Abstract
Device drivers account for a substantial part of the operating system (OS), since they implement the code that interfaces the components connected to a computer system. Unfortunately, in the large majority of cases, hardware vendors do not release their code, making the analysis of failures attributed to device drivers extremely difficult. Although several instrumentation tools exist, most of them are useless to study device drivers as they work at user level. This paper presents Intercept, a tool that profiles Windows Device Drivers (WDD) and logs the driver interactions with the OS core at function level. The tool helps to understand how a WDD works and can provide support for several activities, such as debugging, robustness testing, or reverse engineering. Experiments using Ethernet, Wi-Fi and Bluetooth device drivers show that Intercept is able to record function calls, parameters and return values, with small overheads even when the device driver under test is subject to a heavy workload.
This work was partially supported by the EC through project FP7-257475(MASSIF), by the FCT through the Multiannual program and project PTDC/EIA-EIA/113729/2009(SITAN).
This is a preview of subscription content, log in via an institution to check access.
Access this chapter
Tax calculation will be finalised at checkout
Purchases are for personal use only
Preview
Unable to display preview. Download preview PDF.
References
Hunt, G., Brubacher, D.: Detours: Binary Interception of Win32 Functions. In: Proc. of the Conf. of USENIX Windows NT Symposium (1999)
Skaletsky, A., Devor, T., Chachmon, N., Cohn, R., Hazelwood, K., Vladimirov, V., Bach, M.: Dynamic Program Analysis of Microsoft Windows Applications. In: Proc. of the Int. Symp. on Performance Analysis of Systems & Software (2010)
Chou, A., Yang, J., Chelf, B., Hallem, S., Engler, D.: An Empirical Study of Operating System Errors. In: Proc. of the Symp. on Operating Systems Principles (October 2001)
Mendonça, M., Neves, N.: Robustness testing of the Windows DDK. In: Proc. of the Int. Conf. on Dependable Systems and Networks (June 2007)
Albinet, A., Arlat, J., Fabre, J.-C.: Characterization of the Impact of Faulty Drivers on the Robustness of the Linux Kernel. In: Proc. of the Int. Conf. on Dependable Systems and Networks (June 2004)
DurĂ£es, J., Madeira, H.: Characterization of operating systems behavior in the presence of faulty drivers through software fault emulation. In: Proc. of the Pacific Rim Int. Symp. of Dependable Computing (December 2002)
Johansson, A., Suri, N.: Error Propagation Profiling of Operating Systems. In: Proc. of the Int. Conf. on Dependable Systems and Networks (July 2005)
Microsoft, Microsoft Portable Executable and Common Object File Format Specification (February 2005)
WDK 8.0 (July 2012), http://msdn.microsoft.com/en-US/windows/hardware/hh852362
Song, D., Brumley, D., Yin, H., Caballero, J., Jager, I., Kang, M.G., Liang, Z., Newsome, J., Poosankam, P., Saxena, P.: BitBlaze: A new approach to computer security via binary analysis. In: Sekar, R., Pujari, A.K. (eds.) ICISS 2008. LNCS, vol. 5352, pp. 1–25. Springer, Heidelberg (2008)
Balakrishnan, G., Reps, T., Kidd, N., Lal, A.K., Lim, J., Melski, D., Gruian, R., Yong, S., Chen, C.-H., Teitelbaum, T.: Model checking x86 executables with CodeSurfer/x86 and WPDS++. In: Etessami, K., Rajamani, S.K. (eds.) CAV 2005. LNCS, vol. 3576, pp. 158–163. Springer, Heidelberg (2005)
Henri-Gros, C., Kamsky, A., McPeak, S., Engler, D.: A few billion lines of code later: using static analysis to find bugs in the real world. Communications of the ACMÂ 53(2) (2010)
Bergan, T., Anderson, O., Devietti, J., Ceze, L., Grossman, D.: CoreDet: a compiler and runtime system for deterministic multi-threaded execution. In: Proc of the Int. Conf. on Architectural Support for Programming Languages and Operating Systems (March 2010)
Pasareanu, C., Mehlitz, P., Bushnell, D., Gundy-Burlet, K., Lowry, M., Person, S., Pape, M.: Combining unit-level symbolic execution and system-level concrete execution for testing NASA software. In: Proc. of the Int. Symp. on Software Testing and Analysis (July 2008)
The LLVM Compiler Infrastructure (February 2013), http://llvm.org/
Chipounov, V., Candea, G.: Enabling Sophisticated Analysis of x86 Binaries with RevGen. In: Proc. of the Int. Conf. on Dependable Systems and Networks (June 2011)
Libpcap file format (February 2013), http://wiki.wireshark.org
WireShark (February 2013), http://www.wireshark.org/
Sweex (February 2013), http://www.sweexdirect.co.uk
WinDbg (February 2013), http://msdn.microsoft.com/en-us/windows/hardware/gg463009.aspx
SystemTap (February 2013), http://wiki.eclipse.org/Linux_Tools_Project/Systemtap
Ftrace (February 2013), http://lwn.net/Articles/322666/
Passing, J., Schmitdt, A., Lowis, M., Polze, A.: NTrace: Function Boundary Tracing for Windows on IA-32. In: Proc. of the Working Conf. on Reverse Engineering (October 2009)
Bruening, D., Garnett, T., Amarasinghe, S.: An Infrastructure for Adaptive Dynamic Optimization. In: Proc. of the Int. Symp. on Code Generation and Optimization (March 2003)
Author information
Authors and Affiliations
Editor information
Editors and Affiliations
Rights and permissions
Copyright information
© 2013 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Mendonça, M., Neves, N. (2013). Intercept: Profiling Windows Network Device Drivers. In: Vieira, M., Cunha, J.C. (eds) Dependable Computing. EWDC 2013. Lecture Notes in Computer Science, vol 7869. Springer, Berlin, Heidelberg. https://doi.org/10.1007/978-3-642-38789-0_6
Download citation
DOI: https://doi.org/10.1007/978-3-642-38789-0_6
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-642-38788-3
Online ISBN: 978-3-642-38789-0
eBook Packages: Computer ScienceComputer Science (R0)