OK can someone kindly provide any name of really DDK and or IDE for the development of Windows device drivers. I need to implement a filtering drivers or rather drivers that monitor the stack for each and each and every OSI layer skipping layers that are not applicable. I need to develop a NDIS driver for my project as well. Will Visual Studios work ? Does it come with a DDK and kernel debugger ? Which version of VS will work 2013 Ultimate ? I don’t have a lot of cash for a paid version right now so maybe the free version of studios might work if it comes with a DDK. Is there any DDK and IDE better and more popular than VS2013 or VS2015 or which ever is the latest version.
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com
Sent: Saturday, February 11, 2017 7:04 PM
To: Windows System Software Devs Interest List Subject: [ntdev] Which development studio or device driver kit
OK can someone kindly provide any name of really DDK and or IDE for the development of Windows device drivers. I need to implement a filtering drivers or rather drivers that monitor the stack for each and each and every OSI layer skipping layers that are not applicable. I need to develop a NDIS driver for my project as well. Will Visual Studios work ? Does it come with a DDK and kernel debugger ? Which version of VS will work 2013 Ultimate ? I don’t have a lot of cash for a paid version right now so maybe the free version of studios might work if it comes with a DDK. Is there any DDK and IDE better and more popular than VS2013 or VS2015 or which ever is the latest version.
> If you have VS2013 Ultimate, you can get the Win8.1 WDK for free and build > drivers. > > > Don Burn > Windows Driver Consulting > Website: http://www.windrvr.com > > > > -----Original Message----- > From: xxxxx@lists.osr.com > [mailto:xxxxx@lists.osr.com] On Behalf Of > xxxxx@hotmail.com > Sent: Saturday, February 11, 2017 7:04 PM > To: Windows System Software Devs Interest List > Subject: [ntdev] Which development studio or device driver kit > > OK can someone kindly provide any name of really DDK and or IDE for the > development of Windows device drivers. I need to implement a filtering > drivers or rather drivers that monitor the stack for each and each and > every > OSI layer skipping layers that are not applicable. I need to develop a NDIS > driver for my project as well. Will Visual Studios work ? Does it come with > a DDK and kernel debugger ? Which version of VS will work 2013 Ultimate ? I > don’t have a lot of cash for a paid version right now so maybe the free > version of studios might work if it comes with a DDK. Is there any DDK and > IDE better and more popular than VS2013 or VS2015 or which ever is the > latest version. > > Thanks > > — > NTDEV is sponsored by OSR > > Visit the list online at: > http: > > MONTHLY seminars on crash dump analysis, WDF, Windows internals and > software > drivers! > Details at http: > > To unsubscribe, visit the List Server section of OSR Online at > http: > > > — > NTDEV is sponsored by OSR > > Visit the list online at: http:> showlists.cfm?list=ntdev> > > MONTHLY seminars on crash dump analysis, WDF, Windows internals and > software drivers! > Details at http: > > To unsubscribe, visit the List Server section of OSR Online at < > http://www.osronline.com/page.cfm?name=ListServer> >
You can use any edition of Microsoft Visual Studio 2015, including
Microsoft Visual Studio Community 2015, to build drivers for:
Windows 10
Windows 8.1
Windows 7
On Sun, Feb 12, 2017 at 4:50 PM, wrote:
> I believe a free of charge VS Community Edition works perfectly well with > WDK. The full WDK version is free of charge. > > Follow instruction on https://msdn.microsoft.com/en- > us/library/windows/hardware/ff557573(v=vs.85).aspx to get free of > charge VS Community and WDK. > > — > NTDEV is sponsored by OSR > > Visit the list online at: http:> showlists.cfm?list=ntdev> > > MONTHLY seminars on crash dump analysis, WDF, Windows internals and > software drivers! > Details at http: > > To unsubscribe, visit the List Server section of OSR Online at < > http://www.osronline.com/page.cfm?name=ListServer> ></http:></http:>
OK can someone kindly provide any name of really DDK and or IDE for the development of Windows device drivers. I need to implement a filtering drivers or rather drivers that monitor the stack for each and each and every OSI layer skipping layers that are not applicable.
Your goal doesn’t make sense. You can’t arbitrary skip network layers. The only drivers that will be in your stack are those that are necessary to get the packet on the wire. If an application sends an HTTP packet to a socket, it needs to be wrapped in TCP (layer 4), IP (layer 3), and Ethernet (layer 2) before it goes out on the wire (layer 1). Without those, the packets cannot be read at the other end.
What are you hoping to achieve through this?
—
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
@Tim thanks for the clarification. However I would like to program a TCP stack monitoring application. I want to follow the payload or data being sent and want to monitor the formatting as I call it that is added at each layer. Must I write a filter driver for each layer in despite your mentioning of layers 2-4. What about layer 5 and or 6 ? Is there a filtering driver that can be implemented ?
Thank you and please accept my apologies for my lack of knowledge and experience working with device driver development. It’s an entire new world for me.
@Tim thanks for the clarification. However I would like to program a TCP stack monitoring application. I want to follow the payload or data being sent and want to monitor the formatting as I call it that is added at each layer. Must I write a filter driver for each layer in despite your mentioning of layers 2-4.
First, I should say that I’m not primarily a network guy, so it may be
that I am mistaken here, but I’m not convinced there are hooks to enable
all of that. For example, I’m not sure that TCP and IP (layers 4 and 3)
are actually implemented in separate drivers. You probably want to
investigate the Windows Filtering Platform. I suspect that will provide
you with the best view into the overall network stack.
What about layer 5 and or 6 ? Is there a filtering driver that can be implemented ?
You need to do some more reading about this. The OSI layers are a
convenient conceptual model, but the model isn’t rigidly followed by any
physical implementation. In the TCP/IP world, for example, layers 7 ,
6, and most of 5 are handled by applications. (Think about your web
browser or your email reader.) By the time a packet gets written to a
socket and sent to kernel mode, it’s basically at layer 4.
–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.
Tim is correct. In Windows (and every other OS I know of), the TCP/IP stack is implemented in a monolithic fashion for performance reasons and it is impossible to follow data through it in the way that you are asking about. Throw in TCP offload engines and SRV-IO and your task is completely impossible. In some cases, if a correctly coded network app is running on high end hardware, the user buffer can be DMA?ed directly to/from the NIC without any protocol processing on the CPU at all.
What is usually done is to capture data at the lowest possible level in the stack and then to extract the information you are looking for by interpreting the headers applied by each level to infer what was done. This approach works for layers 2, 3 & 4. Sometimes it can be extended into higher levels with deep understanding of specific applications. It cannot be extended lower without hardware support.
As Tim suggests, I recommend that you look at the Windows Filtering Platform as a way to collect this data. An alternative would be pcap but many administrators frown on this library on account of the side effects it can have.
From: Tim Robertsmailto:xxxxx Sent: February 15, 2017 12:23 PM To: Windows System Software Devs Interest Listmailto:xxxxx Subject: Re: [ntdev] Which development studio or device driver kit
xxxxx@hotmail.com wrote: > @Tim thanks for the clarification. However I would like to program a TCP stack monitoring application. I want to follow the payload or data being sent and want to monitor the formatting as I call it that is added at each layer. Must I write a filter driver for each layer in despite your mentioning of layers 2-4.
First, I should say that I’m not primarily a network guy, so it may be that I am mistaken here, but I’m not convinced there are hooks to enable all of that. For example, I’m not sure that TCP and IP (layers 4 and 3) are actually implemented in separate drivers. You probably want to investigate the Windows Filtering Platform. I suspect that will provide you with the best view into the overall network stack.
> What about layer 5 and or 6 ? Is there a filtering driver that can be implemented ?
You need to do some more reading about this. The OSI layers are a convenient conceptual model, but the model isn’t rigidly followed by any physical implementation. In the TCP/IP world, for example, layers 7 , 6, and most of 5 are handled by applications. (Think about your web browser or your email reader.) By the time a packet gets written to a socket and sent to kernel mode, it’s basically at layer 4.
– Tim Roberts, xxxxx@probo.com Providenza & Boekelheide, Inc.