How to programmatically detect Cipher type and Encryption level from a wireless network device from windows 2003 server

Question

Now my team working in a network project using windows application c#. I didn't know how to programmatically detect Cipher type and Encryption level from a wireless network device from windows 2003 server.

After searching i got WMI (Windows Management Instrumentation) for solving the problem.+

Please suggest example/reference for finding Cipher type and Encryption level from a wireless network device from windows 2003 server

Answer 1

just found you question. The information which you search for originate from NDIS driver. WMI only gives you a subset of such information. Every NDIS driver support some standard requests which can be send with respect of DeviceIoControl function (see http://msdn.microsoft.com/en-us/library/aa363216%28v=VS.85%29.aspx). As an input (lpInBuffer parameter) you should give a DWORD with an OID code, a control code which identify the request, As an output you receive a structure with information filed, or in your case a DWORD (enum value). For example, if you asked NDIS driver for

#define OID_802_11_WEP_STATUS                   0x0D01011B

(as DWORD value of lpInBuffer parameter) it returns back also DWORD with information like

// Also aliased typedef to new name
typedef enum _NDIS_802_11_WEP_STATUS
{
    Ndis802_11WEPEnabled,
    Ndis802_11Encryption1Enabled = Ndis802_11WEPEnabled,
    Ndis802_11WEPDisabled,
    Ndis802_11EncryptionDisabled = Ndis802_11WEPDisabled,
    Ndis802_11WEPKeyAbsent,
    Ndis802_11Encryption1KeyAbsent = Ndis802_11WEPKeyAbsent,
    Ndis802_11WEPNotSupported,
    Ndis802_11EncryptionNotSupported = Ndis802_11WEPNotSupported,
    Ndis802_11Encryption2Enabled,
    Ndis802_11Encryption2KeyAbsent,
    Ndis802_11Encryption3Enabled,
    Ndis802_11Encryption3KeyAbsent
} NDIS_802_11_WEP_STATUS, *PNDIS_802_11_WEP_STATUS,
  NDIS_802_11_ENCRYPTION_STATUS, *PNDIS_802_11_ENCRYPTION_STATUS;

request for

#define OID_802_11_AUTHENTICATION_MODE          0x0D010118

returns

typedef enum _NDIS_802_11_AUTHENTICATION_MODE
{
    Ndis802_11AuthModeOpen,
    Ndis802_11AuthModeShared,
    Ndis802_11AuthModeAutoSwitch,
    Ndis802_11AuthModeWPA,
    Ndis802_11AuthModeWPAPSK,
    Ndis802_11AuthModeWPANone,
    Ndis802_11AuthModeWPA2,
    Ndis802_11AuthModeWPA2PSK,
    Ndis802_11AuthModeMax               // Not a real mode, defined as upper bound
} NDIS_802_11_AUTHENTICATION_MODE;

request for

#define OID_802_11_INFRASTRUCTURE_MODE          0x0D010108

returns

typedef enum _NDIS_802_11_NETWORK_INFRASTRUCTURE
{
    Ndis802_11IBSS,
    Ndis802_11Infrastructure,
    Ndis802_11AutoUnknown,
    Ndis802_11InfrastructureMax         // Not a real value, defined as upper bound
} NDIS_802_11_NETWORK_INFRASTRUCTURE;

and so on. You can find all different constants which you needs in ntddndis.h after installing of Windows DDK.

To open a device handle you should use CreateFile function. Instead of file name you should give a string with the prefix "\\.\" and adapter name (adapter guids). Adapter names you can enumerate with different way. One of the easiest is the subkey names of the registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Tcpip\Parameters\Adapters.

All what I explained above work exactly like http://msdn.microsoft.com/en-us/library/aa964902%28v=VS.85%29.aspx or other examples of usage DeviceIoControl. The full list of IoControl requests which must support some device class is described in DDK. I repeat one more time, that for usage of that one need only use DeviceIoControl and not write a device driver.

More as 10 years ago I play a little with such requests which I described here. I tested my old program works without any problems now. One need only use OIDs which you need and not much more.

UPDATED: I found a good link http://pages.infinit.net/codeguru/WiFiArticle.htm which explains in other words the same what I just written. It seems to me that one use here wrong parameters in CreateFile. One have to use FILE_SHARE_READ | FILE_SHARE_WRITE to makes all working. Example http://code.google.com/p/haggle/source/browse/winmobile/Haggle/WindowsWiFiUtils.cpp (see bool WindowsWiFiUtils:init(), bool WindowsWiFiUtils::setEncryptionMode(unsigned long adapterIndex, const unsigned int mode) etc) looks like much better and contain a lot of methods which can be also interesting for you. It is a C++ example, but it's very easy to rewrite this in C#.

UPDATED 2: One more way is usage of "Native Wifi API" http://msdn.microsoft.com/en-us/library/ms706556%28VS.85%29.aspx like WlanQueryInterface (for example with wlan_intf_opcode_supported_infrastructure_auth_cipher_pairs) or WZCQueryInterface, but it seems not supported on Windows Server 2003, what you need. Generally "Native Wifi API" is probably more reliable way to give maximum information (or modify it), but WMI can be also a good pragmatical alternative.

Answer 2

As far as WMI is concerned you are fairly limited in the wireless connection information you can retrieve.

Running a WMI query for "Select * from MSNdis_80211_WEPStatus where active=true" should give you a numerical result where:

0=WEP is in use
2=Connection is unsecured
4=WPA-PSK is in use
6=WPA is in use
7=Disconnected

To run this query from powershell you can simply do:

PS C:\WINDOWS> gwmi -query "Select * from MSNdis_80211_WEPStatus where active=true" -namespace root\wmi

From C# the following should work:

using System;
using System.Management;
class Query_SelectQuery
{
    public static int Main(string[] args) 
    {
        SelectQuery selectQuery = new 
            SelectQuery("Select * from MSNdis_80211_WEPStatus where active=true");
        ManagementObjectSearcher searcher =
            new ManagementObjectSearcher("root\wmi", selectQuery);

        foreach (ManagementObject resultVal in searcher.Get()) 
        {
            Console.WriteLine(resultVal.ToString());
        }

        Console.ReadLine();
        return 0;
    }
}

If you have multiple active wireless connections it gets more difficult because you have to get the SSID values by querying the Ndis80211Ssid property in the MSNdis_80211_ServiceSetIdentifier class.

If you were on Windows {Vista, 7, Server 2008} you could run netsh wlan export from a command shell and get it to output a nice .xml file with your network settings (not including the wireless key) but I don't think there's any way to get this to work on Windows XP, Server 2003 or other unlisted operating systems.

Another option if you need more detailed configuration information specifically under Windows 2003 Server is to access the group policy settings as detailed in this article: http://technet.microsoft.com/en-us/library/bb878079.aspx

I don't have a Windows Server 2003 machine handy to test with but you should be able to access these Group Policy Objects and settings through WMI under the root\RSoP namespace

Running wbemtest from console or using the Microsoft WMI Code Creator tool will let you look around the available WMI objects and classes to figure out exactly where those Group Policy Objects are lying.

Querying for Group Policy WMI Objects looks kinda painful though :(