NDIS hook for ndis5.1 (windows Xp)

NTDEV
1

Hi guys,

First of all let me congratulate all of the guys involved directly and indirectly in bringing the OSR systems back up so quickly in such extreme conditions. Great work !! :slight_smile:

Now for my question. I am currently trying to hook ndis driver in windows XP. My basic motive behind hooking NDIS is I want to be able to receive & modify all the packets coming to and going out from the system. I succeeded in modifying the IP level packets by registering to the “IPfltip.sys” already present in windows XP. I however wasnt able to modify the ARP packets which come at a layer below it. Through much googling on the issue I found out that the MUX driver in the driver samples of WDK can help my cause.
Now

  1. Can the sample mux driver code help me with this ? (I need to modify IP packets as well as some ether frames related to ARP)
  2. Is there any other reference or source code I need to look into for the same ? I have hard time searching for ndis5.1 supported samples. Most of the samples i came across used ndis6.0 which is the latest

I am currently looking into the Mux sample. Any other pointers in same regard are deeply appreciated. Thanks in advance … :slight_smile:

2

%basedir%\src\network\ndis\passthru

Please don’t build an NDIS hook. Use an IM driver. That is what they are
for. MUX is a ‘kind’ of IM driver but probably not the one you want to look
at if all you want to do is inspect, inject, modify, and drop packets at
will.

Good Luck,
Dave Cattley
Consulting Engineer
Systems Software Development

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of xxxxx@yahoo.com
Sent: Wednesday, December 17, 2008 11:27 AM
To: Windows System Software Devs Interest List
Subject: [ntdev] NDIS hook for ndis5.1 (windows Xp)

Hi guys,

First of all let me congratulate all of the guys involved directly and
indirectly in bringing the OSR systems back up so quickly in such extreme
conditions. Great work !! :slight_smile:

Now for my question. I am currently trying to hook ndis driver in windows
XP. My basic motive behind hooking NDIS is I want to be able to receive &
modify all the packets coming to and going out from the system. I succeeded
in modifying the IP level packets by registering to the “IPfltip.sys”
already present in windows XP. I however wasnt able to modify the ARP
packets which come at a layer below it. Through much googling on the issue I
found out that the MUX driver in the driver samples of WDK can help my
cause.
Now

  1. Can the sample mux driver code help me with this ? (I need to modify IP
    packets as well as some ether frames related to ARP)
  2. Is there any other reference or source code I need to look into for the
    same ? I have hard time searching for ndis5.1 supported samples. Most of
    the samples i came across used ndis6.0 which is the latest

I am currently looking into the Mux sample. Any other pointers in same
regard are deeply appreciated. Thanks in advance … :slight_smile:

NTDEV is sponsored by OSR

For our schedule of WDF, WDM, debugging and other seminars visit:
http://www.osr.com/seminars

To unsubscribe, visit the List Server section of OSR Online at
http://www.osronline.com/page.cfm?name=ListServer

3

> 1. Can the sample mux driver code help me with this ?

Correct sample is PASSTHRU and not MUX


Maxim S. Shatskih
Windows DDK MVP
xxxxx@storagecraft.com
http://www.storagecraft.com