├── Driver
    ├── Filemon.c
    ├── Filemon.h
    ├── GuardLite.c
    ├── GuardLite.h
    ├── Makefile
    ├── Procmon.c
    ├── Public.c
    ├── Public.h
    ├── Regmon.c
    ├── Regmon.h
    ├── Servicesmon.c
    └── Sources
├── MinFileMon
    ├── MinFilemon.c
    ├── MinFilemon.h
    ├── MinFilemon.reg
    ├── MinFilemonCtrl.h
    ├── Sources
    └── makefile
├── NetSys
    ├── EHomeControl.c
    ├── EHomeNetDriverCtrl
    │   ├── ehomedriver.sln
    │   ├── res
    │   │   ├── test.ico
    │   │   └── test.rc2
    │   ├── resource.h
    │   ├── stdafx.cpp
    │   ├── stdafx.h
    │   ├── test.cpp
    │   ├── test.h
    │   ├── test.rc
    │   ├── test.vcproj
    │   ├── testDlg.cpp
    │   └── testDlg.h
    ├── EHomeNetTDI.bak.c
    ├── EHomeNetTDI.c
    ├── EhomeDevCtl.h
    ├── EhomeNet.c
    ├── EhomeNet.h
    ├── Keyword.c
    ├── Keyword.h
    ├── Sources
    ├── TdiFileObjectContext.c
    ├── TdiFileObjectContext.h
    ├── ehomenet_build.bat
    ├── makefile
    └── 参考文档.log
├── Proc
    ├── DevCtl.h
    ├── EhomeProc.c
    ├── EhomeProc.h
    ├── Proc.sln
    ├── Proc.vcproj
    ├── Process.c
    ├── Process.h
    ├── Sources
    ├── Windows7(7600)_amd64.log
    ├── WindowsXP(2600).log
    ├── makefile
    ├── my_build.bat
    └── windows7.log
├── Reference
    ├── Inf文件简介_V1.0.pdf
    ├── TDI.rar
    └── tdifw-1.4.4.zip
├── Sample
    └── TestDriver
    │   ├── TestDriver.cpp
    │   ├── TestDriver.h
    │   ├── TestDriver.rc
    │   ├── TestDriver.sln
    │   ├── TestDriver.vcproj
    │   ├── TestDriverDlg.cpp
    │   ├── TestDriverDlg.h
    │   ├── res
    │       ├── TestDriver.ico
    │       └── TestDriver.rc2
    │   ├── resource.h
    │   ├── stdafx.cpp
    │   └── stdafx.h
├── SimpleShell
    ├── TestWndHook
    │   ├── TestWndHook.cpp
    │   ├── TestWndHook.h
    │   ├── TestWndHook.rc
    │   ├── TestWndHook.vcproj
    │   ├── TestWndHookDlg.cpp
    │   ├── TestWndHookDlg.h
    │   ├── res
    │   │   ├── TestWndHook.ico
    │   │   └── TestWndHook.rc2
    │   ├── resource.h
    │   ├── stdafx.cpp
    │   └── stdafx.h
    └── WndHook
    │   ├── SimpleShell.sln
    │   ├── WndHook.cpp
    │   ├── WndHook.h
    │   ├── WndHook.vcproj
    │   ├── stdafx.cpp
    │   └── stdafx.h
├── XueTr
    └── XueTr.sys
├── common
    └── GuardLiteCtrl.h
├── moniter
    ├── dbgmsgcfg.dll
    └── monitor.exe
├── tdifw
    ├── src
    │   ├── MAKEFILE
    │   ├── NetProc.c
    │   ├── NetProc.h
    │   ├── SOURCES
    │   ├── drv.sln
    │   ├── drv.vcproj
    │   ├── my_build.bat
    │   └── tdifw
    │   │   ├── MAKEFILE
    │   │   ├── SOURCES
    │   │   ├── conn_state.c
    │   │   ├── conn_state.h
    │   │   ├── disp_conn.c
    │   │   ├── disp_dg.c
    │   │   ├── disp_ev.c
    │   │   ├── disp_obj.c
    │   │   ├── disp_sr.c
    │   │   ├── dispatch.c
    │   │   ├── dispatch.h
    │   │   ├── ev_conn.c
    │   │   ├── ev_dg.c
    │   │   ├── ev_recv.c
    │   │   ├── events.c
    │   │   ├── events.h
    │   │   ├── filter.c
    │   │   ├── filter.h
    │   │   ├── ipc.c
    │   │   ├── ipc.h
    │   │   ├── memtrack.c
    │   │   ├── memtrack.h
    │   │   ├── my_build.bat
    │   │   ├── ndis_hk_ioctl.h
    │   │   ├── net.h
    │   │   ├── obj_tbl.c
    │   │   ├── obj_tbl.h
    │   │   ├── packet.c
    │   │   ├── packet.h
    │   │   ├── pid_pname.c
    │   │   ├── pid_pname.h
    │   │   ├── sids.c
    │   │   ├── sids.h
    │   │   ├── sock.c
    │   │   ├── sock.h
    │   │   ├── tdi_fw.c
    │   │   ├── tdi_fw.h
    │   │   └── tdi_fw_lib.h
    ├── tdi.log
    └── tdifw-1.4.4.zip
└── usbfilter
    ├── Sources
    ├── install.reg
    ├── makefile
    ├── usbfilter.c
    ├── usbfilter.h
    ├── usbfilter.sln
    ├── usbfilter.vcproj
    ├── usbfilter_build.bat
    └── 参考.log


/Driver/Filemon.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Driver/Filemon.c


--------------------------------------------------------------------------------
/Driver/Filemon.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Driver/Filemon.h


--------------------------------------------------------------------------------
/Driver/GuardLite.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Driver/GuardLite.c


--------------------------------------------------------------------------------
/Driver/GuardLite.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Driver/GuardLite.h


--------------------------------------------------------------------------------
/Driver/Makefile:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!!  Edit .\sources. If you want to add a new source
3 | # file to this component.  This file merely indirects to the real make file
4 | # that is shared by all the driver components of the Windows NT DDK
5 | #
6 | 
7 | !INCLUDE $(NTMAKEENV)\makefile.def
8 | 


--------------------------------------------------------------------------------
/Driver/Procmon.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Driver/Procmon.c


--------------------------------------------------------------------------------
/Driver/Public.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Driver/Public.c


--------------------------------------------------------------------------------
/Driver/Public.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Driver/Public.h


--------------------------------------------------------------------------------
/Driver/Regmon.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Driver/Regmon.c


--------------------------------------------------------------------------------
/Driver/Regmon.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Driver/Regmon.h


--------------------------------------------------------------------------------
/Driver/Servicesmon.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Driver/Servicesmon.c


--------------------------------------------------------------------------------
/Driver/Sources:
--------------------------------------------------------------------------------
 1 | TARGETNAME=GuardLite
 2 | TARGETTYPE=DRIVER
 3 | TARGETPATH=..\out\
 4 | 
 5 | TARGETLIBS= $(TARGETLIBS) \
 6 |   $(IFSKIT_LIB_PATH)\fltMgr.lib 
 7 | 
 8 | 
 9 | INCLUDES=$(BASEDIR)\inc;\
10 |          $(BASEDIR)\inc\ddk;\
11 | 
12 | SOURCES=GuardLite.c\
13 | 		Regmon.c\
14 | 		Filemon.c\
15 | 		Servicesmon.c\
16 | 		Public.c\
17 | 		Procmon.c\
18 | 


--------------------------------------------------------------------------------
/MinFileMon/MinFilemon.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/MinFileMon/MinFilemon.c


--------------------------------------------------------------------------------
/MinFileMon/MinFilemon.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/MinFileMon/MinFilemon.h


--------------------------------------------------------------------------------
/MinFileMon/MinFilemon.reg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/MinFileMon/MinFilemon.reg


--------------------------------------------------------------------------------
/MinFileMon/MinFilemonCtrl.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | #ifndef _NTDDK_
4 | #include <WinIoCtl.h>
5 | #endif
6 | 
7 | 


--------------------------------------------------------------------------------
/MinFileMon/Sources:
--------------------------------------------------------------------------------
 1 | TARGETNAME=MinFilemon
 2 | TARGETTYPE=DRIVER
 3 | TARGETPATH=OBJ
 4 | 
 5 | TARGETLIBS=$(IFSKIT_LIB_PATH)\fltMgr.lib
 6 | 
 7 | 
 8 | INCLUDES=$(BASEDIR)\inc;\
 9 |          $(BASEDIR)\inc\ddk;\
10 | 
11 | SOURCES=MinFilemon.c\
12 |         
13 | 


--------------------------------------------------------------------------------
/MinFileMon/makefile:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!!  Edit .\sources. If you want to add a new source
3 | # file to this component.  This file merely indirects to the real make file
4 | # that is shared by all the driver components of the Windows NT DDK
5 | #
6 | 
7 | !INCLUDE $(NTMAKEENV)\makefile.def


--------------------------------------------------------------------------------
/NetSys/EHomeControl.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/EHomeControl.c


--------------------------------------------------------------------------------
/NetSys/EHomeNetDriverCtrl/ehomedriver.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 9.00
 3 | # Visual Studio 2005
 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "EHomeNetCtrl", "test.vcproj", "{0B2945A2-5F8D-45E3-AA5E-DC4475FACCF0}"
 5 | EndProject
 6 | Global
 7 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 8 | 		Debug|Win32 = Debug|Win32
 9 | 		Debug|x64 = Debug|x64
10 | 		Release|Win32 = Release|Win32
11 | 		Release|x64 = Release|x64
12 | 	EndGlobalSection
13 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | 		{0B2945A2-5F8D-45E3-AA5E-DC4475FACCF0}.Debug|Win32.ActiveCfg = Debug|Win32
15 | 		{0B2945A2-5F8D-45E3-AA5E-DC4475FACCF0}.Debug|Win32.Build.0 = Debug|Win32
16 | 		{0B2945A2-5F8D-45E3-AA5E-DC4475FACCF0}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{0B2945A2-5F8D-45E3-AA5E-DC4475FACCF0}.Debug|x64.Build.0 = Debug|x64
18 | 		{0B2945A2-5F8D-45E3-AA5E-DC4475FACCF0}.Release|Win32.ActiveCfg = Release|Win32
19 | 		{0B2945A2-5F8D-45E3-AA5E-DC4475FACCF0}.Release|Win32.Build.0 = Release|Win32
20 | 		{0B2945A2-5F8D-45E3-AA5E-DC4475FACCF0}.Release|x64.ActiveCfg = Release|x64
21 | 		{0B2945A2-5F8D-45E3-AA5E-DC4475FACCF0}.Release|x64.Build.0 = Release|x64
22 | 	EndGlobalSection
23 | 	GlobalSection(SolutionProperties) = preSolution
24 | 		HideSolutionNode = FALSE
25 | 	EndGlobalSection
26 | EndGlobal
27 | 


--------------------------------------------------------------------------------
/NetSys/EHomeNetDriverCtrl/res/test.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/EHomeNetDriverCtrl/res/test.ico


--------------------------------------------------------------------------------
/NetSys/EHomeNetDriverCtrl/res/test.rc2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/EHomeNetDriverCtrl/res/test.rc2


--------------------------------------------------------------------------------
/NetSys/EHomeNetDriverCtrl/resource.h:
--------------------------------------------------------------------------------
 1 | //{{NO_DEPENDENCIES}}
 2 | // Microsoft Visual C++ generated include file.
 3 | // Used by test.rc
 4 | //
 5 | #define IDD_TEST_DIALOG                 102
 6 | #define IDR_MAINFRAME                   128
 7 | #define IDC_LIST1                       1000
 8 | #define IDC_BT_START                    1001
 9 | #define IDC_BT_STOP                     1002
10 | #define IDC_BT_CLEAR                    1003
11 | #define IDC_BUTTON1                     1004
12 | #define IDC_BT_NETWORK                  1004
13 | #define IDC_BUTTON2                     1005
14 | #define IDC_BUTTON3                     1006
15 | #define IDC_RADIO1                      1008
16 | #define IDC_RADIO2                      1009
17 | #define IDC_EDIT1                       1010
18 | 
19 | // Next default values for new objects
20 | // 
21 | #ifdef APSTUDIO_INVOKED
22 | #ifndef APSTUDIO_READONLY_SYMBOLS
23 | #define _APS_NEXT_RESOURCE_VALUE        129
24 | #define _APS_NEXT_COMMAND_VALUE         32771
25 | #define _APS_NEXT_CONTROL_VALUE         1011
26 | #define _APS_NEXT_SYMED_VALUE           101
27 | #endif
28 | #endif
29 | 


--------------------------------------------------------------------------------
/NetSys/EHomeNetDriverCtrl/stdafx.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/EHomeNetDriverCtrl/stdafx.cpp


--------------------------------------------------------------------------------
/NetSys/EHomeNetDriverCtrl/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/EHomeNetDriverCtrl/stdafx.h


--------------------------------------------------------------------------------
/NetSys/EHomeNetDriverCtrl/test.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/EHomeNetDriverCtrl/test.cpp


--------------------------------------------------------------------------------
/NetSys/EHomeNetDriverCtrl/test.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/EHomeNetDriverCtrl/test.h


--------------------------------------------------------------------------------
/NetSys/EHomeNetDriverCtrl/test.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/EHomeNetDriverCtrl/test.rc


--------------------------------------------------------------------------------
/NetSys/EHomeNetDriverCtrl/test.vcproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="gb2312"?>
  2 | <VisualStudioProject
  3 | 	ProjectType="Visual C++"
  4 | 	Version="8.00"
  5 | 	Name="EHomeNetCtrl"
  6 | 	ProjectGUID="{0B2945A2-5F8D-45E3-AA5E-DC4475FACCF0}"
  7 | 	RootNamespace="test"
  8 | 	Keyword="MFCProj"
  9 | 	>
 10 | 	<Platforms>
 11 | 		<Platform
 12 | 			Name="Win32"
 13 | 		/>
 14 | 		<Platform
 15 | 			Name="x64"
 16 | 		/>
 17 | 	</Platforms>
 18 | 	<ToolFiles>
 19 | 	</ToolFiles>
 20 | 	<Configurations>
 21 | 		<Configuration
 22 | 			Name="Debug|Win32"
 23 | 			OutputDirectory="F:\Out\$(ProjectName)\$(ConfigurationName)"
 24 | 			IntermediateDirectory="F:\Out\$(ProjectName)\$(ConfigurationName)"
 25 | 			ConfigurationType="1"
 26 | 			UseOfMFC="1"
 27 | 			CharacterSet="1"
 28 | 			>
 29 | 			<Tool
 30 | 				Name="VCPreBuildEventTool"
 31 | 			/>
 32 | 			<Tool
 33 | 				Name="VCCustomBuildTool"
 34 | 			/>
 35 | 			<Tool
 36 | 				Name="VCXMLDataGeneratorTool"
 37 | 			/>
 38 | 			<Tool
 39 | 				Name="VCWebServiceProxyGeneratorTool"
 40 | 			/>
 41 | 			<Tool
 42 | 				Name="VCMIDLTool"
 43 | 				PreprocessorDefinitions="_DEBUG"
 44 | 				MkTypLibCompatible="false"
 45 | 				ValidateParameters="false"
 46 | 			/>
 47 | 			<Tool
 48 | 				Name="VCCLCompilerTool"
 49 | 				Optimization="0"
 50 | 				PreprocessorDefinitions="WIN32;_WINDOWS;_DEBUG"
 51 | 				MinimalRebuild="true"
 52 | 				BasicRuntimeChecks="3"
 53 | 				RuntimeLibrary="1"
 54 | 				UsePrecompiledHeader="2"
 55 | 				WarningLevel="3"
 56 | 				Detect64BitPortabilityProblems="true"
 57 | 				DebugInformationFormat="4"
 58 | 			/>
 59 | 			<Tool
 60 | 				Name="VCManagedResourceCompilerTool"
 61 | 			/>
 62 | 			<Tool
 63 | 				Name="VCResourceCompilerTool"
 64 | 				PreprocessorDefinitions="_DEBUG"
 65 | 				Culture="2052"
 66 | 				AdditionalIncludeDirectories="$(IntDir)"
 67 | 			/>
 68 | 			<Tool
 69 | 				Name="VCPreLinkEventTool"
 70 | 			/>
 71 | 			<Tool
 72 | 				Name="VCLinkerTool"
 73 | 				OutputFile="F:/Out/Bin/$(SolutionName)/$(ProjectName).exe"
 74 | 				LinkIncremental="2"
 75 | 				GenerateDebugInformation="true"
 76 | 				SubSystem="2"
 77 | 				TargetMachine="1"
 78 | 			/>
 79 | 			<Tool
 80 | 				Name="VCALinkTool"
 81 | 			/>
 82 | 			<Tool
 83 | 				Name="VCManifestTool"
 84 | 			/>
 85 | 			<Tool
 86 | 				Name="VCXDCMakeTool"
 87 | 			/>
 88 | 			<Tool
 89 | 				Name="VCBscMakeTool"
 90 | 			/>
 91 | 			<Tool
 92 | 				Name="VCFxCopTool"
 93 | 			/>
 94 | 			<Tool
 95 | 				Name="VCAppVerifierTool"
 96 | 			/>
 97 | 			<Tool
 98 | 				Name="VCWebDeploymentTool"
 99 | 			/>
100 | 			<Tool
101 | 				Name="VCPostBuildEventTool"
102 | 			/>
103 | 		</Configuration>
104 | 		<Configuration
105 | 			Name="Debug|x64"
106 | 			OutputDirectory="$(SolutionDir)$(PlatformName)\$(ConfigurationName)"
107 | 			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
108 | 			ConfigurationType="1"
109 | 			UseOfMFC="1"
110 | 			CharacterSet="1"
111 | 			>
112 | 			<Tool
113 | 				Name="VCPreBuildEventTool"
114 | 			/>
115 | 			<Tool
116 | 				Name="VCCustomBuildTool"
117 | 			/>
118 | 			<Tool
119 | 				Name="VCXMLDataGeneratorTool"
120 | 			/>
121 | 			<Tool
122 | 				Name="VCWebServiceProxyGeneratorTool"
123 | 			/>
124 | 			<Tool
125 | 				Name="VCMIDLTool"
126 | 				PreprocessorDefinitions="_DEBUG"
127 | 				MkTypLibCompatible="false"
128 | 				TargetEnvironment="3"
129 | 			/>
130 | 			<Tool
131 | 				Name="VCCLCompilerTool"
132 | 				Optimization="0"
133 | 				PreprocessorDefinitions="WIN64;_WINDOWS;_DEBUG"
134 | 				MinimalRebuild="true"
135 | 				BasicRuntimeChecks="3"
136 | 				RuntimeLibrary="1"
137 | 				UsePrecompiledHeader="2"
138 | 				WarningLevel="3"
139 | 				Detect64BitPortabilityProblems="true"
140 | 				DebugInformationFormat="3"
141 | 			/>
142 | 			<Tool
143 | 				Name="VCManagedResourceCompilerTool"
144 | 			/>
145 | 			<Tool
146 | 				Name="VCResourceCompilerTool"
147 | 				PreprocessorDefinitions="_DEBUG"
148 | 				Culture="2052"
149 | 				AdditionalIncludeDirectories="$(IntDir)"
150 | 			/>
151 | 			<Tool
152 | 				Name="VCPreLinkEventTool"
153 | 			/>
154 | 			<Tool
155 | 				Name="VCLinkerTool"
156 | 				OutputFile="F:/Out/Bin/$(SolutionName)/$(ProjectName).exe"
157 | 				LinkIncremental="2"
158 | 				GenerateDebugInformation="true"
159 | 				SubSystem="2"
160 | 				TargetMachine="17"
161 | 			/>
162 | 			<Tool
163 | 				Name="VCALinkTool"
164 | 			/>
165 | 			<Tool
166 | 				Name="VCManifestTool"
167 | 			/>
168 | 			<Tool
169 | 				Name="VCXDCMakeTool"
170 | 			/>
171 | 			<Tool
172 | 				Name="VCBscMakeTool"
173 | 			/>
174 | 			<Tool
175 | 				Name="VCFxCopTool"
176 | 			/>
177 | 			<Tool
178 | 				Name="VCAppVerifierTool"
179 | 			/>
180 | 			<Tool
181 | 				Name="VCWebDeploymentTool"
182 | 			/>
183 | 			<Tool
184 | 				Name="VCPostBuildEventTool"
185 | 			/>
186 | 		</Configuration>
187 | 		<Configuration
188 | 			Name="Release|Win32"
189 | 			OutputDirectory="F:\Out\$(ProjectName)\$(ConfigurationName)"
190 | 			IntermediateDirectory="F:\Out\$(ProjectName)\$(ConfigurationName)"
191 | 			ConfigurationType="1"
192 | 			UseOfMFC="2"
193 | 			CharacterSet="1"
194 | 			WholeProgramOptimization="1"
195 | 			>
196 | 			<Tool
197 | 				Name="VCPreBuildEventTool"
198 | 			/>
199 | 			<Tool
200 | 				Name="VCCustomBuildTool"
201 | 			/>
202 | 			<Tool
203 | 				Name="VCXMLDataGeneratorTool"
204 | 			/>
205 | 			<Tool
206 | 				Name="VCWebServiceProxyGeneratorTool"
207 | 			/>
208 | 			<Tool
209 | 				Name="VCMIDLTool"
210 | 				PreprocessorDefinitions="NDEBUG"
211 | 				MkTypLibCompatible="false"
212 | 				ValidateParameters="false"
213 | 			/>
214 | 			<Tool
215 | 				Name="VCCLCompilerTool"
216 | 				PreprocessorDefinitions="WIN32;_WINDOWS;NDEBUG"
217 | 				MinimalRebuild="false"
218 | 				RuntimeLibrary="2"
219 | 				UsePrecompiledHeader="2"
220 | 				WarningLevel="3"
221 | 				Detect64BitPortabilityProblems="true"
222 | 				DebugInformationFormat="3"
223 | 			/>
224 | 			<Tool
225 | 				Name="VCManagedResourceCompilerTool"
226 | 			/>
227 | 			<Tool
228 | 				Name="VCResourceCompilerTool"
229 | 				PreprocessorDefinitions="NDEBUG"
230 | 				Culture="2052"
231 | 				AdditionalIncludeDirectories="$(IntDir)"
232 | 			/>
233 | 			<Tool
234 | 				Name="VCPreLinkEventTool"
235 | 			/>
236 | 			<Tool
237 | 				Name="VCLinkerTool"
238 | 				OutputFile="F:/Out/Bin/$(SolutionName)/$(ProjectName).exe"
239 | 				LinkIncremental="1"
240 | 				GenerateDebugInformation="true"
241 | 				SubSystem="2"
242 | 				OptimizeReferences="2"
243 | 				EnableCOMDATFolding="2"
244 | 				TargetMachine="1"
245 | 			/>
246 | 			<Tool
247 | 				Name="VCALinkTool"
248 | 			/>
249 | 			<Tool
250 | 				Name="VCManifestTool"
251 | 			/>
252 | 			<Tool
253 | 				Name="VCXDCMakeTool"
254 | 			/>
255 | 			<Tool
256 | 				Name="VCBscMakeTool"
257 | 			/>
258 | 			<Tool
259 | 				Name="VCFxCopTool"
260 | 			/>
261 | 			<Tool
262 | 				Name="VCAppVerifierTool"
263 | 			/>
264 | 			<Tool
265 | 				Name="VCWebDeploymentTool"
266 | 			/>
267 | 			<Tool
268 | 				Name="VCPostBuildEventTool"
269 | 			/>
270 | 		</Configuration>
271 | 		<Configuration
272 | 			Name="Release|x64"
273 | 			OutputDirectory="$(SolutionDir)$(PlatformName)\$(ConfigurationName)"
274 | 			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
275 | 			ConfigurationType="1"
276 | 			UseOfMFC="2"
277 | 			CharacterSet="1"
278 | 			WholeProgramOptimization="1"
279 | 			>
280 | 			<Tool
281 | 				Name="VCPreBuildEventTool"
282 | 			/>
283 | 			<Tool
284 | 				Name="VCCustomBuildTool"
285 | 			/>
286 | 			<Tool
287 | 				Name="VCXMLDataGeneratorTool"
288 | 			/>
289 | 			<Tool
290 | 				Name="VCWebServiceProxyGeneratorTool"
291 | 			/>
292 | 			<Tool
293 | 				Name="VCMIDLTool"
294 | 				PreprocessorDefinitions="NDEBUG"
295 | 				MkTypLibCompatible="false"
296 | 				TargetEnvironment="3"
297 | 			/>
298 | 			<Tool
299 | 				Name="VCCLCompilerTool"
300 | 				PreprocessorDefinitions="WIN32;_WINDOWS;NDEBUG"
301 | 				MinimalRebuild="false"
302 | 				RuntimeLibrary="2"
303 | 				UsePrecompiledHeader="2"
304 | 				WarningLevel="3"
305 | 				Detect64BitPortabilityProblems="true"
306 | 				DebugInformationFormat="3"
307 | 			/>
308 | 			<Tool
309 | 				Name="VCManagedResourceCompilerTool"
310 | 			/>
311 | 			<Tool
312 | 				Name="VCResourceCompilerTool"
313 | 				PreprocessorDefinitions="NDEBUG"
314 | 				Culture="2052"
315 | 				AdditionalIncludeDirectories="$(IntDir)"
316 | 			/>
317 | 			<Tool
318 | 				Name="VCPreLinkEventTool"
319 | 			/>
320 | 			<Tool
321 | 				Name="VCLinkerTool"
322 | 				OutputFile="F:/Out/Bin/$(SolutionName)/$(ProjectName).exe"
323 | 				LinkIncremental="1"
324 | 				GenerateDebugInformation="true"
325 | 				SubSystem="2"
326 | 				OptimizeReferences="2"
327 | 				EnableCOMDATFolding="2"
328 | 				TargetMachine="17"
329 | 			/>
330 | 			<Tool
331 | 				Name="VCALinkTool"
332 | 			/>
333 | 			<Tool
334 | 				Name="VCManifestTool"
335 | 			/>
336 | 			<Tool
337 | 				Name="VCXDCMakeTool"
338 | 			/>
339 | 			<Tool
340 | 				Name="VCBscMakeTool"
341 | 			/>
342 | 			<Tool
343 | 				Name="VCFxCopTool"
344 | 			/>
345 | 			<Tool
346 | 				Name="VCAppVerifierTool"
347 | 			/>
348 | 			<Tool
349 | 				Name="VCWebDeploymentTool"
350 | 			/>
351 | 			<Tool
352 | 				Name="VCPostBuildEventTool"
353 | 			/>
354 | 		</Configuration>
355 | 	</Configurations>
356 | 	<References>
357 | 	</References>
358 | 	<Files>
359 | 		<Filter
360 | 			Name="Source Files"
361 | 			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
362 | 			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
363 | 			>
364 | 			<File
365 | 				RelativePath=".\stdafx.cpp"
366 | 				>
367 | 				<FileConfiguration
368 | 					Name="Debug|Win32"
369 | 					>
370 | 					<Tool
371 | 						Name="VCCLCompilerTool"
372 | 						UsePrecompiledHeader="1"
373 | 					/>
374 | 				</FileConfiguration>
375 | 				<FileConfiguration
376 | 					Name="Debug|x64"
377 | 					>
378 | 					<Tool
379 | 						Name="VCCLCompilerTool"
380 | 						UsePrecompiledHeader="1"
381 | 					/>
382 | 				</FileConfiguration>
383 | 				<FileConfiguration
384 | 					Name="Release|Win32"
385 | 					>
386 | 					<Tool
387 | 						Name="VCCLCompilerTool"
388 | 						UsePrecompiledHeader="1"
389 | 					/>
390 | 				</FileConfiguration>
391 | 				<FileConfiguration
392 | 					Name="Release|x64"
393 | 					>
394 | 					<Tool
395 | 						Name="VCCLCompilerTool"
396 | 						UsePrecompiledHeader="1"
397 | 					/>
398 | 				</FileConfiguration>
399 | 			</File>
400 | 			<File
401 | 				RelativePath=".\test.cpp"
402 | 				>
403 | 			</File>
404 | 			<File
405 | 				RelativePath=".\testDlg.cpp"
406 | 				>
407 | 			</File>
408 | 		</Filter>
409 | 		<Filter
410 | 			Name="Header Files"
411 | 			Filter="h;hpp;hxx;hm;inl;inc;xsd"
412 | 			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
413 | 			>
414 | 			<File
415 | 				RelativePath=".\Resource.h"
416 | 				>
417 | 			</File>
418 | 			<File
419 | 				RelativePath=".\stdafx.h"
420 | 				>
421 | 			</File>
422 | 			<File
423 | 				RelativePath=".\test.h"
424 | 				>
425 | 			</File>
426 | 			<File
427 | 				RelativePath=".\testDlg.h"
428 | 				>
429 | 			</File>
430 | 		</Filter>
431 | 		<Filter
432 | 			Name="Resource Files"
433 | 			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
434 | 			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
435 | 			>
436 | 			<File
437 | 				RelativePath=".\res\test.ico"
438 | 				>
439 | 			</File>
440 | 			<File
441 | 				RelativePath=".\test.rc"
442 | 				>
443 | 			</File>
444 | 			<File
445 | 				RelativePath=".\res\test.rc2"
446 | 				>
447 | 			</File>
448 | 		</Filter>
449 | 		<File
450 | 			RelativePath=".\ReadMe.txt"
451 | 			>
452 | 		</File>
453 | 	</Files>
454 | 	<Globals>
455 | 		<Global
456 | 			Name="RESOURCE_FILE"
457 | 			Value="test.rc"
458 | 		/>
459 | 	</Globals>
460 | </VisualStudioProject>
461 | 


--------------------------------------------------------------------------------
/NetSys/EHomeNetDriverCtrl/testDlg.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/EHomeNetDriverCtrl/testDlg.cpp


--------------------------------------------------------------------------------
/NetSys/EHomeNetDriverCtrl/testDlg.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/EHomeNetDriverCtrl/testDlg.h


--------------------------------------------------------------------------------
/NetSys/EHomeNetTDI.bak.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/EHomeNetTDI.bak.c


--------------------------------------------------------------------------------
/NetSys/EHomeNetTDI.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/EHomeNetTDI.c


--------------------------------------------------------------------------------
/NetSys/EhomeDevCtl.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/EhomeDevCtl.h


--------------------------------------------------------------------------------
/NetSys/EhomeNet.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/EhomeNet.c


--------------------------------------------------------------------------------
/NetSys/EhomeNet.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/EhomeNet.h


--------------------------------------------------------------------------------
/NetSys/Keyword.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/Keyword.c


--------------------------------------------------------------------------------
/NetSys/Keyword.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | void		keyword_Init();
4 | void		keyword_Release();
5 | void		keyword_Add(int type, char* pKeyword, ULONG nLen);
6 | void		keyword_Clear();
7 | BOOLEAN		keyword_Find(IN char* pData, IN int nLenData, OUT char** ppKeyWord, 
8 | 	OUT int* pLenKeyWord, OUT int* pType);


--------------------------------------------------------------------------------
/NetSys/Sources:
--------------------------------------------------------------------------------
 1 | TARGETNAME=EhomeNet
 2 | TARGETPATH=F:\Out\Bin\EhomeDriver
 3 | TARGETTYPE=DRIVER
 4 | TARGETLIBS=
 5 | C_DEFINES=
 6 | 
 7 | SOURCES = EhomeNet.c \
 8 | 		  EHomeNetTDI.c \
 9 | 		  TdiFileObjectContext.c \
10 | 		  Keyword.c \
11 | 		  EHomeControl.c \ 
12 | 
13 | 


--------------------------------------------------------------------------------
/NetSys/TdiFileObjectContext.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/TdiFileObjectContext.c


--------------------------------------------------------------------------------
/NetSys/TdiFileObjectContext.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/TdiFileObjectContext.h


--------------------------------------------------------------------------------
/NetSys/ehomenet_build.bat:
--------------------------------------------------------------------------------
1 | call D:\WinDDK\7600.16385.1\bin\setenv.bat D:\WinDDK\7600.16385.1\ %1 %2 %3 no_oacr
2 | cd /d %4
3 | build
4 | 


--------------------------------------------------------------------------------
/NetSys/makefile:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!!  Edit .\sources. if you want to add a new source
3 | # file to this component.  This file merely indirects to the real make file
4 | # that is shared by all the driver components of the Windows NT DDK
5 | #
6 | 
7 | !INCLUDE $(NTMAKEENV)\makefile.def
8 | 
9 | 


--------------------------------------------------------------------------------
/NetSys/参考文档.log:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/NetSys/参考文档.log


--------------------------------------------------------------------------------
/Proc/DevCtl.h:
--------------------------------------------------------------------------------
 1 | 
 2 | #define NAMELENGTH  262/*36*/
 3 | #pragma pack(push, 1)
 4 | typedef struct _CallbackInfo
 5 | {
 6 |     ULONGLONG		hParentId;
 7 |     ULONGLONG		hProcessId;
 8 |     ULONG			bCreate;
 9 | 	WCHAR			szImagePath[NAMELENGTH];
10 | }CALLBACK_INFO, *PCALLBACK_INFO;
11 | #pragma pack(pop)
12 | #define IOCTL_NTPROCDRV_GET_PROCINFO    CTL_CODE(FILE_DEVICE_UNKNOWN, \
13 | 			0x0800, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
14 | #define IOCTL_NTPROCDRV_STOP_PROC_MONITOR    CTL_CODE(FILE_DEVICE_UNKNOWN, \
15 | 			0x0801, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
16 | 
17 | #define IOCTL_SET_EVENT                 CTL_CODE(FILE_DEVICE_UNKNOWN, \
18 | 			0x0805, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)
19 | 
20 | #define IOCTL_KILL_PROCESS              CTL_CODE(FILE_DEVICE_UNKNOWN, \
21 | 			0x0810, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS)


--------------------------------------------------------------------------------
/Proc/EhomeProc.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Proc/EhomeProc.c


--------------------------------------------------------------------------------
/Proc/EhomeProc.h:
--------------------------------------------------------------------------------
 1 | 
 2 | 
 3 | 
 4 | 
 5 | 
 6 | 
 7 | 
 8 | NTSTATUS DispatchCreate(PDEVICE_OBJECT pDevObj, PIRP pIrp);
 9 | NTSTATUS DispatchClose(PDEVICE_OBJECT pDevObj, PIRP pIrp);
10 | void DriverUnload(PDRIVER_OBJECT pDriverObj);
11 | NTSTATUS DispatchIoctl(PDEVICE_OBJECT pDevObj, PIRP pIrp);
12 | VOID ProcessCallback(IN HANDLE  hParentId, IN HANDLE  hProcessId, IN BOOLEAN bCreate);
13 | 
14 | #define DEVICE_NAME		L"\\Device\\devNTProcDrv"
15 | #define LINK_NAME		L"\\DosDevices\\slNTProcDrv"
16 | 
17 | 
18 | typedef int BOOL;
19 | 
20 | typedef struct _DEVICE_EXTENSION 
21 | {
22 |     PKEVENT						ProcessEvent;
23 | 	LIST_ENTRY					ListHeader;
24 | 	NPAGED_LOOKASIDE_LIST		ListLookAside;
25 | 	KSPIN_LOCK					ListLock;
26 | //     ULONGLONG		hPParentId;	
27 | //     ULONGLONG		hPProcessId;
28 | //     BOOLEAN			bPCreate;
29 | // 	char proname[NAMELENGTH];
30 | } DEVICE_EXTENSION, *PDEVICE_EXTENSION;
31 | 


--------------------------------------------------------------------------------
/Proc/Proc.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 9.00
 3 | # Visual Studio 2005
 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "EHomeProc", "Proc.vcproj", "{D3788FE7-4A62-4F93-B00A-B17898980ECB}"
 5 | EndProject
 6 | Global
 7 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 8 | 		Debug|Win32 = Debug|Win32
 9 | 		Debug|x64 = Debug|x64
10 | 		Release|Win32 = Release|Win32
11 | 		Release|x64 = Release|x64
12 | 	EndGlobalSection
13 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
14 | 		{D3788FE7-4A62-4F93-B00A-B17898980ECB}.Debug|Win32.ActiveCfg = Debug|Win32
15 | 		{D3788FE7-4A62-4F93-B00A-B17898980ECB}.Debug|Win32.Build.0 = Debug|Win32
16 | 		{D3788FE7-4A62-4F93-B00A-B17898980ECB}.Debug|x64.ActiveCfg = Debug|x64
17 | 		{D3788FE7-4A62-4F93-B00A-B17898980ECB}.Debug|x64.Build.0 = Debug|x64
18 | 		{D3788FE7-4A62-4F93-B00A-B17898980ECB}.Release|Win32.ActiveCfg = Release|Win32
19 | 		{D3788FE7-4A62-4F93-B00A-B17898980ECB}.Release|Win32.Build.0 = Release|Win32
20 | 		{D3788FE7-4A62-4F93-B00A-B17898980ECB}.Release|x64.ActiveCfg = Release|x64
21 | 		{D3788FE7-4A62-4F93-B00A-B17898980ECB}.Release|x64.Build.0 = Release|x64
22 | 	EndGlobalSection
23 | 	GlobalSection(SolutionProperties) = preSolution
24 | 		HideSolutionNode = FALSE
25 | 	EndGlobalSection
26 | EndGlobal
27 | 


--------------------------------------------------------------------------------
/Proc/Proc.vcproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="gb2312"?>
  2 | <VisualStudioProject
  3 | 	ProjectType="Visual C++"
  4 | 	Version="8.00"
  5 | 	Name="EHomeProc"
  6 | 	ProjectGUID="{D3788FE7-4A62-4F93-B00A-B17898980ECB}"
  7 | 	RootNamespace="usbfilter"
  8 | 	>
  9 | 	<Platforms>
 10 | 		<Platform
 11 | 			Name="Win32"
 12 | 		/>
 13 | 		<Platform
 14 | 			Name="x64"
 15 | 		/>
 16 | 	</Platforms>
 17 | 	<ToolFiles>
 18 | 	</ToolFiles>
 19 | 	<Configurations>
 20 | 		<Configuration
 21 | 			Name="Debug|Win32"
 22 | 			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
 23 | 			IntermediateDirectory="$(ConfigurationName)"
 24 | 			ConfigurationType="0"
 25 | 			>
 26 | 			<Tool
 27 | 				Name="VCNMakeTool"
 28 | 				BuildCommandLine="my_build.bat chk x86 WXP $(ProjectDir)"
 29 | 				ReBuildCommandLine=""
 30 | 				CleanCommandLine=""
 31 | 				Output=""
 32 | 				PreprocessorDefinitions=""
 33 | 				IncludeSearchPath=""
 34 | 				ForcedIncludes=""
 35 | 				AssemblySearchPath=""
 36 | 				ForcedUsingAssemblies=""
 37 | 				CompileAsManaged=""
 38 | 			/>
 39 | 		</Configuration>
 40 | 		<Configuration
 41 | 			Name="Debug|x64"
 42 | 			OutputDirectory="$(SolutionDir)$(PlatformName)\$(ConfigurationName)"
 43 | 			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
 44 | 			ConfigurationType="0"
 45 | 			>
 46 | 			<Tool
 47 | 				Name="VCNMakeTool"
 48 | 				BuildCommandLine="my_build.bat chk x64 WIN7 $(ProjectDir)"
 49 | 				ReBuildCommandLine=""
 50 | 				CleanCommandLine=""
 51 | 				Output=""
 52 | 				PreprocessorDefinitions=""
 53 | 				IncludeSearchPath=""
 54 | 				ForcedIncludes=""
 55 | 				AssemblySearchPath=""
 56 | 				ForcedUsingAssemblies=""
 57 | 				CompileAsManaged=""
 58 | 			/>
 59 | 		</Configuration>
 60 | 		<Configuration
 61 | 			Name="Release|Win32"
 62 | 			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
 63 | 			IntermediateDirectory="$(ConfigurationName)"
 64 | 			ConfigurationType="0"
 65 | 			>
 66 | 			<Tool
 67 | 				Name="VCNMakeTool"
 68 | 				BuildCommandLine="my_build.bat fre x86 WXP $(ProjectDir)"
 69 | 				ReBuildCommandLine=""
 70 | 				CleanCommandLine=""
 71 | 				Output=""
 72 | 				PreprocessorDefinitions=""
 73 | 				IncludeSearchPath=""
 74 | 				ForcedIncludes=""
 75 | 				AssemblySearchPath=""
 76 | 				ForcedUsingAssemblies=""
 77 | 				CompileAsManaged=""
 78 | 			/>
 79 | 		</Configuration>
 80 | 		<Configuration
 81 | 			Name="Release|x64"
 82 | 			OutputDirectory="$(SolutionDir)$(PlatformName)\$(ConfigurationName)"
 83 | 			IntermediateDirectory="$(PlatformName)\$(ConfigurationName)"
 84 | 			ConfigurationType="0"
 85 | 			>
 86 | 			<Tool
 87 | 				Name="VCNMakeTool"
 88 | 				BuildCommandLine="my_build.bat fre x64 WIN7 $(ProjectDir)"
 89 | 				ReBuildCommandLine=""
 90 | 				CleanCommandLine=""
 91 | 				Output=""
 92 | 				PreprocessorDefinitions=""
 93 | 				IncludeSearchPath=""
 94 | 				ForcedIncludes=""
 95 | 				AssemblySearchPath=""
 96 | 				ForcedUsingAssemblies=""
 97 | 				CompileAsManaged=""
 98 | 			/>
 99 | 		</Configuration>
100 | 	</Configurations>
101 | 	<References>
102 | 	</References>
103 | 	<Files>
104 | 		<Filter
105 | 			Name="Source Files"
106 | 			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
107 | 			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
108 | 			>
109 | 			<File
110 | 				RelativePath=".\EhomeProc.c"
111 | 				>
112 | 			</File>
113 | 			<File
114 | 				RelativePath=".\Process.c"
115 | 				>
116 | 			</File>
117 | 		</Filter>
118 | 		<Filter
119 | 			Name="Header Files"
120 | 			Filter="h;hpp;hxx;hm;inl;inc;xsd"
121 | 			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
122 | 			>
123 | 			<File
124 | 				RelativePath=".\DevCtl.h"
125 | 				>
126 | 			</File>
127 | 			<File
128 | 				RelativePath=".\EhomeProc.h"
129 | 				>
130 | 			</File>
131 | 			<File
132 | 				RelativePath=".\Process.h"
133 | 				>
134 | 			</File>
135 | 		</Filter>
136 | 		<Filter
137 | 			Name="Resource Files"
138 | 			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
139 | 			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
140 | 			>
141 | 		</Filter>
142 | 		<File
143 | 			RelativePath=".\makefile"
144 | 			>
145 | 		</File>
146 | 		<File
147 | 			RelativePath=".\Sources"
148 | 			>
149 | 		</File>
150 | 	</Files>
151 | 	<Globals>
152 | 	</Globals>
153 | </VisualStudioProject>
154 | 


--------------------------------------------------------------------------------
/Proc/Process.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Proc/Process.c


--------------------------------------------------------------------------------
/Proc/Process.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Proc/Process.h


--------------------------------------------------------------------------------
/Proc/Sources:
--------------------------------------------------------------------------------
 1 | TARGETNAME=EhomeProc
 2 | TARGETPATH=F:\Out\Bin\EhomeDriver
 3 | TARGETTYPE=DRIVER
 4 | TARGETLIBS=
 5 | !if "$(CPU)" == "x86"
 6 | C_DEFINES= /DWIN32
 7 | !else
 8 | C_DEFINES=
 9 | !endif
10 | 
11 | SOURCES = EhomeProc.c \
12 | 		  Process.c
13 | 
14 | 


--------------------------------------------------------------------------------
/Proc/makefile:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!!  Edit .\sources. if you want to add a new source
3 | # file to this component.  This file merely indirects to the real make file
4 | # that is shared by all the driver components of the Windows NT DDK
5 | #
6 | 
7 | !INCLUDE $(NTMAKEENV)\makefile.def
8 | 
9 | 


--------------------------------------------------------------------------------
/Proc/my_build.bat:
--------------------------------------------------------------------------------
1 | call D:\WinDDK\7600.16385.1\bin\setenv.bat D:\WinDDK\7600.16385.1\ %1 %2 %3 no_oacr
2 | cd /d %4
3 | build
4 | 


--------------------------------------------------------------------------------
/Reference/Inf文件简介_V1.0.pdf:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Reference/Inf文件简介_V1.0.pdf


--------------------------------------------------------------------------------
/Reference/TDI.rar:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Reference/TDI.rar


--------------------------------------------------------------------------------
/Reference/tdifw-1.4.4.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Reference/tdifw-1.4.4.zip


--------------------------------------------------------------------------------
/Sample/TestDriver/TestDriver.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Sample/TestDriver/TestDriver.cpp


--------------------------------------------------------------------------------
/Sample/TestDriver/TestDriver.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Sample/TestDriver/TestDriver.h


--------------------------------------------------------------------------------
/Sample/TestDriver/TestDriver.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Sample/TestDriver/TestDriver.rc


--------------------------------------------------------------------------------
/Sample/TestDriver/TestDriver.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 9.00
 3 | # Visual Studio 2005
 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TestDriver", "TestDriver.vcproj", "{E2958B86-DC67-4958-8066-CDCF549FD500}"
 5 | EndProject
 6 | Global
 7 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 8 | 		Debug|Win32 = Debug|Win32
 9 | 		Release|Win32 = Release|Win32
10 | 	EndGlobalSection
11 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | 		{E2958B86-DC67-4958-8066-CDCF549FD500}.Debug|Win32.ActiveCfg = Debug|Win32
13 | 		{E2958B86-DC67-4958-8066-CDCF549FD500}.Debug|Win32.Build.0 = Debug|Win32
14 | 		{E2958B86-DC67-4958-8066-CDCF549FD500}.Release|Win32.ActiveCfg = Release|Win32
15 | 		{E2958B86-DC67-4958-8066-CDCF549FD500}.Release|Win32.Build.0 = Release|Win32
16 | 	EndGlobalSection
17 | 	GlobalSection(SolutionProperties) = preSolution
18 | 		HideSolutionNode = FALSE
19 | 	EndGlobalSection
20 | EndGlobal
21 | 


--------------------------------------------------------------------------------
/Sample/TestDriver/TestDriver.vcproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="gb2312"?>
  2 | <VisualStudioProject
  3 | 	ProjectType="Visual C++"
  4 | 	Version="8.00"
  5 | 	Name="TestDriver"
  6 | 	ProjectGUID="{E2958B86-DC67-4958-8066-CDCF549FD500}"
  7 | 	RootNamespace="TestDriver"
  8 | 	Keyword="MFCProj"
  9 | 	>
 10 | 	<Platforms>
 11 | 		<Platform
 12 | 			Name="Win32"
 13 | 		/>
 14 | 	</Platforms>
 15 | 	<ToolFiles>
 16 | 	</ToolFiles>
 17 | 	<Configurations>
 18 | 		<Configuration
 19 | 			Name="Debug|Win32"
 20 | 			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
 21 | 			IntermediateDirectory="$(ConfigurationName)"
 22 | 			ConfigurationType="1"
 23 | 			UseOfMFC="1"
 24 | 			CharacterSet="1"
 25 | 			>
 26 | 			<Tool
 27 | 				Name="VCPreBuildEventTool"
 28 | 			/>
 29 | 			<Tool
 30 | 				Name="VCCustomBuildTool"
 31 | 			/>
 32 | 			<Tool
 33 | 				Name="VCXMLDataGeneratorTool"
 34 | 			/>
 35 | 			<Tool
 36 | 				Name="VCWebServiceProxyGeneratorTool"
 37 | 			/>
 38 | 			<Tool
 39 | 				Name="VCMIDLTool"
 40 | 				PreprocessorDefinitions="_DEBUG"
 41 | 				MkTypLibCompatible="false"
 42 | 				ValidateParameters="false"
 43 | 			/>
 44 | 			<Tool
 45 | 				Name="VCCLCompilerTool"
 46 | 				Optimization="0"
 47 | 				PreprocessorDefinitions="WIN32;_WINDOWS;_DEBUG"
 48 | 				MinimalRebuild="true"
 49 | 				BasicRuntimeChecks="3"
 50 | 				RuntimeLibrary="1"
 51 | 				UsePrecompiledHeader="2"
 52 | 				WarningLevel="3"
 53 | 				Detect64BitPortabilityProblems="true"
 54 | 				DebugInformationFormat="4"
 55 | 			/>
 56 | 			<Tool
 57 | 				Name="VCManagedResourceCompilerTool"
 58 | 			/>
 59 | 			<Tool
 60 | 				Name="VCResourceCompilerTool"
 61 | 				PreprocessorDefinitions="_DEBUG"
 62 | 				Culture="2052"
 63 | 				AdditionalIncludeDirectories="$(IntDir)"
 64 | 			/>
 65 | 			<Tool
 66 | 				Name="VCPreLinkEventTool"
 67 | 			/>
 68 | 			<Tool
 69 | 				Name="VCLinkerTool"
 70 | 				OutputFile="..\..\out\$(ProjectName).exe"
 71 | 				LinkIncremental="2"
 72 | 				GenerateDebugInformation="true"
 73 | 				SubSystem="2"
 74 | 				TargetMachine="1"
 75 | 			/>
 76 | 			<Tool
 77 | 				Name="VCALinkTool"
 78 | 			/>
 79 | 			<Tool
 80 | 				Name="VCManifestTool"
 81 | 			/>
 82 | 			<Tool
 83 | 				Name="VCXDCMakeTool"
 84 | 			/>
 85 | 			<Tool
 86 | 				Name="VCBscMakeTool"
 87 | 			/>
 88 | 			<Tool
 89 | 				Name="VCFxCopTool"
 90 | 			/>
 91 | 			<Tool
 92 | 				Name="VCAppVerifierTool"
 93 | 			/>
 94 | 			<Tool
 95 | 				Name="VCWebDeploymentTool"
 96 | 			/>
 97 | 			<Tool
 98 | 				Name="VCPostBuildEventTool"
 99 | 			/>
100 | 		</Configuration>
101 | 		<Configuration
102 | 			Name="Release|Win32"
103 | 			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
104 | 			IntermediateDirectory="$(ConfigurationName)"
105 | 			ConfigurationType="1"
106 | 			UseOfMFC="1"
107 | 			CharacterSet="1"
108 | 			WholeProgramOptimization="1"
109 | 			>
110 | 			<Tool
111 | 				Name="VCPreBuildEventTool"
112 | 			/>
113 | 			<Tool
114 | 				Name="VCCustomBuildTool"
115 | 			/>
116 | 			<Tool
117 | 				Name="VCXMLDataGeneratorTool"
118 | 			/>
119 | 			<Tool
120 | 				Name="VCWebServiceProxyGeneratorTool"
121 | 			/>
122 | 			<Tool
123 | 				Name="VCMIDLTool"
124 | 				PreprocessorDefinitions="NDEBUG"
125 | 				MkTypLibCompatible="false"
126 | 				ValidateParameters="false"
127 | 			/>
128 | 			<Tool
129 | 				Name="VCCLCompilerTool"
130 | 				PreprocessorDefinitions="WIN32;_WINDOWS;NDEBUG"
131 | 				MinimalRebuild="false"
132 | 				RuntimeLibrary="0"
133 | 				UsePrecompiledHeader="2"
134 | 				WarningLevel="3"
135 | 				Detect64BitPortabilityProblems="true"
136 | 				DebugInformationFormat="3"
137 | 			/>
138 | 			<Tool
139 | 				Name="VCManagedResourceCompilerTool"
140 | 			/>
141 | 			<Tool
142 | 				Name="VCResourceCompilerTool"
143 | 				PreprocessorDefinitions="NDEBUG"
144 | 				Culture="2052"
145 | 				AdditionalIncludeDirectories="$(IntDir)"
146 | 			/>
147 | 			<Tool
148 | 				Name="VCPreLinkEventTool"
149 | 			/>
150 | 			<Tool
151 | 				Name="VCLinkerTool"
152 | 				LinkIncremental="1"
153 | 				GenerateDebugInformation="true"
154 | 				SubSystem="2"
155 | 				OptimizeReferences="2"
156 | 				EnableCOMDATFolding="2"
157 | 				TargetMachine="1"
158 | 			/>
159 | 			<Tool
160 | 				Name="VCALinkTool"
161 | 			/>
162 | 			<Tool
163 | 				Name="VCManifestTool"
164 | 			/>
165 | 			<Tool
166 | 				Name="VCXDCMakeTool"
167 | 			/>
168 | 			<Tool
169 | 				Name="VCBscMakeTool"
170 | 			/>
171 | 			<Tool
172 | 				Name="VCFxCopTool"
173 | 			/>
174 | 			<Tool
175 | 				Name="VCAppVerifierTool"
176 | 			/>
177 | 			<Tool
178 | 				Name="VCWebDeploymentTool"
179 | 			/>
180 | 			<Tool
181 | 				Name="VCPostBuildEventTool"
182 | 			/>
183 | 		</Configuration>
184 | 	</Configurations>
185 | 	<References>
186 | 	</References>
187 | 	<Files>
188 | 		<Filter
189 | 			Name="Source Files"
190 | 			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
191 | 			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
192 | 			>
193 | 			<File
194 | 				RelativePath=".\stdafx.cpp"
195 | 				>
196 | 				<FileConfiguration
197 | 					Name="Debug|Win32"
198 | 					>
199 | 					<Tool
200 | 						Name="VCCLCompilerTool"
201 | 						UsePrecompiledHeader="1"
202 | 					/>
203 | 				</FileConfiguration>
204 | 				<FileConfiguration
205 | 					Name="Release|Win32"
206 | 					>
207 | 					<Tool
208 | 						Name="VCCLCompilerTool"
209 | 						UsePrecompiledHeader="1"
210 | 					/>
211 | 				</FileConfiguration>
212 | 			</File>
213 | 			<File
214 | 				RelativePath=".\TestDriver.cpp"
215 | 				>
216 | 			</File>
217 | 			<File
218 | 				RelativePath=".\TestDriverDlg.cpp"
219 | 				>
220 | 			</File>
221 | 		</Filter>
222 | 		<Filter
223 | 			Name="Header Files"
224 | 			Filter="h;hpp;hxx;hm;inl;inc;xsd"
225 | 			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
226 | 			>
227 | 			<File
228 | 				RelativePath=".\Resource.h"
229 | 				>
230 | 			</File>
231 | 			<File
232 | 				RelativePath=".\stdafx.h"
233 | 				>
234 | 			</File>
235 | 			<File
236 | 				RelativePath=".\TestDriver.h"
237 | 				>
238 | 			</File>
239 | 			<File
240 | 				RelativePath=".\TestDriverDlg.h"
241 | 				>
242 | 			</File>
243 | 		</Filter>
244 | 		<Filter
245 | 			Name="Resource Files"
246 | 			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
247 | 			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
248 | 			>
249 | 			<File
250 | 				RelativePath=".\res\TestDriver.ico"
251 | 				>
252 | 			</File>
253 | 			<File
254 | 				RelativePath=".\TestDriver.rc"
255 | 				>
256 | 			</File>
257 | 			<File
258 | 				RelativePath=".\res\TestDriver.rc2"
259 | 				>
260 | 			</File>
261 | 		</Filter>
262 | 		<File
263 | 			RelativePath=".\ReadMe.txt"
264 | 			>
265 | 		</File>
266 | 	</Files>
267 | 	<Globals>
268 | 	</Globals>
269 | </VisualStudioProject>
270 | 


--------------------------------------------------------------------------------
/Sample/TestDriver/TestDriverDlg.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Sample/TestDriver/TestDriverDlg.cpp


--------------------------------------------------------------------------------
/Sample/TestDriver/TestDriverDlg.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Sample/TestDriver/TestDriverDlg.h


--------------------------------------------------------------------------------
/Sample/TestDriver/res/TestDriver.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Sample/TestDriver/res/TestDriver.ico


--------------------------------------------------------------------------------
/Sample/TestDriver/res/TestDriver.rc2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Sample/TestDriver/res/TestDriver.rc2


--------------------------------------------------------------------------------
/Sample/TestDriver/resource.h:
--------------------------------------------------------------------------------
 1 | //{{NO_DEPENDENCIES}}
 2 | // Microsoft Visual C++ generated include file.
 3 | // Used by TestDriver.rc
 4 | //
 5 | #define IDD_TESTDRIVER_DIALOG           102
 6 | #define IDR_MAINFRAME                   128
 7 | #define IDC_ST_INFO                     1000
 8 | #define IDC_ST_TIMEOUT                  1001
 9 | 
10 | // Next default values for new objects
11 | // 
12 | #ifdef APSTUDIO_INVOKED
13 | #ifndef APSTUDIO_READONLY_SYMBOLS
14 | #define _APS_NEXT_RESOURCE_VALUE        129
15 | #define _APS_NEXT_COMMAND_VALUE         32771
16 | #define _APS_NEXT_CONTROL_VALUE         1002
17 | #define _APS_NEXT_SYMED_VALUE           101
18 | #endif
19 | #endif
20 | 


--------------------------------------------------------------------------------
/Sample/TestDriver/stdafx.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Sample/TestDriver/stdafx.cpp


--------------------------------------------------------------------------------
/Sample/TestDriver/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/Sample/TestDriver/stdafx.h


--------------------------------------------------------------------------------
/SimpleShell/TestWndHook/TestWndHook.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/SimpleShell/TestWndHook/TestWndHook.cpp


--------------------------------------------------------------------------------
/SimpleShell/TestWndHook/TestWndHook.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/SimpleShell/TestWndHook/TestWndHook.h


--------------------------------------------------------------------------------
/SimpleShell/TestWndHook/TestWndHook.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/SimpleShell/TestWndHook/TestWndHook.rc


--------------------------------------------------------------------------------
/SimpleShell/TestWndHook/TestWndHook.vcproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="gb2312"?>
  2 | <VisualStudioProject
  3 | 	ProjectType="Visual C++"
  4 | 	Version="8.00"
  5 | 	Name="TestWndHook"
  6 | 	ProjectGUID="{EFB39899-9013-41A2-9F93-2D365DDF578B}"
  7 | 	RootNamespace="TestWndHook"
  8 | 	Keyword="MFCProj"
  9 | 	>
 10 | 	<Platforms>
 11 | 		<Platform
 12 | 			Name="Win32"
 13 | 		/>
 14 | 	</Platforms>
 15 | 	<ToolFiles>
 16 | 	</ToolFiles>
 17 | 	<Configurations>
 18 | 		<Configuration
 19 | 			Name="Debug|Win32"
 20 | 			OutputDirectory="F:\Out\$(ProjectName)\$(ConfigurationName)"
 21 | 			IntermediateDirectory="F:\Out\$(ProjectName)\$(ConfigurationName)"
 22 | 			ConfigurationType="1"
 23 | 			UseOfMFC="2"
 24 | 			CharacterSet="1"
 25 | 			>
 26 | 			<Tool
 27 | 				Name="VCPreBuildEventTool"
 28 | 			/>
 29 | 			<Tool
 30 | 				Name="VCCustomBuildTool"
 31 | 			/>
 32 | 			<Tool
 33 | 				Name="VCXMLDataGeneratorTool"
 34 | 			/>
 35 | 			<Tool
 36 | 				Name="VCWebServiceProxyGeneratorTool"
 37 | 			/>
 38 | 			<Tool
 39 | 				Name="VCMIDLTool"
 40 | 				PreprocessorDefinitions="_DEBUG"
 41 | 				MkTypLibCompatible="false"
 42 | 				ValidateParameters="false"
 43 | 			/>
 44 | 			<Tool
 45 | 				Name="VCCLCompilerTool"
 46 | 				Optimization="0"
 47 | 				PreprocessorDefinitions="WIN32;_WINDOWS;_DEBUG"
 48 | 				MinimalRebuild="true"
 49 | 				BasicRuntimeChecks="3"
 50 | 				RuntimeLibrary="3"
 51 | 				UsePrecompiledHeader="2"
 52 | 				WarningLevel="3"
 53 | 				Detect64BitPortabilityProblems="true"
 54 | 				DebugInformationFormat="4"
 55 | 			/>
 56 | 			<Tool
 57 | 				Name="VCManagedResourceCompilerTool"
 58 | 			/>
 59 | 			<Tool
 60 | 				Name="VCResourceCompilerTool"
 61 | 				PreprocessorDefinitions="_DEBUG"
 62 | 				Culture="2052"
 63 | 				AdditionalIncludeDirectories="$(IntDir)"
 64 | 			/>
 65 | 			<Tool
 66 | 				Name="VCPreLinkEventTool"
 67 | 			/>
 68 | 			<Tool
 69 | 				Name="VCLinkerTool"
 70 | 				AdditionalDependencies="$(TargetDir)WndHook.lib"
 71 | 				OutputFile="F:/Out/Bin/$(SolutionName)/$(ProjectName).exe"
 72 | 				LinkIncremental="2"
 73 | 				GenerateDebugInformation="true"
 74 | 				SubSystem="2"
 75 | 				TargetMachine="1"
 76 | 			/>
 77 | 			<Tool
 78 | 				Name="VCALinkTool"
 79 | 			/>
 80 | 			<Tool
 81 | 				Name="VCManifestTool"
 82 | 			/>
 83 | 			<Tool
 84 | 				Name="VCXDCMakeTool"
 85 | 			/>
 86 | 			<Tool
 87 | 				Name="VCBscMakeTool"
 88 | 			/>
 89 | 			<Tool
 90 | 				Name="VCFxCopTool"
 91 | 			/>
 92 | 			<Tool
 93 | 				Name="VCAppVerifierTool"
 94 | 			/>
 95 | 			<Tool
 96 | 				Name="VCWebDeploymentTool"
 97 | 			/>
 98 | 			<Tool
 99 | 				Name="VCPostBuildEventTool"
100 | 			/>
101 | 		</Configuration>
102 | 		<Configuration
103 | 			Name="Release|Win32"
104 | 			OutputDirectory="F:\Out\$(ProjectName)\$(ConfigurationName)"
105 | 			IntermediateDirectory="F:\Out\$(ProjectName)\$(ConfigurationName)"
106 | 			ConfigurationType="1"
107 | 			UseOfMFC="2"
108 | 			CharacterSet="1"
109 | 			WholeProgramOptimization="1"
110 | 			>
111 | 			<Tool
112 | 				Name="VCPreBuildEventTool"
113 | 			/>
114 | 			<Tool
115 | 				Name="VCCustomBuildTool"
116 | 			/>
117 | 			<Tool
118 | 				Name="VCXMLDataGeneratorTool"
119 | 			/>
120 | 			<Tool
121 | 				Name="VCWebServiceProxyGeneratorTool"
122 | 			/>
123 | 			<Tool
124 | 				Name="VCMIDLTool"
125 | 				PreprocessorDefinitions="NDEBUG"
126 | 				MkTypLibCompatible="false"
127 | 				ValidateParameters="false"
128 | 			/>
129 | 			<Tool
130 | 				Name="VCCLCompilerTool"
131 | 				PreprocessorDefinitions="WIN32;_WINDOWS;NDEBUG"
132 | 				MinimalRebuild="false"
133 | 				RuntimeLibrary="2"
134 | 				UsePrecompiledHeader="2"
135 | 				WarningLevel="3"
136 | 				Detect64BitPortabilityProblems="true"
137 | 				DebugInformationFormat="3"
138 | 			/>
139 | 			<Tool
140 | 				Name="VCManagedResourceCompilerTool"
141 | 			/>
142 | 			<Tool
143 | 				Name="VCResourceCompilerTool"
144 | 				PreprocessorDefinitions="NDEBUG"
145 | 				Culture="2052"
146 | 				AdditionalIncludeDirectories="$(IntDir)"
147 | 			/>
148 | 			<Tool
149 | 				Name="VCPreLinkEventTool"
150 | 			/>
151 | 			<Tool
152 | 				Name="VCLinkerTool"
153 | 				OutputFile="F:/Out/Bin/$(SolutionName)/$(ProjectName).exe"
154 | 				LinkIncremental="1"
155 | 				GenerateDebugInformation="true"
156 | 				SubSystem="2"
157 | 				OptimizeReferences="2"
158 | 				EnableCOMDATFolding="2"
159 | 				TargetMachine="1"
160 | 			/>
161 | 			<Tool
162 | 				Name="VCALinkTool"
163 | 			/>
164 | 			<Tool
165 | 				Name="VCManifestTool"
166 | 			/>
167 | 			<Tool
168 | 				Name="VCXDCMakeTool"
169 | 			/>
170 | 			<Tool
171 | 				Name="VCBscMakeTool"
172 | 			/>
173 | 			<Tool
174 | 				Name="VCFxCopTool"
175 | 			/>
176 | 			<Tool
177 | 				Name="VCAppVerifierTool"
178 | 			/>
179 | 			<Tool
180 | 				Name="VCWebDeploymentTool"
181 | 			/>
182 | 			<Tool
183 | 				Name="VCPostBuildEventTool"
184 | 			/>
185 | 		</Configuration>
186 | 	</Configurations>
187 | 	<References>
188 | 	</References>
189 | 	<Files>
190 | 		<Filter
191 | 			Name="Source Files"
192 | 			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
193 | 			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
194 | 			>
195 | 			<File
196 | 				RelativePath=".\stdafx.cpp"
197 | 				>
198 | 				<FileConfiguration
199 | 					Name="Debug|Win32"
200 | 					>
201 | 					<Tool
202 | 						Name="VCCLCompilerTool"
203 | 						UsePrecompiledHeader="1"
204 | 					/>
205 | 				</FileConfiguration>
206 | 				<FileConfiguration
207 | 					Name="Release|Win32"
208 | 					>
209 | 					<Tool
210 | 						Name="VCCLCompilerTool"
211 | 						UsePrecompiledHeader="1"
212 | 					/>
213 | 				</FileConfiguration>
214 | 			</File>
215 | 			<File
216 | 				RelativePath=".\TestWndHook.cpp"
217 | 				>
218 | 			</File>
219 | 			<File
220 | 				RelativePath=".\TestWndHookDlg.cpp"
221 | 				>
222 | 			</File>
223 | 		</Filter>
224 | 		<Filter
225 | 			Name="Header Files"
226 | 			Filter="h;hpp;hxx;hm;inl;inc;xsd"
227 | 			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
228 | 			>
229 | 			<File
230 | 				RelativePath=".\Resource.h"
231 | 				>
232 | 			</File>
233 | 			<File
234 | 				RelativePath=".\stdafx.h"
235 | 				>
236 | 			</File>
237 | 			<File
238 | 				RelativePath=".\TestWndHook.h"
239 | 				>
240 | 			</File>
241 | 			<File
242 | 				RelativePath=".\TestWndHookDlg.h"
243 | 				>
244 | 			</File>
245 | 		</Filter>
246 | 		<Filter
247 | 			Name="Resource Files"
248 | 			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
249 | 			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
250 | 			>
251 | 			<File
252 | 				RelativePath=".\res\TestWndHook.ico"
253 | 				>
254 | 			</File>
255 | 			<File
256 | 				RelativePath=".\TestWndHook.rc"
257 | 				>
258 | 			</File>
259 | 			<File
260 | 				RelativePath=".\res\TestWndHook.rc2"
261 | 				>
262 | 			</File>
263 | 		</Filter>
264 | 		<File
265 | 			RelativePath=".\ReadMe.txt"
266 | 			>
267 | 		</File>
268 | 	</Files>
269 | 	<Globals>
270 | 		<Global
271 | 			Name="RESOURCE_FILE"
272 | 			Value="TestWndHook.rc"
273 | 		/>
274 | 	</Globals>
275 | </VisualStudioProject>
276 | 


--------------------------------------------------------------------------------
/SimpleShell/TestWndHook/TestWndHookDlg.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/SimpleShell/TestWndHook/TestWndHookDlg.cpp


--------------------------------------------------------------------------------
/SimpleShell/TestWndHook/TestWndHookDlg.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/SimpleShell/TestWndHook/TestWndHookDlg.h


--------------------------------------------------------------------------------
/SimpleShell/TestWndHook/res/TestWndHook.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/SimpleShell/TestWndHook/res/TestWndHook.ico


--------------------------------------------------------------------------------
/SimpleShell/TestWndHook/res/TestWndHook.rc2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/SimpleShell/TestWndHook/res/TestWndHook.rc2


--------------------------------------------------------------------------------
/SimpleShell/TestWndHook/resource.h:
--------------------------------------------------------------------------------
 1 | //{{NO_DEPENDENCIES}}
 2 | // Microsoft Visual C++ generated include file.
 3 | // Used by TestWndHook.rc
 4 | //
 5 | #define IDM_ABOUTBOX                    0x0010
 6 | #define IDD_ABOUTBOX                    100
 7 | #define IDS_ABOUTBOX                    101
 8 | #define IDD_TESTWNDHOOK_DIALOG          102
 9 | #define IDR_MAINFRAME                   128
10 | #define IDC_BUTTON1                     1000
11 | #define IDC_BUTTON2                     1001
12 | 
13 | // Next default values for new objects
14 | // 
15 | #ifdef APSTUDIO_INVOKED
16 | #ifndef APSTUDIO_READONLY_SYMBOLS
17 | #define _APS_NEXT_RESOURCE_VALUE        129
18 | #define _APS_NEXT_COMMAND_VALUE         32771
19 | #define _APS_NEXT_CONTROL_VALUE         1002
20 | #define _APS_NEXT_SYMED_VALUE           101
21 | #endif
22 | #endif
23 | 


--------------------------------------------------------------------------------
/SimpleShell/TestWndHook/stdafx.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/SimpleShell/TestWndHook/stdafx.cpp


--------------------------------------------------------------------------------
/SimpleShell/TestWndHook/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/SimpleShell/TestWndHook/stdafx.h


--------------------------------------------------------------------------------
/SimpleShell/WndHook/SimpleShell.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 9.00
 3 | # Visual Studio 2005
 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "WndHook", "WndHook.vcproj", "{BE0B0D37-1584-409A-A36B-C8E46495386A}"
 5 | EndProject
 6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TestWndHook", "..\TestWndHook\TestWndHook.vcproj", "{EFB39899-9013-41A2-9F93-2D365DDF578B}"
 7 | 	ProjectSection(ProjectDependencies) = postProject
 8 | 		{BE0B0D37-1584-409A-A36B-C8E46495386A} = {BE0B0D37-1584-409A-A36B-C8E46495386A}
 9 | 	EndProjectSection
10 | EndProject
11 | Global
12 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
13 | 		Debug|Win32 = Debug|Win32
14 | 		Release|Win32 = Release|Win32
15 | 	EndGlobalSection
16 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
17 | 		{BE0B0D37-1584-409A-A36B-C8E46495386A}.Debug|Win32.ActiveCfg = Debug|Win32
18 | 		{BE0B0D37-1584-409A-A36B-C8E46495386A}.Debug|Win32.Build.0 = Debug|Win32
19 | 		{BE0B0D37-1584-409A-A36B-C8E46495386A}.Release|Win32.ActiveCfg = Release|Win32
20 | 		{BE0B0D37-1584-409A-A36B-C8E46495386A}.Release|Win32.Build.0 = Release|Win32
21 | 		{EFB39899-9013-41A2-9F93-2D365DDF578B}.Debug|Win32.ActiveCfg = Debug|Win32
22 | 		{EFB39899-9013-41A2-9F93-2D365DDF578B}.Debug|Win32.Build.0 = Debug|Win32
23 | 		{EFB39899-9013-41A2-9F93-2D365DDF578B}.Release|Win32.ActiveCfg = Release|Win32
24 | 		{EFB39899-9013-41A2-9F93-2D365DDF578B}.Release|Win32.Build.0 = Release|Win32
25 | 	EndGlobalSection
26 | 	GlobalSection(SolutionProperties) = preSolution
27 | 		HideSolutionNode = FALSE
28 | 	EndGlobalSection
29 | EndGlobal
30 | 


--------------------------------------------------------------------------------
/SimpleShell/WndHook/WndHook.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/SimpleShell/WndHook/WndHook.cpp


--------------------------------------------------------------------------------
/SimpleShell/WndHook/WndHook.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/SimpleShell/WndHook/WndHook.h


--------------------------------------------------------------------------------
/SimpleShell/WndHook/WndHook.vcproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="gb2312"?>
  2 | <VisualStudioProject
  3 | 	ProjectType="Visual C++"
  4 | 	Version="8.00"
  5 | 	Name="WndHook"
  6 | 	ProjectGUID="{BE0B0D37-1584-409A-A36B-C8E46495386A}"
  7 | 	RootNamespace="WndHook"
  8 | 	Keyword="Win32Proj"
  9 | 	>
 10 | 	<Platforms>
 11 | 		<Platform
 12 | 			Name="Win32"
 13 | 		/>
 14 | 	</Platforms>
 15 | 	<ToolFiles>
 16 | 	</ToolFiles>
 17 | 	<Configurations>
 18 | 		<Configuration
 19 | 			Name="Debug|Win32"
 20 | 			OutputDirectory="F:\Out\$(ProjectName)\$(ConfigurationName)"
 21 | 			IntermediateDirectory="F:\Out\$(ProjectName)\$(ConfigurationName)"
 22 | 			ConfigurationType="2"
 23 | 			CharacterSet="1"
 24 | 			>
 25 | 			<Tool
 26 | 				Name="VCPreBuildEventTool"
 27 | 			/>
 28 | 			<Tool
 29 | 				Name="VCCustomBuildTool"
 30 | 			/>
 31 | 			<Tool
 32 | 				Name="VCXMLDataGeneratorTool"
 33 | 			/>
 34 | 			<Tool
 35 | 				Name="VCWebServiceProxyGeneratorTool"
 36 | 			/>
 37 | 			<Tool
 38 | 				Name="VCMIDLTool"
 39 | 			/>
 40 | 			<Tool
 41 | 				Name="VCCLCompilerTool"
 42 | 				Optimization="0"
 43 | 				PreprocessorDefinitions="WIN32;_DEBUG;_WINDOWS;_USRDLL;WNDHOOK_EXPORTS"
 44 | 				MinimalRebuild="true"
 45 | 				BasicRuntimeChecks="3"
 46 | 				RuntimeLibrary="3"
 47 | 				UsePrecompiledHeader="2"
 48 | 				WarningLevel="3"
 49 | 				Detect64BitPortabilityProblems="true"
 50 | 				DebugInformationFormat="4"
 51 | 			/>
 52 | 			<Tool
 53 | 				Name="VCManagedResourceCompilerTool"
 54 | 			/>
 55 | 			<Tool
 56 | 				Name="VCResourceCompilerTool"
 57 | 			/>
 58 | 			<Tool
 59 | 				Name="VCPreLinkEventTool"
 60 | 			/>
 61 | 			<Tool
 62 | 				Name="VCLinkerTool"
 63 | 				OutputFile="F:/Out/Bin/$(SolutionName)/$(ProjectName).dll"
 64 | 				LinkIncremental="2"
 65 | 				GenerateDebugInformation="true"
 66 | 				SubSystem="2"
 67 | 				TargetMachine="1"
 68 | 			/>
 69 | 			<Tool
 70 | 				Name="VCALinkTool"
 71 | 			/>
 72 | 			<Tool
 73 | 				Name="VCManifestTool"
 74 | 			/>
 75 | 			<Tool
 76 | 				Name="VCXDCMakeTool"
 77 | 			/>
 78 | 			<Tool
 79 | 				Name="VCBscMakeTool"
 80 | 			/>
 81 | 			<Tool
 82 | 				Name="VCFxCopTool"
 83 | 			/>
 84 | 			<Tool
 85 | 				Name="VCAppVerifierTool"
 86 | 			/>
 87 | 			<Tool
 88 | 				Name="VCWebDeploymentTool"
 89 | 			/>
 90 | 			<Tool
 91 | 				Name="VCPostBuildEventTool"
 92 | 			/>
 93 | 		</Configuration>
 94 | 		<Configuration
 95 | 			Name="Release|Win32"
 96 | 			OutputDirectory="F:\Out\$(ProjectName)\$(ConfigurationName)"
 97 | 			IntermediateDirectory="F:\Out\$(ProjectName)\$(ConfigurationName)"
 98 | 			ConfigurationType="2"
 99 | 			CharacterSet="1"
100 | 			WholeProgramOptimization="1"
101 | 			>
102 | 			<Tool
103 | 				Name="VCPreBuildEventTool"
104 | 			/>
105 | 			<Tool
106 | 				Name="VCCustomBuildTool"
107 | 			/>
108 | 			<Tool
109 | 				Name="VCXMLDataGeneratorTool"
110 | 			/>
111 | 			<Tool
112 | 				Name="VCWebServiceProxyGeneratorTool"
113 | 			/>
114 | 			<Tool
115 | 				Name="VCMIDLTool"
116 | 			/>
117 | 			<Tool
118 | 				Name="VCCLCompilerTool"
119 | 				PreprocessorDefinitions="WIN32;NDEBUG;_WINDOWS;_USRDLL;WNDHOOK_EXPORTS"
120 | 				RuntimeLibrary="2"
121 | 				UsePrecompiledHeader="2"
122 | 				WarningLevel="3"
123 | 				Detect64BitPortabilityProblems="true"
124 | 				DebugInformationFormat="3"
125 | 			/>
126 | 			<Tool
127 | 				Name="VCManagedResourceCompilerTool"
128 | 			/>
129 | 			<Tool
130 | 				Name="VCResourceCompilerTool"
131 | 			/>
132 | 			<Tool
133 | 				Name="VCPreLinkEventTool"
134 | 			/>
135 | 			<Tool
136 | 				Name="VCLinkerTool"
137 | 				OutputFile="F:/Out/Bin/$(SolutionName)/$(ProjectName).dll"
138 | 				LinkIncremental="1"
139 | 				GenerateDebugInformation="true"
140 | 				SubSystem="2"
141 | 				OptimizeReferences="2"
142 | 				EnableCOMDATFolding="2"
143 | 				TargetMachine="1"
144 | 			/>
145 | 			<Tool
146 | 				Name="VCALinkTool"
147 | 			/>
148 | 			<Tool
149 | 				Name="VCManifestTool"
150 | 			/>
151 | 			<Tool
152 | 				Name="VCXDCMakeTool"
153 | 			/>
154 | 			<Tool
155 | 				Name="VCBscMakeTool"
156 | 			/>
157 | 			<Tool
158 | 				Name="VCFxCopTool"
159 | 			/>
160 | 			<Tool
161 | 				Name="VCAppVerifierTool"
162 | 			/>
163 | 			<Tool
164 | 				Name="VCWebDeploymentTool"
165 | 			/>
166 | 			<Tool
167 | 				Name="VCPostBuildEventTool"
168 | 			/>
169 | 		</Configuration>
170 | 	</Configurations>
171 | 	<References>
172 | 	</References>
173 | 	<Files>
174 | 		<Filter
175 | 			Name="Source Files"
176 | 			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
177 | 			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
178 | 			>
179 | 			<File
180 | 				RelativePath=".\stdafx.cpp"
181 | 				>
182 | 				<FileConfiguration
183 | 					Name="Debug|Win32"
184 | 					>
185 | 					<Tool
186 | 						Name="VCCLCompilerTool"
187 | 						UsePrecompiledHeader="1"
188 | 					/>
189 | 				</FileConfiguration>
190 | 				<FileConfiguration
191 | 					Name="Release|Win32"
192 | 					>
193 | 					<Tool
194 | 						Name="VCCLCompilerTool"
195 | 						UsePrecompiledHeader="1"
196 | 					/>
197 | 				</FileConfiguration>
198 | 			</File>
199 | 			<File
200 | 				RelativePath=".\WndHook.cpp"
201 | 				>
202 | 			</File>
203 | 		</Filter>
204 | 		<Filter
205 | 			Name="Header Files"
206 | 			Filter="h;hpp;hxx;hm;inl;inc;xsd"
207 | 			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
208 | 			>
209 | 			<File
210 | 				RelativePath=".\stdafx.h"
211 | 				>
212 | 			</File>
213 | 			<File
214 | 				RelativePath=".\WndHook.h"
215 | 				>
216 | 			</File>
217 | 		</Filter>
218 | 		<Filter
219 | 			Name="Resource Files"
220 | 			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
221 | 			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
222 | 			>
223 | 		</Filter>
224 | 		<File
225 | 			RelativePath=".\ReadMe.txt"
226 | 			>
227 | 		</File>
228 | 	</Files>
229 | 	<Globals>
230 | 	</Globals>
231 | </VisualStudioProject>
232 | 


--------------------------------------------------------------------------------
/SimpleShell/WndHook/stdafx.cpp:
--------------------------------------------------------------------------------
1 | // stdafx.cpp : source file that includes just the standard includes
2 | // WndHook.pch will be the pre-compiled header
3 | // stdafx.obj will contain the pre-compiled type information
4 | 
5 | #include "stdafx.h"
6 | 
7 | // TODO: reference any additional headers you need in STDAFX.H
8 | // and not in this file
9 | 


--------------------------------------------------------------------------------
/SimpleShell/WndHook/stdafx.h:
--------------------------------------------------------------------------------
 1 | // stdafx.h : include file for standard system include files,
 2 | // or project specific include files that are used frequently, but
 3 | // are changed infrequently
 4 | //
 5 | 
 6 | #pragma once
 7 | 
 8 | // Modify the following defines if you have to target a platform prior to the ones specified below.
 9 | // Refer to MSDN for the latest info on corresponding values for different platforms.
10 | #ifndef WINVER				// Allow use of features specific to Windows XP or later.
11 | #define WINVER 0x0501		// Change this to the appropriate value to target other versions of Windows.
12 | #endif
13 | 
14 | #ifndef _WIN32_WINNT		// Allow use of features specific to Windows XP or later.                   
15 | #define _WIN32_WINNT 0x0501	// Change this to the appropriate value to target other versions of Windows.
16 | #endif						
17 | 
18 | #ifndef _WIN32_WINDOWS		// Allow use of features specific to Windows 98 or later.
19 | #define _WIN32_WINDOWS 0x0410 // Change this to the appropriate value to target Windows Me or later.
20 | #endif
21 | 
22 | #ifndef _WIN32_IE			// Allow use of features specific to IE 6.0 or later.
23 | #define _WIN32_IE 0x0600	// Change this to the appropriate value to target other versions of IE.
24 | #endif
25 | 
26 | #define WIN32_LEAN_AND_MEAN		// Exclude rarely-used stuff from Windows headers
27 | // Windows Header Files:
28 | #include <windows.h>
29 | 
30 | 
31 | 
32 | // TODO: reference additional headers your program requires here
33 | extern HHOOK			g_hHookWnd;
34 | 
35 | void WndHookSetLastError(LPCSTR lpErr, ...);


--------------------------------------------------------------------------------
/XueTr/XueTr.sys:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/XueTr/XueTr.sys


--------------------------------------------------------------------------------
/common/GuardLiteCtrl.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/common/GuardLiteCtrl.h


--------------------------------------------------------------------------------
/moniter/dbgmsgcfg.dll:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/moniter/dbgmsgcfg.dll


--------------------------------------------------------------------------------
/moniter/monitor.exe:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/moniter/monitor.exe


--------------------------------------------------------------------------------
/tdifw/src/MAKEFILE:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!!  Edit .\sources. if you want to add a new source
3 | # file to this component.  This file merely indirects to the real make file
4 | # that is shared by all the driver components of the Windows NT DDK
5 | #
6 | 
7 | !INCLUDE $(NTMAKEENV)\makefile.def
8 | 


--------------------------------------------------------------------------------
/tdifw/src/NetProc.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/tdifw/src/NetProc.c


--------------------------------------------------------------------------------
/tdifw/src/NetProc.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | 
3 | 
4 | NTSTATUS		DriverEntry(IN PDRIVER_OBJECT DriverObject
5 | 							, IN PUNICODE_STRING RegistryPath);
6 | VOID			OnUnload(IN PDRIVER_OBJECT DriverObject);
7 | NTSTATUS		DeviceDispatch(IN PDEVICE_OBJECT DeviceObject, IN PIRP irp);
8 | 


--------------------------------------------------------------------------------
/tdifw/src/SOURCES:
--------------------------------------------------------------------------------
 1 | TARGETNAME=NetProc
 2 | TARGETPATH=build
 3 | TARGETTYPE=DRIVER
 4 | 
 5 | TARGETLIBS=$(DDK_LIB_PATH)\tdi.lib
 6 | 
 7 | !if "$(AMD64)" == "1"
 8 | TARGETLIBS=$(TARGETLIBS)\
 9 | 			$(TARGETPATH)\ia64\tdifw_drv.lib
10 | !else
11 | TARGETLIBS=$(TARGETLIBS)\
12 | 			$(TARGETPATH)\i386\tdifw_drv.lib
13 | !endif
14 | 
15 | C_DEFINES=-DUSE_PACKET_ENGINE
16 | # You can specify this define too: -DUSE_TDI_HOOKING
17 | 
18 | # USER_INCLUDES=..;$(NTMAKEENV)\..\src\network\inc
19 | 
20 | SOURCES=	NetProc.c 
21 | 
22 | 


--------------------------------------------------------------------------------
/tdifw/src/drv.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 9.00
 3 | # Visual Studio 2005
 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "tdifw", "drv.vcproj", "{168CC25F-682A-4868-90E5-DCD3847B2FB4}"
 5 | EndProject
 6 | Global
 7 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 8 | 		Debug|Win32 = Debug|Win32
 9 | 		Release|Win32 = Release|Win32
10 | 	EndGlobalSection
11 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | 		{168CC25F-682A-4868-90E5-DCD3847B2FB4}.Debug|Win32.ActiveCfg = Debug|Win32
13 | 		{168CC25F-682A-4868-90E5-DCD3847B2FB4}.Debug|Win32.Build.0 = Debug|Win32
14 | 		{168CC25F-682A-4868-90E5-DCD3847B2FB4}.Release|Win32.ActiveCfg = Release|Win32
15 | 		{168CC25F-682A-4868-90E5-DCD3847B2FB4}.Release|Win32.Build.0 = Release|Win32
16 | 	EndGlobalSection
17 | 	GlobalSection(SolutionProperties) = preSolution
18 | 		HideSolutionNode = FALSE
19 | 	EndGlobalSection
20 | EndGlobal
21 | 


--------------------------------------------------------------------------------
/tdifw/src/drv.vcproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="gb2312"?>
  2 | <VisualStudioProject
  3 | 	ProjectType="Visual C++"
  4 | 	Version="8.00"
  5 | 	Name="tdifw"
  6 | 	ProjectGUID="{168CC25F-682A-4868-90E5-DCD3847B2FB4}"
  7 | 	RootNamespace="tdifw"
  8 | 	Keyword="Win32Proj"
  9 | 	>
 10 | 	<Platforms>
 11 | 		<Platform
 12 | 			Name="Win32"
 13 | 		/>
 14 | 	</Platforms>
 15 | 	<ToolFiles>
 16 | 	</ToolFiles>
 17 | 	<Configurations>
 18 | 		<Configuration
 19 | 			Name="Debug|Win32"
 20 | 			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
 21 | 			IntermediateDirectory="$(ConfigurationName)"
 22 | 			ConfigurationType="1"
 23 | 			CharacterSet="1"
 24 | 			>
 25 | 			<Tool
 26 | 				Name="VCPreBuildEventTool"
 27 | 			/>
 28 | 			<Tool
 29 | 				Name="VCCustomBuildTool"
 30 | 			/>
 31 | 			<Tool
 32 | 				Name="VCXMLDataGeneratorTool"
 33 | 			/>
 34 | 			<Tool
 35 | 				Name="VCWebServiceProxyGeneratorTool"
 36 | 			/>
 37 | 			<Tool
 38 | 				Name="VCMIDLTool"
 39 | 			/>
 40 | 			<Tool
 41 | 				Name="VCCLCompilerTool"
 42 | 				Optimization="0"
 43 | 				PreprocessorDefinitions="WIN32;_DEBUG;_CONSOLE"
 44 | 				MinimalRebuild="true"
 45 | 				BasicRuntimeChecks="3"
 46 | 				RuntimeLibrary="3"
 47 | 				UsePrecompiledHeader="0"
 48 | 				WarningLevel="3"
 49 | 				Detect64BitPortabilityProblems="true"
 50 | 				DebugInformationFormat="4"
 51 | 			/>
 52 | 			<Tool
 53 | 				Name="VCManagedResourceCompilerTool"
 54 | 			/>
 55 | 			<Tool
 56 | 				Name="VCResourceCompilerTool"
 57 | 			/>
 58 | 			<Tool
 59 | 				Name="VCPreLinkEventTool"
 60 | 			/>
 61 | 			<Tool
 62 | 				Name="VCLinkerTool"
 63 | 				LinkIncremental="2"
 64 | 				GenerateDebugInformation="true"
 65 | 				SubSystem="1"
 66 | 				TargetMachine="1"
 67 | 			/>
 68 | 			<Tool
 69 | 				Name="VCALinkTool"
 70 | 			/>
 71 | 			<Tool
 72 | 				Name="VCManifestTool"
 73 | 			/>
 74 | 			<Tool
 75 | 				Name="VCXDCMakeTool"
 76 | 			/>
 77 | 			<Tool
 78 | 				Name="VCBscMakeTool"
 79 | 			/>
 80 | 			<Tool
 81 | 				Name="VCFxCopTool"
 82 | 			/>
 83 | 			<Tool
 84 | 				Name="VCAppVerifierTool"
 85 | 			/>
 86 | 			<Tool
 87 | 				Name="VCWebDeploymentTool"
 88 | 			/>
 89 | 			<Tool
 90 | 				Name="VCPostBuildEventTool"
 91 | 			/>
 92 | 		</Configuration>
 93 | 		<Configuration
 94 | 			Name="Release|Win32"
 95 | 			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
 96 | 			IntermediateDirectory="$(ConfigurationName)"
 97 | 			ConfigurationType="1"
 98 | 			CharacterSet="1"
 99 | 			WholeProgramOptimization="1"
100 | 			>
101 | 			<Tool
102 | 				Name="VCPreBuildEventTool"
103 | 			/>
104 | 			<Tool
105 | 				Name="VCCustomBuildTool"
106 | 			/>
107 | 			<Tool
108 | 				Name="VCXMLDataGeneratorTool"
109 | 			/>
110 | 			<Tool
111 | 				Name="VCWebServiceProxyGeneratorTool"
112 | 			/>
113 | 			<Tool
114 | 				Name="VCMIDLTool"
115 | 			/>
116 | 			<Tool
117 | 				Name="VCCLCompilerTool"
118 | 				PreprocessorDefinitions="WIN32;NDEBUG;_CONSOLE"
119 | 				RuntimeLibrary="2"
120 | 				UsePrecompiledHeader="0"
121 | 				WarningLevel="3"
122 | 				Detect64BitPortabilityProblems="true"
123 | 				DebugInformationFormat="3"
124 | 			/>
125 | 			<Tool
126 | 				Name="VCManagedResourceCompilerTool"
127 | 			/>
128 | 			<Tool
129 | 				Name="VCResourceCompilerTool"
130 | 			/>
131 | 			<Tool
132 | 				Name="VCPreLinkEventTool"
133 | 			/>
134 | 			<Tool
135 | 				Name="VCLinkerTool"
136 | 				LinkIncremental="1"
137 | 				GenerateDebugInformation="true"
138 | 				SubSystem="1"
139 | 				OptimizeReferences="2"
140 | 				EnableCOMDATFolding="2"
141 | 				TargetMachine="1"
142 | 			/>
143 | 			<Tool
144 | 				Name="VCALinkTool"
145 | 			/>
146 | 			<Tool
147 | 				Name="VCManifestTool"
148 | 			/>
149 | 			<Tool
150 | 				Name="VCXDCMakeTool"
151 | 			/>
152 | 			<Tool
153 | 				Name="VCBscMakeTool"
154 | 			/>
155 | 			<Tool
156 | 				Name="VCFxCopTool"
157 | 			/>
158 | 			<Tool
159 | 				Name="VCAppVerifierTool"
160 | 			/>
161 | 			<Tool
162 | 				Name="VCWebDeploymentTool"
163 | 			/>
164 | 			<Tool
165 | 				Name="VCPostBuildEventTool"
166 | 			/>
167 | 		</Configuration>
168 | 	</Configurations>
169 | 	<References>
170 | 	</References>
171 | 	<Files>
172 | 		<Filter
173 | 			Name="Source Files"
174 | 			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
175 | 			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
176 | 			>
177 | 			<File
178 | 				RelativePath=".\NetProc.c"
179 | 				>
180 | 			</File>
181 | 		</Filter>
182 | 		<Filter
183 | 			Name="Header Files"
184 | 			Filter="h;hpp;hxx;hm;inl;inc;xsd"
185 | 			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
186 | 			>
187 | 			<File
188 | 				RelativePath=".\NetProc.h"
189 | 				>
190 | 			</File>
191 | 		</Filter>
192 | 		<Filter
193 | 			Name="Resource Files"
194 | 			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
195 | 			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
196 | 			>
197 | 		</Filter>
198 | 		<Filter
199 | 			Name="tdifw"
200 | 			>
201 | 			<File
202 | 				RelativePath=".\tdifw\conn_state.c"
203 | 				>
204 | 			</File>
205 | 			<File
206 | 				RelativePath=".\tdifw\conn_state.h"
207 | 				>
208 | 			</File>
209 | 			<File
210 | 				RelativePath=".\tdifw\disp_conn.c"
211 | 				>
212 | 			</File>
213 | 			<File
214 | 				RelativePath=".\tdifw\disp_dg.c"
215 | 				>
216 | 			</File>
217 | 			<File
218 | 				RelativePath=".\tdifw\disp_ev.c"
219 | 				>
220 | 			</File>
221 | 			<File
222 | 				RelativePath=".\tdifw\disp_obj.c"
223 | 				>
224 | 			</File>
225 | 			<File
226 | 				RelativePath=".\tdifw\disp_sr.c"
227 | 				>
228 | 			</File>
229 | 			<File
230 | 				RelativePath=".\tdifw\dispatch.c"
231 | 				>
232 | 			</File>
233 | 			<File
234 | 				RelativePath=".\tdifw\dispatch.h"
235 | 				>
236 | 			</File>
237 | 			<File
238 | 				RelativePath=".\tdifw\ev_conn.c"
239 | 				>
240 | 			</File>
241 | 			<File
242 | 				RelativePath=".\tdifw\ev_dg.c"
243 | 				>
244 | 			</File>
245 | 			<File
246 | 				RelativePath=".\tdifw\ev_recv.c"
247 | 				>
248 | 			</File>
249 | 			<File
250 | 				RelativePath=".\tdifw\events.c"
251 | 				>
252 | 			</File>
253 | 			<File
254 | 				RelativePath=".\tdifw\events.h"
255 | 				>
256 | 			</File>
257 | 			<File
258 | 				RelativePath=".\tdifw\filter.c"
259 | 				>
260 | 			</File>
261 | 			<File
262 | 				RelativePath=".\tdifw\filter.h"
263 | 				>
264 | 			</File>
265 | 			<File
266 | 				RelativePath=".\tdifw\ipc.c"
267 | 				>
268 | 			</File>
269 | 			<File
270 | 				RelativePath=".\tdifw\memtrack.c"
271 | 				>
272 | 			</File>
273 | 			<File
274 | 				RelativePath=".\tdifw\memtrack.h"
275 | 				>
276 | 			</File>
277 | 			<File
278 | 				RelativePath=".\tdifw\ndis_hk_ioctl.h"
279 | 				>
280 | 			</File>
281 | 			<File
282 | 				RelativePath=".\tdifw\obj_tbl.c"
283 | 				>
284 | 			</File>
285 | 			<File
286 | 				RelativePath=".\tdifw\obj_tbl.h"
287 | 				>
288 | 			</File>
289 | 			<File
290 | 				RelativePath=".\tdifw\packet.c"
291 | 				>
292 | 			</File>
293 | 			<File
294 | 				RelativePath=".\tdifw\packet.h"
295 | 				>
296 | 			</File>
297 | 			<File
298 | 				RelativePath=".\tdifw\pid_pname.c"
299 | 				>
300 | 			</File>
301 | 			<File
302 | 				RelativePath=".\tdifw\pid_pname.h"
303 | 				>
304 | 			</File>
305 | 			<File
306 | 				RelativePath=".\tdifw\sids.c"
307 | 				>
308 | 			</File>
309 | 			<File
310 | 				RelativePath=".\tdifw\sids.h"
311 | 				>
312 | 			</File>
313 | 			<File
314 | 				RelativePath=".\tdifw\sock.c"
315 | 				>
316 | 			</File>
317 | 			<File
318 | 				RelativePath=".\tdifw\sock.h"
319 | 				>
320 | 			</File>
321 | 			<File
322 | 				RelativePath=".\tdifw\tdi_fw.c"
323 | 				>
324 | 			</File>
325 | 			<File
326 | 				RelativePath=".\tdifw\tdi_fw.h"
327 | 				>
328 | 			</File>
329 | 			<File
330 | 				RelativePath=".\tdifw\tdi_fw_lib.h"
331 | 				>
332 | 			</File>
333 | 		</Filter>
334 | 	</Files>
335 | 	<Globals>
336 | 	</Globals>
337 | </VisualStudioProject>
338 | 


--------------------------------------------------------------------------------
/tdifw/src/my_build.bat:
--------------------------------------------------------------------------------
1 | cd tdifw
2 | call my_build %1
3 | cd ..
4 | 
5 | build %1
6 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/MAKEFILE:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!!  Edit .\sources. if you want to add a new source
3 | # file to this component.  This file merely indirects to the real make file
4 | # that is shared by all the driver components of the Windows NT DDK
5 | #
6 | 
7 | !INCLUDE $(NTMAKEENV)\makefile.def
8 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/SOURCES:
--------------------------------------------------------------------------------
 1 | TARGETNAME=tdifw_drv
 2 | TARGETPATH=../build
 3 | TARGETTYPE=LIBRARY
 4 | 
 5 | TARGETLIBS=$(DDK_LIB_PATH)\tdi.lib
 6 | 
 7 | C_DEFINES=-DUSE_PACKET_ENGINE
 8 | # You can specify this define too: -DUSE_TDI_HOOKING
 9 | 
10 | USER_INCLUDES=..;$(NTMAKEENV)\..\src\network\inc
11 | 
12 | SOURCES=	tdi_fw.c \
13 | 			dispatch.c \
14 | 			disp_conn.c \
15 | 			disp_dg.c \
16 | 			disp_ev.c \
17 | 			disp_obj.c \
18 | 			events.c \
19 | 			ev_conn.c \
20 | 			ev_dg.c \
21 | 			filter.c \
22 | 			memtrack.c \
23 | 			obj_tbl.c \
24 | 			sock.c \
25 | 			ipc.c \
26 | 			pid_pname.c \
27 | 			packet.c \
28 | 			conn_state.c \
29 | 			sids.c \
30 | 			disp_sr.c \
31 | 			ev_recv.c
32 | 
33 | !if "$(NTDEBUG)"=="ntsdnodbg"
34 | NTDEBUG=
35 | !endif
36 | 
37 | !ifndef NTDEBUG
38 | NTDEBUG=retail
39 | !endif
40 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/conn_state.h:
--------------------------------------------------------------------------------
 1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 2 | //
 3 | // $Id: conn_state.h,v 1.2 2003/09/01 08:42:17 dev Exp $
 4 | 
 5 | #ifndef _conn_state_h_
 6 | #define _conn_state_h_
 7 | 
 8 | #include "ipc.h"
 9 | 
10 | NTSTATUS conn_state_init(void);
11 | void conn_state_free(void);
12 | 
13 | /* work with listening ports for all protocols */
14 | 
15 | NTSTATUS add_listen(struct ot_entry *ote_addr);
16 | 
17 | void del_listen_obj(struct listen_entry *le, BOOLEAN no_guard);
18 | 
19 | BOOLEAN is_listen(ULONG addr, USHORT port, int ipproto);
20 | 
21 | BOOLEAN is_bcast_listen(ULONG addr, USHORT port, int ipproto);
22 | 
23 | NTSTATUS	enum_listen(struct listen_nfo *buf, ULONG *buf_len, ULONG buf_size);
24 | 
25 | /* work with TCP only connections */
26 | 
27 | NTSTATUS add_tcp_conn(struct ot_entry *ote_conn, int tcp_state);
28 | void del_tcp_conn(PFILE_OBJECT connobj, BOOLEAN is_disconnect);
29 | 
30 | void del_tcp_conn_obj(struct conn_entry *ce, BOOLEAN no_guard);
31 | void log_disconnect(struct ot_entry *ote_conn);
32 | 
33 | NTSTATUS set_tcp_conn_state(PFILE_OBJECT connobj, int state);
34 | NTSTATUS set_tcp_conn_local(PFILE_OBJECT connobj, TA_ADDRESS *local);
35 | 
36 | int get_tcp_conn_state(ULONG laddr, USHORT lport, ULONG raddr, USHORT rport);
37 | int get_tcp_conn_state_by_obj(PFILE_OBJECT connobj);
38 | 
39 | NTSTATUS	enum_tcp_conn(struct tcp_conn_nfo *buf, ULONG *buf_len, ULONG buf_size);
40 | 
41 | #endif
42 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/disp_conn.c:
--------------------------------------------------------------------------------
  1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
  2 |  *
  3 |  * Redistribution and use in source forms, with and without modification,
  4 |  * are permitted provided that this entire comment appears intact.
  5 |  *
  6 |  * Redistribution in binary form may occur without any restrictions.
  7 |  *
  8 |  * This software is provided ``AS IS'' without any warranties of any kind.
  9 |  */
 10 | 
 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 12 | //
 13 | // $Id: disp_conn.c,v 1.11 2005/03/14 18:28:26 vlad Exp $
 14 | 
 15 | /*
 16 |  * This file contains TDI_CONNECT & TDI_DISCONNECT handlers
 17 |  */
 18 | 
 19 | #include <ntddk.h>
 20 | #include <tdikrnl.h>
 21 | #include "sock.h"
 22 | 
 23 | #include "conn_state.h"
 24 | #include "dispatch.h"
 25 | #include "events.h"
 26 | #include "memtrack.h"
 27 | #include "obj_tbl.h"
 28 | #include "sids.h"
 29 | #include "tdi_fw.h"
 30 | 
 31 | struct delayed_ucn_param {
 32 | 	WORK_QUEUE_ITEM	item;
 33 | 	PDEVICE_OBJECT	devobj;
 34 | 	PFILE_OBJECT	fileobj;
 35 | };
 36 | 
 37 | struct uci_param {
 38 | 	PFILE_OBJECT	connobj;
 39 | 	char			address[];
 40 | };
 41 | 
 42 | static void		delayed_ucn(PVOID p);
 43 | static NTSTATUS	update_conn_info_complete(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context);
 44 | 
 45 | 
 46 | static NTSTATUS	tdi_connect_complete(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context);
 47 | static NTSTATUS	tdi_disconnect_complete(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context);
 48 | 
 49 | //----------------------------------------------------------------------------
 50 | 
 51 | /*
 52 |  * TDI_CONNECT handler
 53 |  */
 54 | 
 55 | int
 56 | tdi_connect(PIRP irp, PIO_STACK_LOCATION irps, struct completion *completion)
 57 | {
 58 | 	PTDI_REQUEST_KERNEL_CONNECT param = (PTDI_REQUEST_KERNEL_CONNECT)(&irps->Parameters);
 59 | 	TA_ADDRESS *remote_addr = ((TRANSPORT_ADDRESS *)(param->RequestConnectionInformation->RemoteAddress))->Address;
 60 | 	PFILE_OBJECT addrobj;
 61 | 	NTSTATUS status;
 62 | 	TA_ADDRESS *local_addr;
 63 | 	int result = FILTER_DENY, ipproto;
 64 | 	struct ot_entry *ote_conn = NULL, *ote_addr;
 65 | 	KIRQL irql;
 66 | 	struct flt_request request;
 67 | 	struct flt_rule rule;
 68 | 
 69 | 	memset(&request, 0, sizeof(request));
 70 | 
 71 | 	KdPrint(("[tdi_fw] tdi_connect: connobj 0x%x, to address %x:%u\n",
 72 | 		irps->FileObject,
 73 | 		ntohl(((TDI_ADDRESS_IP *)(remote_addr->Address))->in_addr),
 74 | 		ntohs(((TDI_ADDRESS_IP *)(remote_addr->Address))->sin_port)));
 75 | 
 76 | 	// check device object: TCP or UDP
 77 | 	if (irps->DeviceObject != g_tcpfltobj && irps->DeviceObject != g_udpfltobj) {
 78 | 		KdPrint(("[tdi_fw] tdi_connect: unknown DeviceObject 0x%x!\n", irps->DeviceObject));
 79 | 		goto done;
 80 | 	}
 81 | 
 82 | 	ote_conn = ot_find_fileobj(irps->FileObject, &irql);
 83 | 	if (ote_conn == NULL) {
 84 | 		KdPrint(("[tdi_fw] tdi_connect: ot_find_fileobj(0x%x)!\n", irps->FileObject));
 85 | 		goto done;
 86 | 	}
 87 | 
 88 | 	if (get_original_devobj(irps->DeviceObject, &ipproto) == NULL ||
 89 | 		(ipproto != IPPROTO_TCP && ipproto != IPPROTO_UDP)) {
 90 | 		// invalid device object!
 91 | 		KdPrint(("[tdi_fw] tdi_connect: invalid device object 0x%x!\n", irps->DeviceObject));
 92 | 		goto done;
 93 | 	}
 94 | 
 95 | 	if (ipproto == IPPROTO_TCP) {
 96 | 		/*
 97 | 		 * For TCP: get addrobj by connobj and get local address by it
 98 | 		 */
 99 | 
100 | 		addrobj = ote_conn->associated_fileobj;
101 | 		if (addrobj == NULL) {
102 | 			KdPrint(("[tdi_fw] tdi_connect: empty addrobj!\n"));
103 | 			goto done;
104 | 		}
105 | 
106 | 		ote_addr = ot_find_fileobj(addrobj, NULL); // we're already in spinlock
107 | 		if (ote_addr == NULL) {
108 | 			KdPrint(("[tdi_fw] tdi_connect: ot_find_fileobj(0x%x)!\n", addrobj));
109 | 			goto done;
110 | 		}
111 | 
112 | 	} else {
113 | 		/*
114 | 		 * For UDP: connobj and addrobj are the same
115 | 		 */
116 | 		KdPrint(("[tdi_fw] tdi_connect: connected UDP socket detected\n"));
117 | 
118 | 		// for connected UDP sockets connobj and addrobj are the same
119 | 		addrobj= irps->FileObject;
120 | 		ote_addr = ote_conn;
121 | 	}
122 | 
123 | 	local_addr = (TA_ADDRESS *)(ote_addr->local_addr);
124 | 
125 | 	// sanity check
126 | 	if (local_addr->AddressLength != remote_addr->AddressLength) {
127 | 		KdPrint(("[tdi_fw] tdi_connect: different addr lengths! (%u != %u)\n",
128 | 			local_addr->AddressLength, remote_addr->AddressLength));
129 | 		goto done;
130 | 	}
131 | 
132 | 	// set remote address with connobj
133 | 	
134 | 	if (remote_addr->AddressLength > sizeof(ote_conn->remote_addr)) {
135 | 		KdPrint(("[tdi_fw] tdi_connect: address too long! (%u)\n", remote_addr->AddressLength));
136 | 		goto done;
137 | 	}
138 | 	memcpy(ote_conn->remote_addr, remote_addr, remote_addr->AddressLength);
139 | 
140 | 	// set local address with connobj
141 | 
142 | 	if (local_addr->AddressLength > sizeof(ote_conn->local_addr)) {
143 | 		KdPrint(("[tdi_fw] tdi_connect: address to long! (%u)\n", local_addr->AddressLength));
144 | 		goto done;
145 | 	}
146 | 	memcpy(ote_conn->local_addr, local_addr, local_addr->AddressLength);
147 | 
148 | 	KdPrint(("[tdi_fw] tdi_connect(pid:%u/%u): %x:%u -> %x:%u (ipproto = %d)\n",
149 | 		ote_conn->pid, PsGetCurrentProcessId(),
150 | 		ntohl(((TDI_ADDRESS_IP *)(local_addr->Address))->in_addr),
151 | 		ntohs(((TDI_ADDRESS_IP *)(local_addr->Address))->sin_port),
152 | 		ntohl(((TDI_ADDRESS_IP *)(remote_addr->Address))->in_addr),
153 | 		ntohs(((TDI_ADDRESS_IP *)(remote_addr->Address))->sin_port), ipproto));
154 | 
155 | 	/*
156 | 	 * Call quick_filter
157 | 	 */
158 | 
159 | 	request.struct_size = sizeof(request);
160 | 
161 | 	request.type = TYPE_CONNECT;
162 | 	request.direction = DIRECTION_OUT;
163 | 	request.proto = ipproto;
164 | 
165 | 	// don't use ote_conn->pid because one process can create connection object
166 | 	// but another one can connect
167 | 	request.pid = (ULONG)PsGetCurrentProcessId();
168 | 	if (request.pid == 0) {
169 | 		// avoid idle process pid (XXX do we need this?)
170 | 		request.pid = ote_addr->pid;
171 | 	}
172 | 
173 | 	// get user SID & attributes (can't call get_current_sid_a at DISPATCH_LEVEL)
174 | 	if ((request.sid_a = copy_sid_a(ote_addr->sid_a, ote_addr->sid_a_size)) != NULL)
175 | 		request.sid_a_size = ote_addr->sid_a_size;
176 | 	
177 | 	memcpy(&request.addr.from, &local_addr->AddressType, sizeof(struct sockaddr));
178 | 	memcpy(&request.addr.to, &remote_addr->AddressType, sizeof(struct sockaddr));
179 | 	request.addr.len = sizeof(struct sockaddr_in);
180 | 
181 | 	memset(&rule, 0, sizeof(rule));
182 | 
183 | 	result = quick_filter(&request, &rule);
184 | 
185 | 	memcpy(request.log_rule_id, rule.rule_id, RULE_ID_SIZE);
186 | 
187 | 	if (result == FILTER_ALLOW && ipproto == IPPROTO_TCP) {
188 | 		struct flt_request *context_req = NULL;
189 | 
190 | 		// add connection with state "SYN_SENT"
191 | 		status = add_tcp_conn(ote_conn, TCP_STATE_SYN_SENT);
192 | 		if (status != STATUS_SUCCESS) {
193 | 			KdPrint(("[tdi_fw] tdi_connect: add_conn: 0x%x!\n", status));
194 | 			
195 | 			result = FILTER_DENY;
196 | 			goto done;				// don't log this failure
197 | 		}
198 | 
199 | 		if (rule.log >= RULE_LOG_LOG) {
200 | 			// set ote_conn->log_disconnect
201 | 			ote_conn->log_disconnect = (rule.log >= RULE_LOG_COUNT);
202 | 
203 | 			// copy request for completion (LOG success or not)
204 | 			context_req = (struct flt_request *)malloc_np(sizeof(*context_req));
205 | 			if (context_req != NULL) {
206 | 				memcpy(context_req, &request, sizeof(*context_req));
207 | 
208 | 				// don't free SID
209 | 				request.sid_a = NULL;
210 | 
211 | 				// don't log request in this time
212 | 				rule.log = RULE_LOG_NOLOG;
213 | 			}
214 | 		}
215 | 
216 | 		// set completion to add connection info to connection table
217 | 		completion->routine = tdi_connect_complete;
218 | 		completion->context = context_req;
219 | 	}
220 | 
221 | 	// if logging is needed log request
222 | 	if (rule.log >= RULE_LOG_LOG)
223 | 		log_request(&request);
224 | 
225 | done:
226 | 	// cleanup
227 | 	if (ote_conn != NULL)
228 | 		KeReleaseSpinLock(&g_ot_hash_guard, irql);
229 | 	if (request.sid_a != NULL)
230 | 		free(request.sid_a);
231 | 
232 | 	if (result != FILTER_ALLOW) {
233 | 		irp->IoStatus.Status = STATUS_REMOTE_NOT_LISTENING;	// set fake status
234 | 	}
235 | 
236 | 	return result;
237 | }
238 | 
239 | NTSTATUS
240 | tdi_connect_complete(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context)
241 | {
242 | 	NTSTATUS status;
243 | 	struct flt_request *request = (struct flt_request *)Context;
244 | 	PIO_STACK_LOCATION irps = IoGetCurrentIrpStackLocation(Irp);
245 | 
246 | 	KdPrint(("[tdi_fw] tdi_connect_complete: status 0x%x\n", Irp->IoStatus.Status));
247 | 
248 | 	if (Irp->IoStatus.Status == STATUS_SUCCESS) {
249 | 
250 | 		if (request != NULL)
251 | 			log_request(request);		// log successful connection
252 | 		
253 | 		// very good! set connection state to "ESTABLISHED"
254 | 		status = set_tcp_conn_state(irps->FileObject, TCP_STATE_ESTABLISHED_OUT);
255 | 		if (status != STATUS_SUCCESS) {
256 | 			KdPrint(("[tdi_fw] tdi_connect_complete: set_tcp_conn_state: 0x%x!\n", status));
257 | 
258 | 			// set fake status
259 | 			Irp->IoStatus.Status = STATUS_REMOTE_NOT_LISTENING;
260 | 			// TDI client will close connection object and connection will not "hang" (maybe)
261 | 			goto done;
262 | 		}
263 | 
264 | 		// and update local address for this connection in state table
265 | 		update_conn_info(DeviceObject, irps->FileObject);
266 | 
267 | 	} else {
268 | 
269 | 		if (request != NULL) {
270 | 
271 | 			switch (Irp->IoStatus.Status) {		// are status codes correct?
272 | 			case STATUS_CONNECTION_REFUSED:
273 | 			case STATUS_CONNECTION_RESET:
274 | 				request->type = TYPE_CONNECT_RESET;
275 | 				break;
276 | 			case STATUS_CONNECTION_ABORTED:
277 | 			case STATUS_CANCELLED:
278 | 				request->type = TYPE_CONNECT_CANCELED;
279 | 				break;
280 | 			case STATUS_IO_TIMEOUT:
281 | 				request->type = TYPE_CONNECT_TIMEOUT;
282 | 				break;
283 | 			case STATUS_NETWORK_UNREACHABLE:
284 | 			case STATUS_HOST_UNREACHABLE:
285 | 			case STATUS_PROTOCOL_UNREACHABLE:
286 | 			case STATUS_PORT_UNREACHABLE:
287 | 				request->type = TYPE_CONNECT_UNREACH;
288 | 				break;
289 | 			default:
290 | 				request->type = TYPE_CONNECT_ERROR;
291 | 			}
292 | 
293 | 			// anyway save status
294 | 			request->status = Irp->IoStatus.Status;
295 | 
296 | 			log_request(request);
297 | 		}
298 | 
299 | 		del_tcp_conn(irps->FileObject, FALSE);
300 | 	}
301 | 
302 | done:
303 | 	if (request != NULL) {
304 | 		if (request->sid_a != NULL)
305 | 			free(request->sid_a);
306 | 		free(request);
307 | 	}
308 | 	return tdi_generic_complete(DeviceObject, Irp, Context);
309 | }
310 | 
311 | void
312 | delayed_ucn(PVOID p)
313 | {
314 | 	struct delayed_ucn_param *ucn_param = (struct delayed_ucn_param *)p;
315 | 
316 | 	update_conn_info(ucn_param->devobj, ucn_param->fileobj);
317 | 	
318 | 	free(ucn_param);
319 | }
320 | 
321 | /* query local address and port for connection */
322 | void
323 | update_conn_info(PDEVICE_OBJECT devobj, PFILE_OBJECT connobj)
324 | {
325 | 	PIRP query_irp;
326 | 	PMDL mdl = NULL;
327 | 	struct uci_param *uci_param = NULL;
328 | 
329 | 	// MUST be executed at PASSIVE_LEVEL
330 | 
331 | 	if (KeGetCurrentIrql() != PASSIVE_LEVEL) {
332 | 		// do it a bit later :-)
333 | 		struct delayed_ucn_param *ucn_param = (struct delayed_ucn_param *)malloc_np(sizeof(*ucn_param));
334 | 		if (ucn_param != NULL) {
335 | 
336 | 			memset(ucn_param, 0, sizeof(*ucn_param));
337 | 
338 | 			ucn_param->devobj = devobj;
339 | 			ucn_param->fileobj = connobj;
340 | 
341 | 			ExInitializeWorkItem(&ucn_param->item, delayed_ucn, ucn_param);
342 | 			ExQueueWorkItem(&ucn_param->item, DelayedWorkQueue);	// DelayedWorkQueue a good value?
343 | 
344 | 		} else {
345 | 			KdPrint(("[ndis_hk] tdi_connect_complete: malloc_np!\n"));
346 | 			// so we'll live without known local address :-(
347 | 		}
348 | 		return;
349 | 	}
350 | 
351 | 	// we're at PASSIVE_LEVEL
352 | 
353 | 	query_irp = TdiBuildInternalDeviceControlIrp(TDI_QUERY_INFORMATION, devobj, connobj, NULL, NULL);
354 | 	if (query_irp == NULL) {
355 | 		KdPrint(("[tdi_fw] update_conn_info: TdiBuildInternalDeviceControlIrp!\n"));
356 | 		goto done;
357 | 	}
358 | 
359 | 	uci_param = (struct uci_param *)malloc_np(sizeof(*uci_param) + TDI_ADDRESS_INFO_MAX);
360 | 	if (uci_param == NULL) {
361 | 		KdPrint(("[tdi_fw] update_conn_info: malloc_np!\n"));
362 | 		goto done;
363 | 	}
364 | 
365 | 	memset(uci_param, 0, sizeof(*uci_param) + TDI_ADDRESS_INFO_MAX);
366 | 	uci_param->connobj = connobj;
367 | 
368 | 	mdl = IoAllocateMdl(uci_param->address, TDI_ADDRESS_INFO_MAX, FALSE, FALSE, NULL);
369 | 	if (mdl == NULL) {
370 | 		KdPrint(("[tdi_fw] update_conn_info: IoAllocateMdl!\n"));
371 | 		goto done;
372 | 	}
373 | 	MmBuildMdlForNonPagedPool(mdl);
374 | 
375 | 	TdiBuildQueryInformation(query_irp, devobj, connobj,
376 | 		update_conn_info_complete, uci_param,
377 | 		TDI_QUERY_ADDRESS_INFO, mdl);
378 | 
379 | 	IoCallDriver(devobj, query_irp);
380 | 
381 | 	query_irp = NULL;
382 | 	mdl = NULL;
383 | 	uci_param = NULL;
384 | 
385 | done:
386 | 	// cleanup
387 | 	if (mdl != NULL)
388 | 		IoFreeMdl(mdl);
389 | 	if (uci_param != NULL)
390 | 		ExFreePool(uci_param);
391 | 	if (query_irp != NULL)
392 | 		IoCompleteRequest(query_irp, IO_NO_INCREMENT);
393 | }
394 | 
395 | NTSTATUS
396 | update_conn_info_complete(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context)
397 | {
398 | 	struct uci_param *param = (struct uci_param *)Context;
399 | 	TA_ADDRESS *addr = ((TDI_ADDRESS_INFO *)(param->address))->Address.Address;
400 | 	NTSTATUS status;
401 | 
402 | 	status = set_tcp_conn_local(param->connobj, addr);
403 | 	if (status != STATUS_SUCCESS)
404 | 		KdPrint(("[tdi_fw] update_conn_info_complete: set_tcp_conn_local: 0x%x!\n", status));
405 | 
406 | 	// cleanup MDL to avoid unlocking pages from NonPaged pool
407 | 	if (Irp->MdlAddress != NULL) {
408 | 		IoFreeMdl(Irp->MdlAddress);
409 | 		Irp->MdlAddress = NULL;
410 | 	}
411 | 
412 | 	free(param);
413 | 	return STATUS_SUCCESS;
414 | }
415 | 
416 | //----------------------------------------------------------------------------
417 | 
418 | /*
419 |  * TDI_DISCONNECT handler
420 |  */
421 | 
422 | int
423 | tdi_disconnect(PIRP irp, PIO_STACK_LOCATION irps, struct completion *completion)
424 | {
425 | 	TDI_REQUEST_KERNEL_DISCONNECT *param = (TDI_REQUEST_KERNEL_DISCONNECT *)(&irps->Parameters);
426 | 
427 | 	KdPrint(("[tdi_fw] tdi_disconnect: connobj 0x%x (flags: 0x%x)\n",
428 | 		irps->FileObject, param->RequestFlags));
429 | 
430 | 	if (param->RequestFlags & TDI_DISCONNECT_RELEASE) {
431 | 		int state = get_tcp_conn_state_by_obj(irps->FileObject), new_state;
432 | 
433 | 		if (state == TCP_STATE_ESTABLISHED_IN || state == TCP_STATE_ESTABLISHED_OUT)
434 | 			new_state = TCP_STATE_FIN_WAIT1;
435 | 		else if (state == TCP_STATE_CLOSE_WAIT)
436 | 			new_state = TCP_STATE_LAST_ACK;
437 | 		else
438 | 			KdPrint(("[tdi_fw] tdi_disconnect: weird conn state: %d\n", state));
439 | 
440 | 		set_tcp_conn_state(irps->FileObject, new_state);
441 | 
442 | 		completion->routine = tdi_disconnect_complete;
443 | 		completion->context = (PVOID)new_state;
444 | 
445 | 	} else {
446 | 
447 | 		// set TCP_STATE_CLOSED and delete object in completion
448 | 
449 | 		set_tcp_conn_state(irps->FileObject, TCP_STATE_CLOSED);
450 | 
451 | 		completion->routine = tdi_disconnect_complete;
452 | 		completion->context = (PVOID)TCP_STATE_CLOSED;
453 | 
454 | 	}
455 | 
456 | 	return FILTER_ALLOW;
457 | }
458 | 
459 | NTSTATUS
460 | tdi_disconnect_complete(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context)
461 | {
462 | 	PIO_STACK_LOCATION irps = IoGetCurrentIrpStackLocation(Irp);
463 | 	int state = (int)Context;
464 | 
465 | 	KdPrint(("[tdi_fw] tdi_disconnect_complete: connobj 0x%x; status: 0x%x\n",
466 | 		irps->FileObject, Irp->IoStatus.Status));
467 | 
468 | 	if (Irp->IoStatus.Status == STATUS_SUCCESS) {
469 | 		
470 | 		// update TCP state table
471 | 		
472 | 		if (state == TCP_STATE_FIN_WAIT1)
473 | 			set_tcp_conn_state(irps->FileObject, TCP_STATE_FIN_WAIT2);
474 | 		else if (state == TCP_STATE_LAST_ACK)
475 | 			del_tcp_conn(irps->FileObject, TRUE);
476 | 		else if (state == TCP_STATE_CLOSED)
477 | 			del_tcp_conn(irps->FileObject, TRUE);
478 | 		else
479 | 			KdPrint(("[tdi_fw] tdi_disconnect_complete: weird conn state: %d\n", state));
480 | 	}
481 | 
482 | 	return tdi_generic_complete(DeviceObject, Irp, Context);
483 | }
484 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/disp_dg.c:
--------------------------------------------------------------------------------
  1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
  2 |  *
  3 |  * Redistribution and use in source forms, with and without modification,
  4 |  * are permitted provided that this entire comment appears intact.
  5 |  *
  6 |  * Redistribution in binary form may occur without any restrictions.
  7 |  *
  8 |  * This software is provided ``AS IS'' without any warranties of any kind.
  9 |  */
 10 |  
 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 12 | //
 13 | // $Id: disp_dg.c,v 1.12 2003/09/04 15:20:09 dev Exp $
 14 | 
 15 | /*
 16 |  * This file contains TDI_SEND_DATAGRAM and TDI_RECEIVE_DATAGRAM handlers
 17 |  */
 18 | 
 19 | #include <ntddk.h>
 20 | #include <tdikrnl.h>
 21 | #include "sock.h"
 22 | 
 23 | #include "dispatch.h"
 24 | #include "filter.h"
 25 | #include "memtrack.h"
 26 | #include "obj_tbl.h"
 27 | #include "sids.h"
 28 | #include "tdi_fw.h"
 29 | 
 30 | static NTSTATUS tdi_receive_datagram_complete(
 31 | 	IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context);
 32 | 
 33 | 
 34 | //----------------------------------------------------------------------------
 35 | 
 36 | /*
 37 |  * TDI_SEND_DATAGRAM handler
 38 |  */
 39 | 
 40 | int
 41 | tdi_send_datagram(PIRP irp, PIO_STACK_LOCATION irps, struct completion *completion)
 42 | {
 43 | 	TDI_REQUEST_KERNEL_SENDDG *param = (TDI_REQUEST_KERNEL_SENDDG *)(&irps->Parameters);
 44 | 	TA_ADDRESS *local_addr, *remote_addr;
 45 | 	NTSTATUS status;
 46 | 	struct ot_entry *ote_addr = NULL;
 47 | 	KIRQL irql;
 48 | 	int result = FILTER_DENY, ipproto;
 49 | 	struct flt_request request;
 50 | 	struct flt_rule rule;
 51 | 
 52 | 	memset(&request, 0, sizeof(request));
 53 | 
 54 | 	// check device object: UDP or RawIP
 55 | 	if (get_original_devobj(irps->DeviceObject, &ipproto) == NULL ||
 56 | 		(ipproto != IPPROTO_UDP && ipproto != IPPROTO_IP)) {
 57 | 		// unknown device object!
 58 | 		KdPrint(("[tdi_fw] tdi_send_datagram: unknown DeviceObject 0x%x!\n",
 59 | 			irps->DeviceObject));
 60 | 		goto done;
 61 | 	}
 62 | 
 63 | 	// get local address of address object
 64 | 
 65 | 	ote_addr = ot_find_fileobj(irps->FileObject, &irql);
 66 | 	if (ote_addr == NULL) {
 67 | 		KdPrint(("[tdi_fw] tdi_send_datagram: ot_find_fileobj(0x%x)!\n", irps->FileObject));
 68 | #if DBG
 69 | 		// address object was created before driver was started
 70 | 		result = FILTER_ALLOW;
 71 | #endif
 72 | 		goto done;
 73 | 	}
 74 | 
 75 | 	KdPrint(("[tdi_fw] tdi_send_datagram: addrobj 0x%x (size: %u)\n", irps->FileObject,
 76 | 		param->SendLength));
 77 | 
 78 | 	local_addr = (TA_ADDRESS *)(ote_addr->local_addr);
 79 | 	remote_addr = ((TRANSPORT_ADDRESS *)(param->SendDatagramInformation->RemoteAddress))->Address;
 80 | 
 81 | 	KdPrint(("[tdi_fw] tdi_send_datagram(pid:%u/%u): %x:%u -> %x:%u\n",
 82 | 		ote_addr->pid, PsGetCurrentProcessId(),
 83 | 		ntohl(((TDI_ADDRESS_IP *)(local_addr->Address))->in_addr),
 84 | 		ntohs(((TDI_ADDRESS_IP *)(local_addr->Address))->sin_port),
 85 | 		ntohl(((TDI_ADDRESS_IP *)(remote_addr->Address))->in_addr),
 86 | 		ntohs(((TDI_ADDRESS_IP *)(remote_addr->Address))->sin_port)));
 87 | 
 88 | 	request.struct_size = sizeof(request);
 89 | 
 90 | 	request.type = TYPE_DATAGRAM;
 91 | 	request.direction = DIRECTION_OUT;
 92 | 	request.proto = ipproto;
 93 | 
 94 | 	// don't use ote_addr->pid because one process can create address object
 95 | 	// but another one can send datagram on it
 96 | 	request.pid = (ULONG)PsGetCurrentProcessId();
 97 | 	if (request.pid == 0) {
 98 | 		// some NetBT datagrams are sent in context of idle process: avoid it
 99 | 		request.pid = ote_addr->pid;
100 | 	}
101 | 	
102 | 	// get user SID & attributes (can't call get_current_sid_a at DISPATCH_LEVEL)
103 | 	if ((request.sid_a = copy_sid_a(ote_addr->sid_a, ote_addr->sid_a_size)) != NULL)
104 | 		request.sid_a_size = ote_addr->sid_a_size;
105 | 	
106 | 	memcpy(&request.addr.from, &local_addr->AddressType, sizeof(struct sockaddr));
107 | 	memcpy(&request.addr.to, &remote_addr->AddressType, sizeof(struct sockaddr));
108 | 	request.addr.len = sizeof(struct sockaddr_in);
109 | 
110 | 	memset(&rule, 0, sizeof(rule));
111 | 
112 | 	result = quick_filter(&request, &rule);
113 | 	
114 | 	memcpy(request.log_rule_id, rule.rule_id, RULE_ID_SIZE);
115 | 
116 | 	if (rule.log >= RULE_LOG_LOG) {
117 | 		ULONG bytes = param->SendLength;
118 | 
119 | 		// traffic stats
120 | 		KeAcquireSpinLockAtDpcLevel(&g_traffic_guard);
121 | 		
122 | 		g_traffic[TRAFFIC_TOTAL_OUT] += bytes;
123 | 		
124 | 		if (rule.log >= RULE_LOG_COUNT) {
125 | 			request.log_bytes_out = bytes;
126 | 
127 | 			g_traffic[TRAFFIC_COUNTED_OUT] += bytes;
128 | 
129 | 		} else
130 | 			request.log_bytes_out = (ULONG)-1;
131 | 
132 | 		KeReleaseSpinLockFromDpcLevel(&g_traffic_guard);
133 | 
134 | 		log_request(&request);
135 | 	}
136 | 
137 | done:
138 | 
139 | 	// cleanup
140 | 	if (ote_addr != NULL)
141 | 		KeReleaseSpinLock(&g_ot_hash_guard, irql);
142 | 	if (request.sid_a != NULL)
143 | 		free(request.sid_a);
144 | 
145 | 	if (result == FILTER_DENY)
146 | 		irp->IoStatus.Status = STATUS_INVALID_ADDRESS;	// set fake status
147 | 
148 | 	return result;
149 | }
150 | 
151 | //----------------------------------------------------------------------------
152 | 
153 | /*
154 |  * TDI_RECEIVE_DATAGRAM handler
155 |  */
156 | 
157 | int
158 | tdi_receive_datagram(PIRP irp, PIO_STACK_LOCATION irps, struct completion *completion)
159 | {
160 | 	KdPrint(("[tdi_fw] tdi_receive_datagram: addrobj 0x%x\n", irps->FileObject));
161 | 
162 | 	completion->routine = tdi_receive_datagram_complete;
163 | 
164 | 	return FILTER_ALLOW;
165 | }
166 | 
167 | NTSTATUS
168 | tdi_receive_datagram_complete(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context)
169 | {
170 | 	PIO_STACK_LOCATION irps = IoGetCurrentIrpStackLocation(Irp);
171 | 	TDI_REQUEST_KERNEL_RECEIVEDG *param = (TDI_REQUEST_KERNEL_RECEIVEDG *)(&irps->Parameters);
172 | 	PFILE_OBJECT addrobj = irps->FileObject;
173 | 	struct ot_entry *ote_addr = NULL;
174 | 	KIRQL irql;
175 | 	int result = FILTER_DENY, ipproto;
176 | 	NTSTATUS status = STATUS_SUCCESS;
177 | 	struct flt_request request;
178 | 	struct flt_rule rule;
179 | 	TA_ADDRESS *local_addr, *remote_addr;
180 | 
181 | 	memset(&request, 0, sizeof(request));
182 | 
183 | 	// check device object: UDP or RawIP
184 | 	if (get_original_devobj(DeviceObject, &ipproto) == NULL ||
185 | 		(ipproto != IPPROTO_UDP && ipproto != IPPROTO_IP)) {
186 | 		// unknown device object!
187 | 		KdPrint(("[tdi_fw] tdi_receive_datagram_complete: unknown DeviceObject 0x%x!\n",
188 | 			DeviceObject));
189 | 		status = STATUS_UNSUCCESSFUL;
190 | 		goto done;
191 | 	}
192 | 
193 | 	KdPrint(("[tdi_fw] tdi_receive_datagram_complete: addrobj 0x%x; status 0x%x; information %u\n",
194 | 		addrobj, Irp->IoStatus.Status, Irp->IoStatus.Information));
195 | 
196 | 	if (Irp->IoStatus.Status != STATUS_SUCCESS) {
197 | 		KdPrint(("[tdi_fw] tdi_receive_datagram_complete: status 0x%x\n",
198 | 			Irp->IoStatus.Status));
199 | 		status = Irp->IoStatus.Status;
200 | 		goto done;
201 | 	}
202 | 
203 | 	ote_addr = ot_find_fileobj(addrobj, &irql);
204 | 	if (ote_addr == NULL) {
205 | 		KdPrint(("[tdi_fw] tdi_receive_datagram_complete: ot_find_fileobj(0x%x)!\n",
206 | 			addrobj));
207 | 		status = STATUS_UNSUCCESSFUL;
208 | 		goto done;
209 | 	}
210 | 
211 | 	request.struct_size = sizeof(request);
212 | 
213 | 	request.type = TYPE_DATAGRAM;
214 | 	request.direction = DIRECTION_IN;
215 | 	request.proto = ipproto;
216 | 	request.pid = ote_addr->pid;
217 | 	
218 | 	// get user SID & attributes!
219 | 	if ((request.sid_a = copy_sid_a(ote_addr->sid_a, ote_addr->sid_a_size)) != NULL)
220 | 		request.sid_a_size = ote_addr->sid_a_size;
221 | 
222 | 	local_addr = (TA_ADDRESS *)(ote_addr->local_addr);
223 | 	remote_addr = ((TRANSPORT_ADDRESS *)(param->ReceiveDatagramInformation->RemoteAddress))->Address;
224 | 
225 | 	KdPrint(("[tdi_fw] tdi_receive_datagram_complete(pid:%u): %x:%u -> %x:%u\n",
226 | 		ote_addr->pid,
227 | 		ntohl(((TDI_ADDRESS_IP *)(remote_addr->Address))->in_addr),
228 | 		ntohs(((TDI_ADDRESS_IP *)(remote_addr->Address))->sin_port),
229 | 		ntohl(((TDI_ADDRESS_IP *)(local_addr->Address))->in_addr),
230 | 		ntohs(((TDI_ADDRESS_IP *)(local_addr->Address))->sin_port)));
231 | 
232 | 	memcpy(&request.addr.from, &remote_addr->AddressType, sizeof(struct sockaddr));
233 | 	memcpy(&request.addr.to, &local_addr->AddressType, sizeof(struct sockaddr));
234 | 	request.addr.len = sizeof(struct sockaddr_in);
235 | 
236 | 	memset(&rule, 0, sizeof(rule));
237 | 
238 | 	result = quick_filter(&request, &rule);
239 | 
240 | 	memcpy(request.log_rule_id, rule.rule_id, RULE_ID_SIZE);
241 | 
242 | 	if (rule.log >= RULE_LOG_LOG) {
243 | 		ULONG bytes = Irp->IoStatus.Information;
244 | 
245 | 		// traffic stats
246 | 		KeAcquireSpinLockAtDpcLevel(&g_traffic_guard);
247 | 		
248 | 		g_traffic[TRAFFIC_TOTAL_IN] += bytes;
249 | 		
250 | 		if (rule.log >= RULE_LOG_COUNT) {
251 | 			request.log_bytes_in = bytes;
252 | 
253 | 			g_traffic[TRAFFIC_COUNTED_IN] += bytes;
254 | 
255 | 		} else
256 | 			request.log_bytes_in = (ULONG)-1;
257 | 
258 | 		KeReleaseSpinLockFromDpcLevel(&g_traffic_guard);
259 | 
260 | 		log_request(&request);
261 | 	}
262 | 
263 | done:
264 | 	// convert result to NTSTATUS
265 | 	if (result == FILTER_ALLOW)
266 | 		status = STATUS_SUCCESS;
267 | 	else {		/* FILTER_DENY */
268 | 
269 | 		if (status == STATUS_SUCCESS)
270 | 			status = Irp->IoStatus.Status = STATUS_ACCESS_DENIED;	// good status?
271 | 
272 | 	}
273 | 
274 | 	// cleanup
275 | 	if (ote_addr != NULL)
276 | 		KeReleaseSpinLock(&g_ot_hash_guard, irql);
277 | 	if (request.sid_a != NULL)
278 | 		free(request.sid_a);
279 | 	
280 | 	return tdi_generic_complete(DeviceObject, Irp, Context);
281 | }
282 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/disp_ev.c:
--------------------------------------------------------------------------------
  1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
  2 |  *
  3 |  * Redistribution and use in source forms, with and without modification,
  4 |  * are permitted provided that this entire comment appears intact.
  5 |  *
  6 |  * Redistribution in binary form may occur without any restrictions.
  7 |  *
  8 |  * This software is provided ``AS IS'' without any warranties of any kind.
  9 |  */
 10 |  
 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 12 | //
 13 | // $Id: disp_ev.c,v 1.5 2003/07/14 12:12:36 dev Exp $
 14 | 
 15 | /*
 16 |  * This file contains TDI_SET_EVENT_HANDLER handler
 17 |  */
 18 | 
 19 | #include <ntddk.h>
 20 | #include <tdikrnl.h>
 21 | #include "sock.h"
 22 | 
 23 | #include "conn_state.h"
 24 | #include "dispatch.h"
 25 | #include "events.h"
 26 | #include "memtrack.h"
 27 | #include "obj_tbl.h"
 28 | #include "sids.h"
 29 | #include "tdi_fw.h"
 30 | 
 31 | int
 32 | tdi_set_event_handler(PIRP irp, PIO_STACK_LOCATION irps, struct completion *completion)
 33 | {
 34 | 	PTDI_REQUEST_KERNEL_SET_EVENT r = (PTDI_REQUEST_KERNEL_SET_EVENT)&irps->Parameters;
 35 | 	NTSTATUS status;
 36 | 	struct ot_entry *ote_addr = NULL;
 37 | 	KIRQL irql;
 38 | 	int result = FILTER_DENY;
 39 | 	TDI_EVENT_CONTEXT *ctx;
 40 | 
 41 | 	KdPrint(("[tdi_fw] tdi_set_event_handler: [%s] devobj 0x%x; addrobj 0x%x; EventType: %d\n",
 42 | 		r->EventHandler ? "(+)ADD" : "(-)REMOVE",
 43 | 		irps->DeviceObject,
 44 | 		irps->FileObject,
 45 | 		r->EventType));
 46 | 
 47 | 	ote_addr = ot_find_fileobj(irps->FileObject, &irql);
 48 | 	if (ote_addr == NULL) {
 49 | 		KdPrint(("[tdi_fw] tdi_set_event_handler: ot_find_fileobj(0x%x)\n", irps->FileObject));
 50 | 		if (r->EventHandler == NULL) {
 51 | 			 // for fileobjects loaded earlier than our driver allow removing
 52 | 			result = FILTER_ALLOW;
 53 | 		}
 54 | 		goto done;
 55 | 	}
 56 | 
 57 | 	if (r->EventType < 0 || r->EventType >= MAX_EVENT) {
 58 | 		KdPrint(("[tdi_fw] tdi_set_event_handler: unknown EventType %d!\n", r->EventType));
 59 | 		result = FILTER_ALLOW;
 60 | 		goto done;
 61 | 	}
 62 | 
 63 | 	ctx = &ote_addr->ctx[r->EventType];
 64 | 
 65 | 	if (r->EventHandler != NULL) {
 66 | 		/* add EventHandler */
 67 | 		int i;
 68 | 
 69 | 		for (i = 0; g_tdi_event_handlers[i].event != (ULONG)-1; i++)
 70 | 			if (g_tdi_event_handlers[i].event == r->EventType)
 71 | 				break;
 72 | 
 73 | 		if (g_tdi_event_handlers[i].event == (ULONG)-1) {
 74 | 			KdPrint(("[tdi_fw] tdi_set_event_handler: unknown EventType %d!\n", r->EventType));
 75 | 			result = FILTER_ALLOW;
 76 | 			goto done;
 77 | 		}
 78 | 
 79 | 		ctx->old_handler = r->EventHandler;
 80 | 		ctx->old_context = r->EventContext;
 81 | 
 82 | 		if (g_tdi_event_handlers[i].handler != NULL) {
 83 | 			r->EventHandler = g_tdi_event_handlers[i].handler;
 84 | 			r->EventContext = ctx;
 85 | 		} else {
 86 | 			r->EventHandler = NULL;
 87 | 			r->EventContext = NULL;
 88 | 		}
 89 | 
 90 | 		KdPrint(("[tdi_fw] tdi_set_event_handler: old_handler 0x%x; old_context 0x%x\n",
 91 | 			r->EventHandler, r->EventContext));
 92 | 
 93 | 	} else {
 94 | 		/* remove EventHandler */
 95 | 		ctx->old_handler = NULL;
 96 | 		ctx->old_context = NULL;
 97 | 	}
 98 | 
 99 | 	// change LISTEN state
100 | 	if (r->EventType == TDI_EVENT_CONNECT) {
101 | 		TA_ADDRESS *local_addr;
102 | 
103 | 		if (r->EventHandler != NULL) {
104 | 			// add "LISTEN" info
105 | 			status = add_listen(ote_addr);
106 | 			if (status != STATUS_SUCCESS) {
107 | 				KdPrint(("[tdi_fw] tdi_set_event_handler: add_listen: 0x%x!\n", status));
108 | 				goto done;
109 | 			}
110 | 		} else if (ote_addr->listen_entry != NULL) {
111 | 			// remove "LISTEN" info
112 | 			del_listen_obj(ote_addr->listen_entry, FALSE);
113 | 
114 | 			ote_addr->listen_entry = NULL;
115 | 		}
116 | 	
117 | 		// log it if address is not 127.0.0.1
118 | 		local_addr = (TA_ADDRESS *)(ote_addr->local_addr);
119 | 		if (ntohl(((TDI_ADDRESS_IP *)(local_addr->Address))->in_addr) != 0x7f000001) {
120 | 			struct flt_request request;
121 | 		
122 | 			memset(&request, 0, sizeof(request));
123 | 
124 | 			request.struct_size = sizeof(request);
125 | 
126 | 			request.type = (r->EventHandler != NULL) ? TYPE_LISTEN : TYPE_NOT_LISTEN;
127 | 			request.proto = IPPROTO_TCP;	// correct?
128 | 
129 | 			if (r->EventHandler != NULL) {
130 | 				// for removing event handler ProcessNotifyProc can be already called
131 | 				request.pid = (ULONG)PsGetCurrentProcessId();
132 | 				if (request.pid == 0) {
133 | 					// avoid idle process pid (XXX do we need this?)
134 | 					request.pid = ote_addr->pid;
135 | 				}
136 | 			} else
137 | 				request.pid = (ULONG)-1;
138 | 
139 | 			// get user SID & attributes (can't call get_current_sid_a at DISPATCH_LEVEL)
140 | 			if ((request.sid_a = copy_sid_a(ote_addr->sid_a, ote_addr->sid_a_size)) != NULL)
141 | 				request.sid_a_size = ote_addr->sid_a_size;
142 | 			
143 | 			memcpy(&request.addr.from, &local_addr->AddressType, sizeof(struct sockaddr));
144 | 			request.addr.len = sizeof(struct sockaddr_in);
145 | 
146 | 			log_request(&request);
147 | 
148 | 			if (request.sid_a != NULL)
149 | 				free(request.sid_a);
150 | 		}
151 | 	}
152 | 
153 | 	result = FILTER_ALLOW;
154 | done:
155 | 	// cleanup
156 | 	if (ote_addr != NULL)
157 | 		KeReleaseSpinLock(&g_ot_hash_guard, irql);
158 | 
159 | 	return result;
160 | }
161 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/disp_obj.c:
--------------------------------------------------------------------------------
  1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
  2 |  *
  3 |  * Redistribution and use in source forms, with and without modification,
  4 |  * are permitted provided that this entire comment appears intact.
  5 |  *
  6 |  * Redistribution in binary form may occur without any restrictions.
  7 |  *
  8 |  * This software is provided ``AS IS'' without any warranties of any kind.
  9 |  */
 10 |  
 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 12 | //
 13 | // $Id: disp_obj.c,v 1.10 2003/09/04 15:20:09 dev Exp $
 14 | 
 15 | /*
 16 |  * This file contains TDI_CREATE, TDI_CLEANUP, TDI_ASSOCIATE_ADDRESS and
 17 |  * TDI_DISASSOCIATE_ADDRESS handlers
 18 |  */
 19 | 
 20 | #include <ntddk.h>
 21 | #include <tdikrnl.h>
 22 | #include "sock.h"
 23 | 
 24 | #include "conn_state.h"
 25 | #include "dispatch.h"
 26 | #include "events.h"
 27 | #include "memtrack.h"
 28 | #include "obj_tbl.h"
 29 | #include "pid_pname.h"
 30 | #include "sids.h"
 31 | #include "tdi_fw.h"
 32 | 
 33 | /* IRP completion routines and their contexts */
 34 | 
 35 | static NTSTATUS	tdi_create_addrobj_complete(
 36 | 	IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context);
 37 | 
 38 | // context for tdi_create_addrobj_complete2
 39 | typedef struct {
 40 | 	TDI_ADDRESS_INFO	*tai;		/* address info -- result of TDI_QUERY_ADDRESS_INFO */
 41 | 	PFILE_OBJECT		fileobj;	/* FileObject from IO_STACK_LOCATION */
 42 | } TDI_CREATE_ADDROBJ2_CTX;
 43 | 
 44 | static NTSTATUS tdi_create_addrobj_complete2(
 45 | 	IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context);
 46 | 
 47 | //----------------------------------------------------------------------------
 48 | 
 49 | /*
 50 |  * TDI_CREATE handler
 51 |  */
 52 | 
 53 | int
 54 | tdi_create(PIRP irp, PIO_STACK_LOCATION irps, struct completion *completion)
 55 | {
 56 | 	NTSTATUS status;
 57 | 	FILE_FULL_EA_INFORMATION *ea = (FILE_FULL_EA_INFORMATION *)irp->AssociatedIrp.SystemBuffer;
 58 | 
 59 | 	/* pid resolving stuff: a good place for it (PASSIVE level, begin of working with TDI-objects) */
 60 | 	ULONG pid = (ULONG)PsGetCurrentProcessId();
 61 | 
 62 | 	// if process name is unknown try to resolve it
 63 | 	if (!pid_pname_resolve(pid, NULL, 0)) {
 64 | 		KEVENT event;
 65 | 		struct flt_request request;
 66 | 	
 67 | 		KeInitializeEvent(&event, NotificationEvent, FALSE);
 68 | 		pid_pname_set_event(pid, &event);
 69 | 
 70 | 		memset(&request, 0, sizeof(request));
 71 | 		request.struct_size = sizeof(request);
 72 | 
 73 | 		request.type = TYPE_RESOLVE_PID;
 74 | 		request.pid = pid;
 75 | 
 76 | 		// get user SID & attributes!
 77 | 		request.sid_a = get_current_sid_a(&request.sid_a_size);
 78 | 		
 79 | 		if (log_request(&request)) {
 80 | 			// wait a little for reply from user-mode application
 81 | 			LARGE_INTEGER li;
 82 | 			li.QuadPart = 5000 * -10000;	// 5 sec
 83 | 
 84 | 			status = KeWaitForSingleObject(&event, UserRequest, KernelMode, FALSE, &li);
 85 | 
 86 | 		} else {
 87 | 			// check all rulesets: we've got the only _default_ ruleset active
 88 | 			status = default_chain_only() ? STATUS_SUCCESS : STATUS_UNSUCCESSFUL;
 89 | 		}
 90 | 
 91 | 		if (request.sid_a != NULL)
 92 | 			free(request.sid_a);
 93 | 
 94 | 		// reset wait event
 95 | 		pid_pname_set_event(pid, NULL);
 96 | 
 97 | 		if (status != STATUS_SUCCESS)
 98 | 			return FILTER_DENY;			// deny it!
 99 | 	}
100 | 
101 | 	/* TDI_CREATE related stuff */
102 | 
103 | 	if (ea != NULL) {
104 | 		/*
105 | 		 * We have FILE_FULL_EA_INFORMATION
106 | 		 */
107 | 
108 | 		PDEVICE_OBJECT devobj;
109 | 		int ipproto;
110 | 		
111 | 		devobj = get_original_devobj(irps->DeviceObject, &ipproto);
112 | 		if (devobj == NULL) {
113 | 			KdPrint(("[tdi_fw] tdi_create: unknown device object 0x%x!\n", irps->DeviceObject));
114 | 			return FILTER_DENY;
115 | 		}
116 | 		// NOTE: for RawIp you can extract protocol number from irps->FileObject->FileName
117 | 
118 | 		if (ea->EaNameLength == TDI_TRANSPORT_ADDRESS_LENGTH &&
119 | 			memcmp(ea->EaName, TdiTransportAddress, TDI_TRANSPORT_ADDRESS_LENGTH) == 0) {
120 | 
121 | 			PIRP query_irp;
122 | 
123 | 			/*
124 | 			 * This is creation of address object
125 | 			 */
126 | 
127 | 			KdPrint(("[tdi_fw] tdi_create: devobj 0x%x; addrobj 0x%x\n",
128 | 				irps->DeviceObject,
129 | 				irps->FileObject));
130 | 
131 | 			status = ot_add_fileobj(irps->DeviceObject, irps->FileObject, FILEOBJ_ADDROBJ, ipproto, NULL);
132 | 			if (status != STATUS_SUCCESS) {
133 | 				KdPrint(("[tdi_fw] tdi_create: ot_add_fileobj: 0x%x\n", status));
134 | 				return FILTER_DENY;
135 | 			}
136 | 
137 | 			// while we're on PASSIVE_LEVEL build control IRP for completion
138 | 			query_irp = TdiBuildInternalDeviceControlIrp(TDI_QUERY_INFORMATION,
139 | 				devobj, irps->FileObject, NULL, NULL);
140 | 			if (query_irp == NULL) {
141 | 				KdPrint(("[tdi_fw] tdi_create: TdiBuildInternalDeviceControlIrp\n"));
142 | 				return FILTER_DENY;
143 | 			}
144 | 
145 | 			/* set IRP completion & context for completion */
146 | 
147 | 			completion->routine = tdi_create_addrobj_complete;
148 | 			completion->context = query_irp;
149 | 
150 | 		} else if (ea->EaNameLength == TDI_CONNECTION_CONTEXT_LENGTH &&
151 | 			memcmp(ea->EaName, TdiConnectionContext, TDI_CONNECTION_CONTEXT_LENGTH) == 0) {
152 | 			
153 | 			/*
154 | 			 * This is creation of connection object
155 | 			 */
156 | 
157 | 			CONNECTION_CONTEXT conn_ctx = *(CONNECTION_CONTEXT *)
158 | 				(ea->EaName + ea->EaNameLength + 1);
159 | 
160 | 			KdPrint(("[tdi_fw] tdi_create: devobj 0x%x; connobj 0x%x; conn_ctx 0x%x\n",
161 | 				irps->DeviceObject,
162 | 				irps->FileObject,
163 | 				conn_ctx));
164 | 
165 | 			status = ot_add_fileobj(irps->DeviceObject, irps->FileObject,
166 | 				FILEOBJ_CONNOBJ, ipproto, conn_ctx);
167 | 
168 | 			if (status != STATUS_SUCCESS) {
169 | 				KdPrint(("[tdi_fw] tdi_create: ot_add_fileobj: 0x%x\n", status));
170 | 				return FILTER_DENY;
171 | 			}
172 | 		}
173 | 	
174 | 	} else {
175 | 		/*
176 | 		 * This is creation of control object
177 | 		 */
178 | 		
179 | 		KdPrint(("[tdi_fw] tdi_create(pid:%u): devobj 0x%x; Control Object: 0x%x\n",
180 | 			pid, irps->DeviceObject, irps->FileObject));
181 | 	}
182 | 
183 | 	return FILTER_ALLOW;
184 | }
185 | 
186 | /* this completion routine queries address and port from address object */
187 | NTSTATUS
188 | tdi_create_addrobj_complete(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context)
189 | {
190 | 	NTSTATUS status;
191 | 	PIO_STACK_LOCATION irps = IoGetCurrentIrpStackLocation(Irp);
192 | 	PIRP query_irp = (PIRP)Context;
193 | 	PDEVICE_OBJECT devobj;
194 | 	TDI_CREATE_ADDROBJ2_CTX *ctx = NULL;
195 | 	PMDL mdl = NULL;
196 | 
197 | 	KdPrint(("[tdi_fw] tdi_create_addrobj_complete: devobj 0x%x; addrobj 0x%x\n",
198 | 		DeviceObject, irps->FileObject));
199 | 
200 | 	if (Irp->IoStatus.Status != STATUS_SUCCESS) {
201 | 		KdPrint(("[tdi_fw] tdi_create_addrobj_complete: status 0x%x\n", Irp->IoStatus.Status));
202 | 
203 | 		status = Irp->IoStatus.Status;
204 | 		goto done;
205 | 	}
206 | 
207 | 	// query addrobj address:port
208 | 
209 | 	ctx = (TDI_CREATE_ADDROBJ2_CTX *)malloc_np(sizeof(TDI_CREATE_ADDROBJ2_CTX));
210 | 	if (ctx == NULL) {
211 | 		KdPrint(("[tdi_fw] tdi_create_addrobj_complete: malloc_np\n"));
212 | 		
213 | 		status = STATUS_INSUFFICIENT_RESOURCES;
214 | 		goto done;
215 | 	}
216 | 	ctx->fileobj = irps->FileObject;
217 | 
218 | 	ctx->tai = (TDI_ADDRESS_INFO *)malloc_np(TDI_ADDRESS_INFO_MAX);
219 | 	if (ctx->tai == NULL) {
220 | 		KdPrint(("[tdi_fw] tdi_create_addrobj_complete: malloc_np!\n"));
221 | 
222 | 		status = STATUS_INSUFFICIENT_RESOURCES;
223 | 		goto done;
224 | 	}
225 | 
226 | 	mdl = IoAllocateMdl(ctx->tai, TDI_ADDRESS_INFO_MAX, FALSE, FALSE, NULL);
227 | 	if (mdl == NULL) {
228 | 		KdPrint(("[tdi_fw] tdi_create_addrobj_complete: IoAllocateMdl!\n"));
229 | 		
230 | 		status = STATUS_INSUFFICIENT_RESOURCES;
231 | 		goto done;
232 | 	}
233 | 	MmBuildMdlForNonPagedPool(mdl);
234 | 
235 | 	devobj = get_original_devobj(DeviceObject, NULL);	// use original devobj!
236 | 	if (devobj == NULL) {
237 | 		KdPrint(("[tdi_fw] tdi_create_addrobj_complete: get_original_devobj!\n"));
238 | 
239 | 		status = STATUS_INVALID_PARAMETER;
240 | 		goto done;
241 | 	}
242 | 
243 | 	TdiBuildQueryInformation(query_irp, devobj, irps->FileObject,
244 | 		tdi_create_addrobj_complete2, ctx,
245 | 		TDI_QUERY_ADDRESS_INFO, mdl);
246 | 
247 | 	status = IoCallDriver(devobj, query_irp);
248 | 	query_irp = NULL;
249 | 	mdl = NULL;
250 | 	ctx = NULL;
251 | 
252 | 	if (status != STATUS_SUCCESS) {
253 | 		KdPrint(("[tdi_fw] tdi_create_addrobj_complete: IoCallDriver: 0x%x\n", status));
254 | 		goto done;
255 | 	}
256 | 
257 | 	status = STATUS_SUCCESS;
258 | 
259 | done:
260 | 	// cleanup
261 | 	if (mdl != NULL)
262 | 		IoFreeMdl(mdl);
263 | 	
264 | 	if (ctx != NULL) {
265 | 		if (ctx->tai != NULL)
266 | 			free(ctx->tai);
267 | 		free(ctx);
268 | 	}
269 | 	
270 | 	if (query_irp != NULL)
271 | 		IoCompleteRequest(query_irp, IO_NO_INCREMENT);
272 | 
273 | 	Irp->IoStatus.Status = status;
274 | 	
275 | 	if (status != STATUS_SUCCESS) {
276 | 		// tdi_create failed - remove fileobj from hash
277 | 		ot_del_fileobj(irps->FileObject, NULL);
278 | 	}
279 | 
280 | 	return tdi_generic_complete(DeviceObject, Irp, Context);
281 | }
282 | 
283 | /* this completion routine gets address and port from reply to TDI_QUERY_ADDRESS_INFO */
284 | NTSTATUS
285 | tdi_create_addrobj_complete2(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context)
286 | {
287 | 	NTSTATUS status;
288 | 	TDI_CREATE_ADDROBJ2_CTX *ctx = (TDI_CREATE_ADDROBJ2_CTX *)Context;
289 | 	TA_ADDRESS *addr = ctx->tai->Address.Address;
290 | 	struct ot_entry *ote_addr;
291 | 	KIRQL irql;
292 | 	int ipproto;
293 | 
294 | 	KdPrint(("[tdi_fw] tdi_create_addrobj_complete2: address: %x:%u\n", 
295 | 		 ntohl(((TDI_ADDRESS_IP *)(addr->Address))->in_addr),
296 | 		 ntohs(((TDI_ADDRESS_IP *)(addr->Address))->sin_port)));
297 | 
298 | 	// save address
299 | 
300 | 	ote_addr = ot_find_fileobj(ctx->fileobj, &irql);
301 | 	if (ote_addr == NULL) {
302 | 		KdPrint(("[tdi_fw] tdi_create_addrobj_complete2: ot_find_fileobj(0x%x)\n",
303 | 			ctx->fileobj));
304 | 		status = STATUS_OBJECT_NAME_NOT_FOUND;
305 | 		goto done;
306 | 	}
307 | 
308 | 	if (addr->AddressLength > sizeof(ote_addr->local_addr)) {
309 | 		KdPrint(("[tdi_fw] tdi_create_addrobj_complete2: address too long! (%u)\n",
310 | 			addr->AddressLength));
311 | 		status = STATUS_BUFFER_OVERFLOW;
312 | 		goto done;
313 | 	}
314 | 	memcpy(ote_addr->local_addr, addr, addr->AddressLength);
315 | 
316 | 	if (ote_addr->ipproto != IPPROTO_TCP) {
317 | 		// set "LISTEN" state for this addrobj
318 | 		status = add_listen(ote_addr);
319 | 		if (status != STATUS_SUCCESS) {
320 | 			KdPrint(("[tdi_fw] tdi_create_addrobj_complete2: add_listen: 0x%x!\n", status));
321 | 			goto done;
322 | 		}
323 | 	}
324 | 
325 | 	status = STATUS_SUCCESS;
326 | done:
327 | 	if (ote_addr != NULL)
328 | 		KeReleaseSpinLock(&g_ot_hash_guard, irql);
329 | 
330 | 	// cleanup MDL to avoid unlocking pages from NonPaged pool
331 | 	if (Irp->MdlAddress != NULL) {
332 | 		IoFreeMdl(Irp->MdlAddress);
333 | 		Irp->MdlAddress = NULL;
334 | 	}
335 | 
336 | 	free(ctx->tai);
337 | 	free(ctx);
338 | 
339 | 	// success anyway
340 | 	return STATUS_SUCCESS;
341 | }
342 | 
343 | //----------------------------------------------------------------------------
344 | 
345 | /*
346 |  * TDI_CLEANUP handler
347 |  */
348 | 
349 | int
350 | tdi_cleanup(PIRP irp, PIO_STACK_LOCATION irps, struct completion *completion)
351 | {
352 | 	NTSTATUS status;
353 | 	int type;
354 | 
355 | 	// delete fileobj
356 | 
357 | 	status = ot_del_fileobj(irps->FileObject, &type);
358 | 	if (status != STATUS_SUCCESS)
359 | 		KdPrint(("[tdi_fw] tdi_cleanup: del_fileobj: 0x%x!\n", status));
360 | 	else
361 | 		KdPrint(("[tdi_fw] tdi_cleanup: fileobj 0x%x, type %d\n", irps->FileObject, type));
362 | 
363 | 	// success anyway
364 | 	return FILTER_ALLOW;
365 | }
366 | 
367 | //----------------------------------------------------------------------------
368 | 
369 | /*
370 |  * TDI_ASSOCIATE_ADDRESS handler
371 |  *
372 |  * With help of this routine we can get address object by connection object
373 |  * and get connection object by connection context and address object
374 |  */
375 | int
376 | tdi_associate_address(PIRP irp, PIO_STACK_LOCATION irps, struct completion *completion)
377 | {
378 | 	HANDLE addr_handle = ((TDI_REQUEST_KERNEL_ASSOCIATE *)(&irps->Parameters))->AddressHandle;
379 | 	PFILE_OBJECT addrobj = NULL;
380 | 	NTSTATUS status;
381 | 	struct ot_entry *ote_conn = NULL;
382 | 	KIRQL irql;
383 | 	int result = FILTER_DENY;
384 | 
385 | 	KdPrint(("[tdi_fw] tdi_associate_address: devobj 0x%x; connobj 0x%x\n",
386 | 		irps->DeviceObject, irps->FileObject));
387 | 
388 | 	status = ObReferenceObjectByHandle(addr_handle, GENERIC_READ, NULL, KernelMode, &addrobj, NULL);
389 | 	if (status != STATUS_SUCCESS) {
390 | 		KdPrint(("[tdi_fw] tdi_associate_address: ObReferenceObjectByHandle: 0x%x\n", status));
391 | 		goto done;
392 | 	}
393 | 
394 | 	KdPrint(("[tdi_fw] tdi_associate_address: connobj = 0x%x ---> addrobj = 0x%x\n",
395 | 		irps->FileObject, addrobj));
396 | 
397 | 	// associate addrobj with connobj
398 | 
399 | 	ote_conn = ot_find_fileobj(irps->FileObject, &irql);
400 | 	if (ote_conn == NULL) {
401 | 		KdPrint(("[tdi_fw] tdi_associate_address: ot_find_fileobj(0x%x)\n", irps->FileObject));
402 | 		goto done;
403 | 	}
404 | 	ote_conn->associated_fileobj = addrobj;
405 | 
406 | 	// add (conn_ctx, addrobj)->connobj
407 | 
408 | 	status = ot_add_conn_ctx(addrobj, ote_conn->conn_ctx, irps->FileObject);
409 | 	if (status != STATUS_SUCCESS) {
410 | 		KdPrint(("[tdi_fw] tdi_associate_address: ot_add_conn_ctx: 0x%x\n", status));
411 | 		goto done;
412 | 	}
413 | 
414 | 	result = FILTER_ALLOW;
415 | done:
416 | 	if (addrobj != NULL)
417 | 		ObDereferenceObject(addrobj);
418 | 
419 | 	// cleanup
420 | 	if (ote_conn != NULL)
421 | 		KeReleaseSpinLock(&g_ot_hash_guard, irql);
422 | 
423 | 	return result;
424 | }
425 | 
426 | //----------------------------------------------------------------------------
427 | 
428 | /*
429 |  * TDI_DISASSOCIATE_ADDRESS handler
430 |  */
431 | int
432 | tdi_disassociate_address(PIRP irp, PIO_STACK_LOCATION irps, struct completion *completion)
433 | {
434 | 	struct ot_entry *ote_conn = NULL;
435 | 	KIRQL irql;
436 | 	NTSTATUS status;
437 | 
438 | 	KdPrint(("[tdi_fw] tdi_disassociate_address: connobj 0x%x\n", irps->FileObject));
439 | 
440 | 	// delete connnection object
441 | 	ote_conn = ot_find_fileobj(irps->FileObject, &irql);
442 | 	if (ote_conn == NULL) {
443 | 		KdPrint(("[tdi_fw] tdi_disassociate_address: ot_find_fileobj(0x%x)\n", irps->FileObject));
444 | 		goto done;
445 | 	}
446 | 
447 | 	// delete link of (addrobj, conn_ctx)->connobj
448 | 	status = ot_del_conn_ctx(ote_conn->associated_fileobj, ote_conn->conn_ctx);
449 | 	if (status != STATUS_SUCCESS) {
450 | 		KdPrint(("[tdi_fw] tdi_disassociate_address: ot_del_conn_ctx: 0x%x\n", status));
451 | 		goto done;
452 | 	}
453 | 
454 | done:
455 | 	if (ote_conn != NULL)
456 | 		KeReleaseSpinLock(&g_ot_hash_guard, irql);
457 | 
458 | 	// success anyway
459 | 	return FILTER_ALLOW;
460 | }
461 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/disp_sr.c:
--------------------------------------------------------------------------------
  1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
  2 |  *
  3 |  * Redistribution and use in source forms, with and without modification,
  4 |  * are permitted provided that this entire comment appears intact.
  5 |  *
  6 |  * Redistribution in binary form may occur without any restrictions.
  7 |  *
  8 |  * This software is provided ``AS IS'' without any warranties of any kind.
  9 |  */
 10 |  
 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 12 | //
 13 | // $Id: disp_sr.c,v 1.2 2003/09/04 15:20:09 dev Exp $
 14 | 
 15 | /*
 16 |  * This file contains TDI_SEND and TDI_RECEIVE handlers
 17 |  */
 18 | 
 19 | #include <ntddk.h>
 20 | #include <tdikrnl.h>
 21 | #include "sock.h"
 22 | 
 23 | #include "dispatch.h"
 24 | #include "memtrack.h"
 25 | #include "obj_tbl.h"
 26 | #include "tdi_fw.h"
 27 | 
 28 | static NTSTATUS tdi_receive_complete(
 29 | 	IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context);
 30 | 
 31 | //----------------------------------------------------------------------------
 32 | 
 33 | /*
 34 |  * TDI_SEND handler
 35 |  */
 36 | 
 37 | int
 38 | tdi_send(PIRP irp, PIO_STACK_LOCATION irps, struct completion *completion)
 39 | {
 40 | 	TDI_REQUEST_KERNEL_SEND *param = (TDI_REQUEST_KERNEL_SEND *)(&irps->Parameters);
 41 | 	struct ot_entry *ote_conn;
 42 | 	KIRQL irql;
 43 | 
 44 | 	KdPrint(("[tdi_fw] tdi_send: connobj: 0x%x; SendLength: %u; SendFlags: 0x%x\n",
 45 | 		irps->FileObject, param->SendLength, param->SendFlags));
 46 | 
 47 | 	ote_conn = ot_find_fileobj(irps->FileObject, &irql);
 48 | 	if (ote_conn != NULL) {
 49 | 		ULONG bytes = param->SendLength;
 50 | 
 51 | 		ote_conn->bytes_out += bytes;
 52 | 
 53 | 		// traffic stats
 54 | 		KeAcquireSpinLockAtDpcLevel(&g_traffic_guard);
 55 | 		
 56 | 		g_traffic[TRAFFIC_TOTAL_OUT] += bytes;
 57 | 		
 58 | 		if (ote_conn->log_disconnect)
 59 | 			g_traffic[TRAFFIC_COUNTED_OUT] += bytes;
 60 | 		
 61 | 		KeReleaseSpinLockFromDpcLevel(&g_traffic_guard);
 62 | 
 63 | 		KeReleaseSpinLock(&g_ot_hash_guard, irql);
 64 | 	}
 65 | 
 66 | 	// TODO: process TDI_SEND_AND_DISCONNECT flag (used by IIS for example)
 67 | 
 68 | 	return FILTER_ALLOW;
 69 | }
 70 | 
 71 | //----------------------------------------------------------------------------
 72 | 
 73 | /*
 74 |  * TDI_RECEIVE handler
 75 |  */
 76 | 
 77 | int
 78 | tdi_receive(PIRP irp, PIO_STACK_LOCATION irps, struct completion *completion)
 79 | {
 80 | 	TDI_REQUEST_KERNEL_RECEIVE *param = (TDI_REQUEST_KERNEL_RECEIVE *)(&irps->Parameters);
 81 | 
 82 | 	KdPrint(("[tdi_fw] tdi_receive: connobj: 0x%x; ReceiveLength: %u; ReceiveFlags: 0x%x\n",
 83 | 		irps->FileObject, param->ReceiveLength, param->ReceiveFlags));
 84 | 
 85 | 	if (!(param->ReceiveFlags & TDI_RECEIVE_PEEK)) {
 86 | 		completion->routine = tdi_receive_complete;
 87 | 	}
 88 | 
 89 | 	return FILTER_ALLOW;
 90 | }
 91 | 
 92 | NTSTATUS
 93 | tdi_receive_complete(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context)
 94 | {
 95 | 	PIO_STACK_LOCATION irps = IoGetCurrentIrpStackLocation(Irp);
 96 | 	struct ot_entry *ote_conn;
 97 | 	KIRQL irql;
 98 | 
 99 | 	KdPrint(("[tdi_fw] tdi_receive_complete: connobj: 0x%x; status: 0x%x; received: %u\n",
100 | 		irps->FileObject, Irp->IoStatus.Status, Irp->IoStatus.Information));
101 | 
102 | 	ote_conn = ot_find_fileobj(irps->FileObject, &irql);
103 | 	if (ote_conn != NULL) {
104 | 		ULONG bytes =  Irp->IoStatus.Information;
105 | 
106 | 		ote_conn->bytes_in += bytes;
107 | 
108 | 		// traffic stats
109 | 		KeAcquireSpinLockAtDpcLevel(&g_traffic_guard);
110 | 		
111 | 		g_traffic[TRAFFIC_TOTAL_IN] += bytes;
112 | 		
113 | 		if (ote_conn->log_disconnect)
114 | 			g_traffic[TRAFFIC_COUNTED_IN] += bytes;
115 | 		
116 | 		KeReleaseSpinLockFromDpcLevel(&g_traffic_guard);
117 | 
118 | 		KeReleaseSpinLock(&g_ot_hash_guard, irql);
119 | 	}
120 | 
121 | 	return tdi_generic_complete(DeviceObject, Irp, Context);
122 | }
123 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/dispatch.c:
--------------------------------------------------------------------------------
 1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
 2 |  *
 3 |  * Redistribution and use in source forms, with and without modification,
 4 |  * are permitted provided that this entire comment appears intact.
 5 |  *
 6 |  * Redistribution in binary form may occur without any restrictions.
 7 |  *
 8 |  * This software is provided ``AS IS'' without any warranties of any kind.
 9 |  */
10 |  
11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
12 | //
13 | // $Id: dispatch.c,v 1.7 2003/09/04 15:20:09 dev Exp $
14 | 
15 | /*
16 |  * Dispatch routines for TDI ioctls
17 |  */
18 | 
19 | #include <ntddk.h>
20 | #include <tdikrnl.h>
21 | #include "sock.h"
22 | 
23 | #include "dispatch.h"
24 | 
25 | #if DBG
26 | #	define ENTRY(code, fn)	{code, fn, #code}
27 | #	define LAST_ENTRY		{0, NULL, NULL}
28 | #else
29 | #	define ENTRY(code, fn)	{code, fn}
30 | #	define LAST_ENTRY		{0, NULL}
31 | #endif
32 | 
33 | struct tdi_ioctl g_tdi_ioctls[] = {
34 | 	ENTRY(TDI_ASSOCIATE_ADDRESS,	tdi_associate_address),
35 | 	ENTRY(TDI_CONNECT,				tdi_connect),
36 | 	ENTRY(TDI_DISASSOCIATE_ADDRESS,	tdi_disassociate_address),
37 | 	ENTRY(TDI_SET_EVENT_HANDLER,	tdi_set_event_handler),
38 | 	ENTRY(TDI_SEND_DATAGRAM,		tdi_send_datagram),
39 | 	ENTRY(TDI_RECEIVE_DATAGRAM,		tdi_receive_datagram),
40 | 	ENTRY(TDI_DISCONNECT,			tdi_disconnect),
41 | 	ENTRY(TDI_SEND,					tdi_send),
42 | 	ENTRY(TDI_RECEIVE,				tdi_receive),
43 | #if 1		// for now only deny stubs for security reasons
44 | 	ENTRY(TDI_ACCEPT,				tdi_deny_stub),
45 | 	ENTRY(TDI_LISTEN,				tdi_deny_stub),
46 | #endif
47 | 	LAST_ENTRY
48 | };
49 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/dispatch.h:
--------------------------------------------------------------------------------
 1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 2 | //
 3 | // $Id: dispatch.h,v 1.4 2003/09/04 15:20:09 dev Exp $
 4 | 
 5 | #ifndef _dispatch_h_
 6 | #define _dispatch_h_
 7 | 
 8 | // information about completion routine
 9 | struct completion {
10 | 	PIO_COMPLETION_ROUTINE	routine;
11 | 	PVOID					context;
12 | };
13 | 
14 | /* 
15 |  * TDI ioctl dispatcher function
16 |  * returns FILTER_xxx
17 |  */
18 | typedef int tdi_ioctl_fn_t(PIRP irp, PIO_STACK_LOCATION irps, struct completion *completion);
19 | 
20 | // IRP_MJ_CREATE, IRP_MJ_CLEANUP dispatch routines
21 | extern tdi_ioctl_fn_t tdi_create, tdi_cleanup;
22 | 
23 | // IRP_MJ_INTERNAL_DEVICE_CONTROL ioctl dispatch routines
24 | extern tdi_ioctl_fn_t
25 | 	tdi_associate_address,
26 | 	tdi_connect,
27 | 	tdi_disassociate_address,
28 | 	tdi_set_event_handler,
29 | 	tdi_send_datagram,
30 | 	tdi_receive_datagram,
31 | 	tdi_disconnect,
32 | 	tdi_send,
33 | 	tdi_receive,
34 | 	tdi_deny_stub;
35 | 
36 | // helper struct for calling of TDI ioctls
37 | struct tdi_ioctl {
38 | 	UCHAR			MinorFunction;
39 | 	tdi_ioctl_fn_t	*fn;
40 | 
41 | #if DBG
42 | 	// for debugging
43 | 	const char		*desc;
44 | #endif
45 | };
46 | 
47 | extern struct tdi_ioctl g_tdi_ioctls[];
48 | 
49 | #endif
50 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/ev_conn.c:
--------------------------------------------------------------------------------
  1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
  2 |  *
  3 |  * Redistribution and use in source forms, with and without modification,
  4 |  * are permitted provided that this entire comment appears intact.
  5 |  *
  6 |  * Redistribution in binary form may occur without any restrictions.
  7 |  *
  8 |  * This software is provided ``AS IS'' without any warranties of any kind.
  9 |  */
 10 |  
 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 12 | //
 13 | // $Id: ev_conn.c,v 1.9 2005/09/01 11:19:11 vlad Exp $
 14 | 
 15 | /*
 16 |  * This file contain TDI_EVENT_CONNECT & TDI_EVENT_DISCONNECT handlers
 17 |  */
 18 | 
 19 | #include <ntddk.h>
 20 | #include <tdikrnl.h>
 21 | #include "sock.h"
 22 | 
 23 | #include "conn_state.h"
 24 | #include "dispatch.h"
 25 | #include "events.h"
 26 | #include "memtrack.h"
 27 | #include "obj_tbl.h"
 28 | #include "sids.h"
 29 | #include "tdi_fw.h"
 30 | 
 31 | struct accept_param {
 32 |     PIO_COMPLETION_ROUTINE	old_cr;
 33 |     PVOID					old_context;
 34 | 	PFILE_OBJECT			fileobj;
 35 | 	UCHAR					old_control;
 36 | };
 37 | 
 38 | static NTSTATUS		tdi_evconn_accept_complete(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context);
 39 | 
 40 | //----------------------------------------------------------------------------
 41 | 
 42 | /*
 43 |  * TDI_EVENT_CONNECT handler
 44 |  */
 45 | 
 46 | NTSTATUS
 47 | tdi_event_connect(
 48 |     IN PVOID TdiEventContext,
 49 |     IN LONG RemoteAddressLength,
 50 |     IN PVOID RemoteAddress,
 51 |     IN LONG UserDataLength,
 52 |     IN PVOID UserData,
 53 |     IN LONG OptionsLength,
 54 |     IN PVOID Options,
 55 |     OUT CONNECTION_CONTEXT *ConnectionContext,
 56 |     OUT PIRP *AcceptIrp)
 57 | {
 58 | 	TDI_EVENT_CONTEXT *ctx = (TDI_EVENT_CONTEXT *)TdiEventContext;
 59 | 	TA_ADDRESS *remote_addr = ((TRANSPORT_ADDRESS *)RemoteAddress)->Address, *local_addr;
 60 | 	struct ot_entry *ote_addr = NULL, *ote_conn = NULL;
 61 | 	KIRQL irql;
 62 | 	struct flt_request request;
 63 | 	struct flt_rule rule;
 64 | 	int result = FILTER_DENY;
 65 | 	NTSTATUS status;
 66 | 	PIO_STACK_LOCATION irps = NULL;
 67 | 	struct accept_param *param = NULL;
 68 | 
 69 | 	memset(&request, 0, sizeof(request));
 70 | 
 71 | 	KdPrint(("[tdi_fw] tdi_event_connect: addrobj 0x%x\n", ctx->fileobj));
 72 | 	
 73 | 	ote_addr = ot_find_fileobj(ctx->fileobj, &irql);
 74 | 	if (ote_addr == NULL) {
 75 | 		KdPrint(("[tdi_fw] tdi_event_connect: ot_find_fileobj(0x%x)\n", ctx->fileobj));
 76 | 		goto done;
 77 | 	}
 78 | 
 79 | 	local_addr = (TA_ADDRESS *)(ote_addr->local_addr);
 80 | 
 81 | 	KdPrint(("[tdi_fw] tdi_event_connect(pid:%u): %x:%u -> %x:%u\n",
 82 | 		ote_addr->pid,
 83 | 		ntohl(((TDI_ADDRESS_IP *)(remote_addr->Address))->in_addr),
 84 | 		ntohs(((TDI_ADDRESS_IP *)(remote_addr->Address))->sin_port),
 85 | 		ntohl(((TDI_ADDRESS_IP *)(local_addr->Address))->in_addr),
 86 | 		ntohs(((TDI_ADDRESS_IP *)(local_addr->Address))->sin_port)));
 87 | 
 88 | 	/*
 89 | 	 * request quick filter
 90 | 	 */
 91 | 
 92 | 	request.struct_size = sizeof(request);
 93 | 
 94 | 	request.type = TYPE_CONNECT;
 95 | 	request.direction = DIRECTION_IN;
 96 | 	request.proto = IPPROTO_TCP;
 97 | 	request.pid = ote_addr->pid;
 98 | 
 99 | 	// get user SID & attributes!
100 | 	if ((request.sid_a = copy_sid_a(ote_addr->sid_a, ote_addr->sid_a_size)) != NULL)
101 | 		request.sid_a_size = ote_addr->sid_a_size;
102 | 	
103 | 	memcpy(&request.addr.from, &remote_addr->AddressType, sizeof(struct sockaddr));
104 | 	memcpy(&request.addr.to, &local_addr->AddressType, sizeof(struct sockaddr));
105 | 	request.addr.len = sizeof(struct sockaddr_in);
106 | 
107 | 	result = quick_filter(&request, &rule);
108 | 
109 | 	memcpy(request.log_rule_id, rule.rule_id, RULE_ID_SIZE);
110 | 
111 | 	// log request later
112 | 
113 | 	if (result == FILTER_DENY)
114 | 		goto done;
115 | 
116 | 	result = FILTER_DENY;
117 | 
118 | 	// leave spinlock before calling original handler
119 | 	KeReleaseSpinLock(&g_ot_hash_guard, irql);
120 | 	ote_addr = NULL;
121 | 
122 | 	/*
123 | 	 * run original handler
124 | 	 */
125 | 
126 | 	status = ((PTDI_IND_CONNECT)(ctx->old_handler))
127 | 		(ctx->old_context, RemoteAddressLength, RemoteAddress,
128 | 		UserDataLength, UserData, OptionsLength, Options, ConnectionContext,
129 | 		AcceptIrp);
130 | 
131 |     if (status != STATUS_MORE_PROCESSING_REQUIRED || *AcceptIrp == NULL) {
132 |         KdPrint(("[tdi_fw] tdi_event_connect: status from original handler: 0x%x\n", status));
133 | 		goto done;
134 |     }
135 | 
136 | 	/*
137 | 	 * reinitialize connobj
138 | 	 */
139 | 
140 | 	irps = IoGetCurrentIrpStackLocation(*AcceptIrp);
141 | 	KdPrint(("[tdi_fw] tdi_event_connect: connobj 0x%x\n", irps->FileObject));
142 | 
143 | 	// patch *AcceptIrp to change completion routine
144 | 
145 | 	param = (struct accept_param *)malloc_np(sizeof(*param));
146 | 	if (param == NULL) {
147 | 		KdPrint(("[tdi_fw] tdi_event_connect: malloc_np!\n"));
148 |         status = STATUS_INSUFFICIENT_RESOURCES;
149 | 		goto done;
150 | 	}
151 | 
152 | 	param->old_cr = irps->CompletionRoutine;
153 | 	param->old_context = irps->Context;
154 | 	param->fileobj = irps->FileObject;
155 | 
156 | 	param->old_control = irps->Control;
157 | 
158 | 	// can't use IoSetCompletionRoutine because it uses next not current stack location
159 | 	irps->Control = SL_INVOKE_ON_SUCCESS | SL_INVOKE_ON_ERROR | SL_INVOKE_ON_CANCEL;
160 | 	irps->CompletionRoutine = tdi_evconn_accept_complete;
161 | 	irps->Context = param;
162 | 
163 | 	param = NULL;
164 | 
165 | 	// find connobj for changing
166 | 
167 | 	ote_conn = ot_find_fileobj(irps->FileObject, &irql);
168 | 	if (ote_conn == NULL) {
169 | 		KdPrint(("[tdi_fw] tdi_event_connect: ot_find_fileobj(0x%x)\n", irps->FileObject));
170 |         status = STATUS_OBJECT_NAME_NOT_FOUND;
171 | 		goto done;
172 | 	}
173 | 
174 |     ASSERT(ote_conn->type == FILEOBJ_CONNOBJ);
175 | 
176 |     // connobj must be associated with addrobj!
177 |     if (ote_conn->associated_fileobj != ctx->fileobj) {
178 |         KdPrint(("[tdi_fw] tdi_event_connect: 0x%x != 0x%x\n", ote_conn->associated_fileobj, ctx->fileobj));
179 |         status = STATUS_INVALID_PARAMETER;
180 |         goto done;
181 |     }
182 | 
183 |     // change conn_ctx (if needed)
184 |     if (ote_conn->conn_ctx != *ConnectionContext) {
185 |         // update (conn_ctx, addrobj)->connobj
186 | 
187 | 	    status = ot_del_conn_ctx(ote_conn->associated_fileobj, ote_conn->conn_ctx);
188 | 	    if (status != STATUS_SUCCESS) {
189 | 		    KdPrint(("[tdi_fw] tdi_event_connect: ot_del_conn_ctx: 0x%x\n", status));
190 |             goto done;
191 |         }
192 | 
193 |         ote_conn->conn_ctx = *ConnectionContext;
194 | 
195 | 	    status = ot_add_conn_ctx(ote_conn->associated_fileobj, ote_conn->conn_ctx, irps->FileObject);
196 | 	    if (status != STATUS_SUCCESS) {
197 | 		    KdPrint(("[tdi_fw] tdi_event_connect: ot_add_conn_ctx: 0x%x\n", status));
198 | 		    goto done;
199 | 	    }
200 |     
201 |     }
202 | 
203 |     // clear listen & conn entries in connobj (fileobject can be reused)
204 | 
205 |     ASSERT(ote_conn->listen_entry == NULL);
206 |     if (ote_conn->listen_entry != NULL)
207 | 		del_listen_obj(ote_conn->listen_entry, FALSE);       // free build case
208 |     
209 |     if (ote_conn->conn_entry != NULL) {
210 | 
211 | 		if (ote_conn->ipproto == IPPROTO_TCP && ote_conn->log_disconnect)
212 | 			log_disconnect(ote_conn);
213 |     	
214 | 		del_tcp_conn_obj(ote_conn->conn_entry, FALSE);
215 | 	}
216 | 
217 |     // clear bytes count
218 |     ote_conn->bytes_in = ote_conn->bytes_out = 0;
219 | 
220 |     // setup log_disconnect flag from rule
221 |     ote_conn->log_disconnect = (rule.log >= RULE_LOG_COUNT);
222 | 
223 | 	// sanity check
224 | 	if (local_addr->AddressLength != remote_addr->AddressLength) {
225 | 		KdPrint(("[tdi_fw] tdi_event_connect: different addr lengths! (%u != %u)\n",
226 | 			local_addr->AddressLength,
227 | 			remote_addr->AddressLength));
228 |         status = STATUS_INFO_LENGTH_MISMATCH;
229 | 		goto done;
230 | 	}
231 | 
232 | 	// associate remote address with connobj
233 | 	
234 | 	if (remote_addr->AddressLength > sizeof(ote_conn->remote_addr)) {
235 | 		KdPrint(("[tdi_fw] tdi_event_connect: address too long! (%u)\n",
236 | 			remote_addr->AddressLength));
237 |         status = STATUS_BUFFER_TOO_SMALL;
238 | 		goto done;
239 | 	}
240 | 	memcpy(ote_conn->remote_addr, remote_addr, remote_addr->AddressLength);
241 | 
242 | 	// associate local address with connobj
243 | 
244 | 	if (local_addr->AddressLength > sizeof(ote_conn->local_addr)) {
245 | 		KdPrint(("[tdi_fw] tdi_event_connect: address too long! (%u)\n",
246 | 			local_addr->AddressLength));
247 |         status = STATUS_BUFFER_TOO_SMALL;
248 | 		goto done;
249 | 	}
250 | 	memcpy(ote_conn->local_addr, local_addr, local_addr->AddressLength);
251 | 
252 | 	// create connection with "SYN_RCVD" state
253 | 	status = add_tcp_conn(ote_conn, TCP_STATE_SYN_RCVD);
254 | 	if (status != STATUS_SUCCESS) {
255 | 		KdPrint(("[tdi_fw] tdi_event_connect: add_tcp_conn: 0x%x\n", status));
256 | 		goto done;
257 | 	}
258 | 
259 | 	result = FILTER_ALLOW;
260 | 
261 | done:
262 | 	// if logging is needed log request
263 | 	if (rule.log >= RULE_LOG_LOG) {
264 |         if (result != FILTER_ALLOW && rule.result == FILTER_ALLOW) {
265 | 			request.type = TYPE_CONNECT_ERROR;		// error has been occured
266 |             request.status = status;
267 |         }
268 | 
269 | 		log_request(&request);
270 | 	}
271 | 
272 | 	if (result != FILTER_ALLOW) {
273 | 		// deny incoming connection
274 | 
275 |         KdPrint(("[tdi_fw] tdi_event_connect: deny on reason 0x%x\n", status));
276 | 
277 | 		if (irps != NULL) {
278 | 			// delete connection
279 | 			if (ote_conn != NULL && ote_conn->conn_entry != NULL) {
280 | 				del_tcp_conn_obj(ote_conn->conn_entry, FALSE);
281 | 				ote_conn->conn_entry = NULL;
282 | 			}
283 | 
284 | 	        // release spinlock before IoCompleteRequest to avoid completion call inside spinlock
285 |             if (ote_addr != NULL || ote_conn != NULL) {
286 | 		        KeReleaseSpinLock(&g_ot_hash_guard, irql);
287 |                 
288 |                 ote_addr = NULL;
289 |                 ote_conn = NULL;
290 |             }
291 | 
292 | 			// destroy accepted IRP
293 | 			(*AcceptIrp)->IoStatus.Status = STATUS_UNSUCCESSFUL;
294 | 			IoCompleteRequest(*AcceptIrp, IO_NO_INCREMENT);
295 | 		}
296 | 
297 | 		*AcceptIrp = NULL;
298 | 		status = STATUS_CONNECTION_REFUSED;
299 | 	} else
300 | 		status = STATUS_MORE_PROCESSING_REQUIRED;
301 | 
302 | 	// cleanup
303 | 	if (ote_addr != NULL || ote_conn != NULL)
304 | 		KeReleaseSpinLock(&g_ot_hash_guard, irql);
305 | 	if (param != NULL)
306 | 		free(param);
307 | 	if (request.sid_a != NULL)
308 | 		free(request.sid_a);
309 | 
310 | 	return status;
311 | }
312 | 
313 | NTSTATUS
314 | tdi_evconn_accept_complete(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context)
315 | {
316 | 	PIO_STACK_LOCATION irps = IoGetNextIrpStackLocation(Irp);
317 | 	struct accept_param *param = (struct accept_param *)Context;
318 | 	NTSTATUS status = STATUS_SUCCESS;
319 | 
320 | 	KdPrint(("[tdi_fw] tdi_evconn_accept_complete: status 0x%x\n", Irp->IoStatus.Status));
321 | 
322 |     if (Irp->IoStatus.Status == STATUS_SUCCESS) {
323 | 		set_tcp_conn_state(param->fileobj, TCP_STATE_ESTABLISHED_IN);
324 | 
325 | 	    // query & update connection local_addr
326 | 	    update_conn_info(irps->DeviceObject, param->fileobj);
327 | 
328 |     } else
329 | 		del_tcp_conn(param->fileobj, TRUE);		// TRUE because we logged connection in event handler
330 | 
331 | 	// restore routine and context (and even control!)
332 | 	irps->CompletionRoutine = param->old_cr;
333 | 	irps->Context = param->old_context;
334 | 	irps->Control = param->old_control;
335 | 
336 | 	// call original completion (I like this code :-)
337 | 
338 | 	if (param->old_cr != NULL) {
339 | 		// call old completion (see the old control)
340 | 		BOOLEAN b_call = FALSE;
341 | 
342 | 		if (Irp->Cancel) {
343 | 			// cancel
344 | 			if (param->old_control & SL_INVOKE_ON_CANCEL)
345 | 				b_call = TRUE;
346 | 		} else {
347 | 			if (Irp->IoStatus.Status >= STATUS_SUCCESS) {
348 | 				// success
349 | 				if (param->old_control & SL_INVOKE_ON_SUCCESS)
350 | 					b_call = TRUE;
351 | 			} else {
352 | 				// error
353 | 				if (param->old_control & SL_INVOKE_ON_ERROR)
354 | 					b_call = TRUE;
355 | 			}
356 | 		}
357 | 
358 | 		if (b_call)
359 | 			status = param->old_cr(DeviceObject, Irp, param->old_context);
360 | 	}
361 | 
362 | 	free(param);
363 | 	return status;
364 | }
365 | 
366 | //----------------------------------------------------------------------------
367 | 
368 | /*
369 |  * TDI_EVENT_DISCONNECT handler
370 |  */
371 | 
372 | NTSTATUS
373 | tdi_event_disconnect(
374 |     IN PVOID TdiEventContext,
375 |     IN CONNECTION_CONTEXT ConnectionContext,
376 |     IN LONG DisconnectDataLength,
377 |     IN PVOID DisconnectData,
378 |     IN LONG DisconnectInformationLength,
379 |     IN PVOID DisconnectInformation,
380 |     IN ULONG DisconnectFlags)
381 | {
382 | 	TDI_EVENT_CONTEXT *ctx = (TDI_EVENT_CONTEXT *)TdiEventContext;
383 | 	PFILE_OBJECT connobj = ot_find_conn_ctx(ctx->fileobj, ConnectionContext);
384 | 
385 | 	KdPrint(("[tdi_fw] tdi_event_disconnect: connobj: 0x%x (flags: 0x%x)\n",
386 | 		connobj, DisconnectFlags));
387 | 
388 | 	if (DisconnectFlags & TDI_DISCONNECT_RELEASE) {
389 | 		int state = get_tcp_conn_state_by_obj(connobj);
390 | 		
391 | 		if (state == TCP_STATE_ESTABLISHED_IN || state == TCP_STATE_ESTABLISHED_OUT)
392 | 			set_tcp_conn_state(connobj, TCP_STATE_CLOSE_WAIT);
393 | 		else if (state == TCP_STATE_FIN_WAIT2)
394 | 			set_tcp_conn_state(connobj, TCP_STATE_TIME_WAIT);
395 | 		else
396 | 			KdPrint(("[tdi_fw] tdi_event_disconnect: weird conn state: %d\n", state));
397 | 
398 | 	} else
399 | 		del_tcp_conn(connobj, TRUE);
400 | 
401 | 	return ((PTDI_IND_DISCONNECT)(ctx->old_handler))(ctx->old_context, ConnectionContext,
402 | 		DisconnectDataLength, DisconnectData, DisconnectInformationLength,
403 | 		DisconnectInformation, DisconnectFlags);
404 | }
405 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/ev_dg.c:
--------------------------------------------------------------------------------
  1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
  2 |  *
  3 |  * Redistribution and use in source forms, with and without modification,
  4 |  * are permitted provided that this entire comment appears intact.
  5 |  *
  6 |  * Redistribution in binary form may occur without any restrictions.
  7 |  *
  8 |  * This software is provided ``AS IS'' without any warranties of any kind.
  9 |  */
 10 |  
 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 12 | //
 13 | // $Id: ev_dg.c,v 1.6 2003/09/04 15:20:09 dev Exp $
 14 | 
 15 | /*
 16 |  * This file contains TDI_EVENT_RECEIVE_DATAGRAM handler
 17 |  */
 18 | 
 19 | #include <ntddk.h>
 20 | #include <tdikrnl.h>
 21 | #include "sock.h"
 22 | 
 23 | #include "events.h"
 24 | #include "filter.h"
 25 | #include "memtrack.h"
 26 | #include "obj_tbl.h"
 27 | #include "sids.h"
 28 | #include "tdi_fw.h"
 29 | 
 30 | //----------------------------------------------------------------------------
 31 | 
 32 | /*
 33 |  * TDI_EVENT_RECEIVE_DATAGRAM handler
 34 |  */
 35 | 
 36 | NTSTATUS tdi_event_receive_datagram(
 37 |     IN PVOID TdiEventContext,
 38 |     IN LONG SourceAddressLength,
 39 |     IN PVOID SourceAddress,
 40 |     IN LONG OptionsLength,
 41 |     IN PVOID Options,
 42 |     IN ULONG ReceiveDatagramFlags,
 43 |     IN ULONG BytesIndicated,
 44 |     IN ULONG BytesAvailable,
 45 |     OUT ULONG *BytesTaken,
 46 |     IN PVOID Tsdu,
 47 |     OUT PIRP *IoRequestPacket)
 48 | {
 49 | 	TDI_EVENT_CONTEXT *ctx = (TDI_EVENT_CONTEXT *)TdiEventContext;
 50 | 	struct ot_entry *ote_addr = NULL;
 51 | 	KIRQL irql;
 52 | 	TA_ADDRESS *remote_addr, *local_addr;
 53 | 	NTSTATUS status;
 54 | 	int ipproto, result = FILTER_DENY;
 55 | 	struct flt_request request;
 56 | 	struct flt_rule rule;
 57 | 
 58 | 	// get local address of address object
 59 | 
 60 | 	memset(&request, 0, sizeof(request));
 61 | 	ote_addr = ot_find_fileobj(ctx->fileobj, &irql);
 62 | 	if (ote_addr == NULL) {
 63 | 		KdPrint(("[tdi_fw] tdi_receive_datagram: ot_find_fileobj(0x%x)!\n", ctx->fileobj));
 64 | 		goto done;
 65 | 	}
 66 | 
 67 | 	KdPrint(("[tdi_fw] tdi_event_receive_datagram: addrobj 0x%x\n", ctx->fileobj));
 68 | 
 69 | 	// check device object: UDP or RawIP
 70 | 	if (get_original_devobj(ote_addr->devobj, &ipproto) == NULL ||
 71 | 		(ipproto != IPPROTO_UDP && ipproto != IPPROTO_IP)) {
 72 | 		// unknown device object!
 73 | 		KdPrint(("[tdi_fw] tdi_event_receive_datagram: unknown DeviceObject 0x%x!\n",
 74 | 			ote_addr));
 75 | 		goto done;
 76 | 	}
 77 | 
 78 | 	local_addr = (TA_ADDRESS *)(ote_addr->local_addr);
 79 | 	remote_addr = ((TRANSPORT_ADDRESS *)SourceAddress)->Address;
 80 | 
 81 | 	KdPrint(("[tdi_fw] tdi_event_receive_datagram(pid:%u): %x:%u -> %x:%u\n",
 82 | 		ote_addr->pid,
 83 | 		ntohl(((TDI_ADDRESS_IP *)(remote_addr->Address))->in_addr),
 84 | 		ntohs(((TDI_ADDRESS_IP *)(remote_addr->Address))->sin_port),
 85 | 		ntohl(((TDI_ADDRESS_IP *)(local_addr->Address))->in_addr),
 86 | 		ntohs(((TDI_ADDRESS_IP *)(local_addr->Address))->sin_port)));
 87 | 
 88 | 	// call quick filter for datagram
 89 | 	request.struct_size = sizeof(request);
 90 | 
 91 | 	request.type = TYPE_DATAGRAM;
 92 | 	request.direction = DIRECTION_IN;
 93 | 	request.proto = ipproto;
 94 | 	request.pid = ote_addr->pid;
 95 | 
 96 | 	// get user SID & attributes (can't call get_current_sid_a at DISPATCH_LEVEL)
 97 | 	if ((request.sid_a = copy_sid_a(ote_addr->sid_a, ote_addr->sid_a_size)) != NULL)
 98 | 		request.sid_a_size = ote_addr->sid_a_size;
 99 | 	
100 | 	memcpy(&request.addr.from, &remote_addr->AddressType, sizeof(struct sockaddr));
101 | 	memcpy(&request.addr.to, &local_addr->AddressType, sizeof(struct sockaddr));
102 | 	request.addr.len = sizeof(struct sockaddr_in);
103 | 
104 | 	memset(&rule, 0, sizeof(rule));
105 | 
106 | 	result = quick_filter(&request, &rule);
107 | 
108 | 	memcpy(request.log_rule_id, rule.rule_id, RULE_ID_SIZE);
109 | 
110 | 	if (rule.log >= RULE_LOG_LOG) {
111 | 		ULONG bytes = BytesAvailable;
112 | 
113 | 		// traffic stats
114 | 		KeAcquireSpinLockAtDpcLevel(&g_traffic_guard);
115 | 		
116 | 		g_traffic[TRAFFIC_TOTAL_IN] += bytes;
117 | 		
118 | 		if (rule.log >= RULE_LOG_COUNT) {
119 | 			request.log_bytes_in = bytes;
120 | 
121 | 			g_traffic[TRAFFIC_COUNTED_IN] += bytes;
122 | 
123 | 		} else
124 | 			request.log_bytes_in = (ULONG)-1;
125 | 
126 | 		KeReleaseSpinLockFromDpcLevel(&g_traffic_guard);
127 | 
128 | 		log_request(&request);
129 | 	}
130 | 
131 | done:
132 | 	// cleanup
133 | 	if (ote_addr != NULL)
134 | 		KeReleaseSpinLock(&g_ot_hash_guard, irql);
135 | 	if (request.sid_a != NULL)
136 | 		free(request.sid_a);
137 | 
138 | 	if (result == FILTER_ALLOW) {
139 | 
140 | 		return ((PTDI_IND_RECEIVE_DATAGRAM)(ctx->old_handler))
141 | 			(ctx->old_context, SourceAddressLength, SourceAddress, OptionsLength,
142 | 			Options, ReceiveDatagramFlags, BytesIndicated, BytesAvailable, BytesTaken,
143 | 			Tsdu, IoRequestPacket);
144 | 	
145 | 	} else
146 | 		return STATUS_DATA_NOT_ACCEPTED;
147 | }
148 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/ev_recv.c:
--------------------------------------------------------------------------------
  1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
  2 |  *
  3 |  * Redistribution and use in source forms, with and without modification,
  4 |  * are permitted provided that this entire comment appears intact.
  5 |  *
  6 |  * Redistribution in binary form may occur without any restrictions.
  7 |  *
  8 |  * This software is provided ``AS IS'' without any warranties of any kind.
  9 |  */
 10 |  
 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 12 | //
 13 | // $Id: ev_recv.c,v 1.4 2005/09/06 12:25:42 vlad Exp $
 14 | 
 15 | /*
 16 |  * This file contains TDI_EVENT_RECEIVE and TDI_EVENT_CHAINED_RECEIVE handlers
 17 |  */
 18 | 
 19 | #include <ntddk.h>
 20 | #include <tdikrnl.h>
 21 | #include "sock.h"
 22 | 
 23 | #include "events.h"
 24 | #include "memtrack.h"
 25 | #include "obj_tbl.h"
 26 | #include "tdi_fw.h"
 27 | #include "ipc.h"
 28 | 
 29 | struct tdi_client_irp_ctx {
 30 |     PIO_COMPLETION_ROUTINE	completion;
 31 |     PVOID					context;
 32 | 	UCHAR					old_control;
 33 |     PFILE_OBJECT            connobj;
 34 | };
 35 | 
 36 | static NTSTATUS		tdi_client_irp_complete(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context);
 37 | 
 38 | //----------------------------------------------------------------------------
 39 | 
 40 | /*
 41 |  * TDI_EVENT_RECEIVE handler
 42 |  */
 43 | 
 44 | NTSTATUS
 45 | tdi_event_receive(
 46 |     IN PVOID TdiEventContext,
 47 |     IN CONNECTION_CONTEXT ConnectionContext,
 48 |     IN ULONG ReceiveFlags,
 49 |     IN ULONG BytesIndicated,
 50 |     IN ULONG BytesAvailable,
 51 |     OUT ULONG *BytesTaken,
 52 |     IN PVOID Tsdu,
 53 |     OUT PIRP *IoRequestPacket)
 54 | {
 55 | 	TDI_EVENT_CONTEXT *ctx = (TDI_EVENT_CONTEXT *)TdiEventContext;
 56 | 	PFILE_OBJECT connobj = ot_find_conn_ctx(ctx->fileobj, ConnectionContext);
 57 | 	NTSTATUS status;
 58 | 	struct flt_request		fr			= {0};
 59 | 
 60 | 	KdPrint(("[tdi_fw] tdi_event_receive: addrobj 0x%x; connobj: 0x%x; %u/%u; flags: 0x%x\n",
 61 | 		ctx->fileobj, connobj, BytesIndicated, BytesAvailable, ReceiveFlags));
 62 | 
 63 | 	fr.type = TYPE_RECV;
 64 | 	fr.data.pdata = Tsdu;
 65 | 	fr.data.len = BytesIndicated;
 66 | 	{
 67 | 		struct ot_entry *ote_conn;
 68 | 		KIRQL irql;
 69 | 
 70 | 		ote_conn = ot_find_fileobj(connobj, &irql);
 71 | 		/*fr.addr.from = ote_conn->remote_addr->tp_addr;*/
 72 | 		KeReleaseSpinLock(&g_ot_hash_guard, irql);
 73 | 	}
 74 | 
 75 | 	quick_filter(&fr, NULL);
 76 | 
 77 | 	status = ((PTDI_IND_RECEIVE)(ctx->old_handler))
 78 | 		(ctx->old_context, ConnectionContext, ReceiveFlags, BytesIndicated,
 79 | 		BytesAvailable, BytesTaken, Tsdu, IoRequestPacket);
 80 | 
 81 | 	KdPrint(("[tdi_fw] tdi_event_receive: status 0x%x; BytesTaken: %u; Irp: 0x%x\n",
 82 | 		status, *BytesTaken, *IoRequestPacket));
 83 | 
 84 | 	if (*BytesTaken != 0) {
 85 | 		struct ot_entry *ote_conn;
 86 | 		KIRQL irql;
 87 | 
 88 | 		ote_conn = ot_find_fileobj(connobj, &irql);
 89 | 		if (ote_conn != NULL) {
 90 | 			ULONG bytes = *BytesTaken;
 91 | 
 92 | 			ote_conn->bytes_in += bytes;
 93 | 
 94 | 			// traffic stats
 95 | 			KeAcquireSpinLockAtDpcLevel(&g_traffic_guard);
 96 | 			
 97 | 			g_traffic[TRAFFIC_TOTAL_IN] += bytes;
 98 | 			
 99 | 			if (ote_conn->log_disconnect)
100 | 				g_traffic[TRAFFIC_COUNTED_IN] += bytes;
101 | 			
102 | 			KeReleaseSpinLockFromDpcLevel(&g_traffic_guard);
103 | 
104 | 			KeReleaseSpinLock(&g_ot_hash_guard, irql);
105 | 		}
106 | 	}
107 | 
108 | 	if (*IoRequestPacket != NULL) {
109 | 	    // got IRP. replace completion.
110 | 	    struct tdi_client_irp_ctx *new_ctx;
111 | 		PIO_STACK_LOCATION irps = IoGetCurrentIrpStackLocation(*IoRequestPacket);
112 | 
113 | 		new_ctx = (struct tdi_client_irp_ctx *)malloc_np(sizeof(*new_ctx));
114 | 		if (new_ctx != NULL) {
115 | 
116 |             new_ctx->connobj = connobj;
117 | 
118 | 			if (irps->CompletionRoutine != NULL) {
119 | 				new_ctx->completion = irps->CompletionRoutine;
120 | 				new_ctx->context = irps->Context;
121 | 				new_ctx->old_control = irps->Control;
122 | 
123 | 			} else {
124 | 
125 | 				// we don't use IoSetCompletionRoutine because it uses next not current location
126 | 
127 | 				new_ctx->completion = NULL;
128 | 				new_ctx->context = NULL;
129 | 
130 | 			}
131 | 
132 | 			irps->CompletionRoutine = tdi_client_irp_complete;
133 | 			irps->Context = new_ctx;
134 | 			irps->Control = SL_INVOKE_ON_SUCCESS | SL_INVOKE_ON_ERROR | SL_INVOKE_ON_CANCEL;
135 | 		}
136 | 	}
137 | 
138 | 	return status;
139 | }
140 | 
141 | NTSTATUS
142 | tdi_client_irp_complete(IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context)
143 | {
144 | 	struct tdi_client_irp_ctx *ctx = (struct tdi_client_irp_ctx *)Context;
145 | 	NTSTATUS status;
146 | 
147 | 	KdPrint(("[tdi_fw] tdi_client_irp_complete: status: 0x%x; len: %u\n",
148 | 		Irp->IoStatus.Status, Irp->IoStatus.Information));
149 | 
150 | 	if (Irp->IoStatus.Status == STATUS_SUCCESS) {
151 | 
152 | 		struct ot_entry *ote_conn;
153 | 		KIRQL irql;
154 | 
155 | 		ote_conn = ot_find_fileobj(ctx->connobj, &irql);
156 | 		if (ote_conn != NULL) {
157 | 			ULONG bytes = Irp->IoStatus.Information;
158 | 
159 | 			ote_conn->bytes_in += bytes;
160 | 
161 | 			// traffic stats
162 | 			KeAcquireSpinLockAtDpcLevel(&g_traffic_guard);
163 | 			
164 | 			g_traffic[TRAFFIC_TOTAL_IN] += bytes;
165 | 			
166 | 			if (ote_conn->log_disconnect)
167 | 				g_traffic[TRAFFIC_COUNTED_IN] += bytes;
168 | 			
169 | 			KeReleaseSpinLockFromDpcLevel(&g_traffic_guard);
170 | 
171 | 			KeReleaseSpinLock(&g_ot_hash_guard, irql);
172 | 		}
173 | 	}
174 | 
175 | 	// call original completion
176 | 	if (ctx->completion != NULL) {
177 | 		// call old completion (see the old control)
178 | 		BOOLEAN b_call = FALSE;
179 | 
180 | 		if (Irp->Cancel) {
181 | 			// cancel
182 | 			if (ctx->old_control & SL_INVOKE_ON_CANCEL)
183 | 				b_call = TRUE;
184 | 		} else {
185 | 			if (Irp->IoStatus.Status >= STATUS_SUCCESS) {
186 | 				// success
187 | 				if (ctx->old_control & SL_INVOKE_ON_SUCCESS)
188 | 					b_call = TRUE;
189 | 			} else {
190 | 				// error
191 | 				if (ctx->old_control & SL_INVOKE_ON_ERROR)
192 | 					b_call = TRUE;
193 | 			}
194 | 		}
195 | 
196 | 		if (b_call) {
197 | 			status = (ctx->completion)(DeviceObject, Irp, ctx->context);
198 | 
199 | 			KdPrint(("[tdi_flt] tdi_client_irp_complete: original handler: 0x%x; status: 0x%x\n",
200 | 				ctx->completion, status));
201 | 
202 | 		} else
203 | 			status = STATUS_SUCCESS;
204 | 
205 | 	}
206 | 
207 | 	free(ctx);
208 | 	return status;
209 | }
210 |   
211 | //----------------------------------------------------------------------------
212 | 
213 | /*
214 |  * TDI_EVENT_CHAINED_RECEIVE handler
215 |  */
216 | 
217 | NTSTATUS
218 | tdi_event_chained_receive(
219 |     IN PVOID TdiEventContext,
220 |     IN CONNECTION_CONTEXT ConnectionContext,
221 |     IN ULONG ReceiveFlags,
222 |     IN ULONG ReceiveLength,
223 |     IN ULONG StartingOffset,
224 |     IN PMDL  Tsdu,
225 |     IN PVOID TsduDescriptor)
226 | {
227 | 	TDI_EVENT_CONTEXT *ctx = (TDI_EVENT_CONTEXT *)TdiEventContext;
228 | 	PFILE_OBJECT connobj = ot_find_conn_ctx(ctx->fileobj, ConnectionContext);
229 | 	NTSTATUS status;
230 | 	struct flt_request		fr			= {0};
231 | 
232 | 	KdPrint(("[tdi_fw] tdi_event_chained_receive: addrobj 0x%x; connobj: 0x%x; %u; flags: 0x%x\n",
233 | 		ctx->fileobj, connobj, ReceiveLength, ReceiveFlags));
234 | 	fr.type = TYPE_RECV;
235 | 	fr.data.pdata = TsduDescriptor;
236 | 	fr.data.len = ReceiveLength;
237 | 
238 | 	quick_filter(&fr, NULL);
239 | 	status = ((PTDI_IND_CHAINED_RECEIVE)(ctx->old_handler))
240 | 		(ctx->old_context, ConnectionContext, ReceiveFlags,ReceiveLength ,
241 | 		StartingOffset, Tsdu, TsduDescriptor);
242 | 
243 | 	KdPrint(("[tdi_fw] tdi_event_chained_receive: status 0x%x\n", status));
244 | 
245 | 	if (status == STATUS_SUCCESS || status == STATUS_PENDING) {
246 | 		struct ot_entry *ote_conn;
247 | 		KIRQL irql;
248 | 
249 | 		ote_conn = ot_find_fileobj(connobj, &irql);
250 | 		if (ote_conn != NULL) {
251 | 			ULONG bytes = ReceiveLength;
252 | 
253 | 			ote_conn->bytes_in += bytes;
254 | 
255 | 			// traffic stats
256 | 			KeAcquireSpinLockAtDpcLevel(&g_traffic_guard);
257 | 			
258 | 			g_traffic[TRAFFIC_TOTAL_IN] += bytes;
259 | 			
260 | 			if (ote_conn->log_disconnect)
261 | 				g_traffic[TRAFFIC_COUNTED_IN] += bytes;
262 | 			
263 | 			KeReleaseSpinLockFromDpcLevel(&g_traffic_guard);
264 | 
265 | 			KeReleaseSpinLock(&g_ot_hash_guard, irql);
266 | 		}
267 | 	}
268 | 
269 | 	return status;
270 | }
271 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/events.c:
--------------------------------------------------------------------------------
 1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
 2 |  *
 3 |  * Redistribution and use in source forms, with and without modification,
 4 |  * are permitted provided that this entire comment appears intact.
 5 |  *
 6 |  * Redistribution in binary form may occur without any restrictions.
 7 |  *
 8 |  * This software is provided ``AS IS'' without any warranties of any kind.
 9 |  */
10 |  
11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
12 | //
13 | // $Id: events.c,v 1.3 2003/09/01 08:42:18 dev Exp $
14 | 
15 | /*
16 |  * Replaced event handlers for TDI events
17 |  */
18 | 
19 | #include <ntddk.h>
20 | #include <tdikrnl.h>
21 | #include "sock.h"
22 | 
23 | #include "events.h"
24 | #include "memtrack.h"
25 | 
26 | // to simplify processing don't use chained handlers for datagrams
27 | struct tdi_event_handler g_tdi_event_handlers[]= {
28 | 	{TDI_EVENT_CONNECT,						tdi_event_connect},
29 | 	{TDI_EVENT_DISCONNECT,					tdi_event_disconnect},
30 | 	{TDI_EVENT_RECEIVE_DATAGRAM,			tdi_event_receive_datagram},
31 | 	{TDI_EVENT_CHAINED_RECEIVE_DATAGRAM,	NULL},
32 | 	{TDI_EVENT_RECEIVE,						tdi_event_receive},
33 | 	{TDI_EVENT_RECEIVE_EXPEDITED,			tdi_event_receive},
34 | 	{TDI_EVENT_CHAINED_RECEIVE,				tdi_event_chained_receive},
35 | 	{TDI_EVENT_CHAINED_RECEIVE_EXPEDITED,	tdi_event_chained_receive},
36 | 	{(ULONG)-1,								NULL}
37 | };
38 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/events.h:
--------------------------------------------------------------------------------
 1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 2 | //
 3 | // $Id: events.h,v 1.2 2003/09/01 08:42:18 dev Exp $
 4 | 
 5 | #ifndef _events_h_
 6 | #define _events_h_
 7 | 
 8 | #include "obj_tbl.h"
 9 | 
10 | NTSTATUS tdi_event_connect(
11 |     IN PVOID TdiEventContext,
12 |     IN LONG RemoteAddressLength,
13 |     IN PVOID RemoteAddress,
14 |     IN LONG UserDataLength,
15 |     IN PVOID UserData,
16 |     IN LONG OptionsLength,
17 |     IN PVOID Options,
18 |     OUT CONNECTION_CONTEXT *ConnectionContext,
19 |     OUT PIRP *AcceptIrp);
20 | 
21 | NTSTATUS tdi_event_disconnect(
22 |     IN PVOID TdiEventContext,
23 |     IN CONNECTION_CONTEXT ConnectionContext,
24 |     IN LONG DisconnectDataLength,
25 |     IN PVOID DisconnectData,
26 |     IN LONG DisconnectInformationLength,
27 |     IN PVOID DisconnectInformation,
28 |     IN ULONG DisconnectFlags);
29 | 
30 | NTSTATUS tdi_event_receive_datagram(
31 |     IN PVOID TdiEventContext,
32 |     IN LONG SourceAddressLength,
33 |     IN PVOID SourceAddress,
34 |     IN LONG OptionsLength,
35 |     IN PVOID Options,
36 |     IN ULONG ReceiveDatagramFlags,
37 |     IN ULONG BytesIndicated,
38 |     IN ULONG BytesAvailable,
39 |     OUT ULONG *BytesTaken,
40 |     IN PVOID Tsdu,
41 |     OUT PIRP *IoRequestPacket);
42 | 
43 | NTSTATUS tdi_event_receive(
44 |     IN PVOID TdiEventContext,
45 |     IN CONNECTION_CONTEXT ConnectionContext,
46 |     IN ULONG ReceiveFlags,
47 |     IN ULONG BytesIndicated,
48 |     IN ULONG BytesAvailable,
49 |     OUT ULONG *BytesTaken,
50 |     IN PVOID Tsdu,
51 |     OUT PIRP *IoRequestPacket);
52 | 
53 | NTSTATUS tdi_event_chained_receive(
54 |     IN PVOID TdiEventContext,
55 |     IN CONNECTION_CONTEXT ConnectionContext,
56 |     IN ULONG ReceiveFlags,
57 |     IN ULONG ReceiveLength,
58 |     IN ULONG StartingOffset,
59 |     IN PMDL  Tsdu,
60 |     IN PVOID TsduDescriptor);
61 | 
62 | // helper struct for calling one of the handlers
63 | struct tdi_event_handler {
64 | 	LONG	event;
65 | 	PVOID	handler;
66 | };
67 | 
68 | extern struct tdi_event_handler g_tdi_event_handlers[];
69 | 
70 | #endif
71 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/filter.h:
--------------------------------------------------------------------------------
 1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
 2 |  *
 3 |  * Redistribution and use in source forms, with and without modification,
 4 |  * are permitted provided that this entire comment appears intact.
 5 |  *
 6 |  * Redistribution in binary form may occur without any restrictions.
 7 |  *
 8 |  * This software is provided ``AS IS'' without any warranties of any kind.
 9 |  */
10 |  
11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
12 | //
13 | // $Id: filter.h,v 1.5 2003/09/04 15:20:09 dev Exp $
14 | 
15 | #ifndef _filter_h_
16 | #define _filter_h_
17 | 
18 | #include "ipc.h"
19 | 
20 | NTSTATUS	filter_init(void);
21 | NTSTATUS	filter_init_2(void);
22 | 
23 | void		filter_free(void);
24 | void		filter_free_2(void);
25 | 
26 | NTSTATUS	add_flt_rule(int chain, const struct flt_rule *rule);
27 | NTSTATUS	clear_flt_chain(int chain);
28 | NTSTATUS	activate_flt_chain(int chain);
29 | NTSTATUS	set_chain_pname(int chain, char *pname);
30 | NTSTATUS	set_pid_pname(ULONG pid, char *pname);
31 | 
32 | BOOLEAN		default_chain_only(void);
33 | 
34 | int			quick_filter(struct flt_request *request, struct flt_rule *rule);
35 | 
36 | BOOLEAN		log_request(struct flt_request *request);
37 | ULONG		get_request(char *buf, ULONG buf_size);
38 | 
39 | #endif
40 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/ipc.c:
--------------------------------------------------------------------------------
  1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
  2 |  *
  3 |  * Redistribution and use in source forms, with and without modification,
  4 |  * are permitted provided that this entire comment appears intact.
  5 |  *
  6 |  * Redistribution in binary form may occur without any restrictions.
  7 |  *
  8 |  * This software is provided ``AS IS'' without any warranties of any kind.
  9 |  */
 10 |  
 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 12 | //
 13 | // $Id: ipc.c,v 1.6 2003/09/04 15:20:09 dev Exp $
 14 | 
 15 | /*
 16 |  * This file contain replaced TDI_EVENT_CONNECT handler
 17 |  */
 18 | 
 19 | #include <ntddk.h>
 20 | #include <tdikrnl.h>
 21 | #include "sock.h"
 22 | 
 23 | #include "conn_state.h"
 24 | #include "filter.h"
 25 | #include "ipc.h"
 26 | #include "sids.h"
 27 | #include "tdi_fw.h"
 28 | 
 29 | static void		get_traffic_counters(unsigned __int64 *counters);
 30 | 
 31 | NTSTATUS
 32 | process_nfo_request(ULONG code, char *buf, ULONG *buf_len, ULONG buf_size)
 33 | {
 34 | 	NTSTATUS status;
 35 | 	ULONG len = *buf_len;
 36 | 	*buf_len = 0;
 37 | 
 38 | 	switch (code) {
 39 | 	
 40 | 	case IOCTL_CMD_ENUM_LISTEN:
 41 | 		// enum listening endpoints
 42 | 
 43 | 		if (buf_size < sizeof(struct listen_nfo) || buf == NULL) {
 44 | 			status = STATUS_INFO_LENGTH_MISMATCH;
 45 | 			break;
 46 | 		}
 47 | 
 48 | 		status = enum_listen((struct listen_nfo *)buf, buf_len, buf_size);
 49 | 		break;
 50 | 
 51 | 	case IOCTL_CMD_ENUM_TCP_CONN:
 52 | 		// enum TCP connections
 53 | 
 54 | 		if (buf_size < sizeof(struct tcp_conn_nfo) || buf == NULL) {
 55 | 			status = STATUS_INFO_LENGTH_MISMATCH;
 56 | 			break;
 57 | 		}
 58 | 
 59 | 		status = enum_tcp_conn((struct tcp_conn_nfo *)buf, buf_len, buf_size);
 60 | 		break;
 61 | 
 62 | 	case IOCTL_CMD_GET_COUNTERS: 
 63 | 		// get traffic counters
 64 | 
 65 | 		if (buf_size < sizeof(g_traffic)) {
 66 | 			status = STATUS_INFO_LENGTH_MISMATCH;
 67 | 			break;
 68 | 		}
 69 | 
 70 | 		get_traffic_counters((unsigned __int64 *)buf);
 71 | 		
 72 | 		*buf_len = sizeof(g_traffic);
 73 | 		status = STATUS_SUCCESS;
 74 | 		break;
 75 | 
 76 | 	default:
 77 | 		status = STATUS_NOT_SUPPORTED;
 78 | 	}
 79 | 
 80 | 	return status;
 81 | }
 82 | 
 83 | NTSTATUS
 84 | process_request(ULONG code, char *buf, ULONG *buf_len, ULONG buf_size)
 85 | {
 86 | 	NTSTATUS status;
 87 | 	ULONG len = *buf_len;
 88 | 	*buf_len = 0;
 89 | 
 90 | 	switch (code) {
 91 | 	
 92 | 	case IOCTL_CMD_GETREQUEST:
 93 | 		// get data for logging
 94 | 
 95 | 		if (buf_size < sizeof(struct flt_request) || buf == NULL) {
 96 | 			status = STATUS_INFO_LENGTH_MISMATCH;
 97 | 			break;
 98 | 		}
 99 | 
100 | 		*buf_len = get_request(buf, buf_size);
101 | 		status = STATUS_SUCCESS;
102 | 		break;
103 | 
104 | 	case IOCTL_CMD_CLEARCHAIN:
105 | 		// clear rules chain #i
106 | 
107 | 		if (len != sizeof(int) || buf == NULL) {
108 | 			status = STATUS_INFO_LENGTH_MISMATCH;
109 | 			break;
110 | 		}
111 | 
112 | 		status = clear_flt_chain(*(int *)buf);
113 | 		break;
114 | 
115 | 	case IOCTL_CMD_APPENDRULE:
116 | 		// append rule to chain #i
117 | 
118 | 		if (len != sizeof(struct flt_rule) || buf == NULL) {
119 | 			status = STATUS_INFO_LENGTH_MISMATCH;
120 | 			break;
121 | 		}
122 | 
123 | 		status = add_flt_rule(((struct flt_rule *)buf)->chain, (struct flt_rule *)buf);
124 | 		break;
125 | 
126 | 	case IOCTL_CMD_SETCHAINPNAME:
127 | 		// set chain #i process name
128 | 
129 | 		if (len < sizeof(int) + sizeof(char) || buf == NULL) {
130 | 			status = STATUS_INFO_LENGTH_MISMATCH;
131 | 			break;
132 | 		}
133 | 		if (buf[len - 1] != '\0') {
134 | 			status = STATUS_INVALID_PARAMETER;	// string must be zero-terminated
135 | 			break;
136 | 		}
137 | 
138 | 		status = set_chain_pname(*(int *)buf, buf + sizeof(int));
139 | 		break;
140 | 
141 | 	case IOCTL_CMD_SETPNAME:
142 | 		// set process name for pid
143 | 
144 | 		if (len < sizeof(ULONG) + sizeof(char) || buf == NULL) {
145 | 			status = STATUS_INFO_LENGTH_MISMATCH;
146 | 			break;
147 | 		}
148 | 		if (buf[len - 1] != '\0') {
149 | 			status = STATUS_INVALID_PARAMETER;	// string must be zero-terminated
150 | 			break;
151 | 		}
152 | 
153 | 		status = set_pid_pname(*(ULONG *)buf, buf + sizeof(ULONG));
154 | 		break;
155 | 
156 | 	case IOCTL_CMD_ACTIVATECHAIN:
157 | 		// active rules chain #i
158 | 
159 | 		if (len != sizeof(int) || buf == NULL) {
160 | 			status = STATUS_INFO_LENGTH_MISMATCH;
161 | 			break;
162 | 		}
163 | 
164 | 		status = activate_flt_chain(*(int *)buf);
165 | 		break;
166 | 
167 | 	case IOCTL_CMD_SET_SIDS:
168 | 		// set SIDs array
169 | 
170 | 		if (len < sizeof(ULONG)) {
171 | 			status = STATUS_INFO_LENGTH_MISMATCH;
172 | 			break;
173 | 		}
174 | 
175 | 		status = set_sid_list(buf, len);
176 | 		break;
177 | 
178 | 	case IOCTL_CMD_GET_COUNTERS: 
179 | 		// get traffic counters
180 | 
181 | 		if (buf_size < sizeof(g_traffic)) {
182 | 			status = STATUS_INFO_LENGTH_MISMATCH;
183 | 			break;
184 | 		}
185 | 
186 | 		get_traffic_counters((unsigned __int64 *)buf);
187 | 		
188 | 		*buf_len = sizeof(g_traffic);
189 | 		status = STATUS_SUCCESS;
190 | 		break;
191 | 
192 | 	default:
193 | 		status = STATUS_NOT_SUPPORTED;
194 | 	}
195 | 
196 | 	return status;
197 | }
198 | 
199 | void
200 | get_traffic_counters(unsigned __int64 *counters)
201 | {
202 | 	KIRQL irql;
203 | 
204 | 	KeAcquireSpinLock(&g_traffic_guard, &irql);
205 | 	memcpy(counters, g_traffic, sizeof(g_traffic));
206 | 	KeReleaseSpinLock(&g_traffic_guard, irql);
207 | }
208 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/ipc.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/tdifw/src/tdifw/ipc.h


--------------------------------------------------------------------------------
/tdifw/src/tdifw/memtrack.c:
--------------------------------------------------------------------------------
  1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
  2 |  *
  3 |  * Redistribution and use in source forms, with and without modification,
  4 |  * are permitted provided that this entire comment appears intact.
  5 |  *
  6 |  * Redistribution in binary form may occur without any restrictions.
  7 |  *
  8 |  * This software is provided ``AS IS'' without any warranties of any kind.
  9 |  */
 10 |  
 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 12 | //
 13 | // $Id: memtrack.c,v 1.2 2002/12/03 12:14:27 dev Exp $
 14 | 
 15 | #if DBG
 16 | 
 17 | /*
 18 |  * Debug NonPaged pool routines (helpers to find memory leaks and pool corruption)
 19 |  */
 20 | 
 21 | #include <ntddk.h>
 22 | 
 23 | #include "memtrack.h"
 24 | 
 25 | #define MAGIC	'TMEM'
 26 | //#define INT_3	__asm int 3
 27 | #define INT_3
 28 | 
 29 | struct prefix {
 30 | 	ULONG		magic;
 31 | 	struct		prefix *next;
 32 | 	struct		prefix *prev;
 33 | 	ULONG		size;
 34 | 	const char	*file;
 35 | 	ULONG		line;
 36 | 	char		data[];
 37 | };
 38 | 
 39 | struct postfix {
 40 | 	ULONG	size;
 41 | 	ULONG	magic;
 42 | };
 43 | 
 44 | static KSPIN_LOCK guard;
 45 | static struct prefix *first, *last;
 46 | static ULONG count;
 47 | 
 48 | static struct postfix	*check(struct prefix *p);
 49 | 
 50 | void
 51 | memtrack_init()
 52 | {
 53 | 	KeInitializeSpinLock(&guard);
 54 | }
 55 | 
 56 | void
 57 | memtrack_free()
 58 | {
 59 | 	KIRQL irql;
 60 | 	ULONG total = 0;
 61 | 
 62 | 	KeAcquireSpinLock(&guard, &irql);
 63 | 
 64 | 	if (first != NULL) {
 65 | 		struct prefix *p;
 66 | 		for (p = first; p; p = p->next) {
 67 | 			check(p);
 68 | 
 69 | 			KdPrint(("memtrack: memory leak detected! %s:%u (%u bytes)\n",
 70 | 				p->file, p->line, p->size));
 71 | 
 72 | 			total += p->size;
 73 | 		}
 74 | 	}
 75 | 
 76 | 	KeReleaseSpinLock(&guard, irql);
 77 | 	KdPrint(("memtrack: Total memory leakage: %u bytes (%u blocks)\n", total, count));
 78 | 
 79 | 	if (total) INT_3;
 80 | }
 81 | 
 82 | void *
 83 | mt_malloc(ULONG size, const char *file, ULONG line)
 84 | {
 85 | 	KIRQL irql;
 86 | 	struct prefix *data;
 87 | 	struct postfix *pd;
 88 | 
 89 | #if 1
 90 | 	// check pool integrity
 91 | 	KeAcquireSpinLock(&guard, &irql);
 92 | 	
 93 | 	for (data = first; data; data = data->next)
 94 | 		check(data);
 95 | 	
 96 | 	for (data = last; data; data = data->prev)
 97 | 		check(data);
 98 | 	
 99 | 	KeReleaseSpinLock(&guard, irql);
100 | #endif
101 | 
102 | 	if (size == 0) {
103 | 		KdPrint(("memtrack: mt_malloc: size == 0!\n"));
104 | 		INT_3;
105 | 		return NULL;
106 | 	}
107 | 
108 | 	data = (struct prefix *)ExAllocatePool(NonPagedPool,
109 | 		sizeof(struct prefix) + size + sizeof(struct postfix));
110 | 	if (data == NULL)
111 | 		return NULL;
112 | 
113 | 	data->magic = MAGIC;
114 | 	data->next = NULL;
115 | 	data->prev = NULL;
116 | 	data->size = size;
117 | 	data->file = file;
118 | 	data->line = line;
119 | 
120 | 	memset(data->data, 0xcc, size);		// fill by 0xcc: new
121 | 
122 | 	pd = (struct postfix *)(data->data + data->size);
123 | 
124 | 	pd->size = size;
125 | 	pd->magic = MAGIC;
126 | 
127 | 	KeAcquireSpinLock(&guard, &irql);
128 | 	
129 | 	if (last) {
130 | 		last->next = data;
131 | 		data->prev = last;
132 | 		last = data;
133 | 	}
134 | 	else {
135 | 		data->prev = NULL;
136 | 		first = last = data;
137 | 	}
138 | 	count++;
139 | 
140 | 	KeReleaseSpinLock(&guard, irql);
141 | 	return data->data;
142 | }
143 | 
144 | void
145 | free(void *ptr)
146 | {
147 | 	KIRQL irql;
148 | 	struct prefix *data = (struct prefix *)((char *)ptr - sizeof(struct prefix));
149 | 	struct postfix *pd = check(data);
150 | 
151 | 	if (pd == NULL)
152 | 		return;
153 | 
154 | 	KeAcquireSpinLock(&guard, &irql);
155 | 
156 | 	if (data->next != NULL)
157 | 		data->next->prev = data->prev;
158 | 	else
159 | 		last = data->prev;
160 | 	if (data->prev != NULL)
161 | 		data->prev->next = data->next;
162 | 	else
163 | 		first = data->next;
164 | 
165 | 	memset(data->data, 0xc9, data->size);	// fill by 0xc9: free
166 | 
167 | 	data->size = (ULONG)-1;
168 | 	pd->size = (ULONG)-1;
169 | 
170 | 	count--;
171 | 	KeReleaseSpinLock(&guard, irql);
172 | 
173 | 	ExFreePool(data);
174 | }
175 | 
176 | struct postfix *
177 | check(struct prefix *p)
178 | {
179 | 	struct postfix *pd;
180 | 
181 | 	if (p->magic != MAGIC) {
182 | 		KdPrint(("memtrack: check: invalid pre-magic! 0x%x\n", p));
183 | 		INT_3;
184 | 		return NULL;
185 | 	}
186 | 
187 | 	pd = (struct postfix *)(p->data + p->size);
188 | 
189 | 	if (pd->magic != MAGIC) {
190 | 		KdPrint(("memtrack: memtrack_free: invalid post-magic! 0x%x\n", pd));
191 | 		INT_3;
192 | 		return NULL;
193 | 	}
194 | 
195 | 	if (p->size != pd->size) {
196 | 		KdPrint(("memtrack: memtracl_free: invalid post-size! 0x%x 0x%x\n", p, pd));
197 | 		INT_3;
198 | 		return NULL;
199 | 	}
200 | 
201 | 	return pd;
202 | }
203 | 
204 | 
205 | #endif /* DBG */
206 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/memtrack.h:
--------------------------------------------------------------------------------
 1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
 2 |  *
 3 |  * Redistribution and use in source forms, with and without modification,
 4 |  * are permitted provided that this entire comment appears intact.
 5 |  *
 6 |  * Redistribution in binary form may occur without any restrictions.
 7 |  *
 8 |  * This software is provided ``AS IS'' without any warranties of any kind.
 9 |  */
10 |  
11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
12 | //
13 | // $Id: memtrack.h,v 1.1.1.1 2002/09/24 11:12:16 dev Exp $
14 | 
15 | #ifndef _memtrack_h_
16 | #define _memtrack_h_
17 | 
18 | #define MEM_TAG		'1VRD'
19 | 
20 | #if DBG
21 | 
22 | void	memtrack_init(void);
23 | void	memtrack_free(void);
24 | 
25 | void	*mt_malloc(ULONG size, const char *file, ULONG line);
26 | 
27 | // allocate memory from nonpaged pool
28 | #define malloc_np(size)	mt_malloc((size), __FILE__, __LINE__)	
29 | 
30 | void free(void *ptr);
31 | 
32 | // debug macro
33 | //#define _TEST_ME_	__asm int 3
34 | #define _TEST_ME_
35 | 
36 | #else /* DBG */
37 | 
38 | #define memtrack_init()
39 | #define memtrack_free()
40 | 
41 | #define malloc_np(size)	ExAllocatePoolWithTag(NonPagedPool, (size), MEM_TAG)
42 | #define free(ptr)		ExFreePool(ptr)
43 | 
44 | 
45 | #define _TEST_ME_
46 | 
47 | #endif /* DBG */
48 | 
49 | #endif
50 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/my_build.bat:
--------------------------------------------------------------------------------
1 | set INCLUDE=%BASEDIR%\inc\ddk\
2 | build %1
3 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/ndis_hk_ioctl.h:
--------------------------------------------------------------------------------
  1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
  2 |  *
  3 |  * Redistribution and use in source forms, with and without modification,
  4 |  * are permitted provided that this entire comment appears intact.
  5 |  *
  6 |  * Redistribution in binary form may occur without any restrictions.
  7 |  *
  8 |  * This software is provided ``AS IS'' without any warranties of any kind.
  9 |  */
 10 |  
 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 12 | //
 13 | // $Id: ndis_hk_ioctl.h,v 1.3 2003/07/14 12:26:27 dev Exp $
 14 | 
 15 | /**
 16 |  * @file ndis_hk_ioctl.h
 17 |  * I/O controls and related definitions for ndis_hk control device
 18 |  */
 19 | 
 20 | #ifndef _ndis_hk_ioctl_h_
 21 | #define _ndis_hk_ioctl_h_
 22 | 
 23 | /* device ioctls (for kernel mode use only; internal) */
 24 | 
 25 | /** MAGIC number for ndis_hk device (useless) */
 26 | #define FILE_DEVICE_NDIS_HK		0x0000c501
 27 | 
 28 | /**
 29 |  * Get kernel-mode interface of hooking driver.
 30 |  * input buffer: (optional) ULONG if_version
 31 |  * output buffer: struct ndis_hk
 32 |  */
 33 | #define IOCTL_CMD_GET_KM_IFACE		CTL_CODE(FILE_DEVICE_NDIS_HK, 0x801, METHOD_BUFFERED, FILE_READ_DATA)
 34 | 
 35 | /* ndis_hk kernel-mode interface */
 36 | 
 37 | #if 0
 38 | enum {
 39 | 	DIRECTION_IN = 0,		/**< input direction of packets (from network to protocol driver) */
 40 | 	DIRECTION_OUT = 1		/**< output direction of packets (from protocol driver to network) */
 41 | };
 42 | #endif
 43 | 
 44 | /**
 45 |  * Main filter function to process input (from upper filter) or output (from lower filter) packet.
 46 |  * 
 47 |  * executed at DISPATCH_LEVEL
 48 |  * 
 49 |  * return value: FALSE don't pass unchanged packet to receiver
 50 |  * if (packet_unchanged == FALSE) function MUST return FALSE
 51 |  *
 52 |  * if function want to pass the packet to next filter in stack:
 53 |  *  for DIRECTION_IN:  self->lower->process_packet(direction, iface, packet, self->lower, packet_unchanged);
 54 |  *  for DIRECTION_OUT: self->upper->process_packet(direction, iface, packet, self->upper, packet_unchanged);
 55 |  */
 56 | typedef BOOLEAN	process_packet_t(
 57 | 	int direction, int iface, PNDIS_PACKET packet, struct filter_nfo *self,
 58 | 	BOOLEAN packet_unchanged);
 59 | 
 60 | /**
 61 |  * Function to process interface PnP events.
 62 |  *
 63 |  * executed at PASSIVE_LEVEL
 64 |  * 
 65 |  * For details of NetPnpEvent see DDK documentation.
 66 |  * If return status is not NDIS_STATUS_SUCCESS don't call next handler in chain.
 67 |  */
 68 | typedef NDIS_STATUS pnp_event_t(
 69 | 	int iface, PNET_PNP_EVENT NetPnPEvent);
 70 | 
 71 | /** Filter information for attach_filter */
 72 | struct filter_nfo {
 73 | 	int					size;		/*<< size of structure */
 74 | 
 75 | 	process_packet_t	*process_packet;	/**< function to process packet */
 76 | 
 77 | 	struct filter_nfo	*upper;		/**< upper filter (process input) */
 78 | 	struct filter_nfo	*lower;		/**< lower filter (process output) */
 79 | 
 80 | 	void				*param;		/**< place for caller's static param */
 81 | 
 82 | 	pnp_event_t			*pnp_event;			/**< PnP event callback */
 83 | };
 84 | 
 85 | #ifndef NDIS_HK_INTERFACE_VER
 86 | /** the latest NDIS_HK_INTERFACE_VER */
 87 | #	define	NDIS_HK_INTERFACE_VER		2
 88 | #endif
 89 | 
 90 | /** ndis_hk kernel-mode interface */
 91 | struct ndis_hk_interface {
 92 | 	ULONG		version;			/**< should be NDIS_HK_INTERFACE_VER */
 93 | 
 94 | 	/**
 95 | 	 * Get list of adapters
 96 | 	 * @param	buf			output buffer for adapter names
 97 | 	 * @param	buf_size	size in wchar_t of buf (can be 0)
 98 | 	 * @return				number of wchar_t has to be in buffer
 99 | 	 *						if greater than buf_size only partial information has been copied
100 | 	 * @see get_adapter_list
101 | 	 */
102 | 	int			(*get_adapter_list)(wchar_t *buf, int buf_size);
103 | 
104 | 	/**
105 | 	 * Attach or remove filter
106 | 	 * @param	flt		information about packet filter
107 | 	 * @param	add		TRUE - attach filter; FALSE - remove filter
108 | 	 * @param	to_top	TRUE - for attaching to top of stack (useless with add == FALSE)
109 | 	 * @see attach_filter
110 | 	 */
111 | 	void		(*attach_filter)(struct filter_nfo *flt, BOOLEAN add, BOOLEAN to_top);
112 | 
113 | #if NDIS_HK_INTERFACE_VER > 1
114 | 
115 | 	/**
116 | 	 * NDIS request on hooked adapter
117 | 	 * @param	iface	interface index
118 | 	 * @param	req		request (see DDK documentation)
119 | 	 * @return			status
120 | 	 */
121 | 	NDIS_STATUS	(*ndis_request)(int iface, NDIS_REQUEST *req);
122 | 
123 | #endif
124 | 
125 | #if NDIS_HK_INTERFACE_VER > 2
126 | 	// add future definitions here...
127 | #endif
128 | };
129 | 
130 | #endif
131 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/net.h:
--------------------------------------------------------------------------------
 1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 2 | //
 3 | // $Id: net.h,v 1.2 2003/03/24 11:26:51 dev Exp $
 4 | 
 5 | #ifndef _net_h_
 6 | #define _net_h_
 7 | 
 8 | /*
 9 |  * network definitions
10 |  */
11 | 
12 | #pragma pack(1)
13 | 
14 | struct ether_hdr {
15 | 	UCHAR	ether_dhost[6];
16 | 	UCHAR	ether_shost[6];
17 | 	USHORT	ether_type;
18 | };
19 | 
20 | #define	ETHERTYPE_IP		0x0800	/* IP protocol */
21 | 
22 | #define	IP_DF 0x4000			/* dont fragment flag */
23 | #define	IP_MF 0x2000			/* more fragments flag */
24 | #define	IP_OFFMASK 0x1fff		/* mask for fragmenting bits */
25 | 
26 | struct ip_hdr {
27 | 	UCHAR	ip_hl:4;	/* header length */
28 | 	UCHAR	ip_v:4;		/* version */
29 | 	UCHAR	ip_tos;		/* type of service */
30 | 	USHORT	ip_len;		/* total length */
31 | 	USHORT	ip_id;		/* identification */
32 | 	USHORT	ip_off;		/* fragment offset field */
33 | 	UCHAR	ip_ttl;		/* time to live */
34 | 	UCHAR	ip_p;		/* protocol */
35 | 	USHORT	ip_sum;		/* checksum */
36 | 	ULONG	ip_src;		/* source address */
37 | 	ULONG	ip_dst;		/* dest address */
38 | };
39 | 
40 | struct icmp_hdr {
41 | 	UCHAR	icmp_type;		/* type of message */
42 | 	UCHAR	icmp_code;		/* type sub code */
43 | 	USHORT	icmp_cksum;		/* ones complement cksum of struct */
44 | };
45 | 
46 | struct udp_hdr {
47 | 	USHORT	uh_sport;		/* source port */
48 | 	USHORT	uh_dport;		/* destination port */
49 | 	USHORT	uh_ulen;		/* udp length */
50 | 	USHORT	uh_sum;			/* udp checksum */
51 | };
52 | 
53 | #define	TH_FIN	0x01
54 | #define	TH_SYN	0x02
55 | #define	TH_RST	0x04
56 | #define	TH_PUSH	0x08
57 | #define	TH_ACK	0x10
58 | #define	TH_URG	0x20
59 | 
60 | struct tcp_hdr {
61 | 	USHORT	th_sport;		/* source port */
62 | 	USHORT	th_dport;		/* destination port */
63 | 	ULONG	th_seq;			/* sequence number */
64 | 	ULONG	th_ack;			/* acknowledgement number */
65 | 
66 | 	UCHAR	th_x2:4;		/* (unused) */
67 | 	UCHAR	th_off:4;		/* data offset */
68 | 	UCHAR	th_flags;
69 | 
70 | 	USHORT	th_win;			/* window */
71 | 	USHORT	th_sum;			/* checksum */
72 | 	USHORT	th_urp;			/* urgent pointer */
73 | };
74 | 
75 | #pragma pack()
76 | 
77 | #endif
78 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/obj_tbl.h:
--------------------------------------------------------------------------------
  1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
  2 |  *
  3 |  * Redistribution and use in source forms, with and without modification,
  4 |  * are permitted provided that this entire comment appears intact.
  5 |  *
  6 |  * Redistribution in binary form may occur without any restrictions.
  7 |  *
  8 |  * This software is provided ``AS IS'' without any warranties of any kind.
  9 |  */
 10 |  
 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 12 | //
 13 | // $Id: obj_tbl.h,v 1.6 2005/03/14 18:28:27 vlad Exp $
 14 | 
 15 | #ifndef _obj_tbl_h_
 16 | #define _obj_tbl_h_
 17 | 
 18 | #include "filter.h"
 19 | 
 20 | NTSTATUS	ot_init(void);
 21 | void		ot_free(void);
 22 | 
 23 | #define FILEOBJ_CONTROLOBJ	0
 24 | #define FILEOBJ_ADDROBJ		1
 25 | #define FILEOBJ_CONNOBJ		2
 26 | 
 27 | NTSTATUS	ot_add_fileobj(
 28 | 	PDEVICE_OBJECT devobj, PFILE_OBJECT fileobj, int fileobj_type, int ipproto,
 29 | 	CONNECTION_CONTEXT conn_ctx);
 30 | 
 31 | NTSTATUS	ot_del_fileobj(
 32 | 	PFILE_OBJECT fileobj, int *fileobj_type);
 33 | 
 34 | // maximum length of TDI_ADDRESS_TYPE_*
 35 | #define TDI_ADDRESS_MAX_LENGTH	TDI_ADDRESS_LENGTH_OSI_TSAP
 36 | #define TA_ADDRESS_MAX			(sizeof(TA_ADDRESS) - 1 + TDI_ADDRESS_MAX_LENGTH)
 37 | #define TDI_ADDRESS_INFO_MAX	(sizeof(TDI_ADDRESS_INFO) - 1 + TDI_ADDRESS_MAX_LENGTH)
 38 | 
 39 | // max event index
 40 | #ifdef TDI_EVENT_ERROR_EX
 41 | // 2k
 42 | #	define MAX_EVENT	(TDI_EVENT_ERROR_EX + 1)
 43 | #else
 44 | // NT4
 45 | #	define MAX_EVENT	(TDI_EVENT_CHAINED_RECEIVE_EXPEDITED + 1)
 46 | #endif
 47 | 
 48 | /* replaced context */
 49 | typedef struct {
 50 | 	PFILE_OBJECT	fileobj;		/* address object */
 51 |     PVOID			old_handler;	/* old event handler */
 52 |     PVOID			old_context;	/* old event handler context */
 53 | } TDI_EVENT_CONTEXT;
 54 | 
 55 | struct ot_entry {
 56 | 	ULONG signature;
 57 | 	struct ot_entry		*next;
 58 | 	
 59 | 	ULONG				pid;
 60 | 	
 61 | 	struct				_SID_AND_ATTRIBUTES *sid_a;
 62 | 	ULONG				sid_a_size;
 63 | 	
 64 | 	PDEVICE_OBJECT		devobj;
 65 | 	PFILE_OBJECT		fileobj;
 66 | 	PFILE_OBJECT		associated_fileobj;
 67 | 	
 68 | 	int					type;
 69 | 	int					ipproto;
 70 | 	
 71 | 	TDI_EVENT_CONTEXT	ctx[MAX_EVENT];
 72 | 	UCHAR				local_addr[TA_ADDRESS_MAX];
 73 | 	UCHAR				remote_addr[TA_ADDRESS_MAX];
 74 | 
 75 | 	CONNECTION_CONTEXT	conn_ctx;
 76 | 	
 77 | 	struct listen_entry	*listen_entry;	// for address object
 78 | 	struct conn_entry	*conn_entry;	// for connection object
 79 | 
 80 | 	// traffic count for connection object
 81 | 	ULONG				bytes_out;
 82 | 	ULONG				bytes_in;
 83 | 	
 84 | 	BOOLEAN				log_disconnect;
 85 | };
 86 | 
 87 | struct ot_entry	*ot_find_fileobj(PFILE_OBJECT fileobj, KIRQL *irql);
 88 | // Note: don't forget KeReleaseSpinLock(&g_ot_hash_guard, irql);
 89 | 
 90 | extern KSPIN_LOCK g_ot_hash_guard;
 91 | 
 92 | void    ot_cleanup_ote(struct ot_entry *ote);
 93 | 
 94 | 
 95 | NTSTATUS	ot_add_conn_ctx(
 96 | 	PFILE_OBJECT addrobj, CONNECTION_CONTEXT conn_ctx, PFILE_OBJECT connobj);
 97 | 
 98 | NTSTATUS	ot_del_conn_ctx(
 99 | 	PFILE_OBJECT addrobj, CONNECTION_CONTEXT conn_ctx);
100 | 
101 | PFILE_OBJECT ot_find_conn_ctx(
102 | 	PFILE_OBJECT addrobj, CONNECTION_CONTEXT conn_ctx);
103 | 
104 | 
105 | struct _SID_AND_ATTRIBUTES *get_current_sid_a(ULONG *sid_a_size);
106 | struct _SID_AND_ATTRIBUTES *copy_sid_a(struct _SID_AND_ATTRIBUTES *sid_a, ULONG sid_a_size);
107 | 
108 | #endif
109 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/packet.h:
--------------------------------------------------------------------------------
 1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 2 | //
 3 | // $Id: packet.h,v 1.1 2003/05/14 16:33:34 dev Exp $
 4 | 
 5 | #ifndef _packet_h_
 6 | #define _packet_h_
 7 | 
 8 | NTSTATUS	init_packet(void);
 9 | void		free_packet(void);
10 | 
11 | #endif
12 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/pid_pname.c:
--------------------------------------------------------------------------------
  1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
  2 |  *
  3 |  * Redistribution and use in source forms, with and without modification,
  4 |  * are permitted provided that this entire comment appears intact.
  5 |  *
  6 |  * Redistribution in binary form may occur without any restrictions.
  7 |  *
  8 |  * This software is provided ``AS IS'' without any warranties of any kind.
  9 |  */
 10 |  
 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 12 | //
 13 | // $Id: pid_pname.c,v 1.3 2003/01/21 13:16:12 dev Exp $
 14 | 
 15 | /*
 16 |  * Get process name by its pid and all related routines
 17 |  */
 18 | 
 19 | #include <ntddk.h>
 20 | 
 21 | #include "memtrack.h"
 22 | #include "pid_pname.h"
 23 | #include "sock.h"			
 24 | #include "ipc.h"		
 25 | 
 26 | /* process list entry */
 27 | struct plist_entry {
 28 | 	struct	plist_entry *next;
 29 | 	
 30 | 	// id & name
 31 | 	ULONG	pid;
 32 | 	char	*pname;
 33 | 	KEVENT	*pname_event;
 34 | 
 35 | 	int		context;
 36 | };
 37 | 
 38 | /* process list */
 39 | static struct {
 40 | 	struct		plist_entry *head;
 41 | 	struct		plist_entry *tail;
 42 | 	KSPIN_LOCK	guard;
 43 | } g_plist;
 44 | 
 45 | static struct plist_entry *add_ple(ULONG pid, KIRQL *irql);
 46 | static struct plist_entry *find_ple(ULONG pid, KIRQL *irql, struct plist_entry **prev);
 47 | 
 48 | static VOID ProcessNotifyProc(IN HANDLE ParentId, IN HANDLE ProcessId, IN BOOLEAN Create);
 49 | 
 50 | void
 51 | pid_pname_init(void)
 52 | {
 53 | 	KeInitializeSpinLock(&g_plist.guard);
 54 | 	g_plist.head = g_plist.tail = NULL;
 55 | 
 56 | 	PsSetCreateProcessNotifyRoutine(ProcessNotifyProc, FALSE);
 57 | }
 58 | 
 59 | // free plist
 60 | void
 61 | pid_pname_free(void)
 62 | {
 63 | 	KIRQL irql;
 64 | 	struct plist_entry *ple;
 65 | 
 66 | 	PsSetCreateProcessNotifyRoutine(ProcessNotifyProc, TRUE);
 67 | 
 68 | 	KeAcquireSpinLock(&g_plist.guard, &irql);
 69 | 	for (ple = g_plist.head; ple != NULL;) {
 70 | 		struct plist_entry *ple2 = ple->next;
 71 | 		if (ple->pname != NULL)
 72 | 			free(ple->pname);
 73 | 		free(ple);
 74 | 		ple = ple2;
 75 | 	}
 76 | 	g_plist.head = g_plist.tail = NULL;
 77 | 	KeReleaseSpinLock(&g_plist.guard, irql);
 78 | }
 79 | 
 80 | // try to get pname by pid
 81 | BOOLEAN
 82 | pid_pname_resolve(ULONG pid, char *buf, int buf_size)
 83 | {
 84 | 	BOOLEAN result;
 85 | 	KIRQL irql;
 86 | 	struct plist_entry *ple = find_ple(pid, &irql, NULL);
 87 | 
 88 | 	if (ple == NULL)
 89 | 		return FALSE;
 90 | 
 91 | 	if (ple->pname != NULL) {
 92 | 		if (buf_size > 0) {
 93 | 			strncpy(buf, ple->pname, buf_size);
 94 | 			buf[buf_size - 1] = '\0';
 95 | 		}
 96 | 		result = TRUE;
 97 | 	} else
 98 | 		result = FALSE;
 99 | 	
100 | 	KeReleaseSpinLock(&g_plist.guard, irql);
101 | 	return result;
102 | }
103 | 
104 | // set pname_event by pid
105 | NTSTATUS
106 | pid_pname_set_event(ULONG pid, KEVENT *event)
107 | {
108 | 	KIRQL irql;
109 | 	struct plist_entry *ple = find_ple(pid, &irql, NULL);
110 | 
111 | 	if (ple == NULL) {
112 | 		// try to add
113 | 		ple = add_ple(pid, &irql);
114 | 		if (ple == NULL)
115 | 			return STATUS_INSUFFICIENT_RESOURCES;
116 | 	}
117 | 
118 | 	ple->pname_event = event;
119 | 
120 | 	KeReleaseSpinLock(&g_plist.guard, irql);
121 | 	return STATUS_SUCCESS;
122 | }
123 | 
124 | NTSTATUS
125 | pid_pname_set(ULONG pid, const char *pname, int context)
126 | {
127 | 	KIRQL irql;
128 | 	struct plist_entry *ple = find_ple(pid, &irql, NULL);
129 | 	NTSTATUS status;
130 | 
131 | 	if (ple == NULL) {
132 | 		// try to add
133 | 		ple = add_ple(pid, &irql);
134 | 		if (ple == NULL)
135 | 			return STATUS_INSUFFICIENT_RESOURCES;
136 | 	}
137 | 	
138 | 	if (ple->pname == NULL) {
139 | 		ple->pname = (char *)malloc_np(strlen(pname) + 1);
140 | 		if (ple->pname != NULL) {
141 | 			strcpy(ple->pname, pname);
142 | 			status = STATUS_SUCCESS;
143 | 		} else {
144 | 			KdPrint(("[tdi_fw] set_pid_name: malloc_np!\n"));
145 | 			status = STATUS_INSUFFICIENT_RESOURCES;
146 | 		}
147 | 
148 | 		// and signal event we have name! (almost)
149 | 		if (ple->pname_event != NULL)
150 | 			KeSetEvent(ple->pname_event, IO_NO_INCREMENT, FALSE);
151 | 	
152 | 	} else
153 | 		status = STATUS_SUCCESS;	// already got pname
154 | 
155 | 
156 | 	ple->context = context;
157 | 
158 | 	KeReleaseSpinLock(&g_plist.guard, irql);
159 | 	return status;
160 | }
161 | 
162 | int
163 | pid_pname_get_context(ULONG pid)
164 | {
165 | 	KIRQL irql;
166 | 	int context;
167 | 	struct plist_entry *ple = find_ple(pid, &irql, NULL);
168 | 	if (ple == NULL)
169 | 		return 0;
170 | 
171 | 	context = ple->context;
172 | 	
173 | 	KeReleaseSpinLock(&g_plist.guard, irql);
174 | 	return context;
175 | }
176 | 
177 | 
178 | struct plist_entry *
179 | add_ple(ULONG pid, KIRQL *irql)
180 | {
181 | 	struct plist_entry *ple;
182 | 
183 | 	if (irql != NULL)
184 | 		KeAcquireSpinLock(&g_plist.guard, irql);
185 | 
186 | 	// add new entry to g_plist
187 | 	ple = (struct plist_entry *)malloc_np(sizeof(*ple));
188 | 	if (ple != NULL) {
189 | 		memset(ple, 0, sizeof(*ple));
190 | 		ple->pid = pid;
191 | 
192 | 		// append
193 | 		if (g_plist.tail != NULL) {
194 | 			g_plist.tail->next = ple;
195 | 			g_plist.tail = ple;
196 | 		} else
197 | 			g_plist.head = g_plist.tail = ple;
198 | 
199 | 	} else {
200 | 		KdPrint(("[tdi_fw] add_ple: malloc_np!\n"));
201 | 	
202 | 		if (irql != NULL)
203 | 			KeReleaseSpinLock(&g_plist.guard, *irql);
204 | 	}
205 | 
206 | 	return ple;
207 | }
208 | 
209 | struct plist_entry *
210 | find_ple(ULONG pid, KIRQL *irql, struct plist_entry **prev)
211 | {
212 | 	struct plist_entry *ple, *prev_ple;
213 | 
214 | 	if (irql != NULL)
215 | 		KeAcquireSpinLock(&g_plist.guard, irql);
216 | 
217 | 	prev_ple = NULL;
218 | 	for (ple = g_plist.head; ple != NULL; ple = ple->next) {
219 | 		if (ple->pid == pid) {
220 | 			if (prev != NULL)
221 | 				*prev = prev_ple;
222 | 			return ple;
223 | 		}
224 | 		prev_ple = ple;
225 | 	}
226 | 
227 | 	if (irql != NULL)
228 | 		KeReleaseSpinLock(&g_plist.guard, *irql);
229 | 	
230 | 	return NULL;
231 | }
232 | 
233 | // notify routine on process creation or removing
234 | extern int tdifw_filter(struct flt_request *request);
235 | 
236 | VOID
237 | ProcessNotifyProc(IN HANDLE ParentId, IN HANDLE ProcessId, IN BOOLEAN Create)
238 | {
239 | 	KIRQL irql;
240 | 	struct plist_entry *ple, *prev_ple;
241 | 	struct flt_request request = { 0 }; 
242 | 
243 | 	request.pid = (ULONG)ProcessId;
244 | 
245 | 	if (Create) {
246 | 
247 | 		// add by tan wen
248 | 		request.type = TYPE_PROCESS_CREATE;
249 | 		tdifw_filter(&request);
250 | 
251 | 		KdPrint(("[tdi_fw] ProcessNotifyProc: create process with pid:%u\n", ProcessId));
252 | 
253 | 		add_ple((ULONG)ProcessId, &irql);
254 | 		KeReleaseSpinLock(&g_plist.guard, irql);
255 | 
256 | 	} else {
257 | 
258 | 		request.type = TYPE_PROCESS_TERMINATE;
259 | 		tdifw_filter(&request);
260 | 
261 | 		// remove entry from plist
262 | 
263 | 		KdPrint(("[tdi_fw] ProcessNotifyProc: remove process with pid:%u\n", ProcessId));
264 | 
265 | 		ple = find_ple((ULONG)ProcessId, &irql, &prev_ple);
266 | 		if (ple == NULL)
267 | 			return;
268 | 
269 | 		if (prev_ple != NULL)
270 | 			prev_ple->next = ple->next;
271 | 		else
272 | 			g_plist.head = ple->next;
273 | 
274 | 		if (ple->next == NULL)
275 | 			g_plist.tail = prev_ple;
276 | 
277 | 		if (ple->pname != NULL) {
278 | 			KdPrint(("[tdi_fw] ProcessNotifyProc: pname was %s\n", ple->pname));
279 | 			free(ple->pname);
280 | 		}
281 | 
282 | 		free(ple);
283 | 		KeReleaseSpinLock(&g_plist.guard, irql);
284 | 	}
285 | }
286 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/pid_pname.h:
--------------------------------------------------------------------------------
 1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 2 | //
 3 | // $Id: pid_pname.h,v 1.1 2002/12/03 12:14:42 dev Exp $
 4 | 
 5 | #ifndef _pid_pname_h_
 6 | #define _pid_pname_h_
 7 | 
 8 | void		pid_pname_init(void);
 9 | void		pid_pname_free(void);
10 | 
11 | BOOLEAN		pid_pname_resolve(ULONG pid, char *buf, int buf_size);
12 | 
13 | NTSTATUS	pid_pname_set_event(ULONG pid, KEVENT *event);
14 | 
15 | NTSTATUS	pid_pname_set(ULONG pid, const char *pname, int context);
16 | int			pid_pname_get_context(ULONG pid);
17 | 
18 | #endif
19 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/sids.c:
--------------------------------------------------------------------------------
  1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
  2 |  *
  3 |  * Redistribution and use in source forms, with and without modification,
  4 |  * are permitted provided that this entire comment appears intact.
  5 |  *
  6 |  * Redistribution in binary form may occur without any restrictions.
  7 |  *
  8 |  * This software is provided ``AS IS'' without any warranties of any kind.
  9 |  */
 10 | 
 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 12 | //
 13 | // $Id: sids.c,v 1.1 2005/03/15 15:44:26 vlad Exp $
 14 | 
 15 | /*
 16 |  * Working with SID bitmasks
 17 |  */
 18 | 
 19 | #include <ntddk.h>
 20 | #include "sock.h"
 21 | 
 22 | #include "ipc.h"
 23 | #include "memtrack.h"
 24 | #include "sids.h"
 25 | #include "tdi_fw.h"
 26 | 
 27 | struct sid_nfo {
 28 | 	ULONG	sid_len;
 29 | 	char	sid_data[];
 30 | };
 31 | 
 32 | static struct {
 33 | 	char		*buf;
 34 | 	struct		sid_nfo *list[MAX_SIDS_COUNT];
 35 | 	int			count;
 36 | 	KSPIN_LOCK	guard;
 37 | } g_sids;
 38 | 
 39 | void
 40 | sids_init(void)
 41 | {
 42 | 	KeInitializeSpinLock(&g_sids.guard);
 43 | }
 44 | 
 45 | NTSTATUS
 46 | set_sid_list(char *buf, ULONG size)
 47 | {
 48 | 	KIRQL irql;
 49 | 	NTSTATUS status;
 50 | 	ULONG pos;
 51 | 	int i;
 52 | 
 53 | 	KeAcquireSpinLock(&g_sids.guard, &irql);
 54 | 
 55 | 	// first, free information
 56 | 	if (g_sids.buf != NULL) {
 57 | 		free(g_sids.buf);
 58 | 		g_sids.buf = NULL;
 59 | 	}
 60 | 	memset(g_sids.list, 0, sizeof(g_sids.list));
 61 | 	g_sids.count = 0;
 62 | 
 63 | 	if (size != 0) {
 64 | 		// copy buffer
 65 | 		g_sids.buf = (char *)malloc_np(size);
 66 | 		if (g_sids.buf == NULL) {
 67 | 			KdPrint(("[tdi_fw] set_sid_list: malloc_np!\n"));
 68 | 			status = STATUS_INSUFFICIENT_RESOURCES;
 69 | 			goto done;
 70 | 		}
 71 | 		memcpy(g_sids.buf, buf, size);
 72 | 
 73 | 		// parse buffer and find struct sid_nfo
 74 | 		for (pos = 0, i = 0; pos + sizeof(struct sid_nfo) < size && i < MAX_SIDS_COUNT; i++) {
 75 | 			struct sid_nfo *nfo = (struct sid_nfo *)&g_sids.buf[pos];
 76 | 
 77 | 			if (pos + sizeof(*nfo) + nfo->sid_len > size)
 78 | 				break;
 79 | 
 80 | 			g_sids.list[i] = nfo;
 81 | 
 82 | 			pos += sizeof(*nfo) + nfo->sid_len;
 83 | 		}
 84 | 
 85 | 		g_sids.count = i;
 86 | 
 87 | 		if (pos == size)
 88 | 			status = STATUS_SUCCESS;
 89 | 		else
 90 | 			status = STATUS_INVALID_PARAMETER;
 91 | 	} else
 92 | 		status = STATUS_SUCCESS;
 93 | 
 94 | done:
 95 | 	KeReleaseSpinLock(&g_sids.guard, irql);
 96 | 	return status;
 97 | }
 98 | 
 99 | #define SeLengthSid(sid)    (8 + 4 * ((unsigned char *)(sid))[1])
100 | 
101 | int
102 | get_sid_id(struct _SID_AND_ATTRIBUTES *sid_a, ULONG sid_a_size)
103 | {
104 | 	// doing linear search (optimize?)
105 | 	KIRQL irql;
106 | 	int i, result = 0;
107 | 
108 |     KdPrint(("[tdi_fw] get_sid_id: (sid_size = %u/%u)\n",
109 |         SeLengthSid(sid_a->Sid), sid_a_size));
110 | 
111 | 	KeAcquireSpinLock(&g_sids.guard, &irql);
112 | 
113 |     for (i = 1; i < g_sids.count; i++) {
114 |         // comparing sids byte by byte (can't call RtlEqualSid() due to DISPATCH_LEVEL)
115 | 
116 |         KdPrint(("[tdi_fw] get_sid_id: sid #%d size %u\n", i, SeLengthSid((PSID)g_sids.list[i]->sid_data)));
117 | 
118 | 		if (SeLengthSid(sid_a->Sid) == SeLengthSid((PSID)g_sids.list[i]->sid_data) &&
119 |             memcmp(sid_a->Sid, (PSID)g_sids.list[i]->sid_data, SeLengthSid(sid_a->Sid)) == 0) {
120 | 			result = i;
121 | 			break;
122 | 		}
123 |     }
124 | 
125 | 	KeReleaseSpinLock(&g_sids.guard, irql);
126 | 
127 | 	KdPrint(("[tdi_fw] get_sid_id: %d\n", result));
128 | 	return result;
129 | }
130 | 
131 | #define CURRENT_THREAD	(HANDLE)-2
132 | #define CURRENT_PROCESS	(HANDLE)-1
133 | 
134 | #define TOKEN_QUERY		0x0008
135 | 
136 | struct _SID_AND_ATTRIBUTES *
137 | get_current_sid_a(ULONG *sid_a_size)		// must be called at PASSIVE_LEVEL!
138 | {
139 | 	NTSTATUS status;
140 | 	HANDLE token;
141 | 	ULONG size;
142 | 	SID_AND_ATTRIBUTES *sid_a;
143 | 
144 | 	*sid_a_size = 0;
145 | 
146 | 	// open thread token
147 | 	status = ZwOpenThreadToken(CURRENT_THREAD, TOKEN_QUERY, FALSE, &token);
148 | 	if (status == STATUS_NO_TOKEN) {
149 | 		// open process token
150 | 		status = ZwOpenProcessToken(CURRENT_PROCESS, TOKEN_QUERY, &token);
151 | 	}
152 | 	if (status != STATUS_SUCCESS) {
153 | 		KdPrint(("[tdi_fw] get_current_sid_a: ZwOpen{Thread|Process}Token: 0x%x!\n"));
154 | 		return NULL;
155 | 	}
156 | 
157 | 	size = sizeof(*sid_a) + 100;		// default size
158 | 	
159 | 	sid_a = (SID_AND_ATTRIBUTES *)malloc_np(size);
160 | 	if (sid_a == NULL) {
161 | 		KdPrint(("[tdi_fw] get_current_sid_a: malloc_np!\n"));
162 | 		goto done;
163 | 	}
164 | 
165 | 	status = ZwQueryInformationToken(token, TokenUser, sid_a, size, &size);
166 | 	if (status == STATUS_BUFFER_TOO_SMALL) {
167 | 		free(sid_a);
168 | 		
169 | 		sid_a = (SID_AND_ATTRIBUTES *)malloc_np(size);
170 | 		if (sid_a == NULL) {
171 | 			KdPrint(("[tdi_fw] get_current_sid_a: malloc_np!\n"));
172 | 			goto done;
173 | 		}
174 | 
175 | 		status = ZwQueryInformationToken(token, TokenUser, sid_a, size, &size);
176 | 	}
177 | 	if (status != STATUS_SUCCESS) {
178 | 		KdPrint(("[tdi_fw] get_current_sid_a: ZwQueryInformationToken: 0x%x!\n"));
179 | 
180 | 		free(sid_a);
181 | 		sid_a = NULL;
182 | 		goto done;
183 | 	}
184 | 
185 | 	// got sid & attributes!
186 | 
187 | 	*sid_a_size = size;
188 | 
189 | done:
190 | 	ZwClose(token);
191 | 	return sid_a;
192 | }
193 | 
194 | struct _SID_AND_ATTRIBUTES *
195 | copy_sid_a(SID_AND_ATTRIBUTES *sid_a, ULONG sid_a_size)
196 | {
197 | 	SID_AND_ATTRIBUTES *result;
198 | 	
199 | 	if (sid_a == NULL)
200 | 		return NULL;
201 | 
202 | 	result = (SID_AND_ATTRIBUTES *)malloc_np(sid_a_size);
203 | 	if (result == NULL)
204 | 		return NULL;
205 | 
206 | 	memcpy(result, sid_a, sid_a_size);
207 | 
208 | 	result->Sid = (char *)result + ((char *)(sid_a->Sid) - (char *)sid_a);
209 | 
210 | 	return result;
211 | }
212 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/sids.h:
--------------------------------------------------------------------------------
 1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
 2 |  *
 3 |  * Redistribution and use in source forms, with and without modification,
 4 |  * are permitted provided that this entire comment appears intact.
 5 |  *
 6 |  * Redistribution in binary form may occur without any restrictions.
 7 |  *
 8 |  * This software is provided ``AS IS'' without any warranties of any kind.
 9 |  */
10 |  
11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
12 | //
13 | // $Id: sids.h,v 1.1 2005/03/15 15:44:26 vlad Exp $
14 | 
15 | #ifndef _sids_h_
16 | #define _sids_h_
17 | 
18 | /* SID stuff */
19 | 
20 | struct _SID_AND_ATTRIBUTES *get_current_sid_a(ULONG *sid_a_size);
21 | struct _SID_AND_ATTRIBUTES *copy_sid_a(struct _SID_AND_ATTRIBUTES *sid_a, ULONG sid_a_size);
22 | 
23 | void sids_init(void);
24 | 
25 | int get_sid_id(struct _SID_AND_ATTRIBUTES *sid_a, ULONG sid_a_size);
26 | 
27 | /* size can be NULL; buf is ULONG sid_len; SID ... */
28 | NTSTATUS set_sid_list(char *buf, ULONG size);
29 | 
30 | #endif
31 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/sock.c:
--------------------------------------------------------------------------------
 1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
 2 |  *
 3 |  * Redistribution and use in source forms, with and without modification,
 4 |  * are permitted provided that this entire comment appears intact.
 5 |  *
 6 |  * Redistribution in binary form may occur without any restrictions.
 7 |  *
 8 |  * This software is provided ``AS IS'' without any warranties of any kind.
 9 |  */
10 |  
11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
12 | //
13 | // $Id: sock.c,v 1.2 2002/12/03 12:14:28 dev Exp $
14 | 
15 | /*
16 |  * Some helpers from sockets
17 |  */
18 | 
19 | #include <stdlib.h>
20 | #include <string.h>
21 | #include "sock.h"
22 | 
23 | u_long
24 | ntohl (u_long netlong)
25 | {
26 | 	u_long result = 0;
27 | 	((char *)&result)[0] = ((char *)&netlong)[3];
28 | 	((char *)&result)[1] = ((char *)&netlong)[2];
29 | 	((char *)&result)[2] = ((char *)&netlong)[1];
30 | 	((char *)&result)[3] = ((char *)&netlong)[0];
31 | 	return result;
32 | }
33 | 
34 | u_short
35 | ntohs (u_short netshort)
36 | {
37 | 	u_short result = 0;
38 | 	((char *)&result)[0] = ((char *)&netshort)[1];
39 | 	((char *)&result)[1] = ((char *)&netshort)[0];
40 | 	return result;
41 | }
42 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/sock.h:
--------------------------------------------------------------------------------
 1 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 2 | //
 3 | // $Id: sock.h,v 1.2 2003/05/14 16:33:10 dev Exp $
 4 | 
 5 | #ifndef _sock_h_
 6 | #define _sock_h_
 7 | 
 8 | /*--- some declarations from winsock.h ---*/
 9 | 
10 | /*
11 |  * Basic system type definitions, taken from the BSD file sys/types.h.
12 |  */
13 | typedef unsigned char   u_char;
14 | typedef unsigned short  u_short;
15 | typedef unsigned int    u_int;
16 | typedef unsigned long   u_long;
17 | 
18 | // some socket functions
19 | 
20 | u_long		ntohl(u_long netlong);
21 | u_short		ntohs(u_short netshort);
22 | 
23 | u_long		htonl(u_long netlong);
24 | u_short		htons(u_short netshort);
25 | 
26 | /*
27 |  * Protocols
28 |  */
29 | #define IPPROTO_IP              0               /* dummy for IP */
30 | #define IPPROTO_ICMP            1               /* control message protocol */
31 | #define IPPROTO_TCP             6               /* tcp */
32 | #define IPPROTO_UDP             17              /* user datagram protocol */
33 | 
34 | /*
35 |  * Structure used by kernel to store most
36 |  * addresses.
37 |  */
38 | struct sockaddr {
39 |         u_short sa_family;              /* address family */
40 |         char    sa_data[14];            /* up to 14 bytes of direct address */
41 | };
42 | 
43 | /*
44 |  * Internet address (old style... should be updated)
45 |  */
46 | struct in_addr {
47 |         union {
48 |                 struct { u_char s_b1,s_b2,s_b3,s_b4; } S_un_b;
49 |                 struct { u_short s_w1,s_w2; } S_un_w;
50 |                 u_long S_addr;
51 |         } S_un;
52 | #define s_addr  S_un.S_addr
53 |                                 /* can be used for most tcp & ip code */
54 | #define s_host  S_un.S_un_b.s_b2
55 |                                 /* host on imp */
56 | #define s_net   S_un.S_un_b.s_b1
57 |                                 /* network */
58 | #define s_imp   S_un.S_un_w.s_w2
59 |                                 /* imp */
60 | #define s_impno S_un.S_un_b.s_b4
61 |                                 /* imp # */
62 | #define s_lh    S_un.S_un_b.s_b3
63 |                                 /* logical host */
64 | };
65 | 
66 | /*
67 |  * Socket address, internet style.
68 |  */
69 | struct sockaddr_in {
70 |         short   sin_family;
71 |         u_short sin_port;
72 |         struct  in_addr sin_addr;
73 |         char    sin_zero[8];
74 | };
75 | 
76 | /*
77 |  * Address families.
78 |  */
79 | #define AF_INET         2               /* internetwork: UDP, TCP, etc. */
80 | 
81 | #define INADDR_ANY              (u_long)0x00000000
82 | #define INADDR_LOOPBACK         0x7f000001
83 | #define INADDR_BROADCAST        (u_long)0xffffffff
84 | #define INADDR_NONE             0xffffffff
85 | 
86 | #endif
87 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/tdi_fw.h:
--------------------------------------------------------------------------------
  1 | /* Copyright (c) 2002-2005 Vladislav Goncharov.
  2 |  *
  3 |  * Redistribution and use in source forms, with and without modification,
  4 |  * are permitted provided that this entire comment appears intact.
  5 |  *
  6 |  * Redistribution in binary form may occur without any restrictions.
  7 |  *
  8 |  * This software is provided ``AS IS'' without any warranties of any kind.
  9 |  */
 10 |  
 11 | // -*- mode: C++; tab-width: 4; indent-tabs-mode: nil -*- (for GNU Emacs)
 12 | //
 13 | // $Id: tdi_fw.h,v 1.12 2005/03/14 18:28:27 vlad Exp $
 14 | 
 15 | #ifndef _tdi_fw_h_
 16 | #define _tdi_fw_h_
 17 | 
 18 | extern PDEVICE_OBJECT g_tcpfltobj, g_udpfltobj, g_ipfltobj;
 19 | 
 20 | #ifndef USE_TDI_HOOKING
 21 | // original (unhooked) device objects when don't using TDI hooking
 22 | extern PDEVICE_OBJECT g_tcpoldobj, g_udpoldobj, g_ipoldobj;
 23 | #endif
 24 | 
 25 | extern BOOLEAN g_got_log;
 26 | 
 27 | NTSTATUS tdi_dispatch_complete(
 28 | 	PDEVICE_OBJECT devobj, PIRP irp, int filter, PIO_COMPLETION_ROUTINE cr, PVOID context);
 29 | 
 30 | NTSTATUS tdi_generic_complete(
 31 | 	IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp, IN PVOID Context);
 32 | 
 33 | PDEVICE_OBJECT	get_original_devobj(PDEVICE_OBJECT flt_devobj, int *proto);
 34 | 
 35 | // should be in ipc.h
 36 | NTSTATUS process_request(ULONG code, char *buf, ULONG *buf_len, ULONG buf_size);
 37 | NTSTATUS process_nfo_request(ULONG code, char *buf, ULONG *buf_len, ULONG buf_size);
 38 | 
 39 | // used for incoming or outgoing connections
 40 | void update_conn_info(PDEVICE_OBJECT devobj, PFILE_OBJECT connobj);
 41 | 
 42 | // traffic counters
 43 | extern unsigned __int64 g_traffic[TRAFFIC_MAX];
 44 | extern KSPIN_LOCK g_traffic_guard;
 45 | 
 46 | /* some Native API prototypes */
 47 | 
 48 | NTKERNELAPI
 49 | NTSTATUS
 50 | ObReferenceObjectByName	(
 51 | 	IN PUNICODE_STRING	ObjectName,
 52 | 	IN ULONG			Attributes,
 53 | 	IN PACCESS_STATE	PassedAccessState OPTIONAL,
 54 | 	IN ACCESS_MASK		DesiredAccess OPTIONAL,
 55 | 	IN POBJECT_TYPE		ObjectType OPTIONAL,
 56 | 	IN KPROCESSOR_MODE	AccessMode,
 57 | 	IN OUT PVOID		ParseContext OPTIONAL,
 58 | 	OUT	PVOID			*Object
 59 | );
 60 | 
 61 | NTSTATUS
 62 | NTAPI
 63 | ZwCreateEvent (
 64 | 	OUT	PHANDLE				EventHandle,
 65 | 	IN ACCESS_MASK			DesiredAccess,
 66 | 	IN POBJECT_ATTRIBUTES	ObjectAttributes OPTIONAL,
 67 | 	IN EVENT_TYPE			EventType,
 68 | 	IN BOOLEAN				InitialState
 69 | );
 70 | 
 71 | NTSTATUS
 72 | NTAPI
 73 | ZwOpenThreadToken (
 74 | 	IN HANDLE		ThreadHandle,
 75 | 	IN ACCESS_MASK	DesiredAccess,
 76 | 	IN BOOLEAN		OpenAsSelf,
 77 | 	OUT	PHANDLE		TokenHandle
 78 | );
 79 | 
 80 | NTSTATUS
 81 | NTAPI
 82 | ZwOpenProcessToken (
 83 | 	IN HANDLE       ProcessHandle,
 84 | 	IN ACCESS_MASK  DesiredAccess,
 85 | 	OUT PHANDLE     TokenHandle
 86 | );
 87 | 
 88 | typedef	enum _TOKEN_INFORMATION_CLASS {
 89 | 	TokenUser =	1,
 90 | 	TokenGroups,
 91 | 	TokenPrivileges,
 92 | 	TokenOwner,
 93 | 	TokenPrimaryGroup,
 94 | 	TokenDefaultDacl,
 95 | 	TokenSource,
 96 | 	TokenType,
 97 | 	TokenImpersonationLevel,
 98 | 	TokenStatistics,
 99 | 	TokenRestrictedSids
100 | } TOKEN_INFORMATION_CLASS;
101 | 
102 | NTSTATUS
103 | NTAPI
104 | ZwQueryInformationToken	(
105 | 	IN HANDLE					TokenHandle,
106 | 	IN TOKEN_INFORMATION_CLASS	TokenInformationClass,
107 | 	OUT	PVOID					TokenInformation,
108 | 	IN ULONG					Length,
109 | 	OUT	PULONG					ResultLength
110 | );
111 | 
112 | typedef	enum _TOKEN_TYPE {
113 | 	TokenPrimary = 1,
114 | 	TokenImpersonation
115 | } TOKEN_TYPE;
116 | 
117 | typedef	struct _SID_AND_ATTRIBUTES {
118 | 	PSID	Sid;
119 | 	ULONG	Attributes;
120 | } SID_AND_ATTRIBUTES, *PSID_AND_ATTRIBUTES;
121 | 
122 | typedef	struct _TOKEN_USER {
123 | 	SID_AND_ATTRIBUTES User;
124 | } TOKEN_USER, *PTOKEN_USER;
125 | 
126 | NTSTATUS
127 | NTAPI
128 | ZwWaitForSingleObject(
129 | 	IN HANDLE hObject,
130 | 	IN BOOLEAN bAlertable,
131 | 	IN PLARGE_INTEGER Timeout
132 | );
133 | 
134 | /* for compilation under NT4 DDK */
135 | 
136 | #ifndef EVENT_ALL_ACCESS
137 | #   define EVENT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x3)
138 | #endif
139 | 
140 | #ifndef IoSkipCurrentIrpStackLocation
141 | #   define IoSkipCurrentIrpStackLocation(Irp) \
142 |     (Irp)->CurrentLocation++; \
143 |     (Irp)->Tail.Overlay.CurrentStackLocation++;
144 | #endif
145 | 
146 | extern POBJECT_TYPE	IoDriverObjectType;
147 | 
148 | #endif
149 | 


--------------------------------------------------------------------------------
/tdifw/src/tdifw/tdi_fw_lib.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/tdifw/src/tdifw/tdi_fw_lib.h


--------------------------------------------------------------------------------
/tdifw/tdi.log:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/tdifw/tdi.log


--------------------------------------------------------------------------------
/tdifw/tdifw-1.4.4.zip:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/tdifw/tdifw-1.4.4.zip


--------------------------------------------------------------------------------
/usbfilter/Sources:
--------------------------------------------------------------------------------
 1 | TARGETNAME=usbfilter
 2 | TARGETPATH=F:\Out\Bin\EhomeDriver
 3 | TARGETTYPE=DRIVER
 4 | C_DEFINES=
 5 | 
 6 | TARGETLIBS= $(TARGETLIBS)\
 7 | 		$(IFSKIT_LIB_PATH)\usbd.lib
 8 | 
 9 | INCLUDES=$(BASEDIR)\inc;\
10 |          $(BASEDIR)\inc\ddk;\
11 | 
12 | SOURCES = usbfilter.c
13 | 
14 | 


--------------------------------------------------------------------------------
/usbfilter/install.reg:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/usbfilter/install.reg


--------------------------------------------------------------------------------
/usbfilter/makefile:
--------------------------------------------------------------------------------
1 | #
2 | # DO NOT EDIT THIS FILE!!!  Edit .\sources. if you want to add a new source
3 | # file to this component.  This file merely indirects to the real make file
4 | # that is shared by all the driver components of the Windows NT DDK
5 | #
6 | 
7 | !INCLUDE $(NTMAKEENV)\makefile.def
8 | 
9 | 


--------------------------------------------------------------------------------
/usbfilter/usbfilter.c:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/usbfilter/usbfilter.c


--------------------------------------------------------------------------------
/usbfilter/usbfilter.h:
--------------------------------------------------------------------------------
 1 | #include <wdm.h>
 2 | #include <usb.h>
 3 | 
 4 | typedef struct _device_extension
 5 | {
 6 | 	IO_REMOVE_LOCK			remove_lock;
 7 | 	PDEVICE_OBJECT			device_object;
 8 | 	PDEVICE_OBJECT			pdo;
 9 | 	PDEVICE_OBJECT			lower_device_object;
10 | }device_extension, *device_extension_ptr;
11 | 
12 | void		ufd_unload(IN PDRIVER_OBJECT DriverObject);
13 | 
14 | NTSTATUS	ufd_add_device(IN PDRIVER_OBJECT DriverObject, 
15 | 						   IN PDEVICE_OBJECT pdo);
16 | 
17 | NTSTATUS	ufd_dispatch_default(IN PDEVICE_OBJECT device_object, IN PIRP irp);
18 | NTSTATUS	ufd_dispatch_power(IN PDEVICE_OBJECT device_object, IN PIRP irp);
19 | NTSTATUS	ufd_dispatch_pnp(IN PDEVICE_OBJECT device_object, IN PIRP irp);
20 | NTSTATUS	ufd_dispatch_pnp_start_device(IN PDEVICE_OBJECT device_object, 
21 | 										  IN PIRP irp);
22 | NTSTATUS	ufd_dispatch_scsi(IN PDEVICE_OBJECT device_object, IN PIRP irp);
23 | NTSTATUS	ufd_dispatch_internal_device_control(IN PDEVICE_OBJECT device_object, 
24 | 												 IN PIRP irp);
25 | 
26 | NTSTATUS	ufd_completion_usage_notification(IN PDEVICE_OBJECT device_object, 
27 | 											  IN PIRP irp, IN PVOID Context);
28 | NTSTATUS	ufd_completion_start_device(IN PDEVICE_OBJECT device_object, 
29 | 										IN PIRP irp, IN PVOID Context);
30 | NTSTATUS	ufd_completion_scsi(IN PDEVICE_OBJECT device_object, 
31 | 								IN PIRP irp, IN PVOID Context);
32 | NTSTATUS	ufd_completion_internal_device_control(IN PDEVICE_OBJECT device_object, 
33 | 								IN PIRP irp, IN PVOID Context);
34 | 
35 | NTSTATUS	ufd_get_usb_info(PDEVICE_OBJECT fdo, USHORT* pvid, USHORT* ppid, 
36 | 							 WCHAR* pmanuf, WCHAR* pproduct, WCHAR* psn);
37 | NTSTATUS	ufd_get_usb_class(PDEVICE_OBJECT fdo, UCHAR* pclass);
38 | NTSTATUS	ufd_check_usb_class(UCHAR uclass);
39 | NTSTATUS	ufd_check_usb_skip(USHORT vid, USHORT pid, WCHAR* pmanuf, 
40 | 							   WCHAR* pproduct, WCHAR* psn);
41 | 
42 | NTSTATUS	ufd_CallUSBD(IN PDEVICE_OBJECT fdo, IN PURB Urb);
43 | void		ufd_driver_removedevice(IN PDEVICE_OBJECT device_object);
44 | ULONG		ufd_get_device_type(PDEVICE_OBJECT pdo);
45 | 
46 | 
47 | 
48 | 


--------------------------------------------------------------------------------
/usbfilter/usbfilter.sln:
--------------------------------------------------------------------------------
 1 | 
 2 | Microsoft Visual Studio Solution File, Format Version 9.00
 3 | # Visual Studio 2005
 4 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "usbfilter", "usbfilter.vcproj", "{D3788FE7-4A62-4F93-B00A-B17898980ECB}"
 5 | EndProject
 6 | Global
 7 | 	GlobalSection(SolutionConfigurationPlatforms) = preSolution
 8 | 		Debug|Win32 = Debug|Win32
 9 | 		Release|Win32 = Release|Win32
10 | 	EndGlobalSection
11 | 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
12 | 		{D3788FE7-4A62-4F93-B00A-B17898980ECB}.Debug|Win32.ActiveCfg = Debug|Win32
13 | 		{D3788FE7-4A62-4F93-B00A-B17898980ECB}.Debug|Win32.Build.0 = Debug|Win32
14 | 		{D3788FE7-4A62-4F93-B00A-B17898980ECB}.Release|Win32.ActiveCfg = Release|Win32
15 | 		{D3788FE7-4A62-4F93-B00A-B17898980ECB}.Release|Win32.Build.0 = Release|Win32
16 | 	EndGlobalSection
17 | 	GlobalSection(SolutionProperties) = preSolution
18 | 		HideSolutionNode = FALSE
19 | 	EndGlobalSection
20 | EndGlobal
21 | 


--------------------------------------------------------------------------------
/usbfilter/usbfilter.vcproj:
--------------------------------------------------------------------------------
  1 | <?xml version="1.0" encoding="gb2312"?>
  2 | <VisualStudioProject
  3 | 	ProjectType="Visual C++"
  4 | 	Version="8.00"
  5 | 	Name="usbfilter"
  6 | 	ProjectGUID="{D3788FE7-4A62-4F93-B00A-B17898980ECB}"
  7 | 	RootNamespace="usbfilter"
  8 | 	>
  9 | 	<Platforms>
 10 | 		<Platform
 11 | 			Name="Win32"
 12 | 		/>
 13 | 	</Platforms>
 14 | 	<ToolFiles>
 15 | 	</ToolFiles>
 16 | 	<Configurations>
 17 | 		<Configuration
 18 | 			Name="Debug|Win32"
 19 | 			OutputDirectory="$(SolutionDir)$(ConfigurationName)"
 20 | 			IntermediateDirectory="$(ConfigurationName)"
 21 | 			ConfigurationType="0"
 22 | 			>
 23 | 			<Tool
 24 | 				Name="VCNMakeTool"
 25 | 				BuildCommandLine="usbfilter_build.bat chk x86 WXP $(ProjectDir)"
 26 | 				ReBuildCommandLine=""
 27 | 				CleanCommandLine=""
 28 | 				Output=""
 29 | 				PreprocessorDefinitions=""
 30 | 				IncludeSearchPath=""
 31 | 				ForcedIncludes=""
 32 | 				AssemblySearchPath=""
 33 | 				ForcedUsingAssemblies=""
 34 | 				CompileAsManaged=""
 35 | 			/>
 36 | 		</Configuration>
 37 | 		<Configuration
 38 | 			Name="Release|Win32"
 39 | 			IntermediateDirectory="$(ConfigurationName)"
 40 | 			ConfigurationType="1"
 41 | 			>
 42 | 			<Tool
 43 | 				Name="VCPreBuildEventTool"
 44 | 			/>
 45 | 			<Tool
 46 | 				Name="VCCustomBuildTool"
 47 | 			/>
 48 | 			<Tool
 49 | 				Name="VCXMLDataGeneratorTool"
 50 | 			/>
 51 | 			<Tool
 52 | 				Name="VCWebServiceProxyGeneratorTool"
 53 | 			/>
 54 | 			<Tool
 55 | 				Name="VCMIDLTool"
 56 | 			/>
 57 | 			<Tool
 58 | 				Name="VCCLCompilerTool"
 59 | 			/>
 60 | 			<Tool
 61 | 				Name="VCManagedResourceCompilerTool"
 62 | 			/>
 63 | 			<Tool
 64 | 				Name="VCResourceCompilerTool"
 65 | 			/>
 66 | 			<Tool
 67 | 				Name="VCPreLinkEventTool"
 68 | 			/>
 69 | 			<Tool
 70 | 				Name="VCLinkerTool"
 71 | 			/>
 72 | 			<Tool
 73 | 				Name="VCALinkTool"
 74 | 			/>
 75 | 			<Tool
 76 | 				Name="VCManifestTool"
 77 | 			/>
 78 | 			<Tool
 79 | 				Name="VCXDCMakeTool"
 80 | 			/>
 81 | 			<Tool
 82 | 				Name="VCBscMakeTool"
 83 | 			/>
 84 | 			<Tool
 85 | 				Name="VCFxCopTool"
 86 | 			/>
 87 | 			<Tool
 88 | 				Name="VCAppVerifierTool"
 89 | 			/>
 90 | 			<Tool
 91 | 				Name="VCWebDeploymentTool"
 92 | 			/>
 93 | 			<Tool
 94 | 				Name="VCPostBuildEventTool"
 95 | 			/>
 96 | 		</Configuration>
 97 | 	</Configurations>
 98 | 	<References>
 99 | 	</References>
100 | 	<Files>
101 | 		<Filter
102 | 			Name="Source Files"
103 | 			Filter="cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx"
104 | 			UniqueIdentifier="{4FC737F1-C7A5-4376-A066-2A32D752A2FF}"
105 | 			>
106 | 			<File
107 | 				RelativePath=".\usbfilter.c"
108 | 				>
109 | 			</File>
110 | 		</Filter>
111 | 		<Filter
112 | 			Name="Header Files"
113 | 			Filter="h;hpp;hxx;hm;inl;inc;xsd"
114 | 			UniqueIdentifier="{93995380-89BD-4b04-88EB-625FBE52EBFB}"
115 | 			>
116 | 			<File
117 | 				RelativePath=".\usbfilter.h"
118 | 				>
119 | 			</File>
120 | 		</Filter>
121 | 		<Filter
122 | 			Name="Resource Files"
123 | 			Filter="rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav"
124 | 			UniqueIdentifier="{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}"
125 | 			>
126 | 		</Filter>
127 | 		<File
128 | 			RelativePath=".\makefile"
129 | 			>
130 | 		</File>
131 | 		<File
132 | 			RelativePath=".\Sources"
133 | 			>
134 | 		</File>
135 | 	</Files>
136 | 	<Globals>
137 | 	</Globals>
138 | </VisualStudioProject>
139 | 


--------------------------------------------------------------------------------
/usbfilter/usbfilter_build.bat:
--------------------------------------------------------------------------------
1 | call D:\WinDDK\7600.16385.1\bin\setenv.bat D:\WinDDK\7600.16385.1\ %1 %2 %3 no_oacr
2 | cd /d %4
3 | build
4 | 


--------------------------------------------------------------------------------
/usbfilter/参考.log:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/lj1987new/guardlite/57fa3122719a63effe1baf06f288296a63977e9a/usbfilter/参考.log


--------------------------------------------------------------------------------