The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
Our current drivers are Device Guard ready, but I wanted to see what a failure looks like, so I pulled out a version from a few years ago, loaded it on Windows 10 Enterprise with "Virtualization Based Protection of Code Integrity" enabled, and...nothing. Nothing bad, that is. I expected an earth-shattering kaboom, or at the very least an entry in the Code Integrity event log, but the driver loads and is usable.
I know this particular driver is in violation, because I can enable Driver Verifier code integrity checks and get a break in the kernel debugger every time the driver allocates. Are there no obvious runtime effects from continuing to violate these requirements, even with all the Device Guard stuff enabled? (This is a non-WHQL driver. Obviously passing the HLK these days requires getting through the HVCI test.)
It looks like you're new here. If you want to get involved, click one of these buttons!
|Upcoming OSR Seminars|
|OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!||Kernel Debugging||30 Mar 2020||OSR Seminar Space|
|Developing Minifilters||15 Jun 2020||LIVE ONLINE|
|Writing WDF Drivers||22 June 2020||LIVE ONLINE|
|Internals & Software Drivers||28 Sept 2020||Dulles, VA|