Forum Replies Created
-
Posts
-
I can’t say what exactly may be wrong with your code, proofreading someones code is beyond support obligations, however here is the simple sample code which is confirmed to work:
/*************************************************************************/
/* Copyright (c) 2000-2007 NT Kernel Resources. */
/* All Rights Reserved. */
/* http://www.ntkernel.com */
/* [email protected] */
/* */
/* Module Name: sender.cpp */
/* */
/* Abstract: Defines the entry point for the console application */
/* */
/*************************************************************************/
// sender.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
TCP_AdapterList AdList;
DWORD iIndex;
CNdisApi api;
ETH_REQUEST Request;
INTERMEDIATE_BUFFER PacketBuffer;
HANDLE hEvent;
USHORT ntohs( USHORT netshort )
{
PUCHAR pBuffer;
USHORT nResult;
nResult = 0;
pBuffer = (PUCHAR )&netshort;
nResult = ( (pBuffer[ 0 ] << 8) & 0xFF00 )
| ( pBuffer[ 1 ] & 0x00FF );
return( nResult );
}
int main(int argc, char* argv[])
{
UINT counter = 0;
ether_header* pEthHeader = NULL;
if (argc < 3)
{
printf ("Command line syntax:ntsender.exe index numntindex - network interface index.ntnum - number or packets to sendntYou can use ListAdapters to determine correct index.n");
return 0;
}
iIndex = atoi(argv[1]) - 1;
counter = atoi(argv[2]);
if(!api.IsDriverLoaded())
{
printf ("Driver not installed on this system of failed to load.n");
return 0;
}
api.GetTcpipBoundAdaptersInfo ( &AdList );
if ( iIndex + 1 > AdList.m_nAdapterCount )
{
printf("There is no network interface with such index on this system.n");
return 0;
}
// Initialize Request
ZeroMemory ( &Request, sizeof(ETH_REQUEST) );
ZeroMemory ( &PacketBuffer, sizeof(INTERMEDIATE_BUFFER) );
Request.EthPacket.Buffer = &PacketBuffer;
Request.hAdapterHandle = (HANDLE)AdList.m_nAdapterHandle[iIndex];
pEthHeader = (ether_header*)PacketBuffer.m_IBuffer;
memcpy(&pEthHeader->h_source, AdList.m_czCurrentAddress[iIndex], ETH_ALEN);
memset(&pEthHeader->h_dest, 0xFF, ETH_ALEN);
pEthHeader->h_proto = ETH_P_IP;
Request.EthPacket.Buffer->m_Length = MAX_ETHER_FRAME;
while (counter--)
api.SendPacketToAdapter(&Request);
return 0;
}
This simple application sends over network the specified amount of Ethernet broadcast frames filled with zeros. It’s work can be easily seen with any network sniffer.
But its not reaching the other side.
Can you see the packet going out with the sniffer installed on the local system?
Hmm, it is kind of difficulty to point the problem, but I suspect it is somehow related to setting up the project. I would suggest to start from the existing project (an example from passthru) and try to compile it in your environment.
Also, is the driver that is downloadable from the website time-limited in any way or is it an unlimited demo for private use? (this is what I understood… but I read a few posts here mentioning a 100-packet limit.. please clarify)
This limitation was removed a couple of years ago.
Your debugger is not using the correct symbols
Символы в отладчик загрузить не судьба? Только не спрашивай как, читай документацию.
М-да, просто нет слов… У тебя:
typedef NTSTATUS (*OLDCLIENTEVENTRECEIVE)(IN PVOID,
IN CONNECTION_CONTEXT,
IN ULONG,
IN ULONG,
IN ULONG,
OUT ULONG,
IN PVOID,
OUT PIRP);Должно быть:
typedef NTSTATUS (*OLDCLIENTEVENTRECEIVE)(IN PVOID,
IN CONNECTION_CONTEXT,
IN ULONG,
IN ULONG,
IN ULONG,
OUT ULONG*,
IN PVOID,
OUT PIRP*);ULONG * – это тип указатель на ULONG, PIRP * – указатель на PIRP. ВСЕ ЧТО ДО ИМЕНИ ПАРАМЕТРА – ЭТО ТИП ПАРАМЕТРА.
Да я пробовал без звездочек, не компилируется даже, ошибки пишутся.. И книгу по С читал…
Кто бы сомневался если OLDCLIENTEVENTRECEIVE неправильно определен…
При таких ошибках драйвера писать по меньшей мере рановато… Это мягко говоря 🙂
return OldClientEventReceive(pBlockFromPagedLookasideList->EventContext,
ConnectionContext,
ReceiveFlags,
BytesIndicated,
BytesAvailable,
*BytesTaken,
Tsdu,
*IoRequestPacket);Ого, я даже не посмотрел, звездочки убери в параметрах… Прежде чем писать драйвера, прости книжку по C что ли…
А как int3 может выдавать BSOD если это отладочная команда???
Это прерывание обычно используемое отладчиком, но если отладчика нет , то получите необработанное исключение, в ядре это BSOD.
Насчет остального – разбирайся, чтобы что-то сказать определенное информации маловато.
FAULTING_IP:
tdifilter_testdriver+988
f8ae6988 cc int 3BSOD на необработанном INT3, который ты сам видимо и воткнул…
In case of NAT (or even simple forwarding) you always see each packet twice (when it arrives to the internal interface and when it is forwarded from external one) and this allows you to determine that packet was NAT’ed (only source IP/port information changes after NAT).
However, in case of proxy packet structure is not saved and doing the same looks more complex, since you have to analyze the packet content.
ntkernel has some conflict problems with other software “NDIS hooking” software. Which include cisco vpn client and other security applications. Can we get a list of software identified as conflicting with ntkernel?
We was not able to reproduce conflict with Cisco VPN client, but it seems it may be possible on some systems/configurations. So far we have not any other open conflict issues.
Do we need to know anything else? Do you recommend ntkernel packet filter kit for windows version of NetOptima?
Your assumptions about WinpkFIlter are all correct and yes it can be used for NetOptima kind of application. Though the decision is up tp you
🙂Искал.. и в отладчике тоже.. Все осталось тоже самое.. При вызове оригинальной функции система падает..
Ну так и посмотри в каком месте и почему она падает. Проверь адреса на валидность… Никто за тебя твой драйвер писать не будет. Ссылку на исходники TDI FW я давал, там перехват этот реализован, насколько я знаю.
