Device driver

Last updated

In computing, a device driver is a computer program that operates or controls a particular type of device that is attached to a computer or automaton. [1] A driver provides a software interface to hardware devices, enabling operating systems and other computer programs to access hardware functions without needing to know precise details about the hardware being used.


A driver communicates with the device through the computer bus or communications subsystem to which the hardware connects. When a calling program invokes a routine in the driver, the driver issues commands to the device (drives it). Once the device sends data back to the driver, the driver may invoke routines in the original calling program.

Drivers are hardware dependent and operating-system-specific. They usually provide the interrupt handling required for any necessary asynchronous time-dependent hardware interface. [2]


The main purpose of device drivers is to provide abstraction by acting as a translator between a hardware device and the applications or operating systems that use it. [1] Programmers can write higher-level application code independently of whatever specific hardware the end-user is using. For example, a high-level application for interacting with a serial port may simply have two functions for "send data" and "receive data". At a lower level, a device driver implementing these functions would communicate to the particular serial port controller installed on a user's computer. The commands needed to control a 16550 UART are much different from the commands needed to control an FTDI serial port converter, but each hardware-specific device driver abstracts these details into the same (or similar) software interface.


Writing a device driver requires an in-depth understanding of how the hardware and the software works for a given platform function. Because drivers require low-level access to hardware functions in order to operate, drivers typically operate in a highly privileged environment and can cause system operational issues if something goes wrong. In contrast, most user-level software on modern operating systems can be stopped without greatly affecting the rest of the system. Even drivers executing in user mode can crash a system if the device is erroneously programmed. These factors make it more difficult and dangerous to diagnose problems. [3]

The task of writing drivers thus usually falls to software engineers or computer engineers who work for hardware-development companies. This is because they have better information than most outsiders about the design of their hardware. Moreover, it was traditionally considered in the hardware manufacturer's interest to guarantee that their clients can use their hardware in an optimum way. Typically, the Logical Device Driver (LDD) is written by the operating system vendor, while the Physical Device Driver (PDD) is implemented by the device vendor. However, in recent years, non-vendors have written numerous device drivers for proprietary devices, mainly for use with free and open source operating systems. In such cases, it is important that the hardware manufacturer provide information on how the device communicates. Although this information can instead be learned by reverse engineering, this is much more difficult with hardware than it is with software.

Microsoft has attempted to reduce system instability due to poorly written device drivers by creating a new framework for driver development, called Windows Driver Frameworks (WDF). This includes User-Mode Driver Framework (UMDF) that encourages development of certain types of drivers—primarily those that implement a message-based protocol for communicating with their devices—as user-mode drivers. If such drivers malfunction, they do not cause system instability. The Kernel-Mode Driver Framework (KMDF) model continues to allow development of kernel-mode device drivers, but attempts to provide standard implementations of functions that are known to cause problems, including cancellation of I/O operations, power management, and plug and play device support.

Apple has an open-source framework for developing drivers on macOS, called I/O Kit.

In Linux environments, programmers can build device drivers as parts of the kernel, separately as loadable modules, or as user-mode drivers (for certain types of devices where kernel interfaces exist, such as for USB devices). Makedev includes a list of the devices in Linux, including ttyS (terminal), lp (parallel port), hd (disk), loop, and sound (these include mixer, sequencer, dsp, and audio). [4]

Microsoft Windows .sys files and Linux .ko files can contain loadable device drivers. The advantage of loadable device drivers is that they can be loaded only when necessary and then unloaded, thus saving kernel memory.

Kernel mode vs. user mode

Device drivers, particularly on modern Microsoft Windows platforms, can run in kernel-mode (Ring 0 on x86 CPUs) or in user-mode (Ring 3 on x86 CPUs). [5] The primary benefit of running a driver in user mode is improved stability, since a poorly written user-mode device driver cannot crash the system by overwriting kernel memory. [6] On the other hand, user/kernel-mode transitions usually impose a considerable performance overhead, thus making kernel-mode drivers preferred for low-latency networking.

Kernel space can be accessed by user module only through the use of system calls. End user programs like the UNIX shell or other GUI-based applications are part of user space. These applications interact with hardware through kernel supported functions.


Because of the diversity of modern hardware and operating systems, drivers operate in many different environments. [7] Drivers may interface with:

Common levels of abstraction for device drivers include:

So choosing and installing the correct device drivers for given hardware is often a key component of computer system configuration. [9]

Virtual device drivers

Virtual device drivers represent a particular variant of device drivers. They are used to emulate a hardware device, particularly in virtualization environments, for example when a DOS program is run on a Microsoft Windows computer or when a guest operating system is run on, for example, a Xen host. Instead of enabling the guest operating system to dialog with hardware, virtual device drivers take the opposite role and emulates a piece of hardware, so that the guest operating system and its drivers running inside a virtual machine can have the illusion of accessing real hardware. Attempts by the guest operating system to access the hardware are routed to the virtual device driver in the host operating system as e.g.,  function calls. The virtual device driver can also send simulated processor-level events like interrupts into the virtual machine.

Virtual devices may also operate in a non-virtualized environment. For example, a virtual network adapter is used with a virtual private network, while a virtual disk device is used with iSCSI. A good example for virtual device drivers can be Daemon Tools.

There are several variants of virtual device drivers, such as VxDs, VLMs, and VDDs.

Open source drivers

Solaris descriptions of commonly used device drivers:



A device on the PCI bus or USB is identified by two IDs which consist of 4 hexadecimal numbers each. The vendor ID identifies the vendor of the device. The device ID identifies a specific device from that manufacturer/vendor.

A PCI device has often an ID pair for the main chip of the device, and also a subsystem ID pair which identifies the vendor, which may be different from the chip manufacturer.


Devices often have a large number of diverse and customized device drivers running in their operating system (OS) kernel and often contain various bugs and vulnerabilities, making them a target for exploits. [16] Bring Your Own Vulnerable Driver (BYOVD) uses signed, old drivers that contain flaws that allow hackers to insert malicious code into the kernel. [17]

There is a lack of effective kernel vulnerability detection tools, especially for closed-source OSes such as Microsoft Windows [18] where the source code of the device drivers is mostly not public (open source) [19] and the drivers often also have many privileges. [20] [21] [22] [23]

Such vulnerabilities also exist in drivers in laptops, [24] drivers for WiFi and bluetooth, [25] [26] gaming/graphics drivers, [27] and drivers in printers. [28]

A group of security researchers considers the lack of isolation as one of the main factors undermining kernel security, [29] and published a isolation framework to protect operating system kernels, primarily the monolithic Linux kernel which, according to them, gets ~80,000 commits/year to its drivers. [30] [31]

An important consideration in the design of a kernel is the support it provides for protection from faults (fault tolerance) and from malicious behaviours (security). These two aspects are usually not clearly distinguished, and the adoption of this distinction in the kernel design leads to the rejection of a hierarchical structure for protection. [32]

The mechanisms or policies provided by the kernel can be classified according to several criteria, including: static (enforced at compile time) or dynamic (enforced at run time); pre-emptive or post-detection; according to the protection principles they satisfy (e.g., Denning [33] [34] ); whether they are hardware supported or language based; whether they are more an open mechanism or a binding policy; and many more.

See also

Related Research Articles

<span class="mw-page-title-main">Operating system</span> Software that manages computer hardware resources

An operating system (OS) is system software that manages computer hardware and software resources, and provides common services for computer programs.

In computing, the Windows Driver Model (WDM) – also known at one point as the Win32 Driver Model – is a framework for device drivers that was introduced with Windows 98 and Windows 2000 to replace VxD, which was used on older versions of Windows such as Windows 95 and Windows 3.1, as well as the Windows NT Driver Model.

Hardware abstractions are sets of routines in software that provide programs with access to hardware resources through programming interfaces. The programming interface allows all devices in a particular class C of hardware devices to be accessed through identical interfaces even though C may contain different subclasses of devices that each provide a different hardware interface.

<span class="mw-page-title-main">UEFI</span> Operating system and firmware specification

UEFI is a set of specifications written by the UEFI Forum. They define the architecture of the platform firmware used for booting and its interface for interaction with the operating system. Examples of firmware that implement these specifications are AMI Aptio, Phoenix SecureCore Tiano, TianoCore EDK II and InsydeH2O.

<span class="mw-page-title-main">USB mass storage device class</span>

The USB mass storage device class is a set of computing communications protocols, specifically a USB Device Class, defined by the USB Implementers Forum that makes a USB device accessible to a host computing device and enables file transfers between the host and the USB device. To a host, the USB device acts as an external hard drive; the protocol set interfaces with a number of storage devices.

In computing, paravirtualization or para-virtualization is a virtualization technique that presents a software interface to the virtual machines which is similar, yet not identical, to the underlying hardware–software interface.

<span class="mw-page-title-main">QEMU</span> Free virtualization and emulation software

QEMU is a free and open-source emulator. It emulates the machine's processor through dynamic binary translation and provides a set of different hardware and device models for the machine, enabling it to run a variety of guest operating systems. It can interoperate with Kernel-based Virtual Machine (KVM) to run virtual machines at near-native speed. QEMU can also do emulation for user-level processes, allowing applications compiled for one architecture to run on another.

<span class="mw-page-title-main">Architecture of Windows NT</span> Overview of the architecture of the Microsoft Windows NT line of operating systems

The architecture of Windows NT, a line of operating systems produced and sold by Microsoft, is a layered design that consists of two main components, user mode and kernel mode. It is a preemptive, reentrant multitasking operating system, which has been designed to work with uniprocessor and symmetrical multiprocessor (SMP)-based computers. To process input/output (I/O) requests, they use packet-driven I/O, which utilizes I/O request packets (IRPs) and asynchronous I/O. Starting with Windows XP, Microsoft began making 64-bit versions of Windows available; before this, there were only 32-bit versions of these operating systems.

<span class="mw-page-title-main">ACPI</span> Computer firmware interface standard

Advanced Configuration and Power Interface (ACPI) is an open standard that operating systems can use to discover and configure computer hardware components, to perform power management, auto configuration, and status monitoring. First released in December 1996, ACPI aims to replace Advanced Power Management (APM), the MultiProcessor Specification, and the Plug and Play BIOS (PnP) Specification. ACPI brings power management under the control of the operating system, as opposed to the previous BIOS-centric system that relied on platform-specific firmware to determine power management and configuration policies. The specification is central to the Operating System-directed configuration and Power Management (OSPM) system. ACPI defines hardware abstraction interfaces between the device's firmware, the computer hardware components, and the operating systems.

<span class="mw-page-title-main">Protection ring</span> Layer of protection in computer systems

In computer science, hierarchical protection domains, often called protection rings, are mechanisms to protect data and functionality from faults and malicious behavior.

<span class="mw-page-title-main">Apple–Intel architecture</span> Unofficial name used for Macintosh models that use Intel x86 processors

The Apple–Intel architecture, or Mactel, is an unofficial name used for Macintosh personal computers developed and manufactured by Apple Inc. that use Intel x86 processors, rather than the PowerPC and Motorola 68000 ("68k") series processors used in their predecessors or the ARM-based Apple silicon SoCs used in their successors. With the change in architecture, a change in firmware became necessary; Apple selected the Intel-designed Extensible Firmware Interface (EFI) as its comparable component to the Open Firmware used on its PowerPC architectures, and as the firmware-based replacement for the PC BIOS from Intel. With the change in processor architecture to x86, Macs gained the ability to boot into x86-native operating systems, while Intel VT-x brought near-native virtualization with macOS as the host OS.

The following is a timeline of virtualization development. In computing, virtualization is the use of a computer to simulate another computer. Through virtualization, a host simulates a guest by exposing virtual hardware devices, which may be done through software or by allowing access to a physical device connected to the machine.

<span class="mw-page-title-main">VMware ESXi</span> Enterprise-class, type-1 hypervisor for deploying and serving virtual computers

VMware ESXi is an enterprise-class, type-1 hypervisor developed by VMware for deploying and serving virtual computers. As a type-1 hypervisor, ESXi is not a software application that is installed on an operating system (OS); instead, it includes and integrates vital OS components, such as a kernel.

<span class="mw-page-title-main">Hyper-V</span> Native hypervisor by Microsoft

Microsoft Hyper-V, codenamed Viridian, and briefly known before its release as Windows Server Virtualization, is a native hypervisor; it can create virtual machines on x86-64 systems running Windows. Starting with Windows 8, Hyper-V superseded Windows Virtual PC as the hardware virtualization component of the client editions of Windows NT. A server computer running Hyper-V can be configured to expose individual virtual machines to one or more networks. Hyper-V was first released with Windows Server 2008, and has been available without additional charge since Windows Server 2012 and Windows 8. A standalone Windows Hyper-V Server is free, but has a command-line interface only. The last version of free Hyper-V Server is Hyper-V Server 2019, which is based on Windows Server 2019.

In Unix-like operating systems, a device file or special file is an interface to a device driver that appears in a file system as if it were an ordinary file. There are also special files in DOS, OS/2, and Windows. These special files allow an application program to interact with a device by using its device driver via standard input/output system calls. Using standard system calls simplifies many programming tasks, and leads to consistent user-space I/O mechanisms regardless of device features and functions.

<span class="mw-page-title-main">Kernel (operating system)</span> Core of a computer operating system

The kernel is a computer program at the core of a computer's operating system and generally has complete control over everything in the system. It is the portion of the operating system code that is always resident in memory and facilitates interactions between hardware and software components. A full kernel controls all hardware resources via device drivers, arbitrates conflicts between processes concerning such resources, and optimizes the utilization of common resources e.g. CPU & cache usage, file systems, and network sockets. On most systems, the kernel is one of the first programs loaded on startup. It handles the rest of startup as well as memory, peripherals, and input/output (I/O) requests from software, translating them into data-processing instructions for the central processing unit.

A DMA attack is a type of side channel attack in computer security, in which an attacker can penetrate a computer or other device, by exploiting the presence of high-speed expansion ports that permit direct memory access (DMA).

<span class="mw-page-title-main">Longene</span> Linux distribution

Longene is a Linux-based operating system kernel intended to be binary compatible with application software and device drivers made for Microsoft Windows and Linux. As of 1.0-rc2, it consists of a Linux kernel module implementing aspects of the Windows kernel and a modified Wine distribution designed to take advantage of the more native interface. Longene is written in the C programming language and is free and open source software. It is licensed under the terms of the GNU General Public License version 2 (GPLv2).

<span class="mw-page-title-main">Proxmox Virtual Environment</span> Linux distribution for server virtualization

Proxmox Virtual Environment is a hyper-converged infrastructure open-source software. It is a hosted hypervisor that can run operating systems including Linux and Windows on x64 hardware. It is a Debian-based Linux distribution with a modified Ubuntu LTS kernel and allows deployment and management of virtual machines and containers. Proxmox VE includes a web console and command-line tools, and provides a REST API for third-party tools. Two types of virtualization are supported: container-based with LXC, and full virtualization with KVM. It includes a web-based management interface.

Comparison of user features of operating systems refers to a comparison of the general user features of major operating systems in a narrative format. It does not encompass a full exhaustive comparison or description of all technical details of all operating systems. It is a comparison of basic roles and the most prominent features. It also includes the most important features of the operating system's origins, historical development, and role.


  1. 1 2 "What is all device driver?". TechTarget. Archived from the original on 13 February 2021. Retrieved 19 March 2018.
  2. EMC Education Services (2010). Information Storage and Management: Storing, Managing, and Protecting Digital Information. John Wiley & Sons. ISBN   9780470618332. Archived from the original on 2021-02-13. Retrieved 2020-11-10.
  3. Burke, Timothy (1995). Writing device drivers: tutorial and reference. Digital Press. ISBN   9781555581411. Archived from the original on 2021-01-26. Retrieved 2016-08-05.
  4. "MAKEDEV — Linux Command — Unix Command". 2009-09-11. Archived from the original on 2009-04-30. Retrieved 2009-09-17.
  5. "User-mode vs. Kernel-mode Drivers". Microsoft. 2003-03-01. Archived from the original on 2008-03-09. Retrieved 2008-03-04.
  6. "Introduction to the User-Mode Driver Framework (UMDF)". Microsoft. 2006-10-10. Archived from the original on 2010-01-07. Retrieved 2008-03-04.
  7. Deborah Morley (2009). Understanding Computers 2009: Today and Tomorrow. Cengage Learning. ISBN   9780324830132. Archived from the original on 2021-06-09. Retrieved 2020-11-10.
  8. Computer Peripherals and Interfaces. Technical Publications Pune. January 2008. pp. 5–8. ISBN   978-8184314748 . Retrieved 2016-05-03.[ permanent dead link ]
  9. "What are Device Drivers and why do we need them?". April 17, 2015. Archived from the original on November 20, 2016. Retrieved March 19, 2018.
  10. "CCISS". SourceForge . 2010. Archived from the original on 2010-08-21. Retrieved 2010-08-11. Drivers for the HP (previously Compaq) Smart Array controllers which provide hardware RAID capability.
  11. Russell, Steve; et al. (2003-10-21). Abbreviations and acronyms. Server Consolidation with the IBM eserver xSeries 440 and VMware ESX Serve. IBM International Technical Support Organization. p. 207. ISBN   0-7384-2684-9 . Retrieved 2011-08-14.[ permanent dead link ]
  12. "US Patent 5969841 - Gigabaud link module with received power detect signal". PatentStorm LLC. Archived from the original on 2011-06-12. Retrieved 2009-09-08. An improved Gigabaud Link Module (GLM) is provided for performing bi-directional data transfers between a host device and a serial transfer medium.
  13. "Unified Audio Model (Windows CE 5.0)". Archived from the original on 2017-06-22. Retrieved 2016-09-19.
  14. Dell US. "What are DCH drivers and why do you need to know about them? | Dell US". Retrieved 2020-10-29.
  15. "dxd - dynax driver framework: Main Page". Archived from the original on 2016-05-29. Retrieved 2016-09-19.
  16. Talebi, Seyed Mohammadjavad Seyed; Tavakoli, Hamid; Zhang, Hang; Zhang, Zheng; Sani, Ardalan Amiri; Qian, Zhiyun (2018). Charm: Facilitating Dynamic Analysis of Device Drivers of Mobile Systems. pp. 291–307. ISBN   9781939133045. Archived from the original on 5 November 2022. Retrieved 5 November 2022.
  17. Goodin, Dan (14 October 2022). "How a Microsoft blunder opened millions of PCs to potent malware attacks". Ars Technica . Archived from the original on 8 November 2022. Retrieved 8 November 2022.
  18. Pan, Jianfeng; Yan, Guanglu; Fan, Xiaocao (2017). Digtool: A {Virtualization-Based} Framework for Detecting Kernel Vulnerabilities. pp. 149–165. ISBN   9781931971409 . Retrieved 5 November 2022.
  19. King, Bertel (18 June 2022). "Closed Source vs. Open Source Hardware Drivers: Why It Matters". MUO. Archived from the original on 5 November 2022. Retrieved 5 November 2022.
  20. Branscombe, Mary (7 April 2022). "How Microsoft blocks vulnerable and malicious drivers in Defender, third-party security tools and in Windows 11". TechRepublic. Archived from the original on 5 November 2022. Retrieved 5 November 2022.
  21. Goodin, Dan (5 October 2022). "No fix in sight for mile-wide loophole plaguing a key Windows defense for years". Ars Technica. Archived from the original on 5 November 2022. Retrieved 5 November 2022.
  22. Davenport, Corbin. ""Bring Your Own Vulnerable Driver" Attacks Are Breaking Windows". How-To Geek. Archived from the original on 5 November 2022. Retrieved 5 November 2022.
  23. "Windows 10 Security Alert: Vulnerabilities Found in Over 40 Drivers". BleepingComputer. Archived from the original on 5 November 2022. Retrieved 5 November 2022.
  24. Goodin, Dan (13 July 2022). "Vulnerabilities that could allow undectable infections affect 70 Lenovo laptop models". Ars Technica. Archived from the original on 5 November 2022. Retrieved 5 November 2022.
  25. Ridley, Jacob (9 February 2022). "You're going to want to update your Wi-Fi and Bluetooth drivers today". PC Gamer. Archived from the original on 5 November 2022. Retrieved 5 November 2022.
  26. "Wireless 'BlueBorne' Attacks Target Billions of Bluetooth Devices". Archived from the original on 5 November 2022. Retrieved 5 November 2022.
  27. Spadafora, Anthony (12 January 2022). "Installing gaming drivers might leave your PC vulnerable to cyberattacks". TechRadar. Archived from the original on 5 November 2022. Retrieved 5 November 2022.
  28. "HP patches vulnerable driver lurking in printers for 16 years". ZDNET. Archived from the original on 5 November 2022. Retrieved 5 November 2022.
  29. "Fine-grained kernel isolation". Archived from the original on 15 September 2022. Retrieved 15 September 2022.
  30. Fetzer, Mary. "Automatic device driver isolation protects against bugs in operating systems". Pennsylvania State University via Archived from the original on 15 September 2022. Retrieved 15 September 2022.
  31. Huang, Yongzhe; Narayanan, Vikram; Detweiler, David; Huang, Kaiming; Tan, Gang; Jaeger, Trent; Burtsev, Anton (2022). "KSplit: Automating Device Driver Isolation" (PDF). Archived (PDF) from the original on 15 September 2022. Retrieved 15 September 2022.
  32. Wulf 1974 pp.337–345
  33. Denning 1976
  34. Swift 2005, p.29 quote: "isolation, resource control, decision verification (checking), and error recovery."