RE: NDIS/Networking Newbie

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance

PA,

We use different user-space mechanisms to get both process and user context
(including terminal services users). On pre-Vista, you are correct, we use
TDI along with user processes/services. On Vista, we're moving to WFP, and
on other platforms (e.g. Mac and CE/PPC/Mobile 5) we use whatever interfaces
are most efficient for collecting and matching process information with flows
(including pre-fetching user/process information before flows start).

But you are correct in your point that an IM-level module can't get this
information with native interfaces. Our goal is to offer a framework that
insulates the developer from the limitations of specific OSs.


Steve

"Pavel A." wrote:

Hi Steve,

But DNE provides process context by hooking on TDI level, it is not pure IM?

--PA


"Steve Jackowski" wrote:

Carl,

If you're interested in a cross-platform IM-like framework (9x through
64-bit Vista, CE/PocketPC/Mobile 5, Macintosh, Solaris, Linux) where a single
driver will run on all platforms, please take a look at our DNE product
www.determinsticnetworks.com/products/dne.asp. It is installed in millions
of systems and actually does have an option to provide a process context at
the IM level.


Steve
"Carl Woodward" wrote:

Dear all,

I am just beginning to start looking at NDIS and Networking and am
reasonably comfortable with the principles but am constantly confusing
myself and have found some of the NDIS documentation too technical. I guess
what I am looking for is an overview. Are there any resources on the
Internet that I can look at?

My first goal is to write a filter driver that captures all network activity
and the process context for the network request. I am principly interested
in TCP/IP connections but being able to filter all network traffic for all
adapters is my ultimate goal. My target platforms are XP, 2K3 and Vista.

Just to make sure that I am not wasting a vast amount of time, I am hoping
NDIS experts on here can set me straight on a few questions:

1. Should I be writing a filter driver similar to passthru?
2. Is it possible to capture process context for each outbound packet or is
the process context arbitrary?
3. The WDK and DDK docs hint that passthru may not be suitable for a
production driver. Is there anything significant missing from it?

Many thanks for any responses!

Carl


.

Relevant Pages

  • Re: NDIS/Networking Newbie
    ... My first goal is to write a filter driver that captures all network activity ... and the process context for the network request. ... 2K3 and Vista. ... Should I be writing a filter driver similar to passthru? ...
    (microsoft.public.development.device.drivers)
  • Re: NDIS/Networking Newbie
    ... "Carl Woodward" wrote: ... My first goal is to write a filter driver that captures all network ... and the process context for the network request. ... Should I be writing a filter driver similar to passthru? ...
    (microsoft.public.development.device.drivers)
  • Re: NDIS/Networking Newbie
    ... But DNE provides process context by hooking on TDI level, ... >> myself and have found some of the NDIS documentation too technical. ... >> and the process context for the network request. ... Should I be writing a filter driver similar to passthru? ...
    (microsoft.public.development.device.drivers)
  • Re: NDIS/Networking Newbie
    ... "Thomas F. Divine" wrote: ... But DNE provides process context by hooking on TDI level, ... My first goal is to write a filter driver that captures all network ... Should I be writing a filter driver similar to passthru? ...
    (microsoft.public.development.device.drivers)