ACPI!ParsePackageLen函数分析--非常重要
ACPI!ParseScope函数的作用就是分析opcode后调用PushTerm函数建立帧
然后调用parseterm函数处理帧。
while (!IsStackEmpty(pctxt))
{
CHKDEBUGGERREQ();
pfh = (PFRAMEHDR)pctxt->LocalHeap.pbHeapEnd;
ASSERT(pfh->pfnParse != NULL);
rc = pfh->pfnParse(pctxt, pfh, rc);
0: kd> p
eax=8997de00 ebx=f743a948 ecx=8997c000 edx=00000014 esi=8997c000 edi=8997de20
eip=f741d80d esp=f789a144 ebp=f789a158 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!RunContext+0xfd:
f741d80d 837f0c00 cmp dword ptr [edi+0Ch],0 ds:0023:8997de2c={ACPI!ParseTerm (f7427a34)}
0: kd> kc
#
00 ACPI!ParseTerm
01 ACPI!RunContext
02 ACPI!InsertReadyQueue
03 ACPI!RestartContext
04 ACPI!SyncLoadDDB
05 ACPI!AMLILoadDDB
06 ACPI!ACPIInitializeDDB
07 ACPI!ACPIInitializeDDBs
08 ACPI!ACPIInitialize
09 ACPI!ACPIInitStartACPI
0a ACPI!ACPIRootIrpStartDevice
0b ACPI!ACPIDispatchIrp
0c nt!IofCallDriver
0d nt!IopSynchronousCall
0e nt!IopStartDevice
0f nt!PipProcessStartPhase1
10 nt!PipProcessDevNodeTree
11 nt!PipDeviceActionWorker
12 nt!PipRequestDeviceAction
13 nt!IopInitializeBootDrivers
14 nt!IoInitSystem
15 nt!Phase1Initialization
16 nt!PspSystemThreadStartup
17 nt!KiThreadStartup
0: kd> dv
pctxt = 0x8997c000
pterm = 0x8997de20
rc = 0n0
if (pterm->pamlterm->dwfOpcode & OF_VARIABLE_LIST)
{
ParsePackageLen(&pctxt->pbOp, &pterm->pbOpEnd);
}
DWORD LOCAL ParsePackageLen(PBYTE *ppbOp, PBYTE *ppbOpNext)
{
DWORD dwLen;
BYTE bFollowCnt, i;
ENTER((2, "ParsePackageLen(pbOp=%x,ppbOpNext=%x)\n", *ppbOp, ppbOpNext));
if (ppbOpNext != NULL)
*ppbOpNext = *ppbOp;
dwLen = (DWORD)(**ppbOp);
(*ppbOp)++;
bFollowCnt = (BYTE)((dwLen & 0xc0) >> 6);
if (bFollowCnt != 0)
{
dwLen &= 0x0000000f;
for (i = 0; i < bFollowCnt; ++i)
{
dwLen |= (DWORD)(**ppbOp) << (i*8 + 4);
(*ppbOp)++;
}
}
if (ppbOpNext != NULL)
*ppbOpNext += dwLen;
EXIT((2, "ParsePackageLen=%x (pbOp=%x,pbOpNext=%x)\n",
dwLen, *ppbOp, ppbOpNext? *ppbOpNext: 0));
return dwLen;
} //ParsePackageLen
0: kd> t
eax=8997c03c ebx=8997c000 ecx=8997c000 edx=00000014 esi=8997de20 edi=00000000
eip=f74266a0 esp=f789a118 ebp=f789a130 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
ACPI!ParsePackageLen:
f74266a0 55 push ebp
0: kd> kc
#
00 ACPI!ParsePackageLen
01 ACPI!ParseTerm
02 ACPI!RunContext
03 ACPI!InsertReadyQueue
04 ACPI!RestartContext
05 ACPI!SyncLoadDDB
06 ACPI!AMLILoadDDB
07 ACPI!ACPIInitializeDDB
08 ACPI!ACPIInitializeDDBs
09 ACPI!ACPIInitialize
0a ACPI!ACPIInitStartACPI
0b ACPI!ACPIRootIrpStartDevice
0c ACPI!ACPIDispatchIrp
0d nt!IofCallDriver
0e nt!IopSynchronousCall
0f nt!IopStartDevice
10 nt!PipProcessStartPhase1
11 nt!PipProcessDevNodeTree
12 nt!PipDeviceActionWorker
13 nt!PipRequestDeviceAction
14 nt!IopInitializeBootDrivers
15 nt!IoInitSystem
16 nt!Phase1Initialization
17 nt!PspSystemThreadStartup
18 nt!KiThreadStartup
0: kd> dv
ppbOp = 0x8997c03c
ppbOpNext = 0x8997de34
0: kd> dd 0x8997c03c
8997c03c f74c8cbd 00000000 00000000 00000000
8997c04c 00000000 00000000 f741eeb5 00000000
8997c05c f789a1bc 000a0008 00000000 8997c068
8997c06c 8997c068 00000000 00000000 00000000
8997c07c 00000000 00000000 00000000 01000013
8997c08c 00000000 00000000 f741eff5 8997c000
8997c09c 00000000 00000000 00000000 899af000
8997c0ac 00000000 00000000 00000000 00000000
0: kd> db f74c8cbd
f74c8cbd 46 58 49 53 41 5f 08 5f-41 44 52 0c 00 00 07 00 FXISA_._ADR.....
f74c8ccd 5b 82 4a 14 4d 42 52 44-08 5f 48 49 44 0c 41 d0 [.J.MBRD._HID.A.
if (ppbOpNext != NULL)
*ppbOpNext = *ppbOp;
0: kd> dv
ppbOp = 0x8997c03c
ppbOpNext = 0x8997de34
0: kd> dx -id 0,0,899a2278 -r1 ((ACPI!unsigned char * *)0x8997de34)
((ACPI!unsigned char * *)0x8997de34) : 0x8997de34 [Type: unsigned char * *]
0xf74c8cbd : 0x46 [Type: unsigned char *]
0: kd> p
eax=f74c8cbd ebx=8997de34 ecx=8997c000 edx=00000014 esi=8997c03c edi=00000000
eip=f74266e1 esp=f789a108 ebp=f789a114 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
ACPI!ParsePackageLen+0x41:
f74266e1 0fb638 movzx edi,byte ptr [eax] ds:0023:f74c8cbd=46
0: kd> p
eax=f74c8cbd ebx=8997de34 ecx=8997c000 edx=00000014 esi=8997c03c edi=00000046
eip=f74266e4 esp=f789a108 ebp=f789a114 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
ACPI!ParsePackageLen+0x44:
f74266e4 8bd7 mov edx,edi
0: kd> p
eax=f74c8cbd ebx=8997de34 ecx=8997c000 edx=00000046 esi=8997c03c edi=00000046
eip=f74266e6 esp=f789a108 ebp=f789a114 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
ACPI!ParsePackageLen+0x46:
f74266e6 40 inc eax
0: kd> p
eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000046 esi=8997c03c edi=00000046
eip=f74266e7 esp=f789a108 ebp=f789a114 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
ACPI!ParsePackageLen+0x47:
f74266e7 c1ea06 shr edx,6
0: kd> p
eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000046
eip=f74266ea esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
ACPI!ParsePackageLen+0x4a:
f74266ea 80e203 and dl,3
0: kd> p
eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000046
eip=f74266ed esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
ACPI!ParsePackageLen+0x4d:
f74266ed 8906 mov dword ptr [esi],eax ds:0023:8997c03c=f74c8cbd
0: kd> p
eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000046
eip=f74266ef esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
ACPI!ParsePackageLen+0x4f:
f74266ef 7428 je ACPI!ParsePackageLen+0x79 (f7426719) [br=0]
0: kd> p
eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000046
eip=f74266f1 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
ACPI!ParsePackageLen+0x51:
f74266f1 83e70f and edi,0Fh
0: kd> p
eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000006
eip=f74266f4 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
ACPI!ParsePackageLen+0x54:
f74266f4 84d2 test dl,dl
0: kd> p
eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000006
eip=f74266f6 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
ACPI!ParsePackageLen+0x56:
f74266f6 7621 jbe ACPI!ParsePackageLen+0x79 (f7426719) [br=0]
0: kd> p
eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000006
eip=f74266f8 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
ACPI!ParsePackageLen+0x58:
f74266f8 c7450804000000 mov dword ptr [ebp+8],4 ss:0010:f789a11c=8997c03c
0: kd> p
eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000006
eip=f74266ff esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
ACPI!ParsePackageLen+0x5f:
f74266ff 0fb6d2 movzx edx,dl
0: kd> p
eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000006
eip=f7426702 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
ACPI!ParsePackageLen+0x62:
f7426702 0fb618 movzx ebx,byte ptr [eax] ds:0023:f74c8cbe=58
0: kd> p
eax=f74c8cbe ebx=00000058 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000006
eip=f7426705 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
ACPI!ParsePackageLen+0x65:
f7426705 8b4d08 mov ecx,dword ptr [ebp+8] ss:0010:f789a11c=00000004
0: kd> p
eax=f74c8cbe ebx=00000058 ecx=00000004 edx=00000001 esi=8997c03c edi=00000006
eip=f7426708 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
ACPI!ParsePackageLen+0x68:
f7426708 83450808 add dword ptr [ebp+8],8 ss:0010:f789a11c=00000004
0: kd> p
eax=f74c8cbe ebx=00000058 ecx=00000004 edx=00000001 esi=8997c03c edi=00000006
eip=f742670c esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
ACPI!ParsePackageLen+0x6c:
f742670c d3e3 shl ebx,cl
0: kd> p
eax=f74c8cbe ebx=00000580 ecx=00000004 edx=00000001 esi=8997c03c edi=00000006
eip=f742670e esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
ACPI!ParsePackageLen+0x6e:
f742670e 0bfb or edi,ebx
0: kd> p
eax=f74c8cbe ebx=00000580 ecx=00000004 edx=00000001 esi=8997c03c edi=00000586
eip=f7426710 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
ACPI!ParsePackageLen+0x70:
f7426710 40 inc eax
0: kd> p
eax=f74c8cbf ebx=00000580 ecx=00000004 edx=00000001 esi=8997c03c edi=00000586
eip=f7426711 esp=f789a108 ebp=f789a114 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
ACPI!ParsePackageLen+0x71:
f7426711 4a dec edx
0: kd> db f74c8cbf
f74c8cbf 49 53 41 5f 08 5f 41 44-52 0c 00 00 07 00 5b 82 ISA_._ADR.....[.
f74c8ccf 4a 14 4d 42 52 44 08 5f-48 49 44 0c 41 d0 0c 02 J.MBRD._HID.A...
f74c8cdf 08 5f 55 49 44 0a 1f 08-52 53 52 43 11 46 0b 0a ._UID...RSRC.F..
f74c8cef b2 47 01 10 00 10 00 01-10 47 01 24 00 24 00 01 .G.......G.$.$..
f74c8cff 02 47 01 28 00 28 00 01-02 47 01 2c 00 2c 00 01 .G.(.(...G.,.,..
f74c8d0f 02 47 01 2e 00 2e 00 01-02 47 01 30 00 30 00 01 .G.......G.0.0..
f74c8d1f 02 47 01 34 00 34 00 01-02 47 01 38 00 38 00 01 .G.4.4...G.8.8..
f74c8d2f 02 47 01 3c 00 3c 00 01-02 47 01 50 00 50 00 01 .G.<.<...G.P.P..
0: kd> p
eax=f74c8cbf ebx=00000580 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586
eip=f7426712 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ParsePackageLen+0x72:
f7426712 8906 mov dword ptr [esi],eax ds:0023:8997c03c=f74c8cbe
0: kd> p
eax=f74c8cbf ebx=00000580 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586
eip=f7426714 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ParsePackageLen+0x74:
f7426714 75ec jne ACPI!ParsePackageLen+0x62 (f7426702) [br=0]
0: kd> p
eax=f74c8cbf ebx=00000580 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586
eip=f7426716 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ParsePackageLen+0x76:
f7426716 8b5d0c mov ebx,dword ptr [ebp+0Ch] ss:0010:f789a120=8997de34
0: kd> p
eax=f74c8cbf ebx=8997de34 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586
eip=f7426719 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ParsePackageLen+0x79:
f7426719 85db test ebx,ebx
0: kd> p
eax=f74c8cbf ebx=8997de34 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586
eip=f742671b esp=f789a108 ebp=f789a114 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
ACPI!ParsePackageLen+0x7b:
f742671b 7402 je ACPI!ParsePackageLen+0x7f (f742671f) [br=0]
0: kd> p
eax=f74c8cbf ebx=8997de34 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586
eip=f742671d esp=f789a108 ebp=f789a114 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
ACPI!ParsePackageLen+0x7d:
f742671d 013b add dword ptr [ebx],edi ds:0023:8997de34=f74c8cbd
0: kd> dd 8997de34
8997de34 f74c8cbd f74c92a2 f7438df0 00000000
8997de44 00000000 00000001 899b0af4 8997c040
8997de54 504f4353 00000028 00000001 f74274fd
8997de64 f74c92a2 00000000 899af0f0 899af330
8997de74 899af000 8997c040 4d524554 00000034
8997de84 00000003 f7427a34 f74c77f6 f74c92a2
8997de94 f74c96c5 f7438df0 899affac 00000001
8997dea4 00000001 899af520 8997c040 504f4353
0: kd> dd f74c8cbd+00000586
f74c9243 502f825b 085f5257 5244415f 0700030c
f74c9253 50805b00 025f4943 600a400a 5013815b
f74c9263 035f4943 41424d50 26400020 41424253
f74c9273 1b825b20 5f425355 44415f08 00020c52
f74c9283 5f080007 12575250 080a0206 825b010a
f74c9293 4544490f 415f085f 010c5244 14000700
f74c92a3 4f564927 7d700243 e90b797d 00100a40
f74c92b3 080a6879 00690000 5f032f5c 505f4253
0: kd> ? f74c8cbd+00000586
Evaluate expression: -145976765 = f74c9243
0: kd> dv
ppbOp = 0x0000000c
ppbOpNext = 0x8997de34
0: kd> p
eax=f74c8cbf ebx=8997de34 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586
eip=f742671f esp=f789a108 ebp=f789a114 iopl=0 nv up ei ng nz ac po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000292
ACPI!ParsePackageLen+0x7f:
f742671f ff0dbcb143f7 dec dword ptr [ACPI!giIndent (f743b1bc)] ds:0023:f743b1bc=00000007
0: kd> p
eax=f74c8cbf ebx=8997de34 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586
eip=f7426725 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
ACPI!ParsePackageLen+0x85:
f7426725 6a00 push 0
0: kd> p
eax=f74c8cbf ebx=8997de34 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586
eip=f7426727 esp=f789a104 ebp=f789a114 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
ACPI!ParsePackageLen+0x87:
f7426727 68146943f7 push offset ACPI!`string' (f7436914)
0: kd> p
eax=f74c8cbf ebx=8997de34 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586
eip=f742672c esp=f789a100 ebp=f789a114 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
ACPI!ParsePackageLen+0x8c:
f742672c 6a02 push 2
0: kd> p
eax=f74c8cbf ebx=8997de34 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586
eip=f742672e esp=f789a0fc ebp=f789a114 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
ACPI!ParsePackageLen+0x8e:
f742672e e80182ffff call ACPI!IsTraceOn (f741e934)
0: kd> p
eax=00000586 ebx=8997c000 ecx=00000004 edx=00000000 esi=8997de20 edi=00000000
eip=f7427b26 esp=f789a11c ebp=f789a130 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ParseTerm+0xf2:
f7427b26 59 pop ecx
0: kd> dv
pctxt = 0x8997c000
pterm = 0x8997de20
rc = 0n0
0: kd> dx -id 0,0,899a2278 -r1 ((ACPI!_term *)0x8997de20)
((ACPI!_term *)0x8997de20) : 0x8997de20 [Type: _term *]
[+0x000] FrameHdr [Type: _framehdr]
[+0x010] pbOpTerm : 0xf74c8cbb : 0x5b [Type: unsigned char *]
[+0x014] pbOpEnd : 0xf74c9243 : 0x5b [Type: unsigned char *]
[+0x018] pbScopeEnd : 0xf74c92a2 : 0x14 [Type: unsigned char *]
[+0x01c] pamlterm : 0xf7438df0 [Type: _amlterm *]
[+0x020] pnsObj : 0x0 [Type: _NSObj *]
[+0x024] iArg : 0 [Type: int]
[+0x028] icArgs : 1 [Type: int]
[+0x02c] pdataArgs : 0x899b0af4 [Type: _ObjData *]
[+0x030] pdataResult : 0x8997c040 [Type: _ObjData *]
0: kd> dx -id 0,0,899a2278 -r1 ((ACPI!_ctxt *)0x8997c000)
((ACPI!_ctxt *)0x8997c000) : 0x8997c000 [Type: _ctxt *]
[+0x000] dwSig : 0x54585443 [Type: unsigned long]
[+0x004] pbCtxtEnd : 0x8997e000 : 0x54 [Type: unsigned char *]
[+0x008] listCtxt [Type: _List]
[+0x010] listQueue [Type: _List]
[+0x018] pplistCtxtQueue : 0x0 [Type: _List * *]
[+0x01c] plistResources : 0x0 [Type: _List *]
[+0x020] dwfCtxt : 0x10 [Type: unsigned long]
[+0x024] pnsObj : 0x0 [Type: _NSObj *]
[+0x028] pnsScope : 0x899affac [Type: _NSObj *]
[+0x02c] powner : 0x899af330 [Type: _objowner *]
[+0x030] pcall : 0x8997df34 [Type: _call *]
[+0x034] pnctxt : 0x0 [Type: _nestedctxt *]
[+0x038] dwSyncLevel : 0x0 [Type: unsigned long]
[+0x03c] pbOp : 0xf74c8cbf : 0x49 [Type: unsigned char *]
[+0x040] Result [Type: _ObjData]
[+0x054] pfnAsyncCallBack : 0xf741eeb5 [Type: void (__cdecl*)(_NSObj *,long,_ObjData *,void *)]
[+0x058] pdataCallBack : 0x0 [Type: _ObjData *]
[+0x05c] pvContext : 0xf789a1bc [Type: void *]
[+0x060] Timer [Type: _KTIMER]
[+0x088] Dpc [Type: _KDPC]
[+0x0a8] pheapCurrent : 0x899af000 [Type: _heap *]
[+0x0ac] CtxtData [Type: _ctxtdata]
[+0x0bc] LocalHeap [Type: _heap]
0: kd> db 0xf74c8cbf-10
f74c8caf 50 5f 08 5f 41 44 52 0c-00 00 01 00 5b 82 46 58 P_._ADR.....[.FX
f74c8cbf 49 53 41 5f 08 5f 41 44-52 0c 00 00 07 00 5b 82 ISA_._ADR.....[.
46 58 算出的长度是0x586 取100 0110 的前6位,第7位是1,下面还有1个字节!!
加起来是0x586!!!
46 58 59 算出的长度是0x586 取1000 0110 的前6位,第8位是1,下面还有2个字节!!
加起来是0x59586!!!
