Windows Drivers Course

May 10th, 2007 - Fernando Roberto

As some of you might read in another post, I was invited by Gama Filho University to give a course about Kernel Mode development for Windows. All the course details have already been determined and they would be producing material for publication; bu, as this post was being written, I was notified that there had been a delay in producing this material and it would be available for May 21. I already took a look in the Folder they were producing, and from what I got, they decided to summarize the course description that would be given. For this reason, I’ll put the full version of the description here. The following was the file I sent to the university.

Aim:
========== 
This course is intended for developers or students who need to understand
the fundamental concepts on drivers' implementation for Windows. This course
would not cover specific drivers' implementation, such as printers, video,
SCSI, NDIS, USB, 1394 or UMDF. The aim of this course is to prepare students
who want to understand, test, complement or build drivers for Windows, using
general concepts involved in the process.
 
 
Pre-requisites:
==================
Knowledge in C Language 
Windows API Basics
Operating Systems Basics
 
 
Covered Topics:
=====================
System Architecture Overview
        Processes and Threads     
        Virtual Memory and Paging
        Kernel Mode x User Mode
        Subsystem and Native API
        IoManager
        Driver Stack and Plug-and-Play
        Object Manager
                Terminal Server
        Hardware Abstraction Layer (HAL)
 
Environment (Getting, installing and using)
        Windows Device Driver Kit
        Microsoft Visual Studio Express
        Microsoft Windows Debugging Tools
        Symbols
 
Writing a Driver
        Writing DriverEntry and DriverUnload
        Compiling a Driver
        Installing a Driver (Legacy)
                Dependencies
                Groups
                Load Order
        Debugging a Driver
                Checked Build Installations
                Driver Verifier
                Mapping an image for debugging
                Using Virtual Machines
                SoftIce
        Creating DeviceObject
        Symbolic Links
        I/O Request Packets
        IOCTLs and DeviceIoControl
        Implementing Dispatch Routines
                Buffered I/O
                Direct I/O
                Neither I/O
        Objects, Handles and Pointers
        Arbitrary Context
        IRQLs, APCs, DPCs and WorkItems
        Synchronism
                Mutex
                FastMutex
                ERESOURCE
                Spin Lock
        Events and Timers
        Custom Queues
 
Hardware Interaction
        Port I/O
        Interruptions and ISRs
        DMA
 
Writing Filters
        Writing AddDevice routine
        Legacy Filter Drivers
        Forwarding IRPs
        Stack Locations
        Completion Routines
        Pending IRPs Handling
        IRPs Cancelation
        Creating IRPs for third Drivers
 
Drivers Types
        Legacy drivers
        WDM Drivers
        Minidrivers
        Miniports
        Miniclass
 
Installations
        Creating an .INF file
        The use of SetupApi
 
References
        Web Sites
        Discussion Lists
        Books
 

By the time this post was written, the university attendance was not able to provide details about the course, such as registration dates, contents or due date. But I can anticipate what I know so far.

The course will be 40 hour-long and it is divided into 10 classes of four hours each. The classes will be on Saturdays from 1:00pm to 5:00pm.

The course is scheduled to have its first class starting May 26. It will necessary, at least, five students to form one class, but by taking the amount of people who have already contacted the university seeking for details (without disclosure) my concern is now the upper limit of 10 students. We decided to limit the class of 10 students in order there would be a better time usage for the content.

I agree that 40 hours is not enough to learn everything you need to develop drivers, but it will be an excellent starting point to have the first contact. If you are the type of person who needs to learn absolutely everything to start developing then I can antecipate that this course is not for you. The best kernel developers I know (from their Blogs, but I know) have been working with drivers for years and years, but they say they have never know everything. To get an idea, some developers focus on just certain issues within the kernel. One has been working only with disk drivers for about 10 years; another one,  for about seven years, only with network drivers. Tony Mason, for example, has been working for 18 years, only with File System Drivers. Now, ask them if they know everything! And I used to feel myself bad for trying to focus only on working with Kernel, refusing to work in User Mode. Sometimes, with friends, I have heard comments about how to do this or that using .Net, and I, having no idea what they were talking about. I didn’t know that inside the Kernel issue have still existed a myriad of details and specialization. Is it possible to learn everything?

I am preparing the content in a way that students may have some practical experience, such as writing and compiling a “Hello World” driver, install them in virtual machines and debug them. There is no way. It is necessary to get your hands dirty. Connect two real machines with a serial cable and do Kernel Debug. Generate and analyze Crash Dumps. I think we have to make the most possible to do things together in one classroom, and perform some experiments that the books attempt to describe only in words and pictures. This desire of putting things in practice was the responsible for contributing with me to get the training kit on sale at OSR Online. The kit that I’ll be taking to the course, and that appears in the photo above is basically a PCI Digital I/O. My goal is to make students’ drivers control this device.

Well, as soon as I’m getting news, I will let you know.
See you…

Leave a Reply