From: Gopikrishna [gkrishna@cswl.com] Sent: Friday, April 14, 2000 6:47 AM To: NT Developers Interest List Subject: [ntdev] Filter driver on TCP/IP driver I am new to writing Drivers. I have wriiten a hook driver over TCP/IP driver. In my hook driver I am dispatching all the IRP's to the TCP/IP driver through IOCallDriver method ( I felt, after successfully dispatching all the IRP's, I can add fuctionality to my filter driver). I am successfully able to attach to "\Device\Tcp". But after that My system is crashing. I am attaching the code below. Please tell me if I am missing anything. Regards, Gopikrishna. #include // various NT definitions #include #include #include "TCPEncryptor.h" // pointer to the lower TCP/IP device PDEVICE_OBJECT TCPIPDevice; // pointer to the local filter device PDEVICE_OBJECT TCPIPFilterDevice; PDEVICE_OBJECT ThisDevice; NTSTATUS DriverEntry( IN OUT PDRIVER_OBJECT DriverObject, IN PUNICODE_STRING RegistryPath ) { NTSTATUS ntStatus; KdPrint(("TCPIP Driver entry Filter Level Drv\n")); DriverObject->MajorFunction [IRP_MJ_CREATE] = DriverObject->MajorFunction [IRP_MJ_CLOSE] = DriverObject->MajorFunction [IRP_MJ_CLEANUP] = DriverObject->MajorFunction [IRP_MJ_INTERNAL_DEVICE_CONTROL] = DriverObject->MajorFunction [IRP_MJ_DEVICE_CONTROL] = DrvDispatchGeneral; DriverObject->DriverUnload = DrvUnloadDriver; ntStatus = DrvInitialize(DriverObject); if ( !NT_SUCCESS( ntStatus ) ) { KdPrint(("TCPIP Encrption Driver: DrvInitailize failed")); return ntStatus; } return ntStatus; } NTSTATUS DrvInitialize( IN PDRIVER_OBJECT DriverObject ) { UNICODE_STRING ntUnicodeString; UNICODE_STRING Win32NameString; NTSTATUS ntStatus; RtlInitUnicodeString( &ntUnicodeString, NT_DEVICE_NAME ); ntStatus = IoCreateDevice( DriverObject, // Our Driver Object 0, // We don't use a device extension &ntUnicodeString, // Device name FILE_DEVICE_UNKNOWN, // Device type 0, // Device characteristics FALSE, // Not an exclusive device &ThisDevice ); // Returned ptr to Device Object if ( !NT_SUCCESS( ntStatus ) ) { KdPrint(("TCPIP Encrption Driver:: Couldn't create the device object\n")); goto InitializeExit; } // // Allocate and initialize a Unicode String containing the Win32 name // for our device. // RtlInitUnicodeString( &Win32NameString, DOS_DEVICE_NAME ); ntStatus = IoCreateSymbolicLink( &Win32NameString, &ntUnicodeString ); if(!NT_SUCCESS(ntStatus)){ goto InitializeExit; } ntStatus=DrvFilterInit(DriverObject); if(!NT_SUCCESS(ntStatus)){ IoDeleteDevice (ThisDevice); IoDeleteSymbolicLink(&Win32NameString); return ntStatus; } InitializeExit: if ( !NT_SUCCESS( ntStatus ) ) { // // Delete everything that this routine has allocated. // if ( ThisDevice != NULL ) { IoDeleteDevice( ThisDevice); } } return ntStatus; } NTSTATUS DrvClose( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) { KdPrint(("TCPIP Encrption Driver:: Close irp")); Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = 0; IoCompleteRequest( Irp, IO_NO_INCREMENT ); return STATUS_SUCCESS; } NTSTATUS DrvDispatchGeneral( IN PDEVICE_OBJECT DeviceObject, IN PIRP Irp ) { NTSTATUS ntstatus; PIO_STACK_LOCATION currentIrpStack = IoGetCurrentIrpStackLocation(Irp); PIO_STACK_LOCATION nextIrpStack = IoGetNextIrpStackLocation(Irp); KdPrint(("TCPIP Encryption Driver: DrvDispatch General CHECKING MAJOR FUNCTION CODE !\n")); // // Default to success. // KdPrint(("TCPIP Encryption Driver: DrvDispatch General!\n")); if( DeviceObject == TCPIPFilterDevice) { // // It's for Ltf // KdPrint(("TCPIP Encrypter Driver: Calling Lower driver!\n")); *nextIrpStack = *currentIrpStack; IoCallDriver( TCPIPDevice, Irp ); ntstatus= IoCallDriver( TCPIPDevice, Irp ); if (ntstatus== STATUS_SUCCESS ){ KdPrint(("TCPIP Encrypter Driver: Returned from Lower driver Successfully!\n")); return ntstatus; } else { KdPrint(("TCPIP Encrypter Driver: Return from Lower driver failed!\n")); return ntstatus; } } else { // // Nothing to do here, so just.. // KdPrint(("TCPIP Encryption Driver: Doing Noting in dispatch!\n")); Irp->IoStatus.Status = STATUS_SUCCESS; Irp->IoStatus.Information = 0; return STATUS_SUCCESS; } } NTSTATUS DrvFilterInit( IN PDRIVER_OBJECT DriverObject ) /*++ Routine Description: Create a device object and attaches it to the first Ltf device Arguments: DeviceObject - pointer to a device object. Return Value: NT Status code --*/ { UNICODE_STRING ntUnicodeString; NTSTATUS ntStatus; PDEVICE_OBJECT DeviceObject = NULL; // // Only hook onto the first Ltf chain. BUGBUG // RtlInitUnicodeString( &ntUnicodeString, L"\\Device\\Tcp"); // // Create device object for the Ltf // ntStatus = IoCreateDevice( DriverObject, 0, NULL, FILE_DEVICE_UNKNOWN, 0, FALSE, &TCPIPFilterDevice); if( !NT_SUCCESS(ntStatus) ) { KdPrint(("TCPIP Encrption Driver: failed to create filter device for TCPIP!\n")); return ntStatus; } // // Attach to the Ltf chain. // ntStatus = IoAttachDevice( TCPIPFilterDevice, &ntUnicodeString, &TCPIPDevice ); if( !NT_SUCCESS(ntStatus) ) { KdPrint(("TCPIP Encryption driver: Connect with TCPIP failed!\n")); IoDeleteDevice( TCPIPFilterDevice ); return ntStatus; } return STATUS_SUCCESS; } VOID DrvUnloadDriver( IN PDRIVER_OBJECT DriverObject ) { UNICODE_STRING uniWin32NameString; KdPrint(("TopLevel Driver : Unload driver\n")); RtlInitUnicodeString( &uniWin32NameString, DOS_DEVICE_NAME ); // // Delete the link from our device name to a name in the Win32 namespace. // IoDetachDevice(TCPIPDevice); IoDeleteDevice(TCPIPFilterDevice); IoDeleteSymbolicLink( &uniWin32NameString ); IoDeleteDevice( ThisDevice); // // Create counted string version of our Win32 device name. // }