NDIS Protocol drivers installation.

Jim · September 26, 2010, 11:22am

Hi,

I would like to know if NDIS protocol drivers needs to pass WHQL to avoid
the annoying message box ?

I know this is an issue for Miniport/Intermidiate but I do not know about
protocol drivers.

Any help will be appreciated,
Jim

Thomas_Divine-2 · September 26, 2010, 11:37am

Any type of driver must have a Microsoft WHQL signature to eliminate all driver install warnings.

The archives of the list mention a technique where you first install your SPC certificate on the target and then your driver. In this case the driver warning will go away on Vista and later, but you may have prompts about installing your certificate instead.

Good luck,

Thomas F. Divine

From: Jim
Sent: Sunday, September 26, 2010 11:22 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] NDIS Protocol drivers installation.

Hi,

I would like to know if NDIS protocol drivers needs to pass WHQL to avoid the annoying message box ?

I know this is an issue for Miniport/Intermidiate but I do not know about protocol drivers.

Any help will be appreciated,
Jim
— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

Bill_Wandel · September 26, 2010, 6:15pm

The statement “any type of driver” is not true. Legacy type drivers and
Windows Filtering Platform drivers definitely do not need WHQL signatures.
IM drivers do. I have written these type drivers and they install without
warnings.

Bill Wandel

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Thomas F. Divine
Sent: Sunday, September 26, 2010 11:37 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] NDIS Protocol drivers installation.

Any type of driver must have a Microsoft WHQL signature to eliminate all
driver install warnings.

The archives of the list mention a technique where you first install your
SPC certificate on the target and then your driver. In this case the driver
warning will go away on Vista and later, but you may have prompts about
installing your certificate instead.

Good luck,

Thomas F. Divine

From: Jim mailto:xxxxx

Sent: Sunday, September 26, 2010 11:22 AM

To: Windows System Software Devs Interest List mailto:xxxxx

Subject: [ntdev] NDIS Protocol drivers installation.

Hi,

I would like to know if NDIS protocol drivers needs to pass WHQL to avoid
the annoying message box ?

I know this is an issue for Miniport/Intermidiate but I do not know about
protocol drivers.

Any help will be appreciated,

Jim

— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the
List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer</mailto:xxxxx></mailto:xxxxx>

Thomas_Divine-2 · September 26, 2010, 6:28pm

Yep, you’re right. In fact, a NDIS 5 protocol driver can be installed as a
legacy device without WHQL signature even on Windows 7 (IIRC). I no longer
promote that approach myself, however.

Thomas F. Divine
http://www.pcausa.com

From: “Bill Wandel”
Sent: Sunday, September 26, 2010 6:13 PM
To: “Windows System Software Devs Interest List”
Subject: RE: [ntdev] NDIS Protocol drivers installation.

> The statement “any type of driver” is not true. Legacy type drivers and
> Windows Filtering Platform drivers definitely do not need WHQL signatures.
> IM drivers do. I have written these type drivers and they install without
> warnings.
>
>
>
> Bill Wandel
>
>
>
>
>
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com] On Behalf Of Thomas F. Divine
> Sent: Sunday, September 26, 2010 11:37 AM
> To: Windows System Software Devs Interest List
> Subject: Re: [ntdev] NDIS Protocol drivers installation.
>
>
>
> Any type of driver must have a Microsoft WHQL signature to eliminate all
> driver install warnings.
>
>
>
> The archives of the list mention a technique where you first install your
> SPC certificate on the target and then your driver. In this case the
> driver
> warning will go away on Vista and later, but you may have prompts about
> installing your certificate instead.
>
>
>
> Good luck,
>
>
>
> Thomas F. Divine
>
>
>
>
>
>
>
> From: Jim mailto:xxxxx
>
> Sent: Sunday, September 26, 2010 11:22 AM
>
> To: Windows System Software Devs Interest List
> mailto:xxxxx
>
>
> Subject: [ntdev] NDIS Protocol drivers installation.
>
>
>
> Hi,
>
>
>
> I would like to know if NDIS protocol drivers needs to pass WHQL to avoid
> the annoying message box ?
>
>
>
> I know this is an issue for Miniport/Intermidiate but I do not know about
> protocol drivers.
>
>
>
> Any help will be appreciated,
>
> Jim
>
> — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
> the
> List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer</mailto:xxxxx></mailto:xxxxx>

Jim · September 27, 2010, 4:08am

I am not quite sure I understand the answer

I am currently using winPcap which is an NDIS Protocol driver. I am not
quite sure if it is WHQL because searching over the web about it didn’t
provide me an answer.

When I install winpcap I do not have any popup. However, I may want to
change the driver and re-compile it. I am afraid to lose the logo if there
is any.

I know they do sign there driver with a cross certificate to support 64 bit
machines. but I didn’t noticed WHQL logo certificate.

Should I be safe to recompile the WinPcap NDIS driver while I am going to
re-sign it with my own certificate which support Kernel mode signing ?

Thanks,
Jim

On Mon, Sep 27, 2010 at 12:27 AM, Thomas F. Divine wrote:

> Yep, you’re right. In fact, a NDIS 5 protocol driver can be installed as a
> legacy device without WHQL signature even on Windows 7 (IIRC). I no longer
> promote that approach myself, however.
>
> Thomas F. Divine
> http://www.pcausa.com
>
> --------------------------------------------------
> From: “Bill Wandel”
> Sent: Sunday, September 26, 2010 6:13 PM
> To: “Windows System Software Devs Interest List”
> Subject: RE: [ntdev] NDIS Protocol drivers installation.
>
>
> The statement “any type of driver” is not true. Legacy type drivers and
>> Windows Filtering Platform drivers definitely do not need WHQL signatures.
>> IM drivers do. I have written these type drivers and they install without
>> warnings.
>>
>>
>>
>> Bill Wandel
>>
>>
>>
>>
>>
>> From: xxxxx@lists.osr.com
>> [mailto:xxxxx@lists.osr.com] On Behalf Of Thomas F. Divine
>> Sent: Sunday, September 26, 2010 11:37 AM
>> To: Windows System Software Devs Interest List
>> Subject: Re: [ntdev] NDIS Protocol drivers installation.
>>
>>
>>
>> Any type of driver must have a Microsoft WHQL signature to eliminate all
>> driver install warnings.
>>
>>
>>
>> The archives of the list mention a technique where you first install your
>> SPC certificate on the target and then your driver. In this case the
>> driver
>> warning will go away on Vista and later, but you may have prompts about
>> installing your certificate instead.
>>
>>
>>
>> Good luck,
>>
>>
>>
>> Thomas F. Divine
>>
>>
>>
>>
>>
>>
>>
>> From: Jim mailto:xxxxx
>>
>> Sent: Sunday, September 26, 2010 11:22 AM
>>
>> To: Windows System Software Devs Interest List mailto:>> xxxxx@lists.osr.com>
>>
>>
>> Subject: [ntdev] NDIS Protocol drivers installation.
>>
>>
>>
>> Hi,
>>
>>
>>
>> I would like to know if NDIS protocol drivers needs to pass WHQL to avoid
>> the annoying message box ?
>>
>>
>>
>> I know this is an issue for Miniport/Intermidiate but I do not know about
>> protocol drivers.
>>
>>
>>
>> Any help will be appreciated,
>>
>> Jim
>>
>> — NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
>> other seminars visit: http://www.osr.com/seminars To unsubscribe, visit
>> the
>> List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>> — NTDEV is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>>
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
>
> —
>
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
></mailto:></mailto:xxxxx>

OSR_Community_User · September 27, 2010, 5:03am

On Sun, 26 Sep 2010 18:27:18 -0400
“Thomas F. Divine” wrote:

> Yep, you’re right. In fact, a NDIS 5 protocol driver can be installed
> as a legacy device without WHQL signature even on Windows 7 (IIRC). I
> no longer promote that approach myself, however.

What would the non-legacy way to install a protocol driver be? My inf
file looks similar to the ones under src/network/ndis but I can install
mine without a prompt, so I presume I’m installing it as a legacy
device.

–
Bruce Cran

Thomas_Divine-2 · September 27, 2010, 8:20am

I just downloaded and installed WinPcap.

From what I see the WinPcap driver doesn’t have a WHQL signature, however
the driver binary is signed by CACE. It also doesn’t actually use an INF
file for installation, and doesn’t appear in the Network Control Panel
applet for adapters.

Instead, it looks like it installs itself as a legacy (non-PnP) driver using
the Service Control Manager.

NDIS 5 protocol drivers can be installed this way. If you install a NDIS 5
protocol driver this way and then start the driver it will not bind
automatically to any adapters. However, an application can use the user-mode
SetupDI API to enumerate adapters and, if careful, use an IOCTL to the
driver to tell it to bind to a specific miniport. This isn’t really a
documented technique, but is (apparently) used by WinPcap and PCAUSA (past
versions) to circumvent using an INF for the protocol install.

So, if you are modifying WinPcap you should be able to install your
modified version if you 1.) re-sign the driver binary using your own SPC and
2.) install your modified driver using the same method used by WinPcap.

It should be simple enough for you to test.

I would be surprised to see an INF-based (PnP) NDIS protocol driver install
that installed without a prompt unless it had a WHQL signature. But I’ve
been wrong before.

Thomas F. Divine
http://www.pcausa.com

From: “Bruce Cran”
Sent: Monday, September 27, 2010 5:02 AM
To: “Windows System Software Devs Interest List”
Cc:
Subject: Re: [ntdev] NDIS Protocol drivers installation.

> On Sun, 26 Sep 2010 18:27:18 -0400
> “Thomas F. Divine” wrote:
>
>> Yep, you’re right. In fact, a NDIS 5 protocol driver can be installed
>> as a legacy device without WHQL signature even on Windows 7 (IIRC). I
>> no longer promote that approach myself, however.
>
> What would the non-legacy way to install a protocol driver be? My inf
> file looks similar to the ones under src/network/ndis but I can install
> mine without a prompt, so I presume I’m installing it as a legacy
> device.
>
> –
> Bruce Cran
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer

Jim · September 27, 2010, 8:42am

Thomas,

Many thanks for your help here. I really appreicate it !

Jim

On Mon, Sep 27, 2010 at 2:19 PM, Thomas F. Divine wrote:

> I just downloaded and installed WinPcap.
>
> From what I see the WinPcap driver doesn’t have a WHQL signature, however
>>
> the driver binary is signed by CACE. It also doesn’t actually use an INF
> file for installation, and doesn’t appear in the Network Control Panel
> applet for adapters.
>
> Instead, it looks like it installs itself as a legacy (non-PnP) driver
> using the Service Control Manager.
>
> NDIS 5 protocol drivers can be installed this way. If you install a NDIS 5
> protocol driver this way and then start the driver it will not bind
> automatically to any adapters. However, an application can use the user-mode
> SetupDI API to enumerate adapters and, if careful, use an IOCTL to the
> driver to tell it to bind to a specific miniport. This isn’t really a
> documented technique, but is (apparently) used by WinPcap and PCAUSA (past
> versions) to circumvent using an INF for the protocol install.
>
> So, if you are modifying WinPcap you should be able to install your
> modified version if you 1.) re-sign the driver binary using your own SPC and
> 2.) install your modified driver using the same method used by WinPcap.
>
> It should be simple enough for you to test.
>
> I would be surprised to see an INF-based (PnP) NDIS protocol driver install
> that installed without a prompt unless it had a WHQL signature. But I’ve
> been wrong before.
>
>
> Thomas F. Divine
> http://www.pcausa.com
>
>
> --------------------------------------------------
> From: “Bruce Cran”
> Sent: Monday, September 27, 2010 5:02 AM
> To: “Windows System Software Devs Interest List”
> Cc:
>
> Subject: Re: [ntdev] NDIS Protocol drivers installation.
>
> On Sun, 26 Sep 2010 18:27:18 -0400
>> “Thomas F. Divine” wrote:
>>
>> Yep, you’re right. In fact, a NDIS 5 protocol driver can be installed
>>> as a legacy device without WHQL signature even on Windows 7 (IIRC). I
>>> no longer promote that approach myself, however.
>>>
>>
>> What would the non-legacy way to install a protocol driver be? My inf
>> file looks similar to the ones under src/network/ndis but I can install
>> mine without a prompt, so I presume I’m installing it as a legacy
>> device.
>>
>> –
>> Bruce Cran
>>
>> —
>> NTDEV is sponsored by OSR
>>
>> For our schedule of WDF, WDM, debugging and other seminars visit:
>> http://www.osr.com/seminars
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>>
>
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
>

Gianluca_Varenni · September 27, 2010, 3:25pm

The WinPcap driver is not WHQL signed and it’s not installed thru INF. As Thomas Divine correctly pointed out, it’s installed by using the Service Control Manager.

Have a nice day
Gianluca Varenni
WinPcap Team

From: Jim
Sent: Monday, September 27, 2010 1:08 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] NDIS Protocol drivers installation.

I am not quite sure I understand the answer

I am currently using winPcap which is an NDIS Protocol driver. I am not quite sure if it is WHQL because searching over the web about it didn’t provide me an answer.

When I install winpcap I do not have any popup. However, I may want to change the driver and re-compile it. I am afraid to lose the logo if there is any.

I know they do sign there driver with a cross certificate to support 64 bit machines. but I didn’t noticed WHQL logo certificate.

Should I be safe to recompile the WinPcap NDIS driver while I am going to re-sign it with my own certificate which support Kernel mode signing ?

Thanks,
Jim

On Mon, Sep 27, 2010 at 12:27 AM, Thomas F. Divine wrote:

Yep, you’re right. In fact, a NDIS 5 protocol driver can be installed as a legacy device without WHQL signature even on Windows 7 (IIRC). I no longer promote that approach myself, however.

Thomas F. Divine
http://www.pcausa.com

--------------------------------------------------
From: “Bill Wandel”
Sent: Sunday, September 26, 2010 6:13 PM
To: “Windows System Software Devs Interest List”
Subject: RE: [ntdev] NDIS Protocol drivers installation.

The statement “any type of driver” is not true. Legacy type drivers and
Windows Filtering Platform drivers definitely do not need WHQL signatures.
IM drivers do. I have written these type drivers and they install without
warnings.

Bill Wandel

From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Thomas F. Divine
Sent: Sunday, September 26, 2010 11:37 AM
To: Windows System Software Devs Interest List
Subject: Re: [ntdev] NDIS Protocol drivers installation.

Any type of driver must have a Microsoft WHQL signature to eliminate all
driver install warnings.

The archives of the list mention a technique where you first install your
SPC certificate on the target and then your driver. In this case the driver
warning will go away on Vista and later, but you may have prompts about
installing your certificate instead.

Good luck,

Thomas F. Divine

From: Jim mailto:xxxxx

Sent: Sunday, September 26, 2010 11:22 AM

To: Windows System Software Devs Interest List mailto:xxxxx

Subject: [ntdev] NDIS Protocol drivers installation.

Hi,

I would like to know if NDIS protocol drivers needs to pass WHQL to avoid
the annoying message box ?

I know this is an issue for Miniport/Intermidiate but I do not know about
protocol drivers.

Any help will be appreciated,

Jim

— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and
other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the
List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
— NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

—
NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

—

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer

— NTDEV is sponsored by OSR For our schedule of WDF, WDM, debugging and other seminars visit: http://www.osr.com/seminars To unsubscribe, visit the List Server section of OSR Online at http://www.osronline.com/page.cfm?name=ListServer</mailto:xxxxx></mailto:xxxxx>