#include <ntddk.h>
#include "ntifs.h"

NTSTATUS
FileDiskCreateDevice (
    IN PDRIVER_OBJECT   DriverObject,
    IN ULONG            Number,
    IN DEVICE_TYPE      DeviceType
    )
	//DriverObject指向在DriverEntry中初始化的驅動程序對象
	//Number指向創建的虛擬盤設備號（非盤號）
{
    WCHAR               device_name_buffer[MAXIMUM_FILENAME_LENGTH];
 	//MAXIMUM_FILENAME_LENGTH在ntddk.h中定義為256
   UNICODE_STRING      device_name;
    NTSTATUS            status;
    PDEVICE_OBJECT      device_object;
    PDEVICE_EXTENSION   device_extension;
    HANDLE              thread_handle;

    ASSERT(DriverObject != NULL);


        swprintf(
            device_name_buffer,
            DEVICE_NAME_PREFIX L"%u",
            Number
            );


    RtlInitUnicodeString(&device_name, device_name_buffer);

	//用IoCreateDevice創建設備對象
    status = IoCreateDevice(
        DriverObject,
        sizeof(DEVICE_EXTENSION),
        &device_name,
        DeviceType,
        0,
        FALSE,
        &device_object
        );
	//FILE_DEVICE_DISK在ntddk.h中定義為0x00000007

    if (!NT_SUCCESS(status))
    {
        return status;
    }

    device_object->Flags |= DO_DIRECT_IO;
	//DO_DIRECT_IO在ntddk.h中定義為0x00000010

	//初始化設備擴展結構device_extension

    device_extension = (PDEVICE_EXTENSION) device_object->DeviceExtension;

    device_extension->media_in_device = FALSE;

    if (DeviceType == FILE_DEVICE_CD_ROM)
    {
        device_object->Characteristics |= FILE_READ_ONLY_DEVICE;
        device_extension->read_only = TRUE;
    }

    InitializeListHead(&device_extension->list_head);

    KeInitializeSpinLock(&device_extension->list_lock);

    KeInitializeEvent(
        &device_extension->request_event,
        SynchronizationEvent,
        FALSE
        );

    device_extension->terminate_thread = FALSE;

    status = PsCreateSystemThread(
        &thread_handle,
        (ACCESS_MASK) 0L,
        NULL,
        NULL,
        NULL,
        FileDiskThread,
        device_object
        );

    if (!NT_SUCCESS(status))
    {
        IoDeleteDevice(device_object);
        return status;
    }

    status = ObReferenceObjectByHandle(
        thread_handle,
        THREAD_ALL_ACCESS,
        NULL,
        KernelMode,
        &device_extension->thread_pointer,
        NULL
        );
	//THREAD_ALL_ACCESS在ntddk.h中定義為(STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3FF)
	//即為STANDARD_RIGHTS_REQUIRED與SYNCHRONIZE再與0x3FF按位或
	//STANDARD_RIGHTS_REQUIRED在ntddk.h中定義為0x000F0000L
	//SYNCHRONIZE在ntddk.h中定義為0x00100000L

    if (!NT_SUCCESS(status))
    {
        ZwClose(thread_handle);

        device_extension->terminate_thread = TRUE;

        KeSetEvent(
            &device_extension->request_event,
            (KPRIORITY) 0,
            FALSE
            );

        IoDeleteDevice(device_object);

        return status;
    }

    ZwClose(thread_handle);

    return STATUS_SUCCESS;
}