Debugging Print And Imaging Drivers
Outline
Print driver team philosophy on driver quality
There are tools to detect violations
Wrongful development assumptions
Types of source code problems
Basic debugging tips
Debugging and fixing the major types of
problems - demo
Driver Quality
Driver robustness is goal #1
No unhandled exceptions of any kind
No handled C-exceptions (SEH)
No resource corruptions
No resource leaks
Best Practices for Developing Driver Code
Three attack vectors for having more robust and
generally better driver code:
Static analysis tools (PREfast)
Extended runtime checks during testing
Microsoft test tools
The Role of Microsoft Test Tools
Aligned with robustness requirements in
Windows ‘Longhorn’ Logo program
Designed to assist vendors in meeting Logo
program criteria
System Debug Aids
There are powerful ways to detect violations
Application Verifier
Heap problems
Handle problems
First chance exceptions
Loader lock issues
Spooler built-in support for identifying crashing
drivers
Most Common WRONG Development
Assumptions
Overactive exception handling:
“it’s safe to __try/__except(1)”
“it’s safe to try/catch(…)”
Most Common WRONG Development
Assumptions (con’t)
“It’s not a big deal to touch freed resources
(memory, handles, etc.)”
“It’s not a big deal to read/write few bytes past the
length of a buffer – the odds the next page to be
unreadable are too small”
“It’s OK to use IsBadReadPtr/IsBadWritePtr APIs”
Most Common WRONG Development
Assumptions (con’t)
“It’s OK to skip checking the return values of
resource allocation functions (malloc, new,
CreateEvent, etc.)”
“It’s OK to popup UI directly from within spooler
process”
Types of Source Code Problems
Heap corruptions: 70% contributor to print-related
Microsoft Product Support calls
Buffer overruns
Use-after-free
Double free
Uninitialized variables
Handle corruptions
Use-after-free, double free
Resource leaks
DEVMODE Issues
General design issues
Opaque binary format
DEVMODE always comes from not trusted source
Drivers can be susceptible to DEVMODE contents
DEVMODE Issues (con’t)
DEVMODE issue types
Buffer sizes
Non zero-terminated strings
File names
Index values or loop counters
Not portable (64-bit ready) data structures
DevmodeCorruptor test tool for catching such
problems
Setup
Choosing a user mode debugger
Symbols setup
Checks for correct symbols
Test Debug wizard
Gflags.exe tool
Application Verifier options
Basic Tips
Use Microsoft debugger package
Get familiar with debugger.chm
kb command lists the stack trace of the break
lmvl m MyDriver dumps all the driver file
information
.lines toggles showing source code lines
.frame <number> lets you navigate stack frames
dv /V lets you examine local variables for each
frame
.cxr <address> lets you switch processor
contexts
Basic Tips (con’t)
!analyze –v displays general information about
the debug break
!heap is a invaluable debugger extension
!heap –p –a <address> is great for identifying
heap corruptions
!htrace is great for OS handle corruptions/misuse
If exception takes place “near” address 0x0, it’s
probably a null pointer dereferencing
If on x86 an access violation takes place above
the user mode accessible memory (usually
0x80000000), it’s very probably uninitialized
variable problem
Tips for Stack Overruns
dps @ ebp is often useful for manually
reconstructing the stack, especially useful for
debugging stack overruns
If possible, always cross-check your conclusions
Search the stack for patterns like:
0:000> dps @ ebp l6
0007e114 0007e14c
<--------- something “near” EBP, but slightly
bigger
0007e118 77f2f8c6 GDI32!bCreateDCW+0xb6 <------- a return address
in code
0007e11c 0007e138
0007e120 00000000
Call to Action
Make sure you use Microsoft print driver test tools
Familiarize yourself with the debugging basics
Use the latest debugger and debug engines
Enrich your arsenal of debugging techniques
Explore debugging 64-bit processes
Additional Resources
Web resources
Latest debugging tools can be found at
http://www.microsoft.com/whdc/devtools/debugging/default.mspx
Latest available symbols can be downloaded from
http://www.microsoft.com/whdc/devtools/debugging/symbolpkg.ms
px
Windows DDK can be found at
http://www.microsoft.com/whdc/devtools/ddk/default.mspx
WS-Devices Profile
http://msdn.microsoft.com/webservices/understanding/specs/defau
lt.aspx?pull=/library/en-us/dnglobspec/html/devprof.asp
WHDC Printing home page:
http://www.microsoft.com/whdc/device/print/default.mspx
WHDC Still Imaging / WIA home page:
http://www.microsoft.com/whdc/device/stillimage/default.mspx
Additional Resources
E-mail
For developer print questions: prninfo @ microsoft.com
For developer scan questions: wiainfo @ microsoft.com
For developer color questions: mscolor @ microsoft.com
Community Sites
http://www.microsoft.com/communities/default.mspx
MSDN Developer Community Chats:
Windows Printer Driver Development
http://msdn.microsoft.com/chats/transcripts/windows/
windows_092104.aspx
Windows Drivers: Printer Drivers
http://msdn.microsoft.com/chats/windows/windows_101602.asp
Windows Drivers Printing and Networking
http://msdn.microsoft.com/chats/windows/windows_022002.asp
© 2005 Microsoft Corporation. All rights reserved.
This presentation is for informational purposes only. Microsoft makes no warranties, express or implied, in this summary.