08 00 00 00 00-97 9f 10 08 00 00 00 00? ................
0: kd> db 0xc1140000+80
c1140080? ff ff ff ff 00 00 00 00-00 00 00 00 08 00 00 00? ................
c1140090? 4e 00 54 00 46 00 53 00-00 00 00 00 00 00 00 00? N.T.F.S.........
c11400a0? 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00? ................
c11400b0? 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00? ................
c11400c0? 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00? ................
c11400d0? 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00? ................
c11400e0? 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00? ................
c11400f0? 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00? ................
0: kd> dt lfs_restart_area 0xc1140000+30
Ntfs!LFS_RESTART_AREA
+0x000 CurrentLsn?????? : _LARGE_INTEGER 0x8109f97
+0x008 LogClients?????? : 1
+0x00a ClientFreeList?? : 0xffff
+0x00c ClientInUseList? : 0
+0x00e Flags??????????? : 2
+0x010 SeqNumberBits??? : 0x28
+0x014 RestartAreaLength : 0xe0
+0x016 ClientArrayOffset : 0x40
+0x018 FileSize???????? : 0n67108864
+0x020 LastLsnDataLength : 0x68
+0x024 RecordHeaderLength : 0x30
+0x026 LogPageDataOffset : 0x40
+0x028 RestartOpenLogCount : 0x85e12259
+0x02c LastFailedFlushStatus : 0
+0x030 LastFailedFlushOffset : 0n0
+0x038 LastFailedFlushLsn : _LARGE_INTEGER 0x0
+0x040 LogClientArray?? : [1] _LFS_CLIENT_RECORD
0: kd> dx -id 0,0,899a2278 -r1 (*((Ntfs!_LFS_CLIENT_RECORD (*)[1])0xc1140070))
(*((Ntfs!_LFS_CLIENT_RECORD (*)[1])0xc1140070))???????????????? [Type: _LFS_CLIENT_RECORD [1]]
[0]????????????? [Type: _LFS_CLIENT_RECORD]
0: kd> dx -id 0,0,899a2278 -r1 (*((Ntfs!_LFS_CLIENT_RECORD *)0xc1140070))
(*((Ntfs!_LFS_CLIENT_RECORD *)0xc1140070))???????????????? [Type: _LFS_CLIENT_RECORD]
[+0x000] OldestLsn??????? : {135307148} [Type: _LARGE_INTEGER]
[+0x008] ClientRestartLsn : {135307159} [Type: _LARGE_INTEGER]
[+0x010] PrevClient?????? : 0xffff [Type: unsigned short]
[+0x012] NextClient?????? : 0xffff [Type: unsigned short]
[+0x014] SeqNumber??????? : 0x0 [Type: unsigned short]
[+0x016] AlignWord??????? : 0x0 [Type: unsigned short]
[+0x018] AlignDWord?????? : 0x0 [Type: unsigned long]
[+0x01c] ClientNameLength : 0x8 [Type: unsigned long]
[+0x020] ClientName?????? [Type: unsigned short [64]]
0: kd> dx -id 0,0,899a2278 -r1 (*((Ntfs!unsigned short (*)[64])0xc1140090))
(*((Ntfs!unsigned short (*)[64])0xc1140090))???????????????? [Type: unsigned short [64]]
[0]????????????? : 0x4e [Type: unsigned short]
[1]????????????? : 0x54 [Type: unsigned short]
[2]????????????? : 0x46 [Type: unsigned short]
[3]????????????? : 0x53 [Type: unsigned short]
0: kd> db 0xc1140090
c1140090? 4e 00 54 00 46 00 53 00-00 00 00 00 00 00 00 00? N.T.F.S.........
第四部分:
0: kd> dt Shared_Cache_Map 0x89469530
nt!SHARED_CACHE_MAP
+0x000 NodeTypeCode???? : 0n767
+0x002 NodeByteSize???? : 0n304
+0x004 OpenCount??????? : 1
+0x008 FileSize???????? : _LARGE_INTEGER 0x4000000
+0x010 BcbList????????? : _LIST_ENTRY [ 0x894d1400 - 0x894d1208 ]
+0x018 SectionSize????? : _LARGE_INTEGER 0x4000000
+0x020 ValidDataLength? : _LARGE_INTEGER 0x7fffffff`ffffffff
+0x028 ValidDataGoal??? : _LARGE_INTEGER 0x7fffffff`ffffffff
+0x030 InitialVacbs???? : [4] (null)
+0x040 Vacbs??????????? : 0x89469320? -> 0x894d1008 _VACB
0: kd> dt subsection 0x899bf650+30
nt!SUBSECTION
+0x000 ControlArea????? : 0x899bf650 _CONTROL_AREA
+0x004 u??????????????? : __unnamed
+0x008 StartingSector?? : 0
+0x00c NumberOfFullSectors : 0x4000
+0x010 SubsectionBase?? : 0xe138d000 _MMPTE
+0x014 UnusedPtes?????? : 0
+0x018 PtesInSubsection : 0x4000
+0x01c NextSubsection?? : (null)
0: kd> dd 0xe138d000
e138d000? 0a0ee921 fdbe6cc0 fdbe6cc0 fdbe6cc0
e138d010? fdbe6cc0 fdbe6cc0 fdbe6cc0 fdbe6cc0
0: kd> !dc a0ee000
# a0ee000 52545352 0009001e 00000000 00000000 RSTR............
# a0ee010 00001000 00001000 00010030 00090001 ........0.......
# a0ee020 00000000 00000000 00000000 00000000 ................
# a0ee030 08109f97 00000000 ffff0001 00020000 ................
# a0ee040 00000028 004000e0 04000000 00000000 (.....@.........
# a0ee050 00000068 00400030 85e12259 00000000 h...0.@.Y"......
# a0ee060 00000000 00000000 00000000 00000000 ................
# a0ee070 08109f8c 00000000 08109f97 00000000 ................
0: kd> !dc a0ee000+80*1f
# a0eef80 00000000 00000000 00000000 00000000 ................
# a0eef90 00000000 00000000 00000000 00000000 ................
# a0eefa0 00000000 00000000 00000000 00000000 ................
# a0eefb0 00000000 00000000 00000000 00000000 ................
# a0eefc0 00000000 00000000 00000000 00000000 ................
# a0eefd0 00000000 00000000 00000000 00000000 ................
# a0eefe0 00000000 00000000 00000000 00000000 ................
# a0eeff0 00000000 00000000 00000000 00000000 ................
0: kd> !dc a0ee000+80*20
# a0ef000 e135ff48 00000001 e135c2f0 899c59a8 H.5.......5..Y..
# a0ef010 00000001 00000001 00000000 00000000 ................
# a0ef020 00000000 00000000 e1360034 00000000 ........4.6.....
# a0ef030 ffffffff 00000007 00000000 00000000 ................
# a0ef040 00000000 00000000 00000000 00000000 ................
# a0ef050 00000000 00000000 00000000 00000000 ................
# a0ef060 00000000 00000000 00000000 00000000 ................
# a0ef070 00000000 00000000 00000000 00000000 ................
;的優缺點比較)
)
![【筆記】開源 AI Agent 項目 V1 版本 [新版] 部署 日志](http://pic.xiahunao.cn/【筆記】開源 AI Agent 項目 V1 版本 [新版] 部署 日志)
