Leanpub Header

Skip to main content
Go to Leanpub.comLeanpub

Windows Kernel Programming

Pavel Yosifovich

There is nothing like the power of the kernel in Windows - but how do you write kernel drivers to take advantage of that power? This book will show you how.

Minimum price

$19.95

$31.95

You pay

$31.95

Author earns

$25.56
$

...Or Buy With Credits!

You can get credits with a paid monthly or annual Reader Membership, or you can buy them here.
PDF
EPUB
WEB
818
Readers
455
Pages
About

About

About the Book

The book describes software kernel drivers programming for Windows. These drivers don't deal with hardware, but rather with the system itself: processes, threads, modules, registry and more. Kernel code can be used for monitoring important events, preventing some from occurring if needed. Various filters can be written that can intercept calls that a driver may be interested in.

Share this book

Feedback

Email the Author

Author

About the Author

Pavel Yosifovich

Pavel Yosifovich is a renowned author, developer, and expert in Windows Internals, system programming, and software development. With extensive experience in low-level programming, he has authored several highly regarded books, including Windows Internals, Part 1 (7th Edition) and Windows 10 System Programming. His works provide deep insights into Windows architecture, kernel-mode development, and debugging techniques, making them essential resources for developers, security researchers, and IT professionals.

Beyond his books, Pavel is also known for his contributions to the developer community through training, blog posts, tools, and technical talks. He offers in-depth courses on TrainSec, where students can learn Windows Internals, debugging, and system programming directly from his expertise. His writing style balances technical depth with clarity, making complex topics accessible to both beginners and experienced programmers. Pavel’s books and courses serve as authoritative guides for those looking to master Windows and programming.

Leanpub Podcast

Episode 257

An Interview with Pavel Yosifovich

Contents

Table of Contents

Introduction

  1. Who Should Read This Book
  2. What You Should Know to Use This Book
  3. Sample Code

Chapter 1: Windows Internals Overview

  1. Processes
  2. Virtual Memory
  3. Page States
  4. System Memory
  5. Threads
  6. Thread Stacks
  7. System Services (a.k.a. System Calls)
  8. General System Architecture
  9. Handles and Objects
  10. Object Names
  11. Accessing Existing Objects

Chapter 2: Getting Started with Kernel Development

  1. Installing the Tools
  2. Creating a Driver Project
  3. The DriverEntry and Unload Routines
  4. Deploying the Driver
  5. Simple Tracing
  6. Exercises
  7. Summary

Chapter 3: Kernel Programming Basics

  1. General Kernel Programming Guidelines
  2. Unhandled Exceptions
  3. Termination
  4. Function Return Values
  5. IRQL
  6. C++ Usage
  7. Testing and Debugging
  8. Debug vs. Release Builds
  9. The Kernel API
  10. Functions and Error Codes
  11. Strings
  12. Dynamic Memory Allocation
  13. Lists
  14. The Driver Object
  15. Device Objects
  16. Summary

Chapter 4: Driver from Start to Finish

  1. Introduction
  2. Driver Initialization
  3. Passing Information to the Driver
  4. Client / Driver Communication Protocol
  5. Creating the Device Object
  6. Client Code
  7. The Create and Close Dispatch Routines
  8. The DeviceIoControl Dispatch Routine
  9. Installing and Testing
  10. Summary

Chapter 5: Debugging

  1. Debugging Tools for Windows
  2. Introduction to WinDbg
  3. Tutorial: User mode debugging basics
  4. Kernel Debugging
  5. Local Kernel Debugging
  6. Local kernel Debugging Tutorial
  7. Full Kernel Debugging
  8. Configuring the Target
  9. Configuring the Host
  10. Kernel Driver Debugging Tutorial
  11. Summary

Chapter 6: Kernel Mechanisms

  1. Interrupt Request Level
  2. Raising and Lowering IRQL
  3. Thread Priorities vs. IRQLs
  4. Deferred Procedure Calls
  5. Using DPC with a Timer
  6. Asynchronous Procedure Calls
  7. Critical Regions and Guarded Regions
  8. Structured Exception Handling
  9. Using __try/__except
  10. Using __try/__finally
  11. Using C++ RAII Instead of __try / __finally
  12. System Crash
  13. Crash Dump Information
  14. Analyzing a Dump File
  15. System Hang
  16. Thread Synchronization
  17. Interlocked Operations
  18. Dispatcher Objects
  19. Mutex
  20. Fast Mutex
  21. Semaphore
  22. Event
  23. Executive Resource
  24. High IRQL Synchronization
  25. The Spin Lock
  26. Work Items
  27. Summary

Chapter 7: The I/O Request Packet

  1. Introduction to IRPs
  2. Device Nodes
  3. IRP Flow
  4. IRP and I/O Stack Location
  5. Viewing IRP Information
  6. Dispatch Routines
  7. Completing a Request
  8. Accessing User Buffers
  9. Buffered I/O
  10. Direct I/O
  11. User Buffers for IRP_MJ_DEVICE_CONTROL
  12. Putting it All Together: The Zero Driver
  13. Using a Precompiled Header
  14. The DriverEntry Routine
  15. The Read Dispatch Routine
  16. The Write Dispatch Routine
  17. Test Application
  18. Summary

Chapter 8: Process and Thread Notifications

  1. Process Notifications
  2. Implementing Process Notifications
  3. The DriverEntry Routine
  4. Handling Process Exit Notifications
  5. Handling Process Create Notifications
  6. Providing Data to User Mode
  7. The User Mode Client
  8. Thread Notifications
  9. Image Load Notifications
  10. Exercises
  11. Summary

Chapter 9: Object and Registry Notifications

  1. Object Notifications
  2. Desktop Objects
  3. Pre-Operation Callback
  4. Post-Operation Callback
  5. The Process Protector Driver
  6. Object Notification Registration
  7. Managing Protected Processes
  8. The Pre-Callback
  9. The Client Application
  10. Registry Notifications
  11. Handling Pre-Notifications
  12. Handling Post-Operations
  13. Performance Considerations
  14. Implementing Registry Notifications
  15. Handling Registry Callback
  16. Modified Client Code
  17. Exercises
  18. Summary

Chapter 10: Introduction to File System Mini-Filters

  1. Introduction
  2. Loading and Unloading
  3. Initialization
  4. Pipes and Mailslots
  5. Direct Access Volume (DAX or DAS)
  6. Operations Callback Registration
  7. The Altitude
  8. Installation
  9. INF Files
  10. Installing the Driver
  11. Processing I/O Operations
  12. Pre Operation Callbacks
  13. Post Operation Callbacks
  14. The Delete Protector Driver
  15. Handling Pre-Create
  16. Handling Pre-Set Information
  17. Some Refactoring
  18. Generalizing the Driver
  19. Testing the Modified Driver
  20. File Names
  21. File Name Parts
  22. RAII FLT_FILE_NAME_INFORMATION wrapper
  23. The Alternate Delete Protector Driver
  24. Handling Pre-Create and Pre-Set Information
  25. Testing the Driver
  26. Contexts
  27. Context Types
  28. Managing Contexts
  29. Initiating I/O Requests
  30. The File Backup Driver
  31. The Post Create Callback
  32. The Pre-Write Callback
  33. The Post-Cleanup Callback
  34. Testing the Driver
  35. Restoring Backups
  36. User Mode Communication
  37. Creating the Communication Port
  38. User Mode Connection
  39. Sending and Receiving Messages
  40. Enhanced File Backup Driver
  41. The User Mode Client
  42. Debugging
  43. Exercises
  44. Summary

Chapter 11: Miscellaneous Topics

  1. Driver Signing
  2. Driver Verifier
  3. Example Driver Verifier Sessions
  4. Using the Native API
  5. Filter Drivers
  6. Filter Driver Implementation
  7. Attaching Filters
  8. Attaching Filters at Arbitrary Time
  9. Filter Cleanup
  10. More on Hardware-Based Filter Drivers
  11. Device Monitor
  12. Adding a Device to Filter
  13. Removing a Filter Device
  14. Initialization and Unload
  15. Handling Requests
  16. Testing the Driver
  17. Results of Requests
  18. Driver Hooking
  19. Kernel Libraries
  20. Summary

Get the free sample chapters

Click the buttons to get the free sample in PDF or EPUB, or read the sample online here

Download Sample PDFDownload Sample EPUB

The Leanpub 60 Day 100% Happiness Guarantee

Within 60 days of purchase you can get a 100% refund on any Leanpub purchase, in two clicks.

Now, this is technically risky for us, since you'll have the book or course files either way. But we're so confident in our products and services, and in our authors and readers, that we're happy to offer a full money back guarantee for everything we sell.

You can only find out how good something is by trying it, and because of our 100% money back guarantee there's literally no risk to do so!

So, there's no reason not to click the Add to Cart button, is there?

See full terms...

Earn $8 on a $10 Purchase, and $16 on a $20 Purchase

We pay 80% royalties on purchases of $7.99 or more, and 80% royalties minus a 50 cent flat fee on purchases between $0.99 and $7.98. You earn $8 on a $10 sale, and $16 on a $20 sale. So, if we sell 5000 non-refunded copies of your book for $20, you'll earn $80,000.

(Yes, some authors have already earned much more than that on Leanpub.)

In fact, authors have earned over $14 million writing, publishing and selling on Leanpub.

Learn more about writing on Leanpub

Free Updates. DRM Free.

If you buy a Leanpub book, you get free updates for as long as the author updates the book! Many authors use Leanpub to publish their books in-progress, while they are writing them. All readers get free updates, regardless of when they bought the book or how much they paid (including free).

Most Leanpub books are available in PDF (for computers) and EPUB (for phones, tablets and Kindle). The formats that a book includes are shown at the top right corner of this page.

Finally, Leanpub books don't have any DRM copy-protection nonsense, so you can easily read them on any supported device.

Learn more about Leanpub's ebook formats and where to read them

Write and Publish on Leanpub

You can use Leanpub to easily write, publish and sell in-progress and completed ebooks and online courses!

Leanpub is a powerful platform for serious authors, combining a simple, elegant writing and publishing workflow with a store focused on selling in-progress ebooks.

Leanpub is a magical typewriter for authors: just write in plain text, and to publish your ebook, just click a button. (Or, if you are producing your ebook your own way, you can even upload your own PDF and/or EPUB files and then publish with one click!) It really is that easy.

Learn more about writing on Leanpub