Windows Kernel Programming
Windows Kernel Programming
About the Book
The book describes software kernel drivers programming for Windows. These drivers don't deal with hardware, but rather with the system itself: processes, threads, modules, registry and more. Kernel code can be used for monitoring important events, preventing some from occurring if needed. Various filters can be written that can intercept calls that a driver may be interested in.
- Who Should Read This Book
- What You Should Know to Use This Book
- Sample Code
Chapter 1: Windows Internals Overview
- Page States
- System Memory
- Thread Stacks
- System Services (a.k.a. System Calls)
- General System Architecture
Handles and Objects
- Object Names
- Accessing Existing Objects
Chapter 2: Getting Started with Kernel Development
- Installing the Tools
- Creating a Driver Project
- The DriverEntry and Unload Routines
- Deploying the Driver
- Simple Tracing
Chapter 3: Kernel Programming Basics
General Kernel Programming Guidelines
- Unhandled Exceptions
- Function Return Values
- C++ Usage
- Testing and Debugging
- Debug vs. Release Builds
- The Kernel API
- Functions and Error Codes
- Dynamic Memory Allocation
- The Driver Object
- Device Objects
- General Kernel Programming Guidelines
Chapter 4: Driver from Start to Finish
- Passing Information to the Driver
- Client / Driver Communication Protocol
- Creating the Device Object
- Client Code
- The Create and Close Dispatch Routines
- Installing and Testing
Chapter 5: Debugging
- Debugging Tools for Windows
Introduction to WinDbg
- Tutorial: User mode debugging basics
- Local Kernel Debugging
- Local kernel Debugging Tutorial
Full Kernel Debugging
- Configuring the Target
- Configuring the Host
- Kernel Driver Debugging Tutorial
Chapter 6: Kernel Mechanisms
Interrupt Request Level
- Raising and Lowering IRQL
- Thread Priorities vs. IRQLs
Deferred Procedure Calls
- Using DPC with a Timer
Asynchronous Procedure Calls
- Critical Regions and Guarded Regions
Structured Exception Handling
Using C++ RAII Instead of
- Crash Dump Information
- Analyzing a Dump File
- System Hang
- Interlocked Operations
- Dispatcher Objects
- Fast Mutex
- Executive Resource
High IRQL Synchronization
- The Spin Lock
- Work Items
- Interrupt Request Level
Chapter 7: The I/O Request Packet
- Introduction to IRPs
- IRP Flow
IRP and I/O Stack Location
- Viewing IRP Information
- Completing a Request
Accessing User Buffers
- Buffered I/O
- Direct I/O
User Buffers for
Putting it All Together: The Zero Driver
- Using a Precompiled Header
- The Read Dispatch Routine
- The Write Dispatch Routine
- Test Application
Chapter 8: Process and Thread Notifications
- Process Notifications
Implementing Process Notifications
- Handling Process Exit Notifications
- Handling Process Create Notifications
Providing Data to User Mode
- The User Mode Client
- Thread Notifications
- Image Load Notifications
Chapter 9: Object and Registry Notifications
- Pre-Operation Callback
- Post-Operation Callback
The Process Protector Driver
- Object Notification Registration
- Managing Protected Processes
- The Pre-Callback
- The Client Application
- Handling Pre-Notifications
- Handling Post-Operations
- Performance Considerations
Implementing Registry Notifications
- Handling Registry Callback
- Modified Client Code
- Object Notifications
Chapter 10: Introduction to File System Mini-Filters
- Loading and Unloading
- Operations Callback Registration
- The Altitude
- INF Files
- Installing the Driver
Processing I/O Operations
- Pre Operation Callbacks
- Post Operation Callbacks
The Delete Protector Driver
- Handling Pre-Create
- Handling Pre-Set Information
- Some Refactoring
- Generalizing the Driver
- Testing the Modified Driver
- File Name Parts
The Alternate Delete Protector Driver
- Handling Pre-Create and Pre-Set Information
- Testing the Driver
- Managing Contexts
- Initiating I/O Requests
The File Backup Driver
- The Post Create Callback
- The Pre-Write Callback
- The Post-Cleanup Callback
- Testing the Driver
- Restoring Backups
User Mode Communication
- Creating the Communication Port
- User Mode Connection
- Sending and Receiving Messages
- Enhanced File Backup Driver
- The User Mode Client
Chapter 11: Miscellaneous Topics
- Driver Signing
- Example Driver Verifier Sessions
- Using the Native API
- Filter Driver Implementation
- Attaching Filters
- Attaching Filters at Arbitrary Time
- Filter Cleanup
- More on Hardware-Based Filter Drivers
- Adding a Device to Filter
- Removing a Filter Device
- Initialization and Unload
- Handling Requests
- Testing the Driver
- Results of Requests
- Driver Hooking
- Kernel Libraries
The Leanpub 45-day 100% Happiness Guarantee
Within 45 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.
See full terms
Free Updates. DRM Free.
If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).
Most Leanpub books are available in PDF (for computers), EPUB (for phones and tablets) and MOBI (for Kindle). The formats that a book includes are shown at the top right corner of this page.
Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.
Algebra-Driven DesignSandy Maguire
A how-to field guide on building leak-free abstractions and algebraically designing real-world applications.
Production HaskellMatt Parsons
Are you excited about Haskell, but don't know where to begin? Are you thrilled by the technical advantages, but worried about the unknown pitfalls? This book has you covered.
Machine Learning EngineeringAndriy Burkov
"If you intend to use machine learning to solve business problems at scale, I'm delighted you got your hands on this book."
—Cassie Kozyrkov, Chief Decision Scientist at Google
"Foundational work about the reality of building machine learning models in production."
—Karolis Urbonas, Head of Machine Learning and Science at Amazon
The Hundred-Page Machine Learning BookAndriy Burkov
Everything you really need to know in Machine Learning in a hundred pages.
Ansible for DevOpsJeff Geerling
Ansible is a simple, but powerful, server and configuration management tool. Learn to use Ansible effectively, whether you manage one server—or thousands.
OpenIntro StatisticsDavid Diez, Christopher Barr, Mine Cetinkaya-Rundel, and OpenIntro
A complete foundation for Statistics, also serving as a foundation for Data Science.
Leanpub revenue supports OpenIntro (US-based nonprofit) so we can provide free desk copies to teachers interested in using OpenIntro Statistics in the classroom and expand the project to support free textbooks in other subjects.
More resources: openintro.org.
Cloud StrategyGregor Hohpe
While most enterprises are moving to the cloud these days, many initiatives are driven by wishes or promises rather than a sound strategy. Harvested from half a decade of cloud migrations, this book shares frameworks, strategies, and anecdotes for a structured and decision-centric path to cloud success.
Sockets and PipesType Classes
Sockets and Pipes is not an introduction to Haskell; it is an introduction to writing software in Haskell. Using a handful of everyday Haskell libraries, this book walks through reading the HTTP specification and implementing it to create a web server.
C++ Best PracticesJason Turner
Level up your C++, get the tools working for you, eliminate common problems, and move on to more exciting things!
Practical FP in Scala: A hands-on approachGabriel Volpe
A practical book aimed for those familiar with functional programming in Scala who are yet not confident about architecting an application from scratch.
Together, we will develop a purely functional application using the best libraries in the Cats ecosystem, while learning about design patterns and best practices.
The Node.js Bundle
3 BooksThis bundle combines three bestselling Leanpub Node.js books into a package that gives you everything you need to get started with developing Node.js applications at an unbeatable price.
The Tester's Library
8 BooksThe Tester's Library consists of eight five-star books that every software tester should read and re-read. As bound books, this collection would cost over $200. Even as e-books, their price would exceed $80, but in this bundle, their cost is only $49.99. Here are the books, and why they should be in your library: Perfect Software and Other...
11 BooksIn this bundle, you will find 10 different agile books. They are about different aspects of being agile. - finding a job - doing coding dojo's - Retrospectives - Personal kanban - a non-typical coaching book and even a book that gives you an insight in the lives of some agile people.
WTFlop 6M + HU - Beta Bundle
Fifty Quick Ideas
3 BooksGet all three books for the price of two! Fifty Quick Ideas books are full of practical, real-world techniques that you can use to improve teamwork, build better products and build them in a better way.
Growing Agile: Coach's Guide Series
4 BooksThis bundle provides a collection of training and workshop plans for a variety of agile topics. The series is aimed at agile coaches, trainers and ScrumMasters who often find themselves needing to help teams understand agile concepts. Each book in the series provides the plans, slides, handouts and activity instructions to run a number of...
Marionette.js A to Z
Complete Scala Bundle
3 BooksScala is a general-purpose programming language and it's getting extremely popular these days. Some say that learning Scala could be a challenging task. My experience, however, suggests that this is actually a myth that has very little to do with reality. With the right approach, learning Scala can be easy, fun and rewarding.The first book from...
Build A Better Backbone App
3 BooksThe best way to learn new development skills is through experience, but that takes time you don't have.Get the best of both worlds with this bundle: you'll learn how to produce modern web applications by learning from experienced developers like Derick Bailey and David Sulc. BackboneJS is one of the favorite tools on the web today, but it...