An update: after some badgering of MS, it's all OK. The calls are legal. Now if I could just figure out that driver verifier crash... A pretty frustrating...
Hi all, In my TimerFuntion i want to broadcast my own packet to the network (like ARP), i already knew how to encapsulate my packet but do not know how to...
Hi . In TDI Hook VXD driver (windows 98) How to retrieve ip,port in following dispatch function? the function is piece of TdiOpenAddressEntry. I tried to get...
Hi, all I have written a miniport driver under win2000. Now I want to change the parameter stored in registry via a win32 Utility, and the miniport driver will...
Hi again, I tried to write my 'own' IDS (just for fun and experience), but especially one thing stroke me: What's the best way to detect portscans if I have...
Hi all, I'm currently having three issues with my IM driver: 1. I'm using snetcfg to install it from another (user space) application, and the driver seems to...
Correction to my question #1; It's actually JUST Windows networking that breaks after uninstall/install byb snetcfg. Other TCP is fine, like telnet. Thanks, ...
Hi there, it takes more to detect intrusion than by inspecting only one packet, there are several places you can look for references such as www.lids.org ...
Using NDIS Task Offload from a NDIS IM driver is extremely difficult. See the NDIS FAQ Topic "Modifying NDIS Intermediate (IM) Drivers And NDIS Task-Offload"...
I think I didn't express clearly what I meant. I captured the complete payload and all headers of any packet that is sent/received through the computer's...
Does any one have performance analysis of events sent from a driver to a user application using named notification events? I need them to evaluate the overhead...
hi, I didnt get u but what i have understood from ur query is i've worked on events on high data traffic which u are asking. so just eloberate ur question and...
March 15, 2003 - Premier Issue of "Windows Driver Developer's Digest" ("WD Cubed") to be released. Walter Oney is launching a new "WebZine" focusing on the...
My intermediate driver needs quite a bit of memory, 80+ megabytes, which I allocate all out of non-paged memory (using NdisAllocateMemoryWithTag) Now, I have...
You should be able to use ExAllocatePoolWithTag. Use of this is discouraged by WHQL, but is permitted in some cases. Search for ExAllocatePoolWithTag in MSDN. ...
Sorry for not replying earlier: What I exactly want is the comunication over head from a kernel driver (IM filter) to a user application given that the two are...
Hi, all. If I just want to have a driver that does nothing but monitor MDL sizes for Send()/Receive() operations through to TCP or UDP, what's the best way to...
If you have a TDI filter driver, then the answer should already be fairly clear. For each send or receive operation you would examine each chained MDL using...
Use NdisAllocateMemoryWithTag (preferred) or NdisAllocateMemory (if first function not available) no allocate non-paged memory. In NDIS IM driver you can use...
Also, examine the MACROs in tdikrnl.h. For example, the TdiBuildSend MACRO shows where SendLen is stashed. That should (MUST) be the same as the sum of the MDL...
See the events will be fired very fast at high traffic, but the application must have mechanizm to deal with this situation if the traffic is very high. What...
Hi All, Currently I am Developing a TDI Based Firewall.The core of the firewall is a TDI Filter driver which filters all the IRPs sent to TCP device. I want to...
I have two product(rawether,NDISPIM) about PCAUSA. Nowdays,I found your product(May be Rawether Product) using on Wirelee Monitor Program(May be Wireless...
... Please describe what you mean by "is not run". Does it cause a crash? Does it hang the system? Does it just do nothing at all? Does it get caught in an...
Thank you about reply. NDISPIM(Win9xPIMEB Sample) with rawether : Device Driver is crash. Windows 9x System is Bule screen and then ethernet device can not ...
I successfully allocated my driver memory out of the Paged Pool, but my driver crashed during PtUnbindAdapter/MPHalt since part of my memory seems to be...
Having problems with message search?
Fill out this form to ensure your group is one of the first to be migrated to the new message search system.
