小端口驱动启动及关闭过程

最新推荐文章于 2024-05-24 00:53:48 发布

xbgprogrammer

最新推荐文章于 2024-05-24 00:53:48 发布

阅读量2k

点赞数 2

本文链接：https://blog.csdn.net/xbgprogrammer/article/details/51143725

版权

网卡启动过程

1. 进入DriverEntry后，调用NdisMRegisterMiniportDriver注册小端口驱动

ChildEBP RetAddr  
807e04ec 89222eec netvmini620!MPSetOptions [d:\td\newframe\drivers-vd\network\netvmini620\miniport.c @ 299]
807e0510 8bd3f1fc ndis!NdisMRegisterMiniportDriver+0x498
807e0598 83fd72e6 netvmini620!DriverEntry+0x1ec [d:\td\newframe\drivers-vd\network\netvmini620\miniport.c @ 180]
807e077c 83fc37f4 nt!IopLoadDriver+0x7ed
807e0828 84007811 nt!PipCallDriverAddDeviceQueryRoutine+0x34b
807e0860 84008520 nt!RtlpCallQueryRegistryRoutine+0x2ea
807e08cc 83fd16a4 nt!RtlQueryRegistryValues+0x31d
807e09a8 83fd0e12 nt!PipCallDriverAddDevice+0x383
807e0ba4 840a0a4e nt!PipProcessDevNodeTree+0x15d
807e0bd8 83e27cb7 nt!PiRestartDevice+0x8a
807e0c00 83e90aab nt!PnpDeviceActionWorker+0x1fb
807e0c50 8401cf5e nt!ExpWorkerThread+0x10d
807e0c90 83ec4219 nt!PspSystemThreadStartup+0x9e
00000000 00000000 nt!KiThreadStartup+0x19

注意MPSetOptions是在NdisMRegisterMiniportDriver上下文中被调用的。

2. 调用MPInitializeEx，初始化适配器

807e0528 8927ecf2 netvmini620!MPInitializeEx [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 171]
807e07f4 8927e474 ndis!ndisMInitializeAdapter+0x76b
807e082c 8927e2ed ndis!ndisInitializeAdapter+0x10a
807e0854 89283d23 ndis!ndisPnPStartDevice+0x130
807e0898 83e4a593 ndis!ndisPnPDispatch+0x62f
807e08b0 83fd26f8 nt!IofCallDriver+0x63
807e08cc 83e2528b nt!PnpAsynchronousCall+0x92
807e0930 83fc9561 nt!PnpStartDevice+0xe1
807e098c 83fc942a nt!PnpStartDeviceNode+0x12c
807e09a8 83fd0e3d nt!PipProcessStartPhase1+0x62
807e0ba4 840a0a4e nt!PipProcessDevNodeTree+0x188
807e0bd8 83e27cb7 nt!PiRestartDevice+0x8a
807e0c00 83e90aab nt!PnpDeviceActionWorker+0x1fb
807e0c50 8401cf5e nt!ExpWorkerThread+0x10d
807e0c90 83ec4219 nt!PspSystemThreadStartup+0x9e
00000000 00000000 nt!KiThreadStartup+0x19

调用MPInitializeEx时适配器处于Initializing状态，初始化成功后处于Paused状态，初始化失败返回Halted状态。

3. 调用MPRestart函数，启动适配器

807e04ec 8927b852 netvmini620!MPRestart [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 679]
807e052c 8927fe17 ndis!ndisRestartMiniport+0x16f
807e07f4 8927e474 ndis!ndisMInitializeAdapter+0x1890
807e082c 8927e2ed ndis!ndisInitializeAdapter+0x10a
807e0854 89283d23 ndis!ndisPnPStartDevice+0x130
807e0898 83e4a593 ndis!ndisPnPDispatch+0x62f
807e08b0 83fd26f8 nt!IofCallDriver+0x63
807e08cc 83e2528b nt!PnpAsynchronousCall+0x92
807e0930 83fc9561 nt!PnpStartDevice+0xe1
807e098c 83fc942a nt!PnpStartDeviceNode+0x12c
807e09a8 83fd0e3d nt!PipProcessStartPhase1+0x62
807e0ba4 840a0a4e nt!PipProcessDevNodeTree+0x188
807e0bd8 83e27cb7 nt!PiRestartDevice+0x8a
807e0c00 83e90aab nt!PnpDeviceActionWorker+0x1fb
807e0c50 8401cf5e nt!ExpWorkerThread+0x10d
807e0c90 83ec4219 nt!PspSystemThreadStartup+0x9e
00000000 00000000 nt!KiThreadStartup+0x19

调用MPRestart时适配器处于Restarting状态，初始化成功后处于Running状态，初始化失败返回Paused状态。

4. 调用MPDevicePnpEventNotify发送PNP通知

807e04c8 8928448b netvmini620!MPDevicePnpEventNotify+0x8 [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 1117]
807e0508 892842c8 ndis!ndisDevicePnPEventNotifyMiniport+0xf4
807e0524 892800f5 ndis!ndisNotifyMiniports+0x5d
807e07f4 8927e474 ndis!ndisMInitializeAdapter+0x1b6e
807e082c 8927e2ed ndis!ndisInitializeAdapter+0x10a
807e0854 89283d23 ndis!ndisPnPStartDevice+0x130
807e0898 83e4a593 ndis!ndisPnPDispatch+0x62f
807e08b0 83fd26f8 nt!IofCallDriver+0x63
807e08cc 83e2528b nt!PnpAsynchronousCall+0x92
807e0930 83fc9561 nt!PnpStartDevice+0xe1
807e098c 83fc942a nt!PnpStartDeviceNode+0x12c
807e09a8 83fd0e3d nt!PipProcessStartPhase1+0x62
807e0ba4 840a0a4e nt!PipProcessDevNodeTree+0x188
807e0bd8 83e27cb7 nt!PiRestartDevice+0x8a
807e0c00 83e90aab nt!PnpDeviceActionWorker+0x1fb
807e0c50 8401cf5e nt!ExpWorkerThread+0x10d
807e0c90 83ec4219 nt!PspSystemThreadStartup+0x9e
00000000 00000000 nt!KiThreadStartup+0x19

根据调试，发送的通知为NdisDevicePnPEventPowerProfileChanged，确认电源类型（battery or AC online）

5. 调用MPPause，暂停网卡

8e30ba74 8927be18 netvmini620!MPPause [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 600]
8e30bab0 89216087 ndis!ndisPauseMiniport+0x17f
8e30bbe4 89215cea ndis!ndisAttachFilterToMiniport+0x2fc
8e30bc0c 89280cad ndis!ndisCheckMiniportFilters+0x105
8e30bc24 89278013 ndis!ndisQueuedCheckAdapterBindings+0xc8
8e30bc34 8921408e ndis!ndisWorkItemHandler+0xe
8e30bc50 8401cf5e ndis!ndisWorkerThread+0xa4
8e30bc90 83ec4219 nt!PspSystemThreadStartup+0x9e
00000000 00000000 nt!KiThreadStartup+0x19

此为一工作线程，查看堆栈，暂停网卡的目的可能是挂载过滤驱动。

6. 再次调用MPRestart函数，启动适配器

8e30b848 8927b852 netvmini620!MPRestart [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 679]
8e30b888 8921e76c ndis!ndisRestartMiniport+0x16f
8e30baac 8921736d ndis!ndisRestartMiniportFilterStack+0xa5
8e30bbe4 89215cea ndis!ndisAttachFilterToMiniport+0x15e2
8e30bc0c 89280cad ndis!ndisCheckMiniportFilters+0x105
8e30bc24 89278013 ndis!ndisQueuedCheckAdapterBindings+0xc8
8e30bc34 8921408e ndis!ndisWorkItemHandler+0xe
8e30bc50 8401cf5e ndis!ndisWorkerThread+0xa4
8e30bc90 83ec4219 nt!PspSystemThreadStartup+0x9e
00000000 00000000 nt!KiThreadStartup+0x19

此工作线程与上一调用MPPause的工作线程为同一线程。

至此，适配器启动完毕。

网卡关闭过程

1. 调用MPPause，进入Pause状态（关闭发送、接收数据包路径）

807e477c 8927be18 netvmini620!MPPause [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 600]
807e47b8 8928ab77 ndis!ndisPauseMiniport+0x17f
807e484c 8928f62b ndis!ndisCloseMiniportBindings+0xcb
807e497c 8923f538 ndis!ndisPnPRemoveDevice+0x23c
807e49ac 89283ac3 ndis!ndisPnPRemoveDeviceEx+0xaa
807e49f0 83e4a593 ndis!ndisPnPDispatch+0x3cf
807e4a08 83fecf95 nt!IofCallDriver+0x63
807e4a38 840d9a3f nt!IopSynchronousCall+0xc2
807e4a90 83eef346 nt!IopRemoveDevice+0xd4
807e4abc 840d1787 nt!PnpRemoveLockedDeviceNode+0x16c
807e4ad0 840d1a3b nt!PnpDeleteLockedDeviceNode+0x2d
807e4b04 840d5417 nt!PnpDeleteLockedDeviceNodes+0x4c
807e4bc4 83fc52ca nt!PnpProcessQueryRemoveAndEject+0x946
807e4bdc 83fd33ca nt!PnpProcessTargetDeviceEvent+0x38
807e4c00 83e90aab nt!PnpDeviceEventWorker+0x216
807e4c50 8401cf5e nt!ExpWorkerThread+0x10d
807e4c90 83ec4219 nt!PspSystemThreadStartup+0x9e
00000000 00000000 nt!KiThreadStartup+0x19

2. 调用MPRestart，不懂

807e4778 8927b852 netvmini620!MPRestart [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 679]
807e47b8 8928ad21 ndis!ndisRestartMiniport+0x16f
807e484c 8928f62b ndis!ndisCloseMiniportBindings+0x275
807e497c 8923f538 ndis!ndisPnPRemoveDevice+0x23c
807e49ac 89283ac3 ndis!ndisPnPRemoveDeviceEx+0xaa
807e49f0 83e4a593 ndis!ndisPnPDispatch+0x3cf
807e4a08 83fecf95 nt!IofCallDriver+0x63
807e4a38 840d9a3f nt!IopSynchronousCall+0xc2
807e4a90 83eef346 nt!IopRemoveDevice+0xd4
807e4abc 840d1787 nt!PnpRemoveLockedDeviceNode+0x16c
807e4ad0 840d1a3b nt!PnpDeleteLockedDeviceNode+0x2d
807e4b04 840d5417 nt!PnpDeleteLockedDeviceNodes+0x4c
807e4bc4 83fc52ca nt!PnpProcessQueryRemoveAndEject+0x946
807e4bdc 83fd33ca nt!PnpProcessTargetDeviceEvent+0x38
807e4c00 83e90aab nt!PnpDeviceEventWorker+0x216
807e4c50 8401cf5e nt!ExpWorkerThread+0x10d
807e4c90 83ec4219 nt!PspSystemThreadStartup+0x9e
00000000 00000000 nt!KiThreadStartup+0x19

3. 调用MPPause，呼应上面的MPRestart

807e47a4 8927be18 netvmini620!MPPause [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 600]
807e47e0 89227f90 ndis!ndisPauseMiniport+0x17f
807e484c 8928f631 ndis!ndisDetachFiltersOnMiniport+0x136
807e497c 8923f538 ndis!ndisPnPRemoveDevice+0x242
807e49ac 89283ac3 ndis!ndisPnPRemoveDeviceEx+0xaa
807e49f0 83e4a593 ndis!ndisPnPDispatch+0x3cf
807e4a08 83fecf95 nt!IofCallDriver+0x63
807e4a38 840d9a3f nt!IopSynchronousCall+0xc2
807e4a90 83eef346 nt!IopRemoveDevice+0xd4
807e4abc 840d1787 nt!PnpRemoveLockedDeviceNode+0x16c
807e4ad0 840d1a3b nt!PnpDeleteLockedDeviceNode+0x2d
807e4b04 840d5417 nt!PnpDeleteLockedDeviceNodes+0x4c
807e4bc4 83fc52ca nt!PnpProcessQueryRemoveAndEject+0x946
807e4bdc 83fd33ca nt!PnpProcessTargetDeviceEvent+0x38
807e4c00 83e90aab nt!PnpDeviceEventWorker+0x216
807e4c50 8401cf5e nt!ExpWorkerThread+0x10d
807e4c90 83ec4219 nt!PspSystemThreadStartup+0x9e
00000000 00000000 nt!KiThreadStartup+0x19

分析上面的堆栈，与卸载过滤驱动有关。

4. 再次调用MPRestart，又一次不懂

807e47a0 8927b852 netvmini620!MPRestart [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 679]
807e47e0 89227fcf ndis!ndisRestartMiniport+0x16f
807e484c 8928f631 ndis!ndisDetachFiltersOnMiniport+0x175
807e497c 8923f538 ndis!ndisPnPRemoveDevice+0x242
807e49ac 89283ac3 ndis!ndisPnPRemoveDeviceEx+0xaa
807e49f0 83e4a593 ndis!ndisPnPDispatch+0x3cf
807e4a08 83fecf95 nt!IofCallDriver+0x63
807e4a38 840d9a3f nt!IopSynchronousCall+0xc2
807e4a90 83eef346 nt!IopRemoveDevice+0xd4
807e4abc 840d1787 nt!PnpRemoveLockedDeviceNode+0x16c
807e4ad0 840d1a3b nt!PnpDeleteLockedDeviceNode+0x2d
807e4b04 840d5417 nt!PnpDeleteLockedDeviceNodes+0x4c
807e4bc4 83fc52ca nt!PnpProcessQueryRemoveAndEject+0x946
807e4bdc 83fd33ca nt!PnpProcessTargetDeviceEvent+0x38
807e4c00 83e90aab nt!PnpDeviceEventWorker+0x216
807e4c50 8401cf5e nt!ExpWorkerThread+0x10d
807e4c90 83ec4219 nt!PspSystemThreadStartup+0x9e
00000000 00000000 nt!KiThreadStartup+0x19

5. 调用MPPause，呼应上面的MPRestart

807e480c 8927be18 netvmini620!MPPause [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 600]
807e4848 8928f648 ndis!ndisPauseMiniport+0x17f
807e497c 8923f538 ndis!ndisPnPRemoveDevice+0x259
807e49ac 89283ac3 ndis!ndisPnPRemoveDeviceEx+0xaa
807e49f0 83e4a593 ndis!ndisPnPDispatch+0x3cf
807e4a08 83fecf95 nt!IofCallDriver+0x63
807e4a38 840d9a3f nt!IopSynchronousCall+0xc2
807e4a90 83eef346 nt!IopRemoveDevice+0xd4
807e4abc 840d1787 nt!PnpRemoveLockedDeviceNode+0x16c
807e4ad0 840d1a3b nt!PnpDeleteLockedDeviceNode+0x2d
807e4b04 840d5417 nt!PnpDeleteLockedDeviceNodes+0x4c
807e4bc4 83fc52ca nt!PnpProcessQueryRemoveAndEject+0x946
807e4bdc 83fd33ca nt!PnpProcessTargetDeviceEvent+0x38
807e4c00 83e90aab nt!PnpDeviceEventWorker+0x216
807e4c50 8401cf5e nt!ExpWorkerThread+0x10d
807e4c90 83ec4219 nt!PspSystemThreadStartup+0x9e
00000000 00000000 nt!KiThreadStartup+0x19

6. 调用MPHaltEx，卸载适配器

807e47f4 8928a69f netvmini620!MPHaltEx [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 745]
807e4830 8928d9e7 ndis!ndisMCommonHaltMiniport+0x54f
807e484c 8928f729 ndis!ndisMHaltMiniport+0x5a
807e497c 8923f538 ndis!ndisPnPRemoveDevice+0x33a
807e49ac 89283ac3 ndis!ndisPnPRemoveDeviceEx+0xaa
807e49f0 83e4a593 ndis!ndisPnPDispatch+0x3cf
807e4a08 83fecf95 nt!IofCallDriver+0x63
807e4a38 840d9a3f nt!IopSynchronousCall+0xc2
807e4a90 83eef346 nt!IopRemoveDevice+0xd4
807e4abc 840d1787 nt!PnpRemoveLockedDeviceNode+0x16c
807e4ad0 840d1a3b nt!PnpDeleteLockedDeviceNode+0x2d
807e4b04 840d5417 nt!PnpDeleteLockedDeviceNodes+0x4c
807e4bc4 83fc52ca nt!PnpProcessQueryRemoveAndEject+0x946
807e4bdc 83fd33ca nt!PnpProcessTargetDeviceEvent+0x38
807e4c00 83e90aab nt!PnpDeviceEventWorker+0x216
807e4c50 8401cf5e nt!ExpWorkerThread+0x10d
807e4c90 83ec4219 nt!PspSystemThreadStartup+0x9e
00000000 00000000 nt!KiThreadStartup+0x19

以上的过程是在我的win 7虚拟机上测试的，在各位看官的机器上，我觉得关闭适配器的流程可能会与我的机器有所不同，具体可能关系到是否有过滤驱动，没测试，瞎掰以下，关闭适配器的过程多次调用了Pause及Restart例程，我觉得调用几次并没有关系，只要讲发送接收路径控制好即可。

xbgprogrammer

关注

2
点赞
踩
7

收藏

觉得还不错? 一键收藏
0
评论
小端口驱动启动及关闭过程

网卡启动过程1. 进入DriverEntry后，调用NdisMRegisterMiniportDriver注册小端口驱动ChildEBP RetAddr 807e04ec 89222eec netvmini620!MPSetOptions [d:\td\newframe\drivers-vd\network\netvmini620\miniport.c @ 299]807e0510
复制链接

扫一扫