Coding Secure Drivers
In the next few pages, I'll cover some common coding problems I've encountered that might lead to security issues within drivers. If you're not a developer writing your own drivers, you'll want to skip to the section "Driver Signing."
There is some excellent documentation in the DDK concerning common coding errors. I highly recommend that you carefully look this over if you are a driver developer.
Checking Your Buffer Lengths
By far, the most common driver issues concern missing buffer length checks. Missing length checks can lead to famous (and deadly) buffer overruns and/or information leakage. Both are very serious security concerns—when writing anything (especially drivers and services), make sure you check all ...