KS源码分析
+ -
KsAddDevice

KsInitializeDriver详解

2025-03-05 7 0

KsInitializeDriver是AVStream驱动的总入口:

NTSTATUS
NTAPI
KsInitializeDriver(
    IN PDRIVER_OBJECT DriverObject,
    IN PUNICODE_STRING RegistryPathName,
    IN const KSDEVICE_DESCRIPTOR* Descriptor OPTIONAL
    )

KsInitializeDriver函数内部功能如下:

  • 如果Descriptor不为空,则调用IoAllocateDriverObjectExtension分配一个sizeof(KSDEVICE_DESCRIPTOR)的结构体,用于存储参数Descriptor
    if (Descriptor) 
    {
        PKSDEVICE_DESCRIPTOR* descriptorInExt;
        status = IoAllocateDriverObjectExtension(
                DriverObject,
                PVOID(KsInitializeDriver),
                sizeof(*descriptorInExt),
                reinterpret_cast<PVOID*>(&descriptorInExt));

        if (NT_SUCCESS(status))
        {
            *descriptorInExt = PKSDEVICE_DESCRIPTOR(Descriptor);
        }
    }

  • 设置驱动对应的派遣例程

    DriverObject->MajorFunction[IRP_MJ_PNP] =     CKsDevice::DispatchPnp;
DriverObject->MajorFunction[IRP_MJ_POWER] =     CKsDevice::DispatchPower;
DriverObject->MajorFunction[IRP_MJ_SYSTEM_CONTROL] =     KsDefaultForwardIrp;
DriverObject->DriverExtension->AddDevice = KsAddDevice;

DriverObject->DriverUnload = KsNullDriverUnload;

DriverObject->MajorFunction[IRP_MJ_CREATE] =    CKsDevice::DispatchCreate;
KsSetMajorFunctionHandler(DriverObject,IRP_MJ_CLOSE);
KsSetMajorFunctionHandler(DriverObject,IRP_MJ_DEVICE_CONTROL);

    KsSetMajorFunctionHandler函数做了二次分发,其主要根据是否支持快调IO来设置对应的FastIoDispatch等例程.
    如果是快速调用

    if (MajorFunction & KSDISPATCH_FASTIO)
{
       switch (MajorFunction & ~KSDISPATCH_FASTIO)
       {

      case IRP_MJ_DEVICE_CONTROL:
          DriverObject->FastIoDispatch->FastIoDeviceControl = DispatchFastDeviceIoControl;
          break;

      case IRP_MJ_READ:
          DriverObject->FastIoDispatch->FastIoRead = DispatchFastRead;
          break;

      case IRP_MJ_WRITE:
          DriverObject->FastIoDispatch->FastIoWrite = DispatchFastWrite;
          break;

      default:
          return STATUS_INVALID_PARAMETER;
      }
}

    如果不是快速调用(这里设置的是IRP_MJ_CLOSE和IRP_MJ_DEVICE_CONTROL,就不是),所以内容为:

           PDRIVER_DISPATCH    Dispatch;

      switch (MajorFunction) {

      case IRP_MJ_CREATE:
          Dispatch = DispatchCreate;
          break;

      case IRP_MJ_CLOSE:
          Dispatch = DispatchClose;
          break;

      case IRP_MJ_FLUSH_BUFFERS:
          Dispatch = DispatchFlush;
          break;

      case IRP_MJ_DEVICE_CONTROL:
          Dispatch = DispatchDeviceIoControl;
          break;

      case IRP_MJ_READ:
          Dispatch = DispatchRead;
          break;

      case IRP_MJ_WRITE:
          Dispatch = DispatchWrite;
          break;

      case IRP_MJ_QUERY_SECURITY:
          Dispatch = DispatchQuerySecurity;
          break;

      case IRP_MJ_SET_SECURITY:
          Dispatch = DispatchSetSecurity;
          break;

      default:
          return STATUS_INVALID_PARAMETER;

      }
      DriverObject->MajorFunction[MajorFunction] = Dispatch;

故最终结果为:

回调 函数
IRP_MJ_PNP CKsDevice::DispatchPnp
IRP_MJ_POWER CKsDevice::DispatchPower
IRP_MJ_SYSTEM_CONTROL KsDefaultForwardIrp
AddDevice KsAddDevice
DriverUnload KsNullDriverUnload
IRP_MJ_CREATE CKsDevice::DispatchCreate
IRP_MJ_CLOSE DispatchClose
IRP_MJ_DEVICE_CONTROL DispatchDeviceIoControl
KsAddDevice

0 篇笔记 写笔记

驱动对象成员之DRIVER_EXTENSION DriverExtension
驱动对象DRIVER_OBJECT有一成员变量DriverExtension,其用于保存驱动对象的扩展数据。这和设备对象DEVICE_OBJECT的DeviceExtension的含义一致,但又有所不同。typedef struct _DRIVER_OBJECT {... PDRIVER......
KsInitializeDriver详解
KsInitializeDriver是AVStream驱动的总入口:NTSTATUSNTAPIKsInitializeDriver( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPathName, ......
作者信息
我爱内核
Windows驱动开发,网站开发
好好学习,天天向上。
  • KS源码分析
  • Windows驱动
  • KS-AUDIO-COM
  • Windows消息队列
  • Windows进程&线程
  • 驱动批处理示例
    • 取消
    感谢您的支持,我会继续努力的!
    扫码支持
    扫码打赏,你说多少就多少

    打开支付宝扫一扫,即可进行扫码打赏哦

    您的支持,是我们前进的动力!