全局变量nt!PpDeviceReferenceTable和驱动设备nt!_DEVICE_REFERENCE的关系

全局变量nt!PpDeviceReferenceTable和驱动设备nt!_DEVICE_REFERENCE的关系

0: kd> dt nt!_DEVICE_REFERENCE
+0x000 DeviceObject : Ptr32 _DEVICE_OBJECT
+0x004 DeviceInstance : Ptr32 _UNICODE_STRING

0: kd> x nt!PpDeviceReferenceTable
80b1fa40 nt!PpDeviceReferenceTable = struct _RTL_AVL_TABLE
0: kd> dx -id 0,0,ffffffff80b20320 -r1 (*((ntkrnlmp!_RTL_AVL_TABLE *)0xffffffff80b1fa40))
(*((ntkrnlmp!_RTL_AVL_TABLE *)0xffffffff80b1fa40)) [Type: _RTL_AVL_TABLE]
[+0x000] BalancedRoot [Type: _RTL_BALANCED_LINKS]
[+0x010] OrderedPointer : 0x0 [Type: void *]
[+0x014] WhichOrderedElement : 0x0 [Type: unsigned long]
[+0x018]NumberGenericTableElements : 0x7b[Type: unsigned long]
[+0x01c]DepthOfTree : 0x8[Type: unsigned long]
[+0x020] RestartKey : 0x0 [Type: _RTL_BALANCED_LINKS *]
[+0x024] DeleteCount : 0x0 [Type: unsigned long]
[+0x028] CompareRoutine : 0x80c87772 [Type: _RTL_GENERIC_COMPARE_RESULTS (*)(_RTL_AVL_TABLE *,void *,void *)]
[+0x02c] AllocateRoutine : 0x80c87834 [Type: void * (*)(_RTL_AVL_TABLE *,unsigned long)]
[+0x030] FreeRoutine : 0x80c878de [Type: void (*)(_RTL_AVL_TABLE *,void *)]
[+0x034] TableContext : 0x0 [Type: void *]
0: kd> dx -id 0,0,ffffffff80b20320 -r1 (*((ntkrnlmp!_RTL_BALANCED_LINKS *)0xffffffff80b1fa40))
(*((ntkrnlmp!_RTL_BALANCED_LINKS *)0xffffffff80b1fa40)) [Type: _RTL_BALANCED_LINKS]
[+0x000] Parent : 0x80b1fa40 [Type: _RTL_BALANCED_LINKS *]
[+0x004] LeftChild : 0x0 [Type: _RTL_BALANCED_LINKS *]
[+0x008] RightChild : 0xe129e458 [Type: _RTL_BALANCED_LINKS *]
[+0x00c] Balance : -1 [Type: char]
[+0x00d] Reserved [Type: unsigned char [3]]
0: kd> dx -id 0,0,ffffffff80b20320 -r1 ((ntkrnlmp!_RTL_BALANCED_LINKS *)0xe129e458)
((ntkrnlmp!_RTL_BALANCED_LINKS *)0xe129e458) : 0xe129e458 [Type: _RTL_BALANCED_LINKS *]
[+0x000] Parent : 0x80b1fa40 [Type: _RTL_BALANCED_LINKS *]
[+0x004] LeftChild : 0xe12a61b8 [Type: _RTL_BALANCED_LINKS *]
[+0x008] RightChild : 0xe12872e8 [Type: _RTL_BALANCED_LINKS *]
[+0x00c] Balance : 0 [Type: char]
[+0x00d] Reserved [Type: unsigned char [3]]

0: kd> dt _DEVICE_REFERENCE 0xe129e458+10
nt!_DEVICE_REFERENCE
+0x000 DeviceObject : 0x8988bce0 _DEVICE_OBJECT
+0x004 DeviceInstance : 0x899ffea4 _UNICODE_STRING "PCI\VEN_8086&DEV_7110&SUBSYS_00000000&REV_08\3&61aaa01&0&38"

0: kd> dx -id 0,0,ffffffff80b20320 -r1 ((ntkrnlmp!_RTL_BALANCED_LINKS *)0xe12872e8)
((ntkrnlmp!_RTL_BALANCED_LINKS *)0xe12872e8) : 0xe12872e8 [Type: _RTL_BALANCED_LINKS *]
[+0x000] Parent : 0xe129e458 [Type: _RTL_BALANCED_LINKS *]
[+0x004] LeftChild : 0xe12a44a8 [Type: _RTL_BALANCED_LINKS *]
[+0x008] RightChild : 0xe1286b88 [Type: _RTL_BALANCED_LINKS *]
[+0x00c] Balance : 1 [Type: char]
[+0x00d] Reserved [Type: unsigned char [3]]

0: kd> dt _DEVICE_REFERENCE 0xe12872e8+10
nt!_DEVICE_REFERENCE
+0x000 DeviceObject : 0x89df7de8 _DEVICE_OBJECT
+0x004 DeviceInstance : 0x89df7d24 _UNICODE_STRING "Root\LEGACY_MOUNTMGR\0000"
0: kd> dt _DEVICE_REFERENCE 0xe12a44a8+10
nt!_DEVICE_REFERENCE
+0x000 DeviceObject : 0x89df8ba0 _DEVICE_OBJECT
+0x004 DeviceInstance : 0x89df8adc _UNICODE_STRING "Root\dmio\0000"

0: kd> dx -id 0,0,ffffffff80b20320 -r1 ((ntkrnlmp!_RTL_BALANCED_LINKS *)0xe1286b88)
((ntkrnlmp!_RTL_BALANCED_LINKS *)0xe1286b88) : 0xe1286b88 [Type: _RTL_BALANCED_LINKS *]
[+0x000] Parent : 0xe12872e8 [Type: _RTL_BALANCED_LINKS *]
[+0x004] LeftChild : 0xe12a31f0 [Type: _RTL_BALANCED_LINKS *]
[+0x008] RightChild : 0xe12a81d8 [Type: _RTL_BALANCED_LINKS *]
[+0x00c] Balance : 1 [Type: char]
[+0x00d] Reserved [Type: unsigned char [3]]
0: kd> dt _DEVICE_REFERENCE 0xe12a31f0+10
nt!_DEVICE_REFERENCE
+0x000 DeviceObject : 0x89db7a70 _DEVICE_OBJECT
+0x004 DeviceInstance : 0x89db79ac _UNICODE_STRING "Root\LEGACY_RASACD\0000"
0: kd> dt _DEVICE_REFERENCE 0xe12a81d8+10
nt!_DEVICE_REFERENCE
+0x000 DeviceObject : 0x89db6380 _DEVICE_OBJECT
+0x004 DeviceInstance : 0x89db62bc _UNICODE_STRING "Root\MS_PPTPMINIPORT\0000"
0: kd> dt _DEVICE_REFERENCE 80b1fa40+10
nt!_DEVICE_REFERENCE
+0x000 DeviceObject : (null)
+0x004 DeviceInstance : (null)

第二部分：

0: kd> dx -id 0,0,ffffffff80b20320 -r1 ((ntkrnlmp!_RTL_BALANCED_LINKS *)0xe1363b08)
((ntkrnlmp!_RTL_BALANCED_LINKS *)0xe1363b08) : 0xe1363b08 [Type: _RTL_BALANCED_LINKS *]
[+0x000] Parent : 0xe12a81d8 [Type: _RTL_BALANCED_LINKS *]
[+0x004] LeftChild : 0xe128d3a8 [Type: _RTL_BALANCED_LINKS *]
[+0x008] RightChild : 0xe1581a60 [Type: _RTL_BALANCED_LINKS *]
[+0x00c] Balance : 0 [Type: char]
[+0x00d] Reserved [Type: unsigned char [3]]

0: kd> dt _DEVICE_REFERENCE 0xe128d3a8+10
nt!_DEVICE_REFERENCE
+0x000 DeviceObject : 0x89df5948 _DEVICE_OBJECT
+0x004 DeviceInstance : 0x89df5884 _UNICODE_STRING "Root\RDP_MOU\0000"
0: kd> dx -id 0,0,ffffffff80b20320 -r1 ((ntkrnlmp!_DEVICE_OBJECT *)0x89df5948)
((ntkrnlmp!_DEVICE_OBJECT *)0x89df5948) : 0x89df5948 : Device for "\Driver\PnpManager" [Type: _DEVICE_OBJECT *]
[<Raw View>] [Type: _DEVICE_OBJECT]
Flags : 0x1040
UpperDevices : Immediately above is Device for "\Driver\TermDD" [at 0x8988e8d0]
LowerDevices : None
Driver : 0x89db9d28 : Driver "\Driver\PnpManager" [Type: _DRIVER_OBJECT *]
0: kd> dx -id 0,0,ffffffff80b20320 -r1 -n (*((ntkrnlmp!_DEVICE_OBJECT *)0x89df5948))
(*((ntkrnlmp!_DEVICE_OBJECT *)0x89df5948)) : Device for "\Driver\PnpManager" [Type: _DEVICE_OBJECT]
[+0x000] Type : 3 [Type: short]
[+0x002] Size : 0xc0 [Type: unsigned short]
[+0x004] ReferenceCount : 1 [Type: long]
[+0x008] DriverObject : 0x89db9d28 : Driver "\Driver\PnpManager" [Type: _DRIVER_OBJECT *]
[+0x00c] NextDevice : 0x89df5b98 : Device for "\Driver\PnpManager" [Type: _DEVICE_OBJECT *]
[+0x010] AttachedDevice : 0x8988e8d0 : Device for "\Driver\TermDD" [Type: _DEVICE_OBJECT *]
[+0x014] CurrentIrp : 0x0 [Type: _IRP *]
[+0x018] Timer : 0x0 [Type: _IO_TIMER *]
[+0x01c] Flags : 0x1040 [Type: unsigned long]
[+0x020] Characteristics : 0x180 [Type: unsigned long]
[+0x024] Vpb : 0x0 [Type: _VPB *]
[+0x028] DeviceExtension : 0x89df5a00 [Type: void *]
[+0x02c] DeviceType : 0x4 [Type: unsigned long]
[+0x030] StackSize : 1 [Type: char]
[+0x034] Queue [Type: __unnamed]
[+0x05c] AlignmentRequirement : 0x0 [Type: unsigned long]
[+0x060] DeviceQueue [Type: _KDEVICE_QUEUE]
[+0x074] Dpc [Type: _KDPC]
[+0x094] ActiveThreadCount : 0x0 [Type: unsigned long]
[+0x098] SecurityDescriptor : 0xe12a6f70 [Type: void *]
[+0x09c] DeviceLock [Type: _KEVENT]
[+0x0ac] SectorSize : 0x0 [Type: unsigned short]
[+0x0ae] Spare1 : 0x1 [Type: unsigned short]
[+0x0b0] DeviceObjectExtension : 0x89df5a08 [Type: _DEVOBJ_EXTENSION *]
[+0x0b4] Reserved : 0x0 [Type: void *]
0: kd> dx -id 0,0,ffffffff80b20320 -r1 ((ntkrnlmp!_DEVOBJ_EXTENSION *)0x89df5a08)
((ntkrnlmp!_DEVOBJ_EXTENSION *)0x89df5a08) : 0x89df5a08 [Type: _DEVOBJ_EXTENSION *]
[+0x000] Type : 13 [Type: short]
[+0x002] Size : 0x0 [Type: unsigned short]
[+0x004] DeviceObject : 0x89df5948 : Device for "\Driver\PnpManager" [Type: _DEVICE_OBJECT *]
[+0x008] PowerFlags : 0x0 [Type: unsigned long]
[+0x00c] Dope : 0x0 [Type: _DEVICE_OBJECT_POWER_EXTENSION *]
[+0x010] ExtensionFlags : 0x0 [Type: unsigned long]
[+0x014] DeviceNode : 0x89df57f0 [Type: void *]
[+0x018] AttachedTo : 0x0 [Type: _DEVICE_OBJECT *]
[+0x01c] StartIoCount : 0 [Type: long]
[+0x020] StartIoKey : 0 [Type: long]
[+0x024] StartIoFlags : 0x0 [Type: unsigned long]
[+0x028] Vpb : 0x0 [Type: _VPB *]
0: kd> !devnode 0x89df57f0
DevNode 0x89df57f0 for PDO 0x89df5948
Parent 0x89db9ac0 Sibling 0x89df55a0 Child 0000000000
InstancePath is "Root\RDP_MOU\0000"
ServiceName is "TermDD"
TargetDeviceNotify List - f 0xe141f5a8 b 0xe141f5a8
State = DeviceNodeStarted (0x308)
Previous State = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[07] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[06] = DeviceNodeStarted (0x308)
StateHistory[05] = DeviceNodeStartPostWork (0x307)
StateHistory[04] = DeviceNodeStartCompletion (0x306)
StateHistory[03] = DeviceNodeResourcesAssigned (0x304)
StateHistory[02] = DeviceNodeDriversAdded (0x303)
StateHistory[01] = DeviceNodeInitialized (0x302)
StateHistory[00] = DeviceNodeUninitialized (0x301)
StateHistory[19] = Unknown State (0x0)
StateHistory[18] = Unknown State (0x0)
StateHistory[17] = Unknown State (0x0)
StateHistory[16] = Unknown State (0x0)
StateHistory[15] = Unknown State (0x0)
StateHistory[14] = Unknown State (0x0)
StateHistory[13] = Unknown State (0x0)
StateHistory[12] = Unknown State (0x0)
StateHistory[11] = Unknown State (0x0)
StateHistory[10] = Unknown State (0x0)
StateHistory[09] = Unknown State (0x0)
StateHistory[08] = Unknown State (0x0)
Flags (0x00000131) DNF_MADEUP, DNF_ENUMERATED,
DNF_IDS_QUERIED, DNF_NO_RESOURCE_REQUIRED
UserFlags (0x00000002) DNUF_DONT_SHOW_IN_UI
0: kd> !object \driver\pnpmanage
Object driver\pnpmanage not found
0: kd> !object \driver
Object: e128c230 Type: (89dd5e70) Directory
ObjectHeader: e128c218 (old version)
HandleCount: 0 PointerCount: 68
Directory Object: e1002aa0 Name: Driver

Hash Address Type Name
---- ------- ---- ----
00 89830410 Driver Beep
89a6f2d8 Driver NDIS
89d362c0 Driver KSecDD
01 89c5e478 Driver Mouclass
89879720 Driver Raspti
03 89beecb8 Driver Fips
89b5e6d0 Driver Kbdclass
04 89b0c568 Driver NDProxy
89cb4c18 Driver Compbatt
05 8980f338 Driver Ptilink
899d9e10 Driver MountMgr
06 89d345a0 Driver Processor
07 899d9630 Driver dmload
89db3a88 Driver isapnp
08 89cf9038 Driver redbook
89bd7ae8 Driver atapi
10 897c5768 Driver RasAcd
899d9408 Driver dmio
11 89be7ad0 Driver mouhid
8990bdb0 Driver audstub
89cd5dd0 Driver usbuhci
896cc6d8 Driver Win32k
12 89a9a0d8 Driver usbhub
898fe128 Driver swenum
89a34ea0 Driver rdpdr
13 897c5f38 Driver usbccgp
89830518 Driver RDPCDD
89b9ba50 Driver Update
89bb3a30 Driver RasPppoe
14 899c3e10 Driver TermDD
899d9b58 Driver Ftdisk
15 89b08ac8 Driver Rasl2tp
18 8996d888 Driver PptpMiniport
898fdf38 Driver serenum
899f56b0 Driver crcdisk
89df5180 Driver WMIxWDM
89df5280 Driver ACPI_HAL
21 897c6f38 Driver NetBT
89d38e88 Driver agp440
22 899bd7d8 Driver Cdrom
8987fe10 Driver symmpi
24 897428f8 Driver Wanarp
897b3bc0 Driver Tcpip
89c06038 Driver mnmdd
25 89bd7038 Driver VolSnap
27 89a47550 Driver imapi
89a24190 Driver E1000
8987a168 Driver 274648032
28 89830738 Driver Null
8988cc78 Driver usbehci
29 89824758 Driver IPSec
8987cf38 Driver Disk
899c5910 Driver PCI
30 89890b00 Driver Serial
89a99968 Driver NdisTapi
89a991e8 Driver NdisWan
89bd7be8 Driver PartMgr
31 89819e30 Driver Gpc
32 89db5530 Driver ACPI
33 89db9d28 Driver PnpManager
34 896664b0 Driver Ndisuio
8967a230 Driver AFD
35 897c7698 Driver hidusb
89bd1100 Driver vga
36 89891120 Driver i8042prt
89d34f38 Driver CmBatt
89a30160 Driver IntelIde
0: kd> !object \driver\pnpmanager
Object: 89db9d28 Type: (89df9ac0) Driver
ObjectHeader: 89db9d10 (old version)
HandleCount: 0 PointerCount: 564
Directory Object: e128c230 Name: PnpManager
0: kd> !drvobj 89db9d28
Driver object (89db9d28) is for:
\Driver\PnpManager
Driver Extension List: (id , addr)

Device Object list:
89df54a8 89df56f889df594889df5b98
89df5de8 89df5038 89db6380 89db65d0
89db6820 89db6a70 89db6cc0 89db6f10
89df6258 89df64a8 89df66f8 89df6948
89df6b98 89df6de8 89df6038 89db7380
89db75d0 89db7820 89db7a70 89db7cc0
89db7f10 89df7258 89df74a8 89df76f8
89df7948 89df7b98 89df7de8 89df7038
89db8380 89db85d0 89db8820 89db8a70
89db8cc0 89db8f10 89df8260 89df84b0
89df8700 89df8950 89df8ba0 89df8df0
89db98a0 89db9c00