Windows HID 的一些信息

这篇博客并不完整。我也不知道什么时候会将完成她。先在这放部分内容。

 

 

 

 

Driver stack for mouse:

Figure of driver stack for mouse:

 

Figure of driver stack for vendor defined HID collections

Vendor defined collection IOCTL_HID_WRITE_REPORT

Call stack:

01 a2991bd4 8cadea5d hidmini!InternalIoctl+0x131

02 a2991be8 8cae1839 HIDCLASS!HidpCallDriver+0x3f

03 a2991c3c 8cadf4b5 HIDCLASS!HidpIrpMajorWrite+0x18b

04 a2991c4c 8251e6be HIDCLASS!HidpMajorHandler+0x31

05 a2991c70 822f7f8a nt!IovCallDriver+0x23f

06 a2991c84 824885e5 nt!IofCallDriver+0x1b

07 a2991ca4 824638ed nt!IopSynchronousServiceTail+0x1d9

08 a2991d38 82293a1a nt!NtWriteFile+0x6fc

09 a2991d38 776d9a94 nt!KiFastCallEntry+0x12a

0a 001ef374 776d9284 ntdll!KiFastSystemCallRet

0b 001ef378 7716bd6a ntdll!ZwWriteFile+0xc

Mouse collection IOCTL_HID_READ_REPORT

The hidmini.sys will received 2 read IRPs (HIDCLASS!HidpStartAllPingPongs )when device started. The call stack is below:

857717ec 8c851a5d 88556030 89032e28 89032e28 hidmini!InternalIoctl+0x107

85771800 8c852dea 88556030 89032e28 00000000 HIDCLASS!HidpCallDriver+0x3f

8577181c 8c852ec1 885560fc a596aef0 85771847 HIDCLASS!HidpSubmitInterruptRead+0x84

8577183c 8c85a96f 005560fc a597cd98 885560fc HIDCLASS!HidpStartAllPingPongs+0x49

85771858 8c8591e0 885560fc 885604dc a597cd98 HIDCLASS!HidpStartCollectionPDO+0xcd

85771884 8c859647 885560fc a597cd98 857718a4 HIDCLASS!HidpPdoPnp+0x14a

85771894 8c8524fd 885604c8 a597cd98 857718c8 HIDCLASS!HidpIrpMajorPnp+0x17

857718a4 8251e6be 88560410 a597cd98 00000000 HIDCLASS!HidpMajorHandler+0x79

857718c8 822f7f8a a597cf94 884b61a0 88560410 nt!IovCallDriver+0x23f

857718dc 8c869a78 8939f008 a597cd98 884b60e8 nt!IofCallDriver+0x1b

857718fc 8251e6be 884b60e8 00000000 00000000 mouhid!MouHid_PnP+0x16e

85771920 822f7f8a a597cfb8 00000000 884b60e8 nt!IovCallDriver+0x23f

85771934 8bf1349d a597cd98 885540e8 00040001 nt!IofCallDriver+0x1b

85771954 8bf10174 884b60e8 a597cd98 00000001 mouclass!MouseSendIrpSynchronously+0x59

857719c0 8251e6be a597cfdc a597cd98 a597d000 mouclass!MousePnP+0x222

857719e4 822f7f8a a597cfdc 85771a5c 88554030 nt!IovCallDriver+0x23f

857719f8 823a0605 00000000 88560410 8840c670 nt!IofCallDriver+0x1b

85771a14 8224811a 85771a38 82247f37 8840c670 nt!PnpAsynchronousCall+0x96

85771a60 823a14f6 82247f37 8840c670 88556600 nt!PnpStartDevice+0xb7

How do the HID collections (child devices) and Read/Write IRPs map in  hidmini driver?

1. The Write IRP: Irp->UserBuffer points to a HID_XFER_PACKET structure the contains the parameters and report to be transmitted to the device. Usually, HID minidriver identify the target collection by Report ID of HID_XFER_PACKET structure.
2. The Read IRP: As Hunter's test result, there will be always 2 PingPong IRPs for all the collections HID minidriver created. The read IRPs are shared. The IrpStack->Parameters.DeviceIoControl.OutputBufferLength will be equal to the longest HID Read Report length among the HID collections. HID mini-driver should fill the right HID Report ID. HIDClass driver will complete the read IRP for specific HID collection by the report ID.
   1. To confirm this, Hunter tried to create 2 mouse collections in HID minidriver. The 2 HID-Compliant Mouses different in INPUT Value length. HID mini-driver will received 2 read IRP and the OutputBufferLength of the IRP->Userbuffer equals to the longer one of the 2 HID mouse input report.