3 days lecture + hands-on lab
For Driver Developers, Support Engineers and Software QA Engineers
This course covers the development and debugging of various Windows kernel mode network drivers. Attendees will learn about components of the new Windows networking stack (introduced in Windows Vista), kernel mode interfaces available for networking, NDIS6 miniport, protocol, intermediate and light weight filter drivers, kernel mode socket clients using TDI and WSK and transport layer filters using TDI and WFP.
In the hands-on labs attendees get an opportunity to develop, install, test and debug drivers that exercise the above interfaces on Windows 7 running inside a Virtual Machine as well as analyze kernel mode crash dumps that pertain to these technologies.
Proficiency in "C" programming language
Familiarity with Windows kernel architecture and data structures
Upon completion of this course attendees would be able to:
Understand the key kernel mode interfaces provided by the networking stack in Windows Vista and later versions of Windows.
Understand the different type of NDIS drivers, the functionality they provide, their interactions with NDIS and different areas of functionality they implement.
Understand the key NDIS data structures, relationship between them, NDIS driver's usage of these structures, using the debugger to examine these structures and leverage the information to resolve problems.
Understand how NDIS represents network packet data using NBLs, NBs and MDLs and the end to end flow of data in the networking stack. Implement packet transmission and reception functionality and debug issues related caused by stuck NBLs.
Understand the different types of TDI drivers, how socket operations map to TDI requests and events and implement TDI client drivers to perform socket operations in the kernel.
Understand the WSK interface, implement drivers that use WSK to perform socket operations in the kernel and port legacy TDI client drivers to the WSK interface.
Understand the different layers at which WFP filters apply, implement WFP callouts in kernel mode to intercept and modify network traffic and debug common problems with WFP drivers.
Network Stack ComponentsNetwork Stack InterfacesNDIS Driver Types TCPIP Components RDBSS and Mini Redirectors, CSC MPR & MUP User Mode Networking Components Networking Tools NDIS DriversNDIS ConceptsMiniport Drivers Protocol Drivers Adapter Bindings IM Drivers & Notify Objects NDIS Internal Data Structures OIDs & Direct OID Handlers NDIS PnP Events NDIS Data TransfersNDIS Packets and NDIS BuffersNet Buffers, Net Buffer Lists & NBL Contexts Receive Data Path Send Data Path Packet Filtering Packet OOB Data NDIS Loopback NDIS Offload Capabilities |
TDITDI ArchitectureAddress, Connection & Control Objects Requests & Events Clients & Servers Connection Setup and Teardown Data Transfers TDI Issues TDX Driver WSKWSK ArchitectureOperational Model Socket Types API Model Event Callbacks Socket Options Data Handling TDI Interface Mapping Windows Filtering Platform (WFP)WFP ArchitectureWFP Layers, Filters, Sub-layers and Callouts WFP Registration WFP Flow Contexts WFP Traffic Processing WFP Traffic Injection |