Inf File

Hello everybody. I have some problem conserning to the driver installation inf. file. I want to hava an ImagePath for windows driver (ServiceBinary entry in the driver’s INF file) to be in custom directory (on USB flash); I have writen like this
[DestinationDirs]
DefaultDestDir=-1; E:\path
NdisCopyfilessys=-1; E:\path

[… copyfiles.sys]
myDriver,2

[…_Service_Inst]

ServiceBinary=%-1%\myDriver.sys

What is wrong. Thank You;

What does setupapi.dev.log say? How is it failing? The driver binary cannot reside on removable media….I can’t find the specific INF doc page that states this requirement (and the copy dest DIR might be more restrictive).

Right. Think about what that would mean. What if the drive is not present on boot? What if the drive enumerates as F:? What if you yank the drive during operation? You can’t put a driver on removable media.

Thank You for Your reply. At first - It says “Could not add the requested future. The error is: A service installation section in this inf is invalid” . Second. I tryed to write StartType=3 (SERVICE_DEMAND_START). It also dont work; Third. Well. Windows dont allow me to have a driver image in removable disk. But Windows is not allow me to have a driver image alsow in eny random directory on hard disk, for example in myoun directory “C:\MyDir”, exept some predefined system catalogs. Thank You.

Drivers belong in C:\Windows\System32\Drivers. If this is a non-PnP driver, then you don’t need an INF at all. You can put the driver where you want (on a non-removable disk) and use the Service Manager APIs to create the Services entry to point wherever you want. This is how most of the SysInternals tools work. They have their drivers stored in the application’s resources, and they install on the fly.

Thank You Dear Tim_Roberts. A will try to do what You sey.

Sorry, I did as You said, but nothing happend.

I only want to have my drivers image in another dyrectory. No at Windows\System32\drivers

It’s not clear how the %-1% syntax is used. At least, not to me. Try %24%\mydir\ to use a directory on the system disk and see if that works. Absolute drive letters are a problem, as Mr Roberts mentioned.

Thank You Mr. Peter_Viscarola. But that also not works. I looked to the windows policy rules, but nothing found there. My goal is to hide my net filter driver in the flash drive so that it is impossible to copy it.

Now I am trying to pass outgoing traffic to user mode, and to do some modifications there in user mode context. But it is not optimal, because the very large amount of data will be circulate from driver to user mode application and after from user mode to nic.

You can NOT, under any circumstances, put a driver on a removable drive. Full stop. I think Mr Roberts made that clear earlier. If %24% doesn’t work for the serviceBinary key, you’re doing something wrong. Post the exact syntax you’re using, please. Peter

Are you running the INF verification tool to validate your INF?

No, I am not running any verification tool. Well. Thank You very mach.
;-------------------------------------------------------------------------
; NdisEncrypt.INF – NDIS LightWeight Filter Driver
;
; TODO: Search for comments marked “TODO:”, and follow their instructions to
; customize this INF for your driver. Then delete the “TODO:” comments.
;-------------------------------------------------------------------------

[version]
; Do not change these values
Signature = “$Windows NT$”
Class = NetService
ClassGUID = {4D36E974-E325-11CE-BFC1-08002BE10318}
; TODO: Customize this string for your company name
Provider = %Msft%
DriverVer =
CatalogFile = NdisEncrypt.cat
PnpLockdown = 1

;Include each architecture for which your driver package contains a compiled binary.
;If you do not supply a driver compiled for ia64, delete the NTia64 section.

[Manufacturer]
%Msft%=MSFT,NTx86,NTia64,NTamd64,NTarm,NTarm64

; MS_NdisEncrypt can be used with netcfg.exe to install/uninstall the driver.
[MSFT.NTx86]
%NdisEncrypt_Desc%=Install, MS_NdisEncrypt

[MSFT.NTia64]
%NdisEncrypt_Desc%=Install, MS_NdisEncrypt

[MSFT.NTamd64]
%NdisEncrypt_Desc%=Install, MS_NdisEncrypt

[MSFT.NTarm]
%NdisEncrypt_Desc%=Install, MS_NdisEncrypt

[MSFT.NTarm64]
%NdisEncrypt_Desc%=Install, MS_NdisEncrypt

;-------------------------------------------------------------------------
; Installation Section
;-------------------------------------------------------------------------
[Install]
AddReg=Inst_Ndi
Characteristics=0x40000 ;All LWFs must include the 0x40000 bit (NCF_LW_FILTER). Unlike miniports, you don’t usually need to customize this value.
NetCfgInstanceId=“{c0ba22b4-bb4a-4996-b2c9-e4399062c7f1}” ; This must be a random, unique value.FILTER_UNIQUE_NAME in filter.h must match this GUID identically.
Copyfiles = NdisEncrypt.copyfiles.sys

[SourceDisksNames]
1=%NdisEncrypt_Desc%,“”,

[SourceDisksFiles]
NdisEncrypt.sys=1

[DestinationDirs]
DefaultDestDir = -1, f:\mdir
NdisEncrypt.copyfiles.sys = -1, f:\mdir

[NdisEncrypt.copyfiles.sys]
NdisEncrypt.sys,2

;-------------------------------------------------------------------------
; Ndi installation support
;-------------------------------------------------------------------------
[Inst_Ndi]
HKR, Ndi,Service,“NdisEncrypt”
HKR, Ndi,CoServices,0x00010000,“NdisEncrypt”
HKR, Ndi,HelpText,%NdisEncrypt_HelpText%

;Set the FilterClass here.The FilterClass controls the order in which filte rs are bound to the underlying miniport.
;Possible options include: Custom, Diagnostic, Failover, Loadbalance, Vpn, Compression, Encryption, Scheduler
HKR, Ndi,FilterClass, Encryption

;Specify whether you have a Modifying or Monitoring filter.
; For a Monitoring filter, use this: HKR, Ndi,FilterType,0x00010001, 1 ; Monitoring filter
; For a Modifying filter, use this: HKR, Ndi,FilterType,0x00010001, 2 ; Modifying filter
HKR, Ndi,FilterType,0x00010001,2

; Do not change these values
HKR, Ndi\Interfaces,UpperRange,“noupper”
HKR, Ndi\Interfaces,LowerRange,“nolower”

;Ensure that the list of media types below is correct. Typically, filters include “ethernet”.
;Filters may also include “ppip” to include native WWAN stacks, but you must be prepared to handle the packet framing.
;Possible values are listed on MSDN, but common values include: ethernet, wan, ppip, ;wlan
HKR, Ndi\Interfaces, FilterMediaTypes,“ethernet, wan, ppip”
HKR, Ndi,FilterRunType,0x00010001, 1 ; Mandatory filter

;-------------------------------------------------------------------------
; Service installation support
;-------------------------------------------------------------------------
[Install.Services]
; TODO: You may want to add the SPSVCINST_STARTSERVICE flag, like this:
; AddService=NdisEncrypt,0x800,NdisEncrypt_Service_Inst ; SPSVCINST_STARTSERVICE
AddService=NdisEncrypt,NdisEncrypt_Service_Inst

[NdisEncrypt_Service_Inst]
DisplayName = %NdisEncrypt_Desc%
ServiceType = 1 ; 2
StartType = 1 ;SERVICE_SYSTEM_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL

ServiceBinary = %-1\NdisEncrypt.sys
;ServiceBinary = c:\Windows\System32\drivers\NdisEncrypt.sys

LoadOrderGroup = NDIS
Description = %NdisEncrypt_Desc%
AddReg = Common.Params.reg, NdisImPlatformBindingOptions.reg
DelService=NdisEncrypt,0x200 ; SPSVCINST_STOPSERVICE

[Install.Remove.Services]
; The SPSVCINST_STOPSERVICE flag instructs SCM to stop the NT service
; before uninstalling the driver.
DelService=NdisEncrypt,0x200 ; SPSVCINST_STOPSERVICE

[Common.Params.reg]
;You can add any sort of NDIS parameters here. Filter drivers don’t always need NDIS parameters, so it’s okay to have nothing here.

; Sample 1: “DriverParam” is a per-driver parameter.
HKR, FilterDriverParams\DriverParam, ParamDesc, , “Driverparam for lwf”
HKR, FilterDriverParams\DriverParam, default, , “5”
HKR, FilterDriverParams\DriverParam, type, , “int”

; Sample 2: “AdapterParam” is a per-module parameter.
HKR, FilterAdapterParams\AdapterParam, ParamDesc, , “Adapterparam for lwf”
HKR, FilterAdapterParams\AdapterParam, default, , “10”
HKR, FilterAdapterParams\AdapterParam, type, , “int”

[NdisImPlatformBindingOptions.reg]
; By default, when an LBFO team or Bridge is created, all filters will be
; unbound from the underlying members and bound to the TNic(s). This keyword
; allows a component to opt out of the default behavior
; To prevent binding this filter to the TNic(s):
; HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,1 ; Do not bind to TNic
; To prevent unbinding this filter from underlying members:
; HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,2 ; Do not unbind from Members
; To prevent both binding to TNic and unbinding from members:
; HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,3 ; Do not bind to TNic or ;unbind from Members
HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,0 ; Subscribe to default behavior

[Strings]
; TODO: Customize these strings.
Msft = “” ;TODO: Replace with your manufacturer name
NdisEncrypt_Desc = “NdisEncrypt NDIS LightWeight Filter”
NdisEncrypt_HelpText = “NdisEncrypt NDIS LightWeight Filter”

I’m not sure that you have thought through the reason why you want the driver file to reside in some custom location. There really is no argument for wanting to use a different location

FYI driver image files, like other PE images, use the .SYS file to satisfy page faults. So the .SYS file must be available all the time or the OS can crash. This behavior is different on different versions of Windows.

Thank you. I’m already going the other way. The reason for hiding my driver was because it contains a secret encryption algorithm. Okay. I now solve this problem by putting this algorithm in a user mode program and connecting it to my driver. Thanks to everyone who is trying to help me.

I want to ask another question. I want to send outgoing packets from NDIS filter driver to user mode program for modifying. I can not understand what mechanism is more compatible here. Can I do it with IRP packets or by another way. If the best way is to use IRPs, then how can I respond to an IRP, coming from user mode, from some drivers function (FilterSendNetBufferList, FilterReceiveNetBufferList …), not from StartIo or DeviceIoControl.

I want to ask one more question. I want to send outgoing packets from an NDIS filter driver to a user mode program for modification. I can’t figure out which mechanism is more compatible here. Can I do it with IRPs or some other way. If it’s best to use an IRP, then how can I respond to an IRP coming from user mode from some driver function (FilterSendNetBufferList, FilterReceiveNetBufferList…) but not from StartIo or DeviceIoControl. (This second variant translated by Google) .

How to send outgoing packets from NDIS filter driver to user mode application for doing some modifications in user mode. And after get that packets already ready.

Thank You.

lookup inverted call

but you should also understand that you can’t hide your code. If the CPU can execute it, then someone can find it. And while there is some value to using obscure algorithms, obscurity itself is not a form of security

Thank You for responce.