ACPI!ACPIGetWorkerForInteger函数中的request->CallBackRoutine=ACPI!GetPciAddressWorker
第一部分:
1: kd> kc
#
00 ACPI!ACPIGetWorkerForInteger
01 ACPI!AsyncCallBack
02 ACPI!RunContext
03 ACPI!DispatchCtxtQueue
04 ACPI!StartTimeSlicePassive
05 ACPI!ACPIWorker
06 nt!PspSystemThreadStartup
07 nt!KiThreadStartup
1: kd> dv
AcpiObject = 0x899b00f0
Status = 0n0
Result = 0x899050cc
Context = 0x899050a0
freeData = 0x00 ''
1: kd> dt ACPI_GET_REQUEST 0x899050a0
+0x000 Flags : 0x48040402
+0x000 UFlags : __unnamed
+0x004 ObjectID : 0x5244415f
+0x008 ListEntry : _LIST_ENTRY [ 0xf743b940 - 0x899c6328 ]
+0x010 DeviceExtension : (null)
+0x014 AcpiObject : 0x899affac _NSObj
+0x018 CallBackRoutine : 0xf740ceea void ACPI!GetPciAddressWorker+0
+0x01c CallBackContext : 0x899bf408 Void
+0x020 Buffer : 0x899bf420 -> (null)
+0x024 BufferSize : (null)
+0x028 Status : 0n0
+0x02c ResultData : _ObjData
1: kd> p
eax=00000050 ebx=899b00f0 ecx=8997e000 edx=00002707 esi=89901000 edi=899050a0
eip=f7407369 esp=f791acd0 ebp=f791acd8 iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000297
ACPI!ACPIGetWorkerForInteger+0x5:
f7407369 8b5d0c mov ebx,dword ptr [ebp+0Ch] ss:0010:f791ace4=00000000
1: kd> p
eax=00000050 ebx=00000000 ecx=8997e000 edx=00002707 esi=89901000 edi=899050a0
eip=f740736c esp=f791acd0 ebp=f791acd8 iopl=0 nv up ei ng nz ac pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000297
ACPI!ACPIGetWorkerForInteger+0x8:
f740736c 85db test ebx,ebx
1: kd> p
eax=00000050 ebx=00000000 ecx=8997e000 edx=00002707 esi=89901000 edi=899050a0
eip=f7407376 esp=f791acc8 ebp=f791acd8 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ACPIGetWorkerForInteger+0x12:
f7407376 c645ff01 mov byte ptr [ebp-1],1 ss:0010:f791acd7=00
1: kd> p
eax=00000050 ebx=00000000 ecx=8997e000 edx=00002707 esi=89901000 edi=899050a0
eip=f740737a esp=f791acc8 ebp=f791acd8 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ACPIGetWorkerForInteger+0x16:
f740737a 8b7514 mov esi,dword ptr [ebp+14h] ss:0010:f791acec=899050a0
1: kd> p
eax=00000050 ebx=00000000 ecx=8997e000 edx=00002707 esi=899050a0 edi=899050a0
eip=f740739a esp=f791acc8 ebp=f791acd8 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
ACPI!ACPIGetWorkerForInteger+0x36:
f740739a 8b4620 mov eax,dword ptr [esi+20h] ds:0023:899050c0=899bf420
1: kd> p
eax=899bf420 ebx=00000000 ecx=8997e000 edx=00002707 esi=899050a0 edi=899050cc
eip=f74073ab esp=f791acc8 ebp=f791acd8 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
ACPI!ACPIGetWorkerForInteger+0x47:
f74073ab 8b0e mov ecx,dword ptr [esi] ds:0023:899050a0=48040402
1: kd> p
eax=899bf420 ebx=00000000 ecx=48040402 edx=00002707 esi=899050a0 edi=899050cc
eip=f74073b2 esp=f791acc8 ebp=f791acd8 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
ACPI!ACPIGetWorkerForInteger+0x4e:
f74073b2 ff7624 push dword ptr [esi+24h] ds:0023:899050c4=00000000
1: kd> p
eax=00000000 ebx=00000000 ecx=48040402 edx=00002707 esi=899050a0 edi=899050cc
eip=f74073c3 esp=f791acc8 ebp=f791acd8 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ACPIGetWorkerForInteger+0x5f:
f74073c3 eb43 jmp ACPI!ACPIGetWorkerForInteger+0xa4 (f7407408)
1: kd> dt ACPI_GET_REQUEST 0x899050a0
+0x000 Flags : 0x48040402
+0x000 UFlags : __unnamed
+0x004 ObjectID : 0x5244415f
+0x008 ListEntry : _LIST_ENTRY [ 0xf743b940 - 0x899c6328 ]
+0x010 DeviceExtension : (null)
+0x014 AcpiObject : 0x899affac _NSObj
+0x018 CallBackRoutine : 0xf740ceea void ACPI!GetPciAddressWorker+0
+0x01c CallBackContext : 0x899bf408 Void
+0x020 Buffer : 0x899bf420 -> (null)
+0x024 BufferSize : (null)
+0x028 Status : 0n0
+0x02c ResultData : _ObjData
1: kd> p
eax=00000000 ebx=00000000 ecx=48040402 edx=00002707 esi=899050a0 edi=899050cc
eip=f7407408 esp=f791acc8 ebp=f791acd8 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ACPIGetWorkerForInteger+0xa4:
f7407408 807dff00 cmp byte ptr [ebp-1],0 ss:0010:f791acd7=01
1: kd> dt ACPI_GET_REQUEST 0x899050a0
+0x000 Flags : 0x48040402
+0x000 UFlags : __unnamed
+0x004 ObjectID : 0x5244415f
+0x008 ListEntry : _LIST_ENTRY [ 0xf743b940 - 0x899c6328 ]
+0x010 DeviceExtension : (null)
+0x014 AcpiObject : 0x899affac _NSObj
+0x018 CallBackRoutine : 0xf740ceea void ACPI!GetPciAddressWorker+0
+0x01c CallBackContext : 0x899bf408 Void
+0x020 Buffer : 0x899bf420 -> (null)
+0x024 BufferSize : (null)
+0x028 Status : 0n0
+0x02c ResultData : _ObjData
1: kd> p
eax=00000000 ebx=00000000 ecx=48040402 edx=00002707 esi=899050a0 edi=899050cc
eip=f7407411 esp=f791acc8 ebp=f791acd8 iopl=0 nv up ei pl nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000202
ACPI!ACPIGetWorkerForInteger+0xad:
f7407411 6a01 push 1
1: kd> db 0x899affac
899affac 4c ff 9a 89 ac 40 9b 89-f0 f0 9a 89 24 00 9b 89 L....@......$...
899affbc 50 43 49 30 30 f3 9a 89-4c ff 9a 89 00 00 06 00 PCI00...L.......
899affcc 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
899affdc 58 0d 9c 89 00 00 00 00-48 4f 52 47 34 00 00 00 X.......HORG4...
899affec 00 f0 9a 89 50 00 00 00-30 00 00 00 02 00 00 00 ....P...0.......
899afffc 00 00 00 00 00 00 00 00-00 00 00 00 00 00 00 00 ................
899b000c 00 00 00 00 00 00 00 00-00 00 00 00 48 4e 53 4f ............HNSO
899b001c 44 00 00 00 00 f0 9a 89-64 a0 91 89 68 00 9b 89 D.......d...h...
1: kd> dv
AcpiObject = 0x899b00f0
Status = 0n0
Result = 0x899050cc
Context = 0x899050a0
freeData = 0x01 ''
1: kd> dx -r1 ((ACPI!_ObjData *)0x899050cc)
((ACPI!_ObjData *)0x899050cc) : 0x899050cc [Type: _ObjData *]
[+0x000] dwfData : 0x0 [Type: unsigned short]
[+0x002] dwDataType : 0x1 [Type: unsigned short]
[+0x004] dwRefCount : 0x0 [Type: unsigned long]
[+0x004] pdataBase : 0x0 [Type: _ObjData *]
[+0x008] dwDataValue : 0x0 [Type: unsigned long]
[+0x008] uipDataValue : 0x0 [Type: unsigned long]
[+0x008] pnsAlias : 0x0 [Type: _NSObj *]
[+0x008] pdataAlias : 0x0 [Type: _ObjData *]
[+0x008] powner : 0x0 [Type: void *]
[+0x00c] dwDataLen : 0x0 [Type: unsigned long]
[+0x010] pbDataBuff : 0x0 [Type: unsigned char *]
//
// We are done, but we must check to see if we are the async or the
// sync case. If we are the sync case, then we have much less cleanup
// to perform
//
if ( !(request->Flags & GET_PROP_SKIP_CALLBACK) ) {
//
// Is there a callback routine to call?
//
if (request->CallBackRoutine != NULL) {
(request->CallBackRoutine)(
AcpiObject,
status,
NULL,
request->CallBackContext
);
}
第二部分:
1: kd> kc
#
00 ACPI!GetPciAddressWorker
01 ACPI!ACPIGetWorkerForInteger
02 ACPI!AsyncCallBack
03 ACPI!RunContext
04 ACPI!DispatchCtxtQueue
05 ACPI!StartTimeSlicePassive
06 ACPI!ACPIWorker
07 nt!PspSystemThreadStartup
08 nt!KiThreadStartup
1: kd> dv
AcpiObject = 0x899b00f0
Status = 0n0
Result = 0x00000000
Context = 0x899bf408
buffer = unsigned char [64] ""
1: kd> dt GET_ADDRESS_CONTEXT 0x899bf408
ACPI!GET_ADDRESS_CONTEXT
+0x000 PciObject : 0x899affac _NSObj
+0x004 Bus : 0x899873b0 ""
+0x008 Slot : 0x899873ac _PCI_SLOT_NUMBER
+0x00c ParentBus : 0 ''
+0x010 ParentSlot : _PCI_SLOT_NUMBER
+0x014 Flags : 8
+0x018 Address : 0
+0x01c BaseBusNumber : 0
+0x020 RunCompletion : 0n0
+0x024 CompletionRoutine : 0xf740d62c void ACPI!PciConfigSpaceHandlerWorker+0
+0x028 CompletionContext : 0x89987378 Void
1: kd> ?0x899bf408+0x018
Evaluate expression: -1986268128 = 899bf420 +0x020 Buffer : 0x899bf420 -> (null)
参考:
1: kd> dt ACPI_GET_REQUEST 0x899050a8-8
+0x000 Flags : 0x48040402
+0x000 UFlags : __unnamed
+0x004 ObjectID : 0x5244415f
+0x008 ListEntry : _LIST_ENTRY [ 0xf743b940 - 0x899c6328 ]
+0x010 DeviceExtension : (null)
+0x014 AcpiObject : 0x899affac _NSObj
+0x018 CallBackRoutine : 0xf740ceea void ACPI!GetPciAddressWorker+0
+0x01c CallBackContext : 0x899bf408 Void
+0x020 Buffer : 0x899bf420 -> (null)
+0x024 BufferSize : (null)
+0x028 Status : 0n0
+0x02c ResultData : _ObjData
参考:
#define PCISUPP_CHECKED_ADR 8
//
// First, determine the slot number.
//
if (!(state->Flags & PCISUPP_CHECKED_ADR)) {
//
// Get the _ADR.
//
state->Flags |= PCISUPP_CHECKED_ADR;这里设置的,现在不用再重入了。
status = ACPIGetNSAddressAsync(
state->PciObject,
GetPciAddressWorker,
(PVOID)state,
&(state->Address), ?0x899bf408+0x018=899bf420!!!
NULL
);
if (status == STATUS_PENDING) {
return status;
}
参考:
1: kd> dt ACPI_GET_REQUEST 0x899050a0
+0x000 Flags : 0x48040402
+0x000 UFlags : __unnamed
+0x004 ObjectID : 0x5244415f
+0x008 ListEntry : _LIST_ENTRY [ 0xf743b940 - 0x899c6328 ]
+0x010 DeviceExtension : (null)
+0x014 AcpiObject : 0x899affac _NSObj
+0x018 CallBackRoutine : 0xf740ceea void ACPI!GetPciAddressWorker+0
+0x01c CallBackContext : 0x899bf408 Void
+0x020 Buffer : 0x899bf420 -> (null) 这里正好是+0x020 Buffer : 0x899bf420!!!
+0x024 BufferSize : (null)
+0x028 Status : 0n0
+0x02c ResultData : _ObjData
参考:
)
开发基于QML的入侵检测识别系统(QML-IDS),强化网络安全防护)
