Hello All
I am writing a filter driver for network adapters. In this filter driver I
would like to recognize when the adapter is a wireless network adapter, so I
tried to send OID queries to the adapter’s device using IOCTLs
(IOCTL_NDIS_QUERY_GLOBAL_STATS and IOCTL_NDIS_QUERY_SELECTED_STATS). The
problem is that no matter which IOCTL I send, the network adapter driver
returns STATUS_UNSUCCESSFUL. I tried to step into the adapter handler
function code and found the following:
- All the dispatch functions for the adapter’s driver are actually NDIS
functions. For IOCTLs it is NDIS!ndisDeviceControlIrpHandler.
- NDIS!ndisDeviceControlIrpHandler checks the value at
Irp->Tail.Overlay.CurrentStackLocation->FileObject. If the value is NULL, it
just returns STATUS_UNSUCCESSFUL. All my requests are created by
IoBuildDeviceIoControlRequest and have NULL at that value. I can also see
that the requests that are sent from user mode have FileObjects that are not
NULL.
Is there any way to query the network adapter from a filter driver?
Thanks,
Gregory
“Gregory Dardyk” wrote in message news:xxxxx@ntdev…
> Hello All
> I am writing a filter driver for network adapters. In this filter driver I
> would like to recognize when the adapter is a wireless network adapter, so
> I
> tried to send OID queries to the adapter’s device using IOCTLs
> (IOCTL_NDIS_QUERY_GLOBAL_STATS and IOCTL_NDIS_QUERY_SELECTED_STATS). The
> problem is that no matter which IOCTL I send, the network adapter driver
> returns STATUS_UNSUCCESSFUL. I tried to step into the adapter handler
> function code and found the following:
> 1. All the dispatch functions for the adapter’s driver are actually NDIS
> functions. For IOCTLs it is NDIS!ndisDeviceControlIrpHandler.
> 2. NDIS!ndisDeviceControlIrpHandler checks the value at
> Irp->Tail.Overlay.CurrentStackLocation->FileObject. If the value is NULL,
> it
> just returns STATUS_UNSUCCESSFUL. All my requests are created by
> IoBuildDeviceIoControlRequest and have NULL at that value. I can also see
> that the requests that are sent from user mode have FileObjects that are
> not
> NULL.
>
I am pretty sure that IOCTL_NDIS_QUERY_GLOBAL_STATS will only work for
user-mode applications. If you have a companion user-mode process that can
make the wireless query, then that would be best. Alternative user-mode NDIS
information can be fetched using WMI. See http://www.ndis.com for some ideas
for the user-mode query.
In kernel you may need to register as a simple NDIS protocol driver and then
use the NdisRequest mechanism to query the adapter.
Good luck,
Thomas F. Divine, Windows DDK MVP
http://www.rawether.net
> Is there any way to query the network adapter from a filter driver?
>
> Thanks,
> Gregory
>
>
Thomas,
Thanks for the reply. I had a similar idea - to register the same driver as
both a WDM filter and NDIS Intermediate driver. The question is how can I
match the Miniport handle that I have in the IM driver and the DeviceObject
pointer I have in the WDM filter. Do you have an idea how this can be done?
Thanks,
Gregory
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Thomas F. Divine
Sent: Thursday, May 26, 2005 4:58 PM
To: Windows System Software Devs Interest List
Subject: Re:[ntdev] Sending IOCTLs to network adapter from a WDM filter
driver
“Gregory Dardyk” wrote in message news:xxxxx@ntdev…
> Hello All
> I am writing a filter driver for network adapters. In this filter
> driver I would like to recognize when the adapter is a wireless
> network adapter, so I tried to send OID queries to the adapter’s
> device using IOCTLs (IOCTL_NDIS_QUERY_GLOBAL_STATS and
> IOCTL_NDIS_QUERY_SELECTED_STATS). The problem is that no matter which
> IOCTL I send, the network adapter driver returns STATUS_UNSUCCESSFUL.
> I tried to step into the adapter handler function code and found the
> following:
> 1. All the dispatch functions for the adapter’s driver are actually
> NDIS functions. For IOCTLs it is NDIS!ndisDeviceControlIrpHandler.
> 2. NDIS!ndisDeviceControlIrpHandler checks the value at
> Irp->Tail.Overlay.CurrentStackLocation->FileObject. If the value is
> Irp->NULL,
> it
> just returns STATUS_UNSUCCESSFUL. All my requests are created by
> IoBuildDeviceIoControlRequest and have NULL at that value. I can also
> see that the requests that are sent from user mode have FileObjects
> that are not NULL.
>
I am pretty sure that IOCTL_NDIS_QUERY_GLOBAL_STATS will only work for
user-mode applications. If you have a companion user-mode process that can
make the wireless query, then that would be best. Alternative user-mode NDIS
information can be fetched using WMI. See http://www.ndis.com for some ideas
for the user-mode query.
In kernel you may need to register as a simple NDIS protocol driver and then
use the NdisRequest mechanism to query the adapter.
Good luck,
Thomas F. Divine, Windows DDK MVP
http://www.rawether.net
> Is there any way to query the network adapter from a filter driver?
>
> Thanks,
> Gregory
>
>
—
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@safend.com To unsubscribe
send a blank email to xxxxx@lists.osr.com
“Gregory Dardyk” wrote in message news:xxxxx@ntdev…
> Thomas,
> Thanks for the reply. I had a similar idea - to register the same driver
> as
> both a WDM filter and NDIS Intermediate driver. The question is how can I
> match the Miniport handle that I have in the IM driver and the
> DeviceObject
> pointer I have in the WDM filter. Do you have an idea how this can be
> done?
>
> Thanks,
> Gregory
>
Actually, I am a little curious about how your “WDM Filter Driver for
network adapters” works. I am familiar with NDIS Intermediate (IM) drivers
for network adapters - but it sounds like you are doing something else.
If I knew a little more about how your “WDM Filter Driver for network
adapters” works then perhaps I could give some advice.
Thomas F. Divine
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Thomas F. Divine
> Sent: Thursday, May 26, 2005 4:58 PM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] Sending IOCTLs to network adapter from a WDM filter
> driver
>
>
> “Gregory Dardyk” wrote in message news:xxxxx@ntdev…
>> Hello All
>> I am writing a filter driver for network adapters. In this filter
>> driver I would like to recognize when the adapter is a wireless
>> network adapter, so I tried to send OID queries to the adapter’s
>> device using IOCTLs (IOCTL_NDIS_QUERY_GLOBAL_STATS and
>> IOCTL_NDIS_QUERY_SELECTED_STATS). The problem is that no matter which
>> IOCTL I send, the network adapter driver returns STATUS_UNSUCCESSFUL.
>> I tried to step into the adapter handler function code and found the
>> following:
>> 1. All the dispatch functions for the adapter’s driver are actually
>> NDIS functions. For IOCTLs it is NDIS!ndisDeviceControlIrpHandler.
>> 2. NDIS!ndisDeviceControlIrpHandler checks the value at
>> Irp->Tail.Overlay.CurrentStackLocation->FileObject. If the value is
>> Irp->NULL,
>> it
>> just returns STATUS_UNSUCCESSFUL. All my requests are created by
>> IoBuildDeviceIoControlRequest and have NULL at that value. I can also
>> see that the requests that are sent from user mode have FileObjects
>> that are not NULL.
>>
>
> I am pretty sure that IOCTL_NDIS_QUERY_GLOBAL_STATS will only work for
> user-mode applications. If you have a companion user-mode process that can
> make the wireless query, then that would be best. Alternative user-mode
> NDIS
> information can be fetched using WMI. See http://www.ndis.com for some
> ideas
> for the user-mode query.
>
> In kernel you may need to register as a simple NDIS protocol driver and
> then
> use the NdisRequest mechanism to query the adapter.
>
> Good luck,
>
> Thomas F. Divine, Windows DDK MVP
> http://www.rawether.net
>
>
>> Is there any way to query the network adapter from a filter driver?
>>
>> Thanks,
>> Gregory
>>
>>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@safend.com To
> unsubscribe
> send a blank email to xxxxx@lists.osr.com
>
>
Gregory,
What are you trying to filter? A WDM (or NT I/O) filter driver will only
see the I/O (IRPs) dispatched to the NDIS managed Device Object created by
the NDIS wrapper on behalf of the network adapter. No network traffic will
be seen as IRPs by your filter.
If you are only interested in watching PnP and Power Management IRPs and
truly want to ‘filter’ WDM behavior, then you are in the right place. If
you want to ‘filter’ network packets, status indications, and generally the
network side of things, you should probably consider if an NDIS Intermediate
(IM) Filter driver is more appropriate.
From within an IM driver (or any NDIS Protocol) you can determine if a NIC
is a 802.11 Wireless LAN by querying for OID_GEN_PHYSICAL_MEDIUM using
NdisRequest(). If the NIC answers NdisMediumWirelessLAN then you have found
a 802.11 NIC.
Good Luck,
Dave Cattley
Consulting Engineer
Systems Software Development
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gregory Dardyk
Sent: Thursday, May 26, 2005 11:33 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Sending IOCTLs to network adapter from a WDM filter driver
Hello All
I am writing a filter driver for network adapters. In this filter driver I
would like to recognize when the adapter is a wireless network adapter, so I
tried to send OID queries to the adapter’s device using IOCTLs
(IOCTL_NDIS_QUERY_GLOBAL_STATS and IOCTL_NDIS_QUERY_SELECTED_STATS). The
problem is that no matter which IOCTL I send, the network adapter driver
returns STATUS_UNSUCCESSFUL. I tried to step into the adapter handler
function code and found the following:
- All the dispatch functions for the adapter’s driver are actually NDIS
functions. For IOCTLs it is NDIS!ndisDeviceControlIrpHandler.
- NDIS!ndisDeviceControlIrpHandler checks the value at
Irp->Tail.Overlay.CurrentStackLocation->FileObject. If the value is NULL, it
just returns STATUS_UNSUCCESSFUL. All my requests are created by
IoBuildDeviceIoControlRequest and have NULL at that value. I can also see
that the requests that are sent from user mode have FileObjects that are not
NULL.
Is there any way to query the network adapter from a filter driver?
Thanks,
Gregory
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@msn.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Wrong approach. Write NDIS IM instead. This is the filter for networking.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Gregory Dardyk”
To: “Windows System Software Devs Interest List”
Sent: Thursday, May 26, 2005 7:32 PM
Subject: [ntdev] Sending IOCTLs to network adapter from a WDM filter driver
> Hello All
> I am writing a filter driver for network adapters. In this filter driver I
> would like to recognize when the adapter is a wireless network adapter, so I
> tried to send OID queries to the adapter’s device using IOCTLs
> (IOCTL_NDIS_QUERY_GLOBAL_STATS and IOCTL_NDIS_QUERY_SELECTED_STATS). The
> problem is that no matter which IOCTL I send, the network adapter driver
> returns STATUS_UNSUCCESSFUL. I tried to step into the adapter handler
> function code and found the following:
> 1. All the dispatch functions for the adapter’s driver are actually NDIS
> functions. For IOCTLs it is NDIS!ndisDeviceControlIrpHandler.
> 2. NDIS!ndisDeviceControlIrpHandler checks the value at
> Irp->Tail.Overlay.CurrentStackLocation->FileObject. If the value is NULL, it
> just returns STATUS_UNSUCCESSFUL. All my requests are created by
> IoBuildDeviceIoControlRequest and have NULL at that value. I can also see
> that the requests that are sent from user mode have FileObjects that are not
> NULL.
>
> Is there any way to query the network adapter from a filter driver?
>
> Thanks,
> Gregory
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
Why do you need WDM filter for network devnodes? What do you want to
achieve by such?
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Gregory Dardyk”
To: “Windows System Software Devs Interest List”
Sent: Thursday, May 26, 2005 8:16 PM
Subject: RE: [ntdev] Sending IOCTLs to network adapter from a WDM filter driver
> Thomas,
> Thanks for the reply. I had a similar idea - to register the same driver as
> both a WDM filter and NDIS Intermediate driver. The question is how can I
> match the Miniport handle that I have in the IM driver and the DeviceObject
> pointer I have in the WDM filter. Do you have an idea how this can be done?
>
> Thanks,
> Gregory
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Thomas F. Divine
> Sent: Thursday, May 26, 2005 4:58 PM
> To: Windows System Software Devs Interest List
> Subject: Re:[ntdev] Sending IOCTLs to network adapter from a WDM filter
> driver
>
>
> “Gregory Dardyk” wrote in message news:xxxxx@ntdev…
> > Hello All
> > I am writing a filter driver for network adapters. In this filter
> > driver I would like to recognize when the adapter is a wireless
> > network adapter, so I tried to send OID queries to the adapter’s
> > device using IOCTLs (IOCTL_NDIS_QUERY_GLOBAL_STATS and
> > IOCTL_NDIS_QUERY_SELECTED_STATS). The problem is that no matter which
> > IOCTL I send, the network adapter driver returns STATUS_UNSUCCESSFUL.
> > I tried to step into the adapter handler function code and found the
> > following:
> > 1. All the dispatch functions for the adapter’s driver are actually
> > NDIS functions. For IOCTLs it is NDIS!ndisDeviceControlIrpHandler.
> > 2. NDIS!ndisDeviceControlIrpHandler checks the value at
> > Irp->Tail.Overlay.CurrentStackLocation->FileObject. If the value is
> > Irp->NULL,
> > it
> > just returns STATUS_UNSUCCESSFUL. All my requests are created by
> > IoBuildDeviceIoControlRequest and have NULL at that value. I can also
> > see that the requests that are sent from user mode have FileObjects
> > that are not NULL.
> >
>
> I am pretty sure that IOCTL_NDIS_QUERY_GLOBAL_STATS will only work for
> user-mode applications. If you have a companion user-mode process that can
> make the wireless query, then that would be best. Alternative user-mode NDIS
> information can be fetched using WMI. See http://www.ndis.com for some ideas
> for the user-mode query.
>
> In kernel you may need to register as a simple NDIS protocol driver and then
> use the NdisRequest mechanism to query the adapter.
>
> Good luck,
>
> Thomas F. Divine, Windows DDK MVP
> http://www.rawether.net
>
>
> > Is there any way to query the network adapter from a filter driver?
> >
> > Thanks,
> > Gregory
> >
> >
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@safend.com To unsubscribe
> send a blank email to xxxxx@lists.osr.com
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
Hi,
As far as I understand a NDIS IM driver cannot filter IOCTL’s that are sent
to the miniport. I’m not sure, but I beleive it will not even receive OID’s
sent via WMI. Since we need to filter all the controls sent to the miniport,
my understanding is that we’ll need to filter the device using both NDIS IM
and WDM filters.
The problem is that the WDM filter must know whether the device is wireless
or not, but this can be discovered (again, as far as I understand) only by a
user mode application or by the NDIS IM. Using a user mode application is
unacceptable since we need to know this information when the device is
started (which might be during boot time, when there is no user mode
application to ask).
This means we need to find some kind of common language between the NDIS IM
driver and the WDM filter driver so one can tell the other if the device it
is filtering is wireless or not. Another solution can be, ofcourse, to find
a way to discover this information using the WDM filter alone. Our only idea
for implementing this was to send an IOCTL_NDIS_QUERY_GLOBAL_STATS to the
miniport, but as Thomas mentioned, this will probably not be possible in
kernel mode.
Thanks,
Shahar
“Maxim S. Shatskih” wrote in message
news:xxxxx@ntdev…
> Why do you need WDM filter for network devnodes? What do you want to
> achieve by such?
>
> Maxim Shatskih, Windows DDK MVP
> StorageCraft Corporation
> xxxxx@storagecraft.com
> http://www.storagecraft.com
>
> ----- Original Message -----
> From: “Gregory Dardyk”
> To: “Windows System Software Devs Interest List”
> Sent: Thursday, May 26, 2005 8:16 PM
> Subject: RE: [ntdev] Sending IOCTLs to network adapter from a WDM filter
> driver
>
>
>> Thomas,
>> Thanks for the reply. I had a similar idea - to register the same driver
>> as
>> both a WDM filter and NDIS Intermediate driver. The question is how can I
>> match the Miniport handle that I have in the IM driver and the
>> DeviceObject
>> pointer I have in the WDM filter. Do you have an idea how this can be
>> done?
>>
>> Thanks,
>> Gregory
>>
>> -----Original Message-----
>> From: xxxxx@lists.osr.com
>> [mailto:xxxxx@lists.osr.com] On Behalf Of Thomas F. Divine
>> Sent: Thursday, May 26, 2005 4:58 PM
>> To: Windows System Software Devs Interest List
>> Subject: Re:[ntdev] Sending IOCTLs to network adapter from a WDM filter
>> driver
>>
>>
>> “Gregory Dardyk” wrote in message
>> news:xxxxx@ntdev…
>> > Hello All
>> > I am writing a filter driver for network adapters. In this filter
>> > driver I would like to recognize when the adapter is a wireless
>> > network adapter, so I tried to send OID queries to the adapter’s
>> > device using IOCTLs (IOCTL_NDIS_QUERY_GLOBAL_STATS and
>> > IOCTL_NDIS_QUERY_SELECTED_STATS). The problem is that no matter which
>> > IOCTL I send, the network adapter driver returns STATUS_UNSUCCESSFUL.
>> > I tried to step into the adapter handler function code and found the
>> > following:
>> > 1. All the dispatch functions for the adapter’s driver are actually
>> > NDIS functions. For IOCTLs it is NDIS!ndisDeviceControlIrpHandler.
>> > 2. NDIS!ndisDeviceControlIrpHandler checks the value at
>> > Irp->Tail.Overlay.CurrentStackLocation->FileObject. If the value is
>> > Irp->NULL,
>> > it
>> > just returns STATUS_UNSUCCESSFUL. All my requests are created by
>> > IoBuildDeviceIoControlRequest and have NULL at that value. I can also
>> > see that the requests that are sent from user mode have FileObjects
>> > that are not NULL.
>> >
>>
>> I am pretty sure that IOCTL_NDIS_QUERY_GLOBAL_STATS will only work for
>> user-mode applications. If you have a companion user-mode process that
>> can
>> make the wireless query, then that would be best. Alternative user-mode
>> NDIS
>> information can be fetched using WMI. See http://www.ndis.com for some
>> ideas
>> for the user-mode query.
>>
>> In kernel you may need to register as a simple NDIS protocol driver and
>> then
>> use the NdisRequest mechanism to query the adapter.
>>
>> Good luck,
>>
>> Thomas F. Divine, Windows DDK MVP
>> http://www.rawether.net
>>
>>
>> > Is there any way to query the network adapter from a filter driver?
>> >
>> > Thanks,
>> > Gregory
>> >
>> >
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: xxxxx@safend.com To
>> unsubscribe
>> send a blank email to xxxxx@lists.osr.com
>>
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>>
>> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
>
IOCTLs are not set to the miniport, but to the NDIS’s control device
object.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Shahar Talmi”
Newsgroups: ntdev
To: “Windows System Software Devs Interest List”
Sent: Friday, May 27, 2005 5:15 PM
Subject: Re:[ntdev] Sending IOCTLs to network adapter from a WDM filter driver
> Hi,
> As far as I understand a NDIS IM driver cannot filter IOCTL’s that are sent
> to the miniport. I’m not sure, but I beleive it will not even receive OID’s
> sent via WMI. Since we need to filter all the controls sent to the miniport,
> my understanding is that we’ll need to filter the device using both NDIS IM
> and WDM filters.
>
> The problem is that the WDM filter must know whether the device is wireless
> or not, but this can be discovered (again, as far as I understand) only by a
> user mode application or by the NDIS IM. Using a user mode application is
> unacceptable since we need to know this information when the device is
> started (which might be during boot time, when there is no user mode
> application to ask).
>
> This means we need to find some kind of common language between the NDIS IM
> driver and the WDM filter driver so one can tell the other if the device it
> is filtering is wireless or not. Another solution can be, ofcourse, to find
> a way to discover this information using the WDM filter alone. Our only idea
> for implementing this was to send an IOCTL_NDIS_QUERY_GLOBAL_STATS to the
> miniport, but as Thomas mentioned, this will probably not be possible in
> kernel mode.
>
> Thanks,
> Shahar
>
> “Maxim S. Shatskih” wrote in message
> news:xxxxx@ntdev…
> > Why do you need WDM filter for network devnodes? What do you want to
> > achieve by such?
> >
> > Maxim Shatskih, Windows DDK MVP
> > StorageCraft Corporation
> > xxxxx@storagecraft.com
> > http://www.storagecraft.com
> >
> > ----- Original Message -----
> > From: “Gregory Dardyk”
> > To: “Windows System Software Devs Interest List”
> > Sent: Thursday, May 26, 2005 8:16 PM
> > Subject: RE: [ntdev] Sending IOCTLs to network adapter from a WDM filter
> > driver
> >
> >
> >> Thomas,
> >> Thanks for the reply. I had a similar idea - to register the same driver
> >> as
> >> both a WDM filter and NDIS Intermediate driver. The question is how can I
> >> match the Miniport handle that I have in the IM driver and the
> >> DeviceObject
> >> pointer I have in the WDM filter. Do you have an idea how this can be
> >> done?
> >>
> >> Thanks,
> >> Gregory
> >>
> >> -----Original Message-----
> >> From: xxxxx@lists.osr.com
> >> [mailto:xxxxx@lists.osr.com] On Behalf Of Thomas F. Divine
> >> Sent: Thursday, May 26, 2005 4:58 PM
> >> To: Windows System Software Devs Interest List
> >> Subject: Re:[ntdev] Sending IOCTLs to network adapter from a WDM filter
> >> driver
> >>
> >>
> >> “Gregory Dardyk” wrote in message
> >> news:xxxxx@ntdev…
> >> > Hello All
> >> > I am writing a filter driver for network adapters. In this filter
> >> > driver I would like to recognize when the adapter is a wireless
> >> > network adapter, so I tried to send OID queries to the adapter’s
> >> > device using IOCTLs (IOCTL_NDIS_QUERY_GLOBAL_STATS and
> >> > IOCTL_NDIS_QUERY_SELECTED_STATS). The problem is that no matter which
> >> > IOCTL I send, the network adapter driver returns STATUS_UNSUCCESSFUL.
> >> > I tried to step into the adapter handler function code and found the
> >> > following:
> >> > 1. All the dispatch functions for the adapter’s driver are actually
> >> > NDIS functions. For IOCTLs it is NDIS!ndisDeviceControlIrpHandler.
> >> > 2. NDIS!ndisDeviceControlIrpHandler checks the value at
> >> > Irp->Tail.Overlay.CurrentStackLocation->FileObject. If the value is
> >> > Irp->NULL,
> >> > it
> >> > just returns STATUS_UNSUCCESSFUL. All my requests are created by
> >> > IoBuildDeviceIoControlRequest and have NULL at that value. I can also
> >> > see that the requests that are sent from user mode have FileObjects
> >> > that are not NULL.
> >> >
> >>
> >> I am pretty sure that IOCTL_NDIS_QUERY_GLOBAL_STATS will only work for
> >> user-mode applications. If you have a companion user-mode process that
> >> can
> >> make the wireless query, then that would be best. Alternative user-mode
> >> NDIS
> >> information can be fetched using WMI. See http://www.ndis.com for some
> >> ideas
> >> for the user-mode query.
> >>
> >> In kernel you may need to register as a simple NDIS protocol driver and
> >> then
> >> use the NdisRequest mechanism to query the adapter.
> >>
> >> Good luck,
> >>
> >> Thomas F. Divine, Windows DDK MVP
> >> http://www.rawether.net
> >>
> >>
> >> > Is there any way to query the network adapter from a filter driver?
> >> >
> >> > Thanks,
> >> > Gregory
> >> >
> >> >
> >>
> >>
> >> —
> >> Questions? First check the Kernel Driver FAQ at
> >> http://www.osronline.com/article.cfm?id=256
> >>
> >> You are currently subscribed to ntdev as: xxxxx@safend.com To
> >> unsubscribe
> >> send a blank email to xxxxx@lists.osr.com
> >>
> >>
> >> —
> >> Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >>
> >> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> >> To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
Hi,
The reason why we thought about a WDM filter is that IM driver filtering
is limited. We would like to filter not only the network traffic but also
the managment requests (i.e. set/query OIDs). We started from an IM driver
and it works fine with WZC (Windows Wireless Zero Configuration service),
but it cannot filter the requests that are sent using WMI or using
IOCTL_NDIS_QUERY_GLOBAL_STATS.
Thanks,
Gregory
“Maxim S. Shatskih” wrote in message
> news:xxxxx@ntdev…
>> Why do you need WDM filter for network devnodes? What do you want to
>> achieve by such?
>>
>> Maxim Shatskih, Windows DDK MVP
>> StorageCraft Corporation
>> xxxxx@storagecraft.com
>> http://www.storagecraft.com
>>
>> ----- Original Message -----
>> From: “Gregory Dardyk”
>> To: “Windows System Software Devs Interest List”
>> Sent: Thursday, May 26, 2005 8:16 PM
>> Subject: RE: [ntdev] Sending IOCTLs to network adapter from a WDM filter
>> driver
>>
>>
>>> Thomas,
>>> Thanks for the reply. I had a similar idea - to register the same
>>> driver
>>> as
>>> both a WDM filter and NDIS Intermediate driver. The question is how can
>>> I
>>> match the Miniport handle that I have in the IM driver and the
>>> DeviceObject
>>> pointer I have in the WDM filter. Do you have an idea how this can be
>>> done?
>>>
>>> Thanks,
>>> Gregory
>>>
>>> -----Original Message-----
>>> From: xxxxx@lists.osr.com
>>> [mailto:xxxxx@lists.osr.com] On Behalf Of Thomas F.
>>> Divine
>>> Sent: Thursday, May 26, 2005 4:58 PM
>>> To: Windows System Software Devs Interest List
>>> Subject: Re:[ntdev] Sending IOCTLs to network adapter from a WDM filter
>>> driver
>>>
>>>
>>> “Gregory Dardyk” wrote in message
>>> news:xxxxx@ntdev…
>>> > Hello All
>>> > I am writing a filter driver for network adapters. In this filter
>>> > driver I would like to recognize when the adapter is a wireless
>>> > network adapter, so I tried to send OID queries to the adapter’s
>>> > device using IOCTLs (IOCTL_NDIS_QUERY_GLOBAL_STATS and
>>> > IOCTL_NDIS_QUERY_SELECTED_STATS). The problem is that no matter which
>>> > IOCTL I send, the network adapter driver returns STATUS_UNSUCCESSFUL.
>>> > I tried to step into the adapter handler function code and found the
>>> > following:
>>> > 1. All the dispatch functions for the adapter’s driver are actually
>>> > NDIS functions. For IOCTLs it is NDIS!ndisDeviceControlIrpHandler.
>>> > 2. NDIS!ndisDeviceControlIrpHandler checks the value at
>>> > Irp->Tail.Overlay.CurrentStackLocation->FileObject. If the value is
>>> > Irp->NULL,
>>> > it
>>> > just returns STATUS_UNSUCCESSFUL. All my requests are created by
>>> > IoBuildDeviceIoControlRequest and have NULL at that value. I can also
>>> > see that the requests that are sent from user mode have FileObjects
>>> > that are not NULL.
>>> >
>>>
>>> I am pretty sure that IOCTL_NDIS_QUERY_GLOBAL_STATS will only work for
>>> user-mode applications. If you have a companion user-mode process that
>>> can
>>> make the wireless query, then that would be best. Alternative user-mode
>>> NDIS
>>> information can be fetched using WMI. See http://www.ndis.com for some
>>> ideas
>>> for the user-mode query.
>>>
>>> In kernel you may need to register as a simple NDIS protocol driver and
>>> then
>>> use the NdisRequest mechanism to query the adapter.
>>>
>>> Good luck,
>>>
>>> Thomas F. Divine, Windows DDK MVP
>>> http://www.rawether.net
>>>
>>>
>>> > Is there any way to query the network adapter from a filter driver?
>>> >
>>> > Thanks,
>>> > Gregory
>>> >
>>> >
>>>
>>>
>>> —
>>> Questions? First check the Kernel Driver FAQ at
>>> http://www.osronline.com/article.cfm?id=256
>>>
>>> You are currently subscribed to ntdev as: xxxxx@safend.com To
>>> unsubscribe
>>> send a blank email to xxxxx@lists.osr.com
>>>
>>>
>>> —
>>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>>
>>> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
>>> To unsubscribe send a blank email to xxxxx@lists.osr.com
>>
>>
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@safend.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
In your WDM driver, open up a WMI data block and send
a query data query to the miniport driver. Datablock
GUID can be found with wbemtest.exe.
It’s a chunk of annoying code but it works.
HTH and good luck.
-Calvin
–
Calvin Guan Windows DDK MVP
Staff SW Engineer, NetXtreme MINIPORT
Enterprise Network Controller Engineering
Broadcom Corporation www.broadcom.com
— Shahar Talmi wrote:
> Hi,
> As far as I understand a NDIS IM driver cannot
> filter IOCTL’s that are sent
> to the miniport. I’m not sure, but I beleive it will
> not even receive OID’s
> sent via WMI. Since we need to filter all the
> controls sent to the miniport,
> my understanding is that we’ll need to filter the
> device using both NDIS IM
> and WDM filters.
>
> The problem is that the WDM filter must know whether
> the device is wireless
> or not, but this can be discovered (again, as far as
> I understand) only by a
> user mode application or by the NDIS IM. Using a
> user mode application is
> unacceptable since we need to know this information
> when the device is
> started (which might be during boot time, when there
> is no user mode
> application to ask).
>
> This means we need to find some kind of common
> language between the NDIS IM
> driver and the WDM filter driver so one can tell the
> other if the device it
> is filtering is wireless or not. Another solution
> can be, ofcourse, to find
> a way to discover this information using the WDM
> filter alone. Our only idea
> for implementing this was to send an
> IOCTL_NDIS_QUERY_GLOBAL_STATS to the
> miniport, but as Thomas mentioned, this will
> probably not be possible in
> kernel mode.
>
> Thanks,
> Shahar
>
> “Maxim S. Shatskih” wrote
> in message
> news:xxxxx@ntdev…
> > Why do you need WDM filter for network
> devnodes? What do you want to
> > achieve by such?
> >
> > Maxim Shatskih, Windows DDK MVP
> > StorageCraft Corporation
> > xxxxx@storagecraft.com
> > http://www.storagecraft.com
> >
> > ----- Original Message -----
> > From: “Gregory Dardyk”
> > To: “Windows System Software Devs Interest List”
>
> > Sent: Thursday, May 26, 2005 8:16 PM
> > Subject: RE: [ntdev] Sending IOCTLs to network
> adapter from a WDM filter
> > driver
> >
> >
> >> Thomas,
> >> Thanks for the reply. I had a similar idea - to
> register the same driver
> >> as
> >> both a WDM filter and NDIS Intermediate driver.
> The question is how can I
> >> match the Miniport handle that I have in the IM
> driver and the
> >> DeviceObject
> >> pointer I have in the WDM filter. Do you have an
> idea how this can be
> >> done?
> >>
> >> Thanks,
> >> Gregory
> >>
> >> -----Original Message-----
> >> From: xxxxx@lists.osr.com
> >> [mailto:xxxxx@lists.osr.com] On
> Behalf Of Thomas F. Divine
> >> Sent: Thursday, May 26, 2005 4:58 PM
> >> To: Windows System Software Devs Interest List
> >> Subject: Re:[ntdev] Sending IOCTLs to network
> adapter from a WDM filter
> >> driver
> >>
> >>
> >> “Gregory Dardyk” wrote in
> message
> >> news:xxxxx@ntdev…
> >> > Hello All
> >> > I am writing a filter driver for network
> adapters. In this filter
> >> > driver I would like to recognize when the
> adapter is a wireless
> >> > network adapter, so I tried to send OID queries
> to the adapter’s
> >> > device using IOCTLs
> (IOCTL_NDIS_QUERY_GLOBAL_STATS and
> >> > IOCTL_NDIS_QUERY_SELECTED_STATS). The problem
> is that no matter which
> >> > IOCTL I send, the network adapter driver
> returns STATUS_UNSUCCESSFUL.
> >> > I tried to step into the adapter handler
> function code and found the
> >> > following:
> >> > 1. All the dispatch functions for the adapter’s
> driver are actually
> >> > NDIS functions. For IOCTLs it is
> NDIS!ndisDeviceControlIrpHandler.
> >> > 2. NDIS!ndisDeviceControlIrpHandler checks the
> value at
> >> >
> Irp->Tail.Overlay.CurrentStackLocation->FileObject.
> If the value is
> >> > Irp->NULL,
> >> > it
> >> > just returns STATUS_UNSUCCESSFUL. All my
> requests are created by
> >> > IoBuildDeviceIoControlRequest and have NULL at
> that value. I can also
> >> > see that the requests that are sent from user
> mode have FileObjects
> >> > that are not NULL.
> >> >
> >>
> >> I am pretty sure that
> IOCTL_NDIS_QUERY_GLOBAL_STATS will only work for
> >> user-mode applications. If you have a companion
> user-mode process that
> >> can
> >> make the wireless query, then that would be best.
> Alternative user-mode
> >> NDIS
> >> information can be fetched using WMI. See
> http://www.ndis.com for some
> >> ideas
> >> for the user-mode query.
> >>
> >> In kernel you may need to register as a simple
> NDIS protocol driver and
> >> then
> >> use the NdisRequest mechanism to query the
> adapter.
> >>
> >> Good luck,
> >>
> >> Thomas F. Divine, Windows DDK MVP
> >> http://www.rawether.net
> >>
> >>
> >> > Is there any way to query the network adapter
> from a filter driver?
> >> >
> >> > Thanks,
> >> > Gregory
> >> >
> >> >
> >>
> >>
> >> —
> >> Questions? First check the Kernel Driver FAQ at
> >> http://www.osronline.com/article.cfm?id=256
> >>
> >> You are currently subscribed to ntdev as:
> xxxxx@safend.com To
> >> unsubscribe
> >> send a blank email to
> xxxxx@lists.osr.com
> >>
> >>
> >> —
> >> Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >>
> >> You are currently subscribed to ntdev as:
> xxxxx@storagecraft.com
> >> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
> >
> >
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as:
> xxxxx@yahoo.ca
> To unsubscribe send a blank email to
> xxxxx@lists.osr.com
>
______________________________________________________________________
Post your free ad now! http://personals.yahoo.ca
IM will filter all OID requests.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Gregory Dardyk”
To: “Windows System Software Devs Interest List”
Sent: Friday, May 27, 2005 5:51 PM
Subject: Re:[ntdev] Sending IOCTLs to network adapter from a WDM filter driver
> Hi,
> The reason why we thought about a WDM filter is that IM driver filtering
> is limited. We would like to filter not only the network traffic but also
> the managment requests (i.e. set/query OIDs). We started from an IM driver
> and it works fine with WZC (Windows Wireless Zero Configuration service),
> but it cannot filter the requests that are sent using WMI or using
> IOCTL_NDIS_QUERY_GLOBAL_STATS.
>
> Thanks,
> Gregory
>
> > “Maxim S. Shatskih” wrote in message
> > news:xxxxx@ntdev…
> >> Why do you need WDM filter for network devnodes? What do you want to
> >> achieve by such?
> >>
> >> Maxim Shatskih, Windows DDK MVP
> >> StorageCraft Corporation
> >> xxxxx@storagecraft.com
> >> http://www.storagecraft.com
> >>
> >> ----- Original Message -----
> >> From: “Gregory Dardyk”
> >> To: “Windows System Software Devs Interest List”
> >> Sent: Thursday, May 26, 2005 8:16 PM
> >> Subject: RE: [ntdev] Sending IOCTLs to network adapter from a WDM filter
> >> driver
> >>
> >>
> >>> Thomas,
> >>> Thanks for the reply. I had a similar idea - to register the same
> >>> driver
> >>> as
> >>> both a WDM filter and NDIS Intermediate driver. The question is how can
> >>> I
> >>> match the Miniport handle that I have in the IM driver and the
> >>> DeviceObject
> >>> pointer I have in the WDM filter. Do you have an idea how this can be
> >>> done?
> >>>
> >>> Thanks,
> >>> Gregory
> >>>
> >>> -----Original Message-----
> >>> From: xxxxx@lists.osr.com
> >>> [mailto:xxxxx@lists.osr.com] On Behalf Of Thomas F.
> >>> Divine
> >>> Sent: Thursday, May 26, 2005 4:58 PM
> >>> To: Windows System Software Devs Interest List
> >>> Subject: Re:[ntdev] Sending IOCTLs to network adapter from a WDM filter
> >>> driver
> >>>
> >>>
> >>> “Gregory Dardyk” wrote in message
> >>> news:xxxxx@ntdev…
> >>> > Hello All
> >>> > I am writing a filter driver for network adapters. In this filter
> >>> > driver I would like to recognize when the adapter is a wireless
> >>> > network adapter, so I tried to send OID queries to the adapter’s
> >>> > device using IOCTLs (IOCTL_NDIS_QUERY_GLOBAL_STATS and
> >>> > IOCTL_NDIS_QUERY_SELECTED_STATS). The problem is that no matter which
> >>> > IOCTL I send, the network adapter driver returns STATUS_UNSUCCESSFUL.
> >>> > I tried to step into the adapter handler function code and found the
> >>> > following:
> >>> > 1. All the dispatch functions for the adapter’s driver are actually
> >>> > NDIS functions. For IOCTLs it is NDIS!ndisDeviceControlIrpHandler.
> >>> > 2. NDIS!ndisDeviceControlIrpHandler checks the value at
> >>> > Irp->Tail.Overlay.CurrentStackLocation->FileObject. If the value is
> >>> > Irp->NULL,
> >>> > it
> >>> > just returns STATUS_UNSUCCESSFUL. All my requests are created by
> >>> > IoBuildDeviceIoControlRequest and have NULL at that value. I can also
> >>> > see that the requests that are sent from user mode have FileObjects
> >>> > that are not NULL.
> >>> >
> >>>
> >>> I am pretty sure that IOCTL_NDIS_QUERY_GLOBAL_STATS will only work for
> >>> user-mode applications. If you have a companion user-mode process that
> >>> can
> >>> make the wireless query, then that would be best. Alternative user-mode
> >>> NDIS
> >>> information can be fetched using WMI. See http://www.ndis.com for some
> >>> ideas
> >>> for the user-mode query.
> >>>
> >>> In kernel you may need to register as a simple NDIS protocol driver and
> >>> then
> >>> use the NdisRequest mechanism to query the adapter.
> >>>
> >>> Good luck,
> >>>
> >>> Thomas F. Divine, Windows DDK MVP
> >>> http://www.rawether.net
> >>>
> >>>
> >>> > Is there any way to query the network adapter from a filter driver?
> >>> >
> >>> > Thanks,
> >>> > Gregory
> >>> >
> >>> >
> >>>
> >>>
> >>> —
> >>> Questions? First check the Kernel Driver FAQ at
> >>> http://www.osronline.com/article.cfm?id=256
> >>>
> >>> You are currently subscribed to ntdev as: xxxxx@safend.com To
> >>> unsubscribe
> >>> send a blank email to xxxxx@lists.osr.com
> >>>
> >>>
> >>> —
> >>> Questions? First check the Kernel Driver FAQ at
> >> http://www.osronline.com/article.cfm?id=256
> >>>
> >>> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> >>> To unsubscribe send a blank email to xxxxx@lists.osr.com
> >>
> >>
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> > http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@safend.com
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com