Forum Replies Created
Hello SerpentFly ,
I think that is exactly the problem, the installer did not specify the correct load order in the registry.
after some more kernel debugging and research, I found out that IRP_MJ_CLOSE is a better place to delete all resources allocated for a PFILE_OBJECT than IRP_MJ_CLEANUP. I was deleting all resources allocated for a PFILE_OBJECT on IRP_MJ_CLEANUP, as inspired from tdi_fw sample. Can someone tell me his opinion on this?
Well, I figured out some clients does not clean all event handlers on some objects before calling IRP_MJ_CLEANUP on those objects. I need to keep the upper clients handlers and contexts and figure out when can I delete them ( as I cannot delete them on IRP_MJ_CLEANUP ). If someone encountered this problem till now and solved it, it would deliver great deal of help.
yeap, right, the sys process is loading drivers and so on… I think I will abandon the idea… the whole thing was about checking for microsoft signatures the main binary running the OS.
the code handling / filtering this request is doing
PIO_STACK_LOCATION pIOSL = IoGetCurrentIrpStackLocation( pIRP );
ICMP_ECHO_REQUEST* pIcmpEchoReq = ( ICMP_ECHO_REQUEST* )( &( pIOSL->Parameters ) );
pIcmpEchoReq has a strange format, it doesn’t contain any information that I have passed, such as the IP address to which I’ve issued the ping command. Perhaps there is smth wrong with my code?
Thanks for the reply. The IM driver does not fail the request ( the IM driver is developed by me also ), and the main problem is the driver cannot be modified since it was certified and the binary cannot be modified anymore ( request from the outside world ). Perhaps the IM layer fails the request ( it was created with NdisMRegisterDevice ).
When the IM driver will be available for modification there will be more elegant solution … :)…
thanks for your answer.
I see in the NDIS_WAN_LINE_UP structure at my ProtocolStatus handler the member DeviceName is not unique for a connection, in time. That is, a specific connection may get a value at this param when it makes a connection and a different one other time, when it makes another connection. That is, the DeviceName is not unique, in time ( between shut down and reconnections ), for a connection. I need an identifier, unique in time for any connection that may go through my NDIS im driver, that cannot be changed unless you remove that connection from the system. It would be best if this ID could be available from a user mode process as well as from my NDIS IM driver.
Any suggestion appreciated.
please, repeat your answer in english, I cannot understand russian. Thanks a lot.
thnks GeN, it’s clear. One more question – the MiniportTransferData will be called before Ndis..Indicate.. returns? So – am I free to release the handle upon exit of ProtocolTransferDataComplete ( from where I do the indication )?
Thnks a lot.
thank you for your help. I would like to know if someone knows here – what technique use sygate, zonealarm, mcafee and othere known firewalls? I seriously doubt they use ndis IM driver. Sygate si tell to use an intermediate driver teefer.sys, but I doubt it is a real ndis intermediate driver once it detects protocol driver registrations and so on. Do they have WHQL certification?