|
阅读:1561回复:1
对传输层过滤驱动:FilterTdiDriver 的简单修改
我是初学者,请高手赐教,就是如何对传输层过滤驱动:FilterTdiDriver 进行修改,以达到对网络封包简单过滤的目的,并把过滤后的包输出!
谢谢各位大哥拉~~~~~~~~~~~~ 原来的程序直接将IRP请求转发到了底层,没有作任何处理,下面是它的源代码 PACKET.H #define DD_TCP_DEVICE_NAME L\"\\\\Device\\\\Tcp\" #define TDIH_TCP_DEVICE_NAME L\"\\\\Device\\\\TonyTcpFilter\" #define TDIH_DEV_EXT_ATTACHED (0x00000001) /************************************************************************** 每一个结构必须有一个唯一的“node type”或者一个联合签名 **************************************************************************/ #define TDIH_NODE_TYPE_TCP_FILTER_DEVICE (0xfdecba12) /* 输出调试信息 */ #define DBGPRINT(Fmt) \\ { \\ DbgPrint(\" ***FilterTdiDriver.sys*** \"); \\ DbgPrint (Fmt); \\ } /* 进行64位数值的处理,请参阅DDK帮助文档关于RtlLargeIntegerEqualToZero的解释 */ #define UTIL_IsLargeIntegerZero(ReturnValue, LargeIntegerOp, pSpinLock) \\ { \\ KIRQL OldIrql; \\ KeAcquireSpinLock(pSpinLock, &OldIrql); \\ ASSERT(RtlLargeIntegerGreaterOrEqualToZero((LargeIntegerOp))); \\ ReturnValue = RtlLargeIntegerEqualToZero((LargeIntegerOp)); \\ KeReleaseSpinLock(pSpinLock, OldIrql); \\ } //―――――――――――――――――――――――――――――――――――――― // 用来保存驱动程序相关信息的自定义结构类型,这个结构类型可以绑定到 // DEVICE_OBJECT对象的DeviceExtension成员变量之上,随着DEVICE_OBJECT对象在 // 不同的函数之间传递 // typedef struct _TDIH_DeviceExtension { ULONG NodeType; // 标识这个结构 ULONG NodeSize; // 这个结构的大小 PDEVICE_OBJECT pFilterDeviceObject; // 过滤设备对象 KSPIN_LOCK IoRequestsSpinLock; // 同时调用时的保护锁 KEVENT IoInProgressEvent; // 进程间同步处理 ULONG DeviceExtensionFlags; // 设备标志 PDEVICE_OBJECT TargetDeviceObject; // 绑定的设备对象 PFILE_OBJECT TargetFileObject; // 绑定设备的文件对象 PDEVICE_OBJECT LowerDeviceObject; // 绑定前底层设备对象 LARGE_INTEGER OutstandingIoRequests; } TDIH_DeviceExtension, *PTDIH_DeviceExtension; /////////////////////////////////////////////////////////////////////// NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ); VOID PacketUnload( IN PDRIVER_OBJECT DriverObject ); NTSTATUS PacketDispatch( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ); NTSTATUS PacketCompletion( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context ); NTSTATUS TCPFilter_Attach( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ); NTSTATUS TCPFilter_InitDeviceExtension( IN PTDIH_DeviceExtension pTDIH_DeviceExtension, IN PDEVICE_OBJECT pFilterDeviceObject, IN PDEVICE_OBJECT pTargetDeviceObject, IN PFILE_OBJECT pTargetFileObject, IN PDEVICE_OBJECT pLowerDeviceObject ); VOID TCPFilter_Detach( IN PDEVICE_OBJECT pDeviceObject ); Packet.c #include <ndis.h> #include <tdikrnl.h> #include <ntddk.h> #include \"packet.h\" NTSTATUS DriverEntry( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ) { NTSTATUS status = 0; ULONG i; DBGPRINT(\"DriverEntry Loading...\\n\"); DriverObject->DriverUnload = PacketUnload; for (i=0; i <= IRP_MJ_MAXIMUM_FUNCTION; i++) { DriverObject->MajorFunction = PacketDispatch; } status = TCPFilter_Attach(DriverObject,RegistryPath); return status; } VOID PacketUnload( IN PDRIVER_OBJECT DriverObject ) { PDEVICE_OBJECT DeviceObject; PDEVICE_OBJECT OldDeviceObject; PTDIH_DeviceExtension pTDIH_DeviceExtension; DBGPRINT(\"DriverEntry unLoading...\\n\"); DeviceObject = DriverObject->DeviceObject; while (DeviceObject != NULL) { OldDeviceObject = DeviceObject; pTDIH_DeviceExtension = (PTDIH_DeviceExtension )DeviceObject->DeviceExtension; if( pTDIH_DeviceExtension->NodeType == TDIH_NODE_TYPE_TCP_FILTER_DEVICE ) TCPFilter_Detach( DeviceObject ); // Calls IoDeleteDevice else IoDeleteDevice(OldDeviceObject); DeviceObject = DeviceObject->NextDevice; } } NTSTATUS PacketDispatch( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) { NTSTATUS RC = STATUS_SUCCESS; PTDIH_DeviceExtension pTDIH_DeviceExtension; PIO_STACK_LOCATION IrpStack; PIO_STACK_LOCATION NextIrpStack; pTDIH_DeviceExtension = (PTDIH_DeviceExtension )(DeviceObject->DeviceExtension); IrpStack = IoGetCurrentIrpStackLocation(Irp); switch(IrpStack->MajorFunction) { case IRP_MJ_CREATE: DBGPRINT(\"PacketDispatch(IRP_MJ_CREATE)...\\n\"); break; case IRP_MJ_CLOSE: DBGPRINT(\"PacketDispatch(IRP_MJ_CLOSE)...\\n\"); break; case IRP_MJ_CLEANUP: DBGPRINT(\"PacketDispatch(IRP_MJ_CLEANUP)...\\n\"); break; case IRP_MJ_INTERNAL_DEVICE_CONTROL: switch (IrpStack->MinorFunction) { case TDI_ACCEPT: DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\ [TDI_ACCEPT])...\\n\"); break; case TDI_ACTION: DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\ [TDI_ACTION])...\\n\"); break; case TDI_ASSOCIATE_ADDRESS: DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\ [TDI_ASSOCIATE_ADDRESS])...\\n\"); break; case TDI_DISASSOCIATE_ADDRESS: DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\ [TDI_DISASSOCIATE_ADDRESS])...\\n\"); break; case TDI_CONNECT: DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\ [TDI_CONNECT])...\\n\"); break; case TDI_DISCONNECT: DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\ [TDI_DISCONNECT])...\\n\"); break; case TDI_LISTEN: DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\ [TDI_LISTEN])...\\n\"); break; case TDI_QUERY_INFORMATION: DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\ [TDI_QUERY_INFORMATION])...\\n\"); break; case TDI_RECEIVE: DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\ [TDI_RECEIVE])...\\n\"); break; case TDI_RECEIVE_DATAGRAM: DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\ [TDI_RECEIVE_DATAGRAM])...\\n\"); break; case TDI_SEND: DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\ [TDI_SEND])...\\n\"); break; case TDI_SEND_DATAGRAM: DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\ [TDI_SEND_DATAGRAM])...\\n\"); break; case TDI_SET_EVENT_HANDLER: DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\ [TDI_SET_EVENT_HANDLER])...\\n\"); break; case TDI_SET_INFORMATION: DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\ [TDI_SET_INFORMATION])...\\n\"); break; default: DBGPRINT(\"PacketDispatch(IRP_MJ_INTERNAL_DEVICE_CONTROL\\ [INVALID_MINOR_FUNCTION])...\\n\"); break; } break; case IRP_MJ_DEVICE_CONTROL: DBGPRINT(\"PacketDispatch(IRP_MJ_DEVICE_CONTROL)...\\n\"); break; default: DBGPRINT(\"PacketDispatch(OTHER_MAJOR_FUNCTION)...\\n\"); break; } if (Irp->CurrentLocation == 1) { ULONG ReturnedInformation = 0; DBGPRINT((\"PacketDispatch encountered bogus current location\\n\")); RC = STATUS_INVALID_DEVICE_REQUEST; Irp->IoStatus.Status = RC; Irp->IoStatus.Information = ReturnedInformation; IoCompleteRequest(Irp, IO_NO_INCREMENT); return( RC ); } NextIrpStack = IoGetNextIrpStackLocation(Irp); *NextIrpStack = *IrpStack; IoSetCompletionRoutine(Irp,PacketCompletion,NULL,TRUE,TRUE,TRUE); return IoCallDriver(pTDIH_DeviceExtension->LowerDeviceObject,Irp); } NTSTATUS PacketCompletion( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context ) { if(Irp->PendingReturned) IoMarkIrpPending(Irp); return STATUS_SUCCESS; } NTSTATUS TCPFilter_Attach( IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ) { NTSTATUS status = 0; UNICODE_STRING uniNtNameString; PTDIH_DeviceExtension pTDIH_DeviceExtension; PDEVICE_OBJECT pFilterDeviceObject = NULL; PDEVICE_OBJECT pTargetDeviceObject = NULL; PFILE_OBJECT pTargetFileObject = NULL; PDEVICE_OBJECT pLowerDeviceObject = NULL; DBGPRINT(\"TCPFilter_Attach.\\n\"); RtlInitUnicodeString( &uniNtNameString, DD_TCP_DEVICE_NAME ); status = IoGetDeviceObjectPointer( IN &uniNtNameString, IN FILE_READ_ATTRIBUTES, OUT &pTargetFileObject, OUT &pTargetDeviceObject ); if( !NT_SUCCESS(status) ) { DBGPRINT((\"TCPFilter_Attach: Couldn\'t get the TCP Device Object\\n\")); pTargetFileObject = NULL; pTargetDeviceObject = NULL; return( status ); } RtlInitUnicodeString( &uniNtNameString, TDIH_TCP_DEVICE_NAME ); status = IoCreateDevice( IN DriverObject, IN sizeof( TDIH_DeviceExtension ), IN &uniNtNameString, IN pTargetDeviceObject->DeviceType, IN pTargetDeviceObject->Characteristics, IN FALSE, OUT &pFilterDeviceObject ); if( !NT_SUCCESS(status) ) { DBGPRINT((\"TCPFilter_Attach: Couldn\'t create the TCP Filter Device Object\\n\")); ObDereferenceObject( pTargetFileObject ); pTargetFileObject = NULL; pTargetDeviceObject = NULL; return( status ); } pLowerDeviceObject = IoAttachDeviceToDeviceStack(pFilterDeviceObject,pTargetDeviceObject); if( !pLowerDeviceObject ) { DBGPRINT((\"TCPFilter_Attach: Couldn\'t attach to TCP Device Object\\n\")); IoDeleteDevice( pFilterDeviceObject ); pFilterDeviceObject = NULL; ObDereferenceObject( pTargetFileObject ); pTargetFileObject = NULL; pTargetDeviceObject = NULL; return( status ); } pTDIH_DeviceExtension = (PTDIH_DeviceExtension )( pFilterDeviceObject->DeviceExtension ); TCPFilter_InitDeviceExtension( IN pTDIH_DeviceExtension, IN pFilterDeviceObject, IN pTargetDeviceObject, IN pTargetFileObject, IN pLowerDeviceObject ); pFilterDeviceObject->Flags |= pTargetDeviceObject->Flags & (DO_BUFFERED_IO | DO_DIRECT_IO); return status; } NTSTATUS TCPFilter_InitDeviceExtension( IN PTDIH_DeviceExtension pTDIH_DeviceExtension, IN PDEVICE_OBJECT pFilterDeviceObject, IN PDEVICE_OBJECT pTargetDeviceObject, IN PFILE_OBJECT pTargetFileObject, IN PDEVICE_OBJECT pLowerDeviceObject ) { NdisZeroMemory( pTDIH_DeviceExtension, sizeof( TDIH_DeviceExtension ) ); pTDIH_DeviceExtension->NodeType = TDIH_NODE_TYPE_TCP_FILTER_DEVICE; pTDIH_DeviceExtension->NodeSize = sizeof( TDIH_DeviceExtension ); pTDIH_DeviceExtension->pFilterDeviceObject = pFilterDeviceObject; KeInitializeSpinLock(&(pTDIH_DeviceExtension->IoRequestsSpinLock)); KeInitializeEvent(&(pTDIH_DeviceExtension->IoInProgressEvent) , NotificationEvent, FALSE); pTDIH_DeviceExtension->TargetDeviceObject = pTargetDeviceObject; pTDIH_DeviceExtension->TargetFileObject = pTargetFileObject; pTDIH_DeviceExtension->LowerDeviceObject = pLowerDeviceObject; pTDIH_DeviceExtension->DeviceExtensionFlags |= TDIH_DEV_EXT_ATTACHED; return( STATUS_SUCCESS ); } VOID TCPFilter_Detach( IN PDEVICE_OBJECT pDeviceObject ) { PTDIH_DeviceExtension pTDIH_DeviceExtension; BOOLEAN NoRequestsOutstanding = FALSE; pTDIH_DeviceExtension = (PTDIH_DeviceExtension )pDeviceObject->DeviceExtension; try { try { while (TRUE) { UTIL_IsLargeIntegerZero( NoRequestsOutstanding, pTDIH_DeviceExtension->OutstandingIoRequests, &(pTDIH_DeviceExtension->IoRequestsSpinLock) ); if( !NoRequestsOutstanding ) KeWaitForSingleObject( (void *)(&(pTDIH_DeviceExtension->IoInProgressEvent)), Executive, KernelMode, FALSE, NULL ); else break; } if( pTDIH_DeviceExtension->DeviceExtensionFlags & TDIH_DEV_EXT_ATTACHED) { IoDetachDevice( pTDIH_DeviceExtension->TargetDeviceObject ); pTDIH_DeviceExtension->DeviceExtensionFlags &= ~(TDIH_DEV_EXT_ATTACHED); } pTDIH_DeviceExtension->NodeType = 0; pTDIH_DeviceExtension->NodeSize = 0; if( pTDIH_DeviceExtension->TargetFileObject ) ObDereferenceObject( pTDIH_DeviceExtension->TargetFileObject ); pTDIH_DeviceExtension->TargetFileObject = NULL; IoDeleteDevice( pDeviceObject ); DBGPRINT((\"TCPFilter_Attach: TCPFilter_Detach Finished\\n\")); } except (EXCEPTION_EXECUTE_HANDLER){} } finally{} return; } |
|
|
沙发#
发布于:2005-04-27 14:28
怎么都没高手相助啊!
自己先顶一下吧! |
|