?? network.c
字號:
}
}
break;
}
case IRP_MJ_CLEANUP:
LOG(LOG_SS_NETWORK, LOG_PRIORITY_VERBOSE, ("IRP_MJ_CLEANUP\n"));
break;
case IRP_MJ_CLOSE:
LOG(LOG_SS_NETWORK, LOG_PRIORITY_VERBOSE, ("IRP_MJ_CLOSE\n"));
break;
default:
LOG(LOG_SS_NETWORK, LOG_PRIORITY_VERBOSE, ("TDIDispatch: default switch case triggered\n"));
break;
}
if (*status == STATUS_ACCESS_DENIED)
{
pIrp->IoStatus.Status = STATUS_ACCESS_DENIED;
IoCompleteRequest (pIrp, IO_NO_INCREMENT);
HOOK_TDI_EXIT(TRUE);
}
if (Callback.Routine)
{
LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("TDI Callback.Routine\n"));
//XXX IoCopyCurrentIrpStackLocationToNext()
IoSetCompletionRoutine(pIrp, Callback.Routine, Callback.Context, TRUE, TRUE, TRUE);
}
else
{
// Set up a completion routine to handle the bubbling of the "pending" mark of an IRP
// IoSetCompletionRoutine(pIrp, GenericCompletion, NULL, TRUE, TRUE, TRUE);
IoSkipCurrentIrpStackLocation(pIrp);
}
if (DeviceType == NET_DEVICE_TYPE_TCP)
{
*status = IoCallDriver(pTcpDeviceOriginal, pIrp);
}
else if (DeviceType == NET_DEVICE_TYPE_UDP)
{
*status = IoCallDriver(pUdpDeviceOriginal, pIrp);
}
else if (DeviceType == NET_DEVICE_TYPE_IP)
{
*status = IoCallDriver(pIpDeviceOriginal, pIrp);
}
else
{
LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("TDIDispatch: Unknown device type\n"));
}
HOOK_TDI_EXIT(TRUE);
}
NTSTATUS
TDICreateAddressCompletion(IN PDEVICE_OBJECT DeviceObject, IN PIRP pIrp, IN PVOID Context)
{
return STATUS_SUCCESS;
}
NTSTATUS
TDICreate(IN PDEVICE_OBJECT pDeviceObject, IN PIRP pIrp, IN PIO_STACK_LOCATION pIrpStack, OUT PTDI_CALLBACK pCompletion)
{
FILE_FULL_EA_INFORMATION *ea = (FILE_FULL_EA_INFORMATION *) pIrp->AssociatedIrp.SystemBuffer;
HOOK_ROUTINE_ENTER();
LOG(LOG_SS_NETWORK, LOG_PRIORITY_VERBOSE, ("TDICreate(%x %x %x)\n", pIrp, pIrpStack, ea));
/*
* From DDK (TdiDispatchCreate):
*
* Irp->AssociatedIrp.SystemBuffer
*
* Pointer to a FILE_FULL_EA_INFORMATION-structured buffer if the file object represents an address or a
* connection endpoint to be opened.
* For an address, the EaName member is set to the system-defined constant TdiTransportAddress and the EA value
* following the EaName array is of type TRANSPORT_ADDRESS, set up by the client to specify the address to be
* opened. For some transports, this value can be a symbolic netBIOS or DNS name to be translated by the transport.
*
* For a connection endpoint, the EaName member is set to the system-defined constant TdiConnectionContext and
* the EA value following the EaName array is a client-supplied handle, opaque to the transport driver. The
* transport must save this handle and subsequently pass it back to the client's registered event handlers for
* this connection.
*
* If the given file object represents a control channel, this member is NULL.
*/
if (ea == NULL)
{
LOG(LOG_SS_NETWORK, LOG_PRIORITY_VERBOSE, ("TDICreate: Control channel\n"));
HOOK_ROUTINE_EXIT(STATUS_SUCCESS);
}
if (! MmIsAddressValid(ea) || ea->EaName == NULL || ! MmIsAddressValid(ea->EaName))
{
LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("TDICreate: MmIsAddressValid() failed\n"));
HOOK_ROUTINE_EXIT(STATUS_SUCCESS);
}
if (ea->EaNameLength == TDI_CONNECTION_CONTEXT_LENGTH &&
memcmp(ea->EaName, TdiConnectionContext, TDI_CONNECTION_CONTEXT_LENGTH) == 0)
{
CONNECTION_CONTEXT conn_ctx = *(CONNECTION_CONTEXT *) (ea->EaName + ea->EaNameLength + 1);
if (conn_ctx)
LOG(LOG_SS_NETWORK, LOG_PRIORITY_VERBOSE, ("TDI Connection object 0x%x %x\n", conn_ctx, * (PULONG) conn_ctx));
HOOK_ROUTINE_EXIT(STATUS_SUCCESS);
}
// NOTE: for RawIp you can extract protocol number from irps->FileObject->FileName
if (ea->EaNameLength == TDI_TRANSPORT_ADDRESS_LENGTH &&
memcmp(ea->EaName, TdiTransportAddress, TDI_TRANSPORT_ADDRESS_LENGTH) == 0)
{
PTRANSPORT_ADDRESS pTransportAddress;
PTA_ADDRESS pAddress;
PIRP QueryIrp;
int i;
pTransportAddress = (PTRANSPORT_ADDRESS) (ea->EaName + ea->EaNameLength + 1);
pAddress = pTransportAddress->Address;
LOG(LOG_SS_NETWORK, LOG_PRIORITY_VERBOSE, ("TDICreate: TDI Address object. Num %d\n", pTransportAddress->TAAddressCount));
for (i = 0; i < pTransportAddress->TAAddressCount; i++)
{
LOG(LOG_SS_NETWORK, LOG_PRIORITY_VERBOSE, ("TDICreate: TDI Address %d: %x %x\n", i, pAddress->AddressLength, pAddress->AddressType));
if (pAddress->AddressType == TDI_ADDRESS_TYPE_IP)
{
PTDI_ADDRESS_IP ip = (PTDI_ADDRESS_IP) &pAddress->Address;
CHAR NETWORKNAME[MAX_PATH];
PCHAR FunctionName = "TDICreate";
if (ip->sin_port != 0)
{
LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("%d TDICreate: Bind IP %x:%u (%s)\n", (ULONG) PsGetCurrentProcessId(), ntohl(ip->in_addr), ntohs(ip->sin_port), inet_ntoa2(ip->in_addr)));
itoa( ntohs(ip->sin_port), NETWORKNAME, 10 );
//inet_ntoa(ip->in_addr, NETWORKNAME);
if (LearningMode == FALSE)
{
POLICY_CHECK_OPTYPE_NAME(NETWORK, OP_BIND);
}
else
{
// learning mode
AddRule(RULE_NETWORK, NETWORKNAME, OP_BIND);
}
}
else
{
LOG(LOG_SS_NETWORK, LOG_PRIORITY_VERBOSE, ("%d TDICreate: IP & port are both zero\n", (ULONG) PsGetCurrentProcessId()));
}
}
else
{
//XXX fail if only IP network addresses are allowed.
}
pAddress += 1;
}
//XXX reread WDM ch 5.3 "COmpleting I/O requests"
/*
QueryIrp = TdiBuildInternalDeviceControlIrp(TDI_QUERY_INFORMATION, pDeviceObject,
pIrpStack->FileObject, NULL, NULL);
if (QueryIrp == NULL)
{
LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("TDICreate: QueryIrp is NULL\n"));
return FALSE;
}
pCompletion->Routine = TDICreateAddressCompletion;
pCompletion->Context = QueryIrp;
*/
}
HOOK_ROUTINE_EXIT(STATUS_SUCCESS);
}
/*
* InstallNetworkHooks()
*
* Description:
* .
*
* NOTE: Called once during driver initialization (DriverEntry()).
* There is no need to cleanup in case a failure since RemoveNetworkHooks() will be called later.
*
* Parameters:
* pDriverObject - pointer to a driver object that represents this driver.
*
* Returns:
* STATUS_SUCCESS to indicate success or an NTSTATUS error code if failed.
*/
NTSTATUS
InstallNetworkHooks(PDRIVER_OBJECT pDriverObject)
{
UNICODE_STRING Name;
NTSTATUS status;
status = IoCreateDevice(pDriverObject, 0, NULL, FILE_DEVICE_UNKNOWN, 0, TRUE, &pTcpDevice);
if (! NT_SUCCESS(status))
{
LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("InstallNetworkHooks: IoCreateDevice(tcp) failed\n"));
return status;
}
status = IoCreateDevice(pDriverObject, 0, NULL, FILE_DEVICE_UNKNOWN, 0, TRUE, &pUdpDevice);
if (! NT_SUCCESS(status))
{
LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("InstallNetworkHooks: IoCreateDevice(udp) failed\n"));
return status;
}
status = IoCreateDevice(pDriverObject, 0, NULL, FILE_DEVICE_UNKNOWN, 0, TRUE, &pIpDevice);
if (! NT_SUCCESS(status))
{
LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("InstallNetworkHooks: IoCreateDevice(udp) failed\n"));
return status;
}
RtlInitUnicodeString(&Name, L"\\Device\\Tcp");
status = IoAttachDevice(pTcpDevice, &Name, &pTcpDeviceOriginal);
if (! NT_SUCCESS(status))
{
LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("InstallNetworkHooks: IoAttachDevice(\\Device\\Tcp) failed\n"));
return status;
}
RtlInitUnicodeString(&Name, L"\\Device\\Udp");
status = IoAttachDevice(pUdpDevice, &Name, &pUdpDeviceOriginal);
if (! NT_SUCCESS(status))
{
LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("InstallNetworkHooks: IoAttachDevice(\\Device\\Udp) failed\n"));
return status;
}
RtlInitUnicodeString(&Name, L"\\Device\\Ip");
status = IoAttachDevice(pIpDevice, &Name, &pIpDeviceOriginal);
if (! NT_SUCCESS(status))
{
LOG(LOG_SS_NETWORK, LOG_PRIORITY_DEBUG, ("InstallNetworkHooks: IoAttachDevice(\\Device\\Ip) failed\n"));
return status;
}
pTcpDevice->StackSize = pTcpDeviceOriginal->StackSize + 1;
// XXX Flags &= ~DO_DEVICE_INITIALIZING;
pTcpDevice->Flags |= pTcpDeviceOriginal->Flags & (DO_BUFFERED_IO | DO_DIRECT_IO | DO_POWER_PAGABLE | DO_POWER_INRUSH) & ~DO_DEVICE_INITIALIZING;
pTcpDevice->DeviceType = pTcpDeviceOriginal->DeviceType;
pTcpDevice->Characteristics = pTcpDeviceOriginal->Characteristics;
pUdpDevice->StackSize = pUdpDeviceOriginal->StackSize + 1;
pUdpDevice->Flags |= pUdpDeviceOriginal->Flags & (DO_BUFFERED_IO | DO_DIRECT_IO | DO_POWER_PAGABLE | DO_POWER_INRUSH) & ~DO_DEVICE_INITIALIZING;
pUdpDevice->DeviceType = pUdpDeviceOriginal->DeviceType;
pUdpDevice->Characteristics = pUdpDeviceOriginal->Characteristics;
pIpDevice->StackSize = pIpDeviceOriginal->StackSize + 1;
pIpDevice->Flags |= pIpDeviceOriginal->Flags & (DO_BUFFERED_IO | DO_DIRECT_IO | DO_POWER_PAGABLE | DO_POWER_INRUSH) & ~DO_DEVICE_INITIALIZING;
pIpDevice->DeviceType = pIpDeviceOriginal->DeviceType;
pIpDevice->Characteristics = pIpDeviceOriginal->Characteristics;
return STATUS_SUCCESS;
}
/*
* RemoveNetworkHooks()
*
* Description:
* Detach from all network devices.
*
* Parameters:
* pDriverObject - pointer to a driver object that represents this driver.
*
* Returns:
* Nothing.
*/
void
RemoveNetworkHooks(PDRIVER_OBJECT pDriverObject)
{
// int i;
//XXX is this necessary? we detach so we should not receive any network IRPs
// if (pDriverObject && pTcpDevice && pTcpDeviceOriginal)
// for (i = 0; i < IRP_MJ_MAXIMUM_FUNCTION; i++)
// pDriverObject->MajorFunction[i] = pTcpDeviceOriginal->DriverObject->MajorFunction[i];
if (pTcpDeviceOriginal != NULL)
IoDetachDevice(pTcpDeviceOriginal);
if (pUdpDeviceOriginal != NULL)
IoDetachDevice(pUdpDeviceOriginal);
if (pIpDeviceOriginal != NULL)
IoDetachDevice(pIpDeviceOriginal);
if (pTcpDevice != NULL)
IoDeleteDevice(pTcpDevice);
if (pUdpDevice != NULL)
IoDeleteDevice(pUdpDevice);
if (pIpDevice != NULL)
IoDeleteDevice(pIpDevice);
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -