news 2026/5/1 6:26:22

win32k!RawInputThread线程分析之win32k!xxxRegisterForDeviceClassNotifications到win32k!RequestDeviceChange重要

作者头像

张小明

前端开发工程师

1.2k 24
文章封面图
win32k!RawInputThread线程分析之win32k!xxxRegisterForDeviceClassNotifications到win32k!RequestDeviceChange重要

win32k!RawInputThread线程分析之win32k!xxxRegisterForDeviceClassNotifications到win32k!OpenMultiplePortDevice到win32k!CreateDeviceInfo到win32k!RequestDeviceChange

win32k!RawInputThread线程分析之win32k!xxxRegisterForDeviceClassNotifications到win32k!RequestDeviceChange


Breakpoint 1 hit
win32k!RawInputThread:
bf8914ab 55 push ebp
0: kd> bd 1
0: kd> be 6
0: kd> g
Breakpoint 0 hit
win32k!xxxRegisterForDeviceClassNotifications:
bf8fd626 ?? ???
0: kd> kc
#
00 win32k!xxxRegisterForDeviceClassNotifications
01 win32k!RawInputThread
02 win32k!xxxCreateSystemThreads
03 win32k!NtUserCallOneParam
04 nt!_KiSystemService
05 SharedUserData!SystemCallStub
06 winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr Args to Child
00 baabcac0 bf89191a bf9dd6a0 bf9dab54 00000088 win32k!xxxRegisterForDeviceClassNotifications (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 939]
01 baabcd1c bf8b21b0 baacc4a0 00000002 baabcd48 win32k!RawInputThread+0x46f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6200]
02 baabcd2c bf806d52 baacc4a0 baabcd58 0088fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
03 baabcd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
04 baabcd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baabcd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
05 0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
06 0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
0: kd> dv
Status = 0n8
DeviceType = 0xbf8fd626
ustrDriverName = ""
0: kd> g
Breakpoint 4 hit
win32k!OpenMultiplePortDevice:
bf8fd427 55 push ebp
0: kd> kc
#
00 win32k!OpenMultiplePortDevice
01 win32k!xxxRegisterForDeviceClassNotifications
02 win32k!RawInputThread
03 win32k!xxxCreateSystemThreads
04 win32k!NtUserCallOneParam
05 nt!_KiSystemService
06 SharedUserData!SystemCallStub
07 winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr Args to Child
00 baabca90 bf8fd854 00000000 bfa03214 bfa01624 win32k!OpenMultiplePortDevice (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 826]
01 baabcac0 bf89191a bf9dd6a0 bf9dab54 00000088 win32k!xxxRegisterForDeviceClassNotifications+0x22e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1027]
02 baabcd1c bf8b21b0 baacc4a0 00000002 baabcd48 win32k!RawInputThread+0x46f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6200]
03 baabcd2c bf806d52 baacc4a0 baabcd58 0088fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
04 baabcd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
05 baabcd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baabcd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
06 0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
07 0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
0: kd> dv
DeviceType = 0
DeviceName = "A"
uiConnectMultiplePorts = 0
awchDeviceName = unsigned short [260]
0: kd> bp nt!KeSetEvent
0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr Args to Child
00 baabc858 bf8fd4f0 00000000 baabc87c 00000001 win32k!CreateDeviceInfo (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 588]
01 baabca90 bf8fd854 00000000 bfa03214 bfa01624 win32k!OpenMultiplePortDevice+0xc9 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 896]
02 baabcac0 bf89191a bf9dd6a0 bf9dab54 00000088 win32k!xxxRegisterForDeviceClassNotifications+0x22e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1027]
03 baabcd1c bf8b21b0 baacc4a0 00000002 baabcd48 win32k!RawInputThread+0x46f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6200]
04 baabcd2c bf806d52 baacc4a0 baabcd58 0088fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
05 baabcd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
06 baabcd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baabcd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
07 0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
08 0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
windbg> .open -a ffffffffbf8fd4f0


BOOL
OpenMultiplePortDevice(DWORD DeviceType)
{


} else {
DeviceName.Length = 0;
DeviceName.MaximumLength = sizeof(awchDeviceName);
DeviceName.Buffer = awchDeviceName;

RtlAppendUnicodeToString(&DeviceName, pDevTpl->pwszLegacyDevName);
pwchNameIndex = &DeviceName.Buffer[(DeviceName.Length / sizeof(WCHAR)) - 1];
for (*pwchNameIndex = L'0'; *pwchNameIndex <= L'9'; (*pwchNameIndex)++) {
CreateDeviceInfo(DeviceType, &DeviceName, GDIF_NOTPNP);
}
}
0: kd> ba e1 win32k!ProcessDeviceChanges
0: kd> bd 0
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr Args to Child
00 baabc830 bf8fd1b2 e168f6c8 00000001 00000001 win32k!RequestDeviceChange (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 2521]
01 baabc858 bf8fd4f0 00000000 baabc87c 00000001 win32k!CreateDeviceInfo+0x2b3 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 708]
02 baabca90 bf8fd854 00000000 bfa03214 bfa01624 win32k!OpenMultiplePortDevice+0xc9 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 896]
03 baabcac0 bf89191a bf9dd6a0 bf9dab54 00000088 win32k!xxxRegisterForDeviceClassNotifications+0x22e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1027]
04 baabcd1c bf8b21b0 baacc4a0 00000002 baabcd48 win32k!RawInputThread+0x46f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6200]
05 baabcd2c bf806d52 baacc4a0 baabcd58 0088fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
06 baabcd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
07 baabcd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baabcd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
08 0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
09 0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
0: kd> dv
pDeviceInfo = 0xe168f6c8
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe168f6c8
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe168f6c8)
((win32k!tagDEVICEINFO *)0xe168f6c8) : 0xe168f6c8 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0x0 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char] 0代表鼠标
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\PointerClassLegacy0" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x8996b4c0 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]


0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr Args to Child
00 baabc810 bf8fc870 8974a9e8 00000001 00000000 nt!KeSetEvent (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\eventobj.c @ 378]
01 baabc830 bf8fd1b2 bfa54500 00000001 00000001 win32k!RequestDeviceChange+0x2ee (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 2617]
02 baabc858 bf8fd4f0 00000000 baabc87c 00000001 win32k!CreateDeviceInfo+0x2b3 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 708]
03 baabca90 bf8fd854 00000000 bfa03214 bfa01624 win32k!OpenMultiplePortDevice+0xc9 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 896]
04 baabcac0 bf89191a bf9dd6a0 bf9dab54 00000088 win32k!xxxRegisterForDeviceClassNotifications+0x22e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1027]
05 baabcd1c bf8b21b0 baacc4a0 00000002 baabcd48 win32k!RawInputThread+0x46f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6200]
06 baabcd2c bf806d52 baacc4a0 baabcd58 0088fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
07 baabcd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
08 baabcd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baabcd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
09 0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
0a 0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''


0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr Args to Child
00 baabc858 bf8fd4f0 00000000 baabc87c 00000001 win32k!CreateDeviceInfo (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 588]
01 baabca90 bf8fd854 00000000 bfa03214 bfa01624 win32k!OpenMultiplePortDevice+0xc9 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 896]
02 baabcac0 bf89191a bf9dd6a0 bf9dab54 00000088 win32k!xxxRegisterForDeviceClassNotifications+0x22e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1027]
03 baabcd1c bf8b21b0 baacc4a0 00000002 baabcd48 win32k!RawInputThread+0x46f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6200]
04 baabcd2c bf806d52 baacc4a0 baabcd58 0088fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
05 baabcd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
06 baabcd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baabcd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
07 0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
08 0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
0: kd> dv
DeviceType = 0
pustrName = 0xbaabc87c "\Device\PointerClassLegacy1"
bFlags = 0x01 ''
dwCritSecUseSave = 8

0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr Args to Child
00 baabc830 bf8fd1b2 e167fd40 00000001 00000001 win32k!RequestDeviceChange (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 2521]
01 baabc858 bf8fd4f0 00000000 baabc87c 00000001 win32k!CreateDeviceInfo+0x2b3 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 708]
02 baabca90 bf8fd854 00000000 bfa03214 bfa01624 win32k!OpenMultiplePortDevice+0xc9 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 896]
03 baabcac0 bf89191a bf9dd6a0 bf9dab54 00000088 win32k!xxxRegisterForDeviceClassNotifications+0x22e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1027]
04 baabcd1c bf8b21b0 baacc4a0 00000002 baabcd48 win32k!RawInputThread+0x46f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6200]
05 baabcd2c bf806d52 baacc4a0 baabcd58 0088fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
06 baabcd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
07 baabcd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baabcd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
08 0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
09 0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
0: kd> dv
pDeviceInfo = 0xe167fd40
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe167fd40
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe167fd40)
((win32k!tagDEVICEINFO *)0xe167fd40) : 0xe167fd40 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe168f6c8 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\PointerClassLegacy1" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x896950c0 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]

0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((ntkrnlmp!_KEVENT *)0x8974a9e8)
((ntkrnlmp!_KEVENT *)0x8974a9e8) : 0x8974a9e8 [Type: _KEVENT *]
[+0x000] Header [Type: _DISPATCHER_HEADER]
0: kd> dx -id 0,0,ffffffff896a1248 -r1 (*((ntkrnlmp!_DISPATCHER_HEADER *)0x8974a9e8))
(*((ntkrnlmp!_DISPATCHER_HEADER *)0x8974a9e8)) [Type: _DISPATCHER_HEADER]
[+0x000] Type : 0x1 [Type: unsigned char]
[+0x001] Absolute : 0x0 [Type: unsigned char]
[+0x002] Size : 0x4 [Type: unsigned char]
[+0x003] Inserted : 0x0 [Type: unsigned char]
[+0x003] DebugActive : 0x0 [Type: unsigned char]
[+0x000] Lock : 262145 [Type: long]
[+0x004] SignalState : 1 [Type: long]
[+0x008] WaitListHead [Type: _LIST_ENTRY]

0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> dv
DeviceType = 0
pustrName = 0xbaabc87c "\Device\PointerClassLegacy2"
bFlags = 0x01 ''
dwCritSecUseSave = 8
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe167fbe0
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe167fbe0
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe167fbe0)
((win32k!tagDEVICEINFO *)0xe167fbe0) : 0xe167fbe0 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe167fd40 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\PointerClassLegacy2" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x89695928 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]

0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''


0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> dv
DeviceType = 0
pustrName = 0xbaabc87c "\Device\PointerClassLegacy3"
bFlags = 0x01 ''
dwCritSecUseSave = 8
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe167fa80
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe167fa80
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe167fa80)
((win32k!tagDEVICEINFO *)0xe167fa80) : 0xe167fa80 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe167fbe0 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\PointerClassLegacy3" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x89699470 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((ntkrnlmp!_KEVENT *)0x8974a9e8)
((ntkrnlmp!_KEVENT *)0x8974a9e8) : 0x8974a9e8 [Type: _KEVENT *]
[+0x000] Header [Type: _DISPATCHER_HEADER]
0: kd> dx -id 0,0,ffffffff896a1248 -r1 (*((ntkrnlmp!_DISPATCHER_HEADER *)0x8974a9e8))
(*((ntkrnlmp!_DISPATCHER_HEADER *)0x8974a9e8)) [Type: _DISPATCHER_HEADER]
[+0x000] Type : 0x1 [Type: unsigned char]
[+0x001] Absolute : 0x0 [Type: unsigned char]
[+0x002] Size : 0x4 [Type: unsigned char]
[+0x003] Inserted : 0x0 [Type: unsigned char]
[+0x003] DebugActive : 0x0 [Type: unsigned char]
[+0x000] Lock : 262145 [Type: long]
[+0x004] SignalState : 1 [Type: long]
[+0x008] WaitListHead [Type: _LIST_ENTRY]


0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe168f4f8
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe168f4f8
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe168f4f8)
((win32k!tagDEVICEINFO *)0xe168f4f8) : 0xe168f4f8 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe167fa80 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\PointerClassLegacy4" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x89919c78 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]


0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''


0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> dv
DeviceType = 0
pustrName = 0xbaabc87c "\Device\PointerClassLegacy5"
bFlags = 0x01 ''
dwCritSecUseSave = 8
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe168f398
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe168f398
fHasToLeaveUserCrit = 0x00 ''
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> dv
DeviceType = 0
pustrName = 0xbaabc87c "\Device\PointerClassLegacy6"
bFlags = 0x01 ''
dwCritSecUseSave = 8
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe168f238
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe168f238
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe168f238)
((win32k!tagDEVICEINFO *)0xe168f238) : 0xe168f238 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe168f398 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\PointerClassLegacy6" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x89be0e10 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe168f0d8
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe168f0d8
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe168f0d8)
((win32k!tagDEVICEINFO *)0xe168f0d8) : 0xe168f0d8 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe168f238 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\PointerClassLegacy7" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x89a73e78 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''


1: kd> g
Single step exception - code 80000004 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> dv
DeviceType = 0
pustrName = 0xbaabc87c "\Device\PointerClassLegacy8"
bFlags = 0x01 ''
dwCritSecUseSave = 8
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe167f018
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe167f018
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe167f018)
((win32k!tagDEVICEINFO *)0xe167f018) : 0xe167f018 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe168f0d8 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\PointerClassLegacy8" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x89a73e50 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''


0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> dv
DeviceType = 0
pustrName = 0xbaabc87c "\Device\PointerClassLegacy9"
bFlags = 0x01 ''
dwCritSecUseSave = 8
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe167f6d0
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe167f6d0
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe167f6d0)
((win32k!tagDEVICEINFO *)0xe167f6d0) : 0xe167f6d0 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe167f018 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\PointerClassLegacy9" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x89a73e28 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!DeviceClassNotify
02 nt!PiNotifyDriverCallback
03 nt!IoRegisterPlugPlayNotification
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
DeviceType = 0
pustrName = 0xbaabca6c "\??\ACPI#VMW0003#4&5289e18&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
bFlags = 0x00 ''
dwCritSecUseSave = 8
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!DeviceClassNotify
03 nt!PiNotifyDriverCallback
04 nt!IoRegisterPlugPlayNotification
05 win32k!xxxRegisterForDeviceClassNotifications
06 win32k!RawInputThread
07 win32k!xxxCreateSystemThreads
08 win32k!NtUserCallOneParam
09 nt!_KiSystemService
0a SharedUserData!SystemCallStub
0b winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe167ceb8
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe167ceb8
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe167ceb8)
((win32k!tagDEVICEINFO *)0xe167ceb8) : 0xe167ceb8 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe167f6d0 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x0 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\??\ACPI#VMW0003#4&5289e18&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x89a73e00 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!DeviceClassNotify
04 nt!PiNotifyDriverCallback
05 nt!IoRegisterPlugPlayNotification
06 win32k!xxxRegisterForDeviceClassNotifications
07 win32k!RawInputThread
08 win32k!xxxCreateSystemThreads
09 win32k!NtUserCallOneParam
0a nt!_KiSystemService
0b SharedUserData!SystemCallStub
0c winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

1: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!DeviceClassNotify
02 nt!PiNotifyDriverCallback
03 nt!IoRegisterPlugPlayNotification
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!DeviceClassNotify
03 nt!PiNotifyDriverCallback
04 nt!IoRegisterPlugPlayNotification
05 win32k!xxxRegisterForDeviceClassNotifications
06 win32k!RawInputThread
07 win32k!xxxCreateSystemThreads
08 win32k!NtUserCallOneParam
09 nt!_KiSystemService
0a SharedUserData!SystemCallStub
0b winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe142f638
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe142f638
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe142f638)
((win32k!tagDEVICEINFO *)0xe142f638) : 0xe142f638 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe167ceb8 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x0 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\??\HID#Vid_0e0f&Pid_0003&MI_00#8&28f6544d&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x898ebe10 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!DeviceClassNotify
04 nt!PiNotifyDriverCallback
05 nt!IoRegisterPlugPlayNotification
06 win32k!xxxRegisterForDeviceClassNotifications
07 win32k!RawInputThread
08 win32k!xxxCreateSystemThreads
09 win32k!NtUserCallOneParam
0a nt!_KiSystemService
0b SharedUserData!SystemCallStub
0c winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!DeviceClassNotify
02 nt!PiNotifyDriverCallback
03 nt!IoRegisterPlugPlayNotification
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!DeviceClassNotify
03 nt!PiNotifyDriverCallback
04 nt!IoRegisterPlugPlayNotification
05 win32k!xxxRegisterForDeviceClassNotifications
06 win32k!RawInputThread
07 win32k!xxxCreateSystemThreads
08 win32k!NtUserCallOneParam
09 nt!_KiSystemService
0a SharedUserData!SystemCallStub
0b winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe142b5e0
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe142b5e0
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe142b5e0)
((win32k!tagDEVICEINFO *)0xe142b5e0) : 0xe142b5e0 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe142f638 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x0 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\??\HID#Vid_0e0f&Pid_0003&MI_01#8&51f168b&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x898ebde8 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!DeviceClassNotify
04 nt!PiNotifyDriverCallback
05 nt!IoRegisterPlugPlayNotification
06 win32k!xxxRegisterForDeviceClassNotifications
07 win32k!RawInputThread
08 win32k!xxxCreateSystemThreads
09 win32k!NtUserCallOneParam
0a nt!_KiSystemService
0b SharedUserData!SystemCallStub
0c winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!DeviceClassNotify
02 nt!PiNotifyDriverCallback
03 nt!IoRegisterPlugPlayNotification
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr Args to Child
00 baabc9c0 bf8fd3eb 00000000 baabca6c 00000000 win32k!CreateDeviceInfo (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 588]
01 baabc9e0 80c81dcd baabca44 00000000 00000000 win32k!DeviceClassNotify+0x1f1 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 802]
02 baabca18 80c85464 008fd1fa baabca44 00000000 nt!PiNotifyDriverCallback+0x161 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\io\pnpmgr\notify.c @ 2655]
03 baabca78 bf8fd8b6 00000000 00000001 e1682aa8 nt!IoRegisterPlugPlayNotification+0x61e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\io\pnpmgr\notify.c @ 1982]
04 baabcac0 bf89191a bf9dd6a0 bf9dab54 00000088 win32k!xxxRegisterForDeviceClassNotifications+0x290 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1042]
05 baabcd1c bf8b21b0 baacc4a0 00000002 baabcd48 win32k!RawInputThread+0x46f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6200]
06 baabcd2c bf806d52 baacc4a0 baabcd58 0088fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
07 baabcd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
08 baabcd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baabcd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
09 0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
0a 0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
windbg> .open -a ffffffffbf8fd3eb
0: kd> dv
DeviceType = 0
pustrName = 0xbaabca6c "\??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
bFlags = 0x00 ''
dwCritSecUseSave = 8
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!DeviceClassNotify
03 nt!PiNotifyDriverCallback
04 nt!IoRegisterPlugPlayNotification
05 win32k!xxxRegisterForDeviceClassNotifications
06 win32k!RawInputThread
07 win32k!xxxCreateSystemThreads
08 win32k!NtUserCallOneParam
09 nt!_KiSystemService
0a SharedUserData!SystemCallStub
0b winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe167cd58
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe167cd58
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe167cd58)
((win32k!tagDEVICEINFO *)0xe167cd58) : 0xe167cd58 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe142b5e0 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x0 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x898ebdc0 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!DeviceClassNotify
04 nt!PiNotifyDriverCallback
05 nt!IoRegisterPlugPlayNotification
06 win32k!xxxRegisterForDeviceClassNotifications
07 win32k!RawInputThread
08 win32k!xxxCreateSystemThreads
09 win32k!NtUserCallOneParam
0a nt!_KiSystemService
0b SharedUserData!SystemCallStub
0c winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> g
Breakpoint 4 hit
win32k!OpenMultiplePortDevice:
bf8fd427 55 push ebp
0: kd> kc
#
00 win32k!OpenMultiplePortDevice
01 win32k!xxxRegisterForDeviceClassNotifications
02 win32k!RawInputThread
03 win32k!xxxCreateSystemThreads
04 win32k!NtUserCallOneParam
05 nt!_KiSystemService
06 SharedUserData!SystemCallStub
07 winsrv!NtUserCallOneParam
0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe1647f18
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe1647f18
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe1647f18)
((win32k!tagDEVICEINFO *)0xe1647f18) : 0xe1647f18 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe167cd58 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x1 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\KeyboardClassLegacy0" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x898ebd98 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x89bdf258
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''


0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr Args to Child
00 baabc858 bf8fd4f0 00000001 baabc87c 00000001 win32k!CreateDeviceInfo (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 588]
01 baabca90 bf8fd854 00000001 bfa03214 bfa01624 win32k!OpenMultiplePortDevice+0xc9 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 896]
02 baabcac0 bf89191a bf9dd6a0 bf9dab54 00000088 win32k!xxxRegisterForDeviceClassNotifications+0x22e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1027]
03 baabcd1c bf8b21b0 baacc4a0 00000002 baabcd48 win32k!RawInputThread+0x46f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6200]
04 baabcd2c bf806d52 baacc4a0 baabcd58 0088fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
05 baabcd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
06 baabcd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baabcd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
07 0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
08 0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
windbg> .open -a ffffffffbf8fd4f0
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe1687c28
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe1687c28
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe1687c28)
((win32k!tagDEVICEINFO *)0xe1687c28) : 0xe1687c28 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe1647f18 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x1 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\KeyboardClassLegacy1" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x898ebd70 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x89bdf258
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> x win32k!apobjects
bfa6ed8c win32k!apObjects = 0x89692618
0: kd> dd 0x89692618
89692618 00000000 89bb0db8 89699498 89bdf258
89692628 00000000 89a2f948 89be0e60 00000000

0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> dv
pDeviceInfo = 0xe1679990
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe1679990
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe1679990)
((win32k!tagDEVICEINFO *)0xe1679990) : 0xe1679990 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe1425c10 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x1 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\KeyboardClassLegacy5" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x898ebcd0 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> dv
pDeviceInfo = 0xe1432750
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe1432750
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe1432750)
((win32k!tagDEVICEINFO *)0xe1432750) : 0xe1432750 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe1679990 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x1 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\KeyboardClassLegacy6" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x898ebca8 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> dv
Event = 0x89bdf258
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''
0: kd> g
Breakpoint 4 hit
win32k!OpenMultiplePortDevice:
bf8fd427 55 push ebp
0: kd> kc
#
00 win32k!OpenMultiplePortDevice
01 win32k!xxxRegisterForDeviceClassNotifications
02 win32k!RawInputThread
03 win32k!xxxCreateSystemThreads
04 win32k!NtUserCallOneParam
05 nt!_KiSystemService
06 SharedUserData!SystemCallStub
07 winsrv!NtUserCallOneParam
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 CLASSPNP!ClassSignalCompletion
02 nt!IopfCompleteRequest
03 atapi!IdePortAlwaysStatusSuccessIrp
04 nt!IofCallDriver
05 imapi!ImapiDefaultIrpHandler
06 nt!IofCallDriver
07 CLASSPNP!ClasspCreateClose
08 CLASSPNP!ClassCreateClose
09 nt!IofCallDriver
0a redbook!RedBookSendToNextDriver
0b nt!IofCallDriver
0c nt!IopParseDevice
0d nt!ObpLookupObjectName
0e nt!ObOpenObjectByName
0f nt!IopCreateFile
10 nt!IoCreateFile
11 nt!NtOpenFile
12 nt!_KiSystemService
13 nt!ZwOpenFile
14 nt!IoGetDeviceObjectPointer
15 win32k!DeviceClassCDROMNotify
16 nt!PiNotifyDriverCallback
17 nt!IoRegisterPlugPlayNotification
18 win32k!RegisterCDROMNotify
19 win32k!xxxRegisterForDeviceClassNotifications
1a win32k!RawInputThread
1b win32k!xxxCreateSystemThreads
1c win32k!NtUserCallOneParam
1d nt!_KiSystemService
1e SharedUserData!SystemCallStub
1f winsrv!NtUserCallOneParam
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 nt!IopfCompleteRequest
02 nt!IopInvalidDeviceRequest
03 nt!IofCallDriver
04 redbook!RedBookSendToNextDriver
05 nt!IofCallDriver
06 nt!IopCloseFile
07 nt!ObpDecrementHandleCount
08 nt!ObpCloseHandleTableEntry
09 nt!ObpCloseHandle
0a nt!NtClose
0b nt!_KiSystemService
0c nt!ZwClose
0d nt!IoGetDeviceObjectPointer
0e win32k!DeviceClassCDROMNotify
0f nt!PiNotifyDriverCallback
10 nt!IoRegisterPlugPlayNotification
11 win32k!RegisterCDROMNotify
12 win32k!`string'
13 win32k!RawInputThread
14 win32k!xxxCreateSystemThreads
15 win32k!NtUserCallOneParam
16 nt!_KiSystemService
17 SharedUserData!SystemCallStub
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 nt!IopCompleteRequest
02 nt!KiDeliverApc
03 hal!HalpApcInterrupt
04 hal!KfLowerIrql
05 nt!KiExitDispatcher
06 nt!KeInsertQueueApc
07 nt!IopfCompleteRequest
08 atapi!DeviceQueryDeviceRelations
09 atapi!IdePortDispatchPnp
0a nt!IofCallDriver
0b imapi!ImapiPnp
0c nt!IofCallDriver
0d CLASSPNP!ClassDispatchPnp
0e nt!IofCallDriver
0f redbook!RedBookSendToNextDriver
10 redbook!RedBookPnp
11 nt!IofCallDriver
12 nt!IopSynchronousCall
13 nt!IopGetRelatedTargetDevice
14 nt!IoRegisterPlugPlayNotification
15 win32k!DeviceClassCDROMNotify
16 nt!PiNotifyDriverCallback
17 nt!IoRegisterPlugPlayNotification
18 win32k!RegisterCDROMNotify
19 win32k!xxxRegisterForDeviceClassNotifications
1a win32k!RawInputThread
1b win32k!xxxCreateSystemThreads
1c win32k!NtUserCallOneParam
1d nt!_KiSystemService
1e SharedUserData!SystemCallStub
1f winsrv!NtUserCallOneParam
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> dv
Event = 0x8988da50
Increment = 0n0
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''
0: kd> bd 8
0: kd> g
Breakpoint 9 hit
win32k!ProcessDeviceChanges:
bf8fe215 0000 add byte ptr [eax],al
0: kd> kc
#
00 win32k!ProcessDeviceChanges
01 win32k!xxxDesktopThread
02 win32k!xxxCreateSystemThreads
03 win32k!NtUserCallOneParam
04 nt!_KiSystemService
05 SharedUserData!SystemCallStub
06 winsrv!NtUserCallOneParam
0: kd> dv
DeviceType = 2
nMice = 0xbf9cbe30
nMaxButtons = 0xbaa7c9dc
usOriginalActions = 0xeb6c
nChanges = 0n-1080139064
nWheels = 0xbf9ec3b8
nKeyboards = 0n-1
fKeyboardIdSet = 0xff ''
nHid = 0n-1080246736
dwCritSecUseSave = 0
dwDeviceInfoListCritSecUseSave = 0xbf9ec3b8

0: kd> kv
# ChildEBP RetAddr Args to Child
00 baa7ca04 bf8b123e 00000002 8969a168 bf8fe215 win32k!ProcessDeviceChanges (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1973]
01 baa7cd1c bf8b21ba bfa70aa0 00000001 baa7cd48 win32k!xxxDesktopThread+0x437 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 594]
02 baa7cd2c bf806d52 bfa70aa0 baa7cd58 008cfff4 win32k!xxxCreateSystemThreads+0x9c (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 347]
03 baa7cd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
04 baa7cd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baa7cd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
05 008cffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
06 008cffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
windbg> .open -a ffffffffbf8b123e

} else if (Status == ID_HIDCHANGE) {
TAGMSG0(DBGTAG_PNP | RIP_THERESMORE, "RIT wakes for HID Change");
EnterCrit();
ProcessDeviceChanges(DEVICE_TYPE_KEYBOARD);
LeaveCrit();
}
#ifdef GENERIC_INPUT
else if (Status == ID_TRUEHIDCHANGE) {
TAGMSG0(DBGTAG_PNP | RIP_THERESMORE, "RIT wakes for True HID Change");
EnterCrit();
ProcessDeviceChanges(DEVICE_TYPE_HID);
LeaveCrit();
}
#endif

VOID ProcessDeviceChanges(
DWORD DeviceType)
{

D:\srv03rtm\windows>grep "ID_HIDCHANGE" -nr D:\srv03rtm\windows\core\ntuser |grep -v "inary"|grep "define"
D:\srv03rtm\windows\core\ntuser/kernel/ntinput.c:112:#define ID_HIDCHANGE 3


#define ID_INPUT 0
#define ID_MOUSE 1

#define ID_TIMER 2
#define ID_HIDCHANGE 3
#define ID_SHUTDOWN 4


0: kd> r
eax=00000005 ebx=00000000 ecx=80ae2d98 edx=bfa6fd2c esi=e168aea8 edi=00000000
eip=bf8fe215 esp=baa7c9d4 ebp=baa7ca04 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
win32k!ProcessDeviceChanges:
bf8fe215 0000 add byte ptr [eax],al ds:0023:00000005=ff
0: kd> dd baa7c9d4
baa7c9d4 bf8a46ce 00000000 bf9ec3b8 bfa70aa0

版权声明: 本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若内容造成侵权/违法违规/事实不符,请联系邮箱:809451989@qq.com进行投诉反馈,一经查实,立即删除!
网站建设 2026/4/27 13:47:52

关于“此电脑”的小工具,让你的Windows的瞬间不一样

今天给大家推荐两款处理“此电脑”的实用软件&#xff0c;感兴趣的小伙伴们赶紧保存吧&#xff01; ONE MyComputerManager 最近我打开“此电脑”&#xff0c;发现里面有三个网盘的快捷方式&#xff0c;简直让我这个有点强迫症的人受不了。 因此&#xff0c;我找到了今天要推…

作者头像 李华
网站建设 2026/4/29 17:09:12

企业估值中的AI驱动的自动化科学文献综述平台评估

企业估值中的AI驱动的自动化科学文献综述平台评估 关键词&#xff1a;企业估值、AI驱动、自动化科学文献综述平台、评估指标、应用场景 摘要&#xff1a;本文聚焦于企业估值领域中AI驱动的自动化科学文献综述平台的评估。首先介绍了研究的背景&#xff0c;包括目的、预期读者、…

作者头像 李华
网站建设 2026/4/30 11:08:25

Python安装新选择:Miniconda + 清华源极速配置AI开发环境

Python安装新选择&#xff1a;Miniconda 清华源极速配置AI开发环境 在人工智能项目日益复杂的今天&#xff0c;一个常见的场景是&#xff1a;你刚从GitHub上克隆了一个热门的深度学习项目&#xff0c;满怀期待地运行 pip install -r requirements.txt&#xff0c;结果却卡在某…

作者头像 李华
网站建设 2026/4/30 16:05:50

写给生产环境的 MySQL 高级用法:性能、兼容与真实踩坑

这 10 个 MySQL 高级用法,能让你的 SQL 更高效、更优雅 在日常开发中,很多 MySQL 查询**“能跑就行”,但在数据量变大、逻辑变复杂后,SQL 的可读性、性能和可维护性**就会迅速成为瓶颈。 本文结合真实业务场景,总结 10 个 MySQL 高级用法,不仅能显著提升查询效率,还能…

作者头像 李华
网站建设 2026/4/27 13:07:12

从“价值对齐”到“价值共生”:AI元人文构想的范式革命与路径探索

从“价值对齐”到“价值共生”&#xff1a;AI元人文构想的范式革命与路径探索核心立场&#xff1a;拥抱以数值透明表征价值&#xff0c;反对以数值暗地优化价值。引言&#xff1a;智能时代的价值绝境与范式突围我们正站在智能时代的断层线上。人工智能&#xff0c;特别是大型语…

作者头像 李华
网站建设 2026/4/28 23:55:47

ACL实验null

1.全网互通&#xff1b; 2、PC1可以访问Telnet R1&#xff0c;不能ping R1 3、PC1不能访问Telnet R2&#xff0c;但可以ping R2 4、PC2和PC1相反3、实验思路1、配置地址 2、配置静态路由&#xff0c;实现全网通 3、配置Telnet&#xff0c;并测试 4、配置ACL&#xff0c;并测试四…

作者头像 李华