DeviceNodeStarted状态下nt!PipEnumerateDevice函数调用nt!IopQueryDeviceRelations函数查询设备关系

DeviceNodeStarted状态下nt!PipEnumerateDevice函数调用nt!IopQueryDeviceRelations函数查询设备关系

case DeviceNodeStarted:

nextNode = ChildNode;

if (!ProcessOnlyIntermediateStates) {

if ((currentNode->Flags & DNF_REENUMERATE)) {

status = PipEnumerateDevice(currentNode, Synchronous);

if (NT_SUCCESS(status)) {

//

// Remember the bus we just enumerated.

//

enumeratedBus = currentNode;

nextNode = SameNode;

} else if (status == STATUS_PENDING) {

nextNode = SiblingNode;

}

}

}

break;

NTSTATUS

PipEnumerateDevice(

IN PDEVICE_NODE DeviceNode,

IN BOOLEAN Synchronous

)

{

NTSTATUS status;

PAGED_CODE();

//

// Clear the flag before the query so we dont lose an enum request.

//

DeviceNode->Flags &= ~DNF_REENUMERATE;

status = IopQueryDeviceRelations(BusRelations,

DeviceNode->PhysicalDeviceObject,

Synchronous,

&DeviceNode->OverUsed1.PendingDeviceRelations

);

return status;

}

0: kd> kc

00 nt!IopQueryDeviceRelations

01 nt!PipEnumerateDevice

02 nt!PipProcessDevNodeTree

03 nt!PiProcessReenumeration

04 nt!PipDeviceActionWorker

05 nt!PipRequestDeviceAction

06 nt!PipAddDevicesToBootDriverWorker

07 nt!PipApplyFunctionToServiceInstances

08 nt!PipAddDevicesToBootDriver

09 nt!IopInitializeBootDrivers

0a nt!IoInitSystem

0b nt!Phase1Initialization

0c nt!PspSystemThreadStartup

0d nt!KiThreadStartup

0: kd> dv

Relations = BusRelations (0n0)

DeviceObject = 0x899869f0 Device for "\Driver\PnpManager"

Synchronous = 0x01 ''

DeviceRelations = 0x89986978

irpSp = struct _IO_STACK_LOCATION

0: kd> g

Breakpoint 22 hit

eax=f789a2bc ebx=89986898 ecx=00000000 edx=899869f0 esi=89986898 edi=00000000

eip=80c95c56 esp=f789a2a4 ebp=f789a2e0 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

nt!IopSynchronousCall:

80c95c56 55 push ebp

0: kd> g

Breakpoint 24 hit

eax=0000001b ebx=00000000 ecx=89543958 edx=899bf5b0 esi=899bf5b0 edi=89543530

eip=f738c938 esp=f789a258 ebp=f789a270 iopl=0 nv up ei ng nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286

ftdisk!FtDiskPnp:

f738c938 55 push ebp

0: kd> kc

00 ftdisk!FtDiskPnp

01 nt!IofCallDriver

02 nt!IopSynchronousCall

03 nt!IopQueryDeviceRelations

04 nt!PipEnumerateDevice

05 nt!PipProcessDevNodeTree

06 nt!PiProcessReenumeration

07 nt!PipDeviceActionWorker

08 nt!PipRequestDeviceAction

09 nt!PipAddDevicesToBootDriverWorker

0a nt!PipApplyFunctionToServiceInstances

0b nt!PipAddDevicesToBootDriver

0c nt!IopInitializeBootDrivers

0d nt!IoInitSystem

0e nt!Phase1Initialization

0f nt!PspSystemThreadStartup

10 nt!KiThreadStartup

case IRP_MN_QUERY_DEVICE_RELATIONS:

if (irpSp->Parameters.QueryDeviceRelations.Type != BusRelations) {

IoSkipCurrentIrpStackLocation(Irp);

return IoCallDriver(targetObject, Irp);

}

FtpAcquire(rootExtension);

n = 0;

for (l = rootExtension->VolumeList.Flink;

l != &rootExtension->VolumeList; l = l->Flink) {

n++;

}

size = FIELD_OFFSET(DEVICE_RELATIONS, Objects) +

n*sizeof(PDEVICE_OBJECT);

deviceRelations = (PDEVICE_RELATIONS)

ExAllocatePool(PagedPool, size);

if (!deviceRelations) {

FtpRelease(rootExtension);

status = STATUS_INSUFFICIENT_RESOURCES;

Irp->IoStatus.Information = 0;

break;

}

deviceRelations->Count = n;

n = 0;

for (l = rootExtension->VolumeList.Flink;

l != &rootExtension->VolumeList; l = l->Flink) {

e = CONTAINING_RECORD(l, VOLUME_EXTENSION, ListEntry);

deviceRelations->Objects[n++] = e->DeviceObject;

ObReferenceObject(e->DeviceObject);

}

while (!IsListEmpty(&rootExtension->DeadVolumeList)) {

l = RemoveHeadList(&rootExtension->DeadVolumeList);

e = CONTAINING_RECORD(l, VOLUME_EXTENSION, ListEntry);

e->DeadToPnp = TRUE;

}

FtpRelease(rootExtension);

Irp->IoStatus.Status = STATUS_SUCCESS;

Irp->IoStatus.Information = (ULONG_PTR) deviceRelations;

IoSkipCurrentIrpStackLocation(Irp);

return IoCallDriver(targetObject, Irp);

0: kd> dt ROOT_EXTENSION 0x895435e8

ftdisk!ROOT_EXTENSION

+0x000 DeviceObject : 0x89543530 _DEVICE_OBJECT

+0x004 Root : 0x895435e8 ROOT_EXTENSION

+0x008 DeviceExtensionType : 0

+0x00c SpinLock : 0

+0x010 DriverObject : 0x89543958 _DRIVER_OBJECT

+0x014 TargetObject : 0x899869f0 _DEVICE_OBJECT

+0x018 Pdo : 0x899869f0 _DEVICE_OBJECT

+0x01c VolumeList : _LIST_ENTRY [ 0x89543604 - 0x89543604 ]

+0x024 DeadVolumeList : _LIST_ENTRY [ 0x8954360c - 0x8954360c ]

+0x02c NextVolumeNumber : 1

+0x030 DiskInfoSet : 0x8990f778 FT_LOGICAL_DISK_INFORMATION_SET

+0x034 WorkerThread : (null)

+0x038 WorkerQueue : _LIST_ENTRY [ 0x89543620 - 0x89543620 ]

+0x040 WorkerSemaphore : _KSEMAPHORE

+0x054 TerminateThread : 0n1

+0x058 ChangeNotifyIrpList : _LIST_ENTRY [ 0x89543640 - 0x89543640 ]

+0x060 Mutex : _KSEMAPHORE

+0x074 VolumeManagerInterfaceName : _UNICODE_STRING "\??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"

+0x07c PastBootReinitialize : 0 ''

+0x07d FtCodeLocked : 0 ''

+0x07e PastReinitialize : 0 ''

+0x080 DiskPerfRegistryPath : _UNICODE_STRING "\Registry\Machine\System\CurrentControlSet\Services\Ftdisk"

+0x088 PmWmiCounterLibContext : _PMWMICOUNTERLIB_CONTEXT

+0x09c ESPUniquePartitionGUID : _GUID {00000000-0000-0000-0000-000000000000}

+0x0ac NumberOfAttributeRevertEntries : 0

+0x0b0 GptAttributeRevertEntries : (null)

+0x0b4 PreExposureCount : 0

deviceRelations = (PDEVICE_RELATIONS)

ExAllocatePool(PagedPool, size);

if (!deviceRelations) {

FtpRelease(rootExtension);

status = STATUS_INSUFFICIENT_RESOURCES;

Irp->IoStatus.Information = 0;

break;

}

0: kd> p

eax=e13026d0 ebx=899bf5b0 ecx=00000002 edx=000003ff esi=895435e8 edi=00000000

eip=f738c9cc esp=f789a22c ebp=f789a254 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

ftdisk!FtDiskPnp+0x94:

f738c9cc 3bc7 cmp eax,edi

0: kd> dt DEVICE_RELATIONS e13026d0

nt!DEVICE_RELATIONS

+0x000 Count : 0

+0x004 Objects : [1] 0xe134c009 _DEVICE_OBJECT

Irp->IoStatus.Status = STATUS_SUCCESS;

Irp->IoStatus.Information = (ULONG_PTR) deviceRelations;

0: kd> dx -id 0,0,899a2278 -r1 -nv (*((ftdisk!_IRP *)0x899bf5b0))

(*((ftdisk!_IRP *)0x899bf5b0)) [Type: _IRP]

+0x000\] Type : 6 \[Type: short

+0x002\] Size : 0x190 \[Type: unsigned short

+0x004\] MdlAddress : 0x0 \[Type: _MDL \*

+0x008\] Flags : 0x0 \[Type: unsigned long

+0x00c\] AssociatedIrp \[Type: __unnamed

+0x010\] ThreadListEntry \[Type: _LIST_ENTRY

+0x018\] IoStatus \[Type: _IO_STATUS_BLOCK

+0x020\] RequestorMode : 0 \[Type: char

+0x021\] PendingReturned : 0x0 \[Type: unsigned char

+0x022\] StackCount : 2 \[Type: char

+0x023\] CurrentLocation : 2 \[Type: char

+0x024\] Cancel : 0x0 \[Type: unsigned char

+0x025\] CancelIrql : 0x0 \[Type: unsigned char

+0x026\] ApcEnvironment : 0 \[Type: char

+0x027\] AllocationFlags : 0x4 \[Type: unsigned char

+0x028\] UserIosb : 0xf789a294 \[Type: _IO_STATUS_BLOCK \*

+0x02c\] UserEvent : 0xf789a284 \[Type: _KEVENT \*

+0x030\] Overlay \[Type: __unnamed

+0x038\] CancelRoutine : 0x0 \[Type: void (\*)(_DEVICE_OBJECT \*,_IRP \*)

+0x03c\] UserBuffer : 0x0 \[Type: void \*

+0x040\] Tail \[Type: __unnamed

0: kd> dx -id 0,0,899a2278 -r1 (*((ftdisk!_IO_STATUS_BLOCK *)0x899bf5c8))

(*((ftdisk!_IO_STATUS_BLOCK *)0x899bf5c8)) [Type: _IO_STATUS_BLOCK]

+0x000\] Status : 0 \[Type: long

+0x000\] Pointer : 0x0 \[Type: void \*

+0x004\] Information : 0xe13026d0 \[Type: unsigned long

0: kd> p

eax=0000001b ebx=00000000 ecx=899873b0 edx=899bf5b0 esi=899bf5b0 edi=899869f0

eip=80a26758 esp=f789a210 ebp=f789a224 iopl=0 nv up ei ng nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286

nt!IofCallDriver+0x5e:

80a26758 ff548138 call dword ptr [ecx+eax*4+38h] ds:0023:89987454={nt!IopPnPDispatch (80cb0b36)}

0: kd> t

eax=0000001b ebx=00000000 ecx=899873b0 edx=899bf5b0 esi=899bf5b0 edi=899869f0

eip=80cb0b36 esp=f789a20c ebp=f789a224 iopl=0 nv up ei ng nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286

nt!IopPnPDispatch:

80cb0b36 55 push ebp

0: kd> kc

00 nt!IopPnPDispatch

01 nt!IofCallDriver

02 ftdisk!FtDiskPnp

03 nt!IofCallDriver

04 nt!IopSynchronousCall

05 nt!IopQueryDeviceRelations

06 nt!PipEnumerateDevice

07 nt!PipProcessDevNodeTree

08 nt!PiProcessReenumeration

09 nt!PipDeviceActionWorker

0a nt!PipRequestDeviceAction

0b nt!PipAddDevicesToBootDriverWorker

0c nt!PipApplyFunctionToServiceInstances

0d nt!PipAddDevicesToBootDriver

0e nt!IopInitializeBootDrivers

0f nt!IoInitSystem

10 nt!Phase1Initialization

11 nt!PspSystemThreadStartup

12 nt!KiThreadStartup

0: kd> dv

DeviceObject = 0x899869f0 Device for "\Driver\PnpManager"

Irp = 0x899bf5b0

information = 0x899869f0

length = 8

uiNumber = 0xf789a224

0: kd> dt IOPNP_DEVICE_EXTENSION 0x89986aa8

nt!IOPNP_DEVICE_EXTENSION

+0x000 CompatibleIdList : (null)

+0x004 CompatibleIdListSize : 0

if (Relations == BusRelations) {

deviceNode->CompletionStatus = status;

PipSetDevNodeState( deviceNode, DeviceNodeEnumerateCompletion, NULL );

status = STATUS_SUCCESS;

}

return status;

}

0: kd> p

Root\ftdisk\0000: DeviceNodeStarted => DeviceNodeEnumerateCompletion

eax=00000000 ebx=89986898 ecx=80ae0dfa edx=00000045 esi=89986898 edi=00000000

eip=80a2e406 esp=f789a2b4 ebp=f789a2e0 iopl=0 nv up ei ng nz na pe cy

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000287

nt!IopQueryDeviceRelations+0x4c:

80a2e406 33c0 xor eax,eax

case DeviceNodeStarted:

nextNode = ChildNode;

if (!ProcessOnlyIntermediateStates) {

if ((currentNode->Flags & DNF_REENUMERATE)) {

status = PipEnumerateDevice(currentNode, Synchronous); 返回到这里

if (NT_SUCCESS(status)) {

//

// Remember the bus we just enumerated.

//

enumeratedBus = currentNode;

nextNode = SameNode;

} else if (status == STATUS_PENDING) {

nextNode = SiblingNode;

}

}

}

break;

现在状态：DeviceNodeEnumerateCompletion下应该调用函数PipEnumerateCompleted

先一个节点类型是子节点。

case DeviceNodeEnumerateCompletion:

status = PipEnumerateCompleted(currentNode);

nextNode = ChildNode;

break;