Legacy NT Drivers

DD-3 · October 14, 2015, 2:55am

Are there any inbox drivers in the latest OS that are legacy NT drivers?

How do one view legacy NT drivers ? Are there any tools?

Why do we need legacy drivers ? only for software drivers…is it?

Maxim_S_Shatskih · October 14, 2015, 6:30am

> Are there any inbox drivers in the latest OS that are legacy NT drivers?

Legacy NT drivers for hardware are obsolete since Windows 2000, and are long ago gone.

Hardware-less kernel modules having a legacy driver interface (legacy driver control device or so) - yes, lots of them. Well-supported.

–
Maxim S. Shatskih
Microsoft MVP on File System And Storage
xxxxx@storagecraft.com
http://www.storagecraft.com

Peter_Viscarola_OSR · October 14, 2015, 9:06am

Let’s be sure we’re all on the same page with the term “Legacy Driver” first. By Legacy Driver, *I* mean Windows NT V4 style standard kernel mode drivers. What we often call “Kernel Services”… These drivers are distinguished by NOT supporting PnP, using a subset of the WDM API (vs WDF), and creating their Device Objects within DriverEntry.

What do you mean? You build them using the latest WDK and Visual Studio.

Pretty much. Let’s say you want to write a driver that monitors process creation. You don’t care about PnP (you don’t have any hardware that needs to be “discovered”) and you have no power management state that needs to be managed. You want as little unnecessary junk as possible. You merely want to call PsSetCreateProcessNotifyRoutine, collect your data, and return it into an IOCTL OutBuffer as easily as possible.

This is the environment where a Legacy NT V4 style driver is, to me, clearly the best choice.

There are many other things in the system that are implemented as Legacy NT V4 style drivers… for example, File Systems *basically* use this design.

There ARE a few places where these drivers are NOT appropriate anymore: They are not appropriate for supporting hardware, and they are not appropriate for filtering anything in the PnP device tree.

But there are a *lot* of Legacy type drivers written. In fact, MUCH to my surprise, our Internals and Software Drivers class (where we teach this model) is by far our most popular seminar. I would have thought more people would interested in WDF than Legacy NT V4 style drivers at this point, but the sheer flexibility and simplicity provided by the Legacy model makes it very popular.

Peter
OSR
@OSRDrivers

Tim_Roberts · October 14, 2015, 1:50pm

xxxxx@gmail.com wrote:

Are there any inbox drivers in the latest OS that are legacy NT drivers?

Many. In my view, the “legacy” name has been a silly distraction since
it was introduced in Windows 2000. A more accurate name would be
“non-PnP drivers” or “service-based drivers”.

How do one view legacy NT drivers ? Are there any tools?

What would be the point? What would you learn?

Why do we need legacy drivers ? only for software drivers…is it?

Mostly for software drivers, yes, but there are lots and lots of those.
It’s true that you CAN replace any service-based driver with a
software-enumerated PnP driver, but it often isn’t worth the trouble.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.