debug.txt

基于TDI驱动编写的个人防火墙程序。包括驱动模块、应用层规则配置及加载模块。

DEBUGGING

I advise you the next sequence of steps to debug this project.

First compile driver and helper service as debug (checked build).

To compile driver run Start->Programs->Development Kits->Windows 2000
DDK->Checked Build Environment or something like this for Windows NT4. In
console appeared change dir to directory where drivers sources are. For me 
it's: cd \work\tdi_fw\drv

And then enter: build

To compile service open project tdi_fw_svc.dsw in Visual Studio. Set
active configuration: Debug. And build it.

The next you have to debug it. To simplify it make bat-file with the next
commands:

1) load symbols for debugger (SoftICE for me)
2) flush your discs' cache (I use SysInternals' sync utility)
3) start tdi_fw driver by instdrv utility (from NT4 DDK)
4) start tdi_fw_svc executable in debug mode
5) unload tdi_fw driver after tdi_fw_svc will be completed (you can do it
by pressing any key)

For me it looks like this:

nmsym /load drv\objchk\tdi_fw.nms
sync
instdrv tdi_fw c:\work\tdi_fw\drv\objchk\tdi_fw.sys
svc\debug\tdi_fw_svc debug c:\winnt\system32\drivers\etc\tdi_fw.conf
instdrv tdi_fw remove


TDI HOOKING

New version of tdi_fw has ability of using TDI hooking as alternate
technique to work. By default it's not supported. To enable it compile
tdi_fw with USE_TDI_HOOKING macro defined. You can do it by uncommenting
line in sources file.

The implementation of TDI hooking is raw and you must use it with care.

---
vlad-ntdev