windows driver response Power Event

最新推荐文章于 2023-08-22 10:13:32 发布
原创 最新推荐文章于 2023-08-22 10:13:32 发布 · 708 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

这篇博客记录了一次Windows内核调试的过程,包括连接到Windows 7 19041版本的目标系统,初始化Kernel Debugger,处理设备驱动的启动、电源管理和系统状态变化。在调试过程中,提到了设备驱动的加载失败、设备关系查询以及系统从工作状态到休眠、重启和关闭的转换。此外,还涉及到驱动对系统电源状态的响应,如PowerSystemWorking和PowerSystemShutdown。

#S5->S0
Waiting to reconnect...
USB2: Write opened
Connected to Windows 7 19041 x64 target at (Sun Jun  6 13:33:03.551 2021 (UTC + 8:00)), ptr64 TRUE
Kernel Debugger connection established.  (Initial Breakpoint requested)
Symbol search path is: srv*C:\Symbols*http://msdl.microsoft.com/download/symbols;E:\symbols\win10X6420H2
Executable search path is: 
Windows 7 Kernel Version 19041 MP (1 procs) Free x64
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`23a00000 PsLoadedModuleList = 0xfffff807`2462a2b0
System Uptime: 0 days 0:00:00.203
minio\security\base\lsa\security\driver\asyncsspi.cxx - SspiInitAsyncInterface
IOINIT: Built-in driver \Driver\hwpolicy failed to initialize with status - 0xC000025E
KDTARGET: Refreshing KD connection
ImagePath = \
>> DeviceControlLayer::FwStorageAccessor::worker(179): FW reading worker has started
<< DeviceControlLayer::FwStorageAccessor::worker(244): FW reading worker has finished
BusEnum.SYS: Driver Entry 
BusEnum.SYS: Add Device: 0xFFFFCA0FDD321DA0
BusEnum.SYS: AddDevice: FFFFCA0FDF6515D0 to FFFFCA0FDD321DA0->FFFFCA0FDD321DA0 (\Device\00000011) 
BusEnum.SYS: FDO IRP_MN_QUERY_LEGACY_BUS_INFORMATION IRP:0xFFFFCA0FDD681060
BusEnum.SYS: FDO IRP_MN_FILTER_RESOURCE_REQUIREMENTS IRP:0xFFFFCA0FDD681060
BusEnum.SYS: FDO IRP_MN_START_DEVICE IRP:0xFFFFCA0FDD69C420
BusEnum.SYS: FDO IRP_MN_QUERY_ID IRP:0xFFFFCA0FDD69C420
BusEnum.SYS: FDO IRP_MN_QUERY_ID IRP:0xFFFFCA0FDD69C420
BusEnum.SYS: FDO IRP_MN_QUERY_CAPABILITIES IRP:0xFFFFCA0FDD69C420
BusEnum.SYS: FDO IRP_MN_QUERY_PNP_DEVICE_STATE IRP:0xFFFFCA0FDD69C420
BusEnum.SYS: FDO IRP_MN_QUERY_DEVICE_RELATIONS IRP:0xFFFFCA0FDD69C420
    QueryDeviceRelation Type: BusRelations
    #PDOS present = 0
    #PDOs reported = 0
BusEnum.SYS: FDO: unknown_syscontrol_irp
===========================================================================================================================================
#S0->S3
0: kd> g
[Router Dll]: >> Dot11ExtIhvProcessSessionChange[Router Dll]: no security plugin was loaded[Router Dll]: << RC for Dot11ExtIhvProcessSessionChange - 55CIntelCpLSPCONSvcModule::OnPowerEvent() 0x4 instance already created 000001BD57545F70 
BusEnum.SYS: FDO IRP_MN_QUERY_POWER IRP:0xFFFFCA0FEE69CA20 PowerSystemWorking PowerDeviceD0
HAL: Wake in 4294967295 seconds on AC and in 4294967295 seconds on DC
BusEnum.SYS: FDO IRP_MN_SET_POWER IRP:0xFFFFCA0FEE17BA20 PowerSystemWorking PowerDeviceD0
    Request to set System state to PowerSystemSleeping3

<Return>    

#S3->S0    
===========================================================================================================================================
#S0->S4
2: kd> g
BusEnum.SYS: FDO IRP_MN_QUERY_POWER IRP:0xFFFFCA0FEE688D30 PowerSystemWorking PowerDeviceD0
HAL: Wake in 4294967295 seconds on AC and in 4294967295 seconds on DC
BusEnum.SYS: FDO IRP_MN_SET_POWER IRP:0xFFFFCA0FEC9457A0 PowerSystemWorking PowerDeviceD0
    Request to set System state to PowerSystemHibernate
Hibernate occurred
WARNING: Inaccessible path: 'C:\Users\burly\Documents\Visual Studio 2010\Projects'
Waiting to reconnect...

<Return>

#S4->S0
2: kd> g
USB2: Write opened
Connected to Windows 7 19041 x64 target at (Sun Jun  6 13:46:58.697 2021 (UTC + 8:00)), ptr64 TRUE
Kernel Debugger connection established.  (Initial Breakpoint requested)
Symbol search path is: srv*C:\Symbols*http://msdl.microsoft.com/download/symbols;E:\symbols\win10X6420H2
Executable search path is: 
Windows 7 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`23a00000 PsLoadedModuleList = 0xfffff807`2462a2b0
Debug session time: Fri Feb 19 10:06:59.773 2021 (UTC + 8:00)
System Uptime: 0 days 0:09:47.287
BusEnum.SYS: FDO IRP_MN_SET_POWER IRP:0xFFFFCA0FEE8BD010 PowerSystemWorking PowerDeviceD0
    Request to set System state to PowerSystemWorking
HAL: Wake in 4294967295 seconds on AC and in 4294967295 seconds on DC
===========================================================================================================================================
#S0->Restart
2: kd> g

BusEnum.SYS: FDO IRP_MN_SET_POWER IRP:0xFFFFCA0FED844C80 PowerSystemWorking PowerDeviceD0
    Request to set System state to PowerSystemShutdown
Shutdown occurred at (Sun Jun  6 13:53:17.444 2021 (UTC + 8:00))...unloading all symbol tables.
WARNING: Inaccessible path: 'C:\Users\burly\Documents\Visual Studio 2010\Projects'
Waiting to reconnect...

<Return>

Connected to Windows 7 19041 x64 target at (Sun Jun  6 13:54:56.624 2021 (UTC + 8:00)), ptr64 TRUE
Kernel Debugger connection established.  (Initial Breakpoint requested)
Symbol search path is: srv*C:\Symbols*http://msdl.microsoft.com/download/symbols;E:\symbols\win10X6420H2
Executable search path is: 
Windows 7 Kernel Version 19041 MP (1 procs) Free x64
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff806`76e00000 PsLoadedModuleList = 0xfffff806`77a2a2b0
System Uptime: 0 days 0:00:00.195
BusEnum.SYS: Driver Entry 
BusEnum.SYS: Add Device: 0xFFFFB208468CCD70
BusEnum.SYS: AddDevice: FFFFB20848CC6260 to FFFFB208468CCD70->FFFFB208468CCD70 (\Device\00000011) 
BusEnum.SYS: FDO IRP_MN_QUERY_LEGACY_BUS_INFORMATION IRP:0xFFFFB20846A8A520
BusEnum.SYS: FDO IRP_MN_FILTER_RESOURCE_REQUIREMENTS IRP:0xFFFFB20846A8A520
Thotkey LEDSTATE = 0x00000001
BusEnum.SYS: FDO IRP_MN_START_DEVICE IRP:0xFFFFB20846AAC020
BusEnum.SYS: FDO IRP_MN_QUERY_ID IRP:0xFFFFB20846AAC020
BusEnum.SYS: FDO IRP_MN_QUERY_ID IRP:0xFFFFB20846AAC020
BusEnum.SYS: FDO IRP_MN_QUERY_CAPABILITIES IRP:0xFFFFB20846AAC020
BusEnum.SYS: FDO IRP_MN_QUERY_PNP_DEVICE_STATE IRP:0xFFFFB20846AAC020
BusEnum.SYS: FDO IRP_MN_QUERY_DEVICE_RELATIONS IRP:0xFFFFB20846AAC020
    QueryDeviceRelation Type: BusRelations
    #PDOS present = 0
    #PDOs reported = 0
BusEnum.SYS: FDO: unknown_syscontrol_irp
===========================================================================================================================================
#S0->S5
3: kd> g
BusEnum.SYS: FDO IRP_MN_SET_POWER IRP:0xFFFFB20856502B00 PowerSystemWorking PowerDeviceD0
    Request to set System state to PowerSystemShutdown
Shutdown occurred at (Sun Jun  6 14:02:19.871 2021 (UTC + 8:00))...unloading all symbol tables.
WARNING: Inaccessible path: 'C:\Users\burly\Documents\Visual Studio 2010\Projects'
Waiting to reconnect...

<Return>

USB2: Write opened
Connected to Windows 7 19041 x64 target at (Sun Jun  6 14:04:25.611 2021 (UTC + 8:00)), ptr64 TRUE
Kernel Debugger connection established.  (Initial Breakpoint requested)
Symbol search path is: srv*C:\Symbols*http://msdl.microsoft.com/download/symbols;E:\symbols\win10X6420H2
Executable search path is: 
Windows 7 Kernel Version 19041 MP (1 procs) Free x64
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff806`72c00000 PsLoadedModuleList = 0xfffff806`7382a2b0
System Uptime: 0 days 0:00:00.194
IOINIT: Built-in driver \Driver\hwpolicy failed to initialize with status - 0xC000025E
KDTARGET: Refreshing KD connection
ImagePath = \
BusEnum.SYS: Driver Entry 
BusEnum.SYS: Add Device: 0xFFFFC30BFB4CBD70
BusEnum.SYS: AddDevice: FFFFC30BFD5CECD0 to FFFFC30BFB4CBD70->FFFFC30BFB4CBD70 (\Device\00000011) 
BusEnum.SYS: FDO IRP_MN_QUERY_LEGACY_BUS_INFORMATION IRP:0xFFFFC30BFB691CE0
BusEnum.SYS: FDO IRP_MN_FILTER_RESOURCE_REQUIREMENTS IRP:0xFFFFC30BFB691CE0
BusEnum.SYS: FDO IRP_MN_START_DEVICE IRP:0xFFFFC30BFB6AC0E0
BusEnum.SYS: FDO IRP_MN_QUERY_ID IRP:0xFFFFC30BFB6AC0E0
BusEnum.SYS: FDO IRP_MN_QUERY_ID IRP:0xFFFFC30BFB6AC0E0
BusEnum.SYS: FDO IRP_MN_QUERY_CAPABILITIES IRP:0xFFFFC30BFB6AC0E0
BusEnum.SYS: FDO IRP_MN_QUERY_PNP_DEVICE_STATE IRP:0xFFFFC30BFB6AC0E0
BusEnum.SYS: FDO IRP_MN_QUERY_DEVICE_RELATIONS IRP:0xFFFFC30BFB6AC0E0
    QueryDeviceRelation Type: BusRelations
    #PDOS present = 0
    #PDOs reported = 0
BusEnum.SYS: FDO: unknown_syscontrol_irp
 

windbg+vmware+win7 内核
G_Spider的专栏
05-09 7994
一. vmware 下安装:windows 7 ultimate x86 中文版1、vmware (请使用尽可能新的版本以对tools的支持) 的设置  打开相应 vmware 虚拟机上的 “Virtaul Machine Settings”---> “Hardware”选项中 ----> 点击 “Add” 添加一个串口设备 Seiall Port ----> “Next” ----> 在 Serial Port 里选中“Output to named pipe” ----> “next” ----> “F
【Windbg】通过网络调试windows内核
sunriver2000的专栏
08-08 1994
windows版本:win10_x64 1901windbg版本:1.2306.12001.0。
IoGetDeviceObjectPointer引起的引用计数改变
lixiangminghate的专栏
04-30 1240
    上周同事的驱动遇到HLK测试失败:HLK测试项检测到传感器设备驱动在响应IRP_MJ_PNP/IRP_MN_REMOVEDEVICE时,有句柄扔打开设备,于是我也帮着一起查找原因。这个驱动的架构如下设计:上层App负责通知驱动,驱动响应这个过程时,用IoGetDeviceObjectPointer获得并保持(IoGetDeviceObjectPointer后没有对返回的文件对象调用ObDe...
正确处理Windows电源事件
quasiceo
11-13 2371
正确处理Windows电源事件 简介 为系统挂起与恢复而进行的应用准备步骤 曾几何时,当您正要通过应用提交或发布一些重要数据时,突然遇到一些急事需要处理,而且会耽误很长时间。当您完成任务回到电脑前时,发现电脑已经自动进入了挂起状态,或是完全关机。您可能因此丢失了部分或全部重要数据,而这仅仅是因为应用没能在停止执行前“保存”数据。相信拥有类似经历的人不在少数。现在,应用
DDK样例toaster分析(2)
lixiangminghate的专栏
06-18 2241
前一篇 DDK样例toaster分析(1) 主要讨论了toaster样例中的busenum总线驱动。本篇将讨论从总线驱动过渡到功能驱动,也就是toaster.sys。     成功安装busenum.sys后,运行toaster/exe/enum目录下的enum程序模拟一个toaster设备插入: enum -p 1    前面busenum.sys!Bus_AddDevice创建Fdo的同时
安装驱动程序(1)----驱动预安装
lixiangminghate的专栏
07-31 7419
前面toaster驱动程序的安装都是通过手动安装的方式,把sys/inf等文件安装到系统中。说实话,这么复杂的过程除了开发者,其他人能流畅的安装上驱动还真是天方夜谭了。如果读者曾在电脑城买过电脑配件,如无线网卡,蓝牙适配器,应该有印象:到手的除了这么设备本身,还会附带一张提供安装程序的小光盘和一份安装说明。安装说明一般都会要求先运行安装程序,然后重启插入设备,之后设备就可以正常使用了。这张光盘就是
window驱动程序1
cybertan的专栏
04-28 2368
设备驱动程序签名和暂存要求             2(共 2)对本文的评价是有帮助 - 评价此主题 应用到: Windows 7, Windows Server 2008 R2 为了成功完成本指南中的过程,必须符合以下要求: 运行 Windows 7 32 位版本的客户端计算机。本指南将此计算机指代为 DMI-Client1。 重要事项 64
android studio新建project的时候connect refused:connect或者卡在building project...或Refreshing
tyxo的博客
04-26 763
原文链接 我搜索这个问题的 原因是导入第三方demo的时候出现的,以前还没什么感觉,今天网速特慢才发现的,卡了特长时间. android studio新建android gradle project的时候connect refused:connect或者卡在building project...或Refreshing xxx gradle project === 原因是: gra
调试器揭密
华章IT官方博客
06-09 6236
Normal 0 7.8 磅 0 2 false false false EN-US ZH-CN X-NONE
win7 x64部署和串口调试虚拟驱动toaster
lixiangminghate的专栏
05-11 3951
WDK7600自带的toaster驱动是个很好的学习驱动的案例,从总线驱动到App层,Class-install/Co-install都有涉及。本文主要涉及驱动部署和调试。 1.先说说调试的准备工作。一般调试驱动都是在虚拟机中进行的,这里也不例外,用windbg+vmware双击联调。通常开发阶段,Wdm驱动以inf形式安装并加载,加载后依次执行DriverEntry,AddDevice并响应I
Windbg内核调试之三: 调试驱动
mergerly的专栏
09-26 2865
这次我们通过一个实际调试驱动的例子,来逐步体会Windbg在内核调试中的作用.由于条件所限,大多数情况下,很多人都是用VMware+Windbg调试内核(VMware的确是个好东西).但这样的调试需要占用大量的系统资源,对于和我一样急性子的朋友来说这是不可接受的:).利用双机调试就可以让你一边喝咖啡一边轻松的看结果,而不至于郁闷的等待每次长达数分钟的系统响应.有关双机调试的基本设置,请参考:htt
总在用户态调试 C# 程序,终还是搭了一个内核态环境
一线码农的专栏
09-03 560
一直在用 WinDbg 调试用户态程序,并没有用它调试过 `内核态`,毕竟不是做驱动开发,也没有在分析 dump 中需要接触用内核态的需求,但未知的事情总觉得很酷,加上最近在看 《深入解析 Windows 操作系统》 一书,书中有不少案例需要深入到 `内核态` ,所以这篇准备整理一下如何用 WinDbg 调试 C# 内核态吧。从新老Windbg截图中,可以清晰的看到,这个的 `Child-SP` 线程栈终于对接上了,也就验证了图上所说:`ntdll!现在可以调试 `内核态` 那何不试试看呢?
过TesSafe反WinDbg双机调试
ccx_john的专栏
01-09 1598
标 题: 【原创】过TesSafe反WinDbg双机调试 作 者: 易始 时 间: 2013-04-24,12:54:49 链 接: http://bbs.pediy.com/showthread.php?t=170342 貌似论坛里面有关游戏的贴子都很火,所以发篇帖子涨点人气。 正文: 在论坛搜索了下发现去年的时候有人发过一篇过TesSafe反双机调试的帖子,但是现在已经过时
虚拟串口服务器原码,虚拟串口的完整源代码
weixin_31202821的博客
08-06 1454
【实例简介】虚拟串口的完整源代码,可以直接编译运行,有这方面爱好的开发者可以拿来学习一下。【实例截图】【核心代码】5e0eae4b-acc2-4a66-80a0-6736b840aed1├── VSer│ ├── busdriver│ │ ├── BusEnum.sys│ │ ├── bus.inf│ │ └── toaster.cat│ ├── exe│ │...
想请问下大神这个蓝屏是怎么原因
V0o54bra的博客
08-22 469
Use!---------16: kd>!analyze -vArguments:
[笔记]windows驱动开发入门《一》helloworld 以及双机调试配置
二次元怪兽的博客
06-16 1130
[vs2019+wdk10开发xp,win7,win10驱动]https://blog.youkuaiyun.com/Kwansy/article/details/111051265
Win10 1903过TP的双机调试
被遗弃的庸才博客
11-16 4938
了解内核知识已经有一段时间了,想双机调试一下XP,网上也找了不少资料。https://bbs.pediy.com/thread-248912.htm https://blog.youkuaiyun.com/kingswb/article/details/51194105差不多我用到的大部分代码都是从上面cv(Ctrl+c---->Ctrl+v)下来的1、首先解决The context is parti...
DDK样例toaster分析(1)
lixiangminghate的专栏
06-17 2472
msddk样例中toaster是一个比较完整和值得学习的pnp驱动,包括了一个完整的设备栈(含总线驱动/功能驱动,以及设备栈中各层过滤驱动)和驱动安装程序(含驱动安装包/类安装程序/协安装程序)。本篇记录在xp下调试busenum驱动入口(关于环境的搭建网上一搜一大把,这里就省了,当然也可以参考这篇:win7 x64部署和串口调试虚拟驱动toaster)。     通过添加硬件的方式安装buse
高速相機 閃光燈LED Driver電路圖
最新发布
07-27
高速相机闪光灯LED驱动电路的设计通常 involves several key components and considerations to ensure high efficiency, proper current regulation, and fast response times. Based on the information provided, a design can be conceptualized that integrates a suitable LED driver IC, a supercapacitor for energy storage, and a DC/DC converter to manage the power flow efficiently. ### 电路设计要点 #### 1. 电源管理 The power supply section should be designed to handle the input voltage range from the battery, typically a lithium-ion cell with a nominal voltage of 3.7V and a full charge voltage of 4.2V. The DC/DC converter should be capable of stepping up or down the voltage as required by the LED load, which in this case requires a current of 1 to 2A for a duration of 120ms to achieve the desired flash effect [^1]. #### 2. 超级电容器充电 A supercapacitor is used to store energy that can be quickly released to provide the high current needed for the LED flash. To prevent damage to the supercapacitor due to inrush current, a controlled charging circuit is necessary. This can be achieved using a dedicated LED flash driver IC that also manages the charging of the supercapacitor, thereby simplifying the design and reducing the PCB space required [^1]. #### 3. LED驱动器选择 For the LED driver, an IC like the LTC3452 can be considered. It offers high efficiency (≥85%) across the entire lithium-ion battery voltage range, supports a wide VIN range (2.7V to 5.5V), provides independent main/camera current control, delivers up to 425mA of continuous output current, includes internal soft start, offers open/short LED protection, PWM brightness control, and has a typical LED current matching error of less than 2.5% [^2]. ### 电路图参考 Unfortunately, I cannot directly provide circuit diagrams, but I can describe how to construct one based on typical applications. A basic circuit would involve connecting the battery to the input of the DC/DC converter, which is then connected to the supercapacitor. The output of the DC/DC converter should be connected to the LED driver IC, which controls the current through the LED during the flash event. Here's a simplified pseudocode representation of how the components might be connected in a schematic: ```plaintext Battery (+) -----> [DC/DC Converter Input] -----> [DC/DC Converter Output] -----> [LED Driver Input] | v [Supercapacitor Charging Circuit] | v [LED Driver Output] -----> [LED] ``` The actual implementation would require careful consideration of component selection, PCB layout, and thermal management to ensure reliable operation under high current conditions. ### 示例代码 示例代码并不适用于硬件电路设计,因为它是用于软件编程的。然而,如果涉及到微控制器来控制某些部分,比如 adjusting the PWM brightness control, then a simple code snippet could look like this: ```c // Assuming a microcontroller is used to control the PWM brightness void setupPWM() { // Configure PWM pin as output pinMode(LED_PWM_PIN, OUTPUT); // Set PWM frequency and duty cycle analogWrite(LED_PWM_PIN, BRIGHTNESS_LEVEL); // BRIGHTNESS_LEVEL ranges from 0 (off) to 255 (full brightness) } ``` 请注意,这段代码仅作为一个示例,并且假设存在一个微控制器来调节PWM亮度控制。实际的实现细节会根据所选的具体硬件和设计需求有所不同。
评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值