Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Windows Driver Model
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===Object-oriented driver stack=== Function drivers and bus drivers are often implemented as driver/minidriver pairs, which in practice is either a class or miniclass, or a port or miniport pair.<ref name="Blunden">{{Cite book|title=The Rootkit Arsenal: Escape and Evasion| author= Bill Blunden |publisher=Jones & Bartlett Publishers |year=2009|isbn=9781449661229|pages=460}}</ref> Bus drivers for devices attached to a bus are implemented as class drivers and are hardware-agnostic. They will support the operations of a certain type of device. Windows operating systems include a number of class drivers, such as the kbdclass.sys driver for keyboards. Miniclass drivers on the other hand are supplied by the vendor of a device, and only support device specific operations, for a particular device of a given class.<ref name="Blunden" /> Port drivers support general [[input/output]] (I/O) operations for a peripheral hardware interface. The core functionality of port drivers is mandated by the operating system, and Windows operating systems integrate a variety of port drivers. For example, the i8042prt.sys port driver for the 8042 microcontroller connects [[PS/2]] keyboards to the mainboard peripheral bus. The miniport drivers, like the miniclass drivers, are supplied by the hardware vendors and support only device specific operations of peripheral hardware that is connected to a port on the mainboard.<ref>{{Cite book|title=The Rootkit Arsenal: Escape and Evasion| author= Bill Blunden |publisher=Jones & Bartlett Publishers |year=2009|isbn=9781449661229|pages=460}}</ref><ref>{{cite web |url=http://www.microsoft.com/whdc/driver/wdf/wdf-intro.mspx |title=Introduction to the Windows Driver Foundation |date=2006-10-13 |access-date=2010-12-06 |publisher=[[Microsoft Developer Network]] |quote=The device class-specific driver models are typically structured as a port driver written by Microsoft paired with a miniport driver written by an independent hardware vendor. The port driver does much of the work required for the device class, and the miniport driver supports device-specific characteristics.}}</ref> Each driver that processes an I/O request for a device has a corresponding object, which is loaded into [[main memory]]. A device object is created by the Windows operating system from the associated device class. Device objects contain structures of type DEVICE_OBJECT, which store pointers to their driver. At run time these pointers are used to locate a driver's dispatch routine and member functions. In the WDM driver stack, the filter driver device object, known as the upper filter, will receive an [[I/O request packet]] (IRP) for a device from the I/O manager. If the upper filter driver can not serve the request, it will locate the object of the driver one step down in the driver stack. The IRP is passed down the driver stack by calling the function IoCallDriver(), and processed by the function driver device object, also known as functional device object. The function driver device object in turn may pass the IRP to the lower filter, another filter device object. Then the IRP may be passed down to the bus driver, which operates as the physical device object. The bus driver object is at the bottom of the driver stack, and interacts with the [[hardware abstraction layer]], which is part of the [[Architecture of Windows NT|Windows operating system kernel]] and allows Windows operating systems to run on a variety of [[Processor (computing)|processors]], different [[memory management unit]] architectures, and a variety of computer systems with different I/O bus architectures.<ref>{{Cite book|title=The Rootkit Arsenal: Escape and Evasion| author= Bill Blunden |publisher=Jones & Bartlett Publishers |year=2009|isbn=9781449661229|pages=460β461}}</ref> The execution of an IRP is finished when any of the driver objects in the stack returns the request back to the I/O manager, with the result and a status flag.<ref name="Penkler">{{Cite book|title=Service Availability: Third International Service Availability Symposium, ISAS 2006, Helsinki, Finland, May 15-16, 2006, Revised Selected Papers|editor1= Dave Penkler |editor2=Manfred Reitenspiess |editor3=Francis Tam |publisher=Springer Science & Business Media |year=2006|isbn=9783540687245|pages=124}}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)