Windows Biometric Driver

[rainit2006]

https://www.cnblogs.com/liaoguifa/p/9049859.html

Create client applications https://github.com/MicrosoftDocs/win32/blob/docs/desktop-src/SecBioMet/creating-client-applications.md

Driver INF Validation Errors and Warnings https://learn.microsoft.com/en-us/windows-hardware/drivers/devtest/inf-validation-errors-and-warnings

[rainit2006]

Install WDK on Win10 (VS2022)

https://learn.microsoft.com/ja-jp/windows-hardware/drivers/download-the-wdk

1. Install VS2022
2. Windows 11 バージョン 22H2 SDK をインストールする (yes, even though it is win10)
3. Windows 11 バージョン 22H2 WDK をインストールする

Error MSB8040: Spectre-mitigated libraries are required for this project. Install them from the Visual Studio installer (Individual components tab) for any toolsets and architectures being used. Learn more: https://aka.ms/Ofhn4c
--> https://learn.microsoft.com/ja-jp/visualstudio/msbuild/errors/msb8040?view=vs-2022 In the Visual Studio Installer, choose Modify and then choose Individual Components, search for "Spectre (latest)," -->包括 ATL, MFC 都安装上

[rainit2006]

本机调试驱动程序

https://paper.seebug.org/2063/ 在运行测试前，我们需要在本机(即开发主机)上打开测试模式(重启生效)，使得操作系统可以加载我们编译的驱动程序，使用管理员权限打开 powershell：

# 打开测试模式
bcdedit /set testsigning on

重启主机后，使用管理员权限打开 powershell，通过 sc.exe 命令为驱动程序创建服务(命令详解请参考：https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/sc-create)：

# 创建服务名为 test，类型为 kernel，启动方式为 demand 的服务，并指定驱动程序路径
# (注意参数等号后必须有一个空格)
sc.exe create test type= kernel start= demand binPath= C:\Users\john\Desktop\workspace\kmdf_test\x64\Debug\kmdf_test\kmdf_test.sys

# 使用 queryex 查看创建的服务信息
sc.exe queryex test

随后便可以使用 sc.exe 命令启动驱动程序运行，并使用 DebugView 查看调试输出(需要勾选 Capture Kernel 和 Enable Verbose Kernel Output 才能看到输出)：

# 启动运行驱动程序
sc.exe start test
# 停止运行驱动程序
sc.exe stop test

DebugView

https://learn.microsoft.com/en-us/sysinternals/downloads/debugview

[rainit2006]

WDF， WDM

Microsoft社ではドライバ開発においてWDFの使用が推奨されています。 WDFの主な構成として、カーネルモードで動作するドライバ用のKernel Mode Driver Framework (KMDF)、ユーザーモードで動作するドライバ用のUser Mode Driver Framework (UMDF) 、それらをサポートする開発ツールから構成されます。

WDFは、WDMの問題点を改善するために作られた、WDMのインターフェースのラッパーフレームワークです。

WDMは、もともと2つあったWindowsの系譜であるWindows 9x系とWindows NT系のドライバ開発を一元化するために作られたデバイスドライバの開発モデルです。それぞれ、Windows 98とWindows 2000で導入されました。

User mode and kernel mode

• User mode: -- Because an application's virtual address space is private, one application can't alter data that belongs to another application. Each application runs in isolation

• Kernal mode:

• • All code that runs in kernel mode shares a single [virtual address space]

Virtual address spaces:

-- When a processor reads or writes to a memory location, it uses a virtual address.

Each user-mode process has its own private virtual address space, but all code that runs in kernel mode shares a single virtual address space called system space. The virtual address space for a user-mode process is called user space.

driver:

-- A driver is a software component that lets the operating system and a device communicate with each other.

a Universal Windows driver

-- A Universal Windows Driver is a single driver package that runs on all versions of Windows 10.

inf 和 sys 文件

• inf文件 inf文件是安装设备驱动程序时必须使用的文件，其扩展名为 .inf，驱动程序安装后保存在windows/inf目录中。 系统使用一个扩展名为INF的文本文件来控制与安装驱动程序相关的大部分活动。INF文件应该由驱动程序开发人员随驱动程序一起提供。通过INF文件可以告诉操作系统哪一个文件需要复制到用户硬盘上，应该增加或修改哪一个注册表项，如此等等。 inf中提供产品设备的产品id，以及对应的sys文件名，驱动class名,class guid,。

• sys文件 sys文件是驱动程序的可执行代码，其扩展名为.sys。sys文件用于存储设备驱动程序和其他核心的Windows功能。 驱动程序安装后保存在C:\Windows\System32\drivers目录中。 对于PnP设备，在设备插入后，sys文件会被windows装载到内存中，系统线程，调用sys中的函数来和设备进行通信。

Driver的基本構造

• 全てのデバイスドライバは、[DriverEntry]という固定の名前の関数をもっており、ロード時に呼び出されます。
• DriverEntry：通常、引数で渡される[DriverObject]というデータ構造の中でドライバ内のコールバック関数を登録するなどの初期化処理を行います。
• DbgPrint関数：メッセージを出力

Install步骤：

https://proc-cpuinfo.fixstars.com/2017/06/windows-device-driver-1/ Windows標準のSCというコマンドを用いて行います。 SCコマンドは、カーネルモードドライバ用というわけではなく、一般にはユーザモードの常駐プロセス(サービス)の制御に用いられます。

インストールに必要な作業は以下の二つです。

1. 生成した.SYSファイルを\Windows\system32\driversの下にコピーする。
2. SCコマンドを用いてデバイスドライバの情報を登録する。 sc create sample1 binPath= system32\drivers\sample1.sys type= kernel

Driver的启动和停止

ドライバを起動： sc start sample1

DriverEntryの中で出力したメッセージは、カーネルデバッグを使用する際はデバッガの画面に表示されますが、ここではDebugViewというツールを用いて確認しました。

動作中のドライバの停止： sc stop sample1

[rainit2006]

Debug error Inf2Cat, signability test failed错误解决办法: Inf2Cat项目里设置为当地时间即可 https://blog.csdn.net/weixin_40468982/article/details/115059842

[rainit2006]

Driver的Debug测试环境的设定

在测试PC上执行 （shift+restart进入修复画面然后进入bois画面，将Secure boot设为disable） bcdedit /debug on bcdedit /bootdebug on bcdedit /set testsigning on 然后重启PC

安装时的log文件

在驱动的安装过程中，系统会自动记录安装的日志，在INF目录（路径一般在 C:\Windows\inf下）下可以找到两个日志文件 setupapi.app.log 和 Setupapi.dev.log ，查看这两个日志文件有利于理解驱动安装的执行过程，同时也有利于排查驱动安装过程中出现的异常。

[rainit2006]

WinDbg

• 用WinDbg调试notepad程序 https://learn.microsoft.com/zh-cn/windows-hardware/drivers/debugger/getting-started-with-windbg
• WinDbg调试windows driver程序 https://learn.microsoft.com/zh-cn/windows-hardware/drivers/debugger/debug-universal-drivers---step-by-step-lab--echo-kernel-mode-

DebugView

https://stackoverflow.com/questions/63256262/debugview-doesnt-capture-kdprint-output KdPrint(("Driver initialized.\n")); // 只在debug编译时才会显示，release编译时不显示。 KdPrintEx((ComponentId, Level, Format, フォーマットのための可変長引数));

• ComponentId には、どこで発生したログかを表す値を入れますが、[サードパーティー]のドライバーの場合は「DPFLTR_IHVDRIVER_ID」を指定しておくのが無難そうです。
• level可以选择： DPFLTR_ERROR_LEVEL DPFLTR_WARNING_LEVEL DPFLTR_TRACE_LEVEL DPFLTR_INFO_LEVEL

在DebugView使用时注意： https://azyobuzin.hatenablog.com/entry/2018/08/09/025519

1. レジストリに HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\Debug Print Filter キーを（なければ）作成します。
2. ログの ComponentId に対応する DWORD 値を作成します。例えば DPFLTR_IHVDRIVER_ID なら「IHVDRIVER」という名前にします。
3. その値を、表示させたいレベルのビットマスクにします。例えば、 INFO だけを表示（実際には値が 0 である ERROR も表示される）したいならば、 1 << DPFLTR_INFO_LEVEL(3) = 0x8 を値とします。 ERROR から INFO まですべてを表示させる場合は、すべてのビットを立てるので 0xF にします。（この範囲外の Level を指定した場合はまた話が変わってくるけれど割愛）
4. 準備ができたら、管理者権限で DebugView を起動し、 Capture Kernel を有効にするとログが見れるようになります

TraceView：可以查看driver程序里的TraceEvents信息。

• 方法：、
  1. 启动TraceView工具（%ProgramFile(x86)%Windows Kits\10\Tools\10.0.22621.0\x64),
  2. File-> Create New Log Session
  3. 加载driver程序的pdb文件 (\biometrics\driver\x64\Debug)
  4. 利用devcon.exe (%ProgramFile(x86)%Windows Kits\10\Tools\10.0.22621.0\x64) 安装driver文件: devcon.exe install "WudfBioUsbSample.inf" "USB\VID......"
  5. You can see message were displayed on TraceView

Tool: create a GUID

To create a GUID, use the Create GUID tool in Microsoft Visual Studio or Guidgen.exe, both of which are included in the Microsoft Windows Software Development Kit (SDK). https://learn.microsoft.com/en-us/windows-hardware/drivers/gettingstarted/from-sample-code-to-production-driver

WPP Software Tracing

Windows software trace preprocessor (WPP) A trace provider can be one of the following:

• A kernel-mode driver.
  • A user-mode driver, application, or dynamic-link library (DLL).

  • For kernel-mode drivers, use the Event Tracing for Windows (ETW) API. For user-mode drivers or applications, use the Event Tracing (Windows Desktop) API.

If you use one of the Visual Studio templates provided in the WDK for creating a WDF driver, much of the work is done for you.

• Define a control GUID that uniquely identifies the driver or application as a trace provider. The provider specifies this GUID in its definition of the WPP_CONTROL_GUIDS macro and in a related control file used by Tracelog or another Trace Controller.
• Add the required WPP-related C preprocessor directives and WPP macro calls to the provider's source files, as described in Adding WPP Software Tracing to a Windows Driver and in WPP Software Tracing Reference.
• Modify the Visual Studio project to run the WPP preprocessor and build the driver, as described in Step 6 of Adding WPP Software Tracing to a Windows Driver. You can refer to the WPP Preprocessor for more build time options.
• Install the driver or component. Start a trace session and record the trace messages. Use the tools for software tracing, such as TraceView, Tracelog, Tracefmt, and Tracepdb to configure, start, and stop tracing sessions and to display and filter trace messages. These tools are included in the Windows Driver Kit (WDK).

[rainit2006]

Reference： https://stackoverflow.com/questions/54758289/windows-biometric-framework-sample-umdf-driver-this-device-cannot-start-code

Win11 iso download: https://www.microsoft.com/software-download/windows11

Oracle VirtualBoxでドラッグ&ドロップができない原因と対処方法 https://aresei-note.com/8035

[rainit2006]

Echo driver

Driver event and their callback functions

• DRIVER_INITIALIZE DriverEntry; -- DriverEntry is the first routine called after a driver is loaded, and is responsible for initializing the driver.
• EVT_WDF_DRIVER_DEVICE_ADD EchoEvtDeviceAdd; -- The driver must place the callback function's address in its WDF_DRIVER_CONFIG structure before calling WdfDriverCreate.

Device events

• EVT_WDF_DEVICE_SELF_MANAGED_IO_INIT EchoEvtDeviceSelfManagedIoStart; -- event callback function initializes and starts the device's self-managed I/O operations.
• EVT_WDF_DEVICE_SELF_MANAGED_IO_SUSPEND EchoEvtDeviceSelfManagedIoSuspend;
• WdfDeviceInitSetPnpPowerEventCallbacks -- The WdfDeviceInitSetPnpPowerEventCallbacks method registers a driver's Plug and Play and power management event callback functions.

IoQueue event

• EVT_WDF_REQUEST_CANCEL EchoEvtRequestCancel;

• EVT_WDF_IO_QUEUE_IO_READ EchoEvtIoRead;

• EVT_WDF_IO_QUEUE_IO_WRITE EchoEvtIoWrite;
  ----《---在test app直接调用!WriteFile ( hDevice, WriteBuffer, TestLength, &bytesReturned, NULL) 函数来对device进行write操作。 数据被写在WDFMEMORY里。

• EVT_WDF_TIMER EchoEvtTimerFunc;

• WdfIoQueueCreate：
  -- creates and configures an I/O queue for a specified device.

• WdfIoQueueStart： -- enables an I/O queue to start receiving and delivering new I/O requests.

• WdfDeviceGetDefaultQueue -- returns a handle to a device's default I/O queue.

umdf2_fx2 (UMDF2)

driver

test.exe

GetDevicePath： --》 CM_Get_Device_Interface_List_Size (retrieves the buffer size that must be passed to the CM_Get_Device_Interface_List function.) -->cr = CM_Get_Device_Interface_List( InterfaceGuid, // (LPGUID) &GUID_DEVINTERFACE_OSRUSBFX2, NULL, deviceInterfaceList, deviceInterfaceListLength, CM_GET_DEVICE_INTERFACE_LIST_PRESENT);

PlayWithDevice(): ---> !DeviceIoControl(deviceHandle, IOCTL_OSRUSBFX2_SET_BAR_GRAPH_DISPLAY, &barGraphState, // Ptr to InBuffer sizeof(BAR_GRAPH_STATE), // Length of InBuffer NULL, // Ptr to OutBuffer 0, // Length of OutBuffer &index, // BytesReturned 0)) { // Ptr to Overlapped structure

[rainit2006]

Verify user identity

Synchronous verification The following code example:

• Calls WinBioOpenSession to open a biometric session and connect to the system pool.
• Calls WinBioVerify to determine whether a biometric sample matches the logged on identity of the current user.

[rainit2006]

• CredUIPromptForWindowsCredentials function: To creates and displays a configurable dialog box that allows users to supply credential information by using any credential provider installed on the local computer. This function does not save credentials. Applications that use SSPI to authenticate users should not call this function. Instead, call SspiPromptForCredentials.

• WinBioVerify Captures a biometric sample and determines whether the sample corresponds to the specified user identity. Starting with Windows 10, build 1607, this function is available to use with a mobile image.

• CredPackAuthenticationBufferW converts a string user name and password into an authentication buffer. This buffer can be passed to LsaLogonUser, AcquireCredentialsHandle, or other identity provider interfaces.

• WinBioSetCredential Saves a biometric logon credential for the current user.

[rainit2006]

https://social.msdn.microsoft.com/Forums/netframework/en-US/6d38d0d1-45f4-4c40-b036-71963156d259/how-to-verify-finger-in-wbf-driver?forum=wdk It sounds like you have what WBF refers to as an "Advanced" sensor. This means the sensor hardware has some combination of matching and storage capabilities built into the device.

To support an advanced sensor, you'll need to

For an advanced sensor, your driver only needs to do two things:

Expose a device interface whose ID is GUID_DEVINTERFACE_BIOMETRIC_READER
Support the IOCTL_BIOMETRIC_GET_ATTRIBUTES IOCTL on that interface.

It's up to you to define any other command codes you might need to send to the device.

In addition, you'll need to write a sensor, engine, and storage adapter to plug your sensor into the WBF. The basic idea is that the upper edge of each adapter exposes an interface with very specific (WBF-defined) behaviors. The lower edge of the adapter will talk to your sensor driver. For an advanced sensor, as long as the upper edge behaves properly, WBF doesn't care too much about how you implement things down below. The thing to be aware of is that, because WBF has no understanding of your device's behavior, you're going to have to write more code to support the sensor in Windows.

In terms of data movement, it's not necessary to send any biometric samples up the stack to WBF. If your advanced sensor can handle template creation, matching, and storage entirely onboard, then the WBF never needs to see the actual biometric samples or templates. WBF is designed so that advanced sensors can simply report the results of an operation (e.g., "that fingerprint belongs to user X").

Take a look at the MSDN documentation for writing WinBio plugins. It gives most of the details you need.

[rainit2006]

device interface classes

https://learn.microsoft.com/en-us/windows-hardware/drivers/install/overview-of-device-interface-classes Any driver of a physical, logical, or virtual device to which user-mode code can direct I/O requests must supply a name for its user-mode clients. Using the name, a user-mode application (or other system component) identifies the device from which it is requesting I/O.

Starting with Windows 2000, drivers do not name device objects. Instead, they make use of device interfaces which are grouped by device interface classes.

Each device interface class is associated with a GUID. The system defines GUIDs for common device interface classes in device-specific header files. Vendors can create additional device interface classes.

CM_Get_Device_Interface_List

The CM_Get_Device_Interface_List function retrieves a list of device interface instances that belong to a specified device interface class.

[rainit2006]

Ntddk.h contains core Windows kernel definitions for all drivers, while Wdf.h contains definitions for drivers based on the Windows Driver Framework (WDF).

If you can't add Ntddk.h, open Configuration -> C/C++ -> General -> Additional Include Directories and add C:\Program Files (x86)\Windows Kits\10\Include\<build#>\km, replacing <build#> with the appropriate directory in your WDK installation.

[rainit2006]

如何从Windows官网里下载windows的iso文件呢？ https://cloud.tencent.com/developer/news/637322