ndis 6 802.11 mac header

NTDEV
1

I have a network card capable of indicating 802.11 frames with Vista in EXTENSIBLE_STATION and netmon mode. Can a ndis 6 protocol or filter driver retrieve the mac header with out reassembling the mpdu fragments into msdu packets? If so, is there a way to get mac headers, in the ndisprot example, if I set OID_GEN_CURRENT_PACKET_FILTER to
NDIS_PACKET_TYPE_PROMISCUOUS
NDIS_PACKET_TYPE_802_11_PROMISCUOUS_MGMT
NDIS_PACKET_TYPE_802_11_PROMISCUOUS_CTRL

I looked at the native miniport driver, but it looks 10x’s more complex than the ndisprot example or the lwf example.

For the ndisprot example, I tried changing the packet filter to the values above and changing the ethernet header to a mac header. I printed out the duration field in the mac header that I got from the net_buffer, but it was not a correct integer value for a duration field. I don’t know what it was retrieving. I’m thinking the net_buffer was still indicating the 802.3 header or some other header.

2

Protocol driver bind above the Microsoft Native Wi-Fi filter. One of the tasks of the Microsoft Native Wi-Fi filter is LAN emulation (LANE). It converts native 802.11 traffic to 802.3.

IOW: Protocols will only see 802.3 packets. Native 802.11 packets are only observable below the Microsoft Native Wi-Fi filter.

You can write a NDIS 6 monitoring lightweight filter (LWF) and monitor the exchanges between native 802.11 miniports and the Microsoft native Wi-Fi filter. Below is an example of several typical packets seen with a NDIS 6 monitoring LWF.

Good luck,

Thomas F. Divine
http://www.pcausa.com

=================================================
Inbound packet block pkt # 15, 10 bytes
000000: D4 00 00 00 00 0E 2E 81 : AD E5 …
Control Frame/Acknowledgement

Bozo: 56
Frequency: 2462
RSSI : -65
Dump of DOT11_EXTSTA_RECV_CONTEXT:
000000: 10 00 00 00 80 01 30 00 : 00 00 00 00 00 00 00 00 …0…
000010: 9E 09 00 00 01 00 00 00 : BF FF FF FF 30 00 00 00 …0…
000020: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 …
000030: 00 00 00 00 : …

Inbound packet block pkt # 16, 193 bytes
000000: 08 02 00 00 01 00 5E 7F : FF FA 00 1D 60 BE BC E4 …^…`…
000010: 00 0E 2E 81 AD E5 D0 54 : AA AA 03 00 00 00 08 00 …T…
000020: 45 00 00 A1 00 AA 00 00 : 01 11 00 9B C0 A8 07 65 E…e
000030: EF FF FF FA E8 44 07 6C : 00 8D B1 31 4D 2D 53 45 …D.l…1M-SE
000040: 41 52 43 48 20 2A 20 48 : 54 54 50 2F 31 2E 31 0D ARCH * HTTP/1.1.
000050: 0A 48 6F 73 74 3A 32 33 : 39 2E 32 35 35 2E 32 35 .Host:239.255.25
000060: 35 2E 32 35 30 3A 31 39 : 30 30 0D 0A 53 54 3A 75 5.250:1900…ST:u
000070: 72 6E 3A 73 63 68 65 6D : 61 73 2D 75 70 6E 70 2D rn:schemas-upnp-
000080: 6F 72 67 3A 64 65 76 69 : 63 65 3A 49 6E 74 65 72 org:device:Inter
000090: 6E 65 74 47 61 74 65 77 : 61 79 44 65 76 69 63 65 netGatewayDevice
0000A0: 3A 31 0D 0A 4D 61 6E 3A : 22 73 73 64 70 3A 64 69 :1…Man:“ssdp:di
0000B0: 73 63 6F 76 65 72 22 0D : 0A 4D 58 3A 33 0D 0A 0D scover”…MX:3…
0000C0: 0A : …
Data Frame/Data

Frequency: 2462
RSSI : -63
Dump of DOT11_EXTSTA_RECV_CONTEXT:
000000: 10 00 00 00 80 01 30 00 : 00 00 00 00 00 00 00 00 …0…
000010: 9E 09 00 00 01 00 00 00 : C1 FF FF FF 02 00 00 00 …
000020: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 …
000030: 00 00 00 00 : …

Inbound packet block pkt # 17, 430 bytes
000000: 08 02 2C 00 00 0E 2E 81 : AD E5 00 1D 60 BE BC E4 …,…... 000010: 00 1D 60 BE BC E4 E0 54 : AA AA 03 00 00 00 08 00 ..…T…
000020: 45 00 01 8E 00 00 40 00 : 40 11 A8 CD C0 A8 07 DC E…@.@…
000030: C0 A8 07 65 07 6C E8 44 : 01 7A F8 8B 48 54 54 50 …e.l.D.z…HTTP
000040: 2F 31 2E 31 20 32 30 30 : 20 4F 4B 0D 0A 53 54 3A /1.1 200 OK…ST:
000050: 75 72 6E 3A 73 63 68 65 : 6D 61 73 2D 75 70 6E 70 urn:schemas-upnp
000060: 2D 6F 72 67 3A 64 65 76 : 69 63 65 3A 49 6E 74 65 -org:device:Inte
000070: 72 6E 65 74 47 61 74 65 : 77 61 79 44 65 76 69 63 rnetGatewayDevic
000080: 65 3A 31 0D 0A 55 53 4E : 3A 75 75 69 64 3A 30 30 e:1…USN:uuid:00
000090: 31 64 36 30 62 65 2D 62 : 63 65 34 2D 30 30 31 64 1d60be-bce4-001d
0000A0: 2D 36 30 62 65 2D 62 63 : 65 34 30 30 32 30 35 34 -60be-bce4002054
0000B0: 30 30 3A 3A 75 72 6E 3A : 73 63 68 65 6D 61 73 2D 00::urn:schemas-
0000C0: 75 70 6E 70 2D 6F 72 67 : 3A 64 65 76 69 63 65 3A upnp-org:device:
0000D0: 49 6E 74 65 72 6E 65 74 : 47 61 74 65 77 61 79 44 InternetGatewayD
0000E0: 65 76 69 63 65 3A 31 0D : 0A 4C 6F 63 61 74 69 6F evice:1…Locatio
0000F0: 6E 3A 20 68 74 74 70 3A : 2F 2F 31 39 32 2E 31 36 n: http://192.16
000100: 38 2E 37 2E 32 32 30 3A : 35 34 33 31 2F 64 79 6E 8.7.220:5431/dyn
000110: 64 65 76 2F 75 75 69 64 : 3A 30 30 31 64 36 30 62 dev/uuid:001d60b
000120: 65 2D 62 63 65 34 2D 30 : 30 31 64 2D 36 30 62 65 e-bce4-001d-60be
000130: 2D 62 63 65 34 30 30 32 : 30 35 34 30 30 0D 0A 53 -bce400205400…S
000140: 65 72 76 65 72 3A 20 43 : 75 73 74 6F 6D 2F 31 2E erver: Custom/1.
000150: 30 20 55 50 6E 50 2F 31 : 2E 30 20 50 72 6F 63 2F 0 UPnP/1.0 Proc/
000160: 56 65 72 0D 0A 45 58 54 : 3A 0D 0A 43 61 63 68 65 Ver…EXT:…Cache
000170: 2D 43 6F 6E 74 72 6F 6C : 3A 6D 61 78 2D 61 67 65 -Control:max-age
000180: 3D 31 38 30 30 0D 0A 44 : 41 54 45 3A 20 54 68 75 =1800…DATE: Thu
000190: 2C 20 30 31 20 4A 61 6E : 20 31 39 37 30 20 30 30 , 01 Jan 1970 00
0001A0: 3A 30 37 3A 34 35 20 47 : 4D 54 0D 0A 0D 0A :07:45 GMT…
Data Frame/Data

Frequency: 2462
RSSI : -65
Dump of DOT11_EXTSTA_RECV_CONTEXT:
000000: 10 00 00 00 80 01 30 00 : 00 00 00 00 00 00 00 00 …0…
000010: 9E 09 00 00 01 00 00 00 : BF FF FF FF 6C 00 00 00 …l…
000020: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 …
000030: 00 00 00 00 : …

Inbound packet block pkt # 18, 87 bytes
000000: 80 00 00 00 FF FF FF FF : FF FF 00 18 F8 65 A5 73 …e.s
000010: 00 18 F8 65 A5 73 10 C3 : 87 B1 E6 8C C2 00 00 00 …e.s…
000020: 64 00 11 04 00 07 44 65 : 76 79 61 6E 69 01 08 82 d…Devyani…
000030: 84 8B 96 24 30 48 6C 03 : 01 0B 05 04 00 01 00 00 …$0Hl…
000040: 2A 01 04 2F 01 04 32 04 : 0C 12 18 60 DD 09 00 10 *…/…2…`…
000050: 18 02 00 F4 00 00 00 : …
Management/Beacon

Frequency: 2462
RSSI : -89
Dump of DOT11_EXTSTA_RECV_CONTEXT:
000000: 10 00 00 00 80 01 30 00 : 00 00 00 00 00 00 00 00 …0…
000010: 9E 09 00 00 01 00 00 00 : A7 FF FF FF 02 00 00 00 …
000020: 00 00 00 00 00 00 00 00 : 00 00 00 00 00 00 00 00 …
000030: 00 00 00 00 : …

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-329587-
xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com
Sent: Monday, July 07, 2008 5:26 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] ndis 6 802.11 mac header

I have a network card capable of indicating 802.11 frames with Vista in
EXTENSIBLE_STATION and netmon mode. Can a ndis 6 protocol or filter
driver retrieve the mac header with out reassembling the mpdu fragments
into msdu packets? If so, is there a way to get mac headers, in the
ndisprot example, if I set OID_GEN_CURRENT_PACKET_FILTER to
NDIS_PACKET_TYPE_PROMISCUOUS
NDIS_PACKET_TYPE_802_11_PROMISCUOUS_MGMT
NDIS_PACKET_TYPE_802_11_PROMISCUOUS_CTRL

I looked at the native miniport driver, but it looks 10x’s more complex
than the ndisprot example or the lwf example.

For the ndisprot example, I tried changing the packet filter to the
values above and changing the ethernet header to a mac header. I
printed out the duration field in the mac header that I got from the
net_buffer, but it was not a correct integer value for a duration
field. I don’t know what it was retrieving. I’m thinking the
net_buffer was still indicating the 802.3 header or some other header.

3

Thank you for the quick response.
I installed the lwf sample and checked to see what medium type was supported in the FilterAttach() function. The AttachParameters->MiniportMediaType seems to still be NdisMedium802_3. Do I need to bind the filter at a lower level? If so, is there a different wdk example to do this?

4

The WDK sample is a modifying LWF. Microsoft philosophy is to prohibit third-party modifying LWFs or NDIS protocols from binding to Native Wi-Fi miniports.

So:

1.) Change INF filter FilterMediaTypes to be “wlan” to bind to WLAN miniports only.
2.) Review WDK NDIS 6 documentation and make further changes to make a monitoring LWF INF file.

Good luck,

Thomas F. Divine
http://www.pcausa.com

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-329744-
xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com
Sent: Tuesday, July 08, 2008 4:31 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ndis 6 802.11 mac header

Thank you for the quick response.
I installed the lwf sample and checked to see what medium type was
supported in the FilterAttach() function. The AttachParameters-
>MiniportMediaType seems to still be NdisMedium802_3. Do I need to
bind the filter at a lower level? If so, is there a different wdk
example to do this?

5

Thanks. Setting the .inf to a monitoring filter successfully changed the MiniportMediaType to NdisMediumNative802_11.

However, after installing, it kicked me off the wireless access point and won’t let me connect. Are there additional settings to allow a station to stay connected to an access point with a monitoring filter? I know a native miniport in netmon mode can not associate with APs, but I did NOT set the adapter to netmon mode.

6

Time for you to get your hands dirty.

Examine FilterAttach and see why the binding is blown off…

Thomas F. Divine
http://www.pcausa.com

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-329751-
xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com
Sent: Tuesday, July 08, 2008 6:40 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ndis 6 802.11 mac header

Thanks. Setting the .inf to a monitoring filter successfully changed
the MiniportMediaType to NdisMediumNative802_11.

However, after installing, it kicked me off the wireless access point
and won’t let me connect. Are there additional settings to allow a
station to stay connected to an access point with a monitoring filter?
I know a native miniport in netmon mode can not associate with APs, but
I did NOT set the adapter to netmon mode.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

7

Yeah I forgot to take out the 802.3 check/break. Sometimes I forget about simple settings and checks after I modify something.

Another question…Does ndis 6 support raw 802.11 packet injection? The ndis documentation says monitoring drivers can not create data. Does this mean it can not allocate custom net_buffers and send them?

8

Let us know if you can inject. :slight_smile:

Thomas F. Divine
http://www.pcausa.com

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-329768-
xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com
Sent: Tuesday, July 08, 2008 8:49 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ndis 6 802.11 mac header

Yeah I forgot to take out the 802.3 check/break. Sometimes I forget
about simple settings and checks after I modify something.

Another question…Does ndis 6 support raw 802.11 packet injection? The
ndis documentation says monitoring drivers can not create data. Does
this mean it can not allocate custom net_buffers and send them?

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

9

The net buffer in FilterReceiveNetBufferLists is still giving me 802.3 packets. Do I need to specify a packet filter with OID_GEN_CURRENT_PACKET_FILTER? Isn’t that request only for protocol drivers?

Is there more lwf documentation for specifying 802.11 buffers?
btw, I do try to search msdn and google before posting, but the msdn documentation is only usefull if I know the correct search string.

10

Perhaps your monitoring LWF is bound at multiple “altitudes” above the native 802.11 miniport. On one test system my LWF attaches to 802.3 and 802.11 miniports. There are three bindings in the stack over the 802.11 miniport. Here are the FilterModuleNames (which I still call VirtualMiniportNames because I am an old geezer who doesn’t like too many names for the same logical concept):

“{EE2AB4B6-ACE0-45D8-B94C-1E70C715920B}-{0BC636C4-EE5F-483A-8368-827BD0A6CF04}-0002”
“{EE2AB4B6-ACE0-45D8-B94C-1E70C715920B}-{0BC636C4-EE5F-483A-8368-827BD0A6CF04}-0001”
“{EE2AB4B6-ACE0-45D8-B94C-1E70C715920B}-{0BC636C4-EE5F-483A-8368-827BD0A6CF04}-0000”

0002 - Below TCP/IP. Sees 802.3 packets.
0001 - Below Packet Scheduler. Sees 802.3 packets.
0000 - Below MS Native Wi-Fi filter. Sees 802.11 packets.

If your filter doesn’t have a “0000” binding, then you still haven’t bound below the MS Native Wi-Fi filter and will see only 802.3 packets.

If you just break on FilterReceiveNetBufferLists without further qualification, then you will see both 802.3 and 802.11 packets. Use AttachParameters MiniportMediaType, to identify the real 802.11 miniport binding.

The documentation you need is in the WDK Help and header files. It doesn’t hurt to examine other driver samples, like the rtlnwifi sample. It helps to examine other APIs like the Microsoft WLAN API. It helps to buy decent books about 802.11 protocol. It helps to read the RFCs. It helps to examine on-air packets with tools like AirPcap. It helps to have lots of time and patience.

It takes a bit of work to get this right…

(I’m still at it…)

Good luck,

Thomas F. Divine
http://www.pcausa.com

-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-329899-
xxxxx@lists.osr.com] On Behalf Of xxxxx@hotmail.com
Sent: Wednesday, July 09, 2008 6:53 PM
To: Windows System Software Devs Interest List
Subject: RE:[ntdev] ndis 6 802.11 mac header

The net buffer in FilterReceiveNetBufferLists is still giving me 802.3
packets. Do I need to specify a packet filter with
OID_GEN_CURRENT_PACKET_FILTER? Isn’t that request only for protocol
drivers?

Is there more lwf documentation for specifying 802.11 buffers?
btw, I do try to search msdn and google before posting, but the msdn
documentation is only usefull if I know the correct search string.

11

Knowing about the altitudes and multiple bindings, with different mediatypes, was a big help. Thanks. Now I can parse 802.11 mac headers from the filter.

I’ve been using Microsoft NetMonitor 3.2 to analyze and debug the wifi traffic. I have looked at other ndis samples before. The amount of bindings and driver functions, in a native miniport, was why I wanted to implement a more basic ndis filter driver for now.

12

“Let us know if you can inject. :-)”

I created a buffer and sent it in a similar way to this thread: http://www.osronline.com/showthread.cfm?link=131689
Sending the net buffer in that sequence seemed to work successfully for the OP, but NdisFSendNetBufferLists caused a bsod for me. I queried the mdl and the netbufferlist before calling NdisFSendNetBufferLists to make sure it was pointing to the correct buffer address with the header values I specified. I was able to see all the data I allocated so it seemed ok to call NdisFSendNetBufferLists.
The crash dump revealed the vendor’s driver tried to access a incorrect address.

athru6.sys (vendor driver) was the faulting driver
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
Arguments:
Arg1: 00000004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8fe978d5, address which referenced memory
CURRENT_IRQL: 2

“00000004” does not seem like a valid memory address. Could something be overwriting my allocated addresses in the pagedpool?

13

There is a bug in NDIS5 wrapper. Either install NDIS6 miniport or break
the packet you are sending in two MDLs. I had the same problem and the
only way I found around this was multiMDL sending. Just set first MDL to
poin to the beginning of the packet and the second - to the payload after
the header.

Gene

“Let us know if you can inject. :-)”

I created a buffer and sent it in a similar way to this thread:
http://www.osronline.com/showthread.cfm?link=131689
Sending the net buffer in that sequence seemed to work successfully for
the OP, but NdisFSendNetBufferLists caused a bsod for me. I queried the
mdl and the netbufferlist before calling NdisFSendNetBufferLists to make
sure it was pointing to the correct buffer address with the header values
I specified. I was able to see all the data I allocated so it seemed ok to
call NdisFSendNetBufferLists.
The crash dump revealed the vendor’s driver tried to access a incorrect
address.

athru6.sys (vendor driver) was the faulting driver
DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1)
Arguments:
Arg1: 00000004, memory referenced
Arg2: 00000002, IRQL
Arg3: 00000000, value 0 = read operation, 1 = write operation
Arg4: 8fe978d5, address which referenced memory
CURRENT_IRQL: 2

“00000004” does not seem like a valid memory address. Could something be
overwriting my allocated addresses in the pagedpool?

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

14

I am sending 802.11 frames. How does the NDIS5 wrapper interact with a ndis 6 filter driver operating below the native 802.11 miniport?

15

It doesn’t.

------Original Message------
From: xxxxx@hotmail.com
Sender: xxxxx@lists.osr.com
To: Windows System Software Devs Interest List
ReplyTo: Windows System Software Devs Interest List
Subject: RE:[ntdev] ndis 6 802.11 mac header
Sent: Jul 13, 2008 9:38 PM

I am sending 802.11 frames. How does the NDIS5 wrapper interact with a ndis 6 filter driver operating below the native 802.11 miniport?

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Sent from my Verizon Wireless BlackBerry

16

You were using NdisFSendNetBufferLists so I presumed you were sending
these frames from a LWF - if a miniport below is a NDIS5 miniport, NDIS
then re-wrapps NetBufferLists into NDIS_PACKET and back. This is were I
had the same problem with the same crash characteristics.

G

I am sending 802.11 frames. How does the NDIS5 wrapper interact with a
ndis 6 filter driver operating below the native 802.11 miniport?

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

17

I allocated two mdls, one for the management header and one for the management payload, linked them, and passed the mdl chain to NdisAllocateNetBufferAndNetBufferList. I still get the same error. I don’t see why the ndis5 wrapper would effect my bufferlist differently than the working bufferlist sent by the FilterSendNetBufferLists routine (which works fine).

18

No, not that - my problem was that I was using separate NetBuffer and
NetBufferList pools - it was mentioned that if
NdisAllocateNetBufferAndNetBufferList was used it worked fine. I should
probably be more details with the description of the problem I encountered

  • I was sending a packet my driver generated using separate pools. If
    NDIS6 miniport was under my filter, it worked sweetly. As soon as I used
    NDIS5 miniport (wrapper kicks off here!) it crashed in the same way as you
    reported. I solved this problem by sending data shared between two MDLs -
    it stopped crashing regardless of the NDIS version of the miniport used.

G

I allocated two mdls, one for the management header and one for the
management payload, linked them, and passed the mdl chain to
NdisAllocateNetBufferAndNetBufferList. I still get the same error. I don’t
see why the ndis5 wrapper would effect my bufferlist differently than the
working bufferlist sent by the FilterSendNetBufferLists routine (which
works fine).

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

19

Here is my packet creation and send

//1.created local buffer
buffer = NDISAllocateMemoryWithTagPriority(…);
//2.assign values to the packet fields in buffer:
//3.created an MDL for my buffer:
PMDL mdl = NDISAllocateMDL(myFilter,buffer,bufferLength);
//4.allocated the NET buffer and NET BUFFER list
ndisBufferList = NdisAllocateNetBufferAndNetBufferList(pool,0,0,mdl,0
bufferLength);
//5.tried to send the NET_BUFFER_LIST
NdisFSendNetBufferLists(myFilter, ndisBufferList, NDIS_DEFAULT_PORT_NUMBER,0);

20

What I finished up doing (and I am not entirely sure still if it was the
only way to fix it), I added step 4a:
4. …Allocate(…,headerLength)
4a. mdl->Next=NdisAllocateMDL(…,buffer+headerLength,restOfDataLength);

G

xxxxx@hotmail.com wrote:

Here is my packet creation and send

//1.created local buffer
buffer = NDISAllocateMemoryWithTagPriority(…);
//2.assign values to the packet fields in buffer:
//3.created an MDL for my buffer:
PMDL mdl = NDISAllocateMDL(myFilter,buffer,bufferLength);
//4.allocated the NET buffer and NET BUFFER list
ndisBufferList = NdisAllocateNetBufferAndNetBufferList(pool,0,0,mdl,0
bufferLength);
//5.tried to send the NET_BUFFER_LIST
NdisFSendNetBufferLists(myFilter, ndisBufferList, NDIS_DEFAULT_PORT_NUMBER,0);

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer