Driver learning for windows!

 

VxD is short for virtual device drivers. X represents the names of various devices, such as virtual keyboard drivers (vkd) and virtual mouse drivers (vmd ). VxD itself is a 32-bit executable program running on the ring0 layer. It is an excuse between the winodws application and the actual hardware and an interface for operating system resource management, virtualization of devices. Windows is a multi-task and multi-thread operating system. external devices are often used by multiple threads Based on DoS or windows. The real hardware device only has one set (it is impossible for three applications to use the mouse, and you can only buy three sets of mouse). Therefore, you must Virtualize three sets of devices based on only one set of devices, it makes applications feel that they are dedicated hardware devices every moment. Device virtualization is achieved through the device driver running on the ring0 layer. The driver acts as a "Replacement" for the actual hardware, and the thread or application always exchanges information with the "Replacement" of the hardware (that is, the VxD driver we write. As you can see, VxD is equivalent to the DLL running on the ring0 layer. You can call it for any work that you want to complete on the ring0 layer. Note: 1. VxD is a unique driver model of Windows 9xx system. It is not suitable for Windows NT Windows 2000. Therefore, the driver cannot be transplanted to the platform. 2. vxD is a privileged program running on the ring0 layer. It can do anything to the system. A malicious VxD program can destroy the system, there is no protection for the VxD system. 3. Think twice !!!   In the NT System, the CPU only runs on two levels, and the NT operating system is based on the customer and server models, the system consists of the core State mode program running on the ring0 layer and the user State program running on the ring3 layer. The kernel mode, that is, the NT execution body, is the core of the OS, including the system service and hardware description layer. It completes the services that the operating system should provide, such as file system, process control, memory management, and device management. The user mode runs on the ring3 layer and is an Environment Subsystem provided by NT. Nt OS runs several subsystems on the ring3 layer. These subsystems are like virtual machines. They are compatible with different systems, such as UNIX, OS/2, DOS, Windows9X, and so on, although it seems that the APIs on other systems are actually all converted into ntapi after the kernel is entered, it is nothing more than simulating various OS. In the Windows 32 subsystem, both user GDI components are transferred to the kernel for faster graphic processing. In the NT operating system, a hierarchical structure is used to divide the executable layer, the microkernel layer, and the Hardware Abstraction Layer HAL. The executable layer includes: I. I/0 manager, responsible for operating system I/O subsystem management. It completes the I/0 operation asynchronously by sending data packets. For device drivers, the I/0 manager is responsible for providing the architecture and support for Kernel drivers, for example, I/O manager is used to accept user requests, exchange data with user programs, memory ing, hook interruption, and synchronization. We can think that when the kernel driver is dynamically loaded into the system, this driver can be considered as part of the I/O manager. I/O provides interfaces between the device driver and other parts of the NT operating system. The I/O system service provides device independent interfaces between the requested application and other parts of the I/O subsystem. Regardless of the Request mode, the provided interfaces remain unchanged regardless of the environment in which the sub-system is running or the request device category. The I/O system service and I/O manager always provide an IRP standard description to the kernel driver, so that the kernel-mode driver does not have to process the differences between requests. 2. Object Manager, the execution layer provides services for user-mode applications through an object-based interface. These objects are generally used to represent objects, processes, threads, shared memory segments, and other things. The object manager is used to manage these objects, including creating and deleting objects, maintaining the global object namespace, and recording the number of pending references to a specified object. 3. Security Reference monitor provides some security access policies for calling in kernel mode and user mode in the form of primitives. It verifies object access permissions and checks user privileges and production review messages. Most device drivers do not consider security issues. It is handled by the I/O manager before calling the driver. 4. Process Manager is responsible for Process Creation and deletion. Together with the object manager, process objects and thread objects are created. It works with the memory manager to allocate virtual address space for processes. 5. The Virtual Memory Manager and the high-speed buffer manager constitute the NT Memory Management Sub-system. Each process has 4 GB space. The memory manager must manage the memory usage, the On-Demand paging virtual memory management technology is required. From the perspective of driver development, the memory manager is used as the memory distributor of the driver. 6. Local Process calling mechanism. The LPC mechanism is a message passing mechanism that enables communication between processes on the same machine. It is usually used for communication between applications and their environment subsystems, the driver has no permission to access the LPC. VII. Windows 32 supports parts, including many user part codes in the Win32 Environment subsystem, making it easier to implement interfaces between GUI applications and graphics devices. Microkernel layer: It provides interrupt and exception handling, process scheduling and synchronization, multi-processor synchronization, and timed control. The service provided by the microkernel layer can ignore the differences between the underlying CPU architecture. Therefore, the differences between the device driver and the underlying operating system components and the underlying CPU are not considered, this allows the driver to work on CPUs with different architectures.   Hardware Abstraction Layer: Hal allows the operating system to provide a set of standard interfaces externally without relying on a special hardware platform or system. Hal provides standard models of available system resources and standard views of specific hardware platform functions, other executable parts access resources through standard interfaces, thus achieving hardware abstraction ". These standard interfaces are actually a set of well-defined functions. Various operation components use Hal functions to deal with hardware outside the CPU. The Hal function basically hides the platform-specific details from the rest of the system, thus shielding the differences between different hardware platforms.