搞了半天,唉,還是讀登錄檔獲取網絡卡資訊比較好,還有乙個方式我也貼下面,關鍵是我還沒弄明白
下面是我的**:
punicode_string uadapname = adapter->myopenblock->rootdevicename;
pwchar p = rvatova(uadapname->buffer, uadapname->length << 1);
unicode_string uname;
object_attributes obj;
handle keyhandle;
if (adapter->type != ndi**edium802_3) return;
while (*(p-1) != '//') p--;
dbgprint("adap %ws %ws", p, adapter->myopenblock->binddevicename->buffer);
swprintf(name, l"//registry//machine//system//currentcontrolset//services//tcpip//par ameters//inte***ces//%ws", p);
rtlinitunicodestring(&uname, name);
initializeobjectattributes(
&obj,
&uname,
obj_case_insensitive | obj_kernel_handle,
null,
null
);
status = zwopenkey(&keyhandle, key_all_access, &obj);
if (nt_success(status))
adapter->subnetmask = readipaddress(keyhandle, l"subnetmask");
if (!adapter->subnetmask)
adapter->gateway = readipaddress(keyhandle, l"defaultgateway");
zwclose(keyhandle);
}ulong
readipaddress(
in handle keyhandle,
in pwchar valname
)u32_t inet_addr(const char *cp)
address += sym << shift;
shift += 8;
if (*cp++ == '/0') break;
}
return address;
}來看看packet.sys是如何獲取的:
typedef struct _open_instance open_instance, *popen_instance;
ntstatus
packetgetadapterlist(
in pvoid buffer,
in ulong length,
in out pulong datalength
)/*++
routine description:
this routine walks the adapter list and gets the symbolic
link and nic description and fills it in the buffer.
the format of the information is given below.
arguments:
return value:
--*/
//// we will return the data in the following format:
// numofadapters + one_or_more("adaptername/0" + "symboliclink/0") + unicode_null
// so let's include the numofadapters and unicode_null size
// to the total length.
//requiredlength += sizeof(ulong) + sizeof(unicode_null);
*datalength = requiredlength;
if(requiredlength > length)
*(pulong)buffer = numofadapters;
(pchar)buffer += sizeof(ulong);
//// copy the name and symbolic link of each adapter.
//for(thisentry = listhead->flink;
thisentry != listhead;
thisentry = thisentry->flink)
*(pwchar)buffer = unicode_null;
kereleasespinlock(&globals.globallock, oldirql);
return status_success;
}
NDIS HOOK開發小記
ndis hook乙個忽略的問題 網上有不少介紹ndis hook的文章,但是有乙個細節問題都沒有介紹,對於我等菜鳥來說照著他的例子寫一遍但是為什麼我得就hook不成功呢?經過本人乙個五一假期的嘗試,終於找到了我所犯的弱智的錯誤。1 如果你向呼叫其他簡單驅動那樣載入驅動程式,那我告訴你,你能載入成功...
探索NDIS HOOK新的實現方法 2
zhouhongyun1978 at gmail.com 探索ndis hook新的實現方法 2 inline hook實現ndis hook 前面講述了如何通過獲取ndis protocol block來實現ndis hook,這裡講述第二種方法,那就是inline hook方法。說起inline...
探索NDIS HOOK新的實現方法 2
inline hook實現ndis hook 前面講述了如何通過獲取ndis protocol block來實現ndis hook,這裡講述第二種方法,那就是inline hook方法。說起inline hook,也不是什麼新鮮玩意,無非是在乙個函式的首部嵌入乙個jmp機器指令,在該函式執行有效 前...