nt!PiProcessNewDeviceNode函数中nt!PiCreateDeviceInstanceKey

📅 发布时间:2026/7/4 16:56:13 👁️ 浏览次数:
nt!PiProcessNewDeviceNode函数中nt!PiCreateDeviceInstanceKey
nt!PiProcessNewDeviceNode函数中nt!PiCreateDeviceInstanceKeyNTSTATUSPiProcessNewDeviceNode(IN PDEVICE_NODE DeviceNode){//// Build the device instance path and create the instance key.//status PiBuildDeviceNodeInstancePath(DeviceNode, busID, deviceID, instanceID);if (NT_SUCCESS(status)) {status PiCreateDeviceInstanceKey(DeviceNode, instanceKey, disposition);}0: kd kc#00 nt!PiCreateDeviceInstanceKey01 nt!PiProcessNewDeviceNode02 nt!PipProcessDevNodeTree03 nt!PipDeviceActionWorker04 nt!PipRequestDeviceAction05 nt!IopInitializeBootDrivers06 nt!IoInitSystem07 nt!Phase1Initialization08 nt!PspSystemThreadStartup09 nt!KiThreadStartup0: kd dvDeviceNode 0x894ffea8InstanceKey 0xf789a388Disposition 0xf789a35ckeyValueInformation 0x00000008status 0n0unicodeString enumHandle 0x80c9069cstatus IopOpenRegistryKeyEx(enumHandle,NULL,CmRegistryMachineSystemCurrentControlSetEnumName,KEY_ALL_ACCESS);0: kd dv enumHandleenumHandle 0x800002440: kd !handle 244PROCESS 899a2278 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000DirBase: 0a200000 ObjectTable: e1000e38 HandleCount: 33.Image: SystemKernel handle table at e1000e38 with 33 entries in use0244: Object: e127f5e0 GrantedAccess: 000f003f Entry: e1004488Object: e127f5e0 Type: (89996048) KeyObjectHeader: e127f5c8 (old version)HandleCount: 1 PointerCount: 1Directory Object: 00000000 Name: \REGISTRY\MACHINE\SYSTEM\CONTROLSET001\ENUMif (NT_SUCCESS(status)) {status IopCreateRegistryKeyEx(InstanceKey,enumHandle,DeviceNode-InstancePath,KEY_ALL_ACCESS,REG_OPTION_NON_VOLATILE,Disposition);if (NT_SUCCESS(status)) {0: kd dv InstanceKeyInstanceKey 0xf789a3880: kd dx -r1 ((ntkrnlmp!void * *)0xf789a388)((ntkrnlmp!void * *)0xf789a388) : 0xf789a388 [Type: void * *]0x80000214 [Type: void *]0: kd !handle 214PROCESS 899a2278 SessionId: none Cid: 0004 Peb: 00000000 ParentCid: 0000DirBase: 0a200000 ObjectTable: e1000e38 HandleCount: 34.Image: SystemKernel handle table at e1000e38 with 34 entries in use0214: Object: e1271ae0 GrantedAccess: 000f003f Entry: e1004428Object: e1271ae0 Type: (89996048) KeyObjectHeader: e1271ac8 (old version)HandleCount: 1 PointerCount: 1Directory Object: 00000000 Name: \REGISTRY\MACHINE\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0A03\2DABA3FF00: kd dv DispositionDisposition 0xf789a35c0: kd dx -r1 ((ntkrnlmp!unsigned long *)0xf789a35c)((ntkrnlmp!unsigned long *)0xf789a35c) : 0xf789a35c : 0x2 [Type: unsigned long *]0x2 [Type: unsigned long]通过文本模式设置迁移的键值应被视为“新键”。迁移的键值可通过设备实例键值下是否存在非零的REG_DWORD值“Migrated”来识别。if (NT_SUCCESS(status)) {//// Keys migrated by textmode setup should be treated as new.// Migrated keys are identified by the presence of non-zero// REG_DWORD value Migrated under the device instance key.//if (*Disposition ! REG_CREATED_NEW_KEY) {D:\srv03rtm\public\sdk\inc/winnt.h:9079:#define REG_CREATED_NEW_KEY (0x00000001L) // New Registry Key created//// Key creation/open disposition//#define REG_CREATED_NEW_KEY (0x00000001L) // New Registry Key created#define REG_OPENED_EXISTING_KEY (0x00000002L) // Existing Key openedif (*Disposition ! REG_CREATED_NEW_KEY) {keyValueInformation NULL;IopGetRegistryValue(*InstanceKey,REGSTR_VALUE_MIGRATED,keyValueInformation);if (keyValueInformation) {0: kd peaxc0000034 ebxf789a35c ecx00030001 edx00020000 esif789a388 edi00000000eip80c9079f espf789a2ac ebpf789a2cc iopl0 nv up ei pl nz na pe nccs0008 ss0010 ds0023 es0023 fs0030 gs0000 efl00000206nt!PiCreateDeviceInstanceKey0x103:80c9079f 8b45fc mov eax,dword ptr [ebp-4] ss:0010:f789a2c8000000000: kd dv keyValueInformationkeyValueInformation 0x00000000