Undocumented Windows 2000 Secrets

Just finished reading Undocumented Windows 2000 Secrets: A Programmer’s Cookbook by Sven B. Schreiber. Well, I say reading, it was really just a first pass through the book. The text and code spends more time in kernel mode than user mode; there’s a lot of information in there and it’s all relatively new to me so it’s the kind of book that needs a fair bit of work.

Sven starts by explaining how to set up a system that you can use for kenel mode development, you don’t want to use your main box as it will be blue screening a lot of the time. Thanks to virtual machines I had something set up pretty quickly. VMWare/Virtual PC are ideal for this as you can map the virtual machine’s serial ports to named pipes on the host machine and windbg can (sometimes) connect to these so that you can run the debugger on your main machine… Once you have a machine set up the first thing you do is force it to blue screen using a simple, bad, driver. The book then walks you through capturing the crash dump and working with it with i386kd.exe and symbol files.

Next comes an explaination of the Windows 2000 Native API, what it is, how it works, how Win32 is just a layer on top and how you can interface parts of the Native API from Win32 code.

Next we’re into the DDK and developing a simple skeleton device driver. This seems like a much better introduction to device driver development than either Programming the Windows Driver Model or Developing Windows NT Device Drivers: A Programmer’s Handbook both of which I hope to return to now that I have a bit more knowledge under my belt.

The meat of the book is Sven’s “spy driver” which takes up the rest of the book. The spy driver allows you to look at kernel memory and decode it, hook kernel APIs calls (like regmon and filemon do) and call arbitrary kernel mode functions from user mode. It’s complex code but it’s described really well. I didn’t play with the spy driver that much, but I will when I read the book again… This time through it was enough to read about how it works and use it as an simple introduction to writing drivers.

Sven makes a complicated subject relatively approachable. The book isn’t an easy read but the writing is good and everything is explained well. Recommended; pity it’s out of print…