NDIS 6.0 Filter Driver

The Ndislwf sample is currently a do-nothing pass-through NDIS 6 filter driver that demonstrates the basic principles underlying an NDIS 6.0 Filter driver. The sample is a replacement of NDIS 5 Sample Intermediate Driver (Passthru driver).

C++ (61.6 KB)
 
 
 
 
 
(2)
3,407 times
Add To Favorites
10/26/2012
E-mail Twitter del.icio.us Digg Facebook
Report Abuse to Microsoft
Sign in to Ask a Question

  • Answer the Question | Hide
    Cannot forward packets through local copy of NBL
    1 Posts | Last Post February 23, 2013
    • Written February 23, 2013 
      Hi, I am very new at windows driver development and I am stuck with a problem that I beleive is a very simple one for most of you. 

I am trying to make a local copy of the NBL when I get a FilterSendNetBufferLists and then forward packets through that local copy. 

What do you suggest me to do as a newbie? Could you please post some sample code that could help me?
  • Answer the Question | Hide
    Why does it say that the driver is incompatible with my system?
    3 Posts | Last Post February 11, 2013
    • Written February 07, 2013 
      Heya!

Thanks for the sample!

I've downloaded and compiled it and enabled test mode. I then install and reboot my computer but get this error in the windows system log:
"\SystemRoot\system32\DRIVERS\ndislwf.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver."

I've tried compiling both Windows 7 Debug/Release and the machine I'm running it on is Windows 7 Enterprise. I've looked around but can't find a solution to the problem. 

Also, in setupapi.app.log I get:
>>>  [Build Driver List - ROOT\MS_NDISLWF\0000]
>>>  Section start 2013/02/07 16:15:33.896
      cmd: C:\windows\Explorer.EXE
     cpy: Policy is set to make all digital signatures equal.
!    sig: Verifying file against specific (valid) catalog failed! (0x00000057)
!    sig: Error 87: The parameter is incorrect.
!    sig: Verifying file against specific Authenticode(tm) catalog failed! (0x80092003)
!    sig: Error 0x80092003: An error occurred while reading or writing to a file.
<<<  Section end 2013/02/07 16:15:33.900
<<<  [Exit status: SUCCESS]

When I run chkinf.bat I get 2 warnings:
Line 53: (W22.1.2202) Unrecognized directive: NETCFGINSTANCEID
Line 153: (W22.1.2027) StartType of 1 should only be specified by drivers that may detect legacy hardware. 

W22.1.2202 feels a bit alarming but I can't find anyone that have had the same issue or how to solve it. Any idea on what could be wrong or how I should proceed with troubleshooting it?
    • Written February 08, 2013 
      Are you compiling for the same architecture as your OS? E.g., 32-bit or 64-bit?

Do you see any errors in setupapi.dev.log? Check at the bottom for the most recent installation of the ndislwf.sys driver.
    • Written February 11, 2013 
      Yea, I'm compiling 64bit for my 64bit OS.

Thanks for pointing me to that log, it helped me a little bit but I still have the same problem. When I compile the project, two certifications are generated, I install both of them in my trusted root certs but when I try to install my driver I still get the popup about it not being trusted and in the dev log I see:

!    sig:                     Verifying file against specific (valid) catalog failed! (0x800b0109)
!    sig:                     Error 0x800b0109: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
  • Answer the Question | Hide
    Can I use the sample code with windows 7
    4 Posts | Last Post November 29, 2012
    • Written November 28, 2012 
      Can I use the above NDIS 6.0 filter sample with Windows 7 as such or should I port it to NDIS 6.20 filter driver ( by following the steps given at http://msdn.microsoft.com/en-us/library/windows/hardware/ff570897(v=vs.85).aspx) ?
    • Written November 28, 2012 
      This sample code already supports NDIS 6.0, NDIS 6.20, and NDIS 6.30.  The VS project will automatically compile with -DNDIS60, -DNDIS620, or -DNDIS630 depending on whether you are targeting Windows Vista, Windows 7, or Windows 8 in Visual Studio.  This will automatically change the version of the driver (see the various #ifdef-NDIS_SUPPORT_NDIS## directives scattered in filter.c).

If you are explicitly targeting Windows 7, then you should make sure that the filter is being compiled for Windows 7 with -DNDIS620, and verify that your filter registers with the OS as an NDIS 6.20 driver.  You can optionally rip out the bits of 6.0 code, since that's dead code on Windows 7.
    • Written November 29, 2012 
      Thank you for your prompt reply. 
I'm very new to driver development. I want to deploy, debug and understand the NDIS Filter driver sample. I'm working with Windows 7 (NDIS 6.20), WDK 8 integrated with Visual Studio 2012.

I read the instruction at 
http://code.msdn.microsoft.com/windowshardware/NDISLWFSYS-Sample-NDIS-60-42b76875#content 
to build and install. Following the instructions I built the sample, prepared an installation directory and installed the driver.

1. Could you please tell me the next steps to see the working of the sample driver?

2. I'm trying to install and debug on same computer. The video at 
http://msdn.microsoft.com/en-us/library/windows/hardware/hh855052.aspx
shows that the debugger should run on host computer and driver should be installed on target computer. How do I see the kernel debugger in VS 2012?

3. Right now, I don't want to modify the sample driver, I just want to learn how filter driver works, should I do anything about 'attaching' and 'detaching' the driver? 

Thank you in advance.
    • Written November 29, 2012 
      Since that is a more involved topic that is not specific to this sample, let's use your forum thread here to continue the discussion: http://social.msdn.microsoft.com/Forums/en-US/wdk/thread/e5bf01c3-f9bc-439a-8130-c6554610ed9d
  • Answer the Question | Hide
    Get send / receive data from NDIS
    2 Posts | Last Post July 25, 2012
    • Written July 24, 2012 
      How can I get send / receive data from NDIS driver and write them down to a txt file?
Can someone show a sample of a code that do it?
    • Written July 25, 2012 
      The easiest way is to use an existing tool, like Microsoft Network Monitor http://www.microsoft.com/en-us/download/details.aspx?displaylang=en&id=4865 .

If you'd like to recreate that tool yourself, you can start with this sample driver.  This filter driver gets all send/receive data already; you only need to add in code to write packets to disk.

You will probably want to open a file handle in FilterAttach.  Create a queue to write data to disk.

Then FilterReceiveNetBufferLists is called for each packet that is received.  Because the packets are received at DISPATCH_LEVEL, you cannot write them to disk immediately.  Instead, you should copy the packet data to your queue, and have a background worker thread flush the queue out to disk.

Note that even a 1Gbps network card can EASILY receive data faster than a typical hard disk can write.  Therefore, you should think about how you want to handle the situation where you are getting data faster than the worker thread can write it to disk.
  • Answer the Question | Hide
    error msb4086
    2 Posts | Last Post March 12, 2012
    • Written February 20, 2012 
      E:\BIH\NDISLWF.SYS - Sample NDIS 6.0 Filter Driver\C++\ndislwf.VcxProj(162,32):
 error MSB4086: 尝试在条件“$(_NT_TARGET_VERSION)<$(_NT_TARGET_VERSION_WIN7)”中
对计算结果为“
”而不是数字的“$(_NT_TARGET_VERSION)”进行数值比较。

I cann't open it in vs2010.My os is win7 x64.
    • Written March 12, 2012 
      This sample is not for VS2010. It is for VS "next" and WDK8 beta. Please ask <a href="http://social.msdn.microsoft.com/Forums/en-US/wdk/threads">here</a> if you need more help.
-- pa