Method and system for monitoring and verifying software drivers

US 7,861,121 B2
Filed: 06/30/2006
Issued: 12/28/2010
Est. Priority Date: 11/23/1999
Status: Active Grant

First Claim

Patent Images

1. A method for verifying kernel mode drivers within a computing system, the method comprising:

receiving a request from a kernel mode driver, the request corresponding to a communication directed from the driver to a kernel component of an operating system;

determining that the kernel mode driver is to be monitored;

re-vectoring the request to a driver verifier;

the driver verifier validating one or more call parameters of the request wherein one or more rules are maintained and each of the one or more call parameters are tested against the one or more rules;

upon finding an invalid parameter, the driver verifier issuing a bug check;

determining whether the driver is to be tested for random failures;

upon determining the driver is to be tested for random failures, the driver verifier introducing a failure to the request; and

the driver verifier testing the kernel mode driver for one or more possible errors by conducting at least one pre-established kernel mode driver test.

View all claims

3 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and system for verifying computer system drivers such as kernel mode drivers. A driver verifier sets up tests for specified drivers and monitors the driver'"'"'s behavior for selected violations that cause system crashes. In one test, the driver verifier allocates a driver'"'"'s memory pool allocations from a special pool bounded by inaccessible memory space to test for the driver'"'"'s accessing memory outside of the allocation. The driver verifier also marks the space as inaccessible when it is deallocated, detecting a driver that accesses deallocated space. The driver verifier may also provide extreme memory pressure on a specific driver, or randomly fail requests for pool memory. The driver verifier also checks call parameters for violations, performs checks to ensure a driver cleans up timers when deallocating memory and cleans up memory and other resources when unloaded. An I/O verifier is also described for verifying drivers use of I/O request packets.

120 Citations

View as Search Results

19 Claims

1. A method for verifying kernel mode drivers within a computing system, the method comprising:
- receiving a request from a kernel mode driver, the request corresponding to a communication directed from the driver to a kernel component of an operating system;
  
  determining that the kernel mode driver is to be monitored;
  
  re-vectoring the request to a driver verifier;
  
  the driver verifier validating one or more call parameters of the request wherein one or more rules are maintained and each of the one or more call parameters are tested against the one or more rules;
  
  upon finding an invalid parameter, the driver verifier issuing a bug check;
  
  determining whether the driver is to be tested for random failures;
  
  upon determining the driver is to be tested for random failures, the driver verifier introducing a failure to the request; and
  
  the driver verifier testing the kernel mode driver for one or more possible errors by conducting at least one pre-established kernel mode driver test.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
- - 2. The method of claim 1 wherein receiving the request from the kernel mode driver includes receiving a function call from the kernel mode driver.
  - 3. The method of claim 1 wherein determining that the kernel mode driver is to be monitored comprises checking a registry setting.
  - 4. The method of claim 1 wherein the request from the kernel mode driver includes a memory allocation request, and wherein taking action in the driver verifier comprises allocating memory space to the kernel mode driver from a special pool of memory.
  - 5. The method of claim 1 wherein the request from the kernel mode driver includes a memory allocation request, and further comprising allocating memory space, wherein testing the kernel mode drive comprises marking memory adjacent the allocated memory space to detect improper access by the kernel mode driver of the marked memory adjacent the allocated memory space.
  - 6. The method of claim 1 wherein the request from the kernel mode driver includes a memory deallocation request, and further comprising, deallocating memory space in response to the request, wherein testing the kernel mode driver includes marking the deallocated memory space to detect improper access by the kernel mode driver of the deallocated memory space.
  - 7. The method of claim 1 wherein testing the kernel mode drive includes maintaining allocation information in at least one data structure associated with the kernel mode driver, including updating the data structure in response to a memory allocation request made by the kernel mode driver.
  - 8. The method of claim 7 wherein maintaining the allocation information includes updating the data structure in response to a deallocation request made by the kernel mode driver.
  - 9. The method of claim 1 wherein testing the kernel mode drive includes checking for resources allocated to the driver at driver unload.
  - 10. The method of claim 1 wherein testing the kernel mode driver includes simulating a low resource condition.
  - 11. The method of claim 10 wherein simulating the low resource condition includes failing requests for memory pool allocation.
  - 12. The method of claim 10 wherein simulating the low resource condition includes invalidating driver code and data.
  - 13. The method of claim 1 wherein testing the kernel mode driver includes checking for timers in deallocated pooled memory.
  - 14. A computer-readable data storage device having computer-executable instructions encoded thereon, which when executed perform the method of claim 1.
  - 15. The computer-readable data storage device of claim 14 having further computer-executable instructions whereby:
    - the request from the kernel mode driver includes a memory allocation request, and wherein taking action in the driver verifier comprises allocating memory space to the kernel mode driver from a special pool of memory.

16. A system for verifying kernel mode drivers, the system comprising one or more processors and computer memory and further comprising:
- a re-vectoring component that receives a request from a kernel mode driver;
  
  a driver verifier operably coupled to the re-vectoring component to receive the request and conduct at least one test to monitor the kernel mode driver with respect to the request;
  
  wherein the driver verifier validates one or more parameters of the request;
  
  wherein one or more rules are maintained and each of the one or more call parameters are tested against the one or more rules;
  
  wherein the driver verifier determine whether the driver is to be tested for random failures; and
  
  wherein the driver verifier upon determining the driver is to be tested for random failures, introduce a failure to the request.
- View Dependent Claims (17, 18, 19)
- - 17. The system of claim 16 wherein the driver verifier conducts a test for whether the kernel mode driver attempts to access memory space not allocated to the kernel mode driver at the time of the access attempt.
  - 18. The system of claim 16 wherein the at least one test comprises at least one test of a set of possible tests, the set including:
    - a test for whether resources remain associated with the kernel mode driver following kernel mode driver unload, a test that tracks outstanding memory space allocated to the driver;
      
      a test that examines resources allocated to the driver;
      
      or a test for validating call parameters associated with the request;
      
      a test that fails a request from the kernel mode driver for memory pool allocation, a test that invalidates driver code and data, or a test that checks for timers in deallocated pooled memory.
  - 19. The system of claim 16 wherein the driver verifier simulates a low resource condition in response to the kernel mode driver request.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Zhigu Holdings Limited
Original Assignee
Microsoft Corporation
Inventors
Wang, Landy
Primary Examiner(s)
Nguyen; Van H
Assistant Examiner(s)
Anya; Charles E

Application Number

US11/479,268
Publication Number

US 20060248542A1
Time in Patent Office

1,642 Days
Field of Search

703/22, 711/170, 714/25, 714/38, 714/41, 714/47, 714/48, 717/126, 717/127, 717/135, 719/327
US Class Current

714/41
CPC Class Codes

G06F 11/3668 Software testing software t...

Method and system for monitoring and verifying software drivers

First Claim

3 Assignments

0 Petitions

Accused Products

Abstract

120 Citations

19 Claims

Specification

Solutions

Use Cases

Quick Links

Method and system for monitoring and verifying software drivers

First Claim

3 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

120 Citations

19 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links