Unknown IOCTLs?

NTDEV
1

Hey community :slight_smile:
My usermode application should obtain data of the NICs in the format of GetAdaptersInfo without using this API. With XP, i just send a IOCTL_TCP_QUERY_INFORMATION_EX-request down to the Tcp device. Unfortunately, with Vista RC1, the things changed. Now GetAdaptersInfo sends down various requests down to the Nsi-device (??\Nsi). Here’s my log!

Open: 00000204 ??\Nsi // returned Handle, Object name
Control (1): 00000204 1179675 60 60 // Handle to send the request to, IOCTL-code, Inputbuffer size, Outputbuffer size
Control (2): 00000204 1179675 60 60
Control (3): 00000204 1179663 56 56
Control (4): 00000204 1179663 56 56
Control (5): 00000204 1179663 56 56
Control (6): 00000204 1179663 56 56
Control (7): 00000204 1179663 56 56
Control (8): 00000204 1179663 56 56
Control (9): 00000204 1179663 56 56
Control (10): 00000204 1179663 56 56
Control (11): 00000204 1179663 56 56
Control (12): 00000204 1179663 56 56
Open: 0000020C \DEVICE\NETBT_TCPIP_{…} //… = A Guid
Control (13): 0000020C 2162842 0 60
Control (13): 00000204 1179663 56 56
Control (14): 00000204 1179663 56 56
Control (15): 00000204 1179663 56 56
Control (16): 00000204 1179663 56 56
Control (17): 00000204 1179663 56 56
Control (18): 00000204 1179663 56 56
Control (19): 00000204 1179663 56 56
Control (20): 00000204 1179663 56 56
Control (21): 00000204 1179663 56 56
Control (22): 00000204 1179675 60 60
Control (23): 00000204 1179675 60 60
Control (24): 00000204 1179675 60 60
Control (25): 00000204 1179675 60 60

Those two IOCTL-Codes (1179663 und 1179675) are related to IOCTL_TCP_QUERY_INFORMATION_EX, but unfortunately I can’t find any information about them :frowning:

// IOCTL_TCP_QUERY_INFORMATION_EX: FILE_DEVICE_NETWORK 0 FILE_ANY_ACCESS METHOD_NEITHER
// 12001B: FILE_DEVICE_NETWORK 6 FILE_ANY_ACCESS METHOD_NEITHER
// 12000F: FILE_DEVICE_NETWORK 3 FILE_ANY_ACCESS METHOD_NEITHER

Help me :slight_smile:
Daniel

2

>> My usermode application should obtain data of the NICs in the format of
GetAdaptersInfo without using this API.

Didn’t you answer your own question? Vista has an entirely new dual
IPV4/IPV6 stack. Sure, it has extensive backward compatiblity at well
defined API surfaces (like GetAdaptersInfo()). Who knows, it might even be
willing to answer the IOCTL_TCP_QUERY_INFORMATION_EX if you just send it to
the correct device object (the same one used for XP) but I cannot say as I
have not tried nor would I expect MSFT to maintain such a thing given that
the helper APIs have been around for a long time.

Good Luck,
Dave Cattley
Consulting Engineer
Systems Software Development

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of
xxxxx@yahoo.de
Sent: Sunday, October 08, 2006 9:14 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] Unknown IOCTLs?

Hey community :slight_smile:
My usermode application should obtain data of the NICs in the format of
GetAdaptersInfo without using this API. With XP, i just send a
IOCTL_TCP_QUERY_INFORMATION_EX-request down to the Tcp device.
Unfortunately, with Vista RC1, the things changed. Now GetAdaptersInfo sends
down various requests down to the Nsi-device (??\Nsi). Here’s my log!

Open: 00000204 ??\Nsi // returned Handle, Object name Control (1): 00000204
1179675 60 60 // Handle to send the request to, IOCTL-code, Inputbuffer
size, Outputbuffer size Control (2): 00000204 1179675 60 60 Control (3):
00000204 1179663 56 56 Control (4): 00000204 1179663 56 56 Control (5):
00000204 1179663 56 56 Control (6): 00000204 1179663 56 56 Control (7):
00000204 1179663 56 56 Control (8): 00000204 1179663 56 56 Control (9):
00000204 1179663 56 56 Control (10): 00000204 1179663 56 56 Control (11):
00000204 1179663 56 56 Control (12): 00000204 1179663 56 56
Open: 0000020C \DEVICE\NETBT_TCPIP_{…} //… = A Guid Control (13):
0000020C 2162842 0 60 Control (13): 00000204 1179663 56 56 Control (14):
00000204 1179663 56 56 Control (15): 00000204 1179663 56 56 Control (16):
00000204 1179663 56 56 Control (17): 00000204 1179663 56 56 Control (18):
00000204 1179663 56 56 Control (19): 00000204 1179663 56 56 Control (20):
00000204 1179663 56 56 Control (21): 00000204 1179663 56 56 Control (22):
00000204 1179675 60 60 Control (23): 00000204 1179675 60 60 Control (24):
00000204 1179675 60 60 Control (25): 00000204 1179675 60 60

Those two IOCTL-Codes (1179663 und 1179675) are related to
IOCTL_TCP_QUERY_INFORMATION_EX, but unfortunately I can’t find any
information about them :frowning:

// IOCTL_TCP_QUERY_INFORMATION_EX: FILE_DEVICE_NETWORK 0 FILE_ANY_ACCESS
METHOD_NEITHER // 12001B: FILE_DEVICE_NETWORK 6 FILE_ANY_ACCESS
METHOD_NEITHER // 12000F: FILE_DEVICE_NETWORK 3 FILE_ANY_ACCESS
METHOD_NEITHER

Help me :slight_smile:
Daniel

Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

3

Thanks for you answer :slight_smile:
The problem is that a filter driver is the second part of my application, which should change the result of e.g. GetAdaptersInfo.

Anyway, I will continue searching the net :slight_smile:

Bye

4

After long hours of debugging every traces back to the function NsiEnumerateObjectsAllParameters and the related call of NsiEnumerateObjectsAllParametersEx and NsiIoctl. Unforunately there are no further information about that function, even not about it’s arguments, and so I can just guess :frowning: