I am working with a WinCE device which has a radio manager driver written for it in MFC. In the code for the Radio GUI, I can see the function Deviceiocontrol with a specific IOCTL being called. However, I'm unable to trace the particular piece of code called by this function. Can someone tell me how Deviceiocontrol works?
DeviceIoControl calls through to the device driver by using the file handle. You have to use a kernel debugger if you want to step into the device driver itself.
The file handle represents a kernel object which consists of a DEVICE_OBJECT structure which contains a function table. In this table at the index of IRP_MJ_DEVICE_CONTROL, the driver sets its handle function. The function then gets called with the io control parameters which are packaged into an IRP.