IFS 学习心得(三):驱动程序中几个重要概念

  IRP
  I/O Request Packets,也就是输入/输出请求包。比如，我们要写字符串到文件中，我们是在用户模式下工作的，东西写到了硬盘中，这是怎么实现的呢？实际上，这时会打开一个文件句柄，一个IRP会发送，硬盘驱动（windows的内核提供）会处理这个IRP,如果没什么问题的话，就会执行写入动作。其他的用户程序跟硬件的交流都要通过这个IRP来完成。下面看一个简单的例子：
NTSTATUS OnStubDispatch(IN PDEVICE_OBJECT DeviceObject,

                        IN PIRP Irp )

{

      Irp->IoStatus.Status = STATUS_SUCCESS;

      IoCompleteRequest(Irp,

                        IO_NO_INCREMENT );

      return STATUS_SUCCESS;

}

VOID OnUnload( IN PDRIVER_OBJECT DriverObject )

{

      DbgPrint("OnUnload called\n");

}

NTSTATUS DriverEntry( IN PDRIVER_OBJECT theDriverObject,

                      IN PUNICODE_STRING theRegistryPath )

{

      int i;

      theDriverObject->DriverUnload  = OnUnload;

      for(i=0;i< IRP_MJ_MAXIMUM_FUNCTION; i++ )

      {

            theDriverObject->MajorFunction = OnStubDispatch;

      }

      return STATUS_SUCCESS;

}

其中不同的IRP可以提供不同的处理程序，如下：
DriverObject->MajorFunction[IRP_MJ_CREATE] = MyOpen;

DriverObject->MajorFunction[IRP_MJ_CLOSE]  = MyClose;

DriverObject->MajorFunction[IRP_MJ_READ]   = MyRead;

DriverObject->MajorFunction[IRP_MJ_WRITE]  = MyWrite;

DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL]  = MyIoControl;

文件句柄
    其实一切的硬件设备都可以抽象为文件，应用程序要使用它们，就把他们当成文件，当然它们得有自己的名字。硬件的驱动中可以定义设备名字，然后应用程序就可以使用了，比如readfile,witefile之类的。

Symbolic Link
    通过IoCreateSymbolicLink来创建，使用户程序更方便的使用。

Sorry I don't think your understanding is complete correct.

"一个IRP会发送，硬盘驱动（windows的内核提供）会处理这个IRP"
When data is written into a file on disk, all kinds of drivers such as filter driver, file system driver, device drivers are involved, not just a "硬盘驱动". For a single user mode request, there could be multiple IRPs generated, not just one passing down through whole stack. Many kernel modules such as IO Manager, Memory Manager, lazy writer, etc. are all involved in processing just one Win32 API call.

Don't know which book are you reading. I strongly suggest this one "Windows NT Device Driver Development"