NDIS 6.0 - Filter driver
in [Device Drivers]
|
From: kpele on 7 Oct 2009 07:08 Hi all, I am new to driver developement and I have started looking at some samples provided along with the WDK. In particular I am taking a look at the filter ndis 6 driver sample and I have to admit that I am confused ! As a beginning and in order to get a feeling of the way that NDIS 6 drivers operate I tried to figure out a few things about their architecture. Supposing I have understood the high level architecture of a filter driver I want to extend the sample's driver functionality in order to support also modification of the data after receiving them and before sending them out. From what I have managed to figure out I need to use functions Filter {Send_Receive}NetBufferLists in order to accomplish my goal. However, I cannot get the details of NET_BUFFERs and NET_BUFFER_LISTS. It seems (at least from what it is stated at http://msdn.microsoft.com/en-us/library/aa938497.aspx ) that net_buffer_list is different from incoming and outgoing data (e.g., for incoming data a whole net_buffer_list contains a single packet while for outgoing data a net_buffer struct contains a packet). I would like to ask the more experienced developers if they could provide any hint/tip about modifying received and sent data. Also if there is any nice tutorial for NDIS 6 filter drivers it would be more than helpful. I have tried browsing through msdn documentation but I have to say that it was not very practical and some times it was more confusing. Thanks a lot for your time and sorry if this message seems to include 'stupid' questions but consider that this is my first attemp to work with an NDIS filter driver. ps one additional question is how I can view messages from DEBUGP (e.g., DEBUGP(DL_ERROR, ("FilterDevicePnPEventNotify: Invalid event. \n"));). I have tried to use dbgview from sysinternals but I had no luck. I guess there is not any similar command in windows like the dmesg command in linux.
From: Maxim S. Shatskih on 7 Oct 2009 11:09 > From what I have managed to figure out I need to use functions Filter > {Send_Receive}NetBufferLists in order to accomplish my goal. However, > I cannot get the details of NET_BUFFERs and NET_BUFFER_LISTS. NBL is, I think, the new architectural notion of "packet group". Only the consecutive packets from the same TCP connection can belong to the NBL. NET_BUFFER == NDIS_PACKET, and NDIS_BUFFER is renamed to MDL (it was MDL on pre-6 NDIS on NT OSes anyway). This notion is introduced, I think, to simplify the TCP task offload. -- Maxim S. Shatskih Windows DDK MVP maxim(a)storagecraft.com http://www.storagecraft.com
From: eagersh on 8 Oct 2009 15:46 On Oct 7, 7:08 am, kpele <kostas.pelechri...(a)gmail.com> wrote: > ps one additional question is how I can view messages from DEBUGP > (e.g., DEBUGP(DL_ERROR, ("FilterDevicePnPEventNotify: Invalid event. > \n"));). I have tried to use dbgview from sysinternals but I had no > luck. I guess there is not any similar command in windows like the > dmesg command in linux. If you using Vista or Windows 7 you need to enable output of debugging messages from kernel. Have you done that? If you have not, you need to specify "DEFAULT" value = 0xFFFFFFFF ( maximum output) in "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager \Debug Print Filter" key of Windows Registry. Igor Sharovar
From: Pavel A. on 10 Oct 2009 15:19 "kpele" <kostas.pelechrinis(a)gmail.com> wrote in message news:c570c3f1-5995-4418-9f62-15875c9724b7(a)z34g2000vbl.googlegroups.com... ................. > From what I have managed to figure out I need to use functions Filter > {Send_Receive}NetBufferLists in order to accomplish my goal. However, > I cannot get the details of NET_BUFFERs and NET_BUFFER_LISTS. It > seems (at least from what it is stated at > http://msdn.microsoft.com/en-us/library/aa938497.aspx > ) that net_buffer_list is different from incoming and outgoing data > (e.g., for incoming data a whole net_buffer_list contains a single > packet while for outgoing data a net_buffer struct contains a > packet). For both incoming and outgoing data, the packet is contained in a net_buffer_list. Netcard drivers tend to put the whole received packet in a single buffer, but this is not an absolute rule. > I would like to ask the more experienced developers if they could > provide any hint/tip about modifying received and sent data. Also if > there is any nice tutorial for NDIS 6 filter drivers it would be more > than helpful. I have tried browsing through msdn documentation but I > have to say that it was not very practical and some times it was more > confusing. IMHO there's no magic bullet here. Either you learn and do it yourself in the hard way, if the time allows - or get a consultant to kick- start the project. ................. > ps one additional question is how I can view messages from DEBUGP > (e.g., DEBUGP(DL_ERROR, ("FilterDevicePnPEventNotify: Invalid event. > \n"));). I have tried to use dbgview from sysinternals but I had no > luck. I guess there is not any similar command in windows like the > dmesg command in linux. DebugView: http://technet.microsoft.com/en-us/sysinternals/bb896647.aspx Good luck, --pa
From: kpele on 12 Oct 2009 07:10 Thanks a lot for the replies. I will try debuging after creating the registry key and also I will take a look at the the 'packet group' notion. Thanks "eagersh" wrote: > On Oct 7, 7:08 am, kpele <kostas.pelechri...(a)gmail.com> wrote: > > > ps one additional question is how I can view messages from DEBUGP > > (e.g., DEBUGP(DL_ERROR, ("FilterDevicePnPEventNotify: Invalid event. > > \n"));). I have tried to use dbgview from sysinternals but I had no > > luck. I guess there is not any similar command in windows like the > > dmesg command in linux. > > If you using Vista or Windows 7 you need to enable output of debugging > messages from kernel. Have you done that? > If you have not, you need to specify "DEFAULT" value = 0xFFFFFFFF > ( maximum output) in > "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager > \Debug Print Filter" key of Windows Registry. > > Igor Sharovar >
|
Next
|
Last
Pages: 1 2 Prev: disabling postscript passthrough in printer plugin Next: How Would I Write a MBR? |