Windows System Software -- Consulting, Training, Development -- Unique Expertise, Guaranteed Results

Home NTDEV

Before Posting...

Please check out the Community Guidelines in the Announcements and Administration Category.

More Info on Driver Writing and Debugging


The free OSR Learning Library has more than 50 articles on a wide variety of topics about writing and debugging device drivers and Minifilters. From introductory level to advanced. All the articles have been recently reviewed and updated, and are written using the clear and definitive style you've come to expect from OSR over the years.


Check out The OSR Learning Library at: https://www.osr.com/osr-learning-library/


FWPM_LAYER_DATAGRAM_DATA_V4 injection error

liangdodoliangdodo Member Posts: 15
in NTDEV

I use the FwpsInjectTransportReceiveAsync function to inject inbound packets in FWPM_LAYER_DATAGRAM_DATA_V4, the FwpsInjectTransportReceiveAsync function returns success, but the STATUS_PROTOCOL_UNREACHABLE(0xc0000023e) error appears in the injection completion callback function.

But when I turn off my windows firewall I don't have this error anymore, does anyone know how to do this?

Rough code:

void NTAPI InboundDatagramDataComplete(
    IN void* context,
    IN OUT NET_BUFFER_LIST* netBufferList,
    IN BOOLEAN dispatchLevel
){

    if (!NT_SUCCESS(netBufferList->Status)){
        DbgPrint("fail,Status=%x", netBufferList->Status);//Error 0xc0000023e will be printed here
    }

    FwpsFreeCloneNetBufferList(netBufferList, 0);
}

......

status = FwpsInjectTransportReceiveAsync(g_injectionHandle,
        NULL, 0, 0, AF_INET,
        inMetaValues->compartmentId,
        interfaceIndex,
        subInterfaceIndex,
        pCloneNetBufferList,
        InboundDatagramDataComplete,
        NULL);

if (!NT_SUCCESS(status)) {
    DbgPrint("FwpsInjectTransportReceiveAsync() fail\n");
    goto Exit;
}

......
· Share on Facebook
Sign In or Register to comment.

Howdy, Stranger!

It looks like you're new here. Sign in or register to get started.

Sign In Register
Upcoming OSR Seminars
OSR has suspended in-person seminars due to the Covid-19 outbreak. But, don't miss your training! Attend via the internet instead!
Kernel Debugging 13-17 May 2024 Live, Online
Developing Minifilters 1-5 Apr 2024 Live, Online
Internals & Software Drivers 11-15 Mar 2024 Live, Online
Writing WDF Drivers 26 Feb - 1 Mar 2024 Live, Online

Categories