WMI Events from NDIS miniport drivers
23 views
Skip to first unread message
priyank...@gmail.com
Mar 7, 2014, 6:04:11 PM3/7/14
to
Hello,
I am trying to get my miniport driver to send WMI events that I can capture from Powershell. Following is what I am trying to do:
1. MOF file to define the classes to WMI:
#pragma autorecover
#pragma namespace ("\\\\.\\root\\wmi")
[Dynamic, Provider("WMIProv"),
WMI,
guid("<My GUID"),
locale("MS\\0x409")]
class my_event_class : WMIEvent
{
[key,read]
string InstanceName;
[read] boolean Active;
//
My class members
};
2. In my driver, I defined the necessary data structures for the data that I am looking to capture through the event.
NDIS_GUID guid_list[] =
{
{<My GUID>,
<my custom oid>,
sizeof(my buffer),
fNDIS_GUID_TO_STATUS | fNDIS_GUID_ALLOW_READ | fNDIS_GUID_ALLOW_WRITE
}
};
NdisZeroMemory(&status_indication, sizeof(NDIS_STATUS_INDICATION));
status_indication.Header.Revision = NDIS_STATUS_INDICATION_REVISION_1;
status_indication.Header.Size = NDIS_SIZEOF_STATUS_INDICATION_REVISION_1;
status_indication.Header.Type = NDIS_OBJECT_TYPE_STATUS_INDICATION;
status_indication.StatusCode = NDIS_STATUS_MEDIA_SPECIFIC_INDICATION;
status_indication.Guid = enic_guid_list[0].Guid;
status_indication.StatusBuffer = &(my buffer);
status_indication.StatusBufferSize = sizeof(my buffer);
status_indication.SourceHandle = <my miniport driver handle>;
NdisMIndicateStatusEx(<my miniport handle>, &status_indication);
3. I have the MOF registered with the WMI. Checked and verified from wbemtest.
4. On powershell, I register to capture the event:
Register-WMIEvent -Class my_event_class -Action {Write-Host $(Get-Date)}
However, this does not seem to work. I do not see any output from this. I have verified that the event is triggered by the driver but is not being captured.
Is there anything that needs to be done differently?
I am trying to get my miniport driver to send WMI events that I can capture from Powershell. Following is what I am trying to do:
1. MOF file to define the classes to WMI:
#pragma autorecover
#pragma namespace ("\\\\.\\root\\wmi")
[Dynamic, Provider("WMIProv"),
WMI,
guid("<My GUID"),
locale("MS\\0x409")]
class my_event_class : WMIEvent
{
[key,read]
string InstanceName;
[read] boolean Active;
//
My class members
};
2. In my driver, I defined the necessary data structures for the data that I am looking to capture through the event.
NDIS_GUID guid_list[] =
{
{<My GUID>,
<my custom oid>,
sizeof(my buffer),
fNDIS_GUID_TO_STATUS | fNDIS_GUID_ALLOW_READ | fNDIS_GUID_ALLOW_WRITE
}
};
NdisZeroMemory(&status_indication, sizeof(NDIS_STATUS_INDICATION));
status_indication.Header.Revision = NDIS_STATUS_INDICATION_REVISION_1;
status_indication.Header.Size = NDIS_SIZEOF_STATUS_INDICATION_REVISION_1;
status_indication.Header.Type = NDIS_OBJECT_TYPE_STATUS_INDICATION;
status_indication.StatusCode = NDIS_STATUS_MEDIA_SPECIFIC_INDICATION;
status_indication.Guid = enic_guid_list[0].Guid;
status_indication.StatusBuffer = &(my buffer);
status_indication.StatusBufferSize = sizeof(my buffer);
status_indication.SourceHandle = <my miniport driver handle>;
NdisMIndicateStatusEx(<my miniport handle>, &status_indication);
3. I have the MOF registered with the WMI. Checked and verified from wbemtest.
4. On powershell, I register to capture the event:
Register-WMIEvent -Class my_event_class -Action {Write-Host $(Get-Date)}
However, this does not seem to work. I do not see any output from this. I have verified that the event is triggered by the driver but is not being captured.
Is there anything that needs to be done differently?
Reply all
Reply to author
Forward
0 new messages