不管是USB或者8042或者虚拟的Keyboard/Mouse，设备栈最上层都是Kbdclass或者Mouclass，操作系统会专门有个现成不停的向设备栈发送Read IRP。

kd> !devstack 80d8eaa0 

  !DevObj   !DrvObj            !DevExt   ObjectName

> 80d8eaa0  \Driver\Kbdclass   80d8eb58  KeyboardClass0

  80d8ec88  \Driver\i8042prt   80d8ed40 

  80ef9190  \Driver\ACPI       80f0b500  0000003d

Kbdclass或者Mouclass会在IRP_MJ_READ的Dispatch中判断缓冲区是否有数据，这个缓冲区是由Kbdclass或者Mouclass分配的。但是谁向这个缓冲区发送数据呢？答案是下层的具体设备。Kbdclass或者Mouclass初始化的时候会向下层设备发送IOCTL_INTERNAL_KEYBOARD_CONNECT消息，目的是把自己的ClassCallback传到底层驱动。底层驱动根据需要，会调用这个ClassCallback(KeyboardClassServiceCallback)，它的作用就是向缓冲区发送数据。(有些黑客软件就是找到这个函数的入口地址，然后模拟发送数据)。

下面是USB键盘调用KeyboardClassServiceCallback的call stack

kd> kv

ChildEBP RetAddr  Args to Child             

805515b8 f7af1ccd ffb60a30 80d24a50 80d24a5c kbdclass!KeyboardClassServiceCallback (FPO: [Non-Fpo])

805515dc fae5eace 00000001 805515f8 00000001 kbdhid!KbdHid_InsertCodesIntoQueue+0x8b (FPO: [Non-Fpo])

805515f0 fae5ec5c 00000045 00000001 f7af1c42 HIDPARSE!HidP_KbdPutKey+0x30 (FPO: [Non-Fpo])

80551614 fae5eb3a fae5f428 0000000a f7af1c42 HIDPARSE!HidP_ModifierCode+0x82 (FPO: [Non-Fpo])

80551638 fae5ee3a ffa60053 00000001 ffa6dda8 HIDPARSE!HidP_TranslateUsage+0x60 (FPO: [Non-Fpo])

80551668 f7af1f4e ffa6de7d 0000000e 00000001 HIDPARSE!HidP_TranslateUsageAndPagesToI8042ScanCodes+0x64 (FPO: [Non-Fpo])

8055169c 804e52cc 00000000 019de008 80d249b0 kbdhid!KbdHid_ReadComplete+0x1a6 (FPO: [Non-Fpo])

805516cc fadade70 805516d4 805516d4 ffb9a020 nt!IopfCompleteRequest+0xa2 (FPO: [Non-Fpo])

805516e8 fadae044 02b9a008 ffb7da50 00000009 HIDCLASS!HidpDistributeInterruptReport+0xae (FPO: [Non-Fpo])

80551728 804e52cc 00000000 ffbcb008 80d66cdc HIDCLASS!HidpInterruptReadComplete+0x17a (FPO: [Non-Fpo])

80551758 f9828ee5 ffbcb008 ffa01e18 80d80028 nt!IopfCompleteRequest+0xa2 (FPO: [Non-Fpo])

805517c0 f9829b57 80da8b70 00000000 80d807d8 USBPORT!USBPORT_CompleteTransfer+0x373 (FPO: [Non-Fpo])

805517f0 f982a754 026e6f44 80d800e0 80d800e0 USBPORT!USBPORT_DoneTransfer+0x137 (FPO: [Non-Fpo])

80551828 f982bf6a 80d80028 804e4579 80d80230 USBPORT!USBPORT_FlushDoneTransferList+0x16c (FPO: [Non-Fpo])

80551854 f9839fb0 80d80028 804e4579 80d80028 USBPORT!USBPORT_DpcWorker+0x224 (FPO: [Non-Fpo])

80551890 f983a128 80d80028 00000001 8055a580 USBPORT!USBPORT_IsrDpcWorker+0x37e (FPO: [Non-Fpo])

805518ac 804dd179 80d8064c 6b755044 00000000 USBPORT!USBPORT_IsrDpc+0x166 (FPO: [Non-Fpo])

805518d0 804dd0ed 00000000 0000000e 00000000 nt!KiRetireDpcList+0x46 (FPO: [0,0,0])

805518d4 00000000 0000000e 00000000 00000000 nt!KiIdleLoop+0x26 (FPO: [0,0,0])