📄 jiurl键盘驱动 4.htm
字号:
[Non-Fpo])<BR>0e f901f870 8054e017 fe51b2c8 f901f88c 80087000
nt!IopProcessStartDevices+0x43 (FPO: [EBP 0xf901f8c0] [2,0,4])<BR>0f
f901f8c0 8054c5c9 00000000 00000032 00000000
nt!IopInitializeSystemDrivers+0x5d (FPO: [Non-Fpo])<BR>10 f901fa58
8054b35a 80087000 00000000 00000000 nt!IoInitSystem+0x644 (FPO:
[Non-Fpo])<BR>11 f901fda8 804524f6 80087000 00000000 00000000
nt!Phase1Initialization+0x71b (FPO: [Non-Fpo])<BR>12 f901fddc 80465b62
8054aca6 80087000 00000000 nt!PspSystemThreadStartup+0x69 (FPO:
[Non-Fpo])<BR>13 00000000 00000000 00000000 00000000 00000000
nt!KiThreadStartup+0x16<BR><BR>pnp 管理器向键盘设备栈发
IRP_MN_START_DEVICE。<BR><BR>我们看看这个 IRP<BR><BR>kd> !irp fe4fea08<BR>Irp
is active with 6 stacks 6 is current (= 0xfe4feb2c)<BR>No Mdl Thread
fe4f47e0: Irp stack trace. <BR>cmd flg cl Device File
Completion-Context<BR>[ 0, 0] 0 0 00000000 00000000
00000000-00000000 <BR><BR>Args: 00000000 00000000 00000000
00000000<BR>[ 0, 0] 0 0 00000000 00000000
00000000-00000000 <BR><BR>Args: 00000000 00000000 00000000
00000000<BR>[ 0, 0] 0 0 00000000 00000000
00000000-00000000 <BR><BR>Args: 00000000 00000000 00000000
00000000<BR>[ 0, 0] 0 0 00000000 00000000
00000000-00000000 <BR><BR>Args: 00000000 00000000 00000000
00000000<BR>[ 0, 0] 0 0 00000000 00000000
00000000-00000000 <BR><BR>Args: 00000000 00000000 00000000
00000000<BR>>[ 1b, 0] 0 0 fe4f5df0 00000000
00000000-00000000 <BR>\Driver\Kbdclass<BR>Args: e12c1bc8 e12c97c8
00000000 00000000<BR><BR>看看当前 IO_STACK_LOCATION <BR><BR>kd> !strct
io_stack_location fe4feb2c<BR>struct _IO_STACK_LOCATION (sizeof=36)<BR>+00
byte MajorFunction = 1b .<BR>+01 byte MinorFunction = 00 .<BR>+02 byte
Flags = 00 .<BR>+03 byte Control = 00 .<BR>+04 union __unnamed19
Parameters<BR>+04 struct __unnamed59 StartDevice<BR>+04 struct
_CM_RESOURCE_LIST *AllocatedResources = E12C1BC8<BR>+08 struct
_CM_RESOURCE_LIST *AllocatedResourcesTranslated = E12C97C8<BR>+14 struct
_DEVICE_OBJECT *DeviceObject = FE4F5DF0<BR>+18 struct _FILE_OBJECT
*FileObject = 00000000<BR>+1c function *CompletionRoutine =
00000000<BR>+20 void *Context = 00000000<BR><BR>我们看看
AllocatedResources<BR><BR>kd> !cmreslist E12C1BC8<BR>CmResourceList at
0xe12c1bc8 Version 0.0 Interface 0xf Bus #0<BR>Entry 0 - Port (0x1) Device
Exclusive (0x1)<BR>Flags (0x11) - PORT_MEMORY PORT_IO
16_BIT_DECODE <BR>Range starts at 0x60 for 0x1 bytes<BR>Entry 1 -
Port (0x1) Device Exclusive (0x1)<BR>Flags (0x11) - PORT_MEMORY PORT_IO
16_BIT_DECODE <BR>Range starts at 0x64 for 0x1 bytes<BR>Entry 2 -
Interrupt (0x2) Device Exclusive (0x1)<BR>Flags (0x01) -
LATCHED <BR>Level 0x1, Vector 0x1, Affinity 0xffffffff<BR><BR>我们看看
AllocatedResourcesTranslated<BR><BR>kd> !cmreslist
E12C97C8<BR>CmResourceList at 0xe12c97c8 Version 0.0 Interface 0xf Bus
#0<BR>Entry 0 - Port (0x1) Device Exclusive (0x1)<BR>Flags (0x11) -
PORT_MEMORY PORT_IO 16_BIT_DECODE <BR>Range starts at 0x60 for 0x1
bytes<BR>Entry 1 - Port (0x1) Device Exclusive (0x1)<BR>Flags (0x11) -
PORT_MEMORY PORT_IO 16_BIT_DECODE <BR>Range starts at 0x64 for 0x1
bytes<BR>Entry 2 - Interrupt (0x2) Device Exclusive (0x1)<BR>Flags (0x01)
- LATCHED <BR>Level 0xa, Vector 0xb3, Affinity 0x1<BR><BR>键盘驱动对于
IRP_MJ_PNP IRP_MN_START_DEVICE 的处理<BR><BR>kbdclass!KeyboardPnP
中,首先将这个IRP向下传,导致 i8042prt!I8xPnP 被执行。下面处理返回之后,如果没有错误,调用
IoSetDeviceInterfaceState,enable 键盘驱动暴露给应用层的接口。<BR><BR>i8042prt!I8xPnP
中,首先将这个IRP向下传,下面处理返回没有错,就继续 i8042prt!I8xPnP 中的处理。调用
i8042prt!I8xKeyboardStartDevice。i8042prt!I8xKeyboardStartDevice
中,把IRP传入的转换过的资源的信息保存在全局变量和设备扩展中。从注册表
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters
键下,读出参数,初始化设备扩展的一些域。从 NonPagedPool 为 i8042prt
的输入数据队列,分配内存。初始化设备扩展中的使用输入数据队列的相关域。初始化设备扩展中的一些域。<BR><BR>从注册表
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters
键下,读出参数,初始化设备扩展的一些域。包括,如果
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters\KeyboardDataQueueSize,<BR>存在,那么读出这个值作为
i8042prt的输入数据队列中单元的个数,如果不存在使用默认值十进制100作为
i8042prt的输入数据队列中单元的个数。在我这里,HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters\KeyboardDataQueueSize
不存在,所以使用默认值十进制100作为i8042prt的输入数据队列中单元的个数,最终
KeyboardExtension->KeyboardAttributes.InputDataQueueLength
赋值为输入数据队列中单元的个数*sizeof(KEYBOARD_INPUT_DATA)。<BR><BR>调用 ExAllocatePool 为
i8042prt 的输入数据队列分配内存,分配内存的大小为
KeyboardExtension->KeyboardAttributes.InputDataQueueLength。<BR><BR>KeyboardExtension->InputData
保存申请空间的首地址。<BR>KeyboardExtension->DataEnd 保存申请空间的尾地址。<BR>然后调用
I8xInitializeDataQueue,初始化, <BR>kbExtension->InputCount =
0;<BR>kbExtension->DataIn =
kbExtension->InputData;<BR>kbExtension->DataOut =
kbExtension->InputData;<BR>也就是开始的时候,DataIn,DataOut
都指向输入数据队列的开头。<BR><BR>初始化设备扩展中的一些DPC,包括
KeyboardExtension->KeyboardIsrDpc 初始化为
i8042prt!I8042KeyboardIsrDpc。<BR><BR>硬件的初始化工作,对于ps/2的鼠标和ps/2的键盘都是向i8042发一些命令。所以驱动
i8042prt
把ps/2键盘鼠标的硬件初始化工作放在了一起进行。<BR>在键盘启动的最后,会判断,如果没有ps/2鼠标,或者有ps/2鼠标但是已经启动了,那么现在执行硬件的初始化工作。如果有鼠标,并且鼠标还没有被启动,那么硬件的初始化工作,放在鼠标启动的最后进行。<BR>我这里有ps/2鼠标,并且鼠标是在键盘之后被启动的,目前鼠标还没有被启动,所以硬件的初始化放在后面的鼠标启动时一起进行。<BR><BR>[IRP_MJ_PNP
IRP_MN_QUERY_CAPABILITIES]<BR><BR># ChildEBP RetAddr Args to
Child <BR>00 f901f664 8041f54b fe4f5df0 fe4fea08 fe4f5df0
kbdclass!KeyboardPnP(struct _DEVICE_OBJECT * DeviceObject = 0xfe4f5df0,
struct _IRP * Irp = 0xfe4fea08)+0x9 (CONV: stdcall)<BR>01 f901f678
8049cb91 f901f6e0 fe4dd730 fe4fed68 nt!IopfCallDriver+0x35 (FPO:
[0,0,2])<BR>02 f901f6a4 80427122 fe4f5df0 f901f6bc f901f6ec
nt!IopSynchronousCall+0xca (FPO: [Non-Fpo])<BR>03 f901f6e0 8048ed08
fe4fed68 f901f6f0 00010040 nt!IopQueryDeviceCapabilities+0x4c (FPO:
[Non-Fpo])<BR>04 f901f730 8048e075 fe4fed68 00000000 fe4fed68
nt!IopDeviceNodeCapabilitiesToRegistry+0x12 (FPO: [Non-Fpo])<BR>05
f901f764 8048e040 fe4fed68 f901f88c 00000000
nt!IopStartAndEnumerateDevice+0x2d (FPO: [Non-Fpo])<BR>06 f901f784
804e504e fe4fed68 f901f88c fe4d6368 nt!IopProcessStartDevicesWorker+0x72
(FPO: [Non-Fpo])<BR>07 f901f794 804a4670 fe4d6368 804a4618 f901f88c
nt!IopForAllChildDeviceNodes+0x1f (FPO: [3,0,1])<BR>08 f901f7b8 804e504e
fe4d6368 f901f88c fe4e7c28 nt!IopProcessStartDevicesWorker+0x55 (FPO:
[Non-Fpo])<BR>09 f901f7c8 804a4670 fe4e7c28 804a4618 f901f88c
nt!IopForAllChildDeviceNodes+0x1f (FPO: [3,0,1])<BR>0a f901f7ec 804e504e
fe4e7c28 f901f88c fe5181a8 nt!IopProcessStartDevicesWorker+0x55 (FPO:
[Non-Fpo])<BR>0b f901f7fc 804a4670 fe5181a8 804a4618 f901f88c
nt!IopForAllChildDeviceNodes+0x1f (FPO: [3,0,1])<BR>0c f901f820 804e504e
fe5181a8 f901f88c fe51b5e8 nt!IopProcessStartDevicesWorker+0x55 (FPO:
[Non-Fpo])<BR>0d f901f830 804a4670 fe51b5e8 804a4618 f901f88c
nt!IopForAllChildDeviceNodes+0x1f (FPO: [3,0,1])<BR>0e f901f854 804a4607
fe51b5e8 f901f88c 00000003 nt!IopProcessStartDevicesWorker+0x55 (FPO:
[Non-Fpo])<BR>0f f901f870 8054e017 fe51b2c8 f901f88c 80087000
nt!IopProcessStartDevices+0x43 (FPO: [EBP 0xf901f8c0] [2,0,4])<BR>10
f901f8c0 8054c5c9 00000000 00000032 00000000
nt!IopInitializeSystemDrivers+0x5d (FPO: [Non-Fpo])<BR>11 f901fa58
8054b35a 80087000 00000000 00000000 nt!IoInitSystem+0x644 (FPO:
[Non-Fpo])<BR>12 f901fda8 804524f6 80087000 00000000 00000000
nt!Phase1Initialization+0x71b (FPO: [Non-Fpo])<BR>13 f901fddc 80465b62
8054aca6 80087000 00000000 nt!PspSystemThreadStartup+0x69 (FPO:
[Non-Fpo])<BR><BR>kbdclass!KeyboardPnP 和 i8042prt!I8xPnP
中都没有做什么处理。<BR><BR>[IRP_MJ_PNP IRP_MN_QUERY_PNP_DEVICE_STATE]<BR><BR>#
ChildEBP RetAddr Args to Child <BR>00 f901f6ac 8041f54b fe4f5df0
fe4fea08 fe4f5df0 kbdclass!KeyboardPnP(struct _DEVICE_OBJECT *
DeviceObject = 0xfe4f5df0, struct _IRP * Irp = 0xfe4fea08)+0x9 (CONV:
stdcall)<BR>01 f901f6c0 8049cb91 fe4dd730 fe4dd730 fe4fed68
nt!IopfCallDriver+0x35 (FPO: [0,0,2])<BR>02 f901f6ec 80428f92 fe4f5df0
f901f70c f901f738 nt!IopSynchronousCall+0xca (FPO: [Non-Fpo])<BR>03
f901f730 8048e07b fe4dd730 00000000 fe4fed68 nt!IopQueryDeviceState+0x2c
(FPO: [Non-Fpo])<BR>04 f901f764 8048e040 fe4fed68 f901f88c 00000000
nt!IopStartAndEnumerateDevice+0x33 (FPO: [Non-Fpo])<BR>05 f901f784
804e504e fe4fed68 f901f88c fe4d6368 nt!IopProcessStartDevicesWorker+0x72
(FPO: [Non-Fpo])<BR>06 f901f794 804a4670 fe4d6368 804a4618 f901f88c
nt!IopForAllChildDeviceNodes+0x1f (FPO: [3,0,1])<BR>07 f901f7b8 804e504e
fe4d6368 f901f88c fe4e7c28 nt!IopProcessStartDevicesWorker+0x55 (FPO:
[Non-Fpo])<BR>08 f901f7c8 804a4670 fe4e7c28 804a4618 f901f88c
nt!IopForAllChildDeviceNodes+0x1f (FPO: [3,0,1])<BR>09 f901f7ec 804e504e
fe4e7c28 f901f88c fe5181a8 nt!IopProcessStartDevicesWorker+0x55 (FPO:
[Non-Fpo])<BR>0a f901f7fc 804a4670 fe5181a8 804a4618 f901f88c
nt!IopForAllChildDeviceNodes+0x1f (FPO: [3,0,1])<BR>0b f901f820 804e504e
fe5181a8 f901f88c fe51b5e8 nt!IopProcessStartDevicesWorker+0x55 (FPO:
[Non-Fpo])<BR>0c f901f830 804a4670 fe51b5e8 804a4618 f901f88c
nt!IopForAllChildDeviceNodes+0x1f (FPO: [3,0,1])<BR>0d f901f854 804a4607
fe51b5e8 f901f88c 00000003 nt!IopProcessStartDevicesWorker+0x55 (FPO:
[Non-Fpo])<BR>0e f901f870 8054e017 fe51b2c8 f901f88c 80087000
nt!IopProcessStartDevices+0x43 (FPO: [EBP 0xf901f8c0] [2,0,4])<BR>0f
f901f8c0 8054c5c9 00000000 00000032 00000000
nt!IopInitializeSystemDrivers+0x5d (FPO: [Non-Fpo])<BR>10 f901fa58
8054b35a 80087000 00000000 00000000 nt!IoInitSystem+0x644 (FPO:
[Non-Fpo])<BR>11 f901fda8 804524f6 80087000 00000000 00000000
nt!Phase1Initialization+0x71b (FPO: [Non-Fpo])<BR>12 f901fddc 80465b62
8054aca6 80087000 00000000 nt!PspSystemThreadStartup+0x69 (FPO:
[Non-Fpo])<BR>13 00000000 00000000 00000000 00000000 00000000
nt!KiThreadStartup+0x16<BR><BR>kbdclass!KeyboardPnP 和 i8042prt!I8xPnP
中都没有做什么值得注意的处理。<BR><BR>[IRP_MJ_PNP IRP_MN_QUERY_DEVICE_RELATIONS]<BR><BR>#
ChildEBP RetAddr Args to Child <BR>00 f901f674 8041f54b fe4f5df0
fe4fea08 fe4f5df0 kbdclass!KeyboardPnP(struct _DEVICE_OBJECT *
DeviceObject = 0xfe4f5df0, struct _IRP * Irp = 0xfe4fea08)+0x9 (CONV:
stdcall)<BR>01 f901f688 8049cb91 f901f6f8 fe4fed68 80064b8c
nt!IopfCallDriver+0x35 (FPO: [0,0,2])<BR>02 f901f6b4 80428f1d fe4f5df0
f901f6d4 f901f724 nt!IopSynchronousCall+0xca (FPO: [Non-Fpo])<BR>03
f901f6fc 804a470f 00000000 fe4dd730 00142100
nt!IopQueryDeviceRelations+0x13f (FPO: [Non-Fpo])<BR>04 f901f728 8048e0ac
fe4dd730 f901f88c 00142100 nt!IopEnumerateDevice+0xce (FPO:
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -