Ch 4. Drivers and Kernel-Mode Objects - PowerPoint PPT Presentation

1 / 43

About This Presentation

Title:

Ch 4. Drivers and Kernel-Mode Objects

Description:

Title: Module 1: Introduction Author: Marilyn Turnamian Last modified by: Created Date: 2/7/2000 7:26:30 PM Document presentation format – PowerPoint PPT presentation

Number of Views:65

Avg rating:3.0/5.0

Slides: 44

Provided by: Marily539

Category:

more less

Transcript and Presenter's Notes

Title: Ch 4. Drivers and Kernel-Mode Objects

1
Ch 4. Drivers and Kernel-Mode Objects
2
Contents

Data Objects and Windows 2000
I/O Request Packets (IRPs)
Objects of Kernel-Mode
Summary

3
1. Data Objects and Windows 2000
4
Data Objects and Windows 2000

Object-Oriented Programming ??? Win2K
??(Object) ??
????? ??(Object) ??? ??
???, ???, ???, ????, ???, ??? ??

User mode
Handle
Kernel mode

Device Object
Driver Object
Controller Object
Adapter Object
Interrupt Object
Object manager
Figure 1.1 Object-Oriented Programming ??? Win2K
5
Windows 2000 Objects and Win32 Objects

User-mode ?? / ?? OS?? ??
User-mode ?? ?? ??? Handle? ????? ??
Kernel ?? External Name? ??? ??
??? Pointer? ?? ??

6
The Layers of Win2K Operating System
Applications
Win32 API calls
Win32 Subsystem
User mode
System service interface
Handle
Kernel mode
I/O Manager
Execution
Object Manager
IRP
IRP
Device Driver
IRP passed to driver dispatch routine
Kernel
IRP
Object
IRP
HAL calls
Hardware Abstraction Layer
Platform-specific operations
Hardware
Figure 1.2 Win2K? ??? ??? ??
7
2. I/O Request Packet (IRPs)
8
I/O Request Packets (IRPs)

Win2K?? ?? ?? ???? I/O??? ??
I/O ?????? ???? ? ??
IRP? I/O system? I/O???? ??? ??? ???? ??

9
Simplified Model of IRP Processing
User Space
Request ?? ?, IRP ?? ?? ??
I/O Request
I/O Manager
nonpaged ??? ???
IRP
IRP ??
DEVICE
???? ??
Driver Routine
Start I/O Entry
Interrupt Service Entry
DPC
IRP ??
DpcForIsr IRP ?? ?? ??
???? ?? ??
Interrupt
Figure 2.1 IRP Processing Simple Model
10
Layout of an IRP

IRP Header
I/O Stack Locations

Figure 2.2 Structure of an IRP
11
IRP Header

IRP Header

IRP Header Fields IRP Header Fields
Field Description
IO_STATUS_BLOCK IoStatus I/O Operation? ?? ??? ?? ??? ??? ??.
PVOID AssociatedIrp.SystemBuffer Device? Buffered I/O? ???? ???? Buffer? ??? ?? ??.
PMDL MdlAddress Direct I/O? ??? ? ? ?????? User-space ???Memory Descriptor List? ???? ??? ??.
PVOID UserBuffer I/O Buffer? User-space ??
BOOLEAN Cancel IRP? ?????? ??? ??? ???
Table 2.1 Externally Visible Fields of an IRP
Header
12
I/O Stack Locations(1)

I/O Stack Locations

IO_STACK_LOCATION, PIO_STACK_LOCATION IO_STACK_LOCATION, PIO_STACK_LOCATION
Filed Contents
UCHAR MajorFunction IRP_MJXXX?? ???? ??.
UCHAR MinorFunction File System?? SCSI????? ??? ??????.
Union Paramenters MajorFunction Code? ?? Union??
struct Read IRP_MJ_READ? ?? ???? ULONG Length ULONG Key LARGE_INTEGER ByteOffset
Table 2.2.1 Selected Contents of IRP Stack
Location
13
I/O Stack Locations(2)

I/O Stack Locations

IO_STACK_LOCATION, PIO_STACK_LOCATION IO_STACK_LOCATION, PIO_STACK_LOCATION
Filed Contents
struct Write IRP_MJ_WRITE? ?? ???? ULONG Length ULONG Key LARGE_INTEGER ByteOffset
struct DeviceIOControl IRP_MJ_DEVICE_CONTROL ?? ???? ULONG OutputBufferLength ULONG InputBufferLength ULONG IoControlCode PVOID Ttpe3InputBuffer
struct Others PVOID Argument1-Argument4
PDEVICE_OBJECT DeviceObject I/O Request? ?? ???? ??
PFILE_OBJECT FileOnject ??? ??? File Object
Table 2.2.2 Selected Contents of IRP Stack
Location
14
Manipulating IRPs

IRPs as a whole
IRP Stack Locations

15
IRPs as a whole

IRPs as a whole

IRP Access Functions IRP Access Functions IRP Access Functions
Function Description Called by
IoStartPacket IRP? Start I/O routine?? ?? Dispatch
IoCompleteRequest ?? ??? ???? ??? ? DpcForIsr
IoStartNextPacket ?? IRP? Start I/O routine?? ?? DpcForIsr
IoCallDriver IRP ?? driver? ?? ? Dispatch
IoAllocateIrp ??? IRP? ??? ? Dispatch
IoFreeIrp ????? ??? IRP? ??? ? I/O Completion
Table 2.3 Functions that Work with the Whole IRP
16
IRP Stack Locations

IRP Stack Locations

IO_STACK_LOCATION Functions IO_STACK_LOCATION Functions IO_STACK_LOCATION Functions
Function Description Called by
IoGetCurrentIrpStackLocation ???? Stack ??? ?? ???? ??? ? ? (Various)
IoMarkIrpPending ???? Stack ??? ? ??? ??? ??? ??? ??? ? Dispatch
IoGetNextIrpStackLocation ?? ?? ????? Stack ??? ?? ???? ??? ? ? Dispatch
IoSetNextIrpStackLocation I/O Stack Pointer? ? ?? Push Dispatch
IoSetCompleteRoutine ?? ?? ????? I/O Stack ??? I/O ?? ??? ??? ? Dispatch
Table 2.4 IO_STACK_LOCATION Access Functions
17
3. Objects of Kernel-Mode
18
Driver Objects

Driver Object Driver? ?? ???? ?? ???? ?? ??
I/O Manager? Driver? ???? ?? ??? ?? ? ?? Device?
???? Driver Object? ????.

19
The Life of Driver Objects
I/O Manager Call DriverEntry
Driver Object
Drivers
Drivers
Drivers
Load
Create object
Driver Object? ??
DEVICE
Driver Object
IRP
??
I/O Manager
Dispatch Routine
()
call
Figure 3.1 The life of deriver object
20
Layout of a Driver Object(1)
Figure 3.2 The driver object
21
Layout of a Driver Object(2)
Driver Object Fields Driver Object Fields
Field Description
PDRIVER_STARTIO DriverStartIo Driver? Start I/O Routine? ?? ??
PDRIVER_UNLOAD DriverUnload Drivers Unload Routine? ?? ??
PDRIVER_DISPATCH MajorFunction Drivers Dispatch Routines?? ???, I/O ?? ??? ?? ????
PDEVICE_IOBJECT DeviceObject ? Driver? ?? ??? Device Object?? ?? ???
Table 3.1 Externally Visible Fields of a Driver
Object
22
Device Objects and Device Extensions

Device Object ????? ??? ??? ?? ??? ??

Driver Object
Device Object
HAL
Physical DEVICE
Virtual DEVICE
Figure 4.1 The device object and driver object
23
The Life of Device Objects
I/O Manager
I/O Request Packet
I/O Manager Call DriverEntry
Device Object
DEVICE
Device Object
Driver Object
WDM Driver AddDevice Plug and Play
()
()
Create object
HAL
DEVICE
Dispatch Routine
(a)
(b)
Figure 4.2 The life of device objects
24
Layout of a Device Object(1)
Figure 4.3 The device object
25
Layout of a Device Object(2)
Device Object Fields Device Object Fields
Field Description
PVOID DeviceExtension Device Extension ???? ?? ???
PDRIVER_OBJECT DriverObject Driver Object? ?? Device Object? ???
ULONG Flags Device? Buffering Strategy? ?? DO_BUFFERD_IO DO_DIRECT_IO
PDEVICE_OBJECT NextDevice ? Driver? ??? ?? ? Device? ?? ???
CCHAR StackSize ? Device?? ?? IRP? ?? ??? I/O Stack Location? ?? ??
ULONG AlignmentRequirement Buffer? ?? ???? Memory ??
Table 4.1 Externally Visible Fields of a Device
Object
26
Manipulating Device Objects
Device Object Access Functions Device Object Access Functions Device Object Access Functions
Function Description Called By
IoCreateDevice Device Object? ?? DriverEntry or AddDevice
IoCreateSymbolicLink Win32 ??? Device Object? ??? ?? ? DriverEntry or AddDevice
IoAttachDevice Device Object? ??? ??? ? DriverEntry or AddDevice
IoAttachDeviceByPointer Device Object? ??? ??? ? DriverEntry or AddDevice
IoGetDeviceObjectPointer Device Object? Pointer? ??? ? ? DriverEntry or AddDevice
IoCallDriver ?? Driver? IRP ??? ?? ? Dispatch
IoDetachDevice ?? Device? ?? Device Object? ??? ?? ? Unload or RemoveDevice
IoDeleteSymbolicLink Win32 namespace ??? Device Object? ?? Unload or RemoveDevice
IoDeleteDevice ??????? Device Object? ?? Unload or RemoveDevice
Table 4.2 Access Functions for a Device Object
27
Device Extensions

Device Object? ?? Back Pointer
Device? ??? Driver Context ??
Interrupt Object? Interrupt ?? ???? ?? Pointer
Controller Object? ?? ???
Adapter Object? Mapping ?????? ???? ?? Pointer

? Device Extensions? Driver ?????, Extension?
???? Driver? ?? ?? ?? ??
typedef struct _DEVICE_EXTENSION PDEVICE_OBJECT DeviceObject // other driver-specific declarations DEVICE_EXTENSION, PDEVICE_EXTRENSION
Table 4.3 Device Extension
28
Controller Objects and Controller Extensions

Driver? ?? ??? Device?? ???? ?? ??? ??? ??? ????
??? ??? ??? ???? ?? ??
Controller Object? ??? ??? ????? ???? Mutex? ????
?.

Driver Object1
??? ??
I/O Manager
Device Object1
Controller Object
Driver Object2
Block
Device Object2
Figure 5.1 The outline of controller object
29
The Life of Controller Objects
Driver Object
Driver Object
DriverEntry (or AddDevice)
DriverEntry (or AddDevice)
Device Object
Device Object
unload
ControllerControl
Device Ext.
Device Ext.
Controller Object
Start I/O
??? ??
Block
DpcForIsr
Figure 5.2 The life of controller objects
30
Layout of a Controller Object
Figure 5.3 The controller object
31
Manipulating Controller Objects
Controller Object Access Functions Controller Object Access Functions Controller Object Access Functions
Function Description Call by
IoCreateController Controller Object? ?? Driver Entry or AddDevice
IoAllocateController Controller? ??? ???? ?? Start I/O
IoFreeController Controller? ???? ?? DpcForIsr
IoDeleteController ??????? Controller Object? ?? Unload or Remove Device
Table 5.1 Access Functions fro a Controller
Object
32
Controller Extensions

Interrupt? Adapter Object? ??? ?? ???

? Controller Extensions? Driver ?????, Extension?
???? Driver? ?? ?? ?? ??
typedef struct _CONTROLLER_EXTENSION // back pointer PCONTROLLER_OBJECT ControllerObject // other driver-specific declarations CONTROLLER_EXTENSION, PCONTEROLLER_EXTENSION
Table 5.2 Controller extension
33
Adapter Objects

I/O Manager? Adapter Object? ???? DMA ????? ??
?????? ??? ???.
?? Device? Programmed I/O?? ???? Adapter Object?
?? ??.
Mapping ????? ??

34
The Life of Adapter Objects
Memory
Device or Controller Extension
Adapter Object
DMA Channel
DriverEntry (or AddDevice)
I/O Manager
Address Mapping
HAL
DMA DEVICE
Figure 6.1 The life of adapter object
35
Layout of an Adapter Object
Figure 6.2 The adapter object
36
Manipulating Adapter Objects
Adapter Object Access Functions Adapter Object Access Functions Adapter Object Access Functions
Function Description Call by
IoGetDmaAdapter Adapter Object? ?? ???? ?? ? DriverEntry or AddDevice
AllocateAdpaterChannel DMA H/W? ??? ???? ?? Start I/O
MapTransfer ??? ??? ?? DMA H/W? ?? Adapter Control/DpcForIsr
FlushAdapterBuffers ??? ?? ?? ??? ???? ?? DpcForIsr
FreeMapRegisters Map Registers? ?? DpcForIsr
FreeAdapterChannel Adapter Object? ?? DpcForIsr
Table 6.1 Access Functions fro a Adapter Object
37
Interrupt Objects

Kernel Interrupt Dispatcher?? Interrupt ??? ???
Service Routine? ?? ? ?? ??? ??

Kernel Interrupt Dispatcher
Interrupt
Interrupt Object
Interrupt Routine
Figure 7.1 The outline of interrupt object
38
The Life of Interrupt Objects
DriverEntry or AddDevice
Kernel Interrupt Dispatcher
Interrupt
Interrupt Object
Interrupt Routine
Unload or RemoveDevice
Figure 7.2 The life of interrupt object
39
Layout of an Interrupt Object
Figure 7.2 The Interrupt object
40
Manipulating Interrupt Objects
Interrupt Object Access Functions Interrupt Object Access Functions Interrupt Object Access Functions
Function Description Called by
HalGetInterruptVector ?? ?? ???? ??? ??? ????? ?? DriverEntry
IoConnectInterrupt Interrupt Service Routine ? Interrupt Object? ???? DriverEntry or AddDevice
KeSynchronizeExecution ?? IRQL?? ???? Driver Routine? ??? (Various)
IoDisconnectInterrupt Interrupt Object? ?? Unload or RemoveDevice
Table 7.1 Access Functions fro a Interrupt Object
41
???? Device? I/O ??
User-mode
Handle
I/O Request
Kernel-mode
I/O Manager
Object Manager
Memory
I/O Request Packet(IRPs)
Device Driver
Driver Object
DriverEntry
Start I/O
DMA Channel
Dev Object
Controller Object
Adapter Object
Interrupt Object
Dev Extension
Controller Extension
DriverEntry or AddDevice
HAL
Hardware Abstraction Layer
Set or PnP
Hardware Device
42
4. Summary
43
Summary