📄 pcidppublic.cod
字号:
00188 ff 75 bc push DWORD PTR $T6299[ebp]
0018b ff 37 push DWORD PTR [edi]
0018d 6a 05 push 5
0018f ff d3 call ebx
; 193 : if(HALStatus == FALSE) goto ExitB;
00191 84 c0 test al, al
00193 74 6e je SHORT $ExitB$5978
; 62 :
; 63 : // Define variables.
00195 8b 45 cc mov eax, DWORD PTR _FullLogicalAddressEnd$[ebp]
; 64 : ULONG PCIAddress;
00198 8b 55 d0 mov edx, DWORD PTR _FullLogicalAddressEnd$[ebp+4]
; 65 : ULONG Length;
0019b 2b 45 e4 sub eax, DWORD PTR _FullLogicalAddress$[ebp]
; 66 : ULONG LengthOut;
0019e 1b 55 e8 sbb edx, DWORD PTR _FullLogicalAddress$[ebp+4]
; 194 :
; 195 : // Calculate the length of the memory to be mapped.
; 196 : LongLength = RtlLargeIntegerSubtract(
; 197 : IN FullLogicalAddressEnd,
; 198 : IN FullLogicalAddress
; 199 : );
; 200 : Length = LongLength.LowPart;
; 201 : LengthOut = LongLength.LowPart;
; 202 :
; 203 : // Now map the system logical address in this process' virtual address
; 204 : // space.
; 205 : VirtualAddress = 0;
; 206 : SectionOffset = FullLogicalAddress;
001a1 8b 4d e4 mov ecx, DWORD PTR _FullLogicalAddress$[ebp]
001a4 33 ff xor edi, edi
001a6 89 4d dc mov DWORD PTR _SectionOffset$[ebp], ecx
001a9 8b 4d e8 mov ecx, DWORD PTR _FullLogicalAddress$[ebp+4]
001ac 89 4d e0 mov DWORD PTR _SectionOffset$[ebp+4], ecx
; 207 :
; 208 : NTStatus = ZwMapViewOfSection(
; 209 : IN PhysicalMemoryHandle, //section handle
; 210 : IN (HANDLE) -1, //process handle
; 211 : IN OUT (PVOID*)&VirtualAddress, //base address (virtual address)
; 212 : IN 0L, //zero bits
; 213 : IN Length, //commit size
; 214 : IN OUT &SectionOffset, //section offset
; 215 : IN OUT &LengthOut, //view size
; 216 : IN ViewShare, //inherit disposition (0)
; 217 : IN 0, //allocation type
; 218 : IN PAGE_READWRITE | PAGE_NOCACHE //protect
; 219 : );
001af 68 04 02 00 00 push 516 ; 00000204H
001b4 57 push edi
001b5 8d 4d 14 lea ecx, DWORD PTR _LengthOut$[ebp]
001b8 6a 01 push 1
001ba 51 push ecx
001bb 8d 4d dc lea ecx, DWORD PTR _SectionOffset$[ebp]
001be 89 45 14 mov DWORD PTR _LengthOut$[ebp], eax
001c1 51 push ecx
001c2 50 push eax
001c3 8d 45 08 lea eax, DWORD PTR _VirtualAddress$[ebp]
001c6 57 push edi
001c7 50 push eax
001c8 6a ff push -1
001ca ff 75 fc push DWORD PTR _PhysicalMemoryHandle$[ebp]
001cd 89 55 c0 mov DWORD PTR $T6303[ebp+4], edx
001d0 89 7d 08 mov DWORD PTR _VirtualAddress$[ebp], edi
001d3 ff 15 00 00 00
00 call DWORD PTR __imp__ZwMapViewOfSection@40
; 220 :
; 221 : // Mapping the section above rounded the logical address down to
; 222 : // the nearest 64 K boundary. Now return a virtual address pointing
; 223 : // to our request area by adding in the offset from the beginning
; 224 : // of the section.
; 225 : if(NTStatus == STATUS_SUCCESS){
001d9 3b c7 cmp eax, edi
001db 89 45 f8 mov DWORD PTR _NTStatus$[ebp], eax
001de 75 23 jne SHORT $ExitB$5978
; 226 : IoOutput->IOSpace = 0;
; 227 : IoOutput->Address = VirtualAddress +
; 228 : ((ULONG)FullLogicalAddress.LowPart - (ULONG)SectionOffset.LowPart);
001e0 8b 4d e4 mov ecx, DWORD PTR _FullLogicalAddress$[ebp]
001e3 8b 45 dc mov eax, DWORD PTR _SectionOffset$[ebp]
001e6 2b c8 sub ecx, eax
; 229 : IoOutput->Length = LengthOut -
; 230 : ((ULONG)FullLogicalAddress.LowPart - (ULONG)SectionOffset.LowPart);
001e8 2b 45 e4 sub eax, DWORD PTR _FullLogicalAddress$[ebp]
001eb 03 4d 08 add ecx, DWORD PTR _VirtualAddress$[ebp]
001ee 89 7e 08 mov DWORD PTR [esi+8], edi
001f1 03 45 14 add eax, DWORD PTR _LengthOut$[ebp]
001f4 89 0e mov DWORD PTR [esi], ecx
001f6 89 46 04 mov DWORD PTR [esi+4], eax
; 231 : Irp->IoStatus.Information = sizeof(PCIDP00_MAP_BASE_REGS_RECV);
001f9 8b 45 0c mov eax, DWORD PTR _Irp$[ebp]
001fc c7 40 1c 0c 00
00 00 mov DWORD PTR [eax+28], 12 ; 0000000cH
$ExitB$5978:
; 232 : }
; 233 :
; 234 :
; 235 : ExitB:
; 236 : ZwClose(PhysicalMemoryHandle);
00203 ff 75 fc push DWORD PTR _PhysicalMemoryHandle$[ebp]
00206 ff 15 00 00 00
00 call DWORD PTR __imp__ZwClose@4
0020c eb 07 jmp SHORT $ExitA$5956
$L5954:
; 103 : NTStatus = STATUS_INVALID_BUFFER_SIZE;
0020e c7 45 f8 06 02
00 c0 mov DWORD PTR _NTStatus$[ebp], -1073741306 ; c0000206H
$ExitA$5956:
; 237 :
; 238 : ExitA:
; 239 : Irp->IoStatus.Status = NTStatus;
00215 8b 4d 0c mov ecx, DWORD PTR _Irp$[ebp]
00218 8b 45 f8 mov eax, DWORD PTR _NTStatus$[ebp]
0021b 5f pop edi
0021c 5e pop esi
0021d 89 41 18 mov DWORD PTR [ecx+24], eax
00220 5b pop ebx
; 240 : }
00221 c9 leave
00222 c2 14 00 ret 20 ; 00000014H
_PCIDPMapBaseRegs@20 ENDP
_TEXT ENDS
PUBLIC _PCIDPUnMap@16
EXTRN __imp__ZwUnmapViewOfSection@8:NEAR
; COMDAT _PCIDPUnMap@16
_TEXT SEGMENT
_DeviceObject$ = 8
_Irp$ = 12
_IoBuffer$ = 16
_InputBufferLength$ = 20
_PCIDPUnMap@16 PROC NEAR ; COMDAT
; 253 :
; 254 : // Define variables.
; 255 : ULONG i;
; 256 : NTSTATUS NTStatus;
; 257 : pPCIDP00_UNMAP_SEND IoInput;
; 258 : pPCIDP_EXTENSION ObjExt;
; 259 :
; 260 : // Initialize variables.
; 261 : NTStatus = STATUS_SUCCESS;
; 262 : IoInput = (pPCIDP00_UNMAP_SEND)IoBuffer;
; 263 : ObjExt = (pPCIDP_EXTENSION)DeviceObject->DeviceExtension;
00000 8b 4c 24 04 mov ecx, DWORD PTR _DeviceObject$[esp-4]
00004 33 c0 xor eax, eax
; 264 :
; 265 : if(InputBufferLength >= sizeof(PCIDP00_UNMAP_SEND)){
00006 83 7c 24 10 04 cmp DWORD PTR _InputBufferLength$[esp-4], 4
0000b 56 push esi
0000c 8b 49 28 mov ecx, DWORD PTR [ecx+40]
0000f 72 2f jb SHORT $L6008
; 266 :
; 267 : // Don't try to unmap from I/O space but it's not a failure either.
; 268 : for(i=0; i<6; i++){
; 269 : if(IoInput->VirtualAddress == (ObjExt->BaseAddresses[i] & 0xFFFFFFFE))
00011 8b 74 24 10 mov esi, DWORD PTR _IoBuffer$[esp]
00015 33 d2 xor edx, edx
00017 57 push edi
00018 83 c1 0c add ecx, 12 ; 0000000cH
0001b 8b 36 mov esi, DWORD PTR [esi]
$L6009:
0001d 8b 39 mov edi, DWORD PTR [ecx]
0001f 83 e7 fe and edi, -2 ; fffffffeH
00022 3b f7 cmp esi, edi
00024 74 09 je SHORT $L6308
00026 42 inc edx
00027 83 c1 04 add ecx, 4
0002a 83 fa 06 cmp edx, 6
0002d 72 ee jb SHORT $L6009
$L6308:
; 270 : break;
; 271 : }
; 272 :
; 273 : if(i>=6){
0002f 83 fa 06 cmp edx, 6
00032 5f pop edi
00033 72 10 jb SHORT $L6016
; 274 : NTStatus = ZwUnmapViewOfSection(
; 275 : IN (HANDLE) -1,
; 276 : IN (PVOID)IoInput->VirtualAddress
; 277 : );
00035 56 push esi
00036 6a ff push -1
00038 ff 15 00 00 00
00 call DWORD PTR __imp__ZwUnmapViewOfSection@8
; 278 : }
; 279 : }
; 280 :
; 281 : else
0003e eb 05 jmp SHORT $L6016
$L6008:
; 282 : NTStatus = STATUS_INVALID_BUFFER_SIZE;
00040 b8 06 02 00 c0 mov eax, -1073741306 ; c0000206H
$L6016:
; 283 :
; 284 : Irp->IoStatus.Status = NTStatus;
00045 8b 4c 24 0c mov ecx, DWORD PTR _Irp$[esp]
00049 5e pop esi
0004a 89 41 18 mov DWORD PTR [ecx+24], eax
; 285 : }
0004d c2 10 00 ret 16 ; 00000010H
_PCIDPUnMap@16 ENDP
_TEXT ENDS
PUBLIC _PCIDPMapDMAMem@16
EXTRN __imp__MmMapLockedPages@8:NEAR
; COMDAT _PCIDPMapDMAMem@16
_TEXT SEGMENT
_DeviceObject$ = 8
_Irp$ = 12
_IoBuffer$ = 16
_OutputBufferLength$ = 20
_PCIDPMapDMAMem@16 PROC NEAR ; COMDAT
; 298 :
; 299 : NTSTATUS NTStatus;
; 300 : pPCIDP00_MAP_DMA_MEM_RECV IoOutput;
; 301 : pPCIDP_EXTENSION ObjExt;
; 302 :
; 303 : // Initialize variables.
; 304 : IoOutput = (pPCIDP00_MAP_DMA_MEM_RECV)IoBuffer;
; 305 : ObjExt = (pPCIDP_EXTENSION)DeviceObject->DeviceExtension;
00000 8b 44 24 04 mov eax, DWORD PTR _DeviceObject$[esp-4]
; 306 :
; 307 : if(OutputBufferLength >= sizeof(PCIDP00_MAP_DMA_MEM_RECV)){
00004 83 7c 24 10 08 cmp DWORD PTR _OutputBufferLength$[esp-4], 8
00009 56 push esi
0000a 57 push edi
0000b 8b 70 28 mov esi, DWORD PTR [eax+40]
0000e 8b 7c 24 10 mov edi, DWORD PTR _Irp$[esp+4]
00012 72 38 jb SHORT $L6033
; 308 : if(ObjExt->MDL){
00014 8b 86 8c 00 00
00 mov eax, DWORD PTR [esi+140]
0001a 85 c0 test eax, eax
0001c 74 27 je SHORT $L6034
; 309 : IoOutput->LinearAddress = (unsigned long)MmMapLockedPages(
; 310 : ObjExt->MDL,
; 311 : UserMode
; 312 : );
0001e 6a 01 push 1
00020 50 push eax
00021 ff 15 00 00 00
00 call DWORD PTR __imp__MmMapLockedPages@8
; 313 : if(IoOutput->LinearAddress != 0){
00027 85 c0 test eax, eax
00029 8b 4c 24 14 mov ecx, DWORD PTR _IoBuffer$[esp+4]
0002d 89 01 mov DWORD PTR [ecx], eax
0002f 74 14 je SHORT $L6034
; 314 : IoOutput->PhysicalAddress = ObjExt->PhysicalDMAAddress;
00031 8b 86 88 00 00
00 mov eax, DWORD PTR [esi+136]
00037 89 41 04 mov DWORD PTR [ecx+4], eax
; 315 : Irp->IoStatus.Information = sizeof(PCIDP00_MAP_DMA_MEM_RECV);
0003a c7 47 1c 08 00
00 00 mov DWORD PTR [edi+28], 8
; 316 : NTStatus = STATUS_SUCCESS;
00041 33 c0 xor eax, eax
; 317 : }
; 318 : else
00043 eb 0c jmp SHORT $L6043
$L6034:
; 319 : NTStatus = STATUS_NO_MEMORY;
00045 b8 17 00 00 c0 mov eax, -1073741801 ; c0000017H
; 320 : }
; 321 : else
0004a eb 05 jmp SHORT $L6043
$L6033:
; 322 : NTStatus = STATUS_NO_MEMORY;
; 323 :
; 324 : }
; 325 : else
; 326 : NTStatus = STATUS_INVALID_BUFFER_SIZE;
0004c b8 06 02 00 c0 mov eax, -1073741306 ; c0000206H
$L6043:
; 327 :
; 328 : Irp->IoStatus.Status = NTStatus;
00051 89 47 18 mov DWORD PTR [edi+24], eax
00054 5f pop edi
00055 5e pop esi
; 329 : }
00056 c2 10 00 ret 16 ; 00000010H
_PCIDPMapDMAMem@16 ENDP
_TEXT ENDS
PUBLIC _PCIDPCancelMapDMA@16
EXTRN __imp__IoAcquireCancelSpinLock@4:NEAR
EXTRN _PCIDPCancelMapDMARoutine@8:NEAR
EXTRN __imp__IoReleaseCancelSpinLock@4:NEAR
EXTRN _GetFreeEntry@4:NEAR
EXTRN _InsertEntry@8:NEAR
EXTRN @InterlockedExchange@8:NEAR
; COMDAT _PCIDPCancelMapDMA@16
_TEXT SEGMENT
_DeviceObject$ = 8
_Irp$ = 12
_IoBuffer$ = 16
_CancelSpin$ = 8
_PCIDPCancelMapDMA@16 PROC NEAR ; COMDAT
; 340 : ){
00000 55 push ebp
00001 8b ec mov ebp, esp
; 341 : KIRQL CancelSpin;
; 342 : pPCIDP00_UNMAP_DMA_SEND IoInput;
; 343 : pPCIDP_EXTENSION ObjExt;
; 344 : pLINKED_LIST LLEntry;
; 345 : NTSTATUS NTStatus;
; 346 :
; 347 : // Initialize variables.
; 348 : IoInput = (pPCIDP00_UNMAP_DMA_SEND)IoBuffer;
; 349 : ObjExt = (pPCIDP_EXTENSION)DeviceObject->DeviceExtension;
00003 8b 45 08 mov eax, DWORD PTR _DeviceObject$[ebp]
00006 53 push ebx
00007 56 push esi
00008 57 push edi
00009 8b 58 28 mov ebx, DWORD PTR [eax+40]
; 350 :
; 351 : //ObjExt->MemoryBase[0x1C5E]++; //debug
; 352 :
; 353 : // Get an empty linked list entry.
; 354 : LLEntry = GetFreeEntry(ObjExt);
0000c 53 push ebx
0000d e8 00 00 00 00 call _GetFreeEntry@4
; 355 : if(LLEntry != NULL){
00012 8b 75 0c mov esi, DWORD PTR _Irp$[ebp]
00015 8b f8 mov edi, eax
00017 85 ff test edi, edi
00019 74 40 je SHORT $L6062
; 356 :
; 357 : // Set up a cancel routine that unmaps the DMA should the application fail
; 358 : // to do so.
; 359 : IoMarkIrpPending (Irp);
0001b 8b 46 60 mov eax, DWORD PTR [esi+96]
0001e 80 48 03 01 or BYTE PTR [eax+3], 1
; 360 : IoAcquireCancelSpinLock (&CancelSpin);
00022 8d 45 08 lea eax, DWORD PTR _CancelSpin$[ebp]
00025 50 push eax
00026 ff 15 00 00 00
00 call DWORD PTR __imp__IoAcquireCancelSpinLock@4
; 361 : IoSetCancelRoutine (Irp, PCIDPCancelMapDMARoutine);
0002c ba 00 00 00 00 mov edx, OFFSET FLAT:_PCIDPCancelMapDMARoutine@8
00031 8d 4e 38 lea ecx, DWORD PTR [esi+56]
00034 e8 00 00 00 00 call @InterlockedExchange@8
; 362 : IoReleaseCancelSpinLock (CancelSpin);
00039 ff 75 08 push DWORD PTR _CancelSpin$[ebp]
0003c ff 15 00 00 00
00 call DWORD PTR __imp__IoReleaseCancelSpinLock@4
; 363 :
; 364 : // Add this IRP to the linked list
; 365 : // Save the linear address required to unmap DMA memory in Type.
; 366 : LLEntry->RegisteredInterrupt.Irp = Irp;
; 367 : LLEntry->RegisteredInterrupt.Type = (ULONG)IoInput->LinearAddress;
00042 8b 45 10 mov eax, DWORD PTR _IoBuffer$[ebp]
00045 89 77 10 mov DWORD PTR [edi+16], esi
; 368 : InsertEntry(ObjExt, LLEntry);
00048 57 push edi
00049 53 push ebx
0004a 8b 00 mov eax, DWORD PTR [eax]
0004c 89 47 0c mov DWORD PTR [edi+12], eax
0004f e8 00 00 00 00 call _InsertEntry@8
; 369 :
; 370 : //ObjExt->MemoryBase[0x1C5F]++; //debug
; 371 : //ObjExt->MemoryBase[0x1C60] = (ULONG)IoInput->LinearAddress; //debug
; 372 :
; 373 : // Return with I/O pending.
; 374 : NTStatus = STATUS_PENDING;
00054 b8 03 01 00 00 mov eax, 259 ; 00000103H
; 375 : }
; 376 : else
00059 eb 05 jmp SHORT $L6068
$L6062:
; 377 : NTStatus = STATUS_NO_MEMORY;
0005b b8 17 00 00 c0 mov eax, -1073741801 ; c0000017H
$L6068:
; 378 :
; 379 : // Return with current status.
; 380 : Irp->IoStatus.Status = NTStatus;
00060 89 46 18 mov DWORD PTR [esi+24], eax
00063 5f pop edi
00064 5e pop esi
00065 5b pop ebx
; 381 : }
00066 5d pop ebp
00067 c2 10 00 ret 16 ; 00000010H
_PCIDPCancelMapDMA@16 ENDP
_TEXT ENDS
PUBLIC _PCIDPUnMapDMA@16
EXTRN __imp__MmUnmapLockedPages@8:NEAR
EXTRN __imp_@IofCompleteRequest@8:NEAR
EXTRN _GetNextEntry@16:NEAR
EXTRN _PutBackEntry@8:NEAR
EXTRN _FreeEntry@8:NEAR
; COMDAT _PCIDPUnMapDMA@16
_TEXT SEGMENT
_DeviceObject$ = 8
_Irp$ = 12
_IoBuffer$ = 16
_InputBufferLength$ = 20
_NTStatus$ = -4
_RegisteredInt$ = 8
_CancelSpin$ = -12
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -