Hardware&Projects&Uncategorized13 Sep 2015 05:00 pm

So, you’d like to write a Windows kernel mode driver? No? Well, run along then.

Curious though? Then read on.

I’ve always loved system programming – for some reason the interface to hardware is just so much more exciting and appealing than pure software API interfaces. You have a complex machine at your disposal, which can only be directed by an arcane sequence of carefully executed reads and writes to its control bits. Of course some hardware can be really exciting and fun to use (e.g. Nintendo Gameboy Advance was an excellent platform), and other interfaces can be pretty grueling and boring (My least favorite so far is the I2C hardware on the NXP LPC1342), but it’s always a great feeling to write a bunch of commands and have the hardware smoothly execute the complex maneuver you have prepared. Most of my experience in system programming has been on embedded platforms, microcontrollers, game consoles. The hardware in modern PCs is actually surprisingly similar, though because of the architecture differences, devices use DMA more often for efficient access.

It’s actually really simple to get going with a new driver on Windows – not that the system is simple, Windows drivers are very complex – they can run on multiple versions of the Windows kernel and are required to participate in some level of the system’s power management system, so there’s a lot of arcane details at play – However, there are various driver frameworks which handle all of these details for you, allowing you to focus on just the functionality you care about.

In this multi-part series I’m going to walk through the process of building a new driver (using WDF/KMDF), getting it to load on hardware (a PCI Express device), and receiving usermode requests and programming the hardware to do something. Eventually I’ll repeat this with some other frameworks (I have NDIS and Storport in mind)
This isn’t hard, but it is obscure and a bit arcane so it’s not a path that I believe is visible to new driver developers. The documentation is pretty thorough but the massive breadth of detail in Windows kernel driver development can be daunting for a newcomer.

Note also that I don’t intend to showcase all the pitfalls of driver development here, but I’ll mention some of them as they’re relevant.

One final side detail is that I’m currently employed by Microsoft. To be clear, though, this series is the product of my own time using publicly available information which I’ll try to link extensively. I’m fortunate to have had a lot of opportunities to learn these details in my work and I’m eager to make it easier for others to get started. There’s a daunting amount of information available, often written with the assumption that you’re familiar with the space (which you soon will be, given a few early steps into driver development)

So, without further delay, this is Part 1: Building and loading a driver.

Circuit Design&Electronics&Hardware&LogicAnalyzer&Projects31 May 2014 01:23 pm

I’m making a concerted effort again to post more often, we’ll see how it goes this time…

First a few quick notes about a few other things I’m working on that will probably see posts in coming weeks:

  • I’m nearly done building a Kossel Mini 3D printer. Related, not too long ago I worked with a friend of mine on a simple board to monitor force-sensitive resistors for bed leveling calibration, see his writeup here.
  • Caught the bug to build a 2-wheeled balancing robot; I’ve seen too many of these again lately… Only this time I have an electronics platform that can be easily repurposed for this project.


So, exciting times! The Logic Analyzer boards came back from OSHPark all pretty in purple as usual. It’s been a while since I did any serious PCB assembly but I still seem to be pretty good at it :)

Logic Analyzer rev1 PCBs

Freshly Baked LogicAnalyzers

This weekend, among other things I’ll be getting started on blinking some LEDs and making sure these boards work the way they should. More on this (and the other reflowed project pictured) later!

Electronics&Hardware&Projects17 May 2014 12:21 am

… At least not nearly quickly enough.

So, I have been pretty busy since my last post, but I don’t really have a whole lot to show for it.
The quadrotor project I talked about last has mostly been shelved for now, pending some other work investigating motor control in general (I’m mainly interested in stepper motors, but brushless motors are very similar), and all of that has been behind some other work, not all of which I’m ready to talk about yet. Relatively soon, though.

One other project that’s very important to me which saw some big progress recently is a Logic Analyzer project. The first big milestone has just been hit - I completed the circuit board design last weekend.
This project is intended to be like a swiss army knife, a multitool of digital electronics development and reverse engineering; Fundamentally it’s a high speed USB link to an FPGA controlled from a PC. The top things I want from it are:

  1. Logic analyzer type functionality
  2. Useful building blocks for in-system programming and testing; JTAG, SPI, etc, so I can wire it up to my stuff and program in a uniform way. Also without losing the logic analyzer functionality.
  3. Useful building blocks for reverse engineering; Being able to dump various kinds of flash, usable for characterizing systems, detecting jtag/etc ports.
  4. Platform to build more complex devices on; I can reuse the stack to make other more specialized USB connected devices quickly.

It’s a wildly ambitious project, and I’m building it mainly for myself with the things I want; however I’m making the design open if anyone else wants to follow along or try it out (or improve it!). Check it out if it sounds interesting at: – It will surely evolve over time, hopefully into something useful.
Once the PCBs come back for the logic analyzer and as I get further with the software/firmware I’ll be posting pictures and more details about how it goes. It should be a pretty fun project.

I did finally get tired of not having a 3D printer up and running (my electronics solution will still take some investigation time, and it still isn’t a top priority); and after the frustration of receiving an .. ehm … “mechanically challenged” 3D printer from a kickstarter project, I finally bought a printrbot simple v2, which has been working rather well, even more so with some upgrades like a heated bed. It’s really pretty amazing to be able to design a part and then iterate on the design several times over an afternoon to produce something that works well quickly. I still see a lot of problems I want to fix in the 3D printer space though, and will try to fix them. eventually…

There are some more things in the pipeline too, but I shouldn’t say too much or I’ll run out of things to post about again ;)


Electronics&Hardware&PCB Layout&Projects19 Oct 2013 12:15 pm

This isn’t exactly what I had in mind with my last post (there’s another project coming up after this one), but it’ll do for now :)

I had an idea for a simple mechanical design for a quadrotor, and since I was already pretty interested in building one, that prompted me to go work on the design for it. Like with many things I do, I like to build the full stack in projects like these – so I’ve designed my own electronics for it as a first step. Some of the PCBs have come back from fabrication so I expect to make more progress with this pretty soon.

Some pictures from the PCB designs:



The three boards above are a speed controller to drive the motors, the main PCB that will collect sensor data and do control, and a plug-in module for the main PCB which has wireless (via Nordic RF chipset) and a flash chip for archiving sensor data / other general use.

For now, I’m just writing initial firmware and testing that things work, but once I confirm the design is viable I’m planning to release the design files for it.

Another interesting feature of this project is that I screen-recorded the PCB design process – I’m planning to edit the videos into timelapses and add some commentary on the thought process behind the design. I’ll post about these also once they’re released.

Electronics&Projects&Uncategorized17 Sep 2013 08:58 am

Well! It’s been another year since I posted anything; not the first time I suppose.
I’ve come up with an idea for something I want to do though, which will result in a lot of blog posts in about a month or so. I don’t want to say too much about what it is yet, but keep an eye out for it :)

Electronics&Hardware&Projects26 Aug 2012 07:11 pm

I am really bad at keeping to a schedule with this blog :)

It was going so well, with the 3D Printer posts, all good posts and not too far apart, and then… nothing.

I did continue to work on the 3D printer a bit past that, and will resume those posts again, probably once I have everything working – it’s still waiting for some software development which I have been stalling on / doing other things.

So, what has been taking my time? Let’s see…


Reflowed: nRF_stick, chopper1, nRF_sensor1

First I messed around with some Nordic RF chip stuff (I’ve built some infrastructure, but these projects are still ongoing)



I built some PCBs for an RGB POV spinning top, which still hasn’t been fully assembled or programmed…


Reflowed: psplcd

I designed a board to control the PSP LCD, and finished its software (it works!) – I normally do everything but a friend of mine did the PCB layout on this board.


GBCart: Nintendo logo

And most recently I’ve been working on a gameboy cartridge. Not much to say about this one yet, but will be fun when there is :)


And of course a few other things along the way; my Flickr Stream has more, and is usually the first place new stuff shows up.

Feel free to ping me with any questions or comments! I’ll try to post a bit more regularly.

Circuit Design&CNC Controller&Electronics&Hardware&PCB Layout&Projects04 Feb 2012 10:58 am

Armed with a blinking LED program, I set to work attempting to flesh out the rest of the software for the CNC board. I built and tested a nested vectored interrupt handler, and started trying to port my USB stack from another chip that has very similar USB hardware. As time went on though, the outlook became a bit bleak; A number of things did not appear to be working as intended on this chip, and the manufacturer’s example code included bizzare comments and workarounds for some pretty impactful bugs that weren’t otherwise documented. Not confident that I would be able to make this chip work the way that I wanted, and being less than thrilled with the ease of assembly and some of the design of the CNC Rev1 board, I decided to make a new CNC board.

My design goals would be:

  • Ensure the design will work, by using chips I’m familiar with & already have code working on.
  • Reduce complexity by only having one motor driving voltage, but still allow that voltage to be changed.
  • Reduce the part count per motor, by consolidating components into fewer packages and taking a different design path driving the motors.


CNC Controller&Electronics&Hardware&Projects31 Jan 2012 12:31 am

As I mentioned earlier, JTAG is a pretty simple protocol. For the ucHelper I’ve designed a command-oriented serial protocol that allows me to perform various JTAG and UART operations. After some initial trouble with physical connections on the CNC board, it was possible to enumerate the JTAG chain! In order to be sure JTAG was really working as intended, I took a short detour and wrote an SVF player, and was able to program some existing Xilinx FPGA boards from SVF files (like serialeth).

The ARM Chip I was using on the CNC board (NXP LPC2927) has two JTAG chains – one of them is a boundary scan / flash (and who knows what else) chain, and the other is for the ARM9 standard debug interface. I only really wanted to program the flash, so I started out with the flash chain – There was some documentation for the JTAG flash interface of a previous chip in the series so I was hopeful this one would be similar.

Unfortunately it was not meant to be. The enable bits / initial handshake sequence for the flash controller on this chip seems to be entirely different than the earlier one, sometime I may go back and find the right bits to make that work, but I shifted my focus to using the ARM debug interface. The first thing I noticed, is that it didn’t work :) As it turns out (after connecting the layers of deep indirection in the documentation), you must have a crystal in a specific range of frequencies for it to work; After fixing that though, I began to make progress on that front. the ARM debug interface for this chip is relatively well documented in the ARM9 documentation on ARM’s site. Documentation always seems to leave something to be desired, but this was at least relatively unambiguous – and worked!

Effectively, the ARM9 chips (also most other ARM chips), for a debug interface, simply intercept the processor’s instruction and data busses, and allow you to single step the processor. So you can perform operations by injecting the instruction you wish to execute, and single stepping. You can write a register to an arbitrary memory location, which causes it to be intercepted on the data bus (afterwards you can read the data bus) – Similarly you can read from memory and it will end up reading the value you insert onto the data bus into a register. It’s a rather minimal and effective debugging interface, it doesn’t consume much in the way of hardware resources, though the software to do anything useful with it has to be a bit complicated as a result.

Since the single step operations capture the data bus, it’s not possible to directly modify or read system memory through them, but there is another special provision for doing this, for executing individual instructions synchronized with the normal CPU clock that can interact with memory. So, I wrote a handful of wrappers that would allow me to manipulate the CPU’s registers and read from / write to memory, and around that built a small program that wrote the flash using the system’s internal flash controller.

With that literal pile of work behind me, I set off building software for the ARM chip itself. A short amount of time later, I had a blinking LED (Because this is naturally the most important thing to do with /any/ piece of hardware)


(Not visible: LEDs blinking)

(Continuity note: Note that the above board is not the same one as the board shown in part 1! At some point in messing with the JTAG chains I became sufficiently frustrated with the quality of connections on the first board, which had been reworked a few too many times perhaps, that I built a second board and took special care in making sure the JTAG chains and other important connections were in good shape. It’s a bit less than fully populated because… placing some 400-500 components is HARD!)

(More to come in part 4…)

CNC Controller&Electronics&Hardware&Projects28 Jan 2012 03:33 pm

Around the middle of December I decided it was finally time to make this project actually work.

I took the one CNC board I had assembled, such a long time back, and subjected it to an initial smoke test (connecting the power, that is). There was smoke. Not discouraged by the loss of a chip or two, I took a further look. I found that the assembly of the first board had hit a number of major snags; The board was 2oz copper in order to be capable of routing large current loads to the motors – but the groundplane was exceptionally difficult to solder to, even though the pads have thermals. I found that one of the chips broke because a resistor intended to keep an “enable” signal low was not connected to the groundplane, and the other one, a FPGA, was installed backwards (these FPGAs have two circles on the top which could indicate pin 1; Unfortunately the wrong one was chosen and I didn’t check.)

Undeterred, I pressed forwards with getting this board to work. I replaced the FPGA and rotated the other one, doublechecked a lot of signals (there were still some components on the back side of the board that were not properly connected to ground). All the poor connections were on the back side of the board, the top side had been reflowed and the connections seemed uniformly good there.

After those fixes and some cleanup, ran the smoke test again – The board powered up without smoke! A first small victory down this path – But many more things remained.

So, let me tell you about JTAG. I made a post on jtag a long time ago, when I was first starting to mess with it; but for this project I decided to build my own JTAG tools to program the chips involved & for other nefarious purposes.

I have made a few starts  towards my own jtag stack over time, first was an AVR-based board intended to program all manner of things – This project ultimately stagnated as the jtag level shifting interfered with actually programming the AVR chip itself. Despite a fix, building out the stack was a big project and never was completed.

While I was designing the CNC board though, I had the idea for a more specific debugging helper tool geared for it, and not too long after designing the CNC board, I did build such a device based on a chip I had come to know and love (and built a USB stack for…) – this was the ucHelper, PCBs shown below.


ucHelper is really just a minimal JTAG and serial interface board – Being exactly what I needed for programming and debugging here though, I got started on writing the code for it.

(more in part 3)


CNC Controller&Electronics&Projects27 Jan 2012 02:29 am

It’s been just over a year since I decided to seriously pursue building my own 3D printer, and while it has been taking a back seat to a lot of other projects I’ve been doing, it’s looking like it will finally come together in the next few weeks!

The CNC Controller in the last two posts was my first big move towards realizing the idea; Being  a stubborn sort, I’ve wanted to build the entire thing entirely myself – Historically this has been both a good and a bad decision; I like owning the entire stack in a project, but it comes at a price – Actually building and completing the project takes a lot longer. The upside is I get a lot of experience from such projects, and learn a lot about a wide variety of things – this is ultimately the reason I do it so much.

I did finally concede to use an existing 3D Printer hardware design, and near the end of last year built a Prusa Mendel from a kit of printed parts & hardware (pic below)


However I am still quite determined to own the electronics. Around the very end of 2011 I finally decided to put the effort into making this project happen, and started to bring up the CNC board I had designed.

(More in part 2)

Next Page »