news 2026/6/15 16:05:09

从mouhid!MouHid_ReadComplete到mouclass!MouseClassServiceCallback

作者头像

张小明

前端开发工程师

1.2k 24
文章封面图
从mouhid!MouHid_ReadComplete到mouclass!MouseClassServiceCallback

从mouhid!MouHid_ReadComplete到mouclass!MouseClassServiceCallback

0: kd> kc
#
00 nt!KeInitializeApc
01 nt!IopfCompleteRequest
02 mouclass!MouseClassServiceCallback
03 mouhid!MouHid_ReadComplete
04 nt!IopfCompleteRequest
05 HIDCLASS!HidpDistributeInterruptReport
06 HIDCLASS!HidpInterruptReadComplete
07 nt!IopfCompleteRequest
08 USBPORT!USBPORT_CompleteTransfer
09 USBPORT!USBPORT_DoneTransfer
0a USBPORT!USBPORT_FlushDoneTransferList
0b USBPORT!USBPORT_DpcWorker
0c USBPORT!USBPORT_IsrDpcWorker
0d USBPORT!USBPORT_IsrDpc
0e nt!KiRetireDpcList
0f nt!KiDispatchInterrupt
WARNING: Frame IP not in any known module. Following frames may be wrong.
10 0x0


NTSTATUS
MouHid_ReadComplete (
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PDEVICE_EXTENSION Data // (PVOID Context)
)
{


if (Data->EnableCount)
{
//
// Synchronization issue - it's not a big deal if .Enabled is set
// FALSE after the condition above, but before the callback below,
// so long as the .MouClassCallback field is not nulled. This is
// guaranteed since the disconnect IOCTL is not implemented yet.
//
// Mouse class callback assumes we are running at DISPATCH level,
// however this IoCompletion routine can be running <= DISPATCH.
// Raise the IRQL before calling the callback. [13.1]
//
KeRaiseIrql(DISPATCH_LEVEL, &oldIrql);

//
// Call the callback.
//
(*(PSERVICE_CALLBACK_ROUTINE)
Data->ConnectData.ClassService) (
Data->ConnectData.ClassDeviceObject,
&Data->InputData,
&Data->InputData + 1, // (one data element)
&inputDataConsumed);

1: kd> dx -id 0,0,89831250 -r1 -nv (*((basesrv!_DEVICE_OBJECT *)0x897f9020))
(*((basesrv!_DEVICE_OBJECT *)0x897f9020)) : Device for "\Driver\mouhid" [Type: _DEVICE_OBJECT]
[+0x000] Type : 3 [Type: short]
[+0x002] Size : 0x1f0 [Type: unsigned short]
[+0x004] ReferenceCount : 0 [Type: long]
[+0x008] DriverObject : 0x894e7418 : Driver "\Driver\mouhid" [Type: _DRIVER_OBJECT *]
[+0x00c] NextDevice : 0x897fa020 : Device for "\Driver\mouhid" [Type: _DEVICE_OBJECT *]
[+0x010] AttachedDevice : 0x897a0c78 : Device for "\Driver\Mouclass" [Type: _DEVICE_OBJECT *]
[+0x014] CurrentIrp : 0x0 [Type: _IRP *]
[+0x018] Timer : 0x0 [Type: _IO_TIMER *]
[+0x01c] Flags : 0x2000 [Type: unsigned long]
[+0x020] Characteristics : 0x0 [Type: unsigned long]
[+0x024] Vpb : 0x0 [Type: _VPB *]
[+0x028] DeviceExtension : 0x897f90d8 [Type: void *]
[+0x02c] DeviceType : 0xf [Type: unsigned long]
[+0x030] StackSize : 9 '\t' [Type: char]
[+0x034] Queue [Type: __unnamed]
[+0x05c] AlignmentRequirement : 0x0 [Type: unsigned long]
[+0x060] DeviceQueue [Type: _KDEVICE_QUEUE]
[+0x074] Dpc [Type: _KDPC]
[+0x094] ActiveThreadCount : 0x0 [Type: unsigned long]
[+0x098] SecurityDescriptor : 0x0 [Type: void *]
[+0x09c] DeviceLock [Type: _KEVENT]
[+0x0ac] SectorSize : 0x0 [Type: unsigned short]
[+0x0ae] Spare1 : 0x1 [Type: unsigned short]
[+0x0b0] DeviceObjectExtension : 0x897f9210 [Type: _DEVOBJ_EXTENSION *]
[+0x0b4] Reserved : 0x0 [Type: void *]


1: kd> dt mouhid!_DEVICE_EXTENSION 0x897f90d8
+0x000 Self : 0x897f9020 _DEVICE_OBJECT
+0x004 TopOfStack : 0x89764948 _DEVICE_OBJECT
+0x008 PDO : 0x89764948 _DEVICE_OBJECT
+0x00c EnableCount : 0n1
+0x010 ReadInterlock : 2
+0x014 Started : 0x1 ''
+0x015 ShuttingDown : 0 ''
+0x016 Initialized : 0x1 ''
+0x018 UnitId : 2
+0x01a FlipFlop : 0 ''
+0x01b Reserved : [3] ""
+0x020 WheelScalingFactor : 0x78
+0x024 ReadIrp : 0x89800cd8 _IRP
+0x028 ProblemFlags : 0
+0x02c ReadFile : 0x895f1788 _FILE_OBJECT
+0x030 ReadCompleteEvent : _KEVENT
+0x040 ReadSentEvent : _KEVENT
+0x050 HidExtension : 0x89537b80 _HID_EXTENSION
+0x054 ConnectData : _CONNECT_DATA
+0x060 RemoveLock : _IO_REMOVE_LOCK
+0x0b8 CreateCloseMutex : _FAST_MUTEX
+0x0d8 StartEvent : _KEVENT
+0x0e8 InputData : _MOUSE_INPUT_DATA
+0x100 Attributes : _MOUSE_ATTRIBUTES
+0x10c AttributesAllignmentProblem : 0
+0x110 Link : _LIST_ENTRY [ 0x0 - 0x0 ]
+0x118 WmiLibInfo : _WMILIB_CONTEXT

1: kd> dx -id 0,0,89831250 -r1 (*((mouhid!_CONNECT_DATA *)0x897f912c))
(*((mouhid!_CONNECT_DATA *)0x897f912c)) [Type: _CONNECT_DATA]
[+0x000] ClassDeviceObject : 0x897a0c78 : Device for "\Driver\Mouclass" [Type: _DEVICE_OBJECT *]
[+0x004] ClassService : 0xf751a596 [Type: void *]
1: kd> u 0xf751a596
mouclass!MouseClassServiceCallback [d:\srv03rtm\drivers\input\mouclass\mouclass.c @ 2416]:
f751a596 55 push ebp
f751a597 8bec mov ebp,esp
f751a599 83ec0c sub esp,0Ch
f751a59c 53 push ebx
f751a59d 56 push esi
f751a59e 57 push edi
f751a59f 6820a051f7 push offset mouclass!MouseClassHandleRead+0x104 (f751a020)
f751a5a4 6a02 push 2

NTSTATUS
MouseAddDeviceEx(
IN PDEVICE_EXTENSION ClassData,
IN PWCHAR FullClassName,
IN PFILE_OBJECT File
)
{

} else if ((Globals.GrandMaster != ClassData) &&
(ClassData == trueClassData)) {

//
// Connect to port device.
//
status = MouSendConnectRequest(ClassData, MouseClassServiceCallback);
ASSERT (STATUS_SUCCESS == status);
}


NTSTATUS
MouSendConnectRequest(
IN PDEVICE_EXTENSION ClassData,
IN PVOID ServiceCallback
)
{
PIRP irp;
IO_STATUS_BLOCK ioStatus;
NTSTATUS status;
KEVENT event;
CONNECT_DATA connectData;

PAGED_CODE ();

MouPrint((2,"MOUCLASS-MouSendConnectRequest: enter\n"));

//
// Create notification event object to be used to signal the
// request completion.
//

KeInitializeEvent(&event, NotificationEvent, FALSE);

//
// Build the synchronous request to be sent to the port driver
// to perform the request. Allocate an IRP to issue the port internal
// device control connect call. The connect parameters are passed in
// the input buffer.
//
//

connectData.ClassDeviceObject = ClassData->TrueClassDevice;
connectData.ClassService = ServiceCallback;//这里进行了赋值为MouseClassServiceCallback

irp = IoBuildDeviceIoControlRequest(
IOCTL_INTERNAL_MOUSE_CONNECT,
ClassData->TopPort,
&connectData,
sizeof(CONNECT_DATA),
NULL,
0,
TRUE,
&event,
&ioStatus
);

if (irp) {

//
// Call the port driver to perform the operation. If the returned status
// is PENDING, wait for the request to complete.
//

status = IoCallDriver(ClassData->TopPort, irp);

if (status == STATUS_PENDING) {

(VOID) KeWaitForSingleObject(
&event,
Executive,
KernelMode,
FALSE,
NULL
);

status = irp->IoStatus.Status;

} else {

//
// Ensure that the proper status value gets picked up.
//

ioStatus.Status = status;

}

} else {

ioStatus.Status = STATUS_INSUFFICIENT_RESOURCES;

}

MouPrint((2,"MOUCLASS-MouSendConnectRequest: exit\n"));

return(ioStatus.Status);

} // end MouSendConnectRequest()

版权声明: 本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若内容造成侵权/违法违规/事实不符,请联系邮箱:809451989@qq.com进行投诉反馈,一经查实,立即删除!
网站建设 2026/6/15 12:41:54

Open-AutoGLM日志谁动过?,3种审计手段快速定位异常访问行为

第一章&#xff1a;Open-AutoGLM 日志查询权限管控在 Open-AutoGLM 系统中&#xff0c;日志查询功能涉及敏感操作记录与用户行为追踪&#xff0c;因此必须实施严格的权限控制机制&#xff0c;以防止未授权访问和数据泄露。系统采用基于角色的访问控制&#xff08;RBAC&#xff…

作者头像 李华
网站建设 2026/6/15 12:41:47

PLC 与变频器在综采设备上的应用设计

第一章 系统方案规划 本系统以 “协同控制、节能高效、安全可靠” 为核心目标&#xff0c;采用 “PLC 变频器” 架构&#xff0c;实现综采工作面采煤机、刮板输送机、液压支架的联动控制&#xff0c;适配煤矿井下高粉尘、高湿度、强电磁干扰环境。核心控制单元选用西门子 S7-1…

作者头像 李华
网站建设 2026/6/15 12:41:53

基于单片机自行车码表系统设计

第一章 系统方案规划 本系统以 “精准计量、低耗续航、便捷交互” 为核心目标&#xff0c;采用模块化设计实现骑行速度、里程、时间的实时监测与显示&#xff0c;核心控制单元选用 STM32L431RCT6 单片机&#xff08;具备超低功耗特性与高精度定时器&#xff0c;满足长时间骑行监…

作者头像 李华
网站建设 2026/6/15 6:25:36

基于Spring Boot的企业来访管理平台毕业设计

博主介绍&#xff1a;✌ 专注于Java,python,✌关注✌私信我✌具体的问题&#xff0c;我会尽力帮助你。一、研究目的本研究旨在构建一个基于Spring Boot的企业来访管理平台&#xff0c;以满足现代企业对于来访人员管理的高效、便捷和安全的需求。具体研究目的如下&#xff1a; 首…

作者头像 李华
网站建设 2026/6/15 5:03:38

【限时参考】Open-AutoGLM多因素认证配置模板泄露,速领!

第一章&#xff1a;Open-AutoGLM 多因素认证集成在现代身份验证架构中&#xff0c;Open-AutoGLM 通过灵活的插件机制支持多因素认证&#xff08;MFA&#xff09;&#xff0c;有效提升系统安全性。该框架允许开发者将多种认证方式无缝集成至现有登录流程&#xff0c;包括基于时间…

作者头像 李华