Forum Replies Created
-
Posts
-
Using ndisapi.dll from C# is a bit trickier because you can’t pass managed memory to the driver directly. We have got some C# samples to include in the next WinpkFilter release, you can request pre-release preview of these samples by e-mailing support(at)ntkernel.com.
I can’t see any problem with your code and as you may have already noticed you can send ANY packet to the network even filled with all zeros.
There is also a chance that you have a firewall installed which intercepts and blocks your packet.
I do not use a network LAN Ethernet, but a network Wireless WAN, I can use winpkfilter in this case?.
Yes of course.
does winpkfilter recover the packets in the two directions (entering and outgoing)? because my work must recover the packets in the two directions.
Yes, if you set driver filter mode as passthru sample does then you inspect filter both incoming and outgoing packets.
all packets on the network layer (i.e., IP)
May be something like filter hook or firewall hook driver, I’m not sure if they deliver packet with or without Ethernet header . Basically I don’t see any problem with having Ethernet header for the packet like WinpkFilter does for implementing the solution you mentioned. IP packet follows Ethernet header, just make a 14 bytes offset.
or even transport layer (i.e., TCP)
You can create an LSP to operate on the winsock level or TDI level filter.
SerpentFly, не поможешь?
Почитал бы описание, покопался в отладчике, там ничего сложного то нет. Поставь breakpoint, посмотри что где приходит. Я на память не помню, надо тоже лезть смотреть, а на это время все-таки нужно. Если уж совсем никак попробую найти время отписаться.
I can’t say what exactly may be wrong with your code, proofreading someones code is beyond support obligations, however here is the simple sample code which is confirmed to work:
/*************************************************************************/
/* Copyright (c) 2000-2007 NT Kernel Resources. */
/* All Rights Reserved. */
/* http://www.ntkernel.com */
/* ndisrd@ntkernel.com */
/* */
/* Module Name: sender.cpp */
/* */
/* Abstract: Defines the entry point for the console application */
/* */
/*************************************************************************/
// sender.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
TCP_AdapterList AdList;
DWORD iIndex;
CNdisApi api;
ETH_REQUEST Request;
INTERMEDIATE_BUFFER PacketBuffer;
HANDLE hEvent;
USHORT ntohs( USHORT netshort )
{
PUCHAR pBuffer;
USHORT nResult;
nResult = 0;
pBuffer = (PUCHAR )&netshort;
nResult = ( (pBuffer[ 0 ] << 8) & 0xFF00 )
| ( pBuffer[ 1 ] & 0x00FF );
return( nResult );
}
int main(int argc, char* argv[])
{
UINT counter = 0;
ether_header* pEthHeader = NULL;
if (argc < 3)
{
printf ("Command line syntax:ntsender.exe index numntindex - network interface index.ntnum - number or packets to sendntYou can use ListAdapters to determine correct index.n");
return 0;
}
iIndex = atoi(argv[1]) - 1;
counter = atoi(argv[2]);
if(!api.IsDriverLoaded())
{
printf ("Driver not installed on this system of failed to load.n");
return 0;
}
api.GetTcpipBoundAdaptersInfo ( &AdList );
if ( iIndex + 1 > AdList.m_nAdapterCount )
{
printf("There is no network interface with such index on this system.n");
return 0;
}
// Initialize Request
ZeroMemory ( &Request, sizeof(ETH_REQUEST) );
ZeroMemory ( &PacketBuffer, sizeof(INTERMEDIATE_BUFFER) );
Request.EthPacket.Buffer = &PacketBuffer;
Request.hAdapterHandle = (HANDLE)AdList.m_nAdapterHandle[iIndex];
pEthHeader = (ether_header*)PacketBuffer.m_IBuffer;
memcpy(&pEthHeader->h_source, AdList.m_czCurrentAddress[iIndex], ETH_ALEN);
memset(&pEthHeader->h_dest, 0xFF, ETH_ALEN);
pEthHeader->h_proto = ETH_P_IP;
Request.EthPacket.Buffer->m_Length = MAX_ETHER_FRAME;
while (counter--)
api.SendPacketToAdapter(&Request);
return 0;
}
This simple application sends over network the specified amount of Ethernet broadcast frames filled with zeros. It’s work can be easily seen with any network sniffer.
But its not reaching the other side.
Can you see the packet going out with the sniffer installed on the local system?
Hmm, it is kind of difficulty to point the problem, but I suspect it is somehow related to setting up the project. I would suggest to start from the existing project (an example from passthru) and try to compile it in your environment.
Also, is the driver that is downloadable from the website time-limited in any way or is it an unlimited demo for private use? (this is what I understood… but I read a few posts here mentioning a 100-packet limit.. please clarify)
This limitation was removed a couple of years ago.
Your debugger is not using the correct symbols
Символы в отладчик загрузить не судьба? Только не спрашивай как, читай документацию.
М-да, просто нет слов… У тебя:
typedef NTSTATUS (*OLDCLIENTEVENTRECEIVE)(IN PVOID,
IN CONNECTION_CONTEXT,
IN ULONG,
IN ULONG,
IN ULONG,
OUT ULONG,
IN PVOID,
OUT PIRP);Должно быть:
typedef NTSTATUS (*OLDCLIENTEVENTRECEIVE)(IN PVOID,
IN CONNECTION_CONTEXT,
IN ULONG,
IN ULONG,
IN ULONG,
OUT ULONG*,
IN PVOID,
OUT PIRP*);ULONG * – это тип указатель на ULONG, PIRP * – указатель на PIRP. ВСЕ ЧТО ДО ИМЕНИ ПАРАМЕТРА – ЭТО ТИП ПАРАМЕТРА.
Да я пробовал без звездочек, не компилируется даже, ошибки пишутся.. И книгу по С читал…
Кто бы сомневался если OLDCLIENTEVENTRECEIVE неправильно определен…
При таких ошибках драйвера писать по меньшей мере рановато… Это мягко говоря 🙂
return OldClientEventReceive(pBlockFromPagedLookasideList->EventContext,
ConnectionContext,
ReceiveFlags,
BytesIndicated,
BytesAvailable,
*BytesTaken,
Tsdu,
*IoRequestPacket);Ого, я даже не посмотрел, звездочки убери в параметрах… Прежде чем писать драйвера, прости книжку по C что ли…
А как int3 может выдавать BSOD если это отладочная команда???
Это прерывание обычно используемое отладчиком, но если отладчика нет , то получите необработанное исключение, в ядре это BSOD.
Насчет остального – разбирайся, чтобы что-то сказать определенное информации маловато.
