第一部分:
Next = SmpSubSystemsToLoad.Flink;
while ( Next != &SmpSubSystemsToLoad ) {
p = CONTAINING_RECORD( Next,
SMP_REGISTRY_VALUE,
Entry
);
#if SMP_SHOW_REGISTRY_DATA
DbgPrint( "SMSS: Loaded SubSystem( %wZ = %wZ )\n", &p->Name, &p->Value );
#endif
if (!_wcsicmp( p->Name.Buffer, L"debug" )) {
Status = SmpExecuteCommand( &p->Value, *pMuSessionId, pWindowsSubSysProcessId, SMP_SUBSYSTEM_FLAG | SMP_DEBUG_FLAG );
}
else {
Status = SmpExecuteCommand( &p->Value, *pMuSessionId, pWindowsSubSysProcessId, SMP_SUBSYSTEM_FLAG );
}
第二部分:
0: kd> dt _SMP_REGISTRY_VALUE 00163fd0
smss!_SMP_REGISTRY_VALUE
+0x000 Entry : _LIST_ENTRY [ 0x164168 - 0x4858f618 ]
+0x008 Name : _UNICODE_STRING "Debug"
+0x010 Value : _UNICODE_STRING ""
+0x018 AnsiValue : 0x00164018 ""
0: kd> x smss!SmpSubSystemsToLoad
4858f618 smss!SmpSubSystemsToLoad = struct _LIST_ENTRY [ 0x163fd0 - 0x164168 ]
0: kd> dx -r1 (*((smss!_LIST_ENTRY *)0x4858f618))
(*((smss!_LIST_ENTRY *)0x4858f618)) [Type: _LIST_ENTRY]
[+0x000] Flink : 0x163fd0 [Type: _LIST_ENTRY *]
[+0x004] Blink : 0x164168 [Type: _LIST_ENTRY *]
0: kd> dx -r1 ((smss!_LIST_ENTRY *)0x163fd0)
((smss!_LIST_ENTRY *)0x163fd0) : 0x163fd0 [Type: _LIST_ENTRY *]
[+0x000] Flink : 0x164168 [Type: _LIST_ENTRY *]
[+0x004] Blink : 0x4858f618 [Type: _LIST_ENTRY *]
0: kd> dt _SMP_REGISTRY_VALUE 0x164168
smss!_SMP_REGISTRY_VALUE
+0x000 Entry : _LIST_ENTRY [ 0x4858f618 - 0x163fd0 ]
+0x008 Name : _UNICODE_STRING "Windows"
+0x010 Value : _UNICODE_STRING "C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
+0x018 AnsiValue : 0x001641a0 "C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
0: kd> x smss!SmpSubSystemsToLoad
4858f618 smss!SmpSubSystemsToLoad = struct _LIST_ENTRY [ 0x163fd0 - 0x164168 ]
if (!_wcsicmp( p->Name.Buffer, L"debug" )) {
Status = SmpExecuteCommand( &p->Value, *pMuSessionId, pWindowsSubSysProcessId, SMP_SUBSYSTEM_FLAG | SMP_DEBUG_FLAG );
}
第三部分:
0: kd> t
Breakpoint 3 hit
smss!SmpExecuteCommand:
001b:4858a860 55 push ebp
0: kd> kc
#
00 smss!SmpExecuteCommand
01 smss!SmpLoadSubSystemsForMuSession
02 smss!SmpLoadDataFromRegistry
03 smss!SmpInit
04 smss!main
05 smss!NtProcessStartup
0: kd> dv
CommandLine = 0x00163fe0 ""
MuSessionId = 0
pWindowsSubSysProcessId = 0x4858f614
Flags = 9
ImageFileName = ""
CurrentDirectory = 394 ''
Arguments = 3266
if (Flags & SMP_DEBUG_FLAG) {
return( STATUS_SUCCESS );
}
第四部分:
0: kd> t
Breakpoint 3 hit
smss!SmpExecuteCommand:
001b:4858a860 55 push ebp
0: kd> kc
#
00 smss!SmpExecuteCommand
01 smss!SmpLoadSubSystemsForMuSession
02 smss!SmpLoadDataFromRegistry
03 smss!SmpInit
04 smss!main
05 smss!NtProcessStartup
0: kd> dv
CommandLine = 0x00164178 "C:\WINDOWS\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16"
MuSessionId = 0
pWindowsSubSysProcessId = 0x4858f614
Flags = 8
ImageFileName = ""
CurrentDirectory = 394 ''
Arguments = 3266
案例:构建简单的区块链——密码学基础)
原理)
