A Hole In My Head

A few people have emailed me over the past few days how they can see the contents of the KMDF v1.1 ISO (or any other ISO for that matter) without having to burn it to a disc or telling me about the virtual CD tool on http://www.microsoft.com . I am sure...

Windows 2000 support for everyone who asked: http://www.microsoft.com/whdc/driver/wdf/KMDF_pkg.mspx If you have already installed KMDF v1.0 on your machine, you will be asked to remove the v1.0 bits before the v1.1 bits will install. This is by...

One of the, errr, joys of owning the PnP state machine in KMDF is that I must be compatible with all the weird and wonderful behaviors of not only drivers, but the PnP manager itself. One such behavior was just fixed for the next release of KMDF (post...

I think everyone at some point in time wants to embed a break point in there code, whether it be for debugging purposes, path tracing, or detecting edge conditions that have not yet been tested. When I hit a break point, I would prefer that the debugger...

It's a quick one today. One of the great features about windbg is that it has a return to caller button . I tend to like to keep my hands on the keyboard even when I am using windbg and Shift+F11 is still too cumbersome (long live the home row!). In the...

/FASTDETECT is a command line flag in a boot.ini entry. It started showing up in Windows 2000 (W2K) by default. Why does this flag exist? Previous to W2K ntdetect.com performed a tremendous amount of device detection since PnP did not exist previous...

I'm still getting back into the flow of things at work, so I will start off this week with a simpler topic and move into meatier topics as get more control over my time. One thing I am constantly asked is "how do I manually test PnP state changes in my...

I am back at work. Things are a bit out of order having been gone for a month, but hopefully I will be able to write something tonight once things have quieted down. Needless to say, staying at home with my new son has been an amazing experience. It was...

I will be on parental leave for the month of April :). While I have written up articles to post ahead of time, there is no guarantee I will have time to post them though. I will try for around 3 articles a week, but the pace might be slower then...

Today's kernel debugger command is "!bpid", break on process id. This command will break into an application in the application context from within the kernel debugger. Why would you want to do this? Well, you are not always in the right user mode...

Today's debugger command is "dps" (display pointers and symbols). You might be familiar with the "dds" command. While dds will always dump a DWORD, dps will dump pointers, where the pointer size is determined by the target. (I used to use dds because...

I think that the C preprocessor is a very powerful tool, but I like to limit my use of #defines. I have already touched on this when i talked about why I liked FORCEINLINE and I want to talk about it some more. I realize I can't eliminate the use of #defines...

Peter Wieland informed me that you can actually find the security descriptor (SD) using !object, you just have to work harder to get at it. It relies on an undocumented structure, but since this is not being used at runtime and !object also uses it, I...

Today I will cover how to look at type information from the command line of windbg/kd. You can do all of this in the UI with a mouse, but that takes too long ;). I like to keep my hands on the keyboard and not move around. More importantly, by learning...

Today I am going to write about !object. One of the tools you can get from sysinternals is WinObj.exe. This allows you to traverse the internal object hierarchy in Windows. It's a neat tool, but it uses internal undocumented APIs which means that when...

Today I got a callstack via email (from the NTDEV list), but no dump file. I needed to determine if the bugcheck was due to a KMDF or a USB core bug. Since I had no dump file, I had to work purely on what the message contained. The callstack did have...

Today's commands are related to power, they are: !poreqlist !poaction !podev (covered in the last topic) !poreqlist will list all outstanding PIRPs on the machine that are a result of any driver calling PoRequestPowerIrp(). Remember how in the...

Over the next few days I'll talk about different debugger commands which I use to make driver development easier, especially when debugging my driver. Today I'll talk about how to find your driver, the devices you created and any device object that any...

Debugging when your driver fails to load can be exasperating, especially if it is due to a missing import. Windows 2000 would put up a dialog box telling the user which import was missing, but the user can't do anything about it (unless she is the driver...

One of the very cool features of windbg/kd is that you can load any PE file as a dump file. That means that you can load an exe, dll, or sys file as a dump file in the debugger. Your driver won't run ;), but you can look at alot of things in it. All you...

Peter Wieland has started a blog . Peter sits around the corner from me and works on UMDF (which exists under the WDF banner alongside KMDF). He has written 4 (so far) excellent entries on DMA, part 1 is here . DMA is one of the aspects of writing a driver...

This came up on NTDEV today and has come up in the past (both in the community and internally on the KMDF team). MmIsAddressValid appears to be a great function given its name. You pass in a kernel virtual address (VA from now on) and it returns TRUE...

Folks like to write wrappers. One very popular wrapper is for a KSPIN_LOCK . An example wrapper would be typedef struct _MY_LOCK { KSPIN_LOCK Lock; KIRQL LockIrql; } MY_LOCK, *PMY_LOCK; VOID FORCEINLINE AcquireMyLock(PMY_LOCK Lock) { KeAcquireSpinLock...

When I was working on the Bluetooth core, I got this mistake the first time I tried to compare 2 bluetooth addresses (a bluetooth address is 48 bits wide and at the time we were not using a ULONGLONG to represent the address, so we were doing structure...

If you look at the docs for many Rtl string functions, you will see that they are callable only at IRQL == PASSIVE_LEVEL. This applies to not only Rtl functions but also to CRT functions Why is that? Well, there are a few resaons The Rtl functions...