Device Driver Development for Beginners Reloaded

Hi,

This is just a little starter for people interested in starting Kernel-Mode Development

By following an good thread on UIC forum, opened by a beginner that wanted to know how to start with Device Driver Development, I remembered that long time ago published a similar blog post on that subject.

Now I'm going to Reload and Expand it.

Development Tools

1. WDK/DDK - this is the proper Driver Development SDK given by Microsoft, latest edition can be dowloadedhttp://www.microsoft.com/whdc/DevTools/WDK/WDKpkg.mspx
2. Visual Studio 2008/2010 - you can also develop without VS, but I always prefer all the Comforts given by a such advanced IDE, especially in presence of complex device drivers.
3. DDKWizard - DDKWizard is a so-called project creation wizard (for VisualStudio) that allows you to create projects that use the DDKBUILD scripts from OSR (also available in the download section from this site). The wizard will give you several options to configure your project prior to the creation. You can download ithttp://ddkwizard.assarbad.net/
4. VisualAssist - (Optional Tool) Visual Assist X provides productivity enhancements that help you read, write, navigate and refactor code with blazing speed in all Microsoft IDEs. You can Try/Buy it http://wholetomato.com/
5. VisualDDK - Develop and Debug drivers directly from VS, enjoy debugging your driver directly from Visual Studio, speeding up debugging ~18x for VMWare and ~48x for VirtualBox. Download and Step by Step Quick Start Guide http://visualddk.sysprogs.org/quickstart/
6. Virtual Machine - You need a Virtual Machine to perform efficient Driver Debugging, best options are VMWare or VirtualBox.

Building a Driver Development Environment

As you can see, a good comfortable Driver Development station is composed by a good amount of components, so we need an installation order.

1. Install your IDE - VisualStudio2008 or VisualStudio2010
2. Install WDK package
3. Install DDKWizard
4. Download and place ( usually into C:\WinDDK ) ddkbuild.cmd
5. By following DDKWizard pdf you will be driven to add an new Envirnment Variable directly releated to the OS version in which you are developing and successively add a reference of ddkbuild.cmd into VS IDE. DDWizard Manual is very well written.
6. After finishing DDKWizard integration you can test if your environment is correctly installed, by compilig your first driver. Steps are easy open VS and select DDKWizard templare (not EmptyDriver), you will see the skeleton of a Driver, all what you have to do is to Build Solution and Verify if No Compiling Errors occur, your station is correctly installed.
7. Install VirtualMachine
8. Integrate Debugging help of VisualDDK by following step by step quick start guide
9. Install Visual Assist (this can be done in every moment after VS Installation)

Additional Tools

* DeviceTree - This utility has two views: (a) one view that will show you the entire PnP enumeration tree of device objects, including relationships among objects and all the device's reported PnP characteristics, and (b) a second view that shows you the device objects created, sorted by driver name. There is nothing like this utility available anywhere else. Download it http://www.osronline.com/article.cfm?article=97
* IrpTracker - IrpTracker allows you to monitor all I/O request packets (IRPs) on a system without the use of any filter drivers and with no references to any device objects, leaving the PnP system entirely undisturbed. In addition to being able to see the path the IRP takes down the driver stack and its ultimate completion status, a detailed view is available that allows you to see the entire contents of static portion of the IRP and an interpreted view of the current and previous stack locations. Download it http://www.osronline.com/article.cfm?article=199
* DebugMon - Displays DbgPrint messages generated by any driver in the system (or the OS itself) in the application window. Can be used either in local mode or can send the DbgPrint messages to another system via TCP/IP. Download it http://www.osronline.com/article.cfm?article=99
* DriverLoader - This GUI-based tool will make all the appropriate registry entries for your driver, and even allow you to start your driver without rebooting. It's even got a help file, for goodness sakes! If you write drivers, this is another one of those utilities that's a must have for your tool chest. x86 architecture. Dowload ithttp://www.osronline.com/article.cfm?article=157

Now you have a full working Develop and Debug Station.

As you should imagine, dealing with driver development implies working with at Kernel Mode, a task pretty challenging, delicate and complex. A badly written driver lead to OS Crash and/or dangerous bugs, just think about a driver used in mission-critical applications like Surgery, a bug or a crash could lead to extremely big dangers. The driver need to be:

* Bug Free
* Fault Tolerant
* Ready to Endure all Stress Situations

This could be done, only by the driver coder, with a large knowledge of following fields:

* Hardware Architecture
* Operating System Architecture
* Kernel and User Mode Architecture
* Rock Solid C language knowledge
* Debugging Ability

Here i'm going to enumerate necessary Documentation/Book/Etc. necessary to acheive a *good and solid* background and advanced knowledge about driver coding.

Microsoft WDK Page: http://www.microsoft.com/whdc/devtools/WDK/default.mspx

Will give you informations about:

1. WDM ( Windows Driver Model)
2. WDF (Windows Driver Foundation)
3. IFS Kit (Installable FileSystem Kit)
4. Driver Debugging
5. Driver Stress Testing ( DriverVerifier tool )

PC Fundamentals: http://www.microsoft.com/whdc/system/default.mspx

Device Fundamentals: http://www.microsoft.com/whdc/device/default.mspx

This will give you an large view of 'what mean developing a driver' which components are touched and which aspects you need to know.

It's also obviously necessary to have a Reference about kernel mode involved Functions and Mechanisms, the first best resource is always MSDN, here the starter link to follow MSDN->DDK

http://msdn.microsoft.com/en-us/library ... 85%29.aspx

How to start Learning

As pointed out in the previous blog post, one of the best starting point, that will give you an on-fly-view of development topics is the Toby Opferman set of articles:

Driver Development Part 1: Introduction to Drivers
http://www.codeproject.com/KB/system/driverdev.aspx
Driver Development Part 2: Introduction to Implementing IOCTLs
http://www.codeproject.com/KB/system/driverdev2.aspx
Driver Development Part 3: Introduction to driver contexts
http://www.codeproject.com/KB/system/driverdev3.aspx 
Driver Development Part 4: Introduction to device stacks
http://www.codeproject.com/KB/system/driverdev4asp.aspx 
Driver Development Part 5: Introduction to the Transport Device Interface
http://www.codeproject.com/KB/system/driverdev5asp.aspx 
Driver Development Part 6: Introduction to Display Drivers
http://www.codeproject.com/KB/system/driverdev6asp.aspx 

It's really important to put in evicence MemoryManagement at KernelMode, the best starting point for these aspects are tutorials written by four-f; 

http://www.freewebs.com/four-f/ 

Handling IRPs: What Every Driver Writer Needs to Know
http://download.microsoft.com/download/ ... a/IRPs.doc

Book Resources

Tutorial are a great starting point, but a solid understanding is given by a set of 'abstracts', emerges the necessity of a good Book Collection:

Windows NT Device Driver Development (OSR Classic Reprints)
http://www.amazon.com/Windows-Device-De ... 242&sr=8-2

Windows®-Internals-Including-Windows-PRO-Developer
http://www.amazon.com/Windows%C2%AE-Int ... 160&sr=8-1

The Windows 2000 device driver book: a guide for programmers
http://www.amazon.com/Windows-2000-Devi ... 0130204315

Windows NT/2000 Native API Reference
http://www.amazon.com/Windows-2000-Nati ... 201&sr=8-1

Undocumented Windows 2000 Secrets
http://undocumented.rawol.com/

Developing Drivers with WDF
http://www.microsoft.com/whdc/driver/wdf/wdfbook.mspx

Windows NT File System Internals, A Developer's Guide
http://oreilly.com/catalog/9781565922495

Web Resources

The first and most important resource about Windows Driver Development is OSROnline:

http://www.osronline.com/

I strongly suggest you to subscribe:

1. The NT Insider
2. NTDEV MailingList
3. NTFSD MailingList

NDIS Developer's Reference
http://www.ndis.com/

Information, Articles, and Free Downloads
http://www.hollistech.com/resources.htm

The Undocumented Functions
http://undocumented.ntinternals.net

Blog MSDN
http://blogs.msdn.com/iliast

Windows Vista Kernel Structures
http://www.nirsoft.net/kernel_struct/vista/

Peter Wieland's thoughts on Windows driver development
http://blogs.msdn.com/b/peterwie/

USB Driver Development
http://blogs.msdn.com/b/usbcoreblog/

Hardware and Driver Developer Blogs
http://www.microsoft.com/whdc/resources/blogs.mspx

Developer Newsgroups
• microsoft.public.development.device.drivers
• microsoft.public.win32.programmer.kernel
• microsoft.public.windbg

KernelmodeInfo Blog
CURRENT_IRQL 

j00ru//vx tech blog Coding, reverse engineering, OS internals Blog
http://j00ru.vexillium.org/

Nynaeve
http://www.nynaeve.net/

DumpAnalysis Blog
http://www.dumpanalysis.org/

Analyze -v Blog
http://analyze-v.com/

Instant Online Crash Dump Analysis
http://www.osronline.com/page.cfm?name=analyze

Winsock Kernel (WSK)
http://msdn.microsoft.com/en-us/library/ff571084.aspx

Transport Driver Interface (TDI)
http://msdn.microsoft.com/en-us/library/ms819740.aspx

Network Driver Interface Specification (NDIS)
http://blogs.msdn.com/b/ndis/

System Internals
http://www.microsoft.com/whdc/system/Sysinternals/default.mspx

Driver development needs too many time patience and experience to be fully understood, in my opinion the best approach remains LbD ( Learning by Doing ) so, read, study and develop as many experience you build less BSODs and "trange behavior" you will obtain 

See you to the next post,
Giuseppe 'Evilcry' Bonfa