当前位置：首页 > news >正文

nt!PipProcessStartPhase3函数分析之nt!PipSetDevNodeState

news 2026/5/13 0:51:15

0: kd> p
eax=00000000 ebx=00000000 ecx=80b1f6f8 edx=00000000 esi=89986898 edi=80b1f6f8
eip=80a2ece0 esp=f789a294 ebp=f789a2a0 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!PipSetDevNodeState+0x6c:
80a2ece0 8b5e18 mov ebx,dword ptr [esi+18h] ds:0023:899868b0=00000307
0: kd> dt _device_node 89986898
nt!_DEVICE_NODE
+0x000 Sibling : 0x89986648 _DEVICE_NODE
+0x004 Child : (null)
+0x008 Parent : 0x899c5bc8 _DEVICE_NODE
+0x00c LastChild : (null)
+0x010 Level : 1
+0x014 Notify : (null)
+0x018 State : 307 ( DeviceNodeStartPostWork )
+0x01c PreviousState : 302 ( DeviceNodeInitialized )
+0x020 StateHistory : [20] 301 ( DeviceNodeUninitialized )
+0x070 StateHistoryEntry : 2
+0x074 CompletionStatus : 0n0
+0x078 PendingIrp : (null)
+0x07c Flags : 0x139
+0x080 UserFlags : 0xa
+0x084 Problem : 0
+0x088 PhysicalDeviceObject : 0x899869f0 _DEVICE_OBJECT
+0x08c ResourceList : (null)
+0x090 ResourceListTranslated : (null)
+0x094 InstancePath : _UNICODE_STRING "Root\ftdisk\0000"
+0x09c ServiceName : _UNICODE_STRING "ftdisk"
+0x0a4 DuplicatePDO : (null)
+0x0a8 ResourceRequirements : (null)
+0x0ac InterfaceType : 0xffffffff (No matching name)
+0x0b0 BusNumber : 0xffffffff
+0x0b4 ChildInterfaceType : 0xffffffff (No matching name)
+0x0b8 ChildBusNumber : 0xffffffff
+0x0bc ChildBusTypeIndex : 0xffff
+0x0be RemovalPolicy : 0 ''
+0x0bf HardwareRemovalPolicy : 0 ''
+0x0c0 TargetDeviceNotify : _LIST_ENTRY [ 0x89986958 - 0x89986958 ]
+0x0c8 DeviceArbiterList : _LIST_ENTRY [ 0x89986960 - 0x89986960 ]
+0x0d0 DeviceTranslatorList : _LIST_ENTRY [ 0x89986968 - 0x89986968 ]
+0x0d8 NoTranslatorMask : 0
+0x0da QueryTranslatorMask : 0
+0x0dc NoArbiterMask : 0
+0x0de QueryArbiterMask : 0
+0x0e0 OverUsed1 : __unnamed
+0x0e4 OverUsed2 : __unnamed
+0x0e8 BootResources : (null)
+0x0ec CapabilityFlags : 0x180
+0x0f0 DockInfo : __unnamed
+0x100 DisableableDepends : 1
+0x104 PendedSetInterfaceState : _LIST_ENTRY [ 0x8998699c - 0x8998699c ]
+0x10c LegacyBusListEntry : _LIST_ENTRY [ 0x899869a4 - 0x899869a4 ]
0: kd> dv
DeviceNode = 0x89986898
State = DeviceNodeStarted (0n776)
OldState = 0x00000000
oldIrql = 0x89 ''
0: kd> dx -id 0,0,899a2278 -r1 (*((ntkrnlmp!_PNP_DEVNODE_STATE (*)[20])0x899868b8))
(*((ntkrnlmp!_PNP_DEVNODE_STATE (*)[20])0x899868b8)) [Type: _PNP_DEVNODE_STATE [20]]
[0] : DeviceNodeUninitialized (769) [Type: _PNP_DEVNODE_STATE]
[1] : DeviceNodeInitialized (770) [Type: _PNP_DEVNODE_STATE]
[2] : 0 [Type: _PNP_DEVNODE_STATE]
[3] : 0 [Type: _PNP_DEVNODE_STATE]
[4] : 0 [Type: _PNP_DEVNODE_STATE]
[5] : 0 [Type: _PNP_DEVNODE_STATE]
[6] : 0 [Type: _PNP_DEVNODE_STATE]
[7] : 0 [Type: _PNP_DEVNODE_STATE]
[8] : 0 [Type: _PNP_DEVNODE_STATE]
[9] : 0 [Type: _PNP_DEVNODE_STATE]
[10] : 0 [Type: _PNP_DEVNODE_STATE]
[11] : 0 [Type: _PNP_DEVNODE_STATE]
[12] : 0 [Type: _PNP_DEVNODE_STATE]
[13] : 0 [Type: _PNP_DEVNODE_STATE]
[14] : 0 [Type: _PNP_DEVNODE_STATE]
[15] : 0 [Type: _PNP_DEVNODE_STATE]
[16] : 0 [Type: _PNP_DEVNODE_STATE]
[17] : 0 [Type: _PNP_DEVNODE_STATE]
[18] : 0 [Type: _PNP_DEVNODE_STATE]
[19] : 0 [Type: _PNP_DEVNODE_STATE]

0: kd> kc
#
00 nt!PipSetDevNodeState
01 nt!PipProcessStartPhase3
02 nt!PipProcessDevNodeTree
03 nt!PiProcessReenumeration
04 nt!PipDeviceActionWorker
05 nt!PipRequestDeviceAction
06 nt!PipAddDevicesToBootDriverWorker
07 nt!PipApplyFunctionToServiceInstances
08 nt!PipAddDevicesToBootDriver
09 nt!IopInitializeBootDrivers
0a nt!IoInitSystem
0b nt!Phase1Initialization
0c nt!PspSystemThreadStartup
0d nt!KiThreadStartup
0: kd> dv
DeviceNode = 0x89986898
State = DeviceNodeStarted (0n776)
OldState = 0x00000000
oldIrql = 0x89 ''

if (DeviceNode->State != State) {

//
// Update the devnode's current and previous state.
//
DeviceNode->State = State;
DeviceNode->PreviousState = previousState;

//
// Push prior state onto the history stack.
//
DeviceNode->StateHistory[DeviceNode->StateHistoryEntry] = previousState;
DeviceNode->StateHistoryEntry++;
DeviceNode->StateHistoryEntry %= STATE_HISTORY_SIZE;
}

IopDbgPrint((IOP_INFO_LEVEL,
"%wZ: %s => %s\n",
&DeviceNode->InstancePath,
PP_DEVNODESTATE_NAME(previousState),
PP_DEVNODESTATE_NAME(State)));

0: kd> dt _device_node 89986898
nt!_DEVICE_NODE
+0x000 Sibling : 0x89986648 _DEVICE_NODE
+0x004 Child : (null)
+0x008 Parent : 0x899c5bc8 _DEVICE_NODE
+0x00c LastChild : (null)
+0x010 Level : 1
+0x014 Notify : (null)
+0x018 State : 308 ( DeviceNodeStarted )
+0x01c PreviousState : 307 ( DeviceNodeStartPostWork )
+0x020 StateHistory : [20] 301 ( DeviceNodeUninitialized )
+0x070 StateHistoryEntry : 3
+0x074 CompletionStatus : 0n0
+0x078 PendingIrp : (null)
+0x07c Flags : 0x139
+0x080 UserFlags : 0xa
+0x084 Problem : 0
+0x088 PhysicalDeviceObject : 0x899869f0 _DEVICE_OBJECT
+0x08c ResourceList : (null)
+0x090 ResourceListTranslated : (null)
+0x094 InstancePath : _UNICODE_STRING "Root\ftdisk\0000"
+0x09c ServiceName : _UNICODE_STRING "ftdisk"
+0x0a4 DuplicatePDO : (null)
+0x0a8 ResourceRequirements : (null)
+0x0ac InterfaceType : 0xffffffff (No matching name)
+0x0b0 BusNumber : 0xffffffff
+0x0b4 ChildInterfaceType : 0xffffffff (No matching name)
+0x0b8 ChildBusNumber : 0xffffffff
+0x0bc ChildBusTypeIndex : 0xffff
+0x0be RemovalPolicy : 0 ''
+0x0bf HardwareRemovalPolicy : 0 ''
+0x0c0 TargetDeviceNotify : _LIST_ENTRY [ 0x89986958 - 0x89986958 ]
+0x0c8 DeviceArbiterList : _LIST_ENTRY [ 0x89986960 - 0x89986960 ]
+0x0d0 DeviceTranslatorList : _LIST_ENTRY [ 0x89986968 - 0x89986968 ]
+0x0d8 NoTranslatorMask : 0
+0x0da QueryTranslatorMask : 0
+0x0dc NoArbiterMask : 0
+0x0de QueryArbiterMask : 0
+0x0e0 OverUsed1 : __unnamed
+0x0e4 OverUsed2 : __unnamed
+0x0e8 BootResources : (null)
+0x0ec CapabilityFlags : 0x180
+0x0f0 DockInfo : __unnamed
+0x100 DisableableDepends : 1
+0x104 PendedSetInterfaceState : _LIST_ENTRY [ 0x8998699c - 0x8998699c ]
+0x10c LegacyBusListEntry : _LIST_ENTRY [ 0x899869a4 - 0x899869a4 ]
0: kd> dx -id 0,0,899a2278 -r1 (*((ntkrnlmp!_PNP_DEVNODE_STATE (*)[20])0x899868b8))
(*((ntkrnlmp!_PNP_DEVNODE_STATE (*)[20])0x899868b8)) [Type: _PNP_DEVNODE_STATE [20]]
[0] : DeviceNodeUninitialized (769) [Type: _PNP_DEVNODE_STATE]
[1] : DeviceNodeInitialized (770) [Type: _PNP_DEVNODE_STATE]
[2] : DeviceNodeStartPostWork (775) [Type: _PNP_DEVNODE_STATE]
[3] : 0 [Type: _PNP_DEVNODE_STATE]
[4] : 0 [Type: _PNP_DEVNODE_STATE]