Title: Ch 4. Drivers and Kernel-Mode Objects
1Ch 4. Drivers and Kernel-Mode Objects
2Contents
- Data Objects and Windows 2000
- I/O Request Packets (IRPs)
- Objects of Kernel-Mode
- Summary
31. Data Objects and Windows 2000
4Data Objects and Windows 2000
- Object-Oriented Programming ??? Win2K
- ??(Object) ??
- ????? ??(Object) ??? ??
- ???, ???, ???, ????, ???, ??? ??
User mode
Handle
Kernel mode
Device Object
Driver Object
Controller Object
Adapter Object
Interrupt Object
Object manager
Figure 1.1 Object-Oriented Programming ??? Win2K
5Windows 2000 Objects and Win32 Objects
- User-mode ?? / ?? OS?? ??
- User-mode ?? ?? ??? Handle? ????? ??
- Kernel ?? External Name? ??? ??
- ??? Pointer? ?? ??
6The Layers of Win2K Operating System
Applications
Win32 API calls
Win32 Subsystem
User mode
System service interface
Handle
Kernel mode
I/O Manager
Execution
Object Manager
IRP
IRP
Device Driver
IRP passed to driver dispatch routine
Kernel
IRP
Object
IRP
HAL calls
Hardware Abstraction Layer
Platform-specific operations
Hardware
Figure 1.2 Win2K? ??? ??? ??
72. I/O Request Packet (IRPs)
8I/O Request Packets (IRPs)
- Win2K?? ?? ?? ???? I/O??? ??
- I/O ?????? ???? ? ??
- IRP? I/O system? I/O???? ??? ??? ???? ??
9Simplified Model of IRP Processing
User Space
Request ?? ?, IRP ?? ?? ??
I/O Request
I/O Manager
nonpaged ??? ???
IRP
IRP ??
DEVICE
???? ??
Driver Routine
Start I/O Entry
Interrupt Service Entry
DPC
IRP ??
DpcForIsr IRP ?? ?? ??
???? ?? ??
Interrupt
Figure 2.1 IRP Processing Simple Model
10Layout of an IRP
- IRP Header
- I/O Stack Locations
Figure 2.2 Structure of an IRP
11IRP Header
IRP Header Fields IRP Header Fields
Field Description
IO_STATUS_BLOCK IoStatus I/O Operation? ?? ??? ?? ??? ??? ??.
PVOID AssociatedIrp.SystemBuffer Device? Buffered I/O? ???? ???? Buffer? ??? ?? ??.
PMDL MdlAddress Direct I/O? ??? ? ? ?????? User-space ???Memory Descriptor List? ???? ??? ??.
PVOID UserBuffer I/O Buffer? User-space ??
BOOLEAN Cancel IRP? ?????? ??? ??? ???
Table 2.1 Externally Visible Fields of an IRP
Header
12I/O Stack Locations(1)
IO_STACK_LOCATION, PIO_STACK_LOCATION IO_STACK_LOCATION, PIO_STACK_LOCATION
Filed Contents
UCHAR MajorFunction IRP_MJXXX?? ???? ??.
UCHAR MinorFunction File System?? SCSI????? ??? ??????.
Union Paramenters MajorFunction Code? ?? Union??
struct Read IRP_MJ_READ? ?? ???? ULONG Length ULONG Key LARGE_INTEGER ByteOffset
Table 2.2.1 Selected Contents of IRP Stack
Location
13I/O Stack Locations(2)
IO_STACK_LOCATION, PIO_STACK_LOCATION IO_STACK_LOCATION, PIO_STACK_LOCATION
Filed Contents
struct Write IRP_MJ_WRITE? ?? ???? ULONG Length ULONG Key LARGE_INTEGER ByteOffset
struct DeviceIOControl IRP_MJ_DEVICE_CONTROL ?? ???? ULONG OutputBufferLength ULONG InputBufferLength ULONG IoControlCode PVOID Ttpe3InputBuffer
struct Others PVOID Argument1-Argument4
PDEVICE_OBJECT DeviceObject I/O Request? ?? ???? ??
PFILE_OBJECT FileOnject ??? ??? File ObjectÂ
Table 2.2.2 Selected Contents of IRP Stack
Location
14Manipulating IRPs
- IRPs as a whole
- IRP Stack Locations
15IRPs as a whole
IRP Access Functions IRP Access Functions IRP Access Functions
Function Description Called by
IoStartPacket IRP? Start I/O routine?? ?? Dispatch
IoCompleteRequest ?? ??? ???? ??? ? DpcForIsr
IoStartNextPacket ?? IRP? Start I/O routine?? ?? DpcForIsr
IoCallDriver IRP ?? driver? ?? ? Dispatch
IoAllocateIrp ??? IRP? ??? ? Dispatch
IoFreeIrp ????? ??? IRP? ??? ? I/O Completion
Table 2.3 Functions that Work with the Whole IRP
16IRP Stack Locations
IO_STACK_LOCATION Functions IO_STACK_LOCATION Functions IO_STACK_LOCATION Functions
Function Description Called by
IoGetCurrentIrpStackLocation ???? Stack ??? ?? ???? ??? ? ? (Various)
IoMarkIrpPending ???? Stack ??? ? ??? ??? ??? ??? ??? ? Dispatch
IoGetNextIrpStackLocation ?? ?? ????? Stack ??? ?? ???? ??? ? ? Dispatch
IoSetNextIrpStackLocation I/O Stack Pointer? ? ?? Push Dispatch
IoSetCompleteRoutine ?? ?? ????? I/O Stack ??? I/O ?? ??? ??? ? Dispatch
Table 2.4 IO_STACK_LOCATION Access Functions
173. Objects of Kernel-Mode
18Driver Objects
- Driver Object Driver? ?? ???? ?? ???? ?? ??
- I/O Manager? Driver? ???? ?? ??? ?? ? ?? Device?
???? Driver Object? ????.
19The Life of Driver Objects
I/O Manager Call DriverEntry
Driver Object
Drivers
Drivers
Drivers
Load
Create object
Driver Object? ??
DEVICE
Driver Object
IRP
??
I/O Manager
Dispatch Routine
()
call
Figure 3.1 The life of deriver object
20Layout of a Driver Object(1)
Figure 3.2 The driver object
21Layout of a Driver Object(2)
Driver Object Fields Driver Object Fields
Field Description
PDRIVER_STARTIO DriverStartIo Driver? Start I/O Routine? ?? ??
PDRIVER_UNLOAD DriverUnload Drivers Unload Routine? ?? ??
PDRIVER_DISPATCH MajorFunction Drivers Dispatch Routines?? ???, I/O ?? ??? ?? ????
PDEVICE_IOBJECT DeviceObject ? Driver? ?? ??? Device Object?? ?? ???
Table 3.1 Externally Visible Fields of a Driver
Object
22Device Objects and Device Extensions
- Device Object ????? ??? ??? ?? ??? ??
Driver Object
Device Object
HAL
Physical DEVICE
Virtual DEVICE
Figure 4.1 The device object and driver object
23The Life of Device Objects
I/O Manager
I/O Request Packet
I/O Manager Call DriverEntry
Device Object
DEVICE
Device Object
Driver Object
WDM Driver AddDevice Plug and Play
()
()
Create object
HAL
DEVICE
Dispatch Routine
(a)
(b)
Figure 4.2 The life of device objects
24Layout of a Device Object(1)
Figure 4.3 The device object
25Layout of a Device Object(2)
Device Object Fields Device Object Fields
Field Description
PVOID DeviceExtension Device Extension ???? ?? ???
PDRIVER_OBJECT DriverObject Driver Object? ?? Device Object? ???
ULONG Flags Device? Buffering Strategy? ?? DO_BUFFERD_IO DO_DIRECT_IO
PDEVICE_OBJECT NextDevice ? Driver? ??? ?? ? Device? ?? ???
CCHAR StackSize ? Device?? ?? IRP? ?? ??? I/O Stack Location? ?? ??
ULONG AlignmentRequirement Buffer? ?? ???? Memory ??
Table 4.1 Externally Visible Fields of a Device
Object
26Manipulating Device Objects
Device Object Access Functions Device Object Access Functions Device Object Access Functions
Function Description Called By
IoCreateDevice Device Object? ?? DriverEntry or AddDevice
IoCreateSymbolicLink Win32 ??? Device Object? ??? ?? ? DriverEntry or AddDevice
IoAttachDevice Device Object? ??? ??? ? DriverEntry or AddDevice
IoAttachDeviceByPointer Device Object? ??? ??? ? DriverEntry or AddDevice
IoGetDeviceObjectPointer Device Object? Pointer? ??? ? ? DriverEntry or AddDevice
IoCallDriver ?? Driver? IRP ??? ?? ? Dispatch
IoDetachDevice ?? Device? ?? Device Object? ??? ?? ? Unload or RemoveDevice
IoDeleteSymbolicLink Win32 namespace ??? Device Object? ?? Unload or RemoveDevice
IoDeleteDevice ??????? Device Object? ?? Unload or RemoveDevice
Table 4.2 Access Functions for a Device Object
27Device Extensions
- Device Object? ?? Back Pointer
- Device? ??? Driver Context ??
- Interrupt Object? Interrupt ?? ???? ?? Pointer
- Controller Object? ?? ???
- Adapter Object? Mapping ?????? ???? ?? Pointer
? Device Extensions? Driver ?????, Extension?
???? Driver? ?? ?? ?? ??
typedef struct _DEVICE_EXTENSION PDEVICE_OBJECT DeviceObject // other driver-specific declarations DEVICE_EXTENSION, PDEVICE_EXTRENSION
Table 4.3 Device Extension
28Controller Objects and Controller Extensions
- Driver? ?? ??? Device?? ???? ?? ??? ??? ??? ????
??? ??? ??? ???? ?? ?? - Controller Object? ??? ??? ????? ???? Mutex? ????
?.
Driver Object1
??? ??
I/O Manager
Device Object1
Controller Object
Driver Object2
Block
Device Object2
Figure 5.1 The outline of controller object
29The Life of Controller Objects
Driver Object
Driver Object
DriverEntry (or AddDevice)
DriverEntry (or AddDevice)
Device Object
Device Object
unload
ControllerControl
Device Ext.
Device Ext.
Controller Object
Start I/O
??? ??
Block
DpcForIsr
Figure 5.2 The life of controller objects
30Layout of a Controller Object
Figure 5.3 The controller object
31Manipulating Controller Objects
Controller Object Access Functions Controller Object Access Functions Controller Object Access Functions
Function Description Call by
IoCreateController Controller Object? ?? Driver Entry or AddDevice
IoAllocateController Controller? ??? ???? ?? Start I/O
IoFreeController Controller? ???? ?? DpcForIsr
IoDeleteController ??????? Controller Object? ?? Unload or Remove Device
Table 5.1 Access Functions fro a Controller
Object
32Controller Extensions
- Interrupt? Adapter Object? ??? ?? ???
? Controller Extensions? Driver ?????, Extension?
???? Driver? ?? ?? ?? ??
typedef struct _CONTROLLER_EXTENSION // back pointer PCONTROLLER_OBJECT ControllerObject // other driver-specific declarations CONTROLLER_EXTENSION, PCONTEROLLER_EXTENSION
Table 5.2 Controller extension
33Adapter Objects
- I/O Manager? Adapter Object? ???? DMA ????? ??
?????? ??? ???. - ?? Device? Programmed I/O?? ???? Adapter Object?
?? ??. - Mapping ????? ??
34The Life of Adapter Objects
Memory
Device or Controller Extension
Adapter Object
DMA Channel
DriverEntry (or AddDevice)
I/O Manager
Address Mapping
HAL
DMA DEVICE
Figure 6.1 The life of adapter object
35Layout of an Adapter Object
Figure 6.2 The adapter object
36Manipulating Adapter Objects
Adapter Object Access Functions Adapter Object Access Functions Adapter Object Access Functions
Function Description Call by
IoGetDmaAdapter Adapter Object? ?? ???? ?? ? DriverEntry or AddDevice
AllocateAdpaterChannel DMA H/W? ??? ???? ?? Start I/O
MapTransfer ??? ??? ?? DMA H/W? ?? Adapter Control/DpcForIsr
FlushAdapterBuffers ??? ?? ?? ??? ???? ?? DpcForIsr
FreeMapRegisters Map Registers? ?? DpcForIsr
FreeAdapterChannel Adapter Object? ?? DpcForIsr
Table 6.1 Access Functions fro a Adapter Object
37Interrupt Objects
- Kernel Interrupt Dispatcher?? Interrupt ??? ???
Service Routine? ?? ? ?? ??? ??
Kernel Interrupt Dispatcher
Interrupt
Interrupt Object
Interrupt Routine
Figure 7.1 The outline of interrupt object
38The Life of Interrupt Objects
DriverEntry or AddDevice
Kernel Interrupt Dispatcher
Interrupt
Interrupt Object
Interrupt Routine
Unload or RemoveDevice
Figure 7.2 The life of interrupt object
39Layout of an Interrupt Object
Figure 7.2 The Interrupt object
40Manipulating Interrupt Objects
Interrupt Object Access Functions Interrupt Object Access Functions Interrupt Object Access Functions
Function Description Called by
HalGetInterruptVector ?? ?? ???? ??? ??? ????? ?? DriverEntry
IoConnectInterrupt Interrupt Service Routine ? Interrupt Object? ???? DriverEntry or AddDevice
KeSynchronizeExecution ?? IRQL?? ???? Driver Routine? ??? (Various)
IoDisconnectInterrupt Interrupt Object? ?? Unload or RemoveDevice
Table 7.1 Access Functions fro a Interrupt Object
41???? Device? I/O ??
User-mode
Handle
I/O Request
Kernel-mode
I/O Manager
Object Manager
Memory
I/O Request Packet(IRPs)
Device Driver
Driver Object
DriverEntry
Start I/O
DMA Channel
Dev Object
Controller Object
Adapter Object
Interrupt Object
Dev Extension
Controller Extension
DriverEntry or AddDevice
HAL
Hardware Abstraction Layer
Set or PnP
Hardware Device
424. Summary
43Summary
- OOP ??? Win2K
- Win2K ? I/O??? Packet(IRPs) ?? ??
- I/O Manager? Device? ???? ?? I/O? ?? ????.
- I/O Manager? I/O? ?? ?? ??? ????.