WinTun support

Home Forums Discussions Support WinTun support

Tagged: 

Viewing 8 posts - 1 through 8 (of 8 total)
  • Author
    Posts
  • #11524
    oriolarcas
    Participant

      Hi,

      I would like to intercept packets before they are processed by a tunnel software, Wintun.

      Wintun creates a virtual interface, similar to a TUN or TAP in Linux. Said interface can be seen using ipconfig. However, it doesn’t appear in NDISAPI’s GetTcpipBoundAdaptersInfo call.

      Is there any solution or workaround?

      Thanks.

      #11525
      oriolarcas
      Participant

        Follow up:

        This is the code in Wintun that creates the adapter:

        
            NDIS_MINIPORT_DRIVER_CHARACTERISTICS miniport = {
                .Header = { .Type = NDIS_OBJECT_TYPE_MINIPORT_DRIVER_CHARACTERISTICS,
                            .Revision = NdisVersion < NDIS_RUNTIME_VERSION_680
                                            ? NDIS_MINIPORT_DRIVER_CHARACTERISTICS_REVISION_2
                                            : NDIS_MINIPORT_DRIVER_CHARACTERISTICS_REVISION_3,
                            .Size = NdisVersion < NDIS_RUNTIME_VERSION_680
                                        ? NDIS_SIZEOF_MINIPORT_DRIVER_CHARACTERISTICS_REVISION_2
                                        : NDIS_SIZEOF_MINIPORT_DRIVER_CHARACTERISTICS_REVISION_3 },
        
                .MajorNdisVersion = (UCHAR)((NdisVersion & 0x00ff0000) >> 16),
                .MinorNdisVersion = (UCHAR)(NdisVersion & 0x000000ff),
        
                .MajorDriverVersion = WINTUN_VERSION_MAJ,
                .MinorDriverVersion = WINTUN_VERSION_MIN,
        
                .InitializeHandlerEx = TunInitializeEx,
                .HaltHandlerEx = TunHaltEx,
                .UnloadHandler = TunUnload,
                .PauseHandler = TunPause,
                .RestartHandler = TunRestart,
                .OidRequestHandler = TunOidRequest,
                .SendNetBufferListsHandler = TunSendNetBufferLists,
                .ReturnNetBufferListsHandler = TunReturnNetBufferLists,
                .CancelSendHandler = TunCancelSend,
                .DevicePnPEventNotifyHandler = TunDevicePnPEventNotify,
                .ShutdownHandlerEx = TunShutdownEx,
                .CancelOidRequestHandler = TunCancelOidRequest,
                .DirectOidRequestHandler = TunDirectOidRequest,
                .CancelDirectOidRequestHandler = TunCancelDirectOidRequest,
                .SynchronousOidRequestHandler = TunSynchronousOidRequest
            };
        
            Status = PsSetCreateProcessNotifyRoutine(TunProcessNotification, FALSE);
            if (!NT_SUCCESS(Status))
                goto cleanupResources;
        
            Status = NdisMRegisterMiniportDriver(DriverObject, RegistryPath, NULL, &miniport, &NdisMiniportDriverHandle);
            if (!NT_SUCCESS(Status))
                goto cleanupNotifier;
        
        #11527
        Vadim Smirnov
        Keymaster

          Windows Packet Filter NDIS filter driver does not bind to WinTun network adapter because of the following in wintun.inf:

          HKR, Ndi\Interfaces, LowerRange, , "nolower"

          while in ndisrd_lwf.inf we have:

          HKR, Ndi\Interfaces, FilterMediaTypes,,"ethernet, wan, ppip, bluetooth"

          So there are two choices:

          • Change wintun.inf ‘nolower’ to ‘ethernet’
          • Add ‘nolower’ to the list of FilterMedia types in ndisrd_lwf.inf

          As a side effect second option will cause Windows Packet Filter driver binding to the interfaces it normally would not bind to and therefore it is not supported by stock driver build.

          #11528
          oriolarcas
          Participant

            Thank you Vadim, I added nolower to the FilterMediaTypes list in ndisrd_lwf.inf and it detected the WinTun interface. It worked out of the box.

            #11538
            oriolarcas
            Participant

              Hello again,

              I tried the solution in one Windows 10 machine, but when trying it in another one it did not detect the WinTun adapter.

              What I did was modify the .inf and recreate the .cat and sign with a test certificate. I can successfully install and load the driver in the second machine, but it simply acts as if there was no WinTun adapter, as if the .inf did not include any ‘nolower’ filter.

              I double-checked that the original driver is not present in DriverStore, and the driver that is installed is the one signed by me.

              The Windows 10 versions are the same (20H2), the only difference is that one is Home (unregistered) and the other is Education (registered).

              Any ideas? Any checklist that I could follow? Thanks in advance.

              #11539
              Vadim Smirnov
              Keymaster

                Try to add ‘ndis5’ to the list and let me know if it helped.

                #11540
                Vadim Smirnov
                Keymaster

                  This one seems to work just fine:

                  ;-------------------------------------------------------------------------
                  ; ndiswg_lwf.INF -- WinpkFilter NDIS LWF driver (WinTun build)
                  ;
                  ; Copyright (c) NT Kernel Resources.  All rights reserved.
                  ;-------------------------------------------------------------------------
                  [version]
                  Signature   	= "$Windows NT$"
                  Class     	= NetService
                  ClassGUID  	= {4D36E974-E325-11CE-BFC1-08002BE10318}
                  Provider    = %Ntkr%
                  CatalogFile = ndiswg.cat
                  PnpLockdown	= 1
                  
                  [Manufacturer]
                  %Ntkr%=Ntkr,NTx86,NTia64,NTamd64,NTARM64
                  
                  [Ntkr.NTx86]
                  %ndiswg_Desc%=Install, nt_ndiswg
                  
                  [Ntkr.NTia64]
                  %ndiswg_Desc%=Install, nt_ndiswg
                  
                  [Ntkr.NTamd64]
                  %ndiswg_Desc%=Install, nt_ndiswg
                  
                  [Ntkr.NTARM64]
                  %ndiswg_Desc%=Install, nt_ndiswg
                  
                  ;-------------------------------------------------------------------------
                  ; Installation Section
                  ;-------------------------------------------------------------------------
                  [Install]
                  AddReg=Inst_Ndi
                  Characteristics=0x40000
                  NetCfgInstanceId="{ACAA7086-8B4C-4443-B5CE-9694A907670C}"
                  Copyfiles = ndiswg.copyfiles.sys
                  
                  [SourceDisksNames]
                  1=%ndiswg_Desc%,"",,
                  
                  [SourceDisksFiles]
                  ndiswg.sys=1
                  
                  [DestinationDirs]
                  DefaultDestDir=12
                  ndiswg.copyfiles.sys=12
                  
                  [ndiswg.copyfiles.sys]
                  ndiswg.sys,,,2
                  
                  ;-------------------------------------------------------------------------
                  ; Ndi installation support
                  ;-------------------------------------------------------------------------
                  [Inst_Ndi]
                  HKR, Ndi,Service,,"ndiswg"
                  HKR, Ndi,CoServices,0x00010000,"ndiswg"
                  HKR, Ndi,HelpText,,%ndiswg_HelpText%
                  HKR, Ndi,FilterClass,, compression
                  HKR, Ndi,FilterType,0x00010001,0x00000002
                  HKR, Ndi\Interfaces,UpperRange,,"noupper"
                  HKR, Ndi\Interfaces,LowerRange,,"ndis5,ndis4"
                  HKR, Ndi\Interfaces, FilterMediaTypes,,"ethernet, wan, ppip, bluetooth, ndis5, nolower"
                  HKR, Ndi,FilterRunType, 0x00010001, 1 ;this filter must run before any protocol can bind to the below miniport 
                  
                  ;-------------------------------------------------------------------------
                  ; Service installation support
                  ;-------------------------------------------------------------------------
                  [Install.Services]
                  AddService=ndiswg,,ndiswg_Service_Inst
                  
                  [ndiswg_Service_Inst]
                  DisplayName     = %ndiswg_Desc%
                  ServiceType     = 1 ;SERVICE_KERNEL_DRIVER
                  StartType       = 1 ;SERVICE_SYSTEM_START
                  ErrorControl    = 1 ;SERVICE_ERROR_NORMAL
                  ServiceBinary   = %12%\ndiswg.sys
                  LoadOrderGroup  = NDIS
                  Description     = %ndiswg_Desc%
                  AddReg          = NdisImPlatformBindingOptions.reg
                  
                  [Install.Remove.Services]
                  DelService=ndiswg,0x200
                  
                  [NdisImPlatformBindingOptions.reg]
                  HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,2
                  
                  [Strings]
                  Ntkr = "NT Kernel Resources"
                  ndiswg_Desc = "WinpkFilter LightWeight Filter for WinTun"
                  ndiswg_HelpText = "WinpkFilter NDIS LightWeight Filter for WinTun"
                  #11543
                  oriolarcas
                  Participant

                    Hello,

                    It worked. It seems we were missing this change:

                    HKR, Ndi\Interfaces,LowerRange,,"ndis5,ndis4"

                    Thank you again for your excellent support.

                    Oriol

                  Viewing 8 posts - 1 through 8 (of 8 total)
                  • You must be logged in to reply to this topic.