Compiling the device driver of Windows 95

Compiling the device driver of Windows 95

Entry/Jianghu kiddies

2017100008.07

1. Why do we need to set the standby drive sequence?

Starting from Windows 3.1, a method for configuring the synchronization sequence of the backup drive is adopted for the access requests for hardware backup, the customer obtains the parameter number or user set of hard parts by means of the standby drive sequence, however, it is a 16-bit operating system based on the original dos, however, in the customer program, the hard parts can still be implemented through the disconnections of some BIOS or DoS dpmi.

32-bit operating systems such as Windows 95 & NT are no longer based on 16-bit dos, if the user needs to implement the fault, DMA, I/O, or access to the storage in the hardware, both cannot avoid having to go through the standby drive sequence. Windows 95 operating system can be used to implement multi-thread and multi-process, through a virtual machine Manager (vmm 32) and VxD (Virtual Machine Manager), the system works in parallel with its standby drive, to implement the coordinated scheduling of multiple processes to prevent the collapse of another process due to one route.

2. What is the standby drive sequence?

The standby drive sequence is used to manage the binary Generation Code of the unified resource source (hardware or software, by configuring the standby drive sequence, multiple processes can be used in the same time, from which multiple processes can be implemented and run simultaneously. In general, the Standby drive sequence uses "VxD" as the suffix name, and its intention is to virtualize some virtual machines (virtual machines ). In general, it is the same to set the standby drive sequence and virtual pseudo-standby, and we will mix the two.

386 The Microprocessor has four excellent levels: Level 0, level 1, level 2, and level 3, in general, the operation system is run at the level 0, while the user program is run at the level 3. VxD is run on a level 0, and its position in the inner storage is also in the space of the operating system security protection.

Windows 95 is based on Windows 3.x, and the same pattern is used in the active/standby drive sequence of the two. That is to say, generally, the backup drive sequence written in Windows 3.x can be run in Windows 95 without modification. However, there are also some differences: generally, the drive sequence under Windows 95 is named "VxD", while Windows 3.x is named "386; the standby drive sequence of Windows 3.x must be carried in static mode when Windows is started, in Windows 95, the Standby drive sequence can be carried in the dynamic state during the process.

Windows NT adopts a completely different mode, in Windows 95 & 3.x, the Standby drive sequence cannot be the same as that in Windows NT.

In addition, windows also provides the drive sequence for some operations on level 3, the master node must be the serial port's pass-through sequence and the serial port's print-on machine sequence, which are suffixed with "DRV. However, in general, the I/O operations on Level 3 are slower than those on level 0.

3. Simple introduction to the preparation and writing of the standby drive

The preparation of the standby drive sequence has a set specification, which should be familiar with 32-bit compilation and C language; generally, it is written by the compiled language, but it can also be implemented by the mixed language of C and the compiled language; microsoft DDK (Device Driver kit) is required first. Generally, the tools are masm6 11 and vc2 0 in the previous version.

Usually, the Standby drive sequence is composed of five segments, which are divided: vxD-code, VxD-data, VxD-icode, VxD-idata, and VxD-real-init. VxD-code is the replacement code segment in the mode of protection, generally, this section includes the control sequence, return letter number, service order, and interface Letter Number of the standby drive, this section is also named-ltext; VxD-data is the data segment in the mode of protection, which generally includes the description table of the backup drive program, this section is also named "-ldata", and "VxD-icode" is the initial verification code section under the protection mode, includes the service sequence used in the initial phase, Virtual Computer Manager (vmm) after the initial completion, the segment will be removed. This segment is also named-itext; VxD-idata is the initial implementation under the protection mode. Data segment, including the data used in the initial phase, Virtual Computer Manager (vmm) after the end of the initial phase, the segment will be removed. This segment is also named-idata; vxD-real-init includes the initial data and code generation segments in the real-mode, and Virtual Computer Manager (vmm) the first step is to install this generation code segment. After the return process, this segment is removed and then loaded into its generation code segment, this paragraph is named again-rtext.

Note that in addition to the initial data and code generation segments in the real model, the four sections are the sections of the flat model.

Each standby drive sequence must first declare the name, version number, initial process, and virtual pseudo-machine control sequence of a VM (equivalent to the sequential input port ); you can also specify the ID and number of interfaces (APIS) of the slave drive ). The declare-Virtual-device macro is used to declare virtual machines, for example, the following example:

Declare-Virtual-device vsampled, 4,0, vsampled-control ,/

Vsampled-device-ID, vsampled-init-order ,/

Vsampled-v86-API-handler, vsampled-PM-API-Handler

Idea is a sample virtual machine named as vsampled. The version is 4 0 and the control process is vsampled-control, vsampled-device-ID indicates the identifier of the VM. vsampled-init-order indicates the initial process, the other two items on the outer and backend indicate the number of two types of socket ports under the v86 mode and the protection mode. Through these statements, we can determine a unique virtual computer, and the system can distinguish it from other virtual computer.

Each virtual pseudo-machine requires a virtual quasi-machine control process. The Virtual Computer Manager (vmm) transmits the Delivery Control Information to the virtual computer through this process, the system controls the execution of virtual machines through the transmission of over-control messages, such as initial changes to virtual machines and virtual machines.

A virtual pseudo-machine needs to provide some service functions. These functions can be used as virtual pseudo-machine Manager (vmm) or their virtual machines. However, the number of outgoing ports (export functions) provided by the virtual machine is not the same as that provided by Windows DLLs, and the virtual machine Manager (vmm) the connection to the virtual computer is achieved through a disconnection between 0 and 20, by using a service number, the broken sentence handle determines which virtual machine to support this service.

A virtual computer uses inproc and endproc macros to determine its service functions, which is similar to the speech language. Example:

Beginproc vsmapled-service-routine, Service

Main Body of the service ......

Endproc vsampled-service-routine

Generally, the name of beginproc is followed by a parameter: service or async-service, the latter indicates that this service order can be called in different steps. It is usually used in the class of interrupted service order, the Xtep service process sequence must be reentrant, so that it cannot be called and cannot be reentrant.

2. Configure the drive sequence for the image collection card

We need to design a graph image collection card to implement the real-time collection of the image, since the data transmission volume of image images is large, the real-time performance needs to be strong, so we use the PCI total line, and the platform of soft parts uses Windows 95.

1 Series hardware

The production system uses the saa7110 of Philips Corporation as the front-end image collection device, the PCI interface chip uses Zoran company zr36120 as the access chip. Both chips are programmable chip.

Zr36120 is a controller designed for multi-media applications. It has the power of PCI operations, it also has multi-media control functions. Compared with the data filter of image images, it is a multi-media controller (Multimedia controller for PCI Bus ). It has two groups of memory senders, one of which is configured with PCI 2 0 (configuration registers ); the other group is based on the user's storage device, whose name is Asr (application-specific registers ), this group of memory Senders must be applied to the user, including sending of data in the data format of some images, selection of filters, configuration of Medium-Cut Square, selection of DMA channels, and location memory, the ASR access method uses the storage device.

2 Software Design

The system must operate the hardware, including:

(1) Memory Distribution in DMA. The data of the graph image is transmitted to the master machine by means of DMA, and must be stored in the DMA channel according to the size and size of the graph image. The address stored in the DMA is known to the PCI port chip and the customer sequence. The address required by the PCI port chip is the physical address, the address used by the customer program is a virtual pseudo-address (the 32-bit flat pattern is a linear address ), if so, how can the two be matched?

(2) The initial evolution of the junction chip zr36120 and the image collection chip saa7110. The configuration of zr36120 should be read and written by the memory generator so that the I/O method or the BIOS is disconnected; in addition, the ASR of zr36120 uses the storage device to implement read and write operations.

All the solutions to these questions cannot be avoided. Therefore, you must use the standby drive sequence to implement the hardware operation, there is no way to implement these functions in the user sequence of the first-level 3 operation.

? Memory Allocation in DMA

First, it must be in Windows 95 system. add dmabuffersize = 2048 K to the INI file (here it is 2 m, and the big and small pieces are determined based on the actual situation of DMA Operation ). The system will keep a large and small internal storage for the user to use the post-DMA Operation.

The user saves the user in a specific segment in the self-paced sequence. The question is, how can this segment be stored in connection with the system's DMA memory. The Microsoft DDK kernel is provided for the vdmad-request-buffer system for calling, and a small DMA memory is applied to the system, the line addresses in the DMA slow-forward area pass through ESI, while the large and small addresses in the slow-forward area pass through ECx.

. The physical address of the obtained DMA domain is transmitted through edX, while the logo number is transmitted by EBX.

. After applying for the DMA domain, we must use vdmad-lock-DMA-region to lock the domain so that we can use it later.

After the DFMA memory is configured, the data exchange between the DMA memory and the user space is required. The DDK is provided for the vdmad-copy-from-buffer system calling to implement data transfer from the DMA domain to the user data zone. Among the parameters passed in, ESI stores the domain address of the user data area, ECx stores the big and small data area, and EBX stores the logo number, the amount of storage offset shifting in EDI. If the operation is successful, the CF bit is reset. If the failure is lost, the CF position is changed. In addition, vdmad-copy-to-buffer copies the data in the user zone to the DMA slow-forward zone, the input and output parameters are the same as those of the former.

? Storage Device ing method

The ASR of zr36120 must implement read and write operations using the ing method of the storage device. The storage device reflects some of its storage devices in a certain segment, the system allows users to access the data stored in the webshell; however, the inner memory projection must be an empty inner memory segment on the master machine. It cannot conflict with the existing inner memory, for example, 0xf00000000; the is a physical address, and the reading in the customer's process is a linear address, we must turn this physical address into a linear address.

-Mapphystolinear is provided in DDK to reflect the physical address as a linear address, however, this call can only be used to convert external physical addresses into linear addresses, rather than the internal storage space in the computer itself; the input parameter number is three. The first parameter number is the starting address of the physical location, and the second parameter number is the length, the third parameter is the bid, which is generally 0. The return parameter is the linear location of the lower surface of the first level 0. For example:

Vmmcall-mapphystolinear, <0f0000000h, 1000 h, 0>

It is to map a storage device with a length of 0x1000 as the physical site 0xf0000000 to the internal storage.

? Client operations

Windows 95 does not enable port protection. Therefore, you need to consider the need to set backup for serial port communication and port printing. The applicable procedure can be used to implement the operation of the peer interface by means of the call of the system letter or by means of the direct use of the language. For example, in VC, the input and output of-outp,-outpw,-outpd,-indium,-inpw,-inpd, and other functions are input and output of the current port. However, it is because of the high speed of the first-level 0, and the other side can be operated in multiple steps, A hard-ware end port is best performed in the active-standby drive sequence. According to the standard of the PCI total line 2 0, the configuration of the PCI total line storage device (configuraiotn registers) contains 256 characters, among them, the first 64 features constitute the configuration of the storage device header (paiaiotn header), the main needs to include the master machine (host) and the customer (client) the information of some interfaces, such as the device number, manufacturer number, the used medium-cut number, and the fan Wai (I/O Method) of the Port location ), the address of the storage device (the storage device )....... There are two methods for reading and writing configuration registers in PCI: the first one, it is completed by breaking the sub-function code 0xb1 of 0x1a In the BIOS. This is based on Intel's current system. The second method implements read and write operations on the two port addresses 0xcf8 and 0 xcfc, this method is designed for the same system and capacity, and its features are simplified and clear. Let's take a look at the second method: the port address 0xcf8 is the address of the storage device, the meaning of each of its 32-bit operations is as follows: Bus number, functionnumber, and device number are all allocated by the system when the computer is started, the Register number is the number of the sender that we need to read and write. The lowest two digits are 0, 8. bitegang constructed a configuration of 256 character sections and placed the address space of the storage device. The address 0 xcfc is the data sender. After writing the address and sending it, to read this port in double-byte mode, you will get the value in the configuration storage device, write a pair of words to complete the Writing Operation of the corresponding storage device. After understanding the meaning of each exercise bit, we can use two pieces of grouping to show in and out our eyes, note that these operations must be dual-word operations. For example, they must be in eax, dx, or out DX or eax, instead, you cannot convert a dual-word operation into a two-character operation or a four-character operation.

? Scheduling of the standby drive sequence by the customer's route

In this article, we will introduce the preparation and writing of the standby drive sequence. We will analyze the next customer sequence in detail (a general user sequence, most often, C and C ++ are used to compile and write data.) How can I set the standby drive sequence.

For example, if you develop a quasi-standard API function, you can use the system-standard function library for user-defined procedures. However, if the definition is not a standard function provided by the system, the number of interface letters is sent from the user to the hardware or software of the user, in this case, it cannot be obtained from the quasi-function library, but this is also the most common situation, next, we will explain the usage of the C language in detail.

After a hardware component is set to virtual backup, the hardware component is used as a file system and is called by the system; UNIX adopts this method, which is also used in Windows 95 & nt. The 32-bit system calling is provided for a createfile to open or create a "File". The following types of "file" can be opened: file, channel, communication and backup, magnetic disk, control, contents... ... We can't leave our drive sequence name as pclidevice. VxD.

As described above, we need to use the createfile system to open this backup file and get a sentence handle, as shown in the following example:

Hcvxd = createfile ("pcidevice. VxD", 0, 0, create-New, file-flag-delete-on-Close, 0 );

After the slave node is enabled, we can exchange data with the slave node. For example, the data collection card of the graph image has passed the data to the memory through the DMA method, we need to transfer the data to the internal storage of our database by means of the standby drive, in our backup drive program, there is a sub-example VxD-copy-Out-Of-DMA-buffer, Which is input with two parameters, one is the address of the slow-forward area in the process sequence, the second is the length of the slow-forward area, and the output is a parameter, tabulation or failure. Call deviceiocontrol to complete this task, as shown in the following example:

Deviceiocontrol

(Hcvxd, VxD-copy-Out-Of-DMA-

Buffer, (lpvoid) ininfo, sizeof (ininfo), (lpvoid) retinfo, sizeof (retinfo ),&

Cbbytesreturned, null );

In this example, the first parameter is the prefix of the sentence we opened. The second parameter is the code we will perform, the third and fourth parameters are the input parameters and the values are large and small (generally expressed in the case of many, few, and special tables ), for example, if the two parameters in our example are long integers, then the fourth parameter is 8; the second, sixth, and seventh parameters are the number of return parameters and their size is small; the eighth parameter is used to set the standby drive sequence in a different step, for example, the interrupted service sequence.

Iii. Sequencing

The following describes some of the key sub-programs for configuring the standby drive sequence of the collection card, however, I did not list the examples related to hardware setup and backup. I will replace some changes with all-round incremental replicas, vc5 0, masm6 11, and DDK are used in the next sequence for compilation and translation.

. 386 P
. Xlist
Include vmm. inc
Include vdmad. inc
Include configmg. inc
. List
Extern-lineadr: DWORD
Extern-bufsize: DWORD
Extern-physadr: DWORD
Extern-buffid: DWORD
VxD-locked-code-seg

In the back-to-eax, the High-level language can obtain the line-to-line address public phys2linear in the same procedure as calling.

Phys2linear proc

Vmmcall-mapphystolinear, <080000000 H, 1000 h, 0>

The starting physical address must be 0x80000000 linear address with a length of 0x1000

RET

Phys2linear endp

; Allocation and lock-store one segment of DMA memory domain

Phblic alloc-lick-DMA-region

Alloc-lock-DMA-region proc

MoV ESI,-lineadr; wire location

MoV ECx,-bufsize; DMA region length

Vxdcall vdmad-request-Buffer

Mov-physadr, EDX; the origin address of the original object is in edX

Mov-buffid, EBX; ID in EBX

MoV ESI,-lineadr

MoV ECx,-bufsize

MoV D1, 1

Vxdcall vdmad-lock-DMA-region

RET

Alloc-lock-DMA-region endp

Copy data from the DMA domain to the user's internal storage

Public copy-from-DMA-Buffer

Copy-from-DMA-buffer proc

MoV EBX,-buffid; ID

MoV ESI,-lineadr; user line address

Xor edi, EDI; start address of the DMA slow-forward zone

MoV ECx,-bufsize; length of the input to be uploaded

Vxdcall vdmad-copy-from-Buffer

Copy-from-DMA-buffer endp

; Save and release the DMA

Public Free-DMA-region

Free-DMA-region proc

MoV ESI,-lineadr

MoV ECx,-bufsize

Vxdcall vdmad-Unlock-DMA-region

MoV EBX,-buffid

Vxdcall vdmad-release-Buffer

RET

Free-DMA-region endp