根目錄0xa0屬性對應的Ntfs!_SCB中的FileObject是什么時候被建立的
第一部分:
0: kd> g
Breakpoint 9 hit
Ntfs!ReadIndexBuffer:
f7173886 55????????????? push??? ebp
0: kd> kc
?#
00 Ntfs!ReadIndexBuffer
01 Ntfs!FindFirstIndexEntry
02 Ntfs!NtfsUpdateFileNameInIndex
03 Ntfs!NtfsUpdateDuplicateInfo
04 Ntfs!NtfsInitializeSecurity
05 Ntfs!NtfsInitializeSecurityFile
06 Ntfs!NtfsMountVolume
07 Ntfs!NtfsCommonFileSystemControl
08 Ntfs!NtfsFspDispatch
09 nt!ExpWorkerThread
0a nt!PspSystemThreadStartup
0b nt!KiThreadStartup
0: kd> dv
???? IrpContext = 0x89797aa8
??????????? Scb = 0xe1350658
???? IndexBlock = 0n0
???????? Reread = 0x00 ''
???????????? Sp = 0xf78d6824
0: kd> dx -r1 ((Ntfs!_INDEX_LOOKUP_STACK *)0xf78d6824)
((Ntfs!_INDEX_LOOKUP_STACK *)0xf78d6824)???????????????? : 0xf78d6824 [Type: _INDEX_LOOKUP_STACK *]
??? [+0x000] Bcb????????????? : 0x0 [Type: void *]
??? [+0x004] StartOfBuffer??? : 0x0 [Type: void *]
??? [+0x008] IndexHeader????? : 0x0 [Type: _INDEX_HEADER *]
??? [+0x00c] IndexEntry?????? : 0x0 [Type: _INDEX_ENTRY *]
??? [+0x010] IndexBlock?????? : 0 [Type: __int64]
??? [+0x018] CapturedLsn????? : {0} [Type: _LARGE_INTEGER]
0: kd> dx -r1 ((Ntfs!_SCB *)0xe1350658)
((Ntfs!_SCB *)0xe1350658)???????????????? : 0xe1350658 [Type: _SCB *]
??? [+0x000] Header?????????? [Type: _NTFS_ADVANCED_FCB_HEADER]
??? [+0x040] FcbLinks???????? [Type: _LIST_ENTRY]
??? [+0x048] Fcb????????????? : 0xe1350590 [Type: _FCB *]
??? [+0x04c] Vcb????????????? : 0x8962e100 [Type: _VCB *]
??? [+0x050] ScbState???????? : 0x480 [Type: unsigned long]
??? [+0x054] NonCachedCleanupCount : 0x0 [Type: unsigned long]
??? [+0x058] CleanupCount???? : 0x0 [Type: unsigned long]
??? [+0x05c] CloseCount?????? : 0x0 [Type: unsigned long]
??? [+0x060] ShareAccess????? [Type: _SHARE_ACCESS]
??? [+0x07c] AttributeTypeCode : 0xa0 [Type: unsigned long]
??? [+0x080] AttributeName??? : "$I30" [Type: _UNICODE_STRING]
??? [+0x088] FileObject?????? : 0x0 [Type: _FILE_OBJECT *]
??? [+0x08c] NonpagedScb????? : 0x89927288 [Type: _SCB_NONPAGED *]
??? [+0x090] Mcb????????????? [Type: _NTFS_MCB]
??? [+0x0a8] McbStructs?????? [Type: NTFS_MCB_INITIAL_STRUCTS]
??? [+0x0f0] CompressionUnit? : 0x0 [Type: unsigned long]
??? [+0x0f4] AttributeFlags?? : 0x0 [Type: unsigned short]
??? [+0x0f6] CompressionUnitShift : 0x0 [Type: unsigned char]
??? [+0x0f7] PadUchar???????? : 0x0 [Type: unsigned char]
??? [+0x0f8] ValidDataToDisk? : 0 [Type: __int64]
??? [+0x100] TotalAllocated?? : 0 [Type: __int64]
??? [+0x108] EofListHead????? [Type: _LIST_ENTRY]
??? [+0x110] CcbQueue???????? [Type: _LIST_ENTRY]
??? [+0x118] ScbSnapshot????? : 0x0 [Type: _SCB_SNAPSHOT *]
??? [+0x11c] EncryptionContext : 0x0 [Type: void *]
??? [+0x120] EncryptionContextLength : 0x0 [Type: unsigned long]
??? [+0x124] ScbPersist?????? : 0x0 [Type: unsigned long]
??? [+0x128] IoAtEofThread??? : 0x0 [Type: unsigned long *]
??? [+0x130] ScbType????????? [Type: __unnamed]
第二部分:
??? if (Scb->FileObject == NULL) {
??????? NtfsCreateInternalAttributeStream( IrpContext,
?????????????????????????????????????????? Scb,
?????????????????????????????????????????? TRUE,
?????????????????????????????????????????? &NtfsInternalUseFile[DIRECTORY_FILE_NUMBER] );
??? }
#define DIRECTORY_FILE_NUMBER?????????????????????? (7)???? //? $Directory
const UNICODE_STRING NtfsInternalUseFile[] = {
??? CONSTANT_UNICODE_STRING( L"\\$ChangeAttributeValue" ),?? ??? ?0
??? CONSTANT_UNICODE_STRING( L"\\$ChangeAttributeValue2" ),?? ??? ?1
??? CONSTANT_UNICODE_STRING( L"\\$CommonCleanup" ),?? ??? ??? ?2
??? CONSTANT_UNICODE_STRING( L"\\$ConvertToNonresident" ),?? ??? ?3
??? CONSTANT_UNICODE_STRING( L"\\$CreateNonresidentWithValue" ),?? ?4
??? CONSTANT_UNICODE_STRING( L"\\$DeallocateRecord" ),?? ??? ??? ?5
??? CONSTANT_UNICODE_STRING( L"\\$DeleteAllocationFromRecord" ),?? ?6
??? CONSTANT_UNICODE_STRING( L"\\$Directory" ),?? ??? ??? ?7
??? CONSTANT_UNICODE_STRING( L"\\$InitializeRecordAllocation" ),
??? CONSTANT_UNICODE_STRING( L"\\$MapAttributeValue" ),
??? CONSTANT_UNICODE_STRING( L"\\$NonCachedIo" ),
??? CONSTANT_UNICODE_STRING( L"\\$PerformHotFix" ),
??? CONSTANT_UNICODE_STRING( L"\\$PrepareToShrinkFileSize" ),
??? CONSTANT_UNICODE_STRING( L"\\$ReplaceAttribute" ),
??? CONSTANT_UNICODE_STRING( L"\\$ReplaceAttribute2" ),
??? CONSTANT_UNICODE_STRING( L"\\$SetAllocationInfo" ),
??? CONSTANT_UNICODE_STRING( L"\\$SetEndOfFileInfo" ),
??? CONSTANT_UNICODE_STRING( L"\\$ZeroRangeInStream" ),
??? CONSTANT_UNICODE_STRING( L"\\$ZeroRangeInStream2" ),
??? CONSTANT_UNICODE_STRING( L"\\$ZeroRangeInStream3" ),
};
第三部分:
0: kd> p
Ntfs!ReadIndexBuffer+0x72:
f71738f8 e8efda0300????? call??? Ntfs!NtfsCreateInternalStreamCommon (f71b13ec)
0: kd> t
Ntfs!NtfsCreateInternalStreamCommon:
f71b13ec 6a34??????????? push??? 34h
0: kd> kc
?#
00 Ntfs!NtfsCreateInternalStreamCommon
01 Ntfs!ReadIndexBuffer
02 Ntfs!FindFirstIndexEntry
03 Ntfs!NtfsUpdateFileNameInIndex
04 Ntfs!NtfsUpdateDuplicateInfo
05 Ntfs!NtfsInitializeSecurity
06 Ntfs!NtfsInitializeSecurityFile
07 Ntfs!NtfsMountVolume
08 Ntfs!NtfsCommonFileSystemControl
09 Ntfs!NtfsFspDispatch
0a nt!ExpWorkerThread
0b nt!PspSystemThreadStartup
0c nt!KiThreadStartup
0: kd> dv
????????????? IrpContext = 0x89797aa8
???????????????????? Scb = 0xe1350658
?????????????? UpdateScb = 0x01 ''
??????? CompressedStream = 0x00 ''
????????????? StreamName = 0xf7161da0 "\$Directory"
stm32使用4g模塊(移遠ec800k)連接mqtt)
)
)
![LeetCode[513]找樹左下角的值](http://pic.xiahunao.cn/LeetCode[513]找樹左下角的值)
