Starting with Windows Driver Kit 8.1 Update, the tools necessary to build Windows drivers are once again available to the community at no cost. Yay!!!
There’s a WDFSTRING?
I admit it: I regularly find things in WDF that I had no idea existed. This either speaks to the overall richness of the API, or to my resolute dedication to doing things “the way I’ve always done them.” I’m really not sure which. Shall we vote? No, let’s not. Anyhow, I’m working on a […]
Names Are Important
Most of the engineers I work with know that I’m obsessed with names. Not names of people, mind you. Strangely, I can barely remember those, which can be pretty darn embarrassing as a consultant and instructor. No, the names I’m obsessed with are the names of software things: local variables, structure fields, and names of […]
When CAN You Call WdfIoQueuePurgeSynchronously?
We’re constantly learning the subtle details of how KMDF works. We came across an interesting detail today that caused us to scratch our heads to the point…
UMDF V2 — It’s KMDF Compatible!
If you thought that big changes in the Windows driver arena were complete with the release of the Windows 8 WDK (which for the first time includes integration with Visual Studio)… you’d be WRONG. The WDK Team continues to surprise and amaze us by making our most profound wishes true. The latest news, announced at […]
WdfRequestSend: Are There REALLY Three Useful Variants?
When you learn about WdfRequestSend, you typically learn that there are three different ways that you can send a Request to an I/O Target: Sending a Request synchronously,; Sending a Request asynchronously, and telling the framework to thereafter disregard it. This is called “Send and Forget” processing. In this case, your driver does not receive a […]
Turning a Breakpoint into a Busypoint
During dynamic analysis, I often want to prevent a code path from continuing to execute beyond a certain point. For example, maybe I suspect a race between the read and write paths in a driver. In this case, I may want to allow the write path to proceed up to a point before executing the […]
Understanding WDFMEMORY Objects
There are three ways of describing allocated memory in WDF: Buffers, WDF Memory Objects, and MDLs. A memory buffer in WDF is just want it is in any system: A pointer and a length. You get a “buffer” directly when you call functions such as WdfRequestRetrieveInputBuffer (or friends) or when you use one of the […]
Using WinDbg to hunt for strings
Oftentimes it’s useful to search images for strings, they can provide clues as to where a module came from or what exactly was running on a machine. However, doing this typically requires extracting an image from a memory dump and running a standalone application. If you want to save yourself some time, you can instead […]
Spice Up Your Debug Output With DML
If you’ve been using WinDbg for any amount of time, you’ve surely come across the Debugger Markup Language (DML). DML is what provides the ability to create hyperlinks in the debugger’s output window. For example, this support is used beautifully within the NDIS debugging extensions. Try running !ndiskd.help and clicking around a bit, even if you’re not […]
OSR Open Systems Resources, Inc.