As part of the Windows Internals course at SELA, I recently designed a set of exercises that serve as an introduction to Windows device driver development. Their purpose is to obtain a very cursory familiarity with what it means to build, deploy and load a driver, and consider some of the things available to kernel-mode components which make them way cooler than user-mode applications.
Some of this work can be turned easily into a series of blog posts, which you can enjoy outside of the course’s context. However, if you’re looking for background on Windows subsystems and components, what it means to deliver DPCs and interrupts, how IRQLs limit driver execution, why threads are scheduled the way they are, how synchronization mechanisms work, how memory is allocated and memory addresses are translated, and many other extremely important details on how Windows works—Windows Internals is the course for you. (And so is “the book”—Windows Internals, 5th Edition.)
First and foremost, you need to set up an environment in which you will build, deploy, and load your driver. We will be using a host machine on which we’ll build and debug, and a target virtual machine to which the driver will be deployed. My own setup is a Windows 7 64-bit physical host and a Windows XP 32-bit target VM, running VMWare Workstation.
- Download the Debugging Tools for Windows (both 32- and 64-bit editions) and install them on the host machine.
- Download the Windows Driver Kit and install it on the host machine.
- Set up a virtual machine running Windows XP or a newer version. (The instructions below are applicable to Windows XP or Windows Server 2003, 32-bit editions.)
- Go to My Computer | Properties | Advanced Settings and choose Startup and Recovery | Edit. You should see an OS boot choice similar to the following:
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Professional" /fastdetect
- Add /debug /debugport=com1 to the line above.
- In the virtual machine’s settings, redirect the COM1 port to a pipe called \\.\pipe\com_1. (This step depends on your virtualization product. For example, in VMWare Workstation you will need to add a new serial port.)
- Launch WinDbg and select File | Kernel Debug. On the COM tab, use the following settings:
- Click “OK”.
- Start the virtual machine and make sure the debugger connection is established. You can hit Ctrl+Break in WinDbg to issue a breakpoint to the virtual machine, and then use any kernel-mode WinDbg commands. (Try !process 0 0 for a process list.)
- Register at OSR Online, download the OSR Driver Loader, and copy the appropriate OSRLoader.exe to your target virtual machine. (For example, Windows XP 32-bit free build version is in the WXP\i386\FRE subdirectory of the ZIP archive you downloaded.)
In the next part, we will compile our first driver and load it onto the system using OSR Driver Loader.