这篇文章其实和BIOS关系不大,之所以放在这里更关键的是给大家提供一种Windows 下针对IRQ, Interrupt Vector 的分析方法。

我有一台 WHL HDK ,上面有4个实体按键,分别是 Power Button ,Volume Up, Volume Down 和Reset。从电路图上来看,Volume Up 和 Down 是直接连接进入EC的。起初我以为按下时会产生Q Event,但始终无法在 ASL 中触发对应的 Event。后来仔细琢磨:所谓“条条大路通罗马”,抓不到的原因非常可能是EC 并不是通过 Q_Event 的方式来通知的系统,很可能是通过多媒体按键的键值方式传递这个消息的。为此,进行下面的实验:

1.打开设备管理器查看一下 PS2 键盘,上面给出的 IRQ1:

2.连接好 WinDBG 后查看IRQ1 的中断号(如果出错,那么需要用 .reload 加载一下Symbols),可以看到对应的Vector 是 80:

||0:1: kd> !ioapic
Controller at 0xfffff798800537f0 I/O APIC at VA 0xfffff79880057000
IoApic @ FEC00000  ID:2 (20)  Arb:0
Inti00.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti01.: 00150000`00000080  Vec:80  FixedDel  IrtIdx:000a      edg high        
Inti02.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti03.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti04.: 00170000`00000070  Vec:70  FixedDel  IrtIdx:000b      edg high       
Inti05.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti06.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti07.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti08.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti09.: 000f0000`000080b0  Vec:B0  FixedDel  IrtIdx:0007      lvl high       
Inti0A.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti0B.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti0C.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti0D.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti0E.: 00130000`0000a0a0  Vec:A0  FixedDel  IrtIdx:0009      lvl low        
Inti0F.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti10.: 001d0000`0000a0a1  Vec:A1  FixedDel  IrtIdx:000e      lvl low        
Inti11.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti12.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti13.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti14.: 001f0000`0000a091  Vec:91  FixedDel  IrtIdx:000f      lvl low        
Inti15.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti16.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti17.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti18.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti19.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti1A.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti1B.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti1C.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti1D.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti1E.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti1F.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti20.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti21.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti22.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti23.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti24.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti25.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti26.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti27.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti28.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti29.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti2A.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti2B.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti2C.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti2D.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti2E.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti2F.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti30.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti31.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti32.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti33.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti34.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti35.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti36.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti37.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti38.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti39.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti3A.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti3B.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti3C.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti3D.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti3E.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti3F.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti40.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti41.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti42.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti43.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti44.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti45.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti46.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti47.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti48.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti49.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti4A.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti4B.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti4C.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti4D.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti4E.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti4F.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti50.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti51.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti52.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti53.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti54.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti55.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti56.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti57.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti58.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti59.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti5A.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti5B.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti5C.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti5D.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti5E.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti5F.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti60.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti61.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti62.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti63.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti64.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti65.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti66.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti67.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti68.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti69.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti6A.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti6B.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti6C.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti6D.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti6E.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti6F.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti70.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti71.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti72.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti73.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti74.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti75.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti76.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m
Inti77.: 00000000`000100ff  Vec:FF  FixedDel  Ph:00000000      edg high      m

Controller at 0xfffff79880053a38 PIC
Controller at 0xfffff79880053c60 PIC

3.接下来使用 IDT 查看0x80 这个 Vector,描述为i8042prt!I8042KeyboardInterruptService

||0:1: kd> !idt

Dumping IDT: ffff920126fb1000

00:	fffff801ff7a7d00 nt!KiDivideErrorFault
01:	fffff801ff7a8080 nt!KiDebugTrapOrFault
02:	fffff801ff7a84c0 nt!KiNmiInterrupt	Stack = 0xFFFF920126FB0200
03:	fffff801ff7a8980 nt!KiBreakpointTrap
04:	fffff801ff7a8d00 nt!KiOverflowTrap
05:	fffff801ff7a9080 nt!KiBoundFault
06:	fffff801ff7a9640 nt!KiInvalidOpcodeFault
07:	fffff801ff7a9bc0 nt!KiNpxNotAvailableFault
08:	fffff801ff7a9f00 nt!KiDoubleFaultAbort	Stack = 0xFFFF920126FAC200
09:	fffff801ff7aa240 nt!KiNpxSegmentOverrunAbort
0a:	fffff801ff7aa580 nt!KiInvalidTssFault
0b:	fffff801ff7aa8c0 nt!KiSegmentNotPresentFault
0c:	fffff801ff7aacc0 nt!KiStackFault
0d:	fffff801ff7ab080 nt!KiGeneralProtectionFault
0e:	fffff801ff7ab400 nt!KiPageFault
10:	fffff801ff7abb00 nt!KiFloatingErrorFault
11:	fffff801ff7abf00 nt!KiAlignmentFault
12:	fffff801ff7ac280 nt!KiMcheckAbort	Stack = 0xFFFF920126FAE200
13:	fffff801ff7acdc0 nt!KiXmmException
14:	fffff801ff7ad1c0 nt!KiVirtualizationException
1f:	fffff801ff7a0890 nt!KiApcInterrupt
20:	fffff801ff7a15a0 nt!KiSwInterrupt
29:	fffff801ff7ad780 nt!KiRaiseSecurityCheckFailure
2c:	fffff801ff7adb00 nt!KiRaiseAssertion
2d:	fffff801ff7ade80 nt!KiDebugServiceTrap
2f:	fffff801ff7a36d0 nt!KiDpcInterrupt
30:	fffff801ff7a0ed0 nt!KiHvInterrupt
31:	fffff801ff7a1c00 nt!KiVmbusInterrupt0
32:	fffff801ff7a22b0 nt!KiVmbusInterrupt1
33:	fffff801ff7a2960 nt!KiVmbusInterrupt2
34:	fffff801ff7a3010 nt!KiVmbusInterrupt3
35:	fffff801ff79f0d8 hal!HalpInterruptCmciService (KINTERRUPT fffff801fffcceb0)

50:	fffff801ff79f1b0 USBXHCI!Interrupter_WdfEvtInterruptIsr (KMDF) (KINTERRUPT ffff9201281edc80)

60:	fffff801ff79f230 iaStorAC+0xf4b4 (STORPORT) (KINTERRUPT ffff920127556c80)

70:	fffff801ff79f2b0 serial!SerialCIsrSw (KINTERRUPT ffff920127556b40)

80:	fffff801ff79f330 i8042prt!I8042KeyboardInterruptService (KINTERRUPT ffff920127556500)

81:	fffff801ff79f338 TeeDriverW8x64+0x129e0 (KMDF) (KINTERRUPT ffff9201281eda00)

91:	fffff801ff79f3b8 ISH+0xa840 (KMDF) (KINTERRUPT ffff9201281ed8c0)

a0:	fffff801ff79f430 msgpioclx!GpioClxEvtInterruptIsr (KMDF) (KINTERRUPT ffff920127556a00)

	                 msgpioclx!GpioClxEvtInterruptIsr (KMDF) (KINTERRUPT ffff9201275568c0)

	                 msgpioclx!GpioClxEvtInterruptIsr (KMDF) (KINTERRUPT ffff920127556780)

	                 msgpioclx!GpioClxEvtInterruptIsr (KMDF) (KINTERRUPT ffff920127556640)

	                 msgpioclx!GpioClxEvtInterruptIsr (KMDF) (KINTERRUPT ffff9201275563c0)

	                 msgpioclx!GpioClxEvtInterruptIsr (KMDF) (KINTERRUPT ffff920127556280)

	                 msgpioclx!GpioClxEvtInterruptIsr (KMDF) (KINTERRUPT ffff920127556140)

	                 msgpioclx!GpioClxEvtInterruptIsr (KMDF) (KINTERRUPT ffff920127556000)

	                 msgpioclx!GpioClxEvtInterruptIsr (KMDF) (KINTERRUPT ffff9201281eddc0)

	                 msgpioclx!GpioClxEvtInterruptIsr (KMDF) (KINTERRUPT ffff9201281edb40)

a1:	fffff801ff79f438 iaLPSS2_I2C+0x5470 (KMDF) (KINTERRUPT ffff9201281ed780)

	                 HDAudBus!HdaController::Isr (KINTERRUPT ffff9201281ed640)

b0:	fffff801ff79f4b0 ACPI!ACPIInterruptServiceRoutine (KINTERRUPT ffff920127556dc0)

b1:	fffff801ff79f4b8 dxgkrnl!DpiFdoMessageInterruptRoutine (KINTERRUPT ffff9201281ed500)

cd:	fffff801ff79f598 hal!HalpInterruptThermalService (KINTERRUPT ffffaa82d3cf3400)

ce:	fffff801ff79f5a0 hal!HalpIommuInterruptRoutine (KINTERRUPT ffffaa82d3cef100)

d1:	fffff801ff79f5b8 hal!HalpTimerClockInterrupt (KINTERRUPT ffffaa82d3cef300)

d2:	fffff801ff79f5c0 hal!HalpTimerClockIpiRoutine (KINTERRUPT ffffaa82d3cef200)

d7:	fffff801ff79f5e8 hal!HalpInterruptRebootService (KINTERRUPT fffff801fffcd1b0)

d8:	fffff801ff79f5f0 hal!HalpInterruptStubService (KINTERRUPT fffff801fffcd0b0)

df:	fffff801ff79f628 hal!HalpInterruptSpuriousService (KINTERRUPT fffff801fffccfb0)

e1:	fffff801ff7a3c60 nt!KiIpiInterrupt
e2:	fffff801ff79f640 hal!HalpInterruptLocalErrorService (KINTERRUPT fffff801fffcd2b0)

e3:	fffff801ff79f648 hal!HalpInterruptDeferredRecoveryService (KINTERRUPT ffffaa82d3cef000)

fe:	fffff801ff79f720 hal!HalpPerfInterrupt (KINTERRUPT fffff801fffcd3b0)

4.直接对其下中断

bp i8042prt!I8042KeyboardInterruptService

5. 随后按下VolumeUp或者VolumeDown即可触发这个中断

Breakpoint 0 hit
i8042prt!I8042KeyboardInterruptService:
fffff80b`da5d5e40 488bc4          mov     rax,rsp

最终证明当前的 WHL HDK 是用发PS2键盘消息的方式来实现音量的增减的。如果想修改为Q_Event 的方式,那么需要 EC 工程师配合才能实现。

Leave a Reply

电子邮件地址不会被公开。 必填项已用*标注

You may use these HTML tags and attributes:

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>