Reply To: Hooking adapter functions on XP sp2

Home Forums Discussions General Discussion Hooking adapter functions on XP sp2 Reply To: Hooking adapter functions on XP sp2

#6099

s0larian
Participant

Hi there, thank you for a quick reply. Please see my comments below.

@SerpentFly wrote:

Well, as far as I can see without going deep into the problem the only difference is that original packet was preprocessed by NDIS send handler but your packet was not. You can analyze what fields were exactly referenced and fix it. I would not recommend this because internal NDIS packet processing may change from OS and SP.

Right, I tried that, but could not see any differences in the packet… I have found a usenet thread that seems to be related though:

usenet post

@SerpentFly wrote:

Another way is intercepting NdisMSendComplete and checking if it is your packet descriptor passed to it and if yes then releasing your packet resource without passing it to NDIS. Also don’t forget to release packet descriptors for the original packets.

Yes, indeed that is what I am trying to do. I think you are 100% on the money here – my SendComplete handler is not invoked, and, it looks like NDIS dies because it expects something in the returned packet, which it thinks it submitted.

So, I tried hooking SendCompleteHandler inside NDIS_MNIPORT_BLOCK in MyMiniportInitialize just before I forward the call to the adapter, but, it does not seem to work. I mean my function is not invoked… Here is the stack at the point of the crash:

f5d7f618 f777fcb5 8370e6c0 8380bf30 00000000 NDIS!ndisMSendCompleteX+0x71
f5d7f634 f778163c 837472e8 00000000 8385feb8 vmxnet+0xcb5
f5d7f674 f74dc4e7 00000001 f5d7f6d4 00000001 vmxnet+0x263c
f5d7f6cc f74dc1bb 8380bf30 837472e8 f74dfea8 tf!`anonymous namespace’::SendToAdapter+0x172 [c:worktftraffic.cpp @ 314]
f5d7f6ec bad5df86 837472e8 f5d7f720 00000001 tf!MiSendPackets+0x7b [c:worktftraffic.cpp @ 180]
f5d7f714 bacbb528 8379ae08 8385fed8 8385fea0 NDIS!ndisMSendX+0x1bd
f5d7f750 bad5b985 836aa7f8 8385fed8 00000002 psched!MpSend+0x706
f5d7f778 f6046454 836b8958 8385fed8 8369c768 NDIS!ndisMSendX+0x1d6
f5d7f79c f60464f8 0069c70e ffffffff 8385fed8 tcpip!IPTransmit+0x2816
f5d7f7c8 f604470a 8369c768 f5d7f800 00000001 tcpip!ARPRcv+0x85
f5d7f7f8 f60573de 83694be8 ffffffff 8385fed8 tcpip!IPTransmit+0xacc
f5d7f82c f60526c1 ffffffff 8385fed8 83606020 tcpip!ARPRcv+0x10f6b

Hmmm… this should work, ndis.h defines the NdisMSendComplete() macro and it uses that member… strange… What do you think? I could also hook a SendCompleteHandler inside NDIS_OPEN_BLOCK, but, that would not be the earliest function… What do you think?

Thanks in advance!