Device Driver Development for Beginners - Reloaded

Forum for discussion about kernel-mode development.

Device Driver Development for Beginners - Reloaded

Postby Evilcry » Mon Oct 04, 2010 6:14 am

Hi,

This is just a little starter for people interested in starting Kernel-Mode Development

By following an good thread on UIC forum, opened by a beginner that wanted to know how to start with Device Driver Development, I remembered that long time ago published a similar blog post on that subject.

Now I'm going to Reload and Expand it.

Development Tools

1. WDK/DDK - this is the proper Driver Development SDK given by Microsoft, latest edition can be dowloaded http://www.microsoft.com/whdc/DevTools/WDK/WDKpkg.mspx
2. Visual Studio 2008/2010 - you can also develop without VS, but I always prefer all the Comforts given by a such advanced IDE, especially in presence of complex device drivers.
3. DDKWizard - DDKWizard is a so-called project creation wizard (for VisualStudio) that allows you to create projects that use the DDKBUILD scripts from OSR (also available in the download section from this site). The wizard will give you several options to configure your project prior to the creation. You can download it http://ddkwizard.assarbad.net/
4. VisualAssist - (Optional Tool) Visual Assist X provides productivity enhancements that help you read, write, navigate and refactor code with blazing speed in all Microsoft IDEs. You can Try/Buy it http://wholetomato.com/
5. VisualDDK - Develop and Debug drivers directly from VS, enjoy debugging your driver directly from Visual Studio, speeding up debugging ~18x for VMWare and ~48x for VirtualBox. Download and Step by Step Quick Start Guide http://visualddk.sysprogs.org/quickstart/
6. Virtual Machine - You need a Virtual Machine to perform efficient Driver Debugging, best options are VMWare or VirtualBox.

Building a Driver Development Environment


As you can see, a good comfortable Driver Development station is composed by a good amount of components, so we need an installation order.

1. Install your IDE - VisualStudio2008 or VisualStudio2010
2. Install WDK package
3. Install DDKWizard
4. Download and place ( usually into C:\WinDDK ) ddkbuild.cmd
5. By following DDKWizard pdf you will be driven to add an new Envirnment Variable directly releated to the OS version in which you are developing and successively add a reference of ddkbuild.cmd into VS IDE. DDWizard Manual is very well written.
6. After finishing DDKWizard integration you can test if your environment is correctly installed, by compilig your first driver. Steps are easy open VS and select DDKWizard templare (not EmptyDriver), you will see the skeleton of a Driver, all what you have to do is to Build Solution and Verify if No Compiling Errors occur, your station is correctly installed.
7. Install VirtualMachine
8. Integrate Debugging help of VisualDDK by following step by step quick start guide
9. Install Visual Assist (this can be done in every moment after VS Installation)

Additional Tools

* DeviceTree - This utility has two views: (a) one view that will show you the entire PnP enumeration tree of device objects, including relationships among objects and all the device's reported PnP characteristics, and (b) a second view that shows you the device objects created, sorted by driver name. There is nothing like this utility available anywhere else. Download it http://www.osronline.com/article.cfm?article=97
* IrpTracker - IrpTracker allows you to monitor all I/O request packets (IRPs) on a system without the use of any filter drivers and with no references to any device objects, leaving the PnP system entirely undisturbed. In addition to being able to see the path the IRP takes down the driver stack and its ultimate completion status, a detailed view is available that allows you to see the entire contents of static portion of the IRP and an interpreted view of the current and previous stack locations. Download it http://www.osronline.com/article.cfm?article=199
* DebugMon - Displays DbgPrint messages generated by any driver in the system (or the OS itself) in the application window. Can be used either in local mode or can send the DbgPrint messages to another system via TCP/IP. Download it http://www.osronline.com/article.cfm?article=99
* DriverLoader - This GUI-based tool will make all the appropriate registry entries for your driver, and even allow you to start your driver without rebooting. It's even got a help file, for goodness sakes! If you write drivers, this is another one of those utilities that's a must have for your tool chest. x86 architecture. Dowload it http://www.osronline.com/article.cfm?article=157

Now you have a full working Develop and Debug Station.

As you should imagine, dealing with driver development implies working with at Kernel Mode, a task pretty challenging, delicate and complex. A badly written driver lead to OS Crash and/or dangerous bugs, just think about a driver used in mission-critical applications like Surgery, a bug or a crash could lead to extremely big dangers. The driver need to be:

* Bug Free
* Fault Tolerant
* Ready to Endure all Stress Situations


This could be done, only by the driver coder, with a large knowledge of following fields:

* Hardware Architecture
* Operating System Architecture
* Kernel and User Mode Architecture
* Rock Solid C language knowledge
* Debugging Ability


Here i'm going to enumerate necessary Documentation/Book/Etc. necessary to acheive a *good and solid* background and advanced knowledge about driver coding.

Microsoft WDK Page: http://www.microsoft.com/whdc/devtools/WDK/default.mspx

Will give you informations about:

1. WDM ( Windows Driver Model)
2. WDF (Windows Driver Foundation)
3. IFS Kit (Installable FileSystem Kit)
4. Driver Debugging
5. Driver Stress Testing ( DriverVerifier tool )

PC Fundamentals: http://www.microsoft.com/whdc/system/default.mspx

Device Fundamentals: http://www.microsoft.com/whdc/device/default.mspx

This will give you an large view of 'what mean developing a driver' which components are touched and which aspects you need to know.

It's also obviously necessary to have a Reference about kernel mode involved Functions and Mechanisms, the first best resource is always MSDN, here the starter link to follow MSDN->DDK

http://msdn.microsoft.com/en-us/library ... 85%29.aspx

How to start Learning


As pointed out in the previous blog post, one of the best starting point, that will give you an on-fly-view of development topics is the Toby Opferman set of articles:

Driver Development Part 1: Introduction to Drivers
http://www.codeproject.com/KB/system/driverdev.aspx
Driver Development Part 2: Introduction to Implementing IOCTLs
http://www.codeproject.com/KB/system/driverdev2.aspx
Driver Development Part 3: Introduction to driver contexts
http://www.codeproject.com/KB/system/driverdev3.aspx
Driver Development Part 4: Introduction to device stacks
http://www.codeproject.com/KB/system/driverdev4asp.aspx
Driver Development Part 5: Introduction to the Transport Device Interface
http://www.codeproject.com/KB/system/driverdev5asp.aspx
Driver Development Part 6: Introduction to Display Drivers
http://www.codeproject.com/KB/system/driverdev6asp.aspx

It's really important to put in evicence MemoryManagement at KernelMode, the best starting point for these aspects are tutorials written by four-f;

http://www.freewebs.com/four-f/

Handling IRPs: What Every Driver Writer Needs to Know
http://download.microsoft.com/download/ ... a/IRPs.doc

Book Resources

Tutorial are a great starting point, but a solid understanding is given by a set of 'abstracts', emerges the necessity of a good Book Collection:

Windows NT Device Driver Development (OSR Classic Reprints)
http://www.amazon.com/Windows-Device-De ... 242&sr=8-2

Windows®-Internals-Including-Windows-PRO-Developer
http://www.amazon.com/Windows%C2%AE-Int ... 160&sr=8-1

The Windows 2000 device driver book: a guide for programmers
http://www.amazon.com/Windows-2000-Devi ... 0130204315

Windows NT/2000 Native API Reference
http://www.amazon.com/Windows-2000-Nati ... 201&sr=8-1

Undocumented Windows 2000 Secrets
http://undocumented.rawol.com/

Developing Drivers with WDF
http://www.microsoft.com/whdc/driver/wdf/wdfbook.mspx

Windows NT File System Internals, A Developer's Guide
http://oreilly.com/catalog/9781565922495

Web Resources

The first and most important resource about Windows Driver Development is OSROnline:

http://www.osronline.com/

I strongly suggest you to subscribe:

1. The NT Insider
2. NTDEV MailingList
3. NTFSD MailingList

NDIS Developer's Reference
http://www.ndis.com/

Information, Articles, and Free Downloads
http://www.hollistech.com/resources.htm

The Undocumented Functions
http://undocumented.ntinternals.net

Blog MSDN
http://blogs.msdn.com/iliast

Windows Vista Kernel Structures
http://www.nirsoft.net/kernel_struct/vista/

Peter Wieland's thoughts on Windows driver development
http://blogs.msdn.com/b/peterwie/

USB Driver Development
http://blogs.msdn.com/b/usbcoreblog/

Hardware and Driver Developer Blogs
http://www.microsoft.com/whdc/resources/blogs.mspx

Developer Newsgroups
• microsoft.public.development.device.drivers
• microsoft.public.win32.programmer.kernel
• microsoft.public.windbg

KernelmodeInfo Blog
CURRENT_IRQL :-)

j00ru//vx tech blog Coding, reverse engineering, OS internals Blog
http://j00ru.vexillium.org/

Nynaeve
http://www.nynaeve.net/

DumpAnalysis Blog
http://www.dumpanalysis.org/

Analyze -v Blog
http://analyze-v.com/

Instant Online Crash Dump Analysis

http://www.osronline.com/page.cfm?name=analyze

Winsock Kernel (WSK)
http://msdn.microsoft.com/en-us/library/ff571084.aspx

Transport Driver Interface (TDI)
http://msdn.microsoft.com/en-us/library/ms819740.aspx

Network Driver Interface Specification (NDIS)
http://blogs.msdn.com/b/ndis/

System Internals

http://www.microsoft.com/whdc/system/Sysinternals/default.mspx

Driver development needs too many time patience and experience to be fully understood, in my opinion the best approach remains LbD ( Learning by Doing ) so, read, study and develop as many experience you build less BSODs and "trange behavior" you will obtain :)

See you to the next post,
Giuseppe 'Evilcry' Bonfa
Evilcry
 
Posts: 131
Joined: Tue Apr 20, 2010 6:10 pm
Reputation point: 89

Re: Device Driver Development for Beginners - Reloaded

Postby NOP » Wed Oct 06, 2010 5:01 pm

Great post! Its just a shame that DDKWizard isn't compatable with VC++ 2010. :cry:
NOP
 
Posts: 36
Joined: Wed Mar 31, 2010 4:56 pm
Reputation point: 5

Re: Device Driver Development for Beginners - Reloaded

Postby __Genius__ » Sun Oct 17, 2010 4:56 pm

Plus your great post, I think this post from Iliast is a supplement for your essay .

regards.
- Individuality
__Genius__
 
Posts: 92
Joined: Sun Mar 14, 2010 8:20 am
Reputation point: 14

Re: Device Driver Development for Beginners - Reloaded

Postby Evilcry » Tue Oct 19, 2010 3:29 pm

Thanks, nice share

here another good paper "File System Filter Driver Tutorial"

http://www.codeproject.com/KB/system/fs ... orial.aspx
Evilcry
 
Posts: 131
Joined: Tue Apr 20, 2010 6:10 pm
Reputation point: 89

Re: Device Driver Development for Beginners - Reloaded

Postby frank_boldewin » Wed Oct 20, 2010 10:27 am

there will be a new book own device driver coding on windows 7 in january 2011.

http://www.amazon.de/Windows-Device-Dri ... 199&sr=1-2

The First Authoritative Guide to Writing Robust, High-Performance Windows 7 Device Drivers Windows 7 Device Driver brings together all the information experienced programmers need to build exceptionally reliable, high-performance Windows 7 drivers. Internationally renowned driver development expert Ronald D. Reeves shows how to make the most of Microsoft's powerful new tools and models; save time and money; and efficiently deliver stable, robust drivers. Drawing on his unsurpassed experience as both a driver developer and instructor, Reeves demystifies Kernel and User Mode Driver development, Windows Driver Foundation (WDF) architecture, driver debugging, and many other key topics. Throughout, he provides best practices for all facets of the driver development process, illuminating his insights with proven sample code. Learn how to *Use WDF to reduce development time, improve system stability, and enhance serviceability*Take full advantage of both the User Mode Driver Framework (UMDF) and the Kernel Mode Driver Framework (KMDF)*Implement best practices for designing, developing, and debugging both User Mode and Kernel Mode Drivers*Manage I/O requests and queues, self-managed I/O, synchronization, locks, plug-and-play, power management, device enumeration, and more*Develop UMDF drivers with COM*Secure Kernel Mode Drivers with safe defaults, parameter validation, counted UNICODE strings, and safe device naming techniques*Program and troubleshoot WMI support in Kernel Mode Drivers*Utilize advanced multiple I/O queuing techniques Whether you're creating Windows 7 drivers for laboratory equipment, communications hardware, or any other device or technology, this book will help you build production code more quickly, get to market sooner, and start earning money faster!

Windows 7 Device Driver brings together all the information experienced programmers need to build exceptionally reliable, high-performance Windows 7 drivers. Internationally renowned driver development expert Ronald D. Reeves shows how to make the most of Microsoft’s powerful new tools and models; save time and money; and efficiently deliver stable, robust drivers.



Drawing on his unsurpassed experience as both a driver developer and instructor, Reeves demystifies Kernel and User Mode Driver development, Windows Driver Foundation (WDF) architecture, driver debugging, and many other key topics. Throughout, he provides best practices for all facets of the driver development process, illuminating his insights with proven sample code.



Learn how to

*
Use WDF to reduce development time, improve system stability, and enhance serviceability
*
Take full advantage of both the User Mode Driver Framework (UMDF) and the Kernel Mode Driver Framework (KMDF)
*
Implement best practices for designing, developing, and debugging both User Mode and Kernel Mode Drivers
*
Manage I/O requests and queues, self-managed I/O, synchronization, locks, plug-and-play, power management, device enumeration, and more
*
Develop UMDF drivers with COM
*
Secure Kernel Mode Drivers with safe defaults, parameter validation, counted UNICODE strings, and safe device naming techniques
*
Program and troubleshoot WMI support in Kernel Mode Drivers
*
Utilize advanced multiple I/O queuing techniques
User avatar
frank_boldewin
 
Posts: 109
Joined: Thu Apr 22, 2010 8:59 am
Location: germany
Reputation point: 89

Re: Device Driver Development for Beginners - Reloaded

Postby marcbuchanan » Wed Oct 27, 2010 10:30 pm

Only if someone is interested in: I use WDDK and UltraEdit. The editor is much better and faster than Visual Studio. The editor shows also all functions of a driver in a sidewindow
marcbuchanan
 
Posts: 2
Joined: Wed Oct 27, 2010 9:59 pm
Reputation point: 0

Re: Device Driver Development for Beginners - Reloaded

Postby driverobject » Mon Nov 15, 2010 11:04 am

Seems to me that VisualDDK does the whole job with prereqs in place. Is there a reason to install the DDKWizard? Or is it choose between the two?

Thanks..
-------------
DriverObject
driverobject
 
Posts: 23
Joined: Sat Oct 23, 2010 11:40 pm
Location: Earth
Reputation point: 0

Re: Device Driver Development for Beginners - Reloaded

Postby gglittle » Tue Nov 23, 2010 7:34 pm

DDKWIZARD is simply an easy way to build a WDK project within Visual Studio. If you know how to build a Makefile project within VS you really do not need it. I've been building my own, using Mark Roddy's, the original author, DDKBUILD for over a decade.

As to the original post ... mostly quite good. However, virtual environments and same machine debugging do not work when you are developing a driver for a hard device. When doing that kind of development you need two machines with a 1394 connection between the host and target. I monitor NtDev daily, almost hourly, and cannot tell you the number of times some new poster pops in and asks why their driver is failing, too many times that is all we get, and as soon as we ask for "!analyze -v", we then have to explain what WinDbg is, how to fix their symbols, etc. Kernel mode work really does require knowledge of and experience with WinDbg. Perhaps that got lost in the cracks of my trifocals, but I did not see it.
gglittle
 
Posts: 12
Joined: Tue Nov 23, 2010 7:15 pm
Reputation point: 0

Re: Device Driver Development for Beginners - Reloaded

Postby EP_X0FF » Thu Dec 02, 2010 4:25 am

@InsaneKaos

if you like post, please use Give Reputation button.
Ring0 - the source of inspiration
User avatar
EP_X0FF
Global Moderator
 
Posts: 3896
Joined: Sun Mar 07, 2010 5:35 am
Location: Russian Federation
Reputation point: 475

Re: Device Driver Development for Beginners - Reloaded

Postby Evilcry » Fri Apr 08, 2011 9:53 am

Hi,

Released a little tutorial on Windows Drivers Debugging for novices

http://quequero.org/Windows_Drivers_Debugging

Regards
Evilcry
 
Posts: 131
Joined: Tue Apr 20, 2010 6:10 pm
Reputation point: 89

Next

Return to Kernel-Mode Development

Who is online

Users browsing this forum: No registered users and 2 guests