Well, THIS one was a surprise…After triggering a memory leak in a driver, the system surprisingly crashed due to a call to FsRtlIsNameInExpression: As best we could tell we were passing valid input to FsRtlIsNameInExpression, so what’s up? The answer lies in the exception code: STATUS_NO_MEMORY (0xC0000017). A quick scan of the disassembly shows that yes […]
Check out the new Virtual Hardware Lab Kit (VHLK)
A big complaint I’ve always had about the HLKs is the overhead of getting a system provisioned as the HLK controller. This is made even worse now by the blistering speed with which Windows feature updates are coming, thus requiring the installation of yet another HLK controller for compliance testing every few months. I was […]
Beware MmBuildMdlForNonPagedPool and Kernel Stacks
Well, this one took us by surprise… MmBuildMdlForNonPagedPool is the standard shortcut function drivers use to build MDLs describing non-pageable memory. Despite the name, the buffer described by the MDL does not necessarily need to come from non-paged pool. For example, the documentation says it’s legal to call MmBuildMdlForNonPagedPool on the buffer returned by MmAllocateContiguousMemorySpecifyCache, […]
Meltdown and Spectre: What about drivers?
The week the Meltdown and Spectre vulnerabilities was one of the most fun weeks I’ve had in a while. Not only were the vulnerabilities mind-bendingly clever, that week had just about everything you could possibly want in a story: mystery, intrigue, heroes, villains, and probably the greatest patch ever submitted. After consuming as much information […]
WDK 1709 (aka 16299 aka RS3) Released!
Yet another release of Windows 10 means yet another release of the WDK: https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit The big news with this release is that driver development is finally integrated with Visual Studio 2017. Also good news is that this kit continues to support development for Windows 7, meaning that there aren’t many reasons to NOT upgrade to […]
WinDbg, Debugger Objects, and JavaScript! Oh, My!
In case you’ve missed it, there are tons of changes going on under the covers in WinDbg. There is a fundamental paradigm shift going on in terms of how WinDbg grants access and presents data to the user and it can lead to some pretty cool results. Let’s take a concrete example of the old way […]
1394 Boot Debugging is Dead
TL;DR: Don’t waste your time like we did – 1394 boot debugging no longer works on the latest builds on Windows 10. As you might already be aware, native 1394 kernel debug support was pulled from the latest Windows 10 releases. An officially sanctioned workaround was provided by the kernel debugging team at Microsoft and we […]
Is Running the HLK Tests REALLY a Best Practice?
I can hear you now, scoffing as you read the latest issue of The NT Insider: “You OSR people actually think running the HLK tests is a Best Practice? Seriously?” I know this is what you’re thinking, because we had this same “discussion” internally among members of the OSR engineering staff. It turns out that how […]
Visual Studio 2017 Released — Driver Devs: Stay Where You Are
Good News: Today Visual Studio (VS) 2017 was released to General Availability. You can download it here. Bad News: The Windows Driver Kit (WDK) doesn’t support this latest version of Visual Studio, so us driver devs are stuck on VS 2015 for our driver development. There’s really not that much to say about it, except […]
Debugging Target RS1? Good Luck!
[Last updated 31 Aug 2016, 16:11 Eastern time] Update: As of 31 August 2016, we have verified that RS1 symbols are now present and indexed on the MSFT Symbol Server. Yay! We’re back in business! The hits to driver developers just keep on coming when it comes to RS1. The latest? The symbols for WDF01000.SYS and […]
OSR Open Systems Resources, Inc.