第一部分:
NTSTATUS
MmCreatePeb (
IN PEPROCESS TargetProcess,
IN PINITIAL_PEB InitialPeb,
OUT PPEB *Base
)
{
PPEB PebBase;
??????? PebBase->OSMajorVersion = NtMajorVersion;
PebBase->OSMinorVersion = NtMinorVersion;
PebBase->OSBuildNumber = (USHORT)(NtBuildNumber & 0x3FFF);
PebBase->OSPlatformId = 2;????? // VER_PLATFORM_WIN32_NT from winbase.h
PebBase->OSCSDVersion = (USHORT)CmNtCSDVersion;
第二部分:
0: kd> kc
nt!MmCreatePeb
nt!PspCreateProcess
nt!NtCreateProcessEx
nt!_KiSystemService
SharedUserData!SystemCallStub
ntdll!ZwCreateProcessEx
kernel32!CreateProcessInternalW
kernel32!CreateProcessW
cmd!ExecPgm
cmd!ECWork
cmd!ExtCom
cmd!FindFixAndRun
cmd!Dispatch
cmd!main
cmd!mainCRTStartup
kernel32!BaseProcessStart
0: kd> kv
ChildEBP RetAddr? Args to Child???????????? ?
ba10eb74 80d3a7da 892f72d0 ba10ec80 892f7460 nt!MmCreatePeb (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\mm\procsup.c @ 6255]
ba10ecd8 80d3af36 0012fa74 001f0fff 00000000 nt!PspCreateProcess+0x61a (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ps\create.c @ 1623]
ba10ed2c 80afbcb2 0012fa74 001f0fff 00000000 nt!NtCreateProcessEx+0xae (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ps\create.c @ 955]
ba10ed2c 7ffe0304 0012fa74 001f0fff 00000000 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ ba10ed64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
0012f0c0 77f2ed58 77e61163 0012fa74 001f0fff SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
0012f0c4 77e61163 0012fa74 001f0fff 00000000 ntdll!ZwCreateProcessEx+0xc (FPO: [9,0,0]) [d:\srv03rtm\base\ntdll\daytona\obj\i386\usrstubs.asm @ 523]
0012fa9c 77e61e74 00000000 00144d20 001466c0 kernel32!CreateProcessInternalW+0x11c8 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\win32\client\process.c @ 3573]
0012fad4 4ad0c5de 00144d20 001466c0 00000000 kernel32!CreateProcessW+0x2a (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\win32\client\process.c @ 4637]
0012fc20 4ad0d1fa 00146630 001450a8 00000000 cmd!ExecPgm+0x200 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\cmd\cext.c @ 480]
0012fc54 4ad0d302 00146630 00000000 00000000 cmd!ECWork+0x6a (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\cmd\cext.c @ 204]
0012fc6c 4ad124b1 00146630 00000001 00146630 cmd!ExtCom+0x3a (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\cmd\cext.c @ 87]
0012fe98 4ad12dff 00146630 00000001 00000002 cmd!FindFixAndRun+0x111 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\cmd\cmd.c @ 1345]
0012fee0 4ad130cc 00000000 00000001 00000000 cmd!Dispatch+0x1a7 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\cmd\cmd.c @ 683]
0012ff44 4ad21754 00000001 00363cf8 00362f68 cmd!main+0x280 (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\base\cmd\cmd.c @ 431]
0012ffc0 77e62c34 00000000 00000000 7ffdf000 cmd!mainCRTStartup+0x12f (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\base\crts\crtw32\dllstuff\crtexe.c @ 501]
0012fff0 00000000 4ad21625 00000000 78746341 kernel32!BaseProcessStart+0x23 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\win32\client\support.c @ 580]
0: kd> x nt!NtMajorVersion
80a040ac nt!NtMajorVersion = 5
第三部分:
./base/ntos/init/init.c:137:const ULONG NtMajorVersion = VER_PRODUCTMAJORVERSION;
./base/ntos/init/init.c
#include "ntos.h"
#include "ntimage.h"
#include <zwapi.h>
#include <ntdddisk.h>
#include <kddll.h>
#include <setupblk.h>
#include <fsrtl.h>
#include <ntverp.h>?? ??? ?//#include <ntverp.h>
const ULONG NtMajorVersion = VER_PRODUCTMAJORVERSION;
const ULONG NtMinorVersion = VER_PRODUCTMINORVERSION;
#if DBG
ULONG NtBuildNumber = VER_PRODUCTBUILD | 0xC0000000;
#else
ULONG NtBuildNumber = VER_PRODUCTBUILD | 0xF0000000;
#endif
)
求解MaF1-MaF15及工程應用---盤式制動器設計,提供完整MATLAB代碼)
 和 稀疏點云重建的詳細步驟:)
)
)
:Tomcat高版本URL特殊字符限制問題解決方案(RFC 7230 RFC 3986))
)
)