*********************************************io object type ******************************************************
IopCreateObjectTypes //create sorts of object type OBJECT_TYPE_INITIALIZER
|
|
v
ObpAllocateObject
|
|
V
ObCreateObjectType //create object type by object name and OBJECT_TYPE_INITIALIZER POBJECT_TYPE
|
|
V
ObpInsertDirectoryEntry
ObpInsertDirectoryEntry()
dc ObpTypeDirectoryObject _object_directory
_OBJECT_DIRECTORY_ENTRY->Object _object_type
nt!_OBJECT_DIRECTORY
+0x000 HashBuckets : [37] Ptr32 _OBJECT_DIRECTORY_ENTRY
+0x094 Lock : _EX_PUSH_LOCK
+0x098 DeviceMap : Ptr32 _DEVICE_MAP
+0x09c SessionId : Uint4B
+0x0a0 Reserved : Uint2B
+0x0a2 SymbolicLinkUsageCount : Uint2B
kd> dt _OBJECT_DIRECTORY_ENTRY
nt!_OBJECT_DIRECTORY_ENTRY
+0x000 ChainLink : Ptr32 _OBJECT_DIRECTORY_ENTRY
+0x004 Object : Ptr32 Void -----_object_type
_OBJECT_DIRECTORY
+---------------------------+ contains 37 _OBJECT_DIRECTORY_ENTRY items
|HashBuckets[37] |--------------------+
| | |
+---------------------------+ V
_OBJECT_DIRECTORY_ENTRY
+------------------------+ point to
|ChainLink |-------------------->_OBJECT_DIRECTORY_ENTRY
| |
+------------------------+
point to |Object |
+-- ----------------------------| |
| +------------------------+
V
_object_type
+----------------------+
| | contains
|TypeInfo |----------------->_OBJECT_TYPE_INITIALIZER
+----------------------+
_object_header
+--------------+
| NameInfo |-------------------------------------->_OBJECT_HEADER_NAME_INFO
| | +------------------+
| | | _OBJECT_DIRECTORY|
+--------------+ point to | |
| type |------------------>_object_type +------------------+
| |
+--------------+ point to
|body |-----+
+--------------+ |
| |<----+
| | for object type header is _OBJECT_TYPE
+--------------+ for _driver_object
for other object
member driverextension is pointer to address is append to driver_object
_Driver_object
+------------------+
| |
+------------------+ for boot load point to _LDR_DATA_TABLE_ENTRY which contain module info
| DriverSection |----------------------------->KLDR_DATA_TABLE_ENTRY
+------------------+
| driverextension |-----+
+------------------+ |point to
| |<----+
| Driver_Extension |
+------------------+
####
PsInitialSystemProcess system process eprocess
***************************************io create object********************************************************
#####
ObpKernelHandleTable
ObCreateObject
|
|
V
ObInsertObject
|
|
V
***************************************io load driver *************************************************************
system load dirver time can be divide into 4 parts
1. boot load
2. sys load
3. auto load
4. demand load
5. disabled
1 boot load
NTSTATUS
IopInitializeBuiltinDriver(
IN PUNICODE_STRING DriverName,
IN PUNICODE_STRING RegistryPath,
IN PDRIVER_INITIALIZE DriverInitializeRoutine,
IN PKLDR_DATA_TABLE_ENTRY DriverEntry,
IN BOOLEAN IsFilter, //is filter driver or not
OUT PDRIVER_OBJECT *Result
);
####
we can get boot load driver list by traverse PsLoadedModuleList
PsLoadedModuleList
KLDR_DATA_TABLE_ENTRY
IopInitializeBootDrivers
|
|
V
IopInitializeBuiltinDriver (ioinit.c)
|
|
V
IopInitializeAttributesAndCreateObject -> ObCreateObject
|
|
V
ObInsertObject
|
|
V fill drvier section by traverse PsLoadedModuleList
|
|
V fill driver start addr and image size
|
|
V fill driver name and driverextension serverkey name and get hardware info from reg
|
|
V call InitRoutine i guess call driver_entry
|
|
V
IopReadyDeviceObjects traverse device_object and do ~DO_DEVICE_INITIALIZING
2 system load
IopInitializeSystemDrivers
|
|
V
CmGetSystemDriverList (base\ntos\config\cmsysini.c) traverse controlset*** get system load type driver list
| first grouporderlist and ServiceGroupOrder then CmpResolveDriverDependencies
| http://support.microsoft.com/kb/115486/zh-cn tell us grouporderlist is define load order
|
|
V
IopLoadDriver (base\ntos\io\iomgr\internal.c) CheckForSafeBoot = true IsFilter = false
|
|
V construct driver full path
|
|
V MmLoadSystemImage load image to system space
|
|
V
same as IopInitializeBuiltinDriver
but system load will check safemode and check driver is loaded or not
and check is legacy driver or not. these two loader type both in system process
just beacuse call these from IoInitSystem.
3 auto load scm (services.exe) to load
check call it from user mode or kernel mode, if call it from user mode,
then check have privelge or not,;and then check is in system process or not,
if in system process, directly call IopLoadUnloadDriver, otherwise put a workitem
to workitemqueue, system thread will do it.
NtLoadDriver (base\ntos\io\iomgr\loadunld.c)
|
|
V
IopLoadUnloadDriver (base\ntos\io\iomgr\internal.c) PLOAD_PACKET is parameter
|
|
V
IopLoadDriver
typedef struct _LOAD_PACKET {
WORK_QUEUE_ITEM WorkQueueItem;
KEVENT Event;
PDRIVER_OBJECT DriverObject;
PUNICODE_STRING DriverServiceName;
NTSTATUS FinalStatus;
} LOAD_PACKET, *PLOAD_PACKET;
if DriverObject is null to call IopLoadDriver, otherwise to unload driver
4 demand load
IoCreateDriver (base\ntos\io\iomgr\iosubs.c)
*****************************************driver object,device object, file object*********************************
Driver_object Device Stack
+-----------------------+ <-------------------------------------------------+ <-------------------------------------------------+
| | Device_object | |
|PDevice_object |------------------>+-----------------------+<------|-------------+ |
+-----------------------+ | | | | |
| PDriverObject |-------+ | |
+-----------------------+ | Device_object |
| NextDevice |---------------------|----------->+-----------------------+ |
+-----------------------+ | | | |
+-----| AttachedDevice | | | PDriverObject |--+
| +-----------------------+ | +-----------------------+
| | DeviceExtension | |
| +-----------------------+ |
| |
| |
| |
| |
| |
Driver_object | |
+-----------------------+ <-------------------------------------------------+ |
| | | Device_object | |
|PDevice_object |-------------+---->+-----------------------+ | |
+-----------------------+ | | | |
| PDriverObject |-------+ |
+-----------------------+ |
| AttachedDevice |-------+ |
+-----------------------+ | |
+----| DeviceExtension | | |
| +-----------------------+ V |
| |
| |
+--->+-----------------------+ |
| | |
| AttachedTo |---------------------+
+-----------------------+
file object is an instance of opened device object.
file_object
+------------------+
| | point to device_object
| DeviceObject |------------------------------------------------>+----------------+
+------------------+ | |
| | +----------------+
| Vpb |------------------+
+------------------+ |
| | V _VPB
| RelatedFileObject| +--------------------+
+------------------+ | | point to device_object
| DeviceObject |-------------------->
+--------------------+ point to device_object
| RealObject |-------------------->
+--------------------+
relation between handle ,file object and device object.
n 1 n 1
handle---------------- file object --------------device object
how to understand 3 pointer relate to device object.
Let us insight into how file object created
IoCreateFile
|
|
V
IopCreateFile (base\ntos\io\iomgr\iosubs.c)
|
|
V
ObOpenObjectByName
|
|
V
ObpLookupObjectName
|
|
V
ObpLookupDirectoryEntry
|
|
V
IopParseDevice
|
|
V
ObCreateObject
ObpRootDirectoryObject
扫一扫
8189
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
