That things go wrong with kernel-mode drivers is hardly news. That fixing them, or at least mitigating the problem, can sometimes be done on-the-fly shouldn’t be any surprise, either. Microsoft’s operating systems have varied their behaviour to accommodate defects in pre-existing software, even to go as far as identifying specific code sequences to patch at run-time, since at least MS-DOS 5.0. The modern Windows has long formalised this practice into an Application Compatibility database of all sorts of shims to apply when running particular applications. Microsoft even distributes, as a free download, an Application Compatibility Toolkit, now rebadged as the Windows Assessment and Deployment Kit (ADK), that opens the shim database to more or less easy inspection through a GUI and even allows for creating custom databases.
Shims for drivers, though, are relatively recent. Among the standard Shim Database (SDB) files, the one that is specialised for drivers, named DRVMAIN.SDB, is as old a provision as the database for applications, but only for listing drivers that are blocked from being loaded. Starting with Windows 8, new values are defined for the TAG, such that DRVMAIN.SDB now also lists both the shims that can be applied to drivers and the drivers that those shims are to be applied to.
Here, basename is the name of the driver as a loaded module. For most drivers this is the filename, including any file extension such as “.sys”, of the driver relative to whatever directory it is loaded from. In the multi-string data, for which the kernel allows 0x0800 bytes, each string names one shim. Tech support scams are an industry-wide issue where scammers trick you into paying for unnecessary technical support services. You can help protect yourself from scammers by verifying that the contact is a Microsoft Agent or Microsoft Employee and that the phone number is an official Microsoft global customer service number.
Applicable Shims
The shims to apply to a driver are determined as the driver gets loaded. They can have been configured in either the registry or the database.
Registry
The registry value for applying shims to a driver is:
Key: | HKEY_LOCAL_MACHINESystemCurrentControlSetControlCompatibilityDriverbasename |
Value: | Shims |
Type: | REG_MULTI_SZ |
Here, basename is the name of the driver as a loaded module. For most drivers this is the filename, including any file extension such as “.sys”, of the driver relative to whatever directory it is loaded from. In the multi-string data, for which the kernel allows 0x0800 bytes, each string names one shim.
Database
The list of named shims to apply to a driver can instead be given in the driver database as TAG_KSHIM_REF (0x7026) tags as children of a TAG_KDRIVER (0x701C) that represents the driver in question as a child of the TAG_DATABASE (0x7001).
The very complex data that can be the other child tags of a TAG_KDRIVER allow for specifying a driver not just by name, as does the registry, but also for matching it against criteria that range from file size and version numbers to the processor family and model. The sophistication of this matching goes far beyond what can sensibly be described here but also what does yet get used. Notably, the TAG_KDRIVER tags in the DRVMAIN.SDB files from the installation discs for 32-bit and 64-bit Windows 10 make no more use of the matching criteria than to name the driver as a file and specify the applicable product versions (as recorded in the file’s version resource):
The data for the TAG_KSHIM_REF is its own list of tags. The kernel anticipates TAG_FIX_ID (0x9001), TAG_NAME (0x6001), TAG_MODULE (0x6003), TAG_FLAGS (0x4017) and TAG_COMMAND_LINE (0x6008), but it seems that only TAG_NAME matters. The TAG_NAME data, of course, names the shim.
Installed Shims
Drivers Wisair Others Help
Whether the names of the applicable shims for a driver are found in the registry or the database, they are meaningless on their own. Each must be resolved in the database to obtain a GUID and other properties. To be valid, a shim must be described in the database by a TAG_KSHIM (0x7025) as a child of the TAG_DATABASE.
Drivers Wisair Others Crossword Clue
The data for the TAG_KSHIM is its own list of child tags. The meaningful ones are:
- TAG_NAME (0x6001) which is the name to match;
- TAG_FIX_ID (0x9010) which is the corresponding GUID;
- TAG_MODULE (0x6003) which typically names the corresponding shim provider;
- and TAG_FLAGS (0x4017) which can supply bit flags for configuration.
In the XML from which Microsoft compiles SDB files, the TAG_KSHIM tags in the SDB file are <KSHIM> tags as children of a <LIBRARY> tag, itself a child of the <DATABASE> tag. Within each such <KSHIM> tag, attributes convert to the child tags of the SDB file’s TAG_KSHIM as follows:
XML | SDB |
---|---|
NAME='name' | TAG_NAME has name as string data |
ID='guid' | TAG_FIX_ID has guid, converted from string, as binary data |
LOGO='boolean' | TAG_FLAGS has 0x00000001 set or clear in dword data according to whether boolean is YES or NO |
ONDEMAND='boolean' | TAG_FLAGS has 0x00000002 set or clear in dword data according to whether boolean is YES or NO |
FILE='module' | TAG_MODULE has module as string data |
The following XML extract shows the driver shims that are thus installed via the DRVMAIN.SDB file on the installation discs for Windows 10:
For showing the development over successive versions, a table is perhaps clearer:
Name | GUID | Flags | Provider | Applicable Versions |
---|---|---|---|---|
autofail | {407D63CE-419D-4550-B54A-4F1C1B5BDD9F} | 0x00000002 | autofail | 6.2 and higher |
DeviceIdShim | {0332EC62-865A-4A39-B48F-CDA6E855F423} | 0x00000000 | storport | 10.0 and higher |
driverscope | {BC04AB45-EA7E-4A11-A7BB-977615F4CAAE} | 0x00000000 | NT kernel component | 6.2 and higher |
kmautofail | {8ED4D238-F82D-433E-BC60-6117BC32EDCD} | 0x00000002 | kmautofail | 6.2 and higher |
KmWin7VersionLie | {3E28B2D1-E633-408C-8E9B-2AFA6F47FCCB} | 0x00000000 | NT kernel component | 6.2 and higher |
KmWin81VersionLie | {21C4FB58-F477-4839-A7EA-AD6918FBC518} | 0x00000000 | NT kernel component | 10.0 and higher |
KmWin8VersionLie | {47712F55-BD93-43FC-9248-B9A83710066E} | 0x00000000 | NT kernel component | 6.3 and higher |
NdisGetVersion640Shim | {49691313-1362-4E75-8C2A-2DD72928EBA5} | 0x00000000 | ndis | 10.0 and higher |
SkipDriverUnload | {3E8C2CA6-34E2-4DE6-8A1E-9692DD3E316B} | 0x00000000 | NT kernel component | 10.0 and higher |
Srbshim | {434ABAFD-08FA-4C3D-A88D-D09A88E2AB17} | 0x00000000 | storport | 6.2 and higher |
usbshim | {FD8FD62E-4D94-4FC7-8A68-BFF7865A706B} | 0x00000000 | usbd | 6.2 and higher |
The several shims whose provider is named as “NT kernel component” are built in to the kernel. For all others, the name is that of the shim provider as registered under the Services key.
This page was created on 12th August 2016 and was last modified on 25th November 2016.
Copyright © 2016. Geoff Chappell. All rights reserved. Conditions apply.
Many people like to use notebooks exclusively because it allows them to take their work on the road if they need to. However, many of these notebook fans want a larger display and keyboard when working in the home or office and use docking stations to allow for easy connection of external gear to their notebooks.
Wisair has announced that four different OEM vendors will be rolling out a new Wireless USB DisplayDock solution for Mac computers in March. The docks will allow Mac users to connect their MacBook computers to external monitors, speakers, keyboard, and a mouse without having to fiddle with any wires.
The system requires no video output connections to the MacBook and handles all the video and other connectivity with only a USB dongle having to be connected to the notebook. The system will work with all Mac platforms and uses 128-bit security to protect transmissions. The system supports video resolution up to 1440 x 1050 and has a wireless range of 30 feet.