Driver Samples, Techniques, Papers

Drivers:

1.      APC kernel. This shows APC techniques. Also shows use of PsLookupProcessByProcessId, KeAttachProcess and KeDetachProcess.

2.      Driver loading a driver. A driver that loads another driver.

3.      Install a legacy driver. A program to install legacy-type drivers.

4.      Boot-time driver. A boot-time driver. Shows how it supplies a device object as anchor and how it “exports” a many-readers-or-single-writer function via that anchor.

5.      WDM filter driver. A full-fledged WDM filter driver, suitable for harddisk, CD/ DVD and floppy I/O stacks. This shows off things like I/O completion and WMI function.

6.      A kernel DLL. The how-to about kernel DLLs.

7.      Real-mode driver. A driver that goes into 16-bit real, segmented mode and — the harder part — back to 32-bit virtual, flat mode. Shows off building hardware-related structures and the use of rather specialized techniques.

8.      Section objects. Driver to use section objects. Shows how to use ZwCreateSection, ZwMapViewOfSection, etc., and also how to invoke the many-readers-or-single-writer function provided by the boot-time driver.

9.      A TDI client. A TDI client. Shows how a kernel routine can use TCP/IP services, via TDI (Transport Driver Interface).

10.  Packet alteration/encapsulation (now at NDIS.com). Driver excerpts showing how to change packets so as to encapsulate them, rather like VPN. Note: This is not an entire application but rather a set of techniques that have been used in a full-fledged NDIS IM driver based on the DDK passthru sample.

11.  List of drivers. Driver that gets a list of loaded drivers/kernel modules.

Techniques.

1.      MWSWLock. Spin locking to provide single-updater-or-many-reader serialization.

2.      Responsibility passing. Technique for resolving a race condition between 2 or more routines (or instances of routines) so that only the last to try has to discharge a certain duty. Basically, “last one out turns off the lights.”

3.      TCP checksum. Calculation of the TCP checksum.

Papers:

1.      Extending PassThru. Blocking network packets. Control techniques include WMI.  

2.      The essentials of building drivers. The in’s and out’s of building drivers for Windows from Win2K to Win2003.

3.      Comparison of WinNT and OS/390. Comparison of WinNT and OS/390 ( IBM mainframe OS).

4.      Automatic Recovery Services. Description of Automatic Recovery Services ( ARM ) on OS/390-z/OS.

5.      Cross-memory services. Definitive description of cross-memory hardware and services on OS/390-z/OS.

About the author

James Antognini is a software engineer in White Plains, New York. You can reach him at antognini@mindspring.com.