Monday, March 23, 2015

WDF: When is WdfDriverGlobals allocated?

Just for the record, a call stack when WdfDriverGlobals was allocated for a driver loaded at system boot.

 # Child-SP          RetAddr           Call Site
00 ffffd000`201a6188 fffff800`0047eaf9 Wdf01000!FxAllocateDriverGlobals
01 ffffd000`201a6190 fffff800`0047ea1a Wdf01000!FxLibraryCommonRegisterClient+0xa5
02 ffffd000`201a61d0 fffff800`0052b0ce Wdf01000!LibraryRegisterClient+0x5b
03 ffffd000`201a62e0 fffff800`0053109a WDFLDR!WdfVersionBind+0xce
04 ffffd000`201a6350 fffff800`9d91ab66 acpiex!FxDriverEntryWorker+0x6a
05 ffffd000`201a6380 fffff800`9d91a74f nt!IopInitializeBuiltinDriver+0x35a
06 ffffd000`201a6460 fffff800`9d919817 nt!PnpInitializeBootStartDriver+0x197
07 ffffd000`201a6590 fffff800`9d919c7c nt!IopInitializeCoreDrivers+0xdb
08 ffffd000`201a6610 fffff800`9d910026 nt!IopInitializeBootDrivers+0x134
09 ffffd000`201a68b0 fffff800`9d8fe94d nt!IoInitSystem+0x91e
0a ffffd000`201a69d0 fffff800`9d702ed1 nt!Phase1InitializationDiscard+0xe61
0b ffffd000`201a6bd0 fffff800`9d2f5c80 nt!Phase1Initialization+0x9
0c ffffd000`201a6c00 fffff800`9d3662c6 nt!PspSystemThreadStartup+0x58
0d ffffd000`201a6c60 00000000`00000000 nt!KiStartSystemThread+0x16


and for a driver loaded after the system boot after a USB stick had been plugged in

00 ffffd000`20912fe8 fffff800`0047eaf9 Wdf01000!FxAllocateDriverGlobals
01 ffffd000`20912ff0 fffff800`0047ea1a Wdf01000!FxLibraryCommonRegisterClient+0xa5
02 ffffd000`20913030 fffff800`0052b0ce Wdf01000!LibraryRegisterClient+0x5b
03 ffffd000`20913140 fffff800`02d2b3f7 WDFLDR!WdfVersionBind+0xce
04 ffffd000`209131b0 fffff800`9d646742 WpdUpFltr!FxDriverEntryWorker+0x77
05 ffffd000`209131e0 fffff800`9d653b47 nt!IopLoadDriver+0x5e2
06 ffffd000`209134a0 fffff800`9d604e45 nt!PipCallDriverAddDeviceQueryRoutine+0x25f
07 ffffd000`209135c0 fffff800`9d604b1c nt!PnpCallDriverQueryServiceHelper+0x121
08 ffffd000`20913630 fffff800`9d603f9f nt!PipCallDriverAddDevice+0x59c
09 ffffd000`209137d0 fffff800`9d69eb17 nt!PipProcessDevNodeTree+0x1cf
0a ffffd000`20913a50 fffff800`9d2fc033 nt!PiRestartDevice+0xaf
0b ffffd000`20913aa0 fffff800`9d24c65d nt!PnpDeviceActionWorker+0x3a3
0c ffffd000`20913b50 fffff800`9d2f5c80 nt!ExpWorkerThread+0x2b5
0d ffffd000`20913c00 fffff800`9d3662c6 nt!PspSystemThreadStartup+0x58
0e ffffd000`20913c60 00000000`00000000 nt!KiStartSystemThread+0x16

FxDriverEntryWorker is called by FxDriverEntry via jmp instruction, so there is no call frame on the stack, FxDriverEntry is a real driver entry function for WDF drivers.

No comments:

Post a Comment