as tim has already mentioned those are internals of user mode apis
you can step through them if you are interested to know about internals
but if thats a windbg related question and you want to know if there is a
trace and summary output you can use wt command
watch and trace
and user mode component display as follows
0:000> g
Breakpoint 0 hit
eax=0006a9e8 ebx=00000000 ecx=0006a548 edx=7c90eb94 esi=7c810976
edi=10000080
eip=7c80180e esp=0006a594 ebp=0006a9f8 iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202
kernel32!ReadFile:
7c80180e 6a20 push 20h
0:000> bl
0 e 7c80180e 0001 (0001) 0:**** kernel32!ReadFile
0:000> wt
Tracing kernel32!ReadFile to return address 77d544d6
3 0 [0] kernel32!ReadFile
19 0 [1] kernel32!_SEH_prolog
35 19 [0] kernel32!ReadFile
1 0 [1] ntdll!ZwReadFile
2 0 [1] ntdll!NtReadFile
2 0 [2] ntdll!KiFastSystemCall
1 0 [1] ntdll!NtReadFile
45 25 [0] kernel32!ReadFile
9 0 [1] kernel32!_SEH_epilog
46 34 [0] kernel32!ReadFile
80 instructions were executed in 79 events (0 from other threads)
Function Name Invocations MinInst MaxInst
AvgInst
kernel32!ReadFile 1 46 46
46
kernel32!_SEH_epilog 1 9
9 9
kernel32!_SEH_prolog 1 19 19
19
ntdll!KiFastSystemCall 1 2
2 2
ntdll!NtReadFile 2 1
2 1
ntdll!ZwReadFile 1 1
1 1
1 system call was executed
Calls System Call
1 ntdll!KiFastSystemCall
eax=00000001 ebx=00000000 ecx=7c801898 edx=ffffffff esi=7c810976
edi=10000080
eip=77d544d6 esp=0006a5ac ebp=0006a9f8 iopl=0 nv up ei pl nz na po
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000202
USER32!PrivateExtractIconsW+0x186:
77d544d6 83bdd0fbffff0c cmp dword ptr [ebp-430h],0Ch
ss:0023:0006a5c8=0000000c
regards
raj_r
On 4/17/09, zmerry wrote:
>
> I often see the following order of function,and am always surpised how to
> get to the sequence.
> ReadFile->ntdll!ntReadFile->nt!ntReadFile
>
> Could someone give me a hand? Thanks
>
> ------------------------------
> ??MSNװ???ֻ???Ȥ???ھ??? ???أ? http:</http:>
> —
> WINDBG is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
–
thanks and regards
raj_r