Windows 设备驱动程序可以有依赖关系吗?
[英]Can Windows device drivers have dependencies?
问题描述
I wrote a kernel-mode driver using C.
我使用 C 编写了一个内核模式驱动程序。 When I examined it using dependency walker I saw that it depends on some NT*.dll and HAL.dll.当我使用 dependency walker 检查它时,我发现它依赖于一些 NT*.dll 和 HAL.dll。
I have several questions:我有几个问题:
- When does the OS load these DLLs?操作系统何时加载这些 DLL? I thought kernel is responsible for loading DLLs in that case how can driver load a DLL if it is already in kernel-mode我认为 kernel 负责加载 DLL 在这种情况下驱动程序如何加载 DLL 如果它已经处于内核模式
- Why don't the standard C dependencies show up like ucrtbase, concrt, vcruntime, msvcp etc?为什么标准的 C 依赖项不显示为 ucrtbase、concrt、vcruntime、msvcp 等? Would it be possible for a driver to have these dependencies and still function?驱动程序是否有可能具有这些依赖关系并且仍然是 function?
- (A continuation of the last question). (最后一个问题的延续)。 If Windows will still load DLLs even in kernel mode, I don't see why drivers cannot be written in (MS) C++如果 Windows 即使在 kernel 模式下仍会加载 DLL,我不明白为什么驱动程序无法写入 (MS) C++
Thanks,谢谢,
1 个解决方案
解决方案1
1 2020-06-19 15:45:52
Most of the API in the driver is exported from ntoskrnl.exe.
驱动中的API大部分都是从ntoskrnl.exe导出的。Your driver is actually a "kernel module", which is part of a process, just like the modules in Ring3.
您的驱动程序实际上是一个“内核模块”,它是进程的一部分,就像 Ring3 中的模块一样。The driver's "process" is "System", with a Pid of 4, which you can see in the task manager.
驱动的“进程”是“系统”,Pid为4,可以在任务管理器中看到。ntoskrnl.exe and HAL.dll are modules in the "System", they will Loaded at system startup, while other modules are loaded at time of use (such as your drivers).
ntoskrnl.exe 和 HAL.dll 是“系统”中的模块,它们会在系统启动时加载,而其他模块在使用时加载(例如您的驱动程序)。You can write and load "driver DLLs", but I haven't done so yet, so I can't answer that.
您可以编写和加载“驱动程序 DLL”,但我还没有这样做,所以我无法回答。Ring3 modules are not loaded into the kernel, so you can't call many common Ring3 APIs, but Microsoft has mostly provided alternative APIs for them.
Ring3 模块没有加载到 kernel 中,因此您无法调用许多常见的 Ring3 API,但微软大多为它们提供了替代 API。You can't load the Ring3 module directly into the kernel and call its export function.
您不能将 Ring3 模块直接加载到 kernel 并调用其导出 function。 There may be some very complicated methods or tricks to do this, but it's really not necessary.可能有一些非常复杂的方法或技巧可以做到这一点,但实际上没有必要。You can write drivers in C++, but this is not officially recommended by Microsoft at this time as it will encounter many problems, such as:
可以在C++中写驱动,但是微软目前官方不推荐这个,会遇到很多问题,比如:Constructors and destructors of global variables cannot be called automatically.
全局变量的构造函数和析构函数不能被自动调用。You can't use C++ standard libraries directly.
您不能直接使用 C++ 标准库。You can't use new and delete directly, they need to be overridden.
您不能直接使用 new 和 delete,它们需要被覆盖。C++ exceptions cannot be used directly, and will consume a lot of stack space if you support them manually.
C++ 异常不能直接使用,如果手动支持会消耗大量堆栈空间。 Ring0 driver stack space is usually much smaller than Ring3 application stack space, indicating that BSOD may be caused. Ring0 驱动程序堆栈空间通常比 Ring3 应用程序堆栈空间小很多,说明可能导致 BSOD。
Fortunately:
幸运的是:Some great people have solved most of the problems, such as the automatic calling of constructors and destructors and the use of standard libraries.
一些伟人已经解决了大部分问题,例如构造函数和析构函数的自动调用以及标准库的使用。 GitHub Project Link (But I still don't recommend using standard libraries in the kernel unless it's necessary, because they are too complex and large and can lead to some unanticipated issues) GitHub 项目链接(但我仍然不建议在 kernel 中使用标准库,除非有必要,因为它们过于复杂和庞大,可能会导致一些意想不到的问题)My friend told me that Microsoft seems to have a small team currently trying to make drivers support C++.
我的朋友告诉我,微软似乎有一个小团队目前正在尝试让驱动程序支持 C++。 But I don't have time to confirm the veracity of this claim.但我没有时间确认这个说法的真实性。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.