Kernel Mode Driver Framework >> C/C++ (PNP)
Thread
參考資訊:
1. Source Code
2. operating-system-ch4-multithread
3. user-level-threads-and-kernel-level-threads
Thread是一個最小的執行單位,一個Process可以產生多個Thread,在多核CPU上,產生的Thread可以同時的運作,這意謂著使用Thread技術可以用來改善效能,但是,每個Thread間的資料同步則是另一個課題,在此練習,司徒著重在教導使用者如何撰寫一個最基本的Thread,了解其架構後,使用者可以再更深入了解Thread需要面對的其它問題,而值得注意的是,Thread有區分User Thread和System Thread兩種,各有優缺點,細節可以參考如上的參考資訊。
main.c
#include <ntddk.h>
#include <wdf.h>
#define DEV_NAME L"\\Device\\MyDriver"
#define SYM_NAME L"\\DosDevices\\MyDriver"
#define IOCTL_START CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_STOP CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS)
ULONG bExit=0;
HANDLE pThread;
VOID MyThread(PVOID pParam)
{
LARGE_INTEGER tt;
tt.HighPart|= -1;
tt.LowPart = (ULONG)-10000000;
while(bExit != TRUE){
KeDelayExecutionThread(KernelMode, FALSE, &tt);
DbgPrint("Sleep 1s");
}
DbgPrint("Exit MyThread");
PsTerminateSystemThread(STATUS_SUCCESS);
}
void IrpFileCreate(WDFDEVICE Device, WDFREQUEST Request, WDFFILEOBJECT FileObject)
{
DbgPrint("IrpFieCreate");
WdfRequestComplete(Request, STATUS_SUCCESS);
}
void IrpFileClose(WDFFILEOBJECT FileObject)
{
DbgPrint("IrpFieClose");
}
void IrpIOCTL(WDFQUEUE Queue, WDFREQUEST Request, size_t OutputBufferLength, size_t InputBufferLength, ULONG IoControlCode)
{
HANDLE hThread;
NTSTATUS status;
switch(IoControlCode){
case IOCTL_START:
DbgPrint("IOCTL_START");
bExit = 0;
status = PsCreateSystemThread(&hThread, THREAD_ALL_ACCESS, NULL, (HANDLE)-1, NULL, MyThread, NULL);
if(NT_SUCCESS(status)){
ObReferenceObjectByHandle(hThread, THREAD_ALL_ACCESS, NULL, KernelMode, &pThread, NULL);
ZwClose(hThread);
}
break;
case IOCTL_STOP:
DbgPrint("IOCTL_STOP");
bExit = 1;
KeWaitForSingleObject(pThread, Executive, KernelMode, FALSE, NULL);
ObDereferenceObject(pThread);
break;
}
WdfRequestComplete(Request, STATUS_SUCCESS);
}
NTSTATUS AddDevice(WDFDRIVER Driver, PWDFDEVICE_INIT pDeviceInit)
{
WDFDEVICE device;
UNICODE_STRING suDevName;
UNICODE_STRING szSymName;
WDF_FILEOBJECT_CONFIG file_cfg;
WDF_IO_QUEUE_CONFIG ioqueue_cfg;
RtlInitUnicodeString(&suDevName, DEV_NAME);
RtlInitUnicodeString(&szSymName, SYM_NAME);
WdfDeviceInitAssignName(pDeviceInit, &suDevName);
WdfDeviceInitSetIoType(pDeviceInit, WdfDeviceIoBuffered);
WDF_FILEOBJECT_CONFIG_INIT(&file_cfg, IrpFileCreate, IrpFileClose, NULL);
WdfDeviceInitSetFileObjectConfig(pDeviceInit, &file_cfg, WDF_NO_OBJECT_ATTRIBUTES);
WdfDeviceCreate(&pDeviceInit, WDF_NO_OBJECT_ATTRIBUTES, &device);
WdfDeviceCreateSymbolicLink(device, &szSymName);
WDF_IO_QUEUE_CONFIG_INIT_DEFAULT_QUEUE(&ioqueue_cfg, WdfIoQueueDispatchSequential);
ioqueue_cfg.EvtIoDeviceControl = IrpIOCTL;
return WdfIoQueueCreate(device, &ioqueue_cfg, WDF_NO_OBJECT_ATTRIBUTES, WDF_NO_HANDLE);
}
NTSTATUS DriverEntry(PDRIVER_OBJECT pOurDriver, PUNICODE_STRING pRegistry)
{
WDF_DRIVER_CONFIG config;
WDF_DRIVER_CONFIG_INIT(&config, AddDevice);
return WdfDriverCreate(pOurDriver, pRegistry, WDF_NO_OBJECT_ATTRIBUTES, &config, WDF_NO_HANDLE);
}
IrpIOCTL收到IOCTL_START後,產生一個新的Thread(注意有User和System區分),接著呼叫ZwClose(),值得注意的是,這個ZwClose()僅是釋放Handle的資源,實際Thread並不會被關閉,原因在於提前做ObReferenceObjectByHandle(),而當收到IOCTL_STOP,則設定bExit並等待Thread結束,最後呼叫ObDereferenceObject()釋放Object資源。
app.c
#define INITGUID
#include <windows.h>
#include <winioctl.h>
#include <strsafe.h>
#include <setupapi.h>
#include <stdio.h>
#include <stdlib.h>
#define IOCTL_START CTL_CODE(FILE_DEVICE_UNKNOWN, 0x800, METHOD_BUFFERED, FILE_ANY_ACCESS)
#define IOCTL_STOP CTL_CODE(FILE_DEVICE_UNKNOWN, 0x801, METHOD_BUFFERED, FILE_ANY_ACCESS)
int __cdecl main(int argc, char* argv[])
{
HANDLE hFile = NULL;
DWORD dwRet = 0;
hFile = CreateFile("\\\\.\\MyDriver", GENERIC_READ | GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL);
if (hFile == INVALID_HANDLE_VALUE) {
printf("failed to open mydriver\n");
return -1;
}
DeviceIoControl(hFile, IOCTL_START, NULL, 0, NULL, 0, &dwRet, NULL);
Sleep(3000);
DeviceIoControl(hFile, IOCTL_STOP, NULL, 0, NULL, 0, &dwRet, NULL);
CloseHandle(hFile);
return 0;
}
結果
