我已经分析了Internet Explorer 11,以找出它在内核模式下消耗大量CPU的原因。
最热的路径(85%的样本中存在)是以下堆栈:
- NtAllocateVirtualMemory
- whNtAllocateVirtualMemory
- Wow64SystemServiceEx
- ServiceNoTurbo
- RunCpuSimulation
- Wow64LdrpInitialize
- _LdrInitialize
- LdrInitializeThunk
- _NtAllocateVirtualMemory @ 24
- RtlIpv6AddressToStringW (85%的样本!)
- _RtlpLfhBucketIndexMap
- RtlpLowFragHeapAllocFromContext
- RtlpAllocateUserBlockFromHeap
- @ RtlpLowFragHeapAllocateFromZone @ 8
- _RtlpLfhBucketIndexMap
- 的 RtlAllocateHeap
如何调用RtlAllocateHeap来调用RtlIpv6AddressToStringW?