Some basic functions

The rtlinitunicodestring function is used to calculate the Unicode string size and fill in the unicode_string structure. In general, Unicode strings are statically defined in the Code and remain unchanged during running, therefore, it is entirely possible to enter the unicode_string structure during the link and it is very easy, this makes it easier to understand and save space (saving 8-byte unicode_string structure, a maximum of 3-byte alignment space, and calling rtlinitunicodestring code at least 14 bytes ). This is why I do not like the above Code. I often use the ccounted_unicode_string macro to complete it, so that the above Code can be completed in two rows:

Ccounted_unicode_string "// device // devname", usdevicename, 4
Ccounted_unicode_string "//?? // Devname ", ussymboliclinkname, 4

If you agree with me, you can also define the driver name and symbolic connection name in your own driver:

. Const
Ccounted_unicode_string "// device // dev1_tophys", g_usdevicename, 4
Ccounted_unicode_string "//?? // Slvirttophys ", g_ussymboliclinkname, 4

(Note: the original author's macros are good at processing Unicode strings in English, but the Chinese strings won't work. Therefore, it is most convenient to use Chinese strings for dynamic conversion, the common method is to use the rtlinitansistring function to generate an ansi_string structure, and then use the rtlansistringtounicodestring function to convert ansi_string to unicode_string. If you write these two sentences into a sub-program or macro, ).

In earlier Windows NT versions "/?? "The directory does not exist, so in that case, you need to set "/?? "Change to"/dosdevices ", which can be used in subsequent Windows versions. To forward compatibility, the system creates a "/dosdevices" connection under the root directory, pointing directly "/?? "Directory.

//////////////////////////////////////// //////////////////////////////////////// //////////////////////////////////////// //////////////////
Keinitializespinlock

I) spin lock)

The driver can call keinitializespinlock to create the object during initialization. Before Accessing Protected data in any code segment, call keacquirespinlock to obtain the ownership of the object. If it succeeds, the code segment is promoted to dispatch_level by the system for data access. After the access is completed, you must call kerelease spinlock to release the ownership, and the running level is also restored. This method is only applicable to code with the synchronous running level less than or equal to disp atch_level. It is mainly used for multi-CPU scenarios. In addition, an interrupt spin lock is used to synchronize with the interrupt processing process, so that lower-level code can be upgraded to the interrupt dirql that needs to be synchronized with it.

Ii) Controller)

This object is mainly used to synchronize multiple devices in a driver to ensure that they can access specific code or data in sequence. This object is created when iocreatecontroller is called during driver initialization. The device calls ioallocatecontroller during the startio process to obtain the exclusive permission of the Controller to the image. Call iofreecontroller to release the instance. When the driver stops, call iodeletecontroller to delete the object from the memory. The object has a pointer controllerextension pointing to a structure defined by the driver, which stores the public data of the drive program.

Iii) Adapter)

This object is used to synchronize multiple devices (not necessarily in one driver) to use the DMA channel. This object is automatically created when the system starts detection hardware. The driver calls halgetadapter during initialization to obtain the pointer of this object. The device calls ioallocateadapterchannel during the startio process to obtain the independent occupation of the DMA channel, and then starts to transmit data. Call iofreecontrollerchannel to release the DMA channel.

Iv) DPC

Because the objects in the DPC queue are always processed in sequence by the system, you can also make the code to be synchronized into the DPC process. You can put the corresponding DPC objects at the end of the queue when calling the code.

V) Others

Similar to user-Mode Applications, drivers can also use multithreading and provide a set of synchronization objects, such as event, mutex, semaphore, timer, and thread. The event object can be named, and different drivers can use the event object with the same name to synchronize access to public data.

 

//////////////////////////////////////// //////////////////////////////////////// ////////

 

Structure and running of the kernel-mode device driver in Windows NT

Generally, the device driver has two main tasks: first, to accept read/write requests from the user program
User data is transmitted to the device, or the data received from the device is transmitted to the user. Second, the device is poll or processed.
An interruption request from the device to complete data transmission.

1.2.1 communication between drivers and User Programs

The I/O manager abstracts each device to the upper layer into a file, so in the Win32 user program
The following simple file operation API functions can communicate with a device in the driver.
The driver can drive multiple devices ):

Function Name

Createfile open a device and prepare for data transmission. Returns a device-related handle.

Closehandle closes a device opened by createfile.

Readfile reads data from the device.

Writefile writes data to the device.

Deviceiocontrol performs some custom operations on the device, such as changing the settings.

Table 1

1.2.2 DriverEntry Process

This is the entry to every device driver, which is automatically called every time the program is started. Most devices
Initialization is completed in this process. Including setting portals for responding to various user requests, enabling I/O Management
The handler can know the processes that should be called to process when a user's open, closed, read/write requests arrive. Driver
In the sequence, only the name of this Process "DriverEntry" is fixed. All the processes listed below are subject to this process
System registration.

If the driver does not respond to any request, a DriverEntry process can constitute
Line driver.


1.2.3 unload and shutdown processes

The unload process is responsible for some necessary processing before the driver is stopped. For example, release resources and record the final state
Status. The shutdown process is called when the system is about to close. The difference between the Shutdown Process and the shutdown process is that you do not need to release any resources.



1.2.4 dispatchopen and dispatchclose Processes

These two processes are called when you call createfile and closehandle.
Or perform some necessary processing after the read/write is completed.


1.2.5 dispatchread, dispatchwrite and startio Processes

The first two processes are called when you call readfile and writefile. They first perform some test on user requests.
Then start a process called startio to start the actual data transmission with the hardware. I
The/O manager also provides a pointer to the user buffer through the IRP to exchange data with the user program.
. For more information, see 1.3.2.


1.2.6 accept other custom requests

These two processes are called when you call deviceiocontrol. It obtains the user's request number through IRP

And a pointer to the user buffer, which can communicate with the user program.


1.2.7 interrupt handling process (ISR)

These processes are called by the system when they are interrupted.


1.2.8 deferred procedure)

These processes are used to complete one of the higher-level processes (such as Interrupt Processing) at a lower-level.
Some tasks. For more information, see 1.3.3.

 

//////////////////////////////////////// //////////////////////////////////////// //////////////////////////////////////// ////////////

1.3.2 objects

I) I/O Request Packet (IRP)

Each time the I/O manager receives a request from a user, it creates a structure and sends it as a parameter to the drive.
The dispatchxxx and startio processes of the program. The structure contains the request type, the first place of the user buffer.
Address, length of user request data, and other information. After the driver processes this request, it also adds processing in the Structure
Call iocompleterequest to return the result to the I/O manager.
.

Ii) DPC

This object needs to be created when the DPC process is used in the driver. For more information, see 1.3.3.

Iii) driver object)

This object is created by the I/O manager when the driver is started! Q Network (12 $ * stores the process in which the program processes various requests.
Entry, the linked list of all Device objects driven by the program, etc.

Iv) device object (deviceobject)

Every time you find a device that can be driven,

X] ui6k network-based wklcc

The driver calls iocreatedevice to create an object. The

The object has a pointer deviceextension pointing to a structure defined by the driver, which stores information about this device
All information, such as the port number and interrupt vector.

V) interrupt object (Interrupt)

This object is created when the driver calls ioconnectinterrupt and contains information about the process of interruption and processing.
When an interruption occurs, I/O manager uses it to find the corresponding processing process.


1.3.3 deferred procedure call)

Since the interrupt processing process runs at a high dirql level, {The 9tcwl & M! C. They can shield many processes whose levels are less than or equal to them.
If the CPU usage is too long, it is easy to degrade the system performance. Therefore, the process of interrupt handling should be
Some of the less urgent tasks are put in the process called DPC. After the data transmission and other urgent tasks are completed, a DPC
The object is placed at the end of the DPC queue of the system, and then exited to give up the CPU as early as possible. The system will complete all dirql levels
After the task is processed in the DPC queue, execute the DPC Process specified by each DPC object at dispatch_level.
Process incomplete tasks during the disconnection process.

1.3.6 buffer I/O and direct I/O

After the driver creates a device, you can set the value of the flags field of the deviceobject to set the device to a buffered I/O or a direct I/O.

If the value is set to do_buffered_io, each time the I/O manager receives a read/write request, it allocates a region of the same size as the user zone in the non-page area of the memory, the first pointer is stored in the associatedirp of the IRP object. in S ystembuffer, the driver exchanges data with the user through this buffer. When a read request is completed, I/O manager automatically copies the content in the buffer zone to the user zone and releases the zone.

If the user zone is larger than one page (4096 bytes on 80x86), this value is generally set to do_direct_io. When the I/O manager receives a read/write request, it first locks the physical memory of the user zone, and then creates an inner storage description table (MDL) for it ), the first pointer of the table is stored in the mdladdress of the IRP object. The driver can call mmgetsystemaddressformdl to obtain the address of the user area in the system space. When a read request is completed, the I/O manager automatically unlocks the region.

1.3.7 timing

To prevent read/write requests from timeout when a device fails, or to periodically poll the status of some devices, the driver needs to set some timers. There are two ways to set the timer in the driver. One is to call ioinitializetimer to associate iotimer in a timer process with a device object. After iostar ttimer is called, The iotimer is called every second until the driver calls iostoptimer. If you need to set a timer with a shorter interval, you need to use a deferred process call mechanism called customtimerdpc. It can set the system to put a set DPC object at the end of the DPC queue at a certain time and execute a specified timer DPC process. This interval can be accurate to ns.