Hi,
I’m trying to find address of nt!ZwGetDevicePowerState routine under Win10 kernel. What will be the best approach to do it?
Thank you in advance,
Al
About all you can do is look in ntdll.dll and decode the GetDevicePowerState
to see what the index into the SSDT, then look in the SSDT for actual
address. The bigger question is why do you want this, it has no practical
value.
Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com
Sent: Thursday, December 14, 2017 4:26 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Address of ZwGetDevicePowerState
Hi,
I’m trying to find address of nt!ZwGetDevicePowerState routine under Win10
kernel. What will be the best approach to do it?
Thank you in advance,
Al
—
NTDEV is sponsored by OSR
Visit the list online at:
http:
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
drivers!
Details at http:
To unsubscribe, visit the List Server section of OSR Online at
http:</http:></http:></http:>
What bigger problem are you trying to solve by calling this API?
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com
Sent: Thursday, December 14, 2017 1:26 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Address of ZwGetDevicePowerState
Hi,
I’m trying to find address of nt!ZwGetDevicePowerState routine under Win10 kernel. What will be the best approach to do it?
Thank you in advance,
Al
—
NTDEV is sponsored by OSR
Visit the list online at: https:
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at https:
To unsubscribe, visit the List Server section of OSR Online at https:</https:></https:></https:>
Hi Don,
Thank you for your suggestion. The problem is that SSFT changes in every new build of Windows kernel. I need somehow make it automatically.
Don, Doron,
> The bigger question is why do you want this, it has no practical value
> What bigger problem are you trying to solve by calling this API
My device is communicating with 3rd party device via specific interface. Sometimes, 3rd party device is going into D3. In such case I need Queue communicated data until 3rd party device is again in D0. ZwGetDevicePowerState allows me the simple poll of the device power state.
Could you either suggest other method to check device power state or suggest method to get address of ZwGetDevicePowerState that will work with ever changing SSDT indexes?
Thank you in advance,
Al
Your third party driver has a bug. When in D3 and it receives a IRP that requires D0, the driver needs to go back to D0 without your driver polling for state changes. Get the third party driver fixed.
Furthermore, ZwGetDevicePowerState relies on the power state reported by the PDO, not the FDO the third party driver implements and requires that it call PoSetPowerState properly. PoSetPowerState has no runtime side effects outside of the state being reported, so many drivers don’t implement properly (KMDF does it properly on behalf of the driver)
d
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com
Sent: Thursday, December 14, 2017 1:50 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Address of ZwGetDevicePowerState
Hi Don,
Thank you for your suggestion. The problem is that SSFT changes in every new build of Windows kernel. I need somehow make it automatically.
Don, Doron,
>> The bigger question is why do you want this, it has no practical
>> value What bigger problem are you trying to solve by calling this API
My device is communicating with 3rd party device via specific interface. Sometimes, 3rd party device is going into D3. In such case I need Queue communicated data until 3rd party device is again in D0. ZwGetDevicePowerState allows me the simple poll of the device power state.
Could you either suggest other method to check device power state or suggest method to get address of ZwGetDevicePowerState that will work with ever changing SSDT indexes?
Thank you in advance,
Al
—
NTDEV is sponsored by OSR
Visit the list online at: https:
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at https:
To unsubscribe, visit the List Server section of OSR Online at https:</https:></https:></https:>
Hi Doron,
> Your third party driver has a bug. … Get the third party driver fixed.
You are correct. Unfortunately, this is a specific appliance and there is no way to fix it (manufacturer is gone).
> Furthermore, ZwGetDevicePowerState relies on the power state reported by the PDO…
Also correct. However, I checked under debugger that ZwGetDevicePowerState reports power state of device correctly. When I hard-code the corresponding SSDT index, everything works fine.
Now I need a practical way to retrieve this address automatically. Any suggestion?
Al
If you control the alliance / install state of the system, install a lower filter between the fdo and pdo. From the filter you can monitor power state and report it back to your driver. No polling, all async as it happens.
Bent from my phone
From: xxxxx@lists.osr.com on behalf of xxxxx@hotmail.com
Sent: Thursday, December 14, 2017 2:17:40 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] Address of ZwGetDevicePowerState
Hi Doron,
>> Your third party driver has a bug. … Get the third party driver fixed.
You are correct. Unfortunately, this is a specific appliance and there is no way to fix it (manufacturer is gone).
>> Furthermore, ZwGetDevicePowerState relies on the power state reported by the PDO…
Also correct. However, I checked under debugger that ZwGetDevicePowerState reports power state of device correctly. When I hard-code the corresponding SSDT index, everything works fine.
Now I need a practical way to retrieve this address automatically. Any suggestion?
Al
—
NTDEV is sponsored by OSR
Visit the list online at: https:
MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at https:
To unsubscribe, visit the List Server section of OSR Online at https:</https:></https:></https:>
Hi Doron,
Yes, I can do it. However, I’m working on the small function-specific driver for quite limited market. In this particular case, it is not worth it create a second driver, go via testing, approval, maintain etc. It will be much easier to check power state of the device directly. That’s why I asked for a suggestion: is there a simple way to locate an address for ZwGetDevicePower state function - this is sufficient for the task. Btw, the driver is supposed to work on any Windows OS from XP to Win10. As you understand, there is no problem to get function address on older Windows versions.
With best regards,
Al
you are going to waste more time trying to implement your hack than it
would take to put a filter on top of your “third party device” to record
its power state.
Mark Roddy
On Thu, Dec 14, 2017 at 5:52 PM, xxxxx@hotmail.com
wrote:
> Hi Doron,
>
> Yes, I can do it. However, I’m working on the small function-specific
> driver for quite limited market. In this particular case, it is not worth
> it create a second driver, go via testing, approval, maintain etc. It will
> be much easier to check power state of the device directly. That’s why I
> asked for a suggestion: is there a simple way to locate an address for
> ZwGetDevicePower state function - this is sufficient for the task. Btw, the
> driver is supposed to work on any Windows OS from XP to Win10. As you
> understand, there is no problem to get function address on older Windows
> versions.
>
> With best regards,
>
> Al
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer>
></http:></http:>