TITLE C:\98DDK\src\usb\TEST98\SYS\testusb.c .386P include listing.inc if @Version gt 510 .model FLAT else _TEXT SEGMENT PARA USE32 PUBLIC 'CODE' _TEXT ENDS _DATA SEGMENT DWORD USE32 PUBLIC 'DATA' _DATA ENDS CONST SEGMENT DWORD USE32 PUBLIC 'CONST' CONST ENDS _BSS SEGMENT DWORD USE32 PUBLIC 'BSS' _BSS ENDS _TLS SEGMENT DWORD USE32 PUBLIC 'TLS' _TLS ENDS ; COMDAT _Test_CallUSBD@8 _TEXT SEGMENT PARA USE32 PUBLIC 'CODE' _TEXT ENDS ; COMDAT _Test_ProcessIOCTL@8 _TEXT SEGMENT PARA USE32 PUBLIC 'CODE' _TEXT ENDS ; COMDAT _Test_GetDeviceDescriptor@8 _TEXT SEGMENT PARA USE32 PUBLIC 'CODE' _TEXT ENDS ; COMDAT _Test_GetConfigDescriptor@12 _TEXT SEGMENT PARA USE32 PUBLIC 'CODE' _TEXT ENDS ; COMDAT _Test_Read@8 _TEXT SEGMENT PARA USE32 PUBLIC 'CODE' _TEXT ENDS ; COMDAT _Test_Write@8 _TEXT SEGMENT PARA USE32 PUBLIC 'CODE' _TEXT ENDS ; COMDAT _Test_Create@8 _TEXT SEGMENT PARA USE32 PUBLIC 'CODE' _TEXT ENDS FLAT GROUP _DATA, CONST, _BSS ASSUME CS: FLAT, DS: FLAT, SS: FLAT endif PUBLIC _Test_CallUSBD@8 EXTRN __imp__KeInitializeEvent@12:NEAR EXTRN __imp__KeWaitForSingleObject@20:NEAR EXTRN __imp__IoBuildDeviceIoControlRequest@36:NEAR EXTRN __imp_@IofCallDriver@8:NEAR ; COMDAT _Test_CallUSBD@8 _TEXT SEGMENT _DeviceObject$ = 8 _Urb$ = 12 _ntStatus$ = -44 _status$ = -12 _deviceData$ = -32 _irp$ = -4 _event$ = -28 _ioStatus$ = -40 _nextStack$ = -8 _Test_CallUSBD@8 PROC NEAR ; COMDAT ; 52 : { 00000 55 push ebp 00001 8b ec mov ebp, esp 00003 83 ec 2c sub esp, 44 ; 0000002cH 00006 53 push ebx 00007 56 push esi 00008 57 push edi ; 53 : NTSTATUS ntStatus, status = STATUS_SUCCESS; 00009 c7 45 f4 00 00 00 00 mov DWORD PTR _status$[ebp], 0 ; 54 : PFDO_DEVICE_DATA deviceData; ; 55 : PIRP irp; ; 56 : KEVENT event; ; 57 : IO_STATUS_BLOCK ioStatus; ; 58 : PIO_STACK_LOCATION nextStack; ; 59 : ; 60 : deviceData = (PFDO_DEVICE_DATA) DeviceObject->DeviceExtension; 00010 8b 45 08 mov eax, DWORD PTR _DeviceObject$[ebp] 00013 8b 40 28 mov eax, DWORD PTR [eax+40] 00016 89 45 e0 mov DWORD PTR _deviceData$[ebp], eax ; 61 : ; 62 : // issue a synchronous request (see notes above) ; 63 : KeInitializeEvent(&event, NotificationEvent, FALSE); 00019 6a 00 push 0 0001b 6a 00 push 0 0001d 8d 45 e4 lea eax, DWORD PTR _event$[ebp] 00020 50 push eax 00021 ff 15 00 00 00 00 call DWORD PTR __imp__KeInitializeEvent@12 ; 64 : ; 65 : irp = IoBuildDeviceIoControlRequest( ; 66 : IOCTL_INTERNAL_USB_SUBMIT_URB, ; 67 : deviceData->UnderlyingPDO, ; 68 : NULL, ; 69 : 0, ; 70 : NULL, ; 71 : 0, ; 72 : TRUE, /* INTERNAL */ ; 73 : &event, ; 74 : &ioStatus); 00027 8d 45 d8 lea eax, DWORD PTR _ioStatus$[ebp] 0002a 50 push eax 0002b 8d 45 e4 lea eax, DWORD PTR _event$[ebp] 0002e 50 push eax 0002f 6a 01 push 1 00031 6a 00 push 0 00033 6a 00 push 0 00035 6a 00 push 0 00037 6a 00 push 0 00039 8b 45 e0 mov eax, DWORD PTR _deviceData$[ebp] 0003c 8b 40 28 mov eax, DWORD PTR [eax+40] 0003f 50 push eax 00040 68 03 00 22 00 push 2228227 ; 00220003H 00045 ff 15 00 00 00 00 call DWORD PTR __imp__IoBuildDeviceIoControlRequest@36 0004b 89 45 fc mov DWORD PTR _irp$[ebp], eax ; 75 : ; 76 : // Prepare for calling the USB driver stack ; 77 : nextStack = IoGetNextIrpStackLocation(irp); 0004e 8b 45 fc mov eax, DWORD PTR _irp$[ebp] 00051 8b 40 60 mov eax, DWORD PTR [eax+96] 00054 83 e8 24 sub eax, 36 ; 00000024H 00057 89 45 f8 mov DWORD PTR _nextStack$[ebp], eax ; 78 : ASSERT(nextStack != NULL); ; 79 : ; 80 : // Set up the URB ptr to pass to the USB driver stack ; 81 : nextStack->Parameters.Others.Argument1 = Urb; 0005a 8b 45 0c mov eax, DWORD PTR _Urb$[ebp] 0005d 8b 4d f8 mov ecx, DWORD PTR _nextStack$[ebp] 00060 89 41 04 mov DWORD PTR [ecx+4], eax ; 82 : ; 83 : // Call the USB class driver to perform the operation. If the returned status ; 84 : // is PENDING, wait for the request to complete. ; 85 : ntStatus = IoCallDriver(deviceData->UnderlyingPDO, ; 86 : irp); 00063 8b 45 e0 mov eax, DWORD PTR _deviceData$[ebp] 00066 8b 55 fc mov edx, DWORD PTR _irp$[ebp] 00069 8b 48 28 mov ecx, DWORD PTR [eax+40] 0006c ff 15 00 00 00 00 call DWORD PTR __imp_@IofCallDriver@8 00072 89 45 d4 mov DWORD PTR _ntStatus$[ebp], eax ; 87 : ; 88 : if (ntStatus == STATUS_PENDING) { 00075 81 7d d4 03 01 00 00 cmp DWORD PTR _ntStatus$[ebp], 259 ; 00000103H 0007c 0f 85 1a 00 00 00 jne $L2988 ; 89 : ; 90 : status = KeWaitForSingleObject( ; 91 : &event, ; 92 : Suspended, ; 93 : KernelMode, ; 94 : FALSE, ; 95 : NULL); 00082 6a 00 push 0 00084 6a 00 push 0 00086 6a 00 push 0 00088 6a 05 push 5 0008a 8d 45 e4 lea eax, DWORD PTR _event$[ebp] 0008d 50 push eax 0008e ff 15 00 00 00 00 call DWORD PTR __imp__KeWaitForSingleObject@20 00094 89 45 f4 mov DWORD PTR _status$[ebp], eax ; 96 : ; 97 : } else { 00097 e9 06 00 00 00 jmp $L2989 $L2988: ; 98 : ioStatus.Status = ntStatus; 0009c 8b 45 d4 mov eax, DWORD PTR _ntStatus$[ebp] 0009f 89 45 d8 mov DWORD PTR _ioStatus$[ebp], eax $L2989: ; 99 : } ; 100 : ; 101 : // USBD maps the error code for us. USBD uses error codes in its URB ; 102 : // structure that are more insightful into USB behavior. To allow more insight into ; 103 : // the specific USB error that occurred, your driver may wish to examine the ; 104 : // URB's status code (Urb->UrbHeader.Status) as well. ; 105 : ntStatus = ioStatus.Status; 000a2 8b 45 d8 mov eax, DWORD PTR _ioStatus$[ebp] 000a5 89 45 d4 mov DWORD PTR _ntStatus$[ebp], eax ; 106 : ; 107 : return ntStatus; 000a8 8b 45 d4 mov eax, DWORD PTR _ntStatus$[ebp] 000ab e9 00 00 00 00 jmp $L2980 $L2980: ; 108 : } 000b0 5f pop edi 000b1 5e pop esi 000b2 5b pop ebx 000b3 c9 leave 000b4 c2 08 00 ret 8 _Test_CallUSBD@8 ENDP _TEXT ENDS PUBLIC _Test_GetDeviceDescriptor@8 PUBLIC _Test_GetConfigDescriptor@12 PUBLIC _Test_ProcessIOCTL@8 EXTRN _Test98_IncIoCount@4:NEAR EXTRN _Test98_DecIoCount@4:NEAR EXTRN __imp_@IofCompleteRequest@8:NEAR ; COMDAT _Test_ProcessIOCTL@8 _TEXT SEGMENT _DeviceObject$ = 8 _Irp$ = 12 _irpStack$ = -20 _ioBuffer$ = -8 _inputBufferLength$ = -16 _outputBufferLength$ = -36 _deviceData$ = -24 _ioControlCode$ = -28 _ntStatus$ = -32 _length$ = -12 _pch$ = -4 _Test_ProcessIOCTL@8 PROC NEAR ; COMDAT ; 124 : { 00000 55 push ebp 00001 8b ec mov ebp, esp 00003 83 ec 28 sub esp, 40 ; 00000028H 00006 53 push ebx 00007 56 push esi 00008 57 push edi ; 125 : PIO_STACK_LOCATION irpStack; ; 126 : PVOID ioBuffer; ; 127 : ULONG inputBufferLength; ; 128 : ULONG outputBufferLength; ; 129 : ; 130 : // PDEVICE_EXTENSION deviceExtension; ; 131 : PFDO_DEVICE_DATA deviceData; ; 132 : ; 133 : ULONG ioControlCode; ; 134 : NTSTATUS ntStatus; ; 135 : ULONG length; ; 136 : PUCHAR pch; ; 137 : ; 138 : ; 139 : // Get a pointer to the current location in the Irp. This is where ; 140 : // the function codes and parameters are located. ; 141 : irpStack = IoGetCurrentIrpStackLocation (Irp); 00009 8b 45 0c mov eax, DWORD PTR _Irp$[ebp] 0000c 8b 40 60 mov eax, DWORD PTR [eax+96] 0000f 89 45 ec mov DWORD PTR _irpStack$[ebp], eax ; 142 : ; 143 : Irp->IoStatus.Status = STATUS_SUCCESS; 00012 8b 45 0c mov eax, DWORD PTR _Irp$[ebp] 00015 c7 40 18 00 00 00 00 mov DWORD PTR [eax+24], 0 ; 144 : Irp->IoStatus.Information = 0; 0001c 8b 45 0c mov eax, DWORD PTR _Irp$[ebp] 0001f c7 40 1c 00 00 00 00 mov DWORD PTR [eax+28], 0 ; 145 : ; 146 : // Get a pointer to the device extension ; 147 : deviceData = (PFDO_DEVICE_DATA) DeviceObject->DeviceExtension; 00026 8b 45 08 mov eax, DWORD PTR _DeviceObject$[ebp] 00029 8b 40 28 mov eax, DWORD PTR [eax+40] 0002c 89 45 e8 mov DWORD PTR _deviceData$[ebp], eax ; 148 : ; 149 : // *** ; 150 : Test98_IncIoCount (deviceData); 0002f 8b 45 e8 mov eax, DWORD PTR _deviceData$[ebp] 00032 50 push eax 00033 e8 00 00 00 00 call _Test98_IncIoCount@4 ; 151 : ; 152 : ioBuffer = Irp->AssociatedIrp.SystemBuffer; 00038 8b 45 0c mov eax, DWORD PTR _Irp$[ebp] 0003b 8b 40 0c mov eax, DWORD PTR [eax+12] 0003e 89 45 f8 mov DWORD PTR _ioBuffer$[ebp], eax ; 153 : inputBufferLength = irpStack->Parameters.DeviceIoControl.InputBufferLength; 00041 8b 45 ec mov eax, DWORD PTR _irpStack$[ebp] 00044 8b 40 08 mov eax, DWORD PTR [eax+8] 00047 89 45 f0 mov DWORD PTR _inputBufferLength$[ebp], eax ; 154 : outputBufferLength = irpStack->Parameters.DeviceIoControl.OutputBufferLength; 0004a 8b 45 ec mov eax, DWORD PTR _irpStack$[ebp] 0004d 8b 40 04 mov eax, DWORD PTR [eax+4] 00050 89 45 dc mov DWORD PTR _outputBufferLength$[ebp], eax ; 155 : ; 156 : ioControlCode = irpStack->Parameters.DeviceIoControl.IoControlCode; 00053 8b 45 ec mov eax, DWORD PTR _irpStack$[ebp] 00056 8b 40 0c mov eax, DWORD PTR [eax+12] 00059 89 45 e4 mov DWORD PTR _ioControlCode$[ebp], eax ; 157 : ; 158 : // Handle Ioctls from User mode ; 159 : switch (ioControlCode) { 0005c 8b 45 e4 mov eax, DWORD PTR _ioControlCode$[ebp] 0005f 89 45 d8 mov DWORD PTR -40+[ebp], eax 00062 e9 88 00 00 00 jmp $L3002 $L3006: ; 160 : ; 161 : case IRP_Test_GET_PIPE_INFO: ; 162 : // inputs - none ; 163 : // outputs - we copy the interface information structure that we have ; 164 : // stored in our device extension area to the output buffer which ; 165 : // will be reflected to the user mode application by the IOS. ; 166 : length = 0; 00067 c7 45 f4 00 00 00 00 mov DWORD PTR _length$[ebp], 0 ; 167 : pch = (PUCHAR) ioBuffer; 0006e 8b 45 f8 mov eax, DWORD PTR _ioBuffer$[ebp] 00071 89 45 fc mov DWORD PTR _pch$[ebp], eax ; 168 : ; 169 : Irp->IoStatus.Information = length; 00074 8b 45 f4 mov eax, DWORD PTR _length$[ebp] 00077 8b 4d 0c mov ecx, DWORD PTR _Irp$[ebp] 0007a 89 41 1c mov DWORD PTR [ecx+28], eax ; 170 : Irp->IoStatus.Status = STATUS_SUCCESS; 0007d 8b 45 0c mov eax, DWORD PTR _Irp$[ebp] 00080 c7 40 18 00 00 00 00 mov DWORD PTR [eax+24], 0 ; 171 : ; 172 : break; 00087 e9 8f 00 00 00 jmp $L3003 $L3007: ; 173 : ; 174 : case IRP_Test_GET_DEVICE_DESCRIPTOR: ; 175 : // inputs - pointer to a buffer in which to place descriptor data ; 176 : // outputs - we put the device descriptor data, if any is returned by the device ; 177 : // in the system buffer and then we set the length inthe Information field ; 178 : // in the Irp, which will then cause the system to copy the buffer back ; 179 : // to the user's buffer ; 180 : ; 181 : length = Test_GetDeviceDescriptor (DeviceObject, ioBuffer); 0008c 8b 45 f8 mov eax, DWORD PTR _ioBuffer$[ebp] 0008f 50 push eax 00090 8b 45 08 mov eax, DWORD PTR _DeviceObject$[ebp] 00093 50 push eax 00094 e8 00 00 00 00 call _Test_GetDeviceDescriptor@8 00099 89 45 f4 mov DWORD PTR _length$[ebp], eax ; 182 : ; 183 : Irp->IoStatus.Information = length; 0009c 8b 45 f4 mov eax, DWORD PTR _length$[ebp] 0009f 8b 4d 0c mov ecx, DWORD PTR _Irp$[ebp] 000a2 89 41 1c mov DWORD PTR [ecx+28], eax ; 184 : Irp->IoStatus.Status = STATUS_SUCCESS; 000a5 8b 45 0c mov eax, DWORD PTR _Irp$[ebp] 000a8 c7 40 18 00 00 00 00 mov DWORD PTR [eax+24], 0 ; 185 : ; 186 : break; 000af e9 67 00 00 00 jmp $L3003 $L3008: ; 187 : ; 188 : case IRP_Test_GET_CONFIGURATION_DESCRIPTOR: ; 189 : ; 190 : // inputs - pointer to a buffer in which to place descriptor data ; 191 : // outputs - we put the configuration descriptor data, if any is returned by the device ; 192 : // in the system buffer and then we set the length in the Information field ; 193 : // in the Irp, which will then cause the system to copy the buffer back ; 194 : // to the user's buffer ; 195 : ; 196 : length = Test_GetConfigDescriptor (DeviceObject, ioBuffer, outputBufferLength); 000b4 8b 45 dc mov eax, DWORD PTR _outputBufferLength$[ebp] 000b7 50 push eax 000b8 8b 45 f8 mov eax, DWORD PTR _ioBuffer$[ebp] 000bb 50 push eax 000bc 8b 45 08 mov eax, DWORD PTR _DeviceObject$[ebp] 000bf 50 push eax 000c0 e8 00 00 00 00 call _Test_GetConfigDescriptor@12 000c5 89 45 f4 mov DWORD PTR _length$[ebp], eax ; 197 : ; 198 : Irp->IoStatus.Information = length; 000c8 8b 45 f4 mov eax, DWORD PTR _length$[ebp] 000cb 8b 4d 0c mov ecx, DWORD PTR _Irp$[ebp] 000ce 89 41 1c mov DWORD PTR [ecx+28], eax ; 199 : Irp->IoStatus.Status = STATUS_SUCCESS; 000d1 8b 45 0c mov eax, DWORD PTR _Irp$[ebp] 000d4 c7 40 18 00 00 00 00 mov DWORD PTR [eax+24], 0 ; 200 : ; 201 : break; 000db e9 3b 00 00 00 jmp $L3003 $L3009: ; 202 : ; 203 : ; 204 : default: ; 205 : ; 206 : Irp->IoStatus.Status = STATUS_INVALID_PARAMETER; 000e0 8b 45 0c mov eax, DWORD PTR _Irp$[ebp] 000e3 c7 40 18 0d 00 00 c0 mov DWORD PTR [eax+24], -1073741811 ; c000000dH ; 207 : }// switch on ioControlCode 000ea e9 2c 00 00 00 jmp $L3003 $L3002: 000ef 81 7d d8 00 20 22 00 cmp DWORD PTR -40+[ebp], 2236416 ; 00222000H 000f6 0f 84 6b ff ff ff je $L3006 000fc 81 7d d8 04 20 22 00 cmp DWORD PTR -40+[ebp], 2236420 ; 00222004H 00103 0f 84 83 ff ff ff je $L3007 00109 81 7d d8 08 20 22 00 cmp DWORD PTR -40+[ebp], 2236424 ; 00222008H 00110 0f 84 9e ff ff ff je $L3008 00116 e9 c5 ff ff ff jmp $L3009 $L3003: ; 208 : ; 209 : ntStatus = Irp->IoStatus.Status; 0011b 8b 45 0c mov eax, DWORD PTR _Irp$[ebp] 0011e 8b 40 18 mov eax, DWORD PTR [eax+24] 00121 89 45 e0 mov DWORD PTR _ntStatus$[ebp], eax ; 210 : ; 211 : IoCompleteRequest (Irp, ; 212 : IO_NO_INCREMENT ; 213 : ); 00124 33 d2 xor edx, edx 00126 8b 4d 0c mov ecx, DWORD PTR _Irp$[ebp] 00129 ff 15 00 00 00 00 call DWORD PTR __imp_@IofCompleteRequest@8 ; 214 : ; 215 : Test98_DecIoCount (deviceData); 0012f 8b 45 e8 mov eax, DWORD PTR _deviceData$[ebp] 00132 50 push eax 00133 e8 00 00 00 00 call _Test98_DecIoCount@4 ; 216 : ; 217 : return ntStatus; 00138 8b 45 e0 mov eax, DWORD PTR _ntStatus$[ebp] 0013b e9 00 00 00 00 jmp $L2992 $L2992: ; 218 : ; 219 : } 00140 5f pop edi 00141 5e pop esi 00142 5b pop ebx 00143 c9 leave 00144 c2 08 00 ret 8 _Test_ProcessIOCTL@8 ENDP _TEXT ENDS EXTRN __imp__ExAllocatePoolWithTag@12:NEAR EXTRN __imp__ExFreePool@4:NEAR ; COMDAT _Test_GetDeviceDescriptor@8 _TEXT SEGMENT _DeviceObject$ = 8 _pvOutputBuffer$ = 12 _deviceData$ = -12 _ntStatus$ = -16 _urb$ = -8 _length$ = -4 _Test_GetDeviceDescriptor@8 PROC NEAR ; COMDAT ; 234 : { 00000 55 push ebp 00001 8b ec mov ebp, esp 00003 83 ec 10 sub esp, 16 ; 00000010H 00006 53 push ebx 00007 56 push esi 00008 57 push edi ; 235 : PFDO_DEVICE_DATA deviceData = NULL; 00009 c7 45 f4 00 00 00 00 mov DWORD PTR _deviceData$[ebp], 0 ; 236 : ; 237 : NTSTATUS ntStatus = STATUS_SUCCESS; 00010 c7 45 f0 00 00 00 00 mov DWORD PTR _ntStatus$[ebp], 0 ; 238 : PURB urb = NULL; 00017 c7 45 f8 00 00 00 00 mov DWORD PTR _urb$[ebp], 0 ; 239 : ULONG length = 0; 0001e c7 45 fc 00 00 00 00 mov DWORD PTR _length$[ebp], 0 ; 240 : ; 241 : deviceData = (PFDO_DEVICE_DATA) DeviceObject->DeviceExtension; 00025 8b 45 08 mov eax, DWORD PTR _DeviceObject$[ebp] 00028 8b 40 28 mov eax, DWORD PTR [eax+40] 0002b 89 45 f4 mov DWORD PTR _deviceData$[ebp], eax ; 242 : ; 243 : urb = ExAllocatePool(NonPagedPool, ; 244 : sizeof(struct _URB_CONTROL_DESCRIPTOR_REQUEST)); 0002e 68 47 61 6d 65 push 1701667143 ; 656d6147H 00033 6a 50 push 80 ; 00000050H 00035 6a 00 push 0 00037 ff 15 00 00 00 00 call DWORD PTR __imp__ExAllocatePoolWithTag@12 0003d 89 45 f8 mov DWORD PTR _urb$[ebp], eax ; 245 : ; 246 : if (urb) { 00040 83 7d f8 00 cmp DWORD PTR _urb$[ebp], 0 00044 0f 84 8d 00 00 00 je $L3017 ; 247 : ; 248 : if (pvOutputBuffer) { 0004a 83 7d 0c 00 cmp DWORD PTR _pvOutputBuffer$[ebp], 0 0004e 0f 84 64 00 00 00 je $L3018 ; 249 : ; 250 : UsbBuildGetDescriptorRequest(urb, ; 251 : (USHORT) sizeof (struct _URB_CONTROL_DESCRIPTOR_REQUEST), ; 252 : USB_DEVICE_DESCRIPTOR_TYPE, //descriptor type ; 253 : 0, //index ; 254 : 0, //language ID ; 255 : pvOutputBuffer, //transfer buffer ; 256 : NULL, //MDL ; 257 : sizeof(USB_DEVICE_DESCRIPTOR), //buffer length ; 258 : NULL); //link 00054 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 00057 66 c7 40 02 0b 00 mov WORD PTR [eax+2], 11 ; 0000000bH 0005d 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 00060 66 c7 00 50 00 mov WORD PTR [eax], 80 ; 00000050H 00065 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 00068 c7 40 18 12 00 00 00 mov DWORD PTR [eax+24], 18 ; 00000012H 0006f 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 00072 c7 40 20 00 00 00 00 mov DWORD PTR [eax+32], 0 00079 8b 45 0c mov eax, DWORD PTR _pvOutputBuffer$[ebp] 0007c 8b 4d f8 mov ecx, DWORD PTR _urb$[ebp] 0007f 89 41 1c mov DWORD PTR [ecx+28], eax 00082 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 00085 c6 40 4b 01 mov BYTE PTR [eax+75], 1 00089 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 0008c c6 40 4a 00 mov BYTE PTR [eax+74], 0 00090 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 00093 66 c7 40 4c 00 00 mov WORD PTR [eax+76], 0 00099 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 0009c c7 40 24 00 00 00 00 mov DWORD PTR [eax+36], 0 ; 259 : ; 260 : ntStatus = Test_CallUSBD(DeviceObject, urb); 000a3 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 000a6 50 push eax 000a7 8b 45 08 mov eax, DWORD PTR _DeviceObject$[ebp] 000aa 50 push eax 000ab e8 00 00 00 00 call _Test_CallUSBD@8 000b0 89 45 f0 mov DWORD PTR _ntStatus$[ebp], eax ; 261 : ; 262 : } else { 000b3 e9 07 00 00 00 jmp $L3019 $L3018: ; 263 : ntStatus = STATUS_NO_MEMORY; 000b8 c7 45 f0 17 00 00 c0 mov DWORD PTR _ntStatus$[ebp], -1073741801 ; c0000017H $L3019: ; 264 : } ; 265 : ; 266 : // Get the length from the Urb ; 267 : length = urb->UrbControlDescriptorRequest.TransferBufferLength; 000bf 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 000c2 8b 40 18 mov eax, DWORD PTR [eax+24] 000c5 89 45 fc mov DWORD PTR _length$[ebp], eax ; 268 : ; 269 : ExFreePool(urb); 000c8 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 000cb 50 push eax 000cc ff 15 00 00 00 00 call DWORD PTR __imp__ExFreePool@4 ; 270 : ; 271 : } else { 000d2 e9 07 00 00 00 jmp $L3020 $L3017: ; 272 : ntStatus = STATUS_NO_MEMORY; 000d7 c7 45 f0 17 00 00 c0 mov DWORD PTR _ntStatus$[ebp], -1073741801 ; c0000017H $L3020: ; 273 : } ; 274 : ; 275 : return length; 000de 8b 45 fc mov eax, DWORD PTR _length$[ebp] 000e1 e9 00 00 00 00 jmp $L3012 $L3012: ; 276 : ; 277 : } 000e6 5f pop edi 000e7 5e pop esi 000e8 5b pop ebx 000e9 c9 leave 000ea c2 08 00 ret 8 _Test_GetDeviceDescriptor@8 ENDP _TEXT ENDS ; COMDAT _Test_GetConfigDescriptor@12 _TEXT SEGMENT _DeviceObject$ = 8 _pvOutputBuffer$ = 12 _ulLength$ = 16 _deviceData$ = -12 _ntStatus$ = -16 _urb$ = -8 _length$ = -4 _Test_GetConfigDescriptor@12 PROC NEAR ; COMDAT ; 339 : { 00000 55 push ebp 00001 8b ec mov ebp, esp 00003 83 ec 10 sub esp, 16 ; 00000010H 00006 53 push ebx 00007 56 push esi 00008 57 push edi ; 340 : PFDO_DEVICE_DATA deviceData = NULL; 00009 c7 45 f4 00 00 00 00 mov DWORD PTR _deviceData$[ebp], 0 ; 341 : NTSTATUS ntStatus = STATUS_SUCCESS; 00010 c7 45 f0 00 00 00 00 mov DWORD PTR _ntStatus$[ebp], 0 ; 342 : PURB urb = NULL; 00017 c7 45 f8 00 00 00 00 mov DWORD PTR _urb$[ebp], 0 ; 343 : ULONG length = 0; 0001e c7 45 fc 00 00 00 00 mov DWORD PTR _length$[ebp], 0 ; 344 : ; 345 : deviceData = (PFDO_DEVICE_DATA) DeviceObject->DeviceExtension; 00025 8b 45 08 mov eax, DWORD PTR _DeviceObject$[ebp] 00028 8b 40 28 mov eax, DWORD PTR [eax+40] 0002b 89 45 f4 mov DWORD PTR _deviceData$[ebp], eax ; 346 : ; 347 : urb = ExAllocatePool(NonPagedPool, ; 348 : sizeof(struct _URB_CONTROL_DESCRIPTOR_REQUEST)); 0002e 68 47 61 6d 65 push 1701667143 ; 656d6147H 00033 6a 50 push 80 ; 00000050H 00035 6a 00 push 0 00037 ff 15 00 00 00 00 call DWORD PTR __imp__ExAllocatePoolWithTag@12 0003d 89 45 f8 mov DWORD PTR _urb$[ebp], eax ; 349 : ; 350 : if (urb) { 00040 83 7d f8 00 cmp DWORD PTR _urb$[ebp], 0 00044 0f 84 8c 00 00 00 je $L3029 ; 351 : ; 352 : if (pvOutputBuffer) { 0004a 83 7d 0c 00 cmp DWORD PTR _pvOutputBuffer$[ebp], 0 0004e 0f 84 63 00 00 00 je $L3030 ; 353 : ; 354 : UsbBuildGetDescriptorRequest(urb, ; 355 : (USHORT) sizeof (struct _URB_CONTROL_DESCRIPTOR_REQUEST), ; 356 : USB_CONFIGURATION_DESCRIPTOR_TYPE, //descriptor type ; 357 : 0, //index ; 358 : 0, //language ID ; 359 : pvOutputBuffer, //transfer buffer ; 360 : NULL, //MDL ; 361 : ulLength, //buffer length ; 362 : NULL); //link 00054 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 00057 66 c7 40 02 0b 00 mov WORD PTR [eax+2], 11 ; 0000000bH 0005d 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 00060 66 c7 00 50 00 mov WORD PTR [eax], 80 ; 00000050H 00065 8b 45 10 mov eax, DWORD PTR _ulLength$[ebp] 00068 8b 4d f8 mov ecx, DWORD PTR _urb$[ebp] 0006b 89 41 18 mov DWORD PTR [ecx+24], eax 0006e 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 00071 c7 40 20 00 00 00 00 mov DWORD PTR [eax+32], 0 00078 8b 45 0c mov eax, DWORD PTR _pvOutputBuffer$[ebp] 0007b 8b 4d f8 mov ecx, DWORD PTR _urb$[ebp] 0007e 89 41 1c mov DWORD PTR [ecx+28], eax 00081 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 00084 c6 40 4b 02 mov BYTE PTR [eax+75], 2 00088 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 0008b c6 40 4a 00 mov BYTE PTR [eax+74], 0 0008f 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 00092 66 c7 40 4c 00 00 mov WORD PTR [eax+76], 0 00098 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 0009b c7 40 24 00 00 00 00 mov DWORD PTR [eax+36], 0 ; 363 : ; 364 : ntStatus = Test_CallUSBD(DeviceObject, urb); 000a2 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 000a5 50 push eax 000a6 8b 45 08 mov eax, DWORD PTR _DeviceObject$[ebp] 000a9 50 push eax 000aa e8 00 00 00 00 call _Test_CallUSBD@8 000af 89 45 f0 mov DWORD PTR _ntStatus$[ebp], eax ; 365 : ; 366 : } else { 000b2 e9 07 00 00 00 jmp $L3031 $L3030: ; 367 : ntStatus = STATUS_NO_MEMORY; 000b7 c7 45 f0 17 00 00 c0 mov DWORD PTR _ntStatus$[ebp], -1073741801 ; c0000017H $L3031: ; 368 : } ; 369 : ; 370 : // Get the length from the Urb ; 371 : length = urb->UrbControlDescriptorRequest.TransferBufferLength; 000be 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 000c1 8b 40 18 mov eax, DWORD PTR [eax+24] 000c4 89 45 fc mov DWORD PTR _length$[ebp], eax ; 372 : ; 373 : ExFreePool(urb); 000c7 8b 45 f8 mov eax, DWORD PTR _urb$[ebp] 000ca 50 push eax 000cb ff 15 00 00 00 00 call DWORD PTR __imp__ExFreePool@4 ; 374 : ; 375 : } else { 000d1 e9 07 00 00 00 jmp $L3032 $L3029: ; 376 : ntStatus = STATUS_NO_MEMORY; 000d6 c7 45 f0 17 00 00 c0 mov DWORD PTR _ntStatus$[ebp], -1073741801 ; c0000017H $L3032: ; 377 : } ; 378 : ; 379 : return length; 000dd 8b 45 fc mov eax, DWORD PTR _length$[ebp] 000e0 e9 00 00 00 00 jmp $L3024 $L3024: ; 380 : } 000e5 5f pop edi 000e6 5e pop esi 000e7 5b pop ebx 000e8 c9 leave 000e9 c2 0c 00 ret 12 ; 0000000cH _Test_GetConfigDescriptor@12 ENDP _TEXT ENDS PUBLIC _Test_Read@8 ; COMDAT _Test_Read@8 _TEXT SEGMENT _ntStatus$ = -4 _Test_Read@8 PROC NEAR ; COMDAT ; 397 : { 00000 55 push ebp 00001 8b ec mov ebp, esp 00003 83 ec 04 sub esp, 4 00006 53 push ebx 00007 56 push esi 00008 57 push edi ; 398 : NTSTATUS ntStatus = STATUS_SUCCESS; 00009 c7 45 fc 00 00 00 00 mov DWORD PTR _ntStatus$[ebp], 0 ; 399 : UNREFERENCED_PARAMETER (DeviceObject); ; 400 : UNREFERENCED_PARAMETER (Irp); ; 401 : return (ntStatus); 00010 8b 45 fc mov eax, DWORD PTR _ntStatus$[ebp] 00013 e9 00 00 00 00 jmp $L3035 $L3035: ; 402 : ; 403 : } 00018 5f pop edi 00019 5e pop esi 0001a 5b pop ebx 0001b c9 leave 0001c c2 08 00 ret 8 _Test_Read@8 ENDP _TEXT ENDS PUBLIC _Test_Write@8 ; COMDAT _Test_Write@8 _TEXT SEGMENT _ntStatus$ = -4 _Test_Write@8 PROC NEAR ; COMDAT ; 420 : { 00000 55 push ebp 00001 8b ec mov ebp, esp 00003 83 ec 04 sub esp, 4 00006 53 push ebx 00007 56 push esi 00008 57 push edi ; 421 : ; 422 : NTSTATUS ntStatus = STATUS_SUCCESS; 00009 c7 45 fc 00 00 00 00 mov DWORD PTR _ntStatus$[ebp], 0 ; 423 : UNREFERENCED_PARAMETER (DeviceObject); ; 424 : UNREFERENCED_PARAMETER (Irp); ; 425 : return (ntStatus); 00010 8b 45 fc mov eax, DWORD PTR _ntStatus$[ebp] 00013 e9 00 00 00 00 jmp $L3039 $L3039: ; 426 : ; 427 : } 00018 5f pop edi 00019 5e pop esi 0001a 5b pop ebx 0001b c9 leave 0001c c2 08 00 ret 8 _Test_Write@8 ENDP _TEXT ENDS PUBLIC _Test_Create@8 ; COMDAT _Test_Create@8 _TEXT SEGMENT _Irp$ = 12 _ntStatus$ = -4 _Test_Create@8 PROC NEAR ; COMDAT ; 435 : { 00000 55 push ebp 00001 8b ec mov ebp, esp 00003 83 ec 04 sub esp, 4 00006 53 push ebx 00007 56 push esi 00008 57 push edi ; 436 : NTSTATUS ntStatus; ; 437 : ; 438 : Irp->IoStatus.Status = STATUS_SUCCESS; 00009 8b 45 0c mov eax, DWORD PTR _Irp$[ebp] 0000c c7 40 18 00 00 00 00 mov DWORD PTR [eax+24], 0 ; 439 : Irp->IoStatus.Information = 0; 00013 8b 45 0c mov eax, DWORD PTR _Irp$[ebp] 00016 c7 40 1c 00 00 00 00 mov DWORD PTR [eax+28], 0 ; 440 : ; 441 : // Create all the symbolic links here ; 442 : ntStatus = Irp->IoStatus.Status; 0001d 8b 45 0c mov eax, DWORD PTR _Irp$[ebp] 00020 8b 40 18 mov eax, DWORD PTR [eax+24] 00023 89 45 fc mov DWORD PTR _ntStatus$[ebp], eax ; 443 : ; 444 : IoCompleteRequest (Irp,IO_NO_INCREMENT); 00026 33 d2 xor edx, edx 00028 8b 4d 0c mov ecx, DWORD PTR _Irp$[ebp] 0002b ff 15 00 00 00 00 call DWORD PTR __imp_@IofCompleteRequest@8 ; 445 : ; 446 : UNREFERENCED_PARAMETER (DeviceObject); ; 447 : ; 448 : return ntStatus; 00031 8b 45 fc mov eax, DWORD PTR _ntStatus$[ebp] 00034 e9 00 00 00 00 jmp $L3043 $L3043: ; 449 : ; 450 : } 00039 5f pop edi 0003a 5e pop esi 0003b 5b pop ebx 0003c c9 leave 0003d c2 08 00 ret 8 _Test_Create@8 ENDP _TEXT ENDS END