From: brucie [brucie@263.net]
Sent: Sunday, December 30, 2001 12:00 PM
To: NT Developers Interest List
Subject: [ntdev] hook ndis under win2k:what is the problem

Hi, all.
I wrote some codes to hook ndis under win2k. The results is so strange.:))
Here is the code.
----------------------------------------------

NTSTATUS DriverEntry(
    IN PDRIVER_OBJECT DriverObject,
    IN PUNICODE_STRING RegistryPath
)
{
  ....
  ...
  //register my fake protocol
      //register my fake protocol
    NdisZeroMemory(&protocolChar,sizeof(NDIS_PROTOCOL_CHARACTERISTICS));

    protocolChar.MajorNdisVersion            = 4;
    protocolChar.MinorNdisVersion            = 0;
    protocolChar.Name                        = protoName;
    protocolChar.OpenAdapterCompleteHandler  = NULL;
    protocolChar.CloseAdapterCompleteHandler = NULL;
    protocolChar.SendCompleteHandler         = NULL;
    protocolChar.TransferDataCompleteHandler = NULL;
    protocolChar.ResetCompleteHandler        = NULL;
    protocolChar.RequestCompleteHandler      = NULL;
    protocolChar.ReceiveHandler              = NULL;
    protocolChar.ReceiveCompleteHandler      = NULL;
    protocolChar.StatusHandler               = NULL;
    protocolChar.StatusCompleteHandler       = NULL;
    protocolChar.BindAdapterHandler          = NULL;
    protocolChar.UnbindAdapterHandler        = NULL;
    protocolChar.UnloadHandler               = NULL;
    protocolChar.ReceivePacketHandler        = NULL;
//    protocolChar.PnPEventHandler             = NULL;

    NdisRegisterProtocol(
        &status,
        &Globals.NdisProtocolHandle,
        &protocolChar,
        sizeof(NDIS_PROTOCOL_CHARACTERISTICS));

    if (status != NDIS_STATUS_SUCCESS) {
        status = STATUS_UNSUCCESSFUL;
        return status;
    }  
    AnalysisProtocolBlock();
}
VOID 
AnalysisProtocolBlock(
)
{
	PNDIS_PROTOCOL_BLOCK           protocol;
	PNDIS_PROTOCOL_BLOCK           nextprotocol;
	PNDIS_OPEN_BLOCK                block;
	PNDIS_OPEN_BLOCK                nextblock;
	NDIS41_PROTOCOL_CHARACTERISTICS  protoChar;
	int                                  i=0;
	
	protocol = (PNDIS_PROTOCOL_BLOCK)(&Globals.NdisProtocolHandle);
	if (protocol->NextProtocol != NULL)
	{
		protocol = protocol->NextProtocol;
		block = protocol->OpenQueue;
	}
}
----------------------------------------------
I set breakpoints at "block = protocol->OpenQueue"
in my function AnalysisProtocolBlock, when the code execute at there, I 
use softice to see the data of "block".
That is the result:
  block struct _NDIS_OPEN_BLOCK 
       { 
             PNDIS_MAC_BLOCK MacHandle = ???
             NDIS_HANDLE MacBindingHandle=???
             PNDIS_ADAPTER_BLOCK AdapterHandle=???
             PNDIS_PROTOCOL_BLOCK ProtocolHandle =???
             NDIS_HANDLE ProtocolBindingContext=???
             PNDIS_OPEN_BLOCK AdapterNextOpen=???
             PNDIS_OPEN_BLOCK ProtocolNextOpen=???
             PFILE_OBJECT FileObject=???
             ........
             .......
        }
It is so strange, all the value are ????, why?
By the way , I couldnot find the definition of NDIS_PROTOCOL_BLOCK in 
win2kddk\inc\ddk\ndis.h. So I use NT DDK.


what is the problem?

Thanks.

best regards
yours brucie
brucie@263.net
b‹š­ç.®·§¶\¬¹??Þv?µ×¯jÁ¥zyÄ½êáj»EŠ»-Q ¢dèº{.n?‰·¬zwZnV§‘éšŠ[h•æ¯z{]zý¸?b²Û(²·(