Re: 帮我分析分析这些IOCTL

Windows内核调试

帮我分析分析这些IOCTL

yushang 2009-08-27, 16:05 下午

最近想写一个类似iSCSI的驱动,现在能够加载disk.sys了,但是不知道进一步该处理那些IOCTL,帮我看看下面从DbgView中输出的:

00000000 0.00000000 uAddDevice 
00000001 0.00004470 uPnPFdo MinorFunction 0x18               //IRP_MN_QUERY_LEGACY_BUS_INFORMATION
00000002 0.00022433 uPnPFdo MinorFunction 0xD                 //IRP_MN_FILTER_RESOURCE_REQUIREMENTS
00000003 0.00023970 uPnPFdo MinorFunction 0x0                 //IRP_MN_START_DEVICE
00000004 0.00026763 uPnPFdo MinorFunction 0x9                 //IRP_MN_QUERY_CAPABILITIES
00000005 0.00179045 uPnPFdo MinorFunction 0x14               //IRP_MN_QUERY_PNP_DEVICE_STATE
00000006 0.00180498 uPnPFdo MinorFunction 0x7                 //IRP_MN_QUERY_DEVICE_RELATIONS
00000007 0.00181699 uPnPPdo MinorFunction 0x13               //IRP_MN_QUERY_ID
00000008 0.00182481 uPnPPdo IdType 0 Id uSCSI\Disk 
00000009 0.00183291 uPnPPdo MinorFunction 0x9                 //IRP_MN_QUERY_CAPABILITIES
00000010 0.00184074 uPnPPdo MinorFunction 0xC                 //IRP_MN_QUERY_DEVICE_TEXT
00000011 0.00184577 uPnPPdo Text 0 Id uSCSI Disk 
00000012 0.00185079 uPnPPdo MinorFunction 0xC                 //IRP_MN_QUERY_DEVICE_TEXT
00000013 0.00185666 uPnPPdo Text 1 Id uSCSI Disk Location Info 
00000014 0.00186588 uPnPPdo MinorFunction 0x13               //IRP_MN_QUERY_ID
00000015 0.00187175 uPnPPdo IdType 3 Id ? 
00000016 0.00319677 uPnPPdo MinorFunction 0x13               //IRP_MN_QUERY_ID
00000017 0.00320571 uPnPPdo IdType 1 Id uSCSI\Disk 
00000018 0.00321465 uPnPPdo MinorFunction 0x13               //IRP_MN_QUERY_ID
00000019 0.00322136 uPnPPdo IdType 2 Id uSCSI\Disk 
00000020 0.00334121 uPnPPdo MinorFunction 0xB                 //IRP_MN_QUERY_RESOURCE_REQUIREMENTS
00000021 0.00356302 uPnPPdo MinorFunction 0x15               //IRP_MN_QUERY_BUS_INFORMATION
00000022 0.00430250 uPnPPdo MinorFunction 0xA                 //IRP_MN_QUERY_RESOURCES
00000023 0.00536744 uiIoCtl IoControlCode 0x1B0013(DevType 0x1B , Function 0x4)       //不理解,这个好像是FILE_DEVICE_SERIAL_PORT
00000024 0.00540991 uIoCtl IoControlCode 0x2D1400(DevType 0x2D , Function 0x500) //IOCTL_STORAGE_QUERY_PROPERTY
00000025 0.00541633 uIoCtl PropertyId 0x1 , QueryType 0x0 
00000026 0.00548925 uPnPPdo MinorFunction 0x18 
00000027 0.00550014 *** IopQueryLegacyBusInformation - Driver disk returned STATUS_SUCCESS 
00000028 0.00550657     for IRP_MN_QUERY_LEGACY_BUS_INFORMATION, and a NULL POINTER. 
00000029 0.00776495 uPnPPdo MinorFunction 0xB               //IRP_MN_QUERY_RESOURCE_REQUIREMENTS
00000030 0.00784150 uPnPPdo MinorFunction 0xD               //IRP_MN_FILTER_RESOURCE_REQUIREMENTS
00000031 0.00899528 uPnPPdo MinorFunction 0x0               //IRP_MN_START_DEVICE
00000032 0.00901092 uIoCtl IoControlCode 0x2D1400(DevType 0x2D , Function 0x500) 
00000033 0.00901707 uIoCtl PropertyId 0x1 , QueryType 0x0 
00000034 0.00902573 uIoCtl IoControlCode 0x2D1400(DevType 0x2D , Function 0x500) 
00000035 0.00903159 uIoCtl PropertyId 0x1 , QueryType 0x0 
00000036 0.00903970 uIoCtl IoControlCode 0x2D1400(DevType 0x2D , Function 0x500) 
00000037 0.00904556 uIoCtl PropertyId 0x0 , QueryType 0x0 
00000038 0.00905422 uIoCtl IoControlCode 0x2D1400(DevType 0x2D , Function 0x500) 
00000039 0.00906037 uIoCtl PropertyId 0x0 , QueryType 0x0 
00000040 0.00924084 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0)   //这些也不理解
00000041 0.50253928 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000042 0.50259519 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000043 1.00253892 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000044 1.50253510 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000045 2.00258279 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000046 2.50254822 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000047 2.50258422 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000048 3.00258327 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000049 3.50253367 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000050 4.00257206 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000051 4.50253916 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000052 4.50259161 uIoCtl IoControlCode 0x70000(DevType 0x7 , Function 0x0) //IOCTL_DISK_GET_DRIVE_GEOMETRY
00000053 4.50260544 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000054 5.00259876 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000055 5.00452280 uiIoCtl IoControlCode 0x1(DevType 0x0 , Function 0x0) 
00000056 5.00455570 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000057 5.00457001 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000058 5.00458145 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000059 5.00459337 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000060 5.00460577 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000061 5.00566864 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000062 5.50260830 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000063 5.50266314 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000064 6.00259066 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000065 6.00362968 uIoCtl IoControlCode 0x41018(DevType 0x4 , Function 0x406) //IOCTL_SCSI_GET_ADDRESS
00000066 6.00369787 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000067 6.50262690 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000068 6.50318003 uPnPPdo MinorFunction 0x9 
00000069 6.50335503 uPnPPdo MinorFunction 0x14 
00000070 6.50338078 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000071 7.00258493 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000072 7.00265408 uPnPPdo MinorFunction 0x7 
00000073 7.00269318 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000074 7.50259018 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000075 7.56460714 uPnPFdo MinorFunction 0x7 
00000076 7.56463861 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000077 8.04949665 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000078 8.04956818 uPnPPdo MinorFunction 0x7 
00000079 8.04960442 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 
00000080 8.54946136 uiIoCtl IoControlCode 0x0(DevType 0x0 , Function 0x0) 

。。。

高手指点一下啊,谢谢(uiIoCtl是IRP_MJ_INTERNAL_DEVICE_CONTROL的处理函数)

Re: 帮我分析分析这些IOCTL

MJ0011 2009-08-27, 17:47 下午
1b0013 = IOCTL_SCSI_EXECUTE_NONE
0的那些是你解析错了吧!

Re: 帮我分析分析这些IOCTL

yushang 2009-08-27, 20:46 下午

没错,我敢保证没有解析错

Re: 帮我分析分析这些IOCTL

MJ0011 2009-08-27, 21:28 下午
信不信由你,不信贴代码吧

Re: 帮我分析分析这些IOCTL

yushang 2009-08-27, 21:38 下午

 DbgPrint("%s IoControlCode 0x%X(DevType 0x%X , Function 0x%X)" ,
  __FUNCTION__ ,
  Stack->Parameters.DeviceIoControl.IoControlCode,
  DEVICE_TYPE_FROM_CTL_CODE(Stack->Parameters.DeviceIoControl.IoControlCode),  
  FUNC_CODE(Stack->Parameters.DeviceIoControl.IoControlCode));

代码是这样子的

#define FUNC_CODE(n)  ((n&0x3FFC)>>2)

Re: 帮我分析分析这些IOCTL

yushang 2009-09-01, 21:31 下午
我已经找到答案了,这些IOCTL的主功能是IRP_MJ_SCSI

Re: 帮我分析分析这些IOCTL

MJ0011 2009-09-01, 22:06 下午
IRP_MJ_SCSI根本就不是Device control好吧,所以我说你写错了代码,你还不承认,IRP_MJ_SCSI的IrpStack中的参数结构是SCSI_QUEST_BLOCK,你按照DeviceControl联合去解析,当然的不对。

Powered by Community Server Powered by CnForums.Net