why not i can load the NDISRD.sys by code

[lovepkfilter]

hi,another question:

we known NDISRD.sys load by system after install the winpkfiter packet.
but,if i put the sys file in app path.can i load it demand?

some code below:

function LoadDriver:boolean;
var
hSCManager,hService:SC_HANDLE;
ServiceRunning:boolean;
ServiceArgVects:pChar;
i:integer;
begin
result:=false;
hSCManager:=OpenSCManager(0{sMachine},nil,SC_MANAGER_ALL_ACCESS);
if hSCManager<=0 then exit; hService:=CreateServiceW(hSCManager,
DRIVER_NAME,
DRIVER_NAME,
SERVICE_ALL_ACCESS,
SERVICE_KERNEL_DRIVER,
SERVICE_DEMAND_START,
SERVICE_ERROR_IGNORE,
PWideChar(DRIVER_IMAGE_PATH),
nil,
nil,
nil,
nil,
nil);

if hService=0 then begin
if GetLastError<>ERROR_SERVICE_EXISTS then begin
CloseServiceHandle(hSCManager);
exit;
end;

hService:=OpenService(hSCManager,DRIVER_NAME,SERVICE_ALL_ACCESS);
if hService=0 then begin
CloseServiceHandle(hSCManager);
exit;
end;
end;

ServiceRunning:=true;
if not StartService(hService,0,ServiceArgVects) then begin
if GetLastError<>ERROR_SERVICE_ALREADY_RUNNING then begin
ServiceRunning:=false;
DeleteService(hService);
end;

end;

CloseServiceHandle(hService);
CloseServiceHandle(hSCManager);
result:=ServiceRunning;
end;

drivername: NDISRD
DRIVER_IMAGE_PATH:C:WINDOWSsystem32driversndisrd.sys

when run the procedure ,it stop on :

if not StartService(hService,0,ServiceArgVects) then begin
if GetLastError<>ERROR_SERVICE_ALREADY_RUNNING then begin
ServiceRunning:=false; //it is run herer
DeleteService(hService);
end;
can u give me a light hint? hehe~~~3ks!

[Vadim Smirnov]

If you mean NDIS hooking variant of WinpkFilter then it MUST be loaded after NDIS.SYS and before TCPIP.SYS to work normally, otherwise it not able to intercept TCP/IP protcol registration.

If you are about NDIS IM variant, then it can be added/removed dynamically in most cases, but SCM API is not suitable to this. I would recommend having a look at SNETCFG sample from DDK.

[Author]

Posts