Microsoft bug-checking tools promise fewer crashes

Company delivers new versions of source code analysis tools that seek to eliminate common flaws in driver software.

Joris Evers Staff Writer, CNET News.com
Joris Evers covers security.
Joris Evers
3 min read
SEATTLE--Microsoft is readying two tools to help hardware makers create more stable and secure Windows drivers, which should help reduce the number of crashes.

The tools, PreFast for Drivers and Static Driver Verifier, are source code analysis tools that find common flaws in driver source code, so they can be fixed. Second beta versions were released at the Windows Hardware Engineering Conference here this week, alongside new trials of Windows Vista and Windows Server "Longhorn."

"We're hoping that reliability and robustness for drivers will improve," Jon Hagen, a Microsoft developer who works on the Static Driver Verifier, said in an interview at WinHEC. "There is a need because of the complexity of writing kernel drivers...We're doing this to avoid blue screens."

Windows requires driver software to run hardware that is built-in or connected to a PC. A buggy driver can cause a lot of trouble. In particular, errors in the kernel mode drivers, which run hardware such as network interface cards and hard disk drives, can cause fatal crashes that result in the famous "blue screen of death."

Kernel mode drivers operate at a low level in Windows. There are also user-mode drivers, which run printers, graphics, USB devices and other hardware. Crashes in those drivers can typically be overcome without rebooting, according to Microsoft. Drivers are developed by Microsoft as well as by hardware makers, which make up the WinHEC audience.

"You do something wrong in the user space, and you can get away with a lot," said Donn Terry, a Microsoft developer who works on PreFast for Drivers. "A kernel mode driver is fully privileged and can reach down anywhere (in the operating system) it likes. That's the reason you don't like rootkits as much."

Rootkits are malicious software that offer a hiding place on a PC for unwanted programs, such as remote control software or spyware. Experts predict a rise in the use of rootkits in cyberattacks.

Running driver code through the analyzer tools can help eradicate a wide range of flaws and save the user a lot of potential headaches, Terry said. "The absence of all these nasty bugs means you don't have security holes, attack vectors or reliability bugs," he said. "Drivers will be better in a lot of dimensions, but none of these tools can be perfect."

For Windows Vista, Microsoft will put its drivers through a checking process, Terry said. The tools will also work on drivers for earlier versions of Windows, back to Windows 2000. The Static Driver Verifier is meant specifically for kernel mode drivers, while PreFast for Drivers works on all driver types, according to Microsoft.

A first beta, or test version, of both driver bug-check tools was released at last year's WinHEC event, which was the first time external developers could get their hands on them. Since then the team has added and refined rules, Hagen said.

The tools are part of Microsoft's Windows Driver Development kit. Microsoft's Visual Studio, the toolset used by many programmers who create Windows applications, is not officially meant for driver development and does not include the driver bug-check functionality, Terry said.