Basic infrastructure for Windows driver Development (vi) NT drivers

Windows Driver Development Basic Series, reprint please indicate source: http://blog.csdn.net/ikerpeng/article/details/38821919

NT-type drivers are not plug-and-play drivers, including 3 parts: The DriverEntry function, the CreateDevice function, and the Driverunload function. In fact, there is an IRP dispatch function, but this is not the introduction of the first.

The next step is to explain it in detail.

When the system starts, the system process is created, and when the driver loads, the system starts a new thread and creates a driver object . When the system thread calls the DriverEntry function, it implements the initialization of the drive object.

1. DriverEntry

extern "C"NTSTATUS driverentry (in Pdriver_object pdriver_object,

In punicode_string Pregistrypath);

pdriver_object: Point to this drive object.

Pregistrypath: Pointer to the key name string for the device service key. The content of the string is generally \registry\machine\system\controlset\services\[ service name ].

Where: In is the modifier of the parameter, which is the input of the parameter, in the same vein, out represents the output of the memory, two can be used simultaneously.

The return value is a 32-bit long, which is the ntstatus type of data.

2. CreateDevice

is created through IoCreateDevice, in the following form:

NTSTATUS
IoCreateDevice (
In Pdriver_object DriverObject,
In ULONG deviceextensionsize,//Specify the size of the device extension
In punicode_string devicename optional,//the name of the device object
In Device_type DeviceType,
In ULONG devicecharacteristics,//set the characteristics of a device object
In BOOLEAN Exclusive,// Sets whether the device object is used in kernel mode and is generally true
Out pdevice_object *deviceobject //points to the newly created device object.
);

It should be noted that even given the name of the device can only be recognized by other drivers in kernel mode, to use the following application in user mode to identify the need for: symbolic link method. That is, the way we get an alias, it's like we're naming the hard disk "C-Disk", which can be recognized by other applications.

This function is:

< Span style= "Color:rgb (102,102,102)" >< Span lang= "en-us" >ntstatus 
   iocreatesymboliclink (
    in punicode_ string   symboliclinkname ,//alias (address)
    in punicode _string   devicename            //this device
     );

< Span style= "Color:rgb (102,102,102)" > "\?? \ " (or" \dosdevice\ " c disk is " \?? \c: ". In user mode, it starts with " \\.\" c disk is " \\.\c: "

3. Driverunload

It is generally responsible for removing the device objects created inside the DriverEntry. The created symbolic link is also deleted. The specific functions are as follows:

< Span style= "Color:rgb (102,102,102)" >void 
   iodeletedevice (
    in pdevice_object    deviceobject
    );

< Span style= "Color:rgb (102,102,102)" >NTSTATUS 
Iodeletesymboliclink (
   in punicode_string   symboliclinkname
);

Basic infrastructure for Windows driver Development (vi) NT drivers