Driver Problems? Questions? Issues?
Put OSR's experience to work for you! Contact us for assistance with:
  • Creating the right design for your requirements
  • Reviewing your existing driver code
  • Analyzing driver reliability/performance issues
  • Custom training mixed with consulting and focused directly on your specific areas of interest/concern.
Check us out. OSR, the Windows driver experts.

OSR Seminars


Go Back   OSR Online Lists > ntdev
Welcome, Guest
You must login to post to this list
  Message 1 of 6  
12 Mar 18 08:51
Mayur K
xxxxxx@gmail.com
Join Date: 04 Mar 2018
Posts To This List: 3
Topics to study before writing a WFP driver to monitor all network events?

Hi All, I have to write a WFP driver to monitor all network events. I did some driver work with WDM like a decade ago. A quick check of the DDK resources has left me with dumbfound that have occurred in the interim. Coming back to the topic. I assume I need to study the WDF way of doing things. So I assume to read the following resources: 1. Windows Internals, 7th edition 2. Developing Drivers with the Windows Driver Foundation. 3. WFP MSDN resources. Can the experts here, please advise me on the resources to be consulted for the task in question? Thanks in advance. --eminemence
  Message 2 of 6  
12 Mar 18 09:37
Don Burn
xxxxxx@windrvr.com
Join Date: 23 Feb 2011
Posts To This List: 1406
Topics to study before writing a WFP driver to monitor all network events?

First you might want to take a look at the Inspect sample in the WDK samples. It monitors network events. The second thing is to seriously think about what you mean by network events, as you will see by Inspect there are a lot of layers and I suspect you don't need all of them. Don Burn Windows Driver Consulting Website: http://www.windrvr.com -----Original Message----- From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com Sent: Monday, March 12, 2018 8:51 AM To: Windows System Software Devs Interest List <xxxxx@lists.osr.com> Subject: [ntdev] Topics to study before writing a WFP driver to monitor all network events? Hi All, I have to write a WFP driver to monitor all network events. I did some driver work with WDM like a decade ago. A quick check of the DDK resources has left me with dumbfound that have occurred in the interim. Coming back to the topic. I assume I need to study the WDF way of doing things. So I assume to read the following resources: 1. Windows Internals, 7th edition 2. Developing Drivers with the Windows Driver Foundation. 3. WFP MSDN resources. Can the experts here, please advise me on the resources to be consulted for the task in question? Thanks in advance. --eminemence --- NTDEV is sponsored by OSR Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <http://www.osr.com/seminars> To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer>
  Message 3 of 6  
12 Mar 18 10:39
Bill Wandel
xxxxxx@bwandel.com
Join Date: 14 Sep 2010
Posts To This List: 134
Topics to study before writing a WFP driver to monitor all network events?

The inspect sample monitors the ALE and transport layers. The main thing about the sample is how to use the pend functions. I had to abandon using pend due to issues with it. Bill Wandel -----Original Message----- From: xxxxx@lists.osr.com <xxxxx@lists.osr.com> On Behalf Of xxxxx@windrvr.com Sent: Monday, March 12, 2018 9:37 AM To: Windows System Software Devs Interest List <xxxxx@lists.osr.com> Subject: RE: [ntdev] Topics to study before writing a WFP driver to monitor all network events? First you might want to take a look at the Inspect sample in the WDK samples. It monitors network events. The second thing is to seriously think about what you mean by network events, as you will see by Inspect there are a lot of layers and I suspect you don't need all of them. Don Burn Windows Driver Consulting Website: http://www.windrvr.com -----Original Message----- From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@gmail.com Sent: Monday, March 12, 2018 8:51 AM To: Windows System Software Devs Interest List <xxxxx@lists.osr.com> Subject: [ntdev] Topics to study before writing a WFP driver to monitor all network events? Hi All, I have to write a WFP driver to monitor all network events. I did some driver work with WDM like a decade ago. A quick check of the DDK resources has left me with dumbfound that have occurred in the interim. Coming back to the topic. I assume I need to study the WDF way of doing things. So I assume to read the following resources: 1. Windows Internals, 7th edition 2. Developing Drivers with the Windows Driver Foundation. 3. WFP MSDN resources. Can the experts here, please advise me on the resources to be consulted for the task in question? Thanks in advance. --eminemence --- NTDEV is sponsored by OSR Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <http://www.osr.com/seminars> To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer> --- NTDEV is sponsored by OSR Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <http://www.osr.com/seminars> To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer>
  Message 4 of 6  
12 Mar 18 13:07
Mayur K
xxxxxx@gmail.com
Join Date: 04 Mar 2018
Posts To This List: 3
Topics to study before writing a WFP driver to monitor all network events?

Thanks Don & Bill. I may be mixing a bit of terms here, but the main idea is to log all network activity. So will the pend issues still raise their ugly head for just logging? --Mayur K.
  Message 5 of 6  
12 Mar 18 13:32
Bill Wandel
xxxxxx@bwandel.com
Join Date: 14 Sep 2010
Posts To This List: 134
Topics to study before writing a WFP driver to monitor all network events?

If you are only logging you I don't think that you will need to pend. The reason to pend is that you need to do something at PASSIVE irql before the connect/accept completes. Bill Wandel -----Original Message----- From: xxxxx@lists.osr.com <xxxxx@lists.osr.com> On Behalf Of xxxxx@gmail.com Sent: Monday, March 12, 2018 1:07 PM To: Windows System Software Devs Interest List <xxxxx@lists.osr.com> Subject: RE:[ntdev] Topics to study before writing a WFP driver to monitor all network events? Thanks Don & Bill. I may be mixing a bit of terms here, but the main idea is to log all network activity. So will the pend issues still raise their ugly head for just logging? --Mayur K. --- NTDEV is sponsored by OSR Visit the list online at: <http://www.osronline.com/showlists.cfm?list=ntdev> MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers! Details at <http://www.osr.com/seminars> To unsubscribe, visit the List Server section of OSR Online at <http://www.osronline.com/page.cfm?name=ListServer>
  Message 6 of 6  
12 Mar 18 13:35
Tim Roberts
xxxxxx@probo.com
Join Date: 28 Jan 2005
Posts To This List: 11921
Topics to study before writing a WFP driver to monitor all network events?

xxxxx@gmail.com wrote: > I may be mixing a bit of terms here, but the main idea is to log all network activity. > So will the pend issues still raise their ugly head for just logging? Wireshark can already do this today, no kernel programming required. Do you plan to log the data as well?  Where are you going to put it?  Network data comes at you pretty fast. -- Tim Roberts, xxxxx@probo.com Providenza & Boekelheide, Inc.
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntdev list to be able to post.

All times are GMT -5. The time now is 09:02.


Copyright ©2015, OSR Open Systems Resources, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license