WDF and Windows Filtering Platform

Ok, I surrender. I’ve been trying to solve this on my own for a few hours
and mostly what I get form the docs is obscure, unless my trifocals have
gaps I’m not seeing. I’m creating a WDF driver object followed by a WDF
device object as the docs describe, but when I call the WdfDeviceCreate
function I get a status returned of:

#define STATUS_INVALID_SECURITY_DESCR ((NTSTATUS)0xC0000079L)

Obviously, the function fails and the filter exits nicely since I test
NT_SUCCESSS(status) and exit if it fails.

I have followed this desctiption from the docs:

WDFDEVICE wdfDevice;

NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
WDFDRIVER driver;
PWDFDEVICE_INIT deviceInit;
PDEVICE_OBJECT deviceObject;
NTSTATUS status;

…

// Allocate a device initialization structure
deviceInit =
WdfControlDeviceInitAllocate(
driver;
&SDDL_DEVOBJ_KERNEL_ONLY
);

// Set the device characteristics
WdfDeviceInitSetCharacteristics(
deviceInit,
FILE_DEVICE_SECURE_OPEN,
FALSE
);

// Create a framework device object
status =
WdfDeviceCreate(
deviceInit,
WDF_NO_OBJECT_ATTRIBUTES,
&wdfDevice
);

// Check status
if (status == STATUS_SUCCESS) {

// Initialization of the framework device object is complete
WdfControlFinishInitializing(
wdfDevice
);

// Get the associated WDM device object
deviceObject = WdfDeviceWdmGetDeviceObject(wdfDevice);
}

…

return status;
}

The wdfDevice global is local to my DriverEntry function. It eventually will
be contained within a driver attribute object, but first things first. I’m
currently trying to get the driver to load, initialize and then unload.
Right now it fails because the device object cannot be created. Is there an
example of a WDF WFP callout driver? I have not found one in the WDK and the
example I tried to download after a Bing search bombs out in the browser. I
guess a corollary question: Does WDF adequately support WFP, or should I
stay with WDM?

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

WFP is orthogonal to KMDF. You can write a WFP driver with KMDF, but KMDF does not help with much, if any, of the WFP stuff. What does !wdfkd.wdflogdump say? That should indicate where is STATUS_INVALID_SECURITY_DESCR coming from

d

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Wednesday, December 30, 2009 2:53 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] WDF and Windows Filtering Platform

Ok, I surrender. I?ve been trying to solve this on my own for a few hours and mostly what I get form the docs is obscure, unless my trifocals have gaps I?m not seeing. I?m creating a WDF driver object followed by a WDF device object as the docs describe, but when I call the WdfDeviceCreate function I get a status returned of:

#define STATUS_INVALID_SECURITY_DESCR ((NTSTATUS)0xC0000079L)

Obviously, the function fails and the filter exits nicely since I test NT_SUCCESSS(status) and exit if it fails.

I have followed this desctiption from the docs:

WDFDEVICE wdfDevice;

NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
WDFDRIVER driver;
PWDFDEVICE_INIT deviceInit;
PDEVICE_OBJECT deviceObject;
NTSTATUS status;

…

// Allocate a device initialization structure
deviceInit =
WdfControlDeviceInitAllocate(
driver;
&SDDL_DEVOBJ_KERNEL_ONLY
);

// Set the device characteristics
WdfDeviceInitSetCharacteristics(
deviceInit,
FILE_DEVICE_SECURE_OPEN,
FALSE
);

// Create a framework device object
status =
WdfDeviceCreate(
deviceInit,
WDF_NO_OBJECT_ATTRIBUTES,
&wdfDevice
);

// Check status
if (status == STATUS_SUCCESS) {

// Initialization of the framework device object is complete
WdfControlFinishInitializing(
wdfDevice
);

// Get the associated WDM device object
deviceObject = WdfDeviceWdmGetDeviceObject(wdfDevice);
}

…

return status;
}
The wdfDevice global is local to my DriverEntry function. It eventually will be contained within a driver attribute object, but first things first. I?m currently trying to get the driver to load, initialize and then unload. Right now it fails because the device object cannot be created. Is there an example of a WDF WFP callout driver? I have not found one in the WDK and the example I tried to download after a Bing search bombs out in the browser. I guess a corollary question: Does WDF adequately support WFP, or should I stay with WDM?

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

Information from ESET Smart Security, version of virus signature database 4730 (20091230)

The message was checked by ESET Smart Security.

http://www.eset.com

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

About the only difference between your code and mine is that I assign a name
to the device.

Bill Wandel

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Wednesday, December 30, 2009 5:53 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] WDF and Windows Filtering Platform

Ok, I surrender. I’ve been trying to solve this on my own for a few hours
and mostly what I get form the docs is obscure, unless my trifocals have
gaps I’m not seeing. I’m creating a WDF driver object followed by a WDF
device object as the docs describe, but when I call the WdfDeviceCreate
function I get a status returned of:

#define STATUS_INVALID_SECURITY_DESCR ((NTSTATUS)0xC0000079L)

Obviously, the function fails and the filter exits nicely since I test
NT_SUCCESSS(status) and exit if it fails.

I have followed this desctiption from the docs:

WDFDEVICE wdfDevice;

NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
WDFDRIVER driver;
PWDFDEVICE_INIT deviceInit;
PDEVICE_OBJECT deviceObject;
NTSTATUS status;

…

// Allocate a device initialization structure
deviceInit =
WdfControlDeviceInitAllocate(
driver;
&SDDL_DEVOBJ_KERNEL_ONLY
);

// Set the device characteristics
WdfDeviceInitSetCharacteristics(
deviceInit,
FILE_DEVICE_SECURE_OPEN,
FALSE
);

// Create a framework device object
status =
WdfDeviceCreate(
deviceInit,
WDF_NO_OBJECT_ATTRIBUTES,
&wdfDevice
);

// Check status
if (status == STATUS_SUCCESS) {

// Initialization of the framework device object is complete
WdfControlFinishInitializing(
wdfDevice
);

// Get the associated WDM device object
deviceObject = WdfDeviceWdmGetDeviceObject(wdfDevice);
}

…

return status;
}

The wdfDevice global is local to my DriverEntry function. It eventually will
be contained within a driver attribute object, but first things first. I’m
currently trying to get the driver to load, initialize and then unload.
Right now it fails because the device object cannot be created. Is there an
example of a WDF WFP callout driver? I have not found one in the WDK and the
example I tried to download after a Bing search bombs out in the browser. I
guess a corollary question: Does WDF adequately support WFP, or should I
stay with WDM?

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

__________ Information from ESET Smart Security, version of virus signature
database 4730 (20091230) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Doron,

Here is what I get:

0: kd> !wdfkd.wdflogdump wfpcallout

Trace searchpath is:

Trace format prefix is: %7!u!: %!FUNC! -

Missing location of the log’s format files. Please use one

of the following options to specify their location:

(1) !wdfsearchpath command

(2) the environmental TRACE_FORMAT_SEARCH_PATH=

(3) !wdftmffile command

Looks like I have work to do to acquire the dump you want. Remember, at this
point I’m following the examples I can find and setting tracing is not in
what examples that are available.

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Doron Holan
Sent: Wednesday, December 30, 2009 4:57 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] WDF and Windows Filtering Platform

WFP is orthogonal to KMDF. You can write a WFP driver with KMDF, but KMDF
does not help with much, if any, of the WFP stuff. What does
!wdfkd.wdflogdump say? That should indicate where is
STATUS_INVALID_SECURITY_DESCR coming from

d

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Wednesday, December 30, 2009 2:53 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] WDF and Windows Filtering Platform

Ok, I surrender. I’ve been trying to solve this on my own for a few hours
and mostly what I get form the docs is obscure, unless my trifocals have
gaps I’m not seeing. I’m creating a WDF driver object followed by a WDF
device object as the docs describe, but when I call the WdfDeviceCreate
function I get a status returned of:

#define STATUS_INVALID_SECURITY_DESCR ((NTSTATUS)0xC0000079L)

Obviously, the function fails and the filter exits nicely since I test
NT_SUCCESSS(status) and exit if it fails.

I have followed this desctiption from the docs:

WDFDEVICE wdfDevice;

NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
WDFDRIVER driver;
PWDFDEVICE_INIT deviceInit;
PDEVICE_OBJECT deviceObject;
NTSTATUS status;

…

// Allocate a device initialization structure
deviceInit =
WdfControlDeviceInitAllocate(
driver;
&SDDL_DEVOBJ_KERNEL_ONLY
);

// Set the device characteristics
WdfDeviceInitSetCharacteristics(
deviceInit,
FILE_DEVICE_SECURE_OPEN,
FALSE
);

// Create a framework device object
status =
WdfDeviceCreate(
deviceInit,
WDF_NO_OBJECT_ATTRIBUTES,
&wdfDevice
);

// Check status
if (status == STATUS_SUCCESS) {

// Initialization of the framework device object is complete
WdfControlFinishInitializing(
wdfDevice
);

// Get the associated WDM device object
deviceObject = WdfDeviceWdmGetDeviceObject(wdfDevice);
}

…

return status;
}

The wdfDevice global is local to my DriverEntry function. It eventually will
be contained within a driver attribute object, but first things first. I’m
currently trying to get the driver to load, initialize and then unload.
Right now it fails because the device object cannot be created. Is there an
example of a WDF WFP callout driver? I have not found one in the WDK and the
example I tried to download after a Bing search bombs out in the browser. I
guess a corollary question: Does WDF adequately support WFP, or should I
stay with WDM?

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

Information from ESET Smart Security, version of virus signature
database 4730 (20091230)

The message was checked by ESET Smart Security.

http://www.eset.com

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Information from ESET Smart Security, version of virus signature
database 4730 (20091230)

The message was checked by ESET Smart Security.

http://www.eset.com

Bill,

Are you developing on a 64 bit target, Windows 7 Ultimate?

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill Wandel
Sent: Wednesday, December 30, 2009 5:09 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] WDF and Windows Filtering Platform

About the only difference between your code and mine is that I assign a name
to the device.

Bill Wandel

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Wednesday, December 30, 2009 5:53 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] WDF and Windows Filtering Platform

Ok, I surrender. I’ve been trying to solve this on my own for a few hours
and mostly what I get form the docs is obscure, unless my trifocals have
gaps I’m not seeing. I’m creating a WDF driver object followed by a WDF
device object as the docs describe, but when I call the WdfDeviceCreate
function I get a status returned of:

#define STATUS_INVALID_SECURITY_DESCR ((NTSTATUS)0xC0000079L)

Obviously, the function fails and the filter exits nicely since I test
NT_SUCCESSS(status) and exit if it fails.

I have followed this desctiption from the docs:

WDFDEVICE wdfDevice;

NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
WDFDRIVER driver;
PWDFDEVICE_INIT deviceInit;
PDEVICE_OBJECT deviceObject;
NTSTATUS status;

…

// Allocate a device initialization structure
deviceInit =
WdfControlDeviceInitAllocate(
driver;
&SDDL_DEVOBJ_KERNEL_ONLY
);

// Set the device characteristics
WdfDeviceInitSetCharacteristics(
deviceInit,
FILE_DEVICE_SECURE_OPEN,
FALSE
);

// Create a framework device object
status =
WdfDeviceCreate(
deviceInit,
WDF_NO_OBJECT_ATTRIBUTES,
&wdfDevice
);

// Check status
if (status == STATUS_SUCCESS) {

// Initialization of the framework device object is complete
WdfControlFinishInitializing(
wdfDevice
);

// Get the associated WDM device object
deviceObject = WdfDeviceWdmGetDeviceObject(wdfDevice);
}

…

return status;
}

The wdfDevice global is local to my DriverEntry function. It eventually will
be contained within a driver attribute object, but first things first. I’m
currently trying to get the driver to load, initialize and then unload.
Right now it fails because the device object cannot be created. Is there an
example of a WDF WFP callout driver? I have not found one in the WDK and the
example I tried to download after a Bing search bombs out in the browser. I
guess a corollary question: Does WDF adequately support WFP, or should I
stay with WDM?

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

__________ Information from ESET Smart Security, version of virus signature
database 4730 (20091230) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4730 (20091230) __________

The message was checked by ESET Smart Security.

http://www.eset.com

My targets are both 32 an 64 bit Vista using the 7600 WDK.

Bill Wandel

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Wednesday, December 30, 2009 6:36 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] WDF and Windows Filtering Platform

Bill,

Are you developing on a 64 bit target, Windows 7 Ultimate?

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill Wandel
Sent: Wednesday, December 30, 2009 5:09 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] WDF and Windows Filtering Platform

About the only difference between your code and mine is that I assign a name
to the device.

Bill Wandel

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Wednesday, December 30, 2009 5:53 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] WDF and Windows Filtering Platform

Ok, I surrender. I’ve been trying to solve this on my own for a few hours
and mostly what I get form the docs is obscure, unless my trifocals have
gaps I’m not seeing. I’m creating a WDF driver object followed by a WDF
device object as the docs describe, but when I call the WdfDeviceCreate
function I get a status returned of:

#define STATUS_INVALID_SECURITY_DESCR ((NTSTATUS)0xC0000079L)

Obviously, the function fails and the filter exits nicely since I test
NT_SUCCESSS(status) and exit if it fails.

I have followed this desctiption from the docs:

WDFDEVICE wdfDevice;

NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
WDFDRIVER driver;
PWDFDEVICE_INIT deviceInit;
PDEVICE_OBJECT deviceObject;
NTSTATUS status;

…

// Allocate a device initialization structure
deviceInit =
WdfControlDeviceInitAllocate(
driver;
&SDDL_DEVOBJ_KERNEL_ONLY
);

// Set the device characteristics
WdfDeviceInitSetCharacteristics(
deviceInit,
FILE_DEVICE_SECURE_OPEN,
FALSE
);

// Create a framework device object
status =
WdfDeviceCreate(
deviceInit,
WDF_NO_OBJECT_ATTRIBUTES,
&wdfDevice
);

// Check status
if (status == STATUS_SUCCESS) {

// Initialization of the framework device object is complete
WdfControlFinishInitializing(
wdfDevice
);

// Get the associated WDM device object
deviceObject = WdfDeviceWdmGetDeviceObject(wdfDevice);
}

…

return status;
}

The wdfDevice global is local to my DriverEntry function. It eventually will
be contained within a driver attribute object, but first things first. I’m
currently trying to get the driver to load, initialize and then unload.
Right now it fails because the device object cannot be created. Is there an
example of a WDF WFP callout driver? I have not found one in the WDK and the
example I tried to download after a Bing search bombs out in the browser. I
guess a corollary question: Does WDF adequately support WFP, or should I
stay with WDM?

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

__________ Information from ESET Smart Security, version of virus signature
database 4730 (20091230) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4730 (20091230) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4730 (20091230) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

The KMDF sample src\general\ioctl\kmdf.… pretty much is the bare-bones of
the KMDF skeleton you need. As Doron noted, KMDF really has nothing to
assist in anything related to the network stack but the general object
framework, memory objects, and control device I/O model may be useful
depending on what you are doing.

Good Luck,

Dave Cattley

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Wednesday, December 30, 2009 5:53 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] WDF and Windows Filtering Platform

Ok, I surrender. I?ve been trying to solve this on my own for a few hours
and mostly what I get form the docs is obscure, unless my trifocals have
gaps I?m not seeing. I?m creating a WDF driver object followed by a WDF
device object as the docs describe, but when I call the WdfDeviceCreate
function I get a status returned of:

#define STATUS_INVALID_SECURITY_DESCR ((NTSTATUS)0xC0000079L)

Obviously, the function fails and the filter exits nicely since I test
NT_SUCCESSS(status) and exit if it fails.

I have followed this desctiption from the docs:

WDFDEVICE wdfDevice;

NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
WDFDRIVER driver;
PWDFDEVICE_INIT deviceInit;
PDEVICE_OBJECT deviceObject;
NTSTATUS status;

…

// Allocate a device initialization structure
deviceInit =
WdfControlDeviceInitAllocate(
driver;
&SDDL_DEVOBJ_KERNEL_ONLY
);

// Set the device characteristics
WdfDeviceInitSetCharacteristics(
deviceInit,
FILE_DEVICE_SECURE_OPEN,
FALSE
);

// Create a framework device object
status =
WdfDeviceCreate(
deviceInit,
WDF_NO_OBJECT_ATTRIBUTES,
&wdfDevice
);

// Check status
if (status == STATUS_SUCCESS) {

// Initialization of the framework device object is complete
WdfControlFinishInitializing(
wdfDevice
);

// Get the associated WDM device object
deviceObject = WdfDeviceWdmGetDeviceObject(wdfDevice);
}

…

return status;
}

The wdfDevice global is local to my DriverEntry function. It eventually will
be contained within a driver attribute object, but first things first. I?m
currently trying to get the driver to load, initialize and then unload.
Right now it fails because the device object cannot be created. Is there an
example of a WDF WFP callout driver? I have not found one in the WDK and the
example I tried to download after a Bing search bombs out in the browser. I
guess a corollary question: Does WDF adequately support WFP, or should I
stay with WDM?

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

__________ Information from ESET Smart Security, version of virus signature
database 4730 (20091230) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

You can disregard the last query as irrelevant. I named the device object,
then called WdfDeviceCreate and it created the device object. Perhaps that’s
a doc change that needs to be made?

Thanks to both Doron and Bill.

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Wednesday, December 30, 2009 5:36 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] WDF and Windows Filtering Platform

Bill,

Are you developing on a 64 bit target, Windows 7 Ultimate?

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Bill Wandel
Sent: Wednesday, December 30, 2009 5:09 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] WDF and Windows Filtering Platform

About the only difference between your code and mine is that I assign a name
to the device.

Bill Wandel

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com]
On Behalf Of Gary G. Little
Sent: Wednesday, December 30, 2009 5:53 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] WDF and Windows Filtering Platform

Ok, I surrender. I’ve been trying to solve this on my own for a few hours
and mostly what I get form the docs is obscure, unless my trifocals have
gaps I’m not seeing. I’m creating a WDF driver object followed by a WDF
device object as the docs describe, but when I call the WdfDeviceCreate
function I get a status returned of:

#define STATUS_INVALID_SECURITY_DESCR ((NTSTATUS)0xC0000079L)

Obviously, the function fails and the filter exits nicely since I test
NT_SUCCESSS(status) and exit if it fails.

I have followed this desctiption from the docs:

WDFDEVICE wdfDevice;

NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
WDFDRIVER driver;
PWDFDEVICE_INIT deviceInit;
PDEVICE_OBJECT deviceObject;
NTSTATUS status;

…

// Allocate a device initialization structure
deviceInit =
WdfControlDeviceInitAllocate(
driver;
&SDDL_DEVOBJ_KERNEL_ONLY
);

// Set the device characteristics
WdfDeviceInitSetCharacteristics(
deviceInit,
FILE_DEVICE_SECURE_OPEN,
FALSE
);

// Create a framework device object
status =
WdfDeviceCreate(
deviceInit,
WDF_NO_OBJECT_ATTRIBUTES,
&wdfDevice
);

// Check status
if (status == STATUS_SUCCESS) {

// Initialization of the framework device object is complete
WdfControlFinishInitializing(
wdfDevice
);

// Get the associated WDM device object
deviceObject = WdfDeviceWdmGetDeviceObject(wdfDevice);
}

…

return status;
}

The wdfDevice global is local to my DriverEntry function. It eventually will
be contained within a driver attribute object, but first things first. I’m
currently trying to get the driver to load, initialize and then unload.
Right now it fails because the device object cannot be created. Is there an
example of a WDF WFP callout driver? I have not found one in the WDK and the
example I tried to download after a Bing search bombs out in the browser. I
guess a corollary question: Does WDF adequately support WFP, or should I
stay with WDM?

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

__________ Information from ESET Smart Security, version of virus signature
database 4730 (20091230) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4730 (20091230) __________

The message was checked by ESET Smart Security.

http://www.eset.com

__________ Information from ESET Smart Security, version of virus signature
database 4730 (20091230) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4730 (20091230) __________

The message was checked by ESET Smart Security.

http://www.eset.com

My desire is to produce this as a KMDF driver, having been a proponent of
the framework since that first Round table. But, it appears to be more of a
documentation issue than anything else, though, and I have gotten past that
road block.

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of David R. Cattley
Sent: Wednesday, December 30, 2009 6:07 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] WDF and Windows Filtering Platform

The KMDF sample src\general\ioctl\kmdf.… pretty much is the bare-bones of
the KMDF skeleton you need. As Doron noted, KMDF really has nothing to
assist in anything related to the network stack but the general object
framework, memory objects, and control device I/O model may be useful
depending on what you are doing.

Good Luck,

Dave Cattley

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Wednesday, December 30, 2009 5:53 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] WDF and Windows Filtering Platform

Ok, I surrender. I’ve been trying to solve this on my own for a few hours
and mostly what I get form the docs is obscure, unless my trifocals have
gaps I’m not seeing. I’m creating a WDF driver object followed by a WDF
device object as the docs describe, but when I call the WdfDeviceCreate
function I get a status returned of:

#define STATUS_INVALID_SECURITY_DESCR ((NTSTATUS)0xC0000079L)

Obviously, the function fails and the filter exits nicely since I test
NT_SUCCESSS(status) and exit if it fails.

I have followed this desctiption from the docs:

WDFDEVICE wdfDevice;

NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
WDFDRIVER driver;
PWDFDEVICE_INIT deviceInit;
PDEVICE_OBJECT deviceObject;
NTSTATUS status;

…

// Allocate a device initialization structure
deviceInit =
WdfControlDeviceInitAllocate(
driver;
&SDDL_DEVOBJ_KERNEL_ONLY
);

// Set the device characteristics
WdfDeviceInitSetCharacteristics(
deviceInit,
FILE_DEVICE_SECURE_OPEN,
FALSE
);

// Create a framework device object
status =
WdfDeviceCreate(
deviceInit,
WDF_NO_OBJECT_ATTRIBUTES,
&wdfDevice
);

// Check status
if (status == STATUS_SUCCESS) {

// Initialization of the framework device object is complete
WdfControlFinishInitializing(
wdfDevice
);

// Get the associated WDM device object
deviceObject = WdfDeviceWdmGetDeviceObject(wdfDevice);
}

…

return status;
}

The wdfDevice global is local to my DriverEntry function. It eventually will
be contained within a driver attribute object, but first things first. I’m
currently trying to get the driver to load, initialize and then unload.
Right now it fails because the device object cannot be created. Is there an
example of a WDF WFP callout driver? I have not found one in the WDK and the
example I tried to download after a Bing search bombs out in the browser. I
guess a corollary question: Does WDF adequately support WFP, or should I
stay with WDM?

Gary G. Little

H (952) 223-1349

C (952) 454-4629

xxxxx@comcast.net

__________ Information from ESET Smart Security, version of virus signature
database 4730 (20091230) __________

The message was checked by ESET Smart Security.

http://www.eset.com

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

__________ Information from ESET Smart Security, version of virus signature
database 4730 (20091230) __________

The message was checked by ESET Smart Security.

http://www.eset.com

Perhpas, but conceptually adding a descriptor to an unnamed control device does not make much sense. No name means it can’t be opened, if it can’t be opened the descriptor never comes into play

d

From: Gary G. Little
Sent: Wednesday, December 30, 2009 4:17 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] WDF and Windows Filtering Platform

You can disregard the last query as irrelevant. I named the device object, then called WdfDeviceCreate and it created the device object. Perhaps that?s a doc change that needs to be made?

Thanks to both Doron and Bill.

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Wednesday, December 30, 2009 5:36 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] WDF and Windows Filtering Platform

Bill,

Are you developing on a 64 bit target, Windows 7 Ultimate?

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Bill Wandel
Sent: Wednesday, December 30, 2009 5:09 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] WDF and Windows Filtering Platform

About the only difference between your code and mine is that I assign a name to the device.

Bill Wandel

________________________________
From: xxxxx@lists.osr.com [mailto:xxxxx@lists.osr.com] On Behalf Of Gary G. Little
Sent: Wednesday, December 30, 2009 5:53 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] WDF and Windows Filtering Platform
Ok, I surrender. I?ve been trying to solve this on my own for a few hours and mostly what I get form the docs is obscure, unless my trifocals have gaps I?m not seeing. I?m creating a WDF driver object followed by a WDF device object as the docs describe, but when I call the WdfDeviceCreate function I get a status returned of:

#define STATUS_INVALID_SECURITY_DESCR ((NTSTATUS)0xC0000079L)

Obviously, the function fails and the filter exits nicely since I test NT_SUCCESSS(status) and exit if it fails.

I have followed this desctiption from the docs:

WDFDEVICE wdfDevice;

NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
WDFDRIVER driver;
PWDFDEVICE_INIT deviceInit;
PDEVICE_OBJECT deviceObject;
NTSTATUS status;

…

// Allocate a device initialization structure
deviceInit =
WdfControlDeviceInitAllocate(
driver;
&SDDL_DEVOBJ_KERNEL_ONLY
);

// Set the device characteristics
WdfDeviceInitSetCharacteristics(
deviceInit,
FILE_DEVICE_SECURE_OPEN,
FALSE
);

// Create a framework device object
status =
WdfDeviceCreate(
deviceInit,
WDF_NO_OBJECT_ATTRIBUTES,
&wdfDevice
);

// Check status
if (status == STATUS_SUCCESS) {

// Initialization of the framework device object is complete
WdfControlFinishInitializing(
wdfDevice
);

// Get the associated WDM device object
deviceObject = WdfDeviceWdmGetDeviceObject(wdfDevice);
}

…

return status;
}
The wdfDevice global is local to my DriverEntry function. It eventually will be contained within a driver attribute object, but first things first. I?m currently trying to get the driver to load, initialize and then unload. Right now it fails because the device object cannot be created. Is there an example of a WDF WFP callout driver? I have not found one in the WDK and the example I tried to download after a Bing search bombs out in the browser. I guess a corollary question: Does WDF adequately support WFP, or should I stay with WDM?

Gary G. Little
H (952) 223-1349
C (952) 454-4629
xxxxx@comcast.net

__________ Information from ESET Smart Security, version of virus signature database 4730 (20091230)

The message was checked by ESET Smart Security.

http://www.eset.com

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Information from ESET Smart Security, version of virus signature database 4730 (20091230)

The message was checked by ESET Smart Security.

http://www.eset.com

Information from ESET Smart Security, version of virus signature database 4730 (20091230)

The message was checked by ESET Smart Security.

http://www.eset.com

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Information from ESET Smart Security, version of virus signature database 4730 (20091230)

The message was checked by ESET Smart Security.

http://www.eset.com

Information from ESET Smart Security, version of virus signature database 4730 (20091230) __________

The message was checked by ESET Smart Security.

http://www.eset.com

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer