I have been getting quite a few personal emails with specific questions on how to write a driver or how to a specific technology works or how to fix a particular problem.  I welcome the emails, but I want these discussions to be public so that they are searchable by others (and I can’t be…



If you would like me to write about a topic that relates to WDM, the kernel, debugging, WDF, KMDF, UMDF, or anything that I have refered to in other entries, please add a comment to this entry.  Comments will be cleared out periodically if there is enough traffic.


Avoiding #defines for constant data and using enums instead

I think that the C preprocessor is a very powerful tool, but I like to limit my use of #defines. I have already touched on this when i talked about why I liked FORCEINLINE and I want to talk about it some more. I realize I can’t eliminate the use of #defines throughout all of…


What is IRQL?

Jake Oshins wanted to write about IRQLs and I am gladly letting him use my blog as a platform.  Here it is… I’ve found myself explaining IRQL a lot lately, sometimes to people who want to know because they’re trying to write Windows drivers and sometimes to people who are accustomed to Linux or some…



For kernel mode code, if I have choice between using a #define or a FORCEINLINE function, the FORCEINLINE function wins every time.  #defines have their place, especially for quotifying (the # operator) or concatenating (the ## operator), but they have no place in my heart for constants or pseudo functions. FORCEINLINEs have type checking.  On…


String buffers and IRQL

If you look at the docs for many Rtl string functions, you will see that they are callable only at IRQL == PASSIVE_LEVEL.  This applies to not only Rtl functions but also to CRT functions Why is that?  Well, there are a few resaons The Rtl functions are marked PAGEable so you can’t even execute…


Using ntintsafe.h is a great idea, but I don’t know how readable the results are

The addition of ntintsafe.h for detecting integer overflow/underflow is a great addition to the WDK. It unifies how everyone detects these math errors, leading to common code that anyone can pickup and see what it does…BUT, I have found it does have a “tax.” What is actually being computed can be become unclear! For instance,…


Not a big fan of #ifdef or #ifndef

I am not a big fan of the C/C++ preprocessor directives #ifdef or #ifndef. I am not denying that they certainly have their place and usage in the language. I’ll first write about where I think they are useful and then about the situations where I feel they are not. #ifndef is very useful for…


I want my sleep key back! (or how to hibernate a machine from your app)

One of the first things I do when I get a new desktop machine or install a new build of Windows is to map the Sleep button on my keyboard to hibernate instead of suspend. Hibernate makes more sense for these machines because they will never run on batteries and I want them to be…


Hindsight is 20/20, EvtDriverUnload should have not been in KMDF

The KMDF model evolved over the entire development cycle. It was refined and refactored multiple times. A lot of WDM abstractions leak through the to the KMDF model. These leaks usually forced their way into the model because without them, KMDF cannot function properly. Other abstraction leaks were just design decisions that were not updated…