Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


Filter driver on TCP/IP driver

OSR_Community_UserOSR_Community_User Member Posts: 110,217
I am new to writing Drivers. I have wriiten a hook driver over TCP/IP driver. In my hook driver I am dispatching all the IRP's to the TCP/IP driver through IOCallDriver method ( I felt, after successfully dispatching all the IRP's, I can add fuctionality to my filter driver).

I am successfully able to attach to "\Device\Tcp". But after that My system is crashing. I am attaching the code below.
Please tell me if I am missing anything.

Regards,
Gopikrishna.

#include // various NT definitions
#include
#include

#include "TCPEncryptor.h"
// pointer to the lower TCP/IP device
PDEVICE_OBJECT TCPIPDevice;
// pointer to the local filter device
PDEVICE_OBJECT TCPIPFilterDevice;
PDEVICE_OBJECT ThisDevice;
NTSTATUS
DriverEntry(
IN OUT PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
NTSTATUS ntStatus;

KdPrint(("TCPIP Driver entry Filter Level Drv\n"));
DriverObject->MajorFunction [IRP_MJ_CREATE] =
DriverObject->MajorFunction [IRP_MJ_CLOSE] =
DriverObject->MajorFunction [IRP_MJ_CLEANUP] =
DriverObject->MajorFunction [IRP_MJ_INTERNAL_DEVICE_CONTROL] =
DriverObject->MajorFunction [IRP_MJ_DEVICE_CONTROL] = DrvDispatchGeneral;

DriverObject->DriverUnload = DrvUnloadDriver;

ntStatus = DrvInitialize(DriverObject);

if ( !NT_SUCCESS( ntStatus ) )
{
KdPrint(("TCPIP Encrption Driver: DrvInitailize failed"));
return ntStatus;
}
return ntStatus;
}

NTSTATUS
DrvInitialize(
IN PDRIVER_OBJECT DriverObject
)
{
UNICODE_STRING ntUnicodeString;
UNICODE_STRING Win32NameString;
NTSTATUS ntStatus;

RtlInitUnicodeString( &ntUnicodeString, NT_DEVICE_NAME );

ntStatus = IoCreateDevice(
DriverObject, // Our Driver Object
0, // We don't use a device extension
&ntUnicodeString, // Device name
FILE_DEVICE_UNKNOWN, // Device type
0, // Device characteristics
FALSE, // Not an exclusive device
&ThisDevice ); // Returned ptr to Device Object

if ( !NT_SUCCESS( ntStatus ) )
{
KdPrint(("TCPIP Encrption Driver:: Couldn't create the device object\n"));
goto InitializeExit;
}

//
// Allocate and initialize a Unicode String containing the Win32 name
// for our device.
//

RtlInitUnicodeString( &Win32NameString, DOS_DEVICE_NAME );

ntStatus = IoCreateSymbolicLink(
&Win32NameString, &ntUnicodeString );

if(!NT_SUCCESS(ntStatus)){
goto InitializeExit;
}

ntStatus=DrvFilterInit(DriverObject);
if(!NT_SUCCESS(ntStatus)){
IoDeleteDevice (ThisDevice);
IoDeleteSymbolicLink(&Win32NameString);
return ntStatus;
}
InitializeExit:

if ( !NT_SUCCESS( ntStatus ) )
{
//
// Delete everything that this routine has allocated.
//
if ( ThisDevice != NULL )
{
IoDeleteDevice( ThisDevice);
}
}

return ntStatus;
}

NTSTATUS
DrvClose(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
KdPrint(("TCPIP Encrption Driver:: Close irp"));
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;

IoCompleteRequest( Irp, IO_NO_INCREMENT );

return STATUS_SUCCESS;
}

NTSTATUS
DrvDispatchGeneral(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
NTSTATUS ntstatus;
PIO_STACK_LOCATION currentIrpStack = IoGetCurrentIrpStackLocation(Irp);
PIO_STACK_LOCATION nextIrpStack = IoGetNextIrpStackLocation(Irp);

KdPrint(("TCPIP Encryption Driver: DrvDispatch General CHECKING MAJOR FUNCTION CODE !\n"));

//
// Default to success.
//

KdPrint(("TCPIP Encryption Driver: DrvDispatch General!\n"));
if( DeviceObject == TCPIPFilterDevice) {
//
// It's for Ltf
//
KdPrint(("TCPIP Encrypter Driver: Calling Lower driver!\n"));
*nextIrpStack = *currentIrpStack;
IoCallDriver( TCPIPDevice, Irp );
ntstatus= IoCallDriver( TCPIPDevice, Irp );
if (ntstatus== STATUS_SUCCESS ){
KdPrint(("TCPIP Encrypter Driver: Returned from Lower driver Successfully!\n"));
return ntstatus;
}
else
{
KdPrint(("TCPIP Encrypter Driver: Return from Lower driver failed!\n"));
return ntstatus;
}

} else {
//
// Nothing to do here, so just..
//
KdPrint(("TCPIP Encryption Driver: Doing Noting in dispatch!\n"));
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
return STATUS_SUCCESS;
}
}

NTSTATUS
DrvFilterInit(
IN PDRIVER_OBJECT DriverObject
)
/*++

Routine Description:

Create a device object and attaches it to the
first Ltf device

Arguments:

DeviceObject - pointer to a device object.

Return Value:

NT Status code

--*/

{
UNICODE_STRING ntUnicodeString;
NTSTATUS ntStatus;
PDEVICE_OBJECT DeviceObject = NULL;


//
// Only hook onto the first Ltf chain. BUGBUG
//
RtlInitUnicodeString( &ntUnicodeString, L"\\Device\\Tcp");
//
// Create device object for the Ltf
//
ntStatus = IoCreateDevice( DriverObject,
0,
NULL,
FILE_DEVICE_UNKNOWN,
0,
FALSE,
&TCPIPFilterDevice);

if( !NT_SUCCESS(ntStatus) ) {
KdPrint(("TCPIP Encrption Driver: failed to create filter device for TCPIP!\n"));
return ntStatus;
}

//
// Attach to the Ltf chain.
//
ntStatus = IoAttachDevice( TCPIPFilterDevice, &ntUnicodeString, &TCPIPDevice );
if( !NT_SUCCESS(ntStatus) ) {
KdPrint(("TCPIP Encryption driver: Connect with TCPIP failed!\n"));
IoDeleteDevice( TCPIPFilterDevice );
return ntStatus;
}

return STATUS_SUCCESS;

}
VOID
DrvUnloadDriver(
IN PDRIVER_OBJECT DriverObject
)
{
UNICODE_STRING uniWin32NameString;
KdPrint(("TopLevel Driver : Unload driver\n"));
RtlInitUnicodeString( &uniWin32NameString, DOS_DEVICE_NAME );

//
// Delete the link from our device name to a name in the Win32 namespace.
//
IoDetachDevice(TCPIPDevice);

IoDeleteDevice(TCPIPFilterDevice);

IoDeleteSymbolicLink( &uniWin32NameString );
IoDeleteDevice( ThisDevice);
//
// Create counted string version of our Win32 device name.
//
}

Comments

  • Thomas_F._DivineThomas_F._Divine Member Posts: 537
    Gopikrishna,

    There are several potential problems in your code.

    One to look at right away is the method that you use in DrvDispatchGeneral
    to copy the current stack location to the next stack location. The method
    that you used will result in the caller's completion routine being called
    twice instead of once. Clone the IoCopyCurrentStackLocationToNext MACRO from
    the W2K DDK into your NT project to correct this. There is an article in the
    OSR NTInsider called (I think...) "The Secrets Of The Universe Revealed"
    that discusses quirks in the handling of IRPs. See <www.osr.com>.

    In addition, at lease check to see if there is sufficient stack locations to
    pass the call down. If Irp->CurrentStackLocation == 1, then there really
    isn't a next stack location to copy to.

    In your call to IoCreateDevice you need to adopt the DeviceType and
    Characteristics of the lower level driver.

    After your call to IoCreateDevice you need to adopt the DO_XXX_IO Falgs
    settings of the target device as well. This shouldn't matter too much,
    however, since Tcp, etc. do not use Read/Write.

    I hope that these comments will help.

    Regards,

    Thomas F. Divine

    PCAUSA - Toolkits & Resources For Network Software Developers
    NDIS Protocol - TDI Client - Windows 95 Redirector
    <http://www.pcausa.com&gt;


    ----- Original Message -----
    From: Gopikrishna <[email protected]>
    To: NT Developers Interest List <[email protected]>
    Sent: Friday, April 14, 2000 6:46 AM
    Subject: [ntdev] Filter driver on TCP/IP driver


    I am new to writing Drivers. I have wriiten a hook driver over TCP/IP
    driver. In my hook driver I am dispatching all the IRP's to the TCP/IP
    driver through IOCallDriver method ( I felt, after successfully dispatching
    all the IRP's, I can add fuctionality to my filter driver).

    I am successfully able to attach to "\Device\Tcp". But after that My system
    is crashing. I am attaching the code below.
    Please tell me if I am missing anything.

    Regards,
    Gopikrishna.
  • OSR_Community_User-35OSR_Community_User-35 Member Posts: 154
    Also, you appear to be passing the IRP to the lower driver twice:

    *nextIrpStack = *currentIrpStack;
    IoCallDriver( TCPIPDevice, Irp );
    ntstatus= IoCallDriver( TCPIPDevice, Irp );

    -----------------------------------------------------------------------
    Dave Cox
    Hewlett-Packard Co.
    HPSO/SSMO (Santa Barbara)
    https://ecardfile.com/id/Dave+Cox


    -----Original Message-----
    From: Thomas F. Divine [mailto:[email protected]]
    Sent: Friday, April 14, 2000 7:08 AM
    To: NT Developers Interest List
    Subject: [ntdev] Re: Filter driver on TCP/IP driver


    Gopikrishna,

    There are several potential problems in your code.

    One to look at right away is the method that you use in DrvDispatchGeneral
    to copy the current stack location to the next stack location. The method
    that you used will result in the caller's completion routine being called
    twice instead of once. Clone the IoCopyCurrentStackLocationToNext MACRO from
    the W2K DDK into your NT project to correct this. There is an article in the
    OSR NTInsider called (I think...) "The Secrets Of The Universe Revealed"
    that discusses quirks in the handling of IRPs. See <www.osr.com>.

    In addition, at lease check to see if there is sufficient stack locations to
    pass the call down. If Irp->CurrentStackLocation == 1, then there really
    isn't a next stack location to copy to.

    In your call to IoCreateDevice you need to adopt the DeviceType and
    Characteristics of the lower level driver.

    After your call to IoCreateDevice you need to adopt the DO_XXX_IO Falgs
    settings of the target device as well. This shouldn't matter too much,
    however, since Tcp, etc. do not use Read/Write.

    I hope that these comments will help.

    Regards,

    Thomas F. Divine

    PCAUSA - Toolkits & Resources For Network Software Developers
    NDIS Protocol - TDI Client - Windows 95 Redirector
    <http://www.pcausa.com&gt;


    ----- Original Message -----
    From: Gopikrishna <[email protected]>
    To: NT Developers Interest List <[email protected]>
    Sent: Friday, April 14, 2000 6:46 AM
    Subject: [ntdev] Filter driver on TCP/IP driver


    I am new to writing Drivers. I have wriiten a hook driver over TCP/IP
    driver. In my hook driver I am dispatching all the IRP's to the TCP/IP
    driver through IOCallDriver method ( I felt, after successfully dispatching
    all the IRP's, I can add fuctionality to my filter driver).

    I am successfully able to attach to "\Device\Tcp". But after that My system
    is crashing. I am attaching the code below.
    Please tell me if I am missing anything.

    Regards,
    Gopikrishna.




    ---
    You are currently subscribed to ntdev as: [email protected]
    To unsubscribe send a blank email to $subst('Email.Unsub')
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 30 January 2023 Live, Online
Developing Minifilters 20 March 2023 Live, Online
Internals & Software Drivers 17 April 2023 Live, Online
Writing WDF Drivers 22 May 2023 Live, Online