第一部分:
0: kd> kc
00 Ntfs!FindFirstIndexEntry
01 Ntfs!NtfsRestartIndexEnumeration
02 Ntfs!NtfsQueryDirectory
03 Ntfs!NtfsCommonDirectoryControl
04 Ntfs!NtfsFsdDirectoryControl
05 nt!IofCallDriver
06 nt!IopSynchronousServiceTail
07 nt!NtQueryDirectoryFile
08 nt!_KiSystemService
09 nt!ZwQueryDirectoryFile
0a nt!CcPfPrefetchDirectoryContents
0b nt!CcPfPrefetchMetadata
0c nt!CcPfBootWorker
0d nt!PspSystemThreadStartup
0e nt!KiThreadStartup
第二部分:
//
// Otherwise, read the index buffer pointed to by the current
// Index Entry.
//
ReadIndexBuffer( IrpContext,
Scb,
NtfsIndexEntryBlock((Sp-1)->IndexEntry),
FALSE,
Sp );
0: kd> dv
IrpContext = 0xf793291c
Scb = 0xe13523a8
Value = 0xe13559b0
IndexContext = 0xe1352348
0: kd> dx -r1 ((Ntfs!_INDEX_LOOKUP_STACK *)0xe1352388)
((Ntfs!_INDEX_LOOKUP_STACK *)0xe1352388) : 0xe1352388 [Type: _INDEX_LOOKUP_STACK *]
+0x000\] Bcb : 0x0 \[Type: void \*
+0x004\] StartOfBuffer : 0xc1241400 \[Type: void \*
+0x008\] IndexHeader : 0xc1241580 \[Type: _INDEX_HEADER \*
+0x00c\] IndexEntry : 0xc1241590 \[Type: _INDEX_ENTRY \*
+0x010\] IndexBlock : 0 \[Type: __int64
+0x018\] CapturedLsn : {135165098} \[Type: _LARGE_INTEGER
0: kd> dt Ntfs!_INDEX_LOOKUP_STACK 0xe1352388+20
+0x000 Bcb : 0x899880d9 Void
+0x004 StartOfBuffer : 0xc14c0000 Void
+0x008 IndexHeader : 0xc14c0018 _INDEX_HEADER
+0x00c IndexEntry : 0xc14c0058 _INDEX_ENTRY
+0x010 IndexBlock : 0n0
+0x018 CapturedLsn : _LARGE_INTEGER 0x766987d
0: kd> dt Ntfs!_INDEX_LOOKUP_STACK 0xe1352388+20*2
+0x000 Bcb : (null)
+0x004 StartOfBuffer : (null)
+0x008 IndexHeader : (null)
+0x00c IndexEntry : (null)
+0x010 IndexBlock : 0n0
+0x018 CapturedLsn : _LARGE_INTEGER 0x0