NDIS 6.2 Windows 7. Filter network packets.

OSR_Community_User · July 3, 2015, 10:15am

Hi,
Firstly, I’m beginner in driver development so I am sorry about my misunderstood.

I’m trying to to analyze received network packets so I try to modify filter.c form DDK 7600.
( network/ndis/filter/filter.c).
So, I attach my code, function: FilterReceiveNetBuffer.
I’m gonna to clone NBL and then modify them. I have given code:
VOID FilterReceiveNetBufferLists(IN NDIS_HANDLE FilterModuleContext, IN PNET_BUFFER_LIST NetBufferLists,
IN NDIS_PORT_NUMBER PortNumber, IN ULONG NumberOfNetBufferLists, IN ULONG ReceiveFlags )
{

PMS_FILTER pFilter = (PMS_FILTER)FilterModuleContext;
BOOLEAN DispatchLevel;
ULONG Ref;
BOOLEAN bFalse = FALSE;

do
{

DispatchLevel = NDIS_TEST_RECEIVE_AT_DISPATCH_LEVEL(ReceiveFlags);

ASSERT(NumberOfNetBufferLists >= 1);

/* MY MODFICATIONS START **/

nblPoolParams.Header.Type = NDIS_OBJECT_TYPE_DEFAULT;
nblPoolParams.Header.Revision = NET_BUFFER_LIST_POOL_PARAMETERS_REVISION_1;
nblPoolParams.Header.Size = NDIS_SIZEOF_NET_BUFFER_LIST_POOL_PARAMETERS_REVISION_1;
nblPoolParams.fAllocateNetBuffer = TRUE;
nblPoolParams.DataSize = 0;
nblPoolParams.PoolTag = ‘MY’;

nbPoolParams->Header.Type = NDIS_OBJECT_TYPE_DEFAULT;
nbPoolParams->Header.Revision = NET_BUFFER_LIST_POOL_PARAMETERS_REVISION_1;
nbPoolParams->Header.Size = NDIS_SIZEOF_NET_BUFFER_LIST_POOL_PARAMETERS_REVISION_1;
nbPoolParams->PoolTag = ‘MY’;
nbPoolParams->DataSize = 0;

allocatedNetBufferListPool = NdisAllocateNetBufferListPool(FilterDriverObject, &nblPoolParams);

allocatedNetBufferPool = NdisAllocateNetBufferPool(FilterDriverObject, nbPoolParams);

while (currNbl)
{
nextNbl = NET_BUFFER_LIST_NEXT_NBL(currNbl);

clonedNbl = NdisAllocateCloneNetBufferList(currNbl, allocatedNetBufferListPool,allocatedNetBufferPool ,NDIS_CLONE_FLAGS_USE_ORIGINAL_MDLS);
clonedNbl->ParentNetBufferList = currNbl;
NET_BUFFER_LIST_NEXT_NBL( currNbl ) = NULL;
NET_BUFFER_LIST_NEXT_NBL( clonedNbl ) = NULL;
numOfNetBuffers = 0;

currNb = NET_BUFFER_LIST_FIRST_NB( clonedNbl );

while( currNb != NULL ) {
numOfNetBuffers++;
currNb = NET_BUFFER_NEXT_NB( currNb );
}

currNbl = nextNbl;
}

/* MY MODIFICATIONS – END*/

if (pFilter->TrackReceives)
{
FILTER_ACQUIRE_LOCK(&pFilter->Lock, DispatchLevel);
pFilter->OutstandingRcvs += NumberOfNetBufferLists;
Ref = pFilter->OutstandingRcvs;

FILTER_LOG_RCV_REF(1, pFilter, NetBufferLists, Ref);
FILTER_RELEASE_LOCK(&pFilter->Lock, DispatchLevel);
}
NdisFIndicateReceiveNetBufferLists(pFilter->FilterHandle, NetBufferLists, PortNumber, NumberOfNetBufferLists, ReceiveFlags);

if (NDIS_TEST_RECEIVE_CANNOT_PEND(ReceiveFlags) && pFilter->TrackReceives)
{
FILTER_ACQUIRE_LOCK(&pFilter->Lock, DispatchLevel);
pFilter->OutstandingRcvs -= NumberOfNetBufferLists;
Ref = pFilter->OutstandingRcvs;
FILTER_LOG_RCV_REF(2, pFilter, NetBufferLists, Ref);
FILTER_RELEASE_LOCK(&pFilter->Lock, DispatchLevel);
}

} while (bFalse);
}

I compiled it, instlled it and reboot system. I got a BSOD and I don’t understand why.

I am asking for help me with that.
I am asking to give some title of books/ tutorials that facilitate me do it.

Thanks in advance.

Tim_Roberts · July 6, 2015, 1:06pm

xxxxx@trbvm.com wrote:

I compiled it, instlled it and reboot system. I got a BSOD and I don’t understand why.

I am asking for help me with that.

I am asking to give some title of books/ tutorials that facilitate me do it.

There are a billion reasons why a BSOD can happen. When you ask for
help on a BSOD, the VERY LEAST you can do is tell us what the bug check
code was. The next least you can do is run “windbg” on the dump file
that gets created, and show us the result of the “!analyze -v” command,
which will often point to exactly the line of code that caused the crash.

Having said that, the problem here is pretty clear:

/* MY MODFICATIONS START **/

nblPoolParams.Header.Type = NDIS_OBJECT_TYPE_DEFAULT;
nblPoolParams.Header.Revision = NET_BUFFER_LIST_POOL_PARAMETERS_REVISION_1;
nblPoolParams.Header.Size = NDIS_SIZEOF_NET_BUFFER_LIST_POOL_PARAMETERS_REVISION_1;
nblPoolParams.fAllocateNetBuffer = TRUE;
nblPoolParams.DataSize = 0;
nblPoolParams.PoolTag = ‘MY’;

nbPoolParams->Header.Type = NDIS_OBJECT_TYPE_DEFAULT;
nbPoolParams->Header.Revision = NET_BUFFER_LIST_POOL_PARAMETERS_REVISION_1;
nbPoolParams->Header.Size = NDIS_SIZEOF_NET_BUFFER_LIST_POOL_PARAMETERS_REVISION_1;
nbPoolParams->PoolTag = ‘MY’;
nbPoolParams->DataSize = 0;

nbPoolParams is a net buffer pool, not a net buffer LIST pool. You
should be using NET_BUFFER_POOL_PARAMETERS_REVISION_1 and
NDIS_SIZEOF_NET_BUFFER_POOL_PARAMETERS_REVISION_1, not the
“NET_BUFFER_LIST_POOL” equivalents.

–
Tim Roberts, xxxxx@probo.com
Providenza & Boekelheide, Inc.