Jump-start your project by learning from devs who
write Windows drivers and file systems every day.
Take an OSR seminar!

Upcoming OSR Seminars:
WDM Lab, Seattle, WA 16 August 2010
WDF Lab, Santa Clara, CA 27 September 2010
Debug Lab, Portland, OR 18 October 2010
Windows Internals & Software Drivers Lab, Santa Clara, CA 15 November 2010


Go Back   OSR Online Lists > ntdev
link How to get process ID in an NDIS driver
Welcome, Guest
You must login to post to this list
  Message 1 of 12  
06 May 08 14:12
Ariel K
xxxxxx@hotmail.com
Join Date: 01 Aug 2007
Posts To This List: 31
How to get process ID in an NDIS driver
Hey. I'm trying to write a little applicative firewall, by writing an NDIS 6.0 filter driver, using the filter sample of the DDK. When I receive a data packet, a NET_BUFFER_LIST in my FilterSendNetBufferLists, I need some way to get the process ID of the process which sent the data. Is there any way to do it in NDIS in a similar way to the WDM's IoGetRequestorProcessId(PIRP irp)? Thanks
  Message 2 of 12  
06 May 08 14:20
Thomas Divine
xxxxxx@pcausa.com
Join Date: 05 Aug 2010
Posts To This List: 546
RE: How to get process ID in an NDIS driver
At the NDIS level you cannot get process information. Sorry. End of subject. Since you are working on Vista, you may want to consider using the Windows Filtering Platform (WFP) instead. That magic Microsoft concoction, along with Windows Sockets Kernel (WSK) solves all the world's problems. No, it isn't available on pre-Vista platforms. Thomas F. Divine http://www.pcausa.com > -----Original Message----- > From: xxxxx@lists.osr.com [mailto:bounce-323411- > xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com > Sent: Tuesday, May 06, 2008 2:12 PM > To: Windows System Software Devs Interest List > Subject: [ntdev] How to get process ID in an NDIS driver > > Hey. > <...excess quoted lines suppressed...>
  Message 3 of 12  
06 May 08 14:36
Stephen Prochniak
xxxxxx@VirtualIron.com
Join Date: 17 Jan 2007
Posts To This List: 66
RE: How to get process ID in an NDIS driver
#define NDIS_WDM 1
  Message 4 of 12  
06 May 08 15:41
anton bassov
xxxxxx@hotmail.com
Join Date: 16 Jul 2006
Posts To This List: 2691
RE: How to get process ID in an NDIS driver
> When I receive a data packet, a NET_BUFFER_LIST in my FilterSendNetBufferLists, I need some way to > get the process ID of the process which sent the data. If you want to relate packets at NDIS level to the originator process, you need an additional component at the upper edge, i.e. TDI filter on pre-Vista OS and WFP on Vista. This is how firewalls and packet filters normally do things - upper component relates packet information (i.e. address and port number) to the originating process, so that at NDIS level you can use this packet information to relate the packet to the originating process. Once you target Vista, please note that WFP offers information about PID at some filtering layers, which simplifies things. However, as far as I recall from from a project I did a year ago ( I had exactly the same requirement that you do), filtering level-related information on MSDN is not so precise, so to say (in fact, the same seems to be true for everything concerning WFP). Therefore, you need to experiment a bit and discover which filtering layer suits your needs best.. In any case, despite some minor inconveniences and inconsistencies in documentation, this task seems to be easier on Vista, compared to pre-Vista OS versions... Anton Bassov
  Message 5 of 12  
07 May 08 14:59
Ariel K
xxxxxx@hotmail.com
Join Date: 01 Aug 2007
Posts To This List: 31
RE: How to get process ID in an NDIS driver
Thanks for your replies. I'd like some way to make sure nothing passes through any network interface - that is why the NDIS filter oprion was so appealing... What WFP layers are available? do they match the NDIS filter layers? is a some good example of WFP usage? Thanks, Ariel.
  Message 6 of 12  
07 May 08 17:40
David J. Craig
xxxxxx@yoshimuni.com
Join Date:
Posts To This List: 1114
Re: How to get process ID in an NDIS driver
In that case what is wrong with unplugging the cables? Disabling the network adapters - don't forget 1394? <xxxxx@hotmail.com> wrote in message news:106030@ntdev... > Thanks for your replies. > > I'd like some way to make sure nothing passes through any network > interface - that is why the NDIS filter oprion was so appealing... > > What WFP layers are available? do they match the NDIS filter layers? is a > some good example of WFP usage? > > Thanks, > Ariel. <...excess quoted lines suppressed...>
  Message 7 of 12  
07 May 08 17:41
anton bassov
xxxxxx@hotmail.com
Join Date: 16 Jul 2006
Posts To This List: 2691
RE: How to get process ID in an NDIS driver
> I'd like some way to make sure nothing passes through any network interface In such case NDIS LWF is the right way to go.... >What WFP layers are available? Check MSDN... > do they match the NDIS filter layers? No - WFP is all about IP, so that the lowest available level is still higher than that of NDIS... Anton Bassov
  Message 8 of 12  
11 May 08 07:18
Ariel K
xxxxxx@hotmail.com
Join Date: 01 Aug 2007
Posts To This List: 31
RE: How to get process ID in an NDIS driver
Is there some way to be sure nothing does passes through with WFP? Could I just disable any network cards of all kinds in a WFP component programmatically, much like a user can through the "control panel"? Ariel
  Message 9 of 12  
11 May 08 08:30
ntdev member 26176
xxxxxx@writeme.com
Join Date:
Posts To This List: 252
Re: How to get process ID in an NDIS driver
<xxxxx@hotmail.com> wrote in message news:106224@ntdev... > Is there some way to be sure nothing does passes through with WFP? Could I > just disable any network cards of all kinds in a WFP component > programmatically, much like a user can through the "control panel"? > > Ariel You don't want to disable physical netcards, otherwise (surprise!) nothing of your filtered traffic will get outside at all. Regards, --PA
  Message 10 of 12  
11 May 08 08:38
Ariel K
xxxxxx@hotmail.com
Join Date: 01 Aug 2007
Posts To This List: 31
RE: How to get process ID in an NDIS driver
say I'm waiting for some interrupt or another IOCTL which the user sends, to let me know it is now ok to enable the network cards. I want the option of disabling some of them...is there some WFP API for that? Ariel
  Message 11 of 12  
11 May 08 13:05
ntdev member 26176
xxxxxx@writeme.com
Join Date:
Posts To This List: 252
Re: How to get process ID in an NDIS driver
<xxxxx@hotmail.com> wrote in message news:106227@ntdev... > say I'm waiting for some interrupt or another IOCTL which the user sends, > to let me know it is now ok to enable the network cards. > > I want the option of disabling some of them...is there some WFP API for > that? > In Vista+, WMI class Win32_NetworkAdapter has method Disable(). --PA
  Message 12 of 12  
11 May 08 13:59
Volodymyr M. Shcherbyna
xxxxxx@mvps.org
Join Date: 09 May 2008
Posts To This List: 40
Re: How to get process ID in an NDIS driver
It can be also used in XP for sure. And IIRC for 2k SP4 as-well. -- V. This posting is provided "AS IS" with no warranties, and confers no rights. "Pavel A." <xxxxx@writeme.com> wrote in message news:106232@ntdev... > > <xxxxx@hotmail.com> wrote in message news:106227@ntdev... >> say I'm waiting for some interrupt or another IOCTL which the user sends, >> to let me know it is now ok to enable the network cards. >> >> I want the option of disabling some of them...is there some WFP API for >> that? >> > > In Vista+, WMI class Win32_NetworkAdapter has method Disable(). <...excess quoted lines suppressed...>
Posting Rules  
You may not post new threads
You may not post replies
You may not post attachments
You must login to OSR Online AND be a member of the ntdev list to be able to post.

All times are GMT -5. The time now is 13:58.

Contact Us - Osr Online Homepage - Top

Copyright ©2005, OSR Open Systems Resourcs, Inc.
Based on vBulletin Copyright ©2000 - 2005, Jelsoft Enterprises Ltd.
Modified under license