My favorite perfcounters

… are the NDIS counters.  Like you even had to ask. We love performance counters on the Windows Networking team. We routinely use performance counters to monitor & diagnose issues. Nearly every networking feature has its own counter set, and Windows ships with far too many counter sets to document here. Fortunately, I don’t have…


It’s perfcounter week on the NDIS blog!

Actually every week is perfcounter week. Performance counters are an essential tool for devs, ops, … and marketing. Yet they’re often not well understood. Fortunately, under the hood, performance counters are very simple: a perfcounter is just a number that counts things. Before we get too far along, let’s agree on a bit of terminology:…


Eliminating empty handlers

Don’t come back empty-handlered NDIS drivers have several opportunities to supply advanced functionality through optional handlers. But if you don’t want the advanced functionality, you don’t need to bother implementing an empty handler. Why does it matter to you? It matters because it makes your code (slightly) more difficult to maintain. “Dummy” code is more…


Mapping from NDIS OIDs to WMI classes

In which we write a PowerShell script, install the WDK, attach a kernel debugger, reverse-engineer the OS, and prove Goldbach’s conjecture We’ve previously talked about how to rummage through all the NDIS WMI classes, but there’s one topic we haven’t fully covered.  Suppose you’re looking for the WMI class that maps to a specific OID…


Using C++ in an NDIS driver

Are NDIS drivers allowed to use C++? The first question is easy: can NDIS drivers be written in C++?  The answer: yes.  In this case, NDIS doesn’t have any official stance on C++, so we just fall back on the WDK’s general rules.  As of Windows Driver Kit 8, Microsoft officially supports using a subset…


Using WDF in an NDIS driver

Can, Should, and How? WDF is a framework that makes it easier to write Windows drivers.  NDIS is a framework for writing low-level Windows network drivers.  The purposes of these frameworks overlap a bit, and some people (okay, probably many people) are confused about the relationship between NDIS and WDF.  Today we’ll set down a…


The NDIS API naming convention

NdisFWhat?  Your secret decoder ring to NDIS functions The first time you come across NDIS, you might find yourself lost in the enormous number of NDIS APIs, OIDs, status codes, and data structures.  What’s the difference between NdisMIndicateStatus and NdisFIndicateStatus?  Fortunately, NDIS has naming conventions that make it a little easier to organize the APIs. …


Using the checked version of NDIS.SYS

I assert that this is a good way to find bugs Installing the checked version of the operating system is an effective technique to quickly find bugs in your network driver.  If you’re not familiar with checked builds (and even if you are), you should read the excellent documentation here.  Seriously, read it; I won’t…


NdisFRegisterFilterDriver fails… now what?

Decoding the error codes “I compiled my NDIS filter driver, but NdisFRegisterFilterDriver fails in my DriverEntry function.  Now what?” Here’s a table listing common problems and fixes.  Rows are grouped by symptom. Problem Resolution NDIS_STATUS_BAD_CHARACTERISTICS (0xc0010005) The Characteristics block has the wrong Header for the NDIS driver version. If you are writing an NDIS 6.0…