Windows kernel-Windows Driver Model

- Nisec liangge

Agenda• The limits about to-day’s presentation

• What differences be-tween ring0 and ring3

• How OS Startup• How driver works

Limits• Win2000/xp/2003, no Vista

• X86, no details• WDM, no WDF• Basic, no complex• 32-bit, no 64-bit

What differences-ring0 and ring3• Advantage

• The whole instructions• The whole memory• The details about OS• A lot of routines• More things can do

What differences-ring0 & ring3• Disadvantage:

•More time to work on•More dangerous for machine

•More challenge

What differences – Win & UNIX• Advantage

•Microsoft•Strong man•Market

What differences – Win & UNIX• Disadvantage:

•Little source code•excellent documenta-tion

•Microsoft

How OS startup• Setup system

• MBR• Boot sector

• Kernel• Ntldr-load boot driver• NtOskrnl.exe

Ntoskrnl• Phase0

•No interrupt•Initialize

• Phase1•Allow interrupt•IoManager initialize

IoManager• boot driver, system start driver, service auto driver, service demand start

• Enumeration• Recursion• Devnode• From top to root

How driver works• See WORD

Further Reading• Mark E. Russinovich and David A. Solomon, Microsoft Windows internals, 4th Edition, MS press

• Walter OneyMicrosoft Windows driver model, 2th edition, MS press

• DDK document, source code

Useful website• http://msdn.microsoft.com• http://www.osronline.com• http://www.msdnaa.net/cur-riculum/pfv.aspx?ID=6191

• http://www.driverdevelop.-com

End

•Thanks!•QA