Tag, you’re it

I’ve been spending the last couple of days tracking down a bug in a driver I am writing. The effort reminded me of how great tags on memory allocations and frees can be. Also, the work reminded me that there are at least a couple of features Microsoft does not promote and I rarely see. For the uninitiated, tags are a four character value that is passed as an argument in memory allocation calls. The tag gives you a way to identify what the memory was allocated for by having a different tag for each common structure allocated. Here is … Continue reading Tag, you’re it

Using the event log in your driver

I wrote previously that drivers should use the event log.   This time I am going to give some things to consider when using events. The challenge for using the event log is that many components use it poorly.  The two common problems are superfluous messages and lazy definitions.  The event log is commonly configured as a circular log with a limited capacity.  Thus, having a bunch of superfluous messages can cause the important events that lead up to a failure to be lost. If you want to put in things like the driver started or stopped, provide a registry value … Continue reading Using the event log in your driver

Why your driver should use the event log

Do you use the event log in your driver?  Event logging should be standard in almost every driver, yet few drivers support logging.  Event logging is the place to record anomalous conditions and events that are detected by your code. Specifically, it is the recognized way to report errors that are not related to a particular request to the device.  The event log consists of small records about events of interest.  The record is based on an NTSTATUS code, whether it is a standard code or a custom status code for your software.  Think of the event log as a … Continue reading Why your driver should use the event log