Geoff Chappell, Software Analyst
That things go wrong with kernel-mode drivers is hardly news. That fixing them, or at least mitigating the problem, can sometimes be done on-the-fly shouldn’t be any surprise, either. Microsoft’s operating systems have varied their behaviour to accommodate defects in pre-existing software, even to go as far as identifying specific code sequences to patch at run-time, since at least MS-DOS 5.0. The modern Windows has long formalised this practice into an Application Compatibility database of all sorts of shims to apply when running particular applications. Microsoft even distributes, as a free download, an Application Compatibility Toolkit, now rebadged as the Windows Assessment and Deployment Kit (ADK), that opens the shim database to more or less easy inspection through a GUI and even allows for creating custom databases.
Shims for drivers, though, are relatively recent. Among the standard Shim Database (SDB) files, the one that is specialised for drivers, named DRVMAIN.SDB, is as old a provision as the database for applications, but only for listing drivers that are blocked from being loaded. Starting with Windows 8, new values are defined for the TAG, such that DRVMAIN.SDB now also lists both the shims that can be applied to drivers and the drivers that those shims are to be applied to.
The shims to apply to a driver are determined as the driver gets loaded. They can have been configured in either the registry or the database.
The registry value for applying shims to a driver is:
| Key: | HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Compatibility\Driver\basename |
| Value: | Shims |
| Type: | REG_MULTI_SZ |
Here, basename is the name of the driver as a loaded module. For most drivers this is the filename, including any file extension such as “.sys”, of the driver relative to whatever directory it is loaded from. In the multi-string data, for which the kernel allows 0x0800 bytes, each string names one shim.
The list of named shims to apply to a driver can instead be given in the driver database as TAG_KSHIM_REF (0x7026) tags as children of a TAG_KDRIVER (0x701C) that represents the driver in question as a child of the TAG_DATABASE (0x7001).
The very complex data that can be the other child tags of a TAG_KDRIVER allow for specifying a driver not just by name, as does the registry, but also for matching it against criteria that range from file size and version numbers to the processor family and model. The sophistication of this matching goes far beyond what can sensibly be described here but also what does yet get used. Notably, the TAG_KDRIVER tags in the DRVMAIN.SDB files from the installation discs for 32-bit and 64-bit Windows 10 make no more use of the matching criteria than to name the driver as a file and specify the applicable product versions (as recorded in the file’s version resource):
<?xml version="1.0" encoding="UTF-16"?>
<DATABASE NAME="Microsoft Driver Compatibility Database" ID="{F9AB2228-3312-4A73-B6F9-936D70E112EF}">
...
<DRIVER NAME="ACFDCP" VENDOR="Conexant Systems, Inc.">
<KDRIVER NAME="ACFDCP32.sys" ID="{352D0556-1B85-4170-8E23-474B73A3AF0D}" RUNTIME_PLATFORM="X86" UPTO_BIN_PRODUCT_VERSION="1.0.23.0">
<KSHIM NAME="usbshim" COMMAND_LINE="null" />
</KDRIVER>
<KDRIVER NAME="ACFDCP64.sys" ID="{CCEDF5B1-B335-4A7F-9F9B-30A0ADD576F7}" RUNTIME_PLATFORM="AMD64" UPTO_BIN_PRODUCT_VERSION="1.0.23.0">
<KSHIM NAME="usbshim" COMMAND_LINE="null" />
</KDRIVER>
</DRIVER>
<DRIVER NAME="Defragmentation Support Driver" VENDOR="Raxco Software. Inc">
<KDRIVER NAME="DefragFS.sys" ID="{CF73631A-E65A-4C69-BBE5-94D3CE271ED1}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="8.0.0">
<KSHIM NAME="KmWin81VersionLie" />
</KDRIVER>
</DRIVER>
<DRIVER NAME="Franklin U600 Driver" VENDOR="Franklin Wireless Corp.">
<KDRIVER NAME="DIFMBUS.sys" ID="{E9B89614-E29D-4963-BCDE-16F699DD8D0E}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="1.2">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="DIFMCVsp.sys" ID="{68EACE63-BC0D-4C77-A3BA-A181DB5B7B71}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="1.2">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="DIFMMdm.sys" ID="{69FDAC73-3599-4D51-96A9-B92FBB78A7A2}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="1.2">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="DIFMNVsp.sys" ID="{6F8FCCC6-C15D-42E7-A942-48A45347A31B}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="1.2">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="DIFMVsp.sys" ID="{CFD4D651-4C66-4313-A992-2B7BE51F7DEF}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="1.2">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
</DRIVER>
<DRIVER NAME="EDGESER" VENDOR="Digi">
<KDRIVER NAME="edgeser.sys" ID="{023CA1C6-EF77-488E-AE41-DADD765FB837}" RUNTIME_PLATFORM="X86" UPTO_BIN_PRODUCT_VERSION="5.30.2.0">
<KSHIM NAME="usbshim" COMMAND_LINE="null" />
</KDRIVER>
<KDRIVER NAME="edgeser64.sys" ID="{428758BB-BC2A-4773-96D7-D590E1AB5406}" RUNTIME_PLATFORM="AMD64" UPTO_BIN_PRODUCT_VERSION="5.30.2.0">
<KSHIM NAME="usbshim" COMMAND_LINE="null" />
</KDRIVER>
</DRIVER>
<DRIVER NAME="PANTECH UM150 Driver" VENDOR="PANTECH CO.,LTD">
<KDRIVER NAME="PTDMBus.sys" ID="{F9A18D6D-9386-4208-9A4F-856044B2ECFB}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="3.2">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="PTDMMdm.sys" ID="{623E7F33-3337-4DE5-AD16-5313CF785E09}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="3.2">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="PTDMVSP.sys" ID="{D98BBD98-466A-47BF-A817-0FDF2929E688}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="3.2">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="PTDMWWAN.sys" ID="{39F610EA-B8D0-4588-94E6-2963678AF974}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="3.2">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
</DRIVER>
<DRIVER NAME="PANTECH UM175 Driver" VENDOR="PANTECH CO.,LTD">
<KDRIVER NAME="PTDUBus.sys" ID="{7E49A183-B0C7-4EF8-AF6A-ED7E4ED0DC4C}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="3.3">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="PTDUMdm.sys" ID="{55DE89D0-3585-4158-9277-ECF22FFB9B78}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="3.3">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="PTDUVSP.sys" ID="{9EB21DBB-8B05-4A63-BF1F-A787EED9ED96}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="3.3">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="PTDUWWAN.sys" ID="{51D376D1-A99B-4CD1-A738-B032D5F7D2E2}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="3.3">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
</DRIVER>
<DRIVER NAME="PANTECH UML290 Driver" VENDOR="PANTECH CO.,LTD">
<KDRIVER NAME="PTUMLBus.sys" ID="{0E3F664D-E9A6-4FE1-AE59-A77E0EBF4663}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="1.7">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="PTUMLBUS.sys" ID="{DA775BB3-0D43-455C-9095-C37D84E0EC0E}" RUNTIME_PLATFORM="X86,AMD64" FROM_BIN_PRODUCT_VERSION="1.8.0.0" UPTO_BIN_PRODUCT_VERSION="4.11.2.0">
<KSHIM NAME="KMWin8Versionlie" />
</KDRIVER>
<KDRIVER NAME="PTUMLCVSP.sys" ID="{7E3B24F3-2C95-4885-9A7F-CA2023D53848}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="1.7">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="PTUMLCVsp.sys" ID="{2ED8460E-D41A-4F28-B586-8B128B402D26}" RUNTIME_PLATFORM="X86,AMD64" FROM_BIN_PRODUCT_VERSION="1.8.0.0" UPTO_BIN_PRODUCT_VERSION="4.11.2.0">
<KSHIM NAME="KMWin8Versionlie" />
</KDRIVER>
<KDRIVER NAME="PTUMLMdm.sys" ID="{BF8718DA-5910-4EB9-96F1-3408DE1E4D97}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="1.7">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="PTUMLMdm.sys" ID="{1AF0D5BC-DC2D-42DD-8F0E-7AB9178745F8}" RUNTIME_PLATFORM="X86,AMD64" FROM_BIN_PRODUCT_VERSION="1.8.0.0" UPTO_BIN_PRODUCT_VERSION="4.11.2.0">
<KSHIM NAME="KMWin8Versionlie" />
</KDRIVER>
<KDRIVER NAME="PTUMLNVSP.sys" ID="{2D46FCE9-0606-4FA2-8E04-B4D76E56E482}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="1.7">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="PTUMLNVsp.sys" ID="{167B41A7-2005-4D4C-B939-68FFB71781F7}" RUNTIME_PLATFORM="X86,AMD64" FROM_BIN_PRODUCT_VERSION="1.8.0.0" UPTO_BIN_PRODUCT_VERSION="4.11.2.0">
<KSHIM NAME="KMWin8Versionlie" />
</KDRIVER>
<KDRIVER NAME="PTUMLVSP.sys" ID="{9F1AA3EC-6569-4682-AD6C-5865361D0E10}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="1.7">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="PTUMLVsp.sys" ID="{5F72E0BD-3624-4A03-BE5D-7CFD0ED67891}" RUNTIME_PLATFORM="X86,AMD64" FROM_BIN_PRODUCT_VERSION="1.8.0.0" UPTO_BIN_PRODUCT_VERSION="4.11.2.0">
<KSHIM NAME="KMWin8Versionlie" />
</KDRIVER>
</DRIVER>
<DRIVER NAME="PANTECH UMW190 Driver" VENDOR="PANTECH CO.,LTD">
<KDRIVER NAME="PTUMWBus.sys" ID="{31116B57-2FF0-48A0-8E24-575EF06C881C}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="1.2">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="PTUMWCSP.sys" ID="{6F48B4DD-EE6B-407E-91C3-0A4B249DBBA0}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="1.2">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="PTUMWMdm.sys" ID="{DA10809F-40A2-4A90-934E-E0E153409062}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="1.2">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="PTUMWNET.sys" ID="{C7293E5F-DD50-4CE7-BFB7-20A1B8534703}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="1.2">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="PTUMWNSP.sys" ID="{2DAFA6BB-AD10-4B4E-B63E-AE586458DA16}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="1.2">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
<KDRIVER NAME="PTUMWVSP.sys" ID="{1F6DFF41-9C79-4473-85B0-7FE2A992AF27}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="1.2">
<KSHIM NAME="KmWin7VersionLie" />
</KDRIVER>
</DRIVER>
<DRIVER NAME="Qualcomm Wireless Network Device" VENDOR="Qualcomm">
<KDRIVER NAME="qcmbb8960.sys" ID="{0D6E8F4F-11D1-4746-B724-5122B14F2D7A}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="1.0">
<KSHIM NAME="SkipDriverUnload" />
</KDRIVER>
</DRIVER>
<DRIVER NAME="Realtek Wireless Lan" VENDOR="Realtek">
<KDRIVER NAME="RTWLANE.sys" ID="{83F28515-EB88-4949-A58D-AA27F889560B}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="2008.5.423.2013">
<KSHIM NAME="NdisGetVersion640Shim" />
</KDRIVER>
<KDRIVER NAME="RTWLANS.sys" ID="{17DD6C01-7094-4D32-B1ED-A9B7B068DF71}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="3006.0.320.2014">
<KSHIM NAME="NdisGetVersion640Shim" />
</KDRIVER>
<KDRIVER NAME="RTWLANU.sys" ID="{62E1F019-4271-41C3-8A1B-CDA752F4D9E4}" RUNTIME_PLATFORM="X86,AMD64" UPTO_BIN_PRODUCT_VERSION="1026.1.911.2013">
<KSHIM NAME="NdisGetVersion640Shim" />
</KDRIVER>
</DRIVER>
<DRIVER NAME="WSRRCI" VENDOR="Wisair">
<KDRIVER NAME="wsr_rci.sys" ID="{1E61CDCD-D929-4094-B3BD-1772F7459CBE}" RUNTIME_PLATFORM="X86">
<KSHIM NAME="usbshim" COMMAND_LINE="null" />
</KDRIVER>
<KDRIVER NAME="wsr_rci.sys" ID="{D816906A-384D-4AA1-9450-8826948D2192}" RUNTIME_PLATFORM="AMD64">
<KSHIM NAME="usbshim" COMMAND_LINE="null" />
</KDRIVER>
</DRIVER>
...
</DATABASE>
The data for the TAG_KSHIM_REF is its own list of tags. The kernel anticipates TAG_FIX_ID (0x9001), TAG_NAME (0x6001), TAG_MODULE (0x6003), TAG_FLAGS (0x4017) and TAG_COMMAND_LINE (0x6008), but it seems that only TAG_NAME matters. The TAG_NAME data, of course, names the shim.
Whether the names of the applicable shims for a driver are found in the registry or the database, they are meaningless on their own. Each must be resolved in the database to obtain a GUID and other properties. To be valid, a shim must be described in the database by a TAG_KSHIM (0x7025) as a child of the TAG_DATABASE.
The data for the TAG_KSHIM is its own list of child tags. The meaningful ones are:
In the XML from which Microsoft compiles SDB files, the TAG_KSHIM tags in the SDB file are <KSHIM> tags as children of a <LIBRARY> tag, itself a child of the <DATABASE> tag. Within each such <KSHIM> tag, attributes convert to the child tags of the SDB file’s TAG_KSHIM as follows:
| XML | SDB |
|---|---|
| NAME="name" | TAG_NAME has name as string data |
| ID="guid" | TAG_FIX_ID has guid, converted from string, as binary data |
| LOGO="boolean" | TAG_FLAGS has 0x00000001 set or clear in dword data according to whether boolean is YES or NO |
| ONDEMAND="boolean" | TAG_FLAGS has 0x00000002 set or clear in dword data according to whether boolean is YES or NO |
| FILE="module" | TAG_MODULE has module as string data |
The following XML extract shows the driver shims that are thus installed via the DRVMAIN.SDB file on the installation discs for Windows 10:
<?xml version="1.0" encoding="UTF-16"?>
<DATABASE NAME="Microsoft Driver Compatibility Database" ID="{F9AB2228-3312-4A73-B6F9-936D70E112EF}">
...
<LIBRARY>
<KSHIM NAME="autofail" ID="{407D63CE-419D-4550-B54A-4F1C1B5BDD9F}" ONDEMAND="YES" FILE="autofail" />
<KSHIM NAME="DeviceIdshim" ID="{0332EC62-865A-4A39-B48F-CDA6E855F423}" FILE="storport" />
<KSHIM NAME="driverscope" ID="{BC04AB45-EA7E-4A11-A7BB-977615F4CAAE}" FILE="NT kernel component" />
<KSHIM NAME="kmautofail" ID="{8ED4D238-F82D-433E-BC60-6117BC32EDCD}" ONDEMAND="YES" FILE="kmautofail" />
<KSHIM NAME="KmWin7VersionLie" ID="{3E28B2D1-E633-408C-8E9B-2AFA6F47FCC3}" FILE="NT kernel component" />
<KSHIM NAME="KmWin81VersionLie" ID="{21C4FB58-D477-4839-A7EA-AD6918FBC518}" FILE="NT kernel component" />
<KSHIM NAME="KmWin8VersionLie" ID="{47712F55-BD93-43FC-9248-B9A83710066E}" FILE="NT kernel component" />
<KSHIM NAME="NdisGetVersion640Shim" ID="{49691313-1362-4E75-8C2A-2DD72928EBA5}" FILE="ndis" />
<KSHIM NAME="SkipDriverUnload" ID="{3E8C2CA6-34E2-4DE6-8A1E-9692DD3E316B}" FILE="NT kernel component" />
<KSHIM NAME="Srbshim" ID="{434ABAFD-08FA-4C3D-A88D-D09A88E2AB17}" FILE="storport" />
<KSHIM NAME="usbshim" ID="{FD8FD62E-4D94-4FC7-8A68-BFF7865A706B}" FILE="usbd" />
</LIBRARY>
...
</DATABASE>
For showing the development over successive versions, a table is perhaps clearer:
| Name | GUID | Flags | Provider | Applicable Versions |
|---|---|---|---|---|
| autofail | {407D63CE-419D-4550-B54A-4F1C1B5BDD9F} | 0x00000002 | autofail | 6.2 and higher |
| DeviceIdShim | {0332EC62-865A-4A39-B48F-CDA6E855F423} | 0x00000000 | storport | 10.0 and higher |
| driverscope | {BC04AB45-EA7E-4A11-A7BB-977615F4CAAE} | 0x00000000 | NT kernel component | 6.2 and higher |
| kmautofail | {8ED4D238-F82D-433E-BC60-6117BC32EDCD} | 0x00000002 | kmautofail | 6.2 and higher |
| KmWin7VersionLie | {3E28B2D1-E633-408C-8E9B-2AFA6F47FCCB} | 0x00000000 | NT kernel component | 6.2 and higher |
| KmWin81VersionLie | {21C4FB58-F477-4839-A7EA-AD6918FBC518} | 0x00000000 | NT kernel component | 10.0 and higher |
| KmWin8VersionLie | {47712F55-BD93-43FC-9248-B9A83710066E} | 0x00000000 | NT kernel component | 6.3 and higher |
| NdisGetVersion640Shim | {49691313-1362-4E75-8C2A-2DD72928EBA5} | 0x00000000 | ndis | 10.0 and higher |
| SkipDriverUnload | {3E8C2CA6-34E2-4DE6-8A1E-9692DD3E316B} | 0x00000000 | NT kernel component | 10.0 and higher |
| Srbshim | {434ABAFD-08FA-4C3D-A88D-D09A88E2AB17} | 0x00000000 | storport | 6.2 and higher |
| usbshim | {FD8FD62E-4D94-4FC7-8A68-BFF7865A706B} | 0x00000000 | usbd | 6.2 and higher |
The several shims whose provider is named as “NT kernel component” are built in to the kernel. For all others, the name is that of the shim provider as registered under the Services key.