CVPR最佳论文复现:基于TensorFlow的实现
2025/12/27 19:04:42
DeviceNodeStarted状态下nt!PipEnumerateDevice函数调用nt!IopQueryDeviceRelations函数查询设备关系
case DeviceNodeStarted:
nextNode = ChildNode;
if (!ProcessOnlyIntermediateStates) {
if ((currentNode->Flags & DNF_REENUMERATE)) {
status = PipEnumerateDevice(currentNode, Synchronous);
if (NT_SUCCESS(status)) {
//
// Remember the bus we just enumerated.
//
enumeratedBus = currentNode;
nextNode = SameNode;
} else if (status == STATUS_PENDING) {
nextNode = SiblingNode;
}
}
}
break;
NTSTATUS
PipEnumerateDevice(
IN PDEVICE_NODE DeviceNode,
IN BOOLEAN Synchronous
)
{
NTSTATUS status;
PAGED_CODE();
//
// Clear the flag before the query so we dont lose an enum request.
//
DeviceNode->Flags &= ~DNF_REENUMERATE;
status = IopQueryDeviceRelations(BusRelations,
DeviceNode->PhysicalDeviceObject,
Synchronous,
&DeviceNode->OverUsed1.PendingDeviceRelations
);
return status;
}
0: kd> kc
#
00 nt!IopQueryDeviceRelations
01 nt!PipEnumerateDevice
02 nt!PipProcessDevNodeTree
03 nt!PiProcessReenumeration
04 nt!PipDeviceActionWorker
05 nt!PipRequestDeviceAction
06 nt!PipAddDevicesToBootDriverWorker
07 nt!PipApplyFunctionToServiceInstances
08 nt!PipAddDevicesToBootDriver
09 nt!IopInitializeBootDrivers
0a nt!IoInitSystem
0b nt!Phase1Initialization
0c nt!PspSystemThreadStartup
0d nt!KiThreadStartup
0: kd> dv
Relations = BusRelations (0n0)
DeviceObject = 0x899869f0 Device for "\Driver\PnpManager"
Synchronous = 0x01 ''
DeviceRelations = 0x89986978
irpSp = struct _IO_STACK_LOCATION
0: kd> g
Breakpoint 22 hit
eax=f789a2bc ebx=89986898 ecx=00000000 edx=899869f0 esi=89986898 edi=00000000
eip=80c95c56 esp=f789a2a4 ebp=f789a2e0 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
nt!IopSynchronousCall:
80c95c56 55 push ebp
0: kd> g
Breakpoint 24 hit
eax=0000001b ebx=00000000 ecx=89543958 edx=899bf5b0 esi=899bf5b0 edi=89543530
eip=f738c938 esp=f789a258 ebp=f789a270 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
ftdisk!FtDiskPnp:
f738c938 55 push ebp
0: kd> kc
#
00 ftdisk!FtDiskPnp
01 nt!IofCallDriver
02 nt!IopSynchronousCall
03 nt!IopQueryDeviceRelations
04 nt!PipEnumerateDevice
05 nt!PipProcessDevNodeTree
06 nt!PiProcessReenumeration
07 nt!PipDeviceActionWorker
08 nt!PipRequestDeviceAction
09 nt!PipAddDevicesToBootDriverWorker
0a nt!PipApplyFunctionToServiceInstances
0b nt!PipAddDevicesToBootDriver
0c nt!IopInitializeBootDrivers
0d nt!IoInitSystem
0e nt!Phase1Initialization
0f nt!PspSystemThreadStartup
10 nt!KiThreadStartup
case IRP_MN_QUERY_DEVICE_RELATIONS:
if (irpSp->Parameters.QueryDeviceRelations.Type != BusRelations) {
IoSkipCurrentIrpStackLocation(Irp);
return IoCallDriver(targetObject, Irp);
}
FtpAcquire(rootExtension);
n = 0;
for (l = rootExtension->VolumeList.Flink;
l != &rootExtension->VolumeList; l = l->Flink) {
n++;
}
size = FIELD_OFFSET(DEVICE_RELATIONS, Objects) +
n*sizeof(PDEVICE_OBJECT);
deviceRelations = (PDEVICE_RELATIONS)
ExAllocatePool(PagedPool, size);
if (!deviceRelations) {
FtpRelease(rootExtension);
status = STATUS_INSUFFICIENT_RESOURCES;
Irp->IoStatus.Information = 0;
break;
}
deviceRelations->Count = n;
n = 0;
for (l = rootExtension->VolumeList.Flink;
l != &rootExtension->VolumeList; l = l->Flink) {
e = CONTAINING_RECORD(l, VOLUME_EXTENSION, ListEntry);
deviceRelations->Objects[n++] = e->DeviceObject;
ObReferenceObject(e->DeviceObject);
}
while (!IsListEmpty(&rootExtension->DeadVolumeList)) {
l = RemoveHeadList(&rootExtension->DeadVolumeList);
e = CONTAINING_RECORD(l, VOLUME_EXTENSION, ListEntry);
e->DeadToPnp = TRUE;
}
FtpRelease(rootExtension);
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = (ULONG_PTR) deviceRelations;
IoSkipCurrentIrpStackLocation(Irp);
return IoCallDriver(targetObject, Irp);
0: kd> dt ROOT_EXTENSION 0x895435e8
ftdisk!ROOT_EXTENSION
+0x000 DeviceObject : 0x89543530 _DEVICE_OBJECT
+0x004 Root : 0x895435e8 ROOT_EXTENSION
+0x008 DeviceExtensionType : 0
+0x00c SpinLock : 0
+0x010 DriverObject : 0x89543958 _DRIVER_OBJECT
+0x014 TargetObject : 0x899869f0 _DEVICE_OBJECT
+0x018 Pdo : 0x899869f0 _DEVICE_OBJECT
+0x01c VolumeList : _LIST_ENTRY [ 0x89543604 - 0x89543604 ]
+0x024 DeadVolumeList : _LIST_ENTRY [ 0x8954360c - 0x8954360c ]
+0x02c NextVolumeNumber : 1
+0x030 DiskInfoSet : 0x8990f778 FT_LOGICAL_DISK_INFORMATION_SET
+0x034 WorkerThread : (null)
+0x038 WorkerQueue : _LIST_ENTRY [ 0x89543620 - 0x89543620 ]
+0x040 WorkerSemaphore : _KSEMAPHORE
+0x054 TerminateThread : 0n1
+0x058 ChangeNotifyIrpList : _LIST_ENTRY [ 0x89543640 - 0x89543640 ]
+0x060 Mutex : _KSEMAPHORE
+0x074 VolumeManagerInterfaceName : _UNICODE_STRING "\??\Root#ftdisk#0000#{53f5630e-b6bf-11d0-94f2-00a0c91efb8b}"
+0x07c PastBootReinitialize : 0 ''
+0x07d FtCodeLocked : 0 ''
+0x07e PastReinitialize : 0 ''
+0x080 DiskPerfRegistryPath : _UNICODE_STRING "\Registry\Machine\System\CurrentControlSet\Services\Ftdisk"
+0x088 PmWmiCounterLibContext : _PMWMICOUNTERLIB_CONTEXT
+0x09c ESPUniquePartitionGUID : _GUID {00000000-0000-0000-0000-000000000000}
+0x0ac NumberOfAttributeRevertEntries : 0
+0x0b0 GptAttributeRevertEntries : (null)
+0x0b4 PreExposureCount : 0
deviceRelations = (PDEVICE_RELATIONS)
ExAllocatePool(PagedPool, size);
if (!deviceRelations) {
FtpRelease(rootExtension);
status = STATUS_INSUFFICIENT_RESOURCES;
Irp->IoStatus.Information = 0;
break;
}
0: kd> p
eax=e13026d0 ebx=899bf5b0 ecx=00000002 edx=000003ff esi=895435e8 edi=00000000
eip=f738c9cc esp=f789a22c ebp=f789a254 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ftdisk!FtDiskPnp+0x94:
f738c9cc 3bc7 cmp eax,edi
0: kd> dt DEVICE_RELATIONS e13026d0
nt!DEVICE_RELATIONS
+0x000 Count : 0
+0x004 Objects : [1] 0xe134c009 _DEVICE_OBJECT
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = (ULONG_PTR) deviceRelations;
0: kd> dx -id 0,0,899a2278 -r1 -nv (*((ftdisk!_IRP *)0x899bf5b0))
(*((ftdisk!_IRP *)0x899bf5b0)) [Type: _IRP]
[+0x000] Type : 6 [Type: short]
[+0x002] Size : 0x190 [Type: unsigned short]
[+0x004] MdlAddress : 0x0 [Type: _MDL *]
[+0x008] Flags : 0x0 [Type: unsigned long]
[+0x00c] AssociatedIrp [Type: __unnamed]
[+0x010] ThreadListEntry [Type: _LIST_ENTRY]
[+0x018] IoStatus [Type: _IO_STATUS_BLOCK]
[+0x020] RequestorMode : 0 [Type: char]
[+0x021] PendingReturned : 0x0 [Type: unsigned char]
[+0x022] StackCount : 2 [Type: char]
[+0x023] CurrentLocation : 2 [Type: char]
[+0x024] Cancel : 0x0 [Type: unsigned char]
[+0x025] CancelIrql : 0x0 [Type: unsigned char]
[+0x026] ApcEnvironment : 0 [Type: char]
[+0x027] AllocationFlags : 0x4 [Type: unsigned char]
[+0x028] UserIosb : 0xf789a294 [Type: _IO_STATUS_BLOCK *]
[+0x02c] UserEvent : 0xf789a284 [Type: _KEVENT *]
[+0x030] Overlay [Type: __unnamed]
[+0x038] CancelRoutine : 0x0 [Type: void (*)(_DEVICE_OBJECT *,_IRP *)]
[+0x03c] UserBuffer : 0x0 [Type: void *]
[+0x040] Tail [Type: __unnamed]
0: kd> dx -id 0,0,899a2278 -r1 (*((ftdisk!_IO_STATUS_BLOCK *)0x899bf5c8))
(*((ftdisk!_IO_STATUS_BLOCK *)0x899bf5c8)) [Type: _IO_STATUS_BLOCK]
[+0x000] Status : 0 [Type: long]
[+0x000] Pointer : 0x0 [Type: void *]
[+0x004] Information : 0xe13026d0 [Type: unsigned long]
0: kd> p
eax=0000001b ebx=00000000 ecx=899873b0 edx=899bf5b0 esi=899bf5b0 edi=899869f0
eip=80a26758 esp=f789a210 ebp=f789a224 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!IofCallDriver+0x5e:
80a26758 ff548138 call dword ptr [ecx+eax*4+38h] ds:0023:89987454={nt!IopPnPDispatch (80cb0b36)}
0: kd> t
eax=0000001b ebx=00000000 ecx=899873b0 edx=899bf5b0 esi=899bf5b0 edi=899869f0
eip=80cb0b36 esp=f789a20c ebp=f789a224 iopl=0 nv up ei ng nz na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000286
nt!IopPnPDispatch:
80cb0b36 55 push ebp
0: kd> kc
#
00 nt!IopPnPDispatch
01 nt!IofCallDriver
02 ftdisk!FtDiskPnp
03 nt!IofCallDriver
04 nt!IopSynchronousCall
05 nt!IopQueryDeviceRelations
06 nt!PipEnumerateDevice
07 nt!PipProcessDevNodeTree
08 nt!PiProcessReenumeration
09 nt!PipDeviceActionWorker
0a nt!PipRequestDeviceAction
0b nt!PipAddDevicesToBootDriverWorker
0c nt!PipApplyFunctionToServiceInstances
0d nt!PipAddDevicesToBootDriver
0e nt!IopInitializeBootDrivers
0f nt!IoInitSystem
10 nt!Phase1Initialization
11 nt!PspSystemThreadStartup
12 nt!KiThreadStartup
0: kd> dv
DeviceObject = 0x899869f0 Device for "\Driver\PnpManager"
Irp = 0x899bf5b0
information = 0x899869f0
length = 8
uiNumber = 0xf789a224
0: kd> dt IOPNP_DEVICE_EXTENSION 0x89986aa8
nt!IOPNP_DEVICE_EXTENSION
+0x000 CompatibleIdList : (null)
+0x004 CompatibleIdListSize : 0
if (Relations == BusRelations) {
deviceNode->CompletionStatus = status;
PipSetDevNodeState( deviceNode, DeviceNodeEnumerateCompletion, NULL );
status = STATUS_SUCCESS;
}
return status;
}
0: kd> p
Root\ftdisk\0000: DeviceNodeStarted => DeviceNodeEnumerateCompletion
eax=00000000 ebx=89986898 ecx=80ae0dfa edx=00000045 esi=89986898 edi=00000000
eip=80a2e406 esp=f789a2b4 ebp=f789a2e0 iopl=0 nv up ei ng nz na pe cy
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000287
nt!IopQueryDeviceRelations+0x4c:
80a2e406 33c0 xor eax,eax
case DeviceNodeStarted:
nextNode = ChildNode;
if (!ProcessOnlyIntermediateStates) {
if ((currentNode->Flags & DNF_REENUMERATE)) {
status = PipEnumerateDevice(currentNode, Synchronous); 返回到这里
if (NT_SUCCESS(status)) {
//
// Remember the bus we just enumerated.
//
enumeratedBus = currentNode;
nextNode = SameNode;
} else if (status == STATUS_PENDING) {
nextNode = SiblingNode;
}
}
}
break;
现在状态:DeviceNodeEnumerateCompletion下应该调用函数PipEnumerateCompleted
先一个节点类型是子节点。
case DeviceNodeEnumerateCompletion:
status = PipEnumerateCompleted(currentNode);
nextNode = ChildNode;
break;