windows driver response Power Event

最新推荐文章于 2023-08-22 10:13:32 发布
最新推荐文章于 2023-08-22 10:13:32 发布
阅读量662 收藏
点赞数
CC 4.0 BY-SA版权
分类专栏: win内核
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.youkuaiyun.com/lixiangminghate/article/details/117636227
这篇博客记录了一次Windows内核调试的过程,包括连接到Windows 7 19041版本的目标系统,初始化Kernel Debugger,处理设备驱动的启动、电源管理和系统状态变化。在调试过程中,提到了设备驱动的加载失败、设备关系查询以及系统从工作状态到休眠、重启和关闭的转换。此外,还涉及到驱动对系统电源状态的响应,如PowerSystemWorking和PowerSystemShutdown。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

#S5->S0
Waiting to reconnect...
USB2: Write opened
Connected to Windows 7 19041 x64 target at (Sun Jun  6 13:33:03.551 2021 (UTC + 8:00)), ptr64 TRUE
Kernel Debugger connection established.  (Initial Breakpoint requested)
Symbol search path is: srv*C:\Symbols*http://msdl.microsoft.com/download/symbols;E:\symbols\win10X6420H2
Executable search path is: 
Windows 7 Kernel Version 19041 MP (1 procs) Free x64
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`23a00000 PsLoadedModuleList = 0xfffff807`2462a2b0
System Uptime: 0 days 0:00:00.203
minio\security\base\lsa\security\driver\asyncsspi.cxx - SspiInitAsyncInterface
IOINIT: Built-in driver \Driver\hwpolicy failed to initialize with status - 0xC000025E
KDTARGET: Refreshing KD connection
ImagePath = \
>> DeviceControlLayer::FwStorageAccessor::worker(179): FW reading worker has started
<< DeviceControlLayer::FwStorageAccessor::worker(244): FW reading worker has finished
BusEnum.SYS: Driver Entry 
BusEnum.SYS: Add Device: 0xFFFFCA0FDD321DA0
BusEnum.SYS: AddDevice: FFFFCA0FDF6515D0 to FFFFCA0FDD321DA0->FFFFCA0FDD321DA0 (\Device\00000011) 
BusEnum.SYS: FDO IRP_MN_QUERY_LEGACY_BUS_INFORMATION IRP:0xFFFFCA0FDD681060
BusEnum.SYS: FDO IRP_MN_FILTER_RESOURCE_REQUIREMENTS IRP:0xFFFFCA0FDD681060
BusEnum.SYS: FDO IRP_MN_START_DEVICE IRP:0xFFFFCA0FDD69C420
BusEnum.SYS: FDO IRP_MN_QUERY_ID IRP:0xFFFFCA0FDD69C420
BusEnum.SYS: FDO IRP_MN_QUERY_ID IRP:0xFFFFCA0FDD69C420
BusEnum.SYS: FDO IRP_MN_QUERY_CAPABILITIES IRP:0xFFFFCA0FDD69C420
BusEnum.SYS: FDO IRP_MN_QUERY_PNP_DEVICE_STATE IRP:0xFFFFCA0FDD69C420
BusEnum.SYS: FDO IRP_MN_QUERY_DEVICE_RELATIONS IRP:0xFFFFCA0FDD69C420
    QueryDeviceRelation Type: BusRelations
    #PDOS present = 0
    #PDOs reported = 0
BusEnum.SYS: FDO: unknown_syscontrol_irp
===========================================================================================================================================
#S0->S3
0: kd> g
[Router Dll]: >> Dot11ExtIhvProcessSessionChange[Router Dll]: no security plugin was loaded[Router Dll]: << RC for Dot11ExtIhvProcessSessionChange - 55CIntelCpLSPCONSvcModule::OnPowerEvent() 0x4 instance already created 000001BD57545F70 
BusEnum.SYS: FDO IRP_MN_QUERY_POWER IRP:0xFFFFCA0FEE69CA20 PowerSystemWorking PowerDeviceD0
HAL: Wake in 4294967295 seconds on AC and in 4294967295 seconds on DC
BusEnum.SYS: FDO IRP_MN_SET_POWER IRP:0xFFFFCA0FEE17BA20 PowerSystemWorking PowerDeviceD0
    Request to set System state to PowerSystemSleeping3

<Return>    

#S3->S0    
===========================================================================================================================================
#S0->S4
2: kd> g
BusEnum.SYS: FDO IRP_MN_QUERY_POWER IRP:0xFFFFCA0FEE688D30 PowerSystemWorking PowerDeviceD0
HAL: Wake in 4294967295 seconds on AC and in 4294967295 seconds on DC
BusEnum.SYS: FDO IRP_MN_SET_POWER IRP:0xFFFFCA0FEC9457A0 PowerSystemWorking PowerDeviceD0
    Request to set System state to PowerSystemHibernate
Hibernate occurred
WARNING: Inaccessible path: 'C:\Users\burly\Documents\Visual Studio 2010\Projects'
Waiting to reconnect...

<Return>

#S4->S0
2: kd> g
USB2: Write opened
Connected to Windows 7 19041 x64 target at (Sun Jun  6 13:46:58.697 2021 (UTC + 8:00)), ptr64 TRUE
Kernel Debugger connection established.  (Initial Breakpoint requested)
Symbol search path is: srv*C:\Symbols*http://msdl.microsoft.com/download/symbols;E:\symbols\win10X6420H2
Executable search path is: 
Windows 7 Kernel Version 19041 MP (4 procs) Free x64
Product: WinNt, suite: TerminalServer SingleUserTS
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff807`23a00000 PsLoadedModuleList = 0xfffff807`2462a2b0
Debug session time: Fri Feb 19 10:06:59.773 2021 (UTC + 8:00)
System Uptime: 0 days 0:09:47.287
BusEnum.SYS: FDO IRP_MN_SET_POWER IRP:0xFFFFCA0FEE8BD010 PowerSystemWorking PowerDeviceD0
    Request to set System state to PowerSystemWorking
HAL: Wake in 4294967295 seconds on AC and in 4294967295 seconds on DC
===========================================================================================================================================
#S0->Restart
2: kd> g

BusEnum.SYS: FDO IRP_MN_SET_POWER IRP:0xFFFFCA0FED844C80 PowerSystemWorking PowerDeviceD0
    Request to set System state to PowerSystemShutdown
Shutdown occurred at (Sun Jun  6 13:53:17.444 2021 (UTC + 8:00))...unloading all symbol tables.
WARNING: Inaccessible path: 'C:\Users\burly\Documents\Visual Studio 2010\Projects'
Waiting to reconnect...

<Return>

Connected to Windows 7 19041 x64 target at (Sun Jun  6 13:54:56.624 2021 (UTC + 8:00)), ptr64 TRUE
Kernel Debugger connection established.  (Initial Breakpoint requested)
Symbol search path is: srv*C:\Symbols*http://msdl.microsoft.com/download/symbols;E:\symbols\win10X6420H2
Executable search path is: 
Windows 7 Kernel Version 19041 MP (1 procs) Free x64
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff806`76e00000 PsLoadedModuleList = 0xfffff806`77a2a2b0
System Uptime: 0 days 0:00:00.195
BusEnum.SYS: Driver Entry 
BusEnum.SYS: Add Device: 0xFFFFB208468CCD70
BusEnum.SYS: AddDevice: FFFFB20848CC6260 to FFFFB208468CCD70->FFFFB208468CCD70 (\Device\00000011) 
BusEnum.SYS: FDO IRP_MN_QUERY_LEGACY_BUS_INFORMATION IRP:0xFFFFB20846A8A520
BusEnum.SYS: FDO IRP_MN_FILTER_RESOURCE_REQUIREMENTS IRP:0xFFFFB20846A8A520
Thotkey LEDSTATE = 0x00000001
BusEnum.SYS: FDO IRP_MN_START_DEVICE IRP:0xFFFFB20846AAC020
BusEnum.SYS: FDO IRP_MN_QUERY_ID IRP:0xFFFFB20846AAC020
BusEnum.SYS: FDO IRP_MN_QUERY_ID IRP:0xFFFFB20846AAC020
BusEnum.SYS: FDO IRP_MN_QUERY_CAPABILITIES IRP:0xFFFFB20846AAC020
BusEnum.SYS: FDO IRP_MN_QUERY_PNP_DEVICE_STATE IRP:0xFFFFB20846AAC020
BusEnum.SYS: FDO IRP_MN_QUERY_DEVICE_RELATIONS IRP:0xFFFFB20846AAC020
    QueryDeviceRelation Type: BusRelations
    #PDOS present = 0
    #PDOs reported = 0
BusEnum.SYS: FDO: unknown_syscontrol_irp
===========================================================================================================================================
#S0->S5
3: kd> g
BusEnum.SYS: FDO IRP_MN_SET_POWER IRP:0xFFFFB20856502B00 PowerSystemWorking PowerDeviceD0
    Request to set System state to PowerSystemShutdown
Shutdown occurred at (Sun Jun  6 14:02:19.871 2021 (UTC + 8:00))...unloading all symbol tables.
WARNING: Inaccessible path: 'C:\Users\burly\Documents\Visual Studio 2010\Projects'
Waiting to reconnect...

<Return>

USB2: Write opened
Connected to Windows 7 19041 x64 target at (Sun Jun  6 14:04:25.611 2021 (UTC + 8:00)), ptr64 TRUE
Kernel Debugger connection established.  (Initial Breakpoint requested)
Symbol search path is: srv*C:\Symbols*http://msdl.microsoft.com/download/symbols;E:\symbols\win10X6420H2
Executable search path is: 
Windows 7 Kernel Version 19041 MP (1 procs) Free x64
Built by: 19041.1.amd64fre.vb_release.191206-1406
Machine Name:
Kernel base = 0xfffff806`72c00000 PsLoadedModuleList = 0xfffff806`7382a2b0
System Uptime: 0 days 0:00:00.194
IOINIT: Built-in driver \Driver\hwpolicy failed to initialize with status - 0xC000025E
KDTARGET: Refreshing KD connection
ImagePath = \
BusEnum.SYS: Driver Entry 
BusEnum.SYS: Add Device: 0xFFFFC30BFB4CBD70
BusEnum.SYS: AddDevice: FFFFC30BFD5CECD0 to FFFFC30BFB4CBD70->FFFFC30BFB4CBD70 (\Device\00000011) 
BusEnum.SYS: FDO IRP_MN_QUERY_LEGACY_BUS_INFORMATION IRP:0xFFFFC30BFB691CE0
BusEnum.SYS: FDO IRP_MN_FILTER_RESOURCE_REQUIREMENTS IRP:0xFFFFC30BFB691CE0
BusEnum.SYS: FDO IRP_MN_START_DEVICE IRP:0xFFFFC30BFB6AC0E0
BusEnum.SYS: FDO IRP_MN_QUERY_ID IRP:0xFFFFC30BFB6AC0E0
BusEnum.SYS: FDO IRP_MN_QUERY_ID IRP:0xFFFFC30BFB6AC0E0
BusEnum.SYS: FDO IRP_MN_QUERY_CAPABILITIES IRP:0xFFFFC30BFB6AC0E0
BusEnum.SYS: FDO IRP_MN_QUERY_PNP_DEVICE_STATE IRP:0xFFFFC30BFB6AC0E0
BusEnum.SYS: FDO IRP_MN_QUERY_DEVICE_RELATIONS IRP:0xFFFFC30BFB6AC0E0
    QueryDeviceRelation Type: BusRelations
    #PDOS present = 0
    #PDOs reported = 0
BusEnum.SYS: FDO: unknown_syscontrol_irp
 

blazor与硬件通信实现案例
极简的随笔
05-13 148
在这篇博客中,曾经提到了网页中接入各种硬件操作的方法,即通过Windows Service作为指令的中转,并建立websocket通信连接,进而实现接入硬件的各种操作。这篇博客就以实际的案例来讲解具体怎么实现。
【QCA6174】QCA6174 WiFi 5G设置固定信道出现DFS chan_idx seems wrong错误,hostapd自动退出问题分析解决方案
wgl307293845的博客
06-16 1172
sdx12平台QCA6174 WiFi 5G设置固定信道出现DFS chan_idx seems wrong错误,然后选择其他信道或者hostapd自动退出hostapd信息。
正确处理Windows电源事件
quasiceo
11-13 2171
正确处理Windows电源事件 简介 为系统挂起与恢复而进行的应用准备步骤 曾几何时,当您正要通过应用提交或发布一些重要数据时,突然遇到一些急事需要处理,而且会耽误很长时间。当您完成任务回到电脑前时,发现电脑已经自动进入了挂起状态,或是完全关机。您可能因此丢失了部分或全部重要数据,而这仅仅是因为应用没能在停止执行前“保存”数据。相信拥有类似经历的人不在少数。现在,应用
DDK样例toaster分析(2)
lixiangminghate的专栏
06-18 2087
前一篇 DDK样例toaster分析(1) 主要讨论了toaster样例中的busenum总线驱动。本篇将讨论从总线驱动过渡到功能驱动,也就是toaster.sys。     成功安装busenum.sys后,运行toaster/exe/enum目录下的enum程序模拟一个toaster设备插入: enum -p 1    前面busenum.sys!Bus_AddDevice创建Fdo的同时
window驱动程序1
cybertan的专栏
04-28 2336
设备驱动程序签名和暂存要求             2(共 2)对本文的评价是有帮助 - 评价此主题 应用到: Windows 7, Windows Server 2008 R2 为了成功完成本指南中的过程,必须符合以下要求: 运行 Windows 7 32 位版本的客户端计算机。本指南将此计算机指代为 DMI-Client1。 重要事项 64
android studio新建project的时候connect refused:connect或者卡在building project...或Refreshing
tyxo的博客
04-26 744
原文链接 我搜索这个问题的 原因是导入第三方demo的时候出现的,以前还没什么感觉,今天网速特慢才发现的,卡了特长时间. android studio新建android gradle project的时候connect refused:connect或者卡在building project...或Refreshing xxx gradle project === 原因是: gra
【Windbg】通过网络调试windows内核
sunriver2000的专栏
08-08 1625
windows版本:win10_x64 1901windbg版本:1.2306.12001.0。
Windows Driver Samples剖析之Echo(四)
Sagittarius_Warrior的博客
06-13 1547
本文主要讲解kmdf echo工程的AutoAsyn模块,它是一个自动同步的(支持异步调用的)driver。其中,AutoAsyn —— Auto Asynchronous。 一、文件结构         它主要包括8个文件:echo.inx —— 用于生成INF文件,public.h —— 与应用程序共享的头文件,传递GUID和IOCTL CODE。 driver.h和driver.c,驱
nova event事件源码分析
Ixurong
06-14 1206
nova event 源码分析
Linux 性能检测/调优之Perf_Event
He11o_Liu的专栏
05-18 8311
引言 Linux性能检测/调优是一个很大的话题,涉及的内容也非常广泛。目前,从硬件层面到系统层面都提供了一系列硬件支持/软件工具给开发者来检测系统性能以针对具体问题进行调优。 本文主要关注其中的利用性能计数器(Performance Counter)进行性能检测的linux工具Perf,介绍了其强大的能力以及部分使用方法。本文主要部分参考了Brendan D. Gregg的博客,在该博客的Pe...
想请问下大神这个蓝屏是怎么原因
V0o54bra的博客
08-22 376
Use!---------16: kd>!analyze -vArguments:
Win10 1903过TP的双机调试
被遗弃的庸才博客
11-16 4892
了解内核知识已经有一段时间了,想双机调试一下XP,网上也找了不少资料。https://bbs.pediy.com/thread-248912.htm https://blog.youkuaiyun.com/kingswb/article/details/51194105差不多我用到的大部分代码都是从上面cv(Ctrl+c---->Ctrl+v)下来的1、首先解决The context is parti...
一个蓝屏的分析-The caller is unlocking a pageable section that is not currently locked.
T76230169的专栏
04-06 1762
同事,给了一个蓝屏文件,说是不知道操作什么了引起了系统蓝屏,使用自定义分析可看到 MEMORY_MANAGEMENT (1a) # Any other values for parameter 1 must be individually examined. Arguments: Arg1: 0000000000001010, The caller is unlocking a pageable section that is not currently locked. (This sectio
请大神们帮忙分析一下蓝屏
weixin_42172349的博客
03-03 776
WARNING Unable to verify timestamp for Unknown_Module_00000000`00000000 ERROR Module load completed but symbols could not be loaded for Unknown_Module_00000000`00000000
OpenCV count the number of connected camera 检测连接的摄像头的数量
weixin_33979203的博客
03-12 243
  有时候在项目中我们需要检测当前连接在机子上的摄像头的数量,可以通过下面的代码实现,其中连接摄像头的最大数量maxCamNum可以任意修改:   /** * Count current camera number */ int countCamera() { int maxCamNum = 5; int count = 0; for(int de...
三次蓝屏对内核崩溃日志的分析记录
热门推荐
无情的搬砖人的Blog
10-30 1万+
下面的所有内容都是WinDBG的输出内容 //后跟的所有内容都是针对下一行具体项的具体解释 Microsoft ® Windows Debugger Version 6.12.0002.633 AMD64 Copyright © Microsoft Corporation. All rights reserved. Loading Dump File [C:\Windows\Minidump\103021-8359-01.dmp] Mini Kernel Dump File: Only register
ip分片代码_CVE202016898 “坏邻居”Windows TCP/IP 远程代码执行漏洞分析
weixin_39791225的博客
11-24 573
本文作者 Strawberry@ QAX A-TEAM2020年10月14日,微软修复了一个紧急漏洞:Windows TCP/IP 远程代码执行漏洞,漏洞编号为 CVE-2020-16898。Windows TCP/IP 堆栈在处理 ICMPv6 路由器广告数据包时,存在一个远程执行代码漏洞。攻击者可通过向受影响主机发送特制 ICMPv6 路由广告包来利用此漏洞,成功利用此漏洞的攻击...
windows驱动入门,DDK中例子的实用方法
kezhen的专栏
03-25 3734
转http://www.cnblogs.com/yzhe/archive/2010/02/04/1663797.html 首先,windows下驱动开发,要有一整套的开发调试工具。在本例子中要用到如下工具: windbg -- Windows下内核模式驱动调试的一大利器。(microsoft开发的哦!很好找的)。 vmware 5.5.4虚拟机,安装windows XP sp2的虚拟机。
notifier rockchip
最新发布
03-13
#define ROCKCHIP_POWER_EVENT (NOTIFY_START_MASK + 0x1) ``` (2) **优先级控制**: ```c // 确保关键服务优先响应 static struct notifier_block power_nb = { .notifier_call = power_event_handler, ....
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值