Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

New to the Windows kernel and looking for string manipulation functions!

AlorynnAlorynn Member Posts: 13

Hi guys, I just got dumped something at work that I'm totally unprepared for, namely developing a file driver that evaluates user mode file operations and communicates with some legacy systems. I've made decent progress so far but I had two big questions that I can't find definitive answers for:

  1. I need to do a bit of work with UNICODE_STRING in the kernel, and while I knew I wouldn't be able to use the STL I was surprised to find that this is basically the sum total of Windows kernel string libraries. Am I somehow missing something in the Windows kernel docs, or is there a very popular open source library that everyone uses for working with strings in the kernel? I just need to do basic stuff with UNICODE_STRING like searching for substrings, tokenizing, startswith/endswith and maybe a bit of regex.

  2. We can add web service gateways to our legacy systems, is there an easy way to call a web service from inside the kernel? Secure would be preferred but plain old HTTP would be fine for now.

Any pointers would be helpful, and thanks much!

Comments

  • MBond2MBond2 Member Posts: 304

    IMHO when presented requirements like this, the very first question you should ask is how can i split this work into a UM service.

    while it is possible to do these kinds of things in KM, it will be difficult in the extreme. String manipulation you can roll your own without too much trouble, but calling a web service from KM would be a massive amount of work

  • AlorynnAlorynn Member Posts: 13
    edited February 24

    Oh yes I definitely wouldn't roll my own, but I know there's an HTTP server here in the kernel with me so I thought there might be a client as well, or at least a third party solution.

    Regardless before I get that far I have some string munging to do so hopefully I can get some recommendations there.

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,916

    ... I know there's an HTTP server here in the kernel with me ...

    Not really. http.sys is just a proxy. It listens for HTTP requests and forwards them to a user-mode server, like IIS. It doesn't handle any requests.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • MBond2MBond2 Member Posts: 304

    AFAIK http.sys does actually handle certain kinds of requests directly. Created at a time when MS was trying to break web server speed records by avoiding KM/UM transitions that happen when a webserver implemented in UM accesses the disk stack to read a file, then turns around and sends it back to KM down the network stack. Modern web sites have relatively little content that falls into this category, but at the time this pattern dominated. Nowadays IIS is a huge beast that most often acts as a proxy for kestral based web services written in C# and the number of KM/UM transitions that happen for a single request can be very many indeed.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Developing Minifilters 24 May 2021 Live, Online
Writing WDF Drivers 14 June 2021 Live, Online
Internals & Software Drivers 2 August 2021 Live, Online
Kernel Debugging 27 Sept 2021 Live, Online