📄 pcidp.cod
字号:
0040b 74 43 je SHORT $L5989
; 300 : PhysicalAddress = MmGetPhysicalAddress(
; 301 : ObjExt->VirtualDMAAddress
; 302 : );
0040d 50 push eax
0040e ff 15 00 00 00
00 call DWORD PTR __imp__MmGetPhysicalAddress@4
; 303 : ObjExt->PhysicalDMAAddress = PhysicalAddress.LowPart;
; 304 :
; 305 : ObjExt->MDL = IoAllocateMdl(
; 306 : ObjExt->VirtualDMAAddress,
; 307 : DMASize,
; 308 : FALSE,
; 309 : FALSE,
; 310 : NULL
; 311 : );
00414 53 push ebx
00415 53 push ebx
00416 53 push ebx
00417 57 push edi
00418 ff b6 84 00 00
00 push DWORD PTR [esi+132]
0041e 89 95 50 ff ff
ff mov DWORD PTR _PhysicalAddress$[ebp+4], edx
00424 89 86 88 00 00
00 mov DWORD PTR [esi+136], eax
0042a ff 15 00 00 00
00 call DWORD PTR __imp__IoAllocateMdl@20
00430 8d be 8c 00 00
00 lea edi, DWORD PTR [esi+140]
; 312 :
; 313 : if(ObjExt->MDL){
00436 3b c3 cmp eax, ebx
00438 89 07 mov DWORD PTR [edi], eax
0043a 74 1a je SHORT $L5992
; 314 : MmBuildMdlForNonPagedPool(ObjExt->MDL);
0043c 50 push eax
0043d ff 15 00 00 00
00 call DWORD PTR __imp__MmBuildMdlForNonPagedPool@4
; 315 : MmProbeAndLockPages(
; 316 : ObjExt->MDL,
; 317 : KernelMode,
; 318 : IoModifyAccess
; 319 : );
00443 6a 02 push 2
00445 53 push ebx
00446 ff 37 push DWORD PTR [edi]
00448 ff 15 00 00 00
00 call DWORD PTR __imp__MmProbeAndLockPages@12
; 320 : }
; 321 : }
; 322 : else
0044e eb 06 jmp SHORT $L5992
$L5989:
; 323 : ObjExt->PhysicalDMAAddress = 0;
00450 89 9e 88 00 00
00 mov DWORD PTR [esi+136], ebx
$L5992:
; 324 :
; 325 : // Reset interrupts and Initialize shared memory.
; 326 : ObjExt->MemoryBase[HINT] = 0x3FF;
00456 8b 46 24 mov eax, DWORD PTR [esi+36]
00459 c7 80 e4 04 00
00 ff 03 00 00 mov DWORD PTR [eax+1252], 1023 ; 000003ffH
00463 b8 00 40 00 00 mov eax, 16384 ; 00004000H
$L5993:
; 327 : for(i=0x1000; i<0x2000; i++)
; 328 : ObjExt->MemoryBase[i] = 0xCDCDCDCD;
00468 8b 4e 24 mov ecx, DWORD PTR [esi+36]
0046b c7 04 08 cd cd
cd cd mov DWORD PTR [eax+ecx], -842150451 ; cdcdcdcdH
00472 83 c0 04 add eax, 4
00475 3d 00 80 00 00 cmp eax, 32768 ; 00008000H
0047a 7c ec jl SHORT $L5993
; 329 :
; 330 : FoundPCICard = TRUE;
; 331 : BoardNumber++;
0047c ff 45 e8 inc DWORD PTR _BoardNumber$[ebp]
0047f ff 45 f0 inc DWORD PTR -16+[ebp]
00482 6a 04 push 4
00484 c6 45 0f 01 mov BYTE PTR _FoundPCICard$[ebp], 1
00488 5e pop esi
$L5955:
00489 ff 45 e4 inc DWORD PTR _DeviceNumber$[ebp]
0048c 83 7d e4 20 cmp DWORD PTR _DeviceNumber$[ebp], 32 ; 00000020H
00490 0f 82 6f fd ff
ff jb $L5954
00496 ff 45 ec inc DWORD PTR _FunctionNumber$[ebp]
00499 83 7d ec 08 cmp DWORD PTR _FunctionNumber$[ebp], 8
0049d 0f 82 42 fd ff
ff jb $L5951
004a3 ff 45 f8 inc DWORD PTR _BusNumber$[ebp]
004a6 39 75 f8 cmp DWORD PTR _BusNumber$[ebp], esi
004a9 0f 82 33 fd ff
ff jb $L5948
; 332 :
; 333 : // Debug. Some object extension parameters.
; 334 : //ObjExt->MemoryBase[0x1C40] = ObjExt->BoardNumber;
; 335 : //ObjExt->MemoryBase[0x1C41] = ObjExt->BaseAddresses[0];
; 336 : //ObjExt->MemoryBase[0x1C42] = ObjExt->BaseAddresses[1];
; 337 : //ObjExt->MemoryBase[0x1C43] = (ULONG)ObjExt->MemoryBase;
; 338 : //ObjExt->MemoryBase[0x1C44] = ObjExt->IOBase;
; 339 : //ObjExt->MemoryBase[0x1C45] = (ULONG)ObjExt->VirtualDMAAddress;
; 340 : //ObjExt->MemoryBase[0x1C46] = ObjExt->PhysicalDMAAddress;
; 341 : //ObjExt->MemoryBase[0x1C47] = (ULONG)ObjExt->MDL;
; 342 : //ObjExt->MemoryBase[0x1C48] = (ULONG)ObjExt->InterruptObject;
; 343 :
; 344 : //ObjExt->MemoryBase[0x1C50] = 0; //IRQ entry count
; 345 : //ObjExt->MemoryBase[0x1C51] = 0; //IRQ false alarm count
; 346 : //ObjExt->MemoryBase[0x1C52] = 0; //IRQ DMAComplete int. count
; 347 : //ObjExt->MemoryBase[0x1C53] = 0; //DPC entry count
; 348 : //ObjExt->MemoryBase[0x1C54] = 0; //DPC queue not empty count
; 349 : //ObjExt->MemoryBase[0x1C55] = 0; //DPC next entry count
; 350 : //ObjExt->MemoryBase[0x1C56] = 0; //DPC type match count
; 351 :
; 352 : //ObjExt->MemoryBase[0x1C57] = 0; //LL Inserted Count
; 353 : //ObjExt->MemoryBase[0x1C58] = 0; //LL PutBack
; 354 : //ObjExt->MemoryBase[0x1C59] = 0; //LL FreeUp
; 355 : //ObjExt->MemoryBase[0x1C5A] = 0; //LL FreeMax
; 356 : //ObjExt->MemoryBase[0x1C5B] = 0; //CMDR Entry
; 357 : //ObjExt->MemoryBase[0x1C5C] = 0; //CMDR GetEntry Cnt
; 358 : //ObjExt->MemoryBase[0x1C5D] = 0; //CMDR Unmap locked pages
; 359 : //ObjExt->MemoryBase[0x1C5E] = 0; //CMD Entry
; 360 : //ObjExt->MemoryBase[0x1C5F] = 0; //CMD LL Insert
; 361 : //ObjExt->MemoryBase[0x1C60] = 0; //CMD Lin Addr
; 362 : //ObjExt->MemoryBase[0x1C61] = 0; //DMAUnmap Entry
; 363 : //ObjExt->MemoryBase[0x1C62] = 0; //DMAUnmap GetEntry Cnt
; 364 : //ObjExt->MemoryBase[0x1C63] = 0; //DMAUnmap Finish IRP
; 365 : //ObjExt->MemoryBase[0x1C64] = 0; //GetFreeEntry - Allocate pool
; 366 : //ObjExt->MemoryBase[0x1C65] = 0; //GetFreeEntry - Existing entry
; 367 : //ObjExt->MemoryBase[0x1C66] = 0; //Insert - First New
; 368 : //ObjExt->MemoryBase[0x1C67] = 0; //Insert - Subsequent Nex
; 369 : //ObjExt->MemoryBase[0x1C68] = 0; //Insert - Existing
; 370 : }
; 371 : }
; 372 : }
; 373 : }
; 374 : }
; 375 :
; 376 : if(FoundPCICard == FALSE){
004af 38 5d 0f cmp BYTE PTR _FoundPCICard$[ebp], bl
004b2 75 31 jne SHORT $L5996
; 377 : NTStatus = STATUS_NO_SUCH_DEVICE;
004b4 bf 0e 00 00 c0 mov edi, -1073741810 ; c000000eH
; 378 : goto ExitA;
004b9 eb 52 jmp SHORT $ExitA$5947
$L6232:
; 217 : NTStatus = STATUS_SOME_NOT_MAPPED;
004bb bf 07 01 00 00 mov edi, 263 ; 00000107H
; 218 : goto ExitB;
004c0 eb 0a jmp SHORT $ExitB$5970
$ExitC$5984:
; 396 : goto ExitA;
; 397 :
; 398 :
; 399 : // Exit points for errors found during initializaiton.
; 400 :
; 401 : // Disconnect the driver from the interrupt and free up DMA memory.
; 402 : ExitD:
; 403 : IoFreeMdl(ObjExt->MDL);
; 404 : MmFreeContiguousMemory(ObjExt->VirtualDMAAddress);
; 405 : if(ObjExt->InterruptObject)
; 406 : IoDisconnectInterrupt(ObjExt->InterruptObject);
; 407 :
; 408 : // Delete the symbolic link.
; 409 : ExitC:
; 410 : IoDeleteSymbolicLink(&DeviceWin32NameUnicode);
004c2 8d 45 b8 lea eax, DWORD PTR _DeviceWin32NameUnicode$[ebp]
004c5 50 push eax
004c6 ff 15 00 00 00
00 call DWORD PTR __imp__IoDeleteSymbolicLink@4
$ExitB$5970:
; 411 :
; 412 : // Delete the created device object and unmap physical memory.
; 413 : ExitB:
; 414 : IoDeleteDevice (DeviceObject);
004cc ff 75 f4 push DWORD PTR _DeviceObject$[ebp]
004cf ff 15 00 00 00
00 call DWORD PTR __imp__IoDeleteDevice@4
; 415 : MmUnmapIoSpace(ObjExt->MemoryBase, MemoryBaseSize);
004d5 68 00 80 00 00 push 32768 ; 00008000H
004da ff 76 24 push DWORD PTR [esi+36]
004dd ff 15 00 00 00
00 call DWORD PTR __imp__MmUnmapIoSpace@8
004e3 eb 28 jmp SHORT $ExitA$5947
$L5996:
; 379 : }
; 380 :
; 381 :
; 382 : // Report interrupt, port, and memory usage.
; 383 : //NTStatus = ReportResources(DriverObject);
; 384 : //if(NTStatus != STATUS_SUCCESS)
; 385 : // goto ExitD;
; 386 :
; 387 : // Initialize the driver object with this driver's entry points.
; 388 : DriverObject->MajorFunction[IRP_MJ_CREATE] = PCIDPCreateClose;
004e5 8b 45 08 mov eax, DWORD PTR _DriverObject$[ebp]
004e8 b9 00 00 00 00 mov ecx, OFFSET FLAT:_PCIDPCreateClose@8
; 389 : DriverObject->MajorFunction[IRP_MJ_CLOSE] = PCIDPCreateClose;
; 390 : DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = PCIDPDeviceControl;
; 391 : DriverObject->MajorFunction[IRP_MJ_CLEANUP] = PCIDPCleanup;
; 392 : DriverObject->DriverUnload = (PDRIVER_UNLOAD)PCIDPUnload;
; 393 :
; 394 : // All finished with a successful initialization. Set the status and return.
; 395 : NTStatus = STATUS_SUCCESS;
004ed 33 ff xor edi, edi
004ef 89 48 38 mov DWORD PTR [eax+56], ecx
004f2 89 48 40 mov DWORD PTR [eax+64], ecx
004f5 c7 40 70 00 00
00 00 mov DWORD PTR [eax+112], OFFSET FLAT:_PCIDPDeviceControl@8
004fc c7 80 80 00 00
00 00 00 00 00 mov DWORD PTR [eax+128], OFFSET FLAT:_PCIDPCleanup@8
00506 c7 40 34 00 00
00 00 mov DWORD PTR [eax+52], OFFSET FLAT:_PCIDPUnload@4
$ExitA$5947:
; 416 :
; 417 : // Free allocated pooled memory.
; 418 : ExitA:
; 419 : ExFreePool(ParamPath.Buffer);
0050d ff 75 ac push DWORD PTR _ParamPath$[ebp+4]
00510 ff 15 00 00 00
00 call DWORD PTR __imp__ExFreePool@4
$Exit$5940:
; 420 :
; 421 : // Final exit
; 422 : Exit:
; 423 : return NTStatus;
00516 8b c7 mov eax, edi
00518 5f pop edi
00519 5e pop esi
0051a 5b pop ebx
; 424 : }
0051b c9 leave
0051c c2 08 00 ret 8
_DriverEntry@8 ENDP
_TEXT ENDS
EXTRN __imp_@IofCompleteRequest@8:NEAR
EXTRN _PCIDPGetDriverVersion@12:NEAR
EXTRN _PCIDPMapBaseRegs@20:NEAR
EXTRN _PCIDPUnMap@16:NEAR
EXTRN _PCIDPMapDMAMem@16:NEAR
EXTRN _PCIDPCancelMapDMA@16:NEAR
EXTRN _PCIDPUnMapDMA@16:NEAR
EXTRN _PCIDPGetPCIRegs@16:NEAR
EXTRN _PCIDPSetPCIRegs@16:NEAR
EXTRN _PCIDPRegisterInterrupt@20:NEAR
EXTRN _PCIDPUnregisterInterrupt@16:NEAR
; COMDAT _PCIDPDeviceControl@8
_TEXT SEGMENT
_DeviceObject$ = 8
_Irp$ = 12
_PCIDPDeviceControl@8 PROC NEAR ; COMDAT
; 435 : ){
00000 55 push ebp
00001 8b ec mov ebp, esp
00003 53 push ebx
00004 56 push esi
; 436 :
; 437 : PIO_STACK_LOCATION IrpStack;
; 438 : PVOID IoBuffer;
; 439 : ULONG InputBufferLength;
; 440 : ULONG OutputBufferLength;
; 441 : NTSTATUS NTStatus;
; 442 :
; 443 : // Initialize the return values with some defaults.
; 444 : Irp->IoStatus.Status = STATUS_SUCCESS;
00005 8b 75 0c mov esi, DWORD PTR _Irp$[ebp]
00008 57 push edi
; 445 : Irp->IoStatus.Information = 0;
; 446 :
; 447 : // Get a pointer to the current location in the Irp. This is where
; 448 : // the function codes and parameters are located.
; 449 : IrpStack = IoGetCurrentIrpStackLocation(IN Irp);
; 450 :
; 451 : // Get the pointer to the input/output buffer and it's length(s).
; 452 : IoBuffer = Irp->AssociatedIrp.SystemBuffer;
; 453 : InputBufferLength = IrpStack->Parameters.DeviceIoControl.InputBufferLength;
; 454 : OutputBufferLength = IrpStack->Parameters.DeviceIoControl.OutputBufferLength;
; 455 :
; 456 :
; 457 : // Determine which I/O control code was specified.
; 458 : switch (IrpStack->Parameters.DeviceIoControl.IoControlCode){
00009 ba 94 20 00 c3 mov edx, -1023401836 ; c3002094H
0000e 8b 46 60 mov eax, DWORD PTR [esi+96]
00011 83 66 18 00 and DWORD PTR [esi+24], 0
00015 83 66 1c 00 and DWORD PTR [esi+28], 0
00019 8b 4e 0c mov ecx, DWORD PTR [esi+12]
0001c 8b 78 08 mov edi, DWORD PTR [eax+8]
0001f 8b 58 04 mov ebx, DWORD PTR [eax+4]
00022 8b 40 0c mov eax, DWORD PTR [eax+12]
00025 3b c2 cmp eax, edx
00027 77 7d ja SHORT $L6246
00029 74 6e je SHORT $L6023
0002b 3d 80 20 00 c3 cmp eax, -1023401856 ; c3002080H
00030 74 59 je SHORT $L6017
00032 3d 84 20 00 c3 cmp eax, -1023401852 ; c3002084H
00037 74 45 je SHORT $L6018
00039 3d 88 20 00 c3 cmp eax, -1023401848 ; c3002088H
0003e 74 2e je SHORT $L6019
00040 3d 8c 20 00 c3 cmp eax, -1023401844 ; c300208cH
00045 74 17 je SHORT $L6021
00047 3d 90 20 00 c3 cmp eax, -1023401840 ; c3002090H
0004c 75 7b jne SHORT $L6028
; 505 :
; 506 : case IOCTL_PCIDP00_GET_PCI_CONFIG_REGS:
; 507 : PCIDPGetPCIRegs(
; 508 : IN DeviceObject,
; 509 : IN OUT Irp,
; 510 : OUT IoBuffer,
; 511 : IN OutputBufferLength
; 512 : );
0004e 53 push ebx
0004f 51 push ecx
00050 56 push esi
00051 ff 75 08 push DWORD PTR _DeviceObject$[ebp]
00054 e8 00 00 00 00 call _PCIDPGetPCIRegs@16
; 513 : break;
00059 e9 a4 00 00 00 jmp $L6014
$L6021:
; 496 :
; 497 : case IOCTL_PCIDP00_UNMAP_DMA:
; 498 : PCIDPUnMapDMA(
; 499 : IN DeviceObject,
; 500 : IN OUT Irp,
; 501 : IN IoBuffer,
; 502 : IN InputBufferLength
; 503 : );
0005e 57 push edi
0005f 51 push ecx
00060 56 push esi
00061 ff 75 08 push DWORD PTR _DeviceObject$[ebp]
00064 e8 00 00 00 00 call _PCIDPUnMapDMA@16
; 504 : break;
00069 e9 94 00 00 00 jmp $L6014
$L6019:
; 478 :
; 479 : case IOCTL_PCIDP00_MAP_DMA_MEM:
; 480 : PCIDPMapDMAMem(
; 481 : IN DeviceObject,
; 482 : IN OUT Irp,
; 483 : OUT IoBuffer,
; 484 : IN OutputBufferLength
; 485 : );
0006e 53 push ebx
0006f 51 push ecx
00070 56 push esi
00071 ff 75 08 push DWORD PTR _DeviceObject$[ebp]
00074 e8 00 00 00 00 call _PCIDPMapDMAMem@16
; 486 : break;
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -