A Hole In My Head
Doron Holan's musings on drivers and other nibbles and bits
KMDF V1.1 is now available
Windows 2000 support for everyone who asked: https://www.microsoft.com/whdc/driver/wdf/KMDF_pkg.mspx...
Author: Doron Holan [MSFT] Date: 05/11/2006
OS differences when ejecting an unstarted PDO
One of the, errr, joys of owning the PnP state machine in KMDF is that I must be compatible with all...
Author: Doron Holan [MSFT] Date: 05/10/2006
How to break in at the call site that invokes the break point
I think everyone at some point in time wants to embed a break point in there code, whether it be for...
Author: Doron Holan [MSFT] Date: 05/08/2006
Debugger commands (gu) that make my life easier
It's a quick one today. One of the great features about windbg is that it has a return to caller...
Author: Doron Holan [MSFT] Date: 05/05/2006
Why does /FASTDETECT exist and how did it get its name?
/FASTDETECT is a command line flag in a boot.ini entry. It started showing up in Windows 2000 (W2K)...
Author: Doron Holan [MSFT] Date: 05/03/2006
How to test PnP state changes in your driver
I'm still getting back into the flow of things at work, so I will start off this week with a simpler...
Author: Doron Holan [MSFT] Date: 05/02/2006
My leave is over
I am back at work. Things are a bit out of order having been gone for a month, but hopefully I will...
Author: Doron Holan [MSFT] Date: 05/01/2006
Programming Note
I will be on parental leave for the month of April :). While I have written up articles to post...
Author: Doron Holan [MSFT] Date: 03/31/2006
Debugger commands (!bpid) that make my life easier (part 6)
Today's kernel debugger command is "!bpid", break on process id. This command will break into an...
Author: Doron Holan [MSFT] Date: 03/30/2006
Debugger commands (dps, dpp) that make my life easier (part 5)
Today's debugger command is "dps" (display pointers and symbols). You might be familiar with the...
Author: Doron Holan [MSFT] Date: 03/28/2006
Avoiding #defines for constant data and using enums instead
I think that the C preprocessor is a very powerful tool, but I like to limit my use of #defines. I...
Author: Doron Holan [MSFT] Date: 03/27/2006
Debugger commands (!sd) that make my life easier (part 3.1)
Peter Wieland informed me that you can actually find the security descriptor (SD) using !object, you...
Author: Doron Holan [MSFT] Date: 03/23/2006
Debugger commands (dt, ??) that make my life easier (part 4)
Today I will cover how to look at type information from the command line of windbg/kd. You can do...
Author: Doron Holan [MSFT] Date: 03/22/2006
Debugger commands (!object) that make my life easier (part 3)
Today I am going to write about !object. One of the tools you can get from sysinternals is...
Author: Doron Holan [MSFT] Date: 03/21/2006
Real life usage of loading a driver as a dump file
Today I got a callstack via email (from the NTDEV list), but no dump file. I needed to determine if...
Author: Doron Holan [MSFT] Date: 03/20/2006
Debugger commands (!poaction, !poreqlist) that make my life easier (part 2)
Today's commands are related to power, they are:!poreqlist !poaction !podev (covered in the last...
Author: Doron Holan [MSFT] Date: 03/17/2006
Debugger commands (!drvobj, !devobj, !podev, !devstack) that make my life easier (part 1)
Over the next few days I'll talk about different debugger commands which I use to make driver...
Author: Doron Holan [MSFT] Date: 03/15/2006
How to debug missing imports at driver load time
Debugging when your driver fails to load can be exasperating, especially if it is due to a missing...
Author: Doron Holan [MSFT] Date: 03/13/2006
Loading your driver in user mode
One of the very cool features of windbg/kd is that you can load any PE file as a dump file. That...
Author: Doron Holan [MSFT] Date: 03/10/2006
Great articles on DMA
Peter Wieland has started a blog. Peter sits around the corner from me and works on UMDF (which...
Author: Doron Holan [MSFT] Date: 03/10/2006
Beware the shiny light that is MmIsAddressValid
This came up on NTDEV today and has come up in the past (both in the community and internally on the...
Author: Doron Holan [MSFT] Date: 03/09/2006
The return value from RtlCompareMemory and memcmp do not mean the same thing!
When I was working on the Bluetooth core, I got this mistake the first time I tried to compare 2...
Author: Doron Holan [MSFT] Date: 03/06/2006
String buffers and IRQL
If you look at the docs for many Rtl string functions, you will see that they are callable only at...
Author: Doron Holan [MSFT] Date: 03/03/2006
How can a NULL terminated string be misinterpreted in a UNICODE_STRING?
A NULL terminated string can be mismisinterpreted if the Length field contains the NULL part of the...
Author: Doron Holan [MSFT] Date: 03/01/2006
How to correctly initialize a UNICODE_STRING
In the past if you wanted to delcare a UNICODE_STRING and buffer on the stack, you had to manually...
Author: Doron Holan [MSFT] Date: 02/27/2006
ntstrsafe.h now contains safe functions for UNICODE_STRING too!
I don't think this is a well publicized feature, but the Server 2003 SP1 DDK contains a new version...
Author: Doron Holan [MSFT] Date: 02/27/2006
How should I handle symbolic links and IRP_MN_SURPRISE_REMOVAL
For my final entry in surprise removal week (did anyone sense a theme :) ?), let's talk about...
Author: Doron Holan [MSFT] Date: 02/24/2006
How should I handle my hardware when processing IRP_MN_SURPRSISE_REMOVAL?
The quick answer answer that you must assume your hardware is present and at least probe the...
Author: Doron Holan [MSFT] Date: 02/20/2006
Do I have to handle IRP_MN_SURPRISE_REMOVAL?
You might think that just because your device is root enumerated or is plugged into fix slot (llike...
Author: Doron Holan [MSFT] Date: 02/20/2006
Why does my device interface disappear when I replug my device back in?
This is a side affect of not unregistering your device interface during surprise removal. If you do...
Author: Doron Holan [MSFT] Date: 02/20/2006
When should I disable my device interface & deregister with WMI?
Last week I talked about how a device interfaces and WMI instances are made unique by the kernel....
Author: Doron Holan [MSFT] Date: 02/20/2006
I like FORCEINLINE
For kernel mode code, if I have choice between using a #define or a FORCEINLINE function, the...
Author: Doron Holan [MSFT] Date: 02/17/2006
Why KMDF does not have a callback for IRP_MN_QUERY_POWER/SystemPowerState
I was going to blog about this after I had some KMDF entries under my belt, but Raymond Chen got...
Author: Doron Holan [MSFT] Date: 02/17/2006
How are WMI instance IDs guaranteed to be unique?
This is related to today's previous topic of how the manager makes device interface GUIDs unique....
Author: Doron Holan [MSFT] Date: 02/16/2006
How are device interface strings guaranteed to be unique?
When you register a device interface GUID, you get back a symbolic link name which is the link...
Author: Doron Holan [MSFT] Date: 02/16/2006
Why am I not seeing any new device notifications when calling RegisterDeviceNotification?
Let's define this simple worker function which registers for device interface arrival notifications...
Author: Doron Holan [MSFT] Date: 02/15/2006
Glossary
This is meant to be an organic document that grows over time. If the term you are looking for is not...
Author: Doron Holan [MSFT] Date: 02/14/2006
DeviceSuggestions
If you would like me to write about a topic that relates to WDM, the kernel, debugging, WDF, KMDF,...
Author: Doron Holan [MSFT] Date: 02/14/2006
PDOs, part 1
Definition: A PDO is a Physical Device Object. This entry is not going into how to enumerate a PDO...
Author: Doron Holan [MSFT] Date: 02/14/2006
KMDF v1.1 announced and it supports Windows 2000!
We've been working on it since we RTW'ed v1.0 late last year and v1.1 is now "official." V1.1...
Author: Doron Holan [MSFT] Date: 02/14/2006
Intro
A bit about me: I grew up in the Bay Area and got my B.S in CSc from Cal Poly, SLO I have been...
Author: Doron Holan [MSFT] Date: 02/13/2006