What an insightful post. I’ll choose the TDI approach. Thank you so much!
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of David Cattley
Sent: Thursday, 27 May, 2010 11:00 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] How to enumerate installed ndis miniport driver in
kernel space
Perhaps a different perspective…
I assume that you want to interpose your IM driver between adapters and some
set of protocols like say, TCPIP. It would be unusual for instance to build
an IM driver capable of binding to every conceivable type of adapter type.
One need only ponder doing this for CoNdis miniports, WAN Miniports, IRDA
miniports, etc. etc. to see that you probably don’t want to know about every
conceivable NDIS miniport adapter instance in the system.
So now the question becomes can you tell if your IM driver is in every
binding stack that it should be in at the time you check.
Another way of looking at that question migth be “can I tell that my IM
driver is in in the stack of every adapter that protocol XXXX is bound too?”
And if that protocol XXXX happens to be the one and only protocol of
interest to the real world (TCPIP) then you have a chance of doing this
without hammering your head against the unbounded and painful problem of
answering your first question.
To wit:
An IM driver knows the “Adapter GUID” of the binding stack in which it is
bound. Well, it can know anyway.
It is also possible via TDI (NT5) or K-Mode IPHLP (NT6) to find out all of
the interfaces that TCPIP is actively bound and communicating on and
generally a wealth of related info (MAC address is an example, but not
particulary useful). But clearly enough information to corrolate those
interfaces with the ones your IM driver is actively bound in.
And thus with only a small bit of head scratching you can calculate if every
adapter that TCPIP is talking to, your IM driver is interposed between. If
the answer is no, well you can call in the artillery and blow up the silly
user if you want.
If your protocol XXXX is TP4, IPX, or some science project from the 80s then
good luck. If it is TCPIP then it is not such a hard question to answer.
Just ask a better question.
Good Luck,
Dave Cattley
Date: Thu, 27 May 2010 00:44:30 -0400
From: xxxxx@hotmail.com
To: xxxxx@lists.osr.com
Subject: RE:[ntdev] How to enumerate installed ndis miniport driver in
kernel space
Detecting any unbound situation is all that’s necessary for our case. We
have a second driver which provides essential services. And it can deny such
services once any unbound miniport driver is detected. Now, if I put the
detection code into this critical second driver of ours, I don’t think there
is any way the user can bypass it.
So, the question remains. Is there any to detect any unbound miniport
driver. The way I see it, if we can enumerate all miniport driver installed,
it’ll be easy to achieve that.
I know that when the im driver is initially installed, it will be bounded
to all miniport drivers. However, there is no sure way to trace all the
binding and unbinding activities.
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer