📄 pcidp.asm
字号:
mov DWORD PTR _CurrentLink$[ebp], ebx
; 679 : FirstLink = NULL;
mov DWORD PTR _FirstLink$[ebp], ebx
$L8753:
; 680 : while(GetNextEntry(ObjExt, &FirstLink, &CurrentLink, &RegisteredInt) == TRUE){
lea eax, DWORD PTR _RegisteredInt$[ebp]
push eax
lea eax, DWORD PTR _CurrentLink$[ebp]
push eax
lea eax, DWORD PTR _FirstLink$[ebp]
push eax
push esi
call _GetNextEntry@16
cmp al, 1
jne SHORT $L8611
; 681 :
; 682 : // Debug
; 683 : //MemoryBase[0x1C55]++;
; 684 :
; 685 : if(IntData->Type[IntData->QueNew] == RegisteredInt->Type){
movzx eax, BYTE PTR [esi+37]
mov ecx, DWORD PTR _RegisteredInt$[ebp]
mov eax, DWORD PTR [esi+eax*4+40]
cmp eax, DWORD PTR [ecx]
jne SHORT $L8612
; 686 :
; 687 : // Debug
; 688 : //MemoryBase[0x1C56]++;
; 689 :
; 690 : // Found an entry. Disable the cancel routine, complete the I/O for
; 691 : // this IRP, then delete the linked list entry.
; 692 : IoAcquireCancelSpinLock (&CancelSpin);
lea eax, DWORD PTR _CancelSpin$[ebp]
push eax
call DWORD PTR __imp__IoAcquireCancelSpinLock@4
; 693 : IoSetCancelRoutine(RegisteredInt->Irp, NULL);
mov eax, DWORD PTR _RegisteredInt$[ebp]
xor edx, edx
mov ecx, DWORD PTR [eax+4]
add ecx, 56 ; 00000038H
call DWORD PTR __imp_@InterlockedExchange@8
; 694 : IoReleaseCancelSpinLock (CancelSpin);
push DWORD PTR _CancelSpin$[ebp]
call DWORD PTR __imp__IoReleaseCancelSpinLock@4
; 695 : RegisteredInt->Irp->IoStatus.Status = STATUS_SUCCESS ;
mov eax, DWORD PTR _RegisteredInt$[ebp]
; 696 : RegisteredInt->Irp->IoStatus.Information = 0 ;
; 697 : IoCompleteRequest(RegisteredInt->Irp, IO_NO_INCREMENT);
xor dl, dl
mov eax, DWORD PTR [eax+4]
mov DWORD PTR [eax+24], ebx
mov eax, DWORD PTR _RegisteredInt$[ebp]
mov eax, DWORD PTR [eax+4]
mov DWORD PTR [eax+28], ebx
mov eax, DWORD PTR _RegisteredInt$[ebp]
mov ecx, DWORD PTR [eax+4]
call DWORD PTR __imp_@IofCompleteRequest@8
; 698 :
; 699 : FreeEntry(ObjExt, CurrentLink);
push DWORD PTR _CurrentLink$[ebp]
push esi
call _FreeEntry@8
; 700 : }
; 701 : else
jmp SHORT $L8753
$L8612:
; 702 : PutBackEntry(ObjExt, CurrentLink);
push DWORD PTR _CurrentLink$[ebp]
push esi
call _PutBackEntry@8
jmp SHORT $L8753
$L8611:
; 703 : }
; 704 :
; 705 : IntData->QueNew++;
inc BYTE PTR [esi+37]
; 706 : if(IntData->QueNew == InterruptQueSize) IntData->QueNew = 0;
cmp BYTE PTR [esi+37], 16 ; 00000010H
jne SHORT $L8622
mov BYTE PTR [esi+37], bl
$L8622:
; 664 : IntData = &ObjExt->InterruptData;
; 665 :
; 666 :
; 667 : // Debug
; 668 : //MemoryBase = ObjExt->MemoryBase;
; 669 : //MemoryBase[0x1C53]++;
; 670 :
; 671 : //Service all of the recorded interrupts by checking to see if the interrupt
; 672 : //type has been registered by the user.
; 673 : while(IntData->QueNew != IntData->QueNext){
mov al, BYTE PTR [esi+37]
cmp al, BYTE PTR [esi+36]
jne $L8605
pop ebx
$L8606:
pop esi
; 707 : }
; 708 : }
leave
ret 16 ; 00000010H
_PCIDPForDpcIsr@16 ENDP
_TEXT ENDS
PUBLIC _PCIDPISR@8
EXTRN __imp__KeInsertQueueDpc@12:NEAR
; COMDAT _PCIDPISR@8
_TEXT SEGMENT
_Context$ = 12
_PCIDPISR@8 PROC NEAR ; COMDAT
; 719 : // Define variables.
; 720 : BOOLEAN Status;
; 721 : PDEVICE_OBJECT DeviceObject;
; 722 : PPCIDP_EXTENSION ObjExt;
; 723 : PINTERRUPT_DATA IntData;
; 724 : PULONG MemoryBase;
; 725 : ULONG HINTStatusReg;
; 726 :
; 727 : // Check the masked HINT for an active interrupt. If it's not set,
; 728 : // the PCIDP card did not cause the interrupt, so exit quick.
; 729 : DeviceObject = (PDEVICE_OBJECT)Context;
; 730 : ObjExt = (PPCIDP_EXTENSION)DeviceObject->DeviceExtension;
mov eax, DWORD PTR _Context$[esp-4]
push esi
mov eax, DWORD PTR [eax+40]
; 731 : MemoryBase = ObjExt->MemoryBase;
mov esi, DWORD PTR [eax+24]
; 732 :
; 733 : // Debug
; 734 : //MemoryBase[0x1C50]++;
; 735 :
; 736 : HINTStatusReg = MemoryBase[HINT] & 0x03FF;
mov edx, DWORD PTR [esi+1252]
and edx, 1023 ; 000003ffH
; 737 : if(HINTStatusReg == 0){
jne SHORT $L8636
; 738 :
; 739 : // Debug
; 740 : //MemoryBase[0x1C51]++;
; 741 :
; 742 : Status = FALSE;
xor al, al
; 743 : goto ExitA;
jmp $ExitA$8637
$L8636:
push ebx
push edi
; 744 : }
; 745 :
; 746 : // Initialize variables.
; 747 : DeviceObject = (PDEVICE_OBJECT)Context;
; 748 : IntData = &ObjExt->InterruptData;
; 749 :
; 750 : // This board caused the interrupt. Now determine what type of interrupt
; 751 : // was triggered.
; 752 : if(HINTStatusReg & PCIMasterAbort){
mov ecx, 512 ; 00000200H
push 16 ; 00000010H
test edx, ecx
pop ebx
je SHORT $L8640
; 753 : IntData->Type[IntData->QueNext] = PCIMasterAbort;
movzx edi, BYTE PTR [eax+36]
mov DWORD PTR [eax+edi*4+40], ecx
; 754 : IntData->QueNext++;
inc BYTE PTR [eax+36]
; 755 : if(IntData->QueNext == InterruptQueSize) IntData->QueNext = 0;
cmp BYTE PTR [eax+36], bl
jne SHORT $L8640
and BYTE PTR [eax+36], 0
$L8640:
; 756 : }
; 757 :
; 758 : if(HINTStatusReg & PCITargetAbort){
mov ecx, 256 ; 00000100H
test edx, ecx
je SHORT $L8642
; 759 : IntData->Type[IntData->QueNext] = PCITargetAbort;
movzx edi, BYTE PTR [eax+36]
mov DWORD PTR [eax+edi*4+40], ecx
; 760 : IntData->QueNext++;
inc BYTE PTR [eax+36]
; 761 : if(IntData->QueNext == InterruptQueSize) IntData->QueNext = 0;
cmp BYTE PTR [eax+36], bl
jne SHORT $L8642
and BYTE PTR [eax+36], 0
$L8642:
; 762 : }
; 763 :
; 764 : if(HINTStatusReg & I2OOutboundPostFIFONotEmpty){
test dl, 128 ; 00000080H
je SHORT $L8644
; 765 : IntData->Type[IntData->QueNext] = I2OOutboundPostFIFONotEmpty;
movzx ecx, BYTE PTR [eax+36]
mov DWORD PTR [eax+ecx*4+40], 128 ; 00000080H
; 766 : IntData->QueNext++;
inc BYTE PTR [eax+36]
; 767 : if(IntData->QueNext == InterruptQueSize) IntData->QueNext = 0;
cmp BYTE PTR [eax+36], bl
jne SHORT $L8644
and BYTE PTR [eax+36], 0
$L8644:
; 768 : }
; 769 :
; 770 : if(HINTStatusReg & DMAComplete){
push 32 ; 00000020H
pop ecx
test dl, cl
je SHORT $L8646
; 771 : IntData->Type[IntData->QueNext] = DMAComplete;
movzx edi, BYTE PTR [eax+36]
mov DWORD PTR [eax+edi*4+40], ecx
; 772 : IntData->QueNext++;
inc BYTE PTR [eax+36]
; 773 : if(IntData->QueNext == InterruptQueSize) IntData->QueNext = 0;
cmp BYTE PTR [eax+36], bl
jne SHORT $L8646
and BYTE PTR [eax+36], 0
$L8646:
; 774 :
; 775 : // Debug
; 776 : //MemoryBase[0x1C52]++;
; 777 :
; 778 : }
; 779 :
; 780 : if(HINTStatusReg & LocalToHostExternalSignal){
test dl, bl
je SHORT $L8648
; 781 : IntData->Type[IntData->QueNext] = LocalToHostExternalSignal;
movzx ecx, BYTE PTR [eax+36]
mov DWORD PTR [eax+ecx*4+40], ebx
; 782 : IntData->QueNext++;
inc BYTE PTR [eax+36]
; 783 : if(IntData->QueNext == InterruptQueSize) IntData->QueNext = 0;
cmp BYTE PTR [eax+36], bl
jne SHORT $L8648
and BYTE PTR [eax+36], 0
$L8648:
; 784 : }
; 785 :
; 786 : if(HINTStatusReg & LocalToHostMailbox){
push 8
pop ecx
test dl, cl
je SHORT $L8650
; 787 : IntData->Type[IntData->QueNext] = LocalToHostMailbox;
movzx edi, BYTE PTR [eax+36]
mov DWORD PTR [eax+edi*4+40], ecx
; 788 : IntData->QueNext++;
inc BYTE PTR [eax+36]
; 789 : if(IntData->QueNext == InterruptQueSize) IntData->QueNext = 0;
cmp BYTE PTR [eax+36], bl
jne SHORT $L8650
and BYTE PTR [eax+36], 0
$L8650:
; 790 : }
; 791 :
; 792 : if(HINTStatusReg & I2OPCIFIFOOverflow){
push 2
pop ecx
test dl, cl
je SHORT $L8652
; 793 : IntData->Type[IntData->QueNext] = I2OPCIFIFOOverflow;
movzx edi, BYTE PTR [eax+36]
mov DWORD PTR [eax+edi*4+40], ecx
; 794 : IntData->QueNext++;
inc BYTE PTR [eax+36]
; 795 : if(IntData->QueNext == InterruptQueSize) IntData->QueNext = 0;
cmp BYTE PTR [eax+36], bl
jne SHORT $L8652
and BYTE PTR [eax+36], 0
$L8652:
; 796 : }
; 797 :
; 798 : // Clear all set interrupts as indicated in the status part of the
; 799 : // HINT register while preserving the enabled part of the HINT. This
; 800 : // is done by writing a 1 to each active bit which just happens to
; 801 : // be value in HINTStatusReg.
; 802 : MemoryBase[HINT] |= HINTStatusReg;
; 803 :
; 804 : // Lastly, request the defered interrupt handler be queued for processing.
; 805 : IoRequestDpc(DeviceObject, NULL, NULL);
mov eax, DWORD PTR _Context$[esp+8]
or DWORD PTR [esi+1252], edx
push 0
add eax, 116 ; 00000074H
push 0
push eax
call DWORD PTR __imp__KeInsertQueueDpc@12
pop edi
; 806 : Status = TRUE;
mov al, 1
pop ebx
$ExitA$8637:
pop esi
; 807 :
; 808 : ExitA:
; 809 : return Status;
; 810 : }
ret 8
_PCIDPISR@8 ENDP
_TEXT ENDS
PUBLIC _PCIDPCancelMapDMARoutine@8
EXTRN __imp__MmUnmapLockedPages@8:NEAR
; COMDAT _PCIDPCancelMapDMARoutine@8
; File c:\kernel2000\pcidp.c
_TEXT SEGMENT
$SG8664 DB '[PCIDP]->Entering CancelMapDMARoutine...', 0aH, 00H
_DeviceObject$ = 8
_Irp$ = 12
_Interrupt$ = -8
_CurrentLink$ = -4
_FirstLink$ = -12
_PCIDPCancelMapDMARoutine@8 PROC NEAR ; COMDAT
; 821 : ){
push ebp
mov ebp, esp
sub esp, 12 ; 0000000cH
push esi
push edi
; 822 : // Define variables.
; 823 : PPCIDP_EXTENSION ObjExt;
; 824 : PREGISTERED_INTERRUPT Interrupt;
; 825 : PLINKED_LIST CurrentLink;
; 826 : PLINKED_LIST FirstLink;
; 827 :
; 828 : // Debug entry point
; 829 : DbgPrint("[PCIDP]->Entering CancelMapDMARoutine...\n"); //debug
push OFFSET FLAT:$SG8664
call _DbgPrint
pop ecx
; 830 : DbgBreakPoint(); //debug
call _DbgBreakPoint@0
; 831 :
; 832 : // Initialize variables.
; 833 : ObjExt = (PPCIDP_EXTENSION)DeviceObject->DeviceExtension;
mov eax, DWORD PTR _DeviceObject$[ebp]
; 834 :
; 835 : //ObjExt->MemoryBase[0x1C5B]++; //debug
; 836 :
; 837 : // Search the driver's events linked list for an entry containing the
; 838 : // user provided Irp.
; 839 : CurrentLink = NULL;
and DWORD PTR _CurrentLink$[ebp], 0
; 840 : FirstLink = NULL;
and DWORD PTR _FirstLink$[ebp], 0
mov esi, DWORD PTR [eax+40]
; 841 : while(GetNextEntry(ObjExt, &FirstLink, &CurrentLink, &Interrupt) == TRUE){
lea eax, DWORD PTR _Interrupt$[ebp]
push eax
lea eax, DWORD PTR _CurrentLink$[ebp]
push eax
lea eax, DWORD PTR _FirstLink$[ebp]
push eax
push esi
call _GetNextEntry@16
mov edi, DWORD PTR _Irp$[ebp]
cmp al, 1
jne SHORT $L8672
$L8669:
; 842 :
; 843 : //ObjExt->MemoryBase[0x1C5C]++; //debug
; 844 :
; 845 : // Delete its linked list entry and unmap from DMA space.
; 846 : if(Irp == Interrupt->Irp){
mov eax, DWORD PTR _Interrupt$[ebp]
; 850 : }
; 851 :
; 852 : //ObjExt->MemoryBase[0x1C5D]++; //debug
; 853 :
; 854 : break;
; 855 : }
; 856 : else
; 857 : PutBackEntry(ObjExt, CurrentLink);
push DWORD PTR _CurrentLink$[ebp]
cmp edi, DWORD PTR [eax+4]
push esi
je SHORT $L8766
call _PutBackEntry@8
lea eax, DWORD PTR _Interrupt$[ebp]
push eax
lea eax, DWORD PTR _CurrentLink$[ebp]
push eax
lea eax, DWORD PTR _FirstLink$[ebp]
push eax
push esi
call _GetNextEntry@16
cmp al, 1
je SHORT $L8669
; 842 :
; 843 : //ObjExt->MemoryBase[0x1C5C]++; //debug
; 844 :
; 845 : // Delete its linked list entry and unmap from DMA space.
; 846 : if(Irp == Interrupt->Irp){
jmp SHORT $L8672
$L8766:
; 847 : FreeEntry(ObjExt, CurrentLink);
call _FreeEntry@8
; 848 : if(ObjExt->MDL){
mov esi, DWORD PTR [esi+128]
test esi, esi
je SHORT $L8672
; 849 : MmUnmapLockedPages((PVOID)Interrupt->Type, ObjExt->MDL); //linear address in Type
mov eax, DWORD PTR _Interrupt$[ebp]
push esi
push DWORD PTR [eax]
call DWORD PTR __imp__MmUnmapLockedPages@8
$L8672:
; 858 : }
; 859 :
; 860 : //IoReleaseCancelSpinLock (Irp->CancelIrql);
; 861 : Irp->IoStatus.Information = 0;
and DWORD PTR [edi+28], 0
; 862 : Irp->IoStatus.Status = STATUS_CANCELLED;
; 863 : IoCompleteRequest(Irp, IO_NO_INCREMENT) ;
xor dl, dl
mov ecx, edi
mov DWORD PTR [edi+24], -1073741536 ; c0000120H
call DWORD PTR __imp_@IofCompleteRequest@8
pop edi
pop esi
; 864 : }
leave
ret 8
_PCIDPCancelMapDMARoutine@8 ENDP
_TEXT ENDS
END
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -