TDI filter and Microsoft Driver signing

OSR_Community_User · March 15, 2004, 7:44am

Hi,
Which is the best way of hooking protocol driver, TDI filter hook (using \Device\ipfilterdriver) or attaching my device object to \Device\Tcp by IoAttachDeviceToDeviceStack. If I attach my device object to \Device\Tcp all IRPs pass through me and I have full control. But the problem is does it make any issue when I try for Microsoft driver signature ?

Thanks
Deepu

Yahoo! India Insurance Special: Be informed on the best policies, services, tools and more.

Maxim_S_Shatskih · March 15, 2004, 7:55am

These 2 ways are the same.

I.e. - “attaching a filter to \Device\Tcp” - is “TDI filter”. Just another wording.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: Deepu MJ
To: Windows System Software Devs Interest List
Sent: Monday, March 15, 2004 3:42 PM
Subject: [ntdev] TDI filter and Microsoft Driver signing

Hi,
Which is the best way of hooking protocol driver, TDI filter hook (using \Device\ipfilterdriver) or attaching my device object to \Device\Tcp by IoAttachDeviceToDeviceStack. If I attach my device object to \Device\Tcp all IRPs pass through me and I have full control. But the problem is does it make any issue when I try for Microsoft driver signature ?

Thanks
Deepu
Yahoo! India Insurance Special: Be informed on the best policies, services, tools and more. — Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 You are currently subscribed to ntdev as: xxxxx@storagecraft.com To unsubscribe send a blank email to xxxxx@lists.osr.com

OSR_Community_User · March 15, 2004, 8:16am

OK Maxim. But we can also hook all events(not for a special protocol but all IP packets) using \Device\ipfilterdriver with IOCTL_PF_SET_EXTENSION_POINTER (which is documented in DDK). I am in doubt which is the standard way. If I “attach a filter to \Device\Tcp” (ya, as u named “TDI Filter”) , does it make any problem while appearing for Microsoft driver signature ?. And finally what are the procedure for getting driver signing?.

Thanks
Deepu

“Maxim S. Shatskih” wrote:
These 2 ways are the same.

I.e. - “attaching a filter to \Device\Tcp” - is “TDI filter”. Just another wording.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: Deepu MJ
To: Windows System Software Devs Interest List
Sent: Monday, March 15, 2004 3:42 PM
Subject: [ntdev] TDI filter and Microsoft Driver signing

Hi,
Which is the best way of hooking protocol driver, TDI filter hook (using \Device\ipfilterdriver) or attaching my device object to \Device\Tcp by IoAttachDeviceToDeviceStack. If I attach my device object to \Device\Tcp all IRPs pass through me and I have full control. But the problem is does it make any issue when I try for Microsoft driver signature ?

Thanks
Deepu

Yahoo! India Insurance Special: Be informed on the best policies, services, tools and more. — Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 You are currently subscribed to ntdev as: xxxxx@storagecraft.com To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@yahoo.co.in
To unsubscribe send a blank email to xxxxx@lists.osr.com
Yahoo! India Insurance Special: Be informed on the best policies, services, tools and more.

Maxim_S_Shatskih · March 15, 2004, 8:31am

This is Filter Hooks, which is below TDI. I would not recommend this API, since it seems to be too limited.

I don’t think there is a signature for such drivers. Just do not use PnP and INF files to install them - install by CreateService instead.

Anyway the best API for such tasks is probably NDIS IM driver.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: Deepu MJ
To: Windows System Software Devs Interest List
Sent: Monday, March 15, 2004 4:14 PM
Subject: Re: [ntdev] TDI filter and Microsoft Driver signing

OK Maxim. But we can also hook all events(not for a special protocol but all IP packets) using \Device\ipfilterdriver with IOCTL_PF_SET_EXTENSION_POINTER (which is documented in DDK). I am in doubt which is the standard way. If I “attach a filter to \Device\Tcp” (ya, as u named “TDI Filter”) , does it make any problem while appearing for Microsoft driver signature ?. And finally what are the procedure for getting driver signing?.

Thanks
Deepu

“Maxim S. Shatskih” wrote:
These 2 ways are the same.

I.e. - “attaching a filter to \Device\Tcp” - is “TDI filter”. Just another wording.

Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com

----- Original Message -----
From: Deepu MJ
To: Windows System Software Devs Interest List
Sent: Monday, March 15, 2004 3:42 PM
Subject: [ntdev] TDI filter and Microsoft Driver signing

Hi,
Which is the best way of hooking protocol driver, TDI filter hook (using \Device\ipfilterdriver) or attaching my device object to \Device\Tcp by IoAttachDeviceToDeviceStack. If I attach my device object to \Device\Tcp all IRPs pass through me and I have full control. But the problem is does it make any issue when I try for Microsoft driver signature ?

Thanks
Deepu
Yahoo! India Insurance Special: Be informed on the best policies, services, tools and more. — Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 You are currently subscribed to ntdev as: xxxxx@storagecraft.com To unsubscribe send a blank email to xxxxx@lists.osr.com

—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256

You are currently subscribed to ntdev as: xxxxx@yahoo.co.in
To unsubscribe send a blank email to xxxxx@lists.osr.com
Yahoo! India Insurance Special: Be informed on the best policies, services, tools and more. — Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256 You are currently subscribed to ntdev as: xxxxx@storagecraft.com To unsubscribe send a blank email to xxxxx@lists.osr.com

Abhijit · March 15, 2004, 9:00am

Hi,
Which is the best way of hooking protocol driver, TDI filter hook (using \Device\ipfilterdriver)
This is the Filter-Hook driver. But only one filter-hook may be active.

or attaching my device object to \Device\Tcp by IoAttachDeviceToDeviceStack. If I attach my device object to \Device\Tcp all IRPs pass through me and I have full control.
This is the TDI-Filter driver.

But the problem is does it make any issue when I try for Microsoft driver signature ?
No issues.

Out of the above 2 ways TDI-Filter driver is better.

For more info, visit the link
http://www.ndis.com/papers/winpktfilter.htm

Abhijit