|
阅读:2891回复:33
driver and application communication again! HELP!!!
Webmasters and everybody, If anyone of you can help me, I will appreciate very much. Boss want me to write the NDIS IM driver, but I have no experience before at all. Really frustrated :(
我现要用ndis im 来作VPN,想在APPLICATION 里得到PACKET,MS PACKET 例子很好,但我用PCAUSA与它有所不同。想在TCPIP_TransferDataCompleteHandler 里得到PACKET,COPY到IRP->ASSOCIATEDIRP。SYSTEMBUFFER, 由於该函数无IRP参数, 故不知如何实现。若那位有小例子,请发给我作参考。不胜感激! |
|
|
沙发#
发布于:2002-08-12 21:31
code is below, please help me check where is the problem. Thanks a lot in advance!
//*********************************************************************************** // Name: TCPIP_TransferDataCompleteHandler // // Routine Description: Hook for TCPIP TransferDataCompleteHandler // // NOTE: None //*********************************************************************************** VOID TCPIP_TransferDataCompleteHandler ( NDIS_HANDLE ProtocolBindingContext, PNDIS_PACKET Packet, NDIS_STATUS Status, UINT BytesTransferred ) { PPROTOCOL_ENTRY pProto; PADAPTER_ENTRY pAdapter; PNDISHK_PACKET pHKPacket; PINTERMEDIATE_BUFFER pBuffer; PLIST_ENTRY pLink; PNDIS_BUFFER pResidualBuffer; ////////////////////////////////////////////// // by me POPEN_INSTANCE open; PIO_STACK_LOCATION irpSp; PIRP irp; PMDL pMdl; PUCHAR buff; ULONG sizeToTransfer; UINT bytesTransfered = 0; ULONG bufferLength; PNDIS_PACKET pPacket; NDIS_STATUS status; char test[MAX_ETHER_SIZE]; int i; open = (POPEN_INSTANCE)ProtocolBindingContext; irp = RESERVED(Packet)->Irp; irpSp = IoGetCurrentIrpStackLocation(irp); // pMdl = RESERVED(Packet)->pMdl; buff = ( PUCHAR ) irp -> AssociatedIrp.SystemBuffer; // // This is the length of our partial MDL // // bufferLength=irpSp->Parameters.Read.Length;//-ETHERNET_HEADER_LENGTH; DbgPrint ( \"buffer length = %d...\\n\", strlen(buff) ); // UF_ReadOnPacket( Packet, buff, MAX_ETHER_SIZE, 0, MAX_ETHER_SIZE ); // RtlCopyMemory( buff, Packet, sizeof(PNDIS_PACKET->Private)); //////////////////////////////////////////////////// DbgPrint ( \"TCPIP_TransferDataCompleteHandler\\n\" ); // Locate adapter and protocol entryes pAdapter = MF_FindAdapterByBindingContext ( ProtocolBindingContext, &pProto ); if( pAdapter ) { if ( !IsListEmpty ( &pAdapter -> m_PendingTransfertData ) ) { // We did calls to TransferDataHandler or directly to this handler // Find assiciated pending tranfert data call pLink = pAdapter -> m_PendingTransfertData.Flink; while ( pLink != &pAdapter -> m_PendingTransfertData ) { pHKPacket = CONTAINING_RECORD ( pLink, NDISHK_PACKET, m_Reserved.m_qLink ); if ( (PNDIS_PACKET) pHKPacket == Packet) { // It is our packet and we should process it if (pHKPacket -> m_Reserved.m_nTransferDataStatus != NDIS_STATUS_SUCCESS) { // If an error occured during transfer free associated resources NdisAcquireSpinLock ( &pAdapter->m_PendingTransfertLock ); RemoveEntryList ( &pHKPacket->m_Reserved.m_qLink ); NdisReleaseSpinLock ( &pAdapter->m_PendingTransfertLock ); UF_FreePacketAndBuffers ( pHKPacket ); return; } // // Packet processing // // Allocate intermediate buffer to save packet pBuffer = IB_AllocateIntermediateBuffer (); // If buffer succesfully allocated process packet if (pBuffer) { // Reorder buffers in packet (call to transfer data // copys remain of data to the first buffer, but the beggining // of the packet is in the second) NdisUnchainBufferAtFront(Packet, &pResidualBuffer); NdisChainBufferAtBack (Packet, pResidualBuffer); // Copy packet content into intermediate buffer UF_ReadOnPacket ( Packet, (PUCHAR)pBuffer->m_IBuffer, MAX_ETHER_SIZE, 0, &pBuffer->m_Length ); //////////////////////////////////////////////// // dump packet DbgPrint (\"\\nTransferDataCompleteHandler:\\n\"); DbgPrint (\"-----MACS: DEST %.2X%.2X%.2X%.2X%.2X%.2X SOURCE: %.2X%.2X%.2X%.2X%.2X%.2X\\n\", pBuffer->m_IBuffer[0], pBuffer->m_IBuffer[1], pBuffer->m_IBuffer[2], pBuffer->m_IBuffer[3], pBuffer->m_IBuffer[4], pBuffer->m_IBuffer[5], pBuffer->m_IBuffer[6], pBuffer->m_IBuffer[7], pBuffer->m_IBuffer[8], pBuffer->m_IBuffer[9], pBuffer->m_IBuffer[10], pBuffer->m_IBuffer[11] ); // DbgPrint (\"\\nPacket is: \"); /* for ( i = 0; i<MAX_ETHER_SIZE; i++) DbgPrint (\"%x\", pBuffer->m_IBuffer ); DbgPrint(\"\\n\"); */ NdisZeroMemory(buff, MAX_ETHER_SIZE); RtlCopyMemory(buff, pBuffer->m_IBuffer, MAX_ETHER_SIZE); /// <-- Problem arise here, (blue screen) /* for ( i = 0; i<MAX_ETHER_SIZE; i++) DbgPrint (\"%x\", data ); DbgPrint(\"\\n\"); /// */ /////////////////////////////////////////////////////////////// // Call filter function for this packet, there you can modify, // drop or resend data to protocol FLT_FilterReceivedPacket ( &pAdapter->m_OpenBlock, pBuffer ); } // Free resources associated with packet NdisAcquireSpinLock ( &pAdapter->m_PendingTransfertLock ); RemoveEntryList ( &pHKPacket->m_Reserved.m_qLink ); NdisReleaseSpinLock ( &pAdapter->m_PendingTransfertLock ); UF_FreePacketAndBuffers ( pHKPacket ); return; } pLink = pLink -> Flink; } return; } // Call old handler for TransferDataComplete pProto -> m_Chars.TransferDataCompleteHandler ( ProtocolBindingContext, Packet, Status, BytesTransferred ); } } |
|
|
板凳#
发布于:2002-08-12 22:00
你是在98下做的么?
|
|
|
|
地板#
发布于:2002-08-12 22:04
win2000, later 98/mexp, now just test 2000
|
|
|
地下室#
发布于:2002-08-12 22:50
This is the debug information from winDbg:
=========================================================== kd> !analyze -v ******************************************************************************* * * * Bugcheck Analysis * * * ******************************************************************************* DRIVER_IRQL_NOT_LESS_OR_EQUAL (d1) An attempt was made to access a pagable (or completely invalid) address at an interrupt request level (IRQL) that is too high. This is usually caused by drivers using improper addresses. If kernel debugger is available get stack backtrace. Arguments: Arg1: 3f3f3f47, memory referenced Arg2: 00000002, IRQL Arg3: 00000000, value 0 = read operation, 1 = write operation Arg4: feef9c7e, address which referenced memory Debugging Details: ------------------ READ_ADDRESS: 3f3f3f47 CURRENT_IRQL: 2 FAULTING_IP: NDIS!NdisGetReceivedPacket+9 feef9c7e 8b4808 mov ecx,[eax+0x8] DEFAULT_BUCKET_ID: DRIVER_FAULT BUGCHECK_STR: 0xD1 LAST_CONTROL_TRANSFER: from 8042bcb9 to 80452e70 STACK_TEXT: fc81f390 8042bcb9 00000003 fc81f3d8 3f3f3f47 nt!RtlpBreakWithStatusInstruction fc81f3c0 8042c068 00000003 3f3f3f47 feef9c7e nt!KiBugCheckDebugBreak+0x31 fc81f748 80464b1f 00000000 3f3f3f47 00000002 nt!KeBugCheckEx+0x37b fc81f748 feef9c7e 00000000 3f3f3f47 00000002 nt!KiTrap0E+0x27c fc81f7dc fed96560 3f3f3f3f ff0e43c6 ff0e49a2 NDIS!NdisGetReceivedPacket+0x9 fc81f7f0 fc69b319 ff019b88 ff0e43c6 ff0e43b8 tcpip!ARPRcv+0x1c fc81f830 fc69a855 ff019a18 ff0e43b8 0000005c ndishk!UF_SendPacketToProtocol+0x79 [C:\\NDISPIM\\BASE\\NTPIMEB\\send.c @ 186] fc81f854 fc699a6f ff019a18 ff0e43a8 ffb6c450 ndishk!FLT_FilterReceivedPacket+0xea [C:\\NDISPIM\\BASE\\NTPIMEB\\proc.c @ 240] fc81feb0 fc699fb5 ff019b88 ffb6c3a8 00000000 ndishk!TCPIP_TransferDataCompleteHandler+0x2f7 [C:\\NDISPIM\\BASE\\NTPIMEB\\mstcpip.c @ 720] fc81ff0c fef02008 ff019b88 ff074fa8 ffb95000 ndishk!TCPIP_ReceiveHandler+0x485 [C:\\NDISPIM\\BASE\\NTPIMEB\\mstcpip.c @ 1102] fc81ff78 fc720bc4 ff092101 ff0778c4 00000001 NDIS!ethFilterDprIndicateReceivePacket+0x312 fc81ffc4 feeec28f ff076237 0b15a330 00000000 pcntn5m!LanceHandleInterrupt+0x41c fc81ffe0 80460bd4 ff0773d0 ff0773bc 00000000 NDIS!ndisMDpc+0xc8 fc81fff4 80403a82 fc81b444 00000000 00000000 nt!KiRetireDpcList+0x30 FOLLOWUP_IP: tcpip!ARPRcv+1c fed96560 894508 mov [ebp+0x8],eax FOLLOWUP_NAME: MachineOwner SYMBOL_NAME: tcpip!ARPRcv+1c MODULE_NAME: tcpip IMAGE_NAME: tcpip.sys DEBUG_FLR_IMAGE_TIMESTAMP: 38437f02 STACK_COMMAND: kb BUCKET_ID: 0xD1_tcpip!ARPRcv+1c Followup: MachineOwner --------- |
|
|
5楼#
发布于:2002-08-13 01:41
I find out this routine is at DISPATCH_LEVEL, but RtlCopyMemory and NdisZeroMemory must be used at < DISPATCH_LEVEL for paged memory.
I am not familiar with the paged and non-paged memory, is there anyway I can change to non-paged memory or to decrease the IRQL level? Please help! THANKS!!! 20 is the best I can offer for now. :( |
|
|
6楼#
发布于:2002-08-14 21:52
Looks like this is help-yourself-forum :). WHere are all you gurus? Can I get some help?
|
|
|
7楼#
发布于:2002-08-15 19:36
用IM 做VPN?怎么做啊?
|
|
|
8楼#
发布于:2002-08-15 21:39
An application will do the vpn stuff. It will get the packet to encrypt and decrypt through the IM driver. Anyway, We decide to let the PCAUSA guy to work on it :)
|
|
|
9楼#
发布于:2002-08-18 01:02
我有两个地方不懂。
1。你的弗罗里达英语我看的有困难。我只会一点chinese-english 2。你的问题是什么我不懂。不清楚你要干什么,和哪里干不出来了。 [编辑 - 8/18/02 by moqingsong] |
|
|
|
10楼#
发布于:2002-08-19 21:39
帮主见笑了。。。
我们用PCAUSA 作VPN。想从DRIVER里得到PACKET,送到WIN32里进行加密/解密,再送回DRIVER。 现在我的问题是不能把PACKET拷到IRP->ASSOCIATEDIRP->SYSTEMBUFFER。如前所述,最先得到PACKET是在VOID TCPIP_TransferDataCompleteHandler ( NDIS_HANDLE ProtocolBindingContext, PNDIS_PACKET Packet, NDIS_STATUS Status, UINT BytesTransferred ) 里。我用了一个全局变量, 在这个函数里将PACKET内容COPY到该全局变量, NdisMoveMappedMemory(data1, pBuffer->m_IBuffer, MAX_ETHER_SIZE); 但在另一处将该变量打印, 发现两处内容不符。不知是否在DRIVER里不能用这种方法。 不怕您笑话,为了从DRIVER里得到PACKET,已耗了一个多月。:( 每次问PCAUSA的那个托马斯,总是让我看书,参加培训班,急死我了!!! 先行谢过!分数不是问题 :) ZYH |
|
|
11楼#
发布于:2002-08-19 22:46
说句实话,我还真没有见过这么苯的vpn实现:-)。
每个数据包都要经过你这么一番核心到应用层切换, 如果用加密卡的话,那么每个数据包都需要上下切换 2次。你打算让cpu不干别的了? 帮主见笑了。。。 |
|
|
|
12楼#
发布于:2002-08-19 23:10
胡大哥, 领导的意思, 不做不行呀! :(
原本我是做GUI,本想搀和到底层学点东西,谁知拔不出来了。能给点指点吗? 谢谢!!! ZYH |
|
|
13楼#
发布于:2002-08-19 23:50
Also, we pass back and forth only those packets of interests, for other packets we just let them through.
|
|
|
14楼#
发布于:2002-08-20 03:51
现在变量值好像对了。但我在WIN32里调用READFILE,在DRIVER里总也不能调用NRNDISREAD函数(Dispatch routine for IRP_MJ_READ),我在DeviceInit里已钩挂了
DriverObject->MajorFunction [ IRP_MJ_READ ] = NdishkRead; 能给个提示吗? |
|
|
15楼#
发布于:2002-08-20 03:55
WIN32里的函数如下:
void CPIMApi::GetPacket() { unsigned char v[1515]; unsigned char t[1515]; ULONG cbBytesRet =0; OVERLAPPED overlapped; memset(v, 0, 1515*sizeof(unsigned char)); memset(t, 0, 1515*sizeof(unsigned char)); memset(&overlapped, 0, sizeof(OVERLAPPED)); overlapped.hEvent = CreateEvent( NULL, // pointer to security attributes FALSE, // automatic reset FALSE, // initialize to not signaled NULL ); // pointer to the event-object name ReadFile( m_hDrv, t, 1515*sizeof(unsigned char), &cbBytesRet, &overlapped); printf(\"Test value is %x%x%x%x%x%x%x%x%x%x%x \\n\", t[0], t[1],t[2],t[3],t[4],t[5],t[6],t[7],t[8],t[9]); } [编辑 - 8/20/02 by zyhflorida] |
|
|
16楼#
发布于:2002-08-20 06:38
感谢各位斑竹,终於在下班前在WIN32理得到PACKET。用的是DEVICEIOCONTROL。
|
|
|
17楼#
发布于:2002-08-20 09:24
帮主见笑了。。。 你们买的托马斯同志的源码? 这同志的售后服务也太差了! :cool: |
|
|
|
18楼#
发布于:2002-08-20 09:40
I think he is not a nice guy, We paid him 1000 bucks. :(
Now two more questions: 1. I want the driver to trigger the pass of packets to the application. But the Control Code is passed from Application to Driver, how can I trigger the driver when new packets comes in? In other postings I saw event or timer can do this, can anyone of you give me a more detailed idea? 2. In DeviceIoControl there is a Overlapped struct, if it\'s not null, the IO should be asynchronous. Can you give me some idea what how this struct functions? Thanks Lao Mo and Lao Hu, please excuse me for my florida English since I don\'t have a Chinese word processer on this machine. :( zyh |
|
|
19楼#
发布于:2002-08-20 10:04
到微软下载一个输入法软件很容易的啦。 :)
第一个问题,去看huyuguang 同志的文章 在这里: http://www.driverdevelop.com/read.php?t=A&id=107 这同志好几年前写的。我们大家都向他学到了不少东西。 第2个问题,你可以试着看一下oney的书。 |
|
|
上一页
下一页