Due to a long and ignoble history, many kernel structures are referred to
as “partially opaque”, that is, there are fields you are allowed to use,
and fields which only the I/O system is allowed to use. In C++, these
would have been public and protected/private, but in C, the way this is
done is by not documenting the fields you are not supposed to use. So if
you search for “DriverStart” in the docs and don’t find it, then it
doesn’t matter to you in the slightest what its purpose is. If it is
documented, the docs will tell you.
It’s a crappy way to have public/protected, even in C, but think of it as
a structure that had things thrown at it over its history, without any
thought as to what should really be documented and what is properly
hidden. The scary thing is when you find a union, and some of the
components of the union are user-visible, and some, which overlay those
components, are not.
joe
Hello all, Im noob in kernel mode programming , so I would like to know
what is the structure pointed by the DriverStart field of DRIVER_OBJECT
struct
typedef struct _DRIVER_OBJECT
{
SHORT Type;
SHORT Size;
PDEVICE_OBJECT DeviceObject;
ULONG Flags;
PVOID DriverStart; <<<<<<<<<<<<<<<<<
ULONG DriverSize;
PVOID DriverSection;
PDRIVER_EXTENSION DriverExtension;
UNICODE_STRING DriverName;
PUNICODE_STRING HardwareDatabase;
PFAST_IO_DISPATCH FastIoDispatch;
LONG * DriverInit;
PVOID DriverStartIo;
PVOID DriverUnload;
LONG * MajorFunction[28];
} DRIVER_OBJECT, *PDRIVER_OBJECT;
I understand its a pointer to a struct but whats the structure…
thanks in advance
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer