news 2025/12/22 17:19:20

win32k!RawInputThread线程分析之win32k!xxxRegisterForDeviceClassNotifications到win32k!RequestDeviceChange重要

张小明

前端开发工程师

1.2k 24

文章封面图 — win32k!RawInputThread线程分析之win32k!xxxRegisterForDeviceClassNotifications到win32k!RequestDeviceChange重要

win32k!RawInputThread线程分析之win32k!xxxRegisterForDeviceClassNotifications到win32k!OpenMultiplePortDevice到win32k!CreateDeviceInfo到win32k!RequestDeviceChange

win32k!RawInputThread线程分析之win32k!xxxRegisterForDeviceClassNotifications到win32k!RequestDeviceChange

Breakpoint 1 hit
win32k!RawInputThread:
bf8914ab 55 push ebp
0: kd> bd 1
0: kd> be 6
0: kd> g
Breakpoint 0 hit
win32k!xxxRegisterForDeviceClassNotifications:
bf8fd626 ?? ???
0: kd> kc
#
00 win32k!xxxRegisterForDeviceClassNotifications
01 win32k!RawInputThread
02 win32k!xxxCreateSystemThreads
03 win32k!NtUserCallOneParam
04 nt!_KiSystemService
05 SharedUserData!SystemCallStub
06 winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr Args to Child
00 baabcac0 bf89191a bf9dd6a0 bf9dab54 00000088 win32k!xxxRegisterForDeviceClassNotifications (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 939]
01 baabcd1c bf8b21b0 baacc4a0 00000002 baabcd48 win32k!RawInputThread+0x46f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6200]
02 baabcd2c bf806d52 baacc4a0 baabcd58 0088fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
03 baabcd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
04 baabcd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baabcd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
05 0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
06 0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
0: kd> dv
Status = 0n8
DeviceType = 0xbf8fd626
ustrDriverName = ""
0: kd> g
Breakpoint 4 hit
win32k!OpenMultiplePortDevice:
bf8fd427 55 push ebp
0: kd> kc
#
00 win32k!OpenMultiplePortDevice
01 win32k!xxxRegisterForDeviceClassNotifications
02 win32k!RawInputThread
03 win32k!xxxCreateSystemThreads
04 win32k!NtUserCallOneParam
05 nt!_KiSystemService
06 SharedUserData!SystemCallStub
07 winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr Args to Child
00 baabca90 bf8fd854 00000000 bfa03214 bfa01624 win32k!OpenMultiplePortDevice (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 826]
01 baabcac0 bf89191a bf9dd6a0 bf9dab54 00000088 win32k!xxxRegisterForDeviceClassNotifications+0x22e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1027]
02 baabcd1c bf8b21b0 baacc4a0 00000002 baabcd48 win32k!RawInputThread+0x46f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6200]
03 baabcd2c bf806d52 baacc4a0 baabcd58 0088fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
04 baabcd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
05 baabcd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baabcd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
06 0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
07 0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
0: kd> dv
DeviceType = 0
DeviceName = "A"
uiConnectMultiplePorts = 0
awchDeviceName = unsigned short [260]
0: kd> bp nt!KeSetEvent
0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr Args to Child
00 baabc858 bf8fd4f0 00000000 baabc87c 00000001 win32k!CreateDeviceInfo (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 588]
01 baabca90 bf8fd854 00000000 bfa03214 bfa01624 win32k!OpenMultiplePortDevice+0xc9 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 896]
02 baabcac0 bf89191a bf9dd6a0 bf9dab54 00000088 win32k!xxxRegisterForDeviceClassNotifications+0x22e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1027]
03 baabcd1c bf8b21b0 baacc4a0 00000002 baabcd48 win32k!RawInputThread+0x46f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6200]
04 baabcd2c bf806d52 baacc4a0 baabcd58 0088fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
05 baabcd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
06 baabcd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baabcd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
07 0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
08 0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
windbg> .open -a ffffffffbf8fd4f0

BOOL
OpenMultiplePortDevice(DWORD DeviceType)
{

} else {
DeviceName.Length = 0;
DeviceName.MaximumLength = sizeof(awchDeviceName);
DeviceName.Buffer = awchDeviceName;

RtlAppendUnicodeToString(&DeviceName, pDevTpl->pwszLegacyDevName);
pwchNameIndex = &DeviceName.Buffer[(DeviceName.Length / sizeof(WCHAR)) - 1];
for (*pwchNameIndex = L'0'; *pwchNameIndex <= L'9'; (*pwchNameIndex)++) {
CreateDeviceInfo(DeviceType, &DeviceName, GDIF_NOTPNP);
}
}
0: kd> ba e1 win32k!ProcessDeviceChanges
0: kd> bd 0
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr Args to Child
00 baabc830 bf8fd1b2 e168f6c8 00000001 00000001 win32k!RequestDeviceChange (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 2521]
01 baabc858 bf8fd4f0 00000000 baabc87c 00000001 win32k!CreateDeviceInfo+0x2b3 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 708]
02 baabca90 bf8fd854 00000000 bfa03214 bfa01624 win32k!OpenMultiplePortDevice+0xc9 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 896]
03 baabcac0 bf89191a bf9dd6a0 bf9dab54 00000088 win32k!xxxRegisterForDeviceClassNotifications+0x22e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1027]
04 baabcd1c bf8b21b0 baacc4a0 00000002 baabcd48 win32k!RawInputThread+0x46f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6200]
05 baabcd2c bf806d52 baacc4a0 baabcd58 0088fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
06 baabcd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
07 baabcd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baabcd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
08 0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
09 0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
0: kd> dv
pDeviceInfo = 0xe168f6c8
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe168f6c8
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe168f6c8)
((win32k!tagDEVICEINFO *)0xe168f6c8) : 0xe168f6c8 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0x0 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char] 0代表鼠标
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\PointerClassLegacy0" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x8996b4c0 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]

0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr Args to Child
00 baabc810 bf8fc870 8974a9e8 00000001 00000000 nt!KeSetEvent (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\ke\eventobj.c @ 378]
01 baabc830 bf8fd1b2 bfa54500 00000001 00000001 win32k!RequestDeviceChange+0x2ee (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 2617]
02 baabc858 bf8fd4f0 00000000 baabc87c 00000001 win32k!CreateDeviceInfo+0x2b3 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 708]
03 baabca90 bf8fd854 00000000 bfa03214 bfa01624 win32k!OpenMultiplePortDevice+0xc9 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 896]
04 baabcac0 bf89191a bf9dd6a0 bf9dab54 00000088 win32k!xxxRegisterForDeviceClassNotifications+0x22e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1027]
05 baabcd1c bf8b21b0 baacc4a0 00000002 baabcd48 win32k!RawInputThread+0x46f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6200]
06 baabcd2c bf806d52 baacc4a0 baabcd58 0088fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
07 baabcd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
08 baabcd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baabcd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
09 0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
0a 0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr Args to Child
00 baabc858 bf8fd4f0 00000000 baabc87c 00000001 win32k!CreateDeviceInfo (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 588]
01 baabca90 bf8fd854 00000000 bfa03214 bfa01624 win32k!OpenMultiplePortDevice+0xc9 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 896]
02 baabcac0 bf89191a bf9dd6a0 bf9dab54 00000088 win32k!xxxRegisterForDeviceClassNotifications+0x22e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1027]
03 baabcd1c bf8b21b0 baacc4a0 00000002 baabcd48 win32k!RawInputThread+0x46f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6200]
04 baabcd2c bf806d52 baacc4a0 baabcd58 0088fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
05 baabcd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
06 baabcd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baabcd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
07 0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
08 0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
0: kd> dv
DeviceType = 0
pustrName = 0xbaabc87c "\Device\PointerClassLegacy1"
bFlags = 0x01 ''
dwCritSecUseSave = 8

0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr Args to Child
00 baabc830 bf8fd1b2 e167fd40 00000001 00000001 win32k!RequestDeviceChange (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 2521]
01 baabc858 bf8fd4f0 00000000 baabc87c 00000001 win32k!CreateDeviceInfo+0x2b3 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 708]
02 baabca90 bf8fd854 00000000 bfa03214 bfa01624 win32k!OpenMultiplePortDevice+0xc9 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 896]
03 baabcac0 bf89191a bf9dd6a0 bf9dab54 00000088 win32k!xxxRegisterForDeviceClassNotifications+0x22e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1027]
04 baabcd1c bf8b21b0 baacc4a0 00000002 baabcd48 win32k!RawInputThread+0x46f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6200]
05 baabcd2c bf806d52 baacc4a0 baabcd58 0088fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
06 baabcd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
07 baabcd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baabcd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
08 0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
09 0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
0: kd> dv
pDeviceInfo = 0xe167fd40
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe167fd40
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe167fd40)
((win32k!tagDEVICEINFO *)0xe167fd40) : 0xe167fd40 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe168f6c8 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\PointerClassLegacy1" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x896950c0 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]

0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((ntkrnlmp!_KEVENT *)0x8974a9e8)
((ntkrnlmp!_KEVENT *)0x8974a9e8) : 0x8974a9e8 [Type: _KEVENT *]
[+0x000] Header [Type: _DISPATCHER_HEADER]
0: kd> dx -id 0,0,ffffffff896a1248 -r1 (*((ntkrnlmp!_DISPATCHER_HEADER *)0x8974a9e8))
(*((ntkrnlmp!_DISPATCHER_HEADER *)0x8974a9e8)) [Type: _DISPATCHER_HEADER]
[+0x000] Type : 0x1 [Type: unsigned char]
[+0x001] Absolute : 0x0 [Type: unsigned char]
[+0x002] Size : 0x4 [Type: unsigned char]
[+0x003] Inserted : 0x0 [Type: unsigned char]
[+0x003] DebugActive : 0x0 [Type: unsigned char]
[+0x000] Lock : 262145 [Type: long]
[+0x004] SignalState : 1 [Type: long]
[+0x008] WaitListHead [Type: _LIST_ENTRY]

0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> dv
DeviceType = 0
pustrName = 0xbaabc87c "\Device\PointerClassLegacy2"
bFlags = 0x01 ''
dwCritSecUseSave = 8
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe167fbe0
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe167fbe0
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe167fbe0)
((win32k!tagDEVICEINFO *)0xe167fbe0) : 0xe167fbe0 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe167fd40 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\PointerClassLegacy2" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x89695928 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]

0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> dv
DeviceType = 0
pustrName = 0xbaabc87c "\Device\PointerClassLegacy3"
bFlags = 0x01 ''
dwCritSecUseSave = 8
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe167fa80
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe167fa80
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe167fa80)
((win32k!tagDEVICEINFO *)0xe167fa80) : 0xe167fa80 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe167fbe0 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\PointerClassLegacy3" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x89699470 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((ntkrnlmp!_KEVENT *)0x8974a9e8)
((ntkrnlmp!_KEVENT *)0x8974a9e8) : 0x8974a9e8 [Type: _KEVENT *]
[+0x000] Header [Type: _DISPATCHER_HEADER]
0: kd> dx -id 0,0,ffffffff896a1248 -r1 (*((ntkrnlmp!_DISPATCHER_HEADER *)0x8974a9e8))
(*((ntkrnlmp!_DISPATCHER_HEADER *)0x8974a9e8)) [Type: _DISPATCHER_HEADER]
[+0x000] Type : 0x1 [Type: unsigned char]
[+0x001] Absolute : 0x0 [Type: unsigned char]
[+0x002] Size : 0x4 [Type: unsigned char]
[+0x003] Inserted : 0x0 [Type: unsigned char]
[+0x003] DebugActive : 0x0 [Type: unsigned char]
[+0x000] Lock : 262145 [Type: long]
[+0x004] SignalState : 1 [Type: long]
[+0x008] WaitListHead [Type: _LIST_ENTRY]

0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe168f4f8
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe168f4f8
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe168f4f8)
((win32k!tagDEVICEINFO *)0xe168f4f8) : 0xe168f4f8 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe167fa80 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\PointerClassLegacy4" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x89919c78 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]

0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> dv
DeviceType = 0
pustrName = 0xbaabc87c "\Device\PointerClassLegacy5"
bFlags = 0x01 ''
dwCritSecUseSave = 8
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe168f398
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe168f398
fHasToLeaveUserCrit = 0x00 ''
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> dv
DeviceType = 0
pustrName = 0xbaabc87c "\Device\PointerClassLegacy6"
bFlags = 0x01 ''
dwCritSecUseSave = 8
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe168f238
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe168f238
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe168f238)
((win32k!tagDEVICEINFO *)0xe168f238) : 0xe168f238 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe168f398 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\PointerClassLegacy6" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x89be0e10 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe168f0d8
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe168f0d8
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe168f0d8)
((win32k!tagDEVICEINFO *)0xe168f0d8) : 0xe168f0d8 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe168f238 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\PointerClassLegacy7" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x89a73e78 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

1: kd> g
Single step exception - code 80000004 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> dv
DeviceType = 0
pustrName = 0xbaabc87c "\Device\PointerClassLegacy8"
bFlags = 0x01 ''
dwCritSecUseSave = 8
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe167f018
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe167f018
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe167f018)
((win32k!tagDEVICEINFO *)0xe167f018) : 0xe167f018 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe168f0d8 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\PointerClassLegacy8" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x89a73e50 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> dv
DeviceType = 0
pustrName = 0xbaabc87c "\Device\PointerClassLegacy9"
bFlags = 0x01 ''
dwCritSecUseSave = 8
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe167f6d0
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe167f6d0
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe167f6d0)
((win32k!tagDEVICEINFO *)0xe167f6d0) : 0xe167f6d0 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe167f018 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\PointerClassLegacy9" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x89a73e28 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!DeviceClassNotify
02 nt!PiNotifyDriverCallback
03 nt!IoRegisterPlugPlayNotification
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
DeviceType = 0
pustrName = 0xbaabca6c "\??\ACPI#VMW0003#4&5289e18&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
bFlags = 0x00 ''
dwCritSecUseSave = 8
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!DeviceClassNotify
03 nt!PiNotifyDriverCallback
04 nt!IoRegisterPlugPlayNotification
05 win32k!xxxRegisterForDeviceClassNotifications
06 win32k!RawInputThread
07 win32k!xxxCreateSystemThreads
08 win32k!NtUserCallOneParam
09 nt!_KiSystemService
0a SharedUserData!SystemCallStub
0b winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe167ceb8
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe167ceb8
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe167ceb8)
((win32k!tagDEVICEINFO *)0xe167ceb8) : 0xe167ceb8 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe167f6d0 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x0 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\??\ACPI#VMW0003#4&5289e18&0#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x89a73e00 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!DeviceClassNotify
04 nt!PiNotifyDriverCallback
05 nt!IoRegisterPlugPlayNotification
06 win32k!xxxRegisterForDeviceClassNotifications
07 win32k!RawInputThread
08 win32k!xxxCreateSystemThreads
09 win32k!NtUserCallOneParam
0a nt!_KiSystemService
0b SharedUserData!SystemCallStub
0c winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

1: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!DeviceClassNotify
02 nt!PiNotifyDriverCallback
03 nt!IoRegisterPlugPlayNotification
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!DeviceClassNotify
03 nt!PiNotifyDriverCallback
04 nt!IoRegisterPlugPlayNotification
05 win32k!xxxRegisterForDeviceClassNotifications
06 win32k!RawInputThread
07 win32k!xxxCreateSystemThreads
08 win32k!NtUserCallOneParam
09 nt!_KiSystemService
0a SharedUserData!SystemCallStub
0b winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe142f638
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe142f638
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe142f638)
((win32k!tagDEVICEINFO *)0xe142f638) : 0xe142f638 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe167ceb8 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x0 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\??\HID#Vid_0e0f&Pid_0003&MI_00#8&28f6544d&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x898ebe10 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!DeviceClassNotify
04 nt!PiNotifyDriverCallback
05 nt!IoRegisterPlugPlayNotification
06 win32k!xxxRegisterForDeviceClassNotifications
07 win32k!RawInputThread
08 win32k!xxxCreateSystemThreads
09 win32k!NtUserCallOneParam
0a nt!_KiSystemService
0b SharedUserData!SystemCallStub
0c winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!DeviceClassNotify
02 nt!PiNotifyDriverCallback
03 nt!IoRegisterPlugPlayNotification
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!DeviceClassNotify
03 nt!PiNotifyDriverCallback
04 nt!IoRegisterPlugPlayNotification
05 win32k!xxxRegisterForDeviceClassNotifications
06 win32k!RawInputThread
07 win32k!xxxCreateSystemThreads
08 win32k!NtUserCallOneParam
09 nt!_KiSystemService
0a SharedUserData!SystemCallStub
0b winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe142b5e0
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe142b5e0
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe142b5e0)
((win32k!tagDEVICEINFO *)0xe142b5e0) : 0xe142b5e0 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe142f638 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x0 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\??\HID#Vid_0e0f&Pid_0003&MI_01#8&51f168b&0&0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x898ebde8 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!DeviceClassNotify
04 nt!PiNotifyDriverCallback
05 nt!IoRegisterPlugPlayNotification
06 win32k!xxxRegisterForDeviceClassNotifications
07 win32k!RawInputThread
08 win32k!xxxCreateSystemThreads
09 win32k!NtUserCallOneParam
0a nt!_KiSystemService
0b SharedUserData!SystemCallStub
0c winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!DeviceClassNotify
02 nt!PiNotifyDriverCallback
03 nt!IoRegisterPlugPlayNotification
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr Args to Child
00 baabc9c0 bf8fd3eb 00000000 baabca6c 00000000 win32k!CreateDeviceInfo (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 588]
01 baabc9e0 80c81dcd baabca44 00000000 00000000 win32k!DeviceClassNotify+0x1f1 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 802]
02 baabca18 80c85464 008fd1fa baabca44 00000000 nt!PiNotifyDriverCallback+0x161 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\io\pnpmgr\notify.c @ 2655]
03 baabca78 bf8fd8b6 00000000 00000001 e1682aa8 nt!IoRegisterPlugPlayNotification+0x61e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\base\ntos\io\pnpmgr\notify.c @ 1982]
04 baabcac0 bf89191a bf9dd6a0 bf9dab54 00000088 win32k!xxxRegisterForDeviceClassNotifications+0x290 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1042]
05 baabcd1c bf8b21b0 baacc4a0 00000002 baabcd48 win32k!RawInputThread+0x46f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6200]
06 baabcd2c bf806d52 baacc4a0 baabcd58 0088fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
07 baabcd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
08 baabcd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baabcd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
09 0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
0a 0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
windbg> .open -a ffffffffbf8fd3eb
0: kd> dv
DeviceType = 0
pustrName = 0xbaabca6c "\??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}"
bFlags = 0x00 ''
dwCritSecUseSave = 8
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!DeviceClassNotify
03 nt!PiNotifyDriverCallback
04 nt!IoRegisterPlugPlayNotification
05 win32k!xxxRegisterForDeviceClassNotifications
06 win32k!RawInputThread
07 win32k!xxxCreateSystemThreads
08 win32k!NtUserCallOneParam
09 nt!_KiSystemService
0a SharedUserData!SystemCallStub
0b winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe167cd58
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe167cd58
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe167cd58)
((win32k!tagDEVICEINFO *)0xe167cd58) : 0xe167cd58 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe142b5e0 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x0 [Type: unsigned char]
[+0x00d] bFlags : 0x0 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\??\Root#RDP_MOU#0000#{378de44c-56ef-11d1-bc8c-00a0c91405dd}" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x898ebdc0 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!DeviceClassNotify
04 nt!PiNotifyDriverCallback
05 nt!IoRegisterPlugPlayNotification
06 win32k!xxxRegisterForDeviceClassNotifications
07 win32k!RawInputThread
08 win32k!xxxCreateSystemThreads
09 win32k!NtUserCallOneParam
0a nt!_KiSystemService
0b SharedUserData!SystemCallStub
0c winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x8974a9e8
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> g
Breakpoint 4 hit
win32k!OpenMultiplePortDevice:
bf8fd427 55 push ebp
0: kd> kc
#
00 win32k!OpenMultiplePortDevice
01 win32k!xxxRegisterForDeviceClassNotifications
02 win32k!RawInputThread
03 win32k!xxxCreateSystemThreads
04 win32k!NtUserCallOneParam
05 nt!_KiSystemService
06 SharedUserData!SystemCallStub
07 winsrv!NtUserCallOneParam
0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe1647f18
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe1647f18
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe1647f18)
((win32k!tagDEVICEINFO *)0xe1647f18) : 0xe1647f18 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe167cd58 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x1 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\KeyboardClassLegacy0" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x898ebd98 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x89bdf258
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> kc
#
00 win32k!CreateDeviceInfo
01 win32k!OpenMultiplePortDevice
02 win32k!xxxRegisterForDeviceClassNotifications
03 win32k!RawInputThread
04 win32k!xxxCreateSystemThreads
05 win32k!NtUserCallOneParam
06 nt!_KiSystemService
07 SharedUserData!SystemCallStub
08 winsrv!NtUserCallOneParam
0: kd> kv
# ChildEBP RetAddr Args to Child
00 baabc858 bf8fd4f0 00000001 baabc87c 00000001 win32k!CreateDeviceInfo (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 588]
01 baabca90 bf8fd854 00000001 bfa03214 bfa01624 win32k!OpenMultiplePortDevice+0xc9 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 896]
02 baabcac0 bf89191a bf9dd6a0 bf9dab54 00000088 win32k!xxxRegisterForDeviceClassNotifications+0x22e (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1027]
03 baabcd1c bf8b21b0 baacc4a0 00000002 baabcd48 win32k!RawInputThread+0x46f (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntinput.c @ 6200]
04 baabcd2c bf806d52 baacc4a0 baabcd58 0088fff4 win32k!xxxCreateSystemThreads+0x92 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 338]
05 baabcd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
06 baabcd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baabcd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
07 0088ffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
08 0088ffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
windbg> .open -a ffffffffbf8fd4f0
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> kc
#
00 win32k!RequestDeviceChange
01 win32k!CreateDeviceInfo
02 win32k!OpenMultiplePortDevice
03 win32k!xxxRegisterForDeviceClassNotifications
04 win32k!RawInputThread
05 win32k!xxxCreateSystemThreads
06 win32k!NtUserCallOneParam
07 nt!_KiSystemService
08 SharedUserData!SystemCallStub
09 winsrv!NtUserCallOneParam
0: kd> dv
pDeviceInfo = 0xe1687c28
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe1687c28
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe1687c28)
((win32k!tagDEVICEINFO *)0xe1687c28) : 0xe1687c28 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe1647f18 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x1 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\KeyboardClassLegacy1" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x898ebd70 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 win32k!RequestDeviceChange
02 win32k!CreateDeviceInfo
03 win32k!OpenMultiplePortDevice
04 win32k!xxxRegisterForDeviceClassNotifications
05 win32k!RawInputThread
06 win32k!xxxCreateSystemThreads
07 win32k!NtUserCallOneParam
08 nt!_KiSystemService
09 SharedUserData!SystemCallStub
0a winsrv!NtUserCallOneParam
0: kd> dv
Event = 0x89bdf258
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''

0: kd> x win32k!apobjects
bfa6ed8c win32k!apObjects = 0x89692618
0: kd> dd 0x89692618
89692618 00000000 89bb0db8 89699498 89bdf258
89692628 00000000 89a2f948 89be0e60 00000000

0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> dv
pDeviceInfo = 0xe1679990
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe1679990
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe1679990)
((win32k!tagDEVICEINFO *)0xe1679990) : 0xe1679990 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe1425c10 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x1 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\KeyboardClassLegacy5" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x898ebcd0 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> dv
pDeviceInfo = 0xe1432750
usAction = 1
fInDeviceInfoListCrit = 0n1
pDevTpl = 0xe1432750
fHasToLeaveUserCrit = 0x00 ''
0: kd> dx -id 0,0,ffffffff896a1248 -r1 ((win32k!tagDEVICEINFO *)0xe1432750)
((win32k!tagDEVICEINFO *)0xe1432750) : 0xe1432750 [Type: tagDEVICEINFO *]
[+0x000] head [Type: _HEAD]
[+0x008] pNext : 0xe1679990 [Type: tagDEVICEINFO *]
[+0x00c] type : 0x1 [Type: unsigned char]
[+0x00d] bFlags : 0x1 [Type: unsigned char]
[+0x00e] usActions : 0x0 [Type: unsigned short]
[+0x010] nRetryRead : 0x0 [Type: unsigned char]
[+0x014] ustrName : "\Device\KeyboardClassLegacy6" [Type: _UNICODE_STRING]
[+0x01c] handle : 0x0 [Type: void *]
[+0x020] NotificationEntry : 0x0 [Type: void *]
[+0x024] pkeHidChangeCompleted : 0x898ebca8 [Type: _KEVENT *]
[+0x028] iosb [Type: _IO_STATUS_BLOCK]
[+0x030] ReadStatus : 0 [Type: long]
[+0x034] OpenerProcess : 0x0 [Type: void *]
[+0x038] OpenStatus : 0 [Type: long]
[+0x03c] AttrStatus : 0 [Type: long]
[+0x040] timeStartRead : 0x0 [Type: unsigned long]
[+0x044] timeEndRead : 0x0 [Type: unsigned long]
[+0x048] nReadsOutstanding : 0 [Type: int]
[+0x04c] mouse [Type: tagMOUSE_DEVICE_INFO]
[+0x04c] keyboard [Type: tagKEYBOARD_DEVICE_INFO]
[+0x04c] hid [Type: tagHID_DEVICE_INFO]
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> g
Breakpoint 5 hit
win32k!CreateDeviceInfo:
bf8fceff 55 push ebp
0: kd> g
Breakpoint 6 hit
win32k!RequestDeviceChange:
bf8fc582 55 push ebp
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> dv
Event = 0x89bdf258
Increment = 0n1
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''
0: kd> g
Breakpoint 4 hit
win32k!OpenMultiplePortDevice:
bf8fd427 55 push ebp
0: kd> kc
#
00 win32k!OpenMultiplePortDevice
01 win32k!xxxRegisterForDeviceClassNotifications
02 win32k!RawInputThread
03 win32k!xxxCreateSystemThreads
04 win32k!NtUserCallOneParam
05 nt!_KiSystemService
06 SharedUserData!SystemCallStub
07 winsrv!NtUserCallOneParam
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 CLASSPNP!ClassSignalCompletion
02 nt!IopfCompleteRequest
03 atapi!IdePortAlwaysStatusSuccessIrp
04 nt!IofCallDriver
05 imapi!ImapiDefaultIrpHandler
06 nt!IofCallDriver
07 CLASSPNP!ClasspCreateClose
08 CLASSPNP!ClassCreateClose
09 nt!IofCallDriver
0a redbook!RedBookSendToNextDriver
0b nt!IofCallDriver
0c nt!IopParseDevice
0d nt!ObpLookupObjectName
0e nt!ObOpenObjectByName
0f nt!IopCreateFile
10 nt!IoCreateFile
11 nt!NtOpenFile
12 nt!_KiSystemService
13 nt!ZwOpenFile
14 nt!IoGetDeviceObjectPointer
15 win32k!DeviceClassCDROMNotify
16 nt!PiNotifyDriverCallback
17 nt!IoRegisterPlugPlayNotification
18 win32k!RegisterCDROMNotify
19 win32k!xxxRegisterForDeviceClassNotifications
1a win32k!RawInputThread
1b win32k!xxxCreateSystemThreads
1c win32k!NtUserCallOneParam
1d nt!_KiSystemService
1e SharedUserData!SystemCallStub
1f winsrv!NtUserCallOneParam
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 nt!IopfCompleteRequest
02 nt!IopInvalidDeviceRequest
03 nt!IofCallDriver
04 redbook!RedBookSendToNextDriver
05 nt!IofCallDriver
06 nt!IopCloseFile
07 nt!ObpDecrementHandleCount
08 nt!ObpCloseHandleTableEntry
09 nt!ObpCloseHandle
0a nt!NtClose
0b nt!_KiSystemService
0c nt!ZwClose
0d nt!IoGetDeviceObjectPointer
0e win32k!DeviceClassCDROMNotify
0f nt!PiNotifyDriverCallback
10 nt!IoRegisterPlugPlayNotification
11 win32k!RegisterCDROMNotify
12 win32k!`string'
13 win32k!RawInputThread
14 win32k!xxxCreateSystemThreads
15 win32k!NtUserCallOneParam
16 nt!_KiSystemService
17 SharedUserData!SystemCallStub
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> kc
#
00 nt!KeSetEvent
01 nt!IopCompleteRequest
02 nt!KiDeliverApc
03 hal!HalpApcInterrupt
04 hal!KfLowerIrql
05 nt!KiExitDispatcher
06 nt!KeInsertQueueApc
07 nt!IopfCompleteRequest
08 atapi!DeviceQueryDeviceRelations
09 atapi!IdePortDispatchPnp
0a nt!IofCallDriver
0b imapi!ImapiPnp
0c nt!IofCallDriver
0d CLASSPNP!ClassDispatchPnp
0e nt!IofCallDriver
0f redbook!RedBookSendToNextDriver
10 redbook!RedBookPnp
11 nt!IofCallDriver
12 nt!IopSynchronousCall
13 nt!IopGetRelatedTargetDevice
14 nt!IoRegisterPlugPlayNotification
15 win32k!DeviceClassCDROMNotify
16 nt!PiNotifyDriverCallback
17 nt!IoRegisterPlugPlayNotification
18 win32k!RegisterCDROMNotify
19 win32k!xxxRegisterForDeviceClassNotifications
1a win32k!RawInputThread
1b win32k!xxxCreateSystemThreads
1c win32k!NtUserCallOneParam
1d nt!_KiSystemService
1e SharedUserData!SystemCallStub
1f winsrv!NtUserCallOneParam
0: kd> g
Breakpoint 8 hit
nt!KeSetEvent:
80a34206 55 push ebp
0: kd> dv
Event = 0x8988da50
Increment = 0n0
Wait = 0x00 ''
OldState = 0n8
OldIrql = 0x89 ''
0: kd> bd 8
0: kd> g
Breakpoint 9 hit
win32k!ProcessDeviceChanges:
bf8fe215 0000 add byte ptr [eax],al
0: kd> kc
#
00 win32k!ProcessDeviceChanges
01 win32k!xxxDesktopThread
02 win32k!xxxCreateSystemThreads
03 win32k!NtUserCallOneParam
04 nt!_KiSystemService
05 SharedUserData!SystemCallStub
06 winsrv!NtUserCallOneParam
0: kd> dv
DeviceType = 2
nMice = 0xbf9cbe30
nMaxButtons = 0xbaa7c9dc
usOriginalActions = 0xeb6c
nChanges = 0n-1080139064
nWheels = 0xbf9ec3b8
nKeyboards = 0n-1
fKeyboardIdSet = 0xff ''
nHid = 0n-1080246736
dwCritSecUseSave = 0
dwDeviceInfoListCritSecUseSave = 0xbf9ec3b8

0: kd> kv
# ChildEBP RetAddr Args to Child
00 baa7ca04 bf8b123e 00000002 8969a168 bf8fe215 win32k!ProcessDeviceChanges (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\pnp.c @ 1973]
01 baa7cd1c bf8b21ba bfa70aa0 00000001 baa7cd48 win32k!xxxDesktopThread+0x437 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 594]
02 baa7cd2c bf806d52 bfa70aa0 baa7cd58 008cfff4 win32k!xxxCreateSystemThreads+0x9c (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\desktop.c @ 347]
03 baa7cd48 80afbcb2 00000000 00000022 80afb956 win32k!NtUserCallOneParam+0xa0 (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\ntuser\kernel\ntstubs.c @ 4789]
04 baa7cd48 7ffe0304 00000000 00000022 80afb956 nt!_KiSystemService+0x13f (FPO: [0,3] TrapFrame @ baa7cd64) (CONV: cdecl) [d:\srv03rtm\base\ntos\ke\i386\trap.asm @ 1328]
05 008cffe0 75340774 75318a89 00000000 00000022 SharedUserData!SystemCallStub+0x4 (FPO: [0,0,0])
06 008cffe8 00000000 00000022 00000004 00000000 winsrv!NtUserCallOneParam+0xc (FPO: [Non-Fpo]) (CONV: stdcall) [d:\srv03rtm\windows\core\umode\daytona\obj\i386\usrstubs.c @ 2683]
windbg> .open -a ffffffffbf8b123e

} else if (Status == ID_HIDCHANGE) {
TAGMSG0(DBGTAG_PNP | RIP_THERESMORE, "RIT wakes for HID Change");
EnterCrit();
ProcessDeviceChanges(DEVICE_TYPE_KEYBOARD);
LeaveCrit();
}
#ifdef GENERIC_INPUT
else if (Status == ID_TRUEHIDCHANGE) {
TAGMSG0(DBGTAG_PNP | RIP_THERESMORE, "RIT wakes for True HID Change");
EnterCrit();
ProcessDeviceChanges(DEVICE_TYPE_HID);
LeaveCrit();
}
#endif

VOID ProcessDeviceChanges(
DWORD DeviceType)
{

D:\srv03rtm\windows>grep "ID_HIDCHANGE" -nr D:\srv03rtm\windows\core\ntuser |grep -v "inary"|grep "define"
D:\srv03rtm\windows\core\ntuser/kernel/ntinput.c:112:#define ID_HIDCHANGE 3

#define ID_INPUT 0
#define ID_MOUSE 1

#define ID_TIMER 2
#define ID_HIDCHANGE 3
#define ID_SHUTDOWN 4

0: kd> r
eax=00000005 ebx=00000000 ecx=80ae2d98 edx=bfa6fd2c esi=e168aea8 edi=00000000
eip=bf8fe215 esp=baa7c9d4 ebp=baa7ca04 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
win32k!ProcessDeviceChanges:
bf8fe215 0000 add byte ptr [eax],al ds:0023:00000005=ff
0: kd> dd baa7c9d4
baa7c9d4 bf8a46ce 00000000 bf9ec3b8 bfa70aa0

版权声明: 本文来自互联网用户投稿，该文观点仅代表作者本人，不代表本站立场。本站仅提供信息存储空间服务，不拥有所有权，不承担相关法律责任。如若内容造成侵权/违法违规/事实不符，请联系邮箱：809451989@qq.com进行投诉反馈，一经查实，立即删除！

网站建设 2025/12/15 22:22:41

9个开题报告神器，AI工具推荐让论文更高效！

9个开题报告神器，AI工具推荐让论文更高效！ 论文路上的“三座大山”：时间、重复率与效率对于大多数本科生而言，撰写开题报告和毕业论文是一段既紧张又充满挑战的旅程。从选题到资料搜集，从文献综述到框架搭建&#xff…

作者头像

李华

网站建设 2025/12/15 22:22:27

【ros2】告别重复代码：Xacro让URDF编写效率翻倍

文章目录告别重复代码：Xacro让URDF编写效率翻倍一、Xacro到底解决了什么问题？二、Xacro基础语法：先掌握这5个核心 1. 第一步：声明Xacro命名空间（必写！） 2. 变量定义与引用：`<xacro:property>` （1）定义变量（2）引用变量 3. 数学计算：直接在`${}`中写公式 …

作者头像

李华

网站建设 2025/12/15 22:21:54

8 个论文写作工具，本科生期末论文轻松搞定！

8 个论文写作工具，本科生期末论文轻松搞定！ 论文路上的“拦路虎”，你是否也经历过？ 对于大多数本科生来说，期末论文写作从来不是一件轻松的事。从选题到查资料，从写大纲到撰写正文，每一个环节都…

作者头像

李华

网站建设 2025/12/17 10:14:54

网络安全怎么快速入门，新手也能少走半年弯路！

后台总收到私信：“学网安该先看 Linux 还是先学 Burp？”“找了一堆教程，越学越乱怎么办？”—— 其实不是你学得慢，是没找对循序渐进的路径。很多人一上来就跟风学工具、刷漏洞，结果基础不牢，后期…

作者头像

李华

网站建设 2025/12/20 3:02:03

28 岁程序员的婚恋焦虑：无车无房、小公司没奔头，该不该果断转行？

大家好，这里是千寻，又来分享程序员的职场故事了~ 今天分享的这位朋友叫小青，我认识他2年多了。以前从事的是土木行业，2年前找我咨询转行程序员的学习路线和职业规划后，通过自学加入了一家创业公司，成为了一…

作者头像

李华

网站建设 2025/12/15 22:20:39

LeetCode hot 100 —— 哈希（面试纯背版）（一）

一、哈希 1、俩数之和给定一个整数数组 nums 和一个整数目标值 target，请你在该数组中找出和为目标值 target 的那两个整数，并返回它们的数组下标。你可以假设每种输入只会对应一个答案，并且你不能使用两次相同的元素。你可以按任意顺序返回答案。示例 1：输…

作者头像

李华