扫一扫
分享文章到微信
扫一扫
关注官方公众号
至顶头条
作者:PowerCPP编译 来源:论坛 2007年10月19日
关键字:
| NTSTATUS SetFilterFunction (PacketFilterExtensionPtr filterFunction) { NTSTATUS status = STATUS_SUCCESS, waitStatus=STATUS_SUCCESS; UNICODE_STRING filterName; PDEVICE_OBJECT ipDeviceObject=NULL; PFILE_OBJECT ipFileObject=NULL; PF_SET_EXTENSION_HOOK_INFO filterData; KEVENT event; IO_STATUS_BLOCK ioStatus; PIRP irp; dprintf("Getting pointer to IpFilterDriver\n"); //首先我们要得到IpFilterDriver Device的指针 RtlInitUnicodeString(&filterName, DD_IPFLTRDRVR_DEVICE_NAME); status = IoGetDeviceObjectPointer(&filterName,STANDARD_RIGHTS_ALL, &ipFileObject, &ipDeviceObject); if(NT_SUCCESS(status)) { //用过滤函数作为参数初始化PF_SET_EXTENSION_HOOK_INFO结构 filterData.ExtensionPointer = filterFunction; //我们需要初始化事件,用于在完成工作后通知我们 KeInitializeEvent(&event, NotificationEvent, FALSE); //创建用于设立过滤函数的IRP irp = IoBuildDeviceIoControlRequest(IOCTL_PF_SET_EXTENSION_POINTER, ipDeviceObject, if(irp != NULL) { // 发送 IRP status = IoCallDriver(ipDeviceObject, irp); // 然后我们等待IpFilter Driver的回应 if (status == STATUS_PENDING) { waitStatus = KeWaitForSingleObject(&event, Executive, KernelMode, FALSE, NULL); if (waitStatus != STATUS_SUCCESS ) dprintf("Error waiting for IpFilterDriver response."); } status = ioStatus.Status; if(!NT_SUCCESS(status)) dprintf("Error, IO error with ipFilterDriver\n"); } else { //如果不能分配空间,返回相应的错误代码 status = STATUS_INSUFFICIENT_RESOURCES; dprintf("Error building IpFilterDriver IRP\n"); } if(ipFileObject != NULL) ObDereferenceObject(ipFileObject); ipFileObject = NULL; ipDeviceObject = NULL; } else dprintf("Error while getting the pointer\n"); return status; } |
如果您非常迫切的想了解IT领域最新产品与技术信息,那么订阅至顶网技术邮件将是您的最佳途径之一。
京公网安备 11010802021500号