Filter/Software Driver Books/Resources?

Hello,

I’ve been a member of this mailing list for a few now because I’ve had to use WinDbg and also done some kernel debugging stuff. However, I now need to write a filter driver and a software driver. I will NOT be interfacing directly with any hardware and I already have a VMWare/VirtualKD/WinDbg setup. In addition, I’m already a bit familiar with ntoskrnl.exe and ntdll.dll symbols and Win32 programming.

But, this’ll still be my first driver.

I did quite a bit of research before I decided to post this and I’ve found and read the “getting started” guide here on OSR as well as the PDF provided by Microsoft which is about 75 pages (https://docs.microsoft.com/pdfstore/en-us/Win.wdkdocs/live/gettingstarted.pdf). But that’s also what worries me… 75 pages is surely not enough on Windows Drivers when I have 800-2000 page books on many other programming subjects. I also found the driver samples which look like they will definitely come in handy @ https://github.com/Microsoft/Windows-driver-samples . Again though, the fact that driver errors cause BSODs is making me think a hackjob copy/paste from some samples may not be the best choice upfront?

I also, for whatever reason, am better with a printed paper book in hand than anything else when it comes to learning aside from just trial/error. From several searches, it looks as though most driver books are dated. That said, is there any book where I could still get useful info out of for driver development at all? If not, do you have any other recommendations whatsoever to learning resources? I also checked YouTube but I’d prefer a rec from someone here rather than just sifting through hours of possibly-not-so-good YT vids. I’m considering an OSR seminar but I do not currently have a free week tot ake off of work. Thank you and sorry to be so noobish but I really want to do this.

Todd,

I’m a relative newbie to the device driver world.

Here are the books I’ve read so far that I found useful:

The Windows 2000 Device Driver Book - Art Baker and Jerry Lozano.
Yes this one is outdated but it still provided a lot of useful information and much of what is discussed in this book still applies today.

Programming the Microsoft Windows Driver Model - Walter Oney.
This book provided a lot of information. Some of which was pretty dense. Not light reading. Oney does bring up good points on pitfalls to watch out for.

Developing drivers with the Microsoft Windows Driver Foundation - Penny Orwick and Guy Smith.
This was a good book for introducing you to the WDF. It read more like a programming reference than a book on the concepts of driver development.

I chose these books because I felt they gave me a good chronological presentation of driver development concepts and specifics.

I was able to take what I read from those books and use the knowledge to maintain an existing legacy WDM “software only” driver.

If I were to undertake writing a new driver from scratch, I would probably have to read the books again and spend more time with the various samples from the books and online source samples.

Hope that’s helpful.
Erik

I like to send a reading list to students after class. Here’s the last email
that I sent out:

Windows Internals, 6th edition
Mark Russinovich, David Solomon, and Alex Ionescu

http://technet.microsoft.com/en-us/sysinternals/bb963901.aspx

This is broken up into two books, though you need both. It covers
architectural concepts and has chapters dedicated to many of the things we
talked about (I/O Manager, Process Manager, etc.). Does not cover driver
development in any meaningful way and reading it is sort of painful, but
such is the life of a driver developer.

The 6th edition covers Windows 7. If you care about older versions of the
O/S in great detail you should also grab the previous editions. The first
edition is older than dirt and was written by a person who was something of
an “embedded reporter” during the development of NT. Much different take
than the subsequent editions, something to grab if you’re into that sort of
thing.

7th edition should be coming this year and will be written by a new author.

Windows NT Device Driver Development
Peter Viscarola and Tony Mason

This is the OSR book on driver development. Written for NT v4.0. It seems a
bit silly to read such an old book, but if you stay away from the hardware
related topics much of the general information still applies (including
architectural concepts).

https://store.osr.com/product/osrs-classic-reprints-windows-nt-device-driver-development/

We’re having some store issues at the moment but there are copies available
on Amazon (our reprint is identical to the original version).

Windows NT File System Internals
Rajeev Nagar

https://store.osr.com/product/osrs-classic-reprints-windows-nt-file-system-internals/

The only book written on Windows file system development. If you laughed
about the fact that our driver book was written for NT v4.0, you’ll really
like that this was written for NT v3.51. Though, as I mentioned in class,
file systems aren’t instantiated via PnP (they “mount” using the Volume
Parameter Block) so this book stays shockingly relevant.

We’re having some store issues at the moment but there are copies available
on Amazon (our reprint is identical to the original version).

Programming the Microsoft Windows Driver Model
Walter Oney

https://www.microsoft.com/learning/en-us/book.aspx?ID=6262

This is the only correct book ever written about the Windows Driver Model,
which is the native driver model for writing PnP drivers for Windows 2000
and later. Everything we talked about last week is also part of WDM, but WDM
layers on support for PnP and Power Management.

There are other books of the same vintage covering WDM, though they all
contain known errors and misconceptions.

Windows via C/C++ (5th Edition)
Christophe Nasarre and Jeffrey Richter

Windows System Programming (4th Edition)
Johnson M. Hart

These are both user mode programming books, so they don’t fit in with the
above list. However, they do describe the documented user mode interface
into the O/S, which is the other side of what we were discussing this week.
Good to understand both to get a complete picture.

Inside Windows Debugging
Tarik Soulami

Advanced Windows Debugging
Mario Hewardt and Daniel Pravat

Debugging related books that cover WinDbg usage as well. Both heavily lean
towards user mode debugging, so not necessarily very helpful when it comes
to kernel mode development. But, you have to take what you can get when it
comes to WinDbg and debugging information.

What Makes It Page?: The Windows 7 (x64) Virtual Memory Manager
Enrico Martignetti

This guy reverse engineered the Memory Manager and wrote a book about it.
Lots of detail about the Mm, might be of interest. If nothing else it’s a
good reference for some practical WinDbg usage.

Also, we host lists for various topics related to Windows kernel mode
development. Lots of good information there, so you definitely want to join:

http://www.osronline.com/page.cfm?name=ListServer

And of course we have a blog:

https://www.osr.com/developers-blog/

As well as our (sometimes…we really do try…) bi-monthly publication The NT
Insider:

https://www.osr.com/nt-insider/

-scott
OSR
@OSRDrivers

xxxxx@toddcullumresearch.com wrote:

I’ve been a member of this mailing list for a few now because I’ve had to use WinDbg and also done some kernel debugging stuff. However, I now need to write a filter driver and a software driver.

The phrase “filter driver” is way overloaded in this environment.  What
kind of driver are you writing?  WDM filter?  File system filter? 
Network filter?  They have different learning curves.  WDM filter
drivers, for example, are very easy with KMDF these days.  File system
filters will never be easy.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.