📄 tdiwrapper.c
字号:
pTdiDevice = IoGetRelatedDeviceObject(pfoConnection);
pIrp = TdiBuildInternalDeviceControlIrp(TDI_LISTEN, pTdiDevice, pfoConnection, &TdiCompleteEvent, &IoStatusBlock);
if(pIrp)
{
RtlZeroMemory(&remotenoderequest,sizeof(TDI_CONNECTION_INFORMATION));
remotenoderequest.Options=0;
remotenoderequest.OptionsLength=sizeof(ULONG);
TdiBuildListen(pIrp, pTdiDevice,pfoConnection, NULL, NULL,0,&remotenoderequest,NULL);
ntStatus = IoCallDriver(pTdiDevice, pIrp);
if(ntStatus == STATUS_PENDING)
{
KeWaitForSingleObject(&TdiCompleteEvent, Executive, KernelMode, FALSE, NULL);
ntStatus = IoStatusBlock.Status;
}
//DbgPrint("Done waiting:%x\n",ntStatus);
}
return ntStatus;
}
NTSTATUS TdiFuncs_Receive(PFILE_OBJECT pfoConnection, PVOID pBuffer, UINT uiReceiveLength, UINT *pDataReceived)
{
NTSTATUS ntStatus = STATUS_INSUFFICIENT_RESOURCES;
PIRP pIrp;
IO_STATUS_BLOCK IoStatusBlock = {0};
PDEVICE_OBJECT pTdiDevice;
PMDL pReceiveMdl;
KeInitializeEvent(&TdiListenCompleteEvent, NotificationEvent, FALSE);
pTdiDevice = IoGetRelatedDeviceObject(pfoConnection);
*pDataReceived = 0;
pReceiveMdl = IoAllocateMdl((PCHAR)pBuffer, uiReceiveLength, FALSE, FALSE, NULL);
if(pReceiveMdl)
{
__try {
MmProbeAndLockPages(pReceiveMdl, KernelMode, IoModifyAccess);
} __except (EXCEPTION_EXECUTE_HANDLER) {
IoFreeMdl(pReceiveMdl);
pReceiveMdl = NULL;
};
if(pReceiveMdl)
{
pIrp = TdiBuildInternalDeviceControlIrp(TDI_RECEIVE, pTdiDevice, pfoConnection, &TdiListenCompleteEvent, &IoStatusBlock);
if(pIrp)
{
TdiBuildReceive(pIrp, pTdiDevice, pfoConnection, NULL, NULL, pReceiveMdl, TDI_RECEIVE_NORMAL , uiReceiveLength);
ntStatus = IoCallDriver(pTdiDevice, pIrp);
if(ntStatus == STATUS_PENDING)
KeWaitForSingleObject(&TdiListenCompleteEvent, Executive, KernelMode, FALSE, NULL);
ntStatus = IoStatusBlock.Status;
*pDataReceived = (UINT)IoStatusBlock.Information;
}
}
}
return ntStatus;
}
NTSTATUS TdiFuncs_Send(PFILE_OBJECT pfoConnection, PVOID pData, UINT uiSendLength, UINT *pDataSent)
{
NTSTATUS ntStatus = STATUS_INSUFFICIENT_RESOURCES;
PIRP pIrp;
IO_STATUS_BLOCK IoStatusBlock = {0};
PDEVICE_OBJECT pTdiDevice;
PMDL pSendMdl;
KEVENT TdiCompleteEvent;
KeInitializeEvent(&TdiCompleteEvent, NotificationEvent, FALSE);
pTdiDevice = IoGetRelatedDeviceObject(pfoConnection);
*pDataSent = 0;
pSendMdl = IoAllocateMdl((PCHAR )pData, uiSendLength, FALSE, FALSE, NULL);
if(pSendMdl)
{
__try
{
MmProbeAndLockPages(pSendMdl, KernelMode, IoModifyAccess);
}
__except (EXCEPTION_EXECUTE_HANDLER)
{
IoFreeMdl(pSendMdl);
pSendMdl = NULL;
};
if(pSendMdl)
{
pIrp = TdiBuildInternalDeviceControlIrp(TDI_SEND, pTdiDevice, pfoConnection, &TdiCompleteEvent, &IoStatusBlock);
if(pIrp)
{
TdiBuildSend(pIrp, pTdiDevice, pfoConnection, NULL, NULL, pSendMdl, 0, uiSendLength);
ntStatus = IoCallDriver(pTdiDevice, pIrp);
if(ntStatus == STATUS_PENDING)
KeWaitForSingleObject(&TdiCompleteEvent, Executive, KernelMode, FALSE, NULL);
ntStatus = IoStatusBlock.Status;
*pDataSent = (UINT)IoStatusBlock.Information;
}
}
}
return ntStatus;
}
NTSTATUS ClientEventDisconnect(PVOID TdiEventContext, CONNECTION_CONTEXT ConnectionContext, IN LONG DisconnectDataLength, IN PVOID DisconnectData, IN LONG DisconnectInformationLength, IN PVOID DisconnectInformation, IN ULONG DisconnectFlags)
{
//DbgPrint("Disconnect\n");
connected=FALSE;
KeSetEvent(&TdiListenCompleteEvent,0,FALSE);
return STATUS_SUCCESS;
}
void InitServer(void)
{
NTSTATUS ntStatus;
TdiHandleTransport=NULL;
FileObjectTransport=NULL;
KeInitializeSpinLock(&SendLock);
ntStatus=TdiFuncs_OpenTransportAddress(&TdiHandleTransport,&FileObjectTransport);
if (NT_SUCCESS(ntStatus))
{
TdiHandleConnection=NULL;
FileObjectConnection=NULL;
ntStatus=TdiFuncs_OpenConnection(&TdiHandleConnection,&FileObjectConnection);
if (NT_SUCCESS(ntStatus))
{
//DbgPrint("OpenConnection successful\n");
ntStatus=TdiFuncs_AssociateTransportAndConnection(TdiHandleTransport,FileObjectConnection);
if (NT_SUCCESS(ntStatus))
{
//DbgPrint("AssociateTransportAndConnection successfull:%d\n",KeGetCurrentIrql());
ntStatus=TdiFuncs_SetEventHandler(FileObjectTransport,TDI_EVENT_DISCONNECT,ClientEventDisconnect,NULL);
if (NT_SUCCESS(ntStatus))
//DbgPrint("Registered Disconnect Event\n");
}
else
//DbgPrint("AssociateTransportAndConnection failed!\n");
}
else
//DbgPrint("OpenConnection Failed\n");
}
//DbgPrint("Exit InitServer\n");
return;
}
BOOLEAN Listen()
{
connected=NT_SUCCESS(TdiFuncs_Listen(FileObjectConnection));
return connected;
}
BOOLEAN Send(PVOID Buffer,ULONG size)
{
//only call with paged memory, do not point directly to a address in the memory of a process
ULONG DataSent=0,DataSent2=0;
PCHAR b=Buffer;
NTSTATUS ntStatus;
if ((ULONG)Buffer<0x80000000)
return FALSE;
ntStatus=STATUS_SUCCESS;
if (!connected) return FALSE;
ntStatus=ZwWaitForSingleObject(SendEvent,FALSE,NULL);
//DbgPrint("ZwWaitForSingleObject:ntStatus=%x\n",ntStatus);
if (NT_SUCCESS(ntStatus))
{
__try
{
__try
{
if (!connected) return FALSE;
while ((connected) && (NT_SUCCESS(ntStatus)) && (DataSent<size))
{
ntStatus=TdiFuncs_Send(FileObjectConnection,&b[DataSent],size-DataSent,&DataSent2);
DataSent+=DataSent2;
}
}
__finally
{
ntStatus=ZwSetEvent(SendEvent,NULL);
//DbgPrint("ZwSetEvent:ntStatus=%x\n",ntStatus);
if (!NT_SUCCESS(ntStatus))
//DbgPrint("Failed to Set Event\n");
}
}
__except(1)
{
return FALSE;
}
}
else
{
//DbgPrint("Failed to wait\n");
return FALSE;
}
if (!connected) return FALSE;
return (NT_SUCCESS(ntStatus) && connected);
}
BOOLEAN Receive(PVOID Buffer,ULONG size)
{
ULONG DataReceived=0,DataReceived2=0;
NTSTATUS ntStatus;
PCHAR b=Buffer;
ntStatus=STATUS_SUCCESS;
while ((connected) && (NT_SUCCESS(ntStatus)) && (DataReceived<size))
{
ntStatus=TdiFuncs_Receive(FileObjectConnection,&b[DataReceived],size-DataReceived,&DataReceived2);
DataReceived+=DataReceived2;
}
if (!connected) return FALSE;
return NT_SUCCESS(ntStatus);
}
BOOLEAN Disconnect()
{
NTSTATUS ntStatus;
ntStatus=TdiFuncs_Disconnect(FileObjectConnection);
//if NT_SUCCESS(ntStatus)
connected=FALSE;
return NT_SUCCESS(ntStatus);
}
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -