Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

trying to understand drivers!!!


  • Please log in to reply
5 replies to this topic

#1 kylejw1990

kylejw1990

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan, United States
  • Local time:07:30 AM

Posted 13 December 2014 - 10:35 AM

for this we will use printer drivers installing off a disk. From what i can tell, registry items are added in one of 2 locations depending on if the driver is in user mode or kernel. Second, the driver software is added to system32/drivers/ folder. 

 

but what else happens for just the install, am i missing something?

 

 

After install finishes, plug in the printer. The OS sees the new connection and queries it for driver data. What data does the OS need to match the driver? just the file name? When the driver is found, it is loaded into memory and used.

 

the driver alone is just a file to parse information/instructions back and forth between the OS and printer.

 

How close am I?

 

--Kyle



BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:30 AM

Posted 15 December 2014 - 01:28 PM

A driver is just a program that teaches the operating system how to interface with a piece of hardware. It need not be necessarily located in System32, that's just a common location where Windows places drivers that ship in the box.

 

The mechanism by which the operating system matches a particular piece of hardware with a particular driver is called Plug'n'play: http://en.wikipedia.org/wiki/Plug_and_play . Typically this is accomplished by assigning each vendor who makes hardware a particular number, and the standards body ensuring that nobody else uses that number, similar to the way MAC addresses are assigned to network interface card vendors.

 

Billy3


Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 kylejw1990

kylejw1990
  • Topic Starter

  • Members
  • 171 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Michigan, United States
  • Local time:07:30 AM

Posted 16 December 2014 - 11:16 AM

are all drivers required to obtain a number from microsoft?

what happens in the case of malware drivers?

Are these numbers on the physical devices themselves? 

 

-  kyle



#4 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:30 AM

Posted 16 December 2014 - 06:53 PM

No. *Devices* must get an ID from the related standards body that owns the interface. For example, the USB interface has the USB-IF. It's not a Microsoft thing; other operating systems use the same device IDs to decide which driver to use.

In the case of malware drivers, the driver is marked to load with no associated device.

The numbers are on the physical devices, and on many devices can be rewritten, has happened with the recent FTDI USB to Serial Conversion Chip mess. (Another article about that: http://zeptobars.ru/en/read/FTDI-FT232RL-real-vs-fake-supereal )

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#5 HellCycle

HellCycle

  • Members
  • 8 posts
  • OFFLINE
  •  
  • Local time:04:30 AM

Posted 21 December 2014 - 03:11 PM

Am I allowed to ask a question here, if it's not related to the topic, but is related to something mentioned IN the topic?

 Billy, It's kind of trivial, but, when I was reading the thread I read the brief Wiki link about USB-IF..and I was wondering how it's considered nonprofit if they charge 5000 per ID?



#6 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:05:30 AM

Posted 21 December 2014 - 05:56 PM

Nonprofit does not mean "never charges money" -- it only means "does not take actions in an attempt to make profits". To my understanding, the money USB-IF makes from vendor IDs is used to fund the standardization process, register the USB registered marks in various countries, and litigate misuses of the USB mark. (If a product has the USB symbol on it but doesn't work with USB devices, that's bad for customers and for the USB-IF)

Many standards bodies operate in this way, such as the DVD Consortium, Wi-Fi Alliance, ICANN/IANA (Internet Corporation for Assigned Names and Numbers/Internet Assigned Numbers Authority, who own DNS and the IP space, respectively), International Organization for Standardization (ISO) standards, etc.

Standards that end up being truly royalty free are usually backed by some major corporation that has some vested interest in seeing that interface brought forward, who eats the standardization cost. For example, Intel did this with NGIO which became PCI-Express.

Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users