win32k!StartDeviceRead读取文件handle=0x220=Driver-i8042prt中的鼠标信息
1: kd> g
Breakpoint 4 hit
eax=00000001 ebx=bfa02600 ecx=00000000 edx=00000000 esi=e1414eb8 edi=bfa01624
eip=bf8fc06b esp=bab9a8dc ebp=bab9a8f0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
win32k!StartDeviceRead:
bf8fc06b 55 push ebp
1: kd> dv
pDeviceInfo = 0xe1414eb8
ulLengthToRead = 0xe1414eb8
pBuffer = 0x00000008
fAlreadyHadDeviceInfoCrit = 0n-515813704
1: kd> dx -r1 ((win32k!tagDEVICEINFO *)0xe1414eb8)
((win32k!tagDEVICEINFO *)0xe1414eb8) : 0xe1414eb8 [Type: tagDEVICEINFO *]
+0x000\] head \[Type: _HEAD
+0x008\] pNext : 0x0 \[Type: tagDEVICEINFO \*
+0x00c\] type : 0x0 \[Type: unsigned char
+0x00d\] bFlags : 0x2 \[Type: unsigned char
+0x00e\] usActions : 0x0 \[Type: unsigned short
+0x010\] nRetryRead : 0x0 \[Type: unsigned char
+0x014\] ustrName : "\\??\\ACPI#VMW0003#4\&5289e18\&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" \[Type: _UNICODE_STRING
+0x01c\] handle : 0x220 \[Type: void \*
+0x020\] NotificationEntry : 0xe1413380 \[Type: void \*
+0x024\] pkeHidChangeCompleted : 0x897fb9e8 \[Type: _KEVENT \*
+0x028\] iosb \[Type: _IO_STATUS_BLOCK
+0x030\] ReadStatus : 0 \[Type: long
+0x034\] OpenerProcess : 0x1b0 \[Type: void \*
+0x038\] OpenStatus : 0 \[Type: long
+0x03c\] AttrStatus : 0 \[Type: long
+0x040\] timeStartRead : 0xffcab909 \[Type: unsigned long
+0x044\] timeEndRead : 0xffcab90b \[Type: unsigned long
+0x048\] nReadsOutstanding : 0 \[Type: int
+0x04c\] mouse \[Type: tagMOUSE_DEVICE_INFO
+0x04c\] keyboard \[Type: tagKEYBOARD_DEVICE_INFO
+0x04c\] hid \[Type: tagHID_DEVICE_INFO
1: kd> g
MOUCLASS-MouseClassRead: enter
Breakpoint 0 hit
eax=898fb18c ebx=898fb0f0 ecx=898fb188 edx=00000000 esi=89899338 edi=89899338
eip=f74f9d26 esp=bab9a6f0 ebp=bab9a70c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
mouclass!MouseClassReadCopyData:
f74f9d26 55 push ebp
1: kd> dv DeviceExtension
DeviceExtension = 0x898fb0f0
1: kd> dx -r1 ((mouclass!_DEVICE_EXTENSION *)0x898fb0f0)
((mouclass!_DEVICE_EXTENSION *)0x898fb0f0) : 0x898fb0f0 [Type: _DEVICE_EXTENSION *]
+0x000\] Self : 0x898fb038 : Device for "\\Driver\\Mouclass" \[Type: _DEVICE_OBJECT \*
+0x004\] TrueClassDevice : 0x898fb038 : Device for "\\Driver\\Mouclass" \[Type: _DEVICE_OBJECT \*
+0x008\] TopPort : 0x89471770 : Device for "\\Driver\\i8042prt" \[Type: _DEVICE_OBJECT \*
+0x00c\] PDO : 0x895c5610 : Device for "\\Driver\\ACPI" \[Type: _DEVICE_OBJECT \*
+0x010\] RemoveLock \[Type: _IO_REMOVE_LOCK
+0x068\] PnP : 0x1 \[Type: unsigned char
+0x069\] Started : 0x1 \[Type: unsigned char
+0x06a\] OkayToLogOverflow : 0x1 \[Type: unsigned char
+0x06c\] WaitWakeSpinLock : 0x0 \[Type: unsigned long
+0x070\] TrustedSubsystemCount : 0x1 \[Type: unsigned long
+0x074\] InputCount : 0x22 \[Type: unsigned long
+0x078\] SymbolicLinkName : "\\??\\ACPI#VMW0003#4\&5289e18\&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" \[Type: _UNICODE_STRING
+0x080\] InputData : 0x8979f6a0 \[Type: _MOUSE_INPUT_DATA \*
+0x084\] DataIn : 0x8979fcb8 \[Type: _MOUSE_INPUT_DATA \*
+0x088\] DataOut : 0x8979f988 \[Type: _MOUSE_INPUT_DATA \*
+0x08c\] MouseAttributes \[Type: _MOUSE_ATTRIBUTES
+0x098\] SpinLock : 0x895aada1 \[Type: unsigned long
+0x09c\] ReadQueue \[Type: _LIST_ENTRY
+0x0a4\] SequenceNumber : 0x24 \[Type: unsigned long
+0x0a8\] DeviceState : PowerDeviceD0 (1) \[Type: _DEVICE_POWER_STATE
+0x0ac\] SystemState : PowerSystemWorking (1) \[Type: _SYSTEM_POWER_STATE
+0x0b0\] UnitId : 0x0 \[Type: unsigned long
+0x0b4\] WmiLibInfo \[Type: _WMILIB_CONTEXT
+0x0d4\] SystemToDeviceState \[Type: _DEVICE_POWER_STATE \[5\]
+0x0e8\] MinDeviceWakeState : PowerDeviceUnspecified (0) \[Type: _DEVICE_POWER_STATE
+0x0ec\] MinSystemWakeState : PowerSystemUnspecified (0) \[Type: _SYSTEM_POWER_STATE
+0x0f0\] WaitWakeIrp : 0x0 \[Type: _IRP \*
+0x0f4\] ExtraWaitWakeIrp : 0x0 \[Type: _IRP \*
+0x0f8\] TargetNotifyHandle : 0x0 \[Type: void \*
+0x0fc\] Link \[Type: _LIST_ENTRY
+0x104\] File : 0x0 \[Type: _FILE_OBJECT \*
+0x108\] Enabled : 0x0 \[Type: unsigned char
+0x109\] WaitWakeEnabled : 0x0 \[Type: unsigned char
+0x10a\] SurpriseRemoved : 0x0 \[Type: unsigned char
1: kd> !handle 0x220
PROCESS 898a7258 SessionId: 0 Cid: 01b0 Peb: 7ffdf000 ParentCid: 0180
DirBase: 7c21b000 ObjectTable: e142d3c8 HandleCount: 306.
Image: csrss.exe
Handle table at e142d3c8 with 306 entries in use
0220: Object: 895aaca0 GrantedAccess: 00100001 Entry: e15ca440
Object: 895aaca0 Type: (89987710) File
ObjectHeader: 895aac88 (old version)
HandleCount: 1 PointerCount: 2
1: kd> dt file_object 895aaca0
winsrv!FILE_OBJECT
+0x000 Type : 0n5
+0x002 Size : 0n112
+0x004 DeviceObject : 0x895c5610 _DEVICE_OBJECT
+0x008 Vpb : (null)
+0x00c FsContext : (null)
+0x010 FsContext2 : 0xf750180e Void
+0x014 SectionObjectPointer : (null)
+0x018 PrivateCacheMap : (null)
+0x01c FinalStatus : 0n0
+0x020 RelatedFileObject : (null)
+0x024 LockOperation : 0 ''
+0x025 DeletePending : 0 ''
+0x026 ReadAccess : 0 ''
+0x027 WriteAccess : 0 ''
+0x028 DeleteAccess : 0 ''
+0x029 SharedRead : 0 ''
+0x02a SharedWrite : 0 ''
+0x02b SharedDelete : 0 ''
+0x02c Flags : 0x40000
+0x030 FileName : _UNICODE_STRING ""
+0x038 CurrentByteOffset : _LARGE_INTEGER 0x0
+0x040 Waiters : 0
+0x044 Busy : 0
+0x048 LastLock : (null)
+0x04c Lock : _KEVENT
+0x05c Event : _KEVENT
+0x06c CompletionContext : (null)
1: kd> dx -id 0,0,898a7258 -r1 ((winsrv!_DEVICE_OBJECT *)0x895c5610)
((winsrv!_DEVICE_OBJECT *)0x895c5610) : 0x895c5610 : Device for "\Driver\ACPI" [Type: _DEVICE_OBJECT *]
\
Flags : 0x1040
UpperDevices : Immediately above is Device for "\Driver\i8042prt" [at 0x89471770]
LowerDevices
Driver : 0x89981f38 : Driver "\Driver\ACPI" [Type: _DRIVER_OBJECT *]
1: kd> dx -id 0,0,898a7258 -r1 -nv (*((winsrv!_DEVICE_OBJECT *)0x895c5610))
(*((winsrv!_DEVICE_OBJECT *)0x895c5610)) : Device for "\Driver\ACPI" [Type: _DEVICE_OBJECT]
+0x000\] Type : 3 \[Type: short
+0x002\] Size : 0xb8 \[Type: unsigned short
+0x004\] ReferenceCount : 1 \[Type: long
+0x008\] DriverObject : 0x89981f38 : Driver "\\Driver\\ACPI" \[Type: _DRIVER_OBJECT \*
+0x00c\] NextDevice : 0x895c5730 : Device for "\\Driver\\ACPI" \[Type: _DEVICE_OBJECT \*
+0x010\] AttachedDevice : 0x89471770 : Device for "\\Driver\\i8042prt" \[Type: _DEVICE_OBJECT \*
+0x014\] CurrentIrp : 0x0 \[Type: _IRP \*
+0x018\] Timer : 0x0 \[Type: _IO_TIMER \*
+0x01c\] Flags : 0x1040 \[Type: unsigned long
+0x020\] Characteristics : 0x80 \[Type: unsigned long
+0x024\] Vpb : 0x0 \[Type: _VPB \*
+0x028\] DeviceExtension : 0x89982ea0 \[Type: void \*
+0x02c\] DeviceType : 0x32 \[Type: unsigned long
+0x030\] StackSize : 4 \[Type: char
+0x034\] Queue \[Type: __unnamed
+0x05c\] AlignmentRequirement : 0x0 \[Type: unsigned long
+0x060\] DeviceQueue \[Type: _KDEVICE_QUEUE
+0x074\] Dpc \[Type: _KDPC
+0x094\] ActiveThreadCount : 0x0 \[Type: unsigned long
+0x098\] SecurityDescriptor : 0xe12977c0 \[Type: void \*
+0x09c\] DeviceLock \[Type: _KEVENT
+0x0ac\] SectorSize : 0x0 \[Type: unsigned short
+0x0ae\] Spare1 : 0x1 \[Type: unsigned short
+0x0b0\] DeviceObjectExtension : 0x895c56c8 \[Type: _DEVOBJ_EXTENSION \*
+0x0b4\] Reserved : 0x0 \[Type: void \*
1: kd> dx -id 0,0,898a7258 -r1 ((winsrv!_DEVICE_OBJECT *)0x89471770)
((winsrv!_DEVICE_OBJECT *)0x89471770) : 0x89471770 : Device for "\Driver\i8042prt" [Type: _DEVICE_OBJECT *]
\
Flags : 0x2004
UpperDevices : Immediately above is Device for "\Driver\Mouclass" [at 0x898fb038]
LowerDevices
Driver : 0x898546b0 : Driver "\Driver\i8042prt" [Type: _DRIVER_OBJECT *]
1: kd> dx -id 0,0,898a7258 -r1 -nv (*((winsrv!_DEVICE_OBJECT *)0x89471770))
(*((winsrv!_DEVICE_OBJECT *)0x89471770)) : Device for "\Driver\i8042prt" [Type: _DEVICE_OBJECT]
+0x000\] Type : 3 \[Type: short
+0x002\] Size : 0x398 \[Type: unsigned short
+0x004\] ReferenceCount : 0 \[Type: long
+0x008\] DriverObject : 0x898546b0 : Driver "\\Driver\\i8042prt" \[Type: _DRIVER_OBJECT \*
+0x00c\] NextDevice : 0x89594020 : Device for "\\Driver\\i8042prt" \[Type: _DEVICE_OBJECT \*
+0x010\] AttachedDevice : 0x898fb038 : Device for "\\Driver\\Mouclass" \[Type: _DEVICE_OBJECT \*
+0x014\] CurrentIrp : 0x0 \[Type: _IRP \*
+0x018\] Timer : 0x0 \[Type: _IO_TIMER \*
+0x01c\] Flags : 0x2004 \[Type: unsigned long
+0x020\] Characteristics : 0x0 \[Type: unsigned long
+0x024\] Vpb : 0x0 \[Type: _VPB \*
+0x028\] DeviceExtension : 0x89471828 \[Type: void \*
+0x02c\] DeviceType : 0x27 \[Type: unsigned long
+0x030\] StackSize : 5 \[Type: char
+0x034\] Queue \[Type: __unnamed
+0x05c\] AlignmentRequirement : 0x0 \[Type: unsigned long
+0x060\] DeviceQueue \[Type: _KDEVICE_QUEUE
+0x074\] Dpc \[Type: _KDPC
+0x094\] ActiveThreadCount : 0x0 \[Type: unsigned long
+0x098\] SecurityDescriptor : 0x0 \[Type: void \*
+0x09c\] DeviceLock \[Type: _KEVENT
+0x0ac\] SectorSize : 0x0 \[Type: unsigned short
+0x0ae\] Spare1 : 0x1 \[Type: unsigned short
+0x0b0\] DeviceObjectExtension : 0x89471b08 \[Type: _DEVOBJ_EXTENSION \*
+0x0b4\] Reserved : 0x0 \[Type: void \*
1: kd> dx -id 0,0,898a7258 -r1 ((winsrv!_DEVICE_OBJECT *)0x898fb038)
((winsrv!_DEVICE_OBJECT *)0x898fb038) : 0x898fb038 : Device for "\Driver\Mouclass" [Type: _DEVICE_OBJECT *]
\
Flags : 0x2044
UpperDevices : None
LowerDevices
Driver : 0x89589a68 : Driver "\Driver\Mouclass" [Type: _DRIVER_OBJECT *]
1: kd> dx -id 0,0,898a7258 -r1 -nv (*((winsrv!_DEVICE_OBJECT *)0x898fb038))
(*((winsrv!_DEVICE_OBJECT *)0x898fb038)) : Device for "\Driver\Mouclass" [Type: _DEVICE_OBJECT]
+0x000\] Type : 3 \[Type: short
+0x002\] Size : 0x1c8 \[Type: unsigned short
+0x004\] ReferenceCount : 0 \[Type: long
+0x008\] DriverObject : 0x89589a68 : Driver "\\Driver\\Mouclass" \[Type: _DRIVER_OBJECT \*
+0x00c\] NextDevice : 0x0 \[Type: _DEVICE_OBJECT \*
+0x010\] AttachedDevice : 0x0 \[Type: _DEVICE_OBJECT \*
+0x014\] CurrentIrp : 0x0 \[Type: _IRP \*
+0x018\] Timer : 0x0 \[Type: _IO_TIMER \*
+0x01c\] Flags : 0x2044 \[Type: unsigned long
+0x020\] Characteristics : 0x0 \[Type: unsigned long
+0x024\] Vpb : 0x0 \[Type: _VPB \*
+0x028\] DeviceExtension : 0x898fb0f0 \[Type: void \*\] //\[+0x028\] DeviceExtension : 0x898fb0f0 \[+0x02c\] DeviceType : 0xf \[Type: unsigned long
+0x030\] StackSize : 6 \[Type: char
+0x034\] Queue \[Type: __unnamed
+0x05c\] AlignmentRequirement : 0x0 \[Type: unsigned long
+0x060\] DeviceQueue \[Type: _KDEVICE_QUEUE
+0x074\] Dpc \[Type: _KDPC
+0x094\] ActiveThreadCount : 0x0 \[Type: unsigned long
+0x098\] SecurityDescriptor : 0xe12977c0 \[Type: void \*
+0x09c\] DeviceLock \[Type: _KEVENT
+0x0ac\] SectorSize : 0x0 \[Type: unsigned short
+0x0ae\] Spare1 : 0x0 \[Type: unsigned short
+0x0b0\] DeviceObjectExtension : 0x898fb200 \[Type: _DEVOBJ_EXTENSION \*
+0x0b4\] Reserved : 0x0 \[Type: void \*
1: kd> g
MOUCLASS-MouseClassCopyReadData: queue size 0x330, read length 0xf0
MOUCLASS-MouseClassCopyReadData: bytes to end of queue 0x678
MOUCLASS-MouseClassCopyReadData: number of bytes in first move 0xf0
MOUCLASS-MouseClassCopyReadData: move bytes from 0x8979f988 to 0x89526f08
MOUCLASS-MouseClassCopyReadData: new DataIn 0x8979fcb8, DataOut 0x8979fa78
MOUCLASS-MouseClassCopyReadData: new InputCount 24
Breakpoint 1 hit
eax=00000000 ebx=bfa02600 ecx=00000000 edx=1d530003 esi=e1414eb8 edi=bfa01624
eip=bf8e9149 esp=bab9a8dc ebp=bab9a8f0 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
win32k!ProcessMouseInput:
bf8e9149 55 push ebp
1: kd> dv
pMouseInfo = 0xe1414eb8
ptLastMove = {x=-1081175735 y=8}
1: kd> dx -r1 ((win32k!tagDEVICEINFO *)0xe1414eb8)
((win32k!tagDEVICEINFO *)0xe1414eb8) : 0xe1414eb8 [Type: tagDEVICEINFO *]
+0x000\] head \[Type: _HEAD
+0x008\] pNext : 0x0 \[Type: tagDEVICEINFO \*
+0x00c\] type : 0x0 \[Type: unsigned char
+0x00d\] bFlags : 0x2 \[Type: unsigned char
+0x00e\] usActions : 0x0 \[Type: unsigned short
+0x010\] nRetryRead : 0x0 \[Type: unsigned char
+0x014\] ustrName : "\\??\\ACPI#VMW0003#4\&5289e18\&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" \[Type: _UNICODE_STRING
+0x01c\] handle : 0x220 \[Type: void \*
+0x020\] NotificationEntry : 0xe1413380 \[Type: void \*
+0x024\] pkeHidChangeCompleted : 0x897fb9e8 \[Type: _KEVENT \*
+0x028\] iosb \[Type: _IO_STATUS_BLOCK
+0x030\] ReadStatus : 0 \[Type: long
+0x034\] OpenerProcess : 0x1b0 \[Type: void \*
+0x038\] OpenStatus : 0 \[Type: long
+0x03c\] AttrStatus : 0 \[Type: long
+0x040\] timeStartRead : 0xffcabc91 \[Type: unsigned long
+0x044\] timeEndRead : 0xffcabd1d \[Type: unsigned long
+0x048\] nReadsOutstanding : 0 \[Type: int
+0x04c\] mouse \[Type: tagMOUSE_DEVICE_INFO
+0x04c\] keyboard \[Type: tagKEYBOARD_DEVICE_INFO
+0x04c\] hid \[Type: tagHID_DEVICE_INFO
1: kd> dx -r1 (*((win32k!_IO_STATUS_BLOCK *)0xe1414ee0))
(*((win32k!_IO_STATUS_BLOCK *)0xe1414ee0)) [Type: _IO_STATUS_BLOCK]
+0x000\] Status : 0 \[Type: long
+0x000\] Pointer : 0x0 \[Type: void \*
+0x004\] Information : 0xf0 \[Type: unsigned long
1: kd> g
Breakpoint 2 hit
eax=00000000 ebx=ffcabd2d ecx=bc510013 edx=00000100 esi=e1414fe8 edi=00000000
eip=bf8e7542 esp=bab9a898 ebp=bab9a8d8 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
win32k!QueueMouseEvent:
bf8e7542 55 push ebp
1: kd> dv
ButtonFlags = 0
ButtonData = 0
ExtraInfo = 0
ptMouse = {x=552 y=415}
time = 0n-3490515
hDevice = 0x00010047
pmei = 0xe1414fe8
bInjected = 0n0
bWakeRIT = 0n1