PVOID NTAPI ObpLookupEntryDirectory(IN POBJECT_DIRECTORY Directory, IN PUNICODE_STRING Name, IN ULONG Attributes, IN UCHAR SearchShadow, IN POBP_LOOKUP_CONTEXT Context) { BOOLEAN CaseInsensitive = FALSE; POBJECT_HEADER_NAME_INFO HeaderNameInfo; POBJECT_HEADER ObjectHeader; ULONG HashValue; ULONG HashIndex; LONG TotalChars; WCHAR CurrentChar; POBJECT_DIRECTORY_ENTRY *AllocatedEntry; POBJECT_DIRECTORY_ENTRY *LookupBucket; POBJECT_DIRECTORY_ENTRY CurrentEntry; PVOID FoundObject = NULL; PWSTR Buffer; PAGED_CODE(); if (!ObpLUIDDeviceMapsEnabled) SearchShadow = FALSE; /*检查输入的两个关键指针是否有效*/ if (!(Directory) || !(Name)) goto Quickie; /* Get name information */ TotalChars = Name->Length / sizeof(WCHAR);//按照双字大小,计算对象名的字节数 Buffer = Name->Buffer;//得Name名称 /* Set up case-sensitivity */ if (Attributes & OBJ_CASE_INSENSITIVE) CaseInsensitive = TRUE;//大小写不敏感 /*不是一个命名的对象*/ if (!(Buffer) || !(TotalChars)) goto Quickie; /*计算hash值*/ for (HashValue = 0; TotalChars; TotalChars--) { /* Go to the next Character */ CurrentChar = *Buffer++; /* Prepare the Hash */ HashValue += (HashValue << 1) + (HashValue >> 1); /* Create the rest based on the name */ if (CurrentChar < 'a') HashValue += CurrentChar; else if (CurrentChar > 'z') HashValue += RtlUpcaseUnicodeChar(CurrentChar); else HashValue += (CurrentChar - ('a'-'A')); } /*计算hash索引*/ HashIndex = HashValue % 37;//Hash数组的大小为37 /*保存Hash值和Hash索引在Context中*/ Context->HashValue = HashValue; Context->HashIndex = (USHORT)HashIndex; /*得到当前HashIndex对应在Hash列表中的首地址*/ AllocatedEntry = &Directory->HashBuckets[HashIndex]; LookupBucket = AllocatedEntry; /* Check if the directory is already locked */ if (!Context->DirectoryLocked) { /*申请共享锁*/ ObpAcquireDirectoryLockShared(Directory, Context); } /* Start looping */ while ((CurrentEntry = *AllocatedEntry)) { /*Hash匹配*/ if (CurrentEntry->HashValue == HashValue) { /*对象体向对象头的转换*/ ObjectHeader = OBJECT_TO_OBJECT_HEADER(CurrentEntry->Object); /* Get the name information */ ASSERT(ObjectHeader->NameInfoOffset != 0); HeaderNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader); /*如果名字相同,长度相同*/ if ((Name->Length == HeaderNameInfo->Name.Length) && (RtlEqualUnicodeString(Name, &HeaderNameInfo->Name, CaseInsensitive))) { break;//发现目标,对象名相同 } } /*否则继续向下遍历*/ AllocatedEntry = &CurrentEntry->ChainLink; } /*若CurrentEntry非空,则说明找到了目标对象所在的节点 */ if (CurrentEntry) { /*设置当前节点到队列的最前面,为了下次查找效率的提高*/ if (AllocatedEntry != LookupBucket) { /* Check if the directory was locked or convert the lock */ if ((Context->DirectoryLocked) || (ExConvertPushLockSharedToExclusive(&Directory->Lock))) { /*当前目录项的值修改为当前目录项的下一个,因为当前目录项的内容要被放到最前面去*/ *AllocatedEntry = CurrentEntry->ChainLink; /*连接之前的Hash表 */ CurrentEntry->ChainLink = *LookupBucket; /*构建新的HashEntry*/ *LookupBucket = CurrentEntry; } } /* 找到目标对象 */ FoundObject = CurrentEntry->Object; goto Quickie; } else { /* Check if the directory was locked */ if (!Context->DirectoryLocked) { /* Release the lock */ ObpReleaseDirectoryLock(Directory, Context); } /* Check if we should scan the shadow directory */ if ((SearchShadow) && (Directory->DeviceMap)) { /* FIXME: We don't support this yet */ ASSERT(FALSE); } } Quickie: /* Check if we inserted an object */ if (FoundObject) { /* Get the object name information */ ObjectHeader = OBJECT_TO_OBJECT_HEADER(FoundObject); ObpReferenceNameInfo(ObjectHeader); /* Reference the object being looked up */ ObReferenceObject(FoundObject); /* Check if the directory was locked */ if (!Context->DirectoryLocked) { /* Release the lock */ ObpReleaseDirectoryLock(Directory, Context); } } /* Check if we found an object already */ if (Context->Object) { /* We already did a lookup, so remove this object's query reference */ ObjectHeader = OBJECT_TO_OBJECT_HEADER(Context->Object); HeaderNameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader); ObpDereferenceNameInfo(HeaderNameInfo); /* Also dereference the object itself */ ObDereferenceObject(Context->Object); } /* Return the object we found */ Context->Object = FoundObject; return FoundObject; }
“You’re never really done for, as long as you’ve got a good story and someone to tell it to.”
参考资料:
《Windows内核情景分析》
《Reactos》
