typedef struct _DRIVER_OBJECT

最新推荐文章于 2024-04-12 10:39:47 发布
最新推荐文章于 2024-04-12 10:39:47 发布
阅读量747 收藏
点赞数
分类专栏: 内核与驱动 文章标签: struct object parameters extension function string
本文详细介绍了DRIVER_OBJECT结构,这是Windows驱动程序中关键的数据结构之一。它包含了驱动程序的各种属性和函数指针,如初始化、卸载函数、设备对象列表等。通过对该结构的理解,开发者可以更好地掌握驱动程序的工作原理。

摘要生成于 C知道 ,由 DeepSeek-R1 满血版支持, 前往体验 >

typedef struct _DRIVER_OBJECT {
    CSHORT Type;
    CSHORT Size;

    //
    // The following links all of the devices created by a single driver
    // together on a list, and the Flags word provides an extensible flag
    // location for driver objects.
    //

    PDEVICE_OBJECT DeviceObject;
    ULONG Flags;

    //
    // The following section describes where the driver is loaded.  The count
    // field is used to count the number of times the driver has had its
    // registered reinitialization routine invoked.
    //

    PVOID DriverStart;
    ULONG DriverSize;
    PVOID DriverSection;
    PDRIVER_EXTENSION DriverExtension;

    //
    // The driver name field is used by the error log thread
    // determine the name of the driver that an I/O request is/was bound.
    //

    UNICODE_STRING DriverName;

    //
    // The following section is for registry support.  Thise is a pointer
    // to the path to the hardware information in the registry
    //

    PUNICODE_STRING HardwareDatabase;

    //
    // The following section contains the optional pointer to an array of
    // alternate entry points to a driver for "fast I/O" support.  Fast I/O
    // is performed by invoking the driver routine directly with separate
    // parameters, rather than using the standard IRP call mechanism.  Note
    // that these functions may only be used for synchronous I/O, and when
    // the file is cached.
    //

    PFAST_IO_DISPATCH FastIoDispatch;

    //
    // The following section describes the entry points to this particular
    // driver.  Note that the major function dispatch table must be the last
    // field in the object so that it remains extensible.
    //

    PDRIVER_INITIALIZE DriverInit;
    PDRIVER_STARTIO DriverStartIo;
    PDRIVER_UNLOAD DriverUnload;
    PDRIVER_DISPATCH MajorFunction[IRP_MJ_MAXIMUM_FUNCTION + 1];

} DRIVER_OBJECT;
typedef struct _DRIVER_OBJECT *PDRIVER_OBJECT;

DRIVER_OBJECT,DEVICE_OBJECT 结构体分析
hushengqiang的专栏
03-13 808
在wdm.h这个头文件中可以看到这两个结构体的定义,下面简单的分析一下结构体中的内容。 DRIVER_OBJECT typedef struct _DRIVER_OBJECT { CSHORT Type; CSHORT Size; //这个驱动生成的设备对象,形成一个链,DeviceObject指向这个链 PDEVICE_OBJECT DeviceO
一个驱动程序头文件Driver.h
raiky的专栏
06-27 3603
/**********************文件名:Driver.h**********************/#pragma once#ifdef __cplusplusextern "C"{#endif#include #ifdef __cplusplus}#endif#define PAGEDCODE code_seg("PAGE")#define LOCKEDCODE code_seg()#define INITCODE code_seg("INIT")#define PAGEDDATA dat
设备对象(DEVICE_OBJECT)-----------------主要成员
weixin_30342827的博客
06-26 195
一、设备对象(DEVICE_OBJECT) kd> dt _device_objectntdll!_DEVICE_OBJECT +0x000 Type : Int2B +0x002 Size : Uint2B +0x004 ReferenceCount : Int4B +0x008 DriverObject : P...
PDEVICE_OBJECT 的定义
01-03 2353
 PDEVICE_OBJECT 定义在 ntddk.h中 typedef struct _DRIVER_EXTENSION {    //    // Back pointer to Driver Object    //    struct _DRIVER_OBJECT *DriverObject;    //    // The AddDevice entry point
设备对象(DEVICE_OBJECT)
BpLife
12-03 1671
1.每个驱动程序会创建一个或多个设备对象(下文称DO),用DEVICE_OBJECT数据结构表示。每个DO都会有个指针指向下一个DO,因此就形成了一个DO链。DO链的第一个DO是由DRIVER_OBJECT 结构体中的 PDRIVER_EXTENSION 指明的.DO保存DO特征和状态信息,以下是字段信息: typedef struct _DEVICE_OBJECT { CSHORT
typedef struct _DEVICE_OBJECT *PDEVICE_OBJECT;
autumn20080101的专栏
05-20 935
typedef struct DECLSPEC_ALIGN(MEMORY_ALLOCATION_ALIGNMENT) _DEVICE_OBJECT { CSHORT Type; USHORT Size; LONG ReferenceCount; struct _DRIVER_OBJECT *DriverObject; struct _DEVICE_OBJEC
#include <ntddk.h> #include <wdm.h> #include <ntddndis.h> // 调试级别定义(必须放在所有include之后) #define DPFLTR_IHVDRIVER_ID 0x63 // 自定义驱动标识(0-63) #define MYDRIVER_TRACE_LEVEL_INFO DPFLTR_INFO_LEVEL // 0x0 #define MYDRIVER_TRACE_LEVEL_WARNING DPFLTR_WARNING_LEVEL // 0x1 #define MYDRIVER_TRACE_LEVEL_ERROR DPFLTR_ERROR_LEVEL // 0x2 #define MYDRIVER_TRACE_LEVEL_VERBOSE 0x3 // 自定义详细级别 #define IOCTL_PROTOCOL_CONTROL CTL_CODE(FILE_DEVICE_NETWORK, 0x800, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA) typedef struct _PROTOCOL_DRIVER { PDEVICE_OBJECT DeviceObject; PFILE_OBJECT FileObject; KEVENT CompletionEvent; IO_STATUS_BLOCK IoStatus; } PROTOCOL_DRIVER; // 协议特征结构 typedef struct _PROTOCOL_CHARACTERISTICS { ULONG Magic; USHORT HeaderSize; UCHAR Checksum; } PROTOCOL_CHARACTERISTICS; // 全局变量 PROTOCOL_DRIVER g_ProtocolDriver; PROTOCOL_CHARACTERISTICS g_ProtocolChars = { 0x4E455449, sizeof(PROTOCOL_CHARACTERISTICS), 0xAA }; // IRP完成回调 NTSTATUS ProtocolIoCompletion( _In_ PDEVICE_OBJECT DeviceObject, _In_ PIRP Irp, _In_ PVOID Context) { UNREFERENCED_PARAMETER(DeviceObject); PKEVENT event = (PKEVENT)Context; KeSetEvent(event, IO_NO_INCREMENT, FALSE); return STATUS_MORE_PROCESSING_REQUIRED; } // 绑定到协议驱动 NTSTATUS AttachToProtocolDriver() { UNICODE_STRING protoName; RtlInitUnicodeString(&protoName, L"\\Device\\Tcp"); NTSTATUS status = IoGetDeviceObjectPointer( &protoName, FILE_ALL_ACCESS, &g_ProtocolDriver.FileObject, &g_ProtocolDriver.DeviceObject); if (!NT_SUCCESS(status)) { DbgPrintEx(DPFLTR_IHVDRIVER_ID, DBG_LEVEL_ERROR, "[%s] Failed to attach to protocol driver: 0x%X\n", __FUNCTION__, status); return status; } DbgPrintEx(DPFLTR_IHVDRIVER_ID, DBG_LEVEL_INFO, "[%s] Successfully attached to protocol driver at 0x%p\n", __FUNCTION__, g_ProtocolDriver.DeviceObject); return STATUS_SUCCESS; }
03-31
typedef struct _FILTER_DEVICE_EXTENSION { PDEVICE_OBJECT AttachedDevice; } FILTER_DEVICE_EXTENSION, *PFILTER_DEVICE_EXTENSION; NTSTATUS CompletionRoutine(PDEVICE_OBJECT, PIRP, PVOID); NTSTATUS ...
/* File Kmd.h By WzrterFX */ #pragma once #ifndef KMD_H #define KMD_H #include <cstdint> #include <ntifs.h> namespace Kmd { namespace _NtifsApi { extern “C” __declspec(dllimport) NTSTATUS __stdcall IoCreateDriver( IN PUNICODE_STRING DriverName, IN PDRIVER_INITIALIZE InitializationFunction ); extern "C" __declspec(dllimport) NTSTATUS __stdcall PsLookupProcessByProcessId( IN HANDLE ProcessId, OUT PEPROCESS* Process ); extern "C" __declspec(dllimport) NTSTATUS __stdcall MmCopyVirtualMemory( IN PEPROCESS FromProcess, IN PVOID FromAddress, IN PEPROCESS ToProcess, IN PVOID ToAddress, IN SIZE_T BufferSize, IN KPROCESSOR_MODE PreviousMode, OUT PSIZE_T NumberOfBytesCopied ); } namespace _IoCtls { constexpr std::uint32_t attach = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x01, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ); constexpr std::uint32_t read = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x02, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ); constexpr std::uint32_t write = CTL_CODE(FILE_DEVICE_UNKNOWN, 0x03, METHOD_BUFFERED, FILE_SPECIAL_ACCESS ); } class Kmd { private: PDEVICE_OBJECT _deviceObject; typedef struct __AttachRequest { HANDLE process; } AttachRequest, * PAttachRequest; typedef struct __CopyMemoryRequest { PVOID from; PVOID to; SIZE_T requested; } CopyMemoryRequest, * PCopyMemoryRequest; typedef struct _KmdRequest { AttachRequest attachRequest; CopyMemoryRequest copyMemoryRequest; } KmdRequest, * PKmdRequest; static NTSTATUS KmdControl(PDEVICE_OBJECT deviceObject, PIRP io); public: NTSTATUS Create(PDRIVER_OBJECT driverObject); }; } #endif /* !KMD_H */这个可以单独加载使用吗
03-24
- 需使用 WDK(Windows Driver Kit)编译为 `.sys` 文件。 - 需签名才能在 64 位系统加载(测试模式下可绕过,但不安全)。 --- ### 四、改进方向 若要使其可加载,需补充以下内容: 1. **实现 `DriverEntry` 函数...
我意思是,typedef struct _drmModePlane { uint32_t count_formats; uint32_t *formats; uint32_t plane_id; uint32_t crtc_id; uint32_t fb_id; uint32_t crtc_x, crtc_y; uint32_t x, y; uint32_t possible_crtcs; uint32_t gamma_size; } drmModePlane, *drmModePlanePtr; 里并没有uint32_t zpos;,那如何得知 Z 轴位置
最新发布
07-11
drmModeObjectPropertiesPtr props = drmModeObjectGetProperties(fd, plane_id, DRM_MODE_OBJECT_PLANE); if (!props) { return -1; // 错误 } int zpos = -1; for (int i = 0; i < props->count_props; i++...
[Win驱动7]ObReferenceObjectByName获取设备对象指针(PDEVICE_OBJECT)
輚至消亡
10-18 1782
1. ObReferenceObjectByName是通过设备对象名获取设备对象指针, 其会造成设备对象的引用计数增加所以还需要调用ObDereferenceObject来降低引用计数 2. IoGetDeviceObjectPointer可以通过设备对象名获取设备对象指针和与其相关的文件对象指针,同样需要对其调用ObDereferenceObject来降低引用 第一种方式是通过这个未公开的内核函数ObReferenceObjectByName来获取设备对象指针,该原型是这样的: NTKERNELA
驱动开发:探索DRIVER_OBJECT驱动对象
支持一对一答疑的编程作家朱文伟的博客!
04-12 633
入口处都会存在这样一个驱动对象,该对象内所包含的就是当前所加载驱动自身的一些详细参数,例如驱动大小,驱动标志,驱动名,驱动节等等,每一个驱动程序都会存在这样的一个结构。这一系列则是微软的调用号,不同的RIP代表着不同的涵义,但一般驱动也就会用到如下这几种调用号。编译这段程序,签名并运行,我们即可看到如下输出信息,此时当前自身驱动的详细参数都可以被输出;编译这段程序,签名并运行,我们即可看到如下输出信息,此时当前自身驱动的详细参数都可以被输出;即可得到全部的数据,这段代码可以写成如下样子,其中的。
设备对象DEVICE_OBJECT
weixin_34159110的博客
04-09 189
设备对象用于保存设备特征和状态的相关信息。一个设备对象表示一个逻辑的、虚拟的或物理的设备,设备对象的I/O请求由一个驱动对象操控着。每一个内核模式的驱动必须创建设备对象,它通过调用IoCreateDevice函数一次或多次来创建。设备对象用结构体DEVICE_OBJECT表示。每个设备对象有一个指针(NextDevice)指向下一个设备对象,从而形成一个设备对象链表。该链表的第一个设备是由驱动对象...
OBJECT_TYPE结构
IT男也疯狂
07-14 3602
typedef struct _object_type_flags{ char CaseInsensitive : 1; char UnnamedObjectsOnly : 1; char UseDefaultObject : 1; char SecurityRequired : 1; char MaintainHandleCount : 1; char MaintainTypeLis
DRIVER_OBJECT
autumn20080101的专栏
12-14 624
DRIVER_OBJECT  (2011-08-08 10:17:43) 转载▼ 标签:  it   typedef struct _DRIVER_OBJECT {     CSHORT Type;     CSHORT Size;     PDEVICE_OBJECT DeviceObject;
一段文件删除代码(动态加载驱动)
TrustNature
09-22 2231
#include #define NT_DEVICE_NAME L"\\Device\\SuperKill" #define DOS_DEVICE_NAME L"\\DosDevices\\SuperKill" VOID SKillUnloadDriver( IN PDRIVER_OBJECT DriverOb
01-驱动入口函数
ahaozi01的博客
07-15 1191
内核入口函数 同应用层的Winmain函数入口一样,驱动程序也有自己的函数入口,函数名叫DriverEntry,函数原型如下: NTSTATUS DriverEntry(PDRIVER_OBJECT pdriver, PUNICODE_STRING reg) 参数一为pdriver,表示一个驱动对象的指针,此参数有系统调用系统自动传入,这个指针,指向名为DRIVER_OBJECT的结构体,里面记录了驱动的详细信息。 typedef struct _DRIVER_OBJECT { CSHORT Type; C
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值