📄 pnp.cod
字号:
_devExt$ = -4
_DeviceObject$ = 8
_irpStack$ = 12
_Irp$ = 12
_RamDiskDispatchPnp@8 PROC NEAR ; COMDAT
; 247 : {
0002d 55 push ebp
0002e 8b ec mov ebp, esp
00030 83 ec 18 sub esp, 24 ; 00000018H
; 248 : PIO_STACK_LOCATION irpStack;
; 249 : PDEVICE_EXTENSION devExt;
; 250 : KEVENT event;
; 251 : NTSTATUS status = STATUS_SUCCESS;
; 252 : BOOLEAN lockHeld = TRUE;
; 253 :
; 254 :
; 255 : PAGED_CODE();
; 256 :
; 257 : irpStack = IoGetCurrentIrpStackLocation( Irp );
; 258 : devExt = (PDEVICE_EXTENSION) DeviceObject->DeviceExtension;
00033 8b 4d 08 mov ecx, DWORD PTR _DeviceObject$[ebp]
00036 53 push ebx
00037 8b 5d 0c mov ebx, DWORD PTR _Irp$[ebp]
0003a 8b 43 60 mov eax, DWORD PTR [ebx+96]
0003d 56 push esi
0003e 8b 71 28 mov esi, DWORD PTR [ecx+40]
00041 89 45 0c mov DWORD PTR _irpStack$[ebp], eax
; 259 :
; 260 : ASSERT( devExt->DevState < MAX_STATE );
; 261 :
; 262 : DBGPRINT( DBG_COMP_PNP, DBG_LEVEL_INFO, ("DispatchPnP - IN. Fdo=(%p) Irp=(%p) %s Device State=%s\n",
; 263 : DeviceObject, Irp, GetPnpIrpName(irpStack->MinorFunction), StateTable[devExt->DevState] ) );
00044 0f b6 40 01 movzx eax, BYTE PTR [eax+1]
00048 57 push edi
00049 50 push eax
0004a 89 75 fc mov DWORD PTR _devExt$[ebp], esi
0004d e8 00 00 00 00 call _GetPnpIrpName@4
; 264 :
; 265 : status = IoAcquireRemoveLock(&devExt->RemoveLock, Irp);
00052 6a 18 push 24 ; 00000018H
00054 68 09 01 00 00 push 265 ; 00000109H
00059 68 00 00 00 00 push OFFSET FLAT:$SG14457
0005e 8d 46 10 lea eax, DWORD PTR [esi+16]
00061 53 push ebx
00062 50 push eax
00063 89 45 f8 mov DWORD PTR tv329[ebp], eax
00066 ff 15 00 00 00
00 call DWORD PTR __imp__IoAcquireRemoveLockEx@20
0006c 8b f8 mov edi, eax
; 266 : if (!NT_SUCCESS(status)) {
0006e 33 c0 xor eax, eax
00070 3b f8 cmp edi, eax
00072 7d 15 jge SHORT $L14459
; 267 : DBGPRINT( DBG_COMP_PNP, DBG_LEVEL_ERROR, ("Acquire RemoveLock failed\n" ) );
; 268 : COMPLETE_REQUEST( Irp, status, 0 );
00074 32 d2 xor dl, dl
00076 8b cb mov ecx, ebx
00078 89 7b 18 mov DWORD PTR [ebx+24], edi
0007b 89 43 1c mov DWORD PTR [ebx+28], eax
0007e ff 15 00 00 00
00 call DWORD PTR __imp_@IofCompleteRequest@8
; 269 : return status;
00084 e9 2b 01 00 00 jmp $L14512
$L14459:
; 270 : }
; 271 :
; 272 : switch (irpStack->MinorFunction) {
00089 8b 4d 0c mov ecx, DWORD PTR _irpStack$[ebp]
0008c 0f b6 49 01 movzx ecx, BYTE PTR [ecx+1]
00090 6a 04 push 4
00092 5a pop edx
00093 3b ca cmp ecx, edx
00095 0f 8f ca 00 00
00 jg $L14712
0009b 0f 84 bf 00 00
00 je $L14496
000a1 2b c8 sub ecx, eax
000a3 74 48 je SHORT $L14467
000a5 49 dec ecx
000a6 74 39 je SHORT $L14498
000a8 49 dec ecx
000a9 74 28 je SHORT $L14509
000ab 49 dec ecx
000ac 0f 85 df 00 00
00 jne $L14715
; 340 : }
; 341 :
; 342 : case IRP_MN_CANCEL_REMOVE_DEVICE: {
; 343 : //
; 344 : // Before sending the IRP down make sure we have received
; 345 : // a IRP_MN_QUERY_REMOVE_DEVICE. We may get Cancel Remove
; 346 : // without receiving a Query Remove earlier, if the
; 347 : // driver on top fails a Query Remove and passes down the
; 348 : // Cancel Remove.
; 349 : //
; 350 :
; 351 : if ( devExt->DevState == PENDINGREMOVE ) {
000b2 83 7e 0c 03 cmp DWORD PTR [esi+12], 3
; 352 : devExt->DevState = WORKING;
; 353 : Irp->IoStatus.Status = STATUS_SUCCESS;
; 354 : IoSkipCurrentIrpStackLocation( Irp );
; 355 : status = IoCallDriver( devExt->LowerDeviceObject, Irp );
; 356 : } else {
000b6 0f 84 c5 00 00
00 je $L14716
$L14501:
; 357 : //
; 358 : // A spurious Cancel Remove request. Just complete it
; 359 : //
; 360 : status = STATUS_SUCCESS;
000bc 33 ff xor edi, edi
; 361 : COMPLETE_REQUEST( Irp, status, 0 );
000be 89 43 18 mov DWORD PTR [ebx+24], eax
000c1 89 43 1c mov DWORD PTR [ebx+28], eax
$L14717:
000c4 32 d2 xor dl, dl
000c6 8b cb mov ecx, ebx
000c8 ff 15 00 00 00
00 call DWORD PTR __imp_@IofCompleteRequest@8
; 362 : }
; 363 : break;
000ce e9 d5 00 00 00 jmp $L14464
$L14509:
; 372 : }
; 373 :
; 374 : case IRP_MN_REMOVE_DEVICE: {
; 375 : RamDiskRemoveDevice( DeviceObject, Irp );
000d3 53 push ebx
000d4 ff 75 08 push DWORD PTR _DeviceObject$[ebp]
000d7 e8 00 00 00 00 call _RamDiskRemoveDevice@8
; 376 : //
; 377 : // Remove Lock released by RamDiskRemoveDevice
; 378 : //
; 379 : lockHeld = FALSE;
; 380 :
; 381 : break;
000dc e9 d3 00 00 00 jmp $L14512
$L14498:
; 331 : }
; 332 :
; 333 :
; 334 : case IRP_MN_QUERY_REMOVE_DEVICE: {
; 335 : devExt->DevState = PENDINGREMOVE;
000e1 c7 46 0c 03 00
00 00 mov DWORD PTR [esi+12], 3
; 336 : Irp->IoStatus.Status = STATUS_SUCCESS;
; 337 : IoSkipCurrentIrpStackLocation( Irp );
; 338 : status = IoCallDriver( devExt->LowerDeviceObject, Irp );
; 339 : break;
000e8 e9 a4 00 00 00 jmp $L14715
$L14467:
; 273 :
; 274 : case IRP_MN_START_DEVICE: {
; 275 : KeInitializeEvent( &event, NotificationEvent, FALSE);
000ed 50 push eax
000ee 50 push eax
000ef 8d 45 e8 lea eax, DWORD PTR _event$[ebp]
000f2 50 push eax
000f3 ff 15 00 00 00
00 call DWORD PTR __imp__KeInitializeEvent@12
; 276 : IoCopyCurrentIrpStackLocationToNext( Irp );
000f9 8b 73 60 mov esi, DWORD PTR [ebx+96]
000fc 8d 46 dc lea eax, DWORD PTR [esi-36]
000ff 6a 07 push 7
00101 8b f8 mov edi, eax
00103 59 pop ecx
00104 f3 a5 rep movsd
00106 80 60 03 00 and BYTE PTR [eax+3], 0
; 277 : IoSetCompletionRoutine( Irp, (PIO_COMPLETION_ROUTINE) RamDiskIoCompletionRoutine,
; 278 : (PVOID) &event, TRUE, TRUE, TRUE );
0010a 8b 43 60 mov eax, DWORD PTR [ebx+96]
; 279 : status = IoCallDriver( devExt->LowerDeviceObject, Irp );
0010d 8b 75 fc mov esi, DWORD PTR _devExt$[ebp]
00110 83 e8 24 sub eax, 36 ; 00000024H
00113 8d 4d e8 lea ecx, DWORD PTR _event$[ebp]
00116 c7 40 1c 00 00
00 00 mov DWORD PTR [eax+28], OFFSET FLAT:_RamDiskIoCompletionRoutine@12
0011d 89 48 20 mov DWORD PTR [eax+32], ecx
00120 c6 40 03 e0 mov BYTE PTR [eax+3], 224 ; 000000e0H
00124 8b 4e 04 mov ecx, DWORD PTR [esi+4]
00127 8b d3 mov edx, ebx
00129 ff 15 00 00 00
00 call DWORD PTR __imp_@IofCallDriver@8
0012f 8b f8 mov edi, eax
; 280 : if (status == STATUS_PENDING) {
00131 81 ff 03 01 00
00 cmp edi, 259 ; 00000103H
00137 75 10 jne SHORT $L14714
; 281 : KeWaitForSingleObject( &event, Executive, KernelMode, FALSE, NULL );
00139 33 c0 xor eax, eax
0013b 50 push eax
0013c 50 push eax
0013d 50 push eax
0013e 50 push eax
0013f 8d 45 e8 lea eax, DWORD PTR _event$[ebp]
00142 50 push eax
00143 ff 15 00 00 00
00 call DWORD PTR __imp__KeWaitForSingleObject@20
$L14714:
; 282 : }
; 283 : if ( NT_SUCCESS(status) ) {
00149 85 ff test edi, edi
0014b 7c 07 jl SHORT $L14484
; 284 : //
; 285 : // Device started successfully by the lower driver
; 286 : //
; 287 : devExt->DevState = WORKING;
0014d c7 46 0c 01 00
00 00 mov DWORD PTR [esi+12], 1
$L14484:
; 288 : }
; 289 : COMPLETE_REQUEST( Irp, status, 0 );
00154 83 63 1c 00 and DWORD PTR [ebx+28], 0
00158 89 7b 18 mov DWORD PTR [ebx+24], edi
; 290 : break;
0015b e9 64 ff ff ff jmp $L14717
$L14496:
; 316 : //
; 317 : // A spurious Cancel Stop request. Just complete it
; 318 : //
; 319 : status = STATUS_SUCCESS;
; 320 : COMPLETE_REQUEST( Irp, status, 0 );
; 321 : }
; 322 : break;
; 323 : }
; 324 :
; 325 : case IRP_MN_STOP_DEVICE: {
; 326 : devExt->DevState = STOPPED;
00160 89 46 0c mov DWORD PTR [esi+12], eax
; 327 : Irp->IoStatus.Status = STATUS_SUCCESS;
; 328 : IoSkipCurrentIrpStackLocation( Irp );
; 329 : status = IoCallDriver( devExt->LowerDeviceObject, Irp );
; 330 : break;
00163 eb 2c jmp SHORT $L14715
$L14712:
; 270 : }
; 271 :
; 272 : switch (irpStack->MinorFunction) {
00165 83 e9 05 sub ecx, 5
00168 74 20 je SHORT $L14487
0016a 49 dec ecx
0016b 74 0a je SHORT $L14489
0016d 83 e9 11 sub ecx, 17 ; 00000011H
; 382 : }
; 383 :
; 384 : default: {
; 385 : Irp->IoStatus.Status = STATUS_SUCCESS;
; 386 : IoSkipCurrentIrpStackLocation( Irp );
; 387 : status = IoCallDriver( devExt->LowerDeviceObject, Irp );
; 388 : break;
00170 75 1f jne SHORT $L14715
; 364 : }
; 365 :
; 366 : case IRP_MN_SURPRISE_REMOVAL: {
; 367 : devExt->DevState = SURPRISEREMOVED;
00172 89 56 0c mov DWORD PTR [esi+12], edx
; 368 : Irp->IoStatus.Status = STATUS_SUCCESS;
; 369 : IoSkipCurrentIrpStackLocation( Irp );
; 370 : status = IoCallDriver( devExt->LowerDeviceObject, Irp );
; 371 : break;
00175 eb 1a jmp SHORT $L14715
$L14489:
; 298 : break;
; 299 : }
; 300 :
; 301 : case IRP_MN_CANCEL_STOP_DEVICE: {
; 302 : //
; 303 : // Before sending the IRP down make sure we have received
; 304 : // a IRP_MN_QUERY_STOP_DEVICE. We may get Cancel Stop
; 305 : // without receiving a Query Stop earlier, if the
; 306 : // driver on top fails a Query Stop and passes down the
; 307 : // Cancel Stop.
; 308 : //
; 309 :
; 310 : if ( devExt->DevState == PENDINGSTOP ) {
00177 83 7e 0c 02 cmp DWORD PTR [esi+12], 2
0017b 0f 85 3b ff ff
ff jne $L14501
$L14716:
; 311 : devExt->DevState = WORKING;
00181 c7 46 0c 01 00
00 00 mov DWORD PTR [esi+12], 1
; 312 : Irp->IoStatus.Status = STATUS_SUCCESS;
; 313 : IoSkipCurrentIrpStackLocation( Irp );
; 314 : status = IoCallDriver( devExt->LowerDeviceObject, Irp );
; 315 : } else {
00188 eb 07 jmp SHORT $L14715
$L14487:
; 291 : }
; 292 :
; 293 : case IRP_MN_QUERY_STOP_DEVICE: {
; 294 : devExt->DevState = PENDINGSTOP;
0018a c7 46 0c 02 00
00 00 mov DWORD PTR [esi+12], 2
$L14715:
; 295 : Irp->IoStatus.Status = STATUS_SUCCESS;
; 296 : IoSkipCurrentIrpStackLocation( Irp );
00191 83 43 60 24 add DWORD PTR [ebx+96], 36 ; 00000024H
00195 fe 43 23 inc BYTE PTR [ebx+35]
00198 89 43 18 mov DWORD PTR [ebx+24], eax
; 297 : status = IoCallDriver( devExt->LowerDeviceObject, Irp );
0019b 8b 4e 04 mov ecx, DWORD PTR [esi+4]
0019e 8b d3 mov edx, ebx
001a0 ff 15 00 00 00
00 call DWORD PTR __imp_@IofCallDriver@8
001a6 8b f8 mov edi, eax
$L14464:
; 389 : } // default
; 390 :
; 391 : } // switch
; 392 :
; 393 : //
; 394 : // Device Extenion is gone if the current IRP is IRP_MN_REMOVE_DEVICE
; 395 : //
; 396 : if ( lockHeld == TRUE ) {
; 397 : IoReleaseRemoveLock(&devExt->RemoveLock, Irp);
001a8 6a 18 push 24 ; 00000018H
001aa 53 push ebx
001ab ff 75 f8 push DWORD PTR tv329[ebp]
001ae ff 15 00 00 00
00 call DWORD PTR __imp__IoReleaseRemoveLockEx@12
$L14512:
; 398 : DBGPRINT( DBG_COMP_PNP, DBG_LEVEL_INFO, ("DispatchPnP - OUT. Device State=%s\n",
; 399 : StateTable[devExt->DevState] ) );
; 400 : }
; 401 :
; 402 : return status;
001b4 8b c7 mov eax, edi
001b6 5f pop edi
001b7 5e pop esi
001b8 5b pop ebx
; 403 : } // End of RamDiskDispatchPnp()
001b9 c9 leave
001ba c2 08 00 ret 8
_RamDiskDispatchPnp@8 ENDP
_TEXT ENDS
END
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -