第一部分：
PCELL_DATA
CmpGetValueListFromCache(
    IN PHHIVE               Hive,
    IN PCACHED_CHILD_LIST   ChildList,
    OUT BOOLEAN             *IndexCached,
    OUT PHCELL_INDEX        ValueListToRelease
)

0: kd> dv

         KeyControlBlock = 0xe115f5b0
                   Index = 2
KeyValueInformationClass = KeyValueFullInformation (0n1)
     KeyValueInformation = 0x00fad9bc

               ChildList = 0xe119a7c4

0: kd> dv
         KeyControlBlock = 0xe115f5b0
                   Index = 2
KeyValueInformationClass = KeyValueFullInformation (0n1)

0: kd> dx -r1 ((ntkrnlmp!_CM_KEY_CONTROL_BLOCK *)0xe115f5b0)
((ntkrnlmp!_CM_KEY_CONTROL_BLOCK *)0xe115f5b0)                 : 0xe115f5b0 [Type: _CM_KEY_CONTROL_BLOCK *]

    [+0x024] ValueCache       [Type: _CACHED_CHILD_LIST]

0: kd> dx -r1 (*((ntkrnlmp!_CACHED_CHILD_LIST *)0xe115f5d4))
(*((ntkrnlmp!_CACHED_CHILD_LIST *)0xe115f5d4))                 [Type: _CACHED_CHILD_LIST]
    [+0x000] Count            : 0x8 [Type: unsigned long]
    [+0x004] ValueList        : 0xe119a7c1 [Type: unsigned long]
    [+0x004] RealKcb          : 0xe119a7c1 [Type: _CM_KEY_CONTROL_BLOCK *]

参考头文件：CMP_GET_CACHED_CELLDATA    cmdata.h (base\ntos\inc)    

#define CMP_GET_CACHED_CELLDATA(Cell) (&(((PCM_CACHED_VALUE_INDEX)(((ULONG_PTR) (Cell)) & ~CMP_CELL_CACHED_MASK))->Data.CellData))

0: kd> dt CM_CACHED_VALUE_INDEX 0xe119a7c0
nt!CM_CACHED_VALUE_INDEX
   +0x000 CellIndex        : 0x78420
   +0x004 Data             : __unnamed
0: kd> dx -id 0,0,89589d88 -r1 (*((ntkrnlmp!__unnamed *)0xe119a7c4))
(*((ntkrnlmp!__unnamed *)0xe119a7c4))                 [Type: __unnamed]
    [+0x000] CellData         [Type: _CELL_DATA]
    [+0x000] List             [Type: unsigned long [1]]
0: kd> dx -id 0,0,89589d88 -r1 (*((ntkrnlmp!_CELL_DATA *)0xe119a7c4))
(*((ntkrnlmp!_CELL_DATA *)0xe119a7c4))                 [Type: _CELL_DATA]
    [+0x000] u                [Type: _u]
0: kd> dx -id 0,0,89589d88 -r1 (*((ntkrnlmp!_u *)0xe119a7c4))
(*((ntkrnlmp!_u *)0xe119a7c4))                 [Type: _u]
    [+0x000] KeyNode          [Type: _CM_KEY_NODE]
    [+0x000] KeyValue         [Type: _CM_KEY_VALUE]
    [+0x000] KeySecurity      [Type: _CM_KEY_SECURITY]
    [+0x000] KeyIndex         [Type: _CM_KEY_INDEX]
    [+0x000] ValueData        [Type: _CM_BIG_DATA]
    [+0x000] KeyList          [Type: unsigned long [1]]
    [+0x000] KeyString        [Type: unsigned short [1]]

第二部分：
0: kd> dt CELL_DATA 0xe119a7c4
nt!CELL_DATA
   +0x000 u                : _u
0: kd> dx -id 0,0,89589d88 -r1 (*((ntkrnlmp!_u *)0xe119a7c4))
(*((ntkrnlmp!_u *)0xe119a7c4))                 [Type: _u]
    [+0x000] KeyNode          [Type: _CM_KEY_NODE]
    [+0x000] KeyValue         [Type: _CM_KEY_VALUE]
    [+0x000] KeySecurity      [Type: _CM_KEY_SECURITY]
    [+0x000] KeyIndex         [Type: _CM_KEY_INDEX]
    [+0x000] ValueData        [Type: _CM_BIG_DATA]
    [+0x000] KeyList          [Type: unsigned long [1]]
    [+0x000] KeyString        [Type: unsigned short [1]]
0: kd> dd 0xe119a7c4                    8个键值
e119a7c4  e19d0809 e19efc39 e11657a1 e116ace9
e119a7d4  e16c5b21 e19a8e81 e17a4711 e10ae231

0: kd> db e10ae259
e10ae259  00 24 00 76 6b 10 00 a0-03 00 00 20 a0 05 00 03  .$.vk...... ....
e10ae269  00 00 00 01 00 b2 b2 57-6f 72 64 70 61 64 20 44  .......Wordpad D
e10ae279  6f 63 75 6d 65 6e 74 06-04 02 00 4f 62 53 71 a9  ocument....ObSq.
e10ae289  e5 87 e1 79 68 98 e1 02-04 0f 0c 43 4d 56 49 70  ...yh......CMVIp
e10ae299  9b 06 00 91 22 88 e1 79-82 73 e1 51 ee 7b e1 a1  ...."..y.s.Q.{..
e10ae2a9  5e 9a e1 a9 c0 06 e1 b9-e5 87 e1 f9 7a 41 e1 81  ^...........zA..
e10ae2b9  67 83 e1 a1 13 79 e1 b9-bb 96 e1 79 c1 06 e1 a9  g....y.....y....
e10ae2c9  c8 77 e1 11 c5 2b e1 69-13 79 e1 b1 2e 88 e1 a1  .w...+.i.y......
0: kd> db e19efc39
e19efc39  00 24 00 76 6b 0c 00 a0-03 00 00 98 a7 05 00 03  .$.vk...........
e19efc49  00 00 00 01 00 b2 b2 42-69 74 6d 61 70 20 49 6d  .......Bitmap Im
e19efc59  61 67 65 b2 b2 b2 b2 00-00 00 00 00 00 00 00 00  age.............
e19efc69  00 00 00 00 00 42 00 69-00 74 00 6d 00 61 00 70  .....B.i.t.m.a.p
e19efc79  00 20 00 49 00 6d 00 61-00 67 00 65 00 00 00 00  . .I.m.a.g.e....
e19efc89  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
e19efc99  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
e19efca9  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
0: kd> db e19d0809
e19d0809  00 24 00 76 6b 09 00 a0-03 00 00 88 9b 05 00 03  .$.vk...........
e19d0819  00 00 00 01 00 b2 b2 42-72 69 65 66 63 61 73 65  .......Briefcase
e19d0829  b2 b2 b2 b2 b2 b2 b2 00-00 00 00 00 00 00 00 00  ................
e19d0839  00 00 00 00 00 42 00 72-00 69 00 65 00 66 00 63  .....B.r.i.e.f.c
e19d0849  00 61 00 73 00 65 00 00-00 00 00 00 00 00 00 00  .a.s.e..........
e19d0859  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
e19d0869  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
e19d0879  00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00  ................
0: kd> db e116ace9
e116ace9  00 2c 00 76 6b 12 00 a0-03 00 00 c8 a3 05 00 03  .,.vk...........
e116acf9  00 00 00 01 00 b2 b2 52-69 63 68 20 54 65 78 74  .......Rich Text
e116ad09  20 44 6f 63 75 6d 65 6e-74 b2 b2 b2 b2 b2 b2 07   Document.......
e116ad19  06 12 0c 47 6c 61 40 78-00 00 00 a8 f2 82 e1 10  ...Gla@x........
e116ad29  bc 96 e1 70 7c 09 e1 8e-02 10 71 00 00 00 00 00  ...p|.....q.....
e116ad39  00 00 80 00 00 00 00 07-00 00 00 00 00 00 00 00  ................
e116ad49  00 00 00 14 00 00 80 25-03 00 00 58 0e 90 00 00  .......%...X....
e116ad59  00 00 00 ff ff ff 00 00-00 00 00 00 00 00 00 01  ................
0: kd> db e16c5b21
e16c5b21  00 24 00 76 6b 0d 00 a0-03 00 00 20 b0 05 00 03  .$.vk...... ....
e16c5b31  00 00 00 01 00 b2 b2 54-65 78 74 20 44 6f 63 75  .......Text Docu
e16c5b41  6d 65 6e 74 b2 b2 b2 06-08 02 00 43 4d 4e e2 a1  ment.......CMN..
e16c5b51  64 18 e1 71 4d 16 e1 02-08 06 0c 43 4d 56 61 00  d..qM......CMVa.
e16c5b61  00 24 00 76 6b 0c 00 1e-00 00 00 58 33 00 00 01  .$.vk......X3...
e16c5b71  00 00 00 01 00 b2 b2 43-6f 6e 74 65 6e 74 20 54  .......Content T
e16c5b81  79 70 65 b2 b2 b2 b2 06-08 07 1c 43 4d 70 62 01  ype........CMpb.
e16c5b91  00 00 00 34 8f 49 e1 54-4e 9c e1 74 43 86 e1 7c  ...4.I.TN..tC..|
0: kd> db e19a8e81
e19a8e81  00 34 00 76 6b 1a 00 a0-03 00 00 50 a9 06 00 03  .4.vk......P....
e19a8e91  00 00 00 01 00 b2 b2 43-6f 6d 70 72 65 73 73 65  .......Compresse
e19a8ea1  64 20 28 7a 69 70 70 65-64 29 20 46 6f 6c 64 65  d (zipped) Folde
e19a8eb1  72 b2 b2 b2 b2 b2 b2 08-04 08 04 43 4d 4e e2 20  r..........CMN.
e19a8ec1  62 7b e1 3f 9a ce 0f 84-41 61 e1 26 00 7b 36 35  b{.?....Aa.&.{65
e19a8ed1  34 33 39 43 32 30 2d 36-30 34 46 2d 34 39 43 41  439C20-604F-49CA
e19a8ee1  2d 41 41 38 32 2d 44 43-30 31 41 31 30 41 46 31  -AA82-DC01A10AF1
e19a8ef1  37 31 7d 15 00 00 00 08-04 01 00 4f 62 4e 6d 01  71}........ObNm.
0: kd> db e17a4711
e17a4711  00 24 00 76 6b 0a 00 18-00 00 00 f8 ac 05 00 03  .$.vk...........
e17a4721  00 00 00 01 00 b2 b2 7e-72 65 73 65 72 76 65 64  .......~reserved
e17a4731  7e b2 b2 b2 b2 b2 b2 18-00 00 00 01 00 01 00 e9  ~...............
e17a4741  07 01 00 03 00 0f 00 0d-00 28 00 0a 00 0d 03 09  .........(......
e17a4751  06 01 00 4e 74 66 63 01-06 05 0c 43 4d 56 61 00  ...Ntfc....CMVa.
e17a4761  00 1c 00 76 6b 07 00 18-00 00 00 80 68 01 00 01  ...vk.......h...
e17a4771  00 00 00 01 00 b2 b2 49-6e 66 50 61 74 68 b2 05  .......InfPath..
e17a4781  06 06 0c 43 4d 56 61 00-00 24 00 76 6b 0e 00 08  ...CMVa..$.vk...
0: kd> db e10ae231
e10ae231  00 1c 00 76 6b 08 00 04-00 00 80 09 04 00 00 04  ...vk...........
e10ae241  00 00 00 01 00 b2 b2 4c-61 6e 67 75 61 67 65 05  .......Language.
e10ae251  04 06 0c 43 4d 56 61 00-00 24 00 76 6b 10 00 a0  ...CMVa..$.vk...
e10ae261  03 00 00 20 a0 05 00 03-00 00 00 01 00 b2 b2 57  ... ...........W
e10ae271  6f 72 64 70 61 64 20 44-6f 63 75 6d 65 6e 74 06  ordpad Document.
e10ae281  04 02 00 4f 62 53 71 a9-e5 87 e1 79 68 98 e1 02  ...ObSq....yh...
e10ae291  04 0f 0c 43 4d 56 49 70-9b 06 00 91 22 88 e1 79  ...CMVIp...."..y
e10ae2a1  82 73 e1 51 ee 7b e1 a1-5e 9a e1 a9 c0 06 e1 b9  .s.Q.{..^.......