理解驱动对象(DriverObject)
每个驱动程序都会有唯一一个驱动对象表示,驱动对象是对驱动程序的实例化。她由Ring0层的执行体组件中的IO管理器负责加载,并且每个驱动只加载一个实例。在wdm.h头文件中。DriverObject结构如下:typedef struct _DRIVER_OBJECT {
CSHORT Type;
CSHORT Size;
//
// The following links all of the devices created by a single driver
// together on a list, and the Flags word provides an extensible flag
// location for driver objects.
//
PDEVICE_OBJECT DeviceObject;
ULONG Flags;
//
// The following section describes where the driver is loaded.The count
// field is used to count the number of times the driver has had its
// registered reinitialization routine invoked.
//
PVOID DriverStart;
ULONG DriverSize;
PVOID DriverSection;
PDRIVER_EXTENSION DriverExtension;
//
// The driver name field is used by the error log thread
// determine the name of the driver that an I/O request is/was bound.
//
UNICODE_STRING DriverName;
//
// The following section is for registry support.Thise is a pointer
// to the path to the hardware information in the registry
//
PUNICODE_STRING HardwareDatabase;
//
// The following section contains the optional pointer to an array of
// alternate entry points to a driver for "fast I/O" support.Fast I/O
// is performed by invoking the driver routine directly with separate
// parameters, rather than using the standard IRP call mechanism.Note
// that these functions may only be used for synchronous I/O, and when
// the file is cached.
//
PFAST_IO_DISPATCH FastIoDispatch;
//
// The following section describes the entry points to this particular
// driver.Note that the major function dispatch table must be the last
// field in the object so that it remains extensible.
//
PDRIVER_INITIALIZE DriverInit;
PDRIVER_STARTIO DriverStartIo;
PDRIVER_UNLOAD DriverUnload;
PDRIVER_DISPATCH MajorFunction;
} DRIVER_OBJECT;
DeviceObject:每个驱动会有一个或者多个设备对象。这些设备对象通过链表的方式组织。每个设备对象有一nextDevice的指针指向链表的下一个设备对象。但是注意:驱动对象里面的这个DeviceObject相当设备链表的头节点。他指向的是:本驱动程序自己创建的第一个设备对象。DriverName:驱动的名字DriverStartIO:处理多个irp的时候。需要这个来序列化。DriverUnload:卸载驱动的时候的回调函数。Driverextension:驱动的扩展。和设备的扩展差不多。majorFunction:IRP派遣函数。这个感觉也相当于回调。只不过是向操作系统注册IRP的处理函数。Flag:标志位。
好文章顶下
页:
[1]