驱动开发之基本数据结构
根据MSDN的介绍,自己对一些基本结构做一些翻译,帮助自己理解。
驱动对象 DRIVER_OBJECT
1 typedef struct _DRIVER_OBJECT { 2 // 驱动程序的类型 3 CSHORT Type; 4 // Driver_Object结构体大小 5 CSHORT Size; 6 // 指向驱动程序创建的设备对象 7 PDEVICE_OBJECT DeviceObject; 8 // 驱动程序标志 9 ULONG Flags; 10 // 驱动程序映像的起始地址 11 PVOID DriverStart; 12 // 驱动程序映像的大小 13 ULONG DriverSize; 14 // 指向驱动程序映像的内存区对象,可以通过该成员遍历系统中所有的驱动模块 15 PVOID DriverSection; 16 // 指向驱动程序对象的扩展结构 17 PDRIVER_EXTENSION DriverExtension; 18 // 驱动的名称 19 UNICODE_STRING DriverName; 20 // 设备的硬件数据库名,和注册表中的名称一致 21 PUNICODE_STRING HardwareDatabase; 22 // 指向文件系统及网络传输驱动会用到的派遣函数的指针表 23 PFAST_IO_DISPATCH FastIoDispatch; 24 //指向 DriverEntry 函数,这个由 IO 管理器设置 25 PDRIVER_INITIALIZE DriverInit; 26 // 指向 StartIO 例程,用于串行化操作 27 PDRIVER_STARTIO DriverStartIo; 28 // 指向驱动程序的卸载时的回调函数地址 29 PDRIVER_UNLOAD DriverUnload; 30 // 指向驱动函数的派遣函数地址表 31 PDRIVER_DISPATCH MajorFunction[IRP_MJ_MAXIMUM_FUNCTION + 1]; 32 } DRIVER_OBJECT, *PDRIVER_OBJECT;
DeviceObject
指向驱动创建的设备对象的指针。当驱动成功调用IoCreateDevice时,这个成员会自动更新。驱动可以用这个成员和 DEVICE_OBJECT 的 NextDevice 成员去遍历驱动创建的所有设备对象(A driver can use this member and the NextDevice member of DEVICE_OBJECT to step through a list of all the device objects that the driver created.)
DriverExtension
指向驱动扩展的指针。驱动扩展的唯一可访问成员是 DriverExtension->AddDevice,驱动的 DriverEntry 例程存储了驱动的 AddDevice例程。(The only accessible member of the driver extension is DriverExtension->AddDevice, into which a driver's DriverEntry routine stores the driver's AddDevice routine.)
HardwareDatabase
指向路径 \Registry\Machine\Hardware ,在这个注册表路径存储着硬件的配置信息。(Pointer to the \Registry\Machine\Hardware path to the hardware configuration information in the registry.)
FastIoDispatch
指向一个定义驱动的 fast I/O 入口的指针的指针。这个成员仅仅在FSDs个网络传输驱动里面使用。(Pointer to a structure defining the driver's fast I/O entry points. This member is used only by FSDs and network transport drivers.)
DriverInit
由 I/O 管理器设置的 DriverEntry 例程的入口点。(The entry point for the DriverEntry routine, which is set up by the I/O manager.)
DriverStartIo
驱动的 StartIo 例程的入口点。如果有的话,当驱动初始化的时候,DriverEntry将会设置这个值;如果驱动没有 StartIo例程,这个成员就是 NULL。(The entry point for the driver's StartIo routine, if any, which is set by the DriverEntry routine when the driver initializes. If a driver has no StartIo routine, this member is NULL.)
DriverUnload
驱动的卸载例程的入口点。如果有的话,DriverEntry将在驱动初始化的时候设置这个值;如果驱动没有卸载例程,这个成员就是 NULL。(The entry point for the driver's Unload routine, if any, which is set by the DriverEntry routine when the driver initializes. If a driver has no Unload routine, this member is NULL.)
MajorFunction[IRP_MJ_MAXIMUM_FUNCTION + 1]
由驱动的 DispatchXxx 例程的入口点组成的 Dispatch 表。数组的索引值IRP_MJ_XXX 对应着 IRP 主要函数编码。每个驱动都必须给驱动处理的 IRP_MJ_XXX 请求通过这个数组设置入口点。更多信息可以查看 Writing Dispatch Routines。(
A dispatch table consisting of an array of entry points for the driver's DispatchXxx routines. The array's index values are the IRP_MJ_XXX values representing each IRP major function code. Each driver must set entry points in this array for the IRP_MJ_XXX requests that the driver handles. For more information, see Writing Dispatch Routines.)
设备对象 DEVICE_OBJECT
1 typedef struct _DEVICE_OBJECT { 2 // 对象的类型 3 CSHORT Type; 4 // 设备对象结构体的大小 5 USHORT Size; 6 // 设备对象管理的设备的引用计数 7 LONG ReferenceCount; 8 // 设备对象管理的驱动对象 9 struct _DRIVER_OBJECT *DriverObject; 10 // 指向同一驱动程序创建的下一个设备对象的指针 11 struct _DEVICE_OBJECT *NextDevice; 12 // 13 struct _DEVICE_OBJECT *AttachedDevice; 14 // 15 struct _IRP *CurrentIrp; 16 PIO_TIMER Timer; 17 ULONG Flags; 18 ULONG Characteristics; 19 __volatile PVPB Vpb; 20 PVOID DeviceExtension; 21 DEVICE_TYPE DeviceType; 22 CCHAR StackSize; 23 union { 24 LIST_ENTRY ListEntry; 25 WAIT_CONTEXT_BLOCK Wcb; 26 } Queue; 27 ULONG AlignmentRequirement; 28 KDEVICE_QUEUE DeviceQueue; 29 KDPC Dpc; 30 ULONG ActiveThreadCount; 31 PSECURITY_DESCRIPTOR SecurityDescriptor; 32 KEVENT DeviceLock; 33 USHORT SectorSize; 34 USHORT Spare1; 35 struct _DEVOBJ_EXTENSION *DeviceObjectExtension; 36 PVOID Reserved; 37 } DEVICE_OBJECT, *PDEVICE_OBJECT;
type
操作系统用来标识该对象是一个设备对象。对于设备对象,这个成员的值是 3。这是一个只读的成员。(Used by the operating system to indicate that an object is a device object. For device objects, the value of this member is 3. This is a read-only member.)
Size
标识设备对象的大小,以字节为单位。这个大小包含 DeviceExtension 成员指向的驱动程序指定的设备扩展,但不包括 DeviceObjectExtension 成员指向的不透明设备对象扩展。Size 是只读成员。(Specifies the size, in bytes, of the device object. This size includes the driver-specified device extension pointed to by the DeviceExtension member, but does not include the opaque device object extension pointed to by the DeviceObjectExtension member. Size is a read-only member.)
ReferenceCount
IO管理器用于跟踪与设备对象关联的设备的打开句柄的数量。这允许IO管理器避免在驱动程序设备存在未完成的句柄时卸载驱动程序。这是一个只读成员。(Used by the I/O manager to track the number of open handles for the device that are associated with the device object. This allows the I/O manager to avoid unloading a driver when there are outstanding handles for the driver's device(s). This is a read-only member. )
DriverObject
指向驱动程序对象(DRIVER_OBJECT)的指针,该指针标识输入到 DriverEntry 和 AddDevice 例程的驱动程序的加载映像。此成员由 I/O 管理器成功调用 IoCreateDevice 或 IoCreateDeviceSecure 时设置。这是一个只读成员。(A pointer to the driver object (DRIVER_OBJECT), that represents the loaded image of the driver that was input to the DriverEntry and AddDevice routines. This member is set by the I/O manager upon a successful call to IoCreateDevice or IoCreateDeviceSecure. This is a read-only member.)
NextDevice
指向由同一驱动程序创建的下一个设备对象(若有的话)的指针。IO 管理器每次成功调用 IoCreateDevice 或 IoCreateDeviceSecure 时更新此列表。正在卸载的非即插即用(PnP)驱动程序必须遍历其设备对象列表并将其删除。PnP 驱动程序不必遍历此设备对象列表。相反,PnP 驱动程序会在设备删除 PnP 操作(IRP_MN_REMOVE_DEVICE)期间执行清理。动态重新创建其设备对象的驱动重新也使用该成员。这是一个读/写成员。(A pointer to the next device object, if any, that was created by the same driver. The I/O manager updates this list at each successful call to IoCreateDevice or IoCreateDeviceSecure. A non- Plug and Play (PnP) driver that is being unloaded must traverse ("walk") the list of its device objects and delete them. A PnP driver does not have to walk this list of device objects. Instead, PnP drivers perform their cleanup during the device removal PnP operation (IRP_MN_REMOVE_DEVICE). A driver that recreates its device objects dynamically also uses this member. This is a read/write member.)
Flags
设备驱动程序通过使用下列一个或多个系统定义的值,在新创建的设备对象中对该成员执行按位“或”运算。
文件对象 DEVICE_OBJECT
typedef struct _FILE_OBJECT { CSHORT Type; CSHORT Size; PDEVICE_OBJECT DeviceObject; PVPB Vpb; PVOID FsContext; PVOID FsContext2; PSECTION_OBJECT_POINTERS SectionObjectPointer; PVOID PrivateCacheMap; NTSTATUS FinalStatus; struct _FILE_OBJECT *RelatedFileObject; BOOLEAN LockOperation; BOOLEAN DeletePending; BOOLEAN ReadAccess; BOOLEAN WriteAccess; BOOLEAN DeleteAccess; BOOLEAN SharedRead; BOOLEAN SharedWrite; BOOLEAN SharedDelete; ULONG Flags; UNICODE_STRING FileName; LARGE_INTEGER CurrentByteOffset; __volatile ULONG Waiters; __volatile ULONG Busy; PVOID LastLock; KEVENT Lock; KEVENT Event; __volatile PIO_COMPLETION_CONTEXT CompletionContext; KSPIN_LOCK IrpListLock; LIST_ENTRY IrpList; __volatile PVOID FileObjectExtension; } FILE_OBJECT, *PFILE_OBJECT;
本文来自博客园,作者:Arthurian,转载请注明原文链接:https://www.cnblogs.com/Arthurian/p/16822575.html
欢迎邮件交流:zhuanxinxin@aliyun.com
【推荐】国内首个AI IDE,深度理解中文开发场景,立即下载体验Trae
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全程不用写代码,我用AI程序员写了一个飞机大战
· DeepSeek 开源周回顾「GitHub 热点速览」
· 记一次.NET内存居高不下排查解决与启示
· MongoDB 8.0这个新功能碉堡了,比商业数据库还牛
· .NET10 - 预览版1新功能体验(一)
2017-10-29 Java小实验之数据转换