Deneb

Forum Replies Created

Viewing 10 posts - 1 through 10 (of 10 total)
  • Author
    Posts
  • in reply to: IOCTL_TDI_QUERY_DIRECT_SEND_HANDLER problem #7002
    Deneb
    Participant

    Hello SerpentFly ,

    I think that is exactly the problem, the installer did not specify the correct load order in the registry.

    in reply to: BSOD in afd!AfdBReceiveEventHandler #6454
    Deneb
    Participant

    Hello,

    after some more kernel debugging and research, I found out that IRP_MJ_CLOSE is a better place to delete all resources allocated for a PFILE_OBJECT than IRP_MJ_CLEANUP. I was deleting all resources allocated for a PFILE_OBJECT on IRP_MJ_CLEANUP, as inspired from tdi_fw sample. Can someone tell me his opinion on this?

    in reply to: BSOD in afd!AfdBReceiveEventHandler #6453
    Deneb
    Participant

    Well, I figured out some clients does not clean all event handlers on some objects before calling IRP_MJ_CLEANUP on those objects. I need to keep the upper clients handlers and contexts and figure out when can I delete them ( as I cannot delete them on IRP_MJ_CLEANUP ). If someone encountered this problem till now and solved it, it would deliver great deal of help.

    in reply to: Windows main OS binary question #6251
    Deneb
    Participant

    yeap, right, the sys process is loading drivers and so on… I think I will abandon the idea… the whole thing was about checking for microsoft signatures the main binary running the OS.

    in reply to: ICMP interception at TDI level #5685
    Deneb
    Participant

    Hello,

    the code handling / filtering this request is doing

    PIO_STACK_LOCATION pIOSL = IoGetCurrentIrpStackLocation( pIRP );
    ICMP_ECHO_REQUEST* pIcmpEchoReq = ( ICMP_ECHO_REQUEST* )( &( pIOSL->Parameters ) );

    pIcmpEchoReq has a strange format, it doesn’t contain any information that I have passed, such as the IP address to which I’ve issued the ping command. Perhaps there is smth wrong with my code?

    Thank you.

    in reply to: IoCallDriver to NDIS IM #6132
    Deneb
    Participant

    Hello ,

    Thanks for the reply. The IM driver does not fail the request ( the IM driver is developed by me also ), and the main problem is the driver cannot be modified since it was certified and the binary cannot be modified anymore ( request from the outside world ). Perhaps the IM layer fails the request ( it was created with NdisMRegisterDevice ).
    When the IM driver will be available for modification there will be more elegant solution … :)…

    in reply to: dial-up connections over NDIS #5900
    Deneb
    Participant

    thanks for your answer.

    I see in the NDIS_WAN_LINE_UP structure at my ProtocolStatus handler the member DeviceName is not unique for a connection, in time. That is, a specific connection may get a value at this param when it makes a connection and a different one other time, when it makes another connection. That is, the DeviceName is not unique, in time ( between shut down and reconnections ), for a connection. I need an identifier, unique in time for any connection that may go through my NDIS im driver, that cannot be changed unless you remove that connection from the system. It would be best if this ID could be available from a user mode process as well as from my NDIS IM driver.

    Any suggestion appreciated.

    in reply to: dial-up connections over NDIS #5898
    Deneb
    Participant

    please, repeat your answer in english, I cannot understand russian. Thanks a lot.

    in reply to: NdisTransferData question #5707
    Deneb
    Participant

    thnks GeN, it’s clear. One more question – the MiniportTransferData will be called before Ndis..Indicate.. returns? So – am I free to release the handle upon exit of ProtocolTransferDataComplete ( from where I do the indication )?

    Thnks a lot.

    in reply to: NDIS hooking firewall #5658
    Deneb
    Participant

    thank you for your help. I would like to know if someone knows here – what technique use sygate, zonealarm, mcafee and othere known firewalls? I seriously doubt they use ndis IM driver. Sygate si tell to use an intermediate driver teefer.sys, but I doubt it is a real ndis intermediate driver once it detects protocol driver registrations and so on. Do they have WHQL certification?

Viewing 10 posts - 1 through 10 (of 10 total)