Windows Developer Documentation

MSDN Home > Windows > API Reference > Kernel DDI

Kernel DDI (Device Driver Interface)

The Windows Kernel DDI provides a comprehensive set of functions, structures, and constants that you can use to develop kernel-mode drivers and other kernel components for Windows operating systems. These interfaces allow your code to interact directly with the Windows operating system kernel, providing low-level access to hardware and system services.

Overview of Kernel DDI

The Kernel DDI is the foundation for writing robust and efficient Windows drivers. It encompasses various subsystems, including:

  • Memory Management
  • Process and Thread Management
  • I/O Manager and Device Drivers
  • Object Manager
  • Plug and Play Manager
  • Power Management
  • Registry Access
  • Synchronization Primitives

Key Kernel DDI Components

Memory Management Functions

These functions are used for allocating and managing memory within the kernel:

  • ExAllocatePoolWithTag: Allocates a block of paged or nonpaged pool memory.
  • ExFreePoolWithTag: Frees a block of pool memory.
  • MmMapLockedPagesSpecifyCache: Maps locked physical pages into system virtual address space.

I/O Manager and Driver Entry Points

These are crucial for device drivers to communicate with the I/O Manager:

NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath);

The entry point for every Windows driver. Initializes the driver object.

NTSTATUS AddDevice(PDRIVER_OBJECT DriverObject, PDEVICE_OBJECT FunctionalDeviceObject);

Called by the PnP manager to attach a device object to the driver's device stack.

VOID Unload(PDRIVER_OBJECT DriverObject);

Called when the driver is unloaded from memory.

Synchronization and Threading

Mechanisms for managing concurrent access to resources and creating threads:

  • KeInitializeSpinLock: Initializes a spin lock.
  • KeAcquireSpinLockAtDpcLevel: Acquires a spin lock at DPC level.
  • KeCreateThread: Creates a kernel thread.

Common Structures

Key structures used in Kernel DDI programming:

  • DRIVER_OBJECT: Represents a loaded driver.
  • DEVICE_OBJECT: Represents a physical or logical device.
  • IRP (I/O Request Packet): The primary mechanism for passing I/O requests to drivers.
  • UNICODE_STRING: Represents a counted Unicode string.
Browse Full Kernel DDI Reference

Important Note

Developing kernel-mode code requires a deep understanding of operating system internals and careful attention to detail. Bugs in kernel mode can lead to system instability and crashes (Blue Screen of Death). Always use the latest Windows Driver Kit (WDK) and follow best practices for driver development.

User-Mode API Reference

Information about the Windows API available to applications running in user mode.

Explore User-Mode APIs

Shell API Reference

APIs related to the Windows Shell, including Explorer, taskbar, and desktop integration.

Explore Shell APIs

Graphics API Reference

APIs for graphics rendering, hardware acceleration, and display management.

Explore Graphics APIs