📄 utils.cod
字号:
; 483 : }
; 484 :
; 485 : } else {
001c3 eb 09 jmp SHORT $L14978
$L14956:
; 486 :
; 487 : IoReleaseCancelSpinLock(IrqlForRelease);
001c5 ff 75 10 push DWORD PTR _IrqlForRelease$[ebp]
001c8 ff 15 00 00 00
00 call DWORD PTR __imp__IoReleaseCancelSpinLock@4
$L14978:
001ce 5f pop edi
001cf 5e pop esi
001d0 5b pop ebx
; 488 :
; 489 : }
; 490 :
; 491 : }
001d1 5d pop ebp
001d2 c2 2c 00 ret 44 ; 0000002cH
_SerialTryToCompleteCurrent@44 ENDP
PAGESER ENDS
PUBLIC _SerialCancelTimer@8
; COMDAT _SerialRundownIrpRefs@16
PAGESER SEGMENT
$SG14989 DB 'SERIAL: Pageable code called at IRQL %d without lock ', 0aH
DB 00H
ORG $+1
$SG14992 DB 'f:\w2ddk\src\kernel\serial\utils.c', 00H
ORG $+1
$SG14993 DB 'FALSE', 00H
ORG $+2
$SG15003 DB 'f:\w2ddk\src\kernel\serial\utils.c', 00H
ORG $+1
$SG15004 DB '*_arg4 & _refType', 00H
ORG $+2
$SG15022 DB 'f:\w2ddk\src\kernel\serial\utils.c', 00H
ORG $+1
$SG15023 DB '*_arg4 & _refType', 00H
ORG $+2
$SG15034 DB 'f:\w2ddk\src\kernel\serial\utils.c', 00H
ORG $+1
$SG15035 DB '*_arg4 & _refType', 00H
; Function compile flags: /Ogs
_CurrentOpIrp$ = 8
_IntervalTimer$ = 12
_TotalTimer$ = 16
_PDevExt$ = 20
_SerialRundownIrpRefs@16 PROC NEAR ; COMDAT
; 530 : {
0010a 55 push ebp
0010b 8b ec mov ebp, esp
0010d 53 push ebx
0010e 56 push esi
; 531 :
; 532 : SERIAL_LOCKED_PAGED_CODE();
0010f 8b 35 00 00 00
00 mov esi, DWORD PTR __imp__KeGetCurrentIrql@0
00115 57 push edi
00116 ff d6 call esi
00118 8b 1d 00 00 00
00 mov ebx, DWORD PTR __imp__RtlAssert@16
0011e 3c 01 cmp al, 1
00120 76 2e jbe SHORT $L14990
00122 83 3d 14 00 00
00 00 cmp DWORD PTR _SerialGlobals+20, 0
00129 75 25 jne SHORT $L14990
0012b ff d6 call esi
0012d 0f b6 c0 movzx eax, al
00130 50 push eax
00131 68 00 00 00 00 push OFFSET FLAT:$SG14989
00136 e8 00 00 00 00 call _DbgPrint
0013b 59 pop ecx
0013c 59 pop ecx
0013d 6a 00 push 0
0013f 68 14 02 00 00 push 532 ; 00000214H
00144 68 00 00 00 00 push OFFSET FLAT:$SG14992
00149 68 00 00 00 00 push OFFSET FLAT:$SG14993
0014e ff d3 call ebx
$L14990:
; 533 :
; 534 : //
; 535 : // This routine is called with the cancel spin lock held
; 536 : // so we know only one thread of execution can be in here
; 537 : // at one time.
; 538 : //
; 539 :
; 540 : //
; 541 : // First we see if there is still a cancel routine. If
; 542 : // so then we can decrement the count by one.
; 543 : //
; 544 :
; 545 : if ((*CurrentOpIrp)->CancelRoutine) {
00150 8b 7d 08 mov edi, DWORD PTR _CurrentOpIrp$[ebp]
00153 8b 07 mov eax, DWORD PTR [edi]
00155 83 78 38 00 cmp DWORD PTR [eax+56], 0
00159 74 2e je SHORT $L14994
; 546 :
; 547 : SERIAL_CLEAR_REFERENCE(
; 548 : *CurrentOpIrp,
; 549 : SERIAL_REF_CANCEL
; 550 : );
0015b 8b 70 60 mov esi, DWORD PTR [eax+96]
0015e 83 c6 10 add esi, 16 ; 00000010H
00161 f6 06 02 test BYTE PTR [esi], 2
00164 75 13 jne SHORT $L15001
00166 6a 00 push 0
00168 68 26 02 00 00 push 550 ; 00000226H
0016d 68 00 00 00 00 push OFFSET FLAT:$SG15003
00172 68 00 00 00 00 push OFFSET FLAT:$SG15004
00177 ff d3 call ebx
$L15001:
00179 83 26 fd and DWORD PTR [esi], -3 ; fffffffdH
; 551 :
; 552 : IoSetCancelRoutine(
; 553 : *CurrentOpIrp,
; 554 : NULL
; 555 : );
0017c 8b 0f mov ecx, DWORD PTR [edi]
0017e 83 c1 38 add ecx, 56 ; 00000038H
00181 33 d2 xor edx, edx
00183 ff 15 00 00 00
00 call DWORD PTR __imp_@InterlockedExchange@8
$L14994:
; 556 :
; 557 : }
; 558 :
; 559 : if (IntervalTimer) {
00189 83 7d 0c 00 cmp DWORD PTR _IntervalTimer$[ebp], 0
0018d 74 32 je SHORT $L15016
; 560 :
; 561 : //
; 562 : // Try to cancel the operations interval timer. If the operation
; 563 : // returns true then the timer did have a reference to the
; 564 : // irp. Since we've canceled this timer that reference is
; 565 : // no longer valid and we can decrement the reference count.
; 566 : //
; 567 : // If the cancel returns false then this means either of two things:
; 568 : //
; 569 : // a) The timer has already fired.
; 570 : //
; 571 : // b) There never was an interval timer.
; 572 : //
; 573 : // In the case of "b" there is no need to decrement the reference
; 574 : // count since the "timer" never had a reference to it.
; 575 : //
; 576 : // In the case of "a", then the timer itself will be coming
; 577 : // along and decrement it's reference. Note that the caller
; 578 : // of this routine might actually be the this timer, but it
; 579 : // has already decremented the reference.
; 580 : //
; 581 :
; 582 : if (SerialCancelTimer(IntervalTimer, PDevExt)) {
0018f ff 75 14 push DWORD PTR _PDevExt$[ebp]
00192 ff 75 0c push DWORD PTR _IntervalTimer$[ebp]
00195 e8 00 00 00 00 call _SerialCancelTimer@8
0019a 84 c0 test al, al
0019c 74 23 je SHORT $L15016
; 583 :
; 584 : SERIAL_CLEAR_REFERENCE(
; 585 : *CurrentOpIrp,
; 586 : SERIAL_REF_INT_TIMER
; 587 : );
0019e 8b 07 mov eax, DWORD PTR [edi]
001a0 8b 70 60 mov esi, DWORD PTR [eax+96]
001a3 83 c6 10 add esi, 16 ; 00000010H
001a6 f6 06 08 test BYTE PTR [esi], 8
001a9 75 13 jne SHORT $L15020
001ab 6a 00 push 0
001ad 68 4b 02 00 00 push 587 ; 0000024bH
001b2 68 00 00 00 00 push OFFSET FLAT:$SG15022
001b7 68 00 00 00 00 push OFFSET FLAT:$SG15023
001bc ff d3 call ebx
$L15020:
001be 83 26 f7 and DWORD PTR [esi], -9 ; fffffff7H
$L15016:
; 588 :
; 589 : }
; 590 :
; 591 : }
; 592 :
; 593 : if (TotalTimer) {
001c1 83 7d 10 00 cmp DWORD PTR _TotalTimer$[ebp], 0
001c5 74 32 je SHORT $L15028
; 594 :
; 595 : //
; 596 : // Try to cancel the operations total timer. If the operation
; 597 : // returns true then the timer did have a reference to the
; 598 : // irp. Since we've canceled this timer that reference is
; 599 : // no longer valid and we can decrement the reference count.
; 600 : //
; 601 : // If the cancel returns false then this means either of two things:
; 602 : //
; 603 : // a) The timer has already fired.
; 604 : //
; 605 : // b) There never was an total timer.
; 606 : //
; 607 : // In the case of "b" there is no need to decrement the reference
; 608 : // count since the "timer" never had a reference to it.
; 609 : //
; 610 : // In the case of "a", then the timer itself will be coming
; 611 : // along and decrement it's reference. Note that the caller
; 612 : // of this routine might actually be the this timer, but it
; 613 : // has already decremented the reference.
; 614 : //
; 615 :
; 616 : if (SerialCancelTimer(TotalTimer, PDevExt)) {
001c7 ff 75 14 push DWORD PTR _PDevExt$[ebp]
001ca ff 75 10 push DWORD PTR _TotalTimer$[ebp]
001cd e8 00 00 00 00 call _SerialCancelTimer@8
001d2 84 c0 test al, al
001d4 74 23 je SHORT $L15028
; 617 :
; 618 : SERIAL_CLEAR_REFERENCE(
; 619 : *CurrentOpIrp,
; 620 : SERIAL_REF_TOTAL_TIMER
; 621 : );
001d6 8b 07 mov eax, DWORD PTR [edi]
001d8 8b 70 60 mov esi, DWORD PTR [eax+96]
001db 83 c6 10 add esi, 16 ; 00000010H
001de f6 06 04 test BYTE PTR [esi], 4
001e1 75 13 jne SHORT $L15032
001e3 6a 00 push 0
001e5 68 6d 02 00 00 push 621 ; 0000026dH
001ea 68 00 00 00 00 push OFFSET FLAT:$SG15034
001ef 68 00 00 00 00 push OFFSET FLAT:$SG15035
001f4 ff d3 call ebx
$L15032:
001f6 83 26 fb and DWORD PTR [esi], -5 ; fffffffbH
$L15028:
001f9 5f pop edi
001fa 5e pop esi
001fb 5b pop ebx
; 622 : }
; 623 :
; 624 : }
; 625 :
; 626 : }
001fc 5d pop ebp
001fd c2 10 00 ret 16 ; 00000010H
_SerialRundownIrpRefs@16 ENDP
PAGESER ENDS
PUBLIC _SerialStartOrQueue@20
PUBLIC _SerialCancelQueued@8
EXTRN __imp__ExFreePool@4:NEAR
; COMDAT _SerialStartOrQueue@20
PAGESER SEGMENT
$SG15049 DB 'SERIAL: Pageable code called at IRQL %d without lock ', 0aH
DB 00H
ORG $+1
$SG15052 DB 'f:\w2ddk\src\kernel\serial\utils.c', 00H
ORG $+1
$SG15053 DB 'FALSE', 00H
ORG $+2
$SG15065 DB 'f:\w2ddk\src\kernel\serial\utils.c', 00H
ORG $+1
$SG15066 DB 'irpSp->Parameters.DeviceIoControl.Type3InputBuffer', 00H
ORG $+1
$SG15075 DB 'SERIAL: Complete Irp: %x', 0aH, 00H
; Function compile flags: /Ogs
_Extension$ = 8
_Irp$ = 12
_QueueToExamine$ = 16
_CurrentOpIrp$ = 20
_Starter$ = 24
_oldIrql$ = -4
_SerialStartOrQueue@20 PROC NEAR ; COMDAT
; 671 : {
000d6 55 push ebp
000d7 8b ec mov ebp, esp
000d9 51 push ecx
000da 53 push ebx
000db 56 push esi
; 672 :
; 673 : KIRQL oldIrql;
; 674 :
; 675 : SERIAL_LOCKED_PAGED_CODE();
000dc 8b 35 00 00 00
00 mov esi, DWORD PTR __imp__KeGetCurrentIrql@0
000e2 57 push edi
000e3 ff d6 call esi
000e5 3c 01 cmp al, 1
000e7 76 32 jbe SHORT $L15050
000e9 83 3d 14 00 00
00 00 cmp DWORD PTR _SerialGlobals+20, 0
000f0 75 29 jne SHORT $L15050
000f2 ff d6 call esi
000f4 0f b6 c0 movzx eax, al
000f7 50 push eax
000f8 68 00 00 00 00 push OFFSET FLAT:$SG15049
000fd e8 00 00 00 00 call _DbgPrint
00102 59 pop ecx
00103 59 pop ecx
00104 6a 00 push 0
00106 68 a3 02 00 00 push 675 ; 000002a3H
0010b 68 00 00 00 00 push OFFSET FLAT:$SG15052
00110 68 00 00 00 00 push OFFSET FLAT:$SG15053
00115 ff 15 00 00 00
00 call DWORD PTR __imp__RtlAssert@16
$L15050:
; 676 :
; 677 : IoAcquireCancelSpinLock(&oldIrql);
0011b 8d 45 fc lea eax, DWORD PTR _oldIrql$[ebp]
0011e 50 push eax
0011f ff 15 00 00 00
00 call DWORD PTR __imp__IoAcquireCancelSpinLock@4
; 678 :
; 679 : //
; 680 : // If this is a write irp then take the amount of characters
; 681 : // to write and add it to the count of characters to write.
; 682 : //
; 683 :
; 684 : if (IoGetCurrentIrpStackLocation(Irp)->MajorFunction
; 685 : == IRP_MJ_WRITE) {
00125 8b 75 0c mov esi, DWORD PTR _Irp$[ebp]
00128 8b 5d 08 mov ebx, DWORD PTR _Extension$[ebp]
0012b 8b 46 60 mov eax, DWORD PTR [esi+96]
0012e 8a 08 mov cl, BYTE PTR [eax]
00130 80 f9 04 cmp cl, 4
00133 75 0b jne SHORT $L15054
; 686 :
; 687 : Extension->TotalCharsQueued +=
; 688 : IoGetCurrentIrpStackLocation(Irp)
; 689 : ->Parameters.Write.Length;
00135 8b 40 04 mov eax, DWORD PTR [eax+4]
00138 01 83 28 01 00
00 add DWORD PTR [ebx+296], eax
; 690 :
; 691 : } else if ((IoGetCurrentIrpStackLocation(Irp)->MajorFunction
0013e eb 1c jmp SHORT $L15056
$L15054:
; 692 : == IRP_MJ_DEVICE_CONTROL) &&
; 693 : ((IoGetCurrentIrpStackLocation(Irp)
; 694 : ->Parameters.DeviceIoControl.IoControlCode ==
; 695 : IOCTL_SERIAL_IMMEDIATE_CHAR) ||
; 696 : (IoGetCurrentIrpStackLocation(Irp)
; 697 : ->Parameters.DeviceIoControl.IoControlCode ==
; 698 : IOCTL_SERIAL_XOFF_COUNTER))) {
00140 80 f9 0e cmp cl, 14 ; 0000000eH
00143 75 17 jne SHORT $L15056
00145 8b 40 0c mov eax, DWORD PTR [eax+12]
00148 3d 18 00 1b 00 cmp eax, 1769496 ; 001b0018H
0014d 74 07 je SHORT $L15057
0014f 3d 70 00 1b 00 cmp eax, 1769584 ; 001b0070H
00154 75 06 jne SHORT $L15056
$L15057:
; 699 :
; 700 : Extension->TotalCharsQueued++;
00156 ff 83 28 01 00
00 inc DWORD PTR [ebx+296]
$L15056:
; 701 :
; 702 : }
; 703 :
; 704 : if ((IsListEmpty(QueueToExamine)) &&
; 705 : !(*CurrentOpIrp)) {
0015c 8b 4d 10 mov ecx, DWORD PTR _QueueToExamine$[ebp]
0015f 39 09 cmp DWORD PTR [ecx], ecx
00161 75 1c jne SHORT $L15058
00163 8b 45 14 mov eax, DWORD PTR _CurrentOpIrp$[ebp]
00166 83 38 00 cmp DWORD PTR [eax], 0
00169 75 14 jne SHORT $L15058
; 706 :
; 707 : //
; 708 : // There were no current operation. Mark this one as
; 709 : // current and start it up.
; 710 : //
; 711 :
; 712 : *CurrentOpIrp = Irp;
; 713 :
; 714 : IoReleaseCancelSpinLock(oldIrql);
0016b ff 75 fc push DWORD PTR _oldIrql$[ebp]
0016e 89 30 mov DWORD PTR [eax], esi
00170 ff 15 00 00 00
00 call DWORD PTR __imp__IoReleaseCancelSpinLock@4
; 715 :
; 716 : return Starter(Extension);
00176 53 push ebx
00177 ff 55 18 call DWORD PTR _Starter$[ebp]
0017a e9 ad 00 00 00 jmp $L15083
$L15058:
; 717 :
; 718 : } else {
; 719 :
; 720 : //
; 721 : // We don't know how long the irp will be in the
; 722 : // queue. So we need to handle cancel.
; 723 : //
; 724 :
; 725 : if (Irp->Cancel) {
0017f 80 7e 24 00 cmp BYTE PTR [esi+36], 0
00183 74 6f je SHORT $L15060
; 726 : PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation(Irp);
; 727 :
; 728 : IoReleaseCancelSpinLock(oldIrql);
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -