Wrk中IO部分学习总结
2011-07-15 12:51
351 查看
*********************************************io object type ****************************************************** IopCreateObjectTypes //create sorts of object type OBJECT_TYPE_INITIALIZER | | v ObpAllocateObject | | V ObCreateObjectType //create object type by object name and OBJECT_TYPE_INITIALIZER POBJECT_TYPE | | V ObpInsertDirectoryEntry ObpInsertDirectoryEntry() dc ObpTypeDirectoryObject _object_directory _OBJECT_DIRECTORY_ENTRY->Object _object_type nt!_OBJECT_DIRECTORY +0x000 HashBuckets : [37] Ptr32 _OBJECT_DIRECTORY_ENTRY +0x094 Lock : _EX_PUSH_LOCK +0x098 DeviceMap : Ptr32 _DEVICE_MAP +0x09c SessionId : Uint4B +0x0a0 Reserved : Uint2B +0x0a2 SymbolicLinkUsageCount : Uint2B kd> dt _OBJECT_DIRECTORY_ENTRY nt!_OBJECT_DIRECTORY_ENTRY +0x000 ChainLink : Ptr32 _OBJECT_DIRECTORY_ENTRY +0x004 Object : Ptr32 Void -----_object_type _OBJECT_DIRECTORY +---------------------------+ contains 37 _OBJECT_DIRECTORY_ENTRY items |HashBuckets[37] |--------------------+ | | | +---------------------------+ V _OBJECT_DIRECTORY_ENTRY +------------------------+ point to |ChainLink |-------------------->_OBJECT_DIRECTORY_ENTRY | | +------------------------+ point to |Object | +-- ----------------------------| | | +------------------------+ V _object_type +----------------------+ | | contains |TypeInfo |----------------->_OBJECT_TYPE_INITIALIZER +----------------------+ _object_header +--------------+ | NameInfo |-------------------------------------->_OBJECT_HEADER_NAME_INFO | | +------------------+ | | | _OBJECT_DIRECTORY| +--------------+ point to | | | type |------------------>_object_type +------------------+ | | +--------------+ point to |body |-----+ +--------------+ | | |<----+ | | for object type header is _OBJECT_TYPE +--------------+ for _driver_object for other object member driverextension is pointer to address is append to driver_object _Driver_object +------------------+ | | +------------------+ for boot load point to _LDR_DATA_TABLE_ENTRY which contain module info | DriverSection |----------------------------->KLDR_DATA_TABLE_ENTRY +------------------+ | driverextension |-----+ +------------------+ |point to | |<----+ | Driver_Extension | +------------------+ #### PsInitialSystemProcess system process eprocess ***************************************io create object******************************************************** ##### ObpKernelHandleTable ObCreateObject | | V ObInsertObject | | V ***************************************io load driver ************************************************************* system load dirver time can be divide into 4 parts 1. boot load 2. sys load 3. auto load 4. demand load 5. disabled 1 boot load NTSTATUS IopInitializeBuiltinDriver( IN PUNICODE_STRING DriverName, IN PUNICODE_STRING RegistryPath, IN PDRIVER_INITIALIZE DriverInitializeRoutine, IN PKLDR_DATA_TABLE_ENTRY DriverEntry, IN BOOLEAN IsFilter, //is filter driver or not OUT PDRIVER_OBJECT *Result ); #### we can get boot load driver list by traverse PsLoadedModuleList PsLoadedModuleList KLDR_DATA_TABLE_ENTRY IopInitializeBootDrivers | | V IopInitializeBuiltinDriver (ioinit.c) | | V IopInitializeAttributesAndCreateObject -> ObCreateObject | | V ObInsertObject | | V fill drvier section by traverse PsLoadedModuleList | | V fill driver start addr and image size | | V fill driver name and driverextension serverkey name and get hardware info from reg | | V call InitRoutine i guess call driver_entry | | V IopReadyDeviceObjects traverse device_object and do ~DO_DEVICE_INITIALIZING 2 system load IopInitializeSystemDrivers | | V CmGetSystemDriverList (base\ntos\config\cmsysini.c) traverse controlset*** get system load type driver list | first grouporderlist and ServiceGroupOrder then CmpResolveDriverDependencies | http://support.microsoft.com/kb/115486/zh-cn tell us grouporderlist is define load order | | V IopLoadDriver (base\ntos\io\iomgr\internal.c) CheckForSafeBoot = true IsFilter = false | | V construct driver full path | | V MmLoadSystemImage load image to system space | | V same as IopInitializeBuiltinDriver but system load will check safemode and check driver is loaded or not and check is legacy driver or not. these two loader type both in system process just beacuse call these from IoInitSystem. 3 auto load scm (services.exe) to load check call it from user mode or kernel mode, if call it from user mode, then check have privelge or not,;and then check is in system process or not, if in system process, directly call IopLoadUnloadDriver, otherwise put a workitem to workitemqueue, system thread will do it. NtLoadDriver (base\ntos\io\iomgr\loadunld.c) | | V IopLoadUnloadDriver (base\ntos\io\iomgr\internal.c) PLOAD_PACKET is parameter | | V IopLoadDriver typedef struct _LOAD_PACKET { WORK_QUEUE_ITEM WorkQueueItem; KEVENT Event; PDRIVER_OBJECT DriverObject; PUNICODE_STRING DriverServiceName; NTSTATUS FinalStatus; } LOAD_PACKET, *PLOAD_PACKET; if DriverObject is null to call IopLoadDriver, otherwise to unload driver 4 demand load IoCreateDriver (base\ntos\io\iomgr\iosubs.c) *****************************************driver object,device object, file object********************************* Driver_object Device Stack +-----------------------+ <-------------------------------------------------+ <-------------------------------------------------+ | | Device_object | | |PDevice_object |------------------>+-----------------------+<------|-------------+ | +-----------------------+ | | | | | | PDriverObject |-------+ | | +-----------------------+ | Device_object | | NextDevice |---------------------|----------->+-----------------------+ | +-----------------------+ | | | | +-----| AttachedDevice | | | PDriverObject |--+ | +-----------------------+ | +-----------------------+ | | DeviceExtension | | | +-----------------------+ | | | | | | | | | | | Driver_object | | +-----------------------+ <-------------------------------------------------+ | | | | Device_object | | |PDevice_object |-------------+---->+-----------------------+ | | +-----------------------+ | | | | | PDriverObject |-------+ | +-----------------------+ | | AttachedDevice |-------+ | +-----------------------+ | | +----| DeviceExtension | | | | +-----------------------+ V | | | | | +--->+-----------------------+ | | | | | AttachedTo |---------------------+ +-----------------------+ file object is an instance of opened device object. file_object +------------------+ | | point to device_object | DeviceObject |------------------------------------------------>+----------------+ +------------------+ | | | | +----------------+ | Vpb |------------------+ +------------------+ | | | V _VPB | RelatedFileObject| +--------------------+ +------------------+ | | point to device_object | DeviceObject |--------------------> +--------------------+ point to device_object | RealObject |--------------------> +--------------------+ relation between handle ,file object and device object. n 1 n 1 handle---------------- file object --------------device object how to understand 3 pointer relate to device object. Let us insight into how file object created IoCreateFile | | V IopCreateFile (base\ntos\io\iomgr\iosubs.c) | | V ObOpenObjectByName | | V ObpLookupObjectName | | V ObpLookupDirectoryEntry | | V IopParseDevice | | V ObCreateObject ObpRootDirectoryObject
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- 黑马程序员——Java学习总结 IO部分
- Mms conversation部分学习总结
- Nginx学习回顾总结 部分:
- JavaScript学习总结(四)function函数部分
- 个人学习总结的部分java小知识与面试题(三)
- Java学习笔记 --- IO理解总结
- Java IO/NIO学习总结
- JAVA IO 学习总结
- JAVA IO学习总结
- 黑马程序员---IO流后半部分总结
- Spark生态之Alluxio学习21--疑问:为什么master看不到D9,而work节点有D9部分数据?
- 29.IO学习——总结(1)
- Java IO学习笔记总结
- 《Windows 程序设计(第五版,珍藏版)》第I部分 基础知识 学习总结
- [黑马程序员]09[C语言]循环控制语句部分学习笔记总结
- Netty IO线程模型学习总结
- Java 部分的学习总结
- 风机控制部分简略总结学习
- 黑马程序员——Java学习总结:IO常用方法练习
- C++学习总结系列--函数部分