Kernel programming
_DRIVER_OBJECT -> DriverSection
울랄라베베
2008. 8. 22. 13:26
lkd> !object \driver\kbdclass
Object: 86943bb0 Type: (86b56040) Driver
ObjectHeader: 86943b98 (old version)
HandleCount: 0 PointerCount: 6
Directory Object: e159f4a8 Name: Kbdclass
lkd> dt _driver_object 86943bb0
ntdll!_DRIVER_OBJECT
+0x000 Type : 4
+0x002 Size : 168
+0x004 DeviceObject : 0x865c6750 _DEVICE_OBJECT
+0x008 Flags : 0x12
+0x00c DriverStart : 0xf777f000
+0x010 DriverSize : 0x5c80
+0x014 DriverSection : 0x86949470
+0x018 DriverExtension : 0x86943c58 _DRIVER_EXTENSION
+0x01c DriverName : _UNICODE_STRING "\Driver\Kbdclass"
+0x024 HardwareDatabase : 0x8067f260 _UNICODE_STRING "\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM"
+0x028 FastIoDispatch : (null)
+0x02c DriverInit : 0xf7783610 long kbdclass!GsDriverEntry+0
+0x030 DriverStartIo : (null)
+0x034 DriverUnload : (null)
+0x038 MajorFunction : [28] 0xf777fdd0 long kbdclass!KeyboardClassCreate+0
lkd> dt _LDR_DATA_TABLE_ENTRY 0x86949470
ntdll!_LDR_DATA_TABLE_ENTRY
+0x000 InLoadOrderLinks : _LIST_ENTRY [ 0x86943ce8 - 0x8694e850 ]
+0x008 InMemoryOrderLinks : _LIST_ENTRY [ 0xffffffff - 0xffffffff ]
+0x010 InInitializationOrderLinks : _LIST_ENTRY [ 0x12 - 0x0 ]
+0x018 DllBase : 0xf777f000
+0x01c EntryPoint : 0xf7783610
+0x020 SizeOfImage : 0x6000
+0x024 FullDllName : _UNICODE_STRING "\SystemRoot\system32\DRIVERS\kbdclass.sys"
+0x02c BaseDllName : _UNICODE_STRING "kbdclass.sys"
+0x034 Flags : 0x9104000
+0x038 LoadCount : 1
+0x03a TlsIndex : 0x44
+0x03c HashLinks : _LIST_ENTRY [ 0xffffffff - 0x138fd ]
+0x03c SectionPointer : 0xffffffff
+0x040 CheckSum : 0x138fd
+0x044 TimeDateStamp : 0x86ba2f99
+0x044 LoadedImports : 0x86ba2f99
+0x048 EntryPointActivationContext : (null)
+0x04c PatchInformation : 0x0062006b
Object: 86943bb0 Type: (86b56040) Driver
ObjectHeader: 86943b98 (old version)
HandleCount: 0 PointerCount: 6
Directory Object: e159f4a8 Name: Kbdclass
lkd> dt _driver_object 86943bb0
ntdll!_DRIVER_OBJECT
+0x000 Type : 4
+0x002 Size : 168
+0x004 DeviceObject : 0x865c6750 _DEVICE_OBJECT
+0x008 Flags : 0x12
+0x00c DriverStart : 0xf777f000
+0x010 DriverSize : 0x5c80
+0x014 DriverSection : 0x86949470
+0x018 DriverExtension : 0x86943c58 _DRIVER_EXTENSION
+0x01c DriverName : _UNICODE_STRING "\Driver\Kbdclass"
+0x024 HardwareDatabase : 0x8067f260 _UNICODE_STRING "\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\SYSTEM"
+0x028 FastIoDispatch : (null)
+0x02c DriverInit : 0xf7783610 long kbdclass!GsDriverEntry+0
+0x030 DriverStartIo : (null)
+0x034 DriverUnload : (null)
+0x038 MajorFunction : [28] 0xf777fdd0 long kbdclass!KeyboardClassCreate+0
lkd> dt _LDR_DATA_TABLE_ENTRY 0x86949470
ntdll!_LDR_DATA_TABLE_ENTRY
+0x000 InLoadOrderLinks : _LIST_ENTRY [ 0x86943ce8 - 0x8694e850 ]
+0x008 InMemoryOrderLinks : _LIST_ENTRY [ 0xffffffff - 0xffffffff ]
+0x010 InInitializationOrderLinks : _LIST_ENTRY [ 0x12 - 0x0 ]
+0x018 DllBase : 0xf777f000
+0x01c EntryPoint : 0xf7783610
+0x020 SizeOfImage : 0x6000
+0x024 FullDllName : _UNICODE_STRING "\SystemRoot\system32\DRIVERS\kbdclass.sys"
+0x02c BaseDllName : _UNICODE_STRING "kbdclass.sys"
+0x034 Flags : 0x9104000
+0x038 LoadCount : 1
+0x03a TlsIndex : 0x44
+0x03c HashLinks : _LIST_ENTRY [ 0xffffffff - 0x138fd ]
+0x03c SectionPointer : 0xffffffff
+0x040 CheckSum : 0x138fd
+0x044 TimeDateStamp : 0x86ba2f99
+0x044 LoadedImports : 0x86ba2f99
+0x048 EntryPointActivationContext : (null)
+0x04c PatchInformation : 0x0062006b