21,595
社区成员
发帖
与我相关
我的任务
分享WDF pcie 驱动开发问题 重启蓝屏问题
基于WDF编写的驱动程序,在server12 安装后能够正常使用,但是重启电脑后,使用DMA传输数据时发生电脑蓝屏,求解 winbg 分析dump 文件如下:
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\mahc\Desktop\dump\111617-13437-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 9200 MP (16 procs) Free x64
Product: Server, suite: TerminalServer DataCenter SingleUserTS
Built by: 9200.16384.amd64fre.win8_rtm.120725-1247
Machine Name:
Kernel base = 0xfffff803`78401000 PsLoadedModuleList = 0xfffff803`786cba60
Debug session time: Thu Nov 16 14:06:51.114 2017 (UTC + 8:00)
System Uptime: 0 days 0:04:10.841
Loading Kernel Symbols
...............................................................
................................................................
.....
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {44, 2, 0, fffff88001027752}
Probably caused by : Wdf01000.sys ( Wdf01000!imp_WdfRequestIsCanceled+116 )
Followup: MachineOwner
---------
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000044, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff88001027752, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80378757168
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
0000000000000044
CURRENT_IRQL: 2
FAULTING_IP:
Wdf01000!imp_WdfRequestIsCanceled+116
fffff880`01027752 40387844 cmp byte ptr [rax+44h],dil
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: fffff88002e6a720 -- (.trap 0xfffff88002e6a720)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800975a880
rdx=0000057ff91d7868 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001027752 rsp=fffff88002e6a8b0 rbp=0000057ff91d7868
r8=fffff88006acb080 r9=0000000000000001 r10=0000000000000000
r11=fffff88002e6a938 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
Wdf01000!imp_WdfRequestIsCanceled+0x116:
fffff880`01027752 40387844 cmp byte ptr [rax+44h],dil ds:00000000`00000044=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8037847b369 to fffff8037847c040
STACK_TEXT:
fffff880`02e6a5d8 fffff803`7847b369 : 00000000`0000000a 00000000`00000044 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`02e6a5e0 fffff803`78479be0 : 00000000`00000000 fffffa80`06e28790 fffffa80`06e1a100 fffff880`02e6a720 : nt!KiBugCheckDispatch+0x69
fffff880`02e6a720 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
Wdf01000!imp_WdfRequestIsCanceled+116
fffff880`01027752 40387844 cmp byte ptr [rax+44h],dil
SYMBOL_NAME: Wdf01000!imp_WdfRequestIsCanceled+116
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Wdf01000
IMAGE_NAME: Wdf01000.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5010aa89
FAILURE_BUCKET_ID: X64_0xD1_Wdf01000!imp_WdfRequestIsCanceled+116
BUCKET_ID: X64_0xD1_Wdf01000!imp_WdfRequestIsCanceled+116
Followup: MachineOwner
Microsoft (R) Windows Debugger Version 6.12.0002.633 AMD64
Copyright (c) Microsoft Corporation. All rights reserved.
Loading Dump File [C:\Users\mahc\Desktop\dump\111617-13437-01.dmp]
Mini Kernel Dump File: Only registers and stack trace are available
Symbol search path is: SRV*C:\Symbols*http://msdl.microsoft.com/download/symbols
Executable search path is:
Windows 7 Kernel Version 9200 MP (16 procs) Free x64
Product: Server, suite: TerminalServer DataCenter SingleUserTS
Built by: 9200.16384.amd64fre.win8_rtm.120725-1247
Machine Name:
Kernel base = 0xfffff803`78401000 PsLoadedModuleList = 0xfffff803`786cba60
Debug session time: Thu Nov 16 14:06:51.114 2017 (UTC + 8:00)
System Uptime: 0 days 0:04:10.841
Loading Kernel Symbols
...............................................................
................................................................
.....
Loading User Symbols
Loading unloaded module list
.......
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
Use !analyze -v to get detailed debugging information.
BugCheck D1, {44, 2, 0, fffff88001027752}
Probably caused by : Wdf01000.sys ( Wdf01000!imp_WdfRequestIsCanceled+116 )
Followup: MachineOwner
---------
6: kd> !analyze -v
*******************************************************************************
* *
* Bugcheck Analysis *
* *
*******************************************************************************
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
An attempt was made to access a pageable (or completely invalid) address at an
interrupt request level (IRQL) that is too high. This is usually
caused by drivers using improper addresses.
If kernel debugger is available get stack backtrace.
Arguments:
Arg1: 0000000000000044, memory referenced
Arg2: 0000000000000002, IRQL
Arg3: 0000000000000000, value 0 = read operation, 1 = write operation
Arg4: fffff88001027752, address which referenced memory
Debugging Details:
------------------
READ_ADDRESS: GetPointerFromAddress: unable to read from fffff80378757168
unable to get nt!MmPoolCodeStart
unable to get nt!MmPoolCodeEnd
0000000000000044
CURRENT_IRQL: 2
FAULTING_IP:
Wdf01000!imp_WdfRequestIsCanceled+116
fffff880`01027752 40387844 cmp byte ptr [rax+44h],dil
CUSTOMER_CRASH_COUNT: 1
DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP
BUGCHECK_STR: 0xD1
PROCESS_NAME: System
TRAP_FRAME: fffff88002e6a720 -- (.trap 0xfffff88002e6a720)
NOTE: The trap frame does not contain all registers.
Some register values may be zeroed or incorrect.
rax=0000000000000000 rbx=0000000000000000 rcx=fffffa800975a880
rdx=0000057ff91d7868 rsi=0000000000000000 rdi=0000000000000000
rip=fffff88001027752 rsp=fffff88002e6a8b0 rbp=0000057ff91d7868
r8=fffff88006acb080 r9=0000000000000001 r10=0000000000000000
r11=fffff88002e6a938 r12=0000000000000000 r13=0000000000000000
r14=0000000000000000 r15=0000000000000000
iopl=0 nv up ei pl zr na po nc
Wdf01000!imp_WdfRequestIsCanceled+0x116:
fffff880`01027752 40387844 cmp byte ptr [rax+44h],dil ds:00000000`00000044=??
Resetting default scope
LAST_CONTROL_TRANSFER: from fffff8037847b369 to fffff8037847c040
STACK_TEXT:
fffff880`02e6a5d8 fffff803`7847b369 : 00000000`0000000a 00000000`00000044 00000000`00000002 00000000`00000000 : nt!KeBugCheckEx
fffff880`02e6a5e0 fffff803`78479be0 : 00000000`00000000 fffffa80`06e28790 fffffa80`06e1a100 fffff880`02e6a720 : nt!KiBugCheckDispatch+0x69
fffff880`02e6a720 00000000`00000000 : 00000000`00000000 00000000`00000000 00000000`00000000 00000000`00000000 : nt!KiPageFault+0x260
STACK_COMMAND: .bugcheck ; kb
FOLLOWUP_IP:
Wdf01000!imp_WdfRequestIsCanceled+116
fffff880`01027752 40387844 cmp byte ptr [rax+44h],dil
SYMBOL_NAME: Wdf01000!imp_WdfRequestIsCanceled+116
FOLLOWUP_NAME: MachineOwner
MODULE_NAME: Wdf01000
IMAGE_NAME: Wdf01000.sys
DEBUG_FLR_IMAGE_TIMESTAMP: 5010aa89
FAILURE_BUCKET_ID: X64_0xD1_Wdf01000!imp_WdfRequestIsCanceled+116
BUCKET_ID: X64_0xD1_Wdf01000!imp_WdfRequestIsCanceled+116
Followup: MachineOwner
...全文
请发表友善的回复…
发表回复
curious_cat 2017-11-27
- 打赏
- 举报
看贴出的代码也是头大,简而言之:
开发windows驱动程序,需要有个IRQL的概念,驱动中常见的PASSIVE_LEVEL,APC_LEVEL,DISPATCH_LEVEL,DIRQL;
在内核层可以调用的API都有IRQL的限制:在哪个IRQL级别可以调用,那个IRQL级别不可以调用。
调用的API不符合要求,就会出现IRQL错误(DRIVER_IRQL_NOT_LESS_OR_EQUAL).
解决办法:参考WDK里面的DMA例子(PLX9x5x,amcc5933),对照MSDN文档好好检查下代码。
VisualC8 2017-11-27
- 打赏
- 举报
IRQL问题,
代码懒得看,100%是在DPC级乱用passive的api了
大家好我是新来的 2017-11-24
- 打赏
- 举报
就算和IRQL没关系 但是需要注意的是
fffff880`01027752 40387844 cmp byte ptr [rax+44h],dil
已知 rax == 0
[0+0x44] 是向0x44内存地址取值 这个能取到吗?所以你得找出来 是怎么回事引起的导致向0x44这个内存地址取值~
qingyanxulai99 2017-11-24
- 打赏
- 举报
问题关键在于驱动安装完毕如果不重新启动一切正常,若重启电脑,就会出现上述问题,感觉和驱动优先级别没有关系。
大家好我是新来的 2017-11-23
- 打赏
- 举报
这个是常见的蓝屏错误码之一!
原因是因为 IRQL级别所导致的问题
#define PASSIVE_LEVEL 0
#define LOW_LEVEL 0
#define APC_LEVEL 1
#define DISPATCH_LEVEL 2
#define PROFILE_LEVEL 27
#define CLOCK1_LEVEL 28
#define CLOCK2_LEVEL 28
#define IPI_LEVEL 29
#define POWER_LEVEL 30
#define HIGH_LEVEL 31
Arg2: 0000000000000002, IRQL
另外你看看 死到那个汇编指令了
fffff880`01027752 40387844 cmp byte ptr [rax+44h],dil
已知 rax == 0
[0+0x44] 是向0x44内存地址取值 这个也很奇怪
所以
第一 检查 IRQL级别
第二 想想imp_WdfRequestIsCanceled 你是如何传递参数的
第三 源码调试WDF框架源码 看看
大家好我是新来的 2017-11-23
- 打赏
- 举报
贴代码是看不出任何问题的,就我说的这几点
1.IRQL判断该如何如何
2.下载WDF源码后,配置windbg 然后跟进源码去调试!
问题都是自己发现出来的,就这样 需要记住的是 在IRQL等于大于DISPATCH_LEVEL时
对于内存中的数据是不能够使用分页内存的!必须申请内存的时候标记为非分页内存。
qingyanxulai99 2017-11-23
- 打赏
- 举报
VOID EvtIoWrite(IN WDFQUEUE Queue,
IN WDFREQUEST Request,
IN size_t Length)
{
NTSTATUS status = STATUS_SUCCESS;
PMDL mdl = NULL;
ULONG ulLength = 0;
ULONG ulBlockNum = 0;
KdPrint(("EvtIoWrite,the length of data is 0x%x\n", Length));
status = WdfRequestRetrieveInputWdmMdl(Request, &mdl);
if (!NT_SUCCESS(status))
{
KdPrint(("WdfRequestRetrieveInputWdmMdl failed: %d", status));
WdfRequestCompleteWithInformation(Request, STATUS_UNSUCCESSFUL, 0);
}
m_pWriteBuffer = MmGetMdlVirtualAddress(mdl);
ulLength = MmGetMdlByteCount(mdl);
KdPrint(("Writefile start address is 0x%p", (ULONG *)m_pWriteBuffer));
if (ulLength > 0x04000000)
{
WdfRequestCompleteWithInformation(Request, STATUS_INVALID_BUFFER_SIZE, 0);
}
if (ulLength == 0)
{
WdfRequestCompleteWithInformation(Request, STATUS_SUCCESS, 0);
}
WdfRequestMarkCancelable(Request,
EvtRequestCancel
);
WdfTimerStart(
timerHandle,
WDF_REL_TIMEOUT_IN_SEC(5)
);
WRITE_REGISTER_ULONG((PULONG)(m_pPortBase + MCBSEL), m_uMcbaddr);
m_hCurrentRequest = Request;/
m_ulWriteTotalBytes = ulLength;
ulBlockNum = ulLength / DMA_TRANSFER_SIZE;
if (ulLength%DMA_TRANSFER_SIZE)
ulBlockNum++;
m_ulDmaTransferNum = ulBlockNum;
m_ulLastUsefulBytes = ulLength%DMA_TRANSFER_SIZE;
if (m_ulLastUsefulBytes == 0)
m_ulLastUsefulBytes = DMA_TRANSFER_SIZE;
m_ulDmaCount = 0;
if (m_ulDmaTransferNum > 1)
{
RtlCopyMemory(
m_pVirtualAddress,
m_pWriteBuffer,
DMA_TRANSFER_SIZE);
m_pWriteBuffer = (PVOID)((char*)m_pWriteBuffer + DMA_TRANSFER_SIZE);
StartupDMA(0x00000000, DMA_TRANSFER_SIZE);
WdfSpinLockAcquire(SpinLock);
CopyMemory(m_pVirtualAddress2);
WdfSpinLockRelease(SpinLock);
}
else
{
RtlCopyMemory(
m_pVirtualAddress,
m_pWriteBuffer,
m_ulLastUsefulBytes);
StartupDMA(0x00000000, m_ulLastUsefulBytes);
}
}
VOID EvtIoDeviceControl(IN WDFQUEUE Queue,
IN WDFREQUEST Request,
IN size_t OutputBufferLength,
IN size_t InputBufferLength,
IN ULONG IoControlCode)
{
//
case IOCTL_PCIE_RESET:
Serial_IOCTL_PCIE_RESET_Handler(Request);
break;
case IOCTL_PCIE_WRITE_SERIAL:
Serial_IOCTL_PCIE_WRITE_SERIAL_Handler(Request);
break;
case IOCTL_PCIE_READ_SERIAL:
Serial_IOCTL_PCIE_READ_SERIAL_Handler(Request);
break;
case IOCTL_PCIE_SET_EVENT:
Serial_IOCTL_PCIE_SET_EVENT_Handler(Request);
break;
default:
status = STATUS_INVALID_DEVICE_REQUEST;
break;
}
BOOLEAN EvtInterruptIsr(IN WDFINTERRUPT Interrupt,
IN ULONG MessageID)
{
ULONG irqStatus = 0x00000000;
irqStatus = READ_REGISTER_ULONG((PULONG)(m_pPortBase + INTSTA));
KdPrint(("Entering Isr_Irq.\n")); //KdPrint(("IrqStatus = %d" ,Irqstatus));
WRITE_REGISTER_ULONG((PULONG)(m_pPortBase + CMDLENGTH), 0);
if (irqStatus & 0x00000003)
{
if (irqStatus & 0x00000002)
{
KdPrint(("Entering Isr_Irq for CMD.\n"));
WRITE_REGISTER_ULONG((PULONG)(m_pPortBase + CMDINTCTL), 0x00000000);
m_bIfDoorbellInt = TRUE;
}
else
{
KdPrint(("Entering :Isr_Irq for DMA.\n"));
WRITE_REGISTER_ULONG((PULONG)(m_pPortBase + DMASTATUS), 0x00000000);
WRITE_REGISTER_ULONG((PULONG)(m_pPortBase + DMACTL), 0x00000000);
m_bIfDmaInt = TRUE;
}
WdfInterruptQueueDpcForIsr(Interrupt);
return TRUE;
}
return FALSE;
}
VOID EvtInterruptDpc(IN WDFINTERRUPT Interrupt,
IN WDFOBJECT AssociatedObject)
{
WDFREQUEST request = m_hCurrentRequest;
NTSTATUS status = STATUS_SUCCESS;
UNREFERENCED_PARAMETER(Interrupt);
KdPrint(("Entering InterruptDpc.\n"));
if (m_bIfDoorbellInt)
{
m_bIfDoorbellInt = FALSE;
KeSetEvent(m_pReportEvent, IO_NO_INCREMENT, FALSE);
return;
}
else if (m_bIfDmaInt)
{
m_ulDmaCount++;
m_bIfDmaInt = FALSE;
if (m_ulDmaCount < (m_ulDmaTransferNum - 1))
{
m_pWriteBuffer = (PVOID)((char*)m_pWriteBuffer + DMA_TRANSFER_SIZE);
if (m_ulDmaCount % 2 == 0)
{
WdfSpinLockAcquire(SpinLock);
StartupDMA(0x00000000, DMA_TRANSFER_SIZE);
CopyMemory(m_pVirtualAddress2);
WdfSpinLockRelease(SpinLock);
}
else
{
WdfSpinLockAcquire(SpinLock);
StartupDMA(0x00100000, DMA_TRANSFER_SIZE);
CopyMemory(m_pVirtualAddress);
WdfSpinLockRelease(SpinLock);
}
}
else if (m_ulDmaCount == (m_ulDmaTransferNum - 1))
{
if (m_ulDmaCount % 2 == 0)
{
WdfSpinLockAcquire(SpinLock);
StartupDMA(0x00000000, m_ulLastUsefulBytes);
WdfSpinLockRelease(SpinLock);
}
else
{
WdfSpinLockAcquire(SpinLock);
StartupDMA(0x00100000, m_ulLastUsefulBytes);
WdfSpinLockRelease(SpinLock);
}
}
else
{
WdfRequestUnmarkCancelable(request);
WdfTimerStop(
timerHandle,
FALSE
);
if (WdfRequestIsCanceled(request))
{
WdfRequestComplete(request, STATUS_CANCELLED);
return;
}
KdPrint((" The WriteTotalBytes is:0x%x",m_ulWriteTotalBytes ));
WdfRequestCompleteWithInformation(request, STATUS_SUCCESS, m_ulWriteTotalBytes);
}
}
else
{
if (WdfRequestIsCanceled(request))
{
WdfRequestComplete(request, STATUS_CANCELLED);
return;
}
WdfRequestCompleteWithInformation(request, STATUS_CANCELLED, 0);
}
}
VOID EvtTimerFunc(IN WDFTIMER Timer)
{
WDFREQUEST request = m_hCurrentRequest;
NTSTATUS status = WdfRequestUnmarkCancelable(request);
if (!NT_SUCCESS(status))
{
KdPrint(("WdfRequestUnmarkCancelable is failed!"));
return;
}
KdPrint(("Ktimer is OK"));
WdfRequestCompleteWithInformation(request, STATUS_CANCELLED, 0);
}
VOID EvtRequestCancel(IN WDFREQUEST Request)
{
KdPrint(("Cancel IO!"));
}
BOOLEAN CopyMemory(IN PVOID pVirtualAddress)
{
if (m_ulDmaCount == (m_ulDmaTransferNum - 2))
{
RtlCopyMemory(
pVirtualAddress,
m_pWriteBuffer,
m_ulLastUsefulBytes);
}
else
{
RtlCopyMemory(
pVirtualAddress,
m_pWriteBuffer,
DMA_TRANSFER_SIZE);
}
return TRUE;
}
void StartupDMA(IN ULONG ulBaseAddress, IN ULONG ulLength)
{
//DMA PCI Address
WRITE_REGISTER_ULONG((PULONG)(m_pPortBase + DMARDADS), ulBaseAddress);
//DMA Local Address
WRITE_REGISTER_ULONG((PULONG)(m_pPortBase + DMAWRADS), 0x80000000);
//DMA Transfer Size(Bytes)
WRITE_REGISTER_ULONG((PULONG)(m_pPortBase + DMALENGTH), ulLength);
//DMA Control
WRITE_REGISTER_ULONG((PULONG)(m_pPortBase + DMACTL), 0x00000038);
KdPrint((" StartupDMA.\n"));
}
VOID InitialParam()
{
m_pPortBase = NULL;
m_ulPortCount = 0;
m_pReportEvent = NULL;
m_ulPhysicalAddress = 0;
m_ulPhysicalAddressHigh = 0;
m_pVirtualAddress = NULL;
m_ulPhysicalAddress2 = 0;
m_ulPhysicalAddressHigh2 = 0;
m_pVirtualAddress2 = NULL;
m_bIfDmaInt = FALSE;
m_bIfDoorbellInt = FALSE;
m_uMcbaddr = 0;
m_ulWriteTotalBytes = 0;
//m_ulWriteRemainBytes = 0;
m_ulLastUsefulBytes = 0;
m_ulDmaTransferNum = 0;
m_ulDmaCount = 0;
//m_ulTransferSize = 0;
m_pWriteBuffer = NULL;
m_pReportEvent = NULL;
m_hCurrentRequest = NULL;
}
VOID AlignAddress(IN PVOID pVirtualAddress,
IN PHYSICAL_ADDRESS ullPhysicalAddress)
{
unsigned long long ullVirtualAddresstemp = 0;
m_ulPhysicalAddress = (ullPhysicalAddress.LowPart + 0x100000) & 0xFFF00000;
if ((ullPhysicalAddress.LowPart + 0x100000) > ullPhysicalAddress.LowPart)
{
m_ulPhysicalAddressHigh = ullPhysicalAddress.HighPart;
}
else
{
m_ulPhysicalAddressHigh = ullPhysicalAddress.HighPart + 1;
}
m_ulPhysicalAddress2 = m_ulPhysicalAddress + 0x100000;
if ((m_ulPhysicalAddress + 0x100000) > m_ulPhysicalAddress)
{
m_ulPhysicalAddressHigh = m_ulPhysicalAddressHigh;
}
else
{
m_ulPhysicalAddressHigh = m_ulPhysicalAddressHigh + 1;
}
if (m_ulPhysicalAddress > ullPhysicalAddress.LowPart)
{
ullVirtualAddresstemp = m_ulPhysicalAddress - ullPhysicalAddress.LowPart + (unsigned long long)pVirtualAddress;
}
else
{
ullVirtualAddresstemp = 0xFFFFFFFF - ullPhysicalAddress.LowPart + m_ulPhysicalAddress + 0x00000001 + (unsigned long long)pVirtualAddress;
}
m_pVirtualAddress = (PVOID)(ullVirtualAddresstemp);
m_pVirtualAddress2 = (PVOID)((unsigned long long)m_pVirtualAddress + 0x100000);
KdPrint(("DMACommonBuffer physical high address is 0x%lx", ullPhysicalAddress.HighPart));
KdPrint(("DMACommonBuffer physical address is 0x%lx", ullPhysicalAddress.LowPart));
KdPrint((" DMACommonBuffer Virtual address is 0x%lx", pVirtualAddress));
KdPrint(("DMACommonBuffer physical address after Initialize is 0x%x", m_ulPhysicalAddress));
KdPrint((" DMACommonBuffer Virtual address after Initialize is 0x%llu", m_pVirtualAddress));
KdPrint(("DMACommonBuffer2 physical address after Initialize is 0x%x", m_ulPhysicalAddress2));
KdPrint((" DMACommonBuffer2 Virtual address after Initialize is 0x%x", m_pVirtualAddress2));
}
qingyanxulai99 2017-11-23
- 打赏
- 举报
NTSTATUS DriverEntry(IN PDRIVER_OBJECT pDriverObject,
IN PUNICODE_STRING pRegistryPath)
{
NTSTATUS status = STATUS_SUCCESS;
WDF_DRIVER_CONFIG config;
KdPrint(("PCIEX4 Driver – "
"Driver Framework Edition.\n"));
KdPrint(("Built %s %s\n", __DATE__, __TIME__));
WDF_DRIVER_CONFIG_INIT(
&config,
AddDevice
);
//
//
status = WdfDriverCreate(
pDriverObject,
pRegistryPath,
WDF_NO_OBJECT_ATTRIBUTES,
&config,
WDF_NO_HANDLE
);
if (!NT_SUCCESS(status)) {
KdPrint(("WdfDriverCreate failed with "
"status 0x%x\n", status));
}
return status;
}
NTSTATUS AddDevice(IN WDFDRIVER Driver,
IN PWDFDEVICE_INIT DeviceInit)
{
NTSTATUS status = STATUS_SUCCESS;
WDF_PNPPOWER_EVENT_CALLBACKS pnpPowerCallbacks;
WDF_IO_QUEUE_CONFIG queueConfig;
WDF_OBJECT_ATTRIBUTES fdoAttributes;
WDFDEVICE hDevice;
WDFQUEUE queue;
UNICODE_STRING DeviceName;
WDF_FILEOBJECT_CONFIG FileEventCallbacks;
WDF_INTERRUPT_CONFIG interruptConfig;
WDFINTERRUPT WdfInterrupt;
WDF_DMA_ENABLER_CONFIG dmaConfig;
WDFDMAENABLER dmaEnabler;
WDF_OBJECT_ATTRIBUTES timerAttributes;
WDF_TIMER_CONFIG timerConfig;
PVOID pVirtualAddress = NULL;
PHYSICAL_ADDRESS ullPhysicalAddress;
ullPhysicalAddress.LowPart = 0;
ullPhysicalAddress.HighPart = 0;
UNREFERENCED_PARAMETER(Driver);
PAGED_CODE();
KdPrint(("EvtDeviceAdd called\n"));
//
//
WDF_PNPPOWER_EVENT_CALLBACKS_INIT(&pnpPowerCallbacks);
//
//
pnpPowerCallbacks.EvtDevicePrepareHardware = OnStartDevice;
pnpPowerCallbacks.EvtDeviceReleaseHardware = OnStopDevice;
//
pnpPowerCallbacks.EvtDeviceD0Entry = OnDevicePowerUp;
pnpPowerCallbacks.EvtDeviceD0Exit = OnDeviceSleep;
//
//
WdfDeviceInitSetPnpPowerEventCallbacks(DeviceInit, &pnpPowerCallbacks);
//
WDF_OBJECT_ATTRIBUTES_INIT(&fdoAttributes);
WDF_FILEOBJECT_CONFIG_INIT(
&FileEventCallbacks,
EvtFileCreate,
EvtFileClose,
EvtFileCleanup
);
WdfDeviceInitSetFileObjectConfig(
DeviceInit,
&FileEventCallbacks,
&fdoAttributes
);
//
status = WdfDeviceCreate(
&DeviceInit,
&fdoAttributes,
&hDevice);
if (!NT_SUCCESS(status)) {
KdPrint(("WdfDeviceCreate failed with status code"
" 0x%x\n", status));
return status;
}
//
RtlInitUnicodeString(
&DeviceName,
L"\\??\\PCI9054Device0"
);
status = WdfDeviceCreateSymbolicLink(
hDevice,
&DeviceName
);
if (!NT_SUCCESS(status)) {
KdPrint(("WdfDeviceCreateDeviceInterface failed"
"0x%x\n", status));
return status;
}
//
//
WDF_IO_QUEUE_CONFIG_INIT_DEFAULT_QUEUE(&queueConfig,
WdfIoQueueDispatchSequential);
queueConfig.EvtIoWrite = EvtIoWrite;
queueConfig.EvtIoDeviceControl = EvtIoDeviceControl;
status = WdfIoQueueCreate(
hDevice,
&queueConfig,
WDF_NO_OBJECT_ATTRIBUTES,
NULL
);
if (!NT_SUCCESS(status)) {
KdPrint(("WdfIoQueueCreate failed %d\n", status));
return status;
}
//
//
WDF_INTERRUPT_CONFIG_INIT(
&interruptConfig,
EvtInterruptIsr,
EvtInterruptDpc);
status = WdfInterruptCreate(
hDevice,
&interruptConfig,
WDF_NO_OBJECT_ATTRIBUTES,
&WdfInterrupt);
if (!NT_SUCCESS(status))
{
return status;
}
//
//
WDF_DMA_ENABLER_CONFIG_INIT(
&dmaConfig,
WdfDmaProfilePacket,
65536);
status = WdfDmaEnablerCreate(
hDevice,
&dmaConfig,
WDF_NO_OBJECT_ATTRIBUTES,
&dmaEnabler);
if (!NT_SUCCESS(status))
{
KdPrint(("WdfDmaEnablerCreate failed %d", status));
return status;
}
status = WdfCommonBufferCreate(
dmaEnabler,
COMMON_BUFFER_SIZE,
WDF_NO_OBJECT_ATTRIBUTES,
&WriteCommonBuffer);
if (!NT_SUCCESS(status))
{
KdPrint(("WdfCommonBufferCreate (write) failed: %d", status));
return status;
}
pVirtualAddress =
WdfCommonBufferGetAlignedVirtualAddress(WriteCommonBuffer);
ullPhysicalAddress =
WdfCommonBufferGetAlignedLogicalAddress(WriteCommonBuffer);
KdPrint(("DMACommonBuffer Virtual address is 0x%lx", pVirtualAddress));
KdPrint((" DMACommonBuffer Physical address is 0x%lx", ullPhysicalAddress));
RtlZeroMemory(
pVirtualAddress,
COMMON_BUFFER_SIZE);
InitialParam();
AlignAddress(pVirtualAddress, ullPhysicalAddress);
WDF_TIMER_CONFIG_INIT(
&timerConfig,
EvtTimerFunc);
WDF_OBJECT_ATTRIBUTES_INIT(&timerAttributes);
timerAttributes.ParentObject = hDevice;
status = WdfTimerCreate(
&timerConfig,
&timerAttributes,
&timerHandle
);
if (!NT_SUCCESS(status))
{
KdPrint(("WdfTimerCreate failed,status is %d", status));
return status;
}
status = WdfSpinLockCreate(
&fdoAttributes,
&SpinLock
);
if (!NT_SUCCESS(status))
{
KdPrint(("WdfSpinLockCreate failed,status is %d", status));
return status;
}
return status;
}
NTSTATUS OnStartDevice(IN WDFDEVICE Device,
IN WDFCMRESLIST Resources,
IN WDFCMRESLIST ResourcesTranslated)
{
ULONG i;
NTSTATUS status = STATUS_SUCCESS;
PHYSICAL_ADDRESS portBasePA = { 0 };
ULONG portNum = 0;
PCM_PARTIAL_RESOURCE_DESCRIPTOR desc;
BOOLEAN foundPort = FALSE;
PAGED_CODE();
UNREFERENCED_PARAMETER(Resources);
KdPrint(("On Start Device!\n"));
//
//
for (i = 0; i < WdfCmResourceListGetCount(ResourcesTranslated); i++)
{
desc = WdfCmResourceListGetDescriptor(ResourcesTranslated, i);
if (!desc)
{
KdPrint(("WdfResourceCmGetDescriptor failed!\n"));
return STATUS_DEVICE_CONFIGURATION_ERROR;
}
KdPrint(("WdfResourceCmGetDescriptor success!\n"));
switch (desc->Type)
{
case CmResourceTypeMemory:
KdPrint(("WdfResourceCmGetDescriptor i =0x%x!\n", i));
KdPrint(("CmResourceTypeMemory i = %d!\n", i));
if (portNum == 0)
{
m_ulPortCount = desc->u.Memory.Length;
m_pPortBase = (PUCHAR)MmMapIoSpace(desc->u.Memory.Start,
desc->u.Memory.Length,
MmNonCached);
foundPort = TRUE;
portNum++;
KdPrint(("WdfResourceCmGetDescriptor m_pPortBase = 0x%x,length = 0x%x!\n", m_pPortBase, m_ulPortCount));
}
break;
default:
KdPrint(("Unknown resource type 0x%x", desc->Type));
break;
}
}
if (!foundPort)
{
KdPrint(("Missing hardware resources"));
return STATUS_DEVICE_CONFIGURATION_ERROR;
}
return status;
}
NTSTATUS OnStopDevice(IN WDFDEVICE Device,
IN WDFCMRESLIST ResourcesTranslated)
{
PAGED_CODE();
if (m_pPortBase)
{
MmUnmapIoSpace(m_pPortBase, m_ulPortCount);
m_pPortBase = NULL;
}
return STATUS_SUCCESS;
}
NTSTATUS OnDevicePowerUp(IN WDFDEVICE Device,
IN WDF_POWER_DEVICE_STATE PreviousState)
{
KdPrint(("On PowerUp Device!\n"));
UNREFERENCED_PARAMETER(Device);
UNREFERENCED_PARAMETER(PreviousState);
PAGED_CODE();
return STATUS_SUCCESS;
}
NTSTATUS OnDeviceSleep(IN WDFDEVICE Device,
IN WDF_POWER_DEVICE_STATE TargetState)
{
KdPrint(("On Sleep Device!\n"));
UNREFERENCED_PARAMETER(Device);
UNREFERENCED_PARAMETER(TargetState);
PAGED_CODE();
return STATUS_SUCCESS;
}
VOID EvtFileCreate(IN WDFDEVICE Device,
IN WDFREQUEST Request,
IN WDFFILEOBJECT FileObject)
{
NTSTATUS status = STATUS_SUCCESS;
KdPrint(("PCIE X4 card is created!\n"));
WRITE_REGISTER_ULONG((PULONG)(m_pPortBase + INTSTA), 0x00000000);
WRITE_REGISTER_ULONG((PULONG)(m_pPortBase + INTEN), 0x00000003);
WRITE_REGISTER_ULONG((PULONG)(m_pPortBase + A2PTRAN0), m_ulPhysicalAddress);
WRITE_REGISTER_ULONG((PULONG)(m_pPortBase + A2PTRAN1), m_ulPhysicalAddressHigh);
WRITE_REGISTER_ULONG((PULONG)(m_pPortBase + A2PTRAN2), m_ulPhysicalAddress2);
WRITE_REGISTER_ULONG((PULONG)(m_pPortBase + A2PTRAN3), m_ulPhysicalAddressHigh2);
WdfRequestComplete(Request, status);
return;
}
VOID EvtFileClose(IN WDFFILEOBJECT FileObject)
{
PAGED_CODE();
KdPrint(("PCIE X4 card is closed!\n"));
if (m_pReportEvent)
ObDereferenceObject(m_pReportEvent);
}
VOID EvtFileCleanup(IN WDFFILEOBJECT FileObject)
{
PAGED_CODE();
KdPrint(("PCIE X4 card is cleanup!\n"));
}
qingyanxulai99 2017-11-23
- 打赏
- 举报
谢谢大神的分析,关键是我的驱动程序 生成的是 pcei.sys 定位的问题却是wdf01000.sys 另外imp_WdfRequestIsCanceled 应该怎么看传递参数,
源代码如下:(主要DMA传输部分)
