TDI filter driver

Hi everybody,

I want to develop a dynamic loadable Windows 9x/ME/NT/2000 TDI filter
driver.
The driver must replace the TdiConnectEntry and it must prevent that
connections are made.

Where can I find examples, or some information, about this?

Thanks in advance.

-Abel.


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com

On Windows NT and Windows 2000 you will be writing a layered device driver.
That is, a driver that uses IoAttachDeviceToDeviceStack to “layer” itself
above TCP/IP-related devices such as “\Device\Tcp” and “\Device\Udp”. Your
first task is to become familiar with the general techniques used in NT
layered device drivers. You should probably get some books to help you. See:

http:

“Windows NT Device Driver Development, by Peter Viscarola, et al”,
“Developing Windows NT Device Drivers: A Programmer’s Handbook, by Edward N.
Dekker & Joseph M. Newcomer” and “Programming the Windows Driver Model, by
Walter Oney” probably cover this topic.

The book “Windows NT File System Internals, by Rajeev Nagar” is heartily
recommended. Although it appears to be related to the specialized topic of
NT File Systems, Rajeev provides excellent advice in a broader area -
especially NT filter drivers.

Then you must learn how to USE TDI using the documentation in the NT DDK.
The TDI FAQ provides some additional information. See:

http:

Windows 9X is a different matter. Here you write a VxD that “hooks” the
VTDI_Get_Info service, which returns the TDI dispatch table. In your hooked
version of VTDI_Get_Info you return a modified dispatch table that includes
pointers to your proxy functions for TdiOpenAddress, etc.

Good luck,

Thomas F. Divine

PCAUSA - Toolkits & Resources For Network Software Developers
NDIS Protocol - NDIS Intermediate - TDI Client
http: - http:

----- Original Message -----
From: Abel Muñoz Alcaraz
To: NT Developers Interest List
Sent: Monday, December 18, 2000 3:02 PM
Subject: [ntdev] TDI filter driver

> Hi everybody,
>
> I want to develop a dynamic loadable Windows 9x/ME/NT/2000 TDI filter
> driver.
> The driver must replace the TdiConnectEntry and it must prevent that
> connections are made.
>
> Where can I find examples, or some information, about this?
>
> Thanks in advance.
>
> -Abel.
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@pcausa.com
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com</http:></http:></http:></http:>

Thanks Thomas,

Is possible, in W9x, to develop a DYNAMIC VXD or this is possible in
NT/2000 only?
I want load and unload this vxd when I need it.

-Abel.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Thomas F. Divine
Sent: martes, 19 de diciembre de 2000 16:38
To: NT Developers Interest List
Subject: [ntdev] Re: TDI filter driver

On Windows NT and Windows 2000 you will be writing a layered device driver.
That is, a driver that uses IoAttachDeviceToDeviceStack to “layer” itself
above TCP/IP-related devices such as “\Device\Tcp” and “\Device\Udp”. Your
first task is to become familiar with the general techniques used in NT
layered device drivers. You should probably get some books to help you. See:

http:

“Windows NT Device Driver Development, by Peter Viscarola, et al”,
“Developing Windows NT Device Drivers: A Programmer’s Handbook, by Edward N.
Dekker & Joseph M. Newcomer” and “Programming the Windows Driver Model, by
Walter Oney” probably cover this topic.

The book “Windows NT File System Internals, by Rajeev Nagar” is heartily
recommended. Although it appears to be related to the specialized topic of
NT File Systems, Rajeev provides excellent advice in a broader area -
especially NT filter drivers.

Then you must learn how to USE TDI using the documentation in the NT DDK.
The TDI FAQ provides some additional information. See:

http:

Windows 9X is a different matter. Here you write a VxD that “hooks” the
VTDI_Get_Info service, which returns the TDI dispatch table. In your hooked
version of VTDI_Get_Info you return a modified dispatch table that includes
pointers to your proxy functions for TdiOpenAddress, etc.

Good luck,

Thomas F. Divine

PCAUSA - Toolkits & Resources For Network Software Developers
NDIS Protocol - NDIS Intermediate - TDI Client
http: - http:

----- Original Message -----
From: Abel Muñoz Alcaraz
To: NT Developers Interest List
Sent: Monday, December 18, 2000 3:02 PM
Subject: [ntdev] TDI filter driver

> Hi everybody,
>
> I want to develop a dynamic loadable Windows 9x/ME/NT/2000 TDI filter
> driver.
> The driver must replace the TdiConnectEntry and it must prevent that
> connections are made.
>
> Where can I find examples, or some information, about this?
>
> Thanks in advance.
>
> -Abel.
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@pcausa.com
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: xxxxx@trymedia.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com</http:></http:></http:></http:>

Dynamic TDI filters will be difficult. I certainly don’t know how to write
one.

There are several problems. One of the simpler problems is that if you
dynamically load a filter, then you have “missed” a lot of history. For
example, there may be multiple connections already in various stages of
completion; how will you deal with these?

Another problem (NT-specific) is that if you insert your filter AFTER
another TDI client (like NetBT) has opened these devices, there is a
probability that there will be a problem with IRPS with too few stack
locations.

There are similar problems with Windows 9X. For example, if you install your
VTDI_Get_Info hook AFTER TCP/IP has already fetched it, then obviously
TCP/IP will never know that your filter was installed.

Of course, there are folks on this list who have a better insight into
undocumented structures and methods that might circumvent these limitations.
I’m just not in that class.

Regards,

Thomas F. Divine

PCAUSA - Toolkits & Resources For Network Software Developers
NDIS Protocol - NDIS Intermediate - TDI Client
http: - http:

----- Original Message -----
From: Abel Muñoz Alcaraz
To: NT Developers Interest List
Sent: Tuesday, December 19, 2000 10:46 AM
Subject: [ntdev] Re: TDI filter driver

> Thanks Thomas,
>
> Is possible, in W9x, to develop a DYNAMIC VXD or this is possible in
> NT/2000 only?
> I want load and unload this vxd when I need it.
>
> -Abel.
>
> -----Original Message-----
> From: xxxxx@lists.osr.com
> [mailto:xxxxx@lists.osr.com]On Behalf Of Thomas F. Divine
> Sent: martes, 19 de diciembre de 2000 16:38
> To: NT Developers Interest List
> Subject: [ntdev] Re: TDI filter driver
>
>
> On Windows NT and Windows 2000 you will be writing a layered device
driver.
> That is, a driver that uses IoAttachDeviceToDeviceStack to “layer” itself
> above TCP/IP-related devices such as “\Device\Tcp” and “\Device\Udp”. Your
> first task is to become familiar with the general techniques used in NT
> layered device drivers. You should probably get some books to help you.
See:
>
> http:
>
> “Windows NT Device Driver Development, by Peter Viscarola, et al”,
> “Developing Windows NT Device Drivers: A Programmer’s Handbook, by Edward
N.
> Dekker & Joseph M. Newcomer” and “Programming the Windows Driver Model, by
> Walter Oney” probably cover this topic.
>
> The book “Windows NT File System Internals, by Rajeev Nagar” is heartily
> recommended. Although it appears to be related to the specialized topic of
> NT File Systems, Rajeev provides excellent advice in a broader area -
> especially NT filter drivers.
>
> Then you must learn how to USE TDI using the documentation in the NT DDK.
> The TDI FAQ provides some additional information. See:
>
> http:
>
>
> Windows 9X is a different matter. Here you write a VxD that “hooks” the
> VTDI_Get_Info service, which returns the TDI dispatch table. In your
hooked
> version of VTDI_Get_Info you return a modified dispatch table that
includes
> pointers to your proxy functions for TdiOpenAddress, etc.
>
> Good luck,
>
> Thomas F. Divine
>
> PCAUSA - Toolkits & Resources For Network Software Developers
> NDIS Protocol - NDIS Intermediate - TDI Client
> http: - http:
>
> ----- Original Message -----
> From: Abel Muñoz Alcaraz
> To: NT Developers Interest List
> Sent: Monday, December 18, 2000 3:02 PM
> Subject: [ntdev] TDI filter driver
>
>
> > Hi everybody,
> >
> > I want to develop a dynamic loadable Windows 9x/ME/NT/2000 TDI filter
> > driver.
> > The driver must replace the TdiConnectEntry and it must prevent that
> > connections are made.
> >
> > Where can I find examples, or some information, about this?
> >
> > Thanks in advance.
> >
> > -Abel.
> >
> >
> > —
> > You are currently subscribed to ntdev as: xxxxx@pcausa.com
> > To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@trymedia.com
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@pcausa.com
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com</http:></http:></http:></http:></http:></http:>

Windows 9x supports dynamically loaded VxDs. I’ve written a similar VxD that
monitored serial port activity and it could be dynamically loaded, but you
would still be subject to the same problems that Thomas described.

Jim

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Abel Muñoz Alcaraz
Sent: Tuesday, December 19, 2000 7:47 AM
To: NT Developers Interest List
Subject: [ntdev] Re: TDI filter driver

Thanks Thomas,

Is possible, in W9x, to develop a DYNAMIC VXD or this is possible in
NT/2000 only?
I want load and unload this vxd when I need it.

-Abel.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Thomas F. Divine
Sent: martes, 19 de diciembre de 2000 16:38
To: NT Developers Interest List
Subject: [ntdev] Re: TDI filter driver

On Windows NT and Windows 2000 you will be writing a layered device driver.
That is, a driver that uses IoAttachDeviceToDeviceStack to “layer” itself
above TCP/IP-related devices such as “\Device\Tcp” and “\Device\Udp”. Your
first task is to become familiar with the general techniques used in NT
layered device drivers. You should probably get some books to help you. See:

http:

“Windows NT Device Driver Development, by Peter Viscarola, et al”,
“Developing Windows NT Device Drivers: A Programmer’s Handbook, by Edward N.
Dekker & Joseph M. Newcomer” and “Programming the Windows Driver Model, by
Walter Oney” probably cover this topic.

The book “Windows NT File System Internals, by Rajeev Nagar” is heartily
recommended. Although it appears to be related to the specialized topic of
NT File Systems, Rajeev provides excellent advice in a broader area -
especially NT filter drivers.

Then you must learn how to USE TDI using the documentation in the NT DDK.
The TDI FAQ provides some additional information. See:

http:

Windows 9X is a different matter. Here you write a VxD that “hooks” the
VTDI_Get_Info service, which returns the TDI dispatch table. In your hooked
version of VTDI_Get_Info you return a modified dispatch table that includes
pointers to your proxy functions for TdiOpenAddress, etc.

Good luck,

Thomas F. Divine

PCAUSA - Toolkits & Resources For Network Software Developers
NDIS Protocol - NDIS Intermediate - TDI Client
http: - http:

----- Original Message -----
From: Abel Muñoz Alcaraz
To: NT Developers Interest List
Sent: Monday, December 18, 2000 3:02 PM
Subject: [ntdev] TDI filter driver

> Hi everybody,
>
> I want to develop a dynamic loadable Windows 9x/ME/NT/2000 TDI filter
> driver.
> The driver must replace the TdiConnectEntry and it must prevent that
> connections are made.
>
> Where can I find examples, or some information, about this?
>
> Thanks in advance.
>
> -Abel.
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@pcausa.com
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: xxxxx@trymedia.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: xxxxx@youngendeavors.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com</http:></http:></http:></http:>

Ok! I know about these problems but they don’t affect me.

I don’t know a safe way to replace a TDIDispatchTable’s entry point.

Is there a mutex anywhere?
How can I prevent other processes to call TDI functions during replacement
time?

My VxD run fine (‘at the moment’) but I’m worried about the re-entrance
problem during initialisation time.

You can see an example about this:

static VOID Initialize()
{
struct TDIDispatchTable*pTab = NULL;

// Make the call to the original function. pTab gets the pointer
// to VTDI’s dispatch table.

pTab = (struct TDIDispatchTable*)VTDI_Get_Info(“MSTCP”);

// Need to test if (1) we care, (2) got an address, and (3) already
// patched the table

if (pTab && !TdiConnectEntry)
{
// Remember the system connect addresses

TdiConnectEntry = pTab->TdiConnectEntry;

// Replace the entry point
/* VERY DANGEROUS */
pTab->TdiConnectEntry = HookMyTdiConnect;
/* VERY DANGEROUS */
}
}

static VOID Uninitialize()
{
struct TDIDispatchTable*pTab = NULL;

// Make the call to the original function. pTab gets the pointer
// to VTDI’s dispatch table.

pTab = (struct TDIDispatchTable*)VTDI_Get_Info(“MSTCP”);

// Need to test if (1) we care, (2) got an address, and (3) already
// patched the table

if (pTab && TdiConnectEntry)
{
// Replace the entry point
/* VERY DANGEROUS */
pTab->TdiConnectEntry = TdiConnectEntry;
/* VERY DANGEROUS */
}
}

Thanks in advance.

-Abel.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Jim Young
Sent: miércoles, 20 de diciembre de 2000 3:31
To: NT Developers Interest List
Subject: [ntdev] Re: TDI filter driver

Windows 9x supports dynamically loaded VxDs. I’ve written a similar VxD that
monitored serial port activity and it could be dynamically loaded, but you
would still be subject to the same problems that Thomas described.

Jim

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Abel Muñoz Alcaraz
Sent: Tuesday, December 19, 2000 7:47 AM
To: NT Developers Interest List
Subject: [ntdev] Re: TDI filter driver

Thanks Thomas,

Is possible, in W9x, to develop a DYNAMIC VXD or this is possible in
NT/2000 only?
I want load and unload this vxd when I need it.

-Abel.

-----Original Message-----
From: xxxxx@lists.osr.com
[mailto:xxxxx@lists.osr.com]On Behalf Of Thomas F. Divine
Sent: martes, 19 de diciembre de 2000 16:38
To: NT Developers Interest List
Subject: [ntdev] Re: TDI filter driver

On Windows NT and Windows 2000 you will be writing a layered device driver.
That is, a driver that uses IoAttachDeviceToDeviceStack to “layer” itself
above TCP/IP-related devices such as “\Device\Tcp” and “\Device\Udp”. Your
first task is to become familiar with the general techniques used in NT
layered device drivers. You should probably get some books to help you. See:

http:

“Windows NT Device Driver Development, by Peter Viscarola, et al”,
“Developing Windows NT Device Drivers: A Programmer’s Handbook, by Edward N.
Dekker & Joseph M. Newcomer” and “Programming the Windows Driver Model, by
Walter Oney” probably cover this topic.

The book “Windows NT File System Internals, by Rajeev Nagar” is heartily
recommended. Although it appears to be related to the specialized topic of
NT File Systems, Rajeev provides excellent advice in a broader area -
especially NT filter drivers.

Then you must learn how to USE TDI using the documentation in the NT DDK.
The TDI FAQ provides some additional information. See:

http:

Windows 9X is a different matter. Here you write a VxD that “hooks” the
VTDI_Get_Info service, which returns the TDI dispatch table. In your hooked
version of VTDI_Get_Info you return a modified dispatch table that includes
pointers to your proxy functions for TdiOpenAddress, etc.

Good luck,

Thomas F. Divine

PCAUSA - Toolkits & Resources For Network Software Developers
NDIS Protocol - NDIS Intermediate - TDI Client
http: - http:

----- Original Message -----
From: Abel Muñoz Alcaraz
To: NT Developers Interest List
Sent: Monday, December 18, 2000 3:02 PM
Subject: [ntdev] TDI filter driver

> Hi everybody,
>
> I want to develop a dynamic loadable Windows 9x/ME/NT/2000 TDI filter
> driver.
> The driver must replace the TdiConnectEntry and it must prevent that
> connections are made.
>
> Where can I find examples, or some information, about this?
>
> Thanks in advance.
>
> -Abel.
>
>
> —
> You are currently subscribed to ntdev as: xxxxx@pcausa.com
> To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: xxxxx@trymedia.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: xxxxx@youngendeavors.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: xxxxx@trymedia.com
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com


You are currently subscribed to ntdev as: $subst(‘Recip.EmailAddr’)
To unsubscribe send a blank email to leave-ntdev-$subst(‘Recip.MemberIDChar’)@lists.osr.com</http:></http:></http:></http:>