Forum Replies Created
-
Posts
-
А это где менять??? Что-то я не пойму..
🙄
ExInitializePagedLookasideList –> ExInitializeNPagedLookasideList
ExAllocateFromPagedLookasideList –> ExAllocateFromNPagedLookasideListВедь при компиляции в DDK при неверном IRQL на сколько я знаю он должен выдавать ошибку..
С чего бы это? Если бы компилятор вдавался в такие тонкости – цены бы ему не было.
Вообще если есть желание, то я могу куда-нибудь залить свой этот драйвер с исходниками.. Просто я не понимаю почему он не работает.
Я вроде явную ошибку указал, если BSOD был с кодом IRQL_NOT_LESS_OR_EQUAL то это тебе второе подтверждение. Поменяй paged lookaside list на non paged lookaside list и будет тебе счастье.
А вообще, неплохо было бы книжек почитать прежде чем драйвера писать…
Ну если так, то я сдаюсь и ошибка все-таки в ДНК 😆
Структура g_pPagedLookasideList аллокирована в NonPagedPool, но сам lookaside list при этом paged (ExInitializePagedLookasideList), другими словами все элеиенты в нем allocated from PagedPool. И использовать их на IRQL_DISPATCH_LEVEL низзя 😈
Первым делом, я бы проверил валидность сохраненных обработчика и контекста, а вообще смотреть нужно почему оригинап выпетает.
Не вижу всего кода, но если pBlockFromPagedLookasideList действительно аппокирован из paged pool, то падает вполне закономерно, так как ClientEventReceive вызывается на IRQL_DISPATCH_LEVEL.
WinDBG:
http://www.microsoft.com/whdc/devtools/debugging/default.mspx
Конфигурирование для работы с VMWare (вместо второй машины используем виртуальную):
http://silverstr.ufies.org/lotr0/windbg-vmware.html
Для SoftIce нужно скачать последний osinfo.dat, хотя если он перестал обновляться то может и не заработает.
Is there any exported variable like “NtBuildNumber” which keeps the Version Number and CSD String.
NtBuildNumber is exported by kernel, CSD string with service pack not.
Но у меня этот код почему-то постоянно синий экран выдает… никак не могу понять почему.
А отладчик на что?
SerpentFly, помоги пожалуйста.. Все что я смог сделать я отобразил это в коде.. Я реально зашел в тупик.. Помоги пожалуйста..
ClientEventReceive это не единственный event handler, который нужно перехватить, есть еще ClientEventReceiveExpedited, ClientEventChainedReceive.
И подскажите пожалуйста как вытащить принятые пакеты и от куда их вообще нужно вытаскивать, из Tsdu?
Да, вообще повнимательней читай DDK, там все написано в комментариях к event handler’ам.
have set the mode of capturing as follows:
ADAPTER_MODE Mode;
Mode.dwFlags = MSTCP_FLAG_RECV_TUNNELis that correct??
This will allow you to pre-process all packets received by your system, if this is what you intended to do then this is correct.
If the WinPKFilter installed in a gateway can it capture the packets that send to another destination IP address not of the gateway itself (if can tell me how can I do this by providing me with some code samples) or it can only capture the packets that send with destination IP address of the gateway only.
Routed packets (destined to systems different from the Gateway) are also captured. Actually they are captured twice, when received on one network interface and when forwarded to another one.
I realized the net control its done by implementing a firewall-hook driver… the idea is to make a function filter that it is called when its revieved a package and discarded/accepted depends on the logic of the function filter. It uses ipfirewall.h wich was introduced in Win 2000 DDK … so this is a case of “functions added in Windows 2000 kernel and missed in NT4”, isnt it?
Firewall hook driver was added in Windows 2000 and you are right that you can’t use it under Windows NT. Actually there are two options to implement firewall in Windows NT:
1) NDIS IM driver
2) NDIS hooking driverNDIS IM is pain in Windows NT, this type of driver was improved only with Windows 2000 release. So I would recommend NDIS hooking one. Implementing such type of driver from the scratch is not easy task and you better find something ready, like WinpkFilter.
RTFM DDK
Windows XP and below:
BOOLEAN
PsGetVersion(
PULONG MajorVersion OPTIONAL,
PULONG MinorVersion OPTIONAL,
PULONG BuildNumber OPTIONAL,
PUNICODE_STRING CSDVersion OPTIONAL
);
Parameters
MajorVersion
Points to a caller-supplied variable that this routine sets to the major version of the operating system. This optional parameter can be NULL.
MinorVersion
Points to a caller-supplied variable that this routine sets to the minor version of the operating system. This optional parameter can be NULL.
BuildNumber
Points to a caller-supplied variable that this routine sets to the current build number of the operating system. This optional parameter can be NULL.
CSDVersion
Points to a caller-allocated buffer in which this routine returns the current service-pack version as a Unicode string only during system driver initialization. This optional parameter can be NULL.Windows XP and above
NTSTATUS
RtlGetVersion(
IN OUT PRTL_OSVERSIONINFOW lpVersionInformation
);
Parameters
lpVersionInformation
Pointer to either a RTL_OSVERSIONINFOW structure or a RTL_OSVERSIONINFOEXW structure that contains the version information about the currently running operating system. A caller specifies which input structure is used by setting the dwOSVersionInfoSize member of the structure to the size in bytes of the structure that is used.typedef struct _OSVERSIONINFOEXW {
ULONG dwOSVersionInfoSize;
ULONG dwMajorVersion;
ULONG dwMinorVersion;
ULONG dwBuildNumber;
ULONG dwPlatformId;
WCHAR szCSDVersion[ 128 ]; // Maintenance string for PSS usage
USHORT wServicePackMajor;
USHORT wServicePackMinor;
USHORT wSuiteMask;
UCHAR wProductType;
UCHAR wReserved;
} RTL_OSVERSIONINFOEXW;1. Should I use DDK NT for the migration? Is it impossible to use later DDKs? I have XP DDK that contains a libw2k, libwxp, libwnet… but no something like libwnt. I ask it because I would want to use Ntstrsafe.lib and it is *said that I can use it for NT, but there is no Ntstrsafe.lib in DDK NT.
You can use Windows XP DDK and build NT driver with Windows 2000 building environment. Just avoid using functions added in Windows 2000 kernel and missed in NT4 (most of WDM stuff). Also, don’t forget to link exsup.lib to your driver, otherwise you may get some problems with trying to load your driver on Windows NT (an example if it uses SEH).
2. When I try to compile the driver with NT DDK as we can expect I get a lot of errors… unknown symbol OBJ_KERNEL_HANDLE, unfinded ndis.h, etc. What strategies do you advice me to resolve it? should i rewrite some entire parts of the code or could I fix it with a few changes? when I comment the ndis.h include it has a great impact … i guess there is no way to use it in NT drivers… so much changed the net interface?
OBJ_KERNEL_HANDLE, was added in Windows 2000, so you better make a workaround for this (move the code which operates with handles into the context of the System thread). ndis.h presents in Windows NT DDK, so basically there should not be any real problem with it. Just be more careful with NDIS version definitions.
3 and last. Im debugging the xp version with WinDbg through a serial COM1 cable. Can you recommend me better way to do it? I mean, something with virtual machine would be enough for this job?
You can run test system under VMWare, it works just fine with WinDBG. Under Windows NT4 it may be also useful to try SoftIce (it is discontinued but for NT4 works quite well).
