首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 看雪峰会 看雪商城 证书查询
  1. 社区
  2. 付费问答
    3. 发新帖
[旧帖] [讨论]请大家在此贴发表--破解网络验证的有用工具软件 0.00雪花
发表于: 2007-10-12 08:15 13030

[旧帖] [讨论]请大家在此贴发表--破解网络验证的有用工具软件 0.00雪花

lianzhong 活跃值
2007-10-12 08:15
13030

查看主题内容

收藏
免费 0
支持
分享
最新回复 (27)
lianzhong
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
26
相关的另一点提示
BYTE   btNewBytes[8]   =   {   0x0B8,   0x0,   0x0,   0x40,   0x0,   0x0FF,   0x0E0,   0   };   
                    DWORD   dwOldBytes[3][2];   
                    DWORD   pSend   =   0,pRecv   =   0,dwSize   =   0;   
  HMODULE   hLib   =NULL;   
  hLib   =   LoadLibrary(   "ws2_32.dll"   );   
  pSend   =   (DWORD)GetProcAddress(   hLib,   "send"   );   
  pRecv   =   (DWORD)GetProcAddress(   hLib,   "recv"   );   
  ::ReadProcessMemory(INVALID_HANDLE_value,   (void   *)pSend,   (void   *)dwOldBytes[0],   sizeof(DWORD)*2,   &dwSize   );     
  *(DWORD   *)(   btNewBytes   +   1   )   =   (DWORD)new_send;     
  ::WriteProcessMemory(INVALID_HANDLE_value,   (void   *)pSend,   (void   *)btNewBytes,   sizeof(DWORD)*2,   &dwSize   );
2007-10-19 09:14
0
lianzhong
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
27
网络数据包拦截通用技术
所属类别:VC++
文章作者:甘嘉平 (gjp)
推荐指数:★★☆
文档人气:197
本周人气:7
发布日期:2007-5-24
看到很多仁兄提供的数据包的拦截技术,其中最多的是编写IM DRIVER在NDIS中间层
对MINIPORT(网卡驱动程序)和协议驱动程序之间的数据包进行拦截。这是微软提供的一种技术
但编写该过滤程序拦截程序非常的复杂,安装也很麻烦。

本人简单的介绍一种更有效的基于NDIS包拦截技术。

大家都知道,NDIS协议驱动程序是通过填写一张NDIS_PROTOCOL_CHARACTERISTICS的表,并调用NDIS API
函数NdisRegisterProtocol进行注册。现在我们来关注一下NDIS_PROTOCOL_CHARACTERISTICS这张表,
这张表中存有所有协议驱动程序与底层的派发函数的入口。如SendHandler,ReceiveHandler,BindAdapterHandler等,
当网卡有数据包进入时,会通过表中ReceiveHandle 或ReceivePacketHandler通知协议驱动程序有一个该协议
的数据包进入,反之协议驱动程序是通过SendHandler或SendPacketsHandler函数向网卡驱动发送数据包到网络
上去的,有人会奇怪程序中明明不是调用NdisSend或NdisSendPackets函数发送的吗?没错,是这样的,
但是你可以看一下NDIS。H的头文件里对这两个函数的定义就知道了,他们都是一个
宏定义实际还是通过这表中SendHandler或SendPacketsHandler发送的。

现在我们所要做的事情应该很清楚了,只要我们能够将每一个协议程序所填写的NDIS_PROTOCOL_CHARACTERISTICS
表里的派发函数指向自己的函数,我们就能成功的对数据包进行拦截。那么每个协议驱动程序的这张表到底存放在
那里呢?太简单了,看一下下面的我对NdisRegisterProtocol重新给出的原型就很明白了。

struct _NDIS_PROTOCOL_BLOCK
{
PNDIS_OPEN_BLOCK OpenQueue; // queue of opens for this protocol
REFERENCE Ref; // contains spinlock for OpenQueue
UINT Length; // of this NDIS_PROTOCOL_BLOCK struct
NDIS50_PROTOCOL_CHARACTERISTICS ProtocolCharacteristics;// handler addresses

struct _NDIS_PROTOCOL_BLOCK * NextProtocol; // Link to next
ULONG MaxPatternSize;
#if defined(NDIS_WRAPPER)
//
// Protocol filters
//
struct _NDIS_PROTOCOL_FILTER * ProtocolFilter[NdisMediumMax+1];
WORK_QUEUE_ITEM WorkItem; // Used during NdisRegisterProtocol to
// notify protocols of existing drivers.
KMUTEX Mutex; // For serialization of Bind/Unbind requests
PKEVENT DeregEvent; // Used by NdisDeregisterProtocol
#endif
};
typedef struct _NDIS_PROTOCOL_BLOCK NDIS_PROTOCOL_BLOCK, *PNDIS_PROTOCOL_BLOCK;

EXPORT
VOID
NdisRegisterProtocol(
OUT PNDIS_STATUS Status,
OUT PNDIS_PROTOCOL_BLOCK NdisProtocolHandle, /*注意NDIS_HANDLE所指向的就是PNDIS_PROTOCOL_BLOCK的结构,不要有什么怀疑。*/
IN PNDIS_PROTOCOL_CHARACTERISTICS ProtocolCharacteristics,
IN UINT CharacteristicsLength
);

NDIS_PROTOCOL_BLOCK(协议表) 是NDIS维护所有系统中已注册协义的单向链接表。字段NextProtocol指向下一个协议表。
庆幸的是,当我们注册一新的协议时,NDIS总是会把新注册的协义放在链表的头并返回这张表,所以只要我们注册一个新的协议
通过新协议注册返回的链表头就可以轻而易举的遍历系统中所有协议表.现在我们所希望得到的每个协议的
NDIS_PROTOCOL_CHARACTERISTICS表就放在我们面前了,如何勾挂表中的派发函数,我想不必多说了吧。顺便说一句
NDISREGISTERPROTOCOL为NDIS_PROTOCOL_BLOCK所分配的内存是NonPagedPool类型的。对于核心DRIVER来说,核心区内存
是一个线性的内存区,所有核心DRIVER是可以随便访问核心内存区的任意地址。所要注意的是不同IRQL级别下对分页
和非分页内存。

有人会问这样就行了吗?真的拦截下来了吗?如果有那位仁兄心急现在就写程序的话,
准会失望的,因为他会发现结果什么东西都没拦截到或偶而会拦截到一些数据包。为什么?
因为NDIS网卡驱动和协议驱动在发送和接收到数居时并不是调用PNDIS_OPEN_BLOCK->ProtocolCharacteristics
里的派发函数。怎么办?
有必要先介绍一下NDIS网卡驱动和协议驱动之间是如何BINDING 的吧,
NdisRegisterProtocol在注册完一个协议后,不久NDIS会通过调用表中
BindAdapterHandler派发函数,通知协议对每一个网卡进行BINDING。或者当系统通PNP找到一块新的网卡时
也会调用BindAdapterHandler对协议进行BINDING。协议在BINDING 调用里,会根据自己的需要使用NdisOpenAdapter
将自身绑定到适合的网卡。并返回NdisBindingHandle.NdisBindingHandle是什么?NdisBindingHandl其实是
指向NDIS_OPEN_BLOCK表的一根指针,那么NDIS_OPEN_BLOCK表有什么用呢?当协议顺利的绑定后,每个绑定的网卡
和每一个协议之间建立了数据传输的通道,而NDIS_OPEN_BLOCK就是用来维护这一数据通道的表。
struct _NDIS_OPEN_BLOCK
{
PNDIS_MAC_BLOCK MacHandle; // pointer to our MAC
NDIS_HANDLE MacBindingHandle; // context when calling MacXX funcs
PNDIS_ADAPTER_BLOCK AdapterHandle; // pointer to our adapter
PNDIS_PROTOCOL_BLOCK ProtocolHandle; // pointer to our protocol
NDIS_HANDLE ProtocolBindingContext;// context when calling ProtXX funcs
PNDIS_OPEN_BLOCK AdapterNextOpen; // used by adapter\'s OpenQueue
PNDIS_OPEN_BLOCK ProtocolNextOpen; // used by protocol\'s OpenQueue
PFILE_OBJECT FileObject; // created by operating system
BOOLEAN Closing; // TRUE when removing this struct
BOOLEAN Unloading; // TRUE when processing unload
BOOLEAN NoProtRsvdOnRcvPkt; // Reflect the protocol_options
NDIS_HANDLE CloseRequestHandle; // 0 indicates an internal close
KSPIN_LOCK SpinLock; // guards Closing
PNDIS_OPEN_BLOCK NextGlobalOpen;

//
// These are optimizations for getting to MAC routines. They are not
// necessary, but are here to save a dereference through the MAC block.
//
SEND_HANDLER SendHandler;
TRANSFER_DATA_HANDLER TransferDataHandler;

//
// These are optimizations for getting to PROTOCOL routines. They are not
// necessary, but are here to save a dereference through the PROTOCOL block.
//
SEND_COMPLETE_HANDLER SendCompleteHandler;
TRANSFER_DATA_COMPLETE_HANDLER TransferDataCompleteHandler;
RECEIVE_HANDLER ReceiveHandler;
RECEIVE_COMPLETE_HANDLER ReceiveCompleteHandler;

//
// Extentions to the OPEN_BLOCK since Product 1.
//
RECEIVE_HANDLER PostNt31ReceiveHandler;
RECEIVE_COMPLETE_HANDLER PostNt31ReceiveCompleteHandler;

//
// NDIS 4.0 extensions
//
RECEIVE_PACKET_HANDLER ReceivePacketHandler;
SEND_PACKETS_HANDLER SendPacketsHandler;

//
// More NDIS 3.0 Cached Handlers
//
RESET_HANDLER ResetHandler;
REQUEST_HANDLER RequestHandler;

//
// Needed for PnP
//
UNICODE_STRING AdapterName; // Upcased name of the adapter we are bound to
};

上面的表结构可以很清楚的看到这张表是一个单向链接表,并且存放了和PNDIS_OPEN_BLOCK->ProtocolCharacteristics
一样的数据收发派发函数,当第N块网卡发送数据包到第N个协议时,就会调用第N个协议与第N个网卡之间建立的
NDIS_OPEN_BLOCK表里的SendHandler或SendPacketHandler。所以我们还需要对这张表里的派发函数进行处理(勾挂)。
那么又如何勾挂协议与网卡之间的NDIS_OPEN_BLOCK表呢。我们再回到NDIS_PROTOCOL_BLOCK这张表中,在
NDIS_PROTOCOL_BLOCK表中字段PNDIS_OPEN_BLOCK OpenQueue;就是所有该协议所有NDIS_OPEN_BLOCK的表头。
通过AdapterNextOpen遍历一下,再勾挂一把。就可以顺利拦截了。

值得注意的是。
1。
NDIS_OPEN_BLOCK
NDIS_PROTOCOL_BLOCK
这些结构不同NDIS版本是不同的,
解决方法是在windows 98和windows95下(ndis 3.1)使用windows98ddk 带的NDIS.H 里的定义
在windows me下(ndis 5.0或4。0)请使用WINDOWS 98ddk里NDIS.H里的定义
nt(ndis4.0)用NTDDK里的定议,以此类推,2000(ndis5.0)
2。不要重复勾挂同一个函数。
2007-10-19 09:26
0
lianzhong
雪    币: 200
活跃值: (10)
能力值: ( LV2,RANK:10 )
在线值:
发帖
回帖
粉丝
私信
28
下面是一本书里的源代码FilterTdiDriver,但它只是实现了截获IRP请求并把它直接转发到了底层,并未作任何处理。
PACKET.H
#define DD_TCP_DEVICE_NAME L\"\\\\Device\\\\Tcp\"
#define TDIH_TCP_DEVICE_NAME L\"\\\\Device\\\\TonyTcpFilter\"
#define TDIH_DEV_EXT_ATTACHED (0x00000001)
/**************************************************************************
每一个结构必须有一个唯一的“node type”或者一个联合签名
**************************************************************************/
#define TDIH_NODE_TYPE_TCP_FILTER_DEVICE (0xfdecba12)

/*
输出调试信息
*/
#define DBGPRINT(Fmt) \\
{ \\
DbgPrint(\" ***FilterTdiDriver.sys*** \"); \\
DbgPrint (Fmt); \\
}

/*
进行64位数值的处理,请参阅DDK帮助文档关于RtlLargeIntegerEqualToZero的解释
*/
#define UTIL_IsLargeIntegerZero(ReturnValue, LargeIntegerOp, pSpinLock) \\
{ \\
KIRQL OldIrql; \\
KeAcquireSpinLock(pSpinLock, &OldIrql); \\
ASSERT(RtlLargeIntegerGreaterOrEqualToZero((LargeIntegerOp))); \\
ReturnValue = RtlLargeIntegerEqualToZero((LargeIntegerOp)); \\
KeReleaseSpinLock(pSpinLock, OldIrql); \\
}

//――――――――――――――――――――――――――――――――――――――
// 用来保存驱动程序相关信息的自定义结构类型,这个结构类型可以绑定到
// DEVICE_OBJECT对象的DeviceExtension成员变量之上,随着DEVICE_OBJECT对象在
// 不同的函数之间传递
//
typedef struct _TDIH_DeviceExtension
{

ULONG NodeType; // 标识这个结构
ULONG NodeSize; // 这个结构的大小
PDEVICE_OBJECT pFilterDeviceObject; // 过滤设备对象
KSPIN_LOCK IoRequestsSpinLock; // 同时调用时的保护锁
KEVENT IoInProgressEvent; // 进程间同步处理
ULONG DeviceExtensionFlags; // 设备标志
PDEVICE_OBJECT TargetDeviceObject; // 绑定的设备对象
PFILE_OBJECT TargetFileObject; // 绑定设备的文件对象
PDEVICE_OBJECT LowerDeviceObject; // 绑定前底层设备对象
LARGE_INTEGER OutstandingIoRequests;

} TDIH_DeviceExtension, *PTDIH_DeviceExtension;

///////////////////////////////////////////////////////////////////////

NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
);

VOID
PacketUnload(
IN PDRIVER_OBJECT DriverObject
);

NTSTATUS
PacketDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
);

NTSTATUS
PacketCompletion(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
);

NTSTATUS
TCPFilter_Attach(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
);

NTSTATUS
TCPFilter_InitDeviceExtension(
IN PTDIH_DeviceExtension pTDIH_DeviceExtension,
IN PDEVICE_OBJECT pFilterDeviceObject,
IN PDEVICE_OBJECT pTargetDeviceObject,
IN PFILE_OBJECT pTargetFileObject,
IN PDEVICE_OBJECT pLowerDeviceObject
);

VOID
TCPFilter_Detach(
IN PDEVICE_OBJECT pDeviceObject
);

Packet.c
#include
#include
#include
#include \"packet.h\"

NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
NTSTATUS status = 0;
ULONG i;

DBGPRINT(\"DriverEntry Loading...\\n\");
DriverObject->DriverUnload = PacketUnload;

for (i=0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++)
{
DriverObject->MajorFunction = PacketDispatch;
}

status = TCPFilter_Attach(DriverObject,RegistryPath);

return status;
}

VOID
PacketUnload(
IN PDRIVER_OBJECT DriverObject
)
{
PDEVICE_OBJECT DeviceObject;
PDEVICE_OBJECT OldDeviceObject;
PTDIH_DeviceExtension pTDIH_DeviceExtension;

DBGPRINT(\"DriverEntry unLoading...\\n\");

DeviceObject = DriverObject->DeviceObject;

while (DeviceObject != NULL)
{
OldDeviceObject = DeviceObject;
pTDIH_DeviceExtension
= (PTDIH_DeviceExtension )DeviceObject->DeviceExtension;
if( pTDIH_DeviceExtension->NodeType
== TDIH_NODE_TYPE_TCP_FILTER_DEVICE )
TCPFilter_Detach( DeviceObject ); // Calls IoDeleteDevice
else
IoDeleteDevice(OldDeviceObject);
DeviceObject = DeviceObject->NextDevice;
}
}

NTSTATUS
PacketDispatch(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
NTSTATUS RC = STATUS_SUCCESS;
PTDIH_DeviceExtension pTDIH_DeviceExtension;
PIO_STACK_LOCATION IrpStack;
PIO_STACK_LOCATION NextIrpStack;

pTDIH_DeviceExtension
= (PTDIH_DeviceExtension )(DeviceObject->DeviceExtension);

IrpStack = IoGetCurrentIrpStackLocation(Irp);

switch(IrpStack->MajorFunction)
{
case IRP_MJ_CREATE:
DBGPRINT(\"PacketDispatch(IRP_MJ_CREATE)...\\n\");
break;
case IRP_MJ_CLOSE:
DBGPRINT(\"PacketDispatch(IRP_MJ_CLOSE)...\\n\");
break;
case IRP_MJ_CLEANUP:
DBGPRINT(\"PacketDispatch(IRP_MJ_CLEANUP)...\\n\");
break;
case IRP_MJ_INTERNAL_DEVICE_CONTROL:
switch (IrpStack->MinorFunction)
{
case TDI_ACCEPT:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_ACCEPT])...\\n\");
break;
case TDI_ACTION:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_ACTION])...\\n\");
break;
case TDI_ASSOCIATE_ADDRESS:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_ASSOCIATE_ADDRESS])...\\n\");
break;
case TDI_DISASSOCIATE_ADDRESS:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_DISASSOCIATE_ADDRESS])...\\n\");
break;
case TDI_CONNECT:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_CONNECT])...\\n\");
break;
case TDI_DISCONNECT:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_DISCONNECT])...\\n\");
break;
case TDI_LISTEN:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_LISTEN])...\\n\");
break;
case TDI_QUERY_INFORMATION:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_QUERY_INFORMATION])...\\n\");
break;
case TDI_RECEIVE:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_RECEIVE])...\\n\");
break;
case TDI_RECEIVE_DATAGRAM:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_RECEIVE_DATAGRAM])...\\n\");
break;
case TDI_SEND:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_SEND])...\\n\");
break;
case TDI_SEND_DATAGRAM:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_SEND_DATAGRAM])...\\n\");
break;
case TDI_SET_EVENT_HANDLER:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_SET_EVENT_HANDLER])...\\n\");
break;
case TDI_SET_INFORMATION:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_SET_INFORMATION])...\\n\");
break;
default:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[INVALID_MINOR_FUNCTION])...\\n\");
break;
}
break;
case IRP_MJ_DEVICE_CONTROL:
DBGPRINT(\"PacketDispatch(IRP_MJ_DEVICE_CONTROL)...\\n\");
break;
default:
DBGPRINT(\"PacketDispatch(OTHER_MAJOR_FUNCTION)...\\n\");
break;
}

if (Irp->CurrentLocation == 1)
{
ULONG ReturnedInformation = 0;

DBGPRINT((\"PacketDispatch encountered bogus current location\\n\"));

RC = STATUS_INVALID_DEVICE_REQUEST;
Irp->IoStatus.Status = RC;
Irp->IoStatus.Information = ReturnedInformation;
IoCompleteRequest(Irp, IO_NO_INCREMENT);

return( RC );
}

NextIrpStack = IoGetNextIrpStackLocation(Irp);
*NextIrpStack = *IrpStack;

IoSetCompletionRoutine(Irp,PacketCompletion,NULL,TRUE,TRUE,TRUE);

return IoCallDriver(pTDIH_DeviceExtension->LowerDeviceObject,Irp);
}

NTSTATUS
PacketCompletion(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp,
IN PVOID Context
)
{
if(Irp->PendingReturned)
IoMarkIrpPending(Irp);

return STATUS_SUCCESS;
}

NTSTATUS
TCPFilter_Attach(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
NTSTATUS status = 0;
UNICODE_STRING uniNtNameString;
PTDIH_DeviceExtension pTDIH_DeviceExtension;
PDEVICE_OBJECT pFilterDeviceObject = NULL;
PDEVICE_OBJECT pTargetDeviceObject = NULL;
PFILE_OBJECT pTargetFileObject = NULL;
PDEVICE_OBJECT pLowerDeviceObject = NULL;

DBGPRINT(\"TCPFilter_Attach.\\n\");

RtlInitUnicodeString( &uniNtNameString, DD_TCP_DEVICE_NAME );

status = IoGetDeviceObjectPointer(
IN &uniNtNameString,
IN FILE_READ_ATTRIBUTES,
OUT &pTargetFileObject,
OUT &pTargetDeviceObject
);
if( !NT_SUCCESS(status) )
{
DBGPRINT((\"TCPFilter_Attach: Couldn\'t get the TCP Device Object\\n\"));
pTargetFileObject = NULL;
pTargetDeviceObject = NULL;
return( status );
}

RtlInitUnicodeString( &uniNtNameString, TDIH_TCP_DEVICE_NAME );

status = IoCreateDevice(
IN DriverObject,
IN sizeof( TDIH_DeviceExtension ),
IN &uniNtNameString,
IN pTargetDeviceObject->DeviceType,
IN pTargetDeviceObject->Characteristics,
IN FALSE,
OUT &pFilterDeviceObject
);
if( !NT_SUCCESS(status) )
{
DBGPRINT((\"TCPFilter_Attach: Couldn\'t create the TCP Filter Device Object\\n\"));
ObDereferenceObject( pTargetFileObject );
pTargetFileObject = NULL;
pTargetDeviceObject = NULL;
return( status );
}

pLowerDeviceObject
= IoAttachDeviceToDeviceStack(pFilterDeviceObject,pTargetDeviceObject);
if( !pLowerDeviceObject )
{
DBGPRINT((\"TCPFilter_Attach: Couldn\'t attach to TCP Device Object\\n\"));
IoDeleteDevice( pFilterDeviceObject );
pFilterDeviceObject = NULL;
ObDereferenceObject( pTargetFileObject );
pTargetFileObject = NULL;
pTargetDeviceObject = NULL;
return( status );
}

pTDIH_DeviceExtension
= (PTDIH_DeviceExtension )( pFilterDeviceObject->DeviceExtension );
TCPFilter_InitDeviceExtension(
IN pTDIH_DeviceExtension,
IN pFilterDeviceObject,
IN pTargetDeviceObject,
IN pTargetFileObject,
IN pLowerDeviceObject
);

pFilterDeviceObject->Flags |= pTargetDeviceObject->Flags
& (DO_BUFFERED_IO | DO_DIRECT_IO);
return status;
}

NTSTATUS
TCPFilter_InitDeviceExtension(
IN PTDIH_DeviceExtension pTDIH_DeviceExtension,
IN PDEVICE_OBJECT pFilterDeviceObject,
IN PDEVICE_OBJECT pTargetDeviceObject,
IN PFILE_OBJECT pTargetFileObject,
IN PDEVICE_OBJECT pLowerDeviceObject
)
{
NdisZeroMemory( pTDIH_DeviceExtension, sizeof( TDIH_DeviceExtension ) );
pTDIH_DeviceExtension->NodeType = TDIH_NODE_TYPE_TCP_FILTER_DEVICE;
pTDIH_DeviceExtension->NodeSize = sizeof( TDIH_DeviceExtension );
pTDIH_DeviceExtension->pFilterDeviceObject = pFilterDeviceObject;
KeInitializeSpinLock(&(pTDIH_DeviceExtension->IoRequestsSpinLock));
KeInitializeEvent(&(pTDIH_DeviceExtension->IoInProgressEvent)
, NotificationEvent, FALSE);
pTDIH_DeviceExtension->TargetDeviceObject = pTargetDeviceObject;
pTDIH_DeviceExtension->TargetFileObject = pTargetFileObject;
pTDIH_DeviceExtension->LowerDeviceObject = pLowerDeviceObject;
pTDIH_DeviceExtension->DeviceExtensionFlags |= TDIH_DEV_EXT_ATTACHED;
return( STATUS_SUCCESS );
}

VOID
TCPFilter_Detach(
IN PDEVICE_OBJECT pDeviceObject
)
{
PTDIH_DeviceExtension pTDIH_DeviceExtension;
BOOLEAN NoRequestsOutstanding = FALSE;

pTDIH_DeviceExtension
= (PTDIH_DeviceExtension )pDeviceObject->DeviceExtension;
try
{
try
{
while (TRUE)
{
UTIL_IsLargeIntegerZero(
NoRequestsOutstanding,
pTDIH_DeviceExtension->OutstandingIoRequests,
&(pTDIH_DeviceExtension->IoRequestsSpinLock)
);
if( !NoRequestsOutstanding )
KeWaitForSingleObject(
(void *)(&(pTDIH_DeviceExtension->IoInProgressEvent)),
Executive, KernelMode, FALSE, NULL
);
else
break;
}

if( pTDIH_DeviceExtension->DeviceExtensionFlags
& TDIH_DEV_EXT_ATTACHED)
{
IoDetachDevice( pTDIH_DeviceExtension->TargetDeviceObject );
pTDIH_DeviceExtension->DeviceExtensionFlags
&= ~(TDIH_DEV_EXT_ATTACHED);
}

pTDIH_DeviceExtension->NodeType = 0;
pTDIH_DeviceExtension->NodeSize = 0;
if( pTDIH_DeviceExtension->TargetFileObject )
ObDereferenceObject( pTDIH_DeviceExtension->TargetFileObject );
pTDIH_DeviceExtension->TargetFileObject = NULL;

IoDeleteDevice( pDeviceObject );

DBGPRINT((\"TCPFilter_Attach: TCPFilter_Detach Finished\\n\"));
}
except (EXCEPTION_EXECUTE_HANDLER){}
}
finally{}
return;
}
2007-10-19 10:36
0
游客
登录 | 注册 方可回帖
回帖 表情 雪币赚取及消费
高级回复
返回
//