On dowsNT, the driver is called the KernelDriverMode driver.
I think this Mode refers to the structure and
Operation Specifications), there are different names. For example, drivers on Windows 9x are all called VXD, while drivers on Windows snt
The program is called the KDM driver, Windows98 ~ 2000 the new model emerged in this period is WDM.
The concept of Driver Model in Windows is originally about driver behavior. For example, the WDM driver must meet the requirements of providing n types
Features (such as power management and plug-and-play) are called "WDM drivers ". If these functions are not provided, they are called NT-type drivers.
Similarly, the WDF driver has a series of its specifications.
However, this book uses a simple differentiation method. Place everything in Windows2000 ~ Windows Vista works normally and WDF phase is not called
All the drivers of the core API functions are called traditional drivers (including NT and WDM ). If WDF-related kernel APIs are called
F driver.
Note: The WDF driver can call the kernel API called by the traditional driver. The WDF driver can be regarded as an upgraded version.
The development of the model is not just in step with the upgrade of the operating system version, but a process of gradual substitution. For example, Windows 98 has
Some WDM drivers are supported, but some VXD drivers are supported. In Windows2000, The VXD driver is complete.
All are eliminated. KDM is the predecessor of WDM. WDM adds some new features based on KDM and develops some new specifications.
That's it. Most function calls are generic. Of course, the Windows 9x series have completely different kernels, so VXD has no
There is a kernel API function that is the same.
As a result, VXD cannot escape the fate of being completely eliminated due to the loss of Windows 9X. WindowsNT evolved into a later version of Windows.
And KDM also becomes WDM. Of course, Microsoft will not be idle, and now it has launched a new WDF. Readers have to worry: This book
Is it written using WDM or WDF? Will it be eliminated after learning?
Different from VXD, KDM, WDM, and WDF are in the same line. Basically, KDM Programmers take advantage of WDM learning. To
WDF is no exception. WDF is not so much a new driver development model as it is based on the existing kernel API and data structure.
Install a set of Apis starting with Wdf-that make users feel simpler and easier to use. Therefore, readers do not have to worry about the development of WDF.
Let the previous efforts to learn the traditional drive go beyond the limit. A typical example is: release the first version
The code for filtering diskperf on the hard disk is 18 years later. It can still be compiled and run normally on the latest version of Vista today.
This book uses traditional drivers to describe most of the chapters that cannot find WDF instances. Such as disk filtering and File System
Filter and network middle layer driver. In addition, in order to get started with simplicity, two entry-level examples (Serial Port and keyboard) also use the traditional
Driver. However, the examples of Virtual Disks and virtual NICs (Chapter 2 and Chapter 5th) use the WDF version.
Service Control Manager SCM
Similar to the linux daemon (many services are enabled during system guidance in linux or unix operating systems.
It is called a daemon process)
Windows Services are loaded at system startup. You must enable or disable services on the service control platform.
Driver Service is a special Service case and follows the windows Service protocol.
Loading harmony in the NT drive is divided into four steps:
1. Create a new service for the NT driver
2. Enable this service
3. disable this service
4. Delete the service created by the NT driver
The above four steps are implemented through the services established by SCM.
IO request package-IRP
IRP (IO request package) is used for win32 communication with the driver. The NT kernel has a component called the IO manager. IO manager is responsible for IRP delivery
After the device is created in the driver and the symbolic link is created, Win32 can load the driver. To enable a driver to process I
RP. You must add an IRP processing routine to the driver.
The method to add is to face the DriverObject operation in DriverEntry. This parameter is a pointer pointing to the driver object,
The driver object contains an array of MajorFunction. the type of the array is
NTSTATUS (* PDRIVER_DISPATCH) (IN PDEVICE_OBJECT DeviceObject, in pirp ). This is a function
Specifies the processing routine for Each IRP. The last step is to implement corresponding routines for all IRPs to be processed.