netvmini sample issues

I am attempting to play with the stock sample that comes with the ddk/wdk and having a few issues. When I attempt to load the driver, I get an error (1058) and it immediately unloads.

I have attempted to resolve this error by creating a device (NdisMRegisterDevice), nothing I have tried has worked. Does anyone know of issues that stock sample drivers have which would cause them not to load?

I also had a similar issue with ndisprot, which I fixed by removing the addition of AddDevice() from the dispatch function list. I don’t see anything like that in netvmini however, and wonder if the stock sample is missing something that then causes the ndis wrapper to immediately unload it.

1. Read the %DDKROOT%\SRC\NETWORK\NDIS\NETVMINI\README.HTM. It could not
   be more clear, concise, or correct on how to load and test the driver. It
   works, just the way it says.

2. Ditto %DDKROOT%\SRC\NETWORK\NDIS\NDISPROT\5x\README.HTM.

Does anyone know of issues that stock sample drivers have which would cause
them not to load?

Yes, failure to perform steps (1) & (2).

Since you neither:

A) told us how you were expecting the driver(s) to ‘load’

-nor-

B) explained how you actually attempted to get them to load and what spit
out error 1058

it is not likely that you are going to get an answer. There are very few
clairvoyant people on this list (I clearly am not one of them).

And really, the samples work just fine. Read the README files with them.
Ripping out lines of code like the AddDevice() handler would indicate that
you don’t quite have a complete understanding of how the thing works to
begin with. I recommend you get that far with how they are originally
written before attempting to modify them.

Good Luck,
-dave

David R. Cattley
Consulting Engineer
Systems Software Development

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@aol.com
Sent: Tuesday, November 06, 2007 12:53 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] netvmini sample issues

I am attempting to play with the stock sample that comes with the ddk/wdk
and having a few issues. When I attempt to load the driver, I get an error
(1058) and it immediately unloads.

I have attempted to resolve this error by creating a device
(NdisMRegisterDevice), nothing I have tried has worked. Does anyone know of
issues that stock sample drivers have which would cause them not to load?

I also had a similar issue with ndisprot, which I fixed by removing the
addition of AddDevice() from the dispatch function list. I don’t see
anything like that in netvmini however, and wonder if the stock sample is
missing something that then causes the ndis wrapper to immediately unload
it.

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

Thanks for being so non-combative about your answer.

I have tried loading the drivers multiple ways. First was through a program I created which uses the SCManager (I have also used osr’s version with the same results; and tried directly copying code from Greg Hoglund’s book Rootkits to be sure it wasn’t me code); this only worked after removing AddDevice from ndisprot. Before that it would load then unload right away. Once it was removed however I could then send messages to my driver via DeviceIoControl; but if I added in the line AddDevice again it would once again immediately unload.

The second method used was by right clicking on the inf file and going to install.

All this after of course building in the checked XP environment.

After doing the install (with the inf file) I have then tried net start, which results in the same 1058 error.

So like I said, I am wondering if the sample is missing something in which NDIS is expecting when it registers, or if there is some gotcha that I am running up against. For instance, doing a google search for netvmini I see references to “netvmini setting up a device to accept IOCTLs”. But looking at the sample code at no point does it call NdisMRegisterDevice; that leads me to believe it is incomplete.

You might try doing as Dave suggested - read the netvmini.html file. It
doesn’t mention either right clicking or loading using a method from a
book on rootkits that, in my opinion, isn’t very good.

I just read the file and did as it said (Add Hardware…), and it
worked, on XPSP2, build for CHECKED.

Good luck,

mm

xxxxx@aol.com wrote:

Thanks for being so non-combative about your answer.

I have tried loading the drivers multiple ways. First was through a program I created which uses the SCManager (I have also used osr’s version with the same results; and tried directly copying code from Greg Hoglund’s book Rootkits to be sure it wasn’t me code); this only worked after removing AddDevice from ndisprot. Before that it would load then unload right away. Once it was removed however I could then send messages to my driver via DeviceIoControl; but if I added in the line AddDevice again it would once again immediately unload.

The second method used was by right clicking on the inf file and going to install.

All this after of course building in the checked XP environment.

After doing the install (with the inf file) I have then tried net start, which results in the same 1058 error.

So like I said, I am wondering if the sample is missing something in which NDIS is expecting when it registers, or if there is some gotcha that I am running up against. For instance, doing a google search for netvmini I see references to “netvmini setting up a device to accept IOCTLs”. But looking at the sample code at no point does it call NdisMRegisterDevice; that leads me to believe it is incomplete.

Yep, I just loaded it from the Add Hardware also and it worked. I also noticed when attempting to net stop the driver it gave me a message stating “this service cannot be paused or stopped”.

That still brings us full circle though; with a slightly different question. Is there an api, similar to SCManager, that will allow me to properly load an ndis driver. Such that preferably a user can just click my script and have it install everything for them.

I have used this method before with fs filter drivers and it worked fine, wondering if there is a similar way of doing it.

as suggested in the html manual, devcon.exe. The source code of it is
available in the DDK/WDK.

Have a nice day
GV

–
Gianluca Varenni, Windows DDK MVP

CACE Technologies
http://www.cacetech.com

----- Original Message -----
From:
To: “Windows System Software Devs Interest List”
Sent: Tuesday, November 06, 2007 1:57 PM
Subject: RE:[ntdev] netvmini sample issues

> Yep, I just loaded it from the Add Hardware also and it worked. I also
> noticed when attempting to net stop the driver it gave me a message
> stating “this service cannot be paused or stopped”.
>
> That still brings us full circle though; with a slightly different
> question. Is there an api, similar to SCManager, that will allow me to
> properly load an ndis driver. Such that preferably a user can just click
> my script and have it install everything for them.
>
> I have used this method before with fs filter drivers and it worked fine,
> wondering if there is a similar way of doing it.
>
> —
> NTDEV is sponsored by OSR
>
> For our schedule of WDF, WDM, debugging and other seminars visit:
> http://www.osr.com/seminars
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer