User-Mode Drivers
User-mode drivers are a fundamental component in modern Windows operating systems, allowing device interaction from the less privileged user space. This approach enhances stability, security, and ease of development compared to traditional kernel-mode drivers.
Introduction to User-Mode Drivers
User-mode drivers execute within the address space of a user-mode process, typically the "WUDFHost.exe" process for UMDF drivers. This isolation prevents a faulty driver from crashing the entire operating system, a common issue with kernel-mode drivers. The Windows Driver Foundation (WDF) provides two frameworks for developing drivers: the Kernel-Mode Driver Framework (KMDF) and the User-Mode Driver Framework (UMDF).
Advantages of User-Mode Drivers
- Increased Stability: Crashes within a user-mode driver process do not bring down the operating system.
- Enhanced Security: User-mode drivers have limited access to system resources, reducing the attack surface.
- Simplified Development: Developers can leverage standard user-mode debugging tools and languages (like C++), and often use familiar Windows APIs.
- Hot-Plug Support: User-mode drivers are well-suited for devices that are frequently connected and disconnected.
- Reduced Driver Signing Requirements: While not always the case, some user-mode drivers may have less stringent signing requirements than kernel-mode drivers.
Key Concepts in UMDF Development
The UMDF Host Process (WUDFHost.exe)
UMDF drivers do not run in their own process. Instead, the system hosts them in a generic process called WUDFHost.exe. Multiple UMDF drivers can be hosted within the same WUDFHost.exe instance, or each driver can be configured to run in its own dedicated host process for maximum isolation.
Driver Objects and Framework Objects
UMDF leverages a rich object model. Your driver interacts with the UMDF framework through a hierarchy of objects. Key objects include:
- Driver: The top-level object representing your driver.
- Device: Represents a physical or logical device.
- Interface: Represents a specific communication protocol or functionality for a device.
- I/O Target: An object used to send I/O requests to another driver or device.
I/O Request Handling
User-mode drivers receive I/O requests from the operating system. The UMDF framework abstracts the complexities of I/O request packets (IRPs) used in kernel mode. Your driver implements callback functions to handle specific I/O operations like read, write, device control (IOCTL), and power management.
Note
UMDF 2.0 is the recommended version for new driver development, offering significant improvements and a unified programming model with KMDF.
Common User-Mode Driver Scenarios
- Human Interface Devices (HID): Custom keyboards, mice, joysticks, etc.
- Smart Cards: Readers and card interaction.
- USB Devices: Many classes of USB devices can be implemented as user-mode drivers.
- Sensors: Accelerometers, gyroscopes, ambient light sensors.
- Printers and Scanners: While often having kernel components, user-mode drivers can handle parts of the functionality.
Getting Started with UMDF Development
To begin developing user-mode drivers, you will need:
- Visual Studio with the "Universal Windows Platform development" and "Desktop development with C++" workloads.
- The Windows Driver Kit (WDK).
- A test machine configured for driver development (often a virtual machine).
// Example of a basic UMDF driver entry point (simplified)
HRESULT
DriverEntry(
_In_ WDFDRIVER Driver,
_In_ PDRIVER_SERVICE_REGISTRATION_PROPERTIES ServiceRegProps
)
{
WDF_OBJECT_ATTRIBUTES attributes;
WDF_OBJECT_ATTRIBUTES_INIT(&attributes);
// Create the device object
return WdfDeviceCreate(...);
}
Tip
Explore the UMDF samples provided in the WDK. They offer practical implementations of various driver functionalities.