Windows Kernel I/O Drivers - MSDN Documentation

Windows Kernel I/O System and Drivers

The I/O system in Windows is a complex and hierarchical structure responsible for managing all input and output operations between applications and hardware devices. It is built around a layered driver model, providing a consistent interface for applications to interact with diverse hardware.

Core Components

The I/O system comprises several key components:

I/O Manager: The central orchestrator of I/O operations. It handles requests from applications, routes them to the appropriate drivers, and manages data transfer.
Device Drivers: Software modules that act as intermediaries between the I/O Manager and specific hardware devices. Each driver understands how to communicate with its corresponding hardware.
File System Drivers: A special type of driver responsible for managing file operations on storage devices (e.g., NTFS, FAT32).
Network Drivers: Drivers that handle network communications.
Kernel Dispatcher: Manages the scheduling and execution of I/O operations.

Driver Model

Windows employs a layered driver model, where drivers are stacked on top of each other. This allows for:

Abstraction: Higher-level drivers can provide a simplified interface to lower-level drivers, hiding hardware-specific details.
Modularity: Drivers can be developed and updated independently.
Flexibility: New functionalities can be added by inserting new driver layers.

Common driver types include:

Bus Drivers: Manage communication with hardware buses (e.g., PCI, USB).
Class Drivers: Provide a common interface for a class of devices (e.g., disk drivers, printer drivers).
Filter Drivers: Intercept I/O requests to add functionality or modify behavior.
Function Drivers: The primary driver for a device, implementing its core functionality.

I/O Request Packets (IRPs)

Communication within the I/O system is primarily done through I/O Request Packets (IRPs). An IRP is a data structure that encapsulates an I/O request from an application or another driver. It contains information such as:

The type of operation requested (e.g., read, write, device control).
The target device object.
Input and output buffers.
Flags and parameters.

The I/O Manager creates an IRP and passes it down the driver stack. Each driver processes the IRP and can either complete the request, pass it to the driver below it, or create new IRPs.

Example: Reading from a Disk Device

When an application requests to read data from a file:

The I/O Manager receives the request and creates an IRP.
The IRP is passed to the file system driver (e.g., NTFS).
The file system driver determines which physical blocks on the disk correspond to the requested file data and creates a new IRP for the disk class driver.
The disk class driver may further break down the request and pass it to the specific disk controller driver.
The disk controller driver translates the request into commands for the hardware.
As the I/O operation completes, status information and data are passed back up the driver stack via the IRP's completion routine.

Tip: Understanding the IRP structure and the flow of control is crucial for effective driver development and debugging.

Key Concepts

Device Objects: Kernel objects representing physical or logical devices.
Driver Entry Points: Functions like DriverEntry, AddDevice, and UnloadDriver that are called by the system to initialize, attach, and detach drivers.
Interrupt Handling: Mechanisms for drivers to respond to hardware interrupts efficiently.
DMA (Direct Memory Access): A technique allowing devices to transfer data directly to and from memory without involving the CPU.

                
                // Simplified conceptual structure of a driver's dispatch routine
                NTSTATUS DriverDispatchRoutine(
                    IN PDEVICE_OBJECT DeviceObject,
                    IN PIRP Irp
                ) {
                    // Extract Major Function Code from IRP
                    PIO_STACK_LOCATION irpSp = IoGetCurrentIrpStackLocation(Irp);
                    ULONG majorFunction = irpSp->MajorFunction;

                    switch (majorFunction) {
                        case IRP_MJ_READ:
                            // Handle read request
                            return IoCompleteRequest(Irp, STATUS_SUCCESS);
                        case IRP_MJ_WRITE:
                            // Handle write request
                            return IoCompleteRequest(Irp, STATUS_SUCCESS);
                        case IRP_MJ_DEVICE_CONTROL:
                            // Handle device control request
                            return IoCompleteRequest(Irp, STATUS_SUCCESS);
                        default:
                            // Pass to next driver or complete with invalid status
                            return IoSkipCurrentIrpStackLocation(Irp);
                    }
                }
                
            

Windows Kernel I/O System and Drivers

Core Components

Driver Model

I/O Request Packets (IRPs)

Example: Reading from a Disk Device

Key Concepts

Further Reading