| 查看: 604 | 回复: 2 | ||
[求助]
求助hook程序的注解
|
|
有一下几段HOOK程序,看不太懂,求中文注解 NTSTATUS HookExistingNDISProtocols(void) { UINT *ProtocolPtr; NDIS_HANDLE hBogusProtocol = NULL; PNDIS_OPEN_BLOCK OpenBlockPtr = NULL; PNDIS_PROTOCOL_HOOK pNode; hBogusProtocol = RegisterBogusNDISProtocol(); if(hBogusProtocol == NULL) return STATUS_UNSUCCESSFUL; ProtocolPtr = (UINT*)hBogusProtocol; ProtocolPtr = (UINT*)((PBYTE)ProtocolPtr + sizeof(REFERENCE) + 8); ProtocolPtr = (UINT*)(*ProtocolPtr); while(ProtocolPtr != NULL) { OpenBlockPtr = (PNDIS_OPEN_BLOCK)(*ProtocolPtr); if(OpenBlockPtr != NULL) { pNode = NewNDISNode(); if(pNode != NULL) { pNode->ProtocolBindingContext = OpenBlockPtr->ProtocolBindingContext; pNode->MacBindingContext = OpenBlockPtr->MacBindingHandle; pNode->OpenBlockPtr = OpenBlockPtr; pNode->RealSendHandler = OpenBlockPtr->SendHandler; //How about WanSendHandler? pNode->RealPostNt31ReceiveHandler = OpenBlockPtr->PostNt31ReceiveHandler; InsertNDISNode(pNode); OpenBlockPtr->SendHandler = NDISSendHandler; //How about WanSendHandler? OpenBlockPtr->PostNt31ReceiveHandler = NDISPostNt31ReceiveHandler; } } ProtocolPtr = (UINT*)((PBYTE)ProtocolPtr + sizeof(REFERENCE) + 8); ProtocolPtr = (UINT*)(*ProtocolPtr); } DeregisterBogusNDISProtocol(hBogusProtocol); return STATUS_SUCCESS; } NTSTATUS HookExistingNDISProtocols(void) { UINT *ProtocolPtr; NDIS_HANDLE hBogusProtocol = NULL; PNDIS_OPEN_BLOCK OpenBlockPtr = NULL; PNDIS_PROTOCOL_HOOK pNode; hBogusProtocol = RegisterBogusNDISProtocol(); if(hBogusProtocol == NULL) return STATUS_UNSUCCESSFUL; ProtocolPtr = (UINT*)hBogusProtocol; ProtocolPtr = (UINT*)((PBYTE)ProtocolPtr + sizeof(REFERENCE) + 8); ProtocolPtr = (UINT*)(*ProtocolPtr); while(ProtocolPtr != NULL) { OpenBlockPtr = (PNDIS_OPEN_BLOCK)(*ProtocolPtr); if(OpenBlockPtr != NULL) { pNode = NewNDISNode(); if(pNode != NULL) { pNode->ProtocolBindingContext = OpenBlockPtr->ProtocolBindingContext; pNode->MacBindingContext = OpenBlockPtr->MacBindingHandle; pNode->OpenBlockPtr = OpenBlockPtr; pNode->RealSendHandler = OpenBlockPtr->SendHandler; //How about WanSendHandler? pNode->RealPostNt31ReceiveHandler = OpenBlockPtr->PostNt31ReceiveHandler; InsertNDISNode(pNode); OpenBlockPtr->SendHandler = NDISSendHandler; //How about WanSendHandler? OpenBlockPtr->PostNt31ReceiveHandler = NDISPostNt31ReceiveHandler; } } ProtocolPtr = (UINT*)((PBYTE)ProtocolPtr + sizeof(REFERENCE) + 8); ProtocolPtr = (UINT*)(*ProtocolPtr); } DeregisterBogusNDISProtocol(hBogusProtocol); return STATUS_SUCCESS; } NDIS_STATUS NDISSendHandler( IN NDIS_HANDLE MacBindingHandle, IN PNDIS_PACKET Packet) { PNDIS_PROTOCOL_HOOK Node; Node = FindNDISNode(MacBindingHandle,2); if(Node == NULL) return NDIS_STATUS_SUCCESS; return Node->RealSendHandler(MacBindingHandle,Packet); } NDIS_STATUS NDISPostNt31ReceiveHandler( IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_HANDLE MacReceiveContext, IN PVOID HeaderBuffer, IN UINT HeaderBufferSize, IN PVOID LookAheadBuffer, IN UINT LookAheadBufferSize, IN UINT PacketSize) { PNDIS_PROTOCOL_HOOK Node; Node = FindNDISNode(ProtocolBindingContext,1); if(Node == NULL) return NDIS_STATUS_SUCCESS; return Node->RealPostNt31ReceiveHandler(ProtocolBindingContext,MacReceiveContext, HeaderBuffer,HeaderBufferSize,LookAheadBuffer,LookAheadBufferSize,PacketSize); } |
回复此楼» 猜你喜欢
导师想让我从独立一作变成了共一第一
已经有9人回复
-
博士读完未来一定会好吗
已经有23人回复
-
到新单位后,换了新的研究方向,没有团队,持续积累2区以上论文,能申请到面上吗
已经有11人回复
-
读博
已经有4人回复
-
JMPT 期刊投稿流程
已经有4人回复
-
心脉受损
已经有5人回复
-
Springer期刊投稿求助
已经有4人回复
-
小论文投稿
已经有3人回复
-
申请2026年博士
已经有6人回复
» 本主题相关价值贴推荐,对您同样有帮助:
求助:约6kb质粒做模板的pcr程序怎么设定啊
已经有12人回复- C语言变量问题,求助大侠!!
已经有17人回复
- 【求助】MTALAB导入数据的精度。。。
已经有7人回复
- 【求助】matlab 中,几个m文件调用
已经有14人回复
- 【求助】关于未知树状结构存储的问题?请大虾指教!
已经有11人回复
- 【求助】如何写FORTRAN程序实现求平均最近邻距离
已经有34人回复
- 【求助】从文件读入数组遇到困难
已经有3人回复
- 【求助】请问材料化学专业的大三学生有没有必要报计算机三级考试?
已经有13人回复
- 【求助】温控仪的程序调制问题
已经有5人回复
- 【求助】帮我编个程啊~C语言,C++,Matlab,VB...都行~
已经有14人回复
cmdblock
银虫 (正式写手)
- 应助: 23 (小学生)
- 金币: 234.2
- 散金: 79
- 帖子: 719
- 在线: 123.7小时
- 虫号: 1520796
- 注册: 2011-12-02
- 性别: GG
- 专业: 计算机网络
2楼2012-03-21 10:19:55
nbjnh
木虫 (正式写手)
- 应助: 14 (小学生)
- 金币: 4668.8
- 红花: 12
- 帖子: 556
- 在线: 218.6小时
- 虫号: 1103994
- 注册: 2010-09-20
- 专业: 计算机应用技术
【答案】应助回帖
★ ★ ★ ★ ★
感谢参与,应助指数 +1
zhmindyx: 金币+5, ★★★★★最佳答案 2012-03-26 08:34:44
感谢参与,应助指数 +1
zhmindyx: 金币+5, ★★★★★最佳答案 2012-03-26 08:34:44
|
NTSTATUS HookExistingNDISProtocols(void) { UINT *ProtocolPtr; NDIS_HANDLE hBogusProtocol = NULL; //定义一个假协议指针 PNDIS_OPEN_BLOCK OpenBlockPtr = NULL; PNDIS_PROTOCOL_HOOK pNode; hBogusProtocol = RegisterBogusNDISProtocol();//注册假协议,以获得协议链表指针 if(hBogusProtocol == NULL) return STATUS_UNSUCCESSFUL;//协议注册不成功,后面的没法玩了,退出 ProtocolPtr = (UINT*)hBogusProtocol; ProtocolPtr = (UINT*)((PBYTE)ProtocolPtr + sizeof(REFERENCE) + 8); ProtocolPtr = (UINT*)(*ProtocolPtr); //估计楼主可能是看不懂上面三句!要了解上面三句先要清楚NDIS_HANDLE的结构。 //第二句是算取ndisProtocolList指针位置;第三句是取该协议链表的地址 /********************************************************************* struct PROTOCOL_HANDLE{ LIST_ENTRY protocolEntry; // +sizeof(REFERENCE) ULONG UnKnown1[2]; // +8 PLIST_ENTRY ndisProtocolList; _NDIS50_PROTOCOL_CHARACTERISTICS Characteristics; _WORK_QUEUE_ITEM Queue; KMUTEX Mutex; ULONG Unknown3[5]; USHORT NameBuff[Characteristics->Name.Length+1]; };//本结构从NdisRegisterProtocol中直接导出,也可以认为NDIS_HANDLE结构 //其实就是NDIS_OPEN_BLOCK结构即 struct _NDIS_PROTOCOL_BLOCK { PNDIS_OPEN_BLOCK OpenQueue; REFERENCE Ref; UINT Length; NDIS50_PROTOCOL_CHARACTERISTICS ProtocolCharacteristics; struct _NDIS_PROTOCOL_BLOCK *NextProtocol; ULONG MaxPatternSize; #if defined(NDIS_WRAPPER) struct _NDIS_PROTOCOL_FILTER * ProtocolFilter[NdisMediumMax+1]; WORK_QUEUE_ITEM WorkItem; KMUTEX Mutex; PKEVENT DeregEvent; #endif }; //不管是哪一个结构,总之ProtocolPtr最后指向协议链表的起点。 *********************************************************************/ while(ProtocolPtr != NULL) { //循环处理协议链表 OpenBlockPtr = (PNDIS_OPEN_BLOCK)(*ProtocolPtr);//取一个协议 if(OpenBlockPtr != NULL) {//如果协议不为空 pNode = NewNDISNode();//创建一个新结点,用于保存原始协议数据,以备恢复HOOK if(pNode != NULL) { pNode->ProtocolBindingContext = OpenBlockPtr->ProtocolBindingContext; pNode->MacBindingContext = OpenBlockPtr->MacBindingHandle; pNode->OpenBlockPtr = OpenBlockPtr; pNode->RealSendHandler = OpenBlockPtr->SendHandler; //How about WanSendHandler? pNode->RealPostNt31ReceiveHandler = OpenBlockPtr->PostNt31ReceiveHandler; InsertNDISNode(pNode); OpenBlockPtr->SendHandler = NDISSendHandler;//修改协议发送例程入口 //How about WanSendHandler? OpenBlockPtr->PostNt31ReceiveHandler = NDISPostNt31ReceiveHandler;//修改协议接收例程入口 /**************************************************************************************** 当网卡有数据包进入时,会通过表中ReceiveHandle或ReceivePacketHandler通知协议驱动程序有一 个该协议的数据包进入,反之协议驱动程序是通过SendHandler或SendPacketsHandler函数向网卡驱动 发送数据包到网络上去的。只要能够将每一个协议程序所填写的派发函数指向自己的函数,就能成功的 对数据包进行拦截。从上面两句代码来看,所有协议收、发例程全部被重新指向到NDISSendHandler() 和NDISPostNt31ReceiveHandler()函数中,那么所有的过滤工作将在这两个函数中完成,并且完成过滤 后,再将数据包转给原来的例程进行处理。 *****************************************************************************************/ } } ProtocolPtr = (UINT*)((PBYTE)ProtocolPtr + sizeof(REFERENCE) + 8); ProtocolPtr = (UINT*)(*ProtocolPtr); //上面两句,计算下一个协议入口。 } DeregisterBogusNDISProtocol(hBogusProtocol); return STATUS_SUCCESS; } NDIS_STATUS NDISSendHandler( IN NDIS_HANDLE MacBindingHandle, IN PNDIS_PACKET Packet) { PNDIS_PROTOCOL_HOOK Node; Node = FindNDISNode(MacBindingHandle,2); if(Node == NULL) return NDIS_STATUS_SUCCESS; return Node->RealSendHandler(MacBindingHandle,Packet); //发送例程没有做任何处理,直接将数据包传给保存在Node中的原例程处理。 //当然,如果需要做过滤的话,也可以添代码。 } NDIS_STATUS NDISPostNt31ReceiveHandler( IN NDIS_HANDLE ProtocolBindingContext, IN NDIS_HANDLE MacReceiveContext, IN PVOID HeaderBuffer, IN UINT HeaderBufferSize, IN PVOID LookAheadBuffer, IN UINT LookAheadBufferSize, IN UINT PacketSize) { PNDIS_PROTOCOL_HOOK Node; Node = FindNDISNode(ProtocolBindingContext,1); if(Node == NULL) return NDIS_STATUS_SUCCESS; return Node->RealPostNt31ReceiveHandler(ProtocolBindingContext,MacReceiveContext, HeaderBuffer,HeaderBufferSize,LookAheadBuffer,LookAheadBufferSize,PacketSize); //收到的包出没有处理,也是直接传给原例程处理的,自己加过滤代码吧。看样子应该是一个 //防火墙的框架程序。 } |
3楼2012-03-22 09:15:37