Note:ACPI Driver, Reverse Engineering, Part I

ATK200 ACPI vendor driver for Win2K, DispatchCreateClose/DriverEntry/Unload/QueryIF_ACPI

// defined GUID_ACPI_INTERFACE_STANDRD in wdmguid.h
// static const GUID GUID_ACPI_INTERFACE_STANDARD = { 0xb091a08a, 0xba97, 0x11d0, { 0xBD, 0x14, 0x00, 0xaa, 0x00, 0xb7, 0xb3, 0x2a, } };
static ACPI_INTERFACE_STANDARD IF_ACPI;
static NTSTATUS QueryIF_ACPI(PDEVICE_OBJECT PDevObj)
{
    NTSTATUS result;
    PIRP Irp;
    PIO_STACK_LOCATION IrpSp;
    KEVENT Event;
    IO_STATUS_BLOCK IoSB;

    KeInitializeEvent(&Event, SynchronizationEvent, 0);
    Irp = IoBuildSynchronousFsdRequest(IRP_MJ_PNP, PDevObj->NextDevice, 0, 0, 0, &Event, &IoSB);
    IrpSp = IoGetNextIrpStackLocation(Irp);
    // Setup ACPI Interface IRP
    Irp->IoStatus.Status = STATUS_NOT_SUPPORTED;
    Irp->IoStatus.Information = 0;
    IrpSp->MajorFunction = IRP_MJ_PNP;
    IrpSp->MinorFunction = IRP_MN_QUERY_INTERFACE;
    IrpSp->Parameters.QueryInterface.InterfaceType = (LPGUID)&GUID_ACPI_INTERFACE_STANDARD;
    IrpSp->Parameters.QueryInterface.Version = 1;
    IrpSp->Parameters.QueryInterface.Size = sizeof(ACPI_INTERFACE_STANDARD);
    IrpSp->Parameters.QueryInterface.Interface = (PINTERFACE)&IF_ACPI;
    IrpSp->Parameters.QueryInterface.InterfaceSpecificData = NULL;
    // send to next layer driver
    result = IofCallDriver(PDevObj->NextDevice, Irp);
    if ( STATUS_PENDING == result)
    {
        KeWaitForSingleObject(&Event, 0, 0, 0, 0);
        result = IoSB.Status;
    }
    return result;
}

 

NTSTATUS Atk2DispatchOpenClose (
    IN PDEVICE_OBJECT PDO,
    IN PIRP Irp
    )
{

    PDEVICE_OBJECT DevExt = PDO->DeviceExtension;
    PFILE_OBJECT pFO = IoGetCurrentIrpStackLocation(Irp)->FileObject;

    Irp->IoStatus.Status = STATUS_SUCCESS;
    Irp->IoStatus.Information = 0;

    if (DevExt->AttachedDevice)
    {
        if( pFO->FileName.Buffer )
        {
            ObDereferenceObject(DevExt->AttachedDevice);
            DevExt->AttachedDevice = NULL;
        }
    }

    IoCompleteRequest(Irp, IO_NO_INCREMENT);
    return STATUS_SUCCESS;
}

 

VOID Atk2Unload(IN PDRIVER_OBJECT PDrvObj)
{
    PDEVICE_OBJECT PDevObj= PDrvObj->DeviceObject;
    PAGED_CODE ();
    if (PDevObj)
    {
        IoDeleteDevice((PDEVICE_OBJECT)PDevObj->DeviceExtension);
    }
}

 

NTSTATUS DriverEntry(
    IN PDRIVER_OBJECT  PDO,
    IN PUNICODE_STRING RegistryPath
    )
{
  PDO->MajorFunction[IRP_MJ_CREATE] = Atk2DispatchOpenClose;
  PDO->MajorFunction[IRP_MJ_CLOSE]    = Atk2DispatchOpenClose;
  PDO->MajorFunction[IRP_MJ_POWER]    = ACPIDispatchPower;
  PDO->MajorFunction[IRP_MJ_READ]     = Atk2DispatchReadWrite;
  PDO->MajorFunction[IRP_MJ_WRITE]    = Atk2DispatchReadWrite;
  PDO->MajorFunction[IRP_MJ_PNP]     = Atk2DispatchPNP;
  PDO->MajorFunction[IRP_MJ_DEVICE_CONTROL] = Atk2ForwardRequest;
  PDO->MajorFunction[IRP_MJ_SYSTEM_CONTROL] = Atk2ForwardRequest;
  PDO->DriverExtension->AddDevice = Atk2AddDriver;
  PDO->DriverUnload = (PDRIVER_UNLOAD)Atk2Unload;
  DrvInit = 1; // unknow function/Variable
  return STATUS_SUCCESS;
}

廣告

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com Logo

您的留言將使用 WordPress.com 帳號。 登出 / 變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 / 變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 / 變更 )

Google+ photo

您的留言將使用 Google+ 帳號。 登出 / 變更 )

連結到 %s

%d 位部落客按了讚: