Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results
Before Posting...
Please check out the Community Guidelines in the Announcements and Administration Category.More Info on Driver Writing and Debugging
The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.
Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/
How to modify NetBufferList in FilterReceiveNetBufferLists?
OSR_Community_User
Member Posts: 110,217
in NTDEV
Hi Dear All,
I am writing a filter driver to modify the traffic network packet. According to the doc of msdn, filter drivers can filter received data before indicating the data to overlying drivers. For each buffer that is submitted to its FilterReceiveNetBufferLists function, a filter driver can modify the contents of the buffer before calling NdisFIndicateReceiveNetBufferLists.
I reference to the sample of the filter driver "ndislwf" and modify the FilterReceiveNetBufferLists function. I queue the NetBufferList in a local structure and do the modification. And then I pass the local structure as the NetBufferList to the NdisFIndicateReceiveNetBufferLists function, but blue screen at once.
I want to ask that how can I modify the contents of the buffer before calling NdisFIndicateReceiveNetBufferLists? Any sample or advice?
Regards,
Daisy
I am writing a filter driver to modify the traffic network packet. According to the doc of msdn, filter drivers can filter received data before indicating the data to overlying drivers. For each buffer that is submitted to its FilterReceiveNetBufferLists function, a filter driver can modify the contents of the buffer before calling NdisFIndicateReceiveNetBufferLists.
I reference to the sample of the filter driver "ndislwf" and modify the FilterReceiveNetBufferLists function. I queue the NetBufferList in a local structure and do the modification. And then I pass the local structure as the NetBufferList to the NdisFIndicateReceiveNetBufferLists function, but blue screen at once.
I want to ask that how can I modify the contents of the buffer before calling NdisFIndicateReceiveNetBufferLists? Any sample or advice?
Regards,
Daisy
Howdy, Stranger!
| Upcoming OSR Seminars | ||
|---|---|---|
| OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead! | ||
| Internals & Software Drivers | 19-23 June 2023 | Live, Online |
| Writing WDF Drivers | 10-14 July 2023 | Live, Online |
| Kernel Debugging | 16-20 October 2023 | Live, Online |
| Developing Minifilters | 13-17 November 2023 | Live, Online |
Comments
What u do is fully wrong. You should create new NetBuffer to manipulate MDL (previously NDIS_BUFFER) and chain it to newly created NET_BUFFER. Moreover maybe u misuse some API at wrong DISPATCH level. I advise u to refer to NDIS 6.0 mux intermediate driver and protocol driver sample included with WDK 7600.
In fact, I also come up similar question and posted a thread, but as to yet nobody responses. It is fortune that I have gone through all barriers to completed our own filter driver.
George Lee
not 'own'. A NBL indicated to your driver is usually treated as
'read-only'. To 'modify' the packet, your driver typically would copy the
NBL, modify the copy, indicate the copy, and when the copy is returned, free
it and return the original (unmodified) NBL to the entity that indicated it
to you.
Depending on the nature of the change you wish to make to the NBL, there are
various degrees of 'depth' that you might make to 'copy' the original NBL.
Review carefully the WDK documentation on Cloning Net Buffers (and NBLs) as
well as the effect of Advance/Retreat operations on Net Buffers.
If you want to be able to scribble all of the entire indicated 'frame' from
MAC header to end of transport payload, you could make the 'copy' by doing:
1. Shrink the Original NB to 'nothing' temporarily with an Advance operation
of its entire length.
2. Clone the Original NB.
3. Restore the Original NB by retreating the amount you advanced.
4. Retreat the Clone to the size the Clone will be (whatever it will be
after modification say).
5. Copy what you want form the Original to the Clone making whatever
modifications you want.
6. Indicate the Clone.
... etc.
Other approaches are possible depending on how much you want to modify.
Good Luck,
Dave Cattley
-----Original Message-----
From: [email protected]
[mailto:[email protected]] On Behalf Of [email protected]
Sent: Sunday, December 20, 2009 10:15 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] How to modify NetBufferList in FilterReceiveNetBufferLists?
Hi Dear All,
I am writing a filter driver to modify the traffic network packet. According
to the doc of msdn, filter drivers can filter received data before
indicating the data to overlying drivers. For each buffer that is submitted
to its FilterReceiveNetBufferLists function, a filter driver can modify the
contents of the buffer before calling NdisFIndicateReceiveNetBufferLists.
I reference to the sample of the filter driver "ndislwf" and modify the
FilterReceiveNetBufferLists function. I queue the NetBufferList in a local
structure and do the modification. And then I pass the local structure as
the NetBufferList to the NdisFIndicateReceiveNetBufferLists function, but
blue screen at once.
I want to ask that how can I modify the contents of the buffer before
calling NdisFIndicateReceiveNetBufferLists? Any sample or advice?
Regards,
Daisy
---
NTDEV is sponsored by OSR
For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars
To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer
Pls show some code snippt to demonstrate what u advise.
REegards,
George
Regards,
Daisy
complete your own filter driver, and would u please kindly give me some code snippt that how you can overcome the barriers and modify the NB? Thank you~
Regards,
Daisy