Well, the entire thing seems to be quite strange… I have tried hooking real protocol functions that are submitted to NdisRegisterProtocol() but I get similar crashes to what I have mentioned above…. So, the only easy way forward seems to be hooking the contents of NDIS_OPEN_BLOCK, which is a shame.
I mean I do have a working solution, but I would have really liked to be at the point when adapters are fed outgoing packets and protocols receive incoming data, but alas, something very tricky is going on with packet descriptors.
Does anyone know how their stacking feature works? There are fields just outside the NDIS_PACKET structure that are used…. I wonder, what should I disassemble to figure out what has to be done, in order to get these highest and lowest level hooks to work….
Thanks!