先不说啥 贴代码
NTSTATUS DriverEntry(PDRIVER_OBJECT driver, PUNICODE_STRING reg_path)
{
DbgPrint("driver entry.\n");
NTSTATUS stats;
INT i;
driver->DriverUnload = Unload;
for (i = 0; i < IRP_MJ_MAXIMUM_FUNCTION ; i++)
{
driver->MajorFunction[i] = mydispatch;
}
UNICODE_STRING tcpname = RTL_CONSTANT_STRING(L"\\Device\\Tcp");
stats = attachdevice(driver, &tcpname);
if (!NT_SUCCESS(stats))
{
DbgPrint("attached tcp faild...\n");
return stats;
}
return STATUS_SUCCESS;
}
在入口函数里 我只绑定TCP设备;
NTSTATUS attachdevice(PDRIVER_OBJECT driver, PUNICODE_STRING attname)
{
PDEVICE_OBJECT fltdevice;
PDEVICE_OBJECT oldevice;
PDEVEX devicex;
NTSTATUS stats;
stats = IoCreateDevice(driver, sizeof(DEVEX), NULL, FILE_DEVICE_UNKNOWN, 0, TRUE, &fltdevice);
if (!NT_SUCCESS(stats))
{
DbgPrint("create device failed...\n");
return stats;;
}
fltdevice->Flags |= DO_DIRECT_IO;
devicex = (PDEVEX)fltdevice->DeviceExtension;
devicex->fltdev = fltdevice;
DbgPrint("create devce success\n");
stats = IoAttachDevice(fltdevice, attname, &oldevice);
if (!NT_SUCCESS(stats))
{
DbgPrint("attached failed...\n");
IoDeleteDevice(fltdevice);
return stats;
}
devicex->fltdev = oldevice;
DbgPrint("attach device success1.\n");
return STATUS_SUCCESS;
}//生成过滤设备 并绑定。
NTSTATUS mydispatch(PDEVICE_OBJECT device, PIRP pirp)
{
NTSTATUS stats;
PDEVICE_OBJECT lowdevice;
PDEVEX devicex;
devicex = (PDEVEX)device->DeviceExtension;
lowdevice = devicex->lowdev;
if (lowdevice != NULL)
{
IoSkipCurrentIrpStackLocation(pirp);
IoCallDriver(lowdevice, pirp);
DbgPrint("send tcp/udp..\n");
}
else
{
stats = pirp->IoStatus.Status;
IoCompleteRequest(pirp, IO_NO_INCREMENT);
DbgPrint("NOTHING\n");//加载驱动后,一直打印这句,似乎是收到的IRP全部是发向别的设备的。。。。而不是发向我生成的过滤设备
}
return STATUS_SUCCESS;
}//分发函数里什么都不干 直接丢给下一层。
加载这个驱动,问题出现,所有的连接都不能用了,整个电脑都处于断网状态。
我个人的理解是 我既然只绑定了TCP,那么我过滤驱动收到的IRP应该都是发向TCP的,而且我在过滤驱动里什么都没做,直接丢给下一层,应该不会出现断网的问题啊。
求高人指点!!!!本人萌新
[课程]Android-CTF解题方法汇总!
