Graham recently gave a presentation at 44CON’s community night entitled “GET IN THE RING0″ on the subject of Windows kernel drivers.
His talk covered:
- Same basic concepts as writing usermode apps
- Some additional bits
- Talking between usermode / kernelmode
- Major functions, IRPs, IOCTLs
- Special concepts like IRQLs
- (mostly) officially documented on MSDN!
- (most of) the rest is reverse engineered
You can find the slides here.