nt!IopInitializeDeviceInstanceKey函数分析之add it to the device list

sitelist2026-01-02 8:46

nt!IopInitializeDeviceInstanceKey函数分析之add it to the device list

1: kd> kc

00 nt!IopInitializeDeviceInstanceKey

01 nt!PipApplyFunctionToSubKeys

02 nt!IopInitializeDeviceKey

03 nt!PipApplyFunctionToSubKeys

04 nt!IopGetRootDevices

05 nt!IopPnPDispatch

06 nt!IofCallDriver

07 nt!IopSynchronousCall

08 nt!IopQueryDeviceRelations

09 nt!PipEnumerateDevice

0a nt!PipProcessDevNodeTree

0b nt!PiProcessReenumeration

0c nt!PipDeviceActionWorker

0d nt!PipRequestDeviceAction

0e nt!IopInitializePlugPlayServices

0f nt!IoInitSystem

10 nt!Phase1Initialization

11 nt!PspSystemThreadStartup

12 nt!KiThreadStartup

BOOLEAN

IopInitializeDeviceInstanceKey(

IN HANDLE KeyHandle,

IN PUNICODE_STRING KeyName,

IN OUT PVOID Context

)

{

PROOT_ENUMERATOR_CONTEXT enumContext = (PROOT_ENUMERATOR_CONTEXT)Context;

//

// If we enumerated a root device, add it to the device list

//

if (NT_SUCCESS(status)) {

ASSERT(deviceObject != NULL);

enumContext->DeviceList[enumContext->DeviceCount] = deviceObject;

enumContext->DeviceCount++;

return TRUE;

} else {

enumContext->Status = status;

return FALSE;

}

}

1: kd> dv context

Context = 0xf789a23c

1: kd> dt ROOT_ENUMERATOR_CONTEXT 0xf789a23c

nt!ROOT_ENUMERATOR_CONTEXT

+0x000 Status : 0n0

+0x004 KeyName : 0xf789a258 _UNICODE_STRING "Root\COMPOSITE_BATTERY"

+0x008 MaxDeviceCount : 0x100

+0x00c DeviceCount : 1

+0x010 DeviceList : 0xe1297918 -> 0x899c59a8 _DEVICE_OBJECT

1: kd> dd 0xe1297918

e1297918 899c59a8 00000000 00000000 00000000

e1297928 00000000 00000000 00000000 00000000

e1297938 00000000 00000000 00000000 00000000

e1297948 00000000 00000000 00000000 00000000

e1297958 00000000 00000000 00000000 00000000

e1297968 00000000 00000000 00000000 00000000

e1297978 00000000 00000000 00000000 00000000

e1297988 00000000 00000000 00000000 00000000

1: kd> !devobj 899c59a8

Device object (899c59a8) is for:

00000001 \Driver\PnpManager DriverObject 899873b0

Current Irp 00000000 RefCount 0 Type 00000004 Flags 00001040

SecurityDescriptor e1297680 DevExt 899c5a60 DevObjExt 899c5a68 DevNode 899c5850

ExtensionFlags (0x00000010) DOE_START_PENDING

Characteristics (0x00000080) FILE_AUTOGENERATED_DEVICE_NAME

Device queue is not busy.

1: kd> !devnode 899c5850

DevNode 0x899c5850 for PDO 0x899c59a8

Parent 0x899c5bc8 Sibling 0x89986d38 Child 0000000000

InstancePath is "Root\ACPI_HAL\0000"

State = DeviceNodeInitialized (0x302)

Previous State = DeviceNodeUninitialized (0x301)

StateHistory[00] = DeviceNodeUninitialized (0x301)

StateHistory[19] = Unknown State (0x0)

StateHistory[18] = Unknown State (0x0)

StateHistory[17] = Unknown State (0x0)

StateHistory[16] = Unknown State (0x0)

StateHistory[15] = Unknown State (0x0)

StateHistory[14] = Unknown State (0x0)

StateHistory[13] = Unknown State (0x0)

StateHistory[12] = Unknown State (0x0)

StateHistory[11] = Unknown State (0x0)

StateHistory[10] = Unknown State (0x0)

StateHistory[09] = Unknown State (0x0)

StateHistory[08] = Unknown State (0x0)

StateHistory[07] = Unknown State (0x0)

StateHistory[06] = Unknown State (0x0)

StateHistory[05] = Unknown State (0x0)

StateHistory[04] = Unknown State (0x0)

StateHistory[03] = Unknown State (0x0)

StateHistory[02] = Unknown State (0x0)

StateHistory[01] = Unknown State (0x0)

Flags (0x00000011) DNF_MADEUP, DNF_ENUMERATED

1: kd> dt ROOT_ENUMERATOR_CONTEXT 0xf789a23c

nt!ROOT_ENUMERATOR_CONTEXT

+0x000 Status : 0n0

+0x004 KeyName : 0xf789a258 _UNICODE_STRING "Root\COMPOSITE_BATTERY"

+0x008 MaxDeviceCount : 0x100

+0x00c DeviceCount : 2

+0x010 DeviceList : 0xe1297918 -> 0x899c59a8 _DEVICE_OBJECT

1: kd> dd 0xe1297918

e1297918 899c59a8 89986e90 00000000 00000000

e1297928 00000000 00000000 00000000 00000000

e1297938 00000000 00000000 00000000 00000000

e1297948 00000000 00000000 00000000 00000000

e1297958 00000000 00000000 00000000 00000000

e1297968 00000000 00000000 00000000 00000000

e1297978 00000000 00000000 00000000 00000000

e1297988 00000000 00000000 00000000 00000000

1: kd> !devobj 89986e90

Device object (89986e90) is for:

00000002 \Driver\PnpManager DriverObject 899873b0

Current Irp 00000000 RefCount 0 Type 00000004 Flags 00001040

SecurityDescriptor e1297680 DevExt 89986f48 DevObjExt 89986f50 DevNode 89986d38

ExtensionFlags (0x00000010) DOE_START_PENDING

Characteristics (0x00000080) FILE_AUTOGENERATED_DEVICE_NAME

Device queue is not busy.

1: kd> !devnode 89986d38

DevNode 0x89986d38 for PDO 0x89986e90

Parent 0x899c5bc8 Sibling 0000000000 Child 0000000000

InstancePath is "Root\COMPOSITE_BATTERY\0000"

ServiceName is "Compbatt"

State = DeviceNodeInitialized (0x302)

Previous State = DeviceNodeUninitialized (0x301)

StateHistory[00] = DeviceNodeUninitialized (0x301)

StateHistory[19] = Unknown State (0x0)

StateHistory[18] = Unknown State (0x0)

StateHistory[17] = Unknown State (0x0)

StateHistory[16] = Unknown State (0x0)

StateHistory[15] = Unknown State (0x0)

StateHistory[14] = Unknown State (0x0)

StateHistory[13] = Unknown State (0x0)

StateHistory[12] = Unknown State (0x0)

StateHistory[11] = Unknown State (0x0)

StateHistory[10] = Unknown State (0x0)

StateHistory[09] = Unknown State (0x0)

StateHistory[08] = Unknown State (0x0)

StateHistory[07] = Unknown State (0x0)

StateHistory[06] = Unknown State (0x0)

StateHistory[05] = Unknown State (0x0)

StateHistory[04] = Unknown State (0x0)

StateHistory[03] = Unknown State (0x0)

StateHistory[02] = Unknown State (0x0)

StateHistory[01] = Unknown State (0x0)

Flags (0x00000011) DNF_MADEUP, DNF_ENUMERATED

1: kd> dt _device_node 89986d38

nt!_DEVICE_NODE

+0x000 Sibling : (null)

+0x004 Child : (null)

+0x008 Parent : 0x899c5bc8 _DEVICE_NODE

+0x00c LastChild : (null)

+0x010 Level : 1

+0x014 Notify : (null)

+0x018 State : 302 ( DeviceNodeInitialized )

+0x01c PreviousState : 301 ( DeviceNodeUninitialized )

+0x020 StateHistory : [20] 301 ( DeviceNodeUninitialized )

+0x070 StateHistoryEntry : 1

+0x074 CompletionStatus : 0n0

+0x078 PendingIrp : (null)

+0x07c Flags : 0x11

+0x080 UserFlags : 0

+0x084 Problem : 0

+0x088 PhysicalDeviceObject : 0x89986e90 _DEVICE_OBJECT
+0x08c ResourceList : (null)

+0x090 ResourceListTranslated : (null)

+0x094 InstancePath : _UNICODE_STRING "Root\COMPOSITE_BATTERY\0000"

+0x09c ServiceName : _UNICODE_STRING "Compbatt"

+0x0a4 DuplicatePDO : (null)

+0x0a8 ResourceRequirements : (null)

+0x0ac InterfaceType : 0xffffffff (No matching name)

+0x0b0 BusNumber : 0xffffffff

+0x0b4 ChildInterfaceType : 0xffffffff (No matching name)

+0x0b8 ChildBusNumber : 0xffffffff

+0x0bc ChildBusTypeIndex : 0xffff

+0x0be RemovalPolicy : 0 ''

+0x0bf HardwareRemovalPolicy : 0 ''

+0x0c0 TargetDeviceNotify : _LIST_ENTRY [ 0x89986df8 - 0x89986df8 ]

+0x0c8 DeviceArbiterList : _LIST_ENTRY [ 0x89986e00 - 0x89986e00 ]

+0x0d0 DeviceTranslatorList : _LIST_ENTRY [ 0x89986e08 - 0x89986e08 ]

+0x0d8 NoTranslatorMask : 0

+0x0da QueryTranslatorMask : 0

+0x0dc NoArbiterMask : 0

+0x0de QueryArbiterMask : 0

+0x0e0 OverUsed1 : __unnamed

+0x0e4 OverUsed2 : __unnamed

+0x0e8 BootResources : (null)

+0x0ec CapabilityFlags : 0

+0x0f0 DockInfo : __unnamed

+0x100 DisableableDepends : 0

+0x104 PendedSetInterfaceState : _LIST_ENTRY [ 0x89986e3c - 0x89986e3c ]

+0x10c LegacyBusListEntry : _LIST_ENTRY [ 0x89986e44 - 0x89986e44 ]

热门推荐
01GitHub 镜像站点02Linux下V2Ray安装配置指南03jdk21下载、安装(Windows、Linux、macOS)04Claude Code Skills 实用使用手册05手把手教你通过Gemini3 pro 学生认证,白用一年,手慢无!06UV安装并设置国内源072025 最新教程:注册并切换到美区 Apple ID08从快手“12·22”直播攻击事件看:一次教科书式的业务层饱和攻击09【踩坑笔记】50系显卡适配的 PyTorch 安装10祝大家 2026 年新年快乐,代码无 bug,需求一次过