win32k!StartDeviceRead读取文件handle=0x220=Driver-i8042prt中的鼠标信息

win32k!StartDeviceRead读取文件handle=0x220=Driver-i8042prt中的鼠标信息

1: kd> g
Breakpoint 4 hit
eax=00000001 ebx=bfa02600 ecx=00000000 edx=00000000 esi=e1414eb8 edi=bfa01624
eip=bf8fc06b esp=bab9a8dc ebp=bab9a8f0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
win32k!StartDeviceRead:
bf8fc06b 55 push ebp
1: kd> dv
pDeviceInfo = 0xe1414eb8
ulLengthToRead = 0xe1414eb8
pBuffer = 0x00000008
fAlreadyHadDeviceInfoCrit = 0n-515813704
1: kd> dx -r1 ((win32k!tagDEVICEINFO *)0xe1414eb8)
((win32k!tagDEVICEINFO *)0xe1414eb8) : 0xe1414eb8 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0x0 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x2 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\??\ACPI#VMW0003#4&5289e18&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x220 [Type: void *]
[+0x020] NotificationEntry : 0xe1413380 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x897fb9e8 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x1b0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0xffcab909 [Type: unsigned long]
[+0x044] timeEndRead : 0xffcab90b [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
1: kd> g
MOUCLASS-MouseClassRead: enter
Breakpoint 0 hit
eax=898fb18c ebx=898fb0f0 ecx=898fb188 edx=00000000 esi=89899338 edi=89899338
eip=f74f9d26 esp=bab9a6f0 ebp=bab9a70c iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
mouclass!MouseClassReadCopyData:
f74f9d26 55 push ebp
1: kd> dv DeviceExtension
DeviceExtension = 0x898fb0f0
1: kd> dx -r1 ((mouclass!_DEVICE_EXTENSION *)0x898fb0f0)
((mouclass!_DEVICE_EXTENSION *)0x898fb0f0) : 0x898fb0f0 [Type: _DEVICE_EXTENSION *]
[+0x000] Self : 0x898fb038 : Device for "\Driver\Mouclass" [Type: _DEVICE_OBJECT *]
[+0x004] TrueClassDevice : 0x898fb038 : Device for "\Driver\Mouclass" [Type: _DEVICE_OBJECT *]
[+0x008] TopPort : 0x89471770 : Device for "\Driver\i8042prt" [Type: _DEVICE_OBJECT *]
[+0x00c] PDO : 0x895c5610 : Device for "\Driver\ACPI" [Type: _DEVICE_OBJECT *]
[+0x010] RemoveLock [Type: _IO_REMOVE_LOCK]
[+0x068] PnP : 0x1 [Type: unsigned char]
[+0x069] Started : 0x1 [Type: unsigned char]
[+0x06a] OkayToLogOverflow : 0x1 [Type: unsigned char]
[+0x06c] WaitWakeSpinLock : 0x0 [Type: unsigned long]
[+0x070] TrustedSubsystemCount : 0x1 [Type: unsigned long]
[+0x074] InputCount : 0x22 [Type: unsigned long]
[+0x078] SymbolicLinkName : "\??\ACPI#VMW0003#4&5289e18&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" [Type: _UNICODE_STRING]
[+0x080] InputData : 0x8979f6a0 [Type: _MOUSE_INPUT_DATA *]
[+0x084] DataIn : 0x8979fcb8 [Type: _MOUSE_INPUT_DATA *]
[+0x088] DataOut : 0x8979f988 [Type: _MOUSE_INPUT_DATA *]
[+0x08c] MouseAttributes [Type: _MOUSE_ATTRIBUTES]
[+0x098] SpinLock : 0x895aada1 [Type: unsigned long]
[+0x09c] ReadQueue [Type: _LIST_ENTRY]
[+0x0a4] SequenceNumber : 0x24 [Type: unsigned long]
[+0x0a8] DeviceState : PowerDeviceD0 (1) [Type: _DEVICE_POWER_STATE]
[+0x0ac] SystemState : PowerSystemWorking (1) [Type: _SYSTEM_POWER_STATE]
[+0x0b0] UnitId : 0x0 [Type: unsigned long]
[+0x0b4] WmiLibInfo [Type: _WMILIB_CONTEXT]
[+0x0d4] SystemToDeviceState [Type: _DEVICE_POWER_STATE [5]]
[+0x0e8] MinDeviceWakeState : PowerDeviceUnspecified (0) [Type: _DEVICE_POWER_STATE]
[+0x0ec] MinSystemWakeState : PowerSystemUnspecified (0) [Type: _SYSTEM_POWER_STATE]
[+0x0f0] WaitWakeIrp : 0x0 [Type: _IRP *]
[+0x0f4] ExtraWaitWakeIrp : 0x0 [Type: _IRP *]
[+0x0f8] TargetNotifyHandle : 0x0 [Type: void *]
[+0x0fc] Link [Type: _LIST_ENTRY]
[+0x104] File : 0x0 [Type: _FILE_OBJECT *]
[+0x108] Enabled : 0x0 [Type: unsigned char]
[+0x109] WaitWakeEnabled : 0x0 [Type: unsigned char]
[+0x10a] SurpriseRemoved : 0x0 [Type: unsigned char]
1: kd> !handle 0x220

PROCESS 898a7258 SessionId: 0 Cid: 01b0 Peb: 7ffdf000 ParentCid: 0180
DirBase: 7c21b000 ObjectTable: e142d3c8 HandleCount: 306.
Image: csrss.exe

Handle table at e142d3c8 with 306 entries in use

0220: Object: 895aaca0 GrantedAccess: 00100001 Entry: e15ca440
Object: 895aaca0 Type: (89987710) File
ObjectHeader: 895aac88 (old version)
HandleCount: 1 PointerCount: 2

1: kd> dt file_object 895aaca0
winsrv!FILE_OBJECT
+0x000 Type : 0n5
+0x002 Size : 0n112
+0x004 DeviceObject : 0x895c5610 _DEVICE_OBJECT
+0x008 Vpb : (null)
+0x00c FsContext : (null)
+0x010 FsContext2 : 0xf750180e Void
+0x014 SectionObjectPointer : (null)
+0x018 PrivateCacheMap : (null)
+0x01c FinalStatus : 0n0
+0x020 RelatedFileObject : (null)
+0x024 LockOperation : 0 ''
+0x025 DeletePending : 0 ''
+0x026 ReadAccess : 0 ''
+0x027 WriteAccess : 0 ''
+0x028 DeleteAccess : 0 ''
+0x029 SharedRead : 0 ''
+0x02a SharedWrite : 0 ''
+0x02b SharedDelete : 0 ''
+0x02c Flags : 0x40000
+0x030 FileName : _UNICODE_STRING ""
+0x038 CurrentByteOffset : _LARGE_INTEGER 0x0
+0x040 Waiters : 0
+0x044 Busy : 0
+0x048 LastLock : (null)
+0x04c Lock : _KEVENT
+0x05c Event : _KEVENT
+0x06c CompletionContext : (null)
1: kd> dx -id 0,0,898a7258 -r1 ((winsrv!_DEVICE_OBJECT *)0x895c5610)
((winsrv!_DEVICE_OBJECT *)0x895c5610) : 0x895c5610 : Device for "\Driver\ACPI" [Type: _DEVICE_OBJECT *]
[<Raw View>] [Type: _DEVICE_OBJECT]
Flags : 0x1040
UpperDevices : Immediately above is Device for "\Driver\i8042prt" [at 0x89471770]
LowerDevices
Driver : 0x89981f38 : Driver "\Driver\ACPI" [Type: _DRIVER_OBJECT *]
1: kd> dx -id 0,0,898a7258 -r1 -nv (*((winsrv!_DEVICE_OBJECT *)0x895c5610))
(*((winsrv!_DEVICE_OBJECT *)0x895c5610)) : Device for "\Driver\ACPI" [Type: _DEVICE_OBJECT]
[+0x000] Type : 3 [Type: short]
[+0x002] Size : 0xb8 [Type: unsigned short]
[+0x004] ReferenceCount : 1 [Type: long]
[+0x008] DriverObject : 0x89981f38 : Driver "\Driver\ACPI" [Type: _DRIVER_OBJECT *]
[+0x00c] NextDevice : 0x895c5730 : Device for "\Driver\ACPI" [Type: _DEVICE_OBJECT *]
[+0x010] AttachedDevice : 0x89471770 : Device for "\Driver\i8042prt" [Type: _DEVICE_OBJECT *]
[+0x014] CurrentIrp : 0x0 [Type: _IRP *]
[+0x018] Timer : 0x0 [Type: _IO_TIMER *]
[+0x01c] Flags : 0x1040 [Type: unsigned long]
[+0x020] Characteristics : 0x80 [Type: unsigned long]
[+0x024] Vpb : 0x0 [Type: _VPB *]
[+0x028] DeviceExtension : 0x89982ea0 [Type: void *]
[+0x02c] DeviceType : 0x32 [Type: unsigned long]
[+0x030] StackSize : 4 [Type: char]
[+0x034] Queue [Type: __unnamed]
[+0x05c] AlignmentRequirement : 0x0 [Type: unsigned long]
[+0x060] DeviceQueue [Type: _KDEVICE_QUEUE]
[+0x074] Dpc [Type: _KDPC]
[+0x094] ActiveThreadCount : 0x0 [Type: unsigned long]
[+0x098] SecurityDescriptor : 0xe12977c0 [Type: void *]
[+0x09c] DeviceLock [Type: _KEVENT]
[+0x0ac] SectorSize : 0x0 [Type: unsigned short]
[+0x0ae] Spare1 : 0x1 [Type: unsigned short]
[+0x0b0] DeviceObjectExtension : 0x895c56c8 [Type: _DEVOBJ_EXTENSION *]
[+0x0b4] Reserved : 0x0 [Type: void *]
1: kd> dx -id 0,0,898a7258 -r1 ((winsrv!_DEVICE_OBJECT *)0x89471770)
((winsrv!_DEVICE_OBJECT *)0x89471770) : 0x89471770 : Device for "\Driver\i8042prt" [Type: _DEVICE_OBJECT *]
[<Raw View>] [Type: _DEVICE_OBJECT]
Flags : 0x2004
UpperDevices : Immediately above is Device for "\Driver\Mouclass" [at 0x898fb038]
LowerDevices
Driver : 0x898546b0 : Driver "\Driver\i8042prt" [Type: _DRIVER_OBJECT *]
1: kd> dx -id 0,0,898a7258 -r1 -nv (*((winsrv!_DEVICE_OBJECT *)0x89471770))
(*((winsrv!_DEVICE_OBJECT *)0x89471770)) : Device for "\Driver\i8042prt" [Type: _DEVICE_OBJECT]
[+0x000] Type : 3 [Type: short]
[+0x002] Size : 0x398 [Type: unsigned short]
[+0x004] ReferenceCount : 0 [Type: long]
[+0x008] DriverObject : 0x898546b0 : Driver "\Driver\i8042prt" [Type: _DRIVER_OBJECT *]
[+0x00c] NextDevice : 0x89594020 : Device for "\Driver\i8042prt" [Type: _DEVICE_OBJECT *]
[+0x010] AttachedDevice : 0x898fb038 : Device for "\Driver\Mouclass" [Type: _DEVICE_OBJECT *]
[+0x014] CurrentIrp : 0x0 [Type: _IRP *]
[+0x018] Timer : 0x0 [Type: _IO_TIMER *]
[+0x01c] Flags : 0x2004 [Type: unsigned long]
[+0x020] Characteristics : 0x0 [Type: unsigned long]
[+0x024] Vpb : 0x0 [Type: _VPB *]
[+0x028] DeviceExtension : 0x89471828 [Type: void *]
[+0x02c] DeviceType : 0x27 [Type: unsigned long]
[+0x030] StackSize : 5 [Type: char]
[+0x034] Queue [Type: __unnamed]
[+0x05c] AlignmentRequirement : 0x0 [Type: unsigned long]
[+0x060] DeviceQueue [Type: _KDEVICE_QUEUE]
[+0x074] Dpc [Type: _KDPC]
[+0x094] ActiveThreadCount : 0x0 [Type: unsigned long]
[+0x098] SecurityDescriptor : 0x0 [Type: void *]
[+0x09c] DeviceLock [Type: _KEVENT]
[+0x0ac] SectorSize : 0x0 [Type: unsigned short]
[+0x0ae] Spare1 : 0x1 [Type: unsigned short]
[+0x0b0] DeviceObjectExtension : 0x89471b08 [Type: _DEVOBJ_EXTENSION *]
[+0x0b4] Reserved : 0x0 [Type: void *]
1: kd> dx -id 0,0,898a7258 -r1 ((winsrv!_DEVICE_OBJECT *)0x898fb038)
((winsrv!_DEVICE_OBJECT *)0x898fb038) : 0x898fb038 : Device for "\Driver\Mouclass" [Type: _DEVICE_OBJECT *]
[<Raw View>] [Type: _DEVICE_OBJECT]
Flags : 0x2044
UpperDevices : None
LowerDevices
Driver : 0x89589a68 : Driver "\Driver\Mouclass" [Type: _DRIVER_OBJECT *]
1: kd> dx -id 0,0,898a7258 -r1 -nv (*((winsrv!_DEVICE_OBJECT *)0x898fb038))
(*((winsrv!_DEVICE_OBJECT *)0x898fb038)) : Device for "\Driver\Mouclass" [Type: _DEVICE_OBJECT]
[+0x000] Type : 3 [Type: short]
[+0x002] Size : 0x1c8 [Type: unsigned short]
[+0x004] ReferenceCount : 0 [Type: long]
[+0x008] DriverObject : 0x89589a68 : Driver "\Driver\Mouclass" [Type: _DRIVER_OBJECT *]
[+0x00c] NextDevice : 0x0 [Type: _DEVICE_OBJECT *]
[+0x010] AttachedDevice : 0x0 [Type: _DEVICE_OBJECT *]
[+0x014] CurrentIrp : 0x0 [Type: _IRP *]
[+0x018] Timer : 0x0 [Type: _IO_TIMER *]
[+0x01c] Flags : 0x2044 [Type: unsigned long]
[+0x020] Characteristics : 0x0 [Type: unsigned long]
[+0x024] Vpb : 0x0 [Type: _VPB *]
[+0x028] DeviceExtension : 0x898fb0f0 [Type: void *] //[+0x028] DeviceExtension : 0x898fb0f0
[+0x02c] DeviceType : 0xf [Type: unsigned long]
[+0x030] StackSize : 6 [Type: char]
[+0x034] Queue [Type: __unnamed]
[+0x05c] AlignmentRequirement : 0x0 [Type: unsigned long]
[+0x060] DeviceQueue [Type: _KDEVICE_QUEUE]
[+0x074] Dpc [Type: _KDPC]
[+0x094] ActiveThreadCount : 0x0 [Type: unsigned long]
[+0x098] SecurityDescriptor : 0xe12977c0 [Type: void *]
[+0x09c] DeviceLock [Type: _KEVENT]
[+0x0ac] SectorSize : 0x0 [Type: unsigned short]
[+0x0ae] Spare1 : 0x0 [Type: unsigned short]
[+0x0b0] DeviceObjectExtension : 0x898fb200 [Type: _DEVOBJ_EXTENSION *]
[+0x0b4] Reserved : 0x0 [Type: void *]

1: kd> g
MOUCLASS-MouseClassCopyReadData: queue size 0x330, read length 0xf0
MOUCLASS-MouseClassCopyReadData: bytes to end of queue 0x678
MOUCLASS-MouseClassCopyReadData: number of bytes in first move 0xf0
MOUCLASS-MouseClassCopyReadData: move bytes from 0x8979f988 to 0x89526f08
MOUCLASS-MouseClassCopyReadData: new DataIn 0x8979fcb8, DataOut 0x8979fa78
MOUCLASS-MouseClassCopyReadData: new InputCount 24
Breakpoint 1 hit
eax=00000000 ebx=bfa02600 ecx=00000000 edx=1d530003 esi=e1414eb8 edi=bfa01624
eip=bf8e9149 esp=bab9a8dc ebp=bab9a8f0 iopl=0 nv up ei pl nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000206
win32k!ProcessMouseInput:
bf8e9149 55 push ebp
1: kd> dv
pMouseInfo = 0xe1414eb8
ptLastMove = {x=-1081175735 y=8}
1: kd> dx -r1 ((win32k!tagDEVICEINFO *)0xe1414eb8)
((win32k!tagDEVICEINFO *)0xe1414eb8) : 0xe1414eb8 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0x0 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x2 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\??\ACPI#VMW0003#4&5289e18&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x220 [Type: void *]
[+0x020] NotificationEntry : 0xe1413380 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x897fb9e8 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x1b0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0xffcabc91 [Type: unsigned long]
[+0x044] timeEndRead : 0xffcabd1d [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
1: kd> dx -r1 (*((win32k!_IO_STATUS_BLOCK *)0xe1414ee0))
(*((win32k!_IO_STATUS_BLOCK *)0xe1414ee0)) [Type: _IO_STATUS_BLOCK]
[+0x000] Status : 0 [Type: long]
[+0x000] Pointer : 0x0 [Type: void *]
[+0x004] Information : 0xf0 [Type: unsigned long]
1: kd> g
Breakpoint 2 hit
eax=00000000 ebx=ffcabd2d ecx=bc510013 edx=00000100 esi=e1414fe8 edi=00000000
eip=bf8e7542 esp=bab9a898 ebp=bab9a8d8 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
win32k!QueueMouseEvent:
bf8e7542 55 push ebp
1: kd> dv
ButtonFlags = 0
ButtonData = 0
ExtraInfo = 0
ptMouse = {x=552 y=415}
time = 0n-3490515
hDevice = 0x00010047
pmei = 0xe1414fe8
bInjected = 0n0
bWakeRIT = 0n1