Windows内核编程基础篇之常见内核数据结构

    1，驱动框架常见数据结构有 驱动对象结构，  设备对象结构等。

        A）驱动对象结构  (DRIVER_OBJECT)

            每个驱动对象代表一个已加载的内核驱动程序，指向驱动对象结构的指针常常作为DriverEntry，AddDevice，Unload等函数的参数。驱动对象结构式半透明的。其中公开的域包括DeviceObject，DriverExtension，HardwareDatabase ，FastIoDispath，DriverInit，DriverStartIo，DriverUnload以及MajorFunction。

        驱动对象的数据结构如下：

typedef struct _DRIVER_OBJECT {
　　CSHORT Type;
　　CSHORT Size;
//
　　// The following links all of the devices created by a single driver
　　// together on a list, and the Flags word provides an extensible flag
　　// location for driver objects.
　　//
PDEVICE_OBJECT DeviceObject;
　　ULONG Flags;
//
　　// The following section describes where the driver is loaded. The count
　　// field is used to count the number of times the driver has had its
　　// registered reinitialization routine invoked.
　　//
PVOID DriverStart;
　　ULONG DriverSize;
　　PVOID DriverSection;
　　PDRIVER_EXTENSION DriverExtension;
//
　　// The driver name field is used by the error log thread
　　// determine the name of the driver that an I/O request is/was bound.
　　//
UNICODE_STRING DriverName;
//
　　// The following section is for registry support. Thise is a pointer
　　// to the path to the hardware information in the registry
　　//
PUNICODE_STRING HardwareDatabase;
//
　　// The following section contains the optional pointer to an array of
　　// alternate entry points to a driver for "fast I/O" support. Fast I/O
　　// is performed by invoking the driver routine directly with separate
　　// parameters, rather than using the standard IRP call mechanism. Note
　　// that these functions may only be used for synchronous I/O, and when
　　// the file is cached.
　　//
PFAST_IO_DISPATCH FastIoDispatch;
//
　　// The following section describes the entry points to this particular
　　// driver. Note that the major function dispatch table must be the last
　　// field in the object so that it remains extensible.
　　//
PDRIVER_INITIALIZE DriverInit;
　　PDRIVER_STARTIO DriverStartIo;
　　PDRIVER_UNLOAD DriverUnload;
　　PDRIVER_DISPATCH MajorFunction[IRP_MJ_MAXIMUM_FUNCTION + 1];
} DRIVER_OBJECT;
　　typedef struct _DRIVER_OBJECT *PDRIVER_OBJECT; // ntndis

      其中DeviceObject域指向由此驱动创建的设备对象：FastIoDispath域指向快速I/O 入口。DriverInit指向驱动入口点地址（DriverEntry）:DriverUnload 指向驱动卸载程序：MajorFunction 是一张函数分发表，数组的所引致与IRP_MJ_Xxx相对应。

     自己重新对上面的结构体认识了下，省略了部分，主要了解下面的：

typedef struct _DRIVER_OBJECT{
       //结构的类型和大小
       CSHORT  Type;
       CSHORT  Size;
       //设备对象，这里实际上是一个设备对象的链表的开始。因为 DeviceObject 中有相关链表信息。
       PDEVICE_OBJECT  DeviceObject;
       •••
       //这个内核模块在内核空间中的开始地址和大小
       PVOID  DriverStart;
       ULONG  DriverSize;
       •••
       //驱动的名字
       UNICODE_STRING  DriverName;
       •••
       //快速IO分发函数
       PFAST_IO_DISPATCH  FastIoDispatch;
       •••
       //驱动的卸载函数
       PDRIVER_UNLOAD.DriverUnload;
       //普通分发函数
       PDRIVER_DISPATCH  MajorFunction[IRP_MJ_MAXIMUM_FUNCTION + 1];
}DRIVER_OBJECT;

     这样看起来是不是 少了很多呢， 上面做了注释的是 主要需要了解的。

-------------------------------------------------------------------------------------------------------

       B)设备驱动程序（DEVICE_OBJECT）

        系统使用设备对象来描述一个设备对象，数据结构如下：

typedef struct _DEVICE_OBJECT {
  CSHORT                      Type;
  USHORT                      Size;
  LONG                        ReferenceCount;
  struct _DRIVER_OBJECT  *DriverObject;
  struct _DEVICE_OBJECT  *NextDevice;
  struct _DEVICE_OBJECT  *AttachedDevice;
  struct _IRP  *CurrentIrp;
  PIO_TIMER                   Timer;
  ULONG                       Flags;
  ULONG                       Characteristics;
  __volatile PVPB             Vpb;
  PVOID                       DeviceExtension;
  DEVICE_TYPE                 DeviceType;
  CCHAR                       StackSize;
  union {
    LIST_ENTRY         ListEntry;
    WAIT_CONTEXT_BLOCK Wcb;
  } Queue;
  ULONG                       AlignmentRequirement;
  KDEVICE_QUEUE