diffs between XP/w2k and NT 4.0 drivers – newbie

Home Forums Discussions Support diffs between XP/w2k and NT 4.0 drivers – newbie

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • June 25, 2007 at 7:40 am #5110
    Navascues
    Participant

      Hi all,

      I have the source of a xp/w2k kernel-mode driver and I was asked for make it run on NT 4.0. It acts like a firewall controlling file access, the creating of process, the establishing of connections… this kind of things. I have never developed a driver before so I begun to read and read doc but I do not find anything expeciallized in “driver migrations” between different Win versions. So I have some sure-stupid-for-you newbie questions…

      1. Should I use DDK NT for the migration? Is it impossible to use later DDKs? I have XP DDK that contains a libw2k, libwxp, libwnet… but no something like libwnt. I ask it because I would want to use Ntstrsafe.lib and it is *said that I can use it for NT, but there is no Ntstrsafe.lib in DDK NT.

      * http://www.microsoft.com/whdc/Driver/tips/SafeString.mspx

      2. When I try to compile the driver with NT DDK as we can expect I get a lot of errors… unknown symbol OBJ_KERNEL_HANDLE, unfinded ndis.h, etc. What strategies do you advice me to resolve it? should i rewrite some entire parts of the code or could I fix it with a few changes? when I comment the ndis.h include it has a great impact … i guess there is no way to use it in NT drivers… so much changed the net interface?

      3 and last. Im debugging the xp version with WinDbg through a serial COM1 cable. Can you recommend me better way to do it? I mean, something with virtual machine would be enough for this job?

      Sorry for this long spanglish post, I hope you understand me and I hope I asked in a polite way.

      Thank you very much,

      Julian

      June 25, 2007 at 8:27 am #6340
      Vadim Smirnov
      Keymaster

        1. Should I use DDK NT for the migration? Is it impossible to use later DDKs? I have XP DDK that contains a libw2k, libwxp, libwnet… but no something like libwnt. I ask it because I would want to use Ntstrsafe.lib and it is *said that I can use it for NT, but there is no Ntstrsafe.lib in DDK NT.

        You can use Windows XP DDK and build NT driver with Windows 2000 building environment. Just avoid using functions added in Windows 2000 kernel and missed in NT4 (most of WDM stuff). Also, don’t forget to link exsup.lib to your driver, otherwise you may get some problems with trying to load your driver on Windows NT (an example if it uses SEH).

        2. When I try to compile the driver with NT DDK as we can expect I get a lot of errors… unknown symbol OBJ_KERNEL_HANDLE, unfinded ndis.h, etc. What strategies do you advice me to resolve it? should i rewrite some entire parts of the code or could I fix it with a few changes? when I comment the ndis.h include it has a great impact … i guess there is no way to use it in NT drivers… so much changed the net interface?

        OBJ_KERNEL_HANDLE, was added in Windows 2000, so you better make a workaround for this (move the code which operates with handles into the context of the System thread). ndis.h presents in Windows NT DDK, so basically there should not be any real problem with it. Just be more careful with NDIS version definitions.

        3 and last. Im debugging the xp version with WinDbg through a serial COM1 cable. Can you recommend me better way to do it? I mean, something with virtual machine would be enough for this job?

        You can run test system under VMWare, it works just fine with WinDBG. Under Windows NT4 it may be also useful to try SoftIce (it is discontinued but for NT4 works quite well).

        June 26, 2007 at 11:32 am #6341
        Navascues
        Participant

          Thanks!

          I get the ideas about you have explained to me although Im not sure how Im put them into practice. 🙂

          I realized the net control its done by implementing a firewall-hook driver… the idea is to make a function filter that it is called when its revieved a package and discarded/accepted depends on the logic of the function filter. It uses ipfirewall.h wich was introduced in Win 2000 DDK … so this is a case of “functions added in Windows 2000 kernel and missed in NT4”, isnt it?

          I suppose there is a site where its shown what is deprecated and what is new in each Windows version, but i do not found it, sorry.

          Thank you again,

          J

          June 27, 2007 at 1:53 pm #6342
          Vadim Smirnov
          Keymaster

            I realized the net control its done by implementing a firewall-hook driver… the idea is to make a function filter that it is called when its revieved a package and discarded/accepted depends on the logic of the function filter. It uses ipfirewall.h wich was introduced in Win 2000 DDK … so this is a case of “functions added in Windows 2000 kernel and missed in NT4”, isnt it?

            Firewall hook driver was added in Windows 2000 and you are right that you can’t use it under Windows NT. Actually there are two options to implement firewall in Windows NT:

            1) NDIS IM driver
            2) NDIS hooking driver

            NDIS IM is pain in Windows NT, this type of driver was improved only with Windows 2000 release. So I would recommend NDIS hooking one. Implementing such type of driver from the scratch is not easy task and you better find something ready, like WinpkFilter.

            June 27, 2007 at 2:40 pm #6343
            Navascues
            Participant

              Ok, thanks a million for your help.

              Julián

            • Author
              Posts
            Viewing 5 posts - 1 through 5 (of 5 total)
            • You must be logged in to reply to this topic.