Shulou(Shulou.com)06/03 Report--

This article mainly explains "what is the kernel driver object". The content in the article is simple and clear, and it is easy to learn and understand. let's follow the editor's train of thought to study and learn "what is the kernel driver object".

Driving object explanation

1.1 structure

1.2 output code outputs basic driver object information

1.3 results

Driving object explanation 1. Driving object 1.1 structure

In the kernel. Each driver module is a driver object. Are represented by a DRIVER_OBJECT structure. You can imagine that the driver object is a process container. Accommodate all rivers.

Let's do a simple member output for the driver object. To be familiar with the driving object.

The drive object structure is as follows:

Typedef struct _ DRIVER_OBJECT {CSHORT Type;CSHORT Size;//// The following links all of the devices created by a single driver// together on a list, and the Flags word provides an extensible flag// location for driver objects.//PDEVICE_OBJECT DeviceObject;ULONG Flags;//// The following section describes where the driver is loaded. The count// field is used to count the number of times the driver has had its// registered reinitialization routine invoked.//PVOID DriverStart; / / the starting address of the driver object ULONG DriverSize; / / the size PVOID DriverSection of the driver object / / drives the object structure. Can be parsed as _ LDR_DATA_TABLE_ENTRY is a linked list that stores the extension information of the next driver object PDRIVER_EXTENSION DriverExtension; / driver. You can customize the name of the object that stores our data / The driver name field is used by the error log thread// determine the name of the driver that an I request is/was bound.//UNICODE_STRING DriverName; O request is/was bound.//UNICODE_STRING DriverName; / / driver / The following section is for registry support. This is a pointer// to the path to the hardware information in the registry//PUNICODE_STRING HardwareDatabase;//// The following section contains the optional pointer to an array of// alternate entry points to a driver for "fast I do O" support. Fast I/O// is performed by invoking the driver routine directly with separate// parameters, rather than using the standard IRP call mechanism. The uninstall address of Note// that these functions may only be used for synchronous I MJ_MAXIMUM_FUNCTION O, and when// the file is cached.//PFAST_IO_DISPATCH FastIoDispatch;PDRIVER_INITIALIZE DriverInit;PDRIVER_STARTIO DriverStartIo;PDRIVER_UNLOAD DriverUnload; / / driver object PDRIVER_DISPATCH MajorFunction [IRP _ function + 1];} DRIVER_OBJECT;typedef struct _ DRIVER_OBJECT * PDRIVER_OBJECT Output code outputs basic driver object information # include VOID MyDriverUnLoad (_ In_ struct _ DRIVER_OBJECT* DriverObject) {DbgPrint ("driver uninstalled\ r\ n");} extern "C" NTSTATUS DriverEntry (_ In_ PDRIVER_OBJECT DriverObject, _ In_ PUNICODE_STRING RegistryPath) {ULONG64 uImage = 0; DriverObject- > DriverUnload = MyDriverUnLoad DbgPrint ("driver loaded start printout\ r\ n"); DbgPrint ("driver name =% wZ\ r\ n", DriverObject- > DriverName) DbgPrint ("driver start address% x size x end address% x\ r\ n", DriverObject- > DriverStart, DriverObject- > DriverSize, uImage = ((ULONG64) DriverObject- > DriverStart + DriverObject- > DriverSize)); DbgPrint ("unload address of the driver object =% p\ r\ n", DriverObject- > DriverUnload); / / output all callback addresses of the driver object. DbgPrint ("IoControl callback address of driver object =% p\ r\ n", DriverObject- > Majorfunction [IRP _ MJ_DEVICE_CONTROL]); DbgPrint ("read callback address of driver object =% p\ r\ n", DriverObject- > MajorFunction [IRP _ MJ_READ]); DbgPrint ("write callback address of driver object =% p\ r\ n", DriverObject- > Majorfunction [IRP _ MJ_WRITE]) DbgPrint ("creation callback address of driver object =% p\ r\ n", DriverObject- > Majorfunction [IRP _ MJ_CREATE]); DbgPrint ("shutdown callback address of driver object =% p\ r\ n", DriverObject- > MajorFunction [MJ_CLOSE _ MJ_CLOSE]); DbgPrint ("- traversal callback output -\ r\ n") / / Macro looks for for (auto I = 0; I) from the DrverObject object

MajorFunction [I]);} DbgPrint ("completion of all functions"); return STATUS_SUCCESS;} 1.3 results

Thank you for your reading. the above is the content of "what is the kernel driver object". After the study of this article, I believe you have a deeper understanding of what the kernel driver object is, and the specific use needs to be verified in practice. Here is, the editor will push for you more related knowledge points of the article, welcome to follow!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.