Vadim Smirnov

Forum Replies Created

Viewing 15 posts - 1,036 through 1,050 (of 1,496 total)
  • Author
    Posts
  • in reply to: Packet filtering for pornography blocking #6362
    Vadim Smirnov
    Keymaster

      I’m glad tat the issue is resolved.

      i checked the signdrv.bat file to see the script. there are no options for “save” and “restore”. But my question is how they are successfully executed during installation of winpkfilter?

      The reason is that there are two versions of signdrv.bat with different syntax. Latest one has simplified syntax of disable/enable. Thats why you got that error message.

      in reply to: Packet filtering for pornography blocking #6359
      Vadim Smirnov
      Keymaster

        please send the install script.

        E-mailed to the address specified in the forum details.

        Just for sure, are you playing with standard or custom build? Here can be the difference, since custom build has different device name.

        in reply to: Packet filtering for pornography blocking #6357
        Vadim Smirnov
        Keymaster

          the winpkfilter installation on vista (x86) is installed smoothly and I am able to run test applications successfully.

          So installer was able to install WinpkFilter driver successfully, but you can’t install files taken from “winpkfilter frameworkkerneldriver” on ANOTHER Vista x86 system?

          This is very confusing… I can send you installation script to refer, but it does not do anything special beyond mentioned commands.

          in reply to: why not i can load the NDISRD.sys by code #6465
          Vadim Smirnov
          Keymaster

            If you mean NDIS hooking variant of WinpkFilter then it MUST be loaded after NDIS.SYS and before TCPIP.SYS to work normally, otherwise it not able to intercept TCP/IP protcol registration.

            If you are about NDIS IM variant, then it can be added/removed dynamically in most cases, but SCM API is not suitable to this. I would recommend having a look at SNETCFG sample from DDK.

            in reply to: Send Raw Packet. #6462
            Vadim Smirnov
            Keymaster

              I’m wondering if it has the ability to send raw packet???

              Sure it can.

              int main(int argc, char* argv[])
              {
              UINT counter = 0;
              ether_header* pEthHeader = NULL;

              if (argc < 3)
              {
              printf ("Command line syntax:ntsender.exe index numntindex - network interface index.ntnum - number or packets to sendntYou can use ListAdapters to determine correct index.n");
              return 0;
              }

              iIndex = atoi(argv[1]) - 1;
              counter = atoi(argv[2]);

              if(!api.IsDriverLoaded())
              {
              printf ("Driver not installed on this system of failed to load.n");
              return 0;
              }

              api.GetTcpipBoundAdaptersInfo ( &AdList );

              if ( iIndex + 1 > AdList.m_nAdapterCount )
              {
              printf("There is no network interface with such index on this system.n");
              return 0;
              }

              // Initialize Request
              ZeroMemory ( &Request, sizeof(ETH_REQUEST) );
              ZeroMemory ( &PacketBuffer, sizeof(INTERMEDIATE_BUFFER) );
              Request.EthPacket.Buffer = &PacketBuffer;
              Request.hAdapterHandle = (HANDLE)AdList.m_nAdapterHandle[iIndex];

              pEthHeader = (ether_header*)PacketBuffer.m_IBuffer;

              memcpy(&pEthHeader->h_source, AdList.m_czCurrentAddress[iIndex], ETH_ALEN);
              memset(&pEthHeader->h_dest, 0xFF, ETH_ALEN);
              pEthHeader->h_proto = ETH_P_IP;
              Request.EthPacket.Buffer->m_Length = MAX_ETHER_FRAME;

              while (counter--)
              api.SendPacketToAdapter(&Request);

              return 0;
              }

              The code above initializes Ethernet header (broadcast IP packet) and sends it over the network. IP header and above are not initialized (packet is filled by zeros).

              in reply to: IP fragments reassembly #6461
              Vadim Smirnov
              Keymaster

                I think you could test with large ICMP PING packets. PING utility from Windows allows sending PING packet of large length (up to maximum IP packet size) which is fragmented by TCP/IP.

                in reply to: Packet filtering for pornography blocking #6355
                Vadim Smirnov
                Keymaster

                  1) Are you trying to install on Vista x86 or x64?
                  2) Have you taken the correct drivers, INF files and snetcfg matching the OS (32 bit driver for x86, 64 bit for x64)? May be the problem in snetcfg tool if you have taken the original version from DDK instead the modified one we use.
                  3) Commands mentioned should be executed under Administrator account. You have mentioned that you tried, but I would recommend to recheck.
                  4) And the last, if you run WinpkFilter run-time installation does it install normally?

                  in reply to: winpkfilter on Vista x64 – wake on LAN breaks #6460
                  Vadim Smirnov
                  Keymaster

                    I did some searching around on the net and read that intermediate filter drivers like winpkfilter can break things like wake-on-lan.

                    Can you give some links on what you have found? Basically IM driver can break wake-on-lan if you want to do so, but WinpkFilter does not try to do it on purpose 8)

                    Also, is there any WinpkFilter application running when you go into standby? If there is then breaking wake-on-lan is possible because no packets can be processed by application which does not get any processor time.

                    in reply to: Change the status of a network interface #6459
                    Vadim Smirnov
                    Keymaster

                      I don’t think that there is a documented API/interface to do what you want, but probably you should be able to change the behaviour and view of visual elements (windows) by subclassing them with SetWindowsHookEx.

                      in reply to: TDI driver filter #6440
                      Vadim Smirnov
                      Keymaster

                        Тестовую версию LNM 2.2.3 можно посмотреть по ссылкам ниже (монитор и АПИ):

                        http://www.ntkernel.com/temp/NtTdiApiRt.zip
                        http://www.ntkernel.com/temp/LocalNetMonTrial.zip

                        Что нового:
                        1. Поддержка Висты.
                        Драйвера подписаны тестовым сертификатом, поэтому инсталлер монитора говорит, что поддержка Vista x64 экспериментальная и требует отключения проверки подписи. На специальной страничке предлагается сделать это автоматически.
                        2. Исправлен баг при обработки send’а (не send datagram,а имена send) для протокола UDP, который приводил к неправильному определению remote address’а.

                        Версия предварительная.

                        in reply to: TDI driver filter #6439
                        Vadim Smirnov
                        Keymaster

                          Ха, сделали пустышку что ли? которая по сути изменяет поле аттач, по которому как я понял и определячется, есть ли кто то присоединенный к стеку в висте.

                          Максимальный эффект при минимуме изменений в оттестированной кодовой базе. 8)

                          Вообще патч мажоров более универсальный способ, так как драйвер по сути можно загрузить в любой момент, никаких тебе проблем с нехваткой stack locations и жесткого порядка загрузки.

                          in reply to: TDI driver filter #6437
                          Vadim Smirnov
                          Keymaster

                            В общем-то тестовый вариант готов. Пошли обходным путем, приататчили девайсы к стеку (что заставляет систему вести трафик через TDI), но архитектуру (патч мажоров) менять не стали.

                            Думаю в понедельник можно будет посмотреть.

                            in reply to: BSOD in afd!AfdBReceiveEventHandler #6452
                            Vadim Smirnov
                            Keymaster

                              So, my question is – before you get IRP_MJ_CLEANUP on a file object, does the upper client cleans all handlers passed via TDI_SET_EVENT_HANDLER, by calling you via TDI_SET_EVENT_HANDLER with NULL parameters, for the SAME file object?

                              Basically this depends from TDI client. In your case you have to check AFD behavior if you suspect it causing the crash. Though the exact reason can be figured out only from the crash dump…

                              in reply to: TDI driver filter #6435
                              Vadim Smirnov
                              Keymaster

                                Тогда собственно новый вопрос, можете ли это сделать? Поддрежку висты. Если это возможно то мы купим этот драйвер. Можно канечно самим это сделать, но всеже в чужих сорцах копаться не очень хочется.

                                Мы тут посоветуемся с товарищами, если получится сделать это быстро и безболезненно, то сделаем.

                                in reply to: [eng][rus] ClientEventReceive problems #6446
                                Vadim Smirnov
                                Keymaster

                                  Ну в общем все верно, первым делом всегда нужно смотреть что проходит по сети, а потом уже строить предположения 8)

                                  Не смотрел те обертки, но в принципе почему бы и нет. Другое дело, что чужие баги ловить бывает намного сложнее чем свои…

                                Viewing 15 posts - 1,036 through 1,050 (of 1,496 total)