IRP Dispatch operation

The IRPTRACE tool Tracking IRP dispatch function (DISPATHC Funtion) is an important concept in Windows drivers. The main function of the driver is to handle I/O request, where most of the I/O requests are handled in the dispatch function. i/for all drivers in user modeo request. All of the operating systems are transformed into a data structure called an IRP, and different IRP data are dispatched to different dispatch functions. IRP (I/O Request Package) is similar to the message processing mechanism for Windows applications. An majorfunction in an IRP that holds dispatched functions such as: Pdriverobject->driverunload =helloddkunload; Pdriverobject->majorfunction[irp_mj_create] =helloddkdispatchroutine; Pdriverobject->majorfunction[irp_mj_close] =helloddkdispatchroutine; Pdriverobject->majorfunction[irp_mj_write] =helloddkdispatchroutine; Pdriverobject->majorfunction[irp_mj_read] =Helloddkdispatchroutine; The simplest way to handle these IRP is to set the status of the IRP to success in the appropriate dispatch function, ending the IRP request (IoCompleteRequest). Irp_mj_cleanup cleanup Work, CloseHandle will generate this irpirp_mj_close shutdown device, CloseHandle will generate this irpirp_mj_create create device, CreateFile will generate this Irpirp_mj_device_control The Devicelocontrol function generates this irpirp_mj_internal_device_control the IO code is used to communicate with other drivers IRP_MJ_PNP Plug and Play messages Irp_mj_power This irpirp_mj_read is generated when the operating system processes a power message and reads the contents of the device, ReadFile generates this irpirp_mj_shutdown before shutting down the system Irpirp_mj_system_control The control information generated inside the system is similar to when the kernel calls the Evicelocontrol function Irp_mj_write to writefile the device, which results in the simplest processing of all return successes. #pragmaPagedcodeNTSTATUS helloddkdispatchroutin (in Pdevice_object pdevobj,in pirp pirp) {kdprint ("Enter helloddkdispatchroutin\n")); Pio_stack_location STACK=iogetcurrentirpstacklocation (PIRP); NTSTATUS Status=status_success; //Complete IRPPirp->iostatus.status =status; PIRP->iostatus.information =0;//bytes xferediocompleterequest (PIRP, io_no_increment); Kdprint (("Leave helloddkdispatchroutin\n")); returnstatus;}

IRP Dispatch operation