news 2026/6/15 23:25:45

节点BAT2的VMPS方法的store方法调用ACPI!PciConfigSpaceHandlerWorker读PCI配置空间

作者头像

张小明

前端开发工程师

1.2k 24
文章封面图
节点BAT2的VMPS方法的store方法调用ACPI!PciConfigSpaceHandlerWorker读PCI配置空间

节点BAT2的VMPS方法的store方法调用ACPI!PciConfigSpaceHandlerWorker读PCI配置空间
1: kd> g
Breakpoint 48 hit
eax=899affac ebx=89996d68 ecx=8997c0ac edx=89987378 esi=899affac edi=899873b4
eip=f740d62c esp=f791ac2c ebp=f791ac44 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
ACPI!PciConfigSpaceHandlerWorker:
f740d62c 55 push ebp
1: kd> kc
#
00 ACPI!PciConfigSpaceHandlerWorker
01 ACPI!PciConfigSpaceHandler
02 ACPI!InternalOpRegionHandler
03 ACPI!AccessBaseField
04 ACPI!AccessFieldData
05 ACPI!ReadFieldObj
06 ACPI!RunContext
07 ACPI!DispatchCtxtQueue
08 ACPI!StartTimeSlicePassive
09 ACPI!ACPIWorker
0a nt!PspSystemThreadStartup
0b nt!KiThreadStartup
1: kd> kv
# ChildEBP RetAddr Args to Child
00 f791ac28 f740d9dd 899affac 00000000 00000000 ACPI!PciConfigSpaceHandlerWorker (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\base\busdrv\acpi\driver\nt\pciopregion.c @ 544]
01 f791ac44 f742813d 00000000 899b0b50 000000d8 ACPI!PciConfigSpaceHandler+0x6d (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\base\busdrv\acpi\driver\nt\pciopregion.c @ 424]
02 f791ac74 f7418f7d 00000000 899b0b50 000000d8 ACPI!InternalOpRegionHandler+0x67 (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\base\busdrv\acpi\driver\shared\acpioprg.c @ 160]
03 f791acb8 f741929b 8997c000 899b0b50 00000004 ACPI!AccessBaseField+0x185 (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\object.c @ 1259]
04 f791ace4 f7419645 8997c000 899b0b50 8997dd88 ACPI!AccessFieldData+0x179 (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\object.c @ 1046]
05 f791ad0c f741d832 8997c000 8997dd50 00000000 ACPI!ReadFieldObj+0xc8 (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\object.c @ 642]
06 f791ad34 f742042d 00000000 f7433d3c f743a928 ACPI!RunContext+0x122 (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\ctxt.c @ 588]
07 f791ad4c f74204ec f743a950 f743b318 f743a9b8 ACPI!DispatchCtxtQueue+0xaf (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\sched.c @ 150]
08 f791ad64 f74133c5 f743a928 00000000 89981ca0 ACPI!StartTimeSlicePassive+0x57 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\sched.c @ 107]
09 f791adac 80d391f0 00000000 00000000 00000000 ACPI!ACPIWorker+0xbf (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\busdrv\acpi\driver\nt\worker.c @ 302]
0a f791addc 80b00d52 f7413306 00000000 00000000 nt!PspSystemThreadStartup+0x2e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ps\create.c @ 2213]
0b 00000000 00000000 00000000 00000000 00000000 nt!KiThreadStartup+0x16 [d:\srv03rtm\base\ntos\ke\i386\threadbg.asm @ 81]
windbg> .open -a fffffffff7419645

1: kd> dv
AcpiObject = 0x899affac
CompletionStatus = 0n0
Result = 0x00000000
Context = 0x89987378

1: kd> dt PCI_CONFIG_STATE 0x89987378
ACPI!PCI_CONFIG_STATE
+0x000 AccessType : 0
+0x004 OpRegion : 0x899b0b50 _NSObj
+0x008 Address : 0xd8
+0x00c Size : 4
+0x010 Data : 0x8997dd84 -> 0
+0x014 Context : 0
+0x018 CompletionHandler : 0xf7420914 Void
+0x01c CompletionContext : 0x8997c0ac Void
+0x020 PciObj : 0x899affac _NSObj
+0x024 ParentObj : (null)
+0x028 CompletionHandlerType : 0
+0x02c Flags : 0
+0x030 RunCompletion : 0n-1
+0x034 Slot : _PCI_SLOT_NUMBER
+0x038 Bus : 0 ''
+0x039 IsPciDeviceResult : 0 ''
1: kd> db 0x899b0b50
899b0b50 90 0a 9b 89 94 0b 9b 89-ac ff 9a 89 00 00 00 00 ................
899b0b60 52 45 30 30 30 f3 9a 89-90 0a 9b 89 00 00 0a 00 RE000...........


05 f791ad0c f741d832 8997c000 8997dd50 00000000 ACPI!ReadFieldObj+0xc8 (FPO: [Non-Fpo]) (CONV: cdecl) [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\object.c @ 642]

NTSTATUS LOCAL ReadFieldObj(PCTXT pctxt, PACCFIELDOBJ pafo, NTSTATUS rc)
{

case 1:
//
// Stage 1: Access field data.
//
pafo->FrameHdr.dwfFrame++;
rc = AccessFieldData(pctxt, pafo->pdataObj, &pafo->fd,
&pafo->dwData, TRUE);


1: kd> dt ACCFIELDOBJ 8997dd50
ACPI!ACCFIELDOBJ
+0x000 FrameHdr : _framehdr
+0x010 pdataObj : 0x899b0bf4 _ObjData
+0x014 pbBuff : 0x8997c160 ""
+0x018 pbBuffEnd : 0x8997c164 ""
+0x01c dwAccSize : 4
+0x020 dwcAccesses : 1
+0x024 dwDataMask : 0xffffffff
+0x028 iLBits : 0n32
+0x02c iRBits : 0n0
+0x030 iAccess : 0n0
+0x034 dwData : 0
+0x038 fd : _FieldDesc
1: kd> dx -id 0,0,899a2278 -r1 (*((ACPI!_FieldDesc *)0x8997dd88))
(*((ACPI!_FieldDesc *)0x8997dd88)) [Type: _FieldDesc]
[+0x000] dwByteOffset : 0x0 [Type: unsigned long]
[+0x004] dwStartBitPos : 0x0 [Type: unsigned long]
[+0x008] dwNumBits : 0x20 [Type: unsigned long]
[+0x00c] dwFieldFlags : 0x3 [Type: unsigned long]
1: kd> dx -id 0,0,899a2278 -r1 ((ACPI!_ObjData *)0x899b0bf4)
((ACPI!_ObjData *)0x899b0bf4) : 0x899b0bf4 [Type: _ObjData *]
[+0x000] dwfData : 0x0 [Type: unsigned short]
[+0x002] dwDataType : 0x5 [Type: unsigned short]
[+0x004] dwRefCount : 0x0 [Type: unsigned long]
[+0x004] pdataBase : 0x0 [Type: _ObjData *]
[+0x008] dwDataValue : 0x0 [Type: unsigned long]
[+0x008] uipDataValue : 0x0 [Type: unsigned long]
[+0x008] pnsAlias : 0x0 [Type: _NSObj *]
[+0x008] pdataAlias : 0x0 [Type: _ObjData *]
[+0x008] powner : 0x0 [Type: void *]
[+0x00c] dwDataLen : 0x14 [Type: unsigned long]
[+0x010] pbDataBuff : 0x899b0c1c : 0x0 [Type: unsigned char *]

1: kd> dt fieldunitobj 0x899b0c1c
ACPI!FIELDUNITOBJ
+0x000 FieldDesc : _FieldDesc
+0x010 pnsFieldParent : 0x899b0b94 _NSObj
1: kd> dx -id 0,0,899a2278 -r1 (*((ACPI!_FieldDesc *)0x899b0c1c))
(*((ACPI!_FieldDesc *)0x899b0c1c)) [Type: _FieldDesc]
[+0x000] dwByteOffset : 0x0 [Type: unsigned long]
[+0x004] dwStartBitPos : 0x0 [Type: unsigned long]
[+0x008] dwNumBits : 0x20 [Type: unsigned long]
[+0x00c] dwFieldFlags : 0x3 [Type: unsigned long]
1: kd> dx -id 0,0,899a2278 -r1 ((ACPI!_NSObj *)0x899b0b94)
((ACPI!_NSObj *)0x899b0b94) : 0x899b0b94 [Type: _NSObj *]
[+0x000] list [Type: _List]
[+0x008] pnsParent : 0x899affac [Type: _NSObj *]
[+0x00c] pnsFirstChild : 0x0 [Type: _NSObj *]
[+0x010] dwNameSeg : 0x0 [Type: unsigned long]
[+0x014] hOwner : 0x899af330 [Type: void *]
[+0x018] pnsOwnedNext : 0x899b0b50 [Type: _NSObj *]
[+0x01c] ObjData [Type: _ObjData]
[+0x030] Context : 0x0 [Type: void *]
[+0x034] dwRefCount : 0x0 [Type: unsigned long]
1: kd> db 0x899b0b94
899b0b94 50 0b 9b 89 d8 0b 9b 89-ac ff 9a 89 00 00 00 00 P...............
899b0ba4 00 00 00 00 30 f3 9a 89-50 0b 9b 89 00 00 83 00 ....0...P.......
899b0bb4 00 00 00 00 00 00 00 00-04 00 00 00 28 0b 9b 89 ............(...
899b0bc4 00 00 00 00 00 00 00 00-48 4e 53 4f 44 00 00 00 ........HNSOD...
899b0bd4 00 f0 9a 89 94 0b 9b 89-50 0e 9b 89 ac ff 9a 89 ........P.......
899b0be4 00 00 00 00 4f 45 4d 52-30 f3 9a 89 94 0b 9b 89 ....OEMR0.......
899b0bf4 00 00 05 00 00 00 00 00-00 00 00 00 14 00 00 00 ................
899b0c04 1c 0c 9b 89 00 00 00 00-00 00 00 00 48 46 44 55 ............HFDU
1: kd> dx -id 0,0,899a2278 -r1 (*((ACPI!_ObjData *)0x899b0bb0))
(*((ACPI!_ObjData *)0x899b0bb0)) [Type: _ObjData]
[+0x000] dwfData : 0x0 [Type: unsigned short]
[+0x002] dwDataType : 0x83 [Type: unsigned short]
[+0x004] dwRefCount : 0x0 [Type: unsigned long]
[+0x004] pdataBase : 0x0 [Type: _ObjData *]
[+0x008] dwDataValue : 0x0 [Type: unsigned long]
[+0x008] uipDataValue : 0x0 [Type: unsigned long]
[+0x008] pnsAlias : 0x0 [Type: _NSObj *]
[+0x008] pdataAlias : 0x0 [Type: _ObjData *]
[+0x008] powner : 0x0 [Type: void *]
[+0x00c] dwDataLen : 0x4 [Type: unsigned long]
[+0x010] pbDataBuff : 0x899b0b28 : 0x50 [Type: unsigned char *]
1: kd> dt fieldobj 0x899b0b28
ACPI!FIELDOBJ
+0x000 pnsBase : 0x899b0b50 _NSObj
1: kd> dx -id 0,0,899a2278 -r1 ((ACPI!_NSObj *)0x899b0b50)
((ACPI!_NSObj *)0x899b0b50) : 0x899b0b50 [Type: _NSObj *]
[+0x000] list [Type: _List]
[+0x008] pnsParent : 0x899affac [Type: _NSObj *]
[+0x00c] pnsFirstChild : 0x0 [Type: _NSObj *]
[+0x010] dwNameSeg : 0x30304552 [Type: unsigned long]
[+0x014] hOwner : 0x899af330 [Type: void *]
[+0x018] pnsOwnedNext : 0x899b0a90 [Type: _NSObj *]
[+0x01c] ObjData [Type: _ObjData]
[+0x030] Context : 0x899affac [Type: void *]
[+0x034] dwRefCount : 0x0 [Type: unsigned long]
1: kd> db 0x899b0b50
899b0b50 90 0a 9b 89 94 0b 9b 89-ac ff 9a 89 00 00 00 00 ................
899b0b60 52 45 30 30 30 f3 9a 89-90 0a 9b 89 00 00 0a 00 RE000...........
899b0b70 00 00 00 00 00 00 00 00-18 00 00 00 34 01 9b 89 ............4...
899b0b80 ac ff 9a 89 00 00 00 00-48 4e 53 4f 44 00 00 00 ........HNSOD...
899b0b90 00 f0 9a 89 50 0b 9b 89-d8 0b 9b 89 ac ff 9a 89 ....P...........
899b0ba0 00 00 00 00 00 00 00 00-30 f3 9a 89 50 0b 9b 89 ........0...P...
899b0bb0 00 00 83 00 00 00 00 00-00 00 00 00 04 00 00 00 ................
899b0bc0 28 0b 9b 89 00 00 00 00-00 00 00 00 48 4e 53 4f (...........HNSO
1: kd> dx -id 0,0,899a2278 -r1 (*((ACPI!_ObjData *)0x899b0b6c))
(*((ACPI!_ObjData *)0x899b0b6c)) [Type: _ObjData]
[+0x000] dwfData : 0x0 [Type: unsigned short]
[+0x002] dwDataType : 0xa [Type: unsigned short]
[+0x004] dwRefCount : 0x0 [Type: unsigned long]
[+0x004] pdataBase : 0x0 [Type: _ObjData *]
[+0x008] dwDataValue : 0x0 [Type: unsigned long]
[+0x008] uipDataValue : 0x0 [Type: unsigned long]
[+0x008] pnsAlias : 0x0 [Type: _NSObj *]
[+0x008] pdataAlias : 0x0 [Type: _ObjData *]
[+0x008] powner : 0x0 [Type: void *]
[+0x00c] dwDataLen : 0x18 [Type: unsigned long]
[+0x010] pbDataBuff : 0x899b0134 : 0xd8 [Type: unsigned char *]
1: kd> dt opregionobj 0x899b0134
ACPI!OPREGIONOBJ
+0x000 uipOffset : 0xd8
+0x004 dwLen : 4
+0x008 bRegionSpace : 0x2 ''
+0x009 reserved : [3] ""
+0x00c RegionBusy : 0n0
+0x010 listLock : 0
+0x014 plistWaiters : (null)


1: kd> dv
AcpiObject = 0x899affac
CompletionStatus = 0n0
Result = 0x00000000
Context = 0x89987378
bytesWritten = 0
status = 0n0
interface = 0xf740d62d
oldIrql = 0x89 ''
Complain = 0x00 ''
length = 0
ErrorLogged = 0x00 ''
ACPIName = unsigned short [5]
IllegalPCIOpRegionAddress = unsigned short *[2]
addressBuffer = unsigned short [13]
parent = unsigned char [5] ""
opRegion = unsigned char [5] "hm???"
1: kd> dt PCI_CONFIG_STATE 0x89987378
ACPI!PCI_CONFIG_STATE
+0x000 AccessType : 0 需要读PCI配置空间,1表示写PCI配置空间
+0x004 OpRegion : 0x899b0b50 _NSObj
+0x008 Address : 0xd8
+0x00c Size : 4
+0x010 Data : 0x8997dd84 -> 0
+0x014 Context : 0
+0x018 CompletionHandler : 0xf7420914 Void
+0x01c CompletionContext : 0x8997c0ac Void
+0x020 PciObj : 0x899affac _NSObj
+0x024 ParentObj : (null)
+0x028 CompletionHandlerType : 0
+0x02c Flags : 0
+0x030 RunCompletion : 0n-1
+0x034 Slot : _PCI_SLOT_NUMBER
+0x038 Bus : 0 ''
+0x039 IsPciDeviceResult : 0 ''


Method (VMPS, 1, NotSerialized)
{
Acquire (OEML, 0xFFFF)
IVOC (0x81, Arg0)
Store (\_SB.PCI0.OEMR, Local0)
Release (OEML)
Return (Local0)
}

Device (BAT2)
{
Name (_HID, EisaId ("PNP0C0A")) // _HID: Hardware ID
Name (_UID, 0x02) // _UID: Unique ID
Name (_PCL, Package (0x01) // _PCL: Power Consumer List
{
\_SB
})
Method (_STA, 0, NotSerialized) // _STA: Status
{
Return (VMPS (0x02))
}

版权声明: 本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如若内容造成侵权/违法违规/事实不符,请联系邮箱:809451989@qq.com进行投诉反馈,一经查实,立即删除!
网站建设 2026/6/15 19:46:25

好写作AI:英语写作还在“中式翻译”?你的地道表达外挂来了!

写英文论文时,是否经历过这种绝望:每个单词都认识,但组合起来就是一股浓浓的“翻译腔”?导师批注“awkward expression”多得像满天星?别慌,这真不是你的错——思维在汉语赛道,写作却要进英语车…

作者头像 李华
网站建设 2026/6/15 13:39:42

还在用多线程?Python异步编程已成主流,5个理由告诉你必须转型

第一章:Python异步编程 async await 详解在现代Web开发和高并发场景中,Python的异步编程模型已成为提升性能的关键技术。async 和 await 是Python实现协程的核心语法,自Python 3.5起引入,极大地简化了异步代码的编写与维护。异步函…

作者头像 李华
网站建设 2026/6/15 16:01:34

Python新手避坑指南:教你正确创建和激活venv避免依赖冲突

第一章:Python虚拟环境的核心作用与依赖管理Python 虚拟环境是现代 Python 开发中不可或缺的工具,它允许开发者为不同项目创建独立的运行环境,避免包版本冲突,确保项目依赖的可复现性。每个虚拟环境拥有独立的 Python 解释器和包安…

作者头像 李华
网站建设 2026/6/15 13:59:52

bootstr.dll文件丢失找不到问题 免费下载方法分享

在使用电脑系统时经常会出现丢失找不到某些文件的情况,由于很多常用软件都是采用 Microsoft Visual Studio 编写的,所以这类软件的运行需要依赖微软Visual C运行库,比如像 QQ、迅雷、Adobe 软件等等,如果没有安装VC运行库或者安装…

作者头像 李华
网站建设 2026/6/15 15:46:59

DeepSeek比你更懂反思!谷歌重磅发现,智能的本质竟是一场社会化对话

大模型推理能力的飞跃源于其内部自发形成的社会化协作机制。这项来自谷歌、芝加哥大学与圣塔菲研究所的最新研究揭示了一个令人惊叹的事实,即像DeepSeek-R1和QwQ这样的推理模型,在思考复杂问题时并非在进行枯燥的线性计算,而是在大脑内部模拟…

作者头像 李华
网站建设 2026/6/15 19:21:27

3分钟快速搭建Node.js开发环境:现代前端工程化起点

快速体验 打开 InsCode(快马)平台 https://www.inscode.net输入框内输入如下内容: 构建一个现代Node.js开发环境初始化工具,功能:1.一键安装Node.jspnpm 2.生成基础项目结构 3.预配置TypeScript 4.集成ESLintPrettier 5.添加单元测试框架(J…

作者头像 李华