Sending UDP over TDI

Home Forums Discussions General Discussion Sending UDP over TDI

This topic contains 0 replies, has 1 voice, and was last updated by  harald 8 years, 1 month ago.

Viewing 1 post (of 1 total)
  • Author
    Posts
  • #5293

    harald
    Participant

    Hi
    I want to send UDP packets over the Ethernet. The driver must work on and windows server 2003 OS and so the Winsock for Kernel are no option. So I use the TDI. I can open an port and close an port without problems. But when i want to send an packet i got an BSOD.

    Sendroutine


    // send an udp packet to an spezific port and ip
    NTSTATUS UdpToTdi_SendData(UDP_PORT_INFO* port, ushort destPort, ulong destIp, uchar *data, uint size)
    {
    NTSTATUS status = STATUS_SUCCESS;
    NDIS_STATUS ndis_status = NDIS_STATUS_SUCCESS;
    PNDIS_BUFFER ndis_buffer;
    PMDL pMdl;

    if(gl_StatusInit == 0)
    {
    DbgPrint("TdiInterfaceUdp::UdpToTdi_Senddata: TDI not initializedn");
    return STATUS_ACCESS_DENIED;
    }

    if(size == 0 || data == NULL || destPort == 0 || destIp == 0 || port == NULL)
    {
    DbgPrint("TdiInterfaceUdp::UdpToTdi_Senddata: Invalid Parametersn");
    return STATUS_ACCESS_DENIED;
    }

    port->addr.TAAddressCount = 1;
    port->addr.Address[0].AddressLength = TDI_ADDRESS_LENGTH_IP;
    port->addr.Address[0].AddressType = TDI_ADDRESS_TYPE_IP;
    port->addr.Address[0].Address[0].sin_port = RtlUshortByteSwap(destPort);
    port->addr.Address[0].Address[0].in_addr = RtlUlongByteSwap(destIp);
    port->addr.Address[0].Address[0].sin_zero[0] = 0;
    port->addr.Address[0].Address[0].sin_zero[1] = 0;
    port->addr.Address[0].Address[0].sin_zero[2] = 0;
    port->addr.Address[0].Address[0].sin_zero[3] = 0;
    port->addr.Address[0].Address[0].sin_zero[4] = 0;
    port->addr.Address[0].Address[0].sin_zero[5] = 0;
    port->addr.Address[0].Address[0].sin_zero[6] = 0;
    port->addr.Address[0].Address[0].sin_zero[7] = 0;

    port->tdiInfo.UserDataLength = 0;
    port->tdiInfo.UserData = 0;
    port->tdiInfo.OptionsLength = 0;
    port->tdiInfo.Options = 0;
    port->tdiInfo.RemoteAddressLength = sizeof(port->addr);
    port->tdiInfo.RemoteAddress = &port->addr;

    port->pIrp = TdiBuildInternalDeviceControlIrp(TDI_SEND_DATAGRAM,
    gl_pDevice,
    port->pAddrFileObj,
    NULL,
    &port->IoStatus);

    if(port->pIrp == NULL)
    {
    DbgPrint("TdiInterfaceUdp::UdpToTdi_Senddata: TdiBuildInternalDeviceControlIrp failedn");
    return STATUS_ACCESS_DENIED;
    }

    pMdl = IoAllocateMdl(&data, size, FALSE, FALSE, NULL);

    if(pMdl == NULL)
    {
    DbgPrint("TdiInterfaceUdp::UdpToTdi_Senddata: Allocating pMdl not successfulln");
    return STATUS_ACCESS_DENIED;
    }

    _try
    {
    MmProbeAndLockPages(pMdl, KernelMode, IoModifyAccess);
    }
    _except(EXCEPTION_EXECUTE_HANDLER)
    {
    DbgPrint("TdiInterfaceUdp::UdpToTdi_Senddata: MmProbeAndLockPages() failedn");
    return STATUS_ACCESS_DENIED;
    }

    TdiBuildSendDatagram(port->pIrp,
    gl_pDevice,
    port->pAddrFileObj,
    (PIO_COMPLETION_ROUTINE) UdpToTdi_SendComplete, // completion routine
    pMdl,//ndis_buffer, // completion context
    pMdl,//ndis_buffer,
    size,
    &port->tdiInfo);

    if(port->pIrp != NULL && gl_pDevice != NULL)
    status = IoCallDriver(gl_pDevice, port->pIrp);

    if(status != STATUS_SUCCESS && status != STATUS_PENDING)
    DbgPrint("TdiInterfaceUdp::UdpToTdi_Senddata: IoCallDriver failedn");

    return status;
    }

    // callback function for the send function
    NTSTATUS UdpToTdi_SendComplete(PDEVICE_OBJECT obj, PIRP Irp, PVOID pContext)
    {
    TDI_STATUS Status = Irp->IoStatus.Status;
    PMDL pMdl = (PMDL)pContext;

    DbgPrint("SendComplete arrivedn");

    if (Status)
    DbgPrint("TdiInterfaceUdp::UdpToTdi_SendComplete: Error %d during sending an paketn", Status);

    if(pMdl != NULL)
    IoFreeMdl(pMdl);

    if(Irp != NULL)
    IoFreeIrp(Irp);
    else
    DbgPrint("Irp == NULLn");
    return STATUS_MORE_PROCESSING_REQUIRED;
    }

    BlueScreen:

    SYSTEM_THREAD_EXCEPTION_NOT_HANDLED_M (1000007e)
    This is a very common bugcheck. Usually the exception address pinpoints
    the driver/function that caused the problem. Always note this address
    as well as the link date of the driver/image that contains this address.
    Some common problems are exception code 0x80000003. This means a hard
    coded breakpoint or assertion was hit, but this system was booted
    /NODEBUG. This is not supposed to happen as developers should never have
    hardcoded breakpoints in retail code, but …
    If this happens, make sure a debugger gets connected, and the
    system is booted /DEBUG. This will let us see why this breakpoint is
    happening.
    Arguments:
    Arg1: c0000005, The exception code that was not handled
    Arg2: b936bcf4, The address that the exception occurred at
    Arg3: b902bc5c, Exception Record Address
    Arg4: b902b958, Context Record Address

    Debugging Details:


    EXCEPTION_CODE: (NTSTATUS) 0xc0000005 – The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

    FAULTING_IP:
    tcpip!TCPDispatchInternalDeviceControl+36
    b936bcf4 8b4810 mov ecx,dword ptr [eax+10h]

    EXCEPTION_RECORD: b902bc5c — (.exr 0xffffffffb902bc5c)
    ExceptionAddress: b936bcf4 (tcpip!TCPDispatchInternalDeviceControl+0x00000036)
    ExceptionCode: c0000005 (Access violation)
    ExceptionFlags: 00000000
    NumberParameters: 2
    Parameter[0]: 00000000
    Parameter[1]: 65732084
    Attempt to read from address 65732084

    CONTEXT: b902b958 — (.cxr 0xffffffffb902b958)
    eax=65732074 ebx=00000000 ecx=89db8a68 edx=89abe098 esi=89abe098 edi=89abe108
    eip=b936bcf4 esp=b902bd24 ebp=b902bd30 iopl=0 nv up ei ng nz na po cy
    cs=0008 ss=0010 ds=0023 es=0023 fs=0030 gs=0000 efl=00010283
    tcpip!TCPDispatchInternalDeviceControl+0x36:
    b936bcf4 8b4810 mov ecx,dword ptr [eax+10h] ds:0023:65732084=????????
    Resetting default scope

    CUSTOMER_CRASH_COUNT: 11

    DEFAULT_BUCKET_ID: DRIVER_FAULT_SERVER_MINIDUMP

    CURRENT_IRQL: 0

    ERROR_CODE: (NTSTATUS) 0xc0000005 – The instruction at “0x%08lx” referenced memory at “0x%08lx”. The memory could not be “%s”.

    EXCEPTION_PARAMETER1: 00000000

    EXCEPTION_PARAMETER2: 65732084

    READ_ADDRESS: 65732084

    FOLLOWUP_IP:
    ITCTECCTI!UdpToTdi_SendData+2f7 [c:itctecctitest_wdf_itctecctiwdf_itctecctitdiinterfaceudp.c @ 342]
    b80e8bb7 8945d8 mov dword ptr [ebp-28h],eax

    BUGCHECK_STR: 0x7E

    EXCEPTION_STR: 0x0

    LAST_CONTROL_TRANSFER: from 8081df85 to b936bcf4

    STACK_TEXT:
    b902bd30 8081df85 89db8a68 89abe098 89a8c460 tcpip!TCPDispatchInternalDeviceControl+0x36
    b902bd44 b80e8bb7 0124b395 00000000 89a8c460 nt!IoCsqInitializeEx+0xf
    b902bd90 b80e82eb 88c2af84 00001000 5802a8c0 ITCTECCTI!UdpToTdi_SendData+0x2f7 [c:itctecctitest_wdf_itctecctiwdf_itctecctitdiinterfaceudp.c @ 342]
    b902bdac 80949b7c 00000000 00000000 00000000 ITCTECCTI!TimingThread+0x3b [c:itctecctitest_wdf_itctecctiwdf_itctecctiitctecctidriver.c @ 241]
    b902bddc 8088e092 b80e82b0 00000000 00000000 nt!NtSetInformationJobObject+0x58c
    00000000 00000000 00000000 00000000 00000000 nt!HalDispatchTable+0x1a

    FAULTING_SOURCE_CODE:
    No source found for ‘c:itctecctitest_wdf_itctecctiwdf_itctecctitdiinterfaceudp.c’

    SYMBOL_STACK_INDEX: 2

    SYMBOL_NAME: ITCTECCTI!UdpToTdi_SendData+2f7

    FOLLOWUP_NAME: MachineOwner

    MODULE_NAME: ITCTECCTI

    IMAGE_NAME: ITCTECCTI.sys

    DEBUG_FLR_IMAGE_TIMESTAMP: 4a42210e

    STACK_COMMAND: .cxr 0xffffffffb902b958 ; kb

    FAILURE_BUCKET_ID: 0x7E_ITCTECCTI!UdpToTdi_SendData+2f7

    BUCKET_ID: 0x7E_ITCTECCTI!UdpToTdi_SendData+2f7

    Followup: MachineOwner


    If somebody see an error please tell me. THANKS

    Harald

Viewing 1 post (of 1 total)

You must be logged in to reply to this topic.