📄 pcidppublic.cod
字号:
TITLE I:\PCI-DP\KERNEL\KERNELNT\pcidppublic.c
.386P
include listing.inc
if @Version gt 510
.model FLAT
else
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
_DATA SEGMENT DWORD USE32 PUBLIC 'DATA'
_DATA ENDS
CONST SEGMENT DWORD USE32 PUBLIC 'CONST'
CONST ENDS
_BSS SEGMENT DWORD USE32 PUBLIC 'BSS'
_BSS ENDS
_TLS SEGMENT DWORD USE32 PUBLIC 'TLS'
_TLS ENDS
; COMDAT _RtlLargeIntegerAdd@16
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT _RtlLargeIntegerSubtract@16
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT _RtlConvertLongToLargeInteger@4
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT _RtlConvertUlongToLargeInteger@4
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT _PCIDPGetDriverVersion@12
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT _PCIDPMapBaseRegs@20
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT _PCIDPUnMap@16
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT _PCIDPMapDMAMem@16
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT _PCIDPCancelMapDMA@16
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT _PCIDPUnMapDMA@16
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT _PCIDPGetPCIRegs@16
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT _PCIDPSetPCIRegs@16
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT _PCIDPRegisterInterrupt@20
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
; COMDAT _PCIDPUnregisterInterrupt@16
_TEXT SEGMENT PARA USE32 PUBLIC 'CODE'
_TEXT ENDS
FLAT GROUP _DATA, CONST, _BSS
ASSUME CS: FLAT, DS: FLAT, SS: FLAT
endif
PUBLIC _PCIDPGetDriverVersion@12
; COMDAT _PCIDPGetDriverVersion@12
_TEXT SEGMENT
_Irp$ = 8
_IoBuffer$ = 12
_OutputBufferLength$ = 16
_PCIDPGetDriverVersion@12 PROC NEAR ; COMDAT
; 30 :
; 31 : // Define variables.
; 32 : NTSTATUS NTStatus;
; 33 : pPCIDP00_GET_VERSION_RECV IoOutput;
; 34 :
; 35 : // Initialize variables.
; 36 : IoOutput = (pPCIDP00_GET_VERSION_RECV)IoBuffer;
; 37 :
; 38 : // Check for adequate output buffer space.
; 39 : if(OutputBufferLength >= sizeof(PCIDP00_GET_VERSION_RECV)){
00000 8b 44 24 04 mov eax, DWORD PTR _Irp$[esp-4]
00004 6a 04 push 4
00006 59 pop ecx
00007 39 4c 24 0c cmp DWORD PTR _OutputBufferLength$[esp-4], ecx
0000b 72 13 jb SHORT $L5905
0000d 56 push esi
; 40 : NTStatus = STATUS_SUCCESS;
; 41 : IoOutput->Version = 0x20010615;
0000e 8b 74 24 0c mov esi, DWORD PTR _IoBuffer$[esp]
00012 33 d2 xor edx, edx
00014 c7 06 15 06 01
20 mov DWORD PTR [esi], 536938005 ; 20010615H
; 42 : Irp->IoStatus.Information = sizeof(PCIDP00_GET_VERSION_RECV);
0001a 89 48 1c mov DWORD PTR [eax+28], ecx
0001d 5e pop esi
; 43 : }
; 44 :
; 45 : else
0001e eb 05 jmp SHORT $L5908
$L5905:
; 46 : NTStatus = STATUS_INVALID_BUFFER_SIZE;
00020 ba 06 02 00 c0 mov edx, -1073741306 ; c0000206H
$L5908:
; 47 :
; 48 : Irp->IoStatus.Status = NTStatus;
00025 89 50 18 mov DWORD PTR [eax+24], edx
; 49 : }
00028 c2 0c 00 ret 12 ; 0000000cH
_PCIDPGetDriverVersion@12 ENDP
_TEXT ENDS
PUBLIC _PCIDPMapBaseRegs@20
EXTRN __imp__RtlInitUnicodeString@8:NEAR
EXTRN __imp__ObReferenceObjectByHandle@24:NEAR
EXTRN __imp__ZwClose@4:NEAR
EXTRN __imp__ZwOpenSection@12:NEAR
EXTRN __imp__ZwMapViewOfSection@40:NEAR
EXTRN __imp__HalTranslateBusAddress@24:NEAR
; COMDAT _PCIDPMapBaseRegs@20
; File c:\ddk\inc\ntddk.h
_TEXT SEGMENT
$SG5963 DB '\', 00H, 'D', 00H, 'e', 00H, 'v', 00H, 'i', 00H, 'c', 00H
DB 'e', 00H, '\', 00H, 'P', 00H, 'h', 00H, 'y', 00H, 's', 00H, 'i'
DB 00H, 'c', 00H, 'a', 00H, 'l', 00H, 'M', 00H, 'e', 00H, 'm', 00H
DB 'o', 00H, 'r', 00H, 'y', 00H, 00H, 00H
$T6294 = 24
$T6295 = -68
$T6299 = -68
$T6303 = -68
_DeviceObject$ = 8
_Irp$ = 12
_IoBuffer$ = 16
_InputBufferLength$ = 20
_OutputBufferLength$ = 24
_LengthOut$ = 20
_VirtualAddress$ = 8
_PhysicalMemoryUnicodeString$ = -44
_ObjectAttributes$ = -92
_FullPCIAddress$ = -60
_FullLogicalAddress$ = -28
_FullLogicalAddressEnd$ = -52
_SectionOffset$ = -36
_NTStatus$ = -8
_PhysicalMemoryHandle$ = -4
_PhysicalMemorySection$ = -12
_MemorySpace$ = -16
_MemorySpaceEnd$ = -20
_PCIDPMapBaseRegs@20 PROC NEAR ; COMDAT
; 61 : ){
0002e 55 push ebp
0002f 8b ec mov ebp, esp
00031 83 ec 5c sub esp, 92 ; 0000005cH
; 67 : ULONG BusNumber;
; 68 : ULONG VirtualAddress;
; 69 : ULONG MappedLength;
; 70 : ULONG MapIndex;
; 71 : UNICODE_STRING PhysicalMemoryUnicodeString;
; 72 : OBJECT_ATTRIBUTES ObjectAttributes;
; 73 : BOOLEAN HALStatus;
; 74 : PHYSICAL_ADDRESS LongLength;
; 75 : PHYSICAL_ADDRESS FullPCIAddress;
; 76 : PHYSICAL_ADDRESS FullPCIAddressEnd;
; 77 : PHYSICAL_ADDRESS FullLogicalAddress;
; 78 : PHYSICAL_ADDRESS FullLogicalAddressEnd;
; 79 : PHYSICAL_ADDRESS SectionOffset;
; 80 : NTSTATUS NTStatus;
; 81 : HANDLE PhysicalMemoryHandle;
; 82 : PVOID PhysicalMemorySection;
; 83 : ULONG MemorySpace;
; 84 : ULONG MemorySpaceEnd;
; 85 : pPCIDP00_MAP_BASE_REGS_SEND IoInput;
; 86 : pPCIDP00_MAP_BASE_REGS_RECV IoOutput;
; 87 : pPCIDP_EXTENSION ObjExt;
; 88 :
; 89 : // Initialize variables.
; 90 : NTStatus = STATUS_SUCCESS;
; 91 : PhysicalMemoryHandle = NULL;
; 92 : PhysicalMemorySection = NULL;
; 93 : MemorySpace = 0;
; 94 : MemorySpaceEnd = 0;
; 95 : IoInput = (pPCIDP00_MAP_BASE_REGS_SEND)IoBuffer;
; 96 : IoOutput = (pPCIDP00_MAP_BASE_REGS_RECV)IoBuffer;
; 97 : ObjExt = (pPCIDP_EXTENSION)DeviceObject->DeviceExtension;
00034 8b 45 08 mov eax, DWORD PTR _DeviceObject$[ebp]
00037 53 push ebx
00038 56 push esi
00039 33 db xor ebx, ebx
; 98 :
; 99 : // Make sure the buffer lengths are of sufficient size to handle
; 100 : // the transactions.
; 101 : if((InputBufferLength < sizeof(PCIDP00_MAP_BASE_REGS_SEND)) ||
; 102 : (OutputBufferLength < sizeof(PCIDP00_MAP_BASE_REGS_RECV))){
0003b 83 7d 14 08 cmp DWORD PTR _InputBufferLength$[ebp], 8
0003f 57 push edi
00040 8b 78 28 mov edi, DWORD PTR [eax+40]
00043 89 5d f8 mov DWORD PTR _NTStatus$[ebp], ebx
00046 89 5d fc mov DWORD PTR _PhysicalMemoryHandle$[ebp], ebx
00049 89 5d f4 mov DWORD PTR _PhysicalMemorySection$[ebp], ebx
0004c 89 5d f0 mov DWORD PTR _MemorySpace$[ebp], ebx
0004f 89 5d ec mov DWORD PTR _MemorySpaceEnd$[ebp], ebx
00052 0f 82 b6 01 00
00 jb $L5954
00058 83 7d 18 0c cmp DWORD PTR _OutputBufferLength$[ebp], 12 ; 0000000cH
0005c 0f 82 ac 01 00
00 jb $L5954
; 104 : goto ExitA;
; 105 : }
; 106 :
; 107 : // Check for a valid Base Address Register index and that its value
; 108 : // is non-zero.
; 109 : if(IoInput->RegNumber > 5){
00062 8b 75 10 mov esi, DWORD PTR _IoBuffer$[ebp]
00065 8b 06 mov eax, DWORD PTR [esi]
00067 83 f8 05 cmp eax, 5
0006a 76 0c jbe SHORT $L5957
; 110 : NTStatus = STATUS_INVALID_PARAMETER;
0006c c7 45 f8 0d 00
00 c0 mov DWORD PTR _NTStatus$[ebp], -1073741811 ; c000000dH
; 111 : goto ExitA;
00073 e9 9d 01 00 00 jmp $ExitA$5956
$L5957:
; 112 : }
; 113 :
; 114 : if((ObjExt->BaseAddresses[IoInput->RegNumber] & 0xFFFFFFFE) == 0){
00078 8b 4c 87 0c mov ecx, DWORD PTR [edi+eax*4+12]
0007c 8d 44 87 0c lea eax, DWORD PTR [edi+eax*4+12]
00080 f7 c1 fe ff ff
ff test ecx, -2 ; fffffffeH
00086 75 0c jne SHORT $L5959
; 115 : NTStatus = STATUS_INVALID_ADDRESS;
00088 c7 45 f8 41 01
00 c0 mov DWORD PTR _NTStatus$[ebp], -1073741503 ; c0000141H
; 116 : goto ExitA;
0008f e9 81 01 00 00 jmp $ExitA$5956
$L5959:
; 117 : }
; 118 :
; 119 : // First check to see if the address is for I/O space. If it is, we
; 120 : // can't map it. Just return the I/O Address so the application can
; 121 : // use an I/O access driver to read and write from this space.
; 122 : if((ObjExt->BaseAddresses[IoInput->RegNumber] & 1) == 1){
00094 6a 01 push 1
00096 8b d1 mov edx, ecx
00098 59 pop ecx
00099 23 d1 and edx, ecx
0009b 3a d1 cmp dl, cl
0009d 75 1e jne SHORT $L5961
; 123 : IoOutput->IOSpace = 1;
0009f 89 4e 08 mov DWORD PTR [esi+8], ecx
; 124 : IoOutput->Length = IoInput->Length;
000a2 8b 4e 04 mov ecx, DWORD PTR [esi+4]
000a5 89 4e 04 mov DWORD PTR [esi+4], ecx
; 125 : IoOutput->Address = ObjExt->BaseAddresses[IoInput->RegNumber] & 0xFFFFFFFE;
000a8 8b 00 mov eax, DWORD PTR [eax]
000aa 24 fe and al, -2 ; fffffffeH
000ac 89 06 mov DWORD PTR [esi], eax
; 126 : Irp->IoStatus.Information = sizeof(PCIDP00_MAP_BASE_REGS_RECV);
000ae 8b 45 0c mov eax, DWORD PTR _Irp$[ebp]
000b1 c7 40 1c 0c 00
00 00 mov DWORD PTR [eax+28], 12 ; 0000000cH
; 127 : goto ExitA;
000b8 e9 58 01 00 00 jmp $ExitA$5956
$L5961:
; 128 : }
; 129 :
; 130 : // Create the full path name for the physical memory object.
; 131 : RtlInitUnicodeString(
; 132 : IN &PhysicalMemoryUnicodeString,
; 133 : IN L"\\Device\\PhysicalMemory"
; 134 : );
000bd 8d 45 d4 lea eax, DWORD PTR _PhysicalMemoryUnicodeString$[ebp]
000c0 68 00 00 00 00 push OFFSET FLAT:$SG5963
000c5 50 push eax
000c6 ff 15 00 00 00
00 call DWORD PTR __imp__RtlInitUnicodeString@8
; 135 :
; 136 : // Initialize the physical memory object attributes.
; 137 : InitializeObjectAttributes(
; 138 : OUT &ObjectAttributes, // Object attributes structure
; 139 : IN &PhysicalMemoryUnicodeString, // Full path name of the object
; 140 : IN OBJ_CASE_INSENSITIVE, // Object attribute
; 141 : IN (HANDLE) NULL, // Root directory is N/A
; 142 : IN (PSECURITY_DESCRIPTOR) NULL // Security descriptor is N/A
; 143 : );
000cc 8d 45 d4 lea eax, DWORD PTR _PhysicalMemoryUnicodeString$[ebp]
000cf 89 5d a8 mov DWORD PTR _ObjectAttributes$[ebp+4], ebx
000d2 89 45 ac mov DWORD PTR _ObjectAttributes$[ebp+8], eax
; 144 :
; 145 : // Get a handle to the physical memory object.
; 146 : NTStatus = ZwOpenSection(
; 147 : OUT &PhysicalMemoryHandle, // Handle to the physical memory object
; 148 : IN SECTION_ALL_ACCESS, // Allow full access to the memory
; 149 : IN &ObjectAttributes // Object attributes structure
; 150 : );
000d5 8d 45 a4 lea eax, DWORD PTR _ObjectAttributes$[ebp]
000d8 89 5d b4 mov DWORD PTR _ObjectAttributes$[ebp+16], ebx
000db 89 5d b8 mov DWORD PTR _ObjectAttributes$[ebp+20], ebx
000de 50 push eax
000df bb 1f 00 0f 00 mov ebx, 983071 ; 000f001fH
000e4 8d 45 fc lea eax, DWORD PTR _PhysicalMemoryHandle$[ebp]
000e7 53 push ebx
000e8 50 push eax
000e9 c7 45 a4 18 00
00 00 mov DWORD PTR _ObjectAttributes$[ebp], 24 ; 00000018H
000f0 c7 45 b0 40 00
00 00 mov DWORD PTR _ObjectAttributes$[ebp+12], 64 ; 00000040H
000f7 ff 15 00 00 00
00 call DWORD PTR __imp__ZwOpenSection@12
000fd 89 45 f8 mov DWORD PTR _NTStatus$[ebp], eax
; 151 : if(NTStatus != STATUS_SUCCESS) goto ExitA;
00100 33 c0 xor eax, eax
00102 39 45 f8 cmp DWORD PTR _NTStatus$[ebp], eax
00105 0f 85 0a 01 00
00 jne $ExitA$5956
; 152 :
; 153 : // Validate access on the object's handle and get a pointer to the object's
; 154 : // body.
; 155 : NTStatus = ObReferenceObjectByHandle(
; 156 : IN PhysicalMemoryHandle,
; 157 : IN SECTION_ALL_ACCESS,
; 158 : IN (POBJECT_TYPE) NULL,
; 159 : IN KernelMode,
; 160 : OUT &PhysicalMemorySection,
; 161 : OUT (POBJECT_HANDLE_INFORMATION) NULL
; 162 : );
0010b 8d 4d f4 lea ecx, DWORD PTR _PhysicalMemorySection$[ebp]
0010e 50 push eax
0010f 51 push ecx
00110 50 push eax
00111 50 push eax
00112 53 push ebx
00113 ff 75 fc push DWORD PTR _PhysicalMemoryHandle$[ebp]
00116 ff 15 00 00 00
00 call DWORD PTR __imp__ObReferenceObjectByHandle@24
; 163 : if(NTStatus != STATUS_SUCCESS) goto ExitB;
0011c 85 c0 test eax, eax
0011e 89 45 f8 mov DWORD PTR _NTStatus$[ebp], eax
00121 0f 85 dc 00 00
00 jne $ExitB$5978
; 164 :
; 165 : // Translate the address from a PCI address to a system logical address.
; 166 : // Initialize the PCI full physical addresses that will be translated.
; 167 : FullPCIAddress.HighPart = 0;
00127 21 45 c8 and DWORD PTR _FullPCIAddress$[ebp+4], eax
; 168 : FullPCIAddress.LowPart = ObjExt->BaseAddresses[IoInput->RegNumber];
0012a 8b 06 mov eax, DWORD PTR [esi]
0012c 8b 4c 87 0c mov ecx, DWORD PTR [edi+eax*4+12]
; 169 : FullPCIAddressEnd = RtlLargeIntegerAdd (
; 170 : IN FullPCIAddress,
; 171 : IN RtlConvertUlongToLargeInteger(IoInput->Length)
; 172 : );
00130 8b 46 04 mov eax, DWORD PTR [esi+4]
00133 89 4d c4 mov DWORD PTR _FullPCIAddress$[ebp], ecx
00136 89 45 18 mov DWORD PTR $T6294[ebp], eax
; 62 :
; 63 : // Define variables.
00139 2b d2 sub edx, edx
; 64 : ULONG PCIAddress;
0013b 8b 45 18 mov eax, DWORD PTR $T6294[ebp]
; 169 : FullPCIAddressEnd = RtlLargeIntegerAdd (
; 170 : IN FullPCIAddress,
; 171 : IN RtlConvertUlongToLargeInteger(IoInput->Length)
; 172 : );
0013e 89 55 c0 mov DWORD PTR $T6295[ebp+4], edx
00141 89 45 bc mov DWORD PTR $T6295[ebp], eax
; 62 :
; 63 : // Define variables.
00144 8b 45 c4 mov eax, DWORD PTR _FullPCIAddress$[ebp]
; 64 : ULONG PCIAddress;
00147 8b 55 c8 mov edx, DWORD PTR _FullPCIAddress$[ebp+4]
; 65 : ULONG Length;
0014a 03 45 bc add eax, DWORD PTR $T6295[ebp]
; 66 : ULONG LengthOut;
0014d 13 55 c0 adc edx, DWORD PTR $T6295[ebp+4]
; 169 : FullPCIAddressEnd = RtlLargeIntegerAdd (
; 170 : IN FullPCIAddress,
; 171 : IN RtlConvertUlongToLargeInteger(IoInput->Length)
; 172 : );
00150 89 45 bc mov DWORD PTR $T6299[ebp], eax
; 173 :
; 174 : // Translate the full PCI physical addresses into corresponding full system
; 175 : // logical addresses.
; 176 : NTStatus = STATUS_ACCESS_DENIED;
; 177 : HALStatus = HalTranslateBusAddress(
; 178 : IN PCIBus, // bus type
; 179 : IN ObjExt->BusNumber, // bus number
; 180 : IN FullPCIAddress, // bus address
; 181 : IN &MemorySpace, // I/O or memory space
; 182 : OUT &FullLogicalAddress // system logical address
; 183 : );
00153 8d 45 e4 lea eax, DWORD PTR _FullLogicalAddress$[ebp]
00156 50 push eax
00157 8d 45 f0 lea eax, DWORD PTR _MemorySpace$[ebp]
0015a 50 push eax
0015b 8b 1d 00 00 00
00 mov ebx, DWORD PTR __imp__HalTranslateBusAddress@24
00161 ff 75 c8 push DWORD PTR _FullPCIAddress$[ebp+4]
00164 89 55 c0 mov DWORD PTR $T6299[ebp+4], edx
00167 c7 45 f8 22 00
00 c0 mov DWORD PTR _NTStatus$[ebp], -1073741790 ; c0000022H
0016e 51 push ecx
0016f ff 37 push DWORD PTR [edi]
00171 6a 05 push 5
00173 ff d3 call ebx
; 184 : if(HALStatus == FALSE) goto ExitB;
00175 84 c0 test al, al
00177 0f 84 86 00 00
00 je $ExitB$5978
; 185 :
; 186 : HALStatus = HalTranslateBusAddress(
; 187 : IN PCIBus, // bus type
; 188 : IN ObjExt->BusNumber, // bus number
; 189 : IN FullPCIAddressEnd, // bus address
; 190 : IN &MemorySpaceEnd, // I/O or memory space
; 191 : OUT &FullLogicalAddressEnd // system logical address
; 192 : );
0017d 8d 45 cc lea eax, DWORD PTR _FullLogicalAddressEnd$[ebp]
00180 50 push eax
00181 8d 45 ec lea eax, DWORD PTR _MemorySpaceEnd$[ebp]
00184 50 push eax
00185 ff 75 c0 push DWORD PTR $T6299[ebp+4]
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -