In this blog series, I will discuss the fundamentals of developing device drivers for the Microsoft Windows operating system. I will cover essential concepts such as the history and architecture of the Windows driver model, the structure and initialization of driver development, and the WDF (Windows Driver Framework) and WDM (Windows Driver Model) frameworks. I will also provide an overview of key topics such as memory management, I/O operations, and synchronization in Windows drivers. This series will provide a solid foundation for those interested in writing device drivers for the Windows operating system. I have categorized the topics I plan to cover in the following sections/parts:
Part 1: Windows Driver Overview
We need to know essential Windows operating system concepts to understand its internal workings. The topics covered are fundamental to Windows OS Design and its core architecture. We develop drivers based on it, and these concepts apply to WDM and WDF-based drivers. I will cover the WDF-based topics in-depth in the later parts.
Topics covered under Part 1:
Introduction: Windows Driver and its History.
What is a Device Driver? How is the Device Driver implemented in Windows OS, and the high-level view of the Windows Driver Architecture?
History gives a good perspective of how we reached here. It primarily holds in the case of the Windows operating system. During the old days of DOS, the kernel was free land, and developers wrote their hardware drivers in real-mode assembly code. Our drivers now conform to Windows driver architecture and have come a long way to the highly structured, object-oriented, event-driven WDF driver model.
Windows Driver Architecture
We take a high-level view of the Windows Architecture from the driver's perspective and cover essential concepts.
Device Object and Driver Stack
- Device And Driver Layering: Device Objects and Device Stack.
- Kinds of Devices: PnP Devices and Legacy Devices.
- Recursive Enumeration and Device Tree: How the system finds and loads the kernel driver:
Windows I/O Model
Windows adopted a standard communication mechanism between different components of Windows Driver Architecture. Windows OS kernel handles data as request packets or I/O request packets. These IRPs are not just for data transfer but do much more.
WDM and WDF Framework
This topic will cover an overview of the WDM and WDF frameworks. It is better to understand these frameworks before we build drivers.
Part 2: Driver Structure and Initialization: Building and Installation.
We review the latest build environment and necessary tools based on the WDK(Windows Driver Kit) 11 and Visual Studio 2019. We check on the essentials needed to run our kernel driver and write a simple "HelloWorld" driver that can be loaded and unloaded on our Windows Machine. With the fundamentals covered, we will make this driver handle specific tasks as an operating system extension.
We discuss the following to help us build a reliable driver:
- Driver Entry Points and Callbacks
- Function Return Values
- Termination and Exception Handling
- C++ Usage
- Tracing and Diagnose
- Windows Kernel Debugging
- Driver Signing
- Driver Verifier
- Kernel Libraries
Part 3: WDF Fundamentals
The WDF Framework and Object Model
Although WDF (Windows Driver Framework) and WDM (Windows Driver Model) serve the same purpose of handling communication between Windows OS and the driver, WDF means to supersede WDM. It provides an abstraction over the WDM that simplifies implementing robust, secure, and efficient drivers. It enables developers to focus on their hardware requirements rather than the complexities of the operating system. This section looks at the framework, its architecture, and how it affects how we write our driver. We discuss WDF Object Model as a foundation for understanding the driver.
Memory Management for Windows Drivers
Drivers allocate memory to store internal data, buffer data during I/O operations, and share the memory with other kernel-mode and user-mode components. Understanding the memory management techniques used by Windows is critical for a driver writer as it affects the decisions regarding scheduling and synchronization.
This topic discusses memory allocation and usage in kernel-mode drivers. It describes the types of memory available for driver use and appropriate techniques for allocating and using each type.
Scheduling, Thread Context, IRQLs, and Interrupts
Windows is a multitasking operating system that can run in a symmetric multiprocessor environment. The driver code executes in the context of one thread or the other.
This topic presents thread scheduling, context, and the processor's current interrupt request level (IRQL).
Locks, Deadlocks, and Synchronization.
We use synchronization mechanisms to protect shared memory locations in kernel-mode drivers for Windows. We must determine when synchronization is required and how to use each type.
User-mode Interactions.
Kernel-mode drivers interact with user-mode components by sharing data, objects, and handles, passing notification and synchronization information, and using settings and properties supplied by a user.
References:
- Windows Driver Foundation resource on MSDN.
- Windows Internals by Russinovich, Solomon, and Ionescu (6th Edition).
- Programming the Microsoft Windows Driver Model by Walter Oney (2nd Edition)
- Developing Drivers with the Windows Driver Foundation by Penny Orwick and Guy Smith.
- Windows Programming/Device Driver Introduction WikiBooks.
- Wikipedia on History of Microsoft Windows.
- OSR Online site is a must-visit for every Windows Driver Developer and has everything related to writing, testing, and maintaining Windows Drivers.
No comments:
Post a Comment