Method and system for monitoring and verifying software drivers using system resources including memory allocation and access
First Claim
1. In a computer system, a method, comprising:
- receiving a request from a kernel mode driver, wherein the request is a function call in a kernel component of an operating system;
determining that the kernel mode driver is to be monitored, wherein determining that the kernel mode driver is to be monitored includes checking a registry setting;
re-vectoring the request to a kernel mode driver verifier; and
taking action in the kernel mode driver verifier to actively test the kernel mode driver for errors, wherein the kernel mode driver verifier is capable of testing the kernel mode driver by simulating a low resource condition including failing requests for memory pool allocation.
4 Assignments
0 Petitions
Accused Products
Abstract
A method and system for verifying computer system drivers such as kernel mode drivers. A driver verifier sets up tests for specified drivers and monitors the driver'"'"'s behavior for selected violations that cause system crashes. In one test, the driver verifier allocates a driver'"'"'s memory pool allocations from a special pool bounded by inaccessible memory space for testing the driver'"'"'s accessing memory outside of the allocation. The driver verifier also marks the space as inaccessible when it is deallocated, detecting a driver that accesses deallocated space. The driver verifier may also provide extreme memory pressure on a specific driver, or randomly fail requests for pool memory. The driver verifier also checks call parameters for violations, performs checks to ensure a driver cleans up timers when deallocating memory and cleans up memory and other resources when unloaded. An I/O verifier is also described for verifying drivers use of I/O request packets.
-
Citations
35 Claims
-
1. In a computer system, a method, comprising:
-
receiving a request from a kernel mode driver, wherein the request is a function call in a kernel component of an operating system; determining that the kernel mode driver is to be monitored, wherein determining that the kernel mode driver is to be monitored includes checking a registry setting; re-vectoring the request to a kernel mode driver verifier; and taking action in the kernel mode driver verifier to actively test the kernel mode driver for errors, wherein the kernel mode driver verifier is capable of testing the kernel mode driver by simulating a low resource condition including failing requests for memory pool allocation. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A computer-readable medium having computer-executable instructions, comprising instructions for:
-
receiving a request from a kernel mode driver for allocation of memory space; determining that the kernel mode driver is to be monitored, wherein determining that the kernel mode driver is to be monitored includes checking a registry setting; determining a location of memory space to allocate; re-vectoring the request to a kernel mode driver verifier; in the kernel mode driver verifier, testing the kernel mode driver including marking the memory bounding the memory space to detect improper access of the memory bounding the memory space; allocating the memory space; and monitoring the areas bounding the location for an access violation using the kernel mode driver verifier. - View Dependent Claims (15, 16, 17)
-
-
18. A computer-readable medium having computer-executable instructions, comprising instructions for:
-
receiving a plurality of requests from a kernel mode driver for allocation of various distinct sets of memory; allocating the memory;
determining that the kernel mode driver is to be monitored, wherein determining that the kernel mode driver is to be monitored includes checking a registry setting;tracking the memory allocated to the kernel mode driver on each request; receiving requests for deallocation of at least one of the sets of memory allocated to the kernel mode driver; tracking the memory deallocated in each received deallocation request; determining from the tracking whether memory remains allocated to the kernel mode driver at a time when the driver should have no memory allocated thereto; and generating an error at the time if memory remains allocated.
-
-
19. A system for monitoring, kernel mode drivers, comprising:
-
an operating system component including an interface for receiving requests from kernel mode drivers; a re-vectoring component for examining the requests to determine whether requesting kernel mode drivers are to be monitored, wherein the determining whether the requesting kernel mode drivers are to be monitored is based on a setting in a registry; and a kernel mode driver verifier component operably connected to the re-vectoring component, the driver verifier receiving information from the re-vectoring component for a kernel mode driver that is to be monitored and executing at least one test to monitor the kernel mode driver, wherein in response to a request for memory from the kernel mode driver, the kernel mode driver verifier component allocates memory for the kernel mode driver to use from a pool of memory other than a memory pool normally allocated from when the driver is operating unmonitored. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
-
-
31. In a computer system, a method for verifying a plurality of kernel mode drivers, comprising:
-
selecting one or more tests for verifying functionality of one of the kernel mode drivers; determining that one of the kernel mode driver is to be monitored, wherein determining that the kernel mode driver is to be monitored includes checking a registry setting; modifying a request for system services by re-vectoring the request to include execution of the selected tests to a kernel mode driver verifier, wherein one of the tests includes restricting access to a resource, such that an attempted access to the resource causes an access violation; executing the modified request; and generating errors for any test failures. - View Dependent Claims (32, 33, 34)
-
-
35. A computer-readable medium having computer-executable instructions, comprising instructions for verifying kernel mode drivers:
-
selecting one or more tests for verifying functionality of one of the kernel mode drivers; determining that the kernel mode driver is to be monitored, wherein determining that the kernel mode driver is to be monitored includes checking a registry setting; modifying a request for system services by re-vectoring the request to include execution of the selected tests to a kernel mode driver verifier, wherein one of the tests includes restricting access to a resource, such that an attempted access to the resource causes an access violation; executing the modified request; and generating errors for any test failures.
-
Specification