深度剖析WinPcap之(六)——驱动程序的初始化与清除 (2)
2009-09-11 00:00:00 来源:WEB开发网1.3 DriverEntry函数的具体实现
NPF的DriverEntry注册所有驱动程序的I/O回调函数、创建设备、在NDIS内把NPF定注册为一个协议驱动程序。NPF的DriverEntry函数的主要代码如下:
packetNtx\driver\packet.c 91~282
NTSTATUS
DriverEntry(
IN PDRIVER_OBJECT DriverObject,
IN PUNICODE_STRING RegistryPath
)
{
…
/*根据操作系统的版本,定义跳过回环数据包的正确标识*/
//获得操作系统的版本
PsGetVersion(&OsMajorVersion, &OsMinorVersion, NULL, NULL);
//根据不同的操作系统,定义跳过回环数据包的正确标识
if((OsMajorVersion == 5) && (OsMinorVersion == 0))
{ // Windows 2000 需要NDIS_FLAGS_DONT_LOOPBACK与
// NDIS_FLAGS_SKIP_LOOPBACK两个标识
g_SendPacketFlags = NDIS_FLAGS_DONT_LOOPBACK |
NDIS_FLAGS_SKIP_LOOPBACK_W2K;
}
else
{ // Windows XP、Windows 2003与后续的操作系统
//只需要NDIS_FLAGS_DONT_LOOPBACK标识
g_SendPacketFlags = NDIS_FLAGS_DONT_LOOPBACK;
}
/*初始化设备名称的前缀*/
NdisInitUnicodeString(&g_NPF_Prefix, g_NPF_PrefixBuffer);
/*获得CPU的个数,并保存该值*/
g_NCpu = NdisSystemProcessorCount();
/*零初化ProtocolChar结构体*/
RtlZeroMemory(&ProtocolChar,sizeof(NDIS_PROTOCOL_CHARACTERISTICS));
/*向NDIS注册协议驱动程序*/
//用协议数据(版本、名称等)与回调函数地址设置ProtocolChar
#ifdef NDIS50
ProtocolChar.MajorNdisVersion = 5;
#else
ProtocolChar.MajorNdisVersion = 3;
#endif
ProtocolChar.MinorNdisVersion = 0;
ProtocolChar.Reserved = 0;
ProtocolChar.OpenAdapterCompleteHandler = NPF_OpenAdapterComplete;
ProtocolChar.CloseAdapterCompleteHandler = NPF_CloseAdapterComplete;
ProtocolChar.SendCompleteHandler = NPF_SendComplete;
ProtocolChar.TransferDataCompleteHandler = NPF_TransferDataComplete;
ProtocolChar.ResetCompleteHandler = NPF_ResetComplete;
ProtocolChar.RequestCompleteHandler = NPF_RequestComplete;
ProtocolChar.ReceiveHandler = NPF_tap;
ProtocolChar.ReceiveCompleteHandler = NPF_ReceiveComplete;
ProtocolChar.StatusHandler = NPF_Status;
ProtocolChar.StatusCompleteHandler = NPF_StatusComplete;
#ifdef NDIS50
ProtocolChar.BindAdapterHandler = NPF_BindAdapter;
ProtocolChar.UnbindAdapterHandler = NPF_UnbindAdapter;
ProtocolChar.PnPEventHandler = NPF_PowerChange;
ProtocolChar.ReceivePacketHandler = NULL;
#endif
ProtocolChar.Name = ProtoName;
//把NPF注册为一个NDIS协议驱动程序
NdisRegisterProtocol(
&Status,
&g_NdisProtocolHandle,
&ProtocolChar,
sizeof(NDIS_PROTOCOL_CHARACTERISTICS));
if (Status != NDIS_STATUS_SUCCESS) {
//注册失败,函数返回
return Status;
}
/*设置IRP派遣函数和卸载例程*/
DriverObject->MajorFunction[IRP_MJ_CREATE] = NPF_Open;
DriverObject->MajorFunction[IRP_MJ_CLOSE] = NPF_Close;
DriverObject->MajorFunction[IRP_MJ_CLEANUP]= NPF_Cleanup;
DriverObject->MajorFunction[IRP_MJ_READ] = NPF_Read;
DriverObject->MajorFunction[IRP_MJ_WRITE] = NPF_Write;
DriverObject->MajorFunction[IRP_MJ_DEVICE_CONTROL] = NPF_IoControl;
DriverObject->DriverUnload = NPF_Unload;// 卸载例程
/*获取系统中可用的网络适配器信息*/
bindP = getAdaptersList();
if (bindP == NULL)
{//没有找到适配器,试图复制TCP-IP的绑定
tcpBindingsP = getTcpBindings();
if (tcpBindingsP == NULL)
{//TCP-IP没有找到,函数退出
goto RegistryError;
}
bindP = (WCHAR*)tcpBindingsP;
bindT = (WCHAR*)(tcpBindingsP->Data);
}
else
{
bindT = bindP;
}
for (; *bindT != UNICODE_NULL;
bindT += (macName.Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR))
{
RtlInitUnicodeString(&macName, bindT);
NPF_CreateDevice(DriverObject, &macName);//给一个适配器创建一个设备对象
}
return STATUS_SUCCESS;
/*处理函数错误*/
RegistryError:
NdisDeregisterProtocol(
&Status,
g_NdisProtocolHandle
);
Status=STATUS_UNSUCCESSFUL;
return(Status);
}
- ››深度解释攻击linux服务器的四种级别
- ››剖析java.util.concurrent锁
- ››剖析Android智能手机系统的更多功能
- ››深度分析地方社区网站的内容定位
- ››剖析Windows Azure Platform框架与组成
- ››剖析使用 ObjectOutputStream 可能引起的内存泄漏...
- ››剖析EWebEditor编辑器漏洞攻击案例
- ››剖析开源云:构建 Infrastructure as a Service 块...
- ››深度剖析 Android 和 iPhone OS
- ››深度分析:HTML5能否成为Flash终结者
- ››深度挖掘 更多Windows 7快捷模式
- ››深度挖掘 Windows 7快捷模式
中查找“深度剖析WinPcap之(六)——驱动程序的初始化与清除 (2)”更多相关内容
中查找“深度剖析WinPcap之(六)——驱动程序的初始化与清除 (2)”更多相关内容更多精彩
赞助商链接
