filtering ipnat.sys

TheMSsForum.com: The Microsoft Software Forum

The MSS Forum ‹ Drivers
- Archive
  - Biz
  - MCSE
  - CRM
  - Drivers
  - Framework
  - ADO
  - ASP
  - Compact
  - Forms
  - Dotnet
  - C#
  - VB
  - FontpageGen
  - Excel
  - WorkSheet
  - Exchange
  - Setup
  - Fox
  - Fontpage
  - ASP
  - IIS
  - Entourage
  - Money
  - Messanger
  - PocketPC
  - Powerpoint
  - Project
  - Publisher
  - Excel
  - VB
  - Security
  - Portal
  - Services
  - SQLServerDev
  - SVCS
  - SQLServer
  - VB
  - VC
  - MFC
  - ExcelGen

- Previous
  - 1
    - Questions about Windows Installer, DIFX and non-device drivers Hi, I am using Wise for Windows Installer for creating an msi package that will install 32-bit non-device minifilter drivers plus the end user app. The driver package consists of three .SYS files, one INF and one CAT file. All of the drivers will be signed with the Authenticode (not WHQL). I am using the latest version of DIFxApp.msm. I have configured my test system (XP) to run in a debug mode, so I can avoid the problems related to signature validation. So far I have been unable to successfully install using the DIFx tools. I have examined the INF using chkinf.bat and fixed all of the errors. This INF works fine when I use right-click menu option "Install". The Setupapi.log shows only warnings related to drivers' signatures, but everything else gets installed. When I use the same INF with the msi and DIFx, the install fails with the msg in the log: "Could not get services associated with driver package". there is no problem with starting the services when I use right-click menu option "Install". 1. Can I use one INF file for all the three signed drivers? "The Requirements for Driver Packages That Are Used with the DIFx Tools" MS doc reads: "Each signed driver package INF must have its own catalog file, which contains the signature for the driver package. The DIFx tools do not support catalog files that contain signatures for more one driver package". Does it mean that I need to have three separate INFs and corresponding catalog files? That would be strange since a single INF works with the setupapi. 2. DDK docs state explicitly that CatalogFile entry in the Version section of the INF file is "for signed antivirus minifilters, this entry contains the name of a WHQL-supplied catalog file. All other minifilters should leave this entry blank. For more information, see the description of the CatalogFile entry in INF Version Section". When I use DIFxApp.msm, the install will fail if there is no CatalogFile entry and there is nothing in the documentation that would suggest this entry is optional. So, I have assumed that when using DIFx tools I must use catalog files even when installing minifilter drivers. Is that correct? 3. The DriverPackageType in the [Version] section is listed as "FileSystemMinifilter". The latest version of the DIFx tools lists only two types: ClassFilter and PlugAndPlay. Should I change that entry to ClassFilter or is it backwards compatible. I recall seeing a post somewhere stating that using FileSystemMinifilter is OK. 4. I came across a post stating: "The issue is if you talk with the DIFx guys they will tell you that non-device drivers are not supported with DIFx. If it works be happy and continue to use it but if you have issues they won't do anything about it right now. Hopefully we will get this resolved (and supported) soon". Does this statement apply to Vista only or DIFx tools in general? What are my options in a situation where I need to use Windows Installer technology to install drivers with the application. My understanding is that there is no other other built-in support for installing drivers using Windows Installer than DIFx. If DIFx does not support non-device drivers it leaves me with no alternative. What am I supposed to do to install in a supported way non-device drivers using Windows Installer technology? I would appreciate your advice. Thanks, Jack Tag: filtering ipnat.sys Tag: 88258
  - 2
    - Help-Mux virtual miniport dirver showed as Disabled. Hi all, When I install Mux driver, the virtual miniport always showed up as Disabled. When I do right click to Eanbled and it said "Connection Failed." Yes, NdisImInitializeDeviceInstanceEx get called twice in PtBindAdapter and PtPnpNetEventReconfigure(by callling NdisReEnumerateProtocolBindings). I used DDk debuger but it still doesn't help, any suggestion? Sorry, I have to reposted again because someone used my last thread as a test page and I don't get any more responds after that. thanks, Tag: filtering ipnat.sys Tag: 88255
  - 3
    - Q: Are there multiple 'Plug and Play' drivers that I can try for my monitor? Someone jsut gave me a AXESS EP718 17" LCD and it works, but the picture is all pixelly. I have a feeling that it's just about toast, but I'm wonding if it could be a driver issue. I don't have the software that came with it, so I was wondering if there were different versions of XP's 'plug and Play' driver that I could try, to see it it makes any difference. Any other thoughts or ideas? Nice to have a monitor that doesn't take up half my desk, but I don't know how much longer I can look at it. It seems to be constantly changing; sometimes the brightness fades a bit, colour changes a touch or (like just now) the screen vibrates for a second. Any help would be greatly appreciated. (now the grey is gold; ok, now its grey again). Tag: filtering ipnat.sys Tag: 88254
  - 4
    - RtlInitUnicodeString and RtlFreeUnicodeString conventions For an uninitialized UNICODE_STRING, is it necessary to call RtlInitUnicodeString before calling a function like RtlStringFromGUID (or do functions like that unconditionally overwrite the previous contents of the structure)? For an initialized UNICODE_STRING, is it necessary to call RtlFreeUnicodeString before calling a function like RtlStringFromGUID (or do functions like that attempt to free the previously allocated buffer before overwriting the structure)? (Basically, are the conventions for UNICODE_STRING's and ANSI_STRING's similar to the conventions for BSTR's in COM?) Tag: filtering ipnat.sys Tag: 88249
  - 5
    - Problem with synchronous ReadFile() calls inside the NDIS miniport driver & some strange behaviour...please help URGENT Hello all, I am developing a NDIS miniport driver which also exposes a file interface (for CreateFile(), ReadFile(), WriteFile() etc).I created this file interface inside the MiniportInitialize() function using NdisMRegisterDevice() API. There are few problems which I am getting as follows: 1. If I try to assign different dispatch entry point functions then my driver is breaking the system (I am getting blue screen). The only way to avoid this I found is to use the same function for all the IRP dispatche entry points like below: DispatchTable[IRP_MJ_CREATE] = MyDeviceHook; DispatchTable[IRP_MJ_CLOSE] = MyDeviceHook; DispatchTable[IRP_MJ_READ] = MyDeviceHook; DispatchTable[IRP_MJ_WRITE] = MyDeviceHook; DispatchTable[IRP_MJ_DEVICE_CONTROL] = MyDeviceHook; DispatchTable[IRP_MJ_CLEANUP] = MyDeviceHook; NdisInitUnicodeString(&DeviceName, NT_DEVICE_NAME); NdisInitUnicodeString(&DosDeviceName, DOS_DEVICE_NAME); Status = NdisMRegisterDevice(g_NdisWrapperHandle, &DeviceName,&DosDeviceName,&DispatchTable[0],&tapDevice->devObj,&tapDevice->handle); and then use switch cases inside the MyDeviceHook() function for pIrpSp->MajorFunction to direct to particular function for handling read, write, close etc. My question is why I am unable to specify different dispatch entry point functions here? Is it something wrong with NDisMRegisterDevice() API. DDK documentation says that I should use as many different dispatch entry point functions for my different IRP_MJ_XXX codes handle by the driver. 2. Secondly I am using Cancel-Safe Irp (not Ex version) mechanism to pend read Irps until data is available from the other end of my Ndis miniport (i am transferring TCP/IP packets to my the user application via ReadFile()). However, when a read Irp is pending and I call CloseHandle() from my user application to close the handle, I expect that Close Irp will be called but it never get called and my application hangs. Please tell me why is it happening like that? I am using WinDDK (2600~1.110) on my Windows XP machine. Please reply soon as I am meeting deadlines. Thanks, Arsalan Tag: filtering ipnat.sys Tag: 88244
  - 6
    - RNDIS drivers don't support IAD ? I have a USB composite device and one of the subdevice is RNDIS. By monitoring the debug traces with checked build of usb8023.sys and rndismp.sys, I found windows RNDIS driver cannot find the pipes (bulk endpoints and interrupt endpoint) it needs. The USB configuration descriptors use IAD (Interface Association Descriptor) to indicate the group of interfaces by each device. While I modify the USB configuration device on my USB device, it is working fine as ususal. I am speculating the existing RNDIS drivers could not deal with IAD correctly. Anyone in MS can confirm this ? If this is the case, how to approach MS to fix this problem to make it support USB composite device and IAD correctly ? -Gary Tag: filtering ipnat.sys Tag: 88242
  - 7
    - How to send IOCTLs to a filter driver KB uses wrong mutex? The microsoft KB on "How to send IOCTLs to a filter driver" http://support.microsoft.com/default.aspx?scid=kb;EN-US;Q262305 uses a FastMutex to synchronize creation and deletion of control objects. The documentation for ExAcquireFastMutexUnsafe says: ExAcquireFastMutexUnsafe can be safely called only at IRQL = APC_LEVEL. Even if you were to use ExAcquireFastMutex, it sets the IRQL to APC_LEVEL. However, in the MS example, FilterCreateControlObject calls IoCreateSymbolicLink after calling ExAcquireFastMutexUnsafe and the documentation for IoCreateSymbolicLink says: Callers of IoCreateSymbolicLink must be running at IRQL = PASSIVE_LEVEL So is this a bug? Or did I miss some documentation where this is ok? I've run the code and it didn't crash, but according to the documentation, this isn't right. Gabe Tag: filtering ipnat.sys Tag: 88239
  - 8
    - CD/DVD read only - lower filter driver question Hi all, I have implemented a filter driver below CdRom and above StoragePort (atapi in my test case) as a lower filter to CdRom. I see all the traffic and specifially GET_CONFIGURATION resp READ_DISC_INFORMATION opcodes depending on the drive. My questions: To say that the disk is not writable, is it enough to patch the - CurrentProfile in the GET_CONFIGURATION response or - the Erasable bit and Disc Status in the READ_DISC_INFORMATION response I would tend to do the patch work in the respective completion routine and thus take the srb->DataBuffer and amend the buffer data appropriately. Is this the right way / place to do it? Could the SRB's DataBuffer be accessed directly or is it an MDL? Tag: filtering ipnat.sys Tag: 88235
  - 9
    - Multiple Report ID Problem Hi All, I have a HID keyboard application. I have single interface with one IN endpoint EP1(IN) for keyboard and one OUT endpoint EP2(OUT) for recieving data from the PC software. I have modified the existing report descriptor with addition of a vendor defined collection for output report descriptor as follows. DESCRIPTOR MyRepDesc[L_F_KBD_REP] PROGMEM = { // bootable keyboard report 0x05, 0x01, // Usage Page (Generic Desktop) 0x09, 0x06, // Usage (Keyboard) 0xA1, 0x01, // Collection (Application) 0x05, 0x07, // Usage Page (Key Codes) 0x19, 0xE0, // Usage Min (E0h = 224d) 0x29, 0xE7, // Usage Max (E7h = 231d) 0x15, 0x00, // Logical Min (0) 0x25, 0x01, // Logical Max (1) 0x75, 0x01, // Report Size (1) 0x95, 0x08, // Report Count (8) 0x81, 0x02, // Input (Data, Variable, Abs) 0x95, 0x01, // Report Count (1) 0x75, 0x08, // Report Size (8) 0x81, 0x01, // Input (Const, Ary, Abs) 0x95, 0x05, // Report Count (5) 0x75, 0x01, // Report Size (1) 0x05, 0x08, // Usage Page (LED) 0x19, 0x01, // Usage Min (1) 0x29, 0x05, // Usage Max (5) 0x91, 0x02, // Output (Data, Var, Abs); LED report 0x95, 0x01, // Report Count (1) 0x75, 0x03, // Report Size (3) 0x91, 0x01, // Output (Constant); padding 0x95, 0x06, // Report Count (6) 0x75, 0x08, // Report Size (8) 0x15, 0x00, // Logical Min (0) 0x26, 0xFF, 0x00, // Logical Max (255); all allowed key codes 0x05, 0x07, // Usage Page (Key Codes) 0x19, 0x00, // Usage Min (0) 0x2A, 0xFF, 0x00, // Usage Max (255); all allowed key codes 0x81, 0x00, // Input (Data, Ary); Key arrays (6 bytes) 0xC0 // End Collection total 65 (41h) bytes 0x06, 0xA0, 0xFF, // USAGE_PAGE (Vendor Usage Page 1) 0x09, 0x01, // USAGE (Vendor Usage 1) 0xA1, 0x01, // COLLECTION (Application) 0x85, 0x02, // Report ID (1) 0x09, 0x01, // USAGE (Vendor Usage 1) 0x15, 0x00, // LOGICAL_MINIMUM (0) 0x26, 0xFF, 0x00, // LOGICAL_MAXIMUM (255) 0x75, 0x08, // REPORT_SIZE (8) 0x95, 0x06, // REPORT_COUNT(6) 0x91, 0x02, // OUTPUT (Data,Var,Abs) 0xC0 // END_COLLECTION But its not enumarating ...whether i need to make any changes in my report descriptor? Thanks in Advance Tag: filtering ipnat.sys Tag: 88231
  - 10
    - determining what property sets are supported by a WDM streaming device Is there a way for an application to enumerate all the property set GUID's that a given WDM streaming device supports via its IKsPropertySet implementation? (I would like an application I am writing to have its own UI for all the properties supported by a given streaming WDM video capture device, even its custom properties.) Kronon Tag: filtering ipnat.sys Tag: 88230
  - 11
    - Help required with ddk sample FPFilter I compiled the 'fpfilter' driver from the ddk samples and the 'addfilter' app which is used to apply it to disk volumes. In the fpfilter I find an 'inf' file, I installed it with the 'install' context menu of explorer, then I added a volume with addfilter, then rebooted, and it doesn't work, i.e. the drive letter which corresponds to the volume has now disappeared from the explorer folder view? Thanks. Tag: filtering ipnat.sys Tag: 88228
  - 12
    - How to obtain a Handle on Tescap driver ?? Hi, I actually try to modify the TestCap sample of the DDK. And I would communicate with it in a user-mode application but I can't obtain a handle on it. The CreateFile functions always reject the name of the driver. Could you help me ?? I've found a message named "Use IOCTL in testcap ddk sample question?" but it was not useful for me... Tag: filtering ipnat.sys Tag: 88223
  - 13
    - UpdateDriverForPlugAndPlayDevices() return ERROR_FILE_NOT_FOUND on Vista x86 Hi, On Vista build 5744 x86, my uninstallation program calls UpdateDriverForPlugAndPlayDevices() to uninstall my proprietary mouse filter driver, but gets return value ERROR_FILE_NOT_FOUND. The parameter fullInfPath passed to UpdateDriverForPlugAndPlayDevices() is the full path to inbox msmouse.inf. I am sure it exists. Could someone please tell me how to solve the problem or advise some alternatives? Thanks. Regards, David Tag: filtering ipnat.sys Tag: 88216
  - 14
    - dont get the removecomplete message from the window XP. Hello, I'm working on WIN32 application which monitors and passes data from and to USB Device which also support serial communication . I monitors device arrival/removal notification ( Serial Port ), by the way, especially while I try to read data from USB device, if i remove usb device from PC, I dont get the removecomplete message from Windows. My process is the following. 1) Device Arrival ( Serial Port -DBT_DEVTYP_PORT) 2) Open Serial Port 3) Write/Read Serial Port 4) Close Serial Port 5) Open USB Device Port 6) Write/Read USB Device 7) if Read Failed, Close USB Device Handle 8) Device RemoveComplete ( Serial Port - DBT_DEVTYP_PORT ) ==> dont get that message . The Device Driver Developer said to me that He verified the following fact. My app closes serial com port, and closes USB Device port, and Device Driver called WinAPI for Windows Event iosetdeviceinterfacestate() to OS. => But My App or the other windows event collector(test program ) dont get that messages. After I kill My App, The RemoveComplete Event is notified. Except closing opened port, what else should I do? Any suggestion will be appreciated. Regards, kiyo, Tag: filtering ipnat.sys Tag: 88210
  - 15
    - video capture filter driver, detect current streaming format Hello all. I wrote a usb camera filter driver that can do some processing before the image data was submited to the appliction from the driver. Now I can modified the image data(which comes with the IOCTL of IOCTL_KS_READ_STREAM), but I can't get the format(such as size, rgb or yuv...)of current stream. I also found something from here: http://groups.google.com/group/microsoft.public.development.device.drivers/browse_thread/thread/72d37da008f62553/c84a2e1dadc7af13?lnk=st&q=filter+driver+format&rnum=2&hl=zh-CN#c84a2e1dadc7af13 but it seems not work. Any one can help me? Best Regards __ Martin Zhang Tag: filtering ipnat.sys Tag: 88209
  - 16
    - upper audio filter driver Hi, How does the IO Manager/PNP manager recognise a driver to be an upper level filter driver for the "audio" class of devices? Where does it look, and for what? Thanks in advance! Tag: filtering ipnat.sys Tag: 88203
  - 17
    - How do I send string to driver? Hi. I'm a beginner of device driver development. Now I'm writting any driver. I wrote 'theDriverObject->MajorFunction[IRP_MJ_WRITE] = OnMyDispatch;' So I can receive 'IRP_MJ_WRITE' in 'OnMyDispatch'. Now I have to send any string to the driver. I think it's possible by IRP_MJ_WRITE. How do I do it? (In fact, I need simple example.) Tag: filtering ipnat.sys Tag: 88199
  - 18
    - Make INF for filter driver jarvisbao wrote: > *Hi All, > We've developed a lower filter driver for CD/DVD, and we want to get > WHQL signature, so we performed "Unclassified Signature Program" task > on DTM, all the jobs have been passed except the job 828 (Run INFTest > with single INF). I know it will use chkinf to check our INF file. > Attached is the INF for our driver, can anyone suggest to make our > INF file pass the chkinf test? > > Thanks > > Jarvis Bao * We signed our driver with embedded digital signature, so it did not include CAT file, and no CLASS, CLASSGUID specified, but the chkinf would tell us that the CLASS, CLASSGUID, and CatalogFile filds are required. -- jarvisbao ------------------------------------------------------------------------ Posted via http://www.codecomments.com ------------------------------------------------------------------------ Tag: filtering ipnat.sys Tag: 88197
  - 19
    - Make INF for filter driver Hi All, We've developed a lower filter driver for CD/DVD, and we want to get WHQL signature, so we performed "Unclassified Signature Program" task on DTM, all the jobs have been passed except the job 828 (Run INFTest with single INF). I know it will use chkinf to check our INF file. Attached is the INF for our driver, can anyone suggest to make our INF file pass the chkinf test? Thanks Jarvis Bao +----------------------------------------------------------------+ | Attachment filename: afc.zip | |Download attachment: http://www.codecomments.com/attachment.php?postid=3328637 | +----------------------------------------------------------------+ -- jarvisbao ------------------------------------------------------------------------ Posted via http://www.codecomments.com ------------------------------------------------------------------------ Tag: filtering ipnat.sys Tag: 88196
  - 20
    - Vista, rollback driver In the escrow build, x86, I've updated an inbox driver to my test signed version from Device Manager. It complained that the driver is unsigned, created restore point, etc. Later I wanted to roll it back, but the rollback button was grayed. I did uninstall and remove files. Then Vista immediately found and reinstalled the in-box driver. Two questions: a. Why the roll-back button was grayed? Some error on my side, or a feature of Vista? b. Can we disable the immediate reinstall after removing a driver, or is this considered for future? (Why: suppose that the previous version is bad and crashed. Restoring it will result in... yes, crash ). Regards, --PA Tag: filtering ipnat.sys Tag: 88192
  - 21
    - Mouse Development, use HID-USB or RS-232? Hello, As my senior design project i'm developing a computer pointing device that i'd like the computer to interpret as a mouse. The mouse will eventually be designed to support movement in three dimensions, however if i can just get limited functionality working with the PC, i'll be happy. In that case, i'm trying to determine the best way to implement PC connectivity with the device. I'm trying to wage the amount of effort needed to connect the mouse using the USB HID protocol. The problem is i'm having trouble finding resources on implementing a USB HID device. The datasheets for the microprocessors i'm considering do not document HID integration very well with their devices. Does anyone have any suggestions as to implementation methods (USB or RS-232) ? would HID be the best option even if supporting three dimentions? thanks in advance Tag: filtering ipnat.sys Tag: 88167
  - 22
    - Bugcheck D1 in ks.sys I've written an AVStream video capture driver. When I turn on DriverVerifier, I get bugcheck D1 (!analyze -v output is below). It happens when I insert the filter into GraphEdt.exe, render the preview pin, and hit play. The bugcheck occurs after the first call to Process (right after entering the Run state). The memory being accessed (e3987bc8) is indeed pageable; !pool e3987bc8 2 shows: Pool page e3987bc8 region is Paged pool *e3987b68 size: 70 previous size: 28 (Allocated) *KSpf Owning component : Unknown (update pooltag.txt) It appears the KS.SYS has allocated the KSGATE structure from paged pool (the tag "KSpf" is not used in my driver, so I'm guessing it is KS). It also appears that KS.SYS is calling KsGateTurnInputOn at DISPATCH_LEVEL. I have added code to all of my functions to capture the IRQL coming in, and check it going out, to make sure it is the same; it comes up clean, so I'm 99% sure it's not me forgetting to release a spinlock or something. Any ideas? Oh, this is running on XP Pro SP2, with all the latest updates installed. TIA, -- mkj _______________________________________________ // // Michael K. Jones // Stone Hill Consulting, LLC // http://www.stonehill.com //_______________________________________________ ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pageable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: e3987bc8, memory referenced Arg2: 00000002, IRQL Arg3: 00000001, value 0 = read operation, 1 = write operation Arg4: f6673dfd, address which referenced memory Debugging Details: ------------------ WRITE_ADDRESS: e3987bc8 Paged pool CURRENT_IRQL: 2 FAULTING_IP: ks!KsGateTurnInputOn+d f6673dfd f00fc108 lock xadd [eax],ecx DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xD1 LAST_CONTROL_TRANSFER: from 8053225b to 804e3592 STACK_TEXT: ed1dc664 8053225b 00000003 ed1dc9c0 00000000 nt!RtlpBreakWithStatusInstruction ed1dc6b0 80532d2e 00000003 e3987bc8 f6673dfd nt!KiBugCheckDebugBreak+0x19 ed1dca90 804e187f 0000000a e3987bc8 00000002 nt!KeBugCheck2+0x574 ed1dca90 f6673dfd 0000000a e3987bc8 00000002 nt!KiTrap0E+0x233 ed1dcb24 f6678279 e3987bc8 86a0b2b8 866c9884 ks!KsGateTurnInputOn+0xd ed1dcb38 f6678b31 869c7270 86a0b2b8 00000000 ks!CKsQueue::SetStreamPointer+0x254 ed1dcb64 f667a310 01a0b2b8 00000000 861a56d0 ks!CKsQueue::AddFrame+0x5a ed1dcb90 f668cf3a 866c97d8 00000000 ed1dcbb0 ks!CKsQueue::TransferKsIrp+0x1e6 ed1dcbb8 f667bf85 86a5c020 87130f00 ed1dcbfc ks!CKsPin::DispatchDeviceIoControl+0x168 ed1dcbc8 804e37f7 86a5c020 87130f00 806ed2a4 ks!DispatchDeviceIoControl+0x28 ed1dcbd8 80669cc5 87130fd4 87130ff8 86704750 nt!IopfCallDriver+0x31 ed1dcbfc 80674c0b 86704698 86709170 87130f00 nt!IovCallDriver+0xa0 ed1dcc10 804e37f7 86704698 87130f00 806ed2a4 nt!ViDriverDispatchGeneric+0x2a ed1dcc20 80669cc5 861ca230 806ed070 87130f00 nt!IopfCallDriver+0x31 ed1dcc44 8056a101 87130fdc 866d26f8 87130f00 nt!IovCallDriver+0xa0 ed1dcc58 80579a8a 86704698 87130f00 866d26f8 nt!IopSynchronousServiceTail+0x60 ed1dcd00 8057bfa5 0000025c 00000314 00000000 nt!IopXxxControlFile+0x611 ed1dcd34 804de7ec 0000025c 00000314 00000000 nt!NtDeviceIoControlFile+0x2a ed1dcd34 7c90eb94 0000025c 00000314 00000000 nt!KiFastCallEntry+0xf8 057dfe68 7c90d8ef 7c8016be 0000025c 00000314 ntdll!KiFastSystemCallRet 057dfe6c 7c8016be 0000025c 00000314 00000000 ntdll!ZwDeviceIoControlFile+0xc 057dfecc 5e04b82d 0000025c 002f4017 00000000 kernel32!DeviceIoControl+0x78 057dff44 5e03ce0a 0027ff7c 00000001 057dff7c ksproxy!CStandardInterfaceHandler::KsProcessMediaSamples+0x227 057dff84 5e03cf32 00000000 057dffb4 5e041762 ksproxy!CKsOutputPin::QueueBuffersToDevice+0x128 057dff90 5e041762 00000000 0090cce0 0006f2b8 ksproxy!CKsOutputPin::MarshalRoutine+0x16 057dffb4 7c80b683 00917758 0006f2b8 77d4d598 ksproxy!CAsyncItemHandler::AsyncItemProc+0x18e 057dffec 00000000 5e0415d4 00917758 00000000 kernel32!BaseThreadStart+0x37 STACK_COMMAND: .bugcheck ; kb FOLLOWUP_IP: ks!KsGateTurnInputOn+d f6673dfd f00fc108 lock xadd [eax],ecx FAULTING_SOURCE_CODE: SYMBOL_STACK_INDEX: 4 FOLLOWUP_NAME: MachineOwner SYMBOL_NAME: ks!KsGateTurnInputOn+d MODULE_NAME: ks IMAGE_NAME: ks.sys DEBUG_FLR_IMAGE_TIMESTAMP: 41107ef8 FAILURE_BUCKET_ID: 0xD1_W_VRF_ks!KsGateTurnInputOn+d BUCKET_ID: 0xD1_W_VRF_ks!KsGateTurnInputOn+d Followup: MachineOwner --------- Tag: filtering ipnat.sys Tag: 88153
  - 23
    - Moufiltr, ServiceCallback I have been modified the DDK sample moufiltr driver to be accessed by user app. user mode app can access to the control objcet with the symbolic link. It also works well with WriteFile() - IRP_MJ_WRITE. But when it call MouFilter_ServiceCallback() in IRP_MJ_WRITE hanlder, PC is rebooted immediately. I'd like to create a mouse packet in the driver from the user mode app call. What is wrong? What should I do? Thank you. -- Blade Tag: filtering ipnat.sys Tag: 88151
  - 24
    - ScsiPort and mapBuffers Folks, I have a scsiport miniport driver. The hardware I talk to supports DMA so I do not need system virtual address for doing read/write commands. However I need to emulate some SCSI commands and need mapped buffers for non-read/write commands processing like test unit ready etc. In scsiport model if I set the mapBuffers to TRUE I will get system virtual address in data pointe for all commands including read/write commands. I beleive creating this mapping is a costly operation. I there a way I can set the mapBuffers to FALSE and then for non read/write commands only get a virtual address to map the physical address? Since my driver is an experimental driver I am fine using "disallowed" windows driver commands. Any help much appreciated. Thanks in advance. regards vs Tag: filtering ipnat.sys Tag: 88148
  - 25
    - StorPort for Windows XP Folks, I have a Scsiport miniport that I wish to convert to the storport model. I could not find support for storport on Win XP. I saw the support available only for Win Server 2003. In the WinHEC 2006 slides around this topic I saw a statement that a backport to WinXP is under consideration. Is this port available or is there a beta/eval version available? I am currently still in experimental stage so even a eval/beta version of the port drivers will help me get through what I am doing now. Thanks in advance for your assistance regards windrv Tag: filtering ipnat.sys Tag: 88136
- Next
  - 1
    - Start /Stop WZC from code like NetStumbler Hello!, How can I stop the WZC from the code of my application like the NetStumbler?? I have done a NDIS Protocol Driver "mydriver.sys" like ndisuio, then How can I start "mydriver.sys" from the code of my application in Visual C#.NET?? I can do all that with "net start wzcsvc / mydriver" or "net stop wzcsvc" from command line, but I want to do that from the code of my application. Please, can you tell me how can I do that?? Tag: filtering ipnat.sys Tag: 88135
  - 2
    - cat installing under Vista x64 Hi I have the followinbg problem: I have a legacy driver with the following inf ;;; ;;; Hardlock sys ;;; ;;; ;;; Copyright (c) 2006, Aladdin Knwoledge Systems LTD. ;;; [Version] Signature = "$Windows NT$" Provider = %Aks% DriverVer = 11/9/2006,3.41 CatalogFile = hardlock.cat [DestinationDirs] DefaultDestDir = 12 Hlk.DriverFiles = 12 ;%windir%\system32\drivers ;; ;; Default install sections ;; [DefaultInstall] OptionDesc = %HlkServiceDesc% CopyFiles = Hlk.DriverFiles [DefaultInstall.Services] AddService = %HlkServiceName%,,Hlk.Service ; ; Services Section ; [Hlk.Service] DisplayName = %HlkServiceName% Description = %HlkServiceDesc% ServiceBinary = %12%\hardlock.sys ;%windir%\system32\drivers\hardlock.sys ServiceType = 1 ;SERVICE_FILE_SYSTEM_DRIVER StartType = 2 ;SERVICE_AUTO_START ErrorControl = 1 ;SERVICE_ERROR_NORMAL ; ; Copy Files ; [Hlk.DriverFiles] hardlock.sys [SourceDisksNames] 1 = %Disk1% [SourceDisksFiles] hardlock.sys = 1 ;; ;; String Section ;; [Strings] Aks = "Aladdin Knowledge Systems" HlkServiceDesc = "Aladdin Hardlock Legacy Driver" HlkServiceName = "hardlock" Disk1 = "File Source Media" I've build a .cat using makecat -v hardlock.cdf from following file: [CatalogHeader] Name=hardlock.cat PublicVersion=0x0000001 EncodingType=0x00010001 CATATTR1=0x10010001:OSAttr:2:6.0 [CatalogFiles] <hash>File1=hardlock.sys <hash>File2=hardlock.inf then signed the cat with our own certificate whic is added on the test machine in the Trusted Root Store and Trusted Publisher store. On the test Vista X64 build 5744 the testsigned is on and when I've embedded sign the drivber there is no problem to load the driver. I've used the fvollowing program to add the .cat to the cat data base and I see that it is added in the cat root. #include <windows.h> #include <stdio.h> typedef BOOL (__stdcall * PCryptCATAdminAcquireContext)(PVOID* phCatAdmin,const GUID* pgSubsystem,DWORD dwFlags); typedef BOOL (__stdcall* PCryptCATAdminReleaseContext)(PVOID hCatAdmin,DWORD dwFlags); typedef PVOID (__stdcall * PCryptCATAdminAddCatalog)(PVOID hCatAdmin, WCHAR* pwszCatalogFile, WCHAR* pwszSelectBaseName,DWORD dwFlags); typedef BOOL (__stdcall* PCryptCATAdminReleaseCatalogContext)( PVOID hCatAdmin, PVOID hCatInfo, DWORD dwFlags); typedef struct wintrust_functions{ PCryptCATAdminAcquireContext pCryptCATAdminAcquireContext; PCryptCATAdminReleaseContext pCryptCATAdminReleaseContext; PCryptCATAdminAddCatalog pCryptCATAdminAddCatalog; PCryptCATAdminReleaseCatalogContext pCryptCATAdminReleaseCatalogContext; }WINTRUST_FCT; void Char2Wchar(char* cmdline,unsigned int Srcsizem,char* wcmdline,unsigned int DestSize) { int i = 0; memset(wcmdline,0x0,DestSize); for(i=0;i<strlen(cmdline);i++) wcmdline[i*2]=cmdline[i]; } int hhls_GetWinTrustFct(WINTRUST_FCT * fct) { HMODULE wintrust; wintrust = LoadLibrary("wintrust.dll"); if( NULL == wintrust ){ printf("can not load wintrust.dll\n"); exit(0); } fct->pCryptCATAdminAcquireContext = (PCryptCATAdminAcquireContext)GetProcAddress(wintrust,"CryptCATAdminAcquireContext"); if( NULL == fct->pCryptCATAdminAcquireContext ){ printf("can not get address for CryptCATAdminAcquireContext\n"); exit(0); } fct->pCryptCATAdminReleaseContext = (PCryptCATAdminReleaseContext)GetProcAddress(wintrust,"CryptCATAdminReleaseContext"); if( NULL == fct->pCryptCATAdminReleaseContext ){ printf("can not get address for CryptCATAdminReleaseContext\n"); exit(0); } fct->pCryptCATAdminAddCatalog = (PCryptCATAdminAddCatalog)GetProcAddress(wintrust,"CryptCATAdminAddCatalog"); if( NULL == fct->pCryptCATAdminAddCatalog ){ printf("can not get address for CryptCATAdminAddCatalog\n"); exit(0); } fct->pCryptCATAdminReleaseCatalogContext = (PCryptCATAdminReleaseCatalogContext)GetProcAddress(wintrust,"CryptCATAdminReleaseCatalogContext"); if( NULL == fct->pCryptCATAdminReleaseCatalogContext ){ printf("can not get address for CryptCATAdminReleaseCatalogContext\n"); exit(0); } return 1; } int main(int argc, char* argv[]) { WINTRUST_FCT wintrust; int status; PVOID catAdmin; PVOID hcat; char wPath[2*MAX_PATH]={0}; printf("usage: instcat <full_path_to_cat\catfilename.cat>\n"); if( argc != 2 ){ printf("usage: instcat <full_path_to_cat\catfilename.cat>\n"); exit(0); } hhls_GetWinTrustFct(&wintrust); if( FALSE == wintrust.pCryptCATAdminAcquireContext(&catAdmin,NULL,0)){ printf("CryptCATAdminAcquireContext failed error %d\n",GetLastError()); exit(1); } Char2Wchar(argv[1],strlen(argv[1]),wPath,MAX_PATH); hcat = wintrust.pCryptCATAdminAddCatalog(catAdmin,wPath,NULL,0); if( NULL == hcat ){ printf("CryptCATAdminAddCatalog failed error %d\n",GetLastError()); exit(1); } if( FALSE == wintrust.pCryptCATAdminReleaseCatalogContext(catAdmin,hcat,0) ){ printf("CryptCATAdminReleaseCatalogContext failed error %d\n",GetLastError()); exit(1); } if( FALSE == wintrust.pCryptCATAdminReleaseContext(catAdmin,0) ){ printf("CryptCATAdminReleaseContext failed error %d\n",GetLastError()); exit(1); } printf("cat succesfully installed\n"); return 0; } after running the program and cat is added to the cat database I'm installing the driver by right clicking the mouse and choosing Install. Driver is copyed to system32\drivers and no message reporting errors occurs. when from command prompt I use sc start hardlock to load the driver Vista is reporting that driver is not sign. Anyone can help ? thanks horatiu Tag: filtering ipnat.sys Tag: 88134
  - 3
    - How to implement blocking ReadFile() call in the driver Hi all, I am implementing a driver for windows XP which interacts with a device and exposes that device to application via file interface (CreateFile(), ReadFile(), WriteFile() APIs). So now if a user application needs to communicate with the device then it opens file handle to the device \\Mydevice and then uses ReadFile() to read packets from the device and WriteFile() to write packets from the device. Problem is that this reading and writing can be done simulataneously using multiple threads (one thread for reading and one for writing). Currently in the reading thread I call ReadFile() to read packets from the device in a loop and if there are no packets to read I go to sleep for some time and then try reading the packets again. Code is like: While(TRUE) { if(ReadFile(m_hFile, buffer, MAX_BUFFER_SIZE, &bytesRead, NULL) == 0) { // An error } else { if(bytesRead > 0) { // Do something with the data } } Sleep(SOME_TIME); } I want to change my implementation of ReadFile() in the driver to a blocking ReadFile() so that my ReadFile() only returns when either there is a data packet or an error has occured (like for example I close the file handle from some other thread). May be its just a beginning level question, but if you could guide (some links or hints etc) me how can I do this, I will really appreciate. Thanks, Arsalan Tag: filtering ipnat.sys Tag: 88129
  - 4
    - Preventing current NIC instances from stopping when installing new For Windows 2003 Server, I have a device driver that is basically an NDIS ethernet miniport on the upper edge and a WDM driver on the lower edge. This device lives on a virtual bus that I have control over. I have a problem when I try to install new instances when there are current running instances. The network class installer seems to always restart all instances that use my driver. I would like to dynamically add instances of my device on my virtual bus, and have the device installer connect up my NIC driver to the protocol bindings withough disrupting traffic on current instances. I have other types of devices on my virtual bus (storage and WDM) and do NOT see this behaivor, so am fairly convinced the network class driver somehow is marking all device for my driver as needing to restart. Looking at verbose logging in setupapi.log clearly shows all instances getting removed and then started. This looks like it happens after the network class installer has returned from DIF_INSTALLDEVICE. Turning on logging of netcfgx on the checked build didn't produce any good clues either. I've done some experiment with the Intel NIC driver and find it has exactly the same issue I have. I also find the network class installer even needs to restart virtual nics used for vlan tagging in the Intel NIC driver. I'm currently using a command line program from Microsoft available in source form that installs a specific inf to a specific Pnp instance id. It's in KB 889763. I basically need to find a way to modify the program in KB 889763 to set the correct options such that current NIC instances don't loose connectivity when I install a new instance. It could also be I need to write a class or device coinstaller to modify something in the install process, like perhaps post processing of the DIF_INSTALLDRIVER message, to turn off whatever flags are causing the restart. If somebody from Microsoft could tell me what causes the network class installer to restart all NIC instances, I could perhaps find a way to solve this. Thanks Jan Tag: filtering ipnat.sys Tag: 88122
  - 5
    - Attach filter driver to port driver. Now I'm developing Filter Driver. I'm trying to attach my filter to port driver in storage device stack, but I don't know the way. How should I do ? I can confirm by using WinDbg that acpy.sys is being attached to port driver. Do anybody know the way ? And also, I heard that lower class filter driver couldn't trace anything I/Os. But what are these exactly? Tag: filtering ipnat.sys Tag: 88119
  - 6
    - communicating with TCP on smartcard I want to put the TCP stack in a smartcard and use it to communicate with any program using TCP. The standard PC interface to a smartcard is via PC/SC that implements a normalized half-duplex protocol (usually T=0). In a sense, the smartcard is like a (very small) computer and communication to it is via PC/SC. In general if an application wants to connect with TCP to a remote TCP, any data packet from the application is routed by IP to the correct host - in this case the smartcard. One way to implement this is to have a server program on the PC that gets the IP datagram and forwards it (in pieces of at most 255 bytes) using PC/SC to the smartcard (possibly with some point-to-point protocol), i.e. it acts as a 'network device or adapter', somewhat similar to an LAN-WAN (e.g. X.25 or ATM) bridge. I have some questions about this: - Is this the only way to go about it? - What API (if any) do I use to get an IP datagram destined for a specific IP address? - If such API does not exist, must I write a 'device' driver adhering to NDIS and all that? Can someone provide me with sample code. Tag: filtering ipnat.sys Tag: 88109
  - 7
    - IOCTL_HID_SET_FEATURE Hello, i've to power off a UPS via feature report. In usermode, this works fine with HidD_SetFeature(). I also have to do this is in a driver. I tried this by the use of IOCTL_HID_SET_FEATURE. When using this ioctl out of my driver, hidclass BSODs ( access violation ). So I think, the buffer sent via IOCTL_HID_SET_FEATURE is wrong - how must it look like? I tried to fill the buffer with 'power off command' only and to set it to a pointer on HID_XFER_PACKET. How to use IOCTL_HID_SET_FEATURE correct? Thank you, - Bernhard Ruhsam Here's the bugcheck: ******************************************************************************* * * * Bugcheck Analysis * * ******************************************************************************* SYSTEM_THREAD_EXCEPTION_NOT_HANDLED (7e) This is a very common bugcheck. Usually the exception address pinpoints the driver/function that caused the problem. Always note this address as well as the link date of the driver/image that contains this address. Arguments: Arg1: c0000005, The exception code that was not handled Arg2: f9ca2b14, The address that the exception occurred at Arg3: f9e8895c, Exception Record Address Arg4: f9e88658, Context Record Address Debugging Details: ------------------ ***** Kernel symbols are WRONG. Please fix symbols to do analysis. FAULTING_MODULE: 804d7000 nt DEBUG_FLR_IMAGE_TIMESTAMP: 41107d52 EXCEPTION_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in "0x%08lx" verweist auf Speicher in "0x%08lx". Der Vorgang "%s" konnte nicht auf dem Speicher durchgef hrt werden. FAULTING_IP: HIDCLASS!HidpGetSetReport+24 f9ca2b14 8b400c mov eax,[eax+0xc] EXCEPTION_RECORD: f9e8895c -- (.exr fffffffff9e8895c) ExceptionAddress: f9ca2b14 (HIDCLASS!HidpGetSetReport+0x00000024) ExceptionCode: c0000005 (Access violation) ExceptionFlags: 00000000 NumberParameters: 2 Parameter[0]: 00000000 Parameter[1]: 0000000c Attempt to read from address 0000000c CONTEXT: f9e88658 -- (.cxr fffffffff9e88658) eax=00000000 ebx=81963a68 ecx=000b01a8 edx=00000000 esi=81952b60 edi=81963b68 eip=f9ca2b14 esp=f9e88a24 ebp=f9e88a3c iopl=0 nv up ei pl zr na po nc cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010246 HIDCLASS!HidpGetSetReport+0x24: f9ca2b14 8b400c mov eax,[eax+0xc] ds:0023:0000000c=???????? Resetting default scope DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0x7E LAST_CONTROL_TRANSFER: from f9ca2530 to f9ca2b14 STACK_TEXT: f9e88a3c f9ca2530 8194ce00 81963a68 000b0191 HIDCLASS!HidpGetSetReport+0x24 f9e88aa0 f9ca2907 8194ce00 81963a68 f9e88ae8 HIDCLASS!HidpIrpMajorDeviceControl+0x210 f9e88ab0 804e37f7 8194cd48 81963a68 f9dbae48 HIDCLASS!HidpMajorHandler+0x55 WARNING: Stack unwind information not available. Following frames may be wrong. f9e88ae8 f9dbb473 000b0191 00000000 00000000 nt!IofCallDriver+0x32 f9e88c7c 805a07bb 81a8e880 8159f000 00000000 Reboot!DriverEntry+0x1ed [n:\drv\win\reboot\reboot.c @ 138] f9e88d4c 805a0a90 00002464 00000001 00000000 nt!IoWMIOpenBlock+0xefd f9e88d74 804e426b 00002464 00000000 81bc7020 nt!IoWMIOpenBlock+0x11d2 f9e88dac 8057be15 f9f24cf4 00000000 00000000 nt!ExQueueWorkItem+0x104 f9e88ddc 804fa4da 804e4196 00000001 00000000 nt!PsCreateSystemThread+0x70 00000000 00000000 00000000 00000000 00000000 nt!KeInitializeTimer+0x107 STACK_COMMAND: .bugcheck ; kb FOLLOWUP_IP: HIDCLASS!HidpGetSetReport+24 f9ca2b14 8b400c mov eax,[eax+0xc] FAULTING_SOURCE_CODE: SYMBOL_STACK_INDEX: 0 FOLLOWUP_NAME: MachineOwner SYMBOL_NAME: HIDCLASS!HidpGetSetReport+24 MODULE_NAME: HIDCLASS IMAGE_NAME: HIDCLASS.SYS Tag: filtering ipnat.sys Tag: 88107
  - 8
    - upper filter driver uninstallation how does one dynamically install/uninstall a filter driver(without requiring a reboot). What services to use?example if possible! thanks in advance.... Tag: filtering ipnat.sys Tag: 88106
  - 9
    - kernel mode audio - need some clarity Hi, Im workin(just sarted out, so pretty much a newbie) on an upper filter driver, and I need to clarify a few doubts: 1) Can an upper filter driver implement kernel streaming?(if there is no straightforward way, is there an indirect way?Hints please :)) 2) This miniport thing is a bit confusing. Can there be more than one mini driver in a devices "driver stack"? More specifically, can my upper filter driver implement a wave cyclic miniport when it is implemented by the functional driver too? 3) Is there more than one standard way in which actual audio data may flow down the wdm layers of an audio device? What are these way(s)? 4) What are "pins"? What is required to implement them? 5) Can audio data flow through an upper filter driver of an audio-out device at all? yes, i know (a)this topic has been discussed in some forums. However, thanks to contradicting posts and some irritatingly "so close but yet so far(conceptually)" threads, I am well and truly confused. (b)that I should read Walter Oney's book. unfortunately its not available in the city I live in. (c)that I should read Microsofts DDK documentation. I have been trying to do this for some time now. I am more confused now than when I started out( I gues partially because there is nothing audio-filter-driver specific). Dont send me back there. Have mercy! Tag: filtering ipnat.sys Tag: 88105
  - 10
    - NDIS MiniportSendPackets called after MiniportShutdown We have encountered crashes on shutdown with our NDIS 5.1 WDM miniport driver. The crashes may occur on less than 1 in 500 reboots on MP systems with the latest multi-core CPUs. The problem seems to be a synchronization problem. A common server has 2 NICs, but servers can have up to 32 NICs installed. On shutdown the driver's MiniportShutdown routine is called for each NIC instance. The DDK states: >MiniportShutdown does nothing more than restore the NIC to its initial state >(before the miniport's DriverEntry function runs). However, this ensures that the >NIC is in a known state and ready to be reinitialized when the machine is >rebooted after a system shutdown occurs for any reason, including a crash >dump. >MiniportShutdown should not release any allocated resources. >MiniportShutdown should just stop the NIC. That is what we do. At the start of MiniportShutdown we set a flag in a global driver structure that the NIC is shutting down. The NIC is stopped. The receive DPC for the adapter will not pass up any more packets and any queued send packets are returned by calling NdisMSendComplete. The driver may queue send packets if it could not send the packets in the context of its MiniportSendPackets routine. That could happen under heavy network load for multiple NICs. But, in the case of the shutdown crashes the systems were basically idle. What we see is that the MiniportSendPackets routine is called by NDIS after the MiniportShutdown routine has completed for the same adapter. The crash occurs in the MiniportSendPackets routine, because the MiniportAdapterContext handle that is passed to MiniportSendPackets is not valid anymore. The call stack is: 8089a09c f7862394 NetMp!MpSendPackets+0x4d 8089a0c4 ba80cf47 NDIS!ndisMSendX+0x1e4 8089a0ec ba807df8 tcpip!ARPSendData+0x198 8089a114 ba80c632 tcpip!ARPTransmit+0x11a 8089a250 ba809357 tcpip!_IPTransmit+0x84f 8089a2f0 ba80954a tcpip!UDPSend+0x445 8089a314 ba8095b0 tcpip!TdiSendDatagram+0xd5 8089a34c ba80907a tcpip!UDPSendDatagram+0x4f 8089a368 8081dce5 tcpip!TCPDispatchInternalDeviceControl+0x10c 8089a37c ba7d3cf8 nt!IofCallDriver+0x45 8089a398 ba7d3b9b netbt!TdiSendDatagram+0x14e 8089a3dc ba7d3fad netbt!UdpSendDatagram+0x14c 8089a424 ba7e6411 netbt!UdpSendNSBcast+0x288 8089a460 ba7e6513 netbt!ReleaseNameOnNet+0xb8 8089a48c ba7de8a2 netbt!NameReleaseDone+0x58 8089a4a8 ba7e6273 netbt!InterlockedCallCompletion+0x3c 8089a4c4 ba7cf054 netbt!ReleaseCompletion+0x14e 8089a4e4 808316c0 netbt!TimerExpiry+0x5b Checking the miniport adapter states from the crash dump: kd> !miniport 8a0db130 Miniport 8a0db130 : BladeFrame Network Management Veth, v0.0 AdapterContext : 88319000 Flags : ac452008 BUS_MASTER, IGNORE_TOKEN_RING_ERRORS, DESERIALIZED RESOURCES_AVAILABLE, SUPPORTS_MEDIA_SENSE, DOES_NOT_DO_LOOPBACK MEDIA_CONNECTED, PM_HALTING, PnPFlags : 01c10000 RECEIVED_START, NDIS_WDM_DRIVER, SHUT_DOWN SHUTTING_DOWN, MiniportState : STATE_UNDEFINED IfIndex : 0 Ndis5MiniportInNdis6Mode : 0 InternalResetCount : 0000 MiniportResetCount : 0000 References : 3 UserModeOpenReferences: 0 PnPDeviceState : PNP_DEVICE_STARTED CurrentDevicePowerState : PowerDeviceD0 Miniport Open Block Queue: 87c88ea0: Protocol 8a0e6e48 = NDISUIO, ProtocolBindingContext 8a0ecf58, v5.0 87e5c8d0: Protocol 881a9e58 = TCPIP, ProtocolBindingContext 87cc6c38, v4.0 kd> !miniport 886bf680 Miniport 886bf680 : BladeFrame Network Veth0, v0.0 AdapterContext : 88665000 Flags : ac452008 BUS_MASTER, IGNORE_TOKEN_RING_ERRORS, DESERIALIZED RESOURCES_AVAILABLE, SUPPORTS_MEDIA_SENSE, DOES_NOT_DO_LOOPBACK MEDIA_CONNECTED, PM_HALTING, PnPFlags : 01c10000 RECEIVED_START, NDIS_WDM_DRIVER, SHUT_DOWN SHUTTING_DOWN, MiniportState : STATE_UNDEFINED IfIndex : 0 Ndis5MiniportInNdis6Mode : 0 InternalResetCount : 0000 MiniportResetCount : 0000 References : 3 UserModeOpenReferences: 0 PnPDeviceState : PNP_DEVICE_STARTED CurrentDevicePowerState : PowerDeviceD0 Miniport Open Block Queue: 8a176de0: Protocol 8a0e6e48 = NDISUIO, ProtocolBindingContext 87b26a28, v5.0 87cb2610: Protocol 881a9e58 = TCPIP, ProtocolBindingContext 87cb28e8, v4.0 I put flags in the driver and confirmed that both instances of the adapters had completed the MiniportShutdown routine. The PnPFlags values confirm that NDIS set the state of miniports to SHUT_DOWN. Checking for outstanding requests if found: For the miniport Miniport 8a0db130 : BladeFrame Network Management Veth, v0.0 kd> !mopen 87c88ea0 Miniport Open Block 87c88ea0 Protocol 8a0e6e48 = NDISUIO, ProtocolContext 8a0ecf58, v5.0 Miniport 8a0db130 = BladeFrame Network Management Veth, v0.0 MiniportAdapterContext: 88319000 Flags : 00000000 References : 1 kd> !mopen 87e5c8d0 Miniport Open Block 87e5c8d0 Protocol 881a9e58 = TCPIP, ProtocolContext 87cc6c38, v4.0 Miniport 8a0db130 = BladeFrame Network Management Veth, v0.0 MiniportAdapterContext: 88319000 Flags : 00000000 References : 1 For the miniport Miniport 886bf680 : BladeFrame Network Veth0, v0.0 kd> !mopen 8a176de0 Miniport Open Block 8a176de0 Protocol 8a0e6e48 = NDISUIO, ProtocolContext 87b26a28, v5.0 Miniport 886bf680 = BladeFrame Network Veth0, v0.0 MiniportAdapterContext: 88665000 Flags : 00000000 References : 1 kd> !mopen 87cb2610 Miniport Open Block 87cb2610 Protocol 881a9e58 = TCPIP, ProtocolContext 87cb28e8, v4.0 Miniport 886bf680 = BladeFrame Network Veth0, v0.0 MiniportAdapterContext: 88665000 Flags : 00000000 References : 2 The reference count of 2 for the TCPIP protocol makes sense to me, because it has an outstanding packet to the miniport. I confirmed that under normal operation. Whenever MiniportSendPackets is called the TCPIP protocol reference count is 1+NumberOfPackets. That leads me to believe that our driver does not have any outstanding packets for the adapter when it returns from its MiniportShutdown routine. At that point all send packets are returned to NDIS and all receive packets have been returned from NDIS. (I confirmed that by checking the packet count of the allocated and returned receive packets.) Since MiniportSendPackets could be called or in process when a shutdown or adapter halt occurs we need to account for that. In the case of a shutdown we simply completes the packets. MpSendPacket also checks if the adapter can send packets. If a packet could not be sent and was not queued (e.g. the adapter is shutting down or is halted) then the packet is simply returned to NDIS. MiniportSendPackets does the following: VOID MiniportSendPackets (IN NDIS_HANDLE MiniportAdapterContext, IN PPNDIS_PACKET PacketArray, IN UINT NumberOfPackets) { PMY_ADAPTER Adapter = (PMY_ADAPTER)MiniportAdapterContext; UINT i; NDIS_STATUS Status = NDIS_STATUS_SUCCESS; PNDIS_PACKET pPacket; if (pGlobal->Flags & ADAPTER_SHUTDOWN) { if ((Adapter && Adapter->MpHandle) { IncRefCount(Adapter); for (i = 0; i < NumberOfPackets; i++) { pPacket = PacketArray[i]; NdisMSendComplete(Adapter->MpHandle, pPacket, NDIS_STATUS_ADAPTER_REMOVED); } DecRefCount(Adapter); } return; } // send packets IncRefCount(Adapter); for (i = 0; i < NumberOfPackets; i++) { pPacket = PacketArray[i]; Status = MpSendPacket(Adapter, pPacket); if (Status != NDIS_STATUS_PENDING) { NdisMSendComplete(Adapter->MpHandle Packet, NDIS_STATUS_SUCCESS); } } KeSetEvent (&pGlobal->WakePacketCompletionThreadEvent, IO_NO_INCREMENT, FALSE); DecRefCount(Adapter); } The problem is that in the case of a shutdown the MiniportAdapterContext pointer may not be valid anymore. The system crashes on the reference to Adapter->MpHandle. I donâ??t understand why NDIS is calling the Miniportâ??s send routine after it has shutdown the miniport. Should we in that case NOT call NdisMSendComplete, assuming that the system is shutting down anyway? Or do we have a bug in our driver caused by an outstanding packet or handle reference that is not reflected by the counters available through ndiskd? I went through the exercise and cleaned up all the miniport resources on shutdown (in contradiction to the DDK), but I still see the same problem: The MiniportSendPackets routine is called by NDIS after the MiniportShutdown routine has completed for the same adapter. And it does not matter if we have one or multiple adapters in the system. It may just take longer to reproduce the problem with just one adapter. Gernot Seidler Windows Engineering http://www.egenera.com Tag: filtering ipnat.sys Tag: 88103
  - 11
    - Is to get 'program files' path possible in kernel mode? Hi. I have a driver and app. I'll install the app at 'C:\Program Files\My App'. And I'll install files for the driver at 'C:\Program File\My App\system'. But I don't know how I access the path in kernel mode. Could you give any idea to me? Tag: filtering ipnat.sys Tag: 88102
  - 12
    - Cross platform driver package HI All, I am now writing a cross-platform INF file, we have 3 different binaries to cover Win2K, WinXP(x86), and WinXP(64), and put them into each subdirectory, as in MyPackage\W2K\myDriver.sys, MyPackage\WXP\myDriver.sys, MyPackage\WXP64\myDriver.sys. It seems that SourceDisksNames, and SourceDisksFiles can support platform decorator x86, amd64 only, not support NT, NT.5.1 as the one in DDInstall section, I can not specify the difference between Win2K and WinXP(32) drivers. Are their any ways to install different binaries to XP and 2K;which are the same file name but in separated sub-directories? (My intention is not renaming the binaries at the installing time.) Please help me Regards, ST Tag: filtering ipnat.sys Tag: 88082
  - 13
    - WDF and multi-function serial devices I am investigating how to use KMDF for a PCI Express card. The card can have multiple high speed UARTs. All N UARTs will share the same PCI memory BAR. The card will need to be supported under Windows 2000, XP and Vista. We already have a set of WDM drivers that work with an equivalent PCI cards. This set consists of a multifunction driver and UART driver. The multifunction driver (bus FDO) enumerates all of the UARTs and creates a number of UART PDOs. The UART driver uses a private interface (exposed by the multifunction driver) to obtain resources to be handled by each of the UARTs. The resources are not reassigned to UART driver; they are just handled by it. The old PCI resources are: 1) 1st memory BAR - 256 * N consecutive memory addresses (all UARTs in one PCI BAR). Handled by UART driver. 2) 2nd memory BAR - common interrupt status register (statuses for all UARTs). Handled by UART driver (but can easily be handled by the multifunction driver). 3) A single PCI interrupt - shared by all UARTs. Handled by UART driver (but can easily be handled by the multifunction driver). The old UART FDOs would connect to the shared interrupt only once. This way the interrupt latency is reduced: no multiple spin lock acquires/releases, and just a single interrupt status register read in order to dispatch interrupts to the appropriate UART FDOs. The new PCI Express resources are (the card is able to use MSI-X interrupts): 1) The same as above. 2) 2nd memory BAR - common interrupt status register (statuses for all UARTs). Used only if the system (OS or motherboard) doesn't support MSI-X, i.e. normally unused. 3) One MSI-X interrupt per UART. 4) One "old" PCI interrupt - Used only if the system (OS or motherboard) doesnâ??t support MSI-X; in this case shared by all UARTs, i.e. normally unused. In our new driver I would like to use a WDFINTERRUPT object, including EvtInterruptEnable() and EvtInterruptDisable(), for each UART since this would tie nicely with the WDF power management. What worries me is the following excerpt from the WDF documentation: "Your driver should create a framework interrupt object for each interrupt vector or MSI message that the device can support. If the PnP manager does not grant the device all of the interrupt resources that the device can support, the extra interrupt objects will not be used and their callback functions will not be called." My questions regarding this are: 1) It seems to me that with KMDF I actually have to reassign UART resources to the UART driver PDOs if I want to use WDFINTERRUPT objects. Is this correct? 2) If MSI-X interrupts are used, can I un-assign up to N PCI interrupt resources from the bus FDO in the multifunction driver's EvtDeviceFilterRemoveResourceRequirements(), and assign them to the UART PDOs (that reside on the bus newly created by the multifunction driver, and not on the PCI bus) in the multifunction driver's EvtDeviceResourceRequirementsQuery()? 3) In case MSI-X interrupts are not supported on a particular system, I guess I would have to un-assign the only interrupt from the bus FDO and then assign it to each UART PDO. So, un-assign once, assign up to N times. This would generate the correct number of WDFINTERRUPT objects, but then the latency would be unacceptable. I still need only one ISR to be called. Do you have any suggestions? 4) If I handle all the interrupts in the multifunction driver, it seems that I will lose all the power management related benefits of WDFINTERRUPT (on a per UART basis). Is this correct? 5) Is there any other way to handle this? I would really appreciate if you could help me with this as I am a bit stuck here. Thank you very much. Tag: filtering ipnat.sys Tag: 88073
  - 14
    - Not able to able capture video through AmCap!!!! Please help me... Hi all, I have written AvStream Class Minidriver for USB camera. I tested it with Amcap.exe . IT works fine for previewing. - > But when i tried to capture through AmCap it doesnt show any frames captured. I mean i doesnt capture. Please give some pointers on that. Waiting for reply. Darshan Tag: filtering ipnat.sys Tag: 88072
  - 15
    - Not able to able capture video through AmCap!!!! Please Hi all, I have written AvStream Class Minidriver for USB camera. I tested it with Amcap.exe . IT works fine for previewing. - > But when i tried to capture through AmCap it doesnt show any frames captured. I mean i doesnt capture. Please give some pointers on that. Waiting for reply. Darshan Tag: filtering ipnat.sys Tag: 88071
  - 16
    - Virtual device Hi, I am new in this area. I would be happy if anyone has suggestion on good material. Thank you. Tag: filtering ipnat.sys Tag: 88063
  - 17
    - how can I filter some URL by TDI? how can I filter some URL by TDI? I want to filter some URLs Such as "www.ssss.com" by TDI. I currently have an idea that i want to check if the information to filter is in the buffer of TDI_SEND,if it is, then return some values. Maybe there are some other good ideas? Tag: filtering ipnat.sys Tag: 88062
  - 18
    - How to get a KSProperty range from a ks driver. As we now, we can get a KSPropertySet value by using IKSControl::Property. But I want get the correct range for the propertyset, how can I get the Min and Max value from driver? Thanks Tag: filtering ipnat.sys Tag: 88061
  - 19
    - ReadFileEx and pending IRP Hello, I've got a driver which passes some of the packets from kernel mode to user appliation. As long as my application is in DOS everything works just fine. But I need to write it in MFC. While IRP is pending I need to process mfc messages. I used ReadFileEx function but sometimes it does something wrong and that affects kernel mode driver. Could you help me please and suggest how to use ReadFileEx. I do the following in my code: OVERLAPPED OverLap; OverLap.Offset = 0; OverLap.OffsetHigh = 0; ReadFileEx( ... , &OverLap); while (ButtonStopNotPressed) { dwWait = SleepEx(100, TRUE); // alertable mode switch(dwWait) { case 0: { ProcessMessages(); break; } case WAIT_IO_COMPLETION: { ReadFileEx( ... , &OverLap); break; } default: return; } } Tag: filtering ipnat.sys Tag: 88058
  - 20
    - Need 10us periodic timer in kernel mode Hi All! I write a driver. This driver generate impuls on LPT port. Now, I use the KeSetTimerEx. This is a periodic timer and 1ms timing. I need 10us periodic timer, in kernel mode. Best regards Cris Tag: filtering ipnat.sys Tag: 88053
  - 21
    - How do I get verson of OS in kernel mode? HI. I'm writting a driver. I need to know version of Windows OS in kernel mode. How do I get verson of OS in kernel mode? Tag: filtering ipnat.sys Tag: 88044
  - 22
    - How can I change dos name to device name? HI. In kernel mode, when I know just a volume name(like C, D, E... Z), can I get device name of it? Tag: filtering ipnat.sys Tag: 88035
  - 23
    - CreateFile performance I wrote an application dll and firewire 1394 driver. For sending data of any size (4 byte to 2048 bytes), application calls dll routine. In dll routine each time I open a handle to the driver (mostly non-overlap operations but few overlapped operations). Will it be useful if I open the handle to each device only once and keep using it. I can cache these handles and reuse them. Close device handle only if there is plug & play (device add or device removed) or when application is closed. Will it cause any new problems of synchronization with respect to pnp or cancel Irps that are queud at driver to receive incoming data. Will I see any overall improvement in performance when I am handling requests every 200 milliseconds. When I am receiving data, I receive more than one packet from driver to user mode. But I cannot send more than one packet because library function doesnot know how many applications are sending or how application will send or if there is next packet. I think CreateFile and CloseHandle() for every request is a performance hit because of user mode to kernel mode switches. Please advice if I should make the effort. hDevice = CreateFile( szDeviceName, GENERIC_WRITE | GENERIC_READ, FILE_SHARE_WRITE | FILE_SHARE_READ, NULL, OPEN_EXISTING, 0, NULL ); Tag: filtering ipnat.sys Tag: 88030
  - 24
    - signing problem on vista Hello I have the following problem on a Vista X64 built 5744 with test sign on (using bcdedit). I have a non PnP driver with and inf file. I have a .cdf [CatalogHeader] Name=aksdf.cat PublicVersion=0x0000001 EncodingType=0x00010001 CATATTR1=0x10010001:OSAttr:2:6.0 [CatalogFiles] <hash>File1=aksdf.sys <hash>File2=aksdf.inf I'm running makecat and obtaining a .cat file. Then I'm signing the .cat with signtool using a test certificate which is installed in the Trusted Root Store and in the Trusted Publishers Store. If I'm installing the driver by right clicking on the inf file and choose Install the system reports that the driver is not signed and I can't load the driver. If I'm embedded the signature in the driver (aksdf.sys) the using same procedure of installation everything works fine. In the .inf I have the name of the catalogue added as following: [Version] Signature = "$Windows NT$" Class = "Encryption" ;This is determined by the work this filter driver does ClassGuid = {a0a701c0-a511-42ff-aa6c-06dc0395576f} ;This value is determined by the Class Provider = %Aks% DriverVer = 10/17/2006,1.10.865.1 CatalogFile = aksdf.cat could you please tell where the probnlem is ? thanks horatiu Tag: filtering ipnat.sys Tag: 88028
  - 25
    - cancel an IRP hello, i`m writing an file system filter driver that intercept all open/creat operation and i want to prevet some file from being openning, so how can i deal with the IRP to cancel it. i used the (return STATUS_CANCELLED) and it success but i get a windows error "the file is not a valid win32 application" when i tried to open the file that i want to prevent it, so is there another manner to do the cancellation with out getting windows error. Tag: filtering ipnat.sys Tag: 88025

Has anyone tried to filter ipnat.sys? I have a machine that is using
internet connection sharing and I have an NDIS IM driver monitoring the
public interface. My IM driver sees NAT'd addresses and I need to associate
these addresses to the original addresses.

I've seen some stuff on the net about a user mode API which you can use to
query the NAT table that ipnat.sys maintains, but I want to do this in kernel
mode - perhaps by filtering the interface between tcpip.sys and ipnat.sys.
Perhaps I can use a TDI driver to do this, or perhaps I can get my IM driver
to send IOCTRL's directly to ipnat.sys to query the NAT table.

Any suggestions?

Top