首页>驱动开发>NDIS网络接口开发>IP filter中只有IRP_MJ_DEVICE_CONT...
回复
« 返回列表
sdssly
sdssly
驱动牛犊
驱动牛犊
  • 注册日期2003-03-04
  • 最后登录2016-01-09
  • 粉丝2
  • 关注0
  • 积分344分
  • 威望47点
  • 贡献值0点
  • 好评度34点
  • 原创分0分
  • 专家分0分
写私信
阅读:1614回复:4

IP filter中只有IRP_MJ_DEVICE_CONTROL的问题?

楼主#
更多 发布于:2003-12-16 17:47
按照windows封包技术上的TCP filter写了一个程序。只是把过滤的device改为Ip,但是不能得到TDI的IRP。我使用ping命令来测试。得到的IRP为IRP_MJ_CREATE、IRP_MJ_DEVICE_CONTROL。这是什么原因?

谢谢!
喜欢0
回复
Dino
Dino
驱动牛犊
驱动牛犊
  • 注册日期2001-08-07
  • 最后登录2007-01-10
  • 粉丝0
  • 关注0
  • 积分0分
  • 威望0点
  • 贡献值0点
  • 好评度0点
  • 原创分0分
  • 专家分0分
写私信
沙发#
发布于:2003-12-17 09:27
你应该在IRP_MJ_DEVICE_CONTROL的时候进行处理。
如:
 PIO_STACK_LOCATION pIoStack;
pIoStack = IoGetCurrentIrpStackLocation(Irp);

 if( pIoStack->MajorFunction == IRP_MJ_INTERNAL_DEVICE_CONTROL )
 {
    if( pIoStack->MinorFunction == TDI_CONNECT )
      ..
      ..
      ..
    if( pIoStack->MinorFunction == TDI_ASSOCIATE_ADDRESS )
      ..
      ..
      ..
    if( pIoStack->MinorFunction == TDI_DISASSOCIATE_ADDRESS )
      ..
      ..
      ..
    if( pIoStack->MinorFunction == TDI_SEND_DATAGRAM )
 }

[编辑 -  12/17/03 by  Dino]
Death is only the beginning
回复(0) 喜欢(0)
sdssly
sdssly
驱动牛犊
驱动牛犊
  • 注册日期2003-03-04
  • 最后登录2016-01-09
  • 粉丝2
  • 关注0
  • 积分344分
  • 威望47点
  • 贡献值0点
  • 好评度34点
  • 原创分0分
  • 专家分0分
写私信
板凳#
发布于:2003-12-17 12:33
谢谢回答!我跟踪发现,这个IRP_MJ_INTERNAL_DEVICE_CONTROL IRP很少!最多的是IRP_MJ_DEVICE_CONTROLIRP。例如,使用ping命令:

首先是IRP maj code 00,create,然后是 IRP_MJ_DEVICE_CONTROL, 0e,还有cleanup。我想得到ping packet中的数据,应该怎么分析这个IRP啊?

再次感谢!
回复(0) 喜欢(0)
Dino
Dino
驱动牛犊
驱动牛犊
  • 注册日期2001-08-07
  • 最后登录2007-01-10
  • 粉丝0
  • 关注0
  • 积分0分
  • 威望0点
  • 贡献值0点
  • 好评度0点
  • 原创分0分
  • 专家分0分
写私信
地板#
发布于:2003-12-17 14:05
TDI相关操作的IRP都是属于IRP_MJ_DEVICE_CONTROL这个大类型的。所以 当IRP_MJ_DEVICE_CONTROL的irp来的时候,你要按上面的方法来分析。
Death is only the beginning
回复(0) 喜欢(0)
sdssly
sdssly
驱动牛犊
驱动牛犊
  • 注册日期2003-03-04
  • 最后登录2016-01-09
  • 粉丝2
  • 关注0
  • 积分344分
  • 威望47点
  • 贡献值0点
  • 好评度34点
  • 原创分0分
  • 专家分0分
写私信
地下室#
发布于:2003-12-19 12:55
谢谢你的指点。是不是IRP_MJ_DEVICE_CONTROL和IRP_MJ_INTERNAL_DEVICE_CONTROL是并列的IRP?当接收到IRP_MJ_DEVICE_CONTROL这个IRP时,MajorFunction应该已经是IRP_MJ_DEVICE_CONTROL了,我怎么再使用switch?

下面是这个函数:

NTSTATUS
PacketDispatch(
    IN PDEVICE_OBJECT DeviceObject,
    IN PIRP Irp
)
{
NTSTATUS RC = STATUS_SUCCESS;
PTDIH_DeviceExtension pTDIH_DeviceExtension;
PIO_STACK_LOCATION IrpStack;
PIO_STACK_LOCATION NextIrpStack;

pTDIH_DeviceExtension
= (PTDIH_DeviceExtension )(DeviceObject->DeviceExtension);

IrpStack = IoGetCurrentIrpStackLocation(Irp);

switch(IrpStack->MajorFunction)
{
case IRP_MJ_CREATE:
DBGPRINT(\"PacketDispatch(IRP_MJ_CREATE)...\\n\");
DBGPRINT(\"%d\\n\", IrpStack->FileObject->FileName.Length);

break;
case IRP_MJ_CLOSE:
DBGPRINT(\"PacketDispatch(IRP_MJ_CLOSE)...\\n\");
break;
case IRP_MJ_CLEANUP:
DBGPRINT(\"PacketDispatch(IRP_MJ_CLEANUP)...\\n\");
break;
case IRP_MJ_INTERNAL_DEVICE_CONTROL:
switch (IrpStack->MinorFunction)
{
case TDI_ACCEPT:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_ACCEPT])...\\n\");
break;
case TDI_ACTION:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_ACTION])...\\n\");
break;
case TDI_ASSOCIATE_ADDRESS:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_ASSOCIATE_ADDRESS])...\\n\");
break;
case TDI_DISASSOCIATE_ADDRESS:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_DISASSOCIATE_ADDRESS])...\\n\");
break;
case TDI_CONNECT:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_CONNECT])...\\n\");
break;
case TDI_DISCONNECT:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_DISCONNECT])...\\n\");
break;
case TDI_LISTEN:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_LISTEN])...\\n\");
break;
case TDI_QUERY_INFORMATION:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_QUERY_INFORMATION])...\\n\");
break;
case TDI_RECEIVE:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_RECEIVE])...\\n\");
break;
case TDI_RECEIVE_DATAGRAM:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_RECEIVE_DATAGRAM])...\\n\");
break;
case TDI_SEND:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_SEND])...\\n\");
break;
case TDI_SEND_DATAGRAM:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_SEND_DATAGRAM])...\\n\");
break;
case TDI_SET_EVENT_HANDLER:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_SET_EVENT_HANDLER])...\\n\");
break;
case TDI_SET_INFORMATION:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[TDI_SET_INFORMATION])...\\n\");
break;
default:
DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\
[INVALID_MINOR_FUNCTION])...\\n\");
break;
}
break;
case IRP_MJ_DEVICE_CONTROL:
DBGPRINT(\"PacketDispatch(IRP_MJ_DEVICE_CONTROL)...\\n\");

DBGPRINT(\"code=%x, Inputbuflen=%x outputbuflen=%x control=%c\\n\",IrpStack->Parameters.DeviceIoControl.IoControlCode,
IrpStack->Parameters.DeviceIoControl.InputBufferLength,
IrpStack->Parameters.DeviceIoControl.OutputBufferLength,
IrpStack->Control
);

//DBGPRINT(\"%d\\n\", IrpStack->FileObject->FileName.Length);
DBGPRINT(\"MinorFunction=%x\\n\", IrpStack->MinorFunction);


break;
default:
DBGPRINT(\"PacketDispatch(OTHER_MAJOR_FUNCTION)...\\n\");
break;
}

if (Irp->CurrentLocation == 1)
{
ULONG ReturnedInformation = 0;

DBGPRINT((\"PacketDispatch encountered bogus current location\\n\"));

RC = STATUS_INVALID_DEVICE_REQUEST;
Irp->IoStatus.Status = RC;
Irp->IoStatus.Information = ReturnedInformation;
IoCompleteRequest(Irp, IO_NO_INCREMENT);

return( RC );
}

NextIrpStack = IoGetNextIrpStackLocation(Irp);
*NextIrpStack = *IrpStack;

IoSetCompletionRoutine(Irp,PacketCompletion,NULL,TRUE,TRUE,TRUE);

return IoCallDriver(pTDIH_DeviceExtension->LowerDeviceObject,Irp);
}


回复(0) 喜欢(0)
游客

关于phpwind联系我们问题反馈程序建议

Powered by phpwind v9.0.2 ©2003-2015 phpwind.com 京ICP备05006834号

返回顶部