【原创】《windows驱动开发技术详解》第4章实验总结二

1 实验要求（WDM驱动）

 

 

2 编写过程

 

2.1 确立整体架构

 

2.1.1 入口函数——DriverEntry

 

（1）作用

• 设置pDriverObject结构体，注册AddDevice和相关PNP函数，包括IRP_MJ_PNP，IRP_MJ_CREATE等

（2）注意

• AddDevice在Driver_Object结构体的DriverExtension->AddDevice，原型是NTSTATUS AddDevice (PDRIVER_OBJECT pDriverObject, PDEVICE_OBJECT PhysicaPhysicalDeviceObject)；因为它需要一个最基本的驱动对象以及用于附加的物理设备对象
• 注册IRP_MJ_PNP请求函数，IRP请求函数的返回值和形参类型都一样
• 注册IRP_MJ_CREATE、 IRP_MJ_READ、IRP_MJ_WRITE、IRP_MJ_CLOSE请求，这里注册为同一个函数

 

2.1.2 添加设备——AddDevice

 

（1）作用

• 该函数由系统调用，用于创建设备对象，符号链接、附加到PDO

（2）注意

• 顺序问题：创建设备对象->符号链接->附加到PDO->设置设备拓展->设置设备对象Flags；符号链接最好紧接放在创建设备对象之后，后面三步位置可以随意，这样做是因为当符号链接创建失败后，要删除设备对象。如果把PDO后面三步放在符号链接前，如果没有对PDO进行脱离，再删除设备对象会产生问题；造成时间浪费。
• 附加到PDO函数：IoAttachDeviceToDeviceStack，注意返回值，返回的是附加设备的下层设备，如果没有过滤驱动，那么就是PDO。
• pDeviceObject->Flags &= ~DO_DEVICE_INITIALIZING;这一步是必需的，保证设备初始化完毕。

 

2.1.3 驱动卸载——DriverUnLoad

 

（1）作用

• 这个和NT驱动有点区别，NT驱动要删除设备对象和符号链接，以及释放资源。而WDM的只需要释放资源即可。

（2）注意

• 返回值为VOID

 

2.1.4 驱动卸载——IRP_MN_REMOVE_DEVICE请求处理

 

（1）作用

• 删除设备对象和符号链接，脱离PDO

（2）注意

• 这个请求处理函数，名字自定义，但是返回值NTSTATUS，形参是PDEVICE_OBJECT和PIRP，这和所有PNP请求处理函数都一样
• 要对IRP的返回状态进行设置，主要是IoStatus.Status和IoStatus.Information
• IRP请求可以继续向底层转发，IoCallDriver
• IoDetachDevice的实参是被附加的设备对象
• 删除时，如果设备对象的NextDevice域不为空也要删除

 

2.1.5 PNP请求处理——IRP_MJ_PNP

 

（1）作用

• 处理各种类型PNP请求

（2）注意

• （根据Major分，这是一个大类）IRP_MJ_PNP请求，根据其Minor值还分了多种类型的PNP。
• 函数内部，主要就是从当前IRP堆栈里获取Minor值，然后再调用相应的处理函数，比如上文的IRP_MN_REMOVE_DEVICE
• 获取Minor值方法：PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp);ULONG fcn = stack->MinorFunction;
• 要知道PNP的请求列表，对于IRP_MN类的请求处理，如果是要转发到下一层则可以不用对IoStatus的返回情况进行设置，否则要对其进行设置

 

2.1.6 PNP请求Minor值对应的请求的默认处理

 

（1）作用

• 处理具体类型PNP请求

（2）注意

• 对于IRP_MN类的请求处理，如果是要转发到下一层则可以不用对IoStatus的返回情况进行设置，否则要对其进行设置
• 请求可以转发给下层IoCallDriver，也可以进行完成处理

3 完整代码

#include <wdm.h>

typedef struct {
    UNICODE_STRING devName;
    UNICODE_STRING linkName;
    PDEVICE_OBJECT fdo;
    PDEVICE_OBJECT nextStackDevice;
}DEVICE_EXTENSION, *PDEVICE_EXTENSION;

#pragma PAGEDCODE
void dump(PDEVICE_OBJECT pdo)
{
    PAGED_CODE();
    //显示调试信息
    KdPrint(("-------------------------------------
"));
    KdPrint(("Begin dump device stack
"));
    for (int i = 0; NULL != pdo; pdo = pdo->AttachedDevice, i++)
    {
        KdPrint(("the %d device in device stack
", i));
        KdPrint(("device attcheddevice:%#010x", pdo->AttachedDevice));
        KdPrint(("device nextdevice:%#010x", pdo->NextDevice));
        KdPrint(("device stacksize:%d
", pdo->StackSize));
        KdPrint(("device's driverobject:%#010x", pdo->DriverObject));
    }
    KdPrint(("Dump over
"));
    KdPrint(("-------------------------------------
"));
}

#pragma PAGEDCODE
NTSTATUS AddDevice(PDRIVER_OBJECT pDriverObject, PDEVICE_OBJECT PhysicalDeviceObject) //形参不知道
{
    PAGED_CODE();

    KdPrint(("Enter AddDevice
"));

    NTSTATUS status;
    PDEVICE_OBJECT pDeviceObject;
    UNICODE_STRING devName, linkName;
    PDEVICE_EXTENSION pDevExt;

    //创建设备对象
    RtlInitUnicodeString(&devName, L"\Device\WDM_ChenJiaqi");
    status = IoCreateDevice(pDriverObject, sizeof(DEVICE_EXTENSION), &devName, FILE_DEVICE_UNKNOWN, 0, TRUE, &pDeviceObject);
    if (!NT_SUCCESS(status))
    {
        return status;
    }
    //创建符号链接
    RtlInitUnicodeString(&linkName, L"\??\WDM_ChenJiaqi");
    status = IoCreateSymbolicLink(&linkName, &devName);
    if (!NT_SUCCESS(status))
    {
        IoDeleteDevice(pDeviceObject);
        return status;
    }
    //将FDO附加到PDO之上
    PDEVICE_OBJECT pNextStackDevice = IoAttachDeviceToDeviceStack(pDeviceObject, PhysicalDeviceObject);
    //设置设备扩展
    pDevExt = reinterpret_cast<PDEVICE_EXTENSION>(pDeviceObject->DeviceExtension);
    pDevExt->devName = devName;
    pDevExt->linkName = linkName;
    pDevExt->fdo = pDeviceObject;
    pDevExt->nextStackDevice = pNextStackDevice;
    //设备对象Flags
    pDeviceObject->Flags |= DO_BUFFERED_IO | DO_POWER_PAGABLE;
    pDeviceObject->Flags &= ~DO_DEVICE_INITIALIZING;

    dump(pNextStackDevice);
    KdPrint(("Leave AddDevice
"));
    return STATUS_SUCCESS;
}

#pragma PAGEDCODE
VOID DriverUnLoad(PDRIVER_OBJECT pDriverObject)
{
    PAGED_CODE();
    //释放内存等相关操作
    pDriverObject;
    KdPrint(("Enter DriverUnLoad
"));
    KdPrint(("Leave DriverUnLoad
"));
}

#pragma PAGEDCODE
NTSTATUS DefaultPnpHandler(PDEVICE_EXTENSION pdx, PIRP pIrp)
{
    PAGED_CODE();
    KdPrint(("Enter DefaultPnpHandler
"));
    //
    IoSkipCurrentIrpStackLocation(pIrp);
    KdPrint(("Leave DefaultPnpHandler
"));
    //
    return IoCallDriver(pdx->nextStackDevice, pIrp);
}

//对IRP_MN_REMOVE_DEVICE的处理，从DriverUnLoad的功能分离出来
#pragma PAGEDCODE
NTSTATUS HandleRemoveDevice(PDEVICE_EXTENSION pDeviceExtension, PIRP pIrp)
{
    PAGED_CODE();

    KdPrint(("Enter HandleRemoveDevice
"));
    //设置IRP的完成状态
    pIrp->IoStatus.Status = STATUS_SUCCESS;
    pIrp->IoStatus.Information = 0; //读写字节数
    //将IRP请求向底层驱动转发
    NTSTATUS status = DefaultPnpHandler(pDeviceExtension, pIrp); //这个函数由我们自己编写
    //删除符号链接
    IoDeleteSymbolicLink(&pDeviceExtension->linkName);
    //调用IoDetechDevice()把FDO从设备栈脱离开
    IoDetachDevice(pDeviceExtension->nextStackDevice);
    //删除FDO
    IoDeleteDevice(pDeviceExtension->fdo);
    KdPrint(("Leave HandleRemoveDevice
"));
    return status;
}

#pragma PAGEDCODE
NTSTATUS DefaultDispatchRoutinue(PDEVICE_OBJECT pDeviceObject, PIRP pIrp)
{
    //对IRP的处理
    PAGED_CODE();
    KdPrint(("Enter DefaultDispatchRoutinue
"));
    pDeviceObject;
    //设置IRP返回情况
    pIrp->IoStatus.Status = STATUS_SUCCESS;
    pIrp->IoStatus.Information = 0;    // no bytes xfered
    //完成对IRP的处理
    IoCompleteRequest(pIrp, IO_NO_INCREMENT);
    KdPrint(("Leave DefaultDispatchRoutinue
"));
    return STATUS_SUCCESS;
}

#pragma PAGEDCODE
NTSTATUS WDMPnp(IN PDEVICE_OBJECT fdo,IN PIRP Irp)
{
    PAGED_CODE();

    KdPrint(("Enter HelloWDMPnp
"));
    NTSTATUS status = STATUS_SUCCESS;
    //得到设备拓展
    PDEVICE_EXTENSION pdx = (PDEVICE_EXTENSION)fdo->DeviceExtension;
    //得到当前IRP堆栈
    PIO_STACK_LOCATION stack = IoGetCurrentIrpStackLocation(Irp);
    //定义函数指针列表
    static NTSTATUS(*fcntab[])(PDEVICE_EXTENSION pdx, PIRP Irp) =
    {
        DefaultPnpHandler,        // IRP_MN_START_DEVICE
        DefaultPnpHandler,        // IRP_MN_QUERY_REMOVE_DEVICE
        HandleRemoveDevice,        // IRP_MN_REMOVE_DEVICE
        DefaultPnpHandler,        // IRP_MN_CANCEL_REMOVE_DEVICE
        DefaultPnpHandler,        // IRP_MN_STOP_DEVICE
        DefaultPnpHandler,        // IRP_MN_QUERY_STOP_DEVICE
        DefaultPnpHandler,        // IRP_MN_CANCEL_STOP_DEVICE
        DefaultPnpHandler,        // IRP_MN_QUERY_DEVICE_RELATIONS
        DefaultPnpHandler,        // IRP_MN_QUERY_INTERFACE
        DefaultPnpHandler,        // IRP_MN_QUERY_CAPABILITIES
        DefaultPnpHandler,        // IRP_MN_QUERY_RESOURCES
        DefaultPnpHandler,        // IRP_MN_QUERY_RESOURCE_REQUIREMENTS
        DefaultPnpHandler,        // IRP_MN_QUERY_DEVICE_TEXT
        DefaultPnpHandler,        // IRP_MN_FILTER_RESOURCE_REQUIREMENTS
        DefaultPnpHandler,        // 
        DefaultPnpHandler,        // IRP_MN_READ_CONFIG
        DefaultPnpHandler,        // IRP_MN_WRITE_CONFIG
        DefaultPnpHandler,        // IRP_MN_EJECT
        DefaultPnpHandler,        // IRP_MN_SET_LOCK
        DefaultPnpHandler,        // IRP_MN_QUERY_ID
        DefaultPnpHandler,        // IRP_MN_QUERY_PNP_DEVICE_STATE
        DefaultPnpHandler,        // IRP_MN_QUERY_BUS_INFORMATION
        DefaultPnpHandler,        // IRP_MN_DEVICE_USAGE_NOTIFICATION
        DefaultPnpHandler,        // IRP_MN_SURPRISE_REMOVAL
    };
    //得到IRP的Minor编号，了解它是哪种类型的PNP请求
    ULONG fcn = stack->MinorFunction;
    if (fcn >= sizeof(fcntab) / sizeof(fcntab[0]))
    {                        // 未知的子功能代码
        status = DefaultPnpHandler(pdx, Irp); // some function we don't know about
        return status;
    }
    //PNP请求名列表
    static char* fcnname[] =
    {
        "IRP_MN_START_DEVICE",
        "IRP_MN_QUERY_REMOVE_DEVICE",
        "IRP_MN_REMOVE_DEVICE",
        "IRP_MN_CANCEL_REMOVE_DEVICE",
        "IRP_MN_STOP_DEVICE",
        "IRP_MN_QUERY_STOP_DEVICE",
        "IRP_MN_CANCEL_STOP_DEVICE",
        "IRP_MN_QUERY_DEVICE_RELATIONS",
        "IRP_MN_QUERY_INTERFACE",
        "IRP_MN_QUERY_CAPABILITIES",
        "IRP_MN_QUERY_RESOURCES",
        "IRP_MN_QUERY_RESOURCE_REQUIREMENTS",
        "IRP_MN_QUERY_DEVICE_TEXT",
        "IRP_MN_FILTER_RESOURCE_REQUIREMENTS",
        "",
        "IRP_MN_READ_CONFIG",
        "IRP_MN_WRITE_CONFIG",
        "IRP_MN_EJECT",
        "IRP_MN_SET_LOCK",
        "IRP_MN_QUERY_ID",
        "IRP_MN_QUERY_PNP_DEVICE_STATE",
        "IRP_MN_QUERY_BUS_INFORMATION",
        "IRP_MN_DEVICE_USAGE_NOTIFICATION",
        "IRP_MN_SURPRISE_REMOVAL",
    };

    KdPrint(("PNP Request (%s)
", fcnname[fcn]));
    //!!!根据IRP的MINOR编号，调用相应的请求处理函数
    status = (*fcntab[fcn])(pdx, Irp);
    KdPrint(("Leave HelloWDMPnp
"));
    return status;
}

#pragma INITCODE 
extern "C" NTSTATUS DriverEntry(PDRIVER_OBJECT pDriverObject, PUNICODE_STRING pRegisterPath)
{
    //设置pDriverObject结构体，注册AddDevice和相关PNP函数，包括IRP_MJ_PNP，IRP_MJ_CREATE等
    KdPrint(("Enter DriverEntry
"));
    pRegisterPath;
    //设置AddDevice函数
    pDriverObject->DriverExtension->AddDevice = AddDevice;
    //注册PNP
    pDriverObject->MajorFunction[IRP_MJ_PNP] = WDMPnp;
    pDriverObject->MajorFunction[IRP_MJ_CREATE] =
        pDriverObject->MajorFunction[IRP_MJ_WRITE] =
        pDriverObject->MajorFunction[IRP_MJ_READ] =
        pDriverObject->MajorFunction[IRP_MJ_CLOSE] = DefaultDispatchRoutinue;
    KdPrint(("Leave DriverEntry
"));
    return STATUS_SUCCESS;
}

4 inf文件

;;WDM_Driver inf文件--2015年8月14日
[Version]
Signature = "$Windows NT$"
Class = WDM_Driver
ClassGUID = {EF2962F0-0D55-4bff-B8AA-2221EE8A79B0}
Provider = cposture
DriverVer = 
CatalogFile=WDM_Driver.cat
CatalogFile.ntamd64=WDM_Driver.cat
CatalogFile.nt=WDM_Driver.cat
[ClassInstall32.NTamd64]
AddReg=Class_AddReg
[Class_AddReg]  
HKR,,,,%DeviceClassName%            
HKR,,Icon,,"-5" 
[SourceDisksNames]
1 = %DiskName%,,
[SourceDisksFiles]
WDM_Driver层次结构.sys = 1
WDM_Driver层次结构.sys = 1
[DestinationDirs]
DefaultDestDir = 12  
my_files_driver = 12
[my_files_driver]
WDM_Driver层次结构.sys
[my_files_driver64]
WDM_Driver层次结构.sys
[Manufacturer]
%MfgName%=Mfg0,NT,NTamd64
[Mfg0.NT]
%DeviceDesc%=InstallLauncher, PCIVEN_9999&DEV_9999
[Mfg0.NTamd64]
%DeviceDesc%=InstallLauncher, PCIVEN_9999&DEV_9999
;---------- DDInstall Sections -----------------------------------------------
[InstallLauncher.NT]                        
CopyFiles=my_files_driver
AddReg=Install_NT_AddReg
[InstallLauncher.NT.Services]
Addservice = WDM_Driver, 0x00000002, Sys_AddService    
[Sys_AddService]  
DisplayName = %DeviceDesc%                                
ServiceType = 1
StartType = 3
ErrorControl = 1
ServiceBinary = %12%WDM_Driver层次结构.sys
[Install_NT_AddReg]
HKLM, "SystemCurrentControlSetServicesWDM_DriverParameters","BreakOnEntry", 0x00010001, 0 
;---------------------64位支持---------------
[InstallLauncher.NTamd64]                        
CopyFiles=my_files_driver64
AddReg=Install_NT_AddReg64
[InstallLauncher.NTamd64.Services]
Addservice = WDM_Driver, 0x00000002, Sys_AddService64
[Sys_AddService64]
DisplayName = %DeviceDesc%
ServiceType = 1
StartType = 3
ErrorControl = 1
ServiceBinary = %12%WDM_Driver层次结构.sys
[Install_NT_AddReg64]
HKLM, "SystemCurrentControlSetServicesWDM_DriverParameters","BreakOnEntry", 0x00010001, 0
 
[Strings]
MfgName="cpostute"
DeviceDesc="WDM_Driver"
DiskName="WDM_Driver Source Disk"
DeviceClassName = WDM_Driver

本文链接：http://www.cnblogs.com/cposture/p/4734288.html