Using C++ in an NDIS driver

Are NDIS drivers allowed to use C++? The first question is easy: can NDIS drivers be written in C++?  The answer: yes.  In this case, NDIS doesn’t have any official stance on C++, so we just fall back on the WDK’s general rules.  As of Windows Driver Kit 8, Microsoft officially supports using a subset…


Using WDF in an NDIS driver

Can, Should, and How? WDF is a framework that makes it easier to write Windows drivers.  NDIS is a framework for writing low-level Windows network drivers.  The purposes of these frameworks overlap a bit, and some people (okay, probably many people) are confused about the relationship between NDIS and WDF.  Today we’ll set down a…


The NDIS API naming convention

NdisFWhat?  Your secret decoder ring to NDIS functions The first time you come across NDIS, you might find yourself lost in the enormous number of NDIS APIs, OIDs, status codes, and data structures.  What’s the difference between NdisMIndicateStatus and NdisFIndicateStatus?  Fortunately, NDIS has naming conventions that make it a little easier to organize the APIs. …


Using the checked version of NDIS.SYS

I assert that this is a good way to find bugs Installing the checked version of the operating system is an effective technique to quickly find bugs in your network driver.  If you’re not familiar with checked builds (and even if you are), you should read the excellent documentation here.  Seriously, read it; I won’t…


NdisFRegisterFilterDriver fails… now what?

Decoding the error codes “I compiled my NDIS filter driver, but NdisFRegisterFilterDriver fails in my DriverEntry function.  Now what?” Here’s a table listing common problems and fixes.  Rows are grouped by symptom. Problem Resolution NDIS_STATUS_BAD_CHARACTERISTICS (0xc0010005) The Characteristics block has the wrong Header for the NDIS driver version. If you are writing an NDIS 6.0…


Kernel debugging over the network

What just happened to my NIC?!We’ve previously published some tips on how to use the debugger to fix your NDIS miniport driver.  But today we’re going to turn the tables and talk about how the debugger uses NDIS to break your miniport driver. You can debug the Windows kernel through several transports.  One of the…


Why is there a redundant Restart-NetAdapter cmdlet?

Sometimes you can’t just Enable your way out of a Disable mess Windows 8 and Windows Server 2012 include a whole set of new PowerShell cmdlets to manage the network stack.  These cmdlets include Enable-NetAdapter and Disable-NetAdapter.  Believe it or not, those two cmdlets let you enable and disable your network adapters, respectively.  Want to…


Thanks for your help making Windows great!

Really, it’s all about self-interest Remember way back when you first set up your new computer?  Windows probably prompted you to “join the Customer Experience Improvement Program”.  For those of you who elected to join this program: thanks!  Without any extra effort on your part, you are helping us design a better product. But with…


Making minidumps more useful

Miniport: meet minidump Minidumps are a small (~100kb) record of a crash.  As their name suggests, they’re optimized for small size… at the expense of usefulness.  Minidumps include just enough information to see the stack of the faulting thread, but they don’t generally have other threads or most of kernel pool.  If someone brings me…