Enumerating devices from KM

Hello. From a kernelmode driver, how can one enumerate all devices under the “\device” namespace like in windbg issuing the !object command? I checked in the registry for such devicenames, whilst I found some, I did not find all as !object shows.

`6: kd> !object \device
Object: ffffbb81fc00c2e0 Type: (ffff9b8f73c8e380) Directory
ObjectHeader: ffffbb81fc00c2b0 (new version)
HandleCount: 2 PointerCount: 65881
Directory Object: ffffbb81fc0071b0 Name: Device

Hash Address          Type                      Name
---- -------          ----                      ----
 00  ffff9b8f7e3e1680 Device                    0000007e
     ffff9b8f79857d40 Device                    0000006a
     ffff9b8f7898d550 Device                    GPIO_1
     ffff9b8f78911050 Device                    NDMP2
     ffff9b8f75c22df0 Device                    00000044
     ffff9b8f75c19380 Device                    NTPNP_PCI0002
     ffff9b8f75c1ee10 Device                    00000030
     ffff9b8f7898d300 Device                    UcmCx0
     ffff9b8f78917050 Device                    NDMP3
     ffff9b8f78317b00 Device                    gpuenergydrv
     ffff9b8f75dd66e0 Device                    VMCIHostDev [..]`

And lastly. Do all these devices in the tree represent the PDOs. I had a check of the !devstack for a couple and they appear to be the lowest device in the stacks.

I don’t think drivers are meant to do this. What larger problem are you trying to solve?

The names in the \Device tree are created on the fly. There is no guaranteed association to anything in the registry. Most (all?) devices have an entry in the \Device tree, some with meaningful names, some with auto-generated names.

The header of the Windbg output shows you some hints of how to get this list, but I can’t imagine what you hope to do with it.

You may use ZwOpenDirectoryObject and ZwQueryDirectoryObject functions I suppose. But they are, partly at least, undocumented. And as other said, the contents of this directory may change at any time.

1 Like