从i8042prt!I8042MouseIsrDpc到mouclass!MouseClassServiceCallback看deviceExtension-＞ConnectData.ClassServ

从i8042prt!I8042MouseIsrDpc到mouclass!MouseClassServiceCallback看deviceExtension->ConnectData.ClassService的重要作用

0: kd> kc
#
00 mouclass!MouseClassServiceCallback
01 i8042prt!I8042MouseIsrDpc
02 nt!KiRetireDpcList
03 nt!KiIdleLoop

VOID
I8042MouseIsrDpc(
IN PKDPC Dpc,
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
)
{

deviceExtension = (PPORT_MOUSE_EXTENSION) DeviceObject->DeviceExtension;

if (getPointerContext.InputCount != 0) {

//
// Call the connected class driver's callback ISR with the
// port InputData queue pointers. If we have to wrap the queue,
// break the operation into two pieces, and call the class callback
// ISR once for each piece.
//

classDeviceObject =
deviceExtension->ConnectData.ClassDeviceObject;
classService =
deviceExtension->ConnectData.ClassService;
ASSERT(classService != NULL);

if (getPointerContext.DataOut >= getPointerContext.DataIn) {

//
// We'll have to wrap the InputData circular buffer. Call
// the class callback ISR with the chunk of data starting at
// DataOut and ending at the end of the queue.
//

Print(DBG_DPC_NOISE,
("I8042MouseIsrDpc: calling class callback\n"
));
Print(DBG_DPC_INFO,
("I8042MouseIsrDpc: with Start 0x%x and End 0x%x\n",
getPointerContext.DataOut,
deviceExtension->DataEnd
));

(*(PSERVICE_CALLBACK_ROUTINE) classService)(
classDeviceObject,
getPointerContext.DataOut,
deviceExtension->DataEnd,
&inputDataConsumed
);

第二部分：

1: kd> dv
DeviceObject = 0x898a7aa0 Device for "\Driver\i8042prt"
Irp = 0x8962ae70

1: kd> dx -r1 -nv (*((mouclass!_DEVICE_OBJECT *)0x898a7aa0))
(*((mouclass!_DEVICE_OBJECT *)0x898a7aa0)) : Device for "\Driver\i8042prt" [Type: _DEVICE_OBJECT]
[+0x000] Type : 3 [Type: short]
[+0x002] Size : 0x398 [Type: unsigned short]
[+0x004] ReferenceCount : 0 [Type: long]
[+0x008] DriverObject : 0x89796260 : Driver "\Driver\i8042prt" [Type: _DRIVER_OBJECT *]
[+0x00c] NextDevice : 0x8949ca08 : Device for "\Driver\i8042prt" [Type: _DEVICE_OBJECT *]
[+0x010] AttachedDevice : 0x898a7888 : Device for "\Driver\Mouclass" [Type: _DEVICE_OBJECT *]
[+0x014] CurrentIrp : 0x0 [Type: _IRP *]
[+0x018] Timer : 0x0 [Type: _IO_TIMER *]
[+0x01c] Flags : 0x2004 [Type: unsigned long]
[+0x020] Characteristics : 0x0 [Type: unsigned long]
[+0x024] DoNotUse1 : 0x0 [Type: void *]
[+0x028] DeviceExtension : 0x898a7b58 [Type: void *] [+0x028] DeviceExtension : 0x898a7b58 [Type: void *]
[+0x02c] DeviceType : 0x27 [Type: unsigned long]
[+0x030] StackSize : 5 [Type: char]
[+0x034] Queue [Type: __unnamed]
[+0x05c] AlignmentRequirement : 0x0 [Type: unsigned long]
[+0x060] DeviceQueue [Type: _KDEVICE_QUEUE]
[+0x074] Dpc [Type: _KDPC]
[+0x094] ActiveThreadCount : 0x0 [Type: unsigned long]
[+0x098] SecurityDescriptor : 0x0 [Type: void *]
[+0x09c] DeviceLock [Type: _KEVENT]
[+0x0ac] SectorSize : 0x0 [Type: unsigned short]
[+0x0ae] Spare1 : 0x1 [Type: unsigned short]
[+0x0b0] DeviceObjectExtension : 0x898a7e38 [Type: _DEVOBJ_EXTENSION *]
[+0x0b4] Reserved : 0x0 [Type: void *]

1: kd> dt _PORT_MOUSE_EXTENSION 0x898a7b58
i8042prt!_PORT_MOUSE_EXTENSION
+0x000 Self : 0x898a7aa0 _DEVICE_OBJECT
+0x004 InterruptObject : (null)
+0x008 InterruptSpinLock : 0
+0x00c TopOfStack : 0x895c5610 _DEVICE_OBJECT
+0x010 PDO : 0x895c5610 _DEVICE_OBJECT
+0x018 RemoveLock : _IO_REMOVE_LOCK
+0x070 OutstandingPowerIrp : (null)
+0x074 PowerState : 1 ( PowerDeviceD0 )
+0x078 SystemState : 0 ( PowerSystemUnspecified )
+0x07c ShutdownType : 0 ( PowerActionNone )
+0x080 InputCount : 0
+0x084 EnableCount : 0n0
+0x088 DataConsumptionTimer : _KTIMER
+0x0b0 RetriesExceededDpc : _KDPC
+0x0d0 ErrorLogDpc : _KDPC
+0x0f0 TimeOutDpc : _KDPC
+0x110 ResetDpc : _KDPC
+0x130 SequenceNumber : 0
+0x134 ConnectData : _CONNECT_DATA
+0x13c WmiLibInfo : _WMILIB_CONTEXT
+0x15c CurrentOutput : _OUTPUT_PACKET
+0x16c InterruptDescriptor : _CM_PARTIAL_RESOURCE_DESCRIPTOR
+0x17c PnpDeviceState : 0
+0x180 ResendCount : 0n0
+0x182 OkayToLogOverflow : 0 ''
+0x183 Initialized : 0 ''
+0x184 IsIsrActivated : 0 ''
+0x185 IsKeyboard : 0 ''
+0x186 Started : 0 ''
+0x188 MouseAttributes : _MOUSE_ATTRIBUTES
+0x194 ResetIrp : (null)
+0x198 MouseIsrDpc : _KDPC
+0x1b8 MouseIsrDpcRetry : _KDPC
+0x1d8 MouseIsrResetDpc : _KDPC
+0x1f8 ResetMouse : _RESET_MOUSE
+0x1f8 EnableMouse : _ENABLE_MOUSE
+0x248 DpcInterlockMouse : 0n0
+0x24c InputData : (null)
+0x250 DataIn : (null)
+0x254 DataOut : (null)
+0x258 DataEnd : (null)
+0x25c CurrentInput : _MOUSE_INPUT_DATA
+0x274 InputState : 0 ( MouseIdle )
+0x278 InputResetSubState : 0 ( ExpectingReset )
+0x27c WorkerResetSubState : 0 ( ExpectingReset )
+0x280 ResetCount : 0 ''
+0x281 FailedCompleteResetCount : 0 ''
+0x282 CurrentSignAndOverflow : 0 ''
+0x283 PreviousSignAndOverflow : 0 ''
+0x288 PreviousTick : _LARGE_INTEGER 0x0
+0x290 SynchTickCount : 0
+0x294 WheelDetectionTimeout : 0
+0x298 WheelDetectionIDs : _UNICODE_STRING ""
+0x2a0 PnPID : [8] 0
+0x2b0 IsrHookCallback : (null)
+0x2b4 HookContext : (null)
+0x2b8 NotificationEntry : (null)
+0x2bc SampleRates : (null)
+0x2c0 MouseResetStallTime : 0
+0x2c4 SampleRatesIndex : 0 ''
+0x2c5 PreviousButtons : 0 ''
+0x2c6 PostSamplesState : 0
+0x2c8 LastByteReceived : 0 ''
+0x2c9 Resolution : 0 ''
+0x2ca EnableWheelDetection : 0 ''
+0x2cb NumberOfButtonsOverride : 0 ''
+0x2cc InitializePolled : 0 ''
+0x2d0 RecordHistoryFlags : 0
+0x2d4 RecordHistoryCount : 0
+0x2d8 RecordHistoryState : 0
1: kd> dx -id 0,0,899a2278 -r1 (*((i8042prt!_CONNECT_DATA *)0x898a7c8c))
(*((i8042prt!_CONNECT_DATA *)0x898a7c8c)) [Type: _CONNECT_DATA]
[+0x000] ClassDeviceObject : 0x898a7888 : Device for "\Driver\Mouclass" [Type: _DEVICE_OBJECT *]
[+0x004] ClassService : 0xf74fa596 [Type: void *]
1: kd> u 0xf74fa596
mouclass!MouseClassServiceCallback [d:\srv03rtm\drivers\input\mouclass\mouclass.c @ 2416]:
f74fa596 55 push ebp
f74fa597 8bec mov ebp,esp
f74fa599 83ec0c sub esp,0Ch
f74fa59c 53 push ebx
f74fa59d 56 push esi
f74fa59e 57 push edi
f74fa59f 6820a04ff7 push offset mouclass!MouseClassHandleRead+0x104 (f74fa020)
f74fa5a4 6a02 push 2

第三部分：deviceExtension->ConnectData.ClassService什么时候被赋值的?

1: kd> kc
#
00 mouclass!MouSendConnectRequest
01 mouclass!MouseAddDeviceEx
02 mouclass!MouseAddDevice
03 nt!PpvUtilCallAddDevice
04 nt!PipCallDriverAddDevice
05 nt!PipProcessDevNodeTree
06 nt!PiProcessStartSystemDevices
07 nt!PipDeviceActionWorker
08 nt!ExpWorkerThread
09 nt!PspSystemThreadStartup
0a nt!KiThreadStartup

NTSTATUS
MouSendConnectRequest(
IN PDEVICE_EXTENSION ClassData,
IN PVOID ServiceCallback
)
{
PIRP irp;
IO_STATUS_BLOCK ioStatus;
NTSTATUS status;
KEVENT event;
CONNECT_DATA connectData;

PAGED_CODE ();

MouPrint((2,"MOUCLASS-MouSendConnectRequest: enter\n"));

//
// Create notification event object to be used to signal the
// request completion.
//

KeInitializeEvent(&event, NotificationEvent, FALSE);

//
// Build the synchronous request to be sent to the port driver
// to perform the request. Allocate an IRP to issue the port internal
// device control connect call. The connect parameters are passed in
// the input buffer.
//
//

connectData.ClassDeviceObject = ClassData->TrueClassDevice;
connectData.ClassService = ServiceCallback;

1: kd> kc
#
00 nt!IoBuildDeviceIoControlRequest
01 mouclass!MouSendConnectRequest
02 mouclass!MouseAddDeviceEx
03 mouclass!MouseAddDevice
04 nt!PpvUtilCallAddDevice
05 nt!PipCallDriverAddDevice
06 nt!PipProcessDevNodeTree
07 nt!PiProcessStartSystemDevices
08 nt!PipDeviceActionWorker
09 nt!ExpWorkerThread
0a nt!PspSystemThreadStartup
0b nt!KiThreadStartup

irp = IoBuildDeviceIoControlRequest(
IOCTL_INTERNAL_MOUSE_CONNECT,
ClassData->TopPort,
&connectData, //关键地方，第三个参数！！！
sizeof(CONNECT_DATA),
NULL,
0,
TRUE,
&event,
&ioStatus
);

PIRP
IoBuildDeviceIoControlRequest(
IN ULONG IoControlCode,
IN PDEVICE_OBJECT DeviceObject,
IN PVOID InputBuffer OPTIONAL, //关键地方，第三个参数！！！
IN ULONG InputBufferLength,
OUT PVOID OutputBuffer OPTIONAL,
IN ULONG OutputBufferLength,
IN BOOLEAN InternalDeviceIoControl,
IN PKEVENT Event,
OUT PIO_STATUS_BLOCK IoStatusBlock
)
{

case METHOD_NEITHER:

//
// For this case, do nothing. Everything is up to the driver.
// Simply give the driver a copy of the caller's parameters and
// let the driver do everything itself.
//

irp->UserBuffer = OutputBuffer;
irpSp->Parameters.DeviceIoControl.Type3InputBuffer = InputBuffer;
}

irpSp->Parameters.DeviceIoControl.Type3InputBuffer关键地方

1: kd> kc
#
00 i8042prt!I8xInternalDeviceControl
01 nt!IofCallDriver
02 mouclass!MouSendConnectRequest
03 mouclass!MouseAddDeviceEx
04 mouclass!MouseAddDevice
05 nt!PpvUtilCallAddDevice
06 nt!PipCallDriverAddDevice
07 nt!PipProcessDevNodeTree
08 nt!PiProcessStartSystemDevices
09 nt!PipDeviceActionWorker
0a nt!ExpWorkerThread
0b nt!PspSystemThreadStartup
0c nt!KiThreadStartup

NTSTATUS
I8xInternalDeviceControl(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{

//
// Connect a mouse class device driver to the port driver.
//
case IOCTL_INTERNAL_MOUSE_CONNECT:

//
// This really isn't something to worry about overall, but it is worthy
// enough to be noted and recorded. The multiple starts will be handled in
// I8xPnp and I8xMouseStartDevice routines
//
if (MOUSE_PRESENT()) {
Print(DBG_ALWAYS, ("Received 1+ mouse connects!\n"));
SET_HW_FLAGS(DUP_MOUSE_HARDWARE_PRESENT);
}

InterlockedIncrement(&Globals.AddedMice);

mouseExtension->IsKeyboard = FALSE;

SET_HW_FLAGS(MOUSE_HARDWARE_PRESENT);

Print(DBG_IOCTL_INFO, ("IOCTL: mouse connect\n"));

//
// Only allow a connection if the mouse hardware is present.
// Also, only allow one connection.
//
if (mouseExtension->ConnectData.ClassService != NULL) {

Print(DBG_IOCTL_ERROR, ("IOCTL: error - already connected\n"));
status = STATUS_SHARING_VIOLATION;
break;
}
else if (irpSp->Parameters.DeviceIoControl.InputBufferLength <
sizeof(CONNECT_DATA)) {

Print(DBG_IOCTL_ERROR, ("IOCTL: error - invalid buffer length\n"));
status = STATUS_INVALID_PARAMETER;
break;
}

//
// Copy the connection parameters to the device extension.
//
mouseExtension->ConnectData =
*((PCONNECT_DATA) (irpSp->Parameters.DeviceIoControl.Type3InputBuffer));

irpSp->Parameters.DeviceIoControl.Type3InputBuffer关键地方