OSR Dev Blog: Drivers, Storage, and Analysis
 We're involved in many areas of OS internals here at OSR. ?We deal with drivers for unusual hardware, we extend OS policy in interesting ways for better system performance and reliability, we analyze difficult problems and sometimes even craft solutions for them. ?We also work with our friends at Microsoft to help shape and understand the device, driver, and file system developer experience.
As part of just about everything we do, we try to keep the community involved. ?Learning something for its own sake, or for our own use, is good. ?But learning something that you share with others? ?We think that's great.
We publish a lot of what we learn in our journal The NT Insider. ?But some things are shorter, are ideas that are still in the process of being developed, or maybe they're things that we don't want to wait until the next scheduled publication. ?In these cases, we post what we've learned and what we've been thinking about here.
The OSR Online site is maintained for historical/archive purposes only.
The OSR Developer's Blog has moved to OSR.COM at https://www.osr.com/developers-blog/
Please go there for all new Developer Blog content.
IMPORTANT NOTE: OSR Dev Blog posts are now being created and posted at http://www.osr.com/developers-blog/. Please check that location for future posts.
We are listing posts from that site here, as a convenience.
PSA: FsRtlIsNameInExpression Can Raise an Exception
Well, THIS one was a surprise…After triggering a memory leak in a driver, the system Read more
NTFS Status Debugging
As a file system filter developer, one of the great pains in life is when Read more
Check out the new Virtual Hardware Lab Kit (VHLK)
A big complaint I’ve always had about the HLKs is the overhead of getting a Read more
It’s 1809… A New WDK Awaits You… Don’t Be Afraid!
Well, OK… It’s not really 1809 anymore. It’s actually 1810 when I’m writing this. But Read more
Ready for the Community Move?
We’re ready… well, at least we think we’re ready. Are YOU? New web site: community.osr.com Read more
Content below is for archive purposes only
Windows 8.1 Update: VS Express Now Supported
PeterGV (Read 26506 times)
With the release of WDK 8.1 Update, the WDK now supports Visual Studio Express. Say "YAY" for the return of free tools for driver developers. 
HCK Client install on Windows N versions
Scott Noone (Read 19387 times)
It took a day of trial and error before I finally figured out why I was getting a 1603 error when installing the HCK Client.
There's a WDFSTRING?
Peter Viscarola (Read 19362 times)
Surprise! WDF has a WDFSTRING Object. And it's actually useful!
When CAN You Call WdfIoQueuePurgeSynchronously
Peter Viscarola and Scott Noone (Read 18960 times)
We’re constantly learning the subtle details of how KMDF works. We came across an interesting detail today that caused us to scratch our heads to the point we had to ask our friends on the WDF development team what was going on. Maybe this will help you as some point, too.
UMDF V2 -- It's KMDF Compatible!
Peter Viscarola (Read 13622 times)
If you thought that big changes in the Windows driver arena were complete with the release of the Windows 8 WDK (which for the first time includes integration with Visual Studio)… you're WRONG. The latest news, announced at the //Build conference, is UMDF V2. Check it out...
WdfSend: Are There REALLY Three Useful Variants?
Peter Viscarola (Read 20252 times)
When you learn about WdfSend, you typically learn that there are three different ways that you can send a Request to an I/O Target. It makes a nice story to describe these three options as equally viable for a driver writer. Unfortunately, in the majority of cases the only practical option is to send a Request asynchronously and specify a Completion Routine Event Processing Callback. This quick article describes why this is the case.
Turning a Breakpoint into a Busypoint
Scott Noone (Read 13019 times)
Breakpoints are great, but at some point you have to resume from them. What if you want to freeze a thread in place while allowing other threads to continue executing?
Investigating a NULL Pointer Dereference
Scott Noone (Read 17996 times)
A former student provided a crash dump for some analysis, here's what I found...
Understanding WDFMEMORY Objects
Peter Viscarola (Read 8735 times)
Confused about WDFMEMORY Objects? ?Wonder why they exist at all? ?Here, we try to help.
Using WinDbg to hunt for strings
Scott Noone (Read 18827 times)
Ever wanted to search a live system or crash dump for strings? In this post we'll show you how!
Spice up your debugger output with DML!
Scott Noone (Read 11016 times)
The Debugger Markup Language makes navigating the command window a breeze. Did you know that you can add links to the debugging output not only from your debugger extensions but also from your drivers? In this Developer Blog entry we'll show you how...
Test Signing Made Simple
Peter Viscarola (Read 9628 times)
The Win8 WDK makes test signing easy. ?No, really. ?It does. ?Read and see...
Can You NEVER Break the Rules?
Peter Viscarola (Read 7458 times)
Sometimes it's necessary as a developer to break the rules. ?Even?good?developers do it. ?Sometimes, to do something cool, you just?have?to do it. ?But where do you draw the line? ?Let's explore that question a bit.
Understanding EvtIoStop
Peter Viscarola (Read 8446 times)
SDV has a new rule and there's bugcheck 9F to deal with. ?It's about time we thought more about EvtIoStop
Getting DbgPrint Output To Appear In Vista and Later
OSR Staff (Read 183531 times)
You build the checked version of your driver and run it on any OS since Vista for the first time. And, what happens? You don't see any of your driver's DbgPrint messages displayed in WinDbg! What happened? Let me tell you (updated for Win7 and Win8)...
USB 2.0 Debugging
OSR Staff (Read 61996 times)
Did you know that debugging over USB 2.0 actually works? Well, it does. Sort of.
Where's The Checked Build?
Hector J. Rodriguez (Read 108993 times)
Lookin' to download Checked Builds for Windows 2000, Windows XP, or Windows Server 2003, or any of their service packs? Here are the pointers you need.
Server 2008 WDK Arrives
Hector J. Rodriguez (Read 26503 times)
The latest WDK has arrived. Here's what you need to know about it.
x64 Driver Signing as of Vista RC1 (and later)
Hector J. Rodriguez (Read 31356 times)
The latest on x64 driver signing for Windows Vista. The tools, how/if they work, what's changed in RC1 (and later).
Now Available for Download: Latest WDK Docs
OSR Staff (Read 22878 times)
The most recent, fully updated, WDK docs are now downloadable.
MmGetSystemRoutineAddress IS BROKEN!?
OSR Staff (Read 29525 times)
Yikes! Can it be that the widely publicized and used function MmGetSystemRoutineAddress can blue screen on XP SP2?? Well...
LH Server Beta 3 WDK Available
Hector J. Rodriguez (Read 9906 times)
I just noticed: The latest Longhorn Server WDK is available.
DTM and WDK split
Hector J. Rodriguez (Read 17636 times)
Think it's ridiculous that you need to download 2.5GB worth of WTT-laden stuff just to be able to build drivers? Apparently, you're not alone. Introducing the WLK.
Debugging WDK Build Environments
Hector J. Rodriguez (Read 23240 times)
Gotten frustrated yet that the WDK version of BUILD now hides the parameters it passes to the C compiler? DDK MVP Don Burn has the solution...
No More x86 Only Submissions to WHQL
Hector J. Rodriguez (Read 27418 times)
Does your company submit a 32-bit driver to WHQL and presently ignore x64 "cuz there's no market"? With Vista, that's gonna stop...
Disabling User Account Control on Vista
Hector J. Rodriguez (Read 29893 times)
Do you hate those pop-ups on Windows Vista that say "Windows needs your permission to continue" for every single thing you do? Would you like to make them go away? We've got the solution to your woe...
The WDK Build Environment -- Not Getting Better
Hector J. Rodriguez (Read 14839 times)
Have you tried to build a driver with the new Vista DDK, which is now called the Windows Driver Kit (WDK)? If you have, I bet you're as annoyed as I am.
No Win2K Support for KMDF?
Hector J. Rodriguez (Read 17306 times)
Yikes!! Is Microsoft really going to drop Win2K support from the pending release of the WDF Kernel Mode Driver Framework??
Only Signed Drivers To Run on Vista X64
Hector J. Rodriguez (Read 43787 times)
Oh, you're gonna love this. Non-signed drivers won't be loadable on x64 machines running Vista.
Living With 64-Bit Windows
Hector J. Rodriguez (Read 52425 times)
One of the guys here at OSR took the bait and switched his development system over to 64-bit Windows (using the free Server 2003 Standard x64 Edition disk he got at the DDC). I figured I'd chronicle his travails for the benefit of anybody else who'd like to follow in his footsteps.
Go to DevCon? Don't Throw Out That CD!
Hector J. Rodriguez (Read 17962 times)
If you were at the DDC, you got a surprisingly nice prize in your conference materials...
Relative opens and IoCreateFileSpecifyDeviceObjectHint
Hector J. Rodriguez (Read 17001 times)
Sometimes, even I have to be reminded about the bugs, er, rules.
Watch that return from IoSetCompletionRoutineEx
Hector J. Rodriguez (Read 15856 times)
There are two things to be careful of, here: Don't forget about the NTSTATUS value, and pass that IRP to another driver.
Why Is The IRQL Always 0xFF When I Do !PCR?
Hector J. Rodriguez (Read 27878 times)
When you're in the debugger, and you type !PCR, the IRQL that's shown is always 0xFF. Can you logically conclude from this that the system had interrupts disabled when it crashed? Microsoft's Jake Oshins gives us the story.
No Deadlock Verification on x64 UP Systems
Hector J. Rodriguez (Read 18252 times)
Deadlock verification is a feature of Driver Verifier that monitors the order in which your driver acquires various locks. It's a great feature. Just don't expect it to work on single processor x64 (i.e. Windows-64) systems.
Don't __try to Catch The DbgBreakPoint(...) Exception
Hector J. Rodriguez (Read 19161 times)
I've used it myself. Now, it seems, it hasn't worked the way I thought it worked for years. Community members Ralph Shnelvar and Jamey Kirby discovered a cool bug related to trying to catch the exception raised by DbgBreakPoint()
Need help with WPP tracing?
Hector J. Rodriguez (Read 21433 times)
WPP got you down? It seems like everyone wants to using WPP tracing, but not everyone is able to get it working. Here's a three pack of tips from the battlefront that might save you some time...
I Hooked Up The Debugger Using 1394, and NOW...
Hector J. Rodriguez (Read 28696 times)
If you've hooked up the debugger via 1394, you reboot, and your target system is running vvvveeeeeerrrryyyy sllooooowwww or you keep losing your debugger connection, here's why.
WHICH DDK Do I Use??
Hector J. Rodriguez (Read 30429 times)
"Hector... Which DDK and build environment do I use for drivers that are for Windows XP 64-Bit Edition for the X64?" I knew it had to be confusing, because this was a member of the OSR staff asking me this question. OK, let me explain it again...
Ever have to update a system but don't have a Floppy Drive
Hector J. Rodriquez (Read 11300 times)
You want to update the BIOS on a machine. The BIOS update process requires a bootable DOS floppy (will these folks ever enter the 21st century??). But there's a problem: The system you want to update doesn't have a floppy disk drive. What's a mutha to do?
Device Manager Error Codes
Hector J. Rodriquez (Read 26921 times)
Have you ever wondered what the Device Manager Error Codes mean? A recent KB article explains each Error Code and provides solutions.
Pool and Memory Events
Hector J. Rodriguez (Read 19818 times)
In your driver, it's pretty easy to know if there's a serious shortage of paged or non-paged pool: Your allocation attempt fails. But how do you know when there's plenty of pool space and your driver should feel free to grab a big chunk? I'll tell you...
PCI Express, PCI-X and other mysteries
Hector J. Rodriguez (Read 87758 times)
"PCI-X," Dan asked, "is that just a short way of writing PCI Express?" I was embarrased to admit it, but I had no idea. I'd just been too busy, and -- to be perfectly honest -- the esoterica of bus designs don't exactly float my boat. If you're similarly clueless, and you wanna impress your more hardware-oriented friends with the depth of your knowledge, I'll tell you most of what you need to know.
ExAllocatePoolWithQuota Raises Exceptions
Hector J. Rodriguez (Read 19353 times)
Quick answer this question: Is there any variant of ExAllocatePool that'll raise an exception by default if it fails. If you said "no!", like I did, you could be in for a surprise.
Inlining into SEH Filters Can Result in Invalid Code on AMD64
Hector J. Rodriquez (Read 20694 times)
It started out as a typical day for me at the office. I came in, I got my double dose of French Roast coffee and settled down for a long day of, well...doing whatever is I get paid to do here. Along the way I came across some documentation on Structured Exception Handling and found this interesting tidbit of information....
How to Determine if System Running in Safe Mode
Hector J. Rodriquez (Read 15043 times)
Ever wonder how one programmatically determines if a system is running in Safe Mode?This question has reared its head in the newsgroups a couple of times, so between daily internal debates on U.S. foreign policy and seeding/downloading music with BitTorrent, someone here found time to find out.
Duplicate Disk Writes
Hector J. Rodriguez (Read 24125 times)
Ever watch really carefully when a file's being written? Ever notice that some chunks of the file get written twice? Yeah, we noticed too. About 7 or 8 years ago. The good news is that the Windows team has changed this behavior, and there's even a hot fix for it!
New Verifier Pool Checks In LH
Hector J. Rodriguez (Read 23353 times)
Verifier just gets more and more powerful as time goes by. If you get a BAD_POOL_CALLER bugcheck when running on LH, with a violation type of 0x9D, here's what it means
Disabling Shutdown Query for Server 2003
Hector J. Rodriguez (Read 11028 times)
Windows Server 2003 Systems (and Windows XP for 64-bit) always prompts the user to ask the reason for shutting down. For those of us developing using Windows Server 2003 this can be one more inconvenience when caught in the seemingly endless test/reboot sequences. This article discusses how to disable this feature.
Querying the name of a file
Hector J. Rodriguez (Read 10343 times)
Correct use of ObQueryNameString in a driver.
Permanent Pool Overrun Checking Starting With XP SP2
Hector J. Rodriguez (Read 26837 times)
We don't normally discuss features in unreleased products or service packs, but this issue is important enough to driver devs that we thought you'd appreciate some advance warning. Read on to discover the new pool overrun checking feature that's will be enabled in Windows, starting with XP SP2!
No Pool Tagging for Special Pool
Hector J. Rodriguez (Read 20288 times)
Can it be? During some testing here at OSR it sure seemed to us that when a driver is run under Driver Verifier, allocations that came from Special Pool were not tracked by pool tag. Well, it is true. Read on...
NTFS Does Not Support Query Operations on Stream File Objects
OSR Staff (Read 16993 times)
In a recent discussion on NTFSD, Molly Brown (Microsoft) indicated that the NTFS file system does not support a query file information operation on internally created NTFS stream files.
Who Owns Which Pool Tag
Hector J. Rodriguez (Read 38664 times)
A question came up in NTDEV asking something along the lines of, "the PoolTag utility shows that pool allocations for tag ‘WXYZ’ are out of control…Anyone know who owns it?"
Simplifying Time Interval Specification
Hector J. Rodriguez (Read 21221 times)
Quick! How many 100 nanosecond intervals in 5 minutes! NTDEV member Rob Green provides a set of macros that'll keep you from ever having to figure this out.
Files Opened as a result of a Remote Request
Hector J. Rodriguez (Read 22224 times)
This article talks about the FO_REMOTE_ORIGIN flag in the File Object and how it gets set and tested.
No More Embedded Assembler or x87 FP
Hector J. Rodriguez (Read 21602 times)
It's time to enter the new millenium, friends. Get rid of all that old, crusty, mostly useless assembler language that got stuffed into your drivers and forgotten years ago. The newest compiler in the DDK doesn't support _asm...
New Spinlock Functions
Hector J. Rodriguez (Read 12718 times)
In case you guys don’t get as excited about a new DDK as I do, I took the pleasure of DIFFing the Server 2003 DDK’s WDM.H with the one from the XP SP1 DDK...
Oh that Hurts, How to use IoForwardIrpSynchronously
OSR Staff (Read 15414 times)
Have you ever seen a function in the DDK and used it without reading the documentation and thinking about what it means? That's what happened when I used IoForwardIrpSynchronously.
IoValidateDeviceIoControlAccess() in XP SP1/.NET
Hector J. Rodriguez (Read 12845 times)
Suppose you want to implement more security in your driver, specifically on your IOCTLs...
Don't Forget to Use FILE_DEVICE_SECURE_OPEN
Hector J. Rodriguez (Read 15591 times)
Recent security reviews in the Windows file systems team have pointed out that the FILE_DEVICE_SECURE_OPEN characteristic needs to be set for file system device objects that do not support naming...
Disabling Hard Error Pop-ups
Hector J. Rodriguez (Read 11744 times)
A number of times recently we’ve seen discussions about how to disable hard error popups in a kernel driver...
Undesired Debugger Behavior
Hector J. Rodriguez (Read 12470 times)
Since this might not be the behavior desired by someone debugging their own driver...
Definition of “CPU” Environment Variable Changed
Hector J. Rodriguez (Read 20630 times)
The definition of the build environment variable CPU has changed since release of the Windows XP® DDK...
Definition of DDKBUILDENV Changed in Windows XP®
Hector J. Rodriguez (Read 20313 times)
The definition of the build environment variable DDKBUILDENV has historically been used to define whether a driver is being built free (retail) or checked (debug)...
Beware of KeAcquireSpinLockRaiseToSynch(...)!
Hector J. Rodriguez (Read 14190 times)
Starting with Windows 2000®, the NTDDK.H included the definition of a function named KeAcquireSpinLockRaiseToSynch(…). This function was never documented in the DDK documentation, and (quite frankly) was probably exposed unintentionally...
Identifying Unusual IOCTL Device Types
Hector J. Rodriguez (Read 15104 times)
You may have seen some strange IOCTLs pass through your driver, and tried to figure out where they're from...
Must Use New DDK Compiler
Hector J. Rodriguez (Read 28551 times)
When building drivers with the XP DDK, you must use (at least) the version of the compiler supplied with the DDK...
Building Within Visual Studio (IDE)
Hector J. Rodriguez (Read 29153 times)
There's nothing wrong with building drivers from within Visual Studio. But if you do this, do it right or don't do it at all...
WDM.H or NTDDK.H?
Hector J. Rodriguez (Read 32169 times)
People are confused about which header file to use. I'm not surprised, because I used to be confused about this too...
Must Succeed Pool...DEAD!
Hector J. Rodriguez (Read 18762 times)
When allocating pool, do not specify pool type NonPagedPoolMustSucceed...
Change to Allow Page Mapping in XP
Hector J. Rodriguez (Read 14911 times)
There's a change in the memory manager -- including functions such as ZwMapViewOfSection and MmMapLockedPages, in Windows XP...
Changes to SOURCES in XP DDK
Hector J. Rodriguez (Read 13493 times)
It seems a couple (not too frequently used) parameters have changed in the SOURCES file, as of the Windows XP DDK...
Fast I/O for WDM Drivers NOT Called When Verifier's Enabled
Hector J. Rodriguez (Read 12922 times)
One thing that's never really been documented, but that you have always been able to do, is use Fast I/O for Device I/O Control to process these requests...
XP DDK Resets PATH Environment Variable
Hector J. Rodriguez (Read 25777 times)
No, you're not crazy! The DDK's setenv.bat file now REPLACES the PATH environment variable to point to the DDK's executables, instead of pre-pending the DDK executable path as it has done in the past...
Microsoft Symbol Server LIVE on the Internet
Hector J. Rodriguez (Read 23290 times)
Microsoft's symbol server up live on the Internet. This means that, if you have a reasonably decent Internet connection from your debugger system, you won't have to download and setup the o/s symbols...
Warning: Beware winioctl.h from Visual C/C++ Version 6.0
Hector J. Rodriguez (Read 25184 times)
The Visual C/C++ Version 6.0 (part of Visual Studio) includes a header file for winioctl.h that includes incorrect definitions...
DefineDosDevice Functionality Changes in Windows XP®
Hector J. Rodriguez (Read 16380 times)
A number of developers are discovering a change to the naming scheme in Windows XP®...
MmMapLockedPages(SpecifyCache) with AccessMode == UserMode
Hector J. Rodriguez (Read 17676 times)
It seems that there's been some info missing from the DDK documentation for quite a while...
Enabling Debugging on the Local Machine for Windows XP®
Hector J. Rodriguez (Read 33322 times)
If you want to allow debugging on the local machine with WinDBG and Windows XP® (or later) you must add the "/debug" flag in your boot.ini file...
Windows XP® IFS Kit Errata
Hector J. Rodriguez (Read 15302 times)
It's confirmed. Microsoft inadvertently left out IOCTL_REDIR_QUERY_PATH
from the Windows XP IFS Kit...
Don't Define NT_UP
Hector J. Rodriguez (Read 22908 times)
Defining NT_UP in your driver build environment can lead to trouble...
WINVER Incorrectly Defined in XP/.NET Beta DDK's Win2K Build Environment
Hector J. Rodriguez (Read 32471 times)
Checking the definition of "WINVER" at compile time is one method that driver writers use to conditionally compile their code depending on the target platform...
|
|
