Which development studio or device driver kit

OK can someone kindly provide any name of really DDK and or IDE for the development of Windows device drivers. I need to implement a filtering drivers or rather drivers that monitor the stack for each and each and every OSI layer skipping layers that are not applicable. I need to develop a NDIS driver for my project as well. Will Visual Studios work ? Does it come with a DDK and kernel debugger ? Which version of VS will work 2013 Ultimate ? I don’t have a lot of cash for a paid version right now so maybe the free version of studios might work if it comes with a DDK. Is there any DDK and IDE better and more popular than VS2013 or VS2015 or which ever is the latest version.

Thanks

If you have VS2013 Ultimate, you can get the Win8.1 WDK for free and build
drivers.

Don Burn
Windows Driver Consulting
Website: http://www.windrvr.com

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@hotmail.com
Sent: Saturday, February 11, 2017 7:04 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] Which development studio or device driver kit

OK can someone kindly provide any name of really DDK and or IDE for the
development of Windows device drivers. I need to implement a filtering
drivers or rather drivers that monitor the stack for each and each and every
OSI layer skipping layers that are not applicable. I need to develop a NDIS
driver for my project as well. Will Visual Studios work ? Does it come with
a DDK and kernel debugger ? Which version of VS will work 2013 Ultimate ? I
don’t have a lot of cash for a paid version right now so maybe the free
version of studios might work if it comes with a DDK. Is there any DDK and
IDE better and more popular than VS2013 or VS2015 or which ever is the
latest version.

Thanks


NTDEV is sponsored by OSR

Visit the list online at:
http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software
drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at
http:</http:></http:></http:>

I would always recommend the latest of both, but I think not everyone would
agree.
I use WDK 10 with VStudio 2015 for any driver related project.
Check here:
https://developer.microsoft.com/en-us/windows/hardware/windows-driver-kit

Cheers,
Gabriel
www.kasardia.com

On Sun, Feb 12, 2017 at 1:07 AM, Don Burn wrote:

> If you have VS2013 Ultimate, you can get the Win8.1 WDK for free and build
> drivers.
>
>
> Don Burn
> Windows Driver Consulting
> Website: http://www.windrvr.com
>
>
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of
> xxxxx@hotmail.com
> Sent: Saturday, February 11, 2017 7:04 PM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] Which development studio or device driver kit
>
> OK can someone kindly provide any name of really DDK and or IDE for the
> development of Windows device drivers. I need to implement a filtering
> drivers or rather drivers that monitor the stack for each and each and
> every
> OSI layer skipping layers that are not applicable. I need to develop a NDIS
> driver for my project as well. Will Visual Studios work ? Does it come with
> a DDK and kernel debugger ? Which version of VS will work 2013 Ultimate ? I
> don’t have a lot of cash for a paid version right now so maybe the free
> version of studios might work if it comes with a DDK. Is there any DDK and
> IDE better and more popular than VS2013 or VS2015 or which ever is the
> latest version.
>
> Thanks
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at:
> http:
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software
> drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at
> http:
>
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
>


Bercea. G.</http:></http:></http:></http:></http:>

I believe a free of charge VS Community Edition works perfectly well with WDK. The full WDK version is free of charge.

Follow instruction on https://msdn.microsoft.com/en-us/library/windows/hardware/ff557573(v=vs.85).aspx to get free of charge VS Community and WDK.

That claim seems correct:

https://msdn.microsoft.com/en-us/windows/hardware/drivers/develop/building-a-driver

Quoting:

You can use any edition of Microsoft Visual Studio 2015, including
Microsoft Visual Studio Community 2015, to build drivers for:

  • Windows 10
  • Windows 8.1
  • Windows 7

On Sun, Feb 12, 2017 at 4:50 PM, wrote:

> I believe a free of charge VS Community Edition works perfectly well with
> WDK. The full WDK version is free of charge.
>
> Follow instruction on https://msdn.microsoft.com/en-
> us/library/windows/hardware/ff557573(v=vs.85).aspx to get free of
> charge VS Community and WDK.
>
> —
> NTDEV is sponsored by OSR
>
> Visit the list online at: http:> showlists.cfm?list=ntdev>
>
> MONTHLY seminars on crash dump analysis, WDF, Windows internals and
> software drivers!
> Details at http:
>
> To unsubscribe, visit the List Server section of OSR Online at <
> http://www.osronline.com/page.cfm?name=ListServer&gt;
></http:></http:>

On Feb 11, 2017, at 4:04 PM, xxxxx@hotmail.com wrote:

OK can someone kindly provide any name of really DDK and or IDE for the development of Windows device drivers. I need to implement a filtering drivers or rather drivers that monitor the stack for each and each and every OSI layer skipping layers that are not applicable.

Your goal doesn’t make sense. You can’t arbitrary skip network layers. The only drivers that will be in your stack are those that are necessary to get the packet on the wire. If an application sends an HTTP packet to a socket, it needs to be wrapped in TCP (layer 4), IP (layer 3), and Ethernet (layer 2) before it goes out on the wire (layer 1). Without those, the packets cannot be read at the other end.

What are you hoping to achieve through this?

Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

@Tim thanks for the clarification. However I would like to program a TCP stack monitoring application. I want to follow the payload or data being sent and want to monitor the formatting as I call it that is added at each layer. Must I write a filter driver for each layer in despite your mentioning of layers 2-4. What about layer 5 and or 6 ? Is there a filtering driver that can be implemented ?

Thank you and please accept my apologies for my lack of knowledge and experience working with device driver development. It’s an entire new world for me.

xxxxx@hotmail.com wrote:

@Tim thanks for the clarification. However I would like to program a TCP stack monitoring application. I want to follow the payload or data being sent and want to monitor the formatting as I call it that is added at each layer. Must I write a filter driver for each layer in despite your mentioning of layers 2-4.

First, I should say that I’m not primarily a network guy, so it may be
that I am mistaken here, but I’m not convinced there are hooks to enable
all of that. For example, I’m not sure that TCP and IP (layers 4 and 3)
are actually implemented in separate drivers. You probably want to
investigate the Windows Filtering Platform. I suspect that will provide
you with the best view into the overall network stack.

What about layer 5 and or 6 ? Is there a filtering driver that can be implemented ?

You need to do some more reading about this. The OSI layers are a
convenient conceptual model, but the model isn’t rigidly followed by any
physical implementation. In the TCP/IP world, for example, layers 7 ,
6, and most of 5 are handled by applications. (Think about your web
browser or your email reader.) By the time a packet gets written to a
socket and sent to kernel mode, it’s basically at layer 4.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.

Tim is correct. In Windows (and every other OS I know of), the TCP/IP stack is implemented in a monolithic fashion for performance reasons and it is impossible to follow data through it in the way that you are asking about. Throw in TCP offload engines and SRV-IO and your task is completely impossible. In some cases, if a correctly coded network app is running on high end hardware, the user buffer can be DMA?ed directly to/from the NIC without any protocol processing on the CPU at all.

What is usually done is to capture data at the lowest possible level in the stack and then to extract the information you are looking for by interpreting the headers applied by each level to infer what was done. This approach works for layers 2, 3 & 4. Sometimes it can be extended into higher levels with deep understanding of specific applications. It cannot be extended lower without hardware support.

As Tim suggests, I recommend that you look at the Windows Filtering Platform as a way to collect this data. An alternative would be pcap but many administrators frown on this library on account of the side effects it can have.

Sent from Mailhttps: for Windows 10

From: Tim Robertsmailto:xxxxx
Sent: February 15, 2017 12:23 PM
To: Windows System Software Devs Interest Listmailto:xxxxx
Subject: Re: [ntdev] Which development studio or device driver kit

xxxxx@hotmail.com wrote:
> @Tim thanks for the clarification. However I would like to program a TCP stack monitoring application. I want to follow the payload or data being sent and want to monitor the formatting as I call it that is added at each layer. Must I write a filter driver for each layer in despite your mentioning of layers 2-4.

First, I should say that I’m not primarily a network guy, so it may be
that I am mistaken here, but I’m not convinced there are hooks to enable
all of that. For example, I’m not sure that TCP and IP (layers 4 and 3)
are actually implemented in separate drivers. You probably want to
investigate the Windows Filtering Platform. I suspect that will provide
you with the best view into the overall network stack.

> What about layer 5 and or 6 ? Is there a filtering driver that can be implemented ?

You need to do some more reading about this. The OSI layers are a
convenient conceptual model, but the model isn’t rigidly followed by any
physical implementation. In the TCP/IP world, for example, layers 7 ,
6, and most of 5 are handled by applications. (Think about your web
browser or your email reader.) By the time a packet gets written to a
socket and sent to kernel mode, it’s basically at layer 4.


Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.


NTDEV is sponsored by OSR

Visit the list online at: http:

MONTHLY seminars on crash dump analysis, WDF, Windows internals and software drivers!
Details at http:

To unsubscribe, visit the List Server section of OSR Online at http:</http:></http:></http:></mailto:xxxxx></mailto:xxxxx></https:>