Windbg
Windbg !devstack命令
2022-07-28
140
0
!devstack命令用于显示设备栈
不过这里只是以FDO为中心的所有USB设备信息。。
更多详见官网地址:https://docs.microsoft.com/zh-cn/windows-hardware/drivers/debugger/-devstack
DbgPrint("AddDevice: %p to %p->%p \n", deviceObject, deviceExtension->NextDeviceObject, PhysicalDeviceObject);
输出为:
AddDevice: FFFF880433B55510 to FFFF880433A2F810->FFFF8804339FB810
设备栈为:
1: kd> !devstack 0xffff8804`33b55510
!DevObj !DrvObj !DevExt ObjectName
> ffff880433b55510 \Driver\USBHound ffff880433b55660
ffff880433a2f810 \Driver\USBHUB3 ffff880433b62310
ffff880433a29830 \Driver\ACPI ffff8803e269b810
ffff8804339fb810 \Driver\USBHUB3 ffff880433b529a0 USBPDO-1
一个音频上层过滤驱动AudioFilter示例
1: kd> !devstack FFFFD6805B53C970
!DevObj !DrvObj !DevExt ObjectName
> ffffd6805b53c970 \Driver\AudioFilterffffd6805b53cac0
ffffd6805b53ce40 \Driver\ksthunk ffffd6805b53cf90 0000003a
ffffd6805b542c40 \Driver\IntcAzAudAddServiceffffd6805b542d90 00000039
ffffd6805a754740 \Driver\HDAudBus ffffd6805b53fbc0 00000037
!DevNode ffffd6805a7a0410 :
DeviceInst is "HDAUDIO\FUNC_01&VEN_10EC&DEV_0662&SUBSYS_1BFD8002&REV_1003\4&3b7f7dd&0&0001"
ServiceName is "IntcAzAudAddService"
一个U盘的示例
AddDevice: FFFF8804353825B0 to FFFF880435389060->FFFF88043356FE20
-------------------------
DevicePropertyDeviceDescription:USB Mass Storage Device
DevicePropertyHardwareID:USB\VID_0781&PID_5597&REV_0100
DevicePropertyManufacturer:Compatible USB storage device
-------------------------
Breakpoint 3 hit
USBHound!FilterAddDevice+0x1eb:
fffff808`cdcb1b5b 488b442448 mov rax,qword ptr [rsp+48h]
1: kd> !devstack FFFF8804353825B0
!DevObj !DrvObj !DevExt ObjectName
> ffff8804353825b0 \Driver\USBHound ffff880435382700
ffff880435389060 \Driver\USBSTOR ffff8804353891b0 0000003d
ffff88043356fe20 \Driver\USBHUB3 ffff88043356ec30 USBPDO-6
!DevNode ffff8804353807d0 :
DeviceInst is "USB\VID_0781&PID_5597\4C530000190212109395"
ServiceName is "USBSTOR"
