Friday 28 June 2013

Handling IRPs - Driver Stacks

This is going to be quite a brief blog post, I was reading up about some information about Stop 0x9F bugchecks, and noticed a few interesting calls highlighted by a another BSOD debugger, so I went and did some research, and therefore would like to
explain a little about Driver Stacks and the Device Tree.

I'm assuming you know about IRPs and the I/O Manager used by the Windows Kernel.

Okay, when a device driver is requested to perform some kind of operation, then it is usually sent by a IRP, the device in which the device driver belongs to is represented by something called a Device Node. This Device Node is a structure used to represent a device connected to the system. The Device Node is stored within another structure called the Device Tree, whereby all the Device Nodes for all the devices connected to the system are stored.

Each Device Node also has it's own Device Stack, the Device Stack contains a list of ordered Device Objects; Device Objects are the individual drivers for each device, and are used to perform different operations for that device. For example, a PCI Bus may have two Device Objects, or drivers associated with the Device (Device Node), these Device Objects or drivers are Pci.sys and Acpi.sys.

So getting back to the point, a Driver Stack connects all the Devices together into a list or a stack in this case to process
the IRP.

*Note* I'm no expert by any means, and as a result, some of the information may either be incorrect or misunderstood, please
check the references as a more through guide.


References:

Device nodes and device stacks - http://msdn.microsoft.com/en-us/library/windows/hardware/ff554721(v=vs.85).aspx

Driver Stacks - http://msdn.microsoft.com/en-us/library/windows/hardware/hh439632(v=vs.85).aspx

No comments:

Post a Comment