pcidppublic.asm

一个amccs5933芯片的驱动程序开发源程序和部分文档

	jmp	SHORT $ExitA$8477
$L8475:

; 101  : 		NTStatus = STATUS_INVALID_BUFFER_SIZE;

	mov	DWORD PTR _NTStatus$[ebp], -1073741306	; c0000206H
$ExitA$8477:

; 237  : 
; 238  : 	ExitA:
; 239  : 	Irp->IoStatus.Status = NTStatus;

	mov	ecx, DWORD PTR _Irp$[ebp]
	mov	eax, DWORD PTR _NTStatus$[ebp]
	pop	edi
	pop	esi
	mov	DWORD PTR [ecx+24], eax
	pop	ebx

; 240  : }

	leave
	ret	20					; 00000014H
_PCIDPMapBaseRegs@20 ENDP
_TEXT	ENDS
PUBLIC	_PCIDPUnMap@16
EXTRN	__imp__ZwUnmapViewOfSection@8:NEAR
;	COMDAT _PCIDPUnMap@16
_TEXT	SEGMENT
_DeviceObject$ = 8
_Irp$ = 12
_IoBuffer$ = 16
_InputBufferLength$ = 20
_PCIDPUnMap@16 PROC NEAR				; COMDAT

; 253  : 
; 254  : 	// Define variables.
; 255  : 	ULONG i;
; 256  : 	NTSTATUS NTStatus;
; 257  : 	PPCIDP00_UNMAP_SEND IoInput;
; 258  : 	PPCIDP_EXTENSION ObjExt;
; 259  : 
; 260  : 	// Initialize variables.
; 261  : 	NTStatus = STATUS_SUCCESS;

	xor	eax, eax

; 262  : 	IoInput = (PPCIDP00_UNMAP_SEND)IoBuffer;
; 263  : 	ObjExt = (PPCIDP_EXTENSION)DeviceObject->DeviceExtension;
; 264  : 
; 265  : 	if(InputBufferLength >= sizeof(PCIDP00_UNMAP_SEND)){

	cmp	DWORD PTR _InputBufferLength$[esp-4], 4
	jb	SHORT $L8525

; 266  : 
; 267  : 		// Don't try to unmap from I/O space but it's not a failure either.
; 268  : 		// Do unmap from memory space.
; 269  : 		if(IoInput->VirtualAddress != (ULONG)ObjExt->IOAccess.LowPart){

	mov	edx, DWORD PTR _DeviceObject$[esp-4]
	mov	ecx, DWORD PTR _IoBuffer$[esp-4]
	mov	edx, DWORD PTR [edx+40]
	mov	ecx, DWORD PTR [ecx]
	cmp	ecx, DWORD PTR [edx+8]
	je	SHORT $L8530

; 270  : 			NTStatus = ZwUnmapViewOfSection(
; 271  : 				IN (HANDLE) -1,
; 272  : 				IN (PVOID)IoInput->VirtualAddress
; 273  : 			);

	push	ecx
	push	-1
	call	DWORD PTR __imp__ZwUnmapViewOfSection@8

; 274  : 		}
; 275  : 	}
; 276  : 
; 277  : 	else

	jmp	SHORT $L8530
$L8525:

; 278  : 		NTStatus = STATUS_INVALID_BUFFER_SIZE;

	mov	eax, -1073741306			; c0000206H
$L8530:

; 279  : 
; 280  : 	Irp->IoStatus.Status = NTStatus;

	mov	ecx, DWORD PTR _Irp$[esp-4]
	mov	DWORD PTR [ecx+24], eax

; 281  : }

	ret	16					; 00000010H
_PCIDPUnMap@16 ENDP
_TEXT	ENDS
PUBLIC	_PCIDPMapDMAMem@16
EXTRN	__imp__MmMapLockedPages@8:NEAR
;	COMDAT _PCIDPMapDMAMem@16
_TEXT	SEGMENT
_DeviceObject$ = 8
_Irp$ = 12
_IoBuffer$ = 16
_OutputBufferLength$ = 20
_PCIDPMapDMAMem@16 PROC NEAR				; COMDAT

; 294  : 
; 295  : 	NTSTATUS NTStatus;
; 296  : 	PPCIDP00_MAP_DMA_MEM_RECV IoOutput;
; 297  : 	PPCIDP_EXTENSION ObjExt;
; 298  : 
; 299  : 	// Initialize variables.
; 300  : 	IoOutput = (PPCIDP00_MAP_DMA_MEM_RECV)IoBuffer;
; 301  : 	ObjExt = (PPCIDP_EXTENSION)DeviceObject->DeviceExtension;

	mov	eax, DWORD PTR _DeviceObject$[esp-4]

; 302  : 
; 303  : 	if(OutputBufferLength >= sizeof(PCIDP00_MAP_DMA_MEM_RECV)){

	cmp	DWORD PTR _OutputBufferLength$[esp-4], 8
	push	esi
	push	edi
	mov	esi, DWORD PTR [eax+40]
	mov	edi, DWORD PTR _Irp$[esp+4]
	jb	SHORT $L8547

; 304  : 		if(ObjExt->MDL){

	mov	eax, DWORD PTR [esi+128]
	test	eax, eax
	je	SHORT $L8548

; 305  : 			IoOutput->LinearAddress = (unsigned long)MmMapLockedPages(
; 306  : 				ObjExt->MDL, 
; 307  : 				UserMode
; 308  : 			);

	push	1
	push	eax
	call	DWORD PTR __imp__MmMapLockedPages@8

; 309  : 			if(IoOutput->LinearAddress != 0){

	test	eax, eax
	mov	ecx, DWORD PTR _IoBuffer$[esp+4]
	mov	DWORD PTR [ecx], eax
	je	SHORT $L8548

; 310  : 				IoOutput->PhysicalAddress = ObjExt->PhysicalDMAAddress;

	mov	eax, DWORD PTR [esi+124]
	mov	DWORD PTR [ecx+4], eax

; 311  : 				Irp->IoStatus.Information = sizeof(PCIDP00_MAP_DMA_MEM_RECV);

	mov	DWORD PTR [edi+28], 8

; 312  : 				NTStatus = STATUS_SUCCESS;

	xor	eax, eax

; 313  : 			}
; 314  : 			else

	jmp	SHORT $L8557
$L8548:

; 315  : 				NTStatus = STATUS_NO_MEMORY;

	mov	eax, -1073741801			; c0000017H

; 316  : 		}
; 317  : 		else

	jmp	SHORT $L8557
$L8547:

; 318  : 			NTStatus = STATUS_NO_MEMORY;
; 319  : 
; 320  : 	}
; 321  : 	else
; 322  : 		NTStatus = STATUS_INVALID_BUFFER_SIZE;

	mov	eax, -1073741306			; c0000206H
$L8557:

; 323  : 
; 324  : 	Irp->IoStatus.Status = NTStatus;

	mov	DWORD PTR [edi+24], eax
	pop	edi
	pop	esi

; 325  : }

	ret	16					; 00000010H
_PCIDPMapDMAMem@16 ENDP
_TEXT	ENDS
PUBLIC	_PCIDPCancelMapDMA@16
EXTRN	_PCIDPCancelMapDMARoutine@8:NEAR
EXTRN	_GetFreeEntry@4:NEAR
EXTRN	_InsertEntry@8:NEAR
EXTRN	__imp__IoAcquireCancelSpinLock@4:NEAR
EXTRN	__imp_@InterlockedExchange@8:NEAR
EXTRN	__imp__IoReleaseCancelSpinLock@4:NEAR
;	COMDAT _PCIDPCancelMapDMA@16
_TEXT	SEGMENT
_DeviceObject$ = 8
_Irp$ = 12
_IoBuffer$ = 16
_CancelSpin$ = 8
_PCIDPCancelMapDMA@16 PROC NEAR				; COMDAT

; 336  : ){

	push	ebp
	mov	ebp, esp

; 337  : 	KIRQL CancelSpin;
; 338  : 	PPCIDP00_UNMAP_DMA_SEND IoInput;
; 339  : 	PPCIDP_EXTENSION ObjExt;
; 340  :   PLINKED_LIST LLEntry;
; 341  : 	NTSTATUS NTStatus;
; 342  : 
; 343  : 	// Initialize variables.
; 344  : 	IoInput = (PPCIDP00_UNMAP_DMA_SEND)IoBuffer;
; 345  : 	ObjExt = (PPCIDP_EXTENSION)DeviceObject->DeviceExtension;

	mov	eax, DWORD PTR _DeviceObject$[ebp]
	push	ebx
	push	esi
	push	edi
	mov	ebx, DWORD PTR [eax+40]

; 346  : 
; 347  : 	//ObjExt->MemoryBase[0x1C5E]++;	//debug
; 348  : 
; 349  : 	// Get an empty linked list entry.
; 350  : 	LLEntry = GetFreeEntry(ObjExt);

	push	ebx
	call	_GetFreeEntry@4

; 351  : 	if(LLEntry != NULL){

	mov	esi, DWORD PTR _Irp$[ebp]
	mov	edi, eax
	test	edi, edi
	je	SHORT $L8576

; 352  : 
; 353  : 		// Set up a cancel routine that unmaps the DMA should the application fail
; 354  : 		// to do so.
; 355  : 		IoMarkIrpPending (Irp);

	mov	eax, DWORD PTR [esi+96]
	or	BYTE PTR [eax+3], 1

; 356  : 		IoAcquireCancelSpinLock (&CancelSpin);

	lea	eax, DWORD PTR _CancelSpin$[ebp]
	push	eax
	call	DWORD PTR __imp__IoAcquireCancelSpinLock@4

; 357  : 		IoSetCancelRoutine (Irp, PCIDPCancelMapDMARoutine);

	mov	edx, OFFSET FLAT:_PCIDPCancelMapDMARoutine@8
	lea	ecx, DWORD PTR [esi+56]
	call	DWORD PTR __imp_@InterlockedExchange@8

; 358  : 		IoReleaseCancelSpinLock (CancelSpin);

	push	DWORD PTR _CancelSpin$[ebp]
	call	DWORD PTR __imp__IoReleaseCancelSpinLock@4

; 359  : 
; 360  : 		// Add this IRP to the linked list
; 361  : 		// Save the linear address required to unmap DMA memory in Type.
; 362  : 		LLEntry->RegisteredInterrupt.Irp = Irp;
; 363  : 		LLEntry->RegisteredInterrupt.Type = (ULONG)IoInput->LinearAddress;

	mov	eax, DWORD PTR _IoBuffer$[ebp]
	mov	DWORD PTR [edi+16], esi

; 364  : 		InsertEntry(ObjExt, LLEntry);

	push	edi
	push	ebx
	mov	eax, DWORD PTR [eax]
	mov	DWORD PTR [edi+12], eax
	call	_InsertEntry@8

; 365  : 
; 366  : 		//ObjExt->MemoryBase[0x1C5F]++;	//debug
; 367  : 		//ObjExt->MemoryBase[0x1C60] = (ULONG)IoInput->LinearAddress;	//debug
; 368  : 
; 369  : 		// Return with I/O pending.
; 370  : 		NTStatus = STATUS_PENDING;

	mov	eax, 259				; 00000103H

; 371  : 	}
; 372  : 	else

	jmp	SHORT $L8585
$L8576:

; 373  : 		NTStatus = STATUS_NO_MEMORY;

	mov	eax, -1073741801			; c0000017H
$L8585:

; 374  : 
; 375  : 	// Return with current status.
; 376  : 	Irp->IoStatus.Status = NTStatus;

	mov	DWORD PTR [esi+24], eax
	pop	edi
	pop	esi
	pop	ebx

; 377  : }

	pop	ebp
	ret	16					; 00000010H
_PCIDPCancelMapDMA@16 ENDP
_TEXT	ENDS
PUBLIC	_PCIDPUnMapDMA@16
EXTRN	__imp__MmUnmapLockedPages@8:NEAR
EXTRN	_GetNextEntry@16:NEAR
EXTRN	_PutBackEntry@8:NEAR
EXTRN	_FreeEntry@8:NEAR
EXTRN	__imp_@IofCompleteRequest@8:NEAR
;	COMDAT _PCIDPUnMapDMA@16
_TEXT	SEGMENT
_DeviceObject$ = 8
_Irp$ = 12
_IoBuffer$ = 16
_InputBufferLength$ = 20
_NTStatus$ = -4
_RegisteredInt$ = 8
_CancelSpin$ = -12
_CurrentLink$ = 20
_FirstLink$ = -8
_PCIDPUnMapDMA@16 PROC NEAR				; COMDAT

; 388  : ){

	push	ebp
	mov	ebp, esp
	sub	esp, 12					; 0000000cH

; 389  : 
; 390  : 	// Define variables.
; 391  : 	ULONG i;
; 392  : 	NTSTATUS NTStatus;
; 393  : 	PPCIDP00_UNMAP_DMA_SEND IoInput;
; 394  : 	PPCIDP_EXTENSION ObjExt;
; 395  : 	PMDL Mdl;
; 396  : 	PREGISTERED_INTERRUPT RegisteredInt;
; 397  : 	KIRQL CancelSpin;
; 398  : 	PLINKED_LIST CurrentLink;
; 399  : 	PLINKED_LIST FirstLink;
; 400  : 
; 401  : 	// Initialize variables.
; 402  : 	NTStatus = STATUS_SUCCESS;
; 403  : 	IoInput = (PPCIDP00_UNMAP_DMA_SEND)IoBuffer;
; 404  : 	ObjExt = (PPCIDP_EXTENSION)DeviceObject->DeviceExtension;

	mov	eax, DWORD PTR _DeviceObject$[ebp]

; 405  : 
; 406  : 	if(InputBufferLength >= sizeof(PCIDP00_UNMAP_DMA_SEND)){

	cmp	DWORD PTR _InputBufferLength$[ebp], 4
	push	ebx
	push	edi
	mov	edi, DWORD PTR [eax+40]
	jb	$L8609

; 407  : 		if(ObjExt->MDL){

	mov	eax, DWORD PTR [edi+128]
	xor	ebx, ebx
	cmp	eax, ebx
	je	$L8610

; 408  : 			MmUnmapLockedPages((PVOID)IoInput->LinearAddress, ObjExt->MDL);

	push	eax
	mov	eax, DWORD PTR _IoBuffer$[ebp]
	push	DWORD PTR [eax]
	call	DWORD PTR __imp__MmUnmapLockedPages@8

; 409  : 			NTStatus = STATUS_SUCCESS;
; 410  : 
; 411  : 			//ObjExt->MemoryBase[0x1C61]++;	//debug
; 412  : 
; 413  : 			// Cancel the CancelMapDMA pending irp.
; 414  : 			CurrentLink = NULL;
; 415  : 			FirstLink = NULL;
; 416  : 			while(GetNextEntry(ObjExt, &FirstLink, &CurrentLink, &RegisteredInt) == TRUE){

	lea	eax, DWORD PTR _RegisteredInt$[ebp]
	mov	DWORD PTR _NTStatus$[ebp], ebx
	push	eax
	lea	eax, DWORD PTR _CurrentLink$[ebp]
	push	eax
	lea	eax, DWORD PTR _FirstLink$[ebp]
	push	eax
	push	edi
	mov	DWORD PTR _CurrentLink$[ebp], ebx
	mov	DWORD PTR _FirstLink$[ebp], ebx
	call	_GetNextEntry@16
	cmp	al, 1
	jne	$L8630
	push	esi
	mov	esi, DWORD PTR __imp__IoReleaseCancelSpinLock@4
$L8616:

; 417  : 
; 418  : 				//ObjExt->MemoryBase[0x1C62]++;	//debug
; 419  : 
; 420  : 				if(IoInput->LinearAddress == RegisteredInt->Type){

	mov	eax, DWORD PTR _IoBuffer$[ebp]
	mov	ecx, DWORD PTR _RegisteredInt$[ebp]
	mov	eax, DWORD PTR [eax]
	cmp	eax, DWORD PTR [ecx]
	jne	SHORT $L8618

; 421  : 
; 422  : 					// Found an entry.  Disable the cancel routine, complete the I/O for
; 423  : 					// this IRP, then delete the linked	list entry.
; 424  : 					IoAcquireCancelSpinLock (&CancelSpin);

	lea	eax, DWORD PTR _CancelSpin$[ebp]
	push	eax
	call	DWORD PTR __imp__IoAcquireCancelSpinLock@4

; 425  : 					IoSetCancelRoutine(RegisteredInt->Irp, NULL);

	mov	eax, DWORD PTR _RegisteredInt$[ebp]
	xor	edx, edx
	mov	ecx, DWORD PTR [eax+4]
	add	ecx, 56					; 00000038H
	call	DWORD PTR __imp_@InterlockedExchange@8

; 426  : 					IoReleaseCancelSpinLock (CancelSpin);

	push	DWORD PTR _CancelSpin$[ebp]
	call	esi

; 427  : 					IoReleaseCancelSpinLock (RegisteredInt->Irp->CancelIrql);

	mov	eax, DWORD PTR _RegisteredInt$[ebp]
	mov	eax, DWORD PTR [eax+4]
	mov	al, BYTE PTR [eax+37]
	push	eax
	call	esi

; 428  : 					RegisteredInt->Irp->IoStatus.Status = STATUS_SUCCESS ;

	mov	eax, DWORD PTR _RegisteredInt$[ebp]

; 429  : 					RegisteredInt->Irp->IoStatus.Information = 0 ;
; 430  : 					IoCompleteRequest(RegisteredInt->Irp, IO_NO_INCREMENT);

	xor	dl, dl
	mov	eax, DWORD PTR [eax+4]
	mov	DWORD PTR [eax+24], ebx
	mov	eax, DWORD PTR _RegisteredInt$[ebp]
	mov	eax, DWORD PTR [eax+4]
	mov	DWORD PTR [eax+28], ebx
	mov	eax, DWORD PTR _RegisteredInt$[ebp]