小端口驱动启动及关闭过程

来源：互联网发布：spu sku 数据库设计编辑：程序博客网时间：2024/05/20 06:06

网卡启动过程

1. 进入DriverEntry后，调用NdisMRegisterMiniportDriver注册小端口驱动

ChildEBP RetAddr  807e04ec 89222eec netvmini620!MPSetOptions [d:\td\newframe\drivers-vd\network\netvmini620\miniport.c @ 299]807e0510 8bd3f1fc ndis!NdisMRegisterMiniportDriver+0x498807e0598 83fd72e6 netvmini620!DriverEntry+0x1ec [d:\td\newframe\drivers-vd\network\netvmini620\miniport.c @ 180]807e077c 83fc37f4 nt!IopLoadDriver+0x7ed807e0828 84007811 nt!PipCallDriverAddDeviceQueryRoutine+0x34b807e0860 84008520 nt!RtlpCallQueryRegistryRoutine+0x2ea807e08cc 83fd16a4 nt!RtlQueryRegistryValues+0x31d807e09a8 83fd0e12 nt!PipCallDriverAddDevice+0x383807e0ba4 840a0a4e nt!PipProcessDevNodeTree+0x15d807e0bd8 83e27cb7 nt!PiRestartDevice+0x8a807e0c00 83e90aab nt!PnpDeviceActionWorker+0x1fb807e0c50 8401cf5e nt!ExpWorkerThread+0x10d807e0c90 83ec4219 nt!PspSystemThreadStartup+0x9e00000000 00000000 nt!KiThreadStartup+0x19

注意MPSetOptions是在NdisMRegisterMiniportDriver上下文中被调用的。

2. 调用MPInitializeEx，初始化适配器

807e0528 8927ecf2 netvmini620!MPInitializeEx [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 171]807e07f4 8927e474 ndis!ndisMInitializeAdapter+0x76b807e082c 8927e2ed ndis!ndisInitializeAdapter+0x10a807e0854 89283d23 ndis!ndisPnPStartDevice+0x130807e0898 83e4a593 ndis!ndisPnPDispatch+0x62f807e08b0 83fd26f8 nt!IofCallDriver+0x63807e08cc 83e2528b nt!PnpAsynchronousCall+0x92807e0930 83fc9561 nt!PnpStartDevice+0xe1807e098c 83fc942a nt!PnpStartDeviceNode+0x12c807e09a8 83fd0e3d nt!PipProcessStartPhase1+0x62807e0ba4 840a0a4e nt!PipProcessDevNodeTree+0x188807e0bd8 83e27cb7 nt!PiRestartDevice+0x8a807e0c00 83e90aab nt!PnpDeviceActionWorker+0x1fb807e0c50 8401cf5e nt!ExpWorkerThread+0x10d807e0c90 83ec4219 nt!PspSystemThreadStartup+0x9e00000000 00000000 nt!KiThreadStartup+0x19

调用MPInitializeEx时适配器处于Initializing状态，初始化成功后处于Paused状态，初始化失败返回Halted状态。

3. 调用MPRestart函数，启动适配器

807e04ec 8927b852 netvmini620!MPRestart [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 679]807e052c 8927fe17 ndis!ndisRestartMiniport+0x16f807e07f4 8927e474 ndis!ndisMInitializeAdapter+0x1890807e082c 8927e2ed ndis!ndisInitializeAdapter+0x10a807e0854 89283d23 ndis!ndisPnPStartDevice+0x130807e0898 83e4a593 ndis!ndisPnPDispatch+0x62f807e08b0 83fd26f8 nt!IofCallDriver+0x63807e08cc 83e2528b nt!PnpAsynchronousCall+0x92807e0930 83fc9561 nt!PnpStartDevice+0xe1807e098c 83fc942a nt!PnpStartDeviceNode+0x12c807e09a8 83fd0e3d nt!PipProcessStartPhase1+0x62807e0ba4 840a0a4e nt!PipProcessDevNodeTree+0x188807e0bd8 83e27cb7 nt!PiRestartDevice+0x8a807e0c00 83e90aab nt!PnpDeviceActionWorker+0x1fb807e0c50 8401cf5e nt!ExpWorkerThread+0x10d807e0c90 83ec4219 nt!PspSystemThreadStartup+0x9e00000000 00000000 nt!KiThreadStartup+0x19

调用MPRestart时适配器处于Restarting状态，初始化成功后处于Running状态，初始化失败返回Paused状态。

4. 调用MPDevicePnpEventNotify发送PNP通知

807e04c8 8928448b netvmini620!MPDevicePnpEventNotify+0x8 [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 1117]807e0508 892842c8 ndis!ndisDevicePnPEventNotifyMiniport+0xf4807e0524 892800f5 ndis!ndisNotifyMiniports+0x5d807e07f4 8927e474 ndis!ndisMInitializeAdapter+0x1b6e807e082c 8927e2ed ndis!ndisInitializeAdapter+0x10a807e0854 89283d23 ndis!ndisPnPStartDevice+0x130807e0898 83e4a593 ndis!ndisPnPDispatch+0x62f807e08b0 83fd26f8 nt!IofCallDriver+0x63807e08cc 83e2528b nt!PnpAsynchronousCall+0x92807e0930 83fc9561 nt!PnpStartDevice+0xe1807e098c 83fc942a nt!PnpStartDeviceNode+0x12c807e09a8 83fd0e3d nt!PipProcessStartPhase1+0x62807e0ba4 840a0a4e nt!PipProcessDevNodeTree+0x188807e0bd8 83e27cb7 nt!PiRestartDevice+0x8a807e0c00 83e90aab nt!PnpDeviceActionWorker+0x1fb807e0c50 8401cf5e nt!ExpWorkerThread+0x10d807e0c90 83ec4219 nt!PspSystemThreadStartup+0x9e00000000 00000000 nt!KiThreadStartup+0x19

根据调试，发送的通知为NdisDevicePnPEventPowerProfileChanged，确认电源类型（battery or AC online）

5. 调用MPPause，暂停网卡

8e30ba74 8927be18 netvmini620!MPPause [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 600]8e30bab0 89216087 ndis!ndisPauseMiniport+0x17f8e30bbe4 89215cea ndis!ndisAttachFilterToMiniport+0x2fc8e30bc0c 89280cad ndis!ndisCheckMiniportFilters+0x1058e30bc24 89278013 ndis!ndisQueuedCheckAdapterBindings+0xc88e30bc34 8921408e ndis!ndisWorkItemHandler+0xe8e30bc50 8401cf5e ndis!ndisWorkerThread+0xa48e30bc90 83ec4219 nt!PspSystemThreadStartup+0x9e00000000 00000000 nt!KiThreadStartup+0x19

此为一工作线程，查看堆栈，暂停网卡的目的可能是挂载过滤驱动。

6. 再次调用MPRestart函数，启动适配器

8e30b848 8927b852 netvmini620!MPRestart [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 679]8e30b888 8921e76c ndis!ndisRestartMiniport+0x16f8e30baac 8921736d ndis!ndisRestartMiniportFilterStack+0xa58e30bbe4 89215cea ndis!ndisAttachFilterToMiniport+0x15e28e30bc0c 89280cad ndis!ndisCheckMiniportFilters+0x1058e30bc24 89278013 ndis!ndisQueuedCheckAdapterBindings+0xc88e30bc34 8921408e ndis!ndisWorkItemHandler+0xe8e30bc50 8401cf5e ndis!ndisWorkerThread+0xa48e30bc90 83ec4219 nt!PspSystemThreadStartup+0x9e00000000 00000000 nt!KiThreadStartup+0x19

此工作线程与上一调用MPPause的工作线程为同一线程。

至此，适配器启动完毕。

网卡关闭过程

1. 调用MPPause，进入Pause状态（关闭发送、接收数据包路径）

807e477c 8927be18 netvmini620!MPPause [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 600]807e47b8 8928ab77 ndis!ndisPauseMiniport+0x17f807e484c 8928f62b ndis!ndisCloseMiniportBindings+0xcb807e497c 8923f538 ndis!ndisPnPRemoveDevice+0x23c807e49ac 89283ac3 ndis!ndisPnPRemoveDeviceEx+0xaa807e49f0 83e4a593 ndis!ndisPnPDispatch+0x3cf807e4a08 83fecf95 nt!IofCallDriver+0x63807e4a38 840d9a3f nt!IopSynchronousCall+0xc2807e4a90 83eef346 nt!IopRemoveDevice+0xd4807e4abc 840d1787 nt!PnpRemoveLockedDeviceNode+0x16c807e4ad0 840d1a3b nt!PnpDeleteLockedDeviceNode+0x2d807e4b04 840d5417 nt!PnpDeleteLockedDeviceNodes+0x4c807e4bc4 83fc52ca nt!PnpProcessQueryRemoveAndEject+0x946807e4bdc 83fd33ca nt!PnpProcessTargetDeviceEvent+0x38807e4c00 83e90aab nt!PnpDeviceEventWorker+0x216807e4c50 8401cf5e nt!ExpWorkerThread+0x10d807e4c90 83ec4219 nt!PspSystemThreadStartup+0x9e00000000 00000000 nt!KiThreadStartup+0x19

2. 调用MPRestart，不懂

807e4778 8927b852 netvmini620!MPRestart [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 679]807e47b8 8928ad21 ndis!ndisRestartMiniport+0x16f807e484c 8928f62b ndis!ndisCloseMiniportBindings+0x275807e497c 8923f538 ndis!ndisPnPRemoveDevice+0x23c807e49ac 89283ac3 ndis!ndisPnPRemoveDeviceEx+0xaa807e49f0 83e4a593 ndis!ndisPnPDispatch+0x3cf807e4a08 83fecf95 nt!IofCallDriver+0x63807e4a38 840d9a3f nt!IopSynchronousCall+0xc2807e4a90 83eef346 nt!IopRemoveDevice+0xd4807e4abc 840d1787 nt!PnpRemoveLockedDeviceNode+0x16c807e4ad0 840d1a3b nt!PnpDeleteLockedDeviceNode+0x2d807e4b04 840d5417 nt!PnpDeleteLockedDeviceNodes+0x4c807e4bc4 83fc52ca nt!PnpProcessQueryRemoveAndEject+0x946807e4bdc 83fd33ca nt!PnpProcessTargetDeviceEvent+0x38807e4c00 83e90aab nt!PnpDeviceEventWorker+0x216807e4c50 8401cf5e nt!ExpWorkerThread+0x10d807e4c90 83ec4219 nt!PspSystemThreadStartup+0x9e00000000 00000000 nt!KiThreadStartup+0x19

3. 调用MPPause，呼应上面的MPRestart

807e47a4 8927be18 netvmini620!MPPause [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 600]807e47e0 89227f90 ndis!ndisPauseMiniport+0x17f807e484c 8928f631 ndis!ndisDetachFiltersOnMiniport+0x136807e497c 8923f538 ndis!ndisPnPRemoveDevice+0x242807e49ac 89283ac3 ndis!ndisPnPRemoveDeviceEx+0xaa807e49f0 83e4a593 ndis!ndisPnPDispatch+0x3cf807e4a08 83fecf95 nt!IofCallDriver+0x63807e4a38 840d9a3f nt!IopSynchronousCall+0xc2807e4a90 83eef346 nt!IopRemoveDevice+0xd4807e4abc 840d1787 nt!PnpRemoveLockedDeviceNode+0x16c807e4ad0 840d1a3b nt!PnpDeleteLockedDeviceNode+0x2d807e4b04 840d5417 nt!PnpDeleteLockedDeviceNodes+0x4c807e4bc4 83fc52ca nt!PnpProcessQueryRemoveAndEject+0x946807e4bdc 83fd33ca nt!PnpProcessTargetDeviceEvent+0x38807e4c00 83e90aab nt!PnpDeviceEventWorker+0x216807e4c50 8401cf5e nt!ExpWorkerThread+0x10d807e4c90 83ec4219 nt!PspSystemThreadStartup+0x9e00000000 00000000 nt!KiThreadStartup+0x19

分析上面的堆栈，与卸载过滤驱动有关。

4. 再次调用MPRestart，又一次不懂

807e47a0 8927b852 netvmini620!MPRestart [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 679]807e47e0 89227fcf ndis!ndisRestartMiniport+0x16f807e484c 8928f631 ndis!ndisDetachFiltersOnMiniport+0x175807e497c 8923f538 ndis!ndisPnPRemoveDevice+0x242807e49ac 89283ac3 ndis!ndisPnPRemoveDeviceEx+0xaa807e49f0 83e4a593 ndis!ndisPnPDispatch+0x3cf807e4a08 83fecf95 nt!IofCallDriver+0x63807e4a38 840d9a3f nt!IopSynchronousCall+0xc2807e4a90 83eef346 nt!IopRemoveDevice+0xd4807e4abc 840d1787 nt!PnpRemoveLockedDeviceNode+0x16c807e4ad0 840d1a3b nt!PnpDeleteLockedDeviceNode+0x2d807e4b04 840d5417 nt!PnpDeleteLockedDeviceNodes+0x4c807e4bc4 83fc52ca nt!PnpProcessQueryRemoveAndEject+0x946807e4bdc 83fd33ca nt!PnpProcessTargetDeviceEvent+0x38807e4c00 83e90aab nt!PnpDeviceEventWorker+0x216807e4c50 8401cf5e nt!ExpWorkerThread+0x10d807e4c90 83ec4219 nt!PspSystemThreadStartup+0x9e00000000 00000000 nt!KiThreadStartup+0x19

5. 调用MPPause，呼应上面的MPRestart

807e480c 8927be18 netvmini620!MPPause [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 600]807e4848 8928f648 ndis!ndisPauseMiniport+0x17f807e497c 8923f538 ndis!ndisPnPRemoveDevice+0x259807e49ac 89283ac3 ndis!ndisPnPRemoveDeviceEx+0xaa807e49f0 83e4a593 ndis!ndisPnPDispatch+0x3cf807e4a08 83fecf95 nt!IofCallDriver+0x63807e4a38 840d9a3f nt!IopSynchronousCall+0xc2807e4a90 83eef346 nt!IopRemoveDevice+0xd4807e4abc 840d1787 nt!PnpRemoveLockedDeviceNode+0x16c807e4ad0 840d1a3b nt!PnpDeleteLockedDeviceNode+0x2d807e4b04 840d5417 nt!PnpDeleteLockedDeviceNodes+0x4c807e4bc4 83fc52ca nt!PnpProcessQueryRemoveAndEject+0x946807e4bdc 83fd33ca nt!PnpProcessTargetDeviceEvent+0x38807e4c00 83e90aab nt!PnpDeviceEventWorker+0x216807e4c50 8401cf5e nt!ExpWorkerThread+0x10d807e4c90 83ec4219 nt!PspSystemThreadStartup+0x9e00000000 00000000 nt!KiThreadStartup+0x19

6. 调用MPHaltEx，卸载适配器

807e47f4 8928a69f netvmini620!MPHaltEx [d:\td\newframe\drivers-vd\network\netvmini620\adapter.c @ 745]807e4830 8928d9e7 ndis!ndisMCommonHaltMiniport+0x54f807e484c 8928f729 ndis!ndisMHaltMiniport+0x5a807e497c 8923f538 ndis!ndisPnPRemoveDevice+0x33a807e49ac 89283ac3 ndis!ndisPnPRemoveDeviceEx+0xaa807e49f0 83e4a593 ndis!ndisPnPDispatch+0x3cf807e4a08 83fecf95 nt!IofCallDriver+0x63807e4a38 840d9a3f nt!IopSynchronousCall+0xc2807e4a90 83eef346 nt!IopRemoveDevice+0xd4807e4abc 840d1787 nt!PnpRemoveLockedDeviceNode+0x16c807e4ad0 840d1a3b nt!PnpDeleteLockedDeviceNode+0x2d807e4b04 840d5417 nt!PnpDeleteLockedDeviceNodes+0x4c807e4bc4 83fc52ca nt!PnpProcessQueryRemoveAndEject+0x946807e4bdc 83fd33ca nt!PnpProcessTargetDeviceEvent+0x38807e4c00 83e90aab nt!PnpDeviceEventWorker+0x216807e4c50 8401cf5e nt!ExpWorkerThread+0x10d807e4c90 83ec4219 nt!PspSystemThreadStartup+0x9e00000000 00000000 nt!KiThreadStartup+0x19

以上的过程是在我的win 7虚拟机上测试的，在各位看官的机器上，我觉得关闭适配器的流程可能会与我的机器有所不同，具体可能关系到是否有过滤驱动，没测试，瞎掰以下，关闭适配器的过程多次调用了Pause及Restart例程，我觉得调用几次并没有关系，只要讲发送接收路径控制好即可。

0 0