📄 ktdi.c
字号:
if (remoteInfo == NULL)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
RtlZeroMemory(remoteInfo, sizeof(TDI_CONNECTION_INFORMATION) + sizeof(TA_IP_ADDRESS));
remoteInfo->RemoteAddressLength = sizeof(TA_IP_ADDRESS);
remoteInfo->RemoteAddress = (PUCHAR)remoteInfo + sizeof(TDI_CONNECTION_INFORMATION);
remoteAddr = (PTA_IP_ADDRESS) remoteInfo->RemoteAddress;
remoteAddr->TAAddressCount = 1;
remoteAddr->Address[0].AddressLength = TDI_ADDRESS_LENGTH_IP;
remoteAddr->Address[0].AddressType = TDI_ADDRESS_TYPE_IP;
remoteAddr->Address[0].Address[0].sin_port = port;
remoteAddr->Address[0].Address[0].in_addr = addr;
irp = TdiBuildInternalDeviceControlIrp(TDI_SEND_DATAGRAM, devObj, addressFileObject, &event, &iosb);
if (irp == NULL)
{
ExFreePool(remoteInfo);
return STATUS_INSUFFICIENT_RESOURCES;
}
if (len)
{
mdl = IoAllocateMdl((void*) buf, len, FALSE, FALSE, NULL);
if (mdl == NULL)
{
IoFreeIrp(irp);
ExFreePool(remoteInfo);
return STATUS_INSUFFICIENT_RESOURCES;
}
__try
{
MmProbeAndLockPages(mdl, KernelMode, IoReadAccess);
status = STATUS_SUCCESS;
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
IoFreeMdl(mdl);
IoFreeIrp(irp);
ExFreePool(remoteInfo);
status = STATUS_INVALID_USER_BUFFER;
}
if (!NT_SUCCESS(status))
{
return status;
}
}
TdiBuildSendDatagram(irp, devObj, addressFileObject, NULL, NULL, len ? mdl : 0, len, remoteInfo);
status = IoCallDriver(devObj, irp);
if (status == STATUS_PENDING)
{
KeWaitForSingleObject(&event, Executive, KernelMode, FALSE, NULL);
status = iosb.Status;
}
ExFreePool(remoteInfo);
return NT_SUCCESS(status) ? iosb.Information : status;
}
NTSTATUS tdi_recv_dgram(PFILE_OBJECT addressFileObject, PULONG addr, PUSHORT port, char *buf, int len, ULONG flags)
{
PDEVICE_OBJECT devObj;
KEVENT event;
PTDI_CONNECTION_INFORMATION remoteInfo;
PTDI_CONNECTION_INFORMATION returnInfo;
PTA_IP_ADDRESS returnAddr;
PIRP irp;
PMDL mdl;
IO_STATUS_BLOCK iosb;
NTSTATUS status;
devObj = IoGetRelatedDeviceObject(addressFileObject);
KeInitializeEvent(&event, NotificationEvent, FALSE);
remoteInfo = (PTDI_CONNECTION_INFORMATION) ExAllocatePool(NonPagedPool, 2 * sizeof(TDI_CONNECTION_INFORMATION) + sizeof(TA_IP_ADDRESS));
if (remoteInfo == NULL)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
RtlZeroMemory(remoteInfo, 2 * sizeof(TDI_CONNECTION_INFORMATION) + sizeof(TA_IP_ADDRESS));
remoteInfo->RemoteAddressLength = 0;
remoteInfo->RemoteAddress = NULL;
returnInfo = (PTDI_CONNECTION_INFORMATION)((PUCHAR)remoteInfo + sizeof(TDI_CONNECTION_INFORMATION));
returnInfo->RemoteAddressLength = sizeof(TA_IP_ADDRESS);
returnInfo->RemoteAddress = (PUCHAR)returnInfo + sizeof(TDI_CONNECTION_INFORMATION);
returnAddr = (PTA_IP_ADDRESS) returnInfo->RemoteAddress;
returnAddr->TAAddressCount = 1;
returnAddr->Address[0].AddressLength = TDI_ADDRESS_LENGTH_IP;
returnAddr->Address[0].AddressType = TDI_ADDRESS_TYPE_IP;
irp = TdiBuildInternalDeviceControlIrp(TDI_RECEIVE_DATAGRAM, devObj, addressFileObject, &event, &iosb);
if (irp == NULL)
{
ExFreePool(remoteInfo);
return STATUS_INSUFFICIENT_RESOURCES;
}
if (len)
{
mdl = IoAllocateMdl((void*) buf, len, FALSE, FALSE, NULL);
if (mdl == NULL)
{
IoFreeIrp(irp);
ExFreePool(remoteInfo);
return STATUS_INSUFFICIENT_RESOURCES;
}
__try
{
MmProbeAndLockPages(mdl, KernelMode, IoWriteAccess);
status = STATUS_SUCCESS;
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
IoFreeMdl(mdl);
IoFreeIrp(irp);
ExFreePool(remoteInfo);
status = STATUS_INVALID_USER_BUFFER;
}
if (!NT_SUCCESS(status))
{
return status;
}
}
TdiBuildReceiveDatagram(irp, devObj, addressFileObject, NULL, NULL, len ? mdl : 0, len, remoteInfo, returnInfo, flags);
status = IoCallDriver(devObj, irp);
if (status == STATUS_PENDING)
{
KeWaitForSingleObject(&event, Executive, KernelMode, FALSE, NULL);
status = iosb.Status;
}
if (addr)
{
*addr = returnAddr->Address[0].Address[0].in_addr;
}
if (port)
{
*port = returnAddr->Address[0].Address[0].sin_port;
}
ExFreePool(remoteInfo);
return NT_SUCCESS(status) ? iosb.Information : status;
}
NTSTATUS tdi_send_stream(PFILE_OBJECT connectionFileObject, const char *buf, int len, ULONG flags)
{
PDEVICE_OBJECT devObj;
KEVENT event;
PIRP irp;
PMDL mdl;
IO_STATUS_BLOCK iosb;
NTSTATUS status;
devObj = IoGetRelatedDeviceObject(connectionFileObject);
KeInitializeEvent(&event, NotificationEvent, FALSE);
irp = TdiBuildInternalDeviceControlIrp(TDI_SEND, devObj, connectionFileObject, &event, &iosb);
if (irp == NULL)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
if (len)
{
mdl = IoAllocateMdl((void*) buf, len, FALSE, FALSE, NULL);
if (mdl == NULL)
{
IoFreeIrp(irp);
return STATUS_INSUFFICIENT_RESOURCES;
}
__try
{
MmProbeAndLockPages(mdl, KernelMode, IoReadAccess);
status = STATUS_SUCCESS;
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
IoFreeMdl(mdl);
IoFreeIrp(irp);
status = STATUS_INVALID_USER_BUFFER;
}
if (!NT_SUCCESS(status))
{
return status;
}
}
TdiBuildSend(irp, devObj, connectionFileObject, NULL, NULL, len ? mdl : 0, flags, len);
status = IoCallDriver(devObj, irp);
if (status == STATUS_PENDING)
{
KeWaitForSingleObject(&event, Executive, KernelMode, FALSE, NULL);
status = iosb.Status;
}
return NT_SUCCESS(status) ? iosb.Information : status;
}
NTSTATUS tdi_recv_stream(PFILE_OBJECT connectionFileObject, char *buf, int len, ULONG flags)
{
PDEVICE_OBJECT devObj;
KEVENT event;
PIRP irp;
PMDL mdl;
IO_STATUS_BLOCK iosb;
NTSTATUS status;
devObj = IoGetRelatedDeviceObject(connectionFileObject);
KeInitializeEvent(&event, NotificationEvent, FALSE);
irp = TdiBuildInternalDeviceControlIrp(TDI_RECEIVE, devObj, connectionFileObject, &event, &iosb);
if (irp == NULL)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
if (len)
{
mdl = IoAllocateMdl((void*) buf, len, FALSE, FALSE, NULL);
if (mdl == NULL)
{
IoFreeIrp(irp);
return STATUS_INSUFFICIENT_RESOURCES;
}
__try
{
MmProbeAndLockPages(mdl, KernelMode, IoWriteAccess);
status = STATUS_SUCCESS;
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
IoFreeMdl(mdl);
IoFreeIrp(irp);
status = STATUS_INVALID_USER_BUFFER;
}
if (!NT_SUCCESS(status))
{
return status;
}
}
TdiBuildReceive(irp, devObj, connectionFileObject, NULL, NULL, len ? mdl : 0, flags, len);
status = IoCallDriver(devObj, irp);
if (status == STATUS_PENDING)
{
KeWaitForSingleObject(&event, Executive, KernelMode, FALSE, NULL);
status = iosb.Status;
}
return NT_SUCCESS(status) ? iosb.Information : status;
}
NTSTATUS tdi_query_address(PFILE_OBJECT addressFileObject, PULONG addr, PUSHORT port)
{
PDEVICE_OBJECT devObj;
KEVENT event;
PTRANSPORT_ADDRESS localInfo;
PTA_IP_ADDRESS localAddr;
PIRP irp;
PMDL mdl;
IO_STATUS_BLOCK iosb;
NTSTATUS status;
devObj = IoGetRelatedDeviceObject(addressFileObject);
KeInitializeEvent(&event, NotificationEvent, FALSE);
localInfo = (PTRANSPORT_ADDRESS) ExAllocatePool(NonPagedPool, sizeof(TDI_ADDRESS_INFO)*10);
if (localInfo == NULL)
{
return STATUS_INSUFFICIENT_RESOURCES;
}
RtlZeroMemory(localInfo, sizeof(TDI_ADDRESS_INFO)*10);
irp = TdiBuildInternalDeviceControlIrp(TDI_QUERY_INFORMATION, devObj, addressFileObject, &event, &iosb);
if (irp == NULL)
{
ExFreePool(localInfo);
return STATUS_INSUFFICIENT_RESOURCES;
}
{
mdl = IoAllocateMdl((void*) localInfo, sizeof(TDI_ADDRESS_INFO)*10, FALSE, FALSE, NULL);
if (mdl == NULL)
{
IoFreeIrp(irp);
ExFreePool(localInfo);
return STATUS_INSUFFICIENT_RESOURCES;
}
__try
{
MmProbeAndLockPages(mdl, KernelMode, IoWriteAccess);
status = STATUS_SUCCESS;
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
IoFreeMdl(mdl);
IoFreeIrp(irp);
ExFreePool(localInfo);
status = STATUS_INVALID_USER_BUFFER;
}
if (!NT_SUCCESS(status))
{
return status;
}
}
TdiBuildQueryInformation(irp, devObj, addressFileObject, NULL, NULL, TDI_QUERY_ADDRESS_INFO, mdl);
status = IoCallDriver(devObj, irp);
if (status == STATUS_PENDING)
{
KeWaitForSingleObject(&event, Executive, KernelMode, FALSE, NULL);
status = iosb.Status;
}
localAddr = (PTA_IP_ADDRESS)&localInfo->Address[0];
if (addr)
{
*addr = localAddr->Address[0].Address[0].in_addr;
}
if (port)
{
*port = localAddr->Address[0].Address[0].sin_port;
}
ExFreePool(localInfo);
return status;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -