Reading Notebook: 21-February-11
Comments in italics are mine and express my own views, thoughts and opinions
Windows Internals by M. Russinovich, D. Solomon and A. Ionescu:
Differences between driver and service loading (p. 623)
Tag value precedence redefinition (p. 624)
Verbose !devnode command options (pp. 627 - 628)
DID=VID.PID and DIID=DID.IID (p. 630)
Hybrid sleep (pp. 637-638)
Power dispatch routine (p. 639) - Here’s a dispatch routine for a PCI driver from my x64 W2K8R2 system:
0: kd> !devnode 0 3
Dumping IopRootDeviceNode (= 0xfffffa8003c1ed90)
DevNode 0xfffffa8003c1ed90 for PDO 0xfffffa8003c1db10
InstancePath is "HTREE\ROOT\0"
State = DeviceNodeStarted (0x308)
Previous State = DeviceNodeEnumerateCompletion (0x30d)
[...]
DevNode 0xfffffa8003e91b10 for PDO 0xfffffa8003e40a20
InstancePath is “PCI\VEN_8086&DEV_2810&SUBSYS_00000000&REV_02\3&172e68dd&0&F8″
ServiceName is “msisadrv”
State = DeviceNodeStarted (0×308)
Previous State = DeviceNodeEnumerateCompletion (0×30d)
[...]
0: kd> !devobj 0xfffffa8003e40a20
Device object (fffffa8003e40a20) is for:
NTPNP_PCI0013 \Driver\pci DriverObject fffffa8003cfe270
Current Irp 00000000 RefCount 0 Type 00000022 Flags 00001040
Dacl fffff9a10008b231 DevExt fffffa8003e40b70 DevObjExt fffffa8003e40f90 DevNode fffffa8003e91b10
ExtensionFlags (0×00000800)
Unknown flags 0×00000800
AttachedDevice (Upper) fffffa8003e3f800
\Driver\ACPI
Device queue is not busy.
0: kd> !drvobj fffffa8003cfe270 f
Driver object (fffffa8003cfe270) is for:
\Driver\pci
Driver Extension List: (id , addr)
Device Object list:
fffffa8003e9da20 fffffa8003e9a060 fffffa8003e99a20 fffffa8003e939f0
fffffa8003e93040 fffffa8003e92660 fffffa8003e92cb0 fffffa8003e42060
fffffa8003e41a20 fffffa8003e41060 fffffa8003e40a20 fffffa8003e40060
fffffa8003e3fa20 fffffa8003e3f060 fffffa8003e3ea20 fffffa8003e3e060
fffffa8003e3da20 fffffa8003e3d060 fffffa8003e3ca20 fffffa8003e3c060
fffffa8003e3ba20 fffffa8003e3b060 fffffa8003e3aa20 fffffa8003e3a060
fffffa8003e37530
DriverEntry: fffff880013ae1a0 pci!GsDriverEntry
DriverStartIo: 00000000�
DriverUnload: fffff880013a2fec pci!PciDriverUnload
AddDevice: fffff8800139ae54 pci!PciAddDevice
Dispatch routines:
[00] IRP_MJ_CREATE fffff80001ab5cfc nt!IopInvalidDeviceRequest
[01] IRP_MJ_CREATE_NAMED_PIPE fffff80001ab5cfc nt!IopInvalidDeviceRequest
[02] IRP_MJ_CLOSE fffff80001ab5cfc nt!IopInvalidDeviceRequest
[03] IRP_MJ_READ fffff80001ab5cfc nt!IopInvalidDeviceRequest
[04] IRP_MJ_WRITE fffff80001ab5cfc nt!IopInvalidDeviceRequest
[05] IRP_MJ_QUERY_INFORMATION fffff80001ab5cfc nt!IopInvalidDeviceRequest
[06] IRP_MJ_SET_INFORMATION fffff80001ab5cfc nt!IopInvalidDeviceRequest
[07] IRP_MJ_QUERY_EA fffff80001ab5cfc nt!IopInvalidDeviceRequest
[08] IRP_MJ_SET_EA fffff80001ab5cfc nt!IopInvalidDeviceRequest
[09] IRP_MJ_FLUSH_BUFFERS fffff80001ab5cfc nt!IopInvalidDeviceRequest
[0a] IRP_MJ_QUERY_VOLUME_INFORMATION fffff80001ab5cfc nt!IopInvalidDeviceRequest
[0b] IRP_MJ_SET_VOLUME_INFORMATION fffff80001ab5cfc nt!IopInvalidDeviceRequest
[0c] IRP_MJ_DIRECTORY_CONTROL fffff80001ab5cfc nt!IopInvalidDeviceRequest
[0d] IRP_MJ_FILE_SYSTEM_CONTROL fffff80001ab5cfc nt!IopInvalidDeviceRequest
[0e] IRP_MJ_DEVICE_CONTROL fffff8800139e6d0 pci!PciDispatchDeviceControl
[0f] IRP_MJ_INTERNAL_DEVICE_CONTROL fffff80001ab5cfc nt!IopInvalidDeviceRequest
[10] IRP_MJ_SHUTDOWN fffff80001ab5cfc nt!IopInvalidDeviceRequest
[11] IRP_MJ_LOCK_CONTROL fffff80001ab5cfc nt!IopInvalidDeviceRequest
[12] IRP_MJ_CLEANUP fffff80001ab5cfc nt!IopInvalidDeviceRequest
[13] IRP_MJ_CREATE_MAILSLOT fffff80001ab5cfc nt!IopInvalidDeviceRequest
[14] IRP_MJ_QUERY_SECURITY fffff80001ab5cfc nt!IopInvalidDeviceRequest
[15] IRP_MJ_SET_SECURITY fffff80001ab5cfc nt!IopInvalidDeviceRequest
[16] IRP_MJ_POWER fffff880013848fc pci!PciDispatchPnpPower
[17] IRP_MJ_SYSTEM_CONTROL fffff8800139e66c pci!PciDispatchSystemControl
[18] IRP_MJ_DEVICE_CHANGE fffff80001ab5cfc nt!IopInvalidDeviceRequest
[19] IRP_MJ_QUERY_QUOTA fffff80001ab5cfc nt!IopInvalidDeviceRequest
[1a] IRP_MJ_SET_QUOTA fffff80001ab5cfc nt!IopInvalidDeviceRequest
[1b] IRP_MJ_PNP fffff880013848fc pci!PciDispatchPnpPower
!pocaps and !popolicy WinDbg commands (pp. 641 - 643)
Unlike other PnP operations like normal eject power cannot be vetoed by drivers and apps (pp. 643 - 644)
- Dmitry Vostokov @ SoftwareGeneralist.com -
_1125.png)
Coming Soon:
Fundamentals of Complete Crash and Hang Memory Dump Analysis
Management Bits: An Anthology from Reductionist Manager
Crash Dump Analysis for System Administrators and Support Engineers
New Magazines:
Debugged! MZ/PE: MagaZine for/from Practicing Engineers
New Books:
Introduction to Pattern-Driven Software Problem Solving
Memory Dump Analysis Anthology: Color Supplement for Volumes 4-5
Windows Debugging Notebook: Essential User Space WinDbg Commands
Memory Dump Analysis Anthology, Volume 5
Memory Dump Analysis Anthology, Volume 4
Memory Dump Analysis Anthology: Color Supplement for Volumes 1-3
Memory Dump Analysis Anthology, Volume 3
First Fault Software Problem Solving: A Guide for Engineers, Managers and Users
x64 Windows Debugging: Practical Foundations
Also available:
Windows Debugging: Practical Foundations
DLL List Landscape: The Art from Computer Memory Space
Dumps, Bugs and Debugging Forensics: The Adventures of Dr. Debugalov
WinDbg: A Reference Poster and Learning Cards
Memory Dump Analysis Anthology, Volume 2
Memory Dump Analysis Anthology, Volume 1
New Children's Book:
