📄 filterrtns.cod
字号:
; 97 : { // Use storage on the stack.
; 98 : ulUsed = szLclStorage;
001a2 c7 45 f4 00 01
00 00 mov DWORD PTR _ulUsed$[ebp], 256 ; 00000100H
; 99 : pAddrArr = (PPassthruIPAddrArray)&lclIPArray;
001a9 8d 8d f0 fe ff
ff lea ecx, DWORD PTR _$S1$[ebp]
001af 89 4d f8 mov DWORD PTR _pAddrArr$[ebp], ecx
; 100 : }
; 101 : else
001b2 eb 61 jmp SHORT $L15909
$L15907:
; 102 : { // Use dynamically obtained storage.
; 103 : ulUsed *= 2; // Double size from first iteration or size previously indicated as needed.
001b4 8b 55 f4 mov edx, DWORD PTR _ulUsed$[ebp]
001b7 d1 e2 shl edx, 1
001b9 89 55 f4 mov DWORD PTR _ulUsed$[ebp], edx
; 104 :
; 105 : status = // Get working storage.
; 106 : NdisAllocateMemoryWithTag((PVOID*)&pAddrArr, ulUsed, TAG);
001bc 68 61 50 6d 49 push 1231900769 ; 496d5061H
001c1 8b 45 f4 mov eax, DWORD PTR _ulUsed$[ebp]
001c4 50 push eax
001c5 8d 4d f8 lea ecx, DWORD PTR _pAddrArr$[ebp]
001c8 51 push ecx
001c9 ff 15 00 00 00
00 call DWORD PTR __imp__NdisAllocateMemoryWithTag@12
001cf 89 85 d4 f8 ff
ff mov DWORD PTR _status$[ebp], eax
; 107 :
; 108 : if (NDIS_STATUS_FAILURE==status) // A problem?
001d5 81 bd d4 f8 ff
ff 01 00 00 c0 cmp DWORD PTR _status$[ebp], -1073741823 ; c0000001H
001df 75 2d jne SHORT $L15913
; 109 : {
; 110 : DBGPRINT(("FilterPacket(): Failed to get memory for IP address array for adapter at 0x%08x!\n", pAdapt));
001e1 68 00 00 00 00 push OFFSET FLAT:$SG15914
001e6 e8 00 00 00 00 call _DbgPrint
001eb 83 c4 04 add esp, 4
001ee 8b 55 08 mov edx, DWORD PTR _pAdapt$[ebp]
001f1 52 push edx
001f2 68 00 00 00 00 push OFFSET FLAT:$SG15915
001f7 e8 00 00 00 00 call _DbgPrint
001fc 83 c4 08 add esp, 8
; 111 : status = NDIS_STATUS_RESOURCES;
001ff c7 85 d4 f8 ff
ff 9a 00 00 c0 mov DWORD PTR _status$[ebp], -1073741670 ; c000009aH
; 112 : goto done;
00209 e9 1e 01 00 00 jmp $done$15918
$L15913:
; 113 : }
; 114 :
; 115 : bGotStorage = TRUE; // Remember got working storage.
0020e c6 85 ef f8 ff
ff 01 mov BYTE PTR _bGotStorage$[ebp], 1
$L15909:
; 116 : }
; 117 :
; 118 : status = PassthruWMIGetAddrArray( // (Try to) get copy of IP-address array.
; 119 : pAdapt,
; 120 : &ulUsed, // Variable with size of provided area. Will be updated with size actually used or size needed.
; 121 : pAddrArr // Area to receive IP-address array structure.
; 122 : );
00215 8b 45 f8 mov eax, DWORD PTR _pAddrArr$[ebp]
00218 50 push eax
00219 8d 4d f4 lea ecx, DWORD PTR _ulUsed$[ebp]
0021c 51 push ecx
0021d 8b 55 08 mov edx, DWORD PTR _pAdapt$[ebp]
00220 52 push edx
00221 e8 00 00 00 00 call _PassthruWMIGetAddrArray@12
00226 89 85 d4 f8 ff
ff mov DWORD PTR _status$[ebp], eax
; 123 :
; 124 : if (NDIS_STATUS_SUCCESS==status) // Success?
0022c 83 bd d4 f8 ff
ff 00 cmp DWORD PTR _status$[ebp], 0
00233 75 02 jne SHORT $L15922
; 125 : break; // Leave 'for' group.
00235 eb 66 jmp SHORT $L15906
$L15922:
; 126 :
; 127 : if (i+1==LoopLim) // At loop limit?
00237 8b 85 ec fe ff
ff mov eax, DWORD PTR _i$[ebp]
0023d 83 c0 01 add eax, 1
00240 83 f8 05 cmp eax, 5
00243 75 30 jne SHORT $L15923
; 128 : {
; 129 : DBGPRINT(("FilterPacket(): Failed to get array last time, status 0x%08x!\n", status));
00245 68 00 00 00 00 push OFFSET FLAT:$SG15924
0024a e8 00 00 00 00 call _DbgPrint
0024f 83 c4 04 add esp, 4
00252 8b 8d d4 f8 ff
ff mov ecx, DWORD PTR _status$[ebp]
00258 51 push ecx
00259 68 00 00 00 00 push OFFSET FLAT:$SG15925
0025e e8 00 00 00 00 call _DbgPrint
00263 83 c4 08 add esp, 8
; 130 : status = NDIS_STATUS_FAILURE;
00266 c7 85 d4 f8 ff
ff 01 00 00 c0 mov DWORD PTR _status$[ebp], -1073741823 ; c0000001H
; 131 : goto done;
00270 e9 b7 00 00 00 jmp $done$15918
$L15923:
; 132 : }
; 133 :
; 134 : if (TRUE==bGotStorage) // Got working storage?
00275 0f b6 95 ef f8
ff ff movzx edx, BYTE PTR _bGotStorage$[ebp]
0027c 83 fa 01 cmp edx, 1
0027f 75 17 jne SHORT $L15929
; 135 : {
; 136 : NdisFreeMemory(pAddrArr, ulUsed, 0);
00281 6a 00 push 0
00283 8b 45 f4 mov eax, DWORD PTR _ulUsed$[ebp]
00286 50 push eax
00287 8b 4d f8 mov ecx, DWORD PTR _pAddrArr$[ebp]
0028a 51 push ecx
0028b ff 15 00 00 00
00 call DWORD PTR __imp__NdisFreeMemory@12
; 137 : bGotStorage = FALSE;
00291 c6 85 ef f8 ff
ff 00 mov BYTE PTR _bGotStorage$[ebp], 0
$L15929:
; 138 : }
; 139 : } // End 'for' try to get current IP-address array.
00298 e9 e0 fe ff ff jmp $L15905
$L15906:
; 140 :
; 141 : // PUCHAR pC = (PUCHAR)&IPAddr;
; 142 : // DBGPRINT(("FilterPacket(): IP address = %d.%d.%d.%d\n", *pC, *(pC+1), *(pC+2), *(pC+3)));
; 143 : // DumpMem((char*)PayloadCopy, ulOrigPayload>=64 ? 64: ulOrigPayload, FALSE, 1);
; 144 :
; 145 : for ( // Go through the IP addresses in a binary search.
; 146 : lowIdx = 0,
; 147 : highIdx = pAddrArr->NumberElements - 1;
0029d c7 45 fc 00 00
00 00 mov DWORD PTR _lowIdx$[ebp], 0
002a4 8b 55 f8 mov edx, DWORD PTR _pAddrArr$[ebp]
002a7 8b 02 mov eax, DWORD PTR [edx]
002a9 83 e8 01 sub eax, 1
002ac 89 85 e8 fe ff
ff mov DWORD PTR _highIdx$[ebp], eax
$L15931:
; 148 : lowIdx <= highIdx;
; 149 : /* No iteration action. */
; 150 : )
002b2 8b 4d fc mov ecx, DWORD PTR _lowIdx$[ebp]
002b5 3b 8d e8 fe ff
ff cmp ecx, DWORD PTR _highIdx$[ebp]
002bb 7f 65 jg SHORT $L15891
; 151 : {
; 152 : midPt = (lowIdx + highIdx)/2; // Calculate mid-point.
002bd 8b 45 fc mov eax, DWORD PTR _lowIdx$[ebp]
002c0 03 85 e8 fe ff
ff add eax, DWORD PTR _highIdx$[ebp]
002c6 99 cdq
002c7 2b c2 sub eax, edx
002c9 d1 f8 sar eax, 1
002cb 89 85 d8 f8 ff
ff mov DWORD PTR _midPt$[ebp], eax
; 153 :
; 154 : if (IPAddr==pAddrArr->IPAddrArray[midPt]) // A hit?
002d1 8b 95 d8 f8 ff
ff mov edx, DWORD PTR _midPt$[ebp]
002d7 8b 45 f8 mov eax, DWORD PTR _pAddrArr$[ebp]
002da 8b 8d dc f8 ff
ff mov ecx, DWORD PTR _IPAddr$[ebp]
002e0 3b 4c 90 04 cmp ecx, DWORD PTR [eax+edx*4+4]
002e4 75 08 jne SHORT $L15933
; 155 : {
; 156 : *pBDecision = TRUE; // Indicate packet to be dropped.
002e6 8b 55 18 mov edx, DWORD PTR _pBDecision$[ebp]
002e9 c6 02 01 mov BYTE PTR [edx], 1
; 157 : break;
002ec eb 34 jmp SHORT $L15891
$L15933:
; 158 : }
; 159 :
; 160 : if (IPAddr<pAddrArr->IPAddrArray[midPt]) // Is the target less than the mid-point?
002ee 8b 85 d8 f8 ff
ff mov eax, DWORD PTR _midPt$[ebp]
002f4 8b 4d f8 mov ecx, DWORD PTR _pAddrArr$[ebp]
002f7 8b 95 dc f8 ff
ff mov edx, DWORD PTR _IPAddr$[ebp]
002fd 3b 54 81 04 cmp edx, DWORD PTR [ecx+eax*4+4]
00301 73 11 jae SHORT $L15934
; 161 : highIdx = midPt - 1; // Yes, adjust "right boundary."
00303 8b 85 d8 f8 ff
ff mov eax, DWORD PTR _midPt$[ebp]
00309 83 e8 01 sub eax, 1
0030c 89 85 e8 fe ff
ff mov DWORD PTR _highIdx$[ebp], eax
; 162 : else
00312 eb 0c jmp SHORT $L15935
$L15934:
; 163 : lowIdx = midPt + 1; // No, adjust "left boundary."
00314 8b 8d d8 f8 ff
ff mov ecx, DWORD PTR _midPt$[ebp]
0031a 83 c1 01 add ecx, 1
0031d 89 4d fc mov DWORD PTR _lowIdx$[ebp], ecx
$L15935:
; 164 : } // End 'for' binary search.
00320 eb 90 jmp SHORT $L15931
$L15891:
; 165 : } while(0); // End big 'do' group.
00322 33 d2 xor edx, edx
00324 85 d2 test edx, edx
00326 0f 85 b0 fd ff
ff jne $L15890
$done$15918:
; 166 :
; 167 : done:
; 168 : if (TRUE==bGotStorage) // Got working storage?
0032c 0f b6 85 ef f8
ff ff movzx eax, BYTE PTR _bGotStorage$[ebp]
00333 83 f8 01 cmp eax, 1
00336 75 10 jne SHORT $L15936
; 169 : NdisFreeMemory(pAddrArr, ulUsed, 0);
00338 6a 00 push 0
0033a 8b 4d f4 mov ecx, DWORD PTR _ulUsed$[ebp]
0033d 51 push ecx
0033e 8b 55 f8 mov edx, DWORD PTR _pAddrArr$[ebp]
00341 52 push edx
00342 ff 15 00 00 00
00 call DWORD PTR __imp__NdisFreeMemory@12
$L15936:
; 170 :
; 171 : return status;
00348 8b 85 d4 f8 ff
ff mov eax, DWORD PTR _status$[ebp]
; 172 : }
0034e 5f pop edi
0034f 5e pop esi
00350 8b e5 mov esp, ebp
00352 5d pop ebp
00353 c2 14 00 ret 20 ; 00000014H
_FilterPacket@20 ENDP
_TEXT ENDS
END
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -