Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Using IoGetDriverObjectExtension with miniport driverObject and port driver EP as Identification?

Richard_MRichard_M Member Posts: 22

I am reviewing some driver code, and in it, it's using IoGetDriverObjectExtension( miniport_driverObj , portDriver_entrypoint), and the entry point of driver is the real entrypoint and not the GS, so my question is what's the point of doing this? does this return the driver Extension of miniport or..? and does it have to be the real entrypoint of the port driver ? what will happen if i use the entrypoint of the miniport driver or the gsEntrypoint of port driver?

Comments

  • Doron_HolanDoron_Holan Member - All Emails Posts: 10,536

    The second parameter is just an identifier/cookie. A function pointer value is globally unique in kernel address space so it is a simple, easy ID to use. It doesn't matter if it is the real EP or the thunked one, just that it is unique enough to identify which driver object extension you want to retrieve

    d
  • Richard_MRichard_M Member Posts: 22

    @Doron_Holan said:
    The second parameter is just an identifier/cookie. A function pointer value is globally unique in kernel address space so it is a simple, easy ID to use. It doesn't matter if it is the real EP or the thunked one, just that it is unique enough to identify which driver object extension you want to retrieve

    Thanks for answer, so is the identifier for getting the driver Extension of the miniport always the real entry point of its port driver?

  • Doron_HolanDoron_Holan Member - All Emails Posts: 10,536
    If the driver extension is only retrieved by the mini port it doesn’t matter which function pointer value you use.
    d
  • Richard_MRichard_M Member Posts: 22

    @Doron_Holan said:
    If the driver extension is only retrieved by the mini port it doesn’t matter which function pointer value you use.

    I know, but I want to know what kernel itself uses for the ID, does it always use the real driver entry of port driver for the ID all the time?

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,695
    edited November 6

    The kernel doesn't give a whack-doodle about your driver context. It's never going to fetch it on its own. You allocate space with IoAllocateDriverObjectExtension using whatever ID you want, and you fetch it later with IoGetDriverObjectExtension using that same ID. It is an exchange that is totally private to the driver.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Doron_HolanDoron_Holan Member - All Emails Posts: 10,536

    What bigger problem/bug are you trying to solve? The kernel does nothing with nor knows nothing about this address/function pointer value. The code that passes the pointer value is entirely in your driver, as such the resolution of that address is entirely in your driver. The address of DriverEntry != GsDriverEntry (GsDriverEntry is typically not even a known function in your source as it is added through a library w/out a header declaring it).

    d
  • Richard_MRichard_M Member Posts: 22

    @Doron_Holan said:
    What bigger problem/bug are you trying to solve? The kernel does nothing with nor knows nothing about this address/function pointer value. The code that passes the pointer value is entirely in your driver, as such the resolution of that address is entirely in your driver. The address of DriverEntry != GsDriverEntry (GsDriverEntry is typically not even a known function in your source as it is added through a library w/out a header declaring it).

    There is no bigger problem/bug, i just want to understand this : if i get the driver object of the miniport of the disk stack, then get its real entry point (not the one in the driver object), then pass them to IoGetDriverObjectExtension, will it always return a non NULL value?

    because i am reading a source code, which assumes it always does, and want to understand if its true or not?

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,695

    There's certainly no guarantee. Most miniports are derived from a sample, so if the sample did it, then most miniports will do it, but it's an implementation detail.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Internals & Software Drivers 25 Jan 2021 LIVE ONLINE
Developing Minifilters 8 March 2021 LIVE ONLINE