Miniport Driver Development

The task description is surely formulated by illiterate manager :). First of all, forget the word “miniport” here - in this context, it is nothing more then illiteracy of the author.

Second, there is no “disk formatting subsystem” in Windows. There is IOCTL_DISK_SET_DRIVE_LAYOUT and a set of user-mode DLLs which create the empty FS volume (which is usually called “format” in Windows).

Third - the most hard point of all of this is boot volume encryption, so that the BIOS and NTLDR will be able to boot off encrypted volume. A major task with lots of gotchas. You will need to decide a) where in the low 640KB of memory your int 13h interceptor will reside b) NTLDR calls int 13h by switching to V86 mode, your int 13h interceptor must survive this and must not be wiped from the memory by NTLDR itself c) no debugging facilities for this code d) and so on.

En/decrypting the hibernation file and/or the pagefile is yet another gotcha. The way Windows accesses the hiberfile is 100% undocumented, and this access does not go via the write path of Disk.sys.

The statement “usually from Seagate” is just plain wrong, especially in the laptop world.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: krishna mogalipuvvu
To: Windows System Software Devs Interest List
Sent: Thursday, June 09, 2005 10:20 AM
Subject: [ntdev] Miniport Driver Development

Hi Friends,

Please let me know the possibility of the minport driver develop for the following.

“Miniport Device Driver for windows 2000/XP Operating System. These driver should have facilitated the on-the-fly encryption/decryption. The drivers should interface with a key autherntication and Disk formatting subsystems. Envrionment will be any notebook or desktop working on pentium processor and commercially used hard disk, which is usually from seagate.”

As I am new to this miniport driver concept let me know how I can proceed for this kind of development and what are all things I should know for this development. I am familiar with visual c++ programming and DDK.

Regards

Krishna M.

— Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’ To unsubscribe send a blank email to xxxxx@lists.osr.com

I’m not going to comment much on the technical issues. Having actually
designed and built a commercially available system that does what you want,
I’m not sure I want to give away my erstwhile employer’s IPR (part of which
is the best place, or places, to put the encryption step).

However, the comments I have seen so far are spot on. This is a major
project: expect to spend several man years on it.

One other piece of advice: If you wish to encrypt the boot volume, persuade
your managers to invest in a hardware ICE. We didn’t do that and, as a
result, had a much harder time getting things to work.

Regards

Don Ward

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of krishna mogalipuvvu
Sent: 09 June 2005 08:34
To: Windows System Software Devs Interest List
Cc: Maxim S.Shatskih
Subject: Re: Re: [ntdev] Miniport Driver Development

Hi Maxim,

Thanks for your reply. I am very new to this kind of drivers. So far I have
experience with monolithic driver development only.

Can you suggest my how I can proceed for this kind of application
development?

Regards

Krishna M.

On Thu, 09 Jun 2005 Maxim S.Shatskih wrote :

The task description is surely formulated by illiterate manager :).
First of all, forget the word “miniport” here - in this context, it is
nothing more then illiteracy of the author.

Second, there is no “disk formatting subsystem” in Windows. There is
IOCTL_DISK_SET_DRIVE_LAYOUT and a set of user-mode DLLs which create the
empty FS volume (which is usually called “format” in Windows).

Third - the most hard point of all of this is boot volume encryption,
so that the BIOS and NTLDR will be able to boot off encrypted volume. A
major task with lots of gotchas. You will need to decide a) where in the low
640KB of memory your int 13h interceptor will reside b) NTLDR calls int 13h
by switching to V86 mode, your int 13h interceptor must survive this and
must not be wiped from the memory by NTLDR itself c) no debugging facilities
for this code d) and so on.

En/decrypting the hibernation file and/or the pagefile is yet another
gotcha. The way Windows accesses the hiberfile is 100% undocumented, and
this access does not go via the write path of Disk.sys.

The statement “usually from Seagate” is just plain wrong, especially in
the laptop world.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: krishna mogalipuvvu
To: Windows System Software Devs Interest List
Sent: Thursday, June 09, 2005 10:20 AM
Subject: [ntdev] Miniport Driver Development

Hi Friends,

Please let me know the possibility of the minport driver develop for the
following.

“Miniport Device Driver for windows 2000/XP Operating System. These
driver should have facilitated the on-the-fly encryption/decryption. The
drivers should interface with a key autherntication and Disk formatting
subsystems. Envrionment will be any notebook or desktop working on pentium
processor and commercially used hard disk, which is usually from seagate.”

As I am new to this miniport driver concept let me know how I can proceed
for this kind of development and what are all things I should know for this
development. I am familiar with visual c++ programming and DDK.

Regards

Krishna M.

— Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256 You are currently subscribed to
ntdev as: unknown lmsubst tag argument: ‘’ To unsubscribe send a blank email
to %%email.unsub%%

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com

http: — Questions? First
check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com</http:>

If your drive is from Seagate, the question is why are you doing software encryption when Seagate’s Momentous FDE does full disc encryption? As to credentialing and key authentication, the disc maintains that via ATA pass-through commands if you are logged in as admin, or via a device driver if you are not an admin. In other words … what you want to do is already done for you and you do NOT need to write a driver.

–
The personal opinion of
Gary G. Little
“Maxim S. Shatskih” wrote in message news:xxxxx@ntdev…
The task description is surely formulated by illiterate manager :). First of all, forget the word “miniport” here - in this context, it is nothing more then illiteracy of the author.

Second, there is no “disk formatting subsystem” in Windows. There is IOCTL_DISK_SET_DRIVE_LAYOUT and a set of user-mode DLLs which create the empty FS volume (which is usually called “format” in Windows).

Third - the most hard point of all of this is boot volume encryption, so that the BIOS and NTLDR will be able to boot off encrypted volume. A major task with lots of gotchas. You will need to decide a) where in the low 640KB of memory your int 13h interceptor will reside b) NTLDR calls int 13h by switching to V86 mode, your int 13h interceptor must survive this and must not be wiped from the memory by NTLDR itself c) no debugging facilities for this code d) and so on.

En/decrypting the hibernation file and/or the pagefile is yet another gotcha. The way Windows accesses the hiberfile is 100% undocumented, and this access does not go via the write path of Disk.sys.

The statement “usually from Seagate” is just plain wrong, especially in the laptop world.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: krishna mogalipuvvu
To: Windows System Software Devs Interest List
Sent: Thursday, June 09, 2005 10:20 AM
Subject: [ntdev] Miniport Driver Development

Hi Friends,

Please let me know the possibility of the minport driver develop for the following.

“Miniport Device Driver for windows 2000/XP Operating System. These driver should have facilitated the on-the-fly encryption/decryption. The drivers should interface with a key autherntication and Disk formatting subsystems. Envrionment will be any notebook or desktop working on pentium processor and commercially used hard disk, which is usually from seagate.”

As I am new to this miniport driver concept let me know how I can proceed for this kind of development and what are all things I should know for this development. I am familiar with visual c++ programming and DDK.

Regards

Krishna M.

— Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’ To unsubscribe send a blank email to xxxxx@lists.osr.com

> ----------

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Don Ward[SMTP:xxxxx@careful.co.uk]
Reply To: Windows System Software Devs Interest List
Sent: Thursday, June 09, 2005 1:22 PM
To: Windows System Software Devs Interest List
Subject: RE: Re: [ntdev] Miniport Driver Development

One other piece of advice: If you wish to encrypt the boot volume, persuade your managers to invest in a hardware ICE. We didn’t do that and, as a result, had a much harder time getting things to work.

Hardware ICE? For what? It is necessary to debug MBR, boot sector and then continue with standard boot loader and disk driver. Such things I was able to debug 15 years ago with Quaid Analyser, great DOS debugger. Am I missing something?

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

> > One other piece of advice: If you wish to encrypt the boot volume,

> persuade your managers to invest in a hardware ICE. We
didn’t do that
> and, as a result, had a much harder time getting things to work.
>
Hardware ICE? For what? It is necessary to debug MBR, boot
sector and then continue with standard boot loader and disk
driver. Such things I was able to debug 15 years ago with
Quaid Analyser, great DOS debugger. Am I missing something?

Best regards,

Michal Vodicka

I’m not familiar with the Quaid Analyser (and I didn’t much care for the
kind of web site that came up when I googled for it). However, if it is a
DOS debugger, the something you are missing is that when the boot sector is
executed, DOS is not yet (or perhaps ever, if you are booting windows) in
existence.

If the machine just goes dead when you replace the boot sector with your new
version, it can be difficult to find out what’s wrong. Once you can print
something on the screen, or make a beeping noise (or do anything
perceptible), the problem becomes a lot more tractable. But when the only
error message is “it froze”, progress can be quite slow. Under these
circumstances, being able to put a break point in your MBR code, and look at
registers is quite useful. Hence the advice.

Don

> ----------

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Don Ward[SMTP:xxxxx@careful.co.uk]
Reply To: Windows System Software Devs Interest List
Sent: Friday, June 10, 2005 1:02 AM
To: Windows System Software Devs Interest List
Subject: RE: Re: [ntdev] Miniport Driver Development

I’m not familiar with the Quaid Analyser (and I didn’t much care for the
kind of web site that came up when I googled for it). However, if it is a
DOS debugger, the something you are missing is that when the boot sector is
executed, DOS is not yet (or perhaps ever, if you are booting windows) in
existence.

Sure, but QA came with special diskette and own boot loader which loaded it to top of memory and then simulated new boot. This way MBR and boot sector could be debugged. As I said, this is what I did, many times.

I’m affraid QA development was stopped many years ago. If it can be downloaded from somewhere, it is necessary to get also special boot sector which I mentioned before. Or write it, it isn’t so hard. It can be used without it as great resident debugger, probably the best DOS debugger ever. For TSR and device driver development, of course.

If the machine just goes dead when you replace the boot sector with your new
version, it can be difficult to find out what’s wrong. Once you can print
something on the screen, or make a beeping noise (or do anything
perceptible), the problem becomes a lot more tractable. But when the only
error message is “it froze”, progress can be quite slow. Under these
circumstances, being able to put a break point in your MBR code, and look at
registers is quite useful. Hence the advice.

QA costed $200 (or maybe CA $) when it was sold. I’d bet the cheapest hw ICE is much more expensive and using it just to debug few hunderds bytes of assembly code is an overkill. Both MBR and boot sector have 512 bytes and not everything can be used for code. Experienced developer should be able to write it with no debugging Anyway, there were a lot of boot DOS viruses and I doubt their “developers” had hw ICE available.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]

>QA costed $200 (or maybe CA $) when it was sold. I’d bet the cheapest hw ICE
is much

I’m amazed VMWare did not include such facility to their VM.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

> ----------

From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Maxim S. Shatskih[SMTP:xxxxx@storagecraft.com]
Reply To: Windows System Software Devs Interest List
Sent: Friday, June 10, 2005 8:05 AM
To: Windows System Software Devs Interest List
Subject: Re: Re: [ntdev] Miniport Driver Development

>QA costed $200 (or maybe CA $) when it was sold. I’d bet the cheapest hw ICE
is much

I’m amazed VMWare did not include such facility to their VM.

Yep, it would be nice. VMware would be a great tool for developing custom bootloaders, then. I like its ability to mount diskette images and recently was surprised they are mounted as RW and can be used the same way as physical diskette. Recently I spent few hours trying to make WinCE working in virtual machine and had to customize bootloader. This ability really helped and built-in ICE or boot debugger would be even better.

Best regards,

Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]