Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

OSR Seminars


Go Back   OSR Online Lists > ntdev
Welcome, Guest
You must login to post to this list
  Message 1 of 49  
07 Mar 18 08:05
Peter Viscarola
xxxxxx@osr.com
Join Date:
Posts To This List: 6183
List Moderator
Help Stamp Out Sensless WDM Usage

<RANT> Folks... including and especially Microsoft folks, One of the common threads in this list is newbs writing WDM drivers. They ask us questions they get some answers. They go away. Their device drivers and especially filters live on as one of the more common causes of end user system crashes in modern times. We need a concerted effort to stomp out the senseless writing of WDM drivers. We need to scrub the samples to make sure there are no WDM drivers around (other than software only ?kernel services?). If you host example on GitHub or someplace else, if it?s a WDM driver , for heavens sakes make the readme say it?s a deprecated model. We need the WDK docs to very clear say, everywhere, that people should be using WDM as a last resort only if they are not writing a file system or a kernel service. Shit, put it on every WDM doc page: IoXxxx, KeXxxx, etc. WDK doc folks... please take some time to focus on this goal. It?ll be time we?ll spent. People who mistakenly start with a WDM sample are not well served. They would be better off with no sample... though I doubt they would see this. Starting with some hideous shit from CodeProject, or an ancient sample from the WDK, is just an invitation to (a) frustrating the dev, (b) injecting bugs into kernel-mode. Whew, I feel better now. Peter OSR @OSRDrivers </RANT>
  Message 2 of 49  
07 Mar 18 09:34
R0b0t1
xxxxxx@gmail.com
Join Date: 24 Mar 2017
Posts To This List: 109
Help Stamp Out Sensless WDM Usage

On Wed, Mar 7, 2018 at 7:04 AM, xxxxx@osr.com <xxxxx@lists.osr.com> wrote: > <RANT> > > Folks... including and especially Microsoft folks, > > One of the common threads in this list is newbs writing WDM drivers. They ask us questions they get some answers. They go away. Their device drivers and especially filters live on as one of the more common causes of end user system crashes in modern times. > > We need a concerted effort to stomp out the senseless writing of WDM drivers. > > We need to scrub the samples to make sure there are no WDM drivers around (other than software only ?kernel services?). If you host example on GitHub or someplace else, if it?s a WDM driver , for heavens sakes make the readme say it?s a deprecated model. > > We need the WDK docs to very clear say, everywhere, that people should be using WDM > as a last resort only if they are not writing a file system or a kernel service. Shit, put it on every WDM doc page: IoXxxx, KeXxxx, etc. > > WDK doc folks... please take some time to focus on this goal. It?ll be time we?ll spent. > > People who mistakenly start with a WDM sample are not well served. They would be better off with no sample... though I doubt they would see this. Starting with some hideous shit from CodeProject, or an ancient sample from the WDK, is just an invitation to (a) frustrating the dev, (b) injecting bugs into kernel-mode. > > Whew, I feel better now. > > Peter > OSR > @OSRDrivers > People are doing this because there are very approachable non-MS curated examples. The official examples are, to put it bluntly, crap. The WDM driver examples aren't bad by any means. They closely mirror how drivers work on *nix OSes. If people should use the new APIs Microsoft should show they are just as capable and well supported. Historically, adopting new MS technologies is a horrible business decision, unless you have millions of dollars to spend. MS is paid to write software, something most companies are not paid to do, even if software is an integral part of their business. Playing follow the leader can easily bankrupt a small to medium sized business. If it's stupid and it works, it's not stupid. Please don't get me wrong - I understand tge value pf moving forward. But effectively I can't. The WDK and EWDK are opaque and expect some workflow to ge followed that just isn't well articulated. Cheers, R0b0t1 --
  Message 3 of 49  
07 Mar 18 09:45
Don Burn
xxxxxx@windrvr.com
Join Date: 23 Feb 2011
Posts To This List: 1406
Help Stamp Out Sensless WDM Usage

Calling KMDF "new technology" is idiotic, it has been in use over 10 years. A heck of a lot of the non-Microsoft samples out there would have to do a major rewrite to work up to the level you could call them crap. Yes Microsoft and others need to produce more KMDF samples. The last Driver Developer Conference had a presentation on how great KMDF was in the storage stack, but we never got a sample (yes I and others have done them commercially but we cannot give those out). I keep thinking about writing some samples as I phase into retirement, but the demand for drivers is strong enough that retirement is phasing in very slowly. We need to work to replace a number of the Microsoft samples that are still WDM. Don Burn Windows Driver Consulting Website: http://www.windrvr.com -----Original Message----- From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com Sent: Wednesday, March 07, 2018 9:34 AM To: Windows System Software Devs Interest List <xxxxx@lists.osr.com> Subject: [ntdev] Help Stamp Out Sensless WDM Usage On Wed, Mar 7, 2018 at 7:04 AM, xxxxx@osr.com <mailto:xxxxx@osr.com> <xxxxx@lists.osr.com <mailto:xxxxx@lists.osr.com> > wrote: > <RANT> > > Folks... including and especially Microsoft folks, > > One of the common threads in this list is newbs writing WDM drivers. They ask us questions they get some answers. They go away. Their device drivers and especially filters live on as one of the more common causes of end user system crashes in modern times. > > We need a concerted effort to stomp out the senseless writing of WDM drivers. > > We need to scrub the samples to make sure there are no WDM drivers around (other than software only ?kernel services?). If you host example on GitHub or someplace else, if it?s a WDM driver , for heavens sakes make the readme say it?s a deprecated model. > <...excess quoted lines suppressed...> People are doing this because there are very approachable non-MS curated examples. The official examples are, to put it bluntly, crap. The WDM driver examples aren't bad by any means. They closely mirror how drivers work on *nix OSes. If people should use the new APIs Microsoft should show they are just as capable and well supported. Historically, adopting new MS technologies is a horrible business decision, unless you have millions of dollars to spend. MS is paid to write software, something most companies are not paid to do, even if software is an integral part of their business. Playing follow the leader can easily bankrupt a small to medium sized business. If it's stupid and it works, it's not stupid. Please don't get me wrong - I understand tge value pf moving forward. But effectively I can't. The WDK and EWDK are opaque and expect some workflow to ge followed that just isn't well articulated. Cheers, R0b0t1 --- NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at
  Message 4 of 49  
07 Mar 18 14:37
Peter Viscarola
xxxxxx@osr.com
Join Date:
Posts To This List: 6183
List Moderator
Help Stamp Out Sensless WDM Usage

<quote> People are doing this because there are very approachable non-MS curated examples. </quote> Well, I think that's right. And a generally helpful comment. I also think, however, it is overly generous to call these samples "curated" if that implies they generally do not suck. Because to a large extent, they most certainly do. <quote> If it's stupid and it works, it's not stupid. </quote> If it's stupid, and you THINK it works but it doesn't REALLY work, it's WORSE than stupid. It's both stupid and dangerous. THAT'S THE PRIMARY PROBLEM WITH WDM. <quote> Calling KMDF "new technology" is idiotic, it has been in use over 10 years. </quote> This. KMDF was introduced in 2005, after a loong period of collaborative design and development with the Driver Development Community. Dozens of devs from the community took part. It was really a landmark project, because I am not aware of any major OS internals development effort undertaken by MSFT before or since, to take input from the community so seriously. <quote> The WDK and EWDK are opaque and expect some workflow to ge followed that just isn't well articulated. </quote> Oh, stop it. That's just silly on its face. No workflow can be simpler than VS "Create Project" -- a template project gets created -- "Build Solution" -- the project gets built. The you copy it to the target machine, install it, and you're done. And the workflow doesn't change based on the driver model, so the whole argument is specious. I've been writing drivers for Windows for about 20 years. I think I'm pretty good at it. WDM? Yeah, I know how to write a reasonably reliable WDM driver at this point. But it's really, really, painful, and it requires dragging soooo much ancient shit around. There is no chance -- none -- exactly zero probability -- of a newb writing a properly reliable WDM driver from scratch. That is not true for WDF. LOOK... back when WDM was the only option, I was personally involved, working with MSFT, for YEARS trying to get the community to write reliable drivers. We tried shaming vendors, we tried praising vendors, we tried educating vendors, we tried writing samples, we tried bringing vendors in to labs and showing them the errors of their ways. Nothing, nothing, was successful in moving the needle in terms of driver reliability. It got so bad Microsoft finally acknowledged the problem, and invested in designing and implementing an entirely new driver model, that was modern, easier to use, and made writing reliable drivers something a reasonable engineer can accomplish. That new model was WDF. People need to stop fucking with a model that's been proven to be impractical, and use what we all know works. Peter OSR @OSRDrivers
  Message 5 of 49  
07 Mar 18 16:56
R0b0t1
xxxxxx@gmail.com
Join Date: 24 Mar 2017
Posts To This List: 109
Help Stamp Out Sensless WDM Usage

On Wed, Mar 7, 2018 at 1:36 PM, xxxxx@osr.com <xxxxx@lists.osr.com> wrote: > <quote> > People are doing this because there are very approachable non-MS curated > examples. > </quote> > > Well, I think that's right. And a generally helpful comment. > > I also think, however, it is overly generous to call these samples "curated" if that implies they generally do not suck. Because to a large extent, they most certainly do. > > <quote> <...excess quoted lines suppressed...> "Kernel code is dangerous" should be no surprise. > <quote> > Calling KMDF "new technology" is idiotic, it has been in use over 10 years. > </quote> > > This. KMDF was introduced in 2005, after a loong period of collaborative design and development with the Driver Development Community. Dozens of devs from the community took part. It was really a landmark project, because I am not aware of any major OS internals development effort undertaken by MSFT before or since, to take input from the community so seriously. > > <quote> > The WDK and EWDK are opaque and expect some workflow > to ge followed that just isn't well articulated. > </quote> My entire life I have been very unlucky when it comes to computers. I will or would try these things, and in this case I have tried these things, and had them not work. It is impossible for me to explain why or to troubleshoot the issue as I can't see the source code of the components involved. I've tried asking for help in this regard but all people can tell me to do is follow the instructions. I repeat the procedure with the same result. (At this point I've decided I will wait until I finish more of my hardware and can buy a separate test computer, but the issue is still unresolved. For now I do all driver testing in Linux, which I may have done anyway.) Some of the WDM driver tutorials use older EWDK (or maybe just WDK) releases that are more approachable than the Visual Studio workflow. The individual components are obvious and in some cases instructions are given for producing functioning drivers with MinGW. I don't expect that level of detail but it does show how well WDK drivers were/are understood. At this point those samples do seem ancient, and connecting them to newer APIs is hard. > I've been writing drivers for Windows for about 20 years. I think I'm pretty good at it. WDM? Yeah, I know how to write a reasonably reliable WDM driver at this point. But it's really, really, painful, and it requires dragging soooo much ancient shit around. There is no chance -- none -- > exactly zero probability -- of a newb writing a properly reliable WDM driver from scratch. That is not true for WDF. > > LOOK... back when WDM was the only option, I was personally involved, working with MSFT, for YEARS trying to get the community to write reliable drivers. We tried shaming vendors, we tried praising vendors, we tried educating vendors, we tried writing samples, we tried bringing vendors in to labs and showing them the errors of their ways. Nothing, nothing, was successful in moving the needle in terms of driver reliability. > > It got so bad Microsoft finally acknowledged the problem, and invested in designing and implementing an entirely new driver model, that was modern, easier to use, and made writing reliable drivers something a reasonable engineer can accomplish. That new model was WDF. > > People need to stop fucking with a model that's been proven to be impractical, and use what we all know works. > The model isn't impractical. It is used by Linux. The difference is most drivers are not written at that level: there is a strong tendency to push everything into userspace as quickly as possible. If I want to create a fake hardware device, I can do so relatively safely by talking to a driver. If I want to monitor kernel driver events, I can usually do that in userspace. In some cases these things are ported backwards into kernel drivers, but not always. When they are, there is a very transparent framework bolted on top of the WDM-like model. WDF is not very transparent. Sadly I don't know what to ask for. It's not like I expect someone to write precisely what I want so I can copy it, but at the same time, knowing *what you need* is harder than knowing *what exists.* I will take your advice to heart as best I can and give up on trying to do anything with WDM. Cheers, R0b0t1
  Message 6 of 49  
07 Mar 18 19:34
anton bassov
xxxxxx@hotmail.com
Join Date: 16 Jul 2006
Posts To This List: 4487
Help Stamp Out Sensless WDM Usage

>> People need to stop fucking with a model that's been proven to be impractical, >>and use what we all know works. > The model isn't impractical. It is used by Linux. If you don't mind, could you please expand it a bit - I am just desperate to learn about Linux drivers relying upon IO Manager and IRPs, as well as upon asynch IO completion routines in the kernel, device stacks with well-defined rules, and all other Windows-specific features. I am holding my breath in anticipation.... Anton Bassov
  Message 7 of 49  
07 Mar 18 21:56
R0b0t1
xxxxxx@gmail.com
Join Date: 24 Mar 2017
Posts To This List: 109
Help Stamp Out Sensless WDM Usage

On Wed, Mar 7, 2018 at 6:34 PM, xxxxx@hotmail.com <xxxxx@lists.osr.com> wrote: >>> People need to stop fucking with a model that's been proven to be impractical, >>>and use what we all know works. > > > >> The model isn't impractical. It is used by Linux. > > If you don't mind, could you please expand it a bit - I am just desperate to learn about Linux drivers > relying upon IO Manager and IRPs, as well as upon asynch IO completion routines in the kernel, device stacks with well-defined rules, and all other Windows-specific features. I am holding my breath in anticipation.... > The names are different, the patterns not so much. E.g. does Microsoft have some kind of monopoly on asynchronous IO? Cheers, R0b0t1
  Message 8 of 49  
08 Mar 18 03:46
anton bassov
xxxxxx@hotmail.com
Join Date: 16 Jul 2006
Posts To This List: 4487
Help Stamp Out Sensless WDM Usage

> The names are different, the patterns not so much. ....which means that your knowledge of both Linux and Windows kernel-mode programming is critically close to zero.In fact, it is hard too imagine two systems that are THAT drastically different from one another, both architecturally and philosophically.... > E.g. does Microsoft have some kind of monopoly on asynchronous IO? Actually, you are almost there.Indeed, Windows NT was the first OS to introduce an asynch IO model that was absolutely generic for all device types.UNIX-like systems have not had had something like that for AT LEAST one more decade. Historically they had been making a distinction between asynch pipe/socket IO with select()/poll() semantics, and asynch disk IO that is concerned about the actual IO completion, rather than data/buffer space availability the way pipes and sockets do. Although the former was the same across all UNIX-like systems, the latter was vendor-specific. Solaris was the first UNIX-like system to introduce Windows-like IO completion ports, and FreeBSD followed the same path with introducing kqueue that relies upon the same principles. Linux still does not really have it - its epoll() does not offer the same functionality that kqueue and Solaris completion ports do. BTW, once we are at it, check the Linux kernel and see how many devices other than pipes and sockets implement asynch IO handlers. Out of those who do, check how many of them actually make use of kernel asynch IO model (i.e. make use of iocb) , rather than just delegating the whole thing to a dedicated thread that, in actuality, works on synchronous basis (i.e. implement it the same way that GNU C library does in the userland) Anton Bassov
  Message 9 of 49  
09 Mar 18 09:40
matt sykes
xxxxxx@hotmail.com
Join Date:
Posts To This List: 221
Help Stamp Out Sensless WDM Usage

WDM documentation has been disparaging from MSDN recently, only WDF, so it looks like this is happening Peter. Of course when someone has to write a WDM driver they are going to struggle to find the info...
  Message 10 of 49  
09 Mar 18 10:12
R0b0t1
xxxxxx@gmail.com
Join Date: 24 Mar 2017
Posts To This List: 109
Help Stamp Out Sensless WDM Usage

On Thu, Mar 8, 2018 at 2:46 AM, xxxxx@hotmail.com <xxxxx@lists.osr.com> wrote: >> The names are different, the patterns not so much. > > > ....which means that your knowledge of both Linux and Windows kernel-mode programming is critically close to zero.In fact, it is hard too imagine two systems that are THAT drastically different from one another, both architecturally and philosophically.... > > Can you provide a concrete example? I've had what might be a similar argument presented to me about IO completion ports, or WaitForMultipleObjects, but despite the specifics of the API equivalent information is available on both systems. In the case of IO, they tend to view things from the opposite side. >> E.g. does Microsoft have some kind of monopoly on asynchronous IO? > > Actually, you are almost there.Indeed, Windows NT was the first OS to introduce an asynch IO model that was absolutely generic for all device types.UNIX-like systems have not had had something like that for AT LEAST one more decade. Historically they had been making a distinction between asynch pipe/socket IO with select()/poll() semantics, and asynch disk IO that is concerned about the actual IO completion, rather than data/buffer space availability the way pipes and sockets do. Although the former was the same across all UNIX-like systems, the latter was vendor-specific. > > Solaris was the first UNIX-like system to introduce Windows-like IO completion ports, and FreeBSD followed the same path with introducing kqueue that relies upon the same principles. > Linux still does not really have it - its epoll() does not offer the same functionality that kqueue and Solaris completion ports do. > Importantly epoll can support these facilities. For some of them it does, such as timerfds. In other cases the functionality is elsewhere for historical reasons. > > BTW, once we are at it, check the Linux kernel and see how many devices other than pipes and sockets implement asynch IO handlers. Out of those who do, check how many of them actually make use of kernel asynch IO model (i.e. make use of iocb) , rather than just delegating the whole thing to a dedicated thread that, in actuality, works on synchronous basis (i.e. implement it the same way that GNU C library does in the userland) > So are you able to comment on the Windows implementation as a comparison?
  Message 11 of 49  
09 Mar 18 10:21
Peter Viscarola
xxxxxx@osr.com
Join Date:
Posts To This List: 6183
List Moderator
Help Stamp Out Sensless WDM Usage

<quote> WDM documentation has been disparaging from MSDN recently, </quote> Don't know if you meant "disappearing" instead of "disparaging"... but not nearly enough. I'd like MORE disappearing AND active disparaging of WDM. There's still WAAAAY too much legacy documentation, and as our colleague Mr. R0b0t1 stated, people file "curated" WDM samples (that mostly suck, but whatever) and then have enough MSDN to move those samples further into the world of fucked-up. <quote> Of course when someone has to write a WDM driver </quote> When would someone HAVE to write a WDM driver, exactly? <quote> they are going to struggle to find the info </quote> Good. AFAIC, they should need a secret decoder ring and a personal permission slip signed in Joe Belfiore's blood before they can write a WDM driver. OK, maybe I'm exaggerating a LITTLE... But shitty filters written in WDM by are now an actual, quantifiable, problem in terms of system stability (and upgrade-ability). I'm soooo fucking tired of seeing newbs posting WDM questions and getting a specific, pointed, answer, and then going away to wreck unintentional havoc. It's not that they WANT to do the wrong thing. They just have no way of knowing that's what they're doing. No reasonable dev WOULD know. That's the fatal flaw of WDM in the 21st Century, and why people need to learn to "just say no" to WDM. Hence my (continued) rant. Peter OSR @OSRDrivers
  Message 12 of 49  
09 Mar 18 10:28
Peter Viscarola
xxxxxx@osr.com
Join Date:
Posts To This List: 6183
List Moderator
Help Stamp Out Sensless WDM Usage

<quote> So are you able to comment on the Windows implementation as a comparison </quote> I can -- And I'll even stop ranting for a moment while I do it. In Windows, it's generally considered to be "bad form" to synchronously wait for a device to do your bidding. The driver model is designed to be basically asynchronous and event-driven: 1) You get a request (read, write, IOCTL). 2a) If the device is free, you program the device to perform the requested I/O operation and save some context for the pending request. 2b) If the device is not free, you queue the request and RETURN from your driver. 3) Assuming you start the request on the device, your driver code then RETURNS, leaving the request in progress on the device. 4) The device interrupts to indicate the request has been completed. Your driver queues a DpcForIsr from this ISR. 5) In your DpcForIsr you retrieve the context for the pending request that you saved in step 2a, above. You complete whatever processing is required for the request (if you have a DMA type device, there's probably very little to do... if you have a PIO type device and this is a READ operation from the user, you probably have to move the data from the device to the user's data buffer). Then you complete the request. 6) With the request completed, and your device now "idle", you look to see if you have any pending requests queued for your device that you can now start. I think the model is simplicity itself ;-) Peter OSR @OSRDrivers
  Message 13 of 49  
09 Mar 18 10:48
Don Burn
xxxxxx@windrvr.com
Join Date: 23 Feb 2011
Posts To This List: 1406
Help Stamp Out Sensless WDM Usage

The only time in recent memory I have had to write a WDM driver was to develop a filter for a bus driver. But these are so rare that it should not matter. Don Burn Windows Driver Consulting Website: http://www.windrvr.com -----Original Message----- From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com Sent: Friday, March 09, 2018 10:21 AM To: Windows System Software Devs Interest List <xxxxx@lists.osr.com> Subject: RE:[ntdev] Help Stamp Out Sensless WDM Usage <quote> WDM documentation has been disparaging from MSDN recently, </quote> Don't know if you meant "disappearing" instead of "disparaging"... but not nearly enough. I'd like MORE disappearing AND active disparaging of WDM. There's still WAAAAY too much legacy documentation, and as our colleague Mr. R0b0t1 stated, people file "curated" WDM samples (that mostly suck, but whatever) and then have enough MSDN to move those samples further into the world of fucked-up. <quote> Of course when someone has to write a WDM driver </quote> When would someone HAVE to write a WDM driver, exactly? <quote> they are going to struggle to find the info </quote> Good. AFAIC, they should need a secret decoder ring and a personal permission slip signed in Joe Belfiore's blood before they can write a WDM driver. OK, maybe I'm exaggerating a LITTLE... But shitty filters written in WDM by are now an actual, quantifiable, problem in terms of system stability (and upgrade-ability). I'm soooo fucking tired of seeing newbs posting WDM questions and getting a specific, pointed, answer, and then going away to wreck unintentional havoc. It's not that they WANT to do the wrong thing. They just have no way of knowing that's what they're doing. No reasonable dev WOULD know. That's the fatal flaw of WDM in the 21st Century, and why people need to learn to "just say no" to WDM. Hence my (continued) rant. Peter OSR @OSRDrivers --- NTDEV is sponsored by OSR Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <http://www.osr.com/seminars> To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer>
  Message 14 of 49  
09 Mar 18 10:50
Peter Viscarola
xxxxxx@osr.com
Join Date:
Posts To This List: 6183
List Moderator
Help Stamp Out Sensless WDM Usage

<quote> The only time in recent memory I have had to write a WDM driver was to develop a filter for a bus driver. But these are so rare that it should not matter. </quote> Good one, thank you for that. We did that here recently as well. Rare and unsupported as well, we should note. Peter OSR @OSRDrivers
  Message 15 of 49  
09 Mar 18 13:43
Mark Roddy
xxxxxx@gmail.com
Join Date: 25 Feb 2000
Posts To This List: 4090
Help Stamp Out Sensless WDM Usage

shitty devs " wreck[ing] unintentional havoc" would be a good thing. It is when they wreak havoc that things go wrong. Mark Roddy On Fri, Mar 9, 2018 at 10:50 AM, xxxxx@osr.com <xxxxx@lists.osr.com> wrote: > <quote> > The only time in recent memory I have had to write a WDM driver was to > develop a filter for a bus driver. But these are so rare that it should > not > matter. > </quote> > > Good one, thank you for that. We did that here recently as well. > > Rare and unsupported as well, we should note. <...excess quoted lines suppressed...> --
  Message 16 of 49  
09 Mar 18 14:16
Peter Viscarola
xxxxxx@osr.com
Join Date:
Posts To This List: 6183
List Moderator
Help Stamp Out Sensless WDM Usage

<quote> shitty devs " wreck[ing] unintentional havoc" would be a good thing. It is when they wreak havoc that things go wrong. </quote> Ducking auto-correct, I swear. I'll go back and edit that post. Oh, wait... Peter OSR @OSRDrivers
  Message 17 of 49  
10 Mar 18 10:44
Mark Roddy
xxxxxx@gmail.com
Join Date: 25 Feb 2000
Posts To This List: 4090
Help Stamp Out Sensless WDM Usage

registry filter drivers. I suppose you could write one using KMDF but it would add unneeded complexity rather than reducing it. Also you could write a bus filter driver using KMDF and then escape into WDM to do all the bus filtering :-) Mark Roddy On Fri, Mar 9, 2018 at 10:50 AM, xxxxx@osr.com <xxxxx@lists.osr.com> wrote: > <quote> > The only time in recent memory I have had to write a WDM driver was to > develop a filter for a bus driver. But these are so rare that it should > not > matter. > </quote> > > Good one, thank you for that. We did that here recently as well. > > Rare and unsupported as well, we should note. <...excess quoted lines suppressed...> --
  Message 18 of 49  
10 Mar 18 12:53
PeterGV_via_GMAIL
xxxxxx@gmail.com
Join Date:
Posts To This List: 2
Help Stamp Out Sensless WDM Usage

Registry Filters, Object Manager Filters, Process Manager Filters... these are all Kernel Service, which I already mentioned are an entirely separate category of beast. WDM for this use is entirely fine. Peter OSR @OSRDrivers On Sat, Mar 10, 2018 at 10:43 AM, xxxxx@gmail.com < xxxxx@lists.osr.com> wrote: > registry filter drivers. I suppose you could write one using KMDF but it > would add unneeded complexity rather than reducing it. Also you could write > a bus filter driver using KMDF and then escape into WDM to do all the bus > filtering :-) > > > > > Mark Roddy > <...excess quoted lines suppressed...> --
  Message 19 of 49  
10 Mar 18 18:04
Jan Bottorff
xxxxxx@pmatrix.com
Join Date: 16 Apr 2013
Posts To This List: 434
Help Stamp Out Sensless WDM Usage

I think a HUGE problem for a newbie Window’s driver writer’s is figuring out he correct kind of driver to write. Other platforms tend not to have all the different flavors, they just have “a driver”. Even an experienced developer like myself sometimes has to look carefully and do a lot of digging what kind of driver is needed. For example, a network kernel winsock client that does not process IRPs would be more of a kernel service, but one that can be opened by an application (meaning it can process IRPS) would more likely be something like a root-enumerated PnP driver. If I had a kernel service that I want to control from powershell via WMI method calls, I would need to make it a driver with a do almost nothing virtual device object, just so the OS has someplace to send WMI IRPS. Perhaps something like a decision tree in the WDK documentation on how to pick the correct kind of driver would help. A newbie will look at this thread and be clueless how a “driver”, written to the WDM API (to be avoided), is a different thing than a “kernel service” written to the WDM API (which is acceptable). This terminology is not spelled out, it’s just a set of slightly fuzzy categories that have informally formed over the years. Another thing that could help newbie driver developers would be if the VisualStudio driver wizard knew how to make a variety of specialized class drivers, based on the latest thinking on what’s “optimal”. So then there would be no need to hunt through the samples to find something sort of similar. You would just say dear VS Wizard, make me generic storage controller driver, and it would (today) spit out a storport driver for a ramdisk or something, and tomorrow it might spit our a KMDF driver with the extra storage support. Even though I see lots of value in miniports, and other class specific frameworks, I wonder if these just create confusion and ignorance in the long term. Windows kernel developers tend to have boundaries on their driver interface knowledge, significantly due to the miniport model. If you work for a large corporation on the same project for many years, the miniport model tends to keep you ignorant about anything outside your little world. There might be some shift occurring in this, as it seems like Microsoft is moving toward a NIC miniport being a KMDF driver, with some network specific queue ring interfaces. Jan From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com Sent: Saturday, March 10, 2018 9:52 AM To: Windows System Software Devs Interest List <xxxxx@lists.osr.com> Subject: Re: [ntdev] Help Stamp Out Sensless WDM Usage Registry Filters, Object Manager Filters, Process Manager Filters... these are all Kernel Service, which I already mentioned are an entirely separate category of beast. WDM for this use is entirely fine. Peter OSR @OSRDrivers On Sat, Mar 10, 2018 at 10:43 AM, xxxxx@gmail.com<mailto:xxxxx@gmail.com> <xxxxx@lists.osr.com<mailto:xxxxx@lists.osr.com>> wrote: registry filter drivers. I suppose you could write one using KMDF but it would add unneeded complexity rather than reducing it. Also you could write a bus filter driver using KMDF and then escape into WDM to do all the bus filtering :-) Mark Roddy On Fri, Mar 9, 2018 at 10:50 AM, xxxxx@osr.com<mailto:xxxxx@osr.com> <xxxxx@lists.osr.com<mailto:xxxxx@lists.osr.com>> wrote: <quote> The only time in recent memory I have had to write a WDM driver was to develop a filter for a bus driver. But these are so rare that it should not matter. </quote> Good one, thank you for that. We did that here recently as well. Rare and unsupported as well, we should note. Peter OSR @OSRDrivers --- NTDEV is sponsored by OSR Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <http://www.osr.com/seminars> To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer> --- NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at --- NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at
  Message 20 of 49  
11 Mar 18 10:21
Mark Roddy
xxxxxx@gmail.com
Join Date: 25 Feb 2000
Posts To This List: 4090
Help Stamp Out Sensless WDM Usage

On Sat, Mar 10, 2018 at 6:03 PM, xxxxx@pmatrix.com <xxxxx@lists.osr.com > wrote: > > > > Perhaps something like a decision tree in the WDK documentation on how to > pick the correct kind of driver would help. A newbie will look at this > thread and be clueless how a ???driver???, written to the WDM API (to be > avoided), is a different thing than a ???kernel service??? written to the WDM > API (which is acceptable). This terminology is not spelled out, it??=99s just a > set of slightly fuzzy categories that have informally formed over the years. <...excess quoted lines suppressed...> Um, you mean like this: Choosing a driver model <https://docs.microsoft.com/en-us/windows-hardware/drivers/gettingstarted/choosin g-a-driver-model> Mark Roddy --
  Message 21 of 49  
12 Mar 18 10:27
matt sykes
xxxxxx@hotmail.com
Join Date:
Posts To This List: 221
Help Stamp Out Sensless WDM Usage

Peter wrote: "When would someone HAVE to write a WDM driver, exactly?" Kernel Service drivers. I have had to write a few in my time, in fact wrote one last year.
  Message 22 of 49  
12 Mar 18 11:03
Jamey Kirby
xxxxxx@gmail.com
Join Date: 31 Dec 2014
Posts To This List: 279
Help Stamp Out Sensless WDM Usage

I left software development about 12 years ago (before WDF was a thing). Since I have returned, I've written one new driver that was a virtual storport miniport. These beasts live somewhere between a WDM and a miniport. Recently I have been working on a older WDM driver written by someone else about 10 years ago. I have been considering the idea of porting the driver to a WDF/KMDF driver, but have put that on the back burner because of the demands to get code shipped. However, after reading Peter's post, I have decided to move the port to the foreground. How difficult can it be; right? After reading the documentation, I see that if you want to receive PNP notifications, you must be a WDM driver. In the driver I am working on, it filters IRP_MJ_PNP in order to detect special files on the volume (this is a volume filter driver, not an FS volume filter). This is done to maintain the power pageable bit while the filter is active. Does this requirement prevent me from porting to WDF/KMDF? -- Jamey BTW: When I reply via email, the emails get lost. I sent this same post via email, and the email is nowhere to be found, not even in my outbox. Strange. So I have to come here to the website to post. If this gets posted twice, I apologize.
  Message 23 of 49  
12 Mar 18 11:55
Peter Viscarola
xxxxxx@osr.com
Join Date:
Posts To This List: 6183
List Moderator
Help Stamp Out Sensless WDM Usage

>>When would someone HAVE to write a WDM driver, exactly >Kernel Service drivers. Yes, absolutely agree that writing Kernel Services using WDM is both entirely appropriate and a Best Practice. I *thought* I said that in my long initial rant, but perhaps it was somewhere else that I ranted this carve-out. But, in any case, agreed: Kernel Services should be WDM (though they do not HAVE to be WDM). Peter OSR @OSRDrivers
  Message 24 of 49  
12 Mar 18 12:01
Don Burn
xxxxxx@windrvr.com
Join Date: 23 Feb 2011
Posts To This List: 1406
Help Stamp Out Sensless WDM Usage

Peter, You did say it, and for a simple kernel service I totally agree. I recently did rewrite one kernel service driver to KMDF, the original WDM had something like 20 cancel safe queues to do weird things. Moving it to KMDF queues made the code so much nicer! Don Burn Windows Driver Consulting Website: http://www.windrvr.com -----Original Message----- From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com Sent: Monday, March 12, 2018 11:55 AM To: Windows System Software Devs Interest List <xxxxx@lists.osr.com> Subject: RE:[ntdev] Help Stamp Out Sensless WDM Usage >>When would someone HAVE to write a WDM driver, exactly >Kernel Service drivers. Yes, absolutely agree that writing Kernel Services using WDM is both entirely appropriate and a Best Practice. I *thought* I said that in my long initial rant, but perhaps it was somewhere else that I ranted this carve-out. But, in any case, agreed: Kernel Services should be WDM (though they do not HAVE to be WDM). Peter OSR @OSRDrivers --- NTDEV is sponsored by OSR Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <http://www.osr.com/seminars> To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer>
  Message 25 of 49  
12 Mar 18 12:01
Peter Viscarola
xxxxxx@osr.com
Join Date:
Posts To This List: 6183
List Moderator
Help Stamp Out Sensless WDM Usage

Warning: Thread Drift Ahead <quote> I see that if you want to receive PNP notifications, you must be a WDM driver </quote> No! You can still filter and receive these. WdfDeviceInitAssignWdmIrpPreprocessCallback is your friend. <quote> In the driver I am working on, it filters IRP_MJ_PNP in order to detect special files on the volume (this is a volume filter driver, not an FS volume filter). This is done to maintain the power pageable bit while the filter is active. </quote> You are aware that there's WdfDeviceSetSpecialFileSupport ? Peter OSR @OSRDrivers
  Message 26 of 49  
12 Mar 18 12:05
Tim Roberts
xxxxxx@probo.com
Join Date: 28 Jan 2005
Posts To This List: 11957
Help Stamp Out Sensless WDM Usage

xxxxx@osr.com wrote: > <quote> > I see that if you want to receive PNP notifications, you must be a WDM driver > </quote> > > No! You can still filter and receive these. WdfDeviceInitAssignWdmIrpPreprocessCallback is your friend. I suspect the author of the original quote really meant "at least a WDM driver".  All KMDF drivers are also WDM drivers. -- Tim Roberts, xxxxx@probo.com Providenza & Boekelheide, Inc.
  Message 27 of 49  
12 Mar 18 12:05
Don Burn
xxxxxx@windrvr.com
Join Date: 23 Feb 2011
Posts To This List: 1406
Help Stamp Out Sensless WDM Usage

Peter, Does KMDF support normal flag handling for filter drivers? I thought it did, so since the original question was on a filter, this should be let the framework do it. Don Burn Windows Driver Consulting Website: http://www.windrvr.com -----Original Message----- From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@osr.com Sent: Monday, March 12, 2018 12:01 PM To: Windows System Software Devs Interest List <xxxxx@lists.osr.com> Subject: RE:[ntdev] Help Stamp Out Sensless WDM Usage Warning: Thread Drift Ahead <quote> I see that if you want to receive PNP notifications, you must be a WDM driver </quote> No! You can still filter and receive these. WdfDeviceInitAssignWdmIrpPreprocessCallback is your friend. <quote> In the driver I am working on, it filters IRP_MJ_PNP in order to detect special files on the volume (this is a volume filter driver, not an FS volume filter). This is done to maintain the power pageable bit while the filter is active. </quote> You are aware that there's WdfDeviceSetSpecialFileSupport ? Peter OSR @OSRDrivers --- NTDEV is sponsored by OSR Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <http://www.osr.com/seminars> To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer>
  Message 28 of 49  
12 Mar 18 12:25
Jamey Kirby
xxxxxx@gmail.com
Join Date: 31 Dec 2014
Posts To This List: 279
Help Stamp Out Sensless WDM Usage

Peter, no. I just started digging into the documentation last night. I have zero WDF/KMDF experience. It will take me a few days to come up to speed.
  Message 29 of 49  
12 Mar 18 18:09
Jamey Kirby
xxxxxx@gmail.com
Join Date: 31 Dec 2014
Posts To This List: 279
Help Stamp Out Sensless WDM Usage

I've run into my first issue :) In the WDM driver, I would check device characteristics to see if the device was something we were not interested in filtering. Here is a snippet of WDM code: NTSTATUS FilterAddDevice(_In_ PDRIVER_OBJECT Driver, _In_ PDEVICE_OBJECT PhysicalDevice) { if (FlagOn(PhysicalDevice->Characteristics, FILE_REMOVABLE_MEDIA) || FlagOn(PhysicalDevice->Characteristics, FILE_READ_ONLY_DEVICE) || FlagOn(PhysicalDevice->Characteristics, FILE_READ_ONLY_VOLUME)) { // We are not interested in removable media. Exit with nothing to do. return STATUS_SUCCESS; } This would skip filtering read-only and removable devices. In WDF, I cannot get access to the lower device object to get the characteristics. I assume WdfDeviceCreate() attaches to the lower device by me having called WdfFdoInitSetFilter() prior to calling WdfDeviceCreate(). So, let's say I have called WdfDeviceCreate(), I check the characteristics after calling WdfGetDeviceCharacteristsic(), and determine I really do not want to filter this device. How do I go about detaching from the lower device before exiting EvtDevicedd() function? I don't want to have a null filter sitting there just passing data along; do I? Maybe I am missing something. I am reading the documentation while trying to do the port. -- Jamey
  Message 30 of 49  
12 Mar 18 18:17
Doron Holan
xxxxxx@microsoft.com
Join Date: 08 Sep 2005
Posts To This List: 10209
Help Stamp Out Sensless WDM Usage

WdfFdoInitWdmGetPhysicalDevice and you have the same code as below without creating a WDFDEVICE -----Original Message----- From: xxxxx@lists.osr.com <xxxxx@lists.osr.com> On Behalf Of xxxxx@gmail.com Sent: Monday, March 12, 2018 3:09 PM To: Windows System Software Devs Interest List <xxxxx@lists.osr.com> Subject: RE:[ntdev] Help Stamp Out Sensless WDM Usage I've run into my first issue :) In the WDM driver, I would check device characteristics to see if the device was something we were not interested in filtering. Here is a snippet of WDM code: NTSTATUS FilterAddDevice(_In_ PDRIVER_OBJECT Driver, _In_ PDEVICE_OBJECT PhysicalDevice) { if (FlagOn(PhysicalDevice->Characteristics, FILE_REMOVABLE_MEDIA) || FlagOn(PhysicalDevice->Characteristics, FILE_READ_ONLY_DEVICE) || FlagOn(PhysicalDevice->Characteristics, FILE_READ_ONLY_VOLUME)) { // We are not interested in removable media. Exit with nothing to do. return STATUS_SUCCESS; } This would skip filtering read-only and removable devices. In WDF, I cannot get access to the lower device object to get the characteristics. I assume WdfDeviceCreate() attaches to the lower device by me having called WdfFdoInitSetFilter() prior to calling WdfDeviceCreate(). So, let's say I have called WdfDeviceCreate(), I check the characteristics after calling WdfGetDeviceCharacteristsic(), and determine I really do not want to filter this device. How do I go about detaching from the lower device before exiting EvtDevicedd() function? I don't want to have a null filter sitting there just passing data along; do I? Maybe I am missing something. I am reading the documentation while trying to do the port. -- Jamey --- NTDEV is sponsored by OSR Visit the list online at: <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.osronline.co m%2Fshowlists.cfm%3Flist%3Dntdev&data=04%7C01%7CDoron.Holan%40microsoft.com%7Cb17 0acf17feb44653aa408d58865ec55%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636564 893692879141%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6 Ik1haWwifQ%3D%3D%7C-1&sdata=TaGnZx0gH69krNZX6tR0bF%2FBHdGNw1oFFWsA59N5xQ8%3D&rese rved=0> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.osr.com%2Fse minars&data=04%7C01%7CDoron.Holan%40microsoft.com%7Cb170acf17feb44653aa408d58865e c55%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636564893692879141%7CUnknown%7CT WFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdat a=PiGdWxQiB0r7NM%2FBMgCl1Y7ynNC%2BHXlWlOdpLzpJHQE%3D&reserved=0> To unsubscribe, visit the List Server section of OSR Online at <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.osronline.co m%2Fpage.cfm%3Fname%3DListServer&data=04%7C01%7CDoron.Holan%40microsoft.com%7Cb17 0acf17feb44653aa408d58865ec55%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636564 893692879141%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6 Ik1haWwifQ%3D%3D%7C-1&sdata=SQYNsVINWkkP%2BNek6jjxlgWDJ%2FQCSWrreOK3Rso%2BCPc%3D& reserved=0>
  Message 31 of 49  
12 Mar 18 18:33
Jamey Kirby
xxxxxx@gmail.com
Join Date: 31 Dec 2014
Posts To This List: 279
Help Stamp Out Sensless WDM Usage

Thanks! I hadn't found that function yet. One more thing: When I call WdfFoInitSetFilter(), does it also propagate the device type? In my WDM code, I had to propagate the device type to the filter device object by hand. The WDK says it "propagates flags & characteristics". However, it seems reasonable to expect the device type to be propagated in the context of a filter driver. In the WDK sample kbdfilter driver, it sets the device type as follows: WdfDeviceInitSetDeviceType(DeviceInit, FILE_DEVICE_KEYBOARD); Otherwise, I have to have code like this: // Get the device property class GUID. ULONG ResultLength = 0; WCHAR PropertyBuffer[MAX_UNICODE_STACK_BUFFER_LENGTH]; ULONG BufferLength = MAX_UNICODE_STACK_BUFFER_LENGTH; if (NT_ERROR(WdfFdoInitQueryProperty(DeviceInit, DevicePropertyClassGuid, BufferLength, PropertyBuffer, &ResultLength))) { // We cannot attach to this device, so do nothing. return STATUS_SUCCESS; } // Double check that someone has not tried to load this driver // on an unsupported device type. UNICODE_STRING DevGuid; RtlInitUnicodeString(&DevGuid, PropertyBuffer); if (RtlEqualUnicodeString(&DevGuid, &g_VolumeSnapshotGUID, TRUE)) { // If this is a snapshot, we flag it as a virtual disk. WdfDeviceInitSetDeviceType(DeviceInit, FILE_DEVICE_VIRTUAL_DISK); } else if (RtlEqualUnicodeString(&DevGuid, &g_VolumeGUID, TRUE)) { // If this is a volume, we flag it as a disk. WdfDeviceInitSetDeviceType(DeviceInit, FILE_DEVICE_DISK); } else { // Unsupported device type, so do nothing. return STATUS_SUCCESS; } -- Jamey
  Message 32 of 49  
12 Mar 18 18:36
Jamey Kirby
xxxxxx@gmail.com
Join Date: 31 Dec 2014
Posts To This List: 279
Help Stamp Out Sensless WDM Usage

Nevermind, using your advice above, I can make a single call to set the device type after passing the string tests. OK, I think I am well on my way to getting this thing ported. Thanks everyone. -- Jamey
  Message 33 of 49  
12 Mar 18 19:55
Doron Holan
xxxxxx@microsoft.com
Join Date: 08 Sep 2005
Posts To This List: 10209
Help Stamp Out Sensless WDM Usage

SetFilter will propagate the device type iirc. Wdf is open sourced, you can see for yourself. Bent from my phone ________________________________ From: xxxxx@lists.osr.com <xxxxx@lists.osr.com> on behalf of xxxxx@gmail.com <xxxxx@lists.osr.com> Sent: Monday, March 12, 2018 3:36:22 PM To: Windows System Software Devs Interest List Subject: RE:[ntdev] Help Stamp Out Sensless WDM Usage Nevermind, using your advice above, I can make a single call to set the device type after passing the string tests. OK, I think I am well on my way to getting this thing ported. Thanks everyone. -- Jamey --- NTDEV is sponsored by OSR Visit the list online at: <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.osronline.co m%2Fshowlists.cfm%3Flist%3Dntdev&data=04%7C01%7CDoron.Holan%40microsoft.com%7C55a 72a4157504aeaf41e08d58869b192%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636564 909884633671%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6 Ik1haWwifQ%3D%3D%7C-1&sdata=8d59LNO7Iz%2BbJPute8QWAt0ZDjZ%2FI68ohTdEXoBNXt0%3D&re served=0> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.osr.com%2Fse minars&data=04%7C01%7CDoron.Holan%40microsoft.com%7C55a72a4157504aeaf41e08d58869b 192%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636564909884633671%7CUnknown%7CT WFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdat a=OHXgZpMVCZrk7X%2BFexdA7meBbuWjAp3Je8HXYEhvAIE%3D&reserved=0> To unsubscribe, visit the List Server section of OSR Online at <https://na01.safelinks.protection.outlook.com/?url=http%3A%2F%2Fwww.osronline.co m%2Fpage.cfm%3Fname%3DListServer&data=04%7C01%7CDoron.Holan%40microsoft.com%7C55a 72a4157504aeaf41e08d58869b192%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636564 909884633671%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6 Ik1haWwifQ%3D%3D%7C-1&sdata=88t0XHitUWChStWTXfALdj%2BFfbmcMRhXSHVvuRaB3d8%3D&rese rved=0> --
  Message 34 of 49  
12 Mar 18 22:00
Peter Viscarola
xxxxxx@osr.com
Join Date:
Posts To This List: 6183
List Moderator
Help Stamp Out Sensless WDM Usage

Thread drift, folks... back on topic, if we can? Mr. Kirby... start a new thread. Peter OSR @OSRDrivers
  Message 35 of 49  
14 Mar 18 06:11
matt sykes
xxxxxx@hotmail.com
Join Date:
Posts To This List: 221
Help Stamp Out Sensless WDM Usage

Peter wrote: "Kernel Services should be WDM " So I was looking for documentation on a dummy inf for a kernel service driver, just to get it signed, and all I could find was documentation for wdf sections in a dummy inf. I had to go back to the 7600 DDK and find a sample inf that didnt have a manufacturers section to use as a template. So in this instance we need the WDM documentation preserved. :) I understand your frustration Peter, I too have started using WDF, on your recommendation, and my initial nausea soon passed as I realised it really is very robust and simple. But I think, like using MFC in preference to the Win32 API, that it is a wrapper on a base API, and it does no harm to be aware of that base API, and to have it documented. The issue is to use the wrapper in preference because it is so damn easy to throw stuff together. Perhaps that should be your focus?
  Message 36 of 49  
14 Mar 18 09:48
Peter Viscarola
xxxxxx@osr.com
Join Date:
Posts To This List: 6183
List Moderator
Help Stamp Out Sensless WDM Usage

> Perhaps that should be your focus? Hmmmm... Well, I didn't say I wanted to remove WDM function documentation, did I. The thing to keep in mind about WDF, and one very crucial thing that sets it apart from MFC (yuck!), is that KMDF allows you to "escape" from the framework directly to native system calls. This is a KEY PRECEPT of KMDF, and was something the community *insisted* on very vocally . This ability to escape the framework to the underlying "native" API is part of the real genius of KMDF and what makes it so very powerful. So, duh! I'm not asking to strike the description of native kernel-mode functions from the documentation. There's a difference between the WDM DRIVER MODEL -- the use of which (for everything but kernel services and a few other small niches) should be loudly decried and thoroughly discouraged -- and the underlying native Windows Ke, Se, Io, Mm, Ex, Ps, Ob, and friends APIs. What I *am* advocating is, specifically (this from my FIRST POST in this thread, qv): 1) We need to scrub the samples to make sure there are no WDM drivers around (other than software only "kernel services"). If you host example on GitHub or someplace else, if it's a WDM driver , for heavens sakes make the readme say it's a deprecated model. 2) We need the WDK docs to very clear say, everywhere, that people should be using WDM as a last resort only if they are not writing a file system or a kernel service. We should put this on every single WDM function doc page: IoXxxx, KeXxxx, etc. 3) We should warn people to NOT start a WDM sample unless they are writing a "kernel service" -- We should direct them straight to WDF. Peter OSR @OSRDrivers
  Message 37 of 49  
14 Mar 18 09:59
Bob Ammerman
xxxxxx@ramsystems.biz
Join Date: 05 Jun 2016
Posts To This List: 56
Help Stamp Out Sensless WDM Usage

Not sure why you say MFC doesn't allow 'escape' to underlying Windows APIs. It certainly does, and I've used that capability many times. MFC may not be perfect, but it really isn't bad at all, IMHO. * Bob ? Bob Ammerman ? xxxxx@ramsystems.biz ? 716.864.8337 138 Liston St Buffalo, NY 14223 www.ramsystems.biz -----Original Message----- From: xxxxx@lists.osr.com <xxxxx@lists.osr.com> On Behalf Of xxxxx@osr.com Sent: Wednesday, March 14, 2018 9:48 AM To: Windows System Software Devs Interest List <xxxxx@lists.osr.com> Subject: RE:[ntdev] Help Stamp Out Sensless WDM Usage > Perhaps that should be your focus? Hmmmm... Well, I didn't say I wanted to remove WDM function documentation, did I. The thing to keep in mind about WDF, and one very crucial thing that sets it apart from MFC (yuck!), is that KMDF allows you to "escape" from the framework directly to native system calls. This is a KEY PRECEPT of KMDF, and was something the community *insisted* on very vocally . This ability to escape the framework to the underlying "native" API is part of the real genius of KMDF and what makes it so very powerful. So, duh! I'm not asking to strike the description of native kernel-mode functions from the documentation. There's a difference between the WDM DRIVER MODEL -- the use of which (for everything but kernel services and a few other small niches) should be loudly decried and thoroughly discouraged -- and the underlying native Windows Ke, Se, Io, Mm, Ex, Ps, Ob, and friends APIs. What I *am* advocating is, specifically (this from my FIRST POST in this thread, qv): 1) We need to scrub the samples to make sure there are no WDM drivers around (other than software only "kernel services"). If you host example on GitHub or someplace else, if it's a WDM driver , for heavens sakes make the readme say it's a deprecated model. 2) We need the WDK docs to very clear say, everywhere, that people should be using WDM as a last resort only if they are not writing a file system or a kernel service. We should put this on every single WDM function doc page: IoXxxx, KeXxxx, etc. 3) We should warn people to NOT start a WDM sample unless they are writing a "kernel service" -- We should direct them straight to WDF. Peter OSR @OSRDrivers --- NTDEV is sponsored by OSR Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <http://www.osr.com/seminars> To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer>
  Message 38 of 49  
14 Mar 18 12:06
Jamey Kirby
xxxxxx@gmail.com
Join Date: 31 Dec 2014
Posts To This List: 279
Help Stamp Out Sensless WDM Usage

Counter rant: WDF is kind of a cluster duck anyway. Gone are to good old days of using grep to find a function in a file. Grep WDF looking for a function; good luck. For example, grep for "WdfFdoInitSetFilter()" in the WDF source and you find yourself at a dead end; looking at a pointer to a member function. You could load the WDF source in the compiler, and search that way. But really? We're talking about device drivers here. If you need C++ abstraction in your driver, maybe you need to rethink your design. All I wanted to do was see if WdfFdoInitSetFilter() propagated the device type field; I gave up, and just propagate it from the physical device because I have a job to do, and a deadline to meet. Maybe I am just getting too old...
  Message 39 of 49  
14 Mar 18 13:10
Mark Roddy
xxxxxx@gmail.com
Join Date: 25 Feb 2000
Posts To This List: 4090
Help Stamp Out Sensless WDM Usage

C++ class hierarchy is exactly what WDM needed in order to provide a simple api that provides default functionality that meets 90% or more of standard wdm driver functionality. This the proliferation of many third party wrappers around WDM that did just that. And now this thread is going to go down this rathole. Mark Roddy On Wed, Mar 14, 2018 at 12:06 PM, xxxxx@gmail.com <xxxxx@lists.osr.com > wrote: > Counter rant: WDF is kind of a cluster duck anyway. Gone are to good old > days of using grep to find a function in a file. Grep WDF looking for a > function; good luck. For example, grep for "WdfFdoInitSetFilter()" in the > WDF source and you find yourself at a dead end; looking at a pointer to a > member function. You could load the WDF source in the compiler, and search > that way. But really? We're talking about device drivers here. If you need > C++ abstraction in your driver, maybe you need to rethink your design. All > I wanted to do was see if WdfFdoInitSetFilter() propagated the device type > field; I gave up, and just propagate it from the physical device because I <...excess quoted lines suppressed...> --
  Message 40 of 49  
14 Mar 18 13:14
Doron Holan
xxxxxx@microsoft.com
Join Date: 08 Sep 2005
Posts To This List: 10209
Help Stamp Out Sensless WDM Usage

The classes also provide abstraction between user and kernel mode, UMDF and KMDF are built from the same source. d From: xxxxx@lists.osr.com <xxxxx@lists.osr.com> On Behalf Of xxxxx@gmail.com Sent: Wednesday, March 14, 2018 10:10 AM To: Windows System Software Devs Interest List <xxxxx@lists.osr.com> Subject: Re: [ntdev] Help Stamp Out Sensless WDM Usage C++ class hierarchy is exactly what WDM needed in order to provide a simple api that provides default functionality that meets 90% or more of standard wdm driver functionality. This the proliferation of many third party wrappers around WDM that did just that. And now this thread is going to go down this rathole. Mark Roddy On Wed, Mar 14, 2018 at 12:06 PM, xxxxx@gmail.com<mailto:xxxxx@gmail.com> <xxxxx@lists.osr.com<mailto:xxxxx@lists.osr.com>> wrote: Counter rant: WDF is kind of a cluster duck anyway. Gone are to good old days of using grep to find a function in a file. Grep WDF looking for a function; good luck. For example, grep for "WdfFdoInitSetFilter()" in the WDF source and you find yourself at a dead end; looking at a pointer to a member function. You could load the WDF source in the compiler, and search that way. But really? We're talking about device drivers here. If you need C++ abstraction in your driver, maybe you need to rethink your design. All I wanted to do was see if WdfFdoInitSetFilter() propagated the device type field; I gave up, and just propagate it from the physical device because I have a job to do, and a deadline to meet. Maybe I am just getting too old... --- NTDEV is sponsored by OSR Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev<https://na01.safelinks.protect ion.outlook.com/?url=http%3A%2F%2Fwww.osronline.com%2Fshowlists.cfm%3Flist%3Dntde v&data=04%7C01%7CDoron.Holan%40microsoft.com%7C0c1d3160a53741e374d108d589ce6565%7 C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636566441912209300%7CUnknown%7CTWFpbG Zsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=Tgy AKtzN6CVPo3V9xPp7nPQLJfb6cYLdokEg3yASwtY%3D&reserved=0>> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <http://www.osr.com/seminars<https://na01.safelinks.protection.outlook.com/?url=h ttp%3A%2F%2Fwww.osr.com%2Fseminars&data=04%7C01%7CDoron.Holan%40microsoft.com%7C0 c1d3160a53741e374d108d589ce6565%7C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C6365 66441912209300%7CUnknown%7CTWFpbGZsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTi I6Ik1haWwifQ%3D%3D%7C-1&sdata=xoYkQomnvntpP1N8%2FW14F7B4bUwCO%2BSuQz8ZfOHF08I%3D& reserved=0>> To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer<https://na01.safelinks.protect ion.outlook.com/?url=http%3A%2F%2Fwww.osronline.com%2Fpage.cfm%3Fname%3DListServe r&data=04%7C01%7CDoron.Holan%40microsoft.com%7C0c1d3160a53741e374d108d589ce6565%7 C72f988bf86f141af91ab2d7cd011db47%7C1%7C0%7C636566441912209300%7CUnknown%7CTWFpbG Zsb3d8eyJWIjoiMC4wLjAwMDAiLCJQIjoiV2luMzIiLCJBTiI6Ik1haWwifQ%3D%3D%7C-1&sdata=GKM F6gp3JMGoQGFuOVsaFWaIzoH8qG%2B9r7RiX5ltZmg%3D&reserved=0>> --- NTDEV is sponsored by OSR Visit the list online at: MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at To unsubscribe, visit the List Server section of OSR Online at
  Message 41 of 49  
14 Mar 18 13:58
Peter Viscarola
xxxxxx@osr.com
Join Date:
Posts To This List: 6183
List Moderator
Help Stamp Out Sensless WDM Usage

<quote> Grep WDF looking for a function; good luck. For example, grep for "WdfFdoInitSetFilter()" in the WDF source and you find yourself at a dead end; </quote> REALLY? I found THIS in the very first .CPP file listed: _drv_maxIRQL(PASSIVE_LEVEL) VOID WDFEXPORT(WdfFdoInitSetFilter)( __in PWDF_DRIVER_GLOBALS DriverGlobals, __in PWDFDEVICE_INIT DeviceInit ) { DDI_ENTRY(); PFX_DRIVER_GLOBALS pFxDriverGlobals; FxPointerNotNull(GetFxDriverGlobals(DriverGlobals), DeviceInit); pFxDriverGlobals = DeviceInit->DriverGlobals; if (!NT_SUCCESS(FxVerifierCheckIrqlLevel(pFxDriverGlobals, PASSIVE_LEVEL))) { return; } if (DeviceInit->IsNotFdoInit()) { DoTraceLevelMessage( pFxDriverGlobals, TRACE_LEVEL_ERROR, TRACINGDEVICE, "Not a PWDFDEVICE_INIT for an FDO"); FxVerifierDbgBreakPoint(pFxDriverGlobals); return; } DeviceInit->Fdo.Filter = TRUE; } I've heard this complaint about the WDF sources before. But, understand, what you're complaining about is simply your own lack of familiarity with the source code. You expect to be able to grep the I/O Manager source code and INSTANTLY be able to figure out... say... what a simple function like IoCallDriver does? Because I don't think that's a reasonable thing. The source code to (anything) is super useful. But I don't think it's reasonable to expect to be able to dive-in and find an answer with little/no preliminary work. Peter OSR @OSRDrivers
  Message 42 of 49  
14 Mar 18 16:36
Jan Bottorff
xxxxxx@pmatrix.com
Join Date: 16 Apr 2013
Posts To This List: 434
Help Stamp Out Sensless WDM Usage

There may be a little gotcha to wiping out all WDM sample code. Last I knew, you could NOT get static verifier to work on a three way hybrid driver. I discovered this when working on a virtual NIC miniport that used NDIS, WDF (to talk to lower layers) and WDM API calls for a few things that were impossible in WDF. It was possible to have NDIS+WDM or NDIS+WDF but not NDIS+WDF+WDM. As WDF had no way to queue directed DPCs, I had to use WDM calls, but since I could then not use WDF, I had to write a little WDM code to do the QueryInterface to the lower layer. The IRP building and QueryInterface were almost exactly from a WDM sample. Since getting the static verifier log is required for WHQL certification, it's impossible to have a WHQL certified three way hybrid driver. WDM code will live on. Jan -----Original Message----- From: xxxxx@lists.osr.com <xxxxx@lists.osr.com> On Behalf Of xxxxx@osr.com Sent: Wednesday, March 14, 2018 6:48 AM To: Windows System Software Devs Interest List <xxxxx@lists.osr.com> Subject: RE:[ntdev] Help Stamp Out Sensless WDM Usage > Perhaps that should be your focus? Hmmmm... Well, I didn't say I wanted to remove WDM function documentation, did I. The thing to keep in mind about WDF, and one very crucial thing that sets it apart from MFC (yuck!), is that KMDF allows you to "escape" from the framework directly to native system calls. This is a KEY PRECEPT of KMDF, and was something the community *insisted* on very vocally . This ability to escape the framework to the underlying "native" API is part of the real genius of KMDF and what makes it so very powerful. So, duh! I'm not asking to strike the description of native kernel-mode functions from the documentation. There's a difference between the WDM DRIVER MODEL -- the use of which (for everything but kernel services and a few other small niches) should be loudly decried and thoroughly discouraged -- and the underlying native Windows Ke, Se, Io, Mm, Ex, Ps, Ob, and friends APIs. What I *am* advocating is, specifically (this from my FIRST POST in this thread, qv): 1) We need to scrub the samples to make sure there are no WDM drivers around (other than software only "kernel services"). If you host example on GitHub or someplace else, if it's a WDM driver , for heavens sakes make the readme say it's a deprecated model. 2) We need the WDK docs to very clear say, everywhere, that people should be using WDM as a last resort only if they are not writing a file system or a kernel service. We should put this on every single WDM function doc page: IoXxxx, KeXxxx, etc. 3) We should warn people to NOT start a WDM sample unless they are writing a "kernel service" -- We should direct them straight to WDF. Peter OSR @OSRDrivers --- NTDEV is sponsored by OSR Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <http://www.osr.com/seminars> To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer>
  Message 43 of 49  
14 Mar 18 16:59
Peter Viscarola
xxxxxx@osr.com
Join Date:
Posts To This List: 6183
List Moderator
Help Stamp Out Sensless WDM Usage

<quote> Last I knew, you could NOT get static verifier to work on a three way hybrid driver </quote> Well, that's just plain silly. Please tell me you reported this and they're fixing whatever specific issues you surfaced, right? If there are bugs in SDV in certain situations, those need fixed. In the meantime, there's _Analysis_Assume_ Let's be clear: There IS no WDF driver that doesn't include some native Windows kernel-mode API function calls. I mean, seriously: Does anybody call WdfMemoryCreate in place of calling ExAllocatePoolWithTag?? Shit, there are things you can't even DO in WDF without calling a native Windows kernel-mode function (the most obvious example being MmMapIoSpace... (and, no... please don't remind me about WdfDeviceMapIoSpace... you KNOW UMDF is not what I'm talking about). <quote> The IRP building and QueryInterface were almost exactly from a WDM sample. </quote> In other words, they were probably outdated, broken, and buggy... right? Sorry, dude... Couldn't resist ;-) Peter OSR @OSRDrivers
  Message 44 of 49  
14 Mar 18 18:30
Jan Bottorff
xxxxxx@pmatrix.com
Join Date: 16 Apr 2013
Posts To This List: 434
Help Stamp Out Sensless WDM Usage

Currently, the MSFT doc page at https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/determining-if- static-driver-verifier-supports-your-driver-or-library say SDV works on drivers that meet the following requirement: "The driver does not combine driver models (for example, KMDF with WDM, or KMDF and NDIS)." My experience has been two way hybrid drivers work, but three way don't. I just submitted a doc feedback request, as what is says right now does not seem correct. Jan -----Original Message----- From: xxxxx@lists.osr.com <xxxxx@lists.osr.com> On Behalf Of xxxxx@osr.com Sent: Wednesday, March 14, 2018 1:59 PM To: Windows System Software Devs Interest List <xxxxx@lists.osr.com> Subject: RE:[ntdev] Help Stamp Out Sensless WDM Usage <quote> Last I knew, you could NOT get static verifier to work on a three way hybrid driver </quote> Well, that's just plain silly. Please tell me you reported this and they're fixing whatever specific issues you surfaced, right? If there are bugs in SDV in certain situations, those need fixed. In the meantime, there's _Analysis_Assume_ Let's be clear: There IS no WDF driver that doesn't include some native Windows kernel-mode API function calls. I mean, seriously: Does anybody call WdfMemoryCreate in place of calling ExAllocatePoolWithTag?? Shit, there are things you can't even DO in WDF without calling a native Windows kernel-mode function (the most obvious example being MmMapIoSpace... (and, no... please don't remind me about WdfDeviceMapIoSpace... you KNOW UMDF is not what I'm talking about). <quote> The IRP building and QueryInterface were almost exactly from a WDM sample. </quote> In other words, they were probably outdated, broken, and buggy... right? Sorry, dude... Couldn't resist ;-) Peter OSR @OSRDrivers --- NTDEV is sponsored by OSR Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <http://www.osr.com/seminars> To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer>
  Message 45 of 49  
15 Mar 18 09:40
Peter Viscarola
xxxxxx@osr.com
Join Date:
Posts To This List: 6183
List Moderator
Help Stamp Out Sensless WDM Usage

<quote> "The driver does not combine driver models (for example, KMDF with WDM, or KMDF and NDIS)." </quote> Well THAT flies in the face of "you need to pass SDV in order to logo"... I wonder how they POSSIBLY reconcile this? Peter OSR @OSRDrivers
  Message 46 of 49  
20 Mar 18 13:46
matt sykes
xxxxxx@hotmail.com
Join Date:
Posts To This List: 221
Help Stamp Out Sensless WDM Usage

Peter wrote: " MFC (yuck!)" MFC is a fine thing Peter. It allows you to put together apps very quickly, and the DDE feature is very handy, much easier than getting window pointers to your controls when you need to change their state. And you can jump out to the win32 API very simply by using the double colon to use the global namespace, or just using the function you want if it isnt part of some class (such as windows hooks).
  Message 47 of 49  
21 Mar 18 00:15
Shaarang Tyagi
xxxxxx@gmail.com
Join Date: 08 Mar 2017
Posts To This List: 8
Help Stamp Out Sensless WDM Usage

Is MFC still used , if yes , why? On Tue, Mar 20, 2018 at 11:15 PM, xxxxx@hotmail.com <xxxxx@lists.osr.com> wrote: > Peter wrote: " MFC (yuck!)" > > MFC is a fine thing Peter. It allows you to put together apps very > quickly, and the DDE feature is very handy, much easier than getting window > pointers to your controls when you need to change their state. > > And you can jump out to the win32 API very simply by using the double > colon to use the global namespace, or just using the function you want if > it isnt part of some class (such as windows hooks). > <...excess quoted lines suppressed...> --
  Message 48 of 49  
21 Mar 18 08:54
Peter Viscarola
xxxxxx@osr.com
Join Date:
Posts To This List: 6183
List Moderator
Help Stamp Out Sensless WDM Usage

>Is MFC still used , if yes , why? We're using it right now. We have a client, who needs to have a system-tray app written that also does notifications. Of course, writing the app in C# would be the natural choice, but... the client has a strict rule against the use of any .Net language in their shipping code. In fact, they wanted the user-mode code written in strict native Win32 C (*not* C++, no STL or ATL) and I had to persuade them to allow us to use C++/MFC/ATL for the sake of efficiency of development. We don't run into this requirement often, but it's also not unheard of for us. Security folks tend to have very specific and strongly held positions, and we generally have learned not to argue with those who pay the bills. And, yes. Regardless of what anybody else says, MFC sucks. I'm not going to debate this. If it didn't suck back in 1992 when it was first introduced, it started to suck sometime between then and now. In fact, I was surprised to find that it was still supported and not officially deprecated. What I *really* want to know is why we are talking about this on this forum. Peter OSR @OSRDrivers
  Message 49 of 49  
21 Mar 18 13:24
Tim Roberts
xxxxxx@probo.com
Join Date: 28 Jan 2005
Posts To This List: 11957
Help Stamp Out Sensless WDM Usage

xxxxx@hotmail.com wrote: > Peter wrote: " MFC (yuck!)" > > MFC is a fine thing Peter. It allows you to put together apps very quickly, and the DDE feature is very handy, much easier than getting window pointers to your controls when you need to change their state. You said "DDE", but I'm pretty sure you meant "DDX".  DDE is a crusty leftover that belongs in the dustbin of history. I never understood why WTL never took over the world.  It is a far more sensible framework than MFC, it feels much more natural in C++, and it is significantly lighter weight.  I still use it for all of my UI and diagnostic apps (at least, when I don't need cross-platform, which is a bigger and bigger consideration). I suppose its crime was that it came out at the time Microsoft was de-emphasizing C++ in favor of C#. -- Tim Roberts, xxxxx@probo.com Providenza & Boekelheide, Inc.
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntdev list to be able to post.

All times are GMT -5. The time now is 13:36.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license