0x90属性中的属性名$I30和Scb-＞AttributeName的关系

0x90属性中的属性名$I30和Scb->AttributeName的关系

1: kd> db 0xc431a400+38+60+68
c431a500  90 00 00 00 a8 01 00 00-00 04 18 00 00 00 01 00  ................
c431a510  88 01 00 00 20 00 00 00-24 00 49 00 33 00 30 00  .... ...$.I.3.0.

                NextScb = NtfsCreateScb( IrpContext,
                                         NextFcb,
                                         $INDEX_ALLOCATION,
                                         &NtfsFileNameIndex,
                                         FALSE,
                                         NULL );

./base/fs/ntfs/ntfsdata.c:142:const UNICODE_STRING NtfsFileNameIndex = CONSTANT_UNICODE_STRING( L"$I30" );

PSCB
NtfsCreateScb (
    IN PIRP_CONTEXT IrpContext,
    IN PFCB Fcb,
    IN ATTRIBUTE_TYPE_CODE AttributeTypeCode,
    IN PCUNICODE_STRING AttributeName,
    IN BOOLEAN ReturnExistingOnly,
    OUT PBOOLEAN ReturnedExistingScb OPTIONAL
    )

        //
        //  If the attribute name exists then allocate a buffer for the
        //  attribute name and iniitalize it.
        //

        if (AttributeName->Length != 0) {

            //
            //  The typical case is the $I30 string.  If this matches then
            //  point to a common string.
            //

            if ((AttributeName->Length == NtfsFileNameIndex.Length) &&
                (RtlEqualMemory( AttributeName->Buffer,
                                 NtfsFileNameIndex.Buffer,
                                 AttributeName->Length ) )) {

                Scb->AttributeName = NtfsFileNameIndex;

            } else {

                Scb->AttributeName.Length = AttributeName->Length;
                Scb->AttributeName.MaximumLength = (USHORT)(AttributeName->Length + sizeof( WCHAR ));

                Scb->AttributeName.Buffer = UnwindStorage[1] =
                    NtfsAllocatePool(PagedPool, AttributeName->Length + sizeof( WCHAR ));

                RtlCopyMemory( Scb->AttributeName.Buffer, AttributeName->Buffer, AttributeName->Length );
                Scb->AttributeName.Buffer[AttributeName->Length / sizeof( WCHAR )] = L'\0';
            }
        }

0: kd> dx -r1 ((Ntfs!_SCB *)0x89797ce8)
((Ntfs!_SCB *)0x89797ce8)                 : 0x89797ce8 [Type: _SCB *]
    [+0x000] Header           [Type: _NTFS_ADVANCED_FCB_HEADER]
    [+0x040] FcbLinks         [Type: _LIST_ENTRY]
    [+0x048] Fcb              : 0x898f1e00 [Type: _FCB *]
    [+0x04c] Vcb              : 0x895d5100 [Type: _VCB *]
    [+0x050] ScbState         : 0x100006f0 [Type: unsigned long]
    [+0x054] NonCachedCleanupCount : 0x0 [Type: unsigned long]
    [+0x058] CleanupCount     : 0x0 [Type: unsigned long]
    [+0x05c] CloseCount       : 0x1 [Type: unsigned long]
    [+0x060] ShareAccess      [Type: _SHARE_ACCESS]
    [+0x07c] AttributeTypeCode : 0x80 [Type: unsigned long]
    [+0x080] AttributeName    : "" [Type: _UNICODE_STRING]
    [+0x088] FileObject       : 0x89529610 [Type: _FILE_OBJECT *]
    [+0x08c] NonpagedScb      : 0x898f2830 [Type: _SCB_NONPAGED *]
    [+0x090] Mcb              [Type: _NTFS_MCB]
    [+0x0a8] McbStructs       [Type: NTFS_MCB_INITIAL_STRUCTS]
    [+0x0f0] CompressionUnit  : 0x0 [Type: unsigned long]
    [+0x0f4] AttributeFlags   : 0x0 [Type: unsigned short]
    [+0x0f6] CompressionUnitShift : 0x0 [Type: unsigned char]
    [+0x0f7] PadUchar         : 0x0 [Type: unsigned char]
    [+0x0f8] ValidDataToDisk  : 0 [Type: __int64]
    [+0x100] TotalAllocated   : 10665984 [Type: __int64]
    [+0x108] EofListHead      [Type: _LIST_ENTRY]
    [+0x110] CcbQueue         [Type: _LIST_ENTRY]
    [+0x118] ScbSnapshot      : 0x0 [Type: _SCB_SNAPSHOT *]
    [+0x11c] EncryptionContext : 0x0 [Type: void *]
    [+0x120] EncryptionContextLength : 0x0 [Type: unsigned long]
    [+0x124] ScbPersist       : 0x0 [Type: unsigned long]
    [+0x128] IoAtEofThread    : 0x0 [Type: unsigned long *]
    [+0x130] ScbType          [Type: __unnamed]