Forum Replies Created
-
Posts
-
I’m glad tat the issue is resolved.
i checked the signdrv.bat file to see the script. there are no options for “save” and “restore”. But my question is how they are successfully executed during installation of winpkfilter?
The reason is that there are two versions of signdrv.bat with different syntax. Latest one has simplified syntax of disable/enable. Thats why you got that error message.
please send the install script.
E-mailed to the address specified in the forum details.
Just for sure, are you playing with standard or custom build? Here can be the difference, since custom build has different device name.
the winpkfilter installation on vista (x86) is installed smoothly and I am able to run test applications successfully.
So installer was able to install WinpkFilter driver successfully, but you can’t install files taken from “winpkfilter frameworkkerneldriver” on ANOTHER Vista x86 system?
This is very confusing… I can send you installation script to refer, but it does not do anything special beyond mentioned commands.
If you mean NDIS hooking variant of WinpkFilter then it MUST be loaded after NDIS.SYS and before TCPIP.SYS to work normally, otherwise it not able to intercept TCP/IP protcol registration.
If you are about NDIS IM variant, then it can be added/removed dynamically in most cases, but SCM API is not suitable to this. I would recommend having a look at SNETCFG sample from DDK.
I’m wondering if it has the ability to send raw packet???
Sure it can.
int main(int argc, char* argv[])
{
UINT counter = 0;
ether_header* pEthHeader = NULL;
if (argc < 3)
{
printf ("Command line syntax:ntsender.exe index numntindex - network interface index.ntnum - number or packets to sendntYou can use ListAdapters to determine correct index.n");
return 0;
}
iIndex = atoi(argv[1]) - 1;
counter = atoi(argv[2]);
if(!api.IsDriverLoaded())
{
printf ("Driver not installed on this system of failed to load.n");
return 0;
}
api.GetTcpipBoundAdaptersInfo ( &AdList );
if ( iIndex + 1 > AdList.m_nAdapterCount )
{
printf("There is no network interface with such index on this system.n");
return 0;
}
// Initialize Request
ZeroMemory ( &Request, sizeof(ETH_REQUEST) );
ZeroMemory ( &PacketBuffer, sizeof(INTERMEDIATE_BUFFER) );
Request.EthPacket.Buffer = &PacketBuffer;
Request.hAdapterHandle = (HANDLE)AdList.m_nAdapterHandle[iIndex];
pEthHeader = (ether_header*)PacketBuffer.m_IBuffer;
memcpy(&pEthHeader->h_source, AdList.m_czCurrentAddress[iIndex], ETH_ALEN);
memset(&pEthHeader->h_dest, 0xFF, ETH_ALEN);
pEthHeader->h_proto = ETH_P_IP;
Request.EthPacket.Buffer->m_Length = MAX_ETHER_FRAME;
while (counter--)
api.SendPacketToAdapter(&Request);
return 0;
}
The code above initializes Ethernet header (broadcast IP packet) and sends it over the network. IP header and above are not initialized (packet is filled by zeros).
I think you could test with large ICMP PING packets. PING utility from Windows allows sending PING packet of large length (up to maximum IP packet size) which is fragmented by TCP/IP.
1) Are you trying to install on Vista x86 or x64?
2) Have you taken the correct drivers, INF files and snetcfg matching the OS (32 bit driver for x86, 64 bit for x64)? May be the problem in snetcfg tool if you have taken the original version from DDK instead the modified one we use.
3) Commands mentioned should be executed under Administrator account. You have mentioned that you tried, but I would recommend to recheck.
4) And the last, if you run WinpkFilter run-time installation does it install normally?I did some searching around on the net and read that intermediate filter drivers like winpkfilter can break things like wake-on-lan.
Can you give some links on what you have found? Basically IM driver can break wake-on-lan if you want to do so, but WinpkFilter does not try to do it on purpose 8)
Also, is there any WinpkFilter application running when you go into standby? If there is then breaking wake-on-lan is possible because no packets can be processed by application which does not get any processor time.
I don’t think that there is a documented API/interface to do what you want, but probably you should be able to change the behaviour and view of visual elements (windows) by subclassing them with SetWindowsHookEx.
Тестовую версию LNM 2.2.3 можно посмотреть по ссылкам ниже (монитор и АПИ):
http://www.ntkernel.com/temp/NtTdiApiRt.zip
http://www.ntkernel.com/temp/LocalNetMonTrial.zipЧто нового:
1. Поддержка Висты.
Драйвера подписаны тестовым сертификатом, поэтому инсталлер монитора говорит, что поддержка Vista x64 экспериментальная и требует отключения проверки подписи. На специальной страничке предлагается сделать это автоматически.
2. Исправлен баг при обработки send’а (не send datagram,а имена send) для протокола UDP, который приводил к неправильному определению remote address’а.Версия предварительная.
Ха, сделали пустышку что ли? которая по сути изменяет поле аттач, по которому как я понял и определячется, есть ли кто то присоединенный к стеку в висте.
Максимальный эффект при минимуме изменений в оттестированной кодовой базе. 8)
Вообще патч мажоров более универсальный способ, так как драйвер по сути можно загрузить в любой момент, никаких тебе проблем с нехваткой stack locations и жесткого порядка загрузки.
В общем-то тестовый вариант готов. Пошли обходным путем, приататчили девайсы к стеку (что заставляет систему вести трафик через TDI), но архитектуру (патч мажоров) менять не стали.
Думаю в понедельник можно будет посмотреть.
So, my question is – before you get IRP_MJ_CLEANUP on a file object, does the upper client cleans all handlers passed via TDI_SET_EVENT_HANDLER, by calling you via TDI_SET_EVENT_HANDLER with NULL parameters, for the SAME file object?
Basically this depends from TDI client. In your case you have to check AFD behavior if you suspect it causing the crash. Though the exact reason can be figured out only from the crash dump…
Тогда собственно новый вопрос, можете ли это сделать? Поддрежку висты. Если это возможно то мы купим этот драйвер. Можно канечно самим это сделать, но всеже в чужих сорцах копаться не очень хочется.
Мы тут посоветуемся с товарищами, если получится сделать это быстро и безболезненно, то сделаем.
