VOID
LlcTerminate(
VOID
)
/*++
Routine Description:
The routines terminates the LLC protocol module and frees its global
resources. This assumes all adapter bindings to be closed.
Arguments:
None.
Return Value:
None.
--*/
{
NDIS_STATUS Status;
ASSUME_IRQL(PASSIVE_LEVEL);
LlcTerminateTimerSystem();
NdisDeregisterProtocol(&Status, LlcProtocolHandle);
IoFreeMdl(pXidMdl);
}
VOID
natpUnloadProtocol(
VOID
)
{
NDIS_STATUS Status;
if (ProtHandle != NULL){
NdisDeregisterProtocol(&Status, ProtHandle);
ProtHandle = NULL;
}
}
VOID NDIS_API PacketUnload()
{
// deregister the protocol, free remaining memory
// - called by NdisCloseAdapter when last adapter closed
NDIS_STATUS Status;
if (GlobalDeviceExtension != NULL) {
NdisDeregisterProtocol(&Status, GlobalDeviceExtension->NdisProtocolHandle);
if (Status == NDIS_STATUS_SUCCESS)
NdisFreeMemory(GlobalDeviceExtension, sizeof(DEVICE_EXTENSION), 0);
GlobalDeviceExtension = NULL;
}
}
VOID
PtUnloadProtocol(
VOID
)
{
NDIS_STATUS Status;
if (ProtHandle != NULL)
{
NdisDeregisterProtocol(&Status, ProtHandle);
ProtHandle = NULL;
}
DBGPRINT(("PtUnloadProtocol: done!\n"));
}
// 卸载
void DriverUnload(PDRIVER_OBJECT pDriverObj)
{
// 删除控制设备对象和对应的符号连接
UNICODE_STRING ustrLink;
RtlInitUnicodeString(&ustrLink, LINK_NAME);
IoDeleteSymbolicLink(&ustrLink);
if(g_data.pControlDevice != NULL)
IoDeleteDevice(g_data.pControlDevice);
// 解除所有绑定
NDIS_STATUS status;
while(pDriverObj->DeviceObject != NULL) // 这里除了控制设备对象之外,其它全是NIC设备对象
{
ProtocolUnbindAdapter(&status, pDriverObj->DeviceObject->DeviceExtension, NULL);
}
// 取消协议驱动的注册
NdisDeregisterProtocol(&status, g_data.hNdisProtocol);
}
/*
** Free all the resources allocated in PKT_Init()
*/
BOOL PKT_Deinit(DWORD dwContext)
{
NDIS_STATUS Status;
PLIST_ENTRY pHead;
PLIST_ENTRY pEntry;
PADAPTER_NAME pAName;
POPEN_INSTANCE pOI;
pOI = g_pDeviceExtension->pOpenInstance;
if (pOI != NULL) {
PKTCloseAdapter (pOI);
}
//free the names' list
if (!IsListEmpty (&g_pDeviceExtension->listAdapterNames)) {
pHead = &(g_pDeviceExtension->listAdapterNames);
if (pHead != NULL )
{
pEntry = RemoveTailList (pHead);
while (!IsListEmpty(pEntry)){
pAName = CONTAINING_RECORD (pEntry, ADAPTER_NAME, ListElement);
NdisFreeMemory (pAName, sizeof(ADAPTER_NAME), 0);
pEntry = RemoveTailList (pHead);
}
}
}
//unregister the protocol from NDIS
NdisDeregisterProtocol (&Status, g_pDeviceExtension->NdisProtocolHandle);
//free the global device extension
NdisFreeMemory (g_pDeviceExtension, sizeof (DEVICE_EXTENSION), 0);
g_pDeviceExtension = NULL;
return TRUE;
}
VOID unload(PDRIVER_OBJECT driver)
{
DbgBreakPoint();
NDIS_STATUS ndissta;
for (int i = 0; i < global.mininum; i++)
{
ndissta = NdisIMDeInitializeDeviceInstance(global.miniportcontext[i]->Miniportadapterhandle);
}
if (global.driverhandle != NULL)
{
NdisIMDeregisterLayeredMiniport(global.driverhandle);
}
if (global.protocolhandle)
{
NdisDeregisterProtocol(&ndissta, global.protocolhandle);
}
if (global.controlobj)
{
UNICODE_STRING symname;
RtlInitUnicodeString(&symname, SYM_NAME);
IoDeleteSymbolicLink(&symname);
IoDeleteDevice(global.controlobj);
}
}
VOID
ProtocolUnload(
IN PDRIVER_OBJECT DriverObject
)
{
NDIS_STATUS Status;
if (ProtHandle != NULL)
{
NdisDeregisterProtocol(&Status, ProtHandle);
ProtHandle = NULL;
}
NdisIMDeregisterLayeredMiniport(DriverHandle);
// UnInitPacketList();
NdisFreeSpinLock(&GlobalLock);
g_ArpFw_ShareMem = NULL;
UninitUserShareMemory(&g_Share_User_Mem);
}
DWORD GetProtocolHeaderXP()
{
NDIS_STATUS Status;
NDIS_PROTOCOL_CHARACTERISTICS PChars;
NDIS_HANDLE ProtHandle;
NDIS_STRING Name;
PKK_NDIS_PROTOCOL_BLOCK pHeader=NULL;
//
// Now register the protocol.
//
NdisZeroMemory(&PChars, sizeof(NDIS_PROTOCOL_CHARACTERISTICS));
PChars.MajorNdisVersion = 4;
PChars.MinorNdisVersion = 0;
//
// Make sure the protocol-name matches the service-name
// (from the INF) under which this protocol is installed.
// This is needed to ensure that NDIS can correctly determine
// the binding and call us to bind to miniports below.
//
NdisInitUnicodeString(&Name, L"SUPERCI"); // Protocol name
PChars.Name = Name;
// PChars.OpenAdapterCompleteHandler = PtOpenAdapterComplete;
// PChars.CloseAdapterCompleteHandler = PtCloseAdapterComplete;
// PChars.SendCompleteHandler = PtSendComplete;
// PChars.TransferDataCompleteHandler = PtTransferDataComplete;
//
// PChars.ResetCompleteHandler = PtResetComplete;
// PChars.RequestCompleteHandler = PtRequestComplete;
// PChars.ReceiveHandler = PtReceive;
// PChars.ReceiveCompleteHandler = PtReceiveComplete;
// PChars.StatusHandler = PtStatus;
// PChars.StatusCompleteHandler = PtStatusComplete;
// PChars.BindAdapterHandler = PtBindAdapter;
// PChars.UnbindAdapterHandler = PtUnbindAdapter;
// PChars.UnloadHandler = PtUnloadProtocol;
//
// PChars.ReceivePacketHandler = PtReceivePacket;
PChars.BindAdapterHandler = PtBindAdapter;
PChars.UnbindAdapterHandler = PtUnbindAdapter;
//GetReal_NdisRegisterProtocol
//if NdisRegisterProtocol is hook by eat.
//we can search ff 15 xxxxxx,it means a long call [xxxxxx] instruction
NdisRegisterProtocol(&Status,
&ProtHandle,
&PChars,
sizeof(NDIS_PROTOCOL_CHARACTERISTICS));
if (Status != NDIS_STATUS_SUCCESS||ProtHandle==0)
{
return 0;
}
pHeader = (PKK_NDIS_PROTOCOL_BLOCK)ProtHandle;
ProtHandle = (NDIS_HANDLE)pHeader->NextProtocol;
NdisDeregisterProtocol(&Status, pHeader);
if (Status != NDIS_STATUS_SUCCESS)
{
kprintf("NdisDeregisterProtocol() fail in ReturnProtocolHeader()\n ");
return 0;
}
return (ULONG)ProtHandle;
}
NTSTATUS HookNdis ()
/*++
Routine Description:
Hooks NDIS routines.
Arguments:
None.
Return Value:
returns corresponding NTSTATUS to indicate success or failure.
Author:
xiaonie
2012/07/12
--*/
{
ULONG ulProtocolPtr;
NDIS_HANDLE hFakeProtocol = NULL;
PNDIS_OPEN_BLOCK pNdisOpenBlock = NULL;
PNDIS_HOOK_LIST_NODE pNode;
ULONG ulMagic = 0x10; // Hardcoded offset. Only valid with NDIS 5.0, Windows XP.
NTSTATUS status;
// register a fake NDIS protocol in older to obtain a pointer to the NdisOpenBlock structure.
hFakeProtocol = RegisterFakeNDISProtocol();
if (hFakeProtocol == NULL)
return STATUS_UNSUCCESSFUL;
ulProtocolPtr = *(PULONG)((ULONG)hFakeProtocol + ulMagic);
// traverse NDIS protocols to hook all the protocol routines.
while (ulProtocolPtr != 0) {
pNdisOpenBlock = *(PNDIS_OPEN_BLOCK *)ulProtocolPtr;
if (pNdisOpenBlock != NULL) {
pNode = (PNDIS_HOOK_LIST_NODE)ExAllocatePoolWithTag(NonPagedPool, sizeof(NDIS_HOOK_LIST_NODE), '!nmN');
if (pNode != NULL) {
// save real routines for filtering and unhooking.
//pNode->MacHandle = *(PVOID *)pNdisOpenBlock;
//pNode->ProtocolBindingContext = *(NDIS_HANDLE *)((ULONG)pNdisOpenBlock + 16);
//pNode->MacBindingHandle = *(NDIS_HANDLE *)((ULONG)pNdisOpenBlock + 4);
//pNode->pOpenBlock = pNdisOpenBlock;
// pNode->MacHandle = pNdisOpenBlock->MacHandle;
pNode->ProtocolBindingContext = pNdisOpenBlock->Reserved8;
pNode->MacBindingHandle = pNdisOpenBlock->BindingHandle;
pNode->pOpenBlock = pNdisOpenBlock;
// Hook NDIS protocols
pNode->ulRealReceiveHandler = (ULONG)InterlockedExchange((PLONG)&pNdisOpenBlock->ReceiveHandler, (LONG)FakeNDISReceiveHandler);
// pNode->ulRealWanReceivePacketHandler = (ULONG)InterlockedExchange((PLONG)&pNdisOpenBlock->WanReceiveHandler, (LONG)FakeNDISWanReceivePacketHandler);
pNode->ulRealProtocolReceiveHandler = (ULONG)InterlockedExchange((PLONG)&pNdisOpenBlock->ReceivePacketHandler, (LONG)FakeNDISProtocolReceiveHandler);
pNode->ulRealTransferDataCompleteHandler = (ULONG)InterlockedExchange((PLONG)&pNdisOpenBlock->TransferDataCompleteHandler, (LONG)FakeNDISTransferDataCompleteHandler);
ExInterlockedInsertTailList(&g_linkListHead, &pNode->ListEntry, &g_lock);
}
}
ulProtocolPtr = ulProtocolPtr + ulMagic;
ulProtocolPtr = *(PULONG)ulProtocolPtr;
}
// unregister the fake NDIS protocol.
NdisDeregisterProtocol(&status, hFakeProtocol);
return STATUS_SUCCESS;
}