About Ndis Hook

Home Forums Discussions General Discussion About Ndis Hook

This topic contains 1 reply, has 2 voices, and was last updated by  GeN 13 years, 4 months ago.

Viewing 2 posts - 1 through 2 (of 2 total)
  • Author
    Posts
  • #4843

    gtxai_2003s
    Participant

    hi.every one!

    I have coded a firwall-like programe on win9x,win2k and xp.It can work well on 9x.But on 2k,the driver cannot filter the sending packet .If I dial up through ADSL,it can filter the sending packet well.

    I adaptd the nids hook tech. In details, I use the native function to hook the NdisRegisterProtocol.NdisOpenAdapter and so on .When others register a new protocol, it enters my function, then I can see if the proctocol is interested in .If is ,hook it. When hooking ,I get the parameter of NdisRegisterProtocol function ,naming NdisProtocolHandle ,then type-cast it to NDIS_PROTOCOL_BOLOCK .Get the NDIS_PROTOCOL_BLOCK::OpenQueue ,then hook the SendHandler in the struct.Of course ,my driver start between the ndis.sys and the tcpip.sys.

    so ,where wrong ? I think maybe I misuse the different version of NIDS_PROTOCOL_BLOCK and NDIS_OPEN_BLOCK.

    Can give me some suggestion ?

    Thanks!

    #5548

    GeN
    Participant

    the thing is that TCPIP sets OPEN_BLOCK callbacks into original state after completing OpenAdapter…

Viewing 2 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic.