📄 vdfltipbk.c
字号:
#define KERNEL_MODE
#include <vtoolsc.h>
#include "VDFltIp.h"
#include "../FilterPkt.c"
HANDLE g_hStopProcEvent=NULL;
void CreateStopProcEvent(HANDLE hStopProcEvent)
{
if(g_hStopProcEvent) _VWIN32_CloseVxDHandle(g_hStopProcEvent);
g_hStopProcEvent=hStopProcEvent;
DbgPrint("CreateStopProcEvent g_hStopProcEvent=%X\n",g_hStopProcEvent);
}
void NotifyStopProc(const char *szStopProc)
{
if(g_hStopProcEvent)
{
strncpy(g_szCurStopProc,szStopProc,sizeof(g_szCurStopProc)-1);
g_szCurStopProc[sizeof(g_szCurStopProc)-1]=0;
_VWIN32_SetWin32Event(g_hStopProcEvent);
}
DbgPrint("NotifyStopProc g_hStopProcEvent=%X,Stop Proc=%s\n",
g_hStopProcEvent,g_szCurStopProc);
}
PADD_EXPORT_TABLE m_pSystemAddExportTable = NULL;
HDSC_Thunk m_AddExportTableThunk;
HDSC_Thunk m_NdisRegisterProtocolThunk;
HDSC_Thunk m_NdisOpenAdapterThunk;
HDSC_Thunk m_NdisSendThunk;
NDIS_REGISTER_PROTOCOL m_pSysNdisRegisterProtocol = NULL;
NDIS_OPENADAPTER m_pSysNdisOpenAdapter = NULL;
NDIS_SEND m_pSysNdisSend = NULL;
NDIS_REGISTER_PROTOCOL m_pVxdNdisRegisterProtocol = NULL;
NDIS_OPENADAPTER m_pVxdNdisOpenAdapter = NULL;
NDIS_SEND m_pVxdNdisSend = NULL;
BOOL IsWindowsMe()
{
DWORD DebugInfo, Version, Major, Minor;
Version = Get_VMM_Version(&DebugInfo);
Major = Version & 0x0000FF00;
Minor = Version & 0x000000FF;
if(Minor >= 0x5A)
return TRUE;
return FALSE;
}
BOOL IsWindowsMeEx()
{
return VXDLDR_GetVersion() && IsWindowsMe();
}
VOID NDIS_API
VXD_NdisRegisterProtocol(
OUT PNDIS_STATUS Status,
OUT PNDIS_HANDLE NdisProtocolHandle,
IN PNDIS_PROTOCOL_CHARACTERISTICS ProtocolCharacteristics,
IN UINT CharacteristicsLength
)
{
BOOLEAN bIsTcp=FALSE;
NDIS_STRING sTcpName = NDIS_STRING_CONST("MSTCP");
if(NdisEqualString(&ProtocolCharacteristics->Name, &sTcpName, FALSE))
{
bIsTcp=TRUE;
m_pNdisReceive = ProtocolCharacteristics->ReceiveHandler;
ProtocolCharacteristics->ReceiveHandler = XF_Receive;
m_pSendComplete=ProtocolCharacteristics->SendCompleteHandler;
ProtocolCharacteristics->SendCompleteHandler=XF_SendComplete;
}
m_pVxdNdisRegisterProtocol(Status,NdisProtocolHandle,
ProtocolCharacteristics,CharacteristicsLength);
if(bIsTcp) m_TcpProtocolHandle=*NdisProtocolHandle;
}
VOID NDIS_API
SYS_NdisRegisterProtocol(
OUT PNDIS_STATUS Status,
OUT PNDIS_HANDLE NdisProtocolHandle,
IN PNDIS_PROTOCOL_CHARACTERISTICS ProtocolCharacteristics,
IN UINT CharacteristicsLength
)
{
BOOLEAN bIsTcp=FALSE;
UNICODE_STRING usTcpName = UNICODE_STRING_CONST("MSTCP");
PNDIS50_PROTOCOL_CHARACTERISTICS pCHar=(PNDIS50_PROTOCOL_CHARACTERISTICS)ProtocolCharacteristics;
if( usTcpName.Length == pCHar->Name.Length
&& memcmp(pCHar->Name.Buffer, usTcpName.Buffer, usTcpName.Length) == 0)
{
bIsTcp=TRUE;
m_pNdisReceive = pCHar->ReceiveHandler;
pCHar->ReceiveHandler = XF_Receive;
m_pSendComplete=pCHar->SendCompleteHandler;
pCHar->SendCompleteHandler=XF_SendComplete;
}
m_pSysNdisRegisterProtocol(Status,NdisProtocolHandle,
ProtocolCharacteristics,CharacteristicsLength);
if(bIsTcp) m_TcpProtocolHandle=*NdisProtocolHandle;
}
VOID NDIS_API
VXD_NdisOpenAdapter(
OUT PNDIS_STATUS Status,
OUT PNDIS_STATUS OpenErrorStatus,
OUT PNDIS_HANDLE NdisBindingHandle,
OUT PUINT SelectedMediumIndex,
IN PNDIS_MEDIUM MediumArray,
IN UINT MediumArraySize,
IN NDIS_HANDLE NdisProtocolHandle,
IN NDIS_HANDLE ProtocolBindingContext,
IN PNDIS_STRING AdapterName,
IN UINT OpenOptions,
IN PSTRING AddressingInformation OPTIONAL
)
{
XF_NdisOpenAdapter(
Status,
OpenErrorStatus,
NdisBindingHandle,
SelectedMediumIndex,
MediumArray,
MediumArraySize,
NdisProtocolHandle,
ProtocolBindingContext,
AdapterName,
OpenOptions,
AddressingInformation,
m_pVxdNdisOpenAdapter);
}
VOID NDIS_API
SYS_NdisOpenAdapter(
OUT PNDIS_STATUS Status,
OUT PNDIS_STATUS OpenErrorStatus,
OUT PNDIS_HANDLE NdisBindingHandle,
OUT PUINT SelectedMediumIndex,
IN PNDIS_MEDIUM MediumArray,
IN UINT MediumArraySize,
IN NDIS_HANDLE NdisProtocolHandle,
IN NDIS_HANDLE ProtocolBindingContext,
IN PNDIS_STRING AdapterName,
IN UINT OpenOptions,
IN PSTRING AddressingInformation OPTIONAL
)
{
XF_NdisOpenAdapter(
Status,
OpenErrorStatus,
NdisBindingHandle,
SelectedMediumIndex,
MediumArray,
MediumArraySize,
NdisProtocolHandle,
ProtocolBindingContext,
AdapterName,
OpenOptions,
AddressingInformation,
m_pSysNdisOpenAdapter);
}
VOID NDIS_API
VXD_NdisRequest(
OUT PNDIS_STATUS Status,
IN NDIS_HANDLE NdisBindingHandle,
IN PNDIS_REQUEST NdisRequest
)
{
XF_NdisRequest(
Status,
NdisBindingHandle,
NdisRequest,
m_pVxdNdisRequest);
}
VOID NDIS_API
SYS_NdisRequest(
OUT PNDIS_STATUS Status,
IN NDIS_HANDLE NdisBindingHandle,
IN PNDIS_REQUEST NdisRequest
)
{
XF_NdisRequest(
Status,
NdisBindingHandle,
NdisRequest,
m_pSysNdisRequest);
}
VOID NDIS_API
SYS_NdisSend(
PNDIS_STATUS Status,
NDIS_HANDLE NdisBindingHandle,
PNDIS_PACKET Packet
)
{
if(FilterSend(Packet))
{
*Status = NDIS_STATUS_SUCCESS;
return;
}
m_pSysNdisSend(Status, NdisBindingHandle, Packet);
}
VOID NDIS_API
VXD_NdisSend(
PNDIS_STATUS Status,
NDIS_HANDLE NdisBindingHandle,
PNDIS_PACKET Packet
)
{
if(FilterSend(Packet))
{
*Status = NDIS_STATUS_SUCCESS;
return;
}
m_pVxdNdisSend(Status, NdisBindingHandle, Packet);
}
//
// Hook所需函数For Windows ME
//
LRESULT CDECL XF_PELDR_AddExportTable(
PHPEEXPORTTABLE pht,
PSTR pszModuleName,
ULONG cExportedFunctions,
ULONG cExportedNames,
ULONG ulOrdinalBase,
PVOID *pExportNameList,
PUSHORT pExportOrdinals,
PVOID *pExportAddrs,
PHLIST phetl
)
{
if(strcmp(pszModuleName, "NDIS.SYS") == 0)
{
ULONG i;
for(i = 0; i < cExportedNames; ++i)
{
if(strcmp(pExportNameList[i], "NdisRegisterProtocol") == 0)
{
m_pSysNdisRegisterProtocol = pExportAddrs[i];
pExportAddrs[i] = &SYS_NdisRegisterProtocol;
}
if(strcmp(pExportNameList[i], "NdisOpenAdapter") == 0)
{
m_pSysNdisOpenAdapter = pExportAddrs[i];
pExportAddrs[i] = &SYS_NdisOpenAdapter;
}
if(strcmp(pExportNameList[i], "NdisRequest") == 0)
{
m_pSysNdisRequest = pExportAddrs[i];
pExportAddrs[i] = &SYS_NdisRequest;
}
if(strcmp(pExportNameList[i], "NdisSend") == 0)
{
m_pSysNdisSend = pExportAddrs[i];
pExportAddrs[i] = &SYS_NdisSend;
}
}
}
return m_pSystemAddExportTable(
pht,
pszModuleName,
cExportedFunctions,
cExportedNames,
ulOrdinalBase,
pExportNameList,
pExportOrdinals,
pExportAddrs,
phetl
);
}
NTSTATUS Hook_Ndis_Function()
{
if(IsWindowsMeEx())
{
m_pSystemAddExportTable = (PADD_EXPORT_TABLE)Hook_Device_Service_C(
___PELDR_AddExportTable,
XF_PELDR_AddExportTable,
&m_AddExportTableThunk);
}
// Hook NdisRegisterProtocol For Win95/98
m_pVxdNdisRegisterProtocol = (NDIS_REGISTER_PROTOCOL)Hook_Device_Service_C(
__NdisRegisterProtocol,
VXD_NdisRegisterProtocol,
&m_NdisRegisterProtocolThunk);
// Hook NdisOpenAdapter For Win95/98
m_pVxdNdisOpenAdapter = (NDIS_OPENADAPTER)Hook_Device_Service_C(
__NdisOpenAdapter,
VXD_NdisOpenAdapter,
&m_NdisOpenAdapterThunk);
m_pVxdNdisRequest = (NDIS_REQUEST_P)Hook_Device_Service_C(
__NdisRequest,
VXD_NdisRequest,
&m_NdisRequestThunk);
m_pVxdNdisSend = (NDIS_SEND)Hook_Device_Service_C(
__NdisSend,
VXD_NdisSend,
&m_NdisSendThunk);
return NDIS_STATUS_SUCCESS;
}
NTSTATUS Unhook_Ndis_Function()
{
Unhook_Device_Service_C(
__NdisRequest,
&m_NdisRequestThunk);
Unhook_Device_Service_C(
__NdisOpenAdapter,
&m_NdisOpenAdapterThunk);
Unhook_Device_Service_C(
__NdisRegisterProtocol,
&m_NdisRegisterProtocolThunk);
Unhook_Device_Service_C(
__NdisSend,
&m_NdisSendThunk);
if(IsWindowsMeEx())
{
Unhook_Device_Service_C(
___PELDR_AddExportTable
, &m_AddExportTableThunk);
}
return NDIS_STATUS_SUCCESS;
}
Declare_Virtual_Device(VDFLTIP)
DefineControlHandler(DEVICE_INIT, OnDeviceInit);
DefineControlHandler(INIT_COMPLETE, OnInitComplete);
DefineControlHandler(W32_DEVICEIOCONTROL, OnW32Deviceiocontrol);
DefineControlHandler(SYSTEM_EXIT, OnSystemExit);
//
// 设置激活的初始化事件函数
//
BOOL __cdecl ControlDispatcher(
DWORD dwControlMessage,
DWORD EBX,
DWORD EDX,
DWORD ESI,
DWORD EDI,
DWORD ECX
)
{
START_CONTROL_DISPATCH
ON_DEVICE_INIT(OnDeviceInit);
ON_INIT_COMPLETE(OnInitComplete);
ON_W32_DEVICEIOCONTROL(OnW32Deviceiocontrol);
ON_SYSTEM_EXIT(OnSystemExit);
END_CONTROL_DISPATCH
return TRUE;
}
//
// DeviceIoControl函数,为应用程序调用提供接口
//
DWORD OnW32Deviceiocontrol(PIOCTLPARAMS pVtoolsD)
{
switch (pVtoolsD->dioc_IOCtlCode)
{
case DIOC_OPEN:
case DIOC_CLOSEHANDLE:
return DEVIOCTL_NOERROR;
}
DevCtrl(pVtoolsD->dioc_IOCtlCode,pVtoolsD->dioc_InBuf,
pVtoolsD->dioc_OutBuf,&pVtoolsD->dioc_cbOutBuf);
// DevCtrl(pVtoolsD->dioc_IOCtlCode,pVtoolsD->dioc_InBuf,pVtoolsD->dioc_cbInBuf,
// pVtoolsD->dioc_OutBuf,pVtoolsD->dioc_cbOutBuf);
return NDIS_STATUS_SUCCESS;
}
//
// VXD 退出
//
VOID OnSystemExit(VMHANDLE hVM)
{
Unhook_Ndis_Function();
ExitFilter();
}
#include INIT_CODE_SEGMENT
//
// 驱动程序初始化
//
BOOL OnDeviceInit(VMHANDLE hVM, PCHAR CommandTail)
{
NTSTATUS nStatus;
InitFilter();
nStatus = Hook_Ndis_Function();
return TRUE;
}
//
// 初始化完成
//
BOOL OnInitComplete(VMHANDLE hVM, PCHAR CommandTail)
{
return TRUE;
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -