Who is Hector?
 Part time globe-trotting humanitarian, part-time software guru, and full-time good looking guy, Hector Rodriguez is OSR's Consultant At Large. Though he travels extensively, Hector somehow manages to stay tapped into the pulse of Windows system software related issues.
Hector communicates timely updates of importance to the driver-development community by his "Memos To Developers" which appear in this section.
Hector also is OSR's point-man for the really complicated questions from developers, which he answers in his column "Hints From Hector" in The NT Insider. Sometimes friendly, sometimes grumpy, and often adding to our vocabulary of Spanish words we were never taught in school, Hector's answers are always definitive. You can email hector with your questions or comments. If Hector answers your question, you'll see the response in a future issue of The NT Insider.
Server 2008 WDK Arrives
Hector J. Rodriguez (Read 11206 times)
The latest WDK has arrived. Here's what you need to know about it. 
Now Available for Download: Latest WDK Docs
OSR Staff (Read 11294 times)
The most recent, fully updated, WDK docs are now downloadable.
MmGetSystemRoutineAddress IS BROKEN!?
OSR Staff (Read 10699 times)
Yikes! Can it be that the widely publicized and used function MmGetSystemRoutineAddress can blue screen on XP SP2?? Well...
LH Server Beta 3 WDK Available
Hector J. Rodriguez (Read 4355 times)
I just noticed: The latest Longhorn Server WDK is available.
DTM and WDK split
Hector J. Rodriguez (Read 6603 times)
Think it's ridiculous that you need to download 2.5GB worth of WTT-laden stuff just to be able to build drivers? Apparently, you're not alone. Introducing the WLK.
x64 Driver Signing as of Vista RC1 (and later)
Hector J. Rodriguez (Read 16808 times)
The latest on x64 driver signing for Windows Vista. The tools, how/if they work, what's changed in RC1 (and later).
Debugging WDK Build Environments
Hector J. Rodriguez (Read 10132 times)
Gotten frustrated yet that the WDK version of BUILD now hides the parameters it passes to the C compiler? DDK MVP Don Burn has the solution...
No More x86 Only Submissions to WHQL
Hector J. Rodriguez (Read 9779 times)
Does your company submit a 32-bit driver to WHQL and presently ignore x64 "cuz there's no market"? With Vista, that's gonna stop...
Disabling User Account Control on Vista
Hector J. Rodriguez (Read 12643 times)
Do you hate those pop-ups on Windows Vista that say "Windows needs your permission to continue" for every single thing you do? Would you like to make them go away? We've got the solution to your woe...
USB 2.0 Debugging
OSR Staff (Read 25070 times)
Did you know that debugging over USB 2.0 actually works? Well, it does.
Look Out For Vista -- Testing Drivers on 5308
Hector J. Rodriguez (Read 17936 times)
Started using Vista for testing your drivers yet? If not, you'll have a few little things you need to figure out. Like, how to log on as Administrator, enable debugging or install a partially checked build.
Getting DbgPrint Output To Appear In Longhorn
Hector J. Rodriguez (Read 38247 times)
You build the checked version of your driver and run it on Vista for the first time. And, what happens? You don't see any of your driver's DbgPrint messages displayed in WinDbg! What happened? Let me tell you (updated for build 5308, the Feb CTP)...
The WDK Build Environment -- Not Getting Better
Hector J. Rodriguez (Read 7457 times)
Have you tried to build a driver with the new Vista DDK, which is now called the Windows Driver Kit (WDK)? If you have, I bet you're as annoyed as I am.
Only Signed Drivers To Run on Vista X64
Hector J. Rodriguez (Read 21889 times)
Oh, you're gonna love this. Non-signed drivers won't be loadable on x64 machines running Vista.
Download The Server 2003 SP1 DDK (and KMDF)
Hector J. Rodriguez (Read 20259 times)
The DDK has always been available "free" -- But it's been years since it was available for immediate download. But, guess what? It's back!!
No Win2K Support for KMDF?
Hector J. Rodriguez (Read 10039 times)
Yikes!! Is Microsoft really going to drop Win2K support from the pending release of the WDF Kernel Mode Driver Framework??
Where's The Checked Build?
Hector J. Rodriguez (Read 51562 times)
Lookin' to download Checked Builds for Windows 2000, Windows XP, or Windows Server 2003, or any of their service packs? Here are the pointers you need.
Partially Checked Service Packs
Hector J. Rodriguez (Read 14841 times)
If you need a hint as to how you use the checked-build downloads that Microsoft provides, check out this note, with contributions from community member and driver expert Jim Donelson.
Living With 64-Bit Windows
Hector J. Rodriguez (Read 36888 times)
One of the guys here at OSR took the bait and switched his development system over to 64-bit Windows (using the free Server 2003 Standard x64 Edition disk he got at the DDC). I figured I'd chronicle his travails for the benefit of anybody else who'd like to follow in his footsteps.
Go to DevCon? Don't Throw Out That CD!
Hector J. Rodriguez (Read 8681 times)
If you were at the DDC, you got a surprisingly nice prize in your conference materials...
Relative opens and IoCreateFileSpecifyDeviceObjectHint
Hector J. Rodriguez (Read 7332 times)
Sometimes, even I have to be reminded about the bugs, er, rules.
Watch that return from IoSetCompletionRoutineEx
Hector J. Rodriguez (Read 6399 times)
There are two things to be careful of, here: Don't forget about the NTSTATUS value, and pass that IRP to another driver.
Why Is The IRQL Always 0xFF When I Do !PCR?
Hector J. Rodriguez (Read 11554 times)
When you're in the debugger, and you type !PCR, the IRQL that's shown is always 0xFF. Can you logically conclude from this that the system had interrupts disabled when it crashed? Microsoft's Jake Oshins gives us the story.
No Deadlock Verification on x64 UP Systems
Hector J. Rodriguez (Read 7191 times)
Deadlock verification is a feature of Driver Verifier that monitors the order in which your driver acquires various locks. It's a great feature. Just don't expect it to work on single processor x64 (i.e. Windows-64) systems.
Don't __try to Catch The DbgBreakPoint(...) Exception
Hector J. Rodriguez (Read 8066 times)
I've used it myself. Now, it seems, it hasn't worked the way I thought it worked for years. Community members Ralph Shnelvar and Jamey Kirby discovered a cool bug related to trying to catch the exception raised by DbgBreakPoint()
Need help with WPP tracing?
Hector J. Rodriguez (Read 8334 times)
WPP got you down? It seems like everyone wants to using WPP tracing, but not everyone is able to get it working. Here's a three pack of tips from the battlefront that might save you some time...
I Hooked Up The Debugger Using 1394, and NOW...
Hector J. Rodriguez (Read 11677 times)
If you've hooked up the debugger via 1394, you reboot, and your target system is running vvvveeeeeerrrryyyy sllooooowwww or you keep losing your debugger connection, here's why.
WHICH DDK Do I Use??
Hector J. Rodriguez (Read 14079 times)
"Hector... Which DDK and build environment do I use for drivers that are for Windows XP 64-Bit Edition for the X64?" I knew it had to be confusing, because this was a member of the OSR staff asking me this question. OK, let me explain it again...
Ever have to update a system but don't have a Floppy Drive
Hector J. Rodriquez (Read 6634 times)
You want to update the BIOS on a machine. The BIOS update process requires a bootable DOS floppy (will these folks ever enter the 21st century??). But there's a problem: The system you want to update doesn't have a floppy disk drive. What's a mutha to do?
Device Manager Error Codes
Hector J. Rodriquez (Read 14060 times)
Have you ever wondered what the Device Manager Error Codes mean? A recent KB article explains each Error Code and provides solutions.
Pool and Memory Events
Hector J. Rodriguez (Read 7879 times)
In your driver, it's pretty easy to know if there's a serious shortage of paged or non-paged pool: Your allocation attempt fails. But how do you know when there's plenty of pool space and your driver should feel free to grab a big chunk? I'll tell you...
PCI Express, PCI-X and other mysteries
Hector J. Rodriguez (Read 33149 times)
"PCI-X," Dan asked, "is that just a short way of writing PCI Express?" I was embarrased to admit it, but I had no idea. I'd just been too busy, and -- to be perfectly honest -- the esoterica of bus designs don't exactly float my boat. If you're similarly clueless, and you wanna impress your more hardware-oriented friends with the depth of your knowledge, I'll tell you most of what you need to know.
ExAllocatePoolWithQuota Raises Exceptions
Hector J. Rodriguez (Read 6936 times)
Quick answer this question: Is there any variant of ExAllocatePool that'll raise an exception by default if it fails. If you said "no!", like I did, you could be in for a surprise.
Inlining into SEH Filters Can Result in Invalid Code on AMD64
Hector J. Rodriquez (Read 7353 times)
It started out as a typical day for me at the office. I came in, I got my double dose of French Roast coffee and settled down for a long day of, well...doing whatever is I get paid to do here. Along the way I came across some documentation on Structured Exception Handling and found this interesting tidbit of information....
How to Determine if System Running in Safe Mode
Hector J. Rodriquez (Read 8049 times)
Ever wonder how one programmatically determines if a system is running in Safe Mode?This question has reared its head in the newsgroups a couple of times, so between daily internal debates on U.S. foreign policy and seeding/downloading music with BitTorrent, someone here found time to find out.
Duplicate Disk Writes
Hector J. Rodriguez (Read 10104 times)
Ever watch really carefully when a file's being written? Ever notice that some chunks of the file get written twice? Yeah, we noticed too. About 7 or 8 years ago. The good news is that the Windows team has changed this behavior, and there's even a hot fix for it!
New Verifier Pool Checks In LH
Hector J. Rodriguez (Read 8036 times)
Verifier just gets more and more powerful as time goes by. If you get a BAD_POOL_CALLER bugcheck when running on LH, with a violation type of 0x9D, here's what it means
Disabling Shutdown Query for Server 2003
Hector J. Rodriguez (Read 6502 times)
Windows Server 2003 Systems (and Windows XP for 64-bit) always prompts the user to ask the reason for shutting down. For those of us developing using Windows Server 2003 this can be one more inconvenience when caught in the seemingly endless test/reboot sequences. This article discusses how to disable this feature.
Querying the name of a file
Hector J. Rodriguez (Read 6063 times)
Correct use of ObQueryNameString in a driver.
Permanent Pool Overrun Checking Starting With XP SP2
Hector J. Rodriguez (Read 13852 times)
We don't normally discuss features in unreleased products or service packs, but this issue is important enough to driver devs that we thought you'd appreciate some advance warning. Read on to discover the new pool overrun checking feature that's will be enabled in Windows, starting with XP SP2!
No Pool Tagging for Special Pool
Hector J. Rodriguez (Read 8654 times)
Can it be? During some testing here at OSR it sure seemed to us that when a driver is run under Driver Verifier, allocations that came from Special Pool were not tracked by pool tag. Well, it is true. Read on...
NTFS Does Not Support Query Operations on Stream File Objects
OSR Staff (Read 7750 times)
In a recent discussion on NTFSD, Molly Brown (Microsoft) indicated that the NTFS file system does not support a query file information operation on internally created NTFS stream files.
Who Owns Which Pool Tag
Hector J. Rodriguez (Read 18682 times)
A question came up in NTDEV asking something along the lines of, "the PoolTag utility shows that pool allocations for tag ‘WXYZ’ are out of control…Anyone know who owns it?"
Simplifying Time Interval Specification
Hector J. Rodriguez (Read 7162 times)
Quick! How many 100 nanosecond intervals in 5 minutes! NTDEV member Rob Green provides a set of macros that'll keep you from ever having to figure this out.
Files Opened as a result of a Remote Request
Hector J. Rodriguez (Read 7952 times)
This article talks about the FO_REMOTE_ORIGIN flag in the File Object and how it gets set and tested.
No More Embedded Assembler or x87 FP
Hector J. Rodriguez (Read 10050 times)
It's time to enter the new millenium, friends. Get rid of all that old, crusty, mostly useless assembler language that got stuffed into your drivers and forgotten years ago. The newest compiler in the DDK doesn't support _asm...
New Spinlock Functions
Hector J. Rodriguez (Read 6939 times)
In case you guys don’t get as excited about a new DDK as I do, I took the pleasure of DIFFing the Server 2003 DDK’s WDM.H with the one from the XP SP1 DDK...
Oh that Hurts, How to use IoForwardIrpSynchronously
OSR Staff (Read 6656 times)
Have you ever seen a function in the DDK and used it without reading the documentation and thinking about what it means? That's what happened when I used IoForwardIrpSynchronously.
IoValidateDeviceIoControlAccess() in XP SP1/.NET
Hector J. Rodriguez (Read 6354 times)
Suppose you want to implement more security in your driver, specifically on your IOCTLs...
Don't Forget to Use FILE_DEVICE_SECURE_OPEN
Hector J. Rodriguez (Read 6636 times)
Recent security reviews in the Windows file systems team have pointed out that the FILE_DEVICE_SECURE_OPEN characteristic needs to be set for file system device objects that do not support naming...
Disabling Hard Error Pop-ups
Hector J. Rodriguez (Read 5924 times)
A number of times recently we’ve seen discussions about how to disable hard error popups in a kernel driver...
Undesired Debugger Behavior
Hector J. Rodriguez (Read 5902 times)
Since this might not be the behavior desired by someone debugging their own driver...
Definition of “CPU” Environment Variable Changed
Hector J. Rodriguez (Read 8524 times)
The definition of the build environment variable CPU has changed since release of the Windows XP® DDK...
Definition of DDKBUILDENV Changed in Windows XP®
Hector J. Rodriguez (Read 7973 times)
The definition of the build environment variable DDKBUILDENV has historically been used to define whether a driver is being built free (retail) or checked (debug)...
Beware of KeAcquireSpinLockRaiseToSynch(...)!
Hector J. Rodriguez (Read 5939 times)
Starting with Windows 2000®, the NTDDK.H included the definition of a function named KeAcquireSpinLockRaiseToSynch(…). This function was never documented in the DDK documentation, and (quite frankly) was probably exposed unintentionally...
Identifying Unusual IOCTL Device Types
Hector J. Rodriguez (Read 5884 times)
You may have seen some strange IOCTLs pass through your driver, and tried to figure out where they're from...
Must Use New DDK Compiler
Hector J. Rodriguez (Read 12513 times)
When building drivers with the XP DDK, you must use (at least) the version of the compiler supplied with the DDK...
Building Within Visual Studio (IDE)
Hector J. Rodriguez (Read 13221 times)
There's nothing wrong with building drivers from within Visual Studio. But if you do this, do it right or don't do it at all...
WDM.H or NTDDK.H?
Hector J. Rodriguez (Read 14118 times)
People are confused about which header file to use. I'm not surprised, because I used to be confused about this too...
Must Succeed Pool...DEAD!
Hector J. Rodriguez (Read 7860 times)
When allocating pool, do not specify pool type NonPagedPoolMustSucceed...
Change to Allow Page Mapping in XP
Hector J. Rodriguez (Read 7932 times)
There's a change in the memory manager -- including functions such as ZwMapViewOfSection and MmMapLockedPages, in Windows XP...
Changes to SOURCES in XP DDK
Hector J. Rodriguez (Read 5900 times)
It seems a couple (not too frequently used) parameters have changed in the SOURCES file, as of the Windows XP DDK...
Fast I/O for WDM Drivers NOT Called When Verifier's Enabled
Hector J. Rodriguez (Read 5460 times)
One thing that's never really been documented, but that you have always been able to do, is use Fast I/O for Device I/O Control to process these requests...
XP DDK Resets PATH Environment Variable
Hector J. Rodriguez (Read 10970 times)
No, you're not crazy! The DDK's setenv.bat file now REPLACES the PATH environment variable to point to the DDK's executables, instead of pre-pending the DDK executable path as it has done in the past...
Microsoft Symbol Server LIVE on the Internet
Hector J. Rodriguez (Read 9987 times)
Microsoft's symbol server up live on the Internet. This means that, if you have a reasonably decent Internet connection from your debugger system, you won't have to download and setup the o/s symbols...
Warning: Beware winioctl.h from Visual C/C++ Version 6.0
Hector J. Rodriguez (Read 10179 times)
The Visual C/C++ Version 6.0 (part of Visual Studio) includes a header file for winioctl.h that includes incorrect definitions...
DefineDosDevice Functionality Changes in Windows XP®
Hector J. Rodriguez (Read 9098 times)
A number of developers are discovering a change to the naming scheme in Windows XP®...
MmMapLockedPages(SpecifyCache) with AccessMode == UserMode
Hector J. Rodriguez (Read 7639 times)
It seems that there's been some info missing from the DDK documentation for quite a while...
Enabling Debugging on the Local Machine for Windows XP®
Hector J. Rodriguez (Read 13548 times)
If you want to allow debugging on the local machine with WinDBG and Windows XP® (or later) you must add the "/debug" flag in your boot.ini file...
Windows XP® IFS Kit Errata
Hector J. Rodriguez (Read 7612 times)
It's confirmed. Microsoft inadvertently left out IOCTL_REDIR_QUERY_PATH
from the Windows XP IFS Kit...
Don't Define NT_UP
Hector J. Rodriguez (Read 8165 times)
Defining NT_UP in your driver build environment can lead to trouble...
WINVER Incorrectly Defined in XP/.NET Beta DDK's Win2K Build Environment
Hector J. Rodriguez (Read 11723 times)
Checking the definition of "WINVER" at compile time is one method that driver writers use to conditionally compile their code depending on the target platform...
|
|
