Re: LDT access in 64bit Vista

NTDEV
1

Re: writing a driver with no hardware involved, just to allow
a 32bit app, running on a 64bit OS, access to the LDT (as it would
have - via NtSetInformationProcess - if running on a 32bit OS).

Tim Roberts wrote:

> Also, do you think I can get away with writing an NT4-style legacy
> driver as describer in http://www.catch22.net/tuts/kernel1.asp ?
> I’m guessing what I want to do is actually fairly simple - as far
> as device drivers go - so I’d hope I wouldn’t need to worry about
> PNP and power management.

This is all just for research for your doctoral thesis, right? You
aren’t actually planning to release this into the wild? If so, then a
legacy-style driver is just fine.

I know this list is dedicated to “doing it right”, but I have
to ask this - what with all the complication and expense of
using the more recent methods - what would be the harm of my
writing a legacy driver?

I care about three things:

  1. I want it completely reliable

  2. I don’t want to undermine the integrity of the system

  3. I don’t want to undermine the security of the system

besides that, I don’t care about anything else, such
as severe warnings to the user when the driver is installed, etc.

Cheers,
Paul.

2

Paul Gardiner wrote:

Re: writing a driver with no hardware involved, just to allow
a 32bit app, running on a 64bit OS, access to the LDT (as it would
have - via NtSetInformationProcess - if running on a 32bit OS).

Tim Roberts wrote:
>> Also, do you think I can get away with writing an NT4-style legacy
>> driver as describer in http://www.catch22.net/tuts/kernel1.asp ?
>> I’m guessing what I want to do is actually fairly simple - as far
>> as device drivers go - so I’d hope I wouldn’t need to worry about
>> PNP and power management.
>
>
> This is all just for research for your doctoral thesis, right? You
> aren’t actually planning to release this into the wild? If so, then a
> legacy-style driver is just fine.

I know this list is dedicated to “doing it right”, but I have
to ask this - what with all the complication and expense of
using the more recent methods - what would be the harm of my
writing a legacy driver?

I care about three things:

  1. I want it completely reliable

  2. I don’t want to undermine the integrity of the system

  3. I don’t want to undermine the security of the system

besides that, I don’t care about anything else, such
as severe warnings to the user when the driver is installed, etc.

Aw, go on!! Give me a hand here, please!!

I just need to write the one driver. Its unlikely I’ll ever go
near the kernel again after this, so I want to make sure I’m
taking the very simplest route (especially as there is no
actual hardware involved).

Just some of the pros and cons of the different types of driver
would be great. e.g., “completely unsupported on 64bit OSes”
would rule out an approach.

Cheers,
Paul.

3

Paul Gardiner wrote:

Paul Gardiner wrote:
>
> I know this list is dedicated to “doing it right”, but I have
> to ask this - what with all the complication and expense of
> using the more recent methods - what would be the harm of my
> writing a legacy driver?

There is no harm.

> I care about three things:
>
> 1) I want it completely reliable
> 2) I don’t want to undermine the integrity of the system
> 3) I don’t want to undermine the security of the system
>
> besides that, I don’t care about anything else, such
> as severe warnings to the user when the driver is installed, etc.

Aw, go on!! Give me a hand here, please!!

Do not interpret our lack of response as lack of interest. What you
want to do is unusual, unexpected, unanticipated, and unsupported. I
seriously doubt that anyone on this list has ever tried maintaining an
LDT on a Win64 system, so there is no in-the-trenches experience to share.

Personally, I do not believe you will ever be able to make this
completely reliable. Remember that Win64 systems do not support 16-bit
programs at all, and that is the ONLY environment in which Windows ever
promised to maintain an LDT. It is entirely possible that the Win64
systems reset the LDT to zero at every task switch. And if they don’t
do so now, they might very well decide to do so at the next service
pack. You are on your own, testing the edges of the system.

All you need is a simple, legacy-style driver. Look at the GENPORT.C
sample in the WDK – it’s a perfect model. You could write it in KMDF,
but I’m not sure you really gain anything.

Note that you will probably need to have a separate assembler module to
set the LDT, since the 64-bit compilers don’t support in-line
assembler. Also note that you will need to get a Verisign certificate
to sign your driver; 64-bit Vista will not install an unsigned driver.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

4

Actually, I suspect that there are several people one the list who have. I
know I’ve been through that sort of code a few times, in the context of
messing around with the guts with Virtual Server. I’m sure that half the
guys from VMWare have too. 8^) Maybe Dmitri could comment on his
experiences.

With that said, you’re right. It’s unsupported and really difficult to make
it work well.

  • Jake Oshins
    Windows Kernel Team

“Tim Roberts” wrote in message news:xxxxx@ntdev…
> Paul Gardiner wrote:
>> Paul Gardiner wrote:

> I seriously doubt that anyone on this list has ever tried maintaining an
> LDT on a Win64 system, so there is no in-the-trenches experience to share.
>
>

5

Thanks Tim, that was exactly the sort of information I
was looking for. GENPORT.C from WDK sounds a great
starting point for what I want to do.

I realise I’m on “hardly, if at all” trodden ground,
but at the moment I’m just looking for the easiest
way to get some of my code into the kernel so I can
experiment.

Great shame about having to sign the driver. I was
hoping that wasn’t necessary for a legacy driver.
So you need a certificate before you can even
start development? Are there no tricks like self
signed certificates (the way you do if for secure
web sites, if you don’t mind the warnings)? How
much does one of these certificates cost?

Also I realise I’m talking about legacy drivers
when I don’t altogether know what that means. I
was thinking it meant (for example) that a 64bit
OS could load a driver built for NT say without
recompilation, but is it actually the case that
a 64 bit OS can load only drivers that have been
built with 64bit tools? (Sorry, this may be
completely obvious). So for 64bit OSes, is a
legacy driver old source compiled with new
tools?

Cheers,
Paul.

6

On 14/12/06, Paul Gardiner wrote:
> So you need a certificate before you can even
> start development? Are there no tricks like self
> signed certificates (the way you do if for secure
> web sites, if you don’t mind the warnings)?

You can create your own certificate, but Windows will still only load
your driver if you disable the digital signature enforcement. That
means pressing F8 on every bootup to pick a menu option - there’s no
way to get that to persist between boots. That’s enough for
development, but you can’t really expect anyone else to do that!

> How much does one of these certificates cost?

The cheapest no-frills version I’ve seen is $229 for 1 year from
GlobalSign (http://www.globalsign.net/digital_certificate/objectsign/index.cfm).
If your driver can be set in stone within that year then it’s
effectively a one-off payment.

If you’re a bigger company and/or want the extra diagnostic support
through Microsoft then a Verisign certificate is probably the way to
go. It’s over twice the price, but a drop in the ocean for most
companies.

I needed a certificate to sign a couple of free drivers for personal
projects, so I went for the cheap option!

Best regards,

Si

7

PAUL:

A legacy driver is one that is written to one of the older driver
models. It used to, and very well may, still refer to an NT4 style
driver - pre WDM and pre KMDF; however, maybe now it means anything
before KDMF. So many acronyms make it hard to say. In any case, an
oversimplification of it would be a driver that as a DriverEntry,
DriverUnload and probably sets one or more of the MJ entry points in
DriverEntry, but does not handle power or PNP, or use WDM or KMDF in any
way.

As to your other question, the answer is that the 64-bit versions of
Windows do require that all drivers be built as 64-bit; 32-bit drivers
will not load.

I worked with something similar to what you are trying to do with the
LDT, but I think Jake gave the best advice that anyone is going to give
you or at least be allowed to give you - it will be very difficult, and,
for a variety of reasons, you’re pretty much going to have to go it
alone.

Best of luck.

mm

>> xxxxx@glidos.net 2006-12-14 04:01 >>>
Thanks Tim, that was exactly the sort of information I
was looking for. GENPORT.C from WDK sounds a great
starting point for what I want to do.

I realise I’m on “hardly, if at all” trodden ground,
but at the moment I’m just looking for the easiest
way to get some of my code into the kernel so I can
experiment.

Great shame about having to sign the driver. I was
hoping that wasn’t necessary for a legacy driver.
So you need a certificate before you can even
start development? Are there no tricks like self
signed certificates (the way you do if for secure
web sites, if you don’t mind the warnings)? How
much does one of these certificates cost?

Also I realise I’m talking about legacy drivers
when I don’t altogether know what that means. I
was thinking it meant (for example) that a 64bit
OS could load a driver built for NT say without
recompilation, but is it actually the case that
a 64 bit OS can load only drivers that have been
built with 64bit tools? (Sorry, this may be
completely obvious). So for 64bit OSes, is a
legacy driver old source compiled with new
tools?

Cheers,
Paul.

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

8

If you have a debugger attached to your system, there is no need to have the
drivers signed. This has worked for me in development of 64 bit drivers and
then putting off, or performing in parallel, the signing process.

Pete

Kernel Drivers
Windows Filesystem and Device Driver Consulting
www.KernelDrivers.com
(303)546-0300

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Paul Gardiner
Sent: Thursday, December 14, 2006 2:01 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] LDT access in 64bit Vista

Thanks Tim, that was exactly the sort of information I
was looking for. GENPORT.C from WDK sounds a great
starting point for what I want to do.

I realise I’m on “hardly, if at all” trodden ground,
but at the moment I’m just looking for the easiest
way to get some of my code into the kernel so I can
experiment.

Great shame about having to sign the driver. I was
hoping that wasn’t necessary for a legacy driver.
So you need a certificate before you can even
start development? Are there no tricks like self
signed certificates (the way you do if for secure
web sites, if you don’t mind the warnings)? How
much does one of these certificates cost?

Also I realise I’m talking about legacy drivers
when I don’t altogether know what that means. I
was thinking it meant (for example) that a 64bit
OS could load a driver built for NT say without
recompilation, but is it actually the case that
a 64 bit OS can load only drivers that have been
built with 64bit tools? (Sorry, this may be
completely obvious). So for 64bit OSes, is a
legacy driver old source compiled with new
tools?

Cheers,
Paul.

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

9

FYI, you can write an NT4/legacy style driver using KMDF. You still can
take advantage of WDFIOTARGETs and WDFQUEUEs to manage the hard problems
of cancelation and i/o synchronization.

d

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Martin O’Brien
Sent: Thursday, December 14, 2006 2:35 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] LDT access in 64bit Vista

PAUL:

A legacy driver is one that is written to one of the older driver
models. It used to, and very well may, still refer to an NT4 style
driver - pre WDM and pre KMDF; however, maybe now it means anything
before KDMF. So many acronyms make it hard to say. In any case, an
oversimplification of it would be a driver that as a DriverEntry,
DriverUnload and probably sets one or more of the MJ entry points in
DriverEntry, but does not handle power or PNP, or use WDM or KMDF in any
way.

As to your other question, the answer is that the 64-bit versions of
Windows do require that all drivers be built as 64-bit; 32-bit drivers
will not load.

I worked with something similar to what you are trying to do with the
LDT, but I think Jake gave the best advice that anyone is going to give
you or at least be allowed to give you - it will be very difficult, and,
for a variety of reasons, you’re pretty much going to have to go it
alone.

Best of luck.

mm

>> xxxxx@glidos.net 2006-12-14 04:01 >>>
Thanks Tim, that was exactly the sort of information I
was looking for. GENPORT.C from WDK sounds a great
starting point for what I want to do.

I realise I’m on “hardly, if at all” trodden ground,
but at the moment I’m just looking for the easiest
way to get some of my code into the kernel so I can
experiment.

Great shame about having to sign the driver. I was
hoping that wasn’t necessary for a legacy driver.
So you need a certificate before you can even
start development? Are there no tricks like self
signed certificates (the way you do if for secure
web sites, if you don’t mind the warnings)? How
much does one of these certificates cost?

Also I realise I’m talking about legacy drivers
when I don’t altogether know what that means. I
was thinking it meant (for example) that a 64bit
OS could load a driver built for NT say without
recompilation, but is it actually the case that
a 64 bit OS can load only drivers that have been
built with 64bit tools? (Sorry, this may be
completely obvious). So for 64bit OSes, is a
legacy driver old source compiled with new
tools?

Cheers,
Paul.

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

10

Thanks for all your help. I think I have enough info
to make a start now, along with some useful tricks
to avoid having to buy a certificate until I know
the thing is actually going to work.

Much appreciated.

Cheers,
Paul.