最近做一些自动化分析dump的东西,用windbg插件实现~mark一下~
用WinDDK\7600.16385.1\Debuggers\sdk\samples\exts 编译~~
ULONG64 __stdcall FindObjectByName(char* szObjectName,ULONG64 ulRoot)
{
/*
哈希表
kd> dt _OBJECT_DIRECTORY
nt!_OBJECT_DIRECTORY
+0x000 HashBuckets : [37] Ptr32 _OBJECT_DIRECTORY_ENTRY
+0x094 Lock : _EX_PUSH_LOCK
+0x098 DeviceMap : Ptr32 _DEVICE_MAP
+0x09c SessionId : Uint4B
+0x0a0 Reserved : Uint2B
+0x0a2 SymbolicLinkUsageCount : Uint2B
nt!_OBJECT_DIRECTORY_ENTRY
+0x000 ChainLink : Ptr32 _OBJECT_DIRECTORY_ENTRY
+0x004 Object : Ptr32 Void
*/
BOOL bRet = FALSE;
ULONG ulOffsetHashBucket = 0;
ULONG64 HashBucketsArray;
ULONG pointerSize;
char* iCurrentStr;
if (!ulRoot)
{
//默认从根目录开始遍历
bRet = FetchRootDirectoryObjectValue(&ulRoot);
if (!bRet)
return bRet;
//去掉左斜杠
if (szObjectName[0] == '\