Driver Concepts

In order to provide system stability, security, and standardization in an preemptive multitasking environment the Windows operating system restricts direct access to the system hardware resources and the operating system resources by applications and provides access based on assigned scheduling priorities and defined access control model.

Driver types

  1. Device driver

    A device driver is a specialized computer program enables an operating system to interact with a hardware device like processor, RAM, storage media, input/output devices or any software component that observes or participates in the communication between the operating system and a device. For a given I/O request (like reading data from a device), there are often several drivers, layered in a stack, that participate in the request.

  2. Software driver

    A driver that is not associated with a device is called a software driver. Software drivers always run in kernel mode and provide access to the protected operating system resources like system configuration, settings, User Interface objects,  graphics device interface (GDI) objects, and kernel objects.

  3. Export driver

    An export driver is a kernel-mode DLL that provides routines for other drivers to call. Like any standard driver, an export driver contains only routines that resolve to kernel-mode functions. Unlike a standard driver, however, an export driver does not receive IRPs or occupy a place in the driver stack, nor is it considered to be a system service.

  4. File system driver

    A file system stack consists of control device objects CDO) and volume device objects (VDO), together with any filter device objects for file system filter drivers that are attached to it for accessing a file system.

Processor Modes

A processor in a computer running Windows has two different modes:user mode and kernel mode. The processor switches between the two modes depending on what type of code is running on the processor. Applications run in user mode, and core operating system components run in kernel mode. Drivers can be written in either user mode or kernel mode.

  1. User mode drivers

    When you start a user-mode application, Windows creates a process for the application. The process provides the application with a private virtual address space and a private handle table. Because an application's virtual address space is private, one application cannot alter data that belongs to another application. Each application runs in isolation, and if an application crashes, the crash is limited to that one application. Other applications and the operating system are not affected by the crash. In addition to being private, the virtual address space of a user-mode application is limited. A processor running in user mode cannot access virtual addresses that are reserved for the operating system. Limiting the virtual address space of a user-mode application prevents the application from altering, and possibly damaging, critical operating system data. User mode drivers are implemented as dll files and run in the address space of the parent process.

  2. Kernel mode drivers

    All code that runs in kernel mode shares a single virtual address space. This means that a kernel-mode driver is not isolated from other drivers and the operating system itself. If a kernel-mode driver accidentally writes to the wrong virtual address, data that belongs to the operating system or another driver could be compromised. If a kernel-mode driver crashes, the entire operating system crashes. Kernel mode drivers as implemented as sys files and run in the system address space.