Microsoft has announced that it is ending the ability to cross-sign drivers, effective 1 July 2021. This will effectively make it impossible to release new or updated drivers for Windows 7, Windows 8, and Windows 8.1 systems, including Server 2012 R2. This is not an exaggeration. The only option that will remain available to devs […]
Bug in New Function ExAllocatePoolZero Results in Security Vulnerability and Crashes
Update: Late in December 2020 Microsoft issued an update to the WDK/EWDK that includes mitigations for this security issue. See our blog post describing these updates. tl;dr Last week (week of 5 July 2020) OSR found and reported a bug to Microsoft that has both security and reliability implications for driver developers. New functions introduced […]
NTSTATUS to Win32 Error Code Mappings
TL;DR: Shortcut to a PDF version of the NTSTATUS to Win32 ERROR code mapping table: PDF version of The Table here Some time ago, for reasons known only to our friends in Redmond, the Microsoft Knowledge Base article that listed all the NTSTATUS values and their equivalent Win32 ERROR mappings disappeared. I found this particularly […]
Beware: VS 2019 V16.4.x Update Breaks the WDK
Update 1 April 2020: VS 2019 V16.5.2 has been released, and it does appear to fix both problems reported in this post. TL;DR DO NOT update VS 2019 beyond 16.4.0, or you risk breaking the WDK, to the point that it won’t compile anything when Code Analysis is enabled (and you can’t subsequently turn off […]
Finally! Attend OSR’s Driver Development Seminars Online
Update: All OSR seminars are now exclusively delivered online with a live instructors. One of the most common requests that we’ve received over the years about our seminars has been to allow people to attend remotely, online, via the Internet. But we waited, quite literally for years, until we had felt we could give attendees […]
Unexpected FltGetFileNameInformation Behavior for Network Renames (oh, and Tunnel Caching too)
A couple of weeks ago I was teaching our Developing file System Minifilters for Windows seminar here in Manchester, NH. A student asked a question about a behavior they were seeing when calling FltGetFileNameInformation after a rename operation on the network. Much to their surprise, the name returned was the old name for the file […]
How L1 Terminal Fault (L1TF) Mitigation and WinDbg Wasted My Morning (a.k.a. Yak Shaving: WinDbg Edition)
I’ve been doing some research into the Windows Filtering Platform and the information available at each of the various filtering layers. In particular, I’ve been focusing on the information available in Windows 7 as that predates some ETW trace points that contain interesting network event data. After attaching a filter to the FWPM_LAYER_ALE_AUTH_CONNECT_V4 layer, I […]
Three-Plus Years Later… Driver Signing Still Baffles
It was back in 2015 that I wrote my first set of blog posts on Windows driver signing. Then I wrote some more in 2016. And then in 2017 I wrote what I thought was the ultimate, definitive, and incredibly simple blog post entitled Attestation Signing — It’s NOT a Mystery. Still, all these years […]
Withdrawing From the Microsoft MVP Program
When I was first named a Microsoft Most Valuable Professional, back in the early 2000’s, I was very proud. Really, I was. There was a cohort of smart, generous, and engaged engineers who were named “DDK MVPs” at the same time that I was appointed. And I am pleased to say that I personally recommended […]
PSA: FsRtlIsNameInExpression Can Raise an Exception
Well, THIS one was a surprise…After triggering a memory leak in a driver, the system surprisingly crashed due to a call to FsRtlIsNameInExpression: As best we could tell we were passing valid input to FsRtlIsNameInExpression, so what’s up? The answer lies in the exception code: STATUS_NO_MEMORY (0xC0000017). A quick scan of the disassembly shows that yes […]
OSR Open Systems Resources, Inc.