网安教育
培养网络安全人才
技术交流、学习咨询
名词说明:
这里说的网络过滤驱动,是light-weight filter (LWF),即通过NdisFRegisterFilterDriver注册的。
不包括TDI过滤和WFP这两种。
适用情况:知道别人注册了网络过滤驱动,你还卸载不掉它,如何让它不起作用,本文对你有引导的作用。
话外题:
关于TDI过滤驱动的枚举可以枚举设备链。
关于WFP的枚举可以参考我在《安全客》发表的《揪出那些在Windows操作系统中注册的WFP函数》。
URL:https://www.anquanke.com/post/id/236134
本文是NDIS系列注册的枚举之二:《遍历Windows操作的NDIS网络过滤驱动》。
废话少说,直入主题。
NdisFRegisterFilterDriver的与本主题关键的流程:
申请了一块_NDIS_FILTER_DRIVER_BLOCK大小的内存。
把这个内存的地址放入自己提供的NdisFRegisterFilterDriver的最后一个参数。
把这个结构放入ndisFilterDriverList链表里。
1Irql = KeAcquireSpinLockRaiseToDpc(&ndisFilterDriverListLock);
2FilterDriver->NextFilterDriver = ndisFilterDriverList;
3ndisFilterDriverList = FilterDriver;
4KeReleaseSpinLock(&ndisFilterDriverListLock, Irql);
所以得出枚举协议驱动的思路:
自己安装个过滤驱动,根据返回的句柄即_NDIS_FILTER_DRIVER_BLOCK *,以及成员NextFilterDriver进行遍历。
搜索定位全局但未导出的ndisFilterDriverList,类型是_NDIS_FILTER_DRIVER_BLOCK *。
注意锁:ndisFilterDriverListLock。
看看有没有导出的API,有这个为最好。
10: kd> x ndis!ndisFilterDriverList
2fffff804`7cd9c650 ndis!ndisFilterDriverList = <no type information>
30: kd> dq poi(ndis!ndisFilterDriverList) L1
4ffffe108`9c4a0d90 00000000`01e80104
50: kd> dt poi(ndis!ndisFilterDriverList) _NDIS_FILTER_DRIVER_BLOCK
6ndis!_NDIS_FILTER_DRIVER_BLOCK
7 _NDIS_FILTER_DRIVER_BLOCK
8 +0x000 Header : _NDIS_OBJECT_HEADER
9 +0x008 NextFilterDriver : 0xffffe108`9c4a0250 _NDIS_FILTER_DRIVER_BLOCK
10 +0x010 DriverObject : 0xffffe108`9c4a0bd0 _DRIVER_OBJECT
11 +0x018 FilterQueue : 0xffffe108`9c9cdaa0 _NDIS_FILTER_BLOCK
12 +0x020 FilterDriverContext : 0xfffff804`7e5f4720 Void
13 +0x028 Lock : 0
14 +0x030 Flags : 0
15 +0x038 DeviceList : _LIST_ENTRY [ 0xffffe108`9c4c6208 - 0xffffe108`9c4c6208 ]
16 +0x048 Ref : _REFERENCE_EX
17 +0x060 DefaultFilterCharacteristics : _NDIS_FILTER_DRIVER_CHARACTERISTICS
18 +0x150 Bind : KRef<NDIS_BIND_FILTER_DRIVER>
19 +0x158 ImageName : _UNICODE_STRING "pacer.sys"
200: kd> dt 0xffffe108`9c4a0250 _NDIS_FILTER_DRIVER_BLOCK
21ndis!_NDIS_FILTER_DRIVER_BLOCK
22 _NDIS_FILTER_DRIVER_BLOCK
23 +0x000 Header : _NDIS_OBJECT_HEADER
24 +0x008 NextFilterDriver : 0xffffe108`9c26ead0 _NDIS_FILTER_DRIVER_BLOCK
25 +0x010 DriverObject : 0xffffe108`9c49a8f0 _DRIVER_OBJECT
26 +0x018 FilterQueue : (null)
27 +0x020 FilterDriverContext : 0xffffe108`9c49a8f0 Void
28 +0x028 Lock : 0
29 +0x030 Flags : 2
30 +0x038 DeviceList : _LIST_ENTRY [ 0xffffe108`9c4a0618 - 0xffffe108`9c4a0618 ]
31 +0x048 Ref : _REFERENCE_EX
32 +0x060 DefaultFilterCharacteristics : _NDIS_FILTER_DRIVER_CHARACTERISTICS
33 +0x150 Bind : KRef<NDIS_BIND_FILTER_DRIVER>
34 +0x158 ImageName : _UNICODE_STRING "vwififlt.sys"
350: kd> dt 0xffffe108`9c26ead0 _NDIS_FILTER_DRIVER_BLOCK
36ndis!_NDIS_FILTER_DRIVER_BLOCK
37 _NDIS_FILTER_DRIVER_BLOCK
38 +0x000 Header : _NDIS_OBJECT_HEADER
39 +0x008 NextFilterDriver : 0xffffe108`9a87cd00 _NDIS_FILTER_DRIVER_BLOCK
40 +0x010 DriverObject : 0xffffe108`9c2b5960 _DRIVER_OBJECT
41 +0x018 FilterQueue : (null)
42 +0x020 FilterDriverContext : 0xffffe108`9c2b5960 Void
43 +0x028 Lock : 0
44 +0x030 Flags : 0
45 +0x038 DeviceList : _LIST_ENTRY [ 0xffffe108`9c26eb08 - 0xffffe108`9c26eb08 ]
46 +0x048 Ref : _REFERENCE_EX
47 +0x060 DefaultFilterCharacteristics : _NDIS_FILTER_DRIVER_CHARACTERISTICS
48 +0x150 Bind : KRef<NDIS_BIND_FILTER_DRIVER>
49 +0x158 ImageName : _UNICODE_STRING "wfplwfs.sys"
500: kd> dt 0xffffe108`9a87cd00 _NDIS_FILTER_DRIVER_BLOCK
51ndis!_NDIS_FILTER_DRIVER_BLOCK
52 _NDIS_FILTER_DRIVER_BLOCK
53 +0x000 Header : _NDIS_OBJECT_HEADER
54 +0x008 NextFilterDriver : 0xffffe108`9a87dd00 _NDIS_FILTER_DRIVER_BLOCK
55 +0x010 DriverObject : 0xffffe108`9c2b5960 _DRIVER_OBJECT
56 +0x018 FilterQueue : 0xffffe108`9c9d37a0 _NDIS_FILTER_BLOCK
57 +0x020 FilterDriverContext : 0xffffe108`9c2b5960 Void
58 +0x028 Lock : 0
59 +0x030 Flags : 2
60 +0x038 DeviceList : _LIST_ENTRY [ 0xffffe108`9a87cd38 - 0xffffe108`9a87cd38 ]
61 +0x048 Ref : _REFERENCE_EX
62 +0x060 DefaultFilterCharacteristics : _NDIS_FILTER_DRIVER_CHARACTERISTICS
63 +0x150 Bind : KRef<NDIS_BIND_FILTER_DRIVER>
64 +0x158 ImageName : _UNICODE_STRING "wfplwfs.sys"
650: kd> dt 0xffffe108`9a87dd00 _NDIS_FILTER_DRIVER_BLOCK
66ndis!_NDIS_FILTER_DRIVER_BLOCK
67 _NDIS_FILTER_DRIVER_BLOCK
68 +0x000 Header : _NDIS_OBJECT_HEADER
69 +0x008 NextFilterDriver : (null)
70 +0x010 DriverObject : 0xffffe108`9c2b5960 _DRIVER_OBJECT
71 +0x018 FilterQueue : 0xffffe108`9c9df010 _NDIS_FILTER_BLOCK
72 +0x020 FilterDriverContext : 0xffffe108`9c2b5960 Void
73 +0x028 Lock : 0
74 +0x030 Flags : 2
75 +0x038 DeviceList : _LIST_ENTRY [ 0xffffe108`9a87dd38 - 0xffffe108`9a87dd38 ]
76 +0x048 Ref : _REFERENCE_EX
77 +0x060 DefaultFilterCharacteristics : _NDIS_FILTER_DRIVER_CHARACTERISTICS
78 +0x150 Bind : KRef<NDIS_BIND_FILTER_DRIVER>
79 +0x158 ImageName : _UNICODE_STRING "wfplwfs.sys"
下面依次看看每个网络过滤驱动的详细信息,如:注册的函数等。
10: kd> dt ffffe108`9c4a0d90+0x060 _NDIS_FILTER_DRIVER_CHARACTERISTICS
2ndis!_NDIS_FILTER_DRIVER_CHARACTERISTICS
3 +0x000 Header : _NDIS_OBJECT_HEADER
4 +0x004 MajorNdisVersion : 0x6 ''
5 +0x005 MinorNdisVersion : 0x1e ''
6 +0x006 MajorDriverVersion : 0x1 ''
7 +0x007 MinorDriverVersion : 0 ''
8 +0x008 Flags : 0
9 +0x010 FriendlyName : _UNICODE_STRING "QoS Packet Scheduler"
10 +0x020 UniqueName : _UNICODE_STRING "{B5F4D659-7DAA-4565-8E41-BE220ED60542}"
11 +0x030 ServiceName : _UNICODE_STRING "Psched"
12 +0x040 SetOptionsHandler : 0xfffff804`7e5e7090 int pacer!PcFilterSetOptions+0
13 +0x048 SetFilterModuleOptionsHandler : 0xfffff804`7e5e2750 int pacer!PcFilterSetModuleOptions+0
14 +0x050 AttachHandler : 0xfffff804`7e5e10c0 int pacer!PcFilterAttach+0
15 +0x058 DetachHandler : 0xfffff804`7e5e15c0 void pacer!PcFilterDetach+0
16 +0x060 RestartHandler : 0xfffff804`7e5f8010 int pacer!PcFilterRestart+0
17 +0x068 PauseHandler : 0xfffff804`7e5e2640 int pacer!PcFilterPause+0
18 +0x070 SendNetBufferListsHandler : (null)
19 +0x078 SendNetBufferListsCompleteHandler : (null)
20 +0x080 CancelSendNetBufferListsHandler : (null)
21 +0x088 ReceiveNetBufferListsHandler : (null)
22 +0x090 ReturnNetBufferListsHandler : (null)
23 +0x098 OidRequestHandler : 0xfffff804`7e5e28e0 int pacer!PcFilterRequest+0
24 +0x0a0 OidRequestCompleteHandler : 0xfffff804`7e5e27f0 void pacer!PcFilterRequestComplete+0
25 +0x0a8 CancelOidRequestHandler : (null)
26 +0x0b0 DevicePnPEventNotifyHandler : 0xfffff804`7e5f9ac0 void pacer!PcFilterPnPEventNotify+0
27 +0x0b8 NetPnPEventHandler : 0xfffff804`7e5f8a30 int pacer!PcFilterPnPEvent+0
28 +0x0c0 StatusHandler : 0xfffff804`7e5e1010 void pacer!PcFilterStatus+0
29 +0x0c8 DirectOidRequestHandler : (null)
30 +0x0d0 DirectOidRequestCompleteHandler : (null)
31 +0x0d8 CancelDirectOidRequestHandler : (null)
32 +0x0e0 SynchronousOidRequestHandler : (null)
33 +0x0e8 SynchronousOidRequestCompleteHandler : (null)
340: kd> dt 0xffffe108`9c4a0250+0x060 _NDIS_FILTER_DRIVER_CHARACTERISTICS
35ndis!_NDIS_FILTER_DRIVER_CHARACTERISTICS
36 +0x000 Header : _NDIS_OBJECT_HEADER
37 +0x004 MajorNdisVersion : 0x6 ''
38 +0x005 MinorNdisVersion : 0x32 '2'
39 +0x006 MajorDriverVersion : 0x1 ''
40 +0x007 MinorDriverVersion : 0 ''
41 +0x008 Flags : 2
42 +0x010 FriendlyName : _UNICODE_STRING "Virtual WiFi Filter Driver"
43 +0x020 UniqueName : _UNICODE_STRING "{5CBF81BF-5055-47CD-9055-A76B2B4E3698}"
44 +0x030 ServiceName : _UNICODE_STRING "vwififlt"
45 +0x040 SetOptionsHandler : (null)
46 +0x048 SetFilterModuleOptionsHandler : (null)
47 +0x050 AttachHandler : 0xfffff804`7e5c2920 int vwififlt!FilterAttach+0
48 +0x058 DetachHandler : 0xfffff804`7e5c3630 void vwififlt!FilterDetach+0
49 +0x060 RestartHandler : 0xfffff804`7e5c5ff0 int vwififlt!FilterRestart+0
50 +0x068 PauseHandler : 0xfffff804`7e5c52c0 int vwififlt!FilterPause+0
51 +0x070 SendNetBufferListsHandler : 0xfffff804`7e5c64c0 void vwififlt!FilterSendNetBufferLists+0
52 +0x078 SendNetBufferListsCompleteHandler : 0xfffff804`7e5c6540 void vwififlt!FilterSendNetBufferListsComplete+0
53 +0x080 CancelSendNetBufferListsHandler : 0xfffff804`7e5c30d0 void vwififlt!FilterCancelSendNetBufferLists+0
54 +0x088 ReceiveNetBufferListsHandler : 0xfffff804`7e5c5af0 void vwififlt!FilterReceiveNetBufferLists+0
55 +0x090 ReturnNetBufferListsHandler : 0xfffff804`7e5c6270 void vwififlt!FilterReturnNetBufferLists+0
56 +0x098 OidRequestHandler : 0xfffff804`7e5c4990 int vwififlt!FilterOidRequest+0
57 +0x0a0 OidRequestCompleteHandler : 0xfffff804`7e5c4ea0 void vwififlt!FilterOidRequestComplete+0
58 +0x0a8 CancelOidRequestHandler : 0xfffff804`7e5c3030 void vwififlt!FilterCancelOidRequest+0
59 +0x0b0 DevicePnPEventNotifyHandler : 0xfffff804`7e5c3810 void vwififlt!FilterDevicePnPEventNotify+0
60 +0x0b8 NetPnPEventHandler : 0xfffff804`7e5c48e0 int vwififlt!FilterNetPnPEvent+0
61 +0x0c0 StatusHandler : 0xfffff804`7e5c7600 void vwififlt!FilterStatus+0
62 +0x0c8 DirectOidRequestHandler : 0xfffff804`7e5c3930 int vwififlt!FilterDirectOidRequest+0
63 +0x0d0 DirectOidRequestCompleteHandler : 0xfffff804`7e5c3ca0 void vwififlt!FilterDirectOidRequestComplete+0
64 +0x0d8 CancelDirectOidRequestHandler : 0xfffff804`7e5c2f90 void vwififlt!FilterCancelDirectOidRequest+0
65 +0x0e0 SynchronousOidRequestHandler : (null)
66 +0x0e8 SynchronousOidRequestCompleteHandler : (null)
670: kd> dt 0xffffe108`9c26ead0+0x060 _NDIS_FILTER_DRIVER_CHARACTERISTICS
68ndis!_NDIS_FILTER_DRIVER_CHARACTERISTICS
69 +0x000 Header : _NDIS_OBJECT_HEADER
70 +0x004 MajorNdisVersion : 0x6 ''
71 +0x005 MinorNdisVersion : 0x32 '2'
72 +0x006 MajorDriverVersion : 0x1 ''
73 +0x007 MinorDriverVersion : 0 ''
74 +0x008 Flags : 0
75 +0x010 FriendlyName : _UNICODE_STRING "WFP vSwitch Layers LightWeight Filter"
76 +0x020 UniqueName : _UNICODE_STRING "{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}"
77 +0x030 ServiceName : _UNICODE_STRING "wfplwfs"
78 +0x040 SetOptionsHandler : (null)
79 +0x048 SetFilterModuleOptionsHandler : 0xfffff804`7d2e3ed0 int wfplwfs!LwfvSwitchSetFilterModuleOptions+0
80 +0x050 AttachHandler : 0xfffff804`7d2e1f20 int wfplwfs!LwfvSwitchAttach+0
81 +0x058 DetachHandler : 0xfffff804`7d2e2630 void wfplwfs!LwfvSwitchDetach+0
82 +0x060 RestartHandler : 0xfffff804`7d2e3880 int wfplwfs!LwfvSwitchRestart+0
83 +0x068 PauseHandler : 0xfffff804`7d2d2370 int wfplwfs!LwfLowerPause+0
84 +0x070 SendNetBufferListsHandler : (null)
85 +0x078 SendNetBufferListsCompleteHandler : (null)
86 +0x080 CancelSendNetBufferListsHandler : (null)
87 +0x088 ReceiveNetBufferListsHandler : (null)
88 +0x090 ReturnNetBufferListsHandler : (null)
89 +0x098 OidRequestHandler : 0xfffff804`7d2e30f0 int wfplwfs!LwfvSwitchOidRequest+0
90 +0x0a0 OidRequestCompleteHandler : 0xfffff804`7d2e3270 void wfplwfs!LwfvSwitchOidRequestComplete+0
91 +0x0a8 CancelOidRequestHandler : 0xfffff804`7d2d5cb0 void wfplwfs!LwfLowerCancelOidRequest+0
92 +0x0b0 DevicePnPEventNotifyHandler : (null)
93 +0x0b8 NetPnPEventHandler : 0xfffff804`7d2e30a0 int wfplwfs!LwfvSwitchNetPnPEvent+0
94 +0x0c0 StatusHandler : 0xfffff804`7d2e4020 void wfplwfs!LwfvSwitchStatusIndication+0
95 +0x0c8 DirectOidRequestHandler : (null)
96 +0x0d0 DirectOidRequestCompleteHandler : (null)
97 +0x0d8 CancelDirectOidRequestHandler : (null)
98 +0x0e0 SynchronousOidRequestHandler : (null)
99 +0x0e8 SynchronousOidRequestCompleteHandler : (null)
1000: kd> dt 0xffffe108`9a87cd00+0x060 _NDIS_FILTER_DRIVER_CHARACTERISTICS
101ndis!_NDIS_FILTER_DRIVER_CHARACTERISTICS
102 +0x000 Header : _NDIS_OBJECT_HEADER
103 +0x004 MajorNdisVersion : 0x6 ''
104 +0x005 MinorNdisVersion : 0x32 '2'
105 +0x006 MajorDriverVersion : 0x1 ''
106 +0x007 MinorDriverVersion : 0 ''
107 +0x008 Flags : 2
108 +0x010 FriendlyName : _UNICODE_STRING "WFP Native MAC Layer LightWeight Filter"
109 +0x020 UniqueName : _UNICODE_STRING "{3BFD7820-D65C-4C1B-9FEA-983A019639EA}"
110 +0x030 ServiceName : _UNICODE_STRING "wfplwfs"
111 +0x040 SetOptionsHandler : (null)
112 +0x048 SetFilterModuleOptionsHandler : 0xfffff804`7d2d21b0 int wfplwfs!LwfLowerSetFilterModuleOptions+0
113 +0x050 AttachHandler : 0xfffff804`7d2d1ae0 int wfplwfs!LwfLowerAttach+0
114 +0x058 DetachHandler : 0xfffff804`7d2d1fc0 void wfplwfs!LwfLowerDetach+0
115 +0x060 RestartHandler : 0xfffff804`7d2d2320 int wfplwfs!LwfLowerRestart+0
116 +0x068 PauseHandler : 0xfffff804`7d2d2370 int wfplwfs!LwfLowerPause+0
117 +0x070 SendNetBufferListsHandler : 0xfffff804`7d2d1010 void wfplwfs!LwfLowerSendNetBufferLists+0
118 +0x078 SendNetBufferListsCompleteHandler : 0xfffff804`7d2d1710 void wfplwfs!LwfLowerSendNetBufferListsComplete+0
119 +0x080 CancelSendNetBufferListsHandler : (null)
120 +0x088 ReceiveNetBufferListsHandler : 0xfffff804`7d2d1190 void wfplwfs!LwfLowerRecvNetBufferLists+0
121 +0x090 ReturnNetBufferListsHandler : 0xfffff804`7d2d15f0 void wfplwfs!LwfLowerReturnNetBufferLists+0
122 +0x098 OidRequestHandler : 0xfffff804`7d2d1990 int wfplwfs!LwfLowerOidRequest+0
123 +0x0a0 OidRequestCompleteHandler : 0xfffff804`7d2d1830 void wfplwfs!LwfLowerOidRequestComplete+0
124 +0x0a8 CancelOidRequestHandler : 0xfffff804`7d2d5cb0 void wfplwfs!LwfLowerCancelOidRequest+0
125 +0x0b0 DevicePnPEventNotifyHandler : (null)
126 +0x0b8 NetPnPEventHandler : (null)
127 +0x0c0 StatusHandler : 0xfffff804`7d2d22f0 void wfplwfs!LwfLowerStatusIndication+0
128 +0x0c8 DirectOidRequestHandler : (null)
129 +0x0d0 DirectOidRequestCompleteHandler : (null)
130 +0x0d8 CancelDirectOidRequestHandler : (null)
131 +0x0e0 SynchronousOidRequestHandler : (null)
132 +0x0e8 SynchronousOidRequestCompleteHandler : (null)
1330: kd> dt 0xffffe108`9a87dd00+0x060 _NDIS_FILTER_DRIVER_CHARACTERISTICS
134ndis!_NDIS_FILTER_DRIVER_CHARACTERISTICS
135 +0x000 Header : _NDIS_OBJECT_HEADER
136 +0x004 MajorNdisVersion : 0x6 ''
137 +0x005 MinorNdisVersion : 0x32 '2'
138 +0x006 MajorDriverVersion : 0x1 ''
139 +0x007 MinorDriverVersion : 0 ''
140 +0x008 Flags : 2
141 +0x010 FriendlyName : _UNICODE_STRING "WFP 802.3 MAC Layer LightWeight Filter"
142 +0x020 UniqueName : _UNICODE_STRING "{B70D6460-3635-4D42-B866-B8AB1A24454C}"
143 +0x030 ServiceName : _UNICODE_STRING "wfplwfs"
144 +0x040 SetOptionsHandler : (null)
145 +0x048 SetFilterModuleOptionsHandler : 0xfffff804`7d2d2250 int wfplwfs!LwfUpperSetFilterModuleOptions+0
146 +0x050 AttachHandler : 0xfffff804`7d2d1cc0 int wfplwfs!LwfUpperAttach+0
147 +0x058 DetachHandler : 0xfffff804`7d2d20d0 void wfplwfs!LwfUpperDetach+0
148 +0x060 RestartHandler : 0xfffff804`7d2d23f0 int wfplwfs!LwfUpperRestart+0
149 +0x068 PauseHandler : 0xfffff804`7d2d2370 int wfplwfs!LwfLowerPause+0
150 +0x070 SendNetBufferListsHandler : (null)
151 +0x078 SendNetBufferListsCompleteHandler : (null)
152 +0x080 CancelSendNetBufferListsHandler : (null)
153 +0x088 ReceiveNetBufferListsHandler : (null)
154 +0x090 ReturnNetBufferListsHandler : (null)
155 +0x098 OidRequestHandler : (null)
156 +0x0a0 OidRequestCompleteHandler : (null)
157 +0x0a8 CancelOidRequestHandler : (null)
158 +0x0b0 DevicePnPEventNotifyHandler : (null)
159 +0x0b8 NetPnPEventHandler : (null)
160 +0x0c0 StatusHandler : 0xfffff804`7d2d22f0 void wfplwfs!LwfLowerStatusIndication+0
161 +0x0c8 DirectOidRequestHandler : (null)
162 +0x0d0 DirectOidRequestCompleteHandler : (null)
163 +0x0d8 CancelDirectOidRequestHandler : (null)
164 +0x0e0 SynchronousOidRequestHandler : (null)
165 +0x0e8 SynchronousOidRequestCompleteHandler : (null)
下面用命令验证下:
10: kd> !ndiskd.filter
2ffffe1089c4a0d90 - QoS Packet Scheduler
3 Filter ffffe1089c9cdaa0, Miniport ffffe1089c5e81a0 - Intel(R) 82574L Gigabit Network Connection
4ffffe1089c4a0250 - Virtual WiFi Filter Driver
5ffffe1089c26ead0 - WFP vSwitch Layers LightWeight Filter
6ffffe1089a87cd00 - WFP Native MAC Layer LightWeight Filter
7 Filter ffffe1089c9d37a0, Miniport ffffe1089c5e81a0 - Intel(R) 82574L Gigabit Network Connection
8ffffe1089a87dd00 - WFP 802.3 MAC Layer LightWeight Filter
9 Filter ffffe1089c9df010, Miniport ffffe1089c5e81a0 - Intel(R) 82574L Gigabit Network Connection
首先个数对应,第二地址对应,第三FriendlyName也一样。
下面继续看看更详细的信息,可以根上面的对比下。
10: kd> !ndiskd.filterdriver ffffe1089c4a0d90
2
3
4FILTER DRIVER
5
6QoS Packet Scheduler
7
8Ndis handle ffffe1089c4a0d90
9Driver context fffff8047e5f4720
10Ndis API version v6.30
11Driver version v1.0
12Driver object ffffe1089c4a0bd0
13Driver image pacer.sys
14
15Bind flags Optional, Modifying
16Class Cannot find field '_p' in 'class wistd::unique_ptr >'
17References 2
18
19
20FILTER MODULES
21
22Filter module
23ffffe1089c9cdaa0 - Intel(R) 82574L Gigabit Network Connection-QoS Packet Scheduler-0000
24
25
26HANDLERS
27
28Filter handler Function pointer Symbol (if available)
29SetOptionsHandler fffff8047e5e7090 bp pacer!PcFilterSetOptions
30SetFilterModuleOptionsHandler fffff8047e5e2750 bp pacer!PcFilterSetModuleOptions
31AttachHandler fffff8047e5e10c0 bp pacer!PcFilterAttach
32DetachHandler fffff8047e5e15c0 bp pacer!PcFilterDetach
33RestartHandler fffff8047e5f8010 bp pacer!PcFilterRestart
34PauseHandler fffff8047e5e2640 bp pacer!PcFilterPause
35SendNetBufferListsHandler [None]
36SendNetBufferListsCompleteHandler [None]
37CancelSendNetBufferListsHandler [None]
38ReceiveNetBufferListsHandler [None]
39ReturnNetBufferListsHandler [None]
40OidRequestHandler fffff8047e5e28e0 bp pacer!PcFilterRequest
41OidRequestCompleteHandler fffff8047e5e27f0 bp pacer!PcFilterRequestComplete
42DirectOidRequestHandler [None]
43DirectOidRequestCompleteHandler [None]
44SynchronousOidRequestHandler [None]
45SynchronousOidRequestCompleteHandler [None]
46CancelDirectOidRequestHandler [None]
47DevicePnPEventNotifyHandler fffff8047e5f9ac0 bp pacer!PcFilterPnPEventNotify
48NetPnPEventHandler fffff8047e5f8a30 bp pacer!PcFilterPnPEvent
49StatusHandler fffff8047e5e1010 bp pacer!PcFilterStatus
500: kd> !ndiskd.filterdriver ffffe1089c4a0250
51
52
53FILTER DRIVER
54
55Virtual WiFi Filter Driver
56
57Ndis handle ffffe1089c4a0250
58Driver context ffffe1089c49a8f0
59Ndis API version v6.50
60Driver version v1.0
61Driver object ffffe1089c49a8f0
62Driver image vwififlt.sys
63
64Bind flags Optional, Modifying
65Class Cannot find field '_p' in 'class wistd::unique_ptr >'
66References 1
67
68
69FILTER MODULES
70
71Filter module
72[No filter modules were found]
73
74
75HANDLERS
76
77Filter handler Function pointer Symbol (if available)
78SetOptionsHandler [None]
79SetFilterModuleOptionsHandler [None]
80AttachHandler fffff8047e5c2920 bp vwififlt!FilterAttach
81DetachHandler fffff8047e5c3630 bp vwififlt!FilterDetach
82RestartHandler fffff8047e5c5ff0 bp vwififlt!FilterRestart
83PauseHandler fffff8047e5c52c0 bp vwififlt!FilterPause
84SendNetBufferListsHandler fffff8047e5c64c0 bp vwififlt!FilterSendNetBufferLists
85SendNetBufferListsCompleteHandler fffff8047e5c6540 bp vwififlt!FilterSendNetBufferListsComplete
86CancelSendNetBufferListsHandler fffff8047e5c30d0 bp vwififlt!FilterCancelSendNetBufferLists
87ReceiveNetBufferListsHandler fffff8047e5c5af0 bp vwififlt!FilterReceiveNetBufferLists
88ReturnNetBufferListsHandler fffff8047e5c6270 bp vwififlt!FilterReturnNetBufferLists
89OidRequestHandler fffff8047e5c4990 bp vwififlt!FilterOidRequest
90OidRequestCompleteHandler fffff8047e5c4ea0 bp vwififlt!FilterOidRequestComplete
91DirectOidRequestHandler fffff8047e5c3930 bp vwififlt!FilterDirectOidRequest
92DirectOidRequestCompleteHandler fffff8047e5c3ca0 bp vwififlt!FilterDirectOidRequestComplete
93SynchronousOidRequestHandler [None]
94SynchronousOidRequestCompleteHandler [None]
95CancelDirectOidRequestHandler fffff8047e5c2f90 bp vwififlt!FilterCancelDirectOidRequest
96DevicePnPEventNotifyHandler fffff8047e5c3810 bp vwififlt!FilterDevicePnPEventNotify
97NetPnPEventHandler fffff8047e5c48e0 bp vwififlt!FilterNetPnPEvent
98StatusHandler fffff8047e5c7600 bp vwififlt!FilterStatus
990: kd> !ndiskd.filterdriver ffffe1089c26ead0
100
101
102FILTER DRIVER
103
104WFP vSwitch Layers LightWeight Filter
105
106Ndis handle ffffe1089c26ead0
107Driver context ffffe1089c2b5960
108Ndis API version v6.50
109Driver version v1.0
110Driver object ffffe1089c2b5960
111Driver image wfplwfs.sys
112
113Bind flags Optional, Modifying
114Class Cannot find field '_p' in 'class wistd::unique_ptr >'
115References 1
116
117
118FILTER MODULES
119
120Filter module
121[No filter modules were found]
122
123
124HANDLERS
125
126Filter handler Function pointer Symbol (if available)
127SetOptionsHandler [None]
128SetFilterModuleOptionsHandler fffff8047d2e3ed0 bp wfplwfs!LwfvSwitchSetFilterModuleOptions
129AttachHandler fffff8047d2e1f20 bp wfplwfs!LwfvSwitchAttach
130DetachHandler fffff8047d2e2630 bp wfplwfs!LwfvSwitchDetach
131RestartHandler fffff8047d2e3880 bp wfplwfs!LwfvSwitchRestart
132PauseHandler fffff8047d2d2370 bp wfplwfs!LwfLowerPause
133SendNetBufferListsHandler [None]
134SendNetBufferListsCompleteHandler [None]
135CancelSendNetBufferListsHandler [None]
136ReceiveNetBufferListsHandler [None]
137ReturnNetBufferListsHandler [None]
138OidRequestHandler fffff8047d2e30f0 bp wfplwfs!LwfvSwitchOidRequest
139OidRequestCompleteHandler fffff8047d2e3270 bp wfplwfs!LwfvSwitchOidRequestComplete
140DirectOidRequestHandler [None]
141DirectOidRequestCompleteHandler [None]
142SynchronousOidRequestHandler [None]
143SynchronousOidRequestCompleteHandler [None]
144CancelDirectOidRequestHandler [None]
145DevicePnPEventNotifyHandler [None]
146NetPnPEventHandler fffff8047d2e30a0 bp wfplwfs!LwfvSwitchNetPnPEvent
147StatusHandler fffff8047d2e4020 bp wfplwfs!LwfvSwitchStatusIndication
1480: kd> !ndiskd.filterdriver ffffe1089a87cd00
149
150
151FILTER DRIVER
152
153WFP Native MAC Layer LightWeight Filter
154
155Ndis handle ffffe1089a87cd00
156Driver context ffffe1089c2b5960
157Ndis API version v6.50
158Driver version v1.0
159Driver object ffffe1089c2b5960
160Driver image wfplwfs.sys
161
162Bind flags Mandatory, Modifying, UnbindOnAttach
163Class Cannot find field '_p' in 'class wistd::unique_ptr >'
164References 2
165
166
167FILTER MODULES
168
169Filter module
170ffffe1089c9d37a0 - Intel(R) 82574L Gigabit Network Connection-WFP Native MAC Layer LightWeight Filter-0000
171
172
173HANDLERS
174
175Filter handler Function pointer Symbol (if available)
176SetOptionsHandler [None]
177SetFilterModuleOptionsHandler fffff8047d2d21b0 bp wfplwfs!LwfLowerSetFilterModuleOptions
178AttachHandler fffff8047d2d1ae0 bp wfplwfs!LwfLowerAttach
179DetachHandler fffff8047d2d1fc0 bp wfplwfs!LwfLowerDetach
180RestartHandler fffff8047d2d2320 bp wfplwfs!LwfLowerRestart
181PauseHandler fffff8047d2d2370 bp wfplwfs!LwfLowerPause
182SendNetBufferListsHandler fffff8047d2d1010 bp wfplwfs!LwfLowerSendNetBufferLists
183SendNetBufferListsCompleteHandler fffff8047d2d1710 bp wfplwfs!LwfLowerSendNetBufferListsComplete
184CancelSendNetBufferListsHandler [None]
185ReceiveNetBufferListsHandler fffff8047d2d1190 bp wfplwfs!LwfLowerRecvNetBufferLists
186ReturnNetBufferListsHandler fffff8047d2d15f0 bp wfplwfs!LwfLowerReturnNetBufferLists
187OidRequestHandler fffff8047d2d1990 bp wfplwfs!LwfLowerOidRequest
188OidRequestCompleteHandler fffff8047d2d1830 bp wfplwfs!LwfLowerOidRequestComplete
189DirectOidRequestHandler [None]
190DirectOidRequestCompleteHandler [None]
191SynchronousOidRequestHandler [None]
192SynchronousOidRequestCompleteHandler [None]
193CancelDirectOidRequestHandler [None]
194DevicePnPEventNotifyHandler [None]
195NetPnPEventHandler [None]
196StatusHandler fffff8047d2d22f0 bp wfplwfs!LwfLowerStatusIndication
1970: kd> !ndiskd.filterdriver ffffe1089a87dd00
198
199
200FILTER DRIVER
201
202WFP 802.3 MAC Layer LightWeight Filter
203
204Ndis handle ffffe1089a87dd00
205Driver context ffffe1089c2b5960
206Ndis API version v6.50
207Driver version v1.0
208Driver object ffffe1089c2b5960
209Driver image wfplwfs.sys
210
211Bind flags Mandatory, Modifying, UnbindOnAttach
212Class Cannot find field '_p' in 'class wistd::unique_ptr >'
213References 2
214
215
216FILTER MODULES
217
218Filter module
219ffffe1089c9df010 - Intel(R) 82574L Gigabit Network Connection-WFP 802.3 MAC Layer LightWeight Filter-0000
220
221
222HANDLERS
223
224Filter handler Function pointer Symbol (if available)
225SetOptionsHandler [None]
226SetFilterModuleOptionsHandler fffff8047d2d2250 bp wfplwfs!LwfUpperSetFilterModuleOptions
227AttachHandler fffff8047d2d1cc0 bp wfplwfs!LwfUpperAttach
228DetachHandler fffff8047d2d20d0 bp wfplwfs!LwfUpperDetach
229RestartHandler fffff8047d2d23f0 bp wfplwfs!LwfUpperRestart
230PauseHandler fffff8047d2d2370 bp wfplwfs!LwfLowerPause
231SendNetBufferListsHandler [None]
232SendNetBufferListsCompleteHandler [None]
233CancelSendNetBufferListsHandler [None]
234ReceiveNetBufferListsHandler [None]
235ReturnNetBufferListsHandler [None]
236OidRequestHandler [None]
237OidRequestCompleteHandler [None]
238DirectOidRequestHandler [None]
239DirectOidRequestCompleteHandler [None]
240SynchronousOidRequestHandler [None]
241SynchronousOidRequestCompleteHandler [None]
242CancelDirectOidRequestHandler [None]
243DevicePnPEventNotifyHandler [None]
244NetPnPEventHandler [None]
245StatusHandler fffff8047d2d22f0 bp wfplwfs!LwfLowerStatusIndication
本工程的目的是以编程的方式实现!ndiskd.filter及!ndiskd.filterdriver的输出给用户。
1#include "MiniDriver.h"
2
3
4PKSPIN_LOCK ndisMiniDriverListLock;//ndis.sys定义的是结构,这里定义的是指针。测试时,可赋予x ndis!ndisMiniDriverListLock的值。
5PNDIS_M_DRIVER_BLOCK ndisMiniDriverList;//测试的时候可以赋予dq ndis!ndisMiniDriverList L1的值。
6
7
8void DumpOneMiniDriverInfo(PNDIS_M_DRIVER_BLOCK MiniDriver)
9/*
10
11这里只打印MiniportDriverCharacteristics的信息,因为这个是用户传递过来的。
12别的信息,除非特别需要,可考虑添加过来,如:根据DriverObject/ServiceRegPath获取一些信息(ImageName)。
13*/
14{
15Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "NdisVersion:%d:%d", MiniDriver->MiniportDriverCharacteristics.MajorNdisVersion, MiniDriver->MiniportDriverCharacteristics.MinorNdisVersion);
16Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "DriverVersion:%d:%d", MiniDriver->MiniportDriverCharacteristics.MajorDriverVersion, MiniDriver->MiniportDriverCharacteristics.MinorDriverVersion);
17Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "Flags:%d", MiniDriver->MiniportDriverCharacteristics.Flags);
18
19Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "SetOptionsHandler:%p", MiniDriver->MiniportDriverCharacteristics.SetOptionsHandler);
20Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "InitializeHandlerEx:%p", MiniDriver->MiniportDriverCharacteristics.InitializeHandlerEx);
21Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "HaltHandlerEx:%p", MiniDriver->MiniportDriverCharacteristics.HaltHandlerEx);
22Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "UnloadHandler:%p", MiniDriver->MiniportDriverCharacteristics.UnloadHandler);
23Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "PauseHandler:%p", MiniDriver->MiniportDriverCharacteristics.PauseHandler);
24Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "RestartHandler:%p", MiniDriver->MiniportDriverCharacteristics.RestartHandler);
25Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "OidRequestHandler:%p", MiniDriver->MiniportDriverCharacteristics.OidRequestHandler);
26Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "SendNetBufferListsHandler:%p", MiniDriver->MiniportDriverCharacteristics.SendNetBufferListsHandler);
27Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "ReturnNetBufferListsHandler:%p", MiniDriver->MiniportDriverCharacteristics.ReturnNetBufferListsHandler);
28Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "CancelSendHandler:%p", MiniDriver->MiniportDriverCharacteristics.CancelSendHandler);
29Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "CheckForHangHandlerEx:%p", MiniDriver->MiniportDriverCharacteristics.CheckForHangHandlerEx);
30Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "ResetHandlerEx:%p", MiniDriver->MiniportDriverCharacteristics.ResetHandlerEx);
31Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "DevicePnPEventNotifyHandler:%p", MiniDriver->MiniportDriverCharacteristics.DevicePnPEventNotifyHandler);
32Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "ShutdownHandlerEx:%p", MiniDriver->MiniportDriverCharacteristics.ShutdownHandlerEx);
33Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "CancelOidRequestHandler:%p", MiniDriver->MiniportDriverCharacteristics.CancelOidRequestHandler);
34
35//#if (NDIS_SUPPORT_NDIS61)
36if (MiniDriver->MiniportDriverCharacteristics.Header.Size > 0x088) {//也可以考虑根据版本(MajorNdisVersion + MinorNdisVersion)判别。
37 Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "DirectOidRequestHandler:%p", MiniDriver->MiniportDriverCharacteristics.DirectOidRequestHandler);
38 Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "CancelDirectOidRequestHandler:%p", MiniDriver->MiniportDriverCharacteristics.CancelDirectOidRequestHandler);
39}
40//#endif // (NDIS_SUPPORT_NDIS61)
41
42//#if (NDIS_SUPPORT_NDIS680)
43if (MiniDriver->MiniportDriverCharacteristics.Header.Size > 0x098) {//也可以考虑根据版本(MajorNdisVersion + MinorNdisVersion)判别。
44 Print(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "SynchronousOidRequestHandler:%p", MiniDriver->MiniportDriverCharacteristics.SynchronousOidRequestHandler);
45}
46//#endif // (NDIS_SUPPORT_NDIS680)
47
48DbgPrintEx(DPFLTR_DEFAULT_ID, DPFLTR_INFO_LEVEL, "rn");
49}
50
51
52void DumpMiniDriverInfo()
53{
54if (!ndisMiniDriverListLock || !ndisMiniDriverList) {
55 return;
56}
57
58KIRQL Irql = KeAcquireSpinLockRaiseToDpc(ndisMiniDriverListLock);
59for (PNDIS_M_DRIVER_BLOCK Tmp = ndisMiniDriverList; Tmp; Tmp = Tmp->NextDriver) {
60 DumpOneMiniDriverInfo(Tmp);
61}
62KeReleaseSpinLock(ndisMiniDriverListLock, Irql);
63}
测试效果
11: kd> g
2FILE:FilterDriver.cpp, LINE:10, FriendlyName:QoS Packet Scheduler.
3FILE:FilterDriver.cpp, LINE:11, UniqueName:{B5F4D659-7DAA-4565-8E41-BE220ED60542}.
4FILE:FilterDriver.cpp, LINE:12, ServiceName:Psched.
5FILE:FilterDriver.cpp, LINE:14, NdisVersion:6:30.
6FILE:FilterDriver.cpp, LINE:15, DriverVersion:1:0.
7FILE:FilterDriver.cpp, LINE:16, Flags:0.
8FILE:FilterDriver.cpp, LINE:18, SetOptionsHandler:FFFFF8047E5E7090.
9FILE:FilterDriver.cpp, LINE:19, SetFilterModuleOptionsHandler:FFFFF8047E5E2750.
10FILE:FilterDriver.cpp, LINE:20, AttachHandler:FFFFF8047E5E10C0.
11FILE:FilterDriver.cpp, LINE:21, DetachHandler:FFFFF8047E5E15C0.
12FILE:FilterDriver.cpp, LINE:22, RestartHandler:FFFFF8047E5F8010.
13FILE:FilterDriver.cpp, LINE:23, PauseHandler:FFFFF8047E5E2640.
14FILE:FilterDriver.cpp, LINE:24, SendNetBufferListsHandler:0000000000000000.
15FILE:FilterDriver.cpp, LINE:25, SendNetBufferListsCompleteHandler:0000000000000000.
16FILE:FilterDriver.cpp, LINE:26, CancelSendNetBufferListsHandler:0000000000000000.
17FILE:FilterDriver.cpp, LINE:27, ReceiveNetBufferListsHandler:0000000000000000.
18FILE:FilterDriver.cpp, LINE:28, ReturnNetBufferListsHandler:0000000000000000.
19FILE:FilterDriver.cpp, LINE:29, OidRequestHandler:FFFFF8047E5E28E0.
20FILE:FilterDriver.cpp, LINE:30, OidRequestCompleteHandler:FFFFF8047E5E27F0.
21FILE:FilterDriver.cpp, LINE:31, CancelOidRequestHandler:0000000000000000.
22FILE:FilterDriver.cpp, LINE:32, DevicePnPEventNotifyHandler:FFFFF8047E5F9AC0.
23FILE:FilterDriver.cpp, LINE:33, NetPnPEventHandler:FFFFF8047E5F8A30.
24FILE:FilterDriver.cpp, LINE:34, StatusHandler:FFFFF8047E5E1010.
25FILE:FilterDriver.cpp, LINE:38, DirectOidRequestHandler:0000000000000000.
26FILE:FilterDriver.cpp, LINE:39, DirectOidRequestCompleteHandler:0000000000000000.
27FILE:FilterDriver.cpp, LINE:40, CancelDirectOidRequestHandler:0000000000000000.
28
29FILE:FilterDriver.cpp, LINE:10, FriendlyName:Virtual WiFi Filter Driver.
30FILE:FilterDriver.cpp, LINE:11, UniqueName:{5CBF81BF-5055-47CD-9055-A76B2B4E3698}.
31FILE:FilterDriver.cpp, LINE:12, ServiceName:vwififlt.
32FILE:FilterDriver.cpp, LINE:14, NdisVersion:6:50.
33FILE:FilterDriver.cpp, LINE:15, DriverVersion:1:0.
34FILE:FilterDriver.cpp, LINE:16, Flags:2.
35FILE:FilterDriver.cpp, LINE:18, SetOptionsHandler:0000000000000000.
36FILE:FilterDriver.cpp, LINE:19, SetFilterModuleOptionsHandler:0000000000000000.
37FILE:FilterDriver.cpp, LINE:20, AttachHandler:FFFFF8047E5C2920.
38FILE:FilterDriver.cpp, LINE:21, DetachHandler:FFFFF8047E5C3630.
39FILE:FilterDriver.cpp, LINE:22, RestartHandler:FFFFF8047E5C5FF0.
40FILE:FilterDriver.cpp, LINE:23, PauseHandler:FFFFF8047E5C52C0.
41FILE:FilterDriver.cpp, LINE:24, SendNetBufferListsHandler:FFFFF8047E5C64C0.
42FILE:FilterDriver.cpp, LINE:25, SendNetBufferListsCompleteHandler:FFFFF8047E5C6540.
43FILE:FilterDriver.cpp, LINE:26, CancelSendNetBufferListsHandler:FFFFF8047E5C30D0.
44FILE:FilterDriver.cpp, LINE:27, ReceiveNetBufferListsHandler:FFFFF8047E5C5AF0.
45FILE:FilterDriver.cpp, LINE:28, ReturnNetBufferListsHandler:FFFFF8047E5C6270.
46FILE:FilterDriver.cpp, LINE:29, OidRequestHandler:FFFFF8047E5C4990.
47FILE:FilterDriver.cpp, LINE:30, OidRequestCompleteHandler:FFFFF8047E5C4EA0.
48FILE:FilterDriver.cpp, LINE:31, CancelOidRequestHandler:FFFFF8047E5C3030.
49FILE:FilterDriver.cpp, LINE:32, DevicePnPEventNotifyHandler:FFFFF8047E5C3810.
50FILE:FilterDriver.cpp, LINE:33, NetPnPEventHandler:FFFFF8047E5C48E0.
51FILE:FilterDriver.cpp, LINE:34, StatusHandler:FFFFF8047E5C7600.
52FILE:FilterDriver.cpp, LINE:38, DirectOidRequestHandler:FFFFF8047E5C3930.
53FILE:FilterDriver.cpp, LINE:39, DirectOidRequestCompleteHandler:FFFFF8047E5C3CA0.
54FILE:FilterDriver.cpp, LINE:40, CancelDirectOidRequestHandler:FFFFF8047E5C2F90.
55
56FILE:FilterDriver.cpp, LINE:10, FriendlyName:WFP vSwitch Layers LightWeight Filter.
57FILE:FilterDriver.cpp, LINE:11, UniqueName:{E7C3B2F0-F3C5-48DF-AF2B-10FED6D72E7A}.
58FILE:FilterDriver.cpp, LINE:12, ServiceName:wfplwfs.
59FILE:FilterDriver.cpp, LINE:14, NdisVersion:6:50.
60FILE:FilterDriver.cpp, LINE:15, DriverVersion:1:0.
61FILE:FilterDriver.cpp, LINE:16, Flags:0.
62FILE:FilterDriver.cpp, LINE:18, SetOptionsHandler:0000000000000000.
63FILE:FilterDriver.cpp, LINE:19, SetFilterModuleOptionsHandler:FFFFF8047D2E3ED0.
64FILE:FilterDriver.cpp, LINE:20, AttachHandler:FFFFF8047D2E1F20.
65FILE:FilterDriver.cpp, LINE:21, DetachHandler:FFFFF8047D2E2630.
66FILE:FilterDriver.cpp, LINE:22, RestartHandler:FFFFF8047D2E3880.
67FILE:FilterDriver.cpp, LINE:23, PauseHandler:FFFFF8047D2D2370.
68FILE:FilterDriver.cpp, LINE:24, SendNetBufferListsHandler:0000000000000000.
69FILE:FilterDriver.cpp, LINE:25, SendNetBufferListsCompleteHandler:0000000000000000.
70FILE:FilterDriver.cpp, LINE:26, CancelSendNetBufferListsHandler:0000000000000000.
71FILE:FilterDriver.cpp, LINE:27, ReceiveNetBufferListsHandler:0000000000000000.
72FILE:FilterDriver.cpp, LINE:28, ReturnNetBufferListsHandler:0000000000000000.
73FILE:FilterDriver.cpp, LINE:29, OidRequestHandler:FFFFF8047D2E30F0.
74FILE:FilterDriver.cpp, LINE:30, OidRequestCompleteHandler:FFFFF8047D2E3270.
75FILE:FilterDriver.cpp, LINE:31, CancelOidRequestHandler:FFFFF8047D2D5CB0.
76FILE:FilterDriver.cpp, LINE:32, DevicePnPEventNotifyHandler:0000000000000000.
77FILE:FilterDriver.cpp, LINE:33, NetPnPEventHandler:FFFFF8047D2E30A0.
78FILE:FilterDriver.cpp, LINE:34, StatusHandler:FFFFF8047D2E4020.
79FILE:FilterDriver.cpp, LINE:38, DirectOidRequestHandler:0000000000000000.
80FILE:FilterDriver.cpp, LINE:39, DirectOidRequestCompleteHandler:0000000000000000.
81FILE:FilterDriver.cpp, LINE:40, CancelDirectOidRequestHandler:0000000000000000.
82
83FILE:FilterDriver.cpp, LINE:10, FriendlyName:WFP Native MAC Layer LightWeight Filter.
84FILE:FilterDriver.cpp, LINE:11, UniqueName:{3BFD7820-D65C-4C1B-9FEA-983A019639EA}.
85FILE:FilterDriver.cpp, LINE:12, ServiceName:wfplwfs.
86FILE:FilterDriver.cpp, LINE:14, NdisVersion:6:50.
87FILE:FilterDriver.cpp, LINE:15, DriverVersion:1:0.
88FILE:FilterDriver.cpp, LINE:16, Flags:2.
89FILE:FilterDriver.cpp, LINE:18, SetOptionsHandler:0000000000000000.
90FILE:FilterDriver.cpp, LINE:19, SetFilterModuleOptionsHandler:FFFFF8047D2D21B0.
91FILE:FilterDriver.cpp, LINE:20, AttachHandler:FFFFF8047D2D1AE0.
92FILE:FilterDriver.cpp, LINE:21, DetachHandler:FFFFF8047D2D1FC0.
93FILE:FilterDriver.cpp, LINE:22, RestartHandler:FFFFF8047D2D2320.
94FILE:FilterDriver.cpp, LINE:23, PauseHandler:FFFFF8047D2D2370.
95FILE:FilterDriver.cpp, LINE:24, SendNetBufferListsHandler:FFFFF8047D2D1010.
96FILE:FilterDriver.cpp, LINE:25, SendNetBufferListsCompleteHandler:FFFFF8047D2D1710.
97FILE:FilterDriver.cpp, LINE:26, CancelSendNetBufferListsHandler:0000000000000000.
98FILE:FilterDriver.cpp, LINE:27, ReceiveNetBufferListsHandler:FFFFF8047D2D1190.
99FILE:FilterDriver.cpp, LINE:28, ReturnNetBufferListsHandler:FFFFF8047D2D15F0.
100FILE:FilterDriver.cpp, LINE:29, OidRequestHandler:FFFFF8047D2D1990.
101FILE:FilterDriver.cpp, LINE:30, OidRequestCompleteHandler:FFFFF8047D2D1830.
102FILE:FilterDriver.cpp, LINE:31, CancelOidRequestHandler:FFFFF8047D2D5CB0.
103FILE:FilterDriver.cpp, LINE:32, DevicePnPEventNotifyHandler:0000000000000000.
104FILE:FilterDriver.cpp, LINE:33, NetPnPEventHandler:0000000000000000.
105FILE:FilterDriver.cpp, LINE:34, StatusHandler:FFFFF8047D2D22F0.
106FILE:FilterDriver.cpp, LINE:38, DirectOidRequestHandler:0000000000000000.
107FILE:FilterDriver.cpp, LINE:39, DirectOidRequestCompleteHandler:0000000000000000.
108FILE:FilterDriver.cpp, LINE:40, CancelDirectOidRequestHandler:0000000000000000.
109
110FILE:FilterDriver.cpp, LINE:10, FriendlyName:WFP 802.3 MAC Layer LightWeight Filter.
111FILE:FilterDriver.cpp, LINE:11, UniqueName:{B70D6460-3635-4D42-B866-B8AB1A24454C}.
112FILE:FilterDriver.cpp, LINE:12, ServiceName:wfplwfs.
113FILE:FilterDriver.cpp, LINE:14, NdisVersion:6:50.
114FILE:FilterDriver.cpp, LINE:15, DriverVersion:1:0.
115FILE:FilterDriver.cpp, LINE:16, Flags:2.
116FILE:FilterDriver.cpp, LINE:18, SetOptionsHandler:0000000000000000.
117FILE:FilterDriver.cpp, LINE:19, SetFilterModuleOptionsHandler:FFFFF8047D2D2250.
118FILE:FilterDriver.cpp, LINE:20, AttachHandler:FFFFF8047D2D1CC0.
119FILE:FilterDriver.cpp, LINE:21, DetachHandler:FFFFF8047D2D20D0.
120FILE:FilterDriver.cpp, LINE:22, RestartHandler:FFFFF8047D2D23F0.
121FILE:FilterDriver.cpp, LINE:23, PauseHandler:FFFFF8047D2D2370.
122FILE:FilterDriver.cpp, LINE:24, SendNetBufferListsHandler:0000000000000000.
123FILE:FilterDriver.cpp, LINE:25, SendNetBufferListsCompleteHandler:0000000000000000.
124FILE:FilterDriver.cpp, LINE:26, CancelSendNetBufferListsHandler:0000000000000000.
125FILE:FilterDriver.cpp, LINE:27, ReceiveNetBufferListsHandler:0000000000000000.
126FILE:FilterDriver.cpp, LINE:28, ReturnNetBufferListsHandler:0000000000000000.
127FILE:FilterDriver.cpp, LINE:29, OidRequestHandler:0000000000000000.
128FILE:FilterDriver.cpp, LINE:30, OidRequestCompleteHandler:0000000000000000.
129FILE:FilterDriver.cpp, LINE:31, CancelOidRequestHandler:0000000000000000.
130FILE:FilterDriver.cpp, LINE:32, DevicePnPEventNotifyHandler:0000000000000000.
131FILE:FilterDriver.cpp, LINE:33, NetPnPEventHandler:0000000000000000.
132FILE:FilterDriver.cpp, LINE:34, StatusHandler:FFFFF8047D2D22F0.
133FILE:FilterDriver.cpp, LINE:38, DirectOidRequestHandler:0000000000000000.
134FILE:FilterDriver.cpp, LINE:39, DirectOidRequestCompleteHandler:0000000000000000.
135FILE:FilterDriver.cpp, LINE:40, CancelDirectOidRequestHandler:0000000000000000.
作者信息
made by correy
made at 2024-01-09
https://github.com/kouzhudong
https://github.com/kouzhudong/AntiHook (一个验证和实现本文章的小工具)
版权声明:著作权归作者所有。如有侵权请联系删除
网络安全基础班、实战班线上全面开启,学网络安全技术、升职加薪……有兴趣的可以加入网安大家庭,一起学习、一起成长,考证书求职加分、升级加薪,有兴趣的可以咨询客服小姐姐哦!
加QQ(1005989737)找小姐姐私聊哦
免责声明:文章中涉及的程序(方法)可能带有攻击性,仅供安全研究与教学之用,读者将其信息做其他用途,由读者承担全部法律及连带责任,本站不承担任何法律及连带责任;如有问题可邮件联系(建议使用企业邮箱或有效邮箱,避免邮件被拦截,联系方式见首页),望知悉。
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论