Jaa


Becoming familiar with the windows internals

When I started learning about windows drivers, my first thought was to search for "introduction to windows drivers" or something equivalent in my favorite search engine. This led to a few links for tutorials on how to create simple drivers. Right now I think that this is a very bad approach. Even, if you understand how to write a small driver, it will be difficult to proceed. I believe that the best first step is to become familiar with the windows internals. A driver developer needs to be familiar with lots of operating system-dependent stuff, e.g. the synchronization primitives, the way that the scheduling works, the I/O manager, etc.

Currently, the definitive bible for windows internals is a book called "Microsoft Windows Internals, Fourth Edition: Microsoft Windows Server(TM) 2003, Windows XP, and Windows 2000" by Mark Russinovitz and David Solomon. This book provides the most in-depth coverage of the windows internals and is used as a base for every driver teaching course. It covers a wide area of topics, e.g. processes, I/O manager, file systems, networking, Online Crash Analysis, etc. I believe that this book is a MUST-read.

Based on the book, a lot of additional material has been created that can help somebody understand the fundamental windows concepts:

  1. The authors of the book have created a series of 6 dvds with videos that present the most important part of the topics that are covered by the book. Additional information about the dvds can be found at http://www.solsem.com/vid_internals.html. In the same link you can find information about the seminars that are taught by David Solomon on windows internals.
  2. Microsoft offers the Windows Operating System Internals Curriculum Resource Kit (CRK), which is a freely available collection of instructor resources to supplement operating system (OS) lectures and assignments with Windows kernel illustrations. The CRK provides PowerPoint presentation slides, experiments, lab descriptions, sample quizzes and assignments, in order to introduce case studies from the Windows kernel into operating system courses. The CRK, and all the components of the Windows Academic Program, are for academic, non-commercial use only.
  3. At http://www.i.u-tokyo.ac.jp/edu/training/ss/lecture/new-documents/Lectures/ you can find an extensive presentation that covers all the parts of the windows kernel.
  4. Microsoft also offers the Windows Research Kernel to faculty members, instructors or other people, who are teaching or conducting research in a highly accredited institute of higher education. The WRK includes most of the kernel sources from the latest released version of Windows, which supports the x64 architecture on the desktop.
  5. Apart from David Solomon, there are also other companies, which offer seminars on windows internals, e.g. OSR and Azius.

Comments

  • Anonymous
    September 28, 2006
    Great job Hlia!!!

    This will help restore the sanity of any new guy entering the device driver field.

    The NTDEV forum at OSR-Online is also an invaluable asset. Great kernel devs hang out there and what is extremely important is that the posts are searchable. It contains the whole history of issues discussed in the past 5-6 years.

    If you are new and don't understand something, first search NTDEV, then post a question.

    Dimitris Staikos
  • Anonymous
    September 28, 2006
    Hi,

    how much work would it be to write a simple battery driver? I'm asking because my notebook has a smart battery, which is not supported by Vista any more.

    Depending on how much work that would be, I would try to write a driver myself. I don't need any advanced stuff like reading the time needed to reload the battery or anything, I just need a simple driver that tells Vista something like "battery is 50% full".
  • Anonymous
    September 28, 2006
    Hi Dimitri,
    thank you very much! I hope that this blog will be a useful introduction for somebody, who wants to start writing drivers. Regarding OSR, please look at my next post :) I still have lots of accumulated information to write about.
  • Anonymous
    September 28, 2006
    Mathias, it all depends a lot on your knowledge on windows drivers. If you have absolutely no knowledge, then this will take quite some time. Possibly it would be a good way to start with drivers, though, if that's your goal. However, it also means that you'll need access to the battery's datasheet and generally some more knowledge on the hardware (e.g. how you communicate with the battery).

    Since this is an issue that corresponds to KMDF (the Kernel-Mode Driver Framework) and I am working with user-mode drivers, I suggest that you either ask Doron Holan (I have a link to his blog) or send an email to the OSR ntdev mailing list (please look at my next post).
  • Anonymous
    September 28, 2006
    Ok, thank you.