Hi All,
I am writing TDI filter driver on \device\TCP.
I need to pass all the data send to a user mode
application, then application will change the data
and give to my driver again in order to pass this
changed data back. How can I attach the user mode data
to the receive handler so that it will be received in
the original application?
Regards,
Prasanth
On Sat, 2003-11-08 at 00:53, Prasanth M wrote:
Hi All,
I am writing TDI filter driver on \device\TCP.
I need to pass all the data send to a user mode
application, then application will change the data
and give to my driver again in order to pass this
changed data back. How can I attach the user mode data
to the receive handler so that it will be received in
the original application?
Is this something like a VPN or firewall? or are you trying to modify
the TCP data stream mid-conversation? Offhand I’d say that the effects
of modifying a TCP data stream are pretty dependant on the application,
but perhaps I don’t understand the question. What are you trying to
accomplish?
-sd
> changed data back. How can I attach the user mode data
to the receive handler so that it will be received in
the original application?
that will depend on what u r doing with the data. If your
application changes the size of the data somehow, you will
have to reallocate the buffers (MDL etc.), copy your changed
data to those and send them along. If you are not changing the
size, then you can just replace the data and that should work
for the TCP stack atleast. However, if the application which is getting
the data, keeps somekind of checksum etc, you can break those.
Also bear in mind that you are putting up a big bottle neck in the system
by making the data go through a user mode application. I would recommend you
bring all your data changing logic down to the driver itself.
HTH,
–
-Farooque Khan
http://farooque.150m.com
“Prasanth M” wrote in message news:xxxxx@ntdev…
Hi All,
I am writing TDI filter driver on \device\TCP.
I need to pass all the data send to a user mode
application, then application will change the data
and give to my driver again in order to pass this
changed data back. How can I attach the user mode data
to the receive handler so that it will be received in
the original application?
Regards,
Prasanth
Hi,
This is the scenario which I want to solve.An application has initiated a socket and is connected to a server.
I have successfully hooked TDI_CONNECT in the filter driver .
When the application calls recv , I need to put my data into the buffer (ie,the data might be a modified) .But I am not getting a TDI_RECEIVE when the application calls a recv. How can the filter driver knows that the application has called a recv???
----- Original Message -----
From: Farooque Khan
Newsgroups: ntdev
To: Windows System Software Devs Interest List
Sent: Saturday, November 08, 2003 2:59 PM
Subject: [ntdev] Re: Adding data from user mode app in TDI Filter
changed data back. How can I attach the user mode data
> to the receive handler so that it will be received in
> the original application?
that will depend on what u r doing with the data. If your
application changes the size of the data somehow, you will
have to reallocate the buffers (MDL etc.), copy your changed
data to those and send them along. If you are not changing the
size, then you can just replace the data and that should work
for the TCP stack atleast. However, if the application which is getting
the data, keeps somekind of checksum etc, you can break those.
Also bear in mind that you are putting up a big bottle neck in the system
by making the data go through a user mode application. I would recommend you
bring all your data changing logic down to the driver itself.
HTH,
–
-Farooque Khan
http://farooque.150m.com
“Prasanth M” wrote in message news:xxxxx@ntdev…
Hi All,
I am writing TDI filter driver on \device\TCP.
I need to pass all the data send to a user mode
application, then application will change the data
and give to my driver again in order to pass this
changed data back. How can I attach the user mode data
to the receive handler so that it will be received in
the original application?
Regards,
Prasanth
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@calsoft.co.in
To unsubscribe send a blank email to xxxxx@lists.osr.com
Hi,
I am trying to develop a vpn client.In this filter driver,I hooks TDI_SEND
and get the data to the usermode application.From the user mode application
,the data will be encrypted and send to the destination using a new socket
connection.This connection won’t get hooked since I am checking that in the
driver.Once I receive back the data in the user mode application from the
destiantion,I’ll decrypt it and send it back to the driver.Now I need to
transfer this data back to the original application .How can I transfer it
back? How can the filter driver know that the application is waiting on a
recv? I checked with some samples but I didn’t get a TDI_RECEIVE event.
Please Help,
Prasanth
----- Original Message -----
From: “Steve Dispensa”
To: “Windows System Software Devs Interest List”
Sent: Saturday, November 08, 2003 12:45 PM
Subject: [ntdev] Re: Adding data from user mode app in TDI Filter
> On Sat, 2003-11-08 at 00:53, Prasanth M wrote:
> > Hi All,
> >
> > I am writing TDI filter driver on \device\TCP.
> > I need to pass all the data send to a user mode
> > application, then application will change the data
> > and give to my driver again in order to pass this
> > changed data back. How can I attach the user mode data
> > to the receive handler so that it will be received in
> > the original application?
>
> Is this something like a VPN or firewall? or are you trying to modify
> the TCP data stream mid-conversation? Offhand I’d say that the effects
> of modifying a TCP data stream are pretty dependant on the application,
> but perhaps I don’t understand the question. What are you trying to
> accomplish?
>
> -sd
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@calsoft.co.in
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
This is a very, very complex thing, for instance, you must disable the chained receive handler at all, since you will need to cook your own buffer, and the client will call TdiReturnChainedReceives blindly, which requires the real buffer from the NIC miniport.
You will need to properly hook the complex state machine which consists of TDI_RECEIVE IRP and ClientEventReceive callback, which is rather complex and bug-prone.
I would better recommend to filter on top of AFD instead (OK, the IOCTL code to which WSPRecv is turned is undocumented, but can be discovered by 20 minutes of working with disassembly), or write an NDIS IM driver.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: Prasanth M
To: Windows System Software Devs Interest List
Sent: Monday, November 10, 2003 1:22 PM
Subject: [ntdev] Re: Adding data from user mode app in TDI Filter
Hi,
This is the scenario which I want to solve.An application has initiated a socket and is connected to a server.
I have successfully hooked TDI_CONNECT in the filter driver .
When the application calls recv , I need to put my data into the buffer (ie,the data might be a modified) .But I am not getting a TDI_RECEIVE when the application calls a recv. How can the filter driver knows that the application has called a recv???
----- Original Message -----
From: Farooque Khan
Newsgroups: ntdev
To: Windows System Software Devs Interest List
Sent: Saturday, November 08, 2003 2:59 PM
Subject: [ntdev] Re: Adding data from user mode app in TDI Filter
changed data back. How can I attach the user mode data
> to the receive handler so that it will be received in
> the original application?
that will depend on what u r doing with the data. If your
application changes the size of the data somehow, you will
have to reallocate the buffers (MDL etc.), copy your changed
data to those and send them along. If you are not changing the
size, then you can just replace the data and that should work
for the TCP stack atleast. However, if the application which is getting
the data, keeps somekind of checksum etc, you can break those.
Also bear in mind that you are putting up a big bottle neck in the system
by making the data go through a user mode application. I would recommend you
bring all your data changing logic down to the driver itself.
HTH,
–
-Farooque Khan
http://farooque.150m.com
“Prasanth M” wrote in message news:xxxxx@ntdev…
Hi All,
I am writing TDI filter driver on \device\TCP.
I need to pass all the data send to a user mode
application, then application will change the data
and give to my driver again in order to pass this
changed data back. How can I attach the user mode data
to the receive handler so that it will be received in
the original application?
Regards,
Prasanth
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@calsoft.co.in
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
I would suggest to implement the VPN as usually - the virtual WAN adapter
on top of TDI. No need in unreliable dirty hooking of any kind.
Also - what is the market for VPN software today, when MS included it to
the OS?
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: “Prasanth M”
To: “Windows System Software Devs Interest List”
Sent: Monday, November 10, 2003 4:31 PM
Subject: [ntdev] Re: Adding data from user mode app in TDI Filter
> Hi,
> I am trying to develop a vpn client.In this filter driver,I hooks TDI_SEND
> and get the data to the usermode application.From the user mode application
> ,the data will be encrypted and send to the destination using a new socket
> connection.This connection won’t get hooked since I am checking that in the
> driver.Once I receive back the data in the user mode application from the
> destiantion,I’ll decrypt it and send it back to the driver.Now I need to
> transfer this data back to the original application .How can I transfer it
> back? How can the filter driver know that the application is waiting on a
> recv? I checked with some samples but I didn’t get a TDI_RECEIVE event.
> Please Help,
> Prasanth
>
>
> ----- Original Message -----
> From: “Steve Dispensa”
> To: “Windows System Software Devs Interest List”
> Sent: Saturday, November 08, 2003 12:45 PM
> Subject: [ntdev] Re: Adding data from user mode app in TDI Filter
>
>
> > On Sat, 2003-11-08 at 00:53, Prasanth M wrote:
> > > Hi All,
> > >
> > > I am writing TDI filter driver on \device\TCP.
> > > I need to pass all the data send to a user mode
> > > application, then application will change the data
> > > and give to my driver again in order to pass this
> > > changed data back. How can I attach the user mode data
> > > to the receive handler so that it will be received in
> > > the original application?
> >
> > Is this something like a VPN or firewall? or are you trying to modify
> > the TCP data stream mid-conversation? Offhand I’d say that the effects
> > of modifying a TCP data stream are pretty dependant on the application,
> > but perhaps I don’t understand the question. What are you trying to
> > accomplish?
> >
> > -sd
> >
> >
> >
> > —
> > Questions? First check the Kernel Driver FAQ at
> http://www.osronline.com/article.cfm?id=256
> >
> > You are currently subscribed to ntdev as: xxxxx@calsoft.co.in
> > To unsubscribe send a blank email to xxxxx@lists.osr.com
> >
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@storagecraft.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
> a recv. How can the filter driver knows that the application has called a recv???
Most clients don’t use TDI_RECEIVE (AFD including). Instead they use Event
based receive indication (Look at TDI_SET_EVENT). Hook TDI_SET_EVENT
and patch the RecieveEvent being registered with your own. All the data being
received, will come to these events (there are more than one such as expedited receive etc.).
All these are documented in the DDK.
–
-Farooque Khan
http://farooque.150m.com
“Prasanth M” wrote in message news:xxxxx@ntdev…
Hi,
This is the scenario which I want to solve.An application has initiated a socket and is connected to a server.
I have successfully hooked TDI_CONNECT in the filter driver .
When the application calls recv , I need to put my data into the buffer (ie,the data might be a modified) .But I am not getting a TDI_RECEIVE when the application calls a recv. How can the filter driver knows that the application has called a recv???
----- Original Message -----
From: Farooque Khan
Newsgroups: ntdev
To: Windows System Software Devs Interest List
Sent: Saturday, November 08, 2003 2:59 PM
Subject: [ntdev] Re: Adding data from user mode app in TDI Filter
> changed data back. How can I attach the user mode data
> to the receive handler so that it will be received in
> the original application?
that will depend on what u r doing with the data. If your
application changes the size of the data somehow, you will
have to reallocate the buffers (MDL etc.), copy your changed
data to those and send them along. If you are not changing the
size, then you can just replace the data and that should work
for the TCP stack atleast. However, if the application which is getting
the data, keeps somekind of checksum etc, you can break those.
Also bear in mind that you are putting up a big bottle neck in the system
by making the data go through a user mode application. I would recommend you
bring all your data changing logic down to the driver itself.
HTH,
–
-Farooque Khan
http://farooque.150m.com
“Prasanth M” wrote in message news:xxxxx@ntdev…
Hi All,
I am writing TDI filter driver on \device\TCP.
I need to pass all the data send to a user mode
application, then application will change the data
and give to my driver again in order to pass this
changed data back. How can I attach the user mode data
to the receive handler so that it will be received in
the original application?
Regards,
Prasanth
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@calsoft.co.in
To unsubscribe send a blank email to xxxxx@lists.osr.com
Thank you,
But what I need is, say,there is no incomming data comming for a connection and the application is waiting on a recv(). I have some data in the filter driver for the application waiting on recv() ( which I am getting in the driver from another application using a private IOCTL).Can I make an event in the Filter driver so that the data which I am having, can be passed to the application waiting on recv()?
----- Original Message -----
From: Maxim S. Shatskih
To: Windows System Software Devs Interest List
Sent: Monday, November 10, 2003 7:25 PM
Subject: [ntdev] Re: Adding data from user mode app in TDI Filter
This is a very, very complex thing, for instance, you must disable the chained receive handler at all, since you will need to cook your own buffer, and the client will call TdiReturnChainedReceives blindly, which requires the real buffer from the NIC miniport.
You will need to properly hook the complex state machine which consists of TDI_RECEIVE IRP and ClientEventReceive callback, which is rather complex and bug-prone.
I would better recommend to filter on top of AFD instead (OK, the IOCTL code to which WSPRecv is turned is undocumented, but can be discovered by 20 minutes of working with disassembly), or write an NDIS IM driver.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com
----- Original Message -----
From: Prasanth M
To: Windows System Software Devs Interest List
Sent: Monday, November 10, 2003 1:22 PM
Subject: [ntdev] Re: Adding data from user mode app in TDI Filter
Hi,
This is the scenario which I want to solve.An application has initiated a socket and is connected to a server.
I have successfully hooked TDI_CONNECT in the filter driver .
When the application calls recv , I need to put my data into the buffer (ie,the data might be a modified) .But I am not getting a TDI_RECEIVE when the application calls a recv. How can the filter driver knows that the application has called a recv???
----- Original Message -----
From: Farooque Khan
Newsgroups: ntdev
To: Windows System Software Devs Interest List
Sent: Saturday, November 08, 2003 2:59 PM
Subject: [ntdev] Re: Adding data from user mode app in TDI Filter
changed data back. How can I attach the user mode data
> to the receive handler so that it will be received in
> the original application?
that will depend on what u r doing with the data. If your
application changes the size of the data somehow, you will
have to reallocate the buffers (MDL etc.), copy your changed
data to those and send them along. If you are not changing the
size, then you can just replace the data and that should work
for the TCP stack atleast. However, if the application which is getting
the data, keeps somekind of checksum etc, you can break those.
Also bear in mind that you are putting up a big bottle neck in the system
by making the data go through a user mode application. I would recommend you
bring all your data changing logic down to the driver itself.
HTH,
–
-Farooque Khan
http://farooque.150m.com
“Prasanth M” wrote in message news:xxxxx@ntdev…
Hi All,
I am writing TDI filter driver on \device\TCP.
I need to pass all the data send to a user mode
application, then application will change the data
and give to my driver again in order to pass this
changed data back. How can I attach the user mode data
to the receive handler so that it will be received in
the original application?
Regards,
Prasanth
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@calsoft.co.in
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
—
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@calsoft.co.in
To unsubscribe send a blank email to xxxxx@lists.osr.com
On Mon, 2003-11-10 at 08:37, Maxim S. Shatskih wrote:
I would suggest to implement the VPN as usually - the virtual WAN adapter
on top of TDI. No need in unreliable dirty hooking of any kind.
The virtual adapter approach works well too. There is a new virtual
adapter sample in the ddk, but it’s not hard to write one from scratch.
This approach has the advantage of having to tell a slightly less
complicated set of lies to the OS to get things working the way you want
them. It also has its drawbacks, of course.
Also - what is the market for VPN software today, when MS included it to
the OS?
That depends on what MS ends up including in the OS, doesn’t it. IPSec
stinks for remote access, and PPTP has its own set of problems, not
least of which is its reputation. The market for third-party remote
access software (and hardware) is huge at the moment, particularly
“web-based” remote access. See 9-figure acquisitions in the space by
SafeNet and Netscreen in recent weeks.
-sd