新建菜单项的创建之CmpGetValueListFromCache函数分析

第一部分：

PCELL_DATA

CmpGetValueListFromCache(

IN PHHIVE Hive,

IN PCACHED_CHILD_LIST ChildList,

OUT BOOLEAN *IndexCached,

OUT PHCELL_INDEX ValueListToRelease

)

0: kd> dv

KeyControlBlock = 0xe115f5b0

Index = 2

KeyValueInformationClass = KeyValueFullInformation (0n1)

KeyValueInformation = 0x00fad9bc

ChildList = 0xe119a7c4

0: kd> dv

KeyControlBlock = 0xe115f5b0

Index = 2

KeyValueInformationClass = KeyValueFullInformation (0n1)

0: kd> dx -r1 ((ntkrnlmp!_CM_KEY_CONTROL_BLOCK *)0xe115f5b0)

((ntkrnlmp!_CM_KEY_CONTROL_BLOCK *)0xe115f5b0) : 0xe115f5b0 [Type: _CM_KEY_CONTROL_BLOCK *]

+0x024\] ValueCache \[Type: _CACHED_CHILD_LIST

0: kd> dx -r1 (*((ntkrnlmp!_CACHED_CHILD_LIST *)0xe115f5d4))

(*((ntkrnlmp!_CACHED_CHILD_LIST *)0xe115f5d4)) [Type: _CACHED_CHILD_LIST]

+0x000\] Count : 0x8 \[Type: unsigned long

+0x004\] ValueList : 0xe119a7c1 \[Type: unsigned long

+0x004\] RealKcb : 0xe119a7c1 \[Type: _CM_KEY_CONTROL_BLOCK \*

参考头文件：CMP_GET_CACHED_CELLDATA cmdata.h (base\ntos\inc)

#define CMP_GET_CACHED_CELLDATA(Cell) (&(((PCM_CACHED_VALUE_INDEX)(((ULONG_PTR) (Cell)) & ~CMP_CELL_CACHED_MASK))->Data.CellData))

0: kd> dt CM_CACHED_VALUE_INDEX 0xe119a7c0

nt!CM_CACHED_VALUE_INDEX

+0x000 CellIndex : 0x78420

+0x004 Data : __unnamed

0: kd> dx -id 0,0,89589d88 -r1 (*((ntkrnlmp!__unnamed *)0xe119a7c4))

(*((ntkrnlmp!__unnamed *)0xe119a7c4)) [Type: __unnamed]

+0x000\] CellData \[Type: _CELL_DATA

+0x000\] List \[Type: unsigned long \[1\]

0: kd> dx -id 0,0,89589d88 -r1 (*((ntkrnlmp!_CELL_DATA *)0xe119a7c4))

(*((ntkrnlmp!_CELL_DATA *)0xe119a7c4)) [Type: _CELL_DATA]

+0x000\] u \[Type: _u

0: kd> dx -id 0,0,89589d88 -r1 (*((ntkrnlmp!_u *)0xe119a7c4))

(*((ntkrnlmp!_u *)0xe119a7c4)) [Type: _u]

+0x000\] KeyNode \[Type: _CM_KEY_NODE

+0x000\] KeyValue \[Type: _CM_KEY_VALUE

+0x000\] KeySecurity \[Type: _CM_KEY_SECURITY

+0x000\] KeyIndex \[Type: _CM_KEY_INDEX

+0x000\] ValueData \[Type: _CM_BIG_DATA

+0x000\] KeyList \[Type: unsigned long \[1\]

+0x000\] KeyString \[Type: unsigned short \[1\]

第二部分：

0: kd> dt CELL_DATA 0xe119a7c4

nt!CELL_DATA

+0x000 u : _u

0: kd> dx -id 0,0,89589d88 -r1 (*((ntkrnlmp!_u *)0xe119a7c4))

(*((ntkrnlmp!_u *)0xe119a7c4)) [Type: _u]

+0x000\] KeyNode \[Type: _CM_KEY_NODE

+0x000\] KeyValue \[Type: _CM_KEY_VALUE

+0x000\] KeySecurity \[Type: _CM_KEY_SECURITY

+0x000\] KeyIndex \[Type: _CM_KEY_INDEX

+0x000\] ValueData \[Type: _CM_BIG_DATA

+0x000\] KeyList \[Type: unsigned long \[1\]

+0x000\] KeyString \[Type: unsigned short \[1\]

0: kd> dd 0xe119a7c4 8个键值

e119a7c4 e19d0809 e19efc39 e11657a1 e116ace9

e119a7d4 e16c5b21 e19a8e81 e17a4711 e10ae231

0: kd> db e10ae259

e10ae259 00 24 00 76 6b 10 00 a0-03 00 00 20 a0 05 00 03 .$.vk...... ....

e10ae269 00 00 00 01 00 b2 b2 57-6f 72 64 70 61 64 20 44 .......Wordpad D

e10ae279 6f 63 75 6d 65 6e 74 06-04 02 00 4f 62 53 71 a9 ocument....ObSq.

e10ae289 e5 87 e1 79 68 98 e1 02-04 0f 0c 43 4d 56 49 70 ...yh......CMVIp

e10ae299 9b 06 00 91 22 88 e1 79-82 73 e1 51 ee 7b e1 a1 ...."..y.s.Q.{..

e10ae2a9 5e 9a e1 a9 c0 06 e1 b9-e5 87 e1 f9 7a 41 e1 81 ^...........zA..

e10ae2b9 67 83 e1 a1 13 79 e1 b9-bb 96 e1 79 c1 06 e1 a9 g....y.....y....

e10ae2c9 c8 77 e1 11 c5 2b e1 69-13 79 e1 b1 2e 88 e1 a1 .w...+.i.y......

0: kd> db e19efc39

e19efc39 00 24 00 76 6b 0c 00 a0-03 00 00 98 a7 05 00 03 .$.vk...........

e19efc49 00 00 00 01 00 b2 b2 42-69 74 6d 61 70 20 49 6d .......Bitmap Im

e19efc59 61 67 65 b2 b2 b2 b2 00-00 00 00 00 00 00 00 00 age.............

e19efc69 00 00 00 00 00 42 00 69-00 74 00 6d 00 61 00 70 .....B.i.t.m.a.p

e19efc79 00 20 00 49 00 6d 00 61-00 67 00 65 00 00 00 00 . .I.m.a.g.e....

e19efc89 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

e19efc99 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

e19efca9 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

0: kd> db e19d0809

e19d0809 00 24 00 76 6b 09 00 a0-03 00 00 88 9b 05 00 03 .$.vk...........

e19d0819 00 00 00 01 00 b2 b2 42-72 69 65 66 63 61 73 65 .......Briefcase

e19d0829 b2 b2 b2 b2 b2 b2 b2 00-00 00 00 00 00 00 00 00 ................

e19d0839 00 00 00 00 00 42 00 72-00 69 00 65 00 66 00 63 .....B.r.i.e.f.c

e19d0849 00 61 00 73 00 65 00 00-00 00 00 00 00 00 00 00 .a.s.e..........

e19d0859 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

e19d0869 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

e19d0879 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

0: kd> db e116ace9

e116ace9 00 2c 00 76 6b 12 00 a0-03 00 00 c8 a3 05 00 03 .,.vk...........

e116acf9 00 00 00 01 00 b2 b2 52-69 63 68 20 54 65 78 74 .......Rich Text

e116ad09 20 44 6f 63 75 6d 65 6e-74 b2 b2 b2 b2 b2 b2 07 Document.......

e116ad19 06 12 0c 47 6c 61 40 78-00 00 00 a8 f2 82 e1 10 ...Gla@x........

e116ad29 bc 96 e1 70 7c 09 e1 8e-02 10 71 00 00 00 00 00 ...p|.....q.....

e116ad39 00 00 80 00 00 00 00 07-00 00 00 00 00 00 00 00 ................

e116ad49 00 00 00 14 00 00 80 25-03 00 00 58 0e 90 00 00 .......%...X....

e116ad59 00 00 00 ff ff ff 00 00-00 00 00 00 00 00 00 01 ................

0: kd> db e16c5b21

e16c5b21 00 24 00 76 6b 0d 00 a0-03 00 00 20 b0 05 00 03 .$.vk...... ....

e16c5b31 00 00 00 01 00 b2 b2 54-65 78 74 20 44 6f 63 75 .......Text Docu

e16c5b41 6d 65 6e 74 b2 b2 b2 06-08 02 00 43 4d 4e e2 a1 ment.......CMN..

e16c5b51 64 18 e1 71 4d 16 e1 02-08 06 0c 43 4d 56 61 00 d..qM......CMVa.

e16c5b61 00 24 00 76 6b 0c 00 1e-00 00 00 58 33 00 00 01 .$.vk......X3...

e16c5b71 00 00 00 01 00 b2 b2 43-6f 6e 74 65 6e 74 20 54 .......Content T

e16c5b81 79 70 65 b2 b2 b2 b2 06-08 07 1c 43 4d 70 62 01 ype........CMpb.

e16c5b91 00 00 00 34 8f 49 e1 54-4e 9c e1 74 43 86 e1 7c ...4.I.TN..tC..|

0: kd> db e19a8e81

e19a8e81 00 34 00 76 6b 1a 00 a0-03 00 00 50 a9 06 00 03 .4.vk......P....

e19a8e91 00 00 00 01 00 b2 b2 43-6f 6d 70 72 65 73 73 65 .......Compresse

e19a8ea1 64 20 28 7a 69 70 70 65-64 29 20 46 6f 6c 64 65 d (zipped) Folde

e19a8eb1 72 b2 b2 b2 b2 b2 b2 08-04 08 04 43 4d 4e e2 20 r..........CMN.

e19a8ec1 62 7b e1 3f 9a ce 0f 84-41 61 e1 26 00 7b 36 35 b{.?....Aa.&.{65

e19a8ed1 34 33 39 43 32 30 2d 36-30 34 46 2d 34 39 43 41 439C20-604F-49CA

e19a8ee1 2d 41 41 38 32 2d 44 43-30 31 41 31 30 41 46 31 -AA82-DC01A10AF1

e19a8ef1 37 31 7d 15 00 00 00 08-04 01 00 4f 62 4e 6d 01 71}........ObNm.

0: kd> db e17a4711

e17a4711 00 24 00 76 6b 0a 00 18-00 00 00 f8 ac 05 00 03 .$.vk...........

e17a4721 00 00 00 01 00 b2 b2 7e-72 65 73 65 72 76 65 64 .......~reserved

e17a4731 7e b2 b2 b2 b2 b2 b2 18-00 00 00 01 00 01 00 e9 ~...............

e17a4741 07 01 00 03 00 0f 00 0d-00 28 00 0a 00 0d 03 09 .........(......

e17a4751 06 01 00 4e 74 66 63 01-06 05 0c 43 4d 56 61 00 ...Ntfc....CMVa.

e17a4761 00 1c 00 76 6b 07 00 18-00 00 00 80 68 01 00 01 ...vk.......h...

e17a4771 00 00 00 01 00 b2 b2 49-6e 66 50 61 74 68 b2 05 .......InfPath..

e17a4781 06 06 0c 43 4d 56 61 00-00 24 00 76 6b 0e 00 08 ...CMVa..$.vk...

0: kd> db e10ae231

e10ae231 00 1c 00 76 6b 08 00 04-00 00 80 09 04 00 00 04 ...vk...........

e10ae241 00 00 00 01 00 b2 b2 4c-61 6e 67 75 61 67 65 05 .......Language.

e10ae251 04 06 0c 43 4d 56 61 00-00 24 00 76 6b 10 00 a0 ...CMVa..$.vk...

e10ae261 03 00 00 20 a0 05 00 03-00 00 00 01 00 b2 b2 57 ... ...........W

e10ae271 6f 72 64 70 61 64 20 44-6f 63 75 6d 65 6e 74 06 ordpad Document.

e10ae281 04 02 00 4f 62 53 71 a9-e5 87 e1 79 68 98 e1 02 ...ObSq....yh...

e10ae291 04 0f 0c 43 4d 56 49 70-9b 06 00 91 22 88 e1 79 ...CMVIp...."..y

e10ae2a1 82 73 e1 51 ee 7b e1 a1-5e 9a e1 a9 c0 06 e1 b9 .s.Q.{..^.......