- Child Pages
- User Space
- Kernel Space
- I/O Control Codes (IOCTLs)
- I/O Request Packets (IRPs)
- Interrupt Request Level (IRQL)
- Driver Stack
- Windows Driver Development Kit (WDK)
- Windows Driver Model (WDM)
- Windows Driver Foundation (WDF)
I/O Control Codes (IOCTLs)
IOCTL is a UNIX term.
From the Wikipedia article, “ioctl“.
DeviceIoControl takes as parameters:
- an open object handle (the Win32 equivalent of a file descriptor)
- a request code number (the “control code”)
- a buffer for input parameters
- length of the input buffer
- a buffer for output results
- length of the output buffer
OVERLAPPEDstructure, if overlapped I/O is being used.
I/O Request Packets (IRPs)
Interrupt Request Level (IRQL)
The IRQL can be tempoarily raised at any point, but can only be lowered by the routine that raised it.
IRQL 0 (PASSIVE_LEVEL)
All user code, and most kernel code is executed at this level.
IRQL 1 (APC_LEVEL)
IRQL 2 (DISPATCH_LEVEL)
IRQL 3+ (DIRQL)
Level 3 and above (except for one, called HIGH_LEVEL, see below) are interrupts reserved for connecting to hardware devices, and are known as ( DIRQL ).
A hardware device has not one, but many drivers which work together to provide the correct functionality. These are implemented on a “driver stack”.
Physical Device Object (PDO)
Function Device Object (FDO)
Windows Driver Development Kit (WDK)
The compiler bundled with the WDK is optimised for driver development, and should not be used for standard C/C++ applications (and vise versa).
Windows Driver Model (WDM)
The Windows driver model was first included with Windows 98 and replaces the older VxD driver model.
Windows Driver Foundation (WDF)
The Windows driver foundation is event driven and object-orientated.