WMI events

Smarter than polling Suppose you want to know if a network adapter is connected.  If you read our last WMI blog post, you’re already clever enough to solve this handily: just query MSNdis_LinkState and execute  the WmiQueryLinkState method.  This is great if you need to poll the NIC for connectivity status — but what if…

1

Exploring NDIS’s WMI classes

Getting fancy with PowerShell and WMI Last time we got our feet wet with a simple PowerShell script to query Ethernet MAC addresses.  It looked easy, but of course, it requires you to know the magic WMI class name “MSNdis_EthernetCurrentAddress”.  How do you go about discovering other interesting WMI classes?  Once again, PowerShell to the…

10

TMF download page

Are you targeting Windows 8 or Windows Server 2012?  You don’t need anything from here!  These operating systems already include all the TMFs you’ll need in the PDB from the Microsoft Symbol Server. For Windows 7 and Windows Server 2008 R2, here is a copy of the TMF decoders for NDIS.SYS: → Download here. This…

0

WPP and KD

Industrial-strength tracing in an industrial-strength debugger Last time we talked about controlling WPP from the command-line.  This is great if you need to send instructions to a customer to collect logs, or if you want to automatically enable NDIS tracing on all your test machines.   Because you don’t need a debugger attached, the command-line approach…

1

Diagnostics with WPP

Industrial-strength tracing WPP is similar to DbgPrint.  In fact, for NDIS.SYS, WPP and DbgPrint trace exactly the same messages.  However, WPP is easier to enable and works on retail versions of NDIS.SYS.  These advantages mean that WPP can be enabled by customers, without setting up a kernel debugger.  Additionally, because WPP can write directly to…

1

Diagnostics with Event Viewer

Tracing made easy Starting with Windows 7 and Windows Server 2008 R2, NDIS can be configured to emit certain diagnostic information to the event log.  The event log is very easy to use, and it doesn’t require any special tools.  It’s especially good for easily identifying problems with driver registration, PNP and power management, OID…

0

Diagnostics tools in NDIS

Evolving beyond DbgPrint I’d like to take a break from our series on WMI (don’t worry — more WMI is coming soon!)  to respond to a recent discussion in the community.  Traditionally, we’ve used DbgPrint to debug NDIS issues.  This is convenient, since you can see the traces right in the kernel debugger as you’re…

0