Vadim Smirnov

Forum Replies Created

Viewing 15 posts - 1,216 through 1,230 (of 1,507 total)
  • Author
    Posts
  • in reply to: can I invoke winpkfilter functions in C#? #6129
    Vadim Smirnov
    Keymaster

      ndisapi.dll is a Win32 DLL and you can call it from C#. Please check the links below about calling Win32 DLL from C#

      http://www.codeproject.com/Purgatory/C_DLL_with_Csharp.asp
      http://msdn.microsoft.com/msdnmag/issues/02/08/CQA/
      http://msdn.microsoft.com/msdnmag/issues/03/07/NET/

      in reply to: Install Remotely NeT Firewall #6126
      Vadim Smirnov
      Keymaster

        My question, is that possible to intall remotely Net-Firewall to our dedicated server over VNC?

        Yes, you can install NeT Firewall rmotely using Remote Desktop or VNC.

        Is your program will blocked my VNC traffic after restart the machine?

        After installation NeT Firewall start in PASS ALL default mode and it won’t block VNC. You have to configure NeT Firewall after this and be carefull with setting rules and modes because one of the rules or modes may block VNC. I would recommend to create ALLOW rule for VNC traffic before creating any other rules.

        in reply to: Blocking All Access for an IP address #6125
        Vadim Smirnov
        Keymaster

          It should be enough to create the single rule with NeT Firewall to block the specific IP address (create the DENY rule which specifies the source IP and leave all other fields unchanged).

          If you still have problem with it then could you please send some screenshots (firewall rules, log) to support(at)ntkernel.com?

          in reply to: retrieving full process image path name in kernel mode #5878
          Vadim Smirnov
          Keymaster

            Also isn’t IoGetCurrentProcess() is a kernel routine not user mode?

            It is kernel routine but see the topic title “retrieving full process image path name in kernel mode”. 8)

            And can show me your EPROCESS structure?

            EPROCESS definitions for NT 4.0, 2000, XP, 2003 are below:

            typedef struct _EPROCESS_NT4
            {
            KPROCESS_NT4 Pcb;
            NTSTATUS ExitStatus;
            KEVENT LockEvent;
            ULONG LockCount;
            LARGE_INTEGER CreateTime;
            LARGE_INTEGER ExitTime;
            PKTHREAD_NT4 LockOwner;
            ULONG UniqueProcessId;
            LIST_ENTRY ActiveProcessLinks;
            ULONGLONG QuotaPeakPoolUsage;
            ULONGLONG QuotaPoolUsage;
            ULONG PagefileUsage;
            ULONG CommitCharge;
            ULONG PeakPagefileUsage;
            ULONG PeakVirtualSize;
            ULONGLONG VirtualSize;
            MMSUPPORT_NT4 Vm;
            ULONG LastProtoPteFault;
            ULONG DebugPort;
            ULONG ExceptionPort;
            PHANDLE_TABLE ObjectTable;
            PACCESS_TOKEN Token;
            FAST_MUTEX WorkingSetLock;
            ULONG WorkingSetPage;
            BOOLEAN ProcessOutswapEnabled;
            BOOLEAN ProcessOutswapped;
            BOOLEAN AddressSpaceInitialized;
            BOOLEAN AddressSpaceDeleted;
            FAST_MUTEX AddressCreationLock;
            KSPIN_LOCK HyperSpaceLock;
            PETHREAD_NT4 ForkInProgress;
            USHORT VmOperation;
            BOOLEAN ForkWasSuccessful;
            UCHAR MmAgressiveWsTrimMask;
            PKEVENT VmOperationEvent;
            HARDWARE_PTE PageDirectoryPte;
            ULONG LastFaultCount;
            ULONG ModifiedPageCount;
            PVOID VadRoot;
            PVOID VadHint;
            ULONG CloneRoot;
            ULONG NumberOfPrivatePages;
            ULONG NumberOfLockedPages;
            USHORT NextPageColor;
            BOOLEAN ExitProcessCalled;
            BOOLEAN CreateProcessReported;
            HANDLE SectionHandle;
            PPEB Peb;
            PVOID SectionBaseAddress;
            PEPROCESS_QUOTA_BLOCK QuotaBlock;
            NTSTATUS LastThreadExitStatus;
            PPROCESS_WS_WATCH_INFORMATION WorkingSetWatch;
            HANDLE Win32WindowStation;
            HANDLE InheritedFromUniqueProcessId;
            ACCESS_MASK GrantedAccess;
            ULONG DefaultHardErrorProcessing;
            PVOID LdtInformation;
            PVOID VadFreeHint;
            PVOID VdmObjects;
            KMUTANT ProcessMutant;
            UCHAR ImageFileName[16];
            ULONG VmTrimFaultValue;
            UCHAR SetTimerResolution;
            UCHAR PriorityClass;
            union
            {
            struct
            {
            UCHAR SubSystemMinorVersion;
            UCHAR SubSystemMajorVersion;
            };
            USHORT SubSystemVersion;
            };
            PVOID Win32Process;
            } EPROCESS_NT4, *PEPROCESS_NT4;

            typedef struct _EPROCESS_W2K
            {
            KPROCESS_W2K Pcb;
            NTSTATUS ExitStatus;
            KEVENT LockEvent;
            ULONG LockCount;
            LARGE_INTEGER CreateTime;
            LARGE_INTEGER ExitTime;
            PKTHREAD_W2K LockOwner;
            ULONG UniqueProcessId;
            LIST_ENTRY ActiveProcessLinks;
            ULONGLONG QuotaPeakPoolUsage;
            ULONGLONG QuotaPoolUsage;
            ULONG PagefileUsage;
            ULONG CommitCharge;
            ULONG PeakPagefileUsage;
            ULONG PeakVirtualSize;
            ULONGLONG VirtualSize;
            MMSUPPORT_W2K Vm;
            LIST_ENTRY SessionProcessLinks;
            ULONG DebugPort;
            ULONG ExceptionPort;
            PHANDLE_TABLE ObjectTable;
            PACCESS_TOKEN Token;
            FAST_MUTEX WorkingSetLock;
            ULONG WorkingSetPage;
            BOOLEAN ProcessOutswapEnabled;
            BOOLEAN ProcessOutswapped;
            BOOLEAN AddressSpaceInitialized;
            BOOLEAN AddressSpaceDeleted;
            FAST_MUTEX AddressCreationLock;
            KSPIN_LOCK HyperSpaceLock;
            PETHREAD_W2K ForkInProgress;
            USHORT VmOperation;
            BOOLEAN ForkWasSuccessful;
            UCHAR MmAgressiveWsTrimMask;
            PKEVENT VmOperationEvent;
            PVOID PaeTop;
            ULONG LastFaultCount;
            ULONG ModifiedPageCount;
            PVOID VadRoot;
            PVOID VadHint;
            ULONG CloneRoot;
            ULONG NumberOfPrivatePages;
            ULONG NumberOfLockedPages;
            USHORT NextPageColor;
            BOOLEAN ExitProcessCalled;
            BOOLEAN CreateProcessReported;
            HANDLE SectionHandle;
            PPEB Peb;
            PVOID SectionBaseAddress;
            PEPROCESS_QUOTA_BLOCK QuotaBlock;
            NTSTATUS LastThreadExitStatus;
            PPROCESS_WS_WATCH_INFORMATION WorkingSetWatch;
            HANDLE Win32WindowStation;
            HANDLE InheritedFromUniqueProcessId;
            ACCESS_MASK GrantedAccess;
            ULONG DefaultHardErrorProcessing;
            PVOID LdtInformation;
            PVOID VadFreeHint;
            PVOID VdmObjects;
            PDEVICE_MAP DeviceMap;
            ULONG SessionId;
            LIST_ENTRY PhysicalVadList;
            HARDWARE_PTE PageDirectoryPte;
            ULONG Filler;
            ULONG PaePageDirectoryPage;
            UCHAR ImageFileName[16];
            ULONG VmTrimFaultValue;
            UCHAR SetTimerResolution;
            UCHAR PriorityClass;
            union
            {
            struct
            {
            UCHAR SubSystemMinorVersion;
            UCHAR SubSystemMajorVersion;
            };
            USHORT SubSystemVersion;
            };
            PVOID Win32Process;
            PEJOB Job;
            ULONG JobStatus;
            LIST_ENTRY JobLinks;
            PVOID LockedPageList;
            PVOID SecurityPort;
            PWOW64_PROCESS Wow64Process;
            LARGE_INTEGER ReadOperationCount;
            LARGE_INTEGER WriteOperationCount;
            LARGE_INTEGER OtherOperationCount;
            LARGE_INTEGER ReadTransferCount;
            LARGE_INTEGER WriteTransferCount;
            LARGE_INTEGER OtherTransferCount;
            ULONG CommitChargeLimit;
            ULONG CommitChargePeek;
            LIST_ENTRY ThreadListHead;
            PRTL_BITMAP VadPhysicalPagesBitMap;
            ULONG VadPhysicalPages;
            ULONG AweLock;
            } EPROCESS_W2K, *PEPROCESS_W2K;

            typedef struct _EPROCESS_XP
            {
            KPROCESS_XP Pcb;
            EX_PUSH_LOCK ProcessLock;
            LARGE_INTEGER CreateTime;
            LARGE_INTEGER ExitTime;
            EX_RUNDOWN_REF RundownProtect;
            PVOID UniqueProcessId;
            LIST_ENTRY ActiveProcessLinks;
            ULONG QuotaUsage[3];
            ULONG QuotaPeak[3];
            ULONG CommitCharge;
            ULONG PeakVirtualSize;
            ULONG VirtualSize;
            LIST_ENTRY SessionProcessLinks;
            PVOID DebugPort;
            PVOID ExceptionPort;
            PHANDLE_TABLE ObjectTable;
            EX_FAST_REF Token;
            FAST_MUTEX WorkingSetLock;
            ULONG WorkingSetPage;
            FAST_MUTEX AddressCreationLock;
            KSPIN_LOCK HyperSpaceLock;
            PETHREAD_XP ForkInProgress;
            ULONG HardwareTrigger;
            PVOID VadRoot;
            PVOID VadHint;
            PVOID CloneRoot;
            ULONG NumberOfPrivatePages;
            ULONG NumberOfLockedPages;
            PVOID Win32Process;
            PEJOB Job;
            PSECTION_OBJECT SectionObject;
            PVOID SectionBaseAddress;
            PEPROCESS_QUOTA_BLOCK QuotaBlock;
            PPAGEFAULT_HISTORY WorkingSetWatch;
            PVOID Win32WindowStation;
            PVOID InheritedFromUniqueProcessId;
            PVOID LdtInformation;
            PVOID VadFreeHint;
            PVOID VdmObjects;
            PDEVICE_MAP DeviceMap;
            LIST_ENTRY PhysicalVadList;
            union
            {
            HARDWARE_PTE PageDirectoryPte;
            ULONGLONG Filler;
            };
            PVOID Session;
            UCHAR ImageFileName[16];
            LIST_ENTRY JobLinks;
            PVOID LockedPageList;
            LIST_ENTRY ThreadListHead;
            PVOID SecurityPort;
            PVOID PaeTop;
            ULONG ActiveThreads;
            ULONG GrantedAccess;
            ULONG DefaultHardErrorProcessing;
            NTSTATUS LastThreadExitStatus;
            PPEB Peb;
            EX_FAST_REF PrefetchTrace;
            LARGE_INTEGER ReadOperationCount;
            LARGE_INTEGER WriteOperationCount;
            LARGE_INTEGER OtherOperationCount;
            LARGE_INTEGER ReadTransferCount;
            LARGE_INTEGER WriteTransferCount;
            LARGE_INTEGER OtherTransferCount;
            ULONG CommitChargeLimit;
            ULONG CommitChargePeek;
            PVOID AweInfo;
            SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
            MMSUPPORT_XP Vm;
            ULONG LastFaultCount;
            ULONG ModifiedPageCount;
            ULONG NumberOfVads;
            ULONG JobStatus;
            union
            {
            ULONG Flags;
            struct
            {
            ULONG CreateReported : 1;
            ULONG NoDebugInherit : 1;
            ULONG ProcessExiting : 1;
            ULONG ProcessDelete : 1;
            ULONG Wow64SplitPages : 1;
            ULONG VmDeleted : 1;
            ULONG OutswapEnabled : 1;
            ULONG Outswapped : 1;
            ULONG ForkFailed : 1;
            ULONG HasPhysicalVad : 1;
            ULONG AddressSpaceInitialized : 2;
            ULONG SetTimerResolution : 1;
            ULONG BreakOnTermination : 1;
            ULONG SessionCreationUnderway : 1;
            ULONG WriteWatch : 1;
            ULONG ProcessInSession : 1;
            ULONG OverrideAddressSpace : 1;
            ULONG HasAddressSpace : 1;
            ULONG LaunchPrefetched : 1;
            ULONG InjectInpageErrors : 1;
            ULONG Unused : 11;
            };
            };
            NTSTATUS ExitStatus;
            USHORT NextPageColor;
            union
            {
            struct
            {
            UCHAR SubSystemMinorVersion;
            UCHAR SubSystemMajorVersion;
            };
            USHORT SubSystemVersion;
            };
            UCHAR PriorityClass;
            BOOLEAN WorkingSetAcquiredUnsafe;
            } EPROCESS_XP, *PEPROCESS_XP;

            typedef struct _EPROCESS_2K3
            {
            /*+0x000*/ KPROCESS_2K3 Pcb;
            /*+0x06c*/ EX_PUSH_LOCK ProcessLock;
            /*+0x070*/ LARGE_INTEGER CreateTime;
            /*+0x078*/ LARGE_INTEGER ExitTime;
            /*+0x080*/ EX_RUNDOWN_REF RundownProtect;
            /*+0x084*/ PVOID UniqueProcessId;
            /*+0x088*/ LIST_ENTRY ActiveProcessLinks;
            /*+0x090*/ ULONG QuotaUsage[3];
            /*+0x09c*/ ULONG QuotaPeak[3];
            /*+0x0a8*/ ULONG CommitCharge;
            /*+0x0ac*/ ULONG PeakVirtualSize;
            /*+0x0b0*/ ULONG VirtualSize;
            /*+0x0b4*/ LIST_ENTRY SessionProcessLinks;
            /*+0x0bc*/ PVOID DebugPort;
            /*+0x0c0*/ PVOID ExceptionPort;
            /*+0x0c4*/ PHANDLE_TABLE ObjectTable;
            /*+0x0c8*/ EX_FAST_REF Token;
            /*+0x0cc*/ ULONG WorkingSetPage;
            /*+0x0d0*/ KGUARDED_MUTEX AddressCreationLock;
            /*+0x0f0*/ KSPIN_LOCK HyperSpaceLock;
            /*+0x0f4*/ PETHREAD_2K3 ForkInProgress;
            /*+0x0f8*/ ULONG HardwareTrigger;
            /*+0x0fc*/ PMM_AVL_TABLE PhysicalVadRoot;
            /*+0x100*/ PVOID CloneRoot;
            /*+0x104*/ ULONG NumberOfPrivatePages;
            /*+0x108*/ ULONG NumberOfLockedPages;
            /*+0x10c*/ PVOID Win32Process;
            /*+0x110*/ PEJOB Job;
            /*+0x114*/ PSECTION_OBJECT SectionObject;
            /*+0x118*/ PVOID SectionBaseAddress;
            /*+0x11c*/ PEPROCESS_QUOTA_BLOCK QuotaBlock;
            /*+0x120*/ PPAGEFAULT_HISTORY WorkingSetWatch;
            /*+0x124*/ PVOID Win32WindowStation;
            /*+0x128*/ PVOID InheritedFromUniqueProcessId;
            /*+0x12c*/ PVOID LdtInformation;
            /*+0x130*/ PVOID VadFreeHint;
            /*+0x134*/ PVOID VdmObjects;
            /*+0x138*/ PVOID DeviceMap;
            /*+0x13c*/ PVOID Spare0[3];
            union {
            /*+0x148*/HARDWARE_PTE PageDirectoryPte;
            /*+0x148*/ULONGLONG Filler;
            };
            /*+0x150*/ PVOID Session;
            /*+0x154*/ UCHAR ImageFileName[16];
            /*+0x164*/ LIST_ENTRY JobLinks;
            /*+0x16c*/ PVOID LockedPagesList;
            /*+0x170*/ LIST_ENTRY ThreadListHead;
            /*+0x178*/ PVOID SecurityPort;
            /*+0x17c*/ PVOID PaeTop;
            /*+0x180*/ ULONG ActiveThreads;
            /*+0x184*/ ULONG GrantedAccess;
            /*+0x188*/ ULONG DefaultHardErrorProcessing;
            /*+0x18c*/ NTSTATUS LastThreadExitStatus;
            /*+0x190*/ PPEB Peb;
            /*+0x194*/ EX_FAST_REF PrefetchTrace;
            /*+0x198*/ LARGE_INTEGER ReadOperationCount;
            /*+0x1a0*/ LARGE_INTEGER WriteOperationCount;
            /*+0x1a8*/ LARGE_INTEGER OtherOperationCount;
            /*+0x1b0*/ LARGE_INTEGER ReadTransferCount;
            /*+0x1b8*/ LARGE_INTEGER WriteTransferCount;
            /*+0x1c0*/ LARGE_INTEGER OtherTransferCount;
            /*+0x1c8*/ ULONG CommitChargeLimit;
            /*+0x1cc*/ ULONG CommitChargePeak;
            /*+0x1d0*/ PVOID AweInfo;
            /*+0x1d4*/ SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo;
            /*+0x1d8*/ MMSUPPORT_2K3 Vm;
            /*+0x238*/ LIST_ENTRY MmProcessLinks;
            /*+0x240*/ ULONG ModifiedPageCount;
            /*+0x244*/ ULONG JobStatus;
            union{
            /*+0x248*/ ULONG Flags;
            struct{
            /*+0x248*/ ULONG CreateReported : 1;
            /*+0x248*/ ULONG NoDebugInherit : 1;
            /*+0x248*/ ULONG ProcessExiting : 1;
            /*+0x248*/ ULONG ProcessDelete : 1;
            /*+0x248*/ ULONG Wow64SplitPages : 1;
            /*+0x248*/ ULONG VmDeleted : 1;
            /*+0x248*/ ULONG OutswapEnabled : 1;
            /*+0x248*/ ULONG Outswapped : 1;
            /*+0x248*/ ULONG ForkFailed : 1;
            /*+0x248*/ ULONG Wow64VaSpace4Gb : 1;
            /*+0x248*/ ULONG AddressSpaceInitialized :2;
            /*+0x248*/ ULONG SetTimerResolution : 1;
            /*+0x248*/ ULONG BreakOnTermination : 1;
            /*+0x248*/ ULONG SessionCreationUnderway :1;
            /*+0x248*/ ULONG WriteWatch : 1;
            /*+0x248*/ ULONG ProcessInSession : 1;
            /*+0x248*/ ULONG OverrideAddressSpace : 1;
            /*+0x248*/ ULONG HasAddressSpace : 1;
            /*+0x248*/ ULONG LaunchPrefetched : 1;
            /*+0x248*/ ULONG InjectInpageErrors : 1;
            /*+0x248*/ ULONG VmTopDown : 1;
            /*+0x248*/ ULONG ImageNotifyDone : 1;
            /*+0x248*/ ULONG PdeUpdateNeeded : 1;
            /*+0x248*/ ULONG VdmAllowed : 1;
            /*+0x248*/ ULONG Unused : 7;
            };
            };
            /*+0x24c*/ NTSTATUS ExitStatus;
            /*+0x250*/ USHORT NextPageColor;
            union {
            struct {
            /*+0x252*/ UCHAR SubSystemMinorVersion;
            /*+0x253*/ UCHAR SubSystemMajorVersion;
            };
            /*+0x252*/ USHORT SubSystemVersion;
            };

            /*+0x254*/ UCHAR PriorityClass;
            /*+0x258*/ MM_AVL_TABLE VadRoot;
            } EPROCESS_2K3, *PEPROCESS_2K3;
            in reply to: Receive() indications and IRQL #6123
            Vadim Smirnov
            Keymaster

              So, in this case, I wonder if it’s a good idea to raise IRQL to dispatch prior invoking Receive() handlers?

              Yes, this is basically what you have to do.

              in reply to: Receive() indications and IRQL #6121
              Vadim Smirnov
              Keymaster

                Protocol driver expects that its ProtocolReceive handler is called at DISPATCH_LEVEL (refer the DDK documentation where it is explicitely specified “…ProtocolReceive runs at IRQL = DISPATCH_LEVEL…”).

                Since protocol driver assumes that it was called at DISPATCH_LEVEL then it could use KeAcquireSpinLock/KeReleaseSpinLockFromDpcLevel, an example instead KeAcquireSpinLock/KeReleaseSpinLock or something similar. It is not a good sample but when called on DISPATCH_LEVEL both pairs work on the same way.

                in reply to: how many adapters can we capture and modify packets on? #6118
                Vadim Smirnov
                Keymaster

                  Basically I don’t see any problems with processing packet from the single thread (processing packets does not really consumes all processor time and queue never grows as large unless your system is overloaded, but you can also assign the higher priority to the packet processing thread to avoid this). However, if you are looking for better packet scheduling between adapters you can create one thread per interface…

                  in reply to: how can I detect an active Internet connection? #6115
                  Vadim Smirnov
                  Keymaster

                    Two lines are most important here:

                    Network Destination Netmask Gateway Interface Metric
                    0.0.0.0 0.0.0.0 172.19.0.2 172.19.3.182 30
                    0.0.0.0 0.0.0.0 207.162.10.253 207.162.10.161 20

                    One route has metric 20, and another one 30. First of all Windows tries to connect thru adapter with better (less) metric, if it fails then it tries another one. So your default internet connection is thru 207.162.10.161 and it is also confirmed by your default gateway 207.162.10.253.

                    in reply to: how many adapters can we capture and modify packets on? #6116
                    Vadim Smirnov
                    Keymaster

                      If there are more than one adatper on a machine, can I capture and modify packets on those adapters simultaneously?

                      Sure, you can. You can process all packets from the single thread (put adapters into filtering mode and call WaitForMultipleObjects) or create a dedicated thread for each adapter (and use WaitForSingleObject just like PassThru sample does).

                      It is easy to emulate the multiply threads approach if start PassThru sample on two or more adapters simultaneously.

                      If you are registered WinpkFilter customer you can download the source code for the Internet Gateway advanced sample http://www.ntkernel.com/w&p.php?id=31 which demonstrates filtering and modifying packets over multiply adapters.

                      in reply to: how can I detect an active Internet connection? #6113
                      Vadim Smirnov
                      Keymaster

                        Internet connection can be identified by checking systems IP routing table (sample output from “route print”):

                        ===========================================================================
                        Interface List
                        0x1 ........................... MS TCP Loopback interface
                        0x2 ...00 0e a6 a6 7c b6 ...... Realtek RTL8139 Family PCI Fast Ethernet NIC - Packet Scheduler Miniport
                        ===========================================================================
                        ===========================================================================
                        Active Routes:
                        Network Destination Netmask Gateway Interface Metric
                        0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.101 20
                        127.0.0.0 255.0.0.0 127.0.0.1 127.0.0.1 1
                        192.168.1.0 255.255.255.0 192.168.1.101 192.168.1.101 20
                        192.168.1.101 255.255.255.255 127.0.0.1 127.0.0.1 20
                        192.168.1.255 255.255.255.255 192.168.1.101 192.168.1.101 20
                        224.0.0.0 240.0.0.0 192.168.1.101 192.168.1.101 20
                        255.255.255.255 255.255.255.255 192.168.1.101 192.168.1.101 1
                        Default Gateway: 192.168.1.1
                        ===========================================================================
                        Persistent Routes:
                        None

                        First line with the default route network 0.0.0.0 mask 0.0.0.0 gateway 192.168.1.1 interface 192.168.1.101 points that I’m currently connected to Internet thru the network interface with IP 192.168.1.101. I may have many Internet connection but this is the default one.

                        You can request routing information programmatically using IP helper API (GetIpForwardTable) and register the callback handler for any routing table changes (NotifyRouteChange) in order to be notified about changing the Internet connection.

                        in reply to: HTTP Redirection #6110
                        Vadim Smirnov
                        Keymaster

                          На WinpkFilter здесь есть http://www.ntkernel.com/w&p.php?id=31

                          in reply to: SMP BSOD ExFreeMemoryWithTag #6111
                          Vadim Smirnov
                          Keymaster

                            try to unload driver on smp-somputer and system gets bsod (in ExFreeMemoryWithTag), on uni-processor computer evererything is ok.

                            Probably syncronization problem…

                            but debuger gets that ExFreeMemoryWithTag couses BAD_POOL_CALLER

                            Memory was already released or your memory pointer was corrupted. Put the breakpoint on the pointer access and trace all operations with it during your driver unload.

                            in reply to: HTTP Redirection #6108
                            Vadim Smirnov
                            Keymaster

                              SerpentFly – ты русский? Если да – то пиши по-русски)) А то я думал тут все из-за бугра.
                              Еще ethreal ом посмотрел – модифицированные http пакеты не выходят(( просто Ip(ping) telnet – нормально.

                              Странно это все, разницы между телнетом и HTTP на этом уровне нет никакой, ты например можешь телнетом приконектится на 80 порт. Единственное, в HTTP GET запросе по хорошему нужно править еще и имя хоста, иначе сервер может не ответить.

                              Сам пакет разумеется никуда деться сам по себе не может. В сеть можно полный мусор слать при желании. Может быть стоит что-то (типа фаервола) что пакеты режет по каким-то своим таинственным критериям, в общем так посоветовать что-то сложно, нужно разбираться с данной конкретной системой. Могу посоветовать только попробовать все на чистой системе и сравнить.

                              in reply to: HTTP Redirection #6106
                              Vadim Smirnov
                              Keymaster

                                When you change IP address in the TCP packet you must also recalculate TCP checksum (IP address is included in the pseudo header). Other things are similar to ICMP if you have managed to get it working already.

                                in reply to: Hooking adapter functions on XP sp2 #6103
                                Vadim Smirnov
                                Keymaster

                                  So, I tried hooking SendCompleteHandler inside NDIS_MNIPORT_BLOCK in MyMiniportInitialize just before I forward the call to the adapter, but, it does not seem to work. I mean my function is not invoked…

                                  SendCompleteHandler seems to be initialized by NDIS after calling miniport InitializeHandler (and your MyMiniportInitialize), that is why your hook does not work.

                                  P.S. You can apply your hook on first SendHandler invoked, an example.

                                Viewing 15 posts - 1,216 through 1,230 (of 1,507 total)