Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Win10 Checked version of NDIS.sys

Jay_KumarJay_Kumar Member Posts: 18

Hi Folks,
Any one help me here.
I downloaded entire checked build of Win10 OS version 1511, where i can find the debug version of NDIS.sys driver file.

Thanks,

Comments

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,493

    As a general rule, you can't install the checked version of a single driver. You need to install the whole checked system.

    As another general rule, the checked systems aren't very useful. What are you hoping to find? And, from a higher level, what kind of a driver are you planning to write?

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Sergey_PisarevSergey_Pisarev Member - All Emails Posts: 248
    edited March 29

    @Tim_Roberts said:
    As a general rule, you can't install the checked version of a single driver. You need to install the whole checked system.

    Why not ? That’s what we doing when debugging our own drivers. So unless you talking about closely coupled modules like nt and hal it is totally ok to use checked version of driver on release system.

    As another general rule, the checked systems aren't very useful. What are you hoping to find?

    Additional asserts definitely can be helpful.

  • Jay_KumarJay_Kumar Member Posts: 18

    Thank you for the replies.

    I am trying to write virtual NDIS miniport driver. I downloaded the entire Win10 OS checked build from MSDN subscription not just any single driver. To get more understanding of the NDIS framework I wanted to enable the NDIS tracing as mentioned in the MSDN page. But when i run the command to enable tracing "ndiskd.dbgsystems" it throws error.

    !ndiskd.dbgsystems
    This target does not support tracing through !ndiskd.dbglevel or
    !ndiskd.dbgsystems.
    Learn how to collect traces with WPP

    Then i checked whether i am running free or checked OS in the Windbg output, it says the operating system is checked OS as shown below.
    "Windows 10 Kernel Version Checked x64".

    I am sure the OS is checked build as i see some assertion getting failed. But couldn't enable NDIS tracing. Please help me.

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,898

    As a general rule, you can't install the checked version of a single driver. You need to install the whole checked system.

    As another general rule, the checked systems aren't very useful. What are you hoping to find? And, from a higher level, what kind of a driver are you planning to write?

    With all due respect to my colleague Mr Roberts, I don’t agree with either of these assertions.

    Installing just the checked build of various system components — if and when you can find them — has always worked. You can install just the checked kernel and HAL, or even just the checked version of NTFS.SYS or all the drivers in the storage stack. The checked build is just the “debug” flavor of the driver, after all, and doesn’t require any special support from the OS (anymore than running the debug build of your own driver does).

    The extra checking provided by the checked/debug build can be very helpful is finding otherwise difficult problems. There is often (more, additional) logging in the checked drivers that’s not in the release build.

    Having said that, I agree that using the checked build has gone “out of style” over the past number of years. Running your drivers on the checked build before release USED TO be a best practice. Now, the checked build of anything is so hard to find, it’s barely done anymore. And, because of that, I suspect the MSFT devs are less likely these days to add cool, value-added checking in the checked builds of their code. All this combines to make using the checked build something that’s rarely done these days. We regularly release code that has never been run on a checked build of the OS. Even five years ago, that would have been a heresy.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Jay_KumarJay_Kumar Member Posts: 18

    Hi Peter,

    What is the best way to get detailed tracing of the Microsoft internal NDIS driver if checked build of the OS is not a good option?

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,898

    Well... I'm not an NDIS person, so I don't know.

    I do know that you ARE apparently already running the checked build of the OS... and when you install "the entire Win10 OS checked build from MSDN subscription" you install the checked OS image, the checked HAL, and all the checked drivers (and applications, even).

    So, I'd say you already are running the checked build of the drivers. Sorry I didn't see this in your initial post.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Jay_KumarJay_Kumar Member Posts: 18

    Even though i am running Win10 checked OS i am not seeing any NDIS messages and first of all could not enabled NDIS tracing as per MSDN page. https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/enabling-ndis-debug-tracing

  • Peter_Viscarola_(OSR)Peter_Viscarola_(OSR) Administrator Posts: 7,898

    Did you read about collecting WPP traces, as the output you quoted says?

    Like I said... I’m not an NDIS guy, but I can read.

    Peter

    Peter Viscarola
    OSR
    @OSRDrivers

  • Pavel_APavel_A Member Posts: 2,713

    to the WDK forum

    So where we can find TMF for NDIS.sys these days?

    -- pa

  • Dejan_MaksimovicDejan_Maksimovic Member - All Emails Posts: 326
    via Email
    Pardon the offtopic, but how did you get the Checked build, and even
    more importantly, how did you get it to install?
    There is only one Checked build of W10 on MSDN (1511) and I know of
    noone who was able to install it to date..

    > "Windows 10 Kernel Version Checked x64".
    >
  • mksp10mksp10 Member Posts: 2

    The WPP trace info is in the NDIS pdb symbol file on Windows 10. I think the .tmf files can be extracted from it, but that shouldn't be needed. (The checked build also isn't needed for WPP logging.)
    In WinDbg run

    !wmitrace.start ndis -kd
    !wmitrace.enable ndis {DD7A21E6-A651-46D4-B7C2-66543067B869} -level 4 -flag 0x31f3
    

    as per https://docs.microsoft.com/en-us/windows-hardware/drivers/debugger/-ndiskd-dbgsystems
    If only 'No Format Information found' messages are displayed, sometimes I find running !wmitrace.logdump ndis fixes it. As ever with WPP, YMMV.

    It should also be possible view the messages by loading the correct ndis.pdb in TraceView. I haven't often, however, found NDIS logging to be that useful with the issues I've tried using it to look into.

  • Jay_KumarJay_Kumar Member Posts: 18

    Hi Dejan_Maksimovic,

    Even i encountered lot of failure from BIOS or EFI or after installing the Windows, it says critical system process failed. But somehow i am able to make it to boot successfully. Definitely Microsoft people has to take a look why Win10 1511 debug version is failing, instead of everyone wasting our time.

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,493

    Definitely Microsoft people has to take a look why Win10 1511 debug version is failing, instead of everyone wasting our time.

    That release is more than 4 years old. Thanks to the new aggressive update philosophy, almost no one in the real world is running that build, and you're not going to find anyone in Redmond interested in looking at it.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Jay_KumarJay_Kumar Member Posts: 18

    True :)

    Now i am running WMI tracing what mksp mentioned in his reply. I am seeing some of the NDIS tracing.

  • Jeffrey_Tippet_[MSFT]Jeffrey_Tippet_[MSFT] Member - All Emails Posts: 573

    The WPP trace info is in the NDIS pdb symbol file on Windows 10. I think the .tmf files can be extracted from it, but that shouldn't be needed. (The checked build also isn't needed for WPP logging.)

    Yup. As of Windows 8, NDIS.PDB from the public symbol server has the TMF files literally embedded in it. If you need to see them, tracepdb.exe can extract them. But you don't usually need to see them; most WPP tools understand how to get the TMFs from the PDB automatically. If you're still using Windows 7, see this page: https://docs.microsoft.com/en-us/archive/blogs/ndis/tmf-download-page

    . . . checked build . . .

    You can definitely place a CHK version of NDIS.SYS onto an ordinary FRE operating system. I do most of my day-to-day testing by doing exactly that. (.kdfiles is awesome!) However, as Mr Viscarola says, there's actually not a big difference between FRE and CHK anymore. In very old versions of NDIS (Windows XP...), you needed to use the CHK version to activate much of the debugging functionality. But more recently, and certainly with Windows 10, most of the debugging features work just fine with a FRE version. There are a few ancient old debugger commands like !ndiskd.mem that still require CHK, I think, but those commands aren't very useful anymore.

    Far more importantly: enable Driver Verifier with the NDIS/WIFI flag. Enable this on at least your driver and NDIS.SYS. You may need WDIWIFI.SYS and/or NETADAPTERCX.SYS if you're using those. In a few cases, it'll also help to enable it on TCPIP.SYS and NETIO.SYS, although that's usually not necessary. Enabling it on the entire system is the easiest thing to do, although it'll slow things down noticeably.

    These days, the CHK version of NDIS is mostly geared towards verifying the correctness of NDIS.SYS itself, so it's mostly there for the Microsoft team to use. Driver Verifier is geared towards verifying the correctness of 3rd party drivers, so it's for you.

  • Jay_KumarJay_Kumar Member Posts: 18

    Thanks Jeffery for the most valuable inputs. Really appreciate it.

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 Mar 2020 OSR Seminar Space
Developing Minifilters 15 Jun 2020 LIVE ONLINE
Writing WDF Drivers 22 June 2020 LIVE ONLINE
Internals & Software Drivers 28 Sept 2020 Dulles, VA