FltRegisterFilter not working - c

I'm trying to create a simple windows driver, but the FltRegisterFilter is not working ! I got the following error code : 0xc0000034 (I think it refers to the STATUS_OBJECT_NAME_NOT_FOUND error code).
Do you know if the generated INF file is enough ? I just tried to add this line in a driver install section : Dependencies = FltMgr.
Here is the full INF file :
;
; KmdfMiniFilter.inf
;
[Version]
Signature="$WINDOWS NT$"
Class=Sample ; TODO: edit Class
ClassGuid={78A1C341-4539-11d3-B88D-00C04FAD5171} ; TODO: edit ClassGuid
Provider=%ManufacturerName%
CatalogFile=KmdfMiniFilter.cat
DriverVer=01/01/2017 ; TODO: set DriverVer in stampinf property pages
[DestinationDirs]
DefaultDestDir = 12
; ================= Class section =====================
[ClassInstall32]
Addreg=SampleClassReg
[SampleClassReg]
HKR,,,0,%ClassName%
HKR,,Icon,,-5
[SourceDisksNames]
1 = %DiskName%,,,""
[SourceDisksFiles]
KmdfMiniFilter.sys = 1,,
;*****************************************
; Install Section
;*****************************************
[Manufacturer]
%ManufacturerName%=Standard,NT$ARCH$
[Standard.NT$ARCH$]
%KmdfMiniFilter.DeviceDesc%=KmdfMiniFilter_Device, Root\KmdfMiniFilter ; TODO: edit hw-id
[KmdfMiniFilter_Device.NT]
CopyFiles=Drivers_Dir
[Drivers_Dir]
KmdfMiniFilter.sys
;-------------- Service installation
[KmdfMiniFilter_Device.NT.Services]
AddService = KmdfMiniFilter,%SPSVCINST_ASSOCSERVICE%, KmdfMiniFilter_Service_Inst
; -------------- KmdfMiniFilter driver install sections
[KmdfMiniFilter_Service_Inst]
DisplayName = %KmdfMiniFilter.SVCDESC%
ServiceBinary = %12%\KmdfMiniFilter.sys
ServiceType = 1 ; SERVICE_KERNEL_DRIVER
StartType = 3 ; SERVICE_DEMAND_START
ErrorControl = 1 ; SERVICE_ERROR_NORMAL
LoadOrderGroup = "FSFilter Activity Monitor"
Dependencies = FltMgr
;
;--- KmdfMiniFilter_Device Coinstaller installation ------
;
[DestinationDirs]
KmdfMiniFilter_Device_CoInstaller_CopyFiles = 11
[KmdfMiniFilter_Device.NT.CoInstallers]
AddReg=KmdfMiniFilter_Device_CoInstaller_AddReg
CopyFiles=KmdfMiniFilter_Device_CoInstaller_CopyFiles
[KmdfMiniFilter_Device_CoInstaller_AddReg]
HKR,,CoInstallers32,0x00010000, "WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll,WdfCoInstaller"
HKR,"Instances","DefaultInstance",0x00000000,%DefaultInstance%
HKR,"Instances\"%Instance1.Name%,"Altitude",0x00000000,%Instance1.Altitude%
HKR,"Instances\"%Instance1.Name%,"Flags",0x00010001,%Instance1.Flags%
[KmdfMiniFilter_Device_CoInstaller_CopyFiles]
WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll
[SourceDisksFiles]
WdfCoInstaller$KMDFCOINSTALLERVERSION$.dll=1 ; make sure the number matches with SourceDisksNames
[KmdfMiniFilter_Device.NT.Wdf]
KmdfService = KmdfMiniFilter, KmdfMiniFilter_wdfsect
[KmdfMiniFilter_wdfsect]
KmdfLibraryVersion = $KMDFVERSION$
[Strings]
SPSVCINST_ASSOCSERVICE= 0x00000002
ManufacturerName="<Your manufacturer name>" ;TODO: Replace with your manufacturer name
ClassName="Samples" ; TODO: edit ClassName
DiskName = "KmdfMiniFilter Installation Disk"
KmdfMiniFilter.DeviceDesc = "KmdfMiniFilter Device"
KmdfMiniFilter.SVCDESC = "KmdfMiniFilter Service"
DefaultInstance = "KmdfMiniFilter"
Instance1.Name = "KmdfMiniFilter"
Instance1.Altitude = "370120"
Instance1.Flags = 0x0 ; Allow all attachments
Do you have any idea of what is the problem ?


I finally solved my problème thanks to RbMm !
A minifilter is not a WDM driver, so :
it doesn't have any hardware id
a good example of inf file : https://github.com/Microsoft/Windows-driver-samples/blob/master/filesys/miniFilter/nullFilter/nullFilter.inf
we can't install a minifilter from Visual Studio, so in Deployment settings, check "Not install". The files will be sent on the target machine. Then, go in you driver's folder (mine was : C:\DriverTest\Drivers). The sys file must be in the same directory than the inf file. Right-click on the inf file -> Install. And finally, open a prompt command (administrator), and use the following command to load and unload your filter : fltmc load myFilter.
Then, once your filter loaded, you must be able to debug it from Visual !

Related

Two filter drivers in one binary causes System error 2 on the 2nd driver

I have two NDIS filter drivers in the same binary. This seems to work based on this MSDN forum thread.
I encountered an issue: Both drivers have been successfully installed using NetCfg API. However, the second installed driver won't start. It causes System error 2:
C:\Program Files\Npcap>net start npcap
The requested service has already been started.
More help is available by typing NET HELPMSG 2182.
C:\Program Files\Npcap>net start npcap_wifi
System error 2 has occurred.
The system cannot find the file specified.
If I install npcap_wifi first, npcap second, then npcap service fails to start. DbgView shows that the second driver's DriverEntry is never called. And the NetCfg API install doesn't show any error either. So I don't know what's wrong here? Thanks!
My source code:
The 1st driver's INF is: npcap.inf. It uses service name npcap.
The 2nd driver's INF is: npcap_wifi.inf It uses service name npcap_wifi.
The shared binary is: Packet.c. I used DriverEntry's RegistryPath to determine which service the binary is running as.
The driver installer is: NPFInstall.cpp. The command NPFInstall.exe -i is used to install the 1st driver and NPFInstall.exe -i2 is used to install the 2nd driver.
UPDATE:
I have modified npcap.inf based on your fake service method:
;-------------------------------------------------------------------------
; NPCAP.INF -- Npcap NDIS 6.x LightWeight Filter Driver
;
; Copyright (c) 2015, Insecure.Com LLC. All rights reserved.
;------------------------------------------------------------------------
[version]
Signature = "$Windows NT$"
Class = NetService
ClassGUID = {4D36E974-E325-11CE-BFC1-08002BE10318}
CatalogFile = %NPF_DriverName%.cat
Provider = %Insecure%
DriverVer=05/15/2015,14.48.38.905
[Manufacturer]
%Insecure%=Insecure,NTx86,NTia64,NTamd64
[Insecure.NTx86]
%NPF_Desc_Standard%=FilterStandard, INSECURE_NPCAP
%NPF_Desc_WiFi%=FilterWiFi, INSECURE_NPCAP_WIFI
[Insecure.NTia64]
%NPF_Desc_Standard%=FilterStandard, INSECURE_NPCAP
%NPF_Desc_WiFi%=FilterWiFi, INSECURE_NPCAP_WIFI
[Insecure.NTamd64]
%NPF_Desc_Standard%=FilterStandard, INSECURE_NPCAP
%NPF_Desc_WiFi%=FilterWiFi, INSECURE_NPCAP_WIFI
;-------------------------------------------------------------------------
; Installation Section
;-------------------------------------------------------------------------
[FilterStandard]
NetCfgInstanceId="{7daf2ac8-e9f6-4765-a842-f1f5d2501341}"
Copyfiles = npf.copyfiles.sys
Characteristics=0x40000
AddReg=FilterStandard.reg
[FilterWiFi]
NetCfgInstanceId="{7daf2ac8-e9f6-4765-a842-f1f5d2501351}"
Characteristics=0x40000
AddReg=FilterWiFi.reg
[SourceDisksNames]
1=%NPF_Desc_Standard%,"",,
[SourceDisksFiles]
npcap.sys=1
[DestinationDirs]
DefaultDestDir=12
npf.copyfiles.sys=12
[npf.copyfiles.sys]
%NPF_DriverName%.sys,,,2
;-------------------------------------------------------------------------
; Ndi installation support for the standard filter
;-------------------------------------------------------------------------
[FilterStandard.reg]
HKR, Ndi,Service,,%NPF_Filter_Name_Standard%
HKR, Ndi,CoServices,0x00010000,%NPF_Filter_Name_Standard%
HKR, Ndi,HelpText,,%NPF_HelpText%
HKR, Ndi,FilterClass,, compression
; For a Monitoring filter, use this:
; HKR, Ndi,FilterType,0x00010001, 1 ; Monitoring filter
; For a Modifying filter, use this:
; HKR, Ndi,FilterType,0x00010001, 2 ; Modifying filter
HKR, Ndi,FilterType,0x00010001,2
HKR, Ndi\Interfaces,UpperRange, , noupper
HKR, Ndi\Interfaces,LowerRange, , "ndis5,ndis4"
; TODO: Ensure that the list of media types below is correct. Typically,
; filters include "ethernet". Filters may also include "ppip" to include
; native WWAN stacks, but you must be prepared to handle the packet framing.
; Possible values are listed on MSDN, but common values include:
; ethernet, wan, ppip, wlan
HKR, Ndi\Interfaces, FilterMediaTypes,,"ethernet, fddi, wan, ppip, wlan, bluetooth, ndis5, vwifi, flpp4, flpp6, vchannel, nolower"
; For a Mandatory filter, use this:
; HKR, Ndi,FilterRunType,0x00010001, 1 ; Mandatory filter
; For an Optional filter, use this:
; HKR, Ndi,FilterRunType,0x00010001, 2 ; Optional filter
HKR, Ndi,FilterRunType,0x00010001, 2 ; Optional filter
; By default, Mandatory filters unbind all protocols when they are
; installed/uninstalled, while Optional filters merely pause the stack. If you
; would like to override this behavior, you can include these options. These
; options only take effect with 6.30 filters on Windows "8" or later.
; To prevent a full unbind, and merely pause/restart protocols:
; HKR, Ndi,UnbindOnAttach,0x00010001, 0 ; Do not unbind during FilterAttach
; HKR, Ndi,UnbindOnDetach,0x00010001, 0 ; Do not unbind during FilterDetach
; To force a full unbind/bind (which includes pause/restart, of course):
; HKR, Ndi,UnbindOnAttach,0x00010001, 1 ; Unbind during FilterAttach
; HKR, Ndi,UnbindOnDetach,0x00010001, 1 ; Unbind during FilterDetach
;
;-------------------------------------------------------------------------
; Ndi installation support for the WiFi filter
;-------------------------------------------------------------------------
[FilterWiFi.reg]
HKR, Ndi,Service,,%NPF_Filter_Name_WiFi%
HKR, Ndi,CoServices,0x00010000,%NPF_Filter_Name_WiFi%
HKR, Ndi,HelpText,,%NPF_HelpText%
HKR, Ndi,FilterClass,, ms_medium_converter_128
; For a Monitoring filter, use this:
; HKR, Ndi,FilterType,0x00010001, 1 ; Monitoring filter
; For a Modifying filter, use this:
; HKR, Ndi,FilterType,0x00010001, 2 ; Modifying filter
HKR, Ndi,FilterType,0x00010001,2
HKR, Ndi\Interfaces,UpperRange, , noupper
HKR, Ndi\Interfaces,LowerRange, , "ndis5,ndis4"
; TODO: Ensure that the list of media types below is correct. Typically,
; filters include "ethernet". Filters may also include "ppip" to include
; native WWAN stacks, but you must be prepared to handle the packet framing.
; Possible values are listed on MSDN, but common values include:
; ethernet, wan, ppip, wlan
HKR, Ndi\Interfaces, FilterMediaTypes,,"ethernet, fddi, wan, ppip, wlan, bluetooth, ndis5, vwifi, flpp4, flpp6, vchannel, nolower"
; For a Mandatory filter, use this:
; HKR, Ndi,FilterRunType,0x00010001, 1 ; Mandatory filter
; For an Optional filter, use this:
; HKR, Ndi,FilterRunType,0x00010001, 2 ; Optional filter
HKR, Ndi,FilterRunType,0x00010001, 2 ; Optional filter
; By default, Mandatory filters unbind all protocols when they are
; installed/uninstalled, while Optional filters merely pause the stack. If you
; would like to override this behavior, you can include these options. These
; options only take effect with 6.30 filters on Windows "8" or later.
; To prevent a full unbind, and merely pause/restart protocols:
; HKR, Ndi,UnbindOnAttach,0x00010001, 0 ; Do not unbind during FilterAttach
; HKR, Ndi,UnbindOnDetach,0x00010001, 0 ; Do not unbind during FilterDetach
; To force a full unbind/bind (which includes pause/restart, of course):
; HKR, Ndi,UnbindOnAttach,0x00010001, 1 ; Unbind during FilterAttach
; HKR, Ndi,UnbindOnDetach,0x00010001, 1 ; Unbind during FilterDetach
;
;-------------------------------------------------------------------------
; Service installation support
;-------------------------------------------------------------------------
[FilterStandard.Services]
AddService=%NPF_Filter_Name_Standard%,,FilterStandard.svc
[FilterWiFi.Services]
AddService=%NPF_Filter_Name_WiFi%,,FilterWiFi.svc
[FilterStandard.svc]
DisplayName = %NPF_Desc_Standard%
ServiceType = 1 ;SERVICE_KERNEL_DRIVER
StartType = 3 ;SERVICE_DEMAND_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary = %12%\%NPF_DriverName%.sys
LoadOrderGroup = NDIS
Description = %NPF_Desc_Standard%
AddReg = Common.Params.reg, NdisImPlatformBindingOptions.reg
[FilterWiFi.svc]
DisplayName = %NPF_Desc_WiFi%
ServiceType = 1 ;SERVICE_KERNEL_DRIVER
StartType = 3 ;SERVICE_DEMAND_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary = %12%\%NPF_DriverName%.sys
LoadOrderGroup = NDIS
Description = %NPF_Desc_WiFi%
AddReg = Common.Params.reg, NdisImPlatformBindingOptions.reg
[FilterStandard.Remove.Services]
DelService=%NPF_Filter_Name_Standard%,0x200 ; SPSVCINST_STOPSERVICE
[FilterWiFi.Remove.Services]
DelService=%NPF_Filter_Name_WiFi%,0x200 ; SPSVCINST_STOPSERVICE
[Common.Params.reg]
[NdisImPlatformBindingOptions.reg]
HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,0 ; Subscribe to default behavior
[Strings]
NPF_DriverName = "npcap"
NPF_Filter_Name_Standard = "npcap"
NPF_Filter_Name_WiFi = "npcap_wifi"
Insecure = "Nmap Project"
NPF_Desc_Standard = "Npcap Packet Driver (NPCAP)"
NPF_Desc_WiFi = "Npcap Packet Driver (NPCAP) (Wi-Fi)"
NPF_HelpText = "A NDIS 6 filter driver & WFP callout driver to support packet capturing and sending under Windows 7, 8 & 10"
And my installer code is changed to:
HRESULT HrInstallNetComponent(IN INetCfg* pnc, IN LPCTSTR lpszComponentId, IN const GUID* pguidClass, IN LPCTSTR lpszInfFullPath)
{
DWORD dwError;
HRESULT hr = S_OK;
TCHAR szDrive[_MAX_DRIVE];
TCHAR szDir[_MAX_DIR];
TCHAR szDirWithDrive[_MAX_DRIVE + _MAX_DIR];
//
// If full path to INF has been specified, the INF
// needs to be copied using Setup API to ensure that any other files
// that the primary INF copies will be correctly found by Setup API
//
if (lpszInfFullPath)
{
//
// Get the path where the INF file is.
//
_tsplitpath(lpszInfFullPath, szDrive, szDir, NULL, NULL);
_tcscpy(szDirWithDrive, szDrive);
_tcscat(szDirWithDrive, szDir);
//
// Copy the Service INF file to the \Windows\Inf Folder
//
if (!SetupCopyOEMInfW(lpszInfFullPath, szDirWithDrive, // Other files are in the
// same dir. as primary INF
SPOST_PATH, // First param is path to INF
0, // Default copy style
NULL, // Name of the INF after
// it's copied to %windir%\inf
0, // Max buf. size for the above
NULL, // Required size if non-null
NULL) // Optionally get the filename
// part of Inf name after it is copied.
)
{
dwError = GetLastError();
hr = HRESULT_FROM_WIN32(dwError);
}
}
if (S_OK == hr)
{
//
// Install the network component.
//
hr = HrInstallComponent(pnc, NDISLWF_SERVICE_PNP_DEVICE_ID, pguidClass);
if (hr == S_OK)
{
hr = HrInstallComponent(pnc, NDISLWF_SERVICE_PNP_DEVICE_ID_WIFI, pguidClass);
if (hr == S_OK)
{
//
// On success, apply the changes
//
hr = pnc->Apply();
}
}
}
return hr;
}
And the result is the second service npcap_wifi ends up with system error 2:
C:\Program Files\Npcap>sc query npcap
SERVICE_NAME: npcap
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Program Files\Npcap>sc query npcap_wifi
[SC] EnumQueryServicesStatus:OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Program Files\Npcap>sc query npcap
SERVICE_NAME: npcap
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Program Files\Npcap>sc query npcap_wifi
SERVICE_NAME: npcap_wifi
TYPE : 1 KERNEL_DRIVER
STATE : 1 STOPPED
WIN32_EXIT_CODE : 2 (0x2)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Program Files\Npcap>net start npcap
The requested service has already been started.
More help is available by typing NET HELPMSG 2182.
C:\Program Files\Npcap>net start npcap_wifi
System error 2 has occurred.
The system cannot find the file specified.
C:\Program Files\Npcap>
Does this look right? The question is I still don't get the DriverEntry call for the 2nd LWF in DbgView? So how the 2nd LWF work then?
UPDATE:
I guess this is what I should do next? I called NdisFRegisterFilterDriver twice in my DriverEntry to register 2 LWFs. The 2 FChars structures only differ in FriendlyName, UniqueName, ServiceName. But the 2nd NdisFRegisterFilterDriver always fails with NDIS_STATUS_FAILURE (0xc0000001). I don't know why.
Here's my code:
//
// Packet Driver's entry routine.
//
_Use_decl_annotations_
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
NDIS_FILTER_DRIVER_CHARACTERISTICS FChars;
NDIS_FILTER_DRIVER_CHARACTERISTICS FChars_WiFi;
NTSTATUS Status = STATUS_SUCCESS;
// Use NonPaged Pool instead of No-Execute (NX) Nonpaged Pool for Win8 and later, this is for security purpose.
ExInitializeDriverRuntime(DrvRtPoolNxOptIn);
WCHAR* bindT;
PKEY_VALUE_PARTIAL_INFORMATION tcpBindingsP;
UNICODE_STRING macName;
ULONG OsMajorVersion, OsMinorVersion;
NDISGROUPMAXPROCESSORCOUNT MyNdisGroupMaxProcessorCount;
NDIS_STRING GroupMaxProcessorCount;
UNREFERENCED_PARAMETER(RegistryPath);
TRACE_ENTER();
FilterDriverObject = DriverObject;
PsGetVersion(&OsMajorVersion, &OsMinorVersion, NULL, NULL);
TRACE_MESSAGE2(PACKET_DEBUG_LOUD, "OS Version: %d.%d\n", OsMajorVersion, OsMinorVersion);
// RegistryPath = "\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\npcap" for standard driver
// RegistryPath = "\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\npcap_wifi" for WiFi driver
g_Dot11SupportMode = 0;
for (USHORT i = 0; i < RegistryPath->Length / 2; i ++)
{
if (RegistryPath->Buffer[i] == L'_')
{
g_Dot11SupportMode = 1;
break;
}
}
TRACE_MESSAGE1(PACKET_DEBUG_LOUD, "g_Dot11SupportMode (based on RegistryPath) = %d\n", g_Dot11SupportMode);
if (g_Dot11SupportMode)
NdisInitUnicodeString(&g_NPF_Prefix, g_NPF_PrefixBuffer_Wifi);
else
NdisInitUnicodeString(&g_NPF_Prefix, g_NPF_PrefixBuffer);
//
// Get number of CPUs and save it
//
RtlInitUnicodeString(&GroupMaxProcessorCount, L"NdisGroupMaxProcessorCount");
MyNdisGroupMaxProcessorCount = (NDISGROUPMAXPROCESSORCOUNT) NdisGetRoutineAddress(&GroupMaxProcessorCount);
if (MyNdisGroupMaxProcessorCount) // for NDIS620 and later (Win7 and later).
{
g_NCpu = MyNdisGroupMaxProcessorCount(ALL_PROCESSOR_GROUPS);
TRACE_MESSAGE2(PACKET_DEBUG_LOUD, "g_NCpu (NdisGroupMaxProcessorCount): %d, NPF_MAX_CPU_NUMBER: %d\n", g_NCpu, NPF_MAX_CPU_NUMBER);
if (g_NCpu > NPF_MAX_CPU_NUMBER)
{
g_NCpu = NPF_MAX_CPU_NUMBER;
}
}
else // for NDIS6 (Vista)
{
g_NCpu = NdisSystemProcessorCount();
}
//
// Register as a service with NDIS
//
NPF_registerLWF(&FChars, FALSE);
NPF_registerLWF(&FChars_WiFi, TRUE);
DriverObject->DriverUnload = NPF_Unload;
//
// Standard device driver entry points stuff.
//
DriverObject->MajorFunction[IRP_MJ_CREATE] = NPF_OpenAdapter;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = NPF_CloseAdapter;
DriverObject->MajorFunction[IRP_MJ_CLEANUP] = NPF_Cleanup;
DriverObject->MajorFunction[IRP_MJ_READ] = NPF_Read;
DriverObject->MajorFunction[IRP_MJ_WRITE] = NPF_Write;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = NPF_IoControl;
bindP = getAdaptersList();
if (bindP == NULL)
{
TRACE_MESSAGE(PACKET_DEBUG_LOUD, "Adapters not found in the registry, try to copy the bindings of TCP-IP.");
tcpBindingsP = getTcpBindings();
if (tcpBindingsP == NULL)
{
TRACE_MESSAGE(PACKET_DEBUG_LOUD, "TCP-IP not found, quitting.");
goto RegistryError;
}
bindP = (WCHAR *)tcpBindingsP;
bindT = (WCHAR *)(tcpBindingsP->Data);
}
else
{
bindT = bindP;
}
for (; *bindT != UNICODE_NULL; bindT += (macName.Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR))
{
RtlInitUnicodeString(&macName, bindT);
NPF_CreateDevice(DriverObject, &macName);
}
// Register the filter to NDIS.
Status = NdisFRegisterFilterDriver(DriverObject,
(NDIS_HANDLE) FilterDriverObject,
&FChars,
&FilterDriverHandle);
if (Status != NDIS_STATUS_SUCCESS)
{
TRACE_MESSAGE1(PACKET_DEBUG_LOUD, "NdisFRegisterFilterDriver: failed to register filter with NDIS, Status = %x", Status);
TRACE_EXIT();
return Status;
}
else
{
TRACE_MESSAGE2(PACKET_DEBUG_LOUD, "NdisFRegisterFilterDriver: succeed to register filter with NDIS, Status = %x, FilterDriverHandle = %x", Status, FilterDriverHandle);
}
// Register the WiFi filter to NDIS.
Status = NdisFRegisterFilterDriver(DriverObject,
(NDIS_HANDLE)FilterDriverObject,
&FChars_WiFi,
&FilterDriverHandle_WiFi);
if (Status != NDIS_STATUS_SUCCESS)
{
TRACE_MESSAGE1(PACKET_DEBUG_LOUD, "NdisFRegisterFilterDriver: failed to register filter (WiFi) with NDIS, Status = %x", Status);
TRACE_EXIT();
return Status;
}
else
{
TRACE_MESSAGE2(PACKET_DEBUG_LOUD, "NdisFRegisterFilterDriver: succeed to register filter (WiFi) with NDIS, Status = %x, FilterDriverHandle_WiFi = %x", Status, FilterDriverHandle_WiFi);
}
#ifdef HAVE_WFP_LOOPBACK_SUPPORT
// Use Winsock Kernel (WSK) to send loopback packets.
Status = NPF_WSKStartup();
if (!NT_SUCCESS(Status))
{
TRACE_EXIT();
return Status;
}
Status = NPF_WSKInitSockets();
if (!NT_SUCCESS(Status))
{
TRACE_EXIT();
return Status;
}
#endif
NdisAllocateSpinLock(&g_OpenArrayLock);
TRACE_EXIT();
return STATUS_SUCCESS;
RegistryError:
Status = STATUS_UNSUCCESSFUL;
TRACE_EXIT();
return(Status);
}
//-------------------------------------------------------------------
VOID
NPF_registerLWF(
PNDIS_FILTER_DRIVER_CHARACTERISTICS pFChars,
BOOLEAN bWiFiOrNot
)
{
NDIS_STRING FriendlyName = RTL_CONSTANT_STRING(NPF_SERVICE_DESC_WIDECHAR); // display name
NDIS_STRING UniqueName = RTL_CONSTANT_STRING(FILTER_UNIQUE_NAME); // unique name, quid name
NDIS_STRING ServiceName = RTL_CONSTANT_STRING(NPF_DRIVER_NAME_SMALL_WIDECHAR); // this to match the service name in the INF
NDIS_STRING FriendlyName_WiFi = RTL_CONSTANT_STRING(NPF_SERVICE_DESC_WIDECHAR_WIFI); // display name
NDIS_STRING UniqueName_WiFi = RTL_CONSTANT_STRING(FILTER_UNIQUE_NAME_WIFI); // unique name, quid name
NDIS_STRING ServiceName_WiFi = RTL_CONSTANT_STRING(NPF_DRIVER_NAME_SMALL_WIDECHAR_WIFI); // this to match the service name in the INF
NdisZeroMemory(pFChars, sizeof(NDIS_FILTER_DRIVER_CHARACTERISTICS));
pFChars->Header.Type = NDIS_OBJECT_TYPE_FILTER_DRIVER_CHARACTERISTICS;
pFChars->Header.Size = sizeof(NDIS_FILTER_DRIVER_CHARACTERISTICS);
#if NDIS_SUPPORT_NDIS61
pFChars->Header.Revision = NDIS_FILTER_CHARACTERISTICS_REVISION_2;
#else
pFChars->Header.Revision = NDIS_FILTER_CHARACTERISTICS_REVISION_1;
#endif
pFChars->MajorNdisVersion = NDIS_FILTER_MAJOR_VERSION; // NDIS version is 6.2 (Windows 7)
pFChars->MinorNdisVersion = NDIS_FILTER_MINOR_VERSION;
pFChars->MajorDriverVersion = 1; // Driver version is 1.0
pFChars->MinorDriverVersion = 0;
pFChars->Flags = 0;
// Use different names for the WiFi driver.
if (bWiFiOrNot)
{
pFChars->FriendlyName = FriendlyName_WiFi;
pFChars->UniqueName = UniqueName_WiFi;
pFChars->ServiceName = ServiceName;
// pFChars->ServiceName = ServiceName_WiFi;
}
else
{
pFChars->FriendlyName = FriendlyName;
pFChars->UniqueName = UniqueName;
pFChars->ServiceName = ServiceName;
}
pFChars->SetOptionsHandler = NPF_RegisterOptions;
pFChars->AttachHandler = NPF_AttachAdapter;
pFChars->DetachHandler = NPF_DetachAdapter;
pFChars->RestartHandler = NPF_Restart;
pFChars->PauseHandler = NPF_Pause;
pFChars->SetFilterModuleOptionsHandler = NPF_SetModuleOptions;
pFChars->OidRequestHandler = NPF_OidRequest;
pFChars->OidRequestCompleteHandler = NPF_OidRequestComplete;
pFChars->CancelOidRequestHandler = NPF_CancelOidRequest;
pFChars->SendNetBufferListsHandler = NPF_SendEx;
pFChars->ReturnNetBufferListsHandler = NPF_ReturnEx;
pFChars->SendNetBufferListsCompleteHandler = NPF_SendCompleteEx;
pFChars->ReceiveNetBufferListsHandler = NPF_TapEx;
pFChars->DevicePnPEventNotifyHandler = NPF_DevicePnPEventNotify;
pFChars->NetPnPEventHandler = NPF_NetPnPEvent;
pFChars->StatusHandler = NPF_Status;
pFChars->CancelSendNetBufferListsHandler = NPF_CancelSendNetBufferLists;
}
For the 2nd LWF, I used the 1st LWF's ServiceName (npcap), or used its own npcap_wifi, neither works.
The entire source code is here: https://github.com/nmap/npcap/commit/1cac59271a9772ebbfff0db9c8a051b6553c25a2
UPDATE:
I analyzed the WPP trace, it shows:
[1]0004.015C::08/28/2016-20:26:58.498 [mp]==>NdisFRegisterFilterDriver: DriverObject FFFF8A85572FD6D0, Npcap Packet Driver (NPCAP)
[1]0004.015C::08/28/2016-20:26:58.498 [mp]==>ndisCreateFilterDriverRegistry, FilterServiceName FFFFCB01F6F617D0
[1]0004.015C::08/28/2016-20:26:58.498 [mp]Reading DefaultFilterSettings from registry - Status 0xc0000034(STATUS_OBJECT_NAME_NOT_FOUND), Validation = 0
[1]0004.015C::08/28/2016-20:26:58.498 [mp]==>ndisSetAllFilterDefaultParameters, FilterServiceName FFFFCB01F6F617D0 FilterRegistryPath FFFFCB01F6F61610 FilterParams FFFFF80DD6A88598
[1]0004.015C::08/28/2016-20:26:58.498 [mp]<==ndisSetAllFilterDefaultParameters, FilterServiceName FFFFCB01F6F617D0 FilterRegistryPath FFFFCB01F6F61610 FilterParams FFFFF80DD6A88598 Status 0
[1]0004.015C::08/28/2016-20:26:58.498 [mp]<==ndisCreateFilterDriverRegistry, FilterServiceName FFFFCB01F6F617D0 Status 0
[1]0004.015C::08/28/2016-20:26:58.498 [mp]>Begin filter driver's SetOptionsHandler. FilterDriver=FFFF8A85532E6010
[1]0004.015C::08/28/2016-20:26:58.498 [mp]<End filter driver's SetOptionsHandler. FilterDriver=FFFF8A85532E6010, Status=0x00000000
[1]0004.015C::08/28/2016-20:26:58.498 [km]Begin PNP operations on miniport FFFF8A85538DC1A0
[0]0004.015C::08/28/2016-20:26:58.498 [km]End PNP operations on miniport FFFF8A85538DC1A0
[0]0004.015C::08/28/2016-20:26:58.499 [mp]<==NdisFRegisterFilterDriver, Status 0
[0]0004.015C::08/28/2016-20:26:58.499 [mp]==>NdisFRegisterFilterDriver: DriverObject FFFF8A85572FD6D0, Npcap Packet Driver (NPCAP) (WiFi version)
[0]0004.015C::08/28/2016-20:26:58.499 [mp]==>ndisCreateFilterDriverRegistry, FilterServiceName FFFFCB01F6F618B0
[0]0004.015C::08/28/2016-20:26:58.499 [mp]Reading DefaultFilterSettings from registry - Status STATUS_SUCCESS, Validation = 0
[0]0004.015C::08/28/2016-20:26:58.499 [mp]<==ndisCreateFilterDriverRegistry, FilterServiceName FFFFCB01F6F618B0 Status 0
[0]0004.015C::08/28/2016-20:26:58.499 [mp]NdisFRegisterFilterDriver: Cannot find filter 7daf2ac8-e9f6-4765-a842-f1f5d2501351 in the registry. Did INetCfg install this filter successfully?
[0]0004.015C::08/28/2016-20:26:58.499 [mp]<==NdisFRegisterFilterDriver, Status c0000001
So it seems that NDIS didn't find the 2nd filter's registry 7daf2ac8-e9f6-4765-a842-f1f5d2501351. But I checked it in regedit. It has that key:
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501341}]
"InstallTimeStamp"=hex:e0,07,08,00,00,00,1c,00,0c,00,1a,00,39,00,88,03
"Characteristics"=dword:00040000
"ComponentId"="INSECURE_NPCAP"
"Description"="#oem11.inf,%npf_desc_standard%;Npcap Packet Driver (NPCAP)"
"InfPath"="oem11.inf"
"InfSection"="FilterStandard"
"LocDescription"="#oem11.inf,%npf_desc_standard%;Npcap Packet Driver (NPCAP)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501341}\Ndi]
"TimeStamp"=hex:e0,07,08,00,00,00,1c,00,0c,00,1a,00,39,00,88,03
"HelpText"="A NDIS 6 filter driver & WFP callout driver to support packet capturing and sending under Windows 7, 8 & 10"
"Service"="npcap"
"CoServices"=hex(7):6e,00,70,00,63,00,61,00,70,00,00,00,00,00
"FilterClass"="compression"
"FilterType"=dword:00000002
"FilterRunType"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501341}\Ndi\Interfaces]
"LowerRange"="ndis5,ndis4"
"UpperRange"="noupper"
"FilterMediaTypes"="ethernet, fddi, wan, ppip, wlan, bluetooth, ndis5, vwifi, flpp4, flpp6, vchannel, nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501351}]
"InstallTimeStamp"=hex:e0,07,08,00,00,00,1c,00,0c,00,1a,00,3a,00,7e,02
"Characteristics"=dword:00040000
"ComponentId"="INSECURE_NPCAP_WIFI"
"Description"="#oem11.inf,%npf_desc_wifi%;Npcap Packet Driver (NPCAP) (Wi-Fi)"
"InfPath"="oem11.inf"
"InfSection"="FilterWiFi"
"LocDescription"="#oem11.inf,%npf_desc_wifi%;Npcap Packet Driver (NPCAP) (Wi-Fi)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501351}\Ndi]
"TimeStamp"=hex:e0,07,08,00,00,00,1c,00,0c,00,1a,00,3a,00,7e,02
"HelpText"="A NDIS 6 filter driver & WFP callout driver to support packet capturing and sending under Windows 7, 8 & 10"
"Service"="npcap_wifi"
"CoServices"=hex(7):6e,00,70,00,63,00,61,00,70,00,5f,00,77,00,69,00,66,00,69,\
00,00,00,00,00
"FilterClass"="ms_medium_converter_128"
"FilterType"=dword:00000002
"FilterRunType"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501351}\Ndi\Interfaces]
"LowerRange"="ndis5,ndis4"
"UpperRange"="noupper"
"FilterMediaTypes"="ethernet, fddi, wan, ppip, wlan, bluetooth, ndis5, vwifi, flpp4, flpp6, vchannel, nolower"
So I don't know why NDIS reports NdisFRegisterFilterDriver: Cannot find filter 7daf2ac8-e9f6-4765-a842-f1f5d2501351 in the registry. Did INetCfg install this filter successfully??

A binary image (.sys file) can only be loaded by the system once at a time. You cannot load the same image simultaneously for two different services. (Nor can you load it once for a service, and once for a PNP driver.) That means you will always see DriverEntry, DriverUnload, DriverEntry, DriverUnload, .... You will never see DriverEntry, DriverEntry, DriverUnload, DriverUnload.
Using a fake service
Each NDIS LWF or protocol driver needs a service, to hold some registry keys. But here's the first trick: the service doesn't have to be running! You can create a dummy service record for an LWF, then have some other service actually use the LWF. NDIS doesn't validate the ServiceName you pass to NdisFRegisterFilterDriver. (And yes, it's okay to rely on this trick. I speak with the authority of the owner of NDIS at Microsoft.)
There is are built-in drivers that do exactly this. Look at TCPIP and TCPIP6. These are two different services, and also two different protocol drivers, but only one image (tcpip.sys). The TCPIP service is the real service — it will actually be started at boot. The TCPIP6 service is fake — it's marked to never start, and if you try to manually start it, it won't work.
(Aside: don't use WFPLWFS as an example. Although it also has 3 filter drivers sharing 1 binary, it does something different that would result in a few problems if you tried to do it. Also, starting with Windows 10, the INFs used by TCPIP and TCPIP6 are kind of fake, so you shouldn't assume that they're good examples of how to do this trick.)
You can optionally register all this with 1 INF or 2 INFs; it doesn't make much difference to the OS. Let's say 1 INF, just to keep the example shorter.
So what you need are:
LWF named FilterA
LWF named FilterB
Service named ServiceA
Service named ServiceB
Driver image named Driver.sys
INF named Driver.inf
Let's say that ServiceA is the real service and ServiceB is the fake service.
Driver.inf would have:
[Manufacturer]
Contoso=Models,NTamd64
[Models.NTamd64]
"Cool Filter A"=FilterA, my_filter_a
"Awesome Filter B"=FilterB, my_filter_b
[FilterA]
NetCfgInstanceId="{guid-aaaa-guid}"
CopyFiles=copy.driver.sys
Characteristics=0x40000
AddReg=FilterA.reg
[FilterB]
NetCfgInstanceId="{guid-bbbb-guid}"
Characteristics=0x40000
AddReg=FilterB.reg
[FilterA.reg]
HKR,Ndi,Service,,"ServiceA"
HKR,etc,etc,etc
[FilterB.reg]
HKR,Ndi,Service,,"ServiceB"
HKR,etc,etc,etc
[FilterA.Services]
AddService=ServiceA,,FilterA.svc
[FilterB.Services]
AddService=ServiceB,,FilterB.svc
[FilterA.svc]
StartType = Demand
ServiceBinary = Driver.sys
[FilterB.svc]
StartType = Demand
ServiceBinary = Driver.sys
[copy.driver.sys]
driver.sys,,,2
Note that you register 2 LWFs, create 2 services, and copy 1 image.
You install that with 1 call to SetupCopyOEMInf and 2 calls to INetCfgClassSetup::Install, for each of my_filter_a and my_filter_b.
To start the driver, only start 1 service, ServiceA. Never start the other dummy service.
But what if you don't want both filters running at the same time? Easy — don't call NdisFRegisterFilterDriver until you want the LWF to actually be started. You can always register/deregister your filter driver from an ioctl handler. So your DriverEntry would be fairly empty — just create a device object to listen for ioctls.
Using an export driver
A different option is to create 2 services that each have their own driver image. But the driver image would be a thin wrapper around a call to a single shared export driver (like a DLL). You can put all your real work in that shared export driver.
ServiceA ServiceB
| |
| |
DriverA.sys DriverB.sys
\ /
\ /
TheRealDriver.sys
This keeps it simple, although it does wind up with a pile of extra drivers.

Juli tomcat 7 logging.properties

I have a jar that contains a CustomLoginModule to perform JAAS Autherization. This jar is located in ${CATALINA_BASE}/lib . I have an org.apache.juli.logging.Log object that performs logging in the module on different levels. I would like to have a log file e.g. jaas.log where the module's logs be written instead of having them in the Catalina.out or catalina.log. Here's my logging.properties file, with this configuration I am able to create the jaas.log but it stays empty and all log goes to Catalina.out and catalina.log can anybody help with this? Thank you very much.
logging.properties file:
handlers = 1catalina.org.apache.juli.FileHandler,
2localhost.org.apache.juli.FileHandler,
3manager.org.apache.juli.FileHandler, 4host-
manager.org.apache.juli.FileHandler, 5jaasauth.org.apache.juli.FileHandler
#, java.util.logging.ConsoleHandler
.handlers = 1catalina.org.apache.juli.FileHandler,
5jaasauth.org.apache.juli.FileHandler
#.handlers = 1catalina.org.apache.juli.FileHandler,
java.util.logging.ConsoleHandler, 5jaasauth.org.apache.juli.FileHandler
############################################################
# Handler specific properties.
# Describes specific configuration info for Handlers.
############################################################
1catalina.org.apache.juli.FileHandler.level = FINE
1catalina.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
1catalina.org.apache.juli.FileHandler.prefix = catalina.
2localhost.org.apache.juli.FileHandler.level = FINE
2localhost.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
2localhost.org.apache.juli.FileHandler.prefix = localhost.
3manager.org.apache.juli.FileHandler.level = FINE
3manager.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
3manager.org.apache.juli.FileHandler.prefix = manager.
4host-manager.org.apache.juli.FileHandler.level = FINE
4host-manager.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
4host-manager.org.apache.juli.FileHandler.prefix = host-manager.
5jaasauth.org.apache.juli.FileHandler.level = ALL
5jaasauth.org.apache.juli.FileHandler.directory = ${catalina.base}/logs
5jaasauth.org.apache.juli.FileHandler.prefix =jaas-auth.
############################################################
# Facility specific properties.
# Provides extra control for each logger.
############################################################
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].handlers =
2localhost.org.apache.juli.FileHandler
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].
[/manager].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].
[/manager].handlers = 3manager.org.apache.juli.FileHandler
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-mana
ger].level = INFO
org.apache.catalina.core.ContainerBase.[Catalina].[localhost].[/host-
manager].handlers = 4host-manager.org.apache.juli.FileHandler
com.mymodule.apps.orchestration.CustomLdapLoginModule.level = ALL
com.mymodule.apps.CustomLdapLoginModule.handlers =
5jaasauth.org.apache.juli.FileHandler

Python 3, extract info from file problems

And again, asking for help. But, before I start, here will be a lot of text, so please sorry for that.
I have about 500~ IP addresses with devices 2x categories in .xlsx book
I want:
telnet to device. Check device (by authentication prompt) type 1 or type 2.
If device is type 1 - get it firmware version in 2x partitions
write in excel file:
column 1 - IP address
column 2 - device type
column 3 - firmware version
column 4 - firmware version in reserve partition.
If type 2 - write in excel file:
column 1 - IP address
column 2 - device type
If device is down, or device type 3(unknown) - write in excel file:
column 1 - IP address
column 2 - result (EOF, TIMEOUT)
What I have done: I'm able to telnet to device, check device type, write in excel with 2 columns (in 1 column IP addresses, in 2 column is device type, or EOF/TIMEOUT results)
And, I'm writing full logs from session to files in format IP_ADDRESS.txt to future diagnosis.
What I can't understand to do? I can't understand how to get firmware version, and put it on 3,4 columns.
I can't understand how to work with current log session in real time, so I've decided to copy logs from main file (IP_ADDRESS.txt) to temp.txt to work with it.
I can't understand how to extract information I needed.
The file output example:
Trying 10.40.81.167...
Connected to 10.40.81.167.
Escape character is '^]'.
####################################
# #
# RADIUS authorization disabled #
# Enter local login/password #
# #
####################################
bt6000 login: admin
Password:
Please, fill controller information at first time (Ctrl+C to abort):
^C
Controller information filling canceled.
^Cadmin#bt6000# firmware info
Active boot partition: 1
Partition 0 (reserved):
Firmware: Energomera-2.3.1
Version: 10117
Partition 1 (active):
Firmware: Energomera-2.3.1_01.04.15c
Version: 10404M
Kernel version: 2.6.38.8 #2 Mon Mar 2 20:41:26 MSK 2015
STM32:
Version: bt6000 10083
Part Number: BT6024
Updated: 27.04.2015 16:43:50
admin#bt6000#
I need values - after "Energomera" words, like 2.3.1 for reserved partition, and 2.3.1_01.04.15c for active partition.
I've tried to work with string numbers and excract string, but there was not any kind of good result at all.
Full code of my script below.
import pexpect
import pxssh
import sys #hz module
import re #Parser module
import os #hz module
import getopt
import glob #hz module
import xlrd #Excel read module
import xlwt #Excel write module
import telnetlib #telnet module
import shutil
#open excel book
rb = xlrd.open_workbook('/samba/allaccess/Energomera_Eltek_list.xlsx')
#select work sheet
sheet = rb.sheet_by_name('IPs')
#rows number in sheet
num_rows = sheet.nrows
#cols number in sheet
num_cols = sheet.ncols
#creating massive with IP addresses inside
ip_addr_list = [sheet.row_values(rawnum)[0] for rawnum in range(sheet.nrows)]
#create excel workbook with write permissions (xlwt module)
wb = xlwt.Workbook()
#create sheet IP LIST with cell overwrite rights
ws = wb.add_sheet('IP LIST', cell_overwrite_ok=True)
#create counter
i = 0
#authorization details
port = "23" #telnet port
user = "admin" #telnet username
password = "12345" #telnet password
#firmware ask function
def fw_info():
print('asking for firmware')
px.sendline('firmware info')
px.expect('bt6000#')
#firmware update function
def fw_send():
print('sending firmware')
px.sendline('tftp server 172.27.2.21')
px.expect('bt6000')
px.sendline('firmware download tftp firmware.ext2')
px.expect('Updating')
px.sendline('y')
px.send(chr(13))
ws.write(i, 0, host)
ws.write(i, 1, 'Energomera')
#if eltek found - skip, write result in book
def eltek_found():
print(host, "is Eltek. Skipping")
ws.write(i, 0, host)
ws.write(i, 1, 'Eltek')
#if 23 port telnet conn. refused - skip, write result in book
def conn_refuse():
print(host, "connection refused")
ws.write(i, 0, host)
ws.write(i, 1, 'Connection refused')
#auth function
def auth():
print(host, "is up! Energomera found. Starting auth process")
px.sendline(user)
px.expect('assword')
px.sendline(password)
#start working with ip addresses in ip_addr_list massive
for host in ip_addr_list:
#spawn pexpect connection
px = pexpect.spawn('telnet ' + host)
px.timeout = 35
#create log file with in IP.txt format (10.1.1.1.txt, for example)
fout = open('/samba/allaccess/Energomera_Eltek/{0}.txt'.format(host),"wb")
#push pexpect logfile_read output to log file
px.logfile_read = fout
try:
index = px.expect (['bt6000', 'sername', 'refused'])
#if device tell us bt6000 - authorize
if index == 0:
auth()
index1 = px.expect(['#', 'lease'])
#if "#" - ask fw version immediatly
if index1 == 0:
print('seems to controller ID already set')
fw_info()
#if "Please" - press 2 times Ctrl+C, then ask fw version
elif index1 == 1:
print('trying control C controller ID')
px.send(chr(3))
px.send(chr(3))
px.expect('bt6000')
fw_info()
#firmware update start (temporarily off)
# fw_send()
#Eltek found - func start
elif index == 1:
eltek_found()
#Conn refused - func start
elif index == 2:
conn_refuse()
#print output to console (test purposes)
print(px.before)
px.send(chr(13))
#Copy from current log file to temp.txt for editing
shutil.copy2('/samba/allaccess/Energomera_Eltek/{0}.txt'.format(host), '/home/bark/expect/temp.txt')
#EOF result - skip host, write result to excel
except pexpect.EOF:
print(host, "EOF")
ws.write(i, 0, host)
ws.write(i, 1, 'EOF')
#print output to console (test purposes)
print(px.before)
#Timeout result - skip host, write result to excel
except pexpect.TIMEOUT:
print(host, "TIMEOUT")
ws.write(i, 0, host)
ws.write(i, 1, 'TIMEOUT')
#print output to console (test purposes)
print(px.before)
#Copy from current log file to temp.txt for editing
shutil.copy2('/samba/allaccess/Energomera_Eltek/{0}.txt'.format(host), '/home/bark/expect/temp.txt')
#count +1 to correct output for Excel
i += 1
#workbook save
wb.save('/samba/allaccess/Energomera_Eltek_result.xls')
Have you have any suggestions or ideas, guys, how I can do this?
Any help is greatly appreciated.

You can use regular expressions
example:
>>> import re
>>>
>>> str = """
... Trying 10.40.81.167...
...
... Connected to 10.40.81.167.
...
... Escape character is '^]'.
...
...
...
... ####################################
... # #
... # RADIUS authorization disabled #
... # Enter local login/password #
... # #
... ####################################
... bt6000 login: admin
... Password:
... Please, fill controller information at first time (Ctrl+C to abort):
... ^C
... Controller information filling canceled.
... ^Cadmin#bt6000# firmware info
... Active boot partition: 1
... Partition 0 (reserved):
... Firmware: Energomera-2.3.1
... Version: 10117
... Partition 1 (active):
... Firmware: Energomera-2.3.1_01.04.15c
... Version: 10404M
... Kernel version: 2.6.38.8 #2 Mon Mar 2 20:41:26 MSK 2015
... STM32:
... Version: bt6000 10083
... Part Number: BT6024
... Updated: 27.04.2015 16:43:50
... admin#bt6000#
... """
>>> re.findall(r"Firmware:.*?([0-9].*)\s", str)
['2.3.1', '2.3.1_01.04.15c']
>>> reserved_firmware = re.search(r"reserved.*\s*Firmware:.*?([0-9].*)\s", str).group(1)
>>> reserved_firmware
'2.3.1'
>>> active_firmware = re.search(r"active.*\s*Firmware:.*?([0-9].*)\s", str).group(1)
>>> active_firmware
'2.3.1_01.04.15c'
>>>

Why NdisFRegisterFilterDriver failed with NDIS_STATUS_FAILURE under Windows 8?

everyone. I am developing a NDIS 6 filter driver (LWF). the NdisFRegisterFilterDriver call in the DriverEntry routine failed with NDIS_STATUS_FAILURE. This only happens to Win8 x86, the driver can normally run under Win7 x86. It is so strange. I have seen this thread but no use:
Why does NdisFRegisterFilterDriver return NDIS_STATUS_FAILURE?
Here's my DriverEntry routine and the inf file.
_Use_decl_annotations_
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
NDIS_FILTER_DRIVER_CHARACTERISTICS FChars;
NTSTATUS Status = STATUS_SUCCESS;
// NDIS_STRING FriendlyName = NDIS_STRING_CONST("WinPcap NDIS LightWeight Filter");
// NDIS_STRING UniqueName = NDIS_STRING_CONST("{5cbf81bd-5055-47cd-9055-a76b2b4e2637}"); //unique name, quid name
// NDIS_STRING ServiceName = NDIS_STRING_CONST("npf6x"); //this to match the service name in the INF
NDIS_STRING FriendlyName = RTL_CONSTANT_STRING(L"WinPcap NDIS LightWeight Filter");
NDIS_STRING UniqueName = RTL_CONSTANT_STRING(L"{5cbf81bd-5055-47cd-9055-a76b2b4e2637}"); //unique name, quid name
NDIS_STRING ServiceName = RTL_CONSTANT_STRING(L"npf6x"); //this to match the service name in the INF
WCHAR* bindT;
PKEY_VALUE_PARTIAL_INFORMATION tcpBindingsP;
UNICODE_STRING macName;
ULONG OsMajorVersion, OsMinorVersion;
TRACE_ENTER();
UNREFERENCED_PARAMETER(RegistryPath);
FilterDriverObject = DriverObject;
//
// Get OS version and store it in a global variable.
//
// Note: both RtlGetVersion() and PsGetVersion() are documented to always return success.
//
// OsVersion.dwOSVersionInfoSize = sizeof(OsVersion);
// RtlGetVersion(&OsVersion);
//
PsGetVersion(&OsMajorVersion, &OsMinorVersion, NULL, NULL);
TRACE_MESSAGE2(PACKET_DEBUG_INIT, "OS Version: %d.%d\n", OsMajorVersion, OsMinorVersion);
NdisInitUnicodeString(&g_NPF_Prefix, g_NPF_PrefixBuffer);
//
// Get number of CPUs and save it
//
#ifdef NDIS620
g_NCpu = NdisGroupMaxProcessorCount(ALL_PROCESSOR_GROUPS);
#else
g_NCpu = NdisSystemProcessorCount();
#endif
//
// TODO: Most handlers are optional, however, this sample includes them
// all for illustrative purposes. If you do not need a particular
// handler, set it to NULL and NDIS will more efficiently pass the
// operation through on your behalf.
//
//
// Register as a service with NDIS
//
// NdisZeroMemory(&FChars, NDIS_SIZEOF_FILTER_DRIVER_CHARACTERISTICS_REVISION_1);
// FChars.Header.Type = NDIS_OBJECT_TYPE_FILTER_DRIVER_CHARACTERISTICS;
// FChars.Header.Size = NDIS_SIZEOF_FILTER_DRIVER_CHARACTERISTICS_REVISION_1;
// FChars.Header.Revision = NDIS_FILTER_CHARACTERISTICS_REVISION_1;
//
// Register as a service with NDIS
//
NdisZeroMemory(&FChars, sizeof(NDIS_FILTER_DRIVER_CHARACTERISTICS));
FChars.Header.Type = NDIS_OBJECT_TYPE_FILTER_DRIVER_CHARACTERISTICS;
FChars.Header.Size = sizeof(NDIS_FILTER_DRIVER_CHARACTERISTICS);
#if NDIS_SUPPORT_NDIS61
FChars.Header.Revision = NDIS_FILTER_CHARACTERISTICS_REVISION_2;
#else
FChars.Header.Revision = NDIS_FILTER_CHARACTERISTICS_REVISION_1;
#endif
FChars.MajorNdisVersion = NDIS_FILTER_MAJOR_VERSION;
FChars.MinorNdisVersion = NDIS_FILTER_MINOR_VERSION;
FChars.MajorDriverVersion = 1;
FChars.MinorDriverVersion = 0;
FChars.Flags = 0;
FChars.FriendlyName = FriendlyName;
FChars.UniqueName = UniqueName;
FChars.ServiceName = ServiceName;
FChars.SetOptionsHandler = NPF_RegisterOptions;
FChars.AttachHandler = NPF_Attach;
FChars.DetachHandler = NPF_Detach;
FChars.RestartHandler = NPF_Restart;
FChars.PauseHandler = NPF_Pause;
FChars.SetFilterModuleOptionsHandler = NPF_SetModuleOptions;
FChars.OidRequestHandler = NPF_OidRequest;
FChars.OidRequestCompleteHandler = NPF_OidRequestComplete;
FChars.CancelOidRequestHandler = NPF_CancelOidRequest;
FChars.SendNetBufferListsHandler = NPF_SendEx;
FChars.ReturnNetBufferListsHandler = NPF_ReturnEx;
FChars.SendNetBufferListsCompleteHandler = NPF_SendCompleteEx;
FChars.ReceiveNetBufferListsHandler = NPF_TapEx;
FChars.DevicePnPEventNotifyHandler = NPF_DevicePnPEventNotify;
FChars.NetPnPEventHandler = NPF_NetPnPEvent;
FChars.StatusHandler = NPF_Status;
FChars.CancelSendNetBufferListsHandler = NPF_CancelSendNetBufferLists;
DriverObject->DriverUnload = NPF_Unload;
//
// Initialize spin locks
//
//NdisAllocateSpinLock(&FilterListLock);
//InitializeListHead(&FilterModuleList);
//
// Standard device driver entry points stuff.
//
DriverObject->MajorFunction[IRP_MJ_CREATE] = NPF_OpenAdapter;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = NPF_CloseAdapter;
DriverObject->MajorFunction[IRP_MJ_CLEANUP] = NPF_Cleanup;
DriverObject->MajorFunction[IRP_MJ_READ] = NPF_Read;
DriverObject->MajorFunction[IRP_MJ_WRITE] = NPF_Write;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = NPF_IoControl;
bindP = getAdaptersList();
if (bindP == NULL)
{
TRACE_MESSAGE(PACKET_DEBUG_INIT, "Adapters not found in the registry, try to copy the bindings of TCP-IP.");
tcpBindingsP = getTcpBindings();
if (tcpBindingsP == NULL)
{
TRACE_MESSAGE(PACKET_DEBUG_INIT, "TCP-IP not found, quitting.");
goto RegistryError;
}
bindP = (WCHAR *)tcpBindingsP;
bindT = (WCHAR *)(tcpBindingsP->Data);
}
else
{
bindT = bindP;
}
for (; *bindT != UNICODE_NULL; bindT += (macName.Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR))
{
RtlInitUnicodeString(&macName, bindT);
NPF_CreateDevice(DriverObject, &macName);
}
Status = NdisFRegisterFilterDriver(DriverObject,
(NDIS_HANDLE) FilterDriverObject,
&FChars,
&FilterDriverHandle);
if (Status != NDIS_STATUS_SUCCESS)
{
TRACE_MESSAGE(PACKET_DEBUG_INIT, "Failed to register filter with NDIS.");
TRACE_EXIT();
return Status;
}
TRACE_EXIT();
return STATUS_SUCCESS;
RegistryError :
Status = STATUS_UNSUCCESSFUL;
TRACE_EXIT();
return(Status);
}
inf file:
;-------------------------------------------------------------------------
; NPF6X.INF -- NPF NDIS 6.x LightWeight Filter Driver
;
; Copyright (c) 2013, InSecure.Com, LLC. All rights reserved.
;------------------------------------------------------------------------
[version]
Signature = "$Windows NT$"
Class = NetService
ClassGUID = {4D36E974-E325-11CE-BFC1-08002BE10318}
CatalogFile = npf6x.cat
Provider = %Insecure%
DriverVer=08/18/2013,0.31.43.389
[Manufacturer]
%Insecure%=Insecure,NTx86,NTia64,NTamd64
[Insecure.NTx86]
%NPF6x_Desc%=Install, INSECURE_NPF6X
[Insecure.NTia64]
%NPF6x_Desc%=Install, INSECURE_NPF6X
[Insecure.NTamd64]
%NPF6x_Desc%=Install, INSECURE_NPF6X
;-------------------------------------------------------------------------
; Installation Section
;-------------------------------------------------------------------------
[Install]
AddReg=Inst_Ndi
Characteristics=0x40000
NetCfgInstanceId="{5cbf81bd-5055-47cd-9055-a76b2b4e2637}"
Copyfiles = npf6x.copyfiles.sys
[SourceDisksNames]
1=%NPF6x_Desc%,"",,
[SourceDisksFiles]
npf6x.sys=1
[DestinationDirs]
DefaultDestDir=12
npf6x.copyfiles.sys=12
[npf6x.copyfiles.sys]
npf6x.sys,,,2
;-------------------------------------------------------------------------
; Ndi installation support
;-------------------------------------------------------------------------
[Inst_Ndi]
HKR, Ndi,Service,,"npf6x"
HKR, Ndi,CoServices,0x00010000,"npf6x"
HKR, Ndi,HelpText,,%NPF6X_HelpText%
HKR, Ndi,FilterClass,, compression
; For a Monitoring filter, use this:
; HKR, Ndi,FilterType,0x00010001, 1 ; Monitoring filter
; For a Modifying filter, use this:
; HKR, Ndi,FilterType,0x00010001, 2 ; Modifying filter
HKR, Ndi,FilterType,0x00010001,2
HKR, Ndi\Interfaces,UpperRange,,"noupper"
HKR, Ndi\Interfaces,LowerRange,,"nolower"
; TODO: Ensure that the list of media types below is correct. Typically,
; filters include "ethernet". Filters may also include "ppip" to include
; native WWAN stacks, but you must be prepared to handle the packet framing.
; Possible values are listed on MSDN, but common values include:
; ethernet, wan, ppip, wlan
HKR, Ndi\Interfaces, FilterMediaTypes,,"ethernet, wan, ppip, wlan"
; For a Mandatory filter, use this:
; HKR, Ndi,FilterRunType,0x00010001, 1 ; Mandatory filter
; For an Optional filter, use this:
; HKR, Ndi,FilterRunType,0x00010001, 2 ; Optional filter
HKR, Ndi,FilterRunType,0x00010001, 2 ; Optional filter
; By default, Mandatory filters unbind all protocols when they are
; installed/uninstalled, while Optional filters merely pause the stack. If you
; would like to override this behavior, you can include these options. These
; options only take effect with 6.30 filters on Windows "8" or later.
; To prevent a full unbind, and merely pause/restart protocols:
; HKR, Ndi,UnbindOnAttach,0x00010001, 0 ; Do not unbind during FilterAttach
; HKR, Ndi,UnbindOnDetach,0x00010001, 0 ; Do not unbind during FilterDetach
; To force a full unbind/bind (which includes pause/restart, of course):
; HKR, Ndi,UnbindOnAttach,0x00010001, 1 ; Unbind during FilterAttach
; HKR, Ndi,UnbindOnDetach,0x00010001, 1 ; Unbind during FilterDetach
;
;-------------------------------------------------------------------------
; Service installation support
;-------------------------------------------------------------------------
[Install.Services]
AddService=npf,,NPF6X_Service_Inst
[NPF6X_Service_Inst]
DisplayName = %NPF6x_Desc%
ServiceType = 1 ;SERVICE_KERNEL_DRIVER
StartType = 3 ;SERVICE_DEMAND_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary = %12%\npf6x.sys
LoadOrderGroup = NDIS
Description = %NPF6x_Desc%
[Install.Remove.Services]
DelService=npf,0x200 ; SPSVCINST_STOPSERVICE
[NdisImPlatformBindingOptions.reg]
; By default, when an LBFO team or Bridge is created, all filters will be
; unbound from the underlying members and bound to the TNic(s). This keyword
; allows a component to opt out of the default behavior
; To prevent binding this filter to the TNic(s):
; HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,1 ; Do not bind to TNic
; To prevent unbinding this filter from underlying members:
; HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,2 ; Do not unbind from Members
; To prevent both binding to TNic and unbinding from members:
; HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,3 ; Do not bind to TNic or unbind from Members
HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,0 ; Subscribe to default behavior
[Strings]
Insecure = "Nmap Project"
NPF6X_Desc = "WinPcap Lightweight Filter Driver (NPF)"
NPF6X_HelpText = "A NDIS 6 kernel filter driver to support packet capturing under Windows 7 & Windows 8"

Here are the diagnostic steps I would follow:
It's really important that you change the NetCfgInstanceId to a new GUID, different from the {5cbf81bd...} GUID used by the sample driver.
Check if the filter is really installed. Use bindview from here. Or look in HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{your NetCfgInstanceId}\Ndi and verify that there's an entry for your filter driver. NDIS needs to have FilterType and FilterRunType values under that key.
Check if your NPF_RegisterOptions routine is getting called, and if so, whether it's returning NDIS_STATUS_SUCCESS.
Enable NDIS tracing, as described here. There may be an informative message about why NDIS is failing the filter driver registration. (Although to be honest, we don't have as many traces there as I would like.) Note that on Windows 8 and later, you won't need to download TMF files anymore, since the TMFs are built into the NDIS.PDB that the debugger automatically downloads for you.
During the call to NdisFRegisterFilterDriver, NDIS will call several internal routines. Try setting breakpoints on each, to see which ones are called and what status codes they return. (Note that on x86, the eax register typically holds the return value, so you'd inspect eax register after each of these subroutines returns back to NdisFRegisterFilterDriver.
ndisCreateFilterDriverRegistry
ndisReadFilterDriverRegistry
ndisFInvokeSetOptions

modify this value in the ini file, maybe useful:
StartType = 1

Ldap error code 32

I'm trying to synchronize OpenLDAP and Active directory together. To do so I'm using a program called LSC-Project which is specified to do this sort of thing.
I have configured the program the best I can however I can't find a way to shake off the following error:
javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-
031001CD,
problem 2001 (NO_OBJECT), data 0, best match of:
'DC=domname,DC=com'
]; remaining name
'uid=user1,ou=Users'
May 09 15:19:25 - ERROR - Error while synchronizing ID uid=user1,ou=Users:
java.lang.Exception:
Technical problem while applying modifications to directory
dn: uid=user1,ou=Users,dc=domname,dc=com
changetype: add
userPassword: 3+kU2th/WMo/v553A24a3SBw2kU=
objectClass: uid
This is the configuration file that the program runs on:
###############################
Destination LDAP directory #
##############################
dst.java.naming.provider.url = ldap://192.168.1.3:389/dc=Windows,dc=com
dst.java.naming.security.authentication = simple
dst.java.naming.security.principal = cn=Administrator,cn=Users,dc=Windows,dc=com
dst.java.naming.security.credentials = 11111
dst.java.naming.referral = ignore
dst.java.naming.ldap.derefAliases = never
dst.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory
dst.java.naming.ldap.version = 3
dst.java.naming.ldap.pageSize = 1000
#########################
Source LDAP directory
#########################
src.java.naming.provider.url = ldap://192.168.1.2:389/dc=Linux,dc=com
src.java.naming.security.authentication = simple
src.java.naming.security.principal = uid=root,ou=users,dc=Linux,dc=com
src.java.naming.security.credentials = 11111
src.java.naming.referral = ignore
src.java.naming.ldap.derefAliases = never
src.java.naming.factory.initial = com.sun.jndi.ldap.LdapCtxFactory
src.java.naming.ldap.version = 3
#######################
Tasks configuration
#######################
lsc.tasks = Administrator
lsc.tasks.Administrator.srcService = org.lsc.jndi.SimpleJndiSrcService
lsc.tasks.Administrator.srcService.baseDn = ou=users
lsc.tasks.Administrator.srcService.filterAll = (&(objectClass=person))
lsc.tasks.Administrator.srcService.pivotAttrs = uid
lsc.tasks.Administrator.srcService.filterId = (&(objectClass=person)(uid={uid}))
lsc.tasks.Administrator.srcService.attrs = description uid userPassword
lsc.tasks.Administrator.dstService = org.lsc.jndi.SimpleJndiDstService
lsc.tasks.Administrator.dstService.baseDn = cn=Users
lsc.tasks.Administrator.dstService.filterAll = (&(cn=*)(objectClass=organizationalPerson))
lsc.tasks.Administrator.dstService.pivotAttrs = cn, top, person, user, organizationalPerson
lsc.tasks.Administrator.dstService.filterId = (&(objectClass=user) (sAMAccountName={cn}))
lsc.tasks.Administrator.dstService.attrs = description cn userPassword objectClass
lsc.tasks.Administrator.bean = org.lsc.beans.SimpleBean
lsc.tasks.Administrator.dn = "uid=" + srcBean.getAttributeValueById("uid") + ",ou=Users"
dn.real_root = dc=Domname,dc=com
#############################
Syncoptions configuration
#############################
lsc.syncoptions.Administrator = org.lsc.beans.syncoptions.PropertiesBasedSyncOptions
lsc.syncoptions.Administrator.default.action = M
lsc.syncoptions.Administrator.objectClass.action = M
lsc.syncoptions.Administrator.objectClass.force_value = srcBean.getAttributeValueById("cn").toUpperCase()
lsc.syncoptions.Administrator.userPassword.default_value = SecurityUtils.hash(SecurityUtils.HASH_SHA1, "defaultPassword")
lsc.syncoptions.Administrator.default.delimiter=;
lsc.syncoptions.Administrator.objectClass.force_value = "top";"user";"person";"organizationalPerson"
lsc.syncoptions.Administrator.userPrincipalName.force_value = srcBean.getAttributeValueById("uid") + "#Domname.com"
lsc.syncoptions.Administrator.userAccountControl.create_value = AD.userAccountControlSet ( "0", [AD.UAC_SET_NORMAL_ACCOUNT])
I'm suspecting that it has something to do with the baseDn of the Task configuration in the part of the source configuration.
The OSs is ubuntu 10.04 and Windows2K3
Someone suggested to me to make a manual sync between them but I have not found any guides to do so. And this program is pretty much the only thing that says that is does this kind of job without costs.

The baseDn should be the distinguished name of the base object of the search, for example, ou=users,dc=domname,dc=com.
see also
LDAP: Mastering Search Filters
LDAP: Search best practices
LDAP: Programming practices

The main reason for NameNotFoundException is that the object which you're searching doesn't exist or the container in which you are searching is not correct.

In case of Spring-ldap, we used to get this error when we specify the baseDn in the context file(LdapContextSource bean) and also in createUser code to build userDn.we need not specify the dc again in the buildUserDn()
protected Name buildUserDn(String userName) {
DistinguishedName dn = new DistinguishedName();
//only cn is required as the base dn is already specified in context file
dn.add("cn", userName);
return dn;
}

In Active Directory: Users catalog is container class, not OrganizationalUnit, so you should use: cn=users,dc=domname,dc=com

Resources