Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


network connections status in kernel mode from non-network driver?

Muthu_KumarMuthu_Kumar Member Posts: 29

I've a need to determine if the system is connected to internet (wifi or lan) from a custom kernel mode driver (not an network driver). Any pointers how this could
be done?

Comments

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,823

    That's not the right place to do that. A helper user-mode service could do this trivially and salt away a status somewhere that your driver could query.

    However, step back a moment. Why do you think you need this in the first place? What decisions can you possibly make based on this information? If you need to reach a server somewhere, then you just go connect to the server. Having internet access does not guarantee you access to your server.
    Specifically, this sequence:

        if( attached to the internet )
            try to contact our server
            if( failure )
                handle fallback
        else
            handle fallback
    

    offers you absolutely no additional benefits over this sequence:

        try to contact our server
        if( failure )
            handle fallback
    

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Muthu_KumarMuthu_Kumar Member Posts: 29
    edited February 20

    Hello Tim, Just need a way to check if Internet is available. The driver will not be pinging or attempting to connect to a server. The driver will perform specific device configuration if internet is not available. The UWP app (HSA) might not be running all the time to tell the driver (via ioctl) to config the device if network is disconnected

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,823

    I don't buy it. If you're not a network device, then why would you care about a network? And your last sentence says "if network is disconnected". Are you just asking about a network in general, or do you really need Internet? The two are quite different.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Muthu_KumarMuthu_Kumar Member Posts: 29

    I'm not sure what you mean don't buy it. I'm not trying to convince you here.. No offense. I've a need to check if the system is connected to internet. WiFi/LAN or even broadband. I could get away if I can just enumerate list of network adapters and check if connected or not.

  • Muthu_KumarMuthu_Kumar Member Posts: 29

    Looks like WMI might be the way to go. https://community.osr.com/discussion/195111

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,823

    Just because a network adapter is lit up doesn't mean it can reach the internet.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Muthu_KumarMuthu_Kumar Member Posts: 29

    True. Got somewhere by handling MSNdis_StatusOperationalStatus_GUID notification and seems to work for WiFi not wired network. I'd have to just assume if connected, internet is avilable

  • MBond2MBond2 Member Posts: 277

    This is a bizarre and probably impossible requirement.

    Tim says that it is easy in UM, but I dispute that too. Knowing when you are connected to the Internet - the real actual Internet is a very hard thing to know.

    There is probably no valid use case where you should change the behaviour of your code based in apparent internet access, but even if there is how can you possibly know? There is a little widgit in Windows that attempts to tell the user his internet connected status, but it is trivial to provide either false positive or false negative data to it. Even basic firewalls can do both

    This seems like one of those situations where none of us can help much without knowing more about what you are trying to achieve at a higher level

  • Muthu_KumarMuthu_Kumar Member Posts: 29
    edited February 25

    Unfortunately I can't provide more details on the use case. There is a use case even for a bizarre requirement. Anyway, I was able to handle MSNdis_StatusMediaConnectGuid and MSNdis_StatusMediaDisconnectGuid notifications and sufficient for my need now. Looks like I could go even further and check if address (IP) has been assigned etc.

  • anton_bassovanton_bassov Member MODERATED Posts: 5,223

    This is a bizarre and probably impossible requirement.

    ...unless you happen to be writing some malware that tries its best to avoid the detection, and.hence, spends most of its time "in a stealth mode", going up to the "operational one" only once in a while. If its"functionality" includes sending out data, such a requirement becomes perfectly understandable from its "theory of operations" standpoint, although technically still not really a feasible one....

    Anton Bassov

  • MBond2MBond2 Member Posts: 277

    handling these callbacks will tell you when you are connected to some network. That network might be something that is connected to the internet, or it might be anything else. If that is good enough for your purposes, than sure. But that's a long way from knowing if you are truly connected to the internet.

    but as Anton says, a valid requirement for malware or a most bizarre one for anything else. Consider what use this information could be. determining that you are connected to the internet does not imply that any particular connection attempt will succeed. or that the data obtained over a private network won't be just as untrustworthy as data from a public one. The golden rule of network programming (or any kind of programming across a boundary of trust) is never to try to know in advance if something is going to work or not, but to try it and handle the failure. and if against all odds it succeeds, validate the data as if you know it came from a hacker and has purposeful mal intent.

  • anton_bassovanton_bassov Member MODERATED Posts: 5,223

    handling these callbacks will tell you when you are connected to some network.

    .... and even this part is "a subject to change", because you may get (dis)connected at any moment. Therefore, the very suggestion that your driver's operations may somehow depend on something as fickle and volatile as a network connection status is plainly ridiculous......unless you are writing malware. A "legitimate" driver would simply try to connect to the server of interest in this situation - this is what kernel sockets are for, in the first place. However, for this or that reason the OP finds this approach unsuitable for his purposes.Taking into consideration his unwillingness to provide any additional info about his goals and purposes, I've got a weird feeling that they may be "rather nefarious"...

    Anton Bassov

  • Tim_RobertsTim_Roberts Member - All Emails Posts: 13,823

    I wouldn't go so far as to say "ridiculous", but Anton's fundamental point is correct. You can't make any decisions based on the "am I connected" state, because you might not be connected 2 seconds from now. If you need a resource, then you go fetch the resource and handle whatever errors that might occur. You don't base your "should I fetch the resource?" question on whether you were connected one second ago.

    Tim Roberts, [email protected]
    Providenza & Boekelheide, Inc.

  • Muthu_KumarMuthu_Kumar Member Posts: 29

    Folks, I'm not writing any malware.

  • MBond2MBond2 Member Posts: 277

    I believe you - in so far as that goes. but either you have discovered a new programming paradigm unknow to me in my 25 years or so of experience, you are creating malware of some kind, or you are falling into some kind of error. I don't mean to make it so stark - there is always a chance that you have hit on some useful scheme that requires this kind of information and I just don't understand it and you can't divulge it. The purpose of these comments from me is to help you identify if you are in that third case and falling into some kind of error. This seems most likely, but again you know more about it than any of us

Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. If you want to get involved, click one of these buttons!

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Writing WDF Drivers 7 Dec 2020 LIVE ONLINE
Internals & Software Drivers 25 Jan 2021 LIVE ONLINE
Developing Minifilters 8 March 2021 LIVE ONLINE