[HN Gopher] Writing a Simple Windows Driver in Rust
___________________________________________________________________
Writing a Simple Windows Driver in Rust
Author : ingve
Score : 117 points
Date : 2025-02-08 17:25 UTC (5 hours ago)
(HTM) web link (scorpiosoftware.net)
(TXT) w3m dump (scorpiosoftware.net)
| mastax wrote:
| I had an idea to write a filesystem filter driver which would let
| you configure path remapping rules of sorts, depending on the
| application. Things like:
|
| - %userprofile%\\.vscode -> %appdata%\vscode
|
| - %CSIDL_MYDOCUMENTS%\Call of Duty -> %userprofile%\Saved
| Games\Call of Duty
|
| Because my documents and home directories filling up with a bunch
| of garbage which _has a designated place on the filesystem_
| filled me with impotent rage. I scaffolded out a project to write
| a filter driver in rust, read through the minifilter
| documentation, realized how much work it was going to be, and
| gave up.
|
| I have made my peace with the fact that a windows system is just
| going to be filled with garbage.
| mastax wrote:
| Huh my Documents folder is weirdly empty, where did-
|
| > Shortcut to Documents (OneDrive - Personal)
|
| Oh good, now all that garbage is being synced across machines.
| Lovely.
| rkagerer wrote:
| I just completely ignore the My Documents toxic waste dump, and
| use a different place (with a shorter path) for files I
| actually care about. I might have created directory junctions
| to redirect one or two programs that hardcode their data
| location.
| pjmlp wrote:
| Just like a UNIX file system ends up filled with .dotfiles
| garbage I didn't ask about to have around.
|
| And better know where they come from, as there is no clean way
| to safely remove them.
| nicce wrote:
| > Just like a UNIX file system ends up filled with .dotfiles
| garbage I didn't ask about to have around.
|
| Which one is better - a configuration file in some place or
| default configuration buried inside binary blob?
| ddulaney wrote:
| Default configuration IMO.
|
| I actually really like the way git does it, where it reads
| each of these in order, last one wins.
|
| - Default configuration compiled in
|
| - Global configuration
|
| - Per-user configuration
|
| - Per-project configuration
|
| You can opt-in to however much configuration complexity you
| need. Just cloning the occasional thing? Don't bother
| configuring, the global defaults are probably good enough.
| Simple commits and pushes? Make a user-level dotfile in
| your $XDG_CONFIG_HOME to set some basic info. Complex per-
| project aliases? If you want that, go ahead and opt in.
|
| Contrast that with programs that just dump their whole
| default config into my home dir on first run. Just filling
| up with nonsense, often no way to tell what I changed or
| didn't.
| nicce wrote:
| That is good one, I agree. I have seen some odd cases,
| where the configuration options were hided too well when
| they were compiled to the binary itself. But that is
| probably an another issue.
| hulitu wrote:
| > You can opt-in to however much configuration complexity
| you need.
|
| TO DO. /s
| pjmlp wrote:
| Hardly makes a difference when the outcome is the same.
|
| Also no one edits text files by hand, we use tools for
| that, tools that manipulate what is anyway a stream of
| bytes, whose meaning is given by whatever tool is used to
| manipulate such stream of bytes.
| p_ing wrote:
| Just get a registry! Problem solved ;)
|
| Apps are terrible at this on Windows. Sometimes it's in
| %USERPROFILE%, sometimes in _one of the three_ %appdata%
| folders, then My Docs, other times in %ProgramData%, and even
| worse, %PUBLIC%.
|
| There's a registry for a reason, but even Microsoft doesn't
| use it for x-platform apps.
| pjmlp wrote:
| Like GNOME?
|
| There are rules when to use what, but usually folks rather
| code away instead of reading documentation.
| keyringlight wrote:
| The only way I can see it getting solved is the OS
| sandboxing everything behind the scenes, redirecting
| everything the application spews in random locations to The
| One True Profile Folder per application. Even then it
| wouldn't be without challenges, off the top of my head some
| method if you actually wanted an application to get out of
| its sandbox and look at the real documents folder, another
| method for App1 to look at files in App2's sandbox (and
| detecting when this is desired), or what to do if an
| application is able to change how it identifies itself to
| the OS (new versions?).
| the8472 wrote:
| maybe if microsoft had a registryfs...
| p_ing wrote:
| You can browse/manipulate the registry with PowerShell.
| There's an OOTB provider for it. cd
| HKCU:
|
| https://learn.microsoft.com/powershell/scripting/samples/
| wor...
| jandrese wrote:
| Dotfiles are going out of fashion as most stuff ends up in
| .config now.
| adastra22 wrote:
| That's a dotfile...
| paride5745 wrote:
| What is meant is that instead of ~/.app/config, you are
| getting now ~/.config/app/config.
|
| It's much cleaner and it comes with a more logical and
| useful split of config and cache stuff, e.g. you can just
| skip .cache when rsync-ing to a remote storage instead of
| having a long list of per-app escapes...
| hulitu wrote:
| > And better know where they come from, as there is no clean
| way to safely remove them.
|
| Add a cron job to delete them ? /s
| antithesis-nl wrote:
| > I have made my peace with the fact that a windows system is
| just going to be filled with garbage
|
| Or, you know, create a "%USERPROFILE%\Desktop\Actual Documents"
| folder and set that as the default open/save location in the
| applications you care about?
|
| The pollution of the "My Documents" folder is unfortunate, yet
| nothing new, and not exactly limited to Windows (I mean, even
| on supposedly-perfect MacOS, I have to tolerate various game
| save crap under 'Documents', not to mention various 'helpful'
| vendor detritus), and _not_ something that you would want to
| write a device driver for.
|
| (That being said, hello Rust people, welcome to the Windows
| kernel! Personally, I've been enjoying the freedom to write C#
| drivers for years, with a minimal C++ wrapper, and I'm looking
| forward to the fruits of your creativity!)
| lostmsu wrote:
| He could also replace the folders with hidden junctions or
| symlinks.
| the8472 wrote:
| symlink + mark it as hidden?
| 7bit wrote:
| > - %CSIDL_MYDOCUMENTS%\Call of Duty -> %userprofile%\Saved
| Games\Call of Duty
|
| That is a fight not worth fighting. Even Microsoft does not
| give a care in the world when deciding on storage locations and
| they put files directly in your %USERPROFILE% folder. Often
| also naming them like Linux/Unix dotfiles. I have opened
| tickets, pointing them to Microsoft documentation clearly
| stating that this is not how it should be, but they just don't
| care.
|
| Still, it is infuriating seeing so much willful ignorance, when
| choosing the correct location is a decision just as quick as
| choosing the wrong location.
| ww520 wrote:
| May be using a symlink or a junction to redirect the folders?
|
| mklink /d link_src target_dir
|
| mklink /J link_src target_dir
|
| This has good discussion on the plus and minus of both.
| https://superuser.com/questions/343074/directory-junction-vs...
| dist-epoch wrote:
| Microsoft/Windows itself puts a bunch of junk in the home
| folder, and to make things worse, they have extra long names:
| ntuser.ini ntuser.dat.LOG1 ntuser.dat.LOG2
| NTUSER.DAT
| NTUSER.DAT{b2352f18-cdbf-1122-8680-002248483d79}.TM.blf
| NTUSER.DAT{b2352f18-cdbf-1122-8680-002248483d79}.TMContainer000
| 00000000000000001.regtrans-ms NTUSER.DAT{b2352f18-cdbf-
| 1122-8680-002248483d79}.TMContainer00000000000000000002.regtran
| s-ms
| zamadatix wrote:
| You have to go pretty out of your way as a user to actually
| see those transaction logs though vs what GP is talking about
| with blatant pollution the user is actually expected to see
| and interact with.
| delta_p_delta_x wrote:
| These files correspond to the HKCU registry hive. There is
| really no better place to put them, because even the location
| of %LOCALAPPDATA% and %APPDATA% can be controlled... in the
| registry.
| dist-epoch wrote:
| they could have shorter names
| p_ing wrote:
| They're transaction log files for HKCU. Microsoft
| typically uses GUIDs to prevent name collisions.
| ryandrake wrote:
| Windows is not the only operating system treating the user's
| filesystem as a dumping ground. I don't know how many times I
| keep deleting .DS_Store, .fseventsd and extra files named
| ._xxxx but that doesn't keep Apple from dumping them all over
| my filesystem.
|
| At least macOS has one place to install applications, one place
| for the user's documents, and most apps somehow respect them.
| Then, you have designated dumping grounds like ~/Library that
| contains tons of junk I have no idea whether I need or not.
| p_ing wrote:
| Two places. /Applications and ~/Applications.
|
| More, if you count UN*X binaries.
| _blk wrote:
| ...And you'll start having dot files and dot folders in
| your home when you start using brew...
| KronisLV wrote:
| > At least macOS has one place to install applications, one
| place for the user's documents, and most apps somehow respect
| them.
|
| I actually like that simplicity more than how many things FHS
| describes for the various Linux distros:
| https://en.wikipedia.org/wiki/Filesystem_Hierarchy_Standard
|
| Like, when a developer just wants to ship a product and
| doesn't have that much free time, it's understandable that
| tidy things will be overlooked.
|
| Maybe something like
| https://www.gobolinux.org/at_a_glance.html would help with
| that.
| jeroenhd wrote:
| Marking files as hidden seems easier on Windows. I find it much
| more annoying to hide files on Linux (especially folders like
| ~/snap which can't be renamed).
|
| If there's anything I've heard about drivers, though, it's that
| filesystem drivers are particularly annoying to write.
|
| If you want to simply hide the files from view, you may have an
| easier time writing a shell plug-in. You have to deal with COM,
| but you're less likely to take down the whole system.
| the__alchemist wrote:
| Interesting! This looks very different from embedded drivers,
| which I've done a lot of in rust. Those are mostly reg reads,
| writes, bit shifting, DMA, and data sheet references.
| ilrwbwrkhv wrote:
| Great article and even more impressive design of the blog. Just
| clean straight forward easy on the eyes and loads instantly.
| gpm wrote:
| Semi-related, anyone have any up to date information on rust
| usage in the windows kernel?
|
| Almost 2 years ago they said "36,000 lines of code including a
| systemcall" [1], I'm curious how that project has progressed.
|
| [1] https://www.thurrott.com/windows/282471/microsoft-is-
| rewriti...
| jsheard wrote:
| I haven't heard anything about the kernel but they're still
| trucking along with using Rust for other sensitive low-level
| stuff, most recently in their security processor:
|
| https://techcommunity.microsoft.com/blog/windows-itpro-blog/...
| justmarc wrote:
| Some 25 years ago I was tasked with writing a certain driver for
| Windows.
|
| Being totally migrated to Linux by then I refused to use Windows
| for writing as well as building it, so I worked hard to build it
| with MSYS.
|
| Long story short, I made it, and the driver worked great.
|
| I _think_ I had to write a patcher for the resulting PE (.sys) to
| get it to actually load.
|
| Fun times.
| AndrewGaspar wrote:
| The code here looks to be essentially C with different syntax -
| every function marked unsafe, all resources manually managed.
| Sorry to be blunt, but what's the point of this?
| AndrewGaspar wrote:
| And I don't know how I missed this, but attempting to use the
| `UNICODE_STRING` returned in `string_to_ustring` is a
| guaranteed use after free. If you're interested in writing
| Windows kernel code, this is not the place to start.
___________________________________________________________________
(page generated 2025-02-08 23:00 UTC)