Читаем Windows® Internals, Sixth Edition, Part 2 полностью

The Wdfkd.dll extension that ships with the Debugging Tools for Windows package provides many commands that can be used to debug and analyze KMDF drivers and devices (instead of using the built-in WDM-style debugging extension that may not offer the same kind of WDF-specific information). You can display installed KMDF drivers with the !wdfkd.wdfldr debugger command. In the following example, the output from a typical Windows computer is shown, displaying the built-in drivers that are installed.lkd> !wdfkd.wdfldr LoadedModuleList 0xfffff880010682d8 ---------------------------------- LIBRARY_MODULE fffffa8002776120 Version v1.9 build(7600) Service \Registry\Machine\System\CurrentControlSet\Services\Wdf01000 ImageName Wdf01000.sys ImageAddress 0xfffff88000c00000 ImageSize 0xa4000 Associated Clients: 16 ImageName Version WdfGlobals FxGlobals ImageAddress ImageSize peauth.sys v1.7(6001) 0xfffffa8004754210 0xfffffa80047540c0 0xfffff880074cc000 0x000a6000 scfilter.sys v1.5(6000) 0xfffffa8002ef34e0 0xfffffa8002ef3390 0xfffff880040b3000 0x0000e000 WinUSB.sys v1.9(7600) 0xfffffa8002eefd20 0xfffffa8002eefbd0 0xfffff88004000000 0x00011000 monitor.sys v1.9(7600) 0xfffffa8004854a10 0xfffffa80048548c0 0xfffff8800412a000 0x0000e000 vmswitch.sys v1.5(6000) 0xfffffa8002de5d60 0xfffffa8002de5c10 0xfffff88003e9b000 0x00068000 vmbus.sys v1.5(6000) 0xfffffa8002d7fcf0 0xfffffa8002d7fba0 0xfffff88003e5f000 0x0003c000 Vid.sys v1.5(6000) 0xfffffa8002ddacf0 0xfffffa8002ddaba0 0xfffff88002a00000 0x00033000 umbus.sys v1.9(7600) 0xfffffa8002e57e70 0xfffffa8002e57d20 0xfffff880035db000 0x00012000 storvsp.sys v1.5(6000) 0xfffffa8002e48b10 0xfffffa8002e489c0 0xfffff88003575000 0x00023000 CompositeBus.sys v1.9(7600) 0xfffffa8002d79160 0xfffffa8002d79010 0xfffff88002936000 0x00010000 HDAudBus.sys v1.7(6001) 0xfffffa8002e357f0 0xfffffa8002e356a0 0xfffff880037a9000 0x00024000 intelppm.sys v1.9(7600) 0xfffffa8002c518f0 0xfffffa8002c517a0 0xfffff880027e7000 0x00016000 cdrom.sys v1.9(7600) 0xfffffa80028bf8f0 0xfffffa80028bf7a0 0xfffff880011c4000 0x0002a000 vmstorfl.sys v1.5(6000) 0xfffffa8002b2cdd0 0xfffffa8002b2cc80 0xfffff8800144a000 0x00010000 vdrvroot.sys v1.9(7600) 0xfffffa80027887c0 0xfffffa8002788670 0xfffff8800139c000 0x0000d000 msisadrv.sys v1.9(7600) 0xfffffa80029c5430 0xfffffa80029c52e0 0xfffff8800135f000 0x0000a000 ---------------------------------- Total: 1 library loaded

KMDF Data Model

The KMDF data model is object-based, much like the model for the kernel, but it does not make use of the object manager. Instead, KMDF manages its own objects internally, exposing them as handles to drivers and keeping the actual data structures opaque. For each object type, the framework provides routines to perform operations on the object, such as WdfDeviceCreate, which creates a device. Additionally, objects can have specific data fields or members that can be accessed by Get/Set (used for modifications that should never fail) or Assign/Retrieve APIs (used for modifications that can fail). For example, the WdfInterruptGetInfo function returns information on a given interrupt object (WDFINTERRUPT).

Also unlike the implementation of kernel objects, which all refer to distinct and isolated object types, KMDF objects are all part of a hierarchy—most object types are bound to a parent. The root object is the WDFDRIVER structure, which describes the actual driver. The structure and meaning is analogous to the DRIVER_OBJECT structure provided by the I/O manager, and all other KMDF structures are children of it. The next most important object is WDFDEVICE, which refers to a given instance of a detected device on the system, which must have been created with WdfDeviceCreate. Again, this is analogous to the DEVICE_OBJECT structure that’s used in the WDM model and by the I/O manager. Table 8-5 lists the object types supported by KMDF.

Table 8-5. KMDF Object Types

Object

Type

Description

Child List

WDFCHILDLIST

List of child WDFDEVICE objects associated with the device. Only used by bus drivers.

Collection

WDFCOLLECTION

List of objects of a similar type, such as a group of WDFDEVICE objects being filtered.

Deferred Procedure Call

WDFDPC

Instance of a DPC object (see Chapter 3 in Part 1 for more information on DPCs).

Device

WDFDEVICE

Instance of a device.

DMA Common Buffer

WDFCOMMONBUFFER

Region of memory that a device and driver can access for direct memory access (DMA).