ACPI!Store函数和hal!HalSetBusDataByOffset的关系----非常重要

ACPI!Store函数和hal!HalSetBusDataByOffset的关系----非常重要

0: kd> g

Breakpoint 10 hit

eax=f7424305 ebx=894ea000 ecx=899b0bd8 edx=524d454f esi=894ebcbc edi=00000001

eip=f7424305 esp=f789a090 ebp=f789a0a8 iopl=0 nv up ei ng nz na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286

ACPI!Store:

f7424305 55 push ebp

0: kd> dv

pctxt = 0x894ea000

pterm = 0x894ebcbc

pdata = 0x00000008

0: kd> dx -r1 ((ACPI!_term *)0x894ebcbc)

((ACPI!_term *)0x894ebcbc) : 0x894ebcbc [Type: _term *]

+0x000\] FrameHdr \[Type: _framehdr

+0x010\] pbOpTerm : 0x899b4101 : 0x70 \[Type: unsigned char \*

+0x014\] pbOpEnd : 0x0 \[Type: unsigned char \*

+0x018\] pbScopeEnd : 0x899b4122 : 0x0 \[Type: unsigned char \*

+0x01c\] pamlterm : 0xf7439550 \[Type: _amlterm \*

+0x020\] pnsObj : 0x0 \[Type: _NSObj \*

+0x024\] iArg : 2 \[Type: int

+0x028\] icArgs : 2 \[Type: int

+0x02c\] pdataArgs : 0x894ea1c8 \[Type: _ObjData \*

+0x030\] pdataResult : 0x894ea0fc \[Type: _ObjData \*

0: kd> dx -r1 ((ACPI!_ObjData *)0x894ea1c8)

((ACPI!_ObjData *)0x894ea1c8) : 0x894ea1c8 [Type: _ObjData *]

+0x000\] dwfData : 0x0 \[Type: unsigned short

+0x002\] dwDataType : 0x1 \[Type: unsigned short

+0x004\] dwRefCount : 0x0 \[Type: unsigned long

+0x004\] pdataBase : 0x0 \[Type: _ObjData \*

+0x008\] dwDataValue : 0x40e98102 \[Type: unsigned long

+0x008\] uipDataValue : 0x40e98102 \[Type: unsigned long

+0x008\] pnsAlias : 0x40e98102 \[Type: _NSObj \*

+0x008\] pdataAlias : 0x40e98102 \[Type: _ObjData \*

+0x008\] powner : 0x40e98102 \[Type: void \*

+0x00c\] dwDataLen : 0x0 \[Type: unsigned long

+0x010\] pbDataBuff : 0x0 \[Type: unsigned char \*

0: kd> dx -r1 ((ACPI!_ctxt *)0x894ea000)

((ACPI!_ctxt *)0x894ea000) : 0x894ea000 [Type: _ctxt *]

+0x000\] dwSig : 0x54585443 \[Type: unsigned long

+0x004\] pbCtxtEnd : 0x894ec000 : 0xc8 \[Type: unsigned char \*

+0x008\] listCtxt \[Type: _List

+0x010\] listQueue \[Type: _List

+0x018\] pplistCtxtQueue : 0x0 \[Type: _List \* \*

+0x01c\] plistResources : 0x894ea198 \[Type: _List \*

+0x020\] dwfCtxt : 0x10 \[Type: unsigned long

+0x024\] pnsObj : 0x899b4938 \[Type: _NSObj \*

+0x028\] pnsScope : 0x899b40ac \[Type: _NSObj \*

+0x02c\] powner : 0x894ea1ac \[Type: _objowner \*

+0x030\] pcall : 0x894ebd18 \[Type: _call \*

+0x034\] pnctxt : 0x0 \[Type: _nestedctxt \*

+0x038\] dwSyncLevel : 0xf \[Type: unsigned long

+0x03c\] pbOp : 0x899b4122 : 0x0 \[Type: unsigned char \*

+0x040\] Result \[Type: _ObjData

+0x054\] pfnAsyncCallBack : 0xf741eeb5 \[Type: void (__cdecl\*)(_NSObj \*,long,_ObjData \*,void \*)

+0x058\] pdataCallBack : 0x899ae2a4 \[Type: _ObjData \*

+0x05c\] pvContext : 0xf789a17c \[Type: void \*

+0x060\] Timer \[Type: _KTIMER

+0x088\] Dpc \[Type: _KDPC

+0x0a8\] pheapCurrent : 0x894ea0bc \[Type: _heap \*

+0x0ac\] CtxtData \[Type: _ctxtdata

+0x0bc\] LocalHeap \[Type: _heap

0: kd> dx -r1 ((ACPI!_NSObj *)0x899b40ac)

((ACPI!_NSObj *)0x899b40ac) : 0x899b40ac [Type: _NSObj *]

+0x000\] list \[Type: _List

+0x008\] pnsParent : 0x899af0f0 \[Type: _NSObj \*

+0x00c\] pnsFirstChild : 0x0 \[Type: _NSObj \*

+0x010\] dwNameSeg : 0x434f5649 \[Type: unsigned long

+0x014\] hOwner : 0x899af330 \[Type: void \*

+0x018\] pnsOwnedNext : 0x899b4068 \[Type: _NSObj \*

+0x01c\] ObjData \[Type: _ObjData

+0x030\] Context : 0x0 \[Type: void \*

+0x034\] dwRefCount : 0x0 \[Type: unsigned long

0: kd> db 0x899b40ac

899b40ac ac ff 9a 89 30 41 9b 89-f0 f0 9a 89 00 00 00 00 ....0A..........

899b40bc 49 56 4f 43 30 f3 9a 89-68 40 9b 89 00 00 08 00 IVOC0...h@......

899b40cc 00 00 00 00 00 00 00 00-32 00 00 00 f0 40 9b 89 ........2....@..

899b40dc 00 00 00 00 00 00 00 00-48 4d 45 54 40 00 00 00 ........HMET@...

899b40ec 00 f0 9a 89 00 00 00 00-00 00 00 00 00 00 00 00 ................

899b40fc 00 00 00 00 02 70 7d 7d-79 0b e9 40 0a 10 00 79 .....p}}y..@...y

899b410c 68 0a 08 00 00 69 00 5c-2f 03 5f 53 42 5f 50 43 h....i.\/._SB_PC

899b411c 49 30 4f 45 4d 52 00 00-48 4e 53 4f 44 00 00 00 I0OEMR..HNSOD...

0: kd> db 0x899af0f0

899af0f0 ac f0 9a 89 34 f1 9a 89-24 f0 9a 89 74 f4 9a 89 ....4...$...t...

899af100 5f 53 42 5f 00 00 00 00-00 00 00 00 00 00 00 00 SB............

899af110 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

899af120 18 1a 98 89 00 00 00 00-48 4e 53 4f 44 00 00 00 ........HNSOD...

899af130 00 f0 9a 89 f0 f0 9a 89-78 f1 9a 89 24 f0 9a 89 ........x...$...

899af140 00 00 00 00 5f 53 49 5f-00 00 00 00 00 00 00 00 ....SI........

899af150 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................

899af160 00 00 00 00 00 00 00 00-00 00 00 00 48 4e 53 4f ............HNSO

0: kd> dx -r1 ((ACPI!_term *)0x894ebcbc)

((ACPI!_term *)0x894ebcbc) : 0x894ebcbc [Type: _term *]

+0x000\] FrameHdr \[Type: _framehdr

+0x010\] pbOpTerm : 0x899b4101 : 0x70 \[Type: unsigned char \*

+0x014\] pbOpEnd : 0x0 \[Type: unsigned char \*

+0x018\] pbScopeEnd : 0x899b4122 : 0x0 \[Type: unsigned char \*

+0x01c\] pamlterm : 0xf7439550 \[Type: _amlterm \*

+0x020\] pnsObj : 0x0 \[Type: _NSObj \*

+0x024\] iArg : 2 \[Type: int

+0x028\] icArgs : 2 \[Type: int

+0x02c\] pdataArgs : 0x894ea1c8 \[Type: _ObjData \*

+0x030\] pdataResult : 0x894ea0fc \[Type: _ObjData \*

Scope (_SB)

{

Method (IVOC, 2, NotSerialized)
{
Store (Or (Or (ShiftLeft (0x40E9, 0x10), ShiftLeft (Arg0, 0x08
)), Arg1), \_SB.PCI0.OEMR )
}

OperationRegion (RE00, PCI_Config, 0xD8, 0x04)
Field (RE00, DWordAcc, NoLock, Preserve)
{
OEMR, 32
}

调用IVOC的方法举例：Method (VMPS

Method (VMPS, 1, NotSerialized)

{

Acquire (OEML, 0xFFFF)

IVOC (0x81, Arg0)

Store (\_SB.PCI0.OEMR, Local0)

Release (OEML)

Return (Local0)

}

Device (BAT1)

{

Name (_HID, EisaId ("PNP0C0A")) // _HID: Hardware ID

Name (_UID, 0x01) // _UID: Unique ID

Name (_PCL, Package (0x01) // _PCL: Power Consumer List

{

\_SB

})

Method (_STA, 0, NotSerialized) // _STA: Status

{

Return (VMPS (0x01))

}

Device (BAT2)

{

Name (_HID, EisaId ("PNP0C0A")) // _HID: Hardware ID

Name (_UID, 0x02) // _UID: Unique ID

Name (_PCL, Package (0x01) // _PCL: Power Consumer List

{

\_SB

})

Method (_STA, 0, NotSerialized) // _STA: Status

{

Return (VMPS (0x02))

}

0: kd> g

OpRegion Access on region 899b0b50 device 899affac

DeviceHandle 0

Return from OR handler - status 103

Breakpoint 9 hit

eax=00000000 ebx=89924050 ecx=00000004 edx=00000028 esi=00000000 edi=00000000

eip=804f2676 esp=f791abdc ebp=f791ac48 iopl=0 nv up ei pl zr na pe nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246

hal!HalSetBusDataByOffset:

804f2676 55 push ebp

1: kd> dv

BusDataType = PCIConfiguration (0n4)

BusNumber = 0

SlotNumber = 0

Buffer = 0x894ebc28

Offset = 0xd8

Length = 4

bus = struct _BUS_HANDLER
1: kd> db 0x894ebc28
894ebc28 02 81 e9 40 ff ff ff ff-00 00 00 00 00 00 00 00 ...@............

第三部分：猜想，得到\_SB.PCI0.OEMR的值为0，说明没有这个设备？

1: kd> g

Breakpoint 1 hit

eax=f791ab6c ebx=8993ee10 ecx=00000000 edx=899b0b50 esi=804fb6c4 edi=f791abd8

eip=804f18ec esp=f791ab48 ebp=f791abd8 iopl=0 nv up ei ng nz ac po cy

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000293

hal!HalpGetPCIData:

804f18ec 55 push ebp

1: kd> gu

eax=00000004 ebx=8993ee10 ecx=00000000 edx=00000cf8 esi=804fb6c4 edi=f791abd8

eip=804f2640 esp=f791ab64 ebp=f791abd8 iopl=0 nv up ei pl nz na po nc

cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202

hal!HalGetBusDataByOffset+0x52:

804f2640 5f pop edi

1: kd> dv

BusDataType = PCIConfiguration (0n4)

BusNumber = 0

SlotNumber = 0

Buffer = 0x894ebd84

Offset = 0xd8

Length = 4

bus = struct _BUS_HANDLER

1: kd> db 0x894ebd84

894ebd84 00 00 00 00 00 00 00 00-00 00 00 00 20 00 00 00 ............ ...

说明没有这个设备？