对于NDIS HOOK来说,NDIS_PROTOCOL_BLOCK 结构的准确定义是非常重要的。虽然网上有很多代码都是直接用指定的偏移量来计算的,但我还是比较喜欢有正确的结构定义在。Windows PC 平台上的DDK的NDIS.H中隐藏了很多的定义,但我发现在 Windows CE的DDK却都完全给出,十分奇怪。
我经过多次测试,发现只有以下版本在XP以上才能正常使用:
struct _NDIS_PROTOCOL_BLOCK
{
PNDIS_OPEN_BLOCK OpenQueue; // +0x00
REFERENCE Ref; // +0x04
PKEVENT DeregEvent; // +0x0c
PNDIS_PROTOCOL_BLOCK NextProtocol; // +0x10
NDIS50_PROTOCOL_CHARACTERISTICS ProtocolCharacteristics;// +0x14
PWORK_QUEUE_ITEM WorkItem;
PKMUTANT Mutex;
DWORD MutexOwner;
PUNICODE_STRING BindDeviceName;
PUNICODE_STRING RootDeviceName;
NDIS_HANDLE AssociatedMiniDriver;
PNDIS_MINIPORT_BLOCK BindingAdapter;
};
2010.5.1 添加一下Win7下的 NDIS_PROTOCOL_BLOCK,真是够庞大的:
struct _NDIS_PROTOCOL_BLOCK // 0x188
{
NDIS_OBJECT_HEADER Header; // +0x0(0x4)
PVOID ProtocolDriverContext; // +0x4(0x4)
PNDIS_PROTOCOL_BLOCK NextProtocol; // +0x8(0x4)
PNDIS_OPEN_BLOCK OpenQueue; // +0xc(0x4)
REFERENCE Ref; // +0x10(0x8)
UCHAR MajorNdisVersion; // +0x18(0x1)
UCHAR MinorNdisVersion; // +0x19(0x1)
UCHAR MajorDriverVersion; // +0x1a(0x1)
UCHAR MinorDriverVersion; // +0x1b(0x1)
ULONG Reserved; // +0x1c(0x4)
ULONG Flags; // +0x20(0x4)
UNICODE_STRING Name; // +0x24(0x8)
BOOLEAN IsIPv4; // +0x2c(0x1)
BOOLEAN IsIPv6; // +0x2d(0x1)
BOOLEAN IsNdisTest6; // +0x2e(0x1)
BIND_HANDLER_EX BindAdapterHandlerEx; // +0x30(0x4)
UNBIND_HANDLER_EX UnbindAdapterHandlerEx; // +0x34(0x4)
OPEN_ADAPTER_COMPLETE_HANDLER_EX OpenAdapterCompleteHandlerEx; // +0x38(0x4)
CLOSE_ADAPTER_COMPLETE_HANDLER_EX CloseAdapterCompleteHandlerEx; // +0x3c(0x4)
union
{
PNP_EVENT_HANDLER PnPEventHandler; // +0x40(0x4)
NET_PNP_EVENT_HANDLER NetPnPEventHandler; // +0x40(0x4)
};
UNLOAD_PROTOCOL_HANDLER UnloadHandler; // +0x44(0x4)
UNINSTALL_PROTOCOL_HANDLER UninstallHandler; // +0x48(0x4)
REQUEST_COMPLETE_HANDLER RequestCompleteHandler; // +0x4c(0x4)
STATUS_HANDLER_EX StatusHandlerEx; // +0x50(0x4)
STATUS_HANDLER StatusHandler; // +0x50(0x4)
STATUS_COMPLETE_HANDLER StatusCompleteHandler; // +0x54(0x4)
RECEIVE_NET_BUFFER_LISTS_HANDLER ReceiveNetBufferListsHandler; // +0x58(0x4)
SEND_NET_BUFFER_LISTS_COMPLETE_HANDLER SendNetBufferListsCompleteHandler; // +0x5c(0x4)
CO_STATUS_HANDLER_EX CoStatusHandlerEx; // +0x60(0x4)
CO_STATUS_HANDLER CoStatusHandler; // +0x60(0x4)
CO_AF_REGISTER_NOTIFY_HANDLER CoAfRegisterNotifyHandler; // +0x64(0x4)
CO_RECEIVE_NET_BUFFER_LISTS_HANDLER CoReceiveNetBufferListsHandler; // +0x68(0x4)
CO_SEND_NET_BUFFER_LISTS_COMPLETE_HANDLER CoSendNetBufferListsCompleteHandler; // +0x6c(0x4)
OPEN_ADAPTER_COMPLETE_HANDLER OpenAdapterCompleteHandler; // +0x70(0x4)
CLOSE_ADAPTER_COMPLETE_HANDLER CloseAdapterCompleteHandler; // +0x74(0x4)
union
{
SEND_COMPLETE_HANDLER SendCompleteHandler; // +0x78(0x4)
WAN_SEND_COMPLETE_HANDLER WanSendCompleteHandler; // +0x78(0x4)
};
union
{
TRANSFER_DATA_COMPLETE_HANDLER TransferDataCompleteHandler; // +0x7c(0x4)
WAN_TRANSFER_DATA_COMPLETE_HANDLER WanTransferDataCompleteHandler; // +0x7c(0x4)
};
RESET_COMPLETE_HANDLER ResetCompleteHandler; // +0x80(0x4)
union
{
RECEIVE_HANDLER ReceiveHandler; // +0x84(0x4)
WAN_RECEIVE_HANDLER WanReceiveHandler; // +0x84(0x4)
};
RECEIVE_COMPLETE_HANDLER ReceiveCompleteHandler; // +0x88(0x4)
RECEIVE_PACKET_HANDLER ReceivePacketHandler; // +0x8c(0x4)
BIND_HANDLER BindAdapterHandler; // +0x90(0x4)
UNBIND_HANDLER UnbindAdapterHandler; // +0x94(0x4)
CO_SEND_COMPLETE_HANDLER CoSendCompleteHandler; // +0x98(0x4)
CO_RECEIVE_PACKET_HANDLER CoReceivePacketHandler; // +0x9c(0x4)
OID_REQUEST_COMPLETE_HANDLER OidRequestCompleteHandler; // +0xa0(0x4)
WORK_QUEUE_ITEM WorkItem; // +0xa4(0x10)
KMUTANT Mutex; // +0xb4(0x20)
PVOID MutexOwnerThread; // +0xd4(0x4)
ULONG MutexOwnerCount; // +0xd8(0x4)
ULONG MutexOwner; // +0xdc(0x4)
PUNICODE_STRING BindDeviceName; // +0xe0(0x4)
PUNICODE_STRING RootDeviceName; // +0xe4(0x4)
PNDIS_M_DRIVER_BLOCK AssociatedMiniDriver; // +0xe8(0x4)
PNDIS_MINIPORT_BLOCK BindingAdapter; // +0xec(0x4)
PKEVENT DeregEvent; // +0xf0(0x4)
union
{
NDIS_CO_CLIENT_OPTIONAL_HANDLERS ClientChars; // +0xf4(0x54)
NDIS_CO_CALL_MANAGER_OPTIONAL_HANDLERS CallMgrChars; // +0xf4(0x4c)
};
INITIATE_OFFLOAD_COMPLETE_HANDLER InitiateOffloadCompleteHandler; // +0x148(0x4)
TERMINATE_OFFLOAD_COMPLETE_HANDLER TerminateOffloadCompleteHandler; // +0x14c(0x4)
UPDATE_OFFLOAD_COMPLETE_HANDLER UpdateOffloadCompleteHandler; // +0x150(0x4)
INVALIDATE_OFFLOAD_COMPLETE_HANDLER InvalidateOffloadCompleteHandler; // +0x154(0x4)
QUERY_OFFLOAD_COMPLETE_HANDLER QueryOffloadCompleteHandler; // +0x158(0x4)
INDICATE_OFFLOAD_EVENT_HANDLER IndicateOffloadEventHandler; // +0x15c(0x4)
TCP_OFFLOAD_SEND_COMPLETE_HANDLER TcpOffloadSendCompleteHandler; // +0x160(0x4)
TCP_OFFLOAD_RECV_COMPLETE_HANDLER TcpOffloadReceiveCompleteHandler; // +0x164(0x4)
TCP_OFFLOAD_DISCONNECT_COMPLETE_HANDLER TcpOffloadDisconnectCompleteHandler; // +0x168(0x4)
TCP_OFFLOAD_FORWARD_COMPLETE_HANDLER TcpOffloadForwardCompleteHandler; // +0x16c(0x4)
TCP_OFFLOAD_EVENT_HANDLER TcpOffloadEventHandler; // +0x170(0x4)
TCP_OFFLOAD_RECEIVE_INDICATE_HANDLER TcpOffloadReceiveIndicateHandler; // +0x174(0x4)
#if (NDIS_SUPPORT_NDIS61)
DIRECT_OID_REQUEST_COMPLETE_HANDLER DirectOidRequestCompleteHandler; // +0x178(0x4)
#endif // (NDIS_SUPPORT_NDIS61)
ALLOCATE_SHARED_MEMORY_HANDLER AllocateSharedMemoryHandler; // +0x17c(0x4)
FREE_SHARED_MEMORY_HANDLER FreeSharedMemoryHandler; // +0x180(0x4)
PVOID AllocateSharedMemoryContext; // +0x184(0x4)
};