Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


WDM device object extension pointer

Alex_FunkyAlex_Funky Member - All Emails Posts: 186

Hello!
IoCreateDevice(..., ULONG DeviceExtensionSize,...) - implicitly allocates memory for DeviceExtensionSize-size extensions in DeviceObject->DeviceExtension .
Can I allocate and delete the memory for this pointer myself? I want to create a class object which represents my device...

Comments

  • Phil_BarilaPhil_Barila Member - All Emails Posts: 151
    via Email
    > I want to create a class object which represents my device...

    Use "in-place new" if you are using C++, or cast the returned pointer to the desired type if you are using C.

    Phil B
    Not speaking for LogRhythm
  • ThatsBerkanThatsBerkan Member Posts: 44
    edited February 14

    Device Extensions are created using a lookaside list as far as I know.
    You cannot delete the DeviceExtension that was implicitly allocated for you. There is no exported functions to delete the DeviceExtension as well.

    Either calculate the size of your class object and pass it to IoCreateDevice, or store the original Device->DeviceExtension pointer somewhere and allocate NonPagedPoolNx memory for your class object, setting it to the Device->DeviceExtension. When the driver is unloading, or the device is being deleted, release the memory you've allocated for your class object and set the original Device->DeviceExtension pointer back to what it was.

    I don't understand the point of this thought.. Oh well, I've just seen your post history lol

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,818

    Phil has the right answer. This is a very common idiom, going clear back to the streaming capture driver samples in 1999. Device Manager allocates the memory for you. You run "placement new" to run your constructor on that memory. When the device unloads, the memory is freed. Your destructor will not run.

         CDeviceExtension * devCtx = new (devobj->DeviceExtension) CDeviceExtension;
    

    Of course, the better answer is to write the driver in KMDF, which handles all of this for you.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Doron_HolanDoron_Holan Member - All Emails Posts: 10,559
    The device extension is allocated with the device object, it is not allocated from a lookaside list separate from the device object. You can change the DeviceExtension value after the IoCreateDevice, the io manager doesn’t care what the value is.
    d
  • Sergey_PisarevSergey_Pisarev Member - All Emails Posts: 267

    @Doron_Holan said:
    The device extension is allocated with the device object, it is not allocated from a lookaside list separate from the device object. You can change the DeviceExtension value after the IoCreateDevice, the io manager doesn’t care what the value is.

    Thank you so much Doron !
    That removed one confusion I had with fastfat.

    This is undocumented implementation detail though, right ?
    I haven’t found anything about that detail in msdn for iocreatedevice ?

  • Doron_HolanDoron_Holan Member - All Emails Posts: 10,559
    Technically, yes, how the DeviceExtension is allocated is an internal implementation detail. That is separate from the extension being private to the driver and the io manager ignoring the value of the pointer.
    d
  • Sergey_PisarevSergey_Pisarev Member - All Emails Posts: 267

    @Doron_Holan said:
    Technically, yes, how the DeviceExtension is allocated is an internal implementation detail. That is separate from the extension being private to the driver and the io manager ignoring the value of the pointer.

    Thank you !

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,818

    Before you go further down this path, I want to emphasize a couple of things.

    1. The device extension in the DEVICE_OBJECT is cleaned up automatically when the device is unloaded. If you do your own, you become responsible for freeing that memory.
    2. It takes the same number of lines of code to use placement new to construct your object in the device extension's memory as it does to construct the object using operator new. Actually, it takes fewer lines, because you have to provide your own "operator new".
    3. The BEST answer is to write your driver with KMDF. The framework handles all of this for you, along with thousands of other details.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Internals & Software Drivers 25 Jan 2021 LIVE ONLINE
Developing Minifilters 8 March 2021 LIVE ONLINE