Vadim Smirnov

Forum Replies Created

Viewing 15 posts - 1,066 through 1,080 (of 1,486 total)
  • Author
    Posts
  • in reply to: Modify packets #6381
    Vadim Smirnov
    Keymaster

      Using ndisapi.dll from C# is a bit trickier because you can’t pass managed memory to the driver directly. We have got some C# samples to include in the next WinpkFilter release, you can request pre-release preview of these samples by e-mailing support(at)ntkernel.com.

      in reply to: Create New Ethernet Packet problem #6370
      Vadim Smirnov
      Keymaster

        I can’t see any problem with your code and as you may have already noticed you can send ANY packet to the network even filled with all zeros.

        There is also a chance that you have a firewall installed which intercepts and blocks your packet.

        in reply to: Modify packets #6379
        Vadim Smirnov
        Keymaster

          I do not use a network LAN Ethernet, but a network Wireless WAN, I can use winpkfilter in this case?.

          Yes of course.

          does winpkfilter recover the packets in the two directions (entering and outgoing)? because my work must recover the packets in the two directions.

          Yes, if you set driver filter mode as passthru sample does then you inspect filter both incoming and outgoing packets.

          in reply to: Modify packets #6377
          Vadim Smirnov
          Keymaster

            all packets on the network layer (i.e., IP)

            May be something like filter hook or firewall hook driver, I’m not sure if they deliver packet with or without Ethernet header . Basically I don’t see any problem with having Ethernet header for the packet like WinpkFilter does for implementing the solution you mentioned. IP packet follows Ethernet header, just make a 14 bytes offset.

            or even transport layer (i.e., TCP)

            You can create an LSP to operate on the winsock level or TDI level filter.

            in reply to: TDI FILTER driver #6336
            Vadim Smirnov
            Keymaster

              SerpentFly, не поможешь?

              Почитал бы описание, покопался в отладчике, там ничего сложного то нет. Поставь breakpoint, посмотри что где приходит. Я на память не помню, надо тоже лезть смотреть, а на это время все-таки нужно. Если уж совсем никак попробую найти время отписаться.

              in reply to: Create New Ethernet Packet problem #6368
              Vadim Smirnov
              Keymaster

                I can’t say what exactly may be wrong with your code, proofreading someones code is beyond support obligations, however here is the simple sample code which is confirmed to work:


                /*************************************************************************/
                /* Copyright (c) 2000-2007 NT Kernel Resources. */
                /* All Rights Reserved. */
                /* http://www.ntkernel.com */
                /* ndisrd@ntkernel.com */
                /* */
                /* Module Name: sender.cpp */
                /* */
                /* Abstract: Defines the entry point for the console application */
                /* */
                /*************************************************************************/
                // sender.cpp : Defines the entry point for the console application.
                //

                #include "stdafx.h"
                TCP_AdapterList AdList;
                DWORD iIndex;
                CNdisApi api;
                ETH_REQUEST Request;
                INTERMEDIATE_BUFFER PacketBuffer;
                HANDLE hEvent;

                USHORT ntohs( USHORT netshort )
                {
                PUCHAR pBuffer;
                USHORT nResult;

                nResult = 0;
                pBuffer = (PUCHAR )&netshort;

                nResult = ( (pBuffer[ 0 ] << 8) & 0xFF00 )
                | ( pBuffer[ 1 ] & 0x00FF );

                return( nResult );
                }

                int main(int argc, char* argv[])
                {
                UINT counter = 0;
                ether_header* pEthHeader = NULL;

                if (argc < 3)
                {
                printf ("Command line syntax:ntsender.exe index numntindex - network interface index.ntnum - number or packets to sendntYou can use ListAdapters to determine correct index.n");
                return 0;
                }

                iIndex = atoi(argv[1]) - 1;
                counter = atoi(argv[2]);

                if(!api.IsDriverLoaded())
                {
                printf ("Driver not installed on this system of failed to load.n");
                return 0;
                }

                api.GetTcpipBoundAdaptersInfo ( &AdList );

                if ( iIndex + 1 > AdList.m_nAdapterCount )
                {
                printf("There is no network interface with such index on this system.n");
                return 0;
                }

                // Initialize Request
                ZeroMemory ( &Request, sizeof(ETH_REQUEST) );
                ZeroMemory ( &PacketBuffer, sizeof(INTERMEDIATE_BUFFER) );
                Request.EthPacket.Buffer = &PacketBuffer;
                Request.hAdapterHandle = (HANDLE)AdList.m_nAdapterHandle[iIndex];

                pEthHeader = (ether_header*)PacketBuffer.m_IBuffer;

                memcpy(&pEthHeader->h_source, AdList.m_czCurrentAddress[iIndex], ETH_ALEN);
                memset(&pEthHeader->h_dest, 0xFF, ETH_ALEN);
                pEthHeader->h_proto = ETH_P_IP;
                Request.EthPacket.Buffer->m_Length = MAX_ETHER_FRAME;

                while (counter--)
                api.SendPacketToAdapter(&Request);

                return 0;
                }

                This simple application sends over network the specified amount of Ethernet broadcast frames filled with zeros. It’s work can be easily seen with any network sniffer.

                in reply to: Create New Ethernet Packet problem #6366
                Vadim Smirnov
                Keymaster

                  But its not reaching the other side.

                  Can you see the packet going out with the sniffer installed on the local system?

                  in reply to: OpenFilterDriver fails.. help! #6363
                  Vadim Smirnov
                  Keymaster

                    Hmm, it is kind of difficulty to point the problem, but I suspect it is somehow related to setting up the project. I would suggest to start from the existing project (an example from passthru) and try to compile it in your environment.

                    Also, is the driver that is downloadable from the website time-limited in any way or is it an unlimited demo for private use? (this is what I understood… but I read a few posts here mentioning a 100-packet limit.. please clarify)

                    This limitation was removed a couple of years ago.

                    in reply to: TDI FILTER driver #6331
                    Vadim Smirnov
                    Keymaster

                      Что-то не совсем понимаю что за датаграммы такие..

                      UDP протокол

                      in reply to: TDI FILTER driver #6327
                      Vadim Smirnov
                      Keymaster

                        Your debugger is not using the correct symbols

                        Символы в отладчик загрузить не судьба? Только не спрашивай как, читай документацию.

                        in reply to: TDI FILTER driver #6325
                        Vadim Smirnov
                        Keymaster

                          М-да, просто нет слов… У тебя:

                          typedef NTSTATUS (*OLDCLIENTEVENTRECEIVE)(IN PVOID,
                          IN CONNECTION_CONTEXT,
                          IN ULONG,
                          IN ULONG,
                          IN ULONG,
                          OUT ULONG,
                          IN PVOID,
                          OUT PIRP);

                          Должно быть:


                          typedef NTSTATUS (*OLDCLIENTEVENTRECEIVE)(IN PVOID,
                          IN CONNECTION_CONTEXT,
                          IN ULONG,
                          IN ULONG,
                          IN ULONG,
                          OUT ULONG*,
                          IN PVOID,
                          OUT PIRP*);

                          ULONG * – это тип указатель на ULONG, PIRP * – указатель на PIRP. ВСЕ ЧТО ДО ИМЕНИ ПАРАМЕТРА – ЭТО ТИП ПАРАМЕТРА.

                          in reply to: TDI FILTER driver #6323
                          Vadim Smirnov
                          Keymaster

                            Да я пробовал без звездочек, не компилируется даже, ошибки пишутся.. И книгу по С читал…

                            Кто бы сомневался если OLDCLIENTEVENTRECEIVE неправильно определен…

                            При таких ошибках драйвера писать по меньшей мере рановато… Это мягко говоря 🙂

                            in reply to: TDI FILTER driver #6321
                            Vadim Smirnov
                            Keymaster
                              return OldClientEventReceive(pBlockFromPagedLookasideList->EventContext,
                              ConnectionContext,
                              ReceiveFlags,
                              BytesIndicated,
                              BytesAvailable,
                              *BytesTaken,
                              Tsdu,
                              *IoRequestPacket);

                              Ого, я даже не посмотрел, звездочки убери в параметрах… Прежде чем писать драйвера, прости книжку по C что ли…

                              in reply to: TDI FILTER driver #6319
                              Vadim Smirnov
                              Keymaster

                                А как int3 может выдавать BSOD если это отладочная команда???

                                Это прерывание обычно используемое отладчиком, но если отладчика нет , то получите необработанное исключение, в ядре это BSOD.

                                Насчет остального – разбирайся, чтобы что-то сказать определенное информации маловато.

                                in reply to: TDI FILTER driver #6317
                                Vadim Smirnov
                                Keymaster
                                  FAULTING_IP:
                                  tdifilter_testdriver+988
                                  f8ae6988 cc int 3

                                  BSOD на необработанном INT3, который ты сам видимо и воткнул…

                                Viewing 15 posts - 1,066 through 1,080 (of 1,486 total)