Hi All
When hooking NDIS.SYS, is it possible to disable protection only on NDIS.SYS page. If yes how is this possible, and what functions can we use to do this or is there some undocumented functions/ assembler code that will do this.
Any Help received would be greatfull
Steve
Either by disabling write protection through registry settings, either on IA32 use a sequence such as
mov ebx , cr0
push ebx
and ebx , ~10000h
mov cr0, ebx
// do patch here
pop ebx
mov cr0, ebx
WARNING: Patching system modules is a wrong technique. Dont use such techniques unless is your last hope to accomplis what you want.
Please dont use such code in a production driver.
----- Original Message -----
From: Steve Pratt
To: NT Developers Interest List
Sent: Wednesday, December 04, 2002 2:04 PM
Subject: [ntdev] Disabling protection on NDIS.SYS
Hi All
When hooking NDIS.SYS, is it possible to disable protection only on NDIS.SYS page. If yes how is this possible, and what functions can we use to do this or is there some undocumented functions/ assembler code that will do this.
Any Help received would be greatfull
Steve
You are currently subscribed to ntdev as: xxxxx@rdsor.ro
To unsubscribe send a blank email to %%email.unsub%%
Remap it by
IoAllocateMdl
MmBuildMdlForNonPagedPool
MmGetSystemAddressForMdlSafe
You can also reset the PTE’s bit directly, which is more dirty.
Max
----- Original Message -----
From: Steve Pratt
To: NT Developers Interest List
Sent: Wednesday, December 04, 2002 3:04 PM
Subject: [ntdev] Disabling protection on NDIS.SYS
Hi All
When hooking NDIS.SYS, is it possible to disable protection only on NDIS.SYS page. If yes how is this possible, and what functions can we use to do this or is there some undocumented functions/ assembler code that will do this.
Any Help received would be greatfull
Steve
You are currently subscribed to ntdev as: xxxxx@storagecraft.com
To unsubscribe send a blank email to %%email.unsub%%
Hi Max
We have tried resetting the PTE’s bit, but it still does not disable write protection. Can you be any more specific?
Thanks
Steve
xxxxx@bemac.com
----- Original Message -----
From: Maxim S. Shatskih
To: NT Developers Interest List
Sent: Wednesday, December 04, 2002 2:35 PM
Subject: [ntdev] Re: Disabling protection on NDIS.SYS
Remap it by
IoAllocateMdl
MmBuildMdlForNonPagedPool
MmGetSystemAddressForMdlSafe
You can also reset the PTE’s bit directly, which is more dirty.
Max
----- Original Message -----
From: Steve Pratt
To: NT Developers Interest List
Sent: Wednesday, December 04, 2002 3:04 PM
Subject: [ntdev] Disabling protection on NDIS.SYS
Hi All
When hooking NDIS.SYS, is it possible to disable protection only on NDIS.SYS page. If yes how is this possible, and what functions can we use to do this or is there some undocumented functions/ assembler code that will do this.
Any Help received would be greatfull
Steve
You are currently subscribed to ntdev as: xxxxx@bemac.com
To unsubscribe send a blank email to %%email.unsub%%
> ----------
From: xxxxx@bemac.com[SMTP:xxxxx@bemac.com]
Reply To: xxxxx@lists.osr.com
Sent: Thursday, December 05, 2002 10:32 AM
To: xxxxx@lists.osr.com
Subject: [ntdev] Re: Disabling protection on NDIS.SYSWe have tried resetting the PTE’s bit, but it still does not disable
write protection. Can you be any more specific?
Why do not use CR0 solution which is probably the easiest one? Concerned
about IA64?
BTW, could you explain the purpose of hooking ndis.sys?
Best regards,
Michal Vodicka
STMicroelectronics Design and Application s.r.o.
[michal.vodicka@st.com, http:://www.st.com]
Sometimes , hooking into NDIS , is the best solution for a strong custom
firewall solution combined with a IDS.
Sometimes , only .
Anyway, if he builds such a FW model , his problems will just begin with
this “patch”. Remapping through MDL works
also great. PTE manipulation , he should forget that 
If they build a firewall , they most likely dont care about MS
certification. Anyway, I hope that any production driver which uses
such techniques will be in-house tested more throughly than MS would doit,
regardless what marketing guys want.
----- Original Message -----
From: “Michal Vodicka”
To: “NT Developers Interest List”
Sent: Thursday, December 05, 2002 10:26 PM
Subject: [ntdev] Re: Disabling protection on NDIS.SYS
> > ----------
> > From: xxxxx@bemac.com[SMTP:xxxxx@bemac.com]
> > Reply To: xxxxx@lists.osr.com
> > Sent: Thursday, December 05, 2002 10:32 AM
> > To: xxxxx@lists.osr.com
> > Subject: [ntdev] Re: Disabling protection on NDIS.SYS
> >
> > We have tried resetting the PTE’s bit, but it still does not disable
> > write protection. Can you be any more specific?
> >
> Why do not use CR0 solution which is probably the easiest one? Concerned
> about IA64?
>
> BTW, could you explain the purpose of hooking ndis.sys?
>
> Best regards,
>
> Michal Vodicka
> STMicroelectronics Design and Application s.r.o.
> [michal.vodicka@st.com, http:://www.st.com]
>
>
>
> >
> >
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@rdsor.ro
> To unsubscribe send a blank email to %%email.unsub%%
>