I am new to writing Drivers. I have wriiten a hook driver over TCP/IP driver. In my hook driver I am dispatching all the IRP’s to the TCP/IP driver through IOCallDriver method ( I felt, after successfully dispatching all the IRP’s, I can add fuctionality to my filter driver).
I am successfully able to attach to “\Device\Tcp”. But after that My system is crashing. I am attaching the code below.
Please tell me if I am missing anything.
Regards,
Gopikrishna.
#include <ntddk.h> // various NT definitions
#include <ntiologc.h>
#include <string.h>
#include “TCPEncryptor.h”
// pointer to the lower TCP/IP device
PDEVICE_OBJECT TCPIPDevice;
// pointer to the local filter device
PDEVICE_OBJECT TCPIPFilterDevice;
PDEVICE_OBJECT ThisDevice;
NTSTATUS
DriverEntry(
IN OUT PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
NTSTATUS ntStatus;
KdPrint((“TCPIP Driver entry Filter Level Drv\n”));
DriverObject->MajorFunction [IRP_MJ_CREATE] =
DriverObject->MajorFunction [IRP_MJ_CLOSE] =
DriverObject->MajorFunction [IRP_MJ_CLEANUP] =
DriverObject->MajorFunction [IRP_MJ_INTERNAL_DEVICE_CONTROL] =
DriverObject->MajorFunction [IRP_MJ_DEVICE_CONTROL] = DrvDispatchGeneral;
DriverObject->DriverUnload = DrvUnloadDriver;
ntStatus = DrvInitialize(DriverObject);
if ( !NT_SUCCESS( ntStatus ) )
{
KdPrint((“TCPIP Encrption Driver: DrvInitailize failed”));
return ntStatus;
}
return ntStatus;
}
NTSTATUS
DrvInitialize(
IN PDRIVER_OBJECT DriverObject
)
{
UNICODE_STRING ntUnicodeString;
UNICODE_STRING Win32NameString;
NTSTATUS ntStatus;
RtlInitUnicodeString( &ntUnicodeString, NT_DEVICE_NAME );
ntStatus = IoCreateDevice(
DriverObject, // Our Driver Object
0, // We don’t use a device extension
&ntUnicodeString, // Device name
FILE_DEVICE_UNKNOWN, // Device type
0, // Device characteristics
FALSE, // Not an exclusive device
&ThisDevice ); // Returned ptr to Device Object
if ( !NT_SUCCESS( ntStatus ) )
{
KdPrint((“TCPIP Encrption Driver:: Couldn’t create the device object\n”));
goto InitializeExit;
}
//
// Allocate and initialize a Unicode String containing the Win32 name
// for our device.
//
RtlInitUnicodeString( &Win32NameString, DOS_DEVICE_NAME );
ntStatus = IoCreateSymbolicLink(
&Win32NameString, &ntUnicodeString );
if(!NT_SUCCESS(ntStatus)){
goto InitializeExit;
}
ntStatus=DrvFilterInit(DriverObject);
if(!NT_SUCCESS(ntStatus)){
IoDeleteDevice (ThisDevice);
IoDeleteSymbolicLink(&Win32NameString);
return ntStatus;
}
InitializeExit:
if ( !NT_SUCCESS( ntStatus ) )
{
//
// Delete everything that this routine has allocated.
//
if ( ThisDevice != NULL )
{
IoDeleteDevice( ThisDevice);
}
}
return ntStatus;
}
NTSTATUS
DrvClose(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
KdPrint((“TCPIP Encrption Driver:: Close irp”));
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
IoCompleteRequest( Irp, IO_NO_INCREMENT );
return STATUS_SUCCESS;
}
NTSTATUS
DrvDispatchGeneral(
IN PDEVICE_OBJECT DeviceObject,
IN PIRP Irp
)
{
NTSTATUS ntstatus;
PIO_STACK_LOCATION currentIrpStack = IoGetCurrentIrpStackLocation(Irp);
PIO_STACK_LOCATION nextIrpStack = IoGetNextIrpStackLocation(Irp);
KdPrint((“TCPIP Encryption Driver: DrvDispatch General CHECKING MAJOR FUNCTION CODE !\n”));
//
// Default to success.
//
KdPrint((“TCPIP Encryption Driver: DrvDispatch General!\n”));
if( DeviceObject == TCPIPFilterDevice) {
//
// It’s for Ltf
//
KdPrint((“TCPIP Encrypter Driver: Calling Lower driver!\n”));
nextIrpStack = currentIrpStack;
IoCallDriver( TCPIPDevice, Irp );
ntstatus= IoCallDriver( TCPIPDevice, Irp );
if (ntstatus== STATUS_SUCCESS ){
KdPrint((“TCPIP Encrypter Driver: Returned from Lower driver Successfully!\n”));
return ntstatus;
}
else
{
KdPrint((“TCPIP Encrypter Driver: Return from Lower driver failed!\n”));
return ntstatus;
}
} else {
//
// Nothing to do here, so just…
//
KdPrint((“TCPIP Encryption Driver: Doing Noting in dispatch!\n”));
Irp->IoStatus.Status = STATUS_SUCCESS;
Irp->IoStatus.Information = 0;
return STATUS_SUCCESS;
}
}
NTSTATUS
DrvFilterInit(
IN PDRIVER_OBJECT DriverObject
)
/++
Routine Description:
Create a device object and attaches it to the
first Ltf device
Arguments:
DeviceObject - pointer to a device object.
Return Value:
NT Status code
–/
{
UNICODE_STRING ntUnicodeString;
NTSTATUS ntStatus;
PDEVICE_OBJECT DeviceObject = NULL;
//
// Only hook onto the first Ltf chain. BUGBUG
//
RtlInitUnicodeString( &ntUnicodeString, L"\Device\Tcp");
//
// Create device object for the Ltf
//
ntStatus = IoCreateDevice( DriverObject,
0,
NULL,
FILE_DEVICE_UNKNOWN,
0,
FALSE,
&TCPIPFilterDevice);
if( !NT_SUCCESS(ntStatus) ) {
KdPrint((“TCPIP Encrption Driver: failed to create filter device for TCPIP!\n”));
return ntStatus;
}
//
// Attach to the Ltf chain.
//
ntStatus = IoAttachDevice( TCPIPFilterDevice, &ntUnicodeString, &TCPIPDevice );
if( !NT_SUCCESS(ntStatus) ) {
KdPrint((“TCPIP Encryption driver: Connect with TCPIP failed!\n”));
IoDeleteDevice( TCPIPFilterDevice );
return ntStatus;
}
return STATUS_SUCCESS;
}
VOID
DrvUnloadDriver(
IN PDRIVER_OBJECT DriverObject
)
{
UNICODE_STRING uniWin32NameString;
KdPrint((“TopLevel Driver : Unload driver\n”));
RtlInitUnicodeString( &uniWin32NameString, DOS_DEVICE_NAME );
//
// Delete the link from our device name to a name in the Win32 namespace.
//
IoDetachDevice(TCPIPDevice);
IoDeleteDevice(TCPIPFilterDevice);
IoDeleteSymbolicLink( &uniWin32NameString );
IoDeleteDevice( ThisDevice);
//
// Create counted string version of our Win32 device name.
//
}</string.h></ntiologc.h></ntddk.h>