📄 pcidppublic.cod
字号:
00154 ff 75 f8 push DWORD PTR _PhysicalMemoryHandle$[ebp]
00157 ff 15 00 00 00
00 call DWORD PTR __imp__ZwClose@4
0015d eb 07 jmp SHORT $ExitA$8464
$L8462:
; 101 : NTStatus = STATUS_INVALID_BUFFER_SIZE;
0015f c7 45 fc 06 02
00 c0 mov DWORD PTR _NTStatus$[ebp], -1073741306 ; c0000206H
$ExitA$8464:
; 237 :
; 238 : ExitA:
; 239 : Irp->IoStatus.Status = NTStatus;
00166 8b 4d 0c mov ecx, DWORD PTR _Irp$[ebp]
00169 8b 45 fc mov eax, DWORD PTR _NTStatus$[ebp]
0016c 5f pop edi
0016d 5e pop esi
0016e 89 41 18 mov DWORD PTR [ecx+24], eax
00171 5b pop ebx
; 240 : }
00172 c9 leave
00173 c2 14 00 ret 20 ; 00000014H
_PCIDPMapBaseRegs@20 ENDP
_TEXT ENDS
PUBLIC _PCIDPUnMap@16
EXTRN __imp__ZwUnmapViewOfSection@8:NEAR
; COMDAT _PCIDPUnMap@16
_TEXT SEGMENT
_DeviceObject$ = 8
_Irp$ = 12
_IoBuffer$ = 16
_InputBufferLength$ = 20
_PCIDPUnMap@16 PROC NEAR ; COMDAT
; 253 :
; 254 : // Define variables.
; 255 : ULONG i;
; 256 : NTSTATUS NTStatus;
; 257 : PPCIDP00_UNMAP_SEND IoInput;
; 258 : PPCIDP_EXTENSION ObjExt;
; 259 :
; 260 : // Initialize variables.
; 261 : NTStatus = STATUS_SUCCESS;
00000 33 c0 xor eax, eax
; 262 : IoInput = (PPCIDP00_UNMAP_SEND)IoBuffer;
; 263 : ObjExt = (PPCIDP_EXTENSION)DeviceObject->DeviceExtension;
; 264 :
; 265 : if(InputBufferLength >= sizeof(PCIDP00_UNMAP_SEND)){
00002 83 7c 24 10 04 cmp DWORD PTR _InputBufferLength$[esp-4], 4
00007 72 1d jb SHORT $L8512
; 266 :
; 267 : // Don't try to unmap from I/O space but it's not a failure either.
; 268 : // Do unmap from memory space.
; 269 : if(IoInput->VirtualAddress != (ULONG)ObjExt->IOAccess.LowPart){
00009 8b 54 24 04 mov edx, DWORD PTR _DeviceObject$[esp-4]
0000d 8b 4c 24 0c mov ecx, DWORD PTR _IoBuffer$[esp-4]
00011 8b 52 28 mov edx, DWORD PTR [edx+40]
00014 8b 09 mov ecx, DWORD PTR [ecx]
00016 3b 4a 08 cmp ecx, DWORD PTR [edx+8]
00019 74 10 je SHORT $L8517
; 270 : NTStatus = ZwUnmapViewOfSection(
; 271 : IN (HANDLE) -1,
; 272 : IN (PVOID)IoInput->VirtualAddress
; 273 : );
0001b 51 push ecx
0001c 6a ff push -1
0001e ff 15 00 00 00
00 call DWORD PTR __imp__ZwUnmapViewOfSection@8
; 274 : }
; 275 : }
; 276 :
; 277 : else
00024 eb 05 jmp SHORT $L8517
$L8512:
; 278 : NTStatus = STATUS_INVALID_BUFFER_SIZE;
00026 b8 06 02 00 c0 mov eax, -1073741306 ; c0000206H
$L8517:
; 279 :
; 280 : Irp->IoStatus.Status = NTStatus;
0002b 8b 4c 24 08 mov ecx, DWORD PTR _Irp$[esp-4]
0002f 89 41 18 mov DWORD PTR [ecx+24], eax
; 281 : }
00032 c2 10 00 ret 16 ; 00000010H
_PCIDPUnMap@16 ENDP
_TEXT ENDS
PUBLIC _PCIDPMapDMAMem@16
EXTRN __imp__MmMapLockedPages@8:NEAR
; COMDAT _PCIDPMapDMAMem@16
_TEXT SEGMENT
_DeviceObject$ = 8
_Irp$ = 12
_IoBuffer$ = 16
_OutputBufferLength$ = 20
_PCIDPMapDMAMem@16 PROC NEAR ; COMDAT
; 294 :
; 295 : NTSTATUS NTStatus;
; 296 : PPCIDP00_MAP_DMA_MEM_RECV IoOutput;
; 297 : PPCIDP_EXTENSION ObjExt;
; 298 :
; 299 : // Initialize variables.
; 300 : IoOutput = (PPCIDP00_MAP_DMA_MEM_RECV)IoBuffer;
; 301 : ObjExt = (PPCIDP_EXTENSION)DeviceObject->DeviceExtension;
00000 8b 44 24 04 mov eax, DWORD PTR _DeviceObject$[esp-4]
; 302 :
; 303 : if(OutputBufferLength >= sizeof(PCIDP00_MAP_DMA_MEM_RECV)){
00004 83 7c 24 10 08 cmp DWORD PTR _OutputBufferLength$[esp-4], 8
00009 56 push esi
0000a 57 push edi
0000b 8b 70 28 mov esi, DWORD PTR [eax+40]
0000e 8b 7c 24 10 mov edi, DWORD PTR _Irp$[esp+4]
00012 72 35 jb SHORT $L8534
; 304 : if(ObjExt->MDL){
00014 8b 86 80 00 00
00 mov eax, DWORD PTR [esi+128]
0001a 85 c0 test eax, eax
0001c 74 24 je SHORT $L8535
; 305 : IoOutput->LinearAddress = (unsigned long)MmMapLockedPages(
; 306 : ObjExt->MDL,
; 307 : UserMode
; 308 : );
0001e 6a 01 push 1
00020 50 push eax
00021 ff 15 00 00 00
00 call DWORD PTR __imp__MmMapLockedPages@8
; 309 : if(IoOutput->LinearAddress != 0){
00027 85 c0 test eax, eax
00029 8b 4c 24 14 mov ecx, DWORD PTR _IoBuffer$[esp+4]
0002d 89 01 mov DWORD PTR [ecx], eax
0002f 74 11 je SHORT $L8535
; 310 : IoOutput->PhysicalAddress = ObjExt->PhysicalDMAAddress;
00031 8b 46 7c mov eax, DWORD PTR [esi+124]
00034 89 41 04 mov DWORD PTR [ecx+4], eax
; 311 : Irp->IoStatus.Information = sizeof(PCIDP00_MAP_DMA_MEM_RECV);
00037 c7 47 1c 08 00
00 00 mov DWORD PTR [edi+28], 8
; 312 : NTStatus = STATUS_SUCCESS;
0003e 33 c0 xor eax, eax
; 313 : }
; 314 : else
00040 eb 0c jmp SHORT $L8544
$L8535:
; 315 : NTStatus = STATUS_NO_MEMORY;
00042 b8 17 00 00 c0 mov eax, -1073741801 ; c0000017H
; 316 : }
; 317 : else
00047 eb 05 jmp SHORT $L8544
$L8534:
; 318 : NTStatus = STATUS_NO_MEMORY;
; 319 :
; 320 : }
; 321 : else
; 322 : NTStatus = STATUS_INVALID_BUFFER_SIZE;
00049 b8 06 02 00 c0 mov eax, -1073741306 ; c0000206H
$L8544:
; 323 :
; 324 : Irp->IoStatus.Status = NTStatus;
0004e 89 47 18 mov DWORD PTR [edi+24], eax
00051 5f pop edi
00052 5e pop esi
; 325 : }
00053 c2 10 00 ret 16 ; 00000010H
_PCIDPMapDMAMem@16 ENDP
_TEXT ENDS
PUBLIC _PCIDPCancelMapDMA@16
EXTRN _GetFreeEntry@4:NEAR
EXTRN _InsertEntry@8:NEAR
EXTRN __imp__IoAcquireCancelSpinLock@4:NEAR
EXTRN __imp_@InterlockedExchange@8:NEAR
EXTRN __imp__IoReleaseCancelSpinLock@4:NEAR
EXTRN _PCIDPCancelMapDMARoutine@8:NEAR
; COMDAT _PCIDPCancelMapDMA@16
_TEXT SEGMENT
_DeviceObject$ = 8
_Irp$ = 12
_IoBuffer$ = 16
_CancelSpin$ = 8
_PCIDPCancelMapDMA@16 PROC NEAR ; COMDAT
; 336 : ){
00000 55 push ebp
00001 8b ec mov ebp, esp
; 337 : KIRQL CancelSpin;
; 338 : PPCIDP00_UNMAP_DMA_SEND IoInput;
; 339 : PPCIDP_EXTENSION ObjExt;
; 340 : PLINKED_LIST LLEntry;
; 341 : NTSTATUS NTStatus;
; 342 :
; 343 : // Initialize variables.
; 344 : IoInput = (PPCIDP00_UNMAP_DMA_SEND)IoBuffer;
; 345 : ObjExt = (PPCIDP_EXTENSION)DeviceObject->DeviceExtension;
00003 8b 45 08 mov eax, DWORD PTR _DeviceObject$[ebp]
00006 53 push ebx
00007 56 push esi
00008 57 push edi
00009 8b 58 28 mov ebx, DWORD PTR [eax+40]
; 346 :
; 347 : //ObjExt->MemoryBase[0x1C5E]++; //debug
; 348 :
; 349 : // Get an empty linked list entry.
; 350 : LLEntry = GetFreeEntry(ObjExt);
0000c 53 push ebx
0000d e8 00 00 00 00 call _GetFreeEntry@4
; 351 : if(LLEntry != NULL){
00012 8b 75 0c mov esi, DWORD PTR _Irp$[ebp]
00015 8b f8 mov edi, eax
00017 85 ff test edi, edi
00019 74 41 je SHORT $L8563
; 352 :
; 353 : // Set up a cancel routine that unmaps the DMA should the application fail
; 354 : // to do so.
; 355 : IoMarkIrpPending (Irp);
0001b 8b 46 60 mov eax, DWORD PTR [esi+96]
0001e 80 48 03 01 or BYTE PTR [eax+3], 1
; 356 : IoAcquireCancelSpinLock (&CancelSpin);
00022 8d 45 08 lea eax, DWORD PTR _CancelSpin$[ebp]
00025 50 push eax
00026 ff 15 00 00 00
00 call DWORD PTR __imp__IoAcquireCancelSpinLock@4
; 357 : IoSetCancelRoutine (Irp, PCIDPCancelMapDMARoutine);
0002c ba 00 00 00 00 mov edx, OFFSET FLAT:_PCIDPCancelMapDMARoutine@8
00031 8d 4e 38 lea ecx, DWORD PTR [esi+56]
00034 ff 15 00 00 00
00 call DWORD PTR __imp_@InterlockedExchange@8
; 358 : IoReleaseCancelSpinLock (CancelSpin);
0003a ff 75 08 push DWORD PTR _CancelSpin$[ebp]
0003d ff 15 00 00 00
00 call DWORD PTR __imp__IoReleaseCancelSpinLock@4
; 359 :
; 360 : // Add this IRP to the linked list
; 361 : // Save the linear address required to unmap DMA memory in Type.
; 362 : LLEntry->RegisteredInterrupt.Irp = Irp;
; 363 : LLEntry->RegisteredInterrupt.Type = (ULONG)IoInput->LinearAddress;
00043 8b 45 10 mov eax, DWORD PTR _IoBuffer$[ebp]
00046 89 77 10 mov DWORD PTR [edi+16], esi
; 364 : InsertEntry(ObjExt, LLEntry);
00049 57 push edi
0004a 53 push ebx
0004b 8b 00 mov eax, DWORD PTR [eax]
0004d 89 47 0c mov DWORD PTR [edi+12], eax
00050 e8 00 00 00 00 call _InsertEntry@8
; 365 :
; 366 : //ObjExt->MemoryBase[0x1C5F]++; //debug
; 367 : //ObjExt->MemoryBase[0x1C60] = (ULONG)IoInput->LinearAddress; //debug
; 368 :
; 369 : // Return with I/O pending.
; 370 : NTStatus = STATUS_PENDING;
00055 b8 03 01 00 00 mov eax, 259 ; 00000103H
; 371 : }
; 372 : else
0005a eb 05 jmp SHORT $L8572
$L8563:
; 373 : NTStatus = STATUS_NO_MEMORY;
0005c b8 17 00 00 c0 mov eax, -1073741801 ; c0000017H
$L8572:
; 374 :
; 375 : // Return with current status.
; 376 : Irp->IoStatus.Status = NTStatus;
00061 89 46 18 mov DWORD PTR [esi+24], eax
00064 5f pop edi
00065 5e pop esi
00066 5b pop ebx
; 377 : }
00067 5d pop ebp
00068 c2 10 00 ret 16 ; 00000010H
_PCIDPCancelMapDMA@16 ENDP
_TEXT ENDS
PUBLIC _PCIDPUnMapDMA@16
EXTRN __imp__MmUnmapLockedPages@8:NEAR
EXTRN _GetNextEntry@16:NEAR
EXTRN _PutBackEntry@8:NEAR
EXTRN _FreeEntry@8:NEAR
EXTRN __imp_@IofCompleteRequest@8:NEAR
; COMDAT _PCIDPUnMapDMA@16
_TEXT SEGMENT
_DeviceObject$ = 8
_Irp$ = 12
_IoBuffer$ = 16
_InputBufferLength$ = 20
_NTStatus$ = 16
_RegisteredInt$ = 8
_CancelSpin$ = -8
_CurrentLink$ = 20
_FirstLink$ = -4
_PCIDPUnMapDMA@16 PROC NEAR ; COMDAT
; 388 : ){
00000 55 push ebp
00001 8b ec mov ebp, esp
00003 51 push ecx
00004 51 push ecx
; 389 :
; 390 : // Define variables.
; 391 : ULONG i;
; 392 : NTSTATUS NTStatus;
; 393 : PPCIDP00_UNMAP_DMA_SEND IoInput;
; 394 : PPCIDP_EXTENSION ObjExt;
; 395 : PMDL Mdl;
; 396 : PREGISTERED_INTERRUPT RegisteredInt;
; 397 : KIRQL CancelSpin;
; 398 : PLINKED_LIST CurrentLink;
; 399 : PLINKED_LIST FirstLink;
; 400 :
; 401 : // Initialize variables.
; 402 : NTStatus = STATUS_SUCCESS;
; 403 : IoInput = (PPCIDP00_UNMAP_DMA_SEND)IoBuffer;
; 404 : ObjExt = (PPCIDP_EXTENSION)DeviceObject->DeviceExtension;
00005 8b 45 08 mov eax, DWORD PTR _DeviceObject$[ebp]
; 405 :
; 406 : if(InputBufferLength >= sizeof(PCIDP00_UNMAP_DMA_SEND)){
00008 83 7d 14 04 cmp DWORD PTR _InputBufferLength$[ebp], 4
0000c 53 push ebx
0000d 56 push esi
0000e 8b 70 28 mov esi, DWORD PTR [eax+40]
00011 57 push edi
00012 0f 82 a7 00 00
00 jb $L8596
; 407 : if(ObjExt->MDL){
00018 8b 86 80 00 00
00 mov eax, DWORD PTR [esi+128]
0001e 33 ff xor edi, edi
00020 3b c7 cmp eax, edi
00022 0f 84 8e 00 00
00 je $L8597
; 408 : MmUnmapLockedPages((PVOID)IoInput->LinearAddress, ObjExt->MDL);
00028 8b 5d 10 mov ebx, DWORD PTR _IoBuffer$[ebp]
0002b 50 push eax
0002c ff 33 push DWORD PTR [ebx]
0002e ff 15 00 00 00
00 call DWORD PTR __imp__MmUnmapLockedPages@8
; 409 : NTStatus = STATUS_SUCCESS;
00034 89 7d 10 mov DWORD PTR _NTStatus$[ebp], edi
; 410 :
; 411 : //ObjExt->MemoryBase[0x1C61]++; //debug
; 412 :
; 413 : // Cancel the CancelMapDMA pending irp.
; 414 : CurrentLink = NULL;
00037 89 7d 14 mov DWORD PTR _CurrentLink$[ebp], edi
; 415 : FirstLink = NULL;
0003a 89 7d fc mov DWORD PTR _FirstLink$[ebp], edi
$L8821:
; 416 : while(GetNextEntry(ObjExt, &FirstLink, &CurrentLink, &RegisteredInt) == TRUE){
0003d 8d 45 08 lea eax, DWORD PTR _RegisteredInt$[ebp]
00040 50 push eax
00041 8d 45 14 lea eax, DWORD PTR _CurrentLink$[ebp]
00044 50 push eax
00045 8d 45 fc lea eax, DWORD PTR _FirstLink$[ebp]
00048 50 push eax
00049 56 push esi
0004a e8 00 00 00 00 call _GetNextEntry@16
0004f 3c 01 cmp al, 1
00051 75 73 jne SHORT $L8617
; 417 :
; 418 : //ObjExt->MemoryBase[0x1C62]++; //debug
; 419 :
; 420 : if(IoInput->LinearAddress == RegisteredInt->Type){
00053 8b 4d 08 mov ecx, DWORD PTR _RegisteredInt$[ebp]
00056 8b 03 mov eax, DWORD PTR [ebx]
00058 3b 01 cmp eax, DWORD PTR [ecx]
0005a 75 4f jne SHORT $L8605
; 421 :
; 422 : // Found an entry. Disable the cancel routine, complete the I/O for
; 423 : // this IRP, then delete the linked list entry.
; 424 : IoAcquireCancelSpinLock (&CancelSpin);
0005c 8d 45 f8 lea eax, DWORD PTR _CancelSpin$[ebp]
0005f 50 push eax
00060 ff 15 00 00 00
00 call DWORD PTR __imp__IoAcquireCancelSpinLock@4
; 425 : IoSetCancelRoutine(RegisteredInt->Irp, NULL);
00066 8b 45 08 mov eax, DWORD PTR _RegisteredInt$[ebp]
00069 33 d2 xor edx, edx
0006b 8b 48 04 mov ecx, DWORD PTR [eax+4]
0006e 83 c1 38 add ecx, 56 ; 00000038H
00071 ff 15 00 00 00
00 call DWORD PTR __imp_@InterlockedExchange@8
; 426 : IoReleaseCancelSpinLock (CancelSpin);
00077 ff 75 f8 push DWORD PTR _CancelSpin$[ebp]
0007a ff 15 00 00 00
00 call DWORD PTR __imp__IoReleaseCancelSpinLock@4
; 427 : //IoReleaseCancelSpinLock (RegisteredInt->Irp->CancelIrql);
; 428 : RegisteredInt->Irp->IoStatus.Status = STATUS_SUCCESS ;
00080 8b 45 08 mov eax, DWORD PTR _RegisteredInt$[ebp]
; 429 : RegisteredInt->Irp->IoStatus.Information = 0 ;
; 430 : IoCompleteRequest(RegisteredInt->Irp, IO_NO_INCREMENT);
00083 32 d2 xor dl, dl
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -