SEND_HANDLER crashed IRQL_NOT_LESS_OR_EQUEAL

Hi, all.
I want to add NAT function to my ndis hook driver.
So I add some codes in my new TransferDataComplete handler. In these codes
I modify the source ip address and source mac, dest mac and then I call
my new sendhandler which just call oldsendler of NDIS_OPEN_BLOCK. At this
point, the driver crashed and the blue screen prompt “DRIVER_IRQL_NOT_LESS_OR_EQUAL”
for tcpip.sys.
The codes like following:
VOID
NewTransferDataCompleteHandler(
IN NDIS_HANDLE ProtocolBindingContext,
IN PNDIS_PACKET Packet,
IN NDIS_STATUS Status,
IN UINT BytesTransferred
)
{
…
…
NewTCPIPSend(MacBindingHandle, Packet); //crashed
…
}

best regards
brucie

Hello,

You must not modify the original packet’s data. To modify it you should allocate new packet, copy data and then modify it. Just same like it, you should do when a received packet is modified.

Best regards,
Leonid.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of brucie
Sent: Monday, March 18, 2002 5:01 PM
To: NT Developers Interest List
Subject: [ntdev] SEND_HANDLER crashed IRQL_NOT_LESS_OR_EQUEAL

Hi, all.
I want to add NAT function to my ndis hook driver.
So I add some codes in my new TransferDataComplete handler. In these codes
I modify the source ip address and source mac, dest mac and then I call
my new sendhandler which just call oldsendler of NDIS_OPEN_BLOCK. At this
point, the driver crashed and the blue screen prompt
“DRIVER_IRQL_NOT_LESS_OR_EQUAL”
for tcpip.sys.
The codes like following:
VOID
NewTransferDataCompleteHandler(
IN NDIS_HANDLE
ProtocolBindingContext,
IN PNDIS_PACKET Packet,
IN NDIS_STATUS Status,
IN UINT BytesTransferred
)
{
…
…
NewTCPIPSend(MacBindingHandle, Packet); //crashed
…
}

best regards
brucie
b???.???????v??ׯj???yb??"???:.?˛???m??֛???zf???y?ޞ?^???b??(??(

In my NewReceiveHandler, I do allocate a new packet and buffer to receive the data.
As my NewTransferDataComplete called, I passed this new packet as parameters to
my NewTCPIPSend. I check the irql, both the irql at my NewTransferDatacomplete and
NewTCPIPSend is IRQL_DISPATCH_LEVEL. What is wrong?

Hello,

You must not modify the original packet’s data. To modify it you should allocate new packet, copy data and then modify it. Just same like it, you should do when a received packet is modified.

Best regards,
Leonid.

> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of brucie
> Sent: Monday, March 18, 2002 5:01 PM
> To: NT Developers Interest List
> Subject: [ntdev] SEND_HANDLER crashed IRQL_NOT_LESS_OR_EQUEAL
>
>
> Hi, all.
> I want to add NAT function to my ndis hook driver.
> So I add some codes in my new TransferDataComplete handler. In these codes
> I modify the source ip address and source mac, dest mac and then I call
> my new sendhandler which just call oldsendler of NDIS_OPEN_BLOCK. At this
> point, the driver crashed and the blue screen prompt
> “DRIVER_IRQL_NOT_LESS_OR_EQUAL”
> for tcpip.sys.
> The codes like following:
> VOID
> NewTransferDataCompleteHandler(
> IN NDIS_HANDLE
> ProtocolBindingContext,
> IN PNDIS_PACKET Packet,
> IN NDIS_STATUS Status,
> IN UINT BytesTransferred
> )
> {
> …
> …
> NewTCPIPSend(MacBindingHandle, Packet); //crashed
> …
> }
>
> best regards
> brucie
> b???.???????v??ׯj???yb??"???:.?˛???m??֛???zf???y?ޞ?^???b??(??(

= = = = = = = = = = = = = = = = = = = =

??
???

brucie
brucie@263.net
2002-03-18

What is the NewTCPIPSend function? Is it hooked ReceiveHandler of TCPIP or something else?

I could not recall exactly why I did it so, but when I was implementing a NAT based on NDIS hook, I used the following schemes:

1. To modify sent packets,
   in the hooked SendHandler of TCPIP, I allocate the new packet and copy to it the sent data and then call the original TcpIp SendHandler with my packet.
   In hooked SendCompleteHandler, I call the original TcpIp’s SendCompleteHandler with the original packet and then free my allocated packet.
2. To modify received packets,
   in the hooked ReceiveHandler of TCPIP, I allocate the new packet, copy the packet packet header to it and then call NdisTransferData with my packet to fill up it with received data.
   In the hooked TransferDataCompleteHandler, I call the original TransferDataCompleteHandler of TCPIP, modify the packet, and then call the original ReceiveHandler with my modified packet. After the ReceiveHandler returns I free the allocated packet.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of brucie
Sent: Monday, March 18, 2002 5:52 PM
To: NT Developers Interest List
Subject: [ntdev] RE: SEND_HANDLER crashed IRQL_NOT_LESS_OR_EQUEAL

In my NewReceiveHandler, I do allocate a new packet and buffer to
receive the data.
As my NewTransferDataComplete called, I passed this new packet as
parameters to
my NewTCPIPSend. I check the irql, both the irql at my
NewTransferDatacomplete and
NewTCPIPSend is IRQL_DISPATCH_LEVEL. What is wrong?
>Hello,
>
>You must not modify the original packet’s data. To modify it you
should allocate new packet, copy data and then modify it. Just
same like it, you should do when a received packet is modified.
>
>Best regards,
>Leonid.
>
>> -----Original Message-----
>> From: xxxxx@lists.osr.com
>> [mailto:xxxxx@lists.osr.com]On Behalf Of brucie
>> Sent: Monday, March 18, 2002 5:01 PM
>> To: NT Developers Interest List
>> Subject: [ntdev] SEND_HANDLER crashed IRQL_NOT_LESS_OR_EQUEAL
>>
>>
>> Hi, all.
>> I want to add NAT function to my ndis hook driver.
>> So I add some codes in my new TransferDataComplete handler. In
these codes
>> I modify the source ip address and source mac, dest mac and then I call
>> my new sendhandler which just call oldsendler of
NDIS_OPEN_BLOCK. At this
>> point, the driver crashed and the blue screen prompt
>> “DRIVER_IRQL_NOT_LESS_OR_EQUAL”
>> for tcpip.sys.
>> The codes like following:
>> VOID
>> NewTransferDataCompleteHandler(
>> IN NDIS_HANDLE
>> ProtocolBindingContext,
>> IN PNDIS_PACKET Packet,
>> IN NDIS_STATUS Status,
>> IN UINT BytesTransferred
>> )
>> {
>> …
>> …
>> NewTCPIPSend(MacBindingHandle, Packet); //crashed
>> …
>> }
>>
>> best regards
>> brucie
>> b???.???????v??ׯj???yb??"???:.?˛???m??֛???zf???y?ޞ?^???b??(??(

= = = = = = = = = = = = = = = = = = = =

??
???

brucie
brucie@263.net
2002-03-18
b???.???????v??ׯj???yb??"???:.?˛???m??֛???zf???y?ޞ?^???b??(??(

Hello brucie,

b> I modify the source ip address and source mac, dest mac and then I call
how could you modify mac? NDIS_PACKET not include ethernet header…
b> my new sendhandler which just call oldsendler of NDIS_OPEN_BLOCK. At this
b> point, the driver crashed and the blue screen prompt “DRIVER_IRQL_NOT_LESS_OR_EQUAL”
b> for tcpip.sys.
how do you allocate memory for NDIS_PACKET ?

And last question: Do you recalculate checksum in ip header?

My way is similar with yours.
In my NewReceiveHandler I do allocate a new NDIS_PACKET /BUFFER and copy
data to my packet and then call old TransferDataHandler to receive the
residual data. When TransferDataComplete was called, I modify the new packet’s
data and send it via another adapter.

NewTCPIPSend is the hooked SendHandler of TCPIP protocol.
In my NewTCPIPSend, I just call OldSendHandler of TCPIP like the following:
////////////////////////////////////////////////////////
NTSTATUS
NewTCPIPSend(
IN NDIS_HANDLE MacBindingHandle,
IN PNDIS_PACKET Packet
)
{
NDIS_STATUS status;
PPROTOCOL_HANDLER templist = NULL;
PLIST_ENTRY pLinkage;
KIRQL kirql;
pLinkage = Globals.hookedlist.Flink;
while( pLinkage != &Globals.hookedlist)
{
templist = CONTAINING_RECORD(
pLinkage,
PROTOCOL_HANDLER,
m_qlink
);
if(templist->MacBindingHandle == MacBindingHandle) break;
pLinkage = pLinkage->Flink;
}
status = templist->OldSend(MacBindingHandle, Packet);
}else
return STATUS_UNSUCCESSFUL;
return status;
}
///////////////////////////////////////////////////////////////////

What is the NewTCPIPSend function? Is it hooked ReceiveHandler of TCPIP or something else?

I could not recall exactly why I did it so, but when I was implementing a NAT based on NDIS hook, I used the following schemes:

1. To modify sent packets,
   in the hooked SendHandler of TCPIP, I allocate the new packet and copy to it the sent data and then call the original TcpIp SendHandler with my packet.
   In hooked SendCompleteHandler, I call the original TcpIp’s SendCompleteHandler with the original packet and then free my allocated packet.
2. To modify received packets,
   in the hooked ReceiveHandler of TCPIP, I allocate the new packet, copy the packet packet header to it and then call NdisTransferData with my packet to fill up it with received data.
   In the hooked TransferDataCompleteHandler, I call the original TransferDataCompleteHandler of TCPIP, modify the packet, and then call the original ReceiveHandler with my modified packet. After the ReceiveHandler returns I free the allocated packet.

> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of brucie
> Sent: Monday, March 18, 2002 5:52 PM
> To: NT Developers Interest List
> Subject: [ntdev] RE: SEND_HANDLER crashed IRQL_NOT_LESS_OR_EQUEAL
>
>
> In my NewReceiveHandler, I do allocate a new packet and buffer to
> receive the data.
> As my NewTransferDataComplete called, I passed this new packet as
> parameters to
> my NewTCPIPSend. I check the irql, both the irql at my
> NewTransferDatacomplete and
> NewTCPIPSend is IRQL_DISPATCH_LEVEL. What is wrong?
> >Hello,
> >
> >You must not modify the original packet’s data. To modify it you
> should allocate new packet, copy data and then modify it. Just
> same like it, you should do when a received packet is modified.
> >
> >Best regards,
> >Leonid.
> >
> >> -----Original Message-----
> >> From: xxxxx@lists.osr.com
> >> [mailto:xxxxx@lists.osr.com]On Behalf Of brucie
> >> Sent: Monday, March 18, 2002 5:01 PM
> >> To: NT Developers Interest List
> >> Subject: [ntdev] SEND_HANDLER crashed IRQL_NOT_LESS_OR_EQUEAL
> >>
> >>
> >> Hi, all.
> >> I want to add NAT function to my ndis hook driver.
> >> So I add some codes in my new TransferDataComplete handler. In
> these codes
> >> I modify the source ip address and source mac, dest mac and then I call
> >> my new sendhandler which just call oldsendler of
> NDIS_OPEN_BLOCK. At this
> >> point, the driver crashed and the blue screen prompt
> >> “DRIVER_IRQL_NOT_LESS_OR_EQUAL”
> >> for tcpip.sys.
> >> The codes like following:
> >> VOID
> >> NewTransferDataCompleteHandler(
> >> IN NDIS_HANDLE
> >> ProtocolBindingContext,
> >> IN PNDIS_PACKET Packet,
> >> IN NDIS_STATUS Status,
> >> IN UINT BytesTransferred
> >> )
> >> {
> >> …
> >> …
> >> NewTCPIPSend(MacBindingHandle, Packet); //crashed
> >> …
> >> }
> >>
> >> best regards
> >> brucie
> >> b???.???????v??ׯj???yb??“???:.?˛???m??֛???zf???y?ޞ?^???b??(??(
>
> = = = = = = = = = = = = = = = = = = = =
>
> ??
> ???
>
> brucie
> brucie@263.net
> 2002-03-18
> b???.???????v??ׯj???yb??”???:.?˛???m??֛???zf???y?ޞ?^???b??(??(

= = = = = = = = = = = = = = = = = = = =

??
???

brucie
brucie@263.net
2002-03-18

The virtual memory associate with NDIS_BUFFER can be read by
NdisGetFirstBufferFromPacket if there are only one NDIS_BUFFER with this packet.
If serveral NDIS_BUFFERs are there, NdisQueryBuffer and other apis shoule be call
to retrieve the whole data.
This virtual memory contains the ethernet data. so we could extract the mac
address from it.
First, I call NdisAllocatePacketPool/NdisAllocateBufferPool and
then call NdisAllocatePacket/NdisAllocateBuffer/NdisChainBufferAtFront.
As DDK saids, it is nopaged memory. So I think the problem is not about IRQL.

I do recalculate checksum but I think this is not the key.

Hello brucie,

b> I modify the source ip address and source mac, dest mac and then I call
how could you modify mac? NDIS_PACKET not include ethernet header…
b> my new sendhandler which just call oldsendler of NDIS_OPEN_BLOCK. At this
b> point, the driver crashed and the blue screen prompt “DRIVER_IRQL_NOT_LESS_OR_EQUAL”
b> for tcpip.sys.
how do you allocate memory for NDIS_PACKET ?

And last question: Do you recalculate checksum in ip header?

---

You are currently subscribed to ntdev as: brucie@263.net
To unsubscribe send a blank email to xxxxx@lists.osr.com

Hmm, I am not sure, but haven’t you muddled up the old ReceiveHandler and old SendHandler of TCPIP? Reasoning from the name of the handler functon and the number of parameters, the SendHandler seems to be called instead of the ReceivedHandler. Is it right? I do not understand why do you need to call the SendHandler when you are handling a received packet, and I am not sure that this trick is possible at all.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of brucie
Sent: Monday, March 18, 2002 6:56 PM
To: NT Developers Interest List
Subject: [ntdev] RE: SEND_HANDLER crashed IRQL_NOT_LESS_OR_EQUEAL

My way is similar with yours.
In my NewReceiveHandler I do allocate a new NDIS_PACKET /BUFFER and copy
data to my packet and then call old TransferDataHandler to receive the
residual data. When TransferDataComplete was called, I modify the
new packet’s
data and send it via another adapter.

NewTCPIPSend is the hooked SendHandler of TCPIP protocol.
In my NewTCPIPSend, I just call OldSendHandler of TCPIP like the
following:
////////////////////////////////////////////////////////
NTSTATUS
NewTCPIPSend(
IN NDIS_HANDLE MacBindingHandle,
IN PNDIS_PACKET Packet
)
{
NDIS_STATUS status;
PPROTOCOL_HANDLER templist = NULL;
PLIST_ENTRY pLinkage;
KIRQL kirql;
pLinkage = Globals.hookedlist.Flink;
while( pLinkage != &Globals.hookedlist)
{
templist = CONTAINING_RECORD(
pLinkage,
PROTOCOL_HANDLER,
m_qlink
);
if(templist->MacBindingHandle == MacBindingHandle) break;
pLinkage = pLinkage->Flink;
}
status = templist->OldSend(MacBindingHandle, Packet);
}else
return STATUS_UNSUCCESSFUL;
return status;
}
///////////////////////////////////////////////////////////////////
>What is the NewTCPIPSend function? Is it hooked ReceiveHandler
of TCPIP or something else?
>
>I could not recall exactly why I did it so, but when I was
implementing a NAT based on NDIS hook, I used the following schemes:
>1) To modify sent packets,
>in the hooked SendHandler of TCPIP, I allocate the new packet
and copy to it the sent data and then call the original TcpIp
SendHandler with my packet.
>In hooked SendCompleteHandler, I call the original TcpIp’s
SendCompleteHandler with the original packet and then free my
allocated packet.
>2) To modify received packets,
>in the hooked ReceiveHandler of TCPIP, I allocate the new
packet, copy the packet packet header to it and then call
NdisTransferData with my packet to fill up it with received data.
>In the hooked TransferDataCompleteHandler, I call the original
TransferDataCompleteHandler of TCPIP, modify the packet, and then
call the original ReceiveHandler with my modified packet. After
the ReceiveHandler returns I free the allocated packet.
>
>> -----Original Message-----
>> From: xxxxx@lists.osr.com
>> [mailto:xxxxx@lists.osr.com]On Behalf Of brucie
>> Sent: Monday, March 18, 2002 5:52 PM
>> To: NT Developers Interest List
>> Subject: [ntdev] RE: SEND_HANDLER crashed IRQL_NOT_LESS_OR_EQUEAL
>>
>>
>> In my NewReceiveHandler, I do allocate a new packet and buffer to
>> receive the data.
>> As my NewTransferDataComplete called, I passed this new packet as
>> parameters to
>> my NewTCPIPSend. I check the irql, both the irql at my
>> NewTransferDatacomplete and
>> NewTCPIPSend is IRQL_DISPATCH_LEVEL. What is wrong?
>> >Hello,
>> >
>> >You must not modify the original packet’s data. To modify it you
>> should allocate new packet, copy data and then modify it. Just
>> same like it, you should do when a received packet is modified.
>> >
>> >Best regards,
>> >Leonid.
>> >
>> >> -----Original Message-----
>> >> From: xxxxx@lists.osr.com
>> >> [mailto:xxxxx@lists.osr.com]On Behalf Of brucie
>> >> Sent: Monday, March 18, 2002 5:01 PM
>> >> To: NT Developers Interest List
>> >> Subject: [ntdev] SEND_HANDLER crashed IRQL_NOT_LESS_OR_EQUEAL
>> >>
>> >>
>> >> Hi, all.
>> >> I want to add NAT function to my ndis hook driver.
>> >> So I add some codes in my new TransferDataComplete handler. In
>> these codes
>> >> I modify the source ip address and source mac, dest mac and
then I call
>> >> my new sendhandler which just call oldsendler of
>> NDIS_OPEN_BLOCK. At this
>> >> point, the driver crashed and the blue screen prompt
>> >> “DRIVER_IRQL_NOT_LESS_OR_EQUAL”
>> >> for tcpip.sys.
>> >> The codes like following:
>> >> VOID
>> >> NewTransferDataCompleteHandler(
>> >> IN NDIS_HANDLE
>> >> ProtocolBindingContext,
>> >> IN PNDIS_PACKET Packet,
>> >> IN NDIS_STATUS Status,
>> >> IN UINT
BytesTransferred
>> >> )
>> >> {
>> >> …
>> >> …
>> >> NewTCPIPSend(MacBindingHandle, Packet); //crashed
>> >> …
>> >> }
>> >>
>> >> best regards
>> >> brucie
>> >> b???.???????v??ׯj???yb??“???:.?˛???m??֛???zf???y?ޞ?^???b??(??(
>>
>> = = = = = = = = = = = = = = = = = = = =
>>
>> ??
>> ???
>>
>> brucie
>> brucie@263.net
>> 2002-03-18
>> b???.???????v??ׯj???yb??”???:.?˛???m??֛???zf???y?ޞ?^???b??(??(

= = = = = = = = = = = = = = = = = = = =

??
???

brucie
brucie@263.net
2002-03-18
b???.???????v??ׯj???yb??"???:.?˛???m??֛???zf???y?ޞ?^???b??(??(

As an NAT Driver, When the packet received by local adapter are modified I want to
send this packet via the global adapter. So I dont call Old ReceiveHandler but just
immediately call the global adapter’s SendHandler to send the this packet.

Hmm, I am not sure, but haven’t you muddled up the old ReceiveHandler and old SendHandler of TCPIP? Reasoning from the name of the handler functon and the number of parameters, the SendHandler seems to be called instead of the ReceivedHandler. Is it right? I do not understand why do you need to call the SendHandler when you are handling a received packet, and I am not sure that this trick is possible at all.

> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of brucie
> Sent: Monday, March 18, 2002 6:56 PM
> To: NT Developers Interest List
> Subject: [ntdev] RE: SEND_HANDLER crashed IRQL_NOT_LESS_OR_EQUEAL
>
>
> My way is similar with yours.
> In my NewReceiveHandler I do allocate a new NDIS_PACKET /BUFFER and copy
> data to my packet and then call old TransferDataHandler to receive the
> residual data. When TransferDataComplete was called, I modify the
> new packet’s
> data and send it via another adapter.
>
> NewTCPIPSend is the hooked SendHandler of TCPIP protocol.
> In my NewTCPIPSend, I just call OldSendHandler of TCPIP like the
> following:
> ////////////////////////////////////////////////////////
> NTSTATUS
> NewTCPIPSend(
> IN NDIS_HANDLE MacBindingHandle,
> IN PNDIS_PACKET Packet
> )
> {
> NDIS_STATUS status;
> PPROTOCOL_HANDLER templist = NULL;
> PLIST_ENTRY pLinkage;
> KIRQL kirql;
> pLinkage = Globals.hookedlist.Flink;
> while( pLinkage != &Globals.hookedlist)
> {
> templist = CONTAINING_RECORD(
> pLinkage,
> PROTOCOL_HANDLER,
> m_qlink
> );
> if(templist->MacBindingHandle == MacBindingHandle) break;
> pLinkage = pLinkage->Flink;
> }
> status = templist->OldSend(MacBindingHandle, Packet);
> }else
> return STATUS_UNSUCCESSFUL;
> return status;
> }
> ///////////////////////////////////////////////////////////////////
> >What is the NewTCPIPSend function? Is it hooked ReceiveHandler
> of TCPIP or something else?
> >
> >I could not recall exactly why I did it so, but when I was
> implementing a NAT based on NDIS hook, I used the following schemes:
> >1) To modify sent packets,
> >in the hooked SendHandler of TCPIP, I allocate the new packet
> and copy to it the sent data and then call the original TcpIp
> SendHandler with my packet.
> >In hooked SendCompleteHandler, I call the original TcpIp’s
> SendCompleteHandler with the original packet and then free my
> allocated packet.
> >2) To modify received packets,
> >in the hooked ReceiveHandler of TCPIP, I allocate the new
> packet, copy the packet packet header to it and then call
> NdisTransferData with my packet to fill up it with received data.
> >In the hooked TransferDataCompleteHandler, I call the original
> TransferDataCompleteHandler of TCPIP, modify the packet, and then
> call the original ReceiveHandler with my modified packet. After
> the ReceiveHandler returns I free the allocated packet.
> >
> >> -----Original Message-----
> >> From: xxxxx@lists.osr.com
> >> [mailto:xxxxx@lists.osr.com]On Behalf Of brucie
> >> Sent: Monday, March 18, 2002 5:52 PM
> >> To: NT Developers Interest List
> >> Subject: [ntdev] RE: SEND_HANDLER crashed IRQL_NOT_LESS_OR_EQUEAL
> >>
> >>
> >> In my NewReceiveHandler, I do allocate a new packet and buffer to
> >> receive the data.
> >> As my NewTransferDataComplete called, I passed this new packet as
> >> parameters to
> >> my NewTCPIPSend. I check the irql, both the irql at my
> >> NewTransferDatacomplete and
> >> NewTCPIPSend is IRQL_DISPATCH_LEVEL. What is wrong?
> >> >Hello,
> >> >
> >> >You must not modify the original packet’s data. To modify it you
> >> should allocate new packet, copy data and then modify it. Just
> >> same like it, you should do when a received packet is modified.
> >> >
> >> >Best regards,
> >> >Leonid.
> >> >
> >> >> -----Original Message-----
> >> >> From: xxxxx@lists.osr.com
> >> >> [mailto:xxxxx@lists.osr.com]On Behalf Of brucie
> >> >> Sent: Monday, March 18, 2002 5:01 PM
> >> >> To: NT Developers Interest List
> >> >> Subject: [ntdev] SEND_HANDLER crashed IRQL_NOT_LESS_OR_EQUEAL
> >> >>
> >> >>
> >> >> Hi, all.
> >> >> I want to add NAT function to my ndis hook driver.
> >> >> So I add some codes in my new TransferDataComplete handler. In
> >> these codes
> >> >> I modify the source ip address and source mac, dest mac and
> then I call
> >> >> my new sendhandler which just call oldsendler of
> >> NDIS_OPEN_BLOCK. At this
> >> >> point, the driver crashed and the blue screen prompt
> >> >> “DRIVER_IRQL_NOT_LESS_OR_EQUAL”
> >> >> for tcpip.sys.
> >> >> The codes like following:
> >> >> VOID
> >> >> NewTransferDataCompleteHandler(
> >> >> IN NDIS_HANDLE
> >> >> ProtocolBindingContext,
> >> >> IN PNDIS_PACKET Packet,
> >> >> IN NDIS_STATUS Status,
> >> >> IN UINT
> BytesTransferred
> >> >> )
> >> >> {
> >> >> …
> >> >> …
> >> >> NewTCPIPSend(MacBindingHandle, Packet); //crashed
> >> >> …
> >> >> }
> >> >>
> >> >> best regards
> >> >> brucie
> >> >> b???.???????v??ׯj???yb??“???:.?˛???m??֛???zf???y?ޞ?^???b??(??(
> >>
> >> = = = = = = = = = = = = = = = = = = = =
> >>
> >> ??
> >> ???
> >>
> >> brucie
> >> brucie@263.net
> >> 2002-03-18
> >> b???.???????v??ׯj???yb??”???:.?˛???m??֛???zf???y?ޞ?^???b??(??(
>
> = = = = = = = = = = = = = = = = = = = =
>
> ??
> ???
>
> brucie
> brucie@263.net
> 2002-03-18
> b???.???????v??ׯj???yb??"???:.?˛???m??֛???zf???y?ޞ?^???b??(??(

= = = = = = = = = = = = = = = = = = = =

??
???

brucie
brucie@263.net
2002-03-18

You must not touch the original packet’s data. You must allocate your own NDIS_PACKET and NDIS_BUFFER for a header, and re-chain all
buffers from the original packet to your NDIS_PACKET.

Max

----- Original Message -----
From: “brucie”
To: “NT Developers Interest List”
Sent: Monday, March 18, 2002 2:00 PM
Subject: [ntdev] SEND_HANDLER crashed IRQL_NOT_LESS_OR_EQUEAL

> Hi, all.
> I want to add NAT function to my ndis hook driver.
> So I add some codes in my new TransferDataComplete handler. In these codes
> I modify the source ip address and source mac, dest mac and then I call
> my new sendhandler which just call oldsendler of NDIS_OPEN_BLOCK. At this
> point, the driver crashed and the blue screen prompt “DRIVER_IRQL_NOT_LESS_OR_EQUAL”
> for tcpip.sys.
> The codes like following:
> VOID
> NewTransferDataCompleteHandler(
> IN NDIS_HANDLE ProtocolBindingContext,
> IN PNDIS_PACKET Packet,
> IN NDIS_STATUS Status,
> IN UINT BytesTransferred
> )
> {
> …
> …
> NewTCPIPSend(MacBindingHandle, Packet); //crashed
> …
> }
>
> best regards
> brucie
> b??.?æ????+i???{.n???wZnV???h??{]z??b?(?(

Be sure to use the correct reserved areas of NDIS_PACKET. They are different
for send/receive.

Good luck,

Thomas F. Divine

PCAUSA - Tools & Resources For Network Software Developers
NDIS Protocol/Intermediate/Hooking - TDI Client/Filter
http: - http:

“brucie” wrote in message news:xxxxx@ntdev…
> As an NAT Driver, When the packet received by local adapter are modified I
want to
> send this packet via the global adapter. So I dont call Old ReceiveHandler
but just
> immediately call the global adapter’s SendHandler to send the this packet.
> >Hmm, I am not sure, but haven’t you muddled up the old ReceiveHandler and
old SendHandler of TCPIP? Reasoning from the name of the handler functon and
the number of parameters, the SendHandler seems to be called instead of the
ReceivedHandler. Is it right? I do not understand why do you need to call
the SendHandler when you are handling a received packet, and I am not sure
that this trick is possible at all.
> >
> >> -----Original Message-----
> >> From: xxxxx@lists.osr.com
> >> [mailto:xxxxx@lists.osr.com]On Behalf Of brucie
> >> Sent: Monday, March 18, 2002 6:56 PM
> >> To: NT Developers Interest List
> >> Subject: [ntdev] RE: SEND_HANDLER crashed IRQL_NOT_LESS_OR_EQUEAL
> >>
> >>
> >> My way is similar with yours.
> >> In my NewReceiveHandler I do allocate a new NDIS_PACKET /BUFFER and
copy
> >> data to my packet and then call old TransferDataHandler to receive the
> >> residual data. When TransferDataComplete was called, I modify the
> >> new packet’s
> >> data and send it via another adapter.
> >>
> >> NewTCPIPSend is the hooked SendHandler of TCPIP protocol.
> >> In my NewTCPIPSend, I just call OldSendHandler of TCPIP like the
> >> following:
> >> ////////////////////////////////////////////////////////
> >> NTSTATUS
> >> NewTCPIPSend(
> >> IN NDIS_HANDLE MacBindingHandle,
> >> IN PNDIS_PACKET Packet
> >> )
> >> {
> >> NDIS_STATUS status;
> >> PPROTOCOL_HANDLER templist = NULL;
> >> PLIST_ENTRY pLinkage;
> >> KIRQL kirql;
> >> pLinkage = Globals.hookedlist.Flink;
> >> while( pLinkage != &Globals.hookedlist)
> >> {
> >> templist = CONTAINING_RECORD(
> >> pLinkage,
> >> PROTOCOL_HANDLER,
> >> m_qlink
> >> );
> >> if(templist->MacBindingHandle == MacBindingHandle) break;
> >> pLinkage = pLinkage->Flink;
> >> }
> >> status = templist->OldSend(MacBindingHandle, Packet);
> >> }else
> >> return STATUS_UNSUCCESSFUL;
> >> return status;
> >> }
> >> ///////////////////////////////////////////////////////////////////
> >> >What is the NewTCPIPSend function? Is it hooked ReceiveHandler
> >> of TCPIP or something else?
> >> >
> >> >I could not recall exactly why I did it so, but when I was
> >> implementing a NAT based on NDIS hook, I used the following schemes:
> >> >1) To modify sent packets,
> >> >in the hooked SendHandler of TCPIP, I allocate the new packet
> >> and copy to it the sent data and then call the original TcpIp
> >> SendHandler with my packet.
> >> >In hooked SendCompleteHandler, I call the original TcpIp’s
> >> SendCompleteHandler with the original packet and then free my
> >> allocated packet.
> >> >2) To modify received packets,
> >> >in the hooked ReceiveHandler of TCPIP, I allocate the new
> >> packet, copy the packet packet header to it and then call
> >> NdisTransferData with my packet to fill up it with received data.
> >> >In the hooked TransferDataCompleteHandler, I call the original
> >> TransferDataCompleteHandler of TCPIP, modify the packet, and then
> >> call the original ReceiveHandler with my modified packet. After
> >> the ReceiveHandler returns I free the allocated packet.
> >> >
> >> >> -----Original Message-----
> >> >> From: xxxxx@lists.osr.com
> >> >> [mailto:xxxxx@lists.osr.com]On Behalf Of brucie
> >> >> Sent: Monday, March 18, 2002 5:52 PM
> >> >> To: NT Developers Interest List
> >> >> Subject: [ntdev] RE: SEND_HANDLER crashed IRQL_NOT_LESS_OR_EQUEAL
> >> >>
> >> >>
> >> >> In my NewReceiveHandler, I do allocate a new packet and buffer to
> >> >> receive the data.
> >> >> As my NewTransferDataComplete called, I passed this new packet as
> >> >> parameters to
> >> >> my NewTCPIPSend. I check the irql, both the irql at my
> >> >> NewTransferDatacomplete and
> >> >> NewTCPIPSend is IRQL_DISPATCH_LEVEL. What is wrong?
> >> >> >Hello,
> >> >> >
> >> >> >You must not modify the original packet’s data. To modify it you
> >> >> should allocate new packet, copy data and then modify it. Just
> >> >> same like it, you should do when a received packet is modified.
> >> >> >
> >> >> >Best regards,
> >> >> >Leonid.
> >> >> >
> >> >> >> -----Original Message-----
> >> >> >> From: xxxxx@lists.osr.com
> >> >> >> [mailto:xxxxx@lists.osr.com]On Behalf Of brucie
> >> >> >> Sent: Monday, March 18, 2002 5:01 PM
> >> >> >> To: NT Developers Interest List
> >> >> >> Subject: [ntdev] SEND_HANDLER crashed IRQL_NOT_LESS_OR_EQUEAL
> >> >> >>
> >> >> >>
> >> >> >> Hi, all.
> >> >> >> I want to add NAT function to my ndis hook driver.
> >> >> >> So I add some codes in my new TransferDataComplete handler. In
> >> >> these codes
> >> >> >> I modify the source ip address and source mac, dest mac and
> >> then I call
> >> >> >> my new sendhandler which just call oldsendler of
> >> >> NDIS_OPEN_BLOCK. At this
> >> >> >> point, the driver crashed and the blue screen prompt
> >> >> >> “DRIVER_IRQL_NOT_LESS_OR_EQUAL”
> >> >> >> for tcpip.sys.
> >> >> >> The codes like following:
> >> >> >> VOID
> >> >> >> NewTransferDataCompleteHandler(
> >> >> >> IN NDIS_HANDLE
> >> >> >> ProtocolBindingContext,
> >> >> >> IN PNDIS_PACKET Packet,
> >> >> >> IN NDIS_STATUS Status,
> >> >> >> IN UINT
> >> BytesTransferred
> >> >> >> )
> >> >> >> {
> >> >> >> …
> >> >> >> …
> >> >> >> NewTCPIPSend(MacBindingHandle, Packet); //crashed
> >> >> >> …
> >> >> >> }
> >> >> >>
> >> >> >> best regards
> >> >> >> brucie
> >> >> >> b‹š­ç.®·§¶\¬¹??Þv?µ×¯j?®÷±¢ybë"žŠë¹:.žË›±Êâm?Ö›•©äzf¢–?y«Þž×^¿®
ùôb²Û(²·(
> >> >>
> >> >> = = = = = = = = = = = = = = = = = = = =
> >> >>
> >> >> ÖÂ
> >> >> Àñ£¡
> >> >>
> >> >> brucie
> >> >> brucie@263.net
> >> >> 2002-03-18
> >> >> b‹š­ç.®·§¶\¬¹??Þv?µ×¯j?®÷±¢ybë"žŠë¹:.žË›±Êâm?Ö›•©äzf¢–?y«Þž×^¿®
ùôb²Û(²·(
> >>
> >> = = = = = = = = = = = = = = = = = = = =
> >>
> >> ÖÂ
> >> Àñ£¡
> >>
> >> brucie
> >> brucie@263.net
> >> 2002-03-18
> >> b‹š­ç.®·§¶\¬¹??Þv?µ×¯j?®÷±¢ybë"žŠë¹:.žË›±Êâm?Ö›•©äzf¢–?y«Þž×^¿®ùôb
²Û(²·(
>
> = = = = = = = = = = = = = = = = = = = =
>
> ÖÂ
> Àñ£¡
>
> brucie
> brucie@263.net
> 2002-03-18
></http:></http:>