Mapping between PdriverObject and RegistryPath

OSR_Community_User · November 22, 2010, 9:40am

Whenever a driver is intialized DriverEntry routine starts with two parameters pDriverObject and RegistryPath.
How does it map between the two?Because ZwLoadDriver routine only takes RegistryPath to load the driver.Is there any way by which we can retrieve the pDriverObject given only RegistryPath as I found one routine IoOpenDeviceRegistryKey which maps DeviceObject to its registry key.Is the reverse possible? i.e given registry path we can retrieve the DriverObject or DeviceObject.
How is Driver stack different from device stack?There are many routines to manipulate device stack.

Don_Burn_1 · November 22, 2010, 9:48am

ZwLoadDriver as part of its effort creates the DriverObject, there is no
way to retrieve it from a registry path. There is no driver stack,
there are only loaded drivers, the devices the create are stacked.

Don Burn (MVP, Windows DKD)
Windows Filesystem and Driver Consulting
Website: http://www.windrvr.com
Blog: http://msmvps.com/blogs/WinDrvr

“xxxxx@hotmail.com” wrote
in message news:xxxxx@ntdev:

> Whenever a driver is intialized DriverEntry routine starts with two parameters pDriverObject and RegistryPath.
> How does it map between the two?Because ZwLoadDriver routine only takes RegistryPath to load the driver.Is there any way by which we can retrieve the pDriverObject given only RegistryPath as I found one routine IoOpenDeviceRegistryKey which maps DeviceObject to its registry key.Is the reverse possible? i.e given registry path we can retrieve the DriverObject or DeviceObject.
> How is Driver stack different from device stack?There are many routines to manipulate device stack.

Tim_Roberts · November 22, 2010, 1:25pm

xxxxx@hotmail.com wrote:

Whenever a driver is intialized DriverEntry routine starts with two parameters pDriverObject and RegistryPath.
How does it map between the two?Because ZwLoadDriver routine only takes RegistryPath to load the driver.Is there any way by which we can retrieve the pDriverObject given only RegistryPath…

Not easily. Why would you want to? What would you do with the driver
object if you had it?

as I found one routine IoOpenDeviceRegistryKey which maps DeviceObject to its registry key.Is the reverse possible? i.e given registry path we can retrieve the DriverObject or DeviceObject.
How is Driver stack different from device stack? There are many routines to manipulate device stack.

Several devices can use the same driver, even if they are different
types of devices. In that case, the driver will only be loaded once, so
there will be one driver object, handling multiple device objects.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.