1,The four types of kernel mode drivers from top to bottom are:File System drivers,Intermediate drivers,Device drivers,Mini-drivers.These four drivers be grouped together in stacks that work together to completely process a request targeted at a particular Device Object.
Driver stacks are mostly created by the drivers themselves,The correct creation of a driver stack under windows nt depends on each driver in the stack being started at the correct time,The time at which driver is started is determinied by its Registry parameters.After all mini drivers started,The Devices Driver are started,The deive driver calls
IoGetDeviceObjectPointer() to look for mini drivers and created a File Object.
File System drivers are at the top of the windows NT driver stack,They are added dynamically to the driver stack.
2,Windows NT uses a layered driver model to process IO requests,In this model,drivers are organized into stacks,each driver in a stack is responsible for processing the part of request that it can handle.When the IO manager receives an IO system services call,it allocates an IRP with at least an many IO stack locations as there are drivers in the driver stack.When a driver is called with an IRP to process,On receiving the IRP,a driver calls IoGetCurrentIrpStackLocation() to get a pointer to the current IO stack location with the IRP and examine the IRP's parameters,The driver may do the following:
(1),Process the IRP itself
(2),Pass the IRP on to a lower-layer driver to process and complete.In order to pass an IRP to another driver,the driver must set up next IO Stack location in the IRP for the underlying driver to which the request will passed .The driver calls IoGetNextIrpStackLocation() function to get a pointer to the next IO Stack location.The request is then passed to the next-lowest-level driver by calling the IoCallDriver() function,a high level driver's call to IoCallDriver() does not return until the Dispatch routine of the called driver performs a return operation.
(3),Hold on to the IRP,and creat one or more additional IRPs that are passed to lower-level drivers to allow higher-level driver to ultilately satisfy the request.
3,A driver may wish to be informed when a request that it has passed to a lower-level is completed,It can do this by calling the IoSetCompletionRoutine() function prior to passing the IRP to an underlying driver.
4,Filter Drivers
The windows NT IO manager includes the capability for one kernel mode driver to "attach" one of its Device objects to a Device Object created by a different driver.The result of this is that IRPs destined for the driver associated with the orignal Device Object will be snet to the driver associated with the "attached" Device Object,This attached driver is a Filter driver.
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
