Future Directions For The Future Directions For The Windows CE Device Windows CE Device Driver ArchitectureDriver Architecture

Juggs RavaliaJuggs RavaliaProgram ManagerProgram ManagerWindows Devices Core OSWindows Devices Core OSMicrosoft CorporationMicrosoft Corporation

AgendaAgenda

The Windows CE 6.0 Beta Driver ArchitectureThe Windows CE 6.0 Beta Driver Architecture

Windows CE User Mode Driver FrameworkWindows CE User Mode Driver Framework

Desktop versus Windows CE Desktop versus Windows CE Drivers ComparisonDrivers Comparison

Porting Drivers from Porting Drivers from ←← Windows CE 5.0 Windows CE 5.0New Kernel Memory ModelNew Kernel Memory Model

Porting AspectsPorting Aspects

PQD/Secure CopingPQD/Secure Coping

Quick Reference GuideQuick Reference Guide

Porting Code SnippetPorting Code Snippet

Drivers ArchitectureDrivers Architecture

Drivers will be split into kernel mode and user modeDrivers will be split into kernel mode and user modeKernel ModeKernel Mode

Performance criticalPerformance critical

Fully trusted with full access to kernel memoryFully trusted with full access to kernel memory

User ModeUser ModeLess critical and lower privilegeLess critical and lower privilege

Still need to be trustedStill need to be trusted

OEM can choose where to load its driver OEM can choose where to load its driver (in kernel or in user mode)(in kernel or in user mode)

Drivers that access k-mode address directly need to be in kernelDrivers that access k-mode address directly need to be in kernel

Except for some block drivers used by FS and NDIS based Except for some block drivers used by FS and NDIS based Networking driversNetworking drivers

The overall structure of the drivers remain the sameThe overall structure of the drivers remain the sameMain changes are in how the drivers access client memoryMain changes are in how the drivers access client memory

Kernel Mode DriversKernel Mode Drivers

Will be loaded in the kernel space by Will be loaded in the kernel space by device.dll/gwes.dlldevice.dll/gwes.dll

Will have full access to the kernel’s data Will have full access to the kernel’s data structures and memorystructures and memory

APIs do not change, will use the same APIs do not change, will use the same APIs as user mode driversAPIs as user mode drivers

Link to a kernel version of coredll.dll Link to a kernel version of coredll.dll called kcoredll.dllcalled kcoredll.dll

Thin layer for API compatibilityThin layer for API compatibility

Directly links the services together without Directly links the services together without thunk layerthunk layer

Device Driver ArchitectureDevice Driver ArchitectureStream Interface Device Driver ModelStream Interface Device Driver Model

Monolithic Stream

Interface Driver

Stream Interface

Stream Interface

NDIS Wrapper

Device Manager

Stream Interface (DDI)

MDD

Card&Socket Services Device Driver

Service Provider Interface

(DDSI)

Layered Driver

NDIS

Card and Socket

Services

NDIS Wrapper

NDIS Miniport

PDD

Device Driver ArchitectureDevice Driver ArchitectureNative Device Driver ModelNative Device Driver Model

Monolithic Native Driver

Device Driver Interface (DDI)

The DDI Interface of Native Drivers is defined by Microsoftfor each device class

Graphics, Windowing, and Events Subsystem (GWES)

MDD

Device Driver Service Provider

Interface (DDSI)

Layered Native Driver

PDD

Device Driver Interface (DDI)

User Mode DriversUser Mode Drivers

Also managed by Device ManagerAlso managed by Device Manager

Hosted in udevice.exeHosted in udevice.exe

Mostly the same APIs as Kernel Mode Mostly the same APIs as Kernel Mode

UM Drivers lose Kernel privilegesUM Drivers lose Kernel privilegesNo access to kernel structures or memoryNo access to kernel structures or memory

Cannot call certain kernel only APIs like VirtualCopyExCannot call certain kernel only APIs like VirtualCopyEx

Kernel will marshal first level parameters Kernel will marshal first level parameters during system callsduring system calls

Must be trusted – signedMust be trusted – signed

ExamplesExamplesExpansion buses like USB and SDIOExpansion buses like USB and SDIO

Improved stabilityImproved stabilityUser-Mode Drivers are isolated from other User-Mode Drivers are isolated from other driversdrivers

Kernel is isolated from user-mode driversKernel is isolated from user-mode drivers

Increased securityIncreased securityCompromised driver does not crash the systemCompromised driver does not crash the system

Lower privileges restrain a compromised driverLower privileges restrain a compromised driver

RecoverabilityRecoverabilitySystem can recover after a driver crash – System can recover after a driver crash – no “blue-screens” (Device-Hangs in CE)no “blue-screens” (Device-Hangs in CE)

The driver can be restarted without rebootingThe driver can be restarted without rebooting

CorrectCorrect PrivilegesPrivileges

IncreasedIncreasedSecuritySecurity

Why Use UMDF?Why Use UMDF?

Driver IsolationDriver Isolation

ImprovedImprovedStabilityStability

RecoverabilityRecoverability

No “Blue-Screens”No “Blue-Screens”

User Mode Driver LoadingUser Mode Driver Loading

1

Provided by:

Microsoft

IHV

User Application

User Mode Driver Host Process

udevice.exe User Mode DriverUser Mode Driver

Parent Bus Driver

Reflector ServiceDevice Manager

1

2

3 9

8

10

User Mode

Kernel Mode

ActivateDevice(Ex)

CreateProcess(,,Volume Name)

4

5

6

7

XXX_Init(…)

9

Device Context

10

HANDLE Returned

HANDLE Returned

XXX_Init forwarded to UM Driver Host

Registry For User Mode DriverRegistry For User Mode Driver

User Mode Driver Host process is launched and User Mode Driver Host process is launched and managed by certain registry settingsmanaged by certain registry settings

Example of the registry keys for Group ID 2Example of the registry keys for Group ID 2

[HKEY_LOCAL_MACHINE\Drivers\ProcGroup_0002] "ProcName” = "udevice.exe“; Dummy for Service.exe now "ProcVolPrefix” = "$services“ "Privilege” = dword:xxxxxx ; Processor Privilege Bit Setting

[HKEY_LOCAL_MACHINE\Drivers\BuiltIn\Serial] "SysIntr” = dword:13 "IoBase” = dword:02F8 "IoLen” = dword:8 "Flags” = dword:10 (DEVFLAGS_LOAD_AS_USERPROC - 0x10)"Flags” = dword:10 (DEVFLAGS_LOAD_AS_USERPROC - 0x10) "ProcGroup” = dword:2"ProcGroup” = dword:2 "IsrDll” = “isr16550.dll" "IsrHandler“ = "ISRHandler"

Reflector ServiceReflector Service

Nucleus of UMDF Nucleus of UMDF

One Reflector Object for each UM DriverOne Reflector Object for each UM Driver

Launches and manages UMD Host processLaunches and manages UMD Host process

Forwards device request to UM Driver housed in Forwards device request to UM Driver housed in the UM Driver Hostthe UM Driver Host

Maps first level pointers from caller to UM Driver Maps first level pointers from caller to UM Driver process spaceprocess space

Serves UMDs on kernel-privilege actionsServes UMDs on kernel-privilege actions

Hero that makes UMDs act as KMDs from the Hero that makes UMDs act as KMDs from the User Application’s perspectiveUser Application’s perspective

User Mode Driver User Mode Driver Host FrameworkHost Framework

Supports Multiple UMD Host ProcessesSupports Multiple UMD Host Processes

One UMD Host can supports Multiple UMDsOne UMD Host can supports Multiple UMDs

UMD Host can be extended for special need UMD Host can be extended for special need like Services.exelike Services.exe

The Privileges of a UMD are determined by the The Privileges of a UMD are determined by the UMD Host ProcessUMD Host Process

UMD Host mounts a Volume Service API, used UMD Host mounts a Volume Service API, used by the Kernel Reflector for communicationby the Kernel Reflector for communication

Parses the Reflectors’ requests and performs the Parses the Reflectors’ requests and performs the required actionrequired action

User Mode Driver I/O Data FlowUser Mode Driver I/O Data Flow

1

User Application User Mode Driver Host Process

User Mode DriverUser Mode Driver

Reflector Service

Device Manager

2

3 6User Mode

Kernel Mode

DeviceIOControl( HANDLE, dwIOCTL, plnPtr, dwlnLen, NULL, 0, NULL, NULL)

DM_DevDeviceIOControl(…) Entry Hit

Reflector_Control( dwContext, dwIOCTR, pInPtr, dwInLen, …)

VirtualAllocCopyEx(GetCallerProcess(), hUMHost,pInPtr,dwInLen,PAGE_READWRITE)

Packages FNIOCTL_PARAM Struct

CeFsIoControl(userProcVolume, IOCTL_USERDRIVER_IOCTL,ptrFnIoCtlParam sizeof(FNIOCTL_PARAM), …);

Entry DEVFS_IoControl(…) hit

Unpacks FNIOCTL_PARAMCalls Driver’s XXX_IOControl

4

Entry UD_DevDeviceIoControl(…) hit

DeviceIOControl( CeDuplicateHandle, IOCTL_USERDRIVER_IOCTL,ptrFnIoCtlParam sizeof(FNIOCTL_PARAM), …);

7

5

8

User Mode Driver Data Flow SummaryUser Mode Driver Data Flow Summary

1

Provided by:Provided by:

MicrosoftMicrosoft

IHVIHV

User ApplicationUser Mode Driver Host Process

udevice.exe User Mode DriverUser Mode Driver

Parent Bus Driver

Reflector ServiceDevice Manager

1

2

3 5

6User ModeUser Mode

Kernel ModeKernel Mode

44

Windows XP/CE Windows XP/CE Driver ArchitecturesDriver Architectures

Similarities Similarities Support Kernel DriversSupport Kernel Drivers

Offer UMDF to host User Mode DriversOffer UMDF to host User Mode Drivers

File Handle based APIs to User AppsFile Handle based APIs to User Apps

Differences Differences Device ManagerDevice Manager

Power ManagerPower Manager

Asynchronous versus Synchronous SupportAsynchronous versus Synchronous Support

Interrupt Model – DPCs versus ISTsInterrupt Model – DPCs versus ISTs

Porting Drivers To CE 6.0Porting Drivers To CE 6.0

Drivers will mostly run in the kernelDrivers will mostly run in the kernel

Driver writers must focus on security and stability Driver writers must focus on security and stability more then ever beforemore then ever before

Maximum backwards-compatibility is maintained, Maximum backwards-compatibility is maintained, but some driver modifications are requiredbut some driver modifications are required

Deprecated APIsDeprecated APIs

Asynchronous buffer access will require Asynchronous buffer access will require driver modificationsdriver modifications

User Interface HandlingUser Interface Handling

Windows CE 5.0 Memory ModelWindows CE 5.0 Memory Model

Shared Memory

Kernel

Slot 0 – ExecutionSlot 1 – ROM DLLsSlot 2 – Filesys.exeSlot 3 – Device.exeSlot 4 – GWES.exeSlot 5 – Services.exe

Slot 31Slot 32Slot 33Slot 34

::

Slot 6

SingleSingle2 GB VM2 GB VM

for allfor allProcessesProcesses

2 GB2 GBKernelKernelSpaceSpace

32 Slots for 32 Slots for ProcessesProcesses

Execution Slot and Shared DLL Slot

New CE Memory ModelNew CE Memory Model

Process CodeUser VM

User VMMemory Mapped files

User DLLs

KernelFilesystem

GWESDrivers

. . .

. . .

. .

2 GB2 GBperper

ProcessProcess

2 GBKernelSpace

32 KProcess

Driver Migration SummaryDriver Migration SummaryKey porting topics:Key porting topics:

Access checkingAccess checking

MarshallingMarshalling

Thread permissionsThread permissions

Secure copySecure copy

User interfaceUser interface

User mode driversUser mode drivers

Quick reference guideQuick reference guide

Porting sample code snippetPorting sample code snippet

Access CheckingAccess Checking

In <=CE 5.0, In <=CE 5.0, MapCallerPtrMapCallerPtr was used to validate was used to validate memory pointed to by either memory pointed to by either

Pointer parameters orPointer parameters or

Embedded pointersEmbedded pointers

With CE 6.0 Beta, the kernel performs full With CE 6.0 Beta, the kernel performs full access check on pointer parametersaccess check on pointer parameters

Thus, drivers only need to access check Thus, drivers only need to access check embedded pointersembedded pointers

Use kernel access-check APIs - Use kernel access-check APIs - CeOpenCallerBuffer/CeCloseCallerBufferCeOpenCallerBuffer/CeCloseCallerBuffer to to verify embedded pointersverify embedded pointers

Access Check DiagramAccess Check Diagram

KernelNK.EXE

Hello.exe

Driver.dll Kernel Checks Kernel Checks this Bufferthis Buffer

Driver CallsDriver CallsCeOpenCallerBufferCeOpenCallerBuffer

to check to check this Bufferthis Buffer

Embedded Ptr

2 GB2 GBperper

ProcessProcess

2 GBKernelSpace

Access ChecksAccess Checks

// Now in the New OS Version// In XXX_IOControl...

hr = CeOpenCallerPtrCeOpenCallerPtr( (PVOID*) &g_pMappedEmbedded, pInput->pEmbedded, pInput->dwSize, ARG_I_PTR,

FALSE);// Fail if FAILED(hr) == true

// When done with pointer...hr = CeCloseCallerPtrCeCloseCallerPtr((PVOID) g_pMappedEmbedded, pInput->pEmbedded, pInput->dwSize, ARG_I_PTR );

struct MyStruct { UCHAR *pEmbedded; DWORD dwSize; };

Windows CE 5.0 and prior versions// In XXX_IOControl...

g_pMappedEmbedded = MapCallerPtrMapCallerPtr(p->pEmbedded);// Fail if g_pMappedEmbedded == NULL ...

MarshallingMarshalling

<= Windows CE 5.0, the MapCallerPtr API also <= Windows CE 5.0, the MapCallerPtr API also handled pointer marshalling for both handled pointer marshalling for both

Pointer parameters as well as Pointer parameters as well as

Embedded pointersEmbedded pointers

With the next Windows CE version, Marshalling With the next Windows CE version, Marshalling depends on whether the pointers are used depends on whether the pointers are used

Synchronously or Synchronously or

AsynchronouslyAsynchronously

Important!Important!Synchronous here means accessing the caller’s buffer Synchronous here means accessing the caller’s buffer on the caller’s thread contexton the caller’s thread context

MarshallingMarshalling

When pointers are used synchronouslyWhen pointers are used synchronouslyThe caller’s address space is accessible The caller’s address space is accessible for the lifetime of the call for the lifetime of the call

Eliminates any marshalling needs for both Eliminates any marshalling needs for both embedded and pointer parametersembedded and pointer parameters

Employs Direct Access MarshallingEmploys Direct Access Marshalling

If used asynchronouslyIf used asynchronouslyIt’s critical that the caller buffer is accessible when the It’s critical that the caller buffer is accessible when the caller’s address space is unavailablecaller’s address space is unavailable

Use the new OS marshalling helper APIs Use the new OS marshalling helper APIs CeAllocAsynchronousBuffer/ CeAllocAsynchronousBuffer/ CeFreeAsynchronousBufferCeFreeAsynchronousBuffer

KernelNK.EXE

Driver.dll

App.exeApp.exe Test.exeTest.exe Hello.exeHello.exeApp.exe Test.exe Hello.exe

Synchronous Access Synchronous Access DiagramDiagram

Hello.exeHello.exeApp.exeApp.exe

Test.exeTest.exe

NK.EXE

Drv.dll

Hello.exeHello.exeApp.exeApp.exe Hello.exeApp.exe

Asynchronous Access DiagramAsynchronous Access Diagram

000000000000000000000000

Driver Thread Driver Thread in NK.EXEin NK.EXE

App.exeApp.exe

Hello.exeHello.exe

000000000000000000000000

CeAllocAsynchronousBufferCeAllocAsynchronousBufferCeFreeAsynchronousBufferCeFreeAsynchronousBuffer

11111111111111111111111111

11111111111111111111111111

MarshallingMarshalling

// Now in the New OS Version

// In XXX_IOControl after CeOpenCallerPtr generates// g_pMappedEmbedded...

hr = CeAllocAsynchronousBufferCeAllocAsynchronousBuffer( (PVOID*) &g_pMarshalled, g_pMappedEmbedded, pInput->dwSize, ARG_I_PTR);// Fail if FAILED(hr) == true

// When done with pointer...hr = CeFreeAsynchronousBufferCeFreeAsynchronousBuffer( (PVOID) g_pMarshalled, g_pMappedEmbedded, pInput->dwSize, ARG_I_PTR);

// Now call CeCloseCallerBuffer as usual...

// Windows CE 5.0 and prior versions// In XXX_IOControl...g_pMappedEmbedded = MapCallerPtr( p->pEmbedded );// Fail if g_pMappedEmbedded == NULL ...

Thread PermissionsThread Permissions

<= Windows CE 5.0, <= Windows CE 5.0, PSLs had access to caller buffers as execution took PSLs had access to caller buffers as execution took place in the caller’s thread contextplace in the caller’s thread context

Other threads like ISTs did not have Other threads like ISTs did not have access to the caller’s bufferaccess to the caller’s buffer

Such threads thus called SetProcPermissions API Such threads thus called SetProcPermissions API

With Windows CE 6.0 Beta,With Windows CE 6.0 Beta,SetProcPermissions API is now deprecatedSetProcPermissions API is now deprecated

The CeAllocAsynchronousBuffer API marshals The CeAllocAsynchronousBuffer API marshals the caller’s buffer into the kernel’s VMthe caller’s buffer into the kernel’s VM

Thereby eliminating the need to change the Thereby eliminating the need to change the thread’s permission in any mannerthread’s permission in any manner

Secure Copy/PQDSecure Copy/PQDTo Secure CopyTo Secure Copy

UseUse CeAllocDuplicateBuffer / CeFreeDuplicateBufferCeAllocDuplicateBuffer / CeFreeDuplicateBuffer APIs APIs

Copies caller’s buffer to prevent from asynchronous modifications Copies caller’s buffer to prevent from asynchronous modifications

Points to notePoints to note

ScenarioScenario Helper APIsHelper APIs EffectEffectDriver Driver accesses accesses caller’s buffer caller’s buffer asynchronouslasynchronously y

Driver inherently uses Driver inherently uses CeAllocAsynchronousBuffer CeAllocAsynchronousBuffer / / CeFreeAsynchronousBufferCeFreeAsynchronousBuffer

for marshallingfor marshalling

Could simply map the Could simply map the user’s VM buffer using user’s VM buffer using VirtualCopy.VirtualCopy.

User buffer is User buffer is not copiednot copied

Handling Handling Embedded Embedded PointersPointers

Driver inherently employs Driver inherently employs CeOpenCallerBufferCeOpenCallerBuffer for for access checkingaccess checking

To Secure-Copy call the API To Secure-Copy call the API with the with the ForceDuplicate ForceDuplicate parameter set to TRUEparameter set to TRUE

By default – does not By default – does not copy caller’s buffercopy caller’s buffer

Set Set ForceDuplicateForceDuplicate =TRUE=TRUE

This local buffer copy is This local buffer copy is freed upon calling freed upon calling CeCloseCallerBufferCeCloseCallerBuffer

User InterfaceUser Interface

<= Windows CE 5.0 drivers ran in user mode<= Windows CE 5.0 drivers ran in user mode

Hence, could display UI without any restrictionsHence, could display UI without any restrictions

With Windows CE 6.0 Beta, most drivers run in kernelWith Windows CE 6.0 Beta, most drivers run in kernel

CommCtrl.dll is not loaded in the kernelCommCtrl.dll is not loaded in the kernel

Kernel drivers need to forward the UI request to a User Mode DLLKernel drivers need to forward the UI request to a User Mode DLL

Code up User Mode DLL and export a function that implements the Code up User Mode DLL and export a function that implements the required UI displaying required UI displaying

Pass the DLL and function name to Pass the DLL and function name to CeCallUserProcCeCallUserProc Helper API, with Helper API, with in/out buffers to display desired driver UIin/out buffers to display desired driver UI

Restriction on embedded pointersRestriction on embedded pointersNeed to flatten the structureNeed to flatten the structure

Handle the embedded pointers as offsets in your User Mode DLLHandle the embedded pointers as offsets in your User Mode DLL

Porting To User ModePorting To User Mode

User mode drivers do have a Perf impactUser mode drivers do have a Perf impact

The Host/Bus Driver might require The Host/Bus Driver might require changes if the client driver is ported to UMchanges if the client driver is ported to UM

Our goal: Our goal: Kernel drivers should run in user mode Kernel drivers should run in user mode without any modificationswithout any modifications

Though, some security restrictions applyThough, some security restrictions apply

udevice.exeudevice.exe

Drv.dll0101010101010

Embedded Ptr

0000000111111

Embedded PtrHello.exeHello.exe

0101010101010

Embedded Ptr

0000000111111

Embedded Ptr

Ported User Mode Driver Ported User Mode Driver

NK.EXE

Reflector in

Device

Manager

Driver’s Thread Driver’s Thread in udevice.exein udevice.exe

Hello.exeHello.exe

000000000000

0000000000000

1111111111111

Copies Buffer DataCopies Buffer Data1111111111111

00000000000000000000000000

0000000000000

11111111111111111111111111

CeCloseCallerBufferCeCloseCallerBuffer

CeOpenCallerBufferCeOpenCallerBufferOn Embedded PtrOn Embedded Ptr

User Mode RestrictionsUser Mode Restrictions

Embedded PointersEmbedded PointersIssue when UM driver is called from kernel Issue when UM driver is called from kernel

Reflector has notion of pointer parameters Reflector has notion of pointer parameters but not of embedded pointersbut not of embedded pointers

Flatten the Structure containing the Flatten the Structure containing the embedded pointerembedded pointer

User Mode Driver now has to treat User Mode Driver now has to treat embedded pointers as struct offsetsembedded pointers as struct offsets

Will investigate to provide Will investigate to provide Flattening/Unflattening Helper APIsFlattening/Unflattening Helper APIs

udevice.exe

Hello.exe

udevice.exe

Hello.exe

NK.EXE

OffsetEmbedded Ptr

Embedded Pointer RestrictionEmbedded Pointer Restriction

000000000000

Reflector

Hello.exe

Drv.dll

010101010101

Embedded Ptr

010101010101

010101010101

NK.EXE

Offset

User Mode Driver RestrictionsUser Mode Driver Restrictions

APIs Callable Only in Kernel ModeAPIs Callable Only in Kernel ModeHeap APIs – RemoteLocalAlloc, RemoteLocalFreeHeap APIs – RemoteLocalAlloc, RemoteLocalFree

VM APIs – VirtualCopyEx, VirtualAllocCopyExVM APIs – VirtualCopyEx, VirtualAllocCopyEx

FileSys APIs – GetFSHeapInfo, GetRomFileBytesFileSys APIs – GetFSHeapInfo, GetRomFileBytes

Application Call-backsApplication Call-backsCall-forwarding and Call-backs from a User Mode Call-forwarding and Call-backs from a User Mode server to any process are prohibitedserver to any process are prohibited

Cannot Install IISR directly – Can Install Cannot Install IISR directly – Can Install GIISR via ReflectorGIISR via Reflector

Driver Migration SummaryDriver Migration Summary

Drivers move to kernelDrivers move to kernel

Isolate to User Mode if suitableIsolate to User Mode if suitable

Access check embedded pointersAccess check embedded pointers

Asynchronous access demands marshallingAsynchronous access demands marshalling

Some drivers are backward compatibleSome drivers are backward compatible

Move driver UI to user spaceMove driver UI to user space

Enjoy your porting Enjoy your porting

Use CaseUse Case Work RequiredWork Required What the Driver Porting Engineer must doWhat the Driver Porting Engineer must do

Parameter – used Parameter – used synchronouslysynchronously

Access checking andAccess checking andMarshallingMarshallingSecure-copySecure-copy

Nothing; Kernel checks during trap and uses direct accessNothing; Kernel checks during trap and uses direct accessUse CeAllocDuplicateBuffer to make a local copyUse CeAllocDuplicateBuffer to make a local copy

Parameter – used Parameter – used asynchronouslyasynchronously

Access checking andAccess checking andMarshallingMarshalling

Secure-copySecure-copy

Employ CeAllocAsynchronousBuffer/ Employ CeAllocAsynchronousBuffer/ CeFreeAsynchronousBufferCeFreeAsynchronousBuffer – – Prepares for async access Prepares for async access by creating/mapping caller bufferby creating/mapping caller bufferUse CeAllocDuplicateBuffer to make a local copyUse CeAllocDuplicateBuffer to make a local copy

Embedded Embedded pointer – used pointer – used synchronouslysynchronously

Access checking andAccess checking andMarshallingMarshalling

Secure-copySecure-copy

Use CeOpenCallerBuffer/CeCloseCallerBufferUse CeOpenCallerBuffer/CeCloseCallerBufferCall CeOpenCallerBuffer with ForceDuplicate parameter Call CeOpenCallerBuffer with ForceDuplicate parameter set to TRUE or Use CeAllocDuplicateBuffer to make a local set to TRUE or Use CeAllocDuplicateBuffer to make a local copy.copy.

Embedded Embedded pointer – used pointer – used asynchronouslyasynchronously

Access checking andAccess checking andMarshallingMarshalling

Secure-copySecure-copy

Call CeAllocAsynchronousBuffer after you call Call CeAllocAsynchronousBuffer after you call CeOpenCallerBuffer.  CeOpenCallerBuffer.  You must call CeFreeAsynchronousBuffer before you call You must call CeFreeAsynchronousBuffer before you call CeCloseCallerBuffer.CeCloseCallerBuffer. Call CeOpenCallerBuffer with ForceDuplicate set to TRUE Call CeOpenCallerBuffer with ForceDuplicate set to TRUE or Call CeAllocDuplicateBuffer for a local copy.or Call CeAllocDuplicateBuffer for a local copy.

For All CasesFor All CasesDeprecated APIsDeprecated APIs

Remove Deprecated Remove Deprecated APIsAPIs

Go through Deprecated APIs list to remove theGo through Deprecated APIs list to remove theExample: CeGetCallerTrust, SetKMode and so onExample: CeGetCallerTrust, SetKMode and so on

For All CasesFor All CasesUI/Dialog boxesUI/Dialog boxes

UI calls in kernel will UI calls in kernel will always return failurealways return failureUse CeCallUserProcUse CeCallUserProc

Code up user mode dll exporting the function that Code up user mode dll exporting the function that implements the required UI displaying. implements the required UI displaying. Then call CeCallUserProc API with dll and function name Then call CeCallUserProc API with dll and function name as input parameters.as input parameters.

Porting Quick Reference GuidePorting Quick Reference Guide

Call To ActionCall To Action

Help grow the Mobile and Embedded worldHelp grow the Mobile and Embedded world

Write drivers for Windows CE and sell ChipsWrite drivers for Windows CE and sell Chips

Join the Windows CE Driver Development Program Join the Windows CE Driver Development Program http://msdn.microsoft.com/embedded/usewinemb/ce/http://msdn.microsoft.com/embedded/usewinemb/ce/drivers/driverdev/default.aspxdrivers/driverdev/default.aspx Port your existing drivers to Windows CE 6.0Port your existing drivers to Windows CE 6.0

Post your driver on Windows CE’s Post your driver on Windows CE’s Supported Drivers web site Supported Drivers web site http://msdn.microsoft.com/embedded/usewinemb/ce/http://msdn.microsoft.com/embedded/usewinemb/ce/drivers/supdrivers/default.aspxdrivers/supdrivers/default.aspx

Additional ResourcesAdditional Resources

Web ResourcesWeb Resourceshttp://http://msdn.microsoft.com/embedded/windowsce/default.aspxmsdn.microsoft.com/embedded/windowsce/default.aspx

Related WinHEC 2006 SessionsRelated WinHEC 2006 SessionsFuture Directions for the Windows CE Operating Future Directions for the Windows CE Operating System Architecture System Architecture

Future Directions for the Windows CE Test KitFuture Directions for the Windows CE Test Kit

User-Mode Driver Framework: Introduction User-Mode Driver Framework: Introduction and Overviewand Overview

CeDrvTrg @ microsoft.comCeDrvTrg @ microsoft.com

Community ResourcesCommunity Resources

Community SitesCommunity Siteshttp://www.microsoft.com/communities/default.mspxhttp://www.microsoft.com/communities/default.mspx

List of NewsgroupsList of Newsgroupshttp://communities2.microsoft.com/communities/newsgroups/en-us/dhttp://communities2.microsoft.com/communities/newsgroups/en-us/default.aspxefault.aspx

Attend a free chat or webcastAttend a free chat or webcasthttp://www.microsoft.com/communities/chats/default.mspxhttp://www.microsoft.com/communities/chats/default.mspx

http://www.microsoft.com/seminar/events/webcasts/default.mspxhttp://www.microsoft.com/seminar/events/webcasts/default.mspx

Questions?Questions?

Q & AQ & A

Thank you allThank you all

© 2006 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries.The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions,

it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.