{"id":19,"date":"2023-08-20T21:44:47","date_gmt":"2023-08-20T13:44:47","guid":{"rendered":"https:\/\/www.linudows.com\/?p=19"},"modified":"2023-09-04T00:33:02","modified_gmt":"2023-09-03T16:33:02","slug":"windows-iscsi-install-bsod","status":"publish","type":"post","link":"https:\/\/www.lidowx.com\/index.php\/2023\/08\/20\/windows-iscsi-install-bsod\/","title":{"rendered":"Windows iscsi \u5b89\u88c5\u84dd\u5c4f\u95ee\u9898\u5206\u6790\u8bb0\u5f55"},"content":{"rendered":"\n<p><strong>\u5148\u8bf4&#8221;Win10 ISO\u5b89\u88c5\u5230iscsi&#8221;\u662f\u600e\u4e48\u64cd\u4f5c\u7684:<\/strong><\/p>\n\n\n\n<p>1.\u914d\u597discsi server + dhcp + tftp + ipxe<br>2.\u521b\u5efa\u4e00\u4e2a\u865a\u62df\u673a, \u4e0d\u8981\u786c\u76d8, \u6302\u4e00\u4e2aWindows ISO<br>2.\u542f\u52a8\u865a\u62df\u673a, \u6307\u5b9a\u4ece\u7f51\u7edc\u542f\u52a8, \u6ce8\u610f\u522b\u76f4\u63a5\u4eceISO\u542f\u52a8<br>3.\u4ece\u7f51\u7edc\u52a0\u8f7dIPXE\u540e, CTRL+B\u8fdb\u5165ipxe shell, \u6267\u884csanhook\u547d\u4ee4, ipxe\u5c31\u4f1a\u5728\u4f4e\u5185\u5b58\u533a\u57df\u4fdd\u5b58iscsi\u76d8\u4fe1\u606f;<br>4.sanhook\u6210\u529f\u540e, \u6267\u884cexit\u9000\u51faipxe shell, \u518d\u6309\u4efb\u610f\u952e, \u5c31\u4f1a\u4eceiso\u542f\u52a8<br>5.\u5982\u679c\u4e00\u5207\u6b63\u5e38, ISO\u91cc\u9762\u7684\u5185\u6838\u5728\u521d\u59cb\u5316\u65f6, \u4f1a\u4ece\u4f4e\u5185\u5b58\u533a\u57df\u8bc6\u522biscsi\u76d8\u4fe1\u606f\u5e76\u5c1d\u8bd5\u8fde\u63a5, \u7136\u540ewindows\u5b89\u88c5\u7a0b\u5e8f\u5c31\u80fd\u663e\u793a\u51fa\u78c1\u76d8, \u540e\u7eed\u5c31\u662f\u6b63\u5e38\u5b89\u88c5\u8fc7\u7a0b\u4e86<\/p>\n\n\n\n<p>\u5728\u6709\u5149\u9a71\u5e76\u4e14\u4e5f\u4e0d\u8ffd\u6c42\u81ea\u52a8\u5316\u6279\u91cf\u90e8\u7f72\u7684\u65f6\u5019, \u65e0\u8bba\u662f\u786ciscsi\u8fd8\u662f\u8f6fiscsi, \u8fd9\u90fd\u662f\u4e2a\u5f88\u6807\u51c6\u7684\u64cd\u4f5c\u65b9\u5f0f, \u4f46\u662f\u8fd9\u4e24\u5929\u7528\u8fd9\u4e2a\u65b9\u5f0f\u5b89\u88c5Win10 22H2\u65f6\u9047\u5230\u5947\u8469\u84dd\u5c4f.<\/p>\n\n\n\n<p><strong>\u5982\u56fe:<\/strong><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"995\" height=\"726\" src=\"https:\/\/www.linudows.com\/wp-content\/uploads\/2023\/09\/image.png\" alt=\"\" class=\"wp-image-20\" srcset=\"https:\/\/www.lidowx.com\/wp-content\/uploads\/2023\/09\/image.png 995w, https:\/\/www.lidowx.com\/wp-content\/uploads\/2023\/09\/image-300x219.png 300w, https:\/\/www.lidowx.com\/wp-content\/uploads\/2023\/09\/image-768x560.png 768w\" sizes=\"(max-width: 995px) 100vw, 995px\" \/><\/figure>\n\n\n\n<p><\/p>\n\n\n\n<p>\u5728\u8d70\u5230&#8221;\u6b63\u5728\u51c6\u5907\u8981\u5b89\u88c5\u7684\u6587\u4ef6&#8221;\u8fd9\u4e00\u6b65\u65f6\u5fc5\u7136\u84dd\u5c4f:<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"975\" height=\"726\" src=\"https:\/\/www.linudows.com\/wp-content\/uploads\/2023\/09\/image-1.png\" alt=\"\" class=\"wp-image-21\" srcset=\"https:\/\/www.lidowx.com\/wp-content\/uploads\/2023\/09\/image-1.png 975w, https:\/\/www.lidowx.com\/wp-content\/uploads\/2023\/09\/image-1-300x223.png 300w, https:\/\/www.lidowx.com\/wp-content\/uploads\/2023\/09\/image-1-768x572.png 768w\" sizes=\"(max-width: 975px) 100vw, 975px\" \/><\/figure>\n\n\n\n<p><strong>\u672c\u7740\u5148\u6000\u7591\u81ea\u5df1\u518d\u6000\u7591\u4ed6\u4eba\u7684\u539f\u5219, \u5148\u505a\u4e86\u5982\u4e0b\u64cd\u4f5c:<\/strong><\/p>\n\n\n\n<p>1. vmware\u6362vbox<br>2. \u914d\u5408\u5404\u7248\u672cipxe\u7684wimboot, \u5728\u7269\u7406\u673a\u4e0a\u64cd\u4f5c<br>3. \u6362\u4e0d\u540c\u7248\u672c\u7684Win10 ISO<br>4. \u68c0\u67e5iscsi server\u8f6f\u575a\u786c\u662f\u5426\u6709\u5f02\u5e38, \u6362\u4e0d\u540c\u7684iscsi server\u53caipxe\u7248\u672c<br>5. \u5148\u672c\u5730\u88c5\u597d\u7cfb\u7edf, \u7136\u540e\u505a\u6210IMG\u653e\u5230iscsi server\u4e0a, \u8df3\u8fc7iso\u5b89\u88c5\u8fc7\u7a0b<\/p>\n\n\n\n<p><strong>\u4ee5\u4e0a\u64cd\u4f5c\u5168\u90fd\u4f1a\u51fa\u73b0\u4e00\u6837\u7684\u84dd\u5c4f. \u6700\u540e\u627e\u4e86\u4e2aWin7 ISO, \u5728\u5404\u79cd\u6761\u4ef6\u4e0b\u90fd\u662f\u4e00\u6b21\u6210\u529f.<\/strong><\/p>\n\n\n\n<p><strong>\u4ee5\u4e0a\u64cd\u4f5c\u867d\u7136\u6ca1\u80fd\u89e3\u51b3\u95ee\u9898, \u4f46\u662f\u57fa\u672c\u786e\u5b9a\u4e86\u95ee\u9898\u8303\u56f4: Win10.<\/strong><\/p>\n\n\n\n<p>\u5c1d\u8bd5Google\u4e00\u4e0b, \u8fd8\u771f\u641c\u5230\u4e00\u4e2a\u7c7b\u4f3c\u7684\u95ee\u9898, \u89e3\u51b3\u65b9\u6cd5\u662f\u901a\u8fc7\u6302\u76d8\u4fee\u6539\u6ce8\u518c\u8868, \u5173\u95edPageFile.<br>\u7136\u800c\u64cd\u4f5c\u4e4b\u540e\u53d1\u73b0\u4f9d\u65e7\u84dd\u5c4f. \u800c\u4e14\u770b\u539f\u5e16\u4e5f\u786e\u5b9e\u6709\u4eba\u8bf4\u884c, \u6709\u4eba\u8bf4\u4e0d\u884c.<\/p>\n\n\n\n<p>\u90a3\u4e48\u770b\u8d77\u6765\u8fd8\u662f\u9700\u8981\u5206\u6790\u4e00\u4e0b, ISO\u5b89\u88c5\u65f6\u84dd\u5c4f\u8fd9\u4e2a\u573a\u666f\u4f3c\u4e4e\u4e0d\u592a\u597d\u62ff\u5230dump\u6587\u4ef6, \u6240\u4ee5\u9996\u5148\u5bf9ISO\u5f00\u542f\u8c03\u8bd5\u8bbe\u7f6e(\u89e3\u538bISO -&gt; bcdedit \/store xxxxx\\boot\\bcd \/debug on -&gt; \u91cd\u65b0\u6253\u5305ISO), \u7136\u540e\u7ed9\u865a\u62df\u673a\u6dfb\u52a0\u4e00\u4e2acom\u53e3, \u8bbe\u7f6e\u597dwindbg\u53cc\u673a\u8c03\u8bd5, \u518d\u7ee7\u7eed\u5148\u524d\u7684\u64cd\u4f5c.<\/p>\n\n\n\n<p><strong>\u590d\u73b0\u540e\u770bWindbg:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>*** Fatal System Error: 0x000000d1\n&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;(0xFFFFF803467B59D0,0x0000000000000002,0x0000000000000008,0xFFFFF803467B59D0)\n\nBreak instruction exception - code 80000003 (first chance)\n\nA fatal system error has occurred.\nDebugger entered on first try; Bugcheck callbacks have not been invoked.\n\nA fatal system error has occurred.\n\nFor analysis of this file, run !analyze -v\nnt!DbgBreakPointWithStatus:\nfffff803`3e003770 cc&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;int&nbsp; &nbsp;&nbsp;&nbsp;3<\/code><\/pre>\n\n\n\n<p><strong>\u89e3\u91ca\u84dd\u5c4f\u4ee3\u7801\u548c\u53c2\u65700x000000d1 (0xFFFFF803467B59D0,0x0000000000000002,0x0000000000000008,0xFFFFF803467B59D0):<\/strong><\/p>\n\n\n\n<p>1. \u7ecf\u5178\u4ee3\u78010x000000d1, \u8868\u793aIRQL\u592a\u9ad8\u6ca1\u6cd5\u5904\u7406PageFault;<br>2. \u53c2\u6570\u4e2d\u7b2c\u4e00\u4e2a0xFFFFF803467B59D0\u4e3a\u53d1\u751fPageFault\u7684\u5730\u5740;<br>3. 0x0000000000000002\u8868\u793a\u5f53\u65f6\u7684IRQL\u4e3aDISPATCH_LEVEL;<br>4. 0x0000000000000008\u8868\u793a\u5f53\u65f6\u662fExecute\u64cd\u4f5c, \u4e0d\u662f\u8bfb\u5199;<br>5. \u6700\u540e\u4e00\u4e2a0xFFFFF803467B59D0\u8868\u793a\u662f\u89e6\u53d1\u8fd9\u6b21PageFault\u7684RIP.<\/p>\n\n\n\n<p><strong>\u7ec4\u5408\u8d77\u6765:<\/strong><\/p>\n\n\n\n<p>\u5f53RIP\u6307\u54110xFFFFF803467B59D0\u51c6\u5907\u6267\u884c\u65f6, \u5bf9\u5e94\u4ee3\u7801\u9875\u4e0d\u5728\u7269\u7406\u5185\u5b58, \u53d1\u751fPageFault, \u4f46\u6b64\u65f6IRQL\u53c8\u662fDispatchLevel, \u6ca1\u6cd5\u505a\u78c1\u76d8\u8bfb\u5199\u64cd\u4f5c, \u56e0\u6b64Windows\u9009\u62e9\u84dd\u5c4f.<\/p>\n\n\n\n<p><strong>\u770b\u4e00\u4e0b\u6808:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>0: kd&gt; k\n# Child-SP&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; RetAddr&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;Call Site\n00 fffff203`25c35a78 fffff803`3e115392&nbsp; &nbsp;&nbsp;&nbsp;nt!DbgBreakPointWithStatus\n01 fffff203`25c35a80 fffff803`3e114976&nbsp; &nbsp;&nbsp;&nbsp;nt!KiBugCheckDebugBreak+0x12\n02 fffff203`25c35ae0 fffff803`3dffa2d7&nbsp; &nbsp;&nbsp;&nbsp;nt!KeBugCheck2+0x946\n03 fffff203`25c361f0 fffff803`3e00e229&nbsp; &nbsp;&nbsp;&nbsp;nt!KeBugCheckEx+0x107\n04 fffff203`25c36230 fffff803`3e009de3&nbsp; &nbsp;&nbsp;&nbsp;nt!KiBugCheckDispatch+0x69\n05 fffff203`25c36370 fffff803`467b59d0&nbsp; &nbsp;&nbsp;&nbsp;nt!KiPageFault+0x463\n06 fffff203`25c36508 fffff803`46930271&nbsp; &nbsp;&nbsp;&nbsp;0xfffff803`467b59d0\n07 fffff203`25c36510 fffff803`46923aa5&nbsp; &nbsp;&nbsp;&nbsp;dump_NETIO!WfpReleaseFastWriteLock+0x55\n08 fffff203`25c36540 fffff803`46944aac&nbsp; &nbsp;&nbsp;&nbsp;dump_NETIO!KfdSetVisibleFilterState+0x51\n09 fffff203`25c36570 fffff803`469a94cc&nbsp; &nbsp;&nbsp;&nbsp;dump_NETIO!KfdApplyBoottimePolicy+0x58\n0a fffff203`25c365d0 fffff803`3e20f25b&nbsp; &nbsp;&nbsp;&nbsp;dump_NETIO!KfdApplyBoottimePolicyCallback+0x4c\n0b fffff203`25c36600 fffff803`3e20ef6e&nbsp; &nbsp;&nbsp;&nbsp;nt!RtlpCallQueryRegistryRoutine+0x13f\n0c fffff203`25c36670 fffff803`3e2f6aae&nbsp; &nbsp;&nbsp;&nbsp;nt!RtlpQueryRegistryValues+0x31a\n0d fffff203`25c36750 fffff803`469a9363&nbsp; &nbsp;&nbsp;&nbsp;nt!RtlQueryRegistryValuesEx+0xe\n0e fffff203`25c36790 fffff803`469a92c2&nbsp; &nbsp;&nbsp;&nbsp;dump_NETIO!KfdReadAndApplyBoottimePolicy+0x4f\n.........\u5176\u4ed6\u7565............<\/code><\/pre>\n\n\n\n<p><strong>\u6808\u91cc\u6709\u4e2a\u5c0f\u95ee\u9898:<\/strong><\/p>\n\n\n\n<p>nt!KiPageFault+0x463\u4e0a\u5c42\u662f\u4e00\u4e2a\u65e0\u7b26\u53f7\u4e14\u65e0\u6a21\u5757\u7684\u5730\u5740: 0xfffff803`467b59d0, \u4e5f\u6b63\u662f\u84dd\u5c4f\u53c2\u6570\u91cc\u7684\u5730\u5740\u4fe1\u606f(\u89e6\u53d1\u4ee5\u53ca\u53d1\u751fPF\u7684\u5730\u5740).<br>\u4e3a\u5565\u8bf4\u8fd9\u91cc\u5b58\u5728\u5c0f\u95ee\u9898, \u56e0\u4e3a\u5c31\u7b97\u5fae\u8f6f\u6ca1\u63d0\u4f9b\u7b26\u53f7\u6216\u8005\u662f\u7b2c\u4e09\u65b9\u6a21\u5757, \u6309\u9053\u7406windbg\u4e5f\u5e94\u8be5\u663e\u793a\u4e3a\u6a21\u5757\u540d+\u504f\u79fb\u800c\u4e0d\u662f\u76f4\u63a5\u663e\u793a\u4e00\u4e2a\u7edd\u5bf9\u5730\u5740.<\/p>\n\n\n\n<p><strong>\u8fd9\u79cd\u73b0\u8c61\u5e38\u89c1\u7684\u4e09\u4e2a\u539f\u56e0:<\/strong><\/p>\n\n\n\n<p>1. \u6808\u672c\u8eab\u5c31\u662f\u574f\u7684, \u73b0\u5728\u80af\u5b9a\u4e0d\u5c5e\u4e8e\u8fd9\u79cd\u60c5\u51b5, \u84dd\u5c4f\u6808\u76f8\u5f53\u5b8c\u6574\u548c\u6b63\u786e, \u53ef\u4ee5\u4e00\u76f4\u56de\u6eaf\u5230\u7528\u6237\u6001;<br>2. Windbg\u5f00\u7684\u65f6\u673a\u6bd4\u8f83\u665a, \u800c\u6211\u786e\u5b9a\u662f\u5148\u5f00\u7684windbg\u518d\u542f\u52a8\u7684\u865a\u62df\u673a, \u4e5f\u4e0d\u5c5e\u4e8e\u8fd9\u79cd\u60c5\u51b5;<br>3. \u4ee5\u524d\u641e\u5b89\u5168\u65f6\u5019\u7ecf\u5e38\u4f1a\u6536\u96c6\u5230RCE\u5bfc\u81f4\u7684\u6808\u4e2d\u51fa\u73b0\u65e0\u6a21\u5757RIP\u7684dump, \u7136\u540e\u672c\u6b21\u4f7f\u7528\u7684ISO\u786e\u5b9e\u90fd\u662f\u5728\u7f51\u4e0a\u627e\u7684\u79cd\u5b50, \u8fd8\u771f\u4e0d\u80fd\u4fdd\u8bc1\u4e00\u5b9a\u662f\u5e72\u51c0\u7684.<\/p>\n\n\n\n<p><strong>\u4e8e\u662f\u68c0\u67e5\u4e0a\u5c42\u8c03\u7528\u5904\u7684\u4ee3\u7801, \u4e5f\u5c31\u662fdump_NETIO!WfpReleaseFastWriteLock+0x55\u7684\u4e0a\u4e00\u884c:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>WfpReleaseFastWriteLock+48 loc_1C0010264: ; CODE XREF: WfpReleaseFastWriteLock+18\u2191j\nWfpReleaseFastWriteLock+48                           ; WfpReleaseFastWriteLock+42\u2191j\nWfpReleaseFastWriteLock+48 028 48 8B 0F             mov rcx, &#91;rdi] ; Lock\nWfpReleaseFastWriteLock+4B 028 48 8B D3             mov rdx, rbx ; LockState\nWfpReleaseFastWriteLock+4E 028 48 FF 15 47 3E 07 00 call cs:__imp_NdisReleaseRWLock\nWfpReleaseFastWriteLock+4E\nWfpReleaseFastWriteLock+55 028 0F 1F 44 00 00       nop dword ptr &#91;rax+rax+00h]\nWfpReleaseFastWriteLock+5A 028 48 8B 5C 24 30       mov rbx, &#91;rsp+28h+arg_0]\nWfpReleaseFastWriteLock+5F 028 48 83 C4 20          add rsp, 20h\nWfpReleaseFastWriteLock+63 008 5F                   pop rdi\nWfpReleaseFastWriteLock+64 000 C3                   retn<\/code><\/pre>\n\n\n\n<p>\u8fd9\u91cc\u53ef\u4ee5\u770b\u51fa\u53d1\u751fPageFault\u7684\u5730\u5740\u7406\u8bba\u4e0a\u5e94\u8be5\u662fIAT NdisReleaseRWLock. \u4f46\u56e0\u4e3aWindbg\u663e\u793a\u4e0d\u4e86\u6a21\u5757, \u6682\u65f6\u4e5f\u4e0d\u80fd\u786e\u5b9a\u8fd9\u662f\u4e0d\u662f\u88abHOOK.<br>\u5c1d\u8bd5\u624b\u52a8\u904d\u5386\u4e00\u4e0bPsLoadedModuleList, \u53d1\u73b0\u5176\u5b9e\u8fd9\u4e2a\u5730\u5740\u662f\u5728dump_ndis.sys\u6a21\u5757\u5185, \u90a3\u770b\u8d77\u6765\u8fd8\u662f\u56e0\u4e3a\u67d0\u4e9b\u539f\u56e0\u5bfc\u81f4windbg\u6ca1\u80fd\u8bc6\u522b\u51fa\u6a21\u5757.<\/p>\n\n\n\n<p>\u56e0\u6b64\u8bd5\u8bd5\u91cd\u65b0\u6253\u5f00windbg, \u518d.reload \/f\u91cd\u65b0\u52a0\u8f7d\u7b26\u53f7\u518dk, \u53d1\u73b0windbg\u5df2\u7ecf\u80fd\u591f\u6b63\u786e\u663e\u793a\u4e3adump_NDIS!NdisReleaseRWLock, \u90a3\u4e48shellcode\u7684\u53ef\u80fd\u6027\u5c31\u53ef\u4ee5\u5c0f\u5c0f\u7684\u6392\u9664\u4e86:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>0: kd&gt; k\n# Child-SP&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; RetAddr&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;Call Site\n00 fffff203`25c35a78 fffff803`3e115392&nbsp; &nbsp;&nbsp;&nbsp;nt!DbgBreakPointWithStatus\n01 fffff203`25c35a80 fffff803`3e114976&nbsp; &nbsp;&nbsp;&nbsp;nt!KiBugCheckDebugBreak+0x12\n02 fffff203`25c35ae0 fffff803`3dffa2d7&nbsp; &nbsp;&nbsp;&nbsp;nt!KeBugCheck2+0x946\n03 fffff203`25c361f0 fffff803`3e00e229&nbsp; &nbsp;&nbsp;&nbsp;nt!KeBugCheckEx+0x107\n04 fffff203`25c36230 fffff803`3e009de3&nbsp; &nbsp;&nbsp;&nbsp;nt!KiBugCheckDispatch+0x69\n05 fffff203`25c36370 fffff803`467b59d0&nbsp; &nbsp;&nbsp;&nbsp;nt!KiPageFault+0x463\n06 fffff203`25c36508 fffff803`46930271&nbsp; &nbsp;&nbsp;&nbsp;dump_NDIS!NdisReleaseRWLock\n07 fffff203`25c36510 fffff803`46923aa5&nbsp; &nbsp;&nbsp;&nbsp;dump_NETIO!WfpReleaseFastWriteLock+0x55\n..............................\n\u6ce8\u610fnetio\u548cndis\u8fd9\u4e24\u4e2a\u6a21\u5757\u524d\u9762\u90fd\u5e26\u4e2adump_\u524d\u7f00, \u662f\u56e0\u4e3awindows dump\u529f\u80fd\u521d\u59cb\u5316\u673a\u5236\u5c31\u662f\u8fd9\u6837, \u4e0d\u662f\u5f02\u5e38\u73b0\u8c61. \u8fd9\u91cc\u7684dump_ndis.sys\u548cdump_netio.sys\u5728\u78c1\u76d8\u4e0a\u7684\u6587\u4ef6\u5176\u5b9e\u5c31\u662f\u539f\u672c\u7684ndis.sys\u548cnetio.sys, \u53ea\u662f\u5185\u6838\u5728\u521d\u59cb\u5316dump\u529f\u80fd\u65f6\u4f1a\u52a0\u4e0adump_\u524d\u7f00, \u628a\u78c1\u76d8\u9a71\u52a8\u76f8\u5173\u7684\u6a21\u5757\u6362\u4e2a\u540d\u5b57\u5728\u5185\u5b58\u4e2d\u518d\u6b21\u52a0\u8f7d\u4e00\u4efd, \u8ddflinux\u7684kdump\u4f1a\u91cd\u65b0\u52a0\u8f7d\u4e00\u4efd\u5e72\u51c0\u7684\u5185\u6838\u7c7b\u4f3c. \u53ea\u6709\u5f53\u53d1\u751f\u84dd\u5c4f\u65f6\u624d\u4f1a\u8d70dump_\u524d\u7f00\u7684\u6a21\u5757, \u76ee\u7684\u662f\u4e3a\u4e86\u5b9e\u73b0\u5f53\u7cfb\u7edf\u84dd\u5c4f\u65f6, \u5c31\u7b97\u662f\u78c1\u76d8\u9a71\u52a8\u81ea\u8eab\u70b8\u4e86, \u7cfb\u7edf\u4e5f\u80fd\u5c06DUMP\u6570\u636e\u5199\u5165\u78c1\u76d8(\u5b9e\u9645\u4e0aiscsi\u542f\u52a8\u573a\u666f\u8fd9\u6837\u505a\u662f\u6ca1\u7528\u7684).<\/code><\/pre>\n\n\n\n<p>\u6b63\u5e38\u6765\u8bf4\u7269\u7406\u673a\u5e94\u8be5\u662f\u52a0\u8f7d\u7269\u7406\u78c1\u76d8\u9a71\u52a8, \u4f46\u5f53\u524d\u662fiscsi\u542f\u52a8, \u5bf9\u5e94\u7684\u865a\u62df\u78c1\u76d8\u9a71\u52a8msiscsi.sys\u4f9d\u8d56netio\u548cndis, \u6240\u4ee5\u7cfb\u7edf\u8ba4\u4e3a\u9700\u8981\u91cd\u65b0\u52a0\u8f7ddump_ndis.sys\u548cdump_netio.sys.<\/p>\n\n\n\n<p>\u540e\u6587\u63d0\u5230netio.sys\u548cndis.sys\u65f6, \u5982\u679c\u6ca1\u6709\u7279\u610f\u8bf4\u660e, \u90fd\u662f\u6307\u65b0\u52a0\u8f7d\u7684dump_ndis\u548cdump_netio, \u800c\u4e0d\u662f\u7cfb\u7edf\u6b63\u5e38\u8fd0\u884c\u65f6\u4f7f\u7528\u7684ndis\u548cnetio.<\/p>\n\n\n\n<p><strong>\u5230\u8fd9\u91cc\u518d\u91cd\u590d\u4e00\u4e0b:<\/strong><br>\u5f53RIP\u6307\u5411NdisReleaseRWLock\u51c6\u5907\u6267\u884c\u65f6, \u5bf9\u5e94\u4ee3\u7801\u9875\u4e0d\u5728\u7269\u7406\u5185\u5b58\u53d1\u751f\u7f3a\u9875\u5f02\u5e38\u7136\u540e\u9ad8IRQL\u84dd\u5c4f.<\/p>\n\n\n\n<p><strong>\u63a5\u4e0b\u6765\u770b\u770bNdisReleaseRWLock\u7684PTE:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>0: kd&gt; !pte @cr2\n&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; VA fffff803467b59d0\nPXE at FFFFFF7FBFDFEF80&nbsp; &nbsp; PPE at FFFFFF7FBFDF0068&nbsp; &nbsp; PDE at FFFFFF7FBE00D198&nbsp; &nbsp; PTE at FFFFFF7C01A33DA8\ncontains 000000002FC09063&nbsp;&nbsp;contains 000000002FD16063&nbsp;&nbsp;contains 0A0000011FFA4863&nbsp;&nbsp;contains 950D315840B80400\npfn 2fc09&nbsp; &nbsp;&nbsp;&nbsp;---DA--KWEV&nbsp;&nbsp;pfn 2fd16&nbsp; &nbsp;&nbsp;&nbsp;---DA--KWEV&nbsp;&nbsp;pfn 11ffa4&nbsp; &nbsp; ---DA--KWEV&nbsp;&nbsp;not valid<\/code><\/pre>\n\n\n\n<p><strong>\u6700\u540e\u4e00\u7ea7not valid, \u786e\u5b9e\u4e0d\u5728\u7269\u7406\u5185\u5b58, \u4f46\u8fd9\u91cc\u5c31\u6709\u70b9\u8bf4\u4e0d\u901a:<\/strong><br>NdisReleaseRWLock\u662f\u4e2a\u5bfc\u51fa\u63a5\u53e3, \u672c\u8eab\u5c31\u53ef\u4ee5\u8dd1\u5728DispatchLevel, \u800c\u4e14\u5b83\u5728Text\u6bb5,\u4e0d\u662fPage\u6216Init, \u90a3\u4e48\u5f53\u5185\u6838\u52a0\u8f7ddump_ndis\u6a21\u5757\u540e,\u53ea\u8981\u6ca1\u6709\u5916\u90e8\u5e72\u9884(\u6bd4\u5982\u8c03\u7528\u4e00\u4e9bMM\u63a5\u53e3\u5f3a\u884c\u8ba9\u5185\u6838\u628a\u5bf9\u5e94\u6bb5\u53d8\u6210paged), \u90a3NdisReleaseRWLock\u6240\u5728\u7684\u9875\u5e94\u5f53\u662f\u4e00\u76f4\u5728\u7269\u7406\u5185\u5b58\u624d\u5bf9, \u4e0d\u53ef\u80fd\u53d1\u751fPF.<\/p>\n\n\n\n<p>\u662fWin\u7684bug? \u6682\u65f6\u8fd8\u4e0d\u80fd\u8fd9\u4e48\u60f3, \u6bd4\u5982\u6709\u6ca1\u6709\u53ef\u80fd\u662f\u56e0\u4e3aiscsi\u4e0d\u7a33\u5b9a, IO\u51fa\u95ee\u9898\u800c\u5bfc\u81f4\u6a21\u5757\u52a0\u8f7d\u65f6\u51fa\u4e86\u4e00\u4e9b\u5f02\u5e38?<br>\u8fd9\u4e2a\u63a8\u6d4b\u4e0e\u5f53\u524d\u573a\u666f\u770b\u8d77\u6765\u786e\u5b9e\u6709\u4e00\u5b9a\u76f8\u5173\u6027(\u4ece\u7f51\u7edciscsi\u542f\u52a8, \u5e76\u4e14\u8fd8\u4e0d\u662f\u4ec0\u4e48\u7279\u522b\u7a33\u5b9a\u7684\u73af\u5883), \u4f46\u662f\u65e9\u5c31\u68c0\u67e5\u8fc7iscsi server\u6ca1\u6709\u4efb\u4f55\u5f02\u5e38, \u751a\u81f3\u6362\u8fc7\u591a\u4e2a\u4e0d\u540c\u7684iscsi server.<\/p>\n\n\n\n<p><strong>\u90a3\u4e48\u8fd8\u662f\u7ee7\u7eed\u770b\u8fd9\u4e2a\u6808, \u4ece\u6700\u65e9\u7684\u7528\u6237\u6001\u7ebf\u7a0b\u8d77\u70b9\u5f00\u59cb\u770b(\u53ef\u4ee5\u8df3\u8fc7, \u4e0b\u9762\u6709TLDR\u7248):<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>0: kd&gt; k\n# Child-SP&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; RetAddr&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;Call Site\n00 fffff406`82900a78 fffff804`66315392&nbsp; &nbsp;&nbsp;&nbsp;nt!DbgBreakPointWithStatus\n01 fffff406`82900a80 fffff804`66314976&nbsp; &nbsp;&nbsp;&nbsp;nt!KiBugCheckDebugBreak+0x12\n02 fffff406`82900ae0 fffff804`661fa2d7&nbsp; &nbsp;&nbsp;&nbsp;nt!KeBugCheck2+0x946\n03 fffff406`829011f0 fffff804`6620e229&nbsp; &nbsp;&nbsp;&nbsp;nt!KeBugCheckEx+0x107\n04 fffff406`82901230 fffff804`66209de3&nbsp; &nbsp;&nbsp;&nbsp;nt!KiBugCheckDispatch+0x69\n05 fffff406`82901370 fffff804`6f8b59d0&nbsp; &nbsp;&nbsp;&nbsp;nt!KiPageFault+0x463\n06 fffff406`82901508 fffff804`6fa30271&nbsp; &nbsp;&nbsp;&nbsp;dump_NDIS!NdisReleaseRWLock\n07 fffff406`82901510 fffff804`6fa23aa5&nbsp; &nbsp;&nbsp;&nbsp;dump_NETIO!WfpReleaseFastWriteLock+0x55\n08 fffff406`82901540 fffff804`6fa44aac&nbsp; &nbsp;&nbsp;&nbsp;dump_NETIO!KfdSetVisibleFilterState+0x51\n09 fffff406`82901570 fffff804`6faa94cc&nbsp; &nbsp;&nbsp;&nbsp;dump_NETIO!KfdApplyBoottimePolicy+0x58\n0a fffff406`829015d0 fffff804`6640f25b&nbsp; &nbsp;&nbsp;&nbsp;dump_NETIO!KfdApplyBoottimePolicyCallback+0x4c\n0b fffff406`82901600 fffff804`6640ef6e&nbsp; &nbsp;&nbsp;&nbsp;nt!RtlpCallQueryRegistryRoutine+0x13f\n0c fffff406`82901670 fffff804`664f6aae&nbsp; &nbsp;&nbsp;&nbsp;nt!RtlpQueryRegistryValues+0x31a\n0d fffff406`82901750 fffff804`6faa9363&nbsp; &nbsp;&nbsp;&nbsp;nt!RtlQueryRegistryValuesEx+0xe\n0e fffff406`82901790 fffff804`6faa92c2&nbsp; &nbsp;&nbsp;&nbsp;dump_NETIO!KfdReadAndApplyBoottimePolicy+0x4f\n0f fffff406`82901840 fffff804`6faa93ce&nbsp; &nbsp;&nbsp;&nbsp;dump_NETIO!KfdProcessBoottimePolicy+0x5e\n10 fffff406`82901880 fffff804`6faa9413&nbsp; &nbsp;&nbsp;&nbsp;dump_NETIO!KfdStartModuleEx+0x3e\n11 fffff406`829018b0 fffff804`6faa907b&nbsp; &nbsp;&nbsp;&nbsp;dump_NETIO!KfdStartModule+0x23\n12 fffff406`829018e0 fffff804`6fab52fb&nbsp; &nbsp;&nbsp;&nbsp;dump_NETIO!RtlInvokeStartRoutines+0x3b\n13 fffff406`82901920 fffff804`6659962e&nbsp; &nbsp;&nbsp;&nbsp;dump_NETIO!DllInitialize+0x9b\n14 fffff406`82901950 fffff804`66599473&nbsp; &nbsp;&nbsp;&nbsp;nt!MmCallDllInitialize+0x16e\n15 fffff406`829019b0 fffff804`66551acc&nbsp; &nbsp;&nbsp;&nbsp;nt!MiLoadImportDll+0x63\n16 fffff406`82901a00 fffff804`66551704&nbsp; &nbsp;&nbsp;&nbsp;nt!MiResolveImageReferences+0x214\n17 fffff406`82901b10 fffff804`6655080c&nbsp; &nbsp;&nbsp;&nbsp;nt!MiResolveImageImports+0x94\n18 fffff406`82901b80 fffff804`66599454&nbsp; &nbsp;&nbsp;&nbsp;nt!MmLoadSystemImageEx+0x690\n19 fffff406`82901d20 fffff804`66551acc&nbsp; &nbsp;&nbsp;&nbsp;nt!MiLoadImportDll+0x44\n1a fffff406`82901d70 fffff804`66551704&nbsp; &nbsp;&nbsp;&nbsp;nt!MiResolveImageReferences+0x214\n1b fffff406`82901e80 fffff804`6655080c&nbsp; &nbsp;&nbsp;&nbsp;nt!MiResolveImageImports+0x94\n1c fffff406`82901ef0 fffff804`66599454&nbsp; &nbsp;&nbsp;&nbsp;nt!MmLoadSystemImageEx+0x690\n1d fffff406`82902090 fffff804`66551acc&nbsp; &nbsp;&nbsp;&nbsp;nt!MiLoadImportDll+0x44\n1e fffff406`829020e0 fffff804`66551704&nbsp; &nbsp;&nbsp;&nbsp;nt!MiResolveImageReferences+0x214\n1f fffff406`829021f0 fffff804`6655080c&nbsp; &nbsp;&nbsp;&nbsp;nt!MiResolveImageImports+0x94\n20 fffff406`82902260 fffff804`66586871&nbsp; &nbsp;&nbsp;&nbsp;nt!MmLoadSystemImageEx+0x690\n21 fffff406`82902400 fffff80b`83695cd8&nbsp; &nbsp;&nbsp;&nbsp;nt!IopLoadCrashdmpImage+0x21\n22 fffff406`82902440 fffff80b`8369513d&nbsp; &nbsp;&nbsp;&nbsp;crashdmp!LoadPortDriver+0x488\n23 fffff406`82902690 fffff80b`83694d57&nbsp; &nbsp;&nbsp;&nbsp;crashdmp!CrashdmpLoadDumpStack+0x17d\n24 fffff406`82902750 fffff804`665ab1da&nbsp; &nbsp;&nbsp;&nbsp;crashdmp!CrashdmpInitialize+0x3c7\n25 fffff406`82902870 fffff804`665ab0e6&nbsp; &nbsp;&nbsp;&nbsp;nt!IopInitializeCrashDump+0xb2\n26 fffff406`829028f0 fffff804`665aa63a&nbsp; &nbsp;&nbsp;&nbsp;nt!IoInitializeCrashDump+0x52\n27 fffff406`82902930 fffff804`665a9f4d&nbsp; &nbsp;&nbsp;&nbsp;nt!MiCreatePagingFile+0x6de\n28 fffff406`82902ac0 fffff804`6620d9f5&nbsp; &nbsp;&nbsp;&nbsp;nt!NtCreatePagingFile+0x2d\n29 fffff406`82902b00 00007ffd`280ce754&nbsp; &nbsp;&nbsp;&nbsp;nt!KiSystemServiceCopyEnd+0x25\n2a 000000ed`af8fd688 00007ffd`220b4874&nbsp; &nbsp;&nbsp;&nbsp;ntdll!NtCreatePagingFile+0x14\n2b 000000ed`af8fd690 00007ffd`229e62f5&nbsp; &nbsp;&nbsp;&nbsp;WinSetup!CallBack_CreatePageFile+0x444\n2c 000000ed`af8fd970 00007ffd`229e487f&nbsp; &nbsp;&nbsp;&nbsp;WDSCORE!CallSubscribers+0x145\n2d 000000ed`af8fda70 00007ffd`229ec39e&nbsp; &nbsp;&nbsp;&nbsp;WDSCORE!SeqExecute+0x35f\n2e 000000ed`af8fdb10 00007ffd`229ecc27&nbsp; &nbsp;&nbsp;&nbsp;WDSCORE!WdsExecuteWorkQueue+0x62e\n2f 000000ed`af8fdff0 00007ffd`220552c7&nbsp; &nbsp;&nbsp;&nbsp;WDSCORE!WdsExecuteWorkQueueEx+0x27\n30 000000ed`af8fe030 00007ff6`8db4799d&nbsp; &nbsp;&nbsp;&nbsp;WinSetup!InstallWindows+0x33f7\n31 000000ed`af8fed10 00007ff6`8db32bb6&nbsp; &nbsp;&nbsp;&nbsp;setup!RunSetup+0x4d\n32 000000ed`af8fed50 00007ff6`8db53c99&nbsp; &nbsp;&nbsp;&nbsp;setup!wWinMain+0x966\n33 000000ed`af8ffd10 00007ffd`26457614&nbsp; &nbsp;&nbsp;&nbsp;setup!__wmainCRTStartup+0x1c9\n34 000000ed`af8ffdd0 00007ffd`280826a1&nbsp; &nbsp;&nbsp;&nbsp;KERNEL32!BaseThreadInitThunk+0x14\n35 000000ed`af8ffe00 00000000`00000000&nbsp; &nbsp;&nbsp;&nbsp;ntdll!RtlUserThreadStart+0x21<\/code><\/pre>\n\n\n\n<p><strong>\u53ef\u4ee5\u5f97\u5230\u4ee5\u4e0b\u5173\u952e\u4fe1\u606f:<\/strong><\/p>\n\n\n\n<p>1. Windows\u5b89\u88c5\u8fdb\u7a0bSetup.exe\u8c03\u7528NtCreatePagingFile\u521b\u5efa\u5206\u9875\u6587\u4ef6;<br>2. \u5185\u6838\u5728\u521b\u5efa\u5206\u9875\u6587\u4ef6\u65f6\u9700\u8981\u521d\u59cb\u5316dump\u673a\u5236, \u5373\u4ee5dump_\u4e3a\u524d\u7f00, \u5c06\u539f\u672c\u7684msiscsi.sys\u91cd\u65b0\u52a0\u8f7d\u4e00\u4efd\u5230\u5185\u5b58;<br>3. \u52a0\u8f7d\u5668\u5728\u52a0\u8f7ddump_msiscsi.sys\u8fc7\u7a0b\u4e2d\u53d1\u73b0\u4f9d\u8d56dump_netio.sys, \u4e8e\u662f\u7ee7\u7eed\u52a0\u8f7ddump_netio.sys;<br>4. dump_netio.sys\u662f\u4e2a\u5185\u6838DLL, \u6709DLLInitialize(\u7c7b\u4f3cDLLMain, \u540e\u9762\u76f4\u63a5\u53ebnetio!DLLMain\u4e86), \u4e8e\u662f\u5185\u6838\u51b3\u5b9a\u8c03\u7528netio!DLLMain (\u8fd9\u91cc\u5f88\u5173\u952e, \u5f53\u770b\u5230DLLInitialize\u65f6, \u5c31\u9690\u7ea6\u6709\u4e86\u4e00\u79cd\u4e0d\u597d\u7684\u9884\u611f)<br>5. netio!DLLMain\u9700\u8981\u505a\u4e00\u4e9bWFP BootFilter\u76f8\u5173\u7684\u521d\u59cb\u5316, \u6700\u7ec8\u8c03\u7528\u5230\u4e86NdisReleaseRWLock, \u53d1\u751fPF -&gt; \u84dd\u5c4f.<\/p>\n\n\n\n<p>\u5728\u7b2c4\u6b65, \u770b\u5230DLLInitialize\u5c31\u6bd4\u8f83\u6000\u7591\u53ef\u80fd\u662fDLL\u4f9d\u8d56\u5bfc\u81f4\u7684\u95ee\u9898(\u7528\u6237\u6001DLLMain\u95ee\u9898\u8fc7\u4e8e\u7ecf\u5178, \u5185\u6838\u91cc\u4e00\u6837\u4f1a\u5b58\u5728\u7c7b\u4f3c\u95ee\u9898).<\/p>\n\n\n\n<p><strong>\u4ece\u5bfc\u5165\u8868\u521d\u6b65\u770b\u4e00\u4e0b\u4f9d\u8d56\u5173\u7cfb, \u53ea\u5199\u5173\u952e\u7684:<\/strong><br>1. msiscsi.sys\u4f9d\u8d56tdi\/netio;<br>2. tdi\u4f9d\u8d56ndis;<br>3. netio\u4f9d\u8d56ndis;<br>4. ndis\u4f9d\u8d56netio;<\/p>\n\n\n\n<p>netio.sys\u548cndis.sys\u4e92\u76f8\u4f9d\u8d56, \u8fd9\u5176\u5b9e\u4e5f\u4e0d\u662f\u4e00\u4e2a\u5927\u95ee\u9898, \u56e0\u4e3awindows pe loader\u672c\u8eab\u5c31\u53ef\u4ee5\u5904\u7406\u4e24\u4e2aDLL\u4e92\u76f8\u4f9d\u8d56\u7684\u60c5\u51b5, \u53ea\u662f\u8ddf\u7528\u6237\u6001DLLMain\u4e00\u6837, \u5728DLLMain\u91cc\u4e71\u641e\u5c31\u5bb9\u6613\u8e29\u5751.<br>\u4f1a\u4e0d\u4f1a\u51fa\u95ee\u9898\u6700\u5173\u952e\u8981\u770b\u52a0\u8f7d\u5668\u662f\u6309\u4ec0\u4e48\u987a\u5e8f\u52a0\u8f7d\u4f9d\u8d56\u6a21\u5757, \u4ee5\u53caDLLMain\u5e72\u4e86\u4ec0\u4e48.<\/p>\n\n\n\n<p><strong>\u5148\u770b\u5185\u6838\u52a0\u8f7d\u6a21\u5757\u7684\u903b\u8f91, \u4e5f\u5c31\u662fMMLoadSystemImage\u7684\u5b9e\u73b0, \u8df3\u8fc7\u7ec6\u8282, \u76f4\u63a5\u8bf4\u5173\u952e\u70b9:<\/strong><br>1. \u521b\u5efa\u6587\u4ef6Section\/ControlArea\/ProtoPTE<br>2. \u5404\u79cd\u521d\u59cb\u5316(\u6bd4\u5982DLL\u4f9d\u8d56,\u63d2\u5165PsLoadedModuleList)<br>3. \u8fd8\u6709\u4e00\u4e2a\u5173\u952e\u6b65\u9aa4\u662f\u628a\u4e0d\u80fd\u5206\u9875\u7684\u6bb5, \u6bd4\u5982text\u6bb5\u5168\u90e8\u52a0\u8f7d\u8fdb\u7269\u7406\u5185\u5b58, \u5728Win10\u4e0a\u662f\u7531MiHandleDriverNonPagedSections\u5904\u7406(\u8fd9\u91cc\u4e5f\u6b63\u662f\u95ee\u9898\u7684\u5173\u952e)<br>4. \u770b\u770b\u662f\u5426\u6709HotPatch, \u5982\u679c\u6709\u5219\u52a0\u8f7d\u5e76\u5904\u7406, \u65e0\u5219\u8df3\u8fc7(\u8fd9\u4e2a\u4e5f\u6bd4\u8f83\u6709\u610f\u601d, \u4e0d\u8fc7\u4e0e\u672c\u6587\u65e0\u74dc, \u5148\u4e0d\u7ba1\u5b83)<br>5. \u5982\u679c\u6240\u6709\u73af\u8282\u6ca1\u51fa\u9519, \u8c03\u7528MiDriverLoadSucceeded\u8868\u793a\u6a21\u5757\u52a0\u8f7d\u5b8c\u6210, \u8fd9\u91cc\u4e5f\u4f1a\u8c03\u7528ImageNotify\u56de\u8c03, \u6700\u540e\u901a\u8fc7DBGLoadImageSymbols\u901a\u77e5\u8c03\u8bd5\u5668\u6709\u6a21\u5757\u52a0\u8f7d\u4e86<br>6. \u8c03\u7528DLLMain<\/p>\n\n\n\n<p><strong>\u5f53\u524d\u95ee\u9898\u4e2d, netio\u548cndis\u4e92\u76f8\u4f9d\u8d56, netio\u7684dllmain\u8c03\u7528ndis\u7684\u51fd\u6570, \u7ed3\u5408\u4e0a\u9762\u7684\u6a21\u5757\u52a0\u8f7d\u903b\u8f91, \u4ec0\u4e48\u60c5\u51b5\u624d\u4f1a\u5bfc\u81f40xD1\u84dd\u5c4f?<br>\u4e00\u79cd\u53ef\u80fd:<\/strong><br>\u5982\u679cnetio\u7684dllmain\u88ab\u8c03\u7528\u65f6, \u5185\u6838\u5bf9ndis\u7684\u52a0\u8f7d\u8fd8\u6ca1\u6709\u8d70\u5230\u7b2c3\u6b65MiHandleDriverNonPagedSections, \u4e5f\u5c31\u662fndis\u7684text\u6bb5\u8fd8\u6ca1\u6709\u88ab\u52a0\u8f7d\u5230\u7269\u7406\u5185\u5b58, \u90a3\u5c31\u6709\u53ef\u80fd\u4f1a\u51fa\u73b0\u9ad8IRQL\u65f6PageFault\u84dd\u5c4f;<br>\u5e76\u4e14\u56e0\u4e3a\u5bf9NDIS\u7684\u52a0\u8f7d\u8fd8\u6ca1\u6709\u5b8c\u6210, \u90a3\u4e48Windbg\u5c31\u4e0d\u4f1a\u5f97\u5230\u6a21\u5757\u52a0\u8f7d\u901a\u77e5, \u7ee7\u800c\u5728\u84dd\u5c4f\u7b2c\u4e00\u73b0\u573a\u4ece\u5185\u6838\u4e2d\u65ad\u5230\u8c03\u8bd5\u5668\u65f6, Windbg\u5c31\u4e0d\u80fd\u6839\u636e\u6808\u4e2d\u7684RetRIP\u627e\u5230\u5177\u4f53\u6a21\u5757, \u6700\u540ek\u547d\u4ee4\u770b\u6808\u5c31\u4f1a\u51fa\u73b0\u6700\u5f00\u59cb\u8bf4\u7684\u5c0f\u95ee\u9898: \u76f4\u63a5\u663e\u793a\u4e00\u4e2a\u65e0\u6a21\u5757\u7684\u7edd\u5bf9\u5730\u5740.<br>\u800c\u6267\u884c.reload\u540e\u53c8\u80fd\u663e\u793a\u5bf9\u5e94\u6a21\u5757, \u5219\u662f\u56e0\u4e3a.reload\u4f1a\u4e3b\u52a8\u904d\u5386PsLoadedModuleList, \u6240\u4ee5\u53c8\u80fd\u627e\u5230dump_ndis.sys.<\/p>\n\n\n\n<p>\u8fd9\u4e2a\u63a8\u6d4b\u597d\u50cf\u5b8c\u5168\u8bb2\u5f97\u901a, \u4f46\u76ee\u524d\u8fd8\u6ca1\u6709\u8bc1\u636e.<\/p>\n\n\n\n<p><strong>\u60f3\u8981\u5b9e\u9524, \u9700\u8981\u89c2\u5bdf\u5f53\u65f6\u76f8\u5173\u6a21\u5757\u7684\u52a0\u8f7d\u5904\u7406\u987a\u5e8f, \u5177\u4f53\u65b9\u5f0f\u662f\u5728MMLoadSystemImage\u51fd\u6570\u5185\u7684\u5173\u952e\u73af\u8282\u4e0b\u65ad\u70b9, \u914d\u5408\u7b80\u5355windbg\u811a\u672c\u6253\u5370\u51fa\u5168\u8fc7\u7a0b\u65e5\u5fd7:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#\u6a21\u5757\u52a0\u8f7d\u7684\u8d77\u70b9\nbp nt!MmLoadSystemImageEx \".printf \\\"MMLoadSystemImageEx: Names(%msu - %msu - %msu)\\r\\n\\\",@rcx,@rdx,@r8;.echo \\\"\\n\\\";g;\"\n#\u8fd9\u4e00\u6b65\u6267\u884c\u5b8c, \u5728PsLoadedModuleList\u91cc\u5c31\u80fd\u770b\u5230\u5bf9\u5e94\u6a21\u5757\u4e86;\nbp nt!MiConstructLoaderEntry \".printf \\\"MiConstructLoaderEntry: LDR(%p) Path:%msu\\n\\\",@rcx,@rdx;.echo \\\"\\n\\\";g;\"\n#\u8fd9\u91cc\u5f00\u59cb\u5904\u7406IAT\nbp nt!MiResolveImageImports \".printf \\\"MiResolveImageImports: LDR(%p) \nName(%msu)\\n\\\",@rcx,@r9;.echo \\\"\\n\\\";g;\"\nbp nt!MiResolveImageReferences \".printf \\\"MiResolveImageReferences: LDR(%p) Name(%msu)\\n\\\",@rcx,@rdx;.echo \\\"\\n\\\";g;\"\n#\u8fd9\u91cc\u662f\u5177\u4f53\u7684IAT\u586b\u5145\u8fc7\u7a0b,\u53ef\u4ee5\u89c2\u5bdf\u4ece\u5565\u6a21\u5757\u5bfc\u5165\u5565\u51fd\u6570\u5230\u5565\u6a21\u5757;\nbp nt!MiSnapThunk \".printf \\\"MiSnapThunk: SrcBase(%p) Base(%p) pThunk(%ma)\\n\\\",@rcx,@rdx,poi(@r8)+@rdx+0x2;.echo \\\"\\n\\\";g;\"\n#\u5904\u7406\u4f9d\u8d56\u7684\u4f9d\u8d56\nbp nt!MiLoadImportDll \".printf \\\"MiLoadImportDll: Name:(%msu - %msu)\\n\\\",@rcx,@rdx;.echo \\\"\\n\\\";g;\"\n#\u5c06\u4e0d\u80fd\u5206\u9875\u7684\u6bb5\u52a0\u8f7d\u8fdb\u7269\u7406\u5185\u5b58\nbp nt!MiHandleDriverNonPagedSections \".printf \\\"MiHandleDriverNonPagedSections: LDR(%p)\\n\\\",@rcx;.echo \\\"\\n\\\";g;\"\n#\u8c03\u7528DLLMain\nbp nt!MmCallDllInitialize \".printf \\\"MmCallDllInitialize: LDR(%p)\\n\\\",@rcx;.echo \\\"\\n\\\";g;\"\n#\u6a21\u5757\u52a0\u8f7d\u5b8c\u6210\nbp nt!MiDriverLoadSucceeded \".printf \\\"MiDriverLoadSucceeded: LDR(%p) Name:(%msu)\\n\\\",@rcx,@r9;.echo \\\"\\n\\\";g;\"\n\n(\u4ee5\u4e0a\u5e76\u4e0d\u662f\u4e00\u6b21\u987a\u5e8f\u6267\u884c\u5b8c\u5c31\u7ed3\u675f\u4e86, \u56e0\u4e3a\u8981\u5904\u7406\u4f9d\u8d56\u7684\u4f9d\u8d56, \u6240\u4ee5\u4f1a\u6709\u4e00\u5b9a\u7a0b\u5ea6\u7684\u9012\u5f52)<\/code><\/pre>\n\n\n\n<p>\u4f7f\u7528\u8fd9\u79cd\u65b9\u5f0f\u6253\u65ad\u70b9\u65e5\u5fd7\u7279\u522b\u6162, \u4e00\u5171\u8dd1\u4e86\u670920\u5206\u949f, \u6bd5\u7adf\u662fcom\u53e3\u8c03\u8bd5,\u800c\u4e14windbg\u8fd8\u8981\u89e3\u6790\u6267\u884c\u65ad\u70b9\u540e\u7684\u811a\u672c, \u8fd9\u4e2a\u811a\u672c\u5f15\u64ce\u53ef\u80fd\u4e5f\u4e0d\u662f\u5341\u5206\u9ad8\u6548.<br>\u8fd9\u91cc\u5c31\u51f8\u663e\u51falinux ftrace kprobe\u7684\u4f18\u8d8a\u6027\u4e86, \u6240\u4ee5\u55b7windows, \u8981\u55b7\u5bf9\u70b9, \u4e0d\u80fd\u8ddf\u98ce\u76f2\u76ee\u55b7.<br>\u4e0d\u8fc7\u8bf4\u5b9e\u8bddwin\u7684\u8fd9\u4e2a\u8054\u673a\u8c03\u8bd5\u601d\u8def\u8fd8\u662f\u597d\u7684, \u53ea\u662f\u5386\u53f2\u8fc7\u4e8e\u60a0\u4e45, \u6ca1\u6709\u4e0e\u65f6\u4ff1\u8fdb, \u5373\u4f7f\u7528VirtualKD\u6216\u8005NetDebug, \u4f1a\u5feb\u4e00\u70b9, \u4f46\u76f8\u6bd4linux kprobe, \u4f9d\u65e7\u6162\u5f88\u591a.<\/p>\n\n\n\n<p><strong>\u6700\u540e\u6574\u7406\u597d\u7684\u65ad\u70b9\u65e5\u5fd7(\u7701\u7565\u4e86\u4e0d\u91cd\u8981\u7684MiSnapThunk), \u53ef\u4ee5\u4e0d\u770b, \u4e0b\u9762\u6709\u7b80\u5316\u5f52\u7eb3:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>###1. \u5f00\u59cb\u52a0\u8f7ddump_msiscsi.sys\nMMLoadSystemImageEx: Names(\\SystemRoot\\System32\\drivers\\msiscsi.sys - dump_ - \nMiConstructLoaderEntry: LDR(ffffa48771a57cc0) Path:dump_msiscsi.sys\n###2. \u5904\u7406dump_msiscsi.sys\u5bfc\u5165\u8868\nMiResolveImageImports: LDR(ffffa487719fea70) Name(dump_msiscsi.sys)\nMiResolveImageReferences: LDR(ffffa487719fea70) Name(dump_msiscsi.sys)\n\u00a0 \u00a0 ##3. \u53d1\u73b0msiscsi.sys\u4f9d\u8d56tdi.sys, \u56e0\u6b64\u52a0\u8f7ddump_tdi.sys\n\u00a0 \u00a0 MiSnapThunk: load dump_tdi.sys\n\u00a0 \u00a0\u00a0 \u00a0\u00a0\u00a0MiLoadImportDll: Name:(\\SystemRoot\\System32\\drivers\\TDI.SYS - dump_)\n\u00a0 \u00a0 \u00a0 \u00a0 MMLoadSystemImageEx: Names(\\SystemRoot\\System32\\drivers\\TDI.SYS - dump_ - \n\u00a0 \u00a0 \u00a0 \u00a0 MiConstructLoaderEntry: LDR(ffffa48771a57530) Path:dump_TDI.SYS\n\u00a0 \u00a0 \u00a0 \u00a0 MiResolveImageImports: LDR(ffffa48771d9ada0) Name(dump_TDI.SYS)\n\u00a0 \u00a0 \u00a0 \u00a0 MiResolveImageReferences: LDR(ffffa48771d9ada0) Name(dump_TDI.SYS)\n\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0#4. \u53d1\u73b0tdi.sys\u4f9d\u8d56ndis.sys, \u56e0\u6b64\u52a0\u8f7dndis.sys\n\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0MiSnapThunk: load dump_ndis.sys\n\u00a0 \u00a0 \u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 MiLoadImportDll: Name:(\\SystemRoot\\System32\\drivers\\NDIS.SYS - dump_)\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MMLoadSystemImageEx: Names(\\SystemRoot\\System32\\drivers\\NDIS.SYS - dump_ -\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 # \u8fd9\u91cc\u6267\u884c\u540ePsLoadedModuleList\u91cc\u5c31\u6709\u4e86dump_ndis.sys. \u867d\u7136\u6b64\u65f6dump_ndis.sys\u6a21\u5757\u6574\u4f53\u8fd8\u6ca1\u52a0\u8f7d\u5b8c\u6210,\u4f46\u5982\u679c\u6b64\u65f6\u6709\u5176\u4ed6\u6a21\u5757\u4f9d\u8d56ndis.sys\n\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0 # \u52a0\u8f7d\u5668\u8fd8\u662f\u53ef\u4ee5\u4ecePsLoadedModuleList\u83b7\u53d6ndis.sys\u7684eat\u5e76\u6b63\u5e38\u586b\u5145\u5bf9\u5e94\u6a21\u5757\u7684IAT\u7684\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MiConstructLoaderEntry: LDR(ffffa48771a56da0) Path:dump_NDIS.SYS\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 # \u5f00\u59cb\u5904\u7406dump_ndis.sys\u7684\u4f9d\u8d56\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MiResolveImageImports: LDR(ffffa4876b4bfd70) Name(dump_NDIS.SYS)\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MiResolveImageReferences: LDR(ffffa4876b4bfd70) Name(dump_NDIS.SYS)\n\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0\u00a0###5. \u53d1\u73b0ndis.sys\u4f9d\u8d56netio.sys, \u56e0\u6b64\u52a0\u8f7dnetio.sys\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0 \u00a0\u00a0\u00a0MiSnapThunk: load dump_netio.sys\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MiLoadImportDll: Name:(\\SystemRoot\\System32\\drivers\\NETIO.SYS - dump_)\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MMLoadSystemImageEx: Names(\\SystemRoot\\System32\\drivers\\NETIO.SYS - dump_ - &lt;Win32 error 0n30>)\u00a0\u00a0\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MiConstructLoaderEntry: LDR(ffffa48771a57cc0) Path:dump_NETIO.SYS\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MiResolveImageImports: LDR(dump_netio) Name(dump_NETIO.SYS)\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MiResolveImageReferences: LDR(dump_netio) Name(dump_NETIO.SYS)\n\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0 ##6. \u53d1\u73b0netio.sys\u4f9d\u8d56ndis.sys, \u6b64\u65f6dump_ndis.sys\u5df2\u7ecf\u8fdb\u4e86PsLoadedModuleList, \u56e0\u6b64\u8fd9\u91cc\u4e0d\u9700\u8981\u518d\u4ece\u5934\u52a0\u8f7ddump_ndis.sys\n\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0 ##\u800c\u662f\u627e\u5230dump_ndis.sys\u7684base+eat, \u586b\u5145netio.sys\u7684iat\n\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0 MiSanpThunk: import from dump_ndis.sys\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0\u00a0\u00a0\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 ###\u5230\u8fd9\u91cc, netio.sys\u7684\u6240\u6709IAT\u5904\u7406\u5b8c\u6210, \u4f7fnetio.sys\u7684text\/data\u7b49\u6bb5\u52a0\u8f7d\u5230\u7269\u7406\u5185\u5b58\u5e38\u9a7b\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MiHandleDriverNonPagedSections: LDR(dump_netio)\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MiDriverLoadSucceeded: LDR(dump_netio) Name:(\\SystemRoot\\System32\\drivers\\dump_NETIO.SYS)\n\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0##7. \u8c03\u7528netio!DLLMain\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 MmCallDllInitialize: LDR(dump_netio)\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 ##netio!DLLMain\u8c03\u7528NDISReleaseRWLock\n\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0\u00a0##\u770b\u770b\u524d\u9762\u7684\u6a21\u5757\u4f9d\u8d56\u5904\u7406\u8fc7\u7a0b, \u5185\u6838\u52a0\u8f7d\u5668\u5bf9dump_NDSI.SYS\u7684\u52a0\u8f7d, \u521a\u521a\u6267\u884c\u5230\u4ecenetio.sys\u5bfc\u5165API\u7684\u9636\u6bb5(\u5bf9\u5e94\u4e0a\u9762#4\u548c#5\u4e4b\u95f4)\n\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0 \u00a0\u00a0\u00a0##\u8fd8\u6ca1\u6709\u6267\u884c\u5230MiHandleDriverNonPagedSections, \u90a3\u4e48NDIS.SYS\u7684text\/data\u6b64\u65f6\u4e5f\u5c31\u6ca1\u6709\u5e38\u9a7b\u7269\u7406\u5185\u5b58\n\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 ##\u8fd9\u4e2a\u65f6\u5019netio!DLLMain\u53bb\u8c03\u7528ndis.sys!NDISReleaseRWLock, \u81ea\u7136\u4f1a\u53d1\u751fpagefault, \u800c\u6b64\u65f6IRQL\u53c8\u662fDPCLEVEL, \u7cfb\u7edf\u6ca1\u6cd5\u5904\u7406\u8fd9\u6b21PF, \u53ea\u80fd\u9009\u62e9\u84dd\u5c4f<\/code><\/pre>\n\n\n\n<p><strong>\u4ee5\u4e0a\u662f\u624b\u52a8\u6574\u7406\u7684\u52a0\u8f7d\u8fc7\u7a0b\u5168\u8fc7\u7a0b\u65e5\u5fd7, \u5176\u5b9e\u6211\u672c\u5730\u6392\u7248\u662f\u5f88\u597d\u7684, \u4f46\u662fdz\u8fd9\u4e2a\u7f16\u8f91\u5668\u592a\u96be\u7528, \u4f30\u8ba1\u6392\u7248\u5e94\u8be5\u662f\u4e71\u4e86, \u7b80\u5355\u63cf\u8ff0\u4e00\u4e0b:<\/strong><\/p>\n\n\n\n<p>1. \u8c03\u7528MMLoadSystemImage\u52a0\u8f7ddump_msiscsi.sys<br>2. \u5904\u7406dump_msiscsi.sys\u5bfc\u5165\u8868<br>3. \u53d1\u73b0msiscsi.sys\u4f9d\u8d56tdi.sys, \u56e0\u6b64\u52a0\u8f7ddump_tdi.sys<br>4. \u53d1\u73b0tdi.sys\u4f9d\u8d56ndis.sys, \u52a0\u8f7ddump_ndis.sys<br>5. \u53d1\u73b0ndis.sys\u4f9d\u8d56netio.sys, \u52a0\u8f7ddump_netio.sys<br>6. \u53d1\u73b0netio.sys\u4f9d\u8d56ndis.sys, \u6b64\u65f6dump_ndis.sys\u5728\u7b2c4\u6b65\u5df2\u7ecf\u8fdb\u4e86PsLoadedModuleList, \u56e0\u6b64\u8fd9\u91cc\u4e0d\u9700\u8981\u518d\u4ece\u5934\u52a0\u8f7ddump_ndis.sys, \u800c\u662f\u76f4\u63a5\u4ece\u5df2\u52a0\u8f7d\u7684dump_ndis.sys\u7684Base+EAT, \u586b\u5145netio.sys\u7684IAT;<br>7. netio.sys\u7684\u6240\u6709\u4f9d\u8d56\u5904\u7406\u5b8c\u6bd5, \u8c03\u7528netio!DLLMain<br>8. netio!DLLMain\u8c03\u7528dump_ndis!NDISReleaseRWLock<\/p>\n\n\n\n<p>\u84dd\u5c4f\u5728\u7b2c8\u6b65\u53d1\u751f, \u56e0\u4e3a\u8fd9\u4e2a\u65f6\u5019netio.sys\u7684IAT\u786e\u5b9e\u5904\u7406\u5b8c\u6210, \u4ec5\u770bnetio\u81ea\u8eab, \u786e\u5b9e\u5df2\u7ecf\u5177\u5907\u4e86\u6267\u884c\u6761\u4ef6, \u4f46\u662f\u5b83\u6240\u4f9d\u8d56\u7684NDIS\u8fd8\u5904\u4e8e\u586b\u5145IAT\u9636\u6bb5, \u6839\u672c\u5c31\u6ca1\u8d70\u5230MiHandleDriverNonPagedSections\u8fd9\u4e00\u6b65, \u90a3\u4e48dump_ndis.sys\u7684text\u6bb5\u6b64\u65f6\u5c31\u6ca1\u6709\u88ab\u5b8c\u5168\u52a0\u8f7d\u8fdb\u7269\u7406\u5185\u5b58. \u800c\u8fd9\u4e2a\u65f6\u5019\u53c8\u662fDPC_LEVEl, \u53d1\u751fPF\u5fc5\u7136\u84dd\u5c4f.<\/p>\n\n\n\n<p><strong>\u6309\u7167\u4ee5\u4e0a\u5206\u6790, \u53ef\u4ee5\u77e5\u9053\u5f53netio.sys\u548cndis.sys\u4e92\u76f8\u4f9d\u8d56,\u5e76\u4e14netio!DLLMain\u4f1a\u8c03\u7528NDIS\u63a5\u53e3, \u90a3\u4e48\u5728\u5904\u7406DLL\u4f9d\u8d56\u65f6:<\/strong><br>1.\u5982\u679c\u5148\u52a0\u8f7dNDIS.SYS, \u7136\u540e\u518d\u52a0\u8f7dNDIS.SYS\u7684\u4f9d\u8d56\u9879NETIO.SYS, netio!DLLMain\u5c31\u4f1a\u5f15\u53d1PageFault\u84dd\u5c4f;<br>2.\u5982\u679c\u5148\u52a0\u8f7dNetio.sys, \u7136\u540e\u518d\u52a0\u8f7dNetio.sys\u7684\u4f9d\u8d56\u9879NDIS.SYS, Netio!DLLMain\u5c31\u4e0d\u4f1a\u5f15\u53d1PageFault\u84dd\u5c4f;<\/p>\n\n\n\n<p><strong>\u5982\u679c\u7406\u89e3\u4e86\u4e0a\u9762\u7684\u5206\u6790, \u90a3\u4e48\u5e94\u8be5\u4f1a\u6709\u4e00\u4e2a\u7591\u95ee:<\/strong><br>\u4e3a\u4e86dump\u521d\u59cb\u5316\u800c\u52a0\u8f7d\u7684dump_ndis\u548cdump_netio, \u548c\u7cfb\u7edf\u6b63\u5e38\u8fd0\u884c\u65f6\u6240\u4f7f\u7528\u7684ndis\u548cnetio\u662f\u5b8c\u5168\u76f8\u540c\u7684\u6587\u4ef6, \u90a3\u4e3a\u4ec0\u4e48\u5728\u7cfb\u7edf\u6b63\u5e38\u542f\u52a8, \u52a0\u8f7d\u6b63\u5e38\u7684ndis\u548cnetio\u65f6\u4e0d\u4f1a\u9047\u5230\u8fd9\u4e2a\u95ee\u9898? \u6309\u9053\u7406\u6587\u4ef6\u4e00\u6837, IAT\u4e00\u6837,\u4f9d\u8d56\u987a\u5e8f\u5904\u7406\u4e5f\u4e00\u6837, \u90fd\u662f\u5148\u52a0\u8f7dndis, netio\u4f5c\u4e3a\u4f9d\u8d56\u5e93\u540e\u52a0\u8f7d\u4f46\u5148\u6267\u884cDLLInitialize, \u7406\u8bba\u4e0a\u4e5f\u4f1a\u9047\u5230\u4e0a\u9762\u7684PageFault\u84dd\u5c4f\u95ee\u9898\u624d\u5bf9.<\/p>\n\n\n\n<p><strong>\u539f\u56e0:<\/strong><br>\u7cfb\u7edf\u7684\u6b63\u5e38ndis.sys\u5728Services\u6ce8\u518c\u8868\u4e2dStart\u503c\u662f0(BootStart),\u800c\u6240\u6709BootStart\u9a71\u52a8,\u90fd\u662f\u5728\u5f15\u5bfc\u9636\u6bb5\u7531winload.exe\/.efi\u53bb\u52a0\u8f7d,\u76f4\u63a5\u8bfb\u5230\u5e76\u5e38\u9a7b\u7269\u7406\u5185\u5b58,\u5e76\u4e0d\u8d70MMLoadSystemImage\u8fd9\u5957\u6d41\u7a0b, \u5728winload.exe\u52a0\u8f7d\u5b8c\u5fc5\u8981\u7ec4\u4ef6, \u8df3\u5230\u5185\u6838\u7684KiSystemStartup\u5165\u53e3\u65f6, ndis\u7684text\u6bb5\u5df2\u7ecf\u5168\u90e8\u5728\u7269\u7406\u5185\u5b58\u4e86, \u6240\u4ee5netio!DLLInitialize\u8c03\u7528NDIS\u6a21\u5757\u7684\u51fd\u6570\u5c31\u4e0d\u4f1a\u53d1\u751fPageFault.<\/p>\n\n\n\n<p>\u6211\u89c9\u5f97\u5e94\u8be5\u5c31\u662f\u8fd9\u4e2a\u539f\u56e0. \u4f46\u5728\u5206\u6790\u4e09\u65b9\u8f6f\u4ef6\u95ee\u9898\u65f6, \u9759\u6001\u4e5f\u597d,\u52a8\u6001\u8c03\u8bd5\u4e5f\u597d, \u6574\u4f53\u6765\u8bf4\u8fd8\u662f\u4e00\u4e2a\u504f\u9ed1\u76d2\u7684\u65b9\u5f0f, \u5927\u591a\u6570\u65f6\u5019\u53ea\u5bf9\u5173\u952e\u4f4d\u7f6e\u8c03\u8bd5\u8ddf\u8e2a, \u4e00\u822c\u4e0d\u4f1a\u5bf9\u6574\u4e2a\u4e8c\u8fdb\u5236\u6587\u4ef6\u7684\u6240\u6709\u4f4d\u7f6e\u9010\u4e00\u5206\u6790, \u7a0d\u5fae\u504f\u5927\u7684\u8f6f\u4ef6, \u672c\u8eab\u5206\u6563\u7684\u6a21\u5757\u5316\u6784\u6210, \u903b\u8f91\u9519\u7efc\u590d\u6742, \u5728\u6709\u9650\u7684\u65f6\u95f4\u548c\u4eba\u529b\u6210\u672c\u6761\u4ef6\u4e0b, \u5f88\u96be\u5bf9\u6574\u4e2a\u4e8c\u8fdb\u5236\u6587\u4ef6\u505a\u5168\u9762\u8986\u76d6, \u5373\u4f7f\u501f\u52a9\u81ea\u52a8\u5316\u4e5f\u5f88\u96be100%.&nbsp;&nbsp;\u6700\u540e\u5c31\u53ef\u80fd\u53d1\u751f\u5728A\u73af\u5883\u548cB\u73af\u5883\u7ed3\u8bba\u4e0d\u4e00\u81f4\u7684\u60c5\u51b5. \u4e00\u4e2a\u6bd4\u8f83\u6709\u7528\u4e14\u6bd4\u4eba\u8089\u5206\u6790\u7701\u65f6\u95f4\u7684\u505a\u6cd5\u662f\u591a\u505a\u9a8c\u8bc1, \u5728\u4e0d\u540c\u7684\u573a\u666f\u4e0b\u53bb\u9a8c\u8bc1\u7ed3\u8bba.<\/p>\n\n\n\n<p>\u6bd4\u5982\u4e0a\u9762\u8bf4\u7684&#8221;\u6b63\u5e38\u52a0\u8f7d\u65f6, NDIS.sys\u662fboot start,\u7531WinLoad.exe\u52a0\u8f7d, \u6240\u4ee5\u4e0d\u4f1a\u84dd\u5c4f&#8221;, \u8fd9\u4e2a\u7ed3\u8bba\u771f\u7684\u5bf9\u5417?<\/p>\n\n\n\n<p><strong>\u5f88\u96be\u4fdd\u8bc1100%, \u6240\u4ee5\u53d1\u5e16\u524d\u6211\u5b9e\u9645\u9a8c\u8bc1\u4e86\u4e00\u6b21:<\/strong><br>\u5728\u4e00\u53f0\u6b63\u5e38\u542f\u52a8\u7684\u672c\u5730\u76d8\u673a\u5668\u4e0a, \u5c06NDIS.SYS\u7684Start\u75310(BootStart)\u6539\u4e3a3(DemandStart)(\u907f\u514d\u88abWinload.exe\u52a0\u8f7d), \u7136\u540e\u91cd\u542f\u673a\u5668\u89c2\u5bdf\u662f\u5426\u80fd\u590d\u73b0\u51fa\u6765, \u9884\u671f\u5e94\u5f53\u80fd\u590d\u73b0.<\/p>\n\n\n\n<p>\u7ed3\u679c\u662f\u4f1a\u84dd\u5c4f, \u4f46\u84dd\u5c4f\u539f\u56e0\u5e76\u4e0d\u662f\u4e4b\u524d\u6240\u8bf4\u7684DLL\u4f9d\u8d56\u4ea7\u751f\u7684PageFault, \u5177\u4f53\u4ec0\u4e48\u539f\u56e0\u4e0d\u91cd\u8981, \u6700\u5173\u952e\u662f\u5f53\u65f6Netio!DllMain\u5df2\u7ecf\u6210\u529f\u6267\u884c,\u5e76\u6ca1\u6709\u4ea7\u751f\u76f8\u540c\u7684PF\u84dd\u5c4f.<\/p>\n\n\n\n<p>\u8fd9\u8ddf\u524d\u9762\u7684\u7ed3\u8bba\u76f8\u6096.<\/p>\n\n\n\n<p>\u5177\u4f53\u95ee\u9898\u5177\u4f53\u5206\u6790, \u8fd9\u4e2a\u73b0\u8c61\u5b9e\u9645\u662f\u56e0\u4e3aSYS\u4e0d\u4ec5\u4ec5\u53ea\u662f\u6b63\u5e38\u7684\u5e26\u6709DriverEntry\u7684\u5185\u6838\u6a21\u5757, \u540c\u65f6\u4e5f\u53ef\u4ee5\u662f\u52a8\u6001\u5e93, \u5982\u679c\u5c06NDIS.SYS\u542f\u52a8\u65b9\u5f0f\u6539\u4e3a3, \u4f46\u56e0\u4e3aTCPIP.SYS\u4e5f\u5bfc\u5165\u4e86NDIS, \u800cTCPIP.SYS\u7684Start\u662f0, \u90a3\u4e48WinLoad.exe\u5728\u52a0\u8f7dTCPIP.SYS\u65f6, \u5c31\u4f1a\u5ffd\u7565NDIS.SYS\u7684\u542f\u52a8\u65b9\u5f0f, \u7ee7\u7eed\u5728\u5f15\u5bfc\u9636\u6bb5\u5c31\u628aNDIS.SYS\u4f5c\u4e3a\u4f9d\u8d56\u9879\u52a0\u8f7d\u5230\u7269\u7406\u5185\u5b58, \u6240\u4ee5\u5c31\u6ca1\u6cd5\u590d\u73b0\u51fanetio!DLLMain PF\u84dd\u5c4f\u95ee\u9898;<\/p>\n\n\n\n<p><strong>\u65e2\u7136\u5982\u6b64, \u5982\u679c\u628aTCPIP.SYS\u4e5f\u6539\u4e3a3, \u662f\u4e0d\u662f\u5c31\u80fd\u590d\u73b0\u4e86:<\/strong><\/p>\n\n\n\n<p>\u5b9e\u9645\u8fd8\u662f\u4e0d\u80fd\u590d\u73b0, \u867d\u7136\u6700\u540e\u4e5f\u4f1a\u84dd\u5c4f, \u4f46\u84dd\u5c4f\u539f\u56e0\u540c\u6837\u4e0d\u662fNetio!DLLMain\u8c03\u7528NDIS\u63a5\u53e3\u89e6\u53d1PF\u5bfc\u81f4.<\/p>\n\n\n\n<p><strong>\u7ee7\u7eed\u7528\u524d\u9762\u63d0\u5230\u7684\u51e0\u4e2a\u65ad\u70b9\u53bb\u6293\u65e5\u5fd7\u770b\u52a0\u8f7d\u6d41\u7a0b:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>#\u52a0\u8f7dtdx.sys\nMMLoadSystemImageEx: Names(\\SystemRoot\\system32\\DRIVERS\\tdx.sys - &lt;Win32 error 0n30&gt; - &lt;Win32 error 0n30&gt;)&nbsp;&nbsp;\n&nbsp; &nbsp; &nbsp; &nbsp; MiConstructLoaderEntry: LDR(ffff9b8ac55361c0) Path:tdx.sys\n&nbsp; &nbsp; &nbsp; &nbsp; MiResolveImageImports: LDR(ffff9b8ac4e34570) Name(tdx.sys)\n&nbsp; &nbsp; &nbsp; &nbsp; MiResolveImageReferences: LDR(ffff9b8ac4e34570) Name(tdx.sys)\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; #tdx.sys\u4f9d\u8d56netio.sys\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MiLoadImportDll: Name:(\\SystemRoot\\system32\\DRIVERS\\NETIO.SYS - &lt;Win32 error 0n30&gt;)\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MMLoadSystemImageEx: Names(\\SystemRoot\\system32\\DRIVERS\\NETIO.SYS - &lt;Win32 error 0n30&gt; - &lt;Win32 error 0n30&gt;)&nbsp;&nbsp;\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MiConstructLoaderEntry: LDR(ffff9b8ac55370e0) Path:NETIO.SYS\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MiResolveImageImports: LDR(ffff9b8ac6e1b520) Name(NETIO.SYS)\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MiResolveImageReferences: LDR(ffff9b8ac6e1b520) Name(NETIO.SYS)\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; #netio.sys\u4f9d\u8d56ndis.sys\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MiLoadImportDll: Name:(\\SystemRoot\\system32\\DRIVERS\\NDIS.SYS - &lt;Win32 error 0n30&gt;)\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; #\u52a0\u8f7dndis.sys\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MMLoadSystemImageEx: Names(\\SystemRoot\\system32\\DRIVERS\\NDIS.SYS - &lt;Win32 error 0n30&gt; - &lt;Win32 error 0n30&gt;)&nbsp;&nbsp;\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MiConstructLoaderEntry: LDR(ffff9b8ac5536ed0) Path:NDIS.SYS\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; #\u586b\u5145ndis iat\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MiResolveImageImports: LDR(ffff9b8ac4a84790) Name(NDIS.SYS)\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MiResolveImageReferences: LDR(ffff9b8ac4a84790) Name(NDIS.SYS)\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; #iat \u586b\u5145\u5b8c\u6210\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MiHandleDriverNonPagedSections: LDR(ffff9b8ac4a84790)\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; #ndis.sys\u52a0\u8f7d\u5b8c\u6210, \u6b64\u65f6ndis text\/data\u6bb5\u5df2\u7ecf\u5168\u90e8\u5728\u7269\u7406\u5185\u5b58\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MiDriverLoadSucceeded: LDR(ffff9b8ac4a84790) Name:(\\SystemRoot\\system32\\DRIVERS\\NDIS.SYS)\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MmCallDllInitialize: LDR(ffff9b8ac4a84790)\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; #netio.sys\u52a0\u8f7d\u6210\u529f\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MiHandleDriverNonPagedSections: LDR(ffff9b8ac6e1b520)\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MiDriverLoadSucceeded: LDR(ffff9b8ac6e1b520) Name:(\\SystemRoot\\system32\\DRIVERS\\NETIO.SYS)\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; #netio!DLLMain\n&nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; &nbsp; MmCallDllInitialize: LDR(ffff9b8ac6e1b520)<\/code><\/pre>\n\n\n\n<p><strong>\u52a0\u8f7d\u987a\u5e8f\u662f\u8fd9\u6837\u7684:<\/strong><\/p>\n\n\n\n<p>tdx.sys -&gt; netio.sys -&gt; ndis.sys -&gt; netio!DLLMain<\/p>\n\n\n\n<p>\u52a0\u8f7dTDX.sys\u65f6\u53d1\u73b0\u4f9d\u8d56netio.sys, \u56e0\u6b64\u52a0\u8f7dnetio.sys, \u800cnetio.sys\u53c8\u4f9d\u8d56NDIS.SYS, \u56e0\u6b64\u52a0\u8f7dNDIS.SYS, \u5e76\u4e14\u987a\u5229\u5b8c\u6210, \u6267\u884c\u5230\u4e86MiHandleDriverNonPagedSections, \u6700\u540eMiDriverLoadSucceeded, \u90a3\u4e48\u8fd9\u79cd\u60c5\u51b5\u4e0bNDIS.SYS text\u6bb5\u5c31\u5df2\u7ecf\u5168\u90e8\u52a0\u8f7d\u8fdb\u4e86\u5185\u5b58, \u6700\u540e\u56de\u5230netio.sys, \u6267\u884cnetio!DLLMain, \u6b64\u65f6\u81ea\u7136\u5c31\u4e0d\u4f1a\u53d1\u751fPageFault\u84dd\u5c4f\u95ee\u9898. \u8fd9\u79cd\u5c31\u662fnetio\u5148\u52a0\u8f7d, ndis\u540e\u52a0\u8f7d, \u7406\u8bba\u5c31\u662f\u6ca1\u95ee\u9898.<\/p>\n\n\n\n<p><strong>\u867d\u7136\u6ca1\u6709\u590d\u73b0\u51fa\u9884\u671f\u7684PageFault\u73b0\u8c61, \u4f46\u901a\u8fc7\u5bf9\u8fd9\u4e2a\u573a\u666f\u76f8\u5173\u73b0\u8c61\u7684\u5206\u6790, \u5176\u5b9e\u4f50\u8bc1\u4e86\u524d\u9762netio\/ndis\u4e4b\u95f4DLL\u4f9d\u8d56\u5904\u7406\u987a\u5e8f\u7684\u7ed3\u8bba. \u5e76\u4e0d\u662f\u4e00\u4ef6\u574f\u4e8b.<\/strong><\/p>\n\n\n\n<p><strong>\u540c\u65f6\u4e5f\u77e5\u9053\u4e86\u8981\u600e\u4e48\u624d\u80fd\u5728\u7cfb\u7edf\u6b63\u5e38\u52a0\u8f7dnetio\/ndis\u65f6\u4e5f\u590d\u73b0\u51faPF\u84dd\u5c4f:<\/strong><br>\u5c06\u6240\u6709\u53ef\u80fd\u95f4\u63a5\u5bfc\u5165netio\/ndis\u7684\u6a21\u5757\u5168\u90e8\u914d\u7f6e\u4e3a3, \u5c06ndis.sys\u914d\u7f6e\u4e3a1, \u8fd9\u6837ndis.sys\u4e0d\u4f1a\u56e0\u4e3a\u88ab\u5176\u4ed6\u6a21\u5757\u4f9d\u8d56\u800c\u88ab\u95f4\u63a5\u52a0\u8f7d, \u540c\u65f6\u4e5f\u53ef\u4ee5\u786e\u4fddnetio.sys\u662f\u4f5c\u4e3aNDIS.SYS\u7684\u4f9d\u8d56\u9879\u540e\u52a0\u8f7d, \u4ee5\u53ca\u786e\u4fddnetio.sys!DLLMain\u5148\u6267\u884c.<\/p>\n\n\n\n<p><strong>\u5982\u6b64\u64cd\u4f5c\u540e\u987a\u5229\u590d\u73b0:<\/strong><\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>MMLoadSystemImageEx: Names(\\SystemRoot\\system32\\drivers\\ndis.sys - &lt;Win32 error 0n30&gt; - &lt;Win32 error 0n30&gt;)&nbsp;&nbsp;\nMiConstructLoaderEntry: LDR(ffffad0f46dac2f0) Path:ndis.sys\nMiResolveImageImports: LDR(ffffad0f46884790) Name(ndis.sys)\nMiResolveImageReferences: LDR(ffffad0f46884790) Name(ndis.sys)\nMiLoadImportDll: Name:(\\SystemRoot\\system32\\drivers\\NETIO.SYS - &lt;Win32 error 0n30&gt;)\nMMLoadSystemImageEx: Names(\\SystemRoot\\system32\\drivers\\NETIO.SYS - &lt;Win32 error 0n30&gt; - &lt;Win32 error 0n30&gt;)&nbsp;&nbsp;\nMiConstructLoaderEntry: LDR(ffffad0f46dac0e0) Path:NETIO.SYS\nMiResolveImageImports: LDR(ffffad0f48c1b8a0) Name(NETIO.SYS)\nMiResolveImageReferences: LDR(ffffad0f48c1b8a0) Name(NETIO.SYS)\nMiHandleDriverNonPagedSections: LDR(ffffad0f48c1b8a0)\nMiDriverLoadSucceeded: LDR(ffffad0f48c1b8a0) Name:(\\SystemRoot\\system32\\drivers\\NETIO.SYS)\nMmCallDllInitialize: LDR(ffffad0f48c1b8a0)\nKDTARGET: Refreshing KD connection\n\n*** Fatal System Error: 0x000000d1\n&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;(0xFFFFF807553E59D0,0x0000000000000002,0x0000000000000008,0xFFFFF807553E59D0)\n\nBreak instruction exception - code 80000003 (first chance)\n\nA fatal system error has occurred.\nDebugger entered on first try; Bugcheck callbacks have not been invoked.\n\nA fatal system error has occurred.\n\nFor analysis of this file, run !analyze -v\nnt!DbgBreakPointWithStatus:\nfffff807`4f403770 cc&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp;&nbsp;int&nbsp; &nbsp;&nbsp;&nbsp;3\n0: kd&gt; k\n# Child-SP&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; RetAddr&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;Call Site\n00 ffffe809`e2205658 fffff807`4f515392&nbsp; &nbsp;&nbsp;&nbsp;nt!DbgBreakPointWithStatus\n01 ffffe809`e2205660 fffff807`4f514976&nbsp; &nbsp;&nbsp;&nbsp;nt!KiBugCheckDebugBreak+0x12\n02 ffffe809`e22056c0 fffff807`4f3fa2d7&nbsp; &nbsp;&nbsp;&nbsp;nt!KeBugCheck2+0x946\n03 ffffe809`e2205dd0 fffff807`4f40e229&nbsp; &nbsp;&nbsp;&nbsp;nt!KeBugCheckEx+0x107\n04 ffffe809`e2205e10 fffff807`4f409de3&nbsp; &nbsp;&nbsp;&nbsp;nt!KiBugCheckDispatch+0x69\n05 ffffe809`e2205f50 fffff807`553e59d0&nbsp; &nbsp;&nbsp;&nbsp;nt!KiPageFault+0x463\n06 ffffe809`e22060e8 fffff807`55560276&nbsp; &nbsp;&nbsp;&nbsp;0xfffff807`553e59d0\n07 ffffe809`e22060f0 fffff807`55553aa5&nbsp; &nbsp;&nbsp;&nbsp;NETIO!WfpReleaseFastWriteLock+0x5a\n08 ffffe809`e2206120 fffff807`55574aac&nbsp; &nbsp;&nbsp;&nbsp;NETIO!KfdSetVisibleFilterState+0x51\n09 ffffe809`e2206150 fffff807`555d94cc&nbsp; &nbsp;&nbsp;&nbsp;NETIO!KfdApplyBoottimePolicy+0x58\n0a ffffe809`e22061b0 fffff807`4f60f25b&nbsp; &nbsp;&nbsp;&nbsp;NETIO!KfdApplyBoottimePolicyCallback+0x4c\n0b ffffe809`e22061e0 fffff807`4f60ef6e&nbsp; &nbsp;&nbsp;&nbsp;nt!RtlpCallQueryRegistryRoutine+0x13f\n0c ffffe809`e2206250 fffff807`4f6f6aae&nbsp; &nbsp;&nbsp;&nbsp;nt!RtlpQueryRegistryValues+0x31a\n0d ffffe809`e2206330 fffff807`555d9368&nbsp; &nbsp;&nbsp;&nbsp;nt!RtlQueryRegistryValuesEx+0xe\n0e ffffe809`e2206370 fffff807`555d92c2&nbsp; &nbsp;&nbsp;&nbsp;NETIO!KfdReadAndApplyBoottimePolicy+0x54\n0f ffffe809`e2206420 fffff807`555d93ce&nbsp; &nbsp;&nbsp;&nbsp;NETIO!KfdProcessBoottimePolicy+0x5e\n10 ffffe809`e2206460 fffff807`555d9413&nbsp; &nbsp;&nbsp;&nbsp;NETIO!KfdStartModuleEx+0x3e\n11 ffffe809`e2206490 fffff807`555d907b&nbsp; &nbsp;&nbsp;&nbsp;NETIO!KfdStartModule+0x23\n12 ffffe809`e22064c0 fffff807`555e52fb&nbsp; &nbsp;&nbsp;&nbsp;NETIO!RtlInvokeStartRoutines+0x3b\n13 ffffe809`e2206500 fffff807`4f79962e&nbsp; &nbsp;&nbsp;&nbsp;NETIO!DllInitialize+0x9b\n14 ffffe809`e2206530 fffff807`4f799473&nbsp; &nbsp;&nbsp;&nbsp;nt!MmCallDllInitialize+0x16e\n15 ffffe809`e2206590 fffff807`4f751acc&nbsp; &nbsp;&nbsp;&nbsp;nt!MiLoadImportDll+0x63\n16 ffffe809`e22065e0 fffff807`4f751704&nbsp; &nbsp;&nbsp;&nbsp;nt!MiResolveImageReferences+0x214\n17 ffffe809`e22066f0 fffff807`4f75080c&nbsp; &nbsp;&nbsp;&nbsp;nt!MiResolveImageImports+0x94\n18 ffffe809`e2206760 fffff807`4f750166&nbsp; &nbsp;&nbsp;&nbsp;nt!MmLoadSystemImageEx+0x690\n19 ffffe809`e2206900 fffff807`4f7330b4&nbsp; &nbsp;&nbsp;&nbsp;nt!MmLoadSystemImage+0x26\n1a ffffe809`e2206940 fffff807`4fa52b87&nbsp; &nbsp;&nbsp;&nbsp;nt!IopLoadDriver+0x23c\n1b ffffe809`e2206b10 fffff807`4fa6331a&nbsp; &nbsp;&nbsp;&nbsp;nt!IopInitializeSystemDrivers+0x157\n1c ffffe809`e2206bb0 fffff807`4f7a881b&nbsp; &nbsp;&nbsp;&nbsp;nt!IoInitSystem+0x2e\n1d ffffe809`e2206be0 fffff807`4f3030e5&nbsp; &nbsp;&nbsp;&nbsp;nt!Phase1Initialization+0x3b\n1e ffffe809`e2206c10 fffff807`4f402e08&nbsp; &nbsp;&nbsp;&nbsp;nt!PspSystemThreadStartup+0x55\n1f ffffe809`e2206c60 00000000`00000000&nbsp; &nbsp;&nbsp;&nbsp;nt!KiStartSystemThread+0x28<\/code><\/pre>\n\n\n\n<p>\u6ce8\u610f\u8fd9\u4e2a\u6808\u7684\u8d77\u70b9\u662f\u5185\u6838\u6b63\u5e38\u521d\u59cb\u5316(\u975eiscsi\u542f\u52a8, \u975edump\u529f\u80fd\u521d\u59cb\u5316), \u56e0\u4e3aNDIS.SYS start\u503c\u4e3a1, \u540c\u65f6\u6ca1\u6709\u5176\u4ed6\u6a21\u5757\u4f9d\u8d56NDIS.SYS, \u5185\u6838\u5c31\u6b63\u5e38\u52a0\u8f7dNDIS.SYS, \u89e3\u6790\u5bfc\u5165\u52a0\u8f7dNETIO.SYS, \u7136\u540e\u5728NETIO.SYS!DLLMain\u89e6\u53d1\u8ddfiscsi\u542f\u52a8\u573a\u666f\u4e00\u6a21\u4e00\u6837\u7684PageFault\u84dd\u5c4f.<br>\u8fd9\u79cd\u5c31\u662fNDIS\u5148\u52a0\u8f7d, NETIO\u540e\u52a0\u8f7d. \u5fc5\u7136\u84dd\u5c4f.<\/p>\n\n\n\n<p>\u81f3\u6b64\u5370\u8bc1\u524d\u9762\u7684\u6240\u6709\u7ed3\u8bba.<\/p>\n\n\n\n<p><strong>\u4e00\u4e9b\u82b1\u7d6e:<\/strong><\/p>\n\n\n\n<p><strong>\u84dd\u5c4f\u65f6DLLMain\u5728\u8c03\u7528NDISReleaseRWLock, \u8bf4\u660e\u4e4b\u524d\u5fc5\u7136\u4e5f\u6709\u8c03\u7528NDISAcquireRWLock, \u90a3\u5728\u8c03\u7528NDISAcquireRWLock\u7684\u65f6\u5019\u4e3a\u5565\u6ca1\u84dd\u5c4f:<\/strong><\/p>\n\n\n\n<p>\u56e0\u4e3a\u867d\u7136\u4e5f\u662f\u5728netio!DLLMain\u7684\u4e0a\u4e0b\u6587, \u4f46\u5f53\u65f6\u6700\u5f00\u59cb\u7684IRQL\u5176\u5b9e\u662fpassive_level, \u53d1\u751fPF\u53ef\u4ee5\u6b63\u5e38\u5904\u7406. \u662fNDISAcquireRWLock\u88ab\u8c03\u7528\u540e\u5728\u5185\u90e8\u5c06IRQL\u63d0\u5347\u4e3aDPCLEVEL, \u76f4\u5230ReleaseRWLock\u88ab\u8c03\u7528\u624d\u4f1a\u964d\u56de\u53bb.<\/p>\n\n\n\n<p>\u901a\u8fc7\u67e5\u770bAcquireRWLock\u7684PTE\u53ef\u4ee5\u786e\u8ba4AcquireRWLock\u5f53\u65f6\u786e\u5b9e\u662f\u5728\u7269\u7406\u5185\u5b58:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>0: kd&gt; !pte dump_ndis!NdisAcquireRWLockWrite\n&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp;&nbsp; &nbsp; VA fffff8046f8b42f0\nPXE at FFFFFC7E3F1F8F80&nbsp; &nbsp; PPE at FFFFFC7E3F1F0088&nbsp; &nbsp; PDE at FFFFFC7E3E011BE0&nbsp; &nbsp; PTE at FFFFFC7C0237C5A0\ncontains 000000002FC09063&nbsp;&nbsp;contains 000000002FC0A063&nbsp;&nbsp;contains 0A00000118278863&nbsp;&nbsp;contains 00000001252DC021\npfn 2fc09&nbsp; &nbsp;&nbsp;&nbsp;---DA--KWEV&nbsp;&nbsp;pfn 2fc0a&nbsp; &nbsp;&nbsp;&nbsp;---DA--KWEV&nbsp;&nbsp;pfn 118278&nbsp; &nbsp; ---DA--KWEV&nbsp;&nbsp;pfn 1252dc&nbsp; &nbsp; ----A--KREV<\/code><\/pre>\n\n\n\n<p><strong>\u7136\u540e\u987a\u4fbf\u770b\u4e0bNdisAcquireRWLockWrite\u548cNdisReleaseRWLock\u5404\u81ea\u7684VA:<\/strong><br>NdisAcquireRWLockWrite: fffff804`6f8b42f0<br>NdisReleaseRWLock:&nbsp; &nbsp;&nbsp; &nbsp;fffff804`6f8b59d0<\/p>\n\n\n\n<p>\u8fd9\u4e24\u51fd\u6570\u8ddd\u79bb\u5f88\u7d27, \u4f46\u53c8\u4e0d\u591f\u7d27(\u4e0d\u5728\u4e00\u4e2a\u9875), \u5982\u679c\u5b83\u4fe9\u6070\u5de7\u57281\u4e2a\u9875, \u90a3\u4e48\u5728netio\u8c03\u7528NdisAcquireRWLockWrite\u53d1\u751fPF\u7684\u65f6\u5019, \u5185\u6838\u4e5f\u4f1a\u987a\u4fbf\u628aNdisReleaseRWLock\u4e5f\u5e26\u8fdb\u7269\u7406\u5185\u5b58, \u4e5f\u5c31\u4e0d\u4f1a\u53d1\u751f\u84dd\u5c4f\u4e86(\u5f53\u7136\u524d\u63d0\u662fnetio.sys!dllmain\u6ca1\u6709\u518d\u8c03\u7528\u5176\u4ed6dump_ndis.sys\u5185\u7684\u51fd\u6570).<br>\u4e0d\u8fc7\u8fd9\u6837\u7684\u8bdd, \u8fd9\u4e2abug\u5c31\u66f4\u96be\u88ab\u53d1\u73b0. \u4e5f\u4e0d\u5e94\u8be5\u662f\u9760\u8fd9\u79cd\u65b9\u5f0f\u53bb\u89e3\u51b3.<\/p>\n\n\n\n<p><strong>Win7\u4e3a\u4ec0\u4e48\u6ca1\u95ee\u9898?<\/strong><br>\u89c2\u5bdfWin7\u7684netio.sys\/ndis.sys\u7684\u5bfc\u5165\u8868, \u4ed6\u4eec\u4e5f\u662f\u4e92\u76f8\u4f9d\u8d56\u7684, \u5e76\u4e14netio!DLLMain\u4e2d\u4e00\u6837\u6709\u8c03\u7528NDIS\u63a5\u53e3\u7684\u903b\u8f91, \u90a3\u4e3a\u5565Win7\u4e0a\u5c31\u4e0d\u4f1a\u84dd\u5c4f:<br>Win7\u548cWin10\u7684dump\u521d\u59cb\u5316\u673a\u5236\u6709\u5dee\u5f02, \u5f53Win7\u4eceiscsi\u7f51\u7edc\u542f\u52a8\u65f6, \u5185\u6838dump\u673a\u5236\u4f1a\u521d\u59cb\u5316\u5931\u8d25, \u6839\u672c\u5c31\u4e0d\u4f1a\u8d70\u5230\u52a0\u8f7ddump_miscsi.sys\u8fd9\u4e00\u6b65, \u4e5f\u5c31\u4e0d\u4f1a\u6709\u540e\u7eed\u7684DLL\u4e92\u76f8\u4f9d\u8d56\u95ee\u9898.<br>\u4e5f\u6b63\u662f\u56e0\u4e3a\u5185\u6838dump\u673a\u5236\u521d\u59cb\u5316\u5931\u8d25, \u5f53Win7\u8d70\u539f\u751fiscsi\u529f\u80fd\u4ece\u7f51\u7edc\u542f\u52a8\u65f6, \u7cfb\u7edf\u5185\u5fc5\u7136\u4f1a\u51fa\u73b0\u4e00\u6761&#8221;\u7cfb\u7edf\u672a\u80fd\u521d\u59cb\u5316\u6545\u969c\u8f6c\u50a8\u7a0b\u5e8f&#8221;\u65e5\u5fd7:<\/p>\n\n\n\n<p><\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img loading=\"lazy\" decoding=\"async\" width=\"1024\" height=\"600\" src=\"https:\/\/www.linudows.com\/wp-content\/uploads\/2023\/09\/image-2-1024x600.png\" alt=\"\" class=\"wp-image-25\" srcset=\"https:\/\/www.lidowx.com\/wp-content\/uploads\/2023\/09\/image-2-1024x600.png 1024w, https:\/\/www.lidowx.com\/wp-content\/uploads\/2023\/09\/image-2-300x176.png 300w, https:\/\/www.lidowx.com\/wp-content\/uploads\/2023\/09\/image-2-768x450.png 768w, https:\/\/www.lidowx.com\/wp-content\/uploads\/2023\/09\/image-2.png 1066w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p><strong>\u4f5c\u4e3a\u7528\u6237, \u8981\u89e3\u51b3\u8fd9\u4e2a\u95ee\u9898\u5f53\u524d\u53ea\u80fd\u662f\u9760\u4e00\u4e9b\u4e34\u65f6\u89c4\u907f\u65b9\u6848, \u8fd9\u91cc\u76f4\u63a5\u7ed9\u65b9\u6848, \u4e0d\u8c08\u4e2a\u4e2d\u7ec6\u8282:<\/strong><br>1.\u5220\u9664Services\\BFE\\Parameters\\Boot\\Filter\u4e0b\u7684\u6ce8\u518c\u8868; \u5982\u679c\u6ce8\u518c\u8868\u4e0d\u5b58\u5728, netio!DLLMain\u5c31\u4e0d\u4f1a\u6267\u884c\u5230\u540e\u9762\u89e6\u53d1\u84dd\u5c4f\u7684\u6d41\u7a0b; \u4f46\u662f\u8981\u6ce8\u610f\u8fd9\u4e2a\u6ce8\u518c\u8868\u6709\u53ef\u80fd\u4f1a\u88abBFE\u6216\u5176\u4ed6\u7ec4\u4ef6\u91cd\u65b0\u521b\u5efa\u51fa\u6765, \u9700\u8981\u7981\u7528\u5176\u4ed6\u670d\u52a1, \u4e0d\u592a\u63a8\u8350;<br>2.\u5173\u95ed\u7cfb\u7edf\u7684\u84dd\u5c4fdump\u529f\u80fd, \u5173\u95ed\u540e\u5f53\u5185\u6838\u521b\u5efa\u5206\u9875\u6587\u4ef6\u7684\u65f6\u5019, \u5c31\u4e0d\u4f1a\u53bb\u521d\u59cb\u5316dump\u673a\u5236, \u4e5f\u5c31\u4e0d\u4f1a\u52a0\u8f7ddump_msiscsi.sys, \u6700\u540e\u5c31\u4e0d\u4f1a\u8c03\u7528\u5230dump_netio.sys!dllmain; (\u5173\u95eddump\u529f\u80fd\u4e0d\u5f71\u54cd\u5206\u9875\u6587\u4ef6)<\/p>\n\n\n\n<p><strong>\u81f3\u4e8e\u7981\u7528\u5206\u9875\u6587\u4ef6, \u5176\u5b9e\u786e\u5b9e\u53ef\u4ee5\u4f5c\u4e3a\u4e00\u4e2a\u89e3\u51b3\u65b9\u6848, \u4f46\u662f\u5b83\u6709\u5c40\u9650\u6027, \u53ea\u80fd\u7528\u4e8e\u4e00\u79cd\u573a\u666f:<\/strong><br>\u5148\u672c\u5730\u88c5\u7cfb\u7edf, \u5173\u95ed\u5206\u9875\u6587\u4ef6, \u7136\u540edisk2vhd\u751f\u6210img.<br>\u8fd9\u4e2a\u65b9\u6848\u4e0d\u80fd\u7528\u4e8e\u76f4\u63a5\u4ecepxe-&gt;iso\u542f\u52a8setup.exe\u7136\u540e\u5b89\u88c5\u5230iscsi\u76d8\u7684\u573a\u666f(\u81f3\u5c11\u5bf9\u6211\u4f7f\u7528\u7684\u4e09\u4e2aISO\u4e0d\u884c), \u56e0\u4e3aISO\u91cc\u7684\u5b89\u88c5\u7a0b\u5e8fsetup.exe\u903b\u8f91\u662f\u76f4\u63a5\u8c03\u7528NtCreatePagingFile\u5f3a\u884c\u521b\u5efa\u5206\u9875\u6587\u4ef6, \u5b8c\u5168\u4e0d\u7406\u4f1a\u6ce8\u518c\u8868\u4e2d\u7684\u5206\u9875\u6587\u4ef6\u5f00\u5173.<\/p>\n\n\n\n<p><strong>\u800c\u8fd9\u5e94\u5f53\u4e5f\u662f\u5728\u6211\u6700\u5f00\u59cb\u641c\u5230\u7c7b\u4f3c\u95ee\u9898, \u6309\u540c\u6837\u64cd\u4f5c\u5173\u95ed\u9875\u9762\u6587\u4ef6\u6ca1\u6709\u6548\u679c\u7684\u539f\u56e0, \u751a\u81f3\u4e5f\u53ef\u80fd\u662f\u6709\u4e9b\u4eba\u8bf4\u884c, \u6709\u4e9b\u4eba\u8bf4\u4e0d\u884c\u7684\u539f\u56e0:<\/strong><br>\u8bf4\u884c\u7684\u53ef\u80fd\u662fdisk2vhd\u8fd9\u79cd\u65b9\u5f0f\u90e8\u7f72(\u6216\u8005\u662f\u4ed6\u4eec\u7528\u7684ISO\u91cc\u9762\u7684setup.exe\u4e0d\u4f1a\u50cf\u6211\u8fd9\u4e2a\u7248\u672c\u8fd9\u6837\u5f3a\u884c\u521b\u5efa\u5206\u9875\u6587\u4ef6), \u8bf4\u4e0d\u884c\u7684\u5e94\u8be5\u8ddf\u6211\u4e00\u6837\u662f\u76f4\u63a5\u4eceISO\u542f\u52a8setup.exe\u5b89\u88c5;<\/p>\n\n\n\n<p>\u672c\u8d28\u4e0d\u662fPageFile\u539f\u56e0, \u800c\u662f\u5728\u521b\u5efaPageFile\u7684\u65f6\u5019, \u5982\u679cDUMP\u529f\u80fd\u662f\u5f00\u7740\u7684, \u5185\u6838\u5c31\u4f1a\u987a\u4fbf\u521d\u59cb\u5316DUMP, \u4ece\u800c\u89e6\u53d1\u6700\u6839\u6e90\u7684DLL\u4f9d\u8d56\u52a0\u8f7d\u987a\u5e8f\u95ee\u9898.<br>\u5173\u6389PageFile, \u6216\u8005\u7981\u7528dump\u529f\u80fd, \u90fd\u53ef\u4ee5\u89c4\u907f.<br>\u7136\u540eWindows\u53ea\u4f1a\u5728\u542f\u52a8\u5377\u4e0a\u521d\u59cb\u5316DUMP\u529f\u80fd, \u6bd4\u5982\u5982\u679c\u5728\u672c\u5730\u76d8\u542f\u52a8\u7684\u7cfb\u7edf\u4e0a, \u6302\u8f7d\u4e00\u4e2a\u7f51\u7edciscsi\u76d8\u4f5c\u4e3a\u6570\u636e\u76d8, \u7136\u540e\u628a\u9875\u9762\u6587\u4ef6\u8bbe\u7f6e\u5728\u8fd9\u4e2aiscsi\u6570\u636e\u76d8, \u8fd9\u79cd\u60c5\u51b5\u4e0b\u5e94\u5f53\u4e0d\u4f1a\u84dd\u5c4f(\u672a\u9a8c\u8bc1).<\/p>\n\n\n\n<p><strong>\u518d\u6269\u5c55\u4e00\u4e0b:<\/strong><\/p>\n\n\n\n<p>\u5728windows\u539f\u751fiscsi\u7f51\u7edc\u542f\u52a8\u573a\u666f, \u7cfb\u7edf\u53d1\u751f\u84dd\u5c4f\u65f6, \u5373\u4f7f\u84dd\u5c4fdump\u4fdd\u5b58\u529f\u80fd\u662f\u5f00\u542f\u7684, \u4e5f\u4e0d\u5927\u53ef\u80fd\u6210\u529f\u5199\u5165\u84dd\u5c4fdump\u4fe1\u606f, \u56e0\u4e3a\u8fd9\u4e2a\u573a\u666f\u4e0b, \u7cfb\u7edf\u5f80\u78c1\u76d8\u5199\u5165dump\u6570\u636e\u65f6, \u65e0\u8bba\u600e\u4e48\u5199\u90fd\u5f97\u7ecf\u8fc7msiscsi.sys, \u800cmsiscsi.sys\u662f\u901a\u8fc7WSK Socket\u63a5\u53e3\u8d70\u7cfb\u7edf\u7684\u6807\u51c6\u534f\u8bae\u6808\u8ddfiscsi server\u901a\u4fe1, \u5728\u84dd\u5c4f\u65f6, \u7cfb\u7edf\u6574\u4f53\u73af\u5883\u5df2\u7ecf\u4e0d\u6b63\u5e38, msiscsi.sys\u6b64\u65f6\u5e76\u4e0d\u80fd\u7a33\u5b9a\u8ddfiscsi server\u901a\u4fe1. \u867d\u7136\u7cfb\u7edf\u91cd\u65b0\u52a0\u8f7d\u4e86\u4e00\u4efdnetio\u548cndis, \u4f46\u662f\u8fd8\u6709\u7f51\u5361\u9a71\u52a8\u4ee5\u53catcpip.sys\u8fd8\u662f\u7528\u7684\u539f\u6765\u7684, \u8981\u60f3\u84dd\u5c4f\u65f6\u4f9d\u65e7\u7a33\u5b9a\u6536\u53d1, \u6574\u6761IO\u94fe\u4e0a\u6240\u6709\u6a21\u5757\u90fd\u8981\u914d\u5408\u624d\u884c, \u8fd9\u4e5f\u662fwindows\u505a\u7684\u4e0d\u5982Linux\u7684\u5730\u65b9, linux\u662f\u76f4\u63a5\u62c9\u8d77\u4e00\u4e2a\u65b0\u5185\u6838, \u5199dump\u65f6\u6240\u5904\u73af\u5883\u76f8\u5bf9\u8981\u66f4\u7a33\u4e00\u4e9b.<\/p>\n\n\n\n<p>\u5b9e\u9645\u53ea\u6709\u7269\u7406\u78c1\u76d8\u9a71\u52a8, \u6216\u8005\u81ea\u5e26TCPIP\u534f\u8bae\u6808\u4e0d\u4f9d\u8d56OS\u7684\u786ciscsi, \u624d\u80fd\u5b9e\u73b0\u7a33\u5b9a\u7684\u84dd\u5c4fdump\u4fdd\u5b58\u529f\u80fd.<br>\u8f6fiscsi\u5982\u679c\u53ea\u60f3\u4fdd\u5b58\u51e0\u5341\u5230\u51e0\u767eK\u7684minidump\u8fd8\u662f\u53ef\u4ee5\u7684,\u6bd4\u5982\u901a\u8fc7NDIS\u534f\u8bae\u9a71\u52a8\u76f4\u63a5\u6784\u9020UDP\u5305\u53d1\u51fa\u53bb, \u6709\u6bd4\u8f83\u4e0d\u9519\u7684\u6982\u7387\u53ef\u4ee5\u5728\u7cfb\u7edf\u5f7b\u5e95\u6b7b\u6389\u524d\u628a\u6570\u636e\u53d1\u51fa\u53bb, \u4f46\u8981\u60f3\u7a33\u5b9a\u4fdd\u5b58\u4e0aG\u751a\u81f310G+\u7684\u5b8c\u6574dump\u5c31\u6bd4\u8f83\u56f0\u96be, \u5927\u591a\u6570\u65f6\u5019\u90fd\u662f\u53d1\u7740\u53d1\u7740\u6574\u4e2a\u7cfb\u7edf\u5c31\u5f7b\u5e95\u6b7b\u6389(\u4e5f\u4e0d\u662f\u7edd\u5bf9\u4e0d\u884c, \u5b9e\u73b0\u8d77\u6765\u6709\u4e9b\u590d\u6742, \u53c8\u6ca1\u6709\u592a\u5927\u4ef7\u503c).<\/p>\n\n\n\n<p>\u6700\u540e, \u6839\u6e90\u7684DLL\u4f9d\u8d56\u95ee\u9898\u5f97\u5fae\u8f6f\u81ea\u5df1\u53bb\u4fee(\u5982\u679c\u6211\u6ca1\u6f0f\u6389\u4ec0\u4e48\u7684\u8bdd). \u53e6\u5916\u6b64\u95ee\u9898\u7406\u8bba\u4e0a\u5728iscsi\u542f\u52a8\u573a\u666f\u5fc5\u73b0, \u81f3\u5c11\u5728\u6211\u4f7f\u7528\u768422H2\u4ee5\u53ca\u5176\u4ed6\u76f8\u8fd1\u7684\u51e0\u4e2a\u7248\u672c\u4e0a\u5fc5\u73b0, \u611f\u89c9\u5fae\u8f6f\u53ea\u6d4b\u4e86\u672c\u5730\u76d8\u542f\u52a8, \u6839\u672c\u6ca1\u6d4b\u8fc7iscsi\u542f\u52a8\u573a\u666f, \u7565\u79bb\u8c31.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>iscsi\u5b89\u88c5win10\u84dd\u5c4f<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14,5],"tags":[10,9,11],"_links":{"self":[{"href":"https:\/\/www.lidowx.com\/index.php\/wp-json\/wp\/v2\/posts\/19"}],"collection":[{"href":"https:\/\/www.lidowx.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.lidowx.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.lidowx.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.lidowx.com\/index.php\/wp-json\/wp\/v2\/comments?post=19"}],"version-history":[{"count":13,"href":"https:\/\/www.lidowx.com\/index.php\/wp-json\/wp\/v2\/posts\/19\/revisions"}],"predecessor-version":[{"id":41,"href":"https:\/\/www.lidowx.com\/index.php\/wp-json\/wp\/v2\/posts\/19\/revisions\/41"}],"wp:attachment":[{"href":"https:\/\/www.lidowx.com\/index.php\/wp-json\/wp\/v2\/media?parent=19"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.lidowx.com\/index.php\/wp-json\/wp\/v2\/categories?post=19"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.lidowx.com\/index.php\/wp-json\/wp\/v2\/tags?post=19"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}