|
阅读:975回复:0
NDIS HOOK 求助
大家好,我是一名 NDIS 新手。我最近写了一个 NDIS Hook Driver, 只想老老实实用它来过滤所有进出本机的 ICMP 数
据报! 现在程序已经写完了,可是我对驱动的加载一点都不了解,我根本无法让这个程序工作起来。 我也把编译后的文件 ifh.sys 拷贝到 Winnt\system32\drivers 下面了, 也在 注册表的 /system/serveces/ 下建立了相应的相应的键,对ErrorControl, Type, Start 等也设置了值。 可是程序现在仍然无法工作! 麻烦大家帮我指导一下! 下面是我的程序: //ifh.h #ifndef __IFH_H__ #define __IFH_H__ #define DD_DEVICE_NAME L"\\Device\\IpFilterHook" #define DD_SYMBOL_NAME L"\\DosDevices\\IpFilterHook" typedef struct IPHeader { UCHAR iph_verlen; // Version and length UCHAR iph_tos; // Type of service USHORT iph_length; // Total datagram length USHORT iph_id; // Identification USHORT iph_offset; // Flags, fragment offset UCHAR iph_ttl; // Time to live UCHAR iph_protocol; // Protocol USHORT iph_xsum; // Header checksum ULONG iph_src; // Source address ULONG iph_dest; // Destination address } IPHeader; // Protocol IDs copied from winsock2.h #define IPPROTO_ICMP 1 #define IPPROTO_TCP 6 #define IPPROTO_UDP 17 #endif /* __IFH_H__ */ //ifh.c #include "ntddk.h" #include "ntddndis.h" #include "pfhook.h" #include "ifh.h" /* * Hook函数,这个函数里面,我们过滤所有的ICMP包!! */ PF_FORWARD_ACTION IfHookProc( unsigned char *PacketHeader, unsigned char *Packet, unsigned int PacketLength, unsigned int RecvInterfaceIndex, unsigned int SendInterfaceIndex, IPAddr RecvLinkNextHop, IPAddr SendLinkNextHop ) { unsigned char * ptr; IPHeader * pHdr = ( IPHeader * )PacketHeader; ptr = (unsigned char *)&pHdr->iph_dest; DbgPrint( "Destination is %d.%d.%d.%d\n", *ptr, *(ptr+1), *(ptr+2), *(ptr+3) ); if( pHdr->iph_protocol == IPPROTO_ICMP ) { /* 同样也可以拦截其他的包 */ DbgPrint( "ICMP packet had been dropped !\n" ); return PF_DROP; } return PF_PASS; } NTSTATUS SetIpFilterHook( PacketFilterExtensionPtr pHookProc ) { UNICODE_STRING IfName; PFILE_OBJECT pIfFileObject = NULL; PDEVICE_OBJECT pIfDeviceObject = NULL; PF_SET_EXTENSION_HOOK_INFO HookInfo; IO_STATUS_BLOCK IoStatusBlock; KEVENT Event; NTSTATUS Status; PIRP Irp; RtlInitUnicodeString( &IfName, DD_IPFLTRDRVR_DEVICE_NAME ); if( STATUS_SUCCESS == IoGetDeviceObjectPointer( &IfName, FILE_ALL_ACCESS, &pIfFileObject, &pIfDeviceObject ) ) { if( pIfDeviceObject != NULL ) { HookInfo.ExtensionPointer = pHookProc; KeInitializeEvent( &Event, NotificationEvent, TRUE ); Irp = IoBuildDeviceIoControlRequest( IOCTL_PF_SET_EXTENSION_POINTER, pIfDeviceObject, pHookProc?( ( PVOID )&HookInfo ) : NULL, sizeof( PF_SET_EXTENSION_HOOK_INFO ), NULL, 0, FALSE, &Event, &IoStatusBlock ); if( Irp ) { Status = IoCallDriver( pIfDeviceObject, Irp ); if( STATUS_PENDING == Status ) Status = KeWaitForSingleObject( &Event, Executive, KernelMode, FALSE, NULL ); return Status; } } } return STATUS_UNSUCCESSFUL; } NTSTATUS IfhDispatch( IN PDEVICE_OBJECT pDO, IN PIRP Irp ) { Irp->IoStatus.Information = 0; Irp->IoStatus.Status = STATUS_SUCCESS; IoCompleteRequest( Irp, IO_NO_INCREMENT ); return STATUS_SUCCESS; } VOID IfhUnload( PDRIVER_OBJECT DriverObject ) { UNICODE_STRING SymbolName; PDEVICE_OBJECT pDeviceObject; PDEVICE_OBJECT pNextObject; if( DriverObject ) { SetIpFilterHook( NULL ); RtlInitUnicodeString( &SymbolName, DD_SYMBOL_NAME ); IoDeleteSymbolicLink( &SymbolName ); pDeviceObject = DriverObject->DeviceObject; while( pDeviceObject ) { pNextObject = pDeviceObject->NextDevice; IoDeleteDevice( pDeviceObject ); pDeviceObject = pNextObject; } } } NTSTATUS DriverEntry( PDRIVER_OBJECT DriverObject, PUNICODE_STRING RegistryPath ) { UNICODE_STRING DeviceName; UNICODE_STRING SymbolName; PDEVICE_OBJECT pDeviceObject; int i; DbgPrint( "IpFilterHook\n" ); for( i=0; i<IRP_MJ_MAXIMUM_FUNCTION; i++ ) DriverObject->MajorFunction = IfhDispatch; DriverObject->DriverUnload = IfhUnload; RtlInitUnicodeString( &DeviceName, DD_DEVICE_NAME ); IoCreateDevice( DriverObject, 0, &DeviceName, FILE_DEVICE_NULL, 0, FALSE, &pDeviceObject ); RtlInitUnicodeString( &SymbolName, DD_SYMBOL_NAME ); IoCreateSymbolicLink( &SymbolName, &DeviceName ); if( STATUS_SUCCESS == SetIpFilterHook( IfHookProc ) ) { DbgPrint( "Set IpFilterDriver Hook success.\n" ); } else { DbgPrint( "Set IpFilterDriver Hook failed.\n" ); } return STATUS_SUCCESS; } |
|
