Advanced Debugging
About AdvDbg Consult Train Services Products Tools Community Contact  
欢迎光临 高端调试 登录 | 注册 | FAQ
  内核调试
  ACPI调试
Linux内核调试
Windows内核调试
  调试方法学
  调试战役
调试原理
新工具观察
  操作系统
  Linux
Windows Vista
Windows
  驱动开发
  Linux驱动
WDF
WDM
  总线
  PCI Express
PCI/PCI-X
USB
无线通信协议
  中央处理器
  64位CPU
ARM
IA-32
  CPU Info Center
  计算机机系统
  ACPI标准
系统认证
Desktop
服务器
  嵌入式系统
  Embedded Linux
嵌入式开发工具
VxWorks
WinCE
嵌入式Windows
  特别链接
  格蠹调试套件(GDK)
  格蠹学院
  小朱书店
  老雷的微博
  《软件调试》
  《格蠹汇编》
  《软件调试(第二版)》
沪ICP备11027180号-1

Windows内核调试

帖子发起人: 特来劲同学   发起时间: 2012-04-10 09:46 上午   回复: 0
高端调试 » 软件调试 » Windows内核调试 » 关于系统映像加载的疑惑,请张老师指点

Print Search
帖子排序:    
   2012-04-10, 09:46 上午
tangyuan1988 离线,最后访问时间: 2012/9/29 9:28:41 特来劲同学

发帖数前25位
注册: 2009-08-28
发 贴: 37
Indifferent [:|] 关于系统映像加载的疑惑,请张老师指点
Reply Quote

MmLoadSystemImage——>MiLoadImageSection(MmMapViewOfSectionMiUnmapViewOfSection?)

为什么在要调用者2个函数呢? 不是很明白,请老师指点下迷津

代码如下:

MiLoadImageSection (

IN OUT PSECTION *InputSectionPointer,

OUT PVOID *ImageBaseAddress,

IN PUNICODE_STRING ImageFileName,

IN ULONG LoadInSessionSpace,

IN PKLDR_DATA_TABLE_ENTRY FoundDataTableEntry

)

{

.

.

FirstPte = MiReserveSystemPtes (NumberOfPtes, SystemPteSpace);

if (FirstPte == NULL) {

MI_INCREMENT_RESIDENT_AVAILABLE (PagesRequired,

MM_RESAVAIL_FREE_LOAD_SYSTEM_IMAGE1);

return STATUS_INSUFFICIENT_RESOURCES;

}

PointerPte = FirstPte;

SystemVa = MiGetVirtualAddressMappedByPte (PointerPte);

.

.

.

.

Process = PsGetCurrentProcess ();

KeStackAttachProcess (&PsInitialSystemProcess->Pcb, &ApcState);

.

.

TargetProcess = PsGetCurrentProcess ();

Status =MmMapViewOfSection (SectionPointer,

TargetProcess,

&Base,

0,

0,

&SectionOffset,

&ViewSize,

ViewUnmap,

0,

PAGE_EXECUTE);

.

.

ControlArea = SectionPointer->Segment->ControlArea;

if ((ControlArea->u.Flags.GlobalOnlyPerSession == 0) &&

(ControlArea->u.Flags.Rom == 0)) {

Subsection = (PSUBSECTION)(ControlArea + 1);

}

else {

Subsection = (PSUBSECTION)((PLARGE_CONTROL_AREA)ControlArea + 1);

}

ASSERT (Subsection->SubsectionBase != NULL);

ProtoPte = Subsection->SubsectionBase;

*ImageBaseAddress = SystemVa;

UserVa = Base;

TempPte = ValidKernelPte;

TempPte.u.Long |= MM_PTE_EXECUTE;

 

LastProto = &Subsection->SubsectionBase[Subsection->PtesInSubsection];

LastPte = PointerPte + NumberOfPtes;

 

ExceptionStatus = STATUS_SUCCESS;

 

while (PointerPte < LastPte) {

 

if (ProtoPte >= LastProto) {

 

Subsection = Subsection->NextSubsection;

ProtoPte = Subsection->SubsectionBase;

LastProto = &Subsection->SubsectionBase[

Subsection->PtesInSubsection];

}

 

PteContents = *ProtoPte;

if ((PteContents.u.Hard.Valid == 1) ||

(PteContents.u.Soft.Protection != MM_NOACCESS)) {

 

ActualPagesUsed += 1;

 

PageFrameIndex = MiAllocatePfn (PointerPte, MM_EXECUTE);

 

TempPte.u.Hard.PageFrameNumber = PageFrameIndex;

MI_WRITE_VALID_PTE (PointerPte, TempPte);

 

ASSERT (MI_PFN_ELEMENT (PageFrameIndex)->u1.WsIndex == 0);

 

try {

 

RtlCopyMemory (SystemVa, UserVa, PAGE_SIZE);

 

} except (MiMapCacheExceptionFilter (&ExceptionStatus,

GetExceptionInformation())) {

.

.

 

}

else {

 

MI_WRITE_ZERO_PTE (PointerPte);

}

 

ProtoPte += 1;

PointerPte += 1;

SystemVa = ((PCHAR)SystemVa + PAGE_SIZE);

UserVa = ((PCHAR)UserVa + PAGE_SIZE);

}

 

Status =MiUnmapViewOfSection(TargetProcess, Base, 0);

 

MmPurgeSection (ControlArea->FilePointer->SectionObjectPointer,

NULL,

0,

FALSE);
IP 地址: 已记录   报告
高端调试 » 软件调试 » Windows内核调试 » 关于系统映像加载的疑惑,请张老师指点

 
Legal Notice Privacy Statement Corporate Governance Corporate Governance
(C)2004-2020 ADVDBG.ORG All Rights Reserved.