Windows Internals

Chapter 6 I/O system

Driver objects and device objects

Experiment: Looking at device objects

1 !object \Device
2 !drvobj
3 !devobj
4 !process 0 0 dwm.exe
5 !handle 0 c ffffa682ca8f6080 File
!irpfind
!ioctldecode

 1 2: kd> !fileobj ffffa682d14bf910
 2 
 3 \Windows\System32\zh-CN\d2d1.dll.mui
 4 
 5 Device Object: 0xffffa682cc5f18f0   \Driver\volmgr
 6 Vpb: 0xffffa682cc8d1020
 7 Event signalled
 8 Access: Read SharedRead SharedDelete 
 9 
10 Flags:  0xc0042
11     Synchronous IO
12     Cache Supported
13     Handle Created
14     Fast IO Read
15 
16 FsContext: 0xffffe10cfe1b3170    FsContext2: 0xffffe10cfe1b33d0
17 CurrentByteOffset: 0
18 Cache Data:
19   Section Object Pointers: ffffa682d155b598
20   Shared Cache Map: 00000000

Reference

Setting up kernel debugging using WinDbg and VMware

Setting Up Kernel-Mode Debugging of a Virtual Machine Manually using a Virtual COM Port - Windows drivers | Microsoft docs

VirtualKD - Windows Kernel Debugger Booster for Virtual Machines

Kernel-Mode Driver Architecture Design Guide - Windows drivers | Microsoft Docs

Using WDF to Develop a Driver - Windows drivers | Microsoft Docs

posted @ 2022-04-12 17:32 anyboo 阅读(65) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部

增肥中的小肥

——Kyu

Windows Internals

公告