nt!MiInitializePfn函数分析之nt!MiPfPutPagesInTransition函数的关键一步

第一部分：
VOID
MiInitializePfn (
    IN PFN_NUMBER PageFrameIndex,
    IN PMMPTE PointerPte,
    IN ULONG ModifiedState
    )

1: kd> t
nt!MiInitializePfn:
80a8482e 55              push    ebp
1: kd> kc
 #
00 nt!MiInitializePfn
01 nt!MiPfPutPagesInTransition
02 nt!MmPrefetchPages
03 nt!CcPfPrefetchSections
04 nt!CcPfBootWorker
05 nt!PspSystemThreadStartup
06 nt!KiThreadStartup

1: kd> dv
 PageFrameIndex = 0x7b19b
     PointerPte = 0xe13a70a0
  ModifiedState = 0

1: kd> dd 0xe13a70a0
e13a70a0  f930e4d4

    Pfn1 = MI_PFN_ELEMENT (PageFrameIndex);
    Pfn1->PteAddress = PointerPte;            关键代码1：

1: kd> dd 81000000+0x7b19b*18
81b8a688  00000000 001ec66c 00000000 00003000
81b8a698  0007b15b 03ffffff

1: kd> p
nt!MiInitializePfn+0x46:
80a84874 895e04          mov     dword ptr [esi+4],ebx
1: kd> r
eax=001714d1 ebx=e13a70a0 ecx=81000000 edx=81000000 esi=81b8a688 edi=00000000

    Pfn1->PteAddress = PointerPte;            之后：

1: kd> dd 81000000+0x7b19b*18
81b8a688  00000000 e13a70a0 00000000 00003000
81b8a698  0007b15b 03ffffff

第二部分：

    if (PointerPte->u.Hard.Valid == 1) {

    }
    else {
        Pfn1->OriginalPte = *PointerPte;                    关键代码2：
        ASSERT (!((Pfn1->OriginalPte.u.Soft.Prototype == 0) &&
                    (Pfn1->OriginalPte.u.Soft.Transition == 1)));
    }

1: kd> dd e13a70a0
e13a70a0  f930e4d4

        Pfn1->OriginalPte = *PointerPte;    之后：    
1: kd> dd 81000000+0x7b19b*18
81b8a688  00000000 e13a70a0 00000000 00003000
81b8a698  f930e4d4 03ffffff

第三部分：

    ASSERT (Pfn1->u3.e2.ReferenceCount == 0);
    Pfn1->u3.e2.ReferenceCount += 1;

    Pfn1->u2.ShareCount += 1;
    Pfn1->u3.e1.PageLocation = ActiveAndValid;
    Pfn1->u3.e1.CacheAttribute = MiCached;        关键代码3：

typedef enum _MI_PFN_CACHE_ATTRIBUTE {
    MiNonCached,                    0
    MiCached,                    1
    MiWriteCombined,                2
    MiNotMapped                    3
} MI_PFN_CACHE_ATTRIBUTE, *PMI_PFN_CACHE_ATTRIBUTE;

1: kd> dd 81000000+0x7b19b*18
81b8a688  00000000 e13a70a0 00000000 00003000
81b8a698  f930e4d4 03ffffff

    Pfn1->u3.e1.CacheAttribute = MiCached;之后：

1: kd> dd 81000000+0x7b19b*18
81b8a688  00000000 e13a70a0 00000001 00013000
81b8a698  f930e4d4 03ffffff

第四部分：

#define MI_SET_MODIFIED(_Pfn, _NewValue, _CallerId)             \
            ASSERT ((_Pfn)->u3.e1.Rom == 0);                    \
            MI_SNAP_DIRTY (_Pfn, _NewValue, _CallerId);         \
            if ((_NewValue) != 0) {                             \
                MI_STAMP_MODIFIED (_Pfn, _CallerId);            \
            }                                                   \
            (_Pfn)->u3.e1.Modified = (_NewValue);

#if 0
#define MI_STAMP_MODIFIED(Pfn,id)   (Pfn)->u4.Reserved = (id);
#else
#define MI_STAMP_MODIFIED(Pfn,id)            没有定义
#endif

1: kd> dv
 PageFrameIndex = 0x7b19b
     PointerPte = 0xe13a70a0
  ModifiedState = 0

    if (ModifiedState == 1) {
        MI_SET_MODIFIED (Pfn1, 1, 0xB);
    }
    else {
        MI_SET_MODIFIED (Pfn1, 0, 0x26);        
    }

1: kd> dd 81000000+0x7b19b*18
81b8a688  00000000 e13a70a0 00000001 00011600
81b8a698  f930e4d4 03ffffff

第五部分：

    //
    // Determine the page frame number of the page table page which
    // contains this PTE.
    确定包含此PTE的页表页的页帧号。

    PteFramePointer = MiGetPteAddress(PointerPte);

#define MiGetPteAddress(va) ((PMMPTE)(((((ULONG)(va)) >> 12) << 2) + PTE_BASE))

1: kd> !pte 0xe13a70a0
                 VA e13a70a0
PDE at C0300E10         PTE at C0384E9C
contains 0A1C0963       contains 007D8963
pfn a1c0  -G-DA--KWEV   pfn 7d8   -G-DA--KWEV

1: kd> dd C0384E9C
c0384e9c  007d8963

    PteFramePointer = MiGetPteAddress(PointerPte);    =edi=c0384e9c
    if (PteFramePointer->u.Hard.Valid == 0) {

1: kd> p
nt!MiInitializePfn+0x10d:
80a8493b f60701          test    byte ptr [edi],1
1: kd> r
eax=00011600 ebx=e13a70a0 ecx=81000000 edx=81000000 esi=81b8a688 edi=c0384e9c

第六部分：

#define MI_GET_PAGE_FRAME_FROM_PTE(PTE) ((PTE)->u.Hard.PageFrameNumber)

    PteFramePage = MI_GET_PAGE_FRAME_FROM_PTE (PteFramePointer);    007d8
    ASSERT (PteFramePage != 0);
    Pfn1->u4.PteFrame = PteFramePage;                    关键代码4：
    

1: kd> dd 81000000+0x7b19b*18
81b8a688  00000000 e13a70a0 00000001 00011600
81b8a698  f930e4d4 03ffffff

1: kd> dd 0xe13a70a0
e13a70a0  f930e4d4

1: kd> dd 81000000+0x7b19b*18
81b8a688  00000000 e13a70a0 00000001 00011600
81b8a698  f930e4d4 000007d8                7d8的由来！！！

7d8的由来！！！    

1: kd> !pte 0xe13a70a0
                 VA e13a70a0
PDE at C0300E10         PTE at C0384E9C
contains 0A1C0963       contains 007D8963
pfn a1c0  -G-DA--KWEV   pfn 7d8   -G-DA--KWEV

1: kd> !dc 7d80a0
#  7d80a0 f930e4d4 00000000 0c020002 74536d4d ..0.........MmSt        

e13a70a0和f930e4d4和000007d8三者的密切关系

0xe13a70a0和C0384E9C的一致性：

1: kd> !pte 0xe13a70a0
                 VA e13a70a0
PDE at C0300E10         PTE at C0384E9C
contains 0A1C0963       contains 007D8963
pfn a1c0  -G-DA--KWEV   pfn 7d8   -G-DA--KWEV

1: kd> !pte c0384e9c
                 VA e13a7000
PDE at C0300E10         PTE at C0384E9C
contains 0A1C0963       contains 007D8963
pfn a1c0  -G-DA--KWEV   pfn 7d8   -G-DA--KWEV

第七部分：
    //
    // Increment the share count for the page table page containing
    // this PTE.
    //

    Pfn2 = MI_PFN_ELEMENT (PteFramePage);

    Pfn2->u2.ShareCount += 1;

1: kd> dd 81000000+7d8*18
8100bc40  00000371 c0384e9c 000000c5 00021601
8100bc50  00000080 a000a1c0

1: kd> dd 81000000+7d8*18
8100bc40  00000371 c0384e9c 000000c6 00021601
8100bc50  00000080 a000a1c0

1: kd> !dc 0x7b19b000
#7b19b000 00000000 00000000 00000000 00000000 ................
#7b19b010 00000000 00000000 00000000 00000000 ................
#7b19b020 00000000 00000000 00000000 00000000 ................
#7b19b030 00000000 00000000 00000000 00000000 ................