Eliminating empty handlers

Don’t come back empty-handlered NDIS drivers have several opportunities to supply advanced functionality through optional handlers. But if you don’t want the advanced functionality, you don’t need to bother implementing an empty handler. Why does it matter to you? It matters because it makes your code (slightly) more difficult to maintain. “Dummy” code is more…


Mapping from NDIS OIDs to WMI classes

In which we write a PowerShell script, install the WDK, attach a kernel debugger, reverse-engineer the OS, and prove Goldbach’s conjecture We’ve previously talked about how to rummage through all the NDIS WMI classes, but there’s one topic we haven’t fully covered.  Suppose you’re looking for the WMI class that maps to a specific OID…


Using C++ in an NDIS driver

Are NDIS drivers allowed to use C++? The first question is easy: can NDIS drivers be written in C++?  The answer: yes.  In this case, NDIS doesn’t have any official stance on C++, so we just fall back on the WDK’s general rules.  As of Windows Driver Kit 8, Microsoft officially supports using a subset…


Using WDF in an NDIS driver

Can, Should, and How? WDF is a framework that makes it easier to write Windows drivers.  NDIS is a framework for writing low-level Windows network drivers.  The purposes of these frameworks overlap a bit, and some people (okay, probably many people) are confused about the relationship between NDIS and WDF.  Today we’ll set down a…


The NDIS API naming convention

NdisFWhat?  Your secret decoder ring to NDIS functions The first time you come across NDIS, you might find yourself lost in the enormous number of NDIS APIs, OIDs, status codes, and data structures.  What’s the difference between NdisMIndicateStatus and NdisFIndicateStatus?  Fortunately, NDIS has naming conventions that make it a little easier to organize the APIs. …


Using the checked version of NDIS.SYS

I assert that this is a good way to find bugs Installing the checked version of the operating system is an effective technique to quickly find bugs in your network driver.  If you’re not familiar with checked builds (and even if you are), you should read the excellent documentation here.  Seriously, read it; I won’t…


NdisFRegisterFilterDriver fails… now what?

Decoding the error codes “I compiled my NDIS filter driver, but NdisFRegisterFilterDriver fails in my DriverEntry function.  Now what?” Here’s a table listing common problems and fixes.  Rows are grouped by symptom. Problem Resolution NDIS_STATUS_BAD_CHARACTERISTICS (0xc0010005) The Characteristics block has the wrong Header for the NDIS driver version. If you are writing an NDIS 6.0…


Kernel debugging over the network

What just happened to my NIC?! We’ve previously published some tips on how to use the debugger to fix your NDIS miniport driver.  But today we’re going to turn the tables and talk about how the debugger uses NDIS to break your miniport driver. You can debug the Windows kernel through several transports.  One of…


Why is there a redundant Restart-NetAdapter cmdlet?

Sometimes you can’t just Enable your way out of a Disable mess Windows 8 and Windows Server 2012 include a whole set of new PowerShell cmdlets to manage the network stack.  These cmdlets include Enable-NetAdapter and Disable-NetAdapter.  Believe it or not, those two cmdlets let you enable and disable your network adapters, respectively.  Want to…