C++/VB - Enabling/Disabling network interface programatically

Asked By Cosmi

17-Mar-08 04:06 AM

Hi,

Several weeks ago I started a virtual NIC driver that is supposed to
communicate with a user mode module pass the packets back and forth. I've got
the driver running but now I need to make the virtual NIC run only if the
user mode module is running and disable the NIC when the user mode app closes
down.
So if anybody tries to enable the virtual NIC manually I should check
somehow from KM if the user app is running. If not return with failure
When I start the user app it should start the driver also automatically and
start the packet exchange between them.

Any idea how can I implement these things?

Thanks,
Cosmin Onea

Win32 Networks Discussions

PsSetCreateProcessNotifyRoutine
(1)

PsSetLoadImageNotifyRoutine
(1)

Shcherbyna
(1)

Cosmin
(1)

Onea
(1)

B019B7267CCC
(1)

Presence
(1)

Packets
(1)

Volodymyr M. Shcherbyna replied...

18-Mar-08 05:15 AM

You may start or stop NIC driver from user mode - each time your UM
application gets started or closed. Look at devcon sources in WDK src/setup
directory.

As for checking against presence of UM application ... Basically, checking
against presence of UM application is not enough. If I am a smart guy, I can
rename any executable, say calc.exe into yourapp.exe, run it, put into
background, and enable your NIC - this will work, is not so?

You may implement an own protocol between UM application and your KM
component. For example, UM application sends IOCTL to driver when it's up,
and send IOCTL when it's down (unfortunatly, this would not work in case of
force termination, but it just depends upon requirements). This will enforce
that exactly "some magic" application is required to run your NIC.

--
V.
This posting is provided "AS IS" with no warranties, and confers no
rights.

Cosmi replied...

18-Mar-08 11:52 AM

Ok, I'll have a look at the sample.

The requirement sounds like:
application is not started."
When the driver loads the driver entry and Initialize is executed. How can I
check  that the user app is running at this stage? I'm afraid I can't IOCTL
from the user mode at this stage.
If you are familiar with hamachi they do it somehow. If you try start the
nic it says connection failed and back to disabled mode if the user app is
not running.

I need to investigate more.

Thanks,
Cosmin

Volodymyr M. Shcherbyna replied...

18-Mar-08 12:00 PM

You can track process creation && termination using
PsSetCreateProcessNotifyRoutine && PsSetLoadImageNotifyRoutine functions. In
PLOAD_IMAGE_NOTIFY_ROUTINE handler you can get the path of an image which is
loading, and set your driver into corresponding state if specified image
get's executed.

--
V.
This posting is provided "AS IS" with no warranties, and confers no
rights.

Pavel A. replied...

22-Mar-08 12:14 AM

This may work but looks too complicated. Perhaps this requirement could be
turned down
as not reasonable.
A non-admin user can't enable a physical netcard anyway, and admins can do
everything.
So the client app should be a service, or use a service.

Regards,
--PA

Previous Discussion: Repacking packets with TCP

KeDelayExecutionThread in PsSetCreateProcessNotifyRoutine callback C++ / VB

KeDelayExecutionThread in PsSetCreateProcessNotifyRoutine callback C++ / VB Hi, please be aware that this is academic. I have a driver that aggregates a list of pids via the PsSetCreateProcessNotifyRoutine callback. The pid list is copied back to user space via DeviceIoControl When a new usermode process call into a different process? 3. If I have n hooks in my PsSetCreateProcessNotifyRoutine list, will any subsequent ones run, or do they have to wait here as well 4. Does the newer PsSetCreateProcessNotifyRoutineEx behave the same? Thanks for any insights. Win32 Kernel Discussions PsSetCreateProcessNotifyRoutine (1) ExReleaseFastMutex (1) ExAcquireFastMutex (1) DeviceIoControl (1) CalledCreateProcess (1) CreateProcess (1) KernelMode (1) IoControl (1 into a process they call into the kernel which is shared by all processes. The PsSetCreateProcessNotifyRoutine callbacks are on a queue (limited in size by the way so do not put Filesystem and Driver Consulting Website: http: / / www.windrvr.com Blog: http: / / msmvps.com / blogs / WinDrvr PsSetCreateProcessNotifyRoutine callback to driver. on in the an 8 after the in the potentially system process you, but this post happened to come up at a bad time. keywords: KeDelayExecutionThread, in, PsSetCreateProcessNotifyRoutine, callback description: Hi, please be aware that this is academic. I have a driver that aggregates a list of pids via the PsSetCreateProcessNotifyRoutine callback. The pid list

connect, socket API, is sending the connection request after long delay C++ / VB

confirm this is the case try to run this code in XP SP1. - - Volodymyr M. Shcherbyna, blog: http: / / www.shcherbyna.com / (This posting is provided "AS IS" with no warranties, and confers no rights) Thanks but it was returning 10022 error. Regards, Gurmit On Feb 18, 9:55 = A0pm, "Volodymyr Shcherbyna" .com / WNDP / feedback / ViewFeedback.aspx?Feedback. . .). OR) Hello, You have to live with this limitation a way, that it does not issue 10 or more SYNs per second . . . - - Volodymyr M. Shcherbyna, blog: http: / / www.shcherbyna.com / (This posting is provided "AS IS" with no warranties, and confers no rights) Thanks but it was returning 10022 error. Regards, Gurmit On Feb 18, 9:55 pm, "Volodymyr Shcherbyna" And by the way, patching tcpip.sys could be unsafe. It allocates a LIST_ENTRY array limit it to more than 128 elements there will a corruption of memory. - - Volodymyr M. Shcherbyna, blog: http: / / www.shcherbyna.com / (This posting is provided "AS IS" with no warranties, and confers no rights) keywords

Hooking exit process C++ / VB

an exe but not in a dll loaded by that exe? Bruce. Win32 Kernel Discussions PsSetCreateProcessNotifyRoutine (1) PsSetLoadImageNotifyRoutine (1) VB (1) WriteProcessMemory (1) CrtCorExitProcess (1) GetCurrentProcess (1) HookExitProcess (1) MyExitProcess (1) The mystery get this information using hackery approach? In kernel mode driver you can use documented API: PsSetCreateProcessNotifyRoutine && PsSetLoadImageNotifyRoutine to setup callback for processes creation / termination. Depends on task, but you can do a with no warranties, and confers no rights. On Mar 20, 4:06 = A0pm, "Volodymyr M. Shcherbyna" You live and learn. I've used WriteProcessMemory before and never had any problems. It with no warranties, and confers no rights. On Mar 20, 4:06 pm, "Volodymyr M. Shcherbyna" You live and learn. I've used WriteProcessMemory before and never had any problems. It GUI, COM, C, VB, exe, dll, whatever. Bruce. On 20 Mar, 17:06, "Volodymyr M. Shcherbyna" I've just been lucky :-) I use it to write to:- + Read / Write memory I

how to use CRITICAL_SECTION??? C++ / VB

Win32 Kernel Discussions ThreadHandler (1) CreateThread (1) ¼¶¼g©ó¶l¥ó·s»D (1) Shcherbyna (1) KÃ¼rÃ¾at (1) LpParam (1) Mysample (1) Variablt (1) How do you use your class object? - - Volodymyr, blog: http: / / www.shcherbyna.com / (This posting is provided "AS IS" with no warranties, and confers no rights) exp is declared as void sample::test(int a) / / / / / / / / / VARIABLE, not POINTER - - Volodymyr, blog: http: / / www.shcherbyna.com / (This posting is provided "AS IS" with no warranties, and confers no rights) The can throw exception under some condirtions, IIRC when wait times out. - - Volodymyr, blog: http: / / www.shcherbyna.com / (This posting is provided "AS IS" with no warranties, and confers no rights) The itself. Later he tries to use pointer and have access violations. - - Volodymyr, blog: http: / / www.shcherbyna.com / (This posting is provided "AS IS" with no warranties, and confers no rights) If the following registry value: HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Control \ Session Manager \ CriticalSectionTimeout." - - Volodymyr, blog: http: / / www.shcherbyna.com / (This posting is provided "AS IS" with no warranties, and confers no rights) I I am not mistaken, five years it is documented for sure. - - Volodymyr, blog: http: / / www.shcherbyna.com / (This posting is provided "AS IS" with no warranties, and confers no rights) keywords

Uplink baud rate determination C++ / VB

refer to this idea? Regards Ronny Win32 Networks Discussions Vista (1) GetIfEntry (1) OzyJw (1) Shcherbyna (1) Russia (1) Istead (1) Uplink (1) QWave (1) How much different will it be points (servers) to test bandwidth, like in case of speedtest.net - - Volodymyr, blog: http: / / www.shcherbyna.com / (This posting is provided "AS IS" with no warranties, and confers no rights) Thanks M. Shcherbyna, I really didn't know this amazing site. I added it immediately to my favorites allows to do this via api. You can create first one :) - - Volodymyr, blog: http: / / www.shcherbyna.com / (This posting is provided "AS IS" with no warranties, and confers no rights) Maybe, the qWave API of Vista? :) - -PA Thanks Mr. Shcherbyna, I think I'll try but before I do, can you just refer to the some calculations should be done manually :) (to run on all OS). - - Volodymyr, blog: http: / / www.shcherbyna.com / (This posting is provided "AS IS" with no warranties, and confers no rights) Hello connection, but some websites somewhere in Russia takes ages to load. - - Volodymyr, blog: http: / / www.shcherbyna.com / (This posting is provided "AS IS" with no warranties, and confers no rights) keywords