How the system Finds and Loads Drivers
1. PnP device
It has an electronic signature that bus driver can detect the new hardware
2. Legacy device
Initiate the detection by invoking Add New Hardware Wizard.
In the end, in both PnP and Legacy Device situation, system uses the same automatic registry and INF file process to load the right driver.
Function driver:
It understands the details about how to make the HW work.
It's responsible for initiating IO operations, for handling interrupts, and for provding a way for end user to exersise control over the device.
Bus driver:
It's responsible for managing the connection between the HW and the computer.
Filter Driver:
to Modify the behavior of an existing function driver in some way.Upper filter driver sees IRPs before function driver. Lower filter can modify the stream of bus operations that the function driver is trying to perform.
PDO stands for physical device object. The bus driver uses it to represent the conncetion between the device and the bus.
FDO stands for function devive object. The function driver uses it to manage the functionality of the device.
Installing a PnP Device:
1.Bus driver detects the insertion or removal of hardware.
2.Bus driver calls IoInvalidateDeviceRelations to notify PnP manager that the bus's population of child devices has changed.
3.PnP manager sends IRP_MN_QUERY_DEVICE_RELATIONS to bus driver, to obtain an updated list of the PDOs for the child devices.
4.PnP manager sends IRP_MN_QUERY_ID to bus driver, to obtain Device ID
5.PnP manager locates INF install section and initialize driver. Memory Manager then calls DriverEntry routine.
6.PnP manager calls AddDevice, to inform driver that a new instance of the device hs been discovered
7.PnP manager sends IRP_MN_QUERY_RESOURCE_REQUIREMENTS to bus driver, to ask bus driver report resource requirements.
8.PnP manager configuire the hardware with as set of resource arbitrators to assign resources to the device.
8.PnP manager sends IRP_MN_START_DEVICE to your driver(the driver stack). Function driver handles thei IRP by configuring and connecting various kernel resources.
Order of AddDevice Calls (Driver Loading):
5. Class upper filters
4. Device upper filters
3. function driver
2. Class lower filters
1. Device lower filters
IRP Routing:
System sends an IRP to the topmost filter dirver in the stack, that driver can decide to process the IRP, to pass the IRP down to the next level, or to do both. Each driver that sees the IRP makes the same decision.
9/23/2010
MDL
http://www.osronline.com/article.cfm?id=423
An MDL is a structure that describes the fixed physical memory locations that comprise a contiguous data buffer in virtual memory.
Each MDL can only describe a single virtually contiguous data buffer.
The data buffer that the MDL describes can be in either a kernel virtual address space, user virtual address space, or both.
The MDL describes the data buffer at a fixed position in physical memory. In other words, the data buffer an MDL describes will always be paged in (resident), and its pages will be locked-down ("pinned"). This means the data buffer can neither be paged out nor moved. These pages will remain locked for the lifetime of the MDL.
The data buffer that the MDL describes does not need to be page aligned, nor does it need to be an integral number of pages in length.
//
// An MDL describes pages in a virtual buffer in terms
// of physical pages. The pages associated with the
// buffer are described in an array that is allocated
// just after the MDL header structure itself.
//
// One simply calculates the base of the array by
// adding one to the base MDL pointer:
//
// Pages = (PPFN_NUMBER) (Mdl + 1);
//
// Notice that while in the context of the subject
// thread, the base virtual address of a buffer mapped
// by an MDL may be referenced using the following:
//
// Mdl->StartVa | Mdl->ByteOffset
//
typedef struct _MDL {
struct _MDL *Next;
CSHORT Size;
CSHORT MdlFlags;
struct _EPROCESS *Process;
PVOID MappedSystemVa;
PVOID StartVa;
ULONG ByteCount;
ULONG ByteOffset;
} MDL, *PMDL;
From the comment you know the MDL is actually a variable length structure with an array that contains the underlying physical pages of the address range at the tail. Also you know that StartVa is the page aligned virtual address of the start of the range and ByteOffset is the starting offset into the first page.
Building and using MDLs.
Step1: Allocating the Structure -- use the IoAllocateMdl DDI
Step2:Probing and Locking --- MmProbeAndLockPages DDI
Step3: Mapping
your driver wants a new virtual address for accessing the underlying pages ---MmMapLockedPagesSpecifyCache
you want a kernel virtual address for this MDL---MmGetSystemAddressForMdlSafe macro
An MDL is a structure that describes the fixed physical memory locations that comprise a contiguous data buffer in virtual memory.
Each MDL can only describe a single virtually contiguous data buffer.
The data buffer that the MDL describes can be in either a kernel virtual address space, user virtual address space, or both.
The MDL describes the data buffer at a fixed position in physical memory. In other words, the data buffer an MDL describes will always be paged in (resident), and its pages will be locked-down ("pinned"). This means the data buffer can neither be paged out nor moved. These pages will remain locked for the lifetime of the MDL.
The data buffer that the MDL describes does not need to be page aligned, nor does it need to be an integral number of pages in length.
//
// An MDL describes pages in a virtual buffer in terms
// of physical pages. The pages associated with the
// buffer are described in an array that is allocated
// just after the MDL header structure itself.
//
// One simply calculates the base of the array by
// adding one to the base MDL pointer:
//
// Pages = (PPFN_NUMBER) (Mdl + 1);
//
// Notice that while in the context of the subject
// thread, the base virtual address of a buffer mapped
// by an MDL may be referenced using the following:
//
// Mdl->StartVa | Mdl->ByteOffset
//
typedef struct _MDL {
struct _MDL *Next;
CSHORT Size;
CSHORT MdlFlags;
struct _EPROCESS *Process;
PVOID MappedSystemVa;
PVOID StartVa;
ULONG ByteCount;
ULONG ByteOffset;
} MDL, *PMDL;
From the comment you know the MDL is actually a variable length structure with an array that contains the underlying physical pages of the address range at the tail. Also you know that StartVa is the page aligned virtual address of the start of the range and ByteOffset is the starting offset into the first page.
Building and using MDLs.
Step1: Allocating the Structure -- use the IoAllocateMdl DDI
Step2:Probing and Locking --- MmProbeAndLockPages DDI
Step3: Mapping
your driver wants a new virtual address for accessing the underlying pages ---MmMapLockedPagesSpecifyCache
you want a kernel virtual address for this MDL---MmGetSystemAddressForMdlSafe macro
Win7: Memory Dump
A kernel dump gets created every time a machine has a kernel fault. This dump gets stored in the %systemroot% folder as a memory.dmp file.
(Control Panel > System and Security > System > Advanced system settings > Advanced tab > Startup and Recovery Settings.)
(Control Panel > System and Security > System > Advanced system settings > Advanced tab > Startup and Recovery Settings.)
- No Full Memory Dumps option?
The I/O Manager originally limited the size of a complete memory dump to 2GB, now the fact is Windows support crash dumps larger than 2GB. To workaround this, set \HKLM\System\CCS\Control\CrashControl\CrashDumpEnabled DWORD value to 1 - No memory.dmp generated after crash?
Algorithm to decide whether to store/delete memory.dmp file generated after a system crash:
First report the kernel fault to the Online Crash Analysis Service.
Then, if machine has a registry setting AlwaysKeepMemoryDump set to 1, store the dump file on disk.
Else, if machine is a Windows Server SKU, store the dump file on disk.
Else, if the machine is joined to a domain (i.e. this is a corporate machine), store the dump file on disk.
Else, if machine is not on a domain (i.e. this is a home user’s machine),
If free disk space is >= 25GB, store the dump file on disk.
Else (free disk space is < 25 GB), delete the dump file.
The exact location of the AlwaysKeepMemoryDump setting in the registry is:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl ! AlwaysKeepMemoryDump Type: REG_DWORD.
Subscribe to:
Posts (Atom)