DRIVER_OBJECT

  

typedef struct _DRIVER_OBJECT { 
  CSHORT Type; 
  CSHORT Size; 
  PDEVICE_OBJECT DeviceObject;           // 指向设备对象,所有的设备对象构成一个链表 
  ULONG Flags;                           // 驱动程序标志 
  PVOID DriverStart;                     // 驱动程序映像起始地址 
  ULONG DriverSize;                      // 驱动程序映像大小 
  PVOID DriverSection;                   // 指向驱动程序映像的内存区对象 
  PDRIVER_EXTENSION DriverExtension;     // 指向驱动程序对象的扩展部分 
  UNICODE_STRING DriverName;             // 驱动程序名称 
  PUNICODE_STRING HardwareDatabase;      // 指向注册表中包含硬件信息的路径 
  PFAST_IO_DISPATCH FastIoDispatch;      // 指向快速I/O的分发结构 
  PDRIVER_INITIALIZE DriverInit;         // 驱动程序的初始化例程 
  PDRIVER_STARTIO DriverStartIo;         // 驱动程序的启动I/O例程 
  PDRIVER_UNLOAD DriverUnload;           // 驱动程序的卸载例程 
  PDRIVER_DISPATCH MajorFunction[IRP_MJ_MAXIMUM_FUNCTION + 1];



DRIVER_OBJECT STRUCT ; sizeof= 0A8h
(IO_TYPE_DRIVER = 4)  (original field name Type)
(original name Size)

 ; The following links all of the devices created by a single driver
 ; together on a list, and the Flags word provides an extensible flag
 ; location for driver objects.

 DeviceObject PVOID ? ; 0004h PTR DEVICE_OBJECT
 Flags DWORD ? ; 0008h

The count
 ; field is used to count the number of times the driver has had its
 ; registered reinitialization routine invoked.

 DriverStart PVOID ? ; 000Ch
 DriverSize DWORD ? ; 0010h
 DriverSection PVOID ? ; 0014h
 DriverExtension PVOID ? ; 0018h PTR DRIVER_EXTENSION

 ; The driver name field is used by the error log thread
 ; determine the name of the driver that an I/O request is/was bound.

 DriverName UNICODE_STRING <> ; 001Ch
Thise is a pointer
 ; to the path to the hardware information in the registry

 HardwareDatabase PVOID ? ; 0024h PTR UNICODE_STRING

 ; The following section contains the optional pointer to an array of
Fast I/O
 ; is performed by invoking the driver routine directly with separate
Note
 ; that these functions may only be used for synchronous I/O, and when
 ; the file is cached.

 FastIoDispatch PVOID ? ; 0028h PTR FAST_IO_DISPATCH

 ; The following section describes the entry points to this particular
Note that the major function dispatch table must be the last
 ; field in the object so that it remains extensible.

 DriverInit PVOID ? ; 002Ch
 DriverStartIo PVOID ? ; 0030h
 DriverUnload PVOID ? ; 0034h
 MajorFunction PVOID (IRP_MJ_MAXIMUM_FUNCTION + 1) dup(?) ; 0038h

 DRIVER_OBJECT ENDS
 PDRIVER_OBJECT typedef PTR DRIVER_OBJECT