Discover how to develop a simple file system filter driver. The demo driver will print the names of opening files to debug output. The article requires basic windows driver and C/C++ knowledge. However it may be interesting to the people without windows driver experience.
Latest Device Driver Development Articles
Discover WDF DDIs provided for dynamic enumeration.
Tons of information about DOS registers and their functions.
Windows NT calls system services by using an "int 2e" software interrupt. The "int 2e" instruction uses both an interrupt gate and a code segment descriptor to find the interrupt service routine (KiSystemService) which services the "int 2e" software interrupt. Since the CPU will have to load one interrupt gate and one segment descriptor from memory in order to know what interrupt service routine to call, significant overhead is involved in making an "int 2e" system call. The SYSENTER instruction drastically reduces this overhead.
Learn about the exact mechanism that Windows NT uses when switching to kernel mode to execute a system service. The description is for an x86-compatible CPU running in protected mode. Other platforms supported by Windows NT will have a similar mechanism for switching to kernel mode.
This code and sample are for a RAM disk driver (RAMDisk.sys), an Installer/Property sheet provider (RAMDisk.dll), and an installation file (RAMDisk.inf), which together form an installable RAM disk on Windows 2000 and Windows XP.