-
-
[原创]NDIS Filter Drivers指南
-
发表于: 2014-1-16 17:36
-
不多话了,发一个自己汇集编辑的资料,关于NDIS FILTER的,主要来源于MSDN。分享给有需要的朋友。祝大家新年快乐。
NDIS Filter Drivers
SamllBug
2010/10/18
译者序
本文是根据DDK中相关章节翻译,本人英语水有限文中难免有翻译及写的不当之处,如
果有任何问题可以通LZIOG@163.com邮件联系和交流。
1 介绍NDIS Filter Drivers
ilter Drivers提供了针对微端口驱动(Miniport Drivers)的过滤服务(filtering service),
NDIS驱动栈上必须包含微端口驱动(Miniport Drivers)和协议驱动(Protocol Drivers),可选
的包含 Filter Drivers。更多关于 NDIS驱动栈的信息可查看 DDK的 MSDN中的 Driver Stack
Management。下面列举基本的栈配置图示: 
下面的应用可能就需要一个 Filter Drivers 来完成:
1) 基于安全或其它目录的数据过滤应用
2) 对网络数据进行监视,收集及统计的应用
下面的几个小节将介绍 Filter Drivers 的一些特性和服务。
1.1 Filter Drivers 特性
Filter Drivers 主要包括以下特性:
1) 一个 Filter Drivers 实例叫 Filter Module。Filter Module 附加在一个适配器的微端口驱动上,
来自相同或不同 Filter Drivers 的多个 Filter Module 都可以被堆叠在一个网络适配器上
2)在 Filter Module 被安装到驱动栈时,之上的协议驱动和之下的微端口驱动都不需要提供
额外的支持功能
3)因为 Filter Module 不像中间层驱动(intermediate driver)那样提供一个虚拟的微口,也
不与某个设备对象联结,所以在微端口适配器(miniport adapter)之上的 Filter Module 功
能相当于一个修过过版本的微端口适配器(miniport adapter)。 原文:Because filter drivers
do not implement virtual miniports like an intermediate driver, filter drivers are not
associated with a device object. A miniport adapter with overlying filter modules functions as
a modified version of the miniport adapter.)
4)NDIS 使用配置信息来到决定一个 Filter Module 附加到一个网络适配器栈上的顺序
5)在不用拆除整驱动栈的情况下,NDIS 可以动态的插入、删除 Filter Module 或进行重新配
置
6)当 NDIS 重起驱动栈的时候协议驱动可以获得在栈上的 Filter Module 列表
7)Filter Drivers 可以过滤下层网络适配器上绝大部分的通信。Filter Module 不联结某特定的
绑定(Filter modules are not associated with any particular binding between overlying
protocol drivers and the miniport adapter.)
8)Filter Drivers 可以选择为过滤服务也可以选择为分流的不过滤服务,选择为哪一种是可
以动态配置的(Filter drivers can select the services that are filtered and can be bypassed for
the services that are not filtered. The selection of the services that are bypassed and the
services that are filtered can be reconfigured dynamically.)
9)NDIS 保证有效的上下文空间,也不就是说 Filter Drivers 不要需要通代码 COPY 缓冲区来
获得上下文空间
1.2 Filter Drivers 服务
Filter Drivers 提供发下服务:
1) 发起一个发送请求和接收指示
2) 改变数据缓冲区的顺序或对发送和接收数据进行调速
3) 在一个驱动栈的接收或发送路径上更改、删除、添加数据
4) 发起查询或设置 OID 的请求给下层驱动
5) 过滤对下层驱动的 OID 查询或设置请求
6) 过滤从下层驱动传来的 OID 查询和设置请求的应答
7) 发起一个状态指示给上层的设备
8) 过滤从下层传来的状态指示
9) 管理注册表中每一个微端口适配器和其接口的参数
1.3 Filter Drivers 类型
下面是两种主要类型的 Filter Drivers:
1) Monitoring
这种类型可以在驱动栈上做监视行为,但是它不能在驱动栈上进行数据修改行为。
Monitoring Filter Drivers 不在修改或发起数据。
2) Modifying
这种类型可以在驱动栈上做更改行为,该类修改类型是特定于驱动的( The type of
modification is driver‐specific)。
在驱动的安装 INF 文件中 FilterType 的值是 0x00000001 就是一个 monitoring filter,如果
是 0x00000002 就是一个 modifying filter。
你可以指定一个过滤驱动是 mandatory(强制)的(也是在配置 INF 文件中指定个特征),
它通常用在 modifying filter 驱动上,如果一个 mandatory 的 Filter 驱动不能被加载,那么它
联结的驱动栈将被拆除。
1.4 Mandatory Filter Drivers
Mandatory Filter Drivers 必须存在于驱动栈上,驱动栈才能正常工作。如果一个
Mandatory Filter Module 不附加,那么驱动栈也将会被拆除。Modifying 或 Monitoring 类型的
Filter Drivers 可以被指定为 Mandatory(强制)的。 所有中间层过滤驱动(filter intermediate
drivers)都是可选的(与 Mandatory 相对,就是说如果不存在驱动栈也不被拆除)
要附加一个 Mandatory Filter Drivers 在一个驱动栈上,NDIS 先解绑定所有协议驱动,附
加 Filter Module 后再重新绑定协议驱动。如果不能成功附加 Filter Drivers 那么拆除驱动栈的
下边界。
要分离一个 Mandatory Filter Drivers 在一个驱动栈上,NDIS 先解绑定所有协议驱动,分
离 Filter Module 后重新绑定协议驱动。要分离一个 optional Filter Drivers(可选 Filter Drivers,
与 Mandatory(强制) Filter Drivers 相对)时,NDIS 只暂停驱动栈,分离后重起驱动栈这时
并不解绑定协议驱动。
如果计算机重起,如果一个 Mandatory Filter Drivers 还没有附加到微端口适配器
(miniport adapter)这时 NDIS 是不会绑定协议驱动的。
在安装时用的 INF 文件中指是驱动是 Mandatory 还是 Optional。在 INF 文件在指定
FilterRunType 为 0x00000001 代表驱动是 Mandatory,指定 0x00000002 代表是 Optional。
下面列出 DDK 所有例子 filter 中的 INF 文件的一个相关节,内容如下:
;‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ; Ndi installation support ;‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ [Inst_Ndi] HKR, Ndi,Service,,"NdisMon" HKR, Ndi,CoServices,0x00010000,"NdisMon" HKR, Ndi,HelpText,,%NdisMon_HelpText% HKR, Ndi,FilterClass,, compression [COLOR="Blue"]HKR, Ndi,FilterType,0x00010001,0x00000001 [/COLOR] HKR, Ndi\Interfaces,UpperRange,,"noupper" HKR, Ndi\Interfaces,LowerRange,,"nolower" HKR, Ndi\Interfaces, FilterMediaTypes,,"ethernet" [COLOR="Red"]HKR, Ndi,FilterRunType, 0x00010001, 1 [/COLOR]
NDIS_STATUS NdisFRegisterFilterDriver( IN PDRIVER_OBJECT DriverObject, IN NDIS_HANDLE FilterDriverContext, IN PNDIS_FILTER_DRIVER_CHARACTERISTICS FilterCharacteristics, OUT PNDIS_HANDLE NdisFilterDriverHandle );
typedef struct _NDIS_FILTER_DRIVER_CHARACTERISTICS {
NDIS_OBJECT_HEADER Header;
UCHAR MajorNdisVersion;
UCHAR MinorNdisVersion;
UCHAR MajorDriverVersion;
UCHAR MinorDriverVersion;
ULONG Flags;
NDIS_STRING FriendlyName;
NDIS_STRING UniqueName;
NDIS_STRING ServiceName;
SET_OPTIONS_HANDLER SetOptionsHandler;
FILTER_SET_FILTER_MODULE_OPTIONS_HANDLER SetFilterModuleOptionsHandler;
FILTER_ATTACH_HANDLER AttachHandler;
FILTER_DETACH_HANDLER DetachHandler;
FILTER_RESTART_HANDLER RestartHandler;
FILTER_PAUSE_HANDLER PauseHandler;
FILTER_SEND_NET_BUFFER_LISTS_HANDLER SendNetBufferListsHandler;
FILTER_SEND_NET_BUFFER_LISTS_COMPLETE_HANDLER SendNetBufferListsCompleteHandler;
FILTER_CANCEL_SEND_HANDLER CancelSendNetBufferListsHandler;
FILTER_RECEIVE_NET_BUFFER_LISTS_HANDLER ReceiveNetBufferListsHandler;
FILTER_RETURN_NET_BUFFER_LISTS_HANDLER ReturnNetBufferListsHandler;
FILTER_OID_REQUEST_HANDLER OidRequestHandler;
FILTER_OID_REQUEST_COMPLETE_HANDLER OidRequestCompleteHandler;
FILTER_CANCEL_OID_REQUEST_HANDLER CancelOidRequestHandler;
FILTER_DEVICE_PNP_EVENT_NOTIFY_HANDLER DevicePnPEventNotifyHandler;
FILTER_NET_PNP_EVENT_HANDLER NetPnPEventHandler;
FILTER_STATUS_HANDLER StatusHandler;
FILTER_DIRECT_OID_REQUEST_HANDLER DirectOidRequestHandler;
FILTER_DIRECT_OID_REQUEST_COMPLETE_HANDLER DirectOidRequestCompleteHandler;
FILTER_CANCEL_DIRECT_OID_REQUEST_HANDLER CancelDirectOidRequestHandler;
} NDIS_FILTER_DRIVER_CHARACTERISTICS, *PNDIS_FILTER_DRIVER_CHARACTERISTICS;
NDIS_STATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
NDIS_STATUS Status;
NDIS_FILTER_DRIVER_CHARACTERISTICS FChars;
NDIS_STRING ServiceName;
NDIS_STRING UniqueName;
NDIS_STRING FriendlyName;
DEBUGP(DL_TRACE,("===>DriverEntry...\n"));
RtlInitUnicodeString(&ServiceName, FILTER_SERVICE_NAME);
RtlInitUnicodeString(&FriendlyName, FILTER_FRIENDLY_NAME);
RtlInitUnicodeString(&UniqueName, FILTER_UNIQUE_NAME);
FilterDriverObject = DriverObject;
do
{
NdisZeroMemory(&FChars, sizeof(NDIS_FILTER_DRIVER_CHARACTERISTICS));
FChars.Header.Type = NDIS_OBJECT_TYPE_FILTER_DRIVER_CHARACTERISTICS;
FChars.Header.Size = sizeof(NDIS_FILTER_DRIVER_CHARACTERISTICS);
FChars.Header.Revision = NDIS_FILTER_CHARACTERISTICS_REVISION_1;
FChars.MajorNdisVersion = FILTER_MAJOR_NDIS_VERSION;
FChars.MinorNdisVersion = FILTER_MINOR_NDIS_VERSION;
FChars.MajorDriverVersion = 1;
FChars.MinorDriverVersion = 0;
FChars.Flags = 0;
FChars.FriendlyName = FriendlyName;
FChars.UniqueName = UniqueName;
FChars.ServiceName = ServiceName;
//
// for the time being, there is no additional options to register
// but let's have this handler anyway
//
FChars.SetOptionsHandler = FilterRegisterOptions;
FChars.AttachHandler = FilterAttach;
FChars.DetachHandler = FilterDetach;
FChars.RestartHandler = FilterRestart;
FChars.PauseHandler = FilterPause;
FChars.SetFilterModuleOptionsHandler = FilterSetModuleOptions;
FChars.OidRequestHandler = FilterOidRequest;
FChars.OidRequestCompleteHandler = FilterOidRequestComplete;
FChars.CancelOidRequestHandler = FilterCancelOidRequest;
FChars.SendNetBufferListsHandler = FilterSendNetBufferLists;
FChars.ReturnNetBufferListsHandler = FilterReturnNetBufferLists;
FChars.SendNetBufferListsCompleteHandler =
FilterSendNetBufferListsComplete;
FChars.ReceiveNetBufferListsHandler = FilterReceiveNetBufferLists;
FChars.DevicePnPEventNotifyHandler = FilterDevicePnPEventNotify;
FChars.NetPnPEventHandler = FilterNetPnPEvent;
FChars.StatusHandler = FilterStatus;
FChars.CancelSendNetBufferListsHandler = FilterCancelSendNetBufferLists;
DriverObject->DriverUnload = FilterUnload;
FilterDriverHandle = NULL;
FILTER_INIT_LOCK(&FilterListLock);
InitializeListHead(&FilterModuleList);
Status = NdisFRegisterFilterDriver(DriverObject,
(NDIS_HANDLE)FilterDriverObject,
&FChars,
&FilterDriverHandle);
if (Status != NDIS_STATUS_SUCCESS)
{
DEBUGP(DL_WARN, ("MSFilter: Register filter driver failed.\n"));
break;
}
//
// Initilize spin locks
//
Status = FilterRegisterDevice();
if (Status != NDIS_STATUS_SUCCESS)
{
NdisFDeregisterFilterDriver(FilterDriverHandle);
FILTER_FREE_LOCK(&FilterListLock);
DEBUGP(DL_WARN, ("MSFilter: Register device for the filter driver
failed.\n"));
break;
}
}
while(FALSE);
DEBUGP(DL_TRACE, ("<===DriverEntry, Status = %8x\n", Status));
return Status;
}
VOID
FilterUnload(
IN PDRIVER_OBJECT DriverObject
)
{
DEBUGP(DL_TRACE, ("===>FilterUnload\n"));
//
// Should free the filter context list
//
FilterDeregisterDevice();
NdisFDeregisterFilterDriver(FilterDriverHandle);
#if DBG
FILTER_ACQUIRE_LOCK(&FilterListLock, FALSE);
ASSERT(IsListEmpty(&FilterModuleList));
FILTER_RELEASE_LOCK(&FilterListLock, FALSE);
#endif
FILTER_FREE_LOCK(&FilterListLock);
DEBUGP(DL_TRACE, ("<===FilterUnload\n"));
return;
}
NDIS_STATUS FilterAttach( IN NDIS_HANDLE NdisFilterHandle, IN NDIS_HANDLE FilterDriverContext, IN PNDIS_FILTER_ATTACH_PARAMETERS AttachParameters );
NDIS_STATUS NdisFSetAttributes( IN NDIS_HANDLE NdisFilterHandle, IN NDIS_HANDLE FilterModuleContext, IN PNDIS_FILTER_ATTRIBUTES FilterAttributes );
NDIS_STATUS
FilterAttach(
IN NDIS_HANDLE NdisFilterHandle,
IN NDIS_HANDLE FilterDriverContext,
IN PNDIS_FILTER_ATTACH_PARAMETERS AttachParameters
)
{
PMS_FILTER pFilter = NULL;
NDIS_STATUS Status = NDIS_STATUS_SUCCESS;
PFL_NDIS_FILTER_LIST FilterHandleEntry;
NDIS_FILTER_ATTRIBUTES FilterAttributes;
ULONG Size;
DEBUGP(DL_TRACE, ("===>FilterAttach: NdisFilterHandle %p\n",
NdisFilterHandle));
do
{
ASSERT(FilterDriverContext == (NDIS_HANDLE)FilterDriverObject);
if (FilterDriverContext != (NDIS_HANDLE)FilterDriverObject)
{
Status = NDIS_STATUS_INVALID_PARAMETER;
break;
}
if (AttachParameters->MiniportMediaType != NdisMedium802_3)
{
DEBUGP(DL_ERROR, ("MSFilter: Doesn't support media type other than
NdisMedium802_3.\n"));
Status = NDIS_STATUS_INVALID_PARAMETER;
break;
}
Size = sizeof(MS_FILTER) +
AttachParameters->FilterModuleGuidName->Length +
AttachParameters->BaseMiniportInstanceName->Length +
AttachParameters->BaseMiniportName->Length;
pFilter = (PMS_FILTER)FILTER_ALLOC_MEM(NdisFilterHandle, Size);
if (pFilter == NULL)
{
DEBUGP(DL_WARN, ("MSFilter: Failed to allocate context
structure.\n"));
Status = NDIS_STATUS_RESOURCES;
break;
}
NdisZeroMemory(pFilter, sizeof(MS_FILTER));
pFilter->FilterModuleName.Length =
pFilter->FilterModuleName.MaximumLength =
AttachParameters->FilterModuleGuidName->Length;
pFilter->FilterModuleName.Buffer = (PWSTR)((PUCHAR)pFilter +
sizeof(MS_FILTER));
NdisMoveMemory(pFilter->FilterModuleName.Buffer,
AttachParameters->FilterModuleGuidName->Buffer,
pFilter->FilterModuleName.Length);
pFilter->MiniportFriendlyName.Length =
pFilter->MiniportFriendlyName.MaximumLength =
AttachParameters->BaseMiniportInstanceName->Length;
pFilter->MiniportFriendlyName.Buffer =
(PWSTR)((PUCHAR)pFilter->FilterModuleName.Buffer +
pFilter->FilterModuleName.Length);
NdisMoveMemory(pFilter->MiniportFriendlyName.Buffer,
AttachParameters->BaseMiniportInstanceName->Buffer,
pFilter->MiniportFriendlyName.Length);
pFilter->MiniportName.Length = pFilter->MiniportName.MaximumLength =
AttachParameters->BaseMiniportName->Length;
pFilter->MiniportName.Buffer =
(PWSTR)((PUCHAR)pFilter->MiniportFriendlyName.Buffer +
pFilter->MiniportFriendlyName.Length);
NdisMoveMemory(pFilter->MiniportName.Buffer,
AttachParameters->BaseMiniportName->Buffer,
pFilter->MiniportName.Length);
pFilter->MiniportIfIndex = AttachParameters->BaseMiniportIfIndex;
//
// The filter should intialize NoTrackReceives and NoTrackSends properly,
for this
// driver, since its default characteristic has both send and receive
handler, they
// are initiazed to FALSE.
//
pFilter->TrackReceives = TRUE;
pFilter->TrackSends = TRUE;
pFilter->FilterHandle = NdisFilterHandle;
NdisZeroMemory(&FilterAttributes, sizeof(NDIS_FILTER_ATTRIBUTES));
FilterAttributes.Header.Revision = NDIS_FILTER_ATTRIBUTES_REVISION_1;
FilterAttributes.Header.Size = sizeof(NDIS_FILTER_ATTRIBUTES);
FilterAttributes.Header.Type = NDIS_OBJECT_TYPE_FILTER_ATTRIBUTES;
FilterAttributes.Flags = 0;
Status = NdisFSetAttributes(NdisFilterHandle,
pFilter,
&FilterAttributes);
if (Status != NDIS_STATUS_SUCCESS)
{
DEBUGP(DL_WARN, ("MSFilter: Failed to set attributes.\n"));
break;
}
pFilter->State = FilterPaused;
FILTER_ACQUIRE_LOCK(&FilterListLock, FALSE);
InsertHeadList(&FilterModuleList, &pFilter->FilterModuleLink);
FILTER_RELEASE_LOCK(&FilterListLock, FALSE);
}
while (FALSE);
if (Status != NDIS_STATUS_SUCCESS)
{
if (pFilter != NULL)
{
FILTER_FREE_MEM(pFilter);
}
}
DEBUGP(DL_TRACE, ("<===FilterAttach:
Status %x\n", Status));
return Status;
}
VOID
FilterDetach(
IN NDIS_HANDLE FilterModuleContext
)
{
PMS_FILTER
PFL_NDIS_FILTER_LIST
PLIST_ENTRY
pFilter = (PMS_FILTER)FilterModuleContext;
pEntry;
pLink;
DEBUGP(DL_TRACE, ("===>FilterDetach:
FilterInstance %p\n",
FilterModuleContext));
//
// Filter must be in paused state
//
FILTER_ASSERT(pFilter->State == FilterPaused);
//
// Don't come up anything that would prevent the filter from detaching
//
//
// Free filter instance name if allocated.
//
if (pFilter->FilterName.Buffer != NULL)
{
FILTER_FREE_MEM(pFilter->FilterName.Buffer);
}
FILTER_ACQUIRE_LOCK(&FilterListLock, FALSE);
RemoveEntryList(&pFilter->FilterModuleLink);
FILTER_RELEASE_LOCK(&FilterListLock, FALSE);
//
// Free the memory allocated
FILTER_FREE_MEM(pFilter);
//
// Alway return success
//
DEBUGP(DL_TRACE, ("<===FilterDetach Successfully\n"));
return;
}
NDIS_STATUS
FilterRestart(
IN NDIS_HANDLE FilterModuleContext,
IN PNDIS_FILTER_RESTART_PARAMETERS RestartParameters
)
{
NDIS_STATUS Status;
PMS_FILTER pFilter = (PMS_FILTER)FilterModuleContext; // BUGBUG, the cast
may be wrong
NDIS_HANDLE ConfigurationHandle = NULL;
PNDIS_RESTART_GENERAL_ATTRIBUTES NdisGeneralAttributes;
PNDIS_RESTART_ATTRIBUTES NdisRestartAttributes;
NDIS_CONFIGURATION_OBJECT ConfigObject;
DEBUGP(DL_TRACE, ("===>FilterRestart:
FilterModuleContext %p\n",
FilterModuleContext));
FILTER_ASSERT(pFilter->State == FilterPaused);
ConfigObject.Header.Type = NDIS_OBJECT_TYPE_CONFIGURATION_OBJECT;
ConfigObject.Header.Revision = NDIS_CONFIGURATION_OBJECT_REVISION_1;
ConfigObject.Header.Size = sizeof(NDIS_CONFIGURATION_OBJECT);
ConfigObject.NdisHandle = FilterDriverHandle;
ConfigObject.Flags = 0;
Status = NdisOpenConfigurationEx(&ConfigObject, &ConfigurationHandle);
if (Status != NDIS_STATUS_SUCCESS)
{
//
// Filter driver can choose to fail the restart if it cannot open the
configuration
//
#if 0
//
// The code is here just to demonstrate how to call NDIS to write an eventlog.
If drivers need to write
// an event log.
//
PWCHAR
ErrorString = L"NdisMon";
DEBUGP(DL_WARN, ("FilterRestart: Cannot open configuration.\n"));
NdisWriteEventLogEntry(FilterDriverObject,
EVENT_NDIS_DRIVER_FAILURE,
0,
1,
&ErrorString,
sizeof(Status),
&Status);
#endif
}
if (Status == NDIS_STATUS_SUCCESS)
{
NdisCloseConfiguration(ConfigurationHandle);
}
NdisRestartAttributes = RestartParameters->RestartAttributes;
//
// If NdisRestartAttributes is not NULL, then miniport can modify generic
attributes and add
// new media specific info attributes at the end. Otherwise, NDIS restarts the
miniport because
// of other reason, miniport should not try to modify/add attributes
//
if (NdisRestartAttributes != NULL)
{
PNDIS_RESTART_ATTRIBUTES NextAttributes;
ASSERT(NdisRestartAttributes->Oid ==
OID_GEN_MINIPORT_RESTART_ATTRIBUTES);
NdisGeneralAttributes =
(PNDIS_RESTART_GENERAL_ATTRIBUTES)NdisRestartAttributes->Data;
//
// Check to see if we need to change any attributes, for example, the driver
can change the current
// MAC address here. Or the driver can add media specific info attributes.
//
NdisGeneralAttributes->LookaheadSize = 128;
//
// Check the next attributes to see whether the filter need to modify
//
NextAttributes = NdisRestartAttributes->Next;
while (NextAttributes != NULL)
{
//
// If somehow the filter needs to change a attributes which requires
more space then
// the current attributes:
// 1. Remove the attribute from the Attributes list:
// TempAttributes = NextAttributes;
// NextAttributes = NextAttributes->Next;
// 2. Free the memory for the current attributes:
NdisFreeMemory(TempAttributes, 0 , 0);
// 3. Dynamically allocate the memory for the new attributes by calling
// NdisAllocateMemoryWithTagPriority:
// NewAttributes = NdisAllocateMemoryWithTagPriority(Handle, size,
Priority);
// 4. Fill in the new attribute
// 5. NewAttributes->Next = NextAttributes;
// 6. NextAttributes = NewAttributes; // Just to make the next statement
works.
//
NextAttributes = NextAttributes->Next;
}
//
}
//
// If everything is OK, set the filter in running state
// If it get preempted, it doesn't matter
//
pFilter->State = FilterRunning; // when successful
Status = NDIS_STATUS_SUCCESS;
if (Status != NDIS_STATUS_SUCCESS)
{
pFilter->State = FilterPaused;
}
DEBUGP(DL_TRACE, ("<===FilterRestart: FilterModuleContext %p, Status %x\n",
FilterModuleContext, Status));
return Status;
}
NDIS_STATUS
FilterPause(
IN NDIS_HANDLE FilterModuleContext,
IN PNDIS_FILTER_PAUSE_PARAMETERS PauseParameters
)
{
PMS_FILTER pFilter = (PMS_FILTER)(FilterModuleContext);
NDIS_STATUS Status;
UNREFERENCED_PARAMETER(PauseParameters);
DEBUGP(DL_TRACE, ("===>NDISMON FilterPause: FilterInstance %p\n",
FilterModuleContext));
//
// Set the flag that the filter is going to pause
//
FILTER_ASSERT(pFilter->State == FilterRunning);
FILTER_ACQUIRE_LOCK(&pFilter->Lock, FALSE);
pFilter->State = FilterPausing;
FILTER_RELEASE_LOCK(&pFilter->Lock, FALSE);
Status = NDIS_STATUS_SUCCESS;
pFilter->State = FilterPaused;
DEBUGP(DL_TRACE, ("<===FilterPause: Status %x\n", Status));
return Status;
}
Class = NetService
ClassGUID = {4D36E974‐E325‐11CE‐BFC1‐08002BE10318}
[Install]
AddReg=Inst_Ndi
Characteristics=0x40000
NetCfgInstanceId="{5cbf81bd‐5055‐47cd‐9055‐a76b2b4e3697}"
Copyfiles = NdisMon.copyfiles.sys
[Install]
AddReg=Inst_Ndi
Characteristics=0x40000
NetCfgInstanceId="{5cbf81bd‐5055‐47cd‐9055‐a76b2b4e3697}"
Copyfiles = NdisMon.copyfiles.sys
[Install]
AddReg=Inst_Ndi
Characteristics=0x40000
NetCfgInstanceId="{5cbf81bd‐5055‐47cd‐9055‐a76b2b4e3697}"
Copyfiles = NdisMon.copyfiles.sys
[Inst_Ndi]
HKR, Ndi,Service,,"NdisMon"
HKR, Ndi,CoServices,0x00010000,"NdisMon"
HKR, Ndi,HelpText,,%NdisMon_HelpText%
HKR, Ndi,FilterClass,, compression
HKR, Ndi,FilterType,0x00010001,0x00000002
HKR, Ndi\Interfaces,UpperRange,,"noupper"
HKR, Ndi\Interfaces,LowerRange,,"nolower"
HKR, Ndi\Interfaces, FilterMediaTypes,,"ethernet"
HKR, Ndi,FilterRunType, 0x00010001, 1
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
|
|
|---|---|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
