nt!IopInitializeBootDrivers函数分析之nt!PipAddDevicesToBootDriver
0: kd> g
Breakpoint 6 hit
eax=00000000 ebx=80084348 ecx=ffffffff edx=895c2164 esi=e128e350 edi=80086540
eip=80e692b4 esp=f789a650 ebp=f789a694 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!IopInitializeBootDrivers+0x2ee:
80e692b4 894618 mov dword ptr [esi+18h],eax ds:0023:e128e368=00000000
0: kd> g
Breakpoint 14 hit
eax=89924a48 ebx=80084348 ecx=0f3e000a edx=0f3d0009 esi=e128e350 edi=80086540
eip=80e68766 esp=f789a648 ebp=f789a694 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!PipAddDevicesToBootDriver:
80e68766 55 push ebp
0: kd> kc
#
00 nt!PipAddDevicesToBootDriver
01 nt!IopInitializeBootDrivers
02 nt!IoInitSystem
03 nt!Phase1Initialization
04 nt!PspSystemThreadStartup
05 nt!KiThreadStartup
0: kd> g
Breakpoint 15 hit
eax=f789a604 ebx=00000000 ecx=00000008 edx=80a3d8ad esi=00000200 edi=00000000
eip=80e671b8 esp=f789a5e8 ebp=f789a620 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!PipAddDevicesToBootDriverWorker:
80e671b8 55 push ebp
0: kd> kc
#
00 nt!PipAddDevicesToBootDriverWorker
01 nt!PipApplyFunctionToServiceInstances
02 nt!PipAddDevicesToBootDriver
03 nt!IopInitializeBootDrivers
04 nt!IoInitSystem
05 nt!Phase1Initialization
06 nt!PspSystemThreadStartup
07 nt!KiThreadStartup
0: kd> t
eax=00000000 ebx=00000000 ecx=00000001 edx=00000030 esi=89985f10 edi=00000000
eip=80a2e028 esp=f789a5c4 ebp=f789a5e4 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
nt!PipRequestDeviceAction:
80a2e028 55 push ebp
0: kd> kc
#
00 nt!PipRequestDeviceAction
01 nt!PipAddDevicesToBootDriverWorker
02 nt!PipApplyFunctionToServiceInstances
03 nt!PipAddDevicesToBootDriver
04 nt!IopInitializeBootDrivers
05 nt!IoInitSystem
06 nt!Phase1Initialization
07 nt!PspSystemThreadStartup
08 nt!KiThreadStartup
0: kd> dv
DeviceObject = 0x89985f10 Device for "\Driver\PnpManager"
RequestType = AddBootDevices (0n0)
ReorderingBarrier = 0x00 ''
RequestArgument = 0
CompletionEvent = 0x00000000
CompletionStatus = 0x00000000
oldIrql = 0x00 ''
0: kd> g
Breakpoint 10 hit
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=00000000 edi=80b1f6f8
eip=80a2dd1c esp=f789a5ac ebp=f789a5c0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!PipDeviceActionWorker:
80a2dd1c 55 push ebp
0: kd> kc
#
00 nt!PipDeviceActionWorker
01 nt!PipRequestDeviceAction
02 nt!PipAddDevicesToBootDriverWorker
03 nt!PipApplyFunctionToServiceInstances
04 nt!PipAddDevicesToBootDriver
05 nt!IopInitializeBootDrivers
06 nt!IoInitSystem
07 nt!Phase1Initialization
08 nt!PspSystemThreadStartup
09 nt!KiThreadStartup
0: kd> dv
Context = 0x00000000
addContext = struct _ADD_CONTEXT
dereferenceDevice = 0x00 ''
status = 0n-2136810211
bootProcess = 0x00 ''
assignResources = 0x00 ''
0: kd> dx -r1 (*((ntkrnlmp!_ADD_CONTEXT *)0xf789a598))
(*((ntkrnlmp!_ADD_CONTEXT *)0xf789a598)) [Type: _ADD_CONTEXT]
[+0x000] DriverStartType : 0xf789a5c0 [Type: unsigned long]
PiProcessAddBootDevices
for ( ; ; ) {
status = STATUS_SUCCESS;
//
// PipProcessDevNodeTree always dereferences passed in device. Set this
// to false if PipProcessDevNodeTree is called with the device in the
// original request.
//
dereferenceDevice = TRUE;
ExAcquireSpinLock(&IopPnPSpinLock, &oldIrql);
entry = RemoveHeadList(&IopPnpEnumerationRequestList); eax=80b1f5f8
0: kd> p
eax=80b1f5f8 ebx=00000000 ecx=80b1f5f8 edx=00000000 esi=899663e0 edi=80b1f6f8
eip=80a2dd63 esp=f789a58c ebp=f789a5a8 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!PipDeviceActionWorker+0x47:
80a2dd63 3bf1 cmp esi,ecx
//
// We have a list of requests to process. Processing depends on the type
// of the first one in the list.
//
ASSERT(entry);
request = CONTAINING_RECORD(entry, PI_DEVICE_REQUEST, ListEntry);
InitializeListHead(&request->ListEntry);
0: kd> dt _PI_DEVICE_REQUEST 0x899663e0
nt!_PI_DEVICE_REQUEST
+0x000 ListEntry : _LIST_ENTRY [ 0x899663e0 - 0x899663e0 ]
+0x008 DeviceObject : 0x89985f10 _DEVICE_OBJECT
+0x00c RequestType : 0 ( AddBootDevices )
+0x010 ReorderingBarrier : 0 ''
+0x014 RequestArgument : 0
+0x018 CompletionEvent : (null)
+0x01c CompletionStatus : (null)
0: kd> dx -id 0,0,899a2278 -r1 ((ntkrnlmp!_DEVICE_OBJECT *)0x89985f10)
((ntkrnlmp!_DEVICE_OBJECT *)0x89985f10) : 0x89985f10 : Device for "\Driver\PnpManager" [Type: _DEVICE_OBJECT *]
[<Raw View>] [Type: _DEVICE_OBJECT]
Flags : 0x1040
UpperDevices : None
LowerDevices : None
Driver : 0x899873b0 : Driver "\Driver\PnpManager" [Type: _DRIVER_OBJECT *]
0: kd> dx -id 0,0,899a2278 -r1 -nv (*((ntkrnlmp!_DEVICE_OBJECT *)0x89985f10))
(*((ntkrnlmp!_DEVICE_OBJECT *)0x89985f10)) : Device for "\Driver\PnpManager" [Type: _DEVICE_OBJECT]
[+0x000] Type : 3 [Type: short]
[+0x002] Size : 0xc0 [Type: unsigned short]
[+0x004] ReferenceCount : 0 [Type: long]
[+0x008] DriverObject : 0x899873b0 : Driver "\Driver\PnpManager" [Type: _DRIVER_OBJECT *]
[+0x00c] NextDevice : 0x899c4258 : Device for "\Driver\PnpManager" [Type: _DEVICE_OBJECT *]
[+0x010] AttachedDevice : 0x0 [Type: _DEVICE_OBJECT *]
[+0x014] CurrentIrp : 0x0 [Type: _IRP *]
[+0x018] Timer : 0x0 [Type: _IO_TIMER *]
[+0x01c] Flags : 0x1040 [Type: unsigned long]
[+0x020] Characteristics : 0x80 [Type: unsigned long]
[+0x024] Vpb : 0x0 [Type: _VPB *]
[+0x028] DeviceExtension : 0x89985fc8 [Type: void *]
[+0x02c] DeviceType : 0x4 [Type: unsigned long]
[+0x030] StackSize : 1 [Type: char]
[+0x034] Queue [Type: __unnamed]
[+0x05c] AlignmentRequirement : 0x0 [Type: unsigned long]
[+0x060] DeviceQueue [Type: _KDEVICE_QUEUE]
[+0x074] Dpc [Type: _KDPC]
[+0x094] ActiveThreadCount : 0x0 [Type: unsigned long]
[+0x098] SecurityDescriptor : 0xe12976b8 [Type: void *]
[+0x09c] DeviceLock [Type: _KEVENT]
[+0x0ac] SectorSize : 0x0 [Type: unsigned short]
[+0x0ae] Spare1 : 0x0 [Type: unsigned short]
[+0x0b0] DeviceObjectExtension : 0x89985fd0 [Type: _DEVOBJ_EXTENSION *]
[+0x0b4] Reserved : 0x0 [Type: void *]
0: kd> p
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=899663e0 edi=00000000
eip=80a2ddf6 esp=f789a58c ebp=f789a5a8 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
nt!PipDeviceActionWorker+0xda:
80a2ddf6 897604 mov dword ptr [esi+4],esi ds:0023:899663e4={nt!IopPnpEnumerationRequestList (80b1f5f8)}
switch (request->RequestType) {
case AddBootDevices:
//
// Boot driver initialization.
//
status = PiProcessAddBootDevices(request);
break;
0: kd> t
Breakpoint 18 hit
eax=00000000 ebx=00000000 ecx=00000000 edx=00000000 esi=899663e0 edi=00000000
eip=80c92894 esp=f789a584 ebp=f789a5a8 iopl=0 nv up ei ng nz na pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000287
nt!PiProcessAddBootDevices:
80c92894 55 push ebp
0: kd> kc
#
00 nt!PiProcessAddBootDevices
01 nt!PipDeviceActionWorker
02 nt!PipRequestDeviceAction
03 nt!PipAddDevicesToBootDriverWorker
04 nt!PipApplyFunctionToServiceInstances
05 nt!PipAddDevicesToBootDriver
06 nt!IopInitializeBootDrivers
07 nt!IoInitSystem
08 nt!Phase1Initialization
09 nt!PspSystemThreadStartup
0a nt!KiThreadStartup
0: kd> kv
# ChildEBP RetAddr Args to Child
00 f789a580 80a2de4e 899663e0 80b1f6f8 00000000 nt!PiProcessAddBootDevices (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\io\pnpmgr\pnpenum.c @ 5825]
01 f789a5a8 80a2e161 00000000 00000000 00000000 nt!PipDeviceActionWorker+0x132 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\io\pnpmgr\pnpenum.c @ 739]
02 f789a5c0 80e671d7 89985f10 00000000 00000000 nt!PipRequestDeviceAction+0x139 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\io\pnpmgr\pnpenum.c @ 598]
03 f789a5e4 80c8af7b 80000220 f789a604 895c2188 nt!PipAddDevicesToBootDriverWorker+0x1f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\io\pnpmgr\pnpinit.c @ 1758]
04 f789a620 80e68789 e1355938 00000000 000f003f nt!PipApplyFunctionToServiceInstances+0x18f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\io\pnpmgr\pnpsubs.c @ 2378]
05 f789a644 80e6934a 895c2188 00000000 80077000 nt!PipAddDevicesToBootDriver+0x23 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\io\pnpmgr\pnpinit.c @ 1700]
06 f789a694 80e655c7 80077000 f789a7dc 00034000 nt!IopInitializeBootDrivers+0x384 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\io\pnpmgr\pnpinit.c @ 1440]
07 f789a838 80e632fd 80077000 00000000 899a1020 nt!IoInitSystem+0x70b (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\io\iomgr\ioinit.c @ 665]
08 f789adac 80d391f0 80077000 00000000 00000000 nt!Phase1Initialization+0x9b3 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\init\init.c @ 2221]
09 f789addc 80b00d52 80e6294a 80077000 00000000 nt!PspSystemThreadStartup+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ps\create.c @ 2213]
0a 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 [d:\srv03rtm\base\ntos\ke\i386\threadbg.asm @ 81]
0: kd> dv
Request = 0x899663e0
addContext = struct _ADD_CONTEXT
0: kd> dx -r1 ((ntkrnlmp!_PI_DEVICE_REQUEST *)0x899663e0)
((ntkrnlmp!_PI_DEVICE_REQUEST *)0x899663e0) : 0x899663e0 [Type: _PI_DEVICE_REQUEST *]
[+0x000] ListEntry [Type: _LIST_ENTRY]
[+0x008] DeviceObject : 0x89985f10 : Device for "\Driver\PnpManager" [Type: _DEVICE_OBJECT *]
[+0x00c] RequestType : AddBootDevices (0) [Type: _DEVICE_REQUEST_TYPE]
[+0x010] ReorderingBarrier : 0x0 [Type: unsigned char]
[+0x014] RequestArgument : 0x0 [Type: unsigned long]
[+0x018] CompletionEvent : 0x0 [Type: _KEVENT *]
[+0x01c] CompletionStatus : 0x0 [Type: long *]
0: kd> dx -id 0,0,899a2278 -r1 ((ntkrnlmp!_DEVICE_OBJECT *)0x89985f10)
((ntkrnlmp!_DEVICE_OBJECT *)0x89985f10) : 0x89985f10 : Device for "\Driver\PnpManager" [Type: _DEVICE_OBJECT *]
[<Raw View>] [Type: _DEVICE_OBJECT]
Flags : 0x1040
UpperDevices : None
LowerDevices : None
Driver : 0x899873b0 : Driver "\Driver\PnpManager" [Type: _DRIVER_OBJECT *]
0: kd> dx -id 0,0,899a2278 -r1 -nv (*((ntkrnlmp!_DEVICE_OBJECT *)0x89985f10))
(*((ntkrnlmp!_DEVICE_OBJECT *)0x89985f10)) : Device for "\Driver\PnpManager" [Type: _DEVICE_OBJECT]
[+0x000] Type : 3 [Type: short]
[+0x002] Size : 0xc0 [Type: unsigned short]
[+0x004] ReferenceCount : 0 [Type: long]
[+0x008] DriverObject : 0x899873b0 : Driver "\Driver\PnpManager" [Type: _DRIVER_OBJECT *]
[+0x00c] NextDevice : 0x899c4258 : Device for "\Driver\PnpManager" [Type: _DEVICE_OBJECT *]
[+0x010] AttachedDevice : 0x0 [Type: _DEVICE_OBJECT *]
[+0x014] CurrentIrp : 0x0 [Type: _IRP *]
[+0x018] Timer : 0x0 [Type: _IO_TIMER *]
[+0x01c] Flags : 0x1040 [Type: unsigned long]
[+0x020] Characteristics : 0x80 [Type: unsigned long]
[+0x024] Vpb : 0x0 [Type: _VPB *]
[+0x028] DeviceExtension : 0x89985fc8 [Type: void *]
[+0x02c] DeviceType : 0x4 [Type: unsigned long]
[+0x030] StackSize : 1 [Type: char]
[+0x034] Queue [Type: __unnamed]
[+0x05c] AlignmentRequirement : 0x0 [Type: unsigned long]
[+0x060] DeviceQueue [Type: _KDEVICE_QUEUE]
[+0x074] Dpc [Type: _KDPC]
[+0x094] ActiveThreadCount : 0x0 [Type: unsigned long]
[+0x098] SecurityDescriptor : 0xe12976b8 [Type: void *]
[+0x09c] DeviceLock [Type: _KEVENT]
[+0x0ac] SectorSize : 0x0 [Type: unsigned short]
[+0x0ae] Spare1 : 0x0 [Type: unsigned short]
[+0x0b0] DeviceObjectExtension : 0x89985fd0 [Type: _DEVOBJ_EXTENSION *]
[+0x0b4] Reserved : 0x0 [Type: void *]
0: kd> dx -id 0,0,899a2278 -r1 ((ntkrnlmp!_DEVOBJ_EXTENSION *)0x89985fd0)
((ntkrnlmp!_DEVOBJ_EXTENSION *)0x89985fd0) : 0x89985fd0 [Type: _DEVOBJ_EXTENSION *]
[+0x000] Type : 13 [Type: short]
[+0x002] Size : 0x0 [Type: unsigned short]
[+0x004] DeviceObject : 0x89985f10 : Device for "\Driver\PnpManager" [Type: _DEVICE_OBJECT *]
[+0x008] PowerFlags : 0x0 [Type: unsigned long]
[+0x00c] Dope : 0x0 [Type: _DEVICE_OBJECT_POWER_EXTENSION *]
[+0x010] ExtensionFlags : 0x10 [Type: unsigned long]
[+0x014] DeviceNode : 0x89985db8 [Type: void *]
[+0x018] AttachedTo : 0x0 [Type: _DEVICE_OBJECT *]
[+0x01c] StartIoCount : 0 [Type: long]
[+0x020] StartIoKey : 0 [Type: long]
[+0x024] StartIoFlags : 0x0 [Type: unsigned long]
[+0x028] Vpb : 0x0 [Type: _VPB *]
0: kd> !devnode 0x89985db8
DevNode 0x89985db8 for PDO 0x89985f10
Parent 0x899c5bc8 Sibling 0x89985b68 Child 0000000000
InstancePath is "Root\LEGACY_MOUNTMGR\0000"
ServiceName is "mountmgr"
State = DeviceNodeStarted (0x308)
Previous State = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[03] = DeviceNodeEnumerateCompletion (0x30d)
StateHistory[02] = DeviceNodeStarted (0x308)
StateHistory[01] = DeviceNodeInitialized (0x302)
StateHistory[00] = DeviceNodeUninitialized (0x301)
StateHistory[19] = Unknown State (0x0)
StateHistory[18] = Unknown State (0x0)
StateHistory[17] = Unknown State (0x0)
StateHistory[16] = Unknown State (0x0)
StateHistory[15] = Unknown State (0x0)
StateHistory[14] = Unknown State (0x0)
StateHistory[13] = Unknown State (0x0)
StateHistory[12] = Unknown State (0x0)
StateHistory[11] = Unknown State (0x0)
StateHistory[10] = Unknown State (0x0)
StateHistory[09] = Unknown State (0x0)
StateHistory[08] = Unknown State (0x0)
StateHistory[07] = Unknown State (0x0)
StateHistory[06] = Unknown State (0x0)
StateHistory[05] = Unknown State (0x0)
StateHistory[04] = Unknown State (0x0)
Flags (0x00001111) DNF_MADEUP, DNF_ENUMERATED,
DNF_NO_RESOURCE_REQUIRED, DNF_LEGACY_DRIVER
NTSTATUS
PiProcessAddBootDevices(
IN PPI_DEVICE_REQUEST Request
)
{
PDEVICE_NODE deviceNode;
ADD_CONTEXT addContext;
PAGED_CODE();
ASSERT(Request->DeviceObject != NULL);
deviceNode = (PDEVICE_NODE)Request->DeviceObject->DeviceObjectExtension->DeviceNode;
//
// If the device has been added (or failed) skip it.
//
// If we know the device is a duplicate of another device which
// has been enumerated at this point. we will skip this device.
//
if (deviceNode->State == DeviceNodeInitialized &&
!PipDoesDevNodeHaveProblem(deviceNode) &&
!(deviceNode->Flags & DNF_DUPLICATE) &&
deviceNode->DuplicatePDO == NULL) {
//
// Invoke driver's AddDevice Entry for the device.
//
addContext.DriverStartType = SERVICE_BOOT_START;
PipCallDriverAddDevice(deviceNode, PnPBootDriversInitialized, &addContext);
}
return STATUS_SUCCESS;
}
bp nt!PipCallDriverAddDevice
:如何让自定义容器像 `std::vector` 一样自动识别初始化类型?)
