Hi,
I am considering writing a layer 2 driver based on open source WinPcap NPF driver (the one used in packet filters like Ethereal). Actually I can choose between writing a KMDF based driver from scratch, or write a WinPcap based driver. The goal is to support Vista Business, and get driver signed and pass WHQL certification, and my time is extremely limited, and the WinPcap method seems to be easier to get started. But is there any trouble to get WHQL certified for a WinPcap based driver?
Thanks.
There are no WHQL tests for NDIS protocol drivers. This means that you can
self-sign a NDIS protocol driver.
See this article NDIS drivers at NDIS.com:
http://www.ndis.com/papers/default.htm
I would suggest that you rename the driver and its service name, protocol
name and symbolic link names before you sign the driver. IOW, you’re your
own “OEM version” of WinPCap.
Otherwise, every hacker around will use your signed driver.
Good luck,
Thomas F. Divine
-----Original Message-----
From: xxxxx@lists.osr.com [mailto:bounce-276518-
xxxxx@lists.osr.com] On Behalf Of xxxxx@yahoo.com
Sent: Tuesday, January 23, 2007 8:13 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] WinPcap based network driver to pass WHQL certification?
Hi,
I am considering writing a layer 2 driver based on open source WinPcap NPF
driver (the one used in packet filters like Ethereal). Actually I can
choose between writing a KMDF based driver from scratch, or write a
WinPcap based driver. The goal is to support Vista Business, and get
driver signed and pass WHQL certification, and my time is extremely
limited, and the WinPcap method seems to be easier to get started. But is
there any trouble to get WHQL certified for a WinPcap based driver?
Thanks.
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Also, have you looked at WinPcap Professional? It supports Vista x86 and
x64.
More details here
http://www.cacetech.com/products/winpcap_professional.htm
Have a nice day
GV
PS: before you ask… yes, I’m one of the devs of both WinPcap and WinPcap
Pro.
----- Original Message -----
From: “Thomas F. Divine”
To: “Windows System Software Devs Interest List”
Sent: Tuesday, January 23, 2007 6:14 PM
Subject: RE: [ntdev] WinPcap based network driver to pass WHQL
certification?
> There are no WHQL tests for NDIS protocol drivers. This means that you can
> self-sign a NDIS protocol driver.
>
> See this article NDIS drivers at NDIS.com:
>
> http://www.ndis.com/papers/default.htm
>
> I would suggest that you rename the driver and its service name, protocol
> name and symbolic link names before you sign the driver. IOW, you’re your
> own “OEM version” of WinPCap.
>
> Otherwise, every hacker around will use your signed driver.
>
> Good luck,
>
> Thomas F. Divine
>
>> -----Original Message-----
>> From: xxxxx@lists.osr.com [mailto:bounce-276518-
>> xxxxx@lists.osr.com] On Behalf Of xxxxx@yahoo.com
>> Sent: Tuesday, January 23, 2007 8:13 PM
>> To: Windows System Software Devs Interest List
>> Subject: [ntdev] WinPcap based network driver to pass WHQL certification?
>>
>> Hi,
>>
>> I am considering writing a layer 2 driver based on open source WinPcap
>> NPF
>> driver (the one used in packet filters like Ethereal). Actually I can
>> choose between writing a KMDF based driver from scratch, or write a
>> WinPcap based driver. The goal is to support Vista Business, and get
>> driver signed and pass WHQL certification, and my time is extremely
>> limited, and the WinPcap method seems to be easier to get started. But is
>> there any trouble to get WHQL certified for a WinPcap based driver?
>>
>> Thanks.
>>
>> —
>> Questions? First check the Kernel Driver FAQ at
>> http://www.osronline.com/article.cfm?id=256
>>
>> To unsubscribe, visit the List Server section of OSR Online at
>> http://www.osronline.com/page.cfm?name=ListServer
>
>
> —
> Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
>
> To unsubscribe, visit the List Server section of OSR Online at
> http://www.osronline.com/page.cfm?name=ListServer
If you are just inspecting packets, then an NDIS Protocol driver (like
WinPcap) will do the job. If you need to modify, drop, or inject packets,
then look at using an NDIS LWF (new to NDIS 6 - Vista.) If the driver has
to modify, drop, or inject packets, and run on systems older than Vista,
then look at writing an NDIS IM driver.
If you are writing a driver for an actual NIC, then you are looking at
writing an NDIS Miniport driver, and this is where you could/should use
KMDF.
There are no Logo tests for NDIS Protocol drivers nor for NDIS LWF drivers
on Vista, so you don’t need a WHQL signature. You will need to sign the
driver packages.
-Preston
I am considering writing a layer 2 driver based on open source WinPcap NPF
driver (the one used in packet filters like Ethereal). Actually I can choose
between writing a KMDF based driver from scratch, or write a WinPcap based
driver. The goal is to support Vista Business, and get driver signed and pass
WHQL certification, and my time is extremely limited, and the WinPcap method
seems to be easier to get started. But is there any trouble to get WHQL
certified for a WinPcap based driver?