what is the difference between pdo and fdo in windows device drivers?

Question

I am studying windows device drivers on my own and I find it's very difficult to differentiate between PDO and FDO. Let me tell you the flow that I have in my head correct me if I am wrong !!

when system boots it loads the root bus driver that will create a FDO. Now it will enumerates its child devices and i guess some hot plug method of the bus driver will be called, when a new child will be found and that method will notify the PNP manager. PNP manager will call the AddDevice() routine of the root bus driver and that will intern create PDOs for new buses like one for PCI and etc. Please explain the whole flow in detail, this is just my imagination. And then it is documented that system will load the functional driver for the PCI bus that will create the FDO ?? what is this FDO?? and why would i need that?? According to me PCI bus driver should also follow the same as done by the root bus, enumerate its child and create PDOs for them, or by this FDO they mean PDO only ?? I am so much confused :( !!

Answer 1

What are you actually doing, or are you just trying to learn? I am just wondering how you ended up this low down in the stack.

PDO = Physical Device Object

FDO = Functional Device Object

A PDO acts as a physical device, but it does not necessarily have to be physical. It is essentially the interface between a device on a bus, and the bus itself. This is pretty well covered on MSDN.

Here is an example that uses USB sticks and this illustrates the difference quite well.

Here is a more in depth explanation and the important quote

If your point of reference is the PCI bus, then Pci.sys is the function driver. But if your point of reference is the Proseware Gizmo device, then Pci.sys is the bus driver. This dual role is typical in the PnP device tree. A driver that serves as function driver for a bus also serves as bus driver for a child device of the bus.

You also have filter drivers which allow you to sit between PDO's and FDO's and start doing naughty stuff like hiding files, POC rootkits etc. At this stage you can add extra functionality, or completely prevent access to the PDO.

And here is all the MSDN links.

http://msdn.microsoft.com/en-us/library/windows/hardware/hh439632(v=vs.85).aspx http://msdn.microsoft.com/en-us/library/windows/hardware/ff554721(v=vs.85).aspx http://msdn.microsoft.com/en-us/library/windows/hardware/hh439643(v=vs.85).aspx http://msdn.microsoft.com/en-us/library/windows/hardware/ff554731(v=vs.85).aspx http://msdn.microsoft.com/en-us/library/windows/hardware/ff564859(v=vs.85).aspx http://technet.microsoft.com/en-us/library/cc776371(v=ws.10).aspx

If that doesn't clear it up for you, feel free to post back.