Creating UserMode Drivers with a Proxy or How

Creating User-Mode Drivers with a Proxy (or How to Look Smarter Than You Really Are) Galen C. Hunt Microsoft Research and the University of Rochester Department of Computer Science 1

Problem u NT Drivers Difficulties: v Kernel-Mode Environment: : Minimal (12 K) Stack, : Paged and Non-Paged Memory Pools, : Crashes are Globally Fatal, : Two (2) Machines for Debugging. v Packet-Driven 29 -Nov-20 I/O Model: : Fully re-entrant code, : Take extreme care when blocking. 2

Solution u Write u Use 29 -Nov-20 User-Mode Device Drivers. Proxy for a Kernel-Mode Presence. 3

Outline u Introduction u Outline u NT Driver & Proxy Architecture u Implementation u Performance u Related Details Measurements Work u Conclusions 4

NT Kernel-Mode I/O Architecture I/O Manager = I/O Request Packet Crypto - Filter Driver NTFS - File-System Driver Stripe (RAID) - Intermediate Driver SCSI Adaptec - Port Driver - Miniport (Adapter) Driver 5

Mo de Kernel-Mode Driver Architecture AP Is Us er Application and Win 32 Subsystem s IRP Ke rne l. M od e NT Executive (I/O Manager) Device Entry Device Driver 6

er e AP Is Us COM Service s Stub Entry Host Entry s IRP rne l. M od NT I/O Manager IRP Ke s M API App. & Win 32 User-Mode Driver CO Mo de Proxy Driver Architecture Proxy Driver 7

Proxy Details App. & Win 32 User-Mode Driver COM Service NT I/O Manager Stub Entry 1 Host Entry Proxy Driver 8

Proxy Details App. & Win 32 User-Mode Driver COM Service 1 NT I/O Manager Stub Entry Host Entry 2 Proxy Driver 9

Proxy Details App. & Win 32 User-Mode Driver COM Service 1 NT I/O Manager Stub Entry 2 Host Entry Proxy Driver 3 10

Proxy Details App. & Win 32 User-Mode Driver COM Service 4 1 NT I/O Manager Stub Entry 2 Host Entry Proxy Driver 3 11

Proxy Details App. & Win 32 User-Mode Driver COM Service 4 1 NT I/O Manager 5 Stub Entry 2 Host Entry Proxy Driver 3 12

Proxy Details App. & Win 32 User-Mode Driver COM Service 4 1 NT I/O Manager 5 6 Stub Entry 2 Host Entry Proxy Driver 3 13

Proxy Details App. & Win 32 User-Mode Driver COM Service 4 1 NT I/O Manager 5 6 Stub Entry 2 Host Entry Proxy Driver 7 3 14

Proxy Details App. & Win 32 User-Mode Driver 8 COM Service 4 1 NT I/O Manager 5 6 Stub Entry 2 Host Entry Proxy Driver 7 3 15

Proxy Details App. & Win 32 User-Mode Driver 8 COM Service 4 9 1 NT I/O Manager 5 6 Stub Entry 2 Host Entry Proxy Driver 7 3 16

Proxy Details App. & Win 32 User-Mode Driver 8 COM Service 4 9 1 NT I/O Manager 5 6 Stub Entry 2 Host Entry Proxy Driver 7 10 3 17

Proxy Details App. & Win 32 User-Mode Driver 8 COM Service 4 11 5 6 9 1 NT I/O Manager Stub Entry 2 Host Entry Proxy Driver 7 10 3 18

Proxy Details Summary App. & Win 32 User-Mode Driver COM Service 4 11 5 6 1 8 2 7 9 NT I/O Manager Stub Entry Host Entry Proxy Driver 10 3 19

Null (Raw) Device Latency = 14 s 20

Raw Device Throughput 21

Ram. Disk Throughput 22

File-System Write Throughput 23

Related Work u Watchdogs u Semantic u HURD u Frigate u Rialto [Bershad & Pinkerton, 1988] File System [Gifford et al, 1991] Translators [Bushnell, 1994] [Kim and Popek, 1997] [Draves and Cutshall, 1997] 24

Conclusion u Drivers Create with Proxy include: v HTTP/FTP v Virtual u Further File System Memory Disk Information: v http: //research. microsoft. com/~galenh/proxy 25

Appendix A: IDevice. File. Sink interface IDevice. File. Sink : IUnknown { HRESULT Create ([in] IDev. Irp *p. Irp, [in] IDev. Security. Context *p. Ctxt, . . . HRESULT Cleanup ([in] IDev. Irp *p. Irp); HRESULT Close ([in] IDev. Irp *p. Irp); HRESULT Shutdown ([in] IDev. Irp *p. Irp); HRESULT Read ([in] IDev. Irp *p. Irp, [in] LARGE_INTEGER Byte. Offset, . . . HRESULT Write ([in] IDev. Irp *p. Irp, [in] LARGE_INTEGER Byte. Offset, . . . HRESULT Device. Control ([in] IDev. Irp *p. Irp, [in] ULONG Io. Control. Code, . . . HRESULT Query. Information([in] IDev. Irp *p. Irp, [in] ULONG Length, . . . HRESULT Set. Information ([in] IDev. Irp *p. Irp, [in] ULONG Length, . . . HRESULT Flush. Buffers ([in] IDev. Irp *p. Irp); }; 26