Layered Driver Architecture

http://msdn.microsoft.com/en-us/library/ms791644.aspx Layered Driver ArchitectureWindows operating systems support a layered driver architecture. Every device is serviced by a chain of drivers, typically called a driver stack. Each driver in the stack isolates some hardware-dependent features from the drivers above it.The following figure shows the types of drivers that could potentially be in a driver stack for…


Get installed hotfixes in Windows

Here is a command: wmic qfe list full On XP, go to the registry directly: Instances of this class represent updates found in two places in the registry:   HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows  NT\    CurrentVersion\Hotfix HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Updates On Vista+, the registry doesn’t exist any more. Try the WMI Class: Win32_QuickFixEngineering Class http://msdn.microsoft.com/en-us/library/aa394391(VS.85).aspx


To ignore a device’s serial number

http://www.lvr.com/usbfaq.htm During device testing, we attach many devices that are identical except for the serial numbers. How can I prevent Windows from asking to install a new driver every time a device is attached? This method causes Windows 2000 and XP to ignore a device’s serial number. It’s recommended for test environments only. This registry…

3

Run program as Local System Account

To delete registry keys under Vista+… This article  which demonstrates the use of PSTools from SysInternals which was acquired by Microsoft  in July, 2006. I launched the command line and issued the following statement  and suddenly I was running under the Local System Account like magic: psexec -i -s cmd.exe PSTools worked great.   Running…


How to remove phantom/ghost devices

What is phantom devices Hidden, inactive deives, ghost devices. When a device is physically removed from a machine, the driver becomes a phantom and is no longer visible in Device Manager. Normally this is desirable, but can be a problem if you wish to remove the device driver. How to identify and remove phantom devices…


Overview of Signing and Install Process

    I think “PIC” actually means “SPC”. http://msdn.microsoft.com/en-us/library/aa906274.aspxKernel-Mode Code Signing Requirements for Public Release of a DriverWindows Vista 64-bit VersionsThe kernel-mode code signing policy requires that a kernel-mode driver be signed as follows:?    A kernel-mode boot-start driver must have an embedded Software Publisher Certificate (SPC) signature. This applies to any type of PnP or…


Test an unsigned driver

The recommendation is test-sign your driver…Installing an Unsigned Driver during Development and Testhttp://msdn.microsoft.com/en-us/library/aa906338.aspxBy default, 64-bit versions of Windows Vista and later versions of Windows will  load a kernel-mode driver only if the kernel can verify the driver signature.  However, this default behavior can be disabled to facilitate early driver  development and non-automated testing. Developers can…


Safely Remove Hardware

1. Invoke the Safely Remove Hardware Dialog:RunDll32.exe shell32.dll,Control_RunDLL hotplug.dll2. First issue CM_Query_And_Remove_SubTree on the device node, and then follow up with CM_Request_Device_Eject on the device node. Note: use the device node for the USB storage device enumerated by the USB hub, not the volume device enumerated via USBSTOR. Approach overview 1. Open the device via…

1

How the system Finds and Loads Drivers

1. PnP device It has an electronic signature that bus driver can detect the new hardware 2. Legacy device Initiate the detection by invoking Add New Hardware Wizard. In the end, in both PnP and Legacy Device situation, system uses the same automatic registry and INF file process to load the right driver. Function driver:…


PnP Device Installation

1. Plug the device into the computer.2. The device is enumerated. the bus driver notifies the kernel-mode PnP manager that the list of devices on the bus has changed. The Kernel-mode PnP manager sends IRPs(IRP_MN_QUERY_ID, IRP_MN_QUERY_CAPABILITIES) to bus driver to gather information about the new device, such as HadwardID, CompatibleIDs and device capabilities.3. The kernel_mode…