Hi,
I would like to know what is the name of exported function of NDIS.SYS which
is used
to recv/send packets.
And is it safe to make a hooking via re-writting functions entries in the
export section?
regards,
WI
First, read NDIS docs and search list archives for “hooking”. Then, after several months or so, when you really understand how NDIS works and still believe there is no other solution than hook something and you’re brave enough for it, ask again.
There is another possibility: tell us what is the problem you’re trying to solve and it is quite possible somebody would give you a better advice. Hooking is the last resort solution in NT kernel world and speaking about it makes some members of this list grumpy.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Washington Irving[SMTP:xxxxx@tlen.pl]
Reply To: Windows System Software Devs Interest List
Sent: Tuesday, January 04, 2005 10:40 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] NDIS newbie questionHi,
I would like to know what is the name of exported function of NDIS.SYS which
is used
to recv/send packets.And is it safe to make a hooking via re-writting functions entries in the
export section?regards,
WI
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@upek.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Protocol drivers call NdisSend(Packets) to xmit packets through the
underlying adapter driver(miniport). There’s no function to receive packets
AFAIK. Miniport driver will indicate received packets to NDIS upon packet
reception.
If you’re working on NT based OSes, better off writing an NDIS IM driver.
Hooking is BAD in general.
Calvin Guan Software Engineer
ATI Technologies Inc. www.ati.com
-----Original Message-----
From: Washington Irving [mailto:xxxxx@tlen.pl]
Sent: January 4, 2005 4:41 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] NDIS newbie question
Hi,
I would like to know what is the name of exported function of NDIS.SYS which
is used
to recv/send packets.
And is it safe to make a hooking via re-writting functions entries in the
export section?
regards,
WI
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@ati.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
“grumpy” eh – now THERE’S an understatement…
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Michal Vodicka
Sent: Tuesday, January 04, 2005 5:08 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] NDIS newbie question
First, read NDIS docs and search list archives for “hooking”. Then, after
several months or so, when you really understand how NDIS works and still
believe there is no other solution than hook something and you’re brave
enough for it, ask again.
There is another possibility: tell us what is the problem you’re trying to
solve and it is quite possible somebody would give you a better advice.
Hooking is the last resort solution in NT kernel world and speaking about it
makes some members of this list grumpy.
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
From:
xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on
behalf of Washington Irving[SMTP:xxxxx@tlen.pl]
Reply To: Windows System Software Devs Interest List
Sent: Tuesday, January 04, 2005 10:40 PM
To: Windows System Software Devs Interest List
Subject: [ntdev] NDIS newbie questionHi,
I would like to know what is the name of exported function of NDIS.SYS
which
is used
to recv/send packets.And is it safe to make a hooking via re-writting functions entries in the
export section?regards,
WI
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256You are currently subscribed to ntdev as: xxxxx@upek.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Would you dare to use correct word and make them grumpy on you? 
Well, searching list archives would give the best picture how is hooking beloved in this list. Maybe there should be a FAQ section for driver development taboos 
Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]
From: xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on behalf of Graham, Simon[SMTP:xxxxx@stratus.com]
Reply To: Windows System Software Devs Interest List
Sent: Tuesday, January 04, 2005 11:31 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] NDIS newbie question“grumpy” eh – now THERE’S an understatement…
-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com] On Behalf Of Michal Vodicka
Sent: Tuesday, January 04, 2005 5:08 PM
To: Windows System Software Devs Interest List
Subject: RE: [ntdev] NDIS newbie questionFirst, read NDIS docs and search list archives for “hooking”. Then, after
several months or so, when you really understand how NDIS works and still
believe there is no other solution than hook something and you’re brave
enough for it, ask again.There is another possibility: tell us what is the problem you’re trying to
solve and it is quite possible somebody would give you a better advice.
Hooking is the last resort solution in NT kernel world and speaking about it
makes some members of this list grumpy.Best regards,
Michal Vodicka
UPEK, Inc.
[xxxxx@upek.com, http://www.upek.com]> ----------
> From:
xxxxx@lists.osr.com[SMTP:xxxxx@lists.osr.com] on
behalf of Washington Irving[SMTP:xxxxx@tlen.pl]
> Reply To: Windows System Software Devs Interest List
> Sent: Tuesday, January 04, 2005 10:40 PM
> To: Windows System Software Devs Interest List
> Subject: [ntdev] NDIS newbie question
>
> Hi,
>
> I would like to know what is the name of exported function of NDIS.SYS
which
> is used
> to recv/send packets.
>
> And is it safe to make a hooking via re-writting functions entries in the
> export section?
>
> regards,
> WI
>
>
>
> —
> Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256
>
> You are currently subscribed to ntdev as: xxxxx@upek.com
> To unsubscribe send a blank email to xxxxx@lists.osr.com
>
Questions? First check the Kernel Driver FAQ at
http://www.osronline.com/article.cfm?id=256You are currently subscribed to ntdev as: unknown lmsubst tag argument: ‘’
To unsubscribe send a blank email to xxxxx@lists.osr.com
Questions? First check the Kernel Driver FAQ at http://www.osronline.com/article.cfm?id=256
You are currently subscribed to ntdev as: xxxxx@upek.com
To unsubscribe send a blank email to xxxxx@lists.osr.com
Graham, Simon wrote:
“grumpy” eh – now THERE’S an understatement…
But the “grumpiness” (and more) is ENTIRELY DESERVED by the original poster.
I am totally, incredibly, sick of people who post questions without
doing even the most basic homework. This is rude – Poor netiquette.
In some forums, these people would be eaten alive – not simply get a
“grumpy” response.
We at OSR put a major amount of time, effort, and money to create a very
fast and accurate full-text index of this list. The LEAST people can do
is try searching the archive. Or googling (after all, we also put in
the effort to ensure that the entire archive of NTDEV is indexed by google).
So, from my point of view, Michal’s post was FAR more temperate that
what I was thinking…
Peter
OSR
> And is it safe to make a hooking via re-writting functions entries in the
export section?
No it is not so.
Maxim Shatskih, Windows DDK MVP
StorageCraft Corporation
xxxxx@storagecraft.com
http://www.storagecraft.com