📄 jiurl键盘驱动 5.htm
字号:
nt!NtDeviceIoControlFile+0x28 (FPO: [Non-Fpo])<BR>05 f90ef928 80400b51
000000d4 00000000 00000000 nt!KiSystemService+0xc4 (FPO: [0,0] TrapFrame @
f90ef958)<BR>06 f90ef9c8 a0000503 000000d4 00000000 00000000
nt!ZwDeviceIoControlFile+0xb (FPO: [10,0,0])<BR>07 f90efa00 a00ee42a
00000000 e19534f0 f90efa9c win32k!UpdateKeyLights+0xfe (FPO:
[1,0,3])<BR>08 f90efa54 a00886ae 00000014 0000003a 000a5013
win32k!xxxKeyEvent+0x2fe (FPO: [Non-Fpo])<BR>09 f90efa7c a008c77f f90efa14
00000000 00000000 win32k!xxxProcessKeyEvent+0x142 (FPO: [Non-Fpo])<BR>0a
f90efaa8 a005c98b e1953448 fe3853a8 80430982
win32k!ProcessKeyboardInput+0x181 (FPO: [Non-Fpo])<BR>0b f90efab4 80430982
e1953448 e1953468 00000000 win32k!InputApc+0x3b (FPO: [3,0,1])<BR>0c
f90efae8 80403a44 00000000 00000000 00000000 nt!KiDeliverApc+0xdb (FPO:
[Non-Fpo])<BR>0d f90efb08 8042d33d 80400b46 00000001 00000000
nt!KiSwapThread+0xfc (FPO: [EBP 0xf90efb3c] [0,0,4])<BR>0e f90efb3c
a000eaf5 00000004 fe427ac8 00000001 nt!KeWaitForMultipleObjects+0x266
(FPO: [Non-Fpo])<BR>0f f90efda8 804524f6 00000002 00000000 00000000
win32k!RawInputThread+0x3c2 (FPO: [Non-Fpo])<BR>10 f90efddc 80465b62
a000e7cd f8d5f7d0 00000000 nt!PspSystemThreadStartup+0x69 (FPO:
[Non-Fpo])<BR>11 00000000 f000ff53 f000e2c3 f000ff53 f000ff53
nt!KiThreadStartup+0x16<BR>WARNING: Frame IP not in any known module.
Following frames may be wrong.<BR>12 f000ff53 00000000 00000000 00000000
00000000 0xf000ff53<BR><BR>我们使用 WinDbg 的 !irp 命令来看看这个传入的 IRP<BR><BR>kd>
!irp fe385368<BR>Irp is active with 6 stacks 6 is current (=
0xfe38548c)<BR>No Mdl System buffer = fe3b38e8 Thread fe427b00: Irp stack
trace. <BR>cmd flg cl Device File Completion-Context<BR>[ 0, 0] 0 0
00000000 00000000 00000000-00000000 <BR><BR>Args: 00000000 00000000
00000000 00000000<BR>[ 0, 0] 0 0 00000000 00000000
00000000-00000000 <BR><BR>Args: 00000000 00000000 00000000
00000000<BR>[ 0, 0] 0 0 00000000 00000000
00000000-00000000 <BR><BR>Args: 00000000 00000000 00000000
00000000<BR>[ 0, 0] 0 0 00000000 00000000
00000000-00000000 <BR><BR>Args: 00000000 00000000 00000000
00000000<BR>[ 0, 0] 0 0 00000000 00000000
00000000-00000000 <BR><BR>Args: 00000000 00000000 00000000
00000000<BR>>[ e, 0] 0 0 fe4f5df0 fe426728
00000000-00000000 <BR>\Driver\Kbdclass<BR>Args: 00000000 00000004
000b0008 00000000<BR><BR>看看IRP的当前 IO_STACK_LOCATION 中的详细内容<BR><BR>kd>
!strct io_stack_location fe38548c<BR>struct _IO_STACK_LOCATION
(sizeof=36)<BR>+00 byte MajorFunction = 0e .<BR>+01 byte MinorFunction =
00 .<BR>+02 byte Flags = 00 .<BR>+03 byte Control = 00 .<BR>+04 union
__unnamed19 Parameters<BR>+04 struct __unnamed33 DeviceIoControl<BR>+04
uint32 OutputBufferLength = 00000000<BR>+08 uint32 InputBufferLength =
00000004<BR>+0c uint32 IoControlCode = 000b0008<BR>+10 void
*Type3InputBuffer = 00000000<BR>+14 struct _DEVICE_OBJECT *DeviceObject =
FE4F5DF0<BR>+18 struct _FILE_OBJECT *FileObject = FE426728<BR>+1c function
*CompletionRoutine = 00000000<BR>+20 void *Context =
00000000<BR><BR>kbdclass!KeyboardClassDeviceControl 中对这个 IRP 不做处理,将下一个
IO_STACK_LOCATION 的 MajorFunction 设置为
IRP_MJ_INTERNAL_DEVICE_CONTROL,然后向下传。<BR><BR>驱动 i8042prt
中,将向i8042发0xed命令,然后发参数,让i8048点亮 Caps Lock 的LED指示灯。<BR><BR>7.7
按住a键不放一段时间<BR><BR>7.7.1 调试信息<BR><BR>i8042 isr (kb): enter<BR>i8042 isr
(kb): scanCode 0x1e<BR>i8042 isr (kb): real scan code<BR>i8042 isr (kb):
MAKE code<BR>8042: I8xWriteDataToKeyboardQueue: enter<BR>8042:
I8xWriteDataToKeyboardQueue: DataIn 0xfe4cf60c, DataOut
0xfe4cf60c<BR>8042: I8xWriteDataToKeyboardQueue: InputCount 0<BR>8042:
I8xWriteDataToKeyboardQueue: new InputCount 1<BR>8042:
I8xWriteDataToKeyboardQueue: exit<BR>i8042 isr (kb): exit<BR><BR>8042:
I8042KeyboardIsrDpc: enter<BR>8042: I8xDpcVariableOperation:
enter<BR>8042: Performing increment at 0xfe4f529c (current value
0xffffffff)<BR>8042: I8xDpcVariableOperation: exit with value 0x0<BR>8042:
I8xGetDataQueuePointer: enter<BR>8042: I8xGetDataQueuePointer:
keyboard<BR>8042: I8xGetDataQueuePointer: DataIn 0xfe4cf618, DataOut
0xfe4cf60c<BR>8042: I8xGetDataQueuePointer: exit<BR><BR>i8042 isr (kb):
enter<BR>i8042 isr (kb): scanCode 0x1e<BR>i8042 isr (kb): real scan
code<BR>i8042 isr (kb): MAKE code<BR>8042: I8xWriteDataToKeyboardQueue:
enter<BR>8042: I8xWriteDataToKeyboardQueue: DataIn 0xfe4cf618, DataOut
0xfe4cf60c<BR>8042: I8xWriteDataToKeyboardQueue: InputCount 1<BR>8042:
I8xWriteDataToKeyboardQueue: new InputCount 2<BR>8042:
I8xWriteDataToKeyboardQueue: exit<BR>i8042 isr (kb): exit<BR><BR>i8042 isr
(kb): enter<BR>i8042 isr (kb): scanCode 0x1e<BR>i8042 isr (kb): real scan
code<BR>i8042 isr (kb): MAKE code<BR>8042: I8xWriteDataToKeyboardQueue:
enter<BR>8042: I8xWriteDataToKeyboardQueue: DataIn 0xfe4cf624, DataOut
0xfe4cf60c<BR>8042: I8xWriteDataToKeyboardQueue: InputCount 2<BR>8042:
I8xWriteDataToKeyboardQueue: new InputCount 3<BR>8042:
I8xWriteDataToKeyboardQueue: exit<BR>i8042 isr (kb): exit<BR><BR>i8042 isr
(kb): enter<BR>i8042 isr (kb): scanCode 0x1e<BR>i8042 isr (kb): real scan
code<BR>i8042 isr (kb): MAKE code<BR>8042: I8xWriteDataToKeyboardQueue:
enter<BR>8042: I8xWriteDataToKeyboardQueue: DataIn 0xfe4cf630, DataOut
0xfe4cf60c<BR>8042: I8xWriteDataToKeyboardQueue: InputCount 3<BR>8042:
I8xWriteDataToKeyboardQueue: new InputCount 4<BR>8042:
I8xWriteDataToKeyboardQueue: exit<BR>i8042 isr (kb): exit<BR><BR>i8042 isr
(kb): enter<BR>i8042 isr (kb): scanCode 0x1e<BR>i8042 isr (kb): real scan
code<BR>i8042 isr (kb): MAKE code<BR>8042: I8xWriteDataToKeyboardQueue:
enter<BR>8042: I8xWriteDataToKeyboardQueue: DataIn 0xfe4cf63c, DataOut
0xfe4cf60c<BR>8042: I8xWriteDataToKeyboardQueue: InputCount 4<BR>8042:
I8xWriteDataToKeyboardQueue: new InputCount 5<BR>8042:
I8xWriteDataToKeyboardQueue: exit<BR>i8042 isr (kb): exit<BR><BR>i8042 isr
(kb): enter<BR>i8042 isr (kb): scanCode 0x1e<BR>i8042 isr (kb): real scan
code<BR>i8042 isr (kb): MAKE code<BR>8042: I8xWriteDataToKeyboardQueue:
enter<BR>8042: I8xWriteDataToKeyboardQueue: DataIn 0xfe4cf648, DataOut
0xfe4cf60c<BR>8042: I8xWriteDataToKeyboardQueue: InputCount 5<BR>8042:
I8xWriteDataToKeyboardQueue: new InputCount 6<BR>8042:
I8xWriteDataToKeyboardQueue: exit<BR>i8042 isr (kb): exit<BR><BR>i8042 isr
(kb): enter<BR>i8042 isr (kb): scanCode 0x1e<BR>i8042 isr (kb): real scan
code<BR>i8042 isr (kb): MAKE code<BR>8042: I8xWriteDataToKeyboardQueue:
enter<BR>8042: I8xWriteDataToKeyboardQueue: DataIn 0xfe4cf654, DataOut
0xfe4cf60c<BR>8042: I8xWriteDataToKeyboardQueue: InputCount 6<BR>8042:
I8xWriteDataToKeyboardQueue: new InputCount 7<BR>8042:
I8xWriteDataToKeyboardQueue: exit<BR>i8042 isr (kb): exit<BR><BR>i8042 isr
(kb): enter<BR>i8042 isr (kb): scanCode 0x1e<BR>i8042 isr (kb): real scan
code<BR>i8042 isr (kb): MAKE code<BR>8042: I8xWriteDataToKeyboardQueue:
enter<BR>8042: I8xWriteDataToKeyboardQueue: DataIn 0xfe4cf660, DataOut
0xfe4cf60c<BR>8042: I8xWriteDataToKeyboardQueue: InputCount 7<BR>8042:
I8xWriteDataToKeyboardQueue: new InputCount 8<BR>8042:
I8xWriteDataToKeyboardQueue: exit<BR>i8042 isr (kb): exit<BR><BR>i8042 isr
(kb): enter<BR>i8042 isr (kb): scanCode 0x1e<BR>i8042 isr (kb): real scan
code<BR>i8042 isr (kb): MAKE code<BR>8042: I8xWriteDataToKeyboardQueue:
enter<BR>8042: I8xWriteDataToKeyboardQueue: DataIn 0xfe4cf66c, DataOut
0xfe4cf60c<BR>8042: I8xWriteDataToKeyboardQueue: InputCount 8<BR>8042:
I8xWriteDataToKeyboardQueue: new InputCount 9<BR>8042:
I8xWriteDataToKeyboardQueue: exit<BR>i8042 isr (kb): exit<BR><BR>i8042 isr
(kb): enter<BR>i8042 isr (kb): scanCode 0x1e<BR>i8042 isr (kb): real scan
code<BR>i8042 isr (kb): MAKE code<BR>8042: I8xWriteDataToKeyboardQueue:
enter<BR>8042: I8xWriteDataToKeyboardQueue: DataIn 0xfe4cf678, DataOut
0xfe4cf60c<BR>8042: I8xWriteDataToKeyboardQueue: InputCount 9<BR>8042:
I8xWriteDataToKeyboardQueue: new InputCount 10<BR>8042:
I8xWriteDataToKeyboardQueue: exit<BR>i8042 isr (kb): exit<BR><BR>i8042 isr
(kb): enter<BR>i8042 isr (kb): scanCode 0x1e<BR>i8042 isr (kb): real scan
code<BR>i8042 isr (kb): MAKE code<BR>8042: I8xWriteDataToKeyboardQueue:
enter<BR>8042: I8xWriteDataToKeyboardQueue: DataIn 0xfe4cf684, DataOut
0xfe4cf60c<BR>8042: I8xWriteDataToKeyboardQueue: InputCount 10<BR>8042:
I8xWriteDataToKeyboardQueue: new InputCount 11<BR>8042:
I8xWriteDataToKeyboardQueue: exit<BR>i8042 isr (kb): exit<BR><BR>i8042 isr
(kb): enter<BR>i8042 isr (kb): scanCode 0x1e<BR>i8042 isr (kb): real scan
code<BR>i8042 isr (kb): MAKE code<BR>8042: I8xWriteDataToKeyboardQueue:
enter<BR>8042: I8xWriteDataToKeyboardQueue: DataIn 0xfe4cf690, DataOut
0xfe4cf60c<BR>8042: I8xWriteDataToKeyboardQueue: InputCount 11<BR>8042:
I8xWriteDataToKeyboardQueue: new InputCount 12<BR>8042:
I8xWriteDataToKeyboardQueue: exit<BR>i8042 isr (kb): exit<BR><BR>i8042 isr
(kb): enter<BR>i8042 isr (kb): scanCode 0x1e<BR>i8042 isr (kb): real scan
code<BR>i8042 isr (kb): MAKE code<BR>8042: I8xWriteDataToKeyboardQueue:
enter<BR>8042: I8xWriteDataToKeyboardQueue: DataIn 0xfe4cf69c, DataOut
0xfe4cf60c<BR>8042: I8xWriteDataToKeyboardQueue: InputCount 12<BR>8042:
I8xWriteDataToKeyboardQueue: new InputCount 13<BR>8042:
I8xWriteDataToKeyboardQueue: exit<BR>i8042 isr (kb): exit<BR><BR>i8042 isr
(kb): enter<BR>i8042 isr (kb): scanCode 0x9e<BR>i8042 isr (kb): real scan
code<BR>i8042 isr (kb): BREAK code<BR>8042: I8xWriteDataToKeyboardQueue:
enter<BR>8042: I8xWriteDataToKeyboardQueue: DataIn 0xfe4cf6a8, DataOut
0xfe4cf60c<BR>8042: I8xWriteDataToKeyboardQueue: InputCount 13<BR>8042:
I8xWriteDataToKeyboardQueue: new InputCount 14<BR>8042:
I8xWriteDataToKeyboardQueue: exit<BR>i8042 isr (kb): exit<BR><BR>8042:
I8042KeyboardIsrDpc: calling class callback<BR>8042: I8042KeyboardIsrDpc:
with Start 0xfe4cf60c and End
0xfe4cf618<BR>KBDCLASS-KeyboardClassServiceCallback:
enter<BR>KBDCLASS-KeyboardClassServiceCallback: port queue length 0xc,
read length 0x78<BR>KBDCLASS-KeyboardClassServiceCallback: number of bytes
to move from port to SystemBuffer
0xc<BR>KBDCLASS-KeyboardClassServiceCallback: move bytes from 0xfe4cf60c
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -