当前位置：首页 > news >正文

setupldr!SlGetDisk函数分析和WIN51IS文件内容=Windows

news 2026/5/11 23:39:59

kd> kc 4
#
00 setupldr!SlGetDisk
01 setupldr!SlInit
02 setupldr!BlStartup
03 setupldr!NtProcessStartup
kd> dv
Filename = 0x00325850 "ntkrnlmp.exe"
FileId = 8
DiskName = 0x00325850 "ntkrnlmp.exe"
PlatformSpecificSection = char [128] "l=2"

kd> x setupldr!ElToritoCDBoot
003437a0 setupldr!ElToritoCDBoot = 0x01 ''

strcpy(PlatformSpecificSection,FilesSectionName);
strcat(PlatformSpecificSection,PlatformExtension);

#if defined(ELTORITO)
if (ElToritoCDBoot) {
// for Cd boot we use the setup media path instead of a boot-media-specific path
DiskNumber = SlGetSectionKeyIndex(InfFile,PlatformSpecificSection,Filename,0);
}

kd> dv
INFHandle = 0x8007b0d8
SectionName = 0x00060b30 "SourceDisksFiles.x86"
Key = 0x00325850 "ntkrnlmp.exe"
ValueIndex = 0

[SourceDisksFiles.x86]
agp440.sys = 1,,,,,,,4,1
update.sys = 1,,,,,,,4,0,0,,1,4
mnmdd.sys = 1,,,,,,,4,0,0,,1,4
wmvcore.dll =1,,,,,,,2,0,0
wmasf.dll =1,,,,,,,2,0,0

。。。
ntkrnlmp.exe = 1,,,,,,2_,,3,3

这里的“lsi_sas.sys = 1,,,,,,3_,4,1,,,1,4”是描述驱动程序所在位置的代码。
代码的格式为“filename_on_source=diskid,subdir,upgradecode,newinstallcode,spare,spare,newfilename”，
在“txtsetup.sif”文件中的“[SourceDisksNames]”和“[WinntDirectories]”等字段中有详细的描述。

[SourceDisksNames.x86]
1 = %cdname%,%cdtagfilei%,,\i386
_1 = %bootname1%,"%boottagfile1%",,""
_2 = %bootname2%,"%boottagfile2%",,""
_3 = %bootname3%,"%boottagfile3%",,""
_4 = %bootname4%,"%boottagfile4%",,""
_5 = %bootname5%,"%boottagfile5%",,""
_6 = %bootname6%,"%boottagfile6%",,""
_7 = %bootname7%,"%boottagfile7%",,""
1_ = %bootname1%,"%boottagfile1%",,""
2_ = %bootname2%,"%boottagfile2%",,""
3_ = %bootname3%,"%boottagfile3%",,""
4_ = %bootname4%,"%boottagfile4%",,""
5_ = %bootname5%,"%boottagfile5%",,""
6_ = %bootname6%,"%boottagfile6%",,""
7_ = %bootname7%,"%boottagfile7%",,""
7 = %cdname%,%cdtagfilei%,,\i386\lang
8 = %cdname%,%cdtagfilei%,,\i386\lang
9 = %cdname%,%cdtagfilei%,,\i386\lang
10 = %cdname%,%cdtagfilei%,,\i386\lang
11 = %cdname%,%cdtagfilei%,,\i386
12 = %cdname%,%cdtagfilei%,,\i386
13 = %cdname%,%cdtagfilei%,,\i386
14 = %cdname%,%cdtagfilei%,,\i386
15 = %cdname%,%cdtagfilei%,,\i386

[WinntDirectories]
1 = "\"
2 = system32
3 = system32\config
4 = system32\drivers
5 = system
7 = system32\ras
9 = system32\spool
10 = system32\spool\drivers

kd> gu
eax=8027c7c8 ebx=00000000 ecx=00000000 edx=0000000a esi=0032458d edi=00060b45
eip=0032463e esp=00060b24 ebp=00060bb4 iopl=0 nv up di pl nz ac pe nc
cs=0008 ss=0010 ds=0010 es=0010 fs=0030 gs=0000 efl=00000016
setupldr!SlGetDisk+0xa0:
0032463e 8bd8 mov ebx,eax
kd> db 8027c7c8
8027c7c8 31 00 32 5f 00 33 00 33-00 6e 74 6b 72 6e 6c 70 1.2_.3.3.ntkrnlp
8027c7d8 61 2e 65 78 65 00 31 00-33 00 33 00 6e 74 6b 72 a.exe.1.3.3.ntkr
8027c7e8 70 61 6d 70 2e 65 78 65-00 31 00 33 00 33 00 6e pamp.exe.1.3.3.n
8027c7f8 74 6c 64 72 00 31 00 5f-78 00 31 00 33 00 00 00 tldr.1._x.1.3...
8027c808 40 c8 27 80 11 c4 27 80-1e c4 27 80 4b 35 34 00 @.'...'...'.K54.
8027c818 4b 35 34 00 4b 35 34 00-4b 35 34 00 4b 35 34 00 K54.K54.K54.K54.
8027c828 4b 35 34 00 20 c4 27 80-23 c4 27 80 25 c4 27 80 K54. .'.#.'.%.'.
8027c838 00 00 00 00 00 00 00 00-78 c8 27 80 27 c4 27 80 ........x.'.'.'.

//
// Look up disk number to get the diskname and tag.
// Look in platform-specific directory first.
//
strcpy(PlatformSpecificSection,MediaSectionName);
strcat(PlatformSpecificSection,PlatformExtension);

kd> dv PlatformSpecificSection
PlatformSpecificSection = char [128] "SourceDisksNames.x86"

#ifdef UNICODE
if((DiskName = (PTCHAR)SlGetSectionKeyIndexW(
#else
if((DiskName = (PTCHAR)SlGetSectionKeyIndex(
#endif
InfFile,
PlatformSpecificSection,
DiskNumber,
0)) != 0 ) {

kd> t
eax=00060b30 ebx=8027c7c8 ecx=00000000 edx=00324598 esi=0032459d edi=00060b45
eip=0031b9a8 esp=00060b10 ebp=00060bb4 iopl=0 nv up di pl nz na po nc
cs=0008 ss=0010 ds=0010 es=0010 fs=0030 gs=0000 efl=00000002
setupldr!SlGetSectionKeyIndex:
0031b9a8 55 push ebp
kd> dv
INFHandle = 0x8007b0d8
SectionName = 0x00060b30 "SourceDisksNames.x86"
Key = 0x8027c7c8 "1"
ValueIndex = 0

kd> gu
eax=80151c1e ebx=8027c7c8 ecx=00000000 edx=800720b4 esi=0032459d edi=00060b45
eip=003246e3 esp=00060b24 ebp=00060bb4 iopl=0 nv up di ng nz na pe nc
cs=0008 ss=0010 ds=0010 es=0010 fs=0030 gs=0000 efl=00000086
setupldr!SlGetDisk+0x145:
003246e3 85c0 test eax,eax

kd> db 80151c1e
80151c1e 57 69 6e 64 6f 77 73 20-53 65 72 76 65 72 20 32 Windows Server 2
80151c2e 30 30 33 2c 20 53 74 61-6e 64 61 72 64 20 45 64 003, Standard Ed
80151c3e 69 74 69 6f 6e 20 43 44-2d 52 4f 4d 00 0d 0a 70 ition CD-ROM...p
80151c4e 72 6f 64 75 63 74 6e 61-6d 65 20 3d 20 22 57 69 roductname = "Wi
80151c5e 6e 64 6f 77 73 20 53 65-72 76 65 72 20 32 30 30 ndows Server 200
80151c6e 33 2c 20 53 74 61 6e 64-61 72 64 00 0d 0a 0d 0a 3, Standard.....

[SourceDisksNames.x86]
1 = %cdname%,%cdtagfilei%,,\i386

DiskTag = SlGetSectionKeyIndex(InfFile,PlatformSpecificSection,DiskNumber,1);

kd> p
eax=80151e96 ebx=8027c7c8 ecx=00000000 edx=800720bd esi=0032459d edi=80151e96
eip=00324701 esp=00060b24 ebp=00060bb4 iopl=0 nv up di ng nz na pe nc
cs=0008 ss=0010 ds=0010 es=0010 fs=0030 gs=0000 efl=00000086
setupldr!SlGetDisk+0x163:
00324701 8d857cffffff lea eax,[ebp-84h]
kd> db80151e96
80151e96 5c 77 69 6e 35 31 69 73-00 0d 0a 0d 0a 63 64 74 \win51is.....cdt

1 = %cdname%,%cdtagfilei%,,\i386

kd> dv setupldr!LastDiskTag
setupldr!LastDiskTag = 0x00000000 ""

kd> dv
Filename = 0x80151c1e "Windows Server 2003, Standard Edition CD-ROM"
FileId = 0x106
DiskName = 0x80151c1e "Windows Server 2003, Standard Edition CD-ROM"
PlatformSpecificSection = char [128] "SourceDisksNames.x86"

kd> t
eax=00060bb0 ebx=00000000 ecx=00340000 edx=00000001 esi=00000000 edi=80151e96
eip=003035d3 esp=00060b10 ebp=00060bb4 iopl=0 nv up di pl zr na pe nc
cs=0008 ss=0010 ds=0010 es=0010 fs=0030 gs=0000 efl=00000046
setupldr!BlOpen:
003035d3 55 push ebp
kd> dv
DeviceId = 0xa
OpenPath = 0x80151e96 "\win51is"
OpenMode = ArcOpenReadOnly (0n0)
FileId = 0x00060bb0
CompressedName = char [256] "4.???"
kd> dx -r1 ((setupldr!unsigned long *)0x60bb0)
((setupldr!unsigned long *)0x60bb0) : 0x60bb0 : 0x106 [Type: unsigned long *]
0x106 [Type: unsigned long]

kd> dv FileId
FileId = 0

kd> dx -r1 (*((setupldr!_BL_FILE_TABLE (*)[48])0x377d20))
(*((setupldr!_BL_FILE_TABLE (*)[48])0x377d20)) [Type: _BL_FILE_TABLE [48]]
[0] [Type: _BL_FILE_TABLE]
[1] [Type: _BL_FILE_TABLE]

kd> dx -r1 (*((setupldr!_BL_FILE_TABLE *)0x377d20))
(*((setupldr!_BL_FILE_TABLE *)0x377d20)) [Type: _BL_FILE_TABLE]
[+0x000] Flags [Type: _BL_FILE_FLAGS]
[+0x004] DeviceId : 0xa [Type: unsigned long]
[+0x008] Position : {0} [Type: _LARGE_INTEGER]
[+0x010] StructureContext : 0x80079e60 [Type: void *]
[+0x014] DeviceEntryTable : 0x34fce0 [Type: _BL_DEVICE_ENTRY_TABLE *]
[+0x018] FileNameLength : 0x7 [Type: unsigned char]
[+0x019] FileName : "win51is._inf" [Type: char [32]]
[+0x040] u [Type: __unnamed]

kd> dx -r1 (*((setupldr!_BL_FILE_TABLE *)0x377d88))
(*((setupldr!_BL_FILE_TABLE *)0x377d88)) [Type: _BL_FILE_TABLE]
[+0x000] Flags [Type: _BL_FILE_FLAGS]
[+0x004] DeviceId : 0x0 [Type: unsigned long]
[+0x008] Position : {0} [Type: _LARGE_INTEGER]
[+0x010] StructureContext : 0x0 [Type: void *]
[+0x014] DeviceEntryTable : 0x0 [Type: _BL_DEVICE_ENTRY_TABLE *]
[+0x018] FileNameLength : 0x0 [Type: unsigned char]
[+0x019] FileName : "" [Type: char [32]]
[+0x040] u [Type: __unnamed]

if(BlOpen(BootDeviceId,DiskTag,ArcOpenReadOnly,&FileId) == ESUCCESS) {

//
// Disk is in the drive. Return success.
// Leave BootDeviceId open onto the device.
//
BlClose(FileId);
LastDiskTag = DiskTag;
return(TRUE);

kd> x setupldr!LastDiskTag
00348b04 setupldr!LastDiskTag = 0x80151e96 "\win51is"

查看全文

http://www.jsqmd.com/news/378822/