ACPI!ParseOpcode函数中ACPI!FindOpcodeTerm后找到ACPI!_amlterm然后调用PushTerm在接下来的ACPI!ParseTerm中会用到
第一部分:
NTSTATUS LOCAL ParseOpcode(PCTXT pctxt, PUCHAR pbScopeEnd, POBJDATA pdataResult)
{
TRACENAME("PARSEOPCODE")
NTSTATUS rc = STATUS_SUCCESS;
PUCHAR pbOpTerm;
PAMLTERM pamlterm;
#ifdef DEBUGGER
int iBrkPt;
#endif
ENTER(2, ("ParseOpcode(pctxt=%x,pbOp=%x,pbScopeEnd=%x,pdataResult=%x)\n",
pctxt, pctxt->pbOp, pbScopeEnd, pdataResult));
ASSERT(pdataResult != NULL);
#ifdef DEBUGGER
if ((iBrkPt = CheckBP(pctxt->pbOp)) != -1)
{
PRINTF("\nHit Breakpoint %d.\n", iBrkPt);
AMLIDebugger(FALSE);
}
#endif
pbOpTerm = pctxt->pbOp;
if (*pctxt->pbOp == OP_EXT_PREFIX)
{
pctxt->pbOp++;
pamlterm = FindOpcodeTerm(*pctxt->pbOp, ExOpcodeTable);
}
PAMLTERM LOCAL FindOpcodeTerm(ULONG dwOp, POPCODEMAP pOpTable)
{
TRACENAME("FINDOPCODETERM")
PAMLTERM pamlterm = NULL;
ENTER(3, ("FindOpcodeTerm(Op=%x,pOpTable=%x)\n", dwOp, pOpTable));
while (pOpTable->pamlterm != NULL)
{
if (dwOp == pOpTable->dwOpcode)
{
pamlterm = pOpTable->pamlterm;
break;
}
else
pOpTable++;
}
EXIT(3, ("FindOpcodeTerm=%x\n", pamlterm));
return pamlterm;
} //FindOpcodeTerm
f7439b40 00000080 f7438eb0
0: kd>dt ACPI!_amlterm f7438eb0
+0x000 pszTermName : 0xf742c6a0 "OperationRegion"
+0x004 dwOpcode : 0x805b
+0x008 pszArgTypes : 0xf742c698 "NBCC"
+0x00c dwTermClass : 2
+0x010 dwfOpcode : 0
+0x014 pfnCallBack : (null)
+0x018 dwCBData : 0
+0x01c pfnOpcode : 0xf742190e long ACPI!OpRegion+0 下次会调用ACPI!OpRegion
0: kd> gu
eax=f7438eb0 ebx=8997c000 ecx=f7438eb0 edx=899af000 esi=8997c03c edi=f74c7821
eip=f742727e esp=f789a0f4 ebp=f789a108 iopl=0 nv up ei pl zr na pe nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000246
ACPI!ParseOpcode+0x96:
f742727e 59 pop ecx
eax=f7438eb0 正确!!!
第二部分:
NTSTATUS LOCAL ParseOpcode(PCTXT pctxt, PUCHAR pbScopeEnd, POBJDATA pdataResult)
{
else
{
//
// Must be an ASL Term.
//
pctxt->pbOp++;
rc = PushTerm(pctxt, pbOpTerm, pbScopeEnd, pamlterm, pdataResult);
}
第三部分:
0: kd> t
eax=8997de00 ebx=f743a948 ecx=8997c000 edx=00000050 esi=8997c000 edi=8997de20
eip=f7427a34 esp=f789a134 ebp=f789a158 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
ACPI!ParseTerm:
f7427a34 55 push ebp
0: kd> kc
#
00 ACPI!ParseTerm
01 ACPI!RunContext
02 ACPI!InsertReadyQueue
03 ACPI!RestartContext
04 ACPI!SyncLoadDDB
05 ACPI!AMLILoadDDB
06 ACPI!ACPIInitializeDDB
07 ACPI!ACPIInitializeDDBs
08 ACPI!ACPIInitialize
09 ACPI!ACPIInitStartACPI
0a ACPI!ACPIRootIrpStartDevice
0b ACPI!ACPIDispatchIrp
0c nt!IofCallDriver
0d nt!IopSynchronousCall
0e nt!IopStartDevice
0f nt!PipProcessStartPhase1
10 nt!PipProcessDevNodeTree
11 nt!PipDeviceActionWorker
12 nt!PipRequestDeviceAction
13 nt!IopInitializeBootDrivers
14 nt!IoInitSystem
15 nt!Phase1Initialization
16 nt!PspSystemThreadStartup
17 nt!KiThreadStartup
0: kd> dv
pctxt = 0x8997c000
pterm = 0x8997de20
rc = 0n0
0: kd> dx -id 0,0,899a2278 -r1 ((ACPI!_ctxt *)0x8997c000)
((ACPI!_ctxt *)0x8997c000) : 0x8997c000 [Type: _ctxt *]
[+0x000] dwSig : 0x54585443 [Type: unsigned long]
[+0x004] pbCtxtEnd : 0x8997e000 : 0x54 [Type: unsigned char *]
[+0x008] listCtxt [Type: _List]
[+0x010] listQueue [Type: _List]
[+0x018] pplistCtxtQueue : 0x0 [Type: _List * *]
[+0x01c] plistResources : 0x0 [Type: _List *]
[+0x020] dwfCtxt : 0x10 [Type: unsigned long]
[+0x024] pnsObj : 0x0 [Type: _NSObj *]
[+0x028] pnsScope : 0x899affac [Type: _NSObj *]
[+0x02c] powner : 0x899af330 [Type: _objowner *]
[+0x030] pcall : 0x8997df34 [Type: _call *]
[+0x034] pnctxt : 0x0 [Type: _nestedctxt *]
[+0x038] dwSyncLevel : 0x0 [Type: unsigned long]
[+0x03c] pbOp : 0xf74c7823 : 0x52 [Type: unsigned char *]
[+0x040] Result [Type: _ObjData]
[+0x054] pfnAsyncCallBack : 0xf741eeb5 [Type: void (__cdecl*)(_NSObj *,long,_ObjData *,void *)]
[+0x058] pdataCallBack : 0x0 [Type: _ObjData *]
[+0x05c] pvContext : 0xf789a1bc [Type: void *]
[+0x060] Timer [Type: _KTIMER]
[+0x088] Dpc [Type: _KDPC]
[+0x0a8] pheapCurrent : 0x899af000 [Type: _heap *]
[+0x0ac] CtxtData [Type: _ctxtdata]
[+0x0bc] LocalHeap [Type: _heap]
0: kd> dx -id 0,0,899a2278 -r1 (*((ACPI!_heap *)0x8997c0bc))
(*((ACPI!_heap *)0x8997c0bc)) [Type: _heap]
[+0x000] dwSig : 0x50414548 [Type: unsigned long]
[+0x004] pbHeapEnd : 0x8997de20 : 0x54 [Type: unsigned char *]
[+0x008] pheapHead : 0x8997c0bc [Type: _heap *]
[+0x00c] pheapNext : 0x0 [Type: _heap *]
[+0x010] pbHeapTop : 0x8997c0d4 : 0x0 [Type: unsigned char *]
[+0x014] plistFreeHeap : 0x0 [Type: _List *]
[+0x018] Heap [Type: _heapobjhdr]
参考:PushTerm之前,上一次是:
0: kd> dt _FRAMEHDR 0x8997de54
ACPI!_framehdr
+0x000 dwSig : 0x504f4353
+0x004 dwLen : 0x28
+0x008 dwfFrame : 1
+0x00c pfnParse : 0xf74274fd long ACPI!ParseScope+0
参考:
0: kd> dx -id 0,0,899a2278 -r1 ((ACPI!_term *)0x8997de20) 地址减少了。
((ACPI!_term *)0x8997de20) : 0x8997de20 [Type: _term *]
[+0x000] FrameHdr [Type: _framehdr]
[+0x010] pbOpTerm : 0xf74c7821 : 0x5b [Type: unsigned char *]
[+0x014] pbOpEnd : 0x0 [Type: unsigned char *]
[+0x018] pbScopeEnd : 0xf74c92a2 : 0x14 [Type: unsigned char *]
[+0x01c] pamlterm : 0xf7438eb0[Type: _amlterm *] pamlterm : 0xf7438eb0
[+0x020] pnsObj : 0x0 [Type: _NSObj *]
[+0x024] iArg : 0 [Type: int]
[+0x028] icArgs : 4 [Type: int] 四个参数:
[+0x02c] pdataArgs : 0x899b0134 [Type: _ObjData *]
[+0x030] pdataResult : 0x8997c040 [Type: _ObjData *]
0: kd> dv
pctxt = 0x8997c000
pterm = 0x8997de20
rc = 0n0
0: kd> dx -id 0,0,899a2278 -r1 ((ACPI!_term *)0x8997de20)
((ACPI!_term *)0x8997de20) : 0x8997de20 [Type: _term *]
[+0x000] FrameHdr [Type: _framehdr]
[+0x010] pbOpTerm : 0xf74c7821 : 0x5b [Type: unsigned char *]
[+0x014] pbOpEnd : 0x0 [Type: unsigned char *]
[+0x018] pbScopeEnd : 0xf74c92a2 : 0x14 [Type: unsigned char *]
[+0x01c] pamlterm : 0xf7438eb0 [Type: _amlterm *]
[+0x020] pnsObj : 0x0 [Type: _NSObj *]
[+0x024] iArg : 4 [Type: int]
[+0x028] icArgs : 4 [Type: int]
[+0x02c] pdataArgs : 0x899b0134 [Type: _ObjData *]
[+0x030] pdataResult : 0x8997c040 [Type: _ObjData *]
0: kd> dx -id 0,0,899a2278 -r1 ((ACPI!_amlterm *)0xf7438eb0)
((ACPI!_amlterm *)0xf7438eb0) : 0xf7438eb0 [Type: _amlterm *]
[+0x000] pszTermName : 0xf742c6a0 : "OperationRegion" [Type: char *]
[+0x004] dwOpcode : 0x805b [Type: unsigned long]
[+0x008] pszArgTypes : 0xf742c698 : "NBCC" [Type: char *]
[+0x00c] dwTermClass : 0x2 [Type: unsigned long]
[+0x010] dwfOpcode : 0x0 [Type: unsigned long]
[+0x014] pfnCallBack : 0x0 [Type: long (__cdecl*)(unsigned long,unsigned long,_NSObj *,unsigned long)]
[+0x018] dwCBData : 0x0 [Type: unsigned long]
[+0x01c] pfnOpcode : 0xf742190e [Type: long (__cdecl*)()]
0: kd> u f742190e
ACPI!OpRegion [d:\srv03rtm\base\busdrv\acpi\driver\amlinew\namedobj.c @ 717]:
f742190e 55 push ebp
f742190f 8bec mov ebp,esp
f7421911 83ec0c sub esp,0Ch
f7421914 53 push ebx
f7421915 56 push esi
f7421916 57 push edi
f7421917 6a01 push 1
f7421919 68484743f7 push offset ACPI!`string' (f7434748)
if (pterm->pamlterm->pfnOpcode != NULL)
{
if (((rc =pterm->pamlterm->pfnOpcode(pctxt, pterm)) !=
STATUS_SUCCESS) ||
(&pterm->FrameHdr != (PFRAMEHDR)pctxt->LocalHeap.pbHeapEnd))
{
break;
}
}
0: kd> t
eax=f742190e ebx=8997c000 ecx=f743960a edx=00000000 esi=8997de20 edi=00000003
eip=f742190e esp=f789a118 ebp=f789a130 iopl=0 nv up ei ng nz na po nc
cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00000282
ACPI!OpRegion:
f742190e 55 push ebp
0: kd> kc
#
00 ACPI!OpRegion
01 ACPI!ParseTerm
02 ACPI!RunContext
03 ACPI!InsertReadyQueue
04 ACPI!RestartContext
05 ACPI!SyncLoadDDB
06 ACPI!AMLILoadDDB
07 ACPI!ACPIInitializeDDB
08 ACPI!ACPIInitializeDDBs
09 ACPI!ACPIInitialize
0a ACPI!ACPIInitStartACPI
0b ACPI!ACPIRootIrpStartDevice
0c ACPI!ACPIDispatchIrp
0d nt!IofCallDriver
0e nt!IopSynchronousCall
0f nt!IopStartDevice
10 nt!PipProcessStartPhase1
11 nt!PipProcessDevNodeTree
12 nt!PipDeviceActionWorker
13 nt!PipRequestDeviceAction
14 nt!IopInitializeBootDrivers
15 nt!IoInitSystem
16 nt!Phase1Initialization
17 nt!PspSystemThreadStartup
18 nt!KiThreadStartup
0: kd> dv
pctxt = 0x8997c000
pterm = 0x8997de20
rc = 0n8
XlatedAddr = {-629913449958211584}
