Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

Using IoGetDriverObjectExtension with miniport driverObject and port driver EP as Identification?

Richard_MRichard_M Member Posts: 36

I am reviewing some driver code, and in it, it's using IoGetDriverObjectExtension( miniport_driverObj , portDriver_entrypoint), and the entry point of driver is the real entrypoint and not the GS, so my question is what's the point of doing this? does this return the driver Extension of miniport or..? and does it have to be the real entrypoint of the port driver ? what will happen if i use the entrypoint of the miniport driver or the gsEntrypoint of port driver?

Comments

  • Doron_HolanDoron_Holan Member - All Emails Posts: 10,600

    The second parameter is just an identifier/cookie. A function pointer value is globally unique in kernel address space so it is a simple, easy ID to use. It doesn't matter if it is the real EP or the thunked one, just that it is unique enough to identify which driver object extension you want to retrieve

    d
  • Richard_MRichard_M Member Posts: 36

    @Doron_Holan said:
    The second parameter is just an identifier/cookie. A function pointer value is globally unique in kernel address space so it is a simple, easy ID to use. It doesn't matter if it is the real EP or the thunked one, just that it is unique enough to identify which driver object extension you want to retrieve

    Thanks for answer, so is the identifier for getting the driver Extension of the miniport always the real entry point of its port driver?

  • Doron_HolanDoron_Holan Member - All Emails Posts: 10,600
    If the driver extension is only retrieved by the mini port it doesn’t matter which function pointer value you use.
    d
  • Richard_MRichard_M Member Posts: 36

    @Doron_Holan said:
    If the driver extension is only retrieved by the mini port it doesn’t matter which function pointer value you use.

    I know, but I want to know what kernel itself uses for the ID, does it always use the real driver entry of port driver for the ID all the time?

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,972
    edited November 2020

    The kernel doesn't give a whack-doodle about your driver context. It's never going to fetch it on its own. You allocate space with IoAllocateDriverObjectExtension using whatever ID you want, and you fetch it later with IoGetDriverObjectExtension using that same ID. It is an exchange that is totally private to the driver.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Doron_HolanDoron_Holan Member - All Emails Posts: 10,600

    What bigger problem/bug are you trying to solve? The kernel does nothing with nor knows nothing about this address/function pointer value. The code that passes the pointer value is entirely in your driver, as such the resolution of that address is entirely in your driver. The address of DriverEntry != GsDriverEntry (GsDriverEntry is typically not even a known function in your source as it is added through a library w/out a header declaring it).

    d
  • Richard_MRichard_M Member Posts: 36

    @Doron_Holan said:
    What bigger problem/bug are you trying to solve? The kernel does nothing with nor knows nothing about this address/function pointer value. The code that passes the pointer value is entirely in your driver, as such the resolution of that address is entirely in your driver. The address of DriverEntry != GsDriverEntry (GsDriverEntry is typically not even a known function in your source as it is added through a library w/out a header declaring it).

    There is no bigger problem/bug, i just want to understand this : if i get the driver object of the miniport of the disk stack, then get its real entry point (not the one in the driver object), then pass them to IoGetDriverObjectExtension, will it always return a non NULL value?

    because i am reading a source code, which assumes it always does, and want to understand if its true or not?

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,972

    There's certainly no guarantee. Most miniports are derived from a sample, so if the sample did it, then most miniports will do it, but it's an implementation detail.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Developing Minifilters 24 May 2021 Live, Online
Writing WDF Drivers 14 June 2021 Live, Online
Internals & Software Drivers 27 September 2021 Live, Online
Kernel Debugging 15 November 2021 Live, Online