tdi 接收函数函数问题

目的:在Tdi过滤过程中,如果发现特定字符串,就在特定字符串前加入一个自己的字符串比如(China)
源代码框架:Vtoolsd 中的HookTdi
问题描述:在
TDI_STATUS MyReceiveEventHandler(
PVOID EventContext,
PVOID ConnectionContext,
ulong Flags,
uint Indicated,
uint Available,
uint *Taken,
uchar *Data,
EventRcvBuffer *Buffer
)
函数中,对Data中进行查询操作,如果发现特定字符串.就
1.1分配新内存,比如New
1.2将Data中的数据及要插入的数据重新组织之后,写入New内存.
1.3传送数据
status = pHandle->pReceiveEventHandler(
pHandle->Context,
ConnectionContext,
Flags,
Indicated+5,
Available+5,
Taken,
New,
Buffer
);

free(New);
return status;

status 返回为TDI_MORE_PROCESSING

发现没有效果,询问同事后,被告知,此种返回,需要在Buffer->erb_rtn的回调函数处处理.
因此修订如下.
status = pHandle->pReceiveEventHandler(
pHandle->Context,
ConnectionContext,
Flags,
Indicated+5,
Available+5,
Taken,
New,
Buffer
);
if(status ==TDI_MORE_PROCESSING)
{
gCall = Buffer->erb_rtn;
Buffer->erb_rtn = MyReceiverCallBack;
}
free(New);
return status;

VOID MyReceiverCallBack(PVOID pContext,
TDI_STATUS status,
unsigned long nByteCount
)
{
gCall(Context,status,nByteCount);
}
发现在MyReceiverCallBack中不能得到 PNDIS_BUFFER 数据类型的pBuffer,不能进行操作.在Yahoo新闻网站上搜寻到一篇文章
=================================================================================================================

The problem is:

1. ReceiveEventCompleteCallback\'s parameter : pContext. Is it
PNDIS_PACKET which contains the PNDIS_BUFFER with received
data?

Because this field is filled by the system\'s original
ReceiveEventHandler, I am not sure if it is always the case.

In my code, when I use ndis_query_packet on it. It would always
return 0 for nLength and nBufCount.

2. I tried to print out the buffer address in MyReceiveHandler,
and find the Buffer->erb_buffer is always equal to
Buffer->erb_context + 0x5c.

I used this method to find the first buffer in
ReceiveEventCompleteCallback, then I queried the buffer
length successfully.

I checked the ndis.h but does not find that there are
so much gap between the head of an NDIS_PACKET and an
NDIS_BUFFER.

So my question is related to question one, what is exactly
passed to ReceiveEventCompleteCallback\'s pContext in original
Win98? How to get the PNDIS_BUFFER from pContext? Is the
\"plus 0x5c\" correct for all win98 machine?

3. Now assume I get the buffer correctly, I should start to
filter it. Is the ReceiveEventCompleteCallback() the right
place to put the filter code?

If so, how to access and modify the data in buffer safely?

I would always get system halt or reboot when try to access
the data in buffer. Seems the buffer is accessed by other
threads or has been released.

When is the data ready, before calling the
RealReceiveEventCompleteCallback() or after it? And when is it
safe?

I have browsed the NDISxxx functions, but did not find functions
that can let me \"lock\" the buffer data, modify it, then
\"unlock\" it. So how to protect the data when my filter accessing
it?

4. I knew PCAUSA has a product named \"Advanced TDI samples\". Does it
contain enough information to help me to develop a TDI filter
on win98/me platform?

Thanks a lot for your help in advance.

regards,

wenguang

------------------------
TDI_STATUS MyReceiveEventHandler( PVOID EventContext,
PVOID ConnectionContext, ulong Flags,
uint Indicated, uint Available,
uint *Taken, uchar *Data,
EventRcvBuffer *Buffer
)
{
TDI_STATUS status;

// The context parameter points to the handle record
struct HandleInfo* p = (struct HandleInfo*)EventContext;

// Call original ReceiveEventHandler
status = p->pReceiveEventHandler(
p->Context,
ConnectionContext,
Flags,
Indicated,
Available,
Taken,
Data,
Buffer
);

if ( status == TDI_MORE_PROCESSING ) {
// Substitue it to my own complete callback
RealReceiveEventCompleteCallback = Buffer->erb_rtn;
Buffer->erb_rtn = ReceiveEventCompleteCallback;
}

return status;
}



---------------------------------------------------------
static void ReceiveEventCompleteCallback(
PVOID pContext,
TDI_STATUS status,
ULONG nByteCount ) {


UINT nLength, nPhysicalBufCount, nBufCount;
PNDIS_BUFFER pBuffer;
PNDIS_PACKET pPacket = (PNDIS_PACKET) pContext;

if ( status == TDI_SUCCESS ) {
NdisQueryPacket( pPacket, &nPhysicalBufCount,
&nBufCount, &pBuffer, &nLength );
dprintf( \"#####In ReceiveCompleteCallback,
nByteCount is %d, status is %d\",
nByteCount, status );
dprintf( \"#####In ReceiveCompleteCallback, packet
length is %d, buffer count is %d\", nLength, nBufCount );
}

RealReceiveEventCompleteCallback( pContext, status,
nByteCount );

}
==================================================================================================================
没有解答,自己照那篇文章尝试修改 MyReceiverCallBack 发现不行.

能否请大家告知
1:插入数据是否可以在这个函数中进行.
2:怎样得到PNDIS_BUFFER 数据类型的pBuffer.
3:因为还没有来得及测试TDI_STATUS MySend(
PTDI_REQUEST req,
USHORT Flags,
UINT SendLength,
PNDIS_BUFFER buf
)
不过我发现,发送的数据也会被
TDI_STATUS MyReceiveEventHandler(
PVOID EventContext,
PVOID ConnectionContext,
ulong Flags,
uint Indicated,
uint Available,
uint *Taken,
uchar *Data,
EventRcvBuffer *Buffer
)
抓到,不知道是怎么回事,是否是因为Tdi 的发送接收概念是 Tdi 客户 这个常用名词造成的,就是这个过滤函数的发送
接收,是针对Tdi提供者的发送接收,而不是针对网络底层的发送接收.
谢谢大家,请帮小弟解决解决这些疑问好吗.能有Tdi的例子就好了,不过我看了pcausa的Advanced TDI Samples例子,发现
是Nt的,就没有详细查看了.

不好意思,同事帮我解决了,我不准备放分了,谢谢各位

kao , :D刚看到你的帖子