Recently I have been studying Windows Kernel programming and have also come into contact with some driver concepts. Some of these concepts are confusing, so I wrote this article to express my opinion:
First, let's talk about the driver object (driver_object). It can be said that the driver object represents a Driver (or a kernel module ). When writing a kernel program, you must enter such a structure to inform the windows program of its functions. Kernel programs do not generate processes. They have system processes loaded and can exist in any process.
A device object (device_object) can be a specific physical device, such as a keyboard or hard disk, or a virtual "device", such as a pipe used for inter-process communication. A device object is created by a driver object. A driver object can create many Device objects. These Device objects are stored in a device stack. These Device objects are linked together by a linked list. When new device objects are generated, they should be inserted at the end (to be understood ).
For requests, we can understand the messages in the Windows SDK program design. It is generally transmitted in IRP mode. The device object is the only entity that can accept the request. However, a drive object may contain many Device objects. Which device object is used for processing?
In my understanding, like the message passing mechanism in MFC, there is a message receiving order, and the same is true for IRP requests, it is first sent to one of the top devices in the device stack (newly added). If it is not processed, it will continue to be sent downward. If it is still not processed at the end, I think there will be a default processing.
This is my understanding of these concepts. If any of these concepts is incorrect, you are welcome to criticize and correct them!