PCAGizmo Log Interpretation Notes
 

Introduction

The PCAUSA "PCAGizmo" NDIS OID Monitor program logs NDIS operations beginning at system startup. One potentially interesting use of PCAGizmo is to gain additional insight into the way IEEE 802.11 adapters are managed in the Windows environment.

Windows support for wireless networking was non-existent on Windows platforms prior to Windows XP. Wireless networking support on these platforms was like the "Wild West", with each network adapter vendor inventing their own proprietary mechanism to fit wireless support into the existing networking architecture.

Microsoft added support for 802.11 adapters beginning with Windows XP, and has continued to make enhancements with service packs to Windows XP and Windows Server 2003. These implementations are based on "LAN emulation", where the wireless networking adapter vendor is required to provide a companion NDIS miniport driver that presents an Ethernet (802.3) interface to the operating system even though the physical media is 802.11.

Windows Vista goes further and adds native 802.11 (or "Native Wi-Fi) support.

The key information to be provided in this article consists of logs of the NDIS query/set information and status indications operations passed between the wireless management software and the 802.11 adapters.

 

About the NDIS Monitor (PCAGizmo)

The PCAUSA NDIS Monitor used in this instance employs a NDIS filter driver to monitor NDIS operations that are passed through it.

On pre-Vista Windows systems the functions are currently logged include:

  1. Calls to the MiniportQueryInformation handler.
  2. Calls to the MiniportSetInformation handler.
  3. Calls made to NdisRequest.
  4. Calls to ProtocolRequestComplete.
  5. Calls made to NdisMQueryInformationComplete.
  6. Calls made to NdisMSetInformationComplete.
  7. Calls to ProtocolStatus handler.
  8. Calls to ProtocolStatusComplete handler.
  9. Calls made to NdisMIndicateStatus.

In addition, the logger records both entry and exit information for some logged functions.

Calls to query for OID_GEN_LINK_SPEED are not logged because these are made frequently by NDIS and rapidly overflow the NDIS logging buffer.

The PCAGizmo NDIS Monitor is not the same as the "NDIScope" application that comes with Rawether for Windows. PCAGizmo is based on NDIS Intermediate (IM) and NDIS filtering technology whereas NDIScope is based on NDIS protocol technology.

 

About the Logged NDIS Operations

The NDIS operation log provided with this article if fairly detailed. For example, there are five log records made in the sequence initiated by a call to the MiniportQueryInformation handler to fetch OID_GEN_VENDOR_DESCRIPTION:

0001 - The initial call to the MiniportQueryInformation handler to fetch OID_GEN_VENDOR_DRIVER_VERSION.
 
0002 - NdisRequest is called from within MiniportQueryInformation handler.
 
0003 - ProtocolRequestComplete is called with the query results. This is done before the call to NdisRequest returns.
 
0004 - NdisMQueryInformationComplete is called from within the ProtocolRequestComplete handler.
 
0005 - The MiniportQueryInformation handler finally exits. The return status is NDIS_STATUS_PENDING (even though the query results have actually already been reported to the caller).

 

Each NDIS object identifier ("OID") record includes:

bulletRecord Number
bulletRecord Time Stamp (milliseconds)
bulletFunction Name - Value in parentheses is 0 for function entry, > 0 for a function exit or return.
bulletRecord Length
bulletOID Name and Value
bulletStatus Value
bulletInformation Buffer Length, Bytes Needed, Bytes Written or Read
bulletInformation Written to or Read from Buffer


The NDIS OID log information closely parallels the information contained in the NDIS_REQUEST structure described in the Windows DDK.

 

Example NDIS OID Log Records

Here are the five detailed records for the OID_GEN_VENDOR_DRIVER_VERSION query:

0001 0000031445 msec QueryInformationHandler(0) 56 Bytes
Oid : OID_GEN_VENDOR_DRIVER_VERSION(0x00010116) - Query Information
Status: 0xFFFFFFFF
IB Len: 4; Needed: 0; W/R: 0


0002 0000031445 msec NdisRequest(0) 56 Bytes
Oid : OID_GEN_VENDOR_DRIVER_VERSION(0x00010116) - Query Information
Status: 0xFFFFFFFF
IB Len: 4; Needed: 0; W/R: 0


0003 0000031445 msec RequestCompleteHandler(0) 60 Bytes
Oid : OID_GEN_VENDOR_DRIVER_VERSION(0x00010116) - Query Information
Status: 0x00000000
IB Len: 4; Needed: 0; W/R: 4
Information( 4 Bytes):
196623 (0x0003000F)

0004 0000031445 msec NdisMQueryInformationComplete(0) 60 Bytes
Oid : OID_GEN_VENDOR_DRIVER_VERSION(0x00010116) - Query Information
Status: 0x00000000
IB Len: 4; Needed: 0; W/R: 4
Information( 4 Bytes):
196623 (0x0003000F)

0005 0000031445 msec QueryInformationHandler(1) 56 Bytes
Oid : OID_GEN_VENDOR_DRIVER_VERSION(0x00010116) - Query Information
Status: 0x00000103
IB Len: 4; Needed: 0; W/R: 4


 

Of course, the use of the PCAUSA NDIS Monitor isn't "magic". In fact, this information could be examined using a debugger. However, it may be useful to have the information readily available for reference.

 

Topic Status
December 3, 2009 Edited.
September 12, 2006 Updated with Vista Native Wi-Fi information.
October 7, 2003 Initial release.

 

 

 

PCAUSA Home · Privacy Statement · Products · Ordering · Support · Utilities · Resources
Mailing Lists  · PCAUSA Newsletter · PCAUSA Discussion List
 
Rawether for Windows and WinDis 32 are trademarks of Printing Communications Assoc., Inc. (PCAUSA)
Microsoft, MS, Windows, Windows 95, Windows 98, Windows Millennium, Windows 2000, and Win32 are registered trademarks and Visual C++ and Windows NT are trademarks of the Microsoft Corporation.
Send mail to webmaster@pcausa.com with questions or comments about this web site.
Copyright © 1996-2010 Printing Communications Assoc., Inc. (PCAUSA)
Last modified: February 04, 2010