method needs to write the driver at the core layer of the system, which requires the writer to be familiar with the working mechanism of the core layer of Windows operation, and the driver is very high in code quality, which can cause the system to crash with a slight carelessness, b) win2kfilter-hookdriver. This is a driver from the Windows2000 system, which is
Han o Sinox not only executes Windows applications through wine. Windows drivers can also be executed through NDISHan o sinox using the Windows NDIS driverThe detailed implementation method is to convert the Windows driver sys driver into a kernel module KO file with Ndisgen. Then let the system load the KO module to be able to use. The
Question:[Original] differences between NDIS intermediate layer driver development in win7 and Windows XPAuthor:TianhzTime:2011-07-21,14: 58: 04Link:Http://bbs.pediy.com/showthread.php? T = 137545
Network Data is composed of packets sent and received over the network. NDIS provides data structures to describe them. NDIS6.0 provides the following data structu
This problem is a classic problem for most people who learn the intermediate NDIS layer.
When asked on the Forum, others will only tell you the approximate method and steps. Here we post the specific code, hoping to help the buddies who study the NDIS middle layer:
Ndis_statusMysendpacket (Ndis_handle ndisbindinghandle,Ndis_handle ndissendpacketpool,Pvoid pbuffer,Ulong dwbufferlength){Ndis_status status;Pnd
I wanted to publish a blog post on the official website today, but I didn't expect it to be saved. I don't dare to close it when I open the word.
The following areArticleBut it can reflect the entire process of thinking. About NDIS driver structure
the top layer is an NDIS protocol driver, which provides a Tra
Han o Sinox not only can run Windows applications through wine, but also run Windows drivers through NDISHan o sinox using the Windows NDIS driverThe implementation method is to use Ndisgen to convert the Windows driver sys driver into a kernel module KO file, and then let the system load into the KO module can be used. The N
{F0AFC092-E841-48DF-909F-78146070f5d3}, but this registry entry is not available in some systems, so thisThe method is not universal.
Method 2: Use the Registry to traverse the subkeys under HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Enum \ PCI.Level 2, suchHKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Enum \ PCI \ ven_10de dev_0be4 subsys_00000000 rev_a1 \ 4 2f49a5f6 0 0108.Obtains the classguid of the current device. If the classguid is {4d36e972-e325-11ce-bfc1-08002be10318},
{F0AFC092-E841-48DF-909F-78146070f5d3}, but this registry entry is not available in some systems, so thisThe method is not universal.
Method 2: Use the Registry to traverse the subkeys under HKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Enum \ PCI.Level 2, suchHKEY_LOCAL_MACHINE \ SYSTEM \ CurrentControlSet \ Enum \ PCI \ ven_10de dev_0be4 subsys_00000000 rev_a1 \ 4 2f49a5f6 0 0108.Obtains the classguid of the current device. If the classguid is {4d36e972-e325-11ce-bfc1-08002be10318},
\\currentversion\\networkcards, for example { F0AFC092-E841-48DF-909F-78146070F5D3}, but there is no such registry key in some systems, so this method is not universal. Method 2: Or through the registry, first traverse the sub-keys under HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\ENUM\PCI, when traversing to the second level, such as hkey_local_machine\ System\currentcontrolset\enum\pci\ven_10dedev_0be4subsys_00000000rev_a1\42f49a5f60 0108. Gets the current device's classguid, if Classgu
NDIS is short for Network Driver Interface Specification. The main purpose of NDIS is
Is to develop a standard API for NIC (network interface card, Netwok interface cards. Mac
(Media Access Controller) the device driver encapsulates all Nic hardware.
In this way, all NICs using the same media can be accessed through
Email: flashsky@xfocus.org
Site: http://www.xfocus.net www.shopsky.com/
In normal Windows 2000, the main method to implement package filtering is to write the NDIS filter driver, which requires a high skill and requires a lot of details. However, for many applications, you only need to be able to more easily filter IP packets. In fact, NDIS provides a write filt
Due to communication problems in the project, prepare a tool that can simulate packet loss for troubleshooting and make up for the network knowledge. At the beginning, I thought that the SPI technology could be used to solve the problem. Later I realized that packet loss and so on must be completed under the protocol layer. For the protocol layer, I wanted to publish a complete article after it was done.ArticleThe result shows that the difficulty is a little higher than expected. There is no way
){Base = P [I]. base;
Break;}}
Exfreepool (Q );Return base;}
The following is a function to obtain the ndis_protocol_block pointer of the TCPIP protocol.
Void * getprotocolblock ()
{
Char * base;
Char bytes [] = {0xff, 0x35 };
Base = getroutineaddress ("tcpip. sys", "ipdelayedndisreenumeratebindings ");
While (rtlcomparememory (base, bytes, 2 )! = 2)
{
Base ++;
}
Return ** (void ***) (base + 2 ));
}
The previous section describes how to implement the NDIS
--- Inline hook implements NDIS HookThe previous section describes how to implement the NDIS Hook by obtaining ndis_protocol_block. The second method is the inline Hook method. Inline hook is nothing new. It is nothing more than embedding a JMP machine command in the first part of a function. Before the function executes valid code, it jumps to our proxy function, after necessary processing is done in our p
Key Technologies for implementing NDIS Hook Firewall
Firewall cannot be mentioned when talking about network security. At present, most firewalls in China adopt the TDI technology, and NDIS can be regarded as a relatively advanced technology (if you don't think so, it can only mean that I am outdated, haha) technical details about implementing the NDIS firewall a
The first step:because the process information is not available in NDIS, you can get the information to the portmaintains a table locally on the TDI, storing the correspondence between processes and ports. (Getting process information and ports is not difficult, I've done it, just need to correlate)Step Two:NDIS uses functions to query the TDI for this process and port table, and then to limit the traffic information for a port (difficulty: Figuring o
Example of self-contained DDK: C: \ winddk \ 2600 \ SRC \ Network \ NDIS \ passthru
Some of my friends have extended the passthru function by setting up projects (such as Vc), but an error is reported during compilation on my computer:------------------ Configuration: passthru_ex-Win32 debug --------------------
The specified path cannot be found.
Error executing c: \ windows \ system32 \ cmd.exe.
Passthru. sys-1 error (s), 0 warning (s)
I
Xp2 has been operating stably for more than a year. The blue screen appears many times in the last two days.DRIVER-IRQL-NOT-LESS-OR-EQUAL* ** Stop: 0x000000d1 (0xada37000, 0x00000002, 0x00000000, 0xf6ab2810)NDIS. sys-adress ......Recall that the software I recently switched from Kav to 6.0, blue screen, 8.0, or blue screen. In later versions, HTTP traffic monitoring is added, and Kaspersky Anti-Virus NDIS f
During the download of thunder, a blue screen with an error message about Ndis. sys suddenly appeared. Its code is STOP 0x0000001D. I carefully studied this Ndis. sys File, many of which are NWLink IPX/SPX/NetBIOS compatible transfer protocol problems, I went to the network protocol and checked it and found that there was another Kaspersky security protocol named Kaspersky Anti-Virus
Wince Network Driver in the eyes of Talents
Introduction
In fact, to develop a network driver on WinCE, for example, to design a NIC driver, in most cases, it is to port the NDIS miniport driver (small port driver) from XP to winc
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.