The Course
This course provides a comprehensive, hands-on deep dive into Windows driver development, covering both legacy and Plug and Play (PnP) models. It starts from setting up a Windows VM and building a basic driver, then progresses through core driver concepts like DRIVER_OBJECT, device creation, dispatch routines, and IRP handling.
You’ll gain practical experience with advanced topics including I/O methods, synchronization mechanisms (spinlocks, mutexes, semaphores), interrupt handling, DPCs, work items, and cancel-safe queues. The course also explores PnP architecture in depth—covering AddDevice, PnP IRPs, resource management, device notifications, and driver installation using tools like DevCon and PnPUtil.
By the end, you’ll be equipped to build, manage, and debug real-world Windows drivers with strong fundamentals in kernel-level programming and system internals.
What you will learn
I started this course by breaking down complex Windows kernel and Plug and Play concepts into bite-size, real-world lessons you can practice right away. As a starter, you’ll build confidence step by step—from setting up your tools to writing your first device driver—without getting lost in jargon or outdated detours. I carefully crafted each module with curated labs, annotated code, and guided projects so every new topic connects cleanly to the last. It’s intentionally well organized with a clear roadmap, checkpoints, and troubleshooting tips so you always know what to do next. By the end, you’ll understand what’s happening under the hood and have a small portfolio of working components you can tinker with and extend.
About Us
PointerSec offers affordable cybersecurity courses and certifications. We also provide free cybersecurity education through our youtube channel "Tech69" which contains 700+ videos on most of offensive security topics.
We focus mainly on Offensive Security topics like Pentesting, Red Teaming, Malware Development, Reverse engineering, etc.
Curriculum
- ReadFile Buffered IO (29:06)
- WriteFile Buffered IO (8:45)
- DeviceIoControl and IOCTL codes Buffered IO (18:16)
- ReadFile DIRECT IO (12:54)
- WriteFile DIRECT IO (3:19)
- DeviceControl METHOD_OUT_DIRECT (11:47)
- DeviceControl METHOD_IN_DIRECT (9:15)
- ReadFile METHOD_NEITHER (11:22)
- WriteFile METHOD_NEITHER (3:40)
- DeviceControl METHOD_NEITHER (9:25)
- Building Synchronous IRP with IoBuildSynchronousFsdRequest (18:15)
- Synchronous IoBuildDeviceIoControlRequest (13:45)
- Dynamic memory allocation with ExAllocatePool2 (6:12)
- Completion Routines (30:41)
- Creating Asynchronous IRP (36:28)
- Creating Asynchronous IOCTL IRP (4:19)
- Creating IRP with IoAllocateIrp DO_BUFFERED_IO (29:47)
- Creating IRP with IoAllocateIrp DO_DIRECT_IO (22:34)
- AddDevice() (14:23)
- Plug n Play Theory (7:25)
- Handling IRP_MN_START_DEVICE (19:45)
- Handling IRP_MN_STOP_DEVICE (2:32)
- Handling IRP_MN_QUERY_STOP_DEVICE (4:13)
- PnP Workitem (9:30)
- Handling IRP_MN_REMOVE_DEVICE (7:30)
- Optimizing workitem (30:03)
- Installing PnP Driver (9:44)
- Usermode Async IOCTL (38:27)
- Handling other pnp irps (1:46)
- Auto updating pnp driver (9:50)
- Installing driver using pnputil (4:19)
- CSQ in PnP drivers (12:58)
- Remove Locks (21:04)
- Enumerating raw translated resources (25:30)
- Handling IRP_MN_FILTER_RESOURCE_REQUIREMENTS (19:39)
- Handling IRP_MN_DEVICE_USAGE_NOTIFICATION (12:27)
- DO_POWER_PAGABLE (3:45)
Code Snippets
Course provides the code snippets for all the drivers.
OneNote Diagrams
Get access to high quality one note diagrams in pdf format.