In the previous chapter we learned about driver models like WDM, KMDF, and UMDF. Now let's dive into the types of drivers you can build in Windows and how each plays a distinct role in the operating system's device stack.
Whether you are building drivers for hardware, creating security tools, or virtualizing devices, understanding the role and structure of different driver types is essential for success in Windows driver development.
1 Function Drivers
A function driver is the main driver for a device. It provides the operational interface between the OS and the hardware and implements the core functionality required by the device.
Responsibilities:
- Handle I/O requests (read, write, control)
- Manage device initialization and shutdown
- Interact with hardware (if applicable)
Example:
- The main driver for a network card
- A USB device driver that communicates with a USB camera
Tip:
Function drivers are usually written using KMDFor WDM, depending on how low-level the interaction needs to be.
2 Filter Drivers
Filter drivers attach themselves to an existing driver stack to intercept, modify, or monitor requests without replacing the function driver. They are used to extend or restrict behavior.
Types of Filter Drivers:
- Upper Filter Drivers: Sit above the function driver
- Lower Filter Drivers: Sit below the function driver
Responsibilities:
- Modify I/O operations (logging, auditing, security)
- Modify requests (e.g., antivirus scanning, blocking writes)
- Implement policy logic (like encryption/decryption)
Example:
- A file system filer that prevents
.exefiles from being written - A keyboard filter that intercept and modifies keystrokes
Special Case:
File System Filter Drivers (Minifilters) use a specific framework called the Filter Manager and are typically written with FltMgr APIs.
3 Bus Drivers
Bus drivers are responsible for managing a group of child devices that are discovered on a physical or logical bus. They enumerate devices, manage power, and resource allocation, and forward requests down the stack.
Responsibilities:
- Detect connected devices (e.g., USB, PCI)
- Report them to the PnP manager
- Support device hot-plug/hot-remove
Example:
- USB host controller driver
- PCI bus driver that enumerates PCI devices
Note:
Most developers won't write bus drivers unless working on custom or proprietary hardware buses. Windows already provides robust bus drivers for standard protocols.
4 Virtual Drivers
A virtual driver creates a software-only device that behaves like real hardware. These are often used for testing, emulation, or abstraction layers.
Responsibilities:
- Emulate device behavior
- Respond to I/O requests as though it were physical hardware
- Communicate with user-mode applications
Example:
- A virtual COM port driver
- A RAM disk or virtual hard driver
- A test driver for simulating sensor input
Common Use Cases:
- Security research (monitoring systems without real hardware)
- Simulation of proprietary protocols or devices
- Creating dummy interfaces for development/testing
Summary Table
| Driver Type | Purpose | Sits Where | Common Use Case |
|---|---|---|---|
| Function Driver | Implements main device functionality | Middle of stack | NIC, USB device, keyboard |
| Filter Driver | Extends/modifies function driver | Above/Below | Logging, encryption, security |
| Bus Driver | Manages enumeration of child devices | Bottom of stack | PCI controller, USB host |
| Virtual Driver | Emulates hardware in software | Flexible | RAM disk, test sensor, virtual device |
Leave a comment
Your email address will not be published. Required fields are marked *