Intercept: Profiling Windows Network Device Drivers

摘要

Device drivers account for a substantial part of the operating system (OS), since they implement the code that interfaces the components connected to a computer system. Unfortunately, in the large majority of cases, hardware vendors do not release their code, making the analysis of failures attributed to device drivers extremely difficult. Although several instrumentation tools exist, most of them are useless to study device drivers as they work at user level. This paper presents Intercept, a tool that profiles Windows Device Drivers (WDD) and logs the driver interactions with the OS core at function level. The tool helps to understand how a WDD works and can provide support for several activities, such as debugging, robustness testing, or reverse engineering. Experiments using Ethernet, Wi-Fi and Bluetooth device drivers show that Intercept is able to record function calls, parameters and return values, with small overheads even when the device driver under test is subject to a heavy workload.