Rawether for Windows The Win32 NDIS Framework (WinDis 32) Release Notes Printing Communications Associates, Inc. 4201 Brunswick Court Smyrna, GA 30080 USA TEL: (770) 432-4580 FAX: (770) 436-7246 E-Mail: tdivine@pcausa.com ====================================================================== Component Part No.: Rawether for Windows SDK/DDK Component Name : Rawether for Windows, The Win32 NDIS Framework ====================================================================== Rawether Version : 5.60.19.02 (5.6.19.2 or 5.6.1902) Build.Revision : 5.6.1902 Release Date : 8/24/09 1.) Modified drivers to use IoCreateDeviceSecure with SSDL SDDL_DEVOBJ_SYS_ALL_ADM_RWX_WORLD_RWX_RES_RWX. SDDL_DEVOBJ_SYS_ALL_WORLD_RWX_RES_RWX allows the kernel and system complete control over the device. By default the admin can access the entire device, but cannot change the ACL (the admin must take control of the device first). Everyone else, including "restricted" or "untrusted" code can read or write to the device. Traversal beneath the device is also granted (removing it would only effect storage devices, except if the "bypass-traversal" privilege was revoked). ====================================================================== Rawether Version : 5.60.19.01 (5.6.19.1 or 5.6.1901) Build.Revision : 5.6.1901 Release Date : 4/15/09 1.) Switched from WDK 6001.18001 to WDK 6001.18002. Difference in 18002 is only related to KMDF so this is an academic issue. 2.) Eliminated "-VS2005" from folder names: Apps-VS2005 -> Apps Dll-VS2005 -> Dll LIB-VS2005 -> Lib 3.) Fixed typo in OEMNAMES.h. 4.) Added _WIN64 preprocessor conditionals to W32N55.RC to cause version info to be correct for x86 and x64 DLL builds. This change also required adding the "/d _WIN64" option to the resource project settings for the x64 configuration. In addition, version numbers used in the version resource of the DLL and the drivers are now taken from the REVersion.h header file. 5.) Modified definition files. W32N55.DEF is now used to build both W32N55.DLL and W64N55.DLL. ====================================================================== Rawether Version : 5.60.19.00 (5.6.0.1 or 5.6.1900) Build.Revision : 5.6.1900 Release Date : 4/13/09 Modifications to support Windows 7 using NDIS 5 protocol drivers while continuing to support Visual Studio 2005. NOTE: The release notes narrative mentions changes to PCANUser. However, at item 19.) notice that PCANUser was deprecated and replaced entirely with the new LegacyInstall tool. NOTE: V5.6 references some Vista-specific header and library files. If you are using VS 2005, then you must install the Vista Platform SDK to have access to these files. The Vista Platform SDK is the LAST SDK that is compatible with VS2005. 1.) Removed define for BINARY_COMPATIBLE from SOURCES files to allow build under Windows XP build environment of the Windows Server 2008 WDK (WDK Build 6001.18001). 2.) Renamed 64-bit drivers. Drivers now differentiated only by containing folder: WAS: PCASp50a64/PcaMp50a64 IS : PcaSp50/PcaMp50 ATTENTION!!! Requires change to W32N55.INI and W64N55.INI file. 3.) Driver executables now reside in Packages folder and sub-folders. 4.) Driver packages folder now includes .INF for INF-style installation. The .INF file is generated at driver build time from the .INX file in the folder containing driver sources. 5.) Removed support for Windows 95/98/ME. 6.) Made initial effort at replacing deprecated string functions with recommended safe string functions. 7.) Fixed a bug in PCANuser that caused the application never to exit when run on Windows 7. PCANUser indirectly calls LockServiceDatabase in a loop. On Windows 7 LockServiceDatabase does nothing. But worse, the nothing it does will cause the loop waiting for the SCM database lock to never exit… 8.) Added initialization of m_pSupportedPhyTypes in NDIScope CDot11Page. Without this there could be an exception when the page is destroyed. 9.) Added ProtInstall and INF-based installation files. NOTE: In order to build this program you must have access to the netcfgx.h header file from the Windows Server 2003 DDK. 10.) Significantly revised project settings to eliminate use of custom build events. These were confusing the install projets and could result in making an install that did not have correctly signed applications. 11.) Eliminated use of global shared memory. This was causing Limited User Account issues. These were acceptable (apparently) under Windows Vista but resulted in requiring application to run in Compatibility mode under Windows 7. The necessity for using global shared memory was, in fact, deprecated in previous Rawether releases. It was used to insure that if multiple applications were concurrently using the Rawether drivers that esiting one application would not stop the Rawether driver service while it was still in use. In previous Rawether releases a change was made so that any application could start the Rawether driver, but no application would actually stop it. Hence, the need for the global shared memory is no more. 12.) Found gross error that caused problems when running on Windows 7. In RECONFIG.cpp in the RECfg_InitDriverContext routine there is a switch table that operates on the OS major/minor version. Simply put: there was no support for OS version 6.1 (Windows 7). Hence operation would fail unles Vista compatibility mode was selected. I guess that Vista compatibility mode convinces the software that the OS version in 6.0 (Vista) and allows it to work OK. 13.) Further modifications to PCANUser to accomodate two different install scenarios: a.) Rawether legacy install, where drivers are copied to Drivers folder. b.) Rawether install using INF file and ProtInstall tool as custom action. PCANUser now checks for the existance of the SCM entry for each driver. In case a.) the entry will not exist and PCANUser will create the service entry. In case b.) the service entry will already exist because the INF processing will have created it. In either case PCANUser will assign a NULL DACL to the service entry. 14.) Added SCM_QueryServiceStatus routine to W32N55 routines. This supports checking for existance of the driver service entry. 15.) In SCM_StartService changed access privileges requested. No longer request SERVICE_ALL_ACCESS. With more limited access privileges Windows 7 tolerates the StartService request. Note: With the final addition of 13 - 15 finally have clean Rawether install on Windows 7 _IF_ the MSI installer is run with elevated privileges. 16.) Previous Rawether versions assigned a NULL DACL on the NDIS protocol drivers. This basically allows any user to access the Rawether NDIS protocol drivers. Using the NULL DACL privilege is actually not a good practice. In addition, at some point new OS releases may no longer support the use of NULL DACLs. In any event, with this release Rawether no longer uses the NULL DACL privilege. Instead it assigns a somewhat more restrictive provilege: "D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GRGWGX;;;AU)(A;OICI;GA;;;BA)" This discretionary ACL: * Deny access to Built-in Guests * Deny access to Anonymous Logon * Allow read/write/execute to Authenticated Users * Allow full control to Administrators This DACL is implemented using new SCM_SetRawetherDacl routines provided in W32N55 DLL. Modified ProtInstall and PCANUser to assign this new DACL to the Rawether drivers. 17.) Modified REVerify to display actual NDIS driver names instead of canned "PCANDIS" and "PCAMPR". 18.) REVeifier has issues with WIndows Vista application compatibility. Asks "Do you want this application to change your computer settings?". Revised REVerify to use minimal access privilege requests in an attempt to placate the compatibility checker. Although REVerify no longer requests access that allows settings to be changed, the compatibility checker continues to complain. Possibly simply importing OpenSCManager is sufficient to aggravate this facility. Finally rebuilt REVerify from scratch as a VS2005-originated MFC application. Logic is essentially identical. The new application works without complaints on Vista SP1. The "new" Rawether installation verifier is called "REVerify2.exe". Fixed bug in REVerify that prevented it from properly verifying the W64N55 DLL on x64 systems. 19.) Deprecating PCANUser. This is replaced by new "LegacyInstall" tool that can install and remove the non-PnP (a.k.a. "Legacy") driver using service control manager calls. With this change INF or non-PnP installs _AND_ uninstalls can be done with similar MSI CustomAction calls: INF Instalation Install : ProtInstall /Install ServiceName PnPDeviceID Uninstall: ProtInstall /Uninstall ServiceName Non-PnP (Legacy) Instalation Install : LegacyInstall /Install ServiceName PnPDeviceID Uninstall: LegacyInstall /Uninstall ServiceName 20.) Added new Setupx86-INF installer project that builds INF-based install for 32-bit platforms. ====================================================================== Component Part No.: Rawether for Windows SDK/DDK Component Name : Rawether for Windows, The Win32 NDIS Framework ====================================================================== Rawether Version : 5.50.18.06 Build.Revision : 1806 Release Date : 03/19/08 1.) Moved location of B2WInet folder from the \PCADev root to the project root. The original intent was to have a common B2WInet used for multiple PCAUSA projects, however this introduced problems when distributing an individual project. SO, it is better to duplicate these files with every project. 2.) Made small changes to use of Interlocked functions in handling reference counts in NdfObject.c. ====================================================================== Rawether Version : 5.50.18.05.0002 Build.Revision : 1805.0002 Release Date : 12/01/06 1.) Added fairly clean Windows Installer 3.0 implementation for installing Rawether sample executables on Windows 2000 through Vista x86 Editions _and_ Windows XP through Vista x64 Editions. The Rawether applications for this installer are built using Visual Studio 2005, including 64-bit applications for x64 Editions. Note that Visual Studion 2003 _could_ be used to build the Rawether 32-bit applications. Note also that the Rawether 32-bit applications can run on Windows x86 and x64 Editions. ====================================================================== Rawether Version : 5.50.18.05.0001 Build.Revision : 1805.0001 Release Date : 6/01/06 *** LIMITED EXTERNAL VISTA TESTING *** *** NOT A PRODUCTION RELEASE *** 1.) Modified PCANUser application. Now creates service and then sets NULL DACL for both single-packet and multi-packet drivers. This eliminates the need to run an application that opens these drivers before calling PCANUser to add the NULL DACL. 2.) Added limited support for Vista to NDIScope. Added Vista OIDs Added Vista NDIS_MEDIUM Added Vista NDIS_PHYSICAL_MEDIUM ATTENTION!!! Vista NDIS 6 data structures are _NOT_ included in this release. They will be available in Rawether V6.0 via including NTDDNDIS.h. 3.) Added limited support for Vista OIDScope and OIDLookup. Added Vista OIDs. ====================================================================== Component Part No.: Rawether for Windows SDK/DDK Component Name : Rawether for Windows, The Win32 NDIS Framework ====================================================================== Rawether Version : 5.50.18.04.0001 Build.Revision : 1804.0001 Release Date : 11/17/05 NOTE: The changes made in this release are broken down into these categories: 1.) Base runtime component (driver/DLL) fixes and enhancements. 2.) Fixes specific to .NET Framework support (Rawether .NET). ************************************************************************* *** Build 1804 - Base Runtime Component Fixes and Enhancements *** ************************************************************************* 1.) Made fix to NDIS protocol drivers to deal with bug that could occur when closing an adapter handle. Problem was that driver code that attempted to cancel pending reads was not synchronized with I/O manager's calls to automatically cancel pending I/O when a handle was closed. 1.1) In W32N_CloseAndFreeOpenContext no deleted code that attempted to cancel pending reads. Now depend entirely on I/O manager to cancel pending reads when handle is closed. 1.2) In PCANDISDeviceCleanup added code to delay cleanup operations until I/O manager has canceled all pending reads. At PCAUSA this bug was only observed whe running the Checked Build in a situation where debug messages were verbose. These messages changed timing so that all I/O had not actually been cancelled at the point the driver was called at the Cleanup routine. This bug could certainly be expected to occur under other circumstances. 2.) Modified adapter medium array passed to NdisOpenAdapter to include NdisMediumWan. This allows driver to open NDISWANIP. This change, and other associated changes, provides Rawether with a LIMITED capability to operate with the NDISWANIP adapter. I particular, Rawether can be used to monitor received packets only if certain the \Device\NDISWANIP device is opened and the NDIS packet filter is set to NDIS_PACKET_TYPE_DIRECTED. NOTE: Setting the NDIS packet filter to any type other than NDIS_PACKET_TYPE_DIRECTED will cause the WAN link to fail. The standard Rawether 'C' API can be used to open NDISWANIP if the string "\\Device\\NDISWANIP" is passed to the XYZ_OpenAdapter functions. Be sure to set the NDIS packet filter to NDIS_PACKET_TYPE_DIRECTED instead of NDIS_PACKET_TYPE_PROMISCUOUS. NOTE: Information about accessing NDISWANIP from Rawether .NET are further down in these notes. 3.) Made several driver improvements based on recommendations from PREfast V2.1.4492 (Longhorn 5048 DDK). Including: 3.1) Replaced calls to ExAllocatePool with ExAllocatePoolWithTag. 3.2) Fixed two instances of a DbgPrint format string mismatch. 3.3) Added code to prevent NULL pointer dereference in two places in the NDIS protocol drivers. These were unlikely situations where the NULL pointer could only originate from the OS. 4.) Improved the Read IRP queueing and IPR cancellation logic in PcaSp50 driver. 5.) Made some improvements to Read IRP queueing and IRP cancellation logic in PcaMp50 driver. 6.) Fixed reference counting bug in PcaMp50 driver that could cause memory leak if driver was open and closed repeatedly. 7.) In PcaSp50 and PcaMp50 drivers, made improvement to reference counting logic in call to W32N_MakeRequest. Modified W32N_MapFileObjToOpenContext to optionally add reference count to W32NOpenContext. This allowed open context to be referenced earlier in the sequence. This may help a bug reported by one customer who saw an access violation when dereferencing an open context when a request was completed. 8.) In PcaSp50 and PcaMp50 drivers added sanity check for NULL W32NOpenContext in AcceptPacket routine. 9.) In PcaSp50 and PcaMp50 drivers improved sanity checking for NULL list elements when walking various linked lists. 10.) Converted PcaSp50.sys and PcaMp50.sys to use new PCAUSA Network Driver Framework (NDF) referenced-counted NDIS memory management routines. 11.) Now allocate memory for per-open structure (W32N_OPEN_CONTEXT) from a NDIS lookaside list instead of from the NDIS global heap. 12.) Under Bin and Lib folders renamed "amd64" sub-folders to "x64". This change in naming convention will require a change in your linker settings. 13.) Made small modifications to W32N55 DLL to allow the 64-bit version (W64N55.DLL) to be build under Visual Studio 2005 x64 configuration. The VS 2005 project for building the W32N55/W64N55 DLL is in the new DLL-VS2005 folder. The VS 2005 W64N55.DLL is now what is provided in the sample executables. It remains possible to build W64N55.DLL using the Windows Server 2003 SP1 X64 build environment. 14.) Can now build selected Rawether C/C++ applications using Visual Studio 2005. The VS 2005 projects are in the new Apps-VS2005 folder. An important fallout of this is that there is now a x64 version of the NDIScope MCF application. 15.) Fixed bug that prevented NDIScope.chm Help file from being shown when the NDIScope Help button was pressed. ************************************************************************* *** Build 1804 - .NET Framework Component Fixes and Enhancements *** ************************************************************************* 1.) Fixed error in definition of NDIS_802_3_ADDRESS.Any. WAS : {0x00, 0x00, 0x00, 0x00, 0x00, 0x0A } SHOULD BE: {0x00, 0x00, 0x00, 0x00, 0x00, 0x00 } 2.) Fixed bug that would cause AdapterObject.EnableLoopBack to throw exception if called with true as the parameter. Bug is actually in the REInvoke.cs in the supporting DisableLoopback routine. There at approximately line 2733 the test for a null macAddress should be changed: WAS : if( macAddress == null ) SHOULD BE: if( (object )macAddress == null ) 3.) Fixed typo in file CSApps\NDIScope\CaptureDlg.cs about line 1115. WAS : else if( ipDatagram.Protocol == IPPROTO.IPPROTO_UDP ) { dumpBuilder.AppendFormat( "udp {1,4}: ", ipDatagram.DataLength ); } SHOULD BE: else if( ipDatagram.Protocol == IPPROTO.IPPROTO_UDP ) { dumpBuilder.AppendFormat( "udp {0,4}: ", ipDatagram.DataLength ); } 4.) Added limited support for WAN Miniport IP (NDISWANIP). This capability is limited to being able to monitor directed packets (i.e., only received packets). In addition, sending on an established WAN connection is not practical in most cases and incorrect setting of the NDIS packet filter on this adapter can interfere with normal operation. Because of these limitations Rawether includes code that prevents WAN miniports, including NDISWANIP, from being listed in the normal adapter enumeration collections. If the ability to monitor received NDISWANIP packets is sufficient, then this version of Rawether .NET can be used if the following steps are followed: a.) The NDISWANIP adapter can be opened by explicitly creating it's BindingName: wanIpName = new BindingName( "WAN Miniport IP", "\\Device\\NDISWANIP" ); This binding name can be passed to the OpenAdapter method to open NDISWANIP. b.) Insure that SetInformation call to set the PacketTypes is modified to select the Directed PacketType for the NDISWANIP adapter. The NDIScope (C# version) application has been modified to add NDISWANIP to the adapter chooser list if the line in NDIScope.cs at about line 134 is uncommented. NDIScope (C#) has also been modified to insure that the NDIS packet filter is set to Directed for NDISWANIP. See the code in CaptureDlg.cs at about line 626. If is also appropriate to use smaller read buffers when operating on slower WAN links. NDIScope (C#) includes code to conditionally use smaller buffers for NDISWANIP by calling ConfigureReadQueue in CaptureDlg.cs at about line 586. 6.) Fixed bug in IPAdapterInfo constructor. This would enter an infinite loop under some network configuration conditions. 7.) Added new NDIS_802_11_FIXED_IEs class to replace previous NDIS_802_11_FIXED_IEs marshalled structure. New NDIS_802_11_FIXED_IEs class is actually useful. 8.) Added methods to access BSSID list item Privacy member. 9.) Corrected ArpData.ProtocolType method to return EtherType (ushort) instead of IPPROTO (byte) type. Corrected Capture Dialog to make correct check when displaying ARP. WAS: if( (IPPROTO )arpData.ProtocolType == IPPROTO.IPPROTO_IP ) SHOULD BE: if( (EtherType )arpData.ProtocolType == EtherType.ETHERTYPE_IP ) 10.) Significant improvement of Rawether.Internet IPv6 support contrinuted by PCAUSA customer Mark Devol. Also improvement of IP Helper IPv6 support. 11.) Can now build the C# applications and Rawether class library using Visual Studio 2005. The VS 2005 projects are in the new CSApps-VS2005 folder. ====================================================================== Rawether Version : 5.50.18.03.0003 Build.Revision : 1803.0003 Release Date : 4/5/05 NOTE: The changes made in this release are broken down into three categories: 1.) Base runtime component fixes and enhancements. 2.) Windows x64 Edition fixes and enhancements. 3.) Fixes specific to .NET Framework support (Rawether .NET). ************************************************************************* *** Build 1803 - Base Runtime Component Fixes and Enhancements *** ************************************************************************* 1.) Modified Tutorial\RxTrivial to fix logic bug in two places: WAS: while( 1 ) SHOULD BE: while( g_bShutdown == FALSE ) 2.) In MPRHAPI.H PCAMPR5_BASE_NAME was defined incorrectly. Because of this the MPREAD application would fail unless the WxxN55.INI file was present. 3.) The WLAN_QueryAssociationInfo function was improperly declared as WLAN_QueryGetAssociationInfo in the WinDis.h header. WAS: WLAN_QueryGetAssociationInfo( SHOULD BE: WLAN_QueryAssociationInfo( 4.) Fixed bug in RxSimple tutorial sample. The FreeAdapterContext in RxSimple.cpp did not free allocated packets. In addition, that application MUST wait in an alertable state in order for cancelled operations to complete when an adapter is closed. In RxSimple this can be done by adding a SleepEx call at the beginning of FreeAdapterContext. WAS: VOID FreeAdapterContext( PAdapterContext pAdapter ) { ... while( !W32N_IsListEmpty( &pAdapter->RxPacketList ) ) { PRxPacketRecord pRxPacket; pRxPacket = (PRxPacketRecord )W32N_RemoveHeadList( &pAdapter->RxPacketList ); } ... } SHOULD BE: VOID FreeAdapterContext( PAdapterContext pAdapter ) { // Wait in Alertable State ot Allow Cancelled Operations to Complete SleepEx( 1000, TRUE ); // ADD THIS LINE!!! ... while( !W32N_IsListEmpty( &pAdapter->RxPacketList ) ) { PRxPacketRecord pRxPacket; pRxPacket = (PRxPacketRecord )W32N_RemoveHeadList( &pAdapter->RxPacketList ); free( pRxPacket ); // ADD THIS LINE!!! } ... } 5.) Fixed bug in OIDScope CAdapterSheetNT::MakeNdisRequest routine. Added check on error returned from DeviceIoControl before calling GetOverlappedResult. Without this check the call to fetch the OID_GEN_SUPPORTED_GUIDS and OID_GEN_PROTOCOL_OPTIONS (possibly others) would hang the application. 6.) Removed unnecessary calls to MmProbeAndLockPages/MmUnlockPages for I/O calls that use METHOD_OUT_DIRECT or DO_DIRECT_IO in PcaMp50 IRP_MJ_READ handler and completion calls. ************************************************************************* *** Build 1803 - Windows x64 Runtime Component Fixes and Enhancements *** ************************************************************************* 1.) Some 64-bit applications were linking to old W64N55a64.lib instead of W64N55.lib. Fixed W64N55 AMD64Build SOURCES files. 2.) LIBRARY directive in W64N55.DEF was old W64N55a64 instead of new W32N55. Caused 64-bit applications to fail to run because non-existant W64N55a64.DLL could not be found even when linked properly to W65N55.LIB. 3.) Changed argument passed to OnTimer methods in NDIScope and OIDScope to accomodate building 64-bit versions. WAS : void OnTimer( UINT nIDEvent ); SHOULD BE: void OnTimer( UINT_PTR nIDEvent ); 4.) Tested Rawether Build 1803 applications and drivers on Longhorn Alpha Build 5049. Tested NDIScope, HookPeek (PCASp50.sys driver), MPRead (PCAMp50.sys driver), OIDScope and Rawether C# applications. With the above changes these 32-bit applications and 32-bit drivers worked OK on 32-bit Longhorn Alpha Build 5049. Work on Rawether NDIS 6 drivers will resume when the next LDK is released. 5.) Changed name of Rawether API DLL for AMD64 from W64N55a64.dll to simply W64N55.DLL. This was prompted by Microsoft dropping Windows XP support for ia64 (Itanium). ************************************************************************* *** Build 1803 - .NET Framework Component Fixes and Enhancements *** ************************************************************************* 1.) Fixed memory leak in MprApi SendSinglePacket routine. These members were being repeatedly re-allocated and GC didn't ever release them: ManualResetEvent sendWaitEvent = null; Overlapped sendOvlp = null; Now made them private static members that are allocated only once. Also revised the NativeOverlapped .Pack logic. 2.) Added call to IPHelper.GetIPAdapterInfo in NDIScope C# version General Charactersistics Page. Simply to illustrate making the call... 3.) Fixed bug in PcaMuxDriver.cs, PcaMuxAdapter class, method public PcaMuxAdapter( string serviceName ). Was : serviceName = serviceName; Should Be: this.serviceName = serviceName; 4.) Fixed same bug in PcaLwfDriver.cs, PcaLwfAdapter class, method public PcaLwfAdapter( string serviceName ). Was : serviceName = serviceName; Should Be: this.serviceName = serviceName; 5.) Fixed bug in PcaMprProtDriver.cs, PcaMprProtDriver class, SetReadIdleTimeout method: Was : readIdleTimeout = readIdleTimeout; Should Be: idleTimeout = readIdleTimeout; 6.) Made change to BufferReadAsyncCallbackCommon in PcaMprProtAdapter class in PcaMprProtDriver.cs (about line 808) to accomodate bug that was flushed out when attempting to build under Visual Studio .NET Whidbey Beta 1. Was : if( ar.Callback != null ) { ar.Callback.Invoke( ar ); // Call as in Rawether Build 1802 } Should Be: if( ar.Callback != null ) { ar.Callback( ar ); // Changed at Rawether Build 1803 } 7.) Made change to IP_ADAPTER_INFO structure in Internet.cs assembly to accomodate building under Visual Studio .NET Whidbey Beta 1. WAS : public unsafe struct IP_ADAPTER_INFO { public IP_ADAPTER_INFO* Next; // As in Build 1802 ... public IP_ADDR_STRING* CurrentIpAddress; // As in Build 1802 ... } Should Be: public unsafe struct IP_ADAPTER_INFO { public void* Next; // Changed in Build 1803 ... public void* CurrentIpAddress; // Changed in Build 1803 ... } 8.) Made change to NativeOverlapped handling in REthInvoke.cs to fix a "Can not pack a packed Overlapped again." runtime exception encountered when running under Visual Studio .NET Whidbey Beta 1. NOTE: Rawether .NET Build 1803 is not a complete adaptation of Rawether .NET to Visual Studio .NET Whidbey. Residual warnings still remain and will be fixed in future Rawether .NET releases. Build 1803 does, however, address most known breaking problems. 9.) In IPAddressTuple constructor in Rawether DLL Internet.cs module, added code to handle empty address and mask strings. Without this change an exception is generated when fetching IP information for disconnected adapters. 10.) Made change in REConfig.cpp module in W32N55 DLL to accomodate error encountered using Visual Studio .NET 2005 Beta 2. In the RECfg_GetNativeHostCpu routine (about line 162): WAS: typedef (WINAPI *K32_GetNativeSystemInfoProc)( OUT LPSYSTEM_INFO lpSystemInfo ); SHOULD BE: typedef void (WINAPI *K32_GetNativeSystemInfoProc)( OUT LPSYSTEM_INFO lpSystemInfo ); 11.) Made change in W98Enum.cpp module in W32N55 DLL to accomodate error encountered using Visual Studio .NET 2005 Beta 2. In the _WIN98_QueryAdapterNdiRange routine (about line 813): WAS: MultiByteToWideChar( 0, 0, szTemp, -1, (PUSHORT )lpValue, cbValue ); SHOULD BE: MultiByteToWideChar( 0, 0, szTemp, -1, (LPWSTR )lpValue, cbValue ); ====================================================================== Rawether Version : 5.50.18.02 Build.Revision : 1802.0 Release Date : 10/25/04 ********************************************************************** *** NOTICE: This update applies to Rawether .NET only *** *** If you are using the standard Win32 NDIS 'C' API, then this *** *** release has offers no changes. Neither the NDIS drivers *** *** nor the W32N55 DLL are changed in this release. *** ********************************************************************** 1.) Fixed bug in SetInformation handler that caused incorrect data lengths to be passed in some cases. Observable effects of this bug were NDIS_802_11_ENCRYPTION_STATUS and NDIS_802_11_AUTHENTICATION_MODE would fail with NDIS_STATUS_INVALID_LENGTH error. 2.) Implemented new NDIS_NDIS_802_11_WEP class to replace NDIS structure by same name. The new class is easier to use. 3.) Implemented new NDIS_802_11_KEY class to replace NDIS structure by same name. The new class is easier to use. 4.) Extended the Internet classes to include _partial_ implementations of these IP-related classes: IPDatagram (Base Class) IPv4Datagram IPv6Datagram TcpSegment UdpDatagram IcmpMessage IPAddressRaw IPEndPointRaw IPEndPointPairRaw 5.) Added a Rawether .NET forms-based version of NDIScope. This illustrates many of the NDIS query functions. In addition, it includes a rudimentary packet capture display facility that is loosely modeled after the Unix TcpDump utility. ====================================================================== Rawether Version : 5.50.18.01 Build.Revision : 1801.0 Release Date : 09/07/04 1.) Extending the Rawether WinDis 32 API to work with the protocol edge of NDIS IM drivers and NDIS 6 LWF drivers. This involves moving and renaming some IOCTL and structure definitions to a new header called "Rawether.h". 2.) Changed parameters passed to MPR_OpenProtocolDriver and W32N_OpenProtocolDriver to include BOOLEAN bAutoLoad. If bAutoLoad is FALSE, then the function simply attempts to open a conrol channel to the driver. If bAutoLoad if TRUE, then the function will attempt to load and start the driver if necessary. This should not intoduce a compatibility problem since this function is really for internal use. I don't recall it being in any Rawether sample application except for BindList. There the change would be: WAS: hDriver = W32N_OpenProtocolDriver(); SHOULD BE: hDriver = W32N_OpenProtocolDriver( FALSE ); 3.) Changed behavior of PCAMp31.VxD driver. Prior versions would return an empty buffer from MPR_ReadPacketBufferEx as a "keep-alive" indication. This behavior was inconsistent with the PCAMp40 and PCAMp50 drivers which do not complete empty MPR buffers. Changed PCAMp31.VxD behavior so it does not complete empty MPR buffers. 4.) Fixed bug in V5.5 WLAN_SetSsid function. Buffer containing SSID was accidentally zeroed before being passed to the driver. 5.) Added WLAN_QuerySupportedRatesEx function, which makes query on OID_802_11_SUPPORTED_RATES using 16-byte NDIS_802_11_RATES_EX buffer. 6.) Fixed bug in WLAN_Supports802_11 function. This function failed to detect some 802.11g miniports. ====================================================================== Rawether Version : 5.50.17.00 Build.Revision : 1700.0 Release Date : 05/17/04 SUMMARY: This is a major update to Rawether for Windows. The primary focus of is to improve the runtime component install methodology with the goal of eliminating side-by-side runtime component conflicts. In order to enforce the benefits of the revised installation methods the Rawether runtime components are renamed to avoid conflict with prior versions. HOWEVER, for the most part existing applications that use the WinDis 32 API can be adapted to this release by simply recompiling and linking with new headers and import libraries. A secondary goal of this release is to introduce preliminary Rawether 64-bit support and to streamline the DLL code. 1.) Changed driver runtime locations from their "historical" locations to correct locations. Starting with this version it is REQUIRED that driver runtime binary images be located as follows: Windows 9X/ME : Windows\System Windows NT and Higher: Windows\System32\drivers 2.) Modified DLL to support simplified driver OEM renaming. With this modification an INI file can be provided that will specify OEM driver names that will override the default Rawether driver names. With this change it is no longer necessary to recompile the DLL to make it recognize OEM driver names. Here is one section of a sample INI file related to defining OEM names that override the default Rawether driver names: ; These are the names for the V5.5 versions of the traditional "PCANDIS" ; single-packet read drivers on 32-bit Windows. [SinglePacket.x86] NDIS31=PCASp31 NDIS40=PCASp40 NDIS50=PCASp50 NDIS60=PCASp60 [RAWETHER] ; Used to insure shared memory names do not collide. SharedMemoryName="RawetherGShared" 3.) Changed behavior of MacEnum_OpenEnumeration. Previous versions attempted to filter the raw enumeration list by attempting to open the adapter. Adapters were put in the enumeration list if they could be successfully be opened using EITHER W32N_OpenAdapter (PCANDIS# drivers) OR MPR_OpenAdapter (PCAMPR# drivers). For customers who were only installing PCANDIS# drivers, the call to MPR_OpenAdapter does create unneeded Service Control Manager registry entries as well as nuisance messages in the Event Log. In this release of Rawether the default behavior of MacEnum_OpenEnumeration is to filter only using W32N_OpenAdapter. Users who are installing only the PCAMPR# drivers can eliminate the "reverse" of this problem (unwanted PCANDIS# entries) by explicitly opening a MAC enumeration using this call: return( MacEnum_OpenEnumerationEx( MacEnumFilterForPCAMPR ) ); 4.) Overhaul of W32N50 DLL code. Code review and restructure with goal of making code easier to read and maintain. 4.1) Eliminated the VBW32N_XYZ API family. This was not found to be suitable for its intended use of supporting Visual Basic interface to Rawether API. 4.2) Changed calling conventions for exported functions. WAS: 'C' using __declspec( dllexport )/__declspec( dllimport ) IS : WINAPI (Pascal) plus .DEF file These changes are implemented in WINDIS.H (W32N_XYZ API family) and PCAMPRZ.H (MPR_XYZ API family). NOTE: This change requires that existing applications be linked with the new DLL import library. 4.3) Renamed DLL to insure there is no conflict/confusion about new installation install locations, new customization features, new DLL export methods and modified W32N_/MPR_ API. WAS: W32N50.DLL IS : W32N55.DLL 4.4) Added code in W32N55 to detect native host CPU type (x86, ia64, amd64) and select appropriate driver to load. This is an extension of the OEM-renaming logic. 4.5) Added code to fetch global shared memory name from INI file: [RAWETHER] Product="Rawether for Windows" APIVersion=5.03.17.58 ... SharedMemoryName="RawetherGShared" 4.6) Added: W32N_CloseProtocolDriver (Previously just called CloseHandle...) MPR_CloseProtocolDriver (Previously just called CloseHandle...) 4.7) Turned up the comiler warning level (and used more strict 64-bit compiler). This identified a few areas that needed improvement. 4.7.1) More consistent use of BOOL (LONG) and BOOLEAN (UCHAR). 4.7.2) Modifications based on the _WIN64 preprocessor directive to exclude functions Windows 9X/ME and Windows NT 4.0 from being built into the Windows 64-Bit Rawether API DLL (W64N55.DLL). These modifications allow the 32-Bit DLL (W32N55.DLL) and the 64-Bit DLL (W64N55.DLL) to be built using common sources. 5.) Completed thunking for 32-bit applications running on 64-bit PCANDIS driver: W32N_MakeNdisRequest W32N_PacketRead(Ex) W32N_PacketSend(Ex) Same 32-bit application can run on 32-bit and 64-bit Windows. 6.) Built 64-Bit AMD versions of these applications using DDK Build 3790 Windows Server 2003 AMD 64-Bit environment. (Tested on Windows XP 64-Bit Edition for AMD). Simple - Simple Rawether API test application. RxSimple - Simple Rawether packet read application for the single-packet read driver. RxTrivial - Even simpler Rawether packet read application for the single-packet read driver. MPRead - Sample Rawether packet read application for the multi-packet read driver. EnumTest - MacEnum adapter enumeration test application. 7.) Improved the WLANDetector sample application. 7.1) Revised detection scheme so that it does not require NIC to be associated in order to properly identify it as 802.11. 7.2) Added BSSID list scan display. 8.) It's time to move on... All 32-bit user-mode components are now built using Visual Studio .NET 2003 instead of Visual C++ 6.0. 9.) Added support for Extensible Authentication Protocol over LAN (EAPOL) in NDIScope Start Capture dialog and companion EAPOL monitoring support into HookPeek packet monitor. 10.) Added a number of 802.11 WLAN_XYZ helper functions to W32N55 DLL. The use of these functions in illustrated primarily in the NDIScope 802_11_ dialogs. Functions added include are simple wrappers over the basic Rawether NDIS Query/Set functions. WLAN helper functions added include: 11.) Added BSD 5.0 network definition headers in B2WInet folder. These more extensive headers replace some older PCAUSA headers that were in the Include folder. The B2WInet folder is shared between user-mode applications and kernel drivers. It is also shared between multiple PCAUSA products. The B2WInet folder is located at \PCADev\B2WInet. Project settings will need to be revised to reference the B2WInet folder. Files removed from Include folder include: Previously In Include Now In B2WInet ethertype.h ethernet.h Some spelling differences... ETHERTYPE_DECEXP ETHERTYPE_DECEXPER ====================================================================== Windows Version : 5.03.16.59 Build.Revision : 1659.0 Release Date : 5/??/04 1.) Added reference counting on adapter and open contexts in PCANDIS and PCAMPR drivers. Goal is to reduce possibility of invalid memory memory accesses. 2.) Modified the HookPeek MPRead packet monitoring applications to make smoother shutdown when adapter is disabled. Added StartShutdown function that is called from: a.) The Ctrl-C handler, when user elects to stop the application. b.) The HandleReadComplete or ProcessRxPackage routines if a receive error is encountered. These improvements required changes to the user-mode APC handlers to detect I/O errors. Code in the Receive.c modules for HookPeek and MPRead should be reviewed and adpoted into any existing applications. For Windows 9X/ME an additional periodic check on the adapter handle is made in the main thread wait loop. 3.) Modified PCAMPR ReadIdleTimer logic to make more efficient use of queued MPR buffers. Basic logic is to insure that MPR buffers completed by the ReadIdleTimer are paced at about the rate that it takes for the buffer to be consumed by the user-mode application AND also returned to the driver's MPR buffer queue. The logic insures that at most only one MPR buffer at a time is completed to the user-mode application by the ReadIdleTimer. ReadIdleTimer processing is re-enabled only when the previously-completed ReadIdleTimer MPR buffer has been passed back to the driver. 4.) Added spin lock protection when saving packet sequence number (nPacketNumber) in PCANDIS and PCAMPR drivers. ====================================================================== Windows Version : 5.03.16.58.1 Build.Revision : 1658.1 Release Date : 4/22/04 1.) One additional fix that prevented the 1658 PCAMPR driver from starting. PCAMPR.C at DriverEntry line 708: WAS: if( PCAMPRReadRegistryDefaults( RegistryPath ) != STATUS_SUCCESS ) { Status = STATUS_UNSUCCESSFUL; return(Status); } SHOULD BE: PCAMPRReadRegistryDefaults( RegistryPath ); i.e.: Don't bail if PCAMPRReadRegistryDefaults fails... ====================================================================== Windows Version : 5.03.16.58 Build.Revision : 1658.0 Release Date : 4/14/04 1.) Interim bug fix release. Fixed bug introduced in V5.03.16.57. The flaw was in kernel-mode string parsing code used to extract ServiceName from RegistryPath in DriverEntry routine. This bug has the effect of causing the creation of a bogus driver ServiceName and SymbolicLink name under some conditions. On some systems running WLANDetect the first time would succeed. However, running WLANDetect a second time would fail. Since it was a string-related bug there could have been other unpredictable problems as well. Customers using V5.03.16.57 should upgrade to V5.03.16.58. 2.) Major improvements to OIDScope. These changes are prototypes for changes to NDIScope to be provided in Rawether V5.5.17.59. ====================================================================== Rawether Version : 5.03.16.57 Build.Revision : 1657.0 Release Date : 1/11/04 1.) Made correct update of W32NDIS.h with OIDs and structures for Wi-Fi Protected Access (WPA). Update in V5.03.16.56 was incomplete. 2.) Fixed bug in PCAMPR driver related to handling partial packets in ProtoclReceive handler. Bug was that offset passed to NdisTransferData was incorrect. This bug showed up on Windows Server 2003 when using ReakTek 8139 PCI card. May also be seen on RealTek 8019 adapters. The miniport drivers for these adapters uses the old-style NdisMEthIndicateReceive call with "partial packets" that require a call to NdisTransferData to fetch residual data. In some cases, getting an updated driver will resolve the problem. The single-packet read PCANDIS5 driver did not have this bug. 3.) Removed some unused structure definitions and unused variables from PCANDIS and PCAMPR drivers. Mostly these relate to the device extension - which is not actually used in these driver versions. 4.) Made some driver modifications to increase security and stability based on information learned at DevCon 2003. Added sanity checks on size of input buffer passed to DeviceIoControl routines. These checks are also essential when the driver is built for the WIN64 environment. 5.) Modified drivers by eliminating some unused code and simplifying some code paths. 6.) The W32N50 DLL includes a user-mode version of the BPF filter code. This is provided in order to allow users to name some user-mode tests of BPF programs, if desired. Although the kernel-mode of the bpf_filter function has no known bugs, the user-mode bpf_filter counterpart has not been updated to match the kernel-mode version. The user-mode bpf_filter function has been updated in this release. 7.) Added #define for WINDIS_SHARED_MEMORY_NAME in NDISHAPI.h and OEMNAMES.h. This allows the WinDis shared memory name to be customized for OEMs. The shared memory fill mapping object is created and destroyed in W32N50 DllMain. The area is used to determine when it is OK to actually unload the NDIS protocol drivers. 8.) Made minor modifications needed to allow Rawether for Windows to run successfully on Windows Longhorn PDC/DevCon preview (Build 4051). 8.1) Modified MacEnum_OpenEnumeration to recognize Longhorn platform. Prior versions fo Rawether fail immediately because the Longhorn platform is not recognized. 8.2) Made a minor modification to the W32N_IsWindows2000 function in the W32N50 DLL. Now returns TRUE if running on Windows Longhorn. NOTE: PCAUSA _will_ be developing a NDIS 6.0 NDIS protocol driver as the Longhorn development cycle progresses. We already do have a fully functional NDIS 6.0 "Lightweight Filter Driver" that was tested at the DevCon NDIS porting labs in November, 2003. 9.) Modified the MacEnum logic. The final step in the MacEnum logic is to see if the adapter that is found in the enumeration can actually be opened by Rawether. In prior versions this final step involved two steps: A.) Try to open the adapter by calling W32N_Open Adapter (Open on PCANDIS driver. If successful, add the adapter to the enumeration list. B.) If W32N_OpenAdapter fails, try to open the adapter by calling MPR_OpenAdapter (open on PCAMPR driver). If successful, add the adapter to the enumeration list. C.) If neither W32N_OpenAdapter or MPR_OpenAdapter can open the adapter, do not list the adapter. The extra step of attempting to open the adapter by calling MPR_OpenAdapter can cause unnecessary pauses when the PCAMPR driver is loaded. Removed the attempt to use PCAMPR driver. A by product of this change is that if using the PCAMPR driver you must also install the PCANDIS driver to support MacEnum. NOTE: Need to devise a way to eliminate need for PCANDIS driver if only the PCAMPR driver is being used... ATTENTION!!! Document MacEnum_OpenEnumerationEx( MacEnumFilterForPCANDIS ); 10.) Made initial modifications to adapt drivers for 64-bit platform. Added support for thunking these calls from 32-bit application to 64-bit PCANDIS5.SYS and PCAMPR5.SYS drivers: W32N_OpenAdapter MPR_OpenAdapter W32N_MakeRequest W32N_MakePrivateRequest W32N_CloseAdapter This release does NOT support sending or receiving packets. Only applications tested were: EnumTest, Simple and BindList 32-bit applications. No testing yet with 64-bit applications. Testing was done only on AMD running Windows XP 64-Bit Extended edition V3790. This means that there COULD be residual alignment problems if run on Itanium-Bases systems. 11.) Modified OIDScope 32-bit MFC application to operate on 64-bit Windows. Key functional change was related to handling enums (such as NDIS_MEDIUM). The enum type has sizeof(INT), which is of different size on 32-bit and 64-bit Windows. Actually, the 32-bit alignment and 32-bit size _should_ work just fine... However, OIDScope is based on the use of IOCTL_NDIS_QUERY_GLOBAL_STATS and it appears that 64-bit NDIS does a ProbeForRead for 64-bit alignment as part of its user buffer validation. This is, IMHO, a bug. The probe should be for 32-bit alignment for a 32-bit caller who specifies a 4-byte InformationBufferSize and should be for 64-bit alignment for a 64-bit caller. To accomodate this (apparent) bug in 64-bit NDIS handling of enums it was necessary to change a handfull of variables to be of type _int64. 12.) Modified NDIS 4.X and NDIS 5.X protocol drivers to provide preliminary support for simplified OEM renaming. 12.1) Drivers (excluding VxD) now fetch ServiceName from tail of RegistryPath passed to DriverEntry. By default the ServiceName is used for the ProtocolName and for the SymbolicLink name. In addition, the registry is also read for overrides to the default ProtocolName and SymbolicLink name. 12.2) Removed logical, but unnecessary, NAME string definitions from these headers: NDISHAPI.h MPRHAPI.h OEMNAMES.h With this release the W32N50 DLL does _NOT_ yet utilize these features. W32N50 DLL will be modified in the next release. When this is done there will be a simplified OEM renaming procedure that, if followed by OEMS, will eliminate runtime component conflicts. ====================================================================== Rawether Version : 5.03.16.56 Build.Revision : 1656.0 Release Date : 9/23/03 New PreFast tool introduced in Windows DDK Build 3790 identifed a few defects. The uninitialized variable of Item 1.) should be fixed of course. The other two items could not have caused any actual problem. 1.) d:\PCADev\Rawether\1655\pcandis-sys\READ.C (514): warning 1: Using uninitialized memory 'nBytesToReturn'. FUNCTION: LOWERReceiveHandler (356) FIX: Read.c Line 370 was (Build 1655): ULONG nBytesToReturn, nBytesToTransfer; Read.c Line 370 should be (Build 1656): ULONG nBytesToReturn = 0, nBytesToTransfer; 2.) d:\PCADev\Rawether\1655\pcandis-sys\PROTODEV.C (311): warning 246: Local declaration of 'pW32NPacket' hides declaration of the same name in an outer scope: see previous declaration at line 300 of d:\PCADev\Rawether\1655\pcandis-sys\PROTODEV.C. FUNCTION: W32N_CloseAndFreeOpenContext (284) FIX: Protodev.c Line 300 was (Build 1655): PW32N_PACKET pW32NPacket = NULL; Protodev.c Line 300 should be (Build 1656): Delete declaration at line 300... 3.) d:\PCADev\Rawether\1655\pcampr-sys\PROTODEV.C (349): warning 246: Local declaration of 'pMPRBuffer' hides declaration of the same name in an outer scope: see previous declaration at line 338 of d:\PCADev\Rawether\1655\pcampr-sys\PROTODEV.C. FUNCTION: W32N_CloseAndFreeOpenContext (311) FIX: Protodev.c Line 338 was (Build 1655): PMPR_PACKET_BUFFER pMPRBuffer = NULL; Protodev.c Line 338 should be (Build 1656): Delete declaration at line 338... 4.) Updated W32NDIS.h with OIDs and structures for Wi-Fi Protected Access (WPA). Also updated OIDScope and NDIScope with WPA OIDs. 5.) Fixed bug that surfaced when running Rawether over Agnitum Outpost Firewall. The bug was that a BSOD occurred immediately. :-( Bug occurs during the MacEnum adapter enumeration phase specifically at the point where a VERY QUICK adapter open/close sequence is performed to confirm that the adapter actually exists. An initial superficial fix was made that simply insures that there is a minimum interval between any adapter open and the subsequent close. This was accomplished by adding Sleep(5) in W32N_CloseAdapter before dispatching to the actual close adapter routines. This fixed the apparent problem. On looking a little deeper the real cause of this bug was found in the PCANDIS driver. Specifically, as soon as NdisOpenAdapter completes a _sequence_ of automatic queries is _started_ to fetch standard information (frame sizes, etc.). On "real" adapters these queries always (apparently) complete _before_ one can make the quick close adapter call. However, with Outpost installed these queries take longer to complete (different timing behavior...). As a result the close adapter call _can_ be made while some of the autoqueries are still in progress. Made a change in the driver LOWERRequestCompleteHandler (in request.c) to verify that the adapter context was still valid. If not, simply return. This effectively stops the auto-query chain and prevents the BSOD. 6.) Fixed bug in driver BPF update logic. Now protect updating the BPF program with spin lock. Lack of this synchronization mechanism caused problems when applications changed the BPF frequently after packet reception had been started. 7.) Additional sanity checks for adapter close in progress when handling request, send and receive IRPs. 8.) Fixed bug where W32N_CloseAndFreeOpenContext was called at IRQL < PASSIVE_LEVEL (spin lock held) leading to an occasional bugcheck when NdisFreeSpinLock was called. This fix included removing the call to RemoveEntryList from within the W32N_CloseAndFreeOpenContext function. Now call RemoveEntryList immediately BEFORE making call to W32N_CloseAndFreeOpenContext. Made additional changes so W32N_CloseAndFreeOpenContext was no longer called with spin lock held (two places in protodev.c). 9.) Made changes to MPR driver to provide "better real-time responsiveness". Can now set read timeout value to lower values. 9.1) Eliminated hard-coded timer interval that prevented small read timeout values from having an effect. 9.2) Now do not return empty "keep-alive" MPR buffer when idle timer expires. Buffer must have at least one packet. 10.) Replaced use of NdisAllocateMemory with NdisAllocateMemoryWithTag. Tags are: PCAMPR : 'MacP' Display as "PcaM" PCANDIS: 'ZacP' Display as "PcaZ" 11.) In request.c IoFreeMdl was called instead of UTIL_UnlockAndFreeMdl. The net effect of this bug is that in some request paths/conditions a call to MmUnlockPages was not performed. This resulted in a rare bugcheck PROCESS_HAS_LOCKED_PAGES. 12.) Made changes to NDIScope application to accomodate obscure "requirement" that NDIS requests must have at least one byte in the InformationBuffer. I have never seen this "requirement" in the DDK. However, it does make a difference in the context of 802.11. Traditionally when making NDIS requests to query information one can "probe" for the required buffer size by passing a zero-length buffer as the InformationBuffer. The expected return in this case is: NDIS_STATUS_INVALID_LENGTH NDIS_STATUS_BUFFER_TOO_SHORT One then uses the returned BytesNeeded value to determine the required size for a subsequent "real" query. This doesn't work for some 802.11 queries. Using this technique to probe for the needed size for OID_802_11_BSSID_LIST returns: NDIS_STATUS_RESOURCES An apparent solution for this is to pass a small dummy buffer (e.g. pointer to a ULONG) instead of an empty buffer. In this case the status returned for this query is one of the two expected values and the actual size needed can be determined. This user-mode fix also has another benefit. It eliminates a BSOD that can occur when blindly making some implementation-specific queries on 802.11 adapters. ATTENTION!!! It is also understood that this "requirement" applies to NDIS requests to set information. For example OID_802_11_BSSID_LIST_SCAN is used to start a list scan and actually has no requirement to pass any data with the request. Even so, the request can fail with status NDIS_STATUS_RESOURCES unless at least one byte is passed in the InformationBuffer when making this request. 13.) MacEnum bug fix first seen on Windows Server 2003. When this bug is encountered the MacEnum adapter enumeration functions will return an empty adapter list or an adapter will be missing from the list. During the adapter enumeration process (and before the PCANDIS driver is actually loaded) the MacEnum functions perform various sanity checks in an attempt to insure that each adapter can, in fact, be successfully opened by the PCANDIS driver. One of these checks is to use IOCTL_NDIS_QUERY_GLOBAL_STATS to attempt to fetch OID_WAN_CURRENT_ADDRESS. It the query is successful, then we know that this is a WAN adapter that can't be opened by PCANDIS. On some Windows Server 2003 systems this check works as expected and in the same manner as on earlier Windows versions. HOWEVER, on some Windows Server 2003 systems this query is (partially) successful. The query return value is ERROR_SUCCESS. In this instance, however, the number of bytes returned is zero. Un Build 1655 the return byte count was not checked. Fix is to check returned byte count when DeviceIoControl returns ERROR_SUCCESS. If returned byte count is zero, return ERROR_INVALID_FUNCTION to the caller. This is done in three places in the W32N50 DLL: NTEnum.cpp - MacEnum_IoctlNdisQueryGlobalStats_A NTEnum.cpp - MacEnum_IoctlNdisQueryGlobalStats_W W32N50.cpp - W32N_IoctlNdisQueryGlobalStats W32N50.cpp - W32N_IoctlNdisQueryGlobalStatsW 14.) In LOWERReceiveHandler now use Dpr spin lock functions since the routine is always called at IRQL DISPATCH_LEVEL. 15.) Made small bug fix in C# version of NDIScope. Did not catch the OpenAdapterFailedException (because it never failed...). System default exception message was (safely) displayed when adapter could not be opened. Now catch that exception in OnAdapterProperties and OnSendPacket in NDIScopeDlg.cs. A message box is now displayed instead of the default unhandled exception message. 16.) Academic change to bytes read when reading packet using W32N_ReadPacket. Now properly set IoStatus.Information in LOWERTransferDataCompleteHandler. This has no known effect since direct I/O is used for packet reads and bytes read is not checked. ====================================================================== Rawether Version : 5.03.16.55 Build.Revision : 1655.0 Release Date : 2/19/03 This is a minor update to Rawether for Windows. If you are not experiencing problems with the previous Rawether version or do not need the new features provided in this release it is advised that you stay with the version you are currently using. 1.) BUG FIX: Backed out fix introduced in V5.01.14.52 intended to fix a problem with some RealTek-based adapters specifically on Windows 2000. The fix made in V5.01.14.52 was not correct and inadvertantly caused problems with other adapters. The original offending adapter (subject of V5.01.14.52 fix) was identified as an SMC EtherEZ 8416. An adapter that had a problem with the old fix was RealTek RTL8019. Fix that was backed out is described in item 12.5) in the V5.01.14.52 release notes. This version was tested successfully on both ot the problem adapters. 2.) FUNCTIONAL CHANGE: Backed out another change introduced in V5.01.14.52. This change has not caused any bugs. However, it did interfere with at least one customer's miniport communication mechanism where a private NDIS set information request did double-duty and also returned information. The change that was backed out was zeroing of the InformationBuffer within W32N50 dll before passing the request to the PCANDIS driver. See item 4.1) of the V5.01.14.52 notes. 3.) ADDITIONAL SAMPLE: Added skeleton NDIS 5.0 Notify Object for installing PCANDIS5.SYS. Includes sleleton property page dialog viewable under Network Control Panel if driver is installed using .INF file. Adapted from PassThru NDIS IM driver notify object. 4.) ADDITIONAL SAMPLE: Prototype version of NDIScope for the .NET Framework. Includes: 4.1) Managed C++ extension DLL that wraps most of the WinDis 32 API. 4.2) Managed C# DLL that further simplifies use of the WinDis 32 API. 4.3) NDIScope application written in C# using Winforms. 5.) BUILD ENVIRONMENT: Began gradual transition to Visual Studio .NET (VC++ 7.0) for building Win32 user mode components. No released components are built using VS .NET in this release. However, trial builds of selected applications and the W32N50 DLL were made without a problem. The Build Environment for Rawether as of this release is: User Mode Applications - VC++ 6.0 --------------------------------- This is the build environment used by users of the Rawether SDK. Applications that use the WinDis 32 API can be built using either VC++ 6.0 or VS .NET as 'C' or C++ applications. W32N50 DLL - VC++ 6.0 --------------------- Same as always... PCANDIS3 VxD - VC++ 6.0 and VtoolsD ----------------------------------- Same as always... PCANDIS4 SYS - VC++ 6.0 and Windows NT 4.0 DDK ---------------------------------------------- Same as always... PCANDIS5 SYS - Windows 2000 build environment from Windows XP DDK ----------------------------------------------------------------- Now use latest DDK build environment that supports Windows 2000. 6.) OTHER MODIFICATIONS: Modifications to simplify (to some extent) building Rawether OEM versions. 6.1) Added new OEMNAMES header file. Edit OEMNAMES.h with desired OEM name string definitions and then #define USE_OEMNAMES before including ndishapi.h and mprhapi.h. The preprocessor will then use strings in OEMNAMES.h instead of the default string definitions in ndishapi.h and mprhapi.h. 6.2) Modified VxD header file pcandis3\pcandis3.h to fetch TRANSPORT_NAME string from ndishapi.h instead of being defined in the local header. 6.3) Modified VxD header file pcampr3\pcampr33.h to fetch TRANSPORT_NAME string from mprhapi.h instead of being defined in the local header. 6.4) Modified REVerify application to use strings defined in include files instead of hard-coded strings. This also required modifying windis.h to define strings for W32N50 DLL names. 6.5) Modified W32N_CloseAdapterNT function in W32N50.cpp DLL to use strings defined in include files instead of hard-coded strings. ====================================================================== Component Version : 5.03.16.54 Release Date : 4/26/02 1.) By popular demand, added MPR support for Windows 9X/Me. New driver is PCAMPR3.VXD. ====================================================================== Component Version : 5.02.15.53 Release Date : 4/19/02 1.) Moved definition of W32N_NDIS_REQUEST structure from W32NDIS.h to NdisHApi.h. This allows W32NDIS.h to be shared between multiple projects. 2.) In W32NDIS.h, updated NDIS_STATUS definitions to match Windows XP DDK definitions. 3.) Modified UpdateAdapterDescription() function in the Simple application to allocate extra bytes when probing for size of string to be returned by OID_GEN_VENDOR_DESCRIPTION. This was to accomodate behavior observed on Windows 2000 where Microsoft Packet Scheduler modifies the lower adapter's vendor description. Also added self-protection for SMC EtherEZ, mentioned below. 4.) Certain adapter/miniport/Windows version combinations have been reported to have problems with PCAUSA sample drivers. The one reported most often is: SMC EtherEZ 8416 (Realtek-based, ISA, Combo card) Windows 2000 SP1 Driver V3.12.0.0 dated 10/19/1999 (From Windows 2000 CD) Another is a NE2000 driver on Windows 95. There is no reason to think that there aren't more out there. The most serious problem observed with this specific adapter/miniport/version combination is that it does not correctly set the BytesWritten field in the NDIS_REQUEST structure when queries are completed. In some cases the BytesWritten field may be larger then the InformationBufferSize. If this case, if BytesWritten is used without sanity checking then a page fault can occur when accessing the information buffer. Made these changes to help eliminate faults when operating on adapters that exhibit this behavior: 4.1) Modified the NDIS request handlers in W32N50 DLL to force BytesWritten to be less-than-or-equal InformationBufferLength before returning query results to the caller. Modification made in the _W32N_MakeNdisRequest() handler in W32N50.CPP. All W32NDIS requests funnel through this common routine. Also modified this routine to zero the InformationBuffer before making NDIS query calls. Made similar modification in the PCANDIS drivers. Applications also need to be modified for self-protection from adapters with this behavior. For example, it the two-step "probing" bethod is used to size the buffer for a OID_GEN_VENDOR_DESCRIPTION query, an offending adapter may actually write past the end of the InformationBuffer. 5.0) Added new Wireless LAN Detector (WLANDetect) sample application. This illustrates using the MacEnum and Win32 NDIS API to automatically (and safely) detect the arrival and removal of a specific adapter without requiring user interaction. 6.0) Added new "Multi-Packet Read" (MPR) NDIS protocol driver (PCAMPR#.SYS) that offers significant performance improvement when monitoring 100Mbps Fast Ethernet and 1000Mbps Gigabit Ethernet networks. Companion "MPRead" application, similar to HookPeek APC version, illustrates using the the MPR NDIS protocol driver. Modified NDIScope StartCapture dialog to include Driver Option radio buttons that allow MPRead to be started when running on Windows NT or higher. 7.) Fixed bug associated with operating Rawether on Windows 2000 Terminal Server. See Microsoft Knowledge Base Article Q259131. ====================================================================== Component Version : 5.01.14.52 Release Date : 2/25/02 *** LIMITED EXTERNAL TESTING *** NOTE: This is a compatibility-level revision (13->14), meaning that previous versions of the PCANDIS# drivers and the W32N50.DLL are incompatible with the components in this release. Applications using the WinDis 32 API should be recompiled and re-linked using updated header files and libraries from the V5.01.14.52 SDK. 1.) Major improvement to adapter enumeration API provided by W32N50 DLL. An entirely new API has been developed which includes the following features: * Uses SetupDi API instead of registry mining to establish list of adapters. Only adapters that are actually present are listed. (Windows 98/ME/2000/XP only) * Enumeration includes listing of NDIS IM virtual adapters when present. * New API includes UNICODE support. The new "MAC Enumeration" API includes the following new functions exported from W32N50 DLL: MacEnum_OpenEnumeration MacEnum_CloseEnumeration MacEnum_GetFirstAdapterInfoHandle MacEnum_GetNextAdapterInfoHandle MacEnum_CloseAdapterInfoHandle MacEnum_QueryAdapterFriendlyName MacEnum_QueryAdapterNdisName Added new EnumTest sample application that illustrates use of the new MacEnum_XXX enumeration API. EnumTest may be compiled and will execute correctly using either the ANSI or the UNICODE character set on all Windows platforms. Modified NDIScope to use new Mac Enumeration API. The following adapter enumeration functions are still present in the new W32N50 DLL for compatibility reasons, but are depreciated (i.e., should not be used in new or updated products): W32N_GetAdapterRegistryInfo W32N_GetFirstAdapterRegistryInfo W32N_GetNextAdapterRegistryInfo W32N_GetAdapterRegistryInfoBySubkeyIndex W32N_GetAdapterRegistryInfoBySubkey 2.) Fixed W32N_OpenAdapter function to properly support UNICODE. Extended the new EnumTest application to illustrate use of W32N_OpenAdapter as ANSI or UNICODE. 3.) Modified NDIScope application to use new MacEnum_XXX adapter enumeration API. 4.) Revised IOCTL code definitions in NDISHAPI.H to use function codes starting with 2048 instead of 0. New definitions use range allowed for customers; previous definition incorrectly used range reserved for Microsoft Corporation. 5.) Fixed memory leak in W32N50 DLL. In W32N_IsOkToUnloadNT() routine, memory malloc'd to call QueryServiceConfig was never freed. 6.) Fixed problem with definition of PCANDIS5_DEVICE_NAME: WAS: #define PCANDIS5_DEVICE_NAME PCANDIS4_DEVICE_NAME_A SHOULD BE: #define PCANDIS5_DEVICE_NAME PCANDIS5_DEVICE_NAME_A 7.) Fixed handle leak in W32N_IoctlNdisQueryGlobalStats(). Forgot to call CloseHandle() on handle created to make IOCTL call. 8.) Made several fixes in W32N_OpenProtocolDriver95() of the W32N50 DLL. 8.1) W32N_OpenProtocolDriver95() routine to eliminate creation of misleading zero-length PCANDIS3.VXD file if PCANDIS3.VXD is not actually installed correctly. This involved adding an additional call to CreateFile with OPEN_EXISTING disposition to test for disk file existance followed by a second call to CreateFile with disposition CREATE_NEW to actually load the VxD (if the disk file existed...). 8.2) Improved error reporting from W32N_OpenProtocolDriver95(). In some cases related to a missing PCANDIS3.VXD file W32N_OpenAdapter() would fail but the reported error would be ERROR_SUCCESS (0). 8.3) The first call to CreateFile to open an already loaded PCANDIS3 VxD passed the wrong file name: WAS: PCANDIS5_BASE_NAME SHOULD BE: PCANDIS3_BASE_NAME This actually never caused a problem because subsequent logic would eventually load and open the VXD. 9.) Changed source code directory structure. These changes accomodate introduction of new Multi-Packet Read (MPR) drivers and DLL and also eliminate duplication of Windows NT/Windows 2000 driver sources. 9.1) Location of W32N50.DLL sources: WAS: \PCADev\WinDis5\DLL IS : \PCADev\WinDis5\W32N50 9.2) Location of PCANDIS4.SYS and PCANDIS5.SYS sources: WAS: \PCADev\WinDis5\PCANDIS4 and \PCADev\WinDis5\PCANDIS5 IS : \PCADev\WinDis5\PCANDIS-SYS \PCADev\WinDis5\PCANDIS-SYS\NTBuild - Build directory for PCANDIS4.SYS \PCADev\WinDis5\PCANDIS-SYS\W2KBuild - Build directory for PCANDIS5.SYS 10.) Modified NDIScope application: 1.) NDIScope adapter chooser list is wider so one can see more of the adapter's friendly name. 2.) In the StartCapture dialog added display mode options: * Verbose (Hex Dump) * Quiet (Statistics) 3.) Removed unused "Show Hidden Adapters" checkbox. 4.) On adapter Basic property page, changed Adapter Name from static text to read-only edit text. This allows use of the edit copy function to copy the long NDIS Adapter Name (a GUID on Windows 2000 and higher...). 5.) Added display of OID_GEN_MEDIA_CONNECT_STATUS to adapter Basic property page. 6.) Added support for OID_GEN_RCV_NO_BUFFER on 802.3 Statistics page. 7.) Added mechanism to display supported OID list for a specified adapter. Added button to adapter Basic property page. Added ZOIDInfo class in ZNdisAux module. 8.) Added mechanism to display supported WMI GUIDS list for a specified adapter. Added button to adapter Basic property page. 9.) Added dialogs that allow the user to select and OID supported by an adapter and make a NDIS query for information on the OID. 11.) Modified PCANDIS# driver sources to allow them to be built under the Windows XP Gold DDK. The Windows XP Gold DDK is a new DDK-specific compiler. Among other things, it treats all warnings are errors. This forced us to fix some long-standing typecast warnings - primarily in the BPF machine. NOTE: Although the PCANDIS5.SYS driver can now be build successfully under the Windows XP Gold DDK, the resulting driver is not needed. It could be used on the Windows XP platform but should _NOT_ be used on Windows 2000. One should continue to use the PCANDIS5.SYS driver built under the Windows 2000 DDK on both Windows 2000 and Windows XP. 12.) Several related modifications that fix a bug that surfaced primarily with some RealTek-based adapters. These adapters call ProtocolReceive handler with LookAheadBufferSize < PacketSize. However, they are actually indicating complete packets and do not have a MiniportTransferData handler. The way to detect this situation is to check the lower adapter's MAC options. If NDIS_MAC_OPTION_TRANSFERS_NOT_PEND is set, then ignore LookAheadBufferSize and do _NOT_ call NdisTransferData. 1.) Modified code in LOWERBindAdapterHandlerEx and LOWEROpenAdapterCompleteHandler so LOWERBindAdapterHandlerEx waits for NdisOpenAdapter to complete. 2.) In LOWERBindAdapterHandlerEx, after NdisOpenAdapter completes successfully, now call new StartLocalAutoQuery and associated functions to make a series of NDIS requests to query information about the lower adapter. In particular, fetch results for OID_GEN_MAC_OPTIONS. 3.) Implementation of the automatic query mechanism required changes to the INTERNAL_REQUEST structure to add fields that distinguish between locally-initiated requests and requests initiated by the Win32 application. The query mechanism also supports a per-request callback function for local requests. 4.) Modified LOWERRequestCompleteHandler to handle locally-initiated requests specially. 5.) Modified LOWERReceiveHandler to use the information in the OID_GEN_MAC_OPTIONS query result to insure that NdisTransferData is _NOT_ called if the lower miniport has set the NDIS_MAC_OPTION_TRANSFERS_NOT_PEND option. The primary motivation for these changes is a reported case where a miniport does not have a MiniportTransferData handler and sometimes reports LookaheadSize < PacketSize at the ReceiveHandler. This unfortunate condition causes NdisTransferData to be called when there is no MiniportTransferData handler. 13.) Streamlined ReceiveHandler processing for complete indication for PCANDIS4.SYS and PCANDIS5.SYS. Eliminated unnecessary allocation of NDIS_PACKET and NDIS_BUFFER in this case. 14.) Now handle NDIS_MAC_OPTION_COPY_LOOKAHEAD_DATA in ReceiveHandler per the NDIS specification. Actually, this requirement is probably of no interest except on non-Intel platforms... 15.) Provided a Rawether for Windows Installation Verification utility called REVerify. REVerify should be run from the same directory as the other applications that use the Win32 NDIS API. REVerify fetches information about the installed W32N50 DLL and the companion PCANDIS driver. A crude decision mechanism attempts to point out obvious problems. This utility is intended to be used during the product development phase when it is fairly common to forget to install one component or another. 16.) Provide a new "Multi-Packet Read" (MPR) packet collection driver. Where the standard PCANDIS driver makes one read for each reacived packet, the PCAMPR driver is provided with multiple read buffers and each read buffer can be filled with multiple packets. The PCAMPR drvier is intended to support packet collection on higher-speed networks that are flooded with runt (short) packets. See the URL . The new MPR drivers currently only support Windows NT 4.0 and higher. They do not currently support Windows 95/98/ME. 17.) Added new RxSimple sample application. The purpose of this application is to illustrate, as simply as possible, the mechanics of receiving packets using the asynchronous procedure callpack (APC) method. Unlike the more sophisticated HookPeek application, RxSimple code is in a single module and does not use multiple threads. Even so, it does illustrate receiving concurrently on multiple adapters. ====================================================================== Component Version : 5.01.13.51 Release Date : 4/06/02 *** LIMITED EXTERNAL TESTING *** 1.) Release of PCANDIS3.VXD with test fix for problems opening DISABLED adapters on Windows 98 SE. There are some situations where NdisOpenAdapter is successful BUT the adapter is not actually present. This problem is most widely reported on Windows 98. An adapter that has been operating OK in the workstation is DISABLED using the Device Manager component of the Control Panel. If W32N_OpenAdapter is called after the adapter is disabled then NdisOpenAdapter succeeds. HOWEVER a fault is generated later (often when the adapter is closed...). The code fix uses undocumented NDIS structures to perform additional verification tests on the handle returned fromNdisOpenAdapter. These checks detect the case where NdisOpenAdapter is successful but the adapter is not actually present. This fix does _NOT_ accomodate all situations where NdisOpenAdapter can cause a fault on Windows 98. For example, there is a small interval during the initialization of a PC Card adapter (e.g., insertion) where a call to NdisOpenAdapter can cause a fault (within NDIS). This separate problem is seen by software that is written to poll using W32N_OpenAdapter to detect the arrival (insertion) of a PC Card adapter. ====================================================================== Component Version : 5.00.13.50 Release Date : 04/23/01 1.) Modified HPCtrl.c HP_StartPromiscuousReception to fallback to NDIS_PACKET_TYPE_ALL_LOCAL if setting NDIS_PACKET_TYPE_PROMISCUOUS fails. This allows Rawether to support 802.3 Wireless adapters such as the LinkSys WPC11. 2.) Removed orphan ASSERT from NDIScope ZAdapterRegistryInfo::Create in ZRegInfo.cpp. 3.) Fixed bug NDIScope application in handling of power broadcast messages. This bug caused NDIScope to fail with "unknown" error when operating on Windows Me with some power management BIOS implementations. The fault was specifically noted on a HP5195 notebook running Windows Me. a.) CAdapterSheetNT class OnPowerBroadcast member function had wrong prototype. Was returning BOOL; should be LRESULT. b.) OnPowerBroadcast called base member function incorrectly. Base function should not be called. In addition, modified OnPowerBroadcast to close the property page when the system enters SUSPEND or STANDBY. This involved adding a simple OnClose member to the CAdapterSheetNT class. Changes are in NDIScope AdapterSheetNT.cpp module and associated header. 4.) Fixed bug in HookPeek application that caused multiple appended BPF programs to be concatenated incorrectly. This bug could be seen by starting HookPeek from NDIScope setting Selected IP Protocols to be TCP, UDP and ICMP then starting a PING. The PING packet would not be captured. The bug was in the _TPF_BPFProgramAppend routine in the Common\TPFilter.c module at line 376. WAS: pBPFProgram->bf_len = nOldBPFInstructionsLen + nNewBPFInstructionsLen; SHOULD BE: pBPFProgram->bf_len = nOldBPFInstructionsLen + nNewBPFInstructionsLen - 1; 5.) Accomodated a change in the query results for OID_GEN_VENDOR_DESCRIPTION when running on Windows XP Beta 2. The results are now a concatenation that starts with the lowest adapter vendor description with additional information added by higher-level NDIS IM drivers such as Microsoft's Packet Scheduler. The result is a very long vendor description string that overflows the HookPeek fixed-length 80-character buffer reserved for the vendor description. As a result, the Description displayed by HookPeek for some adapters as "Unknown", although HookPeek operates correctly in other respects. Modified the code in HP_UpdateAdapterDescription, found in the Common\HPCtrl.c module, to accomodate this new behavior. The new code first fetches the long vendor descrion string into a larger temporary buffer. It then copies the long vendor description string into the 80-character buffer while simultaneously compressing multiple sequential space (' ') characters. The resulting string is human-readable, and fits in the original 80-character buffer. 6.) Found and fixed bugs reported by Windows XP Driver Verifier (DV): 6.1) Did not call IoCompleteRequest before returning from PCANDISDeviceOpen, from PCANDISDeviceClose or from PCANDISDeviceCleanup. 6.2) Now use MmGetSystemAddressForMdlSafe instead of MmGetSystemAddressForMdl when building for NDIS50 or NDIS51. Changes made in ProtoDev.c, Read.c, and Request.c. Making this change introduces new error-handling paths that must be constructed and verified. Use the DV Low Resource Simulation to force the new errors to occur. 6.3) DV identified some cases where an IRP was marked as pending using IoMarkIprPending, but status other then STATUS_PENDING was returned. Fixed those. 7.) The modifications of 6.) above are such that under low resource conditions the HookPeek application can expect to see resource errors when attempting to restart a packet read in the HandleReadComplete routine. ATTENTION!!! Consider adding a mechanism to retry receive restarts when ERROR_NO_SYSTEM_RESOURCES is returned. 8.) The W32N50 DLL uses a named memory file mapping to share some information between multiple instances of the DLL. This has been trouble free except in one case: when 1.) the DLL is initially loaded by a service and 2.) a subsequent attempt is made to load the dll by an ordinary application. In this situation the load by the service used NULL as the DACL - which specified the default security descriptor for the service. Subsequent load by the ordinary application would fail the file mapping because its default security descriptor was different from that of the service. Modified the file mapping creation to use a null DACL as the security descriptor - thus granting everyone access to the named file mapping. Also added exception handling around access to shared memory - as recommended by Microsoft. 9.) Modified W32N50.DLL to use ReadFile & WriteFile instead of IOCTL_PCANDIS_PACKET_READ_EX & IOCTL_PCANDIS_BUFFER_SEND_EX DeviceIoControl calls for Windows NT and Windows 2000. This eliminates unnecessary code path in these drivers. Change tested using HookPeek "Wait" version. 10.) Revised the "Simple" application. Now illustrates getting media connect status. Other cleanup in this sample. ====================================================================== Component Version : 5.00.13.49 Release Date : 10/16/00 1.) Revised PCANDIS4.SYS and PCANDIS5.SYS build to use precompiled header. 2.) Revised PCANDIS5.SYS build to use NDIS_WDM and BINARY_COMPATIBLE C_DEFINES. This results in a binary compatible driver that can be used, at least partially, on Windows 98 and Windows Me. Unfortunately, the W32N_PacketRead mechanism does not work correctly and will require some revision. These revisions are defered until a subsequent release. Some minor modifications to W32N50.CPP were required to accomodate testing of PCANDIS5.SYS under Windows 98 and Windows Me. Use of PCANDIS5.SYS on Windows 98 and Windows Me is experimental only. ====================================================================== Component Version : 5.00.13.48 Release Date : 10/12/00 *** BETA 2 RELEASE *** 1.) In W32N50 DLL, improved construction of cTitle field for Windows NT and Windows 2000. If no Title is found in the registry it is now constructed by prefixing the cDescription field with the Subkey enumerator enclosed in square brackets. 2.) Added NdisMedium1394 to NDIS_MEDIUM array in W32Ndis.h. This change extends the length of the array and will require recompilation of applications to be safe. 3.) Added RTPlus (Registry Test "Plus") sample that illustrates use of new W32N_IoctlNdisQueryGlobalStats() function now exported by W32N50 DLL. 4.) In W32N50 DLL, significantly revised the Service Control Manager calls used to dynamically load the PCANDIS#.SYS. These modifications now provide two simple ways to allow a non-Administrator user to use the PCANDIS#.SYS driver: A.) An Administrator can set the PCANDIS#.SYS driver to Automatic Start. If this is done, the driver will be started automatically at system startup time and continue running (loaded, but idle) until the system is shutdown. Since the driver is always, loaded non-Administrators can open and use the driver. B.) An administrator can set set the PCANDIS# Security DACL to allow the driver to be loaded (started) by non-Administrator users. If this method is used the PCANDIS#.SYS driver can be dynamically loaded (started) and unloaded (stopped) instead of being always running. A new utility, PCANUser, is provided to illustrate how to set the PCANDIS#.SYS Security DACL to allow non-Administrator users to load and unload the driver. 5.) Added minimal PnP handler to PCANDIS5.SYS. 6.) Minor rework to PCANDIS4.SYS and PCANDIS5.SYS source and header files. Now both drivers are build from the same codebase with differences controlled by SOURCES file and #ifdef NDIS50 pre-processor variable. In SourceSafe there is source and header files are shared. 7.) In HookPeek APC version, now use _beginthreadex instead of CreateThread to start send and receive threads. This is the proper method since both the send and receive threads use the CRT library. This is a minor fix since, according to KB ID Q104641, all the functions used in the send and receive threads should work correctly if CreateThread is used; at mose, there may have been a small memory leak when the threads were terminated. ====================================================================== Component Version : 5.00.13.47 Release Date : 09/21/00 *** BETA 1 RELEASE *** 1.) The W32N_MakeNdisRequest API call did not properly return the BytesNeeded field of the NDIS_REQUEST in the case of "normal" errors, such as NDIS_STATUS_INVALID_LENGTH. This was caused by logic errors in the PCANDISx drivers that simply did not copy the BytesNeeded field to the caller's W32N_REQUEST if the NdisRequest was not successful. Modified the SIMPLE test application to demonstrate two-step query mechanism that depends on BytesNeeded/BytesWritten. 2.) In HookPeek IOCP sample, line 976. Incorrect test on handle: WAS: if( g_hSendThread ) SHOULD BE: if( g_hReceiveThread ) 3.) Fixed definition of HighestAcceptableMax in PCANDIS4 and PCANDIS5 drivers. Now is an extern declared in PCANDISx.H with implementation in PCANDISx.C. 4.) Removed duplicated code that infiltrated RAWLOWER.C and REQUEST.C for PCANDIS4 and PCANDIS5 drivers. 5.) Improved handling of suprise removal (e.g., PC Card eject) of adapters on Windows 2000. A page fault was generated on suprise removal without these changes. The most important change was adding more systematic checking of information which is saved in Win32 FileObject fields. In addition, now cancel pending reads when supprise removal occurs. These changes are applied to PCANDIS4.SYS and PCANDIS5.SYS. 6.) Fixed bug in Apps\Common\HpTxUtil.c HP_Create802_3SendPackage function. The sanity check on received frame size should be performed BEFORE that call to malloc the SendPackage. This bug would not show up using HookPeek, because it always passed a nDataSize value which would pass the sanity check. However, if one attempted to allocate a SendPackage with nDataSize greater then PACKET_BUFFER_SIZE (1500 bytes or so...), then the check would fail. The result would be a memory leak since the undersize SendPackage would not be freed. 7.) Modified W32N_MakeNdisRequest and W32N_MakePrivateRequest to eliminate 512 byte limitation on InformationBuffer length. In new implementation the driver probes and locks Win32 applications InformationBuffer instead of using the fixed-size RequestBuffer field of the W32N_REQUEST structure. 8.) Revised PCANDIS5 to be an actual NDIS 5.0 protocol driver. Actually, this doesn't mean much except that the code is compiled with NDIS50 defined instead of NDIS40. This define does change a few structure definitions. For example, the NDIS 5.0 NDIS_REQUEST structure has additional fields not present in the NDIS 4.0 NDIS_REQUEST structure. PCAUSA does NOT employ a ReceivePacketHandler because WinDis 32 primarily operates in promiscuous mode. ReceivePacketHandler is NOT called for protocols operating in promiscuous mode. See PCAUSA Knowledge Base article KB07130001. At this point the PCANDIS4.SYS and PCANDIS5.SYS codebase diverges. In V5.00.13.46 and lower, the PCANDIS4.SYS and PCANDIS5.SYS code was virtually identical with the primary (and essential) difference between the two drivers being the build environment. 9.) Simplified packet sequence number arithmetic for Windows NT and Windows 2000 drivers. Now use ExInterlockedAddLargeStatistic instead of NdisInterlockedAddUlong. 10.) Added optional high resolution timestamp facility. With high resolution timestamp mode selected time is fetched using these kernel mode functions: Windows NT -> KeQueryPerformanceCounter Windows 9X -> VTD_Get_Real_Time The low resolution timestamp (default) is compatible with V5.00.13.46 and prior. With low resolution timestamp mode selected time is fetched using these kernel mode functions: Windows NT -> NdisGetCurrentSystemTime Windows 9X -> Get_System_Time Selection of the timestamp mode is performed using a new WinDis 32 API function called W32N_SetTimestampResolution which is exported from the W32N50 DLL. Use of this function is illustrated in the HookPeek APC sample. An additional timestamp support function called W32N_GetTimestampInformation is also provided. This function provides a standard method for fetching the timestamp frequency. The use of this function is illustrated in the HP_DisplayReceivedPacket function in the HPRxUtil.C module. 11.) Added W32N_IoctlNdisQueryGlobalStats to W32N50 DLL. This function uses the IOCTL_NDIS_QUERY_GLOBAL_STATS to query NT MAC device global statistics without using the WinDis 32 Protocol driver. This can be useful in determining the media, etc. when presenting the WinDis 32 adapter chooser. This function only works on the Windows NT and Windows 2000 platforms. It is NOT avaialble on Windows 9X. 12.) Made improvements to the registry enumeration methods. Bacause of some bugs in Windows 2000 BETA NDIS MAC drivers, PCAUSA implemented some functions in an unnecessarily complex manner that also had an undesirable side effect of displaying inactive adapters. This was confusing because the NDIScope Adapter Chooser listed some adapters that couldn't actually be accessed. These changes involved making improvements to these functions that are exported by W32N50 DLL: W32N_GetNetCardRegistryPath W32N_GetAdapterRegistryInfo W32N_GetFirstAdapterRegistryInfo W32N_GetNextAdapterRegistryInfo W32N_GetAdapterRegistryInfoBySubkeyIndex W32N_GetAdapterRegistryInfoBySubkey In addition, code in the NDIScope ZRegInfo.CPP, ChooseAdapterDlg.CPP and AdapterSheetNT.CPP modules were simplified. To the extent possible these changes should be compatible with WinDis 32 applications developed using the V5.00.13.46 framework. 13.) In WinDis 32 V5.00.13.46 and prior named shared memory is used in two situations to control behavior when there are two or more WinDis 32 applications concurrently running: a.) The first instance of the HookPeek application is allowed to set the NDIS packet filter to a non-zero value by calling the HP_StartPromiscuousReception() function. The last instance of the HookPeek application to exit will set the NDIS packet filter to zero by calling the HP_StopReception() function. b.) The first application to run will dynamically load the PCANDISx NDIS protocol driver (if necessary) and the last application to exit will dynamically unload the PCANDISx NDIS protocol driver. 14.) Executables now built using Microsoft Visual C++ 6.0 instead of 5.0. 15.) Windows 2000 driver built under Windows 2000 SP1 DDK. 16.) In WinDis 32 source code directory tree, release executables are now under Bin\ProgramFiles and Bin\SystemFiles. Any executables directly under Bin should be deleted. These files are for reference only. It is NOT intended that NDIScope or HookPeed should be executed from the Bin or Bin\ProgramFiles directory. ====================================================================== Component Version : 5.00.13.46 Release Date : 10/25/99 1.) In PCANDIS4.SYS and PCANDIS5.SYS, read.c module, eliminated superflous "bpf_filter returned: " DbgPrint message from release version. Singe generation of DbgPrint messages is actually costly, removal of this unnecessary message may actually improve performance IF you are using the BPF feature. (The message is not generated if you are not using the BPF feature...) 2.) Bug fix for PCANDIS3.VXD. In W32N_MakeRequest() and LOWERRequestCompleteHandler(). In W32N_MakeRequest(), the routine sometimes did not return PENDING when it should have. In LOWERRequestCompleteHandler(), the routine sometimes did not recycle resources when it should have. The net result was a memory leak that showed up on some adapters if the Win32 W32N_MakeNdisRequest() function was used continuously either rapidly for short periods of time or continuously for long periods of time. The bug has been there for YEARS... 3.) Fix related to compilation of PCANDIS3.VXD. Changed arguments to UTIL_LargeIntegerIncrement() to use LARGE_INTEGER * instead of PLARGE_INTEGER. This is to accomodate a missing typdef of PLARGE_INTEGER that was omitted in a recent version of VtoolsD that comes with the new NuMega DriverStudio product. 4.) Several small enhancements to W32N50 DLL. These should not effect applications built to the previous WinDis 32 API version. 4.1) W32N_GetAdapterRegistryInfo now saves Windows 95 Enumerator in cServiceName field. This allows Windows 95 AdapterName to be constructed using information from W32N_ADAPTER_INFO field. 4.2) Added W32N_GetNetCardRegistryPath function. 4.3) Added W32N_GetFirstAdapterRegistryInfo/W32N_GetNextAdapterRegistryInfo enumeration functions. 4.4) Also added supporting functions W32N_GetAdapterRegistryInfoBySubkey and W32N_GetAdapterRegistryInfoBySubkeyIndex. 5.0) Created RegTest, a (very) small console test application, to illustrate use of new W32N_GetFirstAdapterRegistryInfo/W32N_GetNextAdapterRegistryInfo functions. 6.0) Created Simple, a (very) simple console test application, to illustrate the basic mechanics of using the WinDis 32 API to open and close an adapter and to use the W32N_MakeNdisRequest function to gather statistics from an adapter. ====================================================================== Component Version : 5.00.13.45 Release Date : 6/9/99 NOTE 1.): This is a compatibility-level revision (12->13), meaning that previous versions of the PCANDIS drivers and the W32N50.DLL are incompatible with the components in this release. See the important change note concerning NDIS protocol driver renaming below. This will require customers to install drivers with different names for all platforms and possibly remove drivers that are no longer referenced. Sorry!!! Thank Bill... NOTE 2.): Includes fixes of V5.00.12.44 1.) WinDis 32 V5.00.12.40 introduced some modifications to accomodate Windows 2000. At the time it was thought that a single NDIS protocol driver could be used for both Windows NT 4.0 and Windows 2000. This is "almost" true. The primary motivation for the change described below is that the change introduced in WinDis 32 V5.00.12.40 appears NOT to work correctly on MP machines. At this time it appears that a better design is to provide separate drivers for Windows NT 4.0 and Windows 2000. Initially, the only difference between the two drivers is that the Windows NT 4.0 driver is built under the Windows NT 4.0 DDK and the Windows 2000 driver is built under the Windows 2000 DDK. It is expected that the code may diverge more significantly in future releases. This version introduces the following NEW driver naming conventions: OLD NAME NEW NAME PLATFORM BUILD ENVIRONMENT PCANDIS5.VXD PCANDIS3.VXD Windows 9X VtoolsD PCANDIS5.SYS PCANDIS4.SYS Windows NT 4.0 NT 4.0 DDK - NONE - PCANDIS5.SYS Windows 2000 Windows 2000 DDK This change requires an associated change to the W32N50 DLL, but does NOT change the WinDis 32 programming interface. 2.) In PCANDIS5.SYS driver, include code to conditionally use NdisSendPackets() instead of NdisSend(). Use of these NdisSendPackets/NdisSend functions can be controlled at compile time using the USE_NDIS_SEND_PACKETS preprocessor definition. Default build is to use NdisSend(). 3.) Added new PCARmDrv.EXE program to be used, if necessary, during development to call the Windows NT Service Control Manager to Stop and Remove PCANDIS driver registry entries under certain unusual conditions. ====================================================================== Component Version : 5.00.12.44 Release Date : 6/4/99 *** INTERNAL AND SELECTED OEM TESTING ONLY *** 1.) Fixed bugs in PCANDIS5.SYS for W32N_PacketSend and W32N_PacketSendEx that resulted in a BSOD when the driver could not allocate resources required to perform the send. This bug occurs when sends are used heavily, as they were in OEM_568's product. 2.) In PCANDIS5.SYS and PCANDIS5.VxD drivers, removed test code controlled by ALWAYS_USE_NDIS_TRANSFER_DATA preprocessor statement. This test code should never be used. ====================================================================== Component Version : 5.00.12.43 Release Date : 5/18/99 1.) In W32N50.DLL, fixed bug in return code from W32N_PacketSendEx() on the NT platform. This value is not ckecked in the HookPeek samples. If it had been, it would have returned the incorrect value. ====================================================================== Component Version : 5.00.12.42 Release Date : 4/15/99 *** PRIVATE BUILD *** 1.) Private build for OEM No. 549. W32N_REQUEST_BUFFSIZE set to 0x3E00. ====================================================================== Component Version : 5.00.12.41 Release Date : 4/13/99 *** INTERNAL USE ONLY *** 1.) Fixed bug in W32N50 DLL that caused W32N_IsWindowsNT() to return FALSE incorrectly when actually running on Windows NT. The bug was dependent on the order of calling W32N_IsWindows95() and W32N_IsWindowsNT() by user applications. Specifically, the error occured if W32N_IsWindows95() was called by a user program before calling W32N_IsWindowsNT(). ====================================================================== Component Version : 5.00.12.40 Release Date : 4/11/99 1.) Modifications to accomodate Windows 2000 Beta 3, RC1: 1.1) Modified PCANDIS5.SYS to used NdisFreePacket function exported by NDIS library instead of using NdisFreePacket MACRO defined in NDIS.H. On Windows 2000 B3RC1 the MACRO is no longer functionally equivalent to the NDIS library function. This caused NdisAllocatePacket to fail. The observed failure was that WinDis 32 stopped receiving packets after 32 packets had been received. 1.2) Modified W32N50.DLL registry search routines for NT to use new NT keys introduced in Windows 2000 B3RC1. Windows NT versions prior to Windows 2000 B3RC1 used the "Desctiption" key (like NT 4.0). Windows 2000 B3RC1 introduced use of the "DriverDesc" key, like Windows 9X. The observed failure was that NDIScope displayed all adapter descriptions as "Unknown". ====================================================================== Component Version : 5.00.12.39 Release Date : 1/14/99 1.) Release of WinDis 32 V5.0. ====================================================================== Component Version : 5.00.12.38 Release Date : 1/11/99 *** INTERNAL AND SELECTED OEM TESTING ONLY *** 1.) Renamed all supporting WinDis 32 V5.0 components so there will be no conflict with existing WinDis 32 V4.2 products. W32N20.DLL -> W32N50.DLL NDISHOOK.SYS -> PCANDIS5.SYS NDISHOOK.VXD -> PCANDIS5.VXD Renamed many data structures, field names and file names to make more sense with the renamed supporting files. 2.) Added an alternate set of WinDis 32 API exports which are (should be...) compatible with Visual Basic. These alternate exports are prefixed with the characters "VB", use the WINAPI calling convention and are exported via a .DEF file. 3.) Implemented W32N_CancelPacketRead for PCANDIS5.SYS. Modified HookPeek APC version to call W32N_CancelPacketRead. ====================================================================== Component Version : 5.00.12.37 Release Date : 12/15/98 *** INTERNAL AND SELECTED OEM TESTING ONLY *** NOTE: This is a compatibility-level revision (10->11), meaning that previous versions of the HOOKPEEK drivers and the W32N20.DLL are incompatible with the components in this release. Applications using the WinDis 32 API should be recompiled and re-linked using updated header files and libraries from the V5.00.11.31 SDK. 1.) Ported to applications, DLL, Windows NT kernel-mode protocol driver and Windows 95 VxD protocol driver to Visual C++ 5.0. New IDE project files, etc. VxD is compiled using VtoolsD for Windows 95 V2.05b. 2.) Added preliminary support for Windows NT 5.0 3.) Several modifications related to Windows 98 Power Managememt. The Windows 98 Power Management facility can initiate closeing NDIS adapters which are actively in use. One aspect of this is that when the power is moving to STANDBY things must be handled immediately. Indeed, in the case of NDIS the driver making the power failure indication may be unloaded during the transition to power standby. There are several different improvements related to dealing with this behavior: a.) Make sure WinDis 32 doesn't cause the system to hang or cause other bizzare behavior. b.) Make appropriate and necessary changes for handling of Power Management - even if there is no apparent problem manafestation. c.) Provide illustrations of how WinDis 32 can influence Power Management decisions. 3.1) Modified the NDIScope application to illustrate how an application can VETO the Power Management shutdown transition by responding to the WM_POWERBROADCAST message. 3.2) Made some improvements in W32N20 DLL to handle error conditions that can develop during transition to power standby. 4.) Began enhancing the NDISHOOK.SYS driver to support NDIS 4.0. Changes are minor. Difficulty is in finding a NDIS MAC driver that actually calls ReceivePacketHandler(). 5.) Modifications to all components to allow for variable size PacketBuffer. Modifications are best described by examining the new W32N_PACKET structure defined in NDISHApi.h. 5.1) PacketBuffer Field - was changed from having a fixed length of: (2*ETHER_ADDR_LENGTH) + ETHER_TYPE_LENGTH + MAX_ETHER_SIZE + 2 to having a placeholder length of one (1) byte. This mechanism requires that additional memory for the actual buffer must be provided contiguous to and immediately following the placeholder PacketBuffer field. The HookPeek application illustrates one way to provide the required additional memory. Although there are other ways to fulfill this requirement, the HookPeek test application simply provides the PacketBufferSpace character array immediately following the UserPacketData field. 5.2) nBufferSize Field - This field specifies the size of the buffer at PacketBuffer. This value is specified by the caller before calling W32N_PacketRead(). 5.3) nPacketDataLength Field - When a packet is received the NDISHOOK driver fills this field with the actual size of the network packet. 5.4) nBufferDataLength Field - When a packet is received the NDISHOOK driver will save received packet data at the buffer at PacketBuffer. This field indicates the ACTUAL number of bytes (including the MAC hardware header) which were saved by the NDISHOOK driver in PacketBuffer. This value will always be less then of equal nBufferSize, and may be less then nPacketDataLength. 6.) Several fixes and improvements associated with sending packets. 6.1) Modified NDISHOOK.SYS to insure that errors are reported by W32N_PacketSend() calls. 6.2) In NDISHOOK.SYS, the LOWERBufferSend now returns STATUS_PENDING if the send progresses to the point that NdisSend() is actually called. Previously it incorrectly reported STATUS_SUCCESS. 6.3) In NDISHOOK.VXD, the previous implementation copied the data being sent into a private buffer and returned to the W32N_PacketSend() caller. The primary virtue of this approach is that the caller's packet buffer and OVERLAPPED structure don't have to be page locked and the W32N_PacketSend() call returned immediately to the caller. The problem with this approach is that is does not accomodate arbitrary size send buffers. It was limited basically to Ethernet sizes... Modified the NDISHOOK.VXD packet send mechanism so that it page locks the caller's packet buffer. The W32N_PacketSend() call now does not return until the protocol's SendComplete handler is called. This is now identical to the way NDISHOOK.SYS is implemented. 6.4). Extensive send testing. Tested with various packet sizes, including packets larger then allowed by the adapter (these were gracefully truncated by the 3Com 3C509). Long-term testing on MP workstation with send test enabled. Seems OK. 7.) HookPeek revised in several ways: * Now uses a separate thread for reception. * Most adapter variables are now members of a new HookAdapter data structure instead of being globals. A pointer to the HookAdapter structure is now passed to many HookPeek functions. * Dummy data used by SendTestPacket() is more reasonable. Now use DEC experimental EtherType instead of garbage and the data changes from packet-to-packet. Can also specify the length of the test packet. * The packet send mechanism can now send multiple back-to-back "bursts" of packets. * "Quiet" mode enhanced. Now displays '>' and ']' for each packet sent and '@' when application main thread runs because of periodic timeout. * There are now several variations of the HookPeek application, each demonstrating a different I/O technique for packet reception (Wait/APC/IOCP). * Code shared between the different HookPeek samples has been moved has been moved to a common directory. 8.) Revised device driver loader scheme. Previous versions required the W32N20 DLL and the NDISHOOK drivers to reside in the same directory as the WinDis 32 application. The new mechanism requires 1.) the W32N20 DLL is in the ordinary path that the system searches to load executables and 2.) the NDISHOOK driver is in the SAME directory as the W32N20 DLL. PCAUSA uses these directories: Windows NT: Use the \WINNT\SYSTEM32 directory Windows 9X: Use the \WINDOWS\SYSTEM directory 9.) Implemented W32N_PacketReadEx() and W32N_PacketSendEx(). These work on Windows 95 and Windows NT to provide APC support which does not require a wait object for each packet pending to be read. Provided HookPeek samples which illustrate use of W32N_PacketReadEx() and W32N_PacketSendEx() on both the Windows 95 and Windows NT platforms. 10.) Developed a Windows NT I/O completion port (IOCP) example. 11.) Developed an example which illustrates use of WinDis 32 to implement a simple network protocol. Illustrates sending and receiving data in a more meaningful example. Illustrates non-promiscuous operation. ====================================================================== Component Version : 4.20.11.36 Release Date : 11/22/98 1.) Changed some data types to simplify compiling of NT drivers. This eliminates the need to include some Win32 headers when compiling the drivers. The files effected include: BPH.H NDISHAPI.H All NDIS protocol driver header and source files The types changed are: DWORD -> ULONG BYTE -> UCHAR PBYTE -> PUCHAR UINT -> ULONG BOOL -> BOOLEAN INT -> int The motivation for this change arises when trying to build NT NDIS protocol drivers using common code in several different NT DDK environments. Various combinations of NT DDK's (old, January 1997 NT 4.0 DDK, NT 5.0 Beta DDK), SDK's, and VC/SDK/DDK install order made it difficult to get these types properly defined. It is much easier simply not to use these data types. An observation is that these types are seldom used in Microsoft NT driver samples... Not that the two headers that are specifically identified are used for compilation of both Win32 applications AND drivers. 2.) In W32N20 DLL, modified the Windows NT NDIS protocol driver loader logic so that it deals a little better with cases where the driver has been moved to a location which is not the same as the location persistently maintained by the Service Control Manager. In particular, when the SC StartService() function reports that the driver file is not found, the driver _MAY_ have been moved to a different location. In this case, the W32N_LoadDriver() function will use DeleteService() to remove the existing driver incormation from the Service Control Manager/Registry and then call StartService() a second time. This is an improvement, but more needs to be done. In particular, more version checking needs to be done... ====================================================================== Component Version : 4.20.11.34 Release Date : 11/08/98 1.) Added limited support for TokenRing. The HookPeek StartReception routine was modified to start TokenRing adapters and to correctly display the source and destination addresses which are at different offsets from Ethernet. ====================================================================== Component Version : 4.20.10.33 Release Date : 10/20/98 1.) Added IPX BPF filter sample to HookPeek. Modified NDIScope to allow selection of the new IPX BPF. 2.) Change the order of calling DestroyPackages(), W32N_CloseAdapter(), and CloseHandle() when the StartReception() call fails. This is similar to a change make in V4.20.09.29, but in a different location. 3.) Renamed NETBIOS BPF to more correct NetBEUI. 4.) Improved error checking in W32NNTSC.EXE. These checks eliminate an error occasionally reported from the "16-bit MS-DOS subsystem" when W32NNTSC.EXE is run from the W32N20 DLL. ====================================================================== Component Version : 4.20.10.32 Release Date : 10/14/98 1.) Accomodated what appears to be a serious bug in the Compaq Integrated NetFlex-3 10/100 network interface controller driver. In particular, PCAUSA testing has shown that occasionally the NetFlex 3 NDIS driver will call the protocol's ReceiveHandler with bogus values of LookaheadBufferSize and PacketSize. The bogus values are the UINT equivalent of small negative numbers. Modified the NDISHOOK driver's ReceiveHandler to defend against bogus values of LookaheadBufferSize and PacketSize. ====================================================================== Component Version : 4.20.10.31 Release Date : 9/21/98 1.) Recompiled NT driver using correct NDIS.H. V4.20.10.30 was compiled using a version of NDIS.H that would only work on NT4 with SP3. This version should work on NT4 without SP3. 2.) At the September, 1998 Networking And Communications Conference at Microsoft a comment was made that some MAC drivers incorrectly included HeaderBufferSize in the LookaheadBufferSize. If this is true, then using LookaheadBufferSize as the length to move could result in writing beyond the end of the W32N_PACKET buffer. Changes were made in the NDIS protocol driver's ReceiveHandler to handle this situation. ====================================================================== Component Version : 4.20.10.30 Release Date : 8/8/98 NOTE: This is a compatibility-level revision (09->10), meaning that previous versions of the HOOKPEEK drivers and the W32N20.DLL are incompatible with the components in this release. Applications using the WinDis 32 API should be recompiled and re-linked using updated header files and libraries from the V4.20.10.30 SDK. See Item 2 below for required compatibility change. 1.) Removed partially implemented NDIS 4.X enhancement from NDISHOOK.SYS. This may have caused some problems for users running on Windows NT without SP3. 2.) In HookPeek.C, abandon use of nSelectedMedium field from W32N_PACKET structure. This field will be redefined in a future release. Use g_nMedium, acquired by making NdisRequest for OID_GEN_MEDIA_IN_USE. 3.) Fixed bug error return value from W32N_CloseAdapter(). Now returns correct failure indication and W32N_GetLastError() provides reason for close failure. 4.) In HookPeek.c, corrected order and logic for calling UnmapViewOfFile() and CloseHandle() for the global shared memory file. 5.) In HookPeek OnPacketReceivedAPC() routine, the g_nSequenceErrorMinus sequence error variable was not being incremented when a packet sequence sequence number is detected whose sequence number is lower then one already received. ====================================================================== Component Version : 4.20.09.29 Release Date : 5/17/98 NOTE: This is a compatibility-level revision (08->09), meaning that previous versions of the HOOKPEEK drivers and the W32N20.DLL are incompatible with the components in this release. Applications using the WinDis 32 API should be recompiled and re-linked using updated header files and libraries from the V4.20.09.29 SDK. In addition, some changes associated with reading packets and closing an adapter are necessary. 1.) Check UserPacketData.nNdisStatus when a W32N_PacketRead() completes to determine if there was a read error and 2.) Do not dispose of W32N_PACKET's before calling W32N_CloseAdapter(). 1.) HookPeek console title is now adapter descrption. 2.1) Modified NDISHOOK drivers to report packet read errors in the W32N_PACKET structure. Redefined the existing nDriverReserved1 field to be nNdisStatus. This is where packet read status is reported. Modified the NDISHOOK drivers to cancel pending packet reads when the w32N_CloseAdapter() (CloseHandle()) and/or the NDIS wrapper calls the protocol's UnbindAdapterHandler(). Canceling is indicated in the redefined nNdisStatus field. NOTE: This change requires some changes to be made to the Win32 applications: 1.) In packet read loop, check the error returned in the nNdisStatus field and stop reading if the read is not successful. 2.) Call DestroyPackages() AFTER the call to W32N_CloseAdapter(). Otherwise, the NDISHOOK driver will attempt to cancel pending W32N_PacketRead() operations whose associated memory has been freed - resulting in page faults. 2.2) Modified HookPeek application to check UserPacketData.nNdisStatus for read errors and quit the read loop if an error is found. ====================================================================== Component Version : 4.20.08.28 Release Date : 4/15/98 1.) In HookPeek, now select correct TPF template when RARP protocol is specified on the command line. Previously, selected the NETBIOS TPF filter template because of an error. ====================================================================== Component Version : 4.20.08.27 Release Date : 4/7/98 1.) In W32N32 DLL, now perform ResetEvent() on the events passed to W32N_PacketRead(). Removed ResetEvent() calls from HookPeek before calling W32N_PacketRead(). 2.) In HookPeek.c, renamed pRAWUserPacketData to pUserPacketData to remove vestage of RAWETHER ancestory. 3.) Added the OID_NDISHOOK_DISABLE_LOOPBACK private OID. This is used to command the NDISHOOK driver to reject loopback packets at kernel mode. Previously, loopback filtering was implemented in user mode. Modified HookPeek to use the new OID_NDISHOOK_DISABLE_LOOPBACK feature when the Loopback Disable ("/ld") command line parameter is given. 4.) Modified NDISHOOK.VXD to support multiple concurrent opens on the same adapter. 5.) Modified NDISHOOK.VXD receive mechanism so that W32N_PacketRead() is completed in TransferDataCompleteHandler() instead of ReceiveCompleteHandler(). This _may_ result in some performance improvement. 6.) Modified both NDISHOOK.VXD and NDISHOOK.SYS to that W32N_PacketRead() is completed in ReceiveHandler() if the complete packet is presented in LookaheadBuffer. This also _may_ result in some performance improvement. 7.) In the NDISHOOK drivers, now ignore filters on non-reading opens. With this modification, NDIScope Properties can be opened first followed by starting HookPeek - and HookPeek will operate properly. Before this change, if NDIScope Properties was opened first HookPeek would not receive packets. 8.) Developed a real NDIScope WinHelp4 Help file. Modified NDIScope so pressing Help on the NDIScope main Adapter Chooser brings up the Adapter Chooser help topic. ====================================================================== Component Version : 4.20.08.26 Release Date : 2/20/98 1.) Fixed a bug in _TPF_ConcatIProtoProgram(). IP protocol was being jammed into offset [5], but should have been jammed into offset [3]. This caused sample IP protocol filters, such as UDP, to be incorrect. ====================================================================== Component Version : 4.20.08.25 Release Date : 2/19/98 1.) In NDISHOOK.SYS module RAWLOWER.C, moved default initialization of IoStatus.Information field to W32N_MakePrivateRequest() so that at least nNdisStatus field of HOOK_REQUEST is returned to Win32 application for both query and set of private information. Previously, nNdisStatus was not returned properly when setting private information. 2.) In NDISHOOK.SYS PROTODEV.C NDISHOOKDeviceClose() and W32N_OpenAdapter() now properly use W32NOpenListSpinLock. This fixed a blue screen when running on multi-processor hosts. 3.) On Windows NT NDISHOOK.SYS driver, changed the design so that the BPF is associated with each handle opened by W32N_OpenAdapter(). This allows the same adapter to be opened multiple times with a different BPF on each open. For example, one instance can be accepting IP, another NETBIOS, another AppleTalk, etc. Logic is that the packet is routed ONLY to the first handle whose BPF indicates that the packet is to be accepted. If two handles specify the same BPF, only one will actually receive the packet. NOTE: This feature is currently implemented on Windows NT ONLY. A future release will provide the same functionality for Windows 95. 4.) Systematic revision of method for making DeviceIoControl() calls, checking for I/O errors and waiting for I/O to complete using GetOverlappedResult(). 5.) In W32N_MakeNdisRequest(), the bSync parameter is ignored. All requests will be processed synchronously. This is because some post- completion processing must be performed on the Windows NT platform and the details of this processing are not exposed in the SDK. 6.) On the Windows 95 platform, provided a mechanism to pass the final NDIS status of the OpenAdapter operation to the Win32 application. 7.) Began implementation of W32N_CancelPacketRead(). Not yet complete! 8.) In NDISHOOK.VXD NDISHOOKBindAdapterHandlerEx() routine for Windows 95, modified mechanics used to deal with I/O completion when calling NdisOpenAdapter(). Previous implementation tried to distinguish between immediate and deferred returns from NdisOpenAdapter(). However, the method handled NDIS_STATUS_PENDING incorrectly. Now, instead of trying to distinguish between immediate and deferred completion of the NdisOpenAdapter() call, I/O is always completed in NDISHOOKOpenAdapterCompleteHandler() and NDISHOOKBindAdapterHandlerEx() always returns -1 (i.e., pending). 9.) In HookPeek, added a shared memory mechanism which allows multiple instances of HookPeek to access the same adapter concurrently. The mechanism is such that the first instance of HookPeek sets the NDIS packet filter (not the BPF) and the last instance sets it to zero (which shuts it off). NOTE: This feature is currently implemented on Windows NT ONLY. A future release will provide the same functionality for Windows 95. ====================================================================== Component Version : 4.20.08.24 Release Date : 2/14/98 1.) Private build for testing handling of calls to NdisOpenAdapter() which pend instead of completing immediately. ====================================================================== Component Version : 4.20.08.23 Release Date : 2/9/98 1.) Private build which includes breadboard of MAC address filter mechanism. ====================================================================== Component Version : 4.20.08.22 Release Date : 2/7/98 1.) Vastly improved mechanism for dynamically unloading Windows NT NDISHOOK.SYS driver. This mechanism is more reliable, and should significantly reduce problems which were caused by changing the path to the NDISHOOK.SYS driver to a location different from that maintained in the Service Control database. NOTE: In order to benefit from this change it is necessary to purge your systems of prior versions of the NDISHOOK.SYS driver and W32NdisApi.DLL. ====================================================================== Component Version : 4.20.08.21 Release Date : 2/4/98 NOTE: This is a compatibility-level 0revision (07->08), meaning that previous versions of the HOOKPEEK drivers and the W32NDISAPI.DLL are incompatible with the components in this release. Applications using the WinDis 32 API should be recompiled and re-linked using updated header files and libraries from the V4.12.06.18 SDK. 1.) Added W32N_GetAdapterRegistryInfo() function in W32NdisApi.DLL. This moved some of the basic registry access functions from NDIScope's MFC implementation to a basic 'C' implementation. 2.) Added this definition to W32NDIS.H after definition for NDIS_PACKET_TYPE_SMT: #define NDIS_PACKET_TYPE_ALL_LOCAL 0x0080 3.) Reorganized source directory structure. The W32NdisApi DLL renamed to W32N20. Sources to the WinDis 32 API support DLL are now under the WinDis\DLL directory. Renaming W32NdisApi.DLL to the 8.3 name W32N20.DLL allows it to be used successfully on legacy Windows NT 3.5X platforms. The following header files are moved to the WinDis\Include directory: BPF.H NdisHApi.h W32NDIS.H WinDis.h 4.) Implemented W32N_MakePrivateRequest(), which allows a Win32 application to make "private" NDIS requests to the NDISHOOK protocol driver. This can be used for a variety of purposes. Initially, it is used to gather statistics gleaned by the protocol driver. 5.) Implemented mechanism to query NDISHOOK protocol statistics using NdisRequest mechanism. At this time the following protocol-specific statistics are monitored: nFramesRcvGood // Frames Recieved OK At The Protocol Level nRcvMissed_KernelResource // Frames Missed, Kernel Resource nRcvMissed_UserResource // Frames Missed, User Resource 6.) Improved packet sequence detection mechanism. Now correctly counts missed packets instead of counting the start of missing packet sequences. User mode and kernel mode statistics are sane. 7.) Now properly re-queue Win32 user IRP if kernel mode resource is exhausted. Some IRP's were left in limbo previously. 8.) Now support traditional instalation of the NDISHOOK.SYS protocol driver via the Network Control Panel Applet. WinNT - Provide OEMSETUP.INF file. Some modifications to binding routines. Win95 - Provide NETPCA2.INF file. Fairly extensive modifications to binding/open and close/unbinding routines. Probably not the last revision in this area. 9.) In NDISHOOK.SYS driver code, removed unnecessary calls to ASSERT(). The condition causing these calls to ASSERT() were being handled by subesquent logic, and caused unnecessary blue-screens and re-boots when running on CHECKED build. 10.) Changed return code design for W32N_MakeNdisRequest(). Now always returns NDIS error code or the I/O error returned by GetLastError() if there was an error calling the NDISHOOK protocol driver. Previously, W32N_MakeNdisRequest() would return ERROR_SUCCESS if I/O completed successfully and caller would have to make a second check of HOOK_REQUEST nRequestStatus field to determine if NDIS operation was successful. This change required changing dirvers so that they now complete the I/O successfully even if the NDIS request failed. This insures that the NDIS status code is actually passed up to Win32 for interpretation. This change also required changing W32NdisApi DLL implementation of W32N_MakeNdisRequest() to return the NDIS request result. If I/O operation actually failed for some reason, W32N_MakeNdisRequest() returns NDIS_STATUS_FAILURE. 11.) In NDISHOOKTransferDataCompleteHandler(), now explicitly set nTransferDataStatus to the value indicated by the Status parameter. The nTransferDataStatus is actually properly set because a pointer to it is passed to NdisTransferData() when the transfer is initiated. This change just makes the setting clear to the curious. 12.) Changed to use NdisXxxString() functions instead of RtlXxxString() and NdisXxxMemory() instead of RtlXxxMemory() functions where possible. For the current builds, there is no functional difference because the NdisXxxYyy() functions are defined to call the RtlXxxYyy() functions. 13.) Reinstated use of signature checking in HOOK_PACKET_RESERVED. 14.) Renamed some functions, structures, variables, etc. to bring the Win95 and WinNT versions "closer together". Perhaps common driver codebase in a future release. 15.) Added a W32N_GetLastError() function to provide access to errors associated with failure of certain WinDis 32 functions which return handles. Of specific interest is providing a mechanism to determine why W32N_OpenAdapter() may fail. 16.) Implemented decent handling of result returned by DeviceIoControl(). In particular, if DeviceIoControl() result is FALSE, now check result from GetLastError(). Only start overlapped wait using GetOverlappedResult() if the result from GetLastError() is ERROR_IO_PENDING. 17.) In NDISHOOK.SYS RAWLOWER.C module, reverted to use of KeQuerySystemTime() instead of NdisGetCurrentSystemTime(). This consession, in conjunction with the DLL renaming of paragraph 2.) above, allows NDISHOOK.SYS to operate on the Windows NT 3.5X platform. ====================================================================== Component Version : 4.12.07.20 Release Date : 10/26/97 1.) Modified W32NdisApi W32N_BindAdapter95() routine (called by W32N_OpenAdapter() ) to use the complete path to the VxD instead of assuming that the VxD was in the current directory. This allows HookPeek to be run successfully without requiring NDISHOOK.VXD to be in the current directory. NOTE: An important lesson to be learned is that when a complete path is used to load a VxD, the path MUST be a shortname path... 2.) Modified HookPeek to support ARP and RARP BPF capture filters. 3.) Modified HookPeek to support TCP, UDP, ICMP and IGMP capture filters. Other modifications to TPFILTER. 4.) Modified NDIScope to provide a little more flexibility in selecting protocols to capture. ====================================================================== Component Version : 4.12.07.19 Release Date : 10/12/97 1.) Added BSD Packet Filter (BPF) pseduo-machine functions. These functions are implemented both at Win 32 user-mode (for testing) and at kernel-mode where they are intended to be used operationally. 2.) Modified NDIScope so that the OPEN button now does something! In particular, it now calls CreateProcess to start the HookPeek command line application. A dialog is presented which builds the command-line arguments to be passed to HookPeek. 3.) In NDISHAPI.H, modified definition of W32N_PACKET PacketBuffer character array length. This doesn't change the length - just clarifies use of the space. 4.) Modified HookPeek to accept command-line arguments which control the new BPF filter. The arguments allow the user to specify which protocol to capture. ====================================================================== Component Version : 4.12.06.18 Release Date : 8/28/97 1.) Renamed USER_PACKET_DATA to W32N_PACKET. 2.) Restructured the W32N_PACKET structure to more closely parallel the NDIS 4.X NDIS_PACKET structure. This is in preparation for migration to include NDIS 4.X multi-packet support (even on NDIS 3.0...). This included another change in the timestamp mechanism. The nPacketTime field renamed to TimeReceived and is now in 100 nanosecond units taken from KeQuerySystemTime() on Windows NT. This is the way it is in NDIS 4.X, so make the change now... On Windows 95 TimeReceived is taken from Get_System_Time(), with 1 ms units. It would be nice to translate this to 100 nanosecond units in the VxD, but VxD's can't perform double multiplies. (If anyone has a quick fix on how to scale TimeReceived in the VxD, let me know and I will incorporate it in a future release). See HookPeek for additional notes on TimeReceived. 2.) Major revision of HookPeek packet read loop. Now correctly handles multiple packets, if available, when the wait for one or more packets is signaled. ====================================================================== Component Version : 4.12.05.17 Release Date : 8/07/97 1.) Revised HookPeek to correctly display packet timestamp in milli-sec units. 2.) Corrected NdisHook.VxD packet timestamp increment. ====================================================================== Component Version : 4.12.05.16 Release Date : 8/07/97 1.) HookPeek modified to handle filtering of loopback packets based on checking received packet source link address against the adapter link address. See the new /le and /ld command-line options. 2.) Modified NDISHOOK.VXD to use Get_System_Time() (1-ms accuracy) instead of using Get_Last_Updated_System_Time() (50-ms accuracy) for Windows 95 packet time stamp. 3.) Modified HookPeek to get version information from the resource file instead of a #define. 4.) In NDIScope, modified 802.3 and 802.5 statistics page to display error code in hex when an NDIS statistics request fails. This provides better feedback when working with some adapters, such as the 3Com 3C509, which return NOT SUPPORTED in response to some mandatory queries. 5.) In USER_PACKET_DATA structure, changed packet time stamp to be LARGE_INTEGER and added field to return timestamp increment. This change allows packet timestamp to be handled uniformly on both Windows 95 and Windows NT. See notes in NdisHApi.h. This change required alteration of the USER_PACKET_DATA and modification of all components of WinDis 32. ATTENTION: This change requires all components which link to W32NdisApi to be recompiled. Drivers V4.12.05.XX must also be installed. Win32 applications with versions less than V4.12.05.XX will FAIL when operating with WinDis 32 V4.12.05.XX. ====================================================================== Component Version : 4.12.04.15 Release Date : 7/24/97 1.) Revised WINDIS.H to use BOOLEAN type consistently instead of mixing BOOL and BOOLEAN types. 2.) Added implementation for W32N_BufferSend to Windows 95 driver. 3.) In WinDis.h, revised preprocessor definitions controlling exported API types. Now must define _W32N_DLL when building the W32NdisApi DLL. 4.) When sending packets, the packet source address must be inserted into the packet by the Win32 application before calling W32N_PacketSend() (See HookPeek.C for an example of how to do this). Code which attempted to do this at the driver level has been removed. 5.) Fixed bug which caused packets to always be sent on the first binding, instead of the binding specified by the handle. on the Windows NT platform. ====================================================================== Component Version : 4.12.04.14 Release Date : 7/19/97 1.) Fixed an incorrect assert statement in CreatePackages routine in HOOKPEEK.C. 2.) Added the /go command-line option to HookPeek, to bypass the "Press ENTER to Start" promptings. 3.) Fixed gross bug. Was using incorrect I/O method for some IOCTL codes defined in NdisHApi.h. This bug caused intermittent bugs on some systems and had no observable problem on others. 4.) Revised NDIS request buffer mechanism for Windows NT. Buffer pointed to by NDIS_REQUEST structure is now properly probed and locked for use at arbitrary times. 5.) Tested OK on Windows NT Dual Pentium Pro platform. 6.) Tested OK on Windows 9X Build 1525. ====================================================================== Component Version : 4.12.03.13 Release Date : 7/15/97 1.) Lots of work on NDISHOOK.SYS. 1.1) Performance improvements, including elimination of an unnecessary copy of all bytes in each packet and a change in the strategy to complete PacketRead operations; completion is now perfromed in TransferDataComplete instead of ReceiveComplete. 1.2) Revised PacketRead cancel routine. 2.) Revised HookPeek exit mechanism. ====================================================================== Component Version : 4.12.03.12 Release Date : 7/7/97 1.) Second release for LIMITED external testing. 2.) Added Win95 PacketRead support. 3.) Changed HOOKPEEK command-line argument syntax. ====================================================================== Component Version : 1.11.02.11 Release Date : 6/26/97 1.) Release for LIMITED external testing. 2.) COMPLETE revision. Now uses dynamically installed NT protocol driver. NOT multi-processor safe. Static installation via traditional NCP has not yet been tested. ====================================================================== Component Version : 1.10.01.10 Release Date : 5/7/97 1.) Added Link Speed to basic property page. ====================================================================== Component Version : 1.10.01.09 Release Date : 4/19/97 1.) Major update. a.) Now provides partial support for both Windows NT and Windows 95. b.) Modeless property dialog, which allow multiple adapters to be open concurrently. ====================================================================== Component Version : 1.00.00.08 Release Date : 4/8/97 1.) Minor bug fix concerning allocation of NDIS request structures. ====================================================================== Component Version : 1.00.00.07 Release Date : 3/14/97 1.) Release for limited external testing. 2.) Added data for VS_FIXEDFILEINFO in NDISHOOK.VRC. This addition is essential for correct installation and updates using InstallShield. NOTE: Because of this bug, if you are unfortunate enough to have a test copy of NetTool prior to V1.00.00.07, you MUST MANUALLY DELETE NDISHOOK.VXD from it's install location. 3.) Installer now installs necessary MFC DLL's. 4.) Fixed handling of extremely long adapter descriptions in adapter selection list box. 5.) Removed ASSERT which caused fault when making request for adapter which is in the registry, but whose driver is not installed in the current hardware configuration. This is a common situation.