|
阅读:1693回复:3
tdi层,进程问题?
Tcp/Udp进程都有TdiTransportAddress,即ea!=NULL。ping.exe(icmp)没有,该如何过滤此进程?
|
|
|
沙发#
发布于:2007-06-23 01:52
TDI能过滤应用层Send出去的ICMP,无法过滤接收到的ICMP。。。不是很记得了。拿TDI来拦截ICMP,是笨笨行为
|
|
|
|
板凳#
发布于:2007-06-19 14:42
#define BASE_PROCESS_PEB_OFFSET 0x01B0
#define BASE_PEB_PROCESS_PARAMETER_OFFSET 0x0010 #define BASE_PROCESS_PARAMETER_FULL_IMAGE_NAME 0x003C #define BASE_PROCESS_NAME_OFFSET 0x01FC #define PS_SUCCESS 0 #define PS_BUFFER_SO_SMALL -1 #define PS_INVALID_PARAMETER -2 #define PS_SYSTEM_PROCESS 100 #define PS_USER_PROCESS 101 INT GetProcessFileName(char* buf, DWORD nSize, BOOL IsOnlyName) { PCWSTR pFullName = NULL; int i, j; if(buf == 0 || nSize == 0) return PS_INVALID_PARAMETER; if((!IsOnlyName && nSize < MAX_PATH) || nSize < 16) return PS_BUFFER_SO_SMALL; // not get full path name { char* pName = PsGetProcessName(); if(pName == NULL) strcpy(buf, "SYSTEM"); else strcpy(buf, pName); return PS_SYSTEM_PROCESS; } if(IsOnlyName) { char* pName = PsGetProcessName(); if(pName == NULL) strcpy(buf, "SYSTEM"); else strcpy(buf, pName); return PS_SYSTEM_PROCESS; } pFullName = PsGetModuleFileNameW(); if(pFullName == NULL) { char* pName = PsGetProcessName(); if(pName == NULL) strcpy(buf, "SYSTEM"); else strcpy(buf, pName); return PS_SYSTEM_PROCESS; } else { UNICODE_STRING usFileName; ANSI_STRING asFileName; RtlInitUnicodeString(&usFileName, pFullName); asFileName.Length = 0; asFileName.MaximumLength = MAX_PATH; asFileName.Buffer = buf; RtlUnicodeStringToAnsiString(&asFileName, &usFileName, FALSE); } return PS_USER_PROCESS; } char* PsGetProcessName() { char* pImageName = (char*)PsGetCurrentProcess(); if(pImageName == NULL || pImageName == (char*)0xFFFFFFFF) return NULL; pImageName += BASE_PROCESS_NAME_OFFSET; return pImageName; } TCP/UDP数据包发送时都经过:TDI_SEND(_DATAGRAM)处理,但ICMP数据包发送时不知道经过哪个IOCTL命令字,望牛人指点。 |
|
|
地板#
发布于:2007-06-18 17:28
试试Send的时候,那时也在PASSIVE_LEVEL
楼上用什么方法取进程名?最近也在弄TDI,莫名其妙得蓝屏中,郁闷 |
|
