个人中心
文章发布
退出
作者热门文章
- android - 多次调用 OnPrimaryClipChangedListener
- android - 无法更新 RecyclerView 中的 TextView 字段
- android.database.CursorIndexOutOfBoundsException : Index 0 requested, 光标大小为 0
- android - 使用 AppCompat 时,我们是否需要明确指定其 UI 组件(Spinner、EditText)颜色
25
4
我在同一个二进制文件中有两个 NDIS 过滤器驱动程序。这似乎基于 this MSDN forum thread 工作.
我遇到了一个问题:两个驱动程序都已使用 NetCfg API 成功安装。但是,第二个安装的驱动程序不会启动。它导致 系统错误 2:
C:\Program Files\Npcap>net start npcap
The requested service has already been started.
More help is available by typing NET HELPMSG 2182.
C:\Program Files\Npcap>net start npcap_wifi
System error 2 has occurred.
The system cannot find the file specified.
如果我先安装 npcap_wifi,再安装 npcap,那么 npcap 服务将无法启动。 DbgView 显示第二个驱动程序的 DriverEntry 从未被调用。 NetCfg API 安装也没有显示任何错误。所以我不知道这里出了什么问题?谢谢!
我的源代码:
第一个驱动程序的 INF 是:npcap.inf .它使用服务名称 npcap。
第二个驱动程序的 INF 是:npcap_wifi.inf它使用服务名称 npcap_wifi。
共享二进制文件是:Packet.c .我使用 DriverEntry 的 RegistryPath 来确定二进制文件作为哪个服务运行。
驱动安装程序是:NPFInstall.cpp .命令NPFInstall.exe -i 用于安装第一个驱动程序,NPFInstall.exe -i2 用于安装第二个驱动程序。
更新:
我已经根据你的假服务方法修改了npcap.inf:
;-------------------------------------------------------------------------
; NPCAP.INF -- Npcap NDIS 6.x LightWeight Filter Driver
;
; Copyright (c) 2015, Insecure.Com LLC. All rights reserved.
;------------------------------------------------------------------------
[version]
Signature = "$Windows NT$"
Class = NetService
ClassGUID = {4D36E974-E325-11CE-BFC1-08002BE10318}
CatalogFile = %NPF_DriverName%.cat
Provider = %Insecure%
DriverVer=05/15/2015,14.48.38.905
[Manufacturer]
%Insecure%=Insecure,NTx86,NTia64,NTamd64
[Insecure.NTx86]
%NPF_Desc_Standard%=FilterStandard, INSECURE_NPCAP
%NPF_Desc_WiFi%=FilterWiFi, INSECURE_NPCAP_WIFI
[Insecure.NTia64]
%NPF_Desc_Standard%=FilterStandard, INSECURE_NPCAP
%NPF_Desc_WiFi%=FilterWiFi, INSECURE_NPCAP_WIFI
[Insecure.NTamd64]
%NPF_Desc_Standard%=FilterStandard, INSECURE_NPCAP
%NPF_Desc_WiFi%=FilterWiFi, INSECURE_NPCAP_WIFI
;-------------------------------------------------------------------------
; Installation Section
;-------------------------------------------------------------------------
[FilterStandard]
NetCfgInstanceId="{7daf2ac8-e9f6-4765-a842-f1f5d2501341}"
Copyfiles = npf.copyfiles.sys
Characteristics=0x40000
AddReg=FilterStandard.reg
[FilterWiFi]
NetCfgInstanceId="{7daf2ac8-e9f6-4765-a842-f1f5d2501351}"
Characteristics=0x40000
AddReg=FilterWiFi.reg
[SourceDisksNames]
1=%NPF_Desc_Standard%,"",,
[SourceDisksFiles]
npcap.sys=1
[DestinationDirs]
DefaultDestDir=12
npf.copyfiles.sys=12
[npf.copyfiles.sys]
%NPF_DriverName%.sys,,,2
;-------------------------------------------------------------------------
; Ndi installation support for the standard filter
;-------------------------------------------------------------------------
[FilterStandard.reg]
HKR, Ndi,Service,,%NPF_Filter_Name_Standard%
HKR, Ndi,CoServices,0x00010000,%NPF_Filter_Name_Standard%
HKR, Ndi,HelpText,,%NPF_HelpText%
HKR, Ndi,FilterClass,, compression
; For a Monitoring filter, use this:
; HKR, Ndi,FilterType,0x00010001, 1 ; Monitoring filter
; For a Modifying filter, use this:
; HKR, Ndi,FilterType,0x00010001, 2 ; Modifying filter
HKR, Ndi,FilterType,0x00010001,2
HKR, Ndi\Interfaces,UpperRange, , noupper
HKR, Ndi\Interfaces,LowerRange, , "ndis5,ndis4"
; TODO: Ensure that the list of media types below is correct. Typically,
; filters include "ethernet". Filters may also include "ppip" to include
; native WWAN stacks, but you must be prepared to handle the packet framing.
; Possible values are listed on MSDN, but common values include:
; ethernet, wan, ppip, wlan
HKR, Ndi\Interfaces, FilterMediaTypes,,"ethernet, fddi, wan, ppip, wlan, bluetooth, ndis5, vwifi, flpp4, flpp6, vchannel, nolower"
; For a Mandatory filter, use this:
; HKR, Ndi,FilterRunType,0x00010001, 1 ; Mandatory filter
; For an Optional filter, use this:
; HKR, Ndi,FilterRunType,0x00010001, 2 ; Optional filter
HKR, Ndi,FilterRunType,0x00010001, 2 ; Optional filter
; By default, Mandatory filters unbind all protocols when they are
; installed/uninstalled, while Optional filters merely pause the stack. If you
; would like to override this behavior, you can include these options. These
; options only take effect with 6.30 filters on Windows "8" or later.
; To prevent a full unbind, and merely pause/restart protocols:
; HKR, Ndi,UnbindOnAttach,0x00010001, 0 ; Do not unbind during FilterAttach
; HKR, Ndi,UnbindOnDetach,0x00010001, 0 ; Do not unbind during FilterDetach
; To force a full unbind/bind (which includes pause/restart, of course):
; HKR, Ndi,UnbindOnAttach,0x00010001, 1 ; Unbind during FilterAttach
; HKR, Ndi,UnbindOnDetach,0x00010001, 1 ; Unbind during FilterDetach
;
;-------------------------------------------------------------------------
; Ndi installation support for the WiFi filter
;-------------------------------------------------------------------------
[FilterWiFi.reg]
HKR, Ndi,Service,,%NPF_Filter_Name_WiFi%
HKR, Ndi,CoServices,0x00010000,%NPF_Filter_Name_WiFi%
HKR, Ndi,HelpText,,%NPF_HelpText%
HKR, Ndi,FilterClass,, ms_medium_converter_128
; For a Monitoring filter, use this:
; HKR, Ndi,FilterType,0x00010001, 1 ; Monitoring filter
; For a Modifying filter, use this:
; HKR, Ndi,FilterType,0x00010001, 2 ; Modifying filter
HKR, Ndi,FilterType,0x00010001,2
HKR, Ndi\Interfaces,UpperRange, , noupper
HKR, Ndi\Interfaces,LowerRange, , "ndis5,ndis4"
; TODO: Ensure that the list of media types below is correct. Typically,
; filters include "ethernet". Filters may also include "ppip" to include
; native WWAN stacks, but you must be prepared to handle the packet framing.
; Possible values are listed on MSDN, but common values include:
; ethernet, wan, ppip, wlan
HKR, Ndi\Interfaces, FilterMediaTypes,,"ethernet, fddi, wan, ppip, wlan, bluetooth, ndis5, vwifi, flpp4, flpp6, vchannel, nolower"
; For a Mandatory filter, use this:
; HKR, Ndi,FilterRunType,0x00010001, 1 ; Mandatory filter
; For an Optional filter, use this:
; HKR, Ndi,FilterRunType,0x00010001, 2 ; Optional filter
HKR, Ndi,FilterRunType,0x00010001, 2 ; Optional filter
; By default, Mandatory filters unbind all protocols when they are
; installed/uninstalled, while Optional filters merely pause the stack. If you
; would like to override this behavior, you can include these options. These
; options only take effect with 6.30 filters on Windows "8" or later.
; To prevent a full unbind, and merely pause/restart protocols:
; HKR, Ndi,UnbindOnAttach,0x00010001, 0 ; Do not unbind during FilterAttach
; HKR, Ndi,UnbindOnDetach,0x00010001, 0 ; Do not unbind during FilterDetach
; To force a full unbind/bind (which includes pause/restart, of course):
; HKR, Ndi,UnbindOnAttach,0x00010001, 1 ; Unbind during FilterAttach
; HKR, Ndi,UnbindOnDetach,0x00010001, 1 ; Unbind during FilterDetach
;
;-------------------------------------------------------------------------
; Service installation support
;-------------------------------------------------------------------------
[FilterStandard.Services]
AddService=%NPF_Filter_Name_Standard%,,FilterStandard.svc
[FilterWiFi.Services]
AddService=%NPF_Filter_Name_WiFi%,,FilterWiFi.svc
[FilterStandard.svc]
DisplayName = %NPF_Desc_Standard%
ServiceType = 1 ;SERVICE_KERNEL_DRIVER
StartType = 3 ;SERVICE_DEMAND_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary = %12%\%NPF_DriverName%.sys
LoadOrderGroup = NDIS
Description = %NPF_Desc_Standard%
AddReg = Common.Params.reg, NdisImPlatformBindingOptions.reg
[FilterWiFi.svc]
DisplayName = %NPF_Desc_WiFi%
ServiceType = 1 ;SERVICE_KERNEL_DRIVER
StartType = 3 ;SERVICE_DEMAND_START
ErrorControl = 1 ;SERVICE_ERROR_NORMAL
ServiceBinary = %12%\%NPF_DriverName%.sys
LoadOrderGroup = NDIS
Description = %NPF_Desc_WiFi%
AddReg = Common.Params.reg, NdisImPlatformBindingOptions.reg
[FilterStandard.Remove.Services]
DelService=%NPF_Filter_Name_Standard%,0x200 ; SPSVCINST_STOPSERVICE
[FilterWiFi.Remove.Services]
DelService=%NPF_Filter_Name_WiFi%,0x200 ; SPSVCINST_STOPSERVICE
[Common.Params.reg]
[NdisImPlatformBindingOptions.reg]
HKR, Parameters, NdisImPlatformBindingOptions,0x00010001,0 ; Subscribe to default behavior
[Strings]
NPF_DriverName = "npcap"
NPF_Filter_Name_Standard = "npcap"
NPF_Filter_Name_WiFi = "npcap_wifi"
Insecure = "Nmap Project"
NPF_Desc_Standard = "Npcap Packet Driver (NPCAP)"
NPF_Desc_WiFi = "Npcap Packet Driver (NPCAP) (Wi-Fi)"
NPF_HelpText = "A NDIS 6 filter driver & WFP callout driver to support packet capturing and sending under Windows 7, 8 & 10"
我的安装程序代码更改为:
HRESULT HrInstallNetComponent(IN INetCfg* pnc, IN LPCTSTR lpszComponentId, IN const GUID* pguidClass, IN LPCTSTR lpszInfFullPath)
{
DWORD dwError;
HRESULT hr = S_OK;
TCHAR szDrive[_MAX_DRIVE];
TCHAR szDir[_MAX_DIR];
TCHAR szDirWithDrive[_MAX_DRIVE + _MAX_DIR];
//
// If full path to INF has been specified, the INF
// needs to be copied using Setup API to ensure that any other files
// that the primary INF copies will be correctly found by Setup API
//
if (lpszInfFullPath)
{
//
// Get the path where the INF file is.
//
_tsplitpath(lpszInfFullPath, szDrive, szDir, NULL, NULL);
_tcscpy(szDirWithDrive, szDrive);
_tcscat(szDirWithDrive, szDir);
//
// Copy the Service INF file to the \Windows\Inf Folder
//
if (!SetupCopyOEMInfW(lpszInfFullPath, szDirWithDrive, // Other files are in the
// same dir. as primary INF
SPOST_PATH, // First param is path to INF
0, // Default copy style
NULL, // Name of the INF after
// it's copied to %windir%\inf
0, // Max buf. size for the above
NULL, // Required size if non-null
NULL) // Optionally get the filename
// part of Inf name after it is copied.
)
{
dwError = GetLastError();
hr = HRESULT_FROM_WIN32(dwError);
}
}
if (S_OK == hr)
{
//
// Install the network component.
//
hr = HrInstallComponent(pnc, NDISLWF_SERVICE_PNP_DEVICE_ID, pguidClass);
if (hr == S_OK)
{
hr = HrInstallComponent(pnc, NDISLWF_SERVICE_PNP_DEVICE_ID_WIFI, pguidClass);
if (hr == S_OK)
{
//
// On success, apply the changes
//
hr = pnc->Apply();
}
}
}
return hr;
}
结果是第二个服务 npcap_wifi 以系统错误 2 结束:
C:\Program Files\Npcap>sc query npcap
SERVICE_NAME: npcap
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Program Files\Npcap>sc query npcap_wifi
[SC] EnumQueryServicesStatus:OpenService FAILED 1060:
The specified service does not exist as an installed service.
C:\Program Files\Npcap>sc query npcap
SERVICE_NAME: npcap
TYPE : 1 KERNEL_DRIVER
STATE : 4 RUNNING
(STOPPABLE, NOT_PAUSABLE, IGNORES_SHUTDOWN)
WIN32_EXIT_CODE : 0 (0x0)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Program Files\Npcap>sc query npcap_wifi
SERVICE_NAME: npcap_wifi
TYPE : 1 KERNEL_DRIVER
STATE : 1 STOPPED
WIN32_EXIT_CODE : 2 (0x2)
SERVICE_EXIT_CODE : 0 (0x0)
CHECKPOINT : 0x0
WAIT_HINT : 0x0
C:\Program Files\Npcap>net start npcap
The requested service has already been started.
More help is available by typing NET HELPMSG 2182.
C:\Program Files\Npcap>net start npcap_wifi
System error 2 has occurred.
The system cannot find the file specified.
C:\Program Files\Npcap>
这看起来对吗?问题是我仍然没有得到 DbgView 中第二个 LWF 的 DriverEntry 调用?那么第二届 LWF 是如何运作的呢?
更新:
我想这就是我接下来应该做的?我在我的 DriverEntry 中调用了两次 NdisFRegisterFilterDriver 以注册 2 个 LWF。 2 个FChars 结构仅在FriendlyName, UniqueName, ServiceName 上有所不同。但是第二个 NdisFRegisterFilterDriver 总是因 NDIS_STATUS_FAILURE (0xc0000001) 而失败。我不知道为什么。
这是我的代码:
//
// Packet Driver's entry routine.
//
_Use_decl_annotations_
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
NDIS_FILTER_DRIVER_CHARACTERISTICS FChars;
NDIS_FILTER_DRIVER_CHARACTERISTICS FChars_WiFi;
NTSTATUS Status = STATUS_SUCCESS;
// Use NonPaged Pool instead of No-Execute (NX) Nonpaged Pool for Win8 and later, this is for security purpose.
ExInitializeDriverRuntime(DrvRtPoolNxOptIn);
WCHAR* bindT;
PKEY_VALUE_PARTIAL_INFORMATION tcpBindingsP;
UNICODE_STRING macName;
ULONG OsMajorVersion, OsMinorVersion;
NDISGROUPMAXPROCESSORCOUNT MyNdisGroupMaxProcessorCount;
NDIS_STRING GroupMaxProcessorCount;
UNREFERENCED_PARAMETER(RegistryPath);
TRACE_ENTER();
FilterDriverObject = DriverObject;
PsGetVersion(&OsMajorVersion, &OsMinorVersion, NULL, NULL);
TRACE_MESSAGE2(PACKET_DEBUG_LOUD, "OS Version: %d.%d\n", OsMajorVersion, OsMinorVersion);
// RegistryPath = "\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\npcap" for standard driver
// RegistryPath = "\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\npcap_wifi" for WiFi driver
g_Dot11SupportMode = 0;
for (USHORT i = 0; i < RegistryPath->Length / 2; i ++)
{
if (RegistryPath->Buffer[i] == L'_')
{
g_Dot11SupportMode = 1;
break;
}
}
TRACE_MESSAGE1(PACKET_DEBUG_LOUD, "g_Dot11SupportMode (based on RegistryPath) = %d\n", g_Dot11SupportMode);
if (g_Dot11SupportMode)
NdisInitUnicodeString(&g_NPF_Prefix, g_NPF_PrefixBuffer_Wifi);
else
NdisInitUnicodeString(&g_NPF_Prefix, g_NPF_PrefixBuffer);
//
// Get number of CPUs and save it
//
RtlInitUnicodeString(&GroupMaxProcessorCount, L"NdisGroupMaxProcessorCount");
MyNdisGroupMaxProcessorCount = (NDISGROUPMAXPROCESSORCOUNT) NdisGetRoutineAddress(&GroupMaxProcessorCount);
if (MyNdisGroupMaxProcessorCount) // for NDIS620 and later (Win7 and later).
{
g_NCpu = MyNdisGroupMaxProcessorCount(ALL_PROCESSOR_GROUPS);
TRACE_MESSAGE2(PACKET_DEBUG_LOUD, "g_NCpu (NdisGroupMaxProcessorCount): %d, NPF_MAX_CPU_NUMBER: %d\n", g_NCpu, NPF_MAX_CPU_NUMBER);
if (g_NCpu > NPF_MAX_CPU_NUMBER)
{
g_NCpu = NPF_MAX_CPU_NUMBER;
}
}
else // for NDIS6 (Vista)
{
g_NCpu = NdisSystemProcessorCount();
}
//
// Register as a service with NDIS
//
NPF_registerLWF(&FChars, FALSE);
NPF_registerLWF(&FChars_WiFi, TRUE);
DriverObject->DriverUnload = NPF_Unload;
//
// Standard device driver entry points stuff.
//
DriverObject->MajorFunction[IRP_MJ_CREATE] = NPF_OpenAdapter;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = NPF_CloseAdapter;
DriverObject->MajorFunction[IRP_MJ_CLEANUP] = NPF_Cleanup;
DriverObject->MajorFunction[IRP_MJ_READ] = NPF_Read;
DriverObject->MajorFunction[IRP_MJ_WRITE] = NPF_Write;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = NPF_IoControl;
bindP = getAdaptersList();
if (bindP == NULL)
{
TRACE_MESSAGE(PACKET_DEBUG_LOUD, "Adapters not found in the registry, try to copy the bindings of TCP-IP.");
tcpBindingsP = getTcpBindings();
if (tcpBindingsP == NULL)
{
TRACE_MESSAGE(PACKET_DEBUG_LOUD, "TCP-IP not found, quitting.");
goto RegistryError;
}
bindP = (WCHAR *)tcpBindingsP;
bindT = (WCHAR *)(tcpBindingsP->Data);
}
else
{
bindT = bindP;
}
for (; *bindT != UNICODE_NULL; bindT += (macName.Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR))
{
RtlInitUnicodeString(&macName, bindT);
NPF_CreateDevice(DriverObject, &macName);
}
// Register the filter to NDIS.
Status = NdisFRegisterFilterDriver(DriverObject,
(NDIS_HANDLE) FilterDriverObject,
&FChars,
&FilterDriverHandle);
if (Status != NDIS_STATUS_SUCCESS)
{
TRACE_MESSAGE1(PACKET_DEBUG_LOUD, "NdisFRegisterFilterDriver: failed to register filter with NDIS, Status = %x", Status);
TRACE_EXIT();
return Status;
}
else
{
TRACE_MESSAGE2(PACKET_DEBUG_LOUD, "NdisFRegisterFilterDriver: succeed to register filter with NDIS, Status = %x, FilterDriverHandle = %x", Status, FilterDriverHandle);
}
// Register the WiFi filter to NDIS.
Status = NdisFRegisterFilterDriver(DriverObject,
(NDIS_HANDLE)FilterDriverObject,
&FChars_WiFi,
&FilterDriverHandle_WiFi);
if (Status != NDIS_STATUS_SUCCESS)
{
TRACE_MESSAGE1(PACKET_DEBUG_LOUD, "NdisFRegisterFilterDriver: failed to register filter (WiFi) with NDIS, Status = %x", Status);
TRACE_EXIT();
return Status;
}
else
{
TRACE_MESSAGE2(PACKET_DEBUG_LOUD, "NdisFRegisterFilterDriver: succeed to register filter (WiFi) with NDIS, Status = %x, FilterDriverHandle_WiFi = %x", Status, FilterDriverHandle_WiFi);
}
#ifdef HAVE_WFP_LOOPBACK_SUPPORT
// Use Winsock Kernel (WSK) to send loopback packets.
Status = NPF_WSKStartup();
if (!NT_SUCCESS(Status))
{
TRACE_EXIT();
return Status;
}
Status = NPF_WSKInitSockets();
if (!NT_SUCCESS(Status))
{
TRACE_EXIT();
return Status;
}
#endif
NdisAllocateSpinLock(&g_OpenArrayLock);
TRACE_EXIT();
return STATUS_SUCCESS;
RegistryError:
Status = STATUS_UNSUCCESSFUL;
TRACE_EXIT();
return(Status);
}
//-------------------------------------------------------------------
VOID
NPF_registerLWF(
PNDIS_FILTER_DRIVER_CHARACTERISTICS pFChars,
BOOLEAN bWiFiOrNot
)
{
NDIS_STRING FriendlyName = RTL_CONSTANT_STRING(NPF_SERVICE_DESC_WIDECHAR); // display name
NDIS_STRING UniqueName = RTL_CONSTANT_STRING(FILTER_UNIQUE_NAME); // unique name, quid name
NDIS_STRING ServiceName = RTL_CONSTANT_STRING(NPF_DRIVER_NAME_SMALL_WIDECHAR); // this to match the service name in the INF
NDIS_STRING FriendlyName_WiFi = RTL_CONSTANT_STRING(NPF_SERVICE_DESC_WIDECHAR_WIFI); // display name
NDIS_STRING UniqueName_WiFi = RTL_CONSTANT_STRING(FILTER_UNIQUE_NAME_WIFI); // unique name, quid name
NDIS_STRING ServiceName_WiFi = RTL_CONSTANT_STRING(NPF_DRIVER_NAME_SMALL_WIDECHAR_WIFI); // this to match the service name in the INF
NdisZeroMemory(pFChars, sizeof(NDIS_FILTER_DRIVER_CHARACTERISTICS));
pFChars->Header.Type = NDIS_OBJECT_TYPE_FILTER_DRIVER_CHARACTERISTICS;
pFChars->Header.Size = sizeof(NDIS_FILTER_DRIVER_CHARACTERISTICS);
#if NDIS_SUPPORT_NDIS61
pFChars->Header.Revision = NDIS_FILTER_CHARACTERISTICS_REVISION_2;
#else
pFChars->Header.Revision = NDIS_FILTER_CHARACTERISTICS_REVISION_1;
#endif
pFChars->MajorNdisVersion = NDIS_FILTER_MAJOR_VERSION; // NDIS version is 6.2 (Windows 7)
pFChars->MinorNdisVersion = NDIS_FILTER_MINOR_VERSION;
pFChars->MajorDriverVersion = 1; // Driver version is 1.0
pFChars->MinorDriverVersion = 0;
pFChars->Flags = 0;
// Use different names for the WiFi driver.
if (bWiFiOrNot)
{
pFChars->FriendlyName = FriendlyName_WiFi;
pFChars->UniqueName = UniqueName_WiFi;
pFChars->ServiceName = ServiceName;
// pFChars->ServiceName = ServiceName_WiFi;
}
else
{
pFChars->FriendlyName = FriendlyName;
pFChars->UniqueName = UniqueName;
pFChars->ServiceName = ServiceName;
}
pFChars->SetOptionsHandler = NPF_RegisterOptions;
pFChars->AttachHandler = NPF_AttachAdapter;
pFChars->DetachHandler = NPF_DetachAdapter;
pFChars->RestartHandler = NPF_Restart;
pFChars->PauseHandler = NPF_Pause;
pFChars->SetFilterModuleOptionsHandler = NPF_SetModuleOptions;
pFChars->OidRequestHandler = NPF_OidRequest;
pFChars->OidRequestCompleteHandler = NPF_OidRequestComplete;
pFChars->CancelOidRequestHandler = NPF_CancelOidRequest;
pFChars->SendNetBufferListsHandler = NPF_SendEx;
pFChars->ReturnNetBufferListsHandler = NPF_ReturnEx;
pFChars->SendNetBufferListsCompleteHandler = NPF_SendCompleteEx;
pFChars->ReceiveNetBufferListsHandler = NPF_TapEx;
pFChars->DevicePnPEventNotifyHandler = NPF_DevicePnPEventNotify;
pFChars->NetPnPEventHandler = NPF_NetPnPEvent;
pFChars->StatusHandler = NPF_Status;
pFChars->CancelSendNetBufferListsHandler = NPF_CancelSendNetBufferLists;
}
对于第二个 LWF,我使用了第一个 LWF 的 ServiceName (npcap),或者使用了它自己的 npcap_wifi,都不起作用。
完整的源代码在这里:https://github.com/nmap/npcap/commit/1cac59271a9772ebbfff0db9c8a051b6553c25a2
更新:
我分析了 WPP 轨迹,它显示:
[1]0004.015C::08/28/2016-20:26:58.498 [mp]==>NdisFRegisterFilterDriver: DriverObject FFFF8A85572FD6D0, Npcap Packet Driver (NPCAP)
[1]0004.015C::08/28/2016-20:26:58.498 [mp]==>ndisCreateFilterDriverRegistry, FilterServiceName FFFFCB01F6F617D0
[1]0004.015C::08/28/2016-20:26:58.498 [mp]Reading DefaultFilterSettings from registry - Status 0xc0000034(STATUS_OBJECT_NAME_NOT_FOUND), Validation = 0
[1]0004.015C::08/28/2016-20:26:58.498 [mp]==>ndisSetAllFilterDefaultParameters, FilterServiceName FFFFCB01F6F617D0 FilterRegistryPath FFFFCB01F6F61610 FilterParams FFFFF80DD6A88598
[1]0004.015C::08/28/2016-20:26:58.498 [mp]<==ndisSetAllFilterDefaultParameters, FilterServiceName FFFFCB01F6F617D0 FilterRegistryPath FFFFCB01F6F61610 FilterParams FFFFF80DD6A88598 Status 0
[1]0004.015C::08/28/2016-20:26:58.498 [mp]<==ndisCreateFilterDriverRegistry, FilterServiceName FFFFCB01F6F617D0 Status 0
[1]0004.015C::08/28/2016-20:26:58.498 [mp]>Begin filter driver's SetOptionsHandler. FilterDriver=FFFF8A85532E6010
[1]0004.015C::08/28/2016-20:26:58.498 [mp]<End filter driver's SetOptionsHandler. FilterDriver=FFFF8A85532E6010, Status=0x00000000
[1]0004.015C::08/28/2016-20:26:58.498 [km]Begin PNP operations on miniport FFFF8A85538DC1A0
[0]0004.015C::08/28/2016-20:26:58.498 [km]End PNP operations on miniport FFFF8A85538DC1A0
[0]0004.015C::08/28/2016-20:26:58.499 [mp]<==NdisFRegisterFilterDriver, Status 0
[0]0004.015C::08/28/2016-20:26:58.499 [mp]==>NdisFRegisterFilterDriver: DriverObject FFFF8A85572FD6D0, Npcap Packet Driver (NPCAP) (WiFi version)
[0]0004.015C::08/28/2016-20:26:58.499 [mp]==>ndisCreateFilterDriverRegistry, FilterServiceName FFFFCB01F6F618B0
[0]0004.015C::08/28/2016-20:26:58.499 [mp]Reading DefaultFilterSettings from registry - Status STATUS_SUCCESS, Validation = 0
[0]0004.015C::08/28/2016-20:26:58.499 [mp]<==ndisCreateFilterDriverRegistry, FilterServiceName FFFFCB01F6F618B0 Status 0
[0]0004.015C::08/28/2016-20:26:58.499 [mp]NdisFRegisterFilterDriver: Cannot find filter 7daf2ac8-e9f6-4765-a842-f1f5d2501351 in the registry. Did INetCfg install this filter successfully?
[0]0004.015C::08/28/2016-20:26:58.499 [mp]<==NdisFRegisterFilterDriver, Status c0000001
所以 NDIS 似乎没有找到第二个过滤器的注册表 7daf2ac8-e9f6-4765-a842-f1f5d2501351。但是我在 regedit 中检查过了。它有那个 key :
Windows Registry Editor Version 5.00
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501341}]
"InstallTimeStamp"=hex:e0,07,08,00,00,00,1c,00,0c,00,1a,00,39,00,88,03
"Characteristics"=dword:00040000
"ComponentId"="INSECURE_NPCAP"
"Description"="@oem11.inf,%npf_desc_standard%;Npcap Packet Driver (NPCAP)"
"InfPath"="oem11.inf"
"InfSection"="FilterStandard"
"LocDescription"="@oem11.inf,%npf_desc_standard%;Npcap Packet Driver (NPCAP)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501341}\Ndi]
"TimeStamp"=hex:e0,07,08,00,00,00,1c,00,0c,00,1a,00,39,00,88,03
"HelpText"="A NDIS 6 filter driver & WFP callout driver to support packet capturing and sending under Windows 7, 8 & 10"
"Service"="npcap"
"CoServices"=hex(7):6e,00,70,00,63,00,61,00,70,00,00,00,00,00
"FilterClass"="compression"
"FilterType"=dword:00000002
"FilterRunType"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501341}\Ndi\Interfaces]
"LowerRange"="ndis5,ndis4"
"UpperRange"="noupper"
"FilterMediaTypes"="ethernet, fddi, wan, ppip, wlan, bluetooth, ndis5, vwifi, flpp4, flpp6, vchannel, nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501351}]
"InstallTimeStamp"=hex:e0,07,08,00,00,00,1c,00,0c,00,1a,00,3a,00,7e,02
"Characteristics"=dword:00040000
"ComponentId"="INSECURE_NPCAP_WIFI"
"Description"="@oem11.inf,%npf_desc_wifi%;Npcap Packet Driver (NPCAP) (Wi-Fi)"
"InfPath"="oem11.inf"
"InfSection"="FilterWiFi"
"LocDescription"="@oem11.inf,%npf_desc_wifi%;Npcap Packet Driver (NPCAP) (Wi-Fi)"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501351}\Ndi]
"TimeStamp"=hex:e0,07,08,00,00,00,1c,00,0c,00,1a,00,3a,00,7e,02
"HelpText"="A NDIS 6 filter driver & WFP callout driver to support packet capturing and sending under Windows 7, 8 & 10"
"Service"="npcap_wifi"
"CoServices"=hex(7):6e,00,70,00,63,00,61,00,70,00,5f,00,77,00,69,00,66,00,69,\
00,00,00,00,00
"FilterClass"="ms_medium_converter_128"
"FilterType"=dword:00000002
"FilterRunType"=dword:00000002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4d36e974-e325-11ce-bfc1-08002be10318}\{7DAF2AC8-E9F6-4765-A842-F1F5D2501351}\Ndi\Interfaces]
"LowerRange"="ndis5,ndis4"
"UpperRange"="noupper"
"FilterMediaTypes"="ethernet, fddi, wan, ppip, wlan, bluetooth, ndis5, vwifi, flpp4, flpp6, vchannel, nolower"
所以我不知道为什么 NDIS 报告 NdisFRegisterFilterDriver: Cannot find filter 7daf2ac8-e9f6-4765-a842-f1f5d2501351 in the registry。 INetCfg 是否成功安装了这个过滤器??
最佳答案
二进制镜像(.sys 文件)一次只能由系统加载一次。您不能同时为两种不同的服务加载相同的图像。 (也不能为服务加载一次,为 PNP 驱动程序加载一次。)这意味着您将总是看到DriverEntry、DriverUnload, DriverEntry, DriverUnload, ....你永远不会看到DriverEntry, DriverEntry, DriverUnload,DriverUnload。
每个 NDIS LWF 或协议(protocol)驱动程序都需要一个服务来保存一些注册表项。但这是第一个技巧:服务不一定要运行!您可以为 LWF 创建虚拟服务记录,然后让其他服务实际使用 LWF。 NDIS 不会验证您传递给 NdisFRegisterFilterDriver 的 ServiceName。 (是的,依靠这个技巧是可以的。我以微软 NDIS 所有者的权威发言。)
有内置的驱动程序可以做到这一点。查看 TCPIP 和 TCPIP6。这是两种不同的服务,也是两种不同的协议(protocol)驱动程序,但只有一个镜像 (tcpip.sys)。 TCPIP 服务是真正的服务——它实际上会在启动时启动。 TCPIP6 服务是假的 — 它被标记为永不启动,如果您尝试手动启动它,它将无法工作。
(另外:不要以 WFPLWFS 为例。虽然它也有 3 个过滤器驱动程序共享 1 个二进制文件,但它做了一些不同的事情,如果您尝试这样做会导致一些问题。另外,从 Windows 10 开始,TCPIP 和 TCPIP6 使用的 INF 有点假,所以你不应该假设它们是如何执行此技巧的好例子。)
您可以选择使用 1 个 INF 或 2 个 INF 注册所有这些;它对操作系统没有太大影响。假设 1 个 INF,只是为了让示例更短。
所以你需要的是:
假设 ServiceA 是真实服务,而 ServiceB 是假服务。
Driver.inf 将具有:
[Manufacturer]
Contoso=Models,NTamd64
[Models.NTamd64]
"Cool Filter A"=FilterA, my_filter_a
"Awesome Filter B"=FilterB, my_filter_b
[FilterA]
NetCfgInstanceId="{guid-aaaa-guid}"
CopyFiles=copy.driver.sys
Characteristics=0x40000
AddReg=FilterA.reg
[FilterB]
NetCfgInstanceId="{guid-bbbb-guid}"
Characteristics=0x40000
AddReg=FilterB.reg
[FilterA.reg]
HKR,Ndi,Service,,"ServiceA"
HKR,etc,etc,etc
[FilterB.reg]
HKR,Ndi,Service,,"ServiceB"
HKR,etc,etc,etc
[FilterA.Services]
AddService=ServiceA,,FilterA.svc
[FilterB.Services]
AddService=ServiceB,,FilterB.svc
[FilterA.svc]
StartType = Demand
ServiceBinary = Driver.sys
[FilterB.svc]
StartType = Demand
ServiceBinary = Driver.sys
[copy.driver.sys]
driver.sys,,,2
请注意,您注册了 2 个 LWF,创建了 2 个服务,并复制了 1 个图像。
您通过调用 1 次 SetupCopyOEMInf 和调用 2 次 INetCfgClassSetup::Install 来安装它,对于 my_filter_a 和 my_filter_b 。
要启动驱动程序,只需启动 1 个服务,ServiceA。永远不要启动其他虚拟服务。
但是如果您不想同时运行两个过滤器怎么办?简单 — 在您希望 LWF 实际启动之前,不要调用 NdisFRegisterFilterDriver。您始终可以从 ioctl 处理程序注册/注销您的过滤器驱动程序。所以您的 DriverEntry 将相当空 — 只需创建一个设备对象来监听 ioctl。
另一种选择是创建 2 个服务,每个服务都有自己的驱动程序镜像。但是驱动程序镜像将是对单个共享导出驱动程序(如 DLL)的调用的薄包装。您可以将所有实际工作放在该共享导出驱动程序中。
ServiceA ServiceB
| |
| |
DriverA.sys DriverB.sys
\ /
\ /
TheRealDriver.sys
这使它变得简单,尽管它最终会带来一堆额外的驱动程序。
关于c - 一个二进制文件中的两个过滤器驱动程序导致第二个驱动程序出现系统错误 2,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/39149099/
25
4
0
我有这个代码: System.err.print("number of terms = "); System.out.println(allTerms.size()); System.err
我有以下问题:在操作系统是 Linux 的情况下和在操作系统是 MacOs 的情况下,我必须执行不同的操作。 所以我创建了以下 Ant 脚本目标: /u
我正在调用 system("bash ../tools/bashScript\"This is an argument!\"&"),然后我正在调用 close(socketFD) 直接在 system
使用最初生成的随机元素来约束随机数组的连续元素是否有效。 例如:我想生成一组 10 个 addr、size 对来模拟典型的内存分配例程并具有如下类: class abc; rand bit[5:0
我正在创建一个必须使用system(const char*)函数来完成一些“繁重工作”的应用程序,并且我需要能够为用户提供粗略的进度百分比。例如,如果操作系统正在为您移动文件,它会为您提供一个进度条,
我即将编写一些项目经理、开发人员和业务分析师会使用的标准/指南和模板。目标是更好地理解正在开发或已经开发的解决方案。 其中一部分是提供有关记录解决方案的标准/指南。例如。记录解决/满足业务案例/用户需
在开发使用压缩磁盘索引或磁盘文件的应用程序时,其中部分索引或文件被重复访问(为了论证,让我们说一些类似于 Zipfian 分布的东西),我想知道什么时候足够/更好地依赖操作系统级缓存(例如,Debia
我们编写了一个 powershell 脚本,用于处理来自内部系统的图像并将其发送到另一个系统。现在,业务的另一部分希望加入其中,对数据进行自己的处理,并将其推送到另一个系统。打听了一下,公司周围有几个
我正在尝试朗姆酒我的应用程序,但我收到以下错误:System.Web.HttpUnhandledException:引发了“System.Web.HttpUnhandledException”类型的异
关闭。这个问题不符合Stack Overflow guidelines .它目前不接受答案。 要求我们推荐或查找工具、库或最喜欢的场外资源的问题对于 Stack Overflow 来说是偏离主题的,
所以我在其他程序中没有收到此错误,但我在这个程序中收到了它。 这个程序是一个我没有收到错误的示例。 #include int main() { system("pause"); } // en
我在 c# System.URI.FormatExption 中遇到问题 为了清楚起见,我使用的是 Segseuil 的 Matlab 方法,并且它返回一个图片路径 result。我想为其他用户保存此
我正在尝试像这样设置文本框的背景色: txtCompanyName.BackColor = Drawing.Color.WhiteSmoke; 它不喜欢它,因为它要我在前面添加系统,例如: txtCo
请帮助我解决 System.StackOverflowException我想用 .aspx 将记录写入数据库我使用 4 层架构来实现这一切都正常但是当我编译页面然后它显示要插入数据的字段时,当我将数据
我使用了一些通常由系统调用的API。 因此,我将 android:sharedUserId="android.uid.system" 添加到 manifest.xml, 并使用来自 GIT 的 And
我正在尝试创建一个小型应用程序,它需要对/system 文件夹进行读/写访问(它正在尝试删除一个文件,并创建一个新文件来代替它)。我可以使用 adb 毫无问题地重新挂载该文件夹,如果我这样做,我的应用
我想从没有 su 的系统 priv-app 将/system 重新挂载为 RW。如何以编程方式执行此操作?只会用 Runtime.getruntime().exec() 执行一个 shell 命令吗
我正在尝试制作一个带有登录系统的程序我对此很陌生,但我已经连续工作 8 个小时试图解决这个问题。这是我得到的错误代码 + ServerVersion 'con.ServerVersion' threw
当我“构建并运行”Code::Blocks 中的程序时,它运行得非常好!但是当我从“/bin”文件夹手动运行它时,当它试图用 system() 调用“temp.bat”时,它会重置。这是为什么?它没有
我想使用 system/pipe 命令来执行具有特殊字符的命令。下面是示例代码。通过系统/管道执行命令后,它通过改变特殊字符来改变命令。我很惊讶地看到系统命令正在更改作为命令传递的文本。 run(ch
我是一名优秀的程序员,十分优秀!