Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
What should I learn to be able to develope Filesystem drivers?
I am clearly not a professional.
I am a young software developer looking to become a security researcher / system engineer.
I will start working on a hobbyist Antivirus, so clearly the first task is to monitor the filesystem in realtime for file creations and modifications. I have 0 driver development experience, so I am trying to figure out how to get there.
I did some research over the past couple of days and I found out that there are resources for different things, WDM and WDF, and that WDF is an abstraction layer over WDM that makes things more convenient for developers.
However, I was unable to conclude whether I needed to learn WDM or WDF to reach my goal. If WDF is more convenient, and I can accomplish my goal with it, so that's a nobrainer. I just don't know what WDF is and isn't capable of.
I also sketched up a rough study plan to get to where I want, please do feel free to judge or modify it if you have any better ideas or suggestions.
First, I'd read one of those books (depending on whether I'll learn WDM or WDF)
- Windows Kernel Programming (Pavel Yosifovich) (I think this book is about WDMs, not sure though)
- Programming The Microsoft Windows Driver Model (Walter Oney) (WDM)
- Developing Drivers with the Microsoft Windows Driver Foundation (Penny Orwick, Guy Smith) (WDF)
Then, I would also read the "Windows NT File System Internals - A Developer's Guide" book by Rajeev Nagar.
While I am reading either the first or the 2nd book, I will try to study as much of the Microsoft Driver Samples (on github) as possible. I will also try to regularly cross-reference whatever I read in those books with the relevant official Microsoft tutorials / guides / documentation just to quickly patch anything that might have become outdated in those books, and also let the information really sink in.
But still, I have no idea whether my plan is actually good or not. I don't even know what the first book should be, because I don't know whether WDF or WDM is the most suitable for me.
I would greatly appreciate any kind of help and any suggestions.
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Kernel Debugging | 16-20 October 2023 | Live, Online |
| Developing Minifilters | 13-17 November 2023 | Live, Online |
| Internals & Software Drivers | 4-8 Dec 2023 | Live, Online |
| Writing WDF Drivers | 10-14 July 2023 | Live, Online |
Comments
what i can say: expect at least a couple of years before you have a coarse idea how it eventually works. there are many side-effects in
a lot of possible system configurations. much better hobbies out there...
Yeah I don't expect this to be an easy journey, but I still haven't known where to begin the journey