Table of Contents

  lab       text  

text  Ý

1

Introduction

15

Device Drivers

21

NT Overview

46

Application Level I/O

49

I/O operations

55

Asynchronous I/O

60

Basic I/O operations

63

IRPs

69

Overlapped I/O

72

Asynchronous callback I/O

74

I/O Completion ports

96

Driver Taxonomy

100

Port/miniport drivers

104

File system drivers

109

Network drivers

114

Serial port driver

115

Graphics drivers

121

Printer driver

123

SCSI drivers

133

Kernel mode streaming drivers

138

The Registry (part I)

151

NT Internals

156

Memory maps

169

NT components

173

Driver components

174

Driver components

177

Scheduler

178

Scheduler

185

Hardware

187

x86 architecture

200

Interrupts

209

I/O method taxonomy

219

Multiprocessors and caches

238

The Hardware Abstraction Layer (HAL)

258

The x86 processor architecture

261

Instruction set and registers

268

Stack

273

Arithmetic instructions

278

Addressing modes

282

Lock prefix and memory barriers

306

Driver Basics

310

DriverEntry

314

Object manager name space

319

The unload handler

322

Dispatch routines

323

DriverEntry (code)

333

Unload routine (code)

336

Dispatch routines (code)

341

Device Objects

348

IoCreateDevice

355

Quantum and scheduling

359

IoCompleteRequest

367

The ‘Hello world” driver

393

HelloWorld.c

406

Building the driver

423

Debugging a device driver

425

Debugging setup

435

BOOT.INI

448

Kernel symbols

450

Installing a legacy driver

459

Debugging

465

Crash analysis

480

Windows XP+ Kernel Debugging and legacy devices

486

The Driver Verifier

506

PREfast

514

Call Usage Verifier

519

Code coverage testing

524

WPP: Software tracing facility

529

Online crash analysis (OCA)

537

Global Flags Utility

540

Pool tag utility

542

Driver analysis tools summary

544

Designing the Application Interface

560

The File Object

587

Kernel Synchronization

628

Handling application memory access

633

Buffered I/O

658

Direct I/O

670

Mode “neither”

675

I/O Request Packets (IRPs)

699

IRP ordering

735

Canceling IRPs

751

Interrupt processing

757

Interrupt Service Routine (ISR)

773

Deferred Procedure Call handler (DPC)

786

Shared resources: Controller Objects

797

Memory Descriptor Lists

829

DMA I/O overview

867

DMA_ADAPTER Objects (Windows 2000+)

903

Managing Kernel memory

921

Kernel timers

953

Real-world debugging

979

The VERSIONINFO structure

988

Driver threads

1030

The Event Log

1074

Using the Event Log

1090

The Registry (part II)

1100

Driver layering

1113

Filter drivers

1128

Completion routines

1141

Windows 2000/XP drivers and WDM drivers

1164

Power Management

1169

Device initialization (DriverEntry/AddDevice)

1189

Plug-and-Play

1210

Power Management

1233

Appendices

1272

Shutdown notification

1275

Building GUI test programs

1318

Windows XP overview

1320

Windows XP enhancements to the video port driver

1322

64-bit Windows

1332

Thunking calls to 64-bit drivers (IA64)

1341

Signed drivers

1347

USB: The Universal Serial Bus

1388

USB device drivers

1452

The Windows HID class

1483

The non-driver alternative for the USB device: the HID class

1498

CardBus and PCMCIA cards: the laptop extension bus

1507

Firewire: IEEE-1394: the digital video bus

1511

Windows Management Instrumentation (WMI)

1525

WPP Trace

1527

Pageable drivers

1540

DMA ADAPTER_OBJECTS (NT 4.0)

1568

PCI Enumeration

1606

Cancel-safe queues

1623

Resources: books and Web sites

lab  Ý

2

WinDbg

22

Lab setup

24

Lab Resources

26

Lab 1

39

Lab 2

72

Lab 3

76

Lab 4