Partager via


Best Practices for More Secure and Reliable Device Drivers (Windows Embedded CE 6.0)

1/6/2010

Device drivers should not unexpectedly crash or unexpectedly elevate privilege.

The following list shows best practices for security and reliability:

  • Use structured exception handling (SEH) only as needed. SEH is also known as __try/__except blocks.

  • Check access permissions on nested pointers in IOCTL calls.

  • Check access permissions on nested pointers in non-stream interface driver entry points, such as the GWES keyboard functions.

  • Use the Ceddk.dll functions to access hardware.
    Do not use the macros in Wdm.h.

  • Check return values for any function calls that can fail or return unexpected results.

  • Use DEBUGCHK or a related macro to check assumptions, but appropriately handle the error circumstances that can occur.

  • Perform thorough threat modeling and mitigation.

  • Use CeAllocAsynchronousBuffer and SEH when an internal thread accesses an externally provided buffer. This function marshals the buffer of the caller into the virtual memory of the kernel. In Windows Embedded CE 6.0, you do not need to change the permission of the thread to access the externally provided buffer.

  • Verify that any applications that call into a device driver are trusted.

  • Check the trust of the calling application with the CeGetCallerTrust function. Then, if necessary, enforce access to trusted callers only with the DEVFLAGS_TRUSTEDCALLERONLY Flags registry value.

  • Use the C/C++ Code Analysis.

See Also

Reference

ActivateDeviceEx

Concepts

CEDDK Dynamic-Link Library
Device Manager Security
Windows Embedded CE Drivers

Other Resources

Best Practices for Developing a Device Driver
Controlling Debug Message Output With Macros