I have coded a firwall-like programe on win9x,win2k and xp.It can work well on 9x.But on 2k,the driver cannot filter the sending packet .If I dial up through ADSL,it can filter the sending packet well.
I adaptd the nids hook tech. In details, I use the native function to hook the NdisRegisterProtocol.NdisOpenAdapter and so on .When others register a new protocol, it enters my function, then I can see if the proctocol is interested in .If is ,hook it. When hooking ,I get the parameter of NdisRegisterProtocol function ,naming NdisProtocolHandle ,then type-cast it to NDIS_PROTOCOL_BOLOCK .Get the NDIS_PROTOCOL_BLOCK::OpenQueue ,then hook the SendHandler in the struct.Of course ,my driver start between the ndis.sys and the tcpip.sys.
so ,where wrong ? I think maybe I misuse the different version of NIDS_PROTOCOL_BLOCK and NDIS_OPEN_BLOCK.