NDISUIO.SYS - Windows XP SP2 - User Mode App Fails

Discussion in 'Windows Vista Drivers' started by Le Chaud Lapin, Jan 16, 2006.

  1. I am, like many others before me, attempting use NDISUIO.SYS for raw
    Ether frame transport. What was supposed to be a 2-hour quick fix has
    turned into a 30 hour nightmare.

    I am currently able to:

    1. Get handle for driver object from user mode.
    2. Bind to specific adapter using CreateFile.

    Beyond that, the WriteFile fails consistently with error code 0x1F,
    which seems to be according to MSDN:
    http://msdn.microsoft.com/library/d...-us/debug/base/system_error_codes__0-499_.asp

    ERROR_GEN_FAILURE
    31 A device attached to the system is not functioning.

    Nor can I set the filter for frame types.

    Has anyone gotten this to work on XP?

    -Le Chaud Lapin-
     
    Le Chaud Lapin, Jan 16, 2006
    #1
    1. Advertisements

  2. Le Chaud Lapin

    Pavel A. Guest

    Hi,
    You don't mention that you have been advised several times to
    use the ndisprot sample ( just to save time to others ).

    Several NTSTATUS codes can translate to win32 status 31 - including
    the "general failure" 0xc0000001 and many NDIS specific error codes.
    So it can mean that your write is failed by ndisuio driver.

    Regards,
    --PA
     
    Pavel A., Jan 16, 2006
    #2
    1. Advertisements

  3. Hi Pavel,

    I'm going to go ahead build NDISPROT, but in the meantime, is there any
    reason that you can think of why WriteFile would have failed?

    Windows XP Profesional SP2 Build 2600

    Again, I stopped and started NDISUIO.SYS before running the test, and I
    did verify that a different failure code was being returned
    (STATUS_INVALID_PARAMETER) if the MAC source address in the frame was
    not equivalent to the current MAC address of the underlying adapter
    (spoofed), so it seemed that the WriteFile was was working up to this
    point. If I use the correct MAC address, the returned error code
    changes from STATUS_INVALID_PARAMETER to 0x1F.
    //
    // To prevent applications from sending packets with spoofed
    // mac address, we will do the following check to make sure the
    source
    // address in the packet is same as the current MAC address of
    the NIC.
    //
    if ((WdfRequestGetRequestorMode(Request) == UserMode) &&
    !NPROT_MEM_CMP(pEthHeader->SrcAddr,
    pOpenContext->CurrentAddress, NPROT_MAC_ADDR_LEN))
    {
    DEBUGP(DL_WARN, ("Write: Failing with invalid Source
    address"));
    NtStatus = STATUS_INVALID_PARAMETER;
    break;
    }


    -Le Chaud Lapin-
     
    Le Chaud Lapin, Jan 16, 2006
    #3
  4. Le Chaud Lapin

    Pavel A. Guest

    ..............

    Here's one little problem. You ask about ndisuio - but quote from sources of
    ndisprot. They are no longer the same. Ndisuio can have additional limitations
    on the input buffer.

    Add plenty of debug trace into your own clone of ndisprot.
    ( you may want to use pre-WDF version of ndisprot from
    win2003 SP1 DDK; it is easier to install: no wdf binaries...)

    Regards,
    --PA
     
    Pavel A., Jan 16, 2006
    #4
  5. Aha. This is what I was afraid of, and this is the original reason
    that I was trying to just use NDISUIO. I'm working on something else
    that consumes all of my time, and it seemed that using NDISUIO.SYS
    would be a quick and easy way for me to transport ethernet frames from
    ring-3 without having to develop a driver. I have to maintain 4
    projects currently, so I cannot afford to embark upon a driver project,
    not even probing an existing driver. (Frankly, that's Microsoft's job.
    I'm following their documentation, after all). If I have to start
    debugging someone else's driver, then it's not quick and easy anymore.

    I was using code from the DDK for Windows CE, at least to read it to
    see what was going on in the driver. Then I used code for for DDK I
    grabbed from old IT department disk (version unknown, dated 2001).
    Then at suggestion of another poster, I downloaded WDF and saw the code
    for NDISPROT, and how it was checking for spoofed source MAC address
    whereas the older NDISUIO driver was not, and how there was no code in
    WDF version for uiotest. So it seems that the DDK I need is the one I
    skipped, and is probably the one containing the source code for the
    driver that is actually running on my system.

    So my question is this: Given that my laptop is running Windows XP
    professional Build 2600, SP2, what can I do *now* to drive NDISUIO.SYS?
    It's here, it's running, so it would seem it is a matter of setting
    proper flags in IOCTL'S.

    Undoubtedly, there have been many that figure out what flags are needed
    to drive this version of NDISUIO.SYS. Where is *that* user-mode source
    code?

    -Le Chaud Lapin-
     
    Le Chaud Lapin, Jan 16, 2006
    #5
  6. So my question is this: Given that my laptop is running Windows XP
    Build your own code based on NDISPROT DDK sample, name it in some way, and
    access it.
     
    Maxim S. Shatskih, Jan 16, 2006
    #6
  7. Le Chaud Lapin

    Pavel A. Guest

    Ndisuio on WinCE is *no longer* same as in WinXP.
    It's better to think of them as of unrelated (even though once they were
    related).
    And ndisuio is now a black box where your time will disappear.

    Regards,
    --PA
     
    Pavel A., Jan 16, 2006
    #7
  8. Up until now, I had been avoiding build.exe , instincts tell me that if
    I typed the letters B-U-I-L-D and hit the RETURN key, as Microsoft
    suggested, I'd be embarking upon yet another journey of a GIANT
    *(($)@#*#&!! WASTE OF TIME.

    But now, with the changes in where the libraries are located, and that
    new stub thing for DriverEntry, I had not choice, so I typed B-U-I-L-D
    -CZ at the command prompt, hit the return key, got error from NMAKE (rc
    = 2), even thought I DID NOT DO ANYTHING CONTRARY TO WHAT WAS SUGGESTED
    DURING THE INSTALLATION OF THE DDK, found work-around in this
    newsgroup, tried it, didn't really do anything, tried the build again,
    and got 68 *#(*(&$&*(@ errors. Count them 68!!! And I changed
    *nothing*. This installation is COMPLETELY VIRGIN!!

    Now.

    Microsoft!

    If any of you engineers who set up this crap are reading this, you
    should be ashamed. I know its not for lack of brain power. What is
    it? How hard is it to put down the toilet seat? Or up? Or whatever it
    is that some people ask for!!!!

    Better yet, it's probably not your fault, but your managers' faults. So
    I say to the managers of people who are undoubtedly capable of
    generating something that goes beyond this cow poo:

    No one enjoys wasting countless hour of their existence *&#(&()@#!!
    with trivialiaties that have no positive effect on the overall
    objective of the effort.

    LET YOUR ENGINEERS CLEAN THIS STUFF UP!!!!

    Good grief!

    (Sorry Max, obviously I'm not mad at you, I'm just so sick of this
    sh*t. i can't believe we put up with this.) I hate to think what
    would happen if I were paying a contractor $150/hour, and he spent 20
    hours working on this crap. I'm sure it happens.

    -Le Chaud Lapin-
     
    Le Chaud Lapin, Jan 16, 2006
    #8
  9. Le Chaud Lapin

    Pavel A. Guest

    oops. i've missed your main question. Below...

    Yes, "it" is here and running - but we don't know what is it.
    Source for the SP2 ndisuio is not published.
    Since ndisuio has been changed n SP2, any old sources and usermode code for
    these old ndisuio versions are not valid.
    You cannot copy old ndisuio to SP2 because it is a protected OS file; the
    windows file protection will restore it back.
    The latest ndisprot (DDK, not KMDF) is what you need.

    --PA
     
    Pavel A., Jan 16, 2006
    #9
  10. -CZ at the command prompt, hit the return key, got error from NMAKE (rc
    Is looking to build.log file too hard for you?

    BTW - such issue is if the project directory contains spaces. Since I always
    name my project directories like "d:\sb" or "d:\dvrem" or "d:\vsnap", I never
    saw this issue.

    Such a naming is good. I spend most of my time working with these projects, and
    typing the pathnames like "C:\Program Files\Microsoft\Developer Studio 200 \My
    Project Files" seems to be a monumental lack of usability.

    Unwinding the tree _of this depth_ in the GUI File Open dialog or Windows shell
    is not much better.
    You're welcome to ask. I - and other guys here - will answer. Most of the
    questions are well-known issues easy to bypass.

    I use BUILD as my main build env for all my work since around 2000-2001, and is
    satisfied with it.
    No. Contractors are accustomed to BUILD same way as the driver is accustomed to
    the steering wheel.
     
    Maxim S. Shatskih, Jan 17, 2006
    #10
  11. I will need to port some drivers from 32bit to 64bit.

    What 64 bit machine will I need for testing? I know that EMT64 and AMD64
    are much cheaper then Itanium, but Itanium is stricter - it does not allow
    alignment faults at all, while the AMD's CPUs do allow.

    Can I use the x64 machine and tweak some setting to disallow the alignment
    faults, so that it will be as strict in execution as Itanium?
     
    Maxim S. Shatskih, Jan 17, 2006
    #11
  12. Le Chaud Lapin

    Mark Roddy Guest

    OK I will state the obvious: maxim save your money and don't buy an
    Itanium. Yes it has unique 64bit porting issues, but your purchase
    will be a significant part of this year's itanium retail sales.



    =====================
    Mark Roddy DDK MVP
    Windows Vista/2003/XP/2000 Consulting
    Device and Filesystem Drivers
    Hollis Technology Solutions 603-321-1032
    www.hollistech.com
     
    Mark Roddy, Jan 17, 2006
    #12
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.