NDIS Driver
In C:\driver2
b.bat
del c:\winnt\system32\drivers\npf.sys
del *.obj
del *.res
del *.sys
cl -nologo -Ii386\ -I. -IC:\WINDDK\2600~1.110\inc\mfc42 -I..\..\common -Iobjchk_wxp_x86\i386 -IC:\WINDDK\2600~1.110\inc\wxp -IC:\WINDDK\2600~1.110\inc\wxp -IC:\WINDDK\2600~1.110\inc\ddk\wxp -IC:\WINDDK\2600~1.110\inc\ddk\wdm\wxp -IC:\WINDDK\2600~1.110\inc\crt -D_X86_=1 -Di386=1 -DSTD_CALL -DCONDITION_HANDLING=1 -DNT_INST=0 -DWIN32=100 -D_NT1X_=100 -DWINNT=1 -D_WIN32_WINNT=0x0501 /DWINVER=0x0501 -D_WIN32_IE=0x0600 -DWIN32_LEAN_AND_MEAN=1 -DDBG=1 -DDEVL=1 -D__BUILDMACHINE__=WinDDK -DFPO=0 -DNDEBUG -D_DLL=1 -DNDIS50 -DWIN_NT_DRIVER -DWIN32_EXT -DKQPC_TS /c /Zel /Zp8 /Gy -cbstring /W3 /WX /Gz /QIfdiv- /QIf /G6 /Gi- /Gm- /GX- /GR- /GF -Z7 /Od /Oi /Oy- -FIC:\WINDDK\2600~1.110\inc\wxp\warning.h r.c
link -out:npf.sys -machine:ix86 -MERGE:_PAGE=PAGE -MERGE:_TEXT=.text -SECTION:INIT,d -OPT:REF -OPT:ICF -IGNORE:4010,4037,4039,4065,4070,4078,4087,4089,4198,4221 -INCREMENTAL:NO -FULLBUILD /release -NODEFAULTLIB /WX -debug:FULL -debugtype:cv -version:5.1 -osversion:5.1 /opt:nowin98 -STACK:0x40000,0x1000 -driver -base:0x10000 -align:0x80 -subsystem:native,5.01 -entry:DriverEntry@8 -out:npf.sys r.obj C:\WINDDK\2600~1.110\lib\wxp\i386\ntoskrnl.lib C:\WINDDK\2600~1.110\lib\wxp\i386\hal.lib C:\WINDDK\2600~1.110\lib\wxp\i386\wmilib.lib C:\WINDDK\2600~1.110\lib\wxp\i386\ndis.lib
copy npf.sys c:\winnt\system32\drivers\
r.c
#include <ntddk.h>
#include <ndis.h>
NDIS_MEDIUM MediumArray[] = { NdisMedium802_3 };
NDIS_HANDLE NdisProtocolHandle,AdapterHandle;
NDIS_PROTOCOL_CHARACTERISTICS pchar;
NTSTATUS Status;
PDEVICE_OBJECT devObjP;
UNICODE_STRING deviceName,deviceSymLink,pname,a;
PIRP Irp1;
UINT Medium,MaxFrameSize,i=32;
NDIS_REQUEST Request;
NTSTATUS NPF_Open(PDEVICE_OBJECT DeviceObject,PIRP Irp)
{
Irp1 = Irp;
IoMarkIrpPending(Irp);
RtlInitUnicodeString(&a, L"\\Device\\{4CF02894-1CD0-420D-B69B-36983F508F1C}");
NdisOpenAdapter(&Status,&Status,&AdapterHandle,&Medium,MediumArray,1,NdisProtocolHandle,0,&a,0,0);
DbgPrint("NPF_Open Status=%d %d",Status,STATUS_PENDING);
return(STATUS_PENDING);
}
VOID NPF_OpenAdapterComplete(NDIS_HANDLE ProtocolBindingContext,NDIS_STATUS Status,NDIS_STATUS OpenErrorStatus)
{
Request.RequestType = NdisRequestQueryInformation;
Request.DATA.QUERY_INFORMATION.Oid = OID_GEN_MAXIMUM_TOTAL_SIZE;
Request.DATA.QUERY_INFORMATION.InformationBuffer = &MaxFrameSize;
Request.DATA.QUERY_INFORMATION.InformationBufferLength = 4;
NdisRequest(&Status,AdapterHandle,&Request);
Request.RequestType=NdisRequestSetInformation;
Request.DATA.SET_INFORMATION.Oid=OID_GEN_CURRENT_PACKET_FILTER;
Request.DATA.SET_INFORMATION.InformationBuffer=&i;
Request.DATA.SET_INFORMATION.InformationBufferLength=4;
NdisRequest(&Status,AdapterHandle,&Request);
DbgPrint("NPF_OpenAdapterComplete MaxFrameSize=%d i=%d",MaxFrameSize,i);
return;
}
VOID NPF_RequestComplete(NDIS_HANDLE ProtocolBindingContext,PNDIS_REQUEST NdisRequest,NDIS_STATUS Status)
{
DbgPrint("NPF_RequestComplete");
IoCompleteRequest(Irp1, IO_NO_INCREMENT);
return;
}
NTSTATUS NPF_IoControl(PDEVICE_OBJECT DeviceObject,PIRP Irp)
{
DbgPrint("NPF_IoControl");
return STATUS_SUCCESS;
}
NDIS_STATUS NPF_tap (NDIS_HANDLE ProtocolBindingContext,NDIS_HANDLE MacReceiveContext,PVOID HeaderBuffer,UINT HeaderBufferSize,PVOID LookaheadBuffer,UINT LookaheadBufferSize,UINT PacketSize)
{
unsigned char *p;
p = HeaderBuffer;
DbgPrint("%02x:%02x:%02x:%02x:%02x:%02x --> %02x:%02x:%02x:%02x:%02x:%02x Type:%02x%02x\n",p[6],p[7],p[8],p[9],p[10],p[11],p[0],p[1],p[2],p[3],p[4],p[5],p[12],p[13]);
DbgPrint("%02x %d.%d.%d.%d --> %d.%d.%d.%d Len=%d\n",p[14],p[26],p[27],p[28],p[29],p[30],p[31],p[32],p[33],p[16]*256+p[17]);
return NDIS_STATUS_NOT_ACCEPTED;
}
VOID NPF_ReceiveComplete(NDIS_HANDLE ProtocolBindingContext)
{
DbgPrint("NPF_ReceiveComplete");
return;
}
NTSTATUS DriverEntry(PDRIVER_OBJECT DriverObject,PUNICODE_STRING RegistryPath)
{
DbgPrint("Vijay Mukhi2");
RtlInitUnicodeString(&pname, L"PacketDriver");
pchar.MajorNdisVersion = 3;
pchar.OpenAdapterCompleteHandler = NPF_OpenAdapterComplete;
pchar.RequestCompleteHandler = NPF_RequestComplete;
pchar.ReceiveHandler = NPF_tap;
pchar.ReceiveCompleteHandler = NPF_ReceiveComplete;
pchar.Name = pname;
NdisRegisterProtocol(&Status,&NdisProtocolHandle,&pchar,sizeof(pchar));
DriverObject->MajorFunction[IRP_MJ_CREATE] = NPF_Open;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = NPF_IoControl;
RtlInitUnicodeString(&deviceName, L"\\Device\\NPF_{4CF02894-1CD0-420D-B69B-36983F508F1C}");
RtlInitUnicodeString(&deviceSymLink, L"\\DosDevices\\NPF_{4CF02894-1CD0-420D-B69B-36983F508F1C}");
IoCreateDevice(DriverObject, 0,&deviceName, FILE_DEVICE_TRANSPORT,0 , FALSE,&devObjP);
IoCreateSymbolicLink(&deviceSymLink,&deviceName);
return STATUS_SUCCESS;
}
z.bat
del y.exe
cl y.c advapi32.lib
y
ping 70.0.0.2
y.c
#include <windows.h>
HANDLE hFile;
SC_HANDLE svcHandle,srvHandle,scmHandle;
ULONG BytesReturned;
main()
{
scmHandle = OpenSCManager(NULL, NULL, SC_MANAGER_ALL_ACCESS);
svcHandle = CreateService(scmHandle,"NPF","Vijay",SERVICE_ALL_ACCESS,SERVICE_KERNEL_DRIVER,SERVICE_DEMAND_START,SERVICE_ERROR_NORMAL,"C:\\winnt\\system32\\drivers\\npf.sys",NULL, NULL, NULL, NULL, NULL);
srvHandle = OpenService(scmHandle, "NPF", SERVICE_START);
StartService(srvHandle, 0, NULL);
hFile=CreateFile("\\\\.\\Global\\NPF_{4CF02894-1CD0-420D-B69B-36983F508F1C}",GENERIC_WRITE | GENERIC_READ,0,NULL,OPEN_EXISTING,0,0);
printf("lpAdapter->hFile=%x\n",hFile);
DeviceIoControl(hFile,(DWORD)4,0,0,0,0,&BytesReturned,0);
}
Vijay Mukhi2
NPF_Open Status=259 259
NPF_RequestComplete
NPF_IoControl
NPF_RequestComplete
NPF_OpenAdapterComplete MaxFrameSize=1514 i=32
00:00:e8:df:a4:66 --> 00:00:e8:d7:5e:7c Type:0800
45 70.0.0.10 --> 70.0.0.2 Len=60
NPF_ReceiveComplete
00:00:e8:d7:5e:7c --> 00:00:e8:df:a4:66 Type:0800
45 70.0.0.2 --> 70.0.0.10 Len=60
NPF_ReceiveComplete
00:00:e8:df:a4:66 --> 00:00:e8:d7:5e:7c Type:0800
45 70.0.0.10 --> 70.0.0.2 Len=60
NPF_ReceiveComplete
00:00:e8:d7:5e:7c --> 00:00:e8:df:a4:66 Type:0800
45 70.0.0.2 --> 70.0.0.10 Len=60
NPF_ReceiveComplete
00:00:e8:df:a4:66 --> 00:00:e8:d7:5e:7c Type:0800
45 70.0.0.10 --> 70.0.0.2 Len=60
NPF_ReceiveComplete
00:00:e8:d7:5e:7c --> 00:00:e8:df:a4:66 Type:0800
45 70.0.0.2 --> 70.0.0.10 Len=60
NPF_ReceiveComplete
00:00:e8:df:a4:66 --> 00:00:e8:d7:5e:7c Type:0800
45 70.0.0.10 --> 70.0.0.2 Len=60
NPF_ReceiveComplete
00:00:e8:d7:5e:7c --> 00:00:e8:df:a4:66 Type:0800
45 70.0.0.2 --> 70.0.0.10 Len=60
NPF_ReceiveComplete