WIN7默认究竟有没有半开连接数限制,直接上debugger看

茶壶

级别: 管理员

发帖: 3549

飞翔币: 5005

威望: 64392

飞扬币: 51613

信誉值: 815

只看楼主更多操作 0 发表于: 2009-07-27

多说无益,直接上kernel debugger(核心调试器)看tcpip里面的相关变量是最直接的.

环境是win7 7600.16364 x64, 默认安装, 没有EnableConnectionRateLimiting这个键值. 开机后上kernel debugger, 直接看tcpip.sys里面的全局变量:

2: kd> lmvm tcpip
start             end                 module name
fffff880`01602000 fffff880`017ff000   tcpip      (deferred)
    Image path: \SystemRoot\System32\drivers\tcpip.sys
    Image name: tcpip.sys
    Timestamp:        Sat Jul 11 14:13:03 2009 (4A582D6F)
    CheckSum:         001DAEBC
    ImageSize:        001FD000
    Translations:     0000.04b0 0000.04e0 0409.04b0 0409.04e0
2: kd> x tcpip!TcpEnableConnectionRateLimiting
fffff880`0178de50 tcpip!TcpEnableConnectionRateLimiting = 0

反汇编TcpCreateAndConnectTcbInspectConnectComplete函数:
2: kd> u tcpip!TcpCreateAndConnectTcbInspectConnectComplete
tcpip!TcpCreateAndConnectTcbInspectConnectComplete:
fffff880`01657a10 fff3            push    rbx
fffff880`01657a12 57              push    rdi
fffff880`01657a13 4154            push    r12
fffff880`01657a15 4881ec80000000  sub     rsp,80h
fffff880`01657a1c 488b05ddf61000  mov     rax,qword ptr [tcpip!__security_cookie (fffff880`01767100)]
fffff880`01657a23 4833c4          xor     rax,rsp
fffff880`01657a2囧889442460      mov     qword ptr [rsp+60h],rax
fffff880`01657a2b 33db            xor ebx,ebx //此处ebx是0
2: kd> u
tcpip!TcpCreateAndConnectTcbInspectConnectComplete+0x1d:
fffff880`01657a2d 833d98c4110001  cmp     dword ptr [tcpip!MICROSOFT_TCPIP_PROVIDER_Context+0x24 (fffff880`01773ecc)],1
fffff880`01657a34 8bfa            mov     edi,edx
fffff880`01657a3囧c8be1          mov     r12,rcx
fffff880`01657a39 0f844e060600    je      tcpip!TcpCreateAndConnectTcbInspectConnectComplete+0x6067d (fffff880`016b808d)
fffff880`01657a3f 85ff            test    edi,edi
fffff880`01657a41 0f88bf060600    js      tcpip!TcpCreateAndConnectTcbInspectConnectComplete+0x606f6 (fffff880`016b8106)
此处判断,如果TcpEnableConnectionRateLimiting为0,则直接跳过后续限制连接数部分
fffff880`01657a47 391d03641300    cmp     dword ptr [tcpip!TcpEnableConnectionRateLimiting (fffff880`0178de50)],ebx
fffff880`01657a4d 0f85e8060600    jne     tcpip!TcpCreateAndConnectTcbInspectConnectComplete+0x6072b (fffff880`016b813b)
2: kd> u
tcpip!TcpCreateAndConnectTcbInspectConnectComplete+0x43:
fffff880`01657a53 498bcc          mov     rcx,r12
fffff880`01657a56 e885dbffff      call    tcpip!TcpCreateAndConnectTcbRateLimitComplete (fffff880`016555e0)

所以事实证明没有键值的情况下是没有限制的. 其他主观妄想可以结束了