ndis hook开发日志(2)-获取网卡信息 - Kevins的天空 http://rootsec.tk - CSDNBlog
来源:互联网 发布:sql server count big 编辑:程序博客网 时间:2024/06/06 01:27
导读:
本文转自
http://blog.csdn.net/iiprogram/archive/2006/04/26/677562.aspx
搞了半天,唉,还是读注册表获取网卡信息比较好,还有一个方式我也贴下面,关键是我还没弄明白
下面是我的代码:
PUNICODE_STRING uAdapName = Adapter->MyOpenBlock->RootDeviceName;PWCHAR p = RVATOVA(uAdapName->Buffer, uAdapName->Length << 1);UNICODE_STRING uName;OBJECT_ATTRIBUTES obj;HANDLE KeyHandle;if (Adapter->Type != NdisMedium802_3) return;while (*(p-1) != '//') p--;DbgPrint("Adap %ws %ws", p, Adapter->MyOpenBlock->BindDeviceName->Buffer);swprintf(Name, L"//registry//machine//system//CurrentControlSet//Services//Tcpip//Par ameters//Interfaces//%ws", p);RtlInitUnicodeString(&uName, Name);InitializeObjectAttributes( &obj, &uName, OBJ_CASE_INSENSITIVE | OBJ_KERNEL_HANDLE, NULL, NULL);status = ZwOpenKey(&KeyHandle, KEY_ALL_ACCESS, &obj);if (NT_SUCCESS(status)){Adapter->IpAddress = ReadIpAddress(KeyHandle, L"IPAddress");if (!Adapter->IpAddress){Adapter->IpAddress = ReadIpAddress(KeyHandle, L"DhcpIPAddress");DbgPrint("Get dhcp ip");}Adapter->SubnetMask = ReadIpAddress(KeyHandle, L"SubnetMask");if (!Adapter->SubnetMask){Adapter->SubnetMask = ReadIpAddress(KeyHandle, L"DhcpSubnetMask");}Adapter->Gateway = ReadIpAddress(KeyHandle, L"DefaultGateway");ZwClose(KeyHandle);}ULONG ReadIpAddress( IN HANDLE KeyHandle,IN PWCHAR ValName){UNICODE_STRING uName;WCHAR Name[MAX_PATH];PKEY_VALUE_PARTIAL_INFORMATION Info = (void*)&Name;CHAR aName[MAX_PATH];ULONG ResLen;RtlInitUnicodeString(&uName, ValName);ZwQueryValueKey( KeyHandle, &uName, KeyValuePartialInformation, Info, sizeof(Name), &ResLen );wcstombs(aName, (PWCHAR)&Info->Data, -1);return inet_addr(aName);}u32_t inet_addr(const char *cp){ u32_t address; u32_t shift; u32_t sym; address = 0; shift = 0; while (*cp) { sym = 0; while ((*cp != '.') && (*cp != '/0')) { if ((*cp < '0') || (*cp > '9')) return 0; sym = sym*10 + (u32_t)(*cp - '0'); ++cp; } address += sym << shift; shift += 8; if (*cp++ == '/0') break; } return address;}来看看packet.sys是如何获取的:
typedef struct _OPEN_INSTANCE {PDEVICE_OBJECT DeviceObject;
ULONG IrpCount;
NDIS_STRING AdapterName;
NDIS_STRING SymbolicLink;
NDIS_HANDLE AdapterHandle;
NDIS_HANDLE PacketPool;
KSPIN_LOCK RcvQSpinLock;
LIST_ENTRY RcvList;
NDIS_MEDIUM Medium;
KSPIN_LOCK ResetQueueLock;
LIST_ENTRY ResetIrpList;
NDIS_STATUS Status;
NDIS_EVENT Event;
NDIS_EVENT CleanupEvent;
//
// List entry to link to the other deviceobjects.
//
LIST_ENTRY AdapterListEntry;
BOOLEAN Bound; // Set to TRUE when OpenAdapter is complete
// Set to FALSE when CloseAdpater is complete
CHAR Filler[3];
} OPEN_INSTANCE, *POPEN_INSTANCE;
NTSTATUS
PacketGetAdapterList(
IN PVOID Buffer,
IN ULONG Length,
IN OUT PULONG DataLength
)
/*++
Routine Description:
This routine walks the adapter list and gets the symbolic
link and NIC description and fills it in the Buffer.
The format of the information is given below.
Arguments:
Return Value:
--*/
{
ULONG requiredLength = 0, numOfAdapters = 0;
KIRQL oldIrql;
PLIST_ENTRY thisEntry, listHead;
POPEN_INSTANCE open;
DebugPrint(("Enter PacketGetAdapterList/n"));KeAcquireSpinLock(&Globals.GlobalLock, &oldIrql);
//
// Walks the list to find out total space required for AdapterName
// and Symbolic Link.
//
listHead = &Globals.AdapterList;
for(thisEntry = listHead->Flink;
thisEntry != listHead;
thisEntry = thisEntry->Flink)
{
open = CONTAINING_RECORD(thisEntry, OPEN_INSTANCE, AdapterListEntry);
requiredLength += open->AdapterName.Length + sizeof(UNICODE_NULL);
requiredLength += open->SymbolicLink.Length + sizeof(UNICODE_NULL);
numOfAdapters++;
}
//
// We will return the data in the following format:
// numOfAdapters + One_Or_More("AdapterName/0" + "SymbolicLink/0") + UNICODE_NULL
// So let's include the numOfAdapters and UNICODE_NULL size
// to the total length.
//
requiredLength += sizeof(ULONG) + sizeof(UNICODE_NULL);
*DataLength = requiredLength;
if(requiredLength > Length) {
KeReleaseSpinLock(&Globals.GlobalLock, oldIrql);
return STATUS_BUFFER_TOO_SMALL;
}
*(PULONG)Buffer = numOfAdapters;
(PCHAR)Buffer += sizeof(ULONG);
//
// Copy the name and symbolic link of each adapter.
//
for(thisEntry = listHead->Flink;
thisEntry != listHead;
thisEntry = thisEntry->Flink)
{
open = CONTAINING_RECORD(thisEntry, OPEN_INSTANCE, AdapterListEntry);
RtlCopyMemory(Buffer, open->AdapterName.Buffer,
open->AdapterName.Length+sizeof(WCHAR));
(PCHAR)Buffer += open->AdapterName.Length+sizeof(WCHAR);
RtlCopyMemory(Buffer, open->SymbolicLink.Buffer,
open->SymbolicLink.Length+sizeof(WCHAR));
(PCHAR)Buffer += open->SymbolicLink.Length+sizeof(WCHAR);
}
*(PWCHAR)Buffer = UNICODE_NULL;
KeReleaseSpinLock(&Globals.GlobalLock, oldIrql);
return STATUS_SUCCESS;
}
本文转自
http://blog.csdn.net/iiprogram/archive/2006/04/26/677562.aspx
- ndis hook开发日志(2)-获取网卡信息 - Kevins的天空 http://rootsec.tk - CSDNBlog
- ndis hook开发日志(2)-获取网卡信息
- NDIS HOOK开发简单日志(3)-ndis版本
- 破解还原卡的方法总结!! - Kevins的天空 - CSDNBlog
- NDIS HOOK开发简单日志
- NDIS HOOK开发小记
- NDIS Hook的框架代码
- NDIS Hook的框架代码
- NDIS开发[网络驱动开发] NDIS开发(2)
- NDIS开发[网络驱动开发] NDIS开发(2)
- NDIS HOOK及MINIPORT HOOK的实现
- 探索NDIS HOOK新的实现方法(2)
- 探索NDIS HOOK新的实现方法(2)
- 探索NDIS HOOK新的实现方法(2)
- 给csdn-blog开发组的建议(Kevins)
- 获取网卡的相关信息
- 获取网卡的相关信息
- 探索NDIS HOOK新的实现方法
- JSP内置对象request、page
- 有些事情,做了你会后悔吗?
- 搭建Android开发环境
- 求VC版本如何利用WMI获得磁盘信息 VC/MFC / 进程/线程/DLL - 社区 community.csdn.net
- java与数据库的连接实例
- ndis hook开发日志(2)-获取网卡信息 - Kevins的天空 http://rootsec.tk - CSDNBlog
- 大航海时代: 流行5掠夺篇
- VC知识库文章 - 不重起Windows直接更改IP地址
- 嵌入式的浏览器有第三种方案啦
- 获取第一个只出现一次的字符
- 求二元查找树的镜像
- 在排序数组中查找和为给定值的两个数字
- Java eclipse Myeclipse tomcat安装及配置
- 在Delphi中编写控件的基本方法(1)
