📄 hooked_fn.c
字号:
OUT PNDIS_STATUS OpenErrorStatus,
OUT PNDIS_HANDLE NdisBindingHandle,
OUT PUINT SelectedMediumIndex,
IN PNDIS_MEDIUM MediumArray,
IN UINT MediumArraySize,
IN NDIS_HANDLE NdisProtocolHandle,
IN NDIS_HANDLE ProtocolBindingContext,
IN PNDIS_STRING AdapterName,
IN UINT OpenOptions,
IN PSTRING AddressingInformation OPTIONAL)
{
struct PROTOCOL_CHARS *pchars = NULL;
KIRQL irql;
struct ADAPTER_PROTOCOL *adapter = NULL;
ULONG size;
UINT i;
NTSTATUS status;
// working at PASSIVE_LEVEL - can use UNICODE %S to output (see DbgPrint documentation)
KdPrint(("[ndis_hk] new_NdisOpenAdapter: %S (context = 0x%x)\n", AdapterName->Buffer,
ProtocolBindingContext));
__try {
/*
* search MeduimArray for NdisMedium802_3 or NdisMediumWan
*/
for (i = 0; i < MediumArraySize; i++) {
if (MediumArray[i] == NdisMedium802_3 || MediumArray[i] == NdisMediumWan)
break;
}
if (i >= MediumArraySize) {
// not found
KdPrint(("[ndis_hk] new_NdisOpenAdapter: unsupported medium for this adapter\n"));
// anyway call original handler
*Status = NDIS_STATUS_SUCCESS;
__leave;
}
// get pchars
pchars = (struct PROTOCOL_CHARS *)get_av(NdisProtocolHandle, PROTOCOL_TO_PCHARS, &irql);
if (pchars == NULL) {
KdPrint(("[ndis_hk] new_NdisOpenAdapter: get_av(PROTOCOL_TO_PCHARS)!\n"));
// This protocol is not for us. Call original handler but don't call our function.
*Status = NDIS_STATUS_SUCCESS;
__leave;
}
// allocate ADAPTER_PROTOCOL
size = sizeof(*adapter) + (wcslen(AdapterName->Buffer) + 1) * sizeof(wchar_t);
adapter = (struct ADAPTER_PROTOCOL *)malloc_np(size);
if (adapter == NULL) {
KdPrint(("[ndis_hk] new_NdisOpenAdapter: get_av(PROTOCOL_TO_PCHARS)!\n"));
*Status = NDIS_STATUS_RESOURCES;
__leave;
}
memset(adapter, 0, size);
// save copy of AdapterName
wcscpy(adapter->adapter_name, AdapterName->Buffer);
// save ProtocolBindingContext
adapter->ProtocolBindingContext = ProtocolBindingContext;
// link adapter with pchars
adapter->next = pchars->adapter;
pchars->adapter = adapter;
adapter->pchars = pchars;
if (MediumArraySize > 1) {
// save temporary pointers
adapter->pMediumArray = MediumArray;
adapter->pSelectedMediumIndex = SelectedMediumIndex;
} else {
// we have only one index and one chance to choose. do it now.
adapter->medium = MediumArray[0];
}
adapter->pNdisBindingHandle = NdisBindingHandle; // in completion we'll have NdisBindingHandler here
// that's all
*Status = NDIS_STATUS_SUCCESS;
} __except((*Status = GetExceptionCode(), EXCEPTION_EXECUTE_HANDLER)) {
KdPrint(("[ndis_hk] new_NdisOpenAdapter: exception 0x%x!\n", *Status));
}
// cleanup
if (pchars != NULL)
KeReleaseSpinLock(&g_av_hash_guard, irql);
if (*Status != NDIS_STATUS_SUCCESS)
return; // no need to call original handler - our errors
// call original handler
HOOKED_OLD_FN(NdisOpenAdapter)(Status, OpenErrorStatus, NdisBindingHandle,
SelectedMediumIndex, MediumArray, MediumArraySize, NdisProtocolHandle,
ProtocolBindingContext, AdapterName, OpenOptions, AddressingInformation);
KdPrint(("[ndis_hk] new_NdisOpenAdapter: 0x%x\n", *Status));
if (*Status == NDIS_STATUS_SUCCESS) {
/*
* support only 802.3 and Wan adapters
*/
if (MediumArray[*SelectedMediumIndex] == NdisMedium802_3 ||
MediumArray[*SelectedMediumIndex] == NdisMediumWan) {
/*
* a little magic: call completion with NDIS_STATUS_PENDING
* it means don't call original completion and return status to us
*/
if (pchars != NULL)
new_OpenAdapterCompleteHandler(pchars, ProtocolBindingContext, NDIS_STATUS_PENDING, 0);
// don't delete adapter
adapter = NULL;
}
} else if (*Status == NDIS_STATUS_PENDING) {
// don't delete adapter
adapter = NULL;
}
if (adapter != NULL) {
/* destroy created ADAPTER_PROTOCOL */
// unlink it from pchars
pchars = (struct PROTOCOL_CHARS *)get_av(NdisProtocolHandle, PROTOCOL_TO_PCHARS, &irql);
if (pchars != NULL) {
// find adapter by pointer
struct ADAPTER_PROTOCOL *a, *prev_a;
for (prev_a = NULL, a = pchars->adapter; a != NULL; a = a->next) {
if (a == adapter) {
if (prev_a == NULL)
pchars->adapter = adapter->next;
else
prev_a->next = adapter->next;
}
prev_a = a;
}
KeReleaseSpinLock(&g_av_hash_guard, irql);
}
// and free
free(adapter);
}
}
/**
* Hooked NdisCloseAdapter.
* Finds and frees ADAPTER_PROTOCOL by NdisBindingHandle
*/
VOID
new_NdisCloseAdapter(
OUT PNDIS_STATUS Status,
IN NDIS_HANDLE NdisBindingHandle)
{
struct ADAPTER_PROTOCOL *adapter, *a, *prev_a;
KIRQL irql;
struct PROTOCOL_CHARS *pchars;
__try {
// get adapter by NdisBindingHandle
adapter = get_av(NdisBindingHandle, BINDING_TO_ADAPTER, &irql);
if (adapter == NULL) {
KdPrint(("[ndis_hk] new_NdisCloseAdapter: get_av(BINDING_TO_ADAPTER)!\n"));
__leave;
}
// unlink it from pchars
pchars = adapter->pchars;
for (prev_a = NULL, a = pchars->adapter; a != NULL; a = a->next) {
if (a == adapter) {
if (prev_a == NULL)
pchars->adapter = adapter->next;
else
prev_a->next = adapter->next;
}
prev_a = a;
}
// delete adapter
del_av(NdisBindingHandle, BINDING_TO_ADAPTER, TRUE);
} __finally {
if (adapter != NULL)
KeReleaseSpinLock(&g_av_hash_guard, irql);
}
// call original handler
HOOKED_OLD_FN(NdisCloseAdapter)(Status, NdisBindingHandle);
}
/*
* --- NDIS functions from NDIS_PROTOCOL_CHARACTERISTICS ---
*/
/**
* Hooked OpenAdapterCompleteHandler from NDIS_PROTOCOL_CHARACTERISTICS.
* Function can be called using ASM stub in case of pending of NdisOpenAdapter or
* function can be called by hooked NdisOpenAdapter when NdisOpenAdapter returns NDIS_STATUS_SUCCESS.
* In last case Status == NDIS_STATUS_PENDING
*/
VOID
new_OpenAdapterCompleteHandler(
struct PROTOCOL_CHARS *pchars, /* added by ASM stub */
IN NDIS_HANDLE ProtocolBindingContext,
IN NDIS_STATUS Status,
IN NDIS_STATUS OpenErrorStatus)
{
struct ADAPTER_PROTOCOL *adapter;
_CHECK_PCHARS(pchars);
KdPrint(("[ndis_hk] new_OpenAdapterComplete: 0x%x (context = 0x%x)\n", Status,
ProtocolBindingContext));
__try {
if (Status != NDIS_STATUS_SUCCESS &&
Status != NDIS_STATUS_PENDING) // PENGING is a _magic_ value see above
__leave;
// get adapter
for (adapter = pchars->adapter; adapter != NULL; adapter = adapter->next) {
if (adapter->ProtocolBindingContext == ProtocolBindingContext)
break;
}
if (adapter == NULL) {
KdPrint(("[ndis_hk] new_OpenAdapterComplete: adapter not found\n"));
// This adapter is not for us.
__leave;
}
// save stuff from temporary storage & set temporary storage to zero
adapter->NdisBindingHandle = *(adapter->pNdisBindingHandle);
adapter->pNdisBindingHandle = NULL;
if (adapter->pMediumArray != NULL &&
adapter->pSelectedMediumIndex != NULL) {
adapter->medium = adapter->pMediumArray[*(adapter->pSelectedMediumIndex)];
adapter->pMediumArray = NULL;
adapter->pSelectedMediumIndex = NULL;
}
if (adapter->medium == NdisMedium802_3 || adapter->medium == NdisMediumWan) {
PNDIS_OPEN_BLOCK nob;
// assign adapter index
adapter->adapter_index = add_adapter(adapter->adapter_name);
if (adapter->adapter_index == 0) {
KdPrint(("[ndis_hk] new_OpenAdapterComplete: add_adapter!\n"));
// panic()?
}
// save mapping NdisBindingHandle -> struct ADAPTER_PROTOCOL
if (add_av(adapter->NdisBindingHandle, adapter, BINDING_TO_ADAPTER, FALSE) != STATUS_SUCCESS) {
KdPrint(("[ndis_hk] new_OpenAdapterComplete: add_av!\n"));
// panic()?
}
// can't use UNICODE %S to output (see DbgPrint documentation)
KdPrint(("[ndis_hk] new_OpenAdapterComplete: (index = %d)\n",
adapter->adapter_index));
// and now hook SendHandler & SendPacketsHandler in (PNDIS_OPEN_BLOCK)NdisBindingHandle
nob = (PNDIS_OPEN_BLOCK)adapter->NdisBindingHandle;
adapter->old_SendHandler = nob->SendHandler;
GENERATE_ASM_STUB(adapter, SendHandler);
nob->SendHandler = (SEND_HANDLER)adapter->asm_SendHandler;
KdPrint(("[ndis_hk] new_OpenAdapterCompleteHandler: SendHandler: old 0x%x new 0x%x\n",
adapter->old_SendHandler, adapter->asm_SendHandler));
if (PCHARS_OLD_CHARS(pchars)->MajorNdisVersion >= 4) {
adapter->old_SendPacketsHandler = nob->SendPacketsHandler;
GENERATE_ASM_STUB(adapter, SendPacketsHandler);
nob->SendPacketsHandler = (SEND_PACKETS_HANDLER)adapter->asm_SendPacketsHandler;
KdPrint(("[ndis_hk] new_OpenAdapterCompleteHandler: SendPacketsHandler: old 0x%x new 0x%x\n",
adapter->old_SendPacketsHandler, adapter->asm_SendPacketsHandler));
}
// and NdisTransferData too
adapter->old_TransferDataHandler = nob->TransferDataHandler;
GENERATE_ASM_STUB(adapter, TransferDataHandler);
nob->TransferDataHandler = (TRANSFER_DATA_HANDLER)adapter->asm_TransferDataHandler;
}
} __finally {
if (Status != NDIS_STATUS_PENDING) {
// call original handler anyway
PCHARS_OLD_CHARS(pchars)->OpenAdapterCompleteHandler(ProtocolBindingContext,
Status, OpenErrorStatus);
}
}
}
/**
* Hooked ReceiveHandler from NDIS_PROTOCOL_CHARACTERISTICS.
* Function is called when NDIS miniport adapter indicated incoming data using old scheme.
* If we get LookaheadBuffer smaller than PacketSize (for old PIO based network cards) we
* call original NdisTransferData manually to get the whole packet.
* We call original ReceiveHandler with our buffer as MacReceiveContext. If protocol driver want to
* call hooked NdisTransferData we extract data for him from this buffer.
*/
NDIS_STATUS
new_ReceiveHandler(
struct PROTOCOL_CHARS *pchars, /* added by ASM stub */
IN NDIS_HANDLE ProtocolBindingContext,
IN NDIS_HANDLE MacReceiveContext,
IN PVOID HeaderBuffer,
IN UINT HeaderBufferSize,
IN PVOID LookaheadBuffer,
IN UINT LookaheadBufferSize,
IN UINT PacketSize)
{
struct ADAPTER_PROTOCOL *adapter;
BOOLEAN result = FALSE;
NDIS_STATUS status;
PNDIS_PACKET packet = NULL;
PNDIS_BUFFER hdr_buffer = NULL, data_buffer = NULL;
void *buf = NULL;
ULONG bytes;
_CHECK_PCHARS(pchars);
__try {
// get adapter
for (adapter = pchars->adapter; adapter != NULL; adapter = adapter->next) {
if (adapter->ProtocolBindingContext == ProtocolBindingContext)
break;
}
if (adapter == NULL) {
KdPrint(("[ndis_hk] new_ReceiveHandler: adapter not found!\n"));
__leave;
}
// can't use UNICODE %S to output (see DbgPrint documentation)
KdPrint(("[ndis_hk] new_ReceiveHandler: (%d) hdr %u; look %u; pkt %u\n",
adapter->adapter_index,
HeaderBufferSize, LookaheadBufferSize, PacketSize));
if (LookaheadBufferSize == PacketSize) {
// already got the whole frame!
// prepare packet for filtering
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -