Intercept: Profiling Windows Network Device Drivers
نویسندگان
چکیده
Device drivers account for a substantial part of the operating system (OS), since they implement the code that interfaces the components connected to a computer system. Unfortunately, in the large majority of cases, hardware vendors do not release their code, making the analysis of failures attributed to device drivers extremely difficult. Although several instrumentation tools exist, most of them are useless to study device drivers as they work at user level. This paper presents Intercept, a tool that profiles Windows Device Drivers (WDD) and logs the driver interactions with the OS core at function level. The tool helps to understand how a WDD works and can provide support for several activities, such as debugging, robustness testing, or reverse engineering. Experiments using Ethernet, Wi-Fi and Bluetooth device drivers show that Intercept is able to record function calls, parameters and return values, with small overheads even when the device driver under test is subject to a heavy workload.
منابع مشابه
Microsoft Windows Network Virtual Device Drivers in PATHWORKS for DOS
Digital's PATHWORKS for DOS version 4.1 personal computer integration software includes two network virtual device drivers for the Microsoft Windows environment. These drivers allow Windows applications operating in a protected processor mode and standard DOS applications in a virtual machine to concurrently access services designed to run in real mode under the DOS operating system. The networ...
متن کاملWindows CE 6 . 0 Stream Driver
Developing device drivers is one of the most difficult tasks to develop or port operating systems. A device driver needs to be described according to the target device and OS. A major design goal in operating system developments is stability and one of the challenges of this stability is device drivers. Device drivers are more likely to crash the operating system for two reasons: on one side th...
متن کاملWindows driver memory analysis: A reverse engineering methodology
In a digital forensics examination, the capture and analysis of volatile data provides significant information on the state of the computer at the time of seizure. Memory analysis is a premier method of discovering volatile digital forensic information. While much work has been done in extracting forensic artifacts from Windows kernel structures, less focus has been paid to extracting informati...
متن کاملGet More Device Drivers out of the Kernel!
Now that Linux has fast system calls, good (and getting better) threading, and cheap context switches, it’s possible to write device drivers that live in user space for whole new classes of devices. Of course, some device drivers (Xfree, in particular) have always run in user space, with a little bit of kernel support. With a little bit more kernel support (a way to set up and tear down DMA saf...
متن کاملA Dynamic Security Mechanism for Web Services Based on NDIS Intermediate Drivers
Based on the analysis of several kinds of methods generally used to intercept network packets in different layers, a dynamic mechanism using NDIS intermediate drivers is proposed to protect web security, which can block malicious connection in real time. The mechanism is mainly composed of three components which include NDIS intermediate driver-based interception module, filter module and coope...
متن کامل