nt!IopInitializePlugPlayServices函数调用后nt!PpDeviceReferenceTable最左叶子节点是根节点HTREE\ROOT\0

nt!IopInitializePlugPlayServices函数调用后nt!PpDeviceReferenceTable最左叶子节点是根节点HTREE\ROOT\0

0: kd> g
Breakpoint 1 hit
nt!IopInitializePlugPlayServices:
80e67f60 55 push ebp
1: kd> kc
#
00 nt!IopInitializePlugPlayServices
01 nt!IoInitSystem
02 nt!Phase1Initialization
03 nt!PspSystemThreadStartup
04 nt!KiThreadStartup
1: kd> x nt!PpDeviceReferenceTable
80b1fa40 nt!PpDeviceReferenceTable = struct _RTL_AVL_TABLE
1: kd> dx -id 0,0,ffffffff89dd5240 -r1 (*((ntkrnlmp!_RTL_AVL_TABLE *)0xffffffff80b1fa40))
(*((ntkrnlmp!_RTL_AVL_TABLE *)0xffffffff80b1fa40)) [Type: _RTL_AVL_TABLE]
[+0x000] BalancedRoot [Type: _RTL_BALANCED_LINKS]
[+0x010] OrderedPointer : 0x0 [Type: void *]
[+0x014] WhichOrderedElement : 0x0 [Type: unsigned long]
[+0x018] NumberGenericTableElements : 0x0 [Type: unsigned long]
[+0x01c] DepthOfTree : 0x0 [Type: unsigned long]
[+0x020] RestartKey : 0x0 [Type: _RTL_BALANCED_LINKS *]
[+0x024] DeleteCount : 0x0 [Type: unsigned long]
[+0x028] CompareRoutine : 0x80c87772 [Type: _RTL_GENERIC_COMPARE_RESULTS (*)(_RTL_AVL_TABLE *,void *,void *)]
[+0x02c] AllocateRoutine : 0x80c87834 [Type: void * (*)(_RTL_AVL_TABLE *,unsigned long)]
[+0x030] FreeRoutine : 0x80c878de [Type: void (*)(_RTL_AVL_TABLE *,void *)]
[+0x034] TableContext : 0x0 [Type: void *]
1: kd> gu
nt!IoInitSystem+0x68f:
80e6554b 85c0 test eax,eax
1: kd> x nt!PpDeviceReferenceTable
80b1fa40 nt!PpDeviceReferenceTable = struct _RTL_AVL_TABLE
1: kd> dx -id 0,0,ffffffff89dd5240 -r1 (*((ntkrnlmp!_RTL_AVL_TABLE *)0xffffffff80b1fa40))
(*((ntkrnlmp!_RTL_AVL_TABLE *)0xffffffff80b1fa40)) [Type: _RTL_AVL_TABLE]
[+0x000] BalancedRoot [Type: _RTL_BALANCED_LINKS]
[+0x010] OrderedPointer : 0x0 [Type: void *]
[+0x014] WhichOrderedElement : 0x0 [Type: unsigned long]
[+0x018] NumberGenericTableElements : 0x2e [Type: unsigned long]
[+0x01c] DepthOfTree : 0x6 [Type: unsigned long]
[+0x020] RestartKey : 0x0 [Type: _RTL_BALANCED_LINKS *]
[+0x024] DeleteCount : 0x0 [Type: unsigned long]
[+0x028] CompareRoutine : 0x80c87772 [Type: _RTL_GENERIC_COMPARE_RESULTS (*)(_RTL_AVL_TABLE *,void *,void *)]
[+0x02c] AllocateRoutine : 0x80c87834 [Type: void * (*)(_RTL_AVL_TABLE *,unsigned long)]
[+0x030] FreeRoutine : 0x80c878de [Type: void (*)(_RTL_AVL_TABLE *,void *)]
[+0x034] TableContext : 0x0 [Type: void *]

1: kd> kc
#
00 nt!IoInitSystem
01 nt!Phase1Initialization
02 nt!PspSystemThreadStartup
03 nt!KiThreadStartup
1: kd> kv
# ChildEBP RetAddr Args to Child
00 f789a838 80e632fd 80077000 00000000 89dd4020 nt!IoInitSystem+0x68f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\io\iomgr\ioinit.c @ 599]
01 f789adac 80d391f0 80077000 00000000 00000000 nt!Phase1Initialization+0x9b3 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\init\init.c @ 2221]
02 f789addc 80b00d52 80e6294a 80077000 00000000 nt!PspSystemThreadStartup+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ps\create.c @ 2213]
03 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 [d:\srv03rtm\base\ntos\ke\i386\threadbg.asm @ 81]

1: kd> x nt!PpDeviceReferenceTable
80b1fa40 nt!PpDeviceReferenceTable = struct _RTL_AVL_TABLE
1: kd> dx -id 0,0,ffffffff89dd5240 -r1 (*((ntkrnlmp!_RTL_AVL_TABLE *)0xffffffff80b1fa40))
(*((ntkrnlmp!_RTL_AVL_TABLE *)0xffffffff80b1fa40)) [Type: _RTL_AVL_TABLE]
[+0x000] BalancedRoot [Type: _RTL_BALANCED_LINKS]
[+0x010] OrderedPointer : 0x0 [Type: void *]
[+0x014] WhichOrderedElement : 0x0 [Type: unsigned long]
[+0x018] NumberGenericTableElements : 0x2e [Type: unsigned long]
[+0x01c] DepthOfTree : 0x6 [Type: unsigned long]
[+0x020] RestartKey : 0x0 [Type: _RTL_BALANCED_LINKS *]
[+0x024] DeleteCount : 0x0 [Type: unsigned long]
[+0x028] CompareRoutine : 0x80c87772 [Type: _RTL_GENERIC_COMPARE_RESULTS (*)(_RTL_AVL_TABLE *,void *,void *)]
[+0x02c] AllocateRoutine : 0x80c87834 [Type: void * (*)(_RTL_AVL_TABLE *,unsigned long)]
[+0x030] FreeRoutine : 0x80c878de [Type: void (*)(_RTL_AVL_TABLE *,void *)]
[+0x034] TableContext : 0x0 [Type: void *]
1: kd> dx -id 0,0,ffffffff89dd5240 -r1 (*((ntkrnlmp!_RTL_BALANCED_LINKS *)0xffffffff80b1fa40))
(*((ntkrnlmp!_RTL_BALANCED_LINKS *)0xffffffff80b1fa40)) [Type: _RTL_BALANCED_LINKS]
[+0x000] Parent : 0x80b1fa40 [Type: _RTL_BALANCED_LINKS *]
[+0x004] LeftChild : 0x0 [Type: _RTL_BALANCED_LINKS *]
[+0x008] RightChild : 0xe129f320 [Type: _RTL_BALANCED_LINKS *]
[+0x00c] Balance : -1 [Type: char]
[+0x00d] Reserved [Type: unsigned char [3]]
1: kd> dx -id 0,0,ffffffff89dd5240 -r1 ((ntkrnlmp!_RTL_BALANCED_LINKS *)0xe129f320)
((ntkrnlmp!_RTL_BALANCED_LINKS *)0xe129f320) : 0xe129f320 [Type: _RTL_BALANCED_LINKS *]
[+0x000] Parent : 0x80b1fa40 [Type: _RTL_BALANCED_LINKS *]
[+0x004] LeftChild : 0xe12a54a8 [Type: _RTL_BALANCED_LINKS *]
[+0x008] RightChild : 0xe128a5e8 [Type: _RTL_BALANCED_LINKS *]
[+0x00c] Balance : 1 [Type: char]
[+0x00d] Reserved [Type: unsigned char [3]]
1: kd> dx -id 0,0,ffffffff89dd5240 -r1 ((ntkrnlmp!_RTL_BALANCED_LINKS *)0xe12a54a8)
((ntkrnlmp!_RTL_BALANCED_LINKS *)0xe12a54a8) : 0xe12a54a8 [Type: _RTL_BALANCED_LINKS *]
[+0x000] Parent : 0xe129f320 [Type: _RTL_BALANCED_LINKS *]
[+0x004] LeftChild : 0xe12925f0 [Type: _RTL_BALANCED_LINKS *]
[+0x008] RightChild : 0xe128c1e0 [Type: _RTL_BALANCED_LINKS *]
[+0x00c] Balance : 0 [Type: char]
[+0x00d] Reserved [Type: unsigned char [3]]
1: kd> dx -id 0,0,ffffffff89dd5240 -r1 ((ntkrnlmp!_RTL_BALANCED_LINKS *)0xe12925f0)
((ntkrnlmp!_RTL_BALANCED_LINKS *)0xe12925f0) : 0xe12925f0 [Type: _RTL_BALANCED_LINKS *]
[+0x000] Parent : 0xe12a54a8 [Type: _RTL_BALANCED_LINKS *]
[+0x004] LeftChild : 0xe12883e0 [Type: _RTL_BALANCED_LINKS *]
[+0x008] RightChild : 0xe129c4d8 [Type: _RTL_BALANCED_LINKS *]
[+0x00c] Balance : 0 [Type: char]
[+0x00d] Reserved [Type: unsigned char [3]]
1: kd> dx -id 0,0,ffffffff89dd5240 -r1 ((ntkrnlmp!_RTL_BALANCED_LINKS *)0xe12883e0)
((ntkrnlmp!_RTL_BALANCED_LINKS *)0xe12883e0) : 0xe12883e0 [Type: _RTL_BALANCED_LINKS *]
[+0x000] Parent : 0xe12925f0 [Type: _RTL_BALANCED_LINKS *]
[+0x004] LeftChild : 0xe12896e0 [Type: _RTL_BALANCED_LINKS *]
[+0x008] RightChild : 0xe12896c0 [Type: _RTL_BALANCED_LINKS *]
[+0x00c] Balance : 0 [Type: char]
[+0x00d] Reserved [Type: unsigned char [3]]
1: kd> dx -id 0,0,ffffffff89dd5240 -r1 ((ntkrnlmp!_RTL_BALANCED_LINKS *)0xe12896e0)
((ntkrnlmp!_RTL_BALANCED_LINKS *)0xe12896e0) : 0xe12896e0 [Type: _RTL_BALANCED_LINKS *]
[+0x000] Parent : 0xe12883e0 [Type: _RTL_BALANCED_LINKS *]
[+0x004] LeftChild : 0x0 [Type: _RTL_BALANCED_LINKS *]
[+0x008] RightChild : 0x0 [Type: _RTL_BALANCED_LINKS *]
[+0x00c] Balance : 0 [Type: char]
[+0x00d] Reserved [Type: unsigned char [3]]
1: kd> dt _DEVICE_REFERENCE 0xe12896e0+10
nt!_DEVICE_REFERENCE
+0x000 DeviceObject : 0x89db9c00 _DEVICE_OBJECT
+0x004 DeviceInstance : 0x89db9b54 _UNICODE_STRING "HTREE\ROOT\0"