Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

Enumerating devices from KM

AvalonAvalon Member Posts: 36
in NTDEV

Hello. From a kernelmode driver, how can one enumerate all devices under the "\device" namespace like in windbg issuing the !object command? I checked in the registry for such devicenames, whilst I found some, I did not find all as !object shows.

`6: kd> !object \device
Object: ffffbb81fc00c2e0 Type: (ffff9b8f73c8e380) Directory
ObjectHeader: ffffbb81fc00c2b0 (new version)
HandleCount: 2 PointerCount: 65881
Directory Object: ffffbb81fc0071b0 Name: Device

Hash Address          Type                      Name
---- -------          ----                      ----
 00  ffff9b8f7e3e1680 Device                    0000007e
     ffff9b8f79857d40 Device                    0000006a
     ffff9b8f7898d550 Device                    GPIO_1
     ffff9b8f78911050 Device                    NDMP2
     ffff9b8f75c22df0 Device                    00000044
     ffff9b8f75c19380 Device                    NTPNP_PCI0002
     ffff9b8f75c1ee10 Device                    00000030
     ffff9b8f7898d300 Device                    UcmCx0
     ffff9b8f78917050 Device                    NDMP3
     ffff9b8f78317b00 Device                    gpuenergydrv
     ffff9b8f75dd66e0 Device                    VMCIHostDev [..]`

And lastly. Do all these devices in the tree represent the PDOs. I had a check of the !devstack for a couple and they appear to be the lowest device in the stacks.

· Share on Facebook

Comments

  • MBond2MBond2 Member Posts: 364

    I don't think drivers are meant to do this. What larger problem are you trying to solve?

    · Share on Facebook
  • Tim_RobertsTim_Roberts Member - All Emails Posts: 14,095

    The names in the \Device tree are created on the fly. There is no guaranteed association to anything in the registry. Most (all?) devices have an entry in the \Device tree, some with meaningful names, some with auto-generated names.

    The header of the Windbg output shows you some hints of how to get this list, but I can't imagine what you hope to do with it.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

    · Share on Facebook
  • Martin_DrábMartin_Dráb Member - All Emails Posts: 86

    You may use ZwOpenDirectoryObject and ZwQueryDirectoryObject functions I suppose. But they are, partly at least, undocumented. And as other said, the contents of this directory may change at any time.

    Martin Dráb

    · Share on Facebook
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Sign In Register
Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Internals & Software Drivers 15 November 2021 Live, Online
Writing WDF Drivers TBD Live, Online
Developing Minifilters 7 February 2022 Live, Online
Kernel Debugging 21 March 2022 Live, Online

Categories