mouclass!MouseClassReadCopyData函数分析之通过全局变量mouclass!Globals打开调试mouclass!MouDebugPrint后
#if DBG
VOID
MouDebugPrint(
ULONG DebugPrintLevel,
PCCHAR DebugMessage,
...
)
{
va_list ap;
va_start(ap, DebugMessage);
if (DebugPrintLevel <= Globals.Debug) {
char buffer[256];
(VOID) vsprintf(buffer, DebugMessage, ap);
DbgPrint(buffer);
}
va_end(ap);
}
#endif
第一部分:
0: kd> p
mouclass!MouseClassReadCopyData+0x20:
f74f9d46 c1e703 shl edi,3
0: kd> p
mouclass!MouseClassReadCopyData+0x23:
f74f9d49 57 push edi
0: kd> p
mouclass!MouseClassReadCopyData+0x24:
f74f9d4a 68cc9a4ff7 push offset mouclass!MouseClassClose+0x26c (f74f9acc)
0: kd> p
mouclass!MouseClassReadCopyData+0x29:
f74f9d4f 6a03 push 3
0: kd> p
mouclass!MouseClassReadCopyData+0x2b:
f74f9d51 8945fc mov dword ptr [ebp-4],eax
0: kd> p
mouclass!MouseClassReadCopyData+0x2e:
f74f9d54 e8f3e4ffff call mouclass!MouDebugPrint (f74f824c)
0: kd> t
mouclass!MouDebugPrint:
f74f824c 55 push ebp
0: kd> x mouclass!Globals
f74fd040 mouclass!Globals = struct _GLOBALS
0: kd> dx -r1 (*((mouclass!_GLOBALS *)0xf74fd040))
(*((mouclass!_GLOBALS *)0xf74fd040)) [Type: _GLOBALS]
[+0x000]Debug : 0x0[Type: unsigned long]
[+0x004] GrandMaster : 0x0 [Type: _DEVICE_EXTENSION *]
[+0x008] AssocClassList : 0x0 [Type: _PORT *]
[+0x00c] NumAssocClass : 0x0 [Type: unsigned long]
[+0x010] Opens : 0 [Type: long]
[+0x014] NumberLegacyPorts : 0x0 [Type: unsigned long]
[+0x018] Mutex [Type: _FAST_MUTEX]
[+0x038] ConnectOneClassToOnePort : 0x1 [Type: unsigned long]
[+0x03c] PortsServiced : 0x3 [Type: unsigned long]
[+0x040] InitExtension [Type: _DEVICE_EXTENSION]
[+0x150] RegistryPath : "\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Mouclass" [Type: _UNICODE_STRING]
[+0x158] BaseClassName : "PointerClass" [Type: _UNICODE_STRING]
[+0x160] BaseClassBuffer [Type: unsigned short [256]]
[+0x360] LegacyDeviceList [Typ
