Dump Miniport Driver

A miniport driver manages a piece of hardware, implementing whatever custom/proprietary protocol is necessary to program the device to make it operate.  The miniport works closely with a complementary (but distinctly separate) operating system port driver to interface the device with higher level drivers.  The interface between the miniport driver and the port driver is typically a well-defined interface documented on MSDN, however, this is not always the case (as is evident with the crash dump interface/contract between port and miniports in a storage driver stack).  A typical Windows system has various vendor miniport drivers installed on the system to manage and operate hardware devices such as network cards, video cards, peripherals, and storage devices, and the operating system ships with port drivers to complement each broad category of technology.

As discussed in I/O paths, the dump miniport driver is an exact copy of the normal I/O path’s miniport driver.  That is, crashdmp.sys loads the miniport driver into memory and names the image “dump_<miniport_driver_name>.sys”.  For example, VMWare’s miniport will be named “dump_vmscsi” and LSI’s Serial Attached SCSI (SAS) miniport will be named “dump_LSI_SAS”.

Once loaded into memory, the miniport does nothing until crash/hiber time, when post-initialization occurs and the driver’s DriverEntry routine is invoked.  As documented on MSDN1 (gasp), the miniport drivers are pre-programmed to handle crash mode by checking for two NULL arguments to their DriverEntry routine or by parsing a “dump=1” argument to their FindAdapter callback (which is invoked by the port driver when it is attempting to enumerate or locate an adapter).  When the dump miniport detects it is operating in dump/crash mode, it must follow the restrictions outlined by Microsoft.  In reality, the dump miniport continues to service I/O requests just like its copy in the normal I/O path (which is disabled during crash mode), except the I/O is synchronous and only from the kernel (or perhaps from another driver, if it uses one of the techniques outlined on this website!).

1  http://msdn.microsoft.com/en-us/library/windows/hardware/ff564084(v=vs.85).aspx

%d bloggers like this: