mouhid!MouHid_ReadComplete调用mouclass!MouseClassServiceCallback函数第二种情形放到缓存区域中

mouhid!MouHid_ReadComplete调用mouclass!MouseClassServiceCallback函数第二种情形放到缓存区域中。

第0部分：

0: kd> g

MouHid: ReadComplete: Enter.Breakpoint 3 hit

eax=898db2f8 ebx=00000000 ecx=00000041 edx=00000002 esi=894dc7e0 edi=898db210

eip=f74fa596 esp=80b143ec ebp=80b14420 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

mouclass!MouseClassServiceCallback:

f74fa596 55 push ebp

0: kd> kc

00 mouclass!MouseClassServiceCallback

01 mouhid!MouHid_ReadComplete

02 nt!IopfCompleteRequest

03 HIDCLASS!HidpDistributeInterruptReport

04 HIDCLASS!HidpInterruptReadComplete

05 nt!IopfCompleteRequest

06 USBPORT!USBPORT_CompleteTransfer

07 USBPORT!USBPORT_DoneTransfer

08 USBPORT!USBPORT_FlushDoneTransferList

09 USBPORT!USBPORT_DpcWorker

0a USBPORT!USBPORT_IsrDpcWorker

0b USBPORT!USBPORT_IsrDpc

0c nt!KiRetireDpcList

0d nt!KiIdleLoop

0: kd> g

MOUCLASS-MouseClassServiceCallback: enter

MOUCLASS-MouseClassServiceCallback: bytes remaining after move to SystemBuffer 0x18

MOUCLASS-MouseClassServiceCallback: unused bytes in class queue 0x918, remaining bytes in port queue 0x18

MOUCLASS-MouseClassServiceCallback: total number of bytes to move to class queue 0x18

MOUCLASS-MouseClassServiceCallback: number of bytes to end of class buffer 0x558

MOUCLASS-MouseClassServiceCallback: number of bytes in first move to class 0x18

MOUCLASS-MouseClassServiceCallback: move bytes from 0x898db2f8 to 0x898535b8

MOUCLASS-MouseClassServiceCallback: changed InputCount to 4 entries in the class queue

MOUCLASS-MouseClassServiceCallback: DataIn 0x898535d0, DataOut 0x89853570

MOUCLASS-MouseClassServiceCallback: Input data items consumed = 1

MOUCLASS-MouseClassServiceCallback: exit

MouHid: calling StartRead directly

Breakpoint 6 hit

eax=00000000 ebx=00000000 ecx=f7668b46 edx=0000001b esi=894dc7e0 edi=898db210

eip=f76691ce esp=80b143f8 ebp=80b14420 iopl=0 nv up ei pl nz ac po cy

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000213

mouhid!MouHid_StartRead:

f76691ce 55 push ebp

0: kd> g

MouHid: Start Read: Ente

Breakpoint 7 hit

eax=00000103 ebx=00000000 ecx=00000041 edx=895aad02 esi=898db210 edi=8940bcd8

eip=f76692cc esp=80b143e0 ebp=80b143f4 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

mouhid!MouHid_StartRead+0xfe:

f76692cc 53 push ebx

0: kd> g

MouHid: read is pending

Breakpoint 5 hit

eax=00000000 ebx=00000000 ecx=8940bc01 edx=80b144e1 esi=8940bcd8 edi=8940be47

eip=f7668b84 esp=80b14424 ebp=80b14450 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

mouhid!MouHid_ReadComplete:

f7668b84 55 push ebp

0: kd> kc

00 mouhid!MouHid_ReadComplete

01 nt!IopfCompleteRequest

02 HIDCLASS!HidpDistributeInterruptReport

03 HIDCLASS!HidpInterruptReadComplete

04 nt!IopfCompleteRequest

05 USBPORT!USBPORT_CompleteTransfer

06 USBPORT!USBPORT_DoneTransfer

07 USBPORT!USBPORT_FlushDoneTransferList

08 USBPORT!USBPORT_DpcWorker

09 USBPORT!USBPORT_IsrDpcWorker

0a USBPORT!USBPORT_IsrDpc

0b nt!KiRetireDpcList

0c nt!KiIdleLoop

第一部分：

0: kd> g

MouHid: ReadComplete: Enter.Breakpoint 3 hit

eax=898db2f8 ebx=00000000 ecx=00000041 edx=00000002 esi=894dc7e0 edi=898db210

eip=f74fa596 esp=80b143ec ebp=80b14420 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

mouclass!MouseClassServiceCallback:

f74fa596 55 push ebp

0: kd> kc

00 mouclass!MouseClassServiceCallback

01 mouhid!MouHid_ReadComplete

02 nt!IopfCompleteRequest

03 HIDCLASS!HidpDistributeInterruptReport

04 HIDCLASS!HidpInterruptReadComplete

05 nt!IopfCompleteRequest

06 USBPORT!USBPORT_CompleteTransfer

07 USBPORT!USBPORT_DoneTransfer

08 USBPORT!USBPORT_FlushDoneTransferList

09 USBPORT!USBPORT_DpcWorker

0a USBPORT!USBPORT_IsrDpcWorker

0b USBPORT!USBPORT_IsrDpc

0c nt!KiRetireDpcList

0d nt!KiIdleLoop

第二部分：

InitializeListHead (&listHead);

irp = MouseClassDequeueRead (deviceExtension);

if (irp) { 不符合条件

//

// If there is still data in the port input data queue, move it to the class

// input data queue.

//

InputDataStart = (PMOUSE_INPUT_DATA) ((PCHAR) InputDataStart + moveSize);

moveSize = bytesInQueue - moveSize;

MouPrint((

3,

"MOUCLASS-MouseClassServiceCallback: bytes remaining after move to SystemBuffer 0x%lx\n",

moveSize

));

if (moveSize > 0) {

bytesInQueue =

deviceExtension->MouseAttributes.InputDataQueueLength -

(deviceExtension->InputCount * sizeof(MOUSE_INPUT_DATA));

0: kd> p

eax=00000000 ebx=00000018 ecx=e7111b74 edx=00000054 esi=894060f0 edi=00000003

eip=f74fa6a8 esp=80b143d0 ebp=80b143e8 iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

mouclass!MouseClassServiceCallback+0x112:

f74fa6a8 8b4674 mov eax,dword ptr [esi+74h] ds:0023:89406164=00000004

0: kd> dt mouclass!_DEVICE_EXTENSION 894060f0

+0x000 Self : 0x89406038 _DEVICE_OBJECT

+0x004 TrueClassDevice : 0x89406038 _DEVICE_OBJECT

+0x008 TopPort : 0x898db158 _DEVICE_OBJECT

+0x00c PDO : 0x89536cc0 _DEVICE_OBJECT

+0x010 RemoveLock : _IO_REMOVE_LOCK

+0x068 PnP : 0x1 ''

+0x069 Started : 0x1 ''

+0x06a OkayToLogOverflow : 0x1 ''

+0x06c WaitWakeSpinLock : 0

+0x070 TrustedSubsystemCount : 1

+0x074 InputCount : 4

+0x078 SymbolicLinkName : _UNICODE_STRING "\??\HID#Vid_0e0f&Pid_0003&MI_00#8&28f6544d&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"

+0x080 InputData : 0x898531b0 _MOUSE_INPUT_DATA

+0x084 DataIn : 0x898535d0 _MOUSE_INPUT_DATA

+0x088 DataOut : 0x89853570 _MOUSE_INPUT_DATA

+0x08c MouseAttributes : _MOUSE_ATTRIBUTES

+0x098 SpinLock : 0x80b200c1

+0x09c ReadQueue : _LIST_ENTRY [ 0x8940618c - 0x8940618c ]

+0x0a4 SequenceNumber : 0x1b

+0x0a8 DeviceState : 1 ( PowerDeviceD0 )

+0x0ac SystemState : 1 ( PowerSystemWorking )

+0x0b0 UnitId : 0

+0x0b4 WmiLibInfo : _WMILIB_CONTEXT

+0x0d4 SystemToDeviceState : [5] 0 ( PowerDeviceUnspecified )

+0x0e8 MinDeviceWakeState : 1 ( PowerDeviceD0 )

+0x0ec MinSystemWakeState : 2 ( PowerSystemSleeping1 )

+0x0f0 WaitWakeIrp : (null)

+0x0f4 ExtraWaitWakeIrp : (null)

+0x0f8 TargetNotifyHandle : (null)

+0x0fc Link : _LIST_ENTRY [ 0x0 - 0x0 ]

+0x104 File : (null)

+0x108 Enabled : 0 ''

+0x109 WaitWakeEnabled : 0 ''

+0x10a SurpriseRemoved : 0 ''

0: kd> dx -id 0,0,80b20320 -r1 (*((mouclass!_LIST_ENTRY *)0x8940618c))

(*((mouclass!_LIST_ENTRY *)0x8940618c)) [Type: _LIST_ENTRY]

+0x000\] Flink : 0x8940618c \[Type: _LIST_ENTRY \*

+0x004\] Blink : 0x8940618c \[Type: _LIST_ENTRY \*

PIRP

MouseClassDequeueRead(

IN PDEVICE_EXTENSION DeviceExtension

)

{

PIRP nextIrp = NULL;

KIRQL oldIrql;

while (!nextIrp && !IsListEmpty (&DeviceExtension->ReadQueue)){

0: kd> dt mouclass!_MOUSE_INPUT_DATA 0x89853570

+0x000 UnitId : 1

+0x002 Flags : 1

+0x004 Buttons : 0

+0x004 ButtonFlags : 0

+0x006 ButtonData : 0

+0x008 RawButtons : 0

+0x00c LastX : 0n28830

+0x010 LastY : 0n44582

+0x014 ExtraInformation : 0

0: kd> dt mouclass!_MOUSE_INPUT_DATA 0x89853570+18*1

+0x000 UnitId : 1

+0x002 Flags : 1

+0x004 Buttons : 0

+0x004 ButtonFlags : 0

+0x006 ButtonData : 0

+0x008 RawButtons : 0

+0x00c LastX : 0n28830

+0x010 LastY : 0n44582

+0x014 ExtraInformation : 0

0: kd> dt mouclass!_MOUSE_INPUT_DATA 0x89853570+18*2

+0x000 UnitId : 1

+0x002 Flags : 1

+0x004 Buttons : 0

+0x004 ButtonFlags : 0

+0x006 ButtonData : 0

+0x008 RawButtons : 0

+0x00c LastX : 0n28894

+0x010 LastY : 0n44582

+0x014 ExtraInformation : 0

0: kd> dt mouclass!_MOUSE_INPUT_DATA 0x89853570+18*3

+0x000 UnitId : 1

+0x002 Flags : 1

+0x004 Buttons : 0

+0x004 ButtonFlags : 0

+0x006 ButtonData : 0

+0x008 RawButtons : 0

+0x00c LastX : 0n28894

+0x010 LastY : 0n44668

+0x014 ExtraInformation : 0

bytesInQueue =

deviceExtension->MouseAttributes.InputDataQueueLength -

(deviceExtension->InputCount * sizeof(MOUSE_INPUT_DATA));

bytesToMove = moveSize;

MouPrint((

3,

"MOUCLASS-MouseClassServiceCallback: unused bytes in class queue 0x%lx, remaining bytes in port queue 0x%lx\n",

bytesInQueue,

bytesToMove

));

0: kd> p

MOUCLASS-MouseClassServiceCallback: unused bytes in class queue 0x900, remaining bytes in port queue 0x18

bytesToMove = (bytesInQueue < bytesToMove) ?

bytesInQueue:bytesToMove;

//

// bytesInQueue <- Number of unused bytes from insertion pointer to

// the end of the class input data queue (i.e., until the buffer

// wraps).

//

bytesInQueue = (ULONG)(((PCHAR) deviceExtension->InputData +

deviceExtension->MouseAttributes.InputDataQueueLength) -

(PCHAR) deviceExtension->DataIn);

MouPrint((

3,

"MOUCLASS-MouseClassServiceCallback: total number of bytes to move to class queue 0x%lx\n",

bytesToMove

));

0: kd> p

MOUCLASS-MouseClassServiceCallback: total number of bytes to move to class queue 0x18

eax=00000000 ebx=00000540 ecx=e7111b74 edx=00000056 esi=894060f0 edi=00000003

eip=f74fa6f5 esp=80b143c4 ebp=80b143e8 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

mouclass!MouseClassServiceCallback+0x15f:

f74fa6f5 53 push ebx

MouPrint((

3,

"MOUCLASS-MouseClassServiceCallback: number of bytes to end of class buffer 0x%lx\n",

bytesInQueue

));

0: kd> p

MOUCLASS-MouseClassServiceCallback: number of bytes to end of class buffer 0x540

//

// moveSize <- Number of bytes to handle in the first move.

//

moveSize = (bytesToMove < bytesInQueue) ?

bytesToMove:bytesInQueue;

MouPrint((

3,

"MOUCLASS-MouseClassServiceCallback: number of bytes in first move to class 0x%lx\n",

moveSize

0: kd> p

MOUCLASS-MouseClassServiceCallback: number of bytes in first move to class 0x18

eax=00000000 ebx=00000018 ecx=e7111b74 edx=00000050 esi=894060f0 edi=00000003

eip=f74fa718 esp=80b143c4 ebp=80b143e8 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

mouclass!MouseClassServiceCallback+0x182:

f74fa718 ffb684000000 push dword ptr [esi+84h] ds:0023:89406174=898535d0

//

// Do the move from the port data queue to the class data queue.

//

MouPrint((

3,

"MOUCLASS-MouseClassServiceCallback: move bytes from 0x%lx to 0x%lx\n",

(PCHAR) InputDataStart,

(PCHAR) deviceExtension->DataIn

));

0: kd> p

MOUCLASS-MouseClassServiceCallback: move bytes from 0x898db2f8 to 0x898535d0

eax=00000000 ebx=00000018 ecx=e7111b74 edx=0000004d esi=894060f0 edi=00000003

eip=f74fa72c esp=80b143b4 ebp=80b143e8 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

mouclass!MouseClassServiceCallback+0x196:

f74fa72c 53 push ebx

0: kd> kc

00 mouclass!MouseClassServiceCallback

01 mouhid!MouHid_ReadComplete

02 nt!IopfCompleteRequest

03 HIDCLASS!HidpDistributeInterruptReport

04 HIDCLASS!HidpInterruptReadComplete

05 nt!IopfCompleteRequest

06 USBPORT!USBPORT_CompleteTransfer

07 USBPORT!USBPORT_DoneTransfer

08 USBPORT!USBPORT_FlushDoneTransferList

09 USBPORT!USBPORT_DpcWorker

0a USBPORT!USBPORT_IsrDpcWorker

0b USBPORT!USBPORT_IsrDpc

0c nt!KiRetireDpcList

0d nt!KiIdleLoop

RtlMoveMemory(

(PCHAR) deviceExtension->DataIn, 放到缓存区域中

(PCHAR) InputDataStart, 读出硬件鼠标信息

moveSize

);

0: kd> dt MOUSE_INPUT_DATA 0x898db2f8

i8042prt!MOUSE_INPUT_DATA

+0x000 UnitId : 1

+0x002 Flags : 1

+0x004 Buttons : 0

+0x004 ButtonFlags : 0

+0x006 ButtonData : 0

+0x008 RawButtons : 0

+0x00c LastX : 0n28894

+0x010 LastY : 0n44754

+0x014 ExtraInformation : 0

InputDataStart = (PMOUSE_INPUT_DATA)

(((PCHAR) InputDataStart) + moveSize);

deviceExtension->DataIn = (PMOUSE_INPUT_DATA)

(((PCHAR) deviceExtension->DataIn) + moveSize);

0: kd> dt mouclass!_DEVICE_EXTENSION 894060f0

+0x000 Self : 0x89406038 _DEVICE_OBJECT

+0x004 TrueClassDevice : 0x89406038 _DEVICE_OBJECT

+0x008 TopPort : 0x898db158 _DEVICE_OBJECT

+0x00c PDO : 0x89536cc0 _DEVICE_OBJECT

+0x010 RemoveLock : _IO_REMOVE_LOCK

+0x068 PnP : 0x1 ''

+0x069 Started : 0x1 ''

+0x06a OkayToLogOverflow : 0x1 ''

+0x06c WaitWakeSpinLock : 0

+0x070 TrustedSubsystemCount : 1

+0x074 InputCount : 4

+0x078 SymbolicLinkName : _UNICODE_STRING "\??\HID#Vid_0e0f&Pid_0003&MI_00#8&28f6544d&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"

+0x080 InputData : 0x898531b0 _MOUSE_INPUT_DATA

+0x084 DataIn : 0x898535e8 _MOUSE_INPUT_DATA

+0x088 DataOut : 0x89853570 _MOUSE_INPUT_DATA

if ((PCHAR) deviceExtension->DataIn >=

((PCHAR) deviceExtension->InputData +

deviceExtension->MouseAttributes.InputDataQueueLength)) {

deviceExtension->DataIn = deviceExtension->InputData;

} 如果超过了尾部，则返回到头部。

//

// Update the input data queue counter.

//

deviceExtension->InputCount +=

(bytesToMove / sizeof(MOUSE_INPUT_DATA));

*InputDataConsumed += (bytesToMove / sizeof(MOUSE_INPUT_DATA));

0: kd> dt mouclass!_DEVICE_EXTENSION 894060f0

+0x000 Self : 0x89406038 _DEVICE_OBJECT

+0x004 TrueClassDevice : 0x89406038 _DEVICE_OBJECT

+0x008 TopPort : 0x898db158 _DEVICE_OBJECT

+0x00c PDO : 0x89536cc0 _DEVICE_OBJECT

+0x010 RemoveLock : _IO_REMOVE_LOCK

+0x068 PnP : 0x1 ''

+0x069 Started : 0x1 ''

+0x06a OkayToLogOverflow : 0x1 ''

+0x06c WaitWakeSpinLock : 0

+0x070 TrustedSubsystemCount : 1

+0x074 InputCount : 5

+0x078 SymbolicLinkName : _UNICODE_STRING "\??\HID#Vid_0e0f&Pid_0003&MI_00#8&28f6544d&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"

+0x080 InputData : 0x898531b0 _MOUSE_INPUT_DATA

+0x084 DataIn : 0x898535e8 _MOUSE_INPUT_DATA

+0x088 DataOut : 0x89853570 _MOUSE_INPUT_DATA

MouPrint((

3,

"MOUCLASS-MouseClassServiceCallback: changed InputCount to %ld entries in the class queue\n",

deviceExtension->InputCount

));

0: kd> p

MOUCLASS-MouseClassServiceCallback: changed InputCount to 5 entries in the class queue

eax=00000000 ebx=80b1440c ecx=e7111b74 edx=00000057 esi=894060f0 edi=00000003

eip=f74fa7cc esp=80b143c4 ebp=80b143e8 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

mouclass!MouseClassServiceCallback+0x236:

f74fa7cc ffb688000000 push dword ptr [esi+88h] ds:0023:89406178=89853570

MouPrint((

3,

"MOUCLASS-MouseClassServiceCallback: DataIn 0x%lx, DataOut 0x%lx\n",

deviceExtension->DataIn,

deviceExtension->DataOut

));

0: kd> p

MOUCLASS-MouseClassServiceCallback: DataIn 0x898535e8, DataOut 0x89853570

eax=00000000 ebx=80b1440c ecx=e7111b74 edx=0000004a esi=894060f0 edi=00000003

eip=f74fa7e3 esp=80b143b4 ebp=80b143e8 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

mouclass!MouseClassServiceCallback+0x24d:

f74fa7e3 ff33 push dword ptr [ebx] ds:0023:80b1440c=00000001

MouPrint((

3,

"MOUCLASS-MouseClassServiceCallback: Input data items consumed = %d\n",

*InputDataConsumed

));

0: kd> p

MOUCLASS-MouseClassServiceCallback: Input data items consumed = 1

eax=00000000 ebx=80b1440c ecx=e7111b74 edx=00000042 esi=894060f0 edi=00000003

eip=f74fa7f3 esp=80b143d0 ebp=80b143e8 iopl=0 nv up ei ng nz ac po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000292

mouclass!MouseClassServiceCallback+0x25d:

f74fa7f3 eb29 jmp mouclass!MouseClassServiceCallback+0x288 (f74fa81e)

//

// Complete all the read requests we have fulfilled outside of the spin lock

//

while (! IsListEmpty (&listHead)) { 不符合条件：

PLIST_ENTRY entry = RemoveHeadList (&listHead);

irp = CONTAINING_RECORD (entry, IRP, Tail.Overlay.ListEntry);

ASSERT (NT_SUCCESS (irp->IoStatus.Status) &&

irp->IoStatus.Status != STATUS_PENDING);

IoCompleteRequest (irp, IO_KEYBOARD_INCREMENT);

IoReleaseRemoveLock (&deviceExtension->RemoveLock, irp);

}

现在缓存区域中4条变成5条了。

第四部分：

0: kd> g

MOUCLASS-MouseClassServiceCallback: exit

MouHid: calling StartRead directly

Breakpoint 6 hit

eax=00000000 ebx=00000000 ecx=f7668b46 edx=0000001b esi=894dc7e0 edi=898db210

eip=f76691ce esp=80b143f8 ebp=80b14420 iopl=0 nv up ei pl nz ac po cy

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000213

mouhid!MouHid_StartRead:

f76691ce 55 push ebp

0: kd> g

MouHid: Start Read: Ente

Breakpoint 7 hit

eax=00000103 ebx=00000000 ecx=00000041 edx=895aad02 esi=898db210 edi=8940bcd8

eip=f76692cc esp=80b143e0 ebp=80b143f4 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

mouhid!MouHid_StartRead+0xfe:

f76692cc 53 push ebx

0: kd> bd 7

0: kd> g

MouHid: read is pending

Breakpoint 5 hit

eax=00000000 ebx=00000000 ecx=8940bc01 edx=80b144e1 esi=8940bcd8 edi=8940be47

eip=f7668b84 esp=80b14424 ebp=80b14450 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

mouhid!MouHid_ReadComplete:

f7668b84 55 push ebp

0: kd> g

MouHid: ReadComplete: Enter.Breakpoint 3 hit

eax=898db2f8 ebx=00000000 ecx=00000041 edx=00000002 esi=894dc7e0 edi=898db210

eip=f74fa596 esp=80b143ec ebp=80b14420 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

mouclass!MouseClassServiceCallback:

f74fa596 55 push ebp

0: kd> g

MOUCLASS-MouseClassServiceCallback: enter

MOUCLASS-MouseClassServiceCallback: bytes remaining after move to SystemBuffer 0x18

MOUCLASS-MouseClassServiceCallback: unused bytes in class queue 0x8e8, remaining bytes in port queue 0x18

MOUCLASS-MouseClassServiceCallback: total number of bytes to move to class queue 0x18

MOUCLASS-MouseClassServiceCallback: number of bytes to end of class buffer 0x528

MOUCLASS-MouseClassServiceCallback: number of bytes in first move to class 0x18

MOUCLASS-MouseClassServiceCallback: move bytes from 0x898db2f8 to 0x898535e8

MOUCLASS-MouseClassServiceCallback: changed InputCount to 6 entries in the class queue

MOUCLASS-MouseClassServiceCallback: DataIn 0x89853600, DataOut 0x89853570

MOUCLASS-MouseClassServiceCallback: Input data items consumed = 1

MOUCLASS-MouseClassServiceCallback: exit

MouHid: calling StartRead directly

Breakpoint 6 hit

eax=00000000 ebx=00000000 ecx=f7668b46 edx=0000001b esi=894dc7e0 edi=898db210

eip=f76691ce esp=80b143f8 ebp=80b14420 iopl=0 nv up ei pl nz ac po cy

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000213

mouhid!MouHid_StartRead:

f76691ce 55 push ebp

0: kd> bd 6

0: kd> g

MouHid: Start Read: Ente

MouHid: read is pending

Breakpoint 1 hit

eax=00000000 ebx=bfa02600 ecx=00000000 edx=80bf6160 esi=e162bd40 edi=bfa01624

eip=bf8e9149 esp=bab9a8dc ebp=bab9a8f0 iopl=0 nv up ei pl nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206

win32k!ProcessMouseInput:

bf8e9149 55 push ebp

0: kd> dv

pMouseInfo = 0xe162bd40

ptLastMove = {x=-1081175735 y=8}

0: kd> dx -r1 ((win32k!tagDEVICEINFO *)0xe162bd40)

((win32k!tagDEVICEINFO *)0xe162bd40) : 0xe162bd40 [Type: tagDEVICEINFO *]

+0x000\] head \[Type: _HEAD

+0x008\] pNext : 0xe1414eb8 \[Type: tagDEVICEINFO \*

+0x00c\] type : 0x0 \[Type: unsigned char

+0x00d\] bFlags : 0x2 \[Type: unsigned char

+0x00e\] usActions : 0x0 \[Type: unsigned short

+0x010\] nRetryRead : 0x0 \[Type: unsigned char

+0x014\] ustrName : "\\??\\HID#Vid_0e0f\&Pid_0003\&MI_00#8\&28f6544d\&0\&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" \[Type: _UNICODE_STRING

+0x01c\] handle : 0x21c \[Type: void \*

+0x020\] NotificationEntry : 0xe13e70c0 \[Type: void \*

+0x024\] pkeHidChangeCompleted : 0x897fb9c0 \[Type: _KEVENT \*

+0x028\] iosb \[Type: _IO_STATUS_BLOCK

+0x030\] ReadStatus : 259 \[Type: long

+0x034\] OpenerProcess : 0x1b0 \[Type: void \*

+0x038\] OpenStatus : 0 \[Type: long

+0x03c\] AttrStatus : 0 \[Type: long

+0x040\] timeStartRead : 0xffcaec3d \[Type: unsigned long

+0x044\] timeEndRead : 0xffcaec4b \[Type: unsigned long

+0x048\] nReadsOutstanding : 0 \[Type: int

+0x04c\] mouse \[Type: tagMOUSE_DEVICE_INFO

+0x04c\] keyboard \[Type: tagKEYBOARD_DEVICE_INFO

+0x04c\] hid \[Type: tagHID_DEVICE_INFO

0: kd> dx -r1 (*((win32k!_IO_STATUS_BLOCK *)0xe162bd68))

(*((win32k!_IO_STATUS_BLOCK *)0xe162bd68)) [Type: _IO_STATUS_BLOCK]

+0x000\] Status : 0 \[Type: long

+0x000\] Pointer : 0x0 \[Type: void \*

+0x004\] Information : 0x18 \[Type: unsigned long

0: kd> dx -r1 (*((win32k!tagMOUSE_DEVICE_INFO *)0xe162bd8c))

(*((win32k!tagMOUSE_DEVICE_INFO *)0xe162bd8c)) [Type: tagMOUSE_DEVICE_INFO]

+0x000\] Attr \[Type: _MOUSE_ATTRIBUTES

+0x00c\] Data \[Type: _MOUSE_INPUT_DATA \[10\]

0: kd> dx -r1 (*((win32k!_MOUSE_INPUT_DATA (*)[10])0xe162bd98))

(*((win32k!_MOUSE_INPUT_DATA (*)[10])0xe162bd98)) [Type: _MOUSE_INPUT_DATA [10]]

0\] \[Type: _MOUSE_INPUT_DATA

1\] \[Type: _MOUSE_INPUT_DATA

2\] \[Type: _MOUSE_INPUT_DATA

3\] \[Type: _MOUSE_INPUT_DATA

4\] \[Type: _MOUSE_INPUT_DATA

5\] \[Type: _MOUSE_INPUT_DATA

6\] \[Type: _MOUSE_INPUT_DATA

7\] \[Type: _MOUSE_INPUT_DATA

8\] \[Type: _MOUSE_INPUT_DATA

9\] \[Type: _MOUSE_INPUT_DATA

0: kd> dx -r1 (*((win32k!_MOUSE_INPUT_DATA *)0xe162bd98))

(*((win32k!_MOUSE_INPUT_DATA *)0xe162bd98)) [Type: _MOUSE_INPUT_DATA]

+0x000\] UnitId : 0x1 \[Type: unsigned short

+0x002\] Flags : 0x1 \[Type: unsigned short

+0x004\] Buttons : 0x0 \[Type: unsigned long

+0x004\] ButtonFlags : 0x0 \[Type: unsigned short

+0x006\] ButtonData : 0x0 \[Type: unsigned short

+0x008\] RawButtons : 0x0 \[Type: unsigned long

+0x00c\] LastX : 28830 \[Type: long

+0x010\] LastY : 44582 \[Type: long

+0x014\] ExtraInformation : 0x0 \[Type: unsigned long

0: kd> g

Breakpoint 2 hit

eax=00000000 ebx=ffcb2240 ecx=bc510013 edx=00000100 esi=e162bd98 edi=00000000

eip=bf8e7542 esp=bab9a898 ebp=bab9a8d8 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

win32k!QueueMouseEvent:

bf8e7542 55 push ebp

0: kd> dv

ButtonFlags = 0

ButtonData = 0

ExtraInfo = 0

ptMouse = {x=450 y=522}

time = 0n-3464640

hDevice = 0x00010049

pmei = 0xe162bd98

bInjected = 0n0

bWakeRIT = 0n1

0: kd> g

Breakpoint 4 hit

eax=00000000 ebx=bfa02600 ecx=00000000 edx=000c08e1 esi=e162bd40 edi=bfa01624

eip=bf8fc06b esp=bab9a8dc ebp=bab9a8f0 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

win32k!StartDeviceRead:

bf8fc06b 55 push ebp

0: kd> dv

pDeviceInfo = 0xe162bd40

ulLengthToRead = 0xe162bd40

pBuffer = 0x00000008

fAlreadyHadDeviceInfoCrit = 0n-513622720

0: kd> g

MOUCLASS-MouseClassRead: enter

Breakpoint 0 hit

eax=8940618c ebx=894060f0 ecx=89406188 edx=00000000 esi=897907c8 edi=897907c8

eip=f74f9d26 esp=bab9a6f0 ebp=bab9a70c iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

mouclass!MouseClassReadCopyData:

f74f9d26 55 push ebp

0: kd> dv DeviceExtension

DeviceExtension = 0x894060f0

0: kd> dx -r1 ((mouclass!_DEVICE_EXTENSION *)0x894060f0)

((mouclass!_DEVICE_EXTENSION *)0x894060f0) : 0x894060f0 [Type: _DEVICE_EXTENSION *]

+0x000\] Self : 0x89406038 : Device for "\\Driver\\Mouclass" \[Type: _DEVICE_OBJECT \*

+0x004\] TrueClassDevice : 0x89406038 : Device for "\\Driver\\Mouclass" \[Type: _DEVICE_OBJECT \*

+0x008\] TopPort : 0x898db158 : Device for "\\Driver\\mouhid" \[Type: _DEVICE_OBJECT \*

+0x00c\] PDO : 0x89536cc0 : Device for "\\Driver\\hidusb" \[Type: _DEVICE_OBJECT \*

+0x010\] RemoveLock \[Type: _IO_REMOVE_LOCK

+0x068\] PnP : 0x1 \[Type: unsigned char

+0x069\] Started : 0x1 \[Type: unsigned char

+0x06a\] OkayToLogOverflow : 0x1 \[Type: unsigned char

+0x06c\] WaitWakeSpinLock : 0x0 \[Type: unsigned long

+0x070\] TrustedSubsystemCount : 0x1 \[Type: unsigned long

+0x074\] InputCount : 0x6 \[Type: unsigned long

+0x078\] SymbolicLinkName : "\\??\\HID#Vid_0e0f\&Pid_0003\&MI_00#8\&28f6544d\&0\&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" \[Type: _UNICODE_STRING

+0x080\] InputData : 0x898531b0 \[Type: _MOUSE_INPUT_DATA \*

+0x084\] DataIn : 0x89853600 \[Type: _MOUSE_INPUT_DATA \*

+0x088\] DataOut : 0x89853570 \[Type: _MOUSE_INPUT_DATA \*

+0x08c\] MouseAttributes \[Type: _MOUSE_ATTRIBUTES

+0x098\] SpinLock : 0x895aada1 \[Type: unsigned long

+0x09c\] ReadQueue \[Type: _LIST_ENTRY

+0x0a4\] SequenceNumber : 0x1b \[Type: unsigned long

+0x0a8\] DeviceState : PowerDeviceD0 (1) \[Type: _DEVICE_POWER_STATE

+0x0ac\] SystemState : PowerSystemWorking (1) \[Type: _SYSTEM_POWER_STATE

+0x0b0\] UnitId : 0x0 \[Type: unsigned long

+0x0b4\] WmiLibInfo \[Type: _WMILIB_CONTEXT

+0x0d4\] SystemToDeviceState \[Type: _DEVICE_POWER_STATE \[5\]

+0x0e8\] MinDeviceWakeState : PowerDeviceD0 (1) \[Type: _DEVICE_POWER_STATE

+0x0ec\] MinSystemWakeState : PowerSystemSleeping1 (2) \[Type: _SYSTEM_POWER_STATE

+0x0f0\] WaitWakeIrp : 0x0 \[Type: _IRP \*

+0x0f4\] ExtraWaitWakeIrp : 0x0 \[Type: _IRP \*

+0x0f8\] TargetNotifyHandle : 0x0 \[Type: void \*

+0x0fc\] Link \[Type: _LIST_ENTRY

+0x104\] File : 0x0 \[Type: _FILE_OBJECT \*

+0x108\] Enabled : 0x0 \[Type: unsigned char

+0x109\] WaitWakeEnabled : 0x0 \[Type: unsigned char

+0x10a\] SurpriseRemoved : 0x0 \[Type: unsigned char