NDIS IEEE 802.11 Notes
 

Introduction

The PCAUSA "PCAGizmo" NDIS OID Monitor program logs NDIS operations beginning at system startup. One potentially interesting use of PCAGizmo is to gain additional insight into the way IEEE 802.11 adapters are managed in the Windows environment.

Windows support for wireless networking was non-existent on Windows platforms prior to Windows XP. Wireless networking support on these platforms was like the "Wild West", with each network adapter vendor inventing their own proprietary mechanism to fit wireless support into the existing networking architecture.

Microsoft added support for 802.11 adapters beginning with Windows XP, and has continued to make enhancements with service packs to Windows XP and Windows Server 2003. These implementations are based on "LAN emulation", where the wireless networking adapter vendor is required to provide a companion NDIS miniport driver that presents an Ethernet (802.3) interface to the operating system even though the physical media is 802.11.

Windows Vista goes further and adds native 802.11 (or "Native Wi-Fi) support.

The key information to be provided in this article consists of logs of the NDIS query/set information and status indications operations passed between the wireless management software and the 802.11 adapters.

Resources

This page provides a portal to Microsoft documentation related to wireless technologies:

Wireless Network Technologies

 

About the NDIS Monitor (PCAGizmo)

The PCAUSA NDIS Monitor used in this instance employs a NDIS filter driver to monitor NDIS operations that are passed through it.

On pre-Vista Windows systems the functions are currently logged include:

  1. Calls to the MiniportQueryInformation handler.
  2. Calls to the MiniportSetInformation handler.
  3. Calls made to NdisRequest.
  4. Calls to ProtocolRequestComplete.
  5. Calls made to NdisMQueryInformationComplete.
  6. Calls made to NdisMSetInformationComplete.
  7. Calls to ProtocolStatus handler.
  8. Calls to ProtocolStatusComplete handler.
  9. Calls made to NdisMIndicateStatus.

In addition, the logger records both entry and exit information for some logged functions.

Calls to query for OID_GEN_LINK_SPEED are not logged because these are made frequently by NDIS and rapidly overflow the NDIS logging buffer.

The PCAGizmo NDIS Monitor is not the same as the "NDIScope" application that comes with Rawether for Windows. PCAGizmo is based on NDIS Intermediate (IM) and NDIS filtering technology whereas NDIScope is based on NDIS protocol technology.

 

About the Logged NDIS Operations

The NDIS operation log provided with this article if fairly detailed. For example, there are five log records made in the sequence initiated by a call to the MiniportQueryInformation handler to fetch OID_GEN_VENDOR_DESCRIPTION:

0001 - The initial call to the MiniportQueryInformation handler to fetch OID_GEN_VENDOR_DRIVER_VERSION.
 
0002 - NdisRequest is called from within MiniportQueryInformation handler.
 
0003 - ProtocolRequestComplete is called with the query results. This is done before the call to NdisRequest returns.
 
0004 - NdisMQueryInformationComplete is called from within the ProtocolRequestComplete handler.
 
0005 - The MiniportQueryInformation handler finally exits. The return status is NDIS_STATUS_PENDING (even though the query results have actually already been reported to the caller).

 

Each NDIS object identifier ("OID") record includes:

bulletRecord Number
bulletRecord Time Stamp (milliseconds)
bulletFunction Name - Value in parentheses is 0 for function entry, > 0 for a function exit or return.
bulletRecord Length
bulletOID Name and Value
bulletStatus Value
bulletInformation Buffer Length, Bytes Needed, Bytes Written or Read
bulletInformation Written to or Read from Buffer


The NDIS OID log information closely parallels the information contained in the NDIS_REQUEST structure described in the Windows DDK.

 

Example NDIS OID Log Records

Here are the five detailed records for the OID_GEN_VENDOR_DRIVER_VERSION query:

0001 0000031445 msec QueryInformationHandler(0) 56 Bytes
Oid : OID_GEN_VENDOR_DRIVER_VERSION(0x00010116) - Query Information
Status: 0xFFFFFFFF
IB Len: 4; Needed: 0; W/R: 0


0002 0000031445 msec NdisRequest(0) 56 Bytes
Oid : OID_GEN_VENDOR_DRIVER_VERSION(0x00010116) - Query Information
Status: 0xFFFFFFFF
IB Len: 4; Needed: 0; W/R: 0


0003 0000031445 msec RequestCompleteHandler(0) 60 Bytes
Oid : OID_GEN_VENDOR_DRIVER_VERSION(0x00010116) - Query Information
Status: 0x00000000
IB Len: 4; Needed: 0; W/R: 4
Information( 4 Bytes):
196623 (0x0003000F)

0004 0000031445 msec NdisMQueryInformationComplete(0) 60 Bytes
Oid : OID_GEN_VENDOR_DRIVER_VERSION(0x00010116) - Query Information
Status: 0x00000000
IB Len: 4; Needed: 0; W/R: 4
Information( 4 Bytes):
196623 (0x0003000F)

0005 0000031445 msec QueryInformationHandler(1) 56 Bytes
Oid : OID_GEN_VENDOR_DRIVER_VERSION(0x00010116) - Query Information
Status: 0x00000103
IB Len: 4; Needed: 0; W/R: 4


 

3Com AirConnect NDIS OID Log

For this test the PCAGizmo driver is inserted above the 802.11 miniport. The adapter is a 3Com AirConnect 802.11b Wireless LAN PC card.

The NDIS OID log covers approximately the first 110 seconds of system operation. It is interesting to note that:

bulletThe first NDIS query operation doesn't occur until about 31 seconds into system startup.
bulletThe media isn't connected until about 48 seconds into system startup. (Earliest point TCP/IP can begin to use the adapter).

 

Interpretation of the bulk of this IEEE 802.11 log is left to the reader. Some points of interest include:

bulletFirst 802.11-Specific Operation - Record 223, Query for OID_802_11_AUTHENTICATION_MODE.
bulletFirst BSSID List Scan - Record 263
bulletAdd WEP Call - Record 343
bulletMedia Connected - Record 358

Click here for the Detailed NDIS OID Log for a 802.11 Miniport.
153.21KB (156884 bytes)

 

New Logs of Windows Vista (RC1) Native Wi-Fi Operations

PCAUSA has made a new version of PCAGizmo that adds support for monitoring OID operations on Windows Vista. On pre-Vista systems PCAGizmo installs a NDIS 5 NDIS Intermediate (IM) filter driver.

However, on Windows Vista PCAGizmo installs a NDIS 6 Lightweight Filter (LWF) monitoring driver. The LWF monitoring driver can log operations both above and below the system-provided Native Wi-Fi IM driver. This provides interesting insight into the operational behavior of these drivers.

Click here to access the PCAGizmo V1.0.0.12 Wireless OID logs, including Vista Native Wi-Fi OID logs.

 

Of course, the use of the PCAUSA NDIS Monitor isn't "magic". In fact, this information could be examined using a debugger. However, it may be useful to have the information readily available for reference.

PCAGizmo executables are available for download. See the URL http://www.pcausa.com/Utilities/PCAGizmo/PCAGizmo.htm.

 

 

Topic Status
February 26, 2007 Added PCAGizmo download information.
September 12, 2006 Updated with Vista Native Wi-Fi information.
October 7, 2003 Initial release.

 

 

PCAUSA Home · Privacy Statement · Products · Ordering · Support · Utilities · Resources
Mailing Lists  · PCAUSA Newsletter · PCAUSA Discussion List
Rawether for Windows, Rawether .NET, WinDis 32 and NDIS Press are trademarks of Printing Communications Assoc., Inc. (PCAUSA)
Microsoft, MS, Windows, Windows Vista, Windows 95, Windows 98, Windows Millennium, Windows 2000, and Win32 are registered trademarks and Visual C++ and Windows NT are trademarks of the Microsoft Corporation.
Copyright © 1996-2007 Printing Communications Assoc., Inc. (PCAUSA)
Last modified: January 20, 2007