============================================================== |How to make the PktFilter service start as early as possible| | | | No Copyright, nor Copyleft ;) | | | | Version 1.0 Rev 1 [2003-02-19] | ============================================================== This is a bit of handy-work. You will need the following tools: LoadOrder from http://www.sysinternals.com/ Service Manager from http://www.nttools-online.de/ Regedit (comes with NT/W2K/XP) Regedt32 (comes with NT/W2K) Note: Experienced users may do the service configuration directly through the registry. But this is not explicitly explained herein ;) First let's start with some basics. When inspecting the "List" value at "HKLM\SYSTEM\CurrentControlSet\Control\ServiceGroupOrder", one can easily find PNP_TDI and TDI (using Regedt32 this looks like this: PNP_TDI, NDIS, TDI). TDI is the group which contains the services related to TDI, PNP_TDI is the group of drivers related to TDI. Using LoadOrder one can easily see, that "PNP_TDI" is loaded before "TDI". And in fact "TDI" is the first network related service group to be loaded after the related drivers. We'll now modify the groups and the PktFilter service: 1. Install the pktfltr service 2. Start Service Manager and move down to "Stateless Packet Filtering" 3. Show its properties and then enter TDI as the group. Also set it to automatic start. 4. Then choose the Dependencies tab and inside it the "Device" tab. Select "TCP/IP Protocol Driver" from the list and double click. "Add" should appear in the "Action" column. Move to the "Group" tab and also add the "PNP_TDI" group. Apply and leave the dialog (i.e. press OK). 5. In the Service Manager main window choose the "Device" radio button and go to "IP Traffic Filter Driver". Then add it to the group "PNP_TDI", by entering this into the edit box. It seems like drivers/services with a Tag value take precedence over those without. This is why the "IP Traffic Filter Driver" will now appear as the last driver to be loaded from group "PNP_TDI". In fact to see this, you will probably have to reboot. BUT STOP! Do not reboot right now. We can make all changes and reboot then! This was the part that is quickly done and easy to understand. Now back in the list of LoadOrder, we can see, that in the TDI-Group there are no tag values (which in conjunction with the "GroupOrderList" key determines at what time the service is started) - shown as "n/a". 6. In the "HKLM\SYSTEM\CurrentControlSet\Services\PktFilter" key create a value named "Tag" of type DWORD with value 1. 7. In key "HKLM\SYSTEM\CurrentControlSet\Control\GroupOrderList" create a value of type BINARY named "TDI" (if not already present!). a.) value not present: Enter: 01 00 00 00 01 00 00 00 into the editor (you should use Regedit!). -> 01 00 00 00 is a DWORD value of 1 (means one service in this list) -> the second 01 00 00 00 is also a DWORD value of 1 and means, load service with Tag 1 at this position. b.) value is already there: Increase the value of the first DWORD in the binary value by one and then add another four bytes to the end of this value (00). Then order the Tags just as you like. I would recommend to load the PktFilter as the first :) Note, the DWORDs are given in hex (using Regedit) and in "reverse order", taken a calculated value from Windows Calculator. What did we do now? Well, we added PktFilter to the group "TDI" and gave it the Tag 1. Then we defined that in group TDI the service with Tag 1 has to be loaded first, followed by other services (probably in alphabetic order). This makes PktFilter the first (network-related) service to be started after the driver. Remarks: In case one should find, that the TDI group is loaded to late, there would also be the chance to create a new group name, include it in the key "ServiceGroupOrder" right after "PNP_TDI" and make the PktFilter service a member of this group. I'll either provide a small tool soon or maybe suggest some changes in the source of either service or control program. Have fun, Oliver aka Assarbad On questions, please drop me a mail: Assarbad [AT] gmx [DOT] info