Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging

The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.

Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/

Best Of

Re: WSCInstallProvider() vs FwpmProviderAdd0()

I gather that you have an existing Layered Service Provider (LSP) and want to migrate it to newer OS versions? At a high level, what does your LSP do?

The guidance to move to windows filtering platform is very generic. Many and probably most LSPs were developed to filter connections or packets in some way and WFP is a much easier way to do that. But your description of a custom address family does not jive with that. Usually though, custom address family requires a NDIS protocol driver and not an LSP so I am confused

MBond2

Re: Execute Native Application in Windows 10 and 8.1

This is an application not a driver so you don't want a WDM project...I got this to work:

#include <Windows.h>
#include <winternl.h>

NTSYSCALLAPI NTSTATUS NTAPI NtDisplayString(PUNICODE_STRING DisplayString);
NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE ProcessHandle, NTSTATUS ExitStatus);

VOID NtProcessStartup(PVOID StartupArgument)
{
    UNICODE_STRING str;
    RtlInitUnicodeString(&str, L"Hello, world!\n");
    NtDisplayString(&str);
    NtTerminateProcess((HANDLE)(-1), 0);
}

With the following vcxproj file that I hacked together...Note that I don't claim this to be definitive (haven't had the need for a production native app in a very long time) but should put you on the right path:

<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
  <ItemGroup Label="ProjectConfigurations">
    <ProjectConfiguration Include="Debug|Win32">
      <Configuration>Debug</Configuration>
      <Platform>Win32</Platform>
    </ProjectConfiguration>
    <ProjectConfiguration Include="Release|Win32">
      <Configuration>Release</Configuration>
      <Platform>Win32</Platform>
    </ProjectConfiguration>
    <ProjectConfiguration Include="Debug|x64">
      <Configuration>Debug</Configuration>
      <Platform>x64</Platform>
    </ProjectConfiguration>
    <ProjectConfiguration Include="Release|x64">
      <Configuration>Release</Configuration>
      <Platform>x64</Platform>
    </ProjectConfiguration>
  </ItemGroup>
  <PropertyGroup Label="Globals">
    <VCProjectVersion>16.0</VCProjectVersion>
    <Keyword>Win32Proj</Keyword>
    <ProjectGuid>{528ca95a-561b-4343-bd8a-205b5d808828}</ProjectGuid>
    <RootNamespace>NativeApp</RootNamespace>
    <WindowsTargetPlatformVersion>$(LatestTargetPlatformVersion)</WindowsTargetPlatformVersion>
  </PropertyGroup>
  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'" Label="Configuration">
    <ConfigurationType>Application</ConfigurationType>
    <UseDebugLibraries>true</UseDebugLibraries>
    <PlatformToolset>v142</PlatformToolset>
    <CharacterSet>Unicode</CharacterSet>
    <Driver_SpectreMitigation>false</Driver_SpectreMitigation>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'" Label="Configuration">
    <ConfigurationType>Application</ConfigurationType>
    <UseDebugLibraries>false</UseDebugLibraries>
    <PlatformToolset>v142</PlatformToolset>
    <WholeProgramOptimization>true</WholeProgramOptimization>
    <CharacterSet>Unicode</CharacterSet>
    <Driver_SpectreMitigation>false</Driver_SpectreMitigation>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'" Label="Configuration">
    <ConfigurationType>Application</ConfigurationType>
    <UseDebugLibraries>true</UseDebugLibraries>
    <PlatformToolset>v142</PlatformToolset>
    <CharacterSet>Unicode</CharacterSet>
    <Driver_SpectreMitigation>false</Driver_SpectreMitigation>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'" Label="Configuration">
    <ConfigurationType>Application</ConfigurationType>
    <UseDebugLibraries>false</UseDebugLibraries>
    <PlatformToolset>v142</PlatformToolset>
    <WholeProgramOptimization>true</WholeProgramOptimization>
    <CharacterSet>Unicode</CharacterSet>
    <Driver_SpectreMitigation>false</Driver_SpectreMitigation>
  </PropertyGroup>
  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
  <ImportGroup Label="ExtensionSettings">
  </ImportGroup>
  <ImportGroup Label="Shared">
  </ImportGroup>
  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
  </ImportGroup>
  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
  </ImportGroup>
  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
  </ImportGroup>
  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
  </ImportGroup>
  <PropertyGroup Label="UserMacros" />
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
    <LinkIncremental>false</LinkIncremental>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
    <LinkIncremental>false</LinkIncremental>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
    <LinkIncremental>false</LinkIncremental>
  </PropertyGroup>
  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
    <LinkIncremental>false</LinkIncremental>
  </PropertyGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|Win32'">
    <ClCompile>
      <WarningLevel>Level3</WarningLevel>
      <SDLCheck>true</SDLCheck>
      <PreprocessorDefinitions>_DEBUG%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <ConformanceMode>true</ConformanceMode>
      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
      <SupportJustMyCode>false</SupportJustMyCode>
      <BufferSecurityCheck>false</BufferSecurityCheck>
      <ExceptionHandling>false</ExceptionHandling>
      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
    </ClCompile>
    <Link>
      <SubSystem>Native</SubSystem>
      <GenerateDebugInformation>true</GenerateDebugInformation>
      <AdditionalDependencies>ntdll.lib</AdditionalDependencies>
      <IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
    </Link>
  </ItemDefinitionGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|Win32'">
    <ClCompile>
      <WarningLevel>Level3</WarningLevel>
      <FunctionLevelLinking>true</FunctionLevelLinking>
      <IntrinsicFunctions>true</IntrinsicFunctions>
      <SDLCheck>true</SDLCheck>
      <PreprocessorDefinitions>NDEBUG%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <ConformanceMode>true</ConformanceMode>
      <BufferSecurityCheck>false</BufferSecurityCheck>
      <ExceptionHandling>false</ExceptionHandling>
    </ClCompile>
    <Link>
      <SubSystem>Native</SubSystem>
      <EnableCOMDATFolding>true</EnableCOMDATFolding>
      <OptimizeReferences>true</OptimizeReferences>
      <GenerateDebugInformation>true</GenerateDebugInformation>
      <AdditionalDependencies>ntdll.lib</AdditionalDependencies>
      <IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
    </Link>
  </ItemDefinitionGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|x64'">
    <ClCompile>
      <WarningLevel>Level3</WarningLevel>
      <SDLCheck>true</SDLCheck>
      <PreprocessorDefinitions>_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <ConformanceMode>true</ConformanceMode>
      <DebugInformationFormat>ProgramDatabase</DebugInformationFormat>
      <SupportJustMyCode>false</SupportJustMyCode>
      <BufferSecurityCheck>false</BufferSecurityCheck>
      <ExceptionHandling>false</ExceptionHandling>
      <BasicRuntimeChecks>Default</BasicRuntimeChecks>
    </ClCompile>
    <Link>
      <SubSystem>Native</SubSystem>
      <GenerateDebugInformation>true</GenerateDebugInformation>
      <AdditionalDependencies>ntdll.lib</AdditionalDependencies>
      <IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
    </Link>
  </ItemDefinitionGroup>
  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|x64'">
    <ClCompile>
      <WarningLevel>Level3</WarningLevel>
      <FunctionLevelLinking>true</FunctionLevelLinking>
      <IntrinsicFunctions>true</IntrinsicFunctions>
      <SDLCheck>true</SDLCheck>
      <PreprocessorDefinitions>NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
      <ConformanceMode>true</ConformanceMode>
      <BufferSecurityCheck>false</BufferSecurityCheck>
      <ExceptionHandling>false</ExceptionHandling>
    </ClCompile>
    <Link>
      <SubSystem>Native</SubSystem>
      <EnableCOMDATFolding>true</EnableCOMDATFolding>
      <OptimizeReferences>true</OptimizeReferences>
      <GenerateDebugInformation>true</GenerateDebugInformation>
      <AdditionalDependencies>ntdll.lib</AdditionalDependencies>
      <IgnoreAllDefaultLibraries>true</IgnoreAllDefaultLibraries>
    </Link>
  </ItemDefinitionGroup>
  <ItemGroup>
    <ClCompile Include="NativeApp.c" />
  </ItemGroup>
  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
  <ImportGroup Label="ExtensionTargets">
  </ImportGroup>
</Project>

Scott_Noone_(OSR)

Re: On the journey to develop a pci bus filter driver

Hi @Pavel_A,

I am working on a hardware diagnostics software. For this, I need to be able to access the hardware as directly as possible without the interference from other software. The PCI configuration space of some types of devices contains information about the device’s current health state. For instance, from the Intel HDA specification [1], I want to read the CORB Status register, the specification part about CORB Status register reads “If this status bit is set, the controller has detected an error in the pathway between the controller and memory”. This is also true for other kinds of devices attached to the PCI bus. Thus, I am developing a filter driver in order to achieve this.

[1] -https://www.intel.com/content/dam/www/public/us/en/documents/product-specifications/high-definition-audio-specification.pdf

calango

Re: Create a custom app API/Interface for controlling UMDF (IddCx) driver?

You should not create an externally activatable COM interface in a UMDF driver (v1 or 2). The IddCx sample and docs do not talk about normal IO in an IddCx client driver. It should be a simple experiment in your AddDevice routine:
1) create a device interface
2) create a WDFQUEUE to handle IOCTLs

and in your app, enumerate the device interface, open it, and try to send an IOCTL and see if it shows up in your driver.

Doron_Holan

Re: On the journey to develop a pci bus filter driver

Missing an important detail. The filter DO needs to know during the pnp remove if the underlying PDO was reported missing. If reported missing the filter DO detaches and deletes. If the PDO is still reported as present the filter DO should not detach and delete during the pnp remove.

Doron_Holan

Re: On the journey to develop a pci bus filter driver

Doron, glad you caught that. I realized it has been close to 10 years since I did my last PCI bus filter driver.

Don_Burn

Re: different to driver attachment

One obvious difference is that IoGetLowerDeviceObject gets the immediate next object down, while IoGetDeviceAttachmentBaseRef goes straight to the bottom.

Tim_Roberts

Re: Can't get TRACE_LEVEL_VERBOSE WPP trace statements to show up

WPP is a strange beast and it runs its own pre-processor over the code before the C pre-processor. Any time you try to incorporate C #defines in your WPP goo things usually don't work out the way you expect (digging through the TMFs should tell you what the actual result is of trying to put your own define in the WPP_LEVEL macros).

I've done a lot of hideous things with WPP but I've never tried to have one trace function that uses different flags based on the module. Maybe someone else has done this and can chime in, otherwise I'd say best bet is to go with the alternatives.

Scott_Noone_(OSR)

Re: Is there a way to call a WDM root-enumerated driver from another WDM PnP driver?

The doc page for IoRegisterPlugPlayNotification answers your question. Did you read it?

Doron_Holan

Re: PLD information for USB ports

You don't need a driver. The PLD information is surfaced as a property on each of the usb hubs that report this information. In user mode, you enumerate each hub and then query for the property.

The powershell entity APIs describe it, you can use raw win32/wmi if you truly want
https://docs.microsoft.com/en-us/powershell/module/pnpdevice/get-pnpdeviceproperty?view=win10-ps
https://docs.microsoft.com/en-us/windows-hardware/drivers/install/devpkey-device-physicaldevicelocation

Doron_Holan