TDI驱动开发中遇到的问题，高分奉送！

在开发TDI驱动的过程中遇到这样的问题：我不能够抓到HTTP的请求数据包（即其他机器对本机网页请求的数据包 GET./.HTTP ....），但是请求返回的数据包可以在我能够在TdiReceiveEventHandler中截获到。
在下面几个函数中都不能抓到：
TdiReceiveOnEvent
TdiChainedReceiveEventHandler
TdiReceive

不知道这种数据包应该在什么函数中截获。

TdiReceive里面没有？

这里来找吧：）

struct TDIDispatchTable {
    TDI_STATUS    (*TdiOpenAddressEntry)(PTDI_REQUEST, PTRANSPORT_ADDRESS, uint,
                PVOID);
    TDI_STATUS    (*TdiCloseAddressEntry)(PTDI_REQUEST);
    TDI_STATUS    (*TdiOpenConnectionEntry)(PTDI_REQUEST, PVOID);
    TDI_STATUS    (*TdiCloseConnectionEntry)(PTDI_REQUEST);
    TDI_STATUS    (*TdiAssociateAddressEntry)(PTDI_REQUEST, HANDLE);
    TDI_STATUS    (*TdiDisAssociateAddressEntry)(PTDI_REQUEST);
    TDI_STATUS    (*TdiConnectEntry)(PTDI_REQUEST, PVOID,
                PTDI_CONNECTION_INFORMATION,
                PTDI_CONNECTION_INFORMATION);
    TDI_STATUS    (*TdiDisconnectEntry)(PTDI_REQUEST, PVOID, ushort,
                PTDI_CONNECTION_INFORMATION,
                PTDI_CONNECTION_INFORMATION);
    TDI_STATUS    (*TdiListenEntry)(PTDI_REQUEST, ushort,
                PTDI_CONNECTION_INFORMATION,
                PTDI_CONNECTION_INFORMATION);
    TDI_STATUS    (*TdiAcceptEntry)(PTDI_REQUEST, PTDI_CONNECTION_INFORMATION,
                PTDI_CONNECTION_INFORMATION);
    TDI_STATUS    (*TdiReceiveEntry)(PTDI_REQUEST, ushort *, uint *, PNDIS_BUFFER);
    TDI_STATUS    (*TdiSendEntry)(PTDI_REQUEST, ushort, uint, PNDIS_BUFFER);
    TDI_STATUS    (*TdiSendDatagramEntry)(PTDI_REQUEST,
                PTDI_CONNECTION_INFORMATION,
                uint, uint *, PNDIS_BUFFER);
    TDI_STATUS    (*TdiReceiveDatagramEntry)(PTDI_REQUEST,
                PTDI_CONNECTION_INFORMATION,
                PTDI_CONNECTION_INFORMATION, uint, uint *, PNDIS_BUFFER);
    TDI_STATUS    (*TdiSetEventEntry)(PVOID, int, PVOID, PVOID);
    TDI_STATUS    (*TdiQueryInformationEntry)(PTDI_REQUEST, uint,
                PNDIS_BUFFER, uint *, uint);
    TDI_STATUS    (*TdiSetInformationEntry)(PTDI_REQUEST, uint,
                PNDIS_BUFFER, uint, uint);
    TDI_STATUS    (*TdiActionEntry)(PTDI_REQUEST, uint,
                PNDIS_BUFFER, uint);
    TDI_STATUS    (*TdiQueryInformationExEntry)(PTDI_REQUEST,
                struct TDIObjectID *, PNDIS_BUFFER, uint *, void *);
    TDI_STATUS    (*TdiSetInformationExEntry)(PTDI_REQUEST,
                struct TDIObjectID *, void *, uint);
};
typedef struct TDIDispatchTable TDIDispatchTable;

tdi只关心数据，而不关心什么类型的包（ftp？http？）。
考虑一下的你自己的判断包类型的方式是否有问题？


 :o

98还是2000下啊？

98还是2000下啊？

2000下

看你的题目，好像是你将TDI装在有HTTP Server的机器上，想监视一下？
那么你要拦截TDI_SET_EVENT_HANDLER里面的一些时间，比如
TDI_EVENT_CONNECT
TDI_EVENT_RECEIVE等等。

我写过的一个TDI可以在
TdiReceiveOnEvent
TdiChainedReceiveEventHandler
TdiReceiveComplete
中得到(GET./.HTTP ....)等信息

看你的题目，好像是你将TDI装在有HTTP Server的机器上，想监视一下？
那么你要拦截TDI_SET_EVENT_HANDLER里面的一些时间，比如
TDI_EVENT_CONNECT
TDI_EVENT_RECEIVE等等。

这些事件我都拦截了但是仍然不能的到请求包！郁闷啊

我写过的一个TDI可以在
TdiReceiveOnEvent
TdiChainedReceiveEventHandler
TdiReceiveComplete
中得到(GET./.HTTP ....)等信息

那么你是在哪个时间中得到get包的，能确切一点吗，高分奉送啊
！谢谢

我的源程序在此，请帮帮忙啊

NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath)
{

    PDEVICE_OBJECT deviceObject= NULL;
PDEVICE_OBJECT TargetDevice;
PDEVICE_OBJECT LowerDeviceObj;

    NTSTATUS ntStatus;

UNICODE_STRING TargetName;
    UNICODE_STRING DeviceName;

    PDEVICE_EXTENSION deviceExtension;
PDRIVER_DISPATCH EmptyDispatchValue;
PFILE_OBJECT TargetFileObj;
PDRIVER_OBJECT TargetDriverObj;
int i;

    dprintf(\"idn_cmet.SYS: entering DriverEntry\\n\");

    //
    // A real driver would:
    //
    //     1. Report it\'s resources (IoReportResourceUsage)
    //
    //     2. Attempt to locate the device(s) it supports

EmptyDispatchValue=DriverObject->MajorFunction[IRP_MJ_CREATE];
//
    // OK, we\'ve claimed our resources & found our h/w, so create
    // a device and initialize stuff...
    //

    RtlInitUnicodeString(&TargetName, TARGET_NAME);
    ntStatus = IoGetDeviceObjectPointer(&TargetName,
FILE_ALL_ACCESS,
&TargetFileObj,
&TargetDevice);
    if (! NT_SUCCESS(ntStatus))
{
ObDereferenceObject(TargetDevice);
TargetDevice=NULL;
TargetFileObj=NULL;
return ntStatus;
}


RtlInitUnicodeString(&DeviceName, DEVICE_NAME);
ntStatus = IoCreateDevice(DriverObject,
sizeof(DEVICE_EXTENSION),
&DeviceName,
TargetDevice->DeviceType,
TargetDevice->Characteristics,
FALSE,
&deviceObject);
if (! NT_SUCCESS(ntStatus))
{
ObDereferenceObject(TargetDevice);
TargetDevice=NULL;
TargetFileObj=NULL;
return ntStatus;
}


LowerDeviceObj=IoAttachDeviceToDeviceStack(deviceObject,TargetDevice);
if (! LowerDeviceObj)
{
ObDereferenceObject(TargetDevice);
IoDeleteDevice(deviceObject);
TargetDevice=NULL;
TargetFileObj=NULL;
return ntStatus;
}



deviceExtension = (PDEVICE_EXTENSION)deviceObject->DeviceExtension;
deviceExtension->DeviceObject=deviceObject;
deviceExtension->TargetDevice=TargetDevice;
deviceExtension->TargetFileObject=TargetFileObj;
deviceExtension->LowerDeviceObject=LowerDeviceObj;
deviceObject->Flags|=(TargetDevice->Flags&(DO_BUFFERED_IO|DO_DIRECT_IO));
TargetDriverObj=TargetDevice->DriverObject;
for (i=0; i<=IRP_MJ_MAXIMUM_FUNCTION; i++)
{
DriverObject->MajorFunction=MajorDeviceDispatch;
}
DriverObject->MajorFunction[IRP_MJ_INTERNAL_DEVICE_CONTROL]=InternalDispatch;
DriverObject->DriverUnload = DrvUnload;

    return ntStatus;
}


/*++

Routine Description:

    Process the IRPs sent to this device.

Arguments:

    DeviceObject - pointer to a device object

    Irp          - pointer to an I/O Request Packet

Return Value:


--*/
NTSTATUS MajorDeviceDispatch(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp)
{

    return (DispatchPassThrough(DeviceObject,Irp));
}

NTSTATUS DispatchPassThrough(IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp)
{
PDEVICE_EXTENSION DeviceExtension;
PIO_STACK_LOCATION IrpStack;

DeviceExtension=(PDEVICE_EXTENSION)DeviceObject->DeviceExtension;
IrpStack=IoGetCurrentIrpStackLocation(Irp);
IoCopyCurrentIrpStackLocationToNext( Irp );
IoSetCompletionRoutine( Irp,
GenericCompletion,
DeviceExtension,
TRUE,
TRUE,
TRUE);
return IoCallDriver(DeviceExtension->TargetDevice,
Irp);
}

NTSTATUS GenericCompletion(IN PDEVICE_OBJECT DeviceObject,
  IN PIRP Irp,
  IN PVOID Context)
{
PDEVICE_EXTENSION DeviceExtension;
PDEVICE_OBJECT AssociateDeviceObject;

DeviceExtension=(PDEVICE_EXTENSION)(Context);

if (Irp->PendingReturned)
{
IoMarkIrpPending(Irp);
}
AssociateDeviceObject=DeviceExtension->DeviceObject;
if(AssociateDeviceObject!=DeviceObject)
{
dprintf(\"idn_cmet.sys:Invalid Device Object Pointer!\\n\");
return STATUS_SUCCESS;
}

return STATUS_SUCCESS;
}

NTSTATUS
InternalDispatch(
PDEVICE_OBJECT DeviceObject,
PIRP           Irp
)
{

    PIO_STACK_LOCATION  irpStack;
    PDEVICE_EXTENSION   DeviceExtension;
    PVOID               ioBuffer;
    ULONG               inputBufferLength;
    ULONG               outputBufferLength;
    ULONG MajorFunction,MinorFunction;
    
    Irp->IoStatus.Status      = STATUS_SUCCESS;
    Irp->IoStatus.Information = 0;


    //
    // Get a pointer to the current location in the Irp. This is where
    //     the function codes and parameters are located.
    //

    irpStack = IoGetCurrentIrpStackLocation(Irp);


    //
    // Get a pointer to the device extension
    //

    DeviceExtension = DeviceObject->DeviceExtension;

    //
    // Get the pointer to the input/output buffer and it\'s length
    //
MajorFunction=irpStack->MajorFunction;
MinorFunction=irpStack->MinorFunction;
    ioBuffer           = Irp->AssociatedIrp.SystemBuffer;
    inputBufferLength  = irpStack->Parameters.DeviceIoControl.InputBufferLength;
    outputBufferLength = irpStack->Parameters.DeviceIoControl.OutputBufferLength;
switch(MinorFunction)
{
case TDI_RECEIVE:
dprintf(\"idn_cmet.SYS: TDI_RECEIVE\\n\");
break;
case TDI_SEND:
dprintf(\"idn_cmet.SYS: TDI_SEND\\n\");
break;
case TDI_ASSOCIATE_ADDRESS:
dprintf(\"idn_cmet.SYS: TDI_ASSOCIATE_ADDRESS\\n\");
break;
case TDI_DISASSOCIATE_ADDRESS:
dprintf(\"idn_cmet.SYS: TDI_DISASSOCIATE_ADDRESS\\n\");
break;
case TDI_CONNECT:
dprintf(\"idn_cmet.SYS: TDI_QUERY_INFORMATION\\n\");
break;
case TDI_DISCONNECT:
dprintf(\"idn_cmet.SYS: TDI_CONNECT\\n\");
break;
case TDI_LISTEN:
dprintf(\"idn_cmet.SYS: TDI_LISTEN\\n\");
break;
case TDI_ACCEPT:
dprintf(\"idn_cmet.SYS: TDI_ACCEPT\\n\");
break;
case TDI_SET_EVENT_HANDLER:
dprintf(\"idn_cmet.SYS: TDI_SET_EVENT_HANDLER\\n\");
return SetEvent(DeviceExtension,Irp,irpStack);
case TDI_SEND_DATAGRAM:
dprintf(\"idn_cmet.SYS: TDI_SEND_DATAGRAM\\n\");
break;
case TDI_RECEIVE_DATAGRAM:
dprintf(\"idn_cmet.SYS: TDI_RECEIVE_DATAGRAM\\n\");
break;
case TDI_QUERY_INFORMATION:
dprintf(\"idn_cmet.SYS: TDI_QUERY_INFORMATION\\n\");
break;
case TDI_SET_INFORMATION:
dprintf(\"idn_cmet.SYS: TDI_SET_INFORMATION\\n\");
break;
case TDI_ACTION:
dprintf(\"idn_cmet.SYS: TDI_ACTION\\n\");
break;
default:
break;
}

    return (DispatchPassThrough(DeviceObject,Irp));
}

NTSTATUS
SetEvent(PDEVICE_EXTENSION DeviceExtension,
 PIRP Irp,
 PIO_STACK_LOCATION IrpStack
 )
{
PTDI_REQUEST_KERNEL_SET_EVENT RequestSrc,RequestDsc;
PDEVICE_OBJECT LowerDeviceObject=NULL;
PIO_STACK_LOCATION IrpNextStack;

LowerDeviceObject=DeviceExtension->LowerDeviceObject;

if(Irp->CurrentLocation==1)
{
Irp->IoStatus.Status=STATUS_INVALID_DEVICE_REQUEST;
Irp->IoStatus.Information=0;
IoCompleteRequest(Irp,IO_NO_INCREMENT);
return STATUS_INVALID_DEVICE_REQUEST;
}

IoCopyCurrentIrpStackLocationToNext(Irp);
RequestSrc=(PTDI_REQUEST_KERNEL_SET_EVENT)&IrpStack->Parameters;
IrpNextStack=IoGetNextIrpStackLocation(Irp);
RequestDsc=(PTDI_REQUEST_KERNEL_SET_EVENT)&IrpNextStack->Parameters;

IoSetCompletionRoutine(
Irp,
SetEventComplete,
DeviceExtension,
TRUE,
TRUE,
TRUE
);

switch(RequestSrc->EventType)
{
case TDI_EVENT_CONNECT:
dprintf(\"idn_cmet.SYS: TDI_EVENT_CONNECT\\n\");
break;
case TDI_EVENT_RECEIVE:
dprintf(\"idn_cmet.SYS: TDI_EVENT_RECEIVE\\n\");
break;
case TDI_EVENT_CHAINED_RECEIVE:
dprintf(\"idn_cmet.SYS: TDI_EVENT_CHAINED_RECEIVE\\n\");
break;
case TDI_EVENT_RECEIVE_DATAGRAM:
dprintf(\"idn_cmet.SYS: TDI_EVENT_RECEIVE_DATAGRAM\\n\");
break;
case TDI_EVENT_CHAINED_RECEIVE_DATAGRAM:
dprintf(\"idn_cmet.SYS: TDI_EVENT_CHAINED_RECEIVE_DATAGRAM\\n\");
break;
case TDI_EVENT_DISCONNECT:
dprintf(\"idn_cmet.SYS: TDI_EVENT_DISCONNECT\\n\");
break;
    case TDI_EVENT_ERROR:
dprintf(\"idn_cmet.SYS: TDI_EVENT_ERROR\\n\");
break;
    case TDI_EVENT_RECEIVE_EXPEDITED:
dprintf(\"idn_cmet.SYS: TDI_EVENT_RECEIVE_EXPEDITED\\n\");
break;
    case TDI_EVENT_SEND_POSSIBLE:
dprintf(\"idn_cmet.SYS: TDI_EVENT_SEND_POSSIBLE\\n\");
break;
default:
break;
}
return IoCallDriver(LowerDeviceObject,Irp);
}

NTSTATUS
SetEventComplete(
PDEVICE_OBJECT    pDeviceObject,
PIRP              Irp,
void              *Context
)
{
PDEVICE_EXTENSION DeviceExtension;
PDEVICE_OBJECT AssociatDeviceObject=NULL;
NTSTATUS ntstatus=Irp->IoStatus.Status;

DeviceExtension=(PDEVICE_EXTENSION)Context;
AssociatDeviceObject=DeviceExtension->DeviceObject;

if(Irp->PendingReturned)
{
IoMarkIrpPending(Irp);
}
if(AssociatDeviceObject!=pDeviceObject)
{
dprintf(\"ipfilter.sys:Invalid Device Object Pointer\\n\");
return STATUS_SUCCESS;
}
return STATUS_SUCCESS;
}


[编辑 -  12/5/02 by  quartz]

[编辑 -  12/5/02 by  quartz]

运行在web服务器上，当其他机器访问服务器上的网页时，他在internaldispatch中  
TDI_ASSOCIATE_ADDRESS:
TDI_QUERY_INFORMATION:
接下来就发送数据了。那么我在那里才能抓到http请求包呢？

up

大功告成，放分。

问题在于我启动tdi驱动和iis顺序的问题，如果tdi驱动在iis后面加载那么他就不能够收到对iis网页的请求包，相反的顺序加载就可以在tdi驱动的receive事件中接收到。具体的原因也说不清楚，希望大家能给一个解释。谢谢！

up一下

绑定的问题？

绑定的问题？

也许和set_event相关。如果iis先启动了，请求网页时不会进入set_event，也就不会进入到receive_event。

首先谢谢给分.

我是这么认为的:
iis启动时需要与下层联系,
tdi程序在tcp/udp上面,应用层下面,
所以如果先启动iis,则iis不会经过你的tdi程序,
所以不能接收到http请求包.

我的一点有关iis(win2k server)与tdi的经验;
有时侯,iis向client传送文件时,会绕过tdi中间层驱动

老兄，我现在也在开发2000下TDI方面的，不过是新手哟，能告诉我怎么设置TDI_RECEIVE的处理函数么，郁闷呀，我的邮件地址是ren2000@netease.com，或则yellow@farstone.com，万分感激

mark