Complete program at Download: http://download.csdn.net/detail/dijkstar/7913249
The event created by the user layer is an handle handle, and the kernel-created kernel mode of kevent is a thing. As a result, events created at the application layer can be obtained and used at the kernel level. This part of the principle, see Zhang Fan authored "Windows Drive Technology detailed" chapter 8.5.4,p237 page;
The program comes from the section 8.5.4 (Driver and Application interaction event objects) and Chapter 10.2.1 (DPC Timers) in the Windows Driver Technical detail chapter.
First, create a wait event in the application layer, create a thread that monitors the wait event, and pass the Wait event event to the kernel:
- //
- //1. Creating a wait event for the user layer, passing in the kernel
- //2. Creating threads for monitoring the arrival of kernel events
- //
- HANDLE hevent = CreateEvent (null, False, False, null);
- HANDLE hthread = (HANDLE) _beginthreadex (NULL, 0, Thread1, &hevent, 0, null);
- //The wait event of the user layer is passed into the kernel first
- DeviceIoControl (Hdevice, Ioctl_set_event, &hevent, sizeof(hevent), NULL, 0, & Dwoutput, NULL);
Monitor the contents of the thread: (it uses the number of query instruction cycles, you can test each wait waitforxx time)
- UINT WINAPI Thread1(lpvoid para)
- {
- HANDLE *phevent = (HANDLE *) para;
- while (1)
- {
- //Get initial value
- QueryPerformanceCounter (&LITMP);
- Qt1=litmp. QuadPart;
- //Wait
- WaitForSingleObject (*phevent, INFINITE);
- //Get termination value
- QueryPerformanceCounter (&LITMP);
- Qt2=litmp. QuadPart;
- //Get the corresponding time value, go to the millisecond unit
- Dfm= (double) (QT2-QT1);
- DFT=DFM/DFF;
- printf ("Time of this wait:%.3f MS \ n", dft*1000.0);
- }
- }
The user layer also notifies the driver kernel to launch a DPC timer that is used to trigger the application layer's wait event events each time:
- DWORD dwmircoseconds = *; //Unit microseconds
- DeviceIoControl (Hdevice, Ioctl_start_timer, &dwmircoseconds, sizeof(DWORD), NULL, 0, &dwoutput, NULL);
In the driver, you first take out the event that the application layer passes in and convert it into a kernel object:
- Case Ioctl_set_event:
- {
- //Pass in the user layer waiting for the event to take out
- HANDLE huserevent = * (HANDLE *) pirp->associatedirp.systembuffer;
- //Convert user layer event to kernel wait object
- Status = Obreferenceobjectbyhandle (Huserevent, Event_modify_state,
- *exeventobjecttype, KernelMode, (pvoid*) &pdevext->pevent, NULL);
- Kdprint (("status =%d\n", status)); //status's supposed to be 0 .
- Obdereferenceobject (pdevext->pevent);
- break;
- }
When each timer arrives in the kernel, the activation wait event is equal to the WAITFORXX function that triggers the activation of the application layer to continue execution:
- #pragma lockedcode
- VOID pollingtimerdpc(in pkdpc pdpc,
- in PVOID PContext,
- in PVOID SysArg1,
- In PVOID SysArg2)
- {
- Pdevice_object pdevobj = (pdevice_object) pContext;
- Pdevice_extension PDX = (pdevice_extension) pdevobj->deviceextension;
- Kesettimer (
- &pdx->pollingtimer,
- Pdx->pollinginterval,
- &PDX->POLLINGDPC);
- Kdprint (("pollingtimerdpc\n"));
- //Timer arrives, notifies the user layer
- if (pdx->pevent)
- KeSetEvent (Pdx->pevent, Io_no_increment, FALSE);
- /*
- //check is run in any thread context
- peprocess peprocess = iogetcurrentprocess ();
- ptstr ProcessName = (ptstr) ((ULONG) peprocess + 0x174);
- Kdprint (("%s\n", ProcessName));
- */
- }
The other parts of the program see the Source code interpretation, this program has two problems, one is that the application layer must exit normally, or drive the kernel layer because the DPC timer can not be properly shut down, and continue to do not find the wait events, causing the blue screen crash; second, although in the kernel, the DPC timer has a trigger accuracy of 1 100ns levels. , but when the trigger period is set to below 20ms, it is not meaningful to monitor waitfor at the application layer, which is more than 10 milliseconds resolution precision, and then down setting.
JPG change rar
Pass event events defined by the user layer to the Windows kernel driver and respond to kernel-level notifications
