DRIVER OBJECT
DRIVER_OBJECT structure
| Section | Description |
|---|---|
| Type | |
| Size | |
| DeviceObject PDEVICE_OBJECT |
Pointer to the device objects created by the driver. This member is automatically updated when the driver calls IoCreateDevice successfully. A driver can use this member and the NextDevice member of DEVICE_OBJECT to step through a list of all the device objects that the driver created. |
| Flags | |
| DriverStart | Reveals where the driver is loaded in memory |
| DriverSize | Size of the driver in memory |
| DriverSection | |
| DriverExtension PDRIVER_EXTENSION |
Pointer to the driver extension. The only accessible member of the driver extension is DriverExtension->AddDevice, into which a driver's DriverEntry routine stores the driver's AddDevice routine. |
| DriverName | Example: _UNICODE_STRING "\Driver\Process Helper" |
| HardwareDatabase PUNICODE_STRING |
Pointer to the \Registry\Machine\Hardware path to the hardware configuration information in the registry. |
| FastIoDispatch PFAST_IO_DISPATCH |
Pointer to a structure defining the driver's fast I/O entry points. This member is used only by FSDs and network transport drivers. |
| DriverInit PDRIVER_INITIALIZE |
Pointer to the initialization function (automatically called when driver is loaded). The entry point for the DriverEntry routine is set up by the I/O manager. |
| DriverStartIo PDRIVER_STARTIO |
The entry point for the driver's StartIo routine, if any, which is set by the DriverEntry routine when the driver initializes. If a driver has no StartIo routine, this member is NULL. |
| DriverUnload PDRIVER_UNLOAD |
The entry point for the driver's Unload routine, if any, which is set by the DriverEntry routine when the driver initializes. If a driver has no Unload routine, this member is NULL. |
| MajorFunction[IRP_MJ_MAXIMUM_FUNCTION+1] PDRIVER_DISPATCH |
A dispatch table consisting of an array of entry points for the driver's DispatchXxx routines. The array's index values are the IRP_MJ_XXX values representing each IRP major function code. Each driver must set entry points in this array for the IRP_MJ_XXX requests that the driver handles. For more information, see Writing Dispatch Routines. To help Code Analysis for Drivers, Static Driver Verifier (SDV), and other verification tools, each DispatchXxx routine is declared using the DRIVER_DISPATCH type. The DRIVER_DISPATCH function type is defined in the Wdm.h header file. To more accurately identify errors when you run the code analysis tools, be sure to add the _Use_decl_annotations_ annotation to your function definition. The _Use_decl_annotations_ annotation ensures that the annotations that are applied to the DRIVER_DISPATCH function type in the header file are used. |
IRP Major Function offsets
IRP_MJ_CREATE 0x00 IRP_MJ_CREATE_NAMED_PIPE 0x01 IRP_MJ_CLOSE 0x02 IRP_MJ_READ 0x03 IRP_MJ_WRITE 0x04 IRP_MJ_QUERY_INFORMATION 0x05 IRP_MJ_SET_INFORMATION 0x06 IRP_MJ_QUERY_EA 0x07 IRP_MJ_SET_EA 0x08 IRP_MJ_FLUSH_BUFFERS 0x09 IRP_MJ_QUERY_VOLUME_INFORMATION 0x0a IRP_MJ_SET_VOLUME_INFORMATION 0x0b IRP_MJ_DIRECTORY_CONTROL 0x0c IRP_MJ_FILE_SYSTEM_CONTROL 0x0d IRP_MJ_DEVICE_CONTROL 0x0e IRP_MJ_INTERNAL_DEVICE_CONTROL 0x0f IRP_MJ_SHUTDOWN 0x10 IRP_MJ_LOCK_CONTROL 0x11 IRP_MJ_CLEANUP 0x12 IRP_MJ_CREATE_MAILSLOT 0x13 IRP_MJ_QUERY_SECURITY 0x14 IRP_MJ_SET_SECURITY 0x15 IRP_MJ_POWER 0x16 IRP_MJ_SYSTEM_CONTROL 0x17 IRP_MJ_DEVICE_CHANGE 0x18 IRP_MJ_QUERY_QUOTA 0x19 IRP_MJ_SET_QUOTA 0x1a IRP_MJ_PNP 0x1b IRP_MJ_PNP_POWER IRP_MJ_PNP IRP_MJ_MAXIMUM_FUNCTION 0x1b