Yes, I am sure. I owned kbdclass, mouclass, i8042prt, kbdhid, mouhid…essentially the entire input stack for many years.
This is a little unclear. It seems to be saying that Win32 directly opens the keyboard devices themselves, but in reality, it’s the case that Win32 opens all the keyboard devices >via the kbdclass device.
You are a bit confused here. while there are many drivers in the stack, they are treated as one device stack. Just b/c there is a port driver and kbdclass layered on top of does not mean they are separately addressable. Yes a vendor driver could combine the functionality of a keyboard port and the class driver and support the kbdclass top level interfaces, but in 10 years I have never seen anyone have the need to do this.
“If there is a grandmaster device, Kbdclass normally sets the keyboard indicators of all the subordinate class devices to a global setting. This operation is controlled by the >registry entry value SendOutputToAllPorts under the key HKLM\Services\CurrentControlSet\Kbdclass|Parameters. If SendOutputToAllPorts is nonzero, >Kdbclass sets all subordinate class devices to a gobal setting. Otherwise, Kbdclass sets only the device whose unit ID is zero.”
Grandmaster mode is an NT4 legacy behavior that has not been supported since win2k. grandmaster mode creates a single addressable device object (\device\keyboardclass0) and then layers an anonymous (unnamed) device object on each keyboard port, multiplexing i/o in both directions. Nothing in this quote applies to a pnp device stack
But what has me speculating is this: What does it mean that applications cannot open the keyboard devices operated by kbdclass? Does it mean that they actually cannot,
and that attempts to open such devices will result in an access denial? Or is it one of those soft restrictions that are intended to discourage, but there is nothing in place to >prevent it from happening should a programmer decide to do it?
The source for kbdclass is in the wdk. No need to speculate, everything is there for you to see. This is an enforced restriction. Note that this restriction is for read access. If you do not request read access, none of the quote applies. There can be only one reader, that would be the RIT.
In any case, I’m still somewhat skeptical that Device\KeyboardClass0 is a symbolic link to the vendor driver itself. If this opens the class driver, AND USB keyboards aren’t
getting any input to the thread, then the class driver cannot be present at the top of the device stack for the USB keyboard, which means that the PNP manager cannot be the >only agent responsible for setting up the keyboard class driver as the parent device to USB keyboards.
Sorry, but I have no idea where you are getting this from. Connect a debugger (I think this would work in livekd even), run “!devnode 0 1 kbdhid” and then “!devstack [pdo]” on the PDo reported by !devnode. \Device\KeyboardClass0 is not a symbolic link, it is the name of a device object. Usb keyboards are no different than any other connected device. the output of !devstack will show you this. this is a sample stack for a ps2 mouse (http://blogs.msdn.com/doronh/archive/2006/03/15/552301.aspx)
0: kd> !devstack 8213c3d0
!DevObj !DrvObj !DevExt ObjectName
8213b030 \Driver\Mouclass 8213b0e8 PointerClass0 <–in a keyboard stack, this would be \Driver\kbdclass and the object name would be KeyboardClassX
8213c250 \DRIVER\VERIFIER 8213c308 <– ignore verifier devices for this discussion
8213c3d0 \Driver\i8042prt 8213c488 <– this would be \Driver\kbdhid for a usb keyboard, not that the device has no name
8213c820 \DRIVER\VERIFIER 8213c8d8
822923e8 \Driver\ACPI 822b2270 00000050
!DevNode 8228f4c8 :
DeviceInst is “ACPI\PNP0F13\4&1506bb2e&0”
ServiceName is “i8042prt”
d
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Jason Sanchez
Sent: Wednesday, October 31, 2007 9:40 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] Reading USB keyboard through native API
This is pure speculation and completely false. The raw input thread (RIT), the part of win32 that reads raw keyboard input just enumerates instances of the keyboard device interface, opens them and reads from them.
Are you sure about this? Of course, once a read is recieved by the vendor driver itself, it’s going to get serviced the way one expects (otherwise it wouldn’t interface properly with the class driver), but this isn’t my point. I’m trying to show that the keyboard class driver sits right above the vendor driver, and that the way Win32 does it, all reads go through the class driver on their way down to the vendor driver. Here’s a quote from MSDN:
“Windows uses Kbdclass as the class driver for all keyboard devices that are installed in a system. The Windows Win32 subsystem opens all keyboard devices for its exclusive use. Applications cannot open the keyboard devices operated by Kbdclass.”
This is a little unclear. It seems to be saying that Win32 directly opens the keyboard devices themselves, but in reality, it’s the case that Win32 opens all the keyboard devices via the kbdclass device. If this weren’t the case, then keyboard class filter drivers that are installed as upper filters of the kbdclass service simply wouldn’t work as IOCTLs IRP_MJ_READs would go to the device, bypassing the class driver. There is more evidence that this is the case, too. Take the IOCTL_KEYBOARD_SET_INDICATORS internal IOCTL as an example. here’s a quote:
“If there is a grandmaster device, Kbdclass normally sets the keyboard indicators of all the subordinate class devices to a global setting. This operation is controlled by the registry entry value SendOutputToAllPorts under the key HKLM\Services\CurrentControlSet\Kbdclass|Parameters. If SendOutputToAllPorts is nonzero, Kdbclass sets all subordinate class devices to a gobal setting. Otherwise, Kbdclass sets only the device whose unit ID is zero.”
But what has me speculating is this: What does it mean that applications cannot open the keyboard devices operated by kbdclass? Does it mean that they actually cannot, and that attempts to open such devices will result in an access denial? Or is it one of those soft restrictions that are intended to discourage, but there is nothing in place to prevent it from happening should a programmer decide to do it?
In any case, I’m still somewhat skeptical that Device\KeyboardClass0 is a symbolic link to the vendor driver itself. If this opens the class driver, AND USB keyboards aren’t getting any input to the thread, then the class driver cannot be present at the top of the device stack for the USB keyboard, which means that the PNP manager cannot be the only agent responsible for setting up the keyboard class driver as the parent device to USB keyboards.
Help yourself to FREE treats served up daily at the Messenger Caf?. Stop by today!http:
—
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</http:>