When an application sends an I/O request, the Windows I/O manager package it as an IRP and pass it down the stack of driver objects. If a driver in the stack can handle the request, it completes the action and returns the IRP up to stack back to the I/O manager. If a driver cannot handle the request, it does what it can and pass it down the stack to the next driver. When the IRP reaches the bottom of the stack, the request has to be completed there as there is no further way to go,
When the IRP is created, the I/O manager also allocates additional spaces for each of the drivers in the stack. The space holds an array of structures (IO_STACK_LOCATION) and each driver is assigned one of them.
The array index start at 1 and is assigned to the driver at the bottom of the stack. As such, the access starts from the end of the array and goes down, reminiscent of a stack. Each structure contains the major and minor function to be invoked by I/O manager, parameters and also pointer to the device object. It also contains the CompletionRoutine field which points to the call back routine from the driver above in the stack.
When a driver's dispatch routine receives an IRP, it retrieves the parameter from its IO_STACK_LOCATION using the API call IoGetCurrentIrpSTackLocation(). When the dispatch routine plans to forward the IRP to the next level, it will
(1) set up the IO_STACK_LOCATION for the next driver
(2) register a completion routine (optional)
(3) send off the IRP to the next driver down
(4) return a status code (NTSTATUS)
If the current IO_STACK_LOCATION is not used by the current driver, it can be reused for the next driver. The current drive uses IoSkipCurrentIrpStackLocation(IN PIRP irp) which decrements the current IO Stack location pointer by 1. So when I/O manager dispatch the next driver, it will be incremented by 1 and thus reuse the same location.
IoCopyCurrentIrpStackLocation copies the content of the IO_STACK_LOCATION entry to the next one except the pointer to the completion routine.
IoSetCompletionRoutine registers a completion routine. The call can specify the conditions- success, error or cancel - for invoking the completion routines.
IoCallDriver() calls the next driver and passes along the IRP. The first parameter is the DEVICE_OBJECT of the next driver. The dispatch routine needs to obtain the reference by itself and there is no standard way to do so.
The I/O manager initiates the completion process when one of the driver calls its IoCompleteRequest() API function. The status and information field in the IRP's IO_STATUS_BLOCK structure is initialized. The second argument to IoCompleteRequest is always set to IO_NO_INCREMENT. Starting from the current IO Stack Location, I/O manager will call the completion routines registered. It moves up the stack entry by entry. It skip the level if the completion routine is set to NULL. It keeps on moving up unless the routine returns STATUS_MORE_PROCESSING_REQUIRED status, until it reaches the top of the stack.
Friday, January 31, 2014
Windows Device Drivers
There are 3 basic types of drive in the classic Windows Driver Model (WDM):
(1) Function drivers are the primary drivers for devices. They perform most of the works to service I/O requests. They transform the Windows API call to low level device commands
(2) Bus drivers implement functions specific to a particular interfaces (e.g. USB, PCI, SCSI etc). They are essentially low level function drivers for a particular system bus. They enumerate devices attached to the bus and manage them
(3) Filter drivers do not manage devices. They add processing to the command and data passing through them. Relative to their position to the function drives in the stack, they are called either upper or lower filter drivers
driver stack:
I/O manager <-> upper filter driver <-> function driver <-> lower filter driver <-> HAL <-> hardware
Function and bus drivers are usually implemented as driver/mini-driver pairs - either class/miniclass or port/miniport drivers. Class and port drivers are provided by Windows which standardize the high level functionality. The mini-drivers are usually shipped by hardware vendors.
A class driver offers hardware agnostics support for specific type (or class) of devices. For example, kbdclass.sys is the keyboard class driver from MS.
A port driver supports general I/O operations for a particular peripheral hardware interface. For example, i8402prt.sys is the port driver for 8402 microcontroller used to connect to PS/2 keyboard.
Each device driver has an associated DRIVER_OBJECT. The driver object points to the driver (PDRIVER_OBJECT) which can be used to locate its set of dispatch routines/
(1) Function drivers are the primary drivers for devices. They perform most of the works to service I/O requests. They transform the Windows API call to low level device commands
(2) Bus drivers implement functions specific to a particular interfaces (e.g. USB, PCI, SCSI etc). They are essentially low level function drivers for a particular system bus. They enumerate devices attached to the bus and manage them
(3) Filter drivers do not manage devices. They add processing to the command and data passing through them. Relative to their position to the function drives in the stack, they are called either upper or lower filter drivers
driver stack:
I/O manager <-> upper filter driver <-> function driver <-> lower filter driver <-> HAL <-> hardware
Function and bus drivers are usually implemented as driver/mini-driver pairs - either class/miniclass or port/miniport drivers. Class and port drivers are provided by Windows which standardize the high level functionality. The mini-drivers are usually shipped by hardware vendors.
A class driver offers hardware agnostics support for specific type (or class) of devices. For example, kbdclass.sys is the keyboard class driver from MS.
A port driver supports general I/O operations for a particular peripheral hardware interface. For example, i8402prt.sys is the port driver for 8402 microcontroller used to connect to PS/2 keyboard.
Each device driver has an associated DRIVER_OBJECT. The driver object points to the driver (PDRIVER_OBJECT) which can be used to locate its set of dispatch routines/
IDS and IPS
IDS (Intrusion Detection System) functions like an un-armed security guards. It detects anomalies and sounds of an alarm. It is not able to change the policies or stop the attack.
IPS (Intrusion Protection System) functions like a patrolling constable. It can take action to stop the attack such as denying a process to access system resources or drop packet sent to a port.
IPS (Intrusion Protection System) functions like a patrolling constable. It can take action to stop the attack such as denying a process to access system resources or drop packet sent to a port.
Sunday, January 26, 2014
Cascade Style Sheet
HTML contains both content and format information, mixed together in the coding. Therefore, to change the style (e.g. font color, background color) is tedious.
CSS separate the formatting to a separate section (internal) or document (external). CSS makes changes to web page format easier. By dividing the web page into divisions (div tag), each division can be manipulated by a style section individually.
CSS separate the formatting to a separate section (internal) or document (external). CSS makes changes to web page format easier. By dividing the web page into divisions (div tag), each division can be manipulated by a style section individually.
HTML division tag
The division tags do nothing. They are just defined container to divide the content and each section can be manipulated by style sheet later. For example, the content can be divided into header, main body and footer. Each of this section is defined in a div and their presentation (e.g. location, border, font, colr etc) can be specified by style sheet individually.
Each division is assigned with an ID. For example
This is section 1
Once the division are named, they can be refered to in the accompanied style sheet. For example,
#section1 {font-family : Ariel; font-size : 12pt ; }
The preceding "#" in the style sheet indicate to the browser to match this with an id attribute in the body content.
The span tag is functionally similar to div tag except span is used to define the style for a segment of content in a section
Subscribe to:
Posts (Atom)