Add new tag

 

 IPWireless Win32 driver – debugging and reversing

November 19, 2006

A series of tweaks for the Win32 USB drivers of the IPWireless modem, and some more tweaks for the “Wireless Broadband Dialler”

Getting rid of the debug overhead in the drivers:

The USB drivers log a lot of useless information about the USB protocol used to communicate with the modem, using the win32 DbgPrint kernel function-call. This causes some serious overhead, and can amount to quite a bit of extra CPU cycles when running at high speeds. This “spam” is quite obvious when you run a tool such as DebugView. (Try it, you’ll note the spam, and remember to ‘Capture Kernel Events (Ctrl+K)’) In addition the kernel has to buffer any DbgPrint data in an internal buffer until it overflows, or an application such as DebugView reads it off the stack. This incurs even more ring 0 overhead on systems using the USB driver.

The DbgPrint spam is controlled via a registry entry in the ipw_*.inf files… It’s easier, to just find the keys, after installation and change the debug flags, than reinstalling the drivers with modified .inf files.

By disabling the debug information and the extra overhead when talking to the USB device, I’ve managed to shave around 5-8ms off my ping times. (A completely subjective measurement) [YMMV] <— Under profiling conditions, with a kernel debugger the call overhead per USB poll dropped from 230 cycles to 89 cycles which is a considerable saving in CPU cycles wasted. (This was an objective measurement).

I find it quite insane that a company such as MCCI can distribute drivers for production release with full debugging turned on.

Hopefully, once I patch the drivers this may drop to around 3-4% levels since there is still considerable overhead in checking the debug flags.

In the meantime, to at least reduce the syscall overhead when using the drivers, the following can be done:

_Warning, the StandardDisclaimer applies when attempting any of the following:_

Disabling the debug information (Win2000,WinXP):

*Fire up regedit.exe
*Do a search for the string “~MCCIUSB_~DebugLevel” by pressing Ctrl+F (enter it without the quotes)
*Once you’ve found the value (the default will be 0xffffffff), change it by double clicking on it.
*Change the value to 0 (decimal, or hexadicimal)
*Click ok.
*Press F3 to find the next occurrence of “~MCCIUSB_~DebugLevel” and keep on changing the values to 0.
*Once there are no more entries found, reboot your PC.

Getting the dialer to print more information

The dialler application, has a few registry entries to show more “debug” information in it’s window. This kind of information is actually useful, and has very little overhead, since the debug info is only printed during the connection establishment phase. If you’re like me and want to see what your modem is doing, then turn on the debugging for the dialler as described below.

To turn on full debugging for the dialler application:

*Fire up regedit.exe
*Navigate to HKEY_LOCAL_MACHINESOFTWAREIPWireless Inc.IPWireless PC Software
*Right click on “IPWireless PC Software” in the tree, and on the popup menu select New->Key
*Type in “Debug” (without the quotes) and hit enter, to create a new Key.
*Now, left click on HKEY_LOCAL_MACHINESOFTWAREIPWireless Inc.IPWireless PC SoftwareDebug in the tree.

__theloop__
*Right click in the blank area (NOT in the tree) and click on New->String Value
*Enter ATCMD, and hit enter
*Double click the ATCMD entry and type in “Enable” (without the quotes)

*Repeat starting at __theloop__ for the following values:
**ATRES
**ATRESP
**~RasTrace

Now, when you use the “Wireless Broadband Modem Dialler” application, some more debugging information will be shown in the “ISP” window.

Getting the dialler to retry more than 5 times after disconnect:

The “Wireless Broadband Modem Dialler” has an option on the “ISP” tab to “Reconnect if line dropped”
When you turn this checkbox on, the dialler will retry for a maximum amount of 5 times to reconnect to the Sentech network.

This is pretty useless, since we all know: _When it goes down, it goes down for a while_
To increase the number of attempts that the dialler will use when attempting to redial do the following:

*Fire up regedit.exe
*Navigate to HKEY_LOCAL_MACHINESOFTWAREIPWireless Inc.IPWireless PC Software
*Find the entry named RECONNECT_ATTEMPTS on the right-hand side.
*Double click the RECONNECT_ATTEMPTS entry, and change the value to 10000
*This will cause the dialler to retry 65536 times when the line gets disconnected.