为了得到节点P2P0的Bus号需要先得到节点PCI0的_BBN=BaseBusNumber
1: kd> g
Breakpoint 65 hit
ACPI!DispatchCtxtQueue+0xaf:
f742042d 57 push edi
1: kd> g
Breakpoint 39 hit
ACPI!RunContext:
f741d710 55 push ebp
1: kd> kc
#
00 ACPI!RunContext
01 ACPI!DispatchCtxtQueue
02 ACPI!StartTimeSlicePassive
03 ACPI!ACPIWorker
04 nt!PspSystemThreadStartup
05 nt!KiThreadStartup
1: kd> dv
pctxt = 0x8985a000
pctxtSave = 0xf741d711
pkthSave = 0x00000008
rc = 0n-1987731456
1: kd> dx -r1 ((ACPI!_ctxt *)0x8985a000)
((ACPI!_ctxt *)0x8985a000) : 0x8985a000 [Type: _ctxt *]
[+0x000] dwSig : 0x54585443 [Type: unsigned long]
[+0x004] pbCtxtEnd : 0x8985c000 : 0x43 [Type: unsigned char *]
[+0x008] listCtxt [Type: _List]
[+0x010] listQueue [Type: _List]
[+0x018] pplistCtxtQueue : 0x0 [Type: _List * *]
[+0x01c] plistResources : 0x0 [Type: _List *]
[+0x020] dwfCtxt : 0x128 [Type: unsigned long]
[+0x024] pnsObj : 0x8996cdf0 [Type: _NSObj *]
[+0x028] pnsScope : 0x8996cdf0 [Type: _NSObj *]
[+0x02c] powner : 0x0 [Type: _objowner *]
[+0x030] pcall : 0x0 [Type: _call *]
[+0x034] pnctxt : 0x0 [Type: _nestedctxt *]
[+0x038] dwSyncLevel : 0x0 [Type: unsigned long]
[+0x03c] pbOp : 0x0 [Type: unsigned char *]
[+0x040] Result [Type: _ObjData]
[+0x054] pfnAsyncCallBack : 0xf7407364 [Type: void (__cdecl*)(_NSObj *,long,_ObjData *,void *)]
[+0x058] pdataCallBack : 0x898a829c [Type: _ObjData *]
[+0x05c] pvContext : 0x898a8270 [Type: void *]
[+0x060] Timer [Type: _KTIMER]
[+0x088] Dpc [Type: _KDPC]
[+0x0a8] pheapCurrent : 0x8985a0bc [Type: _heap *]
[+0x0ac] CtxtData [Type: _ctxtdata]
[+0x0bc] LocalHeap [Type: _heap]
1: kd> dx -r1 (*((ACPI!_heap *)0x8985a0bc))
(*((ACPI!_heap *)0x8985a0bc)) [Type: _heap]
[+0x000] dwSig : 0x50414548 [Type: unsigned long]
[+0x004] pbHeapEnd : 0x8985bfe4 : 0x50 [Type: unsigned char *]
[+0x008] pheapHead : 0x8985a0bc [Type: _heap *]
[+0x00c] pheapNext : 0x0 [Type: _heap *]
[+0x010] pbHeapTop : 0x8985a0d4 : 0x0 [Type: unsigned char *]
[+0x014] plistFreeHeap : 0x0 [Type: _List *]
[+0x018] Heap [Type: _heapobjhdr]
1: kd> dt framehdr 0x8985bfe4
ACPI!FRAMEHDR
+0x000 dwSig : 0x54534f50
+0x004 dwLen : 0x1c
+0x008 dwfFrame : 0
+0x00c pfnParse : 0xf741ef2b long ACPI!ProcessEvalObj+0
1: kd> g
Breakpoint 45 hit
ACPI!RunContext+0x11f:
f741d82f ff570c call dword ptr [edi+0Ch]
1: kd> g
Breakpoint 11 hit
ACPI!RunContext+0x142:
f741d852 e83bceffff call ACPI!AcquireMutex (f741a692)
1: kd> g
Breakpoint 54 hit
ACPI!RunContext+0x1f0:
f741d900 e8af1e0000 call ACPI!AsyncCallBack (f741f7b4)
1: kd> g
Breakpoint 63 hit
ACPI!GetPciAddressWorker:
f740ceea 55 push ebp
1: kd> kc
#
00 ACPI!GetPciAddressWorker
01 ACPI!ACPIGetWorkerForInteger
02 ACPI!AsyncCallBack
03 ACPI!RunContext
04 ACPI!DispatchCtxtQueue
05 ACPI!StartTimeSlicePassive
06 ACPI!ACPIWorker
07 nt!PspSystemThreadStartup
08 nt!KiThreadStartup
1: kd> dv
AcpiObject = 0x8996cdf0
Status = 0n0
Result = 0x00000000
Context = 0x898a8848
buffer = unsigned char [64] ""
1: kd> dt GET_ADDRESS_CONTEXT 0x898a8848
ACPI!GET_ADDRESS_CONTEXT
+0x000 PciObject : 0x8996cd78 _NSObj
+0x004 Bus : 0x899c146c ""
+0x008 Slot : 0x899c1470 _PCI_SLOT_NUMBER
+0x00c ParentBus : 0 ''
+0x010 ParentSlot : _PCI_SLOT_NUMBER
+0x014 Flags : 8 #define PCISUPP_CHECKED_ADR 8
+0x018 Address : 0x110000 得到了_ADR=0x110000
+0x01c BaseBusNumber : 0
+0x020 RunCompletion : 0n0
+0x024 CompletionRoutine : 0xf740ceea void ACPI!GetPciAddressWorker+0
+0x028 CompletionContext : 0x899c1460 Void
1: kd> dx -id 0,0,899a2278 -r1 ((ACPI!unsigned char *)0x899c146c)
((ACPI!unsigned char *)0x899c146c) : 0x899c146c : 0x0 [Type: unsigned char *]
0x0 [Type: unsigned char]
1: kd> dt _PCI_SLOT_NUMBER 0x899c1470 -r
hal!_PCI_SLOT_NUMBER
+0x000 u : __unnamed
+0x000 bits : __unnamed
+0x000 DeviceNumber : 0y00000 (0)
+0x000 FunctionNumber : 0y000
+0x000 Reserved : 0y000000000000000000000000 (0)
+0x000 AsULONG : 0
#define PCISUPP_CHECKED_ADR 8
Device (P2P0)
{
Name (_ADR, 0x00110000) // _ADR: Address
Device (PE40)
{
Name (_ADR, 0x00150000) // _ADR: Address
//
// First, determine the slot number.
//
if (!(state->Flags & PCISUPP_CHECKED_ADR)) { //已经得到了PCISUPP_CHECKED_ADR
//
// Get the _ADR.
//
state->Flags |= PCISUPP_CHECKED_ADR;
status = ACPIGetNSAddressAsync(
state->PciObject,
GetPciAddressWorker,
(PVOID)state,
&(state->Address),
NULL
);
if (status == STATUS_PENDING) {
return status;
}
if (!NT_SUCCESS(status)) {
goto GetPciAddressWorkerExit;
}
}
if (!(state->Flags & PCISUPP_GOT_SLOT_INFO)) {
//
// Build a PCI_SLOT_NUMBER out of the integer returned
// from the interpretter.
//
state->Slot->u.bits.FunctionNumber = (state->Address) & 0x7;
state->Slot->u.bits.DeviceNumber = ( (state->Address) >> 16) & 0x1f;
state->Flags |= PCISUPP_GOT_SLOT_INFO;
}
1: kd> dt _PCI_SLOT_NUMBER 0x899c1470 -r
hal!_PCI_SLOT_NUMBER
+0x000 u : __unnamed
+0x000 bits : __unnamed
+0x000 DeviceNumber : 0y10001 (0x11)
+0x000 FunctionNumber : 0y000
+0x000 Reserved : 0y000000000000000000000000 (0)
+0x000 AsULONG : 0x11
1: kd> dt GET_ADDRESS_CONTEXT 0x898a8848
ACPI!GET_ADDRESS_CONTEXT
+0x000 PciObject : 0x8996cd78 _NSObj
+0x004 Bus : 0x899c146c ""
+0x008 Slot : 0x899c1470 _PCI_SLOT_NUMBER
+0x00c ParentBus : 0 ''
+0x010 ParentSlot : _PCI_SLOT_NUMBER
+0x014 Flags : 0x108 #define PCISUPP_GOT_SLOT_INFO 0x100
+0x018 Address : 0x110000
+0x01c BaseBusNumber : 0
+0x020 RunCompletion : 0n1
+0x024 CompletionRoutine : 0xf740ceea void ACPI!GetPciAddressWorker+0
+0x028 CompletionContext : 0x899c1460 Void
//
// Next, get the bus number, if possible.
//
*state->Bus = 0; // default value, in case we have to guess
//
// Check first to see if this bus has a _HID.
// (It might be a root PCI bridge.)
//
bus = state->PciObject;
tempObj = ACPIAmliGetNamedChild(bus, PACKED_HID);
if (!tempObj) {
//
// This device had no _HID. So look up
// to the parent and see if it is a
// root PCI bridge.
//
bus = state->PciObject->pnsParent; 0x899affac
tempObj = ACPIAmliGetNamedChild(bus, PACKED_HID); 关键地方:eax=899b0024
1: kd> p
eax=899b0024 ebx=899affac ecx=4449485f edx=00000011 esi=898a8848 edi=00000103
eip=f740cfc7 esp=f791ac60 ebp=f791acb0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!GetPciAddressWorker+0xdd:
f740cfc7 85c0 test eax,eax
}
1: kd> db 899b0024
899b0024 64 a0 91 89 68 00 9b 89-ac ff 9a 89 00 00 00 00 d...h...........
899b0034 5f 48 49 44 30 f3 9a 89-ac ff 9a 89 00 00 01 00 _HID0...........
1: kd> dt nsobj 899b0024
ACPI!NSOBJ
+0x000 list : _List
+0x008 pnsParent : 0x899affac _NSObj
+0x00c pnsFirstChild : (null)
+0x010 dwNameSeg : 0x4449485f
+0x014 hOwner : 0x899af330 Void
+0x018 pnsOwnedNext : 0x899affac _NSObj
+0x01c ObjData : _ObjData
+0x030 Context : (null)
+0x034 dwRefCount : 0
1: kd> db 0x899affac
899affac 4c ff 9a 89 ac 40 9b 89-f0 f0 9a 89 24 00 9b 89 L....@......$...
899affbc 50 43 49 30 30 f3 9a 89-4c ff 9a 89 00 00 06 00 PCI00...L.......
//
// Is there a _BBN to run? 有的。
//
tempObj = ACPIAmliGetNamedChild(bus, PACKED_BBN); eax=899b00ac
1: kd> p
eax=899b00ac ebx=899affac ecx=4e42425f edx=00000011 esi=898a8848 edi=00000103
eip=f740d041 esp=f791ac60 ebp=f791acb0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!GetPciAddressWorker+0x157:
f740d041 85c0 test eax,eax
1: kd> db 899b00ac
899b00ac 68 00 9b 89 f0 00 9b 89-ac ff 9a 89 00 00 00 00 h...............
899b00bc 5f 42 42 4e 30 f3 9a 89-68 00 9b 89 00 00 01 00 _BBN0...h.......
if (tempObj) {
//
// This device must be the child of a root PCI bus. 关键断言。
//P2P0是the child of a root PCI bus.
if (!(state->Flags & PCISUPP_CHECKED_BBN)) {
state->Flags |= PCISUPP_CHECKED_BBN;
status = ACPIGetNSIntegerAsync(
bus,
PACKED_BBN,
GetPciAddressWorker,
(PVOID)state,
&(state->BaseBusNumber),
NULL
);
#define PCISUPP_CHECKED_BBN 0x2000
1: kd> dt GET_ADDRESS_CONTEXT 0x898a8848
ACPI!GET_ADDRESS_CONTEXT
+0x000 PciObject : 0x8996cd78 _NSObj
+0x004 Bus : 0x899c146c ""
+0x008 Slot : 0x899c1470 _PCI_SLOT_NUMBER
+0x00c ParentBus : 0 ''
+0x010 ParentSlot : _PCI_SLOT_NUMBER
+0x014 Flags : 0x2108
+0x018 Address : 0x110000
+0x01c BaseBusNumber : 0
+0x020 RunCompletion : 0n1
+0x024 CompletionRoutine : 0xf740ceea void ACPI!GetPciAddressWorker+0
+0x028 CompletionContext : 0x899c1460 Void
1: kd> t
Breakpoint 71 hit
eax=00000000 ebx=899affac ecx=898a8864 edx=00000011 esi=898a8848 edi=00000103
eip=f74076b8 esp=f791ac38 ebp=f791acb0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ACPIGet:
f74076b8 55 push ebp
1: kd> kc
#
00 ACPI!ACPIGet
01 ACPI!GetPciAddressWorker
02 ACPI!ACPIGetWorkerForInteger
03 ACPI!AsyncCallBack
04 ACPI!RunContext
05 ACPI!DispatchCtxtQueue
06 ACPI!StartTimeSlicePassive
07 ACPI!ACPIWorker
08 nt!PspSystemThreadStartup
09 nt!KiThreadStartup
1: kd> dv
Target = 0x899affac
ObjectID = 0x4e42425f
1: kd> db 0x899affac
899affac 4c ff 9a 89 ac 40 9b 89-f0 f0 9a 89 24 00 9b 89 L....@......$...
899affbc 50 43 49 30 30 f3 9a 89-4c ff 9a 89 00 00 06 00 PCI00...L.......
1: kd> r
eax=00000000 ebx=899affac ecx=898a8864 edx=00000011 esi=898a8848 edi=00000103
eip=f74076b8 esp=f791ac38 ebp=f791acb0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ACPIGet:
f74076b8 55 push ebp
1: kd> db f791ac38
f791ac38 75 d0 40 f7 ac ff 9a 89-5f 42 42 4e 02 00 04 48 u.@....._BBN...H
