Home › Forums › Discussions › General › Very Simple TDI Filter Problem (IRQL_NOT_LESS_OR_EQUAL)
- This topic has 1 reply, 2 voices, and was last updated 19 years, 5 months ago by GeN.
Viewing 2 posts - 1 through 2 (of 2 total)
-
AuthorPosts
-
July 24, 2005 at 4:29 pm #4934
i have a unknow problem with this very simple TDI hook
after a few “TDIDeviceDispatch” i get this… (WinXP)
#include "test.h"
//::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
DRIVER_OBJECT g_TDI;
//::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
NTSTATUS TDICompletionRoutine(PDEVICE_OBJECT DeviceObject,PIRP Irp,PVOID Context)
{
PIO_COMPLETION_ROUTINE RealCompletionRoutine = (PIO_COMPLETION_ROUTINE)Context;
if(Context != NULL)
{
return RealCompletionRoutine(DeviceObject,Irp,NULL);
}else{
return STATUS_SUCCESS;
}
}
//::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
NTSTATUS TDIDeviceDispatch(IN PDEVICE_OBJECT DeviceObject,IN PIRP Irp)
{
NTSTATUS Status;
PIO_STACK_LOCATION StackLocationPtr;
if(Irp == NULL) return STATUS_SUCCESS;
StackLocationPtr = IoGetCurrentIrpStackLocation(Irp);
if(StackLocationPtr->CompletionRoutine != NULL)
{
StackLocationPtr->Context = StackLocationPtr->CompletionRoutine;
}else{
StackLocationPtr->Context = NULL;
}
StackLocationPtr->CompletionRoutine = (PIO_COMPLETION_ROUTINE)TDICompletionRoutine;
StackLocationPtr->Control = SL_INVOKE_ON_SUCCESS | SL_INVOKE_ON_ERROR | SL_INVOKE_ON_CANCEL;
Status = g_TDI.MajorFunction[StackLocationPtr->MajorFunction](DeviceObject,Irp);
DbgPrint("TDIDeviceDispatchn");
return Status;
}
//::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
NTSTATUS HookTDI(void)
{
NTSTATUS Status;
UNICODE_STRING usDriverName;
PDRIVER_OBJECT DriverObjectToHookPtr;
int i;
RtlInitUnicodeString(&usDriverName,L"\Driver\Tcpip");
Status = ObReferenceObjectByName(&usDriverName,OBJ_CASE_INSENSITIVE,NULL,0,IoDriverObjectType,KernelMode,NULL,&DriverObjectToHookPtr);
if(Status != STATUS_SUCCESS) return Status;
for(i = 0;i < IRP_MJ_MAXIMUM_FUNCTION;i++)
{
g_TDI.MajorFunction = DriverObjectToHookPtr->MajorFunction;
DriverObjectToHookPtr->MajorFunction = TDIDeviceDispatch;
}
return STATUS_SUCCESS;
}
//::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
NTSTATUS UnHookTDI(void)
{
NTSTATUS Status;
UNICODE_STRING usDriverName;
PDRIVER_OBJECT DriverObjectToHookPtr;
int i;
RtlInitUnicodeString(&usDriverName,L"\Driver\Tcpip");
Status = ObReferenceObjectByName(&usDriverName,OBJ_CASE_INSENSITIVE,NULL,0,IoDriverObjectType,KernelMode,NULL,&DriverObjectToHookPtr);
if(Status != STATUS_SUCCESS) return Status;
for(i = 0;i < IRP_MJ_MAXIMUM_FUNCTION;i++)
DriverObjectToHookPtr->MajorFunction = g_TDI.MajorFunction;
return STATUS_SUCCESS;
}
//::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
VOID OnUnload(PDRIVER_OBJECT DriverObject)
{
UnHookTDI();
DbgPrint("OnUnloadn");
}
//::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
NTSTATUS ForwardAndForget(PDEVICE_OBJECT DeviceObject,PIRP Irp)
{
Irp->IoStatus.Status = STATUS_SUCCESS;
IoCompleteRequest(Irp, IO_NO_INCREMENT);
return Irp->IoStatus.Status;
}
//::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath)
{
int i;
for (i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++)
DriverObject->MajorFunction = ForwardAndForget;
DriverObject->DriverUnload = OnUnload;
DbgPrint("DriverEntryn");
return HookTDI();
}
//::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
July 25, 2005 at 10:51 am #5771return RealCompletionRoutine(DeviceObject,Irp,NULL);
why dont you pass original context into original completion routine ?
-
AuthorPosts
Viewing 2 posts - 1 through 2 (of 2 total)
- You must be logged in to reply to this topic.