none
WFP SupportPowerManagedStates fails with "HlprNSIGetInterfaceProfile: NsiGetAllParametersEx() [status: 0x103]" RRS feed

  • Question

  • Hello forum,

    We have a WFP driver which simply monitors traffic without blocking or dropping anything. We used to be able to pass the HCK on Windows 7. However, when we HCK on Windows 8.1 on a relatively slow laptop, in "SupportPowerManagedStates" many tests failed with "HlprNSIGetInterfaceProfile: NsiGetAllParametersEx() [status: 0x103]" with a few successes in between.

    Tried to look up NsiGetAllParametersEx() but this appears to be a private API which has no public document anywhere. So we have no idea what was failing here.

    The relevant info is listed below:

    [Enable Driver Verifier: TRUE]
    [Use Answer File: FALSE]
    [Has a callout driver: TRUE]
    [Is a firewall: FALSE]
    [Layered on Microsoft Windows Firewall: FALSE]
    [Does MAC Filtering: FALSE]
    [Does Virtual Switch Filtering: FALSE]
    [Does Packet Injection: FALSE]
    [Does Stream Injection: FALSE]
    [Does Proxying: FALSE]
    [Supports Modern Applications: TRUE]
    [Uninstalls cleanly: TRUE]
    [Proxies without deadlocking: FALSE]
    [Has an identifying Provider: TRUE]
    [Associates Provider with all objects: TRUE]
    [Has at least 1 filter: FALSE]
    [Uses only built-in or their own private SubLayer: TRUE]
    [Has an NDF Helper Class: FALSE]
    [Does not AV: TRUE]
    [Does not alter other's WFP Objects: TRUE]
    [Injects without deadlocking: FALSE]
    [Injects at STREAM without starvation: FALSE]
    [Supports Power Managed States: TRUE]
    [ACLs objects so other's can enum them: TRUE]
    [Uses latest WinSock specifications: TRUE]
    [Properly disabled Windows Firewall: FALSE]
    [Uses granular filtering: TRUE]
    [Can filter by 5 tuples: FALSE]
    [Can filter by application name: FALSE]
    [Can filter by Physical Addresses: FALSE]
    [Uses WFP for filtering and packet maniplulation: TRUE]
    [Supports IPv4 Address Resolution - ARP: TRUE]
    [Supports IPv6 Address Resolution - Neighbor Discovery: TRUE]
    [Supports Dynamic IP Addressing: TRUE]
    [Supports IPv4: TRUE]
    [Supports IPv6: TRUE]
    [Supports Name Resolution: TRUE]
    [Supports 6TO4: TRUE]
    [Supports Automatic Updates: TRUE]
    [Supports Basic Website Browsing: TRUE]
    [Supports File and Printer Sharing: TRUE]
    [Supports ICMP Error Messages: TRUE]
    [Supports Internet Streaming: TRUE]
    [Supports Media Extender Streaming: TRUE]
    [Supports MobileBroadband: TRUE]
    [Supports Peer Name Resolution Protocol: TRUE]
    [Supports Remote Assistance: TRUE]
    [Supports Remote Desktop: TRUE]
    [Supports Teredo: TRUE]
    [Supports Virtual Private Networking: TRUE]
    [Interops with other Virtual Switch Extensions: FALSE]
    [Does not modify at Egress: FALSE]
    [Supports Live Migration: FALSE]
    [Supports Removal of Virtual Switch Extensions: FALSE]
    [Supports Reordering of Virtual Switch Extension: FALSE]
    ... ... ...
    

    Runtime Index: 1204056918 Machine: WHQL81-X64-HP Process Name: C:\Windows\System32\WFPLogo.Exe Process ID: 2188 Thread ID: 3184 Message 3/14/2014 10:27:49.215 PM Context _ _ Context Index: 1944523683 Current: ArchitecturalDesign\SupportPowerManagedStates Parent: WTTLOG Start Test 3/14/2014 10:27:49.215 PM ArchitecturalDesign\SupportPowerManagedStates Message 3/14/2014 10:27:49.215 PM Priority: 0, Owner: WFP@Microsoft.com Message 3/14/2014 10:32:22.215 PM Configuration Time: 271 seconds Message 3/14/2014 10:32:22.215 PM +VAR+INFO+ 0 : [IPVersion: IPv4][Direction: Outbound][Protocol: UDP (17)][Source / Local Address: 1.0.0.1][Destination / Remote Address: 1.0.0.254][Source / Local Port: 44136][Destination / Remote Port: 47567][Action: PERMIT] Message 3/14/2014 10:33:54.215 PM LocalUDP::SocketBind : bind() [Local Bound Address: 1.0.0.1][Local Bound Port: 0xac68] [status: 0] Message 3/14/2014 10:33:54.215 PM LocalUDP::SocketSendTo : sendto() [bytes sent: 1000] [status: 0] Runtime 3/14/2014 10:33:49.490 PM _ Runtime Index: 972781814 Machine: WHQL81-X64-HP Process Name: C:\Windows\System32\WFPLogo.Exe Process ID: 2188 Thread ID: 2536 Message 3/14/2014 10:39:55.490 PM VirtualUDP::AnalyzePacket() [IP Version: 0x4][IP Protocol: 0x11][Source Address: 0x1000001][DestinationAddress: 0x10000fe][Source Port: 0xac68][Destination Port:0xb9cf] Message 3/14/2014 10:39:55.490 PM VirtualUDP::RxPackets() : Exit Message 3/14/2014 10:33:54.215 PM LocalUDP::SocketSendTo : sendto() [bytes sent: 1000] [status: 0] Runtime 3/14/2014 10:33:49.678 PM _ Runtime Index: 4087245718 Machine: WHQL81-X64-HP Process Name: C:\Windows\System32\WFPLogo.Exe Process ID: 2188 Thread ID: 224 Message 3/14/2014 10:39:55.678 PM VirtualUDP::AnalyzePacket() [IP Version: 0x4][IP Protocol: 0x11][Source Address: 0x1000001][DestinationAddress: 0x10000fe][Source Port: 0xac68][Destination Port:0xb9cf] Message 3/14/2014 10:39:55.678 PM VirtualUDP::RxPackets() : Exit Message 3/14/2014 10:33:54.215 PM AnalyzeTrafficResults() [Analysis: Permitted][local Error: 0][peer Error: 0][packet(s) Rx'd: Yes][packet(s) Tx'd: Yes] Message 3/14/2014 10:33:54.215 PM LocalUDP::SocketShutdown : shutdown() [status: 0] Message 3/14/2014 10:33:54.215 PM LocalUDP::SocketClose : closesocket() [status: 0] Runtime 3/14/2014 10:34:16.184 PM _ Runtime Index: 4008861080 Machine: WHQL81-X64-HP Process Name: C:\Windows\System32\WFPLogo.Exe Process ID: 2188 Thread ID: 3236 Context _ _ Context Index: 1333129586 Current: +SUB_VAR+ 1 : [IPVersion: IPv4][Direction: Outbound][Protocol: UDP (17)][Source / Local Address: 1.0.0.1][Destination / Remote Address: 1.0.0.254][Source / Local Port: 44136][Destination / Remote Port: 47567][Action: PERMIT] HlprNSIGetInterfaceProfile: NsiGetAllParametersEx() [status: 0x103] Parent: WTTLOG Start Test 3/14/2014 10:40:49.184 PM +SUB_VAR+ 1 : [IPVersion: IPv4][Direction: Outbound][Protocol: UDP (17)][Source / Local Address: 1.0.0.1][Destination / Remote Address: 1.0.0.254][Source / Local Port: 44136][Destination / Remote Port: 47567][Action: PERMIT] HlprNSIGetInterfaceProfile: NsiGetAllParametersEx() [status: 0x103] End Test 3/14/2014 10:40:49.184 PM +SUB_VAR+ 1 : [IPVersion: IPv4][Direction: Outbound][Protocol: UDP (17)][Source / Local Address: 1.0.0.1][Destination / Remote Address: 1.0.0.254][Source / Local Port: 44136][Destination / Remote Port: 47567][Action: PERMIT] HlprNSIGetInterfaceProfile: NsiGetAllParametersEx() [status: 0x103] Result: Fail Context _ _ Context Index: 1229171401 Current: +SUB_VAR+ 2 : [IPVersion: IPv4][Direction: Outbound][Protocol: UDP (17)][Source / Local Address: 1.0.0.1][Destination / Remote Address: 1.0.0.254][Source / Local Port: 44136][Destination / Remote Port: 47567][Action: PERMIT] HlprNSIGetInterfaceProfile: NsiGetAllParametersEx() [status: 0x103] Parent: WTTLOG Start Test 3/14/2014 10:40:49.184 PM +SUB_VAR+ 2 : [IPVersion: IPv4][Direction: Outbound][Protocol: UDP (17)][Source / Local Address: 1.0.0.1][Destination / Remote Address: 1.0.0.254][Source / Local Port: 44136][Destination / Remote Port: 47567][Action: PERMIT] HlprNSIGetInterfaceProfile: NsiGetAllParametersEx() [status: 0x103] End Test 3/14/2014 10:40:49.184 PM +SUB_VAR+ 2 : [IPVersion: IPv4][Direction: Outbound][Protocol: UDP (17)][Source / Local Address: 1.0.0.1][Destination / Remote Address: 1.0.0.254][Source / Local Port: 44136][Destination / Remote Port: 47567][Action: PERMIT] HlprNSIGetInterfaceProfile: NsiGetAllParametersEx() [status: 0x103] Result: Fail Context _ _ Context Index: 2101112108 Current: +SUB_VAR+ 3 : [IPVersion: IPv4][Direction: Outbound][Protocol: UDP (17)][Source / Local Address: 1.0.0.1][Destination / Remote Address: 1.0.0.254][Source / Local Port: 44136][Destination / Remote Port: 47567][Action: PERMIT] PowerStates [status:0][IPv4][Outbound][From: 1.0.0.1][To: 1.0.0.254][PERMIT] Parent: ArchitecturalDesign\SupportPowerManagedStates Start Test 3/14/2014 10:35:12.215 PM +SUB_VAR+ 3 : [IPVersion: IPv4][Direction: Outbound][Protocol: UDP (17)][Source / Local Address: 1.0.0.1][Destination / Remote Address: 1.0.0.254][Source / Local Port: 44136][Destination / Remote Port: 47567][Action: PERMIT] PowerStates [status:0][IPv4][Outbound][From: 1.0.0.1][To: 1.0.0.254][PERMIT] End Test 3/14/2014 10:35:12.215 PM +SUB_VAR+ 3 : [IPVersion: IPv4][Direction: Outbound][Protocol: UDP (17)][Source / Local Address: 1.0.0.1][Destination / Remote Address: 1.0.0.254][Source / Local Port: 44136][Destination / Remote Port: 47567][Action: PERMIT] PowerStates [status:0][IPv4][Outbound][From: 1.0.0.1][To: 1.0.0.254][PERMIT] Result: Pass

    ... ... ... ...

    All the other WFP test cases except for this "SupportPowerManagedStates" were able to complete successfully.

    Thanks in advance for your help !

    - hao




    • Edited by Hao Zhuang Saturday, March 15, 2014 6:44 AM
    Saturday, March 15, 2014 6:34 AM

All replies

  • Any insights ?
    Tuesday, March 18, 2014 6:37 PM
  • Seems like I'm having the similar problem:

    Win8.1 32bit, same source code with both 64/32bit build, all test passed with Win8.1 64bit, but not on 32bit. However, in the log, I didn't see the error at all, and followed with one success:

    Context Index: 3579095739
    Current: +SUB_VAR+ 1 : [IPVersion:
    IPv4][Direction: Outbound][Protocol: UDP (17)][Source / Local Address:
    1.0.0.1][Destination / Remote Address: 1.0.0.254][Source / Local Port:
    44838][Destination / Remote Port: 46796][Action: PERMIT] PowerStates
    [status:0][IPv4][Outbound][From: 1.0.0.1][To: 1.0.0.254][PERMIT]
    Parent: ArchitecturalDesign\SupportPowerManagedStates
    Start Test 2/4/2016 6:01:33.049 PM +SUB_VAR+ 1 : [IPVersion: IPv4][Direction: Outbound][Protocol: UDP (17)][Source / Local Address: 1.0.0.1][Destination / Remote Address: 1.0.0.254][Source / Local Port: 44838][Destination / Remote Port: 46796][Action: PERMIT] PowerStates [status:0][IPv4][Outbound][From: 1.0.0.1][To: 1.0.0.254][PERMIT]
    End Test 2/4/2016 6:01:33.049 PM +SUB_VAR+ 1 : [IPVersion:
    IPv4][Direction: Outbound][Protocol: UDP (17)][Source / Local Address:
    1.0.0.1][Destination / Remote Address: 1.0.0.254][Source / Local Port:
    44838][Destination / Remote Port: 46796][Action: PERMIT] PowerStates
    [status:0][IPv4][Outbound][From: 1.0.0.1][To: 1.0.0.254][PERMIT]
    Result: Pass
    Message 2/4/2016 6:01:39.049 PM Script Run: cmd.exe /C "
    %WinDir%\System32\NetSh.exe AdvFirewall Firewall Delete Rule Name="WFPLogo"
    Dir=Out Program=%WinDir%\System32\WFPLogo.Exe LocalIP=1.0.0.1 RemoteIP=1.0.0.254
    Protocol=17 Profile=Any"
    Message 2/4/2016 6:01:54.049 PM Script Run: cmd.exe /C "
    %WinDir%\System32\NetSh.exe AdvFirewall Firewall Add Rule Name="WFPLogo"
    Description="Block Outbound IPv4 with Power States" Dir=Out Action=block
    Program=%WinDir%\System32\WFPLogo.Exe LocalIP=1.0.0.1 RemoteIP=1.0.0.254
    Protocol=6 Enable=Yes Profile=Any"
    Message 2/4/2016 6:02:09.049 PM +VAR+INFO+ 1 : [IPVersion:
    IPv4][Direction: Inbound][Protocol: TCP (6)][Source / Remote Address:
    1.0.0.254][Destination / Local Address: 1.0.0.1][Source / Remote Port:
    43564][Destination / Local Port: 46366][Action:
    PERMIT]
    Message 2/4/2016 6:03:25.049 PM LocalTCP::SocketBind : bind() [Local
    Bound Address: 1.0.0.1][Local Bound Port: 0xb51e] [status:
    0]
    Message 2/4/2016 6:03:25.049 PM LocalTCP::SocketListen : listen()
    [status: 0]
    Message 2/4/2016 6:03:25.049 PM

    LocalTCP::SocketSetToNonBlocking :
    ioctlsocket() [status: 0]

    There is one failed.

    Context Index: 1190191782
    Current: +SUB_VAR+ 1 : [IPVersion:
    IPv4][Direction: Inbound][Protocol: TCP (6)][Source / Remote Address:
    1.0.0.254][Destination / Local Address: 1.0.0.1][Source / Remote Port:
    43564][Destination / Local Port: 46366][Action: PERMIT] PowerStates [status:
    0][IPv4][Inbound][From: 1.0.0.254][To: 1.0.0.1][PERMIT]
    Parent: ArchitecturalDesign\SupportPowerManagedStates
    Start Test 2/4/2016 6:05:00.049 PM +SUB_VAR+ 1 : [IPVersion: IPv4][Direction: Inbound][Protocol: TCP (6)][Source / Remote Address: 1.0.0.254][Destination / Local Address: 1.0.0.1][Source / Remote Port: 43564][Destination / Local Port: 46366][Action: PERMIT] PowerStates [status: 0][IPv4][Inbound][From: 1.0.0.254][To: 1.0.0.1][PERMIT]
    End Test 2/4/2016 6:05:00.049 PM +SUB_VAR+ 1 : [IPVersion:
    IPv4][Direction: Inbound][Protocol: TCP (6)][Source / Remote Address:
    1.0.0.254][Destination / Local Address: 1.0.0.1][Source / Remote Port:
    43564][Destination / Local Port: 46366][Action: PERMIT] PowerStates [status:
    0][IPv4][Inbound][From: 1.0.0.254][To: 1.0.0.1][PERMIT]
    Result: Fail
    Message 2/4/2016 6:05:01.049 PM Script Run: cmd.exe /C "
    %WinDir%\System32\NetSh.exe AdvFirewall Firewall Delete Rule Name="WFPLogo"
    Dir=Out Program=%WinDir%\System32\WFPLogo.Exe LocalIP=1.0.0.1 RemoteIP=1.0.0.254
    Protocol=6 Profile=Any"
    Message 2/4/2016 6:05:16.049 PM Script Run: cmd.exe /C " %WinDir%\System32\NetSh.exe AdvFirewall Firewall Add Rule Name="WFPLogo" Description="Permit Inbound IPv4 with Power States" Dir=In Action=allow Program=%WinDir%\System32\WFPLogo.Exe LocalIP=fe80::289a:cd85:4229:c2d2 RemoteIP=fe80::1:0:0:FE Protocol=6 Enable=Yes Profile=Any"
    Message 2/4/2016 6:05:31.049 PM +VAR+INFO+ 2 : [IPVersion:
    IPv6][Direction: Outbound][Protocol: TCP (6)][Source / Local Address:
    fe80::289a:cd85:4229:c2d2][Destination / Remote Address: fe80::1:0:0:FE][Source
    / Local Port: 41065][Destination / Remote Port: 45748][Action:
    PERMIT]
    Message 2/4/2016 6:07:00.049 PM LocalTCP::SocketBind : bind() [Local
    Bound Address: fe80::289a:cd85:4229:c2d2][Local Bound Port: 0xa069] [status: 0]

    Friday, February 5, 2016 7:52 AM
  • I am facing the same issue. Was this resolved somehow?
    Wednesday, February 12, 2020 1:29 PM