Читаем Windows® Internals, Sixth Edition, Part 2 полностью

There are three kinds of requests that can be used through the Power Request API: a system request, a display request, and an “away-mode” request. The first type requests that the system not automatically go to sleep due to the idle timer (although the user can still close the lid to enter sleep, for example), while the second does the same for the display. “Away-mode” is a modification to the normal sleep (S3 state) behavior of Windows, which is used to keep the computer in full powered-on mode but with the display and sound card turned off, making it appear to the user as though the machine is really sleeping. This behavior is normally used only by specialized set-top boxes or media center devices when media delivery must continue even though the user has pressed a physical sleep button, for example. In the future, Windows may support other requests as well.

EXPERIMENT: Viewing a Power Availability Request in the Debugger

Because power availability requests are objects managed by the object manager, applications have handles open to them when calling the PowerCreateRequest API, and Process Explorer is able to find these handles by using the Search DLL/Handle functionality that was introduced in previous chapters.

You can search for “PowerRequest” and find certain services and applications on your machine that have made availability requests. (Drivers will not show up because the kernel API does not use handles.) For example, the Print Spooler (Spoolsvc.exe) and Windows Media Player Network Sharing Service (Wmpntwk.exe) are two Windows services that have availability request objects.

By launching the Poavltst.exe test utility from the Book Tools and searching with Process Explorer, you will also find that it too has a handle open. Use the handle lower-pane view to obtain the kernel address of the object, in this case 0x8544ABF8.

You can then use local kernel debugging to dump the power request object as shown next. Unfortunately, the underlying kernel data structure is not present in the symbol files, so only a hex dump is possible. Nevertheless, the layout of the object is easy to understand: a doubly linked list (the first two pointers), some flags, and then a pointer to the actual request information that the test application supplied, which is highlighted in bold.kd> dc 8544ABF8 855d01a8 819586c0 85448ea0 00000001 00000007 ......D......... 855d01b8 00000000 00000000 00000000 00000000 ................ 855d01c8 b13e9b50

By using the same dump command on the pointer, the power request’s diagnostic reason is visible: “Computation in progress.”kd> dc b13e9b50 b13e9b50 00000001 8556b030 00000000 00000044 ....0.V.....D... b13e9b60 00000001 00000014 00000000 80080001 ................ b13e9b70 00000000 006f0043 0070006d 00740075 ....C.o.m.p.u.t. b13e9b80 00740061 006f0069 0020006e 006e0069 a.t.i.o.n. .i.n. b13e9b90 00700020 006f0072 00720067 00730065 .p.r.o.g.r.e.s

You can also use the dl (dump list) command on the first pointer in the object’s dump to dump a list of all the power requests on the system, which are linked by the PopPowerRequestObjectList symbol in the kernel. This will let you see power requests that Process Explorer cannot locate, such as those created by drivers.

EXPERIMENT: Viewing Power Availability Requests with Powercfg

As you saw, dumping power availability requests requires quite a bit of kernel spelunking. Thankfully, the Powercfg utility provides much of the same capabilities in an easier-to-use command-line version. Here’s the output of the utility while browsing a Windows laptop’s share from another machine, while at the same time playing an MP3 file and launching the Poavltst.exe application:C:\Users\Administrator>powercfg -requests DISPLAY: [PROCESS] \Device\HarddiskVolume1\Users\Administrator\PoAvlTst.exe Computation in progress [PROCESS] \Device\HarddiskVolume1\Program Files\Windows Media Player\wmplayer.exe SYSTEM: [DRIVER] Parallels Audio Controller (x32) (PCI\VEN_8086&DEV_2445&SUBSYS_04001AB8&REV_02\3& 11583659&0&FC) An audio stream is currently in use. [DRIVER] \FileSystem\srvnet An active remote client has recently sent requests to this machine. [PROCESS] \Device\HarddiskVolume1\Program Files\Windows Media Player\wmplayer.exe AWAYMODE: None.

Note the same “Computation in progress” string, as well as the fact that the SMB driver and the audio driver are also requesting power availability and have indicated their reason for doing so. Windows Media Player, on the other hand, continues to use the legacy API, so no information about the reason is available.

Processor Power Management (PPM)

Перейти на страницу:

Похожие книги