nt!IopPnPDispatch函数分析之有对CmResourceTypeBusNumber资源类型的接口--重要0: kd kc#00 nt!IopPnPDispatch01 nt!IofCallDriver02 nt!IopSynchronousCall03 nt!IopQueryResourceHandlerInterface04 nt!IopSetupArbiterAndTranslators05 nt!IopResourceRequirementsListToReqList06 nt!IopAllocateBootResourcesInternal07 nt!IopAllocateBootResources08 nt!IopReportBootResources09 nt!PiQueryAndAllocateBootResources0a nt!PiProcessNewDeviceNode0b nt!PipProcessDevNodeTree0c nt!PipDeviceActionWorker0d nt!PipRequestDeviceAction0e nt!IopInitializeBootDrivers0f nt!IoInitSystem10 nt!Phase1Initialization11 nt!PspSystemThreadStartup12 nt!KiThreadStartup0: kd dvDeviceObject 0x899c5d08 Device for \Driver\PnpManagerIrp 0x899c5468information 0x899c5d08length 8uiNumber 0xf789a0d0id 0x00000000separatorCount 0x80cb0b360: kd !Irp 0x899c5468Irp is active with 1 stacks 1 is current ( 0x899c54d8)No Mdl: No System Buffer: Thread 899a1020: Irp stack trace.cmd flg cl Device File Completion-Context[IRP_MJ_PNP(1b), IRP_MN_QUERY_INTERFACE(8)]0 0 899c5d08 00000000 00000000-00000000\Driver\PnpManagerArgs: f789a144 00000018 e1278768 00000006case IRP_MN_QUERY_INTERFACE:status Irp-IoStatus.Status;deviceNode (PDEVICE_NODE)DeviceObject-DeviceObjectExtension-DeviceNode;if (deviceNode IopRootDeviceNode) {if ( IopCompareGuid((PVOID)irpSp-Parameters.QueryInterface.InterfaceType, (PVOID)GUID_ARBITER_INTERFACE_STANDARD)) {status STATUS_SUCCESS;arbiterInterface (PARBITER_INTERFACE) irpSp-Parameters.QueryInterface.Interface;arbiterInterface-ArbiterHandler ArbArbiterHandler;switch ((UCHAR)((ULONG_PTR)irpSp-Parameters.QueryInterface.InterfaceSpecificData)) {case CmResourceTypePort:arbiterInterface-Context (PVOID) IopRootPortArbiter;break;case CmResourceTypeMemory:arbiterInterface-Context (PVOID) IopRootMemArbiter;break;case CmResourceTypeInterrupt:arbiterInterface-Context (PVOID) IopRootIrqArbiter;break;case CmResourceTypeDma:arbiterInterface-Context (PVOID) IopRootDmaArbiter;break;case CmResourceTypeBusNumber:arbiterInterface-Context (PVOID) IopRootBusNumberArbiter;break;default:status STATUS_INVALID_PARAMETER;break;}} else if ( IopCompareGuid((PVOID)irpSp-Parameters.QueryInterface.InterfaceType, (PVOID)GUID_TRANSLATOR_INTERFACE_STANDARD)) {translatorInterface (PTRANSLATOR_INTERFACE) irpSp-Parameters.QueryInterface.Interface;translatorInterface-TranslateResources IopTranslatorHandlerCm;translatorInterface-TranslateResourceRequirements IopTranslatorHandlerIo;status STATUS_SUCCESS;}}break;0: kd bp nt!IopRootBusNumberArbiter0: kd x nt!ArbArbiterHandler80dc51ee nt!ArbArbiterHandler (void *, _ARBITER_ACTION, struct _ARBITER_PARAMETERS *)0: kd u 80dc51eent!ArbArbiterHandler [d:\srv03rtm\base\ntos\arb\arbiter.c 1461]:80dc51ee 55 push ebp80dc51ef 8bec mov ebp,esp80dc51f1 53 push ebx80dc51f2 56 push esi80dc51f3 8b350831a080 mov esi,dword ptr [nt!_imp__KeGetCurrentIrql (80a03108)]80dc51f9 57 push edi80dc51fa ffd6 call esi80dc51fc 3c01 cmp al,10: kd dvDeviceObject 0x00000000Irp 0x899c5468information 0x00000000length 0x386uiNumber 0id 0x00000001separatorCount 80: kd dd 0x899c5468899c5468 00940006 00000000 00000000 00000000899c5478 899a1238 899a1238 c00000bb 00000000899c5488 01010000 04000000 f789a0f4 f789a0e4899c5498 00000000 00000000 00000000 00000000899c54a8 00000000 00000000 00000000 00000000899c54b8 899a1020 00000000 00000000 00000000899c54c8899c54d800000000 00000000 00000000899c54d8 0000081b f789a144 00000018 e12787680: kd dt IO_STACK_LOCATION 899c54d8nt!IO_STACK_LOCATION0x000 MajorFunction : 0x1b 0x001 MinorFunction : 0x8 0x002 Flags : 0 0x003 Control : 0 0x004 Parameters : __unnamed0x014 DeviceObject : 0x899c5d08 _DEVICE_OBJECT0x018 FileObject : (null)0x01c CompletionRoutine : (null)0x020 Context : (null)0: kd dt IO_STACK_LOCATION 899c54d8 -rnt!IO_STACK_LOCATION0x000 MajorFunction : 0x1b 0x001 MinorFunction : 0x8 0x002 Flags : 0 0x003 Control : 0 0x004 Parameters : __unnamed0x000 QueryInterface : __unnamed0x000 InterfaceType : 0xf789a144 _GUID {e644f185-8c0e-11d0-becf-08002be2092f}0x004 Size : 0x180x006 Version : 00x008 Interface : 0xe1278768 _INTERFACE0: kd dt _INTERFACEhal!_INTERFACE0x000 Size : Uint2B0x002 Version : Uint2B0x004 Context : Ptr32 Void0x008 InterfaceReference : Ptr32 void0x00c InterfaceDereference : Ptr32 voidarbiterInterface (PARBITER_INTERFACE) irpSp-Parameters.QueryInterface.Interface;arbiterInterface-ArbiterHandler ArbArbiterHandler;switch ((UCHAR)((ULONG_PTR)irpSp-Parameters.QueryInterface.InterfaceSpecificData)) {case CmResourceTypeBusNumber:arbiterInterface-Context (PVOID) IopRootBusNumberArbiter;break;0: kd peaxe1278768 ebx00000010 ecx00000000 edx899c5468 esi899c54d8 edi00000000eip80cb0c84 espf789a098 ebpf789a0b4 iopl0 nv up ei pl zr na pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000246nt!IopPnPDispatch0x14e:80cb0c84 c74004a0f2b180 mov dword ptr [eax4],offset nt!IopRootBusNumberArbiter (80b1f2a0) ds:0023:e127876c000000000: kd dt ARBITER_INTERFACE e1278768nt!ARBITER_INTERFACE0x000 Size : 0x180x002 Version : 00x004 Context : (null)0x008 InterfaceReference : (null)0x00c InterfaceDereference : (null)0x010 ArbiterHandler : 0x80dc51ee long nt!ArbArbiterHandler00x014 Flags : 00: kd gueax00000000 ebx00000000 ecx00000000 edx00000000 esi899c5468 edi899c5d08eip80a2675c espf789a0c4 ebpf789a0d0 iopl0 nv up ei pl zr na pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000246nt!IofCallDriver0x62:80a2675c 5f pop edi0: kd gueax00000000 ebx899c5d08 ecx00000000 edx00000000 esif789a144 edi899c54fceip80c95e00 espf789a0d8 ebpf789a100 iopl0 nv up ei pl zr na pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000246nt!IopSynchronousCall0x1aa:80c95e00 8bf0 mov esi,eax0: kd gueax00000000 ebx00000018 ecx00000008 edx00000000 esie1278768 edi00000000eip80c969ff espf789a114 ebpf789a154 iopl0 nv up ei ng nz ac po cycs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000293nt!IopQueryResourceHandlerInterface0x10d:80c969ff 8bd8 mov ebx,eax0: kd guBreakpoint 22 hiteax00000000 ebxe12be0b8 ecx00000008 edx00000000 esi00000040 edi899c5bc8eip80ca1263 espf789a16c ebpf789a198 iopl0 nv up ei pl zr na pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000246nt!IopSetupArbiterAndTranslators0xfd:80ca1263 6609b7de000000 or word ptr [edi0DEh],si ds:0023:899c5ca600040: kd dv interfaceinterface 0xe12787680: kd dx -r1 ((ntkrnlmp!_INTERFACE *)0xe1278768)((ntkrnlmp!_INTERFACE *)0xe1278768) : 0xe1278768 [Type: _INTERFACE *][0x000] Size : 0x18 [Type: unsigned short][0x002] Version : 0x0 [Type: unsigned short][0x004] Context : 0x80b1f2a0 [Type: void *][0x008] InterfaceReference : 0x0 [Type: void (*)(void *)][0x00c] InterfaceDereference : 0x0 [Type: void (*)(void *)]status IopQueryResourceHandlerInterface(ResourceArbiter,deviceNode-PhysicalDeviceObject,resourceType,interface);deviceNode-QueryArbiterMask | resourceMask;0: kd dt _device_Node 899c5bc8nt!_DEVICE_NODE0x000 Sibling : (null)0x004 Child : 0x899c5850 _DEVICE_NODE0x008 Parent : (null)0x00c LastChild : 0x89983478 _DEVICE_NODE0x010 Level : 00x014 Notify : (null)0x018 State : 308 ( DeviceNodeStarted )0x01c PreviousState : 30d ( DeviceNodeEnumerateCompletion )0x020 StateHistory : [20] 301 ( DeviceNodeUninitialized )0x070 StateHistoryEntry : 50x074 CompletionStatus : 0n00x078 PendingIrp : (null)0x07c Flags : 0x1310x080 UserFlags : 00x084 Problem : 00x088 PhysicalDeviceObject : 0x899c5d08 _DEVICE_OBJECT0x08c ResourceList : (null)0x090 ResourceListTranslated : (null)0x094 InstancePath : _UNICODE_STRING HTREE\ROOT\00x09c ServiceName : _UNICODE_STRING 0x0a4 DuplicatePDO : (null)0x0a8 ResourceRequirements : (null)0x0ac InterfaceType : 0xffffffff (No matching name)0x0b0 BusNumber : 0xffffffff0x0b4 ChildInterfaceType : 0xffffffff (No matching name)0x0b8 ChildBusNumber : 0xffffffff0x0bc ChildBusTypeIndex : 0xffff0x0be RemovalPolicy : 0 0x0bf HardwareRemovalPolicy : 0 0x0c0 TargetDeviceNotify : _LIST_ENTRY [ 0x899c5c88 - 0x899c5c88 ]0x0c8 DeviceArbiterList : _LIST_ENTRY [ 0xe127f3b0 - 0xe127f3b0 ]0x0d0 DeviceTranslatorList : _LIST_ENTRY [ 0x899c5c98 - 0x899c5c98 ]0x0d8 NoTranslatorMask : 00x0da QueryTranslatorMask : 00x0dc NoArbiterMask : 00x0de QueryArbiterMask : 40x0e0 OverUsed1 : __unnamed0x0e4 OverUsed2 : __unnamed0x0e8 BootResources : (null)0x0ec CapabilityFlags : 00x0f0 DockInfo : __unnamed0x100 DisableableDepends : 00x104 PendedSetInterfaceState : _LIST_ENTRY [ 0x899c5ccc - 0x899c5ccc ]0x10c LegacyBusListEntry : _LIST_ENTRY [ 0x899c5cd4 - 0x899c5cd4 ]变为0: kd dt _device_Node 899c5bc8nt!_DEVICE_NODE0x000 Sibling : (null)0x004 Child : 0x899c5850 _DEVICE_NODE0x008 Parent : (null)0x00c LastChild : 0x89983478 _DEVICE_NODE0x010 Level : 00x014 Notify : (null)0x018 State : 308 ( DeviceNodeStarted )0x01c PreviousState : 30d ( DeviceNodeEnumerateCompletion )0x020 StateHistory : [20] 301 ( DeviceNodeUninitialized )0x070 StateHistoryEntry : 50x074 CompletionStatus : 0n00x078 PendingIrp : (null)0x07c Flags : 0x1310x080 UserFlags : 00x084 Problem : 00x088 PhysicalDeviceObject : 0x899c5d08 _DEVICE_OBJECT0x08c ResourceList : (null)0x090 ResourceListTranslated : (null)0x094 InstancePath : _UNICODE_STRING HTREE\ROOT\00x09c ServiceName : _UNICODE_STRING 0x0a4 DuplicatePDO : (null)0x0a8 ResourceRequirements : (null)0x0ac InterfaceType : 0xffffffff (No matching name)0x0b0 BusNumber : 0xffffffff0x0b4 ChildInterfaceType : 0xffffffff (No matching name)0x0b8 ChildBusNumber : 0xffffffff0x0bc ChildBusTypeIndex : 0xffff0x0be RemovalPolicy : 0 0x0bf HardwareRemovalPolicy : 0 0x0c0 TargetDeviceNotify : _LIST_ENTRY [ 0x899c5c88 - 0x899c5c88 ]0x0c8 DeviceArbiterList : _LIST_ENTRY [ 0xe127f3b0 - 0xe127f3b0 ]0x0d0 DeviceTranslatorList : _LIST_ENTRY [ 0x899c5c98 - 0x899c5c98 ]0x0d8 NoTranslatorMask : 00x0da QueryTranslatorMask : 00x0dc NoArbiterMask : 00x0de QueryArbiterMask : 0x440x0e0 OverUsed1 : __unnamed0x0e4 OverUsed2 : __unnamed0x0e8 BootResources : (null)0x0ec CapabilityFlags : 00x0f0 DockInfo : __unnamed0x100 DisableableDepends : 00x104 PendedSetInterfaceState : _LIST_ENTRY [ 0x899c5ccc - 0x899c5ccc ]0x10c LegacyBusListEntry : _LIST_ENTRY [ 0x899c5cd4 - 0x899c5cd4 ]0x0de QueryArbiterMask : 0x44100 0100resourceMask 1 resourceType; resourceMask 1 60x40;if (found FALSE) {arbiterEntry (PPI_RESOURCE_ARBITER_ENTRY)ExAllocatePoolAE(PagedPool | POOL_COLD_ALLOCATION,sizeof(PI_RESOURCE_ARBITER_ENTRY));if (!arbiterEntry) {status STATUS_INSUFFICIENT_RESOURCES;return status;}IopInitializeArbiterEntryState(arbiterEntry);InitializeListHead(arbiterEntry-DeviceArbiterList);arbiterEntry-ResourceType resourceType;arbiterEntry-Level deviceNode-Level;listHead deviceNode-DeviceArbiterList;InsertTailList(listHead, arbiterEntry-DeviceArbiterList);arbiterEntry-ArbiterInterface (PARBITER_INTERFACE)interface;if (!interface) {0: kd dv arbiterEntryarbiterEntry 0xe12979d0一个是对arbiterEntry赋值一个是对deviceNode899c5bc8进行赋值0: kd dt _device_Node 899c5bc8nt!_DEVICE_NODE0x000 Sibling : (null)0x004 Child : 0x899c5850 _DEVICE_NODE0x008 Parent : (null)0x00c LastChild : 0x89983478 _DEVICE_NODE0x010 Level : 00x014 Notify : (null)0x018 State : 308 ( DeviceNodeStarted )0x01c PreviousState : 30d ( DeviceNodeEnumerateCompletion )0x020 StateHistory : [20] 301 ( DeviceNodeUninitialized )0x070 StateHistoryEntry : 50x074 CompletionStatus : 0n00x078 PendingIrp : (null)0x07c Flags : 0x1310x080 UserFlags : 00x084 Problem : 00x088 PhysicalDeviceObject : 0x899c5d08 _DEVICE_OBJECT0x08c ResourceList : (null)0x090 ResourceListTranslated : (null)0x094 InstancePath : _UNICODE_STRING HTREE\ROOT\00x09c ServiceName : _UNICODE_STRING 0x0a4 DuplicatePDO : (null)0x0a8 ResourceRequirements : (null)0x0ac InterfaceType : 0xffffffff (No matching name)0x0b0 BusNumber : 0xffffffff0x0b4 ChildInterfaceType : 0xffffffff (No matching name)0x0b8 ChildBusNumber : 0xffffffff0x0bc ChildBusTypeIndex : 0xffff0x0be RemovalPolicy : 0 0x0bf HardwareRemovalPolicy : 0 0x0c0 TargetDeviceNotify : _LIST_ENTRY [ 0x899c5c88 - 0x899c5c88 ]0x0c8 DeviceArbiterList : _LIST_ENTRY [ 0xe127f3b0 - 0xe12979d0 ]0x0d0 DeviceTranslatorList : _LIST_ENTRY [ 0x899c5c98 - 0x899c5c98 ]0x0d8 NoTranslatorMask : 00x0da QueryTranslatorMask : 00x0dc NoArbiterMask : 00x0de QueryArbiterMask : 0x440x0e0 OverUsed1 : __unnamed0x0e4 OverUsed2 : __unnamed0x0e8 BootResources : (null)0x0ec CapabilityFlags : 00x0f0 DockInfo : __unnamed0x100 DisableableDepends : 00x104 PendedSetInterfaceState : _LIST_ENTRY [ 0x899c5ccc - 0x899c5ccc ]0x10c LegacyBusListEntry : _LIST_ENTRY [ 0x899c5cd4 - 0x899c5cd4 ]0: kd dx -id 0,0,899a2278 -r1 (*((ntkrnlmp!_LIST_ENTRY *)0x899c5c90))(*((ntkrnlmp!_LIST_ENTRY *)0x899c5c90)) [Type: _LIST_ENTRY][0x000] Flink : 0xe127f3b0 [Type: _LIST_ENTRY *][0x004] Blink :0xe12979d0[Type: _LIST_ENTRY *]Blink : 0xe12979d0新添加的。0: kd dx -id 0,0,899a2278 -r1 ((ntkrnlmp!_LIST_ENTRY *)0xe127f3b0)((ntkrnlmp!_LIST_ENTRY *)0xe127f3b0) : 0xe127f3b0 [Type: _LIST_ENTRY *][0x000] Flink : 0xe12979d0 [Type: _LIST_ENTRY *][0x004] Blink : 0x899c5c90 [Type: _LIST_ENTRY *]0: kd dv arbiterEntryarbiterEntry 0xe12979d00: kd dx -r1 ((ntkrnlmp!_PI_RESOURCE_ARBITER_ENTRY *)0xe12979d0)((ntkrnlmp!_PI_RESOURCE_ARBITER_ENTRY *)0xe12979d0) : 0xe12979d0 [Type: _PI_RESOURCE_ARBITER_ENTRY *][0x000] DeviceArbiterList [Type: _LIST_ENTRY][0x008] ResourceType : 0x6 [Type: unsigned char][0x00c] ArbiterInterface : 0xe1278768 [Type: _ARBITER_INTERFACE *][0x010] Level : 0x0 [Type: unsigned long][0x014] ResourceList [Type: _LIST_ENTRY][0x01c] BestResourceList [Type: _LIST_ENTRY][0x024] BestConfig [Type: _LIST_ENTRY][0x02c] ActiveArbiterList [Type: _LIST_ENTRY][0x034] State : 0x0 [Type: unsigned char][0x035] ResourcesChanged : 0x0 [Type: unsigned char]0: kd dx -r1 ((ntkrnlmp!_ARBITER_INTERFACE *)0xe1278768)((ntkrnlmp!_ARBITER_INTERFACE *)0xe1278768) : 0xe1278768 [Type: _ARBITER_INTERFACE *][0x000] Size : 0x18 [Type: unsigned short][0x002] Version : 0x0 [Type: unsigned short][0x004] Context : 0x80b1f2a0 [Type: void *][0x008] InterfaceReference : 0x0 [Type: void (*)(void *)][0x00c] InterfaceDereference : 0x0 [Type: void (*)(void *)][0x010] ArbiterHandler : 0x80dc51ee [Type: long (*)(void*,_ARBITER_ACTION,_ARBITER_PARAMETERS *)][0x014] Flags : 0x0 [Type: unsigned long]0: kd u 80dc51eent!ArbArbiterHandler [d:\srv03rtm\base\ntos\arb\arbiter.c 1461]:80dc51ee 55 push ebp80dc51ef 8bec mov ebp,esp80dc51f1 53 push ebx80dc51f2 56 push esi80dc51f3 8b350831a080 mov esi,dword ptr [nt!_imp__KeGetCurrentIrql (80a03108)]80dc51f9 57 push edi80dc51fa ffd6 call esi80dc51fc 3c01 cmp al,1//// If there is an desired resourcetype arbiter in the device node, make sure// it handle this resource requriements.//if (arbiterEntry) {arbiterFound TRUE;if (arbiterEntry-ArbiterInterface-Flags ARBITER_PARTIAL) { 不符合//// If the arbiter is partial, ask if it handles the resources// if not, goto its parent.//status IopCallArbiter(arbiterEntry,ArbiterActionQueryArbitrate,ReqDesc-TranslatedReqDesc,NULL,NULL);if (!NT_SUCCESS(status)) {arbiterFound FALSE;}}}if (arbiterFound) {ReqDesc-u.Arbiter arbiterEntry;//// Initialize the arbiter entry//arbiterEntry-State 0;arbiterEntry-ResourcesChanged FALSE;}}