Filter driver on TCP/IP driver

I am new to writing Drivers. I have wriiten a hook driver over TCP/IP driver. In my hook driver I am dispatching all the IRP’s to the TCP/IP driver through IOCallDriver method ( I felt, after successfully dispatching all the IRP’s, I can add fuctionality to my filter driver).

I am successfully able to attach to “\Device\Tcp”. But after that My system is crashing. I am attaching the code below.
Please tell me if I am missing anything.

Regards,
Gopikrishna.

#include <ntddk.h> // various NT definitions
#include <ntiologc.h>
#include <string.h>

#include “TCPEncryptor.h”
// pointer to the lower TCP/IP device
PDEVICE_OBJECT TCPIPDevice;
// pointer to the local filter device
PDEVICE_OBJECT TCPIPFilterDevice;
PDEVICE_OBJECT ThisDevice;
NTSTATUS
DriverEntry(
IN OUT PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
NTSTATUS ntStatus;

KdPrint((“TCPIP Driver entry Filter Level Drv\n”));
DriverObject->MajorFunction [IRP_MJ_CREATE] =
DriverObject->MajorFunction [IRP_MJ_CLOSE] =
DriverObject->MajorFunction [IRP_MJ_CLEANUP] =
DriverObject->MajorFunction [IRP_MJ_INTERNAL_DEVICE_CONTROL] =
DriverObject->MajorFunction [IRP_MJ_DEVICE_CONTROL] = DrvDispatchGeneral;

DriverObject->DriverUnload = DrvUnloadDriver;

ntStatus = DrvInitialize(DriverObject);

if ( !NT_SUCCESS( ntStatus ) )
{
KdPrint((“TCPIP Encrption Driver: DrvInitailize failed”));
return ntStatus;
}
return ntStatus;
}

NTSTATUS
DrvInitialize(
IN PDRIVER_OBJECT DriverObject
)
{
UNICODE_STRING ntUnicodeString;
UNICODE_STRING Win32NameString;
NTSTATUS ntStatus;

RtlInitUnicodeString( &ntUnicodeString, NT_DEVICE_NAME );

ntStatus = IoCreateDevice(
DriverObject, // Our Driver Object
0, // We don’t use a device extension
&ntUnicodeString, // Device name
FILE_DEVICE_UNKNOWN, // Device type
0, // Device characteristics
FALSE, // Not an exclusive device
&ThisDevice ); // Returned ptr to Device Object

if ( !NT_SUCCESS( ntStatus ) )
{
KdPrint((“TCPIP Encrption Driver:: Couldn’t create the device object\n”));
goto InitializeExit;
}

//
// Allocate and initialize a Unicode String containing the Win32 name
// for our device.
//

RtlInitUnicodeString( &Win32NameString, DOS_DEVICE_NAME );

ntStatus = IoCreateSymbolicLink(
&Win32NameString, &ntUnicodeString );

if(!NT_SUCCESS(ntStatus)){
goto InitializeExit;
}

ntStatus=DrvFilterInit(DriverObject);
if(!NT_SUCCESS(ntStatus)){
IoDeleteDevice (ThisDevice);
IoDeleteSymbolicLink(&Win32NameString);
return ntStatus;
}
InitializeExit:

if ( !NT_SUCCESS( ntStatus ) )
{
//
// Delete everything that this routine has allocated.
//
if ( ThisDevice != NULL )
{
IoDeleteDevice( ThisDevice);
}
}

return ntStatus;
}

NTSTATUS
DrvClose(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
KdPrint((“TCPIP Encrption Driver:: Close irp”));
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;

IoCompleteRequest( Irp, IO_NO_INCREMENT );

return STATUS_SUCCESS;
}

NTSTATUS
DrvDispatchGeneral(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
NTSTATUS ntstatus;
PIO_STACK_LOCATION currentIrpStack = IoGetCurrentIrpStackLocation(Irp);
PIO_STACK_LOCATION nextIrpStack = IoGetNextIrpStackLocation(Irp);

KdPrint((“TCPIP Encryption Driver: DrvDispatch General CHECKING MAJOR FUNCTION CODE !\n”));

//
// Default to success.
//

KdPrint((“TCPIP Encryption Driver: DrvDispatch General!\n”));
if( DeviceObject == TCPIPFilterDevice) {
//
// It’s for Ltf
//
KdPrint((“TCPIP Encrypter Driver: Calling Lower driver!\n”));
nextIrpStack = currentIrpStack;
IoCallDriver( TCPIPDevice, Irp );
ntstatus= IoCallDriver( TCPIPDevice, Irp );
if (ntstatus== STATUS_SUCCESS ){
KdPrint((“TCPIP Encrypter Driver: Returned from Lower driver Successfully!\n”));
return ntstatus;
}
else
{
KdPrint((“TCPIP Encrypter Driver: Return from Lower driver failed!\n”));
return ntstatus;
}

} else {
//
// Nothing to do here, so just…
//
KdPrint((“TCPIP Encryption Driver: Doing Noting in dispatch!\n”));
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
return STATUS_SUCCESS;
}
}

NTSTATUS
DrvFilterInit(
IN PDRIVER_OBJECT DriverObject
)
/
++

Routine Description:

Create a device object and attaches it to the
first Ltf device

Arguments:

DeviceObject - pointer to a device object.

Return Value:

NT Status code

/

{
UNICODE_STRING ntUnicodeString;
NTSTATUS ntStatus;
PDEVICE_OBJECT DeviceObject = NULL;

//
// Only hook onto the first Ltf chain. BUGBUG
//
RtlInitUnicodeString( &ntUnicodeString, L"\Device\Tcp");
//
// Create device object for the Ltf
//
ntStatus = IoCreateDevice( DriverObject,
0,
NULL,
FILE_DEVICE_UNKNOWN,
0,
FALSE,
&TCPIPFilterDevice);

if( !NT_SUCCESS(ntStatus) ) {
KdPrint((“TCPIP Encrption Driver: failed to create filter device for TCPIP!\n”));
return ntStatus;
}

//
// Attach to the Ltf chain.
//
ntStatus = IoAttachDevice( TCPIPFilterDevice, &ntUnicodeString, &TCPIPDevice );
if( !NT_SUCCESS(ntStatus) ) {
KdPrint((“TCPIP Encryption driver: Connect with TCPIP failed!\n”));
IoDeleteDevice( TCPIPFilterDevice );
return ntStatus;
}

return STATUS_SUCCESS;

}
VOID
DrvUnloadDriver(
IN PDRIVER_OBJECT DriverObject
)
{
UNICODE_STRING uniWin32NameString;
KdPrint((“TopLevel Driver : Unload driver\n”));
RtlInitUnicodeString( &uniWin32NameString, DOS_DEVICE_NAME );

//
// Delete the link from our device name to a name in the Win32 namespace.
//
IoDetachDevice(TCPIPDevice);

IoDeleteDevice(TCPIPFilterDevice);

IoDeleteSymbolicLink( &uniWin32NameString );
IoDeleteDevice( ThisDevice);
//
// Create counted string version of our Win32 device name.
//
}</string.h></ntiologc.h></ntddk.h>

Gopikrishna,

There are several potential problems in your code.

One to look at right away is the method that you use in DrvDispatchGeneral
to copy the current stack location to the next stack location. The method
that you used will result in the caller’s completion routine being called
twice instead of once. Clone the IoCopyCurrentStackLocationToNext MACRO from
the W2K DDK into your NT project to correct this. There is an article in the
OSR NTInsider called (I think…) “The Secrets Of The Universe Revealed”
that discusses quirks in the handling of IRPs. See <www.osr.com>.

In addition, at lease check to see if there is sufficient stack locations to
pass the call down. If Irp->CurrentStackLocation == 1, then there really
isn’t a next stack location to copy to.

In your call to IoCreateDevice you need to adopt the DeviceType and
Characteristics of the lower level driver.

After your call to IoCreateDevice you need to adopt the DO_XXX_IO Falgs
settings of the target device as well. This shouldn’t matter too much,
however, since Tcp, etc. do not use Read/Write.

I hope that these comments will help.

Regards,

Thomas F. Divine

PCAUSA - Toolkits & Resources For Network Software Developers
NDIS Protocol - TDI Client - Windows 95 Redirector
http:

----- Original Message -----
From: Gopikrishna
To: NT Developers Interest List
Sent: Friday, April 14, 2000 6:46 AM
Subject: [ntdev] Filter driver on TCP/IP driver

I am new to writing Drivers. I have wriiten a hook driver over TCP/IP
driver. In my hook driver I am dispatching all the IRP’s to the TCP/IP
driver through IOCallDriver method ( I felt, after successfully dispatching
all the IRP’s, I can add fuctionality to my filter driver).

I am successfully able to attach to “\Device\Tcp”. But after that My system
is crashing. I am attaching the code below.
Please tell me if I am missing anything.

Regards,
Gopikrishna.</http:></www.osr.com>

Also, you appear to be passing the IRP to the lower driver twice:

*nextIrpStack = *currentIrpStack;
IoCallDriver( TCPIPDevice, Irp );
ntstatus= IoCallDriver( TCPIPDevice, Irp );


Dave Cox
Hewlett-Packard Co.
HPSO/SSMO (Santa Barbara)
https://ecardfile.com/id/Dave+Cox

-----Original Message-----
From: Thomas F. Divine [mailto:xxxxx@pcausa.com]
Sent: Friday, April 14, 2000 7:08 AM
To: NT Developers Interest List
Subject: [ntdev] Re: Filter driver on TCP/IP driver

Gopikrishna,

There are several potential problems in your code.

One to look at right away is the method that you use in DrvDispatchGeneral
to copy the current stack location to the next stack location. The method
that you used will result in the caller’s completion routine being called
twice instead of once. Clone the IoCopyCurrentStackLocationToNext MACRO from
the W2K DDK into your NT project to correct this. There is an article in the
OSR NTInsider called (I think…) “The Secrets Of The Universe Revealed”
that discusses quirks in the handling of IRPs. See <www.osr.com>.

In addition, at lease check to see if there is sufficient stack locations to
pass the call down. If Irp->CurrentStackLocation == 1, then there really
isn’t a next stack location to copy to.

In your call to IoCreateDevice you need to adopt the DeviceType and
Characteristics of the lower level driver.

After your call to IoCreateDevice you need to adopt the DO_XXX_IO Falgs
settings of the target device as well. This shouldn’t matter too much,
however, since Tcp, etc. do not use Read/Write.

I hope that these comments will help.

Regards,

Thomas F. Divine

PCAUSA - Toolkits & Resources For Network Software Developers
NDIS Protocol - TDI Client - Windows 95 Redirector
http:

----- Original Message -----
From: Gopikrishna
To: NT Developers Interest List
Sent: Friday, April 14, 2000 6:46 AM
Subject: [ntdev] Filter driver on TCP/IP driver

I am new to writing Drivers. I have wriiten a hook driver over TCP/IP
driver. In my hook driver I am dispatching all the IRP’s to the TCP/IP
driver through IOCallDriver method ( I felt, after successfully dispatching
all the IRP’s, I can add fuctionality to my filter driver).

I am successfully able to attach to “\Device\Tcp”. But after that My system
is crashing. I am attaching the code below.
Please tell me if I am missing anything.

Regards,
Gopikrishna.


You are currently subscribed to ntdev as: david_cox2@hp.com
To unsubscribe send a blank email to $subst(‘Email.Unsub’)</http:></www.osr.com>