nt!FsRtlFindLargeIndex函数分析计算在那个Mapping[(I)]数组中

nt!FsRtlFindLargeIndex函数分析计算在那个Mapping[(I)]数组中

1-3        第一个数组起止

5-8        第二个数组起止

第一部分：

1: kd> kc
 #
00 nt!FsRtlFindLargeIndex
01 nt!FsRtlLookupBaseMcbEntry
02 nt!FsRtlLookupLargeMcbEntry
03 Ntfs!NtfsLookupNtfsMcbEntry
04 Ntfs!NtfsLookupAllocation
05 Ntfs!NtfsPrepareBuffers
06 Ntfs!NtfsNonCachedIo
07 Ntfs!NtfsCommonRead
08 Ntfs!NtfsFsdRead
09 nt!IofCallDriver
0a nt!IopPageReadInternal
0b nt!IoPageRead
0c nt!MiDispatchFault
0d nt!MmAccessFault
0e nt!_KiTrap0E
0f nt!CcMapData
10 Ntfs!NtfsMapStream
11 Ntfs!NtfsReadMftRecord
12 Ntfs!NtfsMountVolume
13 Ntfs!NtfsCommonFileSystemControl
14 Ntfs!NtfsFspDispatch
15 nt!ExpWorkerThread
16 nt!PspSystemThreadStartup
17 nt!KiThreadStartup

1: kd> g
Breakpoint 22 hit
nt!FsRtlLookupBaseMcbEntry:
80a1cd96 55              push    ebp
1: kd> dv
                      Mcb = 0x895c5d14
                 LargeVbn = 0n0
                 LargeLbn = 0xf78d6330
         LargeSectorCount = 0xf78d6348
         LargeStartingLbn = 0x00000000
LargeCountFromStartingLbn = 0x00000000
                    Index = 0x00000000
               LocalIndex = 0x895c5d14

1: kd> dt _NONOPAQUE_BASE_MCB 0x895c5d14
nt!_NONOPAQUE_BASE_MCB
   +0x000 MaximumPairCount : 0xf
   +0x004 PairCount        : 1
   +0x008 PoolType         : 0 ( NonPagedPool )
   +0x00c Mapping          : 0x8950b140 _MAPPING
1: kd> dx -id 0,0,899a2278 -r1 ((ntkrnlmp!_MAPPING *)0x8950b140)
((ntkrnlmp!_MAPPING *)0x8950b140)                 : 0x8950b140 [Type: _MAPPING *]
    [+0x000] NextVbn          : 0x1 [Type: unsigned long]
    [+0x004] Lbn              : 0xc0000 [Type: unsigned long]

1: kd> g
Breakpoint 23 hit
nt!FsRtlFindLargeIndex:
80a1ba54 55              push    ebp
1: kd> dv
            Mcb = 0x895c5d14
            Vbn = 0
          Index = 0xf78d6030
       MinIndex = 0n8

第二部分：

#define StartingVbn(MCB,I) (                                \
    (VBN)((I) == 0 ? 0 : (((MCB)->Mapping))[(I)-1].NextVbn) \
)

#define EndingVbn(MCB,I) (                     \
    (VBN)((((MCB)->Mapping)[(I)].NextVbn) - 1) \
)

第三部分：

    MinIndex = 0;
    MaxIndex = BaseMcb->PairCount - 1;    =0

    while (MinIndex <= MaxIndex) {

        //
        //  Compute the middle index to look at
        //

        MidIndex = ((MaxIndex + MinIndex) / 2);        =0

        if (Vbn < StartingVbn(BaseMcb, MidIndex)) {

            //
            //  Vbn is less than the middle index so we need to drop
            //  the max down
            //

            MaxIndex = MidIndex - 1;

第四部分：

        } else if (Vbn > EndingVbn(BaseMcb, MidIndex)) {

            //
            //  Vbn is greater than the middle index so we need to bring
            //  up the min
            //

            MinIndex = MidIndex + 1;

((MCB)->Mapping)[(I)].NextVbn)    =edx=00000001

1: kd> dt _mapping 0x8950b140
nt!_MAPPING
   +0x000 NextVbn          : 1
   +0x004 Lbn              : 0xc0000
1: kd> p
nt!FsRtlFindLargeIndex+0x38:
80a1ba8c 8b14c2          mov     edx,dword ptr [edx+eax*8]
1: kd> pr
eax=00000000 ebx=00000000 ecx=00000000 edx=00000001 esi=895c5d14 edi=00000001
eip=80a1ba8f esp=f78d5ffc ebp=f78d600c iopl=0         nv up ei pl zr na pe nc
cs=0008  ss=0010  ds=0023  es=0023  fs=0030  gs=0000             efl=00000246
nt!FsRtlFindLargeIndex+0x3b:
80a1ba8f 4a              dec     edx

第五部分：

        } else {

            *Index = MidIndex;        =0

            return TRUE;
        }