破解电信、网通、铁通接入商限制共享上网一:http://blog.csdn.net/kl222/article/details/7762340
破解电信、网通、铁通接入商限制共享上网二 —— PPPOE输入的IP数据包的TTL置0
接入商通过修改IP数据包的TTL为0,限制共享上网。现在我们修改流入的IP的TTL大于0。
多平台(x86、ia64、amd64),在ddk3790下编译通过:
编译好的驱动下载:http://download.csdn.net/detail/kl222/6648507
源码下载:http://download.csdn.net/detail/kl222/6650033
windows xp:
源码下载:http://download.csdn.net/detail/kl222/4449266
驱动程序下载:http://download.csdn.net/detail/kl222/4449316
一 NDIS驱动程序分类.
NDIS(Network Driver Interface Specification)是Windows网络驱动程序接口标准,NDIS驱动程序分为三类:
1. NDIS Miniport NIC Driver: 底层的微端口NIC驱动,这就是网络设备的物理的驱动程序了。
2. NDIS Protocol Driver: 高层的协议驱动,用来实现某个具体的协议栈,如TCP/IP协议栈,
并向上导出TDI接口。
3. NDIS Intermediate Driver: 中间层驱动,位于Miniport Driver和Protocol Driver之间。
二 NDIS驱动结构简介.
TDI(Transport Driver Interface) _______________________________________________________ | | ________|__________ _______|_______ | | | | _____ | LAN Protocols | | | | | |___________________| | | | |_____________________ | Native | | | | Media | | N LAN Media Type | | Aware | | D _____________________| | Protocol | | I | __________________ | | | S | | | | | | | |NDIS Intermediate | | | | I | |__________________| |_______________| | N |_________________________________________ | T | | E Native Media Type | | R __________________________________________| | F | _________________ __________________ | A | | | | | | C | | NDIS Miniport | | NDIS Miniport | | E | |_________________| |__________________| | |_________________________________________ | | | NDIS Interface | |______________________________________________| ________________ ______________ | | | | | NetCard | | NetCard | |________________| |______________| 图一
三 NDIS驱动程序的数据处理流程
________________________ _____ | | | | | Transport Driver | | | |________________________| | | | Protocol Xxx - Media X | | | +------------------------+ | | ___________________________| | |___________________________ | | | ________________________ | | | Miniport Xxx - Media X | | | +------------------------| | | | | | | | Intermediate Driver | | | |________________________| | | | Protocol Xxx - Media Y | | | +------------------------+ | | | | ___________________________| | |___________________________ | | | ________________________ | | | Miniport Xxx - Media Y | | | +------------------------| | | | | | | | NIC Driver | | | |________________________| | | | | ___________________________| | |_________________________________| _________________ | | | NIC | |_________________| 图二
程序讲解:
passthru是DDK提供的一个网络ndis中间驱动程序。
PtReceivePacket是底层接收到数据包后,就调用此函数,我们也就在此函数中修改IP的TTL值大于0。ip.c 中的 OnProcessMyPacket 就是我们修改TTL。
INT OnProcessMyPacket(PNDIS_PACKET Packet)
{
int nRet = 0;
UINT nPhysicalBufferCount = 0, nBufferCount = 0, nTotalPacketLength = 0;
PNDIS_BUFFER pFirstBuffer = NULL;
char * pBuf = NULL;
UINT nLen = 0;
struct ip_hdr * ipHdr = NULL;
struct ethhdr * pEthHdr = NULL;
struct ppp_hdr *pPppHdr = NULL;
if(!Packet)
{
return 0;
}
NdisQueryPacket(Packet, &nPhysicalBufferCount, &nBufferCount, &pFirstBuffer, &nTotalPacketLength);
DbgPrint("PtReceivePacket:nPhysicalBufferCount:%d;nBufferCount:%d;nTotalPacketLength:%d\n",
nPhysicalBufferCount, nBufferCount, nTotalPacketLength);
//判断包头是否是正常长度
if(nTotalPacketLength < PPPOE_HEAD_LENGTH)
{
return 0;
} // 结束 if(nTotalPacketLength < PPPOE_HEAD_LENGTH)
//我机器缓存比较大,所有包都在一个BUFFER中,如果你的机器比较差,你需要遍历所有BUFFER
NdisQueryBufferSafe(pFirstBuffer, &pBuf, &nLen, HighPagePriority);
pEthHdr = (struct ethhdr * )pBuf;
//是否是PPPOE荷载包
if(pEthHdr->h_proto != htons(ETH_TYPE_PPPOE))
{
return nRet;
} // 结束 if(pEthHdr->h_proto != htons(ETH_TYPE_PPPOE))
pPppHdr = (struct ppp_hdr * )(pBuf + sizeof(struct ethhdr));
//dump((char*)pBuf, nLen, "pppoe");
//是否是IP协议包
if(htons(PPPOE_TYPE_IP) != pPppHdr->protol)
{
return nRet;
} // 结束 if(htons(ETH_TYPE_IP) != pppId)
DbgPrint("PtReceivePacket is ip over pppoe packet \n");
ipHdr = (struct ip_hdr * )(pBuf + sizeof(struct ethhdr) + 8);
ipHdr->ip_ttl = 30;//设置TTL
//校验和
ip_checksum(ipHdr);
return nRet;
}
校验和:
/*计算校验和*/
UINT16 checksum(void *buf,int len)
{
UINT32 sum = 0;
UINT16 * cbuf;
dump((char*)buf, len, NULL);
DbgPrint("checksum:head len:%d\n", len);
if(len < IP_HDR_LEN)
{
DbgPrint("ip head len < %d\n", IP_HDR_LEN);
return 0;
} // 结束 if(len < IP_HDR_LEN)
cbuf = (UINT16 * )buf;
while(len>1){
sum += *cbuf++;
len -= 2;
}
if(len)
sum += *(UINT8 * )cbuf;
while(sum >> 16)
{
sum = (sum & 0xffff) + (sum >> 16);
} // 结束 while(sum >> 16)
return ~sum;
}
void ip_checksum(struct ip_hdr * ipHdr)
{
ipHdr->ip_sum = 0;
DbgPrint("checksum:ip->ip_hl:%02X\n", ipHdr->ip_hl);
ipHdr->ip_sum = checksum(ipHdr, ipHdr->ip_hl << 2);
}
程序编译:
本驱动用windows ddk 3790版本编译。
安装windows ddk 3790
在开始菜单中找到ddk,点击相应平台的命令菜单,出现命令行编译环境。
在命令行中切换到此驱动源码目录,运行:
build