Note:ACPI Driver, Reverse Engineering, Part I

ATK200 ACPI vendor driver for Win2K, DispatchCreateClose/DriverEntry/Unload/QueryIF_ACPI

// defined GUID_ACPI_INTERFACE_STANDRD in wdmguid.h
// static const GUID GUID_ACPI_INTERFACE_STANDARD = { 0xb091a08a, 0xba97, 0x11d0, { 0xBD, 0x14, 0x00, 0xaa, 0x00, 0xb7, 0xb3, 0x2a, } };
static ACPI_INTERFACE_STANDARD IF_ACPI;
static NTSTATUS QueryIF_ACPI(PDEVICE_OBJECT PDevObj)
{
NTSTATUS result;
PIRP Irp;
PIO_STACK_LOCATION IrpSp;
KEVENT Event;
IO_STATUS_BLOCK IoSB;

KeInitializeEvent(&Event, SynchronizationEvent, 0);
Irp = IoBuildSynchronousFsdRequest(IRP_MJ_PNP, PDevObj->NextDevice, 0, 0, 0, &Event, &IoSB);
IrpSp = IoGetNextIrpStackLocation(Irp);
// Setup ACPI Interface IRP
Irp->IoStatus.Status = STATUS_NOT_SUPPORTED;
Irp->IoStatus.Information = 0;
IrpSp->MajorFunction = IRP_MJ_PNP;
IrpSp->MinorFunction = IRP_MN_QUERY_INTERFACE;
IrpSp->Parameters.QueryInterface.InterfaceType = (LPGUID)&GUID_ACPI_INTERFACE_STANDARD;
IrpSp->Parameters.QueryInterface.Version = 1;
IrpSp->Parameters.QueryInterface.Size = sizeof(ACPI_INTERFACE_STANDARD);
IrpSp->Parameters.QueryInterface.Interface = (PINTERFACE)&IF_ACPI;
IrpSp->Parameters.QueryInterface.InterfaceSpecificData = NULL;
// send to next layer driver
result = IofCallDriver(PDevObj->NextDevice, Irp);
if ( STATUS_PENDING == result)
{
KeWaitForSingleObject(&Event, 0, 0, 0, 0);
result = IoSB.Status;
}
return result;
}

NTSTATUS Atk2DispatchOpenClose (
IN PDEVICE_OBJECT PDO,
IN PIRP Irp
)
{

PDEVICE_OBJECT DevExt = PDO->DeviceExtension;
PFILE_OBJECT pFO = IoGetCurrentIrpStackLocation(Irp)->FileObject;

Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;

if (DevExt->AttachedDevice)
{
if( pFO->FileName.Buffer )
{
ObDereferenceObject(DevExt->AttachedDevice);
DevExt->AttachedDevice = NULL;
}
}

IoCompleteRequest(Irp, IO_NO_INCREMENT);
return STATUS_SUCCESS;
}

VOID Atk2Unload(IN PDRIVER_OBJECT PDrvObj)
{
PDEVICE_OBJECT PDevObj= PDrvObj->DeviceObject;
PAGED_CODE ();
if (PDevObj)
{
IoDeleteDevice((PDEVICE_OBJECT)PDevObj->DeviceExtension);
}
}

NTSTATUS DriverEntry(
IN PDRIVER_OBJECT  PDO,
IN PUNICODE_STRING RegistryPath
)
{
PDO->MajorFunction[IRP_MJ_CREATE] = Atk2DispatchOpenClose;
PDO->MajorFunction[IRP_MJ_CLOSE]    = Atk2DispatchOpenClose;
PDO->MajorFunction[IRP_MJ_POWER]    = ACPIDispatchPower;
PDO->MajorFunction[IRP_MJ_READ]     = Atk2DispatchReadWrite;
PDO->MajorFunction[IRP_MJ_WRITE]    = Atk2DispatchReadWrite;
PDO->MajorFunction[IRP_MJ_PNP]     = Atk2DispatchPNP;
PDO->MajorFunction[IRP_MJ_DEVICE_CONTROL] = Atk2ForwardRequest;
PDO->MajorFunction[IRP_MJ_SYSTEM_CONTROL] = Atk2ForwardRequest;
PDO->DriverExtension->AddDevice = Atk2AddDriver;
PDO->DriverUnload = (PDRIVER_UNLOAD)Atk2Unload;
DrvInit = 1; // unknow function/Variable
return STATUS_SUCCESS;
}

廣告

發表迴響

在下方填入你的資料或按右方圖示以社群網站登入:

WordPress.com 標誌

您的留言將使用 WordPress.com 帳號。 登出 /  變更 )

Google+ photo

您的留言將使用 Google+ 帳號。 登出 /  變更 )

Twitter picture

您的留言將使用 Twitter 帳號。 登出 /  變更 )

Facebook照片

您的留言將使用 Facebook 帳號。 登出 /  變更 )

w

連結到 %s