Difference between .drv and .sys ???
-
Hey Everybody What is the difference (if there is one) between a .DRV driver (like winspool.drv) and other drivers with .sys extension? Thank you!
-
Hey Everybody What is the difference (if there is one) between a .DRV driver (like winspool.drv) and other drivers with .sys extension? Thank you!
Hi, Technically there are not many differences because its a portable executable[^] just like other types of windows-loadable object code. If your wondering why it has the 'DRV' extension it is because it is a usermode driver. In other words if you check the subsystem member of the IMAGE_OPTIONAL_HEADER in the PE file...most DRV files will have WINDOWS_GUI==2 while most drivers with a SYS extension will have NATIVE==1. But there is nothing stopping a wisecrack software engineer from naming his dynamic-link library with a .WTF extention. In other words... the extensions do not really mean much at all. Best Wishes, -David Delaune
-
Hi, Technically there are not many differences because its a portable executable[^] just like other types of windows-loadable object code. If your wondering why it has the 'DRV' extension it is because it is a usermode driver. In other words if you check the subsystem member of the IMAGE_OPTIONAL_HEADER in the PE file...most DRV files will have WINDOWS_GUI==2 while most drivers with a SYS extension will have NATIVE==1. But there is nothing stopping a wisecrack software engineer from naming his dynamic-link library with a .WTF extention. In other words... the extensions do not really mean much at all. Best Wishes, -David Delaune
Thanks, it explains many things! :-)
-
Hey Everybody What is the difference (if there is one) between a .DRV driver (like winspool.drv) and other drivers with .sys extension? Thank you!
Yeah, as Randor says, a sys is subsystem native. Its also got to have a check sum, and its entry point is Driverentry. Conecptually a (sys file) driver has no main function. After loading its driventry can be paged out, its no longer needed. All it does during initialisation os to register funcitons with the OS to handle various events. So it might create and register an objetc that user mode can access (dos device name, such as 'COM1'). It might register an interrupt handler as well for example. A drivers job is to 'bridge' parts of the OS, and is totally under the OSs control. A driver can also not create any GUI components. And, a driver is also about 100 times more complex than the worst application to write. For example, you cant touch paged out code or data when running at elevated levels (think during interrupt processing, althouhg there are more common other high levels not related to interrups).
Morality is indistinguishable from social proscription