Windows8内核模式下开发NDIS应用-NDIS Filter讲解
在Win8系统下开发驱动程序,需要数字证书,还需要驱动签名认证。不能像XP下面那样疯狂滴耍流氓了。
由于Win8系统的内核做了大幅度的修改,它和XP系统的内核起了很大的变化,最显著的就是刚才说的:需要签名和证书。 还有就是:不能随意的HOOK SSDT了。
在开发NDIS驱动程序的时候,WDK开发包提供了一个新的框架,叫着NDIS Filter
NDIS Filter是一个例子工程。
假入我把WDK安装在E盘,那么这个工程代码就在:
C:\WinDDK\8600.16385.1\src\network\ndis\filter目录下。
把这个例子工程和原来的Passthru工程代码做比较,您会发现,原来需要导出来的2种类型的回调函数MiniportXXX和ProtocolXXX 在新的框架里面被全部隐藏起来了。
微软提供了新的函数。 一起来看看,微软提供了什么。
在这里,为了方便分析, 我把函数代码都做了功能注释,请大家一起看看。
代码如下:
#pragma NDIS_INIT_FUNCTION(DriverEntry)#define LITTLE_ENDIAN (1)//// Global variables// NDIS_HANDLE FilterDriverHandle; // NDIS handle for filter driverNDIS_HANDLE FilterDriverObject;NDIS_HANDLE NdisFilterDeviceHandle = NULL;PDEVICE_OBJECT DeviceObject = NULL;FILTER_LOCK FilterListLock;LIST_ENTRY FilterModuleList;PWCHAR InstanceStrings = NULL;NDIS_FILTER_PARTIAL_CHARACTERISTICS DefaultChars = {{ 0, 0, 0}, 0, FilterSendNetBufferLists, FilterSendNetBufferListsComplete, NULL, FilterReceiveNetBufferLists, FilterReturnNetBufferLists}; typedef struct in_addr { union { struct { UCHAR s_b1,s_b2,s_b3,s_b4; } S_un_b; struct { USHORT s_w1,s_w2; } S_un_w; ULONG S_addr; } S_un;} IN_ADDR, *PIN_ADDR, FAR *LPIN_ADDR;#pragma push(1)typedef struct IP_HEADER{#if LITTLE_ENDIAN unsigned char ip_hl:4; /* 头长度 */ unsigned char ip_v:4; /* 版本号 */#else unsigned char ip_v:4; unsigned char ip_hl:4; #endif unsigned char TOS; // 服务类型 unsigned short TotLen; // 封包总长度,即整个IP包的长度 unsigned short ID; // 封包标识,唯一标识发送的每一个数据报 unsigned short FlagOff; // 标志 unsigned char TTL; // 生存时间,就是TTL unsigned char Protocol; // 协议,可能是TCP、UDP、ICMP等 unsigned short Checksum; // 校验和 struct in_addr iaSrc; // 源IP地址 struct in_addr iaDst; // 目的PI地址}IP_HEADER, *PIP_HEADER;typedef struct tcp_header{ unsigned short src_port; //源端口号 unsigned short dst_port; //目的端口号 unsigned int seq_no; //序列号 unsigned int ack_no; //确认号#if LITTLE_ENDIAN unsigned char reserved_1:4; //保留6位中的4位首部长度 unsigned char thl:4; //tcp头部长度 unsigned char flag:6; //6位标志 unsigned char reseverd_2:2; //保留6位中的2位#else unsigned char thl:4; //tcp头部长度 unsigned char reserved_1:4; //保留6位中的4位首部长度 unsigned char reseverd_2:2; //保留6位中的2位 unsigned char flag:6; //6位标志 #endif unsigned short wnd_size; //16位窗口大小 unsigned short chk_sum; //16位TCP检验和 unsigned short urgt_p; //16为紧急指针}TCP_HEADER,*PTCP_HEADER;typedef struct udp_header { USHORT srcport; // 源端口 USHORT dstport; // 目的端口 USHORT total_len; // 包括UDP报头及UDP数据的长度(单位:字节) USHORT chksum; // 校验和}UDP_HEADER,*PUDP_HEADER;#pragma push()#define IP_OFFSET 0x0E//IP 协议类型#define PROT_ICMP 0x01 #define PROT_TCP 0x06 #define PROT_UDP 0x11 USHORT UTIL_htons( USHORT hostshort ){ PUCHAR pBuffer; USHORT nResult; nResult = 0; pBuffer = (PUCHAR )&hostshort; nResult = ( (pBuffer[ 0 ] << 8) & 0xFF00) | (pBuffer[ 1 ] & 0x00FF); return( nResult );}/*UTIL_ntohs把网络字节顺序转换成主机字节顺序*/USHORT UTIL_ntohs( USHORT netshort ){ return( UTIL_htons( netshort ) );}NTSTATUS DriverEntry(IN PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath){ NDIS_STATUS Status; NDIS_FILTER_DRIVER_CHARACTERISTICS FChars; NDIS_STRING ServiceName; NDIS_STRING UniqueName; NDIS_STRING FriendlyName; BOOLEAN bFalse = FALSE; UNREFERENCED_PARAMETER(RegistryPath); DEBUGP(DL_TRACE,("===>DriverEntry...\n")); RtlInitUnicodeString(&ServiceName, FILTER_SERVICE_NAME); RtlInitUnicodeString(&FriendlyName, FILTER_FRIENDLY_NAME); RtlInitUnicodeString(&UniqueName, FILTER_UNIQUE_NAME); FilterDriverObject = DriverObject; do { NdisZeroMemory(&FChars, sizeof(NDIS_FILTER_DRIVER_CHARACTERISTICS)); /*大多数的NDIS6.0数据结构中包含的对象头结构的成员,即NDIS_OBJECT_HEADER结构。对象头有三个成员:类型,大小和修改。如果头信息是不正确的,那么调用NDIS6.0函数将失败。*/ FChars.Header.Type = NDIS_OBJECT_TYPE_FILTER_DRIVER_CHARACTERISTICS; FChars.Header.Size = sizeof(NDIS_FILTER_DRIVER_CHARACTERISTICS); FChars.Header.Revision = NDIS_FILTER_CHARACTERISTICS_REVISION_1; FChars.MajorNdisVersion = FILTER_MAJOR_NDIS_VERSION; FChars.MinorNdisVersion = FILTER_MINOR_NDIS_VERSION; FChars.MajorDriverVersion = 1; FChars.MinorDriverVersion = 0; FChars.Flags = 0; FChars.FriendlyName = FriendlyName; FChars.UniqueName = UniqueName; FChars.ServiceName = ServiceName; /******************************************************NDIS_FILTER_DRIVER_CHARACTERISTICS结构中Mandatory例程******************************************************/ FChars.AttachHandler = FilterAttach; FChars.DetachHandler = FilterDetach; FChars.RestartHandler = FilterRestart; FChars.PauseHandler = FilterPause;/************************************************************NDIS_FILTER_DRIVER_CHARACTERISTICS结构中Optional且不能在运行时变更的例程*************************************************************/ FChars.SetOptionsHandler = FilterRegisterOptions; FChars.SetFilterModuleOptionsHandler = FilterSetModuleOptions; FChars.OidRequestHandler = FilterOidRequest; FChars.OidRequestCompleteHandler = FilterOidRequestComplete; FChars.StatusHandler = FilterStatus; FChars.DevicePnPEventNotifyHandler = FilterDevicePnPEventNotify; FChars.NetPnPEventHandler = FilterNetPnPEvent; FChars.CancelSendNetBufferListsHandler = FilterCancelSendNetBufferLists;/**************************************************************DIS_FILTER_DRIVER_CHARACTERISTICS结构中Optional且能在运行时变更的例程。 下面这4个例程也被定义在NDIS_FILTER_PARTIAL_CHARACTERISTICS中,这个结构指定的例程可以在运行时的FilterSetModuleOptions例程中调用NdisSetOptionHandles来改变。如果过滤驱动要在例程中修改自身的一个特性,那么必须提供FilterSetModuleOptions例程。****************************************************************/ FChars.SendNetBufferListsHandler = FilterSendNetBufferLists; FChars.SendNetBufferListsCompleteHandler = FilterSendNetBufferListsComplete; FChars.ReturnNetBufferListsHandler = FilterReturnNetBufferLists; FChars.ReceiveNetBufferListsHandler = FilterReceiveNetBufferLists; /// FChars.CancelOidRequestHandler = FilterCancelOidRequest; DriverObject->DriverUnload = FilterUnload; FilterDriverHandle = NULL; FILTER_INIT_LOCK(&FilterListLock); InitializeListHead(&FilterModuleList); // 把Filter驱动注册给NDIS Status = NdisFRegisterFilterDriver(DriverObject, (NDIS_HANDLE)FilterDriverObject, &FChars, &FilterDriverHandle); if (Status != NDIS_STATUS_SUCCESS) { DEBUGP(DL_WARN, ("MSFilter: Register filter driver failed.\n")); break; } // // Initilize spin locks // Status = FilterRegisterDevice(); if (Status != NDIS_STATUS_SUCCESS) { NdisFDeregisterFilterDriver(FilterDriverHandle); FILTER_FREE_LOCK(&FilterListLock); DEBUGP(DL_WARN, ("MSFilter: Register device for the filter driver failed.\n")); break; } } while(bFalse); DEBUGP(DL_TRACE, ("<===DriverEntry, Status = %8x\n", Status)); return Status; }//过滤驱动注册可选服务NDIS_STATUSFilterRegisterOptions( IN NDIS_HANDLE NdisFilterDriverHandle, //它指向了这个过滤驱动 IN NDIS_HANDLE FilterDriverContext //它是这个驱动的上下文 ){ DEBUGP(DL_TRACE, ("===>FilterRegisterOptions\n")); ASSERT(NdisFilterDriverHandle == FilterDriverHandle); ASSERT(FilterDriverContext == (NDIS_HANDLE)FilterDriverObject); if ((NdisFilterDriverHandle != (NDIS_HANDLE)FilterDriverHandle) || (FilterDriverContext != (NDIS_HANDLE)FilterDriverObject)) { return NDIS_STATUS_INVALID_PARAMETER; } DEBUGP(DL_TRACE, ("<===FilterRegisterOptions\n")); return (NDIS_STATUS_SUCCESS);} /*************************************************************** FilterAttach函数的功能: Attaching状态表示:一个Filter Driver正准备附加一个Filter Module到一个驱动栈上。 一个过滤驱动进入Attaching状态下不能进行发送请求、接收指示、状态指示、OID请求操作。 当一个过滤驱动进入Attaching状态时,它可以: (1)创建一个环境上下文区域并且初始化一个缓冲区池以及其Filter Module特点的资源。 (2)用NDIS 传来给Filter Attach的NdisFilterHandle作为输入来调用NdisFSetAttributes例程。 Attach is complete 当Filter Module在Attaching状态下并且Filter Driver初始化了所有的Filter Module所需要的 所有资源时,Filter Module进入Paused状态。 参数说明: NdisFilterHandle 它用于所有过滤驱动中对Ndisxxx类例程的调用时引用指示这个过滤模块。 FilterDriverContext 它由NdisFRegisterFilterDriver的FilterDriverContext来指定。 AttachParameters 它是过滤模块的初始化参数结构体。 **************************************************************/NDIS_STATUSFilterAttach( IN NDIS_HANDLE NdisFilterHandle, IN NDIS_HANDLE FilterDriverContext, IN PNDIS_FILTER_ATTACH_PARAMETERS AttachParameters ){ PMS_FILTER pFilter = NULL; NDIS_STATUS Status = NDIS_STATUS_SUCCESS; NDIS_FILTER_ATTRIBUTES FilterAttributes; ULONG Size; BOOLEAN bFalse = FALSE; DEBUGP(DL_TRACE, ("===>FilterAttach: NdisFilterHandle %p\n", NdisFilterHandle)); do { ASSERT(FilterDriverContext == (NDIS_HANDLE)FilterDriverObject); if (FilterDriverContext != (NDIS_HANDLE)FilterDriverObject) { Status = NDIS_STATUS_INVALID_PARAMETER; break; } if ((AttachParameters->MiniportMediaType != NdisMedium802_3) && (AttachParameters->MiniportMediaType != NdisMediumWan)) { DEBUGP(DL_ERROR, ("MSFilter: Doesn't support media type other than NdisMedium802_3.\n")); Status = NDIS_STATUS_INVALID_PARAMETER; break; } Size = sizeof(MS_FILTER) + AttachParameters->FilterModuleGuidName->Length + AttachParameters->BaseMiniportInstanceName->Length + AttachParameters->BaseMiniportName->Length; pFilter = (PMS_FILTER)FILTER_ALLOC_MEM(NdisFilterHandle, Size); if (pFilter == NULL) { DEBUGP(DL_WARN, ("MSFilter: Failed to allocate context structure.\n")); Status = NDIS_STATUS_RESOURCES; break; } NdisZeroMemory(pFilter, sizeof(MS_FILTER)); pFilter->FilterModuleName.Length = pFilter->FilterModuleName.MaximumLength = AttachParameters->FilterModuleGuidName->Length; pFilter->FilterModuleName.Buffer = (PWSTR)((PUCHAR)pFilter + sizeof(MS_FILTER)); NdisMoveMemory(pFilter->FilterModuleName.Buffer, AttachParameters->FilterModuleGuidName->Buffer, pFilter->FilterModuleName.Length); pFilter->MiniportFriendlyName.Length = pFilter->MiniportFriendlyName.MaximumLength = AttachParameters->BaseMiniportInstanceName->Length; pFilter->MiniportFriendlyName.Buffer = (PWSTR)((PUCHAR)pFilter->FilterModuleName.Buffer + pFilter->FilterModuleName.Length); NdisMoveMemory(pFilter->MiniportFriendlyName.Buffer, AttachParameters->BaseMiniportInstanceName->Buffer, pFilter->MiniportFriendlyName.Length); pFilter->MiniportName.Length = pFilter->MiniportName.MaximumLength = AttachParameters->BaseMiniportName->Length; pFilter->MiniportName.Buffer = (PWSTR)((PUCHAR)pFilter->MiniportFriendlyName.Buffer + pFilter->MiniportFriendlyName.Length); NdisMoveMemory(pFilter->MiniportName.Buffer, AttachParameters->BaseMiniportName->Buffer, pFilter->MiniportName.Length); pFilter->MiniportIfIndex = AttachParameters->BaseMiniportIfIndex; pFilter->TrackReceives = TRUE; pFilter->TrackSends = TRUE; pFilter->FilterHandle = NdisFilterHandle; NdisZeroMemory(&FilterAttributes, sizeof(NDIS_FILTER_ATTRIBUTES)); FilterAttributes.Header.Revision = NDIS_FILTER_ATTRIBUTES_REVISION_1; FilterAttributes.Header.Size = sizeof(NDIS_FILTER_ATTRIBUTES); FilterAttributes.Header.Type = NDIS_OBJECT_TYPE_FILTER_ATTRIBUTES; FilterAttributes.Flags = 0; Status = NdisFSetAttributes(NdisFilterHandle, pFilter, //pFilter参数的功能是,为过滤模块指定环境上下文 &FilterAttributes); if (Status != NDIS_STATUS_SUCCESS) { DEBUGP(DL_WARN, ("MSFilter: Failed to set attributes.\n")); break; } pFilter->State = FilterPaused; FILTER_ACQUIRE_LOCK(&FilterListLock, bFalse); InsertHeadList(&FilterModuleList, &pFilter->FilterModuleLink); FILTER_RELEASE_LOCK(&FilterListLock, bFalse); } while (bFalse); if (Status != NDIS_STATUS_SUCCESS) { if (pFilter != NULL) { FILTER_FREE_MEM(pFilter); } } DEBUGP(DL_TRACE, ("<===FilterAttach: Status %x\n", Status)); return Status;}/************************************************************** FilterPause函数的功能: Paused状态:在这种状态下,Filter Driver不能执行接收和发送操作。 当FilterDriver执行FilterPause全程时它就进入了Pausing状态。 Pausing状态:在这种状态下,Filter Driver要为一个Filter Module完成停止发送和接收 处理所需要的所有准备工作。 一个在Pausing状态的Filter Driver有如下的约束: (1)Filter Module不能发起任何新的接收指示,但可以传递下层驱动的接收指示。 (2)如果有Filter Module发起的接收指示还没有完成,那么必须等到它们全部完成。有只当 FilterReturnNetBufferLists完成所有外部接收指示后,暂停操作才能完成。 (3)要返回任何未处理的由下层驱动引发的接收指示给NDIS,只有等到NdisFReturnNetBufferLists返回了所有未处理的接收指示后暂停操作才能完成。这里也可以排队缓冲这些未完成的接收指示。 (4)立即用NdisFReturnNetBufferLists返回所有下层驱动新传来的接收指示,如果需要可以在返回之前制和排队这些接收指示。 (5)不能发起任何新的发送请求。 (6)如果有Filter Driver引的但NDIS还未完成的发送操作,必须等待它们完成。 (8)应该在FilterSendNetBufferLists例程中立即调用NdisFSendNetBufferListsComplete返回那些新达到的发送请求。并且为每一个NET_BUFFER_LIST设置NDIS_STATUS_PAUSED返回状态。 (8)这时可以使用NdisFIndicateStatus提供状态指示。 (9)可以在FilterStatus中处理状态指示。 (10)可以在FilterOidRequest里面处理OID请求。 (11)可以发起一个OID操作。 (12)不能释放分配的相关资源,和Filter Module相关的资源最好放在FilterDetach例程里面来释放。 (13)如果有用于发送和接收的定时器那么要停止它。 当成功停止发送和接收操作后就必须完成暂停操作。暂停操作的完成可以是同步的也可以是异步的。 若返回值是NDIS_STATUS_SUCCESS则,是同步。 若是异步,则返回NDIS_STATUS_PENDING。那么还必须调用NdisFPauseComplete函数。 暂停操作完成了以后,Filter Module进入了Paused状态。这里它有如下的约束: (1)不能发起任何接收指示,但可以传递底层驱动发来的接收指示。 (2)需要立即调用NdisFReturnNetBufferLists返回底层驱动的接收指示给NDIS,如果需要可以在返回之前复制和排队这些接收指示。 (3)不能引发任何新的发送指示。 (4)需要立即调用NdisFSendNetBufferListsComplete完成那些在FilterSendNetBufferLists中收到的发送请求,并为每一个NET_BUFFER_LIST设置NDIS_STATUS_PAUSED返回状态。 (5)这时可以使用NdisFIndicateStatus发起状态指示。 (6)可以在FilterStatus中进行状态指示处理。 (8)可以在FilterOidRequest里面处理OID请求。 (8)可以发起一个OID请求。 在Filter Module进行Pausing状态时NDIS不会发起其它PnP操作,比如:附加、分离、重启。只有当Filter Module进入了Paused状态后NDIS才能对它进行分离和重启操作。 ***************************************************************/NDIS_STATUSFilterPause( IN NDIS_HANDLE FilterModuleContext, IN PNDIS_FILTER_PAUSE_PARAMETERS PauseParameters ){ PMS_FILTER pFilter = (PMS_FILTER)(FilterModuleContext); NDIS_STATUS Status; BOOLEAN bFalse = FALSE; UNREFERENCED_PARAMETER(PauseParameters); DEBUGP(DL_TRACE, ("===>NDISLWF FilterPause: FilterInstance %p\n", FilterModuleContext)); FILTER_ASSERT(pFilter->State == FilterRunning); FILTER_ACQUIRE_LOCK(&pFilter->Lock, bFalse); pFilter->State = FilterPausing; FILTER_RELEASE_LOCK(&pFilter->Lock, bFalse); Status = NDIS_STATUS_SUCCESS; pFilter->State = FilterPaused; DEBUGP(DL_TRACE, ("<===FilterPause: Status %x\n", Status)); return Status;}/*************************************************************** FilterRestart函数的功能: 在Restarting状态下,一个Filter Driver必须为一个Filter Module完成重启发送和接收数据时 所需要的所有准备工作。 Restart is complete 当Filter Module在Restarting状态下并且完成所有发送和接收所需要的准备工作时,Filter Module就进入了Running状态。要启动一个Paused状态的Filter Module,如果有FilterSetModuleOptions就先调用它,接着调用FilterRestart。 当Filter Module在Restarting状态下,它可以: (1)完成任何正常的发送和接收所需要的准备工作。 (2)可读写Filter Module的配置参数。 (3)可以接收网络数据指示,拷贝和排队数据稍后只是给上层驱动或者丢弃数据。 (4)不能发起任何新的接收指示。 (5)应该立即调用NdisFSendNetBufferListsComplete例程来拒绝FilterSendNetBufferLists传来的发送的请求。应该设置每一个NET_BUFFER_LIST的完成状态为NDIS_STATUS_PAUSED (6)可以使用NdisFIndicateStatus例程进行状态指示。 (8)可以控制OID请求操作。 (8)不能发起任何新的发送请求。 (9)应该调用NdisFReturnNetBufferLists返回所有新的接收指示。如果需要的话可以在接收指示返回之前拷贝它们。 (10)可以制作OID请求发送给下层驱动设置或查询配置信息。 (11)可以在FilterStatus中控制状态指示。 (12)返回时指示 NDIS_STATUS_SUCCESS 或失败状态,如果不Filter Module不能启动返回了失败,而它又是一个Mandatory的Filter Driver 那个 NDIS将会结束这个驱动栈在一个Filter Driver完成对发送和接收的重启后必须指示完成这个重启操作。 Filter Driver的重启操作的完成可以是同步也可以是异步的,同步时返回 NDIS_STATUS_SUCCESS 异步时返回NDIS_STATUS_PENDING。如果返回的是 NDIS_STATUS_PENDING 就必须调用NdisFRestartComplete 例程在重启操作完成后。在这种情况下,驱动需要传递给NdisFRestartComplete 一个固定状态(标识重启结果的成功或失败状态)。重启操作完成Filter Module就进入了 Running状态,恢得一切正常的发送和接收外理。在Filter Driver的FilterRestart例程执行的时候NDIS不会发起任即插即用操作,如附加,分离,暂停请求等等。Ndis可以在Filter Module进入Running状态后发起一个暂停请求。***************************************************************/NDIS_STATUSFilterRestart( IN NDIS_HANDLE FilterModuleContext, IN PNDIS_FILTER_RESTART_PARAMETERS RestartParameters ){ NDIS_STATUS Status; PMS_FILTER pFilter = (PMS_FILTER)FilterModuleContext; // BUGBUG, the cast may be wrong NDIS_HANDLE ConfigurationHandle = NULL; PNDIS_RESTART_GENERAL_ATTRIBUTES NdisGeneralAttributes; PNDIS_RESTART_ATTRIBUTES NdisRestartAttributes; NDIS_CONFIGURATION_OBJECT ConfigObject; DEBUGP(DL_TRACE, ("===>FilterRestart: FilterModuleContext %p\n", FilterModuleContext)); FILTER_ASSERT(pFilter->State == FilterPaused); ConfigObject.Header.Type = NDIS_OBJECT_TYPE_CONFIGURATION_OBJECT; ConfigObject.Header.Revision = NDIS_CONFIGURATION_OBJECT_REVISION_1; ConfigObject.Header.Size = sizeof(NDIS_CONFIGURATION_OBJECT); ConfigObject.NdisHandle = FilterDriverHandle; ConfigObject.Flags = 0; Status = NdisOpenConfigurationEx(&ConfigObject, &ConfigurationHandle); if (Status != NDIS_STATUS_SUCCESS) { #if 0 // // The code is here just to demonstrate how to call NDIS to write an eventlog. If drivers need to write // an event log. // PWCHAR ErrorString = L"Ndislwf"; DEBUGP(DL_WARN, ("FilterRestart: Cannot open configuration.\n")); NdisWriteEventLogEntry(FilterDriverObject, EVENT_NDIS_DRIVER_FAILURE, 0, 1, &ErrorString, sizeof(Status), &Status);#endif } if (Status == NDIS_STATUS_SUCCESS) { NdisCloseConfiguration(ConfigurationHandle); } NdisRestartAttributes = RestartParameters->RestartAttributes; if (NdisRestartAttributes != NULL) { PNDIS_RESTART_ATTRIBUTES NextAttributes; ASSERT(NdisRestartAttributes->Oid == OID_GEN_MINIPORT_RESTART_ATTRIBUTES); NdisGeneralAttributes = (PNDIS_RESTART_GENERAL_ATTRIBUTES)NdisRestartAttributes->Data; NdisGeneralAttributes->LookaheadSize = 128; NextAttributes = NdisRestartAttributes->Next; while (NextAttributes != NULL) { NextAttributes = NextAttributes->Next; } } pFilter->State = FilterRunning; Status = NDIS_STATUS_SUCCESS; if (Status != NDIS_STATUS_SUCCESS) { pFilter->State = FilterPaused; } DEBUGP(DL_TRACE, ("<===FilterRestart: FilterModuleContext %p, Status %x\n", FilterModuleContext, Status)); return Status;}/************************************************************** FilterDetach函数的功能: Detach状态:当Filter Driver从一个驱动栈上分离一个Filter Module时,将发生该事件。 在驱动栈上分离一个过滤模块时,NDIS会暂停这个驱动栈。这意味着NDIS已经使过滤模块进入 了Parse状态。即FilterPause函数先被调用了。 在这个例程中释放和这个过滤模块相关的环境上下文和其它资源。这个过程不能失败。 当FilterDetach函数返回以后,NDIS会重新启动被暂停的驱动栈。 参数说明: FilterDriverContext 它由NdisFRegisterFilterDriver的FilterDriverContext来指定。 ************************************************************/VOIDFilterDetach( IN NDIS_HANDLE FilterModuleContext ){ PMS_FILTER pFilter = (PMS_FILTER)FilterModuleContext; BOOLEAN bFalse = FALSE; DEBUGP(DL_TRACE, ("===>FilterDetach: FilterInstance %p\n", FilterModuleContext)); FILTER_ASSERT(pFilter->State == FilterPaused); if (pFilter->FilterName.Buffer != NULL) { FILTER_FREE_MEM(pFilter->FilterName.Buffer); } FILTER_ACQUIRE_LOCK(&FilterListLock, bFalse); RemoveEntryList(&pFilter->FilterModuleLink); FILTER_RELEASE_LOCK(&FilterListLock, bFalse); FILTER_FREE_MEM(pFilter); DEBUGP(DL_TRACE, ("<===FilterDetach Successfully\n")); return;}/************************************************************** 系统只会在调用FilterDetach()分离了所有和本Filter Driver相关的Filter Module以后,才会调用FilterUnload例程。****************************************************************/VOIDFilterUnload( IN PDRIVER_OBJECT DriverObject ){#if DBG BOOLEAN bFalse = FALSE;#endif UNREFERENCED_PARAMETER(DriverObject); DEBUGP(DL_TRACE, ("===>FilterUnload\n")); FilterDeregisterDevice(); NdisFDeregisterFilterDriver(FilterDriverHandle); #if DBG FILTER_ACQUIRE_LOCK(&FilterListLock, bFalse); ASSERT(IsListEmpty(&FilterModuleList)); FILTER_RELEASE_LOCK(&FilterListLock, bFalse); #endif FILTER_FREE_LOCK(&FilterListLock); DEBUGP(DL_TRACE, ("<===FilterUnload\n")); return; }/*************************************************************** FilterOidRequest函数的功能: Filter Module可以在Runnig状态、Restarting状态、Paused状态和Pauseing状态进行OID的控制和处理。 Filter Driver可以处理上层驱动引发的OID请求,NDIS调用Filter Driver的FilterOidRequest例程来处理OID请求,Filter Driver需要调用NdisFOidRequest例程来转发请求给下层驱动。 Filter Driver可以从FilterOidRequest同步和异步完成一个OID请求,分别返回NDIS_STATS_SUCCESS和NDIS_STATUS_PENDING即可。FilterOidRequest可以用同步的直接完成一个OID请求并返回一个错误状态。 如果FilterOidRequest返回NDIS_STATUS_PENDING,就必须在OID请求完成后调用 NdisFOidRequestComplete来通知上层驱动求请求完成。在这种情况下,请求的结果通过 NdisFOidRequestComplete的OidRequest参数返回给上层驱动,并通过Status参数返回请求完成的最终状态。 如果FilterOidRequest返回NDIS_STATUS_SUCCESS,通过FilterOidRequest的OidRequest参数返回一个查询结果到上层。这时不调用 NdisFOidRequestComplete例程。 要转发OID请求到下层驱动,Filter Driver必须调用NdisFOidRequest。如果一个OID请求不能被转发到下层驱动应该当立即返回。要完成一个请求且不转发可以直接返回NDIS_STATUS_SUCCESS或其它错误状态或返回 NDIS_STATUS_PENDING 后调用NdisFOidRequestComplete。 如果NdisFOidRequest返回NDIS_STATUS_PENDING,NDIS在OID请求完成后调用FilterOidRequestComplete来通知求请求完成在这种情况下,请求的结果通过NdisFOidRequestComplete的OidRequest参数返回给上层驱动,并通过 Status 参数返回请求完成的最终状态。 如果 NdisFOidRequest返回NDIS_STATUS_SUCCESS,通过NdisFOidRequest的OidRequest参数返回一个查询结果到上层。这时不调用FilterOidRequestComplete例程。 一个Filter Driver可以调用NdisFOidRequest引发OID请求在Restarting、Running、Pausing和Paused 状态。 注意:Filter Driver必须跟踪这个请求确保不在FilterOidRequestComplete中调用NdisFOidRequestComplete(因为请求是自己引发的不能传到上层)。 ****************************************************************/NDIS_STATUSFilterOidRequest(IN NDIS_HANDLE FilterModuleContext,IN PNDIS_OID_REQUEST Request){ PMS_FILTER pFilter = (PMS_FILTER)FilterModuleContext; NDIS_STATUS Status; PNDIS_OID_REQUEST ClonedRequest=NULL; BOOLEAN bSubmitted = FALSE; PFILTER_REQUEST_CONTEXT Context; BOOLEAN bFalse = FALSE; DEBUGP(DL_TRACE, ("===>FilterOidRequest: Request %p.\n", Request)); do { Status = NdisAllocateCloneOidRequest(pFilter->FilterHandle, Request, FILTER_TAG, &ClonedRequest); if (Status != NDIS_STATUS_SUCCESS) { DEBUGP(DL_WARN, ("FilerOidRequest: Cannot Clone Request\n")); break; } Context = (PFILTER_REQUEST_CONTEXT)(&ClonedRequest->SourceReserved[0]); *Context = Request; bSubmitted = TRUE; ClonedRequest->RequestId = Request->RequestId; pFilter->PendingOidRequest = ClonedRequest;//Filter Driver可以调用NdisFOidRequest引发一个OID查询和设置请求给下层驱动。 Status = NdisFOidRequest(pFilter->FilterHandle, ClonedRequest); if (Status != NDIS_STATUS_PENDING) { FilterOidRequestComplete(pFilter, ClonedRequest, Status); Status = NDIS_STATUS_PENDING; } }while (bFalse); if (bSubmitted == FALSE) { switch(Request->RequestType) { case NdisRequestMethod: Request->DATA.METHOD_INFORMATION.BytesRead = 0; Request->DATA.METHOD_INFORMATION.BytesNeeded = 0; Request->DATA.METHOD_INFORMATION.BytesWritten = 0; break; case NdisRequestSetInformation: Request->DATA.SET_INFORMATION.BytesRead = 0; Request->DATA.SET_INFORMATION.BytesNeeded = 0; break; case NdisRequestQueryInformation: case NdisRequestQueryStatistics: default: Request->DATA.QUERY_INFORMATION.BytesWritten = 0; Request->DATA.QUERY_INFORMATION.BytesNeeded = 0; break; } } DEBUGP(DL_TRACE, ("<===FilterOidRequest: Status %8x.\n", Status)); return Status;}/************************************************************* FilterCancelOidRequest函数的功能: NDIS调用FilterCancelOidRequest来取消一个OID请求,当NDIS调用FilterCancelOidRequest时, Filter Driver应该尽可能快的调用NdisFCancelOidRequest。 *************************************************************/VOIDFilterCancelOidRequest( IN NDIS_HANDLE FilterModuleContext, IN PVOID RequestId ){ PMS_FILTER pFilter = (PMS_FILTER)FilterModuleContext; PNDIS_OID_REQUEST Request = NULL; PFILTER_REQUEST_CONTEXT Context; PNDIS_OID_REQUEST OriginalRequest = NULL; BOOLEAN bFalse = FALSE; FILTER_ACQUIRE_LOCK(&pFilter->Lock, bFalse); Request = pFilter->PendingOidRequest; if (Request != NULL) { Context = (PFILTER_REQUEST_CONTEXT)(&Request->SourceReserved[0]); OriginalRequest = (*Context); } if ((OriginalRequest != NULL) && (OriginalRequest->RequestId == RequestId)) { FILTER_RELEASE_LOCK(&pFilter->Lock, bFalse); NdisFCancelOidRequest(pFilter->FilterHandle, RequestId); } else { FILTER_RELEASE_LOCK(&pFilter->Lock, bFalse); } } VOIDFilterOidRequestComplete( IN NDIS_HANDLE FilterModuleContext, IN PNDIS_OID_REQUEST Request, IN NDIS_STATUS Status ){ PMS_FILTER pFilter = (PMS_FILTER)FilterModuleContext; PNDIS_OID_REQUEST OriginalRequest; PFILTER_REQUEST_CONTEXT Context; BOOLEAN bFalse = FALSE; DEBUGP(DL_TRACE, ("===>FilterOidRequestComplete, Request %p.\n", Request)); Context = (PFILTER_REQUEST_CONTEXT)(&Request->SourceReserved[0]); OriginalRequest = (*Context); if (OriginalRequest == NULL) { filterInternalRequestComplete(pFilter, Request, Status); return; } FILTER_ACQUIRE_LOCK(&pFilter->Lock, bFalse); ASSERT(pFilter->PendingOidRequest == Request); pFilter->PendingOidRequest = NULL; FILTER_RELEASE_LOCK(&pFilter->Lock, bFalse); switch(Request->RequestType) { case NdisRequestMethod: OriginalRequest->DATA.METHOD_INFORMATION.OutputBufferLength = Request->DATA.METHOD_INFORMATION.OutputBufferLength; OriginalRequest->DATA.METHOD_INFORMATION.BytesRead = Request->DATA.METHOD_INFORMATION.BytesRead; OriginalRequest->DATA.METHOD_INFORMATION.BytesNeeded = Request->DATA.METHOD_INFORMATION.BytesNeeded; OriginalRequest->DATA.METHOD_INFORMATION.BytesWritten = Request->DATA.METHOD_INFORMATION.BytesWritten; break; case NdisRequestSetInformation: OriginalRequest->DATA.SET_INFORMATION.BytesRead = Request->DATA.SET_INFORMATION.BytesRead; OriginalRequest->DATA.SET_INFORMATION.BytesNeeded = Request->DATA.SET_INFORMATION.BytesNeeded; break; case NdisRequestQueryInformation: case NdisRequestQueryStatistics: default: OriginalRequest->DATA.QUERY_INFORMATION.BytesWritten = Request->DATA.QUERY_INFORMATION.BytesWritten; OriginalRequest->DATA.QUERY_INFORMATION.BytesNeeded = Request->DATA.QUERY_INFORMATION.BytesNeeded; break; } (*Context) = NULL; NdisFreeCloneOidRequest(pFilter->FilterHandle, Request);/*如果FilterOidRequest返回NDIS_STATUS_PENDING,就必须在OID请求完成后调用NdisFOidRequestComplete 来通知上层驱动求请求完成。在这种情况下,请求的结果通过NdisFOidRequestComplete的OidRequest参数返回给上层驱动,并通过Status参数返回请求完成的最终状态。要转发OID请求到下层驱动,Filter Driver必须调用NdisFOidRequest。如果一个OID请求不能被转发到下层驱动应该当立即返回。要完成一个请求且不转发可以直接返回NDIS_STATUS_SUCCESS或其它错误状态或返回NDIS_STATUS_PENDING后调用NdisFOidRequestComplete。 */ NdisFOidRequestComplete(pFilter->FilterHandle, OriginalRequest, Status); DEBUGP(DL_TRACE, ("<===FilterOidRequestComplete.\n"));}/************************************************************* FilterStatus函数的功能: 当下层驱动报告状态的时候 NDIS会调用它。此外,Filter Driver还可以自己引发一个状态指示。当下层驱动调用一个状态指示例程时(NdisMIndicateStatusEx或NdisFIndicateStats),NDIS会调用Filter Driver的FilterStatus例程。Filter Driver在FilterStatus中调用NdisFIndicateStatus传递一个状态指示给上层驱动。此外,还可以过滤状态指示(不用调用 NdisFIndicateStatus)或在调用 NdisFIndicateStatus之前修改状态信息。 Filter Driver要自己引发一个状态报告,可以在NDIS未调用 FilterStatus的情况下调用NdisFIndicateStatus。在这种情况下,Filter Driver要设置 SourceHandle 成员为 FilteAttech 参数提供的NdisFilterHandle句柄。如果一个状态指示是一个OID请求相关的(下层请求一个 OID 下层要做相应的状态指示),那么状态的DestinationHandle和RequestId成员要设置成上层的OID请求包携带的数据。 Filter Driver调用NdisFIndicateStatus后NDIS会调用相邻上层的状态指示函数(ProtocolStatusEx或FilterStatus)。 ****************************************************************/VOIDFilterStatus( IN NDIS_HANDLE FilterModuleContext, IN PNDIS_STATUS_INDICATION StatusIndication ){ PMS_FILTER pFilter = (PMS_FILTER)FilterModuleContext;#if DBG BOOLEAN bFalse = FALSE;#endif DEBUGP(DL_TRACE, ("===>FilterStaus, IndicateStatus = %8x.\n", StatusIndication->StatusCode)); #if DBG FILTER_ACQUIRE_LOCK(&pFilter->Lock, bFalse); ASSERT(pFilter->bIndicating == FALSE); pFilter->bIndicating = TRUE; FILTER_RELEASE_LOCK(&pFilter->Lock, bFalse);#endif NdisFIndicateStatus(pFilter->FilterHandle, StatusIndication);#if DBG FILTER_ACQUIRE_LOCK(&pFilter->Lock, bFalse); ASSERT(pFilter->bIndicating == TRUE); pFilter->bIndicating = FALSE; FILTER_RELEASE_LOCK(&pFilter->Lock, bFalse);#endif DEBUGP(DL_TRACE, ("<===FilterStaus.\n"));}/*Filter Driver提供FilterPnpEventNotify来接收NDIS传递的PnP和电源管理事件*/VOIDFilterDevicePnPEventNotify( IN NDIS_HANDLE FilterModuleContext, IN PNET_DEVICE_PNP_EVENT NetDevicePnPEvent ){ PMS_FILTER pFilter = (PMS_FILTER)FilterModuleContext; NDIS_DEVICE_PNP_EVENT DevicePnPEvent = NetDevicePnPEvent->DevicePnPEvent;#if DBG BOOLEAN bFalse = FALSE;#endif DEBUGP(DL_TRACE, ("===>FilterDevicePnPEventNotify: NetPnPEvent = %p.\n", NetDevicePnPEvent)); switch (DevicePnPEvent) { case NdisDevicePnPEventQueryRemoved: case NdisDevicePnPEventRemoved: case NdisDevicePnPEventSurpriseRemoved: case NdisDevicePnPEventQueryStopped: case NdisDevicePnPEventStopped: case NdisDevicePnPEventPowerProfileChanged: case NdisDevicePnPEventFilterListChanged: break; default: DEBUGP(DL_ERROR, ("FilterDevicePnPEventNotify: Invalid event.\n")); FILTER_ASSERT(bFalse); break; } //Filter Driver要下层驱动转发收到的事件,转发事件要用到NdisFDevicePnPEventNotify例程 NdisFDevicePnPEventNotify(pFilter->FilterHandle, NetDevicePnPEvent); DEBUGP(DL_TRACE, ("<===FilterDevicePnPEventNotify\n"));}/*Filter Driver提供了FilterNetPnpEvent例程来处理网络Pnp和电源管理事件通知。*/NDIS_STATUSFilterNetPnPEvent( IN NDIS_HANDLE FilterModuleContext, IN PNET_PNP_EVENT_NOTIFICATION NetPnPEventNotification ){ PMS_FILTER pFilter = (PMS_FILTER)FilterModuleContext; NDIS_STATUS Status = NDIS_STATUS_SUCCESS;//Filter Driver需要转发网络PnP和电源管理事件给上层驱动。转发这些事件是通NdisFNetPnpEvent来完成的。 Status = NdisFNetPnPEvent(pFilter->FilterHandle, NetPnPEventNotification); return Status;}/************************************************************** FilterSendNetBufferListsComplete函数的功能: NDIS调用 FilterSendNetBufferListsComplete 把发送的结构和数据返还给 Filter Driver。NDIS可以收集多次NdisFSendNetBufferLists发送的结构和数据形成一个单链表传递给FilterSendNetBufferListsComplete。除非到NDIS调用FilterSendNetBufferListsComplete,否则一个发送请求的当前状态总是未知的。 一个过滤驱动是不能在NDIS调用FilterSendNetBufferListsComplete返回结构之前对NET_BUFFER_LIST和其关联的数据做检查的。FilterSendNetBufferListsComplete要完成一个发送请求完成后的任何必要的后继处理。当NDIS调用FilterSendNetBufferListsComplete时,Filter Driver就重新获地对结构及结构相关资源的所有权。可以在 FilterSendNetBufferListsComplete中释放相关的资源和准备下一个NdisFSendNetBufferLists调用。 NDIS总是按照过滤驱动调用NdisFSendNetBufferLists提交的顺序传递给下层驱动,但是回返FilterSendNetBufferListsComplete 的顺序则是任意的。Filter Driver可以请求一个回环发送请求,只要把NdisFSendNetBufferLists的SendFlags设置成NDIS_SEND_FLAGS_CHECK_FOR_LOOPBACK就行了。NDIS会引发一个包含发送数据的接收包指示。 一个Filter Driver应该对自己引发的发送请求保持跟踪并确保在完成时不调用NdisFSendNetBufferComplete例程。 **************************************************************/VOIDFilterSendNetBufferListsComplete( IN NDIS_HANDLE FilterModuleContext, IN PNET_BUFFER_LIST NetBufferLists, IN ULONG SendCompleteFlags ){ PMS_FILTER pFilter = (PMS_FILTER)FilterModuleContext; ULONG NumOfSendCompletes = 0; BOOLEAN DispatchLevel; PNET_BUFFER_LIST CurrNbl; DEBUGP(DL_TRACE, ("===>SendNBLComplete, NetBufferList: %p.\n", NetBufferLists)); if (pFilter->TrackSends) { CurrNbl = NetBufferLists; while (CurrNbl) { NumOfSendCompletes++; CurrNbl = NET_BUFFER_LIST_NEXT_NBL(CurrNbl); } DispatchLevel = NDIS_TEST_SEND_AT_DISPATCH_LEVEL(SendCompleteFlags); FILTER_ACQUIRE_LOCK(&pFilter->Lock, DispatchLevel); pFilter->OutstandingSends -= NumOfSendCompletes; FILTER_LOG_SEND_REF(2, pFilter, PrevNbl, pFilter->OutstandingSends); FILTER_RELEASE_LOCK(&pFilter->Lock, DispatchLevel); } NdisFSendNetBufferListsComplete(pFilter->FilterHandle, NetBufferLists, SendCompleteFlags); DEBUGP(DL_TRACE, ("<===SendNBLComplete.\n"));}/************************************************************* FilterSendNetBufferLists函数的功能: NDIS调用一个Filter Driver的FilterSendNetBufferLists例程来过滤上层驱动的发送请求。Filter Driver不能改变其它驱动传来的NET_BUFFER_LIST结构中的SourceHandle成员的值。它可以过滤数据并发送过滤的数据到下层驱动。 对每一个提交到FilterSendNetBufferLists的NDIS_BUFFER_LIST,我们可做下面的操作。 1)可以把缓冲区通过 NdisFSendBufferLists 传递给下层驱动,NDIS 保证上下文空间对FilterDriver的有效性。过滤驱动可以在发送前修改缓冲区的内容。可以像处理自己引发的发送请求的缓冲区一样处理这个缓冲区。 2)可以调用 NdisFSendNetBufferListsComplete 拒绝传递这个包 3)排队缓冲区内容到本地的供以后处理。例如要在一定超时后处理或要接收到特定包后才处理等。如果支持这种处理方式就要支持取消请求的操作。 4)可以拷贝缓冲区并引发一个发送请求。它类似自己引发一个发送请求,但必须先调用 NdisFSendNetBufferComplete返回上层驱动的缓冲区。 发送请求在驱动栈继续完成,当一个微端口驱动调用NdisMSendNetBufferListsComplete完成一个发送请求时,NDIS会调用微端口 驱动之上最近的Filter Driver的FilterSendNetBufferLists例程。 在一个发送操作完成后,Filter Driver可以做在FilterSendNetBufferLists中所有修改的相反操作。FilterSendNetBufferListsComplete返回一个NET_BUFFER_LIST结构的单链表和发送请求的最终状态给上层的驱动。当最顶层的 Filter Module的FilterSendNetBufferListsComplete被调用完成后NDIS会调用引发发送请求的协议驱动的ProtocolSendNetBufferListsComplete。如果Filter Driver不提供FilterSendNetBufferLists它还是可以引发一个发送操作的,但它必须提供一个FilterSendNetBufferListsComplete并且不能在这个例程里把这个事件传递给上层驱动。 一个Filter Driver可以传递或过滤一个上层驱动的回环请求,要传递一个回环请求,NDIS会设置FilterSendNetBufferLists的SendFlags参数为NDIS_SEND_FLAGS_CHECK_FOR_LOOPBACK,Filter Driver在调用NdisFSendNetBufferLists时把这个标记传给它即可。在回环请求的情况下NDIS会指示一个包含发送数据的接收包。 通常情况下,如果一个Filter Driver修改的任何行为不是NDIS提供的标准服务,那么它应该当自己为NDIS提供相应的服务。例如,如果一个Filter Driver修改了一个硬件地址请求,就必须处理直接到这个新地址回环包。在这种情况下, 因为Filter Driver已经更改了地址NDIS是不能提供一个回环服务的。 还有就是如果Filter Driver设置了混杂模式那它就不能传递额外的数据给上层接收。 **************************************************************/VOIDFilterSendNetBufferLists( IN NDIS_HANDLE FilterModuleContext, IN PNET_BUFFER_LIST NetBufferLists, IN NDIS_PORT_NUMBER PortNumber, IN ULONG SendFlags ){ PMS_FILTER pFilter = (PMS_FILTER)FilterModuleContext; PNET_BUFFER_LIST CurrNbl; BOOLEAN DispatchLevel; BOOLEAN bFalse = FALSE; DEBUGP(DL_TRACE, ("===>SendNetBufferList: NBL = %p.\n", NetBufferLists)); do { DispatchLevel = NDIS_TEST_SEND_AT_DISPATCH_LEVEL(SendFlags);#if DBG FILTER_ACQUIRE_LOCK(&pFilter->Lock, DispatchLevel); if (pFilter->State != FilterRunning) { FILTER_RELEASE_LOCK(&pFilter->Lock, DispatchLevel); CurrNbl = NetBufferLists; while (CurrNbl) { NET_BUFFER_LIST_STATUS(CurrNbl) = NDIS_STATUS_PAUSED; CurrNbl = NET_BUFFER_LIST_NEXT_NBL(CurrNbl); } NdisFSendNetBufferListsComplete(pFilter->FilterHandle, NetBufferLists, DispatchLevel ? NDIS_SEND_COMPLETE_FLAGS_DISPATCH_LEVEL : 0); break; } FILTER_RELEASE_LOCK(&pFilter->Lock, DispatchLevel);#endif/******************************************************/ //在这里添加我们的代码/******************************************************/ if (pFilter->TrackSends) { FILTER_ACQUIRE_LOCK(&pFilter->Lock, DispatchLevel); CurrNbl = NetBufferLists; while (CurrNbl) { pFilter->OutstandingSends++; FILTER_LOG_SEND_REF(1, pFilter, CurrNbl, pFilter->OutstandingSends); CurrNbl = NET_BUFFER_LIST_NEXT_NBL(CurrNbl); } FILTER_RELEASE_LOCK(&pFilter->Lock, DispatchLevel); } NdisFSendNetBufferLists(pFilter->FilterHandle, NetBufferLists, PortNumber, SendFlags); } while (bFalse); DEBUGP(DL_TRACE, ("<===SendNetBufferList. \n"));}/************************************************************* FilterReturnNetBufferLists函数的功能: 如果Filter Driver设置了NdisFIndicateReceiveNetBufferLists的状态为NDIS_STATUS_SUCCESS, NDIS通过驱动的FilterReturnNetBufferLists 返回指示数据。在这种情况下 Filter Driver失去了对NET_BUFFER_LIST的所有权,直到FilterReturnNetBufferLists被调用。 Filter Driver调用NdisFIndicateNetBufferLists 传递接收指示给驱动栈上的上层驱动,如果上层驱动保留了对缓冲区(NET_BUFFER_LIST)的所有权,NDIS会调用Filter Driver的FilterReturnNetBufferLists 例程。 在FilterReturnNetBufferLists中应该撤消在接收路径上(如在 FilterReciveNetBufferLists中做的一些处理)的操作。当最底层的Filter Module完成对缓冲区(NET_BUFFER_LIST)的处理后,NDIS把缓冲区返回给微端口驱动。如果FilterReceiveNetBufferLists的ReceiveFlags没有设置NDIS_RECEIVE_FLAGS_RESOURCES标记, FilterDriver调用NdisFReturnNetBufferList返回这个缓冲区数据,如果设置了FilterReceiveNetBufferLists直接返回时就把缓冲区返还给了下层微端口驱动。 ***************************************************************/VOIDFilterReturnNetBufferLists( IN NDIS_HANDLE FilterModuleContext, IN PNET_BUFFER_LIST NetBufferLists, IN ULONG ReturnFlags ){ PMS_FILTER pFilter = (PMS_FILTER)FilterModuleContext; PNET_BUFFER_LIST CurrNbl = NULL; UINT NumOfNetBufferLists = 0; BOOLEAN DispatchLevel; ULONG Ref; DEBUGP(DL_TRACE, ("===>ReturnNetBufferLists, NetBufferLists is %p.\n", NetBufferLists)); if (pFilter->TrackReceives) { while (CurrNbl) { NumOfNetBufferLists ++; CurrNbl = NET_BUFFER_LIST_NEXT_NBL(CurrNbl); } } NdisFReturnNetBufferLists(pFilter->FilterHandle, NetBufferLists, ReturnFlags); if (pFilter->TrackReceives) { DispatchLevel = NDIS_TEST_RETURN_AT_DISPATCH_LEVEL(ReturnFlags); FILTER_ACQUIRE_LOCK(&pFilter->Lock, DispatchLevel); pFilter->OutstandingRcvs -= NumOfNetBufferLists; Ref = pFilter->OutstandingRcvs; FILTER_LOG_RCV_REF(3, pFilter, NetBufferLists, Ref); FILTER_RELEASE_LOCK(&pFilter->Lock, DispatchLevel); } DEBUGP(DL_TRACE, ("<===ReturnNetBufferLists.\n")); }/*************************************************************** FilterReceiveNetBufferLists函数的功能: Filter Driver调用 NdisFIndicateReceiveNetBufferLists来指示发送数据。这个函数通过NET_BUFFER_LIST结构给上层驱动指示数据。Filter Driver可以从池中分配这个结构。如果Filter Driver设置了NdisFIndicateReceiveNetBufferLists的状态为 NDIS_STATUS_SUCCESS, NDIS通过驱动的FilterReturnNetBufferLists返回指示数据。在这种情况下Filter Driver失去了对NET_BUFFER_LIST的所有权直到FilterReturnNetBufferLists被调用。如果Filter Driver在调用NdisFIndicateReceiveNetBufferLists时设置ReceiveFlags为NDIS_RECEIVE_FLAGS_RESOURCES,在函数返回后Filter Driver会立即恢复对NET_BUFFER_LIST的所有权,这时Filter Driver必须立即处理这个NET_BUFFER_LIST的返回,因为NDIS在这种情况下是不会调用FilterReturnNetBufferLists返回NET_BUFFER_LIST结构的。 注意: 一个Filter Driver应该跟踪自己引发的接收指示确保它在FilterReturnNetBufferLists 中不调用NdisFReturnNetBufferLists。 ***************************************************************/VOIDFilterReceiveNetBufferLists( IN NDIS_HANDLE FilterModuleContext, IN PNET_BUFFER_LIST NetBufferLists, IN NDIS_PORT_NUMBER PortNumber, IN ULONG NumberOfNetBufferLists, IN ULONG ReceiveFlags ){ PMS_FILTER pFilter = (PMS_FILTER)FilterModuleContext; BOOLEAN DispatchLevel; ULONG Ref; BOOLEAN bFalse = FALSE;#if DBG ULONG ReturnFlags;#endif DEBUGP(DL_TRACE, ("===>ReceiveNetBufferList: NetBufferLists = %p.\n", NetBufferLists)); do { DispatchLevel = NDIS_TEST_RECEIVE_AT_DISPATCH_LEVEL(ReceiveFlags);#if DBG FILTER_ACQUIRE_LOCK(&pFilter->Lock, DispatchLevel); if (pFilter->State != FilterRunning) { FILTER_RELEASE_LOCK(&pFilter->Lock, DispatchLevel); if (NDIS_TEST_RECEIVE_CAN_PEND(ReceiveFlags)) { ReturnFlags = 0; if (NDIS_TEST_RECEIVE_AT_DISPATCH_LEVEL(ReceiveFlags)) { NDIS_SET_RETURN_FLAG(ReturnFlags, NDIS_RETURN_FLAGS_DISPATCH_LEVEL); } NdisFReturnNetBufferLists(pFilter->FilterHandle, NetBufferLists, ReturnFlags); } break; } FILTER_RELEASE_LOCK(&pFilter->Lock, DispatchLevel);#endif ASSERT(NumberOfNetBufferLists >= 1);/*--------------------------------------------------*/ //在这里添加我们的代码/*---------------------------------------------------*/ if (pFilter->TrackReceives) { FILTER_ACQUIRE_LOCK(&pFilter->Lock, DispatchLevel); pFilter->OutstandingRcvs += NumberOfNetBufferLists; Ref = pFilter->OutstandingRcvs; FILTER_LOG_RCV_REF(1, pFilter, NetBufferLists, Ref); FILTER_RELEASE_LOCK(&pFilter->Lock, DispatchLevel); }/************************************************************调用 NdisFIndicateReceiveNetBufferLists来指示发送数据。如果Filter Driver设置了NdisFIndicateReceiveNetBufferLists的状态为NDIS_STATUS_SUCCESS, NDIS通过驱动的FilterReturnNetBufferLists 返回指示数据。 如果Filter Driver设置了NdisFIndicateReceiveNetBufferLists的ReceiveFlags值为NDIS_RECEIVE_FLAGS_RESOURCES,那么在函数返回后Filter Driver会立即恢复对NET_BUFFER_LIST的所有权,这时Filter Driver必须立即处理这个NET_BUFFER_LIST的返回。在这种情况下是不会调用FilterReturnNetBufferLists返回NET_BUFFER_LIST结构的。************************************************************/ NdisFIndicateReceiveNetBufferLists( pFilter->FilterHandle, NetBufferLists, PortNumber, NumberOfNetBufferLists, ReceiveFlags); if (NDIS_TEST_RECEIVE_CANNOT_PEND(ReceiveFlags) && pFilter->TrackReceives) { FILTER_ACQUIRE_LOCK(&pFilter->Lock, DispatchLevel); pFilter->OutstandingRcvs -= NumberOfNetBufferLists; Ref = pFilter->OutstandingRcvs; FILTER_LOG_RCV_REF(2, pFilter, NetBufferLists, Ref); FILTER_RELEASE_LOCK(&pFilter->Lock, DispatchLevel); } } while (bFalse); DEBUGP(DL_TRACE, ("<===ReceiveNetBufferList: Flags = %8x.\n", ReceiveFlags)); }/************************************************************** FilterCancelSendNetBufferLists函数的功能: 过滤驱动调用NDIS_SET_NET_BUFFER_LIST_CANCEL_ID宏为每一个NET_BUFFER_LIST标记一个取消Id。 在为网络数据分配取消ID之前,必须先调用NdisGenratePartialCanceId获得取消ID的高字节。 这是为了确保不是驱动不会把一个取消ID分配给两个驱动驱动通常在DriverEntry调用 NdisGenratePartialCanceld,但是驱动可以在不同的时间多次调用它来获得多个取消ID。 要取消被标记过取消ID且正在传输的数据,驱动可以调用NdisFCancelSendNetBufferLists例程 来完成。要获得取消ID可以用NDIS_GET_NET_BUFFER_LIST_CANCEL_ID宏来完成。 如果一个Filter Driver对所有发送的NET_BUFFER_LIST标记了相同的取消ID那它可以用一个 NdisFCancelSendNetBufferLists来取消所有的发送请求。如果把一部发送请求的NET_BUFFER_LIST标记相同的取消ID那么就可以调用一次NdisFCancelSendNetBufferLists来取消这部分发送请求。 在实现这个功能时NDIS会调用下层驱动的取消发送功能。中断正在执行的发送任务后,下层驱动会 调用发送完成全程(如:NdisMSendNetBufferListComplete)返回指定的NET_BUFFER_LIST结构并指定 返回状态为 NDIS_STATUS_CANCELLED, NDIS依次调用Filter Driver的FilterSendNetBufferListsComplete例程。在FilterSendNetBufferListsComplete中要用NDIS_SET_NET_BUFFER_LIST_CANCEL_ID设置取消的NET_BUFFER_LIST 的取消ID 为 NULL,这样是为了防止这个ID,在 NET_BUFFER_LIST被再次分配时使用。 上层驱动在取消一个未完成的发送请求时也必须对这个发送请求的 NET_BUFFER_LIST结构设定取消ID。 NDIS会传递给Filter Driver的FilterCancelSendNetBufferLists一个取消ID来取消发送请求的 NET_BUFFER_LIST发送。FilterCanCelSendNetBufferLists下执行下列操作。 1)遍历 Filter Driver的发送队列,用 NDIS_GET_NET_BUFFER_LSIT_CANCEL_ID获得队列中NET_BUFFER_LIST的取消ID与FilterCancelSendBufferLists的取消ID比较。 2)移除队列中取消 ID 和 FilterCancelSentBufferLists中取消ID相同的元素。 3)调用 NdisFSendNetBufferListsComplete来完成这些NET_BUFFER_LIST并设定返回状 态为NDIS_STATUS_CANCELLED。 4)调用NdisFCancelSendNetBufferLists传递取消发送请求给下层驱动。传递取消ID给下层驱动就Filter Driver取消自己引发的发关请求一样。 *************************************************************/VOIDFilterCancelSendNetBufferLists( IN NDIS_HANDLE FilterModuleContext, IN PVOID CancelId ){ PMS_FILTER pFilter = (PMS_FILTER)FilterModuleContext; NdisFCancelSendNetBufferLists(pFilter->FilterHandle,CancelId);}/************************************************************** FilterSetModuleOptions函数的功能: 必须要在初始化时为驱动注册FilterSetModuleOptions例程,驱动可以在这个例程中初始化 NDIS_FILTER_PARTIAL_CHARACTERISTICS结构来调用NdisSetOptionalHandlers来完成必变。 这个例程如果存在那么在调用Filter Driver的FilterRestart例程之前调用它。 ***************************************************************/ NDIS_STATUSFilterSetModuleOptions( IN NDIS_HANDLE FilterModuleContext ){ PMS_FILTER pFilter = (PMS_FILTER)FilterModuleContext; NDIS_FILTER_PARTIAL_CHARACTERISTICS OptionalHandlers; NDIS_STATUS Status = NDIS_STATUS_SUCCESS; BOOLEAN bFalse = FALSE; if (bFalse) { UINT i; pFilter->CallsRestart++; i = pFilter->CallsRestart % 8; pFilter->TrackReceives = TRUE; pFilter->TrackSends = TRUE; NdisMoveMemory(&OptionalHandlers, &DefaultChars, sizeof(OptionalHandlers)); OptionalHandlers.Header.Type = NDIS_OBJECT_TYPE_FILTER_PARTIAL_CHARACTERISTICS; OptionalHandlers.Header.Size = sizeof(OptionalHandlers); switch (i) { case 0: OptionalHandlers.ReceiveNetBufferListsHandler = NULL; pFilter->TrackReceives = FALSE; break; case 1: OptionalHandlers.ReturnNetBufferListsHandler = NULL; pFilter->TrackReceives = FALSE; break; case 2: OptionalHandlers.SendNetBufferListsHandler = NULL; pFilter->TrackSends = FALSE; break; case 3: OptionalHandlers.SendNetBufferListsCompleteHandler = NULL; pFilter->TrackSends = FALSE; break; case 4: OptionalHandlers.ReceiveNetBufferListsHandler = NULL; OptionalHandlers.ReturnNetBufferListsHandler = NULL; break; case 5: OptionalHandlers.SendNetBufferListsHandler = NULL; OptionalHandlers.SendNetBufferListsCompleteHandler = NULL; break; case 6: OptionalHandlers.ReceiveNetBufferListsHandler = NULL; OptionalHandlers.ReturnNetBufferListsHandler = NULL; OptionalHandlers.SendNetBufferListsHandler = NULL; OptionalHandlers.SendNetBufferListsCompleteHandler = NULL; break; case 8: break; } Status = NdisSetOptionalHandlers(pFilter->FilterHandle, (PNDIS_DRIVER_OPTIONAL_HANDLERS)&OptionalHandlers ); } return Status;}NDIS_STATUSfilterDoInternalRequest( IN PMS_FILTER FilterModuleContext, IN NDIS_REQUEST_TYPE RequestType, IN NDIS_OID Oid, IN PVOID InformationBuffer, IN ULONG InformationBufferLength, IN ULONG OutputBufferLength, OPTIONAL IN ULONG MethodId, OPTIONAL OUT PULONG pBytesProcessed ){ FILTER_REQUEST FilterRequest; PNDIS_OID_REQUEST NdisRequest = &FilterRequest.Request; NDIS_STATUS Status; BOOLEAN bFalse; bFalse = FALSE; NdisZeroMemory(NdisRequest, sizeof(NDIS_OID_REQUEST)); NdisInitializeEvent(&FilterRequest.ReqEvent); NdisRequest->Header.Type = NDIS_OBJECT_TYPE_OID_REQUEST; NdisRequest->Header.Revision = NDIS_OID_REQUEST_REVISION_1; NdisRequest->Header.Size = sizeof(NDIS_OID_REQUEST); NdisRequest->RequestType = RequestType; switch (RequestType) { case NdisRequestQueryInformation: NdisRequest->DATA.QUERY_INFORMATION.Oid = Oid; NdisRequest->DATA.QUERY_INFORMATION.InformationBuffer =InformationBuffer; NdisRequest->DATA.QUERY_INFORMATION.InformationBufferLength = InformationBufferLength; break; case NdisRequestSetInformation: NdisRequest->DATA.SET_INFORMATION.Oid = Oid; NdisRequest->DATA.SET_INFORMATION.InformationBuffer =InformationBuffer; NdisRequest->DATA.SET_INFORMATION.InformationBufferLength =InformationBufferLength; break; case NdisRequestMethod: NdisRequest->DATA.METHOD_INFORMATION.Oid = Oid; NdisRequest->DATA.METHOD_INFORMATION.MethodId = MethodId; NdisRequest->DATA.METHOD_INFORMATION.InformationBuffer = InformationBuffer; NdisRequest->DATA.METHOD_INFORMATION.InputBufferLength = InformationBufferLength; NdisRequest->DATA.METHOD_INFORMATION.OutputBufferLength = OutputBufferLength; break; default: FILTER_ASSERT(bFalse); break; } NdisRequest->RequestId = (PVOID)FILTER_REQUEST_ID; Status = NdisFOidRequest(FilterModuleContext->FilterHandle,NdisRequest); if (Status == NDIS_STATUS_PENDING) { NdisWaitEvent(&FilterRequest.ReqEvent, 0); Status = FilterRequest.Status; } if (Status == NDIS_STATUS_SUCCESS) { if (RequestType == NdisRequestSetInformation) { *pBytesProcessed = NdisRequest->DATA.SET_INFORMATION.BytesRead; } if (RequestType == NdisRequestQueryInformation) { *pBytesProcessed = NdisRequest->DATA.QUERY_INFORMATION.BytesWritten; } if (RequestType == NdisRequestMethod) { *pBytesProcessed = NdisRequest->DATA.METHOD_INFORMATION.BytesWritten; } if (RequestType == NdisRequestMethod) { if (*pBytesProcessed > OutputBufferLength) { *pBytesProcessed = OutputBufferLength; } } else { if (*pBytesProcessed > InformationBufferLength) { *pBytesProcessed = InformationBufferLength; } } } return (Status);}VOIDfilterInternalRequestComplete( IN NDIS_HANDLE FilterModuleContext, IN PNDIS_OID_REQUEST NdisRequest, IN NDIS_STATUS Status ){ PFILTER_REQUEST FilterRequest; UNREFERENCED_PARAMETER(FilterModuleContext); FilterRequest = CONTAINING_RECORD(NdisRequest, FILTER_REQUEST, Request); FilterRequest->Status = Status; NdisSetEvent(&FilterRequest->ReqEvent);}