当前位置：首页 > news >正文

setupldr!SlGetSectionKeyIndex函数分析

news 2026/5/11 21:10:19

//
// Load the HAL.
//

strcpy(HalDirectoryPath, BootPath);

。。。
} else {
//
// Note that on x86, the HAL may be on floppy #1 or floppy #2
//
strcat(HalDirectoryPath,HalName);
SlGetDisk(HalName);
BlOutputLoadMessage(BootDevice, HalDirectoryPath, BlFindMessage(SL_HAL_NAME));

#ifdef i386
retryhal:
#endif
Status = BlLoadImage(BootDeviceId,
LoaderHalCode,
HalDirectoryPath,
TARGET_IMAGE,
&HalBase);

kd> kc 5
#
00 setupldr!SlGetDisk
01 setupldr!SlInit
02 setupldr!BlStartup
03 setupldr!NtProcessStartup
WARNING: Frame IP not in any known module. Following frames may be wrong.
04 0x0
kd> dv
Filename = 0x8023eedd "halaacpi.dll"
FileId = 8
DiskName = 0x8023eedd "halaacpi.dll"
PlatformSpecificSection = char [128] "???"

[SourceDisksFiles.x86]

halaacpi.dll = 1,,,,,,3_,2,3,,,1,2

#if defined(ELTORITO)
if (ElToritoCDBoot) {
// for Cd boot we use the setup media path instead of a boot-media-specific path
DiskNumber = SlGetSectionKeyIndex(InfFile,PlatformSpecificSection,Filename,0);
}

kd> t
eax=00060b30 ebx=00000000 ecx=00000000 edx=00324588 esi=0032458d edi=00060b45
eip=0031b9a8 esp=00060b10 ebp=00060bb4 iopl=0 nv up di pl nz na po nc
cs=0008 ss=0010 ds=0010 es=0010 fs=0030 gs=0000 efl=00000002
setupldr!SlGetSectionKeyIndex:
0031b9a8 55 push ebp
kd> dv
INFHandle = 0x8007b0d8
SectionName = 0x00060b30 "SourceDisksFiles.x86"
Key = 0x8023eedd "halaacpi.dll"
ValueIndex = 0

if((pSection = SearchSectionByName(
(PINF)INFHandle,
SectionName
))
== (PSECTION)NULL)
return((PCHAR)NULL);

kd> p
eax=80275d90 ebx=00000000 ecx=00060b30 edx=00324588 esi=0032458d edi=00060b45
eip=0031b9b8 esp=00060b0c ebp=00060b0c iopl=0 nv up di ng nz na pe nc
cs=0008 ss=0010 ds=0010 es=0010 fs=0030 gs=0000 efl=00000086
setupldr!SlGetSectionKeyIndex+0x10:
0031b9b8 741c je setupldr!SlGetSectionKeyIndex+0x2e (0031b9d6) [br=0]
kd> dt _SECTION 80275d90
setupldr!_section
+0x000 pNext : 0x80275870 _section
+0x004 pName : 0x80275460 "SourceDisksFiles.x86"
+0x008 pLine : 0x80275da0 _line
kd> dx -r1 ((setupldr!_section *)0x80275870)
((setupldr!_section *)0x80275870) : 0x80275870 [Type: _section *]
[+0x000] pNext : 0x80273dc0 [Type: _section *]
[+0x004] pName : 0x80275297 : "SourceDisksFiles.amd64" [Type: char *]
[+0x008] pLine : 0x80275880 [Type: _line *]

if((pLine = SearchLineInSectionByKey(
pSection,
Key,
NULL
))
== (PLINE)NULL)
return((PCHAR)NULL);

kd> p
eax=80279c90 ebx=00000000 ecx=8023eedd edx=00324588 esi=0032458d edi=00060b45
eip=0031b9c7 esp=00060b0c ebp=00060b0c iopl=0 nv up di ng nz na pe nc
cs=0008 ss=0010 ds=0010 es=0010 fs=0030 gs=0000 efl=00000086
setupldr!SlGetSectionKeyIndex+0x1f:
0031b9c7 740d je setupldr!SlGetSectionKeyIndex+0x2e (0031b9d6) [br=0]
kd> dt _LINE 80279c90
setupldr!_line
+0x000 pNext : 0x80279ce0 _line
+0x004 pName : 0x80279639 "halaacpi.dll"
+0x008 InternalValues : [10] 0x80279646 "1"
+0x030 pFirstExternalValue : 0x80279cc8 _value
kd> dx -r1 (*((setupldr!char * (*)[10])0x80279c98))
(*((setupldr!char * (*)[10])0x80279c98)) [Type: char * [10]]
[0] : 0x80279646 : "1" [Type: char *]
[1] : 0x34354b : "" [Type: char *]
[2] : 0x34354b : "" [Type: char *]
[3] : 0x34354b : "" [Type: char *]
[4] : 0x34354b : "" [Type: char *]
[5] : 0x34354b : "" [Type: char *]
[6] : 0x80279648 : "3_" [Type: char *]
[7] : 0x8027964b : "2" [Type: char *]
[8] : 0x8027964d : "3" [Type: char *]
[9] : 0x34354b : "" [Type: char *]
kd> dx -r1 ((setupldr!_line *)0x80279ce0)
((setupldr!_line *)0x80279ce0) : 0x80279ce0 [Type: _line *]
[+0x000] pNext : 0x80279d30 [Type: _line *]
[+0x004] pName : 0x80279653 : "halacpi.dll" [Type: char *]
[+0x008] InternalValues [Type: char * [10]]
[+0x030] pFirstExternalValue : 0x80279d18 [Type: _value *]

if((pName = SearchValueInLine(
pLine,
ValueIndex
))
== (PCHAR)NULL)
return((PCHAR)NULL);

kd> p
eax=80279646 ebx=00000000 ecx=00000000 edx=0000000a esi=0032458d edi=00060b45
eip=0031b9da esp=00060b0c ebp=00060b0c iopl=0 nv up di ng nz na po nc
cs=0008 ss=0010 ds=0010 es=0010 fs=0030 gs=0000 efl=00000082
setupldr!SlGetSectionKeyIndex+0x32:
0031b9da 50 push eax
kd> db 80279646
80279646 31 00 33 5f 00 32 00 33-00 31 00 32 00 68 61 6c 1.3_.2.3.1.2.hal

查看全文

http://www.jsqmd.com/news/381178/