PnpMgr分析
usb3.0控制器设备栈分析
2023-09-05
73
0
手中的调试机通过设备管理器中查看,其设备父子关系如下:
根节点USB xHCI Compliant Host Controller,其设备实例路径为:PCI\VEN_8086&DEV_A12F&SUBSYS_72708086&REV_31\3&11583659&0&A0
子设备根集线器USB Root Hub (xHCI)的设备实例路径为:USB\ROOT_HUB30\4&31789DFB&0&0
| 友名 | 实例路径 |
|---|---|
| USB xHCI Compliant Host Controller | PCI\VEN_8086&DEV_A12F&SUBSYS_72708086&REV_31\3&11583659&0&A0 |
| USB Root Hub (xHCI) | USB\ROOT_HUB30\4&31789DFB&0&0 |
查看其根设备USB控制器USB xHCI Compliant Host Controller,其驱动为USBXHCI.SYS
通过USBTreeViewe找到该驱动下的设备:
可以看到,该驱动下有2个设备:
- \Device\USBPDO-0
\Deivce\USBFDO-0
典型的总线驱动程序,USBFDO-0代表着USBXHCI的功能驱动,而USBPDO-0代表着子子设备的PDO。
这里重点分析一下PDO的设备栈,通过Windbg查看:2: kd> !devstack 0XFFFFE309CEb65830 !DevObj !DrvObj !DevExt ObjectName ffffe309ceb71660 \Driver\USBHUB3 ffffe309ced55600 > ffffe309ceb65830 \Driver\ACPI ffffe3097c989c60 ffffe309c9f08560 \Driver\USBXHCI ffffe309c9f079c0 USBPDO-0通过windbg查看以上3个设备:
具体的过程就不展示了,详见附文:
ffffe309c9f08560 \Driver\USBXHCI ffffe309c9f079c0 USBPDO-0 的设备实例路径为USB\ROOT_HUB30\4&31789dfb&0&0,代表着根集线器的PDO。而\Driver\ACPI和\Driver\USBHUB3中的设备DeviceObjectExtension中的DeviceNode均为NULL。\Driver\USBHUB3中的设备明显为FDO。但ACPI中的设备存在的合理性就就存疑,个人理解应为类示过滤驱动,这也能理解在PNP管理器中,通过IoAttachDeviceToDeviceStack返回的并不一定是其底部的PDO。而这也应该为为什么在设备管理器中并未显示APCI这层设备的问题。
| !DevObj | !DrvObj | AttachedDevice | InstancePath |
|---|---|---|---|
| ffffe309ceb71660 | \Driver\USBHUB3 | NULL | 无 |
| ffffe309ceb65830 | \Driver\ACPI | ffffe309 ceb71660 | 无 |
| ffffe309c9f08560 | \Driver\USBXHCI | ffffe309 ceb65830 | USB\ROOT_HUB30\4&31789DFB&0&0 |
而VEN_8086&DEV_A12F&SUBSYS_72708086&REV_31\3&11583659&0&A0的ParentIdPrefix为4&31789dfb&0。
\Driver\USBXHCI
2: kd> dt _DEVICE_OBJECT ffffe309c9f08560
nt!_DEVICE_OBJECT
+0x000 Type : 0n3
+0x002 Size : 0x178
+0x004 ReferenceCount : 0n0
+0x008 DriverObject : 0xffffe309`ba904aa0 _DRIVER_OBJECT
+0x010 NextDevice : 0xffffe309`c9f54a40 _DEVICE_OBJECT
+0x018 AttachedDevice : 0xffffe309`ceb65830 _DEVICE_OBJECT
+0x020 CurrentIrp : (null)
+0x028 Timer : (null)
+0x030 Flags : 0x3044
+0x034 Characteristics : 0x100
+0x038 Vpb : (null)
+0x040 DeviceExtension : 0xffffe309`c9f079c0 Void
+0x048 DeviceType : 0x22
+0x04c StackSize : 6 ''
+0x050 Queue : <unnamed-tag>
+0x098 AlignmentRequirement : 0
+0x0a0 DeviceQueue : _KDEVICE_QUEUE
+0x0c8 Dpc : _KDPC
+0x108 ActiveThreadCount : 0
+0x110 SecurityDescriptor : 0xffffc106`299bd960 Void
+0x118 DeviceLock : _KEVENT
+0x130 SectorSize : 0
+0x132 Spare1 : 1
+0x138 DeviceObjectExtension : 0xffffe309`c9f086d8 _DEVOBJ_EXTENSION
+0x140 Reserved : (null)
2: kd> dx -id 0,0,ffffe3097c2cf040 -r1 ((ntkrnlmp!_DEVOBJ_EXTENSION *)0xffffe309c9f086d8)
((ntkrnlmp!_DEVOBJ_EXTENSION *)0xffffe309c9f086d8) : 0xffffe309c9f086d8 [Type: _DEVOBJ_EXTENSION *]
[+0x000] Type : 13 [Type: short]
[+0x002] Size : 0x0 [Type: unsigned short]
[+0x008] DeviceObject : 0xffffe309c9f08560 : Device for "\Driver\USBXHCI" [Type: _DEVICE_OBJECT *]
[+0x010] PowerFlags : 0x10 [Type: unsigned long]
[+0x018] Dope : 0x0 [Type: _DEVICE_OBJECT_POWER_EXTENSION *]
[+0x020] ExtensionFlags : 0x0 [Type: unsigned long]
[+0x028] DeviceNode : 0xffffe309ceb66720 [Type: void *]
[+0x030] AttachedTo : 0x0 [Type: _DEVICE_OBJECT *]
[+0x038] StartIoCount : 0 [Type: long]
[+0x03c] StartIoKey : 0 [Type: long]
[+0x040] StartIoFlags : 0x0 [Type: unsigned long]
[+0x048] Vpb : 0x0 [Type: _VPB *]
[+0x050] DependencyNode : 0xffffe309caba4240 [Type: void *]
[+0x058] InterruptContext : 0x0 [Type: void *]
[+0x060] VerifierContext : 0x0 [Type: void *]
2: kd> dt _DEVICE_NODE 0xffffe309ceb66720
nt!_DEVICE_NODE
+0x000 Sibling : (null)
+0x008 Child : 0xffffe309`cf5574a0 _DEVICE_NODE
+0x010 Parent : 0xffffe309`7c9d8d30 _DEVICE_NODE
+0x018 LastChild : 0xffffe309`cdaac7d0 _DEVICE_NODE
+0x020 PhysicalDeviceObject : 0xffffe309`c9f08560 _DEVICE_OBJECT
+0x028 InstancePath : _UNICODE_STRING "USB\ROOT_HUB30\4&31789dfb&0&0"
+0x038 ServiceName : _UNICODE_STRING "USBHUB3"
+0x048 PendingIrp : (null)
+0x050 FxDevice : 0xffffe309`cec0b770 _POP_FX_DEVICE
+0x058 FxDeviceLock : 0n0
+0x060 FxRemoveEvent : _KEVENT
+0x078 FxActivationCount : 0n0
+0x07c FxSleepCount : 0n0
+0x080 Plugin : (null)
+0x088 Level : 5
+0x08c CurrentPowerState : _POWER_STATE
+0x090 Notify : _PO_DEVICE_NOTIFY
+0x0f8 PoIrpManager : _PO_IRP_MANAGER
+0x118 UniqueId : _UNICODE_STRING "\_SB.PCI0.XHC.RHUB"
+0x128 PowerFlags : 7
+0x12c State : 308 ( DeviceNodeStarted )
+0x130 PreviousState : 30d ( DeviceNodeEnumerateCompletion )
+0x134 StateHistory : [20] 30c ( DeviceNodeEnumeratePending )
+0x184 StateHistoryEntry : 5
+0x188 CompletionStatus : 0n0
+0x18c Flags : 0x2c000130
+0x190 UserFlags : 0
+0x194 Problem : 0
+0x198 ProblemStatus : 0n0
+0x1a0 ResourceList : (null)
+0x1a8 ResourceListTranslated : (null)
+0x1b0 DuplicatePDO : (null)
+0x1b8 ResourceRequirements : (null)
+0x1c0 InterfaceType : 0xffffffff (No matching name)
+0x1c4 BusNumber : 0xfffffff0
+0x1c8 ChildInterfaceType : f ( PNPBus )
+0x1cc ChildBusNumber : 0
+0x1d0 ChildBusTypeIndex : 2
+0x1d2 RemovalPolicy : 0x1 ''
+0x1d3 HardwareRemovalPolicy : 0x1 ''
+0x1d8 TargetDeviceNotify : _LIST_ENTRY [ 0xffffe309`ceb668f8 - 0xffffe309`ceb668f8 ]
+0x1e8 DeviceArbiterList : _LIST_ENTRY [ 0xffffe309`ceb66908 - 0xffffe309`ceb66908 ]
+0x1f8 DeviceTranslatorList : _LIST_ENTRY [ 0xffffe309`ceb66918 - 0xffffe309`ceb66918 ]
+0x208 NoTranslatorMask : 0
+0x20a QueryTranslatorMask : 0
+0x20c NoArbiterMask : 0
+0x20e QueryArbiterMask : 0
+0x210 OverUsed1 : <unnamed-tag>
+0x218 OverUsed2 : <unnamed-tag>
+0x220 BootResources : (null)
+0x228 BootResourcesTranslated : (null)
+0x230 CapabilityFlags : 0x1602
+0x238 DockInfo : <unnamed-tag>
+0x258 DisableableDepends : 1
+0x260 PendedSetInterfaceState : _LIST_ENTRY [ 0xffffe309`ceb66980 - 0xffffe309`ceb66980 ]
+0x270 LegacyBusListEntry : _LIST_ENTRY [ 0xffffe309`ceb66990 - 0xffffe309`ceb66990 ]
+0x280 DriverUnloadRetryCount : 0
+0x288 PreviousParent : (null)
+0x290 DeletedChildren : 0n0
+0x294 NumaNodeIndex : 0xfffffffe
+0x298 ContainerID : _GUID {00000000-0000-0000-ffff-ffffffffffff}
+0x2a8 OverrideFlags : 0x1 ''
+0x2ac DeviceIdsHash : 0x4f2b28d6
+0x2b0 RequiresUnloadedDriver : 0 ''
+0x2b8 PendingEjectRelations : (null)
+0x2c0 StateFlags : 0
+0x2c8 RebalanceContext : (null)
\Driver\ACPI
kd> dt _DEVICE_OBJECT ffffe309ceb65830
nt!_DEVICE_OBJECT
+0x000 Type : 0n3
+0x002 Size : 0x150
+0x004 ReferenceCount : 0n0
+0x008 DriverObject : 0xffffe309`7c3e95c0 _DRIVER_OBJECT
+0x010 NextDevice : 0xffffe309`7cddcdf0 _DEVICE_OBJECT
+0x018 AttachedDevice : 0xffffe309`ceb71660 _DEVICE_OBJECT
+0x020 CurrentIrp : (null)
+0x028 Timer : (null)
+0x030 Flags : 0x2004
+0x034 Characteristics : 0x100
+0x038 Vpb : (null)
+0x040 DeviceExtension : 0xffffe309`7c989c60 Void
+0x048 DeviceType : 0x32
+0x04c StackSize : 7 ''
+0x050 Queue : <unnamed-tag>
+0x098 AlignmentRequirement : 0
+0x0a0 DeviceQueue : _KDEVICE_QUEUE
+0x0c8 Dpc : _KDPC
+0x108 ActiveThreadCount : 0
+0x110 SecurityDescriptor : 0xffffc106`29638380 Void
+0x118 DeviceLock : _KEVENT
+0x130 SectorSize : 0
+0x132 Spare1 : 1
+0x138 DeviceObjectExtension : 0xffffe309`ceb65980 _DEVOBJ_EXTENSION
+0x140 Reserved : (null)
2: kd> dx -id 0,0,ffffe3097c2cf040 -r1 ((ntkrnlmp!_DEVOBJ_EXTENSION *)0xffffe309ceb65980)
((ntkrnlmp!_DEVOBJ_EXTENSION *)0xffffe309ceb65980) : 0xffffe309ceb65980 [Type: _DEVOBJ_EXTENSION *]
[+0x000] Type : 13 [Type: short]
[+0x002] Size : 0x0 [Type: unsigned short]
[+0x008] DeviceObject : 0xffffe309ceb65830 : Device for "\Driver\ACPI" [Type: _DEVICE_OBJECT *]
[+0x010] PowerFlags : 0x10 [Type: unsigned long]
[+0x018] Dope : 0x0 [Type: _DEVICE_OBJECT_POWER_EXTENSION *]
[+0x020] ExtensionFlags : 0x800 [Type: unsigned long]
[+0x028] DeviceNode : 0x0 [Type: void *]
[+0x030] AttachedTo : 0xffffe309c9f08560 : Device for "\Driver\USBXHCI" [Type: _DEVICE_OBJECT *]
[+0x038] StartIoCount : 0 [Type: long]
[+0x03c] StartIoKey : 0 [Type: long]
[+0x040] StartIoFlags : 0x0 [Type: unsigned long]
[+0x048] Vpb : 0x0 [Type: _VPB *]
[+0x050] DependencyNode : 0x0 [Type: void *]
[+0x058] InterruptContext : 0x0 [Type: void *]
[+0x060] VerifierContext : 0x0 [Type: void *]
\Driver\USBHUB3
2: kd> dt _DEVICE_OBJECT ffffe309ceb71660
nt!_DEVICE_OBJECT
+0x000 Type : 0n3
+0x002 Size : 0x178
+0x004 ReferenceCount : 0n0
+0x008 DriverObject : 0xffffe309`ceb6e850 _DRIVER_OBJECT
+0x010 NextDevice : (null)
+0x018 AttachedDevice : (null)
+0x020 CurrentIrp : (null)
+0x028 Timer : (null)
+0x030 Flags : 0x2804
+0x034 Characteristics : 0x100
+0x038 Vpb : (null)
+0x040 DeviceExtension : 0xffffe309`ced55600 Void
+0x048 DeviceType : 0x22
+0x04c StackSize : 9 ''
+0x050 Queue : <unnamed-tag>
+0x098 AlignmentRequirement : 0
+0x0a0 DeviceQueue : _KDEVICE_QUEUE
+0x0c8 Dpc : _KDPC
+0x108 ActiveThreadCount : 0
+0x110 SecurityDescriptor : 0xffffc106`29638380 Void
+0x118 DeviceLock : _KEVENT
+0x130 SectorSize : 0
+0x132 Spare1 : 0
+0x138 DeviceObjectExtension : 0xffffe309`ceb717d8 _DEVOBJ_EXTENSION
+0x140 Reserved : (null)
2: kd> dx -id 0,0,ffffe3097c2cf040 -r1 ((ntkrnlmp!_DEVOBJ_EXTENSION *)0xffffe309ceb717d8)
((ntkrnlmp!_DEVOBJ_EXTENSION *)0xffffe309ceb717d8) : 0xffffe309ceb717d8 [Type: _DEVOBJ_EXTENSION *]
[+0x000] Type : 13 [Type: short]
[+0x002] Size : 0x0 [Type: unsigned short]
[+0x008] DeviceObject : 0xffffe309ceb71660 : Device for "\Driver\USBHUB3" [Type: _DEVICE_OBJECT *]
[+0x010] PowerFlags : 0x10 [Type: unsigned long]
[+0x018] Dope : 0x0 [Type: _DEVICE_OBJECT_POWER_EXTENSION *]
[+0x020] ExtensionFlags : 0x800 [Type: unsigned long]
[+0x028] DeviceNode : 0x0 [Type: void *]
[+0x030] AttachedTo : 0xffffe309ceb65830 : Device for "\Driver\ACPI" [Type: _DEVICE_OBJECT *]
[+0x038] StartIoCount : 0 [Type: long]
[+0x03c] StartIoKey : 0 [Type: long]
[+0x040] StartIoFlags : 0x0 [Type: unsigned long]
[+0x048] Vpb : 0x0 [Type: _VPB *]
[+0x050] DependencyNode : 0x0 [Type: void *]
[+0x058] InterruptContext : 0x0 [Type: void *]
[+0x060] VerifierContext : 0x0 [Type: void *]
