第一部分:
while (TRUE) {
KeClearEvent (&IoEvent);
Status = IoSynchronousPageWrite (FilePointer,
Mdl,
(PLARGE_INTEGER)&StartingOffset,
&IoEvent,
IoStatus);
1: kd> p
nt!MiFlushSectionInternal+0x6f6:
80a72410 e8c74bfbff call nt!IoSynchronousPageWrite (80a26fdc)
1: kd> t
Breakpoint 43 hit
nt!IoSynchronousPageWrite:
80a26fdc 55 push ebp
1: kd> kc
#
00 nt!IoSynchronousPageWrite
01 nt!MiFlushSectionInternal
02 nt!MmFlushSection
03 nt!CcFlushCache
04 Ntfs!LfsFlushLfcb
05 Ntfs!LfsFlushToLsnPriv
06 Ntfs!LfsWriteLfsRestart
07 Ntfs!LfsWriteRestartArea
08 Ntfs!NtfsCheckpointVolume
09 Ntfs!NtfsCheckpointAllVolumes
0a nt!ExpWorkerThread
0b nt!PspSystemThreadStartup
0c nt!KiThreadStartup
1: kd> dv
FileObject = 0x89469688
MemoryDescriptorList = 0xf78d263c
StartingOffset = 0xf78d26bc {7884800}
Event = 0xf78d26a0
IoStatusBlock = 0xf78d2834
1: kd> dx -r1 ((ntkrnlmp!_MDL *)0xf78d263c)
((ntkrnlmp!_MDL *)0xf78d263c) : 0xf78d263c [Type: _MDL *]
[+0x000] Next : 0x0 [Type: _MDL *]
[+0x004] Size : 92 [Type: short]
[+0x006] MdlFlags : 2 [Type: short]
[+0x008] Process : 0x0 [Type: _EPROCESS *]
[+0x00c] MappedSystemVa : 0x0 [Type: void *]
[+0x010] StartVa : 0x0 [Type: void *]
[+0x014] ByteCount : 0x2000 [Type: unsigned long]
[+0x018] ByteOffset : 0x0 [Type: unsigned long]
if (CcIsFileCached(FileObject)) {
CcDataFlushes += 1;
CcDataPages += (MemoryDescriptorList->ByteCount + PAGE_SIZE - 1) >> PAGE_SHIFT; eax=00000002
}
1: kd> x nt!CcDataFlushes
80b1ca50 nt!CcDataFlushes = 0xb
1: kd> p
nt!IoSynchronousPageWrite+0x27:
80a27003 c1e80c shr eax,0Ch
1: kd> p
nt!IoSynchronousPageWrite+0x2a:
80a27006 01054ccab180 add dword ptr [nt!CcDataPages (80b1ca4c)],eax
1: kd> r
eax=00000002
第二部分:
1: kd> p
nt!IoSynchronousPageWrite+0x43:
80a2701f ff150888b180 call dword ptr [nt!pIoAllocateIrp (80b18808)]
1: kd> p
nt!IoSynchronousPageWrite+0x49:
80a27025 85c0 test eax,eax
1: kd> r
eax=894c7980
1: kd> dt _irp 894c7980
ntdll!_IRP
+0x000 Type : 0n6
+0x002 Size : 0x190
+0x004 MdlAddress : (null)
+0x008 Flags : 0
+0x00c AssociatedIrp : __unnamed
+0x010 ThreadListEntry : _LIST_ENTRY [ 0x894c7990 - 0x894c7990 ]
+0x018 IoStatus : _IO_STATUS_BLOCK
+0x020 RequestorMode : 0 ''
+0x021 PendingReturned : 0 ''
+0x022 StackCount : 7 ''
+0x023 CurrentLocation : 8 ''
+0x024 Cancel : 0 ''
+0x025 CancelIrql : 0 ''
+0x026 ApcEnvironment : 0 ''
+0x027 AllocationFlags : 0x4 ''
+0x028 UserIosb : (null)
+0x02c UserEvent : (null)
+0x030 Overlay : __unnamed
+0x038 CancelRoutine : (null)
+0x03c UserBuffer : (null)
+0x040 Tail : __unnamed
第三部分:
irp->MdlAddress = MemoryDescriptorList;
irp->Flags = IRP_PAGING_IO | IRP_NOCACHE | IRP_SYNCHRONOUS_PAGING_IO;
irp->RequestorMode = KernelMode;
irp->UserIosb = IoStatusBlock;
irp->UserEvent = Event;
irp->UserBuffer = (PVOID) ((PCHAR) MemoryDescriptorList->StartVa + MemoryDescriptorList->ByteOffset);
irp->Tail.Overlay.OriginalFileObject = FileObject;
irp->Tail.Overlay.Thread = PsGetCurrentThread();
1: kd> dt _irp 894c7980
ntdll!_IRP
+0x000 Type : 0n6
+0x002 Size : 0x190
+0x004 MdlAddress : 0xf78d263c _MDL
+0x008 Flags : 0x43
+0x00c AssociatedIrp : __unnamed
+0x010 ThreadListEntry : _LIST_ENTRY [ 0x894c7990 - 0x894c7990 ]
+0x018 IoStatus : _IO_STATUS_BLOCK
+0x020 RequestorMode : 0 ''
+0x021 PendingReturned : 0 ''
+0x022 StackCount : 7 ''
+0x023 CurrentLocation : 8 ''
+0x024 Cancel : 0 ''
+0x025 CancelIrql : 0 ''
+0x026 ApcEnvironment : 0 ''
+0x027 AllocationFlags : 0x4 ''
+0x028 UserIosb : 0xf78d2834 _IO_STATUS_BLOCK
+0x02c UserEvent : 0xf78d26a0 _KEVENT
+0x030 Overlay : __unnamed
+0x038 CancelRoutine : (null)
+0x03c UserBuffer : (null)
+0x040 Tail : __unnamed
1: kd> dx -id 0,0,899a2278 -r1 ((ntdll!_MDL *)0xf78d263c)
((ntdll!_MDL *)0xf78d263c) : 0xf78d263c [Type: _MDL *]
[+0x000] Next : 0x0 [Type: _MDL *]
[+0x004] Size : 92 [Type: short]
[+0x006] MdlFlags : 2 [Type: short]
[+0x008] Process : 0x0 [Type: _EPROCESS *]
[+0x00c] MappedSystemVa : 0x0 [Type: void *]
[+0x010] StartVa : 0x0 [Type: void *]
[+0x014] ByteCount : 0x2000 [Type: unsigned long]
[+0x018] ByteOffset : 0x0 [Type: unsigned long]
第四部分:
//
// Fill in the normal write parameters.
//
irpSp->MajorFunction = IRP_MJ_WRITE;
irpSp->Parameters.Write.Length = MemoryDescriptorList->ByteCount;
irpSp->Parameters.Write.ByteOffset = *StartingOffset;
irpSp->FileObject = FileObject;
dv
StartingOffset = 0xf78d26bc {7884800}
1: kd> dt _io_stack_location 894c7ac8
ntdll!_IO_STACK_LOCATION
+0x000 MajorFunction : 0x4 ''
+0x001 MinorFunction : 0 ''
+0x002 Flags : 0 ''
+0x003 Control : 0 ''
+0x004 Parameters : __unnamed
+0x014 DeviceObject : (null)
+0x018 FileObject : (null)
+0x01c CompletionRoutine : (null)
+0x020 Context : (null)
1: kd> dt _io_stack_location 894c7ac8
ntdll!_IO_STACK_LOCATION
+0x000 MajorFunction : 0x4 ''
+0x001 MinorFunction : 0 ''
+0x002 Flags : 0 ''
+0x003 Control : 0 ''
+0x004 Parameters : __unnamed
+0x014 DeviceObject : (null)
+0x018 FileObject : 0x89469688 _FILE_OBJECT
+0x01c CompletionRoutine : (null)
+0x020 Context : (null)
1: kd> dt _io_stack_location 894c7ac8 -r
ntdll!_IO_STACK_LOCATION
+0x000 MajorFunction : 0x4 ''
+0x001 MinorFunction : 0 ''
+0x002 Flags : 0 ''
+0x003 Control : 0 ''
+0x004 Parameters : __unnamed
+0x000 Write : __unnamed
+0x000 Length : 0x2000
+0x004 Key : 0
+0x008 ByteOffset : _LARGE_INTEGER 0x785000
第五部分:
1: kd> p
nt!IoSynchronousPageWrite+0xa8:
80a27084 e871f6ffff call nt!IofCallDriver (80a266fa)
1: kd> t
nt!IofCallDriver:
80a266fa 55 push ebp
1: kd> kc
#
00 nt!IofCallDriver
01 nt!IoSynchronousPageWrite
02 nt!MiFlushSectionInternal
03 nt!MmFlushSection
04 nt!CcFlushCache
05 Ntfs!LfsFlushLfcb
06 Ntfs!LfsFlushToLsnPriv
07 Ntfs!LfsWriteLfsRestart
08 Ntfs!LfsWriteRestartArea
09 Ntfs!NtfsCheckpointVolume
0a Ntfs!NtfsCheckpointAllVolumes
0b nt!ExpWorkerThread
0c nt!PspSystemThreadStartup
0d nt!KiThreadStartup
1: kd> dv
DeviceObject = 0x894c7980 Device for {...}
Irp = 0x8962e020
NTSTATUS
FASTCALL
IofCallDriver(
IN PDEVICE_OBJECT DeviceObject,
IN OUT PIRP Irp
)
{
if (pIofCallDriver != NULL) {
//
// This routine will either jump immediately to IovCallDriver or
// IoPerfCallDriver.
//
return pIofCallDriver(DeviceObject, Irp, _ReturnAddress());
}
return IopfCallDriver(DeviceObject, Irp);
}
1: kd> p
nt!IofCallDriver+0x5c:
80a26756 56 push esi
1: kd> p
nt!IofCallDriver+0x5d:
80a26757 57 push edi
1: kd> p
nt!IofCallDriver+0x5e:
80a26758 ff548138 call dword ptr [ecx+eax*4+38h]
1: kd> r
eax=00000004 ebx=00000000 ecx=89630390 edx=894c7980 esi=894c7980 edi=8962e020
eip=80a26758 esp=f78d25ec ebp=f78d2600 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
nt!IofCallDriver+0x5e:
80a26758 ff548138 call dword ptr [ecx+eax*4+38h] ds:0023:896303d8={Ntfs!NtfsFsdWrite (f714171a)}
1: kd> t
Ntfs!NtfsFsdWrite:
f714171a 6a48 push 48h
1: kd> kc
#
00 Ntfs!NtfsFsdWrite
01 nt!IofCallDriver
02 nt!IoSynchronousPageWrite
03 nt!MiFlushSectionInternal
04 nt!MmFlushSection
05 nt!CcFlushCache
06 Ntfs!LfsFlushLfcb
07 Ntfs!LfsFlushToLsnPriv
08 Ntfs!LfsWriteLfsRestart
09 Ntfs!LfsWriteRestartArea
0a Ntfs!NtfsCheckpointVolume
0b Ntfs!NtfsCheckpointAllVolumes
0c nt!ExpWorkerThread
0d nt!PspSystemThreadStartup
0e nt!KiThreadStartup
1: kd> dv
VolumeDeviceObject = 0x8962e020
Irp = 0x894c7980
![基于SSM框架+mysql实现的监考安排管理系统[含源码+数据库+项目开发技术手册]](http://pic.xiahunao.cn/基于SSM框架+mysql实现的监考安排管理系统[含源码+数据库+项目开发技术手册])
` 的例子**)
