理解驱动对象（DriverObject）

nowayings

        每个驱动程序都会有唯一一个驱动对象表示，驱动对象是对驱动程序的实例化。她由Ring0层的执行体组件中的IO管理器负责加载，并且每个驱动只加载一个实例。在wdm.h头文件中。DriverObject结构如下：

1. typedef struct _DRIVER_OBJECT {
   
2.     CSHORT Type;
   
3.     CSHORT Size;
   
4. 
   
5.     //
   
6.     // The following links all of the devices created by a single driver
   
7.     // together on a list, and the Flags word provides an extensible flag
   
8.     // location for driver objects.
   
9.     //
   
10. 
    
11.     PDEVICE_OBJECT DeviceObject;
    
12.     ULONG Flags;
    
13. 
    
14.     //
    
15.     // The following section describes where the driver is loaded.  The count
    
16.     // field is used to count the number of times the driver has had its
    
17.     // registered reinitialization routine invoked.
    
18.     //
    
19. 
    
20.     PVOID DriverStart;
    
21.     ULONG DriverSize;
    
22.     PVOID DriverSection;
    
23.     PDRIVER_EXTENSION DriverExtension;
    
24. 
    
25.     //
    
26.     // The driver name field is used by the error log thread
    
27.     // determine the name of the driver that an I/O request is/was bound.
    
28.     //
    
29. 
    
30.     UNICODE_STRING DriverName;
    
31. 
    
32.     //
    
33.     // The following section is for registry support.  Thise is a pointer
    
34.     // to the path to the hardware information in the registry
    
35.     //
    
36. 
    
37.     PUNICODE_STRING HardwareDatabase;
    
38. 
    
39.     //
    
40.     // The following section contains the optional pointer to an array of
    
41.     // alternate entry points to a driver for "fast I/O" support.  Fast I/O
    
42.     // is performed by invoking the driver routine directly with separate
    
43.     // parameters, rather than using the standard IRP call mechanism.  Note
    
44.     // that these functions may only be used for synchronous I/O, and when
    
45.     // the file is cached.
    
46.     //
    
47. 
    
48.     PFAST_IO_DISPATCH FastIoDispatch;
    
49. 
    
50.     //
    
51.     // The following section describes the entry points to this particular
    
52.     // driver.  Note that the major function dispatch table must be the last
    
53.     // field in the object so that it remains extensible.
    
54.     //
    
55. 
    
56.     PDRIVER_INITIALIZE DriverInit;
    
57.     PDRIVER_STARTIO DriverStartIo;
    
58.     PDRIVER_UNLOAD DriverUnload;
    
59.     PDRIVER_DISPATCH MajorFunction[IRP_MJ_MAXIMUM_FUNCTION + 1];
    
60. 
    
61. } DRIVER_OBJECT;

复制代码

DeviceObject：每个驱动会有一个或者多个设备对象。这些设备对象通过链表的方式组织。每个设备对象有一nextDevice的指针指向链表的下一个设备对象。但是注意：驱动对象里面的这个DeviceObject相当设备链表的头节点。他指向的是：本驱动程序自己创建的第一个设备对象。

DriverName:驱动的名字

DriverStartIO：处理多个irp的时候。需要这个来序列化。

DriverUnload：卸载驱动的时候的回调函数。

Driverextension：驱动的扩展。和设备的扩展差不多。

majorFunction:IRP派遣函数。这个感觉也相当于回调。只不过是向操作系统注册IRP的处理函数。

Flag：标志位。

谦虚求学

好文章顶下