NLP-driven learning notes (5): Communication Between apps and drivers

Upper Layer and driver communicationDeviceiocontrolFunction. This isWin32 API, InSDK. This function generatesIrp_mj_device_controlPackage. If the corresponding routine has been registered in the driver, this package will trigger the work of this routine. If it is the communication between the driver and the driver, useIobuilddevicecontrolrequestFunction.DDK.Irp_internal_device_controlPackage, and the corresponding routine is triggered. The twoIRPThe package has a very important structure calledIOCTL(Io control code), Used to specify various details in the communication. The data structure is32BIT data blocks, including6Each region contains a type of information.IOCTLShows the structure

 

DDKThere isCtl_codeMacro. We can easily define this macro.IOCTL. No matterIrp_mj_device_controlOrIrp_internal_device_controlPackage,IOCTLAre defined in the following format:

# Define IOCTL _Device_FunctionCtl_code (Devicetype,Function,Method,Access)

Devicetype: Device type, andDevice_objectStructureDevicetypeMust be consistent. Note:Zero x 8000The following figures are occupied by Microsoft.

Function Code: FunctionCode, Which can be customized to differentiate operation types. Note:Zero x 800The following figures are occupied by Microsoft.

Method:IoBuffer type,Method_buffered,Method_in_direct,Method_out_direct,Method_neitherFour types.

Method_bufferedIndicates that the input and output are all buffered by the system. In this policy, the input and output point to the same memory block.Io ManagerManagement. During input, the data is copied to the buffer, and then the buffer is copied to the driver. During output, the data is copied to the buffer, and then the buffer is copied to the user space. Since the same buffer is used, the caller has to manage the data to prevent obfuscation. The buffer address is stored inIRP. associatedirp. systembufferThe input data size isParameter. deviceiocontrol. inputbufferlength, The output data size isParameter. deviceiocontrol. outputbufferlength, Both are inIo_stack_locationStructure.

Method_in_directIndicates that the output is buffered and the input is direct.Io. In this policy, the output is the same as the above method, while the input directly accesses the specified memory area and does not pass the buffer.IomanagerFirst lock the memory block of the input data, and then store the address inIRP. mdladdress. The size of the input and output data blocks is the same as that above.

Method_out_directIndicates that the input is buffered and the output is directIo.Io ManagerLock the memory of the output data and store it inIRP. mdladdress.IRP. associatedirp. systembuffer. The size of the input and output data blocks is the same as that above.

Method_neitherIndicates that no buffer is required for input and output,I/O managerPlace the caller's input buffer address inIRPCurrentI/OStack UnitParameters. Devi ceiocontrol. typeinputbufferBuffer the output The address of the zone is stored inIRPOfUserbufferDomain. Both addresses are in the user space. Address.

as shown in the preceding description, when the buffer is executed I/O , I/O the manager allocates memory in the non-copy page pool , if the caller's buffer is large, the allocated non-copy page pool will also be large. The non-copy page pool is a valuable resource of the system. Therefore, if the caller's latency is large, we generally use the I/O method ( for example, disk read/write requests ) , This not only saves system resources, on the other hand, because the I/O Manager copies data between the System Buffer zone and the caller buffer zone, it also improves the efficiency, especially for data transmission drivers Programs . However, you must note that, directly Io requires that the driver and IOCTL initiators run in the same in the thread.

Access: Indicates the access permission of the caller.File_any_access,File_read_data,File_write_dataThree options are optional.File_any_accessIndicates that the user has all permissions,File_read_dataIndicates that the permission is read-only,File_write_dataIndicates that the permission is writable.File_write_data | file_read_dataIndicates that the permission is readable and writable, but has not been reachedFile_any_access.

User-DefinedIOCTLPay attention to the following principles:

1.FunctioncodeAlways definedZero x 800The above number, becauseZero x 800The following figures are occupied by Microsoft.

2.Carefully consider the access permissions. If you do not have the permissions specifiedIo ManagerIgnoredIOCTL

3.Carefully consider the memory area to be accessed. If you read and write a key memory, the system will restart

Driver internal executionIOCTLPay attention to the following principles:

1.ReceivedIOCTLCheck the entire32Bit Data Integrity

2.UseIovalidatedeviceiocontrolaccessCheck whether the access permission is valid

3.Strict ComplianceParameter. deviceiocontrol. inputbufferlengthAndParameter. deviceiocontrol. outputbufferlengthAccess the input/output area at the specified size. Otherwise, the system restarts.

4.After applying for a piece of memory in the driver, always useRtlzeromemoryClear Region

5.DirectIoPolicy, useMmgetsystemaddressformdlsafeWhen obtaining the corresponding memory area, you must determine whether it isNull

6. direct Io , use probeforread and probeforwrite to check whether the memory is accessible.