从mouhid!MouHid_ReadComplete到mouclass!MouseClassServiceCallback

从mouhid!MouHid_ReadComplete到mouclass!MouseClassServiceCallback

0: kd> kc
#
00 nt!KeInitializeApc
01 nt!IopfCompleteRequest
02 mouclass!MouseClassServiceCallback
03 mouhid!MouHid_ReadComplete
04 nt!IopfCompleteRequest
05 HIDCLASS!HidpDistributeInterruptReport
06 HIDCLASS!HidpInterruptReadComplete
07 nt!IopfCompleteRequest
08 USBPORT!USBPORT_CompleteTransfer
09 USBPORT!USBPORT_DoneTransfer
0a USBPORT!USBPORT_FlushDoneTransferList
0b USBPORT!USBPORT_DpcWorker
0c USBPORT!USBPORT_IsrDpcWorker
0d USBPORT!USBPORT_IsrDpc
0e nt!KiRetireDpcList
0f nt!KiDispatchInterrupt
WARNING: Frame IP not in any known module. Following frames may be wrong.
10 0x0
、

NTSTATUS
MouHid_ReadComplete (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PDEVICE_EXTENSION Data // (PVOID Context)
)
{

if (Data->EnableCount)
{
//
// Synchronization issue - it's not a big deal if .Enabled is set
// FALSE after the condition above, but before the callback below,
// so long as the .MouClassCallback field is not nulled. This is
// guaranteed since the disconnect IOCTL is not implemented yet.
//
// Mouse class callback assumes we are running at DISPATCH level,
// however this IoCompletion routine can be running <= DISPATCH.
// Raise the IRQL before calling the callback. [13.1]
//
KeRaiseIrql(DISPATCH_LEVEL, &oldIrql);

//
// Call the callback.
//
(*(PSERVICE_CALLBACK_ROUTINE)
Data->ConnectData.ClassService) (
Data->ConnectData.ClassDeviceObject,
&Data->InputData,
&Data->InputData + 1, // (one data element)
&inputDataConsumed);

1: kd> dx -id 0,0,89831250 -r1 -nv (*((basesrv!_DEVICE_OBJECT *)0x897f9020))
(*((basesrv!_DEVICE_OBJECT *)0x897f9020)) : Device for "\Driver\mouhid" [Type: _DEVICE_OBJECT]
[+0x000] Type : 3 [Type: short]
[+0x002] Size : 0x1f0 [Type: unsigned short]
[+0x004] ReferenceCount : 0 [Type: long]
[+0x008] DriverObject : 0x894e7418 : Driver "\Driver\mouhid" [Type: _DRIVER_OBJECT *]
[+0x00c] NextDevice : 0x897fa020 : Device for "\Driver\mouhid" [Type: _DEVICE_OBJECT *]
[+0x010] AttachedDevice : 0x897a0c78 : Device for "\Driver\Mouclass" [Type: _DEVICE_OBJECT *]
[+0x014] CurrentIrp : 0x0 [Type: _IRP *]
[+0x018] Timer : 0x0 [Type: _IO_TIMER *]
[+0x01c] Flags : 0x2000 [Type: unsigned long]
[+0x020] Characteristics : 0x0 [Type: unsigned long]
[+0x024] Vpb : 0x0 [Type: _VPB *]
[+0x028] DeviceExtension : 0x897f90d8 [Type: void *]
[+0x02c] DeviceType : 0xf [Type: unsigned long]
[+0x030] StackSize : 9 '\t' [Type: char]
[+0x034] Queue [Type: __unnamed]
[+0x05c] AlignmentRequirement : 0x0 [Type: unsigned long]
[+0x060] DeviceQueue [Type: _KDEVICE_QUEUE]
[+0x074] Dpc [Type: _KDPC]
[+0x094] ActiveThreadCount : 0x0 [Type: unsigned long]
[+0x098] SecurityDescriptor : 0x0 [Type: void *]
[+0x09c] DeviceLock [Type: _KEVENT]
[+0x0ac] SectorSize : 0x0 [Type: unsigned short]
[+0x0ae] Spare1 : 0x1 [Type: unsigned short]
[+0x0b0] DeviceObjectExtension : 0x897f9210 [Type: _DEVOBJ_EXTENSION *]
[+0x0b4] Reserved : 0x0 [Type: void *]

1: kd> dt mouhid!_DEVICE_EXTENSION 0x897f90d8
+0x000 Self : 0x897f9020 _DEVICE_OBJECT
+0x004 TopOfStack : 0x89764948 _DEVICE_OBJECT
+0x008 PDO : 0x89764948 _DEVICE_OBJECT
+0x00c EnableCount : 0n1
+0x010 ReadInterlock : 2
+0x014 Started : 0x1 ''
+0x015 ShuttingDown : 0 ''
+0x016 Initialized : 0x1 ''
+0x018 UnitId : 2
+0x01a FlipFlop : 0 ''
+0x01b Reserved : [3] ""
+0x020 WheelScalingFactor : 0x78
+0x024 ReadIrp : 0x89800cd8 _IRP
+0x028 ProblemFlags : 0
+0x02c ReadFile : 0x895f1788 _FILE_OBJECT
+0x030 ReadCompleteEvent : _KEVENT
+0x040 ReadSentEvent : _KEVENT
+0x050 HidExtension : 0x89537b80 _HID_EXTENSION
+0x054 ConnectData : _CONNECT_DATA
+0x060 RemoveLock : _IO_REMOVE_LOCK
+0x0b8 CreateCloseMutex : _FAST_MUTEX
+0x0d8 StartEvent : _KEVENT
+0x0e8 InputData : _MOUSE_INPUT_DATA
+0x100 Attributes : _MOUSE_ATTRIBUTES
+0x10c AttributesAllignmentProblem : 0
+0x110 Link : _LIST_ENTRY [ 0x0 - 0x0 ]
+0x118 WmiLibInfo : _WMILIB_CONTEXT

1: kd> dx -id 0,0,89831250 -r1 (*((mouhid!_CONNECT_DATA *)0x897f912c))
(*((mouhid!_CONNECT_DATA *)0x897f912c)) [Type: _CONNECT_DATA]
[+0x000] ClassDeviceObject : 0x897a0c78 : Device for "\Driver\Mouclass" [Type: _DEVICE_OBJECT *]
[+0x004] ClassService : 0xf751a596 [Type: void *]
1: kd> u 0xf751a596
mouclass!MouseClassServiceCallback [d:\srv03rtm\drivers\input\mouclass\mouclass.c @ 2416]:
f751a596 55 push ebp
f751a597 8bec mov ebp,esp
f751a599 83ec0c sub esp,0Ch
f751a59c 53 push ebx
f751a59d 56 push esi
f751a59e 57 push edi
f751a59f 6820a051f7 push offset mouclass!MouseClassHandleRead+0x104 (f751a020)
f751a5a4 6a02 push 2

NTSTATUS
MouseAddDeviceEx(
IN PDEVICE_EXTENSION ClassData,
IN PWCHAR FullClassName,
IN PFILE_OBJECT File
)
{

} else if ((Globals.GrandMaster != ClassData) &&
(ClassData == trueClassData)) {

//
// Connect to port device.
//
status = MouSendConnectRequest(ClassData, MouseClassServiceCallback);
ASSERT (STATUS_SUCCESS == status);
}

NTSTATUS
MouSendConnectRequest(
IN PDEVICE_EXTENSION ClassData,
IN PVOID ServiceCallback
)
{
PIRP irp;
IO_STATUS_BLOCK ioStatus;
NTSTATUS status;
KEVENT event;
CONNECT_DATA connectData;

PAGED_CODE ();

MouPrint((2,"MOUCLASS-MouSendConnectRequest: enter\n"));

//
// Create notification event object to be used to signal the
// request completion.
//

KeInitializeEvent(&event, NotificationEvent, FALSE);

//
// Build the synchronous request to be sent to the port driver
// to perform the request. Allocate an IRP to issue the port internal
// device control connect call. The connect parameters are passed in
// the input buffer.
//
//

connectData.ClassDeviceObject = ClassData->TrueClassDevice;
connectData.ClassService = ServiceCallback;//这里进行了赋值为MouseClassServiceCallback

irp = IoBuildDeviceIoControlRequest(
IOCTL_INTERNAL_MOUSE_CONNECT,
ClassData->TopPort,
&connectData,
sizeof(CONNECT_DATA),
NULL,
0,
TRUE,
&event,
&ioStatus
);

if (irp) {

//
// Call the port driver to perform the operation. If the returned status
// is PENDING, wait for the request to complete.
//

status = IoCallDriver(ClassData->TopPort, irp);

if (status == STATUS_PENDING) {

(VOID) KeWaitForSingleObject(
&event,
Executive,
KernelMode,
FALSE,
NULL
);

status = irp->IoStatus.Status;

} else {

//
// Ensure that the proper status value gets picked up.
//

ioStatus.Status = status;

}

} else {

ioStatus.Status = STATUS_INSUFFICIENT_RESOURCES;

}

MouPrint((2,"MOUCLASS-MouSendConnectRequest: exit\n"));

return(ioStatus.Status);

} // end MouSendConnectRequest()