nt!_SECTION_OBJECT_POINTERS
+0x000 DataSectionObject : 0x84b38388 Void
+0x004 SharedCacheMap : 0x84e52458 Void
+0x008 ImageSectionObject : 0x84a1a228 Void
DataSectionObject和SharedCacheMap里面对应的cache物理地址一样。ImageSectionObject的独立
kd> !ca 84b38388
ControlArea @ 84b38388
Segment e168ed98 Flink 00000000 Blink 00000000
Section Ref 2 Pfn Ref e Mapped Views 2
User Ref 2 WaitForDel 0 Flush Count 0
File Object 84c8c818 ModWriteCount 0 System Views 1
WritableRefs 0
Flags (8008080) File WasPurged Accessed
File: \WINDOWS\system32\mys.dll
Segment @ e168ed98
ControlArea 84b38388 ExtendInfo 00000000
Total Ptes 40
WriteUserRef 0 SizeOfSegment 40000
Committed 0 PTE Template a3373cd0
Based Addr 0 Image Base 0
Subsection 1 @ 84b383c0
ControlArea 84b38388 Starting Sector 0 Number Of Sectors 33
Base Pte e1743e48 Ptes In Subsect 33 Unused Ptes 0
Flags 60 Sector Offset 0 Protection 6
Flink 00000000 Blink 8504ac00 MappedViews 2
SubsectionDataFlags 1
Subsection 2 @ 846b8578
ControlArea 84b38388 Starting Sector 33 Number Of Sectors d
Base Pte e1d0b000 Ptes In Subsect d Unused Ptes 3f3
Flags 60 Sector Offset 0 Protection 6
Flink 00000000 Blink 00000000 MappedViews 1
SubsectionDataFlags 1
kd> !fileobj 84c8c818
\WINDOWS\system32\mys.dll
Device Object: 0x84aa8850 \Driver\Ftdisk
Vpb: 0x847581d8
Event signalled
Access: Read SharedRead
Flags: 0x1c0042
Synchronous IO
Cache Supported
Handle Created
Fast IO Read
Random Access
FsContext: 0xe167b800FsContext2: 0xe1d01230
Private Cache Map: 0x84e52530
CurrentByteOffset: e7f0
Cache Data:
Section Object Pointers: 84705b44
Shared Cache Map: 84e52458 File Offset: e7f0 in VACB number 0 //_FILE_OBJECT->CurrentByteOffset ==e7f0
Vacb: 84fb21e8
Your data is at: d5fce7f0
kd> dt _file_object 84c8c818
nt!_FILE_OBJECT
+0x000 Type : 0n5
+0x002 Size : 0n112
+0x004 DeviceObject : 0x84aa8850 _DEVICE_OBJECT
+0x008 Vpb : 0x847581d8 _VPB
+0x00c FsContext : 0xe167b800 Void
+0x010 FsContext2 : 0xe1d01230 Void
+0x014 SectionObjectPointer : 0x84705b44 _SECTION_OBJECT_POINTERS
+0x018 PrivateCacheMap : 0x84e52530 Void
+0x01c FinalStatus : 0n0
+0x020 RelatedFileObject : (null)
+0x024 LockOperation : 0 ''
+0x025 DeletePending : 0 ''
+0x026 ReadAccess : 0x1 ''
+0x027 WriteAccess : 0 ''
+0x028 DeleteAccess : 0 ''
+0x029 SharedRead : 0x1 ''
+0x02a SharedWrite : 0 ''
+0x02b SharedDelete : 0 ''
+0x02c Flags : 0x1c0042
+0x030 FileName : _UNICODE_STRING "\WINDOWS\system32\mys.dll"
+0x038 CurrentByteOffset : _LARGE_INTEGER 0xe7f0
+0x040 Waiters : 0
+0x044 Busy : 0
+0x048 LastLock : (null)
+0x04c Lock : _KEVENT
+0x05c Event : _KEVENT
+0x06c CompletionContext : (null)
kd> dt _PRIVATE_CACHE_MAP 0x84e52530 //这个结构只是描述下ahead read
nt!_PRIVATE_CACHE_MAP
+0x000 NodeTypeCode : 0n766
+0x000 Flags : _PRIVATE_CACHE_MAP_FLAGS
+0x000 UlongFlags : 0x2fe
+0x004 ReadAheadMask : 0xffff
+0x008 FileObject : 0x84c8c818 _FILE_OBJECT
+0x010 FileOffset1 : _LARGE_INTEGER 0xe400
+0x018 BeyondLastByte1 : _LARGE_INTEGER 0xe408
+0x020 FileOffset2 : _LARGE_INTEGER 0xe7e0
+0x028 BeyondLastByte2 : _LARGE_INTEGER 0xe7f0
+0x030 ReadAheadOffset : [2] _LARGE_INTEGER 0x0
+0x040 ReadAheadLength : [2] 0
+0x048 ReadAheadSpinLock : 0
+0x04c PrivateLinks : _LIST_ENTRY [ 0x84e524f0 - 0x84e524f0 ]
kd> dt 84705b44 _SECTION_OBJECT_POINTERS
nt!_SECTION_OBJECT_POINTERS
+0x000 DataSectionObject : 0x84b38388 Void
+0x004 SharedCacheMap : 0x84e52458 Void
+0x008 ImageSectionObject : 0x84a1a228 Void
kd> dt _SHARED_CACHE_MAP 0x84e52458
nt!_SHARED_CACHE_MAP
+0x000 NodeTypeCode : 0n767
+0x002 NodeByteSize : 0n304
+0x004 OpenCount : 1
+0x008 FileSize : _LARGE_INTEGER 0x33000
+0x010 BcbList : _LIST_ENTRY [ 0x84e52468 - 0x84e52468 ]
+0x018 SectionSize : _LARGE_INTEGER 0x40000
+0x020 ValidDataLength : _LARGE_INTEGER 0x33000
+0x028 ValidDataGoal : _LARGE_INTEGER 0x33000
+0x030 InitialVacbs : [4] 0x84fb21e8 _VACB
+0x040 Vacbs : 0x84e52488 -> 0x84fb21e8 _VACB
+0x044 FileObject : 0x84c8c818 _FILE_OBJECT
+0x048 ActiveVacb : (null)
+0x04c NeedToZero : (null)
+0x050 ActivePage : 0
+0x054 NeedToZeroPage : 0
+0x058 ActiveVacbSpinLock : 0
+0x05c VacbActiveCount : 0
+0x060 DirtyPages : 0
+0x064 SharedCacheMapLinks : _LIST_ENTRY [ 0x84caf984 - 0x84e4c06c ]
+0x06c Flags : 0x1000
+0x070 Status : 0n0
+0x074 Mbcb : (null)
+0x078 Section : 0xe1d057a0 Void
+0x07c CreateEvent : (null)
+0x080 WaitOnActiveCount : (null)
+0x084 PagesToWrite : 0
+0x088 BeyondLastFlush : 0n0
+0x090 Callbacks : 0xf725c62c _CACHE_MANAGER_CALLBACKS
+0x094 LazyWriteContext : 0xe167b800 Void
+0x098 PrivateList : _LIST_ENTRY [ 0x84e5257c - 0x84e5257c ]
+0x0a0 LogHandle : (null)
+0x0a4 FlushToLsnRoutine : (null)
+0x0a8 DirtyPageThreshold : 0
+0x0ac LazyWritePassCount : 0
+0x0b0 UninitializeEvent : (null)
+0x0b4 NeedToZeroVacb : (null)
+0x0b8 BcbSpinLock : 0
+0x0bc Reserved : (null)
+0x0c0 Event : _KEVENT
+0x0d0 VacbPushLock : _EX_PUSH_LOCK
+0x0d8 PrivateCacheMap : _PRIVATE_CACHE_MAP
kd> dt 0x84fb21e8 _VACB
nt!_VACB
+0x000 BaseAddress : 0xd5fc0000 Void
+0x004 SharedCacheMap : 0x84e52458 _SHARED_CACHE_MAP
+0x008 Overlay : __unnamed
+0x010 LruList : _LIST_ENTRY [ 0x84fb1460 - 0x84fb1ef8 ]
kd> !pte e1743e48 1
VA e1743e48
PDE at E1743E48 PTE at E1743E48
contains 13083921 contains 13083921
pfn 13083 -G--A--KREV pfn 13083 -G--A--KREV//13083物理地址
kd> !db 13083 <<c
#13083000 4d 5a 90 00 03 00 00 00-04 00 00 00 ff ff 00 00 MZ..............
#13083010 b8 00 00 00 00 00 00 00-40 00 00 00 00 00 00 00 ........@.......
#13083020 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
#13083030 00 00 00 00 00 00 00 00-00 00 00 00 f8 00 00 00 ................
#13083040 0e 1f ba 0e 00 b4 09 cd-21 b8 01 4c cd 21 54 68 ........!..L.!Th
#13083050 69 73 20 70 72 6f 67 72-61 6d 20 63 61 6e 6e 6f is program canno
#13083060 74 20 62 65 20 72 75 6e-20 69 6e 20 44 4f 53 20 t be run in DOS
#13083070 6d 6f 64 65 2e 0d 0d 0a-24 00 00 00 00 00 00 00 mode....$.......
kd> !pte d5fce7f0
VA d5fce7f0
PDE at C0300D5C PTE at C0357F38
contains 17C6A963 contains 13084921
pfn 17c6a -G-DA--KWEV pfn 13084 -G--A--KREV //13084物理地址
kd> !pte d5fce7f0-e7f0
VA d5fc0000
PDE at C0300D5C PTE at C0357F00
contains 17C6A963 contains 13083921
pfn 17c6a -G-DA--KWEV pfn 13083 -G--A--KREV //13083物理地址13083
//image ca
kd> !ca 0x84a1a228
ControlArea @ 84a1a228
Segment e167cda8 Flink 00000000 Blink 00000000
Section Ref 0 Pfn Ref 26 Mapped Views 1
User Ref 1 WaitForDel 0 Flush Count 0
File Object 84a1a1b0 ModWriteCount 0 System Views 0
WritableRefs 0
Flags (80000a0) Image File Accessed
File: \WINDOWS\system32\mys.dll
Segment @ e167cda8
ControlArea 84a1a228 BasedAddress 5ffb0000
Total Ptes 36
WriteUserRef 0 SizeOfSegment 36000
Committed 0 PTE Template a2192c38
Based Addr 5ffb0000 Image Base 0
Image Commit 2 Image Info e167cebc
ProtoPtes e167cde0
Subsection 1 @ 84a1a260
ControlArea 84a1a228 Starting Sector 0 Number Of Sectors 2
Base Pte e167cde0 Ptes In Subsect 1 Unused Ptes 0
Flags 11 Sector Offset 0 Protection 1
Subsection 2 @ 84a1a280
ControlArea 84a1a228 Starting Sector 2 Number Of Sectors 6d
Base Pte e167cde4 Ptes In Subsect e Unused Ptes 0
Flags 31 Sector Offset 0 Protection 3
Subsection 3 @ 84a1a2a0
ControlArea 84a1a228 Starting Sector 6f Number Of Sectors 2
Base Pte e167ce1c Ptes In Subsect 2 Unused Ptes 0
Flags 51 Sector Offset 0 Protection 5
Subsection 4 @ 84a1a2c0
ControlArea 84a1a228 Starting Sector 71 Number Of Sectors 118
Base Pte e167ce24 Ptes In Subsect 23 Unused Ptes 0
Flags 11 Sector Offset 0 Protection 1
Subsection 5 @ 84a1a2e0
ControlArea 84a1a228 Starting Sector 189 Number Of Sectors f
Base Pte e167ceb0 Ptes In Subsect 2 Unused Ptes 0
Flags 11 Sector Offset 0 Protection 1
kd> !pte e167cde0 1
VA e167cde0
PDE at E167CDE0 PTE at E167CDE0
contains 15F20121 contains 15F20121
pfn 15f20 -G--A--KREV pfn 15f20 -G--A--KREV//15f20物理地址
kd> dt _PRIVATE_CACHE_MAP 0x84e52530 //这个结构只是描述下ahead read
nt!_PRIVATE_CACHE_MAP
+0x000 NodeTypeCode : 0n766
+0x000 Flags : _PRIVATE_CACHE_MAP_FLAGS
+0x000 UlongFlags : 0x2fe
+0x004 ReadAheadMask : 0xffff
+0x008 FileObject : 0x84c8c818 _FILE_OBJECT
+0x010 FileOffset1 : _LARGE_INTEGER 0xe400
+0x018 BeyondLastByte1 : _LARGE_INTEGER 0xe408
+0x020 FileOffset2 : _LARGE_INTEGER 0xe7e0
+0x028 BeyondLastByte2 : _LARGE_INTEGER 0xe7f0
+0x030 ReadAheadOffset : [2] _LARGE_INTEGER 0x0
+0x040 ReadAheadLength : [2] 0
+0x048 ReadAheadSpinLock : 0
+0x04c PrivateLinks : _LIST_ENTRY [ 0x84e524f0 - 0x84e524f0 ]
kd> dd ccvacbs //ccvacbs是系统的vacb数组
8089d268 84fb1000 00000000 00000000 00000000
kd> dd CcBeyondVacbs
8089d258 84fcdc50 //这是结尾
kd> dd CcNumberVacbs
8089d28c 0000132e //个数
CcNumberVacbs = (MmSizeOfSystemCacheInPages >> (VACB_OFFSET_SHIFT - PAGE_SHIFT)) - 2;
CcVacbFreeList 把ccvacbs里面所有空闲的vacb连接起来
CcVacbLru 链表就把正在使用的连接起来
CcGetVacbMiss {}//当没vacb时
{
if (!IsListEmpty(&CcVacbFreeList)) {
Vacb = CONTAINING_RECORD( CcVacbFreeList.Flink, VACB, LruList );
CcMoveVacbToReuseTail( Vacb ); //将VAC从原来的链表(CcVacbLru)中拿出来,加入CcVacbLru链表
} else {使用LRU算法找出一个vacb释放掉来使用}
}
PS:在ccopyread中发现要读的buffer还没cache时,就会调用MmMapViewInSystemCache ,但在这个函数调用完了后
那个内存还是可能不能使用的,里面指向原型pte,对应subsection.最后访问还是依靠page fault来把内容读到内存来。。
//84fb21e8这个是上面fileobject->_SECTION_OBJECT_POINTERS->SharedCacheMap->InitialVacbs[0]的值
kd> dt _vacb 84fb21e8
nt!_VACB
+0x000 BaseAddress : 0xd5fc0000 Void
+0x004 SharedCacheMap : 0x84e52458 _SHARED_CACHE_MAP
+0x008 Overlay : __unnamed
+0x010 LruList : _LIST_ENTRY [ 0x84fb1460 - 0x84fb1ef8 ]//链表链起来