Windows programming ring0: introductory article


    On duty, I had to deal with driver programming for Windows. People who have never encountered this task may suggest that drivers are something very complex and directly interacting with hardware. Partly they are right, and partly not. In this article I will try to talk about what Windows drivers are from the inside and what I had to face. This article is some introduction and does not contain “pieces of code”.


    So, let's begin. First, I will say that a Windows driver is any code that runs in kernel space ( kernel-space ). All applications run in user space ( a userspace ).

    What is so special about kernel space? It's simple: when the application is running, the system imposes a number of restrictions on its capabilities, for example, the application can always be interrupted and give a little processor time to another application, the application can’t just take and access the memory of another process, and the collapse of one application does not "hang" a modern system.

    Everything is different in the core space, it is like an “adult life” after childhood: the possibilities are incomparably greater, but there is also a lot of responsibility. In the driver, we can directly access the hardware, we can make the process “uninterrupted” for some period of time, in one word, decide the fate of the entire user (and not only) space, on the other hand, a simple and fairly common error accessing a null pointer can lead to the collapse of the system ( BSoD , i.e. Blue Screen of Death - the blue screen of death, now people rarely encounter it, but before that it was quite common).

    The driver does not have to interact with the hardware, but it is quite possible that it can do something else no less useful, in the simplest case, be a window into the kernel space, that is, provide application applications with access to some system functions that are not accessible from user mode. A logical question may arise here, they say the kernel space is certainly good, but everyone is used to working with user space, and how will the driver interact with the application? There are several ways of interaction, the most common is the IOCTL mechanism , when the driver opens like a file and data is written and read in a special way to it. Another mechanism is the event variant.s. In this approach, the driver generates some events that the user application responds to and thus receives some necessary information from the driver.

    The kernel space gives great opportunities not only to useful user applications, but also to malicious viruses; in fact, imagine a virus that can prohibit killing yourself from annoying Kaspersky or Doctor Web, which can hide itself from the list of processes or simply prevent it from being deleted from the hard data drive. Do not despair, not everything is so bad: it is quite difficult to get into the kernel space by an external process, and antiviruses try to make this task even more difficult.

    Drivers are special components of the system, so they cannot be assembled using the standard Visual Studio package., for drivers, they came up with a separate toolkit containing a compiler, header files, libraries, documentation and examples, it is called WDK (Windows Driver Kit), formerly known as DDK . I note one feature that I myself encountered: WDK for newer systems, such as Windows Vista and 2008, allows you to compile drivers for earlier versions of Windows, such as XP and 2000, so it’s best (of course IMHO) to take the latest stable versions of WDK.

    Another point that I would like to mention in the introductory article is to name a guru in this area: when someone talks about C ++, in most cases this is associated with the name of Straustrup, and here: programming for Windows at the kernel level is associated with by the names of Mark Russinovich and Bryce Cogswell, who wrote a large number of useful utilities, as well as books irreplaceable for the driver developer. Details can be found at sysinternals.com .

    So, I would like to know if the topic of driver programming for Windows is of interest to Khabrovsk residents and is it worth writing further articles? What to look for first?
    Thank you so much for your attention :)

    Also popular now: