Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

Mocking NET_BUFFER / NET_BUFFER_LIST in user mode ?

IkkepopIkkepop Member Posts: 11

I have code that parses NET_BUFFER_LIST/NET_BUFFER structures I need to debug and test, however WinDBG/Visual Studio , is just making this task impossibly difficult in kernel space, It's making me want to sob uncontrollably and destroy things with my hands and fists, not to mention costing me countless hours and days of lost productivity.
Can I somehow serialize or mock or capture, NET_BUFFER and NET_BUFFER_LIST structures in a userspace , I need them to be realistic, and just jerry rigging some plausible scenarios by hand seems nearly impossible to do, due to how complex these structures are.
Driver debugging is just kicking my ass so badly.

Comments

  • Jason_StephensonJason_Stephenson Member Posts: 66
    edited February 27

    A key attribute to succeeding in this space is persistence. Keep at it. If you are using WinDBG you can use the following commands to display information about NBLs.

    • !ndiskd.nbl address
    • !ndiskd.nbl address -data

    Where address is a kernel memory address.

  • IkkepopIkkepop Member Posts: 11

    I'm currently investigating ndiskd, but what I'm missing is some way to see what is inside the frame to verify I parsed it correctly, is there some way to do that ?

  • Jason_StephensonJason_Stephenson Member Posts: 66

    Not sure what you mean by frame, but if you want to see what's in the packet then the aforementioned commands will do that.

  • IkkepopIkkepop Member Posts: 11

    I meant to actually parse the bytes in the packet and display what kind of headers there is inside. That would be nice for verifying my own implementation agrees with it.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 20 Apr 2020 LIVE ONLINE
Writing WDF Drivers 11 May 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA