ACPI!ParsePackageLen函数分析--非常重要

ACPI!ParsePackageLen函数分析--非常重要

ACPI!ParseScope函数的作用就是分析opcode后调用PushTerm函数建立帧

然后调用parseterm函数处理帧。

while (!IsStackEmpty(pctxt))

{

CHKDEBUGGERREQ();

pfh = (PFRAMEHDR)pctxt->LocalHeap.pbHeapEnd;

ASSERT(pfh->pfnParse != NULL);

rc = pfh->pfnParse(pctxt, pfh, rc);

0: kd> p

eax=8997de00 ebx=f743a948 ecx=8997c000 edx=00000014 esi=8997c000 edi=8997de20

eip=f741d80d esp=f789a144 ebp=f789a158 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!RunContext+0xfd:

f741d80d 837f0c00 cmp dword ptr [edi+0Ch],0 ds:0023:8997de2c={ACPI!ParseTerm (f7427a34)}

0: kd> kc

00 ACPI!ParseTerm

01 ACPI!RunContext

02 ACPI!InsertReadyQueue

03 ACPI!RestartContext

04 ACPI!SyncLoadDDB

05 ACPI!AMLILoadDDB

06 ACPI!ACPIInitializeDDB

07 ACPI!ACPIInitializeDDBs

08 ACPI!ACPIInitialize

09 ACPI!ACPIInitStartACPI

0a ACPI!ACPIRootIrpStartDevice

0b ACPI!ACPIDispatchIrp

0c nt!IofCallDriver

0d nt!IopSynchronousCall

0e nt!IopStartDevice

0f nt!PipProcessStartPhase1

10 nt!PipProcessDevNodeTree

11 nt!PipDeviceActionWorker

12 nt!PipRequestDeviceAction

13 nt!IopInitializeBootDrivers

14 nt!IoInitSystem

15 nt!Phase1Initialization

16 nt!PspSystemThreadStartup

17 nt!KiThreadStartup

0: kd> dv

pctxt = 0x8997c000

pterm = 0x8997de20

rc = 0n0

if (pterm->pamlterm->dwfOpcode & OF_VARIABLE_LIST)

{

ParsePackageLen(&pctxt->pbOp, &pterm->pbOpEnd);

}

DWORD LOCAL ParsePackageLen(PBYTE *ppbOp, PBYTE *ppbOpNext)

{

DWORD dwLen;

BYTE bFollowCnt, i;

ENTER((2, "ParsePackageLen(pbOp=%x,ppbOpNext=%x)\n", *ppbOp, ppbOpNext));

if (ppbOpNext != NULL)

*ppbOpNext = *ppbOp;

dwLen = (DWORD)(**ppbOp);

(*ppbOp)++;

bFollowCnt = (BYTE)((dwLen & 0xc0) >> 6);

if (bFollowCnt != 0)

{

dwLen &= 0x0000000f;

for (i = 0; i < bFollowCnt; ++i)

{

dwLen |= (DWORD)(**ppbOp) << (i*8 + 4);

(*ppbOp)++;

}

}

if (ppbOpNext != NULL)

*ppbOpNext += dwLen;

EXIT((2, "ParsePackageLen=%x (pbOp=%x,pbOpNext=%x)\n",

dwLen, *ppbOp, ppbOpNext? *ppbOpNext: 0));

return dwLen;

} //ParsePackageLen

0: kd> t

eax=8997c03c ebx=8997c000 ecx=8997c000 edx=00000014 esi=8997de20 edi=00000000

eip=f74266a0 esp=f789a118 ebp=f789a130 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

ACPI!ParsePackageLen:

f74266a0 55 push ebp

0: kd> kc

00 ACPI!ParsePackageLen

01 ACPI!ParseTerm

02 ACPI!RunContext

03 ACPI!InsertReadyQueue

04 ACPI!RestartContext

05 ACPI!SyncLoadDDB

06 ACPI!AMLILoadDDB

07 ACPI!ACPIInitializeDDB

08 ACPI!ACPIInitializeDDBs

09 ACPI!ACPIInitialize

0a ACPI!ACPIInitStartACPI

0b ACPI!ACPIRootIrpStartDevice

0c ACPI!ACPIDispatchIrp

0d nt!IofCallDriver

0e nt!IopSynchronousCall

0f nt!IopStartDevice

10 nt!PipProcessStartPhase1

11 nt!PipProcessDevNodeTree

12 nt!PipDeviceActionWorker

13 nt!PipRequestDeviceAction

14 nt!IopInitializeBootDrivers

15 nt!IoInitSystem

16 nt!Phase1Initialization

17 nt!PspSystemThreadStartup

18 nt!KiThreadStartup

0: kd> dv

ppbOp = 0x8997c03c

ppbOpNext = 0x8997de34

0: kd> dd 0x8997c03c

8997c03c f74c8cbd 00000000 00000000 00000000

8997c04c 00000000 00000000 f741eeb5 00000000

8997c05c f789a1bc 000a0008 00000000 8997c068

8997c06c 8997c068 00000000 00000000 00000000

8997c07c 00000000 00000000 00000000 01000013

8997c08c 00000000 00000000 f741eff5 8997c000

8997c09c 00000000 00000000 00000000 899af000

8997c0ac 00000000 00000000 00000000 00000000

0: kd> db f74c8cbd

f74c8cbd 46 58 49 53 41 5f 08 5f-41 44 52 0c 00 00 07 00 FXISA_._ADR.....

f74c8ccd 5b 82 4a 14 4d 42 52 44-08 5f 48 49 44 0c 41 d0 [.J.MBRD._HID.A.

if (ppbOpNext != NULL)

*ppbOpNext = *ppbOp;

0: kd> dv

ppbOp = 0x8997c03c

ppbOpNext = 0x8997de34

0: kd> dx -id 0,0,899a2278 -r1 ((ACPI!unsigned char * *)0x8997de34)

((ACPI!unsigned char * *)0x8997de34) : 0x8997de34 [Type: unsigned char * *]

0xf74c8cbd : 0x46 [Type: unsigned char *]

0: kd> p

eax=f74c8cbd ebx=8997de34 ecx=8997c000 edx=00000014 esi=8997c03c edi=00000000

eip=f74266e1 esp=f789a108 ebp=f789a114 iopl=0 nv up ei ng nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282

ACPI!ParsePackageLen+0x41:

f74266e1 0fb638 movzx edi,byte ptr [eax] ds:0023:f74c8cbd=46

0: kd> p

eax=f74c8cbd ebx=8997de34 ecx=8997c000 edx=00000014 esi=8997c03c edi=00000046

eip=f74266e4 esp=f789a108 ebp=f789a114 iopl=0 nv up ei ng nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282

ACPI!ParsePackageLen+0x44:

f74266e4 8bd7 mov edx,edi

0: kd> p

eax=f74c8cbd ebx=8997de34 ecx=8997c000 edx=00000046 esi=8997c03c edi=00000046

eip=f74266e6 esp=f789a108 ebp=f789a114 iopl=0 nv up ei ng nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282

ACPI!ParsePackageLen+0x46:

f74266e6 40 inc eax

0: kd> p

eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000046 esi=8997c03c edi=00000046

eip=f74266e7 esp=f789a108 ebp=f789a114 iopl=0 nv up ei ng nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286

ACPI!ParsePackageLen+0x47:

f74266e7 c1ea06 shr edx,6

0: kd> p

eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000046

eip=f74266ea esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

ACPI!ParsePackageLen+0x4a:

f74266ea 80e203 and dl,3

0: kd> p

eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000046

eip=f74266ed esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

ACPI!ParsePackageLen+0x4d:

f74266ed 8906 mov dword ptr [esi],eax ds:0023:8997c03c=f74c8cbd

0: kd> p

eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000046

eip=f74266ef esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

ACPI!ParsePackageLen+0x4f:

f74266ef 7428 je ACPI!ParsePackageLen+0x79 (f7426719) [br=0]

0: kd> p

eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000046

eip=f74266f1 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

ACPI!ParsePackageLen+0x51:

f74266f1 83e70f and edi,0Fh

0: kd> p

eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000006

eip=f74266f4 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

ACPI!ParsePackageLen+0x54:

f74266f4 84d2 test dl,dl

0: kd> p

eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000006

eip=f74266f6 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

ACPI!ParsePackageLen+0x56:

f74266f6 7621 jbe ACPI!ParsePackageLen+0x79 (f7426719) [br=0]

0: kd> p

eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000006

eip=f74266f8 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

ACPI!ParsePackageLen+0x58:

f74266f8 c7450804000000 mov dword ptr [ebp+8],4 ss:0010:f789a11c=8997c03c

0: kd> p

eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000006

eip=f74266ff esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

ACPI!ParsePackageLen+0x5f:

f74266ff 0fb6d2 movzx edx,dl

0: kd> p

eax=f74c8cbe ebx=8997de34 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000006

eip=f7426702 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

ACPI!ParsePackageLen+0x62:

f7426702 0fb618 movzx ebx,byte ptr [eax] ds:0023:f74c8cbe=58

0: kd> p

eax=f74c8cbe ebx=00000058 ecx=8997c000 edx=00000001 esi=8997c03c edi=00000006

eip=f7426705 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

ACPI!ParsePackageLen+0x65:

f7426705 8b4d08 mov ecx,dword ptr [ebp+8] ss:0010:f789a11c=00000004

0: kd> p

eax=f74c8cbe ebx=00000058 ecx=00000004 edx=00000001 esi=8997c03c edi=00000006

eip=f7426708 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

ACPI!ParsePackageLen+0x68:

f7426708 83450808 add dword ptr [ebp+8],8 ss:0010:f789a11c=00000004

0: kd> p

eax=f74c8cbe ebx=00000058 ecx=00000004 edx=00000001 esi=8997c03c edi=00000006

eip=f742670c esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

ACPI!ParsePackageLen+0x6c:

f742670c d3e3 shl ebx,cl

0: kd> p

eax=f74c8cbe ebx=00000580 ecx=00000004 edx=00000001 esi=8997c03c edi=00000006

eip=f742670e esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

ACPI!ParsePackageLen+0x6e:

f742670e 0bfb or edi,ebx

0: kd> p

eax=f74c8cbe ebx=00000580 ecx=00000004 edx=00000001 esi=8997c03c edi=00000586

eip=f7426710 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

ACPI!ParsePackageLen+0x70:

f7426710 40 inc eax

0: kd> p

eax=f74c8cbf ebx=00000580 ecx=00000004 edx=00000001 esi=8997c03c edi=00000586

eip=f7426711 esp=f789a108 ebp=f789a114 iopl=0 nv up ei ng nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282

ACPI!ParsePackageLen+0x71:

f7426711 4a dec edx

0: kd> db f74c8cbf

f74c8cbf 49 53 41 5f 08 5f 41 44-52 0c 00 00 07 00 5b 82 ISA_._ADR.....[.

f74c8ccf 4a 14 4d 42 52 44 08 5f-48 49 44 0c 41 d0 0c 02 J.MBRD._HID.A...

f74c8cdf 08 5f 55 49 44 0a 1f 08-52 53 52 43 11 46 0b 0a ._UID...RSRC.F..

f74c8cef b2 47 01 10 00 10 00 01-10 47 01 24 00 24 00 01 .G.......G....

f74c8cff 02 47 01 28 00 28 00 01-02 47 01 2c 00 2c 00 01 .G.(.(...G.,.,..

f74c8d0f 02 47 01 2e 00 2e 00 01-02 47 01 30 00 30 00 01 .G.......G.0.0..

f74c8d1f 02 47 01 34 00 34 00 01-02 47 01 38 00 38 00 01 .G.4.4...G.8.8..

f74c8d2f 02 47 01 3c 00 3c 00 01-02 47 01 50 00 50 00 01 .G.<.<...G.P.P..

0: kd> p

eax=f74c8cbf ebx=00000580 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586

eip=f7426712 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!ParsePackageLen+0x72:

f7426712 8906 mov dword ptr [esi],eax ds:0023:8997c03c=f74c8cbe

0: kd> p

eax=f74c8cbf ebx=00000580 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586

eip=f7426714 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!ParsePackageLen+0x74:

f7426714 75ec jne ACPI!ParsePackageLen+0x62 (f7426702) [br=0]

0: kd> p

eax=f74c8cbf ebx=00000580 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586

eip=f7426716 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!ParsePackageLen+0x76:

f7426716 8b5d0c mov ebx,dword ptr [ebp+0Ch] ss:0010:f789a120=8997de34

0: kd> p

eax=f74c8cbf ebx=8997de34 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586

eip=f7426719 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!ParsePackageLen+0x79:

f7426719 85db test ebx,ebx

0: kd> p

eax=f74c8cbf ebx=8997de34 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586

eip=f742671b esp=f789a108 ebp=f789a114 iopl=0 nv up ei ng nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282

ACPI!ParsePackageLen+0x7b:

f742671b 7402 je ACPI!ParsePackageLen+0x7f (f742671f) [br=0]

0: kd> p

eax=f74c8cbf ebx=8997de34 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586

eip=f742671d esp=f789a108 ebp=f789a114 iopl=0 nv up ei ng nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282

ACPI!ParsePackageLen+0x7d:

f742671d 013b add dword ptr [ebx],edi ds:0023:8997de34=f74c8cbd

0: kd> dd 8997de34

8997de34 f74c8cbd f74c92a2 f7438df0 00000000

8997de44 00000000 00000001 899b0af4 8997c040

8997de54 504f4353 00000028 00000001 f74274fd

8997de64 f74c92a2 00000000 899af0f0 899af330

8997de74 899af000 8997c040 4d524554 00000034

8997de84 00000003 f7427a34 f74c77f6 f74c92a2

8997de94 f74c96c5 f7438df0 899affac 00000001

8997dea4 00000001 899af520 8997c040 504f4353

0: kd> dd f74c8cbd+00000586

f74c9243 502f825b 085f5257 5244415f 0700030c

f74c9253 50805b00 025f4943 600a400a 5013815b

f74c9263 035f4943 41424d50 26400020 41424253

f74c9273 1b825b20 5f425355 44415f08 00020c52

f74c9283 5f080007 12575250 080a0206 825b010a

f74c9293 4544490f 415f085f 010c5244 14000700

f74c92a3 4f564927 7d700243 e90b797d 00100a40

f74c92b3 080a6879 00690000 5f032f5c 505f4253

0: kd> ? f74c8cbd+00000586

Evaluate expression: -145976765 = f74c9243

0: kd> dv

ppbOp = 0x0000000c

ppbOpNext = 0x8997de34

0: kd> p

eax=f74c8cbf ebx=8997de34 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586

eip=f742671f esp=f789a108 ebp=f789a114 iopl=0 nv up ei ng nz ac po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000292

ACPI!ParsePackageLen+0x7f:

f742671f ff0dbcb143f7 dec dword ptr [ACPI!giIndent (f743b1bc)] ds:0023:f743b1bc=00000007

0: kd> p

eax=f74c8cbf ebx=8997de34 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586

eip=f7426725 esp=f789a108 ebp=f789a114 iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

ACPI!ParsePackageLen+0x85:

f7426725 6a00 push 0

0: kd> p

eax=f74c8cbf ebx=8997de34 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586

eip=f7426727 esp=f789a104 ebp=f789a114 iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

ACPI!ParsePackageLen+0x87:

f7426727 68146943f7 push offset ACPI!`string' (f7436914)

0: kd> p

eax=f74c8cbf ebx=8997de34 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586

eip=f742672c esp=f789a100 ebp=f789a114 iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

ACPI!ParsePackageLen+0x8c:

f742672c 6a02 push 2

0: kd> p

eax=f74c8cbf ebx=8997de34 ecx=00000004 edx=00000000 esi=8997c03c edi=00000586

eip=f742672e esp=f789a0fc ebp=f789a114 iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

ACPI!ParsePackageLen+0x8e:

f742672e e80182ffff call ACPI!IsTraceOn (f741e934)

0: kd> p

eax=00000586 ebx=8997c000 ecx=00000004 edx=00000000 esi=8997de20 edi=00000000

eip=f7427b26 esp=f789a11c ebp=f789a130 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ACPI!ParseTerm+0xf2:

f7427b26 59 pop ecx

0: kd> dv

pctxt = 0x8997c000

pterm = 0x8997de20

rc = 0n0

0: kd> dx -id 0,0,899a2278 -r1 ((ACPI!_term *)0x8997de20)

((ACPI!_term *)0x8997de20) : 0x8997de20 [Type: _term *]

+0x000\] FrameHdr \[Type: _framehdr

+0x010\] pbOpTerm : 0xf74c8cbb : 0x5b \[Type: unsigned char \*

+0x014\] pbOpEnd : 0xf74c9243 : 0x5b \[Type: unsigned char \*

+0x018\] pbScopeEnd : 0xf74c92a2 : 0x14 \[Type: unsigned char \*

+0x01c\] pamlterm : 0xf7438df0 \[Type: _amlterm \*

+0x020\] pnsObj : 0x0 \[Type: _NSObj \*

+0x024\] iArg : 0 \[Type: int

+0x028\] icArgs : 1 \[Type: int

+0x02c\] pdataArgs : 0x899b0af4 \[Type: _ObjData \*

+0x030\] pdataResult : 0x8997c040 \[Type: _ObjData \*

0: kd> dx -id 0,0,899a2278 -r1 ((ACPI!_ctxt *)0x8997c000)

((ACPI!_ctxt *)0x8997c000) : 0x8997c000 [Type: _ctxt *]

+0x000\] dwSig : 0x54585443 \[Type: unsigned long

+0x004\] pbCtxtEnd : 0x8997e000 : 0x54 \[Type: unsigned char \*

+0x008\] listCtxt \[Type: _List

+0x010\] listQueue \[Type: _List

+0x018\] pplistCtxtQueue : 0x0 \[Type: _List \* \*

+0x01c\] plistResources : 0x0 \[Type: _List \*

+0x020\] dwfCtxt : 0x10 \[Type: unsigned long

+0x024\] pnsObj : 0x0 \[Type: _NSObj \*

+0x028\] pnsScope : 0x899affac \[Type: _NSObj \*

+0x02c\] powner : 0x899af330 \[Type: _objowner \*

+0x030\] pcall : 0x8997df34 \[Type: _call \*

+0x034\] pnctxt : 0x0 \[Type: _nestedctxt \*

+0x038\] dwSyncLevel : 0x0 \[Type: unsigned long

+0x03c\] pbOp : 0xf74c8cbf : 0x49 \[Type: unsigned char \*

+0x040\] Result \[Type: _ObjData

+0x054\] pfnAsyncCallBack : 0xf741eeb5 \[Type: void (__cdecl\*)(_NSObj \*,long,_ObjData \*,void \*)

+0x058\] pdataCallBack : 0x0 \[Type: _ObjData \*

+0x05c\] pvContext : 0xf789a1bc \[Type: void \*

+0x060\] Timer \[Type: _KTIMER

+0x088\] Dpc \[Type: _KDPC

+0x0a8\] pheapCurrent : 0x899af000 \[Type: _heap \*

+0x0ac\] CtxtData \[Type: _ctxtdata

+0x0bc\] LocalHeap \[Type: _heap

0: kd> db 0xf74c8cbf-10

f74c8caf 50 5f 08 5f 41 44 52 0c-00 00 01 00 5b 82 46 58 P_._ADR.....[.FX

f74c8cbf 49 53 41 5f 08 5f 41 44-52 0c 00 00 07 00 5b 82 ISA_._ADR.....[.

46 58 算出的长度是0x586 取100 0110 的前6位，第7位是1，下面还有1个字节！！

加起来是0x586！！！

46 58 59 算出的长度是0x586 取1000 0110 的前6位，第8位是1，下面还有2个字节！！

加起来是0x59586！！！